Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
07f4510ad0
@ -263,6 +263,31 @@ with lib;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
omo = rec {
|
||||||
|
cores = 2;
|
||||||
|
dc = "makefu"; #AMD E350
|
||||||
|
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
addrs4 = ["10.243.0.89"];
|
||||||
|
addrs6 = ["42:f9f0::10"];
|
||||||
|
aliases = [
|
||||||
|
"omo.retiolum"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
|
||||||
|
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
|
||||||
|
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
|
||||||
|
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
|
||||||
|
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
|
||||||
|
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
gum = rec {
|
gum = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
dc = "online.net"; #root-server
|
dc = "online.net"; #root-server
|
||||||
@ -273,6 +298,7 @@ with lib;
|
|||||||
mattermost.euer IN A ${head nets.internet.addrs4}
|
mattermost.euer IN A ${head nets.internet.addrs4}
|
||||||
git.euer IN A ${head nets.internet.addrs4}
|
git.euer IN A ${head nets.internet.addrs4}
|
||||||
gum IN A ${head nets.internet.addrs4}
|
gum IN A ${head nets.internet.addrs4}
|
||||||
|
cgit.euer IN A ${head nets.internet.addrs4}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = {
|
nets = {
|
||||||
@ -287,6 +313,7 @@ with lib;
|
|||||||
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
|
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"gum.retiolum"
|
"gum.retiolum"
|
||||||
|
"cgit.gum.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -302,10 +329,26 @@ with lib;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = addNames {
|
users = addNames rec {
|
||||||
makefu = {
|
makefu = {
|
||||||
mail = "makefu@pornocauster.retiolum";
|
mail = "makefu@pornocauster.retiolum";
|
||||||
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
|
||||||
|
};
|
||||||
|
makefu-omo = {
|
||||||
|
inherit (makefu) mail;
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
|
||||||
|
};
|
||||||
|
makefu-tsp = {
|
||||||
|
inherit (makefu) mail;
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
|
||||||
|
};
|
||||||
|
makefu-vbob = {
|
||||||
|
inherit (makefu) mail;
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
|
||||||
|
};
|
||||||
|
exco = {
|
||||||
|
mail = "dickbutt@excogitation.de";
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
87
krebs/5pkgs/fortclientsslvpn/default.nix
Normal file
87
krebs/5pkgs/fortclientsslvpn/default.nix
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
|
||||||
|
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "forticlientsslvpn";
|
||||||
|
# forticlient will be copied into /tmp before execution. this is necessary as
|
||||||
|
# the software demands $base to be writeable
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
# archive.org mirror:
|
||||||
|
# https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
|
||||||
|
url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
|
||||||
|
sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
|
||||||
|
};
|
||||||
|
phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
|
||||||
|
|
||||||
|
buildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
binPath = lib.makeSearchPath "bin" [
|
||||||
|
coreutils
|
||||||
|
gawk
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
libPath = lib.makeLibraryPath [
|
||||||
|
stdenv.cc.cc
|
||||||
|
];
|
||||||
|
|
||||||
|
guiLibPath = lib.makeLibraryPath [
|
||||||
|
gtk
|
||||||
|
glib
|
||||||
|
libSM
|
||||||
|
gdk_pixbuf
|
||||||
|
libX11
|
||||||
|
libXinerama
|
||||||
|
pango
