Add deploy webhook

[perso/Immae/Config/Nix.git] / nixops / modules / buildbot / default.nix

diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index 3768bde552673d53ced9b3954d13ea5ed60b73ee..21b784bb50b7c8b006b8a04cc706e5491a413bc1 100644 (file)
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -83,7 +83,13 @@ in
           ProxyPreserveHost On
         </Location>
         <Location /buildbot/${project.name}/change_hook/base>
-          Require local
+          <RequireAny>
+            Require local
+            Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
+            ${if lib.attrsets.hasAttr "webhookTokens" project then ''
+              Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
+              '' else ""}
+          </RequireAny>
         </Location>
         '') myconfig.env.buildbot.projects;