summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile126
-rw-r--r--krebs/1systems/hotdog/config.nix2
-rw-r--r--krebs/1systems/puyak/config.nix1
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/repo-sync.nix4
-rw-r--r--krebs/2configs/shared-buildbot.nix191
-rw-r--r--krebs/3modules/buildbot/master.nix28
-rw-r--r--krebs/3modules/buildbot/slave.nix19
-rw-r--r--krebs/3modules/ci.nix175
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/krebs/default.nix10
-rw-r--r--krebs/3modules/lass/default.nix28
-rw-r--r--krebs/4lib/infest/prepare.sh17
-rw-r--r--krebs/5pkgs/simple/buildbot-classic-slave/default.nix21
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix47
-rw-r--r--krebs/5pkgs/simple/populate/default.nix4
-rw-r--r--krebs/5pkgs/writers.nix9
-rw-r--r--lass/1systems/daedalus/config.nix35
-rw-r--r--lass/1systems/daedalus/source.nix4
-rw-r--r--lass/2configs/boot/stock-x220.nix8
-rw-r--r--lass/2configs/buildbot-standalone.nix10
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lib/types.nix1
-rw-r--r--shell.nix114
24 files changed, 453 insertions, 404 deletions
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 4258d9178..000000000
--- a/Makefile
+++ /dev/null
@@ -1,126 +0,0 @@
-stockholm ?= .
-
-export HOSTNAME ?= $(shell cat /proc/sys/kernel/hostname)
-
-export STOCKHOLM_VERSION ?= $(shell \
- version=git.$$(git describe --always --dirty); \
- case $$version in (*-dirty) version=$$version@$$HOSTNAME; esac; \
- date=$$(date +%y.%m); \
- printf '%s' "$$date.$$version"; \
-)
-
-system ?= $(HOSTNAME)
-$(if $(system),,$(error unbound variable: system))
-
-nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix
-ifneq ($(words $(wildcard $(nixos-config))),1)
-$(error bad nixos-config: $(nixos-config))
-endif
-
-# target = [target_user@]target_host[:target_port][/target_path]
-ifdef target
-_target_user != echo $(target) | sed -n 's/@.*//p'
-_target_path != echo $(target) | sed -n 's/^[^/]*//p'
-_target_port != echo $(target) | sed -En 's|^.*:([^/]*)(/.*)?$$|\1|p'
-_target_host != echo $(target) | sed -En 's/^(.*@)?([^:/]*).*/\2/p'
-ifneq ($(_target_host),)
-$(if $(target_host),$(error cannot define both, target_host and host in target))
-target_host ?= $(_target_host)
-endif
-ifneq ($(_target_user),)
-$(if $(target_user),$(error cannot define both, target_user and user in target))
-target_user ?= $(_target_user)
-endif
-ifneq ($(_target_port),)
-$(if $(target_port),$(error cannot define both, target_port and port in target))
-target_port ?= $(_target_port)
-endif
-ifneq ($(_target_path),)
-$(if $(target_path),$(error cannot define both, target_path and path in target))
-target_path ?= $(_target_path)
-endif
-endif
-
-target_host ?= $(system)
-target_user ?= root
-target_port ?= 22
-target_path ?= /var/src
-
-$(if $(target_host),,$(error unbound variable: target_host))
-$(if $(target_user),,$(error unbound variable: target_user))
-$(if $(target_port),,$(error unbound variable: target_port))
-$(if $(target_path),,$(error unbound variable: target_path))
-
-whatsupnix = \
- if type whatsupnix >/dev/null 2>&1; then \
- whatsupnix $(1); \
- else \
- cat; \
- fi
-
-build = \
- nix-build \
- -Q \
- --no-out-link \
- --show-trace \
- -I nixos-config=$(nixos-config) \
- -I stockholm=$(stockholm) \
- -E "with import <stockholm>; $(1)" \
- $(2) \
- |& $(call whatsupnix)
-
-evaluate = \
- nix-instantiate \
- --eval \
- --readonly-mode \
- --show-trace \
- -I nixos-config=$(nixos-config) \
