diff options
Diffstat (limited to 'nixos/modules/services/continuous-integration')
13 files changed, 228 insertions, 272 deletions
diff --git a/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixos/modules/services/continuous-integration/buildbot/master.nix index 80c6c6abfd0b8..ab1a8076c935a 100644 --- a/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -61,7 +61,7 @@ in { factorySteps = mkOption { type = types.listOf types.str; - description = "Factory Steps"; + description = lib.mdDoc "Factory Steps"; default = []; example = [ "steps.Git(repourl='https://github.com/buildbot/pyflakes.git', mode='incremental')" @@ -71,7 +71,7 @@ in { changeSource = mkOption { type = types.listOf types.str; - description = "List of Change Sources."; + description = lib.mdDoc "List of Change Sources."; default = []; example = [ "changes.GitPoller('https://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" @@ -81,18 +81,18 @@ in { enable = mkOption { type = types.bool; default = false; - description = "Whether to enable the Buildbot continuous integration server."; + description = lib.mdDoc "Whether to enable the Buildbot continuous integration server."; }; extraConfig = mkOption { type = types.str; - description = "Extra configuration to append to master.cfg"; + description = lib.mdDoc "Extra configuration to append to master.cfg"; default = "c['buildbotNetUsageData'] = None"; }; masterCfg = mkOption { type = types.path; - description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; + description = lib.mdDoc "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; defaultText = literalDocBook ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; @@ -100,7 +100,7 @@ in { schedulers = mkOption { type = types.listOf types.str; - description = "List of Schedulers."; + description = lib.mdDoc "List of Schedulers."; default = [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" "schedulers.ForceScheduler(name='force',builderNames=['runtests'])" @@ -109,7 +109,7 @@ in { builders = mkOption { type = types.listOf types.str; - description = "List of Builders."; + description = lib.mdDoc "List of Builders."; default = [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; @@ -117,52 +117,52 @@ in { workers = mkOption { type = types.listOf types.str; - description = "List of Workers."; + description = lib.mdDoc "List of Workers."; default = [ "worker.Worker('example-worker', 'pass')" ]; }; reporters = mkOption { default = []; type = types.listOf types.str; - description = "List of reporter objects used to present build status to various users."; + description = lib.mdDoc "List of reporter objects used to present build status to various users."; }; user = mkOption { default = "buildbot"; type = types.str; - description = "User the buildbot server should execute under."; + description = lib.mdDoc "User the buildbot server should execute under."; }; group = mkOption { default = "buildbot"; type = types.str; - description = "Primary group of buildbot user."; + description = lib.mdDoc "Primary group of buildbot user."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = "List of extra groups that the buildbot user should be a part of."; + description = lib.mdDoc "List of extra groups that the buildbot user should be a part of."; }; home = mkOption { default = "/home/buildbot"; type = types.path; - description = "Buildbot home directory."; + description = lib.mdDoc "Buildbot home directory."; }; buildbotDir = mkOption { default = "${cfg.home}/master"; defaultText = literalExpression ''"''${config.${opt.home}}/master"''; type = types.path; - description = "Specifies the Buildbot directory."; + description = lib.mdDoc "Specifies the Buildbot directory."; }; pbPort = mkOption { default = 9989; type = types.either types.str types.int; example = "'tcp:9990:interface=127.0.0.1'"; - description = '' + description = lib.mdDoc '' The buildmaster will listen on a TCP port of your choosing for connections from workers. It can also use this port for connections from remote Change Sources, @@ -170,51 +170,51 @@ in { This port should be visible to the outside world, and you’ll need to tell your worker admins about your choice. If put in (single) quotes, this can also be used as a connection string, - as defined in the <link xlink:href="https://twistedmatrix.com/documents/current/core/howto/endpoints.html">ConnectionStrings guide</link>. + as defined in the [ConnectionStrings guide](https://twistedmatrix.com/documents/current/core/howto/endpoints.html). ''; }; listenAddress = mkOption { default = "0.0.0.0"; type = types.str; - description = "Specifies the bind address on which the buildbot HTTP interface listens."; + description = lib.mdDoc "Specifies the bind address on which the buildbot HTTP interface listens."; }; buildbotUrl = mkOption { default = "http://localhost:8010/"; type = types.str; - description = "Specifies the Buildbot URL."; + description = lib.mdDoc "Specifies the Buildbot URL."; }; title = mkOption { default = "Buildbot"; type = types.str; - description = "Specifies the Buildbot Title."; + description = lib.mdDoc "Specifies the Buildbot Title."; }; titleUrl = mkOption { default = "Buildbot"; type = types.str; - description = "Specifies the Buildbot TitleURL."; + description = lib.mdDoc "Specifies the Buildbot TitleURL."; }; dbUrl = mkOption { default = "sqlite:///state.sqlite"; type = types.str; - description = "Specifies the database connection string."; + description = lib.mdDoc "Specifies the database connection string."; }; port = mkOption { default = 8010; type = types.int; - description = "Specifies port number on which the buildbot HTTP interface listens."; + description = lib.mdDoc "Specifies port number on which the buildbot HTTP interface listens."; }; package = mkOption { type = types.package; default = pkgs.python3Packages.buildbot-full; defaultText = literalExpression "pkgs.python3Packages.buildbot-full"; - description = "Package to use for buildbot."; + description = lib.mdDoc "Package to use for buildbot."; example = literalExpression "pkgs.python3Packages.buildbot"; }; @@ -222,14 +222,14 @@ in { default = [ pkgs.git ]; defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; - description = "Packages to add to PATH for the buildbot process."; + description = lib.mdDoc "Packages to add to PATH for the buildbot process."; }; pythonPackages = mkOption { type = types.functionTo (types.listOf types.package); default = pythonPackages: with pythonPackages; [ ]; defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; - description = "Packages to add the to the PYTHONPATH of the buildbot process."; + description = lib.mdDoc "Packages to add the to the PYTHONPATH of the buildbot process."; example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; diff --git a/nixos/modules/services/continuous-integration/buildbot/worker.nix b/nixos/modules/services/continuous-integration/buildbot/worker.nix index 1d7f53bb6559a..245f685764dc1 100644 --- a/nixos/modules/services/continuous-integration/buildbot/worker.nix +++ b/nixos/modules/services/continuous-integration/buildbot/worker.nix @@ -49,73 +49,73 @@ in { enable = mkOption { type = types.bool; default = false; - description = "Whether to enable the Buildbot Worker."; + description = lib.mdDoc "Whether to enable the Buildbot Worker."; }; user = mkOption { default = "bbworker"; type = types.str; - description = "User the buildbot Worker should execute under."; + description = lib.mdDoc "User the buildbot Worker should execute under."; }; group = mkOption { default = "bbworker"; type = types.str; - description = "Primary group of buildbot Worker user."; + description = lib.mdDoc "Primary group of buildbot Worker user."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = "List of extra groups that the Buildbot Worker user should be a part of."; + description = lib.mdDoc "List of extra groups that the Buildbot Worker user should be a part of."; }; home = mkOption { default = "/home/bbworker"; type = types.path; - description = "Buildbot home directory."; + description = lib.mdDoc "Buildbot home directory."; }; buildbotDir = mkOption { default = "${cfg.home}/worker"; defaultText = literalExpression ''"''${config.${opt.home}}/worker"''; type = types.path; - description = "Specifies the Buildbot directory."; + description = lib.mdDoc "Specifies the Buildbot directory."; }; workerUser = mkOption { default = "example-worker"; type = types.str; - description = "Specifies the Buildbot Worker user."; + description = lib.mdDoc "Specifies the Buildbot Worker user."; }; workerPass = mkOption { default = "pass"; type = types.str; - description = "Specifies the Buildbot Worker password."; + description = lib.mdDoc "Specifies the Buildbot Worker password."; }; workerPassFile = mkOption { type = types.path; - description = "File used to store the Buildbot Worker password"; + description = lib.mdDoc "File used to store the Buildbot Worker password"; }; hostMessage = mkOption { default = null; type = types.nullOr types.str; - description = "Description of this worker"; + description = lib.mdDoc "Description of this worker"; }; adminMessage = mkOption { default = null; type = types.nullOr types.str; - description = "Name of the administrator of this worker"; + description = lib.mdDoc "Name of the administrator of this worker"; }; masterUrl = mkOption { default = "localhost:9989"; type = types.str; - description = "Specifies the Buildbot Worker connection string."; + description = lib.mdDoc "Specifies the Buildbot Worker connection string."; }; keepalive = mkOption { @@ -131,7 +131,7 @@ in { type = types.package; default = pkgs.python3Packages.buildbot-worker; defaultText = literalExpression "pkgs.python3Packages.buildbot-worker"; - description = "Package to use for buildbot worker."; + description = lib.mdDoc "Package to use for buildbot worker."; example = literalExpression "pkgs.python2Packages.buildbot-worker"; }; @@ -139,7 +139,7 @@ in { default = with pkgs; [ git ]; defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; - description = "Packages to add to PATH for the buildbot process."; + description = lib.mdDoc "Packages to add to PATH for the buildbot process."; }; }; }; diff --git a/nixos/modules/services/continuous-integration/buildkite-agents.nix b/nixos/modules/services/continuous-integration/buildkite-agents.nix index 1872567c9f127..cafa40dc6e5f1 100644 --- a/nixos/modules/services/continuous-integration/buildkite-agents.nix +++ b/nixos/modules/services/continuous-integration/buildkite-agents.nix @@ -34,32 +34,32 @@ let enable = mkOption { default = true; type = types.bool; - description = "Whether to enable this buildkite agent"; + description = lib.mdDoc "Whether to enable this buildkite agent"; }; package = mkOption { default = pkgs.buildkite-agent; defaultText = literalExpression "pkgs.buildkite-agent"; - description = "Which buildkite-agent derivation to use"; + description = lib.mdDoc "Which buildkite-agent derivation to use"; type = types.package; }; dataDir = mkOption { default = "/var/lib/buildkite-agent-${name}"; - description = "The workdir for the agent"; + description = lib.mdDoc "The workdir for the agent"; type = types.str; }; runtimePackages = mkOption { default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]; defaultText = literalExpression "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; - description = "Add programs to the buildkite-agent environment"; + description = lib.mdDoc "Add programs to the buildkite-agent environment"; type = types.listOf types.package; }; tokenPath = mkOption { type = types.path; - description = '' + description = lib.mdDoc '' The token from your Buildkite "Agents" page. A run-time path to the token file, which is supposed to be provisioned @@ -70,7 +70,7 @@ let name = mkOption { type = types.str; default = "%hostname-${name}-%n"; - description = '' + description = lib.mdDoc '' The name of the agent as seen in the buildkite dashboard. ''; }; @@ -79,7 +79,7 @@ let type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { queue = "default"; docker = "true"; ruby2 ="true"; }; - description = '' + description = lib.mdDoc '' Tags for the agent. ''; }; @@ -88,7 +88,7 @@ let type = types.lines; default = ""; example = "debug=true"; - description = '' + description = lib.mdDoc '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -100,7 +100,7 @@ let ## don't end up in the Nix store. apply = final: if final == null then null else toString final; - description = '' + description = lib.mdDoc '' OpenSSH private key A run-time path to the key file, which is supposed to be provisioned @@ -169,9 +169,9 @@ let type = types.path; default = hooksDir config; defaultText = literalDocBook "generated from <option>services.buildkite-agents.