<RequireAny>
Require local
Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
<RequireAny>
Require local
Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
permissions = "0600";
user = "wwwrun";
group = "wwwrun";
text = lib.optionalString (lib.attrsets.hasAttr "webhookTokens" project) ''
Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
'';
permissions = "0600";
user = "wwwrun";
group = "wwwrun";
text = lib.optionalString (lib.attrsets.hasAttr "webhookTokens" project) ''
Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
'';
systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
description = "Buildbot Continuous Integration Server ${project.name}.";
systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
description = "Buildbot Continuous Integration Server ${project.name}.";
wantedBy = [ "multi-user.target" ];
path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
preStart = let
wantedBy = [ "multi-user.target" ];
path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
preStart = let
rm -f ${varDir}/${project.name}/buildbot.tac
fi
ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
rm -f ${varDir}/${project.name}/buildbot.tac
fi
ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
- install -Dm600 -o buildbot -g buildbot -T /run/keys/buildbot/buildbot-ssh-key ${varDir}/buildbot_key
+ # different buildbots may be trying that simultaneously, add the || true to avoid complaining in case of race
+ install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ssh_key ${varDir}/buildbot_key || true
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets