diff options
author | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
commit | 8834d1a9ff6eddfc36e3ad07b7f93805b3212b3f (patch) | |
tree | 9ce300976ec88d90e5c5c9030111d890dcf5683e /krebs/3modules | |
parent | f922d5947acc3151619ec06962197a800d3138eb (diff) | |
parent | a374a452112ba962ab90e45b6b0f27b3a1330e4f (diff) |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/Reaktor.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/announce-activation.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/buildbot/master.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/buildbot/slave.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 19 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 6 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 54 | ||||
-rw-r--r-- | krebs/3modules/setuid.nix | 2 |
9 files changed, 75 insertions, 15 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 99a7a55ef..677b6f7b8 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -122,6 +122,7 @@ let wantedBy = [ "multi-user.target" ]; environment = { GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages"; REAKTOR_NICKNAME = botcfg.nickname; REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 8f8440eb7..76eb4b136 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -53,7 +53,7 @@ in { }; }; config = mkIf cfg.enable { - system.activationScripts.announce-activation = '' + system.activationScripts.announce-activation = stringAfter [ "etc" ] '' ${announce-activation} ''; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a02f3645d..209dbe980 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -82,6 +82,7 @@ let irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", channels=${builtins.toJSON cfg.irc.channels}, notify_events={ + 'started': 1, 'success': 1, 'failure': 1, 'exception': 1, diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index fba585448..544f9c4e0 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -160,8 +160,6 @@ let # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux - #remove garbage from old versions - rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cf82401d3..16c6d4315 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,8 +26,8 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' - nix-build --no-out-link ./ci.nix 2>&1 > /dev/null - nix-instantiate --eval --strict --json ./ci.nix + nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null + nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; imp = { @@ -53,9 +53,12 @@ let nameValuePair name '' sched.append( schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), + change_filter=util.ChangeFilter( + branch_re=".*", + project='${name}', + ), treeStableTimer=60, - name="build-all-branches", + name="${name}-all-branches", builderNames=[ "${name}", ] @@ -97,6 +100,10 @@ let command=[ new_steps[new_step] ], + env={ + "NIX_REMOTE": "daemon", + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + }, timeout=90001, workdir='build', # TODO figure out why we need this? )]) @@ -121,7 +128,7 @@ let }, name="get_steps", command=["${getJobs}"], - property="steps_json" + extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout }, )) f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here @@ -141,7 +148,7 @@ let enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 82ae3b02e..41b701cd0 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -182,6 +182,11 @@ let to = concatMapStringsSep "," (getAttr "mail") (toList to); }; in mapAttrsToList format (with config.krebs.users; let + brain-ml = [ + lass + makefu + tv + ]; eloop-ml = spam-ml ++ [ ciko ]; spam-ml = [ lass @@ -191,6 +196,7 @@ let ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; + "brain@krebsco.de" = brain-ml; "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index e6eb3d287..889ee2817 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -129,6 +129,8 @@ in { "graphite.shack" "acng.shack" "drivedroid.shack" + "mobile.lounge.mpd.shack" + "lounge.mpd.wolf.shack" ]; }; retiolum = { @@ -138,6 +140,7 @@ in { "wolf.r" "build.wolf.r" "cgit.wolf.r" + "lounge.mpd.wolf.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9630d7a7f..454f9bc65 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,7 +1,9 @@ { config, ... }: with import <stockholm/lib>; - +## generate keys with: +# tinc generate-keys +# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { @@ -29,6 +31,32 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; }; + crapi = rec { # raspi1 + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.237"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2"; + aliases = [ + "crapi.r" + ]; + tinc.pubkey = '' + Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 + OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L + R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk + OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME + di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl + bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; + }; drop = rec { ci = true; cores = 1; @@ -298,6 +326,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + #wiregrill = { + # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db"; + # aliases = [ + # "x.w" + # ]; + # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + #}; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; @@ -457,8 +492,6 @@ with import <stockholm/lib>; ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" - "logs.makefu.r" - "stats.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -525,7 +558,9 @@ with import <stockholm/lib>; "krebsco.de" = '' cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + iso.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; @@ -537,13 +572,24 @@ with import <stockholm/lib>; "nextgum.i" ]; }; + #wiregrill = { + # via = internet; + # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3"; + # aliases = [ + # "gum.w" + # ]; + # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + #}; retiolum = { via = internet; ip4.addr = "10.243.0.213"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" + "graph.r" "cache.gum.r" + "logs.makefu.r" + "stats.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -579,7 +625,6 @@ with import <stockholm/lib>; boot.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} @@ -604,7 +649,6 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graph.r" "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 02176ec4a..3ba598a45 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -58,7 +58,7 @@ let }; }; config.activate = let - src = pkgs.execve config.name { + src = pkgs.exec config.name { inherit (config) envp filename; }; dst = "${wrapperDir}/${config.name}"; |