-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
varDir = "/var/lib/buildbot";
buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
};
config = lib.mkIf config.myServices.buildbot.enable {
- services.backup.profiles.buildbot = {
+ services.duplyBackup.profiles.buildbot = {
rootDir = varDir;
+ remotes = [ "eriomem" "ovh" ];
};
- ids.uids.buildbot = myconfig.env.buildbot.user.uid;
- ids.gids.buildbot = myconfig.env.buildbot.user.gid;
+ ids.uids.buildbot = config.myEnv.buildbot.user.uid;
+ ids.gids.buildbot = config.myEnv.buildbot.user.gid;
users.groups.buildbot.gid = config.ids.gids.buildbot;
users.users.buildbot = {
services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
(k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")
- myconfig.env.buildbot.projects;
+ config.myEnv.buildbot.projects;
services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
Include /var/secrets/buildbot/${project.name}/webhook-httpd-include
</RequireAny>
</Location>
- '') myconfig.env.buildbot.projects;
+ '') config.myEnv.buildbot.projects;
system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
deps = [ "users" "wrappers" ];
- text = project.activationScript;
- }) myconfig.env.buildbot.projects;
+ text = ''
+ install -m 755 -o buildbot -g buildbot -d ${varDir}/${project.name}
+
+ ${project.activationScript}
+ '';
+ }) config.myEnv.buildbot.projects;
secrets.keys = (
lib.lists.flatten (
permissions = "0600";
user = "wwwrun";
group = "wwwrun";
- text = lib.optionalString (lib.attrsets.hasAttr "webhookTokens" project) ''
+ text = lib.optionalString (project.webhookTokens != null) ''
Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
'';
dest = "buildbot/${project.name}/webhook-httpd-include";
}
+ {
+ permissions = "0600";
+ user = "buildbot";
+ group = "buildbot";
+ dest = "buildbot/${project.name}/environment_file";
+ text = let
+ project_env = with lib.attrsets;
+ mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment //
+ mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) //
+ { BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}"; };
+ in builtins.concatStringsSep "\n"
+ (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env);
+ }
]
- ) myconfig.env.buildbot.projects
+ ) config.myEnv.buildbot.projects
)
) ++ [
{
permissions = "0600";
user = "buildbot";
group = "buildbot";
- text = myconfig.env.buildbot.ldap.password;
+ text = config.myEnv.buildbot.ldap.password;
dest = "buildbot/ldap";
}
{
permissions = "0600";
user = "buildbot";
group = "buildbot";
- text = builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key";
+ text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key";
dest = "buildbot/ssh_key";
}
];
paths = [
"/var/secrets/buildbot/ldap"
"/var/secrets/buildbot/ssh_key"
+ "/var/secrets/buildbot/${project.name}/environment_file"
] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;
- }) myconfig.env.buildbot.projects;
+ }) config.myEnv.buildbot.projects;
+
+ systemd.slices.buildbot = {
+ description = "buildbot slice";
+ };
systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
description = "Buildbot Continuous Integration Server ${project.name}.";
${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets
)}
+ ${buildbot}/bin/buildbot upgrade-master ${varDir}/${project.name}
'';
environment = let
- project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
name = "buildbot_config-${project.name}";
src = ./projects + "/${project.name}";
pkgs.python3Packages.buildbot-worker
buildbot_common buildbot_config
])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}";
- in project_env // { inherit PYTHONPATH HOME; };
+ in { inherit PYTHONPATH HOME; };
serviceConfig = {
+ Slice = "buildbot.slice";
Type = "forking";
User = "buildbot";
Group = "buildbot";
SupplementaryGroups = "keys";
WorkingDirectory = "${varDir}/${project.name}";
ExecStart = "${buildbot}/bin/buildbot start";
+ EnvironmentFile = "/var/secrets/buildbot/${project.name}/environment_file";
};
- }) myconfig.env.buildbot.projects;
+ }) config.myEnv.buildbot.projects;
};
}