Compare commits

...

2 commits

Author SHA1 Message Date
f4588aff2b feat: listen on Gerrit events and rewrite them as generic VCS events
This introduces the private SSH key for Gerrit event streaming.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 01:25:53 +01:00
90038e80a2 fix: do not propagate rabbitmq-password to all nodes
This was a mistake.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 00:25:54 +01:00
5 changed files with 35 additions and 12 deletions

View file

@ -749,11 +749,11 @@
"ofborg": { "ofborg": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1734205511, "lastModified": 1734308727,
"narHash": "sha256-yyQ05iZ5OsSM68JAqFmLHcrvtQfKQfl5iKHEMUvC+wI=", "narHash": "sha256-/bJhMZQ5VSblvgqAR9hSLwdm5pxenn/UMY8pDDVSquI=",
"ref": "refs/heads/vcs-generalization", "ref": "refs/heads/vcs-generalization",
"rev": "3af7e6976b995037132f971c6af78e00096ca9dd", "rev": "7bcc8fa584c66f317923337658974c0525e5779f",
"revCount": 1487, "revCount": 1495,
"type": "git", "type": "git",
"url": "https://git.lix.systems/the-distro/ofborg.git" "url": "https://git.lix.systems/the-distro/ofborg.git"
}, },

View file

@ -39,9 +39,17 @@
postgres.enable = true; postgres.enable = true;
ofborg = { ofborg = {
rabbitmq.enable = true; rabbitmq.enable = true;
mass-rebuilder.enable = true;
pastebin.enable = true; pastebin.enable = true;
builder.enable = true; # TODO: statcheck.enable = true;
mass-rebuilder.enable = true;
# TODO: enable once ready.
builder.enable = false;
gerrit-event-streamer.enable = true;
gerrit-generic-vcs-filter.enable = true;
# FIXME: plug into our prometheus stack.
stats.enable = true; stats.enable = true;
}; };
}; };

View file

@ -47,6 +47,7 @@ let
postgres-ca-priv = [ machines.bagel-box ]; postgres-ca-priv = [ machines.bagel-box ];
postgres-tls-priv = [ machines.bagel-box ]; postgres-tls-priv = [ machines.bagel-box ];
rabbitmq-password = [ machines.bagel-box ]; rabbitmq-password = [ machines.bagel-box ];
gerrit-event-listener-ssh-key = [ machines.bagel-box ];
newsletter-secrets = [ machines.public01 ]; newsletter-secrets = [ machines.public01 ];
s3-revproxy-api-keys = [ machines.public01 ]; s3-revproxy-api-keys = [ machines.public01 ];

Binary file not shown.

View file

@ -1,7 +1,7 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
inherit (lib) mkIf mkMerge; inherit (lib) mkIf mkMerge optional hasAttr;
cfg = config.bagel.services.ofborg; cfg = config.bagel.services.ofborg;
amqpHost = "amqp.forkos.org"; amqpHost = "amqp.forkos.org";
@ -18,8 +18,14 @@ let
# TODO: more hardening. # TODO: more hardening.
StateDirectory = "ofborg"; StateDirectory = "ofborg";
LogsDirectory = "ofborg"; LogsDirectory = "ofborg";
RuntimeDirectory = "ofborg";
WorkingDirectory = "/var/lib/ofborg"; WorkingDirectory = "/var/lib/ofborg";
LoadCredential = [ "rabbitmq-password:${config.age.secrets.rabbitmq-password.path}" ]; LoadCredential =
optional (hasAttr "rabbitmq-password" config.age.secrets) "rabbitmq-password:${config.age.secrets.rabbitmq-password.path}"
++ optional (hasAttr "gerrit-event-listener-ssh-key" config.age.secrets) "gerrit-ssh-key:${config.age.secrets.gerrit-event-listener-ssh-key.path}";
Environment = [
"XDG_STATE_HOME=/run/ofborg"
];
}; };
}; };
in { in {
@ -31,7 +37,8 @@ in {
mass-rebuilder.enable = mkEnableOption "ofborg evaluator worker for mass rebuilds jobs"; mass-rebuilder.enable = mkEnableOption "ofborg evaluator worker for mass rebuilds jobs";
stats.enable = mkEnableOption "ofborg prometheus worker"; stats.enable = mkEnableOption "ofborg prometheus worker";
gerrit-events-streamer.enable = mkEnableOption "ofborg's Gerrit event streamer"; gerrit-event-streamer.enable = mkEnableOption "ofborg's Gerrit event streamer";
gerrit-generic-vcs-filter.enable = mkEnableOption "ofborg's Gerrit event transformer to generic VCS events";
package = mkPackageOption pkgs "ofborg" { }; package = mkPackageOption pkgs "ofborg" { };
@ -42,7 +49,6 @@ in {
config = mkMerge [ config = mkMerge [
{ {
age.secrets.rabbitmq-password.file = ../../secrets/floral/rabbitmq-password.age;
# TODO: move this to global. # TODO: move this to global.
bagel.services.ofborg.settings = { bagel.services.ofborg.settings = {
rabbitmq = { rabbitmq = {
@ -84,12 +90,14 @@ in {
vcs = "Gerrit"; vcs = "Gerrit";
gerrit = { gerrit = {
instance_uri = "cl.forkos.org"; instance_uri = "cl.forkos.org";
username = "ofborg-event-listener";
ssh_private_key_file = "$CREDENTIALS_DIRECTORY/gerrit-ssh-key"; ssh_private_key_file = "$CREDENTIALS_DIRECTORY/gerrit-ssh-key";
ssh_port = 29418; ssh_port = 29418;
}; };
}; };
} }
(mkIf cfg.rabbitmq.enable { (mkIf cfg.rabbitmq.enable {
age.secrets.rabbitmq-password.file = ../../secrets/floral/rabbitmq-password.age;
services.nginx.enable = true; services.nginx.enable = true;
services.rabbitmq = { services.rabbitmq = {
enable = true; enable = true;
@ -117,8 +125,14 @@ in {
(mkIf cfg.statcheck-worker.enable { (mkIf cfg.statcheck-worker.enable {
systemd.services.ofborg-statcheck-worker = mkOfborgWorker "statcheck-worker" { }; systemd.services.ofborg-statcheck-worker = mkOfborgWorker "statcheck-worker" { };
}) })
(mkIf cfg.gerrit-events-streamer.enable { (mkIf cfg.gerrit-event-streamer.enable {
systemd.services.ofborg-gerrit-streamer = mkOfborgWorker "gerrit-events-streamer" { }; age.secrets.gerrit-event-listener-ssh-key.file = ../../secrets/floral/gerrit-event-listener-ssh-key.age;
systemd.services.ofborg-gerrit-event-streamer = mkOfborgWorker "gerrit-event-streamer" {
path = [ pkgs.openssh ];
};
})
(mkIf cfg.gerrit-generic-vcs-filter.enable {
systemd.services.ofborg-gerrit-generic-vcs-filter = mkOfborgWorker "gerrit-generic-vcs-filter" { };
}) })
(mkIf cfg.mass-rebuilder.enable { (mkIf cfg.mass-rebuilder.enable {
systemd.services.ofborg-mass-rebuilder = mkOfborgWorker "mass-rebuilder" { }; systemd.services.ofborg-mass-rebuilder = mkOfborgWorker "mass-rebuilder" { };