Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
27681b1804a355d858b2107a8917ad1f99d1dddc
NixMachines/machines/hippocampus/servers/public/hydra.nix

90 lines
2.0 KiB
Nix
Raw Blame History

{config, pkgs, ...}: let
deploy-container = pkgs.writeScriptBin "deploy-nixos-container" ''
pushd $2
nixos-container update $1 --flake $2#$3
git reset --hard HEAD
git clean -fdx
git reflog expire --expire=now --all
git repack -ad # Remove dangling objects from packfiles
git prune # Remove dangling loose objects
popd
'';
in {
imports = [
# ./nix-serve.nix
];
services.hydra = {
enable = true;
hydraURL = "https://hydra.syzygial.cc";
port = 3500;
notificationSender = "hydra@localhost";
buildMachinesFiles = [];
useSubstitutes = true;
extraConfig = ''
<dynamicruncommand>
enable = 1
</dynamicruncommand>
'';
};
systemd.services.hydra = {
serviceConfig = {
RestartSec = "20s";
};
};
users.users."hydra" = {
openssh.authorizedKeys.keys = [
];
packages = [
];
};
# Deployment User
users.users.hydra-deploy = {
isNormalUser = true;
home = "/var/lib/hydra/deploy";
description = "Hydra Deployment User";
extraGroups = [ "hydra" ];
packages = [
deploy-container
];
};
# TODO: Configure authorizedKeys between
# hydra-queue-runner and hydra-deploy
security.sudo.extraRules = [
{
users = ["hydra-deploy"];
commands = [
{
command = "${deploy-container}/bin/deploy-nixos-container *";
options = ["NOPASSWD"];
}
];
}
];
networking.nat = {
enable = true;
internalInterfaces = [
"ve-newalan"
"ve-handyhelper"
];
externalInterface = "enp0s25";
enableIPv6 = true;
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 8;
}
];
services.caddy.virtualHosts = {
"hydra.syzygial.cc" = {
extraConfig = ''
reverse_proxy localhost:${toString config.services.hydra.port}
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink