mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-11 17:31:58 +01:00
6b3ba18d70
Signed-off-by: magic_rb <magic_rb@redalder.org>
109 lines
3.5 KiB
Nix
109 lines
3.5 KiB
Nix
{
|
|
inputs',
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: {
|
|
services.hashicorp.vault-agent = {
|
|
settings.template = let
|
|
buildbotRestart =
|
|
pkgs.writeShellScript "buildbot-reload.sh"
|
|
''
|
|
sudo systemd-run -P --machine klipper /run/current-system/sw/bin/bash -l -c \
|
|
'systemctl try-reload-or-restart container@buildbot' || true
|
|
'';
|
|
in
|
|
map (v: v // {command = buildbotRestart;}) [
|
|
{
|
|
source = pkgs.writeText "buildbot.github_oauth_secret.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.oauth_secret }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/github_oauth_secret";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.github_token.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.token }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/github_token";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.github_webhook_secret.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.webhook_secret }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/github_webhook_secret";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.gitea_token.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/gitea" }}{{ .Data.data.token }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/gitea_token";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.gitea.oauth_secret.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/gitea" }}{{ .Data.data.oauth_secret }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/gitea_oauth_secret";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.github.app_private_key.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.app_private_key }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/github_app_private_key.pem";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.wordker_secret.vtmpl" ''
|
|
{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.worker_secret }}{{ end }}
|
|
'';
|
|
destination = "/run/secrets/buildbot/worker_secret";
|
|
}
|
|
{
|
|
source = pkgs.writeText "buildbot.wordkers.json.vtmpl" ''
|
|
[
|
|
{ "name": "buildbot", "pass": "{{ with secret "kv/data/cluster/buildbot/buildbot" }}{{ .Data.data.worker_secret }}{{ end }}", "cores": 24 }
|
|
]
|
|
'';
|
|
destination = "/run/secrets/buildbot/workers.json";
|
|
}
|
|
];
|
|
};
|
|
|
|
containers.buildbot = {
|
|
ephemeral = true;
|
|
autoStart = true;
|
|
privateNetwork = false;
|
|
|
|
bindMounts = {
|
|
"/var/lib/buildbot" = {
|
|
hostPath = "/mnt/kyle/infrastructure/buildbot/data";
|
|
isReadOnly = false;
|
|
};
|
|
"/var/lib/postgresql" = {
|
|
hostPath = "/mnt/kyle/infrastructure/buildbot/database";
|
|
isReadOnly = false;
|
|
};
|
|
"/secret" = {
|
|
hostPath = "/run/secrets/buildbot";
|
|
isReadOnly = true;
|
|
};
|
|
};
|
|
|
|
specialArgs = {
|
|
inherit inputs';
|
|
};
|
|
|
|
nixpkgs = inputs'.buildbot-nix.inputs.nixpkgs;
|
|
|
|
config = {
|
|
boot.isContainer = true;
|
|
|
|
nix.settings = config.nix.settings;
|
|
nix.package = config.nix.package;
|
|
|
|
imports = [
|
|
../buildbot-container/buildbot.nix
|
|
];
|
|
|
|
networking.hostName = "buildbot";
|
|
};
|
|
};
|
|
}
|