Merge remote-tracking branch 'gum/master'

12 files changed, 129 insertions, 25 deletions

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index ca83d690..6af77ad9 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -291,7 +291,7 @@ with config.krebs.lib;
     wbob = rec {
       cores = 1;
       nets = {
-        retiolm = {
+        retiolum = {
           addrs4 = ["10.243.214.15"];
           addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"];
           aliases = [
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 04adc494..906c72de 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -17,6 +17,7 @@ in {
       ../2configs/mattermost-docker.nix
       ../2configs/nginx/euer.test.nix
       ../2configs/nginx/update.connector.one.nix
+      ../2configs/deployment/mycube.connector.one.nix
 
       ../2configs/exim-retiolum.nix
       ../2configs/urlwatch.nix
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 83018e9f..3043a1af 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -4,6 +4,13 @@ with config.krebs.lib;
 {
   system.stateVersion = "15.09";
 
+  system.replaceRuntimeDependencies = with pkgs.lib;
+        [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++
+          [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch";
+                            sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})];
+        });}
+        ];
+
   imports = [
     {
       users.extraUsers =
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
new file mode 100644
index 00000000..38fc4a24
--- /dev/null
+++ b/makefu/2configs/deployment/mycube.connector.one.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+# more than just nginx config but not enough to become a module
+with config.krebs.lib;
+let
+  hostname = config.krebs.build.host.name;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
+in {
+  services.redis.enable = true;
+  services.uwsgi = {
+    enable = true;
+    user = "nginx";
+    plugins = [ "python2" ];
+    instance = {
+      type = "emperor";
+      vassals = {
+        mycube-flask = {
+          type = "normal";
+          python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ];
+          socket = wsgi-sock;
+        };
+      };
+    };
+  };
+
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      mybox-connector-one = {
+        listen = [ "${external-ip}:80" ];
+        server-names = [
+          "mycube.connector.one"
+          "mybox.connector.one"
+        ];
+        locations = singleton (nameValuePair "/" ''
+          uwsgi_pass unix://${wsgi-sock};
+          uwsgi_param         UWSGI_CHDIR     ${pkgs.mycube-flask}/${pkgs.python.sitePackages};
+          uwsgi_param         UWSGI_MODULE    mycube.websrv;
+          uwsgi_param         UWSGI_CALLABLE  app;
+
+          include ${pkgs.nginx}/conf/uwsgi_params;
+        '');
+      };
+    };
+  };
+}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index a488d98f..15700e10 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -57,7 +57,7 @@ let
 
 
   # TODO: get the list of all krebsministers
-  krebsminister = with config.krebs.users; [ lass tv uriel ];
+  krebsminister = with config.krebs.users; [ lass tv ];
   all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
   all-exco = with config.krebs.users; [ exco ];
 
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 892be07b..d5ce34bd 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -2,8 +2,7 @@
 
 with config.krebs.lib;
 {
-  # TODO: put this somewhere else
-  networking.wireless.enable = true;
+  networking.wireless.enable = lib.mkDefault true;
 
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index c3e43723..452cdfb2 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,6 +12,9 @@ with config.krebs.lib;
     ./fetchWallpaper.nix
     ./zsh-user.nix
   ];
+
+  users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
+
   environment.systemPackages = with pkgs;[
     vlc
     firefox
diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix
index 044a1407..ac5e6b17 100644
--- a/makefu/2configs/nginx/update.connector.one.nix
+++ b/makefu/2configs/nginx/update.connector.one.nix
@@ -8,7 +8,7 @@ in {
   krebs.nginx = {
     enable = mkDefault true;
     servers = {
-      omo-share = {
+      update-connector-one = {
         listen = [ "${external-ip}:80" ];
         server-names = [
           "update.connector.one"
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index c4a7f498..33e280f0 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -10,5 +10,6 @@ in
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
+    mycube-flask = callPackage ./mycube-flask {};
   };
 }
diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix
new file mode 100644
index 00000000..d01abbbd
--- /dev/null
+++ b/makefu/5pkgs/mycube-flask/default.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.pythonPackages;buildPythonPackage rec {
+  name = "mycube-flask-${version}";
+  version = "0.2.3";
+  propagatedBuildInputs = [
+    flask
+    redis
+  ];
+  src = fetchFromGitHub {
+    owner = "makefu";
+    repo = "mycube-flask";
+    rev = "5f5260a";
+    sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
+  };
+  meta = {
+    homepage = https://github.com/makefu/mycube-flask;
+    description = "flask app for mycube";
+    license = lib.licenses.asl20;
+  };
+}
diff --git a/makefu/default.nix b/makefu/default.nix
index 320e1a13..b1c7c1be 100644
--- a/makefu/default.nix
+++ b/makefu/default.nix
@@ -4,5 +4,6 @@ _:
     ../krebs
     ./2configs
     ./3modules
+    ./5pkgs
   ];
 }
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
index ebf5f4a1..b474af7b 100644
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -7,6 +7,11 @@
 
 # TODO for all users schedule a build for fast tests
 {
+  # due to the fact that we actually build stuff on the box via the daemon,
+  # /nix/store should be cleaned up automatically as well
+  nix.gc.automatic = true;
+  nix.gc.dates = "05:23";
+
   networking.firewall.allowedTCPPorts = [ 8010 9989 ];
   krebs.buildbot.master = let
     stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
@@ -27,7 +32,7 @@
         force-scheduler = ''
   sched.append(schedulers.ForceScheduler(
                               name="force",
-                              builderNames=["full-tests","fast-tests"]))
+                              builderNames=["full-tests","fast-tests","build-local"]))
         '';
         fast-tests-scheduler = ''
   # test everything real quick
@@ -35,7 +40,7 @@
                               ## all branches
                               change_filter=util.ChangeFilter(branch_re=".*"),
                               # treeStableTimer=10,
-                              name="fast-test-all-branches",
+                              name="fast-all-branches",
                               builderNames=["fast-tests"]))
         '';
         test-cac-infest-master = ''
@@ -51,8 +56,8 @@
                               change_filter=util.ChangeFilter(branch="master"),
                               fileIsImportant=shared_files,
                               treeStableTimer=60*60, # master was stable for the last hour
-                              name="full-master-test",
-                              builderNames=["full-tests"]))
+                              name="full-master",
+                              builderNames=["full-tests","build-local"]))
         '';
     };
     builder_pre = ''
@@ -69,7 +74,7 @@
   #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
   nixshell = ["nix-shell",
                 "-I", "stockholm=.",
-                "-I", "nixpkgs=/var/src/upstream-nixpkgs",
+                "-I", "nixpkgs=/var/src/nixpkgs",
                 "-p" ] + deps + [ "--run" ]
 
   # prepare addShell function
@@ -90,26 +95,46 @@
   addShell(f,name="instantiate-test-all-modules",env=env,
             command=nixshell + \
                       ["touch retiolum.rsa_key.priv; \
-                        nix-instantiate --eval -A \
-                            users.shared.test-all-krebs-modules.system \
-                            -I stockholm=. \
-                            --show-trace \
-                            -I secrets=. '<stockholm>' \
-                            --strict --json"])
-
-  addShell(f,name="instantiate-test-minimal-deploy",env=env,
+                        nix-instantiate \
+                            --show-trace --eval --strict --json \
+                            -I nixos-config=./shared/1systems/test-all-krebs-modules.nix  \
+                            -I secrets=. \
+                            -A config.system.build.toplevel"]
+          )
+
+  addShell(f,name="build-test-minimal",env=env,
             command=nixshell + \
-                      ["nix-instantiate --eval -A \
-                            users.shared.test-minimal-deploy.system \
-                            -I stockholm=. \
-                            -I secrets=. '<stockholm>' \
-                            --show-trace \
-                            --strict --json"])
+                      ["nix-instantiate \
+                            --show-trace --eval --strict --json \
+                            -I nixos-config=./shared/1systems/test-minimal-deploy.nix  \
+                            -I secrets=. \
+                            -A config.system.build.toplevel"]
+          )
 
   bu.append(util.BuilderConfig(name="fast-tests",
         slavenames=slavenames,
         factory=f))
       '';
+      # this build will try to build against local nixpkgs
+      # TODO change to do a 'local' populate and use the retrieved nixpkgs
+      build-local = ''
+  f = util.BuildFactory()
+  f.addStep(grab_repo)
+
+  addShell(f,name="build-test-all-modules",env=env,
+            command=nixshell + \
+                      ["touch retiolum.rsa_key.priv; \
+                        nix-build \
+                            --show-trace --no-out-link \
+                            -I nixos-config=./shared/1systems/test-all-krebs-modules.nix  \
+                            -I secrets=. \
+                            -A config.system.build.toplevel"]
+          )
+
+  bu.append(util.BuilderConfig(name="build-local",
+        slavenames=slavenames,
+        factory=f))
+      '';
       slow-tests = ''
   s = util.BuildFactory()
   s.addStep(grab_repo)
@@ -151,6 +176,6 @@
     packages = with pkgs;[ git nix ];
     # all nix commands will need a working nixpkgs installation
     extraEnviron = {
-      NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
+      NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
   };
 }