diff --git a/config/installer.nix b/config/installer.nix
index 4e951a48..427ef675 100644
--- a/config/installer.nix
+++ b/config/installer.nix
@@ -14,5 +14,4 @@
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
networking.hostId = "8425e349";
- nix.settings.post-build-hook = lib.mkForce "true";
}
diff --git a/config/netboot.nix b/config/netboot.nix
index 82467a2a..44f26fe9 100644
--- a/config/netboot.nix
+++ b/config/netboot.nix
@@ -14,5 +14,4 @@
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
networking.hostId = "8425e349";
- nix.settings.post-build-hook = lib.mkForce "true";
}
diff --git a/config/nix.nix b/config/nix.nix
index 681435b1..5915cd39 100644
--- a/config/nix.nix
+++ b/config/nix.nix
@@ -5,30 +5,10 @@
system,
attic,
...
-}: let
- attic-client =
- if system == "aarch64-linux"
- then attic.packages.${system}.attic-client
- else pkgs.attic-client;
- post-build-hook = pkgs.writeScript "post-build-hook" ''
- #!${pkgs.bash}/bin/bash
- set -euf
- export IFS=' '
- until ${attic-client}/bin/attic push chir-rs $OUT_PATHS; do
- sleep 5
- echo "Retrying..."
- done
- '';
-in {
+}: {
imports = [
./workarounds
];
- sops.secrets."attic/config.toml" = {
- sopsFile = ../secrets/shared.yaml;
- owner = "root";
- key = "attic/config.toml";
- path = "/root/.config/attic/config.toml";
- };
nixpkgs.config.allowUnfree = true;
nix = {
settings = {
@@ -47,7 +27,6 @@ in {
"riscv:TZX1ReuoIGt7QiSQups+92ym8nKJUSV0O2NkS4HAqH8="
"cache.ztier.link-1:3P5j2ZB9dNgFFFVkCQWT3mh0E+S3rIWtZvoql64UaXM="
];
- post-build-hook = "${post-build-hook}";
auto-optimise-store = true;
};
package = pkgs.nix;
diff --git a/config/services/hydra.nix b/config/services/hydra.nix
index 508fe81b..6c43bf5b 100644
--- a/config/services/hydra.nix
+++ b/config/services/hydra.nix
@@ -80,6 +80,10 @@ in {
timeout = 3600
+
+ job = *:*:*
+ command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' >> /var/lib/hydra/queue-runner/upload-queue
+
max_concurrent_evals = 1
'';
giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
@@ -148,4 +152,38 @@ in {
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config
'';
+ sops.secrets."attic/config.toml" = {
+ owner = "hydra-queue-runner";
+ key = "attic/config.toml";
+ path = "/var/lib/hydra/queue-runner/.config/attic/config.toml";
+ };
+
+ systemd.services."upload-hydra-results" = {
+ description = "Upload hydra build results";
+ serviceConfig = {
+ Type = "oneshot";
+ User = "hydra-queue-runner";
+ Group = "hydra";
+ };
+ script = ''
+ set -ex
+ if [ -e /var/lib/hydra/queue-runner/uploading ]; then
+ cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs
+ rm /var/lib/hydra/queue-runner/uploading
+ fi
+ mv /var/lib/hydra/queue-runner/upload-queue /var/lib/hydra/queue-runner/uploading
+ cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs
+ rm /var/lib/hydra/queue-runner/uploading
+ '';
+ };
+ systemd.timers.upload-hydra-results = {
+ enable = true;
+ description = "Upload hydra build results";
+ requires = ["upload-hydra-results.service"];
+ wantedBy = ["multi-user.target"];
+ timerConfig = {
+ OnBootSec = 300;
+ OnUnitActiveSec = 300;
+ };
+ };
}
diff --git a/secrets/nas.yaml b/secrets/nas.yaml
index a7bf4183..11423f9a 100644
--- a/secrets/nas.yaml
+++ b/secrets/nas.yaml
@@ -30,6 +30,8 @@ email:
password:
root: ENC[AES256_GCM,data:edK/dud41KmbX6v8Mxn1vVcaCwG0x4YhGjqLTw3oAigmwixTovz+4yUDrkjTQLb3/eMClqQJnjcJsRBv4chSu+UuNorKIsPM0IX9mkTmVH2soGmdPB21HXOXmisGu33oOyhyojbvlaWlFw==,iv:GiXRuhJVPgkAAp7OYufzXtHusnSPOfAP0ztdAtn14GE=,tag:nIOus2VvzE6d+r/aJOLCBw==,type:str]
darkkirb: ENC[AES256_GCM,data:vmI8B7PWeoKTwOywaGmJmD9gWb09eDcmchx241XrfNvT9QseuSElDTb3OajHornt/OFBPh7EtNi/y1BHF1+DZq0i1tmhYuJy24BLuCPH9VpCb5s5xZZCVtOC6w3qUGqIlLQHYN0Fp1Ap5A==,iv:KkcLQDJSDqeFr3gDByb66MOx8/PbpKpvM9Ym+KMB3jc=,tag:wLLOU4RhWnS+DDSOQLrLHA==,type:str]
+attic:
+ config.toml: ENC[AES256_GCM,data:MXObW3IwmE4qUlEcwdgSJwxrHx1IWos4u5xfJD5FXhoYz7ZzfVy84/EswaQu0f3/KLgxw8nTxnGJtcTWd3s3jBwvMAAo7I+wRNK8N3NJxUAfINf4Fbj3briFt2bGOO769bK0k6Kf+zgpSrtQMv70qTyz+ArV2z03v+s3wzPHt70sanfeCfiZbW9FNjNpMfgf+Wiag50jpiPFrLemgQWZjO0KfKTlbd86MZoIj7PcBHxGjmb9YMoIOt1vNx+L2XjQ8g6C44yHJuhCUWPrylwbn36545GV/JASckY+PioxUvLqwSO1P5V6OipGcW7pnu9UBftpa6dIfeHNq3+U982aCXzE3NevsXxfS7a2hmNFbHgilzJJ+y0uDaQkOPvA4PWcRaPgohBZmaDhTzovxtWeQEWSvqyArbesiNU8uPkcOIxdyJyN+NhVBzt/vQ==,iv:wMiZiVlBX7+m9Iq3mqp0ttjdtKei9rvWfTofhEImOzI=,tag:i1DLB5KxhkwhzRzCV3Dx/g==,type:str]
sops:
kms: []
gcp_kms: []
@@ -45,8 +47,8 @@ sops:
WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-06-06T07:06:29Z"
- mac: ENC[AES256_GCM,data:iuH+6PiDx+8iQlxds8/twFNaf2g2JuuBpCfQIppRxZPEWeVvWpLEaMEuFk+kKZagIrFIhl9LhyXXVqaGKDnXHmo3bOAGksWNq51PWlCODIe1gfWN6hMZHWFrZlcxv0JjyH2Zqou3udsEIc+Fkj3llGYeiNJw30M0lLhd9ORa5tA=,iv:Kdse9i3iT+Iuhxf6c7zGzgA/Jy3mDmGegQ+xcMqnXzk=,tag:ooWhhNvVbLPl+H6R9VODhw==,type:str]
+ lastmodified: "2023-07-06T09:11:22Z"
+ mac: ENC[AES256_GCM,data:clJnGoXIezIEc76YYN+CtO9irokgGkQ7+z+bvcr48yg/EYvot8lM7cjhsqeRtRCTvmt01+i3ZpKhpuPpjlK2mjJLB2BW6SKE5dOG+i+ylIfXLev59T/Q97nzSQ45V7FcMAwy8hvlHdEscfBFkDjnVS8Xron/JL5tqqihSkD2y7M=,iv:P7zpvdIaVrMPQk+a9+eMVuf9kcZOdwlpzj/Q+MTyddE=,tag:el8nV63+XudLuyVM9CIaoA==,type:str]
pgp:
- created_at: "2022-04-24T10:34:20Z"
enc: |
diff --git a/secrets/shared.yaml b/secrets/shared.yaml
index 83708248..701c25b7 100644
--- a/secrets/shared.yaml
+++ b/secrets/shared.yaml