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
# TODO: 32bit, use the 32bit folder
|
||||||
|
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
||||||
|
--set-rpath "$libPath" \
|
||||||
|
64bit/forticlientsslvpn_cli
|
||||||
|
|
||||||
|
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
||||||
|
--set-rpath "$libPath:$guiLibPath" \
|
||||||
|
64bit/forticlientsslvpn
|
||||||
|
|
||||||
|
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
||||||
|
--set-rpath "$libPath" \
|
||||||
|
64bit/helper/subproc
|
||||||
|
|
||||||
|
sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p "$out/opt/fortinet"
|
||||||
|
|
||||||
|
cp -r 64bit/. "$out/opt/fortinet"
|
||||||
|
wrapProgram $out/opt/fortinet/forticlientsslvpn \
|
||||||
|
--set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
|
||||||
|
--set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp
|
||||||
|
|
||||||
|
mkdir -p "$out/bin/"
|
||||||
|
|
||||||
|
cat > $out/bin/forticlientsslvpn <<EOF
|
||||||
|
#!/bin/sh
|
||||||
|
# prepare suid bit in tmp
|
||||||
|
# TODO maybe tmp does not support suid
|
||||||
|
set -euf
|
||||||
|
tmpforti=\$(${coreutils}/bin/mktemp -d)
|
||||||
|
trap "rm -rf \$tmpforti;" INT TERM EXIT
|
||||||
|
cp -r $out/opt/fortinet/. \$tmpforti
|
||||||
|
chmod +s \$tmpforti/helper/subproc
|
||||||
|
cd \$tmpforti
|
||||||
|
"./forticlientsslvpn" "\$@"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod +x $out/bin/forticlientsslvpn
|
||||||
|
chmod -x $out/opt/fortinet/helper/showlicense
|
||||||
|
'';
|
||||||
|
meta = {
|
||||||
|
homepage = http://www.fortinet.com;
|
||||||
|
description = "Forticlient SSL-VPN client";
|
||||||
|
license = lib.licenses.nonfree;
|
||||||
|
maintainers = [ lib.maintainers.makefu ];
|
||||||
|
};
|
||||||
|
}
|
33
krebs/5pkgs/snapraid/default.nix
Normal file
33
krebs/5pkgs/snapraid/default.nix
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{stdenv, fetchurl}:
|
||||||
|
let
|
||||||
|
s = # Generated upstream information
|
||||||
|
rec {
|
||||||
|
baseName="jq";
|
||||||
|
version="1.5";
|
||||||
|
name="${baseName}-${version}";
|
||||||
|
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
|
||||||
|
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
|
||||||
|
};
|
||||||
|
buildInputs = [
|
||||||
|
];
|
||||||
|
in
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
inherit (s) name version;
|
||||||
|
inherit buildInputs;
|
||||||
|
src = fetchurl {
|
||||||
|
inherit (s) url sha256;
|
||||||
|
};
|
||||||
|
|
||||||
|
# jq is linked to libjq:
|
||||||
|
configureFlags = [
|
||||||
|
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
|
||||||
|
];
|
||||||
|
meta = {
|
||||||
|
inherit (s) version;
|
||||||
|
description = ''A lightweight and flexible command-line JSON processor'';
|
||||||
|
license = stdenv.lib.licenses.mit ;
|
||||||
|
maintainers = [stdenv.lib.maintainers.raskin];
|
||||||
|
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
|
|
37
makefu/1systems/omo.nix
Normal file
37
makefu/1systems/omo.nix
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
../2configs/fs/single-partition-ext4.nix
|
||||||
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
];
|
||||||
|
krebs.build.host = config.krebs.hosts.omo;
|
||||||
|
|
||||||
|
# AMD E350
|
||||||
|
boot = {
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"usb_storage"
|
||||||
|
"ahci"
|
||||||
|
"xhci_hcd"
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"ehci_pci"
|
||||||
|
];
|
||||||
|
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
|
networking.firewall.allowPing = true;
|
||||||
|
}
|
@ -6,14 +6,12 @@
|
|||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
../2configs/main-laptop.nix #< base-gui
|
../2configs/main-laptop.nix #< base-gui + zsh
|
||||||
|
|
||||||
# Krebs
|
# Krebs
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
#../2configs/disable_v6.nix
|
#../2configs/disable_v6.nix
|
||||||
|
|
||||||
# environment
|
|
||||||
../2configs/zsh-user.nix
|
|
||||||
|
|
||||||
# applications
|
# applications
|
||||||
|
|
||||||
@ -36,11 +34,17 @@
|
|||||||
# ../2configs/mediawiki.nix
|
# ../2configs/mediawiki.nix
|
||||||
#../2configs/wordpress.nix
|
#../2configs/wordpress.nix
|
||||||
];
|
];
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
tinc = pkgs.tinc_pre;
|
||||||
|
buildbot = let
|
||||||
|
pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||||
|
in pkgs1509.buildbot;
|
||||||
|
};
|
||||||
|
makefu.buildbot.master.enable = true;
|
||||||
|
|
||||||
#krebs.Reaktor.enable = true;
|
#krebs.Reaktor.enable = true;
|
||||||
#krebs.Reaktor.nickname = "makefu|r";
|
#krebs.Reaktor.nickname = "makefu|r";
|
||||||
|
# nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
|
||||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
get
|
get
|
||||||
@ -58,4 +62,5 @@
|
|||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
{ config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
|
let
|
||||||
{
|
pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||||
|
in {
|
||||||
krebs.build.host = config.krebs.hosts.vbob;
|
krebs.build.host = config.krebs.hosts.vbob;
|
||||||
krebs.build.target = "root@10.10.10.220";
|
krebs.build.target = "root@10.10.10.220";
|
||||||
imports =
|
imports =
|
||||||
@ -12,13 +13,52 @@
|
|||||||
../2configs/main-laptop.nix #< base-gui
|
../2configs/main-laptop.nix #< base-gui
|
||||||
|
|
||||||
# environment
|
# environment
|
||||||
../2configs/zsh-user.nix
|
|
||||||
../2configs/virtualization.nix
|
|
||||||
];
|
];
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
tinc = pkgs.tinc_pre;
|
||||||
|
buildbot = pkgs-unst.buildbot;
|
||||||
|
buildbot-slave = pkgs-unst.buildbot-slave;
|
||||||
|
};
|
||||||
|
|
||||||
|
makefu.buildbot.master = {
|
||||||
|
enable = true;
|
||||||
|
irc = {
|
||||||
|
enable = true;
|
||||||
|
server = "cd.retiolum";
|
||||||
|
channel = "retiolum";
|
||||||
|
allowForce = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
makefu.buildbot.slave = {
|
||||||
|
enable = true;
|
||||||
|
masterhost = "localhost";
|
||||||
|
username = "testslave";
|
||||||
|
password = "krebspass";
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.build.source.git.nixpkgs = {
|
||||||
|
#url = https://github.com/nixos/nixpkgs;
|
||||||
|
# HTTP Everywhere
|
||||||
|
rev = "a3974e";
|
||||||
|
};
|
||||||
|
fileSystems."/nix" = {
|
||||||
|
device ="/dev/disk/by-label/nixstore";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
#makefu.buildbot.master.enable = true;
|
||||||
|
# allow vbob to deploy self
|
||||||
|
users.extraUsers = {
|
||||||
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
||||||
|
};
|
||||||
|
};
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
|
buildbot
|
||||||
|
buildbot-slave
|
||||||
get
|
get
|
||||||
];
|
genid
|
||||||
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
@ -32,8 +72,8 @@
|
|||||||
connectTo = [
|
connectTo = [
|
||||||
"gum"
|
"gum"
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
|
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
|
||||||
fileSystems."/media/share" = {
|
fileSystems."/media/share" = {
|
||||||
fsType = "vboxsf";
|
fsType = "vboxsf";
|
||||||
@ -42,3 +82,4 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
18
makefu/2configs/Reaktor/full.nix
Normal file
18
makefu/2configs/Reaktor/full.nix
