Merge branch 'master' of gum:stockholm
This commit is contained in:
commit
f475401033
7
Makefile
7
Makefile
@ -35,7 +35,7 @@ ifeq ($(filter),json)
|
|||||||
else
|
else
|
||||||
filter() { cat; }
|
filter() { cat; }
|
||||||
endif
|
endif
|
||||||
nix-instantiate \
|
result=$$(nix-instantiate \
|
||||||
$${extraArgs-} \
|
$${extraArgs-} \
|
||||||
--eval \
|
--eval \
|
||||||
-A "$$get" \
|
-A "$$get" \
|
||||||
@ -45,8 +45,9 @@ endif
|
|||||||
--argstr current-host-name "$$HOSTNAME" \
|
--argstr current-host-name "$$HOSTNAME" \
|
||||||
--argstr current-user-name "$$LOGNAME" \
|
--argstr current-user-name "$$LOGNAME" \
|
||||||
$${system+--argstr system "$$system"} \
|
$${system+--argstr system "$$system"} \
|
||||||
$${target+--argstr target "$$target"} \
|
$${target+--argstr target "$$target"})
|
||||||
| filter
|
echo "$$result" | filter
|
||||||
|
|
||||||
else
|
else
|
||||||
$(error unbound variable: system[s])
|
$(error unbound variable: system[s])
|
||||||
endif
|
endif
|
||||||
|
@ -1,25 +1,15 @@
|
|||||||
{ config, pkgs,lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
|
||||||
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
inherit (lib)
|
|
||||||
mkIf
|
|
||||||
mkOption
|
|
||||||
types
|
|
||||||
singleton
|
|
||||||
isString
|
|
||||||
optionalString
|
|
||||||
concatStrings
|
|
||||||
escapeShellArg
|
|
||||||
;
|
|
||||||
|
|
||||||
ReaktorConfig = pkgs.writeText "config.py" ''
|
ReaktorConfig = pkgs.writeText "config.py" ''
|
||||||
${if (isString cfg.overrideConfig ) then ''
|
${if (isString cfg.overrideConfig ) then ''
|
||||||
# Overriden Config
|
# Overriden Config
|
||||||
${cfg.overrideConfig}
|
${cfg.overrideConfig}
|
||||||
'' else ""}
|
'' else ""}
|
||||||
## Extra Config
|
## Extra Config
|
||||||
|
${concatStringsSep "\n" (map (plug: plug.config) cfg.plugins)}
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
cfg = config.krebs.Reaktor;
|
cfg = config.krebs.Reaktor;
|
||||||
@ -46,7 +36,6 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
overrideConfig = mkOption {
|
overrideConfig = mkOption {
|
||||||
default = null;
|
default = null;
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
@ -55,6 +44,9 @@ let
|
|||||||
Reaktor default cfg can be retrieved via `reaktor get-config`
|
Reaktor default cfg can be retrieved via `reaktor get-config`
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
plugins = mkOption {
|
||||||
|
default = [pkgs.ReaktorPlugins.nixos-version];
|
||||||
|
};
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.string;
|
type = types.string;
|
||||||
@ -62,6 +54,14 @@ let
|
|||||||
configuration appended to the default or overridden configuration
|
configuration appended to the default or overridden configuration
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
workdir = mkOption {
|
||||||
|
default = "/var/lib/Reaktor";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Reaktor working directory
|
||||||
|
'';
|
||||||
|
};
|
||||||
extraEnviron = mkOption {
|
extraEnviron = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
@ -70,12 +70,17 @@ let
|
|||||||
REAKTOR_HOST
|
REAKTOR_HOST
|
||||||
REAKTOR_PORT
|
REAKTOR_PORT
|
||||||
REAKTOR_STATEDIR
|
REAKTOR_STATEDIR
|
||||||
REAKTOR_CHANNELS
|
|
||||||
|
|
||||||
debug and nickname can be set separately via the Reaktor api
|
debug and nickname can be set separately via the Reaktor api
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
channels = mkOption {
|
||||||
|
default = [ "#krebs" ];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
description = ''
|
||||||
|
Channels the Reaktor should connect to at startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
debug = mkOption {
|
debug = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
@ -86,12 +91,11 @@ let
|
|||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
# for reaktor get-config
|
# for reaktor get-config
|
||||||
users.extraUsers = singleton {
|
users.extraUsers = singleton rec {
|
||||||
name = "Reaktor";
|
name = "Reaktor";
|
||||||
# uid = config.ids.uids.Reaktor;
|
uid = genid name;
|
||||||
uid = 2066439104; #genid Reaktor
|
|
||||||
description = "Reaktor user";
|
description = "Reaktor user";
|
||||||
home = "/var/lib/Reaktor";
|
home = cfg.workdir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -113,6 +117,9 @@ let
|
|||||||
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
REAKTOR_NICKNAME = cfg.nickname;
|
REAKTOR_NICKNAME = cfg.nickname;
|
||||||
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
|
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
|
||||||
|
REAKTOR_CHANNELS = lib.concatStringsSep "," cfg.channels;
|
||||||
|
state_dir = cfg.workdir;
|
||||||
|
|
||||||
} // cfg.extraEnviron;
|
} // cfg.extraEnviron;
|
||||||
serviceConfig= {
|
serviceConfig= {
|
||||||
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
|
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
|
||||||
|
@ -119,16 +119,14 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
|
|
||||||
users.extraUsers.acng = {
|
users.extraUsers.acng = {
|
||||||
# uid = config.ids.uids.acng;
|
uid = genid "acng";
|
||||||
uid = 897955083; #genid Reaktor
|
|
||||||
description = "apt-cacher-ng";
|
description = "apt-cacher-ng";
|
||||||
home = acng-home;
|
home = acng-home;
|
||||||
createHome = false;
|
createHome = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraGroups.acng = {
|
users.extraGroups.acng = {
|
||||||
gid = 897955083; #genid Reaktor
|
gid = genid "acng";
|
||||||
# gid = config.ids.gids.Reaktor;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.apt-cacher-ng = {
|
systemd.services.apt-cacher-ng = {
|
||||||
|
286
krebs/3modules/backup.nix
Normal file
286
krebs/3modules/backup.nix
Normal file
@ -0,0 +1,286 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
out = {
|
||||||
|
options.krebs.backup = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
cfg = config.krebs.backup;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "krebs.backup" // { default = true; };
|
||||||
|
plans = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({
|
||||||
|
# TODO enable = mkEnableOption "TODO" // { default = true; };
|
||||||
|
options = {
|
||||||
|
method = mkOption {
|
||||||
|
type = types.enum ["pull" "push"];
|
||||||
|
};
|
||||||
|
name = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
src = mkOption {
|
||||||
|
type = types.krebs.file-location;
|
||||||
|
};
|
||||||
|
dst = mkOption {
|
||||||
|
type = types.krebs.file-location;
|
||||||
|
};
|
||||||
|
startAt = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
snapshots = mkOption {
|
||||||
|
type = types.attrsOf (types.submodule {
|
||||||
|
options = {
|
||||||
|
format = mkOption {
|
||||||
|
type = types.str; # TODO date's +FORMAT
|
||||||
|
};
|
||||||
|
retain = mkOption {
|
||||||
|
type = types.nullOr types.int;
|
||||||
|
default = null; # null = retain all snapshots
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
users.groups.backup.gid = genid "backup";
|
||||||
|
users.users = {}
|
||||||
|
// {
|
||||||
|
root.openssh.authorizedKeys.keys =
|
||||||
|
map (plan: plan.dst.host.ssh.pubkey)
|
||||||
|
(filter isPullSrc (attrValues cfg.plans))
|
||||||
|
++
|
||||||
|
map (plan: plan.src.host.ssh.pubkey)
|
||||||
|
(filter isPushDst (attrValues cfg.plans))
|
||||||
|
;
|
||||||
|
}
|
||||||
|
;
|
||||||
|
systemd.services =
|
||||||
|
flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: {
|
||||||
|
name = "backup.${name}.pull";
|
||||||
|
value = makePullService plan;
|
||||||
|
})
|
||||||
|
//
|
||||||
|
flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: {
|
||||||
|
name = "backup.${name}.push";
|
||||||
|
value = makePushService plan;
|
||||||
|
})
|
||||||
|
;
|
||||||
|
};
|
||||||
|
|
||||||
|
isPushSrc = plan:
|
||||||
|
plan.method == "push" &&
|
||||||
|
plan.src.host.name == config.krebs.build.host.name;
|
||||||
|
|
||||||
|
isPullSrc = plan:
|
||||||
|
plan.method == "pull" &&
|
||||||
|
plan.src.host.name == config.krebs.build.host.name;
|
||||||
|
|
||||||
|
isPushDst = plan:
|
||||||
|
plan.method == "push" &&
|
||||||
|
plan.dst.host.name == config.krebs.build.host.name;
|
||||||
|
|
||||||
|
isPullDst = plan:
|
||||||
|
plan.method == "pull" &&
|
||||||
|
plan.dst.host.name == config.krebs.build.host.name;
|
||||||
|
|
||||||
|
# TODO push destination needs this in the dst.user's PATH
|
||||||
|
service-path = [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.gnused
|
||||||
|
pkgs.openssh
|
||||||
|
pkgs.rsync
|
||||||
|
pkgs.utillinux
|
||||||
|
];
|
||||||
|
|
||||||
|
# TODO if there is plan.user, then use its privkey
|
||||||
|
makePushService = plan: assert isPushSrc plan; {
|
||||||
|
path = service-path;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = push plan;
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
startAt = plan.startAt;
|
||||||
|
};
|
||||||
|
|
||||||
|
makePullService = plan: assert isPullDst plan; {
|
||||||
|
path = service-path;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = pull plan;
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
startAt = plan.startAt;
|
||||||
|
};
|
||||||
|
|
||||||
|
push = plan: let
|
||||||
|
# We use writeDashBin and return the absolute path so systemd will produce
|
||||||
|
# nice names in the log, i.e. without the Nix store hash.
|
||||||
|
out = "${main}/bin/${main.name}";
|
||||||
|
|
||||||
|
main = writeDashBin "backup.${plan.name}.push" ''
|
||||||
|
set -efu
|
||||||
|
dst=${shell.escape plan.dst.path}
|
||||||
|
|
||||||
|
mkdir -m 0700 -p "$dst"
|
||||||
|
exec flock -n "$dst" ${critical-section}
|
||||||
|
'';
|
||||||
|
|
||||||
|
critical-section = writeDash "backup.${plan.name}.push.critical-section" ''
|
||||||
|
# TODO check if there is a previous
|
||||||
|
set -efu
|
||||||
|
identity=${shell.escape plan.src.host.ssh.privkey.path}
|
||||||
|
src=${shell.escape plan.src.path}
|
||||||
|
dst_target=${shell.escape "root@${getFQDN plan.dst.host}"}
|
||||||
|
dst_path=${shell.escape plan.dst.path}
|
||||||
|
dst=$dst_target:$dst_path
|
||||||
|
|
||||||
|
# Export NOW so runtime of rsync doesn't influence snapshot naming.
|
||||||
|
export NOW
|
||||||
|
NOW=$(date +%s)
|
||||||
|
|
||||||
|
echo >&2 "update snapshot: current; $src -> $dst"
|
||||||
|
rsync >&2 \
|
||||||
|
-aAXF --delete \
|
||||||
|
-e "ssh -F /dev/null -i $identity" \
|
||||||
|
--rsync-path ${shell.escape
|
||||||
|
"mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \
|
||||||
|
--link-dest="$dst_path/current" \
|
||||||
|
"$src/" \
|
||||||
|
"$dst/.partial"
|
||||||
|
|
||||||
|
exec ssh -F /dev/null \
|
||||||
|
-i "$identity" \
|
||||||
|
"$dst_target" \
|
||||||
|
-T \
|
||||||
|
env NOW="$NOW" /bin/sh < ${remote-snapshot}
|
||||||
|
EOF
|
||||||
|
'';
|
||||||
|
|
||||||
|
remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" ''
|
||||||
|
set -efu
|
||||||
|
dst=${shell.escape plan.dst.path}
|
||||||
|
|
||||||
|
if test -e "$dst/current"; then
|
||||||
|
mv "$dst/current" "$dst/.previous"
|
||||||
|
fi
|
||||||
|
mv "$dst/.partial" "$dst/current"
|
||||||
|
rm -fR "$dst/.previous"
|
||||||
|
echo >&2
|
||||||
|
|
||||||
|
(${(take-snapshots plan).text})
|
||||||
|
'';
|
||||||
|
|
||||||
|
in out;
|
||||||
|
|
||||||
|
# TODO admit plan.dst.user and its ssh identity
|
||||||
|
pull = plan: let
|
||||||
|
# We use writeDashBin and return the absolute path so systemd will produce
|
||||||
|
# nice names in the log, i.e. without the Nix store hash.
|
||||||
|
out = "${main}/bin/${main.name}";
|
||||||
|
|
||||||
|
main = writeDashBin "backup.${plan.name}.pull" ''
|
||||||
|
set -efu
|
||||||
|
dst=${shell.escape plan.dst.path}
|
||||||
|
|
||||||
|
mkdir -m 0700 -p "$dst"
|
||||||
|
exec flock -n "$dst" ${critical-section}
|
||||||
|
'';
|
||||||
|
|
||||||
|
critical-section = writeDash "backup.${plan.name}.pull.critical-section" ''
|
||||||
|
# TODO check if there is a previous
|
||||||
|
set -efu
|
||||||
|
identity=${shell.escape plan.dst.host.ssh.privkey.path}
|
||||||
|
src=${shell.escape "root@${getFQDN plan.src.host}:${plan.src.path}"}
|
||||||
|
dst=${shell.escape plan.dst.path}
|
||||||
|
|
||||||
|
# Export NOW so runtime of rsync doesn't influence snapshot naming.
|
||||||
|
export NOW
|
||||||
|
NOW=$(date +%s)
|
||||||
|
|
||||||
|
echo >&2 "update snapshot: current; $dst <- $src"
|
||||||
|
mkdir -m 0700 -p ${shell.escape plan.dst.path}
|
||||||
|
rsync >&2 \
|
||||||
|
-aAXF --delete \
|
||||||
|
-e "ssh -F /dev/null -i $identity" \
|
||||||
|
--link-dest="$dst/current" \
|
||||||
|
"$src/" \
|
||||||
|
"$dst/.partial"
|
||||||
|
mv "$dst/current" "$dst/.previous"
|
||||||
|
mv "$dst/.partial" "$dst/current"
|
||||||
|
rm -fR "$dst/.previous"
|
||||||
|
echo >&2
|
||||||
|
|
||||||
|
exec ${take-snapshots plan}
|
||||||
|
'';
|
||||||
|
in out;
|
||||||
|
|
||||||
|
take-snapshots = plan: writeDash "backup.${plan.name}.take-snapshots" ''
|
||||||
|
set -efu
|
||||||
|
NOW=''${NOW-$(date +%s)}
|
||||||
|
dst=${shell.escape plan.dst.path}
|
||||||
|
|
||||||
|
snapshot() {(
|
||||||
|
: $ns $format $retain
|
||||||
|
name=$(date --date="@$NOW" +"$format")
|
||||||
|
if ! test -e "$dst/$ns/$name"; then
|
||||||
|
echo >&2 "create snapshot: $ns/$name"
|
||||||
|
mkdir -m 0700 -p "$dst/$ns"
|
||||||
|
rsync >&2 \
|
||||||
|
-aAXF --delete \
|
||||||
|
--link-dest="$dst/current" \
|
||||||
|
"$dst/current/" \
|
||||||
|
"$dst/$ns/.partial.$name"
|
||||||
|
mv "$dst/$ns/.partial.$name" "$dst/$ns/$name"
|
||||||
|
echo >&2
|
||||||
|
fi
|
||||||
|
case $retain in
|
||||||
|
([0-9]*)
|
||||||
|
delete_from=$(($retain + 1))
|
||||||
|
ls -r "$dst/$ns" \
|
||||||
|
| sed -n "$delete_from,\$p" \
|
||||||
|
| while read old_name; do
|
||||||
|
echo >&2 "delete snapshot: $ns/$old_name"
|
||||||
|
rm -fR "$dst/$ns/$old_name"
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
(ALL)
|
||||||
|
:
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
)}
|
||||||
|
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList (ns: { format, retain ? null, ... }:
|
||||||
|
toString (map shell.escape [
|
||||||
|
"ns=${ns}"
|
||||||
|
"format=${format}"
|
||||||
|
"retain=${if retain == null then "ALL" else toString retain}"
|
||||||
|
"snapshot"
|
||||||
|
]))
|
||||||
|
plan.snapshots)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# TODO getFQDN: admit hosts in other domains
|
||||||
|
getFQDN = host: "${host.name}.${config.krebs.search-domain}";
|
||||||
|
|
||||||
|
writeDash = name: text: pkgs.writeScript name ''
|
||||||
|
#! ${pkgs.dash}/bin/dash
|
||||||
|
${text}
|
||||||
|
'';
|
||||||
|
|
||||||
|
writeDashBin = name: text: pkgs.writeTextFile {
|
||||||
|
executable = true;
|
||||||
|
destination = "/bin/${name}";
|
||||||
|
name = name;
|
||||||
|
text = ''
|
||||||
|
#! ${pkgs.dash}/bin/dash
|
||||||
|
${text}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
in out
|
@ -130,12 +130,12 @@ let
|
|||||||
) cfg.servers;
|
) cfg.servers;
|
||||||
|
|
||||||
users.extraUsers.bepasty = {
|
users.extraUsers.bepasty = {
|
||||||
uid = 2796546855; #genid bepasty
|
uid = genid "bepasty";
|
||||||
group = "bepasty";
|
group = "bepasty";
|
||||||
home = "/var/lib/bepasty-server";
|
home = "/var/lib/bepasty-server";
|
||||||
};
|
};
|
||||||
users.extraGroups.bepasty = {
|
users.extraGroups.bepasty = {
|
||||||
gid = 2796546855; #genid bepasty
|
gid = genid "bepasty";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
385
krebs/3modules/buildbot/master.nix
Normal file
385
krebs/3modules/buildbot/master.nix
Normal file
@ -0,0 +1,385 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
buildbot = pkgs.buildbot;
|
||||||
|
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
|
||||||
|
# -*- python -*-
|
||||||
|
from buildbot.plugins import *
|
||||||
|
import re
|
||||||
|
import json
|
||||||
|
c = BuildmasterConfig = {}
|
||||||
|
|
||||||
|
c['slaves'] = []
|
||||||
|
slaves = json.loads('${builtins.toJSON cfg.slaves}')
|
||||||
|
slavenames = [ s for s in slaves ]
|
||||||
|
for k,v in slaves.items():
|
||||||
|
c['slaves'].append(buildslave.BuildSlave(k, v))
