{ lib, config, pkgs, ... }: with import <stockholm/lib>; let sshHostConfig = pkgs.writeText "ssh-config" '' ControlMaster auto ControlPath /tmp/%u_sshmux_%r@%h:%p ControlPersist 4h ''; in { config.services.nginx.virtualHosts.build = { serverAliases = [ "build.prism.r" ]; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port}; ''; }; config.krebs.buildbot.master = let stockholm-mirror-url = http://cgit.prism.r/stockholm ; in { workers = { testworker = "lasspass"; }; change_source.stockholm = '' stockholm_repo = '${stockholm-mirror-url}' cs.append( changes.GitPoller( stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', pollinterval=120 ) ) ''; scheduler = { build-scheduler = '' # build all hosts sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, name="build-all-branches", builderNames=["build-hosts", "build-pkgs"] ) ) ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git( repourl=stockholm_repo, mode='full' ) # TODO: get nixpkgs/stockholm paths from krebs env_lass = { "LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", } env_makefu = { "LOGNAME": "makefu", "NIX_REMOTE": "daemon", "dummy_secrets": "true", } env_nin = { "LOGNAME": "nin", "NIX_REMOTE": "daemon", "dummy_secrets": "true", } env_shared = { "LOGNAME": "shared", "NIX_REMOTE": "daemon", "dummy_secrets": "true", } # prepare nix-shell # the dependencies which are used by the test script deps = [ "gnumake", "jq", "nix", "(import <stockholm>).pkgs.populate", "openssh" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = [ "nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { build-hosts = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: addShell(f,name="build-{}".format(i),env=env_shared, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make NIX_PATH=$HOME/$LOGNAME test method=build \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make NIX_PATH=$HOME/$LOGNAME test method=build \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make NIX_PATH=$HOME/$LOGNAME test method=build \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) for i in [ "hiawatha", "onondaga" ]: addShell(f,name="build-{}".format(i),env=env_nin, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make NIX_PATH=$HOME/$LOGNAME test method=build \ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) bu.append( util.BuilderConfig( name="build-hosts", workernames=workernames, factory=f ) ) ''; build-pkgs = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "apt-cacher-ng", "bepasty-client-cli", "cac-api", "cac-cert", "cac-panel", "charybdis", "collectd-connect-time", "dic", "drivedroid-gen-repo", "exim", "fortclientsslvpn", "get", "git-hooks", "github-hosts-sync", "go", "hashPassword", "haskellPackages.blessings", "haskellPackages.email-header", "haskellPackages.scanner", "haskellPackages.xmonad-stockholm", "krebspaste", "krebszones", "logf", "much", "newsbot-js", "noVNC", "passwdqc-utils", "populate", "posix-array", "pssh", "push", "Reaktor", "realwallpaper", "repo-sync", "retiolum-bootstrap", "tarantool", "test", "tinc_graphs", "translate-shell", "urlwatch", "with-tmpdir", "youtube-tools", ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make system=prism pkgs.{}".format(i)]) bu.append(util.BuilderConfig(name="build-pkgs", workernames=workernames, factory=f)) ''; }; enable = true; web.enable = true; irc = { enable = true; nick = "buildbot-lass"; server = "ni.r"; channels = [ { channel = "retiolum"; } { channel = "noise"; } ]; allowForce = true; }; extraConfig = '' c['buildbotURL'] = "http://build.prism.r/" ''; }; config.krebs.buildbot.worker = { enable = true; masterhost = "localhost"; username = "testworker"; password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; extraEnviron = { NIX_PATH="/var/src"; }; }; config.krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; } ]; }; }; #ssh workaround for make test options.lass.build-ssh-privkey = mkOption { type = types.secret-file; default = { path = "${config.users.users.buildbotworker.home}/.ssh/id_rsa"; owner = { inherit (config.users.users.buildbotworker ) name uid;}; source-path = toString <secrets> + "/build.ssh.key"; }; }; config.krebs.secret.files = { build-ssh-privkey = config.lass.build-ssh-privkey; }; config.users.users.buildbotworker = { useDefaultShell = true; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP" ]; }; }