Actually fix Cachix, attempt 3
Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
parent
225d286fa7
commit
62e7fc4d88
|
@ -8,8 +8,6 @@ let
|
||||||
cfg = config.services.buildbot-nix.master;
|
cfg = config.services.buildbot-nix.master;
|
||||||
inherit (lib) mkRemovedOptionModule mkRenamedOptionModule;
|
inherit (lib) mkRemovedOptionModule mkRenamedOptionModule;
|
||||||
|
|
||||||
optionsCachix = options.services.buildbot-nix.master.cachix;
|
|
||||||
|
|
||||||
interpolateType =
|
interpolateType =
|
||||||
lib.mkOptionType {
|
lib.mkOptionType {
|
||||||
name = "interpolate";
|
name = "interpolate";
|
||||||
|
@ -164,13 +162,51 @@ in
|
||||||
description = "Cachix name";
|
description = "Cachix name";
|
||||||
};
|
};
|
||||||
|
|
||||||
signingKeyFile = lib.mkOption {
|
auth = lib.mkOption {
|
||||||
|
type = lib.types.attrTag {
|
||||||
|
signingKey = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Use a signing key to authenticate with Cachix.
|
||||||
|
'';
|
||||||
|
|
||||||
|
type = lib.types.submodule {
|
||||||
|
options.file = lib.mkOption {
|
||||||
type = lib.types.path;
|
type = lib.types.path;
|
||||||
|
description = ''
|
||||||
|
Path to a file containing the signing key.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
authToken = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Use an authentication token to authenticate with Cachix.
|
||||||
|
'';
|
||||||
|
|
||||||
|
type = lib.types.submodule {
|
||||||
|
options.file = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
description = ''
|
||||||
|
Path to a file containing the authentication token.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
signingKeyFile = lib.mkOption {
|
||||||
|
type = lib.types.nullOr lib.types.path;
|
||||||
|
default = null;
|
||||||
|
visible = false;
|
||||||
description = "Cachix signing key";
|
description = "Cachix signing key";
|
||||||
};
|
};
|
||||||
|
|
||||||
authTokenFile = lib.mkOption {
|
authTokenFile = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.nullOr lib.types.path;
|
||||||
|
default = null;
|
||||||
|
visible = false;
|
||||||
description = "Cachix auth token";
|
description = "Cachix auth token";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -365,21 +401,36 @@ in
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.buildbot-nix.master.cachix.auth = lib.mkIf (cfg.cachix.authTokenFile != null || cfg.cachix.signingKeyFile != null)
|
||||||
|
(if (cfg.cachix.authTokenFile != null) then
|
||||||
|
lib.warn
|
||||||
|
"Obsolete option `services.buildbot-nix.master.cachix.authTokenFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.authToken.file'."
|
||||||
|
{ authToken.file = cfg.cachix.authTokenFile; }
|
||||||
|
else if (cfg.cachix.signingKeyFile != null) then
|
||||||
|
lib.warn
|
||||||
|
"Obsolete option `services.buildbot-nix.master.cachix.signingKeyFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.signingKey.file'."
|
||||||
|
{ signingKey.file = cfg.cachix.signingKeyFile; }
|
||||||
|
else
|
||||||
|
throw "Impossible, guarded by mkIf.");
|
||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion =
|
assertion =
|
||||||
let
|
let
|
||||||
allIsNull = lib.all (x: x == null);
|
isNull = x: x == null;
|
||||||
in
|
in
|
||||||
optionsCachix.enable.value || lib.foldr (a: b: a && b) true [
|
isNull cfg.cachix.authTokenFile && isNull cfg.cachix.signingKeyFile ||
|
||||||
(optionsCachix.name.isDefined -> allIsNull optionsCachix.name.definitions)
|
isNull cfg.cachix.authTokenFile && cfg.cachix.enable ||
|
||||||
(optionsCachix.signingKeyFile.isDefined -> allIsNull optionsCachix.signingKeyFile.definitions)
|
isNull cfg.cachix.signingKeyFile && cfg.cachix.enable;
|
||||||
(optionsCachix.authTokenFile.isDefined -> allIsNull optionsCachix.authTokenFile.definitions)
|
|
||||||
];
|
|
||||||
message = ''
|
message = ''
|
||||||
The semantics of `options.services.buildbot-nix.master.cachix` recently changed slightly, the options
|
The semantics of `options.services.buildbot-nix.master.cachix` recently changed
|
||||||
`name`, `signingKeyFile`, and `authTokenFile` are no longer null-able. To enable Cachix support use:
|
slightly, the option `name` is no longer null-able. To enable Cachix support
|
||||||
`options.services.buildbot-nix.master.cachix.enable = True`.
|
use `services.buildbot-nix.master.cachix.enable = true`.
|
||||||
|
|
||||||
|
Furthermore, the options `services.buildbot-nix.master.cachix.authTokenFile` and
|
||||||
|
`services.buildbot-nix.master.cachix.signingKeyFile` were renamed to
|
||||||
|
`services.buildbot-nix.master.cachix.auth.authToken.file` and
|
||||||
|
`services.buildbot-nix.master.cachix.auth.signingKey.file` respectively.
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -450,8 +501,16 @@ in
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
name = cfg.cachix.name;
|
name = cfg.cachix.name;
|
||||||
signing_key_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.signingKeyFile else null;
|
signing_key_file =
|
||||||
auth_token_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.authTokenFile else null;
|
if cfg.cachix.auth ? "signingKey" then
|
||||||
|
cfg.cachix.auth.signingKey.file
|
||||||
|
else
|
||||||
|
null;
|
||||||
|
auth_token_file =
|
||||||
|
if cfg.cachix.auth ? "authToken" then
|
||||||
|
cfg.cachix.authTokenFile
|
||||||
|
else
|
||||||
|
null;
|
||||||
};
|
};
|
||||||
gitea = if !cfg.gitea.enable then
|
gitea = if !cfg.gitea.enable then
|
||||||
null
|
null
|
||||||
|
@ -560,10 +619,10 @@ in
|
||||||
)
|
)
|
||||||
++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}"
|
++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}"
|
||||||
++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}"
|
++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}"
|
||||||
++ lib.optionals cfg.cachix.enable [
|
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "signingKey")
|
||||||
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
|
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
|
||||||
|
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "authToken")
|
||||||
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}"
|
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}"
|
||||||
]
|
|
||||||
++ lib.optionals cfg.gitea.enable [
|
++ lib.optionals cfg.gitea.enable [
|
||||||
"gitea-token:${cfg.gitea.tokenFile}"
|
"gitea-token:${cfg.gitea.tokenFile}"
|
||||||
"gitea-webhook-secret:${cfg.gitea.webhookSecretFile}"
|
"gitea-webhook-secret:${cfg.gitea.webhookSecretFile}"
|
||||||
|
|
Loading…
Reference in a new issue