aboutsummaryrefslogtreecommitdiff
path: root/modules/private/buildbot
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2021-10-16 17:40:07 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2021-10-16 20:20:45 +0200
commit4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/buildbot
parentda30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
downloadNix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip
Use attrs for secrets instead of lists
Diffstat (limited to 'modules/private/buildbot')
-rw-r--r--modules/private/buildbot/default.nix36
1 files changed, 15 insertions, 21 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index 903f453..dc8a0d2 100644
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -76,33 +76,30 @@ in
76 ''; 76 '';
77 }) config.myEnv.buildbot.projects; 77 }) config.myEnv.buildbot.projects;
78 78
79 secrets.keys = ( 79 secrets.keys = lib.listToAttrs (
80 lib.lists.flatten ( 80 lib.lists.flatten (
81 lib.attrsets.mapAttrsToList (k: project: 81 lib.attrsets.mapAttrsToList (k: project:
82 lib.attrsets.mapAttrsToList (k: v: 82 lib.attrsets.mapAttrsToList (k: v:
83 { 83 (lib.nameValuePair "buildbot/${project.name}/${k}" {
84 permissions = "0600"; 84 permissions = "0600";
85 user = "buildbot"; 85 user = "buildbot";
86 group = "buildbot"; 86 group = "buildbot";
87 text = v; 87 text = v;
88 dest = "buildbot/${project.name}/${k}"; 88 })
89 }
90 ) project.secrets 89 ) project.secrets
91 ++ [ 90 ++ [
92 { 91 (lib.nameValuePair "buildbot/${project.name}/webhook-httpd-include" {
93 permissions = "0600"; 92 permissions = "0600";
94 user = "wwwrun"; 93 user = "wwwrun";
95 group = "wwwrun"; 94 group = "wwwrun";
96 text = lib.optionalString (project.webhookTokens != null) '' 95 text = lib.optionalString (project.webhookTokens != null) ''
97 Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }" 96 Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
98 ''; 97 '';
99 dest = "buildbot/${project.name}/webhook-httpd-include"; 98 })
100 } 99 (lib.nameValuePair "buildbot/${project.name}/environment_file" {
101 {
102 permissions = "0600"; 100 permissions = "0600";
103 user = "buildbot"; 101 user = "buildbot";
104 group = "buildbot"; 102 group = "buildbot";
105 dest = "buildbot/${project.name}/environment_file";
106 text = let 103 text = let
107 project_env = with lib.attrsets; 104 project_env = with lib.attrsets;
108 mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // 105 mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment //
@@ -115,33 +112,30 @@ in
115 }; 112 };
116 in builtins.concatStringsSep "\n" 113 in builtins.concatStringsSep "\n"
117 (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); 114 (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env);
118 } 115 })
119 ] 116 ]
120 ) config.myEnv.buildbot.projects 117 ) config.myEnv.buildbot.projects
121 ) 118 )
122 ) ++ [ 119 ) // {
123 { 120 "buildbot/ldap" = {
124 permissions = "0600"; 121 permissions = "0600";
125 user = "buildbot"; 122 user = "buildbot";
126 group = "buildbot"; 123 group = "buildbot";
127 text = config.myEnv.buildbot.ldap.password; 124 text = config.myEnv.buildbot.ldap.password;
128 dest = "buildbot/ldap"; 125 };
129 } 126 "buildbot/worker_password" = {
130 {
131 permissions = "0600"; 127 permissions = "0600";
132 user = "buildbot"; 128 user = "buildbot";
133 group = "buildbot"; 129 group = "buildbot";
134 text = config.myEnv.buildbot.workerPassword; 130 text = config.myEnv.buildbot.workerPassword;
135 dest = "buildbot/worker_password"; 131 };
136 } 132 "buildbot/ssh_key" = {
137 {
138 permissions = "0600"; 133 permissions = "0600";
139 user = "buildbot"; 134 user = "buildbot";
140 group = "buildbot"; 135 group = "buildbot";
141 text = config.myEnv.buildbot.ssh_key.private; 136 text = config.myEnv.buildbot.ssh_key.private;
142 dest = "buildbot/ssh_key"; 137 };
143 } 138 };
144 ];
145 139
146 services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { 140 services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
147 restart = true; 141 restart = true;