stockholm/krebs/3modules/buildbot/slave.nix

{ config, pkgs, lib, ... }:

with import <stockholm/lib>;
let
  default-packages = [ pkgs.git pkgs.bash ];
  buildbot = pkgs.stdenv.lib.overrideDerivation pkgs.buildbot-worker (old:{
    patches = [ ./buildbot-worker.patch ];
    propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.coreutils ];
  });
  cfg = config.krebs.buildbot.worker;

  api = {
    enable = mkEnableOption "Buildbot worker";

    workDir = mkOption {
      default = "/var/lib/buildbot/worker";
      type = types.str;
      description = ''
        Path to build bot worker directory.
        Will be created on startup.
      '';
    };

    masterhost = mkOption {
      default = "localhost";
      type = types.str;
      description = ''
        Hostname/IP of the buildbot master
      '';
    };

    username = mkOption {
      type = types.str;
      description = ''
        workername used to authenticate with master
      '';
    };

    password = mkOption {
      type = types.str;
      description = ''
        worker password used to authenticate with master
      '';
    };

    contact = mkOption {
      default = "nix worker <buildworker@${config.networking.hostName}>";
      type = types.str;
      description = ''
        contact to be announced by buildworker
      '';
    };

    description = mkOption {
      default = "Nix Generated Buildworker";
      type = types.str;
      description = ''
        description for hostto be announced by buildworker
      '';
    };

    packages = mkOption {
      default = [ pkgs.git ];
      type = with types; listOf package;
      description = ''
        packages which should be in path for buildworker
      '';
    };

    extraEnviron = mkOption {
      default = {};
      example = {
        NIX_PATH = "nixpkgs=/path/to/my/nixpkgs";
      };
      type = types.attrsOf types.str;
      description = ''
        extra environment variables to be provided to the buildworker service
        if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here.
      '';
    };

    extraConfig = mkOption {
      default = "";
      type = types.lines;
      example = ''
        port = 443
        keepalive = 600
      '';
      description = ''
        extra config evaluated before calling Buildworker init in .tac file
      '';
    };
  };

  imp = {

    users.extraUsers.buildbotworker = {
      uid = genid "buildbotworker";
      description = "Buildbot worker";
      home = cfg.workDir;
      createHome = false;
    };

    users.extraGroups.buildbotworker = {
      gid = genid "buildbotworker";
    };

    systemd.services."buildbotworker-${cfg.username}-${cfg.masterhost}" = {
      description = "Buildbot worker for ${cfg.username}@${cfg.masterhost}";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      path = default-packages ++ cfg.packages;

      environment = {
          SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
          NIX_REMOTE="daemon";
      } // cfg.extraEnviron;

      serviceConfig = let
        workdir = shell.escape cfg.workDir;
        contact = shell.escape cfg.contact;
        description = shell.escape cfg.description;
        masterhost = shell.escape cfg.masterhost;
        username = shell.escape cfg.username;
        password = shell.escape cfg.password;
      in {
        PermissionsStartOnly = true;
        Type = "forking";
        PIDFile = "${workdir}/twistd.pid";
        ExecStartPre = pkgs.writeDash "buildbot-slave-init" ''
          set -efux
          mkdir -p ${workdir}/info
          # TODO: cleanup .tac file?
          ${buildbot}/bin/buildbot-worker create-worker ${workdir} ${masterhost} ${username} ${password}
          echo ${contact} > ${workdir}/info/admin
          echo ${description} > ${workdir}/info/host

          chown buildbotworker:buildbotworker -R ${workdir}
          chmod 700 -R ${workdir}
        '';
        ExecStart = "${buildbot}/bin/buildbot-worker start ${workdir}";
        ExecStop = "${buildbot}/bin/buildbot-worker stop ${workdir}";
        PrivateTmp = "true";
        User = "buildbotworker";
        Restart = "always";
        RestartSec = "10";
      };
    };
  };
in
{
  options.krebs.buildbot.worker = api;
  config = lib.mkIf cfg.enable imp;
}
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`{ config, pkgs, lib, ... }:`

drop config.krebs.lib 2016-10-20 18:54:38 +00:00			`with import <stockholm/lib>;`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`let`
m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`default-packages = [ pkgs.git pkgs.bash ];`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`buildbot = pkgs.stdenv.lib.overrideDerivation pkgs.buildbot-worker (old:{`
			`patches = [ ./buildbot-worker.patch ];`
			`propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.coreutils ];`
			`});`
			`cfg = config.krebs.buildbot.worker;`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00
			`api = {`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`enable = mkEnableOption "Buildbot worker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00
			`workDir = mkOption {`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`default = "/var/lib/buildbot/worker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`type = types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`Path to build bot worker directory.`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`Will be created on startup.`
			`'';`
			`};`

