diff options
Diffstat (limited to 'krebs')
34 files changed, 182 insertions, 521 deletions
diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix index d96963500..5fae60ecc 100644 --- a/krebs/0tests/deploy.nix +++ b/krebs/0tests/deploy.nix @@ -44,11 +44,6 @@ let exec >&2 source=${pkgs.writeJSON "source.json" populate-source} LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" - # TODO: make deploy work - #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ - # --force-populate \ - # --source=${./data/test-source.nix} \ - # --system=server \ ''; minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { modules = [ diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix deleted file mode 100644 index 0fa61b20f..000000000 --- a/krebs/1systems/hotdog/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "hotdog"; -} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix deleted file mode 100644 index 91a998de7..000000000 --- a/krebs/1systems/onebutton/source.nix +++ /dev/null @@ -1,13 +0,0 @@ -with import <stockholm/lib>; -let - pkgs = import <nixpkgs> {}; - nixpkgs = builtins.fetchTarball { - url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; - }; -in import <stockholm/krebs/source.nix> { - name = "onebutton"; - override.nixpkgs = mkForce { - file = toString nixpkgs; - }; - -} diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix deleted file mode 100644 index a21651899..000000000 --- a/krebs/1systems/puyak/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "puyak"; -} diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix deleted file mode 100644 index 66fdaa773..000000000 --- a/krebs/1systems/test-all-krebs-modules/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-all-krebs-modules"; -} diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix deleted file mode 100644 index bff9d4325..000000000 --- a/krebs/1systems/test-arch/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-arch"; -} diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix deleted file mode 100644 index 3693bbb29..000000000 --- a/krebs/1systems/test-centos6/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-centos6"; -} diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix deleted file mode 100644 index 44230f08d..000000000 --- a/krebs/1systems/test-centos7/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-centos7"; -} diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix deleted file mode 100644 index 60b77a0a0..000000000 --- a/krebs/1systems/test-failing/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-failing"; -} diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix deleted file mode 100644 index 032ab12bb..000000000 --- a/krebs/1systems/test-minimal-deploy/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-minimal-deploy"; -} diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix deleted file mode 100644 index c292bfa62..000000000 --- a/krebs/1systems/wolf/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "wolf"; -} diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 0aa9288ec..d10fb7203 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -1,47 +1,11 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; +{ config, ... }: with import <stockholm/lib>; -let - - hostname = config.networking.hostName; - - sourceRepos = [ - "http://cgit.enklave.r/stockholm" - "http://cgit.gum.r/stockholm" - "http://cgit.hotdog.r/stockholm" - "http://cgit.ni.r/stockholm" - "http://cgit.prism.r/stockholm" - ]; - - # usage: build USER HOST - # This executable is meant to be run with <stockholm> as working directory. - # USER is expected to be a subdirectory of the working directory. - build = pkgs.writeDash "build" '' - set -efu - - user=$1 - host=$2 - - result=$(nix-build \ - --argstr name "$host" \ - --argstr target "$HOME"/stockholm-build \ - --attr test \ - --no-build-output \ - --no-out-link \ - --show-trace \ - "$user"/krops.nix \ - ) - - exec "$result" - ''; - - -in { networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.build = { - serverAliases = [ "build.${hostname}.r" ]; + serverAliases = [ "build.${config.networking.hostName}.r" ]; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -49,155 +13,28 @@ in ''; }; }; - - krebs.buildbot.master = { - slaves = { - testslave = "lasspass"; - }; - change_source.stockholm = concatMapStrings (repo: '' - cs.append( - changes.GitPoller( - "${repo}", - workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, - project='stockholm', - pollinterval=10 - ) - ) - '') sourceRepos; - scheduler = { - auto-scheduler = '' - sched.append( - schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=60, - name="build-all-branches", - builderNames=[ - "hosts", - ] - ) - ) - ''; - force-scheduler = '' - sched.append( - schedulers.ForceScheduler( - name="hosts", - builderNames=[ - "hosts", - ] - ) - ) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git( - repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), - mode='full', - submodules=True, - ) - ''; - builder = { - hosts = '' - from buildbot import interfaces - from buildbot.steps.shell import ShellCommand - - class StepToStartMoreSteps(ShellCommand): - def __init__(self, **kwargs): - ShellCommand.