dotfiles/nixos/systems/buildbot-container/buildbot.nix

{
  pkgs,
  inputs',
  lib,
  ...
}: let
  inherit
    (lib)
    mkForce
    ;
in {
  imports = [
    inputs'.buildbot-nix.nixosModules.buildbot-master
    inputs'.buildbot-nix.nixosModules.buildbot-worker
  ];

  services.nginx.virtualHosts."buildbot.redalder.org".listen = [
    {
      addr = "10.64.2.1";
      port = 8833;
    }
  ];

  environment.systemPackages = with pkgs; [
    git
  ];

  services.buildbot-master = {
    buildbotUrl = mkForce "https://buildbot.redalder.org/";
  };

  services.buildbot-nix.master = {
    enable = true;
    domain = "buildbot.redalder.org";
    workersFile = pkgs.writeText "workers.json" ''
      [
        { "name": "buildbot", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 24 }
      ]
    '';
    github = {
      # Github user used as a CI identity
      user = "MagicRB";
      # Github token of the same user
      tokenFile = "/secret/token";
      # A random secret used to verify incoming webhooks from GitHub
      # buildbot-nix will set up a webhook for each project in the organization
      webhookSecretFile = "/secret/webhook_secret";
      # Either create a GitHub app or an OAuth app
      # After creating the app, press "Generate a new client secret" and fill in the client ID and secret below
      oauthId = "Iv1.9602794c2e5a475b";
      oauthSecretFile = "/secret/oauth_secret";
      # Users in this list will be able to reload the project list.
      # All other user in the organization will be able to restart builds or evaluations.
      admins = ["MagicRB"];
      # All github projects with this topic will be added to buildbot.
      # One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder.
      # This builder has a "Update Github Projects" button that everyone in the github organization can use.
      topic = "buildbot-magicrb";
    };
    # optional expose latest store path as text file
    # outputsPath = "/var/www/buildbot/nix-outputs";

    # optional nix-eval-jobs settings
    evalWorkerCount = 2; # limit number of concurrent evaluations
    evalMaxMemorySize = "4096"; # limit memory usage per evaluation

    # optional cachix
    #cachix = {
    #  name = "my-cachix";
    #  # One of the following is required:
    #  signingKey = "/var/lib/secrets/cachix-key";
    #  authToken = "/var/lib/secrets/cachix-token";
    #};
  };

  # Optional: Enable acme/TLS in nginx (recommended)
  #services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {
  #  forceSSL = true;
  #  useACME = true;
  #};

  services.buildbot-nix.worker = {
    enable = true;
    workerPasswordFile = pkgs.writeText "worker-password-file" "XXXXXXXXXXXXXXXXXXXX";
  };
}
Add buildbot Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-04-21 19:38:47 +02:00			`{`
			`pkgs,`
			`inputs',`
			`lib,`
			`...`
			`}: let`
			`inherit`
			`(lib)`
			`mkForce`
			`;`
			`in {`
			`imports = [`
			`inputs'.buildbot-nix.nixosModules.buildbot-master`
			`inputs'.buildbot-nix.nixosModules.buildbot-worker`
			`];`

			`services.nginx.virtualHosts."buildbot.redalder.org".listen = [`
			`{`
			`addr = "10.64.2.1";`
			`port = 8833;`
			`}`
			`];`

			`environment.systemPackages = with pkgs; [`
			`git`
			`];`

			`services.buildbot-master = {`
			`buildbotUrl = mkForce "https://buildbot.redalder.org/";`
			`};`

			`services.buildbot-nix.master = {`
			`enable = true;`
			`domain = "buildbot.redalder.org";`
			`workersFile = pkgs.writeText "workers.json" ''`
			`[`
			`{ "name": "buildbot", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 24 }`
			`]`
			`'';`
			`github = {`
			`# Github user used as a CI identity`
			`user = "MagicRB";`
			`# Github token of the same user`
			`tokenFile = "/secret/token";`
			`# A random secret used to verify incoming webhooks from GitHub`
			`# buildbot-nix will set up a webhook for each project in the organization`
			`webhookSecretFile = "/secret/webhook_secret";`
			`# Either create a GitHub app or an OAuth app`
			`# After creating the app, press "Generate a new client secret" and fill in the client ID and secret below`
			`oauthId = "Iv1.9602794c2e5a475b";`
			`oauthSecretFile = "/secret/oauth_secret";`
			`# Users in this list will be able to reload the project list.`
			`# All other user in the organization will be able to restart builds or evaluations.`
			`admins = ["MagicRB"];`
			`# All github projects with this topic will be added to buildbot.`
			`# One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder.`
			`# This builder has a "Update Github Projects" button that everyone in the github organization can use.`
			`topic = "buildbot-magicrb";`
			`};`
			`# optional expose latest store path as text file`
			`# outputsPath = "/var/www/buildbot/nix-outputs";`

			`# optional nix-eval-jobs settings`
			`evalWorkerCount = 2; # limit number of concurrent evaluations`
			`evalMaxMemorySize = "4096"; # limit memory usage per evaluation`

			`# optional cachix`
			`#cachix = {`
			`# name = "my-cachix";`
			`# # One of the following is required:`
			`# signingKey = "/var/lib/secrets/cachix-key";`
			`# authToken = "/var/lib/secrets/cachix-token";`
			`#};`
			`};`

			`# Optional: Enable acme/TLS in nginx (recommended)`
			`#services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {`
			`# forceSSL = true;`
			`# useACME = true;`
			`#};`

			`services.buildbot-nix.worker = {`
			`enable = true;`
			`workerPasswordFile = pkgs.writeText "worker-password-file" "XXXXXXXXXXXXXXXXXXXX";`
			`};`
			`}`