Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

buildbot: update

Browse source
This commit is contained in:
Julien Malka 2023-11-24 16:55:20 +01:00
parent e6552380fc
commit dc47424a2f
Signed by: Luj
GPG key ID: 6FC74C847011FD83
5 changed files with 188 additions and 189 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

239
flake.lock generated
View file

@ -44,19 +44,39 @@
"type": "gitlab"
}
},
"buildbot-nix": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1700703872,
"narHash": "sha256-dJTI5NK9/iA1JWFjaBQoKX1IaCufKr2ute9V827RYEs=",
"owner": "Mic92",
"repo": "buildbot-nix",
"rev": "edc713ad5ca2c019f5b2a3a5e467d5030135a7eb",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "buildbot-nix",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"stable": "stable"
},
"locked": {
"lastModified": 1698144717,
"narHash": "sha256-uN3u8LjqmVVTqam80YgzcOWCSixZg2hRjUBGHbqTX0Y=",
"lastModified": 1699171528,
"narHash": "sha256-ZsN6y+tgN5w84oAqRQpMhIvQM39ZNSZoZvn2AK0QYr4=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "3538f18b30a8b1ca67978972419263d2849331a7",
"rev": "665603956a1c3040d756987bc7a810ffe86a3b15",
"type": "github"
},
"original": {
@ -103,11 +123,11 @@
]
},
"locked": {
"lastModified": 1698166613,
"narHash": "sha256-y4rdN4flxRiROqNi1waMYIZj/Fs7L2OrszFk/1ry9vU=",
"lastModified": 1699218802,
"narHash": "sha256-5l0W4Q7z7A4BCstaF5JuBqXOVrZ3Vqst5+hUnP7EdUc=",
"owner": "ipetkov",
"repo": "crane",
"rev": "b7db46f0f1751f7b1d1911f6be7daf568ad5bc65",
"rev": "2d6c2aaff5a05e443eb15efddc21f9c73720340c",
"type": "github"
},
"original": {
@ -344,16 +364,16 @@
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698579227,
"narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=",
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f76e870d64779109e41370848074ac4eaa1606ec",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
@ -363,6 +383,27 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@ -495,11 +536,11 @@
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"lastModified": 1700392168,
"narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e",
"type": "github"
},
"original": {
@ -511,14 +552,14 @@
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1698873617,
"narHash": "sha256-FfGFcfbULwbK1vD+H0rslIOfmy4g8f2hXiPkQG3ZCTk=",
"lastModified": 1700814342,
"narHash": "sha256-orNc5wfsE7arQ9TWSTJwvk+utDvJrJ36V84N8o+VI/Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "48b0a30202516e25d9885525fbb200a045f23f26",
"rev": "e1f3b36ab01573fd35cae57d21f45d520433df61",
"type": "github"
},
"original": {
@ -547,17 +588,17 @@
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"systems": "systems_2",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1698945632,
"narHash": "sha256-D49t5G6JBDLRZv5nrMoOoC4J611z1S0LQ7RkNImpGI0=",
"lastModified": 1700739112,
"narHash": "sha256-lsJWWR8JjIWku1AcMrHa7wO4UILytsFRgkFY7T9yRGQ=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "f10996b5753bfc854b019f6889d6bc0c91961e3f",
"rev": "e40e486f61f2643578b9977b86f408799dbc75fd",
"type": "github"
},
"original": {
@ -593,14 +634,14 @@
},
"hyprpaper": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1698097178,
"narHash": "sha256-W4W3pAYNpXp0jLZwK0Bxw6R7n2/UYxp+lnT5mD2/xEM=",
"lastModified": 1699969928,
"narHash": "sha256-c3ZGon18Cm37iTIe86nLkeNkVj16DvEvzvs6UqbvAd4=",
"owner": "hyprwm",
"repo": "hyprpaper",
"rev": "d6856adaffb77a9cc1aac3d04d98276eaa5602a4",
"rev": "38e18b70777be4e8af45698b8c7bdbf3a04387a0",
"type": "github"
},
"original": {
@ -613,18 +654,18 @@
"inputs": {
"crane": "crane_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1698669922,
"narHash": "sha256-qgx17PQkAwF4S2jdXk2bs2wifOhjesiAdVAmFqL5GNM=",
"lastModified": 1700811440,
"narHash": "sha256-wrJpW3JCJ9egZpYUMne4c3PFEp+vmkTj5VFpPAT4xdY=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "781303ad7ca3e41d38d18b6fd293163a61d4b319",
"rev": "cbafc8f8fe388fba6f2c27224276f5f984f9ae47",
"type": "github"
},
"original": {
@ -644,11 +685,11 @@
]
},
"locked": {
"lastModified": 1696671885,
"narHash": "sha256-h9Z66044pIVNmcocgU4HngrTotlLgPEVKBz1t8YM9uE=",
"lastModified": 1700079296,
"narHash": "sha256-wN8nebU1wSwE9tFDLOZ7kNbzYEjEeu1WhhIxyM7/InY=",
"owner": "JulienMalka",
"repo": "Linkal",
"rev": "c4c6f0f858870f3713af351b1783faf628de4f44",
"rev": "d1455d4fbea752bdf3717f97d92b662e678e31b3",
"type": "github"
},
"original": {
@ -675,7 +716,7 @@
"nix-straight": [
"nix-straight"
],
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
@ -709,11 +750,11 @@
]
},
"locked": {
"lastModified": 1698550809,
"narHash": "sha256-Um8+Wi6EAH5dCgfgl7OqaVd4wFJn6FKLafcP5QPr/98=",
"lastModified": 1700363379,
"narHash": "sha256-fBEVPFwSZ6AmBE1s1oT7E9WVuqRghruxTnSQ8UUlMkw=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "1f0981f5baeb78e3c89a8980ff1a39f06876fa8c",
"rev": "27920146e671a0d565aaa7452907383be14d8d82",
"type": "github"
},
"original": {