__init__(self, **kwargs) - - def addBuildSteps(self, steps_factories): - for sf in steps_factories: - step = interfaces.IBuildStepFactory(sf).buildStep() - step.setBuild(self.build) - step.setBuildSlave(self.build.slavebuilder.slave) - step_status = self.build.build_status.addStepWithName(step.name) - step.setStepStatus(step_status) - self.build.steps.append(step) - - def start(self): - props = self.build.getProperties() - hosts = json.loads(props.getProperty('hosts_json')) - for host in hosts: - user = hosts[host]['owner'] - - self.addBuildSteps([steps.ShellCommand( - name=str(host), - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - command=[ - "${build}", user, host - ], - timeout=90001, - workdir='build', # TODO figure out why we need this? - )]) - - ShellCommand.start(self) - - - f = util.BuildFactory() - f.addStep(grab_repo) - - f.addStep(steps.SetPropertyFromCommand( - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - name="get_hosts", - command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """ - with import <nixpkgs> {}; - let - eval-config = cfg: - import <nixpkgs/nixos/lib/eval-config.nix> { - modules = [ - (import cfg) - ]; - } - ; - - system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here - - ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; - - filtered-attrs = lib.mapAttrs ( n: v: { - owner = v.owner.name; - }) ci-systems; - - in filtered-attrs - """], - property="hosts_json" - )) - f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here - - bu.append( - util.BuilderConfig( - name="hosts", - slavenames=slavenames, - factory=f - ) - ) - ''; - }; + krebs.ci = { enable = true; - web.enable = true; - irc = { - enable = true; - nick = "build|${hostname}"; - server = "irc.r"; - channels = [ "noise" "xxx" ]; - allowForce = true; + repos = { + disko.urls = [ + "http://cgit.gum.r/disko" + "http://cgit.hotdog.r/disko" + "http://cgit.ni.r/disko" + "http://cgit.prism.r/disko" + ]; + nix_writers.urls = [ + "http://cgit.hotdog.r/nix-writers" + "http://cgit.ni.r/nix-writers" + "http://cgit.prism.r/nix-writers" + "https://git.ingolf-wagner.de/krebs/nix-writers.git" + ]; + stockholm.urls = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; }; - extraConfig = '' - c['buildbotURL'] = "http://build.${hostname}.r/" - ''; - }; - - krebs.buildbot.slave = { - enable = true; - masterhost = "localhost"; - username = "testslave"; - password = "lasspass"; - packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; } diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 7b970923d..fafcd72c3 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -49,6 +49,7 @@ with import <stockholm/lib>; users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ # TODO + config.krebs.users.jeschli-brauerei.pubkey config.krebs.users.lass.pubkey config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index ba3715161..dc2838cae 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -10,6 +10,7 @@ with import <stockholm/lib>; ]; extraEnviron = { REAKTOR_HOST = "irc.freenode.org"; + REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password"; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin @@ -21,4 +22,9 @@ with import <stockholm/lib>; (attrValues (todo "agenda")) ; }; + krebs.secret.files.nix-serve-key = { + path = "/var/lib/Reaktor/reaktor_nickserv_password"; + owner.name = "Reaktor"; + source-path = toString <secrets> + "/reaktor_nickserv_password"; + }; } diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix index 90573ca1c..824f59d09 100644 --- a/krebs/2configs/reaktor-retiolum.nix +++ b/krebs/2configs/reaktor-retiolum.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; { krebs.Reaktor.retiolum = { nickname = "Reaktor|lass"; - channels = [ "#xxx" ]; + channels = [ "#noise" "#xxx" ]; extraEnviron = { REAKTOR_HOST = "irc.r"; }; diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 99a7a55ef..677b6f7b8 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -122,6 +122,7 @@ let wantedBy = [ "multi-user.target" ]; environment = { GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages"; REAKTOR_NICKNAME = botcfg.nickname; REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 8f8440eb7..76eb4b136 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -53,7 +53,7 @@ in { }; }; config = mkIf cfg.enable { - system.activationScripts.announce-activation = '' + system.activationScripts.announce-activation = stringAfter [ "etc" ] '' ${announce-activation} ''; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a02f3645d..209dbe980 