buildbot-nix/nix/worker.nix

85 lines
2.8 KiB
Nix
Raw Normal View History

2023-09-10 08:11:56 +00:00
{ config
, pkgs
2023-09-10 09:01:00 +00:00
, lib
2023-09-10 08:11:56 +00:00
, ...
}:
let
2023-09-10 09:01:00 +00:00
cfg = config.services.buildbot-nix.worker;
2023-09-10 08:11:56 +00:00
home = "/var/lib/buildbot-worker";
buildbotDir = "${home}/worker";
2023-09-10 09:01:00 +00:00
python = cfg.package.pythonModule;
2023-09-10 08:11:56 +00:00
in
{
2023-09-10 09:01:00 +00:00
options = {
services.buildbot-nix.worker = {
enable = lib.mkEnableOption "buildbot-worker";
package = lib.mkOption {
2023-09-10 11:51:24 +00:00
type = lib.types.package;
2023-09-10 09:01:00 +00:00
default = pkgs.buildbot-worker;
defaultText = "pkgs.buildbot-worker";
description = "The buildbot-worker package to use.";
};
coordinatorUrl = lib.mkOption {
2023-09-10 09:01:00 +00:00
type = lib.types.str;
default = "tcp:host=localhost:port=9989";
description = "The buildbot coordinator url.";
2023-09-10 09:01:00 +00:00
};
workerPasswordFile = lib.mkOption {
2023-10-27 07:58:10 +00:00
type = lib.types.path;
2023-09-10 09:01:00 +00:00
description = "The buildbot worker password file.";
};
};
2023-09-10 08:11:56 +00:00
};
2023-09-10 11:51:24 +00:00
config = lib.mkIf cfg.enable {
nix.settings.extra-allowed-users = [ "buildbot-worker" ];
2023-11-04 11:29:35 +00:00
# Allow buildbot-worker to create gcroots
systemd.tmpfiles.rules = [
"d /nix/var/nix/gcroots/per-user/${config.users.users.buildbot-worker.name} 0755 ${config.users.users.buildbot-worker.name} root - -"
];
2023-09-10 09:01:00 +00:00
users.users.buildbot-worker = {
description = "Buildbot Worker User.";
isSystemUser = true;
createHome = true;
inherit home;
group = "buildbot-worker";
useDefaultShell = true;
};
users.groups.buildbot-worker = { };
2023-09-10 08:11:56 +00:00
2023-09-10 09:01:00 +00:00
systemd.services.buildbot-worker = {
reloadIfChanged = true;
description = "Buildbot Worker.";
after = [ "network.target" "buildbot-master.service" ];
wantedBy = [ "multi-user.target" ];
path = [
pkgs.git
pkgs.openssh
pkgs.nix
2023-10-15 09:26:09 +00:00
pkgs.nix-eval-jobs
2023-09-10 09:01:00 +00:00
];
environment.PYTHONPATH = "${python.withPackages (_: [cfg.package])}/${python.sitePackages}";
environment.MASTER_URL = cfg.coordinatorUrl;
2023-09-10 09:01:00 +00:00
environment.BUILDBOT_DIR = buildbotDir;
2023-09-10 08:11:56 +00:00
2023-09-10 09:01:00 +00:00
serviceConfig = {
# We rather want the CI job to fail on OOM than to have a broken buildbot worker.
# Otherwise we might end up restarting the worker and the same job is run again.
OOMPolicy = "continue";
LoadCredential = [ "worker-password-file:${cfg.workerPasswordFile}" ];
Environment = [ "WORKER_PASSWORD_FILE=%d/worker-password-file" ];
2023-09-10 09:01:00 +00:00
Type = "simple";
User = "buildbot-worker";
Group = "buildbot-worker";
WorkingDirectory = "/var/lib/buildbot-worker";
2023-09-10 08:11:56 +00:00
2023-09-10 09:01:00 +00:00
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
ExecReload = "+${config.systemd.package}/bin/systemd-run --on-active=60 ${config.systemd.package}/bin/systemctl restart buildbot-worker";
2023-09-10 11:16:33 +00:00
ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix}/worker.py";
2023-09-10 09:01:00 +00:00
};
2023-09-10 08:11:56 +00:00
};
};
}