Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
argo
argopkgs
Commits
416bbc2a
Commit
416bbc2a
authored
Nov 14, 2018
by
Valentin Reis
Browse files
[Refactor] adding deb builds.
parent
6fa74c77
Changes
6
Hide whitespace changes
Inline
Side-by-side
deployments/argo.nixops
View file @
416bbc2a
No preview for this file type
deployments/ci.nix
View file @
416bbc2a
...
...
@@ -11,12 +11,23 @@ in
network
.
description
=
"argo-ci"
;
network
.
enableRollback
=
false
;
hydra
=
hydra
-tacc
=
{
config
,
...
}:
{
deployment
.
targetEnv
=
"none"
;
deployment
.
targetHost
=
"argo.freux.fr"
;
deployment
.
keys
.
"id_buildfarm"
=
{
destDir
=
"/run"
;
keyFile
=
./id_buildfarm.secret
;
user
=
"hydra-queue-runner"
;
group
=
"hydra"
;
permissions
=
"600"
;
};
require
=
argomodules
;
environment
.
argo
.
known-hosts
.
enable
=
true
;
environment
.
argo
.
provider-
opensp
ac
e
.
enable
=
true
;
environment
.
argo
.
provider-
t
ac
c
.
enable
=
true
;
environment
.
argo
.
root-access
.
enable
=
true
;
environment
.
argo
.
ssh-config
.
enable
=
true
;
...
...
@@ -24,8 +35,6 @@ in
imports
=
[
"
${
hydraSrc
}
/hydra-module.nix"
];
deployment
.
targetEnv
=
"none"
;
deployment
.
targetHost
=
"140.221.10.9"
;
i18n
.
defaultLocale
=
"en_US.UTF-8"
;
services
.
ntp
.
enable
=
false
;
...
...
@@ -44,11 +53,11 @@ in
distributedBuilds
=
true
;
buildMachines
=
[
{
hostName
=
"
argo-phi2
"
;
hostName
=
"
slave-desktop-tunnel
"
;
maxJobs
=
40
;
speedFactor
=
1
;
sshKey
=
"/run/id_buildfarm"
;
sshUser
=
"fre
ux
"
;
sshUser
=
"fre"
;
systems
=
[
"builtin"
"x86_64-linux"
"i686-linux"
];
supportedFeatures
=
[
"nixos-test"
"benchmark"
"icc"
];
}
...
...
@@ -56,6 +65,14 @@ in
extraOptions
=
"auto-optimise-store = true"
;
};
programs
.
ssh
.
extraConfig
=
''
Host slave-desktop-tunnel
HostName localhost
Port 2210
User frex
IdentityFile /run/id_buildfarm
''
;
networking
=
{
firewall
=
{
allowedTCPPorts
=
[
2210
80
443
8081
];
...
...
@@ -67,10 +84,10 @@ in
user
=
"hydra-queue-runner"
;
group
=
"hydra"
;
virtualHosts
=
{
"
140.221.10.9
"
=
{
basicAuth
=
{
argo
=
"
${
builtins
.
readFile
./auth_argo.secret
}
"
;
};
#
enableACME = true;
#
forceSSL = true;
"
argo.freux.fr
"
=
{
basicAuth
=
{
argo
=
"
${
builtins
.
readFile
./auth_argo.secret
}
"
;
};
enableACME
=
true
;
forceSSL
=
true
;
locations
.
"/store"
.
root
=
"/nix"
;
locations
.
"/store"
.
extraConfig
=
"autoindex on;"
;
locations
.
"/cache"
.
root
=
"/var/lib/hydra"
;
...
...
@@ -78,7 +95,7 @@ in
locations
.
"/"
=
{
proxyPass
=
"http://localhost:6080/"
;
extraConfig
=
''
proxy_redirect http://127.0.0.1:6080 http://
140.221.10.9
;
proxy_redirect http://127.0.0.1:6080 http
s
://
argo.freux.fr
;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
...
@@ -89,7 +106,7 @@ in
locations
.
"/hydra"
=
{
proxyPass
=
"http://localhost:8080/"
;
extraConfig
=
''
proxy_redirect http://127.0.0.1:8080 http://
140.221.10.9
/hydra;
proxy_redirect http://127.0.0.1:8080 http
s
://
argo.freux.fr
/hydra;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
...
