From c208537f4954b4a330b149d264e9e15b1821610c Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sun, 23 Jul 2023 13:44:48 +0200 Subject: [PATCH] Updated hypervisor input --- flake.lock | 5 +-- flake.nix | 31 ++++++++----------- modules/buildbot/default.nix | 57 ++++++++++++++++++++++++++++++++++ modules/buildbot/worker.py | 59 ++++++++++++++++++++++++++++++++++++ 4 files changed, 131 insertions(+), 21 deletions(-) create mode 100644 modules/buildbot/default.nix create mode 100644 modules/buildbot/worker.py diff --git a/flake.lock b/flake.lock index 6a47414..ccc75ee 100644 --- a/flake.lock +++ b/flake.lock @@ -242,9 +242,9 @@ }, "locked": { "lastModified": 1688319245, - "narHash": "sha256-+fXRVu4TDH8mxmZpSByJZCprKfHduFTLOb7sTm4w0RQ=", + "narHash": "sha256-fVIbXKvHmxSUAKTMiXx799UasQwU2XT+op7bzvtfl8c=", "ref": "main", - "rev": "89b36124b161492f140185815ec5b76a0b29dba7", + "rev": "9f32a304708fd9c91c081db05eee1b4f2e0226cc", "revCount": 5, "type": "git", "url": "ssh://gitea@git.newtype.fr/newtype/nixos-hypervisor" @@ -379,3 +379,4 @@ "root": "root", "version": 7 } + diff --git a/flake.nix b/flake.nix index 61ef327..a906796 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,6 @@ { description = "NixOS configuration with flakes"; - nixConfig.extra-substituters = [ - "https://newtype.cachix.org" - ]; - nixConfig.extra-trusted-public-keys = [ - "newtype.cachix.org-1:Gd5G2EVFNJslfR3PxA2+JY7mHT6MwVJ6biv5Cg47SD0=" - ]; - # To update all inputs: # $ nix flake update --recreate-lock-file inputs = { @@ -88,19 +81,19 @@ ] ++ pkgs.lib.optional (pkgs.stdenv.isLinux) pkgs.mkpasswd; }; packages = { - # netboot = pkgs.callPackage ./modules/netboot/netboot.nix { - # # this nixosSystem is built for x86_64 machines regardless of the host machine - # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - # inherit (inputs.nixpkgs.lib) nixosSystem; - # extraModules = [ - # self.inputs.nur.nixosModules.nur - # { _module.args.inputs = self.inputs; } - # ]; - # }; + # netboot = pkgs.callPackage ./modules/netboot/netboot.nix { + # # this nixosSystem is built for x86_64 machines regardless of the host machine + # pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + # inherit (inputs.nixpkgs.lib) nixosSystem; + # extraModules = [ + # self.inputs.nur.nixosModules.nur + # { _module.args.inputs = self.inputs; } + # ]; + # }; - # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix { - # inherit (self'.packages) netboot; - # }; + # netboot-pixie-core = pkgs.callPackage ./modules/netboot/netboot-pixie-core.nix { + # inherit (self'.packages) netboot; + # }; }; }; flake = { diff --git a/modules/buildbot/default.nix b/modules/buildbot/default.nix new file mode 100644 index 0000000..5b0caa5 --- /dev/null +++ b/modules/buildbot/default.nix @@ -0,0 +1,57 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.buildbot; + port = "1810"; + package = pkgs.buildbot-worker; + python = package.pythonModule; + home = "/var/lib/buildbot-worker"; + buildbotDir = "${home}/worker"; +in +{ + #buildbot worker + + nix.settings.allowed-users = [ "buildbot-worker" ]; + users.users.buildbot-worker = { + description = "Buildbot Worker User."; + isSystemUser = true; + createHome = true; + home = "/var/lib/buildbot-worker"; + group = "buildbot-worker"; + useDefaultShell = true; + }; + users.groups.buildbot-worker = { }; + + systemd.services.buildbot-worker = { + reloadIfChanged = true; + description = "Buildbot Worker."; + after = [ "network.target" "buildbot-master.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.unstable.nix-eval-jobs + pkgs.git + pkgs.gh + pkgs.nix + pkgs.nix-output-monitor + ]; + environment.PYTHONPATH = "${python.withPackages (_: [package])}/${python.sitePackages}"; + environment.MASTER_URL = ''tcp:host=ci.julienmalka.me''; + environment.BUILDBOT_DIR = buildbotDir; + environment.WORKER_PASSWORD_FILE = "/var/lib/buildbot-worker/password.txt"; + + serviceConfig = { + Type = "simple"; + User = "buildbot-worker"; + Group = "buildbot-worker"; + WorkingDirectory = home; + + # Restart buildbot with a delay. This time way we can use buildbot to deploy itself. + ExecReload = "+${pkgs.systemd}/bin/systemd-run --on-active=60 ${pkgs.systemd}/bin/systemctl restart buildbot-worker"; + ExecStart = "${python.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${./worker.py}"; + }; + }; + +} + + + diff --git a/modules/buildbot/worker.py b/modules/buildbot/worker.py new file mode 100644 index 0000000..a640eff --- /dev/null +++ b/modules/buildbot/worker.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 + +import multiprocessing +import os +import socket +from io import open + +from buildbot_worker.bot import Worker +from twisted.application import service + + +def require_env(key: str) -> str: + val = os.environ.get(key) + assert val is not None, "val is not set" + return val + + +def setup_worker(application: service.Application, id: int) -> None: + basedir = f"{require_env('BUILDBOT_DIR')}-{id}" + os.makedirs(basedir, mode=0o700, exist_ok=True) + + master_url = require_env("MASTER_URL") + hostname = socket.gethostname() + workername = f"{hostname}-{id}" + + with open( + require_env("WORKER_PASSWORD_FILE"), "r", encoding="utf-8" + ) as passwd_file: + passwd = passwd_file.read().strip("\r\n") + keepalive = 600 + umask = None + maxdelay = 300 + numcpus = None + allow_shutdown = None + + s = Worker( + None, + None, + workername, + passwd, + basedir, + keepalive, + connection_string=master_url, + umask=umask, + maxdelay=maxdelay, + numcpus=numcpus, + allow_shutdown=allow_shutdown, + ) + s.setServiceParent(application) + + +# note: this line is matched against to check that this is a worker +# directory; do not edit it. +application = service.Application("buildbot-worker") + +for i in range(14): + setup_worker(application, i) + +