Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
cb258d3990
@ -291,7 +291,7 @@ with config.krebs.lib;
|
||||
wbob = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolm = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.214.15"];
|
||||
addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"];
|
||||
aliases = [
|
||||
|
@ -17,6 +17,7 @@ in {
|
||||
../2configs/mattermost-docker.nix
|
||||
../2configs/nginx/euer.test.nix
|
||||
../2configs/nginx/update.connector.one.nix
|
||||
../2configs/deployment/mycube.connector.one.nix
|
||||
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/urlwatch.nix
|
||||
|
@ -4,6 +4,13 @@ with config.krebs.lib;
|
||||
{
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
system.replaceRuntimeDependencies = with pkgs.lib;
|
||||
[{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++
|
||||
[(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch";
|
||||
sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})];
|
||||
});}
|
||||
];
|
||||
|
||||
imports = [
|
||||
{
|
||||
users.extraUsers =
|
||||
|
46
makefu/2configs/deployment/mycube.connector.one.nix
Normal file
46
makefu/2configs/deployment/mycube.connector.one.nix
Normal file
@ -0,0 +1,46 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
# more than just nginx config but not enough to become a module
|
||||
with config.krebs.lib;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
||||
in {
|
||||
services.redis.enable = true;
|
||||
services.uwsgi = {
|
||||
enable = true;
|
||||
user = "nginx";
|
||||
plugins = [ "python2" ];
|
||||
instance = {
|
||||
type = "emperor";
|
||||
vassals = {
|
||||
mycube-flask = {
|
||||
type = "normal";
|
||||
python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ];
|
||||
socket = wsgi-sock;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
mybox-connector-one = {
|
||||
listen = [ "${external-ip}:80" ];
|
||||
server-names = [
|
||||
"mycube.connector.one"
|
||||
"mybox.connector.one"
|
||||
];
|
||||
locations = singleton (nameValuePair "/" ''
|
||||
uwsgi_pass unix://${wsgi-sock};
|
||||
uwsgi_param UWSGI_CHDIR ${pkgs.mycube-flask}/${pkgs.python.sitePackages};
|
||||
uwsgi_param UWSGI_MODULE mycube.websrv;
|
||||
uwsgi_param UWSGI_CALLABLE app;
|
||||
|
||||
include ${pkgs.nginx}/conf/uwsgi_params;
|
||||
'');
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -57,7 +57,7 @@ let
|
||||
|
||||
|
||||
# TODO: get the list of all krebsministers
|
||||
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
||||
krebsminister = with config.krebs.users; [ lass tv ];
|
||||
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
|
||||
all-exco = with config.krebs.users; [ exco ];
|
||||
|
||||
|
@ -2,8 +2,7 @@
|
||||
|
||||
with config.krebs.lib;
|
||||
{
|
||||
# TODO: put this somewhere else
|
||||
networking.wireless.enable = true;
|
||||
networking.wireless.enable = lib.mkDefault true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
@ -12,6 +12,9 @@ with config.krebs.lib;
|
||||
./fetchWallpaper.nix
|
||||
./zsh-user.nix
|
||||
];
|
||||
|
||||
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
|
||||
|
||||
environment.systemPackages = with pkgs;[
|
||||
vlc
|
||||
firefox
|
||||
|
@ -8,7 +8,7 @@ in {
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
omo-share = {
|
||||
update-connector-one = {
|
||||
listen = [ "${external-ip}:80" ];
|
||||
server-names = [
|
||||
"update.connector.one"
|
||||
|
@ -10,5 +10,6 @@ in
|
||||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||
awesomecfg = callPackage ./awesomecfg {};
|
||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||
mycube-flask = callPackage ./mycube-flask {};
|
||||
};
|
||||
}
|
||||
|
21
makefu/5pkgs/mycube-flask/default.nix
Normal file
21
makefu/5pkgs/mycube-flask/default.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ lib, pkgs, fetchFromGitHub, ... }:
|
||||
|
||||
with pkgs.pythonPackages;buildPythonPackage rec {
|
||||
name = "mycube-flask-${version}";
|
||||
version = "0.2.3";
|
||||
propagatedBuildInputs = [
|
||||
flask
|
||||
redis
|
||||
];
|
||||
src = fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "mycube-flask";
|
||||
rev = "5f5260a";
|
||||
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
|
||||
};
|
||||
