oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/hydra: remove

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-09 15:30:17 +02:00
parent 37a43a2bd9
commit 358a668aa7
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
5 changed files with 0 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
home/programs/browser/bookmarks.nix
View File

@ -99,7 +99,6 @@ in [
(link "WWW" "https://www.nani.wtf/") (link "WWW" "https://www.nani.wtf/")
(link "MAdmin" "https://madmin.nani.wtf") (link "MAdmin" "https://madmin.nani.wtf")
(link "Git" "https://git.nani.wtf/explore/repos/") (link "Git" "https://git.nani.wtf/explore/repos/")
(link "Hydra" "https://hydra.nani.wtf/")
(link "Docs" "https://docs.nani.wtf/") (link "Docs" "https://docs.nani.wtf/")
(link "Grafana" "https://log.nani.wtf/") (link "Grafana" "https://log.nani.wtf/")
]) ])

1
hosts/tsuki/configuration.nix
View File

@ -12,7 +12,6 @@
./services/grafana ./services/grafana
./services/headscale.nix ./services/headscale.nix
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/hydra.nix
./services/invidious.nix ./services/invidious.nix
./services/jupyter.nix ./services/jupyter.nix
./services/kanidm.nix ./services/kanidm.nix

78
hosts/tsuki/services/hydra.nix
View File

@ -1,78 +0,0 @@
{ pkgs, unstable-pkgs, secrets, ... }:
{
# Follow instructions for setup:
# https://gist.github.com/joepie91/c26f01a787af87a96f967219234a8723
services.hydra = {
enable = true;
hydraURL = "https://hydra.nani.wtf";
listenHost = "localhost";
notificationSender = "hydra@nani.wtf";
useSubstitutes = true;
package = unstable-pkgs.hydra_unstable;
buildMachinesFiles = [];
dbi = "dbi:Pg:dbname=hydra;host=/var/run/postgresql;user=hydra;";
};
systemd.slices.system-hydra = {
description = "Nix Hydra slice";
requires = [
"system.slice"
"postgresql.service"
];
after = [ "system.slice" ];
};
systemd.services = {
hydra-evaluator.serviceConfig.Slice = "system-hydra.slice";
hydra-init.serviceConfig.Slice = "system-hydra.slice";
hydra-notify.serviceConfig.Slice = "system-hydra.slice";
hydra-queue-runner.serviceConfig.Slice = "system-hydra.slice";
hydra-send-stats.serviceConfig.Slice = "system-hydra.slice";
hydra-server.serviceConfig.Slice = "system-hydra.slice";
};
systemd.timers = {
hydra-check-space.timerConfig.Slice = "system-hydra.slice";
hydra-compress-logs.timerConfig.Slice = "system-hydra.slice";
hydra-update-gc-roots.timerConfig.Slice = "system-hydra.slice";
};
systemd.services.hydra-server.serviceConfig = {
Slice = "system-hydra.slice";
ReadOnlyPaths = [
"/nix/"
"/var/lib/hydra/scm/"
];
ReadWritePaths = [
"/nix/var/nix/gcroots/hydra/"
"/nix/var/nix/daemon-socket/socket"
];
LockPersonality = true;
# MemoryDenyWriteExecute = false;
NoNewPrivileges = true;
PermissionsStartOnly = true;
PrivateDevices = true;
PrivateMounts = true;
# PrivateNetwork=false
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
Restart = "always";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
# StateDirectory=hydra/www
# StateDirectoryMode=700
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
};
}

2
hosts/tsuki/services/nginx/default.nix
View File

@ -47,7 +47,6 @@
"grafana".servers."unix:/run/grafana/grafana.sock" = { }; "grafana".servers."unix:/run/grafana/grafana.sock" = { };
"headscale".servers."localhost:${s srv.headscale.port}" = { }; "headscale".servers."localhost:${s srv.headscale.port}" = { };
"hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { }; "hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { };
"hydra".servers."localhost:${s srv.hydra.port}" = { };
"idrac".servers."${ips.idrac}" = { }; "idrac".servers."${ips.idrac}" = { };
"invidious".servers."unix:${sa.invidious.newSocketAddress}" = { }; "invidious".servers."unix:${sa.invidious.newSocketAddress}" = { };
"jupyter".servers."unix:${sa.jupyter.newSocketAddress}" = { }; "jupyter".servers."unix:${sa.jupyter.newSocketAddress}" = { };
@ -152,7 +151,6 @@
(proxy ["bw"] "http://vaultwarden" {}) (proxy ["bw"] "http://vaultwarden" {})
(proxy ["docs"] "http://hedgedoc" {}) (proxy ["docs"] "http://hedgedoc" {})
(proxy ["git"] "http://gitea" {}) (proxy ["git"] "http://gitea" {})
(proxy ["hydra"] "http://hydra" {})
(proxy ["idrac"] "https://idrac" {}) (proxy ["idrac"] "https://idrac" {})
(proxy ["log"] "http://grafana" enableWebsockets) (proxy ["log"] "http://grafana" enableWebsockets)
(proxy ["map"] "http://dynmap" {}) (proxy ["map"] "http://dynmap" {})

1
hosts/tsuki/services/postgres.nix
View File

@ -6,7 +6,6 @@ in {
enableTCPIP = true; enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
local all all trust local all all trust
local hydra all ident map=hydra-users
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
host all all ::1/128 trust host all all ::1/128 trust
''; '';