julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Setup builder as cache and activate hydra

Browse Source
This commit is contained in:
Julian Mutter 2024-12-18 15:48:58 +01:00
parent 4c8a559c92
commit b6dbe5afc7
2 changed files with 102 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/nixos/builder/default.nix
View File

@ -29,10 +29,14 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nix.distributedBuilds = true;
nix.settings.builders-use-substitutes = true;
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "builder.julian-mutter.de"; hostName = "builder.julian-mutter.de";
protocol = "ssh"; protocol = "ssh";
sshUser = "nix";
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
@ -48,8 +52,5 @@ in
mandatoryFeatures = [ ]; mandatoryFeatures = [ ];
} }
]; ];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
# nix.extraOptions = " builders-use-substitutes = true\n";
}; };
} }

99
systems/x86_64-linux/builder/default.nix
View File

@ -48,7 +48,6 @@
]; ];
}; };
nix.settings.trusted-users = [ "@wheel" ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
@ -61,6 +60,10 @@
"https://cache.nixos.org/" "https://cache.nixos.org/"
]; ];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
trusted-users = [ "nix" ];
max-jobs = "auto";
cores = 0;
}; };
# optimize store by hardlinking store files # optimize store by hardlinking store files
@ -89,6 +92,15 @@
# linuxPackages.amdgpu-pro # linuxPackages.amdgpu-pro
]; ];
nix.nrBuildUsers = 64;
# prevent memory to get filled
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
# Ollama used by open-webui as llm backend # Ollama used by open-webui as llm backend
services.ollama = { services.ollama = {
enable = true; enable = true;
@ -101,6 +113,10 @@
host = "builder.julian-mutter.de"; host = "builder.julian-mutter.de";
}; };
networking.firewall.allowedTCPPorts = [
80
];
services.openssh = { services.openssh = {
enable = true; enable = true;
# require public key authentication for better security # require public key authentication for better security
@ -111,9 +127,90 @@
users.users."root".openssh.authorizedKeys.keys = [ users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
]; ];
users.users."nix".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
];
# security.pam.sshAgentAuth.enable = true; # enable sudo via ssh # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
services.hydra = {
enable = true;
hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL
port = 3000;
notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
minimumDiskFree = 5; # in GB
minimumDiskFreeEvaluator = 2;
};
# add builder itself as build machine so system emulation is properly supported
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "localhost";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 3;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
# Uris allowed as flake inputs, otherwise hydra does not fetch them
nix.settings.allowed-uris = [
"github:"
"gitlab:"
"git+https://github.com/hyprwm/Hyprland"
"https://github.com/hyprwm/Hyprland"
"https://github"
"https://gitlab"
"https://gitlab.julian-mutter.de"
"git+https://gitlab.julian-mutter.de"
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
# recommendedTlsSettings = true;
# other Nginx options
virtualHosts."hydra.julian-mutter.de" = {
# enableACME = true;
# forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
# proxyWebsockets = true; # needed if you need to use WebSocket
# extraConfig =
# # required when the target is also TLS server with multiple hosts
# "proxy_ssl_server_name on;" +
# # required when the server wants to use HTTP Authentication
# "proxy_pass_header Authorization;"
# ;
};
};
virtualHosts."binarycache.julian-mutter.de" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
# =========== Binary Cache ==========
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
# ======================== DO NOT CHANGE THIS ======================== # ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "23.11"; system.stateVersion = "23.11";
# ======================== DO NOT CHANGE THIS ======================== # ======================== DO NOT CHANGE THIS ========================