Compare commits
4 Commits
74bfc361e1
...
898e81abc3
Author | SHA1 | Date |
---|---|---|
Sebastien Bourdeauducq | 898e81abc3 | |
Sebastien Bourdeauducq | 8d77380ff3 | |
Sebastien Bourdeauducq | ff6d082fc3 | |
Sebastien Bourdeauducq | 8f051e300f |
|
@ -4,12 +4,14 @@
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
hydraWwwOutputs = "/var/www/hydra-outputs";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./homu/nixos-module.nix
|
./homu/nixos-module.nix
|
||||||
./hydra-www-outputs.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
@ -137,20 +139,25 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
''
|
''
|
||||||
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
|
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||||
max_output_size = 5500000000
|
max_output_size = 5500000000
|
||||||
|
|
||||||
|
<runcommand>
|
||||||
|
job = artiq:main:artiq-manual-html
|
||||||
|
command = ln -sf $(jq -r '.outputs[0].path' < $HYDRA_JSON) ${hydraWwwOutputs}/artiq-manual-html-beta
|
||||||
|
</runcommand>
|
||||||
|
<runcommand>
|
||||||
|
job = artiq:main:artiq-manual-latexpdf
|
||||||
|
command = ln -sf $(jq -r '.outputs[0].path' < $HYDRA_JSON) ${hydraWwwOutputs}/artiq-manual-latexpdf-beta
|
||||||
|
</runcommand>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.hydraWwwOutputs = {
|
systemd.services.hydra-www-outputs-init = {
|
||||||
"m-labs.hk" = {
|
description = "Set up a hydra-owned directory for build outputs";
|
||||||
"artiq-manual-beta-html" = {
|
wantedBy = [ "multi-user.target" ];
|
||||||
job = "artiq:main:artiq-manual-html";
|
requiredBy = [ "hydra-queue-runner.service" ];
|
||||||
httpPath = "/artiq/manual-beta";
|
before = [ "hydra-queue-runner.service" ];
|
||||||
outputPath = "share/doc/artiq-manual/html";
|
serviceConfig = {
|
||||||
};
|
Type = "oneshot";
|
||||||
"artiq-manual-beta-latexpdf" = {
|
ExecStart = [ "${pkgs.coreutils}/bin/mkdir -p ${hydraWwwOutputs}" "${pkgs.coreutils}/bin/chown hydra-queue-runner:hydra ${hydraWwwOutputs}" ];
|
||||||
job = "artiq:main:artiq-manual-latexpdf";
|
|
||||||
httpPath = "/artiq/manual-beta.pdf";
|
|
||||||
outputPath = "share/doc/artiq-manual/ARTIQ.pdf";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -209,6 +216,12 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
"chat.m-labs.hk" = null;
|
"chat.m-labs.hk" = null;
|
||||||
"hooks.m-labs.hk" = null;
|
"hooks.m-labs.hk" = null;
|
||||||
"forum.m-labs.hk" = null;
|
"forum.m-labs.hk" = null;
|
||||||
|
|
||||||
|
"fractalide.org" = null;
|
||||||
|
"www.fractalide.org" = null;
|
||||||
|
"hydra.fractalide.org" = null;
|
||||||
|
"git.fractalide.org" = null;
|
||||||
|
"luceo.fractalide.org" = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -223,6 +236,22 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
locations."/gateware.html".extraConfig = ''
|
locations."/gateware.html".extraConfig = ''
|
||||||
return 301 /migen/;
|
return 301 /migen/;
|
||||||
'';
|
'';
|
||||||
|
locations."/artiq/manual-beta" = {
|
||||||
|
alias = "${hydraWwwOutputs}/artiq-manual-html-beta/share/doc/artiq-manual/html";
|
||||||
|
extraConfig = ''
|
||||||
|
etag off;
|
||||||
|
if_modified_since off;
|
||||||
|
add_header last-modified "";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
locations."/artiq/manual-beta.pdf" = {
|
||||||
|
alias = "${hydraWwwOutputs}/artiq-manual-latexpdf-beta/share/doc/artiq-manual/ARTIQ.pdf";
|
||||||
|
extraConfig = ''
|
||||||
|
etag off;
|
||||||
|
if_modified_since off;
|
||||||
|
add_header last-modified "";
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"www.m-labs.hk" = {
|
"www.m-labs.hk" = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
|
@ -275,6 +304,30 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
include /var/www/flarum/.nginx.conf;
|
include /var/www/flarum/.nginx.conf;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"fractalide.org" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "nixbld.m-labs.hk";
|
||||||
|
};
|
||||||
|
"www.fractalide.org" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "nixbld.m-labs.hk";
|
||||||
|
};
|
||||||
|
"hydra.fractalide.org" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "nixbld.m-labs.hk";
|
||||||
|
locations."/".proxyPass = "http://192.168.1.204:3000";
|
||||||
|
};
|
||||||
|
"git.fractalide.org" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "nixbld.m-labs.hk";
|
||||||
|
locations."/".proxyPass = "http://192.168.1.204:3002";
|
||||||
|
};
|
||||||
|
"luceo.fractalide.org" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "nixbld.m-labs.hk";
|
||||||
|
locations."/".proxyPass = "http://192.168.1.204:3001";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.uwsgi = {
|
services.uwsgi = {
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Argument 1:
|
|
||||||
CONF=$1
|
|
||||||
# Argument 2: HTTP location
|
|
||||||
LOCATION=$2
|
|
||||||
# Argument 3: HTTP alias target within the derivation output
|
|
||||||
HTTP_PATH=$3
|
|
||||||
# Get path of first output
|
|
||||||
OUTPUT=$(jq -r '.outputs[0].path' < $HYDRA_JSON)
|
|
||||||
HASH=${OUTPUT:11:32}
|
|
||||||
ROOT="$OUTPUT/$HTTP_PATH"
|
|
||||||
|
|
||||||
cat > $CONF <<EOF
|
|
||||||
location $LOCATION {
|
|
||||||
alias $ROOT;
