diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 19 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 57 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/libvirt.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/skype.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/xserver/default.nix | 6 | ||||
| -rw-r--r-- | lass/5pkgs/default.nix | 11 | ||||
| -rw-r--r-- | lass/5pkgs/xmonad-lass/Main.hs | 13 | ||||
| -rw-r--r-- | lass/default.nix | 1 | ||||
| -rw-r--r-- | makefu/1systems/gum.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/deployment/mycube.connector.one.nix | 46 | ||||
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/nginx/update.connector.one.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 1 | ||||
| -rw-r--r-- | makefu/5pkgs/mycube-flask/default.nix | 21 | ||||
| -rw-r--r-- | makefu/default.nix | 1 | ||||
| -rw-r--r-- | shared/2configs/shared-buildbot.nix | 65 |
20 files changed, 204 insertions, 57 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index ca83d6906..6af77ad9b 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -291,7 +291,7 @@ with config.krebs.lib; wbob = rec { cores = 1; nets = { - retiolm = { + retiolum = { addrs4 = ["10.243.214.15"]; addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"]; aliases = [ diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 88fb6aac7..0103b6ec0 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -8,6 +8,7 @@ with builtins; ../2configs/browsers.nix ../2configs/programs.nix ../2configs/git.nix + ../2configs/pass.nix #{ # users.extraUsers = { # root = { @@ -17,6 +18,15 @@ with builtins; # }; # }; #} + { + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -53,15 +63,6 @@ with builtins; # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" #''; - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - services.xserver.synaptics = { enable = true; twoFingerScroll = true; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index f6ac1b4e6..9f492e2c6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -20,12 +20,12 @@ ../2configs/git.nix #../2configs/wordpress.nix ../2configs/bitlbee.nix - ../2configs/firefoxPatched.nix + #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/buildbot-standalone.nix + #../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -97,6 +97,54 @@ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } # ]; #} + { + containers.pythonenv = { + config = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + + environment = { + systemPackages = with pkgs; [ + git + libxml2 + libxslt + libzip + python27Full + python27Packages.buildout + stdenv + zlib + ]; + + pathsToLink = [ "/include" ]; + + shellInit = '' + # help pip to find libz.so when building lxml + export LIBRARY_PATH=/var/run/current-system/sw/lib + # ditto for header files, e.g. sqlite + export C_INCLUDE_PATH=/var/run/current-system/sw/include + ''; + }; + + }; + }; + } + { + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = "<secrets>/mysql_rootPassword"; + }; + } + { + services.elasticsearch = { + enable = true; + plugins = [ + pkgs.elasticsearchPlugins.elasticsearch_kopf + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -170,6 +218,11 @@ device = "/dev/big/public"; fsType = "ext4"; }; + + "/mnt/conf" = { + device = "/dev/big/conf"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 61016fed0..eb764068b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -58,7 +58,7 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 76b897d1f..0aab298c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -42,6 +42,8 @@ let brain = { collaborators = with config.krebs.users; [ tv makefu ]; }; + extraction_webinterface = {}; + politics-fetching = {}; } // import <secrets/repos.nix> { inherit config lib pkgs; } ); diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 7520a0e36..a51ccae58 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -2,13 +2,14 @@ let mainUser = config.users.extraUsers.mainUser; + inherit (config.krebs.lib) genid; in { virtualisation.libvirtd.enable = true; users.extraUsers = { libvirt = { - uid = lib.genid "libvirt"; + uid = genid "libvirt"; description = "user for running libvirt stuff"; home = "/home/libvirt"; useDefaultShell = true; diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index d62a18a52..5b6da4a95 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -2,12 +2,13 @@ let mainUser = config.users.extraUsers.mainUser; + inherit (config.krebs.lib) genid; in { users.extraUsers = { skype = { name = "skype"; - uid = lib.genid "skype"; + uid = genid "skype"; description = "user for running skype"; home = "/home/skype"; useDefaultShell = true; diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 82cfd57bb..203ed0b09 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -93,11 +93,9 @@ let xmonad-start = pkgs.writeScriptBin "xmonad" '' #! ${pkgs.bash}/bin/bash set -efu - export PATH; PATH=${makeSearchPath "bin" [ - pkgs.alsaUtils - pkgs.pulseaudioLight + export PATH; PATH=${makeSearchPath "bin" ([ pkgs.rxvt_unicode - ]}:/var/setuid-wrappers + ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal command=''${1##*/} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fee4654ae..ce29ae33c 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,16 +1,13 @@ { pkgs, ... }: -let - inherit (pkgs) callPackage; -in { nixpkgs.config.packageOverrides = rec { firefoxPlugins = { - noscript = callPackage ./firefoxPlugins/noscript.nix {}; - ublock = callPackage ./firefoxPlugins/ublock.nix {}; - vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; + noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; + ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; + vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; - newsbot-js = callPackage ./newsbot-js/default.nix {}; + newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in pkgs.haskellPackages.callPackage src {}; diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index faaa00aab..503df3be7 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -12,7 +12,6 @@ import XMonad import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, withArgs, getEnv, getEnvironment) import System.Posix.Process (executeFile) -import XMonad.Prompt (defaultXPConfig) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.GridSelect @@ -73,7 +72,7 @@ mainNoArgs = do -- $ withUrgencyHook borderUrgencyHook "magenta" -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") - $ defaultConfig + $ def { terminal = myTerm , modMask = mod4Mask , workspaces = workspaces0 @@ -169,7 +168,7 @@ myWSConfig = myGSConfig } pagerConfig :: PagerConfig -pagerConfig = defaultPagerConfig +pagerConfig = def { pc_font = myFont , pc_cellwidth = 64 --, pc_cellheight = 36 -- TODO automatically keep screen aspect @@ -182,13 +181,13 @@ pagerConfig = defaultPagerConfig where windowColors _ _ _ True _ = ("#ef4242","#ff2323") windowColors wsf m c u wf = do - let def = defaultWindowColors wsf m c u wf + let y = defaultWindowColors wsf m c u wf if m == False && wf == True - then ("#402020", snd def) - else def + then ("#402020", snd y) + else y wGSConfig :: GSConfig Window -wGSConfig = defaultGSConfig +wGSConfig = def { gs_cellheight = 20 , gs_cellwidth = 192 , gs_cellpadding = 5 diff --git a/lass/default.nix b/lass/default.nix index 69b4abaac..377708c3e 100644 --- a/lass/default.nix +++ b/lass/default.nix @@ -3,5 +3,6 @@ _: imports = [ ../krebs ./3modules + ./5pkgs ]; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 04adc4941..906c72de4 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,6 +17,7 @@ in { ../2configs/mattermost-docker.nix ../2configs/nginx/euer.test.nix ../2configs/nginx/update.connector.one.nix + ../2configs/deployment/mycube.connector.one.nix ../2configs/exim-retiolum.nix ../2configs/urlwatch.nix diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix new file mode 100644 index 000000000..6a32656b4 --- /dev/null +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with config.krebs.lib; +let + hostname = config.krebs.build.host.name; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; +in { + services.redis.enable = true; + services.uwsgi = { + enable = true; + user = "nginx"; + plugins = [ "python2" ]; + instance = { + type = "emperor"; + vassals = { + mycube-flask = { + type = "normal"; + python2Packages = self: with self; [ pkgs.mycube-flask self.flask self.redis self.werkzeug self.jinja2 self.markupsafe itsdangerous ]; + socket = wsgi-sock; + }; + }; + }; + }; + + krebs.nginx = { + enable = mkDefault true; + servers = { + mybox-connector-one = { + listen = [ "${external-ip}:80" ]; + server-names = [ + "mycube.connector.one" + "mybox.connector.one" + ]; + locations = singleton (nameValuePair "/" '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${pkgs.mycube-flask}/${pkgs.python.sitePackages}; + uwsgi_param UWSGI_MODULE mycube.websrv; + uwsgi_param UWSGI_CALLABLE app; + + include ${pkgs.nginx}/conf/uwsgi_params; + ''); + }; + }; + }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index a488d98f2..15700e10d 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -57,7 +57,7 @@ let # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv uriel ]; + krebsminister = with config.krebs.users; [ lass tv ]; all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ]; all-exco = with config.krebs.users; [ exco ]; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 892be07b8..d5ce34bd4 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -2,8 +2,7 @@ with config.krebs.lib; { - # TODO: put this somewhere else - networking.wireless.enable = true; + networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix index 044a14075..ac5e6b17b 