summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-15 18:52:05 +0100
committertv <tv@krebsco.de>2016-02-15 18:52:05 +0100
commit43ed24ed66ac1f16ece9199b7b4b41c26ca0b91d (patch)
tree3d1f15c8fc01bbc56ebfe547ae86c0fb40de8eda
parentea910d7d99ec0d36f7f0cc07566dc82ea16f02ca (diff)
parenta94a4c42065fb2fd489a03fd7b0db60ebabb8ebf (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/repo-sync.nix109
-rw-r--r--krebs/5pkgs/repo-sync/default.nix6
-rw-r--r--shared/1systems/wolf.nix1
-rw-r--r--shared/2configs/cgit-mirror.nix9
-rw-r--r--shared/2configs/repo-sync.nix28
-rw-r--r--shared/2configs/shack-drivedroid.nix1
-rw-r--r--shared/2configs/shared-buildbot.nix26
8 files changed, 163 insertions, 18 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 16a74e7c1..c06f3754e 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -31,6 +31,7 @@ let
./setuid.nix
./tinc_graphs.nix
./urlwatch.nix
+ ./repo-sync.nix
];
options.krebs = api;
config = lib.mkIf cfg.enable imp;
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
new file mode 100644
index 000000000..7a7c80a75
--- /dev/null
+++ b/krebs/3modules/repo-sync.nix
@@ -0,0 +1,109 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.krebs.repo-sync;
+
+ out = {
+ options.krebs.repo-sync = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "repo-sync";
+ config = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf str));
+ example = literalExample ''
+ # see `repo-sync --help`
+ # `ref` provides sane defaults and can be omitted
+
+ # attrset will be converted to json and be used as config
+ {
+ makefu = {
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
+ };
+ lass = {
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
+ };
+ "@latest" = {
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
+ };
+ };
+ '';
+ };
+ timerConfig = mkOption {
+ type = types.attrsOf types.str;
+ default = {
+ OnCalendar = "*:00,15,30,45";
+ };
+ };
+ stateDir = mkOption {
+ type = types.str;
+ default = "/var/lib/repo-sync";
+ };
+ privateKeyFile = mkOption {
+ type = types.str;
+ description = ''
+ used by repo-sync to identify with ssh service
+ '';
+ default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ };
+ };
+ repo-sync-config = pkgs.writeText "repo-sync-config.json"
+ (builtins.toJSON cfg.config);
+
+ imp = {
+ users.users.repo-sync = {
+ name = "repo-sync";
+ uid = config.krebs.lib.genid "repo-sync";
+ description = "repo-sync user";
+ home = cfg.stateDir;
+ createHome = true;
+ };
+
+ systemd.timers.repo-sync = {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = cfg.timerConfig;
+ };
+ systemd.services.repo-sync = {
+ description = "repo-sync";
+ after = [ "network.target" ];
+
+ path = with pkgs; [ ];
+
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ };
+
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
+ #! /bin/sh
+ cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+ chown repo-sync ${cfg.stateDir}/ssh.priv
+ '';
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ };
+ };
+in out
diff --git a/krebs/5pkgs/repo-sync/default.nix b/krebs/5pkgs/repo-sync/default.nix
index 90f838de9..789c03f36 100644
--- a/krebs/5pkgs/repo-sync/default.nix
+++ b/krebs/5pkgs/repo-sync/default.nix
@@ -1,15 +1,17 @@
{ lib, pkgs, python3Packages, fetchurl, ... }:
+
with python3Packages; buildPythonPackage rec {
name = "repo-sync-${version}";
- version = "0.1.1";
+ version = "0.2.5";
disabled = isPy26 || isPy27;
propagatedBuildInputs = [
docopt
GitPython
+ pkgs.git
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";
- sha256 = "01r30l2bbsld90ps13ip0zi2a41b53dv4q6fxrzvkfrprr64c0vv";
+ sha256 = "1a59bj0vc5ajq8indkvkdk022yzvvv5mjb57hk3xf1j3wpr85p84";
};
meta = {
homepage = http://github.com/makefu/repo-sync;
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 317591433..96691aed8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -14,6 +14,7 @@ in
../2configs/shack-drivedroid.nix
../2configs/shared-buildbot.nix
../2configs/cgit-mirror.nix
+ ../2configs/repo-sync.nix
# ../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
index d30f1444f..b984535c9 100644
--- a/shared/2configs/cgit-mirror.nix
+++ b/shared/2configs/cgit-mirror.nix
@@ -3,7 +3,7 @@
with config.krebs.lib;
let
rules = with git; singleton {
- user = [ git-sync ];
+ user = [ wolf-repo-sync ];
repo = [ stockholm-mirror ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
};
@@ -22,14 +22,15 @@ let
};
};
- git-sync = {
- name = "git-sync";
+ wolf-repo-sync = {
+ name = "wolf-repo-sync";
mail = "spam@krebsco.de";
# TODO put git-sync pubkey somewhere more appropriate
- pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync'';
+ pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
};
in {
+ krebs.users.wolf-repo-sync = wolf-repo-sync;
krebs.git = {
enable = true;
root-title = "Shared Repos";
diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix
new file mode 100644
index 000000000..b23cb1675
--- /dev/null
+++ b/shared/2configs/repo-sync.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.repo-sync = let
+ # TODO addMirrorURL function
+ mirror = "git@wolf:stockholm-mirror";
+ in {
+ enable = true;
+ config = {
+ makefu = {
+ origin.url = http://cgit.gum/stockholm ;
+ mirror.url = mirror;
+ };
+ tv = {
+ origin.url = http://cgit.cd/stockholm ;
+ mirror.url = mirror;
+ };
+ lassulus = {
+ origin.url = http://cgit.cloudkrebs/stockholm ;
+ mirror.url = mirror;
+ };
+ "@latest" = {
+ mirror.url = mirror;
+ };
+ };
+ };
+}
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 169b18284..6133ccc99 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -41,5 +41,4 @@ in
};
};
};
-
}
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
index f6798bf99..ebf5f4a1e 100644
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -1,18 +1,22 @@
{ lib, config, pkgs, ... }:
-# The buildbot config is seilf-contained and provides a way to test "shared"
-# configuration (infrastructure to be used by every krebsminister).
+# The buildbot config is self-contained and currently provides a way
+# to test "shared" configuration (infrastructure to be used by every krebsminister).
# You can add your own test, test steps as required. Deploy the config on a
# shared host like wolf and everything should be fine.
+
+# TODO for all users schedule a build for fast tests
{
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = {
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
+ in {
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
slaves = {
testslave = "krebspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.wolf/stockholm-mirror'
+ stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
@@ -23,16 +27,15 @@
force-scheduler = ''
sched.append(schedulers.ForceScheduler(
name="force",
- builderNames=["full-tests"]))
+ builderNames=["full-tests","fast-tests"]))
'';
fast-tests-scheduler = ''
- # test the master real quick
+ # test everything real quick
sched.append(schedulers.SingleBranchScheduler(
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
- # change_filter=util.ChangeFilter(branch="master"),
- treeStableTimer=10, #only test the latest push
- name="fast-master-test",
+ # treeStableTimer=10,
+ name="fast-test-all-branches",
builderNames=["fast-tests"]))
'';
test-cac-infest-master = ''
@@ -133,7 +136,7 @@
};
irc = {
enable = true;
- nick = "shared-buildbot";
+ nick = "wolfbot";
server = "cd.retiolum";
channels = [ "retiolum" ];
allowForce = true;
@@ -147,6 +150,7 @@
password = "krebspass";
packages = with pkgs;[ git nix ];
# all nix commands will need a working nixpkgs installation
- extraEnviron = { NIX_PATH="/var/src"; };
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
};
}