Set up hydra as a remote build machine.

2026-01-11 16:38:56 -05:00
parent 24e03ed8f7
commit 776ed67675
11 changed files with 268 additions and 49 deletions
--- a/nix/configuration/roles/hydra/default.nix
+++ b/nix/configuration/roles/hydra/default.nix
@@ -1,9 +1,35 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:

+let
+  patchScriptBin =
+    {
+      filename,
+      contents,
+      path ? [ ],
+    }:
+    ((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
+      buildInputs = [ pkgs.makeWrapper ];
+      buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}";
+    }));
+  build_odo = (
+    patchScriptBin {
+      filename = "build_odo";
+      contents = (builtins.readFile ./files/build_odo.bash);
+      path = with pkgs; [
+        bash
+        git
+        nix
+        nix-output-monitor
+        nixos-rebuild
+      ];
+    }
+  );
+in
 {
  imports = [ ];

@@ -17,28 +43,59 @@
  };

  config = lib.mkIf config.me.hydra.enable {
-    services.hydra = {
-      enable = true;
-      hydraURL = "http://localhost:3000"; # Externally visible URL
-      notificationSender = "hydra@localhost"; # "From" address for hydra emails.
-      # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
-      buildMachinesFiles = [ ];
-      useSubstitutes = true;
+    environment.systemPackages = with pkgs; [
+      build_odo
+    ];
+
+    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+      hideMounts = true;
+      users.nixworker = {
+        directories = [
+          {
+            directory = "persist";
+            user = "nixworker";
+            group = "nixworker";
+            mode = "0700";
+          }
+        ];
+      };
    };

-    # nix.buildMachines = [
-    #   {
-    #     hostName = "localhost";
-    #     protocol = null;
-    #     system = "x86_64-linux";
-    #     supportedFeatures = [
-    #       "kvm"
-    #       "nixos-test"
-    #       "big-parallel"
-    #       "benchmark"
-    #     ];
-    #     maxJobs = 8;
-    #   }
-    # ];
+    # Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
+    fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = [
+        "size=40G" # adjust for your situation and needs
+        "mode=700"
+        "uid=11400"
+        "gid=11400"
+      ];
+    };
+
+    systemd.timers."build-cache" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "Mon *-*-* 02:00:00 America/New_York";
+        Unit = "build-cache.service";
+      };
+    };
+
+    systemd.services."build-cache" = {
+      script = ''
+        set -euo pipefail
+        IFS=$'\n\t'
+        DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
+
+        ${build_odo}/bin/build_odo
+      '';
+      restartIfChanged = false;
+      serviceConfig = {
+        Type = "simple";
+        User = "nixworker";
+        RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
+        LimitNOFILE = 8192;
+      };
+    };
  };
 }