text = let
project_env = with lib.attrsets;
mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" (if builtins.isFunction v then v pkgs else v)) project.environment //
- mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) //
{
BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}";
BUILDBOT_WORKER_PORT = builtins.toString project.workerPort;
group = "buildbot";
text = config.myEnv.buildbot.ssh_key.private;
};
+ "buildbot/ssh_known_hosts" = {
+ permissions = "0644";
+ user = "buildbot";
+ group = "buildbot";
+ text = ''
+ git.immae.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF
+ eldiron ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF
+ phare.normalesup.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2GomItXICXpCtCFRMT2xuerqx2nLMO/3mNUuWyzFr1
+ '';
+ };
};
services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
# different buildbots may be trying that simultaneously, add the || true to avoid complaining in case of race
install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_key"} ${varDir}/buildbot_key || true
+ install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_known_hosts"} ${varDir}/buildbot_hosts || true
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets
install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ldap"} $buildbot_secrets/ldap
projects / perso / Immae / Config / Nix.git / blobdiff