diff options
| author | Florian Klink <flokli@flokli.de> | 2020-01-21 14:21:57 +0100 |
|---|---|---|
| committer | zimbatm <zimbatm@zimbatm.com> | 2020-01-21 13:21:57 +0000 |
| commit | 0daae2e08c1b5c0d4141f6655d38bac7b70569e7 (patch) | |
| tree | fdab1abb43cc201313ca0b4d28f8091c54e50d7d /nixos | |
| parent | ab10bac1b177832b5e6b883ba95bf35f87229267 (diff) | |
| download | nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar.gz nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar.bz2 nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar.lz nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar.xz nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.tar.zst nixpkgs-0daae2e08c1b5c0d4141f6655d38bac7b70569e7.zip | |
nixos/buildkite: drop user option (#78160)
* nixos/buildkite: drop user option This reverts 8c6b1c3eaaa8b555bddaced3ab6f02695bef1541. Turns out, buildkite-agent has logic to write .ssh/known_hosts files and only really works when $HOME and the user homedir are in sync. On top of that, we provision ssh keys in /var/lib/buildkite-agent, which doesn't work if that other users' homedir points elsewhere (we can cheat by setting $HOME, but then getent and $HOME provide conflicting results). So after all, it's better to only run the system-wide buildkite agent as the "buildkite-agent" user only - if one wants to run buildkite as different users, systemd user services might be a better fit. * nixosTests.buildkite-agent: add node with separate user and no ssh key
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/continuous-integration/buildkite-agent.nix | 15 | ||||
| -rw-r--r-- | nixos/tests/buildkite-agent.nix | 27 |
2 files changed, 22 insertions, 20 deletions
diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix index 418a7bc1a46..58bce654941 100644 --- a/nixos/modules/services/continuous-integration/buildkite-agent.nix +++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix @@ -29,8 +29,6 @@ let ${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))} ''; - defaultUser = "buildkite-agent"; - in { @@ -58,15 +56,6 @@ in type = types.listOf types.package; }; - user = mkOption { - type = types.str; - default = defaultUser; - description = '' - Set this option when you want to run the buildkite agent as something else - than the default user "buildkite-agent". - ''; - }; - tokenPath = mkOption { type = types.path; description = '' @@ -197,7 +186,7 @@ in }; config = mkIf config.services.buildkite-agent.enable { - users.users.buildkite-agent = mkIf (cfg.user == defaultUser) { + users.users.buildkite-agent = { name = "buildkite-agent"; home = cfg.dataDir; createHome = true; @@ -242,7 +231,7 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg"; - User = cfg.user; + User = "buildkite-agent"; RestartSec = 5; Restart = "on-failure"; TimeoutSec = 10; diff --git a/nixos/tests/buildkite-agent.nix b/nixos/tests/buildkite-agent.nix index 042ce389eb8..3c824c9aedf 100644 --- a/nixos/tests/buildkite-agent.nix +++ b/nixos/tests/buildkite-agent.nix @@ -6,18 +6,31 @@ import ./make-test-python.nix ({ pkgs, ... }: maintainers = [ flokli ]; }; - machine = { pkgs, ... }: { - services.buildkite-agent = { - enable = true; - privateSshKeyPath = (import ./ssh-keys.nix pkgs).snakeOilPrivateKey; - tokenPath = (pkgs.writeText "my-token" "5678"); + nodes = { + node1 = { pkgs, ... }: { + services.buildkite-agent = { + enable = true; + privateSshKeyPath = (import ./ssh-keys.nix pkgs).snakeOilPrivateKey; + tokenPath = (pkgs.writeText "my-token" "5678"); + }; + }; + # don't configure ssh key, run as a separate user + node2 = { pkgs, ...}: { + services.buildkite-agent = { + enable = true; + tokenPath = (pkgs.writeText "my-token" "1234"); + }; }; }; testScript = '' + start_all() # we can't wait on the unit to start up, as we obviously can't connect to buildkite, # but we can look whether files are set up correctly - machine.wait_for_file("/var/lib/buildkite-agent/buildkite-agent.cfg") - machine.wait_for_file("/var/lib/buildkite-agent/.ssh/id_rsa") + + node1.wait_for_file("/var/lib/buildkite-agent/buildkite-agent.cfg") + node1.wait_for_file("/var/lib/buildkite-agent/.ssh/id_rsa") + + node2.wait_for_file("/var/lib/buildkite-agent/buildkite-agent.cfg") ''; }) |