|
||||||
|
|
||||||
|
# TODO: configure protocols?
|
||||||
|
c['protocols'] = {'pb': {'port': 9989}}
|
||||||
|
|
||||||
|
####### Build Inputs
|
||||||
|
c['change_source'] = cs = []
|
||||||
|
|
||||||
|
${ concatStringsSep "\n"
|
||||||
|
(mapAttrsToList (n: v: ''
|
||||||
|
#### Change_Source: Begin of ${n}
|
||||||
|
${v}
|
||||||
|
#### Change_Source: End of ${n}
|
||||||
|
'') cfg.change_source )}
|
||||||
|
|
||||||
|
####### Build Scheduler
|
||||||
|
c['schedulers'] = sched = []
|
||||||
|
|
||||||
|
${ concatStringsSep "\n"
|
||||||
|
(mapAttrsToList (n: v: ''
|
||||||
|
#### Schedulers: Begin of ${n}
|
||||||
|
${v}
|
||||||
|
#### Schedulers: End of ${n}
|
||||||
|
'') cfg.scheduler )}
|
||||||
|
|
||||||
|
###### Builder
|
||||||
|
c['builders'] = bu = []
|
||||||
|
|
||||||
|
# Builder Pre: Begin
|
||||||
|
${cfg.builder_pre}
|
||||||
|
# Builder Pre: End
|
||||||
|
|
||||||
|
${ concatStringsSep "\n"
|
||||||
|
(mapAttrsToList (n: v: ''
|
||||||
|
#### Builder: Begin of ${n}
|
||||||
|
${v}
|
||||||
|
#### Builder: End of ${n}
|
||||||
|
'') cfg.builder )}
|
||||||
|
|
||||||
|
|
||||||
|
####### Status
|
||||||
|
c['status'] = st = []
|
||||||
|
|
||||||
|
# If you want to configure this url, override with extraConfig
|
||||||
|
c['buildbotURL'] = "http://${config.networking.hostName}:${toString cfg.web.port}/"
|
||||||
|
|
||||||
|
${optionalString (cfg.web.enable) ''
|
||||||
|
from buildbot.status import html
|
||||||
|
from buildbot.status.web import authz, auth
|
||||||
|
authz_cfg=authz.Authz(
|
||||||
|
auth=auth.BasicAuth([ ("${cfg.web.username}","${cfg.web.password}") ]),
|
||||||
|
# TODO: configure harder
|
||||||
|
gracefulShutdown = False,
|
||||||
|
forceBuild = 'auth',
|
||||||
|
forceAllBuilds = 'auth',
|
||||||
|
pingBuilder = False,
|
||||||
|
stopBuild = 'auth',
|
||||||
|
stopAllBuilds = 'auth',
|
||||||
|
cancelPendingBuild = 'auth'
|
||||||
|
)
|
||||||
|
# TODO: configure krebs.nginx
|
||||||
|
st.append(html.WebStatus(http_port=${toString cfg.web.port}, authz=authz_cfg))
|
||||||
|
''}
|
||||||
|
|
||||||
|
${optionalString (cfg.irc.enable) ''
|
||||||
|
from buildbot.status import words
|
||||||
|
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
|
||||||
|
channels=${builtins.toJSON cfg.irc.channels},
|
||||||
|
notify_events={
|
||||||
|
'success': 1,
|
||||||
|
'failure': 1,
|
||||||
|
'exception': 1,
|
||||||
|
'successToFailure': 1,
|
||||||
|
'failureToSuccess': 1,
|
||||||
|
}${optionalString cfg.irc.allowForce ",allowForce=True"})
|
||||||
|
c['status'].append(irc)
|
||||||
|
''}
|
||||||
|
|
||||||
|
${ concatStringsSep "\n"
|
||||||
|
(mapAttrsToList (n: v: ''
|
||||||
|
#### Status: Begin of ${n}
|
||||||
|
${v}
|
||||||
|
#### Status: End of ${n}
|
||||||
|
'') cfg.status )}
|
||||||
|
|
||||||
|
####### PROJECT IDENTITY
|
||||||
|
c['title'] = "${cfg.title}"
|
||||||
|
c['titleURL'] = "http://krebsco.de"
|
||||||
|
|
||||||
|
|
||||||
|
####### DB URL
|
||||||
|
# TODO: configure
|
||||||
|
c['db'] = {
|
||||||
|
'db_url' : "sqlite:///state.sqlite",
|
||||||
|
}
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
|
|
||||||
|
cfg = config.krebs.buildbot.master;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "Buildbot Master";
|
||||||
|
title = mkOption {
|
||||||
|
default = "Buildbot CI";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Title of the Buildbot Installation
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
workDir = mkOption {
|
||||||
|
default = "/var/lib/buildbot/master";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Path to build bot master directory.
|
||||||
|
Will be created on startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
secrets = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
example = [ "cac.json" ];
|
||||||
|
description = ''
|
||||||
|
List of all the secrets in <secrets> which should be copied into the
|
||||||
|
buildbot master directory.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
slaves = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
description = ''
|
||||||
|
Attrset of slavenames with their passwords
|
||||||
|
slavename = slavepassword
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
change_source = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
example = {
|
||||||
|
stockholm = ''
|
||||||
|
cs.append(changes.GitPoller(
|
||||||
|
'http://cgit.gum/stockholm',
|
||||||
|
workdir='stockholm-poller', branch='master',
|
||||||
|
project='stockholm',
|
||||||
|
pollinterval=120))
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Attrset of all the change_sources which should be configured.
|
||||||
|
It will be directly included into the master configuration.
|
||||||
|
|
||||||
|
At the end an change object should be appended to <literal>cs</literal>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
scheduler = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
example = {
|
||||||
|
force-scheduler = ''
|
||||||
|
sched.append(schedulers.ForceScheduler(
|
||||||
|
name="force",
|
||||||
|
builderNames=["full-tests"]))
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Attrset of all the schedulers which should be configured.
|
||||||
|
It will be directly included into the master configuration.
|
||||||
|
|
||||||
|
At the end an change object should be appended to <literal>sched</literal>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
builder_pre = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.lines;
|
||||||
|
example = ''
|
||||||
|
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
some code before the builders are being assembled.
|
||||||
|
can be used to define functions used by multiple builders
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
builder = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
example = {
|
||||||
|
fast-test = ''
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Attrset of all the builder which should be configured.
|
||||||
|
It will be directly included into the master configuration.
|
||||||
|
|
||||||
|
At the end an change object should be appended to <literal>bu</literal>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
status = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
description = ''
|
||||||
|
Attrset of all the extra status which should be configured.
|
||||||
|
It will be directly included into the master configuration.
|
||||||
|
|
||||||
|
At the end an change object should be appended to <literal>st</literal>
|
||||||
|
|
||||||
|
Right now IRC and Web status can be configured by setting
|
||||||
|
<literal>buildbot.master.irc.enable</literal> and
|
||||||
|
<literal>buildbot.master.web.enable</literal>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Configurable Stati
|
||||||
|
web = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.submodule ({ config2, ... }: {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "Buildbot Master Web Status";
|
||||||
|
username = mkOption {
|
||||||
|
default = "krebs";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
username for web authentication
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
hostname = mkOption {
|
||||||
|
default = config.networking.hostName;
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
web interface Hostname
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
password = mkOption {
|
||||||
|
default = "bob";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
password for web authentication
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
default = 8010;
|
||||||
|
type = types.int;
|
||||||
|
description = ''
|
||||||
|
port for buildbot web status
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
irc = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "Buildbot Master IRC Status";
|
||||||
|
channels = mkOption {
|
||||||
|
default = [ "nix-buildbot-meetup" ];
|
||||||
|
type = with types; listOf str;
|
||||||
|
description = ''
|
||||||
|
irc channels the bot should connect to
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
allowForce = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Determines if builds can be forced via IRC
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
nick = mkOption {
|
||||||
|
default = "nix-buildbot";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
nickname for IRC
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
server = mkOption {
|
||||||
|
default = "irc.freenode.net";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Buildbot Status IRC Server to connect to
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.lines;
|
||||||
|
description = ''
|
||||||
|
extra config appended to the generated master.cfg
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
users.extraUsers.buildbotMaster = {
|
||||||
|
uid = genid "buildbotMaster";
|
||||||
|
description = "Buildbot Master";
|
||||||
|
home = cfg.workDir;
|
||||||
|
createHome = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.buildbotMaster = {
|
||||||
|
gid = 672626386;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.buildbotMaster = {
|
||||||
|
description = "Buildbot Master";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
# TODO: add extra dependencies to master like svn and cvs
|
||||||
|
path = [ pkgs.git ];
|
||||||
|
environment = {
|
||||||
|
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
};
|
||||||
|
serviceConfig = let
|
||||||
|
workdir="${lib.shell.escape cfg.workDir}";
|
||||||
|
secretsdir="${lib.shell.escape (toString <secrets>)}";
|
||||||
|
in {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
Type = "forking";
|
||||||
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
|
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -efux
|
||||||
|
if [ ! -e ${workdir} ];then
|
||||||
|
mkdir -p ${workdir}
|
||||||
|
${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
|
||||||
|
fi
|
||||||
|
# always override the master.cfg
|
||||||
|
cp ${buildbot-master-config} ${workdir}/master.cfg
|
||||||
|
|
||||||
|
# copy secrets
|
||||||
|
${ concatMapStringsSep "\n"
|
||||||
|
(f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
|
||||||
|
# sanity
|
||||||
|
${buildbot}/bin/buildbot checkconfig ${workdir}
|
||||||
|
|
||||||
|
# TODO: maybe upgrade? not sure about this
|
||||||
|
# normally we should write buildbot.tac by our own
|
||||||
|
# ${buildbot}/bin/buildbot upgrade-master ${workdir}
|
||||||
|
|
||||||
|
chmod 700 -R ${workdir}
|
||||||
|
chown buildbotMaster:buildbotMaster -R ${workdir}
|
||||||
|
'';
|
||||||
|
ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
|
||||||
|
ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
|
||||||
|
ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
|
||||||
|
PrivateTmp = "true";
|
||||||
|
User = "buildbotMaster";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.krebs.buildbot.master = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
}
|
@ -39,7 +39,7 @@ let
|
|||||||
s.setServiceParent(application)
|
s.setServiceParent(application)
|
||||||
'';
|
'';
|
||||||
default-packages = [ pkgs.git pkgs.bash ];
|
default-packages = [ pkgs.git pkgs.bash ];
|
||||||
cfg = config.makefu.buildbot.slave;
|
cfg = config.krebs.buildbot.slave;
|
||||||
|
|
||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "Buildbot Slave";
|
enable = mkEnableOption "Buildbot Slave";
|
||||||
@ -127,7 +127,7 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
|
|
||||||
users.extraUsers.buildbotSlave = {
|
users.extraUsers.buildbotSlave = {
|
||||||
uid = 1408105834; #genid buildbotMaster
|
uid = genid "buildbotSlave";
|
||||||
description = "Buildbot Slave";
|
description = "Buildbot Slave";
|
||||||
home = cfg.workDir;
|
home = cfg.workDir;
|
||||||
createHome = false;
|
createHome = false;
|
||||||
@ -144,6 +144,7 @@ let
|
|||||||
path = default-packages ++ cfg.packages;
|
path = default-packages ++ cfg.packages;
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
NIX_REMOTE="daemon";
|
NIX_REMOTE="daemon";
|
||||||
} // cfg.extraEnviron;
|
} // cfg.extraEnviron;
|
||||||
|
|
||||||
@ -180,6 +181,6 @@ let
|
|||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.makefu.buildbot.slave = api;
|
options.krebs.buildbot.slave = api;
|
||||||
config = mkIf cfg.enable imp;
|
config = mkIf cfg.enable imp;
|
||||||
}
|
}
|
@ -7,8 +7,11 @@ let
|
|||||||
out = {
|
out = {
|
||||||
imports = [
|
imports = [
|
||||||
./apt-cacher-ng.nix
|
./apt-cacher-ng.nix
|
||||||
|
./backup.nix
|
||||||
./bepasty-server.nix
|
./bepasty-server.nix
|
||||||
./build.nix
|
./build.nix
|
||||||
|
./buildbot/master.nix
|
||||||
|
./buildbot/slave.nix
|
||||||
./current.nix
|
./current.nix
|
||||||
./exim-retiolum.nix
|
./exim-retiolum.nix
|
||||||
./exim-smarthost.nix
|
./exim-smarthost.nix
|
||||||
|
@ -1,14 +1,12 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.exim-retiolum;
|
cfg = config.krebs.exim-retiolum;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.exim-retiolum = api;
|
options.krebs.exim-retiolum = api;
|
||||||
config =
|
config = mkIf cfg.enable imp;
|
||||||
mkIf cfg.enable imp;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
api = {
|
api = {
|
||||||
@ -16,13 +14,13 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
services.exim =
|
services.exim = {
|
||||||
# This configuration makes only sense for retiolum-enabled hosts.
|
enable = true;
|
||||||
# TODO modular configuration
|
config =
|
||||||
assert config.krebs.retiolum.enable;
|
# This configuration makes only sense for retiolum-enabled hosts.
|
||||||
{
|
# TODO modular configuration
|
||||||
enable = true;
|
assert config.krebs.retiolum.enable;
|
||||||
config = ''
|
''
|
||||||
primary_hostname = ${retiolumHostname}
|
primary_hostname = ${retiolumHostname}
|
||||||
domainlist local_domains = @ : localhost
|
domainlist local_domains = @ : localhost
|
||||||
domainlist relay_to_domains = *.retiolum
|
domainlist relay_to_domains = *.retiolum
|
||||||
@ -134,7 +132,7 @@ let
|
|||||||
|
|
||||||
begin authenticators
|
begin authenticators
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO get the hostname from somewhere else.
|
# TODO get the hostname from somewhere else.
|
||||||
|
@ -51,7 +51,7 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
users.users.fetchWallpaper = {
|
users.users.fetchWallpaper = {
|
||||||
name = "fetchWallpaper";
|
name = "fetchWallpaper";
|
||||||
uid = 3332383611; #genid fetchWallpaper
|
uid = genid "fetchWallpaper";
|
||||||
description = "fetchWallpaper user";
|
description = "fetchWallpaper user";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
@ -145,14 +145,14 @@ let
|
|||||||
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
|
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers = singleton {
|
users.extraUsers = singleton rec {
|
||||||
description = "Git repository hosting user";
|
description = "Git repository hosting user";
|
||||||
name = "git";
|
name = "git";
|
||||||
shell = "/bin/sh";
|
shell = "/bin/sh";
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
|
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
|
||||||
config.krebs.users;
|
config.krebs.users;
|
||||||
uid = 129318403; # genid git
|
uid = genid name;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -238,9 +238,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
fcgitwrap-user = {
|
fcgitwrap-user = rec {
|
||||||
name = "fcgiwrap";
|
name = "fcgiwrap";
|
||||||
uid = 2867890860; # genid fcgiwrap
|
uid = genid name;
|
||||||
group = "fcgiwrap";
|
group = "fcgiwrap";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -56,9 +56,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "github-hosts-sync";
|
name = "github-hosts-sync";
|
||||||
uid = 3220554646; # genid github-hosts-sync
|
uid = genid name;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO move to lib?