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
_:
|
||||||
|
{
|
||||||
|
# implementation of the complete Reaktor bot
|
||||||
|
imports = [
|
||||||
|
#./stockholmLentil.nix
|
||||||
|
./simpleExtend.nix
|
||||||
|
./random-emoji.nix
|
||||||
|
./titlebot.nix
|
||||||
|
./shack-correct.nix
|
||||||
|
./sed-plugin.nix
|
||||||
|
];
|
||||||
|
krebs.Reaktor.nickname = "Reaktor|bot";
|
||||||
|
krebs.Reaktor.enable = true;
|
||||||
|
|
||||||
|
krebs.Reaktor.extraEnviron = {
|
||||||
|
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
|
||||||
|
};
|
||||||
|
}
|
@ -7,7 +7,7 @@ in {
|
|||||||
#TODO: this will eat up the last regex, fix Reaktor
|
#TODO: this will eat up the last regex, fix Reaktor
|
||||||
krebs.Reaktor.extraConfig = ''
|
krebs.Reaktor.extraConfig = ''
|
||||||
public_commands.append({
|
public_commands.append({
|
||||||
'capname' : "shack-correct",
|
'capname' : "sed-plugin",
|
||||||
# only support s///gi
|
# only support s///gi
|
||||||
'pattern' : '^(?P<args>.*)$$',
|
'pattern' : '^(?P<args>.*)$$',
|
||||||
'argv' : ["${pkgs.python3}/bin/python3","${script}"],
|
'argv' : ["${pkgs.python3}/bin/python3","${script}"],
|
||||||
|
@ -73,4 +73,33 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
# systemWide = true;
|
# systemWide = true;
|
||||||
};
|
};
|
||||||
|
services.xserver.displayManager.sessionCommands = let
|
||||||
|
xdefaultsfile = pkgs.writeText "Xdefaults" ''
|
||||||
|
cat |derp <<EOF
|
||||||
|
XTerm*background: black
|
||||||
|
XTerm*foreground: white
|
||||||
|
XTerm*FaceName : Terminus:pixelsize=14
|
||||||
|
|
||||||
|
URxvt*termName: rxvt
|
||||||
|
URxvt.scrollBar : False
|
||||||
|
URxvt*scrollBar_right: false
|
||||||
|
URxvt*borderLess: false
|
||||||
|
URxvt.foreground: white
|
||||||
|
URxvt.background: black
|
||||||
|
URxvt.urgentOnBell: true
|
||||||
|
URxvt.visualBell: false
|
||||||
|
URxvt.font : xft:Terminus
|
||||||
|
|
||||||
|
! blue
|
||||||
|
URxvt*color4: #268bd2
|
||||||
|
|
||||||
|
|
||||||
|
URxvt.perl-ext: default,url-select
|
||||||
|
URxvt.keysym.M-u: perl:url-select:select_next
|
||||||
|
#URxvt.url-select.launcher: firefox -new-tab
|
||||||
|
URxvt.url-select.launcher: chromium
|
||||||
|
URxvt.url-select.underline: true
|
||||||
|
URxvt.searchable-scrollback: CM-s
|
||||||
|
'';
|
||||||
|
in "cat ${xdefaultsfile} | xrdb -merge";
|
||||||
}
|
}
|
||||||
|
@ -104,6 +104,8 @@ with lib;
|
|||||||
HISTSIZE=900001
|
HISTSIZE=900001
|
||||||
HISTFILESIZE=$HISTSIZE
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
|
||||||
|
PYTHONSTARTUP="~/.pythonrc";
|
||||||
|
|
||||||
shopt -s checkhash
|
shopt -s checkhash
|
||||||
shopt -s histappend histreedit histverify
|
shopt -s histappend histreedit histverify
|
||||||
shopt -s no_empty_cmd_completion
|
shopt -s no_empty_cmd_completion
|
||||||
@ -123,6 +125,9 @@ with lib;
|
|||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
lsl = "ls -lAtr";
|
lsl = "ls -lAtr";
|
||||||
|
psg = "ps -ef | grep";
|
||||||
|
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
|
||||||
|
grep = "grep --color=auto";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
@ -80,26 +80,6 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [{
|
|
||||||
krebs.users = {
|
|
||||||
makefu-omo = {
|
|
||||||
name = "makefu-omo" ;
|
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
|
|
||||||
};
|
|
||||||
makefu-vbob = {
|
|
||||||
name = "makefu-vbob" ;
|
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
|
|
||||||
};
|
|
||||||
makefu-tsp = {
|
|
||||||
name = "makefu-tsp" ;
|
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
|
|
||||||
};
|
|
||||||
exco = {
|
|
||||||
name = "exco";
|
