diff options
Diffstat (limited to 'krebs/3modules/buildbot/master.nix')
| -rw-r--r-- | krebs/3modules/buildbot/master.nix | 95 |
1 files changed, 53 insertions, 42 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 9e144ee0e..b31661572 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,14 +3,10 @@ with import <stockholm/lib>; let - # https://github.com/NixOS/nixpkgs/issues/14026 - nixpkgs-fix = import (pkgs.fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632"; - }) {}; - - buildbot = nixpkgs-fix.buildbot; + buildbot = pkgs.stdenv.lib.overrideDerivation pkgs.buildbot-full (old:{ + patches = [ ./buildbot.patch ]; + propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.coreutils ]; + }); buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * @@ -18,11 +14,11 @@ let import json c = BuildmasterConfig = {} - c['slaves'] = [] - slaves = json.loads('${builtins.toJSON cfg.slaves}') - slavenames = [ s for s in slaves ] - for k,v in slaves.items(): - c['slaves'].append(buildslave.BuildSlave(k, v)) + c['workers'] = [] + workers = json.loads('${builtins.toJSON cfg.workers}') + workernames = [ s for s in workers ] + for k,v in workers.items(): + c['workers'].append(worker.Worker(k, v)) # TODO: configure protocols? c['protocols'] = {'pb': {'port': 9989}} @@ -63,32 +59,46 @@ let ####### Status - c['status'] = st = [] + c['services'] = [] # If you want to configure this url, override with extraConfig c['buildbotURL'] = "http://${config.networking.hostName}:${toString cfg.web.port}/" ${optionalString (cfg.web.enable) '' - from buildbot.status import html - from buildbot.status.web import authz, auth - authz_cfg=authz.Authz( - auth=auth.BasicAuth([ ("${cfg.web.username}","${cfg.web.password}") ]), - # TODO: configure harder - gracefulShutdown = False, - forceBuild = 'auth', - forceAllBuilds = 'auth', - pingBuilder = False, - stopBuild = 'auth', - stopAllBuilds = 'auth', - cancelPendingBuild = 'auth' - ) + from buildbot.plugins import util + + #authz_cfg=authz.Authz( + # auth=auth.BasicAuth([ ]), + # # TODO: configure harder + # gracefulShutdown = False, + # forceBuild = 'auth', + # forceAllBuilds = 'auth', + # pingBuilder = False, + # stopBuild = 'auth', + # stopAllBuilds = 'auth', + # cancelPendingBuild = 'auth' + #) # TODO: configure krebs.nginx - st.append(html.WebStatus(http_port=${toString cfg.web.port}, authz=authz_cfg)) + c['www'] = dict( + port = ${toString cfg.web.port}, + plugins = { 'waterfall_view':{}, 'console_view':{} } + ) + c['www']['auth'] = util.UserPasswordAuth({"${cfg.web.username}":"${cfg.web.password}"}) + c['www']['authz'] = util.Authz( + allowRules = [ + util.StopBuildEndpointMatcher(role="admins"), + util.ForceBuildEndpointMatcher(role="admins"), + util.RebuildBuildEndpointMatcher(role="admins") + ], + roleMatchers = [ + util.RolesFromEmails(admins=["${cfg.web.username}"]) + ] + ) ''} ${optionalString (cfg.irc.enable) '' - from buildbot.status import words - irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", + from buildbot.plugins import reporters + irc = reporters.IRC("${cfg.irc.server}", "${cfg.irc.nick}", channels=${builtins.toJSON cfg.irc.channels}, notify_events={ 'success': 1, @@ -97,7 +107,7 @@ let 'successToFailure': 1, 'failureToSuccess': 1, }${optionalString cfg.irc.allowForce ",allowForce=True"}) - c['status'].append(irc) + c['services'].append(irc) ''} ${ concatStringsSep "\n" @@ -150,12 +160,12 @@ let ''; }; - slaves = mkOption { + workers = mkOption { default = {}; type = types.attrsOf types.str; description = '' - Attrset of slavenames with their passwords - slavename = slavepassword + Attrset of workernames with their passwords + workername = workerpassword ''; }; @@ -283,8 +293,12 @@ let options = { enable = mkEnableOption "Buildbot Master IRC Status"; channels = mkOption { - default = [ "nix-buildbot-meetup" ]; - type = with types; listOf str; + default = [ { channel = "nix-buildbot-meetup";} ]; + example = literalExample ''[ + {channel = "nix-buildbot-meetup";} + {channel = "nix-buildbot-lol"; "password" = "lol";} + ]''; + type = with types; listOf (attrsOf str); description = '' irc channels the bot should connect to ''; @@ -333,7 +347,7 @@ let }; users.extraGroups.buildbotMaster = { - gid = 672626386; + gid = genid "buildbotMaster"; }; systemd.services.buildbotMaster = { @@ -350,8 +364,6 @@ let secretsdir = shell.escape (toString <secrets>); in { PermissionsStartOnly = true; - Type = "forking"; - PIDFile = "${workdir}/twistd.pid"; # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux @@ -375,9 +387,8 @@ let chmod 700 -R ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; - ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; - ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; + ExecStart = "${buildbot}/bin/buildbot start --nodaemon ${workdir}"; + # ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; |