diff options
-rw-r--r-- | shared/1systems/wolf.nix | 3 | ||||
-rw-r--r-- | shared/2configs/base.nix | 18 | ||||
-rw-r--r-- | shared/2configs/cgit-mirror.nix | 40 | ||||
-rw-r--r-- | shared/2configs/shared-buildbot.nix (renamed from shared/2configs/buildbot-standalone.nix) | 26 |
4 files changed, 61 insertions, 26 deletions
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 8cf5be7..bcfbd68 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -11,7 +11,8 @@ in ../2configs/collectd-base.nix ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix - ../2configs/buildbot-standalone.nix + ../2configs/shared-buildbot.nix + ../2configs/cgit-mirror.nix # ../2configs/graphite.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index 5e60726..dd698ba 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -16,20 +16,16 @@ with lib; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; krebs.build.source = { - git.nixpkgs = { + upstream-nixpkgs = mkDefault { url = https://github.com/NixOS/nixpkgs; rev = "d0e3cca"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - host = config.krebs.current.host; - path = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.current.host; - path = mkDefault "${getEnv "HOME"}/stockholm"; - target-path = "/var/src/stockholm"; }; + secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; + stockholm = mkDefault "${getEnv "HOME"}/stockholm"; + + nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + stockholm-user = "symlink:stockholm/${config.krebs.build.user.name}"; }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix new file mode 100644 index 0000000..4ff1902 --- /dev/null +++ b/shared/2configs/cgit-mirror.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + rules = with git; singleton { + user = [ git-sync ]; + repo = [ stockholm-mirror ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + }; + + stockholm-mirror = { + public = true; + name = "stockholm-mirror"; + desc = "mirror for all stockholm branches"; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + git-sync = { + name = "git-sync"; + mail = "spam@krebsco.de"; + # TODO put git-sync pubkey somewhere more appropriate + pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync''; + }; + +in { + krebs.git = { + enable = true; + root-title = "Shared Repos"; + root-desc = "keep on krebsing"; + inherit rules; + repos.stockholm-mirror = stockholm-mirror; + }; +} diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/shared-buildbot.nix index 9982dd9..50b2790 100644 --- a/shared/2configs/buildbot-standalone.nix +++ b/shared/2configs/shared-buildbot.nix @@ -1,5 +1,9 @@ { lib, config, pkgs, ... }: +# The buildbot config is seilf-contained and provides a way to test "shared" +# configuration (infrastructure to be used by every krebsminister). +# You can add your own test, test steps as required. Deploy the config on a +# shared host like wolf and everything should be fine. { networking.firewall.allowedTCPPorts = [ 8010 9989 ]; krebs.buildbot.master = { @@ -59,7 +63,10 @@ "(import <stockholm> {}).pkgs.test.infest-cac-centos7" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + nixshell = ["nix-shell", + "-I", "stockholm=.", + "-I", "nixpkgs=/var/src/upstream-nixpkgs", + "-p" ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): @@ -69,14 +76,9 @@ fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) - addShell(f,name="deploy-eval-centos7",env=env, - command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"]) - - addShell(f,name="deploy-eval-wolf",env=env, - command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"]) - - addShell(f,name="deploy-eval-cross-check",env=env, - command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"]) + for i in [ "test-centos7", "wolf", "test-failing" ]: + addShell(f,name="populate-{}".format(i),env=env, + command=nixshell + ["set -o pipefail;{}( nix-instantiate --arg configuration shared/1systems/{}.nix --eval --readonly-mode --show-trace -A config.krebs.build.populate --strict | jq -r .)".format("!" if "failing" in i else "",i)]) addShell(f,name="instantiate-test-all-modules",env=env, command=nixshell + \ @@ -86,8 +88,6 @@ -I stockholm=. \ --show-trace \ -I secrets=. '<stockholm>' \ - --argstr current-user-name shared \ - --argstr current-host-name lol \ --strict --json"]) addShell(f,name="instantiate-test-minimal-deploy",env=env, @@ -97,8 +97,6 @@ -I stockholm=. \ -I secrets=. '<stockholm>' \ --show-trace \ - --argstr current-user-name shared \ - --argstr current-host-name lol \ --strict --json"]) bu.append(util.BuilderConfig(name="fast-tests", @@ -145,6 +143,6 @@ password = "krebspass"; packages = with pkgs;[ git nix ]; # all nix commands will need a working nixpkgs installation - extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + extraEnviron = { NIX_PATH="/var/src"; }; }; } |