@@ -2,8 +2,6 @@ aws:
credentials: ENC[AES256_GCM,data:/I+mc7fHdztMu9ixDz+LBq/rR7xOni9e7ODoCEStsU/VwuwnelyedeD0OAIQsLozxP1Jss972Uq9K3RfT6HzHLEMZebjyiVGGN7wpWFpdjE4ZQtFAGpTd46vSSQn4K53DDIKO/S8zpuNw52cnHPqCg==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:pyoLebONcWWAKp1OliqFUw==,type:str]
ssh:
builder_id_ed25519: ENC[AES256_GCM,data:aRcRkZS9TXsFas1xz044OECF59bQMepukSQUMFr652MXsW99O9ANuhQ7C2i3HuXtDjrWKfgrsrWQh0R41JuLoENEEd0O0y1k+uHzjtdE0CrzqIdRFwRNUbvrJ4D8S1yEdNoQCjrznvH5pegLpn8h19BQaC755QfkKxhYHQpN0Xkt5JKgZBEYShkEyTn7EhgjRMyKQzQo47TsYBU7S4qi6a4nhjv67MuIZ2Y7R2F5n8ZyFgGjgktcm0GHKq37xvFcFEa4h+vxhzu5Dtb6VfwYqUVApL1C2zv9hhZpx5sBa2/fvEg5awm9cnfnfipFUe1ceEz9zUbZAd4fUKYDvfHC+3KX1CXGauA44nXNz2XDDn3f6DTh/DrbARx4Fi9R5Gcnm8c0OfDxHEgARYIWdjfnf1h1qhTxf9Iau+bYTc7IhlenS/6S8w56XtScVkg/VVQhXZFQy0TFIWe/Sa8k1ArTok0I5Hl31gpCq1HUVkXNO/917RVDhJt42pIEA7Lwd48QXSkmRx+46F3VKjQEC0qj/VRNhd8ZHU66IdxG,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:4PbNcBDCh9yloSij/ajBqQ==,type:str]
-attic:
- config.toml: ENC[AES256_GCM,data:SKgMfpIn4eSHq4nIiS10JcGVvl567CJyMSYPPi0B9dem31rJhd2PNejOEoIePJvr9iq1wR2ypdVx4c6GCLOfT24qFVoWNLWuiGjFjTGVHuZKAo+rL8ealZYwgmAAJfTVKUrT8IWFu5Oy2MeBAYjq2c5BiDt9qoQaghEYXtM6LtoBTiDG8A6+dopHf4bNtwi3BMiUAuz8BTRFP/hASQG5hzyplvKDW98qdnwjJ6ZBDdtv9XLS3KEQEHqj3MMXQAFX104oASJoitNSAqJ4LCxuYuSzRzgl1HRWQ9pCJDViQqdIXq3gFXrfSSGgzwgzzic4A/qsLkSsrS7h2RFBedE4AHOAaMLiHSLMon5RIoXZFZmsKI+k7L5fauT774hryskYoJfIvWbe6WwYInQaRHe7YvRgrfY8U0XTx8Bj2f5dH9rrUR/ESPdBbmHeLw==,iv:Frmb79vIYN09+sw84ETTGiAuC45kssUFk2ecnZt+YqQ=,tag:tG2alQfAuo6YLupr+9iqXg==,type:str]
tailscale: ENC[AES256_GCM,data:OUbgLSvG3VokdF7zcZrun7KNSU0RJwLJeLDSDz4yutFJWIpgMH9vpMl4NsEXPbzNkEvi2ElmQ5Qz,iv:1NmaEp6FnzKc9Y+X66heZGqs4eg1NhAFn9RyutdTfx8=,tag:ec2iD4PHJQtbnXV3rCzoGQ==,type:str]
sops:
kms: []
@@ -74,8 +72,8 @@ sops:
MmtjczU3TTVrUHMzN0lYclRoUXcrYXcKXl1y2wq/24VgTtYwMwIMRb+9AERFLT6M
vWPCs+N4rBja2WmtmPSNNL70UF8ZAQ93dBLq2Ao65N1YRG5XE8zbNQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-07-01T11:21:16Z"
- mac: ENC[AES256_GCM,data:lTnUK9a6ssxavyz4ORkfOyHSL44wCTpmCTGCkLf3Ql61UdoZFA5YvE3rqs3yO549iLqdwgWkna5MvZxpQQ61R4Umu1XY3Lgf6Y5yjHB8jXm49MXfxsJVTMYg83bvhcVFTfwJHOmFDkx1gOAgb8mIYl1+/K1/sf+V/PFy/4j/DI4=,iv:itbzDvLBe0ywsDco0cMZ66++NZgmXEw+dTE4qJkRJyc=,tag:i4Lr+UmHsZzpIiEgOiMSng==,type:str]
+ lastmodified: "2023-07-06T09:11:09Z"
+ mac: ENC[AES256_GCM,data:XujFjvx73/z+hmk4f4tRRvwl/ML25YOZw6etr0P9lhcXlYPelIrqvVLO1vmobt8TYDzngAHdHSNNlhInw00KO73luOLcQhL/1DVMqTgeMSC11ReUhd5KOZLVXOSP0+8ADLXgbGGGY8DyPnZtr1ZWa3dDIBFPt5ZD7RzWz1qKnJ4=,iv:kYPLpSrLEu9pkWw0iwqKmH6Mm8sFjAstr06mcAWnUEU=,tag:NQjXV8sHUrjU//AQJ+4E+Q==,type:str]
pgp:
- created_at: "2023-03-27T16:00:59Z"
enc: |