2022-06-12 15:39:15 +00:00
|
|
|
{
|
|
|
|
|
system,
|
2023-12-18 09:14:07 +00:00
|
|
|
attic,
|
2022-06-12 15:39:15 +00:00
|
|
|
lib,
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
2023-12-19 14:41:21 +00:00
|
|
|
hydra,
|
2024-12-01 08:48:07 +00:00
|
|
|
nix-eval-jobs,
|
2022-06-12 15:39:15 +00:00
|
|
|
...
|
2024-12-01 08:48:07 +00:00
|
|
|
}:
|
|
|
|
|
let
|
2022-04-25 08:49:27 +00:00
|
|
|
machines = pkgs.writeText "machines" ''
|
2023-10-19 08:04:26 +00:00
|
|
|
localhost armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 12 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver1,gccarch-skylake,ca-derivations -
|
|
|
|
|
build-aarch64 aarch64-linux,riscv32-linux,riscv64-linux - 4 1 nixos-test,benchmark,ca-derivations,gccarch-armv8-a,gccarch-armv8.1-a,gccarch-armv8.2-a,big-parallel -
|
|
|
|
|
build-riscv riscv64-linux,riscv32-linux - 4 2 nixos-test,benchmark,ca-derivations,gccarch-rv64gc_zba_zbb,gccarch-rv64gc_zba,gccarch-rv64gc_zbb,ccarch-rv64gc,gccarch-rv32gc_zba_zbb,gccarch-rv32gc_zba,gccarch-rv32gc_zbb,gccarch-rv32gc,big-parallel,native-riscv -
|
2022-04-25 08:49:27 +00:00
|
|
|
'';
|
2024-12-01 13:40:07 +00:00
|
|
|
sshConfig =
|
|
|
|
|
home:
|
|
|
|
|
pkgs.writeText "ssh-config" ''
|
|
|
|
|
Host build-aarch64
|
|
|
|
|
Port 22
|
|
|
|
|
IdentitiesOnly yes
|
|
|
|
|
User remote-build
|
|
|
|
|
HostName instance-20221213-1915.int.chir.rs
|
|
|
|
|
IdentityFile ${home}/.ssh/builder_id_ed25519
|
|
|
|
|
Host build-nas
|
|
|
|
|
Port 22
|
|
|
|
|
IdentitiesOnly yes
|
|
|
|
|
User remote-build
|
|
|
|
|
HostName nas.int.chir.rs
|
|
|
|
|
IdentityFile ${home}/.ssh/builder_id_ed25519
|
|
|
|
|
Host build-rainbow-resort
|
|
|
|
|
Port 22
|
|
|
|
|
IdentitiesOnly yes
|
|
|
|
|
User remote-build
|
|
|
|
|
HostName rainbow-resort.int.chir.rs
|
|
|
|
|
IdentityFile ${home}/.ssh/builder_id_ed25519
|
|
|
|
|
Host build-riscv
|
|
|
|
|
Port 22
|
|
|
|
|
IdentitiesOnly yes
|
|
|
|
|
User remote-build
|
|
|
|
|
HostName not522.tailbab65.ts.net
|
|
|
|
|
IdentityFile ${home}/.ssh/builder_id_ed25519
|
2023-01-29 08:46:50 +00:00
|
|
|
|
2024-12-01 13:40:07 +00:00
|
|
|
Host *
|
|
|
|
|
ForwardAgent no
|
|
|
|
|
Compression no
|
|
|
|
|
ServerAliveInterval 0
|
|
|
|
|
ServerAliveCountMax 3
|
|
|
|
|
HashKnownHosts no
|
|
|
|
|
UserKnownHostsFile ~/.ssh/known_hosts
|
|
|
|
|
ControlMaster auto
|
|
|
|
|
ControlPath ~/.ssh/master-%r@%n:%p
|
|
|
|
|
ControlPersist 10m
|
|
|
|
|
'';
|
2024-12-01 08:48:07 +00:00
|
|
|
nix-eval-jobs-script = pkgs.stdenvNoCC.mkDerivation {
|
|
|
|
|
name = "remote-eval-jobs.py";
|
|
|
|
|
src = ./hydra/remote-eval-jobs.py;
|
|
|
|
|
dontUnpack = true;
|
|
|
|
|
dontBuild = true;
|
|
|
|
|
installPhase = ''
|
|
|
|
|
substitute $src $out \
|
2024-12-01 11:01:02 +00:00
|
|
|
--subst-var-by python3 ${pkgs.python3}/bin/python3 \
|
|
|
|
|
--subst-var-by ping ${pkgs.iputils}/bin/ping \
|
|
|
|
|
--subst-var-by nix-eval-jobs ${nix-eval-jobs.packages.x86_64-linux.nix-eval-jobs}/bin/nix-eval-jobs \
