From 164ba3b014cdc239a4993140d7d70de2c82a96dd Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Wed, 17 Jul 2024 15:52:26 +0200 Subject: [PATCH] chore(origins): expose in a cuter way allowed origins Worked around in our original deployment, here's a nicer way to set it. Signed-off-by: Raito Bezarius --- buildbot_nix/__init__.py | 6 +++++- nix/coordinator.nix | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/buildbot_nix/__init__.py b/buildbot_nix/__init__.py index bfddb08..6f2435c 100644 --- a/buildbot_nix/__init__.py +++ b/buildbot_nix/__init__.py @@ -741,6 +741,7 @@ class GerritNixConfigurator(ConfiguratorBase): gerrit_sshkey_path: str, projects: list[str], url: str, + allowed_origins: list[str], nix_supported_systems: list[str], nix_eval_worker_count: int | None, nix_eval_max_memory_size: int, @@ -750,6 +751,7 @@ class GerritNixConfigurator(ConfiguratorBase): auth_method: AuthBase | None = None, ) -> None: super().__init__() + self.allowed_origins = allowed_origins self.gerrit_server = gerrit_server self.gerrit_user = gerrit_user self.gerrit_port = gerrit_port @@ -783,7 +785,9 @@ class GerritNixConfigurator(ConfiguratorBase): config.setdefault("projects", []) config.setdefault("secretsProviders", []) - config.setdefault("www", {}) + config.setdefault("www", { + 'allowed_origins': self.allowed_origins + }) for item in worker_config: cores = item.get("cores", 0) diff --git a/nix/coordinator.nix b/nix/coordinator.nix index ab2e072..4d3bb9b 100644 --- a/nix/coordinator.nix +++ b/nix/coordinator.nix @@ -51,6 +51,12 @@ in example = "buildbot.numtide.com"; }; + allowedOrigins = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Allowed origins for buildbot"; + example = [ "*.mydomain.com" ]; + }; + signingKeyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; description = "A path to a Nix signing key"; @@ -167,6 +173,7 @@ in "${toString cfg.gerrit.port}", "${cfg.gerrit.privateKeyFile}", projects=${builtins.toJSON cfg.gerrit.projects}, + allowed_origins=${builtins.toJSON cfg.allowedOrigins}, url=${builtins.toJSON config.services.buildbot-master.buildbotUrl}, nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize}, nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},