dasJ/hydra.nix Secret

## hydra.nix
{ pkgs, lib, ... }: with lib; {
  services.hydra = {
    enable = true;
    logo = "${pkgs.helsinki-art}/icon-25.png";
    hydraURL = "http://guava.wg/hydra"; # externally visible URL
    notificationSender = "hydra@example.com"; # e-mail of hydra service
    # you will probably also want, otherwise *everything* will be built from scratch
    useSubstitutes = true;
    # Disables automatic PostgreSQL DB creation
    dbi = "dbi:Pg:user=hydra;dbname=hydra;";

    package = let unstable = import <unstable> {}; in
      # Next we disable 'restricted-eval' mode by patching the source
      pkgs.hydra.overrideAttrs (old: with unstable; {
        patches = [ ./hydra-ldap.patch ];
        buildInputs = old.buildInputs ++ [ perlPackages.YAML (callPackage ./CatalystAuthenticationStoreLDAP.nix {}) ] ++ (with perlPackages; [
          ModulePluggable
          CatalystActionREST
          CatalystAuthenticationStoreDBIxClass
          CatalystDevel
          CatalystDispatchTypeRegex
          CatalystPluginAccessLog
          CatalystPluginAuthorizationRoles
          CatalystPluginCaptcha
          CatalystPluginSessionStateCookie
          CatalystPluginSessionStoreFastMmap
          CatalystPluginStackTrace
          CatalystPluginUnicodeEncoding
          CatalystTraitForRequestProxyBase
          CatalystViewDownload
          CatalystViewJSON
          CatalystViewTT
          CatalystXScriptServerStarman
          CatalystXRoleApplicator
          CryptRandPasswd
          DBDPg
          DBDSQLite
          DataDump
          DateTime
          DigestSHA1
          EmailMIME
          EmailSender
          FileSlurp
          IOCompress
          IPCRun
          JSON
          JSONAny
          JSONXS
          LWP
          LWPProtocolHttps
          NetAmazonS3
          NetStatsd
          PadWalker
          Readonly
          SQLSplitStatement
          SetScalar
          Starman
          SysHostnameLong
          TermSizeAny
          TestMore
          TextDiff
          TextTable
          XMLSimple
        ]);
        src = fetchFromGitHub {
          owner = "NixOS";
          repo = "hydra";
          rev = "flake";
          sha256 = "sha256-z8phrXg8zXhBe2bN5u9sFSOERe+gM2bYoPbx01JaEe8=";
        };

        prePatch = ''
          sed -i 's/evalSettings.restrictEval = true/evalSettings.restrictEval = false/' "$(find -name hydra-eval-jobs.cc)"
          sed -i 's/<img src="\[% logo %\]"/<img src="[% c.uri_for(logo) %]"/g' "$(find -name layout.tt)"
          sed -i '/AccessLog$/d' "$(find -name Hydra.pm)"
        '';
        doCheck = false;

        postInstall = ''
          ${old.postInstall}

          rm $out/libexec/hydra/lib/Hydra/Plugin/GitlabStatus.pm
          rm $out/libexec/hydra/lib/Hydra/Plugin/BitBucketStatus.pm

          cp ${./GiteaStatus.pm} $out/libexec/hydra/lib/Hydra/Plugin/GiteaStatus.pm
        '';
      }
    );

