Compare commits
2 commits
665a750e35
...
f4588aff2b
Author | SHA1 | Date | |
---|---|---|---|
f4588aff2b | |||
90038e80a2 |
5 changed files with 35 additions and 12 deletions
|
@ -749,11 +749,11 @@
|
||||||
"ofborg": {
|
"ofborg": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734205511,
|
"lastModified": 1734308727,
|
||||||
"narHash": "sha256-yyQ05iZ5OsSM68JAqFmLHcrvtQfKQfl5iKHEMUvC+wI=",
|
"narHash": "sha256-/bJhMZQ5VSblvgqAR9hSLwdm5pxenn/UMY8pDDVSquI=",
|
||||||
"ref": "refs/heads/vcs-generalization",
|
"ref": "refs/heads/vcs-generalization",
|
||||||
"rev": "3af7e6976b995037132f971c6af78e00096ca9dd",
|
"rev": "7bcc8fa584c66f317923337658974c0525e5779f",
|
||||||
"revCount": 1487,
|
"revCount": 1495,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/the-distro/ofborg.git"
|
"url": "https://git.lix.systems/the-distro/ofborg.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -39,9 +39,17 @@
|
||||||
postgres.enable = true;
|
postgres.enable = true;
|
||||||
ofborg = {
|
ofborg = {
|
||||||
rabbitmq.enable = true;
|
rabbitmq.enable = true;
|
||||||
mass-rebuilder.enable = true;
|
|
||||||
pastebin.enable = true;
|
pastebin.enable = true;
|
||||||
builder.enable = true;
|
# TODO: statcheck.enable = true;
|
||||||
|
|
||||||
|
mass-rebuilder.enable = true;
|
||||||
|
# TODO: enable once ready.
|
||||||
|
builder.enable = false;
|
||||||
|
|
||||||
|
gerrit-event-streamer.enable = true;
|
||||||
|
gerrit-generic-vcs-filter.enable = true;
|
||||||
|
|
||||||
|
# FIXME: plug into our prometheus stack.
|
||||||
stats.enable = true;
|
stats.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -47,6 +47,7 @@ let
|
||||||
postgres-ca-priv = [ machines.bagel-box ];
|
postgres-ca-priv = [ machines.bagel-box ];
|
||||||
postgres-tls-priv = [ machines.bagel-box ];
|
postgres-tls-priv = [ machines.bagel-box ];
|
||||||
rabbitmq-password = [ machines.bagel-box ];
|
rabbitmq-password = [ machines.bagel-box ];
|
||||||
|
gerrit-event-listener-ssh-key = [ machines.bagel-box ];
|
||||||
|
|
||||||
newsletter-secrets = [ machines.public01 ];
|
newsletter-secrets = [ machines.public01 ];
|
||||||
s3-revproxy-api-keys = [ machines.public01 ];
|
s3-revproxy-api-keys = [ machines.public01 ];
|
||||||
|
|
BIN
secrets/floral/gerrit-event-listener-ssh-key.age
Normal file
BIN
secrets/floral/gerrit-event-listener-ssh-key.age
Normal file
Binary file not shown.
|
@ -1,7 +1,7 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mkIf mkMerge;
|
inherit (lib) mkIf mkMerge optional hasAttr;
|
||||||
cfg = config.bagel.services.ofborg;
|
cfg = config.bagel.services.ofborg;
|
||||||
|
|
||||||
amqpHost = "amqp.forkos.org";
|
amqpHost = "amqp.forkos.org";
