diff --git a/examples/default.nix b/examples/default.nix index e418172..b884be2 100644 --- a/examples/default.nix +++ b/examples/default.nix @@ -37,7 +37,7 @@ in { services.buildbot-nix.master = { enable = true; - url = "https://buildbot.thalheim.io"; + domain = "buildbot2.thalheim.io"; workersFile = "/var/lib/secrets/buildbot-nix/workers.json"; github = { tokenFile = "/var/lib/secrets/buildbot-nix/github-token"; @@ -48,6 +48,13 @@ in githubAdmins = [ "Mic92" ]; }; }; + services.nginx.virtualHosts."buildbot2.thalheim.io" = { + enableACME = true; + forceSSL = true; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.acceptTerms = true; + security.acme.defaults.email = "joerg.acme@thalheim.io"; } buildbot-nix.nixosModules.buildbot-master ]; diff --git a/nix/master.nix b/nix/master.nix index 94baa0c..d4bd89f 100644 --- a/nix/master.nix +++ b/nix/master.nix @@ -71,9 +71,10 @@ in restarted. ''; }; - url = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "Buildbot url"; + description = "Buildbot domain"; + example = "buildbot.numtide.com"; }; }; }; @@ -97,7 +98,7 @@ in PORT = builtins.toString cfg.port; DB_URL = cfg.dbUrl; GITHUB_OAUTH_ID = cfg.github.oauthId; - BUILDBOT_URL = cfg.url; + BUILDBOT_URL = "https://${cfg.domain}/"; BUILDBOT_GITHUB_USER = cfg.github.githubUser; GITHUB_ADMINS = builtins.toString cfg.github.githubAdmins; NIX_SUPPORTED_SYSTEMS = builtins.toString cfg.buildSystems; @@ -125,15 +126,16 @@ in ]; }; - services.nginx.virtualHosts.${cfg.url} = { - locations."/".proxyPass = "http://127.0.0.1:${cfg.port}/"; + services.nginx.enable = true; + services.nginx.virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}/"; locations."/sse" = { - proxyPass = "http://127.0.0.1:${cfg.port}/sse"; + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}/sse"; # proxy buffering will prevent sse to work extraConfig = "proxy_buffering off;"; }; locations."/ws" = { - proxyPass = "http://127.0.0.1:${cfg.port}/ws"; + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}/ws"; proxyWebsockets = true; # raise the proxy timeout for the websocket extraConfig = "proxy_read_timeout 6000s;"; @@ -147,5 +149,6 @@ in systemd.tmpfiles.rules = [ "d /var/www/buildbot/nix-outputs 0755 buildbot buildbot - -" ]; + }; }