    # Unit is GiB
    minimumDiskFree = 5;
    minimumDiskFreeEvaluator = 1;

    # Mail stuff
    extraConfig = ''
      email_notification = 1
      evaluator_max_heap_size = ${toString (20 * 1024 * 1024 * 1024)}
      evaluator_initial_heap_size = ${toString (8 * 1024 * 1024 * 1024)}
      max_concurrent_evals = 2
    '';
    extraEnv.EMAIL_SENDER_TRANSPORT = "Sendmail";
  };

  nix.allowedUsers = [ "hydra" "hydra-queue-runner" "hydra-www" ];
}
	{ pkgs, lib, ... }: with lib; {
	services.hydra = {
	enable = true;
	logo = "${pkgs.helsinki-art}/icon-25.png";
	hydraURL = "http://guava.wg/hydra"; # externally visible URL
	notificationSender = "hydra@example.com"; # e-mail of hydra service
	# you will probably also want, otherwise everything will be built from scratch
	useSubstitutes = true;
	# Disables automatic PostgreSQL DB creation
	dbi = "dbi:Pg:user=hydra;dbname=hydra;";

	package = let unstable = import <unstable> {}; in
	# Next we disable 'restricted-eval' mode by patching the source
	pkgs.hydra.overrideAttrs (old: with unstable; {
	patches = [ ./hydra-ldap.patch ];
	buildInputs = old.buildInputs ++ [ perlPackages.YAML (callPackage ./CatalystAuthenticationStoreLDAP.nix {}) ] ++ (with perlPackages; [
	ModulePluggable
	CatalystActionREST
	CatalystAuthenticationStoreDBIxClass
	CatalystDevel
	CatalystDispatchTypeRegex
	CatalystPluginAccessLog
	CatalystPluginAuthorizationRoles
	CatalystPluginCaptcha
	CatalystPluginSessionStateCookie
	CatalystPluginSessionStoreFastMmap
	CatalystPluginStackTrace
	CatalystPluginUnicodeEncoding
	CatalystTraitForRequestProxyBase
	CatalystViewDownload
	CatalystViewJSON
	CatalystViewTT
	CatalystXScriptServerStarman
	CatalystXRoleApplicator
	CryptRandPasswd
	DBDPg
	DBDSQLite
	DataDump
	DateTime
	DigestSHA1
	EmailMIME
	EmailSender
	FileSlurp
	IOCompress
	IPCRun
	JSON
	JSONAny
	JSONXS
	LWP
	LWPProtocolHttps
	NetAmazonS3
	NetStatsd
	PadWalker
	Readonly
	SQLSplitStatement
	SetScalar
	Starman
	SysHostnameLong
	TermSizeAny
	TestMore
	TextDiff
	TextTable
	XMLSimple
	]);
	src = fetchFromGitHub {
	owner = "NixOS";
	repo = "hydra";
	rev = "flake";
	sha256 = "sha256-z8phrXg8zXhBe2bN5u9sFSOERe+gM2bYoPbx01JaEe8=";
	};

	prePatch = ''
	sed -i 's/evalSettings.restrictEval = true/evalSettings.restrictEval = false/' "$(find -name hydra-eval-jobs.cc)"
	sed -i 's/<img src="\[% logo %\]"/<img src="[% c.uri_for(logo) %]"/g' "$(find -name layout.tt)"
	sed -i '/AccessLog$/d' "$(find -name Hydra.pm)"
	'';
	doCheck = false;

	postInstall = ''
	${old.postInstall}

	rm $out/libexec/hydra/lib/Hydra/Plugin/GitlabStatus.pm
	rm $out/libexec/hydra/lib/Hydra/Plugin/BitBucketStatus.pm

	cp ${./GiteaStatus.pm} $out/libexec/hydra/lib/Hydra/Plugin/GiteaStatus.pm
	'';
	}
	);

	# Unit is GiB
	minimumDiskFree = 5;
	minimumDiskFreeEvaluator = 1;

	# Mail stuff
	extraConfig = ''
	email_notification = 1
	evaluator_max_heap_size = ${toString (20 * 1024 * 1024 * 1024)}
	evaluator_initial_heap_size = ${toString (8 * 1024 * 1024 * 1024)}
	max_concurrent_evals = 2
	'';
	extraEnv.EMAIL_SENDER_TRANSPORT = "Sendmail";
	};

	nix.allowedUsers = [ "hydra" "hydra-queue-runner" "hydra-www" ];
	}