]>
Commit | Line | Data |
---|---|---|
587b9e34 | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
9fb4205e IB |
2 | let |
3 | varDir = "/var/lib/buildbot"; | |
4 | buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json; | |
caa08508 | 5 | buildslist_yarn = pkgs.yarn2nix.mkYarnModules { |
9fb4205e IB |
6 | name = "buildslist-yarn-modules"; |
7 | packageJSON = "${buildslist_src.src}/package.json"; | |
8 | yarnLock = "${buildslist_src.src}/yarn.lock"; | |
9 | }; | |
caa08508 | 10 | buildslist_bower = pkgs.buildBowerComponents { |
9fb4205e IB |
11 | name = "buildslist"; |
12 | generated = ./bower.nix; | |
13 | src = "${buildslist_src.src}/guanlecoja/"; | |
14 | }; | |
15 | ||
caa08508 | 16 | buildslist = pkgs.python3Packages.buildPythonPackage rec { |
9fb4205e | 17 | pname = "buildbot-buildslist"; |
caa08508 | 18 | inherit (pkgs.buildbot-pkg) version; |
9fb4205e IB |
19 | |
20 | preConfigure = '' | |
21 | export HOME=$PWD | |
22 | cp -a ${buildslist_yarn}/node_modules . | |
23 | chmod -R u+w node_modules | |
24 | cp -a ${buildslist_bower}/bower_components ./libs | |
25 | chmod -R u+w libs | |
26 | ''; | |
caa08508 | 27 | propagatedBuildInputs = with pkgs.python3Packages; [ |
9fb4205e IB |
28 | (klein.overridePythonAttrs(old: { checkPhase = ""; })) |
29 | buildbot-pkg | |
30 | ]; | |
caa08508 | 31 | nativeBuildInputs = with pkgs; [ yarn nodejs ]; |
9fb4205e IB |
32 | buildInputs = [ buildslist_yarn buildslist_bower ]; |
33 | ||
34 | doCheck = false; | |
35 | src = buildslist_src.src; | |
36 | }; | |
caa08508 | 37 | buildbot_common = pkgs.python3Packages.buildPythonPackage rec { |
e2b96bf5 IB |
38 | name = "buildbot_common"; |
39 | src = ./common; | |
9fb4205e IB |
40 | format = "other"; |
41 | installPhase = '' | |
caa08508 IB |
42 | mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages} |
43 | cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common | |
9fb4205e | 44 | ''; |
e2b96bf5 | 45 | }; |
caa08508 | 46 | buildbot = pkgs.python3Packages.buildbot-full.withPlugins ([ buildslist ]); |
9fb4205e IB |
47 | in |
48 | { | |
49 | options = { | |
50 | services.buildbot.enable = lib.mkOption { | |
51 | type = lib.types.bool; | |
52 | default = false; | |
53 | description = '' | |
54 | Whether to enable buildbot. | |
55 | ''; | |
56 | }; | |
57 | }; | |
58 | ||
59 | config = lib.mkIf config.services.buildbot.enable { | |
60 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | |
61 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | |
62 | ||
63 | users.groups.buildbot.gid = config.ids.gids.buildbot; | |
64 | users.users.buildbot = { | |
65 | name = "buildbot"; | |
66 | uid = config.ids.uids.buildbot; | |
67 | group = "buildbot"; | |
68 | description = "Buildbot user"; | |
69 | home = varDir; | |
70 | }; | |
71 | ||
72 | services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' | |
73 | RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" | |
74 | RewriteEngine On | |
75 | RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] | |
76 | ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | |
77 | ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | |
78 | <Location /buildbot/${project.name}/> | |
79 | Use LDAPConnect | |
e2b96bf5 | 80 | Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu |
9fb4205e IB |
81 | |
82 | SetEnvIf X-Url-Scheme https HTTPS=1 | |
83 | ProxyPreserveHost On | |
84 | </Location> | |
85 | <Location /buildbot/${project.name}/change_hook/base> | |
85817848 IB |
86 | <RequireAny> |
87 | Require local | |
88 | Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu | |
89 | ${if lib.attrsets.hasAttr "webhookTokens" project then '' | |
90 | Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }" | |
91 | '' else ""} | |
92 | </RequireAny> | |
9fb4205e IB |
93 | </Location> |
94 | '') myconfig.env.buildbot.projects; | |
95 | ||
96 | system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | |
97 | deps = [ "users" "wrappers" ]; | |
98 | text = let | |
caa08508 | 99 | master-cfg = "${buildbot_common}/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg"; |
e2b96bf5 IB |
100 | buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key"); |
