auxolotl/infra
21
2
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat(baxter): Add buildbot CI
All checks were successful
buildbot/nix-eval Build done.
Details

Browse source 
For a while we've been lacking a CI, which has led to problems such as
an inability to enforce REUSE, as well as an inability to build and
deploy docs-site automatically

Buildbot is commonly used (nix-community, lix, etc.), and very
extensible, which we hope will benefit us over something like Hydra or
Typhon

The buildbot instance is available at https://builds.auxolotl.org
This commit is contained in:
Skyler Grey 2024-07-02 22:46:30 +00:00 committed by Skyler Grey
parent e8e8b54465
commit 198b4dff20
15 changed files with 679 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

498
flake.lock
View file

@ -1,5 +1,49 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1720546205,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
"owner": "ryantm",
"repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1721402988,
"narHash": "sha256-O5j5y5gpssVF5FNsSF7joTyrlW//LpwyLk6yBWgQ0VE=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "3f1c787e2092d9c13142ae7572cc1c52b68f1c4c",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"auxolotl-website": {
"inputs": {
"nixpkgs": [
@ -21,20 +65,62 @@
"url": "https://git.auxolotl.org/auxolotl/website"
}
},
"buildbot-nix": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1722025605,
"narHash": "sha256-WKgvUD1V5w3GQ/uycqHMmYXhYvbB0T0EnKFeQ8hb6j8=",
"owner": "nix-community",
"repo": "buildbot-nix",
"rev": "225d286fa78389329168befc5d26888e317d0d0d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "buildbot-nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1711973905,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
@ -43,7 +129,45 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -59,7 +183,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -75,7 +199,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -91,61 +215,28 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
@ -163,13 +254,177 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1719848872,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1721838734,
"narHash": "sha256-o87oh2nLDzZ1E9+j1I6GaEvd9865OWGYvxaPSiH9DEU=",
"owner": "Nixos",
"repo": "nixpkgs",
"rev": "1855c9961e0bfa2e776fa4b58b7d43149eeed431",
"type": "github"
},
"original": {
"owner": "Nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
"rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github"
},
"original": {
@ -179,18 +434,49 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"agenix-rekey",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"auxolotl-website": "auxolotl-website",
"buildbot-nix": "buildbot-nix",
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_3",
"snowfall-lib": "snowfall-lib_2",
"unstable": "unstable"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"auxolotl-website",
@ -213,18 +499,18 @@
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713814392,
"narHash": "sha256-IanrgtpgDqxGfzNczstspPljAHKaY0e4DGvYgdAwC1Y=",
"lastModified": 1717625599,
"narHash": "sha256-qX9VJizFEoiRWDEiVs5+2w4FclQNQVVPvGPESsZ1F8k=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "91ab40c2e01cc1bade8092604370964ee86e9317",
"rev": "5a10d2e37b6c6223763fa7c00b974875e49f93cc",
"type": "github"
},
"original": {
@ -279,13 +565,79 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"buildbot-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1721769617,
"narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1714906307,
"narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=",
"lastModified": 1721743106,
"narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
"rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f",
"type": "github"
},
"original": {
@ -297,7 +649,7 @@
},
"utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,

6
flake.nix
View file

@ -8,7 +8,6 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
snowfall-lib = {
url = "github:snowfallorg/lib/dev";
inputs.nixpkgs.follows = "nixpkgs";
@ -26,6 +25,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
buildbot-nix.url = "github:nix-community/buildbot-nix";
# Do not override nixpkgs in buildbot-nix (see https://github.com/nix-community/buildbot-nix)
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
@ -52,6 +54,8 @@
systems.modules.nixos = [
inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.buildbot-nix.nixosModules.buildbot-master
inputs.buildbot-nix.nixosModules.buildbot-worker
];
deploy = lib.mkDeploy {

