move hydra projects to terraform

2022-05-14 22:18:06 +02:00 · 2022-05-14 22:18:06 +02:00 · bbffd6fcc7
commit bbffd6fcc7
parent 1c9f92066c
7 changed files with 121 additions and 192 deletions
--- a/README.md
+++ b/README.md
@ -28,6 +28,11 @@ $ $path

 *(My [implementation](https://github.com/ckiee/nixfiles/blob/aac57f56e417e31f00fd495d8a30fb399ecbc19b/deploy/hm-only.nix#L10) of [this](https://github.com/ckiee/nixfiles/blob/aac57f56e417e31f00fd495d8a30fb399ecbc19b/bin/c#L92-L95) ~ckie)*

+## Hydra
+
+If you want to build your project in our hydra, add a new project in this
+[file](terraform/hydra-projects.tf).
+
 ## Support

 If you hit any issues, ping us on Matrix in the
@ -47,11 +52,10 @@ room (see the admin list below) or create an issue here:

 ## Services

-* BuildKite agent - on build01
-* GitLab agent - on build01
-* hound - on build01
-* https://hydra.nix-community.org - on build01
-* matterbridge - on build01
+* GitLab agent - on build03
+* hound - on build03
+* https://hydra.nix-community.org - on build03
+* matterbridge - on build03
 * ryantm-updater bot - on build02

 ## Hosts
--- a/services/hydra/create-declarative-project.sh
+++ b/services/hydra/create-declarative-project.sh
@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-#
-# Usage example
-# URL=http://localhost:3000 ./create-declarative-project.sh
-
-set -euo pipefail
-
-HYDRA_ADMIN_USERNAME=${HYDRA_ADMIN_USERNAME:-admin}
-HYDRA_ADMIN_PASSWORD=${HYDRA_ADMIN_PASSWORD:-admin}
-URL=${URL:-http://localhost:3000}
-DECL_FILE=${DECL_FILE:-"spec.json"}
-DECL_TYPE=${DECL_TYPE:-"git"}
-DECL_VALUE=${DECL_VALUE:-"https://github.com/shlevy/declarative-hydra-example"}
-DECL_PROJECT_NAME=${DECL_PROJECT_NAME:-"example"}
-DECL_DISPLAY_NAME=${DECL_DISPLAY_NAME:-"An example project"}
-DECL_DESCRIPTION=${DECL_DESCRIPTION:-""}
-DECL_HOMEPAGE=${DECL_HOMEPAGE:-""}
-
-mycurl() {
-  curl --fail --referer "${URL}" -H "Accept: application/json" -H "Content-Type: application/json" "$@"
-}
-
-echo "Logging to $URL with user $HYDRA_ADMIN_USERNAME"
-cat >data.json <<EOF
-{ "username": "$HYDRA_ADMIN_USERNAME", "password": "$HYDRA_ADMIN_PASSWORD" }
-EOF
-mycurl -X POST -d '@data.json' "$URL/login" -c hydra-cookie.txt
-
-echo -e "\nCreating project:"
-cat >data.json <<EOF
-{
-  "displayname":"$DECL_DISPLAY_NAME",
-  "description":"$DECL_DESCRIPTION",
-  "homepage":"$DECL_HOMEPAGE",
-  "enabled":"1",
-  "visible":"1",
-  "declarative": {
-    "file": "$DECL_FILE",
-    "type":"$DECL_TYPE",
-    "value":"$DECL_VALUE"
-  }
-}
-EOF
-cat data.json
-mycurl --silent -X PUT "$URL/project/$DECL_PROJECT_NAME" -d @data.json -b hydra-cookie.txt
-
-rm -f data.json hydra-cookie.txt
--- a/services/hydra/declarative-projects.nix
+++ b/services/hydra/declarative-projects.nix
@ -1,41 +0,0 @@
-{ lib, pkgs, config, ... }:
-
-{
-  services.hydra.declarativeProjects = {
-    emacs-overlay = {
-      displayName = "Emacs Overlay";
-      inputValue = "https://github.com/nix-community/emacs-overlay";
-      specFile = "hydra/spec.json";
-      description = "Bleeding edge emacs overlay";
-      homepage = "https://github.com/nix-community/emacs-overlay";
-    };
-    nix-data = {
-      displayName = "nix-data";
-      inputValue = "https://github.com/nix-community/nix-data";
-      specFile = "spec.json";
-      description = "Standard set of packages and overlays for data-scientists";
-      homepage = "https://github.com/nix-community/nix-data";
-    };
-    simple-nixos-mailserver = {
-      displayName = "Simple NixOS MailServer";
-      inputValue = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver";
-      specFile = ".hydra/spec.json";
-      description = "A complete and Simple Nixos Mailserver";
-      homepage = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver";
-    };
-    redoxpkgs = {
-      displayName = "Redoxpkgs";
-      inputValue = "https://github.com/nix-community/redoxpkgs";
-      specFile = ".hydra/spec.json";
-      description = "Packages for Redox";
-      homepage = "https://github.com/nix-community/redoxpkgs";
-    };
-    rust-for-linux = {
-      displayName = "Rust For Linux";
-      inputValue = "https://github.com/rust-for-linux/nix";
-      specFile = ".hydra/spec.json";
-      description = "Linux Kernel with Rust support";
-      homepage = "https://github.com/Rust-for-Linux/linux";
-    };
-  };
-}
--- a/services/hydra/default.nix
+++ b/services/hydra/default.nix
@ -6,25 +6,8 @@ let
  cfg = config;

