wip! wip! latest version of buildbot

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

flake.lock

@@ -64,16 +64,16 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1721397579,
-        "narHash": "sha256-h0njWQRvtkjK0NJ/Kgj76sXBhWwq5HGJm7OMcigmNw4=",
-        "ref": "refs/heads/refactor",
-        "rev": "c49e591ae59b5d01d3f5d8e59310244dd5da7446",
-        "revCount": 267,
+        "lastModified": 1721685540,
+        "narHash": "sha256-sIFaurUhoxZBahwfXpHRfMk41FexvULOe03qRBe7uiA=",
+        "ref": "refs/heads/non-flakes",
+        "rev": "3c903f14c25d87f4fb0b3a0ee7e860b6fa5b2d96",
+        "revCount": 290,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
       },
       "original": {
-        "ref": "refs/heads/refactor",
+        "ref": "refs/heads/non-flakes",
         "type": "git",
         "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
       }
@@ -258,11 +258,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721210741,
-        "narHash": "sha256-jAFXbe8CA6S25NmAwncidyPgBvLK7a8dcj8AdRGaxUY=",
+        "lastModified": 1721682989,
+        "narHash": "sha256-kjJiZ7m4HKqbZ2mxNQiB32/goKFb8BRi8OqC4wIU0OI=",
         "ref": "refs/heads/main",
-        "rev": "b0e9b4b2f99f9d8f5c4e780e89f955c394b5ced4",
-        "revCount": 4181,
+        "rev": "4b107e6ff36bd89958fba36e0fe0340903e7cd13",
+        "revCount": 4190,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/hydra.git"
       },

flake.nix

@@ -17,7 +17,7 @@
     nix-gerrit.url = "git+https://git.lix.systems/the-distro/nix-gerrit.git";
     nix-gerrit.inputs.nixpkgs.follows = "nixpkgs";
 
-    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/refactor";
+    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/non-flakes";
     buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
 
     lix.follows = "hydra/lix";

hosts/bagel-box/default.nix

@@ -40,8 +40,8 @@
 
     hydra.enable = true;
     hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
-    # Takes 4 builders (0 → 3).
-    hydra.builders = lib.genList (i: "builder-${builtins.toString i}") 4;
+    # Takes 10 builders (0 → 9).
+    hydra.builders = lib.genList (i: "builder-${builtins.toString i}") 10;
 
     ofborg.enable = true;
   };

hosts/gerrit01/default.nix

@@ -51,7 +51,7 @@
       name = "nixpkgs-${branchName}";
       fromUri = "https://github.com/NixOS/nixpkgs";
       fromRefspec = branchName;
-      localRefspec = "refs/remotes/origin/${branchName}";
+      localRefspec = branchName;
       inherit timer;
     };
     in
@@ -66,22 +66,37 @@
       branchName = "master";
     };
 
+    branches."refs/heads/staging" = mkNixpkgsJob {
+      timer = "hourly";
+      branchName = "staging";
+    };
+
     branches."refs/heads/release-24.05" = mkNixpkgsJob {
       timer = "hourly";
       branchName = "release-24.05";
     };
 
+    branches."refs/heads/staging-24.05" = mkNixpkgsJob {
+      timer = "hourly";
+      branchName = "staging-24.05";
+    };
+
     branches."refs/heads/release-23.11" = mkNixpkgsJob {
       timer = "hourly";
       branchName = "release-23.11";
     };
 
+    branches."refs/heads/staging-23.11" = mkNixpkgsJob {
+      timer = "hourly";
+      branchName = "staging-23.11";
+    };
+
     # Testing jobs for personal sandbox branches
     branches."refs/heads/sandbox/raito/raito-unstable-small" = {
       name = "raito-unstable-sync";
       fromUri = "https://github.com/NixOS/nixpkgs";
       fromRefspec = "nixos-unstable-small";
-      localRefspec = "refs/remotes/origin/sandbox/raito/raito-unstable-small";
+      localRefspec = "sandbox/raito/raito-unstable-small";
       timer = "*-*-* 12:00:00";
     };
 
@@ -89,7 +104,7 @@
       name = "raito-release-sync";
       fromUri = "https://github.com/NixOS/nixpkgs";
       fromRefspec = "nixos-24.05";
-      localRefspec = "refs/remotes/origin/sandbox/raito/raito-nixos-24.05";
+      localRefspec = "sandbox/raito/raito-nixos-24.05";
       timer = "daily";
     };
   };

services/baremetal-builder/default.nix

@@ -57,6 +57,16 @@ in
       fsType = "xfs";
     };
 
