diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix | 213 |
1 files changed, 213 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix new file mode 100644 index 00000000000..4aed493c0fb --- /dev/null +++ b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix @@ -0,0 +1,213 @@ +/* + +This file is for options that NixOS and nix-darwin have in common. + +Platform-specific code is in the respective default.nix files. + + */ + +{ config, lib, options, pkgs, ... }: + +let + inherit (lib) mkOption mkIf types filterAttrs literalExample mkRenamedOptionModule; + + cfg = + config.services.hercules-ci-agent; + + format = pkgs.formats.toml {}; + + settingsModule = { config, ... }: { + freeformType = format.type; + options = { + baseDirectory = mkOption { + type = types.path; + default = "/var/lib/hercules-ci-agent"; + description = '' + State directory (secrets, work directory, etc) for agent + ''; + }; + concurrentTasks = mkOption { + description = '' + Number of tasks to perform simultaneously, such as evaluations, derivations. + + You must have a total capacity across agents of at least 2 concurrent tasks on <literal>x86_64-linux</literal> + to allow for import from derivation. + ''; + type = types.int; + default = 4; + }; + workDirectory = mkOption { + description = '' + The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. + ''; + type = types.path; + default = config.baseDirectory + "/work"; + defaultText = literalExample ''baseDirectory + "/work"''; + }; + staticSecretsDirectory = mkOption { + description = '' + This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>. + ''; + type = types.path; + default = config.baseDirectory + "/secrets"; + defaultText = literalExample ''baseDirectory + "/secrets"''; + }; + clusterJoinTokenPath = mkOption { + description = '' + Location of the cluster-join-token.key file. + ''; + type = types.path; + default = config.staticSecretsDirectory + "/cluster-join-token.key"; + defaultText = literalExample ''staticSecretsDirectory + "/cluster-join-token.key"''; + # internal: It's a bit too detailed to show by default in the docs, + # but useful to define explicitly to allow reuse by other modules. + internal = true; + }; + binaryCachesPath = mkOption { + description = '' + Location of the binary-caches.json file. + ''; + type = types.path; + default = config.staticSecretsDirectory + "/binary-caches.json"; + defaultText = literalExample ''staticSecretsDirectory + "/binary-caches.json"''; + # internal: It's a bit too detailed to show by default in the docs, + # but useful to define explicitly to allow reuse by other modules. + internal = true; + }; + }; + }; + + checkNix = + if !cfg.checkNix + then "" + else if lib.versionAtLeast config.nix.package.version "2.4.0" + then "" + else pkgs.stdenv.mkDerivation { + name = "hercules-ci-check-system-nix-src"; + inherit (config.nix.package) src patches; + configurePhase = ":"; + buildPhase = '' + echo "Checking in-memory pathInfoCache expiry" + if ! grep 'struct PathInfoCacheValue' src/libstore/store-api.hh >/dev/null; then + cat 1>&2 <<EOF + + You are deploying Hercules CI Agent on a system with an incompatible + nix-daemon. Please + - either upgrade Nix to version 2.4.0 (when released), + - or set option services.hercules-ci-agent.patchNix = true; + - or set option nix.package to a build of Nix 2.3 with this patch applied: + https://github.com/NixOS/nix/pull/3405 + + The patch is required for Nix-daemon clients that expect a change in binary + cache contents while running, like the agent's evaluator. Without it, import + from derivation will fail if your cluster has more than one machine. + We are conservative with changes to the overall system, which is why we + keep changes to a minimum and why we ask for confirmation in the form of + services.hercules-ci-agent.patchNix = true before applying. + + EOF + exit 1 + fi + ''; + installPhase = "touch $out"; + }; + + patchedNix = lib.mkIf (!lib.versionAtLeast pkgs.nix.version "2.4.0") ( + if lib.versionAtLeast pkgs.nix.version "2.4pre" + then lib.warn "Hercules CI Agent module will not patch 2.4 pre-release. Make sure it includes (equivalently) PR #3043, commit d048577909 or is no older than 2020-03-13." pkgs.nix + else pkgs.nix.overrideAttrs ( + o: { + patches = (o.patches or []) ++ [ backportNix3398 ]; + } + ) + ); + + backportNix3398 = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/hercules-ci/hercules-ci-agent/hercules-ci-agent-0.7.3/for-upstream/issue-3398-path-info-cache-ttls-backport-2.3.patch"; + sha256 = "0jfckqjir9il2il7904yc1qyadw366y7xqzg81sp9sl3f1pw70ib"; + }; +in +{ + imports = [ + (mkRenamedOptionModule ["services" "hercules-ci-agent" "extraOptions"] ["services" "hercules-ci-agent" "settings"]) + (mkRenamedOptionModule ["services" "hercules-ci-agent" "baseDirectory"] ["services" "hercules-ci-agent" "settings" "baseDirectory"]) + (mkRenamedOptionModule ["services" "hercules-ci-agent" "concurrentTasks"] ["services" "hercules-ci-agent" "settings" "concurrentTasks"]) + ]; + + options.services.hercules-ci-agent = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable to run Hercules CI Agent as a system service. + + <link xlink:href="https://hercules-ci.com">Hercules CI</link> is a + continuous integation service that is centered around Nix. + + Support is available at <link xlink:href="mailto:help@hercules-ci.com">help@hercules-ci.com</link>. + ''; + }; + patchNix = mkOption { + type = types.bool; + default = false; + description = '' + Fix Nix 2.3 cache path metadata caching behavior. Has the effect of <literal>nix.package = patch pkgs.nix;</literal> + + This option will be removed when Hercules CI Agent moves to Nix 2.4 (upcoming Nix release). + ''; + }; + checkNix = mkOption { + type = types.bool; + default = true; + description = '' + Whether to make sure that the system's Nix (nix-daemon) is compatible. + + If you set this to false, please keep up with the change log. + ''; + }; + package = mkOption { + description = '' + Package containing the bin/hercules-ci-agent executable. + ''; + type = types.package; + default = pkgs.hercules-ci-agent; + defaultText = literalExample "pkgs.hercules-ci-agent"; + }; + settings = mkOption { + description = '' + These settings are written to the <literal>agent.toml</literal> file. + + Not all settings are listed as options, can be set nonetheless. + + For the exhaustive list of settings, see <link xlink:href="https://docs.hercules-ci.com/hercules-ci/reference/agent-config/"/>. + ''; + type = types.submoduleWith { modules = [ settingsModule ]; }; + }; + + /* + Internal and/or computed values. + + These are written as options instead of let binding to allow sharing with + default.nix on both NixOS and nix-darwin. + */ + tomlFile = mkOption { + type = types.path; + internal = true; + defaultText = "generated hercules-ci-agent.toml"; + description = '' + The fully assembled config file. + ''; + }; + }; + + config = mkIf cfg.enable { + nix.extraOptions = lib.addContextFrom checkNix '' + # A store path that was missing at first may well have finished building, + # even shortly after the previous lookup. This *also* applies to the daemon. + narinfo-cache-negative-ttl = 0 + ''; + nix.package = mkIf cfg.patchNix patchedNix; + services.hercules-ci-agent.tomlFile = + format.generate "hercules-ci-agent.toml" cfg.settings; + }; +} |