diff --git a/config/nix.nix b/config/nix.nix index 9f9850cd..d8dc70f0 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -17,6 +17,7 @@ builders-use-substitutes = true; substituters = [ "https://f000.backblazeb2.com/file/cache-chir-rs/" + "https://hydra.int.chir.rs/" ]; trusted-public-keys = [ "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg=" diff --git a/config/programs/helix/languages.nix b/config/programs/helix/languages.nix index ac9dc842..0fdc44ca 100644 --- a/config/programs/helix/languages.nix +++ b/config/programs/helix/languages.nix @@ -1,8 +1,4 @@ -{ - pkgs, - ... -}: -{ +{pkgs, ...}: { programs.helix.languages = [ { auto-format = true; diff --git a/config/services/hydra.nix b/config/services/hydra.nix index 978183ae..0d493e8c 100644 --- a/config/services/hydra.nix +++ b/config/services/hydra.nix @@ -16,10 +16,18 @@ machines = pkgs.writeText "machines" '' localhost armv7l-linux,aarch64-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,riscv32-linux,riscv64-linux,wasm32-wasi,x86_64-linux,i686-linux - 12 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver1,gccarch-skylake,ca-derivations - ''; - run_deploy = pkgs.writeScript "run_deploy" '' - export GITHUB_TOKEN=$(cat /run/secrets/services/hydra/github_token) - - ${pkgs.github-cli}/bin/gh workflow run deploy.yml -R + post-build-hook = pkgs.writeScript "post-build-hook" '' + #!/bin/sh + set -euf + export IFS=' ' + systemd_unitname=upload-derivation@$(${pkgs.systemd}/bin/systemd-escape "$DRV_PATH") + ${pkgs.systemd}/bin/systemctl start "$systemd_unitname" --no-block + ''; + upload-script = pkgs.writeScript "upload-script" '' + #!/bin/sh + set -xefu + ${pkgs.nix}/bin/nix store sign --key-file ${config.sops.secrets."services/hydra/cache-key".path} $1 + ${pkgs.nix}/bin/nix copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=${config.sops.secrets."services/hydra/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15' $1 ''; in { imports = [ @@ -43,7 +51,6 @@ in { jobs = .* - store_uri = s3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=${config.sops.secrets."services/hydra/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15 listen_address = 127.0.0.1 @@ -121,5 +128,17 @@ in { OnUnitActiveSec = 300; }; }; + systemd.services."upload-derivation@" = { + description = "Upload %I to the nix cache"; + onFailure = lib.mkForce []; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 30; + User = "hydra-queue-runner"; + Group = "hydra"; + ExecStart = "${upload-script} %I"; + }; + }; nix.settings.trusted-users = ["@hydra"]; + nix.settings.post-build-hook = "${post-build-hook}"; }