diff options
Diffstat (limited to 'modules/private/buildbot/default.nix')
-rw-r--r-- | modules/private/buildbot/default.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index d6753e5..ac34845 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
@@ -107,7 +107,12 @@ in | |||
107 | project_env = with lib.attrsets; | 107 | project_env = with lib.attrsets; |
108 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // | 108 | mapAttrs' (k: v: nameValuePair "BUILDBOT_${k}" v) project.environment // |
109 | mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) // | 109 | mapAttrs' (k: v: nameValuePair "BUILDBOT_PATH_${k}" (v pkgs)) (attrByPath ["builderPaths"] {} project) // |
110 | { BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}"; }; | 110 | { |
111 | BUILDBOT_PROJECT_DIR = ./projects + "/${project.name}"; | ||
112 | BUILDBOT_WORKER_PORT = builtins.toString project.workerPort; | ||
113 | BUILDBOT_HOST = config.hostEnv.fqdn; | ||
114 | BUILDBOT_VIRT_URL = "qemu+ssh://libvirt@dilion.immae.eu/system"; | ||
115 | }; | ||
111 | in builtins.concatStringsSep "\n" | 116 | in builtins.concatStringsSep "\n" |
112 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); | 117 | (lib.mapAttrsToList (envK: envV: "${envK}=${envV}") project_env); |
113 | } | 118 | } |
@@ -126,6 +131,13 @@ in | |||
126 | permissions = "0600"; | 131 | permissions = "0600"; |
127 | user = "buildbot"; | 132 | user = "buildbot"; |
128 | group = "buildbot"; | 133 | group = "buildbot"; |
134 | text = config.myEnv.buildbot.workerPassword; | ||
135 | dest = "buildbot/worker_password"; | ||
136 | } | ||
137 | { | ||
138 | permissions = "0600"; | ||
139 | user = "buildbot"; | ||
140 | group = "buildbot"; | ||
129 | text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key"; | 141 | text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key"; |
130 | dest = "buildbot/ssh_key"; | 142 | dest = "buildbot/ssh_key"; |
131 | } | 143 | } |
@@ -135,6 +147,7 @@ in | |||
135 | restart = true; | 147 | restart = true; |
136 | paths = [ | 148 | paths = [ |
137 | "/var/secrets/buildbot/ldap" | 149 | "/var/secrets/buildbot/ldap" |
150 | "/var/secrets/buildbot/worker_password" | ||
138 | "/var/secrets/buildbot/ssh_key" | 151 | "/var/secrets/buildbot/ssh_key" |
139 | "/var/secrets/buildbot/${project.name}/environment_file" | 152 | "/var/secrets/buildbot/${project.name}/environment_file" |
140 | ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets; | 153 | ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets; |
@@ -144,6 +157,7 @@ in | |||
144 | description = "buildbot slice"; | 157 | description = "buildbot slice"; |
145 | }; | 158 | }; |
146 | 159 | ||
160 | networking.firewall.allowedTCPPorts = lib.attrsets.mapAttrsToList (k: v: v.workerPort) config.myEnv.buildbot.projects; | ||
147 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { | 161 | systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { |
148 | description = "Buildbot Continuous Integration Server ${project.name}."; | 162 | description = "Buildbot Continuous Integration Server ${project.name}."; |
149 | after = [ "network-online.target" ]; | 163 | after = [ "network-online.target" ]; |
@@ -196,6 +210,7 @@ in | |||
196 | buildbot_secrets=${varDir}/${project.name}/secrets | 210 | buildbot_secrets=${varDir}/${project.name}/secrets |
197 | install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets | 211 | install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets |
198 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap | 212 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap |
213 | install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/worker_password $buildbot_secrets/worker_password | ||
199 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | 214 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList |
200 | (k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets | 215 | (k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets |
201 | )} | 216 | )} |
@@ -213,6 +228,7 @@ in | |||
213 | }); | 228 | }); |
214 | HOME = "${varDir}/${project.name}"; | 229 | HOME = "${varDir}/${project.name}"; |
215 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [ | 230 | PYTHONPATH = "${buildbot.pythonModule.withPackages (self: project.pythonPackages self pkgs ++ [ |
231 | pkgs.python3Packages.libvirt | ||
216 | pkgs.python3Packages.wokkel | 232 | pkgs.python3Packages.wokkel |
217 | pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot | 233 | pkgs.python3Packages.treq pkgs.python3Packages.ldap3 buildbot |
218 | pkgs.python3Packages.buildbot-worker | 234 | pkgs.python3Packages.buildbot-worker |