feat(nixos/clbot): Add a module for running clbot
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa Reviewed-on: https://cl.tvl.fyi/c/depot/+/821 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: BuildkiteCI
This commit is contained in:
		
							parent
							
								
									7839b7b7a3
								
							
						
					
					
						commit
						feb3f1a374
					
				
					 2 changed files with 75 additions and 1 deletions
				
			
		
							
								
								
									
										52
									
								
								ops/nixos/clbot.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								ops/nixos/clbot.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,52 @@ | |||
| # Module that configures CLBot, our Gerrit->IRC info bridge. | ||||
| { config, lib, pkgs, ... }: | ||||
| 
 | ||||
| let | ||||
|   inherit (builtins) concatStringsSep attrValues mapAttrs; | ||||
|   inherit (lib) | ||||
|     mkEnableOption | ||||
|     mkIf | ||||
|     mkOption | ||||
|     types; | ||||
| 
 | ||||
|   description = "CLBot forwards Gerrit notifications to IRC"; | ||||
|   cfg = config.services.depot.clbot; | ||||
| 
 | ||||
|   mkFlags = flags: | ||||
|     concatStringsSep " " | ||||
|       (attrValues (mapAttrs (key: value: "-${key} \"${toString value}\"") flags)); | ||||
| in { | ||||
|   options.services.depot.clbot = { | ||||
|     enable = mkEnableOption description; | ||||
|     flags = mkOption { | ||||
|       type = types.attrsOf types.str; | ||||
|       description = "Key value pairs for command line flags"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   config = mkIf cfg.enable { | ||||
|     # This does not use DynamicUser because we need to make some files | ||||
|     # (notably the SSH private key) readable by this user outside of | ||||
|     # the module. | ||||
|     users = { | ||||
|       groups.clbot = {}; | ||||
| 
 | ||||
|       users.clbot = { | ||||
|         group = "clbot"; | ||||
|         isNormalUser = false; | ||||
|       }; | ||||
|     }; | ||||
| 
 | ||||
|     systemd.services.clbot = { | ||||
|       inherit description; | ||||
|       script = "${config.depot.fun.clbot}/bin/clbot ${mkFlags cfg.flags} -alsologtostderr"; | ||||
|       wantedBy = [ "multi-user.target" ]; | ||||
| 
 | ||||
|       serviceConfig = { | ||||
|         User = "clbot"; | ||||
|         EnvironmentFile = "/etc/secrets/clbot"; | ||||
|         Restart = "always"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | @ -15,10 +15,11 @@ config: let | |||
|   }; | ||||
| in lib.fix(self: { | ||||
|   imports = [ | ||||
|     "${depot.depotPath}/ops/nixos/clbot.nix" | ||||
|     "${depot.depotPath}/ops/nixos/depot.nix" | ||||
|     "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix" | ||||
|     "${depot.depotPath}/ops/nixos/sourcegraph.nix" | ||||
|     "${depot.depotPath}/ops/nixos/smtprelay.nix" | ||||
|     "${depot.depotPath}/ops/nixos/sourcegraph.nix" | ||||
|     "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" | ||||
|     "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix" | ||||
|   ]; | ||||
|  | @ -266,6 +267,27 @@ in lib.fix(self: { | |||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # Start the Gerrit->IRC bot | ||||
|   services.depot.clbot = { | ||||
|     enable = true; | ||||
| 
 | ||||
|     # Almost all configuration values are already correct (well, duh), | ||||
|     # see //fun/clbot for details. | ||||
|     flags = { | ||||
|       gerrit_host = "localhost:29418"; | ||||
|       gerrit_ssh_auth_username = "clbot"; | ||||
|       gerrit_ssh_auth_key = "/etc/secrets/clbot-key"; | ||||
|       irc_server = "qwerty.zxcvbnm.ninja:6697"; | ||||
| 
 | ||||
|       notify_branches = "canon,refs/meta/config"; | ||||
|       notify_repo = "depot"; | ||||
| 
 | ||||
|       # This secret is read from an environment variable, which is | ||||
|       # populated from /etc/secrets/clbot | ||||
|       irc_pass = "$CLBOT_PASS"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # serve my website(s) | ||||
|   services.nginx = { | ||||
|     enable = true; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue