!hercules-ci -> hydra

author: seth <[email protected]> 2023-05-22 02:35:15 -0400
committer: seth <[email protected]> 2023-05-23 11:05:28 -0400
commit: 630934a2631d9429b4e46c1b6ec0f6640f332384 (patch)
tree: d8bd14cafb0ac382625bc5dca79b84d497e9bab7 /hosts/p-body
parent: 2cb6cfab9553184c1e6a10303cb832fe96080d00 (diff)
8 files changed, 136 insertions, 13 deletions
diff --git a/hosts/p-body/buildMachines.nix b/hosts/p-body/buildMachines.nix
new file mode 100644
index 0000000..5facb2d
--- /dev/null
+++ b/hosts/p-body/buildMachines.nix
@@ -0,0 +1,26 @@
+{config, ...}: let
+  inherit (config.networking) hostName;
+in {
+  nix = {
+    buildMachines = [
+      {
+        hostName = "localhost";
+        speedFactor = -1;
+        supportedFeatures = ["big-parallel" "benchmark" "kvm" "nixos-test"];
+        system = "x86_64-linux";
+      }
+      {
+        hostName = "atlas";
+        maxJobs = 4;
+        speedFactor = 2;
+        sshUser = "bob";
+        sshKey = config.age.secrets."${hostName}2atlas".path;
+        supportedFeatures = ["benchmark" "big-parallel" "gccarch-armv8-a" "kvm" "nixos-test"];
+        system = "aarch64-linux";
+      }
+    ];
+
+    distributedBuilds = true;
+    settings.builders-use-substitutes = true;
+  };
+}
diff --git a/hosts/p-body/cachix.nix b/hosts/p-body/cachix.nix
new file mode 100644
index 0000000..1dc1830
--- /dev/null
+++ b/hosts/p-body/cachix.nix
@@ -0,0 +1,18 @@
+{pkgs, ...}: let
+  uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" ''
+    #!/bin/sh
+    set -euf
+
+    OUT_END=$(echo ''${OUT_PATHS: -10})
+    if [ "$OUT_END" == "-spec.json" ]; then
+    exit 0
+    fi
+
+    export HOME=/root
+    exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1
+  '';
+in {
+  nix.extraOptions = ''
+    post-build-hook = ${uploadToCachix}/bin/upload-to-cachix
+  '';
+}
diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index 35cbabb..2892a15 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -7,8 +7,11 @@
 }: {
   imports = [
     (modulesPath + "/virtualisation/digital-ocean-image.nix")
+    ./buildMachines.nix
+    ./cachix.nix
     ./forgejo.nix
     ./grafana.nix
+    ./hydra.nix
     ./loki.nix
     ./nginx.nix
     ./prometheus.nix
@@ -22,6 +25,8 @@
     hermetic = false;
   };
 
