rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add buildbot

Browse Source
This commit is contained in:
Romain Paquet
2025-10-01 14:21:25 +02:00
parent 1a42b79c81
commit 6d3c8a92c4
8 changed files with 295 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
clanServices/buildbot/default.nix Normal file
View File

@@ -0,0 +1,158 @@
{ self, ... }:
{ lib, ... }:
{
_class = "clan.service";
manifest.name = "buildbot";
roles.master = {
interface.options = {
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name under which the buildbot frontend is reachable";
example = "https://buildbot.example.com";
};
admins = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of usernames allowed to authenticate to the buildbot frontend";
example = [ "Mic92" ];
};
topic = lib.mkOption {
type = lib.types.str;
description = "Name of the topic attached to repositories that should be built";
example = "buildbot-nix";
};
gitea.instanceUrl = lib.mkOption {
type = lib.types.str;
description = "URL of the Gitea instance";
example = "https://git.example.com";
};
};
perInstance =
{
settings,
roles,
...
}:
{
nixosModule =
{
config,
lib,
pkgs,
...
}:
{
imports = [
self.inputs.buildbot-nix.nixosModules.buildbot-master
];
services.buildbot-nix.master = {
enable = true;
workersFile = config.clan.core.vars.generators.buildbot.files.workers-file.path;
inherit (settings) domain admins;
authBackend = "gitea";
gitea = {
enable = true;
inherit (settings.gitea) instanceUrl;
inherit (settings) topic;
tokenFile = config.clan.core.vars.generators.buildbot.files.api-token.path;
webhookSecretFile = config.clan.core.vars.generators.buildbot.files.webhook-secret.path;
oauthId = config.clan.core.vars.generators.buildbot.files.oauth-id.value;
oauthSecretFile = config.clan.core.vars.generators.buildbot.files.oauth-secret.path;
};
};
clan.core.vars.generators.buildbot = {
prompts.api-token = {
description = "gitea API token";
type = "hidden";
persist = true;
};
prompts.webhook-secret = {
description = "gitea webhook secret";
type = "hidden";
persist = true;
};
prompts.oauth-id = {
description = "oauth client id";
persist = true;
};
files.oauth-id.secret = false;
prompts.oauth-secret = {
description = "oauth secret";
type = "hidden";
persist = true;
};
dependencies = [ "buildbot-worker" ];
files.workers-file.secret = true;
runtimeInputs = [ pkgs.python3 ];
script = ''
python3 - << EOF
import os
import json
password_path = os.path.join(os.environ.get("in"), "buildbot-worker/worker-password")
password = open(password_path).read().strip()
workers = [
{
"name": "${config.networking.hostName}",
"pass": password,
"cores": 4,
},
];
workers_file_path = os.path.join(os.environ.get("out"), "workers-file")
with open(workers_file_path, "w") as workers_file:
workers_file.write(json.dumps(workers))
EOF
'';
};
};
};
};
roles.worker = {
perInstance =
{
settings,
roles,
...
}:
{
nixosModule =
{
config,
lib,
pkgs,
...
}:
{
imports = [
self.inputs.buildbot-nix.nixosModules.buildbot-worker
];
services.buildbot-nix.worker = {
enable = true;
workerPasswordFile = config.clan.core.vars.generators.buildbot-worker.files.worker-password.path;
};
clan.core.vars.generators.buildbot-worker = {
files.worker-password = { };
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl rand -hex 32 > "$out"/worker-password
'';
};
};
};
};
}

4
clanServices/buildbot/flake-module.nix Normal file
View File

@@ -0,0 +1,4 @@
{ self, lib, ... }:
{
clan.modules."@rpqt/buildbot" = lib.modules.importApply ./default.nix { inherit self; };
}

1
clanServices/flake-module.nix
View File

@@ -1,5 +1,6 @@
{
imports = [
./buildbot/flake-module.nix
./prometheus/flake-module.nix
];
}