			`masterhost = mkOption {`
			`default = "localhost";`
			`type = types.str;`
			`description = ''`
			`Hostname/IP of the buildbot master`
			`'';`
			`};`

			`username = mkOption {`
			`type = types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`workername used to authenticate with master`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`'';`
			`};`

			`password = mkOption {`
			`type = types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`worker password used to authenticate with master`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`'';`
			`};`

			`contact = mkOption {`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`default = "nix worker <buildworker@${config.networking.hostName}>";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`type = types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`contact to be announced by buildworker`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`'';`
			`};`

			`description = mkOption {`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`default = "Nix Generated Buildworker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`type = types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`description for hostto be announced by buildworker`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`'';`
			`};`

m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`packages = mkOption {`
			`default = [ pkgs.git ];`
			`type = with types; listOf package;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`packages which should be in path for buildworker`
m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`'';`
			`};`

			`extraEnviron = mkOption {`
			`default = {};`
			`example = {`
			`NIX_PATH = "nixpkgs=/path/to/my/nixpkgs";`
			`};`
			`type = types.attrsOf types.str;`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`extra environment variables to be provided to the buildworker service`
m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here.`
			`'';`
			`};`

m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`extraConfig = mkOption {`
			`default = "";`
			`type = types.lines;`
			`example = ''`
			`port = 443`
			`keepalive = 600`
			`'';`
			`description = ''`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`extra config evaluated before calling Buildworker init in .tac file`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`'';`
			`};`
			`};`

			`imp = {`

buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`users.extraUsers.buildbotworker = {`
			`uid = genid "buildbotworker";`
			`description = "Buildbot worker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`home = cfg.workDir;`
			`createHome = false;`
			`};`

buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`users.extraGroups.buildbotworker = {`
			`gid = genid "buildbotworker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`};`

buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`systemd.services."buildbotworker-${cfg.username}-${cfg.masterhost}" = {`
			`description = "Buildbot worker for ${cfg.username}@${cfg.masterhost}";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`path = default-packages ++ cfg.packages;`

			`environment = {`
m 3 buildbot: add new slow factory to complete integration test 2015-12-22 23:06:27 +00:00			`SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";`
m 3 buildbot.slave: add extra packages and environ to configuration 2015-12-16 16:10:44 +00:00			`NIX_REMOTE="daemon";`
			`} // cfg.extraEnviron;`

m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`serviceConfig = let`
buildbot: s/lib\.shell/shell/g 2016-02-15 17:46:19 +00:00			`workdir = shell.escape cfg.workDir;`
			`contact = shell.escape cfg.contact;`
			`description = shell.escape cfg.description;`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`masterhost = shell.escape cfg.masterhost;`
			`username = shell.escape cfg.username;`
			`password = shell.escape cfg.password;`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`in {`
			`PermissionsStartOnly = true;`
			`Type = "forking";`
			`PIDFile = "${workdir}/twistd.pid";`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`ExecStartPre = pkgs.writeDash "buildbot-slave-init" ''`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`set -efux`
			`mkdir -p ${workdir}/info`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`# TODO: cleanup .tac file?`
			`${buildbot}/bin/buildbot-worker create-worker ${workdir} ${masterhost} ${username} ${password}`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`echo ${contact} > ${workdir}/info/admin`
			`echo ${description} > ${workdir}/info/host`

buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`chown buildbotworker:buildbotworker -R ${workdir}`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`chmod 700 -R ${workdir}`
			`'';`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`ExecStart = "${buildbot}/bin/buildbot-worker start ${workdir}";`
			`ExecStop = "${buildbot}/bin/buildbot-worker stop ${workdir}";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`PrivateTmp = "true";`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`User = "buildbotworker";`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`Restart = "always";`
			`RestartSec = "10";`
			`};`
			`};`
			`};`
			`in`
			`{`
buildbot: 0.8.4 -> 0.9.0rc2 2016-11-11 00:34:18 +00:00			`options.krebs.buildbot.worker = api;`
RIP specialArgs.lib 2016-02-14 15:43:44 +00:00			`config = lib.mkIf cfg.enable imp;`
m 3 buildbot/slave: init 2015-12-16 13:30:01 +00:00			`}`