112
modules/nixos/auxolotl/services/ci/master/default.nix Normal file
View file

@ -0,0 +1,112 @@
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
#
# SPDX-License-Identifier: GPL-3.0-only
{
lib,
pkgs,
config,
inputs,
...
}: let
cfg = config.auxolotl.services.ci.master;
in {
options.auxolotl.services.ci.master = {
enable = lib.mkEnableOption "Enable the buildbot-nix master on this server";
forgeUrl = lib.mkOption {
type = lib.types.str;
default = "https://${config.auxolotl.services.forge.subdomain}.${config.auxolotl.services.forge.domain}";
description = "The url your gitea/forgejo forge is hosted at";
};
domain = lib.mkOption {
type = lib.types.str;
default = "auxolotl.org";
description = "The domain name for the website.";
};
subdomain = lib.mkOption {
type = lib.types.str;
default = "builds";
description = "The subdomain for the website.";
};
oauth = {
clientId = lib.mkOption {
type = lib.types.str;
description = "The client ID for your gitea/forgejo app";
};
clientSecretFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the client secret for your gitea/forgejo app, readable by the 'buildbot' user";
};
};
tokenFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the personal access token for your gitea/forgejo user. You should probably make a new 'ci' user for this purpose, although this is not strictly required";
};
webhookSecretFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the secret for your gitea/forgejo triggering webhooks";
};
databasePasswordFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the password for the buildbot postgres user";
};
workersFile = lib.mkOption {
type = lib.types.str;
description = "A file containing a list of workers, passwords, etc. as JSON. See https://github.com/nix-community/buildbot-nix/blob/5bdbb7609689989a79f7d6e6e59c4b7985634230/examples/master.nix#L13 for an example";
};
};
config = lib.mkIf cfg.enable {
services.buildbot-nix.master = {
enable = true;
authBackend = "gitea"; # Forgejo and gitea are similar enough to ...
gitea = {
inherit (cfg) tokenFile webhookSecretFile;
instanceUrl = cfg.forgeUrl;
oauthId = cfg.oauth.clientId;
oauthSecretFile = cfg.oauth.clientSecretFile;
topic = null;
};
admins = [
"jakehamilton"
"isabelroses"
"minion"
"AxelSilverdew"
"coded"
"srd424"
];
# Admins is currently Steering+Infrastructure committees
# We should consider how best to proceed with this...
workersFile = cfg.workersFile;
buildSystems = [ pkgs.hostPlatform.system ];
domain = "${cfg.subdomain}.${cfg.domain}";
useHTTPS = true;
buildbotNixpkgs = pkgs;
outputsPath = "/var/lib/buildbot/outputs";
};
services.nginx.virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
forceSSL = true;
enableACME = true;
};
};
}

40
modules/nixos/auxolotl/services/ci/worker/default.nix Normal file
View file

@ -0,0 +1,40 @@
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
#
# SPDX-License-Identifier: GPL-3.0-only
{
lib,
pkgs,
config,
inputs,
...
}: let
cfg = config.auxolotl.services.ci.worker;
in {
options.auxolotl.services.ci.worker = {
enable = lib.mkEnableOption "Enable a buildbot-nix worker on this server";
masterUrl = lib.mkOption {
type = lib.types.str;
description = "The master url for the buildbot worker";
default = if config.auxolotl.services.ci.master.enable
then "tcp:host=localhost:port=9989"
else throw "auxolotl.services.ci.worker: You must either set a master URL or run a master on this server";
};
workerPasswordFile = lib.mkOption {
type = lib.types.str;
description = "A file containing the password for this worker";
};
};
config = lib.mkIf cfg.enable {
services.buildbot-nix.worker = {
enable = true;
buildbotNixpkgs = pkgs;
inherit (cfg) masterUrl workerPasswordFile;
};
};
}

