From efefba7c9b49a36a6c71b55f45c14d28e5f9f6bf Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 18 Feb 2018 16:19:26 +0000
Subject: nixos/buildkite-agent: add extraConfig option

This is useful for things like enabling debugging and increasing agent
priority, which don't warrant extra module options.
---
 .../services/continuous-integration/buildkite-agent.nix        | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index 1b0198ac93fe..abd77ddb973e 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -65,6 +65,15 @@ in
         '';
       };
 
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        example = "debug=true";
+        description = ''
+          Extra lines to be added verbatim to the configuration file.
+        '';
+      };
+
       openssh =
         { privateKeyPath = mkOption {
             type = types.path;
@@ -126,6 +135,7 @@ in
             build-path="${cfg.dataDir}/builds"
             hooks-path="${cfg.hooksPath}"
             bootstrap-script="${pkgs.buildkite-agent}/share/bootstrap.sh"
+            ${cfg.extraConfig}
             EOF
           '';
 
-- 
cgit 1.4.1


From 66586c86b9160630f13fc4ff6d8c618eb9c429ce Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 18 Feb 2018 16:35:27 +0000
Subject: nixos/buildkite-agent: declarative hooks configuration

Instead of having to set up a directory containing hook scripts, you
can now directly set module options to add hooks.
---
 .../continuous-integration/buildkite-agent.nix     | 111 +++++++++++++++++++--
 1 file changed, 102 insertions(+), 9 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index abd77ddb973e..ca405546ec0d 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -4,6 +4,31 @@ with lib;
 
 let
   cfg = config.services.buildkite-agent;
+
+  mkHookOption = { name, description, example ? null }: {
+    inherit name;
+    value = mkOption {
+      default = null;
+      inherit description;
+      type = types.nullOr types.lines;
+    } // (if example == null then {} else { inherit example; });
+  };
+  mkHookOptions = hooks: listToAttrs (map mkHookOption hooks);
+
+  hooksDir = let
+    mkHookEntry = name: value: ''
+      cat > $out/${name} <<EOF
+      #! ${pkgs.stdenv.shell}
+      set -e
+      ${value}
+      EOF
+      chmod 755 $out/${name}
+    '';
+  in pkgs.runCommand "buildkite-agent-hooks" {} ''
+    mkdir $out
+    ${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))}
+  '';
+
 in
 
 {
@@ -48,15 +73,6 @@ in
         '';
       };
 
-      hooksPath = mkOption {
-        type = types.path;
-        default = "${pkgs.buildkite-agent}/share/hooks";
-        defaultText = "${pkgs.buildkite-agent}/share/hooks";
-        description = ''
-          Path to the directory storing the hooks.
-        '';
-      };
-
       meta-data = mkOption {
         type = types.str;
         default = "";
@@ -94,6 +110,74 @@ in
             '';
           };
         };
+
+      hooks = mkHookOptions [
+        { name = "checkout";
+          description = ''
+            The `checkout` hook script will replace the default checkout routine of the
+            bootstrap.sh script. You can use this hook to do your own SCM checkout
+            behaviour
+          ''; }
+        { name = "command";
+          description = ''
+            The `command` hook script will replace the default implementation of running
+            the build command.
+          ''; }
+        { name = "environment";
+          description = ''
+            The `environment` hook will run before all other commands, and can be used
+            to set up secrets, data, etc. Anything exported in hooks will be available
+            to the build script.
+
+            Note: the contents of this file will be copied to the world-readable
+            Nix store.
+          '';
+          example = ''
+            export SECRET_VAR=`head -1 /run/keys/secret`
+          ''; }
+        { name = "post-artifact";
+          description = ''
+            The `post-artifact` hook will run just after artifacts are uploaded
+          ''; }
+        { name = "post-checkout";
+          description = ''
+            The `post-checkout` hook will run after the bootstrap script has checked out
+            your projects source code.
+          ''; }
+        { name = "post-command";
+          description = ''
+            The `post-command` hook will run after the bootstrap script has run your
+            build commands
+          ''; }
+        { name = "pre-artifact";
+          description = ''
+            The `pre-artifact` hook will run just before artifacts are uploaded
+          ''; }
+        { name = "pre-checkout";
+          description = ''
+            The `pre-checkout` hook will run just before your projects source code is
+            checked out from your SCM provider
+          ''; }
+        { name = "pre-command";
+          description = ''
+            The `pre-command` hook will run just before your build command runs
+          ''; }
+        { name = "pre-exit";
+          description = ''
+            The `pre-exit` hook will run just before your build job finishes
+          ''; }
+      ];
+
+      hooksPath = mkOption {
+        type = types.path;
+        default = hooksDir;
+        defaultText = "generated from services.buildkite-agent.hooks";
+        description = ''
+          Path to the directory storing the hooks.
+          Consider using <option>services.buildkite-agent.hooks.&lt;name&gt;</option>
+          instead.
+        '';
+      };
     };
   };
 
