diff options
-rw-r--r-- | krebs/3modules/buildbot/master.nix | 16 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 11 | ||||
-rw-r--r-- | makefu/1systems/gum.nix | 3 | ||||
-rw-r--r-- | makefu/2configs/smart-monitor.nix | 18 | ||||
-rw-r--r-- | makefu/2configs/urlwatch.nix | 20 | ||||
-rw-r--r-- | shared/2configs/buildbot-standalone.nix | 8 |
6 files changed, 67 insertions, 9 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 5870c3145..74385a433 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -132,6 +132,16 @@ let ''; }; + secrets = mkOption { + default = []; + type = types.listOf types.str; + example = [ "cac.json" ]; + description = '' + List of all the secrets in <secrets> which should be copied into the + buildbot master directory. + ''; + }; + slaves = mkOption { default = {}; type = types.attrsOf types.str; @@ -344,10 +354,10 @@ let fi # always override the master.cfg cp ${buildbot-master-config} ${workdir}/master.cfg + # copy secrets - cp ${secretsdir}/cac.json ${workdir} - cp ${secretsdir}/retiolum-ci.rsa_key.priv \ - ${workdir}/retiolum.rsa_key.priv + ${ concatMapStringsSep "\n" + (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets } # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1970a0777..31516d591 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -83,6 +83,9 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; + }; vbob = { @@ -108,6 +111,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; }; flap = rec { cores = 1; @@ -238,6 +243,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { cores = 1; @@ -287,6 +294,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch"; }; gum = rec { cores = 1; @@ -327,6 +336,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; }; users = addNames rec { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 93fb3dc3a..1907424ec 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -6,11 +6,11 @@ let internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ - # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix + ../2configs/smart-monitor.nix # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix @@ -18,6 +18,7 @@ in { ../2configs/exim-retiolum.nix ../2configs/urlwatch.nix + ]; diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix new file mode 100644 index 000000000..7086f622b --- /dev/null +++ b/makefu/2configs/smart-monitor.nix @@ -0,0 +1,18 @@ +{ config, ... }: +{ + services.smartd = { + enable = true; + notifications = { + mail = { + enable = true; + recipient = config.krebs.users.makefu.mail; + }; + }; + # short daily, long weekly, check on boot + defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; + + devices = [{ + device = "/dev/sda"; + }]; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index e4f639d5b..a83279ba2 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -1,6 +1,22 @@ -{ config, ... }: +{ config, lib, ... }: { + nixpkgs.config.packageOverrides = pkgs: { + urlwatch = with pkgs.pythonPackages; buildPythonPackage rec { + name = "urlwatch-1.18"; + + propagatedBuildInputs = [ futures ]; + + src = pkgs.fetchurl { + url = "http://thp.io/2008/urlwatch/${name}.tar.gz"; + sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb"; + }; + + postFixup = '' + wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH" + ''; + }; + }; krebs.urlwatch = { enable = true; mailto = config.krebs.users.makefu.mail; @@ -12,7 +28,7 @@ http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ - http://cvs2svn.tigris.org/svn/cvs2svn/tags/ + http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ ]; }; } diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix index 51c600329..28d1eef2e 100644 --- a/shared/2configs/buildbot-standalone.nix +++ b/shared/2configs/buildbot-standalone.nix @@ -8,6 +8,9 @@ in { }; networking.firewall.allowedTCPPorts = [ 8010 9989 ]; krebs.buildbot.master = { + secrets = [ + "cac.json" + ]; slaves = { testslave = "krebspass"; omo = "krebspass"; @@ -93,9 +96,8 @@ in { # slave needs 2 files: # * cac.json # * retiolum - for file in ["cac.json", "retiolum.rsa_key.priv"]: - s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/{}".format(file), - slavedest=file)) + s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json")) + s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv")) addShell(s, name="infest-cac-centos7",env=env, sigtermTime=60, # SIGTERM 1 minute before SIGKILL |