diff --git a/.sops.yaml b/.sops.yaml
index 61a7c52..ddf38d5 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -80,24 +80,6 @@ creation_rules:
- *zimbatm
- *zowoq
- *adisbladis
- - path_regex: modules/nixos/buildbot-master/.+\.yaml$
- key_groups:
- - age:
- - *build03
- - *mic92
- - *ryantm
- - *zimbatm
- - *zowoq
- - *adisbladis
- - path_regex: modules/nixos/buildbot-worker/.+\.yaml$
- key_groups:
- - age:
- - *build03
- - *mic92
- - *ryantm
- - *zimbatm
- - *zowoq
- - *adisbladis
- path_regex: modules/nixos/hercules-ci/.+\.yaml$
key_groups:
- age:
diff --git a/flake.nix b/flake.nix
index d7b3eca..96a10a9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -154,8 +154,7 @@
flake.nixosModules = {
common = ./modules/nixos/common;
- buildbot-master = ./modules/nixos/buildbot-master;
- buildbot-worker = ./modules/nixos/buildbot-worker;
+ buildbot = ./modules/nixos/buildbot.nix;
builder = ./modules/nixos/builder.nix;
community-builder = ./modules/nixos/community-builder;
github-org-backup = ./modules/nixos/github-org-backup.nix;
diff --git a/hosts/build03/configuration.nix b/hosts/build03/configuration.nix
index 00e33f9..02f0ff6 100644
--- a/hosts/build03/configuration.nix
+++ b/hosts/build03/configuration.nix
@@ -13,8 +13,7 @@
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
inputs.self.nixosModules.common
- inputs.self.nixosModules.buildbot-master
- inputs.self.nixosModules.buildbot-worker
+ inputs.self.nixosModules.buildbot
inputs.self.nixosModules.builder
inputs.self.nixosModules.hercules-ci
inputs.self.nixosModules.watch-store
diff --git a/hosts/build03/secrets.yaml b/hosts/build03/secrets.yaml
index 8ce42c0..399a26a 100644
--- a/hosts/build03/secrets.yaml
+++ b/hosts/build03/secrets.yaml
@@ -4,7 +4,13 @@ hydra-admin-password: ENC[AES256_GCM,data:t0vmchbXXIAzvM2nxm4j16N9W67yWRb439M=,i
nur-update-github-token: ENC[AES256_GCM,data:KIZCx9IeuBHZei2V13iiyHzCedhkkGEd08mVJEc6F0DWQn1wtzC7+w==,iv:pNVRj/RR7wj64g640F7Vo4H10ijsxnrfFQnt6YHBug4=,tag:UlvOMNB5JZbuJaD9TcJ2UQ==,type:str]
hydra-users: ENC[AES256_GCM,data:askAB+a3bsFvue/j9i6sYSwgOQl+rL+uh+1+z+xizzBOWdTZcvRh5uFHTkg7MV/E7tG7eRByQ7b+v/onJ4+l3rGJJ6qsWtLLLizC1rusngsAXyI9jt66eqpsyacN5kw8cKILjGearptrhUZDWdKpbaHII6fwUbWbjyV5fpoQzNmI4VELWEQMZ50yECfAfCLHx9iTdoMJHPXzhqwvAZ+TbX6TsyqbDrrNauYWNUBhCK7E2tDYAQqOGhxnQWI+gQs=,iv:Baqyd/WfloMuXTiICD2dlvENst8G6YU9rSHdRkTECkU=,tag:z4j5dYcba3aZTyWu5wvkzw==,type:str]
