From dc47424a2f5b72d3e971b04e7970242eedad31b5 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 24 Nov 2023 16:55:20 +0100 Subject: [PATCH] buildbot: update --- flake.lock | 239 +++++++++++++++++++++++------------ flake.nix | 2 + lib/mkmachine.nix | 3 + modules/buildbot/default.nix | 125 +++--------------- secrets/github-token-secret | 8 +- 5 files changed, 188 insertions(+), 189 deletions(-) diff --git a/flake.lock b/flake.lock index 37f8a30..fbd31b3 100644 --- a/flake.lock +++ b/flake.lock @@ -44,19 +44,39 @@ "type": "gitlab" } }, + "buildbot-nix": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1700703872, + "narHash": "sha256-dJTI5NK9/iA1JWFjaBQoKX1IaCufKr2ute9V827RYEs=", + "owner": "Mic92", + "repo": "buildbot-nix", + "rev": "edc713ad5ca2c019f5b2a3a5e467d5030135a7eb", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "buildbot-nix", + "type": "github" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "stable": "stable" }, "locked": { - "lastModified": 1698144717, - "narHash": "sha256-uN3u8LjqmVVTqam80YgzcOWCSixZg2hRjUBGHbqTX0Y=", + "lastModified": 1699171528, + "narHash": "sha256-ZsN6y+tgN5w84oAqRQpMhIvQM39ZNSZoZvn2AK0QYr4=", "owner": "zhaofengli", "repo": "colmena", - "rev": "3538f18b30a8b1ca67978972419263d2849331a7", + "rev": "665603956a1c3040d756987bc7a810ffe86a3b15", "type": "github" }, "original": { @@ -103,11 +123,11 @@ ] }, "locked": { - "lastModified": 1698166613, - "narHash": "sha256-y4rdN4flxRiROqNi1waMYIZj/Fs7L2OrszFk/1ry9vU=", + "lastModified": 1699218802, + "narHash": "sha256-5l0W4Q7z7A4BCstaF5JuBqXOVrZ3Vqst5+hUnP7EdUc=", "owner": "ipetkov", "repo": "crane", - "rev": "b7db46f0f1751f7b1d1911f6be7daf568ad5bc65", + "rev": "2d6c2aaff5a05e443eb15efddc21f9c73720340c", "type": "github" }, "original": { @@ -344,16 +364,16 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", + "buildbot-nix", "nixpkgs" ] }, "locked": { - "lastModified": 1698579227, - "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "lastModified": 1698882062, + "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f76e870d64779109e41370848074ac4eaa1606ec", + "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", "type": "github" }, "original": { @@ -363,6 +383,27 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1698882062, + "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -495,11 +536,11 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1700392168, + "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e", "type": "github" }, "original": { @@ -511,14 +552,14 @@ }, "home-manager-unstable": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1698873617, - "narHash": "sha256-FfGFcfbULwbK1vD+H0rslIOfmy4g8f2hXiPkQG3ZCTk=", + "lastModified": 1700814342, + "narHash": "sha256-orNc5wfsE7arQ9TWSTJwvk+utDvJrJ36V84N8o+VI/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "48b0a30202516e25d9885525fbb200a045f23f26", + "rev": "e1f3b36ab01573fd35cae57d21f45d520433df61", "type": "github" }, "original": { @@ -547,17 +588,17 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "systems": "systems_2", "wlroots": "wlroots", "xdph": "xdph" }, "locked": { - "lastModified": 1698945632, - "narHash": "sha256-D49t5G6JBDLRZv5nrMoOoC4J611z1S0LQ7RkNImpGI0=", + "lastModified": 1700739112, + "narHash": "sha256-lsJWWR8JjIWku1AcMrHa7wO4UILytsFRgkFY7T9yRGQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "f10996b5753bfc854b019f6889d6bc0c91961e3f", + "rev": "e40e486f61f2643578b9977b86f408799dbc75fd", "type": "github" }, "original": { @@ -593,14 +634,14 @@ }, "hyprpaper": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1698097178, - "narHash": "sha256-W4W3pAYNpXp0jLZwK0Bxw6R7n2/UYxp+lnT5mD2/xEM=", + "lastModified": 1699969928, + "narHash": "sha256-c3ZGon18Cm37iTIe86nLkeNkVj16DvEvzvs6UqbvAd4=", "owner": "hyprwm", "repo": "hyprpaper", - "rev": "d6856adaffb77a9cc1aac3d04d98276eaa5602a4", + "rev": "38e18b70777be4e8af45698b8c7bdbf3a04387a0", "type": "github" }, "original": { @@ -613,18 +654,18 @@ "inputs": { "crane": "crane_2", "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1698669922, - "narHash": "sha256-qgx17PQkAwF4S2jdXk2bs2wifOhjesiAdVAmFqL5GNM=", + "lastModified": 1700811440, + "narHash": "sha256-wrJpW3JCJ9egZpYUMne4c3PFEp+vmkTj5VFpPAT4xdY=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "781303ad7ca3e41d38d18b6fd293163a61d4b319", + "rev": "cbafc8f8fe388fba6f2c27224276f5f984f9ae47", "type": "github" }, "original": { @@ -644,11 +685,11 @@ ] }, "locked": { - "lastModified": 1696671885, - "narHash": "sha256-h9Z66044pIVNmcocgU4HngrTotlLgPEVKBz1t8YM9uE=", + "lastModified": 1700079296, + "narHash": "sha256-wN8nebU1wSwE9tFDLOZ7kNbzYEjEeu1WhhIxyM7/InY=", "owner": "JulienMalka", "repo": "Linkal", - "rev": "c4c6f0f858870f3713af351b1783faf628de4f44", + "rev": "d1455d4fbea752bdf3717f97d92b662e678e31b3", "type": "github" }, "original": { @@ -675,7 +716,7 @@ "nix-straight": [ "nix-straight" ], - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nose": "nose", "ob-racket": "ob-racket", "org": "org", @@ -709,11 +750,11 @@ ] }, "locked": { - "lastModified": 1698550809, - "narHash": "sha256-Um8+Wi6EAH5dCgfgl7OqaVd4wFJn6FKLafcP5QPr/98=", + "lastModified": 1700363379, + "narHash": "sha256-fBEVPFwSZ6AmBE1s1oT7E9WVuqRghruxTnSQ8UUlMkw=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "1f0981f5baeb78e3c89a8980ff1a39f06876fa8c", + "rev": "27920146e671a0d565aaa7452907383be14d8d82", "type": "github" }, "original": { @@ -741,17 +782,17 @@ }, "nixd": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": [ "unstable" ] }, "locked": { - "lastModified": 1697038389, - "narHash": "sha256-hbzFPXyQQxJObRdb+CsylUXii29UfFV7866WWgWYs6Y=", + "lastModified": 1699966122, + "narHash": "sha256-zEN3ET7jfXpIKYeYh/z4xekOBOoaFS+n0q3oL3sVh+0=", "owner": "nix-community", "repo": "nixd", - "rev": "29904e121cc775e7caaf4fffa6bc7da09376a43b", + "rev": "b3bb9ea7cd3c2f07c89779a474d6468b2c11e303", "type": "github" }, "original": { @@ -763,7 +804,7 @@ "nixos-apple-silicon": { "inputs": { "flake-compat": "flake-compat_5", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "rust-overlay": "rust-overlay_3" }, "locked": { @@ -782,16 +823,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", - "owner": "NixOS", + "lastModified": 1700641131, + "narHash": "sha256-M3bsoVMQM2PcuBWb6n1KDNeMX87svcSj/4qlBcVqs3k=", + "owner": "Nixos", "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "rev": "da41de71f62bf7fb989a04e39629b8adbf8aa8b5", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "Nixos", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -832,11 +873,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697456312, - "narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ca012a02bf8327be9e488546faecae5e05d7d749", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", "type": "github" }, "original": { @@ -847,6 +888,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1700204040, + "narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1698134075, "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", @@ -862,7 +919,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1683014792, "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=", @@ -878,13 +935,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1698610559, - "narHash": "sha256-i8vFNXJz9VcH05oNe/3Jm5f+CtE3g5uOUvF/dobTMUQ=", + "lastModified": 1699354722, + "narHash": "sha256-abmqUReg4PsyQSwv4d0zjcWpMHrd3IFJiTb2tZpfF04=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e43dd49630303b00120c11d00d4fb01bb40188d", + "rev": "cfbb29d76949ae53c457f152c52c173ea4bdd862", "type": "github" }, "original": { @@ -894,7 +951,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1695806987, "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", @@ -909,7 +966,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1690031011, "narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=", @@ -925,13 +982,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { - "lastModified": 1698846319, - "narHash": "sha256-4jyW/dqFBVpWFnhl0nvP6EN4lP7/ZqPxYRjl6var0Oc=", + "lastModified": 1700678569, + "narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34bdaaf1f0b7fb6d9091472edc968ff10a8c2857", + "rev": "8f1180704ac35baded1a74164365ac7cdfba6f38", "type": "github" }, "original": { @@ -1055,11 +1112,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1698227354, - "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "lastModified": 1699271226, + "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", + "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", "type": "github" }, "original": { @@ -1087,6 +1144,7 @@ "root": { "inputs": { "attic": "attic", + "buildbot-nix": "buildbot-nix", "colmena": "colmena", "flake-utils": "flake-utils_2", "home-manager": "home-manager", @@ -1101,7 +1159,7 @@ "nix-straight": "nix-straight", "nixd": "nixd", "nixos-apple-silicon": "nixos-apple-silicon", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix", "unstable": "unstable", @@ -1163,11 +1221,11 @@ ] }, "locked": { - "lastModified": 1698631970, - "narHash": "sha256-uO+iqGslP1TdH0q3pMkpo6XHtzoEa6bjjF3dEQJSDcc=", + "lastModified": 1699409596, + "narHash": "sha256-L3g1smIol3dGTxkUQOlNShJtZLvjLzvtbaeTRizwZBU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "44210df7a70dcf0a81a5919f9422b6ae589ee673", + "rev": "58240e1ac627cef3ea30c7732fedfb4f51afd8e7", "type": "github" }, "original": { @@ -1246,11 +1304,11 @@ ] }, "locked": { - "lastModified": 1698929376, - "narHash": "sha256-TmROaV9W6HArdTUgxLN334Kw+CradxWHw1HYM/3H6xI=", + "lastModified": 1700362823, + "narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "84d6b27dc71ac02422e192c35806d06915d2bf67", + "rev": "49a87c6c827ccd21c225531e30745a9a6464775c", "type": "github" }, "original": { @@ -1335,6 +1393,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699786194, + "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "ts-fold": { "flake": false, "locked": { @@ -1353,11 +1432,11 @@ }, "unstable": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1700612854, + "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614", "type": "github" }, "original": { @@ -1387,18 +1466,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1697909146, - "narHash": "sha256-jU0I6FoCKnj4zIBL4daosFWh81U1fM719Z6cae8PxSY=", + "lastModified": 1699292815, + "narHash": "sha256-HXu98PyBMKEWLqiTb8viuLDznud/SdkdJsx5A5CWx7I=", "owner": "wlroots", "repo": "wlroots", - "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2", + "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "47bf87ade2bd32395615a385ebde1fefbcdf79a2", + "rev": "5de9e1a99d6642c2d09d589aa37ff0a8945dcee1", "type": "gitlab" } }, diff --git a/flake.nix b/flake.nix index 14ff2cd..9feef0b 100644 --- a/flake.nix +++ b/flake.nix @@ -83,6 +83,8 @@ nix-straight.follows = "nix-straight"; }; }; + + buildbot-nix.url = "github:Mic92/buildbot-nix"; }; outputs = { self, nixpkgs, ... }@inputs: diff --git a/lib/mkmachine.nix b/lib/mkmachine.nix index e1e9e37..6da4d8b 100644 --- a/lib/mkmachine.nix +++ b/lib/mkmachine.nix @@ -33,6 +33,9 @@ nixpkgs.lib.nixosSystem { inputs.attic.nixosModules.atticd inputs.lanzaboote.nixosModules.lanzaboote inputs.nix-index-database.nixosModules.nix-index + inputs.buildbot-nix.nixosModules.buildbot-master + inputs.buildbot-nix.nixosModules.buildbot-worker + { home-manager.useGlobalPkgs = true; nixpkgs.overlays = [ diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix index 197b43f..6d63cb8 100644 --- a/modules/buildbot/default.nix +++ b/modules/buildbot/default.nix @@ -12,56 +12,31 @@ in options.luj.buildbot = { enable = mkEnableOption "activate buildbot service"; - - nginx.enable = mkEnableOption "activate nginx"; - nginx.subdomain = mkOption { - type = types.str; - }; - }; config = mkIf cfg.enable { - # Buildbot master - - services.buildbot-master = { + services.buildbot-nix.master = { enable = true; - masterCfg = "${./.}/master.py"; - pythonPackages = ps: [ - ps.requests - ps.treq - ps.psycopg2 - pkgs.buildbot-worker - pkgs.buildbot-plugins.badges - ]; + domain = "ci.julienmalka.me"; + workersFile = config.sops.secrets.buildbot-nix-workers.path; + github = { + tokenFile = config.sops.secrets.github-token.path; + webhookSecretFile = config.sops.secrets.github-webhook-secret.path; + oauthSecretFile = config.sops.secrets.github-oauth-secret.path; + oauthId = "355493f668a8e1aa10cf"; + user = "JulienMalka"; + admins = [ "JulienMalka" ]; + topic = "nix-ci"; + }; + evalWorkerCount = 10; # limit number of concurrent evaluations }; - systemd.services.buildbot-master = { - reloadIfChanged = true; - environment = { - PORT = port; - # Github app used for the login button - GITHUB_OAUTH_ID = "355493f668a8e1aa10cf"; - GITHUB_ORG = "JulienMalka"; - GITHUB_REPO = "nix-config"; - - BUILDBOT_URL = "https://ci.julienmalka.me/"; - BUILDBOT_GITHUB_USER = "JulienMalka"; - # comma seperated list of users that are allowed to login to buildbot and do stuff - GITHUB_ADMINS = "JulienMalka"; - }; - serviceConfig = { - # Restart buildbot with a delay. This time way we can use buildbot to deploy itself. - ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-master"; - # in master.py we read secrets from $CREDENTIALS_DIRECTORY - LoadCredential = [ - "github-token:${config.sops.secrets.github-token.path}" - "github-webhook-secret:${config.sops.secrets.github-webhook-secret.path}" - "github-oauth-secret:${config.sops.secrets.github-oauth-secret.path}" - "buildbot-nix-workers:${config.sops.secrets.buildbot-nix-workers.path}" - ]; - }; + services.nginx.virtualHosts."ci.julienmalka.me" = { + forceSSL = true; + enableACME = true; }; + sops.secrets = { github-token = { format = "binary"; @@ -81,77 +56,17 @@ in }; }; - services.nginx.virtualHosts."ci.julienmalka.me" = - { - forceSSL = true; - enableACME = true; - extraConfig = '' - ssl_session_timeout 1440m; - ssl_session_cache shared:SSL:10m; - proxy_set_header Upgrade $http_upgrade; - ''; - locations."/".proxyPass = "http://[::]:1810/"; - locations."