2015-12-30 02:05:14 +01:00
|
|
|
{ lib, config, pkgs, ... }:
|
2016-06-18 13:26:22 +02:00
|
|
|
|
2016-10-20 20:54:38 +02:00
|
|
|
with import <stockholm/lib>;
|
2016-06-18 13:26:22 +02:00
|
|
|
|
|
|
|
let
|
2016-07-23 19:19:18 +02:00
|
|
|
sshHostConfig = pkgs.writeText "ssh-config" ''
|
|
|
|
ControlMaster auto
|
|
|
|
ControlPath /tmp/%u_sshmux_%r@%h:%p
|
|
|
|
ControlPersist 4h
|
|
|
|
'';
|
2016-06-18 13:26:22 +02:00
|
|
|
|
2017-07-26 00:13:23 +02:00
|
|
|
hostname = config.networking.hostName;
|
|
|
|
|
2016-06-18 13:26:22 +02:00
|
|
|
in {
|
2017-04-12 21:05:18 +02:00
|
|
|
config.services.nginx.virtualHosts.build = {
|
2017-07-26 00:13:23 +02:00
|
|
|
serverAliases = [ "build.${hostname}.r" ];
|
2017-04-12 21:05:18 +02:00
|
|
|
locations."/".extraConfig = ''
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2016-06-18 13:26:22 +02:00
|
|
|
config.krebs.buildbot.master = let
|
2017-07-26 00:13:23 +02:00
|
|
|
stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm";
|
2016-04-19 12:05:49 +02:00
|
|
|
in {
|
2017-07-23 21:54:11 +02:00
|
|
|
slaves = {
|
|
|
|
testslave = "lasspass";
|
2015-12-30 02:05:14 +01:00
|
|
|
};
|
|
|
|
change_source.stockholm = ''
|
2016-04-19 12:05:49 +02:00
|
|
|
stockholm_repo = '${stockholm-mirror-url}'
|
2016-11-28 23:24:47 +01:00
|
|
|
cs.append(
|
|
|
|
changes.GitPoller(
|
2015-12-30 02:05:14 +01:00
|
|
|
stockholm_repo,
|
2016-04-19 12:05:49 +02:00
|
|
|
workdir='stockholm-poller', branches=True,
|
2015-12-30 02:05:14 +01:00
|
|
|
project='stockholm',
|
2017-06-20 01:05:50 +02:00
|
|
|
pollinterval=10
|
2016-11-28 23:24:47 +01:00
|
|
|
)
|
|
|
|
)
|
2015-12-30 02:05:14 +01:00
|
|
|
'';
|
|
|
|
scheduler = {
|
2016-06-25 10:39:35 +02:00
|
|
|
build-scheduler = ''
|
|
|
|
# build all hosts
|
2016-11-28 23:24:47 +01:00
|
|
|
sched.append(
|
|
|
|
schedulers.SingleBranchScheduler(
|
|
|
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
|
|
|
treeStableTimer=10,
|
|
|
|
name="build-all-branches",
|
2017-06-20 01:05:16 +02:00
|
|
|
builderNames=["build-hosts"]
|
2016-11-28 23:24:47 +01:00
|
|
|
)
|
|
|
|
)
|
2016-06-11 00:26:21 +02:00
|
|
|
'';
|
2015-12-30 02:05:14 +01:00
|
|
|
};
|
|
|
|
builder_pre = ''
|
|
|
|
# prepare grab_repo step for stockholm
|
2016-11-28 23:24:47 +01:00
|
|
|
grab_repo = steps.Git(
|
|
|
|
repourl=stockholm_repo,
|
|
|
|
mode='full'
|
|
|
|
)
|
2015-12-30 02:05:14 +01:00
|
|
|
|
|
|
|
# prepare addShell function
|
|
|
|
def addShell(factory,**kwargs):
|
|
|
|
factory.addStep(steps.ShellCommand(**kwargs))
|
|
|
|
'';
|
|
|
|
builder = {
|
2016-11-29 11:15:57 +01:00
|
|
|
build-hosts = ''
|
2016-06-11 00:26:21 +02:00
|
|
|
f = util.BuildFactory()
|
|
|
|
f.addStep(grab_repo)
|
2017-06-20 01:08:42 +02:00
|
|
|
|
2017-07-04 16:39:10 +02:00
|
|
|
def build_host(user, host):
|
|
|
|
addShell(f,
|
|
|
|
name="{}".format(i),
|
|
|
|
env={
|
|
|
|
"LOGNAME": user,
|
|
|
|
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
|
|
|
"NIX_REMOTE": "daemon",
|
|
|
|
"dummy_secrets": "true",
|
|
|
|
},
|
|
|
|
command=[
|
|
|
|
"nix-shell", "--run",
|
2017-07-23 21:54:11 +02:00
|
|
|
"test --system={} --target=buildbotSlave@${config.krebs.build.host.name}$HOME/$LOGNAME".format(host)
|
2017-07-04 16:39:10 +02:00
|
|
|
]
|
2016-11-29 13:56:59 +01:00
|
|
|
)
|
2016-11-28 23:24:47 +01:00
|
|
|
|
2017-07-23 21:42:53 +02:00
