diff options
| -rw-r--r-- | flake.lock | 71 | ||||
| -rw-r--r-- | flake.nix | 5 | ||||
| -rw-r--r-- | kartei/makefu/default.nix | 1 | ||||
| -rw-r--r-- | kartei/mic92/default.nix | 53 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/buildbot/master.nix | 33 | ||||
| -rw-r--r-- | krebs/2configs/buildbot/worker.nix | 11 | ||||
| -rw-r--r-- | krebs/2configs/default.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/matterbridge.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/git.nix | 16 | ||||
| -rw-r--r-- | krebs/3modules/upstream/desktop-managers/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/upstream/desktop-managers/none.nix | 11 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/brain/default.nix | 16 |
13 files changed, 163 insertions, 64 deletions
diff --git a/flake.lock b/flake.lock index faadbeea2..85e508e47 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,48 @@ { "nodes": { + "buildbot-nix": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1719326738, + "narHash": "sha256-9gEgR/teWxH1E3JUUunLrcgOpMel19nw//eK3XKU6RQ=", + "owner": "Mic92", + "repo": "buildbot-nix", + "rev": "6e342155745f68b6d7ccc5557fa3d320b8aa3273", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "buildbot-nix", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "nix-writers": { "flake": false, "locked": { @@ -18,11 +61,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715447595, - "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -34,9 +77,31 @@ }, "root": { "inputs": { + "buildbot-nix": "buildbot-nix", "nix-writers": "nix-writers", "nixpkgs": "nixpkgs" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718522839, + "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", @@ -7,15 +7,18 @@ }; # disko.url = "github:nix-community/disko"; # disko.inputs.nixpkgs.follows = "nixpkgs"; + buildbot-nix.url = "github:Mic92/buildbot-nix"; + buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; }; description = "stockholm"; - outputs = { self, nixpkgs, nix-writers }: { + outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }@inputs: { nixosConfigurations = nixpkgs.lib.mapAttrs (machineName: _: nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs.stockholm = self; specialArgs.nix-writers = nix-writers; + specialArgs.buildbot-nix = buildbot-nix; modules = [ ./krebs/1systems/${machineName}/config.nix { diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index d6134cd8d..6dd59be55 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -211,6 +211,7 @@ in { bookmark.euer IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} + build.