[Refactor] adding deb builds.

deployments/ci.nix

@@ -11,12 +11,23 @@ in
     network.description = "argo-ci";
     network.enableRollback = false;
 
-    hydra =
+    hydra-tacc =
     { config, ... }:
     {
+      deployment.targetEnv = "none";
+      deployment.targetHost = "argo.freux.fr";
+
+      deployment.keys."id_buildfarm"     =   {
+        destDir = "/run";
+        keyFile = ./id_buildfarm.secret;
+        user = "hydra-queue-runner";
+        group = "hydra";
+        permissions = "600";
+      };
+
       require=argomodules;
       environment.argo.known-hosts.enable=true;
-      environment.argo.provider-openspace.enable=true;
+      environment.argo.provider-tacc.enable=true;
       environment.argo.root-access.enable=true;
       environment.argo.ssh-config.enable=true;
 
@@ -24,8 +35,6 @@ in
 
       imports = [ "${hydraSrc}/hydra-module.nix" ];
 
-      deployment.targetEnv = "none";
-      deployment.targetHost = "140.221.10.9";
 
       i18n.defaultLocale = "en_US.UTF-8";
       services.ntp.enable = false;
@@ -44,11 +53,11 @@ in
         distributedBuilds = true;
         buildMachines = [
           {
-            hostName = "argo-phi2";
+            hostName = "slave-desktop-tunnel";
             maxJobs = 40;
             speedFactor = 1;
             sshKey = "/run/id_buildfarm";
-            sshUser = "freux";
+            sshUser = "fre";
             systems = ["builtin" "x86_64-linux" "i686-linux"];
             supportedFeatures = [ "nixos-test" "benchmark" "icc" ];
           }
@@ -56,6 +65,14 @@ in
         extraOptions = "auto-optimise-store = true";
       };
 
+      programs.ssh.extraConfig = ''
+        Host slave-desktop-tunnel
+        HostName localhost
+        Port 2210
+        User frex
+        IdentityFile /run/id_buildfarm
+      '';
+
       networking = {
         firewall = {
           allowedTCPPorts=[ 2210 80 443 8081];
@@ -67,10 +84,10 @@ in
         user = "hydra-queue-runner";
         group= "hydra";
         virtualHosts = {
-          "140.221.10.9" = {
-            basicAuth =  { argo = "${builtins.readFile ./auth_argo.secret}"; };
-            #enableACME = true;
-            #forceSSL = true;
+          "argo.freux.fr" = {
+            basicAuth = { argo = "${builtins.readFile ./auth_argo.secret}"; };
+            enableACME = true;
+            forceSSL = true;
               locations."/store".root="/nix";
               locations."/store".extraConfig="autoindex on;";
               locations."/cache".root="/var/lib/hydra";
@@ -78,7 +95,7 @@ in
               locations."/"= {
                 proxyPass="http://localhost:6080/";
                 extraConfig = ''
-                  proxy_redirect http://127.0.0.1:6080 http://140.221.10.9;
+                  proxy_redirect http://127.0.0.1:6080 https://argo.freux.fr;
                   proxy_set_header  Host              $host;
                   proxy_set_header  X-Real-IP         $remote_addr;
                   proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
@@ -89,7 +106,7 @@ in
               locations."/hydra"= {
                 proxyPass="http://localhost:8080/";
                 extraConfig = ''
-                  proxy_redirect http://127.0.0.1:8080 http://140.221.10.9/hydra;
+                  proxy_redirect http://127.0.0.1:8080 https://argo.freux.fr/hydra;
                   proxy_set_header  Host              $host;
                   proxy_set_header  X-Real-IP         $remote_addr;
                   proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
@@ -104,17 +121,17 @@ in
       services.hydra = {
         useSubstitutes = true;
         enable = true;
-        hydraURL = "http://140.221.10.9/hydra";
+        hydraURL = "https://argo.freux.fr/hydra";
         listenHost = "localhost";
         notificationSender = "hydra@example.org";
         port = 8080;
         extraConfig = ''
-          store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/140.221.10.9/secret
+          store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/argo.freux.fr/secret
           using_frontend_proxy 1
-          base_uri 140.221.10.9/hydra
-          binary_cache_public_uri 140.221.10.9/cache
+          base_uri argo.freux.fr/hydra
+          binary_cache_public_uri argo.freux.fr/cache
           max_output_size = 4294967296
-          secret-key=/etc/nix/140.221.10.9/secret
+          secret-key=/etc/nix/argo.freux.fr/secret
         '';
         buildMachinesFiles = [ "/etc/nix/machines" ];
       };
@@ -153,11 +170,11 @@ in
             /run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin
             /run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin
             # create signing keys
-            /run/current-system/sw/bin/install -d -m 551 /etc/nix/140.221.10.9
-            /run/current-system/sw/bin/nix-store --generate-binary-cache-key 140.221.10.9 /etc/nix/140.221.10.9/secret /etc/nix/140.221.10.9/public
-            /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/140.221.10.9
-            /run/current-system/sw/bin/chmod 440 /etc/nix/140.221.10.9/secret
-            /run/current-system/sw/bin/chmod 444 /etc/nix/140.221.10.9/public
+            /run/current-system/sw/bin/install -d -m 551 /etc/nix/argo.freux.fr
+            /run/current-system/sw/bin/nix-store --generate-binary-cache-key argo.freux.fr /etc/nix/argo.freux.fr/secret /etc/nix/argo.freux.fr/public
+            /run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/argo.freux.fr
+            /run/current-system/sw/bin/chmod 440 /etc/nix/argo.freux.fr/secret
+            /run/current-system/sw/bin/chmod 444 /etc/nix/argo.freux.fr/public
             #store
             /run/current-system/sw/bin/install -d -m 776 /var/lib/hydra/cache
             /run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
@@ -194,34 +211,65 @@ in
           }
         '';
       };
+      users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+      users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
      };
 
