hosts/marvin/services/buildbot.nix at f1574eeedac18e4583faa72b01a361af2292e029 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / marvin / services / buildbot.nix

at f1574eeedac18e4583faa72b01a361af2292e029 1.3 kB view raw

 1{ config, self, ... }:
 2let
 3  as = config.age.secrets;
 4  d = self.lib.data.services.buildbot;
 5  g = self.lib.data.services.git;
 6  bbSecret = {
 7    owner = "buildbot";
 8    group = "buildbot";
 9  };
10in
11{
12  services = {
13    buildbot-nix.master = {
14      enable = true;
15      dbUrl = "postgresql://buildbot@localhost/buildbot";
16      workersFile = as.buildbot-workers.path;
17      authBackend = "gitea";
18      gitea = {
19        enable = true;
20        tokenFile = as.buildbot-gitea-token.path;
21        oauthSecretFile = as.buildbot-oauth-secret.path;
22        instanceUrl = g.extUrl;
23        oauthId = "2bfd5c46-43a7-4d98-b443-9176dc0a9452";
24        topic = "buildbot-enable";
25      };
26      admins = [ "pyrox" ];
27      domain = d.extUrl;
28      useHttps = true;
29    };
30    postgresql = {
31      ensureUsers = [
32        {
33          name = "buildbot";
34          ensureDBOwnership = true;
35          ensureClauses.login = true;
36        }
37      ];
38      ensureDatabases = [ "buildbot" ];
39    };
40    buildbot-master.port = 6915;
41  };
42  age.secrets = {
43    buildbot-gitea-token = bbSecret // {
44      file = ./secrets/buildbot-gitea-token.age;
45    };
46    buildbot-oauth-secret = bbSecret // {
47      file = ./secrets/buildbot-oauth-secret.age;
48    };
49    buildbot-workers = bbSecret // {
50      file = ./secrets/buildbot-workers.age;
51    };
52  };
53}