Migrate yarn2nix to external repository

[perso/Immae/Config/Nix.git] / nixops / modules / buildbot / default.nix

diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index 3962e6549e0feeee6839d5cc8ec294382397b2ed..ff1c697c5551d366689f72af8a0ef2c495a2f562 100644 (file)
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -1,11 +1,11 @@
-{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
 let
-  pkgs = pkgsNext.appendOverlays config.nixpkgs.overlays;
-
   varDir = "/var/lib/buildbot";
   buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
-  buildslist_yarn = pkgs.yarn2nix.mkYarnModules {
+  buildslist_yarn = mylibs.yarn2nixPackage.mkYarnModules rec {
     name = "buildslist-yarn-modules";
+    pname = name;
+    inherit (pkgs.buildbot-pkg) version;
     packageJSON = "${buildslist_src.src}/package.json";
     yarnLock = "${buildslist_src.src}/yarn.lock";
   };
@@ -59,6 +59,33 @@ in
   };
 
   config = lib.mkIf config.services.buildbot.enable {
+    nixpkgs.overlays = [ (self: super: rec {
+      python3 = super.python3.override {
+        packageOverrides = python-self: python-super: {
+          wokkel = python-self.buildPythonPackage rec {
+            pname = "wokkel";
+            version = "18.0.0";
+            src = python-self.fetchPypi {
+              inherit pname version;
+              sha256 = "1spq44gg8gsviqx1dvlmjpgfc0wk0jpyx4ap01y2pad1ai9cw016";
+            };
+            propagatedBuildInputs = with python-self; [ twisted.extras.tls twisted incremental dateutil ];
+            doChecks = false;
+          };
+          apprise = python-self.buildPythonPackage rec {
+            pname = "apprise";
+            version = "0.7.4";
+            src = (mylibs.fetchedGithub ./apprise.json).src;
+            propagatedBuildInputs = with python-self; [ decorator
+            requests requests_oauthlib oauthlib urllib3 six click
+            markdown pyyaml sleekxmpp
+            ];
+            doChecks = false;
+          };
+        };
+      };
+    }) ];
+
     ids.uids.buildbot = myconfig.env.buildbot.user.uid;
     ids.gids.buildbot = myconfig.env.buildbot.user.gid;
 
@@ -85,7 +112,13 @@ in
           ProxyPreserveHost On
         </Location>
         <Location /buildbot/${project.name}/change_hook/base>
-          Require local
+          <RequireAny>
+            Require local
+            Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
+            ${if lib.attrsets.hasAttr "webhookTokens" project then ''
+              Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
+              '' else ""}
+          </RequireAny>
         </Location>
         '') myconfig.env.buildbot.projects;
 
@@ -167,6 +200,7 @@ in
         });
         HOME = "${varDir}/${project.name}";
         PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [
+          pkgs.python3Packages.wokkel
           pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot
           pkgs.python3Packages.buildbot-worker
           buildbot_common buildbot_config