|
||||||
|
@ -18,8 +18,14 @@ let
|
||||||
# TODO: more hardening.
|
# TODO: more hardening.
|
||||||
StateDirectory = "ofborg";
|
StateDirectory = "ofborg";
|
||||||
LogsDirectory = "ofborg";
|
LogsDirectory = "ofborg";
|
||||||
|
RuntimeDirectory = "ofborg";
|
||||||
WorkingDirectory = "/var/lib/ofborg";
|
WorkingDirectory = "/var/lib/ofborg";
|
||||||
LoadCredential = [ "rabbitmq-password:${config.age.secrets.rabbitmq-password.path}" ];
|
LoadCredential =
|
||||||
|
optional (hasAttr "rabbitmq-password" config.age.secrets) "rabbitmq-password:${config.age.secrets.rabbitmq-password.path}"
|
||||||
|
++ optional (hasAttr "gerrit-event-listener-ssh-key" config.age.secrets) "gerrit-ssh-key:${config.age.secrets.gerrit-event-listener-ssh-key.path}";
|
||||||
|
Environment = [
|
||||||
|
"XDG_STATE_HOME=/run/ofborg"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
@ -31,7 +37,8 @@ in {
|
||||||
mass-rebuilder.enable = mkEnableOption "ofborg evaluator worker for mass rebuilds jobs";
|
mass-rebuilder.enable = mkEnableOption "ofborg evaluator worker for mass rebuilds jobs";
|
||||||
stats.enable = mkEnableOption "ofborg prometheus worker";
|
stats.enable = mkEnableOption "ofborg prometheus worker";
|
||||||
|
|
||||||
gerrit-events-streamer.enable = mkEnableOption "ofborg's Gerrit event streamer";
|
gerrit-event-streamer.enable = mkEnableOption "ofborg's Gerrit event streamer";
|
||||||
|
gerrit-generic-vcs-filter.enable = mkEnableOption "ofborg's Gerrit event transformer to generic VCS events";
|
||||||
|
|
||||||
package = mkPackageOption pkgs "ofborg" { };
|
package = mkPackageOption pkgs "ofborg" { };
|
||||||
|
|
||||||
|
@ -42,7 +49,6 @@ in {
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
{
|
{
|
||||||
age.secrets.rabbitmq-password.file = ../../secrets/floral/rabbitmq-password.age;
|
|
||||||
# TODO: move this to global.
|
# TODO: move this to global.
|
||||||
bagel.services.ofborg.settings = {
|
bagel.services.ofborg.settings = {
|
||||||
rabbitmq = {
|
rabbitmq = {
|
||||||
|
@ -84,12 +90,14 @@ in {
|
||||||
vcs = "Gerrit";
|
vcs = "Gerrit";
|
||||||
gerrit = {
|
gerrit = {
|
||||||
instance_uri = "cl.forkos.org";
|
instance_uri = "cl.forkos.org";
|
||||||
|
username = "ofborg-event-listener";
|
||||||
ssh_private_key_file = "$CREDENTIALS_DIRECTORY/gerrit-ssh-key";
|
ssh_private_key_file = "$CREDENTIALS_DIRECTORY/gerrit-ssh-key";
|
||||||
ssh_port = 29418;
|
ssh_port = 29418;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
(mkIf cfg.rabbitmq.enable {
|
(mkIf cfg.rabbitmq.enable {
|
||||||
|
age.secrets.rabbitmq-password.file = ../../secrets/floral/rabbitmq-password.age;
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
services.rabbitmq = {
|
services.rabbitmq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -117,8 +125,14 @@ in {
|
||||||
(mkIf cfg.statcheck-worker.enable {
|
(mkIf cfg.statcheck-worker.enable {
|
||||||
systemd.services.ofborg-statcheck-worker = mkOfborgWorker "statcheck-worker" { };
|
systemd.services.ofborg-statcheck-worker = mkOfborgWorker "statcheck-worker" { };
|
||||||
})
|
})
|
||||||
(mkIf cfg.gerrit-events-streamer.enable {
|
(mkIf cfg.gerrit-event-streamer.enable {
|
||||||
systemd.services.ofborg-gerrit-streamer = mkOfborgWorker "gerrit-events-streamer" { };
|
age.secrets.gerrit-event-listener-ssh-key.file = ../../secrets/floral/gerrit-event-listener-ssh-key.age;
|
||||||
|
systemd.services.ofborg-gerrit-event-streamer = mkOfborgWorker "gerrit-event-streamer" {
|
||||||
|
path = [ pkgs.openssh ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(mkIf cfg.gerrit-generic-vcs-filter.enable {
|
||||||
|
systemd.services.ofborg-gerrit-generic-vcs-filter = mkOfborgWorker "gerrit-generic-vcs-filter" { };
|
||||||
})
|
})
|
||||||
(mkIf cfg.mass-rebuilder.enable {
|
(mkIf cfg.mass-rebuilder.enable {
|
||||||
systemd.services.ofborg-mass-rebuilder = mkOfborgWorker "mass-rebuilder" { };
|
systemd.services.ofborg-mass-rebuilder = mkOfborgWorker "mass-rebuilder" { };
|
||||||
|
|
Loading…
Reference in a new issue