|
|
||||||
|
|
||||||
# Do not generate Etags from /nix/store's 1970 timestamps.
|
|
||||||
etag off;
|
|
||||||
add_header etag "\"$HASH\"";
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
/run/wrappers/bin/sudo systemctl reload nginx
|
|
|
@ -1,94 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
hookPkg =
|
|
||||||
{ stdenv, makeWrapper, bash, coreutils, jq }:
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "hydra-www-hook";
|
|
||||||
src = ./.;
|
|
||||||
buildInputs = [ makeWrapper ];
|
|
||||||
propagatedBuildInputs = [ bash coreutils jq ];
|
|
||||||
phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin/
|
|
||||||
cp hydra-www-hook.sh $out/bin/
|
|
||||||
wrapProgram $out/bin/hydra-www-hook.sh \
|
|
||||||
--prefix PATH : ${makeBinPath propagatedBuildInputs}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
hook = pkgs.callPackage hookPkg {};
|
|
||||||
|
|
||||||
hydraWwwOutputs = "/var/www/hydra-outputs";
|
|
||||||
cfg = config.services.hydraWwwOutputs;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.hydraWwwOutputs = mkOption {
|
|
||||||
type = with types; attrsOf (attrsOf (submodule {
|
|
||||||
options = {
|
|
||||||
job = mkOption {
|
|
||||||
type = string;
|
|
||||||
};
|
|
||||||
httpPath = mkOption {
|
|
||||||
type = string;
|
|
||||||
};
|
|
||||||
outputPath = mkOption {
|
|
||||||
type = string;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
};
|
|
||||||
|
|
||||||
config.services.hydra = {
|
|
||||||
extraConfig = builtins.concatStringsSep "\n"
|
|
||||||
(builtins.concatMap (vhost:
|
|
||||||
builtins.attrValues (
|
|
||||||
builtins.mapAttrs (name: cfg: ''
|
|
||||||
<runcommand>
|
|
||||||
job = ${cfg.job}
|
|
||||||
command = ${hook}/bin/hydra-www-hook.sh ${hydraWwwOutputs}/${name}.conf ${cfg.httpPath} ${cfg.outputPath}
|
|
||||||
</runcommand>
|
|
||||||
'') cfg.${vhost}
|
|
||||||
)) (builtins.attrNames cfg)
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
config.systemd.services.hydra-www-outputs-init = {
|
|
||||||
description = "Set up a hydra-owned directory for build outputs";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
requiredBy = [ "hydra-queue-runner.service" ];
|
|
||||||
before = [ "hydra-queue-runner.service" "nginx.service" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = [
|
|
||||||
"${pkgs.coreutils}/bin/mkdir -p ${hydraWwwOutputs}"
|
|
||||||
] ++
|
|
||||||
(builtins.concatMap (vhost:
|
|
||||||
map (name:
|
|
||||||
"${pkgs.coreutils}/bin/touch ${hydraWwwOutputs}/${name}.conf"
|
|
||||||
) (builtins.attrNames cfg.${vhost})
|
|
||||||
) (builtins.attrNames cfg)) ++ [
|
|
||||||
"${pkgs.coreutils}/bin/chown -R hydra-queue-runner:hydra ${hydraWwwOutputs}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow the hook to reload nginx
|
|
||||||
config.security.sudo.extraRules = [ {
|
|
||||||
users = [ "hydra-queue-runner" ];
|
|
||||||
commands = [ {
|
|
||||||
command = "${config.systemd.package}/bin/systemctl reload nginx";
|
|
||||||
options = [ "NOPASSWD" ];
|
|
||||||
} ];
|
|
||||||
} ];
|
|
||||||
|
|
||||||
config.services.nginx = {
|
|
||||||
virtualHosts = builtins.mapAttrs (vhost: cfg': {
|
|
||||||
extraConfig = builtins.concatStringsSep "\n" (
|
|
||||||
map (name:
|
|
||||||
"include ${hydraWwwOutputs}/${name}.conf;"
|
|
||||||
) (builtins.attrNames cfg')
|
|
||||||
);
|
|
||||||
}) cfg;
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue