[perso/Immae/Config/Nix.git] / nixops / modules / buildbot / default.nix

{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
let
  varDir = "/var/lib/buildbot";
  buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
  buildslist_yarn = pkgsNext.yarn2nix.mkYarnModules {
    name = "buildslist-yarn-modules";
    packageJSON = "${buildslist_src.src}/package.json";
    yarnLock = "${buildslist_src.src}/yarn.lock";
  };
  buildslist_bower = pkgsNext.buildBowerComponents {
    name = "buildslist";
    generated = ./bower.nix;
    src = "${buildslist_src.src}/guanlecoja/";
  };

  buildslist = pkgsNext.python3Packages.buildPythonPackage rec {
    pname = "buildbot-buildslist";
    inherit (pkgsNext.buildbot-pkg) version;

    preConfigure = ''
      export HOME=$PWD
      cp -a ${buildslist_yarn}/node_modules .
      chmod -R u+w node_modules
      cp -a ${buildslist_bower}/bower_components ./libs
      chmod -R u+w libs
      '';
    propagatedBuildInputs = with pkgsNext.python3Packages; [
      (klein.overridePythonAttrs(old: { checkPhase = ""; }))
      buildbot-pkg
    ];
    nativeBuildInputs = with pkgsNext; [ yarn nodejs ];
    buildInputs = [ buildslist_yarn buildslist_bower ];

    doCheck = false;
    src = buildslist_src.src;
  };
  buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec {
    format = "other";
    installPhase = ''
      mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
      cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common
      '';
  });
  buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
in
{
  options = {
    services.buildbot.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable buildbot.
      '';
    };
  };

  config = lib.mkIf config.services.buildbot.enable {
    ids.uids.buildbot = myconfig.env.buildbot.user.uid;
    ids.gids.buildbot = myconfig.env.buildbot.user.gid;

    users.groups.buildbot.gid = config.ids.gids.buildbot;
    users.users.buildbot = {
      name = "buildbot";
      uid = config.ids.uids.buildbot;
      group = "buildbot";
      description = "Buildbot user";
      home = varDir;
    };

    services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
        RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
        RewriteEngine On
        RewriteRule ^/buildbot/${project.name}/ws(.*)$   unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
        ProxyPass /buildbot/${project.name}/             unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
        ProxyPassReverse /buildbot/${project.name}/      unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
        <Location /buildbot/${project.name}/>
          Use LDAPConnect
          Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu

          SetEnvIf X-Url-Scheme https HTTPS=1
          ProxyPreserveHost On
        </Location>
        <Location /buildbot/${project.name}/change_hook/base>
          Require local
        </Location>
        '') myconfig.env.buildbot.projects;

    system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
      deps = [ "users" "wrappers" ];
      text = let
        master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
        puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify");
      in ''
      install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
      install -m 0755 -o buildbot -g buildbot -d ${varDir}
      if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
        $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
        rm -f ${varDir}/${project.name}/master.cfg.sample
      fi
      install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify
      buildbot_secrets=${varDir}/${project.name}/secrets
      install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
      echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
      ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
        (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
      )}
      chown -R buildbot:buildbot $buildbot_secrets
      chmod -R u=rX,go=- $buildbot_secrets
      ${project.activationScript}
      '';
    }) myconfig.env.buildbot.projects;

    systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
      description = "Buildbot Continuous Integration Server ${project.name}.";
      after = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgsNext);
      environment = let
        project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
        buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec {
          name = "buildbot_config-${project.name}";
          src = "${./projects}/${project.name}";
          format = "other";
          installPhase = ''
            mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
            cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_config
            '';
        });
        HOME = "${varDir}/${project.name}";
        PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgsNext ++ [
          pkgsNext.python3Packages.treq pkgsNext.python3Packages.ldap3 buildbot
          pkgsNext.python3Packages.buildbot-worker
          buildbot_common buildbot_config
        ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgsNext.python3.pythonForBuild.sitePackages}" else ""}";
      in project_env // { inherit PYTHONPATH HOME; };

      serviceConfig = {
        Type = "forking";
        User = "buildbot";
        Group = "buildbot";
        WorkingDirectory = "${varDir}/${project.name}";
        ExecStart = "${buildbot}/bin/buildbot start";
      };
    }) myconfig.env.buildbot.projects;
  };
}
Commit	Line	Data
9fb4205e IB	1	{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
	2	let
	3	varDir = "/var/lib/buildbot";
	4	buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
	5	buildslist_yarn = pkgsNext.yarn2nix.mkYarnModules {
	6	name = "buildslist-yarn-modules";
	7	packageJSON = "${buildslist_src.src}/package.json";
	8	yarnLock = "${buildslist_src.src}/yarn.lock";
	9	};
	10	buildslist_bower = pkgsNext.buildBowerComponents {
	11	name = "buildslist";
	12	generated = ./bower.nix;
	13	src = "${buildslist_src.src}/guanlecoja/";
	14	};
	15
	16	buildslist = pkgsNext.python3Packages.buildPythonPackage rec {
	17	pname = "buildbot-buildslist";
	18	inherit (pkgsNext.buildbot-pkg) version;
	19
	20	preConfigure = ''
	21	export HOME=$PWD
	22	cp -a ${buildslist_yarn}/node_modules .
	23	chmod -R u+w node_modules
	24	cp -a ${buildslist_bower}/bower_components ./libs
	25	chmod -R u+w libs
	26	'';
	27	propagatedBuildInputs = with pkgsNext.python3Packages; [
	28	(klein.overridePythonAttrs(old: { checkPhase = ""; }))
	29	buildbot-pkg
	30	];
	31	nativeBuildInputs = with pkgsNext; [ yarn nodejs ];
	32	buildInputs = [ buildslist_yarn buildslist_bower ];
	33
	34	doCheck = false;
	35	src = buildslist_src.src;
	36	};
	37	buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec {
	38	format = "other";
	39	installPhase = ''
	40	mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
	41	cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common
	42	'';
	43	});
	44	buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
	45	in
	46	{
	47	options = {
	48	services.buildbot.enable = lib.mkOption {
	49	type = lib.types.bool;
	50	default = false;
	51	description = ''
	52	Whether to enable buildbot.
	53	'';
	54	};
	55	};
	56
	57	config = lib.mkIf config.services.buildbot.enable {
	58	ids.uids.buildbot = myconfig.env.buildbot.user.uid;
	59	ids.gids.buildbot = myconfig.env.buildbot.user.gid;
	60
	61	users.groups.buildbot.gid = config.ids.gids.buildbot;
	62	users.users.buildbot = {
	63	name = "buildbot";
	64	uid = config.ids.uids.buildbot;
65	group = "buildbot";
66	description = "Buildbot user";
67	home = varDir;
68	};
69
70	services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
71	RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
72	RewriteEngine On
73	RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock\|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
74	ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock\|http://${project.name}-git.immae.eu/
75	ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock\|http://${project.name}-git.immae.eu/
76	<Location /buildbot/${project.name}/>
77	Use LDAPConnect
78	Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu
79
80	SetEnvIf X-Url-Scheme https HTTPS=1
81	ProxyPreserveHost On
82	</Location>
83	<Location /buildbot/${project.name}/change_hook/base>
84	Require local
85	</Location>
86	'') myconfig.env.buildbot.projects;
87
88	system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
89	deps = [ "users" "wrappers" ];
90	text = let
91	master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
92	puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify");
93	in ''
94	install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
95	install -m 0755 -o buildbot -g buildbot -d ${varDir}
96	if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
97	$wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
98	rm -f ${varDir}/${project.name}/master.cfg.sample
99	fi
100	install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify
101	buildbot_secrets=${varDir}/${project.name}/secrets
102	install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
103	echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
104	${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
105	(k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
106	)}
107	chown -R buildbot:buildbot $buildbot_secrets
108	chmod -R u=rX,go=- $buildbot_secrets
109	${project.activationScript}
110	'';
111	}) myconfig.env.buildbot.projects;
112
113	systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
114	description = "Buildbot Continuous Integration Server ${project.name}.";
115	after = [ "network-online.target" ];
116	wantedBy = [ "multi-user.target" ];
117	path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgsNext);
118	environment = let
119	project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
120	buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec {
121	name = "buildbot_config-${project.name}";
122	src = "${./projects}/${project.name}";
123	format = "other";
124	installPhase = ''
125	mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
126	cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_config
127	'';
128	});
129	HOME = "${varDir}/${project.name}";
130	PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgsNext ++ [
131	pkgsNext.python3Packages.treq pkgsNext.python3Packages.ldap3 buildbot
132	pkgsNext.python3Packages.buildbot-worker
133	buildbot_common buildbot_config
134	])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgsNext.python3.pythonForBuild.sitePackages}" else ""}";
135	in project_env // { inherit PYTHONPATH HOME; };
136
137	serviceConfig = {
138	Type = "forking";
139	User = "buildbot";
140	Group = "buildbot";
141	WorkingDirectory = "${varDir}/${project.name}";
142	ExecStart = "${buildbot}/bin/buildbot start";
143	};
144	}) myconfig.env.buildbot.projects;
145	};
146	}