ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
nix-dotfiles/systems/palatine-hill/hydra.nix
ahuston-0 ad9bad9fe2 add prometheus to hydra 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-07-19 22:53:06 +00:00

108 lines
2.6 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
{
systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
config.sops.secrets."hydra/environment".path;
nix = {
extraOptions = ''
allowed-uris = github: gitlab: git+https:// git+ssh:// https://
builders-use-substitutes = true
'';
buildMachines = [
{
hostName = "localhost";
maxJobs = 2;
protocol = "ssh-ng";
speedFactor = 2;
systems = [
"x86_64-linux"
"aarch64-linux"
"i686-linux"
];
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
}
];
};
services = {
hydra = {
enable = true;
hydraURL = "http://localhost:3000";
smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz";
gcRootsDir = "/ZFS/ZFS-primary/hydra";
useSubstitutes = true;
buildMachinesFiles = [ ];
minimumDiskFree = 50;
minimumDiskFreeEvaluator = 100;
extraConfig = ''
<git-input>
timeout = 3600
</git-input>
Include ${config.sops.secrets."alice/gha-hydra-token".path}
<hydra_notify>
<prometheus>
listen_address = 127.0.0.1
port = 9199
</prometheus>
</hydra_notify>
'';
};
nix-serve = {
enable = true;
secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
};
prometheus = {
enable = true;
exporters.node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
scrapeConfigs = [
{
job_name = "hydra";
static_configs = [ { targets = [ "127.0.0.1:9199" ]; } ];
}
];
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
];
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/E/y4UJQid6/0D9babh8l/3jTDJRXqZQ5rPcoxwm1j root@palatine-hill"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHtwvfXg/QFjMAjC4JRjlMAaGPgEfSyhpprNpqbGSJn hydra-queue-runner@palatine-hill"
];
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"hydra/environment".owner = "hydra";
"nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra";
group = "hydra";
mode = "440";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink