Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

merge shared into krebs

Browse Source
This commit is contained in:
tv 2017-07-14 00:17:58 +02:00
parent c213968c44
commit 58380c8284
52 changed files with 88 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -109,7 +109,7 @@ populate:
pkgs:;@$(error no package selected) pkgs:;@$(error no package selected)
pkgs.%:;@$(call build,$@) pkgs.%:;@$(call build,$@)
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name # usage: make LOGNAME=krebs system=wolf eval.config.krebs.build.host.name
eval eval.:;@$(call evaluate,$${expr-eval}) eval eval.:;@$(call evaluate,$${expr-eval})
eval.%:;@$(call evaluate,$@) eval.%:;@$(call evaluate,$@)

5
shared/1systems/test-all-krebs-modules/config.nix → krebs/1systems/test-all-krebs-modules/config.nix
View File

@ -3,11 +3,12 @@ let
en = { enable = true;}; en = { enable = true;};
in { in {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/krebs/2configs>
]; ];
krebs = { krebs = {
enable = true; enable = true;
build.user = config.krebs.users.shared; build.user = config.krebs.users.krebs;
build.host = config.krebs.hosts.test-all-krebs-modules; build.host = config.krebs.hosts.test-all-krebs-modules;
Reaktor.test = {}; Reaktor.test = {};
apt-cacher-ng.enable = true; apt-cacher-ng.enable = true;

3
krebs/1systems/test-all-krebs-modules/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-all-krebs-modules";
}

3
shared/1systems/test-arch/config.nix → krebs/1systems/test-arch/config.nix
View File

@ -2,7 +2,8 @@
{ {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/krebs/2configs>
{ {
boot.loader.grub = { boot.loader.grub = {
device = "/dev/sda"; device = "/dev/sda";

3
krebs/1systems/test-arch/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-arch";
}

5
shared/1systems/test-centos6/config.nix → krebs/1systems/test-centos6/config.nix
View File

@ -7,8 +7,9 @@ let
gw = "168.235.148.1"; gw = "168.235.148.1";
in { in {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix> <stockholm/krebs/2configs>
<stockholm/krebs/2configs/os-templates/CAC-CentOS-6.5-64bit.nix>
{ {
networking.interfaces.enp11s0.ip4 = [ networking.interfaces.enp11s0.ip4 = [
{ {

3
krebs/1systems/test-centos6/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-centos6";
}

17
krebs/1systems/test-centos7/config.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) head;
in {
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/krebs/2configs/temp/networking.nix>
<stockholm/krebs/2configs/temp/dirs.nix>
];
sound.enable = false;
krebs.build.host = config.krebs.hosts.test-centos7;
}

3
krebs/1systems/test-centos7/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-centos7";
}

3
shared/1systems/test-failing/config.nix → krebs/1systems/test-failing/config.nix
View File

@ -2,7 +2,8 @@
{ {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/krebs/2configs>
]; ];
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
programs.ssh.startAgent = false; programs.ssh.startAgent = false;

3
krebs/1systems/test-failing/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-failing";
}

5
shared/1systems/test-minimal-deploy/config.nix → krebs/1systems/test-minimal-deploy/config.nix
View File

@ -1,11 +1,12 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/krebs/2configs>
]; ];
krebs = { krebs = {
enable = true; enable = true;
build.user = config.krebs.users.shared; build.user = config.krebs.users.krebs;
build.host = config.krebs.hosts.test-all-krebs-modules; build.host = config.krebs.hosts.test-all-krebs-modules;
}; };
# just get the system to eval in nixos without errors # just get the system to eval in nixos without errors

3
krebs/1systems/test-minimal-deploy/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "test-minimal-deploy";
}

