mio-ops/profiles/hydra.nix

# NixOps configuration for the VMs running Hydra
{
  config,
  pkgs,
  lib,
  ...
}: {
  #disabledModules = [ "services/continuous-integration/hydra/default.nix" ];

  #imports = [
  #  /home/craige/source/NixOS/hydra/hydra-module.nix
  #  ];

  services.postfix = {
    enable = true;
    setSendmail = true;
  };

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql;
    identMap = ''
      hydra-users hydra hydra
      hydra-users hydra-queue-runner hydra
      hydra-users hydra-www hydra
      hydra-users root postgres
      hydra-users postgres postgres
    '';
    ensureDatabases = ["hydra"]; # Ensure the database persists
    ensureUsers = [
      {
        name = "hydra"; # Ensure the database user persists
        ensurePermissions = {
          # Ensure the database permissions persist
          "DATABASE hydra" = "ALL PRIVILEGES";
          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
    ];
  };

  services.postgresqlBackup.databases = ["hydra"];

  networking.firewall.allowedTCPPorts = [config.services.hydra.port];

  #services.hydra-dev = {
  services.hydra = {
    enable = true;
    #package = pkgs.hydra-unstable;
    port = 3003;
    useSubstitutes = true;
    hydraURL = "https://hydra.mcwhirter.io";
    notificationSender = "hydra.mcwhirter.io";
    extraConfig = ''
      binary_cache_secret_key_file = /etc/nix/hydra.mcwhirter.io/secret
    '';
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."hydra.mcwhirter.io" = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass = "http://127.0.0.1:3003";
    };
  };

  security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";};

  systemd.services.hydra-manual-setup = {
    description = "Create Admin User for Hydra";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
    wantedBy = ["multi-user.target"];
    requires = ["hydra-init.service"];
    after = ["hydra-init.service"];
    environment =
      builtins.removeAttrs (config.systemd.services.hydra-init.environment)
      ["PATH"];
    script = ''
      if [ ! -e ~hydra/.setup-is-complete ]; then
        # create signing keys
        /run/current-system/sw/bin/install -d -m 551 /etc/nix/hydra.mcwhirter.io
        /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.mcwhirter.io /etc/nix/hydra.mcwhirter.io/secret /etc/nix/hydra.mcwhirter.io/public
        /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hydra.mcwhirter.io
        /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.mcwhirter.io/secret
        /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.mcwhirter.io/public
        # create cache
        /run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
        /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
        # done
        touch ~hydra/.setup-is-complete
      fi
    '';
  };
  nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
  nix.buildMachines = [
    {
      hostName = "localhost";
      systems = ["x86_64-linux" "i686-linux"];
      maxJobs = 4;
      # for building VirtualBox VMs as build artifacts, you might need other
      # features depending on what you are doing
      supportedFeatures = ["big-parallel" "kvm" "nixos-test"];
    }
  ];
}
Added Hydra 2019-08-20 11:02:58 +00:00			`# NixOps configuration for the VMs running Hydra`
			`{`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}: {`
Bumped to 20.03 2020-04-27 08:07:20 +00:00			`#disabledModules = [ "services/continuous-integration/hydra/default.nix" ];`
Changed source to a local copy 2019-09-04 22:07:33 +00:00
Bumped to 20.03 2020-04-27 08:07:20 +00:00			`#imports = [`
			`# /home/craige/source/NixOS/hydra/hydra-module.nix`
			`# ];`
Added Hydra 2019-08-20 11:02:58 +00:00
			`services.postfix = {`
			`enable = true;`
			`setSendmail = true;`
			`};`

			`services.postgresql = {`
			`enable = true;`
			`package = pkgs.postgresql;`
nix: nixfmt 2021-11-16 04:57:23 +00:00			`identMap = ''`
			`hydra-users hydra hydra`
			`hydra-users hydra-queue-runner hydra`
			`hydra-users hydra-www hydra`
			`hydra-users root postgres`
			`hydra-users postgres postgres`
			`'';`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`ensureDatabases = ["hydra"]; # Ensure the database persists`
			`ensureUsers = [`
			`{`
			`name = "hydra"; # Ensure the database user persists`
			`ensurePermissions = {`
			`# Ensure the database permissions persist`
			`"DATABASE hydra" = "ALL PRIVILEGES";`
			`"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";`
			`};`
			`}`
			`];`
Added Hydra 2019-08-20 11:02:58 +00:00			`};`

postgres: enable backups 2022-06-22 22:50:22 +00:00			`services.postgresqlBackup.databases = ["hydra"];`

treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`networking.firewall.allowedTCPPorts = [config.services.hydra.port];`
Added Hydra 2019-08-20 11:02:58 +00:00
Bumped to 20.03 2020-04-27 08:07:20 +00:00			`#services.hydra-dev = {`
			`services.hydra = {`
Added Hydra 2019-08-20 11:02:58 +00:00			`enable = true;`
hydra: update Hydra configs 2021-09-28 01:34:24 +00:00			`#package = pkgs.hydra-unstable;`
			`port = 3003;`
Added Hydra 2019-08-20 11:02:58 +00:00			`useSubstitutes = true;`
			`hydraURL = "https://hydra.mcwhirter.io";`
			`notificationSender = "hydra.mcwhirter.io";`
			`extraConfig = ''`
			`binary_cache_secret_key_file = /etc/nix/hydra.mcwhirter.io/secret`
			`'';`
			`};`

			`services.nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`virtualHosts."hydra.mcwhirter.io" = {`
			`forceSSL = true;`
			`enableACME = true;`
hydra: update Hydra configs 2021-09-28 01:34:24 +00:00			`locations."/".proxyPass = "http://127.0.0.1:3003";`
Added Hydra 2019-08-20 11:02:58 +00:00			`};`
			`};`

treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";};`
Added Hydra 2019-08-20 11:02:58 +00:00
			`systemd.services.hydra-manual-setup = {`
			`description = "Create Admin User for Hydra";`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.RemainAfterExit = true;`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`wantedBy = ["multi-user.target"];`
			`requires = ["hydra-init.service"];`
			`after = ["hydra-init.service"];`
nix: nixfmt 2021-11-16 04:57:23 +00:00			`environment =`
			`builtins.removeAttrs (config.systemd.services.hydra-init.environment)`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`["PATH"];`
Added Hydra 2019-08-20 11:02:58 +00:00			`script = ''`
			`if [ ! -e ~hydra/.setup-is-complete ]; then`
			`# create signing keys`
			`/run/current-system/sw/bin/install -d -m 551 /etc/nix/hydra.mcwhirter.io`
			`/run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.mcwhirter.io /etc/nix/hydra.mcwhirter.io/secret /etc/nix/hydra.mcwhirter.io/public`
			`/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hydra.mcwhirter.io`
			`/run/current-system/sw/bin/chmod 440 /etc/nix/hydra.mcwhirter.io/secret`
			`/run/current-system/sw/bin/chmod 444 /etc/nix/hydra.mcwhirter.io/public`
			`# create cache`
			`/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache`
			`/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache`
			`# done`
			`touch ~hydra/.setup-is-complete`
			`fi`
			`'';`
			`};`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];`
			`nix.buildMachines = [`
			`{`
			`hostName = "localhost";`
			`systems = ["x86_64-linux" "i686-linux"];`
			`maxJobs = 4;`
			`# for building VirtualBox VMs as build artifacts, you might need other`
			`# features depending on what you are doing`
			`supportedFeatures = ["big-parallel" "kvm" "nixos-test"];`
			`}`
			`];`
Added Hydra 2019-08-20 11:02:58 +00:00			`}`