hetzner-borgbackup-ssh: ENC[AES256_GCM,data:ZNrQp36c3EuERlAYez6SHTLbHK7ZmLNqDpAffTTQARL2zpnjpw1wJQJdm6d6Un1wTjYmHMJ/f1jCKgn389FGiZJwxSLUL4Ko2n5HffBTjZwTeqE1y4XFe6qvAY/LYBmD728ZWOsSWPvoVZOm1dG7LsxxwUZWk2VyDtvODuJBInn19Dn7Tw5VqPjJMJAp5CfAaW8ilEPpdeG0JQfkJkBQj0+pMlpI1EIVDvdZai5fesweUWeaajrPnIjrBbqdFvd8eG9qrTehLM7FvpnT2qllfsCOeQf/KTPEw16I6eGFFm22iPblJgHFPzpu1a2Lvwn+8HcwqSMlGI9poOeV5RwXqBhFX9vozlN8G82csAnehiZmLktyYin1kYF3nfOXFqH9fKxbvXn/1hxQP//GDeoaNlepa/K/w51pj1mgbIXIb5g/PKsHaC7Rv3iDMcYW977+lobA4WnxfWhjA6k/iBb1unkSKbrZs+iHglpOKueAq9g6HO5fJ299eY2+GcmsPU3QKm4W,iv:550mzEValpqVruLQBMMJeJHVyYfaxNHwCvXkvz66qI0=,tag:k48T+9AtJs8GTVchyEP8Jw==,type:str]
-watch-store-token: ENC[AES256_GCM,data:VBEj9g5R/aa3hTDcKl8HRxJOOgl4B+0uyPMRhnrPth6LD7r5tpq4ckPHXqo87kekXMGoMIVeGYaM+E1iOLhnqOUOeOoSs+6NnnrUg2+nHR2gC2xAGZpxc/ntZ5g5DVDi0iw7jzxdd3X5OAru5mi/mDRXOAdeT+jtwLwqBEZ5dHMBRI/gGs2wRVIY0XUG5EQW/M1AYpanRat/jfmWJjuZvlT3MEA=,iv:AP66pQJiP8wl10F3vhwpdRcVKm8PP6U8T0POXa1fFio=,tag:WdI6TgV5D1ZJolOazFV1Ew==,type:str]
+cachix-auth-token: ENC[AES256_GCM,data:LJwxCrkiiHX5iKfxJ3yFQIaBCevFqQnkJpfs5fe7ntmie185liz2Tp+b9IcC091YDbAa/fV8ZBzC8I6T5Kf57fk1ZxaRcqRkZ0a+BXTYUUteLQkC9ECxbkk4CCsZK6vVvdx4509lezQ1TrJnoQ+7YRuH0mI2J5WTxJO9s/1rs43rMTD0AOuXRDbTblu5r5pILxWVBwT6xCVGv5k4V3kiEoQSvg==,iv:8CWE6WIs7s+eTQ+OUbSsUScO4bjzKpyMdHUxUwVUYIw=,tag:jhyDfHxfzMhVb8fPdD41rw==,type:str]
+cachix-name: ENC[AES256_GCM,data:DhzIMyT+B9wvMoK9Iw==,iv:5pnXyQosbF/HFmbDFmfSaz4XWkfiA0/ccfe/yw4LvbM=,tag:E7+u/+aEK83cYygk88ZYOw==,type:str]
+buildbot-github-oauth-secret: ENC[AES256_GCM,data:XDEbK5ahb5qiDdmq2gOyIch/NDFK/qjA6gX3rQ0XZthshiO3OfpAng==,iv:ze2R9Laji2FR1qp3LkeRPfKC0ebH0fF4ZTQ4mLVliUs=,tag:eT0jpnj2v7q3L6vyVLAeeQ==,type:str]
+buildbot-github-token: ENC[AES256_GCM,data:t62X1d2Uw62YwmJnENSS629OrVRT9D2zpkZeF9UR144KZNZ01TxSWA==,iv:Lv3ryF1U5zUQreH9LZa60LZ4sgxVFIR0jd4+VELSkMg=,tag:EyKdmC9goF4UZeUKBDeAzA==,type:str]
+buildbot-github-webhook-secret: ENC[AES256_GCM,data:AtUFcOjLivJt8np5451Wfol5s48R4vW5gJPisT+hMD7dFAvucKriQEY+mcAMqL1X6w==,iv:oBKj9XXu/4mkeH+3KkMlWSx8GnMoXwBugNuG8Uu3XtU=,tag:8cBZVE7TOJf3QEqxfsuF8g==,type:str]
+buildbot-nix-workers: ENC[AES256_GCM,data:taoOzkDugI8zilAAkYjIUPEpE4BK7zQulImKblwDmygGRMYw9y3N6gwxcVOeAu1BusGkFStnMa+6DQz555H00rS8YPKwS16ov0XN1ZmrcrbWS12z2/9NUvq/iI+HpLmVoHTTasM=,iv:0brO1MqB19AQZCXubiTvCwX0jN+Arn7YKg6CQ6Urf9g=,tag:FlHif4EBsjeBaSqveBrPTA==,type:str]
+buildbot-nix-worker-password: ENC[AES256_GCM,data:TaMHVzlzuAHfTBAyqG5JJFwpG2We+wlXva3YJnNkO9KSX9PIhnRHVES72jO63AkhvfBVEg==,iv:rTpaiCYcedcsy115BEDep68Mehb6knes7OxvBrEOrUQ=,tag:dD4Hg4oR3SfpYdP1e8V2jA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -65,8 +71,8 @@ sops:
WUZQSGQyQy9halJsRTIvb1FGV08zZEEKmjlYY6epTuZKRBcVyjPvJI5XKQtP5Yag
FMrI+M6hUeyBeCade5C+Y4eGQbt57BWLmsX7u0J1WTlkUSS5j7+wPg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-11-16T06:27:48Z"
- mac: ENC[AES256_GCM,data:rObEhY3ArAQJjoYkejy3g9AOMHz0ophqG7nfOfZgUnejLmsNqxVlq9tIZCTEOXHT9QbDi34jTEobQLVdqCPX2wL7A4dx/cfDKNEtei8vKm1xAOeGl6gnyCyONQwP7Nqd1rtZCy6lS8ePa8Lyrc6wRL/giDM2yOcV+XR/aH4Jch4=,iv:Y2zYk9K1EGM7cwHNSOdY+OoooWjNfUiUWHKRJ+h8QHA=,tag:Oyjs1hEG4HzI76z2GA73Mg==,type:str]
+ lastmodified: "2023-11-20T23:33:43Z"
+ mac: ENC[AES256_GCM,data:zTFyPd6ev6JgUnjLM1xLbuxodoKlvUPgf68byRkY8Z6jfdETjJXMzvLYdwOxXvU282iAZYzLiQjdoIeUE0nc3UvakaVUqEP0e91MNmBfHyFyvjjeDGX5n3WSbPJOX1BzuQIOsagqY8fewJAY90dCSRTiWrtnnJ/SkVoQJVyCxEw=,iv:VUMfGZ9ihMkd6R6SFJ1ECLJezTyKgb+DL8eN9DnSs8w=,tag:YsDp2l3K0g/ZdL7t9XvNJQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
diff --git a/modules/nixos/buildbot-master/secrets.yaml b/modules/nixos/buildbot-master/secrets.yaml
deleted file mode 100644
index 2e0c2f2..0000000
--- a/modules/nixos/buildbot-master/secrets.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-github-oauth-secret: ENC[AES256_GCM,data:/yz5IXVGItgBrJ0ISA9hfWojXo/GlW16hmGiWFxY7fnzIYL3q47Raw==,iv:B8u0ezCiquMqnO1V5Z9hz/MGZRtXF6mRa/24ffFBzAI=,tag:soVcm+N5tu00gHm9nCGnvw==,type:str]
-github-token: ENC[AES256_GCM,data:vzHJ31K+/JkfSMe+SJ1dq74CQNSZYPOFe7rf8nuhupGIFGSwhvtOYA==,iv:viPK9T6MMUcnRDDi7PiJ1oYQJ3S3qmVv6b2m6Tsz9H4=,tag:B6dYki6Qz29eGQ84WZHFcQ==,type:str]
-github-webhook-secret: ENC[AES256_GCM,data:KXJurFMX0cG1UDYb+ecvmEnHoN9ojWd4QToZAqwGW080LMZlq89Z221Pk+MYK5h61w==,iv:b7JJi8tqmwdnB8c4iepzGH51iBnj0WRbjYTsPNpt5F4=,tag:/9f7RL+dW7JJjs6CXqqcQw==,type:str]
-nix-workers: ENC[AES256_GCM,data:3lkpS+zOOAvdotdVnC4xwgcbqMST/zRuaiDYd4Q3+LK6j/XUAbCJhrAM+0GcrZhrmKWpioIEfWD7YMQQfyXRZ/5Voyo9Q9uSRbazCOSRD88yCTaTKt6zLytYJm+Y6hBgfCBDWyM=,iv:Jwg0QwojQbxiN5bycq1xvEr+3dSijP5zvy9UtLsDyqw=,tag:j3qG+sV97zQKwdTiJ2ZUKw==,type:str]
