Rework buildbot configuration

[perso/Immae/Config/Nix.git] / modules / private / buildbot / default.nix

diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index d86853959c47ce4d63a83b200eb05c70aef000cb..44549307e6b19e71fd50b2433df40a5aeff27059 100644 (file)
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -24,6 +24,37 @@ in
   };
 
   config = lib.mkIf config.myServices.buildbot.enable {
+    nixpkgs.overlays = [
+      (self: super: {
+        follow-systemd-unit = self.writeScriptBin "follow-systemd-unit" ''
+          #!${self.stdenv.shell}
+
+          set -euo pipefail
+
+          service=$1
+          before_invocation_id=$2
+
+          get_id() {
+            systemctl show -p InvocationID --value "$service"
+          }
+
+          while [ "$(get_id)" = "$before_invocation_id" ]; do sleep 1; done
+
+          invocation_id="$(get_id)"
+          cursor="$(mktemp)"
+          trap "rm -f $cursor" EXIT
+
+          get_logs() {
+            journalctl --quiet --cursor-file=$cursor INVOCATION_ID=$invocation_id + _SYSTEMD_INVOCATION_ID=$invocation_id
+          }
+
+          while [ -n "$(systemctl show -p Job --value "$service")" ]; do
+            get_logs
+          done
+          get_logs
+        '';
+      })
+    ];
     ids.uids.buildbot = config.myEnv.buildbot.user.uid;
     ids.gids.buildbot = config.myEnv.buildbot.user.gid;
 
@@ -34,7 +65,9 @@ in
       group = "buildbot";
       description = "Buildbot user";
       home = varDir;
-      extraGroups = [ "keys" ];
+      extraGroups = [ "keys" "systemd-journal" ];
+      useDefaultShell = true;
+      openssh.authorizedKeys.keys = [ config.myEnv.buildbot.ssh_key.public ];
     };
 
     services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
@@ -80,7 +113,7 @@ in
               permissions = "0600";
               user = "buildbot";
               group = "buildbot";
-              text = if builtins.isFunction v then v pkgs else v;
+              text = if builtins.isFunction v then v pkgs config else v;
             })
           ) project.secrets
           ++ [