nixos-config/config/services/hydra.nix

65 lines
2 KiB
Nix
Raw Normal View History

{ lib, config, pkgs, ... }:
let
listenIPs = (import ../../utils/getInternalIP.nix config).listenIPs;
listenStatements = lib.concatStringsSep "\n" (builtins.map (ip: "listen ${ip}:443 http3;") listenIPs) + ''
add_header Alt-Svc 'h3=":443"';
'';
clean-cache = pkgs.callPackage ../../packages/clean-s3-cache.nix { };
in
{
2022-02-18 14:49:19 +00:00
imports = [
./postgres.nix
2022-02-18 15:58:36 +00:00
../../modules/hydra.nix
#./nix-cache-upload.nix
2022-02-18 14:49:19 +00:00
];
services.hydra = {
enable = true;
hydraURL = "https://hydra.int.chir.rs/";
2022-02-18 14:49:19 +00:00
notificationSender = "hydra@chir.rs";
2022-02-18 14:56:22 +00:00
useSubstitutes = true;
2022-02-18 15:58:36 +00:00
extraConfig = ''
<gitea_authorization>
darkkirb = #gitea_token#
</gitea_authorization>
store_uri = s3://nix-cache?scheme=https&endpoint=cache.int.chir.rs&secret-key=/var/lib/hydra/queue-runner/cache-priv-key.pem&multipart-upload=true
2022-02-18 15:58:36 +00:00
'';
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
2022-02-18 14:49:19 +00:00
};
services.postgresql.ensureDatabases = [ "hydra" ];
services.postgresql.ensureUsers = [
{
name = "hydra";
ensurePermissions = {
"DATABASE hydra" = "ALL PRIVILEGES";
};
}
];
2022-02-18 15:28:32 +00:00
nix.settings.allowed-uris = [ "https://github.com/" "https://git.chir.rs/" "https://minio.int.chir.rs/" ];
2022-02-18 16:04:53 +00:00
sops.secrets."services/hydra/gitea_token" = { };
services.nginx.virtualHosts."hydra.int.chir.rs" = {
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
extraConfig = listenStatements;
};
systemd.services.clean-s3-cache = {
enable = true;
description = "Clean up S3 cache";
serviceConfig = {
ExecStart = "${clean-cache}/bin/clean-s3-cache";
};
};
systemd.timers.clean-s3-cache = {
enable = true;
description = "Clean up S3 cache";
timerConfig = {
OnBootSec = 300;
OnUnitActiveSec = 604800;
};
};
2022-02-18 14:49:19 +00:00
}