<name>.hooks</option>"; - description = '' + description = lib.mdDoc '' Path to the directory storing the hooks. - Consider using <option>services.buildkite-agents.<name>.hooks.<name></option> + Consider using {option}`services.buildkite-agents.<name>.hooks.<name>` instead. ''; }; @@ -180,7 +180,7 @@ let type = types.str; default = "${pkgs.bash}/bin/bash -e -c"; defaultText = literalExpression ''"''${pkgs.bash}/bin/bash -e -c"''; - description = '' + description = lib.mdDoc '' Command that buildkite-agent 3 will execute when it spawns a shell. ''; }; diff --git a/nixos/modules/services/continuous-integration/github-runner.nix b/nixos/modules/services/continuous-integration/github-runner.nix index 30dd919b81a38..2da18bbdb3961 100644 --- a/nixos/modules/services/continuous-integration/github-runner.nix +++ b/nixos/modules/services/continuous-integration/github-runner.nix @@ -30,17 +30,17 @@ in url = mkOption { type = types.str; - description = '' + description = lib.mdDoc '' Repository to add the runner to. Changing this option triggers a new runner registration. IMPORTANT: If your token is org-wide (not per repository), you need to provide a github org link, not a single repository, so do it like this - <literal>https://github.com/nixos</literal>, not like this - <literal>https://github.com/nixos/nixpkgs</literal>. - Otherwise, you are going to get a <literal>404 NotFound</literal> - from <literal>POST https://api.github.com/actions/runner-registration</literal> + `https://github.com/nixos`, not like this + `https://github.com/nixos/nixpkgs`. + Otherwise, you are going to get a `404 NotFound` + from `POST https://api.github.com/actions/runner-registration` in the configure script. ''; example = "https://github.com/nixos/nixpkgs"; @@ -48,7 +48,7 @@ in tokenFile = mkOption { type = types.path; - description = '' + description = lib.mdDoc '' The full path to a file which contains the runner registration token. The file should contain exactly one line with the token without any newline. The token can be used to re-register a runner of the same name but is time-limited. @@ -61,7 +61,7 @@ in name = mkOption { # Same pattern as for `networking.hostName` type = types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - description = '' + description = lib.mdDoc '' Name of the runner to configure. Defaults to the hostname. Changing this option triggers a new runner registration. @@ -73,7 +73,7 @@ in runnerGroup = mkOption { type = types.nullOr types.str; - description = '' + description = lib.mdDoc '' Name of the runner group to add this runner to (defaults to the default runner group). Changing this option triggers a new runner registration. @@ -83,8 +83,8 @@ in extraLabels = mkOption { type = types.listOf types.str; - description = '' - Extra labels in addition to the default (<literal>["self-hosted", "Linux", "X64"]</literal>). + description = lib.mdDoc '' + Extra labels in addition to the default (`["self-hosted", "Linux", "X64"]`). Changing this option triggers a new runner registration. ''; @@ -94,7 +94,7 @@ in replace = mkOption { type = types.bool; - description = '' + description = lib.mdDoc '' Replace any existing runner with the same name. Without this flag, registering a new runner with the same name fails. @@ -104,15 +104,15 @@ in extraPackages = mkOption { type = types.listOf types.package; - description = '' - Extra packages to add to <literal>PATH</literal> of the service to make them available to workflows. + description = lib.mdDoc '' + Extra packages to add to `PATH` of the service to make them available to workflows. ''; default = [ ]; }; package = mkOption { type = types.package; - description = '' + description = lib.mdDoc '' Which github-runner derivation to use. ''; default = pkgs.github-runner; @@ -280,7 +280,6 @@ in CapabilityBoundingSet = ""; # ProtectClock= adds DeviceAllow=char-rtc r DeviceAllow = ""; - LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; @@ -300,13 +299,17 @@ in RestrictSUIDSGID = true; UMask = "0066"; ProtectProc = "invisible"; - ProcSubset = "pid"; SystemCallFilter = [ - "~@debug" - "~@mount" - "~@privileged" + "~@clock" "~@cpu-emulation" + "~@module" + "~@mount" "~@obsolete" + "~@raw-io" + "~@reboot" + "~capset" + "~setdomainname" + "~sethostname" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ]; @@ -314,6 +317,17 @@ in PrivateNetwork = false; # Cannot be true due to Node MemoryDenyWriteExecute = false; + + # The more restrictive "pid" option makes `nix` commands in CI emit + # "GC Warning: Couldn't read /proc/stat" + # You may want to set this to "pid" if not using `nix` commands + ProcSubset = "all"; + # Coverage programs for compiled code such as `cargo-tarpaulin` disable + # ASLR (address space layout randomization) which requires the + # `personality` syscall + # You may want to set this to `true` if not using coverage tooling on + # compiled code + LockPersonality = false; }; }; }; diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix index 85ac0fb2a8907..03d3d2d16e3b0 100644 --- a/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -22,6 +22,14 @@ let export CONFIG_FILE=${configPath} mkdir -p $(dirname ${configPath}) + touch ${configPath} + + # update global options + remarshal --if toml --of json ${configPath} \ + | jq -cM 'with_entries(select([.key] | inside(["runners"])))' \ + | jq -scM '.