|
|
|
for i in [ "hotdog", "puyak", "test-all-krebs-modules", "test-centos7", "test-minimal-deploy", "wolf" ]:
|
2017-07-14 02:24:57 +02:00
|
|
|
build_host("krebs", i)
|
|
|
|
|
2017-06-01 12:49:21 +02:00
|
|
|
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
2017-07-04 16:39:10 +02:00
|
|
|
build_host("lass", i)
|
2016-06-11 00:26:21 +02:00
|
|
|
|
2016-07-28 12:58:54 +02:00
|
|
|
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
|
2017-07-04 16:39:10 +02:00
|
|
|
build_host("makefu", i)
|
2016-06-25 09:58:00 +02:00
|
|
|
|
2017-01-26 23:44:31 +01:00
|
|
|
for i in [ "hiawatha", "onondaga" ]:
|
2017-07-04 16:39:10 +02:00
|
|
|
build_host("nin", i)
|
2017-06-20 01:08:42 +02:00
|
|
|
|
2017-06-30 13:48:55 +02:00
|
|
|
for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
|
2017-07-04 16:39:10 +02:00
|
|
|
build_host("tv", i)
|
2017-06-30 13:48:55 +02:00
|
|
|
|
2016-11-28 23:24:47 +01:00
|
|
|
bu.append(
|
|
|
|
util.BuilderConfig(
|
2016-11-29 11:15:57 +01:00
|
|
|
name="build-hosts",
|
2017-07-23 21:54:11 +02:00
|
|
|
slavenames=slavenames,
|
2016-11-28 23:24:47 +01:00
|
|
|
factory=f
|
|
|
|
)
|
|
|
|
)
|
2016-06-25 09:58:00 +02:00
|
|
|
|
2016-08-09 22:49:17 +02:00
|
|
|
'';
|
2015-12-30 02:05:14 +01:00
|
|
|
};
|
|
|
|
enable = true;
|
|
|
|
web.enable = true;
|
|
|
|
irc = {
|
|
|
|
enable = true;
|
2017-07-26 00:13:23 +02:00
|
|
|
nick = "build|${hostname}";
|
2016-11-11 08:47:46 +01:00
|
|
|
server = "ni.r";
|
2017-07-23 21:54:11 +02:00
|
|
|
channels = [ "retiolum" "noise" ];
|
2015-12-30 02:05:14 +01:00
|
|
|
allowForce = true;
|
|
|
|
};
|
2017-04-12 12:15:15 +02:00
|
|
|
extraConfig = ''
|
2017-07-26 00:13:23 +02:00
|
|
|
c['buildbotURL'] = "http://build.${hostname}.r/"
|
2017-04-12 12:15:15 +02:00
|
|
|
'';
|
2015-12-30 02:05:14 +01:00
|
|
|
};
|
|
|
|
|
2017-07-23 21:54:11 +02:00
|
|
|
config.krebs.buildbot.slave = {
|
2015-12-30 02:05:14 +01:00
|
|
|
enable = true;
|
|
|
|
masterhost = "localhost";
|
2017-07-23 21:54:11 +02:00
|
|
|
username = "testslave";
|
2015-12-30 02:05:14 +01:00
|
|
|
password = "lasspass";
|
2016-07-16 21:43:38 +02:00
|
|
|
packages = with pkgs; [ gnumake jq nix populate ];
|
2016-04-19 12:05:49 +02:00
|
|
|
};
|
2016-06-18 13:26:22 +02:00
|
|
|
config.krebs.iptables = {
|
2016-04-19 12:05:49 +02:00
|
|
|
tables = {
|
|
|
|
filter.INPUT.rules = [
|
|
|
|
{ predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
|
|
|
|
];
|
|
|
|
};
|
2015-12-30 02:05:14 +01:00
|
|
|
};
|
2016-06-18 13:26:22 +02:00
|
|
|
|
|
|
|
#ssh workaround for make test
|
|
|
|
options.lass.build-ssh-privkey = mkOption {
|
|
|
|
type = types.secret-file;
|
|
|
|
default = {
|
2017-07-23 21:54:11 +02:00
|
|
|
path = "${config.users.users.buildbotSlave.home}/.ssh/id_rsa";
|
|
|
|
owner = { inherit (config.users.users.buildbotSlave ) name uid;};
|
2016-06-18 13:26:22 +02:00
|
|
|
source-path = toString <secrets> + "/build.ssh.key";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
config.krebs.secret.files = {
|
|
|
|
build-ssh-privkey = config.lass.build-ssh-privkey;
|
|
|
|
};
|
2017-07-23 21:54:11 +02:00
|
|
|
config.users.users.buildbotSlave = {
|
2017-05-16 09:42:06 +02:00
|
|
|
useDefaultShell = true;
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP"
|
|
|
|
];
|
2016-06-18 13:26:22 +02:00
|
|
|
};
|
2015-12-30 02:05:14 +01:00
|
|
|
}
|