From 17f6eae9907a122d4472da727ae8b1ac1c40c027 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 1 Jun 2019 00:01:46 +0200
Subject: Add a filesWatcher service to restart them when secrets change

---
 modules/private/buildbot/default.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'modules/private/buildbot/default.nix')

diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index fa6a6f2..d023a83 100644
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -37,6 +37,10 @@ in
       extraGroups = [ "keys" ];
     };
 
+    services.websites.tools.watchPaths = lib.attrsets.mapAttrsToList
+      (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")
+      myconfig.env.buildbot.projects;
+
     services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
         RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
         RewriteEngine On
@@ -106,6 +110,14 @@ in
       }
     ];
 
+    services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
+      restart = true;
+      paths = [
+        "/var/secrets/buildbot/ldap"
+        "/var/secrets/buildbot/ssh_key"
+      ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;
+    }) myconfig.env.buildbot.projects;
+
     systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
       description = "Buildbot Continuous Integration Server ${project.name}.";
       after = [ "network-online.target" ];
-- 
cgit v1.2.3