VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions
nixos-conf/modules/services/hydra.nix

108 lines
2.5 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
cfg = config.custom.hydra;
hydraDomain = "ci.sinerva.eu";
cacheDomain = "cache.sinerva.eu";
in
{
options.custom.hydra.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf cfg.enable {
custom = {
nginxHttpsServer.enable = true;
acmeHttpClient.enable = true;
};
systemd.tmpfiles.settings."hydra-home"."/var/lib/hydra".d = {
user = "hydra";
group = "hydra";
mode = "0750";
};
environment.persistence."/persist" = {
directories = [
{
directory = "/var/lib/postgresql";
user = "postgresql";
group = "postgresql";
mode = "u=rwx,g=rx,o=";
}
];
files = [ "/var/lib/hydra/.db-created" ];
};
sops.secrets.priv-cache-key.sopsFile = ../../secrets/ci.yaml;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
systemd.services.hydra-server = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
};
services = {
hydra = {
enable = true;
hydraURL = "https://${hydraDomain}";
listenHost = "localhost";
notificationSender = "hydra@sinerva.eu";
port = 8080;
useSubstitutes = true;
extraConfig = ''
<dynamicruncommand>
enable = 1
</dynamicruncommand>
'';
};
nix-serve = {
enable = true;
bindAddress = "127.0.0.2";
port = 8081;
secretKeyFile = config.sops.secrets.priv-cache-key.path;
};
nginx.virtualHosts = {
${hydraDomain}.locations."/" = {
proxyPass = "http://localhost:8080";
};
${cacheDomain}.locations."/" = {
proxyPass = "http://127.0.0.2:8081";
};
};
};
nix = {
settings.allowed-uris = [
"github:"
"git+https://github.com/"
"git+ssh://github.com/"
];
buildMachines = [
{
hostName = "localhost";
protocol = null;
systems = [
"x86_64-linux"
"aarch64-linux"
];
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
maxJobs = 6;
}
];
gc = {
options = lib.mkForce "--delete-older-than 1d";
dates = lib.mkForce "hourly";
randomizedDelaySec = lib.mkForce "0";
};
};
};
}
View git blame Copy permalink