grahamc/hydra2 - Change TTZ26BJQKIASUK7MT6KGQOIOOHEYWNV4UASO2ZQWGK4ADGK6SR6QC

Unify Hydra's NixOS module with the one used for hydra.nixos.org

In particular, the queue runner and web server now run under different UIDs.

Created by Eelco Dolstra on July 1, 2015

TTZ26BJQKIASUK7MT6KGQOIOOHEYWNV4UASO2ZQWGK4ADGK6SR6QC

Dependencies

In channels

main

Change contents

Insertion in hydra-module.nix at line 6 [12.1]
[12.46]
[12.46]

Replacement in hydra-module.nix at line 15 [12.1]

B:BD[13.40] → [13.40:129]

      HYDRA_CONFIG = "${baseDir}/data/hydra.conf";
      HYDRA_DATA = "${baseDir}/data";

[13.40]

[13.129]

      HYDRA_CONFIG = "${baseDir}/hydra.conf";
      HYDRA_DATA = "${baseDir}";

Replacement in hydra-module.nix at line 21 [12.1]

B:BD[14.204] → [14.204:267]

B:BD[14.267] → [15.0:55]

      OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
      GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";

[14.37]

[4.0]

      SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
      PGPASSFILE = "${baseDir}/pgpass";

Insertion in hydra-module.nix at line 27 [12.1]
[16.35]
[17.0]
```
      COLUMNS = "80";
```

Insertion in hydra-module.nix at line 29 [12.1]

[17.62]

[12.498]


  localDB = "dbi:Pg:dbname=hydra;user=hydra;";
  haveLocalDB = cfg.dbi == localDB;

Replacement in hydra-module.nix at line 52 [12.1]
∅:D[10.26] → [18.0:53]
B:BD[19.57] → [18.0:53]
```
        default = "dbi:Pg:dbname=hydra;user=hydra;";
```
[10.26]
[18.53]
```
        default = localDB;
```
Replacement in hydra-module.nix at line 92 [12.1]
∅:D[19.265] → [12.1637:1658]
B:BD[12.1637] → [12.1637:1658]
```
        default = 5;
```
[19.265]
[12.1658]
```
        default = 0;
```
Replacement in hydra-module.nix at line 100 [12.1]
∅:D[19.389] → [12.1845:1866]
B:BD[12.1845] → [12.1845:1866]
```
        default = 2;
```
[19.389]
[12.1866]
```
        default = 0;
```

Replacement in hydra-module.nix at line 125 [12.1]

B:BD[20.296] → [20.296:371]

          File name of an alternate logo to be displayed on the web pages.

[20.296]

[20.371]

          Path to a file containing the logo of your Hydra instance.

Replacement in hydra-module.nix at line 132 [12.1]

∅:D[19.603] → [21.154:219]

B:BD[21.154] → [21.154:219]

        description = "Whether to run the server in debug mode";

[19.603]

[14.615]

        description = "Whether to run the server in debug mode.";

Replacement in hydra-module.nix at line 137 [12.1]

B:BD[22.121] → [22.121:179]

        description = "Extra lines for the hydra config";

[22.121]

[22.179]

        description = "Extra lines for the Hydra configuration.";

Replacement in hydra-module.nix at line 143 [12.1]

B:BD[4.126] → [4.126:189]

        description = "Extra environment variables for Hydra";

[4.126]

[4.189]

        description = "Extra environment variables for Hydra.";

Insertion in hydra-module.nix at line 153 [12.1]

[12.2592]

[7.0]


    users.extraGroups.hydra = { };
    users.extraUsers.hydra =
      { description = "Hydra";
        group = "hydra";
        createHome = true;
        home = baseDir;
        useDefaultShell = true;
      };
    users.extraUsers.hydra-queue-runner =
      { description = "Hydra queue runner";
        group = "hydra";
        useDefaultShell = true;
      };

Insertion in hydra-module.nix at line 170 [12.1]

