From a5d7056ccba9fb5f3495390ad1213e133e44fa78 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Dec 2017 23:42:18 +0100 Subject: [PATCH 1/8] add populate test --- krebs/6tests/data/test-config.nix | 22 ++++++ krebs/6tests/data/test-source.nix | 12 ++++ krebs/6tests/deploy.nix | 110 ++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+) create mode 100644 krebs/6tests/data/test-config.nix create mode 100644 krebs/6tests/data/test-source.nix create mode 100644 krebs/6tests/deploy.nix diff --git a/krebs/6tests/data/test-config.nix b/krebs/6tests/data/test-config.nix new file mode 100644 index 000000000..f0927ddd9 --- /dev/null +++ b/krebs/6tests/data/test-config.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + ]; + + krebs.hosts.minimal = { + cores = 1; + secure = false; + }; + + boot.loader.grub.enable = false; + boot.loader.systemd-boot.enable = true; + + krebs.build = { + host = config.krebs.hosts.minimal; + user = config.krebs.users.krebs; + }; +} diff --git a/krebs/6tests/data/test-source.nix b/krebs/6tests/data/test-source.nix new file mode 100644 index 000000000..dfc6b3297 --- /dev/null +++ b/krebs/6tests/data/test-source.nix @@ -0,0 +1,12 @@ +with import ; +evalSource "" [{ + nixos-config = { + symlink.target = toString ./test-config; + }; + nixpkgs = { + symlink.target = toString ; + }; + stockholm = { + symlink.target = toString ; + }; +}] diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix new file mode 100644 index 000000000..842bbc22a --- /dev/null +++ b/krebs/6tests/deploy.nix @@ -0,0 +1,110 @@ +with import ; +import ({ pkgs, ... }: + +let + test-config = ; + privKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy + ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ + AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz + eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ= + -----END OPENSSH PRIVATE KEY----- + ''; + pubKey = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1 + ''; + + ssh-config = pkgs.writeText "ssh-config" '' + Host server + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + ''; + + populate-source = { + nixos-config = { + symlink.target = test-config; + type = "symlink"; + }; + nixpkgs = { + symlink.target = ; + type = "symlink"; + }; + stockholm = { + symlink.target = ; + type = "symlink"; + }; + }; + + test-deploy = pkgs.writeDash "test-deploy" '' + cd ${} + export NIX_PATH=stockholm=${}:nixpkgs=${}:$NIX_PATH + exec >&2 + : ${minimalSystem} + source=${pkgs.writeJSON "source.json" populate-source} + cat > /tmp/derp < { + modules = [ + test-config + ]; + }).config.system.build.toplevel; + +in { + name = "deploy"; + + nodes = { + + server = + { config, pkgs, ... }: + + { + imports = [ test-config ]; + environment.variables = { + NIX_PATH = mkForce "nixpkgs=${}"; + #LOL = minimalSystem; + }; + services.openssh.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + pubKey + ]; + #virtualisation.writableStore = true; + virtualisation.pathsInNixDB = [ + minimalSystem + pkgs.stockholm + ]; + }; + + client = + { config, pkgs, ... }: { }; + + }; + + testScript = '' + startAll; + + $server->waitForUnit("sshd"); + + $client->succeed("mkdir -p -m 700 /root/.ssh"); + $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519"); + $client->succeed("cp ${ssh-config} /root/.ssh/config"); + $client->succeed("chmod 600 /root/.ssh/id_ed25519"); + + $server->waitForUnit("network.target"); + $server->succeed("ip route show 1>&2"); + $client->waitForUnit("network.target"); + $client->succeed("${test-deploy}"); + $server->succeed("nixos-rebuild -I /var/src switch"); + + $client->shutdown; + $server->shutdown; + ''; +}) From c90f3a34934e5487c32e9424239a0040b4036e44 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Dec 2017 14:20:47 +0100 Subject: [PATCH 2/8] l nixpkgs: af7e479 -> ed3b1bc --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index bf992d4d2..403156000 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "af7e479"; + ref = "ed3b1bc"; }; secrets = getAttr builder { buildbot.file = toString ; From 13be61e360e769ad28fc48df20524e483cf00efc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Dec 2017 01:24:11 +0100 Subject: [PATCH 3/8] eximlog: init --- krebs/5pkgs/simple/eximlog.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 krebs/5pkgs/simple/eximlog.nix diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix new file mode 100644 index 000000000..2d64e13e9 --- /dev/null +++ b/krebs/5pkgs/simple/eximlog.nix @@ -0,0 +1,28 @@ +{ jq, systemd, writeDashBin }: + +let + lib = import ; + user = "exim"; # TODO make this configurable +in + +# TODO execute eximlog only if journalctl doesn't fail +# bash's set -o pipefail isn't enough + +writeDashBin "eximlog" '' + ${systemd}/bin/journalctl \ + -u ${lib.shell.escape user} \ + -o short-unix \ + "$@" \ + | + ${jq}/bin/jq -Rr ' + # Only select lines that start with a timestamp + select(test("^[0-9]")) | + + split(" ") | + (.[0] | tonumber) as $time | + (.[3:] | join(" ")) as $message | + + "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)" + + ' +'' From 9f37a4c4f7fff0246577d233a1497fc5a7ceb8d2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Dec 2017 01:27:07 +0100 Subject: [PATCH 4/8] tv exim-*: add eximlog --- tv/2configs/exim-retiolum.nix | 3 +++ tv/2configs/exim-smarthost.nix | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index bf13a388a..8b34b16cf 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -3,6 +3,9 @@ with import ; { + environment.systemPackages = [ + pkgs.eximlog + ]; krebs.exim-retiolum.enable = true; tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 079013c79..68fbcd151 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -3,6 +3,9 @@ with import ; { + environment.systemPackages = [ + pkgs.eximlog + ]; krebs.exim-smarthost = { enable = true; dkim = [ From 28085c8e6d37a0dd31d7627fa01d072723c4f46c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Dec 2017 21:31:39 +0100 Subject: [PATCH 5/8] tv querel: add chromium with flash --- tv/1systems/querel/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 05b4d9133..07ec8e403 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -29,6 +29,7 @@ with import ; }; environment.systemPackages = with pkgs; [ + chromium firefoxWrapper gimp kate @@ -65,6 +66,8 @@ with import ; networking.networkmanager.enable = true; + nixpkgs.config.chromium.enablePepperFlash = true; + programs.ssh.startAgent = false; services.printing = { From b73b1c45e57e3bab0300f5ecbed261c6d45a5d53 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Dec 2017 21:39:14 +0100 Subject: [PATCH 6/8] l nixpkgs: ed3b1bc -> 53e6d67 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 403156000..de7351604 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ed3b1bc"; + ref = "53e6d67"; }; secrets = getAttr builder { buildbot.file = toString ; From 04b711f516c978e84b334a82008d40dfaad1de1b Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 27 Dec 2017 15:32:02 +0100 Subject: [PATCH 7/8] tv nixpkgs: d0f0657 -> 53e6d67 --- tv/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/source.nix b/tv/source.nix index f3bda2715..31308fc99 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.09 - ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; + ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { From dd817f9e26ee2aeae839dddc73b869d218a337cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Dec 2017 15:27:06 +0100 Subject: [PATCH 8/8] l nixpkgs: 53e6d67 -> 3aec59c --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index de7351604..473dd2cf2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53e6d67"; + ref = "3aec59c"; }; secrets = getAttr builder { buildbot.file = toString ;