]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/buildbot/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add cours to buildbot
[perso/Immae/Config/Nix.git] / modules / private / buildbot / default.nix
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index fa6a6f20f3c4a17d3c6c2cc2bb59a4e2149c6fde..273ad705ef803a1178c0a8affefea65855e11eab 100644 (file)
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -24,6 +24,9 @@ in
   };
 
   config = lib.mkIf config.myServices.buildbot.enable {
+    services.duplyBackup.profiles.buildbot = {
+      rootDir = varDir;
+    };
     ids.uids.buildbot = myconfig.env.buildbot.user.uid;
     ids.gids.buildbot = myconfig.env.buildbot.user.gid;
 
@@ -37,7 +40,11 @@ in
       extraGroups = [ "keys" ];
     };
 
-    services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
+    services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
+      (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")
+      myconfig.env.buildbot.projects;
+
+    services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
         RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
         RewriteEngine On
         RewriteRule ^/buildbot/${project.name}/ws(.*)$   unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
@@ -61,7 +68,11 @@ in
 
     system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
       deps = [ "users" "wrappers" ];
-      text = project.activationScript;
+      text = ''
+        install -m 755 -o buildbot -g buildbot -d ${varDir}/${project.name}
+
+        ${project.activationScript}
+        '';
     }) myconfig.env.buildbot.projects;
 
     secrets.keys = (
@@ -106,6 +117,14 @@ in
       }
     ];
 
+    services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
+      restart = true;
+      paths = [
+        "/var/secrets/buildbot/ldap"
+        "/var/secrets/buildbot/ssh_key"
+      ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;
+    }) myconfig.env.buildbot.projects;
+
     systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
       description = "Buildbot Continuous Integration Server ${project.name}.";
       after = [ "network-online.target" ];
@@ -163,7 +182,9 @@ in
       )}
       '';
       environment = let
-        project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
+        project_env = with lib.attrsets;
+          mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment //
+          mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project);
         buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
           name = "buildbot_config-${project.name}";
           src = ./projects + "/${project.name}";
My infrastructure configuration