diff --git a/config/services/hydra/default.nix b/config/services/hydra/default.nix index 97390b4..5f85023 100644 --- a/config/services/hydra/default.nix +++ b/config/services/hydra/default.nix @@ -1,6 +1,7 @@ -{ config, ... }: { +{ config, inputs, lib, ... }: { imports = [ ./nix-config.nix + inputs.lix-module.nixosModules.default ]; sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; @@ -18,8 +19,12 @@ }; kyouma.deployment.auto-upgrade.cache = "daemon"; + nix.package = lib.mkForce inputs.lix-module.packages.${config.nixpkgs.hostPlatform.system}.default; + nix.settings.experimental-features = lib.mkForce [ "nix-command" "flakes" "pipe-operator" ]; + services.hydra = { enable = true; + package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; diff --git a/flake.lock b/flake.lock index a204000..9b92cef 100644 --- a/flake.lock +++ b/flake.lock @@ -280,6 +280,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -293,7 +309,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -310,6 +326,28 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "hydra", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -366,6 +404,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -471,6 +542,28 @@ "type": "github" } }, + "hydra": { + "inputs": { + "lix": [ + "lix" + ], + "nix-eval-jobs": "nix-eval-jobs", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1724017314, + "narHash": "sha256-FFv/JT+A7xG6H1FN6aEHWzhrHXtw16BkSmBx0wgmC9U=", + "ref": "refs/heads/main", + "rev": "3ee51dbe589458cc54ff753317bbc6db530bddc0", + "revCount": 4201, + "type": "git", + "url": "https://git.lix.systems/lix-project/hydra.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/hydra.git" + } + }, "iceshrimp": { "inputs": { "nixpkgs": [ @@ -514,6 +607,61 @@ "url": "https://woof.rip/emily/kyouma-net.git" } }, + "lix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nix2container": "nix2container", + "nixpkgs": "nixpkgs_3", + "nixpkgs-regression": "nixpkgs-regression", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723510904, + "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", + "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + } + }, + "lix_2": { + "flake": false, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -535,6 +683,72 @@ "type": "github" } }, + "nix-eval-jobs": { + "inputs": { + "flake-parts": "flake-parts", + "lix": [ + "hydra", + "lix" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "hydra", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1723579251, + "narHash": "sha256-xnHtfw0gRhV+2S9U7hQwvp2klTy1Iv7FlMMO0/WiMVc=", + "ref": "refs/heads/main", + "rev": "42a160bce2fd9ffebc3809746bc80cc7208f9b08", + "revCount": 609, + "type": "git", + "url": "https://git.lix.systems/lix-project/nix-eval-jobs" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nix-eval-jobs" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "hydra", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720066371, + "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1720642556, + "narHash": "sha256-qsnqk13UmREKmRT7c8hEnz26X3GFFyIQrqx4EaRc1Is=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "3853e5caf9ad24103b13aa6e0e8bcebb47649fe4", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1724067415, @@ -586,6 +800,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1720535198, @@ -619,6 +849,38 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1721931987, + "narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e21630230c77140bc6478a21cd71e8bb73706fce", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1723991338, "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", @@ -637,8 +899,8 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", "home-manager": [ "home-manager" @@ -648,7 +910,7 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1724188973, @@ -666,7 +928,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixvim", "nixpkgs" @@ -686,6 +948,22 @@ "type": "github" } }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "attic": "attic", @@ -694,11 +972,14 @@ "fernglas": "fernglas", "flake-utils": "flake-utils", "home-manager": "home-manager", + "hydra": "hydra", "iceshrimp": "iceshrimp", "kyouma-www": "kyouma-www", + "lix": "lix", + "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", "nixos-needsreboot": "nixos-needsreboot", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_4", "nixvim": "nixvim", "sops-nix": "sops-nix", "stylix": "stylix" @@ -734,7 +1015,7 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" @@ -787,7 +1068,44 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "hydra", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723454642, + "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "349de7bc435bdff37785c2466f054ed1766173be", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixvim", diff --git a/flake.nix b/flake.nix index 5b10af3..68f513a 100644 --- a/flake.nix +++ b/flake.nix @@ -20,13 +20,16 @@ }; fernglas = { url = "github:wobcom/fernglas"; - #inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + hydra = { + url = "git+https://git.lix.systems/lix-project/hydra.git"; + inputs.lix.follows = "lix"; + }; iceshrimp = { url = "git+https://iceshrimp.dev/iceshrimp/packaging"; inputs.nixpkgs.follows = "nixpkgs"; @@ -36,6 +39,11 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; + lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-needsreboot = { url = "github:thefossguy/nixos-needsreboot"; inputs.nixpkgs.follows = "nixpkgs"; @@ -64,10 +72,6 @@ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; builders-use-substitutes = true; - builders = '' - ssh://build@seras.kyouma.net x86_64-linux - 40 40 nixos-test,benchmark,big-parallel,kvm - ssh://build@integra.kyouma.net aarch64-linux - 4 8 nixos-test,benchmark,big-parallel,kvm - ''; }; outputs = { self, nixpkgs, flake-utils, ... }@inputs: let diff --git a/pkgs/build-worker-oci/default.nix b/pkgs/build-worker-oci/default.nix index 745c8ec..a5ea5b4 100644 --- a/pkgs/build-worker-oci/default.nix +++ b/pkgs/build-worker-oci/default.nix @@ -36,7 +36,7 @@ dockerTools.buildLayeredImage { max-silent-time = 14400 min-free = 17179869184 max-free = 34359738368 - system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64-v3 + system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3 EOF mkdir -p /root/.ssh diff --git a/pkgs/build-worker-oci/entrypoint.sh b/pkgs/build-worker-oci/entrypoint.sh index b4035f2..541bd13 100644 --- a/pkgs/build-worker-oci/entrypoint.sh +++ b/pkgs/build-worker-oci/entrypoint.sh @@ -16,13 +16,14 @@ fi [[ ! -d "/mnt/data/nix-store" ]] && mkdir -p /mnt/data/nix-store [[ ! -d "/mnt/data/workdir" ]] && mkdir -p /mnt/data/workdir +[[ ! -d "/mnt/data/tmp" ]] && mkdir -p /mnt/data/tmp + rm -rf /mnt/data/nix-store/* rm -f /etc/nix/nix.conf cp /root/nix.conf /etc/nix/nix.conf -/bin/mount -t overlay overlay -o lowerdir=/nix/store,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix/store - -#nix-store --gc --max-freed 1T +/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix +/bin/mount --bind /mnt/data/tmp /tmp /root/.nix-profile/bin/sshd -D -f /root/sshd_config