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}];
|
|
||||||
krebs.git = {
|
krebs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
root-title = "public repositories";
|
root-title = "public repositories";
|
||||||
|
@ -9,6 +9,7 @@ with lib;
|
|||||||
imports = [
|
imports = [
|
||||||
./base-gui.nix
|
./base-gui.nix
|
||||||
./fetchWallpaper.nix
|
./fetchWallpaper.nix
|
||||||
|
./zsh-user.nix
|
||||||
];
|
];
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
vlc
|
vlc
|
||||||
|
26
makefu/2configs/nginx/euer.test.nix
Normal file
26
makefu/2configs/nginx/euer.test.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
hostname = config.krebs.build.host.name;
|
||||||
|
user = config.services.nginx.user;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||||
|
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
in {
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
servers = {
|
||||||
|
euer-share = {
|
||||||
|
listen = [ ];
|
||||||
|
server-names = [ "share.euer.krebsco.de" ];
|
||||||
|
locations = singleton (nameValuePair "/" ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_pass http://localhost:8000/;
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -9,6 +9,10 @@ in {
|
|||||||
wvdial
|
wvdial
|
||||||
];
|
];
|
||||||
|
|
||||||
|
environment.shellAliases = {
|
||||||
|
umts = "sudo wvdial netzclub";
|
||||||
|
};
|
||||||
|
|
||||||
# configure for NETZCLUB
|
# configure for NETZCLUB
|
||||||
environment.wvdial.dialerDefaults = ''
|
environment.wvdial.dialerDefaults = ''
|
||||||
Phone = *99***1#
|
Phone = *99***1#
|
||||||
|
@ -5,6 +5,46 @@ let
|
|||||||
mainUser = config.krebs.build.user.name;
|
mainUser = config.krebs.build.user.name;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.zsh.enable = true;
|
|
||||||
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
|
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
|
||||||
|
programs.zsh= {
|
||||||
|
enable = true;
|
||||||
|
interactiveShellInit = ''
|
||||||
|
HISTSIZE=900001
|
||||||
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
SAVEHIST=$HISTSIZE
|
||||||
|
|
||||||
|
setopt HIST_IGNORE_ALL_DUPS
|
||||||
|
setopt HIST_IGNORE_SPACE
|
||||||
|
setopt HIST_FIND_NO_DUPS
|
||||||
|
bindkey -e
|
||||||
|
# shift-tab
|
||||||
|
bindkey '^[[Z' reverse-menu-complete
|
||||||
|
|
||||||
|
autoload -U compinit && compinit
|
||||||
|
zstyle ':completion:*' menu select
|
||||||
|
|
||||||
|
# load gpg-agent
|
||||||
|
envfile="$HOME/.gnupg/gpg-agent.env"
|
||||||
|
if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
|
||||||
|
eval "$(cat "$envfile")"
|
||||||
|
else
|
||||||
|
eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
|
||||||
|
fi
|
||||||
|
export GPG_AGENT_INFO
|
||||||
|
export SSH_AUTH_SOCK
|
||||||
|
'';
|
||||||
|
|
||||||
|
promptInit = ''
|
||||||
|
RPROMPT=""
|
||||||
|
autoload colors && colors
|
||||||
|
case $UID in
|
||||||
|
0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;;
|
||||||
|
9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;;
|
||||||
|
*) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;;
|
||||||
|
esac
|
||||||
|
if test -n "$SSH_CLIENT"; then
|
||||||
|
PROMPT="%{$fg[magenta]%}%m $PROMPT"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
226
makefu/3modules/buildbot/master.nix
Normal file
226
makefu/3modules/buildbot/master.nix
Normal file
@ -0,0 +1,226 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
buildbot = pkgs.buildbot;
|
||||||
|
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
|
||||||
|
# -*- python -*-
|
||||||
|
from buildbot.plugins import *
|
||||||
|
|
||||||
|
c = BuildmasterConfig = {}
|
||||||
|
|
||||||
|
c['slaves'] = []
