Actually fix Cachix, attempt 3

Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
magic_rb 2024-07-27 13:25:39 +02:00 committed by mergify[bot]
parent 225d286fa7
commit 62e7fc4d88

View file

@ -8,8 +8,6 @@ let
cfg = config.services.buildbot-nix.master; cfg = config.services.buildbot-nix.master;
inherit (lib) mkRemovedOptionModule mkRenamedOptionModule; inherit (lib) mkRemovedOptionModule mkRenamedOptionModule;
optionsCachix = options.services.buildbot-nix.master.cachix;
interpolateType = interpolateType =
lib.mkOptionType { lib.mkOptionType {
name = "interpolate"; name = "interpolate";
@ -164,13 +162,51 @@ in
description = "Cachix name"; description = "Cachix name";
}; };
signingKeyFile = lib.mkOption { auth = lib.mkOption {
type = lib.types.attrTag {
signingKey = lib.mkOption {
description = ''
Use a signing key to authenticate with Cachix.
'';
type = lib.types.submodule {
options.file = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = ''
Path to a file containing the signing key.
'';
};
};
};
authToken = lib.mkOption {
description = ''
Use an authentication token to authenticate with Cachix.
'';
type = lib.types.submodule {
options.file = lib.mkOption {
type = lib.types.path;
description = ''
Path to a file containing the authentication token.
'';
};
};
};
};
};
signingKeyFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
visible = false;
description = "Cachix signing key"; description = "Cachix signing key";
}; };
authTokenFile = lib.mkOption { authTokenFile = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.path;
default = null;
visible = false;
description = "Cachix auth token"; description = "Cachix auth token";
}; };
}; };
@ -365,21 +401,36 @@ in
isSystemUser = true; isSystemUser = true;
}; };
services.buildbot-nix.master.cachix.auth = lib.mkIf (cfg.cachix.authTokenFile != null || cfg.cachix.signingKeyFile != null)
(if (cfg.cachix.authTokenFile != null) then
lib.warn
"Obsolete option `services.buildbot-nix.master.cachix.authTokenFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.authToken.file'."
{ authToken.file = cfg.cachix.authTokenFile; }
else if (cfg.cachix.signingKeyFile != null) then
lib.warn
"Obsolete option `services.buildbot-nix.master.cachix.signingKeyFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.signingKey.file'."
{ signingKey.file = cfg.cachix.signingKeyFile; }
else
throw "Impossible, guarded by mkIf.");
assertions = [ assertions = [
{ {
assertion = assertion =
let let
allIsNull = lib.all (x: x == null); isNull = x: x == null;
in in
optionsCachix.enable.value || lib.foldr (a: b: a && b) true [ isNull cfg.cachix.authTokenFile && isNull cfg.cachix.signingKeyFile ||
(optionsCachix.name.isDefined -> allIsNull optionsCachix.name.definitions) isNull cfg.cachix.authTokenFile && cfg.cachix.enable ||
(optionsCachix.signingKeyFile.isDefined -> allIsNull optionsCachix.signingKeyFile.definitions) isNull cfg.cachix.signingKeyFile && cfg.cachix.enable;
(optionsCachix.authTokenFile.isDefined -> allIsNull optionsCachix.authTokenFile.definitions)
];
message = '' message = ''
The semantics of `options.services.buildbot-nix.master.cachix` recently changed slightly, the options The semantics of `options.services.buildbot-nix.master.cachix` recently changed
`name`, `signingKeyFile`, and `authTokenFile` are no longer null-able. To enable Cachix support use: slightly, the option `name` is no longer null-able. To enable Cachix support
`options.services.buildbot-nix.master.cachix.enable = True`. use `services.buildbot-nix.master.cachix.enable = true`.
Furthermore, the options `services.buildbot-nix.master.cachix.authTokenFile` and
`services.buildbot-nix.master.cachix.signingKeyFile` were renamed to
`services.buildbot-nix.master.cachix.auth.authToken.file` and
`services.buildbot-nix.master.cachix.auth.signingKey.file` respectively.
''; '';
} }
{ {
@ -450,8 +501,16 @@ in
else else
{ {
name = cfg.cachix.name; name = cfg.cachix.name;
signing_key_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.signingKeyFile else null; signing_key_file =
auth_token_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.authTokenFile else null; if cfg.cachix.auth ? "signingKey" then
cfg.cachix.auth.signingKey.file
else
null;
auth_token_file =
if cfg.cachix.auth ? "authToken" then
cfg.cachix.authTokenFile
else
null;
}; };
gitea = if !cfg.gitea.enable then gitea = if !cfg.gitea.enable then
null null
@ -560,10 +619,10 @@ in
) )
++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}" ++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}"
++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}" ++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}"
++ lib.optionals cfg.cachix.enable [ ++ lib.optional (cfg.cachix.enable && cfg.cachix ? "signingKey")
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}" "cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "authToken")
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}" "cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}"
]
++ lib.optionals cfg.gitea.enable [ ++ lib.optionals cfg.gitea.enable [
"gitea-token:${cfg.gitea.tokenFile}" "gitea-token:${cfg.gitea.tokenFile}"
"gitea-webhook-secret:${cfg.gitea.webhookSecretFile}" "gitea-webhook-secret:${cfg.gitea.webhookSecretFile}"