[0] + .[1]' - <(echo ${escapeShellArg (toJSON cfg.settings)}) \ + | remarshal --if json --of toml \ + | sponge ${configPath} # remove no longer existing services gitlab-runner verify --delete @@ -91,22 +99,6 @@ let --name "$NAME" && sleep 1 done - # update global options - remarshal --if toml --of json ${configPath} \ - | jq -cM ${escapeShellArg (concatStringsSep " | " [ - ".check_interval = ${toJSON cfg.checkInterval}" - ".concurrent = ${toJSON cfg.concurrent}" - ".sentry_dsn = ${toJSON cfg.sentryDSN}" - ".listen_address = ${toJSON cfg.prometheusListenAddress}" - ".session_server.listen_address = ${toJSON cfg.sessionServer.listenAddress}" - ".session_server.advertise_address = ${toJSON cfg.sessionServer.advertiseAddress}" - ".session_server.session_timeout = ${toJSON cfg.sessionServer.sessionTimeout}" - "del(.[] | nulls)" - "del(.session_server[] | nulls)" - ])} \ - | remarshal --if json --of toml \ - | sponge ${configPath} - # make config file readable by service chown -R --reference=$HOME $(dirname ${configPath}) ''); @@ -133,85 +125,15 @@ in for settings not covered by this module. ''; }; - checkInterval = mkOption { - type = types.int; - default = 0; - example = literalExpression "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3"; - description = '' - Defines the interval length, in seconds, between new jobs check. - The default value is 3; - if set to 0 or lower, the default value will be used. - See <link xlink:href="https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works">runner documentation</link> for more information. - ''; - }; - concurrent = mkOption { - type = types.int; - default = 1; - example = literalExpression "config.nix.settings.max-jobs"; - description = '' - Limits how many jobs globally can be run concurrently. - The most upper limit of jobs using all defined runners. - 0 does not mean unlimited. - ''; - }; - sentryDSN = mkOption { - type = types.nullOr types.str; - default = null; - example = "https://public:private@host:port/1"; - description = '' - Data Source Name for tracking of all system level errors to Sentry. - ''; - }; - prometheusListenAddress = mkOption { - type = types.nullOr types.str; - default = null; - example = "localhost:8080"; - description = '' - Address (<host>:<port>) on which the Prometheus metrics HTTP server - should be listening. - ''; - }; - sessionServer = mkOption { + settings = mkOption { type = types.submodule { - options = { - listenAddress = mkOption { - type = types.nullOr types.str; - default = null; - example = "0.0.0.0:8093"; - description = '' - An internal URL to be used for the session server. - ''; - }; - advertiseAddress = mkOption { - type = types.nullOr types.str; - default = null; - example = "runner-host-name.tld:8093"; - description = '' - The URL that the Runner will expose to GitLab to be used - to access the session server. - Fallbacks to <option>listenAddress</option> if not defined. - ''; - }; - sessionTimeout = mkOption { - type = types.int; - default = 1800; - description = '' - How long in seconds the session can stay active after - the job completes (which will block the job from finishing). - ''; - }; - }; + freeformType = (pkgs.formats.json { }).type; }; default = { }; - example = literalExpression '' - { - listenAddress = "0.0.0.0:8093"; - } - ''; description = '' - The session server allows the user to interact with jobs - that the Runner is responsible for. A good example of this is the - <link xlink:href="https://docs.gitlab.com/ee/ci/interactive_web_terminal/index.html">interactive web terminal</link>. + Global gitlab-runner configuration. See + <link xlink:href="https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section"/> + for supported values. ''; }; gracefulTermination = mkOption { @@ -535,8 +457,8 @@ in config = mkIf cfg.enable { warnings = (mapAttrsToList (n: v: "services.gitlab-runner.services.${n}.`registrationConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.") - (filterAttrs (n: v: isStorePath v.registrationConfigFile) cfg.services)) - ++ optional (cfg.configFile != null) "services.gitlab-runner.`configFile` is deprecated, please use services.gitlab-runner.`services`."; + (filterAttrs (n: v: isStorePath v.registrationConfigFile) cfg.services)); + environment.systemPackages = [ cfg.package ]; systemd.services.gitlab-runner = { description = "Gitlab Runner"; @@ -584,5 +506,14 @@ in (mkRenamedOptionModule [ "services" "gitlab-runner" "packages" ] [ "services" "gitlab-runner" "extraPackages" ] ) (mkRemovedOptionModule [ "services" "gitlab-runner" "configOptions" ] "Use services.gitlab-runner.services option instead" ) (mkRemovedOptionModule [ "services" "gitlab-runner" "workDir" ] "You should move contents of workDir (if any) to /var/lib/gitlab-runner" ) + + (mkRenamedOptionModule [ "services" "gitlab-runner" "checkInterval" ] [ "services" "gitlab-runner" "settings" "check_interval" ] ) + (mkRenamedOptionModule [ "services" "gitlab-runner" "concurrent" ] [ "services" "gitlab-runner" "settings" "concurrent" ] ) + (mkRenamedOptionModule [ "services" "gitlab-runner" "sentryDSN" ] [ "services" "gitlab-runner" "settings" "sentry_dsn" ] ) + (mkRenamedOptionModule [ "services" "gitlab-runner" "prometheusListenAddress" ] [ "services" "gitlab-runner" "settings" "listen_address" ] ) + + (mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "listenAddress" ] [ "services" "gitlab-runner" "settings" "session_server" "listen_address" ] ) + (mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "advertiseAddress" ] [ "services" "gitlab-runner" "settings" "session_server" "advertise_address" ] ) + (mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "sessionTimeout" ] [ "services" "gitlab-runner" "settings" "session_server" "session_timeout" ] ) ]; } diff --git