nixos-config/config/services/hydra.nix

177 lines
6.3 KiB
Nix
Raw Normal View History

2022-06-12 16:39:15 +01:00
{
system,
lib,
config,
pkgs,
...
}: let
2022-04-25 09:49:27 +01:00
machines = pkgs.writeText "machines" ''
2023-10-19 09:04:26 +01:00
localhost armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 12 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver1,gccarch-skylake,ca-derivations -
build-aarch64 aarch64-linux,riscv32-linux,riscv64-linux - 4 1 nixos-test,benchmark,ca-derivations,gccarch-armv8-a,gccarch-armv8.1-a,gccarch-armv8.2-a,big-parallel -
build-riscv riscv64-linux,riscv32-linux - 4 2 nixos-test,benchmark,ca-derivations,gccarch-rv64gc_zba_zbb,gccarch-rv64gc_zba,gccarch-rv64gc_zbb,ccarch-rv64gc,gccarch-rv32gc_zba_zbb,gccarch-rv32gc_zba,gccarch-rv32gc_zbb,gccarch-rv32gc,big-parallel,native-riscv -
2022-04-25 09:49:27 +01:00
'';
2023-01-29 09:46:50 +01:00
sshConfig = pkgs.writeText "ssh-config" ''
Host build-aarch64
Port 22
IdentitiesOnly yes
User remote-build
HostName instance-20221213-1915.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
Host build-nas
Port 22
IdentitiesOnly yes
User remote-build
HostName nas.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
Host build-pc
Port 22
IdentitiesOnly yes
User remote-build
HostName nutty-noon.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
2023-03-03 10:54:31 +01:00
Host build-riscv
Port 22
IdentitiesOnly yes
User remote-build
HostName vf2.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
2023-01-29 09:46:50 +01:00
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
ServerAliveCountMax 3
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster auto
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist 10m
'';
2022-06-12 16:39:15 +01:00
in {
2022-02-18 15:49:19 +01:00
imports = [
2022-12-16 08:26:04 +01:00
./postgres.nix
2022-02-18 16:58:36 +01:00
../../modules/hydra.nix
2022-02-18 15:49:19 +01:00
];
services.hydra = {
enable = true;
package = pkgs.hydra-unstable;
2022-04-15 09:27:53 +01:00
hydraURL = "https://hydra.chir.rs/";
2022-02-18 15:49:19 +01:00
notificationSender = "hydra@chir.rs";
2022-02-18 15:56:22 +01:00
useSubstitutes = true;
2022-06-25 08:25:21 +01:00
port = 3001;
2022-02-18 16:58:36 +01:00
extraConfig = ''
<gitea_authorization>
darkkirb = #gitea_token#
</gitea_authorization>
2022-04-10 13:07:53 +01:00
<github_authorization>
DarkKirb = Bearer #github_token#
2022-04-10 13:07:53 +01:00
</github_authorization>
2022-04-15 09:09:53 +01:00
<githubstatus>
jobs = .*
</githubstatus>
2022-05-03 10:31:27 +01:00
<hydra_notify>
<prometheus>
listen_address = 127.0.0.1
port = 9199
</prometheus>
</hydra_notify>
2022-10-01 14:45:11 +01:00
binary_cache_secret_key_file = ${config.sops.secrets."services/hydra/cache-key".path}
2023-11-03 15:08:41 +01:00
store_uri = s3://cache-chir-rs?scheme=https&endpoint=ams1.vultrobjects.com&secret-key=${config.sops.secrets."services/hydra/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15
2022-10-05 12:32:15 +01:00
<git-input>
timeout = 3600
</git-input>
<runcommand>
job = *:*:*
command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' | xargs ${pkgs.nix}/bin/nix-store -q -R --include-outputs >> /var/lib/hydra/queue-runner/upload-queue
</runcommand>
2023-03-22 07:13:31 +01:00
max_concurrent_evals = 1
2022-02-18 16:58:36 +01:00
'';
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
2022-04-10 13:07:53 +01:00
githubTokenFile = "/run/secrets/services/hydra/github_token";
buildMachinesFiles = [
2022-04-30 09:39:45 +01:00
"${machines}"
"/run/hydra-machines"
];
2022-02-18 15:49:19 +01:00
