03d1986316
The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
52 lines
1.5 KiB
Nix
52 lines
1.5 KiB
Nix
# Configuration for the Gerrit autosubmit bot (//third_party/gerrit-queue)
|
|
{ depot, pkgs, config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.services.depot.gerrit-queue;
|
|
description = "gerrit-queue - autosubmit bot for Gerrit";
|
|
mkStringOption = default: lib.mkOption {
|
|
inherit default;
|
|
type = lib.types.str;
|
|
};
|
|
in
|
|
{
|
|
options.services.depot.gerrit-queue = {
|
|
enable = lib.mkEnableOption description;
|
|
gerritUrl = mkStringOption "https://cl.tvl.fyi";
|
|
gerritProject = mkStringOption "depot";
|
|
gerritBranch = mkStringOption "canon";
|
|
|
|
interval = with lib; mkOption {
|
|
type = types.int;
|
|
default = 60;
|
|
description = "Interval (in seconds) for submit queue checks";
|
|
};
|
|
|
|
secretsFile = with lib; mkOption {
|
|
description = "Path to a systemd EnvironmentFile containing secrets";
|
|
default = config.age.secretsDir + "/gerrit-queue";
|
|
type = types.str;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.gerrit-queue = {
|
|
inherit description;
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
ExecStart = "${depot.third_party.gerrit-queue}/bin/gerrit-queue";
|
|
DynamicUser = true;
|
|
Restart = "always";
|
|
EnvironmentFile = cfg.secretsFile;
|
|
};
|
|
|
|
environment = {
|
|
GERRIT_URL = cfg.gerritUrl;
|
|
GERRIT_PROJECT = cfg.gerritProject;
|
|
GERRIT_BRANCH = cfg.gerritBranch;
|
|
SUBMIT_QUEUE_TRIGGER_INTERVAL = toString cfg.interval;
|
|
};
|
|
};
|
|
};
|
|
}
|