Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l 2 buildbot-standalone: use make test

Browse Source
This commit is contained in:
lassulus 2016-06-18 13:26:22 +02:00
parent 1d47f59e8f
commit 30a80d67df
1 changed files with 48 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
lass/2configs/buildbot-standalone.nix
View File

@ -1,6 +1,14 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
{
krebs.buildbot.master = let with config.krebs.lib;
let
sshWrapper = pkgs.writeDash "ssh-wrapper" ''
${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
'';
in {
config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ; stockholm-mirror-url = http://cgit.prism/stockholm ;
in { in {
slaves = { slaves = {
@ -44,11 +52,15 @@
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
# TODO: get nixpkgs/stockholm paths from krebs # TODO: get nixpkgs/stockholm paths from krebs
env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} env = {
"LOGNAME": "lass",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
# prepare nix-shell # prepare nix-shell
# the dependencies which are used by the test script # the dependencies which are used by the test script
deps = [ "gnumake", "jq", "nix", "rsync" ] deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
# TODO: --pure , prepare ENV in nix-shell command: # TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell", nixshell = ["nix-shell",
@ -68,12 +80,11 @@
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env, addShell(f,name="build-{}".format(i),env=env,
command=nixshell + \ command=nixshell + \
["nix-build \ ["make \
--show-trace --no-out-link \ test \
-I nixos-config=./lass/1systems/{}.nix \ ssh=${sshWrapper} \
-I secrets=./lass/2configs/tests/dummy-secrets \ target=build@localhost:${config.users.users.build.home}/testbuild \
-I stockholm=. \ system={}".format(i)])
-A config.system.build.toplevel".format(i)])
bu.append(util.BuilderConfig(name="build-all", bu.append(util.BuilderConfig(name="build-all",
slavenames=slavenames, slavenames=slavenames,
@ -115,7 +126,7 @@
}; };
}; };
krebs.buildbot.slave = { config.krebs.buildbot.slave = {
enable = true; enable = true;
masterhost = "localhost"; masterhost = "localhost";
username = "testslave"; username = "testslave";
@ -125,7 +136,7 @@
NIX_PATH="nixpkgs=/var/src/nixpkgs"; NIX_PATH="nixpkgs=/var/src/nixpkgs";
}; };
}; };
krebs.iptables = { config.krebs.iptables = {
tables = { tables = {
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@ -133,4 +144,29 @@
]; ];
}; };
}; };
#ssh workaround for make test
options.lass.build-ssh-privkey = mkOption {
type = types.secret-file;
default = {
path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
owner = { inherit (config.users.users.buildbotSlave ) name uid;};
source-path = toString <secrets> + "/build.ssh.key";
};
};
config.krebs.secret.files = {
build-ssh-privkey = config.lass.build-ssh-privkey;
};
config.users.users = {
build = {
name = "build";
uid = genid "build";
home = "/home/build";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
];
};
};
} }