|
||||||
|
# TODO: template potential buildslaves
|
||||||
|
# TODO: set password?
|
||||||
|
slavenames= [ 'testslave' ]
|
||||||
|
for i in slavenames:
|
||||||
|
c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
|
||||||
|
|
||||||
|
c['protocols'] = {'pb': {'port': 9989}}
|
||||||
|
|
||||||
|
####### Build Inputs
|
||||||
|
stockholm_repo = 'http://cgit.gum/stockholm'
|
||||||
|
c['change_source'] = []
|
||||||
|
c['change_source'].append(changes.GitPoller(
|
||||||
|
stockholm_repo,
|
||||||
|
workdir='stockholm-poller', branch='master',
|
||||||
|
project='stockholm',
|
||||||
|
pollinterval=300))
|
||||||
|
|
||||||
|
####### Build Scheduler
|
||||||
|
# TODO: configure scheduler
|
||||||
|
important_files = util.ChangeFilter(
|
||||||
|
project_re="^((krebs|share)/.*|Makefile|default.nix)",
|
||||||
|
branch='master')
|
||||||
|
c['schedulers'] = []
|
||||||
|
c['schedulers'].append(schedulers.SingleBranchScheduler(
|
||||||
|
name="all-important-files",
|
||||||
|
change_filter=important_files,
|
||||||
|
# 3 minutes stable tree
|
||||||
|
treeStableTimer=3*60,
|
||||||
|
builderNames=["runtests"]))
|
||||||
|
c['schedulers'].append(schedulers.ForceScheduler(
|
||||||
|
name="force",
|
||||||
|
builderNames=["runtests"]))
|
||||||
|
###### The actual build
|
||||||
|
factory = util.BuildFactory()
|
||||||
|
factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
|
||||||
|
|
||||||
|
deps = [ "gnumake", "jq" ]
|
||||||
|
factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps ))
|
||||||
|
factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"},
|
||||||
|
command=["make", "get=krebs.deploy",
|
||||||
|
"system=test-centos7"]))
|
||||||
|
|
||||||
|
# TODO: different Builders?
|
||||||
|
c['builders'] = []
|
||||||
|
c['builders'].append(
|
||||||
|
util.BuilderConfig(name="runtests",
|
||||||
|
# TODO: only some slaves being used in builder?
|
||||||
|
slavenames=slavenames,
|
||||||
|
factory=factory))
|
||||||
|
|
||||||
|
####### Status of Builds
|
||||||
|
c['status'] = []
|
||||||
|
|
||||||
|
from buildbot.status import html
|
||||||
|
from buildbot.status.web import authz, auth
|
||||||
|
# TODO: configure if http is wanted
|
||||||
|
authz_cfg=authz.Authz(
|
||||||
|
# TODO: configure user/pw
|
||||||
|
auth=auth.BasicAuth([("krebs","bob")]),
|
||||||
|
gracefulShutdown = False,
|
||||||
|
forceBuild = 'auth',
|
||||||
|
forceAllBuilds = 'auth',
|
||||||
|
pingBuilder = False,
|
||||||
|
stopBuild = False,
|
||||||
|
stopAllBuilds = False,
|
||||||
|
cancelPendingBuild = False,
|
||||||
|
)
|
||||||
|
# TODO: configure nginx
|
||||||
|
c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
|
||||||
|
|
||||||
|
from buildbot.status import words
|
||||||
|
${optionalString (cfg.irc.enable) ''
|
||||||
|
irc = words.IRC("${cfg.irc.server}", "krebsbuild",
|
||||||
|
# TODO: multiple channels
|
||||||
|
channels=["${cfg.irc.channel}"],
|
||||||
|
notify_events={
|
||||||
|
'success': 1,
|
||||||
|
'failure': 1,
|
||||||
|
'exception': 1,
|
||||||
|
'successToFailure': 1,
|
||||||
|
'failureToSuccess': 1,
|
||||||
|
}${optionalString cfg.irc.allowForce ",allowForce=True"})
|
||||||
|
c['status'].append(irc)
|
||||||
|
''}
|
||||||
|
|
||||||
|
####### PROJECT IDENTITY
|
||||||
|
c['title'] = "Stockholm"
|
||||||
|
c['titleURL'] = "http://krebsco.de"
|
||||||
|
|
||||||
|
c['buildbotURL'] = "http://buildbot.krebsco.de/"
|
||||||
|
|
||||||
|
####### DB URL
|
||||||
|
c['db'] = {
|
||||||
|
'db_url' : "sqlite:///state.sqlite",
|
||||||
|
}
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
|
|
||||||
|
cfg = config.makefu.buildbot.master;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "Buildbot Master";
|
||||||
|
|
||||||
|
workDir = mkOption {
|
||||||
|
default = "/var/lib/buildbot/master";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Path to build bot master directory.
