diff options
| author | seth <[email protected]> | 2023-05-29 01:15:01 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-29 01:30:28 -0400 |
| commit | 9c71189567163ef53acfbfd7c39384683a592290 (patch) | |
| tree | 42e749744ae58a167ae11aaffccd5be347d951cb /hosts | |
| parent | fea13c023a58315f6d4a3645edf4ead787f8d908 (diff) | |
!back to hercules-ci
hydra is a little annoying to configure, especially with features like
github prs
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/atlas/cachix.nix | 18 | ||||
| -rw-r--r-- | hosts/atlas/default.nix | 24 | ||||
| -rw-r--r-- | hosts/p-body/buildMachines.nix | 11 | ||||
| -rw-r--r-- | hosts/p-body/cachix.nix | 18 | ||||
| -rw-r--r-- | hosts/p-body/default.nix | 22 | ||||
| -rw-r--r-- | hosts/p-body/hydra.nix | 62 | ||||
| -rw-r--r-- | hosts/p-body/nginx.nix | 12 | ||||
| -rw-r--r-- | hosts/p-body/prometheus.nix | 2 | ||||
| -rw-r--r-- | hosts/profiles.nix | 2 |
9 files changed, 18 insertions, 153 deletions
diff --git a/hosts/atlas/cachix.nix b/hosts/atlas/cachix.nix deleted file mode 100644 index 1dc1830..0000000 --- a/hosts/atlas/cachix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: let - uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" '' - #!/bin/sh - set -euf - - OUT_END=$(echo ''${OUT_PATHS: -10}) - if [ "$OUT_END" == "-spec.json" ]; then - exit 0 - fi - - export HOME=/root - exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1 - ''; -in { - nix.extraOptions = '' - post-build-hook = ${uploadToCachix}/bin/upload-to-cachix - ''; -} diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index 0146b72..af0243a 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -1,12 +1,10 @@ { config, pkgs, - self, ... }: { imports = [ ./hardware-configuration.nix - ./cachix.nix ./miniflux.nix ./nginx.nix ./prometheus.nix @@ -20,13 +18,6 @@ hermetic = false; }; - age.secrets.authGH = { - file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; - mode = "440"; - owner = config.users.users.root.name; - group = config.users.groups.wheel.name; - }; - boot = { binfmt.emulatedSystems = ["x86_64-linux" "i686-linux"]; cleanTmpDir = true; @@ -36,6 +27,11 @@ getchoo.server = { secrets.enable = true; + + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; }; networking = { @@ -43,13 +39,7 @@ hostName = "atlas"; }; - nix = { - extraOptions = '' - !include ${config.age.secrets.authGH.path} - ''; - - settings.trusted-users = ["bob"]; - }; + nix.settings.trusted-users = ["bob"]; system.stateVersion = "22.11"; @@ -59,6 +49,7 @@ ]; in { root = {inherit openssh;}; + atlas = { extraGroups = ["wheel"]; isNormalUser = true; @@ -66,6 +57,7 @@ passwordFile = config.age.secrets.userPassword.path; inherit openssh; }; + bob = { isNormalUser = true; shell = pkgs.bash; diff --git a/hosts/p-body/buildMachines.nix b/hosts/p-body/buildMachines.nix index 0c7d6b0..c2b65b6 100644 --- a/hosts/p-body/buildMachines.nix +++ b/hosts/p-body/buildMachines.nix @@ -9,24 +9,14 @@ in { "${hostName}2atlas" = { file = "${self}/secrets/hosts/${hostName}/${hostName}2atlas.age"; mode = "600"; - owner = config.users.users.hydra-queue-runner.name; - inherit (config.users.users.hydra-queue-runner) group; }; }; nix = { buildMachines = [ { - hostName = "localhost"; - maxJobs = 2; - speedFactor = 100; - supportedFeatures = ["big-parallel" "benchmark" "kvm" "nixos-test"]; - systems = ["x86_64-linux" "i686-linux"]; - } - { hostName = "atlas"; maxJobs = 4; - speedFactor = 75; sshUser = "bob"; sshKey = config.age.secrets."${hostName}2atlas".path; supportedFeatures = ["benchmark" "big-parallel" "gccarch-armv8-a" "kvm" "nixos-test"]; @@ -34,7 +24,6 @@ in { } ]; - distributedBuilds = true; settings.builders-use-substitutes = true; }; } diff --git a/hosts/p-body/cachix.nix b/hosts/p-body/cachix.nix deleted file mode 100644 index 1dc1830..0000000 --- a/hosts/p-body/cachix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: let - uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" '' - #!/bin/sh - set -euf - - OUT_END=$(echo ''${OUT_PATHS: -10}) - if [ "$OUT_END" == "-spec.json" ]; then - exit 0 - fi - - export HOME=/root - exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1 - ''; -in { - nix.extraOptions = '' - post-build-hook = ${uploadToCachix}/bin/upload-to-cachix - ''; -} diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index e4368b4..4b00177 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -3,16 +3,13 @@ guzzle_api, modulesPath, pkgs, - self, ... }: { imports = [ (modulesPath + "/virtualisation/digital-ocean-image.nix") ./buildMachines.nix - ./cachix.nix ./forgejo.nix ./grafana.nix - ./hydra.nix ./loki.nix ./nginx.nix ./prometheus.nix @@ -26,24 +23,20 @@ hermetic = false; }; - age.secrets.authGH = { - file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; - mode = "440"; - owner = config.users.users.root.name; - inherit (config.users.users.hydra) group; - }; + getchoo.server = { + secrets.enable = true; - getchoo.server.secrets.enable = true; + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; + }; networking = { domain = "mydadleft.me"; hostName = "p-body"; }; - nix.extraOptions = '' - !include ${config.age.secrets.authGH.path} - ''; - services = { guzzle-api = { enable = true; @@ -68,6 +61,7 @@ ]; in { root = {inherit openssh;}; + p-body = { extraGroups = ["wheel"]; isNormalUser = true; diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix deleted file mode 100644 index 5ed44e2..0000000 --- a/hosts/p-body/hydra.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - hydra, - pkgs, - self, - ... -}: let - hydraGroup = config.users.users.hydra.group; - inherit (config.networking) domain hostName; -in { - age.secrets = { - "hydraGH" = { - file = "${self}/secrets/hosts/${hostName}/hydraGH.age"; - mode = "440"; - owner = config.users.users.hydra.name; - group = hydraGroup; - }; - }; - - # https://github.com/NixOS/nix/issues/2002#issuecomment-375270656 - nix.extraOptions = '' - allowed-uris = https:// http:// - ''; - - services.hydra = { - enable = true; - package = hydra.packages.${pkgs.system}.hydra; - hydraURL = "https://hydra.${domain}"; - notificationSender = "hydra@${domain}"; - listenHost = "localhost"; - port = 6000; - useSubstitutes = true; - extraConfig = '' - Include ${config.age.secrets.hydraGH.path} - - compress_build_logs = 1 - queue_runner_metrics_address = 127.0.0.1:6002 - - <githubstatus> - jobs = .* - excludeBuildFromContext = 1 - useShortContext = true - </githubstatus> - - <hydra_notify> - <prometheus> - listen_address = 127.0.0.1 - port = 6001 - </prometheus> - </hydra_notify> - ''; - extraEnv = {HYDRA_DISALLOW_UNFREE = "0";}; - }; - - nix.settings.trusted-users = ["@${hydraGroup}"]; - - users.users = { - ${hostName}.extraGroups = [hydraGroup]; - hydra-queue-runner.extraGroups = [hydraGroup]; - hydra-www.extraGroups = [hydraGroup]; - }; -} diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix index 8f2f0da..df887b3 100644 --- a/hosts/p-body/nginx.nix +++ b/hosts/p-body/nginx.nix @@ -40,18 +40,6 @@ in { locations = mkProxy "/" "3000"; }; - "hydra.${domain}" = { - enableACME = true; - addSSL = true; - - locations."/" = { - proxyPass = "http://localhost:${toString config.services.hydra.port}"; - extraConfig = '' - add_header Front-End-Https on; - ''; - }; - }; - "grafana.${domain}" = { enableACME = true; addSSL = true; diff --git a/hosts/p-body/prometheus.nix b/hosts/p-body/prometheus.nix index e65d828..26e9d0e 100644 --- a/hosts/p-body/prometheus.nix +++ b/hosts/p-body/prometheus.nix @@ -21,8 +21,6 @@ in { scrapeConfigs = [ (scrapeExporter "p-body" "localhost" "${toString config.services.prometheus.exporters.node.port}") (scrapeExporter "atlas" "atlas" "${toString config.services.prometheus.exporters.node.port}") - (scrapeExporter "p-body-hydra" "127.0.0.1" "6001") - (scrapeExporter "p-body-hydra-queue" "127.0.0.1" "6002") ]; }; diff --git a/hosts/profiles.nix b/hosts/profiles.nix index 13f5e44..99b6b09 100644 --- a/hosts/profiles.nix +++ b/hosts/profiles.nix @@ -73,11 +73,13 @@ in { { getchoo = { features.tailscale.enable = true; + server = { enable = true; services.promtail.enable = true; }; }; + nix.registry.nixpkgs.flake = nixpkgs-stable; } ]; |