@ -741,17 +782,17 @@
},
"nixd": {
"inputs": {
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"unstable"
]
},
"locked": {
"lastModified": 1697038389,
"narHash": "sha256-hbzFPXyQQxJObRdb+CsylUXii29UfFV7866WWgWYs6Y=",
"lastModified": 1699966122,
"narHash": "sha256-zEN3ET7jfXpIKYeYh/z4xekOBOoaFS+n0q3oL3sVh+0=",
"owner": "nix-community",
"repo": "nixd",
"rev": "29904e121cc775e7caaf4fffa6bc7da09376a43b",
"rev": "b3bb9ea7cd3c2f07c89779a474d6468b2c11e303",
"type": "github"
},
"original": {
@ -763,7 +804,7 @@
"nixos-apple-silicon": {
"inputs": {
"flake-compat": "flake-compat_5",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"rust-overlay": "rust-overlay_3"
},
"locked": {
@ -782,16 +823,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS",
"lastModified": 1700641131,
"narHash": "sha256-M3bsoVMQM2PcuBWb6n1KDNeMX87svcSj/4qlBcVqs3k=",
"owner": "Nixos",
"repo": "nixpkgs",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"rev": "da41de71f62bf7fb989a04e39629b8adbf8aa8b5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "Nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@ -832,11 +873,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1697456312,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
},
"original": {
@ -847,6 +888,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1700204040,
"narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1698134075,
"narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=",
@ -862,7 +919,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1683014792,
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
@ -878,13 +935,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1698610559,
"narHash": "sha256-i8vFNXJz9VcH05oNe/3Jm5f+CtE3g5uOUvF/dobTMUQ=",
"lastModified": 1699354722,
"narHash": "sha256-abmqUReg4PsyQSwv4d0zjcWpMHrd3IFJiTb2tZpfF04=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4e43dd49630303b00120c11d00d4fb01bb40188d",
"rev": "cfbb29d76949ae53c457f152c52c173ea4bdd862",
"type": "github"
},
"original": {
@ -894,7 +951,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1695806987,
"narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=",
@ -909,7 +966,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1690031011,
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
@ -925,13 +982,13 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1698846319,
"narHash": "sha256-4jyW/dqFBVpWFnhl0nvP6EN4lP7/ZqPxYRjl6var0Oc=",
"lastModified": 1700678569,
"narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "34bdaaf1f0b7fb6d9091472edc968ff10a8c2857",
"rev": "8f1180704ac35baded1a74164365ac7cdfba6f38",
"type": "github"
},
"original": {
@ -1055,11 +1112,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1698227354,
"narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=",
"lastModified": 1699271226,
"narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf",
"rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
"type": "github"
},
"original": {
@ -1087,6 +1144,7 @@
"root": {
"inputs": {
"attic": "attic",
"buildbot-nix": "buildbot-nix",
"colmena": "colmena",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager",
@ -1101,7 +1159,7 @@
"nix-straight": "nix-straight",
"nixd": "nixd",
"nixos-apple-silicon": "nixos-apple-silicon",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"unstable": "unstable",
@ -1163,11 +1221,11 @@
]
},
"locked": {
"lastModified": 1698631970,
"narHash": "sha256-uO+iqGslP1TdH0q3pMkpo6XHtzoEa6bjjF3dEQJSDcc=",
"lastModified": 1699409596,
"narHash": "sha256-L3g1smIol3dGTxkUQOlNShJtZLvjLzvtbaeTRizwZBU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "44210df7a70dcf0a81a5919f9422b6ae589ee673",
"rev": "58240e1ac627cef3ea30c7732fedfb4f51afd8e7",
"type": "github"
},
"original": {
@ -1246,11 +1304,11 @@
]
},
"locked": {
"lastModified": 1698929376,
"narHash": "sha256-TmROaV9W6HArdTUgxLN334Kw+CradxWHw1HYM/3H6xI=",
"lastModified": 1700362823,
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "84d6b27dc71ac02422e192c35806d06915d2bf67",
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
"type": "github"
},
"original": {
@ -1335,6 +1393,27 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"ts-fold": {
"flake": false,
"locked": {
@ -1353,11 +1432,11 @@
},
"unstable": {
"locked": {
"lastModified": 1698611440,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"lastModified": 1700612854,
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
"type": "github"
},
"original": {
@ -1387,18 +1466,18 @@
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1697909146,
"narHash": "sha256-jU0I6FoCKnj4zIBL4daosFWh81U1fM719Z6cae8PxSY=",
"lastModified": 1699292815,
"narHash": "sha256-HXu98PyBMKEWLqiTb8viuLDznud/SdkdJsx5A5CWx7I=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2",
"rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2",
"rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1",
"type": "gitlab"
}
},

