feat(baxter): Add buildbot CI
All checks were successful
buildbot/nix-eval Build done.

For a while we've been lacking a CI, which has led to problems such as
an inability to enforce REUSE, as well as an inability to build and
deploy docs-site automatically

Buildbot is commonly used (nix-community, lix, etc.), and very
extensible, which we hope will benefit us over something like Hydra or
Typhon

The buildbot instance is available at https://builds.auxolotl.org
This commit is contained in:
Skyler Grey 2024-07-02 22:46:30 +00:00 committed by Skyler Grey
parent e8e8b54465
commit 198b4dff20
15 changed files with 679 additions and 74 deletions

View file

@ -1,5 +1,49 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1720546205,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
"owner": "ryantm",
"repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1721402988,
"narHash": "sha256-O5j5y5gpssVF5FNsSF7joTyrlW//LpwyLk6yBWgQ0VE=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "3f1c787e2092d9c13142ae7572cc1c52b68f1c4c",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"auxolotl-website": {
"inputs": {
"nixpkgs": [
@ -21,20 +65,62 @@
"url": "https://git.auxolotl.org/auxolotl/website"
}
},
"buildbot-nix": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1722025605,
"narHash": "sha256-WKgvUD1V5w3GQ/uycqHMmYXhYvbB0T0EnKFeQ8hb6j8=",
"owner": "nix-community",
"repo": "buildbot-nix",
"rev": "225d286fa78389329168befc5d26888e317d0d0d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "buildbot-nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1711973905,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
@ -43,7 +129,45 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -59,7 +183,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -75,7 +199,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -91,61 +215,28 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
@ -163,13 +254,177 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1719848872,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1721838734,
"narHash": "sha256-o87oh2nLDzZ1E9+j1I6GaEvd9865OWGYvxaPSiH9DEU=",
"owner": "Nixos",
"repo": "nixpkgs",
"rev": "1855c9961e0bfa2e776fa4b58b7d43149eeed431",
"type": "github"
},
"original": {
"owner": "Nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
"rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github"
},
"original": {
@ -179,18 +434,49 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"agenix-rekey",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"auxolotl-website": "auxolotl-website",
"buildbot-nix": "buildbot-nix",
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_3",
"snowfall-lib": "snowfall-lib_2",
"unstable": "unstable"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"auxolotl-website",
@ -213,18 +499,18 @@
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713814392,
"narHash": "sha256-IanrgtpgDqxGfzNczstspPljAHKaY0e4DGvYgdAwC1Y=",
"lastModified": 1717625599,
"narHash": "sha256-qX9VJizFEoiRWDEiVs5+2w4FclQNQVVPvGPESsZ1F8k=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "91ab40c2e01cc1bade8092604370964ee86e9317",
"rev": "5a10d2e37b6c6223763fa7c00b974875e49f93cc",
"type": "github"
},
"original": {
@ -279,13 +565,79 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1721769617,
"narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1714906307,
"narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=",
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
"rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github"
},
"original": {
@ -297,7 +649,7 @@
},
"utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,

View file

@ -8,7 +8,6 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
snowfall-lib = {
url = "github:snowfallorg/lib/dev";
inputs.nixpkgs.follows = "nixpkgs";
@ -26,6 +25,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
buildbot-nix.url = "github:nix-community/buildbot-nix";
# Do not override nixpkgs in buildbot-nix (see https://github.com/nix-community/buildbot-nix)
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
@ -52,6 +54,8 @@
systems.modules.nixos = [
inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.buildbot-nix.nixosModules.buildbot-master
inputs.buildbot-nix.nixosModules.buildbot-worker
];
deploy = lib.mkDeploy {

