[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: hydra: milano-guix-1: Update config.
|
From: |
Christopher Baines |
|
Subject: |
02/02: hydra: milano-guix-1: Update config. |
|
Date: |
Fri, 23 Apr 2021 16:05:59 -0400 (EDT) |
cbaines pushed a commit to branch master
in repository maintenance.
commit a5b660f61846cb4f9d01d96877a318755b851b6f
Author: Christopher Baines <mail@cbaines.net>
AuthorDate: Fri Apr 23 21:01:36 2021 +0100
hydra: milano-guix-1: Update config.
This commit adapts milano-guix-1 to build things for the Guix Build
Coordinator instance running on bayfront, and removes the reminants of
the configuration related to running data.guix.gnu.org (since it's
hosted elsewhere now).
* hydra/milano-guix-1.scm (gc-job): Garbage collect 500G since 50G is
not much free space for performing builds.
(%nginx-configuration): Remove variable.
(operating-system)[packages]: Remove comment.
[services]: Comment out qemu-binfmt-service-type as it's currently
unused, remove PostgreSQL, add the Prometheus node exporter, add the
Guix Build Coordinator agent and adjust the Guix service to allow for
substitutes from both bayfront and data.guix.gnu.org.
---
hydra/milano-guix-1.scm | 151 +++++++++++++++---------------------------------
1 file changed, 45 insertions(+), 106 deletions(-)
diff --git a/hydra/milano-guix-1.scm b/hydra/milano-guix-1.scm
index 0c183e8..009355d 100644
--- a/hydra/milano-guix-1.scm
+++ b/hydra/milano-guix-1.scm
@@ -10,7 +10,7 @@
(use-modules (gnu)
(guix gexp))
(use-service-modules databases getmail guix networking mcron ssh
- virtualization web)
+ virtualization web monitoring)
(use-package-modules certs screen tmux ssh linux)
;; The following definition are **almost** copied from dover.scm: a
@@ -51,7 +51,7 @@
(define gc-job
;; Run 'guix gc' at 3AM every day.
- #~(job '(next-hour '(3)) "guix gc -F 50G"))
+ #~(job '(next-hour '(3)) "guix gc -F 500G"))
(define btrfs-job
;; Run 'btrfs balance' every three days to make free space.
@@ -60,65 +60,6 @@
(string-append #$btrfs-progs "/bin/btrfs balance "
"start -dusage=50 /")))
-(define %nginx-configuration
- (nginx-configuration
- (server-names-hash-bucket-size 64)
- (extra-content
- "
- proxy_cache_path /var/cache/nginx/guix-data-service
- levels=2
- inactive=2d
- keys_zone=guix-data-service:4m # ~32K keys
- max_size=1g
- use_temp_path=off;")
- (upstream-blocks
- (list
- (nginx-upstream-configuration
- (name "guix-data-service-proxy")
- (servers '("localhost:8765")))))
- (server-blocks
- (list
- (nginx-server-configuration
- (server-name '("_"))
- (listen '("80"))
- (locations
- (list
- (nginx-location-configuration
- (uri "/")
- (body '("return 404;"))))))
- (nginx-server-configuration
- (server-name '("data.guix.gnu.org"))
- (listen '("80"))
- (locations
- (list
- (nginx-location-configuration
- (uri "/")
- (body '("proxy_pass http://guix-data-service-proxy;";
- "proxy_set_header Host $host;"
- "proxy_set_header X-Forwarded-For $remote_addr;"
-
- "proxy_cache guix-data-service;"
- "proxy_cache_revalidate on;"
- "proxy_cache_min_uses 3;"
- "proxy_cache_use_stale error timeout updating http_500
http_502 http_503 http_504;"
- "proxy_cache_background_update on;"
- "proxy_cache_lock on;"
- "add_header X-Cache-Status $upstream_cache_status;"
-
- "gzip on;"
- "gzip_types text/html application/json;"
- "gzip_proxied any;")))
- (nginx-location-configuration
- (uri "/dumps")
