nixfiles/config/services/hydra/default.nix

66 lines
2 KiB
Nix
Raw Normal View History

2024-08-21 21:53:01 +02:00
{ config, inputs, lib, ... }: {
2024-05-11 16:02:39 +02:00
imports = [
./nix-config.nix
2024-10-17 15:58:16 +02:00
inputs.hydra.nixosModules.hydra
2024-05-11 16:02:39 +02:00
];
2024-05-10 20:09:39 +02:00
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
2024-05-11 16:27:31 +02:00
sopsFile = ../../../secrets/services/hydra.yaml;
2024-05-10 20:09:39 +02:00
};
2024-07-24 00:11:04 +02:00
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
2024-07-23 19:47:05 +02:00
path = "/var/lib/hydra/.ssh/id_ed25519";
2024-07-24 00:11:04 +02:00
owner = "hydra";
mode = "0400";
sopsFile = ../../../secrets/services/hydra.yaml;
};
sops.secrets."services/hydra/id_ed25519_hydra" = {
2024-05-14 14:17:53 +02:00
owner = "hydra-queue-runner";
sopsFile = ../../../secrets/services/hydra.yaml;
};
kyouma.deployment.auto-upgrade.cache = "daemon";
2024-05-11 16:27:31 +02:00
2024-10-17 15:58:16 +02:00
services.hydra-dev = {
2024-05-09 20:21:49 +02:00
enable = true;
2024-08-21 21:53:01 +02:00
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
2024-05-09 20:21:49 +02:00
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";
minimumDiskFree = 2;
useSubstitutes = true;
2024-05-10 20:09:39 +02:00
extraConfig = ''
2024-05-11 20:09:40 +02:00
server_store_uri = https://cache.kyouma.net
2024-05-10 20:09:39 +02:00
binary_cache_public_uri = https://cache.kyouma.net
2024-11-16 17:54:02 +01:00
evaluator_workers = 6
evaluator_max_memory_size = 12288
2024-10-18 16:17:20 +02:00
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
2024-05-10 20:09:39 +02:00
'';
2024-05-09 20:21:49 +02:00
};
2024-05-11 16:27:31 +02:00
services.harmonia = {
enable = true;
2024-09-10 10:45:08 +02:00
signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
2024-05-11 16:27:31 +02:00
settings = {
bind = "[::1]:5555";
};
};
2024-10-23 12:50:16 +02:00
systemd.services.hydra-evaluator.serviceConfig = {
MemoryHigh = "250G";
MemoryMax = "254G";
};
2024-05-11 16:02:39 +02:00
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
2024-05-10 20:09:39 +02:00
kyouma.nginx.virtualHosts = {
2024-05-11 16:27:31 +02:00
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
"cache.kyouma.net" = {
2024-05-11 20:09:40 +02:00
locations."/".proxyPass = "http://[::1]:5555";
2024-05-10 20:09:39 +02:00
locations."= /" = {
2024-05-11 16:27:31 +02:00
return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' '';
2024-05-10 20:09:39 +02:00
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
2024-05-09 20:21:49 +02:00
};
};
2024-05-11 16:02:39 +02:00
security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ];
2024-05-09 20:21:49 +02:00
}