|
# TODO move to lib?
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
@ -31,9 +30,9 @@ let
|
|||||||
bind = mkDefault "127.0.0.1";
|
bind = mkDefault "127.0.0.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.go = {
|
users.extraUsers.go = rec {
|
||||||
name = "go";
|
name = "go";
|
||||||
uid = 42774411; #genid go
|
uid = genid name;
|
||||||
description = "go url shortener user";
|
description = "go url shortener user";
|
||||||
home = "/var/lib/go";
|
home = "/var/lib/go";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
@ -83,6 +83,9 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
vbob = {
|
vbob = {
|
||||||
@ -108,6 +111,8 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
|
||||||
};
|
};
|
||||||
flap = rec {
|
flap = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -238,6 +243,8 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
||||||
};
|
};
|
||||||
filepimp = rec {
|
filepimp = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -287,6 +294,8 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
|
||||||
};
|
};
|
||||||
gum = rec {
|
gum = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -327,6 +336,8 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = addNames rec {
|
users = addNames rec {
|
||||||
|
@ -1,13 +1,7 @@
|
|||||||
arg@{ config, lib, pkgs, ... }:
|
arg@{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
let
|
let
|
||||||
inherit (lib)
|
|
||||||
mkEnableOption
|
|
||||||
mkOption
|
|
||||||
types
|
|
||||||
mkIf
|
|
||||||
;
|
|
||||||
|
|
||||||
cfg = config.krebs.realwallpaper;
|
cfg = config.krebs.realwallpaper;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
@ -89,7 +83,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.realwallpaper = {
|
users.extraUsers.realwallpaper = {
|
||||||
uid = 2009435407; #genid realwallpaper
|
uid = genid "realwallpaper";
|
||||||
home = cfg.workingDir;
|
home = cfg.workingDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
@ -133,9 +133,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "retiolum";
|
name = "retiolum";
|
||||||
uid = 301281149; # genid retiolum
|
uid = genid name;
|
||||||
};
|
};
|
||||||
|
|
||||||
tinc = cfg.tincPackage;
|
tinc = cfg.tincPackage;
|
||||||
|
@ -7,6 +7,7 @@ let
|
|||||||
"test-arch"
|
"test-arch"
|
||||||
"test-centos6"
|
"test-centos6"
|
||||||
"test-centos7"
|
"test-centos7"
|
||||||
|
"test-all-krebs-modules"
|
||||||
] (name: {
|
] (name: {
|
||||||
inherit name;
|
inherit name;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
|
@ -120,7 +120,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.tinc_graphs = {
|
users.extraUsers.tinc_graphs = {
|
||||||
uid = 3925439960; #genid tinc_graphs
|
uid = genid "tinc_graphs";
|
||||||
home = "/var/spool/tinc_graphs";
|
home = "/var/spool/tinc_graphs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -5,7 +5,6 @@
|
|||||||
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
||||||
# TODO hooks.py
|
# TODO hooks.py
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.urlwatch;
|
cfg = config.krebs.urlwatch;
|
||||||
@ -136,9 +135,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "urlwatch";
|
name = "urlwatch";
|
||||||
uid = 3467631196; # genid urlwatch
|
uid = genid name;
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
@ -7,6 +7,8 @@ let out = rec {
|
|||||||
|
|
||||||
eq = x: y: x == y;
|
eq = x: y: x == y;
|
||||||
|
|
||||||
|
mod = x: y: x - y * (x / y);
|
||||||
|
|
||||||
addName = name: set:
|
addName = name: set:
|
||||||
set // { inherit name; };
|
set // { inherit name; };
|
||||||
|
|
||||||
@ -17,6 +19,7 @@ let out = rec {
|
|||||||
dir.has-default-nix = path: pathExists (path + "/default.nix");
|
dir.has-default-nix = path: pathExists (path + "/default.nix");
|
||||||
|
|
||||||
dns = import ./dns.nix { inherit lib; };
|
dns = import ./dns.nix { inherit lib; };
|
||||||
|
genid = import ./genid.nix { lib = lib // out; };
|
||||||
git = import ./git.nix { lib = lib // out; };
|
git = import ./git.nix { lib = lib // out; };
|
||||||
listset = import ./listset.nix { inherit lib; };
|
listset = import ./listset.nix { inherit lib; };
|
||||||
shell = import ./shell.nix { inherit lib; };
|
shell = import ./shell.nix { inherit lib; };
|
||||||
|
37
krebs/4lib/genid.nix
Normal file
37
krebs/4lib/genid.nix
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
{ lib, ... }:
|
||||||
|
with lib;
|
||||||
|
with builtins;
|
||||||
|
let out = genid;
|
||||||
|
|
||||||
|
# id = genid s = (hash s + min) % max
|
||||||
|
# min <= genid s < max
|
||||||
|
#
|
||||||
|
# min = 2^24 = 16777216 = 0x001000000
|
||||||
|
# max = 2^32 = 4294967296 = 0x100000000
|
||||||
|
#
|
||||||
|
# id is bigger than UID of nobody and GID of nogroup
|
||||||
|
# see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd.
|
||||||
|
#
|
||||||
|
# :: str -> uint32
|
||||||
|
genid = s: sum16 (addmod16_16777216 (hash s));
|
||||||
|
|
||||||
|
# :: str -> list8 uint4
|
||||||
|
hash = s:
|
||||||
|
map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s)));
|
||||||
|
|
||||||
|
# :: list uint -> uint
|
||||||
|
sum16 = foldl (a: i: a * 16 + i) 0;
|
||||||
|
|
||||||
|
# :: list8 uint4 -> list1 uint8 ++ list6 uint4
|
||||||
|
addmod16_16777216 = x: let
|
||||||
|
a = 16 * head x + head (tail x);
|
||||||
|
d = tail (tail x);
|
||||||
|
in [(mod (a + 1) 256)] ++ d;
|
||||||
|
|
||||||
|
# :: char -> uint4
|
||||||
|
hexint = x: hexvals.${toLower x};
|
||||||
|
|
||||||
|
# :: attrset char uint4
|
||||||
|
hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; })
|
||||||
|
(stringToCharacters "0123456789abcdef"));
|
||||||
|
in out
|
@ -177,4 +177,21 @@ types // rec {
|
|||||||
addr6 = str;
|
addr6 = str;
|
||||||
hostname = str;
|
hostname = str;
|
||||||
label = str;
|
label = str;
|
||||||
|
|
||||||
|
krebs.file-location = types.submodule {
|
||||||
|
options = {
|
||||||
|
# TODO user
|
||||||
|
host = mkOption {
|
||||||
|
type = host;
|
||||||
|
};
|
||||||
|
# TODO merge with ssl.privkey.path
|
||||||
|
path = mkOption {
|
||||||
|
type = types.either types.path types.str;
|
||||||
|
apply = x: {
|
||||||
|
path = toString x;
|
||||||
|
string = x;
|
||||||
|
}.${typeOf x};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
120
krebs/5pkgs/Reaktor/plugins.nix
Normal file
120
krebs/5pkgs/Reaktor/plugins.nix
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
{ stdenv, lib, pkgs, makeWrapper }:
|
||||||
|
|
||||||
|
rec {
|
||||||
|
# Begin API
|
||||||
|
buildBaseReaktorPlugin = { name
|
||||||
|
, config # python extra configuration for plugin
|
||||||
|
, phases ? []
|
||||||
|
, ... } @ attrs:
|
||||||
|
stdenv.mkDerivation (attrs // {
|
||||||
|
name = "Reaktor-plugin-" + name;
|
||||||
|
isReaktorPlugin = true;
|
||||||
|
});
|
||||||
|
|
||||||
|
buildSimpleReaktorPlugin = name: { script
|
||||||
|
, path ? []
|
||||||
|
, env ? {}
|
||||||
|
, append_rule ? false # append the rule instead of insert
|
||||||
|
, pattern ? ""
|
||||||
|
, ... } @ attrs:
|
||||||
|
let
|
||||||
|
path_env = { "PATH" = lib.makeSearchPath "bin" (path ++ [ pkgs.coreutils ]); };
|
||||||
|
src_dir = pkgs.substituteAll ( {
|
||||||
|
inherit name;
|
||||||
|
dir = "bin";
|
||||||
|
isExecutable = true;
|
||||||
|
src = script;
|
||||||
|
});
|
||||||
|
src_file = "${src_dir}/bin/${name}";
|
||||||
|
config = ''
|
||||||
|
public_commands.${if append_rule then "append(" else "insert(0," }{
|
||||||
|
'capname' : "${name}",
|
||||||
|
'pattern' : ${if pattern == "" then
|
||||||
|
''indirect_pattern.format("${name}")'' else
|
||||||
|
''"${pattern}"'' },
|
||||||
|
'argv' : ["${src_file}"],
|
||||||
|
'env' : ${builtins.toJSON (path_env // env)} })
|
||||||
|
'';
|
||||||
|
config_file = pkgs.writeText "plugin.py" config;
|
||||||
|
in buildBaseReaktorPlugin (attrs // rec {
|
||||||
|
inherit name config;
|
||||||
|
|
||||||
|
phases = [ "installPhase" ];
|
||||||
|
buildInputs = [ makeWrapper ];
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin $out/etc/Reaktor
|
||||||
|
ln -s ${src_file} $out/bin
|
||||||
|
wrapProgram $out/bin/${name} \
|
||||||
|
--prefix PATH : ${path_env.PATH}
|
||||||
|
ln -s ${config_file} $out/etc/Reaktor/plugin.py
|
||||||
|
'';
|
||||||
|
|
||||||
|
});
|
||||||
|
# End API
|
||||||
|
|
||||||
|
# Begin Plugins
|
||||||
|
random-emoji = buildSimpleReaktorPlugin "emoji" {
|
||||||
|
path = with pkgs; [ gnused gnugrep xmlstarlet curl ];
|
||||||
|
script = ./scripts/random-emoji.sh;
|
||||||
|
};
|
||||||
|
|
||||||
|
sed-plugin = buildSimpleReaktorPlugin "sed-plugin" {
|
||||||
|
path = [ pkgs.gnused pkgs.python3 ];
|
||||||
|
# only support s///gi the plugin needs to see every msg
|
||||||
|
# TODO: this will eat up the last regex, fix Reaktor to support fallthru
|
||||||
|
append_rule = true;
|
||||||
|
pattern = "^(?P<args>.*)$$";
|
||||||
|
script = ./scripts/sed-plugin.py;
|
||||||
|
};
|
||||||
|
|
||||||
|
shack-correct = buildSimpleReaktorPlugin "shack-correct" {
|
||||||
|
path = [ pkgs.gnused ];
|
||||||
|
pattern = "^(?P<args>.*Shack.*)$$";
|
||||||
|
script = ./scripts/shack-correct.sh;
|
||||||
|
};
|
||||||
|
|
||||||
|
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
||||||
|
script = pkgs.writeScript "nixos-version" ''
|
||||||
|
#! /bin/sh
|
||||||
|
. /etc/os-release
|
||||||
|
echo "$PRETTY_NAME"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" {
|
||||||
|
script = ./scripts/random-issue.sh;
|
||||||
|
path = with pkgs; [ git gnused lentil ];
|
||||||
|
env = { "origin" = "http://cgit.gum/stockholm"; };
|
||||||
|
};
|
||||||
|
|
||||||
|
titlebot =
|
||||||
|
let
|
||||||
|
pypkgs = pkgs.python3Packages;
|
||||||
|
titlebot_cmds = pypkgs.buildPythonPackage {
|
||||||
|
name = "titlebot_cmds";
|
||||||
|
propagatedBuildInputs = with pypkgs; [ setuptools ];
|
||||||
|
src = pkgs.fetchurl {
|
||||||
|
url = "https://github.com/makefu/reaktor-titlebot/archive/2.1.0.tar.gz";
|
||||||
|
sha256 = "0wvf09wmk8b52f9j65qrw81nwrhs9pfhijwrlkzp5l7l2q8cjkp6";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in buildBaseReaktorPlugin rec {
|
||||||
|
name = "titlebot";
|
||||||
|
phases = [ "installPhase" ];
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
ln -s ${titlebot_cmds}/* $out
|
||||||
|
'';
|
||||||
|
config = ''
|
||||||
|
def titlebot_cmd(cmd):
|
||||||
|
from os import environ
|
||||||
|
return { 'capname': None,
|
||||||
|
'env': { 'TITLEDB':
|
||||||
|
environ['state_dir']+'/suggestions.json' },
|
||||||
|
'pattern': '^\\.' + cmd + '\\s*(?:\\s+(?P<args>.*))?$$',
|
||||||
|
'argv': [ '${titlebot_cmds}/bin/' + cmd ] }
|
||||||
|
for i in ['up','help','list','top','new']:
|
||||||
|
public_commands.insert(0,titlebot_cmd(i))
|
||||||
|
commands.insert(0,titlebot_cmd('clear'))
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "cacpanel-${version}";
|
name = "cacpanel-${version}";
|
||||||
version = "0.2.1";
|
version = "0.2.3";
|
||||||
|
|
||||||
src = pkgs.fetchurl {
|
src = pkgs.fetchurl {
|
||||||
url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
|
url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
|
||||||
sha256 = "1zaazg5r10kgva32zh4fhpw6l6h51ijkwpa322na0kh4x6f6aqj3";
|
sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
|
||||||
};
|
};
|
||||||
|
|
||||||
propagatedBuildInputs = with python3Packages; [
|
propagatedBuildInputs = with python3Packages; [
|
||||||
|
@ -26,6 +26,8 @@ subdirs // rec {
|
|||||||
inherit (subdirs) get jq;
|
inherit (subdirs) get jq;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
|
||||||
|
|
||||||
execve = name: { filename, argv, envp ? {}, destination ? "" }:
|
execve = name: { filename, argv, envp ? {}, destination ? "" }:
|
||||||
writeC name { inherit destination; } ''
|
writeC name { inherit destination; } ''
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@ -40,6 +42,10 @@ subdirs // rec {
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
test = {
|
||||||
|
infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {};
|
||||||
|
};
|
||||||
|
|
||||||
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
||||||
|
|
||||||
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
|
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
{ lib, pkgs, ... }:
|
|
||||||
|
|
||||||
pkgs.writeScriptBin "genid" ''
|
|
||||||
#! /bin/sh
|
|
||||||
# usage: genid NAME
|
|
||||||
set -euf
|
|
||||||
|
|
||||||
export PATH=${lib.makeSearchPath "bin" (with pkgs; [
|
|
||||||
bc
|
|
||||||
coreutils
|
|
||||||
])}
|
|
||||||
|
|
||||||
name=$1
|
|
||||||
hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
|
|
||||||
echo "
|
|
||||||
min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
|
|
||||||
# and some spare for stuff like lxd.
|
|
||||||
max=2^32 # see 2^(8*sizeof(uid_t))
|
|
||||||
ibase=16
|
|
||||||
($hash + min) % max
|
|
||||||
" | bc
|
|
||||||
''
|
|
@ -1,5 +1,10 @@
|
|||||||
{ lib, pkgs,python3Packages,fetchurl, ... }:
|
{ lib, pkgs,python3Packages,fetchurl, ... }:
|
||||||
|
|
||||||
|
# TODO: Prepare a diff of future and current
|
||||||
|
## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
|
||||||
|
## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
|
||||||
|
## diff future.sorted current.sorted
|
||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "krebszones-${version}";
|
name = "krebszones-${version}";
|
||||||
version = "0.4.4";
|
version = "0.4.4";
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
{stdenv, fetchurl}:
|
|
||||||
let
|
|
||||||
s = # Generated upstream information
|
|
||||||
rec {
|
|
||||||
baseName="jq";
|
|
||||||
version="1.5";
|
|
||||||
name="${baseName}-${version}";
|
|
||||||
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
|
|
||||||
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
|
|
||||||
};
|
|
||||||
buildInputs = [
|
|
||||||
];
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
inherit (s) name version;
|
|
||||||
inherit buildInputs;
|
|
||||||
src = fetchurl {
|
|
||||||
inherit (s) url sha256;
|
|
||||||
};
|
|
||||||
|
|
||||||
# jq is linked to libjq:
|
|
||||||
configureFlags = [
|
|
||||||
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
|
|
||||||
];
|
|
||||||
meta = {
|
|
||||||
inherit (s) version;
|
|
||||||
description = ''A lightweight and flexible command-line JSON processor'';
|
|
||||||
license = stdenv.lib.licenses.mit ;
|
|
||||||
maintainers = [stdenv.lib.maintainers.raskin];
|
|
||||||
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -1,7 +1,9 @@
|
|||||||
{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
|
{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "krebs-ci-0.1.0";
|
name = "${shortname}-${version}";
|
||||||
|
shortname = "infest-cac-centos7";
|
||||||
|
version = "0.2.0";
|
||||||
|
|
||||||
src = ./notes;
|
src = ./notes;
|
||||||
|
|
||||||
@ -23,9 +25,9 @@ stdenv.mkDerivation rec {
|
|||||||
installPhase =
|
installPhase =
|
||||||
''
|
''
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
cp ${src} $out/bin/krebs-ci
|
cp ${src} $out/bin/${shortname}
|
||||||
chmod +x $out/bin/krebs-ci
|
chmod +x $out/bin/${shortname}
|
||||||
wrapProgram $out/bin/krebs-ci \
|
wrapProgram $out/bin/${shortname} \
|
||||||
--prefix PATH : ${path}
|
--prefix PATH : ${path}
|
||||||
'';
|
'';
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
@ -1,12 +1,24 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
# nix-shell -p gnumake jq openssh cac cacpanel
|
# nix-shell -p gnumake jq openssh cac cacpanel
|
||||||
set -euf
|
set -eufx
|
||||||
|
|
||||||
# 2 secrets are required:
|
# 2 secrets are required:
|
||||||
|
|
||||||
krebs_cred=${krebs_cred-./cac.json}
|
krebs_cred=${krebs_cred-./cac.json}
|
||||||
retiolum_key=${retiolum_key-./retiolum.rsa_key.priv}
|
retiolum_key=${retiolum_key-./retiolum.rsa_key.priv}
|
||||||
|
|
||||||
|
clear_defer(){
|
||||||
|
echo "${trapstr:-exit}"
|
||||||
|
trap - INT TERM EXIT KILL
|
||||||
|
}
|
||||||
|
defer(){
|
||||||
|
if test -z "${debug:-}"; then
|
||||||
|
trapstr="$1;${trapstr:-exit}"
|
||||||
|
trap "$trapstr" INT TERM EXIT KILL
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# Sanity
|
# Sanity
|
||||||
if test ! -r "$krebs_cred";then
|
if test ! -r "$krebs_cred";then
|
||||||
echo "\$krebs_cred=$krebs_cred must be readable"; exit 1
|
echo "\$krebs_cred=$krebs_cred must be readable"; exit 1
|
||||||
@ -18,46 +30,73 @@ fi
|
|||||||
krebs_secrets=$(mktemp -d)
|
krebs_secrets=$(mktemp -d)
|
||||||
sec_file=$krebs_secrets/cac_config
|
sec_file=$krebs_secrets/cac_config
|
||||||
krebs_ssh=$krebs_secrets/tempssh
|
krebs_ssh=$krebs_secrets/tempssh
|
||||||
|
export cac_resources_cache=$krebs_secrets/res_cache.json
|
||||||
|
export cac_servers_cache=$krebs_secrets/servers_cache.json
|
||||||
|
export cac_tasks_cache=$krebs_secrets/tasks_cache.json
|
||||||
|
export cac_templates_cache=$krebs_secrets/templates_cache.json
|
||||||
# we need to receive this key from buildmaster to speed up tinc bootstrap
|
# we need to receive this key from buildmaster to speed up tinc bootstrap
|
||||||
TRAP="rm $sec_file;rm -r $krebs_secrets"
|
defer "trap - INT TERM EXIT"
|
||||||
trap "$TRAP" INT TERM EXIT
|
defer "rm -r $krebs_secrets"
|
||||||
|
|
||||||
cat > $sec_file <<EOF
|
cat > $sec_file <<EOF
|
||||||
cac_login="$(jq -r .email $krebs_cred)"
|
cac_login="$(jq -r .email $krebs_cred)"
|
||||||
cac_key="$(cac-cli panel --config $krebs_cred settings | jq -r .apicode)"
|
cac_key="$(cac-cli --config $krebs_cred panel settings | jq -r .apicode)"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
export cac_secrets=$sec_file
|
export cac_secrets=$sec_file
|
||||||
cac-cli panel --config $krebs_cred update-api-ip
|
cac-cli --config $krebs_cred panel add-api-ip
|
||||||
|
|
||||||
# test login:
|
# test login:
|
||||||
cac update
|
cac update
|
||||||
cac servers
|
cac servers
|
||||||
|
|
||||||
# Template 26: CentOS7
|
# preserve old trap
|
||||||
# TODO: use cac templates to determine the real Centos7 template in case it changes
|
old_trapstr=$(clear_defer)
|
||||||
name=$( cac build cpu=1 ram=512 storage=10 os=26 2>&1\
|
while true;do
|
||||||
| jq -r .servername)
|
# Template 26: CentOS7
|
||||||
|
# TODO: use cac templates to determine the real Centos7 template in case it changes
|
||||||
|
out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
|
||||||
|
if name=$(echo "$out" | jq -r .servername);then
|
||||||
|
id=servername:$name
|
||||||
|
echo "got a working machine, id=$id"
|
||||||
|
else
|
||||||
|
echo "Unable to build a virtual machine, retrying in 15 seconds" >&2
|
||||||
|
echo "Output of build program: $out" >&2
|
||||||
|
sleep 15
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
id=servername:$name
|
clear_defer >/dev/null
|
||||||
trap "cac delete $id;$TRAP" INT TERM EXIT
|
defer "cac delete $id"
|
||||||
# TODO: timeout?
|
|
||||||
always_update=true cac waitstatus $id "Powered On"
|
|
||||||
|
|
||||||
wait_login_cac(){
|
# TODO: timeout?
|
||||||
# timeout
|
|
||||||
for t in `seq 60`;do
|
wait_login_cac(){
|
||||||
# now we have a working cac server
|
# we wait for 30 minutes
|
||||||
if cac ssh $1 cat /etc/redhat-release | \
|
for t in `seq 180`;do
|
||||||
grep CentOS ;then
|
# now we have a working cac server
|
||||||
return 0
|
if cac ssh $1 -o ConnectTimeout=10 \
|
||||||
fi
|
cat /etc/redhat-release | \
|
||||||
sleep 10
|
grep CentOS ;then
|
||||||
done
|
return 0
|
||||||
return 1
|
fi
|
||||||
}
|
sleep 10
|
||||||
# die on timeout
|
done
|
||||||
wait_login_cac $id
|
return 1
|
||||||
|
}
|
||||||
|
# die on timeout
|
||||||
|
if ! wait_login_cac $id;then
|
||||||
|
echo "unable to boot a working system within time frame, retrying..." >&2
|
||||||
|
echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
|
||||||
|
eval "$(clear_defer | sed 's/;exit//')"
|
||||||
|
sleep 15
|
||||||
|
else
|
||||||
|
echo "got a working system" >&2
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
clear_defer >/dev/null
|
||||||
|
defer "cac delete $id;$old_trapstr"
|
||||||
|
|
||||||
mkdir -p shared/2configs/temp
|
mkdir -p shared/2configs/temp
|
||||||
cac generatenetworking $id > \
|
cac generatenetworking $id > \
|
||||||
@ -94,7 +133,7 @@ cac powerop $id reset
|
|||||||
|
|
||||||
wait_login(){
|
wait_login(){
|
||||||
# timeout
|
# timeout
|
||||||
for t in `seq 20`;do
|
for t in `seq 90`;do
|
||||||
# now we have a working cac server
|
# now we have a working cac server
|
||||||
if ssh -o StrictHostKeyChecking=no \
|
if ssh -o StrictHostKeyChecking=no \
|
||||||
-o UserKnownHostsFile=/dev/null \
|
-o UserKnownHostsFile=/dev/null \
|
11
krebs/Zhosts/bobby
Normal file
11
krebs/Zhosts/bobby
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Subnet = 10.243.111.112/32
|
||||||
|
Subnet = 42:0:0:0:0:0:111:112/128
|
||||||
|
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
|
||||||
|
uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
|
||||||
|
Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
|
||||||
|
0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
|
||||||
|
jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
|
||||||
|
cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
11
krebs/Zhosts/kebsco
Normal file
11
krebs/Zhosts/kebsco
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Subnet = 10.243.212.68
|
||||||
|
Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
|
||||||
|
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA0dEwTZh2uzJpP9GL7YRyiLuezJqYiJ8/4Bl4IPshJnuO9IGbEcto
|
||||||
|
0cFm9uM9gxxqggfaCi96DsIQNlyqff2vDfEj3mdIu9T3tkRROByQF8y1NWX29NyH
|
||||||
|
zZEX8Ri8u4U2KdYTEzPXEFxBEl0GQX9mMtlvwzCq7V4ueCcWB1xDA+DtJjpd894z
|
||||||
|
3FOw0rIxYmfYhLAL5B3rzF74bcHFGV30f4JWq11wLBkyR6/Q5gxgZzkKYGwdZ/SN
|
||||||
|
C6gg86abKdp65/Wq5P331IbwPBal1ZhGbaAo1y7JpjpLvZytI2jboXeQuPZ8P5hU
|
||||||
|
L3zKKceAibPKrw9+y8lb+IKoYLF7I1KYIwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
@ -36,6 +36,7 @@ let out = {
|
|||||||
{ system ? current-host-name
|
{ system ? current-host-name
|
||||||
, target ? system
|
, target ? system
|
||||||
}@args: let
|
}@args: let
|
||||||
|
config = get-config system;
|
||||||
in ''
|
in ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# ${current-date} ${current-user-name}@${current-host-name}
|
# ${current-date} ${current-user-name}@${current-host-name}
|
||||||
@ -47,6 +48,9 @@ let out = {
|
|||||||
${builtins.readFile ./4lib/infest/install-nix.sh}
|
${builtins.readFile ./4lib/infest/install-nix.sh}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
# Prepare target source via bind-mounting
|
||||||
|
|
||||||
|
|
||||||
(${nixos-install args})
|
(${nixos-install args})
|
||||||
|
|
||||||
${rootssh target ''
|
${rootssh target ''
|
||||||
@ -98,7 +102,7 @@ let out = {
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# ${current-date} ${current-user-name}@${current-host-name}
|
# ${current-date} ${current-user-name}@${current-host-name}
|
||||||
# krebs.nixos-install
|
# krebs.nixos-install
|
||||||
(${populate args})
|
(${populate (args // { root = "/mnt"; })})
|
||||||
|
|
||||||
${rootssh target ''
|
${rootssh target ''
|
||||||
export PATH; PATH=/root/.nix-profile/bin:$PATH
|
export PATH; PATH=/root/.nix-profile/bin:$PATH
|
||||||
@ -205,6 +209,7 @@ let out = {
|
|||||||
populate =
|
populate =
|
||||||
{ system ? current-host-name
|
{ system ? current-host-name
|
||||||
, target ? system
|
, target ? system
|
||||||
|
, root ? ""
|
||||||
}@args:
|
}@args:
|
||||||
let out = ''
|
let out = ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
@ -217,6 +222,7 @@ let out = {
|
|||||||
["dir" "git"])}
|
["dir" "git"])}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
config = get-config system;
|
config = get-config system;
|
||||||
|
|
||||||
current-host = config.krebs.hosts.${current-host-name};
|
current-host = config.krebs.hosts.${current-host-name};
|
||||||
@ -225,17 +231,18 @@ let out = {
|
|||||||
methods.dir = config:
|
methods.dir = config:
|
||||||
let
|
let
|
||||||
can-push = config.host.name == current-host.name;
|
can-push = config.host.name == current-host.name;
|
||||||
|
target-path = root + config.target-path;
|
||||||
push-method = ''
|
push-method = ''
|
||||||
rsync \
|
rsync \
|
||||||
--exclude .git \
|
--exclude .git \
|
||||||
--exclude .graveyard \
|
--exclude .graveyard \
|
||||||
--exclude old \
|
--exclude old \
|
||||||
--exclude tmp \
|
--exclude tmp \
|
||||||
--rsync-path='mkdir -p ${config.target-path} && rsync' \
|
--rsync-path='mkdir -p ${target-path} && rsync' \
|
||||||
--delete-excluded \
|
--delete-excluded \
|
||||||
-vrLptgoD \
|
-vrLptgoD \
|
||||||
${config.path}/ \
|
${config.path}/ \
|
||||||
root@${target}:${config.target-path}
|
root@${target}:${target-path}
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
if can-push then push-method else
|
if can-push then push-method else
|
||||||
@ -244,9 +251,10 @@ let out = {
|
|||||||
throw "No way to push ${dir} from ${current-host.name} to ${target}";
|
throw "No way to push ${dir} from ${current-host.name} to ${target}";
|
||||||
|
|
||||||
methods.git = config:
|
methods.git = config:
|
||||||
rootssh target ''
|
let target-path = root + config.target-path;
|
||||||
mkdir -p ${config.target-path}
|
in rootssh target ''
|
||||||
cd ${config.target-path}
|
mkdir -p ${target-path}
|
||||||
|
cd ${target-path}
|
||||||
if ! test -e .git; then
|
if ! test -e .git; then
|
||||||
git init
|
git init
|
||||||
fi
|
fi
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
../3modules/wordpress_nginx.nix
|
../3modules/wordpress_nginx.nix
|
||||||
];
|
];
|
||||||
lass.wordpress."testserver.de" = {
|
lass.wordpress."testserver.de" = {
|
||||||
|
multiSite = {
|
||||||
|
"1" = "testserver.de";
|
||||||
|
"2" = "bla.testserver.de";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mysql = {
|
services.mysql = {
|
||||||
@ -52,6 +56,27 @@
|
|||||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
#owncloud-test
|
||||||
|
#imports = singleton (sitesGenerators.createWordpress "testserver.de");
|
||||||
|
imports = [
|
||||||
|
../3modules/owncloud_nginx.nix
|
||||||
|
];
|
||||||
|
lass.owncloud."owncloud-test.de" = {
|
||||||
|
};
|
||||||
|
|
||||||
|
#services.mysql = {
|
||||||
|
# enable = true;
|
||||||
|
# package = pkgs.mariadb;
|
||||||
|
# rootPassword = "<secrets>/mysql_rootPassword";
|
||||||
|
#};
|
||||||
|
networking.extraHosts = ''
|
||||||
|
10.243.0.2 owncloud-test.de
|
||||||
|
'';
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
@ -59,11 +84,12 @@
|
|||||||
networking.wireless.enable = true;
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
10.243.206.102 habsys.de
|
213.239.205.240 wohnprojekt-rhh.de
|
||||||
10.243.206.102 pixelpocket.de
|
213.239.205.240 karlaskop.de
|
||||||
10.243.206.102 karlaskop.de
|
213.239.205.240 makeup.apanowicz.de
|
||||||
10.243.206.102 ubikmedia.de
|
213.239.205.240 pixelpocket.de
|
||||||
10.243.206.102 apanowicz.de
|
213.239.205.240 reich-gebaeudereinigung.de
|
||||||
|
213.239.205.240 o.ubikmedia.de
|
||||||
'';
|
'';
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
@ -184,7 +210,6 @@
|
|||||||
cac
|
cac
|
||||||
sshpass
|
sshpass
|
||||||
get
|
get
|
||||||
genid
|
|
||||||
teamspeak_client
|
teamspeak_client
|
||||||
hashPassword
|
hashPassword
|
||||||
];
|
];
|
||||||
|
@ -50,7 +50,7 @@ with lib;
|
|||||||
source = {
|
source = {
|
||||||
git.nixpkgs = {
|
git.nixpkgs = {
|
||||||
url = https://github.com/Lassulus/nixpkgs;
|
url = https://github.com/Lassulus/nixpkgs;
|
||||||
rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
|
rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
|
||||||
};
|
};
|
||||||
dir.secrets = {
|
dir.secrets = {
|
||||||
host = config.krebs.hosts.mors;
|
host = config.krebs.hosts.mors;
|
||||||
|
@ -31,10 +31,15 @@ in {
|
|||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
powertop
|
gitAndTools.qgit
|
||||||
sxiv
|
mpv
|
||||||
much
|
much
|
||||||
|
pavucontrol
|
||||||
|
powertop
|
||||||
push
|
push
|
||||||
|
slock
|
||||||
|
sxiv
|
||||||
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
mainUser = config.users.extraUsers.mainUser;
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
@ -8,7 +8,7 @@ in {
|
|||||||
|
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
libvirt = {
|
libvirt = {
|
||||||
uid = 358821352; # genid libvirt
|
uid = lib.genid "libvirt";
|
||||||
description = "user for running libvirt stuff";
|
description = "user for running libvirt stuff";
|
||||||
home = "/home/libvirt";
|
home = "/home/libvirt";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
mainUser = config.users.extraUsers.mainUser;
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
@ -7,7 +7,7 @@ in {
|
|||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
skype = {
|
skype = {
|
||||||
name = "skype";
|
name = "skype";
|
||||||
uid = 2259819492; #genid skype
|
uid = lib.genid "skype";
|
||||||
description = "user for running skype";
|
description = "user for running skype";
|
||||||
home = "/home/skype";
|
home = "/home/skype";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
users.extraUsers.chat = {
|
users.extraUsers.chat = {
|
||||||
home = "/home/chat";
|
home = "/home/chat";
|
||||||
uid = 986764891; # genid chat
|
uid = lib.genid "chat";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
@ -7,7 +7,6 @@ let
|
|||||||
user = config.users.users.mainUser;
|
user = config.users.users.mainUser;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
|
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
display = 11;
|
display = 11;
|
||||||
tty = 11;
|
tty = 11;
|
||||||
@ -41,16 +40,6 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.gitAndTools.qgit
|
|
||||||
pkgs.mpv
|
|
||||||
pkgs.pavucontrol
|
|
||||||
pkgs.slock
|
|
||||||
pkgs.sxiv
|
|
||||||
pkgs.xsel
|
|
||||||
pkgs.zathura
|
|
||||||
];
|
|
||||||
|
|
||||||
security.setuidPrograms = [
|
security.setuidPrograms = [
|
||||||
"slock"
|
"slock"
|
||||||
];
|
];
|
||||||
@ -106,9 +95,6 @@ let
|
|||||||
set -efu
|
set -efu
|
||||||
export PATH; PATH=${makeSearchPath "bin" ([
|
export PATH; PATH=${makeSearchPath "bin" ([
|
||||||
pkgs.rxvt_unicode
|
pkgs.rxvt_unicode
|
||||||
pkgs.i3lock
|
|
||||||
pkgs.haskellPackages.yeganesh
|
|
||||||
pkgs.dmenu
|
|
||||||
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
|
||||||
settle() {(
|
settle() {(
|
||||||
# Use PATH for a clean journal
|
# Use PATH for a clean journal
|
||||||
|
@ -51,7 +51,7 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
users.extraUsers.newsbot-js = {
|
users.extraUsers.newsbot-js = {
|
||||||
name = "newsbot-js";
|
name = "newsbot-js";
|
||||||
uid = 1616759810; #genid newsbot-js
|
uid = genid "newsbot-js";
|
||||||
description = "newsbot-js user";
|
description = "newsbot-js user";
|
||||||
home = "/var/empty";
|
home = "/var/empty";
|
||||||
};
|
};
|
||||||
|
@ -207,7 +207,7 @@ let
|
|||||||
# };
|
# };
|
||||||
#});
|
#});
|
||||||
users.users.nobody_oc = {
|
users.users.nobody_oc = {
|
||||||
uid = 1651469147; # genid nobody_oc
|
uid = genid "nobody_oc";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -229,7 +229,7 @@ let
|
|||||||
};
|
};
|
||||||
});
|
});
|
||||||
users.users.nobody2 = mkDefault {
|
users.users.nobody2 = mkDefault {
|
||||||
uid = mkDefault 125816384; # genid nobody2
|
uid = mkDefault (genid "nobody2");
|
||||||
useDefaultShell = mkDefault true;
|
useDefaultShell = mkDefault true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -26,8 +26,8 @@ in nodePackages.buildNodePackage {
|
|||||||
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "http://cgit.echelon/newsbot-js/";
|
url = "http://cgit.echelon/newsbot-js/";
|
||||||
rev = "b22729670236bfa6491207d57c5d7565137625ca";
|
rev = "802b172d0eed6c9625a9cb5db408f5cc8c01784e";
|
||||||
sha256 = "8ff00de56d85543399776c82d41d92ccc68000e5dce0f008d926748e188f3c69";
|
sha256 = "794fc7845aca311f7cf7b6bdc109b5a25d0e2299322bc6612edadc477b2536e2";
|
||||||
};
|
};
|
||||||
|
|
||||||
phases = [
|
phases = [
|
||||||
|
@ -125,6 +125,8 @@ myKeyMap =
|
|||||||
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
--, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
|
||||||
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
|
||||||
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
|
||||||
|
, ("<XF86AudioMute>", spawn "pactl -- set-sink-mute 0 toggle")
|
||||||
|
, ("<XF86AudioMicMute>", spawn "pactl -- set-source-mute 1 toggle")
|
||||||
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
|
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
|
||||||
|
|
||||||
, ("M4-a", focusUrgent)
|
, ("M4-a", focusUrgent)
|
||||||
|
@ -9,28 +9,35 @@
|
|||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
../2configs/smart-monitor.nix
|
||||||
];
|
];
|
||||||
krebs.build.host = config.krebs.hosts.filepimp;
|
krebs.build.host = config.krebs.hosts.filepimp;
|
||||||
|
services.smartd.devices = [
|
||||||
|
{ device = "/dev/sda"; }
|
||||||
|
{ device = "/dev/sdb"; }
|
||||||
|
{ device = "/dev/sdc"; }
|
||||||
|
{ device = "/dev/sdd"; }
|
||||||
|
{ device = "/dev/sde"; }
|
||||||
|
];
|
||||||
# AMD N54L
|
# AMD N54L
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.device = "/dev/sda";
|
loader.grub.device = "/dev/sde";
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
initrd.availableKernelModules = [
|
||||||
"usb_storage"
|
|
||||||
"ahci"
|
"ahci"
|
||||||
"xhci_hcd"
|
"ohci_pci"
|
||||||
"ata_piix"
|
|
||||||
"uhci_hcd"
|
|
||||||
"ehci_pci"
|
"ehci_pci"
|
||||||
|
"pata_atiixp"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
];
|
];
|
||||||
|
|
||||||
kernelModules = [ ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
networking.firewall.allowPing = true;
|
zramSwap.enable = true;
|
||||||
|
zramSwap.numDevices = 2;
|
||||||
}
|
}
|
||||||
|
@ -6,18 +6,22 @@ let
|
|||||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
# TODO: copy this config or move to krebs
|
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
../2configs/headless.nix
|
../2configs/headless.nix
|
||||||
../2configs/fs/simple-swap.nix
|
../2configs/fs/simple-swap.nix
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
|
../2configs/smart-monitor.nix
|
||||||
# ../2configs/iodined.nix
|
# ../2configs/iodined.nix
|
||||||
../2configs/git/cgit-retiolum.nix
|
../2configs/git/cgit-retiolum.nix
|
||||||
../2configs/mattermost-docker.nix
|
../2configs/mattermost-docker.nix
|
||||||
../2configs/nginx/euer.test.nix
|
../2configs/nginx/euer.test.nix
|
||||||
|
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/urlwatch.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.smartd.devices = [ { device = "/dev/sda";} ];
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||||
|
|
||||||
###### stable
|
###### stable
|
||||||
@ -28,6 +32,9 @@ in {
|
|||||||
ListenAddress = ${external-ip} 655
|
ListenAddress = ${external-ip} 655
|
||||||
ListenAddress = ${external-ip} 21031
|
ListenAddress = ${external-ip} 21031
|
||||||
'';
|
'';
|
||||||
|
krebs.nginx.servers.cgit.server-names = [
|
||||||
|
"cgit.euer.krebsco.de"
|
||||||
|
];
|
||||||
|
|
||||||
# Chat
|
# Chat
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
|
@ -2,36 +2,110 @@
|
|||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
{
|
byid = dev: "/dev/disk/by-id/" + dev;
|
||||||
|
keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
||||||
|
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
||||||
|
homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3";
|
||||||
|
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
||||||
|
# cryptsetup luksAddKey $dev tmpkey
|
||||||
|
# cryptsetup luksOpen $dev crypt0
|
||||||
|
# mkfs.xfs /dev/mapper/crypt0 -L crypt0
|
||||||
|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
||||||
|
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
|
||||||
|
cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487";
|
||||||
|
# all physical disks
|
||||||
|
allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
|
||||||
|
in {
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[
|
||||||
|
# TODO: unlock home partition via ssh
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
../2configs/zsh-user.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/smart-monitor.nix
|
||||||
|
../2configs/mail-client.nix
|
||||||
|
../2configs/share-user-sftp.nix
|
||||||
|
../2configs/nginx/omo-share.nix
|
||||||
|
../3modules
|
||||||
];
|
];
|
||||||
|
# services.openssh.allowSFTP = false;
|
||||||
krebs.build.host = config.krebs.hosts.omo;
|
krebs.build.host = config.krebs.hosts.omo;
|
||||||
|
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
|
||||||
|
|
||||||
|
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||||
|
services.sabnzbd.enable = true;
|
||||||
|
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
|
# HDD Array stuff
|
||||||
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
|
|
||||||
|
makefu.snapraid = let
|
||||||
|
toMapper = id: "/media/crypt${builtins.toString id}";
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
disks = map toMapper [ 0 1 ];
|
||||||
|
parity = toMapper 2;
|
||||||
|
};
|
||||||
|
fileSystems = let
|
||||||
|
cryptMount = name:
|
||||||
|
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
||||||
|
in {
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/mapper/home";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
} // cryptMount "crypt0"
|
||||||
|
// cryptMount "crypt1"
|
||||||
|
// cryptMount "crypt2";
|
||||||
|
|
||||||
|
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
||||||
|
'') allDisks);
|
||||||
|
|
||||||
# AMD E350
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.device = "/dev/sda";
|
initrd.luks = {
|
||||||
|
devices = let
|
||||||
|
usbkey = name: device: {
|
||||||
|
inherit name device keyFile;
|
||||||
|
keyFileSize = 4096;
|
||||||
|
};
|
||||||
|
in [
|
||||||
|
(usbkey "home" homePartition)
|
||||||
|
(usbkey "crypt0" cryptDisk0)
|
||||||
|
(usbkey "crypt1" cryptDisk1)
|
||||||
|
(usbkey "crypt2" cryptDisk2)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
loader.grub.device = rootDisk;
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
initrd.availableKernelModules = [
|
||||||
"usb_storage"
|
|
||||||
"ahci"
|
"ahci"
|
||||||
"xhci_hcd"
|
"ohci_pci"
|
||||||
"ata_piix"
|
|
||||||
"uhci_hcd"
|
|
||||||
"ehci_pci"
|
"ehci_pci"
|
||||||
|
"pata_atiixp"
|
||||||
|
"firewire_ohci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
];
|
];
|
||||||
|
|
||||||
kernelModules = [ ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
|
# 8080: sabnzbd
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
networking.firewall.allowPing = true;
|
zramSwap.enable = true;
|
||||||
|
zramSwap.numDevices = 2;
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,62 +1,51 @@
|
|||||||
# Edit this configuration file to define what should be installed on
|
# Usage:
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# NIX_PATH=secrets=/home/makefu/secrets/wry:nixpkgs=/var/src/nixpkgs nix-build -A users.makefu.pnp.config.system.build.vm
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# result/bin/run-pnp-vm -virtfs local,path=/home/makefu/secrets/pnp,security_model=none,mount_tag=secrets
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[
|
||||||
# Base
|
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
../2configs/headless.nix
|
../2configs/headless.nix
|
||||||
|
../../krebs/3modules/Reaktor.nix
|
||||||
|
|
||||||
# HW/FS
|
# these will be overwritten by qemu-vm.nix but will be used if the system
|
||||||
|
# is directly deployed
|
||||||
# enables virtio kernel modules in initrd
|
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/fs/vm-single-partition.nix
|
../2configs/fs/vm-single-partition.nix
|
||||||
|
|
||||||
# Services
|
# config.system.build.vm
|
||||||
../2configs/git/cgit-retiolum.nix
|
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||||
|
|
||||||
## Reaktor
|
|
||||||
## \/ are only plugins, must enable Reaktor explicitly
|
|
||||||
../2configs/Reaktor/stockholmLentil.nix
|
|
||||||
../2configs/Reaktor/simpleExtend.nix
|
|
||||||
../2configs/Reaktor/random-emoji.nix
|
|
||||||
../2configs/Reaktor/titlebot.nix
|
|
||||||
../2configs/Reaktor/shack-correct.nix
|
|
||||||
|
|
||||||
../2configs/exim-retiolum.nix
|
|
||||||
../2configs/urlwatch.nix
|
|
||||||
|
|
||||||
# ../2configs/graphite-standalone.nix
|
|
||||||
];
|
];
|
||||||
krebs.urlwatch.verbose = true;
|
|
||||||
|
|
||||||
krebs.Reaktor.enable = true;
|
virtualisation.graphics = false;
|
||||||
krebs.Reaktor.debug = true;
|
# also export secrets, see Usage above
|
||||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
fileSystems = pkgs.lib.mkVMOverride {
|
||||||
krebs.Reaktor.extraEnviron = {
|
"${builtins.toString <secrets>}" =
|
||||||
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
|
{ device = "secrets";
|
||||||
|
fsType = "9p";
|
||||||
|
options = "trans=virtio,version=9p2000.L,cache=loose";
|
||||||
|
neededForBoot = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.Reaktor = {
|
||||||
|
enable = true;
|
||||||
|
debug = true;
|
||||||
|
extraEnviron = {
|
||||||
|
REAKTOR_HOST = "cd.retiolum";
|
||||||
|
};
|
||||||
|
plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
|
||||||
|
channels = [ "#retiolum" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.pnp;
|
krebs.build.host = config.krebs.hosts.pnp;
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
# nginx runs on 80
|
|
||||||
80
|
|
||||||
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
|
|
||||||
# 8080 2003
|
|
||||||
|
|
||||||
# smtp
|
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
|
||||||
# networking.firewall.allowedUDPPorts = [ 2003 ];
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,7 @@
|
|||||||
# services
|
# services
|
||||||
../2configs/git/brain-retiolum.nix
|
../2configs/git/brain-retiolum.nix
|
||||||
../2configs/tor.nix
|
../2configs/tor.nix
|
||||||
|
# ../2configs/buildbot-standalone.nix
|
||||||
|
|
||||||
# hardware specifics are in here
|
# hardware specifics are in here
|
||||||
../2configs/hw/tp-x220.nix
|
../2configs/hw/tp-x220.nix
|
||||||
@ -34,16 +35,18 @@
|
|||||||
# ../2configs/mediawiki.nix
|
# ../2configs/mediawiki.nix
|
||||||
#../2configs/wordpress.nix
|
#../2configs/wordpress.nix
|
||||||
];
|
];
|
||||||
|
hardware.sane.enable = true;
|
||||||
|
hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
tinc = pkgs.tinc_pre;
|
tinc = pkgs.tinc_pre;
|
||||||
buildbot = let
|
|
||||||
pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
|
||||||
in pkgs1509.buildbot;
|
|
||||||
};
|
};
|
||||||
makefu.buildbot.master.enable = true;
|
|
||||||
|
|
||||||
#krebs.Reaktor.enable = true;
|
krebs.Reaktor = {
|
||||||
#krebs.Reaktor.nickname = "makefu|r";
|
enable = false;
|
||||||
|
nickname = "makefu|r";
|
||||||
|
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
|
||||||
|
};
|
||||||
|
|
||||||
# nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
|
# nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
@ -58,6 +61,7 @@
|
|||||||
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