  hydraPort = 3000;
-  hydraAdmin = "admin";
-  hydraAdminPasswordFile = config.sops.secrets.hydra-admin-password.path;
-  hydraUsersFile = config.sops.secrets.hydra-users.path;
-
-  createDeclarativeProjectScript = pkgs.stdenv.mkDerivation {
-    name = "create-declarative-project";
-    unpackPhase = ":";
-    buildInputs = [ pkgs.makeWrapper ];
-    installPhase = "install -m755 -D ${./create-declarative-project.sh} $out/bin/create-declarative-project";
-    postFixup = ''
-      wrapProgram "$out/bin/create-declarative-project" \
-        --prefix PATH ":" ${lib.makeBinPath [ pkgs.curl ]}
-    '';
-  };
-
 in
 {
-  imports = [ ./declarative-projects.nix ];
-
  options.services.hydra = {
    adminPasswordFile = mkOption {
      type = types.str;
@ -39,44 +22,6 @@ in
        Password hash is computed by applying sha1 to the password.
      '';
    };
-
-    declarativeProjects = mkOption {
-      description = "Declarative projects";
-      default = { };
-      type = with types; attrsOf (submodule {
-        options = {
-          inputValue = mkOption {
-            type = types.str;
-            description = "The input value";
-            example = "https://github.com/shlevy/declarative-hydra-example";
-          };
-          inputType = mkOption {
-            type = types.str;
-            default = "git";
-            description = "The type of the input value";
-          };
-          specFile = mkOption {
-            type = types.str;
-            default = "spec.json";
-            description = "The declarative spec file name";
-          };
-          displayName = mkOption {
-            type = types.str;
-            description = "The diplay name of the declarative project";
-          };
-          description = mkOption {
-            type = types.str;
-            default = "";
-            description = "The description of the declarative project";
-          };
-          homepage = mkOption {
-            type = types.str;
-            default = "";
-            description = "The homepage of the declarative project";
-          };
-        };
-      });
-    };
  };
  config = {
    sops.secrets.hydra-admin-password.owner = "hydra";
@ -106,9 +51,9 @@ in
      notificationSender = "hydra@hydra.nix-community.org";
      port = hydraPort;
      useSubstitutes = true;
-      adminPasswordFile = hydraAdminPasswordFile;
+      adminPasswordFile = config.sops.secrets.hydra-admin-password.path;

-      usersFile = hydraUsersFile;
+      usersFile = config.sops.secrets.hydra-users.path;
      extraConfig = ''
        max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)}

@ -187,19 +132,7 @@ in

        export HYDRA_ADMIN_PASSWORD=$(cat ${cfg.services.hydra.adminPasswordFile})
        export URL=http://localhost:${toString hydraPort}
-      '' +
-      (concatStringsSep "\n" (mapAttrsToList
-        (n: v: ''
-          export DECL_PROJECT_NAME="${n}"
-          export DECL_DISPLAY_NAME="${v.displayName}"
-          export DECL_VALUE="${v.inputValue}"
-          export DECL_TYPE="${v.inputType}"
-          export DECL_FILE="${v.specFile}"
-          export DECL_DESCRIPTION="${v.description}"
-          export DECL_HOMEPAGE="${v.homepage}"
-          ${createDeclarativeProjectScript}/bin/create-declarative-project
-        '')
-        cfg.services.hydra.declarativeProjects));
+      '';
    };
  };
 }
--- a/terraform/README.md
+++ b/terraform/README.md
@ -1,3 +1,3 @@
 # Terraform