+  getchoo.server.secrets.enable = true;
+
   networking = {
     domain = "mydadleft.me";
     hostName = "p-body";
diff --git a/hosts/p-body/forgejo.nix b/hosts/p-body/forgejo.nix
index 034dd5a..8955830 100644
--- a/hosts/p-body/forgejo.nix
+++ b/hosts/p-body/forgejo.nix
@@ -2,7 +2,7 @@
   config,
   lib,
   pkgs,
-  nixpkgsUnstable,
+  nixpkgs,
   ...
 }: let
   theme = pkgs.fetchzip {
@@ -22,7 +22,7 @@ in {
     domain = "git.${config.networking.domain}";
   in {
     enable = true;
-    package = (import nixpkgsUnstable {inherit (pkgs) system;}).forgejo;
+    package = (import nixpkgs {inherit (pkgs) system;}).forgejo;
     inherit domain;
     rootUrl = "https://${domain}/";
     appName = "forgejo: with daddy issues";
diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix
new file mode 100644
index 0000000..56975b5
--- /dev/null
+++ b/hosts/p-body/hydra.nix
@@ -0,0 +1,64 @@
+{
+  config,
+  self,
+  ...
+}: let
+  hydraUser = config.users.users.hydra.name;
+  hydraGroup = config.users.users.hydra.group;
+  inherit (config.networking) domain hostName;
+in {
+  config = {
+    age.secrets = let
+      commonArgs = {
+        mode = "440";
+        owner = hydraUser;
+        group = hydraGroup;
+      };
+    in {
+      "${hostName}2atlas" =
+        {
+          file = "${self}/secrets/hosts/${hostName}/${hostName}2atlas.age";
+        }
+        // commonArgs;
+
+      "hydraGH" =
+        {
+          file = "${self}/secrets/hosts/${hostName}/hydraGH.age";
+        }
+        // commonArgs;
+    };
+
+    services.hydra = {
+      enable = true;
+      hydraURL = "https://hydra.${domain}";
+      notificationSender = "hydra@${domain}";
+      listenHost = "localhost";
+      port = 6000;
+      useSubstitutes = true;
+      extraConfig = ''
+        Include ${config.age.secrets.hydraGH.path}
+
+        compress_build_logs = 1
+        queue_runner_metrics_address = 127.0.0.1:6002
+
+        <githubstatus>
+        	jobs = .*
+        	useShortContext = true
+        </githubstatus>
+
+        <hydra_notify>
+          <prometheus>
+            listen_address = 127.0.0.1
+         	  port = 6001
+          </prometheus>
+        </hydra_notify>
+      '';
+      extraEnv = {HYDRA_DISALLOW_UNFREE = "0";};
+    };
+
+    users.users = {
+      hydra-queue-runner.extraGroups = [hydraGroup];
+      hydra-www.extraGroups = [hydraGroup];
+    };
+  };
+}
diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix
index 51d06ed..8f2f0da 100644
--- a/hosts/p-body/nginx.nix
+++ b/hosts/p-body/nginx.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
+{config, ...}: let
   inherit (config.networking) domain;
 in {
   networking.firewall.allowedTCPPorts = [80 443];
@@ -15,8 +11,6 @@ in {
   services.nginx = {
     enable = true;
 
-    additionalModules = [pkgs.nginxModules.fancyindex];
-
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -27,28 +21,41 @@ in {
     virtualHosts = let
       mkProxy = endpoint: port: {
         "${endpoint}" = {
-          proxyPass = "http://127.0.0.1:${port}";
+          proxyPass = "http://localhost:${port}";
           proxyWebsockets = true;
         };
       };
     in {
       "api.${domain}" = {
         enableACME = true;
-        serverAliases = ["www.api.${domain}"];
+        addSSL = true;
 
         locations = mkProxy "/" "8080";
       };
 
       "git.${domain}" = {
         enableACME = true;
-        serverAliases = ["www.git.${domain}"];
+        addSSL = true;
 
         locations = mkProxy "/" "3000";
       };
 
+      "hydra.${domain}" = {
+        enableACME = true;
+        addSSL = true;
+
+        locations."/" = {
+          proxyPass = "http://localhost:${toString config.services.hydra.port}";
+          extraConfig = ''
+            add_header Front-End-Https on;
+          '';
+        };
+      };
+
       "grafana.${domain}" = {
         enableACME = true;
-        serverAliases = ["www.grafana.${domain}"];
+        addSSL = true;
+
         locations = mkProxy "/" "4000";
       };
     };
diff --git a/hosts/p-body/p-body2atlas.pub b/hosts/p-body/p-body2atlas.pub
new file mode 100644
index 0000000..100f9ab
--- /dev/null
+++ b/hosts/p-body/p-body2atlas.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtbxHjDADxqsG+AgCoiDq0uCsgcnJCIH+9rB6K5pIi9 p-body@p-body
diff --git a/hosts/p-body/prometheus.nix b/hosts/p-body/prometheus.nix
index 26e9d0e..e65d828 100644
--- a/hosts/p-body/prometheus.nix
+++ b/hosts/p-body/prometheus.nix
@@ -21,6 +21,8 @@ in {
     scrapeConfigs = [
       (scrapeExporter "p-body" "localhost" "${toString config.services.prometheus.exporters.node.port}")
       (scrapeExporter "atlas" "atlas" "${toString config.services.prometheus.exporters.node.port}")
+      (scrapeExporter "p-body-hydra" "127.0.0.1" "6001")
+      (scrapeExporter "p-body-hydra-queue" "127.0.0.1" "6002")
     ];
   };
author	seth <[email protected]>	2023-05-22 02:35:15 -0400
committer	seth <[email protected]>	2023-05-23 11:05:28 -0400
commit	630934a2631d9429b4e46c1b6ec0f6640f332384 (patch)
tree	d8bd14cafb0ac382625bc5dca79b84d497e9bab7 /hosts/p-body
parent	2cb6cfab9553184c1e6a10303cb832fe96080d00 (diff)