2024-06-06 23:34:14 -04:00
|
|
|
{
|
|
|
|
|
config,
|
2025-03-26 02:43:56 -04:00
|
|
|
inputs,
|
2024-06-06 23:34:14 -04:00
|
|
|
...
|
|
|
|
|
}:
|
2024-06-22 22:33:07 -04:00
|
|
|
let
|
2024-06-22 23:03:20 -04:00
|
|
|
hydra_notify_prometheus_port = "9199";
|
|
|
|
|
hydra_queue_runner_prometheus_port = "9200";
|
2024-06-22 22:33:07 -04:00
|
|
|
in
|
2024-06-06 23:34:14 -04:00
|
|
|
{
|
|
|
|
|
systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
|
|
|
|
|
config.sops.secrets."hydra/environment".path;
|
|
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
allowed-uris = github: gitlab: git+https:// git+ssh:// https://
|
|
|
|
|
builders-use-substitutes = true
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
buildMachines = [
|
|
|
|
|
{
|
|
|
|
|
hostName = "localhost";
|
|
|
|
|
maxJobs = 2;
|
|
|
|
|
protocol = "ssh-ng";
|
|
|
|
|
speedFactor = 2;
|
|
|
|
|
systems = [
|
|
|
|
|
"x86_64-linux"
|
|
|
|
|
"aarch64-linux"
|
|
|
|
|
"i686-linux"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
supportedFeatures = [
|
|
|
|
|
"kvm"
|
|
|
|
|
"nixos-test"
|
|
|
|
|
"big-parallel"
|
|
|
|
|
"benchmark"
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
hydra = {
|
|
|
|
|
enable = true;
|
2025-03-26 02:46:25 -04:00
|
|
|
package = inputs.hydra.packages.x86_64-linux.hydra;
|
2024-07-07 23:50:55 -04:00
|
|
|
hydraURL = "https://hydra.alicehuston.xyz";
|
2024-06-06 23:34:14 -04:00
|
|
|
smtpHost = "alicehuston.xyz";
|
|
|
|
|
notificationSender = "hydra@alicehuston.xyz";
|
|
|
|
|
gcRootsDir = "/ZFS/ZFS-primary/hydra";
|
|
|
|
|
useSubstitutes = true;
|
|
|
|
|
buildMachinesFiles = [ ];
|
|
|
|
|
minimumDiskFree = 50;
|
|
|
|
|
minimumDiskFreeEvaluator = 100;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
<git-input>
|
|
|
|
|
timeout = 3600
|
|
|
|
|
</git-input>
|
2024-07-07 13:43:39 -04:00
|
|
|
<githubstatus>
|
2024-07-07 21:35:37 -04:00
|
|
|
# check hosts and any declared checks
|
2024-07-27 23:59:16 -04:00
|
|
|
jobs = (build-fork-hydra|nix-dotfiles-build):(pr-.*|branch-gh-readonly-queue-.*|branch-main):hosts
|
2024-07-07 21:41:40 -04:00
|
|
|
context = ci/hydra: hosts
|
|
|
|
|
inputs = nixexpr
|
|
|
|
|
useShortContext = true
|
|
|
|
|
excludeBuildFromContext = 1
|
|
|
|
|
</githubstatus>
|
|
|
|
|
<githubstatus>
|
|
|
|
|
# check hosts and any declared checks
|
2024-07-27 23:59:16 -04:00
|
|
|
jobs = (build-fork-hydra|nix-dotfiles-build):(pr-.*|branch-gh-readonly-queue-.*|branch-main):devChecks
|
2024-07-07 21:41:40 -04:00
|
|
|
context = ci/hydra: checks
|
2024-07-07 13:43:39 -04:00
|
|
|
inputs = nixexpr
|
2024-07-07 23:50:55 -04:00
|
|
|
useShortContext = true
|
2024-07-07 13:43:39 -04:00
|
|
|
excludeBuildFromContext = 1
|
|
|
|
|
</githubstatus>
|
2024-06-06 23:34:14 -04:00
|
|
|
Include ${config.sops.secrets."alice/gha-hydra-token".path}
|
2024-06-22 21:58:37 -04:00
|
|
|
<hydra_notify>
|
|
|
|
|
<prometheus>
|
|
|
|
|
listen_address = 127.0.0.1
|
2024-06-22 23:03:20 -04:00
|
|
|
port = ${hydra_notify_prometheus_port}
|
2024-06-22 21:58:37 -04:00
|
|
|
</prometheus>
|
|
|
|
|
</hydra_notify>
|
2024-06-22 23:08:48 -04:00
|
|
|
queue_runner_metrics_address = 127.0.0.1:${hydra_queue_runner_prometheus_port}
|
2024-06-06 23:34:14 -04:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2025-05-05 17:17:31 -04:00
|
|
|
# nix-serve = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
|
|
|
|
|
# };
|
2024-06-22 21:58:37 -04:00
|
|
|
prometheus = {
|
|
|
|
|
enable = true;
|
2024-06-22 23:08:48 -04:00
|
|
|
webExternalUrl = "https://prom.alicehuston.xyz";
|
2024-06-22 22:05:20 -04:00
|
|
|
port = 9001;
|
2024-06-22 21:58:37 -04:00
|
|
|
exporters.node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enabledCollectors = [ "systemd" ];
|
|
|
|
|
port = 9002;
|
|
|
|
|
};
|
|
|
|
|
scrapeConfigs = [
|
|
|
|
|
{
|
2024-06-22 22:33:07 -04:00
|
|
|
job_name = "palatine-hill";
|
|
|
|
|
static_configs = [
|
|
|
|
|
{ targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
job_name = "hydra-local";
|
2024-06-22 23:03:20 -04:00
|
|
|
static_configs = [
|
|
|
|
|
{
|
|
|
|
|
targets = [
|
|
|
|
|
"127.0.0.1:${hydra_notify_prometheus_port}"
|
|
|
|
|
"127.0.0.1:${hydra_queue_runner_prometheus_port}"
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-06-22 22:33:07 -04:00
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
job_name = "hydra-external";
|
|
|
|
|
scheme = "https";
|
|
|
|
|
static_configs = [ { targets = [ "hydra.alicehuston.xyz" ]; } ];
|
2024-06-22 21:58:37 -04:00
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-06-06 23:34:14 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
sops = {
|
|
|
|
|
secrets = {
|
|
|
|
|
"hydra/environment".owner = "hydra";
|
2025-05-05 17:17:31 -04:00
|
|
|
# "nix-serve/secret-key".owner = "root";
|
2024-06-06 23:34:14 -04:00
|
|
|
"alice/gha-hydra-token" = {
|
|
|
|
|
sopsFile = ../../users/alice/secrets.yaml;
|
|
|
|
|
owner = "hydra";
|
|
|
|
|
group = "hydra";
|
|
|
|
|
mode = "440";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
