diff --git a/nix/coordinator.nix b/nix/coordinator.nix index 6383d5e..6d2a904 100644 --- a/nix/coordinator.nix +++ b/nix/coordinator.nix @@ -4,12 +4,12 @@ , ... }: let - cfg = config.services.buildbot-nix.master; + cfg = config.services.buildbot-nix.coordinator; in { options = { - services.buildbot-nix.master = { - enable = lib.mkEnableOption "buildbot-master"; + services.buildbot-nix.coordinator = { + enable = lib.mkEnableOption "buildbot-coordinator"; dbUrl = lib.mkOption { type = lib.types.str; default = "postgresql://@/buildbot"; @@ -34,48 +34,6 @@ in description = "Cachix auth token"; }; }; - github = { - tokenFile = lib.mkOption { - type = lib.types.path; - description = "Github token file"; - }; - webhookSecretFile = lib.mkOption { - type = lib.types.path; - description = "Github webhook secret file"; - }; - oauthSecretFile = lib.mkOption { - type = lib.types.path; - description = "Github oauth secret file"; - }; - # TODO: make this an option - # https://github.com/organizations/numtide/settings/applications - # Application name: BuildBot - # Homepage URL: https://buildbot.numtide.com - # Authorization callback URL: https://buildbot.numtide.com/auth/login - # oauth_token: 2516248ec6289e4d9818122cce0cbde39e4b788d - oauthId = lib.mkOption { - type = lib.types.str; - description = "Github oauth id. Used for the login button"; - }; - # Most likely you want to use the same user as for the buildbot - user = lib.mkOption { - type = lib.types.str; - description = "Github user that is used for the buildbot"; - }; - admins = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - description = "Users that are allowed to login to buildbot, trigger builds and change settings"; - }; - topic = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = "build-with-buildbot"; - description = '' - Projects that have this topic will be built by buildbot. - If null, all projects that the buildbot github user has access to, are built. - ''; - }; - }; workersFile = lib.mkOption { type = lib.types.path; description = "File containing a list of nix workers"; @@ -144,7 +102,7 @@ in home = "/var/lib/buildbot"; extraImports = '' from datetime import timedelta - from buildbot_nix import GithubConfig, NixConfigurator, CachixConfig + from buildbot_nix import NixConfigurator, CachixConfig ''; configurators = [ '' @@ -152,18 +110,10 @@ in '' '' NixConfigurator( - github=GithubConfig( - oauth_id=${builtins.toJSON cfg.github.oauthId}, - admins=${builtins.toJSON cfg.github.admins}, - buildbot_user=${builtins.toJSON cfg.github.user}, - topic=${builtins.toJSON cfg.github.topic}, + gerrit=GerritConfig( + ... ), - cachix=${if cfg.cachix.name == null then "None" else "CachixConfig( - name=${builtins.toJSON cfg.cachix.name}, - signing_key_secret_name=${if cfg.cachix.signingKeyFile != null then builtins.toJSON "cachix-signing-key" else "None"}, - auth_token_secret_name=${if cfg.cachix.authTokenFile != null then builtins.toJSON "cachix-auth-token" else "None"}, - )"}, - url=${builtins.toJSON config.services.buildbot-master.buildbotUrl}, + url=${builtins.toJSON config.services.buildbot-coordinator.buildbotUrl}, nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize}, nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount}, nix_supported_systems=${builtins.toJSON cfg.buildSystems}, @@ -177,7 +127,7 @@ in hasSSL = host.forceSSL || host.addSSL; in "${if hasSSL then "https" else "http"}://${cfg.domain}/"; - dbUrl = config.services.buildbot-nix.master.dbUrl; + dbUrl = config.services.buildbot-nix.coordinator.dbUrl; pythonPackages = ps: [ ps.requests ps.treq @@ -193,9 +143,6 @@ in serviceConfig = { # in master.py we read secrets from $CREDENTIALS_DIRECTORY LoadCredential = [ - "github-token:${cfg.github.tokenFile}" - "github-webhook-secret:${cfg.github.webhookSecretFile}" - "github-oauth-secret:${cfg.github.oauthSecretFile}" "buildbot-nix-workers:${cfg.workersFile}" ] ++ lib.optional (cfg.cachix.signingKeyFile != null) @@ -217,14 +164,14 @@ in services.nginx.enable = true; services.nginx.virtualHosts.${cfg.domain} = { locations = { - "/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/"; + "/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/"; "/sse" = { - proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/sse"; + proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/sse"; # proxy buffering will prevent sse to work extraConfig = "proxy_buffering off;"; }; "/ws" = { - proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-master.port}/ws"; + proxyPass = "http://127.0.0.1:${builtins.toString config.services.buildbot-coordinator.port}/ws"; proxyWebsockets = true; # raise the proxy timeout for the websocket extraConfig = "proxy_read_timeout 6000s;"; @@ -234,11 +181,8 @@ in }; }; - systemd.tmpfiles.rules = [ - # delete legacy gcroot location, can be dropped after 2024-06-01 - "R /var/lib/buildbot-worker/gcroot - - - - -" - ] ++ lib.optional (cfg.outputsPath != null) - # Allow buildbot-master to write to this directory + systemd.tmpfiles.rules = lib.optional (cfg.outputsPath != null) + # Allow buildbot-coordinator to write to this directory "d ${cfg.outputsPath} 0755 buildbot buildbot - -"; }; }