buildbot: upgrade to local machine specifications

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-07-18 12:18:02 +02:00
parent 25feb3c9f1
commit 8afcf249d6
2 changed files with 21 additions and 26 deletions
flake.lock
services/buildbot

View file

@ -64,11 +64,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1721229951, "lastModified": 1721297738,
"narHash": "sha256-RO7jlz2T0h9l7Hmij6Iy3qdYps33wDuAoBMQ21ROvyw=", "narHash": "sha256-xkNu7G/ejwrz7P4NNu7cF2L1pQqh+XZMeUaKvF/tZKY=",
"ref": "refs/heads/refactor", "ref": "refs/heads/refactor",
"rev": "8286c1028b2a69ee72680dc06d26bd80665ce02a", "rev": "4ad5459da867bba670c5e9cb89e159820663dc07",
"revCount": 262, "revCount": 265,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/buildbot-nix.git" "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
}, },

View file

@ -76,16 +76,33 @@ in
tokenUri = "https://identity.lix.systems/realms/lix-project/protocol/openid-connect/token"; tokenUri = "https://identity.lix.systems/realms/lix-project/protocol/openid-connect/token";
}; };
# TODO(raito): this is not really necessary, we never have remote buildbot workers.
# we can replace all of this with automatic localworker generation on buildbot-nix side.
workersFile = config.age.secrets.buildbot-workers.path; workersFile = config.age.secrets.buildbot-workers.path;
allowedOrigins = [ allowedOrigins = [
"*.forkos.org" "*.forkos.org"
]; ];
# TODO(raito): is that really necessary when we can just collect buildMachines' systems?
buildSystems = [ buildSystems = [
"x86_64-linux" "x86_64-linux"
]; ];
buildMachines = map (n: {
hostName = nodes.${n}.config.networking.fqdn;
protocol = "ssh-ng";
# Follows Hydra.
maxJobs = 8;
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
sshUser = "buildbot";
systems = [ "x86_64-linux" ];
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
# Contrary to how Nix works, here we can specify non-base64 public host keys.
publicHostKey = ssh-keys.machines.${n};
}
) cfg.builders;
gerrit = { gerrit = {
domain = cfgGerrit.canonicalDomain; domain = cfgGerrit.canonicalDomain;
# Manually managed account… # Manually managed account…
@ -106,28 +123,6 @@ in
signingKeyFile = config.age.secrets.buildbot-signing-key.path; signingKeyFile = config.age.secrets.buildbot-signing-key.path;
}; };
nix.distributedBuilds = true;
nix.buildMachines = map (n: {
hostName = nodes.${n}.config.networking.fqdn;
protocol = "ssh-ng";
# Follows Hydra.
maxJobs = 8;
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
sshUser = "buildbot";
systems = [ "x86_64-linux" ];
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
# TODO: fix it, see the Hydra file about it.
# IFD already exist in NixOS, so it's fine, I guess.
publicHostKey = builtins.readFile (pkgs.runCommandLocal "in-the-right-form" {
buildInputs = [
pkgs.coreutils
];
} ''
echo -n '${ssh-keys.machines.${n}}' | base64 -w0 > $out
'');
}
) cfg.builders;
nix.settings.keep-derivations = true; nix.settings.keep-derivations = true;
nix.gc = { nix.gc = {
automatic = true; automatic = true;