fix(buildbot): bring back the old Gerrit reporting

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

flake.lock

@@ -87,16 +87,16 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1728307353,
-        "narHash": "sha256-eVSDu52qZn48c1HfDlH79JkDIzuE7qyY0ipPMbrpYzE=",
-        "ref": "refs/heads/forkos",
-        "rev": "60860d308404efc14cff66513f9e8e4a002756c3",
-        "revCount": 299,
+        "lastModified": 1728837991,
+        "narHash": "sha256-+jXVHPmX9eUtH2JhMKye0Tm2KMQTmD8FlHHfbcaXMOI=",
+        "ref": "refs/heads/bring-back-old-gerrit-reporting",
+        "rev": "879e9cdcdf2d7e6566ee512d015acc4d23f35517",
+        "revCount": 302,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
       },
       "original": {
-        "ref": "refs/heads/forkos",
+        "ref": "refs/heads/bring-back-old-gerrit-reporting",
         "type": "git",
         "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
       }

flake.nix

@@ -22,7 +22,7 @@
     gerrit-dashboard.url = "git+https://git.lix.systems/the-distro/gerrit-monitoring.git";
     gerrit-dashboard.flake = false;
 
-    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/forkos";
+    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/bring-back-old-gerrit-reporting";
     buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
 
     channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";

hosts/buildbot-lix/default.nix

@@ -38,7 +38,9 @@
       port = 2022;
       username = "buildbot";
     };
-    cors.allowedOrigin = "*.lix.systems";
+    cors.allowedOrigins = [
+      "https://*.lix.systems"
+    ];
     projects = [
       "lix"
       "lix-installer"

hosts/buildbot/default.nix

@@ -36,13 +36,15 @@
         port = cfgGerrit.port;
         username = "buildbot";
       };
-    cors.allowedOrigin = "*.forkos.org";
+    cors.allowedOrigins = [
+      "https://*.forkos.org"
+    ];
     projects = [
       "buildbot-test"
       "nixpkgs"
       "infra"
     ];
-    builders = [ "builder-10" ];
+    builders = [ "builder-9" ];
   };
 
   i18n.defaultLocale = "en_US.UTF-8";

services/buildbot/default.nix

@@ -53,9 +53,9 @@ in
       };
     };
 
-    cors.allowedOrigin = mkOption {
-      type = types.str;
-      example = "*.forkos.org";
+    cors.allowedOrigins = mkOption {
+      type = types.listOf types.str;
+      example = [ "*.forkos.org" ];
       description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
     };
 
@@ -100,6 +100,7 @@ in
     };
 
     services.nginx = {
+      recommendedProxySettings = true;
       appendHttpConfig = ''
         # Our session stuff is too big with the TWISTED_COOKIE in addition.
         # Default is usually 4k or 8k.
@@ -109,8 +110,8 @@ in
         forceSSL = true;
         enableACME = true;
         extraConfig = ''
+          # This is needed so that logged-in users in Buildbot can include their credentials in their requests.
           add_header Access-Control-Allow-Credentials 'true' always;
-          add_header Access-Control-Allow-Origin 'https://${cfg.cors.allowedOrigin}' always;
         '';
       };
     };
@@ -155,9 +156,8 @@ in
       # we can replace all of this with automatic localworker generation on buildbot-nix side.
       workersFile = config.age.secrets.buildbot-workers.path;
 
-      allowedOrigins = [
-        cfg.cors.allowedOrigin
-      ];
+      # We rely on NGINX to do the CORS dance.
+      allowedOrigins = cfg.cors.allowedOrigins;
 
       buildMachines = map (n: {
           hostName = nodes.${n}.config.networking.fqdn;