||||||
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
|
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
|
||||||
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
|
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
|
||||||
|
networking.firewall.enable = false;
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
@ -59,7 +59,6 @@ in {
|
|||||||
buildbot
|
buildbot
|
||||||
buildbot-slave
|
buildbot-slave
|
||||||
get
|
get
|
||||||
genid
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
@ -18,8 +18,6 @@ in {
|
|||||||
|
|
||||||
../2configs/iodined.nix
|
../2configs/iodined.nix
|
||||||
|
|
||||||
# Reaktor
|
|
||||||
../2configs/Reaktor/simpleExtend.nix
|
|
||||||
|
|
||||||
# other nginx
|
# other nginx
|
||||||
../2configs/nginx/euer.wiki.nix
|
../2configs/nginx/euer.wiki.nix
|
||||||
@ -29,9 +27,21 @@ in {
|
|||||||
# collectd
|
# collectd
|
||||||
../2configs/collectd/collectd-base.nix
|
../2configs/collectd/collectd-base.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.wry;
|
krebs.build.host = config.krebs.hosts.wry;
|
||||||
|
|
||||||
krebs.Reaktor.enable = true;
|
krebs.Reaktor = {
|
||||||
|
nickname = "Reaktor|bot";
|
||||||
|
channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
|
||||||
|
enable = true;
|
||||||
|
plugins = with pkgs.ReaktorPlugins;[
|
||||||
|
titlebot
|
||||||
|
# stockholm-issue
|
||||||
|
nixos-version
|
||||||
|
shack-correct
|
||||||
|
sed-plugin
|
||||||
|
random-emoji ];
|
||||||
|
};
|
||||||
|
|
||||||
# bepasty to listen only on the correct interfaces
|
# bepasty to listen only on the correct interfaces
|
||||||
krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
|
krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
|
||||||
@ -59,11 +69,11 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
allowPing = true;
|
allowPing = true;
|
||||||
logRefusedConnections = false;
|
logRefusedConnections = false;
|
||||||
allowedTCPPorts = [ 53 80 443 ];
|
allowedTCPPorts = [ 53 80 443 ];
|
||||||
allowedUDPPorts = [ 655 ];
|
allowedUDPPorts = [ 655 53 ];
|
||||||
};
|
};
|
||||||
interfaces.enp2s1.ip4 = [{
|
interfaces.enp2s1.ip4 = [{
|
||||||
address = external-ip;
|
address = external-ip;
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
_:
|
|
||||||
{
|
|
||||||
# implementation of the complete Reaktor bot
|
|
||||||
imports = [
|
|
||||||
#./stockholmLentil.nix
|
|
||||||
./simpleExtend.nix
|
|
||||||
./random-emoji.nix
|
|
||||||
./titlebot.nix
|
|
||||||
./shack-correct.nix
|
|
||||||
./sed-plugin.nix
|
|
||||||
];
|
|
||||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
|
||||||
krebs.Reaktor.enable = true;
|
|
||||||
|
|
||||||
krebs.Reaktor.extraEnviron = {
|
|
||||||
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,26 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
rpkg = pkgs.substituteAll( {
|
|
||||||
name="random-emoji";
|
|
||||||
dir= "bin";
|
|
||||||
isExecutable=true;
|
|
||||||
src= ./random-emoji.sh;
|
|
||||||
});
|
|
||||||
rpkg-path = lib.makeSearchPath "bin" (with pkgs; [
|
|
||||||
coreutils
|
|
||||||
gnused
|
|
||||||
gnugrep
|
|
||||||
xmlstarlet
|
|
||||||
curl]);
|
|
||||||
in {
|
|
||||||
# TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
public_commands.insert(0,{
|
|
||||||
'capname' : "emoji",
|
|
||||||
'pattern' : indirect_pattern.format("emoji"),
|
|
||||||
'argv' : ["${rpkg}/bin/random-emoji"],
|
|
||||||
'env' : { 'PATH':'${rpkg-path}' } })
|
|
||||||
'';
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
script = ./sed-plugin.py;
|
|
||||||
in {
|
|
||||||
#TODO: this will eat up the last regex, fix Reaktor
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
public_commands.append({
|
|
||||||
'capname' : "sed-plugin",
|
|
||||||
# only support s///gi
|
|
||||||
'pattern' : '^(?P<args>.*)$$',
|
|
||||||
'argv' : ["${pkgs.python3}/bin/python3","${script}"],
|
|
||||||
'env' : { 'state_dir' : workdir,
|
|
||||||
'PATH':'${lib.makeSearchPath "bin" [pkgs.gnused]}' }})
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
script = pkgs.substituteAll ( {
|
|
||||||
name="shack-correct";
|
|
||||||
isExecutable=true;
|
|
||||||
dir = "";
|
|
||||||
src = ./shack-correct.sh;
|
|
||||||
});
|
|
||||||
in {
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
public_commands.insert(0,{
|
|
||||||
'capname' : "shack-correct",
|
|
||||||
'pattern' : '^(?P<args>.*Shack.*)$$',
|
|
||||||
'argv' : ["${script}"],
|
|
||||||
'env' : { }})
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
nixos-version-script = pkgs.writeScript "nix-version" ''
|
|
||||||
#! /bin/sh
|
|
||||||
. /etc/os-release
|
|
||||||
echo "$PRETTY_NAME"
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
public_commands.insert(0,{
|
|
||||||
'capname' : "nixos-version",
|
|
||||||
'pattern' : indirect_pattern.format("nixos-version"),
|
|
||||||
'argv' : ["${nixos-version-script}"],
|
|
||||||
'env' : { 'state_dir': workdir } })
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
random-issue = pkgs.substituteAll( {
|
|
||||||
name="random-issue";
|
|
||||||
dir= "bin";
|
|
||||||
isExecutable=true;
|
|
||||||
src= ./random-issue.sh;
|
|
||||||
});
|
|
||||||
random-issue-path = lib.makeSearchPath "bin" (with pkgs; [
|
|
||||||
coreutils
|
|
||||||
git
|
|
||||||
gnused
|
|
||||||
lentil]);
|
|
||||||
in {
|
|
||||||
# TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
public_commands.insert(0,{
|
|
||||||
'capname' : "stockholm-issue",
|
|
||||||
'pattern' : indirect_pattern.format("stockholm-issue"),
|
|
||||||
'argv' : ["${random-issue}/bin/random-issue"],
|
|
||||||
'env' : { 'state_dir': workdir,
|
|
||||||
'PATH':'${random-issue-path}',
|
|
||||||
'origin':'http://cgit.pnp/stockholm' } })
|
|
||||||
'';
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
{ stdenv,config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
pypkgs = pkgs.python3Packages;
|
|
||||||
titlebot_cmds = pypkgs.buildPythonPackage {
|
|
||||||
name = "titlebot_cmds";
|
|
||||||
propagatedBuildInputs = with pypkgs; [ setuptools ];
|
|
||||||
src = fetchurl {
|
|
||||||
# https://github.com/makefu/reaktor-titlebot tag 2.1.0
|
|
||||||
url = "https://github.com/makefu/reaktor-titlebot/archive/2.1.0.tar.gz";
|
|
||||||
sha256 = "0wvf09wmk8b52f9j65qrw81nwrhs9pfhijwrlkzp5l7l2q8cjkp6";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
pub_cmds = ["up" "help" "list" "top" "highest" "undo" ];
|
|
||||||
priv_cmds = [ "clear" ];
|
|
||||||
in {
|
|
||||||
# TODO: write identify file in
|
|
||||||
# {config.users.extraUsers.Reaktor.home}/state/admin.lst
|
|
||||||
krebs.Reaktor.extraConfig = ''
|
|
||||||
def titlebot_cmd(cmd):
|
|
||||||
return {
|
|
||||||
'capname': cmd,
|
|
||||||
'env': {
|
|
||||||
'TITLEDB':
|
|
||||||
'${config.users.extraUsers.Reaktor.home}/suggestions.json'
|
|
||||||
},
|
|
||||||
'pattern': '^\\.' + cmd + '\\s*(?:\\s+(?P<args>.*))?$$',
|
|
||||||
'argv': [ '${titlebot_cmds}/bin/' + cmd ] }
|
|
||||||
# TODO: for each element in ${titlebot_cmds}/bin/*
|
|
||||||
public_commands.insert(0,titlebot_cmd('up'))
|
|
||||||
public_commands.insert(0,titlebot_cmd('help'))
|
|
||||||
public_commands.insert(0,titlebot_cmd('list'))
|
|
||||||
public_commands.insert(0,titlebot_cmd('top'))
|
|
||||||
public_commands.insert(0,titlebot_cmd('new'))
|
|
||||||
commands.insert(0,titlebot_cmd('clear'))
|
|
||||||
'';
|
|
||||||
}
|
|
@ -13,7 +13,7 @@ with lib;
|
|||||||
./vim.nix
|
./vim.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
search-domain = "retiolum";
|
search-domain = "retiolum";
|
||||||
@ -23,8 +23,8 @@ with lib;
|
|||||||
source = {
|
source = {
|
||||||
git.nixpkgs = {
|
git.nixpkgs = {
|
||||||
#url = https://github.com/NixOS/nixpkgs;
|
#url = https://github.com/NixOS/nixpkgs;
|
||||||
url = mkDefault https://github.com/makefu/nixpkgs;
|
url = mkDefault https://github.com/nixos/nixpkgs;
|
||||||
rev = mkDefault "3fd2c24685f604edc925f73ed56600b8c66236b3"; # nixos-15.09 + cherry-picking
|
rev = mkDefault "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
|
||||||
target-path = "/var/src/nixpkgs";
|
target-path = "/var/src/nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -65,7 +65,12 @@ with lib;
|
|||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
#nix.maxJobs = 1;
|
#nix.maxJobs = 1;
|
||||||
|
|
||||||
programs.ssh.startAgent = false;
|
programs.ssh = {
|
||||||
|
startAgent = false;
|
||||||
|
extraConfig = ''
|
||||||
|
UseRoaming no
|
||||||
|
'';
|
||||||
|
};
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
nix.useChroot = true;
|
nix.useChroot = true;
|
||||||
|
|
||||||
|
@ -24,5 +24,12 @@ with lib;
|
|||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
services.tlp.extraConfig = ''
|
services.tlp.extraConfig = ''
|
||||||
START_CHARGE_THRESH_BAT0=80
|
START_CHARGE_THRESH_BAT0=80
|
||||||
|
|
||||||
|
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||||
|
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||||
|
CPU_MIN_PERF_ON_AC=0
|
||||||
|
CPU_MAX_PERF_ON_AC=100
|
||||||
|
CPU_MIN_PERF_ON_BAT=0
|
||||||
|
CPU_MAX_PERF_ON_BAT=30
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,8 @@ with lib;
|
|||||||
mutt-kz
|
mutt-kz
|
||||||
notmuch
|
notmuch
|
||||||
offlineimap
|
offlineimap
|
||||||
|
imapfilter
|
||||||
|
gnupg
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
34
makefu/2configs/nginx/omo-share.nix
Normal file
34
makefu/2configs/nginx/omo-share.nix
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
hostname = config.krebs.build.host.name;
|
||||||
|
# TODO local-ip from the nets config
|
||||||
|
local-ip = "192.168.1.11";
|
||||||
|
# local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
in {
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
servers = {
|
||||||
|
omo-share = {
|
||||||
|
listen = [ "${local-ip}:80" ];
|
||||||
|
locations = singleton (nameValuePair "/" ''
|
||||||
|
autoindex on;
|
||||||
|
root /media;
|
||||||
|
limit_rate_after 100m;
|
||||||
|
limit_rate 5m;
|
||||||
|
mp4_buffer_size 4M;
|
||||||
|
mp4_max_buffer_size 10M;
|
||||||
|
allow all;
|
||||||
|
access_log off;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
keepalive_requests 200;
|
||||||
|
reset_timedout_connection on;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
gzip off;
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
21
makefu/2configs/share-user-sftp.nix
Normal file
21
makefu/2configs/share-user-sftp.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users = {
|
||||||
|
share = {
|
||||||
|
uid = 9002;
|
||||||
|
home = "/var/empty";
|
||||||
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# we will use internal-sftp to make uncomplicated Chroot work
|
||||||
|
services.openssh.extraConfig = ''
|
||||||
|
Match User share
|
||||||
|
ChrootDirectory /media
|
||||||
|
ForceCommand internal-sftp
|
||||||
|
AllowTcpForwarding no
|
||||||
|
PermitTunnel no
|
||||||
|
X11Forwarding no
|
||||||
|
Match All
|
||||||
|
'';
|
||||||
|
}
|
18
makefu/2configs/smart-monitor.nix
Normal file
18
makefu/2configs/smart-monitor.nix
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
krebs.exim-retiolum.enable = lib.mkDefault true;
|
||||||
|
services.smartd = {
|
||||||
|
enable = true;
|
||||||
|
autodetect = false;
|
||||||
|
notifications = {
|
||||||
|
mail = {
|
||||||
|
enable = true;
|
||||||
|
recipient = config.krebs.users.makefu.mail;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# short daily, long weekly, check on boot
|
||||||
|
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
||||||
|
|
||||||
|
devices = lib.mkDefault [ ];
|
||||||
|
};
|
||||||
|
}
|
@ -1,6 +1,22 @@
|
|||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
urlwatch = with pkgs.pythonPackages; buildPythonPackage rec {
|
||||||
|
name = "urlwatch-1.18";
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ futures ];
|
||||||
|
|
||||||
|
src = pkgs.fetchurl {
|
||||||
|
url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
|
||||||
|
sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb";
|
||||||
|
};
|
||||||
|
|
||||||
|
postFixup = ''
|
||||||
|
wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
krebs.urlwatch = {
|
krebs.urlwatch = {
|
||||||
enable = true;
|
enable = true;
|
||||||
mailto = config.krebs.users.makefu.mail;
|
mailto = config.krebs.users.makefu.mail;
|
||||||
@ -12,7 +28,7 @@
|
|||||||
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
||||||
https://pypi.python.org/simple/bepasty/
|
https://pypi.python.org/simple/bepasty/
|
||||||
https://pypi.python.org/simple/xstatic/
|
https://pypi.python.org/simple/xstatic/
|
||||||
|
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -122,7 +122,7 @@ in {
|
|||||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||||
vimrcConfig.vam.pluginDictionaries = [
|
vimrcConfig.vam.pluginDictionaries = [
|
||||||
{ names = [ "undotree"
|
{ names = [ "undotree"
|
||||||
"YouCompleteMe"
|
# "YouCompleteMe"
|
||||||
"vim-better-whitespace" ]; }
|
"vim-better-whitespace" ]; }
|
||||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||||
];
|
];
|
||||||
|
@ -5,4 +5,5 @@ let
|
|||||||
in {
|
in {
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
|
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
|
||||||
|
networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
|
||||||
}
|
}
|
||||||
|
@ -1,33 +1,9 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
_:
|
||||||
|
|
||||||
#usage: $ wvdial
|
{
|
||||||
|
imports = [ ../3modules ];
|
||||||
let
|
makefu.umts = {
|
||||||
mainUser = config.krebs.build.user;
|
enable = true;
|
||||||
in {
|
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
|
||||||
environment.systemPackages = with pkgs;[
|
|
||||||
wvdial
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
umts = "sudo wvdial netzclub";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# configure for NETZCLUB
|
|
||||||
environment.wvdial.dialerDefaults = ''
|
|
||||||
Phone = *99***1#
|
|
||||||
Dial Command = ATDT
|
|
||||||
Modem = /dev/ttyACM0
|
|
||||||
Baud = 460800
|
|
||||||
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
|
||||||
Init2 = ATZ
|
|
||||||
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
|
|
||||||
ISDN = 0
|
|
||||||
Modem Type = Analog Modem
|
|
||||||
Username = netzclub
|
|
||||||
Password = netzclub
|
|
||||||
Stupid Mode = 1
|
|
||||||
Idle Seconds = 0'';
|
|
||||||
|
|
||||||
users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
|
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,7 @@ in
|
|||||||
bindkey -e
|
bindkey -e
|
||||||
# shift-tab
|
# shift-tab
|
||||||
bindkey '^[[Z' reverse-menu-complete
|
bindkey '^[[Z' reverse-menu-complete
|
||||||
|
bindkey "\e[3~" delete-char
|
||||||
autoload -U compinit && compinit
|
|
||||||
zstyle ':completion:*' menu select
|
zstyle ':completion:*' menu select
|
||||||
|
|
||||||
# load gpg-agent
|
# load gpg-agent
|
||||||
|
@ -1,263 +0,0 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
buildbot = pkgs.buildbot;
|
|
||||||
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
|
|
||||||
# -*- python -*-
|
|
||||||
from buildbot.plugins import *
|
|
||||||
import re
|
|
||||||
|
|
||||||
c = BuildmasterConfig = {}
|
|
||||||
|
|
||||||
c['slaves'] = []