meta = {
|
||||
homepage = https://github.com/makefu/mycube-flask;
|
||||
description = "flask app for mycube";
|
||||
license = lib.licenses.asl20;
|
||||
};
|
||||
}
|
@ -4,5 +4,6 @@ _:
|
||||
../krebs
|
||||
./2configs
|
||||
./3modules
|
||||
./5pkgs
|
||||
];
|
||||
}
|
||||
|
@ -7,6 +7,11 @@
|
||||
|
||||
# TODO for all users schedule a build for fast tests
|
||||
{
|
||||
# due to the fact that we actually build stuff on the box via the daemon,
|
||||
# /nix/store should be cleaned up automatically as well
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "05:23";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||
krebs.buildbot.master = let
|
||||
stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
|
||||
@ -27,7 +32,7 @@
|
||||
force-scheduler = ''
|
||||
sched.append(schedulers.ForceScheduler(
|
||||
name="force",
|
||||
builderNames=["full-tests","fast-tests"]))
|
||||
builderNames=["full-tests","fast-tests","build-local"]))
|
||||
'';
|
||||
fast-tests-scheduler = ''
|
||||
# test everything real quick
|
||||
@ -35,7 +40,7 @@
|
||||
## all branches
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
# treeStableTimer=10,
|
||||
name="fast-test-all-branches",
|
||||
name="fast-all-branches",
|
||||
builderNames=["fast-tests"]))
|
||||
'';
|
||||
test-cac-infest-master = ''
|
||||
@ -51,8 +56,8 @@
|
||||
change_filter=util.ChangeFilter(branch="master"),
|
||||
fileIsImportant=shared_files,
|
||||
treeStableTimer=60*60, # master was stable for the last hour
|
||||
name="full-master-test",
|
||||
builderNames=["full-tests"]))
|
||||
name="full-master",
|
||||
builderNames=["full-tests","build-local"]))
|
||||
'';
|
||||
};
|
||||
builder_pre = ''
|
||||
@ -69,7 +74,7 @@
|
||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = ["nix-shell",
|
||||
"-I", "stockholm=.",
|
||||
"-I", "nixpkgs=/var/src/upstream-nixpkgs",
|
||||
"-I", "nixpkgs=/var/src/nixpkgs",
|
||||
"-p" ] + deps + [ "--run" ]
|
||||
|
||||
# prepare addShell function
|
||||
@ -90,26 +95,46 @@
|
||||
addShell(f,name="instantiate-test-all-modules",env=env,
|
||||
command=nixshell + \
|
||||
["touch retiolum.rsa_key.priv; \
|
||||
nix-instantiate --eval -A \
|
||||
users.shared.test-all-krebs-modules.system \
|
||||
-I stockholm=. \
|
||||
--show-trace \
|
||||
-I secrets=. '<stockholm>' \
|
||||
--strict --json"])
|
||||
nix-instantiate \
|
||||
--show-trace --eval --strict --json \
|
||||
-I nixos-config=./shared/1systems/test-all-krebs-modules.nix \
|
||||
-I secrets=. \
|
||||
-A config.system.build.toplevel"]
|
||||
)
|
||||
|
||||
addShell(f,name="instantiate-test-minimal-deploy",env=env,
|
||||
addShell(f,name="build-test-minimal",env=env,
|
||||
command=nixshell + \
|
||||
["nix-instantiate --eval -A \
|
||||
users.shared.test-minimal-deploy.system \
|
||||
-I stockholm=. \
|
||||
-I secrets=. '<stockholm>' \
|
||||
--show-trace \
|
||||
--strict --json"])
|
||||
["nix-instantiate \
|
||||
--show-trace --eval --strict --json \
|
||||
-I nixos-config=./shared/1systems/test-minimal-deploy.nix \
|
||||
-I secrets=. \
|
||||
-A config.system.build.toplevel"]
|
||||
)
|
||||
|
||||
bu.append(util.BuilderConfig(name="fast-tests",
|
||||
slavenames=slavenames,
|
||||
factory=f))
|
||||
'';
|
||||
# this build will try to build against local nixpkgs
|
||||
# TODO change to do a 'local' populate and use the retrieved nixpkgs
|
||||
build-local = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
|
||||
addShell(f,name="build-test-all-modules",env=env,
|
||||
command=nixshell + \
|
||||
["touch retiolum.rsa_key.priv; \
|
||||
nix-build \
|
||||
--show-trace --no-out-link \
|
||||
-I nixos-config=./shared/1systems/test-all-krebs-modules.nix \
|
||||
-I secrets=. \
|
||||
-A config.system.build.toplevel"]
|
||||
)
|
||||
|
||||
bu.append(util.BuilderConfig(name="build-local",
|
||||
slavenames=slavenames,
|
||||
factory=f))
|
||||
'';
|
||||
slow-tests = ''
|
||||
s = util.BuildFactory()
|
||||
s.addStep(grab_repo)
|
||||
@ -151,6 +176,6 @@
|
||||
packages = with pkgs;[ git nix ];
|
||||
# all nix commands will need a working nixpkgs installation
|
||||
extraEnviron = {
|
||||
NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
|
||||
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user