summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-01-14 16:39:34 +0100
committertv <tv@krebsco.de>2016-01-14 16:39:34 +0100
commitd2f98a5b0294b89f2b3fe5be97d546c758c0dfed (patch)
tree7848cf9962f89b36450ec4bf9be5c96c25ee0f3f
parente789c2adadd3e6cd0627f5b6a43216fc634d0bc6 (diff)
parentcf1c948f48a5e8c46159e984224cd1080da79c17 (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--Makefile7
-rw-r--r--shared/1systems/test-all-krebs-modules.nix45
-rw-r--r--shared/1systems/test-centos7.nix3
-rw-r--r--shared/1systems/test-failing.nix6
-rw-r--r--shared/1systems/test-minimal-deploy.nix13
-rw-r--r--shared/1systems/wolf.nix4
-rw-r--r--shared/2configs/base.nix10
-rw-r--r--shared/2configs/buildbot-standalone.nix155
-rw-r--r--shared/2configs/cac-ci.nix11
-rw-r--r--shared/2configs/temp/dirs.nix1
-rw-r--r--shared/2configs/temp/networking.nix1
11 files changed, 235 insertions, 21 deletions
diff --git a/Makefile b/Makefile
index aefd171..5b898c5 100644
--- a/Makefile
+++ b/Makefile
@@ -35,7 +35,7 @@ ifeq ($(filter),json)
else
filter() { cat; }
endif
- nix-instantiate \
+ result=$$(nix-instantiate \
$${extraArgs-} \
--eval \
-A "$$get" \
@@ -45,8 +45,9 @@ endif
--argstr current-host-name "$$HOSTNAME" \
--argstr current-user-name "$$LOGNAME" \
$${system+--argstr system "$$system"} \
- $${target+--argstr target "$$target"} \
- | filter
+ $${target+--argstr target "$$target"})
+ echo "$$result" | filter
+
else
$(error unbound variable: system[s])
endif
diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix
new file mode 100644
index 0000000..b98004d
--- /dev/null
+++ b/shared/1systems/test-all-krebs-modules.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, lib, ... }:
+let
+ en = { enable = true;};
+in {
+ krebs = {
+ enable = true;
+ build.user = config.krebs.users.shared;
+ build.host = config.krebs.hosts.test-all-krebs-modules;
+ Reaktor.enable = true;
+ apt-cacher-ng.enable = true;
+ backup.enable = true;
+ bepasty.enable = true;
+ buildbot.master.enable = true;
+ buildbot.slave = {
+ enable = true;
+ username = "lol";
+ password = "wut";
+ };
+ exim-retiolum.enable = true;
+ exim-smarthost = {
+ enable = true;
+ system-aliases = [ { from = "dick"; to = "butt"; } ];
+ };
+ go.enable = true;
+ iptables = {
+ enable = true;
+ tables = {};
+ };
+ nginx.enable = true;
+ realwallpaper.enable = true;
+ retiolum.enable = true;
+ retiolum-bootstrap.enable = true;
+ tinc_graphs.enable = true;
+ urlwatch.enable = true;
+ fetchWallpaper = {
+ enable = true;
+ url ="localhost";
+ };
+ };
+ # just get the system running
+ boot.loader.grub.devices = ["/dev/sda"];
+ fileSystems."/" = {
+ device = "/dev/lol";
+ };
+}
diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix
index 077a5d6..48cecc8 100644
--- a/shared/1systems/test-centos7.nix
+++ b/shared/1systems/test-centos7.nix
@@ -7,7 +7,8 @@ in {
imports = [
../2configs/base.nix
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/os-templates/temp-networking.nix
+ ../2configs/temp/networking.nix
+ ../2configs/temp/dirs.nix
];
sound.enable = false;
diff --git a/shared/1systems/test-failing.nix b/shared/1systems/test-failing.nix
new file mode 100644
index 0000000..81a9e48
--- /dev/null
+++ b/shared/1systems/test-failing.nix
@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+
+{
+ programs.ssh.startAgent = true;
+ programs.ssh.startAgent = false;
+}
diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy.nix
new file mode 100644
index 0000000..ddd96f6
--- /dev/null
+++ b/shared/1systems/test-minimal-deploy.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+{
+ krebs = {
+ enable = true;
+ build.user = config.krebs.users.shared;
+ build.host = config.krebs.hosts.test-all-krebs-modules;
+ };
+ # just get the system running
+ boot.loader.grub.devices = ["/dev/sda"];
+ fileSystems."/" = {
+ device = "/dev/lol";
+ };
+}
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 2c51ac8..f05356f 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -11,7 +11,7 @@ in
../2configs/collectd-base.nix
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
- ../2configs/cac-ci.nix
+ ../2configs/buildbot-standalone.nix
../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
@@ -33,8 +33,6 @@ in
# uninteresting stuff
#####################
krebs.build.host = config.krebs.hosts.wolf;
- # TODO rename shared user to "krebs"
- krebs.build.user = config.krebs.users.shared;
krebs.build.target = "wolf";
boot.kernel.sysctl = {
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index df41eae..4d509d7 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -13,18 +13,22 @@ with lib;
];
};
+ # TODO rename shared user to "krebs"
+ krebs.build.user = mkDefault config.krebs.users.shared;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.current.host;
- path = "${getEnv "HOME"}/secrets/krebs/wolf";
+ path = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.current.host;
- path = "${getEnv "HOME"}/stockholm";
+ path = mkDefault "${getEnv "HOME"}/stockholm";
+ target-path = "/var/src/stockholm";
};
};
@@ -65,7 +69,7 @@ with lib;
config.krebs.users.lass.pubkey
config.krebs.users.makefu.pubkey
# TODO HARDER:
- (readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub)
+ config.krebs.users.makefu-omo.pubkey
config.krebs.users.tv.pubkey
];
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
new file mode 100644
index 0000000..3275189
--- /dev/null
+++ b/shared/2configs/buildbot-standalone.nix
@@ -0,0 +1,155 @@
+{ lib, config, pkgs, ... }:
+let
+ pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in {
+ nixpkgs.config.packageOverrides = pkgs: {
+ buildbot = pkgs-unst.buildbot;
+ buildbot-slave = pkgs-unst.buildbot-slave;
+ };
+ networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
+ slaves = {
+ testslave = "krebspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.gum/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["full-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ treeStableTimer=10, #only test the latest push
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ test-cac-infest-master = ''
+ # files everyone depends on or are part of the share branch
+ def shared_files(change):
+ r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
+ for file in change.files:
+ if r.match(file):
+ return True
+ return False
+
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ fileIsImportant=shared_files,
+ treeStableTimer=60*60, # master was stable for the last hour
+ name="full-master-test",
+ builderNames=["full-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ stockholm_repo = "http://cgit.gum.retiolum/stockholm"
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync",
+ "(import <stockholm> {}).pkgs.test.infest-cac-centos7" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="deploy-eval-centos7",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"])
+
+ addShell(f,name="deploy-eval-wolf",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"])
+
+ addShell(f,name="deploy-eval-cross-check",env=env,
+ command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"])
+
+ addShell(f,name="instantiate-test-all-modules",env=env,
+ command=nixshell + \
+ ["touch retiolum.rsa_key.priv; \
+ nix-instantiate --eval -A \
+ users.shared.test-all-krebs-modules.system \
+ -I stockholm=. \
+ -I secrets=. '<stockholm>' \
+ --argstr current-date lol \
+ --argstr current-user-name shared \
+ --argstr current-host-name lol \
+ --strict --json"])
+
+ addShell(f,name="instantiate-test-minimal-deploy",env=env,
+ command=nixshell + \
+ ["nix-instantiate --eval -A \
+ users.shared.test-minimal-deploy.system \
+ -I stockholm=. \
+ -I secrets=. '<stockholm>' \
+ --argstr current-date lol \
+ --argstr current-user-name shared \
+ --argstr current-host-name lol \
+ --strict --json"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ slow-tests = ''
+ s = util.BuildFactory()
+ s.addStep(grab_repo)
+
+ # slave needs 2 files:
+ # * cac.json
+ # * retiolum
+ s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
+ s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
+
+ addShell(s, name="infest-cac-centos7",env=env,
+ sigtermTime=60, # SIGTERM 1 minute before SIGKILL
+ timeout=10800, # 3h
+ command=nixshell + ["infest-cac-centos7"])
+
+ bu.append(util.BuilderConfig(name="full-tests",
+ slavenames=slavenames,
+ factory=s))
+ '';
+ };
+ enable = true;
+ web = {
+ enable = true;
+ };
+ irc = {
+ enable = true;
+ nick = "shared-buildbot";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "krebspass";
+ packages = with pkgs;[ git nix ];
+ # all nix commands will need a working nixpkgs installation
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
diff --git a/shared/2configs/cac-ci.nix b/shared/2configs/cac-ci.nix
deleted file mode 100644
index 06cce27..0000000
--- a/shared/2configs/cac-ci.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-{
- environment.systemPackages = with pkgs;[
- get
- cac
- cacpanel
- jq
- ];
-}
diff --git a/shared/2configs/temp/dirs.nix b/shared/2configs/temp/dirs.nix
new file mode 100644
index 0000000..958608a
--- /dev/null
+++ b/shared/2configs/temp/dirs.nix
@@ -0,0 +1 @@
+_: { }
diff --git a/shared/2configs/temp/networking.nix b/shared/2configs/temp/networking.nix
new file mode 100644
index 0000000..958608a
--- /dev/null
+++ b/shared/2configs/temp/networking.nix
@@ -0,0 +1 @@
+_: { }