/sse" = { - proxyPass = "http://[::]:1810/sse/"; - # proxy buffering will prevent sse to work - extraConfig = "proxy_buffering off;"; - }; - locations."/ws" = { - proxyPass = "http://[::]:1810/ws"; - proxyWebsockets = true; - # raise the proxy timeout for the websocket - extraConfig = "proxy_read_timeout 6000s;"; - }; - }; - - #buildbot worker - - nix.settings.allowed-users = [ "buildbot-worker" ]; - users.users.buildbot-worker = { - description = "Buildbot Worker User."; - isSystemUser = true; - createHome = true; - home = "/var/lib/buildbot-worker"; - group = "buildbot-worker"; - useDefaultShell = true; + services.buildbot-nix.worker = { + enable = true; + workerPasswordFile = config.sops.secrets.buildbot-nix-worker-password.path; }; - users.groups.buildbot-worker = { }; - systemd.services.buildbot-worker = { - reloadIfChanged = true; - description = "Buildbot Worker."; - after = [ "network.target" "buildbot-master.service" ]; - wantedBy = [ "multi-user.target" ]; - path = [ - pkgs.unstable.nix-eval-jobs - pkgs.git - pkgs.gh - pkgs.nix - pkgs.nix-output-monitor - ]; - environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}"; - environment.MASTER_URL = ''tcp:host=127.0.0.1:port=9989''; - environment.BUILDBOT_DIR = buildbotDir; - environment.WORKER_PASSWORD_FILE = config.sops.secrets.buildbot-nix-worker-password.path; - - serviceConfig = { - Type = "simple"; - User = "buildbot-worker"; - Group = "buildbot-worker"; - WorkingDirectory = home; - - # Restart buildbot with a delay. This time way we can use buildbot to deploy itself. - ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker"; - ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}"; - }; - }; sops.secrets.buildbot-nix-worker-password = { format = "binary"; owner = "buildbot-worker"; sopsFile = ../../secrets/buildbot-nix-worker-password; }; - }; } diff --git a/secrets/github-token-secret b/secrets/github-token-secret index 8ae6c8f..300702f 100644 --- a/secrets/github-token-secret +++ b/secrets/github-token-secret @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:iGI6Xo2KMzo7XblQO899N+WSW9XPlgnt77+lzBfCXWDTOtB8I9v+M+Y=,iv:kPc9HgjyLm0Useae78qlc7N/9ZQhnSKN7Ygq1HuRr6M=,tag:lifld7WB4GXSO9NSJkHuCw==,type:str]", + "data": "ENC[AES256_GCM,data:rSlp2u4KtA125ruToMq7kpir/15TBC6xJA+MmKx3OuSZuc4AcmA8pXU=,iv:4+jCeKra1EtN+sqlg9TCsmJ8ZgK9iW8X+EH49OZROmw=,tag:0xK3EQKeHyQLto3oG245YQ==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -15,10 +15,10 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVkFxSTcvZVNYMVVBc2s3\nVmFRbXZ3VEs2ZHc0OVFrZGJ2bmM1RTNETEVnCnUvbkV0ZDNQU05BaGpkRnYxU0ZG\nWU5JdWFwNUtpbFdhMEp5UEZmMTgwMWcKLS0tIGptenFIVGwvdkliWFhhMExCc0xW\nS2ZpUmRtZ1ZWTWxVc281dGFWMnU4bGMK+Ho2hGg0XY2nKmoKqVPLplR5nHKya2Qc\nCrUldyCc6ed8UNa7WHT20YjywIaA9ChofZZep7r6HazaoOkSOGZ2Zg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-08-17T13:31:07Z", - "mac": "ENC[AES256_GCM,data:QvleSXfpiYX3NHkz4sjowb15v7E4AhiFzt7OcWlla9eEp1o6QkEdotArnTL58WB6yvFMpcoRbXaq62WWa3W7eR2cEeTbSCoK/c6iqHLKPxy3BppGU/EbpA3ASt6pp9s6R4HaxYMXmx26QVkJQJDKg/QmDzMCCTNSRiR3q3ewYy8=,iv:uR9F11SK3LIDfnVkqpdxVX0mtKvpqExCJYExlW2Rm3k=,tag:AZi7IKKfF2zTTc7fjTRKsQ==,type:str]", + "lastmodified": "2023-11-24T10:06:54Z", + "mac": "ENC[AES256_GCM,data:zkpkoEzt7JWg8Pq9zAPrDBY5jsjqLwBladfRUTCrSQpZ9mzdLJrUDOMB2JdZ2BITntIgzgSZqIe7ZUHv8t5KqNkQRN8frokJ0sP4uM5Vcmkl0NCgffyQoJK9Mf6zyMEoCB3OdExxtKXglKvLEp6Y2u5vRkmtICkCryI9LrHFXaY=,iv:ItOoL8oYcof8XhTkke4TyAF18tPapgMLZ7Q5y+ayVO4=,tag:h/JRSToSURD2inTLmi+17w==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" + "version": "3.8.1" } } \ No newline at end of file