-
Notifications
You must be signed in to change notification settings - Fork 13
/
nas-hydra.nix
100 lines (99 loc) · 3.12 KB
/
nas-hydra.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{ config, pkgs, lib, ... }:
let
passwords = import ./load-secrets.nix;
in {
users.users.hydra-www.extraGroups = [ "hydra" ];
systemd.services.hydra-queue-runner = {
serviceConfig = {
#ExecStart = lib.mkForce "@${config.services.hydra.package}/bin/hydra-queue-runner hydra-queue-runner -vvvvvv";
};
wantedBy = lib.mkForce [];
};
systemd.services.hydra-evaluator = {
path = [ pkgs.jq pkgs.gawk ];
environment.TMPDIR = "/dev/shm";
wantedBy = lib.mkForce [];
};
nix.extraOptions = ''
allowed-uris = https://github.com/input-output-hk/nixpkgs/archive/ https://github.com/nixos https://github.com/input-output-hk https://github.com/taktoa/nixpkgs
experimental-features = nix-command flakes
'';
nix.min-free = 10;
nix.max-free = 15;
nix.settings.auto-optimise-store = true;
services = {
postgresql = {
package = pkgs.postgresql_16;
identMap = ''
hydra-users clever clever
hydra-users root root
'';
};
hydra = {
useSubstitutes = true;
# package = hydra-fork;
enable = true;
hydraURL = "https://hydra.angeldsis.com";
notificationSender = "[email protected]";
minimumDiskFree = 2;
minimumDiskFreeEvaluator = 1;
listenHost = "localhost";
port = 3001;
extraConfig = with passwords; ''
binary_cache_secret_key_file = /etc/nix/keys/secret-key-file
store-uri = file:///nix/store?secret-key=/etc/nix/keys/secret-key-file
max_output_size = ${toString (1024*1024*1024*3)} # 3gig
max_concurrent_evals = 1
evaluator_initial_heap_size = ${toString (1024*1024*1024)} # 1gig
<github_authorization>
input-output-hk = ${token1}
cleverca22 = ${token1}
arcane-chat = ${token1}
haskell-capnp = ${token1}
zenhack = ${token1}
language-ninja = ${token1}
awakesecurity = ${token1}
zenhack = ${token2}
taktoa = ${token3}
</github_authorization>
<githubstatus>
jobs = toxvpn:toxvpn.*
inputs = toxvpn
excludeBuildFromContext = 1
</githubstatus>
<githubstatus>
jobs = not-os:notos.*
inputs = notos
excludeBuildFromContext = 1
</githubstatus>
<githubstatus>
jobs = haskell-capnp:zenhack.*
inputs = src
excludeBuildFromContext = 1
</githubstatus>
'';
};
nginx = {
virtualHosts = {
"hydra.angeldsis.com" = {
enableACME = false;
forceSSL = false;
locations = {
"/".extraConfig = ''
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 120;
'';
"/hydra-charter/" = {
alias = "/nas/private/hydra-charter/";
index = "index.htm";
};
};
};
};
};
};
}