-cachix-auth-token: ENC[AES256_GCM,data:I7AmKu+19oOuos7VvmfmMpOJR8pP/E046Ndy4l30oIJRprH75Zs41h/7k2MTPj41IAdKqPtwUR+cc40eb3z5auoOEPKJZjUWjXYAKOPR7Mn5wampEQ7WR20m7+iLD0DB445hyaPQHd5sYh7OWjl6C7RtqveM5nT9UujJuF7oL4FBQvvw7Ojm78e4zqvo9y1z0s1ewd832+lImPCTR8byrSUIrA==,iv:YwvVELf4/xFsDsrISrDzPaAb9Ogm/0KTV87i6P4YUts=,tag:5s8AqPNcoyTzSW4xvmJslg==,type:str]
-cachix-name: ENC[AES256_GCM,data:2AJ6BLlxOVGLTalrMw==,iv:n9PhB6yHcDoHQt0Zk/UeY9gpTqhDTQOHWq/TS3GaalY=,tag:DXu+BvGjMPO3pcMNp8XVwQ==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxY3g4YVJsdVU1TWtrQlpG
- VVhjWVptcGJaZHVoV05xQkVOaVdmU3FNTGlBCjZRWXp4NjNncW9FcE5vcnVrVHZm
- Q2xmRlJ4RDFBejdDWWsySkpub1ZGQmsKLS0tIG0yMmRtTFhMblpmUVVzaWtWMjRj
- ZnBjRStKbnlzQUgwbkpadjVPS1RqNjAKoV+zf1GNzr8K3+849KHZulrWvZKTd1xi
- PymU5Yxo7W8H6L6EtlmRvpFhbfGk0oBlWvFdY06jreE5ganofsougw==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Q2VqM2tGa3BjSjUvd2xh
- WGpHZFFiT3llZ2orVHVxUTFPaURuWEtXL0hZCjNwanl5RFB2dTJXUjR3Ylordkwz
- SVlHRDI5V1hnaE90ZUxFb3NmMlhlcDQKLS0tIDVFUldoNC94K25IM0YweE5qQTZG
- UERPempUcDQ3R256K2dvdzlaQjFXcDgKB1rd8yZZCtBq+wzOFxn0HRoGHb3bn8Q4
- vDeZTW2iqnMq7A4Cnxjh2q3JdqRtbx3hsy1yT6bup/NAV0ijCJagDA==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bjBrRW03Y25ZNllnYmxH
- ZlUySUt0d0d0K0VWL29DWGtrRnQ4bFlxZDFJClZ3QUxyVGgxLy8rWklHUGwwZ29L
- QytzYitLU2FiMnRmU0tNS2R4WUJlTUEKLS0tIGtaK3dJenZPYWhwN2JqNFJxM0x6
- cGs4QzdtY0NUekJpemVIbksvZWhhN00K1HM2TnDA4MmM7fWEkH3ZTsT18ijctmx8
- zmmDddgPeh7ykFZZte1NZRrdwOrFDQoNWX3J5/NMh6r+JFvcsmfphQ==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmM3orSC9oUllLMjkxV0hV
- cDhQc3BDUHZFWkw0UVpuNEFHRUQ5TVBBd2hrCmJqU3dNam5QYkJyR0ZaWStKQkZJ
- RUIwVzVVb0gxWjhncmRZR1Q2WGZ6eXcKLS0tIDBrWitacnY3L3R6dmJDU3M4L0tS
- Y1BhaEFEYnorY3hvbXlSVHQ0Y1VvUG8KF/aAnJcFVQpc3AsUC+liR4kCyA21nKLr
- 6lhfFn63Y6wVNyvL7tWlL47FrYlC9A2XQ+/EesbEU/N6aL4f08wUDQ==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSFR5U044WE0xNEtmeUt2
- M2hlV2prRjY4Z3JydVhIVWNxTWxrSWlTUFNJCjc2SjF6dU9lK24xNUcxZzhrbjBB
- VDBFdlowY0JNZmVHd2JGb2hDdXI2b1kKLS0tIFdvdlZHUXcyaHQ5OXBxN1NLYlJo
- ZnFnenRIUVFzbmpIYm9uQmhTbVQxZXcK+75G1gYVywrfnP4HaiQZTf+/wpFyG9dk
- YQ3Dbv3nDs8QPheae1OiDpBr9HpwpirtcHiApUnxUQ5Sp4a1jKkn0Q==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0d1V3Rnd5bVRTWC9tcHpV
- STRtd2NiWFV5YWhscFhWNW11QS9LTnA1RmhNCkR5eGFRVmVoTFJCRG1TN3FRTEZQ
