diff options
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/0tests/data/secrets/konsens.id_ed25519 | 0 | ||||
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 3 | ||||
-rw-r--r-- | krebs/2configs/buildbot-stockholm.nix | 35 | ||||
-rw-r--r-- | krebs/2configs/repo-sync.nix | 172 | ||||
-rw-r--r-- | krebs/2configs/shack/mobile.mpd.nix | 32 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/git.nix | 11 | ||||
-rw-r--r-- | krebs/3modules/konsens.nix | 80 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 64 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/android.rsa | 2 | ||||
-rw-r--r-- | krebs/3modules/retiolum-bootstrap.nix | 5 | ||||
-rw-r--r-- | krebs/5pkgs/simple/buildbot-classic/default.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/simple/cgit-clear-cache.nix | 8 | ||||
-rw-r--r-- | krebs/5pkgs/simple/git-hooks/default.nix | 15 | ||||
-rw-r--r-- | krebs/5pkgs/simple/krops.nix | 4 | ||||
-rw-r--r-- | krebs/krops.nix | 7 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 7 | ||||
-rwxr-xr-x | krebs/update-channel.sh | 9 |
19 files changed, 344 insertions, 116 deletions
diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/konsens.id_ed25519 diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 18b751a7e..0a848426c 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -15,6 +15,7 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/krebs/2configs/repo-sync.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6addb0818..914b38051 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -25,6 +25,7 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + <stockholm/krebs/2configs/shack/mobile.mpd.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { @@ -114,7 +115,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces."${ext-if}".ip4 = [{ + interfaces."${ext-if}".ipv4.addresses = [{ address = shack-ip; prefixLength = 20; }]; diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 62a5f9ab5..8537ce40c 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -4,6 +4,22 @@ let hostname = config.networking.hostName; + sourceRepos = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; + + build = pkgs.writeDash "build" '' + set -eu + export USER="$1" + export SYSTEM="$2" + $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci) + ''; + + in { networking.firewall.allowedTCPPorts = [ 80 ]; @@ -23,17 +39,16 @@ in slaves = { testslave = "lasspass"; }; - change_source.stockholm = '' - stockholm_repo = 'http://cgit.prism.r/stockholm' + change_source.stockholm = concatMapStrings (repo: '' cs.append( changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, + "${repo}", + workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, project='stockholm', pollinterval=10 ) ) - ''; + '') sourceRepos; scheduler = { auto-scheduler = '' sched.append( @@ -61,7 +76,7 @@ in builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git( - repourl=stockholm_repo, + repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), mode='full', submodules=True, ) @@ -95,15 +110,9 @@ in env={ "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", "NIX_REMOTE": "daemon", - "dummy_secrets": "true", }, command=[ - "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", - "--user={}".format(user), - "--system={}".format(host), - "--force-populate", - "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), - ]) + "${build}", user, host ], timeout=90001, workdir='build', # TODO figure out why we need this? diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 48da88a8d..3ca94fc1b 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -3,78 +3,186 @@ with import <stockholm/lib>; let + konsens-user = { + name = "konsens"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7"; + }; mirror = "git@${config.networking.hostName}:"; - defineRepo = name: announce: let + defineRepo = { + name, desc, section + }: + let repo = { public = true; name = mkDefault "${name}"; - cgit.desc = mkDefault "mirror for ${name}"; - cgit.section = mkDefault "mirror"; - hooks = mkIf announce (mkDefault { + cgit.desc = desc; + cgit.section = section; + hooks = mkDefault { post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; channel = "#xxx"; + refs = [ + "refs/heads/master" + "refs/heads/newest" + "refs/tags/*" + ]; + nick = config.networking.hostName; server = "irc.r"; - branches = [ "master" ]; + verbose = false; }; - }); + }; }; in { - rules = with git; singleton { - user = with config.krebs.users; [ - config.krebs.users."${config.networking.hostName}-repo-sync" - ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; + rules = with git; [ + { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + jeschli + lass + makefu + tv + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + } + { + user = [ + konsens-user + ]; + repo = [ repo ]; + perm = push ''refs/heads/master'' [ create merge ]; + } + { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } + ]; repos."${name}" = repo; }; - sync-retiolum = name: + sync-retiolum = { + name, + desc ? "mirror for ${name}", + section ? "mirror" + }: { krebs.repo-sync.repos.${name} = { branches = { - makefu = { - origin.url = "http://cgit.gum/${name}"; + lassulus = { + origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; - tv = { - origin.url = "http://cgit.ni.r/${name}"; + makefu = { + origin.url = "http://cgit.gum/${name}"; mirror.url = "${mirror}${name}"; }; nin = { origin.url = "http://cgit.onondaga.r/${name}"; mirror.url = "${mirror}${name}"; }; - lassulus = { - origin.url = "http://cgit.lassul.us/${name}"; + tv = { + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; }; latest = { url = "${mirror}${name}"; - ref = "heads/master"; + ref = "heads/newest"; }; }; - krebs.git = defineRepo name false; + krebs.git = defineRepo { inherit name desc section; }; + }; + + sync-remote = { + name, + url, + desc ? "mirror for ${name}", + section ? "mirror" + }: + { + krebs.repo-sync.repos.