diff --git a/buildbot_nix/master.py b/buildbot_nix/master.py index 926ebb2..51a7cc1 100644 --- a/buildbot_nix/master.py +++ b/buildbot_nix/master.py @@ -40,7 +40,6 @@ GITHUB_WEBHOOK_SECRET = read_secret_file("github-webhook-secret") # Shape of this file: # [ { "name": "", "pass": "", "cores": "" } ] BUILDBOT_NIX_WORKERS = read_secret_file("buildbot-nix-workers") -REPO_FOR_FLAKE_UPDATE = os.environ["REPO_FOR_FLAKE_UPDATE"] BUILDBOT_URL = os.environ["BUILDBOT_URL"] BUILDBOT_GITHUB_USER = os.environ["BUILDBOT_GITHUB_USER"] NIX_SUPPORTED_SYSTEMS = os.environ["NIX_SUPPORTED_SYSTEMS"].split(" ") diff --git a/examples/default.nix b/examples/default.nix index 50aa6b6..e418172 100644 --- a/examples/default.nix +++ b/examples/default.nix @@ -1,31 +1,48 @@ -{ nixpkgs, system, buildbot-nix, ... }: +{ nixpkgs, system, srvos, buildbot-nix, disko, ... }: let # some example configuration to make it eval dummy = { config, modulesPath, ... }: { - networking.hostName = "example-common"; - system.stateVersion = config.system.nixos.version; - users.users.root.initialPassword = "fnord23"; - boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ]; - fileSystems."/".device = lib.mkDefault "/dev/sda"; + imports = [ + #srvos.nixosModules.server + #srvos.nixosModules.hardware-hetzner-cloud + disko.nixosModules.disko + ./disko.nix + "${modulesPath}/profiles/qemu-guest.nix" + ]; + config = { + networking.hostName = "example-common"; + system.stateVersion = config.system.nixos.version; + services.openssh.enable = true; + users.users.root.initialPassword = "fnord23"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" + ]; + + #users.users.root.initialPassword = "fnord23"; + #boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ]; + #fileSystems."/".device = lib.mkDefault "/dev/sda"; + + #systemd.network.networks."10-uplink".networkConfig.Address = [ "2a01:4f9:c012:539b::/64" ]; + }; }; inherit (nixpkgs) lib; inherit (lib) nixosSystem; in { - example-master = lib.makeOverridable nixosSystem { + example-master = nixosSystem { inherit system; modules = [ dummy - { + { services.buildbot-nix.master = { - enable = true; + enable = true; url = "https://buildbot.thalheim.io"; - workersFile = "/home/mic92/buildbot-nix/workers.json"; + workersFile = "/var/lib/secrets/buildbot-nix/workers.json"; github = { - tokenFile = "/home/mic92/git/buildbot-nix/github-token"; - webhookSecretFile = "/home/mic92/buildbot-nix/github-webhook-secret"; - oauthSecretFile = "/home/mic92/buildbot-nix/github-oauth-secret"; + tokenFile = "/var/lib/secrets/buildbot-nix/github-token"; + webhookSecretFile = "/var/lib/secrets/buildbot-nix/github-webhook-secret"; + oauthSecretFile = "/var/lib/secrets/buildbot-nix/github-oauth-secret"; oauthId = "2516248ec6289e4d9818122cce0cbde39e4b788d"; githubUser = "mic92-buildbot"; githubAdmins = [ "Mic92" ]; @@ -35,14 +52,14 @@ in buildbot-nix.nixosModules.buildbot-master ]; }; - example-worker = lib.makeOverridable nixosSystem { + example-worker = nixosSystem { inherit system; modules = [ dummy - { + { services.buildbot-nix.worker = { enable = true; - workerPasswordFile = "/home/mic92/buildbot-nix/worker-password"; + workerPasswordFile = "/var/lib/secrets/buildbot-nix/worker-password"; }; } buildbot-nix.nixosModules.buildbot-worker diff --git a/examples/disko.nix b/examples/disko.nix new file mode 100644 index 0000000..d3c6768 --- /dev/null +++ b/examples/disko.nix @@ -0,0 +1,35 @@ +{ + disko.devices.disk.sda = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "grub"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index ece0b01..b8e5bc3 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694266353, + "narHash": "sha256-NutPFFKc5FK05zq8JYm8quBKJ93goYowxjW/FKcXAdI=", + "owner": "nix-community", + "repo": "disko", + "rev": "f9907fcf6df79a76ea7e3a3afe9340a672cb9c6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -54,8 +74,30 @@ }, "root": { "inputs": { + "disko": "disko", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694049767, + "narHash": "sha256-/S1mbeHO1JAV0hIBK8b92lBw2V34oPfhYPzXr73JCy4=", + "owner": "numtide", + "repo": "srvos", + "rev": "6a824ca672288a6c8e4b8ade835f01b7b25fca2c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 1e8b57a..3dfd5eb 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,14 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; }; - outputs = inputs@{ self, flake-parts, ... }: + outputs = inputs@{ self, srvos, flake-parts, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ lib, ... }: { systems = [ "x86_64-linux" ]; flake = { @@ -15,7 +19,7 @@ nixosModules.buildbot-worker = ./nix/worker.nix; nixosConfigurations = import ./examples { - inherit (inputs) nixpkgs; + inherit (inputs) nixpkgs srvos disko; buildbot-nix = self; system = "x86_64-linux"; }; diff --git a/nix/master.nix b/nix/master.nix index 24fbafb..94baa0c 100644 --- a/nix/master.nix +++ b/nix/master.nix @@ -80,7 +80,7 @@ in config = lib.mkIf cfg.enable { services.buildbot-master = { enable = true; - masterCfg = "${../buildbot_nix/master.py}"; + masterCfg = "${../buildbot_nix}/master.py"; dbUrl = config.services.buildbot-nix.master.dbUrl; pythonPackages = ps: [ ps.requests diff --git a/nix/worker.nix b/nix/worker.nix index 9c70e59..c024961 100644 --- a/nix/worker.nix +++ b/nix/worker.nix @@ -67,7 +67,7 @@ in # Restart buildbot with a delay. This time way we can use buildbot to deploy itself. ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker"; - ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix/worker.py}"; + ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix}/worker.py"; }; }; };