Actually fix Cachix, attempt 3
Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
magic_rb
mergify[bot]
parent
225d286fa7
commit
62e7fc4d88
|
|
@ -8,8 +8,6 @@ let
|
|||
cfg = config.services.buildbot-nix.master;
|
||||
inherit (lib) mkRemovedOptionModule mkRenamedOptionModule;
|
||||
|
||||
optionsCachix = options.services.buildbot-nix.master.cachix;
|
||||
|
||||
interpolateType =
|
||||
lib.mkOptionType {
|
||||
name = "interpolate";
|
||||
|
|
@ -164,13 +162,51 @@ in
|
|||
description = "Cachix name";
|
||||
};
|
||||
|
||||
signingKeyFile = lib.mkOption {
|
||||
auth = lib.mkOption {
|
||||
type = lib.types.attrTag {
|
||||
signingKey = lib.mkOption {
|
||||
description = ''
|
||||
Use a signing key to authenticate with Cachix.
|
||||
'';
|
||||
|
||||
type = lib.types.submodule {
|
||||
options.file = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = ''
|
||||
Path to a file containing the signing key.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
authToken = lib.mkOption {
|
||||
description = ''
|
||||
Use an authentication token to authenticate with Cachix.
|
||||
'';
|
||||
|
||||
type = lib.types.submodule {
|
||||
options.file = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = ''
|
||||
Path to a file containing the authentication token.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
signingKeyFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
visible = false;
|
||||
description = "Cachix signing key";
|
||||
};
|
||||
|
||||
authTokenFile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
visible = false;
|
||||
description = "Cachix auth token";
|
||||
};
|
||||
};
|
||||
|
|
@ -365,21 +401,36 @@ in
|
|||
isSystemUser = true;
|
||||
};
|
||||
|
||||
services.buildbot-nix.master.cachix.auth = lib.mkIf (cfg.cachix.authTokenFile != null || cfg.cachix.signingKeyFile != null)
|
||||
(if (cfg.cachix.authTokenFile != null) then
|
||||
lib.warn
|
||||
"Obsolete option `services.buildbot-nix.master.cachix.authTokenFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.authToken.file'."
|
||||
{ authToken.file = cfg.cachix.authTokenFile; }
|
||||
else if (cfg.cachix.signingKeyFile != null) then
|
||||
lib.warn
|
||||
"Obsolete option `services.buildbot-nix.master.cachix.signingKeyFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.signingKey.file'."
|
||||
{ signingKey.file = cfg.cachix.signingKeyFile; }
|
||||
else
|
||||
throw "Impossible, guarded by mkIf.");
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion =
|
||||
let
|
||||
allIsNull = lib.all (x: x == null);
|
||||
isNull = x: x == null;
|
||||
in
|
||||
optionsCachix.enable.value || lib.foldr (a: b: a && b) true [
|
||||
(optionsCachix.name.isDefined -> allIsNull optionsCachix.name.definitions)
|
||||
(optionsCachix.signingKeyFile.isDefined -> allIsNull optionsCachix.signingKeyFile.definitions)
|
||||
(optionsCachix.authTokenFile.isDefined -> allIsNull optionsCachix.authTokenFile.definitions)
|
||||
];
|
||||
isNull cfg.cachix.authTokenFile && isNull cfg.cachix.signingKeyFile ||
|
||||
isNull cfg.cachix.authTokenFile && cfg.cachix.enable ||
|
||||
isNull cfg.cachix.signingKeyFile && cfg.cachix.enable;
|
||||
message = ''
|
||||
The semantics of `options.services.buildbot-nix.master.cachix` recently changed slightly, the options
|
||||
`name`, `signingKeyFile`, and `authTokenFile` are no longer null-able. To enable Cachix support use:
|
||||
`options.services.buildbot-nix.master.cachix.enable = True`.
|
||||
The semantics of `options.services.buildbot-nix.master.cachix` recently changed
|
||||
slightly, the option `name` is no longer null-able. To enable Cachix support
|
||||
use `services.buildbot-nix.master.cachix.enable = true`.
|
||||
|
||||
Furthermore, the options `services.buildbot-nix.master.cachix.authTokenFile` and
|
||||
`services.buildbot-nix.master.cachix.signingKeyFile` were renamed to
|
||||
`services.buildbot-nix.master.cachix.auth.authToken.file` and
|
||||
`services.buildbot-nix.master.cachix.auth.signingKey.file` respectively.
|
||||
'';
|
||||
}
|
||||
{
|
||||
|
|
@ -450,8 +501,16 @@ in
|
|||
else
|
||||
{
|
||||
name = cfg.cachix.name;
|
||||
signing_key_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.signingKeyFile else null;
|
||||
auth_token_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.authTokenFile else null;
|
||||
signing_key_file =
|
||||
if cfg.cachix.auth ? "signingKey" then
|
||||
cfg.cachix.auth.signingKey.file
|
||||
else
|
||||
null;
|
||||
auth_token_file =
|
||||
if cfg.cachix.auth ? "authToken" then
|
||||
cfg.cachix.authTokenFile
|
||||
else
|
||||
null;
|
||||
};
|
||||
gitea = if !cfg.gitea.enable then
|
||||
null
|
||||
|
|
@ -560,10 +619,10 @@ in
|
|||
)
|
||||
++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}"
|
||||
++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}"
|
||||
++ lib.optionals cfg.cachix.enable [
|
||||
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "signingKey")
|
||||
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
|
||||
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "authToken")
|
||||
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}"
|
||||
]
|
||||
++ lib.optionals cfg.gitea.enable [
|
||||
"gitea-token:${cfg.gitea.tokenFile}"
|
||||
"gitea-webhook-secret:${cfg.gitea.webhookSecretFile}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue