From 6d7dfa388e34e3ea43ebaaaa273d008a141ee503 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 23 Jul 2017 23:05:25 +0200 Subject: buildbot: cherry-pick working buildbot-classic definition from nixpkgs --- krebs/3modules/buildbot/master.nix | 9 +-------- krebs/3modules/buildbot/slave.nix | 7 +------ 2 files changed, 2 insertions(+), 14 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 6c7af6da5..432b93b05 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,14 +3,7 @@ with import ; let - # https://github.com/NixOS/nixpkgs/issues/14026 - nixpkgs-fix = import (pkgs.fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; - }) {}; - - buildbot = nixpkgs-fix.buildbot; + buildbot = pkgs.buildbot; buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 932923ae5..e93c190dc 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -2,11 +2,6 @@ with import ; let - nixpkgs-fix = import (pkgs.fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; - }) {}; buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os @@ -158,7 +153,7 @@ let workdir = shell.escape cfg.workDir; contact = shell.escape cfg.contact; description = shell.escape cfg.description; - buildbot = nixpkgs-fix.buildbot-slave; + buildbot = pkgs.buildbot-slave; # TODO:make this in { PermissionsStartOnly = true; -- cgit v1.2.3 From 4044ac12863b96b9e1983a95f790b50b5039e287 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 24 Jul 2017 10:49:31 +0200 Subject: mv buildbot{-classic,} --- krebs/3modules/buildbot/master.nix | 2 +- krebs/3modules/buildbot/slave.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 432b93b05..dce3745dc 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,7 +3,7 @@ with import ; let - buildbot = pkgs.buildbot; + buildbot = pkgs.buildbot-classic; buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index e93c190dc..345d4a3ea 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -2,7 +2,7 @@ with import ; let - + pkg = pkgs.buildbot-classic-slave; buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os @@ -153,7 +153,7 @@ let workdir = shell.escape cfg.workDir; contact = shell.escape cfg.contact; description = shell.escape cfg.description; - buildbot = pkgs.buildbot-slave; + buildbot = pkg; # TODO:make this in { PermissionsStartOnly = true; -- cgit v1.2.3 From 80d72a7243408cfd1e31011f1f67a03fd4f27cc8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 Jul 2017 15:04:16 +0200 Subject: buildbot: override sources instead of repackage --- krebs/3modules/buildbot/master.nix | 16 +++++++++++++++- krebs/3modules/buildbot/slave.nix | 15 ++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index dce3745dc..12c685b82 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -2,8 +2,22 @@ with import ; let + # https://github.com/NixOS/nixpkgs/issues/14026 + nixpkgs-fix = import (pkgs.fetchgit { + url = https://github.com/nixos/nixpkgs; + rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; + sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; + }) {}; + + buildbot = nixpkgs-fix.buildbot.overrideDerivation (old: { + postUnpack = "sourceRoot=\${sourceRoot}/master"; + patches = []; + src = pkgs.fetchFromGitHub { + owner = "krebscode"; + repo = "buildbot-classic"; + rev = "5b4f5f6f1"; + sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };}); - buildbot = pkgs.buildbot-classic; buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 345d4a3ea..698bf3bcd 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -2,7 +2,20 @@ with import ; let - pkg = pkgs.buildbot-classic-slave; + # https://github.com/NixOS/nixpkgs/issues/14026 + nixpkgs-fix = import (pkgs.fetchgit { + url = https://github.com/nixos/nixpkgs; + rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; + sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; + }) {}; + pkg = nixpkgs-fix.buildbot-slave.overrideDerivation (old: { + postUnpack = "sourceRoot=\${sourceRoot}/slave"; + patches = []; + src = pkgs.fetchFromGitHub { + owner = "krebscode"; + repo = "buildbot-classic"; + rev = "5b4f5f6f1"; + sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };}); buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os -- cgit v1.2.3 From 7aa31b7babafb2e10bbf8418800ef561bccbd67b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Jul 2017 23:10:51 +0200 Subject: krebs buildbot: reintroduce packages with minimal overrides --- krebs/3modules/buildbot/master.nix | 28 ++++++---------------------- krebs/3modules/buildbot/slave.nix | 19 ++----------------- 2 files changed, 8 insertions(+), 39 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 12c685b82..a7624c8f2 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -2,22 +2,6 @@ with import ; let - # https://github.com/NixOS/nixpkgs/issues/14026 - nixpkgs-fix = import (pkgs.fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; - }) {}; - - buildbot = nixpkgs-fix.buildbot.overrideDerivation (old: { - postUnpack = "sourceRoot=\${sourceRoot}/master"; - patches = []; - src = pkgs.fetchFromGitHub { - owner = "krebscode"; - repo = "buildbot-classic"; - rev = "5b4f5f6f1"; - sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };}); - buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * @@ -364,7 +348,7 @@ let set -efux if [ ! -e ${workdir} ];then mkdir -p ${workdir} - ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir} + ${pkgs.buildbot-classic}/bin/buildbot create-master -r -l 10 -f ${workdir} fi # always override the master.cfg cp ${buildbot-master-config} ${workdir}/master.cfg @@ -373,18 +357,18 @@ let ${ concatMapStringsSep "\n" (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets } # sanity - ${buildbot}/bin/buildbot checkconfig ${workdir} + ${pkgs.buildbot-classic}/bin/buildbot checkconfig ${workdir} # TODO: maybe upgrade? not sure about this # normally we should write buildbot.tac by our own - # ${buildbot}/bin/buildbot upgrade-master ${workdir} + # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} chmod 700 -R ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; - ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; - ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; + ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start ${workdir}"; + ExecStop = "${pkgs.buildbot-classic}/bin/buildbot stop ${workdir}"; + ExecReload = "${pkgs.buildbot-classic}/bin/buildbot reconfig ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 698bf3bcd..544f9c4e0 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -2,20 +2,6 @@ with import ; let - # https://github.com/NixOS/nixpkgs/issues/14026 - nixpkgs-fix = import (pkgs.fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; - }) {}; - pkg = nixpkgs-fix.buildbot-slave.overrideDerivation (old: { - postUnpack = "sourceRoot=\${sourceRoot}/slave"; - patches = []; - src = pkgs.fetchFromGitHub { - owner = "krebscode"; - repo = "buildbot-classic"; - rev = "5b4f5f6f1"; - sha256 = "1j3xn1gjzvsf90jvfmyln71fzlhjx642ivrqf47zfxpkacljja93"; };}); buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os @@ -166,7 +152,6 @@ let workdir = shell.escape cfg.workDir; contact = shell.escape cfg.contact; description = shell.escape cfg.description; - buildbot = pkg; # TODO:make this in { PermissionsStartOnly = true; @@ -183,8 +168,8 @@ let chown buildbotSlave:buildbotSlave -R ${workdir} chmod 700 -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildslave start ${workdir}"; - ExecStop = "${buildbot}/bin/buildslave stop ${workdir}"; + ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; + ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; PrivateTmp = "true"; User = "buildbotSlave"; Restart = "always"; -- cgit v1.2.3 From 4c8afbd21041c49e4eb6ed5357c6455391947014 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Jul 2017 00:21:29 +0200 Subject: krebs: add hotdog-repo-sync --- krebs/3modules/krebs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 07543489a..0d990bf4f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -120,6 +120,11 @@ in { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary }; + hotdog-repo-sync = { + name = "hotdog-repo-sync"; + mail = "spam@krebsco.de"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzTvaR3QqOD3oEEGHQzg/sRnNbKJnZYcV9htDvXmu53"; + }; puyak-repo-sync = { name = "puyak-repo-sync"; mail = "spam@krebsco.de"; -- cgit v1.2.3 From 18451c9dff24e42739f97c148360c5a7c06866b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Jul 2017 00:22:45 +0200 Subject: add {cgit,build}.hotdog.r --- krebs/3modules/krebs/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 0d990bf4f..20b2384eb 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -38,6 +38,8 @@ in { ip6.addr = "42:0:0:0:0:0:77:3"; aliases = [ "hotdog.r" + "build.hotdog.r" + "cgit.hotdog.