[7.1]

    users.extraUsers.hydra-www =
      { description = "Hydra web server";
        group = "hydra";
        useDefaultShell = true;
      };
    nix.trustedUsers = [ "hydra-queue-runner" ];

Deletion in hydra-module.nix at line 195 [12.1]
∅:D[13.197] → [23.191:251]
B:BD[12.2641] → [23.191:251]
B:BD[23.251] → [24.0:24]
∅:D[24.24] → [12.2750:2809]
B:BD[12.2750] → [12.2750:2809]
B:BD[12.2809] → [24.25:34]
∅:D[24.34] → [25.87:88]
B:BD[25.87] → [25.87:88]
```
    users.extraUsers.hydra =
      { description = "Hydra";
        home = baseDir;
        createHome = true;
        useDefaultShell = true;
      };
```
Deletion in hydra-module.nix at line 203 [12.1]
B:BD[12.3610] → [11.0:37]
```
    nix.trustedUsers = [ "hydra" ];
```

Replacement in hydra-module.nix at line 210 [12.1]

∅:D[3.22] → [26.0:43]

B:BD[14.927] → [26.0:43]

∅:D[26.43] → [24.100:195]

B:BD[23.287] → [24.100:195]

B:BD[24.195] → [18.131:208]

          mkdir -m 0700 -p ${baseDir}/data
          chown hydra ${baseDir}/data
          ln -sf ${hydraConf} ${baseDir}/data/hydra.conf
          ${optionalString (cfg.dbi == "dbi:Pg:dbname=hydra;user=hydra;") ''

[3.22]

[18.208]

          mkdir -p ${baseDir}
          chown hydra.hydra ${baseDir}
          chmod 0750 ${baseDir}
          ln -sf ${hydraConf} ${baseDir}/hydra.conf
          mkdir -m 0700 -p /var/lib/hydra/www
          chown hydra-www.hydra /var/lib/hydra/www
          mkdir -m 0700 -p /var/lib/hydra/queue-runner
          mkdir -m 0750 -p /var/lib/hydra/build-logs
          chown hydra-queue-runner.hydra /var/lib/hydra/queue-runner /var/lib/hydra/build-logs
          ${optionalString haveLocalDB ''

Replacement in hydra-module.nix at line 242 [12.1]

B:BD[14.1129] → [5.0:56]

        environment = serverEnv // { COLUMNS = "80"; };

[14.1129]

[14.1162]

        environment = serverEnv;

Replacement in hydra-module.nix at line 248 [12.1]
∅:D[2.272] → [23.330:358]
∅:D[21.397] → [23.330:358]
∅:D[27.436] → [23.330:358]
∅:D[19.923] → [23.330:358]
B:BD[14.1324] → [23.330:358]
```
            User = "hydra";
```
[2.272]
[14.1353]
```
            User = "hydra-www";
            PermissionsStartOnly = true;
```

Replacement in hydra-module.nix at line 261 [12.1]

B:BD[14.1684] → [8.0:85]

          { ExecStart = "@${cfg.package}/bin/hydra-queue-runner hydra-queue-runner";

[14.1684]

[8.85]

          { ExecStartPre = "${cfg.package}/bin/hydra-queue-runner --unlock";
            ExecStart = "@${cfg.package}/bin/hydra-queue-runner hydra-queue-runner";

Replacement in hydra-module.nix at line 264 [12.1]
∅:D[8.162] → [23.359:387]
∅:D[19.1086] → [23.359:387]
B:BD[14.1842] → [23.359:387]
```
            User = "hydra";
```
[8.162]
[14.1871]
```
            User = "hydra-queue-runner";
```
Replacement in hydra-module.nix at line 290 [12.1]
B:BD[14.2664] → [28.0:27]
```
        startAt = "02:15";
```
[14.2664]
[9.201]
```
        startAt = "2,14:15";
```

Replacement in hydra-module.nix at line 303 [12.1]

B:BD[12.5092] → [12.5092:5127]

B:BD[12.5127] → [25.89:286]

    services.cron.systemCronJobs =
      let
        # If there is less than ... GiB of free disk space, stop the queue
        # to prevent builds from failing or aborting.
        checkSpace = pkgs.writeScript "hydra-check-space"

