Merge pull request #1586 from obsidiansystems/module-cleanup

nixosModules: Clean up services in a few ways

Author: Ericson2314

nixos-modules/check-space.sh

@@ -0,0 +1,19 @@
+spaceleft=$(($(stat -f -c '%a' /nix/store) * $(stat -f -c '%S' /nix/store)))
+spacestopstart() {
+  service=$1
+  minFreeGB=$2
+  if [ $spaceleft -lt $(($minFreeGB * 1024**3)) ]; then
+    if [ $(systemctl is-active $service) == active ]; then
+      echo "stopping $service due to lack of free space..."
+      systemctl stop $service
+      date > /var/lib/hydra/.$service-stopped-minspace
+    fi
+  else
+    if [ $spaceleft -gt $(( ($minFreeGB + 10) * 1024**3)) -a \
+         -r /var/lib/hydra/.$service-stopped-minspace ] ; then
+      rm /var/lib/hydra/.$service-stopped-minspace
+      echo "restarting $service due to newly available free space..."
+      systemctl start $service
+    fi
+  fi
+}

nixos-modules/default.nix

@@ -8,6 +8,8 @@ rec {
       lib.mkDefault flakePackages.${pkgs.stdenv.hostPlatform.system}.hydra;
   };
 
+  postgresql = ./postgresql.nix;
+
   queue-runner = { pkgs, lib, ... }: {
     _file = ./default.nix;
     imports = [ ./queue-runner-module.nix ];
@@ -43,6 +45,12 @@ rec {
     services.hydra-dev.hydraURL = "http://hydra.example.org";
     services.hydra-dev.notificationSender = "admin@hydra.example.org";
 
+    services.hydra-queue-runner-dev.enable = true;
+
+    services.hydra-queue-builder-dev.enable = true;
+    services.hydra-queue-builder-dev.queueRunnerAddr = "http://[::1]:50051";
+    systemd.services.hydra-queue-builder-dev.after = [ "hydra-queue-runner-dev.service" ];
+
     systemd.services.hydra-send-stats.enable = false;
 
     services.postgresql.enable = true;

nixos-modules/linux-builder-module.nix

@@ -157,6 +157,8 @@ in
         HOME = "/run/hydra-queue-builder";
       };
 
+      path = [ config.nix.package ];
+
       serviceConfig = {
         Type = "notify";
         Restart = "always";
@@ -271,7 +273,6 @@ in
     ];
     nix = {
       settings = {
-        allowed-users = [ "hydra-queue-builder" ];
         trusted-users = [ "hydra-queue-builder" ];
         experimental-features = [ "nix-command" ];
       };

