summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-09-25 19:56:06 +0200
committerjeschli <jeschli@gmail.com>2018-09-25 19:56:06 +0200
commit8834d1a9ff6eddfc36e3ad07b7f93805b3212b3f (patch)
tree9ce300976ec88d90e5c5c9030111d890dcf5683e /krebs/3modules
parentf922d5947acc3151619ec06962197a800d3138eb (diff)
parenta374a452112ba962ab90e45b6b0f27b3a1330e4f (diff)
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/Reaktor.nix1
-rw-r--r--krebs/3modules/announce-activation.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix1
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/ci.nix19
-rw-r--r--krebs/3modules/default.nix6
-rw-r--r--krebs/3modules/krebs/default.nix3
-rw-r--r--krebs/3modules/makefu/default.nix54
-rw-r--r--krebs/3modules/setuid.nix2
9 files changed, 75 insertions, 15 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 99a7a55ef..677b6f7b8 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -122,6 +122,7 @@ let
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages";
REAKTOR_NICKNAME = botcfg.nickname;
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 8f8440eb7..76eb4b136 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -53,7 +53,7 @@ in {
};
};
config = mkIf cfg.enable {
- system.activationScripts.announce-activation = ''
+ system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
${announce-activation}
'';
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index a02f3645d..209dbe980 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -82,6 +82,7 @@ let
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
channels=${builtins.toJSON cfg.irc.channels},
notify_events={
+ 'started': 1,
'success': 1,
'failure': 1,
'exception': 1,
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index fba585448..544f9c4e0 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -160,8 +160,6 @@ let
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
- #remove garbage from old versions
- rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cf82401d3..16c6d4315 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -26,8 +26,8 @@ let
hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" ''
- nix-build --no-out-link ./ci.nix 2>&1 > /dev/null
- nix-instantiate --eval --strict --json ./ci.nix
+ nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
+ nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
'';
imp = {
@@ -53,9 +53,12 @@ let
nameValuePair name ''
sched.append(
schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
+ change_filter=util.ChangeFilter(
+ branch_re=".*",
+ project='${name}',
+ ),
treeStableTimer=60,
- name="build-all-branches",
+ name="${name}-all-branches",
builderNames=[
"${name}",
]
@@ -97,6 +100,10 @@ let
command=[
new_steps[new_step]
],
+ env={
+ "NIX_REMOTE": "daemon",
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ },
timeout=90001,
workdir='build', # TODO figure out why we need this?
)])
@@ -121,7 +128,7 @@ let
},
name="get_steps",
command=["${getJobs}"],
- property="steps_json"
+ extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout },
))
f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
@@ -141,7 +148,7 @@ let
enable = true;
nick = "build|${hostname}";
server = "irc.r";
- channels = [ "noise" ];
+ channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 82ae3b02e..41b701cd0 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -182,6 +182,11 @@ let
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
@@ -191,6 +196,7 @@ let
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index e6eb3d287..889ee2817 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -129,6 +129,8 @@ in {
"graphite.shack"
"acng.shack"
"drivedroid.shack"
+ "mobile.lounge.mpd.shack"
+ "lounge.mpd.wolf.shack"
];
};
retiolum = {
@@ -138,6 +140,7 @@ in {
"wolf.r"
"build.wolf.r"
"cgit.wolf.r"
+ "lounge.mpd.wolf.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9630d7a7f..454f9bc65 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1,7 +1,9 @@
{ config, ... }:
with import <stockholm/lib>;
-
+## generate keys with:
+# tinc generate-keys
+# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec {
@@ -29,6 +31,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
+ crapi = rec { # raspi1
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.136.237";
+ ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
+ aliases = [
+ "crapi.r"
+ ];
+ tinc.pubkey = ''
+ Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
+ OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
+ R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
+ OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
+ di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
+ bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
+ };
drop = rec {
ci = true;
cores = 1;
@@ -298,6 +326,13 @@ with import <stockholm/lib>;
-----END RSA PUBLIC KEY-----
'';
};
+ #wiregrill = {
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
+ # aliases = [
+ # "x.w"
+ # ];
+ # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ #};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
@@ -457,8 +492,6 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
- "logs.makefu.r"
- "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -525,7 +558,9 @@ with import <stockholm/lib>;
"krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
+ iso.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
@@ -537,13 +572,24 @@ with import <stockholm/lib>;
"nextgum.i"
];
};
+ #wiregrill = {
+ # via = internet;
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
+ # aliases = [
+ # "gum.w"
+ # ];
+ # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ #};
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
+ "graph.r"
"cache.gum.r"
+ "logs.makefu.r"
+ "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -579,7 +625,6 @@ with import <stockholm/lib>;
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
- graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
@@ -604,7 +649,6 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graph.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 02176ec4a..3ba598a45 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -58,7 +58,7 @@ let
};
};
config.activate = let
- src = pkgs.execve config.name {
+ src = pkgs.exec config.name {
inherit (config) envp filename;
};
dst = "${wrapperDir}/${config.name}";