diff options
Diffstat (limited to 'hosts/p-body')
| -rw-r--r-- | hosts/p-body/buildMachines.nix | 26 | ||||
| -rw-r--r-- | hosts/p-body/cachix.nix | 18 | ||||
| -rw-r--r-- | hosts/p-body/default.nix | 5 | ||||
| -rw-r--r-- | hosts/p-body/forgejo.nix | 4 | ||||
| -rw-r--r-- | hosts/p-body/hydra.nix | 64 | ||||
| -rw-r--r-- | hosts/p-body/nginx.nix | 29 | ||||
| -rw-r--r-- | hosts/p-body/p-body2atlas.pub | 1 | ||||
| -rw-r--r-- | hosts/p-body/prometheus.nix | 2 |
8 files changed, 136 insertions, 13 deletions
diff --git a/hosts/p-body/buildMachines.nix b/hosts/p-body/buildMachines.nix new file mode 100644 index 0000000..5facb2d --- /dev/null +++ b/hosts/p-body/buildMachines.nix @@ -0,0 +1,26 @@ +{config, ...}: let + inherit (config.networking) hostName; +in { + nix = { + buildMachines = [ + { + hostName = "localhost"; + speedFactor = -1; + supportedFeatures = ["big-parallel" "benchmark" "kvm" "nixos-test"]; + system = "x86_64-linux"; + } + { + hostName = "atlas"; + maxJobs = 4; + speedFactor = 2; + sshUser = "bob"; + sshKey = config.age.secrets."${hostName}2atlas".path; + supportedFeatures = ["benchmark" "big-parallel" "gccarch-armv8-a" "kvm" "nixos-test"]; + system = "aarch64-linux"; + } + ]; + + distributedBuilds = true; + settings.builders-use-substitutes = true; + }; +} diff --git a/hosts/p-body/cachix.nix b/hosts/p-body/cachix.nix new file mode 100644 index 0000000..1dc1830 --- /dev/null +++ b/hosts/p-body/cachix.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: let + uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" '' + #!/bin/sh + set -euf + + OUT_END=$(echo ''${OUT_PATHS: -10}) + if [ "$OUT_END" == "-spec.json" ]; then + exit 0 + fi + + export HOME=/root + exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1 + ''; +in { + nix.extraOptions = '' + post-build-hook = ${uploadToCachix}/bin/upload-to-cachix + ''; +} diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index 35cbabb..2892a15 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -7,8 +7,11 @@ }: { imports = [ (modulesPath + "/virtualisation/digital-ocean-image.nix") + ./buildMachines.nix + ./cachix.nix ./forgejo.nix ./grafana.nix + ./hydra.nix ./loki.nix ./nginx.nix ./prometheus.nix @@ -22,6 +25,8 @@ hermetic = false; }; + getchoo.server.secrets.enable = true; + networking = { domain = "mydadleft.me"; hostName = "p-body"; diff --git a/hosts/p-body/forgejo.nix b/hosts/p-body/forgejo.nix index 034dd5a..8955830 100644 --- a/hosts/p-body/forgejo.nix +++ b/hosts/p-body/forgejo.nix @@ -2,7 +2,7 @@ config, lib, pkgs, - nixpkgsUnstable, + nixpkgs, ... }: let theme = pkgs.fetchzip { @@ -22,7 +22,7 @@ in { domain = "git.${config.networking.domain}"; in { enable = true; - package = (import nixpkgsUnstable {inherit (pkgs) system;}).forgejo; + package = (import nixpkgs {inherit (pkgs) system;}).forgejo; inherit domain; rootUrl = "https://${domain}/"; appName = "forgejo: with daddy issues"; diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix new file mode 100644 index 0000000..56975b5 --- /dev/null +++ b/hosts/p-body/hydra.nix @@ -0,0 +1,64 @@ +{ + config, + self, + ... +}: let + hydraUser = config.users.users.hydra.name; + hydraGroup = config.users.users.hydra.group; + inherit (config.networking) domain hostName; +in { + config = { + age.secrets = let + commonArgs = { + mode = "440"; + owner = hydraUser; + group = hydraGroup; + }; + in { + "${hostName}2atlas" = + { + file = "${self}/secrets/hosts/${hostName}/${hostName}2atlas.age"; + } + // commonArgs; + + "hydraGH" = + { + file = "${self}/secrets/hosts/${hostName}/hydraGH.age"; + } + // commonArgs; + }; + + services.hydra = { + enable = true; + hydraURL = "https://hydra.