From 7e55508eafc0f8becd4fb9c8d31839beecf4ffd2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Aug 2016 22:12:02 +0200 Subject: s 2 base: set stockholm to PWD --- shared/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'shared') diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index 5aa5897d7..492689427 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -14,7 +14,7 @@ with config.krebs.lib; ref = "63b9785"; # stable @ 2016-06-01 }; secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; - stockholm.file = "${getEnv "HOME"}/stockholm"; + stockholm.file = getEnv "PWD"; }; networking.hostName = config.krebs.build.host.name; -- cgit v1.2.3 From ad00352682ee3d1e564cd4edf4ea60c45cf2ccb7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Aug 2016 22:58:59 +0200 Subject: s: always import 2configs (formerly base.nix) --- shared/1systems/test-arch.nix | 1 - shared/1systems/test-centos6.nix | 1 - shared/1systems/test-centos7.nix | 1 - shared/1systems/wolf.nix | 1 - shared/2configs/base.nix | 65 ---------------------------------------- shared/2configs/default.nix | 65 ++++++++++++++++++++++++++++++++++++++++ shared/default.nix | 1 + 7 files changed, 66 insertions(+), 69 deletions(-) delete mode 100644 shared/2configs/base.nix create mode 100644 shared/2configs/default.nix (limited to 'shared') diff --git a/shared/1systems/test-arch.nix b/shared/1systems/test-arch.nix index 14fc0384b..a13fea425 100644 --- a/shared/1systems/test-arch.nix +++ b/shared/1systems/test-arch.nix @@ -3,7 +3,6 @@ { imports = [ ../. - ../2configs/base.nix { boot.loader.grub = { device = "/dev/sda"; diff --git a/shared/1systems/test-centos6.nix b/shared/1systems/test-centos6.nix index 8add0b7c1..ebcece383 100644 --- a/shared/1systems/test-centos6.nix +++ b/shared/1systems/test-centos6.nix @@ -8,7 +8,6 @@ let in { imports = [ ../. - ../2configs/base.nix ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix { networking.interfaces.enp11s0.ip4 = [ diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix index 65daff509..9ea063c9b 100644 --- a/shared/1systems/test-centos7.nix +++ b/shared/1systems/test-centos7.nix @@ -6,7 +6,6 @@ let in { imports = [ ../. - ../2configs/base.nix ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/temp/networking.nix ../2configs/temp/dirs.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 3818cf2c5..8b0976537 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -7,7 +7,6 @@ in { imports = [ ../. - ../2configs/base.nix ../2configs/collectd-base.nix ../2configs/shack-nix-cacher.nix diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix deleted file mode 100644 index 492689427..000000000 --- a/shared/2configs/base.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - krebs.enable = true; - krebs.tinc.retiolum.enable = true; - - # TODO rename shared user to "krebs" - krebs.build.user = mkDefault config.krebs.users.shared; - krebs.build.source = let inherit (config.krebs.build) host user; in { - nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "63b9785"; # stable @ 2016-06-01 - }; - secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; - stockholm.file = getEnv "PWD"; - }; - - networking.hostName = config.krebs.build.host.name; - - nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - nix.useChroot = true; - - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - - environment.systemPackages = with pkgs; [ - git - rxvt_unicode.terminfo - ]; - - programs.ssh.startAgent = false; - - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - - users.mutableUsers = false; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO - config.krebs.users.lass.pubkey - config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey - config.krebs.users.tv.pubkey - ]; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - -} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix new file mode 100644 index 000000000..492689427 --- /dev/null +++ b/shared/2configs/default.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + krebs.enable = true; + krebs.tinc.retiolum.enable = true; + + # TODO rename shared user to "krebs" + krebs.build.user = mkDefault config.krebs.users.shared; + krebs.build.source = let inherit (config.krebs.build) host user; in { + nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "63b9785"; # stable @ 2016-06-01 + }; + secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + stockholm.file = getEnv "PWD"; + }; + + networking.hostName = config.krebs.build.host.name; + + nix.maxJobs = 1; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + "http://cache.nixos.org" + "http://hydra.nixos.org" + ]; + nix.useChroot = true; + + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.systemPackages = with pkgs; [ + git + rxvt_unicode.terminfo + ]; + + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + services.cron.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + + users.mutableUsers = false; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + # TODO + config.krebs.users.lass.pubkey + config.krebs.users.makefu.pubkey + # TODO HARDER: + config.krebs.users.makefu-omo.pubkey + config.krebs.users.tv.pubkey + ]; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + +} diff --git a/shared/default.nix b/shared/default.nix index 69b4abaac..320e1a133 100644 --- a/shared/default.nix +++ b/shared/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ../krebs + ./2configs ./3modules ]; } -- cgit v1.2.3 From e58635b1d2e2f7b6c0b9ff4bebebf7b0d1aab908 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 00:03:41 +0200 Subject: s 2 buildbot: use make test for tests --- shared/2configs/shared-buildbot.nix | 43 +++++++++++++------------------------ 1 file changed, 15 insertions(+), 28 deletions(-) (limited to 'shared') diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 688f8f9aa..f1bd701f6 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -91,37 +91,24 @@ ''; builder = { fast-tests = '' - f = util.BuildFactory() - f.addStep(grab_repo) - for i in [ "test-centos7", "wolf", "test-failing" ]: - addShell(f,name="populate-{}".format(i),env=env, - command=nixshell + \ - ["{}(make system={} populate debug=true)".format("!" if "failing" in i else "",i)]) + f = util.BuildFactory() + f.addStep(grab_repo) - # XXX we must prepare ./retiolum.rsa_key.priv for secrets to work - addShell(f,name="instantiate-test-all-modules",env=env, - command=nixshell + \ - ["touch retiolum.rsa_key.priv; \ - nix-instantiate \ - --show-trace --eval --strict --json \ - -I nixos-config=./shared/1systems/test-all-krebs-modules.nix \ - -I secrets=. \ - -A config.system.build.toplevel"] - ) + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" "test-failing" ]: + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=eval \ + system={}".format(i)]) - addShell(f,name="build-test-minimal",env=env, - command=nixshell + \ - ["nix-instantiate \ - --show-trace --eval --strict --json \ - -I nixos-config=./shared/1systems/test-minimal-deploy.nix \ - -I secrets=. \ - -A config.system.build.toplevel"] - ) + bu.append(util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) - bu.append(util.BuilderConfig(name="fast-tests", - slavenames=slavenames, - factory=f)) - ''; + ''; # this build will try to build against local nixpkgs # TODO change to do a 'local' populate and use the retrieved nixpkgs build-local = '' -- cgit v1.2.3 From d68b340b9b8acb717a6b4d5626600448ba7fd67a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 13:30:27 +0200 Subject: s: add dummy_secrets for tests --- shared/2configs/default.nix | 5 ++++- shared/2configs/shared-buildbot.nix | 6 +++++- shared/6tests/data/secrets/retiolum.rsa_key.priv | 0 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 shared/6tests/data/secrets/retiolum.rsa_key.priv (limited to 'shared') diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 492689427..1c875d24c 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -13,7 +13,10 @@ with config.krebs.lib; url = https://github.com/NixOS/nixpkgs; ref = "63b9785"; # stable @ 2016-06-01 }; - secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString + else "${getEnv "HOME"}/secrets/krebs/${host.name}"; stockholm.file = getEnv "PWD"; }; diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index f1bd701f6..85e3cdf16 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -71,7 +71,11 @@ # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"} + env = { + "LOGNAME": "shared", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script diff --git a/shared/6tests/data/secrets/retiolum.rsa_key.priv b/shared/6tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From ca18ca081e3ae6908e4b259895a8333b8da8d046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 14:37:18 +0200 Subject: s 6: add ssh.id_ed25519 to dummy_secrets --- shared/6tests/data/secrets/ssh.id_ed25519 | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 shared/6tests/data/secrets/ssh.id_ed25519 (limited to 'shared') diff --git