diff --git a/public/public.nix b/public/public.nix index 7dc042f..2d43287 100644 --- a/public/public.nix +++ b/public/public.nix @@ -34,6 +34,8 @@ in ./auto-upgrade.nix # mise à jour automatique du système ./laptop.nix # appli & configuration adaptée pour un PC portable ./print.nix # configuration de base de cups + ./service-hydra-build.nix # service de construction de paquet. -> la machine compile des paquets + ./service-hydra-core.nix # service pour l'instance d'hydra ./service-laptop.nix # services spécifiques aux pc portables ./service-locate.nix # service locate ./swap.nix # définition de l'utilisation du swap diff --git a/public/service-hydra-build.nix b/public/service-hydra-build.nix new file mode 100644 index 0000000..e58b472 --- /dev/null +++ b/public/service-hydra-build.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf cfg.hydra-builder { + + # Paquets + environment.systemPackages = with pkgs; [ + ]; + + # Services + + + virtualisation.virtualbox.host.enable = true; + nix.gc.automatic = true; + + users.users."hydrabuild" = { + description = "Execution des job hydra"; + group = ["nixbld"]; + isNormalUser = false; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVMndtLDf++di38EE8rEG5QOCA5aKsBO/f0LIi1Ez87ZaNsjv9XvJW1f8Nt6KH+lSvB1Cp7QCRINawLavb714oZ248cuAu1Osq8lMSDnQlGqgJa+cgiww7PPvJU9YLkrx5LT0Suaskp64Iq4Ox1n+2zy2pIiFD/9Ueqmrt9GnztdQkkqYsGYMjNjY2PBFrkeCWhib9Y3t1eeWsugkegbNVFJtdU2AeqBiDT41dCne6WBJBoDy7wtP3a8ocYMv4G2ThUzLx0SOY5sDUTEQKgm7ncp4FRBSQBOiz1VanFrimKhNKtomY7Da8Ls31LpbDdnI6sauuSUtOvYb+h5QvWeFl root@pedro.dubronetwork.fr" + ]; + }; +} diff --git a/public/service-hydra-core.nix b/public/service-hydra-core.nix new file mode 100644 index 0000000..b60ee49 --- /dev/null +++ b/public/service-hydra-core.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkThenElse; + cfg = config.r6d.config-generator; + computers = config.r6d.computers; + profiles = config.r6d.profiles; +in + +mkIf cfg.hydra-core { + + # Paquets + environment.systemPackages = with pkgs; [ + ]; + + # Services + + ## Hydra + # 2. créer un utilisateur pour gérer hydra + # su - hydra + # hydra-create-user jpierre03 --password xxx --role 'admin' + + services.hydra = { + enable = true; + hydraURL = "http://hydra.${config.networking.hostName}"; + notificationSender = "hydra@${config.networking.hostName}"; + listenHost = "localhost"; + minimumDiskFree = 50; # Go + }; + + ## Ménage + nix.gc = { + automatic = true; + }; + + ## Délégation des actions de compilation à la compilefarm + + ### Machines connues + # 2. récupérer la clef publique du serveur ssh : ssh-keyscan localhost + l'ajouter dans les knownHosts + + programs.ssh.knownHosts = { + "pedro.dubronetwork.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7fjo2ysLqlfSo6BKnc6I6m1ayoPrbwEEyTKZmUzsOD"; + }; + + # une fois installé : + # 1. créer chef SSH : ssh-keygen -C "hydra@pedro.dubronetwork.fr" -N "" -f /etc/nixos/id_buildfarm + # accessible à hydra.pedro.dubnronetwork.fr + + + nix = { + distributedBuilds = true; + buildMachines = [ + # { hostName = "pedro.dubronetwork.fr"; maxJobs = 2; speedFactor = 10; sshKey = "/etc/nixos/id_buildfarm"; sshUser = "root"; system = "x86_64-linux"; } + ]; + extraOptions = "auto-optimise-store = true"; + }; + +}