Commit bacf4bd8 authored by Valentin Reis's avatar Valentin Reis

Deployment fix.

parent 4b8d4248
*.secret filter=git-crypt diff=git-crypt
# argopkgs
Packages : http://129.114.111.116:8080/jobset/argo/master#tabs-jobs
Code search : http://129.114.111.116:6080
Packages : https://argo.freux.fr/hydra
Code search : https://argo.freux.fr
Nix-based CI with Hydra for Argo packages. Hydra is a versatile build farm.
This bit of infrastructure is currently specific to Valentin's use cases but do
......
No preview for this file type
......@@ -23,14 +23,9 @@ in
environment.variables.TERM = "xterm";
imports = [ "${hydraSrc}/hydra-module.nix" ];
networking = {
firewall = {
allowedTCPPorts=[ config.services.hydra.port 6080 2210 ];
};
};
deployment.targetEnv = "none";
deployment.targetHost = "129.114.111.116";
deployment.targetHost = "argo.freux.fr";
i18n.defaultLocale = "en_US.UTF-8";
services.ntp.enable = false;
......@@ -67,13 +62,55 @@ in
extraOptions = "auto-optimise-store = true";
};
networking = {
firewall = {
allowedTCPPorts=[ 2210 80 443];
allowedUDPPorts=[ 2210 80 443];
};
};
services.nginx = {
enable = true;
virtualHosts = {
"argo.freux.fr" = {
basicAuth = { argo = "${builtins.readFile ./auth_argo.secret}"; };
enableACME = true;
forceSSL = true;
locations."/"= {
proxyPass="http://localhost:6080/";
extraConfig = ''
proxy_redirect http://127.0.0.1:6080 https://argo.freux.fr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Base /;
'';
};
locations."/hydra"= {
proxyPass="http://localhost:8080/";
extraConfig = ''
proxy_redirect http://127.0.0.1:8080 https://argo.freux.fr/hydra;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Base /hydra;
'';
};
};
};
};
services.hydra = {
useSubstitutes = true;
enable = true;
hydraURL = "http://129.114.111.116";
hydraURL = "https://argo.freux.fr/hydra";
listenHost = "localhost";
notificationSender = "hydra@example.org";
port = 8080;
extraConfig = ''
using_frontend_proxy 1
base_uri argo.freux.fr/hydra
max_output_size = 4294967296
secret-key=/etc/nix/hydra.example.org-1/secret
'';
......@@ -124,7 +161,8 @@ in
};
services.hound={
enable=true;
enable = true;
listen = "localhost:6080";
config = ''
{
"max-concurrent-indexers" : 2,
......
......@@ -2,6 +2,7 @@
echo "extracting/sending hydra-master secret key from password store"
pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@129.114.111.116 'cat > /run/id_buildfarm'
cat ./auth_argo | ssh root@129.114.111.116 'cat > /run/auth_argo'
echo "chown-ing the key on the machine"
ssh root@129.114.111.116 'chown hydra-queue-runner:hydra /run/id_buildfarm'
ssh root@129.114.111.116 'chmod 600 /run/id_buildfarm'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment