dalaing · October 3, 2018 01:16 · dalaing · Dec 12, 2017
diff --git a/gistfile1.txt b/gistfile1.txt
 { config, pkgs, ...}: {

  services.postfix = {
      enable = true;
      setSendmail = true;
  };

  services.postgresql = {
      enable = true;
      package = pkgs.postgresql;
      identMap =
        ''
          hydra-users hydra hydra
          hydra-users hydra-queue-runner hydra
          hydra-users hydra-www hydra
          hydra-users root postgres
          hydra-users postgres postgres
        '';
  };

  services.hydra = {
      enable = true;  
      hydraURL = "https://hydra.hostname";
      notificationSender = "hydra@hostname";
      extraConfig = ''
        store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/hostname/secret
        binary_cache_secret_key_file = /etc/nix/hostname/secret
        binary_cache_dir = /var/lib/hydra/cache
      ''; 
  };

  services.nginx.virtualHosts."hydra.hostname" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:3000";
  };

  systemd.services.hydra-manual-setup = {
    description = "Create Admin User for Hydra";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
    wantedBy = [ "multi-user.target" ];
    requires = [ "hydra-init.service" ];
    after = [ "hydra-init.service" ];
    environment = config.systemd.services.hydra-init.environment;
    script = ''
      if [ ! -e ~hydra/.setup-is-complete ]; then
        # create admin user (remember to change the password)
        /run/current-system/sw/bin/hydra-create-user admin --full-name 'admin' --email-address 'hydra@hostname' --password admin --role admin
        # create signing keys
        /run/current-system/sw/bin/install -d -m 551 /etc/nix/hostname
        /run/current-system/sw/bin/nix-store --generate-binary-cache-key hostname /etc/nix/hostname/secret /etc/nix/hostname/public
        /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hostname
        /run/current-system/sw/bin/chmod 440 /etc/nix/hostname/secret
        /run/current-system/sw/bin/chmod 444 /etc/nix/hostname/public
        # create cache
        /run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
        /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
        # done
        touch ~hydra/.setup-is-complete
      fi
    '';
  };

  nix.gc = {
    automatic = true;
    dates = "15 3 * * *";
  };

  nix.extraOptions = ''
    trusted-users = hydra hydra-evaluator hydra-queue-runner
    auto-optimise-store = true
  '';

  nix.buildMachines = [
    {
      hostName = "localhost";
      systems = [ "i686-linux" "x86_64-linux" ];
      maxJobs = 6;
      # for building VirtualBox VMs, you might need other features depending on what you are doing
      # supportedFeatures = ["kvm" "big-parallel"];
    }
  ];
 }
	{ config, pkgs, ...}: {

	services.postfix = {
	enable = true;
	setSendmail = true;
	};

	services.postgresql = {
	enable = true;
	package = pkgs.postgresql;
	identMap =
	''
	hydra-users hydra hydra
	hydra-users hydra-queue-runner hydra
	hydra-users hydra-www hydra
	hydra-users root postgres
	hydra-users postgres postgres
	'';
	};

	services.hydra = {
	enable = true;
	hydraURL = "https://hydra.hostname";
	notificationSender = "hydra@hostname";
	extraConfig = ''
	store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/hostname/secret
	binary_cache_secret_key_file = /etc/nix/hostname/secret
	binary_cache_dir = /var/lib/hydra/cache
	'';
	};

	services.nginx.virtualHosts."hydra.hostname" = {
	forceSSL = true;
	enableACME = true;
	locations."/".proxyPass = "http://localhost:3000";
	};

	systemd.services.hydra-manual-setup = {
	description = "Create Admin User for Hydra";
	serviceConfig.Type = "oneshot";
	serviceConfig.RemainAfterExit = true;
	wantedBy = [ "multi-user.target" ];
	requires = [ "hydra-init.service" ];
	after = [ "hydra-init.service" ];
	environment = config.systemd.services.hydra-init.environment;
	script = ''
	if [ ! -e ~hydra/.setup-is-complete ]; then
	# create admin user (remember to change the password)
	/run/current-system/sw/bin/hydra-create-user admin --full-name 'admin' --email-address 'hydra@hostname' --password admin --role admin
	# create signing keys
	/run/current-system/sw/bin/install -d -m 551 /etc/nix/hostname
	/run/current-system/sw/bin/nix-store --generate-binary-cache-key hostname /etc/nix/hostname/secret /etc/nix/hostname/public
	/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hostname
	/run/current-system/sw/bin/chmod 440 /etc/nix/hostname/secret
	/run/current-system/sw/bin/chmod 444 /etc/nix/hostname/public
	# create cache
	/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
	/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
	# done
	touch ~hydra/.setup-is-complete
	fi
	'';
	};

	nix.gc = {
	automatic = true;
	dates = "15 3 * * *";
	};

	nix.extraOptions = ''
	trusted-users = hydra hydra-evaluator hydra-queue-runner
	auto-optimise-store = true
	'';

	nix.buildMachines = [
	{
	hostName = "localhost";
	systems = [ "i686-linux" "x86_64-linux" ];
	maxJobs = 6;
	# for building VirtualBox VMs, you might need other features depending on what you are doing
	# supportedFeatures = ["kvm" "big-parallel"];
	}
	];
	}