diff options
| author | makefu <github@syntax-fehler.de> | 2015-12-30 01:38:33 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2015-12-30 01:38:33 +0100 |
| commit | d574c0ef78f7572aec88e484d3ff6256247e878c (patch) | |
| tree | 5436de995853b530d0cca943eefc9c0886375a35 | |
| parent | 81badfd47ede4cf3860e7006c13586340415ade5 (diff) | |
m 3 buildbot/master: add secrets
| -rw-r--r-- | krebs/3modules/buildbot/master.nix | 16 | ||||
| -rw-r--r-- | shared/2configs/buildbot-standalone.nix | 8 |
2 files changed, 18 insertions, 6 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 5870c314..74385a43 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -132,6 +132,16 @@ let ''; }; + secrets = mkOption { + default = []; + type = types.listOf types.str; + example = [ "cac.json" ]; + description = '' + List of all the secrets in <secrets> which should be copied into the + buildbot master directory. + ''; + }; + slaves = mkOption { default = {}; type = types.attrsOf types.str; @@ -344,10 +354,10 @@ let fi # always override the master.cfg cp ${buildbot-master-config} ${workdir}/master.cfg + # copy secrets - cp ${secretsdir}/cac.json ${workdir} - cp ${secretsdir}/retiolum-ci.rsa_key.priv \ - ${workdir}/retiolum.rsa_key.priv + ${ concatMapStringsSep "\n" + (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets } # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix index 51c60032..28d1eef2 100644 --- a/shared/2configs/buildbot-standalone.nix +++ b/shared/2configs/buildbot-standalone.nix @@ -8,6 +8,9 @@ in { }; networking.firewall.allowedTCPPorts = [ 8010 9989 ]; krebs.buildbot.master = { + secrets = [ + "cac.json" + ]; slaves = { testslave = "krebspass"; omo = "krebspass"; @@ -93,9 +96,8 @@ in { # slave needs 2 files: # * cac.json # * retiolum - for file in ["cac.json", "retiolum.rsa_key.priv"]: - s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/{}".format(file), - slavedest=file)) + s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json")) + s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv")) addShell(s, name="infest-cac-centos7",env=env, sigtermTime=60, # SIGTERM 1 minute before SIGKILL |