diff --git a/flake.lock b/flake.lock index faadbeea2..21c3ae0b6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,48 @@ { "nodes": { + "buildbot-nix": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1717033539, + "narHash": "sha256-vWQLnmZSipvaosXnGze8aSqlEzaAF9PhA5sh2QYNvTc=", + "owner": "Mic92", + "repo": "buildbot-nix", + "rev": "ad165ae64f877adc6156b8f21c31fc74144dc8e4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "buildbot-nix", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "nix-writers": { "flake": false, "locked": { @@ -34,9 +77,31 @@ }, "root": { "inputs": { + "buildbot-nix": "buildbot-nix", "nix-writers": "nix-writers", "nixpkgs": "nixpkgs" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715940852, + "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 516648849..d4f8b2b33 100644 --- a/flake.nix +++ b/flake.nix @@ -7,15 +7,18 @@ }; # disko.url = "github:nix-community/disko"; # disko.inputs.nixpkgs.follows = "nixpkgs"; + buildbot-nix.url = "github:Mic92/buildbot-nix"; + buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; }; description = "stockholm"; - outputs = { self, nixpkgs, nix-writers }: { + outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }@inputs: { nixosConfigurations = nixpkgs.lib.mapAttrs (machineName: _: nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs.stockholm = self; specialArgs.nix-writers = nix-writers; + specialArgs.buildbot-nix = buildbot-nix; modules = [ ./krebs/1systems/${machineName}/config.nix { diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index d6134cd8d..6dd59be55 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -211,6 +211,7 @@ in { bookmark.euer IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} + build.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a103ed1a..91071ec85 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -6,7 +6,6 @@ ../../../krebs/2configs ../../../krebs/2configs/nginx.nix - ../../../krebs/2configs/buildbot-stockholm.nix ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix ../../../krebs/2configs/reaktor2.nix @@ -15,6 +14,10 @@ ../../../krebs/2configs/mud.nix ../../../krebs/2configs/repo-sync.nix + ../../../krebs/2configs/buildbot-stockholm.nix + #../../../krebs/2configs/buildbot/master.nix + #../../../krebs/2configs/buildbot/worker.nix + ../../../krebs/2configs/cal.nix ../../../krebs/2configs/mastodon.nix diff --git a/krebs/2configs/buildbot/master.nix b/krebs/2configs/buildbot/master.nix new file mode 100644 index 000000000..9598f6fa0 --- /dev/null +++ b/krebs/2configs/buildbot/master.nix @@ -0,0 +1,33 @@ +{buildbot-nix,...}: +let + #domain = "buildbot.krebsco.de"; + domain = "build.hotdog.r"; +in { + imports = [ + buildbot-nix.nixosModules.buildbot-master + ]; + + #services.nginx.virtualHosts."${domain}" = { + # enableACME = true; + # forceSSL = true; + #}; + + + services.buildbot-nix.master = { + enable = true; + admins = [ "makefu" ]; + buildSystems = [ "x86_64-linux" "aarch64-linux" ]; + inherit domain; + evalMaxMemorySize = "4096"; + evalWorkerCount = 16; + workersFile = "/var/src/secrets/buildbot/nix-workers"; + github = { + tokenFile = "/var/src/secrets/buildbot/github-token"; + webhookSecretFile = "/var/src/secrets/buildbot/github-webhook-secret"; + oauthSecretFile = "/var/src/secrets/buildbot/github-oauth-secret"; + oauthId = "Ov23lizFP7t7qoE9FuDA"; + user = "krebs-bob"; + topic = "buildbot"; + }; + }; +} diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix new file mode 100644 index 000000000..e96c6df14 --- /dev/null +++ b/krebs/2configs/buildbot/worker.nix @@ -0,0 +1,11 @@ +{ buildbot-nix, ... }: +{ + imports = [ + buildbot-nix.nixosModules.buildbot-worker + ]; + + services.buildbot-nix.worker = { + enable = true; + workerPasswordFile = "/var/src/secrets/nix-worker-file"; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 5d64555c8..6ca7c732a 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -28,7 +28,7 @@ with import ../../lib/pure.nix { inherit lib; }; networking.hostName = config.krebs.build.host.name; nix.maxJobs = 1; - nix.useSandbox = true; + nix.settings.sandbox = true; environment.systemPackages = with pkgs; [ git diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index f42921824..aa33f748f 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, config, ... }: { services.matterbridge = { enable = true; configPath = let