hydraServer: init

author: Minijackson <minijackson@riseup.net> 2021-05-30 16:55:30 +0200
committer: Minijackson <minijackson@riseup.net> 2021-05-30 16:55:30 +0200
commit: b15e415ed43a9a3c98678e01da1a0c0e614b4bb9 (patch)
tree: 1d7e97dcaeb12810c396c2508970cb728f2f0671 /usecases/server
parent: a7ab178e828a5c5fd02df6eccd7e8153b28e3857 (diff)
download: nixos-config-reborn-b15e415ed43a9a3c98678e01da1a0c0e614b4bb9.tar.gz
nixos-config-reborn-b15e415ed43a9a3c98678e01da1a0c0e614b4bb9.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix
new file mode 100644
index 0000000..6fbbdee
--- /dev/null
+++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
+inputs:
+{ config, lib, pkgs, ... }:
+{
+  options = with lib; {
+    services.hydra.secretKeyLocation = mkOption {
+      type = types.str;
+      description = ''
+        Absolute location to the secret key used to sign builds
+      '';
+    };
+  };
+  config = {
+    services.hydra = {
+      enable = true;
+      #hydraURL = "https://hydra.huh.gdn";
+      #notificationSender = "hydra@huh.gdn";
+      buildMachinesFiles = [ ];
+      # Don't build *everything* from source
+      useSubstitutes = true;
+      extraConfig = ''
+        binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
+        store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
+      '';
+      package = pkgs.hydra-unstable;
+    };
+    nix.allowedUsers = [ "@hydra" ];
+    networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
+      config.services.hydra.port
+    ];
+  };
+}
author	Minijackson <minijackson@riseup.net>	2021-05-30 16:55:30 +0200
committer	Minijackson <minijackson@riseup.net>	2021-05-30 16:55:30 +0200
commit	b15e415ed43a9a3c98678e01da1a0c0e614b4bb9 (patch)
tree	1d7e97dcaeb12810c396c2508970cb728f2f0671 /usecases/server
parent	a7ab178e828a5c5fd02df6eccd7e8153b28e3857 (diff)
download	nixos-config-reborn-b15e415ed43a9a3c98678e01da1a0c0e614b4bb9.tar.gz nixos-config-reborn-b15e415ed43a9a3c98678e01da1a0c0e614b4bb9.zip

diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix new file mode 100644 index 0000000..6fbbdee --- /dev/null +++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
	1	inputs:
	2
	3	{ config, lib, pkgs, ... }:
	4
	5	{
	6	options = with lib; {
	7	services.hydra.secretKeyLocation = mkOption {
	8	type = types.str;
	9	description = ''
	10	Absolute location to the secret key used to sign builds
	11	'';
	12	};
	13	};
	14
	15	config = {
	16	services.hydra = {
	17	enable = true;
	18	#hydraURL = "https://hydra.huh.gdn";
	19	#notificationSender = "hydra@huh.gdn";
	20	buildMachinesFiles = [ ];
	21	# Don't build everything from source
	22	useSubstitutes = true;
	23	extraConfig = ''
	24	binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
	25	store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
	26	'';
	27	package = pkgs.hydra-unstable;
	28	};
	29
	30	nix.allowedUsers = [ "@hydra" ];
	31
	32	networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
	33	config.services.hydra.port
	34	];
	35	};
	36	}