${domain}"; + notificationSender = "hydra@${domain}"; + listenHost = "localhost"; + port = 6000; + useSubstitutes = true; + extraConfig = '' + Include ${config.age.secrets.hydraGH.path} + + compress_build_logs = 1 + queue_runner_metrics_address = 127.0.0.1:6002 + + <githubstatus> + jobs = .* + useShortContext = true + </githubstatus> + + <hydra_notify> + <prometheus> + listen_address = 127.0.0.1 + port = 6001 + </prometheus> + </hydra_notify> + ''; + extraEnv = {HYDRA_DISALLOW_UNFREE = "0";}; + }; + + users.users = { + hydra-queue-runner.extraGroups = [hydraGroup]; + hydra-www.extraGroups = [hydraGroup]; + }; + }; +} diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix index 51d06ed..8f2f0da 100644 --- a/hosts/p-body/nginx.nix +++ b/hosts/p-body/nginx.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: let +{config, ...}: let inherit (config.networking) domain; in { networking.firewall.allowedTCPPorts = [80 443]; @@ -15,8 +11,6 @@ in { services.nginx = { enable = true; - additionalModules = [pkgs.nginxModules.fancyindex]; - recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; @@ -27,28 +21,41 @@ in { virtualHosts = let mkProxy = endpoint: port: { "${endpoint}" = { - proxyPass = "http://127.0.0.1:${port}"; + proxyPass = "http://localhost:${port}"; proxyWebsockets = true; }; }; in { "api.${domain}" = { enableACME = true; - serverAliases = ["www.api.${domain}"]; + addSSL = true; locations = mkProxy "/" "8080"; }; "git.${domain}" = { enableACME = true; - serverAliases = ["www.git.${domain}"]; + addSSL = true; locations = mkProxy "/" "3000"; }; + "hydra.${domain}" = { + enableACME = true; + addSSL = true; + + locations."/" = { + proxyPass = "http://localhost:${toString config.services.hydra.port}"; + extraConfig = '' + add_header Front-End-Https on; + ''; + }; + }; + "grafana.${domain}" = { enableACME = true; - serverAliases = ["www.grafana.${domain}"]; + addSSL = true; + locations = mkProxy "/" "4000"; }; }; diff --git a/hosts/p-body/p-body2atlas.pub b/hosts/p-body/p-body2atlas.pub new file mode 100644 index 0000000..100f9ab --- /dev/null +++ b/hosts/p-body/p-body2atlas.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtbxHjDADxqsG+AgCoiDq0uCsgcnJCIH+9rB6K5pIi9 p-body@p-body diff --git a/hosts/p-body/prometheus.nix b/hosts/p-body/prometheus.nix index 26e9d0e..e65d828 100644 --- a/hosts/p-body/prometheus.nix +++ b/hosts/p-body/prometheus.nix @@ -21,6 +21,8 @@ in { scrapeConfigs = [ (scrapeExporter "p-body" "localhost" "${toString config.services.prometheus.exporters.node.port}") (scrapeExporter "atlas" "atlas" "${toString config.services.prometheus.exporters.node.port}") + (scrapeExporter "p-body-hydra" "127.0.0.1" "6001") + (scrapeExporter "p-body-hydra-queue" "127.0.0.1" "6002") ]; }; |