shared-public-infra/modules/hydra/coordinator.nix

82 lines
2.1 KiB
Nix

{ pkgs, ... }: {
services.hydra = {
enable = true;
hydraURL = "https://hydra.newtype.fr";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ "/etc/nix/machines" ];
useSubstitutes = true;
};
environment.systemPackages = [ pkgs.nix-prefetch-git ];
nix.trustedUsers = [ "hydra" "hydra-www" ];
services.postgresql = {
enableJIT = true;
settings = {
checkpoint_completion_target = "0.9";
default_statistics_target = 100;
max_connections = 500;
work_mem = "20MB";
maintenance_work_mem = "2GB";
shared_buffers = "8GB";
min_wal_size = "1GB";
max_wal_size = "2GB";
wal_buffers = "16MB";
max_worker_processes = 16;
max_parallel_workers_per_gather = 8;
max_parallel_workers = 16;
# NVMe related performance tuning
effective_io_concurrency = 200;
random_page_cost = "1.1";
# We can risk losing some transactions.
synchronous_commit = "off";
effective_cache_size = "16GB";
# autovacuum and autoanalyze much more frequently:
# at these values vacuum should run approximately
# every 2 mass rebuilds, or a couple times a day
# on the builds table. Some of those queries really
# benefit from frequent vacuums, so this should
# help. In particular, I'm thinking the jobsets
# pages.
autovacuum_vacuum_scale_factor = 0.002;
autovacuum_analyze_scale_factor = 0.001;
shared_preload_libraries = "pg_stat_statements";
compute_query_id = "on";
};
};
security.acme = {
acceptTerms = true;
defaults.email = "ryan@lahfa.xyz";
};
services.nginx = {
enable = true;
recommendedZstdSettings = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation =true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
services.nginx.virtualHosts."hydra.newtype.fr" = {
forceSSL = true;
enableACME = true;
# TODO: remove compression for some locations
locations."/".proxyPass = "http://localhost:3000";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}