- T0pnZFg2WGN0cVQ3UHhqd014WUtCRE0KLS0tIDVOcGF4ODNrNmdzelRsdm5McnRx
- eFVkODlCM2c5bjY2aGE3ZDF4cXNQZFUKY0lMEJvwSnzLAbBk1vi9IurCCil+7Sxm
- cNdk6vKJloBX7SwjoThrE6Yx+NrTVpFenzCSqU1b8/DZfjZBU9Disw==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-11-03T13:43:29Z"
- mac: ENC[AES256_GCM,data:Gp1yE0nP1ynDC5ZmdD7/hGbGtpyz7NKV4nO5uWsL74n5165o0Yn1U5oMlLs6ua2DrQGQXkQip/0uXIbF4lGfqQEgnjqvRf6VF7WjaRY+U0bP5uF7w6KgyS9U7Cd5rxmNzfbq2/gAqvLvo7bd2waGX/lbGiOEXSavA0UNUCukhgU=,iv:G9YYOBo3cdJqawDqxR4qnjjq3YIfyvOb3q85hnZ/57Q=,tag:8UXmHk3kTVZ1j9h2OwSqLw==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.8.1
diff --git a/modules/nixos/buildbot-worker/default.nix b/modules/nixos/buildbot-worker/default.nix
deleted file mode 100644
index 30123fd..0000000
--- a/modules/nixos/buildbot-worker/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, inputs, ... }:
-{
- imports = [
- inputs.buildbot-nix.nixosModules.buildbot-worker
- ];
-
- sops.secrets.nix-worker-password.sopsFile = ./secrets.yaml;
-
- services.buildbot-nix.worker = {
- enable = true;
- workerPasswordFile = config.sops.secrets.nix-worker-password.path;
- };
-}
diff --git a/modules/nixos/buildbot-worker/secrets.yaml b/modules/nixos/buildbot-worker/secrets.yaml
deleted file mode 100644
index 64fa835..0000000
--- a/modules/nixos/buildbot-worker/secrets.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-nix-worker-password: ENC[AES256_GCM,data:xyhJOiM8n6QeXkVX0AVbINwomkrbWQo/o/frsS1YDzO8LuWFJklcML7h6cvQ2TP0veioSQ==,iv:ncjF03HGejeeWVdi0WYcmyvfQqhBvg9POWKA0VYKChM=,tag:hO40gcVi9OTAsrzQqjQz2Q==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQi9ScWJFRkZheWtoRW1y
- VjJibmVuWWpmS3loS0M1dE9uZjBuQnZTa1NjCmx4ME9WUCtsL0Z3bTEvNEVVSlho
- UjJ1YnFDTlRiOVVzWEw5L2ovYWxIM2sKLS0tIDhKcVRnaFl5ZUU0UWZ5VEhYNS9R
- ZmxWbm5wUUk2d2wvN2ZlZkVhUXVoKzgKho7Dfk0PyOCkKaDV2O7rNZpDhEd/KhfB
- n/mGfIcfAPacSA3GitipaNvZvmwgZ/02hec8zvrKNCH7zA5O9SHAGg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRTUrWVF4S3REWFhWalBz
- R21GazlTRk93NnA3QVdDUVd2L3RsK0lSU3pzCm54Q0NtZG0zdzhXZ0tZU2JFQnd5
- VExpQUg0aGZXKytZMzJHVkc3N0trclEKLS0tIHRvbWkzTWRrVzVUUFNUT3UxT0ox
- MjFTdDFMdEo3Qk1CcnhSN1JKZjNqNVEKCuat4qnUemUijV6i3abvFWRfw44JjoUe
- 4tUmQoPxNVah/mUlZYk6Ny8gg21YCq6BONo0JLHkoxiQ5UCRSxyVHw==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZzdQcnNkekJMaW0xb1Vl
- bml2SGE3aVg4OW51U2xCM3h2UnBzdlFZdVNNCkdVVCtTL0Z4MGo2V09pQUlUZ3lh
- T3B5TkU5WTlyeDJ0aVYveUFiOTU4Z0kKLS0tIFZpc0JRQ2Myc2hzVEs1QWlNaFNB
- RS9EL0d0WTQ3bEM0b01PQ1VhWXpKc1EKhP2NSIIdJDvVMT+0E1yVGc5OMxPDaorx
- H/JHNI4/FCmdjuVLf8IrFXz8J9c7Uzl9tBz78rsfFXqJdNFYRr57gQ==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZFMzUEZZaFh5WlBTZjhR
- L0RNWFJNUUoyZFVuNFc3VFZXVDZWQmhQdlZJCk1QVHhSdXlwSktZOWNKQjd2OStG
- NVlMdzBNbVRpN2V4TDl0RGpnbDNvc1UKLS0tIHd2MC9qYVFYT2RyMHk1WkRiSVdm
- a0o3Z1lUbXpmNVNSckg0NlQzdk5sUncKTMVSmlGSKIj1Sbjbai2QTy/ps2eyDWR8
- sFroWeQyxIVuhCADYhFvMMk2m1tPfqYGhqpNLHTLD5FzW6nhcAKMbg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVU1zMzR5bWt1OTUzejlG
- MmtXZ0ZNWElHOEVYeDdWQzFNcERrRHhMN0R3CjJoSlozaWNrMG1sUlJvSWhMN3lC
- WGpqNGZpcHNxZmpwM3puZVloblVzOXcKLS0tIHg2QmxpeDk3OE9HK0lWQ1BiOEx6
- U1BaZVFXZGhZSkJnZFB2OUs0VStWOW8KoVLv73qIeTyt2Xq+rkHpQ9APgNENaaYX
- AdnJmCSLQyituj01/sGZxI5L69J9BP8C+Kxse/53mqwOCJ6YnYYmgA==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdTByOStOVmVubXZjZ3RM
- MjJQdVU3b2tWRVNFL09uSzhnL3RnZTlJalN3CmR1Z0VXcmZwZW9RUzBTT0hReEtR
- TkJ3ZGVEVjhpN1lMWE85MktGUWI5bUEKLS0tIDlqUTVwQlJqQkNmWlBFVXdDT09r
- dmgzbk1sUExITU5nM3E3Sy9SbmxSclUKf06KTNpWl9kPkGFwPqSEPcUbRcCUVGd9
- 9aQZhqzi4s13Mn1UjDMvBkjfL9o1bQSFEbQKjQpVcUkdsMzurlAtZw==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-10-29T03:08:31Z"
- mac: ENC[AES256_GCM,data:1/1rNQVAu7+sP4I4LbTwFOcBo2p0yKexd+1qz6YtPMtIgmIr61DPCMUSPchnQsP9vzj3qqbdAgqBw9xtDzEDDHdicxFZM9qrNJ+aqUuHVF3KzkyR+qPiC9Bzzb9j/CqSc1zvT4UNZSmGl5xymvO+q+2Sb5rRcC1B3EEC1e1+Klc=,iv:KZdDuTqeY6V5Fjxp8glYRz/iFd5soj5fYCRMTOY/U/c=,tag:PW02PH6PSux8rdNpL31ObA==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.8.1
diff --git a/modules/nixos/buildbot-master/default.nix b/modules/nixos/buildbot.nix
similarity index 55%
rename from modules/nixos/buildbot-master/default.nix
rename to modules/nixos/buildbot.nix
index 21ed61b..f6e98af 100644
--- a/modules/nixos/buildbot-master/default.nix
+++ b/modules/nixos/buildbot.nix
@@ -1,10 +1,8 @@
{ config, inputs, ... }:
-let
- buildbotSecrets.sopsFile = ./secrets.yaml;
-in
{
imports = [
inputs.buildbot-nix.nixosModules.buildbot-master
+ inputs.buildbot-nix.nixosModules.buildbot-worker
];
services.nginx.virtualHosts."buildbot.nix-community.org" = {
@@ -16,10 +14,10 @@ in
"http://localhost:8011/metrics"
