dotfiles/nixos/systems/buildbot-container/buildbot.nix
magic_rb dab6cb7594
Buildbot fully working with Gitea
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-04-27 22:10:15 +02:00

98 lines
3 KiB
Nix

{
pkgs,
inputs',
lib,
...
}: let
inherit
(lib)
mkForce
;
in {
imports = [
inputs'.buildbot-nix.nixosModules.buildbot-master
inputs'.buildbot-nix.nixosModules.buildbot-worker
];
services.nginx.virtualHosts."buildbot.redalder.org".listen = [
{
addr = "10.64.2.1";
port = 8833;
}
];
environment.systemPackages = with pkgs; [
git
];
services.buildbot-master = {
buildbotUrl = mkForce "https://buildbot.redalder.org/";
};
services.buildbot-nix.master = {
enable = true;
domain = "buildbot.redalder.org";
workersFile = pkgs.writeText "workers.json" ''
[
{ "name": "buildbot", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 24 }
]
'';
authBackend = "gitea";
gitea = {
enable = true;
tokenFile = "/secret/gitea_token";
instanceURL = "codeberg.org";
oauthId = "b862a7fa-04ba-462e-b495-2cecc1e6bb18";
webhookSecretFile = "/secret/github_webhook_secret";
oauthSecretFile = "/secret/gitea_oauth_secret";
admins = ["magic_rb"];
topic = "build-with-buildbot";
};
github = {
# Github user used as a CI identity
user = "MagicRB";
# Github token of the same user
tokenFile = "/secret/github_token";
# A random secret used to verify incoming webhooks from GitHub
# buildbot-nix will set up a webhook for each project in the organization
webhookSecretFile = "/secret/github_webhook_secret";
# Either create a GitHub app or an OAuth app
# After creating the app, press "Generate a new client secret" and fill in the client ID and secret below
oauthId = "Iv1.9602794c2e5a475b";
oauthSecretFile = "/secret/github_oauth_secret";
# Users in this list will be able to reload the project list.
# All other user in the organization will be able to restart builds or evaluations.
admins = ["MagicRB"];
# All github projects with this topic will be added to buildbot.
# One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder.
# This builder has a "Update Github Projects" button that everyone in the github organization can use.
topic = "buildbot-magicrb";
};
# optional expose latest store path as text file
# outputsPath = "/var/www/buildbot/nix-outputs";
# optional nix-eval-jobs settings
evalWorkerCount = 2; # limit number of concurrent evaluations
evalMaxMemorySize = "4096"; # limit memory usage per evaluation
# optional cachix
#cachix = {
# name = "my-cachix";
# # One of the following is required:
# signingKey = "/var/lib/secrets/cachix-key";
# authToken = "/var/lib/secrets/cachix-token";
#};
};
# Optional: Enable acme/TLS in nginx (recommended)
#services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {
# forceSSL = true;
# useACME = true;
#};
services.buildbot-nix.worker = {
enable = true;
workerPasswordFile = pkgs.writeText "worker-password-file" "XXXXXXXXXXXXXXXXXXXX";
};
}