100644 --- a/makefu/2configs/nginx/update.connector.one.nix +++ b/makefu/2configs/nginx/update.connector.one.nix @@ -8,7 +8,7 @@ in { krebs.nginx = { enable = mkDefault true; servers = { - omo-share = { + update-connector-one = { listen = [ "${external-ip}:80" ]; server-names = [ "update.connector.one" diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index c4a7f498f..33e280f0e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -10,5 +10,6 @@ in alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; + mycube-flask = callPackage ./mycube-flask {}; }; } diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix new file mode 100644 index 000000000..d01abbbd4 --- /dev/null +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.pythonPackages;buildPythonPackage rec { + name = "mycube-flask-${version}"; + version = "0.2.3"; + propagatedBuildInputs = [ + flask + redis + ]; + src = fetchFromGitHub { + owner = "makefu"; + repo = "mycube-flask"; + rev = "5f5260a"; + sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; + }; + meta = { + homepage = https://github.com/makefu/mycube-flask; + description = "flask app for mycube"; + license = lib.licenses.asl20; + }; +} diff --git a/makefu/default.nix b/makefu/default.nix index 320e1a133..b1c7c1be8 100644 --- a/makefu/default.nix +++ b/makefu/default.nix @@ -4,5 +4,6 @@ _: ../krebs ./2configs ./3modules + ./5pkgs ]; } diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index ebf5f4a1e..b474af7b3 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -7,6 +7,11 @@ # TODO for all users schedule a build for fast tests { + # due to the fact that we actually build stuff on the box via the daemon, + # /nix/store should be cleaned up automatically as well + nix.gc.automatic = true; + nix.gc.dates = "05:23"; + networking.firewall.allowedTCPPorts = [ 8010 9989 ]; krebs.buildbot.master = let stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ; @@ -27,7 +32,7 @@ force-scheduler = '' sched.append(schedulers.ForceScheduler( name="force", - builderNames=["full-tests","fast-tests"])) + builderNames=["full-tests","fast-tests","build-local"])) ''; fast-tests-scheduler = '' # test everything real quick @@ -35,7 +40,7 @@ ## all branches change_filter=util.ChangeFilter(branch_re=".*"), # treeStableTimer=10, - name="fast-test-all-branches", + name="fast-all-branches", builderNames=["fast-tests"])) ''; test-cac-infest-master = '' @@ -51,8 +56,8 @@ change_filter=util.ChangeFilter(branch="master"), fileIsImportant=shared_files, treeStableTimer=60*60, # master was stable for the last hour - name="full-master-test", - builderNames=["full-tests"])) + name="full-master", + builderNames=["full-tests","build-local"])) ''; }; builder_pre = '' @@ -69,7 +74,7 @@ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/upstream-nixpkgs", + "-I", "nixpkgs=/var/src/nixpkgs", "-p" ] + deps + [ "--run" ] # prepare addShell function @@ -90,26 +95,46 @@ addShell(f,name="instantiate-test-all-modules",env=env, command=nixshell + \ ["touch retiolum.rsa_key.priv; \ - nix-instantiate --eval -A \ - users.shared.test-all-krebs-modules.system \ - -I stockholm=. \ - --show-trace \ - -I secrets=. '<stockholm>' \ - --strict --json"]) - - addShell(f,name="instantiate-test-minimal-deploy",env=env, + nix-instantiate \ + --show-trace --eval --strict --json \ + -I nixos-config=./shared/1systems/test-all-krebs-modules.nix \ + -I secrets=. \ + -A config.system.build.toplevel"] + ) + + addShell(f,name="build-test-minimal",env=env, command=nixshell + \ - ["nix-instantiate --eval -A \ - users.shared.test-minimal-deploy.system \ - -I stockholm=. \ - -I secrets=. '<stockholm>' \ - --show-trace \ - --strict --json"]) + ["nix-instantiate \ + --show-trace --eval --strict --json \ + -I nixos-config=./shared/1systems/test-minimal-deploy.nix \ + -I secrets=. \ + -A config.system.build.toplevel"] + ) bu.append(util.BuilderConfig(name="fast-tests", slavenames=slavenames, factory=f)) ''; + # this build will try to build against local nixpkgs + # TODO change to do a 'local' populate and use the retrieved nixpkgs + build-local = '' + f = util.BuildFactory() + f.addStep(grab_repo) + + addShell(f,name="build-test-all-modules",env=env, + command=nixshell + \ + ["touch retiolum.rsa_key.priv; \ + nix-build \ + --show-trace --no-out-link \ + -I nixos-config=./shared/1systems/test-all-krebs-modules.nix \ + -I secrets=. \ + -A config.system.build.toplevel"] + ) + + bu.append(util.BuilderConfig(name="build-local", + slavenames=slavenames, + factory=f)) + ''; slow-tests = '' s = util.BuildFactory() s.addStep(grab_repo) @@ -151,6 +176,6 @@ packages = with pkgs;[ git nix ]; # all nix commands will need a working nixpkgs installation extraEnviron = { - NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; + NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; }; } |