- -I stockholm=$(stockholm) \
- -E "let eval = import <stockholm>; in with eval; $(1)" \
- $(2)
-
-ifeq ($(MAKECMDGOALS),)
-$(error No goals specified)
-endif
-
-# usage: make deploy system=foo [target=bar]
-# usage: make test system=foo target=bar
-deploy test:
-ifdef target
- nix-shell --run '$@ --system=$(system) --target=$(target)'
-else
- nix-shell --run '$@ --system=$(system)'
-endif
-
-# usage: make populate system=foo
-populate: populate-target = \
- $(target_user)@$(target_host):$(target_port)$(target_path)
-ifeq ($(debug),true)
-populate: populate-flags += --debug
-endif
-ifneq ($(ssh),)
-populate: populate-flags += --ssh=$(ssh)
-endif
-populate:
- nix-shell --run 'get-source $(LOGNAME)/1systems/$(system)/source.nix' \
- populate $(populate-target) $(populate-flags)
-
-# usage: make pkgs.populate
-pkgs:;@$(error no package selected)
-pkgs.%:;@$(call build,$@)
-
-# usage: make LOGNAME=krebs system=wolf eval.config.krebs.build.host.name
-eval eval.:;@$(call evaluate,$${expr-eval})
-eval.%:;@$(call evaluate,$@)
-
-# usage: make install system=foo [target_host=bar]
-install: ssh ?= ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
-install:
- $(ssh) $(target_user)@$(target_host) -p $(target_port) \
- env target_path=$(target_path) \
- sh -s prepare < krebs/4lib/infest/prepare.sh
- $(MAKE) populate target_path=/mnt$(target_path)
- $(ssh) $(target_user)@$(target_host) -p $(target_port) \
- env NIXOS_CONFIG=$(target_path)/nixos-config \
- STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \
- nixos-install
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 18c8a86cd..26f392da8 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -8,6 +8,8 @@
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
+
+ <stockholm/krebs/2configs/shared-buildbot.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 847f51161..6c950d414 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -7,7 +7,6 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
- <stockholm/krebs/2configs/repo-sync.nix>
<stockholm/krebs/2configs/shared-buildbot.nix>
<stockholm/krebs/2configs/stats/puyak-client.nix>
];
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 0deb01f0a..e883a176d 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -12,7 +12,6 @@ in
<stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/graphite.nix>
- <stockholm/krebs/2configs/repo-sync.nix>
<stockholm/krebs/2configs/shared-buildbot.nix>
<stockholm/krebs/2configs/shack/worlddomination.nix>
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 157a30e69..b0b0b2f62 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -17,7 +17,7 @@ let
verbose = false;
channel = "#retiolum";
server = "ni.r";
- branches = [ "newest" ];
+ branches = [ "master" ];
};
});
};
@@ -55,7 +55,7 @@ let
};
latest = {
url = "${mirror}${name}";
- ref = "heads/newest";
+ ref = "heads/master";
};
};
krebs.git = defineRepo name true;
diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix
index b534f0b62..7f243b506 100644
--- a/krebs/2configs/shared-buildbot.nix
+++ b/krebs/2configs/shared-buildbot.nix
@@ -1,183 +1,18 @@
{ lib, config, pkgs, ... }:
-# The buildbot config is self-contained and currently provides a way
-# to test "krebs" configuration (infrastructure to be used by every krebsminister).
+{
+ imports = [
+ <stockholm/krebs/2configs/repo-sync.nix>
+ ];
-# You can add your own test, test steps as required. Deploy the config on a
-# krebs host like wolf and everything should be fine.