|
||||||
|
Will be created on startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
irc = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "Buildbot Master IRC Status";
|
||||||
|
channel = mkOption {
|
||||||
|
default = "nix-buildbot-meetup";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
irc channel the bot should connect to
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
allowForce = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Determines if builds can be forced via IRC
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
nick = mkOption {
|
||||||
|
default = "nix-buildbot";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
nickname for IRC
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
server = mkOption {
|
||||||
|
default = "irc.freenode.net";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Buildbot Status IRC Server to connect to
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
extraConfig = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.lines;
|
||||||
|
description = ''
|
||||||
|
extra config appended to the generated master.cfg
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
users.extraUsers.buildbotMaster = {
|
||||||
|
uid = 672626386; #genid buildbotMaster
|
||||||
|
description = "Buildbot Master";
|
||||||
|
home = cfg.workDir;
|
||||||
|
createHome = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.buildbotMaster = {
|
||||||
|
gid = 672626386;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.buildbotMaster = {
|
||||||
|
description = "Buildbot Master";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = let
|
||||||
|
workdir="${lib.shell.escape cfg.workDir}";
|
||||||
|
in {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
Type = "forking";
|
||||||
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
|
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -efux
|
||||||
|
if [ ! -e ${workdir} ];then
|
||||||
|
mkdir -p ${workdir}
|
||||||
|
${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
|
||||||
|
fi
|
||||||
|
# always override the master.cfg
|
||||||
|
cp ${buildbot-master-config} ${workdir}/master.cfg
|
||||||
|
# sanity
|
||||||
|
${buildbot}/bin/buildbot checkconfig ${workdir}
|
||||||
|
|
||||||
|
# TODO: maybe upgrade? not sure about this
|
||||||
|
# normally we should write buildbot.tac by our own
|
||||||
|
# ${buildbot}/bin/buildbot upgrade-master ${workdir}
|
||||||
|
|
||||||
|
chmod 700 -R ${workdir}
|
||||||
|
chown buildbotMaster:buildbotMaster -R ${workdir}
|
||||||
|
'';
|
||||||
|
ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
|
||||||
|
ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
|
||||||
|
ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
|
||||||
|
PrivateTmp = "true";
|
||||||
|
User = "buildbotMaster";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.makefu.buildbot.master = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
}
|
159
makefu/3modules/buildbot/slave.nix
Normal file
159
makefu/3modules/buildbot/slave.nix
Normal file
@ -0,0 +1,159 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
|
||||||
|
import os
|
||||||
|
|
||||||
|
from buildslave.bot import BuildSlave
|
||||||
|
from twisted.application import service
|
||||||
|
|
||||||
|
basedir = '${cfg.workDir}'
|
||||||
|
rotateLength = 10000000
|
||||||
|
maxRotatedFiles = 10
|
||||||
|
|
||||||
|
application = service.Application('buildslave')
|
||||||
|
|
||||||
|
from twisted.python.logfile import LogFile
|
||||||
|
from twisted.python.log import ILogObserver, FileLogObserver
|
||||||
|
logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
|
||||||
|
maxRotatedFiles=maxRotatedFiles)
|
||||||
|
application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
|
||||||
|
|
||||||
|
buildmaster_host = '${cfg.masterhost}'
|
||||||
|
# TODO: masterport?
|
||||||
|
port = 9989
|
||||||
|
slavename = '${cfg.username}'
|
||||||
|
passwd = '${cfg.password}'
|
||||||
|
keepalive = 600
|
||||||
|
usepty = 0
|
||||||
|
umask = None
|
||||||
|
maxdelay = 300
|
||||||
|
allow_shutdown = None
|
||||||
|
|
||||||
|
${cfg.extraConfig}
|
||||||
|
|
||||||
|
s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir,
|
||||||
|
keepalive, usepty, umask=umask, maxdelay=maxdelay,
|
||||||
|
allow_shutdown=allow_shutdown)
|
||||||
|
s.setServiceParent(application)
|
||||||
|
'';
|
||||||
|
|
||||||
|
cfg = config.makefu.buildbot.slave;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "Buildbot Slave";
|
||||||
|
|
||||||
|
workDir = mkOption {
|
||||||
|
default = "/var/lib/buildbot/slave";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Path to build bot slave directory.