12
secrets/generated/baxter/services.ci.master.webhookSecretFile.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> piv-p256 xE4ypg A70wMCisOjVzR3ug4BLjnWaiySAkBRDLS80G5F+HgP90
5eo4VyKyOpO3s1ab5tYWrPJLp2NDoNfOLssPJz1X6sM
-> piv-p256 Hpt/+Q Ap55RMoW+ydJ/CWdY4f+dT3m+e6iKe+OJlE3ORgH5jl/
XjwSs/jqumcvnOsfKM97NbjuKelP7bxz87fXqDajmto
-> piv-p256 zfskmQ A6uIgMEgAQONVDgcpqh935TcbNVHPdGR+a8y2fsY0dw4
0eByad5OHK5Gap5Eq+jA5j1cWHS8q6cKvR9VKD5gXg4
-> LOt-grease %/=M
fgFp1gevlSUjaT26jP0yiRZNh3H9IlhZtJDt61WublxpuNhISVSNSqXat86tXjOZ
iEd+
--- 8HghOj3gAYLyGa2/z7ep5TbdSmrzhi7Bv333id6/XRY
µÕOåš:¤&-<2D>ý3ºÜõsÔQsDµFª<¥§è¹Ùá‘ØÑÌ… fDXb.TxdR ùú3Y¯Bó«æqs¤<73>¸Æ"NÛlÕÙš

BIN
secrets/generated/baxter/services.ci.worker.workerPasswordFile.age Normal file
View file

Binary file not shown.

7
secrets/rekeyed/baxter/24951ab2dd459b4cbdfa83ecee6517c6-services.ci.master.tokenFile.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA 5MtkO2R8f6CVXX4c2n3BOiAMzExUSwfm4u+TQIHamEg
i3SUH1s0UYAUhfZmCkrBw7BN5NTTtQIwGl0ITQht0XM
-> [[E3wgE-grease xW^ t/4SAoK@
8dSbS93buyIBRyWFPg
--- 4ySt+P89sGFFAdDieoRwozA/Hsq+FqA2wWNcMwQ3a74
ÒTT—UV©+E{ºY…D—LêåM_Ä.ç˜P<CB9C>$y“^<5E>ømOä¦çÍšSÈ(÷S;¯T—úgN<67>ù®Õí(ìóNà aT šQò

BIN
secrets/rekeyed/baxter/58a73a00f6ce9881f5206f8ab350466b-services.ci.master.oauth.clientSecretFile.age Normal file
View file

Binary file not shown.

7
secrets/rekeyed/baxter/611a4946b7c2a4de9aa8f6175cf92d7f-services.ci.master.webhookSecretFile.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA 3AdBBzRTHv35vrflVzH1z/8YV5SJykizTzOtKOgucRI
eU/l9cWEF9ix2fK8YqqlHuBdJdISERVVZAdRnAXfKFA
-> Cf*79d-grease
Mft5A1hDcFzr+nA1uE6kNLlN26I
--- HkABm597GfKIRwYRHvYV6tCoFeiNN3tAEEgnctlGCo8
xÛ^qû©Äcµ73^À—ÃåјNüZHh?½8G²ÜüëöÓ”T½¿«w]y¢£,ªQ³8<C2B3>·»<02>Ñ ·ˆÿx¿VG+³Oÿ$y´

BIN
secrets/rekeyed/baxter/9ffbe2a747e0bcdc4d670cf7d47d3575-services.ci.master.workersFile.json.age Normal file
View file

Binary file not shown.

7
secrets/rekeyed/baxter/be4852d28a22f490934108662e4718f4-services.ci.worker.workerPasswordFile.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Z9MeFA EOHfjGuxu4lGCf1BVX4yI6GEULyMjqgijUjozsNxCnk
9cT0bTKNP73guNnwSmDVn+gSZwnF4Wweq4DlvHdWUkA
-> )|AUL?-grease +&*1J$ uR@9HO ,nfE ULx2MW"l
7Z3ZhFGj/dlmd6s1W2AESyALUeslyMrLiVN6X+Uo8w
--- 2i6p/11kcpcMhZUItUPfqCUp+9ykJq+T4mGg1oYw7gE
ê‰ë$¶<>Ìw•ã4ØŽ—úrºâõÝÈ}(1h®ue€ÂàÈ&æøf³à>í¯Ø4À0G»\DºÁ.„ú%°âë<Ç&dKØ

