machine_setup/nix/configuration/roles/hydra/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

let
  # patchScriptBin =
  #   {
  #     filename,
  #     contents,
  #     path ? [ ],
  #   }:
  #   ((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
  #     buildInputs = [ pkgs.makeWrapper ];
  #     buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}";
  #   }));
  nix_builder = pkgs.rustPlatform.buildRustPackage rec {
    pname = "nix_builder";
    version = "0.0.0";

    src = pkgs.fetchgit {
      url = "https://code.fizz.buzz/talexander/nix_builder.git";
      # tag = version;
      rev = "d0fc2331e7aadc8bdd98836b466172ac37628e7d";
      hash = "sha256-V1DU9U4+k96KfGV9BTxKYjxLzV6tWvQPM+a+5NU94G8=";
      leaveDotGit = false;
    };

    cargoLock = {
      lockFile = "${src}/Cargo.lock";
    };

    meta = with lib; {
      description = "A builder of nix configs for a build server.";
      homepage = "https://code.fizz.buzz/talexander/nix_builder";
      license = licenses.bsd0;
      maintainers = [ ];
    };

    nativeBuildInputs = [ pkgs.makeWrapper ];

    postInstall = ''
      wrapProgram $out/bin/nix-builder --prefix PATH : ${
        lib.makeBinPath [
          pkgs.git
          pkgs.nix
          pkgs.nixos-rebuild
        ]
      }
    '';
  };
in
{
  imports = [ ];

  options.me = {
    hydra.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install hydra.";
    };
  };

  config = lib.mkIf config.me.hydra.enable {
    environment.systemPackages = with pkgs; [
      nix_builder
      sqlite # For manually inspecting the database.
    ];

    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
      hideMounts = true;
      users.nixworker = {
        directories = [
          {
            directory = "persist";
            user = "nixworker";
            group = "nixworker";
            mode = "0700";
          }
        ];
      };
    };

    # Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
    fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = {
      device = "tmpfs";
      fsType = "tmpfs";
      options = [
        "size=40G" # adjust for your situation and needs
        "mode=700"
        "uid=11400"
        "gid=11400"
      ];
    };

    systemd.timers."build-cache" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "*-*-* 03:00:00 America/New_York";
        Unit = "build-cache.service";
      };
    };

    systemd.services."build-cache" = {
      script = ''
        set -euo pipefail
        IFS=$'\n\t'
        DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"

        NIX_REMOTE='local?root=/home/nixworker/persist/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update
      '';
      restartIfChanged = false;
      serviceConfig = {
        Type = "simple";
        User = "nixworker";
        # restartIfChanged = false;
        # RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
        LimitNOFILE = 8192;
      };
    };

    # TODO: This should move into nix-builder so we can only run clean when builds are passing. Otherwise partial builds will lose progress.
    # TODO: In nix-builder maybe include setting to auto delete to make room during builds if we run out of space, just in case builds are failing for a long time and prevent cleanup from running.
    systemd.timers."clean-cache" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "*-*-01 02:00:00 America/New_York";
        Unit = "clean-cache.service";
      };
    };

    systemd.services."clean-cache" = {
      script = ''
        set -euo pipefail
        IFS=$'\n\t'
        DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"

        NIX_REMOTE='local?root=/home/nixworker/persist/root' nix-collect-garbage -d
      '';
      path = with pkgs; [
        pkgs.nix
      ];
      restartIfChanged = false;
      serviceConfig = {
        Type = "simple";
        User = "nixworker";
        # restartIfChanged = false;
        # RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
        LimitNOFILE = 8192;
      };
    };
  };
}
Start a hydra role. 2025-03-28 17:26:50 -04:00			`{`
			`config,`
			`lib,`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`pkgs,`
Start a hydra role. 2025-03-28 17:26:50 -04:00			`...`
			`}:`

Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`let`
Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			`# patchScriptBin =`
			`# {`
			`# filename,`
			`# contents,`
			`# path ? [ ],`
			`# }:`
			`# ((pkgs.writeScriptBin filename contents).overrideAttrs (old: {`
			`# buildInputs = [ pkgs.makeWrapper ];`
			`# buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}";`
			`# }));`
			`nix_builder = pkgs.rustPlatform.buildRustPackage rec {`
			`pname = "nix_builder";`
			`version = "0.0.0";`