-
-# TODO for all users schedule a build for fast tests
-let
- hostname = config.networking.hostName;
-in {
- # due to the fact that we actually build stuff on the box via the daemon,
- # /nix/store should be cleaned up automatically as well
- services.nginx = {
- enable = true;
- virtualHosts.build = {
- serverAliases = [ "build.${hostname}.r" ];
- locations."/".extraConfig = ''
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
- '';
- };
- };
-
- nix.gc.automatic = true;
- nix.gc.dates = "05:23";
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
-
- krebs.buildbot.master = let
- stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm" ;
- in {
- slaves = {
- testslave = "krebspass";
- };
- change_source.stockholm = ''
- stockholm_repo = '${stockholm-mirror-url}'
- cs.append(changes.GitPoller(
- stockholm_repo,
- workdir='stockholm-poller', branches=True,
- project='stockholm',
- pollinterval=60))
- '';
- scheduler = {
- force-scheduler = ''
- sched.append(schedulers.ForceScheduler(
- name="force",
- builderNames=[
- # "full-tests",
- "fast-tests",
- "build-local"
- ]))
- '';
- fast-tests-scheduler = ''
- # test everything real quick
- sched.append(schedulers.AnyBranchScheduler(
- treeStableTimer=10,
- name="fast-all-branches",
- builderNames=["fast-tests"]))
- '';
- test-cac-infest-master = ''
- # files everyone depends on or are part of the share branch
- def shared_files(change):
- r =re.compile("^(krebs/.*|Makefile|default.nix|shell.nix)")
- for file in change.files:
- if r.match(file):
- return True
- return False
-
- sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- fileIsImportant=shared_files,
- treeStableTimer=60*60, # master was stable for the last hour
- name="full-master",
- builderNames=[
- # "full-tests",
- "build-local"
- ]))
- '';
- };
- builder_pre = ''
- # prepare grab_repo step for stockholm
- grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
-
- env = {
- "LOGNAME": "krebs",
- "NIX_REMOTE": "daemon",
- "dummy_secrets": "true",
- }
-
- # prepare nix-shell
- # the dependencies which are used by the test script
- deps = [ "gnumake", "jq", "nix",
- "(import <stockholm>).pkgs.populate",
- "(import <stockholm>).pkgs.test.infest-cac-centos7" ]
- # TODO: --pure , prepare ENV in nix-shell command:
- # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell",
- "-I", "stockholm=.",
- "-I", "nixpkgs=/var/src/nixpkgs",
- "-p" ] + deps + [ "--run" ]
-
- # prepare addShell function
- def addShell(factory,**kwargs):
- factory.addStep(steps.ShellCommand(**kwargs))
- '';
- builder = {
- fast-tests = ''
- f = util.BuildFactory()
- f.addStep(grab_repo)
-
- for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
- addShell(f,name="build-{}".format(i),env=env,
- command=nixshell + \
- ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
- make \
- test \
- target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
- method=eval \
- system={}".format(i)])
-
- bu.append(util.BuilderConfig(name="fast-tests",
- slavenames=slavenames,
- factory=f))
-
- '';
- # this build will try to build against local nixpkgs
- # TODO change to do a 'local' populate and use the retrieved nixpkgs
- build-local = ''
- f = util.BuildFactory()
- f.addStep(grab_repo)
-
-
- bu.append(util.BuilderConfig(name="build-local",
- slavenames=slavenames,
- factory=f))
- '';
-# slow-tests = ''
-# s = util.BuildFactory()
-# s.addStep(grab_repo)
-#
-# # slave needs 2 files:
-# # * cac.json
-# # * retiolum
-# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
-# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
-# addShell(s, name="infest-cac-centos7",env=env,
-# sigtermTime=60, # SIGTERM 1 minute before SIGKILL
-# timeout=10800, # 3h
-# command=nixshell + ["infest-cac-centos7"])
-#
-# bu.append(util.BuilderConfig(name="full-tests",
-# slavenames=slavenames,
-# factory=s))
-# '';
- };
- enable = true;
- web = {
- enable = true;
- };
- irc = {
- enable = true;
- nick = "${hostname}bot";
- server = "ni.r";
- channels = [ "retiolum" ];
- allowForce = true;
- };
- extraConfig = ''
- c['buildbotURL'] = "http://build.${hostname}.r/"
- '';
- };
-
- krebs.buildbot.slave = {
- enable = true;
- masterhost = "localhost";
- username = "testslave";
- password = "krebspass";
- packages = with pkgs; [ gnumake jq nix populate ];
- # all nix commands will need a working nixpkgs installation
- extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/${hostname}/config.nix:stockholm=./"; };
+ krebs.ci.enable = true;
+ krebs.ci.users.krebs ={
+ all = true;
+ hosts = [
+ "test-arch"