|
|
|
|
|
--subst-var-by nix ${pkgs.nix}/bin/nix \
|
2024-12-01 08:48:07 +00:00
|
|
|
--subst-var-by ssh ${pkgs.openssh}/bin/ssh
|
2024-12-01 12:57:39 +00:00
|
|
|
chmod +x $out
|
2024-12-01 08:48:07 +00:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
2022-02-18 14:49:19 +00:00
|
|
|
imports = [
|
2022-12-16 07:26:04 +00:00
|
|
|
./postgres.nix
|
2022-02-18 15:58:36 +00:00
|
|
|
../../modules/hydra.nix
|
2024-09-10 09:04:36 +00:00
|
|
|
hydra.nixosModules.hydra
|
2022-02-18 14:49:19 +00:00
|
|
|
];
|
2024-09-12 10:32:06 +00:00
|
|
|
nixpkgs.overlays = [
|
|
|
|
|
hydra.overlays.default
|
|
|
|
|
];
|
2024-09-10 09:04:36 +00:00
|
|
|
services.hydra-dev = {
|
2022-02-18 14:49:19 +00:00
|
|
|
enable = true;
|
2024-09-17 13:12:32 +00:00
|
|
|
package = hydra.packages.${system}.hydra.overrideAttrs (super: {
|
2023-12-19 14:57:17 +00:00
|
|
|
doCheck = false;
|
|
|
|
|
doInstallCheck = false;
|
2024-12-01 08:48:07 +00:00
|
|
|
patches = super.patches or [ ] ++ [
|
|
|
|
|
./hydra/0001-add-gitea-pulls.patch
|
|
|
|
|
./hydra/0002-unlimit-output.patch
|
|
|
|
|
./hydra/0003-remove-pr-number-from-github-job-name.patch
|
|
|
|
|
./hydra/0004-use-pulls-instead-of-issues.patch
|
|
|
|
|
./hydra/0005-only-list-open-prs.patch
|
|
|
|
|
./hydra/0006-status-state.patch
|
|
|
|
|
./hydra/0007-hydra-server-findLog-fix-issue-with-ca-derivations-e.patch
|
|
|
|
|
];
|
|
|
|
|
postPatch =
|
|
|
|
|
super.postPatch or ""
|
|
|
|
|
+ ''
|
|
|
|
|
substituteInPlace src/script/hydra-eval-jobset --replace-fail nix-eval-jobs ${nix-eval-jobs-script}
|
|
|
|
|
'';
|
2023-12-19 14:41:21 +00:00
|
|
|
});
|
2022-04-15 08:27:53 +00:00
|
|
|
hydraURL = "https://hydra.chir.rs/";
|
2022-02-18 14:49:19 +00:00
|
|
|
notificationSender = "hydra@chir.rs";
|
2022-02-18 14:56:22 +00:00
|
|
|
useSubstitutes = true;
|
2022-06-25 07:25:21 +00:00
|
|
|
port = 3001;
|
2022-02-18 15:58:36 +00:00
|
|
|
extraConfig = ''
|
|
|
|
|
<gitea_authorization>
|
|
|
|
|
darkkirb = #gitea_token#
|
2024-09-04 12:50:10 +00:00
|
|
|
ProcyOS = #gitea_token#
|
2022-02-18 15:58:36 +00:00
|
|
|
</gitea_authorization>
|
2022-04-10 12:07:53 +00:00
|
|
|
<github_authorization>
|
2022-04-15 09:41:10 +00:00
|
|
|
DarkKirb = Bearer #github_token#
|
2022-04-10 12:07:53 +00:00
|
|
|
</github_authorization>
|
2022-04-15 08:09:53 +00:00
|
|
|
<githubstatus>
|
|
|
|
|
jobs = .*
|
|
|
|
|
</githubstatus>
|
2022-05-03 09:31:27 +00:00
|
|
|
<hydra_notify>
|
|
|
|
|
<prometheus>
|
2023-12-10 20:27:33 +00:00
|
|
|
listen_address = 0.0.0.0
|
|
|
|
|
port = 8905
|
2022-05-03 09:31:27 +00:00
|
|
|
</prometheus>
|
|
|
|
|
</hydra_notify>
|
2022-10-01 13:45:11 +00:00
|
|
|
binary_cache_secret_key_file = ${config.sops.secrets."services/hydra/cache-key".path}
|
2022-10-05 11:32:15 +00:00
|
|
|
<git-input>
|
|
|
|
|
timeout = 3600
|
|
|
|
|
</git-input>
|
2023-10-09 15:17:39 +00:00
|
|
|
<runcommand>
|
|
|
|
|
job = *:*:*
|
2023-12-19 20:49:37 +00:00
|
|
|