			`src = pkgs.fetchgit {`
			`url = "https://code.fizz.buzz/talexander/nix_builder.git";`
			`# tag = version;`
			`rev = "d0fc2331e7aadc8bdd98836b466172ac37628e7d";`
			`hash = "sha256-V1DU9U4+k96KfGV9BTxKYjxLzV6tWvQPM+a+5NU94G8=";`
			`leaveDotGit = false;`
			`};`

			`cargoLock = {`
			`lockFile = "${src}/Cargo.lock";`
			`};`

			`meta = with lib; {`
			`description = "A builder of nix configs for a build server.";`
			`homepage = "https://code.fizz.buzz/talexander/nix_builder";`
			`license = licenses.bsd0;`
			`maintainers = [ ];`
			`};`

			`nativeBuildInputs = [ pkgs.makeWrapper ];`

			`postInstall = ''`
			`wrapProgram $out/bin/nix-builder --prefix PATH : ${`
			`lib.makeBinPath [`
			`pkgs.git`
			`pkgs.nix`
			`pkgs.nixos-rebuild`
			`]`
			`}`
			`'';`
			`};`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`in`
Start a hydra role. 2025-03-28 17:26:50 -04:00			`{`
			`imports = [ ];`

			`options.me = {`
			`hydra.enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`example = true;`
			`description = "Whether we want to install hydra.";`
			`};`
			`};`

Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-11 00:08:02 -04:00			`config = lib.mkIf config.me.hydra.enable {`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`environment.systemPackages = with pkgs; [`
Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			`nix_builder`
			`sqlite # For manually inspecting the database.`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`];`

			`environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {`
			`hideMounts = true;`
			`users.nixworker = {`
			`directories = [`
			`{`
			`directory = "persist";`
			`user = "nixworker";`
			`group = "nixworker";`
			`mode = "0700";`
			`}`
			`];`
			`};`
			`};`

			`# Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.`
			`fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = {`
			`device = "tmpfs";`
			`fsType = "tmpfs";`
			`options = [`
			`"size=40G" # adjust for your situation and needs`
			`"mode=700"`
			`"uid=11400"`
			`"gid=11400"`
			`];`
Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-11 00:08:02 -04:00			`};`
Start a hydra role. 2025-03-28 17:26:50 -04:00
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`systemd.timers."build-cache" = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			`OnCalendar = "--* 03:00:00 America/New_York";`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`Unit = "build-cache.service";`
			`};`
			`};`

			`systemd.services."build-cache" = {`
			`script = ''`
			`set -euo pipefail`
			`IFS=$'\n\t'`
			`DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"`

Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			NIX_REMOTE='local?root=/home/nixworker/persist/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update
			`'';`
			`restartIfChanged = false;`
			`serviceConfig = {`
			`Type = "simple";`
			`User = "nixworker";`
			`# restartIfChanged = false;`
			`# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431`
			`LimitNOFILE = 8192;`
			`};`
			`};`

			`# TODO: This should move into nix-builder so we can only run clean when builds are passing. Otherwise partial builds will lose progress.`
			`# TODO: In nix-builder maybe include setting to auto delete to make room during builds if we run out of space, just in case builds are failing for a long time and prevent cleanup from running.`
			`systemd.timers."clean-cache" = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnCalendar = "--01 02:00:00 America/New_York";`
			`Unit = "clean-cache.service";`
			`};`
			`};`

			`systemd.services."clean-cache" = {`
			`script = ''`
			`set -euo pipefail`
			`IFS=$'\n\t'`
			`DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"`

			`NIX_REMOTE='local?root=/home/nixworker/persist/root' nix-collect-garbage -d`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`'';`
Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			`path = with pkgs; [`
			`pkgs.nix`
			`];`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`restartIfChanged = false;`
			`serviceConfig = {`
			`Type = "simple";`
			`User = "nixworker";`
Use rust nix-builder instead of bash script. 2026-02-21 14:43:38 -05:00			`# restartIfChanged = false;`
			`# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431`
Set up hydra as a remote build machine. 2026-01-11 16:38:56 -05:00			`LimitNOFILE = 8192;`
			`};`
			`};`
Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-11 00:08:02 -04:00			`};`
Start a hydra role. 2025-03-28 17:26:50 -04:00			`}`