View file

@ -0,0 +1,112 @@
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
#
# SPDX-License-Identifier: GPL-3.0-only
{
lib,
pkgs,
config,
inputs,
...
}: let
cfg = config.auxolotl.services.ci.master;
in {
options.auxolotl.services.ci.master = {
enable = lib.mkEnableOption "Enable the buildbot-nix master on this server";
forgeUrl = lib.mkOption {
type = lib.types.str;
default = "https://${config.auxolotl.services.forge.subdomain}.${config.auxolotl.services.forge.domain}";
description = "The url your gitea/forgejo forge is hosted at";
};
domain = lib.mkOption {
type = lib.types.str;
default = "auxolotl.org";
description = "The domain name for the website.";
};
subdomain = lib.mkOption {
type = lib.types.str;
default = "builds";
description = "The subdomain for the website.";
};
oauth = {
clientId = lib.mkOption {
type = lib.types.str;
description = "The client ID for your gitea/forgejo app";
};
clientSecretFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the client secret for your gitea/forgejo app, readable by the 'buildbot' user";
};
};
tokenFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the personal access token for your gitea/forgejo user. You should probably make a new 'ci' user for this purpose, although this is not strictly required";
};
webhookSecretFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the secret for your gitea/forgejo triggering webhooks";
};
databasePasswordFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the password for the buildbot postgres user";
};
workersFile = lib.mkOption {
type = lib.types.str;
description = "A file containing a list of workers, passwords, etc. as JSON. See https://github.com/nix-community/buildbot-nix/blob/5bdbb7609689989a79f7d6e6e59c4b7985634230/examples/master.nix#L13 for an example";
};
};
config = lib.mkIf cfg.enable {
services.buildbot-nix.master = {
enable = true;
authBackend = "gitea"; # Forgejo and gitea are similar enough to ...
gitea = {
inherit (cfg) tokenFile webhookSecretFile;
instanceUrl = cfg.forgeUrl;
oauthId = cfg.oauth.clientId;
oauthSecretFile = cfg.oauth.clientSecretFile;
topic = null;
};
admins = [
"jakehamilton"
"isabelroses"
"minion"
"AxelSilverdew"
"coded"
"srd424"
];
# Admins is currently Steering+Infrastructure committees
# We should consider how best to proceed with this...
workersFile = cfg.workersFile;
buildSystems = [ pkgs.hostPlatform.system ];
domain = "${cfg.subdomain}.${cfg.domain}";
useHTTPS = true;
buildbotNixpkgs = pkgs;
outputsPath = "/var/lib/buildbot/outputs";
};
services.nginx.virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
forceSSL = true;
enableACME = true;
};
};
}

View file

@ -0,0 +1,40 @@
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
#
# SPDX-License-Identifier: GPL-3.0-only
{
lib,
pkgs,
config,
inputs,
...
}: let
cfg = config.auxolotl.services.ci.worker;
in {
options.auxolotl.services.ci.worker = {
enable = lib.mkEnableOption "Enable a buildbot-nix worker on this server";
masterUrl = lib.mkOption {
type = lib.types.str;
description = "The master url for the buildbot worker";
default = if config.auxolotl.services.ci.master.enable
then "tcp:host=localhost:port=9989"
else throw "auxolotl.services.ci.worker: You must either set a master URL or run a master on this server";
};
workerPasswordFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the password for this worker";
};
};
config = lib.mkIf cfg.enable {
services.buildbot-nix.worker = {
enable = true;
buildbotNixpkgs = pkgs;
inherit (cfg) masterUrl workerPasswordFile;
};
};
}

View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> piv-p256 xE4ypg A70wMCisOjVzR3ug4BLjnWaiySAkBRDLS80G5F+HgP90
5eo4VyKyOpO3s1ab5tYWrPJLp2NDoNfOLssPJz1X6sM
-> piv-p256 Hpt/+Q Ap55RMoW+ydJ/CWdY4f+dT3m+e6iKe+OJlE3ORgH5jl/
XjwSs/jqumcvnOsfKM97NbjuKelP7bxz87fXqDajmto
-> piv-p256 zfskmQ A6uIgMEgAQONVDgcpqh935TcbNVHPdGR+a8y2fsY0dw4
0eByad5OHK5Gap5Eq+jA5j1cWHS8q6cKvR9VKD5gXg4
-> LOt-grease %/=M
fgFp1gevlSUjaT26jP0yiRZNh3H9IlhZtJDt61WublxpuNhISVSNSqXat86tXjOZ
iEd+
--- 8HghOj3gAYLyGa2/z7ep5TbdSmrzhi7Bv333id6/XRY
µÕOåš:¤&-<2D>ý3ºÜõsÔQsDµFª<¥§è¹Ùá‘ØÑÌ… fDXb.TxdR ùú3Y¯Bó«æqs¤<73>¸Æ"NÛlÕÙš

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA 5MtkO2R8f6CVXX4c2n3BOiAMzExUSwfm4u+TQIHamEg
i3SUH1s0UYAUhfZmCkrBw7BN5NTTtQIwGl0ITQht0XM
-> [[E3wgE-grease xW^ t/4SAoK@
8dSbS93buyIBRyWFPg
--- 4ySt+P89sGFFAdDieoRwozA/Hsq+FqA2wWNcMwQ3a74
ÒTT—UV©+E{ºY…D—LêåM_Ä.ç˜P<CB9C>$y“^<5E>ømOä¦çÍšSÈ(÷S;¯T—úgN<67>ù®Õí(ìóNà aT šQò

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA 3AdBBzRTHv35vrflVzH1z/8YV5SJykizTzOtKOgucRI
eU/l9cWEF9ix2fK8YqqlHuBdJdISERVVZAdRnAXfKFA
-> Cf*79d-grease
Mft5A1hDcFzr+nA1uE6kNLlN26I
--- HkABm597GfKIRwYRHvYV6tCoFeiNN3tAEEgnctlGCo8
xÛ^qû©Äcµ73^À—ÃåјNüZHh?½8G²ÜüëöÓ”T½¿«w]y¢£,ªQ³8<C2B3>·»<02>Ñ ·ˆÿx¿VG+³Oÿ$y´

