sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switch back to post-build-hook to push to hydra

Browse source 
hydra-notify seems to be single threaded and slow.
`post-build-hook` hopefully is executed in parallel.
This commit is contained in:
Jörg Thalheim 2022-08-14 15:31:50 +02:00
parent bcbd1b3bfa
commit 92d4799ced
1 changed files with 22 additions and 15 deletions

37
services/hydra/default.nix
View file

@ -6,6 +6,21 @@ let
cfg = config; cfg = config;
hydraPort = 3000; hydraPort = 3000;
upload-to-cachix = pkgs.writeScriptBin "upload-to-cachix" ''
#!/bin/sh
set -eu
set -f # disable globbing
# skip push if the declarative job spec
OUT_END=$(echo ''${OUT_PATHS: -10})
if [ "$OUT_END" == "-spec.json" ]; then
exit 0
fi
export HOME=/root
exec ${pkgs.cachix}/bin/cachix -c ${config.sops.secrets.nix-community-cachix.path} push nix-community $OUT_PATHS > /tmp/hydra_cachix 2>&1
'';
in in
{ {
options.services.hydra = { options.services.hydra = {
@ -27,6 +42,12 @@ in
sops.secrets.hydra-admin-password.owner = "hydra"; sops.secrets.hydra-admin-password.owner = "hydra";
sops.secrets.hydra-users.owner = "hydra"; sops.secrets.hydra-users.owner = "hydra";
nix.extraOptions = ''
builders-use-substitutes = true
allowed-uris = https://github.com/nix-community/ https://github.com/NixOS/
post-build-hook = ${upload-to-cachix}/bin/upload-to-cachix
'';
nixpkgs.config = { nixpkgs.config = {
whitelistedLicenses = with lib.licenses; [ whitelistedLicenses = with lib.licenses; [
unfreeRedistributable unfreeRedistributable
@ -40,13 +61,9 @@ in
services.hydra.package = hydra.defaultPackage.${pkgs.system}; services.hydra.package = hydra.defaultPackage.${pkgs.system};
sops.secrets.nix-community-cachix = { sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
owner = "hydra-queue-runner";
sopsFile = ../../roles/nix-community-cache.yaml;
};
sops.secrets.id_buildfarm = {}; sops.secrets.id_buildfarm = {};
services.hydra = { services.hydra = {
enable = true; enable = true;
hydraURL = "https://hydra.nix-community.org"; hydraURL = "https://hydra.nix-community.org";
@ -64,14 +81,6 @@ in
usersFile = config.sops.secrets.hydra-users.path; usersFile = config.sops.secrets.hydra-users.path;
extraConfig = '' extraConfig = ''
max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)} max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)}
<runcommand>
command = ${pkgs.writeShellScript "cachix-upload" ''
export PATH=${config.nix.package}/bin
${pkgs.jq}/bin/jq -r '.outputs | .[] | .path' < $HYDRA_JSON | \
${pkgs.cachix}/bin/cachix -c ${config.sops.secrets.nix-community-cachix.path} push nix-community
''}
</runcommand>
''; '';
}; };
@ -83,8 +92,6 @@ in
}; };
}; };
nix.extraOptions = "allowed-uris = https://github.com/nix-community/ https://github.com/NixOS/";
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"hydra.nix-community.org" = { "hydra.nix-community.org" = {
forceSSL = true; forceSSL = true;