forked from the-distro/infra
buildbot: upgrade to local machine specifications
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
parent
25feb3c9f1
commit
8afcf249d6
|
@ -64,11 +64,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721229951,
|
"lastModified": 1721297738,
|
||||||
"narHash": "sha256-RO7jlz2T0h9l7Hmij6Iy3qdYps33wDuAoBMQ21ROvyw=",
|
"narHash": "sha256-xkNu7G/ejwrz7P4NNu7cF2L1pQqh+XZMeUaKvF/tZKY=",
|
||||||
"ref": "refs/heads/refactor",
|
"ref": "refs/heads/refactor",
|
||||||
"rev": "8286c1028b2a69ee72680dc06d26bd80665ce02a",
|
"rev": "4ad5459da867bba670c5e9cb89e159820663dc07",
|
||||||
"revCount": 262,
|
"revCount": 265,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -76,16 +76,33 @@ in
|
||||||
tokenUri = "https://identity.lix.systems/realms/lix-project/protocol/openid-connect/token";
|
tokenUri = "https://identity.lix.systems/realms/lix-project/protocol/openid-connect/token";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# TODO(raito): this is not really necessary, we never have remote buildbot workers.
|
||||||
|
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
||||||
workersFile = config.age.secrets.buildbot-workers.path;
|
workersFile = config.age.secrets.buildbot-workers.path;
|
||||||
|
|
||||||
allowedOrigins = [
|
allowedOrigins = [
|
||||||
"*.forkos.org"
|
"*.forkos.org"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# TODO(raito): is that really necessary when we can just collect buildMachines' systems?
|
||||||
buildSystems = [
|
buildSystems = [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
buildMachines = map (n: {
|
||||||
|
hostName = nodes.${n}.config.networking.fqdn;
|
||||||
|
protocol = "ssh-ng";
|
||||||
|
# Follows Hydra.
|
||||||
|
maxJobs = 8;
|
||||||
|
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
|
||||||
|
sshUser = "buildbot";
|
||||||
|
systems = [ "x86_64-linux" ];
|
||||||
|
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
|
||||||
|
# Contrary to how Nix works, here we can specify non-base64 public host keys.
|
||||||
|
publicHostKey = ssh-keys.machines.${n};
|
||||||
|
}
|
||||||
|
) cfg.builders;
|
||||||
|
|
||||||
gerrit = {
|
gerrit = {
|
||||||
domain = cfgGerrit.canonicalDomain;
|
domain = cfgGerrit.canonicalDomain;
|
||||||
# Manually managed account…
|
# Manually managed account…
|
||||||
|
@ -106,28 +123,6 @@ in
|
||||||
signingKeyFile = config.age.secrets.buildbot-signing-key.path;
|
signingKeyFile = config.age.secrets.buildbot-signing-key.path;
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
|
||||||
nix.buildMachines = map (n: {
|
|
||||||
hostName = nodes.${n}.config.networking.fqdn;
|
|
||||||
protocol = "ssh-ng";
|
|
||||||
# Follows Hydra.
|
|
||||||
maxJobs = 8;
|
|
||||||
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
|
|
||||||
sshUser = "buildbot";
|
|
||||||
systems = [ "x86_64-linux" ];
|
|
||||||
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
|
|
||||||
# TODO: fix it, see the Hydra file about it.
|
|
||||||
# IFD already exist in NixOS, so it's fine, I guess.
|
|
||||||
publicHostKey = builtins.readFile (pkgs.runCommandLocal "in-the-right-form" {
|
|
||||||
buildInputs = [
|
|
||||||
pkgs.coreutils
|
|
||||||
];
|
|
||||||
} ''
|
|
||||||
echo -n '${ssh-keys.machines.${n}}' | base64 -w0 > $out
|
|
||||||
'');
|
|
||||||
}
|
|
||||||
) cfg.builders;
|
|
||||||
|
|
||||||
nix.settings.keep-derivations = true;
|
nix.settings.keep-derivations = true;
|
||||||
nix.gc = {
|
nix.gc = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
|
|
Loading…
Reference in a new issue