diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-03-23 00:21:59 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-03-23 00:21:59 +0100 |
commit | 9fb4205e2ceadb79a93cbe44bd77ebebe8c94625 (patch) | |
tree | b8e676c9a360eb47d78de6ec70f04f6c4dd0b546 /nixops/modules/buildbot/default.nix | |
parent | 80a3e0559c86d4f1fc2523b30db8a3d568cf1888 (diff) | |
download | Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.gz Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.zst Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.zip |
Add buildbot
Fixes https://git.immae.eu/mantisbt/view.php?id=74
Diffstat (limited to 'nixops/modules/buildbot/default.nix')
-rw-r--r-- | nixops/modules/buildbot/default.nix | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix new file mode 100644 index 0000000..cd5b260 --- /dev/null +++ b/nixops/modules/buildbot/default.nix | |||
@@ -0,0 +1,146 @@ | |||
1 | { lib, pkgs, pkgsNext, config, myconfig, mylibs, ... }: | ||
2 | let | ||
3 | varDir = "/var/lib/buildbot"; | ||
4 | buildslist_src = mylibs.fetchedGitPrivate ./buildslist.json; | ||
5 | buildslist_yarn = pkgsNext.yarn2nix.mkYarnModules { | ||
6 | name = "buildslist-yarn-modules"; | ||
7 | packageJSON = "${buildslist_src.src}/package.json"; | ||
8 | yarnLock = "${buildslist_src.src}/yarn.lock"; | ||
9 | }; | ||
10 | buildslist_bower = pkgsNext.buildBowerComponents { | ||
11 | name = "buildslist"; | ||
12 | generated = ./bower.nix; | ||
13 | src = "${buildslist_src.src}/guanlecoja/"; | ||
14 | }; | ||
15 | |||
16 | buildslist = pkgsNext.python3Packages.buildPythonPackage rec { | ||
17 | pname = "buildbot-buildslist"; | ||
18 | inherit (pkgsNext.buildbot-pkg) version; | ||
19 | |||
20 | preConfigure = '' | ||
21 | export HOME=$PWD | ||
22 | cp -a ${buildslist_yarn}/node_modules . | ||
23 | chmod -R u+w node_modules | ||
24 | cp -a ${buildslist_bower}/bower_components ./libs | ||
25 | chmod -R u+w libs | ||
26 | ''; | ||
27 | propagatedBuildInputs = with pkgsNext.python3Packages; [ | ||
28 | (klein.overridePythonAttrs(old: { checkPhase = ""; })) | ||
29 | buildbot-pkg | ||
30 | ]; | ||
31 | nativeBuildInputs = with pkgsNext; [ yarn nodejs ]; | ||
32 | buildInputs = [ buildslist_yarn buildslist_bower ]; | ||
33 | |||
34 | doCheck = false; | ||
35 | src = buildslist_src.src; | ||
36 | }; | ||
37 | buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec { | ||
38 | format = "other"; | ||
39 | installPhase = '' | ||
40 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | ||
41 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common | ||
42 | ''; | ||
43 | }); | ||
44 | buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]); | ||
45 | in | ||
46 | { | ||
47 | options = { | ||
48 | services.buildbot.enable = lib.mkOption { | ||
49 | type = lib.types.bool; | ||
50 | default = false; | ||
51 | description = '' | ||
52 | Whether to enable buildbot. | ||
53 | ''; | ||
54 | }; | ||
55 | }; | ||
56 | |||
57 | config = lib.mkIf config.services.buildbot.enable { | ||
58 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | ||
59 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | ||
60 | |||
61 | users.groups.buildbot.gid = config.ids.gids.buildbot; | ||
62 | users.users.buildbot = { | ||
63 | name = "buildbot"; | ||
64 | uid = config.ids.uids.buildbot; | ||
65 | group = "buildbot"; | ||
66 | description = "Buildbot user"; | ||
67 | home = varDir; | ||
68 | }; | ||
69 | |||
70 | services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' | ||
71 | RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" | ||
72 | RewriteEngine On | ||
73 | RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] | ||
74 | ProxyPass /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | ||
75 | ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | ||
76 | <Location /buildbot/${project.name}/> | ||
77 | Use LDAPConnect | ||
78 | Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu | ||
79 | |||
80 | SetEnvIf X-Url-Scheme https HTTPS=1 | ||
81 | ProxyPreserveHost On | ||
82 | </Location> | ||
83 | <Location /buildbot/${project.name}/change_hook/base> | ||
84 | Require local | ||
85 | </Location> | ||
86 | '') myconfig.env.buildbot.projects; | ||
87 | |||
88 | system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | ||
89 | deps = [ "users" "wrappers" ]; | ||
90 | text = let | ||
91 | master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg"; | ||
92 | puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify"); | ||
93 | in '' | ||
94 | install -m 0755 -o buildbot -g buildbot -d /run/buildbot/ | ||
95 | install -m 0755 -o buildbot -g buildbot -d ${varDir} | ||
96 | if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then | ||
97 | $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}" | ||
98 | rm -f ${varDir}/${project.name}/master.cfg.sample | ||
99 | fi | ||
100 | install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify | ||
101 | buildbot_secrets=${varDir}/${project.name}/secrets | ||
102 | install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets | ||
103 | echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap | ||
104 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | ||
105 | (k: v: "echo ${lib.strings.escapeShellArg v} > $buildbot_secrets/${k}") project.secrets | ||
106 | )} | ||
107 | chown -R buildbot:buildbot $buildbot_secrets | ||
108 | chmod -R u=rX,go=- $buildbot_secrets | ||
109 | ${project.activationScript} | ||
110 | ''; | ||
111 | }) myconfig.env.buildbot.projects; | ||
112 | |||
113 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | ||
114 | description = "Buildbot Continuous Integration Server ${project.name}."; | ||
115 | after = [ "network-online.target" ]; | ||
116 | wantedBy = [ "multi-user.target" ]; | ||
117 | path = project.packages pkgs ++ (project.pythonPackages buildbot.pythonModule pkgsNext); | ||
118 | environment = let | ||
119 | project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment; | ||
120 | buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec { | ||
121 | name = "buildbot_config-${project.name}"; | ||
122 | src = "${./projects}/${project.name}"; | ||
123 | format = "other"; | ||
124 | installPhase = '' | ||
125 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | ||
126 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_config | ||
127 | ''; | ||
128 | }); | ||
129 | HOME = "${varDir}/${project.name}"; | ||
130 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgsNext ++ [ | ||
131 | pkgsNext.python3Packages.treq pkgsNext.python3Packages.ldap3 buildbot | ||
132 | pkgsNext.python3Packages.buildbot-worker | ||
133 | buildbot_common buildbot_config | ||
134 | ])}/${buildbot.pythonModule.sitePackages}${if project.pythonPathHome then ":${varDir}/${project.name}/.local/${pkgsNext.python3.pythonForBuild.sitePackages}" else ""}"; | ||
135 | in project_env // { inherit PYTHONPATH HOME; }; | ||
136 | |||
137 | serviceConfig = { | ||
138 | Type = "forking"; | ||
139 | User = "buildbot"; | ||
140 | Group = "buildbot"; | ||
141 | WorkingDirectory = "${varDir}/${project.name}"; | ||
142 | ExecStart = "${buildbot}/bin/buildbot start"; | ||
143 | }; | ||
144 | }) myconfig.env.buildbot.projects; | ||
145 | }; | ||
146 | } | ||