From 0aced4798237fb80690f13ea49922ad45762c91f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 14:50:01 +0200 Subject: krebs buildbot: hostname agnostic --- krebs/2configs/shared-buildbot.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix index dd430b7c0..99710070a 100644 --- a/krebs/2configs/shared-buildbot.nix +++ b/krebs/2configs/shared-buildbot.nix @@ -1,16 +1,18 @@ { lib, config, pkgs, ... }: -# The buildbot config is self-contained and currently provides a way +# The buildbot config is self-contained and currently provides a way # to test "krebs" configuration (infrastructure to be used by every krebsminister). # You can add your own test, test steps as required. Deploy the config on a # krebs host like wolf and everything should be fine. # TODO for all users schedule a build for fast tests -{ +let + hostname = config.networking.hostName; +in { # due to the fact that we actually build stuff on the box via the daemon, # /nix/store should be cleaned up automatically as well services.nginx.virtualHosts.build = { - serverAliases = [ "build.wolf.r" ]; + serverAliases = [ "build.${hostname}.r" ]; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -22,7 +24,7 @@ nix.gc.dates = "05:23"; networking.firewall.allowedTCPPorts = [ 8010 9989 ]; krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ; + stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm" ; in { secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; workers = { @@ -155,13 +157,13 @@ }; irc = { enable = true; - nick = "wolfbot"; + nick = "${hostname}bot"; server = "ni.r"; channels = [ { channel = "retiolum"; } ]; allowForce = true; }; extraConfig = '' - c['buildbotURL'] = "http://build.wolf.r/" + c['buildbotURL'] = "http://build.${hostname}.r/" ''; }; @@ -173,6 +175,6 @@ packages = with pkgs; [ gnumake jq nix populate ]; # all nix commands will need a working nixpkgs installation extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/wolf/config.nix:stockholm=./"; }; + NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/${hostname}/config.nix:stockholm=./"; }; }; } -- cgit v1.2.3 From 248d405f6171e134812a4cbd51b3fa2663e616b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 14:52:51 +0200 Subject: krebs buildbot: start nginx by default --- krebs/2configs/shared-buildbot.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix index 99710070a..135fcd65a 100644 --- a/krebs/2configs/shared-buildbot.nix +++ b/krebs/2configs/shared-buildbot.nix @@ -11,18 +11,21 @@ let in { # due to the fact that we actually build stuff on the box via the daemon, # /nix/store should be cleaned up automatically as well - services.nginx.virtualHosts.build = { - serverAliases = [ "build.${hostname}.r" ]; - locations."/".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port}; - ''; + services.nginx = { + enable = true; + virtualHosts.build = { + serverAliases = [ "build.${hostname}.r" ]; + locations."/".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port}; + ''; + }; }; nix.gc.automatic = true; nix.gc.dates = "05:23"; - networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.buildbot.master = let stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm" ; in { -- cgit v1.2.3 From 8243e53d893c22e9fd4fc852df30e6f2f3cae032 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 14:54:57 +0200 Subject: krebs buildbot: remove deprecated secrets --- krebs/2configs/shared-buildbot.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix index 135fcd65a..a9e5afc75 100644 --- a/krebs/2configs/shared-buildbot.nix +++ b/krebs/2configs/shared-buildbot.nix @@ -29,7 +29,6 @@ in { krebs.buildbot.master = let stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm" ; in { - secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; workers = { testworker = "krebspass"; }; -- cgit v1.2.3 From b4ad7cd86d59fbc003392068f6abec6f96720163 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 15:12:06 +0200 Subject: krebs: merge cgit-mirror into repo-sync --- krebs/2configs/cgit-mirror.nix | 45 ---------------------- krebs/2configs/repo-sync.nix | 84 +++++++++++++++++++++++++++++++----------- 2 files changed, 62 insertions(+), 67 deletions(-) delete mode 100644 krebs/2configs/cgit-mirror.nix (limited to 'krebs/2configs') diff --git a/krebs/2configs/cgit-mirror.nix b/krebs/2configs/cgit-mirror.nix deleted file mode 100644 index c2326a5cc..000000000 --- a/krebs/2configs/cgit-mirror.