summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/buildbot/master.nix16
-rw-r--r--krebs/3modules/makefu/default.nix11
-rw-r--r--makefu/1systems/gum.nix3
-rw-r--r--makefu/2configs/smart-monitor.nix18
-rw-r--r--makefu/2configs/urlwatch.nix20
-rw-r--r--shared/2configs/buildbot-standalone.nix8
6 files changed, 67 insertions, 9 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 5870c3145..74385a433 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -132,6 +132,16 @@ let
'';
};
+ secrets = mkOption {
+ default = [];
+ type = types.listOf types.str;
+ example = [ "cac.json" ];
+ description = ''
+ List of all the secrets in <secrets> which should be copied into the
+ buildbot master directory.
+ '';
+ };
+
slaves = mkOption {
default = {};
type = types.attrsOf types.str;
@@ -344,10 +354,10 @@ let
fi
# always override the master.cfg
cp ${buildbot-master-config} ${workdir}/master.cfg
+
# copy secrets
- cp ${secretsdir}/cac.json ${workdir}
- cp ${secretsdir}/retiolum-ci.rsa_key.priv \
- ${workdir}/retiolum.rsa_key.priv
+ ${ concatMapStringsSep "\n"
+ (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
# sanity
${buildbot}/bin/buildbot checkconfig ${workdir}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 1970a0777..31516d591 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -83,6 +83,9 @@ with lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
+
};
vbob = {
@@ -108,6 +111,8 @@ with lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
};
flap = rec {
cores = 1;
@@ -238,6 +243,8 @@ with lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
};
filepimp = rec {
cores = 1;
@@ -287,6 +294,8 @@ with lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
};
gum = rec {
cores = 1;
@@ -327,6 +336,8 @@ with lib;
'';
};
};
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
};
users = addNames rec {
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 93fb3dc3a..1907424ec 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -6,11 +6,11 @@ let
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
imports = [
- # TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
+ ../2configs/smart-monitor.nix
# ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
../2configs/mattermost-docker.nix
@@ -18,6 +18,7 @@ in {
../2configs/exim-retiolum.nix
../2configs/urlwatch.nix
+
];
diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix
new file mode 100644
index 000000000..7086f622b
--- /dev/null
+++ b/makefu/2configs/smart-monitor.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+ services.smartd = {
+ enable = true;
+ notifications = {
+ mail = {
+ enable = true;
+ recipient = config.krebs.users.makefu.mail;
+ };
+ };
+ # short daily, long weekly, check on boot
+ defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
+
+ devices = [{
+ device = "/dev/sda";
+ }];
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index e4f639d5b..a83279ba2 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -1,6 +1,22 @@
-{ config, ... }:
+{ config, lib, ... }:
{
+ nixpkgs.config.packageOverrides = pkgs: {
+ urlwatch = with pkgs.pythonPackages; buildPythonPackage rec {
+ name = "urlwatch-1.18";
+
+ propagatedBuildInputs = [ futures ];
+
+ src = pkgs.fetchurl {
+ url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
+ sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb";
+ };
+
+ postFixup = ''
+ wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH"
+ '';
+ };
+ };
krebs.urlwatch = {
enable = true;
mailto = config.krebs.users.makefu.mail;
@@ -12,7 +28,7 @@
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/
- http://cvs2svn.tigris.org/svn/cvs2svn/tags/
+ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
];
};
}
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index 51c600329..28d1eef2e 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -8,6 +8,9 @@ in {
};
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = {
+ secrets = [
+ "cac.json"
+ ];
slaves = {
testslave = "krebspass";
omo = "krebspass";
@@ -93,9 +96,8 @@ in {
# slave needs 2 files:
# * cac.json
# * retiolum
- for file in ["cac.json", "retiolum.rsa_key.priv"]:
- s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/{}".format(file),
- slavedest=file))
+ s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
+ s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
addShell(s, name="infest-cac-centos7",env=env,
sigtermTime=60, # SIGTERM 1 minute before SIGKILL