2
flake.nix
View file

@ -83,6 +83,8 @@
nix-straight.follows = "nix-straight";
};
};
buildbot-nix.url = "github:Mic92/buildbot-nix";
};
outputs = { self, nixpkgs, ... }@inputs:

3
lib/mkmachine.nix
View file

@ -33,6 +33,9 @@ nixpkgs.lib.nixosSystem {
inputs.attic.nixosModules.atticd
inputs.lanzaboote.nixosModules.lanzaboote
inputs.nix-index-database.nixosModules.nix-index
inputs.buildbot-nix.nixosModules.buildbot-master
inputs.buildbot-nix.nixosModules.buildbot-worker
{
home-manager.useGlobalPkgs = true;
nixpkgs.overlays = [

125
modules/buildbot/default.nix
View file

@ -12,56 +12,31 @@ in
options.luj.buildbot = {
enable = mkEnableOption "activate buildbot service";
nginx.enable = mkEnableOption "activate nginx";
nginx.subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
# Buildbot master
services.buildbot-master = {
services.buildbot-nix.master = {
enable = true;
masterCfg = "${./.}/master.py";
pythonPackages = ps: [
ps.requests
ps.treq
ps.psycopg2
pkgs.buildbot-worker
pkgs.buildbot-plugins.badges
];
domain = "ci.julienmalka.me";
workersFile = config.sops.secrets.buildbot-nix-workers.path;
github = {
tokenFile = config.sops.secrets.github-token.path;
webhookSecretFile = config.sops.secrets.github-webhook-secret.path;
oauthSecretFile = config.sops.secrets.github-oauth-secret.path;
oauthId = "355493f668a8e1aa10cf";
user = "JulienMalka";
admins = [ "JulienMalka" ];
topic = "nix-ci";
};
evalWorkerCount = 10; # limit number of concurrent evaluations
};
systemd.services.buildbot-master = {
reloadIfChanged = true;
environment = {
PORT = port;
# Github app used for the login button
GITHUB_OAUTH_ID = "355493f668a8e1aa10cf";
GITHUB_ORG = "JulienMalka";
GITHUB_REPO = "nix-config";
BUILDBOT_URL = "https://ci.julienmalka.me/";
BUILDBOT_GITHUB_USER = "JulienMalka";
# comma seperated list of users that are allowed to login to buildbot and do stuff
GITHUB_ADMINS = "JulienMalka";
};
serviceConfig = {
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-master";
# in master.py we read secrets from $CREDENTIALS_DIRECTORY
LoadCredential = [
"github-token:${config.sops.secrets.github-token.path}"
"github-webhook-secret:${config.sops.secrets.github-webhook-secret.path}"
"github-oauth-secret:${config.sops.secrets.github-oauth-secret.path}"
"buildbot-nix-workers:${config.sops.secrets.buildbot-nix-workers.path}"
];
};
services.nginx.virtualHosts."ci.julienmalka.me" = {
forceSSL = true;
enableACME = true;
};
sops.secrets = {
github-token = {
format = "binary";
@ -81,77 +56,17 @@ in
};
};
services.nginx.virtualHosts."ci.julienmalka.me" =
{
forceSSL = true;
enableACME = true;
extraConfig = ''
ssl_session_timeout 1440m;
ssl_session_cache shared:SSL:10m;
proxy_set_header Upgrade $http_upgrade;
'';
locations."/".proxyPass = "http://[::]:1810/";
locations."/sse" = {
proxyPass = "http://[::]:1810/sse/";
# proxy buffering will prevent sse to work
extraConfig = "proxy_buffering off;";
};
locations."/ws" = {
proxyPass = "http://[::]:1810/ws";
proxyWebsockets = true;
# raise the proxy timeout for the websocket
extraConfig = "proxy_read_timeout 6000s;";
};
};
#buildbot worker
nix.settings.allowed-users = [ "buildbot-worker" ];
users.users.buildbot-worker = {
description = "Buildbot Worker User.";
isSystemUser = true;
createHome = true;
home = "/var/lib/buildbot-worker";
group = "buildbot-worker";
useDefaultShell = true;
services.buildbot-nix.worker = {
enable = true;
workerPasswordFile = config.sops.secrets.buildbot-nix-worker-password.path;
};
users.groups.buildbot-worker = { };
systemd.services.buildbot-worker = {
reloadIfChanged = true;
description = "Buildbot Worker.";
after = [ "network.target" "buildbot-master.service" ];
wantedBy = [ "multi-user.target" ];
path = [
pkgs.unstable.nix-eval-jobs
pkgs.git
pkgs.gh
pkgs.nix
pkgs.nix-output-monitor
];
environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}";
environment.MASTER_URL = ''tcp:host=127.0.0.1:port=9989'';
environment.BUILDBOT_DIR = buildbotDir;
environment.WORKER_PASSWORD_FILE = config.sops.secrets.buildbot-nix-worker-password.path;
serviceConfig = {
Type = "simple";
User = "buildbot-worker";
Group = "buildbot-worker";
WorkingDirectory = home;
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker";
ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}";
};
};
sops.secrets.buildbot-nix-worker-password = {
format = "binary";
owner = "buildbot-worker";
sopsFile = ../../secrets/buildbot-nix-worker-password;
};
};
}