-    #slave1 =
-    #{ ... }:
-    #{
-      #deployment.targetEnv = "none";
-      #deployment.targetHost = "129.114.111.114";
-
-      #require=argomodules;
-      #environment.argo.known-hosts.enable=true;
-      #environment.argo.provider-tacc.enable=true;
-      #environment.argo.root-access.enable=true;
-
-      #environment.variables.TERM = "xterm";
-
-      #i18n.defaultLocale = "en_US.UTF-8";
-      #nix.useSandbox = true;
-      #nix.nrBuildUsers = 30;
-      #services.ntp.enable = false;
-      #services.openssh.allowSFTP = false;
-
-      #nix.gc = {
-        #automatic = true;
-        #dates = "05:15";
-        #options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
-      #};
-
-      #services.openssh.enable = true;
-      #users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
-     #};
+     slave-desktop =
+     { ... }:
+     {
+       deployment.targetEnv = "none";
+       deployment.targetHost = "140.221.10.9";
+
+        deployment.keys."id_buildfarm" = {
+          destDir = "/run";
+          keyFile = ./id_buildfarm.secret;
+          user = "fre";
+          group = "users";
+          permissions = "600";
+        };
+
+        systemd.services.tunnel-hydra= {
+          path = [pkgs.autossh];
+          enable= true;
+          description = "ssh tunnel to hydra";
+          after = [];
+          wantedBy = [ "multi-user.target" ];
+          environment.AUTOSSH_GATETIME="0";
+          environment.AUTOSSH_POLL="30";
+          serviceConfig = {
+            User = "fre";
+            Restart = "on-success";
+            Type = "simple";
+            ExecStart = ''
+              ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
+           '';
+          };
+        };
+
+       require=argomodules;
+       environment.argo.known-hosts.enable=true;
+       environment.argo.provider-openspace.enable=true;
+       environment.argo.root-access.enable=true;
+
+       environment.variables.TERM = "xterm";
+
+       i18n.defaultLocale = "en_US.UTF-8";
+       nix.useSandbox = true;
+       nix.nrBuildUsers = 30;
+       nix.trustedUsers=["root" "fre" ];
+
+       services.ntp.enable = false;
+       services.openssh.allowSFTP = false;
+
+       nix.gc = {
+         automatic = true;
+         dates = "05:15";
+         options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
+       };
+      services.openssh.enable = true;
+      users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+      users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+      };
+
    }

deployments/send-secret.sh

-#!/usr/bin/env bash
-
-echo "extracting/sending hydra-master secret key from password store"
-pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@140.221.10.9 'cat > /run/id_buildfarm'
-echo "chown-ing the key on the machine"
-ssh root@140.221.10.9 'chown hydra-queue-runner:hydra /run/id_buildfarm'
-ssh root@140.221.10.9 'chmod 600 /run/id_buildfarm'

modules/ssh-config/ssh_config

+Host argo-phi2
+HostName localhost
+Port 2210
+User freux
+IdentityFile /run/id_buildfarm

pkgs/default.nix

@@ -97,6 +97,8 @@ let
       constituents = [ ];
     };
 
+    debs = {libnrm = pkgs.releaseTools.debBuild argopkgs.nodelevel.libnrm;};
+
   };
 
-in argopkgs
+in argopkgs // debs