forked from raito/shared-public-infra
82 lines
2.1 KiB
Nix
82 lines
2.1 KiB
Nix
{ pkgs, ... }: {
|
|
services.hydra = {
|
|
enable = true;
|
|
hydraURL = "https://hydra.newtype.fr";
|
|
notificationSender = "hydra@localhost";
|
|
buildMachinesFiles = [ "/etc/nix/machines" ];
|
|
useSubstitutes = true;
|
|
};
|
|
|
|
environment.systemPackages = [ pkgs.nix-prefetch-git ];
|
|
nix.trustedUsers = [ "hydra" "hydra-www" ];
|
|
|
|
services.postgresql = {
|
|
enableJIT = true;
|
|
settings = {
|
|
checkpoint_completion_target = "0.9";
|
|
default_statistics_target = 100;
|
|
|
|
max_connections = 500;
|
|
work_mem = "20MB";
|
|
maintenance_work_mem = "2GB";
|
|
|
|
shared_buffers = "8GB";
|
|
|
|
min_wal_size = "1GB";
|
|
max_wal_size = "2GB";
|
|
wal_buffers = "16MB";
|
|
|
|
max_worker_processes = 16;
|
|
max_parallel_workers_per_gather = 8;
|
|
max_parallel_workers = 16;
|
|
|
|
# NVMe related performance tuning
|
|
effective_io_concurrency = 200;
|
|
random_page_cost = "1.1";
|
|
|
|
# We can risk losing some transactions.
|
|
synchronous_commit = "off";
|
|
|
|
effective_cache_size = "16GB";
|
|
|
|
# autovacuum and autoanalyze much more frequently:
|
|
# at these values vacuum should run approximately
|
|
# every 2 mass rebuilds, or a couple times a day
|
|
# on the builds table. Some of those queries really
|
|
# benefit from frequent vacuums, so this should
|
|
# help. In particular, I'm thinking the jobsets
|
|
# pages.
|
|
autovacuum_vacuum_scale_factor = 0.002;
|
|
autovacuum_analyze_scale_factor = 0.001;
|
|
|
|
shared_preload_libraries = "pg_stat_statements";
|
|
compute_query_id = "on";
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "ryan@lahfa.xyz";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedZstdSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation =true;
|
|
recommendedTlsSettings = true;
|
|
recommendedProxySettings = true;
|
|
};
|
|
|
|
services.nginx.virtualHosts."hydra.newtype.fr" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
# TODO: remove compression for some locations
|
|
locations."/".proxyPass = "http://localhost:3000";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|