ci.nix 9.49 KB
Newer Older
Valentin Reis's avatar
stub ci    
Valentin Reis committed
1
{
Valentin Reis's avatar
ci fix    
Valentin Reis committed
2
  pkgs ? import ../pin.nix {jsonpath=../nixpkgs-18.03.json;}
Valentin Reis's avatar
stub ci    
Valentin Reis committed
3
4
5
6
}:
let
  keys = [ (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
  argopkgs = import ../pkgs {};
Valentin Reis's avatar
Valentin Reis committed
7
  hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
Valentin Reis's avatar
Valentin Reis committed
8
  argomodules = import ../modules/module-list.nix;
Valentin Reis's avatar
stub ci    
Valentin Reis committed
9
10
11
12
13
in
  {
    network.description = "argo-ci";
    network.enableRollback = false;

14
    hydra =
Valentin Reis's avatar
ci fix    
Valentin Reis committed
15
    { config, ... }:
Valentin Reis's avatar
Valentin Reis committed
16
    {
Valentin Reis's avatar
Valentin Reis committed
17
      require=argomodules;
18
      environment.argo.known-hosts.enable=true;
19
      environment.argo.provider-openspace.enable=true;
20
      environment.argo.root-access.enable=true;
Valentin Reis's avatar
Valentin Reis committed
21
      environment.argo.ssh-config.enable=true;
Valentin Reis's avatar
Valentin Reis committed
22

Valentin Reis's avatar
Valentin Reis committed
23
24
      environment.variables.TERM = "xterm";

25
      imports = [ "${hydraSrc}/hydra-module.nix" ];
Valentin Reis's avatar
Valentin Reis committed
26
27

      deployment.targetEnv = "none";
28
      deployment.targetHost = "140.221.10.9";
Valentin Reis's avatar
Valentin Reis committed
29

Valentin Reis's avatar
Valentin Reis committed
30
31
32
33
34
35
36
37
38
39
      i18n.defaultLocale = "en_US.UTF-8";
      services.ntp.enable = false;
      services.openssh.allowSFTP = false;

      assertions = pkgs.lib.singleton {
        assertion = pkgs.system == "x86_64-linux";
        message = "unsupported system ${pkgs.system}";
      };

      nix = {
40
41
        sshServe= { inherit keys; enable=true;};
        package = pkgs.nixUnstable; trustedUsers = [ "hydra" ]; binaryCaches = [ "https://cache.nixos.org" ];
Valentin Reis's avatar
Valentin Reis committed
42
43
44
45
        useChroot = true;
        nrBuildUsers = 30;
        distributedBuilds = true;
        buildMachines = [
Valentin Reis's avatar
Valentin Reis committed
46
47
          {
            hostName = "129.114.111.114";
48
49
            maxJobs = 10;
            speedFactor = 1;
Valentin Reis's avatar
Valentin Reis committed
50
            sshKey = "/run/id_buildfarm";
51
52
53
54
            sshUser = "root";
            systems = ["builtin" "x86_64-linux" "i686-linux"];
            supportedFeatures = [ "nixos-test" "benchmark" ];
          }
Valentin Reis's avatar
Valentin Reis committed
55
56
          {
            hostName = "argo-phi2";
Valentin Reis's avatar
Valentin Reis committed
57
            maxJobs = 40;
58
            speedFactor = 1;
Valentin Reis's avatar
Valentin Reis committed
59
            sshUser = "freux";
Valentin Reis's avatar
ci fix    
Valentin Reis committed
60
            systems = ["builtin" "x86_64-linux" "i686-linux"];
Valentin Reis's avatar
Valentin Reis committed
61
            supportedFeatures = [ "nixos-test" "benchmark" "icc" ];
Valentin Reis's avatar
ci fix    
Valentin Reis committed
62
          }
Valentin Reis's avatar
Valentin Reis committed
63
64
65
66
        ];
        extraOptions = "auto-optimise-store = true";
      };