+    fileSystems."/mnt" = {
+      device = "/dev/disk/by-label/hydra";
+      fsType = "xfs";
+    };
+    # We want the tmp filesystem on the same filesystem as the hydra store, so that builds can use reflinks
+    fileSystems."/tmp" = {
+      device = "/mnt/tmp";
+      options = [ "bind" ];
+    };
+
     fileSystems."/boot" = {
       device = "/dev/disk/by-label/BOOT";
       fsType = "vfat";
@@ -135,6 +145,14 @@ in
       MaxStartups = "500:30:1000";
     };
 
+    systemd.services.hydra-gc = {
+      description = "Nix Garbage Collector";
+      script = "exec ${config.nix.package.out}/bin/nix-store --gc --store /mnt";
+      serviceConfig.Type = "oneshot";
+      serviceConfig.User = "builder";
+      startAt = "*-*-* 00/8:00:00";
+    };
+    systemd.timers.hydra-gc.timerConfig.Persistent = true;
 
     bagel.sysadmin.enable = true;
 

services/buildbot/default.nix

@@ -32,7 +32,11 @@ in
     age.secrets.buildbot-workers.file = ../../secrets/buildbot-workers.age;
     age.secrets.buildbot-service-key.file = ../../secrets/buildbot-service-key.age;
     age.secrets.buildbot-signing-key.file = ../../secrets/buildbot-signing-key.age;
-    age.secrets.buildbot-remote-builder-key.file = ../../secrets/buildbot-remote-builder-key.age;
+    age.secrets.buildbot-remote-builder-key = {
+      file = ../../secrets/buildbot-remote-builder-key.age;
+      owner = "buildbot-worker";
+      group = "buildbot-worker";
+    };
 
     services.nginx.virtualHosts.${cfg.domain} = {
       forceSSL = true;
@@ -58,7 +62,7 @@ in
             (_: lib.foldl' lib.add 0)
             (lib.concatMap
               (m: map (s: { ${s} = m.maxJobs; }) m.systems)
-              config.nix.buildMachines))
+              config.services.buildbot-nix.coordinator.buildMachines))
         );
     };
 
@@ -67,6 +71,8 @@ in
 
       inherit (cfg) domain;
 
+      debugging.enable = true;
+
       oauth2 = {
         name = "Lix";
         clientId = "forkos-buildbot";

services/gerrit/one-way-sync.nix

@@ -13,10 +13,11 @@ let
     };
   };
   mkSyncService = targetRef: { name, fromUri, fromRefspec, localRefspec, ... }: {
-    path = [ pkgs.gitFull pkgs.openssh ];
+    path = [ pkgs.gitFull pkgs.openssh pkgs.lix ];
     script = ''
-      set -x
-      trap "git worktree prune && git worktree remove -f ${name}" EXIT
+      set -xe
+      RUNTIME_DIRECTORY="/run/onewaysync-${name}"
+      trap "git worktree remove -f "$RUNTIME_DIRECTORY"/${name}" EXIT
 
       if [ ! -d "/var/lib/onewaysync/nixpkgs" ]; then
         echo "First run, synchronizing nixpkgs..."
@@ -26,20 +27,30 @@ let
       cd /var/lib/onewaysync/nixpkgs
       echo "Syncing ${fromUri}:${fromRefspec} to /var/lib/onewaysync/nixpkgs:${targetRef}"
       echo "Current ref: $EXPECTED_REF"
-      git worktree add -f ${cfg.workingDir}/${name} ${localRefspec}
-      cd ${cfg.workingDir}/${name}
-      git pull origin ${fromRefspec}
-      EXPECTED_REF=$(git rev-list ${localRefspec} | head -1)
+      git worktree add -f "$RUNTIME_DIRECTORY"/${name} refs/remotes/origin/${localRefspec}
+      cd "$RUNTIME_DIRECTORY"/${name}
+      git pull origin ${localRefspec}
+      EXPECTED_REF=$(git rev-list refs/remotes/origin/${localRefspec} | head -1)
+      git config user.name Fork-o-Tron
+      git config user.email noreply@forkos.org
       git fetch ${fromUri} ${fromRefspec}
-      git rebase FETCH_HEAD
-      GIT_SSH_COMMAND='ssh -i ${cfg.deployKeyPath}' git push ${cfg.pushUrl} HEAD:${targetRef} --force-with-lease=${targetRef}:$EXPECTED_REF --force-if-includes
+    '' + lib.optionalString (!(lib.hasInfix "staging" localRefspec)) ''
+      OLD_STDENV=$(nix eval -f . stdenv.outPath --store "$RUNTIME_DIRECTORY")
+    '' + ''
+      git merge FETCH_HEAD
+    '' + lib.optionalString (!(lib.hasInfix "staging" localRefspec)) ''
+      NEW_STDENV=$(nix eval -f . stdenv.outPath --store "$RUNTIME_DIRECTORY")
+      # Do not allow auto-merging a staging iteration
+      test "$OLD_STDENV" = "$NEW_STDENV"
+    '' + ''
+      GIT_SSH_COMMAND='ssh -i ${cfg.deployKeyPath}' git push ${cfg.pushUrl} HEAD:${targetRef}
     '';
     serviceConfig = {
       User = "git";
       Group = "git";
       Type = "oneshot";
-      RuntimeDirectory = "onewaysync";
-      WorkingDirectory = cfg.workingDir;
+      RuntimeDirectory = "onewaysync-${name}";
+      WorkingDirectory = "/run/onewaysync-${name}";
       StateDirectory = "onewaysync";
     };
   };