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 7ad625143..ef37cc760 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -473,21 +473,15 @@ in { aliases = [ "ryan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEApu7U9HP1Uo+kTDI+KTCs+YFLcSYct1qPuMkntKonYgdiW9Z4Ud99 - tU0VmJWdDnKaRxIcjC2Bmy342G3QN+UgdnTxyEWggWRKHUDjWMXBuj5n+uBgzTyM - XDwuQR7RZmStBG6vDRIQWL07/b0u/wzyrhXDERx7o2msOLfnaU271aVrDM/Y67fL - PMfKBtfckv7+W5e7KspJRIyhj7mqXMsSHaroqgoikK+Xyv44OxlklV7VnmACaNLf - Yg0AiSjIrMtkTQ85m9t6q147lWBKlAK7yqEHUPyVNGMf/Mh6M1Xg1t0oc9hcb7/F - VAPNbwFiwm0rR8ugjW5Gn5i/uZDeDDSQcc8m1tsB+86peuS16sfOXZewXH9bYDFo - 9n28+vFjyF5FRI1J6fAjneFm5PyoLvowgwvVECEDRgUF2+ySwfWawF+LPDpRZiZ4 - NfHN2qT81QWa1UfWdaudCYbwMK5iQskCUtRw20ABsR0Kg6oHGG/uiLZ4pYReeM/n - agefDCe9PN5bkjonwOxN2klV8QgYQeznm1gdsFjMdvJUcba2kZICpRy8Wx9Sc0ai - oO8HKLqRoO5sV4Nv1FcY6EFq05AR1PPt6LoE0AY5REwVuNZSyiBp8lzzDj2E3JYf - obeZ8RtCYmNkXL3I+wfm/73SrIrX/ombqeaWGJB/rX2DEwco0IFau4ECAwEAAQ== + MIIBCgKCAQEAzvThkmiCHUWwof7UYZQ7BPTYN4ibQqO3WMig/FNalZHLBJeyyhu3 + oEvw065RyJukX4eEFySdys8JU8GWRU0EB/opquKLy1tkLokBfH+/z0/C/VhtTWUC + S/ZqC53N7BkYuxkLsvp5fc2G1Ttm04vQUJ/dHMpxnIfw4SLEJnNBL/5/cYEtCRWn + I4BXmvkW8K34NypVLumJuWfQ5S2NVryXe/il1GUd/TaCiBWNwZ86x9bfJuKc2/p7 + Se8PIAQaN1GdpmGIsj/2yNkxI1Y87E9DE6UJFD444IQ/fFMq3oLuAMFrRJSM2rTy + 15h5kZ5KV2nkarPZmIRADTp/tzoMdJmh5wIDAQAB -----END RSA PUBLIC KEY----- ''; - - tinc.pubkey_ed25519 = "/KoqKeQsdRWnhva7/YTX65mUxuyKaFNjA8LlxmAUQXP"; + tinc.pubkey_ed25519 = "saaS/b0GU3s268Move4i4mxNmxWACTiOvdGY6TpT0uH"; }; }; }; @@ -506,15 +500,15 @@ in { aliases = [ "graham.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAtnM8VqFlEPLPYfKOZvN4kKklrVEyX4WewlqHO8vtxML9ND5BHCdn - UeRsThvbKVRqEvZLTAXKClZRYVr2IroHqfx0euTq3FYTUbNNQ4KgcFAfLKWoxGfK - HsQbYpS93/sUtmhRBGcgXPnEkE6yqvFBXxcmB1QqdmgYKdY2Gtikwrv/5hb4AlNe - /gyzKGtAKYogspLI6EpEwlD9CGDNIUPJ4uQ56gDhV/qtyMSE6X0igSSVZayDc+x1 - InPkH90xsa0/uXjYDnXNdMguLArGkRzMhd6DzK4vEaPFIX59yMX+tEj46rGY7xAI - gUZUI2codqY5Z93W5GC+ws34y0bpfeMMWwIDAQAB + MIIBCgKCAQEAs+UnyCIjHAGiecv6lFHVRw9pLuHfqmIlyKToQChJKvsMEh1G5KpO + KdvLuXcCzWQlhg3Tuh2a8vAYfACeJkqHY9YgH9ZSCrP+Fn9hb7eeosspQzLbC/6S + xq4QXSLgnGmwolS5TV4FgaxPgi/cKCAfT+Az9yXyVYWX3xmyfgPULUDiFdoTXBZ+ + H2M+tDhzd9mNIZYHNcHPE7hccRETFhM80w1R9w1eyb4MkZ4XA3FBZ8hm4L7/XSNJ + EtDiBnB3q1HwlfGzcju+TLCHal7Z+wZJ8u/1iNmhieGxzg5tQTuhMa1bn/uaqyct + bdqnXGk6UcOUlxV8gdJh1I4M6MF8DXH4hwIDAQAB -----END RSA PUBLIC KEY----- ''; - tinc.pubkey_ed25519 = "xMJNMMXZRCbWkN9CzLFohkGUK54dPcrrosFD7xgIFXA"; + tinc.pubkey_ed25519 = "WOyyqCmTWMqjakFBnUoxsJv9o/XvdIJT9UHt6JfRuQM"; }; }; }; @@ -574,20 +568,15 @@ in { aliases = [ "mickey.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA7TwI3/tyl3z46Enr6p/0bpl5CpG6DZLxjAhsMcWBM+4xTL9s18IZ - 2FGbyS3EyOBprMBQULrik1u0rfZ0AL8XdO6h+r1BD6XmlZtUu3FJaVeXrLBPGtC0 - qqC0mZOj1ezTl3kC9/O7slU1/vuIRWiiRuvmvLnc6uWo+ShTl8fs0a3rY7/FsFVY - ZClf2M/5cJmeZpwy+PvgGmhSvjflO5+v+C+LvvhfVzoLw2zf8Gbi23ifS0uhhJt2 - 9ztGnmQg+n4+EWEN3XFS1XXHO2P2jyy1ss5NrN0JrO/1J519owHXxbo096MV12xr - azD6of8k0xHbfW4PW0/U1qzs9Ra1T54D+xtnyemLOyeCApwUy+bSg+XuqMz1Wy55 - dci7cBguTIn+pnJqcf8lGSfWDSxlBiwrbXSPszlRQ6vO8MA2uciSmOKodKtNj4bQ - 5IfdHHOHGAuuE+ZNt6owc/8QzQ3dVT+fVmTeN1PB4FmPmF5E2kOpe4NebZ0DhD+g - +g/bNO5FFlIy2M+LKauIXugAHlrVrxl4blfjVkb9xrfsSJHQl8/G/F9zMUAzUBv3 - W8cVFn9mAw0FFaQljs9iha92we6Vs93v+ZvsmSG2MVOYBVwka4FJ7kjaABLFXcjN - RA8gQM/P3j1EmDvemlskWOoCLVELR40BtKdM9MFiGqxGMoNh3DvGWTECAwEAAQ== + MIIBCgKCAQEAx2EgoPlsOZ+2+R2Gdn6E2QK1Jo+v4g16M+PqqBYtc0vno8uFmBZu + q2S6UuHFtS3VfUL0I1+ZYcOWkNuMrL6PYBdu3MeK2GGW8IB4RSzoba7QIcz2W6ls + YuyLbsBKJafMzNi2E+7fTrkJRezrcbS8IUhHuKYgDSHH81yXquaJhgGid7dtZPFD + KHA4Y2l9zOGGyiFi2XfkvDES7uAAnBzOgTZzH5iR40qRqZhH4Tj5iowKvZZw7/A5 + G+v7v1YXXYW6ROsfEtMlxns921nkeZIlMaAofoaV2Qtf757GGcg6UjJHH9X6mwSb + 165IRVWSikZjkbdeg4Zz3dYkHtfFhNQM7QIDAQAB -----END RSA PUBLIC KEY----- ''; - tinc.pubkey_ed25519 = "cE450gYxzp9kAzV5ytU9N7aV+WdnD7wQMjkPWV7r/bC"; + tinc.pubkey_ed25519 = "Pc/H50xDTU3dUxYynclf/Nxg2Q5k1aSdwGv4SBQPYCO"; }; }; }; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a103ed1a..91071ec85 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -6,7 +6,6 @@ ../../../krebs/2configs ../../../krebs/2configs/nginx.nix - ../../../krebs/2configs/buildbot-stockholm.nix ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix ../../../krebs/2configs/reaktor2.nix @@ -15,6 +14,10 @@ ../../../krebs/2configs/mud.nix ../../../krebs/2configs/repo-sync.nix + ../../../krebs/2configs/buildbot-stockholm.nix + #../../../krebs/2configs/buildbot/master.nix + #../../../krebs/2configs/buildbot/worker.nix + ../../../krebs/2configs/cal.nix ../../../krebs/2configs/mastodon.nix diff --git a/krebs/2configs/buildbot/master.nix b/krebs/2configs/buildbot/master.nix new file mode 100644 index 000000000..9598f6fa0 --- /dev/null +++ b/krebs/2configs/buildbot/master.nix @@ -0,0 +1,33 @@ +{buildbot-nix,...}: +let + #domain = "buildbot.krebsco.de"; + domain = "build.hotdog.r"; +in { + imports = [ + buildbot-nix.nixosModules.buildbot-master + ]; + + #services.nginx.virtualHosts."${domain}" = { + # enableACME = true; + # forceSSL = true; + #}; + + + services.buildbot-nix.master = { + enable = true; + admins = [ "makefu" ]; + buildSystems = [ "x86_64-linux" "aarch64-linux" ]; + inherit domain; + evalMaxMemorySize = "4096"; + evalWorkerCount = 16; + workersFile = "/var/src/secrets/buildbot/nix-workers"; + github = { + tokenFile = "/var/src/secrets/buildbot/github-token"; + webhookSecretFile = "/var/src/secrets/buildbot/github-webhook-secret"; + oauthSecretFile = "/var/src/secrets/buildbot/github-oauth-secret"; + oauthId = "Ov23lizFP7t7qoE9FuDA"; + user = "krebs-bob"; + topic = "buildbot"; + }; + }; +} diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix new file mode 100644 index 000000000..e96c6df14 --- /dev/null +++ b/krebs/2configs/buildbot/worker.nix @@ -0,0 +1,11 @@ +{ buildbot-nix, ... }: +{ + imports = [ + buildbot-nix.nixosModules.buildbot-worker + ]; + + services.buildbot-nix.worker = { + enable = true; + workerPasswordFile = "/var/src/secrets/nix-worker-file"; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 5d64555c8..6ca7c732a 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -28,7 +28,7 @@ with import ../../lib/pure.nix { inherit lib; }; networking.hostName = config.krebs.build.host.name; nix.maxJobs = 1; - nix.useSandbox = true; + nix.settings.sandbox = true; environment.systemPackages = with pkgs; [ git diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index f42921824..aa33f748f 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, config, ... }: { services.matterbridge = { enable = true; configPath = let diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 961b217e1..6d666b6d6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -391,12 +391,12 @@ let }; }; - services.fcgiwrap = { - enable = true; - user = cfg.cgit.fcgiwrap.user.name; - group = cfg.cgit.fcgiwrap.group.name; - # socketAddress = "/run/fcgiwrap.sock" (default) - # socketType = "unix" (default) + services.fcgiwrap.instances.cgit = { + process.user = cfg.cgit.fcgiwrap.user.name; + process.group = cfg.cgit.fcgiwrap.group.name; + socket.user = cfg.cgit.fcgiwrap.user.name; + socket.group = config.services.nginx.group; + socket.mode = "0660"; }; environment.etc."cgitrc".text = let @@ -460,7 +460,7 @@ let fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; # Smart HTTP transport. Regex based on. # https://github.com/git/git/blob/v2.27.0/http-backend.c#L708-L721 @@ -480,7 +480,7 @@ let }}; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; locations."/static/".extraConfig = '' root ${pkgs.cgit}/cgit; diff --git a/krebs/3modules/upstream/desktop-managers/default.nix b/krebs/3modules/upstream/desktop-managers/default.nix index 22e75439d..5fd39086c 100644 --- a/krebs/3modules/upstream/desktop-managers/default.nix +++ b/krebs/3modules/upstream/desktop-managers/default.nix @@ -1,6 +1,5 @@ { imports = [ ./coma.nix - ./none.nix ]; } diff --git a/krebs/3modules/upstream/desktop-managers/none.nix b/krebs/3modules/upstream/desktop-managers/none.nix deleted file mode 100644 index 77f7ad513..000000000 --- a/krebs/3modules/upstream/desktop-managers/none.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: -# Replace upstream none desktop-manager by a real none, that doesn't pull in -# any dependencies. -{ - disabledModules = lib.singleton "services/x11/desktop-managers/none.nix"; - config.services.xserver.desktopManager.session = lib.singleton { - name = "none"; - bgSupport = true; - start = ""; - }; -} diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix index aca06c407..d7e36a527 100644 --- a/krebs/5pkgs/simple/brain/default.nix +++ b/krebs/5pkgs/simple/brain/default.nix @@ -1,16 +1,22 @@ -{ pass, runCommand, write, writeDash, ... }: +{ pkgs }: -write "brain" { - "/bin/brain".link = writeDash "brain" '' +let + pass = pkgs.pass.withExtensions (ext: [ + ext.pass-otp + ]); +in + +pkgs.write "brain" { + "/bin/brain".link = pkgs.writeDash "brain" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/pass "$@" ''; - "/bin/brainmenu".link = writeDash "brainmenu" '' + "/bin/brainmenu".link = pkgs.writeDash "brainmenu" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/passmenu "$@" ''; "/share/bash-completion/completions/brain".link = - runCommand "brain-completions" { + pkgs.runCommand "brain-completions" { } /* sh */ '' sed -r ' s/\<_pass?(_|\>)/_brain\1/g |