${name} = { + branches = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + }; + }; + krebs.git = defineRepo { inherit name desc section; }; }; in { + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + root-desc = "keep calm and engage"; + }; + }; krebs.repo-sync = { enable = true; }; - krebs.git = { - enable = mkDefault true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; + krebs.konsens = { + enable = true; + repos = { + krops = { branchesToCheck = [ "lassulus" "tv" ]; }; + stockholm = {}; }; }; + krebs.secret.files.konsens = { + path = "/var/lib/konsens/.ssh/id_ed25519"; + owner = konsens-user; + source-path = "${<secrets/konsens.id_ed25519>}"; + }; + imports = [ - (sync-retiolum "stockholm") + (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; }) + + (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; }) + + (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; }) + + (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; }) + (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; }) + (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; }) + (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; }) + (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; }) + (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; }) + (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; }) + + (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "get"; section = "miscellaneous"; }) + (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; }) + (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; }) + (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; }) + (sync-retiolum { name = "load-env"; section = "miscellaneous"; }) + (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; }) + (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; }) + (sync-retiolum { name = "q"; section = "miscellaneous"; }) + (sync-retiolum { name = "regfish"; section = "miscellaneous"; }) + (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; }) + + (sync-retiolum { name = "blessings"; section = "Haskell libraries"; }) + (sync-retiolum { name = "mime"; section = "Haskell libraries"; }) + (sync-retiolum { name = "quipper"; section = "Haskell libraries"; }) + (sync-retiolum { name = "scanner"; section = "Haskell libraries"; }) + (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; }) + (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; }) + (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; }) + (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; }) + + (sync-remote { name = "array"; url = "https://github.com/makefu/array"; }) + (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; }) + (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; }) + (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; }) + (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; }) + (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) + (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) + (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) + (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; }) + (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) ]; } diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix new file mode 100644 index 000000000..2dc466edb --- /dev/null +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -0,0 +1,32 @@ +{lib,pkgs, ... }: +let + mpdHost = "mpd.shack"; + ympd = name: port: let + webPort = 10000 + port; + in { + systemd.services."ympd-${name}" = { + description = "mpd for ${name}"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + }; + services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { + serverAliases = [ + "${name}.mpd.wolf.r" + "${name}.mpd.wolf.shack" + ]; + locations."/".proxyPass = "http://localhost:${toString webPort}"; + }; + }; +in lib.mkMerge [{ + services.nginx.enable = true; +} + (ympd "lounge" 6600) + (ympd "seminarraum" 6601) + (ympd "elab" 6602) + (ympd "kueche" 6603) + (ympd "crafting" 6604) + (ympd "fablab" 6605) + (ympd "workshop" 6606) + (ympd "klo" 6607) + +] diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index afc96e9ee..833349769 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -26,6 +26,7 @@ let ./iana-etc.nix ./iptables.nix ./kapacitor.nix + ./konsens.nix ./monit.nix ./newsbot-js.nix ./nixpkgs.nix diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 5ae24b40b..8a923efd2 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -348,6 +348,10 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; description = "Git repository hosting user"; + extraGroups = [ + # To allow running cgit-clear-cache via hooks. + cfg.cgit.fcgiwrap.group.name + ]; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -403,13 +407,12 @@ let )); environment.systemPackages = [ - (pkgs.writeDashBin "cgit-clear-cache" '' - ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* - '') + (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; }) ]; system.activationScripts.cgit = '' - mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} + chmod 0770 ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix new file mode 100644 index 000000000..74895a971 --- /dev/null +++ b/krebs/3modules/konsens.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.krebs.konsens; + + out = { + options.krebs.konsens = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "git konsens finder"; + repos = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + url = mkOption { + type = types.str; + default = "git@localhost:${config._module.args.name}"; + }; + branchesToCheck = mkOption { + type = types.listOf types.str; + default = [ "lassulus" "makefu" "tv" ]; + }; + target = mkOption { + type = types.str; + default = "master"; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "*:00,15,30,45"; + }; + }; + }; + })); + }; + }; + + imp = { + users.users.konsens = rec { + name = "konsens"; + uid = genid name; + home = "/var/lib/konsens"; + createHome = true; + }; + + systemd.timers = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + description = "konsens timer"; + wantedBy = [ "timers.target" ]; + timerConfig = repo.timerConfig; + } + ) cfg.repos; + + systemd.services = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + after = [ "network.target" "secret.service" ]; + path = [ pkgs.git ]; + restartIfChanged = false; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = pkgs.writeDash "konsens-${name}" '' + if ! test -e ${name}; then + git clone ${repo.url} ${name} + fi + cd ${name} + git fetch origin + git push origin $(git merge-base --octopus ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master + ''; + WorkingDirectory = /var/lib/konsens; + User = "konsens"; + }; + } + ) cfg.repos; + }; + +in out diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c4a5bbb0d..7d9ef5075 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -11,39 +11,6 @@ with import <stockholm/lib>; ci = true; monitoring = true; }) { - dishfire = { - cores = 4; - nets = rec { - internet = { - ip4.addr = "144.76.172.188"; - aliases = [ - "dishfire.