From d608f17c4c87db745878160bbe22d4c8a806ac2a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Aug 2017 15:09:38 +0200
Subject: gitlab-runner-shackspace: init

---
 krebs/1systems/hotdog/config.nix                   |  1 +
 krebs/2configs/gitlab-runner-shackspace.nix        | 33 ++++++++++++++++++++++
 .../data/secrets/shackspace-gitlab-ci-token.nix    |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 krebs/2configs/gitlab-runner-shackspace.nix
 create mode 100644 krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix

(limited to 'krebs')

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 4807307f..2ad22f49 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -10,6 +10,7 @@
     <stockholm/krebs/2configs>
 
     <stockholm/krebs/2configs/buildbot-all.nix>
+    <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
   ];
 
diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix
new file mode 100644
index 00000000..7794f1dd
--- /dev/null
+++ b/krebs/2configs/gitlab-runner-shackspace.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+let
+  url = "https://git.shackspace.de/";
+  # generate token from CI-token via:
+  ## gitlab-runner register
+  ## cat /etc/gitlab-runner/config.toml
+  token = import <secrets/shackspace-gitlab-ci-token.nix> ;
+in {
+  systemd.services.gitlab-runner.path = [ 
+    "/run/wrappers" # /run/wrappers/bin/su
+    "/" # /bin/sh
+  ];
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    # configFile, configOptions and gracefulTimeout not yet in stable
+    # gracefulTimeout = "120min";
+    configText = ''
+    concurrent = 1
+    check_interval = 0
+
+    [[runners]]
+      name = "krebs-shell"
+      url = "${url}"
+      token = "${token}"
+      executor = "shell"
+      shell = "sh"
+      environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
+      [runners.cache]
+
+    '';
+  };
+}
diff --git a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix
new file mode 100644
index 00000000..963e6db8
--- /dev/null
+++ b/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix
@@ -0,0 +1 @@
+"lol"
-- 
cgit v1.2.3


From 1623c03f12ce175d934e5b2b0d9577e1eeaf1abe Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Aug 2017 15:20:37 +0200
Subject: gitlab-runner: use PrivateTmp to avoid clash with buildbot

---
 krebs/2configs/gitlab-runner-shackspace.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'krebs')

diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix
index 7794f1dd..d9b4cd58 100644
--- a/krebs/2configs/gitlab-runner-shackspace.nix
+++ b/krebs/2configs/gitlab-runner-shackspace.nix
@@ -10,6 +10,7 @@ in {
     "/run/wrappers" # /run/wrappers/bin/su
     "/" # /bin/sh
   ];
+  systemd.services.gitlab-runner.serviceConfig.PrivateTmp = true;
   virtualisation.docker.enable = true;
   services.gitlab-runner = {
     enable = true;
-- 
cgit v1.2.3


From 84646ba41595e3410fdd38b9d27312b33d4474f7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 22 Aug 2017 10:59:49 +0200
Subject: newsbot-js module: add package option

this will be used for the wiki-irc-bot to override the patchPhase
---
 krebs/3modules/newsbot-js.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'krebs')

diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index 2ff9a5eb..dd3e5647 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -13,6 +13,11 @@ let
 
   api = {
     enable = mkEnableOption "Enable krebs newsbot";
+    package = mkOption {
+      type = types.package;
+      default = pkgs.newsbot-js;
+      description = "newsbot package to use";
+    };
     ircServer = mkOption {
       type = types.str;
       default = "echelon.retiolum";
@@ -79,7 +84,7 @@ let
       serviceConfig = {
         User = "newsbot-js";
         Restart = "always";
-        ExecStart = "${pkgs.newsbot-js}/bin/newsbot";
+        ExecStart = "${cfg.package}/bin/newsbot";
       };
     };
   };
-- 
cgit v1.2.3


From 7fa9cb75cbadd9e16c0616ee3ee16f731e647d19 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 22 Aug 2017 11:20:25 +0200
Subject: pkgs.newsbot-js: enable patchPhase

required for overriding the patchPhase
---
 krebs/5pkgs/simple/newsbot-js/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'krebs')

diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix
index b52454ca..fa39823d 100644
--- a/krebs/5pkgs/simple/newsbot-js/default.nix
+++ b/krebs/5pkgs/simple/newsbot-js/default.nix
@@ -32,6 +32,7 @@ in np.buildNodePackage {
 
   phases = [
     "unpackPhase"
+    "patchPhase"
     "installPhase"
   ];
 
-- 
cgit v1.2.3


From 04fbb9148fdde1e36d66dcb603d4e8b360b0e08a Mon Sep 17 00:00:00 2001
From: nin <nineinchnade@gmail.com>
Date: Tue, 5 Sep 2017 22:55:24 +0200
Subject: nin hosts: enable ci

---
 krebs/3modules/nin/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'krebs')

diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index d5d13cd1..aab56835 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -3,7 +3,10 @@
 with import <stockholm/lib>;
 
 {
-  hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) {
+  hosts = mapAttrs (_: recursiveUpdate {
+    owner = config.krebs.users.nin;
+    ci = true;
+  }) {
     hiawatha = {
       cores = 2;
       nets = {
-- 
cgit v1.2.3


From 6218a259a9880368c71ecacddcf1e7c641bd5278 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 6 Sep 2017 09:50:39 +0200
Subject: rtorrent: track nginx changes

---
 krebs/3modules/rtorrent.nix | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'krebs')

diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index d8551899..472accef 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, options, ... }:
 
 with import <stockholm/lib>;
 let
@@ -73,6 +73,15 @@ let
       # authentication also applies to rtorrent.rutorrent
       enable = mkEnableOption "rtorrent nginx web RPC";
 
+      addr = mkOption {
+        type = types.addr4;
+        default = "0.0.0.0";
+        description = ''
+          the address to listen on
+          default is 0.0.0.0
+        '';
+      };
+
       port = mkOption {
         type = types.nullOr types.int;
         description =''
@@ -290,7 +299,7 @@ let
     services.nginx.enable = mkDefault true;
     services.nginx.virtualHosts.rtorrent = {
       default = mkDefault true;
-      inherit (webcfg) basicAuth port;
+      inherit (webcfg) basicAuth;
       root = optionalString rucfg.enable webdir;
 
       locations = {
@@ -310,7 +319,15 @@ let
           include ${pkgs.nginx}/conf/fastcgi.conf;
         ''; }
       );
-    };
+    # workaround because upstream nginx api changed
+    # TODO remove when nobody uses 17.03 anymore
+    } // (if hasAttr "port" (head options.services.nginx.virtualHosts.type.getSubModules).submodule.options then {
+      port = webcfg.port;
+    } else {
+      listen = [
+        { inherit (webcfg) addr port; }
+      ];
+    });
   };
 
   rutorrent-imp = {
-- 
cgit v1.2.3