Merge remote-tracking branch 'gum/master'

2016-02-15 18:52:05 +01:00 · 2016-02-15 18:52:05 +01:00 · 43ed24ed66
parent ea910d7d99 a94a4c4206
commit 43ed24ed66
8 changed files with 163 additions and 18 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -31,6 +31,7 @@ let
      ./setuid.nix
      ./tinc_graphs.nix
      ./urlwatch.nix
+      ./repo-sync.nix
    ];
    options.krebs = api;
    config = lib.mkIf cfg.enable imp;
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@ -0,0 +1,109 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.krebs.repo-sync;
+
+  out = {
+    options.krebs.repo-sync = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "repo-sync";
+    config = mkOption {
+      type = with types;attrsOf (attrsOf (attrsOf str));
+      example = literalExample ''
+        # see `repo-sync --help`
+        #   `ref` provides sane defaults and can be omitted
+
+        # attrset will be converted to json and be used as config
+        {
+            makefu = {
+                origin = {
+                    url = http://github.com/makefu/repo ;
+                    ref = "heads/dev" ;
+                };
+                mirror = {
+                    url = "git@internal:mirror" ;
+                    ref = "heads/github-mirror-dev" ;
+                };
+            };
+            lass = {
+                origin = {
+                    url = http://github.com/lass/repo ;
+                };
+                mirror = {
+                    url = "git@internal:mirror" ;
+                };
+            };
+            "@latest" = {
+                mirror = {
+                    url = "git@internal:mirror";
+                    ref = "heads/master";
+                };
+            };
+        };
+      '';
+    };
+    timerConfig = mkOption {
+      type = types.attrsOf types.str;
+      default = {
+        OnCalendar = "*:00,15,30,45";
+      };
+    };
+    stateDir = mkOption {
+      type = types.str;
+      default = "/var/lib/repo-sync";
+    };
+    privateKeyFile = mkOption {
+      type = types.str;
+      description = ''
+        used by repo-sync to identify with ssh service
+      '';
+      default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+    };
+  };
+  repo-sync-config = pkgs.writeText "repo-sync-config.json"
+    (builtins.toJSON cfg.config);
+
+  imp = {
+    users.users.repo-sync = {
+      name = "repo-sync";
+      uid = config.krebs.lib.genid "repo-sync";
+      description = "repo-sync user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    systemd.timers.repo-sync = {
+      description = "repo-sync timer";
+      wantedBy = [ "timers.target" ];
+
+      timerConfig = cfg.timerConfig;
+    };
+    systemd.services.repo-sync = {
+      description = "repo-sync";
+      after = [ "network.target" ];
+
+      path = with pkgs; [ ];
+
+      environment = {
+        GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+      };
+
+      serviceConfig = {
+        Type = "simple";
+        PermissionsStartOnly = true;
+        ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
+          #! /bin/sh
+          cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+          chown repo-sync ${cfg.stateDir}/ssh.priv
+        '';
+        ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+        WorkingDirectory = cfg.stateDir;
+        User = "repo-sync";
+      };
+    };
+  };
+in out
--- a/krebs/5pkgs/repo-sync/default.nix
+++ b/krebs/5pkgs/repo-sync/default.nix
@ -1,15 +1,17 @@
 { lib, pkgs, python3Packages, fetchurl, ... }:
+
 with python3Packages; buildPythonPackage rec {
  name = "repo-sync-${version}";
-  version = "0.1.1";
+  version = "0.2.5";
  disabled = isPy26 || isPy27;
  propagatedBuildInputs = [
    docopt
    GitPython
+    pkgs.git
  ];
  src = fetchurl {
    url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz";
-    sha256 = "01r30l2bbsld90ps13ip0zi2a41b53dv4q6fxrzvkfrprr64c0vv";
+    sha256 = "1a59bj0vc5ajq8indkvkdk022yzvvv5mjb57hk3xf1j3wpr85p84";
  };
  meta = {
    homepage = http://github.com/makefu/repo-sync;
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@ -14,6 +14,7 @@ in
    ../2configs/shack-drivedroid.nix
    ../2configs/shared-buildbot.nix
    ../2configs/cgit-mirror.nix
+    ../2configs/repo-sync.nix
    # ../2configs/graphite.nix
  ];
  # use your own binary cache, fallback use cache.nixos.org (which is used by
--- a/shared/2configs/cgit-mirror.nix
+++ b/shared/2configs/cgit-mirror.nix
@ -3,7 +3,7 @@
 with config.krebs.lib;
 let
  rules = with git; singleton {
-    user = [ git-sync ];
+    user = [ wolf-repo-sync ];
    repo = [ stockholm-mirror ];
    perm = push ''refs/*'' [ non-fast-forward create delete merge ];
  };
@ -22,14 +22,15 @@ let
    };
  };

