mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

buildkite-agent service: init for nix-darwin

Browse source
This commit is contained in:
Rodney Lorrimar 2018-02-14 11:35:09 +00:00
parent ef9427dbf0
commit ed6e80a179
2 changed files with 33 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
default.nix
View file

@ -44,6 +44,7 @@ let
./modules/environment ./modules/environment
./modules/launchd ./modules/launchd
./modules/services/activate-system ./modules/services/activate-system
./modules/services/buildkite-agent.nix
./modules/services/chunkwm.nix ./modules/services/chunkwm.nix
./modules/services/emacs.nix ./modules/services/emacs.nix
./modules/services/khd ./modules/services/khd

75
modules/services/buildkite-agent.nix
View file

@ -170,44 +170,37 @@ in
The `pre-exit` hook will run just before your build job finishes The `pre-exit` hook will run just before your build job finishes
''; } ''; }
]; ];
hooksPath = mkOption {
type = types.path;
default = hooksDir;
defaultText = "generated from services.buildkite-agent.hooks";
description = ''
Path to the directory storing the hooks.
Consider using <option>services.buildkite-agent.hooks.&lt;name&gt;</option>
instead.
'';
};
}; };
}; };
config = mkIf config.services.buildkite-agent.enable { config = mkIf config.services.buildkite-agent.enable {
users.extraUsers.buildkite-agent = users.users.buildkite-agent =
{ name = "buildkite-agent"; { name = "buildkite-agent";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true;
description = "Buildkite agent user"; description = "Buildkite agent user";
extraGroups = [ "keys" ]; uid = 532;
gid = 532;
};
users.groups.buildkite-agent =
{ name = "buildkite-agent";
description = "Buildkite agent user group";
gid = 532;
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
systemd.services.buildkite-agent = launchd.daemons.buildkite-agent =
{ description = "Buildkite Agent"; {
wantedBy = [ "multi-user.target" ]; path = cfg.runtimePackages ++ [ pkgs.coreutils cfg.package ];
after = [ "network.target" ]; environment = {
path = cfg.runtimePackages ++ [ pkgs.coreutils ];
environment = config.networking.proxy.envVars // {
HOME = cfg.dataDir; HOME = cfg.dataDir;
NIX_REMOTE = "daemon"; NIX_REMOTE = "daemon";
NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}; };
## NB: maximum care is taken so that secrets (ssh keys and the CI token) ## NB: maximum care is taken so that secrets (ssh keys and the CI token)
## don't end up in the Nix store. ## don't end up in the Nix store.
preStart = let script = let
sshDir = "${cfg.dataDir}/.ssh"; sshDir = "${cfg.dataDir}/.ssh";
in in
'' ''
@ -221,32 +214,28 @@ in
name="${cfg.name}" name="${cfg.name}"
meta-data="${cfg.meta-data}" meta-data="${cfg.meta-data}"
build-path="${cfg.dataDir}/builds" build-path="${cfg.dataDir}/builds"
hooks-path="${cfg.hooksPath}" hooks-path="${hooksDir}"
${cfg.extraConfig} ${cfg.extraConfig}
EOF EOF
# Secrets exist in the buildkite-agent home directory
chmod 750 "${cfg.dataDir}"
chmod 640 "${cfg.dataDir}/buildkite-agent.cfg"
# Make /usr/bin/sw_vers accessible
export PATH=$PATH:/usr/bin
exec buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg
''; '';
serviceConfig = serviceConfig.KeepAlive = true;
{ ExecStart = "${pkgs.buildkite-agent}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg"; serviceConfig.RunAtLoad = true;
User = "buildkite-agent";
RestartSec = 5;
Restart = "on-failure";
TimeoutSec = 10;
};
};
assertions = [ serviceConfig.GroupName = "buildkite-agent";
{ assertion = cfg.hooksPath == hooksDir || all isNull (attrValues cfg.hooks); serviceConfig.UserName = "buildkite-agent";
message = '' serviceConfig.WorkingDirectory = config.users.users.buildkite-agent.home;
Options `services.buildkite-agent.hooksPath' and serviceConfig.StandardErrorPath = "${cfg.dataDir}/buildkite-agent.log";
`services.buildkite-agent.hooks.<name>' are mutually exclusive. serviceConfig.StandardOutPath = "${cfg.dataDir}/buildkite-agent.log";
''; };
}
];
}; };
imports = [
(mkRenamedOptionModule [ "services" "buildkite-agent" "token" ] [ "services" "buildkite-agent" "tokenPath" ])
(mkRenamedOptionModule [ "services" "buildkite-agent" "openssh" "privateKey" ] [ "services" "buildkite-agent" "openssh" "privateKeyPath" ])
(mkRenamedOptionModule [ "services" "buildkite-agent" "openssh" "publicKey" ] [ "services" "buildkite-agent" "openssh" "publicKeyPath" ])
];
} }