command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' >> /var/lib/hydra/queue-runner/upload
|
2023-10-09 15:17:39 +00:00
|
|
|
</runcommand>
|
2023-03-22 06:13:31 +00:00
|
|
|
max_concurrent_evals = 1
|
2022-02-18 15:58:36 +00:00
|
|
|
'';
|
|
|
|
|
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
|
2022-04-10 12:07:53 +00:00
|
|
|
githubTokenFile = "/run/secrets/services/hydra/github_token";
|
2022-04-30 08:43:02 +00:00
|
|
|
buildMachinesFiles = [
|
2022-04-30 08:39:45 +00:00
|
|
|
"${machines}"
|
|
|
|
|
"/run/hydra-machines"
|
|
|
|
|
];
|
2022-02-18 14:49:19 +00:00
|
|
|
};
|
2024-12-01 08:48:07 +00:00
|
|
|
nix.settings.allowed-uris = [
|
|
|
|
|
"github:"
|
|
|
|
|
"https://"
|
|
|
|
|
"http://"
|
|
|
|
|
];
|
|
|
|
|
sops.secrets."services/hydra/gitea_token" = { };
|
|
|
|
|
sops.secrets."services/hydra/github_token" = { };
|
2022-04-24 20:54:42 +00:00
|
|
|
sops.secrets."services/hydra/cache-key" = {
|
2022-06-30 11:56:20 +00:00
|
|
|
owner = "hydra-www";
|
|
|
|
|
mode = "0440";
|
2022-04-24 20:54:42 +00:00
|
|
|
};
|
2022-08-26 16:45:19 +00:00
|
|
|
services.caddy.virtualHosts."hydra.int.chir.rs" = {
|
2022-08-28 13:18:42 +00:00
|
|
|
useACMEHost = "int.chir.rs";
|
2022-12-30 13:03:57 +00:00
|
|
|
logFormat = pkgs.lib.mkForce "";
|
2022-08-26 15:28:14 +00:00
|
|
|
extraConfig = ''
|
|
|
|
|
import baseConfig
|
|
|
|
|
|
2024-09-12 06:43:08 +00:00
|
|
|
reverse_proxy http://127.0.0.1:${toString config.services.hydra-dev.port} {
|
2022-08-26 16:45:19 +00:00
|
|
|
trusted_proxies private_ranges
|
|
|
|
|
}
|
2022-08-26 15:28:14 +00:00
|
|
|
'';
|
2022-04-20 08:24:42 +00:00
|
|
|
};
|
2022-04-13 12:35:20 +00:00
|
|
|
sops.secrets."services/hydra/aws_credentials" = {
|
2022-06-30 14:43:03 +00:00
|
|
|
owner = "hydra-queue-runner";
|
|
|
|
|
path = "/var/lib/hydra/queue-runner/.aws/credentials";
|
2024-12-01 08:48:07 +00:00
|
|
|
restartUnits = [ "hydra-notify.service" ];
|
2022-04-13 12:35:20 +00:00
|
|
|
};
|
2022-04-30 08:39:45 +00:00
|
|
|
systemd.services.update-hydra-hosts = {
|
|
|
|
|
description = "Update hydra hosts";
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
};
|
|
|
|
|
script = ''
|
2023-12-06 16:28:12 +00:00
|
|
|
if ${pkgs.iputils}/bin/ping -c 1 rainbow-resort.int.chir.rs; then
|
|
|
|
|
echo "build-rainbow-resort armv7l-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,wasm32-wasi,x86_64-linux,i686-linux,riscv32-linux,riscv64-linux - 16 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver4,gccarch-znver3,gccarch-znver2,gccarch-znver1,gccarch-skylake,gccarch-skylake-avx512,ca-derivations -" > /run/hydra-machines
|
2022-05-03 05:56:00 +00:00
|
|
|
else
|
|
|
|
|
rm -f /run/hydra-machines
|
2022-04-30 08:39:45 +00:00
|
|
|
fi
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
systemd.timers.update-hydra-hosts = {
|
|
|
|
|
enable = true;
|
|
|
|
|
description = "Update hydra hosts";
|
2024-12-01 08:48:07 +00:00
|
|
|
requires = [ "update-hydra-hosts.service" ];
