nixos-config/modules/hydra.nix

106 lines
3.2 KiB
Nix

{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.services.hydra;
baseDir = "/var/lib/hydra";
hydraConf = pkgs.writeScript "hydra.conf" cfg.extraConfig;
localDB = "dbi:Pg:dbname=hydra;user=hydra;";
haveLocalDB = cfg.dbi == localDB;
in {
###### interface
options = {
services.hydra = {
giteaTokenFile = mkOption {
type = with types; str;
default = "";
description = ''
Path to the gitea token secret
'';
example = literalExpression ''"/run/secrets/hydra/gitea-token"'';
};
githubTokenFile = mkOption {
type = with types; str;
default = "";
description = ''
Path to the github token secret
'';
example = literalExpression ''"/run/secrets/hydra/github-token"'';
};
};
};
config = mkIf cfg.enable {
systemd.services.hydra-init = {
preStart = lib.mkForce ''
mkdir -p ${baseDir}
chown hydra.hydra ${baseDir}
chmod 0750 ${baseDir}
cp ${hydraConf} ${baseDir}/hydra.conf
${
if (cfg.giteaTokenFile == "")
then ''
GITEA_TOKEN="#gitea_token#"
''
else ''
GITEA_TOKEN="$(head -n 1 ${cfg.giteaTokenFile})"
''
}
${
if (cfg.githubTokenFile == "")
then ''
GITHUB_TOKEN="#github_token#"
''
else ''
GITHUB_TOKEN="$(head -n 1 ${cfg.githubTokenFile})"
''
}
sed -i -e "s|#gitea_token#|$GITEA_TOKEN|" ${baseDir}/hydra.conf
sed -i -e "s|#github_token#|$GITHUB_TOKEN|" ${baseDir}/hydra.conf
mkdir -m 0700 -p ${baseDir}/www
chown hydra-www.hydra ${baseDir}/www
mkdir -m 0700 -p ${baseDir}/queue-runner
mkdir -m 0750 -p ${baseDir}/build-logs
chown hydra-queue-runner.hydra ${baseDir}/queue-runner ${baseDir}/build-logs
${optionalString haveLocalDB ''
if ! [ -e ${baseDir}/.db-created ]; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser hydra
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O hydra hydra
touch ${baseDir}/.db-created
fi
echo "create extension if not exists pg_trgm" | ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra
''}
if [ ! -e ${cfg.gcRootsDir} ]; then
# Move legacy roots directory.
if [ -e /nix/var/nix/gcroots/per-user/hydra/hydra-roots ]; then
mv /nix/var/nix/gcroots/per-user/hydra/hydra-roots ${cfg.gcRootsDir}
fi
mkdir -p ${cfg.gcRootsDir}
fi
# Move legacy hydra-www roots.
if [ -e /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots ]; then
find /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots/ -type f \
| xargs -r mv -f -t ${cfg.gcRootsDir}/
rmdir /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots
fi
chown hydra.hydra ${cfg.gcRootsDir}
chmod 2775 ${cfg.gcRootsDir}
'';
};
};
}