31
shared/1systems/wolf/config.nix → krebs/1systems/wolf/config.nix
View File

@ -4,24 +4,25 @@ let
in in
{ {
imports = [ imports = [
<stockholm/shared> <stockholm/krebs>
<stockholm/krebs/2configs>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/shared/2configs/collectd-base.nix> <stockholm/krebs/2configs/collectd-base.nix>
<stockholm/shared/2configs/central-stats-client.nix> <stockholm/krebs/2configs/central-stats-client.nix>
<stockholm/shared/2configs/save-diskspace.nix> <stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/shared/2configs/cgit-mirror.nix> <stockholm/krebs/2configs/cgit-mirror.nix>
<stockholm/shared/2configs/graphite.nix> <stockholm/krebs/2configs/graphite.nix>
<stockholm/shared/2configs/repo-sync.nix> <stockholm/krebs/2configs/repo-sync.nix>
<stockholm/shared/2configs/shared-buildbot.nix> <stockholm/krebs/2configs/shared-buildbot.nix>
<stockholm/shared/2configs/shack/worlddomination.nix> <stockholm/krebs/2configs/shack/worlddomination.nix>
<stockholm/shared/2configs/shack/drivedroid.nix> <stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/shared/2configs/shack/nix-cacher.nix> # <stockholm/krebs/2configs/shack/nix-cacher.nix>
<stockholm/shared/2configs/shack/mqtt_sub.nix> <stockholm/krebs/2configs/shack/mqtt_sub.nix>
<stockholm/shared/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/muell_caller.nix>
<stockholm/shared/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/radioactive.nix>
<stockholm/shared/2configs/shack/share.nix> <stockholm/krebs/2configs/shack/share.nix>
]; ];
# use your own binary cache, fallback use cache.nixos.org (which is used by # use your own binary cache, fallback use cache.nixos.org (which is used by

3
krebs/1systems/wolf/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/krebs/source.nix> {
name = "wolf";
}

0
shared/2configs/central-stats-client.nix → krebs/2configs/central-stats-client.nix
View File

0
shared/2configs/cgit-mirror.nix → krebs/2configs/cgit-mirror.nix
View File

0
shared/2configs/collectd-base.nix → krebs/2configs/collectd-base.nix
View File

3
shared/2configs/default.nix → krebs/2configs/default.nix
View File

@ -5,8 +5,7 @@ with import <stockholm/lib>;
krebs.enable = true; krebs.enable = true;
krebs.tinc.retiolum.enable = true; krebs.tinc.retiolum.enable = true;
# TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.krebs;
krebs.build.user = mkDefault config.krebs.users.shared;
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;

0
shared/2configs/graphite.nix → krebs/2configs/graphite.nix
View File

0
shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix → krebs/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
View File

0
shared/2configs/os-templates/CAC-CentOS-7-64bit.nix → krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix
View File

0
shared/2configs/repo-sync.nix → krebs/2configs/repo-sync.nix
View File

0
shared/2configs/save-diskspace.nix → krebs/2configs/save-diskspace.nix
View File

0
shared/2configs/shack/bincache.nix → krebs/2configs/shack/bincache.nix
View File

0
shared/2configs/shack/drivedroid.nix → krebs/2configs/shack/drivedroid.nix
View File

0
shared/2configs/shack/mqtt_sub.nix → krebs/2configs/shack/mqtt_sub.nix
View File

0
shared/2configs/shack/muell_caller.nix → krebs/2configs/shack/muell_caller.nix
View File

0
shared/2configs/shack/nix-cacher.nix → krebs/2configs/shack/nix-cacher.nix
View File

0
shared/2configs/shack/radioactive.nix → krebs/2configs/shack/radioactive.nix
View File

0
shared/2configs/shack/share.nix → krebs/2configs/shack/share.nix
View File

0
shared/2configs/shack/worlddomination.nix → krebs/2configs/shack/worlddomination.nix
View File

10
shared/2configs/shared-buildbot.nix → krebs/2configs/shared-buildbot.nix
View File

@ -1,9 +1,9 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
# The buildbot config is self-contained and currently provides a way # The buildbot config is self-contained and currently provides a way
# to test "shared" configuration (infrastructure to be used by every krebsminister). # to test "krebs" configuration (infrastructure to be used by every krebsminister).
# You can add your own test, test steps as required. Deploy the config on a # You can add your own test, test steps as required. Deploy the config on a
# shared host like wolf and everything should be fine. # krebs host like wolf and everything should be fine.
# TODO for all users schedule a build for fast tests # TODO for all users schedule a build for fast tests
{ {
@ -56,7 +56,7 @@
test-cac-infest-master = '' test-cac-infest-master = ''
# files everyone depends on or are part of the share branch # files everyone depends on or are part of the share branch
def shared_files(change): def shared_files(change):
r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)") r =re.compile("^(krebs/.*|Makefile|default.nix|shell.nix)")
for file in change.files: for file in change.files:
if r.match(file): if r.match(file):
return True return True
@ -78,7 +78,7 @@
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
env = { env = {
"LOGNAME": "shared", "LOGNAME": "krebs",
"NIX_REMOTE": "daemon", "NIX_REMOTE": "daemon",
"dummy_secrets": "true", "dummy_secrets": "true",
} }
@ -173,6 +173,6 @@
packages = with pkgs; [ gnumake jq nix populate ]; packages = with pkgs; [ gnumake jq nix populate ];
# all nix commands will need a working nixpkgs installation # all nix commands will need a working nixpkgs installation
extraEnviron = { extraEnviron = {
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/wolf.nix"; };
}; };
} }

0
shared/2configs/temp/dirs.nix → krebs/2configs/temp/dirs.nix
View File

0
shared/2configs/temp/networking.nix → krebs/2configs/temp/networking.nix
View File

2
krebs/3modules/default.nix
View File

@ -94,10 +94,10 @@ let
imp = lib.mkMerge [ imp = lib.mkMerge [
{ krebs = import ./lass { inherit config; }; } { krebs = import ./lass { inherit config; }; }
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; } { krebs = import ./makefu { inherit config; }; }
{ krebs = import ./mv { inherit config; }; } { krebs = import ./mv { inherit config; }; }
{ krebs = import ./nin { inherit config; }; } { krebs = import ./nin { inherit config; }; }
{ krebs = import ./shared { inherit config; }; }
{ krebs = import ./tv { inherit config; }; } { krebs = import ./tv { inherit config; }; }
{ {
krebs.dns.providers = { krebs.dns.providers = {

8
krebs/3modules/shared/default.nix → krebs/3modules/krebs/default.nix
View File

@ -8,7 +8,7 @@ let
"test-centos7" "test-centos7"
"test-all-krebs-modules" "test-all-krebs-modules"
] (name: { ] (name: {
owner = config.krebs.users.shared; owner = config.krebs.users.krebs;
inherit name; inherit name;
cores = 1; cores = 1;
nets = { nets = {
@ -31,7 +31,7 @@ let
in { in {
hosts = { hosts = {
wolf = { wolf = {
owner = config.krebs.users.shared; owner = config.krebs.users.krebs;
nets = { nets = {
shack = { shack = {
ip4.addr = "10.42.2.150" ; ip4.addr = "10.42.2.150" ;
@ -67,9 +67,9 @@ in {
}; };
} // testHosts; } // testHosts;
users = { users = {
shared = { krebs = {
mail = "spam@krebsco.de"; mail = "spam@krebsco.de";
pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
}; };
}; };
} }

