Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/infra
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b48aa4102b66
Choose a base ref
...
head repository: NixOS/infra
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: eb8d3b18b96b
Choose a head ref
  • 6 commits
  • 6 files changed
  • 1 contributor

Commits on May 22, 2020

  1. ngi0/hydra/flake.lock: Update

    Flake input changes:
    
    * Updated 'hydra': 'github:NixOS/hydra/87837f1d82904bf48e11b5641258b6be2f663c3b' -> 'github:NixOS/hydra/3c6b724f921132b06a16d933d5f215788f88d0e1'
    * Updated 'hydra/nix': 'github:NixOS/nix/3aaceeb7e2d3fb8a07a1aa5a21df1dca6bbaa0ef' -> 'github:NixOS/nix/14a3a62bfca6c572b9a415cfa80cdbd7ad4326b3'
    * Updated 'nix': 'github:NixOS/nix/6521c92ce8289a5f9e959c6789ab24dacdad082e' -> 'github:NixOS/nix/5f64655ff429be08aa0787761697787e7050f373'
    * Updated 'nixpkgs': 'github:NixOS/nixpkgs/2faa76db27c4a8045d050d9b390dbb2249b0f3c0' -> 'github:NixOS/nixpkgs/f45ccd9d20b4e90e43c4562b9941ea1dbd8f07a4'
    edolstra committed May 22, 2020
    Copy the full SHA
    a1b8d0c View commit details
  2. Use S3 binary cache

    edolstra committed May 22, 2020
    Copy the full SHA
    e0dc8eb View commit details
  3. Terraform stuff for NGI

    edolstra committed May 22, 2020
    Copy the full SHA
    548449b View commit details
  4. Copy the full SHA
    5ff66bb View commit details
  5. Enable Google login

    edolstra committed May 22, 2020
    Copy the full SHA
    fbc0637 View commit details
  6. Copy the full SHA
    eb8d3b1 View commit details
Showing with 157 additions and 18 deletions.
  1. +12 −12 ngi0/hydra/flake.lock
  2. +1 −1 ngi0/hydra/flake.nix
  3. +12 −5 ngi0/hydra/hydra.nix
  4. +97 −0 ngi0/terraform/cache.tf
  5. +27 −0 ngi0/terraform/hydra-user.tf
  6. +8 −0 ngi0/terraform/providers.tf
24 changes: 12 additions & 12 deletions ngi0/hydra/flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ngi0/hydra/flake.nix
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
edition = 201909;

inputs.nixpkgs.uri = "nixpkgs/nixos-20.03";
inputs.nixpkgs.url = "nixpkgs/nixos-20.03";

outputs = { self, nixpkgs, nix, hydra }: {

17 changes: 12 additions & 5 deletions ngi0/hydra/hydra.nix
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
{ config, pkgs, ... }:

let
narCache = "/var/cache/hydra/nar-cache";
in

{
services.hydra-dev.enable = true;
services.hydra-dev.logo = ./ngi-logo.svg;
@@ -11,9 +15,12 @@
''
max_servers 15
#store_uri = s3://nix-cache?secret-key=/var/lib/hydra/queue-runner/keys/cache.nixos.org-1/secret&write-nar-listing=1&ls-compression=br&log-compression=br
#server_store_uri = https://cache.nixos.org?local-nar-cache=$ {narCache}
#binary_cache_public_uri = https://cache.nixos.org
enable_google_login = 1
google_client_id = 816926039128-splu8iepg00ntgp9ngm6ic6fu8uenuir.apps.googleusercontent.com
store_uri = s3://ngi0-cache?secret-key=/var/lib/hydra/queue-runner/keys/cache.ngi0.nixos.org-1/secret&write-nar-listing=1&ls-compression=br&log-compression=br&region=eu-west-1
server_store_uri = https://cache.ngi0.nixos.org?local-nar-cache=${narCache}
binary_cache_public_uri = https://cache.ngi0.nixos.org
<Plugin::Session>
cache_size = 32m
@@ -28,9 +35,9 @@
#upload_logs_to_binary_cache = true
# FIXME: Cloudfront messes up CORS
#log_prefix = https://cache.nixos.org/
#log_prefix = https://cache.ngi0.nixos.org/
#log_prefix = https://nix-cache.s3.amazonaws.com/
log_prefix = https://ngi0-cache.s3.eu-west-1.amazonaws.com/
evaluator_workers = 4
evaluator_max_memory_size = 4096
97 changes: 97 additions & 0 deletions ngi0/terraform/cache.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
resource "aws_s3_bucket" "cache" {
provider = aws
bucket = "ngi0-cache"

lifecycle_rule {
enabled = true

transition {
days = 365
storage_class = "STANDARD_IA"
}
}

cors_rule {
allowed_headers = ["Authorization"]
allowed_methods = ["GET"]
allowed_origins = ["*"]
max_age_seconds = 3000
}
}

resource "aws_s3_bucket_policy" "cache" {
provider = aws
bucket = aws_s3_bucket.cache.id
policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${aws_s3_bucket.cache.id}/*"
}
]
}
EOF
}

resource "aws_cloudfront_distribution" "cache" {
enabled = true
is_ipv6_enabled = true
price_class = "PriceClass_All"
aliases = ["cache.ngi0.nixos.org"]

origin {
origin_id = "S3-nix-cache"
domain_name = aws_s3_bucket.cache.bucket_domain_name

#s3_origin_config {
# origin_access_identity = "origin-access-identity/cloudfront/E11I84008FX6W9"
#}
}

default_cache_behavior {
allowed_methods = ["HEAD", "GET"]
cached_methods = ["HEAD", "GET"]
target_origin_id = "S3-nix-cache"
viewer_protocol_policy = "allow-all"
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000

forwarded_values {
query_string = false

cookies {
forward = "none"
}
}
}

viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = aws_acm_certificate.cache.arn
ssl_support_method = "sni-only"
}

restrictions {
geo_restriction {
restriction_type = "none"
}
}
}

resource "aws_acm_certificate" "cache" {
provider = aws.us
domain_name = "cache.ngi0.nixos.org"
validation_method = "DNS"

lifecycle {
create_before_destroy = true
}
}
27 changes: 27 additions & 0 deletions ngi0/terraform/hydra-user.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
resource "aws_iam_user" "hydra" {
provider = aws
name = "hydra"
}

resource "aws_iam_access_key" "hydra" {
user = aws_iam_user.hydra.name
}

resource "aws_iam_user_policy" "hydra" {
name = "test"
user = aws_iam_user.hydra.name

policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1590080325117",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
8 changes: 8 additions & 0 deletions ngi0/terraform/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
provider "aws" {
region = "eu-west-1"
}

provider "aws" {
alias = "us"
region = "us-east-1"
}