};
2022-06-12 16:39:15 +01:00
networking.firewall.interfaces."wg0".allowedTCPPorts = [9199];
nix.settings.allowed-uris = ["https://github.com/" "https://git.chir.rs/" "https://darkkirb.de/" "https://git.neo-layout.org/" "https://static.darkkirb.de/" "https://gist.github.com/" "https://git.kescher.at/" "https://akkoma.dev/" "https://gitlab.com/" "https://api.github.com/" "https://git.sr.ht/"];
2022-06-12 16:39:15 +01:00
sops.secrets."services/hydra/gitea_token" = {};
sops.secrets."services/hydra/github_token" = {};
2022-04-24 21:54:42 +01:00
sops.secrets."services/hydra/cache-key" = {
2022-06-30 12:56:20 +01:00
owner = "hydra-www";
mode = "0440";
2022-04-24 21:54:42 +01:00
};
2022-08-26 17:45:19 +01:00
services.caddy.virtualHosts."hydra.int.chir.rs" = {
2022-08-28 14:18:42 +01:00
useACMEHost = "int.chir.rs";
2022-12-30 14:03:57 +01:00
logFormat = pkgs.lib.mkForce "";
2022-08-26 16:28:14 +01:00
extraConfig = ''
import baseConfig
2022-08-26 17:45:19 +01:00
reverse_proxy http://127.0.0.1:${toString config.services.hydra.port} {
trusted_proxies private_ranges
}
2022-08-26 16:28:14 +01:00
'';
};
2022-04-13 13:35:20 +01:00
sops.secrets."services/hydra/aws_credentials" = {
2022-06-30 15:43:03 +01:00
owner = "hydra-queue-runner";
path = "/var/lib/hydra/queue-runner/.aws/credentials";
2023-11-03 15:08:41 +01:00
restartUnits = ["hydra-notify.service" "hydra-queue-runner.service"];
2022-04-13 13:35:20 +01:00
};
2022-04-30 09:39:45 +01:00
systemd.services.update-hydra-hosts = {
description = "Update hydra hosts";
serviceConfig = {
Type = "oneshot";
};
script = ''
2022-04-30 10:02:54 +01:00
if ${pkgs.iputils}/bin/ping -c 1 nutty-noon.int.chir.rs; then
2023-10-19 09:04:26 +01:00
echo "build-pc armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 16 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver2,gccarch-znver1,gccarch-skylake,ca-derivations -" > /run/hydra-machines
else
rm -f /run/hydra-machines
2022-04-30 09:39:45 +01:00
fi
'';
};
systemd.timers.update-hydra-hosts = {
enable = true;
description = "Update hydra hosts";
2022-06-12 16:39:15 +01:00
requires = ["update-hydra-hosts.service"];
wantedBy = ["multi-user.target"];
2022-04-30 09:39:45 +01:00
timerConfig = {
OnBootSec = 300;
OnUnitActiveSec = 300;
};
};
2022-07-02 09:38:50 +01:00
nix.settings.trusted-users = ["@hydra"];
2023-01-14 20:58:07 +01:00
sops.secrets."hydra/ssh/builder_id_ed25519" = {
sopsFile = ../../secrets/shared.yaml;
2023-01-29 09:46:50 +01:00
owner = "hydra-queue-runner";
2023-01-14 20:58:07 +01:00
key = "ssh/builder_id_ed25519";
2023-01-29 09:46:50 +01:00
path = "/var/lib/hydra/queue-runner/.ssh/builder_id_ed25519";
2023-01-14 20:58:07 +01:00
};
2023-01-29 10:57:57 +01:00
system.activationScripts.setupHydraSshConfig = lib.stringAfter ["var"] ''
2023-01-29 09:46:50 +01:00
mkdir -p /var/lib/hydra/queue-runner/.ssh/
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config
'';
2023-11-03 15:08:41 +01:00
systemd.services.clean-s3-cache = let
clean-cache = pkgs.callPackage ../../packages/clean-s3-cache.nix {};
in {
enable = true;
description = "Clean up S3 cache";
serviceConfig = {
2023-11-03 15:08:41 +01:00
ExecStart = "${clean-cache}/bin/clean-s3-cache.py";
User = "hydra-queue-runner";
Group = "hydra";
};
};
2023-11-03 15:08:41 +01:00
systemd.timers.clean-s3-cache = {
enable = true;
2023-11-03 15:08:41 +01:00
description = "Clean up S3 cache";
requires = ["clean-s3-cache.service"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnBootSec = 300;
2023-11-03 15:08:41 +01:00
OnUnitActiveSec = 604800;
};
};
2022-02-18 15:49:19 +01:00
}