Skip to content

Commit 62e7fc4

Browse files
MagicRBmergify[bot]
MagicRB
authored and
mergify[bot]
committed
Actually fix Cachix, attempt 3
Signed-off-by: magic_rb <[email protected]>
1 parent 225d286 commit 62e7fc4

File tree

1 file changed

+76
-17
lines changed

1 file changed

+76
-17
lines changed

nix/master.nix

Lines changed: 76 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,6 @@ let
88
cfg = config.services.buildbot-nix.master;
99
inherit (lib) mkRemovedOptionModule mkRenamedOptionModule;
1010

11-
optionsCachix = options.services.buildbot-nix.master.cachix;
12-
1311
interpolateType =
1412
lib.mkOptionType {
1513
name = "interpolate";
@@ -164,13 +162,51 @@ in
164162
description = "Cachix name";
165163
};
166164

165+
auth = lib.mkOption {
166+
type = lib.types.attrTag {
167+
signingKey = lib.mkOption {
168+
description = ''
169+
Use a signing key to authenticate with Cachix.
170+
'';
171+
172+
type = lib.types.submodule {
173+
options.file = lib.mkOption {
174+
type = lib.types.path;
175+
description = ''
176+
Path to a file containing the signing key.
177+
'';
178+
};
179+
};
180+
};
181+
182+
authToken = lib.mkOption {
183+
description = ''
184+
Use an authentication token to authenticate with Cachix.
185+
'';
186+
187+
type = lib.types.submodule {
188+
options.file = lib.mkOption {
189+
type = lib.types.path;
190+
description = ''
191+
Path to a file containing the authentication token.
192+
'';
193+
};
194+
};
195+
};
196+
};
197+
};
198+
167199
signingKeyFile = lib.mkOption {
168-
type = lib.types.path;
200+
type = lib.types.nullOr lib.types.path;
201+
default = null;
202+
visible = false;
169203
description = "Cachix signing key";
170204
};
171205

172206
authTokenFile = lib.mkOption {
173-
type = lib.types.str;
207+
type = lib.types.nullOr lib.types.path;
208+
default = null;
209+
visible = false;
174210
description = "Cachix auth token";
175211
};
176212
};
@@ -365,21 +401,36 @@ in
365401
isSystemUser = true;
366402
};
367403

404+
services.buildbot-nix.master.cachix.auth = lib.mkIf (cfg.cachix.authTokenFile != null || cfg.cachix.signingKeyFile != null)
405+
(if (cfg.cachix.authTokenFile != null) then
406+
lib.warn
407+
"Obsolete option `services.buildbot-nix.master.cachix.authTokenFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.authToken.file'."
408+
{ authToken.file = cfg.cachix.authTokenFile; }
409+
else if (cfg.cachix.signingKeyFile != null) then
410+
lib.warn
411+
"Obsolete option `services.buildbot-nix.master.cachix.signingKeyFile' is used. It was renamed to `services.buildbot-nix.master.cachix.auth.signingKey.file'."
412+
{ signingKey.file = cfg.cachix.signingKeyFile; }
413+
else
414+
throw "Impossible, guarded by mkIf.");
415+
368416
assertions = [
369417
{
370418
assertion =
371419
let
372-
allIsNull = lib.all (x: x == null);
420+
isNull = x: x == null;
373421
in
374-
optionsCachix.enable.value || lib.foldr (a: b: a && b) true [
375-
(optionsCachix.name.isDefined -> allIsNull optionsCachix.name.definitions)
376-
(optionsCachix.signingKeyFile.isDefined -> allIsNull optionsCachix.signingKeyFile.definitions)
377-
(optionsCachix.authTokenFile.isDefined -> allIsNull optionsCachix.authTokenFile.definitions)
378-
];
422+
isNull cfg.cachix.authTokenFile && isNull cfg.cachix.signingKeyFile ||
423+
isNull cfg.cachix.authTokenFile && cfg.cachix.enable ||
424+
isNull cfg.cachix.signingKeyFile && cfg.cachix.enable;
379425
message = ''
380-
The semantics of `options.services.buildbot-nix.master.cachix` recently changed slightly, the options
381-
`name`, `signingKeyFile`, and `authTokenFile` are no longer null-able. To enable Cachix support use:
382-
`options.services.buildbot-nix.master.cachix.enable = True`.
426+
The semantics of `options.services.buildbot-nix.master.cachix` recently changed
427+
slightly, the option `name` is no longer null-able. To enable Cachix support
428+
use `services.buildbot-nix.master.cachix.enable = true`.
429+
430+
Furthermore, the options `services.buildbot-nix.master.cachix.authTokenFile` and
431+
`services.buildbot-nix.master.cachix.signingKeyFile` were renamed to
432+
`services.buildbot-nix.master.cachix.auth.authToken.file` and
433+
`services.buildbot-nix.master.cachix.auth.signingKey.file` respectively.
383434
'';
384435
}
385436
{
@@ -450,8 +501,16 @@ in
450501
else
451502
{
452503
name = cfg.cachix.name;
453-
signing_key_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.signingKeyFile else null;
454-
auth_token_file = if optionsCachix.signingKeyFile.isDefined then cfg.cachix.authTokenFile else null;
504+
signing_key_file =
505+
if cfg.cachix.auth ? "signingKey" then
506+
cfg.cachix.auth.signingKey.file
507+
else
508+
null;
509+
auth_token_file =
510+
if cfg.cachix.auth ? "authToken" then
511+
cfg.cachix.authTokenFile
512+
else
513+
null;
455514
};
456515
gitea = if !cfg.gitea.enable then
457516
null
@@ -560,10 +619,10 @@ in
560619
)
561620
++ lib.optional (cfg.authBackend == "gitea") "gitea-oauth-secret:${cfg.gitea.oauthSecretFile}"
562621
++ lib.optional (cfg.authBackend == "github") "github-oauth-secret:${cfg.github.oauthSecretFile}"
563-
++ lib.optionals cfg.cachix.enable [
622+
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "signingKey")
564623
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
624+
++ lib.optional (cfg.cachix.enable && cfg.cachix ? "authToken")
565625
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}"
566-
]
567626
++ lib.optionals cfg.gitea.enable [
568627
"gitea-token:${cfg.gitea.tokenFile}"
569628
"gitea-webhook-secret:${cfg.gitea.webhookSecretFile}"

0 commit comments

Comments
 (0)