diff options
Diffstat (limited to 'modules/private/buildbot/default.nix')
| -rw-r--r-- | modules/private/buildbot/default.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index d6753e5..ac34845 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
| @@ -107,7 +107,12 @@ in | |||
| 107 | project_env = with lib.attrsets; | 107 | project_env = with lib.attrsets; |
| 108 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // | 108 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // |
| 109 | mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) // | 109 | mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) // |
| 110 | { BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}"; }; | 110 | { |
| 111 | BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}"; | ||
| 112 | BUILDBOT_WORKER_PORT = builtins.toString project.workerPort; | ||
| 113 | BUILDBOT_HOST = config.hostEnv.fqdn; | ||
| 114 | BUILDBOT_VIRT_URL = "qemu+ssh://libvirt@dilion.immae.eu/system"; | ||
| 115 | }; | ||
| 111 | in builtins.concatStringsSep "\n" | 116 | in builtins.concatStringsSep "\n" |
| 112 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); | 117 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); |
| 113 | } | 118 | } |
| @@ -126,6 +131,13 @@ in | |||
| 126 | permissions = "0600"; | 131 | permissions = "0600"; |
| 127 | user = "buildbot"; | 132 | user = "buildbot"; |
| 128 | group = "buildbot"; | 133 | group = "buildbot"; |
| 134 | text = config.myEnv.buildbot.workerPassword; | ||
| 135 | dest = "buildbot/worker_password"; | ||
| 136 | } | ||
| 137 | { | ||
| 138 | permissions = "0600"; | ||
| 139 | user = "buildbot"; | ||
| 140 | group = "buildbot"; | ||
| 129 | text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key"; | 141 | text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key"; |
| 130 | dest = "buildbot/ssh_key"; | 142 | dest = "buildbot/ssh_key"; |
| 131 | } | 143 | } |
| @@ -135,6 +147,7 @@ in | |||
| 135 | restart = true; | 147 | restart = true; |
| 136 | paths = [ | 148 | paths = [ |
| 137 | "/var/secrets/buildbot/ldap" | 149 | "/var/secrets/buildbot/ldap" |
| 150 | "/var/secrets/buildbot/worker_password" | ||
| 138 | "/var/secrets/buildbot/ssh_key" | 151 | "/var/secrets/buildbot/ssh_key" |
| 139 | "/var/secrets/buildbot/${project.name}/environment_file" | 152 | "/var/secrets/buildbot/${project.name}/environment_file" |
| 140 | ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets; | 153 | ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets; |
| @@ -144,6 +157,7 @@ in | |||
| 144 | description = "buildbot slice"; | 157 | description = "buildbot slice"; |
| 145 | }; | 158 | }; |
| 146 | 159 | ||
| 160 | networking.firewall.allowedTCPPorts = lib.attrsets.mapAttrsToList (k: v: v.workerPort) config.myEnv.buildbot.projects; | ||
| 147 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | 161 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { |
| 148 | description = "Buildbot Continuous Integration Server ${project.name}."; | 162 | description = "Buildbot Continuous Integration Server ${project.name}."; |
| 149 | after = [ "network-online.target" ]; | 163 | after = [ "network-online.target" ]; |
| @@ -196,6 +210,7 @@ in | |||
| 196 | buildbot_secrets=${varDir}/${project.name}/secrets | 210 | buildbot_secrets=${varDir}/${project.name}/secrets |
| 197 | install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets | 211 | install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets |
| 198 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap | 212 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap |
| 213 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/worker_password $buildbot_secrets/worker_password | ||
| 199 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | 214 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList |
| 200 | (k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets | 215 | (k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets |
| 201 | )} | 216 | )} |
| @@ -213,6 +228,7 @@ in | |||
| 213 | }); | 228 | }); |
| 214 | HOME = "${varDir}/${project.name}"; | 229 | HOME = "${varDir}/${project.name}"; |
| 215 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [ | 230 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [ |
| 231 | pkgs.python3Packages.libvirt | ||
| 216 | pkgs.python3Packages.wokkel | 232 | pkgs.python3Packages.wokkel |
| 217 | pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot | 233 | pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot |
| 218 | pkgs.python3Packages.buildbot-worker | 234 | pkgs.python3Packages.buildbot-worker |