Hydra setup

gistfile1.txt

{ config, pkgs, ...}: {

  services.postfix = {
      enable = true;
      setSendmail = true;
  };

  services.postgresql = {
      enable = true;
      package = pkgs.postgresql;
      identMap =
        ''
          hydra-users hydra hydra
          hydra-users hydra-queue-runner hydra
          hydra-users hydra-www hydra
          hydra-users root postgres
          hydra-users postgres postgres
        '';
  };

  services.hydra = {
      enable = true;  
      hydraURL = "https://hydra.hostname";
      notificationSender = "hydra@hostname";
      extraConfig = ''
        store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/hostname/secret
        binary_cache_secret_key_file = /etc/nix/hostname/secret
        binary_cache_dir = /var/lib/hydra/cache
      ''; 
  };

  services.nginx.virtualHosts."hydra.hostname" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:3000";
  };

  systemd.services.hydra-manual-setup = {
    description = "Create Admin User for Hydra";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
    wantedBy = [ "multi-user.target" ];
    requires = [ "hydra-init.service" ];
    after = [ "hydra-init.service" ];
    environment = config.systemd.services.hydra-init.environment;
    script = ''
      if [ ! -e ~hydra/.setup-is-complete ]; then
        # create admin user (remember to change the password)
        /run/current-system/sw/bin/hydra-create-user admin --full-name 'admin' --email-address 'hydra@hostname' --password admin --role admin
        # create signing keys
        /run/current-system/sw/bin/install -d -m 551 /etc/nix/hostname
        /run/current-system/sw/bin/nix-store --generate-binary-cache-key hostname /etc/nix/hostname/secret /etc/nix/hostname/public
        /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/hostname
        /run/current-system/sw/bin/chmod 440 /etc/nix/hostname/secret
        /run/current-system/sw/bin/chmod 444 /etc/nix/hostname/public
        # create cache
        /run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
        /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
        # done
        touch ~hydra/.setup-is-complete
      fi
    '';
  };

  nix.gc = {
    automatic = true;
    dates = "15 3 * * *";
  };

  nix.extraOptions = ''
    trusted-users = hydra hydra-evaluator hydra-queue-runner
    auto-optimise-store = true
  '';

  nix.buildMachines = [
    {
      hostName = "localhost";
      systems = [ "i686-linux" "x86_64-linux" ];
      maxJobs = 6;
      # for building VirtualBox VMs, you might need other features depending on what you are doing
      # supportedFeatures = ["kvm" "big-parallel"];
    }
  ];
}

A few notes:

• go through and replace hostname in this file
• the installation does something weird to the hydra-queue-runner service, so you might need to restart that service after the installation goes through to get that running
• change the admin password :)
• you'll get some deprecation warnings about lines 19 and 20, but I think the code still uses those options in some places

You can set things up with the declarative jobspecs from the front page of the "new project" screen

• see https://github.com/qfpl/digit/tree/master/ci for the files involved
• you add your project as a github source, and nixpkgs as another github source, and ./ci/jobsets.json as the declarative spec file

There is some info on setting it up to run on github PRs here and in these two files.