2022-06-12 16:39:15 +01:00
|
|
|
{
|
|
|
|
system,
|
2023-12-18 10:14:07 +01:00
|
|
|
attic,
|
2022-06-12 16:39:15 +01:00
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
pkgs,
|
2023-12-19 15:41:21 +01:00
|
|
|
hydra,
|
2022-06-12 16:39:15 +01:00
|
|
|
...
|
|
|
|
}: let
|
2022-04-25 09:49:27 +01:00
|
|
|
machines = pkgs.writeText "machines" ''
|
2023-10-19 09:04:26 +01:00
|
|
|
localhost armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 12 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver1,gccarch-skylake,ca-derivations -
|
|
|
|
build-aarch64 aarch64-linux,riscv32-linux,riscv64-linux - 4 1 nixos-test,benchmark,ca-derivations,gccarch-armv8-a,gccarch-armv8.1-a,gccarch-armv8.2-a,big-parallel -
|
|
|
|
build-riscv riscv64-linux,riscv32-linux - 4 2 nixos-test,benchmark,ca-derivations,gccarch-rv64gc_zba_zbb,gccarch-rv64gc_zba,gccarch-rv64gc_zbb,ccarch-rv64gc,gccarch-rv32gc_zba_zbb,gccarch-rv32gc_zba,gccarch-rv32gc_zbb,gccarch-rv32gc,big-parallel,native-riscv -
|
2022-04-25 09:49:27 +01:00
|
|
|
'';
|
2023-01-29 09:46:50 +01:00
|
|
|
sshConfig = pkgs.writeText "ssh-config" ''
|
|
|
|
Host build-aarch64
|
|
|
|
Port 22
|
|
|
|
IdentitiesOnly yes
|
|
|
|
User remote-build
|
|
|
|
HostName instance-20221213-1915.int.chir.rs
|
|
|
|
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
|
|
|
|
Host build-nas
|
|
|
|
Port 22
|
|
|
|
IdentitiesOnly yes
|
|
|
|
User remote-build
|
|
|
|
HostName nas.int.chir.rs
|
|
|
|
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
|
2023-12-09 10:42:39 +01:00
|
|
|
Host build-rainbow-resort
|
|
|
|
Port 22
|
|
|
|
IdentitiesOnly yes
|
|
|
|
User remote-build
|
|
|
|
HostName rainbow-resort.int.chir.rs
|
|
|
|
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
|
2023-03-03 10:54:31 +01:00
|
|
|
Host build-riscv
|
|
|
|
Port 22
|
|
|
|
IdentitiesOnly yes
|
|
|
|
User remote-build
|
|
|
|
HostName vf2.int.chir.rs
|
|
|
|
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
|
2023-01-29 09:46:50 +01:00
|
|
|
|
|
|
|
Host *
|
|
|
|
ForwardAgent no
|
|
|
|
Compression no
|
|
|
|
ServerAliveInterval 0
|
|
|
|
ServerAliveCountMax 3
|
|
|
|
HashKnownHosts no
|
|
|
|
UserKnownHostsFile ~/.ssh/known_hosts
|
|
|
|
ControlMaster auto
|
|
|
|
ControlPath ~/.ssh/master-%r@%n:%p
|
|
|
|
ControlPersist 10m
|
|
|
|
'';
|
2022-06-12 16:39:15 +01:00
|
|
|
in {
|
2022-02-18 15:49:19 +01:00
|
|
|
imports = [
|
2022-12-16 08:26:04 +01:00
|
|
|
./postgres.nix
|
2022-02-18 16:58:36 +01:00
|
|
|
../../modules/hydra.nix
|
2024-09-10 11:04:36 +02:00
|
|
|
hydra.nixosModules.hydra
|
2022-02-18 15:49:19 +01:00
|
|
|
];
|
2024-09-12 12:32:06 +02:00
|
|
|
nixpkgs.overlays = [
|
|
|
|
hydra.overlays.default
|
|
|
|
];
|
2024-09-10 11:04:36 +02:00
|
|
|
services.hydra-dev = {
|
2022-02-18 15:49:19 +01:00
|
|
|
enable = true;
|
2024-09-17 15:12:32 +02:00
|
|
|
package = hydra.packages.${system}.hydra.overrideAttrs (super: {
|
2023-12-19 15:57:17 +01:00
|
|
|
doCheck = false;
|
|
|
|
doInstallCheck = false;
|
2024-09-10 09:39:16 +02:00
|
|
|
patches =
|
|
|
|
super.patches
|
|
|
|
or []
|
|
|
|
++ [
|
|
|
|
./hydra/0001-add-gitea-pulls.patch
|
2024-09-12 12:32:06 +02:00
|
|
|
./hydra/0002-unlimit-output.patch
|
|
|
|
./hydra/0003-remove-pr-number-from-github-job-name.patch
|
|
|
|
./hydra/0004-use-pulls-instead-of-issues.patch
|
|
|
|
./hydra/0005-only-list-open-prs.patch
