hosts/VEGAS: remove hydra service

2022-10-23 21:35:56 +02:00 · 2022-10-23 21:35:56 +02:00 · 9aa68e4b16
commit 9aa68e4b16
parent 5bfa65a0b9
2 changed files with 0 additions and 100 deletions
--- a/hosts/VEGAS/services/hydra/default.nix
+++ b/hosts/VEGAS/services/hydra/default.nix
@ -1,99 +0,0 @@
-{ cluster, config, inputs, lib, pkgs, tools, ... }:
-let
-  inherit (tools.meta) domain;
-  patroni = cluster.config.links.patroni-pg-access;
-in
-{
-  age.secrets = {
-    hydraS3 = {
-      file = ../../../../secrets/hydra-s3.age;
-      group = "hydra";
-      mode = "0440";
-    };
-    hydra-bincache-key = {
-      file = ../../../../secrets/hydra-bincache.age;
-      group = "hydra";
-      mode = "0440";
-    };
-    hydra-builder-key = {
-      file = ../../../../secrets/hydra-builder-key.age;
-      group = "hydra";
-      mode = "0440";
-    };
-  } // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
-  (lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
-    (x:
-      {
-        file = ../../../../secrets/hydra-db-credentials.age;
-        group = "hydra";
-        owner = x;
-        mode = "0400";
-      }
-    )
-  );
-
-  links.hydra.protocol = "http";
-
-  services.nginx.appendHttpConfig = ''
-    limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m;
-  '';
-  
-  services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy config.links.hydra.url) {
-    locations."/api/push" = {
-      proxyPass = config.links.hydra.url;
-      extraConfig = ''
-        auth_request off;
-        proxy_method PUT;
-        limit_req zone=hydra_api_push_limiter burst=3 nodelay;
-        limit_req_status 429;
-      '';
-    };
-  };
-
-  services.oauth2_proxy.nginx.virtualHosts = [ "hydra.${domain}" ];
-
-  services.hydra = {
-    enable = true;
-    package = inputs.self.packages.${pkgs.system}.hydra;
-    hydraURL = "https://hydra.${domain}";
-    dbi = "dbi:Pg:dbname=hydra;host=${patroni.ipv4};port=${patroni.portStr};user=hydra;";
-    inherit (config.links.hydra) port;
-    notificationSender = "hydra@${domain}";
-    buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
-    useSubstitutes = true;
-    extraConfig = ''
-      store_uri = s3://nix-store?scheme=https&endpoint=object-storage.${domain}&secret-key=${config.age.secrets.hydra-bincache-key.path}
-      server_store_uri = https://cache.${domain}
-    '';
-    extraEnv = {
-      AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path;
-      PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path;
-    };
-  };
-
-  # override weird hydra module stuff
-
-  systemd.services = { 
-    hydra-send-stats = lib.mkForce {};
-  } // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ]
-  (x: let
-      name = if x == "hydra-server" then "hydra-www" else
-             if x == "hydra-notify" then "hydra-queue-runner" else x;
-    in {
-      environment = {
-        PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path;
-      };
-    }
-  );
-
-  nix.extraOptions = lib.mkForce ''
-    allowed-uris = https://git.${domain} https://github.com https://git.sr.ht
-    keep-outputs = true
-    keep-derivations = true
-  '';
-
-  programs.ssh.knownHosts.git = {
-    hostNames = [ "git.${domain}" ];
-    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
-  };
-}
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@ -21,7 +21,6 @@
      ./services/bitwarden
      ./services/fbi
      ./services/gitlab
-      ./services/hydra
      ./services/jokes
      ./services/nextcloud
      ./services/nfs