diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 19 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 57 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/libvirt.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/skype.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/xserver/default.nix | 6 | ||||
| -rw-r--r-- | lass/5pkgs/default.nix | 11 | ||||
| -rw-r--r-- | lass/5pkgs/xmonad-lass/Main.hs | 13 | ||||
| -rw-r--r-- | lass/default.nix | 1 | ||||
| -rw-r--r-- | makefu/1systems/gum.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/deployment/mycube.connector.one.nix | 46 | ||||
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/nginx/update.connector.one.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 1 | ||||
| -rw-r--r-- | makefu/5pkgs/mycube-flask/default.nix | 21 | ||||
| -rw-r--r-- | makefu/default.nix | 1 | ||||
| -rw-r--r-- | shared/2configs/shared-buildbot.nix | 65 | 
20 files changed, 204 insertions, 57 deletions
| diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index ca83d6906..6af77ad9b 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -291,7 +291,7 @@ with config.krebs.lib;      wbob = rec {        cores = 1;        nets = { -        retiolm = { +        retiolum = {            addrs4 = ["10.243.214.15"];            addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"];            aliases = [ diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 88fb6aac7..0103b6ec0 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -8,6 +8,7 @@ with builtins;      ../2configs/browsers.nix      ../2configs/programs.nix      ../2configs/git.nix +    ../2configs/pass.nix      #{      #  users.extraUsers = {      #    root = { @@ -17,6 +18,15 @@ with builtins;      #    };      #  };      #} +    { +      krebs.iptables = { +        tables = { +          filter.INPUT.rules = [ +            { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } +          ]; +        }; +      }; +    }    ];    krebs.build.host = config.krebs.hosts.helios; @@ -53,15 +63,6 @@ with builtins;    #  SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"    #''; -  services.xserver = { -    videoDriver = "intel"; -    vaapiDrivers = [ pkgs.vaapiIntel ]; -    deviceSection = '' -      Option "AccelMethod" "sna" -      BusID "PCI:0:2:0" -    ''; -  }; -    services.xserver.synaptics = {      enable = true;      twoFingerScroll = true; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index f6ac1b4e6..9f492e2c6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -20,12 +20,12 @@      ../2configs/git.nix      #../2configs/wordpress.nix      ../2configs/bitlbee.nix -    ../2configs/firefoxPatched.nix +    #../2configs/firefoxPatched.nix      ../2configs/skype.nix      ../2configs/teamviewer.nix      ../2configs/libvirt.nix      ../2configs/fetchWallpaper.nix -    ../2configs/buildbot-standalone.nix +    #../2configs/buildbot-standalone.nix      {        #risk of rain port        krebs.iptables.tables.filter.INPUT.rules = [ @@ -97,6 +97,54 @@      #    { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }      #  ];      #} +    { +      containers.pythonenv = { +        config = { +          services.openssh.enable = true; +          users.users.root.openssh.authorizedKeys.keys = [ +            config.krebs.users.lass.pubkey +          ]; + +          environment = { +            systemPackages = with pkgs; [ +              git +              libxml2 +              libxslt +              libzip +              python27Full +              python27Packages.buildout +              stdenv +              zlib +            ]; + +            pathsToLink = [ "/include" ]; + +            shellInit = '' +              # help pip to find libz.so when building lxml +              export LIBRARY_PATH=/var/run/current-system/sw/lib +              # ditto for header files, e.g. sqlite +              export C_INCLUDE_PATH=/var/run/current-system/sw/include +            ''; +          }; + +        }; +      }; +    } +    { +      services.mysql = { +        enable = true; +        package = pkgs.mariadb; +        rootPassword = "<secrets>/mysql_rootPassword"; +      }; +    } +    { +      services.elasticsearch = { +        enable = true; +        plugins = [ +          pkgs.elasticsearchPlugins.elasticsearch_kopf +        ]; +      }; +    }    ];    krebs.build.host = config.krebs.hosts.mors; @@ -170,6 +218,11 @@        device = "/dev/big/public";        fsType = "ext4";      }; + +    "/mnt/conf" = { +      device = "/dev/big/conf"; +      fsType = "ext4"; +    };    };    services.udev.extraRules = '' diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 61016fed0..eb764068b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -58,7 +58,7 @@ in {      ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )      ( createChromiumUser "fb" [ ] [ pkgs.chromium ] )      ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) -    ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) +    ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )    ];    nixpkgs.config.packageOverrides = pkgs : { diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 76b897d1f..0aab298c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -42,6 +42,8 @@ let        brain = {          collaborators = with config.krebs.users; [ tv makefu ];        }; +      extraction_webinterface = {}; +      politics-fetching = {};      } //      import <secrets/repos.nix> { inherit config lib pkgs; }    ); diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 7520a0e36..a51ccae58 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -2,13 +2,14 @@  let    mainUser = config.users.extraUsers.mainUser; +  inherit (config.krebs.lib) genid;  in {    virtualisation.libvirtd.enable = true;    users.extraUsers = {      libvirt = { -      uid = lib.genid "libvirt"; +      uid = genid "libvirt";        description = "user for running libvirt stuff";        home = "/home/libvirt";        useDefaultShell = true; diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index d62a18a52..5b6da4a95 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -2,12 +2,13 @@  let    mainUser = config.users.extraUsers.mainUser; +  inherit (config.krebs.lib) genid;  in {    users.extraUsers = {      skype = {        name = "skype"; -      uid = lib.genid "skype"; +      uid = genid "skype";        description = "user for running skype";        home = "/home/skype";        useDefaultShell = true; diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 82cfd57bb..203ed0b09 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -93,11 +93,9 @@ let    xmonad-start = pkgs.writeScriptBin "xmonad" ''      #! ${pkgs.bash}/bin/bash      set -efu -    export PATH; PATH=${makeSearchPath "bin" [ -      pkgs.alsaUtils -      pkgs.pulseaudioLight +    export PATH; PATH=${makeSearchPath "bin" ([        pkgs.rxvt_unicode -    ]}:/var/setuid-wrappers +    ] ++ config.environment.systemPackages)}:/var/setuid-wrappers      settle() {(        # Use PATH for a clean journal        command=''${1##*/} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fee4654ae..ce29ae33c 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,16 +1,13 @@  { pkgs, ... }: -let -  inherit (pkgs) callPackage; -in  {    nixpkgs.config.packageOverrides = rec {      firefoxPlugins = { -      noscript = callPackage ./firefoxPlugins/noscript.nix {}; -      ublock = callPackage ./firefoxPlugins/ublock.nix {}; -      vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; +      noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; +      ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; +      vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};      }; -    newsbot-js = callPackage ./newsbot-js/default.nix {}; +    newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {};      xmonad-lass =        let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in        pkgs.haskellPackages.callPackage src {}; diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index faaa00aab..503df3be7 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -12,7 +12,6 @@ import XMonad  import System.IO (hPutStrLn, stderr)  import System.Environment (getArgs, withArgs, getEnv, getEnvironment)  import System.Posix.Process (executeFile) -import XMonad.Prompt (defaultXPConfig)  import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace                                          , removeEmptyWorkspace)  import XMonad.Actions.GridSelect @@ -73,7 +72,7 @@ mainNoArgs = do          -- $ withUrgencyHook borderUrgencyHook "magenta"          -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }          $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") -        $ defaultConfig +        $ def              { terminal          = myTerm              , modMask           = mod4Mask              , workspaces        = workspaces0 @@ -169,7 +168,7 @@ myWSConfig = myGSConfig      }  pagerConfig :: PagerConfig -pagerConfig = defaultPagerConfig +pagerConfig = def      { pc_font           = myFont      , pc_cellwidth      = 64      --, pc_cellheight     = 36 -- TODO automatically keep screen aspect @@ -182,13 +181,13 @@ pagerConfig = defaultPagerConfig      where      windowColors _ _ _ True _ = ("#ef4242","#ff2323")      windowColors wsf m c u wf = do -        let def = defaultWindowColors wsf m c u wf +        let y = defaultWindowColors wsf m c u wf          if m == False && wf == True -            then ("#402020", snd def) -            else def +            then ("#402020", snd y) +            else y  wGSConfig :: GSConfig Window -wGSConfig = defaultGSConfig +wGSConfig = def      { gs_cellheight = 20      , gs_cellwidth = 192      , gs_cellpadding = 5 diff --git a/lass/default.nix b/lass/default.nix index 69b4abaac..377708c3e 100644 --- a/lass/default.nix +++ b/lass/default.nix @@ -3,5 +3,6 @@ _:    imports = [      ../krebs      ./3modules +    ./5pkgs    ];  } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 04adc4941..906c72de4 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,6 +17,7 @@ in {        ../2configs/mattermost-docker.nix        ../2configs/nginx/euer.test.nix        ../2configs/nginx/update.connector.one.nix +      ../2configs/deployment/mycube.connector.one.nix        ../2configs/exim-retiolum.nix        ../2configs/urlwatch.nix diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix new file mode 100644 index 000000000..6a32656b4 --- /dev/null +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with config.krebs.lib; +let +  hostname = config.krebs.build.host.name; +  external-ip = head config.krebs.build.host.nets.internet.addrs4; +  wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; +in { +  services.redis.enable = true; +  services.uwsgi = { +    enable = true; +    user = "nginx"; +    plugins = [ "python2" ]; +    instance = { +      type = "emperor"; +      vassals = { +        mycube-flask = { +          type = "normal"; +          python2Packages = self: with self; [ pkgs.mycube-flask self.flask self.redis self.werkzeug self.jinja2 self.markupsafe itsdangerous ]; +          socket = wsgi-sock; +        }; +      }; +    }; +  }; + +  krebs.nginx = { +    enable = mkDefault true; +    servers = { +      mybox-connector-one = { +        listen = [ "${external-ip}:80" ]; +        server-names = [ +          "mycube.connector.one" +          "mybox.connector.one" +        ]; +        locations = singleton (nameValuePair "/" '' +          uwsgi_pass unix://${wsgi-sock}; +          uwsgi_param         UWSGI_CHDIR     ${pkgs.mycube-flask}/${pkgs.python.sitePackages}; +          uwsgi_param         UWSGI_MODULE    mycube.websrv; +          uwsgi_param         UWSGI_CALLABLE  app; + +          include ${pkgs.nginx}/conf/uwsgi_params; +        ''); +      }; +    }; +  }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index a488d98f2..15700e10d 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -57,7 +57,7 @@ let    # TODO: get the list of all krebsministers -  krebsminister = with config.krebs.users; [ lass tv uriel ]; +  krebsminister = with config.krebs.users; [ lass tv ];    all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];    all-exco = with config.krebs.users; [ exco ]; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 892be07b8..d5ce34bd4 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -2,8 +2,7 @@  with config.krebs.lib;  { -  # TODO: put this somewhere else -  networking.wireless.enable = true; +  networking.wireless.enable = lib.mkDefault true;    hardware.enableAllFirmware = true;    nixpkgs.config.allowUnfree = true; diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix index 044a14075..ac5e6b17b 100644 --- a/makefu/2configs/nginx/update.connector.one.nix +++ b/makefu/2configs/nginx/update.connector.one.nix @@ -8,7 +8,7 @@ in {    krebs.nginx = {      enable = mkDefault true;      servers = { -      omo-share = { +      update-connector-one = {          listen = [ "${external-ip}:80" ];          server-names = [            "update.connector.one" diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index c4a7f498f..33e280f0e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -10,5 +10,6 @@ in      alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};      awesomecfg = callPackage ./awesomecfg {};      tw-upload-plugin = callPackage ./tw-upload-plugin {}; +    mycube-flask = callPackage ./mycube-flask {};    };  } diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix new file mode 100644 index 000000000..d01abbbd4 --- /dev/null +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.pythonPackages;buildPythonPackage rec { +  name = "mycube-flask-${version}"; +  version = "0.2.3"; +  propagatedBuildInputs = [ +    flask +    redis +  ]; +  src = fetchFromGitHub { +    owner = "makefu"; +    repo = "mycube-flask"; +    rev = "5f5260a"; +    sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; +  }; +  meta = { +    homepage = https://github.com/makefu/mycube-flask; +    description = "flask app for mycube"; +    license = lib.licenses.asl20; +  }; +} diff --git a/makefu/default.nix b/makefu/default.nix index 320e1a133..b1c7c1be8 100644 --- a/makefu/default.nix +++ b/makefu/default.nix @@ -4,5 +4,6 @@ _:      ../krebs      ./2configs      ./3modules +    ./5pkgs    ];  } diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index ebf5f4a1e..b474af7b3 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -7,6 +7,11 @@  # TODO for all users schedule a build for fast tests  { +  # due to the fact that we