nixos-modules/postgresql.nix

@@ -0,0 +1,103 @@
+{ config, pkgs, lib, ... }:
+
+let
+
+  cfg = config.services.hydra-dev;
+
+  baseDir = "/var/lib/hydra";
+
+  localDB = "dbi:Pg:dbname=hydra;user=hydra;";
+
+  haveLocalDB = cfg.dbi == localDB;
+
+in
+
+{
+  config = lib.mkIf cfg.enable {
+
+    systemd.tmpfiles.rules = [
+      "d ${baseDir} 0750 hydra hydra"
+      "d ${cfg.gcRootsDir} 2775 hydra hydra"
+    ];
+
+    users.groups.hydra = { };
+
+    users.users.hydra =
+      { description = "Hydra";
+        group = "hydra";
+        home = baseDir;
+        isSystemUser = true;
+        useDefaultShell = true;
+      };
+
+    nix.settings = {
+      keep-outputs = true;
+      keep-derivations = true;
+    };
+
+    systemd.services.hydra-init =
+      { wantedBy = [ "multi-user.target" ];
+
+        after = lib.mkIf haveLocalDB [
+          # user won't exist until setup is done
+          "postgresql-setup.service"
+          # hydra-init accesses postgres
+          "postgresql.service"
+        ];
+        environment = {
+          HYDRA_DBI = "${cfg.dbi};application_name=hydra-init";
+          HYDRA_CONFIG = "${baseDir}/hydra.conf";
+          HYDRA_DATA = baseDir;
+          PGPASSFILE = "${baseDir}/pgpass";
+        };
+        path = [ pkgs.util-linux ];
+        preStart = ''
+          ${lib.optionalString haveLocalDB ''
+            echo "create extension if not exists pg_trgm" | runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra
+          ''}
+
+          if [ ! -e ${cfg.gcRootsDir} ]; then
+            # Move legacy roots directory.
+            if [ -e /nix/var/nix/gcroots/per-user/hydra/hydra-roots ]; then
+              mv /nix/var/nix/gcroots/per-user/hydra/hydra-roots ${cfg.gcRootsDir}
+            fi
+          fi
+
+          # Move legacy hydra-www roots.
+          if [ -e /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots ]; then
+            find /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots/ -type f \
+              | xargs -r mv -f -t ${cfg.gcRootsDir}/
+            rmdir /nix/var/nix/gcroots/per-user/hydra-www/hydra-roots
+          fi
+        '';
+        serviceConfig = {
+          ExecStart = "${cfg.package}/bin/hydra-init";
+          PermissionsStartOnly = true;
+          User = "hydra";
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+      };
+
+    services.postgresql = lib.mkIf haveLocalDB {
+      enable = true;
+      ensureDatabases = [ "hydra" ];
+      ensureUsers = [
+        {
+          name = "hydra";
+          ensureDBOwnership = true;
+        }
+      ];
+      identMap = ''
+          hydra-users hydra hydra
+          hydra-users root hydra
+          # The postgres user is used to create the pg_trgm extension for the hydra database
+          hydra-users postgres postgres
+        '';
+
+      authentication = ''
+          local hydra all ident map=hydra-users
+        '';
+    };
+  };
+}

nixos-modules/queue-runner-module.nix

@@ -211,6 +211,14 @@ in
         );
       };
 
+      minimumDiskFree = lib.mkOption {
+        type = lib.types.int;
+        default = 0;
+        description = ''
+          Threshold of minimum disk space (GiB) to determine if the queue runner should run or not.
+        '';
+      };
+
       package = lib.mkOption {
         type = lib.types.package;
         default = pkgs.callPackage ./. { };
@@ -224,8 +232,10 @@ in
 
       requires = [ "nix-daemon.socket" ];
       after = [
+        # sets up database, queue-runner crashes if schema is incorrect
+        "hydra-init.service"
+        # queue-runner may need to connect to another machine
         "network.target"
-        "postgresql.service"
       ];
       wantedBy = [ "multi-user.target" ];
       reloadTriggers = [ config.environment.etc."hydra/queue-runner.toml".source ];
@@ -317,6 +327,20 @@ in
       };
     };
 
+    # If there is less than a certain amount of free disk space, stop
+    # the queue to prevent builds from failing or aborting.
+    # Leaves a tag file indicating this reason; if the tag file exists
+    # and disk space is above the threshold + 10GB, the queue will be
+    # restarted; starting it if it is already started is not harmful.
+    systemd.services.hydra-queue-runner-check-space =
+      { script =
+          ''
+            ${builtins.readFile ./check-space.sh}
+            spacestopstart hydra-queue-runner-dev ${toString cfg.minimumDiskFree}
+          '';
+        startAt = "*:0/5";
+      };
+
     environment.etc."hydra/queue-runner.toml".source = format.generate "queue-runner.toml" (
       lib.filterAttrsRecursive (_: v: v != null) cfg.settings
     );
@@ -325,6 +349,10 @@ in
       "d /var/lib/hydra/build-logs/ 0755 hydra-queue-runner hydra -"
     ];
 
+    services.postgresql.identMap = ''
+      hydra-users hydra-queue-runner hydra
+    '';
+
     users = {
       groups.hydra = { };
       users.hydra-queue-runner = {