add first working configuration

This commit is contained in:
Jörg Thalheim 2023-09-10 11:16:33 +00:00
parent f81c71a328
commit 97f1870c15
7 changed files with 119 additions and 22 deletions

View file

@ -40,7 +40,6 @@ GITHUB_WEBHOOK_SECRET = read_secret_file("github-webhook-secret")
# Shape of this file: # Shape of this file:
# [ { "name": "<worker-name>", "pass": "<worker-password>", "cores": "<cpu-cores>" } ] # [ { "name": "<worker-name>", "pass": "<worker-password>", "cores": "<cpu-cores>" } ]
BUILDBOT_NIX_WORKERS = read_secret_file("buildbot-nix-workers") BUILDBOT_NIX_WORKERS = read_secret_file("buildbot-nix-workers")
REPO_FOR_FLAKE_UPDATE = os.environ["REPO_FOR_FLAKE_UPDATE"]
BUILDBOT_URL = os.environ["BUILDBOT_URL"] BUILDBOT_URL = os.environ["BUILDBOT_URL"]
BUILDBOT_GITHUB_USER = os.environ["BUILDBOT_GITHUB_USER"] BUILDBOT_GITHUB_USER = os.environ["BUILDBOT_GITHUB_USER"]
NIX_SUPPORTED_SYSTEMS = os.environ["NIX_SUPPORTED_SYSTEMS"].split(" ") NIX_SUPPORTED_SYSTEMS = os.environ["NIX_SUPPORTED_SYSTEMS"].split(" ")

View file

@ -1,19 +1,36 @@
{ nixpkgs, system, buildbot-nix, ... }: { nixpkgs, system, srvos, buildbot-nix, disko, ... }:
let let
# some example configuration to make it eval # some example configuration to make it eval
dummy = { config, modulesPath, ... }: { dummy = { config, modulesPath, ... }: {
networking.hostName = "example-common"; imports = [
system.stateVersion = config.system.nixos.version; #srvos.nixosModules.server
users.users.root.initialPassword = "fnord23"; #srvos.nixosModules.hardware-hetzner-cloud
boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ]; disko.nixosModules.disko
fileSystems."/".device = lib.mkDefault "/dev/sda"; ./disko.nix
"${modulesPath}/profiles/qemu-guest.nix"
];
config = {
networking.hostName = "example-common";
system.stateVersion = config.system.nixos.version;
services.openssh.enable = true;
users.users.root.initialPassword = "fnord23";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
];
#users.users.root.initialPassword = "fnord23";
#boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
#fileSystems."/".device = lib.mkDefault "/dev/sda";
#systemd.network.networks."10-uplink".networkConfig.Address = [ "2a01:4f9:c012:539b::/64" ];
};
}; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit (lib) nixosSystem; inherit (lib) nixosSystem;
in in
{ {
example-master = lib.makeOverridable nixosSystem { example-master = nixosSystem {
inherit system; inherit system;
modules = [ modules = [
dummy dummy
@ -21,11 +38,11 @@ in
services.buildbot-nix.master = { services.buildbot-nix.master = {
enable = true; enable = true;
url = "https://buildbot.thalheim.io"; url = "https://buildbot.thalheim.io";
workersFile = "/home/mic92/buildbot-nix/workers.json"; workersFile = "/var/lib/secrets/buildbot-nix/workers.json";
github = { github = {
tokenFile = "/home/mic92/git/buildbot-nix/github-token"; tokenFile = "/var/lib/secrets/buildbot-nix/github-token";
webhookSecretFile = "/home/mic92/buildbot-nix/github-webhook-secret"; webhookSecretFile = "/var/lib/secrets/buildbot-nix/github-webhook-secret";
oauthSecretFile = "/home/mic92/buildbot-nix/github-oauth-secret"; oauthSecretFile = "/var/lib/secrets/buildbot-nix/github-oauth-secret";
oauthId = "2516248ec6289e4d9818122cce0cbde39e4b788d"; oauthId = "2516248ec6289e4d9818122cce0cbde39e4b788d";
githubUser = "mic92-buildbot"; githubUser = "mic92-buildbot";
githubAdmins = [ "Mic92" ]; githubAdmins = [ "Mic92" ];
@ -35,14 +52,14 @@ in
buildbot-nix.nixosModules.buildbot-master buildbot-nix.nixosModules.buildbot-master
]; ];
}; };
example-worker = lib.makeOverridable nixosSystem { example-worker = nixosSystem {
inherit system; inherit system;
modules = [ modules = [
dummy dummy
{ {
services.buildbot-nix.worker = { services.buildbot-nix.worker = {
enable = true; enable = true;
workerPasswordFile = "/home/mic92/buildbot-nix/worker-password"; workerPasswordFile = "/var/lib/secrets/buildbot-nix/worker-password";
}; };
} }
buildbot-nix.nixosModules.buildbot-worker buildbot-nix.nixosModules.buildbot-worker

35
examples/disko.nix Normal file
View file

@ -0,0 +1,35 @@
{
disko.devices.disk.sda = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
name = "grub";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
}

View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1694266353,
"narHash": "sha256-NutPFFKc5FK05zq8JYm8quBKJ93goYowxjW/FKcXAdI=",
"owner": "nix-community",
"repo": "disko",
"rev": "f9907fcf6df79a76ea7e3a3afe9340a672cb9c6e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -54,8 +74,30 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1694049767,
"narHash": "sha256-/S1mbeHO1JAV0hIBK8b92lBw2V34oPfhYPzXr73JCy4=",
"owner": "numtide",
"repo": "srvos",
"rev": "6a824ca672288a6c8e4b8ade835f01b7b25fca2c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
} }
} }
}, },

View file

@ -4,10 +4,14 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
}; };
outputs = inputs@{ self, flake-parts, ... }: outputs = inputs@{ self, srvos, flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ lib, ... }: { flake-parts.lib.mkFlake { inherit inputs; } ({ lib, ... }: {
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
flake = { flake = {
@ -15,7 +19,7 @@
nixosModules.buildbot-worker = ./nix/worker.nix; nixosModules.buildbot-worker = ./nix/worker.nix;
nixosConfigurations = import ./examples { nixosConfigurations = import ./examples {
inherit (inputs) nixpkgs; inherit (inputs) nixpkgs srvos disko;
buildbot-nix = self; buildbot-nix = self;
system = "x86_64-linux"; system = "x86_64-linux";
}; };

View file

@ -80,7 +80,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.buildbot-master = { services.buildbot-master = {
enable = true; enable = true;
masterCfg = "${../buildbot_nix/master.py}"; masterCfg = "${../buildbot_nix}/master.py";
dbUrl = config.services.buildbot-nix.master.dbUrl; dbUrl = config.services.buildbot-nix.master.dbUrl;
pythonPackages = ps: [ pythonPackages = ps: [
ps.requests ps.requests

View file

@ -67,7 +67,7 @@ in
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself. # Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker"; ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker";
ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix/worker.py}"; ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix}/worker.py";
}; };
}; };
}; };