[perso/Immae/Config/Nix.git] / nixops / modules / buildbot / default.nix

{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
let
  pkgs = pkgsNext.appendOverlays config.nixpkgs.overlays;

  varDir = "/var/lib/buildbot";
  buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
  buildslist_yarn = pkgs.yarn2nix.mkYarnModules {
    name = "buildslist-yarn-modules";
    packageJSON = "${buildslist_src.src}/package.json";
    yarnLock = "${buildslist_src.src}/yarn.lock";
  };
  buildslist_bower = pkgs.buildBowerComponents {
    name = "buildslist";
    generated = ./bower.nix;
    src = "${buildslist_src.src}/guanlecoja/";
  };

  buildslist = pkgs.python3Packages.buildPythonPackage rec {
    pname = "buildbot-buildslist";
    inherit (pkgs.buildbot-pkg) version;

    preConfigure = ''
      export HOME=$PWD
      cp -a ${buildslist_yarn}/node_modules .
      chmod -R u+w node_modules
      cp -a ${buildslist_bower}/bower_components ./libs
      chmod -R u+w libs
      '';
    propagatedBuildInputs = with pkgs.python3Packages; [
      (klein.overridePythonAttrs(old: { checkPhase = ""; }))
      buildbot-pkg
    ];
    nativeBuildInputs = with pkgs; [ yarn nodejs ];
    buildInputs = [ buildslist_yarn buildslist_bower ];

    doCheck = false;
    src = buildslist_src.src;
  };
  buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
    name = "buildbot_common";
    src = ./common;
    format = "other";
    installPhase = ''
      mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
      cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common
      '';
  };
  buildbot = pkgs.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
in
{
  options = {
    services.buildbot.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable buildbot.
      '';
    };
  };

  config = lib.mkIf config.services.buildbot.enable {
    ids.uids.buildbot = myconfig.env.buildbot.user.uid;
    ids.gids.buildbot = myconfig.env.buildbot.user.gid;

    users.groups.buildbot.gid = config.ids.gids.buildbot;
    users.users.buildbot = {
      name = "buildbot";
      uid = config.ids.uids.buildbot;
      group = "buildbot";
      description = "Buildbot user";
      home = varDir;
    };

    services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
        RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
        RewriteEngine On
        RewriteRule ^/buildbot/${project.name}/ws(.*)$   unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
        ProxyPass /buildbot/${project.name}/             unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
        ProxyPassReverse /buildbot/${project.name}/      unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
        <Location /buildbot/${project.name}/>
          Use LDAPConnect
          Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu

          SetEnvIf X-Url-Scheme https HTTPS=1
          ProxyPreserveHost On
        </Location>
        <Location /buildbot/${project.name}/change_hook/base>
          Require local
        </Location>
        '') myconfig.env.buildbot.projects;

    system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
      deps = [ "users" "wrappers" ];
      text = let
        master-cfg = "${buildbot_common}/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
        buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key");
        tac_file = pkgs.writeText "buildbot.tac" ''
            import os

            from twisted.application import service
            from buildbot.master import BuildMaster

            basedir = '${varDir}/${project.name}'
            rotateLength = 10000000
            maxRotatedFiles = 10
            configfile = '${master-cfg}'

            # Default umask for server
            umask = None

            # if this is a relocatable tac file, get the directory containing the TAC
            if basedir == '.':
                import os
                basedir = os.path.abspath(os.path.dirname(__file__))

            # note: this line is matched against to check that this is a buildmaster
            # directory; do not edit it.
            application = service.Application('buildmaster')
            from twisted.python.logfile import LogFile
            from twisted.python.log import ILogObserver, FileLogObserver
            logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
                                            maxRotatedFiles=maxRotatedFiles)
            application.setComponent(ILogObserver, FileLogObserver(logfile).emit)

            m = BuildMaster(basedir, configfile, umask)
            m.setServiceParent(application)
            m.log_rotation.rotateLength = rotateLength
            m.log_rotation.maxRotatedFiles = maxRotatedFiles
          '';
      in ''
      install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
      install -m 0755 -o buildbot -g buildbot -d ${varDir}
      if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
        $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
        rm -f ${varDir}/${project.name}/master.cfg.sample
        rm -f ${varDir}/${project.name}/buildbot.tac
      fi
      ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
      install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key
      buildbot_secrets=${varDir}/${project.name}/secrets
      install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
      echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
      ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
        (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
      )}
      chown -R buildbot:buildbot $buildbot_secrets
      chmod -R u=rX,go=- $buildbot_secrets
      ${project.activationScript}
      '';
    }) myconfig.env.buildbot.projects;

    systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
      description = "Buildbot Continuous Integration Server ${project.name}.";
      after = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
      environment = let
        project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
        buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
          name = "buildbot_config-${project.name}";
          src = ./projects + "/${project.name}";
          format = "other";
          installPhase = ''
            mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
            cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_config
            '';
        });
        HOME = "${varDir}/${project.name}";
        PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [
          pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot
          pkgs.python3Packages.buildbot-worker
          buildbot_common buildbot_config
        ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}";
      in project_env // { inherit PYTHONPATH HOME; };

      serviceConfig = {
        Type = "forking";
        User = "buildbot";
        Group = "buildbot";
        WorkingDirectory = "${varDir}/${project.name}";
        ExecStart = "${buildbot}/bin/buildbot start";
      };
    }) myconfig.env.buildbot.projects;
  };
}
Commit	Line	Data
9fb4205e IB	1	{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
9fb4205e IB	2	let
caa08508 IB	3	pkgs = pkgsNext.appendOverlays config.nixpkgs.overlays;
caa08508 IB	4
9fb4205e IB	5	varDir = "/var/lib/buildbot";
9fb4205e IB	6	buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
caa08508	7	buildslist_yarn = pkgs.yarn2nix.mkYarnModules {
9fb4205e IB	8	name = "buildslist-yarn-modules";
	9	packageJSON = "${buildslist_src.src}/package.json";
	10	yarnLock = "${buildslist_src.src}/yarn.lock";
	11	};
caa08508	12	buildslist_bower = pkgs.buildBowerComponents {
9fb4205e IB	13	name = "buildslist";
	14	generated = ./bower.nix;
	15	src = "${buildslist_src.src}/guanlecoja/";
	16	};
	17
caa08508	18	buildslist = pkgs.python3Packages.buildPythonPackage rec {
9fb4205e	19	pname = "buildbot-buildslist";
caa08508	20	inherit (pkgs.buildbot-pkg) version;
9fb4205e IB	21
	22	preConfigure = ''
	23	export HOME=$PWD
	24	cp -a ${buildslist_yarn}/node_modules .
	25	chmod -R u+w node_modules
	26	cp -a ${buildslist_bower}/bower_components ./libs
	27	chmod -R u+w libs
	28	'';
caa08508	29	propagatedBuildInputs = with pkgs.python3Packages; [
9fb4205e IB	30	(klein.overridePythonAttrs(old: { checkPhase = ""; }))
	31	buildbot-pkg
	32	];
caa08508	33	nativeBuildInputs = with pkgs; [ yarn nodejs ];
9fb4205e IB	34	buildInputs = [ buildslist_yarn buildslist_bower ];
	35
	36	doCheck = false;
	37	src = buildslist_src.src;
	38	};
caa08508	39	buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
e2b96bf5 IB	40	name = "buildbot_common";
e2b96bf5 IB	41	src = ./common;
9fb4205e IB	42	format = "other";
9fb4205e IB	43	installPhase = ''
caa08508 IB	44	mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
caa08508 IB	45	cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common
9fb4205e	46	'';
e2b96bf5	47	};
caa08508	48	buildbot = pkgs.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
9fb4205e IB	49	in
	50	{
	51	options = {
	52	services.buildbot.enable = lib.mkOption {
	53	type = lib.types.bool;
	54	default = false;
	55	description = ''
	56	Whether to enable buildbot.
	57	'';
	58	};
	59	};
	60
	61	config = lib.mkIf config.services.buildbot.enable {
	62	ids.uids.buildbot = myconfig.env.buildbot.user.uid;
	63	ids.gids.buildbot = myconfig.env.buildbot.user.gid;
	64
	65	users.groups.buildbot.gid = config.ids.gids.buildbot;
	66	users.users.buildbot = {
	67	name = "buildbot";
	68	uid = config.ids.uids.buildbot;
	69	group = "buildbot";
	70	description = "Buildbot user";
	71	home = varDir;
	72	};
	73
	74	services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
	75	RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
	76	RewriteEngine On
	77	RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock\|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
	78	ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock\|http://${project.name}-git.immae.eu/
	79	ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock\|http://${project.name}-git.immae.eu/
	80	<Location /buildbot/${project.name}/>
	81	Use LDAPConnect
e2b96bf5	82	Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
9fb4205e IB	83
	84	SetEnvIf X-Url-Scheme https HTTPS=1
	85	ProxyPreserveHost On
	86	</Location>
	87	<Location /buildbot/${project.name}/change_hook/base>
	88	Require local
	89	</Location>
	90	'') myconfig.env.buildbot.projects;
	91
	92	system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
	93	deps = [ "users" "wrappers" ];
	94	text = let
caa08508	95	master-cfg = "${buildbot_common}/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
e2b96bf5 IB	96	buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key");
	97	tac_file = pkgs.writeText "buildbot.tac" ''
	98	import os
	99
	100	from twisted.application import service
	101	from buildbot.master import BuildMaster
	102
	103	basedir = '${varDir}/${project.name}'
	104	rotateLength = 10000000
	105	maxRotatedFiles = 10
	106	configfile = '${master-cfg}'
	107
	108	# Default umask for server
	109	umask = None
	110
	111	# if this is a relocatable tac file, get the directory containing the TAC
	112	if basedir == '.':
	113	import os
	114	basedir = os.path.abspath(os.path.dirname(__file__))
	115
	116	# note: this line is matched against to check that this is a buildmaster
	117	# directory; do not edit it.
	118	application = service.Application('buildmaster')
	119	from twisted.python.logfile import LogFile
	120	from twisted.python.log import ILogObserver, FileLogObserver
	121	logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
	122	maxRotatedFiles=maxRotatedFiles)
	123	application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
	124
	125	m = BuildMaster(basedir, configfile, umask)
	126	m.setServiceParent(application)
	127	m.log_rotation.rotateLength = rotateLength
	128	m.log_rotation.maxRotatedFiles = maxRotatedFiles
	129	'';
9fb4205e IB	130	in ''
	131	install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
	132	install -m 0755 -o buildbot -g buildbot -d ${varDir}
	133	if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
	134	$wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
	135	rm -f ${varDir}/${project.name}/master.cfg.sample
e2b96bf5	136	rm -f ${varDir}/${project.name}/buildbot.tac
9fb4205e	137	fi
e2b96bf5 IB	138	ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
e2b96bf5 IB	139	install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key
9fb4205e IB	140	buildbot_secrets=${varDir}/${project.name}/secrets
	141	install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
	142	echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
	143	${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
	144	(k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
	145	)}
	146	chown -R buildbot:buildbot $buildbot_secrets
	147	chmod -R u=rX,go=- $buildbot_secrets
	148	${project.activationScript}
	149	'';
	150	}) myconfig.env.buildbot.projects;
	151
	152	systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
	153	description = "Buildbot Continuous Integration Server ${project.name}.";
	154	after = [ "network-online.target" ];
	155	wantedBy = [ "multi-user.target" ];
caa08508	156	path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
9fb4205e IB	157	environment = let
9fb4205e IB	158	project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
caa08508	159	buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
9fb4205e	160	name = "buildbot_config-${project.name}";
e2b96bf5	161	src = ./projects + "/${project.name}";
9fb4205e IB	162	format = "other";
9fb4205e IB	163	installPhase = ''
caa08508 IB	164	mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
caa08508 IB	165	cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_config
9fb4205e IB	166	'';
	167	});
	168	HOME = "${varDir}/${project.name}";
caa08508 IB	169	PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [
	170	pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot
	171	pkgs.python3Packages.buildbot-worker
9fb4205e	172	buildbot_common buildbot_config
caa08508	173	])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}";
9fb4205e IB	174	in project_env // { inherit PYTHONPATH HOME; };
	175
	176	serviceConfig = {
	177	Type = "forking";
	178	User = "buildbot";
	179	Group = "buildbot";
	180	WorkingDirectory = "${varDir}/${project.name}";
	181	ExecStart = "${buildbot}/bin/buildbot start";
	182	};
	183	}) myconfig.env.buildbot.projects;
	184	};
	185	}