];
- sops.secrets.github-oauth-secret = buildbotSecrets;
- sops.secrets.github-token = buildbotSecrets;
- sops.secrets.github-webhook-secret = buildbotSecrets;
- sops.secrets.nix-workers = buildbotSecrets;
+ sops.secrets.buildbot-github-oauth-secret = { };
+ sops.secrets.buildbot-github-token = { };
+ sops.secrets.buildbot-github-webhook-secret = { };
+ sops.secrets.buildbot-nix-workers = { };
services.buildbot-nix.master = {
enable = true;
@@ -28,11 +26,11 @@ in
prometheusExporterPort = 8011;
evalMaxMemorySize = "4096";
evalWorkerCount = 8;
- workersFile = config.sops.secrets.nix-workers.path;
+ workersFile = config.sops.secrets.buildbot-nix-workers.path;
github = {
- tokenFile = config.sops.secrets.github-token.path;
- webhookSecretFile = config.sops.secrets.github-webhook-secret.path;
- oauthSecretFile = config.sops.secrets.github-oauth-secret.path;
+ tokenFile = config.sops.secrets.buildbot-github-token.path;
+ webhookSecretFile = config.sops.secrets.buildbot-github-webhook-secret.path;
+ oauthSecretFile = config.sops.secrets.buildbot-github-oauth-secret.path;
oauthId = "9bbd3e8bbfebb197d2ca";
user = "nix-community-buildbot";
admins = [ "adisbladis" "Mic92" "ryantm" "zimbatm" "zowoq" ];
@@ -40,11 +38,18 @@ in
};
};
- sops.secrets.cachix-auth-token = buildbotSecrets;
- sops.secrets.cachix-name = buildbotSecrets;
+ sops.secrets.cachix-auth-token = { };
+ sops.secrets.cachix-name = { };
systemd.services.buildbot-master.serviceConfig.LoadCredential = [
"cachix-auth-token:${config.sops.secrets.cachix-auth-token.path}"
"cachix-name:${config.sops.secrets.cachix-name.path}"
];
+
+ sops.secrets.buildbot-nix-worker-password = { };
+
+ services.buildbot-nix.worker = {
+ enable = true;
+ workerPasswordFile = config.sops.secrets.buildbot-nix-worker-password.path;
+ };
}
diff --git a/modules/nixos/watch-store.nix b/modules/nixos/watch-store.nix
index b1cb0d5..011e2e5 100644
--- a/modules/nixos/watch-store.nix
+++ b/modules/nixos/watch-store.nix
@@ -1,11 +1,11 @@
{ config, ... }:
{
- sops.secrets.watch-store-token = { };
+ sops.secrets.cachix-auth-token = { };
services.cachix-watch-store = {
enable = true;
cacheName = "nix-community";
- cachixTokenFile = config.sops.secrets.watch-store-token.path;
+ cachixTokenFile = config.sops.secrets.cachix-auth-token.path;
};
}