-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, buildbot, ... }:
let
varDir = "/var/lib/buildbot";
- buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
- name = "buildbot_common";
- src = ./common;
- format = "other";
- installPhase = ''
- mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
- cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common
- '';
- };
- buildbot = pkgs.python3Packages.buildbot-full;
+ bb-python = buildbot.pythonModule;
in
{
options = {
};
config = lib.mkIf config.myServices.buildbot.enable {
+ myEnv.buildbot.projects.test = {
+ name = "test";
+ workerPort = config.myEnv.ports.buildbot_test;
+ packages = [ pkgs.git pkgs.gzip pkgs.openssh ];
+ pythonPathHome = false;
+ secrets = {
+ apprise_webhooks = builtins.concatStringsSep "\n" [
+ "{{ .apprise_webhooks.matrix_immae_eu_alert }}"
+ ];
+ notify_xmpp_password = "{{ .xmpp.notify_bot }}";
+ };
+ activationScript = ''
+ install -m 0755 -o buildbot -g buildbot -d /var/lib/ftp/release.immae.eu/test
+ '';
+ webhookTokens = [
+ "{{ .buildbot.webhookTokens.Immae }}"
+ "{{ .buildbot.webhookTokens.Immae }}"
+ ];
+ };
+
+ myServices.chatonsProperties.hostings.buildbot = {
+ file.datetime = "2022-08-21T10:37:00";
+ hosting = {
+ name = "Buildbot";
+ description = "Python-based continuous integration testing framework";
+ type = "INSTANCE";
+ website = "https://git.immae.eu";
+ logo = "https://www.buildbot.net/img/icon.png";
+ status.level = "OK";
+ status.description = "OK";
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ guide.user = "https://www.immae.eu/docs/forge-logicielle.html";
+ };
+ software = {
+ name = "Buildbot";
+ website = "https://www.buildbot.net/";
+ license.url = "https://github.com/buildbot/buildbot/blob/master/LICENSE";
+ license.name = "GNU General Public License v2.0";
+ version = pkgs.buildbot.version;
+ source.url = "https://github.com/buildbot/buildbot";
+ };
+ };
+ nixpkgs.overlays = [
+ (self: super: {
+ follow-systemd-unit = self.writeScriptBin "follow-systemd-unit" ''
+ #!${self.stdenv.shell}
+
+ set -euo pipefail
+
+ service=$1
+ before_invocation_id=$2
+
+ get_id() {
+ systemctl show -p InvocationID --value "$service"
+ }
+
+ while [ "$(get_id)" = "$before_invocation_id" ]; do sleep 1; done
+
+ invocation_id="$(get_id)"
+ cursor="$(mktemp)"
+ trap "rm -f $cursor" EXIT
+
+ get_logs() {
+ journalctl --quiet --cursor-file=$cursor INVOCATION_ID=$invocation_id + _SYSTEMD_INVOCATION_ID=$invocation_id
+ }
+
+ while [ -n "$(systemctl show -p Job --value "$service")" ]; do
+ get_logs
+ done
+ get_logs
+ '';
+ })
+ ];
ids.uids.buildbot = config.myEnv.buildbot.user.uid;
ids.gids.buildbot = config.myEnv.buildbot.user.gid;
group = "buildbot";
description = "Buildbot user";
home = varDir;
- extraGroups = [ "keys" ];
+ extraGroups = [ "keys" "systemd-journal" ];
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ config.myEnv.buildbot.ssh_key.public ];
};
services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
permissions = "0600";
user = "buildbot";
group = "buildbot";
+ keyDependencies = [ (buildbot.buildbot_config project).src ] ++ project.secretsDeps;
text = let
project_env = with lib.attrsets;
mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment //
- mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) //
{
- BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}";
+ BUILDBOT_PROJECT_DIR = (buildbot.buildbot_config project).src;
BUILDBOT_WORKER_PORT = builtins.toString project.workerPort;
BUILDBOT_HOST = config.hostEnv.fqdn;
BUILDBOT_VIRT_URL = "qemu+ssh://libvirt@dilion.immae.eu/system";
group = "buildbot";
text = config.myEnv.buildbot.ssh_key.private;
};
+ "buildbot/ssh_known_hosts" = {
+ permissions = "0644";
+ user = "buildbot";
+ group = "buildbot";
+ text = ''
+ git.immae.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF
+ eldiron ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF
+ phare.normalesup.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2GomItXICXpCtCFRMT2xuerqx2nLMO/3mNUuWyzFr1
+ '';
+ };
};
services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
description = "Buildbot Continuous Integration Server ${project.name}.";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
- path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
+ path = project.packages;
preStart = let
- master-cfg = "${buildbot_common}/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
+ master-cfg = "${buildbot.buildbot_common}/${bb-python.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
tac_file = pkgs.writeText "buildbot.tac" ''
import os
ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
# different buildbots may be trying that simultaneously, add the || true to avoid complaining in case of race
install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_key"} ${varDir}/buildbot_key || true
+ install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_known_hosts"} ${varDir}/buildbot_hosts || true
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets
install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ldap"} $buildbot_secrets/ldap
${buildbot}/bin/buildbot upgrade-master ${varDir}/${project.name}
'';
environment = let
- buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
- name = "buildbot_config-${project.name}";
- src = ./projects + "/${project.name}";
- format = "other";
- installPhase = ''
- mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
- cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_config
- '';
- });
HOME = "${varDir}/${project.name}";
- PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [
- pkgs.python3Packages.libvirt
- pkgs.python3Packages.wokkel
- pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot
- pkgs.python3Packages.buildbot-worker
- buildbot_common buildbot_config
- ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}";
+ PYTHONPATH = "${bb-python.withPackages (self:
+ buildbot.common_packages self ++
+ [ (buildbot.buildbot_config project) ]
+ )}/${bb-python.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${bb-python.sitePackages}" else ""}";
in { inherit PYTHONPATH HOME; };
serviceConfig = {
projects / perso / Immae / Config / Nix.git / blobdiff