|
|
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
varDir = "/var/lib/buildbot";
buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json;
buildslist_yarn = mylibs.yarn2nixPackage.mkYarnModules rec {
name = "buildslist-yarn-modules";
pname = name;
inherit (pkgs.buildbot-pkg) version;
packageJSON = "${buildslist_src.src}/package.json";
yarnLock = "${buildslist_src.src}/yarn.lock";
};
buildslist_bower = pkgs.buildBowerComponents {
name = "buildslist";
generated = ./bower.nix;
src = "${buildslist_src.src}/guanlecoja/";
};
buildslist = pkgs.python3Packages.buildPythonPackage rec {
pname = "buildbot-buildslist";
inherit (pkgs.buildbot-pkg) version;
preConfigure = ''
export HOME=$PWD
cp -a ${buildslist_yarn}/node_modules .
chmod -R u+w node_modules
cp -a ${buildslist_bower}/bower_components ./libs
chmod -R u+w libs
'';
propagatedBuildInputs = with pkgs.python3Packages; [
(klein.overridePythonAttrs(old: { checkPhase = ""; }))
buildbot-pkg
];
nativeBuildInputs = with pkgs; [ yarn nodejs ];
buildInputs = [ buildslist_yarn buildslist_bower ];
doCheck = false;
src = buildslist_src.src;
};
buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
name = "buildbot_common";
src = ./common;
format = "other";
installPhase = ''
mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common
'';
};
buildbot = pkgs.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
in
{
options = {
services.buildbot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable buildbot.
'';
};
};
config = lib.mkIf config.services.buildbot.enable {
nixpkgs.overlays = [ (self: super: rec {
python3 = super.python3.override {
packageOverrides = python-self: python-super: {
wokkel = python-self.buildPythonPackage rec {
pname = "wokkel";
version = "18.0.0";
src = python-self.fetchPypi {
inherit pname version;
sha256 = "1spq44gg8gsviqx1dvlmjpgfc0wk0jpyx4ap01y2pad1ai9cw016";
};
propagatedBuildInputs = with python-self; [ twisted.extras.tls twisted incremental dateutil ];
doChecks = false;
};
apprise = python-self.buildPythonPackage rec {
pname = "apprise";
version = "0.7.4";
src = (mylibs.fetchedGithub ./apprise.json).src;
propagatedBuildInputs = with python-self; [ decorator
requests requests_oauthlib oauthlib urllib3 six click
markdown pyyaml sleekxmpp
];
doChecks = false;
};
};
};
}) ];
ids.uids.buildbot = myconfig.env.buildbot.user.uid;
ids.gids.buildbot = myconfig.env.buildbot.user.gid;
users.groups.buildbot.gid = config.ids.gids.buildbot;
users.users.buildbot = {
name = "buildbot";
uid = config.ids.uids.buildbot;
group = "buildbot";
description = "Buildbot user";
home = varDir;
};
services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
RewriteEngine On
RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
<Location /buildbot/${project.name}/>
Use LDAPConnect
Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
SetEnvIf X-Url-Scheme https HTTPS=1
ProxyPreserveHost On
</Location>
<Location /buildbot/${project.name}/change_hook/base>
<RequireAny>
Require local
Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
${if lib.attrsets.hasAttr "webhookTokens" project then ''
Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
'' else ""}
</RequireAny>
</Location>
'') myconfig.env.buildbot.projects;
system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
deps = [ "users" "wrappers" ];
text = let
master-cfg = "${buildbot_common}/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key");
tac_file = pkgs.writeText "buildbot.tac" ''
import os
from twisted.application import service
from buildbot.master import BuildMaster
basedir = '${varDir}/${project.name}'
rotateLength = 10000000
maxRotatedFiles = 10
configfile = '${master-cfg}'
# Default umask for server
umask = None
# if this is a relocatable tac file, get the directory containing the TAC
if basedir == '.':
import os
basedir = os.path.abspath(os.path.dirname(__file__))
# note: this line is matched against to check that this is a buildmaster
# directory; do not edit it.
application = service.Application('buildmaster')
from twisted.python.logfile import LogFile
from twisted.python.log import ILogObserver, FileLogObserver
logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
maxRotatedFiles=maxRotatedFiles)
application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
m = BuildMaster(basedir, configfile, umask)
m.setServiceParent(application)
m.log_rotation.rotateLength = rotateLength
m.log_rotation.maxRotatedFiles = maxRotatedFiles
'';
in ''
install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
install -m 0755 -o buildbot -g buildbot -d ${varDir}
if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
$wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
rm -f ${varDir}/${project.name}/master.cfg.sample
rm -f ${varDir}/${project.name}/buildbot.tac
fi
ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets
)}
chown -R buildbot:buildbot $buildbot_secrets
chmod -R u=rX,go=- $buildbot_secrets
${project.activationScript}
'';
}) myconfig.env.buildbot.projects;
systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
description = "Buildbot Continuous Integration Server ${project.name}.";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgs);
environment = let
project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
buildbot_config = pkgs.python3Packages.buildPythonPackage (rec {
name = "buildbot_config-${project.name}";
src = ./projects + "/${project.name}";
format = "other";
installPhase = ''
mkdir -p $out/${pkgs.python3.pythonForBuild.sitePackages}
cp -a $src $out/${pkgs.python3.pythonForBuild.sitePackages}/buildbot_config
'';
});
HOME = "${varDir}/${project.name}";
PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [
pkgs.python3Packages.wokkel
pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot
pkgs.python3Packages.buildbot-worker
buildbot_common buildbot_config
])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgs.python3.pythonForBuild.sitePackages}" else ""}";
in project_env // { inherit PYTHONPATH HOME; };
serviceConfig = {
Type = "forking";
User = "buildbot";
Group = "buildbot";
WorkingDirectory = "${varDir}/${project.name}";
ExecStart = "${buildbot}/bin/buildbot start";
};
}) myconfig.env.buildbot.projects;
};
}
|
