nix-scripts/nixbld-etc-nixos/hydra-www-outputs.nix

95 lines
2.7 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let
hookPkg =
{ stdenv, makeWrapper, bash, coreutils, jq }:
stdenv.mkDerivation rec {
name = "hydra-www-hook";
src = ./.;
buildInputs = [ makeWrapper ];
propagatedBuildInputs = [ bash coreutils jq ];
phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
installPhase = ''
mkdir -p $out/bin/
cp hydra-www-hook.sh $out/bin/
wrapProgram $out/bin/hydra-www-hook.sh \
--prefix PATH : ${makeBinPath propagatedBuildInputs}
'';
};
hook = pkgs.callPackage hookPkg {};
hydraWwwOutputs = "/var/www/hydra-outputs";
cfg = config.services.hydraWwwOutputs;
in
{
options.services.hydraWwwOutputs = mkOption {
type = with types; attrsOf (attrsOf (submodule {
options = {
job = mkOption {
type = string;
};
httpPath = mkOption {
type = string;
};
outputPath = mkOption {
type = string;
};
};
}));
};
config.services.hydra = {
extraConfig = builtins.concatStringsSep "\n"
(builtins.concatMap (vhost:
builtins.attrValues (
builtins.mapAttrs (name: cfg: ''
<runcommand>
job = ${cfg.job}
command = ${hook}/bin/hydra-www-hook.sh ${hydraWwwOutputs}/${name}.conf ${cfg.httpPath} ${cfg.outputPath}
</runcommand>
'') cfg.${vhost}
)) (builtins.attrNames cfg)
);
};
config.systemd.services.hydra-www-outputs-init = {
description = "Set up a hydra-owned directory for build outputs";
wantedBy = [ "multi-user.target" ];
requiredBy = [ "hydra-queue-runner.service" ];
before = [ "hydra-queue-runner.service" "nginx.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [
"${pkgs.coreutils}/bin/mkdir -p ${hydraWwwOutputs}"
] ++
(builtins.concatMap (vhost:
map (name:
"${pkgs.coreutils}/bin/touch ${hydraWwwOutputs}/${name}.conf"
) (builtins.attrNames cfg.${vhost})
) (builtins.attrNames cfg)) ++ [
"${pkgs.coreutils}/bin/chown -R hydra-queue-runner:hydra ${hydraWwwOutputs}"
];
};
};
# Allow the hook to reload nginx
config.security.sudo.extraRules = [ {
users = [ "hydra-queue-runner" ];
commands = [ {
command = "${config.systemd.package}/bin/systemctl reload nginx";
options = [ "NOPASSWD" ];
} ];
} ];
config.services.nginx = {
virtualHosts = builtins.mapAttrs (vhost: cfg': {
extraConfig = builtins.concatStringsSep "\n" (
map (name:
"include ${hydraWwwOutputs}/${name}.conf;"
) (builtins.attrNames cfg')
);
}) cfg;
};
}