buildbot-nix/examples/master.nix
magic_rb d586b9155b Fix examples and checks
Signed-off-by: magic_rb <richard@brezak.sk>
2024-06-07 08:16:40 +00:00

80 lines
4 KiB
Nix

{ pkgs, ... }:
{
services.buildbot-nix.master = {
enable = true;
# Domain name under which the buildbot frontend is reachable
domain = "buildbot2.thalheim.io";
# The workers file configures credentials for the buildbot workers to connect to the master.
# "name" is the configured worker name in services.buildbot-nix.worker.name of a worker
# (defaults to the hostname of the machine)
# "pass" is the password for the worker configured in `services.buildbot-nix.worker.workerPasswordFile`
# "cores" is the number of cpu cores the worker has.
# The number must match the actual core count of the machine as otherwise not enough buildbot-workers are created.
workersFile = pkgs.writeText "workers.json" ''
[
{ "name": "eve", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 16 }
]
''; # FIXME: replace this with a secret not stored in the nix store
# Users in this list will be able to reload the project list.
# All other user in the organization will be able to restart builds or evaluations.
admins = [ "Mic92" ];
github = {
# Github user used as a CI identity
user = "mic92-buildbot";
authType.legacy = {
enable = true;
# Github token of the same user
tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
};
# A random secret used to verify incoming webhooks from GitHub
# buildbot-nix will set up a webhook for each project in the organization
webhookSecretFile = pkgs.writeText "webhookSecret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
# Either create a GitHub app or an OAuth app
# After creating the app, press "Generate a new client secret" and fill in the client ID and secret below
oauthId = "aaaaaaaaaaaaaaaaaaaa";
oauthSecretFile = pkgs.writeText "oauthSecret" "ffffffffffffffffffffffffffffffffffffffff"; # FIXME: replace this with a secret not stored in the nix store
# All github projects with this topic will be added to buildbot.
# One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder.
# This builder has a "Update Github Projects" button that everyone in the github organization can use.
topic = "buildbot-mic92";
};
# Gitea example
# authBackend = "gitea"; # login with gitea
#gitea = {
# enable = true;
# instanceUrl = "https://git.clan.lol";
# # Create a Gitea App with for redirect uris: https://buildbot.clan.lol/auth/login
# oauthId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
# oauthSecretFile = pkgs.writeText "gitea-oauth-secret" "ffffffffffffffffffffffffffffffffffffffff"; # FIXME: replace this with a secret not stored in the nix store;
# webhookSecretFile = pkgs.writeText "gitea-webhook-secret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
# tokenFile = pkgs.writeText "gitea-token" "0000000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
# topic = "buildbot-clan";
#};
# optional expose latest store path as text file
# outputsPath = "/var/www/buildbot/nix-outputs";
# optional nix-eval-jobs settings
# evalWorkerCount = 8; # limit number of concurrent evaluations
# evalMaxMemorySize = "2048"; # limit memory usage per evaluation
# optional cachix
#cachix = {
# name = "my-cachix";
# # One of the following is required:
# signingKeyFile = "/var/lib/secrets/cachix-key";
# authTokenFile = "/var/lib/secrets/cachix-token";
#};
};
# Optional: Enable acme/TLS in nginx (recommended)
#services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {
# forceSSL = true;
# enableACME = true;
#};
# Optional: If buildbot is setup to run behind another proxy that does TLS
# termination set this to true to have buildbot use https:// for its endpoint
#useHTTPS = true;
}