-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathdefault.nix
123 lines (121 loc) · 3.83 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
{
config,
nixpkgs,
...
}: let
baseConfig = {
autoStart = false;
bindMounts."/secrets/buildkite-token" = {
hostPath = "${config.secrets.path}/buildkite-token";
};
bindMounts."/data/nixpkgs" = {
hostPath = "/data/nixpkgs";
};
config = {
nix.extraOptions = ''
extra-experimental-features = nix-command flakes
'';
nix.settings.cores = 1;
nix.settings.max-jobs = 1;
nix.settings.substituters = config.nix.settings.substituters;
nix.settings.trusted-public-keys = config.nix.settings.trusted-public-keys;
nix.package = config.nix.package;
services.buildkite-agents.default = {
extraConfig = ''
no-git-submodules = true
'';
hooks.environment = ''
export PAGER=
'';
runtimePackages = [
nixpkgs.bash
nixpkgs.cachix
nixpkgs.direnv
nixpkgs.git
nixpkgs.gnugrep
nixpkgs.gnutar
nixpkgs.gzip
(nixpkgs.writeShellScriptBin "nix-env" ''
exec ${config.nix.package}/bin/nix-env "$@"
'')
(nixpkgs.writeShellScriptBin "nix-store" ''
exec ${config.nix.package}/bin/nix-store "$@"
'')
(nixpkgs.writeShellScriptBin "nix" ''
exec ${config.nix.package}/bin/nix --print-build-logs "$@"
'')
];
shell = "${nixpkgs.bash}/bin/bash -euo pipefail -c";
tokenPath = "/secrets/buildkite-token";
};
};
ephemeral = true;
};
in {
containers.buildkite-public =
nixpkgs.lib.attrsets.recursiveUpdate
baseConfig
{};
containers.buildkite-private =
nixpkgs.lib.attrsets.recursiveUpdate
baseConfig
{
bindMounts."/secrets/cachix-auth-token-alejandra" = {
hostPath = "${config.secrets.path}/cachix-auth-token-alejandra";
};
bindMounts."/secrets/coveralls-kamadorueda-alejandra" = {
hostPath = "${config.secrets.path}/coveralls-kamadorueda-alejandra";
};
bindMounts."/secrets/coveralls-kamadorueda-nixel" = {
hostPath = "${config.secrets.path}/coveralls-kamadorueda-nixel";
};
bindMounts."/secrets/coveralls-kamadorueda-santiago" = {
hostPath = "${config.secrets.path}/coveralls-kamadorueda-santiago";
};
bindMounts."/secrets/coveralls-kamadorueda-toros" = {
hostPath = "${config.secrets.path}/coveralls-kamadorueda-toros";
};
config.services.buildkite-agents.default = {
hooks.environment = ''
export PAGER=
case "$BUILDKITE_PIPELINE_NAME" in
alejandra)
case "$BUILDKITE_BRANCH" in
main)
CACHIX_AUTH_TOKEN="$(cat /secrets/cachix-auth-token-alejandra)"
export CACHIX_AUTH_TOKEN
COVERALLS_REPO_TOKEN="$(cat /secrets/coveralls-kamadorueda-alejandra)"
export COVERALLS_REPO_TOKEN
;;
esac
;;
nixel)
case "$BUILDKITE_BRANCH" in
main)
COVERALLS_REPO_TOKEN="$(cat /secrets/coveralls-kamadorueda-nixel)"
export COVERALLS_REPO_TOKEN
;;
esac
;;
santiago)
case "$BUILDKITE_BRANCH" in
main)
COVERALLS_REPO_TOKEN="$(cat /secrets/coveralls-kamadorueda-santiago)"
export COVERALLS_REPO_TOKEN
;;
esac
;;
toros)
case "$BUILDKITE_BRANCH" in
main)
COVERALLS_REPO_TOKEN="$(cat /secrets/coveralls-kamadorueda-toros)"
export COVERALLS_REPO_TOKEN
;;
esac
;;
esac
'';
tags.queue = "private";
};
};
}