8
secrets/github-token-secret
View file

@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:iGI6Xo2KMzo7XblQO899N+WSW9XPlgnt77+lzBfCXWDTOtB8I9v+M+Y=,iv:kPc9HgjyLm0Useae78qlc7N/9ZQhnSKN7Ygq1HuRr6M=,tag:lifld7WB4GXSO9NSJkHuCw==,type:str]",
"data": "ENC[AES256_GCM,data:rSlp2u4KtA125ruToMq7kpir/15TBC6xJA+MmKx3OuSZuc4AcmA8pXU=,iv:4+jCeKra1EtN+sqlg9TCsmJ8ZgK9iW8X+EH49OZROmw=,tag:0xK3EQKeHyQLto3oG245YQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@ -15,10 +15,10 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVkFxSTcvZVNYMVVBc2s3\nVmFRbXZ3VEs2ZHc0OVFrZGJ2bmM1RTNETEVnCnUvbkV0ZDNQU05BaGpkRnYxU0ZG\nWU5JdWFwNUtpbFdhMEp5UEZmMTgwMWcKLS0tIGptenFIVGwvdkliWFhhMExCc0xW\nS2ZpUmRtZ1ZWTWxVc281dGFWMnU4bGMK+Ho2hGg0XY2nKmoKqVPLplR5nHKya2Qc\nCrUldyCc6ed8UNa7WHT20YjywIaA9ChofZZep7r6HazaoOkSOGZ2Zg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-08-17T13:31:07Z",
"mac": "ENC[AES256_GCM,data:QvleSXfpiYX3NHkz4sjowb15v7E4AhiFzt7OcWlla9eEp1o6QkEdotArnTL58WB6yvFMpcoRbXaq62WWa3W7eR2cEeTbSCoK/c6iqHLKPxy3BppGU/EbpA3ASt6pp9s6R4HaxYMXmx26QVkJQJDKg/QmDzMCCTNSRiR3q3ewYy8=,iv:uR9F11SK3LIDfnVkqpdxVX0mtKvpqExCJYExlW2Rm3k=,tag:AZi7IKKfF2zTTc7fjTRKsQ==,type:str]",
"lastmodified": "2023-11-24T10:06:54Z",
"mac": "ENC[AES256_GCM,data:zkpkoEzt7JWg8Pq9zAPrDBY5jsjqLwBladfRUTCrSQpZ9mzdLJrUDOMB2JdZ2BITntIgzgSZqIe7ZUHv8t5KqNkQRN8frokJ0sP4uM5Vcmkl0NCgffyQoJK9Mf6zyMEoCB3OdExxtKXglKvLEp6Y2u5vRkmtICkCryI9LrHFXaY=,iv:ItOoL8oYcof8XhTkke4TyAF18tPapgMLZ7Q5y+ayVO4=,tag:h/JRSToSURD2inTLmi+17w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
"version": "3.8.1"
}
}