diff --git a/flake.lock b/flake.lock index cb0aeaf..029ff84 100644 --- a/flake.lock +++ b/flake.lock @@ -473,15 +473,16 @@ ] }, "locked": { - "lastModified": 1769551408, - "narHash": "sha256-8FaW2OxI5JVjU8ONvK9rH4xQfDA/MAaI5YXvsFuPyP4=", + "lastModified": 1769981687, + "narHash": "sha256-RPIu0Bf/xVOBziUJc77BevQPFdKSoYOJkvCEFiJVFWY=", "owner": "helsinki-systems", "repo": "hydra-queue-runner", - "rev": "3d54e589b425fceaf5c59ba61613544e04fc8ff8", + "rev": "9a4b91a715c8d3dae7b11383f63ca8b7c5034c78", "type": "github" }, "original": { "owner": "helsinki-systems", + "ref": "feat/fod_v2", "repo": "hydra-queue-runner", "type": "github" } @@ -513,16 +514,17 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1769818627, - "narHash": "sha256-34oYEWcr8pDkkmxHs1HTI0irAlniUeZCkOsOXWD7now=", - "owner": "nixos", - "repo": "infra", - "rev": "03c2c0d024ec64a069d9766556ad7590b426edac", + "lastModified": 1769984451, + "narHash": "sha256-brwNsEUrQq9ofHpjkqJXxpWO2rZwFYnI2Gc4AV15Sb0=", + "owner": "helsinki-systems", + "repo": "nixos-infra", + "rev": "7799262f1023be0cf535d734da06b0cf2078cb79", "type": "github" }, "original": { - "owner": "nixos", - "repo": "infra", + "owner": "helsinki-systems", + "ref": "upd/queue-runner", + "repo": "nixos-infra", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 210d995..250e7c4 100644 --- a/flake.nix +++ b/flake.nix @@ -33,7 +33,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; infra = { - url = "github:nixos/infra"; + url = "github:helsinki-systems/nixos-infra/upd/queue-runner"; inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable"; diff --git a/non-critical-infra/hosts/build04.ofborg.org/default.nix b/non-critical-infra/hosts/build04.ofborg.org/default.nix index 753841c..5faa4e8 100644 --- a/non-critical-infra/hosts/build04.ofborg.org/default.nix +++ b/non-critical-infra/hosts/build04.ofborg.org/default.nix @@ -45,7 +45,9 @@ services.queue-builder-dev = { enable = true; queueRunnerAddr = "https://queue-runner.staging-hydra.nixos.org"; - maxJobs = 2; + maxJobs = 4; + supportedFeatures = [ "fod-checker" ]; + mandatoryFeatures = [ "fod-checker" ]; mtls = { serverRootCaCertPath = "${inputs.infra}/non-critical-infra/hosts/staging-hydra/ca.crt"; clientCertPath = "${./client.crt}"; diff --git a/non-critical-infra/hosts/eval04.ofborg.org/default.nix b/non-critical-infra/hosts/eval04.ofborg.org/default.nix index 70972bb..b9874fc 100644 --- a/non-critical-infra/hosts/eval04.ofborg.org/default.nix +++ b/non-critical-infra/hosts/eval04.ofborg.org/default.nix @@ -47,7 +47,9 @@ services.queue-builder-dev = { enable = true; queueRunnerAddr = "https://queue-runner.staging-hydra.nixos.org"; - maxJobs = 2; + maxJobs = 4; + supportedFeatures = [ "fod-checker" ]; + mandatoryFeatures = [ "fod-checker" ]; mtls = { serverRootCaCertPath = "${inputs.infra}/non-critical-infra/hosts/staging-hydra/ca.crt"; clientCertPath = "${./client.crt}"; diff --git a/non-critical-infra/modules/ofborg/common.nix b/non-critical-infra/modules/ofborg/common.nix index 45075a2..7e93461 100644 --- a/non-critical-infra/modules/ofborg/common.nix +++ b/non-critical-infra/modules/ofborg/common.nix @@ -5,9 +5,28 @@ "${inputs.infra}/modules/common.nix" "${inputs.infra}/non-critical-infra/modules/common.nix" ./ofborg-config.nix + "${inputs.nixpkgs-unstable}/nixos/modules/services/system/nix-daemon-firewall.nix" ]; - nix.gc.automatic = true; + nix = { + gc.automatic = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 21 # access to ftp files + 22 # fetchGit + 34 + "http" + 443 + "30000-31000" + ]; + allowedUDPPorts = [ + 53 # DNS + 443 # QUIC/HTTP3 + ]; + }; + }; + networking.nftables.flushRuleset = false; # TODO wire up exporters # TODO loki