This is an automated email from the git hooks/post-receive script.
civodul pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new a50e7c22 hydra: services: Turn certbot renewal and GC into Shepherd
timers.
a50e7c22 is described below
commit a50e7c224f8ee2e946972d493dd946154843a00c
Author: Ludovic Courtès <[email protected]>
AuthorDate: Thu Mar 27 23:42:00 2025 +0100
hydra: services: Turn certbot renewal and GC into Shepherd timers.
* hydra/modules/sysadmin/services.scm (gc-jobs): Return a list of
Shepherd services.
(%certbot-job): Turn into a Shepherd service.
(frontend-services): Adjust accordingly.
* hydra/berlin.scm <services>: Explicitly instantiate
‘mcron-service-type’ with the remaining jobs. Remove now inappropriate
‘modify-services’ wrapper.
---
hydra/berlin.scm | 51 +++++++++++++++----------------
hydra/modules/sysadmin/services.scm | 61 ++++++++++++++++++++++++-------------
2 files changed, 64 insertions(+), 48 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index fba5b807..ae83e6fd 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -432,7 +432,7 @@ An incremental send is attempted if a PARENT snapshot is
provided."
(mount-point "/boot/efi")
(device (uuid "43AE-6859" 'fat)) ;/dev/sdg2
(type "vfat"))
- %btrfs-pool-san ;for convenience
+ %btrfs-pool-san ;for convenience
;; The root subvolume contains 'secrets' a directory
;; for storing secrets in files.
(btrfs-subvolume-mount "@root" "/")
@@ -1036,32 +1036,29 @@ An incremental send is attempted if a PARENT snapshot
is provided."
(public-key
"CeRd0ZKjlyMDSMbSes1UQ43lADxWX2X8dS/VFo9qej8=")
(allowed-ips '("10.0.0.14/32")))))))
+ (service mcron-service-type
+ (mcron-configuration
+ (jobs (list btrfs-balance-job
+ btrfs-send-job
+ rsync-debbugs-job))))
+
(append
(map anonip-service %anonip-log-files)
(website-services)
- (modify-services
- (frontend-services %sysadmins
- #:authorized-keys %build-node-keys
-
- ;; Get substitutes from our local 'guix
- ;; publish' cache.
- #:substitute-urls
'("http://ci.guix.gnu.org";)
-
- ;; Make sure we get enough build users.
- #:build-accounts-to-max-jobs-ratio 5
-
- #:gc-threshold #f
- #:systems '("x86_64-linux" "i686-linux"
- "aarch64-linux"
- "powerpc64le-linux")
- #:motd %motd
- #:publish-workers 8
- #:max-jobs 20)
- (mcron-service-type
- config => (mcron-configuration
- (inherit config)
- (jobs (cons* btrfs-balance-job
- btrfs-send-job
- rsync-debbugs-job
- (mcron-configuration-jobs
- config))))))))))
+ (frontend-services %sysadmins
+ #:authorized-keys %build-node-keys
+
+ ;; Get substitutes from our local 'guix
+ ;; publish' cache.
+ #:substitute-urls '("http://ci.guix.gnu.org";)
+
+ ;; Make sure we get enough build users.
+ #:build-accounts-to-max-jobs-ratio 5
+
+ #:gc-threshold #f
+ #:systems '("x86_64-linux" "i686-linux"
+ "aarch64-linux"
+ "powerpc64le-linux")
+ #:motd %motd
+ #:publish-workers 8
+ #:max-jobs 20)))))
diff --git a/hydra/modules/sysadmin/services.scm
b/hydra/modules/sysadmin/services.scm
index dbd86687..97d01280 100644
--- a/hydra/modules/sysadmin/services.scm
+++ b/hydra/modules/sysadmin/services.scm
@@ -184,27 +184,44 @@
deleted))))))))
(define (gc-jobs threshold)
- "Return the garbage collection mcron jobs. The garbage collection
+ "Return the garbage collection Shepherd timers. The garbage collection
jobs are run twice a day, when the available free space falls below
THRESHOLD. THRESHOLD can be set to #f to run a daily full garbage
collection instead."
(define (make-guix-gc-command threshold)
- `(,(file-append guix "/bin/guix") "gc"
- ,@(if threshold
- (list "-F" (number->string threshold))
- '())))
-
- `(,#~(job '(next-hour '(3 15))
- #$cleanup-cuirass-roots)
-
- ,#~(job '(next-hour '(4))
- (string-join '#$(make-guix-gc-command threshold)))
+ #~(#$(file-append guix "/bin/guix") "gc"
+ #$@(if threshold
+ #~("-F" #$(number->string threshold))
+ #~())))
+
+ `(,(shepherd-timer '(cleanup-cuirass-roots)
+ #~(calendar-event #:minutes '(0)
+ #:hours '(3 15))
+ #~(#$cleanup-cuirass-roots)
+ #:requirement '(user-processes))
+
+ ,(shepherd-service
+ (provision '(gc))
+ (requirement '(user-processes))
+ (modules '((shepherd service timer)))
+ (start #~(make-timer-constructor
+ (calendar-event #:minutes '(0) #:hours '(4))
+ (command '#$(make-guix-gc-command threshold))
+ ;; Avoid cluttering /var/log/messages.
+ #:log-file "/var/log/gc.log"
+ #:wait-for-termination? #t))
+ (stop #~(make-timer-destructor))
+ (documentation "Periodically collect garbage.")
+ (actions (list shepherd-trigger-action)))
;; Half a day later, make sure half of our quota is available.
,@(if threshold
- (list #~(job '(next-hour '(16))
- (string-join '#$(make-guix-gc-command
- (quotient threshold 2)))))
+ (list #~(shepherd-timer '(gc-half)
+ #~(calendar-event #:minutes '(0)
+ #:hours '(16))
+ (make-guix-gc-command
+ (quotient threshold 2))
+ #:requirement '(user-processes)))
'())))
(define* (guix-daemon-config #:key (max-jobs 5) (cores 4)
@@ -642,9 +659,12 @@ to a selected directory.")
(define %certbot-job
;; Attempt to renew the Let's Encrypt certificate twice a week.
- #~(job "30 0 * * 2,5"
- (string-append #$certbot "/bin/certbot renew \
---webroot --webroot-path /var/www --deploy-hook " #$%certbot-deploy-hook)))
+ (shepherd-timer '(certbot-renewal)
+ "30 0 * * 2,5"
+ #~(#$(file-append certbot "/bin/certbot")
+ "renew" "--webroot" "--webroot-path" "/var/www"
+ "--deploy-hook" #$%certbot-deploy-hook)
+ #:requirement '(user-processes nginx)))
�
@@ -717,10 +737,9 @@ to a selected directory.")
(publish-workers 6))
"Return the list of services for the build farm frontend."
- (cons* (service mcron-service-type
- (mcron-configuration
- (jobs (cons %certbot-job
- (gc-jobs gc-threshold)))))
+ (cons* (simple-service 'timers
+ shepherd-root-service-type
+ (cons %certbot-job (gc-jobs gc-threshold)))
firewall-service
