buildbot: various fixes for our deployments #143
12
flake.lock
12
flake.lock
|
@ -87,16 +87,16 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728307353,
|
"lastModified": 1728837991,
|
||||||
"narHash": "sha256-eVSDu52qZn48c1HfDlH79JkDIzuE7qyY0ipPMbrpYzE=",
|
"narHash": "sha256-+jXVHPmX9eUtH2JhMKye0Tm2KMQTmD8FlHHfbcaXMOI=",
|
||||||
"ref": "refs/heads/forkos",
|
"ref": "refs/heads/bring-back-old-gerrit-reporting",
|
||||||
"rev": "60860d308404efc14cff66513f9e8e4a002756c3",
|
"rev": "879e9cdcdf2d7e6566ee512d015acc4d23f35517",
|
||||||
"revCount": 299,
|
"revCount": 302,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"ref": "refs/heads/forkos",
|
"ref": "refs/heads/bring-back-old-gerrit-reporting",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
gerrit-dashboard.url = "git+https://git.lix.systems/the-distro/gerrit-monitoring.git";
|
gerrit-dashboard.url = "git+https://git.lix.systems/the-distro/gerrit-monitoring.git";
|
||||||
gerrit-dashboard.flake = false;
|
gerrit-dashboard.flake = false;
|
||||||
|
|
||||||
buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/forkos";
|
buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/bring-back-old-gerrit-reporting";
|
||||||
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
|
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";
|
channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";
|
||||||
|
|
|
@ -38,7 +38,9 @@
|
||||||
port = 2022;
|
port = 2022;
|
||||||
username = "buildbot";
|
username = "buildbot";
|
||||||
};
|
};
|
||||||
cors.allowedOrigin = "*.lix.systems";
|
cors.allowedOrigins = [
|
||||||
|
"https://*.lix.systems"
|
||||||
|
];
|
||||||
projects = [
|
projects = [
|
||||||
"lix"
|
"lix"
|
||||||
"lix-installer"
|
"lix-installer"
|
||||||
|
|
|
@ -36,13 +36,15 @@
|
||||||
port = cfgGerrit.port;
|
port = cfgGerrit.port;
|
||||||
username = "buildbot";
|
username = "buildbot";
|
||||||
};
|
};
|
||||||
cors.allowedOrigin = "*.forkos.org";
|
cors.allowedOrigins = [
|
||||||
|
"https://*.forkos.org"
|
||||||
|
];
|
||||||
projects = [
|
projects = [
|
||||||
"buildbot-test"
|
"buildbot-test"
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
"infra"
|
"infra"
|
||||||
];
|
];
|
||||||
builders = [ "builder-10" ];
|
builders = [ "builder-9" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
|
@ -53,9 +53,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
cors.allowedOrigin = mkOption {
|
cors.allowedOrigins = mkOption {
|
||||||
type = types.str;
|
type = types.listOf types.str;
|
||||||
example = "*.forkos.org";
|
example = [ "*.forkos.org" ];
|
||||||
description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
|
description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -100,6 +100,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
recommendedProxySettings = true;
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
# Our session stuff is too big with the TWISTED_COOKIE in addition.
|
# Our session stuff is too big with the TWISTED_COOKIE in addition.
|
||||||
# Default is usually 4k or 8k.
|
# Default is usually 4k or 8k.
|
||||||
|
@ -109,8 +110,8 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
# This is needed so that logged-in users in Buildbot can include their credentials in their requests.
|
||||||
add_header Access-Control-Allow-Credentials 'true' always;
|
add_header Access-Control-Allow-Credentials 'true' always;
|
||||||
add_header Access-Control-Allow-Origin 'https://${cfg.cors.allowedOrigin}' always;
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -155,9 +156,8 @@ in
|
||||||
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
||||||
workersFile = config.age.secrets.buildbot-workers.path;
|
workersFile = config.age.secrets.buildbot-workers.path;
|
||||||
|
|
||||||
allowedOrigins = [
|
# We rely on NGINX to do the CORS dance.
|
||||||
cfg.cors.allowedOrigin
|
allowedOrigins = cfg.cors.allowedOrigins;
|
||||||
];
|
|
||||||
|
|
||||||
buildMachines = map (n: {
|
buildMachines = map (n: {
|
||||||
hostName = nodes.${n}.config.networking.fqdn;
|
hostName = nodes.${n}.config.networking.fqdn;
|
||||||
|
|
Loading…
Reference in a new issue