-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
fully-private-github.nix
53 lines (47 loc) · 1.84 KB
/
fully-private-github.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{ pkgs, ... }:
{
# For a more full fledged and commented example refer to ./master.nix and ./worker.nix,
# those two files give a better introductory example than this one
services.buildbot-nix.master = {
enable = true;
domain = "buildbot.example.org";
workersFile = pkgs.writeText "workers.json" "changeMe";
admins = [ ];
# `authBackend` can be omitted here, the module sets it itself
authBackend = "httpbasicauth";
# this is a randomly generated secret, which is only used to authenticate requests
# from the oauth2 proxy to buildbot
httpBasicAuthPasswordFile = pkgs.writeText "http-basic-auth-passwd" "changeMe";
gitea = {
enable = true;
tokenFile = "/secret/gitea_token";
instanceUrl = "https://codeberg.org";
webhookSecretFile = pkgs.writeText "webhook-secret" "changeMe";
topic = "build-with-buildbot";
};
github = {
enable = true;
webhookSecretFile = pkgs.writeText "github_webhook_secret" "changeMe";
topic = "build-with-buildbot";
authType.app = {
secretKeyFile = pkgs.writeText "github_app_secret_key" "changeMe";
id = 0;
};
};
# optional nix-eval-jobs settings
evalWorkerCount = 2; # limit number of concurrent evaluations
evalMaxMemorySize = 4096; # limit memory usage per evaluation
accessMode.fullyPrivate = {
backend = "github";
# this is a randomly generated alphanumeric secret, which is used to encrypt the cookies set by
# oauth2-proxy, it must be 8, 16, or 32 characters long
cookieSecretFile = pkgs.writeText "github_cookie_secret" "changeMe";
clientSecretFile = pkgs.writeText "github_oauth_secret" "changeMe";
clientId = "Iv1.XXXXXXXXXXXXXXXX";
};
};
services.buildbot-nix.worker = {
enable = true;
workerPasswordFile = "/secret/worker_secret";
};
}