ci.nix 5.38 KB
Newer Older
Valentin Reis's avatar
Valentin Reis committed
1
{
2
  pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;}
Valentin Reis's avatar
Valentin Reis committed
3 4
}:
let
5
  keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
Valentin Reis's avatar
Valentin Reis committed
6
  argopkgs = import ../pkgs {};
Valentin Reis's avatar
Valentin Reis committed
7
  hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
Valentin Reis's avatar
Valentin Reis committed
8
  argomodules = import ../modules/module-list.nix;
9
  mkChameleonRunner = ip:  { ... }:
10 11 12 13 14 15
  {
    deployment.targetEnv = "none";
    deployment.targetHost = ip;

    imports = [ ./gitlab-runner.nix];

Valentin Reis's avatar
Valentin Reis committed
16 17 18 19 20 21 22 23 24
    time.timeZone = "America/Chicago";

    deployment.keys."id_buildfarm" = {
      destDir = "/run";
      keyFile = ./keys/id_buildfarm.secret;
      user = "fre";
      group = "users";
      permissions = "600";
    };
25

Valentin Reis's avatar
Valentin Reis committed
26 27 28 29 30 31 32
    deployment.keys."gitlab.cfg" = {
      destDir = "/run";
      keyFile = ./keys/gitlab.cfg.secret;
      user = "fre";
      group = "users";
      permissions = "600";
    };
33 34 35 36 37 38 39

    require=argomodules;
    environment.argo.known-hosts.enable=true;
    environment.argo.provider-tacc.enable=true;
    environment.argo.root-access.enable=true;
    environment.argo.ssh-config.enable=true;

Valentin Reis's avatar
Valentin Reis committed
40 41 42 43 44
    environment.argo.singularity ={
      enable = true;
      package = argopkgs.singularity;
    };

45 46 47 48
    environment.variables.TERM = "xterm";

    i18n.defaultLocale = "en_US.UTF-8";
    nix.useSandbox = true;
Valentin Reis's avatar
Valentin Reis committed
49
    nix.nrBuildUsers = 30;
50 51 52 53 54
    nix.trustedUsers=["root" "fre" ];

    services.ntp.enable = false;
    services.openssh.allowSFTP = false;

Valentin Reis's avatar
Valentin Reis committed
55
    environment.systemPackages = [ pkgs.unar pkgs.wget pkgs.git ];
56 57 58

    virtualisation.docker.enable = true;

59 60 61 62
    services.gitlabrunner.enable = true;
    services.gitlabrunner.name = "chameleon-runner-"+ip;
    services.gitlabrunner.registrationConfigFile = "/run/gitlab.cfg";
    services.gitlabrunner.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
63 64 65 66 67 68 69

    nix.gc = {
      automatic = true;
      dates = "05:15";
      options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
    };
   services.openssh.enable = true;
Valentin Reis's avatar
Valentin Reis committed
70 71
   users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
   users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys ;
72
   };
Valentin Reis's avatar
Valentin Reis committed
73 74 75 76 77
in
  {
    network.description = "argo-ci";
    network.enableRollback = false;

78 79 80 81 82 83 84
    gitlab-runner-1 = mkChameleonRunner "129.114.111.64";
    gitlab-runner-2 = mkChameleonRunner "129.114.111.114";
    gitlab-runner-3 = mkChameleonRunner "129.114.110.214";
    gitlab-runner-4 = mkChameleonRunner "129.114.110.3";
    gitlab-runner-5 = mkChameleonRunner "129.114.33.201";
    gitlab-runner-6 = mkChameleonRunner "129.114.111.83";
    gitlab-runner-7 = mkChameleonRunner "129.114.111.116";
85

Valentin Reis's avatar
Valentin Reis committed
86
    gitlab-runner-physical =
87
    { ... }:
Valentin Reis's avatar
Valentin Reis committed
88
    let ip = "140.221.10.88"; in 
89 90
    {
      deployment.targetEnv = "none";
91
      deployment.targetHost = ip;
92

Valentin Reis's avatar
Valentin Reis committed
93 94 95 96 97
      environment.argo.singularity ={
        enable = true;
        package = argopkgs.singularity;
      };

98 99 100 101 102 103
      imports = [ ./gitlab-runner.nix];

       time.timeZone = "America/Chicago";

       deployment.keys."id_buildfarm" = {
         destDir = "/run";
Valentin Reis's avatar
Valentin Reis committed
104
         keyFile = ./keys/id_buildfarm.secret;
105 106 107 108 109 110 111
         user = "fre";
         group = "users";
         permissions = "600";
       };

       deployment.keys."gitlab.cfg" = {
         destDir = "/run";
Valentin Reis's avatar
Valentin Reis committed
112
         keyFile = ./keys/gitlab.cfg.secret;
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144
         user = "fre";
         group = "users";
         permissions = "600";
       };

       systemd.services.tunnel-hydra= {
         path = [pkgs.autossh];
         enable= true;
         description = "ssh tunnel to hydra";
         after = [];
         wantedBy = [ "multi-user.target" ];
         environment.AUTOSSH_GATETIME="0";
         environment.AUTOSSH_POLL="30";
         serviceConfig = {
           User = "fre";
           Restart = "on-success";
           Type = "simple";
           ExecStart = ''
             ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
          '';
         };
       };

      require=argomodules;
      environment.argo.known-hosts.enable=true;
      environment.argo.provider-openspace.enable=true;
      environment.argo.root-access.enable=true;

      environment.variables.TERM = "xterm";

      i18n.defaultLocale = "en_US.UTF-8";
      nix.useSandbox = true;
Valentin Reis's avatar
Valentin Reis committed
145
      nix.maxJobs = 1;
Valentin Reis's avatar
Valentin Reis committed
146
      nix.nrBuildUsers = 30;
147 148 149 150 151
      nix.trustedUsers=["root" "fre" ];

      services.ntp.enable = false;
      services.openssh.allowSFTP = false;

Valentin Reis's avatar
Valentin Reis committed
152
      environment.systemPackages = [ pkgs.git pkgs.unar pkgs.wget ];
153 154 155

      virtualisation.docker.enable = true;

156 157 158 159
      services.gitlabrunner.name = "desktop-val-"+ip ;
      services.gitlabrunner.enable = true;
      services.gitlabrunner.registrationConfigFile = "/run/gitlab.cfg";
      services.gitlabrunner.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
160 161 162 163 164 165 166

      nix.gc = {
        automatic = true;
        dates = "05:15";
        options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
      };
     services.openssh.enable = true;
Valentin Reis's avatar
Valentin Reis committed
167 168
     users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
     users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
169 170
     };
   }