]>
Commit | Line | Data |
---|---|---|
9fb4205e IB |
1 | { lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }: |
2 | let | |
3 | varDir = "/var/lib/buildbot"; | |
4 | buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json; | |
5 | buildslist_yarn = pkgsNext.yarn2nix.mkYarnModules { | |
6 | name = "buildslist-yarn-modules"; | |
7 | packageJSON = "${buildslist_src.src}/package.json"; | |
8 | yarnLock = "${buildslist_src.src}/yarn.lock"; | |
9 | }; | |
10 | buildslist_bower = pkgsNext.buildBowerComponents { | |
11 | name = "buildslist"; | |
12 | generated = ./bower.nix; | |
13 | src = "${buildslist_src.src}/guanlecoja/"; | |
14 | }; | |
15 | ||
16 | buildslist = pkgsNext.python3Packages.buildPythonPackage rec { | |
17 | pname = "buildbot-buildslist"; | |
18 | inherit (pkgsNext.buildbot-pkg) version; | |
19 | ||
20 | preConfigure = '' | |
21 | export HOME=$PWD | |
22 | cp -a ${buildslist_yarn}/node_modules . | |
23 | chmod -R u+w node_modules | |
24 | cp -a ${buildslist_bower}/bower_components ./libs | |
25 | chmod -R u+w libs | |
26 | ''; | |
27 | propagatedBuildInputs = with pkgsNext.python3Packages; [ | |
28 | (klein.overridePythonAttrs(old: { checkPhase = ""; })) | |
29 | buildbot-pkg | |
30 | ]; | |
31 | nativeBuildInputs = with pkgsNext; [ yarn nodejs ]; | |
32 | buildInputs = [ buildslist_yarn buildslist_bower ]; | |
33 | ||
34 | doCheck = false; | |
35 | src = buildslist_src.src; | |
36 | }; | |
37 | buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec { | |
38 | format = "other"; | |
39 | installPhase = '' | |
40 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | |
41 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common | |
42 | ''; | |
43 | }); | |
44 | buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]); | |
45 | in | |
46 | { | |
47 | options = { | |
48 | services.buildbot.enable = lib.mkOption { | |
49 | type = lib.types.bool; | |
50 | default = false; | |
51 | description = '' | |
52 | Whether to enable buildbot. | |
53 | ''; | |
54 | }; | |
55 | }; | |
56 | ||
57 | config = lib.mkIf config.services.buildbot.enable { | |
58 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | |
59 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | |
60 | ||
61 | users.groups.buildbot.gid = config.ids.gids.buildbot; | |
62 | users.users.buildbot = { | |
63 | name = "buildbot"; | |
64 | uid = config.ids.uids.buildbot; | |
65 | group = "buildbot"; | |
66 | description = "Buildbot user"; | |
67 | home = varDir; | |
68 | }; | |
69 | ||
70 | services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' | |
71 | RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" | |
72 | RewriteEngine On | |
73 | RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] | |
74 | ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | |
75 | ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | |
76 | <Location /buildbot/${project.name}/> | |
77 | Use LDAPConnect | |
78 | Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu | |
79 | ||
80 | SetEnvIf X-Url-Scheme https HTTPS=1 | |
81 | ProxyPreserveHost On | |
82 | </Location> | |
83 | <Location /buildbot/${project.name}/change_hook/base> | |
84 | Require local | |
85 | </Location> | |
86 | '') myconfig.env.buildbot.projects; | |
87 | ||
88 | system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | |
89 | deps = [ "users" "wrappers" ]; | |
90 | text = let | |
91 | master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg"; | |
92 | puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify"); | |
93 | in '' | |
94 | install -m 0755 -o buildbot -g buildbot -d /run/buildbot/ | |
95 | install -m 0755 -o buildbot -g buildbot -d ${varDir} | |
96 | if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then | |
97 | $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}" | |
98 | rm -f ${varDir}/${project.name}/master.cfg.sample | |
99 | fi | |
100 | install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify | |
101 | buildbot_secrets=${varDir}/${project.name}/secrets | |
102 | install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets | |
103 | echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap | |
104 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | |
105 | (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets | |
106 | )} | |
107 | chown -R buildbot:buildbot $buildbot_secrets | |
108 | chmod -R u=rX,go=- $buildbot_secrets | |
109 | ${project.activationScript} | |
110 | ''; | |
111 | }) myconfig.env.buildbot.projects; | |
112 | ||
113 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | |
114 | description = "Buildbot Continuous Integration Server ${project.name}."; | |
115 | after = [ "network-online.target" ]; | |
116 | wantedBy = [ "multi-user.target" ]; | |
117 | path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgsNext); | |
118 | environment = let | |
119 | project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment; | |
120 | buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec { | |
121 | name = "buildbot_config-${project.name}"; | |
122 | src = "${./projects}/${project.name}"; | |
123 | format = "other"; | |
124 | installPhase = '' | |
125 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | |
126 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_config | |
127 | ''; | |
128 | }); | |
129 | HOME = "${varDir}/${project.name}"; | |
130 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgsNext ++ [ | |
131 | pkgsNext.python3Packages.treq pkgsNext.python3Packages.ldap3 buildbot | |
132 | pkgsNext.python3Packages.buildbot-worker | |
133 | buildbot_common buildbot_config | |
134 | ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgsNext.python3.pythonForBuild.sitePackages}" else ""}"; | |
135 | in project_env // { inherit PYTHONPATH HOME; }; | |
136 | ||
137 | serviceConfig = { | |
138 | Type = "forking"; | |
139 | User = "buildbot"; | |
140 | Group = "buildbot"; | |
141 | WorkingDirectory = "${varDir}/${project.name}"; | |
142 | ExecStart = "${buildbot}/bin/buildbot start"; | |
143 | }; | |
144 | }) myconfig.env.buildbot.projects; | |
145 | }; | |
146 | } |