add buildbot

flake.lock

@@ -1,5 +1,31 @@
 {
   "nodes": {
+    "buildbot-nix": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": [
+          "treefmt-nix"
+        ]
+      },
+      "locked": {
+        "lastModified": 1714469730,
+        "narHash": "sha256-jdTHiOGnqo9S4lzSPsGZECUIePrOE0/COCCP4lzBW9A=",
+        "owner": "Mic92",
+        "repo": "buildbot-nix",
+        "rev": "508ceb885636a0a949793f5c7924091b532fa10f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "buildbot-nix",
+        "type": "github"
+      }
+    },
     "clan-core": {
       "inputs": {
         "disko": "disko",
@@ -148,6 +174,7 @@
     },
     "root": {
       "inputs": {
+        "buildbot-nix": "buildbot-nix",
         "clan-core": "clan-core",
         "disko": "disko_2",
         "flake-parts": "flake-parts",

flake.nix

@@ -24,11 +24,16 @@
     # Use the version of nixpkgs that has been tested to work with SrvOS
     srvos.inputs.nixpkgs.follows = "nixpkgs";
 
-    clan-core.url = "git+https://git.clan.lol/clan/clan-core?ref=synapse";
+    clan-core.url = "git+https://git.clan.lol/clan/clan-core?ref=error-handling";
     clan-core.inputs.flake-parts.follows = "flake-parts";
     clan-core.inputs.nixpkgs.follows = "nixpkgs";
     clan-core.inputs.treefmt-nix.follows = "treefmt-nix";
     clan-core.inputs.sops-nix.follows = "sops-nix";
+
+    buildbot-nix.url = "github:Mic92/buildbot-nix";
+    buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
+    buildbot-nix.inputs.flake-parts.follows = "flake-parts";
+    buildbot-nix.inputs.treefmt-nix.follows = "treefmt-nix";
   };
 
   outputs = inputs@{ flake-parts, ... }:

modules/buildbot.nix

@@ -0,0 +1,42 @@
+{ config, ... }:
+{
+  services.buildbot-nix.master = {
+    enable = true;
+    # Domain name under which the buildbot frontend is reachable
+    domain = "buildbot.clan.lol";
+    # The workers file configures credentials for the buildbot workers to connect to the master.
+    # "name" is the configured worker name in services.buildbot-nix.worker.name of a worker
+    # (defaults to the hostname of the machine)
+    # "pass" is the password for the worker configured in `services.buildbot-nix.worker.workerPasswordFile`
+    # "cores" is the number of cpu cores the worker has.
+    # The number must match as otherwise potentially not enought buildbot-workers are created.
+    workersFile = config.sops.secrets.buildbot-workers-file.path;
+
+    gitea = {
+      enable = true;
+      instanceUrl = "https://git.clan.lol";
+      oauthSecretFile = config.sops.secrets.oauth-secret-file.path;
+      oauthId = "adb3425c-490f-4558-9487-8f8940d2925b";
+      topic = "buildbot-clan";
+    };
+
+    # optional nix-eval-jobs settings
+    evalWorkerCount = 10; # limit number of concurrent evaluations
+    evalMaxMemorySize = "4096"; # limit memory usage per evaluation
+  };
+
+  # Optional: Enable acme/TLS in nginx (recommended)
+  services.nginx.virtualHosts.${config.services.buildbot-nix.master.domain} = {
+    forceSSL = true;
+    useACME = true;
+  };
+
+  services.buildbot-nix.worker = {
+    enable = true;
+    workerPasswordFile = config.sops.secrets.buildbot-worker-password-file.path;
+  };
+
+  sops.secrets.oauth-secret-file = { };
+  sops.secrets.workers-file = { };
+  sops.secrets.worker-password-file = { };
+}

modules/flake-module.nix

@@ -15,6 +15,12 @@
       ./initrd-networking.nix
     ];
 
+    buildbot.imports = [
+      inputs.buildbot-nix.nixosModules.master
+      inputs.buildbot-nix.nixosModules.worker
+      ./buildbot.nix
+    ];
+
     web01.imports = [
       self.nixosModules.server
       inputs.srvos.nixosModules.mixins-nginx