@@ -147,6 +231,15 @@ in
             TimeoutSec = 10;
           };
       };
+
+    assertions = [
+      { assertion = cfg.hooksPath == hooksDir || all isNull (attrValues cfg.hooks);
+        message = ''
+          Options `services.buildkite-agent.hooksPath' and
+          `services.buildkite-agent.hooks.<name>' are mutually exclusive.
+        '';
+      }
+    ];
   };
   imports = [
     (mkRenamedOptionModule [ "services" "buildkite-agent" "token" ]                [ "services" "buildkite-agent" "tokenPath" ])
-- 
cgit 1.4.1


From cf6463aa8c511159d235a429845adb9132230ff3 Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 18 Feb 2018 16:42:13 +0000
Subject: nixos/buildkite-agent: enhance documentation for meta-data option

I assumed they were space-separated, which was wrong.

In future it might be better to allow specifying an attrset of strings
for the option.
---
 nixos/modules/services/continuous-integration/buildkite-agent.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index ca405546ec0d..cc195d575c3f 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -76,8 +76,10 @@ in
       meta-data = mkOption {
         type = types.str;
         default = "";
+        example = "queue=default,docker=true,ruby2=true";
         description = ''
-          Meta data for the agent.
+          Meta data for the agent. This is a comma-separated list of
+          <code>key=value</code> pairs.
         '';
       };
 
-- 
cgit 1.4.1


From 8132b24cdfec12f8fe869afe004b9d7b897df678 Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 18 Feb 2018 16:44:13 +0000
Subject: nixos/buildkite-agent: remove obsolete config setting

Newer versions of buildkite-agent can find the bootstrap script
themselves.
---
 nixos/modules/services/continuous-integration/buildkite-agent.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index cc195d575c3f..6524abef8a48 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -220,7 +220,6 @@ in
             meta-data="${cfg.meta-data}"
             build-path="${cfg.dataDir}/builds"
             hooks-path="${cfg.hooksPath}"
-            bootstrap-script="${pkgs.buildkite-agent}/share/bootstrap.sh"
             ${cfg.extraConfig}
             EOF
           '';
-- 
cgit 1.4.1


From 21e9a3eb6fe8256019c4e0d6d4ff04d9348acb25 Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Mon, 19 Feb 2018 07:41:49 +0000
Subject: nixos/buildkite-agent: add a default value for name option

Use the default name value from:
https://buildkite.com/docs/agent/configuration
---
 nixos/modules/services/continuous-integration/buildkite-agent.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index 6524abef8a48..039567eb6051 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -68,6 +68,7 @@ in
 
       name = mkOption {
         type = types.str;
+        default = "%hostname-%n";
         description = ''
           The name of the agent.
         '';
-- 
cgit 1.4.1


From e552633c20db1c516f6fd46280627ff5f0ee33a0 Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 18 Feb 2018 08:30:42 +0000
Subject: nixos/buildkite-agent: add coreutils to PATH of service

This simplifies the service script and it's probable that many builds
will need coreutils anyway.
---
 .../services/continuous-integration/buildkite-agent.nix | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix
index 039567eb6051..0a0c9f665d25 100644
--- a/nixos/modules/services/continuous-integration/buildkite-agent.nix
+++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix
@@ -196,13 +196,10 @@ in
     environment.systemPackages = [ cfg.package ];
 
     systemd.services.buildkite-agent =
-      let copy = x: target: perms:
-                 "cp -f ${x} ${target}; ${pkgs.coreutils}/bin/chmod ${toString perms} ${target}; ";
-      in
       { description = "Buildkite Agent";
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
-        path = cfg.runtimePackages;
+        path = cfg.runtimePackages ++ [ pkgs.coreutils ];
         environment = config.networking.proxy.envVars // {
           HOME = cfg.dataDir;
           NIX_REMOTE = "daemon";
@@ -210,10 +207,14 @@ in
 
         ## NB: maximum care is taken so that secrets (ssh keys and the CI token)
         ##     don't end up in the Nix store.
-        preStart = ''
-            ${pkgs.coreutils}/bin/mkdir -m 0700 -p ${cfg.dataDir}/.ssh
-            ${copy (toString cfg.openssh.privateKeyPath) "${cfg.dataDir}/.ssh/id_rsa"     600}
-            ${copy (toString cfg.openssh.publicKeyPath)  "${cfg.dataDir}/.ssh/id_rsa.pub" 600}
+        preStart = let
+          sshDir = "${cfg.dataDir}/.ssh";
+        in
+          ''
+            mkdir -m 0700 -p "${sshDir}"
+            cp -f "${toString cfg.openssh.privateKeyPath}" "${sshDir}/id_rsa"
+            cp -f "${toString cfg.openssh.publicKeyPath}"  "${sshDir}/id_rsa.pub"
+            chmod 600 "${sshDir}"/id_rsa*
 
             cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
             token="$(cat ${toString cfg.tokenPath})"
-- 
cgit 1.4.1