- (body '("root /var/lib/guix-data-service;"
- "autoindex on;")))
- (nginx-location-configuration
- (uri "^~ /.well-known/acme-challenge/")
- (body '("root /srv/http/data.guix.gnu.org;")))
- (nginx-location-configuration
- (uri "= /.well-known/acme-challenge/")
- (body '("return 404;"))))))))))
-
;; The actual machine
(operating-system
@@ -153,8 +94,7 @@
(users (append %accounts %base-user-accounts))
(packages (cons* btrfs-progs screen tmux openssh strace
- nss-certs ; Needed for the Guix Data Service
- %base-packages))
+ nss-certs %base-packages))
;; Services
(services
@@ -164,7 +104,7 @@
(service openssh-service-type
(openssh-configuration
(port-number 22)
- (extra-content "ListenAddress 0.0.0.0")
+ (extra-content "ListenAddress 0.0.0.0")
(authorized-keys
`(("degrees380" ,(local-file "keys/ssh/degrees380.pub"))
("bayfront" ,(local-file "keys/ssh/bayfront.pub"))
@@ -176,50 +116,49 @@
(service ntp-service-type)
- (service qemu-binfmt-service-type
- (qemu-binfmt-configuration
- (platforms (lookup-qemu-platforms "arm" "aarch64"))
- (guix-support? #t)))
-
- (service postgresql-service-type
- (postgresql-configuration
- (config-file
- (postgresql-config-file
- (hba-file
- (plain-file "pg_hba.conf"
- "
-local all all trust
-host all all 127.0.0.1/32 md5
-host all all ::1/128 md5
-"))
- (extra-config
- '(("work_mem" "'500MB'")))))))
-
- ;; (service guix-data-service-type
- ;; (guix-data-service-configuration
- ;; (getmail-idle-mailboxes '("Commits"))
- ;; (commits-getmail-retriever-configuration
- ;; (getmail-retriever-configuration
- ;; (type "SimpleIMAPSSLRetriever")
- ;; (server "imap.cbaines.net")
- ;; (port 993)
- ;; (username "patchwork")
- ;; (password-command
- ;; (list (file-append coreutils "/bin/cat")
- ;;
"/etc/guix-data-service-commits-imap-password"))
- ;; (extra-parameters
- ;; '((mailboxes . ("Commits"))))))))
-
- ;; (service nginx-service-type %nginx-configuration)
+ (service prometheus-node-exporter-service-type)
+
+ ;; (service qemu-binfmt-service-type
+ ;; (qemu-binfmt-configuration
+ ;; (platforms (lookup-qemu-platforms "arm" "aarch64"))))
(service mcron-service-type
(mcron-configuration
- (jobs (list gc-job btrfs-job)))))
+ (jobs (list gc-job btrfs-job))))
+
+ (service guix-build-coordinator-agent-service-type
+ (guix-build-coordinator-agent-configuration
+ (coordinator "https://coordinator.bayfront.guix.gnu.org";)
+ (authentication
+ (guix-build-coordinator-agent-password-file-auth
+ (uuid "b57898c3-7187-4c56-9d3c-4e68b954b79a")
+ (password-file
+ "/etc/guix-build-coordinator-agent-password")))
+ (max-parallel-builds 8)
+ (max-1min-load-average 24)
+ (systems '("x86_64-linux" "i686-linux"))
+ (derivation-substitute-urls
+ (list "https://data.guix.gnu.org";))
+ (non-derivation-substitute-urls
+ (list "https://bayfront.guix.gnu.org";)))))
(modify-services %base-services
- (guix-service-type config =>
- (guix-configuration
- (inherit config)
- (use-substitutes? #f)
- (authorized-keys
- %authorized-guix-keys)))))))
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (substitute-urls
+ '("https://bayfront.guix.gnu.org";))
+ (authorized-keys
+ (cons*
+ (local-file
"keys/guix/bayfront.guix.info-export.pub")
+ ;; for substituting derivations
+ (plain-file
+ "data.guix.gnu.org.pub"
+ "
+(public-key
+ (ecc
+ (curve Ed25519)
+ (q #1EEE5340C3AAD6E062A1395A88A86FC75982E8BC7DCBAE171858EEAAB14AAB77#)
+ )
+ )")
+ %authorized-guix-keys))))))))