a/shared/6tests/data/secrets/ssh.id_ed25519 b/shared/6tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From 0c391c4d615ede78622809fc4b08211b1e2ea0af Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 14:37:51 +0200 Subject: s 2 buildbot: fix missing , --- shared/2configs/shared-buildbot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'shared') diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 85e3cdf16..688be2e47 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -98,7 +98,7 @@ f = util.BuildFactory() f.addStep(grab_repo) - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" "test-failing" ]: + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7", "test-failing" ]: addShell(f,name="build-{}".format(i),env=env, command=nixshell + \ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ -- cgit v1.2.3 From 7b1110defbc1971dd60e1bb5100dc484cb204bc5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 16:52:28 +0200 Subject: s 2 shared-buildbot: disable test-failing --- shared/2configs/shared-buildbot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'shared') diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 688be2e47..58db4c94c 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -98,7 +98,7 @@ f = util.BuildFactory() f.addStep(grab_repo) - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7", "test-failing" ]: + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: addShell(f,name="build-{}".format(i),env=env, command=nixshell + \ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ -- cgit v1.2.3 From 7f4da078dfcc1854eb859832f0076a280c3d2b0f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 17:28:47 +0200 Subject: s 6: add grafana_security to dummy_secrets --- shared/6tests/data/secrets/grafana_security.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 shared/6tests/data/secrets/grafana_security.nix (limited to 'shared') diff --git a/shared/6tests/data/secrets/grafana_security.nix b/shared/6tests/data/secrets/grafana_security.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/shared/6tests/data/secrets/grafana_security.nix @@ -0,0 +1 @@ +{} -- cgit v1.2.3 From 50708fb20cf0ecffc98e1f9dfed784492692c5e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Aug 2016 15:16:41 +0200 Subject: s 2: nixpkgs 63b9785 -> 9cb194c --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'shared') diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 1c875d24c..31f786d1d 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with config.krebs.lib; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "63b9785"; # stable @ 2016-06-01 + ref = "9cb194cfa449c43f63185a25c8d10307aea3b358"; # nixos-16.03 @ 2016-08-05 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.2.3 From 83e40cd00d40478276d49121163750bb38cc81f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Aug 2016 11:24:49 +0200 Subject: s 2 buildbot: use make for build-local --- shared/2configs/shared-buildbot.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'shared') diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 58db4c94c..a873c8e73 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -120,14 +120,14 @@ f.addStep(grab_repo) addShell(f,name="build-test-all-modules",env=env, - command=nixshell + \ - ["touch retiolum.rsa_key.priv; \ - nix-build \ - --show-trace --no-out-link \ - -I nixos-config=./shared/1systems/test-all-krebs-modules.nix \ - -I secrets=. \ - -A config.system.build.toplevel"] - ) + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=build \ + system=test-all-krebs-modules"] + ) bu.append(util.BuilderConfig(name="build-local", slavenames=slavenames, -- cgit v1.2.3 From eadaf02e52b4cb62310a2df3a1d5cb827e9a3600 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Aug 2016 19:06:17 +0200 Subject: s 2 buildbot: build-local also builds wolf --- shared/2configs/shared-buildbot.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'shared') diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index a873c8e73..22144e9ec 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -119,15 +119,15 @@ f = util.BuildFactory() f.addStep(grab_repo) - addShell(f,name="build-test-all-modules",env=env, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ - system=test-all-krebs-modules"] - ) + for i in [ "test-all-krebs-modules", "wolf" ]: + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=build \ + system={}".format(i)]) bu.append(util.BuilderConfig(name="build-local", slavenames=slavenames, -- cgit v1.2.3