diff options
102 files changed, 1569 insertions, 643 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3f2f28d65..1946f269e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,19 @@ +before_script: + - mkdir -p ~/.ssh + - echo "$deploy_privkey" > deploy.key + - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" + - chmod 600 deploy.key + - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts nix-shell test: script: - env - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success +nur-packages makefu: + script: + - git reset --hard origin/master + - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD + - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git + - git push --force deploy HEAD:master +after_script: + - rm -f deploy.key diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix index e07af1bc0..a26022789 100644 --- a/jeschli/2configs/git.nix +++ b/jeschli/2configs/git.nix @@ -45,11 +45,13 @@ let public = true; hooks = { post-receive = pkgs.git-hooks.irc-announce { - nick = config.krebs.build.host.name; channel = "#xxx"; + nick = config.krebs.build.host.name; + refs = [ + "refs/heads/master" + ]; server = "irc.r"; - verbose = true; - branches = [ "master" ]; + verbose = true; }; }; }; diff --git a/jeschli/krops.nix b/jeschli/krops.nix new file mode 100644 index 000000000..e55f207d3 --- /dev/null +++ b/jeschli/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./2configs/tests/dummy-secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/konsens.id_ed25519 diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 18b751a7e..0a848426c 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -15,6 +15,7 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/krebs/2configs/repo-sync.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6addb0818..914b38051 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -25,6 +25,7 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + <stockholm/krebs/2configs/shack/mobile.mpd.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { @@ -114,7 +115,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces."${ext-if}".ip4 = [{ + interfaces."${ext-if}".ipv4.addresses = [{ address = shack-ip; prefixLength = 20; }]; diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 62a5f9ab5..8537ce40c 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -4,6 +4,22 @@ let hostname = config.networking.hostName; + sourceRepos = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; + + build = pkgs.writeDash "build" '' + set -eu + export USER="$1" + export SYSTEM="$2" + $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci) + ''; + + in { networking.firewall.allowedTCPPorts = [ 80 ]; @@ -23,17 +39,16 @@ in slaves = { testslave = "lasspass"; }; - change_source.stockholm = '' - stockholm_repo = 'http://cgit.prism.r/stockholm' + change_source.stockholm = concatMapStrings (repo: '' cs.append( changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, + "${repo}", + workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, project='stockholm', pollinterval=10 ) ) - ''; + '') sourceRepos; scheduler = { auto-scheduler = '' sched.append( @@ -61,7 +76,7 @@ in builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git( - repourl=stockholm_repo, + repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), mode='full', submodules=True, ) @@ -95,15 +110,9 @@ in env={ "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", "NIX_REMOTE": "daemon", - "dummy_secrets": "true", }, command=[ - "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", - "--user={}".format(user), - "--system={}".format(host), - "--force-populate", - "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),< |