-Only used for DNS management right now.
+Used for DNS management and creating hydra projects.
--- a/terraform/hydra-jobsets.tf
+++ b/terraform/hydra-jobsets.tf
@ -1,28 +0,0 @@
-resource "hydra_project" "kittybox" {
-  name         = "kittybox"
-  display_name = "Kittybox"
-  description  = "The IndieWeb blogging solution"
-  homepage     = "https://sr.ht/~vikanezrimaya/kittybox"
-  owner        = "admin"
-  enabled      = true
-  visible      = true
-}
-
-
-resource "hydra_jobset" "kittybox" {
-  project     = hydra_project.kittybox.name
-  state       = "enabled"
-  visible     = true
-  name        = "main"
-  type        = "flake"
-  description = "main branch"
-
-  flake_uri = "git+https://git.sr.ht/~vikanezrimaya/kittybox?ref=main"
-
-  check_interval    = 300
-  scheduling_shares = 3000
-  keep_evaluations  = 3
-
-  email_notifications = false
-  #email_override      = ""
-}
--- a/terraform/hydra-projects.tf
+++ b/terraform/hydra-projects.tf
@ -0,0 +1,108 @@
+# See https://github.com/DeterminateSystems/terraform-provider-hydra for explanation
+
+resource "hydra_project" "kittybox" {
+  name         = "kittybox"
+  display_name = "Kittybox"
+  description  = "The IndieWeb blogging solution"
+  homepage     = "https://sr.ht/~vikanezrimaya/kittybox"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+}
+
+resource "hydra_jobset" "kittybox" {
+  project     = hydra_project.kittybox.name
+  state       = "enabled"
+  visible     = true
+  name        = "main"
+  type        = "flake"
+  description = "main branch"
+
+  flake_uri = "git+https://git.sr.ht/~vikanezrimaya/kittybox?ref=main"
+
+  check_interval    = 300
+  scheduling_shares = 3000
+  keep_evaluations  = 3
+
+  email_notifications = false
+}
+
+resource "hydra_project" "emacs_overlay" {
+  name         = "emacs-overlay"
+  display_name = "Emacs Overlay"
+  description  = "Bleeding edge emacs overlay"
+  homepage     = "https://github.com/nix-community/emacs-overlay"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+
+  declarative {
+    file = "hydra/spec.json"
+    type = "git"
+    value = "https://github.com/nix-community/emacs-overlay"
+  }
+}
+
+resource "hydra_project" "nix_data" {
+  name         = "nix-data"
+  display_name = "nix-data"
+  description  = "Standard set of packages and overlays for data-scientists"
+  homepage     = "https://github.com/nix-community/nix-data"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+
+  declarative {
+    file = "spec.json"
+    type = "git"
+    value = "https://github.com/nix-community/nix-data"
+  }
+}
+
+resource "hydra_project" "simple_nixos_mailserver" {
+  name         = "simple-nixos-mailserver"
+  display_name = "Simple NixOS MailServer"
+  description  = "A complete and Simple Nixos Mailserver"
+  homepage     = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+
+  declarative {
+    file = ".hydra/spec.json"
+    type = "git"
+    value = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
+  }
+}
+
+resource "hydra_project" "redoxpkgs" {
+  name         = "redoxpkgs"
+  display_name = "Redoxpkgs"
+  description  = "Packages for Redox"
+  homepage     = "https://github.com/nix-community/redoxpkgs"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+
+  declarative {
+    file = ".hydra/spec.json"
+    type = "git"
+    value = "https://github.com/nix-community/redoxpkgs"
+  }
+}
+
+resource "hydra_project" "rust_for_linux" {
+  name         = "rust-for-linux"
+  display_name = "Rust For Linux"
+  description  = "Linux Kernel with Rust support"
+  homepage     = "https://github.com/Rust-for-Linux/linux"
+  owner        = "admin"
+  enabled      = true
+  visible      = true
+
+  declarative {
+    file = ".hydra/spec.json"
+    type = "git"
+    value = "https://github.com/rust-for-linux/nix"
+  }
+}