nixfiles/config/services/hydra/default.nix

63 lines
2.1 KiB
Nix
Raw Normal View History

2024-08-21 21:53:01 +02:00
{ config, inputs, lib, ... }: {
2024-05-11 16:02:39 +02:00
imports = [
./nix-config.nix
2024-08-21 21:53:01 +02:00
inputs.lix-module.nixosModules.default
2024-05-11 16:02:39 +02:00
];
2024-05-10 20:09:39 +02:00
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
2024-05-11 16:27:31 +02:00
sopsFile = ../../../secrets/services/hydra.yaml;
2024-05-10 20:09:39 +02:00
};
2024-07-24 00:11:04 +02:00
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
2024-07-23 19:47:05 +02:00
path = "/var/lib/hydra/.ssh/id_ed25519";
2024-07-24 00:11:04 +02:00
owner = "hydra";
mode = "0400";
sopsFile = ../../../secrets/services/hydra.yaml;
};
sops.secrets."services/hydra/id_ed25519_hydra" = {
2024-05-14 14:17:53 +02:00
owner = "hydra-queue-runner";
sopsFile = ../../../secrets/services/hydra.yaml;
};
kyouma.deployment.auto-upgrade.cache = "daemon";
2024-05-11 16:27:31 +02:00
2024-08-21 21:53:01 +02:00
nix.package = lib.mkForce inputs.lix-module.packages.${config.nixpkgs.hostPlatform.system}.default;
nix.settings.experimental-features = lib.mkForce [ "nix-command" "flakes" "pipe-operator" ];
2024-05-09 20:21:49 +02:00
services.hydra = {
enable = true;
2024-08-21 21:53:01 +02:00
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
2024-05-09 20:21:49 +02:00
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";
minimumDiskFree = 2;
useSubstitutes = true;
2024-05-10 20:09:39 +02:00
extraConfig = ''
2024-05-11 20:09:40 +02:00
server_store_uri = https://cache.kyouma.net
2024-05-10 20:09:39 +02:00
binary_cache_public_uri = https://cache.kyouma.net
2024-05-11 17:46:14 +02:00
evaluator_workers = 8
2024-07-25 01:10:04 +02:00
evaluator_max_memory_size = 16384
2024-05-10 20:09:39 +02:00
'';
2024-05-09 20:21:49 +02:00
};
2024-05-11 16:27:31 +02:00
services.harmonia = {
enable = true;
signKeyPath = config.sops.secrets."services/hydra/signKey".path;
settings = {
bind = "[::1]:5555";
};
};
2024-05-11 16:02:39 +02:00
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
2024-05-10 20:09:39 +02:00
kyouma.nginx.virtualHosts = {
2024-05-11 16:27:31 +02:00
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
"cache.kyouma.net" = {
2024-05-11 20:09:40 +02:00
locations."/".proxyPass = "http://[::1]:5555";
2024-05-10 20:09:39 +02:00
locations."= /" = {
2024-05-11 16:27:31 +02:00
return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' '';
2024-05-10 20:09:39 +02:00
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
2024-05-09 20:21:49 +02:00
};
};
2024-05-11 16:02:39 +02:00
security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ];
2024-05-09 20:21:49 +02:00
}