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.133.99"; - ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; - aliases = [ - "dishfire.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs - Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 - uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK - R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd - vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U - HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.port = 993; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; - }; prism = rec { cores = 4; extraZones = { @@ -441,7 +408,7 @@ with import <stockholm/lib>; }; }; }; - borg = { + rock = { monitoring = false; ci = false; external = true; @@ -449,22 +416,21 @@ with import <stockholm/lib>; retiolum = { ip4.addr = "10.243.29.171"; ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "borg.r" ]; + aliases = [ "rock.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq - bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL - aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD - HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA - 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O - zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml - 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN - fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq - WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB - /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U - EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS - iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index f5190f45c..3d35b76e4 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 53b06a702..faa3dd714 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -31,11 +31,8 @@ in enable = mkDefault true; virtualHosts.retiolum-bootstrap = { inherit (cfg) serverName sslCertificate sslCertificateKey; - enableSSL = true; + forceSSL = true; extraConfig ='' - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index e6bafbd25..4fae6256d 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.16"; + version = "0.8.17"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebs"; repo = "buildbot-classic"; rev = version; - sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; + sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix new file mode 100644 index 000000000..28402c39c --- /dev/null +++ b/krebs/5pkgs/simple/cgit-clear-cache.nix @@ -0,0 +1,8 @@ +with import <stockholm/lib>; + +{ cache-root ? "/tmp/cgit", findutils, writeDashBin }: + +writeDashBin "cgit-clear-cache" '' + set -efu + ${findutils}/bin/find ${shell.escape cache-root} -type f -delete +'' diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 1930c7f14..0a2c84410 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -6,11 +6,11 @@ with import <stockholm/lib>; # TODO irc-announce should return a derivation # but it cannot because krebs.git.repos.*.hooks :: attrsOf str irc-announce = - { branches ? [] - , cgit_endpoint ? "http://cgit.${nick}.r" + { cgit_endpoint ? "http://cgit.${nick}.r" , channel , nick , port ? 6667 + , refs ? [] , server , verbose ? false }: /* sh */ '' @@ -57,14 +57,15 @@ with import <stockholm/lib>; receive_mode=non-fast-forward fi - h=$(echo $ref | sed 's:^refs/heads/::') - - ${optionalString (branches != []) '' - if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then - echo "we are not serving this branch: $h" + ${optionalString (refs != []) '' + if ! { echo "$ref" | grep -qE "${concatStringsSep "|" refs}"; }; then + echo "we are not announcing this ref: $h" exit 0 fi ''} + + h=$(echo $ref | sed 's:^refs/heads/::') + # empty_tree=$(git hash-object -t tree /dev/null) empty_tree=4b825dc6 diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix index e4e9928d4..23cc224b8 100644 --- a/krebs/5pkgs/simple/krops.nix +++ b/krebs/5pkgs/simple/krops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/krops; - rev = "refs/tags/v1.1.0"; - sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll"; + rev = "refs/tags/v1.3.1"; + sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7"; } diff --git a/krebs/krops.nix b/krebs/krops.nix index 0e80aec0e..c71e60571 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516"; + ref = (lib.importJSON ./nixpkgs.json).rev; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; @@ -60,4 +60,9 @@ source = source { test = true; }; target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json new file mode 100644 index 000000000..a9a0f6634 --- /dev/null +++ b/krebs/nixpkgs.json @@ -0,0 +1,7 @@ +{ + "url": "https://github.com/NixOS/nixpkgs-channels", + "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48", + "date": "2018-08-30T21:03:26+02:00", + "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7", + "fetchSubmodules": true +} diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh new file mode 100755 index 000000000..47d3f29c4 --- /dev/null +++ b/krebs/update-channel.sh @@ -0,0 +1,9 @@ +#!/bin/sh +dir=$(dirname $0) +oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ + --url https://github.com/NixOS/nixpkgs-channels \ + --rev refs/heads/nixos-18.03' \ +> $dir/nixpkgs.json +newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1 |