|
|
||||||
# TODO: template potential buildslaves
|
|
||||||
# TODO: set password?
|
|
||||||
slavenames= [ 'testslave' ]
|
|
||||||
for i in slavenames:
|
|
||||||
c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
|
|
||||||
|
|
||||||
c['protocols'] = {'pb': {'port': 9989}}
|
|
||||||
|
|
||||||
####### Build Inputs
|
|
||||||
stockholm_repo = 'http://cgit.gum/stockholm'
|
|
||||||
c['change_source'] = []
|
|
||||||
c['change_source'].append(changes.GitPoller(
|
|
||||||
stockholm_repo,
|
|
||||||
workdir='stockholm-poller', branch='master',
|
|
||||||
project='stockholm',
|
|
||||||
pollinterval=120))
|
|
||||||
|
|
||||||
####### Build Scheduler
|
|
||||||
# TODO: configure scheduler
|
|
||||||
c['schedulers'] = []
|
|
||||||
|
|
||||||
# test the master real quick
|
|
||||||
fast = schedulers.SingleBranchScheduler(
|
|
||||||
change_filter=util.ChangeFilter(branch="master"),
|
|
||||||
name="fast-master-test",
|
|
||||||
builderNames=["fast-tests"])
|
|
||||||
|
|
||||||
force = schedulers.ForceScheduler(
|
|
||||||
name="force",
|
|
||||||
builderNames=["full-tests"])
|
|
||||||
|
|
||||||
# files everyone depends on or are part of the share branch
|
|
||||||
def shared_files(change):
|
|
||||||
r =re.compile("^((krebs|share)/.*|Makefile|default.nix)")
|
|
||||||
for file in change.files:
|
|
||||||
if r.match(file):
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
full = schedulers.SingleBranchScheduler(
|
|
||||||
change_filter=util.ChangeFilter(branch="master"),
|
|
||||||
fileIsImportant=shared_files,
|
|
||||||
name="full-master-test",
|
|
||||||
builderNames=["full-tests"])
|
|
||||||
c['schedulers'] = [ fast, force, full ]
|
|
||||||
###### The actual build
|
|
||||||
# couple of fast steps:
|
|
||||||
f = util.BuildFactory()
|
|
||||||
## fetch repo
|
|
||||||
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
|
||||||
f.addStep(grab_repo)
|
|
||||||
|
|
||||||
# the dependencies which are used by the test script
|
|
||||||
deps = [ "gnumake", "jq" ]
|
|
||||||
nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ]
|
|
||||||
def addShell(f,**kwargs):
|
|
||||||
f.addStep(steps.ShellCommand(**kwargs))
|
|
||||||
|
|
||||||
addShell(f,name="centos7-eval",env={"LOGNAME": "shared",
|
|
||||||
"get" : "krebs.deploy",
|
|
||||||
"filter" : "json"
|
|
||||||
},
|
|
||||||
command=nixshell + ["make -s eval system=test-centos7"])
|
|
||||||
|
|
||||||
addShell(f,name="wolf-eval",env={"LOGNAME": "shared",
|
|
||||||
"get" : "krebs.deploy",
|
|
||||||
"filter" : "json"
|
|
||||||
},
|
|
||||||
command=nixshell + ["make -s eval system=wolf"])
|
|
||||||
|
|
||||||
c['builders'] = []
|
|
||||||
c['builders'].append(
|
|
||||||
util.BuilderConfig(name="fast-tests",
|
|
||||||
slavenames=slavenames,
|
|
||||||
factory=f))
|
|
||||||
|
|
||||||
# TODO slow build
|
|
||||||
c['builders'].append(
|
|
||||||
util.BuilderConfig(name="full-tests",
|
|
||||||
slavenames=slavenames,
|
|
||||||
factory=f))
|
|
||||||
|
|
||||||
####### Status of Builds
|
|
||||||
c['status'] = []
|
|
||||||
|
|
||||||
from buildbot.status import html
|
|
||||||
from buildbot.status.web import authz, auth
|
|
||||||
# TODO: configure if http is wanted
|
|
||||||
authz_cfg=authz.Authz(
|
|
||||||
# TODO: configure user/pw
|
|
||||||
auth=auth.BasicAuth([("krebs","bob")]),
|
|
||||||
gracefulShutdown = False,
|
|
||||||
forceBuild = 'auth',
|
|
||||||
forceAllBuilds = 'auth',
|
|
||||||
pingBuilder = False,
|
|
||||||
stopBuild = False,
|
|
||||||
stopAllBuilds = False,
|
|
||||||
cancelPendingBuild = False,
|
|
||||||
)
|
|
||||||
# TODO: configure nginx
|
|
||||||
c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
|
|
||||||
|
|
||||||
from buildbot.status import words
|
|
||||||
${optionalString (cfg.irc.enable) ''
|
|
||||||
irc = words.IRC("${cfg.irc.server}", "krebsbuild",
|
|
||||||
# TODO: multiple channels
|
|
||||||
channels=["${cfg.irc.channel}"],
|
|
||||||
notify_events={
|
|
||||||
#'success': 1,
|
|
||||||
#'failure': 1,
|
|
||||||
'exception': 1,
|
|
||||||
'successToFailure': 1,
|
|
||||||
'failureToSuccess': 1,
|
|
||||||
}${optionalString cfg.irc.allowForce ",allowForce=True"})
|
|
||||||
c['status'].append(irc)
|
|
||||||
''}
|
|
||||||
|
|
||||||
####### PROJECT IDENTITY
|
|
||||||
c['title'] = "Stockholm"
|
|
||||||
c['titleURL'] = "http://krebsco.de"
|
|
||||||
|
|
||||||
#c['buildbotURL'] = "http://buildbot.krebsco.de/"
|
|
||||||
# TODO: configure url
|
|
||||||
c['buildbotURL'] = "http://vbob:8010/"
|
|
||||||
|
|
||||||
####### DB URL
|
|
||||||
c['db'] = {
|
|
||||||
'db_url' : "sqlite:///state.sqlite",
|
|
||||||
}
|
|
||||||
${cfg.extraConfig}
|
|
||||||
'';
|
|
||||||
|
|
||||||
cfg = config.makefu.buildbot.master;
|
|
||||||
|
|
||||||
api = {
|
|
||||||
enable = mkEnableOption "Buildbot Master";
|
|
||||||
workDir = mkOption {
|
|
||||||
default = "/var/lib/buildbot/master";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
Path to build bot master directory.
|
|
||||||
Will be created on startup.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
irc = mkOption {
|
|
||||||
default = {};
|
|
||||||
type = types.submodule ({ config, ... }: {
|
|
||||||
options = {
|
|
||||||
enable = mkEnableOption "Buildbot Master IRC Status";
|
|
||||||
channel = mkOption {
|
|
||||||
default = "nix-buildbot-meetup";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
irc channel the bot should connect to
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
allowForce = mkOption {
|
|
||||||
default = false;
|
|
||||||
type = types.bool;
|
|
||||||
description = ''
|
|
||||||
Determines if builds can be forced via IRC
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nick = mkOption {
|
|
||||||
default = "nix-buildbot";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
nickname for IRC
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
server = mkOption {
|
|
||||||
default = "irc.freenode.net";
|
|
||||||
type = types.str;
|
|
||||||
description = ''
|
|
||||||
Buildbot Status IRC Server to connect to
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = types.lines;
|
|
||||||
description = ''
|
|
||||||
extra config appended to the generated master.cfg
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imp = {
|
|
||||||
|
|
||||||
users.extraUsers.buildbotMaster = {
|
|
||||||
uid = 672626386; #genid buildbotMaster
|
|
||||||
description = "Buildbot Master";
|
|
||||||
home = cfg.workDir;
|
|
||||||
createHome = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.extraGroups.buildbotMaster = {
|
|
||||||
gid = 672626386;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.buildbotMaster = {
|
|
||||||
description = "Buildbot Master";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
path = [ pkgs.git ];
|
|
||||||
serviceConfig = let
|
|
||||||
workdir="${lib.shell.escape cfg.workDir}";
|
|
||||||
# TODO: check if git is the only dep
|
|
||||||
in {
|
|
||||||
PermissionsStartOnly = true;
|
|
||||||
Type = "forking";
|
|
||||||
PIDFile = "${workdir}/twistd.pid";
|
|
||||||
# TODO: maybe also prepare buildbot.tac?
|
|
||||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
|
||||||
#!/bin/sh
|
|
||||||
set -efux
|
|
||||||
if [ ! -e ${workdir} ];then
|
|
||||||
mkdir -p ${workdir}
|
|
||||||
${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
|
|
||||||
fi
|
|
||||||
# always override the master.cfg
|
|
||||||
cp ${buildbot-master-config} ${workdir}/master.cfg
|
|
||||||
# sanity
|
|
||||||
${buildbot}/bin/buildbot checkconfig ${workdir}
|
|
||||||
|
|
||||||
# TODO: maybe upgrade? not sure about this
|
|
||||||
# normally we should write buildbot.tac by our own
|
|
||||||
# ${buildbot}/bin/buildbot upgrade-master ${workdir}
|
|
||||||
|
|
||||||
chmod 700 -R ${workdir}
|
|
||||||
chown buildbotMaster:buildbotMaster -R ${workdir}
|
|
||||||
'';
|
|
||||||
ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
|
|
||||||
ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
|
|
||||||
ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
|
|
||||||
PrivateTmp = "true";
|
|
||||||
User = "buildbotMaster";
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = "10";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.makefu.buildbot.master = api;
|
|
||||||
config = mkIf cfg.enable imp;
|
|
||||||
}
|
|
@ -2,8 +2,8 @@ _:
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./buildbot/master.nix
|
./snapraid.nix
|
||||||
./buildbot/slave.nix
|
./umts.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
125
makefu/3modules/snapraid.nix
Normal file
125
makefu/3modules/snapraid.nix
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
# returns dirname without / , used as disk name
|
||||||
|
dname = dir: replaceChars ["/"] [""] (head (reverseList (splitString "/" dir)));
|
||||||
|
snapraid-conf = ''
|
||||||
|
# Disks
|
||||||
|
${concatMapStringsSep "\n" (d: "disk ${dname d} ${d}") cfg.disks}
|
||||||
|
# Parity
|
||||||
|
${optionalString (cfg.parity != "") "parity ${cfg.parity}/snapraid.parity"}
|
||||||
|
|
||||||
|
# content on Disks
|
||||||
|
${optionalString cfg.contentOnDisks
|
||||||
|
concatMapStringsSep "\n" (d: "content ${d}/snapraid.content") cfg.disks}
|
||||||
|
|
||||||
|
# content on Parity
|
||||||
|
${optionalString (cfg.contentOnParity && cfg.parity != "")
|
||||||
|
"content ${cfg.parity}/snapraid.content"}
|
||||||
|
# Default content file
|
||||||
|
content ${cfg.defaultContentFile}
|
||||||
|
|
||||||
|
# Extra Configuration
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
|
cfg = config.makefu.snapraid;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.makefu.snapraid = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "snapraid";
|
||||||
|
|
||||||
|
timerConfig = mkOption {
|
||||||
|
type = types.unspecified;
|
||||||
|
description = ''
|
||||||
|
Start snapraid service
|
||||||
|
'';
|
||||||
|
default = {
|
||||||
|
OnCalendar = "daily";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
disks = mkOption {
|
||||||
|
type = with types;listOf str;
|
||||||
|
description = ''
|
||||||
|
Disks to protect. Each disk is a path to the mounted directory of the
|
||||||
|
disk.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
parity = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Folder to store parity file.
|
||||||
|
Set to empty string if you want to configure the parity yourself in
|
||||||
|
extraConfig.
|
||||||
|
|
||||||
|
All extra parity files (2,3,z, etc...) should be configured via
|
||||||
|
extraConfig.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
contentOnDisks = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Store Content file on each Disk to protect.
|
||||||
|
Set this to false if you do not want this behavior to apply.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
contentOnParity = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Store Content file on parity Disk.
|
||||||
|
Set this to false if you do not want this behavior to apply.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
defaultContentFile = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/cache/snapraid.content";
|
||||||
|
description = ''
|
||||||
|
Path to default content file
|
||||||
|
Set to empty string if this content file should be written.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Extra configuration to be appended to the snapraid conf file.
|
||||||
|
You can configure extra Parity files as well as extra content files.
|
||||||
|
See `man snapraid` for additional configuration
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
environment.systemPackages = [
|
||||||
|
# for scrubbing,fixing
|
||||||
|
pkgs.snapraid
|
||||||
|
];
|
||||||
|
environment.etc."snapraid.conf".text = snapraid-conf;
|
||||||
|
systemd.timers.snapraid-sync = {
|
||||||
|
description = "snapraid sync timer";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = cfg.timerConfig;
|
||||||
|
};
|
||||||
|
systemd.services.snapraid-sync = {
|
||||||
|
description = "Snapraid sync service";
|
||||||
|
after = [ "network.target" "local-fs.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStartPre = pkgs.writeScript "Snapraid-sync-init" ''
|
||||||
|
#! /bin/sh
|
||||||
|
${optionalString (cfg.defaultContentFile != "")
|
||||||
|
"mkdir -p $(dirname ${cfg.defaultContentFile})"}
|
||||||
|
'';
|
||||||
|
ExecStart = "${pkgs.snapraid}/bin/snapraid sync";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in out
|
76
makefu/3modules/umts.nix
Normal file
76
makefu/3modules/umts.nix
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
# TODO: currently it is only netzclub
|
||||||
|
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||||
|
#!/bin/sh
|
||||||
|
set -euf
|
||||||
|
systemctl start umts
|
||||||
|
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
|
||||||
|
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
|
||||||
|
journalctl -xfu umts
|
||||||
|
'';
|
||||||
|
|
||||||
|
wvdial-defaults = ''
|
||||||
|
Phone = *99***1#
|
||||||
|
Dial Command = ATDT
|
||||||
|
Modem = ${cfg.modem-device}
|
||||||
|
Baud = 460800
|
||||||
|
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||||
|
Init2 = ATZ
|
||||||
|
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
|
||||||
|
ISDN = 0
|
||||||
|
Modem Type = Analog Modem
|
||||||
|
Username = netzclub
|
||||||
|
Password = netzclub
|
||||||
|
Stupid Mode = 1
|
||||||
|
Idle Seconds = 0'';
|
||||||
|
|
||||||
|
cfg = config.makefu.umts;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.makefu.umts = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "umts";
|
||||||
|
|
||||||
|
modem-device = mkOption {
|
||||||
|
default = "/dev/ttyUSB0";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
path to modem device, use <filename>/dev/serial/by-id/...</filename>
|
||||||
|
to avoid race conditions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
environment.shellAliases = {
|
||||||
|
umts = "sudo ${umts-bin}/bin/umts";
|
||||||
|
};
|
||||||
|
environment.systemPackages = [ ];
|
||||||
|
|
||||||
|
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||||
|
|
||||||
|
systemd.targets.network-umts = {
|
||||||
|
description = "System is running on UMTS";
|
||||||
|
unitConfig.StopWhenUnneeded = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.umts = {
|
||||||
|
description = "UMTS wvdial Service";
|
||||||
|
before = [ "network-umts.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "4s";
|
||||||
|
ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in out
|
45
shared/1systems/test-all-krebs-modules.nix
Normal file
45
shared/1systems/test-all-krebs-modules.nix
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
en = { enable = true;};
|
||||||
|
in {
|
||||||
|
krebs = {
|
||||||
|
enable = true;
|
||||||
|
build.user = config.krebs.users.shared;
|
||||||
|
build.host = config.krebs.hosts.test-all-krebs-modules;
|
||||||
|
Reaktor.enable = true;
|
||||||
|
apt-cacher-ng.enable = true;
|
||||||
|
backup.enable = true;
|
||||||
|
bepasty.enable = true;
|
||||||
|
buildbot.master.enable = true;
|
||||||
|
buildbot.slave = {
|
||||||
|
enable = true;
|
||||||
|
username = "lol";
|
||||||
|
password = "wut";
|
||||||
|
};
|
||||||
|
exim-retiolum.enable = true;
|
||||||
|
exim-smarthost = {
|
||||||
|
enable = true;
|
||||||
|
system-aliases = [ { from = "dick"; to = "butt"; } ];
|
||||||
|
};
|
||||||
|
go.enable = true;
|
||||||
|
iptables = {
|
||||||
|
enable = true;
|
||||||
|
tables = {};
|
||||||
|
};
|
||||||
|
nginx.enable = true;
|
||||||
|
realwallpaper.enable = true;
|
||||||
|
retiolum.enable = true;
|
||||||
|
retiolum-bootstrap.enable = true;
|
||||||
|
tinc_graphs.enable = true;
|
||||||
|
urlwatch.enable = true;
|
||||||
|
fetchWallpaper = {
|
||||||
|
enable = true;
|
||||||
|
url ="localhost";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# just get the system running
