diff options
author | tv <tv@krebsco.de> | 2018-01-02 20:58:59 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-01-02 20:58:59 +0100 |
commit | 493984d97e6deaee3d7b358724e83c59bccb212d (patch) | |
tree | 691e019ae0b55d48a9681d9c26ae65e6c83d1d0f /krebs | |
parent | 84fdbeba2ceee152a128f5e9013043c172c07ecf (diff) | |
parent | e48b4eb4606f6d0ec0b930016a53e7e7cfcbfb64 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/buildbot-all.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/hw/x220.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 48 | ||||
-rw-r--r-- | krebs/3modules/iptables.nix | 9 | ||||
-rw-r--r-- | krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh | 2 | ||||
-rw-r--r-- | krebs/5pkgs/simple/bitlbee-discord/default.nix | 29 | ||||
-rw-r--r-- | krebs/5pkgs/simple/fortclientsslvpn/default.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/writers.nix | 46 | ||||
-rw-r--r-- | krebs/6tests/default.nix | 6 | ||||
-rw-r--r-- | krebs/6tests/deploy.nix | 18 |
10 files changed, 125 insertions, 40 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 8a647012f..ca994e996 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -9,5 +9,6 @@ with import <stockholm/lib>; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); + krebs.ci.tests = [ "deploy" ]; } diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 44743b87d..90a1a111f 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = true; + security.rngd.enable = mkDefault true; services.xserver = { videoDriver = "intel"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index b56f5c543..bb19f0602 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -24,6 +24,13 @@ in List of hosts that should be build ''; }; + tests = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of tests that should be build + ''; + }; }; config = mkIf cfg.enable { @@ -56,14 +63,14 @@ in ''; scheduler = { build-scheduler = '' - # build all hosts sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=${toString cfg.treeStableTimer}*60, name="build-all-branches", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -73,7 +80,8 @@ in schedulers.ForceScheduler( name="force", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -91,7 +99,7 @@ in factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-hosts = '' + hosts = mkIf (cfg.hosts != []) '' f = util.BuildFactory() f.addStep(grab_repo) @@ -120,12 +128,42 @@ in bu.append( util.BuilderConfig( - name="build-hosts", + name="hosts", slavenames=slavenames, factory=f ) ) + ''; + tests = mkIf (cfg.tests != []) '' + f = util.BuildFactory() + f.addStep(grab_repo) + def run_test(test): + addShell(f, + name="{}".format(test), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-build", "-I", "stockholm=.", "krebs/6tests", + "-A", "{}".format(test) + ], + timeout=90001 + ) + + ${concatMapStringsSep "\n" (test: + "run_test(\"${test}\")" + ) cfg.tests} + + bu.append( + util.BuilderConfig( + name="tests", + slavenames=slavenames, + factory=f + ) + ) ''; }; enable = true; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index d64ed86de..6298a05a5 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -61,6 +61,15 @@ let }; }; }))); + default = { + filter.INPUT.policy = "ACCEPT"; + filter.FORWARD.policy = "ACCEPT"; + filter.OUTPUT.policy = "ACCEPT"; + nat.PREROUTING.policy = "ACCEPT"; + nat.INPUT.policy = "ACCEPT"; + nat.OUTPUT.policy = "ACCEPT"; + nat.POSTROUTING.policy = "ACCEPT"; + }; }; }; diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh index 3b4d04f80..d500b3cb3 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh @@ -2,5 +2,5 @@ set -eu printf "Sie meinten wohl \"" echo -n $@ | sed 's/Shack/shack/g' -echo "\"" +echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci" echo "${_from}--" diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix new file mode 100644 index 000000000..c01b87d6b --- /dev/null +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -0,0 +1,29 @@ +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-discord-2017-12-27"; + + src = fetchFromGitHub { + rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; + owner = "sm00th"; + repo = "bitlbee-discord"; + sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ bitlbee glib ]; + + preConfigure = '' + export BITLBEE_PLUGINDIR=$out/lib/bitlbee + ./autogen.sh + ''; + + meta = { + description = "Bitlbee plugin for Discord"; + + homepage = https://github.com/sm00th/bitlbee-discord; + license = licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix index cbcfab05f..1f86d6fe4 100644 --- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix @@ -12,8 +12,8 @@ stdenv.mkDerivation rec { src = fetchurl { # archive.org mirror: - # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz - url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz; + # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; }; phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 6e67ed699..a48fc0f87 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -283,27 +283,33 @@ with import <stockholm/lib>; ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); - writePython2 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2}/bin/python -m py_compile "$1" - ''; - inherit text; - }; - }; + writePython2 = deps: + let + py = pkgs.python2.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python2check.sh" '' + exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; - writePython3 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3}/bin/python -m py_compile "$textPath" - ''; - inherit text; - }; - }; + writePython2Bin = d: name: + pkgs.writePython2 d "/bin/${name}"; + + writePython3 = deps: + let + py = pkgs.python3.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python3check.sh" '' + exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; + + writePython3Bin = d: name: + pkgs.writePython3 d "/bin/${name}"; writeSed = pkgs.makeScriptWriter { interpreter = "${pkgs.gnused}/bin/sed -f"; diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/6tests/default.nix @@ -0,0 +1,6 @@ +with import <stockholm/lib>; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix index 842bbc22a..156e9239f 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/6tests/deploy.nix @@ -1,7 +1,8 @@ with import <stockholm/lib>; -import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }: +import <nixpkgs/nixos/tests/make-test.nix> ({ ... }: let + pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; }; test-config = <stockholm/krebs/6tests/data/test-config.nix>; privKey = '' -----BEGIN OPENSSH PRIVATE KEY----- @@ -41,15 +42,12 @@ let cd ${<stockholm>} export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH exec >&2 - : ${minimalSystem} source=${pkgs.writeJSON "source.json" populate-source} - cat > /tmp/derp <<EOF - builtins.fromJSON (builtins.readFile "$source") - EOF LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ # --force-populate \ - # --source=/tmp/derp \ + # --source=${./data/test-source.nix} \ # --system=server \ ''; minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { @@ -70,22 +68,20 @@ in { imports = [ test-config ]; environment.variables = { NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}"; - #LOL = minimalSystem; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ pubKey ]; - #virtualisation.writableStore = true; virtualisation.pathsInNixDB = [ minimalSystem - pkgs.stockholm ]; + environment.systemPackages = [ pkgs.git ]; }; client = - { config, pkgs, ... }: { }; - + { config, pkgs, ... }: + { }; }; testScript = '' |