|
||||||
|
Will be created on startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
masterhost = mkOption {
|
||||||
|
default = "localhost";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Hostname/IP of the buildbot master
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
username = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
slavename used to authenticate with master
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
password = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
slave password used to authenticate with master
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
contact = mkOption {
|
||||||
|
default = "nix slave <buildslave@${config.networking.hostName}>";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
contact to be announced by buildslave
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
description = mkOption {
|
||||||
|
default = "Nix Generated BuildSlave";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
description for hostto be announced by buildslave
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.lines;
|
||||||
|
example = ''
|
||||||
|
port = 443
|
||||||
|
keepalive = 600
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
extra config evaluated before calling BuildSlave init in .tac file
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
users.extraUsers.buildbotSlave = {
|
||||||
|
uid = 1408105834; #genid buildbotMaster
|
||||||
|
description = "Buildbot Slave";
|
||||||
|
home = cfg.workDir;
|
||||||
|
createHome = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.buildbotSlave = {
|
||||||
|
gid = 1408105834;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = {
|
||||||
|
description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = let
|
||||||
|
workdir = "${lib.shell.escape cfg.workDir}";
|
||||||
|
contact = "${lib.shell.escape cfg.contact}";
|
||||||
|
description = "${lib.shell.escape cfg.description}";
|
||||||
|
buildbot = pkgs.buildbot-slave;
|
||||||
|
# TODO:make this
|
||||||
|
in {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
Type = "forking";
|
||||||
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
|
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -efux
|
||||||
|
mkdir -p ${workdir}/info
|
||||||
|
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||||
|
echo ${contact} > ${workdir}/info/admin
|
||||||
|
echo ${description} > ${workdir}/info/host
|
||||||
|
|
||||||
|
chown buildbotSlave:buildbotSlave -R ${workdir}
|
||||||
|
chmod 700 -R ${workdir}
|
||||||
|
'';
|
||||||
|
ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
|
||||||
|
ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
|
||||||
|
PrivateTmp = "true";
|
||||||
|
User = "buildbotSlave";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.makefu.buildbot.slave = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
}
|
@ -2,6 +2,7 @@ _:
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./buildbot/master.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11,6 +11,7 @@ in
|
|||||||
../2configs/collectd-base.nix
|
../2configs/collectd-base.nix
|
||||||
../2configs/shack-nix-cacher.nix
|
../2configs/shack-nix-cacher.nix
|
||||||
../2configs/shack-drivedroid.nix
|
../2configs/shack-drivedroid.nix
|
||||||
|
../2configs/cac-ci.nix
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
# apt-cacher-ng in first place)
|
# apt-cacher-ng in first place)
|
||||||
@ -24,7 +25,7 @@ in
|
|||||||
}];
|
}];
|
||||||
|
|
||||||
defaultGateway = "10.42.0.1";
|
defaultGateway = "10.42.0.1";
|
||||||
nameservers = [ "8.8.8.8" ];
|
nameservers = [ "10.42.0.100" "10.42.0.200" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
#####################
|
#####################
|
||||||
|
11
shared/2configs/cac-ci.nix
Normal file
11
shared/2configs/cac-ci.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs;[
|
||||||
|
get
|
||||||
|
cac
|
||||||
|
cacpanel
|
||||||
|
jq
|
||||||
|
];
|
||||||
|
}
|
37
shared/2configs/graphite.nix
Normal file
37
shared/2configs/graphite.nix
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# graphite-web on port 8080
|
||||||
|
# carbon cache on port 2003 (tcp/udp)
|
||||||
|
|
||||||
|
# TODO: krebs.graphite.minimal.enable
|
||||||
|
# TODO: configure firewall
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
services.graphite = {
|
||||||
|
web = {
|
||||||
|
enable = true;
|
||||||
|
host = "0.0.0.0";
|
||||||
|
};
|
||||||
|
carbon = {
|
||||||
|
enableCache = true;
|
||||||
|
# save disk usage by restricting to 1 bulk update per second
|
||||||
|
config = ''
|
||||||
|
[cache]
|
||||||
|
MAX_CACHE_SIZE = inf
|
||||||
|
MAX_UPDATES_PER_SECOND = 1
|
||||||
|
MAX_CREATES_PER_MINUTE = 50
|
||||||
|
'';
|
||||||
|
storageSchemas = ''
|
||||||
|
[carbon]
|
||||||
|
pattern = ^carbon\.
|
||||||
|
retentions = 60:90d
|
||||||
|
|
||||||
|
[default]
|
||||||
|
pattern = .*
|
||||||
|
retentions = 60s:30d,300s:1y
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user