Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'gum/master'

Browse Source
This commit is contained in:
tv 2016-02-19 14:30:39 +01:00
commit cb258d3990
12 changed files with 128 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/makefu/default.nix
View File

@ -291,7 +291,7 @@ with config.krebs.lib;
wbob = rec {
cores = 1;
nets = {
retiolm = {
retiolum = {
addrs4 = ["10.243.214.15"];
addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"];
aliases = [

1
makefu/1systems/gum.nix
View File

@ -17,6 +17,7 @@ in {
../2configs/mattermost-docker.nix
../2configs/nginx/euer.test.nix
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
../2configs/exim-retiolum.nix
../2configs/urlwatch.nix

7
makefu/2configs/default.nix
View File

@ -4,6 +4,13 @@ with config.krebs.lib;
{
system.stateVersion = "15.09";
system.replaceRuntimeDependencies = with pkgs.lib;
[{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++
[(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch";
sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})];
});}
];
imports = [
{
users.extraUsers =

46
makefu/2configs/deployment/mycube.connector.one.nix Normal file
View File

@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module
with config.krebs.lib;
let
hostname = config.krebs.build.host.name;
external-ip = head config.krebs.build.host.nets.internet.addrs4;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
services.redis.enable = true;
services.uwsgi = {
enable = true;
user = "nginx";
plugins = [ "python2" ];
instance = {
type = "emperor";
vassals = {
mycube-flask = {
type = "normal";
python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ];
socket = wsgi-sock;
};
};
};
};
krebs.nginx = {
enable = mkDefault true;
servers = {
mybox-connector-one = {
listen = [ "${external-ip}:80" ];
server-names = [
"mycube.connector.one"
"mybox.connector.one"
];
locations = singleton (nameValuePair "/" ''
uwsgi_pass unix://${wsgi-sock};
uwsgi_param UWSGI_CHDIR ${pkgs.mycube-flask}/${pkgs.python.sitePackages};
uwsgi_param UWSGI_MODULE mycube.websrv;
uwsgi_param UWSGI_CALLABLE app;
include ${pkgs.nginx}/conf/uwsgi_params;
'');
};
};
};
}

2
makefu/2configs/git/cgit-retiolum.nix
View File

@ -57,7 +57,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
krebsminister = with config.krebs.users; [ lass tv ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
all-exco = with config.krebs.users; [ exco ];

3
makefu/2configs/hw/tp-x2x0.nix
View File

@ -2,8 +2,7 @@
with config.krebs.lib;
{
# TODO: put this somewhere else
networking.wireless.enable = true;
networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;

3
makefu/2configs/main-laptop.nix
View File

@ -12,6 +12,9 @@ with config.krebs.lib;
./fetchWallpaper.nix
./zsh-user.nix
];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
environment.systemPackages = with pkgs;[
vlc
firefox

2
makefu/2configs/nginx/update.connector.one.nix
View File

@ -8,7 +8,7 @@ in {
krebs.nginx = {
enable = mkDefault true;
servers = {
omo-share = {
update-connector-one = {
listen = [ "${external-ip}:80" ];
server-names = [
"update.connector.one"

1
makefu/5pkgs/default.nix
View File

@ -10,5 +10,6 @@ in
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
mycube-flask = callPackage ./mycube-flask {};
};
}

21
makefu/5pkgs/mycube-flask/default.nix Normal file
View File

@ -0,0 +1,21 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.pythonPackages;buildPythonPackage rec {
name = "mycube-flask-${version}";
version = "0.2.3";
propagatedBuildInputs = [
flask
redis
];
src = fetchFromGitHub {
owner = "makefu";
repo = "mycube-flask";
rev = "5f5260a";
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
};
meta = {
homepage = https://github.com/makefu/mycube-flask;
description = "flask app for mycube";
license = lib.licenses.asl20;
};
}

1
makefu/default.nix
View File

@ -4,5 +4,6 @@ _:
../krebs
./2configs
./3modules
./5pkgs
];
}

63
shared/2configs/shared-buildbot.nix
View File

@ -7,6 +7,11 @@
# TODO for all users schedule a build for fast tests
{
# due to the fact that we actually build stuff on the box via the daemon,
# /nix/store should be cleaned up automatically as well
nix.gc.automatic = true;
nix.gc.dates = "05:23";
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
@ -27,7 +32,7 @@
force-scheduler = ''
sched.append(schedulers.ForceScheduler(
name="force",
builderNames=["full-tests","fast-tests"]))
builderNames=["full-tests","fast-tests","build-local"]))
'';
fast-tests-scheduler = ''
# test everything real quick
@ -35,7 +40,7 @@
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
# treeStableTimer=10,
name="fast-test-all-branches",
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
test-cac-infest-master = ''
@ -51,8 +56,8 @@
change_filter=util.ChangeFilter(branch="master"),
fileIsImportant=shared_files,
treeStableTimer=60*60, # master was stable for the last hour
name="full-master-test",
builderNames=["full-tests"]))
name="full-master",
builderNames=["full-tests","build-local"]))
'';
};
builder_pre = ''
@ -69,7 +74,7 @@
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
"-I", "stockholm=.",
"-I", "nixpkgs=/var/src/upstream-nixpkgs",
"-I", "nixpkgs=/var/src/nixpkgs",
"-p" ] + deps + [ "--run" ]
# prepare addShell function
@ -90,26 +95,46 @@
addShell(f,name="instantiate-test-all-modules",env=env,
command=nixshell + \
["touch retiolum.rsa_key.priv; \
nix-instantiate --eval -A \
users.shared.test-all-krebs-modules.system \
-I stockholm=. \
--show-trace \
-I secrets=. '<stockholm>' \
--strict --json"])
nix-instantiate \
--show-trace --eval --strict --json \
-I nixos-config=./shared/1systems/test-all-krebs-modules.nix \
-I secrets=. \
-A config.system.build.toplevel"]
)
addShell(f,name="instantiate-test-minimal-deploy",env=env,
addShell(f,name="build-test-minimal",env=env,
command=nixshell + \
["nix-instantiate --eval -A \
users.shared.test-minimal-deploy.system \
-I stockholm=. \
-I secrets=. '<stockholm>' \
--show-trace \
--strict --json"])
["nix-instantiate \
--show-trace --eval --strict --json \
-I nixos-config=./shared/1systems/test-minimal-deploy.nix \
-I secrets=. \
-A config.system.build.toplevel"]
)
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
'';
# this build will try to build against local nixpkgs
# TODO change to do a 'local' populate and use the retrieved nixpkgs
build-local = ''
f = util.BuildFactory()
f.addStep(grab_repo)
addShell(f,name="build-test-all-modules",env=env,
command=nixshell + \
["touch retiolum.rsa_key.priv; \
nix-build \
--show-trace --no-out-link \
-I nixos-config=./shared/1systems/test-all-krebs-modules.nix \
-I secrets=. \
-A config.system.build.toplevel"]
)
bu.append(util.BuilderConfig(name="build-local",
slavenames=slavenames,
factory=f))
'';
slow-tests = ''
s = util.BuildFactory()
s.addStep(grab_repo)
@ -151,6 +176,6 @@
packages = with pkgs;[ git nix ];
# all nix commands will need a working nixpkgs installation
extraEnviron = {
NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
};
}