mikael/nixfiles-emily
1
0
Fork 0
forked from emily/nixfiles
Code Pull requests Activity
nixfiles-emily/config/services/hydra.nix
emily 50d39392f8
added harmonia
2024-05-11 11:19:07 +02:00

69 lines
2.1 KiB
Nix
Raw Blame History

{ config, ... }: {
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
sopsFile = ../../secrets/services/hydra.yaml;
};
services.hydra = {
enable = true;
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";
minimumDiskFree = 2;
useSubstitutes = true;
extraConfig = ''
store_uri = file:///var/cache/hydra?secret-key=${config.sops.secrets."services/hydra/signKey".path}&write-nar-listing=1&ls-compression=xz&log-compression=xz&want-mass-query=1&priority=41
upload_logs_to_binary_cache = true
server_store_uri = https://cache.kyouma.net
binary_cache_public_uri = https://cache.kyouma.net
'';
};
nix.buildMachines = [
{
hostName = "localhost";
sshUser = "build";
maxJobs = 40;
speedFactor = 40;
systems = [ "x86_64-linux" "x86_64-darwin" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = "/var/lib/hydra/id_ed25519";
}
{
hostName = "integra.kyouma.net";
sshUser = "build";
maxJobs = 4;
speedFactor = 8;
systems = [ "aarch64-linux" "aarch64-darwin" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = "/var/lib/hydra/id_ed25519";
}
];
nix.settings = {
allowed-uris = [
"github:"
"git+https://"
"git+ssh://"
];
};
programs.ssh = {
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
};
kyouma.nginx.virtualHosts = {
"hydra.kyouma.net" = {
locations."/" = {
proxyPass = "http://localhost:3000";
};
};
"cache.kyouma.net" = {
root = "/var/cache/hydra";
locations."= /" = {
return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg='
'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
security.acme.certs."cache.kyouma.net" = {};
security.acme.certs."hydra.kyouma.net" = {};
}
View git blame Copy permalink