101 | tac_file = pkgs.writeText "buildbot.tac" '' | |
102 | import os | |
103 | ||
104 | from twisted.application import service | |
105 | from buildbot.master import BuildMaster | |
106 | ||
107 | basedir = '${varDir}/${project.name}' | |
108 | rotateLength = 10000000 | |
109 | maxRotatedFiles = 10 | |
110 | configfile = '${master-cfg}' | |
111 | ||
112 | # Default umask for server | |
113 | umask = None | |
114 | ||
115 | # if this is a relocatable tac file, get the directory containing the TAC | |
116 | if basedir == '.': | |
117 | import os | |
118 | basedir = os.path.abspath(os.path.dirname(__file__)) | |
119 | ||
120 | # note: this line is matched against to check that this is a buildmaster | |
121 | # directory; do not edit it. | |
122 | application = service.Application('buildmaster') | |
123 | from twisted.python.logfile import LogFile | |
124 | from twisted.python.log import ILogObserver, FileLogObserver | |
125 | logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, | |
126 | maxRotatedFiles=maxRotatedFiles) | |
127 | application.setComponent(ILogObserver, FileLogObserver(logfile).emit) | |
128 | ||
129 | m = BuildMaster(basedir, configfile, umask) | |
130 | m.setServiceParent(application) | |
131 | m.log_rotation.rotateLength = rotateLength | |
132 | m.log_rotation.maxRotatedFiles = maxRotatedFiles | |
133 | ''; | |
9fb4205e IB |
134 | in '' |
135 | install -m 0755 -o buildbot -g buildbot -d /run/buildbot/ | |
136 | install -m 0755 -o buildbot -g buildbot -d ${varDir} | |
137 | if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then | |
138 | $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}" | |
139 | rm -f ${varDir}/${project.name}/master.cfg.sample | |
e2b96bf5 | 140 | rm -f ${varDir}/${project.name}/buildbot.tac |
9fb4205e | 141 | fi |
e2b96bf5 IB |
142 | ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac |
143 | install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key | |
9fb4205e IB |
144 | buildbot_secrets=${varDir}/${project.name}/secrets |
145 | install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets | |
146 | echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap | |
147 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | |
148 | (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets | |
149 | )} | |
150 | chown -R buildbot:buildbot $buildbot_secrets | |
151 | chmod -R u=rX,go=- $buildbot_secrets | |
152 | ${project.activationScript} | |
153 | ''; | |
154 | }) myconfig.env.buildbot.projects; | |
155 | ||
156 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | |
157 | description = "Buildbot Continuous Integration Server ${project.name}."; | |
158 | after = [ "network-online.target" ]; | |
159 | wantedBy = [ "multi-user.target" ]; | |
caa08508 | 160 | path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs); |
9fb4205e IB |
161 | environment = let |
162 | project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment; | |
caa08508 | 163 | buildbot_config = pkgs.python3Packages.buildPythonPackage (rec { |
9fb4205e | 164 | name = "buildbot_config-${project.name}"; |
e2b96bf5 | 165 | src = ./projects + "/${project.name}"; |
9fb4205e IB |
166 | format = "other"; |
167 | installPhase = '' | |
caa08508 IB |
168 | mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages} |
169 | cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_config | |
9fb4205e IB |
170 | ''; |
171 | }); | |
172 | HOME = "${varDir}/${project.name}"; | |
caa08508 IB |
173 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [ |
174 | pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot | |
175 | pkgs.python3Packages.buildbot-worker | |
9fb4205e | 176 | buildbot_common buildbot_config |
caa08508 | 177 | ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}"; |
9fb4205e IB |
178 | in project_env // { inherit PYTHONPATH HOME; }; |
179 | ||
180 | serviceConfig = { | |
181 | Type = "forking"; | |
182 | User = "buildbot"; | |
183 | Group = "buildbot"; | |
184 | WorkingDirectory = "${varDir}/${project.name}"; | |
185 | ExecStart = "${buildbot}/bin/buildbot start"; | |
186 | }; | |
187 | }) myconfig.env.buildbot.projects; | |
188 | }; | |
189 | } |