Merge branch 'upgrade-16.09' into HEAD

9 years ago · 5d831cf7be
parent 2ffdaf0a53 7dbfccf2f4
commit 5d831cf7be
5 changed files with 126 additions and 0 deletions
--- a/config-generator.nix
+++ b/config-generator.nix
@ -42,6 +42,8 @@ in
        edition-photo   = mkEnableOption "Profil pour la création/édition de photos.";
        edition-video   = mkEnableOption "Profil pour la création/édition de video.";
        fail2ban        = mkEnableOption "Profil pour activer Fail2ban.";
+        hydra-builder   = mkEnableOption "Profil pour une machine qui compile pour hydra.";
+        hydra-core      = mkEnableOption "Profil pour un serveur hydra.";
        jeux            = mkEnableOption "Profil pour les jeux vidéos.";
        laptop          = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables..";
        locate          = mkEnableOption "Profil pour activer la fonction locate.";
@ -181,6 +183,7 @@ in
      };

      r6d.config-generator = {
+        hydra-core = true;
        print = true;
        virtualbox = true;
      };
--- a/public/hydra.nix
+++ b/public/hydra.nix
@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+{
+  ####################################### HYDRA
+
+  virtualisation.virtualbox.host.enable = true;
+
+  # une fois installé :
+  # 1. créer chef SSH : ssh-keygen -C "hydra@pedro.dubronetwork.fr" -N "" -f /etc/nixos/id_buildfarm
+  # 2. récupérer la clef publique du serveur ssh : ssh-keyscan localhost + l'ajouter dans les knownHosts
+  # 2. créer un utilisateur
+  # su - hydra
+  # hydra-create-user jpierre03 --password toto --role 'admin'
+  # accessible à hydra.pedro.dubnronetwork.fr
+  services.hydra = {
+    enable = true;
+    hydraURL = "http://hydra.pedro.dubronetwork.fr";
+    notificationSender = "hydra@${config.networking.hostName}";
+    listenHost = "localhost";
+    minimumDiskFree = 50; # Go
+  };
+
+  programs.ssh.knownHosts."pedro.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD";
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      { hostName = "pedro.dubronetwork.fr"; maxJobs = 2; speedFactor = 10; sshKey = "/etc/nixos/id_buildfarm"; sshUser = "root"; system = "x86_64-linux"; }
+    ];
+    extraOptions = "auto-optimise-store = true";
+  };
+  #  nix.gc = {
+  #  automatic = true;
+  #};
+}
--- a/public/public.nix
+++ b/public/public.nix
@ -34,6 +34,8 @@ in
    ./auto-upgrade.nix          # mise à jour automatique du système
    ./laptop.nix                # appli & configuration adaptée pour un PC portable
    ./print.nix                 # configuration de base de cups
+    ./service-hydra-build.nix   # service de construction de paquet. -> la machine compile des paquets
+    ./service-hydra-core.nix    # service pour l'instance d'hydra
    ./service-laptop.nix        # services spécifiques aux pc portables
    ./service-locate.nix        # service locate
    ./swap.nix                  # définition de l'utilisation du swap
--- a/public/service-hydra-build.nix
+++ b/public/service-hydra-build.nix
@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.hydra-builder {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+
+  virtualisation.virtualbox.host.enable = true;
+  nix.gc.automatic = true;
+
+  users.users."hydrabuild" = {
+    description = "Execution des job hydra";
+    group = ["nixbld"];
+    isNormalUser = false;
+
+    openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVMndtLDf++di38EE8rEG5QOCA5aKsBO/f0LIi1Ez87ZaNsjv9XvJW1f8Nt6KH+lSvB1Cp7QCRINawLavb714oZ248cuAu1Osq8lMSDnQlGqgJa+cgiww7PPvJU9YLkrx5LT0Suaskp64Iq4Ox1n+2zy2pIiFD/9Ueqmrt9GnztdQkkqYsGYMjNjY2PBFrkeCWhib9Y3t1eeWsugkegbNVFJtdU2AeqBiDT41dCne6WBJBoDy7wtP3a8ocYMv4G2ThUzLx0SOY5sDUTEQKgm7ncp4FRBSQBOiz1VanFrimKhNKtomY7Da8Ls31LpbDdnI6sauuSUtOvYb+h5QvWeFl root@pedro.dubronetwork.fr"
+      ];
+  };
+}
--- a/public/service-hydra-core.nix
+++ b/public/service-hydra-core.nix
@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.hydra-core {
+
+  # Paquets
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Services
+
+  ## Hydra
+  # 2. créer un utilisateur pour gérer hydra
+  # su - hydra
+  # hydra-create-user jpierre03 --password xxx --role 'admin'
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "http://hydra.${config.networking.hostName}";
+    notificationSender = "hydra@${config.networking.hostName}";
+    listenHost = "localhost";
+    minimumDiskFree = 50; # Go
+  };
+
+  ## Ménage
+  #nix.gc.automatic = true;
+
+  ## Délégation des actions de compilation à la compilefarm
+
+  ### Machines connues
+  # 2. récupérer la clef publique du serveur ssh : ssh-keyscan localhost + l'ajouter dans les knownHosts
+  
+  programs.ssh.knownHosts = {
+	"pedro.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD";
+  };
+
+  # une fois installé :
+  # 1. créer chef SSH : ssh-keygen -C "hydra@pedro.dubronetwork.fr" -N "" -f /etc/nixos/id_buildfarm
+  # accessible à hydra.pedro.dubnronetwork.fr
+
+  
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+    #      { hostName = "pedro.dubronetwork.fr"; maxJobs = 2; speedFactor = 10; sshKey = "/etc/nixos/id_buildfarm"; sshUser = "root"; system = "x86_64-linux"; }
+    ];
+    extraOptions = "auto-optimise-store = true";
+  };
+  
+}