{ pkgs, inputs', lib, ... }: let inherit (lib) mkForce ; in { imports = [ inputs'.buildbot-nix.nixosModules.buildbot-master inputs'.buildbot-nix.nixosModules.buildbot-worker ]; services.nginx.virtualHosts."buildbot.redalder.org".listen = [ { addr = "10.64.2.1"; port = 8833; } ]; environment.systemPackages = with pkgs; [ git ]; services.buildbot-master = { buildbotUrl = mkForce "https://buildbot.redalder.org/"; }; services.buildbot-nix.master = { enable = true; domain = "buildbot.redalder.org"; workersFile = pkgs.writeText "workers.json" '' [ { "name": "buildbot", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 24 } ] ''; admins = ["magic_rb" "MagicRB"]; authBackend = "github"; gitea = { enable = true; tokenFile = "/secret/gitea_token"; instanceUrl = "https://codeberg.org"; oauthId = "b862a7fa-04ba-462e-b495-2cecc1e6bb18"; webhookSecretFile = "/secret/github_webhook_secret"; oauthSecretFile = "/secret/gitea_oauth_secret"; topic = "build-with-buildbot"; }; github = { webhookSecretFile = "/secret/github_webhook_secret"; oauthId = "Iv1.9602794c2e5a475b"; oauthSecretFile = "/secret/github_oauth_secret"; topic = "buildbot-magicrb"; authType.app = { secretKeyFile = "/secret/github_app_private_key.pem"; id = 881425; }; # authType.legacy = { # tokenFile = "/secret/github_token"; # }; }; # optional expose latest store path as text file # outputsPath = "/var/www/buildbot/nix-outputs"; # optional nix-eval-jobs settings evalWorkerCount = 2; # limit number of concurrent evaluations evalMaxMemorySize = "4096"; # limit memory usage per evaluation # optional cachix #cachix = { # name = "my-cachix"; # # One of the following is required: # signingKey = "/var/lib/secrets/cachix-key"; # authToken = "/var/lib/secrets/cachix-token"; #}; }; # Optional: Enable acme/TLS in nginx (recommended) #services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = { # forceSSL = true; # useACME = true; #}; services.buildbot-nix.worker = { enable = true; workerPasswordFile = pkgs.writeText "worker-password-file" "XXXXXXXXXXXXXXXXXXXX"; }; }