41
systems/x86_64-linux/baxter/default.nix
View file

@ -46,7 +46,48 @@
services = {
ssh.enable = true;
forge.enable = true;
ci = {
master = {
enable = true;
tokenFile = config.age.secrets."services.ci.master.tokenFile".path;
webhookSecretFile = config.age.secrets."services.ci.master.webhookSecretFile".path;
oauth = {
clientId = "76e70591-79a6-4a2f-8319-317f46800519";
clientSecretFile = config.age.secrets."services.ci.master.oauth.clientSecretFile".path;
};
workersFile = config.age.secrets."services.ci.master.workersFile.json".path;
};
worker = {
enable = true;
workerPasswordFile = config.age.secrets."services.ci.worker.workerPasswordFile".path;
};
};
};
};
age.secrets."services.ci.master.tokenFile" = {
rekeyFile = ./services.ci.master.tokenFile.age;
group = "buildbot";
};
age.secrets."services.ci.master.webhookSecretFile" = {
generator.script = "alnum";
group = "buildbot";
};
age.secrets."services.ci.master.oauth.clientSecretFile" = {
rekeyFile = ./services.ci.master.oauth.clientSecretFile.age;
group = "buildbot";
};
age.secrets."services.ci.master.workersFile.json" = {
rekeyFile = ./services.ci.master.workersFile.json.age;
group = "buildbot";
};
age.secrets."services.ci.worker.workerPasswordFile" = {
generator.script = "alnum";
group = "buildbot";
};
system.stateVersion = "23.11";

12
systems/x86_64-linux/baxter/services.ci.master.oauth.clientSecretFile.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> piv-p256 xE4ypg A+D0j6/XAOWgbzbOKKNX3IaA0RCZSYG1lWXNL7ErYKjh
p3kgqbWj5T0D1pbStNRjHpKPbv4sMvrHXDpBk5Ym8LE
-> piv-p256 Hpt/+Q AgIoOHkn/1EJRoaMHTVR2nO2ub1F2UoRjYaJIpmvXzty
tGfVG9kUG94wZSwwkFEcJK6ehvaHHUVa1eJBXjyQnW4
-> piv-p256 zfskmQ AhG7AZlLuJ2JwfojMJIZKAjGlgUgssK2JlsBjcAkdehP
Yr8a6Cx7S08KBYkbTYoPHAROllXvGsMkS1lKv+3cP4I
-> D^7VNXi7-grease C !pw j
nIH+2iyF2LotQqzFroxVIgeFVnvMjYhsO27Egb7UU/zavBgrY2Grc30v3AptjT2j
I4q23DfwVcU5OYXq4HYHnC4zwKI
--- XOlDFARRpwZ/ew4vOTsDt5dkAfTNNfmVKfVB+2fGwHE
à£ì.a-.=<3D>Ô cÂ9ò:éP¸<12>ˆ7d96œ 1 b<>;2ÿ4f××!ŽnCFùŽÉjÒJm‡×«rˆöwëÛtµ<74>%áðëFþ{QÖI¾ ½

11
systems/x86_64-linux/baxter/services.ci.master.tokenFile.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> piv-p256 xE4ypg Ags6YIwJfw361Tg6pfdxGUZDDegofZk+xIPWpEbSps02
oSq4ycmqQjeYrnBDAb1PyK8KnWySOyukcvhS8OXW82A
-> piv-p256 Hpt/+Q AgvQ2nuF4CELPs7L9OJEeoXk2TpPLNWkQ8TYrZIyJiZ3
KFkj1om15tbZVCM1zmG7/zjhJSGwRDSP5wfB+9HuBP4
-> piv-p256 zfskmQ A551KXlyYGw0E4X3VUSnyPEdXdEIcQBoLFbf4yoc2pEF
JEheQDNOFweKrO8AfKyS2acuzpN77g/qwdHJzWXzUew
-> 6U;sLGZs-grease 6
Ug2KSn6pQ5KWyTb7A3l/dN3G8C9v3QlJp4PXzw
--- 8jZf5hxeOQO2fk9vafkEkpAlHEXKO/EZIrP0YkLkI+4
ãÏ(K¦wÂk`Þ<>.Qv{q <©¿á|rÉDàIoÏ®nZQšÌl§<6C>Ìjû#ü46lZÉÁ¨ž®UF2ŒY²!ÁÄÎ

BIN
systems/x86_64-linux/baxter/services.ci.master.workersFile.json.age Normal file
View file

Binary file not shown.