auxolotl/buildbot-nix
26
1
Fork 0
Code Issues Pull requests 1 Actions 1 Packages Projects Releases Wiki Activity

Added simple Attic

Browse source 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
This commit is contained in:
mannp 2024-06-14 10:38:45 +01:00 committed by mergify[bot]
parent 1912618053
commit 51653df88b
2 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -149,6 +149,15 @@ Buildbot-nix also supports pushing packages to cachix. Check out the comment out
[example configuration](https://github.com/Mic92/buildbot-nix/blob/main/examples/master.nix)
in our repository.
#### Attic
Buildbot-nix does not have native support for pushing packages to
[attic](https://github.com/zhaofengli/attic) yet. However it's possible to
integrate run a systemd service as described in
[this example configuration](./examples/attic-watch-store.nix). The systemd
service watches for changes in the local buildbot-nix store and uploads the
contents to the attic cache.
## Real-World Deployments
See Buildbot-nix in action in these deployments:

35
examples/attic-watch-store.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs
, config
, inputs
, ...
}: {
# sops-nix (https://github.com/Mic92/sops-nix) is just an example, here.
# Replace with your own secret management as needed: https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes
sops.secrets."attic/prod-auth-token" = { sopsFile = ../secrets.yaml; };
sops.secrets."attic/netrc-file-pull-push" = { sopsFile = ../secrets.yaml; };
# Add netrc file for this machine to do its normal thing with the cache, as a machine.
nix.settings.netrc-file = config.sops.secrets."attic/netrc-file-pull-push".path;
systemd.services.attic-watch-store = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
environment.HOME = "/var/lib/attic-watch-store";
serviceConfig = {
DynamicUser = true;
MemoryHigh = "5%";
MemoryMax = "10%";
LoadCredential = "prod-auth-token:${config.sops.secrets."attic/prod-auth-token".path}";
StateDirectory = "attic-watch-store";
};
path = [ pkgs.attic-client ];
script = ''
set -eux -o pipefail
ATTIC_TOKEN=$(< $CREDENTIALS_DIRECTORY/prod-auth-token)
# Replace https://cache.<domain> with your own cache URL.
attic login prod https://cache.<domain> $ATTIC_TOKEN
attic use prod
exec attic watch-store prod:prod
'';
};
}