|
||||||
|
boot.loader.grub.devices = ["/dev/sda"];
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/lol";
|
||||||
|
};
|
||||||
|
}
|
6
shared/1systems/test-failing.nix
Normal file
6
shared/1systems/test-failing.nix
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
|
programs.ssh.startAgent = false;
|
||||||
|
}
|
13
shared/1systems/test-minimal-deploy.nix
Normal file
13
shared/1systems/test-minimal-deploy.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
krebs = {
|
||||||
|
enable = true;
|
||||||
|
build.user = config.krebs.users.shared;
|
||||||
|
build.host = config.krebs.hosts.test-all-krebs-modules;
|
||||||
|
};
|
||||||
|
# just get the system to eval in nixos without errors
|
||||||
|
boot.loader.grub.devices = ["/dev/sda"];
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/lol";
|
||||||
|
};
|
||||||
|
}
|
@ -11,7 +11,7 @@ in
|
|||||||
../2configs/collectd-base.nix
|
../2configs/collectd-base.nix
|
||||||
../2configs/shack-nix-cacher.nix
|
../2configs/shack-nix-cacher.nix
|
||||||
../2configs/shack-drivedroid.nix
|
../2configs/shack-drivedroid.nix
|
||||||
../2configs/cac-ci.nix
|
../2configs/buildbot-standalone.nix
|
||||||
../2configs/graphite.nix
|
../2configs/graphite.nix
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
@ -33,8 +33,6 @@ in
|
|||||||
# uninteresting stuff
|
# uninteresting stuff
|
||||||
#####################
|
#####################
|
||||||
krebs.build.host = config.krebs.hosts.wolf;
|
krebs.build.host = config.krebs.hosts.wolf;
|
||||||
# TODO rename shared user to "krebs"
|
|
||||||
krebs.build.user = config.krebs.users.shared;
|
|
||||||
krebs.build.target = "wolf";
|
krebs.build.target = "wolf";
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
|
@ -14,11 +14,12 @@ with lib;
|
|||||||
};
|
};
|
||||||
|
|
||||||
# TODO rename shared user to "krebs"
|
# TODO rename shared user to "krebs"
|
||||||
krebs.build.user = config.krebs.users.shared;
|
krebs.build.user = mkDefault config.krebs.users.shared;
|
||||||
krebs.build.source = {
|
krebs.build.source = {
|
||||||
git.nixpkgs = {
|
git.nixpkgs = {
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||||
|
target-path = "/var/src/nixpkgs";
|
||||||
};
|
};
|
||||||
dir.secrets = {
|
dir.secrets = {
|
||||||
host = config.krebs.current.host;
|
host = config.krebs.current.host;
|
||||||
@ -27,6 +28,7 @@ with lib;
|
|||||||
dir.stockholm = {
|
dir.stockholm = {
|
||||||
host = config.krebs.current.host;
|
host = config.krebs.current.host;
|
||||||
path = mkDefault "${getEnv "HOME"}/stockholm";
|
path = mkDefault "${getEnv "HOME"}/stockholm";
|
||||||
|
target-path = "/var/src/stockholm";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
155
shared/2configs/buildbot-standalone.nix
Normal file
155
shared/2configs/buildbot-standalone.nix
Normal file
@ -0,0 +1,155 @@
|
|||||||
|
{ lib, config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||||
|
in {
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
buildbot = pkgs-unst.buildbot;
|
||||||
|
buildbot-slave = pkgs-unst.buildbot-slave;
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||||
|
krebs.buildbot.master = {
|
||||||
|
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
|
||||||
|
slaves = {
|
||||||
|
testslave = "krebspass";
|
||||||
|
};
|
||||||
|
change_source.stockholm = ''
|
||||||
|
stockholm_repo = 'http://cgit.gum/stockholm'
|
||||||
|
cs.append(changes.GitPoller(
|
||||||
|
stockholm_repo,
|
||||||
|
workdir='stockholm-poller', branch='master',
|
||||||
|
project='stockholm',
|
||||||
|
pollinterval=120))
|
||||||
|
'';
|
||||||
|
scheduler = {
|
||||||
|
force-scheduler = ''
|
||||||
|
sched.append(schedulers.ForceScheduler(
|
||||||
|
name="force",
|
||||||
|
builderNames=["full-tests"]))
|
||||||
|
'';
|
||||||
|
fast-tests-scheduler = ''
|
||||||
|
# test the master real quick
|
||||||
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
|
change_filter=util.ChangeFilter(branch="master"),
|
||||||
|
treeStableTimer=10, #only test the latest push
|
||||||
|
name="fast-master-test",
|
||||||
|
builderNames=["fast-tests"]))
|
||||||
|
'';
|
||||||
|
test-cac-infest-master = ''
|
||||||
|
# files everyone depends on or are part of the share branch
|
||||||
|
def shared_files(change):
|
||||||
|
r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
|
||||||
|
for file in change.files:
|
||||||
|
if r.match(file):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
sched.append(schedulers.SingleBranchScheduler(
|
||||||
|
change_filter=util.ChangeFilter(branch="master"),
|
||||||
|
fileIsImportant=shared_files,
|
||||||
|
treeStableTimer=60*60, # master was stable for the last hour
|
||||||
|
name="full-master-test",
|
||||||
|
builderNames=["full-tests"]))
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
builder_pre = ''
|
||||||
|
# prepare grab_repo step for stockholm
|
||||||
|
stockholm_repo = "http://cgit.gum.retiolum/stockholm"
|
||||||
|
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
|
||||||
|
|
||||||
|
env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"}
|
||||||
|
|
||||||
|
# prepare nix-shell
|
||||||
|
# the dependencies which are used by the test script
|
||||||
|
deps = [ "gnumake", "jq","nix","rsync",
|
||||||
|
"(import <stockholm> {}).pkgs.test.infest-cac-centos7" ]
|
||||||
|
# TODO: --pure , prepare ENV in nix-shell command:
|
||||||
|
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||||
|
nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
|
||||||
|
|
||||||
|
# prepare addShell function
|
||||||
|
def addShell(factory,**kwargs):
|
||||||
|
factory.addStep(steps.ShellCommand(**kwargs))
|
||||||
|
'';
|
||||||
|
builder = {
|
||||||
|
fast-tests = ''
|
||||||
|
f = util.BuildFactory()
|
||||||
|
f.addStep(grab_repo)
|
||||||
|
addShell(f,name="deploy-eval-centos7",env=env,
|
||||||
|
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"])
|
||||||
|
|
||||||
|
addShell(f,name="deploy-eval-wolf",env=env,
|
||||||
|
command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"])
|
||||||
|
|
||||||
|
addShell(f,name="deploy-eval-cross-check",env=env,
|
||||||
|
command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"])
|
||||||
|
|
||||||
|
addShell(f,name="instantiate-test-all-modules",env=env,
|
||||||
|
command=nixshell + \
|
||||||
|
["touch retiolum.rsa_key.priv; \
|
||||||
|
nix-instantiate --eval -A \
|
||||||
|
users.shared.test-all-krebs-modules.system \
|
||||||
|
-I stockholm=. \
|
||||||
|
-I secrets=. '<stockholm>' \
|
||||||
|
--argstr current-date lol \
|
||||||
|
--argstr current-user-name shared \
|
||||||
|
--argstr current-host-name lol \
|
||||||
|
--strict --json"])
|
||||||
|
|
||||||
|
addShell(f,name="instantiate-test-minimal-deploy",env=env,
|
||||||
|
command=nixshell + \
|
||||||
|
["nix-instantiate --eval -A \
|
||||||
|
users.shared.test-minimal-deploy.system \
|
||||||
|
-I stockholm=. \
|
||||||
|
-I secrets=. '<stockholm>' \
|
||||||
|
--argstr current-date lol \
|
||||||
|
--argstr current-user-name shared \
|
||||||
|
--argstr current-host-name lol \
|
||||||
|
--strict --json"])
|
||||||
|
|
||||||
|
bu.append(util.BuilderConfig(name="fast-tests",
|
||||||
|
slavenames=slavenames,
|
||||||
|
factory=f))
|
||||||
|
'';
|
||||||
|
slow-tests = ''
|
||||||
|
s = util.BuildFactory()
|
||||||
|
s.addStep(grab_repo)
|
||||||
|
|
||||||
|
# slave needs 2 files:
|
||||||
|
# * cac.json
|
||||||
|
# * retiolum
|
||||||
|
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
|
||||||
|
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
|
||||||
|
|
||||||
|
addShell(s, name="infest-cac-centos7",env=env,
|
||||||
|
sigtermTime=60, # SIGTERM 1 minute before SIGKILL
|
||||||
|
timeout=10800, # 3h
|
||||||
|
command=nixshell + ["infest-cac-centos7"])
|
||||||
|
|
||||||
|
bu.append(util.BuilderConfig(name="full-tests",
|
||||||
|
slavenames=slavenames,
|
||||||
|
factory=s))
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
enable = true;
|
||||||
|
web = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
irc = {
|
||||||
|
enable = true;
|
||||||
|
nick = "shared-buildbot";
|
||||||
|
server = "cd.retiolum";
|
||||||
|
channels = [ "retiolum" ];
|
||||||
|
allowForce = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.buildbot.slave = {
|
||||||
|
enable = true;
|
||||||
|
masterhost = "localhost";
|
||||||
|
username = "testslave";
|
||||||
|
password = "krebspass";
|
||||||
|
packages = with pkgs;[ git nix ];
|
||||||
|
# all nix commands will need a working nixpkgs installation
|
||||||
|
extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
|
||||||
|
};
|
||||||
|
}
|
@ -1,11 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
environment.systemPackages = with pkgs;[
|
|
||||||
get
|
|
||||||
cac
|
|
||||||
cacpanel
|
|
||||||
jq
|
|
||||||
];
|
|
||||||
}
|
|
@ -16,7 +16,6 @@ with lib;
|
|||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
# stockholm
|
# stockholm
|
||||||
genid
|
|
||||||
gnumake
|
gnumake
|
||||||
hashPassword
|
hashPassword
|
||||||
lentil
|
lentil
|
||||||
@ -234,7 +233,12 @@ with lib;
|
|||||||
KERNEL=="hpet", GROUP="audio"
|
KERNEL=="hpet", GROUP="audio"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.bitlbee.enable = true;
|
services.bitlbee = {
|
||||||
|
enable = true;
|
||||||
|
plugins = [
|
||||||
|
pkgs.bitlbee-facebook
|
||||||
|
];
|
||||||
|
};
|
||||||
services.tor.client.enable = true;
|
services.tor.client.enable = true;
|
||||||
services.tor.enable = true;
|
services.tor.enable = true;
|
||||||
services.virtualboxHost.enable = true;
|
services.virtualboxHost.enable = true;
|
||||||
|
@ -19,7 +19,6 @@ with lib;
|
|||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
# stockholm
|
# stockholm
|
||||||
genid
|
|
||||||
gnumake
|
gnumake
|
||||||
hashPassword
|
hashPassword
|
||||||
lentil
|
lentil
|
||||||
|
42
tv/2configs/backup.nix
Normal file
42
tv/2configs/backup.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
krebs.backup.plans = addNames {
|
||||||
|
xu-test-cd = {
|
||||||
|
method = "push";
|
||||||
|
|
||||||
|
src = { host = config.krebs.hosts.xu; path = "/tmp/xu-test"; };
|
||||||
|
dst = { host = config.krebs.hosts.cd; path = "/tmp/backups/xu-test"; };
|
||||||
|
|
||||||
|
#startAt = "0,6,12,18:00";
|
||||||
|
startAt = "minutely";
|
||||||
|
snapshots = {
|
||||||
|
minutely = { format = "%Y-%m-%dT%H:%M"; retain = 5; };
|
||||||
|
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
|
||||||
|
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||||
|
weekly = { format = "%YW%W"; retain = 4; };
|
||||||
|
monthly = { format = "%Y-%m"; retain = 12; };
|
||||||
|
yearly = { format = "%Y"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
#xu-test-wu = {
|
||||||
|
# method = "push";
|
||||||
|
# dst = { user = tv; host = wu; path = "/krebs/backup/xu-test"; };
|
||||||
|
#};
|
||||||
|
cd-test-xu = {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.hosts.cd; path = "/tmp/cd-test"; };
|
||||||
|
dst = { host = config.krebs.hosts.xu; path = "/tmp/backups/cd-test"; };
|
||||||
|
startAt = "minutely";
|
||||||
|
snapshots = {
|
||||||
|
minutely = { format = "%Y-%m-%dT%H:%M"; retain = 5; };
|
||||||
|
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
|
||||||
|
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||||
|
weekly = { format = "%YW%W"; retain = 4; };
|
||||||
|
monthly = { format = "%Y-%m"; retain = 12; };
|
||||||
|
yearly = { format = "%Y"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
@ -72,9 +72,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "charybdis";
|
name = "charybdis";
|
||||||
uid = 3748224544; # genid charybdis
|
uid = genid name;
|
||||||
};
|
};
|
||||||
|
|
||||||
configFile = toFile "charybdis-ircd.conf" ''
|
configFile = toFile "charybdis-ircd.conf" ''
|
||||||
|
@ -28,6 +28,7 @@ with lib;
|
|||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
<secrets>
|
<secrets>
|
||||||
|
./backup.nix
|
||||||
./vim.nix
|
./vim.nix
|
||||||
{
|
{
|
||||||
# stockholm dependencies
|
# stockholm dependencies
|
||||||
|
@ -69,12 +69,10 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users = let
|
users = {
|
||||||
id = 3768151709; # genid pulse
|
groups.pulse.gid = config.users.users.pulse.uid;
|
||||||
in {
|
|
||||||
groups.pulse.gid = id;
|
|
||||||
users.pulse = {
|
users.pulse = {
|
||||||
uid = id;
|
uid = genid "pulse";
|
||||||
group = "pulse";
|
group = "pulse";
|
||||||
extraGroups = [ "audio" ];
|
extraGroups = [ "audio" ];
|
||||||
home = "${runDir}/home";
|
home = "${runDir}/home";
|
||||||
|
@ -4,7 +4,7 @@ with lib;
|
|||||||
let
|
let
|
||||||
out = {
|
out = {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.vim
|
vim
|
||||||
];
|
];
|
||||||
|
|
||||||
# Nano really is just a stupid name for Vim.
|
# Nano really is just a stupid name for Vim.
|
||||||
@ -22,14 +22,38 @@ let
|
|||||||
"${pkgs.vimPlugins.undotree}/share/vim-plugins/undotree"
|
"${pkgs.vimPlugins.undotree}/share/vim-plugins/undotree"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
dirs = {
|
||||||
|
backupdir = "$HOME/.cache/vim/backup";
|
||||||
|
swapdir = "$HOME/.cache/vim/swap";
|
||||||
|
undodir = "$HOME/.cache/vim/undo";
|
||||||
|
};
|
||||||
|
files = {
|
||||||
|
viminfo = "$HOME/.cache/vim/info";
|
||||||
|
};
|
||||||
|
|
||||||
|
mkdirs = let
|
||||||
|
dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
|
||||||
|
in assert out != ""; out;
|
||||||
|
alldirs = attrValues dirs ++ map dirOf (attrValues files);
|
||||||
|
in unique (sort lessThan alldirs);
|
||||||
|
|
||||||
|
vim = pkgs.writeScriptBin "vim" ''
|
||||||
|
#! ${pkgs.dash}/bin/dash
|
||||||
|
set -f
|
||||||
|
umask 0077
|
||||||
|
${concatStringsSep "\n" (map (x: "mkdir -p ${x}") mkdirs)}
|
||||||
|
umask 0022
|
||||||
|
exec ${pkgs.vim}/bin/vim "$@"
|
||||||
|
'';
|
||||||
|
|
||||||
vimrc = pkgs.writeText "vimrc" ''
|
vimrc = pkgs.writeText "vimrc" ''
|
||||||
set nocompatible
|
set nocompatible
|
||||||
|
|
||||||
set autoindent
|
set autoindent
|
||||||
set backspace=indent,eol,start
|
set backspace=indent,eol,start
|
||||||
set backup
|
set backup
|
||||||
set backupdir=$HOME/.vim/backup/
|
set backupdir=${dirs.backupdir}/
|
||||||
set directory=$HOME/.vim/cache//
|
set directory=${dirs.swapdir}//
|
||||||
set hlsearch
|
set hlsearch
|
||||||
set incsearch
|
set incsearch
|
||||||
set mouse=a
|
set mouse=a
|
||||||
@ -40,11 +64,11 @@ let
|
|||||||
set showcmd
|
set showcmd
|
||||||
set showmatch
|
set showmatch
|
||||||
set ttimeoutlen=0
|
set ttimeoutlen=0
|
||||||
set undodir=$HOME/.vim/undo
|
set undodir=${dirs.undodir}
|
||||||
set undofile
|
set undofile
|
||||||
set undolevels=1000000
|
set undolevels=1000000
|
||||||
set undoreload=1000000
|
set undoreload=1000000
|
||||||
set viminfo='20,<1000,s100,h,n$HOME/.vim/cache/info
|
set viminfo='20,<1000,s100,h,n${files.viminfo}
|
||||||
set visualbell
|
set visualbell
|
||||||
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
|
||||||
set wildmenu
|
set wildmenu
|
||||||
|
@ -48,7 +48,7 @@ let
|
|||||||
"slock"
|
"slock"
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.display-manager = mkForce {};
|
systemd.services.display-manager.enable = false;
|
||||||
|
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
|
||||||
|
@ -109,9 +109,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "consul";
|
name = "consul";
|
||||||
uid = 2999951406; # genid consul
|
uid = genid name;
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
@ -53,9 +53,9 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
user = {
|
user = rec {
|
||||||
name = "ejabberd";
|
name = "ejabberd";
|
||||||
uid = 3499746127; # genid ejabberd
|
uid = genid name;
|
||||||
};
|
};
|
||||||
|
|
||||||
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
||||||
|
Loading…
Reference in New Issue
Block a user