summaryrefslogtreecommitdiff
path: root/config/hydra.nix
blob: 5ebc605fa34352be278bce344e07405811e266b7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

{ config, lib, pkgs, ... }:
let hydraPort = (import ../data/aliases.nix).services.hydra.port;
in {
  networking.firewall.allowedTCPPorts = [ hydraPort ];

  virtualisation.virtualbox.host.enable = true;

  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.orbekk.com";
    notificationSender = "kj+hydra@orbekk.com";
    buildMachinesFiles = [ ];
    useSubstitutes = true;
    port = hydraPort;
    extraConfig = ''
      store-uri = file:///nix/store?secret-key=/opt/secret/hydra_key/hydra.orbekk.com-1/secret
    '';
  };

  # From https://github.com/input-output-hk/iohk-nixops
  systemd.services.hydra-manual-setup = {
    description = "Create Keys for Hydra";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
    wantedBy = [ "multi-user.target" ];
    requires = [ "hydra-init.service" ];
    after = [ "hydra-init.service" ];
    environment = lib.mkForce config.systemd.services.hydra-init.environment;
    script = ''
      if [ ! -e /opt/secret/hydra_key/initialized ]; then
        # create signing keys
        /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1
        /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public
        /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key
        /run/current-system/sw/bin/chmod 440 /opt/secret/hydra_key/hydra.orbekk.com-1/secret
        /run/current-system/sw/bin/chmod 444 /opt/secret/hydra_key/hydra.orbekk.com-1/public
        # done
        touch /opt/secret/hydra_key/initialized
      fi
    '';
  };

  nix = {
    distributedBuilds = true;
    nrBuildUsers = 30;
    # Enable this if I run low on disk.
    gc.automatic = lib.mkForce false;
    buildMachines = [{
      hostName = "localhost";
      systems = [ "x86_64-linux" "i686-linux" ];
      maxJobs = "16";
      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
    }];
    extraOptions = "auto-optimise-store = true";
  };
  nixpkgs.config = { allowUnfree = true; };
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 22:10:49 +0000