services/hydra/default.nix

@@ -14,7 +14,7 @@ let
   # XXX: to support Nix's dumb public host key syntax (base64'd), this outputs
   # a string with shell-style command interpolations: $(...).
   mkBaremetalBuilder = { parallelBuilds, publicHostKey, host, speedFactor ? 1, user ? "builder", supportedSystems ? [ "i686-linux" "x86_64-linux" ], supportedFeatures ? [ "big-parallel" "kvm" "nixos-test" ] }:
-  "ssh://${user}@${host} ${lib.concatStringsSep "," supportedSystems} ${config.age.secrets.hydra-ssh-key-priv.path} ${toString parallelBuilds} ${toString speedFactor} ${lib.concatStringsSep "," supportedFeatures} - $(echo -n '${publicHostKey}' | base64 -w0)";
+  "ssh://${user}@${host}?remote-store=/mnt ${lib.concatStringsSep "," supportedSystems} ${config.age.secrets.hydra-ssh-key-priv.path} ${toString parallelBuilds} ${toString speedFactor} ${lib.concatStringsSep "," supportedFeatures} - $(echo -n '${publicHostKey}' | base64 -w0)";
 
   # TODO:
   # - generalize to new architectures
@@ -117,7 +117,7 @@ in {
 
         upload_logs_to_binary_cache = true
 
-        evaluator_workers = 4
+        evaluator_workers = 16
         evaluator_max_memory_size = 4096
         max_concurrent_evals = 1
 

terraform/hydra.nix

@@ -32,6 +32,45 @@ in
       visible = true;
     };
 
+    resource.hydra_jobset.k900-experiments = {
+      project = config.resource.hydra_project.forkos.name;
+      state = "enabled";
+      visible = true;
+      name = "nixpkgs-experiments";
+      type = "legacy";
+      description = "experiments branch to test things for K900";
+
+      nix_expression = {
+        file = "nixos/release.nix";
+        input = "nixpkgs";
+      };
+
+      check_interval = 0;
+      scheduling_shares = 3000;
+      keep_evaluations = 3;
+
+      email_notifications = false;
+
+      input = [
+        {
+          name = "nixpkgs";
+          type = "git";
+          value = "https://github.com/nixos/nixpkgs 03ff49192b044786362c8c94d8501eac5c6eada4";
+          notify_committers = false;
+        }
+        {
+          name = "officialRelease";
+          type = "boolean";
+          value = false;
+        }
+        {
+          name = "supportedSystems";
+          type = "nix";
+          value = ''[ "x86_64-linux" ]'';
+        }
+      ];
+    };
+
     resource.hydra_jobset.raito-nixos-rolling-small = {
       project = config.resource.hydra_project.forkos.name;
       state = "enabled";
@@ -165,5 +204,45 @@ in
 
       email_notifications = false;
     };
+
+    resource.hydra_jobset.yureka-staging-test = {
+      project = config.resource.hydra_project.forkos.name;
+      state = "enabled";
+      visible = true;
+      name = "yureka-staging-test";
+      type = "legacy";
+      description = "staging branch for yureka-nixos";
+
+      nix_expression = {
+        file = "pkgs/top-level/release.nix";
+        input = "nixpkgs";
+      };
+
+      check_interval = 0;
+      scheduling_shares = 3000;
+      keep_evaluations = 3;
+
+      email_notifications = false;
+
+      input = [
+        {
+          name = "nixpkgs";
+          type = "git";
+          value = "https://cl.forkos.org/nixpkgs sandbox/yureka/staging-test";
+          notify_committers = false;
+        }
+        {
+          name = "officialRelease";
+          type = "boolean";
+          value = "false";
+          notify_committers = false;
+        }
+        {
+          name = "supportedSystems";
+          type = "nix";
+          value = ''[ "x86_64-linux" ]'';
+        }
+      ];
+    };
   };
 }