2024-04-15 13:28:27 +00:00
{ pkgs , . . . }:
{
services . buildbot-nix . master = {
enable = true ;
# Domain name under which the buildbot frontend is reachable
domain = " b u i l d b o t 2 . t h a l h e i m . i o " ;
# The workers file configures credentials for the buildbot workers to connect to the master.
# "name" is the configured worker name in services.buildbot-nix.worker.name of a worker
# (defaults to the hostname of the machine)
# "pass" is the password for the worker configured in `services.buildbot-nix.worker.workerPasswordFile`
# "cores" is the number of cpu cores the worker has.
2024-05-04 21:53:43 +00:00
# The number must match the actual core count of the machine as otherwise not enough buildbot-workers are created.
2024-04-15 13:28:27 +00:00
workersFile = pkgs . writeText " w o r k e r s . j s o n " ''
[
{ " n a m e " : " e v e " , " p a s s " : " X X X X X X X X X X X X X X X X X X X X " , " c o r e s " : 16 }
]
2024-04-30 10:19:36 +00:00
'' ; # F I X M E : r e p l a c e t h i s w i t h a s e c r e t n o t s t o r e d i n t h e n i x s t o r e
2024-04-27 15:06:17 +00:00
# Users in this list will be able to reload the project list.
# All other user in the organization will be able to restart builds or evaluations.
admins = [ " M i c 9 2 " ] ;
2024-04-15 13:28:27 +00:00
github = {
# Github user used as a CI identity
user = " m i c 9 2 - b u i l d b o t " ;
2024-05-23 08:37:02 +00:00
authType . legacy = {
enable = true ;
# Github token of the same user
tokenFile = pkgs . writeText " g i t h u b - t o k e n " " g h p _ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 " ; # FIXME: replace this with a secret not stored in the nix store
} ;
2024-04-15 13:28:27 +00:00
# A random secret used to verify incoming webhooks from GitHub
# buildbot-nix will set up a webhook for each project in the organization
2024-04-30 10:19:36 +00:00
webhookSecretFile = pkgs . writeText " w e b h o o k S e c r e t " " 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 " ; # FIXME: replace this with a secret not stored in the nix store
2024-04-15 13:28:27 +00:00
# Either create a GitHub app or an OAuth app
# After creating the app, press "Generate a new client secret" and fill in the client ID and secret below
oauthId = " a a a a a a a a a a a a a a a a a a a a " ;
2024-04-30 10:19:36 +00:00
oauthSecretFile = pkgs . writeText " o a u t h S e c r e t " " f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f f " ; # FIXME: replace this with a secret not stored in the nix store
2024-04-15 13:28:27 +00:00
# All github projects with this topic will be added to buildbot.
# One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder.
# This builder has a "Update Github Projects" button that everyone in the github organization can use.
topic = " b u i l d b o t - m i c 9 2 " ;
} ;
2024-05-01 10:23:23 +00:00
# Gitea example
# authBackend = "gitea"; # login with gitea
#gitea = {
# enable = true;
# instanceUrl = "https://git.clan.lol";
# # Create a Gitea App with for redirect uris: https://buildbot.clan.lol/auth/login
# oauthId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
# oauthSecretFile = pkgs.writeText "gitea-oauth-secret" "ffffffffffffffffffffffffffffffffffffffff"; # FIXME: replace this with a secret not stored in the nix store;
# webhookSecretFile = pkgs.writeText "gitea-webhook-secret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
# tokenFile = pkgs.writeText "gitea-token" "0000000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
# topic = "buildbot-clan";
#};
2024-04-15 13:28:27 +00:00
# optional expose latest store path as text file
# outputsPath = "/var/www/buildbot/nix-outputs";
# optional nix-eval-jobs settings
# evalWorkerCount = 8; # limit number of concurrent evaluations
# evalMaxMemorySize = "2048"; # limit memory usage per evaluation
# optional cachix
#cachix = {
# name = "my-cachix";
# # One of the following is required:
2024-05-16 21:14:19 +00:00
# signingKeyFile = "/var/lib/secrets/cachix-key";
# authTokenFile = "/var/lib/secrets/cachix-token";
2024-04-15 13:28:27 +00:00
#};
} ;
# Optional: Enable acme/TLS in nginx (recommended)
#services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {
# forceSSL = true;
2024-04-30 13:00:02 +00:00
# enableACME = true;
2024-04-15 13:28:27 +00:00
#};
2024-05-09 13:52:20 +00:00
# Optional: If buildbot is setup to run behind another proxy that does TLS
# termination set this to true to have buildbot use https:// for its endpoint
#useHTTPS = true;
2024-04-15 13:28:27 +00:00
}