2024-08-21 21:53:01 +02:00
|
|
|
{ config, inputs, lib, ... }: {
|
2024-05-11 16:02:39 +02:00
|
|
|
imports = [
|
|
|
|
./nix-config.nix
|
2024-10-17 15:58:16 +02:00
|
|
|
inputs.hydra.nixosModules.hydra
|
2024-05-11 16:02:39 +02:00
|
|
|
];
|
2024-05-10 20:09:39 +02:00
|
|
|
sops.secrets."services/hydra/signKey" = {
|
|
|
|
owner = "hydra-queue-runner";
|
2024-05-11 16:27:31 +02:00
|
|
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
2024-05-10 20:09:39 +02:00
|
|
|
};
|
2024-07-24 00:11:04 +02:00
|
|
|
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
|
2024-07-23 19:47:05 +02:00
|
|
|
path = "/var/lib/hydra/.ssh/id_ed25519";
|
2024-07-24 00:11:04 +02:00
|
|
|
owner = "hydra";
|
|
|
|
mode = "0400";
|
|
|
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
|
|
|
};
|
|
|
|
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
2024-05-14 14:17:53 +02:00
|
|
|
owner = "hydra-queue-runner";
|
|
|
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
|
|
|
};
|
2024-05-14 15:27:57 +02:00
|
|
|
kyouma.deployment.auto-upgrade.cache = "daemon";
|
2024-05-11 16:27:31 +02:00
|
|
|
|
2024-10-17 15:58:16 +02:00
|
|
|
services.hydra-dev = {
|
2024-05-09 20:21:49 +02:00
|
|
|
enable = true;
|
2024-08-21 21:53:01 +02:00
|
|
|
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
|
2024-05-09 20:21:49 +02:00
|
|
|
hydraURL = "https://hydra.kyouma.net";
|
|
|
|
listenHost = "localhost";
|
|
|
|
notificationSender = "hydra@hydra.kyouma.net";
|
|
|
|
minimumDiskFree = 2;
|
|
|
|
useSubstitutes = true;
|
2024-05-10 20:09:39 +02:00
|
|
|
extraConfig = ''
|
2024-05-11 20:09:40 +02:00
|
|
|
server_store_uri = https://cache.kyouma.net
|
2024-05-10 20:09:39 +02:00
|
|
|
binary_cache_public_uri = https://cache.kyouma.net
|
2024-11-16 17:54:02 +01:00
|
|
|
evaluator_workers = 6
|
|
|
|
evaluator_max_memory_size = 12288
|
2024-10-18 16:17:20 +02:00
|
|
|
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
|
2024-05-10 20:09:39 +02:00
|
|
|
'';
|
2024-05-09 20:21:49 +02:00
|
|
|
};
|
2024-05-11 16:27:31 +02:00
|
|
|
services.harmonia = {
|
|
|
|
enable = true;
|
2024-09-10 10:45:08 +02:00
|
|
|
signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path;
|
2024-05-11 16:27:31 +02:00
|
|
|
settings = {
|
|
|
|
bind = "[::1]:5555";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-10-23 12:50:16 +02:00
|
|
|
systemd.services.hydra-evaluator.serviceConfig = {
|
|
|
|
MemoryHigh = "250G";
|
|
|
|
MemoryMax = "254G";
|
|
|
|
};
|
|
|
|
|
2024-05-11 16:02:39 +02:00
|
|
|
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
|
2024-05-10 20:09:39 +02:00
|
|
|
kyouma.nginx.virtualHosts = {
|
2024-05-11 16:27:31 +02:00
|
|
|
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
|
|
|
|
"cache.kyouma.net" = {
|
2024-05-11 20:09:40 +02:00
|
|
|
locations."/".proxyPass = "http://[::1]:5555";
|
2024-05-10 20:09:39 +02:00
|
|
|
locations."= /" = {
|
2024-05-11 16:27:31 +02:00
|
|
|
return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' '';
|
2024-05-10 20:09:39 +02:00
|
|
|
extraConfig = ''
|
|
|
|
types { } default_type "text/plain; charset=utf-8";
|
|
|
|
'';
|
|
|
|
};
|
2024-05-09 20:21:49 +02:00
|
|
|
};
|
|
|
|
};
|
2024-05-11 16:02:39 +02:00
|
|
|
security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ];
|
2024-05-09 20:21:49 +02:00
|
|
|
}
|