Valentin Reis's avatar
Valentin Reis committed
67
68
      networking = {
        firewall = {
69
70
          allowedTCPPorts=[ 2210 80 443 8081];
          allowedUDPPorts=[ 2210 80 443 8081];
Valentin Reis's avatar
Valentin Reis committed
71
72
73
74
        };
      };
      services.nginx = {
        enable = true;
75
76
        user = "hydra-queue-runner";
        group= "hydra";
Valentin Reis's avatar
Valentin Reis committed
77
        virtualHosts = {
78
          "140.221.10.9" = {
Valentin Reis's avatar
Valentin Reis committed
79
            basicAuth =  { argo = "${builtins.readFile ./auth_argo.secret}"; };
80
81
82
83
84
85
            #enableACME = true;
            #forceSSL = true;
              locations."/store".root="/nix";
              locations."/store".extraConfig="autoindex on;";
              locations."/cache".root="/var/lib/hydra";
              locations."/cache".extraConfig="autoindex on;";
Valentin Reis's avatar
Valentin Reis committed
86
87
88
              locations."/"= {
                proxyPass="http://localhost:6080/";
                extraConfig = ''
89
                  proxy_redirect http://127.0.0.1:6080 http://140.221.10.9;
Valentin Reis's avatar
Valentin Reis committed
90
91
92
93
94
95
96
97
98
99
                  proxy_set_header  Host              $host;
                  proxy_set_header  X-Real-IP         $remote_addr;
                  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
                  proxy_set_header  X-Forwarded-Proto $scheme;
                  proxy_set_header  X-Request-Base    /;
                '';
              };
              locations."/hydra"= {
                proxyPass="http://localhost:8080/";
                extraConfig = ''
100
                  proxy_redirect http://127.0.0.1:8080 http://140.221.10.9/hydra;
Valentin Reis's avatar
Valentin Reis committed
101
102
103
104
105
106
107
108
109
110
111
                  proxy_set_header  Host              $host;
                  proxy_set_header  X-Real-IP         $remote_addr;
                  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
                  proxy_set_header  X-Forwarded-Proto $scheme;
                  proxy_set_header  X-Request-Base    /hydra;
                '';
              };
            };
          };
        };

Valentin Reis's avatar
Valentin Reis committed
112
      services.hydra = {
Valentin Reis's avatar
Valentin Reis committed
113
        useSubstitutes = true;
Valentin Reis's avatar
Valentin Reis committed
114
        enable = true;
115
        hydraURL = "http://140.221.10.9/hydra";
Valentin Reis's avatar
Valentin Reis committed
116
        listenHost = "localhost";
Valentin Reis's avatar
Valentin Reis committed
117
118
        notificationSender = "hydra@example.org";
        port = 8080;
Valentin Reis's avatar
Valentin Reis committed
119
        extraConfig = ''
120
          store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/140.221.10.9/secret
Valentin Reis's avatar
Valentin Reis committed
121
          using_frontend_proxy 1
122
123
          base_uri 140.221.10.9/hydra
          binary_cache_public_uri 140.221.10.9/cache
Valentin Reis's avatar
Valentin Reis committed
124
          max_output_size = 4294967296
125
          secret-key=/etc/nix/140.221.10.9/secret
Valentin Reis's avatar
Valentin Reis committed
126
        '';
Valentin Reis's avatar
Valentin Reis committed
127
128
129
        buildMachinesFiles = [ "/etc/nix/machines" ];
      };

130
131
      environment.systemPackages = [ pkgs.nix-serve ];

Valentin Reis's avatar
Valentin Reis committed
132
133
134
135
136
      services.postgresql = {
        package = pkgs.postgresql94;
        dataDir = "/var/db/postgresql-${config.services.postgresql.package.psqlSchema}";
      };

Valentin Reis's avatar
Valentin Reis committed
137
138
139
140
141
142
143
      systemd.services.hydra-manual-setup = let
        hydraEnv =
          { HYDRA_DBI = config.services.hydra.dbi;
            HYDRA_CONFIG = "/var/lib/hydra/hydra.conf";
            HYDRA_DATA = "/var/lib/hydra";
          };
        in {
Valentin Reis's avatar
Valentin Reis committed
144
145
146
147
148
149
        description = "Create Admin User for Hydra";
        serviceConfig.Type = "oneshot";
        serviceConfig.RemainAfterExit = true;
        wantedBy = [ "multi-user.target" ];
        requires = [ "hydra-init.service" ];
        after = [ "hydra-init.service" ];
Valentin Reis's avatar
Valentin Reis committed
150
151
152
153
154
155
156
157
        environment =  { NIX_REMOTE = "daemon";
                         SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03
                         PGPASSFILE = "/var/lib/hydra/pgpass";
                         NIX_REMOTE_SYSTEMS = pkgs.lib.concatStringsSep ":" config.services.hydra.buildMachinesFiles;
                       } // pkgs.lib.optionalAttrs (config.services.hydra.smtpHost != null) {
                         EMAIL_SENDER_TRANSPORT = "SMTP";
                         EMAIL_SENDER_TRANSPORT_host = config.services.hydrasmtpHost;
                       } // hydraEnv // config.services.hydra.extraEnv;
Valentin Reis's avatar
Valentin Reis committed
158
159
160
        script = ''
          if [ ! -e ~hydra/.setup-is-complete ]; then
            # create admin user
Valentin Reis's avatar
Valentin Reis committed
161
162
            /run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin
            /run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin
Valentin Reis's avatar
Valentin Reis committed
163
            # create signing keys
164
165
166
167
168
169
170
171
            /run/current-system/sw/bin/install -d -m 551 /etc/nix/140.221.10.9
            /run/current-system/sw/bin/nix-store --generate-binary-cache-key 140.221.10.9 /etc/nix/140.221.10.9/secret /etc/nix/140.221.10.9/public
            /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/140.221.10.9
            /run/current-system/sw/bin/chmod 440 /etc/nix/140.221.10.9/secret
            /run/current-system/sw/bin/chmod 444 /etc/nix/140.221.10.9/public
            #store
            /run/current-system/sw/bin/install -d -m 766 /var/lib/hydra/cache
            /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
Valentin Reis's avatar
Valentin Reis committed
172
173
174
175
176
            # done
            touch ~hydra/.setup-is-complete
          fi
        '';
      };
Valentin Reis's avatar
Valentin Reis committed
177
178

      services.hound={
Valentin Reis's avatar
Valentin Reis committed
179
180
        enable = true;
        listen = "localhost:6080";
Valentin Reis's avatar
Valentin Reis committed
181
182
183
184
185
186
        config = ''
          {
             "max-concurrent-indexers" : 2,
             "dbpath" : "${config.services.hound.home}/data",
             "repos" : {
                "argopkgs": { "url" : "https://xgitlab.cels.anl.gov/argo/argopkgs.git" },
Valentin Reis's avatar
Valentin Reis committed
187
188
189
190
191
192
193
194
195
196
197
198
                 "nauts": { "url" : "https://xgitlab.cels.anl.gov/argo/nauts.git" },
                 "nrm": { "url" : "https://xgitlab.cels.anl.gov/argo/nrm.git" },
                 "infrastructure": { "url" : "https://xgitlab.cels.anl.gov/argo/infrastructure.git" },
                 "cuttr": { "url" : "https://xgitlab.cels.anl.gov/argo/cuttr.git" },
                 "aml": { "url" : "https://xgitlab.cels.anl.gov/argo/aml.git" },
                 "yggdrasil-integration": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil-integration.git" },
                 "yggdrasil": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil.git" },
                 "libnrm": { "url" : "https://xgitlab.cels.anl.gov/argo/libnrm.git" },
                 "progress-benchmarks": { "url" : "https://xgitlab.cels.anl.gov/argo/progress-benchmarks.git" },
                 "umap": { "url" : "https://xgitlab.cels.anl.gov/argo/umap.git" },
                 "power-bandit": { "url" : "https://xgitlab.cels.anl.gov/argo/power-bandit.git" },
                 "kernel": { "url" : "https://xgitlab.cels.anl.gov/argo/kernel.git" },
199
                 "util-linux": { "url" : "https://xgitlab.cels.anl.gov/argo/util-linux.git" },
200
                 "libmsr": { "url" : "https://github.com/LLNL/libmsr.git" }
Valentin Reis's avatar
Valentin Reis committed
201
202
203
204
             }
          }
        '';
      };
Valentin Reis's avatar
Valentin Reis committed
205
     };
Valentin Reis's avatar
Valentin Reis committed
206

207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    #slave1 =
    #{ ... }:
    #{
      #deployment.targetEnv = "none";
      #deployment.targetHost = "129.114.111.114";

      #require=argomodules;
      #environment.argo.known-hosts.enable=true;
      #environment.argo.provider-tacc.enable=true;
      #environment.argo.root-access.enable=true;

      #environment.variables.TERM = "xterm";

      #i18n.defaultLocale = "en_US.UTF-8";
      #nix.useSandbox = true;
      #nix.nrBuildUsers = 30;
      #services.ntp.enable = false;
      #services.openssh.allowSFTP = false;

      #nix.gc = {
        #automatic = true;
        #dates = "05:15";
        #options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
      #};

      #services.openssh.enable = true;
      #users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
     #};
Valentin Reis's avatar
Valentin Reis committed
235
   }