-  git-sync = {
-    name = "git-sync";
+  wolf-repo-sync = {
+    name = "wolf-repo-sync";
    mail = "spam@krebsco.de";
    # TODO put git-sync pubkey somewhere more appropriate
-    pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync'';
+    pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
  };

 in {
+  krebs.users.wolf-repo-sync = wolf-repo-sync;
  krebs.git = {
    enable = true;
    root-title = "Shared Repos";
--- a/shared/2configs/repo-sync.nix
+++ b/shared/2configs/repo-sync.nix
@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  krebs.repo-sync = let
+    # TODO addMirrorURL function
+    mirror = "git@wolf:stockholm-mirror";
+  in {
+    enable = true;
+    config = {
+      makefu = {
+        origin.url = http://cgit.gum/stockholm ;
+        mirror.url = mirror;
+      };
+      tv = {
+        origin.url = http://cgit.cd/stockholm ;
+        mirror.url = mirror;
+      };
+      lassulus = {
+        origin.url = http://cgit.cloudkrebs/stockholm ;
+        mirror.url = mirror;
+      };
+      "@latest" = {
+        mirror.url = mirror;
+      };
+    };
+  };
+}
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@ -41,5 +41,4 @@ in
      };
    };
  };
-
 }
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@ -1,18 +1,22 @@
 { lib, config, pkgs, ... }:
-# The buildbot config is seilf-contained and provides a way to test "shared"
-# configuration (infrastructure to be used by every krebsminister).
+# The buildbot config is self-contained and currently provides a way 
+# to test "shared" configuration (infrastructure to be used by every krebsminister).

 # You can add your own test, test steps as required. Deploy the config on a
 # shared host like wolf and everything should be fine.
+
+# TODO for all users schedule a build for fast tests
 {
  networking.firewall.allowedTCPPorts = [ 8010 9989 ];
-  krebs.buildbot.master = {
+  krebs.buildbot.master = let
+    stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
+  in {
    secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
    slaves = {
      testslave =  "krebspass";
    };
    change_source.stockholm = ''
-  stockholm_repo = 'http://cgit.wolf/stockholm-mirror'
+  stockholm_repo = '${stockholm-mirror-url}'
  cs.append(changes.GitPoller(
          stockholm_repo,
          workdir='stockholm-poller', branches=True,
@ -23,16 +27,15 @@
        force-scheduler = ''
  sched.append(schedulers.ForceScheduler(
                              name="force",
-                              builderNames=["full-tests"]))
+                              builderNames=["full-tests","fast-tests"]))
        '';
        fast-tests-scheduler = ''
-  # test the master real quick
+  # test everything real quick
  sched.append(schedulers.SingleBranchScheduler(
                              ## all branches
                              change_filter=util.ChangeFilter(branch_re=".*"),
-                              # change_filter=util.ChangeFilter(branch="master"),
-                              treeStableTimer=10, #only test the latest push
-                              name="fast-master-test",
+                              # treeStableTimer=10,
+                              name="fast-test-all-branches",
                              builderNames=["fast-tests"]))
        '';
        test-cac-infest-master = ''
@ -133,7 +136,7 @@
    };
    irc = {
      enable = true;
-      nick = "shared-buildbot";
+      nick = "wolfbot";
      server = "cd.retiolum";
      channels = [ "retiolum" ];
      allowForce = true;
@ -147,6 +150,7 @@
    password = "krebspass";
    packages = with pkgs;[ git nix ];
    # all nix commands will need a working nixpkgs installation
-    extraEnviron = { NIX_PATH="/var/src"; };
+    extraEnviron = {
+      NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
  };
 }