--- /dev/null
+{ lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }:
+let
+ varDir = "/var/lib/buildbot";
+ buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
+ buildslist_yarn = pkgsNext.yarn2nix.mkYarnModules {
+ name = "buildslist-yarn-modules";
+ packageJSON = "${buildslist_src.src}/package.json";
+ yarnLock = "${buildslist_src.src}/yarn.lock";
+ };
+ buildslist_bower = pkgsNext.buildBowerComponents {
+ name = "buildslist";
+ generated = ./bower.nix;
+ src = "${buildslist_src.src}/guanlecoja/";
+ };
+
+ buildslist = pkgsNext.python3Packages.buildPythonPackage rec {
+ pname = "buildbot-buildslist";
+ inherit (pkgsNext.buildbot-pkg) version;
+
+ preConfigure = ''
+ export HOME=$PWD
+ cp -a ${buildslist_yarn}/node_modules .
+ chmod -R u+w node_modules
+ cp -a ${buildslist_bower}/bower_components ./libs
+ chmod -R u+w libs
+ '';
+ propagatedBuildInputs = with pkgsNext.python3Packages; [
+ (klein.overridePythonAttrs(old: { checkPhase = ""; }))
+ buildbot-pkg
+ ];
+ nativeBuildInputs = with pkgsNext; [ yarn nodejs ];
+ buildInputs = [ buildslist_yarn buildslist_bower ];
+
+ doCheck = false;
+ src = buildslist_src.src;
+ };
+ buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec {
+ format = "other";
+ installPhase = ''
+ mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
+ cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common
+ '';
+ });
+ buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
+in
+{
+ options = {
+ services.buildbot.enable = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ description = ''
+ Whether to enable buildbot.
+ '';
+ };
+ };
+
+ config = lib.mkIf config.services.buildbot.enable {
+ ids.uids.buildbot = myconfig.env.buildbot.user.uid;
+ ids.gids.buildbot = myconfig.env.buildbot.user.gid;
+
+ users.groups.buildbot.gid = config.ids.gids.buildbot;
+ users.users.buildbot = {
+ name = "buildbot";
+ uid = config.ids.uids.buildbot;
+ group = "buildbot";
+ description = "Buildbot user";
+ home = varDir;
+ };
+
+ services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
+ RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
+ RewriteEngine On
+ RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
+ ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
+ ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
+ <Location /buildbot/${project.name}/>
+ Use LDAPConnect
+ Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu
+
+ SetEnvIf X-Url-Scheme https HTTPS=1
+ ProxyPreserveHost On
+ </Location>
+ <Location /buildbot/${project.name}/change_hook/base>
+ Require local
+ </Location>
+ '') myconfig.env.buildbot.projects;
+
+ system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
+ deps = [ "users" "wrappers" ];
+ text = let
+ master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
+ puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify");
+ in ''
+ install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
+ install -m 0755 -o buildbot -g buildbot -d ${varDir}
+ if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
+ $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
+ rm -f ${varDir}/${project.name}/master.cfg.sample
+ fi
+ install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify
+ buildbot_secrets=${varDir}/${project.name}/secrets
+ install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
+ echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
+ ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
+ (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
+ )}
+ chown -R buildbot:buildbot $buildbot_secrets
+ chmod -R u=rX,go=- $buildbot_secrets
+ ${project.activationScript}
+ '';
+ }) myconfig.env.buildbot.projects;
+
+ systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
+ description = "Buildbot Continuous Integration Server ${project.name}.";
+ after = [ "network-online.target" ];
+ wantedBy = [ "multi-user.target" ];
+ path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgsNext);
+ environment = let
+ project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
+ buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec {
+ name = "buildbot_config-${project.name}";
+ src = "${./projects}/${project.name}";
+ format = "other";
+ installPhase = ''
+ mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
+ cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_config
+ '';
+ });
+ HOME = "${varDir}/${project.name}";
+ PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgsNext ++ [
+ pkgsNext.python3Packages.treq pkgsNext.python3Packages.ldap3 buildbot
+ pkgsNext.python3Packages.buildbot-worker
+ buildbot_common buildbot_config
+ ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgsNext.python3.pythonForBuild.sitePackages}" else ""}";
+ in project_env // { inherit PYTHONPATH HOME; };
+
+ serviceConfig = {
+ Type = "forking";
+ User = "buildbot";
+ Group = "buildbot";
+ WorkingDirectory = "${varDir}/${project.name}";
+ ExecStart = "${buildbot}/bin/buildbot start";
+ };
+ }) myconfig.env.buildbot.projects;
+ };
+}
projects / perso / Immae / Config / Nix.git / blobdiff