2024-10-18 23:22:54 +00:00
5 changed files with 21 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@ -87,16 +87,16 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1728307353,
+        "lastModified": 1728837991,
-        "narHash": "sha256-eVSDu52qZn48c1HfDlH79JkDIzuE7qyY0ipPMbrpYzE=",
+        "narHash": "sha256-+jXVHPmX9eUtH2JhMKye0Tm2KMQTmD8FlHHfbcaXMOI=",
-        "ref": "refs/heads/forkos",
+        "ref": "refs/heads/bring-back-old-gerrit-reporting",
-        "rev": "60860d308404efc14cff66513f9e8e4a002756c3",
+        "rev": "879e9cdcdf2d7e6566ee512d015acc4d23f35517",
-        "revCount": 299,
+        "revCount": 302,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
      },
      "original": {
-        "ref": "refs/heads/forkos",
+        "ref": "refs/heads/bring-back-old-gerrit-reporting",
        "type": "git",
        "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
      }
--- a/flake.nix
+++ b/flake.nix
@ -22,7 +22,7 @@
    gerrit-dashboard.url = "git+https://git.lix.systems/the-distro/gerrit-monitoring.git";
    gerrit-dashboard.flake = false;
-    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/forkos";
+    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/bring-back-old-gerrit-reporting";
    buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
    channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";
--- a/hosts/buildbot-lix/default.nix
+++ b/hosts/buildbot-lix/default.nix
@ -38,7 +38,9 @@
      port = 2022;
      username = "buildbot";
    };
-    cors.allowedOrigin = "*.lix.systems";
+    cors.allowedOrigins = [
      "https://*.lix.systems"
    ];
    projects = [
      "lix"
      "lix-installer"
--- a/hosts/buildbot/default.nix
+++ b/hosts/buildbot/default.nix
@ -36,13 +36,15 @@
        port = cfgGerrit.port;
        username = "buildbot";
      };
-    cors.allowedOrigin = "*.forkos.org";
+    cors.allowedOrigins = [
      "https://*.forkos.org"
    ];
    projects = [
      "buildbot-test"
      "nixpkgs"
      "infra"
    ];
-    builders = [ "builder-10" ];
+    builders = [ "builder-9" ];
  };
  i18n.defaultLocale = "en_US.UTF-8";
--- a/services/buildbot/default.nix
+++ b/services/buildbot/default.nix
@ -53,9 +53,9 @@ in
      };
    };
-    cors.allowedOrigin = mkOption {
+    cors.allowedOrigins = mkOption {
-      type = types.str;
+      type = types.listOf types.str;
-      example = "*.forkos.org";
+      example = [ "*.forkos.org" ];
      description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
    };
@ -100,6 +100,7 @@ in
    };
    services.nginx = {
      recommendedProxySettings = true;
      appendHttpConfig = ''
        # Our session stuff is too big with the TWISTED_COOKIE in addition.
        # Default is usually 4k or 8k.
@ -109,8 +110,8 @@ in
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          # This is needed so that logged-in users in Buildbot can include their credentials in their requests.
          add_header Access-Control-Allow-Credentials 'true' always;
          add_header Access-Control-Allow-Origin 'https://${cfg.cors.allowedOrigin}' always;
        '';
      };
    };
@ -155,9 +156,8 @@ in
      # we can replace all of this with automatic localworker generation on buildbot-nix side.
      workersFile = config.age.secrets.buildbot-workers.path;
-      allowedOrigins = [
+      # We rely on NGINX to do the CORS dance.
-        cfg.cors.allowedOrigin
+      allowedOrigins = cfg.cors.allowedOrigins;
      ];
      buildMachines = map (n: {
          hostName = nodes.${n}.config.networking.fqdn;