sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity
mio-ops/profiles/hydra.nix

109 lines
3.3 KiB
Nix
Raw Blame History

# NixOps configuration for the VMs running Hydra
{
config,
pkgs,
lib,
...
}: {
#disabledModules = [ "services/continuous-integration/hydra/default.nix" ];
#imports = [
# /home/craige/source/NixOS/hydra/hydra-module.nix
# ];
services.postfix = {
enable = true;
setSendmail = true;
};
services.postgresql = {
enable = true;
package = pkgs.postgresql;
identMap = ''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root postgres
hydra-users postgres postgres
'';
ensureDatabases = ["hydra"]; # Ensure the database persists
ensureUsers = [
{
name = "hydra"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE hydra" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
services.postgresqlBackup.databases = ["hydra"];
networking.firewall.allowedTCPPorts = [config.services.hydra.port];
#services.hydra-dev = {
services.hydra = {
enable = true;
#package = pkgs.hydra-unstable;
port = 3003;
useSubstitutes = true;
hydraURL = "https://hydra.mcwhirter.io";
notificationSender = "hydra.mcwhirter.io";
extraConfig = ''
binary_cache_secret_key_file = /etc/nix/hydra.mcwhirter.io/secret
'';
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."hydra.mcwhirter.io" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:3003";
};
};
security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";};
systemd.services.hydra-manual-setup = {
description = "Create Admin User for Hydra";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
wantedBy = ["multi-user.target"];
requires = ["hydra-init.service"];
after = ["hydra-init.service"];
environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
["PATH"];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/hydra.mcwhirter.io
/run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.mcwhirter.io /etc/nix/hydra.mcwhirter.io/secret /etc/nix/hydra.mcwhirter.io/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hydra.mcwhirter.io
/run/current-system/sw/bin/chmod 440 /etc/nix/hydra.mcwhirter.io/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/hydra.mcwhirter.io/public
# create cache
/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
# done
touch ~hydra/.setup-is-complete
fi
'';
};
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = [
{
hostName = "localhost";
systems = ["x86_64-linux" "i686-linux"];
maxJobs = 4;
# for building VirtualBox VMs as build artifacts, you might need other
# features depending on what you are doing
supportedFeatures = ["big-parallel" "kvm" "nixos-test"];
}
];
}
Reference in a new issue View git blame Copy permalink