|
|
|
|
./hydra/0006-status-state.patch
|
2024-09-13 21:14:10 +02:00
|
|
|
./hydra/0007-hydra-server-findLog-fix-issue-with-ca-derivations-e.patch
|
2024-09-10 09:39:16 +02:00
|
|
|
];
|
2023-12-19 15:41:21 +01:00
|
|
|
});
|
2022-04-15 09:27:53 +01:00
|
|
|
hydraURL = "https://hydra.chir.rs/";
|
2022-02-18 15:49:19 +01:00
|
|
|
notificationSender = "hydra@chir.rs";
|
2022-02-18 15:56:22 +01:00
|
|
|
useSubstitutes = true;
|
2022-06-25 08:25:21 +01:00
|
|
|
port = 3001;
|
2022-02-18 16:58:36 +01:00
|
|
|
extraConfig = ''
|
|
|
|
<gitea_authorization>
|
|
|
|
darkkirb = #gitea_token#
|
2024-09-04 14:50:10 +02:00
|
|
|
ProcyOS = #gitea_token#
|
2022-02-18 16:58:36 +01:00
|
|
|
</gitea_authorization>
|
2022-04-10 13:07:53 +01:00
|
|
|
<github_authorization>
|
2022-04-15 10:41:10 +01:00
|
|
|
DarkKirb = Bearer #github_token#
|
2022-04-10 13:07:53 +01:00
|
|
|
</github_authorization>
|
2022-04-15 09:09:53 +01:00
|
|
|
<githubstatus>
|
|
|
|
jobs = .*
|
|
|
|
</githubstatus>
|
2022-05-03 10:31:27 +01:00
|
|
|
<hydra_notify>
|
|
|
|
<prometheus>
|
2023-12-10 21:27:33 +01:00
|
|
|
listen_address = 0.0.0.0
|
|
|
|
port = 8905
|
2022-05-03 10:31:27 +01:00
|
|
|
</prometheus>
|
|
|
|
</hydra_notify>
|
2022-10-01 14:45:11 +01:00
|
|
|
binary_cache_secret_key_file = ${config.sops.secrets."services/hydra/cache-key".path}
|
2022-10-05 12:32:15 +01:00
|
|
|
<git-input>
|
|
|
|
timeout = 3600
|
|
|
|
</git-input>
|
2023-10-09 16:17:39 +01:00
|
|
|
<runcommand>
|
|
|
|
job = *:*:*
|
2023-12-19 21:49:37 +01:00
|
|
|
command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' >> /var/lib/hydra/queue-runner/upload
|
2023-10-09 16:17:39 +01:00
|
|
|
</runcommand>
|
2023-03-22 07:13:31 +01:00
|
|
|
max_concurrent_evals = 1
|
2022-02-18 16:58:36 +01:00
|
|
|
'';
|
|
|
|
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
|
2022-04-10 13:07:53 +01:00
|
|
|
githubTokenFile = "/run/secrets/services/hydra/github_token";
|
2022-04-30 09:43:02 +01:00
|
|
|
buildMachinesFiles = [
|
2022-04-30 09:39:45 +01:00
|
|
|
"${machines}"
|
|
|
|
"/run/hydra-machines"
|
|
|
|
];
|
2022-02-18 15:49:19 +01:00
|
|
|
};
|
2023-12-22 18:05:59 +01:00
|
|
|
nix.settings.allowed-uris = ["github:" "https://" "http://"];
|
2022-06-12 16:39:15 +01:00
|
|
|
sops.secrets."services/hydra/gitea_token" = {};
|
|
|
|
sops.secrets."services/hydra/github_token" = {};
|
2022-04-24 21:54:42 +01:00
|
|
|
sops.secrets."services/hydra/cache-key" = {
|
2022-06-30 12:56:20 +01:00
|
|
|
owner = "hydra-www";
|
|
|
|
mode = "0440";
|
2022-04-24 21:54:42 +01:00
|
|
|
};
|
2022-08-26 17:45:19 +01:00
|
|
|
services.caddy.virtualHosts."hydra.int.chir.rs" = {
|
2022-08-28 14:18:42 +01:00
|
|
|
useACMEHost = "int.chir.rs";
|
2022-12-30 14:03:57 +01:00
|
|
|
logFormat = pkgs.lib.mkForce "";
|
2022-08-26 16:28:14 +01:00
|
|
|
extraConfig = ''
|
|
|
|
import baseConfig
|
|
|
|
|
2024-09-12 08:43:08 +02:00
|
|
|
reverse_proxy http://127.0.0.1:${toString config.services.hydra-dev.port} {
|
2022-08-26 17:45:19 +01:00
|
|
|
trusted_proxies private_ranges
|
|
|
|
}
|
2022-08-26 16:28:14 +01:00
|
|
|
'';
|
2022-04-20 09:24:42 +01:00
|
|
|
};
|
2022-04-13 13:35:20 +01:00
|
|
|
sops.secrets."services/hydra/aws_credentials" = {
|
2022-06-30 15:43:03 +01:00
|
|
|
owner = "hydra-queue-runner";
|
|
|
|
path = "/var/lib/hydra/queue-runner/.aws/credentials";
|