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2022-04-30 08:39:45 +00:00
|
|
|
timerConfig = {
|
|
|
|
|
OnBootSec = 300;
|
|
|
|
|
OnUnitActiveSec = 300;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-12-01 08:48:07 +00:00
|
|
|
nix.settings.trusted-users = [ "@hydra" ];
|
2024-12-01 13:35:12 +00:00
|
|
|
sops.secrets."hydra-evaluator/ssh/builder_id_ed25519" = {
|
|
|
|
|
sopsFile = ../../secrets/shared.yaml;
|
|
|
|
|
owner = "hydra";
|
|
|
|
|
key = "ssh/builder_id_ed25519";
|
|
|
|
|
path = "/var/lib/hydra/.ssh/builder_id_ed25519";
|
|
|
|
|
};
|
2023-01-14 19:58:07 +00:00
|
|
|
sops.secrets."hydra/ssh/builder_id_ed25519" = {
|
|
|
|
|
sopsFile = ../../secrets/shared.yaml;
|
2023-01-29 08:46:50 +00:00
|
|
|
owner = "hydra-queue-runner";
|
2023-01-14 19:58:07 +00:00
|
|
|
key = "ssh/builder_id_ed25519";
|
2023-01-29 08:46:50 +00:00
|
|
|
path = "/var/lib/hydra/queue-runner/.ssh/builder_id_ed25519";
|
2023-01-14 19:58:07 +00:00
|
|
|
};
|
2024-12-01 08:48:07 +00:00
|
|
|
system.activationScripts.setupHydraSshConfig = lib.stringAfter [ "var" ] ''
|
2023-01-29 08:46:50 +00:00
|
|
|
mkdir -p /var/lib/hydra/queue-runner/.ssh/
|
|
|
|
|
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
|
2024-12-01 13:40:07 +00:00
|
|
|
ln -svf ${sshConfig "/var/lib/hydra/queue-runner"} /var/lib/hydra/queue-runner/.ssh/config
|
2024-12-01 13:35:12 +00:00
|
|
|
mkdir -p /var/lib/hydra/.ssh/
|
|
|
|
|
chown -Rv hydra /var/lib/hydra/.ssh
|
2024-12-01 13:40:07 +00:00
|
|
|
ln -svf ${sshConfig "/var/lib/hydra"} /var/lib/hydra/.ssh/config
|
2023-01-29 08:46:50 +00:00
|
|
|
'';
|
2023-12-18 09:14:07 +00:00
|
|
|
sops.secrets."attic/config.toml" = {
|
|
|
|
|
owner = "hydra-queue-runner";
|
|
|
|
|
key = "attic/config.toml";
|
|
|
|
|
path = "/var/lib/hydra/queue-runner/.config/attic/config.toml";
|
|
|
|
|
};
|
2024-09-11 07:45:00 +00:00
|
|
|
services.postgresql.ensureDatabases = [
|
|
|
|
|
"hydra-queue-runner"
|
|
|
|
|
];
|
|
|
|
|
services.postgresql.ensureUsers = [
|
|
|
|
|
{
|
|
|
|
|
name = "hydra-queue-runner";
|
|
|
|
|
ensureDBOwnership = true;
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-12-18 09:14:07 +00:00
|
|
|
|
2023-12-19 14:41:21 +00:00
|
|
|
systemd.services."attic-queue" = {
|
|
|
|
|
description = "Upload build results";
|
2024-12-01 08:48:07 +00:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2023-07-06 09:38:00 +00:00
|
|
|
serviceConfig = {
|
|
|
|
|
User = "hydra-queue-runner";
|
|
|
|
|
Group = "hydra";
|
|
|
|
|
};
|
2023-12-18 09:14:07 +00:00
|
|
|
script = ''
|
2023-12-19 14:41:21 +00:00
|
|
|
export QUEUE_PATH=/var/lib/hydra/queue-runner/upload
|
2024-09-11 07:45:00 +00:00
|
|
|
export DATABASE_PATH=postgresql:///hydra-queue-runner
|
2023-12-22 17:05:59 +00:00
|
|
|
export RUST_LOG=info
|
2023-12-19 14:41:21 +00:00
|
|
|
exec ${attic.packages.${system}.attic-queue}/bin/attic-queue
|
2023-12-18 09:14:07 +00:00
|
|
|
'';
|
2023-07-06 09:38:00 +00:00
|
|
|
};
|
2022-02-18 14:49:19 +00:00
|
|
|
}
|