[12.5092]

[25.286]

    # If there is less than a certain amount of free disk space, stop
    # the queue/evaluator to prevent builds from failing or aborting.
    systemd.services.hydra-check-space =
      { script =

Deletion in hydra-module.nix at line 308 [12.1]
B:BD[25.299] → [23.446:482]
```
            #! ${pkgs.stdenv.shell}
```

Replacement in hydra-module.nix at line 317 [12.1]

B:BD[25.1511] → [25.1511:1520]

B:BD[25.1520] → [24.306:384]

∅:D[14.3089] → [25.1945:1956]

B:BD[25.1945] → [25.1945:1956]

      in
        [ "*/5 * * * * root  ${checkSpace} &> ${baseDir}/data/checkspace.log"
        ];

[25.1286]

[25.1956]

        startAt = "*:0/5";
      };
    services.postgresql.enable = mkIf haveLocalDB true;
    services.postgresql.identMap = optionalString haveLocalDB
      ''
        hydra-users hydra hydra
        hydra-users hydra-queue-runner hydra
        hydra-users hydra-www hydra
        hydra-users root hydra
      '';
    services.postgresql.authentication = optionalString haveLocalDB
      ''
        local hydra all ident map=hydra-users
      '';

Insertion in hydra-module.nix at line 336 [12.1]
[25.1961]
[25.1961]

Replacement in src/hydra-queue-runner/hydra-queue-runner.cc at line 1571 [30.4840]

B:BD[29.227] → [29.227:276]

    Path lockPath = hydraData + "/queue-runner";

[29.227]

[29.276]

    Path lockPath = hydraData + "/queue-runner/lock";
    createDirs(dirOf(lockPath));

Replacement in src/lib/Hydra.pm at line 58 [32.6954]

B:BD[31.34] → [6.0:100]

        storage => ($ENV{'HYDRA_SERVER_DATA'} // Hydra::Model::DB::getHydraPath) . "/session_data",

[31.34]

[33.69]

        storage => Hydra::Model::DB::getHydraPath . "/www/session_data",

Unify Hydra's NixOS module with the one used for hydra.nixos.org

Dependencies

In channels

Change contents

Insertion in hydra-module.nix at line 6 [12.1]

Replacement in hydra-module.nix at line 15 [12.1]

Replacement in hydra-module.nix at line 21 [12.1]

Insertion in hydra-module.nix at line 27 [12.1]

Insertion in hydra-module.nix at line 29 [12.1]

Replacement in hydra-module.nix at line 52 [12.1]

Replacement in hydra-module.nix at line 92 [12.1]

Replacement in hydra-module.nix at line 100 [12.1]

Replacement in hydra-module.nix at line 125 [12.1]

Replacement in hydra-module.nix at line 132 [12.1]

Replacement in hydra-module.nix at line 137 [12.1]

Replacement in hydra-module.nix at line 143 [12.1]

Insertion in hydra-module.nix at line 153 [12.1]

Insertion in hydra-module.nix at line 170 [12.1]

Deletion in hydra-module.nix at line 195 [12.1]

Deletion in hydra-module.nix at line 203 [12.1]

Replacement in hydra-module.nix at line 210 [12.1]

Replacement in hydra-module.nix at line 242 [12.1]

Replacement in hydra-module.nix at line 248 [12.1]

Replacement in hydra-module.nix at line 261 [12.1]

Replacement in hydra-module.nix at line 264 [12.1]

Replacement in hydra-module.nix at line 290 [12.1]

Replacement in hydra-module.nix at line 303 [12.1]

Deletion in hydra-module.nix at line 308 [12.1]

Replacement in hydra-module.nix at line 317 [12.1]

Insertion in hydra-module.nix at line 336 [12.1]

Replacement in src/hydra-queue-runner/hydra-queue-runner.cc at line 1571 [30.4840]

Replacement in src/lib/Hydra.pm at line 58 [32.6954]