a/nixos/modules/services/continuous-integration/gocd-agent/default.nix b/nixos/modules/services/continuous-integration/gocd-agent/default.nix index c63998c6736a6..c9e22dff15270 100644 --- a/nixos/modules/services/continuous-integration/gocd-agent/default.nix +++ b/nixos/modules/services/continuous-integration/gocd-agent/default.nix @@ -13,7 +13,7 @@ in { user = mkOption { default = "gocd-agent"; type = types.str; - description = '' + description = lib.mdDoc '' User the Go.CD agent should execute under. ''; }; @@ -21,7 +21,7 @@ in { group = mkOption { default = "gocd-agent"; type = types.str; - description = '' + description = lib.mdDoc '' If the default user "gocd-agent" is configured then this is the primary group of that user. ''; @@ -31,7 +31,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "wheel" "docker" ]; - description = '' + description = lib.mdDoc '' List of extra groups that the "gocd-agent" user should be a part of. ''; }; @@ -40,7 +40,7 @@ in { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = '' + description = lib.mdDoc '' Packages to add to PATH for the Go.CD agent process. ''; }; @@ -53,7 +53,7 @@ in { agent.auto.register.environments=QA,Performance agent.auto.register.hostname=Agent01 ''; - description = '' + description = lib.mdDoc '' Agent registration configuration. ''; }; @@ -61,7 +61,7 @@ in { goServer = mkOption { default = "https://127.0.0.1:8154/go"; type = types.str; - description = '' + description = lib.mdDoc '' URL of the GoCD Server to attach the Go.CD Agent to. ''; }; @@ -69,7 +69,7 @@ in { workDir = mkOption { default = "/var/lib/go-agent"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the working directory in which the Go.CD agent java archive resides. ''; }; @@ -77,7 +77,7 @@ in { initialJavaHeapSize = mkOption { default = "128m"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the initial java heap memory size for the Go.CD agent java process. ''; }; @@ -85,7 +85,7 @@ in { maxJavaHeapMemory = mkOption { default = "256m"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the java maximum heap memory size for the Go.CD agent java process. ''; }; @@ -108,7 +108,7 @@ in { "-Djava.security.egd=file:/dev/./urandom" ] ''; - description = '' + description = lib.mdDoc '' Specifies startup command line arguments to pass to Go.CD agent java process. ''; @@ -127,7 +127,7 @@ in { "-XX:+PrintGCDetails" "-XX:+PrintGC" ]; - description = '' + description = lib.mdDoc '' Specifies additional command line arguments to pass to Go.CD agent java process. Example contains debug and gcLog arguments. ''; @@ -136,10 +136,10 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = '' + description = lib.mdDoc '' Additional environment variables to be passed to the Go.CD agent process. As a base environment, Go.CD agent receives NIX_PATH from - <option>environment.sessionVariables</option>, NIX_REMOTE is set to + {option}`environment.sessionVariables`, NIX_REMOTE is set to "daemon". ''; }; diff --git a/nixos/modules/services/continuous-integration/gocd-server/default.nix b/nixos/modules/services/continuous-integration/gocd-server/default.nix index 3540656f93448..50b5a20ad7ed2 100644 --- a/nixos/modules/services/continuous-integration/gocd-server/default.nix +++ b/nixos/modules/services/continuous-integration/gocd-server/default.nix @@ -13,7 +13,7 @@ in { user = mkOption { default = "gocd-server"; type = types.str; - description = '' + description = lib.mdDoc '' User the Go.CD server should execute under. ''; }; @@ -21,7 +21,7 @@ in { group = mkOption { default = "gocd-server"; type = types.str; - description = '' + description = lib.mdDoc '' If the default user "gocd-server" is configured then this is the primary group of that user. ''; }; @@ -30,7 +30,7 @@ in { default = [ ]; type = types.listOf types.str; example = [ "wheel" "docker" ]; - description = '' + description = lib.mdDoc '' List of extra groups that the "gocd-server" user should be a part of. ''; }; @@ -39,7 +39,7 @@ in { default = "0.0.0.0"; example = "localhost"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the bind address on which the Go.CD server HTTP interface listens. ''; }; @@ -47,7 +47,7 @@ in { port = mkOption { default = 8153; type = types.int; - description = '' + description = lib.mdDoc '' Specifies port number on which the Go.CD server HTTP interface listens. ''; }; @@ -55,7 +55,7 @@ in { sslPort = mkOption { default = 8154; type = types.int; - description = '' + description = lib.mdDoc '' Specifies port number on which the Go.CD server HTTPS interface listens. ''; }; @@ -63,7 +63,7 @@ in { workDir = mkOption { default = "/var/lib/go-server"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the working directory in which the Go.CD server java archive resides. ''; }; @@ -72,7 +72,7 @@ in { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = '' + description = lib.mdDoc '' Packages to add to PATH for the Go.CD server's process. ''; }; @@ -80,7 +80,7 @@ in { initialJavaHeapSize = mkOption { default = "512m"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the initial java heap memory size for the Go.CD server's java process. ''; }; @@ -88,7 +88,7 @@ in { maxJavaHeapMemory = mkOption { default = "1024m"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the java maximum heap memory size for the Go.CD server's java process. ''; }; @@ -122,7 +122,7 @@ in { ] ''; - description = '' + description = lib.mdDoc '' Specifies startup command line arguments to pass to Go.CD server java process. ''; @@ -141,7 +141,7 @@ in { "-XX:+PrintGCDetails" "-XX:+PrintGC" ]; - description = '' + description = lib.mdDoc '' Specifies additional command line arguments to pass to Go.CD server's java process. Example contains debug and gcLog arguments. ''; @@ -150,10 +150,10 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = '' + description = lib.mdDoc '' Additional environment variables to be passed to the gocd-server process. As a base environment, gocd-server receives NIX_PATH from - <option>environment.sessionVariables</option>, NIX_REMOTE is set to + {option}`environment.sessionVariables`, NIX_REMOTE is set to "daemon". ''; }; diff --git a/nixos/modules/services/continuous-integration/hail.nix b/nixos/modules/services/continuous-integration/hail.nix index 4070a3425c4f1..76d7356e24725 100644 --- a/nixos/modules/services/continuous-integration/hail.nix +++ b/nixos/modules/services/continuous-integration/hail.nix @@ -13,7 +13,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Enables the Hail Auto Update Service. Hail can automatically deploy artifacts built by a Hydra Continous Integration server. A common use case is to provide continous deployment for single services or a full NixOS configuration.''; @@ -21,22 +21,22 @@ in { profile = mkOption { type = types.str; default = "hail-profile"; - description = "The name of the Nix profile used by Hail."; + description = lib.mdDoc "The name of the Nix profile used by Hail."; }; hydraJobUri = mkOption { type = types.str; - description = "The URI of the Hydra Job."; + description = lib.mdDoc "The URI of the Hydra Job."; }; netrc = mkOption { type = types.nullOr types.path; - description = "The netrc file to use when fetching data from Hydra."; + description = lib.mdDoc "The netrc file to use when fetching data from Hydra."; default = null; }; package = mkOption { type = types.package; default = pkgs.haskellPackages.hail; defaultText = literalExpression "pkgs.haskellPackages.hail"; - description = "Hail package to use."; + description = lib.mdDoc "Hail package to use."; }; }; diff --git a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix index 80c88714bfc17..9e1fb03075767 100644 --- a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix +++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix @@ -28,7 +28,7 @@ let freeformType = format.type; options = { apiBaseUrl = mkOption { - description = '' + description = lib.mdDoc '' API base URL that the agent will connect to. When using Hercules CI Enterprise, set this to the URL where your @@ -40,19 +40,19 @@ let baseDirectory = mkOption { type = types.path; default = "/var/lib/hercules-ci-agent"; - description = '' + description = lib.mdDoc '' State directory (secrets, work directory, etc) for agent ''; }; concurrentTasks = mkOption { - description = '' + description = lib.mdDoc '' Number of tasks to perform simultaneously. A task is a single derivation build, an evaluation or an effect run. - At minimum, you need 2 concurrent tasks for <literal>x86_64-linux</literal> + At minimum, you need 2 concurrent tasks for `x86_64-linux` in your cluster, to allow for import from derivation. - <literal>concurrentTasks</literal> can be around the CPU core count or lower if memory is + `concurrentTasks` can be around the CPU core count or lower if memory is the bottleneck. The optimal value depends on the resource consumption characteristics of your workload, @@ -66,7 +66,7 @@ let default = "auto"; }; labels = mkOption { - description = '' + description = lib.mdDoc '' A key-value map of user data. This data will be available to organization members in the dashboard and API. @@ -85,7 +85,7 @@ let ''; }; workDirectory = mkOption { - description = '' + description = lib.mdDoc '' The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. ''; type = types.path; @@ -93,10 +93,10 @@ let defaultText = literalExpression ''baseDirectory + "/work"''; }; staticSecretsDirectory = mkOption { - description = '' - This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>. + description = lib.mdDoc '' + This is the default directory to look for statically configured secrets like `cluster-join-token.key`. - See also <literal>clusterJoinTokenPath</literal> and <literal>binaryCachesPath</literal> for fine-grained configuration. + See also `clusterJoinTokenPath` and `binaryCachesPath` for fine-grained configuration. ''; type = types.path; default = config.baseDirectory + "/secrets"; @@ -190,26 +190,26 @@ in enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Enable to run Hercules CI Agent as a system service. - <link xlink:href="https://hercules-ci.com">Hercules CI</link> is a + [Hercules CI](https://hercules-ci.com) is a continuous integation service that is centered around Nix. - Support is available at <link xlink:href="mailto:help@hercules-ci.com">help@hercules-ci.com</link>. + Support is available at [help@hercules-ci.com](mailto:help@hercules-ci.com). ''; }; checkNix = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Whether to make sure that the system's Nix (nix-daemon) is compatible. If you set this to false, please keep up with the change log. ''; }; package = mkOption { - description = '' + description = lib.mdDoc '' Package containing the bin/hercules-ci-agent executable. ''; type = types.package; @@ -217,12 +217,12 @@ in defaultText = literalExpression "pkgs.hercules-ci-agent"; }; settings = mkOption { - description = '' - These settings are written to the <literal>agent.toml</literal> file. + description = lib.mdDoc '' + These settings are written to the `agent.toml` file. Not all settings are listed as options, can be set nonetheless. - For the exhaustive list of settings, see <link xlink:href="https://docs.hercules-ci.com/hercules-ci/reference/agent-config/"/>. + For the exhaustive list of settings, see <https://docs.hercules-ci.com/hercules-ci/reference/agent-config/>. ''; type = types.submoduleWith { modules = [ settingsModule ]; }; }; diff --git a/nixos/modules/services/continuous-integration/hydra/default.nix b/nixos/modules/services/continuous-integration/hydra/default.nix index d3945f2370d71..f4cdf690bb3aa 100644 --- a/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixos/modules/services/continuous-integration/hydra/default.nix @@ -78,7 +78,7 @@ in enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether to run Hydra services. ''; }; @@ -101,12 +101,12 @@ in type = types.package; default = pkgs.hydra_unstable; defaultText = literalExpression "pkgs.hydra_unstable"; - description = "The Hydra package."; + description = lib.mdDoc "The Hydra package."; }; hydraURL = mkOption { type = types.str; - description = '' + description = lib.mdDoc '' The base URL for the Hydra webserver instance. Used for links in emails. ''; }; @@ -124,7 +124,7 @@ in port = mkOption { type = types.int; default = 3000; - description = '' + description = lib.mdDoc '' TCP port the web server should listen to. ''; }; @@ -132,7 +132,7 @@ in minimumDiskFree = mkOption { type = types.int; default = 0; - description = '' + description = lib.mdDoc '' Threshold of minimum disk space (GiB) to determine if the queue runner should run or not. ''; }; @@ -140,14 +140,14 @@ in minimumDiskFreeEvaluator = mkOption { type = types.int; default = 0; - description = '' + description = lib.mdDoc '' Threshold of minimum disk space (GiB) to determine if the evaluator should run or not. ''; }; notificationSender = mkOption { type = types.str; - description = '' + description = lib.mdDoc '' Sender email address used for email notifications. ''; }; @@ -156,7 +156,7 @@ in type = types.nullOr types.str; default = null; example = "localhost"; - description = '' + description = lib.mdDoc '' Hostname of the SMTP server to use to send email. ''; }; @@ -164,7 +164,7 @@ in tracker = mkOption { type = types.str; default = ""; - description = '' + description = lib.mdDoc '' Piece of HTML that is included on all pages. ''; }; @@ -172,7 +172,7 @@ in logo = mkOption { type = types.nullOr types.path; default = null; - description = '' + description = lib.mdDoc '' Path to a file containing the logo of your Hydra instance. ''; }; @@ -180,24 +180,24 @@ in debugServer = mkOption { type = types.bool; default = false; - description = "Whether to run the server in debug mode."; + description = lib.mdDoc "Whether to run the server in debug mode."; }; extraConfig = mkOption { type = types.lines; - description = "Extra lines for the Hydra configuration."; + description = lib.mdDoc "Extra lines for the Hydra configuration."; }; extraEnv = mkOption { type = types.attrsOf types.str; default = {}; - description = "Extra environment variables for Hydra."; + description = lib.mdDoc "Extra environment variables for Hydra."; }; gcRootsDir = mkOption { type = types.path; default = "/nix/var/nix/gcroots/hydra"; - description = "Directory that holds Hydra garbage collector roots."; + description = lib.mdDoc "Directory that holds Hydra garbage collector roots."; }; buildMachinesFiles = mkOption { @@ -205,13 +205,13 @@ in default = optional (config.nix.buildMachines != []) "/etc/nix/machines"; defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"''; example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ]; - description = "List of files containing build machines."; + description = lib.mdDoc "List of files containing build machines."; }; useSubstitutes = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether to use binary caches for downloading store paths. Note that binary substitutions trigger (a potentially large number of) additional HTTP requests that slow down the queue monitor thread significantly. diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index d37dcb5519d28..6cd5718f42276 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether to enable the jenkins continuous integration server. ''; }; @@ -17,7 +17,7 @@ in { user = mkOption { default = "jenkins"; type = types.str; - description = '' + description = lib.mdDoc '' User the jenkins server should execute under. ''; }; @@ -25,7 +25,7 @@ in { group = mkOption { default = "jenkins"; type = types.str; - description = '' + description = lib.mdDoc '' If the default user "jenkins" is configured then this is the primary group of that user. ''; @@ -35,7 +35,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "wheel" "dialout" ]; - description = '' + description = lib.mdDoc '' List of extra groups that the "jenkins" user should be a part of. ''; }; @@ -43,7 +43,7 @@ in { home = mkOption { default = "/var/lib/jenkins"; type = types.path; - description = '' + description = lib.mdDoc '' The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user. ''; @@ -53,7 +53,7 @@ in { default = "0.0.0.0"; example = "localhost"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies the bind address on which the jenkins HTTP interface listens. The default is the wildcard address. ''; @@ -62,7 +62,7 @@ in { port = mkOption { default = 8080; type = types.port; - description = '' + description = lib.mdDoc '' Specifies port number on which the jenkins HTTP interface listens. The default is 8080. ''; @@ -72,7 +72,7 @@ in { default = ""; example = "/jenkins"; type = types.str; - description = '' + description = lib.mdDoc '' Specifies a urlPrefix to use with jenkins. If the example /jenkins is given, the jenkins server will be accessible using localhost:8080/jenkins. @@ -83,14 +83,14 @@ in { default = pkgs.jenkins; defaultText = literalExpression "pkgs.jenkins"; type = types.package; - description = "Jenkins package to use."; + description = lib.mdDoc "Jenkins package to use."; }; packages = mkOption { default = [ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = '' + description = lib.mdDoc '' Packages to add to PATH for the jenkins process. ''; }; @@ -98,12 +98,12 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = '' + description = lib.mdDoc '' Additional environment variables to be passed to the jenkins process. As a base environment, jenkins receives NIX_PATH from - <option>environment.sessionVariables</option>, NIX_REMOTE is set to + {option}`environment.sessionVariables`, NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to the value of - <option>services.jenkins.home</option>. + {option}`services.jenkins.home`. This option has precedence and can be used to override those mentioned variables. ''; @@ -112,13 +112,13 @@ in { plugins = mkOption { default = null; type = types.nullOr (types.attrsOf types.package); - description = '' + description = lib.mdDoc '' A set of plugins to activate. Note that this will completely remove and replace any previously installed plugins. If you have manually-installed plugins that you want to keep while using this module, set this option to - <literal>null</literal>. You can generate this set with a - tool such as <literal>jenkinsPlugins2nix</literal>. + `null`. You can generate this set with a + tool such as `jenkinsPlugins2nix`. ''; example = literalExpression '' import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; } @@ -129,7 +129,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "--debug=9" ]; - description = '' + description = lib.mdDoc '' Additional command line arguments to pass to Jenkins. ''; }; @@ -138,7 +138,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "-Xmx80m" ]; - description = '' + description = lib.mdDoc '' Additional command line arguments to pass to the Java run time (as opposed to Jenkins). ''; }; @@ -146,12 +146,12 @@ in { withCLI = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether to make the CLI available. More info about the CLI available at - <link xlink:href="https://www.jenkins.io/doc/book/managing/cli"> - https://www.jenkins.io/doc/book/managing/cli</link> . + [ + https://www.jenkins.io/doc/book/managing/cli](https://www.jenkins.io/doc/book/managing/cli) . ''; }; }; diff --git a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index 3ca1542c18f2a..8dc06bf264162 100644 --- a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -12,7 +12,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether or not to enable the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner. @@ -24,15 +24,15 @@ in { deleted. Please see the Jenkins Job Builder documentation for more info: - <link xlink:href="http://docs.openstack.org/infra/jenkins-job-builder/"> - http://docs.openstack.org/infra/jenkins-job-builder/</link> + [ + http://docs.openstack.org/infra/jenkins-job-builder/](http://docs.openstack.org/infra/jenkins-job-builder/) ''; }; accessUser = mkOption { default = ""; type = types.str; - description = '' + description = lib.mdDoc '' User id in Jenkins used to reload config. ''; }; @@ -40,10 +40,10 @@ in { accessToken = mkOption { default = ""; type = types.str; - description = '' + description = lib.mdDoc '' User token in Jenkins used to reload config. WARNING: This token will be world readable in the Nix store. To keep - it secret, use the <option>accessTokenFile</option> option instead. + it secret, use the {option}`accessTokenFile` option instead. ''; }; @@ -51,8 +51,8 @@ in { default = ""; type = types.str; example = "/run/keys/jenkins-job-builder-access-token"; - description = '' - File containing the API token for the <option>accessUser</option> + description = lib.mdDoc '' + File containing the API token for the {option}`accessUser` user. ''; }; @@ -66,7 +66,7 @@ in { builders: - shell: echo 'Hello world!' ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in YAML format. ''; }; @@ -86,7 +86,7 @@ in { ''' ] ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in JSON format. ''; }; @@ -104,7 +104,7 @@ in { } ] ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in Nix format. This is a trivial wrapper around jsonJobs, using builtins.toJSON @@ -156,12 +156,22 @@ in { reloadScript = '' echo "Asking Jenkins to reload config" curl_opts="--silent --fail --show-error" - access_token=${if cfg.accessTokenFile != "" - then "$(cat '${cfg.accessTokenFile}')" - else cfg.accessToken} - jenkins_url="http://${cfg.accessUser}:$access_token@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}" - crumb=$(curl $curl_opts "$jenkins_url"'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') - curl $curl_opts -X POST -H "$crumb" "$jenkins_url"/reload + access_token_file=${if cfg.accessTokenFile != "" + then cfg.accessTokenFile + else "$RUNTIME_DIRECTORY/jenkins_access_token.txt"} + if [ "${cfg.accessToken}" != "" ]; then + (umask 0077; printf "${cfg.accessToken}" >"$access_token_file") + fi + jenkins_url="http://${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}" + auth_file="$RUNTIME_DIRECTORY/jenkins_auth_file.txt" + trap 'rm -f "$auth_file"' EXIT + (umask 0077; printf "${cfg.accessUser}:@password_placeholder@" >"$auth_file") + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "$access_token_file" "$auth_file" + + if ! "${pkgs.jenkins}/bin/jenkins-cli" -s "$jenkins_url" -auth "@$auth_file" reload-configuration; then + echo "error: failed to reload configuration" + exit 1 + fi ''; in '' @@ -233,6 +243,7 @@ in { done '' + (if cfg.accessUser != "" then reloadScript else ""); serviceConfig = { + Type = "oneshot"; User = jenkinsCfg.user; RuntimeDirectory = "jenkins-job-builder"; }; diff --git a/nixos/modules/services/continuous-integration/jenkins/slave.nix b/nixos/modules/services/continuous-integration/jenkins/slave.nix index 871b9914fb27a..9b86917ab380f 100644 --- a/nixos/modules/services/continuous-integration/jenkins/slave.nix +++ b/nixos/modules/services/continuous-integration/jenkins/slave.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' If true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured. @@ -24,7 +24,7 @@ in { user = mkOption { default = "jenkins"; type = types.str; - description = '' + description = lib.mdDoc '' User the jenkins slave agent should execute under. ''; }; @@ -32,7 +32,7 @@ in { group = mkOption { default = "jenkins"; type = types.str; - description = '' + description = lib.mdDoc '' If the default slave agent user "jenkins" is configured then this is the primary group of that user. ''; @@ -41,7 +41,7 @@ in { home = mkOption { default = "/var/lib/jenkins"; type = types.path; - description = '' + description = lib.mdDoc '' The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user. ''; @@ -50,7 +50,7 @@ in { javaPackage = mkOption { default = pkgs.jdk; defaultText = literalExpression "pkgs.jdk"; - description = '' + description = lib.mdDoc '' Java package to install. ''; type = types.package; |