chore(origins): expose in a cuter way allowed origins

Worked around in our original deployment, here's a nicer way to set it.

Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
raito 2024-07-19 19:24:33 +02:00 committed by Jade Lovelace
parent 7102157055
commit bd8c11ed1e
2 changed files with 12 additions and 1 deletions

View file

@ -771,6 +771,7 @@ class GerritNixConfigurator(ConfiguratorBase):
gerrit_sshkey_path: str, gerrit_sshkey_path: str,
projects: list[str], projects: list[str],
url: str, url: str,
allowed_origins: list[str],
nix_supported_systems: list[str], nix_supported_systems: list[str],
nix_eval_worker_count: int | None, nix_eval_worker_count: int | None,
nix_eval_max_memory_size: int, nix_eval_max_memory_size: int,
@ -781,6 +782,7 @@ class GerritNixConfigurator(ConfiguratorBase):
auth_method: AuthBase | None = None, auth_method: AuthBase | None = None,
) -> None: ) -> None:
super().__init__() super().__init__()
self.allowed_origins = allowed_origins
self.gerrit_server = gerrit_server self.gerrit_server = gerrit_server
self.gerrit_user = gerrit_user self.gerrit_user = gerrit_user
self.gerrit_port = gerrit_port self.gerrit_port = gerrit_port
@ -815,7 +817,9 @@ class GerritNixConfigurator(ConfiguratorBase):
config.setdefault("projects", []) config.setdefault("projects", [])
config.setdefault("secretsProviders", []) config.setdefault("secretsProviders", [])
config.setdefault("www", {}) config.setdefault("www", {
'allowed_origins': self.allowed_origins
})
for item in worker_config: for item in worker_config:
cores = item.get("cores", 0) cores = item.get("cores", 0)

View file

@ -51,6 +51,12 @@ in
example = "buildbot.numtide.com"; example = "buildbot.numtide.com";
}; };
allowedOrigins = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Allowed origins for buildbot";
example = [ "*.mydomain.com" ];
};
signingKeyFile = lib.mkOption { signingKeyFile = lib.mkOption {
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
description = "A path to a Nix signing key"; description = "A path to a Nix signing key";
@ -182,6 +188,7 @@ in
"${toString cfg.gerrit.port}", "${toString cfg.gerrit.port}",
"${cfg.gerrit.privateKeyFile}", "${cfg.gerrit.privateKeyFile}",
projects=${builtins.toJSON cfg.gerrit.projects}, projects=${builtins.toJSON cfg.gerrit.projects},
allowed_origins=${builtins.toJSON cfg.allowedOrigins},
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl}, url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize}, nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount}, nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},