8
krebs/5pkgs/test/infest-cac-centos7/notes
View File

@ -15,7 +15,7 @@ krebs_cred=${krebs_cred-./cac.json}
# tinc retiolum key for host # tinc retiolum key for host
retiolum_key=${retiolum_key-./retiolum.rsa_key.priv} retiolum_key=${retiolum_key-./retiolum.rsa_key.priv}
# build this host # build this host
user=${user:-shared} user=${user:-krebs}
system=${target_system:-test-centos7} system=${target_system:-test-centos7}
log(){ log(){
@ -125,9 +125,9 @@ done
clear_defer >/dev/null clear_defer >/dev/null
defer "cac-api delete $id;$old_trapstr" defer "cac-api delete $id;$old_trapstr"
mkdir -p shared/2configs/temp mkdir -p krebs/2configs/temp
cac-api generatenetworking $id > \ cac-api generatenetworking $id > \
shared/2configs/temp/networking.nix krebs/2configs/temp/networking.nix
# new temporary ssh key we will use to log in after install # new temporary ssh key we will use to log in after install
ssh-keygen -f $krebs_ssh -N "" ssh-keygen -f $krebs_ssh -N ""
cp "$retiolum_key" $krebs_secrets/retiolum.rsa_key.priv cp "$retiolum_key" $krebs_secrets/retiolum.rsa_key.priv
@ -135,7 +135,7 @@ cp "$retiolum_key" $krebs_secrets/retiolum.rsa_key.priv
# additionally we set the ssh key we generated # additionally we set the ssh key we generated
ip=$(cac-api getserver $id | jq -r .ip) ip=$(cac-api getserver $id | jq -r .ip)
cat > shared/2configs/temp/dirs.nix <<EOF cat > krebs/2configs/temp/dirs.nix <<EOF
_: { _: {
krebs.build.source = { krebs.build.source = {
secrets.file = "$krebs_secrets"; secrets.file = "$krebs_secrets";

0
shared/6tests/data/secrets/grafana_security.nix → krebs/6tests/data/secrets/grafana_security.nix
View File

0
shared/6tests/data/secrets/retiolum.rsa_key.priv → krebs/6tests/data/secrets/retiolum.rsa_key.priv
View File

0
shared/6tests/data/secrets/ssh.id_ed25519 → krebs/6tests/data/secrets/ssh.id_ed25519
View File

10
shared/source.nix → krebs/source.nix
View File

@ -2,14 +2,14 @@ with import <stockholm/lib>;
host@{ name, secure ? false }: let host@{ name, secure ? false }: let
builder = if getEnv "dummy_secrets" == "true" builder = if getEnv "dummy_secrets" == "true"
then "buildbot" then "buildbot"
else "shared"; else "krebs";
_file = <stockholm> + "/shared/1systems/${name}/source.nix"; _file = <stockholm> + "/krebs/1systems/${name}/source.nix";
in in
evalSource (toString _file) { evalSource (toString _file) {
nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets.file = getAttr builder { secrets.file = getAttr builder {
buildbot = toString <stockholm/shared/6tests/data/secrets>; buildbot = toString <stockholm/krebs/6tests/data/secrets>;
shared = "${getEnv "HOME"}/secrets/krebs/${host.name}"; krebs = "${getEnv "HOME"}/secrets/krebs/${host.name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
nixpkgs.git = { nixpkgs.git = {

3
shared/1systems/test-all-krebs-modules/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-all-krebs-modules";
}

3
shared/1systems/test-arch/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-arch";
}

3
shared/1systems/test-centos6/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-centos6";
}

16
shared/1systems/test-centos7/config.nix
View File

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) head;
in {
imports = [
<stockholm/shared>
<stockholm/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/shared/2configs/temp/networking.nix>
<stockholm/shared/2configs/temp/dirs.nix>
];
sound.enable = false;
krebs.build.host = config.krebs.hosts.test-centos7;
}

3
shared/1systems/test-centos7/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-centos7";
}

3
shared/1systems/test-failing/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-failing";
}

3
shared/1systems/test-minimal-deploy/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "test-minimal-deploy";
}

3
shared/1systems/wolf/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/shared/source.nix> {
name = "wolf";
}

5
shared/3modules/default.nix
View File

@ -1,5 +0,0 @@
# TODO don't require 3modules
_:
{
}

8
shared/default.nix
View File

@ -1,8 +0,0 @@
_:
{
imports = [
../krebs
./2configs
./3modules
];
}