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - rules = with git; singleton { - user = [ wolf-repo-sync ]; - repo = [ stockholm-mirror ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; - - stockholm-mirror = { - public = true; - name = "stockholm-mirror"; - cgit.desc = "mirror for all stockholm branches"; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; - channel = "#retiolum"; - server = "ni.r"; - }; - }; - }; - - wolf-repo-sync = { - name = "wolf-repo-sync"; - mail = "spam@krebsco.de"; - # TODO put git-sync pubkey somewhere more appropriate - pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; - }; - -in { - krebs.users.wolf-repo-sync = wolf-repo-sync; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; - }; - inherit rules; - repos.stockholm-mirror = stockholm-mirror; - }; -} diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 637a26e3c..87a8bd827 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -1,31 +1,71 @@ { config, lib, pkgs, ... }: -with lib; -{ - krebs.repo-sync = let - # TODO addMirrorURL function - mirror = "git@wolf:stockholm-mirror"; - in { - enable = true; - repos.stockholm = { - branches = { - makefu = { - origin.url = http://cgit.gum/stockholm ; - mirror.url = mirror; +with import ; + +let + mirror = "git@${config.networking.hostName}:"; + + defineRepo = name: announce: let + repo = { + public = true; + name = mkDefault "${name}"; + cgit.desc = mkDefault "mirror for ${name}"; + cgit.section = mkDefault "mirror"; + hooks = mkIf announce (mkDefault { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "ni.r"; + branches = [ "newest" ]; }; - tv = { - origin.url = http://cgit.ni.r/stockholm; - mirror.url = mirror; + }); + }; + in { + rules = with git; singleton { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + }; + repos."${name}" = repo; + }; + + sync-retiolum = name: + { + krebs.repo-sync.repos.${name} = { + branches = { + makefu = { + origin.url = "http://cgit.gum/${name}"; + mirror.url = "${mirror}${name}"; + }; + tv = { + origin.url = "http://cgit.ni.r/${name}"; + mirror.url = "${mirror}${name}"; + }; + nin = { + origin.url = "http://cgit.onondaga.r/${name}"; + mirror.url = "${mirror}${name}"; + }; + lassulus = { + origin.url = "http://cgit.lassul.us/${name}"; + mirror.url = "${mirror}${name}"; + }; }; - lassulus = { - origin.url = http://cgit.prism/stockholm ; - mirror.url = mirror; + latest = { + url = "${mirror}${name}"; + ref = "heads/newest"; }; }; - latest = { - url = mirror; - ref = "heads/master"; - }; + krebs.git = defineRepo name true; }; + +in { + krebs.repo-sync = { + enable = true; }; + imports = [ + (sync-retiolum "stockholm") + ]; } -- cgit v1.2.3 From 0b300dc90e675cb02a50abd88bad66365f5abd93 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 20:37:20 +0200 Subject: krebs repo-sync: activate also git --- krebs/2configs/repo-sync.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 87a8bd827..157a30e69 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -65,6 +65,15 @@ in { krebs.repo-sync = { enable = true; }; + krebs.git = { + enable = mkDefault true; + cgit = { + settings = { + root-title = "Shared Repos"; + root-desc = "keep on krebsing"; + }; + }; + }; imports = [ (sync-retiolum "stockholm") ]; -- cgit v1.2.3 From f4a192f5f83d5e8a88c0e287b45c0fadf12f6907 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 21:59:00 +0200 Subject: krebs: init backup.nix --- krebs/2configs/backup.nix | 21 +++++++++++++++++++++ krebs/2configs/default.nix | 3 +++ 2 files changed, 24 insertions(+) create mode 100644 krebs/2configs/backup.nix (limited to 'krebs/2configs') diff --git a/krebs/2configs/backup.nix b/krebs/2configs/backup.nix new file mode 100644 index 000000000..7ee438784 --- /dev/null +++ b/krebs/2configs/backup.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +with import ; +{ + krebs.backup.plans = { + } // mapAttrs (_: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }) { + wolf-share-puyak = { + method = "pull"; + src = { host = config.krebs.hosts.wolf; path = "/home/share"; }; + dst = { host = config.krebs.hosts.puyak; path = "/bku/wolf-share"; }; + startAt = "03:00"; + }; + }; +} + diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 901516e50..daf9bd9d0 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -2,6 +2,9 @@ with import ; { + imports = [ + ./backup.nix + ]; krebs.enable = true; krebs.tinc.retiolum.enable = true; -- cgit v1.2.3