+ "test-centos6"
+ "test-centos7"
+ "test-all-krebs-modules"
+ ];
};
}
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 12c685b82..a7624c8f2 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -2,22 +2,6 @@
with import <stockholm/lib>;
let
- # https://github.com/NixOS/nixpkgs/issues/14026
- nixpkgs-fix = import (pkgs.fetchgit {
- url = https://github.com/nixos/nixpkgs;
- rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
- sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8";
- }) {};
-
- buildbot = nixpkgs-fix.buildbot.overrideDerivation (old: {
- postUnpack = "sourceRoot=\${sourceRoot}/master";
- patches = [];
- src = pkgs.fetchFromGitHub {
- owner = "krebscode";
- repo = "buildbot-classic";
- rev = "5b4f5f6f1";
- sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };});
-
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
@@ -364,7 +348,7 @@ let
set -efux
if [ ! -e ${workdir} ];then
mkdir -p ${workdir}
- ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
+ ${pkgs.buildbot-classic}/bin/buildbot create-master -r -l 10 -f ${workdir}
fi
# always override the master.cfg
cp ${buildbot-master-config} ${workdir}/master.cfg
@@ -373,18 +357,18 @@ let
${ concatMapStringsSep "\n"
(f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
# sanity
- ${buildbot}/bin/buildbot checkconfig ${workdir}
+ ${pkgs.buildbot-classic}/bin/buildbot checkconfig ${workdir}
# TODO: maybe upgrade? not sure about this
# normally we should write buildbot.tac by our own
- # ${buildbot}/bin/buildbot upgrade-master ${workdir}
+ # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
chmod 700 -R ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
- ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
- ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
- ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
+ ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start ${workdir}";
+ ExecStop = "${pkgs.buildbot-classic}/bin/buildbot stop ${workdir}";
+ ExecReload = "${pkgs.buildbot-classic}/bin/buildbot reconfig ${workdir}";
PrivateTmp = "true";
User = "buildbotMaster";
Restart = "always";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 698bf3bcd..544f9c4e0 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -2,20 +2,6 @@
with import <stockholm/lib>;
let
- # https://github.com/NixOS/nixpkgs/issues/14026
- nixpkgs-fix = import (pkgs.fetchgit {
- url = https://github.com/nixos/nixpkgs;
- rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
- sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8";
- }) {};
- pkg = nixpkgs-fix.buildbot-slave.overrideDerivation (old: {
- postUnpack = "sourceRoot=\${sourceRoot}/slave";
- patches = [];
- src = pkgs.fetchFromGitHub {
- owner = "krebscode";
- repo = "buildbot-classic";
- rev = "5b4f5f6f1";
- sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };});
buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
import os
@@ -166,7 +152,6 @@ let
workdir = shell.escape cfg.workDir;
contact = shell.escape cfg.contact;
description = shell.escape cfg.description;
- buildbot = pkg;
# TODO:make this
in {
PermissionsStartOnly = true;
@@ -183,8 +168,8 @@ let
chown buildbotSlave:buildbotSlave -R ${workdir}
chmod 700 -R ${workdir}
'';
- ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
- ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
+ ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
+ ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
PrivateTmp = "true";
User = "buildbotSlave";
Restart = "always";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
new file mode 100644
index 000000000..542a9252f
--- /dev/null
+++ b/krebs/3modules/ci.nix
@@ -0,0 +1,175 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.ci;
+
+ hostname = config.networking.hostName;
+in
+{
+ options.krebs.ci = {
+ enable = mkEnableOption "krebs continous integration";
+ users = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ all = mkOption {
+ type = bool;
+ default = true;
+ };
+ hosts = mkOption {
+ type = listOf str;
+ default = [];
+ };
+ };
+ });
+ example = {
+ lass.all = true;
+ krebs = {
+ all = true;
+ hosts = [
+ "test-all-krebs-modules"
+ "test-arch"
+ ];
+ };
+ };
+ default = {};
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.nginx = {
+ enable = true;
+ virtualHosts.build = {
+ serverAliases = [ "build.${hostname}.r" ];
+ locations."/".extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
+ '';
+ };
+ };
+
+ nix.gc.automatic = true;
+ nix.gc.dates = "05:23";
+
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.${hostname}.r/stockholm'
+ cs.append(
+ changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branches=True,
+ project='stockholm',
+ pollinterval=10
+ )
+ )
+ '';
+ scheduler = {
+ build-scheduler = ''
+ # build all hosts
+ sched.append(
+ schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ treeStableTimer=10,
+ name="build-all-branches",
+ builderNames=[
+ "build-hosts"
+ ]
+ )
+ )
+ '';
+ force-scheduler = ''
+ sched.append(
+ schedulers.ForceScheduler(
+ name="force",
+ builderNames=[
+ "build-hosts"
+ ]
+ )
+ )
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(
+ repourl=stockholm_repo,
+ mode='full'
+ )
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ build-hosts = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+
+ def build_host(user, host):
+ addShell(f,
+ name="{}".format(host),
+ env={
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ },
+ command=[
+ "nix-shell", "--run",
+ "test --user={} --system={} --target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user, host, user)
+ ]
+ )
+
+ ${let
+ user-hosts = mapAttrs (user: a: let
+ managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts);
+ defined-hosts = a.hosts;
+ in
+ defined-hosts ++ (optionals a.all managed-hosts)
+ ) cfg.users;
+
+ in
+ concatStringsSep "\n" (
+ (mapAttrsToList (user: hosts:
+ concatMapStringsSep "\n" (host:
+ "build_host(\"${user}\", \"${host}\")"
+ ) hosts
+ ) user-hosts)
+ )
+ }
+
+ bu.append(
+ util.BuilderConfig(
+ name="build-hosts",
+ slavenames=slavenames,
+ factory=f
+ )
+ )
+
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "build|${hostname}";
+ server = "ni.r";
+ channels = [ "retiolum" "noise" ];
+ allowForce = true;
+ };
+ extraConfig = ''
+ c['buildbotURL'] = "http://build.${hostname}.r/"
+ '';
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs; [ gnumake jq nix populate ];
+ };
+
+ };
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6123b6dd9..b0ad2baf5 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -12,6 +12,7 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
+ ./ci.nix
./current.nix
./exim.nix
./exim-retiolum.nix
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 07543489a..27fbb7088 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -32,12 +32,15 @@ in {
hosts = {
hotdog = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.3";
ip6.addr = "42:0:0:0:0:0:77:3";
aliases = [
"hotdog.r"
+ "build.hotdog.r"
+ "cgit.hotdog.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -56,6 +59,7 @@ in {
};
puyak = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
@@ -82,6 +86,7 @@ in {
};
wolf = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
shack = {
ip4.addr = "10.42.2.150" ;
@@ -120,6 +125,11 @@ in {
krebs = {
pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
};
+ hotdog-repo-sync = {
+ name = "hotdog-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzTvaR3QqOD3oEEGHQzg/sRnNbKJnZYcV9htDvXmu53";
+ };
puyak-repo-sync = {
name = "puyak-repo-sync";
mail = "spam@krebsco.de";
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 139f02ddd..c554391f2 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -255,7 +255,7 @@ with import <stockholm/lib>;
nets = rec {
retiolum = {
ip4.addr = "10.243.133.114";
- ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214";
+ ip6.addr = "42:0:0:0:0:0:1ca0:1205";
aliases = [
"icarus.r"
"cgit.icarus.r"
@@ -276,6 +276,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
};
+ daedalus = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.115";
+ ip6.addr = "42:0:0:0:0:0:daed:a105";
+ aliases = [
+ "daedalus.r"
+ "cgit.daedalus.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
+ 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+
+ qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8
+ ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR
+ arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w
+ 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
+ };
iso = {
cores = 1;
managed = false;
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index d39aca348..ccfc4f49b 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -1,8 +1,8 @@
#! /bin/sh
set -efu
-nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
-nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4
+nix_url=https://nixos.org/releases/nix/nix-1.11.13/nix-1.11.13-x86_64-linux.tar.bz2
+nix_sha256=c11411d52d8ad1ce3a68410015487282fd4651d3abefbbb13fa1f7803a2f60de
prepare() {(
if test -e /etc/os-release; then
@@ -14,10 +14,6 @@ prepare() {(
;;
centos)
case $VERSION_ID in
- 6)
-