ci.nix

{
  pkgs ? import ../pin.nix {jsonpath=../nixpkgs-18.03.json;}
}:
let
  keys = [ (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
  argopkgs = import ../pkgs {};
  hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
  argomodules = import ../modules/module-list.nix;
in
  {
    network.description = "argo-ci";
    network.enableRollback = false;

    hydra =
    { config, ... }:
    {
      require=argomodules;
      environment.argo.known-hosts.enable=true;
      environment.argo.provider-openspace.enable=true;
      environment.argo.root-access.enable=true;
      environment.argo.ssh-config.enable=true;

      environment.variables.TERM = "xterm";

      imports = [ "${hydraSrc}/hydra-module.nix" ];

      deployment.targetEnv = "none";
      deployment.targetHost = "140.221.10.9";

      i18n.defaultLocale = "en_US.UTF-8";
      services.ntp.enable = false;
      services.openssh.allowSFTP = false;

      assertions = pkgs.lib.singleton {
        assertion = pkgs.system == "x86_64-linux";
        message = "unsupported system ${pkgs.system}";
      };

      nix = {
        sshServe= { inherit keys; enable=true;};
        package = pkgs.nixUnstable; trustedUsers = [ "hydra" ]; binaryCaches = [ "https://cache.nixos.org" ];
        useChroot = true;
        nrBuildUsers = 30;
        distributedBuilds = true;
        buildMachines = [
          {
            hostName = "129.114.111.114";
            maxJobs = 10;
            speedFactor = 1;
            sshKey = "/run/id_buildfarm";
            sshUser = "root";
            systems = ["builtin" "x86_64-linux" "i686-linux"];
            supportedFeatures = [ "nixos-test" "benchmark" ];
          }
          {
            hostName = "argo-phi2";
            maxJobs = 40;
            speedFactor = 1;
            sshUser = "freux";
            systems = ["builtin" "x86_64-linux" "i686-linux"];
            supportedFeatures = [ "nixos-test" "benchmark" "icc" ];
          }
        ];
        extraOptions = "auto-optimise-store = true";
      };

      networking = {
        firewall = {
          allowedTCPPorts=[ 2210 80 443 8081];
          allowedUDPPorts=[ 2210 80 443 8081];
        };
      };
      services.nginx = {
        enable = true;
        user = "hydra-queue-runner";
        group= "hydra";
        virtualHosts = {
          "140.221.10.9" = {
            basicAuth =  { argo = "${builtins.readFile ./auth_argo.secret}"; };
            #enableACME = true;
            #forceSSL = true;
              locations."/store".root="/nix";
              locations."/store".extraConfig="autoindex on;";
              locations."/cache".root="/var/lib/hydra";
              locations."/cache".extraConfig="autoindex on;";
              locations."/"= {
                proxyPass="http://localhost:6080/";
                extraConfig = ''
                  proxy_redirect http://127.0.0.1:6080 http://140.221.10.9;
                  proxy_set_header  Host              $host;
                  proxy_set_header  X-Real-IP         $remote_addr;
                  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
                  proxy_set_header  X-Forwarded-Proto $scheme;
                  proxy_set_header  X-Request-Base    /;
                '';
              };
              locations."/hydra"= {
                proxyPass="http://localhost:8080/";
                extraConfig = ''
                  proxy_redirect http://127.0.0.1:8080 http://140.221.10.9/hydra;
                  proxy_set_header  Host              $host;
                  proxy_set_header  X-Real-IP         $remote_addr;
                  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
                  proxy_set_header  X-Forwarded-Proto $scheme;
                  proxy_set_header  X-Request-Base    /hydra;
                '';
              };
            };
          };
        };

      services.hydra = {
        useSubstitutes = true;
        enable = true;
        hydraURL = "http://140.221.10.9/hydra";
        listenHost = "localhost";
        notificationSender = "hydra@example.org";
        port = 8080;
        extraConfig = ''
          store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/140.221.10.9/secret
          using_frontend_proxy 1
          base_uri 140.221.10.9/hydra
          binary_cache_public_uri 140.221.10.9/cache
          max_output_size = 4294967296
          secret-key=/etc/nix/140.221.10.9/secret
        '';
        buildMachinesFiles = [ "/etc/nix/machines" ];
      };

      environment.systemPackages = [ pkgs.nix-serve ];

      services.postgresql = {
        package = pkgs.postgresql94;
        dataDir = "/var/db/postgresql-${config.services.postgresql.package.psqlSchema}";
      };

      systemd.services.hydra-manual-setup = let
        hydraEnv =
          { HYDRA_DBI = config.services.hydra.dbi;
            HYDRA_CONFIG = "/var/lib/hydra/hydra.conf";
            HYDRA_DATA = "/var/lib/hydra";
          };
        in {
        description = "Create Admin User for Hydra";
        serviceConfig.Type = "oneshot";
        serviceConfig.RemainAfterExit = true;
        wantedBy = [ "multi-user.target" ];
        requires = [ "hydra-init.service" ];
        after = [ "hydra-init.service" ];
        environment =  { NIX_REMOTE = "daemon";
                         SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
                         PGPASSFILE = "/var/lib/hydra/pgpass";
                         NIX_REMOTE_SYSTEMS = pkgs.lib.concatStringsSep ":" config.services.hydra.buildMachinesFiles;
                       } // pkgs.lib.optionalAttrs (config.services.hydra.smtpHost != null) {
                         EMAIL_SENDER_TRANSPORT = "SMTP";
                         EMAIL_SENDER_TRANSPORT_host = config.services.hydrasmtpHost;
                       } // hydraEnv // config.services.hydra.extraEnv;
        script = ''
          if [ ! -e ~hydra/.setup-is-complete ]; then
            # create admin user
            /run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin
            /run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin
            # create signing keys
            /run/current-system/sw/bin/install -d -m 551 /etc/nix/140.221.10.9
            /run/current-system/sw/bin/nix-store --generate-binary-cache-key 140.221.10.9 /etc/nix/140.221.10.9/secret /etc/nix/140.221.10.9/public
            /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/140.221.10.9
            /run/current-system/sw/bin/chmod 440 /etc/nix/140.221.10.9/secret
            /run/current-system/sw/bin/chmod 444 /etc/nix/140.221.10.9/public
            #store
            /run/current-system/sw/bin/install -d -m 766 /var/lib/hydra/cache
            /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
            # done
            touch ~hydra/.setup-is-complete
          fi
        '';
      };

      services.hound={
        enable = true;
        listen = "localhost:6080";
        config = ''
          {
             "max-concurrent-indexers" : 2,
             "dbpath" : "${config.services.hound.home}/data",
             "repos" : {
                "argopkgs": { "url" : "https://xgitlab.cels.anl.gov/argo/argopkgs.git" },
                 "nauts": { "url" : "https://xgitlab.cels.anl.gov/argo/nauts.git" },
                 "nrm": { "url" : "https://xgitlab.cels.anl.gov/argo/nrm.git" },
                 "infrastructure": { "url" : "https://xgitlab.cels.anl.gov/argo/infrastructure.git" },
                 "cuttr": { "url" : "https://xgitlab.cels.anl.gov/argo/cuttr.git" },
                 "aml": { "url" : "https://xgitlab.cels.anl.gov/argo/aml.git" },
                 "yggdrasil-integration": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil-integration.git" },
                 "yggdrasil": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil.git" },
                 "libnrm": { "url" : "https://xgitlab.cels.anl.gov/argo/libnrm.git" },
                 "progress-benchmarks": { "url" : "https://xgitlab.cels.anl.gov/argo/progress-benchmarks.git" },
                 "umap": { "url" : "https://xgitlab.cels.anl.gov/argo/umap.git" },
                 "power-bandit": { "url" : "https://xgitlab.cels.anl.gov/argo/power-bandit.git" },
                 "kernel": { "url" : "https://xgitlab.cels.anl.gov/argo/kernel.git" },
                 "util-linux": { "url" : "https://xgitlab.cels.anl.gov/argo/util-linux.git" },
                 "libmsr": { "url" : "https://github.com/LLNL/libmsr.git" }
             }
          }
        '';
      };
     };

    #slave1 =
    #{ ... }:
    #{
      #deployment.targetEnv = "none";
      #deployment.targetHost = "129.114.111.114";

      #require=argomodules;
      #environment.argo.known-hosts.enable=true;
      #environment.argo.provider-tacc.enable=true;
      #environment.argo.root-access.enable=true;

      #environment.variables.TERM = "xterm";

      #i18n.defaultLocale = "en_US.UTF-8";
      #nix.useSandbox = true;
      #nix.nrBuildUsers = 30;
      #services.ntp.enable = false;
      #services.openssh.allowSFTP = false;

      #nix.gc = {
        #automatic = true;
        #dates = "05:15";
        #options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
      #};

      #services.openssh.enable = true;
      #users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
     #};
   }