lix-project/buildbot-nix
15
0
Fork 0
Code Issues 9 Pull requests 2 Packages Projects Releases Wiki Activity

nix/coordinator: simplify the module

Browse source 
Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
raito 2024-03-02 16:10:47 +01:00
parent 329d9dd6d4
commit beea96da2c
1 changed files with 13 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
nix/coordinator.nix
View file

@ -4,12 +4,12 @@
, ...
}:
let
cfg = config.services.buildbot-nix.master;
cfg = config.services.buildbot-nix.coordinator;
in
{
options = {
services.buildbot-nix.master = {
enable = lib.mkEnableOption "buildbot-master";
services.buildbot-nix.coordinator = {
enable = lib.mkEnableOption "buildbot-coordinator";
dbUrl = lib.mkOption {
type = lib.types.str;
default = "postgresql://@/buildbot";
@ -34,48 +34,6 @@ in
description = "Cachix auth token";
};
};
github = {
tokenFile = lib.mkOption {
type = lib.types.path;
description = "Github token file";
};
webhookSecretFile = lib.mkOption {
type = lib.types.path;
description = "Github webhook secret file";
};
oauthSecretFile = lib.mkOption {
type = lib.types.path;
description = "Github oauth secret file";
};
# TODO: make this an option
# https://github.com/organizations/numtide/settings/applications
# Application name: BuildBot
# Homepage URL: https://buildbot.numtide.com
# Authorization callback URL: https://buildbot.numtide.com/auth/login
# oauth_token: 2516248ec6289e4d9818122cce0cbde39e4b788d
oauthId = lib.mkOption {
type = lib.types.str;
description = "Github oauth id. Used for the login button";
};
# Most likely you want to use the same user as for the buildbot
user = lib.mkOption {
type = lib.types.str;
description = "Github user that is used for the buildbot";
};
admins = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Users that are allowed to login to buildbot, trigger builds and change settings";
};
topic = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = "build-with-buildbot";
description = ''
Projects that have this topic will be built by buildbot.
If null, all projects that the buildbot github user has access to, are built.
'';
};
};
workersFile = lib.mkOption {
type = lib.types.path;
description = "File containing a list of nix workers";
@ -144,7 +102,7 @@ in
home = "/var/lib/buildbot";
extraImports = ''
from datetime import timedelta
from buildbot_nix import GithubConfig, NixConfigurator, CachixConfig
from buildbot_nix import NixConfigurator, CachixConfig
'';
configurators = [
''
@ -152,18 +110,10 @@ in
''
''
NixConfigurator(
github=GithubConfig(
oauth_id=${builtins.toJSON cfg.github.oauthId},
admins=${builtins.toJSON cfg.github.admins},
buildbot_user=${builtins.toJSON cfg.github.user},
topic=${builtins.toJSON cfg.github.topic},
gerrit=GerritConfig(
...
),
cachix=${if cfg.cachix.name == null then "None" else "CachixConfig(
name=${builtins.toJSON cfg.cachix.name},
signing_key_secret_name=${if cfg.cachix.signingKeyFile != null then builtins.toJSON "cachix-signing-key" else "None"},
auth_token_secret_name=${if cfg.cachix.authTokenFile != null then builtins.toJSON "cachix-auth-token" else "None"},
)"},
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
url=${builtins.toJSON config.services.buildbot-coordinator.buildbotUrl},
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},
nix_supported_systems=${builtins.toJSON cfg.buildSystems},
@ -177,7 +127,7 @@ in
hasSSL = host.forceSSL || host.addSSL;
in
"${if hasSSL then "https" else "http"}://${cfg.domain}/";
dbUrl = config.services.buildbot-nix.master.dbUrl;
dbUrl = config.services.buildbot-nix.coordinator.dbUrl;
pythonPackages = ps: [
ps.requests
ps.treq
@ -193,9 +143,6 @@ in
serviceConfig = {
# in master.py we read secrets from $CREDENTIALS_DIRECTORY
LoadCredential = [
"github-token:${cfg.github.tokenFile}"
"github-webhook-secret:${cfg.github.webhookSecretFile}"
"github-oauth-secret:${cfg.github.oauthSecretFile}"
"buildbot-nix-workers:${cfg.workersFile}"
]
++ lib.optional (cfg.cachix.signingKeyFile != null)
@ -217,14 +164,14 @@ in
services.nginx.enable = true;
services.nginx.virtualHosts.${cfg.domain} = {
locations = {
"/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/";
"/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/";
"/sse" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/sse";
proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/sse";
# proxy buffering will prevent sse to work
extraConfig = "proxy_buffering off;";
};
"/ws" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/ws";
proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/ws";
proxyWebsockets = true;
# raise the proxy timeout for the websocket
extraConfig = "proxy_read_timeout 6000s;";
@ -234,11 +181,8 @@ in
};
};
systemd.tmpfiles.rules = [
# delete legacy gcroot location, can be dropped after 2024-06-01
"R /var/lib/buildbot-worker/gcroot - - - - -"
] ++ lib.optional (cfg.outputsPath != null)
# Allow buildbot-master to write to this directory
systemd.tmpfiles.rules = lib.optional (cfg.outputsPath != null)
# Allow buildbot-coordinator to write to this directory
"d ${cfg.outputsPath} 0755 buildbot buildbot - -";
};
}