sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

Added Hydra

Browse source
This commit is contained in:
Serĉanto de Scio 2019-08-20 21:02:58 +10:00
parent e48878fe84
commit 4a66a37cdc
Signed by: sercanto
GPG key ID: A4122FF3971B6865
3 changed files with 100 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
Deployments/hydra.nix Normal file
View file

@ -0,0 +1,89 @@
# NixOps configuration for the VMs running Hydra
{ config, pkgs, lib, ... }:
{
services.postfix = {
enable = true;
setSendmail = true;
};
services.postgresql = {
enable = true;
package = pkgs.postgresql;
identMap =
''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root postgres
hydra-users postgres postgres
'';
};
networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
services.hydra = {
enable = true;
useSubstitutes = true;
hydraURL = "https://hydra.mcwhirter.io";
notificationSender = "hydra.mcwhirter.io";
buildMachinesFiles = [];
extraConfig = ''
store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/hydra.mcwhirter.io/secret
binary_cache_secret_key_file = /etc/nix/hydra.mcwhirter.io/secret
binary_cache_dir = /var/lib/hydra/cache
'';
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."hydra.mcwhirter.io" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3000";
};
};
security.acme.certs = {
"hydra.mcwhirter.io".email = "craige@mcwhirter.io";
};
systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/hydra.mcwhirter.io
/run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.mcwhirter.io /etc/nix/hydra.mcwhirter.io/secret /etc/nix/hydra.mcwhirter.io/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hydra.mcwhirter.io
/run/current-system/sw/bin/chmod 440 /etc/nix/hydra.mcwhirter.io/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/hydra.mcwhirter.io/public
# create cache
/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
# done
touch ~hydra/.setup-is-complete
fi
'';
};
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = [
{
hostName = "localhost";
systems = [ "x86_64-linux" "i686-linux" ];
maxJobs = 6;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = [ ];
}
];
}

8
Hosts/cuallaidh.nix
View file

@ -5,8 +5,16 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../Deployments/hydra.nix
];
deployment.targetHost = "172.105.197.118";
networking.hostName = "cuallaidh"; # Define your hostname.
system.stateVersion = "19.03"; # The version of NixOS originally installed
};
}

15
Networks/Linode.nix
View file

@ -36,22 +36,11 @@
domain = "mcwhirter.io";
firewall = {
enable = true;
allowedTCPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "lo" ];
};
};
};
cuallaidh =
{ config, pkgs, lib, ... }:
{
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
system.autoUpgrade.enable = false;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-19.03;
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
}