buildbot: upgrade to local machine specifications
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
parent
25feb3c9f1
commit
8afcf249d6
|
@ -64,11 +64,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721229951,
|
||||
"narHash": "sha256-RO7jlz2T0h9l7Hmij6Iy3qdYps33wDuAoBMQ21ROvyw=",
|
||||
"lastModified": 1721297738,
|
||||
"narHash": "sha256-xkNu7G/ejwrz7P4NNu7cF2L1pQqh+XZMeUaKvF/tZKY=",
|
||||
"ref": "refs/heads/refactor",
|
||||
"rev": "8286c1028b2a69ee72680dc06d26bd80665ce02a",
|
||||
"revCount": 262,
|
||||
"rev": "4ad5459da867bba670c5e9cb89e159820663dc07",
|
||||
"revCount": 265,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
||||
},
|
||||
|
|
|
@ -76,16 +76,33 @@ in
|
|||
tokenUri = "https://identity.lix.systems/realms/lix-project/protocol/openid-connect/token";
|
||||
};
|
||||
|
||||
# TODO(raito): this is not really necessary, we never have remote buildbot workers.
|
||||
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
||||
workersFile = config.age.secrets.buildbot-workers.path;
|
||||
|
||||
allowedOrigins = [
|
||||
"*.forkos.org"
|
||||
];
|
||||
|
||||
# TODO(raito): is that really necessary when we can just collect buildMachines' systems?
|
||||
buildSystems = [
|
||||
"x86_64-linux"
|
||||
];
|
||||
|
||||
buildMachines = map (n: {
|
||||
hostName = nodes.${n}.config.networking.fqdn;
|
||||
protocol = "ssh-ng";
|
||||
# Follows Hydra.
|
||||
maxJobs = 8;
|
||||
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
|
||||
sshUser = "buildbot";
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
|
||||
# Contrary to how Nix works, here we can specify non-base64 public host keys.
|
||||
publicHostKey = ssh-keys.machines.${n};
|
||||
}
|
||||
) cfg.builders;
|
||||
|
||||
gerrit = {
|
||||
domain = cfgGerrit.canonicalDomain;
|
||||
# Manually managed account…
|
||||
|
@ -106,28 +123,6 @@ in
|
|||
signingKeyFile = config.age.secrets.buildbot-signing-key.path;
|
||||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
nix.buildMachines = map (n: {
|
||||
hostName = nodes.${n}.config.networking.fqdn;
|
||||
protocol = "ssh-ng";
|
||||
# Follows Hydra.
|
||||
maxJobs = 8;
|
||||
sshKey = config.age.secrets.buildbot-remote-builder-key.path;
|
||||
sshUser = "buildbot";
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = nodes.${n}.config.nix.settings.system-features;
|
||||
# TODO: fix it, see the Hydra file about it.
|
||||
# IFD already exist in NixOS, so it's fine, I guess.
|
||||
publicHostKey = builtins.readFile (pkgs.runCommandLocal "in-the-right-form" {
|
||||
buildInputs = [
|
||||
pkgs.coreutils
|
||||
];
|
||||
} ''
|
||||
echo -n '${ssh-keys.machines.${n}}' | base64 -w0 > $out
|
||||
'');
|
||||
}
|
||||
) cfg.builders;
|
||||
|
||||
nix.settings.keep-derivations = true;
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
|
|
Loading…
Reference in a new issue