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 1c659508ae476ada65982ff06f34e1d3ccf8ca7d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Jul 2017 19:43:41 +0200 Subject: krebs: set managed hosts --- krebs/3modules/krebs/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 20b2384eb..27fbb7088 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -32,6 +32,7 @@ in { hosts = { hotdog = { owner = config.krebs.users.krebs; + managed = true; nets = { retiolum = { ip4.addr = "10.243.77.3"; @@ -58,6 +59,7 @@ in { }; puyak = { owner = config.krebs.users.krebs; + managed = true; nets = { retiolum = { ip4.addr = "10.243.77.2"; @@ -84,6 +86,7 @@ in { }; wolf = { owner = config.krebs.users.krebs; + managed = true; nets = { shack = { ip4.addr = "10.42.2.150" ; -- cgit v1.2.3 From 2257b79367b5f8015c3367b890f66e97d1b00a43 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 Jul 2017 19:45:45 +0200 Subject: add module: krebs.ci --- krebs/3modules/ci.nix | 175 +++++++++++++++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 2 files changed, 176 insertions(+) create mode 100644 krebs/3modules/ci.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix new file mode 100644 index 000000000..542a9252f --- /dev/null +++ b/krebs/3modules/ci.nix @@ -0,0 +1,175 @@ +{ config, pkgs, ... }: +with import ; +let + cfg = config.krebs.ci; + + hostname = config.networking.hostName; +in +{ + options.krebs.ci = { + enable = mkEnableOption "krebs continous integration"; + users = mkOption { + type = with types; attrsOf (submodule { + options = { + all = mkOption { + type = bool; + default = true; + }; + hosts = mkOption { + type = listOf str; + default = []; + }; + }; + }); + example = { + lass.all = true; + krebs = { + all = true; + hosts = [ + "test-all-krebs-modules" + "test-arch" + ]; + }; + }; + default = {}; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts.build = { + serverAliases = [ "build.${hostname}.r" ]; + locations."/".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port}; + ''; + }; + }; + + nix.gc.automatic = true; + nix.gc.dates = "05:23"; + + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.${hostname}.r/stockholm' + cs.append( + changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branches=True, + project='stockholm', + pollinterval=10 + ) + ) + ''; + scheduler = { + build-scheduler = '' + # build all hosts + sched.append( + schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re=".*"), + treeStableTimer=10, + name="build-all-branches", + builderNames=[ + "build-hosts" + ] + ) + ) + ''; + force-scheduler = '' + sched.append( + schedulers.ForceScheduler( + name="force", + builderNames=[ + "build-hosts" + ] + ) + ) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git( + repourl=stockholm_repo, + mode='full' + ) + + # prepare addShell function + def addShell(factory,**kwargs): + factory.addStep(steps.ShellCommand(**kwargs)) + ''; + builder = { + build-hosts = '' + f = util.BuildFactory() + f.addStep(grab_repo) + + def build_host(user, host): + addShell(f, + name="{}".format(host), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-shell", "--run", + "test --user={} --system={} --target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user, host, user) + ] + ) + + ${let + user-hosts = mapAttrs (user: a: let + managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts); + defined-hosts = a.hosts; + in + defined-hosts ++ (optionals a.all managed-hosts) + ) cfg.users; + + in + concatStringsSep "\n" ( + (mapAttrsToList (user: hosts: + concatMapStringsSep "\n" (host: + "build_host(\"${user}\", \"${host}\")" + ) hosts + ) user-hosts) + ) + } + + bu.append( + util.BuilderConfig( + name="build-hosts", + slavenames=slavenames, + factory=f + ) + ) + + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "build|${hostname}"; + server = "ni.r"; + channels = [ "retiolum" "noise" ]; + allowForce = true; + }; + extraConfig = '' + c['buildbotURL'] = "http://build.${hostname}.r/" + ''; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs; [ gnumake jq nix populate ]; + }; + + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6123b6dd9..b0ad2baf5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -12,6 +12,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./ci.nix ./current.nix ./exim.nix ./exim-retiolum.nix -- cgit v1.2.3