torjus/homelab-deploy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add builder mode for centralized Nix builds #2

Merged
torjus merged 4 commits from feat/builder into master 2026-02-10 21:16:05 +00:00
Conversation 0 Commits 4 Files Changed 13 +1677 -52
torjus commented 2026-02-10 21:04:14 +00:00
Owner
Copy Link

Summary

  • Add "builder" mode for triggering Nix builds on a dedicated build host via NATS messaging, enabling pre-building configurations before deployment
  • Add CLI build command with real-time progress tracking and JSON output support
  • Add MCP build tool (enabled via --enable-builds flag) for AI assistant integration
  • Add NixOS module services.homelab-deploy.builder for easy service deployment

Changes

  • internal/builder/ - New package with builder server, YAML config parsing, and nix build executor
  • internal/messages/build.go - Build request/response message types with progress tracking
  • internal/cli/build.go - CLI client for triggering builds
  • internal/mcp/build_tools.go - MCP build tool definition
  • internal/metrics/build_metrics.go - Prometheus metrics for build monitoring
  • cmd/homelab-deploy/main.go - Added builder and build subcommands
  • nixos/module.nix - Added builder service options alongside existing listener
  • README.md - Documentation for builder feature, CLI commands, and configuration
## Summary - Add "builder" mode for triggering Nix builds on a dedicated build host via NATS messaging, enabling pre-building configurations before deployment - Add CLI `build` command with real-time progress tracking and JSON output support - Add MCP `build` tool (enabled via `--enable-builds` flag) for AI assistant integration - Add NixOS module `services.homelab-deploy.builder` for easy service deployment ## Changes - `internal/builder/` - New package with builder server, YAML config parsing, and nix build executor - `internal/messages/build.go` - Build request/response message types with progress tracking - `internal/cli/build.go` - CLI client for triggering builds - `internal/mcp/build_tools.go` - MCP build tool definition - `internal/metrics/build_metrics.go` - Prometheus metrics for build monitoring - `cmd/homelab-deploy/main.go` - Added `builder` and `build` subcommands - `nixos/module.nix` - Added builder service options alongside existing listener - `README.md` - Documentation for builder feature, CLI commands, and configuration
torjus added 1 commit 2026-02-10 21:04:14 +00:00
feat: add builder mode for centralized Nix builds 14f5b31faf 
Add a new "builder" capability to trigger Nix builds on a dedicated
build host via NATS messaging. This allows pre-building NixOS
configurations before deployment.

New components:
- Builder mode: subscribes to build.<repo>.* subjects, executes nix build
- Build CLI command: triggers builds with progress tracking
- MCP build tool: available with --enable-builds flag
- Builder metrics: tracks build success/failure per repo and host
- NixOS module: services.homelab-deploy.builder

The builder uses a YAML config file to define allowed repositories
with their URLs and default branches. Builds can target all hosts
or specific hosts, with real-time progress updates.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
torjus added 1 commit 2026-02-10 21:07:37 +00:00
fix: validate target and hostname inputs to prevent injection 08f1fcc6ac 
Add input validation to address security concerns:

- Validate Target field in BuildRequest against safe character pattern
  (must be "all" or match alphanumeric/dash/underscore/dot pattern)
- Filter hostnames discovered from nix flake show output, skipping any
  with invalid characters before using them in build commands

This prevents potential command injection via crafted NATS messages or
malicious flake configurations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
torjus added 1 commit 2026-02-10 21:09:58 +00:00
fix: add validation for config and reply subjects c52e88ca7e 
Address medium severity security issues:

- Validate repo names in config only allow alphanumeric, dash, underscore
  (prevents NATS subject injection via dots or wildcards)
- Validate repo URLs must start with git+https://, git+ssh://, or git+file://
- Validate ReplyTo field must start with "build.responses." to prevent
  publishing responses to arbitrary NATS subjects

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
torjus added 1 commit 2026-02-10 21:13:42 +00:00
feat(nixos): add settings option for builder config 00899489ac 
Allow defining builder repository configuration directly in Nix using
the `settings.repos` option, which is more idiomatic for NixOS modules.

Users can now choose between:
- `settings.repos` - Define repos in Nix (recommended)
- `configFile` - Point to an external YAML file

The module generates a YAML config file from settings when configFile
is not specified. An assertion ensures at least one method is used.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
torjus merged commit a8aab16d0e into master 2026-02-10 21:16:05 +00:00
torjus deleted branch feat/builder 2026-02-10 21:16:05 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
torjus
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: torjus/homelab-deploy#2
Delete Branch "feat/builder"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?