2023-12-18 10:14:07 +01:00
|
|
|
restartUnits = ["hydra-notify.service"];
|
2022-04-13 13:35:20 +01:00
|
|
|
};
|
2022-04-30 09:39:45 +01:00
|
|
|
systemd.services.update-hydra-hosts = {
|
|
|
|
description = "Update hydra hosts";
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
};
|
|
|
|
script = ''
|
2023-12-06 17:28:12 +01:00
|
|
|
if ${pkgs.iputils}/bin/ping -c 1 rainbow-resort.int.chir.rs; then
|
|
|
|
echo "build-rainbow-resort armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 16 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver4,gccarch-znver3,gccarch-znver2,gccarch-znver1,gccarch-skylake,gccarch-skylake-avx512,ca-derivations -" > /run/hydra-machines
|
2022-05-03 06:56:00 +01:00
|
|
|
else
|
|
|
|
rm -f /run/hydra-machines
|
2022-04-30 09:39:45 +01:00
|
|
|
fi
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
systemd.timers.update-hydra-hosts = {
|
|
|
|
enable = true;
|
|
|
|
description = "Update hydra hosts";
|
2022-06-12 16:39:15 +01:00
|
|
|
requires = ["update-hydra-hosts.service"];
|
|
|
|
wantedBy = ["multi-user.target"];
|
2022-04-30 09:39:45 +01:00
|
|
|
timerConfig = {
|
|
|
|
OnBootSec = 300;
|
|
|
|
OnUnitActiveSec = 300;
|
|
|
|
};
|
|
|
|
};
|
2022-07-02 09:38:50 +01:00
|
|
|
nix.settings.trusted-users = ["@hydra"];
|
2023-01-14 20:58:07 +01:00
|
|
|
sops.secrets."hydra/ssh/builder_id_ed25519" = {
|
|
|
|
sopsFile = ../../secrets/shared.yaml;
|
2023-01-29 09:46:50 +01:00
|
|
|
owner = "hydra-queue-runner";
|
2023-01-14 20:58:07 +01:00
|
|
|
key = "ssh/builder_id_ed25519";
|
2023-01-29 09:46:50 +01:00
|
|
|
path = "/var/lib/hydra/queue-runner/.ssh/builder_id_ed25519";
|
2023-01-14 20:58:07 +01:00
|
|
|
};
|
2023-01-29 10:57:57 +01:00
|
|
|
system.activationScripts.setupHydraSshConfig = lib.stringAfter ["var"] ''
|
2023-01-29 09:46:50 +01:00
|
|
|
mkdir -p /var/lib/hydra/queue-runner/.ssh/
|
|
|
|
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
|
|
|
|
ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config
|
|
|
|
'';
|
2023-12-18 10:14:07 +01:00
|
|
|
sops.secrets."attic/config.toml" = {
|
|
|
|
owner = "hydra-queue-runner";
|
|
|
|
key = "attic/config.toml";
|
|
|
|
path = "/var/lib/hydra/queue-runner/.config/attic/config.toml";
|
|
|
|
};
|
2024-09-11 09:45:00 +02:00
|
|
|
services.postgresql.ensureDatabases = [
|
|
|
|
"hydra-queue-runner"
|
|
|
|
];
|
|
|
|
services.postgresql.ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "hydra-queue-runner";
|
|
|
|
ensureDBOwnership = true;
|
|
|
|
}
|
|
|
|
];
|
2023-12-18 10:14:07 +01:00
|
|
|
|
2023-12-19 15:41:21 +01:00
|
|
|
systemd.services."attic-queue" = {
|
|
|
|
description = "Upload build results";
|
2023-12-19 15:57:17 +01:00
|
|
|
wantedBy = ["multi-user.target"];
|
2023-07-06 10:38:00 +01:00
|
|
|
serviceConfig = {
|
|
|
|
User = "hydra-queue-runner";
|
|
|
|
Group = "hydra";
|
|
|
|
};
|
2023-12-18 10:14:07 +01:00
|
|
|
script = ''
|
2023-12-19 15:41:21 +01:00
|
|
|
export QUEUE_PATH=/var/lib/hydra/queue-runner/upload
|
2024-09-11 09:45:00 +02:00
|
|
|
export DATABASE_PATH=postgresql:///hydra-queue-runner
|
2023-12-22 18:05:59 +01:00
|
|
|
export RUST_LOG=info
|
2023-12-19 15:41:21 +01:00
|
|
|
exec ${attic.packages.${system}.attic-queue}/bin/attic-queue
|
2023-12-18 10:14:07 +01:00
|
|
|
'';
|
2023-07-06 10:38:00 +01:00
|
|
|
};
|
2022-02-18 15:49:19 +01:00
|
|
|
}
|