switch back to post-build-hook

2023-05-26 15:54:37 +10:00 · 2023-05-26 15:54:37 +10:00 · 94de107c30
commit 94de107c30
parent c90c9d76e1
2 changed files with 18 additions and 1 deletions
--- a/build03/configuration.nix
+++ b/build03/configuration.nix
@ -14,7 +14,6 @@
    inputs.srvos.nixosModules.hardware-hetzner-online-amd
    ../roles/common.nix
    ../roles/hercules-ci
-    ../roles/watch-store.nix
    ../roles/raid.nix
    ../roles/zfs.nix
    ../roles/remote-builder/aarch64-build04.nix
--- a/services/hydra/default.nix
+++ b/services/hydra/default.nix
@ -1,4 +1,20 @@
 { lib, pkgs, config, ... }:
+let
+  upload-to-cachix = pkgs.writeScriptBin "upload-to-cachix" ''
+    #!/bin/sh
+    set -eu
+    set -f # disable globbing
+
+    # skip push if the declarative job spec
+    OUT_END=$(echo ''${OUT_PATHS: -10})
+    if [ "$OUT_END" == "-spec.json" ]; then
+      exit 0
+    fi
+
+    export HOME=/root
+    exec ${pkgs.cachix}/bin/cachix -c ${config.sops.secrets.nix-community-cachix.path} push nix-community $OUT_PATHS > /tmp/hydra_cachix 2>&1
+  '';
+in
 {
  options.services.hydra = {
    adminPasswordFile = lib.mkOption {
@ -27,7 +43,9 @@
      "https://github.com/nix-community/"
      "https://github.com/NixOS/"
    ];
+    nix.settings.post-build-hook = "${upload-to-cachix}/bin/upload-to-cachix";

+    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache/secrets.yaml;
    sops.secrets.id_buildfarm = { };

    # delete build logs older than 30 days