add first working configuration

2023-09-10 11:16:33 +00:00 · 2023-09-10 11:16:33 +00:00 · 97f1870c15
parent f81c71a328
commit 97f1870c15
7 changed files with 119 additions and 22 deletions
--- a/buildbot_nix/master.py
+++ b/buildbot_nix/master.py
@ -40,7 +40,6 @@ GITHUB_WEBHOOK_SECRET = read_secret_file("github-webhook-secret")
 # Shape of this file:
 # [ { "name": "<worker-name>", "pass": "<worker-password>", "cores": "<cpu-cores>" } ]
 BUILDBOT_NIX_WORKERS = read_secret_file("buildbot-nix-workers")
-REPO_FOR_FLAKE_UPDATE = os.environ["REPO_FOR_FLAKE_UPDATE"]
 BUILDBOT_URL = os.environ["BUILDBOT_URL"]
 BUILDBOT_GITHUB_USER = os.environ["BUILDBOT_GITHUB_USER"]
 NIX_SUPPORTED_SYSTEMS = os.environ["NIX_SUPPORTED_SYSTEMS"].split(" ")
--- a/examples/default.nix
+++ b/examples/default.nix
@ -1,19 +1,36 @@
-{ nixpkgs, system, buildbot-nix, ... }:
+{ nixpkgs, system, srvos, buildbot-nix, disko, ... }:
 let
  # some example configuration to make it eval
  dummy = { config, modulesPath, ... }: {
+    imports = [
+      #srvos.nixosModules.server
+      #srvos.nixosModules.hardware-hetzner-cloud
+      disko.nixosModules.disko
+      ./disko.nix
+      "${modulesPath}/profiles/qemu-guest.nix"
+    ];
+    config = {
      networking.hostName = "example-common";
      system.stateVersion = config.system.nixos.version;
+      services.openssh.enable = true;
      users.users.root.initialPassword = "fnord23";
-    boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
-    fileSystems."/".device = lib.mkDefault "/dev/sda";
+      users.users.root.openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
+      ];
+
+      #users.users.root.initialPassword = "fnord23";
+      #boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
+      #fileSystems."/".device = lib.mkDefault "/dev/sda";
+
+      #systemd.network.networks."10-uplink".networkConfig.Address = [ "2a01:4f9:c012:539b::/64" ];
+    };
  };

  inherit (nixpkgs) lib;
  inherit (lib) nixosSystem;
 in
 {
-  example-master = lib.makeOverridable nixosSystem {
+  example-master = nixosSystem {
    inherit system;
    modules = [
      dummy
@ -21,11 +38,11 @@ in
        services.buildbot-nix.master = {
          enable = true;
          url = "https://buildbot.thalheim.io";
-          workersFile = "/home/mic92/buildbot-nix/workers.json";
+          workersFile = "/var/lib/secrets/buildbot-nix/workers.json";
          github = {
-            tokenFile = "/home/mic92/git/buildbot-nix/github-token";
-            webhookSecretFile = "/home/mic92/buildbot-nix/github-webhook-secret";
-            oauthSecretFile = "/home/mic92/buildbot-nix/github-oauth-secret";
+            tokenFile = "/var/lib/secrets/buildbot-nix/github-token";
+            webhookSecretFile = "/var/lib/secrets/buildbot-nix/github-webhook-secret";
+            oauthSecretFile = "/var/lib/secrets/buildbot-nix/github-oauth-secret";
            oauthId = "2516248ec6289e4d9818122cce0cbde39e4b788d";
            githubUser = "mic92-buildbot";
            githubAdmins = [ "Mic92" ];
@ -35,14 +52,14 @@ in
      buildbot-nix.nixosModules.buildbot-master
    ];
  };
-  example-worker = lib.makeOverridable nixosSystem {
+  example-worker = nixosSystem {
    inherit system;
    modules = [
      dummy
      {
        services.buildbot-nix.worker = {
          enable = true;
-          workerPasswordFile = "/home/mic92/buildbot-nix/worker-password";
+          workerPasswordFile = "/var/lib/secrets/buildbot-nix/worker-password";
        };
      }
      buildbot-nix.nixosModules.buildbot-worker
--- a/examples/disko.nix
+++ b/examples/disko.nix
@ -0,0 +1,35 @@
+{
+  disko.devices.disk.sda = {
+    type = "disk";
+    device = "/dev/sda";
+    content = {
+      type = "gpt";
+      partitions = {
+        boot = {
+          name = "grub";
+          size = "1M";
+          type = "EF02";
+        };
+        esp = {
+          name = "ESP";
+          type = "EF00";
+          size = "500M";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        };
+        root = {
+          name = "root";
+          size = "100%";
+          content = {
+            type = "filesystem";
+            format = "ext4";
+            mountpoint = "/";
+          };
+        };
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,25 @@
 {
  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1694266353,
+        "narHash": "sha256-NutPFFKc5FK05zq8JYm8quBKJ93goYowxjW/FKcXAdI=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "f9907fcf6df79a76ea7e3a3afe9340a672cb9c6e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
@ -54,8 +74,30 @@
    },
    "root": {
      "inputs": {
+        "disko": "disko",
        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "srvos": "srvos"
+      }
+    },
+    "srvos": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1694049767,
+        "narHash": "sha256-/S1mbeHO1JAV0hIBK8b92lBw2V34oPfhYPzXr73JCy4=",
+        "owner": "numtide",
+        "repo": "srvos",
+        "rev": "6a824ca672288a6c8e4b8ade835f01b7b25fca2c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "srvos",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -4,10 +4,14 @@

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    srvos.url = "github:numtide/srvos";
+    srvos.inputs.nixpkgs.follows = "nixpkgs";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
    flake-parts.url = "github:hercules-ci/flake-parts";
  };

-  outputs = inputs@{ self, flake-parts, ... }:
+  outputs = inputs@{ self, srvos, flake-parts, ... }:
    flake-parts.lib.mkFlake { inherit inputs; } ({ lib, ... }: {
      systems = [ "x86_64-linux" ];
      flake = {
@ -15,7 +19,7 @@
        nixosModules.buildbot-worker = ./nix/worker.nix;

        nixosConfigurations = import ./examples {
-          inherit (inputs) nixpkgs;
+          inherit (inputs) nixpkgs srvos disko;
          buildbot-nix = self;
          system = "x86_64-linux";
        };
--- a/nix/master.nix
+++ b/nix/master.nix
@ -80,7 +80,7 @@ in
  config = lib.mkIf cfg.enable {
    services.buildbot-master = {
      enable = true;
-      masterCfg = "${../buildbot_nix/master.py}";
+      masterCfg = "${../buildbot_nix}/master.py";
      dbUrl = config.services.buildbot-nix.master.dbUrl;
      pythonPackages = ps: [
        ps.requests
--- a/nix/worker.nix
+++ b/nix/worker.nix
@ -67,7 +67,7 @@ in

        # Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
        ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker";
-        ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix/worker.py}";
+        ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix}/worker.py";
      };
    };
  };