-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
worker.nix
115 lines (109 loc) · 3.79 KB
/
worker.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.buildbot-nix.worker;
home = "/var/lib/buildbot-worker";
buildbotDir = "${home}/worker";
python = cfg.package.pythonModule;
in
{
_file = ./worker.nix;
options = {
services.buildbot-nix.worker = {
enable = lib.mkEnableOption "buildbot-worker";
name = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
description = "The buildbot worker name.";
};
nixEvalJobs.package = lib.mkOption {
type = lib.types.package;
default = pkgs.callPackage ./nix-eval-jobs.nix { };
description = "nix-eval-jobs to use for evaluation";
};
buildbotNixpkgs = lib.mkOption {
type = lib.types.raw;
description = "Nixpkgs to use for buildbot packages";
};
package = lib.mkOption {
type = lib.types.package;
default = cfg.buildbotNixpkgs.buildbot-worker;
defaultText = "pkgs.buildbot-worker";
description = "The buildbot-worker package to use.";
};
masterUrl = lib.mkOption {
type = lib.types.str;
default = "tcp:host=localhost:port=9989";
description = "The buildbot master url.";
};
workerPasswordFile = lib.mkOption {
type = lib.types.path;
description = "The buildbot worker password file.";
};
};
};
config = lib.mkIf cfg.enable {
nix.settings.extra-allowed-users = [ "buildbot-worker" ];
# Allow buildbot-worker to create gcroots
systemd.tmpfiles.rules = [
"d /nix/var/nix/gcroots/per-user/${config.users.users.buildbot-worker.name} 0755 ${config.users.users.buildbot-worker.name} root - -"
];
users.users.buildbot-worker = {
description = "Buildbot Worker User.";
isSystemUser = true;
createHome = true;
inherit home;
group = "buildbot-worker";
useDefaultShell = true;
};
users.groups.buildbot-worker = { };
systemd.services.buildbot-worker = {
reloadIfChanged = true;
description = "Buildbot Worker.";
after = [
"network.target"
"buildbot-master.service"
];
wantedBy = [ "multi-user.target" ];
path = [
pkgs.cachix
pkgs.git
pkgs.openssh
pkgs.nix
pkgs.bash
pkgs.coreutils
cfg.nixEvalJobs.package
];
environment.PYTHONPATH = "${python.withPackages (_: [ cfg.package ])}/${python.sitePackages}";
environment.MASTER_URL = cfg.masterUrl;
environment.BUILDBOT_DIR = buildbotDir;
serviceConfig = {
# We rather want the CI job to fail on OOM than to have a broken buildbot worker.
# Otherwise we might end up restarting the worker and the same job is run again.
OOMPolicy = "continue";
LoadCredential = [ "worker-password-file:${cfg.workerPasswordFile}" ];
Environment = [
"WORKER_PASSWORD_FILE=%d/worker-password-file"
"WORKER_NAME=${cfg.name}"
];
Type = "simple";
User = "buildbot-worker";
Group = "buildbot-worker";
WorkingDirectory = "/var/lib/buildbot-worker";
# Restart buildbot with a delay. This time way we can use buildbot to deploy itself.
ExecReload = "+${config.systemd.package}/bin/systemd-run --on-active=60 ${config.systemd.package}/bin/systemctl restart buildbot-worker";
ExecStart =
lib.traceIf (lib.versionOlder cfg.package.version "4.0.0")
''
`buildbot-nix` recommends `buildbot-worker` to be at least of version `4.0.0`.
Consider upgrading by setting `services.buildbot-nix.worker.package` i.e. from nixpkgs-unstable.
''
"${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${../buildbot_nix}/worker.py";
};
};
};
}