actually build stuff on the box via the daemon, +  # /nix/store should be cleaned up automatically as well +  nix.gc.automatic = true; +  nix.gc.dates = "05:23"; +    networking.firewall.allowedTCPPorts = [ 8010 9989 ];    krebs.buildbot.master = let      stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ; @@ -27,7 +32,7 @@          force-scheduler = ''    sched.append(schedulers.ForceScheduler(                                name="force", -                              builderNames=["full-tests","fast-tests"])) +                              builderNames=["full-tests","fast-tests","build-local"]))          '';          fast-tests-scheduler = ''    # test everything real quick @@ -35,7 +40,7 @@                                ## all branches                                change_filter=util.ChangeFilter(branch_re=".*"),                                # treeStableTimer=10, -                              name="fast-test-all-branches", +                              name="fast-all-branches",                                builderNames=["fast-tests"]))          '';          test-cac-infest-master = '' @@ -51,8 +56,8 @@                                change_filter=util.ChangeFilter(branch="master"),                                fileIsImportant=shared_files,                                treeStableTimer=60*60, # master was stable for the last hour -                              name="full-master-test", -                              builderNames=["full-tests"])) +                              name="full-master", +                              builderNames=["full-tests","build-local"]))          '';      };      builder_pre = '' @@ -69,7 +74,7 @@    #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE    nixshell = ["nix-shell",                  "-I", "stockholm=.", -                "-I", "nixpkgs=/var/src/upstream-nixpkgs", +                "-I", "nixpkgs=/var/src/nixpkgs",                  "-p" ] + deps + [ "--run" ]    # prepare addShell function @@ -90,26 +95,46 @@    addShell(f,name="instantiate-test-all-modules",env=env,              command=nixshell + \                        ["touch retiolum.rsa_key.priv; \ -                        nix-instantiate --eval -A \ -                            users.shared.test-all-krebs-modules.system \ -                            -I stockholm=. \ -                            --show-trace \ -                            -I secrets=. '<stockholm>' \ -                            --strict --json"]) - -  addShell(f,name="instantiate-test-minimal-deploy",env=env, +                        nix-instantiate \ +                            --show-trace --eval --strict --json \ +                            -I nixos-config=./shared/1systems/test-all-krebs-modules.nix  \ +                            -I secrets=. \ +                            -A config.system.build.toplevel"] +          ) + +  addShell(f,name="build-test-minimal",env=env,              command=nixshell + \ -                      ["nix-instantiate --eval -A \ -                            users.shared.test-minimal-deploy.system \ -                            -I stockholm=. \ -                            -I secrets=. '<stockholm>' \ -                            --show-trace \ -                            --strict --json"]) +                      ["nix-instantiate \ +                            --show-trace --eval --strict --json \ +                            -I nixos-config=./shared/1systems/test-minimal-deploy.nix  \ +                            -I secrets=. \ +                            -A config.system.build.toplevel"] +          )    bu.append(util.BuilderConfig(name="fast-tests",          slavenames=slavenames,          factory=f))        ''; +      # this build will try to build against local nixpkgs +      # TODO change to do a 'local' populate and use the retrieved nixpkgs +      build-local = '' +  f = util.BuildFactory() +  f.addStep(grab_repo) + +  addShell(f,name="build-test-all-modules",env=env, +            command=nixshell + \ +                      ["touch retiolum.rsa_key.priv; \ +                        nix-build \ +                            --show-trace --no-out-link \ +                            -I nixos-config=./shared/1systems/test-all-krebs-modules.nix  \ +                            -I secrets=. \ +                            -A config.system.build.toplevel"] +          ) + +  bu.append(util.BuilderConfig(name="build-local", +        slavenames=slavenames, +        factory=f)) +      '';        slow-tests = ''    s = util.BuildFactory()    s.addStep(grab_repo) @@ -151,6 +176,6 @@      packages = with pkgs;[ git nix ];      # all nix commands will need a working nixpkgs installation      extraEnviron = { -      NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; +      NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };    };  } | 
