summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-07-27 20:43:34 +0200
committertv <tv@krebsco.de>2017-07-27 20:43:34 +0200
commit904b78d7352ddddcc514f325f8bc1e447a4c05ff (patch)
tree9436bfd0d04bdf84386d5d7399fe6adf13fb9a04 /krebs/3modules
parent252d45d212ad0b67336636914a721eb08b5df1c3 (diff)
parent9e0a791281c216b150e4c35a5d4011353237ddfd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/buildbot/master.nix21
-rw-r--r--krebs/3modules/buildbot/slave.nix11
-rw-r--r--krebs/3modules/ci.nix175
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/krebs/default.nix10
5 files changed, 194 insertions, 24 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 6c7af6da5..a7624c8f2 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -2,15 +2,6 @@
with import <stockholm/lib>;
let
-
- # https://github.com/NixOS/nixpkgs/issues/14026
- nixpkgs-fix = import (pkgs.fetchgit {
- url = https://github.com/nixos/nixpkgs;
- rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
- sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8";
- }) {};
-
- buildbot = nixpkgs-fix.buildbot;
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
@@ -357,7 +348,7 @@ let
set -efux
if [ ! -e ${workdir} ];then
mkdir -p ${workdir}
- ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
+ ${pkgs.buildbot-classic}/bin/buildbot create-master -r -l 10 -f ${workdir}
fi
# always override the master.cfg
cp ${buildbot-master-config} ${workdir}/master.cfg
@@ -366,18 +357,18 @@ let
${ concatMapStringsSep "\n"
(f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
# sanity
- ${buildbot}/bin/buildbot checkconfig ${workdir}
+ ${pkgs.buildbot-classic}/bin/buildbot checkconfig ${workdir}
# TODO: maybe upgrade? not sure about this
# normally we should write buildbot.tac by our own
- # ${buildbot}/bin/buildbot upgrade-master ${workdir}
+ # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
chmod 700 -R ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
- ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
- ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
- ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
+ ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start ${workdir}";
+ ExecStop = "${pkgs.buildbot-classic}/bin/buildbot stop ${workdir}";
+ ExecReload = "${pkgs.buildbot-classic}/bin/buildbot reconfig ${workdir}";
PrivateTmp = "true";
User = "buildbotMaster";
Restart = "always";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 932923ae5..544f9c4e0 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -2,12 +2,6 @@
with import <stockholm/lib>;
let
- nixpkgs-fix = import (pkgs.fetchgit {
- url = https://github.com/nixos/nixpkgs;
- rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
- sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8";
- }) {};
-
buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
import os
@@ -158,7 +152,6 @@ let
workdir = shell.escape cfg.workDir;
contact = shell.escape cfg.contact;
description = shell.escape cfg.description;
- buildbot = nixpkgs-fix.buildbot-slave;
# TODO:make this
in {
PermissionsStartOnly = true;
@@ -175,8 +168,8 @@ let
chown buildbotSlave:buildbotSlave -R ${workdir}
chmod 700 -R ${workdir}
'';
- ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
- ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
+ ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
+ ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
PrivateTmp = "true";
User = "buildbotSlave";
Restart = "always";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
new file mode 100644
index 000000000..542a9252f
--- /dev/null
+++ b/krebs/3modules/ci.nix
@@ -0,0 +1,175 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.ci;
+
+ hostname = config.networking.hostName;
+in
+{
+ options.krebs.ci = {
+ enable = mkEnableOption "krebs continous integration";
+ users = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ all = mkOption {
+ type = bool;
+ default = true;
+ };
+ hosts = mkOption {
+ type = listOf str;
+ default = [];
+ };
+ };
+ });
+ example = {
+ lass.all = true;
+ krebs = {
+ all = true;
+ hosts = [
+ "test-all-krebs-modules"
+ "test-arch"
+ ];
+ };
+ };
+ default = {};
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.nginx = {
+ enable = true;
+ virtualHosts.build = {
+ serverAliases = [ "build.${hostname}.r" ];
+ locations."/".extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
+ '';
+ };
+ };
+
+ nix.gc.automatic = true;
+ nix.gc.dates = "05:23";
+
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.${hostname}.r/stockholm'
+ cs.append(
+ changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branches=True,
+ project='stockholm',
+ pollinterval=10
+ )
+ )
+ '';
+ scheduler = {
+ build-scheduler = ''
+ # build all hosts
+ sched.append(
+ schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ treeStableTimer=10,
+ name="build-all-branches",
+ builderNames=[
+ "build-hosts"
+ ]
+ )
+ )
+ '';
+ force-scheduler = ''
+ sched.append(
+ schedulers.ForceScheduler(
+ name="force",
+ builderNames=[
+ "build-hosts"
+ ]
+ )
+ )
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(
+ repourl=stockholm_repo,
+ mode='full'
+ )
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ build-hosts = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+
+ def build_host(user, host):
+ addShell(f,
+ name="{}".format(host),
+ env={
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ },
+ command=[
+ "nix-shell", "--run",
+ "test --user={} --system={} --target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user, host, user)
+ ]
+ )
+
+ ${let
+ user-hosts = mapAttrs (user: a: let
+ managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts);
+ defined-hosts = a.hosts;
+ in
+ defined-hosts ++ (optionals a.all managed-hosts)
+ ) cfg.users;
+
+ in
+ concatStringsSep "\n" (
+ (mapAttrsToList (user: hosts:
+ concatMapStringsSep "\n" (host:
+ "build_host(\"${user}\", \"${host}\")"
+ ) hosts
+ ) user-hosts)
+ )
+ }
+
+ bu.append(
+ util.BuilderConfig(
+ name="build-hosts",
+ slavenames=slavenames,
+ factory=f
+ )
+ )
+
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "build|${hostname}";
+ server = "ni.r";
+ channels = [ "retiolum" "noise" ];
+ allowForce = true;
+ };
+ extraConfig = ''
+ c['buildbotURL'] = "http://build.${hostname}.r/"
+ '';
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs; [ gnumake jq nix populate ];
+ };
+
+ };
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6123b6dd9..b0ad2baf5 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -12,6 +12,7 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
+ ./ci.nix
./current.nix
./exim.nix
./exim-retiolum.nix
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 07543489a..27fbb7088 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -32,12 +32,15 @@ in {
hosts = {
hotdog = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.3";
ip6.addr = "42:0:0:0:0:0:77:3";
aliases = [
"hotdog.r"
+ "build.hotdog.r"
+ "cgit.hotdog.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -56,6 +59,7 @@ in {
};
puyak = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
@@ -82,6 +86,7 @@ in {
};
wolf = {
owner = config.krebs.users.krebs;
+ managed = true;
nets = {
shack = {
ip4.addr = "10.42.2.150" ;
@@ -120,6 +125,11 @@ in {
krebs = {
pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
};
+ hotdog-repo-sync = {
+ name = "hotdog-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzTvaR3QqOD3oEEGHQzg/sRnNbKJnZYcV9htDvXmu53";
+ };
puyak-repo-sync = {
name = "puyak-repo-sync";
mail = "spam@krebsco.de";