diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 16a74e7c1..c06f3754e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -31,6 +31,7 @@ let ./setuid.nix ./tinc_graphs.nix ./urlwatch.nix + ./repo-sync.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix new file mode 100644 index 000000000..7a7c80a75 --- /dev/null +++ b/krebs/3modules/repo-sync.nix @@ -0,0 +1,109 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.krebs.repo-sync; + + out = { + options.krebs.repo-sync = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "repo-sync"; + config = mkOption { + type = with types;attrsOf (attrsOf (attrsOf str)); + example = literalExample '' + # see `repo-sync --help` + # `ref` provides sane defaults and can be omitted + + # attrset will be converted to json and be used as config + { + makefu = { + origin = { + url = http://github.com/makefu/repo ; + ref = "heads/dev" ; + }; + mirror = { + url = "git@internal:mirror" ; + ref = "heads/github-mirror-dev" ; + }; + }; + lass = { + origin = { + url = http://github.com/lass/repo ; + }; + mirror = { + url = "git@internal:mirror" ; + }; + }; + "@latest" = { + mirror = { + url = "git@internal:mirror"; + ref = "heads/master"; + }; + }; + }; + ''; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "*:00,15,30,45"; + }; + }; + stateDir = mkOption { + type = types.str; + default = "/var/lib/repo-sync"; + }; + privateKeyFile = mkOption { + type = types.str; + description = '' + used by repo-sync to identify with ssh service + ''; + default = toString ; + }; + }; + repo-sync-config = pkgs.writeText "repo-sync-config.json" + (builtins.toJSON cfg.config); + + imp = { + users.users.repo-sync = { + name = "repo-sync"; + uid = config.krebs.lib.genid "repo-sync"; + description = "repo-sync user"; + home = cfg.stateDir; + createHome = true; + }; + + systemd.timers.repo-sync = { + description = "repo-sync timer"; + wantedBy = [ "timers.target" ]; + + timerConfig = cfg.timerConfig; + }; + systemd.services.repo-sync = { + description = "repo-sync"; + after = [ "network.target" ]; + + path = with pkgs; [ ]; + + environment = { + GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + }; + + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" '' + #! /bin/sh + cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv + chown repo-sync ${cfg.stateDir}/ssh.priv + ''; + ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; + WorkingDirectory = cfg.stateDir; + User = "repo-sync"; + }; + }; + }; +in out diff --git a/krebs/5pkgs/repo-sync/default.nix b/krebs/5pkgs/repo-sync/default.nix index 90f838de9..789c03f36 100644 --- a/krebs/5pkgs/repo-sync/default.nix +++ b/krebs/5pkgs/repo-sync/default.nix @@ -1,15 +1,17 @@ { lib, pkgs, python3Packages, fetchurl, ... }: + with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.1.1"; + version = "0.2.5"; disabled = isPy26 || isPy27; propagatedBuildInputs = [ docopt GitPython + pkgs.git ]; src = fetchurl { url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz"; - sha256 = "01r30l2bbsld90ps13ip0zi2a41b53dv4q6fxrzvkfrprr64c0vv"; + sha256 = "1a59bj0vc5ajq8indkvkdk022yzvvv5mjb57hk3xf1j3wpr85p84"; }; meta = { homepage = http://github.com/makefu/repo-sync; diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 317591433..96691aed8 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -14,6 +14,7 @@ in ../2configs/shack-drivedroid.nix ../2configs/shared-buildbot.nix ../2configs/cgit-mirror.nix + ../2configs/repo-sync.nix # ../2configs/graphite.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix index d30f1444f..b984535c9 100644 --- a/shared/2configs/cgit-mirror.nix +++ b/shared/2configs/cgit-mirror.nix @@ -3,7 +3,7 @@ with config.krebs.lib; let rules = with git; singleton { - user = [ git-sync ]; + user = [ wolf-repo-sync ]; repo = [ stockholm-mirror ]; perm = push ''refs/*'' [ non-fast-forward create delete merge ]; }; @@ -22,14 +22,15 @@ let }; }; - git-sync = { - name = "git-sync"; + wolf-repo-sync = { + name = "wolf-repo-sync"; mail = "spam@krebsco.de"; # TODO put git-sync pubkey somewhere more appropriate - pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync''; + pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; }; in { + krebs.users.wolf-repo-sync = wolf-repo-sync; krebs.git = { enable = true; root-title = "Shared Repos"; diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix new file mode 100644 index 000000000..b23cb1675 --- /dev/null +++ b/shared/2configs/repo-sync.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.repo-sync = let + # TODO addMirrorURL function + mirror = "git@wolf:stockholm-mirror"; + in { + enable = true; + config = { + makefu = { + origin.url = http://cgit.gum/stockholm ; + mirror.url = mirror; + }; + tv = { + origin.url = http://cgit.cd/stockholm ; + mirror.url = mirror; + }; + lassulus = { + origin.url = http://cgit.cloudkrebs/stockholm ; + mirror.url = mirror; + }; + "@latest" = { + mirror.url = mirror; + }; + }; + }; +} diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 169b18284..6133ccc99 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -41,5 +41,4 @@ in }; }; }; - } diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index f6798bf99..ebf5f4a1e 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -1,18 +1,22 @@ { lib, config, pkgs, ... }: -# The buildbot config is seilf-contained and provides a way to test "shared" -# configuration (infrastructure to be used by every krebsminister). +# The buildbot config is self-contained and currently provides a way +# to test "shared" configuration (infrastructure to be used by every krebsminister). # You can add your own test, test steps as required. Deploy the config on a # shared host like wolf and everything should be fine. + +# TODO for all users schedule a build for fast tests { networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = { + krebs.buildbot.master = let + stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ; + in { secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; slaves = { testslave = "krebspass"; }; change_source.stockholm = '' - stockholm_repo = 'http://cgit.wolf/stockholm-mirror' + stockholm_repo = '${stockholm-mirror-url}' cs.append(changes.GitPoller( stockholm_repo, workdir='stockholm-poller', branches=True, @@ -23,16 +27,15 @@ force-scheduler = '' sched.append(schedulers.ForceScheduler( name="force", - builderNames=["full-tests"])) + builderNames=["full-tests","fast-tests"])) ''; fast-tests-scheduler = '' - # test the master real quick + # test everything real quick sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # change_filter=util.ChangeFilter(branch="master"), - treeStableTimer=10, #only test the latest push - name="fast-master-test", + # treeStableTimer=10, + name="fast-test-all-branches", builderNames=["fast-tests"])) ''; test-cac-infest-master = '' @@ -133,7 +136,7 @@ }; irc = { enable = true; - nick = "shared-buildbot"; + nick = "wolfbot"; server = "cd.retiolum"; channels = [ "retiolum" ]; allowForce = true; @@ -147,6 +150,7 @@ password = "krebspass"; packages = with pkgs;[ git nix ]; # all nix commands will need a working nixpkgs installation - extraEnviron = { NIX_PATH="/var/src"; }; + extraEnviron = { + NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; }; }