summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-01-02 20:58:59 +0100
committertv <tv@krebsco.de>2018-01-02 20:58:59 +0100
commit493984d97e6deaee3d7b358724e83c59bccb212d (patch)
tree691e019ae0b55d48a9681d9c26ae65e6c83d1d0f /krebs
parent84fdbeba2ceee152a128f5e9013043c172c07ecf (diff)
parente48b4eb4606f6d0ec0b930016a53e7e7cfcbfb64 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/buildbot-all.nix1
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/3modules/ci.nix48
-rw-r--r--krebs/3modules/iptables.nix9
-rw-r--r--krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh2
-rw-r--r--krebs/5pkgs/simple/bitlbee-discord/default.nix29
-rw-r--r--krebs/5pkgs/simple/fortclientsslvpn/default.nix4
-rw-r--r--krebs/5pkgs/writers.nix46
-rw-r--r--krebs/6tests/default.nix6
-rw-r--r--krebs/6tests/deploy.nix18
10 files changed, 125 insertions, 40 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 8a647012f..ca994e996 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -9,5 +9,6 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
+ krebs.ci.tests = [ "deploy" ];
}
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 44743b87d..90a1a111f 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -23,7 +23,7 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = true;
+ security.rngd.enable = mkDefault true;
services.xserver = {
videoDriver = "intel";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index b56f5c543..bb19f0602 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -24,6 +24,13 @@ in
List of hosts that should be build
'';
};
+ tests = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ List of tests that should be build
+ '';
+ };
};
config = mkIf cfg.enable {
@@ -56,14 +63,14 @@ in
'';
scheduler = {
build-scheduler = ''
- # build all hosts
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -73,7 +80,8 @@ in
schedulers.ForceScheduler(
name="force",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -91,7 +99,7 @@ in
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
- build-hosts = ''
+ hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
@@ -120,12 +128,42 @@ in
bu.append(
util.BuilderConfig(
- name="build-hosts",
+ name="hosts",
slavenames=slavenames,
factory=f
)
)
+ '';
+ tests = mkIf (cfg.tests != []) ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ def run_test(test):
+ addShell(f,
+ name="{}".format(test),
+ env={
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ },
+ command=[
+ "nix-build", "-I", "stockholm=.", "krebs/6tests",
+ "-A", "{}".format(test)
+ ],
+ timeout=90001
+ )
+
+ ${concatMapStringsSep "\n" (test:
+ "run_test(\"${test}\")"
+ ) cfg.tests}
+
+ bu.append(
+ util.BuilderConfig(
+ name="tests",
+ slavenames=slavenames,
+ factory=f
+ )
+ )
'';
};
enable = true;
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d64ed86de..6298a05a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -61,6 +61,15 @@ let
};
};
})));
+ default = {
+ filter.INPUT.policy = "ACCEPT";
+ filter.FORWARD.policy = "ACCEPT";
+ filter.OUTPUT.policy = "ACCEPT";
+ nat.PREROUTING.policy = "ACCEPT";
+ nat.INPUT.policy = "ACCEPT";
+ nat.OUTPUT.policy = "ACCEPT";
+ nat.POSTROUTING.policy = "ACCEPT";
+ };
};
};
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
index 3b4d04f80..d500b3cb3 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
@@ -2,5 +2,5 @@
set -eu
printf "Sie meinten wohl \""
echo -n $@ | sed 's/Shack/shack/g'
-echo "\""
+echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci"
echo "${_from}--"
diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix
new file mode 100644
index 000000000..c01b87d6b
--- /dev/null
+++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix
@@ -0,0 +1,29 @@
+{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+ name = "bitlbee-discord-2017-12-27";
+
+ src = fetchFromGitHub {
+ rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
+ owner = "sm00th";
+ repo = "bitlbee-discord";
+ sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
+ };
+
+ nativeBuildInputs = [ autoreconfHook pkgconfig ];
+ buildInputs = [ bitlbee glib ];
+
+ preConfigure = ''
+ export BITLBEE_PLUGINDIR=$out/lib/bitlbee
+ ./autogen.sh
+ '';
+
+ meta = {
+ description = "Bitlbee plugin for Discord";
+
+ homepage = https://github.com/sm00th/bitlbee-discord;
+ license = licenses.gpl2Plus;
+ platforms = stdenv.lib.platforms.linux;
+ };
+}
diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
index cbcfab05f..1f86d6fe4 100644
--- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
@@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
src = fetchurl {
# archive.org mirror:
- # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
- url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+ url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz;
+ # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
};
phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix
index 6e67ed699..a48fc0f87 100644
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@@ -283,27 +283,33 @@ with import <stockholm/lib>;
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
- writePython2 = name: text:
- assert (with types; either absolute-pathname filename).check name;
- pkgs.writeOut (baseNameOf name) {
- ${optionalString (types.absolute-pathname.check name) name} = {
- check = pkgs.writeDash "python2check.sh" ''
- exec ${pkgs.python2}/bin/python -m py_compile "$1"
- '';
- inherit text;
- };
- };
+ writePython2 = deps:
+ let
+ py = pkgs.python2.withPackages(ps: attrVals deps ps);
+ in
+ pkgs.makeScriptWriter {
+ interpreter = "${py}/bin/python";
+ check = pkgs.writeDash "python2check.sh" ''
+ exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1"
+ '';
+ };
- writePython3 = name: text:
- assert (with types; either absolute-pathname filename).check name;
- pkgs.writeOut (baseNameOf name) {
- ${optionalString (types.absolute-pathname.check name) name} = {
- check = pkgs.writeDash "python3check.sh" ''
- exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
- '';
- inherit text;
- };
- };
+ writePython2Bin = d: name:
+ pkgs.writePython2 d "/bin/${name}";
+
+ writePython3 = deps:
+ let
+ py = pkgs.python3.withPackages(ps: attrVals deps ps);
+ in
+ pkgs.makeScriptWriter {
+ interpreter = "${py}/bin/python";
+ check = pkgs.writeDash "python3check.sh" ''
+ exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1"
+ '';
+ };
+
+ writePython3Bin = d: name:
+ pkgs.writePython3 d "/bin/${name}";
writeSed = pkgs.makeScriptWriter {
interpreter = "${pkgs.gnused}/bin/sed -f";
diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix
new file mode 100644
index 000000000..c0ca00296
--- /dev/null
+++ b/krebs/6tests/default.nix
@@ -0,0 +1,6 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+ deploy = import ./deploy.nix;
+}
diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix
index 842bbc22a..156e9239f 100644
--- a/krebs/6tests/deploy.nix
+++ b/krebs/6tests/deploy.nix
@@ -1,7 +1,8 @@
with import <stockholm/lib>;
-import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
+import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
+ pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
@@ -41,15 +42,12 @@ let
cd ${<stockholm>}
export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
exec >&2
- : ${minimalSystem}
source=${pkgs.writeJSON "source.json" populate-source}
- cat > /tmp/derp <<EOF
- builtins.fromJSON (builtins.readFile "$source")
- EOF
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
+ # TODO: make deploy work
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
# --force-populate \
- # --source=/tmp/derp \
+ # --source=${./data/test-source.nix} \
# --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
@@ -70,22 +68,20 @@ in {
imports = [ test-config ];
environment.variables = {
NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
- #LOL = minimalSystem;
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
pubKey
];
- #virtualisation.writableStore = true;
virtualisation.pathsInNixDB = [
minimalSystem
- pkgs.stockholm
];
+ environment.systemPackages = [ pkgs.git ];
};
client =
- { config, pkgs, ... }: { };
-
+ { config, pkgs, ... }:
+ { };
};
testScript = ''