diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 17:40:07 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 20:20:45 +0200 |
commit | 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch) | |
tree | 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/buildbot | |
parent | da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff) | |
download | Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip |
Use attrs for secrets instead of lists
Diffstat (limited to 'modules/private/buildbot')
-rw-r--r-- | modules/private/buildbot/default.nix | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index 903f453..dc8a0d2 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
@@ -76,33 +76,30 @@ in | |||
76 | ''; | 76 | ''; |
77 | }) config.myEnv.buildbot.projects; | 77 | }) config.myEnv.buildbot.projects; |
78 | 78 | ||
79 | secrets.keys = ( | 79 | secrets.keys = lib.listToAttrs ( |
80 | lib.lists.flatten ( | 80 | lib.lists.flatten ( |
81 | lib.attrsets.mapAttrsToList (k: project: | 81 | lib.attrsets.mapAttrsToList (k: project: |
82 | lib.attrsets.mapAttrsToList (k: v: | 82 | lib.attrsets.mapAttrsToList (k: v: |
83 | { | 83 | (lib.nameValuePair "buildbot/${project.name}/${k}" { |
84 | permissions = "0600"; | 84 | permissions = "0600"; |
85 | user = "buildbot"; | 85 | user = "buildbot"; |
86 | group = "buildbot"; | 86 | group = "buildbot"; |
87 | text = v; | 87 | text = v; |
88 | dest = "buildbot/${project.name}/${k}"; | 88 | }) |
89 | } | ||
90 | ) project.secrets | 89 | ) project.secrets |
91 | ++ [ | 90 | ++ [ |
92 | { | 91 | (lib.nameValuePair "buildbot/${project.name}/webhook-httpd-include" { |
93 | permissions = "0600"; | 92 | permissions = "0600"; |
94 | user = "wwwrun"; | 93 | user = "wwwrun"; |
95 | group = "wwwrun"; | 94 | group = "wwwrun"; |
96 | text = lib.optionalString (project.webhookTokens != null) '' | 95 | text = lib.optionalString (project.webhookTokens != null) '' |
97 | Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }" | 96 | Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }" |
98 | ''; | 97 | ''; |
99 | dest = "buildbot/${project.name}/webhook-httpd-include"; | 98 | }) |
100 | } | 99 | (lib.nameValuePair "buildbot/${project.name}/environment_file" { |
101 | { | ||
102 | permissions = "0600"; | 100 | permissions = "0600"; |
103 | user = "buildbot"; | 101 | user = "buildbot"; |
104 | group = "buildbot"; | 102 | group = "buildbot"; |
105 | dest = "buildbot/${project.name}/environment_file"; | ||
106 | text = let | 103 | text = let |
107 | project_env = with lib.attrsets; | 104 | project_env = with lib.attrsets; |
108 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // | 105 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // |
@@ -115,33 +112,30 @@ in | |||
115 | }; | 112 | }; |
116 | in builtins.concatStringsSep "\n" | 113 | in builtins.concatStringsSep "\n" |
117 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); | 114 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); |
118 | } | 115 | }) |
119 | ] | 116 | ] |
120 | ) config.myEnv.buildbot.projects | 117 | ) config.myEnv.buildbot.projects |
121 | ) | 118 | ) |
122 | ) ++ [ | 119 | ) // { |
123 | { | 120 | "buildbot/ldap" = { |
124 | permissions = "0600"; | 121 | permissions = "0600"; |
125 | user = "buildbot"; | 122 | user = "buildbot"; |
126 | group = "buildbot"; | 123 | group = "buildbot"; |
127 | text = config.myEnv.buildbot.ldap.password; | 124 | text = config.myEnv.buildbot.ldap.password; |
128 | dest = "buildbot/ldap"; | 125 | }; |
129 | } | 126 | "buildbot/worker_password" = { |
130 | { | ||
131 | permissions = "0600"; | 127 | permissions = "0600"; |
132 | user = "buildbot"; | 128 | user = "buildbot"; |
133 | group = "buildbot"; | 129 | group = "buildbot"; |
134 | text = config.myEnv.buildbot.workerPassword; | 130 | text = config.myEnv.buildbot.workerPassword; |
135 | dest = "buildbot/worker_password"; | 131 | }; |
136 | } | 132 | "buildbot/ssh_key" = { |
137 | { | ||
138 | permissions = "0600"; | 133 | permissions = "0600"; |
139 | user = "buildbot"; | 134 | user = "buildbot"; |
140 | group = "buildbot"; | 135 | group = "buildbot"; |
141 | text = config.myEnv.buildbot.ssh_key.private; | 136 | text = config.myEnv.buildbot.ssh_key.private; |
142 | dest = "buildbot/ssh_key"; | 137 | }; |
143 | } | 138 | }; |
144 | ]; | ||
145 | 139 | ||
146 | services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | 140 | services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { |
147 | restart = true; | 141 | restart = true; |