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -82,6 +82,7 @@ let irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", channels=${builtins.toJSON cfg.irc.channels}, notify_events={ + 'started': 1, 'success': 1, 'failure': 1, 'exception': 1, diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index fba585448..544f9c4e0 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -160,8 +160,6 @@ let # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux - #remove garbage from old versions - rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cf82401d3..16c6d4315 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,8 +26,8 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' - nix-build --no-out-link ./ci.nix 2>&1 > /dev/null - nix-instantiate --eval --strict --json ./ci.nix + nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null + nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; imp = { @@ -53,9 +53,12 @@ let nameValuePair name '' sched.append( schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), + change_filter=util.ChangeFilter( + branch_re=".*", + project='${name}', + ), treeStableTimer=60, - name="build-all-branches", + name="${name}-all-branches", builderNames=[ "${name}", ] @@ -97,6 +100,10 @@ let command=[ new_steps[new_step] ], + env={ + "NIX_REMOTE": "daemon", + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + }, timeout=90001, workdir='build', # TODO figure out why we need this? )]) @@ -121,7 +128,7 @@ let }, name="get_steps", command=["${getJobs}"], - property="steps_json" + extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout }, )) f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here @@ -141,7 +148,7 @@ let enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 82ae3b02e..41b701cd0 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -182,6 +182,11 @@ let to = concatMapStringsSep "," (getAttr "mail") (toList to); }; in mapAttrsToList format (with config.krebs.users; let + brain-ml = [ + lass + makefu + tv + ]; eloop-ml = spam-ml ++ [ ciko ]; spam-ml = [ lass @@ -191,6 +196,7 @@ let ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; + "brain@krebsco.de" = brain-ml; "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index e6eb3d287..889ee2817 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -129,6 +129,8 @@ in { "graphite.shack" "acng.shack" "drivedroid.shack" + "mobile.lounge.mpd.shack" + "lounge.mpd.wolf.shack" ]; }; retiolum = { @@ -138,6 +140,7 @@ in { "wolf.r" "build.wolf.r" "cgit.wolf.r" + "lounge.mpd.wolf.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9630d7a7f..454f9bc65 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,7 +1,9 @@ { config, ... }: with import <stockholm/lib>; - +## generate keys with: +# tinc generate-keys +# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { @@ -29,6 +31,32 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; }; + crapi = rec { # raspi1 + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.237"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2"; + aliases = [ + "crapi.r" + ]; + tinc.pubkey = '' + Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 + OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L + R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk + OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME + di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl + bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; + }; drop = rec { ci = true; cores = 1; @@ -298,6 +326,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + #wiregrill = { + # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db"; + # aliases = [ + # "x.w" + # ]; + # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + #}; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; @@ -457,8 +492,6 @@ with import <stockholm/lib>; ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" - "logs.makefu.r" - "stats.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -525,7 +558,9 @@ with import <stockholm/lib>; "krebsco.de" = '' cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + iso.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; @@ -537,13 +572,24 @@ with import <stockholm/lib>; "nextgum.i" ]; }; + #wiregrill = { + # via = internet; + # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3"; + # aliases = [ + # "gum.w" + # ]; + # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + #}; retiolum = { via = internet; ip4.addr = "10.243.0.213"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" + "graph.r" "cache.gum.r" + "logs.makefu.r" + "stats.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -579,7 +625,6 @@ with import <stockholm/lib>; boot.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} @@ -604,7 +649,6 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graph.r" |