blob: 413c1da1fa6da0b5240596ba703bfb66325b6076 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
{
config,
self,
...
}: let
hydraUser = config.users.users.hydra.name;
hydraGroup = config.users.users.hydra.group;
inherit (config.networking) domain hostName;
in {
config = {
age.secrets = let
commonArgs = {
mode = "440";
owner = hydraUser;
group = hydraGroup;
};
in {
"${hostName}2atlas" =
{
file = "${self}/secrets/hosts/${hostName}/${hostName}2atlas.age";
}
// commonArgs;
"hydraGH" =
{
file = "${self}/secrets/hosts/${hostName}/hydraGH.age";
}
// commonArgs;
};
services.hydra = {
enable = true;
hydraURL = "https://hydra.${domain}";
notificationSender = "hydra@${domain}";
listenHost = "localhost";
port = 6000;
useSubstitutes = true;
extraConfig = ''
Include ${config.age.secrets.hydraGH.path}
compress_build_logs = 1
queue_runner_metrics_address = 127.0.0.1:6002
<githubstatus>
jobs = .*
useShortContext = true
</githubstatus>
<hydra_notify>
<prometheus>
listen_address = 127.0.0.1
port = 6001
</prometheus>
</hydra_notify>
'';
extraEnv = {HYDRA_DISALLOW_UNFREE = "0";};
};
nix.settings.trusted-users = ["@${hydraGroup}"];
users.users = {
hydra-queue-runner.extraGroups = [hydraGroup];
hydra-www.extraGroups = [hydraGroup];
};
};
}
|