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA EOHfjGuxu4lGCf1BVX4yI6GEULyMjqgijUjozsNxCnk
9cT0bTKNP73guNnwSmDVn+gSZwnF4Wweq4DlvHdWUkA
-> )|AUL?-grease +&*1J$ uR@9HO ,nfE ULx2MW"l
7Z3ZhFGj/dlmd6s1W2AESyALUeslyMrLiVN6X+Uo8w
--- 2i6p/11kcpcMhZUItUPfqCUp+9ykJq+T4mGg1oYw7gE
ê‰ë$¶<>Ìw•ã4ØŽ—úrºâõÝÈ}(1h®ue€ÂàÈ&æøf³à>í¯Ø4À0G»\DºÁ.„ú%°âë<Ç&dKØ

View file

@ -46,7 +46,48 @@
services = {
ssh.enable = true;
forge.enable = true;
ci = {
master = {
enable = true;
tokenFile = config.age.secrets."services.ci.master.tokenFile".path;
webhookSecretFile = config.age.secrets."services.ci.master.webhookSecretFile".path;
oauth = {
clientId = "76e70591-79a6-4a2f-8319-317f46800519";
clientSecretFile = config.age.secrets."services.ci.master.oauth.clientSecretFile".path;
};
workersFile = config.age.secrets."services.ci.master.workersFile.json".path;
};
worker = {
enable = true;
workerPasswordFile = config.age.secrets."services.ci.worker.workerPasswordFile".path;
};
};
};
};
age.secrets."services.ci.master.tokenFile" = {
rekeyFile = ./services.ci.master.tokenFile.age;
group = "buildbot";
};
age.secrets."services.ci.master.webhookSecretFile" = {
generator.script = "alnum";
group = "buildbot";
};
age.secrets."services.ci.master.oauth.clientSecretFile" = {
rekeyFile = ./services.ci.master.oauth.clientSecretFile.age;
group = "buildbot";
};
age.secrets."services.ci.master.workersFile.json" = {
rekeyFile = ./services.ci.master.workersFile.json.age;
group = "buildbot";
};
age.secrets."services.ci.worker.workerPasswordFile" = {
generator.script = "alnum";
group = "buildbot";
};
system.stateVersion = "23.11";

View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> piv-p256 xE4ypg A+D0j6/XAOWgbzbOKKNX3IaA0RCZSYG1lWXNL7ErYKjh
p3kgqbWj5T0D1pbStNRjHpKPbv4sMvrHXDpBk5Ym8LE
-> piv-p256 Hpt/+Q AgIoOHkn/1EJRoaMHTVR2nO2ub1F2UoRjYaJIpmvXzty
tGfVG9kUG94wZSwwkFEcJK6ehvaHHUVa1eJBXjyQnW4
-> piv-p256 zfskmQ AhG7AZlLuJ2JwfojMJIZKAjGlgUgssK2JlsBjcAkdehP
Yr8a6Cx7S08KBYkbTYoPHAROllXvGsMkS1lKv+3cP4I
-> D^7VNXi7-grease C !pw j
nIH+2iyF2LotQqzFroxVIgeFVnvMjYhsO27Egb7UU/zavBgrY2Grc30v3AptjT2j
I4q23DfwVcU5OYXq4HYHnC4zwKI
--- XOlDFARRpwZ/ew4vOTsDt5dkAfTNNfmVKfVB+2fGwHE
à£ì.a-.=<3D>Ô cÂ9ò:éP¸<12>ˆ7d96œ 1 b<>;2ÿ4f××!ŽnCFùŽÉjÒJm‡×«rˆöwëÛtµ<74>%áðëFþ{QÖI¾ ½

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> piv-p256 xE4ypg Ags6YIwJfw361Tg6pfdxGUZDDegofZk+xIPWpEbSps02
oSq4ycmqQjeYrnBDAb1PyK8KnWySOyukcvhS8OXW82A
-> piv-p256 Hpt/+Q AgvQ2nuF4CELPs7L9OJEeoXk2TpPLNWkQ8TYrZIyJiZ3
KFkj1om15tbZVCM1zmG7/zjhJSGwRDSP5wfB+9HuBP4
-> piv-p256 zfskmQ A551KXlyYGw0E4X3VUSnyPEdXdEIcQBoLFbf4yoc2pEF
JEheQDNOFweKrO8AfKyS2acuzpN77g/qwdHJzWXzUew
-> 6U;sLGZs-grease 6
Ug2KSn6pQ5KWyTb7A3l/dN3G8C9v3QlJp4PXzw
--- 8jZf5hxeOQO2fk9vafkEkpAlHEXKO/EZIrP0YkLkI+4
ãÏ(K¦wÂk`Þ<>.Qv{q <©¿á|rÉDàIoÏ®nZQšÌl§<6C>Ìjû#ü46lZÉÁ¨ž®UF2ŒY²!ÁÄÎ