summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/buildbot-standalone.nix60
1 files changed, 48 insertions, 12 deletions
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index b70cf9da8..e36008335 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,6 +1,14 @@
{ lib, config, pkgs, ... }:
-{
- krebs.buildbot.master = let
+
+with config.krebs.lib;
+
+let
+ sshWrapper = pkgs.writeDash "ssh-wrapper" ''
+ ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
+ '';
+
+in {
+ config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ;
in {
slaves = {
@@ -44,11 +52,15 @@
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
# TODO: get nixpkgs/stockholm paths from krebs
- env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"}
+ env = {
+ "LOGNAME": "lass",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
# prepare nix-shell
# the dependencies which are used by the test script
- deps = [ "gnumake", "jq", "nix", "rsync" ]
+ deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
@@ -68,12 +80,11 @@
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env,
command=nixshell + \
- ["nix-build \
- --show-trace --no-out-link \
- -I nixos-config=./lass/1systems/{}.nix \
- -I secrets=./lass/2configs/tests/dummy-secrets \
- -I stockholm=. \
- -A config.system.build.toplevel".format(i)])
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ system={}".format(i)])
bu.append(util.BuilderConfig(name="build-all",
slavenames=slavenames,
@@ -115,7 +126,7 @@
};
};
- krebs.buildbot.slave = {
+ config.krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
@@ -125,7 +136,7 @@
NIX_PATH="nixpkgs=/var/src/nixpkgs";
};
};
- krebs.iptables = {
+ config.krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@@ -133,4 +144,29 @@
];
};
};
+
+ #ssh workaround for make test
+ options.lass.build-ssh-privkey = mkOption {
+ type = types.secret-file;
+ default = {
+ path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
+ owner = { inherit (config.users.users.buildbotSlave ) name uid;};
+ source-path = toString <secrets> + "/build.ssh.key";
+ };
+ };
+ config.krebs.secret.files = {
+ build-ssh-privkey = config.lass.build-ssh-privkey;
+ };
+ config.users.users = {
+ build = {
+ name = "build";
+ uid = genid "build";
+ home = "/home/build";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
+ ];
+ };
+ };
}