Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master' into hydra

Browse Source
This commit is contained in:
makefu 2017-12-30 14:08:53 +01:00
commit 57882d0896
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
9 changed files with 183 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
krebs/5pkgs/simple/eximlog.nix Normal file
View File

@ -0,0 +1,28 @@
{ jq, systemd, writeDashBin }:
let
lib = import <stockholm/lib>;
user = "exim"; # TODO make this configurable
in
# TODO execute eximlog only if journalctl doesn't fail
# bash's set -o pipefail isn't enough
writeDashBin "eximlog" ''
${systemd}/bin/journalctl \
-u ${lib.shell.escape user} \
-o short-unix \
"$@" \
|
${jq}/bin/jq -Rr '
# Only select lines that start with a timestamp
select(test("^[0-9]")) |
split(" ") |
(.[0] | tonumber) as $time |
(.[3:] | join(" ")) as $message |
"\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)"
'
''

22
krebs/6tests/data/test-config.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/krebs>
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
krebs.hosts.minimal = {
cores = 1;
secure = false;
};
boot.loader.grub.enable = false;
boot.loader.systemd-boot.enable = true;
krebs.build = {
host = config.krebs.hosts.minimal;
user = config.krebs.users.krebs;
};
}

12
krebs/6tests/data/test-source.nix Normal file
View File

@ -0,0 +1,12 @@
with import <stockholm/lib>;
evalSource "" [{
nixos-config = {
symlink.target = toString ./test-config;
};
nixpkgs = {
symlink.target = toString <nixpkgs>;
};
stockholm = {
symlink.target = toString <stockholm>;
};
}]

110
krebs/6tests/deploy.nix Normal file
View File

@ -0,0 +1,110 @@
with import <stockholm/lib>;
import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
let
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy
ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ
AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz
eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ=
-----END OPENSSH PRIVATE KEY-----
'';
pubKey = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1
'';
ssh-config = pkgs.writeText "ssh-config" ''
Host server
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
'';
populate-source = {
nixos-config = {
symlink.target = test-config;
type = "symlink";
};
nixpkgs = {
symlink.target = <nixpkgs>;
type = "symlink";
};
stockholm = {
symlink.target = <stockholm>;
type = "symlink";
};
};
test-deploy = pkgs.writeDash "test-deploy" ''
cd ${<stockholm>}
export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
exec >&2
: ${minimalSystem}
source=${pkgs.writeJSON "source.json" populate-source}
cat > /tmp/derp <<EOF
builtins.fromJSON (builtins.readFile "$source")
EOF
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
# --force-populate \
# --source=/tmp/derp \
# --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
test-config
];
}).config.system.build.toplevel;
in {
name = "deploy";
nodes = {
server =
{ config, pkgs, ... }:
{
imports = [ test-config ];
environment.variables = {
NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
#LOL = minimalSystem;
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
pubKey
];
#virtualisation.writableStore = true;
virtualisation.pathsInNixDB = [
minimalSystem
pkgs.stockholm
];
};
client =
{ config, pkgs, ... }: { };
};
testScript = ''
startAll;
$server->waitForUnit("sshd");
$client->succeed("mkdir -p -m 700 /root/.ssh");
$client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519");
$client->succeed("cp ${ssh-config} /root/.ssh/config");
$client->succeed("chmod 600 /root/.ssh/id_ed25519");
$server->waitForUnit("network.target");
$server->succeed("ip route show 1>&2");
$client->waitForUnit("network.target");
$client->succeed("${test-deploy}");
$server->succeed("nixos-rebuild -I /var/src switch");
$client->shutdown;
$server->shutdown;
'';
})

2
lass/source.nix
View File

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "af7e479";
ref = "3aec59c";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;

3
tv/1systems/querel/config.nix
View File

@ -29,6 +29,7 @@ with import <stockholm/lib>;
};
environment.systemPackages = with pkgs; [
chromium
firefoxWrapper
gimp
kate
@ -65,6 +66,8 @@ with import <stockholm/lib>;
networking.networkmanager.enable = true;
nixpkgs.config.chromium.enablePepperFlash = true;
programs.ssh.startAgent = false;
services.printing = {

3
tv/2configs/exim-retiolum.nix
View File

@ -3,6 +3,9 @@
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.eximlog
];
krebs.exim-retiolum.enable = true;
tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
}

3
tv/2configs/exim-smarthost.nix
View File

@ -3,6 +3,9 @@
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.eximlog
];
krebs.exim-smarthost = {
enable = true;
dkim = [

2
tv/source.nix
View File

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
nixpkgs.git = {
# nixos-17.09
ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {