the-infra/services/hydra/default.nix

{ config, lib, ... }:

let
  cfg = config.bagel.services.hydra;

  narCacheDir = "/var/cache/hydra/nar-cache";
  port = 3000;

  mkCacheSettings = settings: builtins.concatStringsSep "&" (
    lib.mapAttrsToList (k: v: "${k}=${v}") settings
  );
in {
  options.bagel.services.hydra = with lib; {
    enable = mkEnableOption "Hydra coordinator";

    dbi = mkOption {
      type = types.str;
      description = "DBI connection string for the Hydra postgres database";
    };
  };

  config = lib.mkIf cfg.enable {
    systemd.tmpfiles.rules = [
      "d /var/cache/hydra 0755 hydra hydra -  -"
      "d ${narCacheDir}   0755 hydra hydra 1d -"
    ];

    # XXX: Otherwise services.hydra-dev overwrites it to only hydra-queue-runner...
    #
    # Can be removed once this is added to some common config template.
    nix.settings.trusted-users = [ "root" "@wheel" ];

    services.hydra-dev = {
      enable = true;

      listenHost = "localhost";
      port = port;
      dbi = cfg.dbi;

      hydraURL = "https://hydra.bagel.delroth.net";
      useSubstitutes = false;

      notificationSender = "bagel@delroth.net";

      extraConfig = ''
        store_uri = s3://bagel-cache?${mkCacheSettings {
          endpoint = "s3.delroth.net";
          region = "garage";

          secret-key = "TODO";

          compression = "zstd";
          log-compression = "br";
          ls-compression = "br";

          write-nar-listing = "1";
        }}

        server_store_uri = https://bagel-cache.s3-web.delroth.net?local-nar-cache=${narCacheDir}
        binary_cache_public_url = https://bagel-cache.s3-web.delroth.net
        log_prefix = https://bagel-cache.s3-web.delroth.net

        upload_logs_to_binary_cache = true

        evaluator_workers = 4
        evaluator_max_memory_size = 4096
        max_concurrent_evals = 1

        allow_import_from_derivation = false

        max_output_size = ${builtins.toString (3 * 1024 * 1024 * 1024)}
        max_db_connections = 100
      '';
    };

    services.nginx = {
      enable = true;
      enableReload = true;

      recommendedBrotliSettings = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;

      proxyTimeout = "900s";

      appendConfig = ''
        worker_processes auto;
      '';

      virtualHosts."hydra.bagel.delroth.net" = {
        forceSSL = true;
        enableACME = true;

        locations."/" = {
          proxyPass = "http://127.0.0.1:${builtins.toString port}";
        };

        locations."/static/" = {
          alias = "${config.services.hydra-dev.package}/libexec/hydra/root/static/";
        };
      };
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };
}
bagel-box: add postgres+hydra 2024-06-24 14:45:59 +00:00			`{ config, lib, ... }:`

			`let`
			`cfg = config.bagel.services.hydra;`

			`narCacheDir = "/var/cache/hydra/nar-cache";`
			`port = 3000;`

			`mkCacheSettings = settings: builtins.concatStringsSep "&" (`
			`lib.mapAttrsToList (k: v: "${k}=${v}") settings`
			`);`
			`in {`
			`options.bagel.services.hydra = with lib; {`
			`enable = mkEnableOption "Hydra coordinator";`

			`dbi = mkOption {`
			`type = types.str;`
			`description = "DBI connection string for the Hydra postgres database";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`systemd.tmpfiles.rules = [`
			`"d /var/cache/hydra 0755 hydra hydra - -"`
			`"d ${narCacheDir} 0755 hydra hydra 1d -"`
			`];`

			`# XXX: Otherwise services.hydra-dev overwrites it to only hydra-queue-runner...`
			`#`
			`# Can be removed once this is added to some common config template.`
			`nix.settings.trusted-users = [ "root" "@wheel" ];`

			`services.hydra-dev = {`
			`enable = true;`

			`listenHost = "localhost";`
			`port = port;`
			`dbi = cfg.dbi;`

			`hydraURL = "https://hydra.bagel.delroth.net";`
			`useSubstitutes = false;`

			`notificationSender = "bagel@delroth.net";`

			`extraConfig = ''`
			`store_uri = s3://bagel-cache?${mkCacheSettings {`
			`endpoint = "s3.delroth.net";`
			`region = "garage";`

			`secret-key = "TODO";`

			`compression = "zstd";`
			`log-compression = "br";`
			`ls-compression = "br";`

			`write-nar-listing = "1";`
			`}}`

			`server_store_uri = https://bagel-cache.s3-web.delroth.net?local-nar-cache=${narCacheDir}`
			`binary_cache_public_url = https://bagel-cache.s3-web.delroth.net`
			`log_prefix = https://bagel-cache.s3-web.delroth.net`

			`upload_logs_to_binary_cache = true`

			`evaluator_workers = 4`
			`evaluator_max_memory_size = 4096`
			`max_concurrent_evals = 1`

			`allow_import_from_derivation = false`

			`max_output_size = ${builtins.toString (3 * 1024 * 1024 * 1024)}`
			`max_db_connections = 100`
			`'';`
			`};`

			`services.nginx = {`
			`enable = true;`
			`enableReload = true;`

			`recommendedBrotliSettings = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`recommendedZstdSettings = true;`

			`proxyTimeout = "900s";`

			`appendConfig = ''`
			`worker_processes auto;`
			`'';`

			`virtualHosts."hydra.bagel.delroth.net" = {`
			`forceSSL = true;`
			`enableACME = true;`

			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${builtins.toString port}";`
			`};`

			`locations."/static/" = {`
			`alias = "${config.services.hydra-dev.package}/libexec/hydra/root/static/";`
			`};`
			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`};`
			`}`