};
config = lib.mkIf config.myServices.buildbot.enable {
+ nixpkgs.overlays = [
+ (self: super: {
+ follow-systemd-unit = self.writeScriptBin "follow-systemd-unit" ''
+ #!${self.stdenv.shell}
+
+ set -euo pipefail
+
+ service=$1
+ before_invocation_id=$2
+
+ get_id() {
+ systemctl show -p InvocationID --value "$service"
+ }
+
+ while [ "$(get_id)" = "$before_invocation_id" ]; do sleep 1; done
+
+ invocation_id="$(get_id)"
+ cursor="$(mktemp)"
+ trap "rm -f $cursor" EXIT
+
+ get_logs() {
+ journalctl --quiet --cursor-file=$cursor INVOCATION_ID=$invocation_id + _SYSTEMD_INVOCATION_ID=$invocation_id
+ }
+
+ while [ -n "$(systemctl show -p Job --value "$service")" ]; do
+ get_logs
+ done
+ get_logs
+ '';
+ })
+ ];
ids.uids.buildbot = config.myEnv.buildbot.user.uid;
ids.gids.buildbot = config.myEnv.buildbot.user.gid;
group = "buildbot";
description = "Buildbot user";
home = varDir;
- extraGroups = [ "keys" ];
+ extraGroups = [ "keys" "systemd-journal" ];
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ config.myEnv.buildbot.ssh_key.public ];
};
services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
permissions = "0600";
user = "buildbot";
group = "buildbot";
- text = if builtins.isFunction v then v pkgs else v;
+ text = if builtins.isFunction v then v pkgs config else v;
})
) project.secrets
++ [