@@ -104,17 +121,17 @@ in
services
.
hydra
=
{
useSubstitutes
=
true
;
enable
=
true
;
hydraURL
=
"http://
140.221.10.9
/hydra"
;
hydraURL
=
"http
s
://
argo.freux.fr
/hydra"
;
listenHost
=
"localhost"
;
notificationSender
=
"hydra@example.org"
;
port
=
8080
;
extraConfig
=
''
store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/
140.221.10.9
/secret
store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/
argo.freux.fr
/secret
using_frontend_proxy 1
base_uri
140.221.10.9
/hydra
binary_cache_public_uri
140.221.10.9
/cache
base_uri
argo.freux.fr
/hydra
binary_cache_public_uri
argo.freux.fr
/cache
max_output_size = 4294967296
secret-key=/etc/nix/
140.221.10.9
/secret
secret-key=/etc/nix/
argo.freux.fr
/secret
''
;
buildMachinesFiles
=
[
"/etc/nix/machines"
];
};
...
...
@@ -153,11 +170,11 @@ in
/run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin
/run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/
140.221.10.9
/run/current-system/sw/bin/nix-store --generate-binary-cache-key
140.221.10.9 /etc/nix/140.221.10.9
/secret /etc/nix/
140.221.10.9
/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/
140.221.10.9
/run/current-system/sw/bin/chmod 440 /etc/nix/
140.221.10.9
/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/
140.221.10.9
/public
/run/current-system/sw/bin/install -d -m 551 /etc/nix/
argo.freux.fr
/run/current-system/sw/bin/nix-store --generate-binary-cache-key
argo.freux.fr /etc/nix/argo.freux.fr
/secret /etc/nix/
argo.freux.fr
/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/
argo.freux.fr
/run/current-system/sw/bin/chmod 440 /etc/nix/
argo.freux.fr
/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/
argo.freux.fr
/public
#store
/run/current-system/sw/bin/install -d -m 776 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
...
...
@@ -194,34 +211,65 @@ in
}
''
;
};
users
.
extraUsers
.
root
.
openssh
.
authorizedKeys
.
keys
=
[
(
pkgs
.
lib
.
readFile
./keys/id_buildfarm.pub
)];
users
.
extraUsers
.
fre
.
openssh
.
authorizedKeys
.
keys
=
[
(
pkgs
.
lib
.
readFile
./keys/id_buildfarm.pub
)];
};
#slave1 =
#{ ... }:
#{
#deployment.targetEnv = "none";
#deployment.targetHost = "129.114.111.114";
#require=argomodules;
#environment.argo.known-hosts.enable=true;
#environment.argo.provider-tacc.enable=true;
#environment.argo.root-access.enable=true;
#environment.variables.TERM = "xterm";
#i18n.defaultLocale = "en_US.UTF-8";
#nix.useSandbox = true;
#nix.nrBuildUsers = 30;
#services.ntp.enable = false;
#services.openssh.allowSFTP = false;
#nix.gc = {
#automatic = true;
#dates = "05:15";
#options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
#};
#services.openssh.enable = true;
#users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
#};
slave-desktop
=
{
...
}:
{
deployment
.
targetEnv
=
"none"
;
deployment
.
targetHost
=
"140.221.10.9"
;
deployment
.
keys
.
"id_buildfarm"
=
{
destDir
=
"/run"
;
keyFile
=
./id_buildfarm.secret
;
user
=
"fre"
;
group
=
"users"
;
permissions
=
"600"
;
};
systemd
.
services
.
tunnel-hydra
=
{
path
=
[
pkgs
.
autossh
];
enable
=
true
;
description
=
"ssh tunnel to hydra"
;
after
=
[];
wantedBy
=
[
"multi-user.target"
];
environment
.
AUTOSSH_GATETIME
=
"0"
;
environment
.
AUTOSSH_POLL
=
"30"
;
serviceConfig
=
{
User
=
"fre"
;
Restart
=
"on-success"
;
Type
=
"simple"
;
ExecStart
=
''
${
pkgs
.
autossh
}
/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
''
;
};
};
require
=
argomodules
;
environment
.
argo
.
known-hosts
.
enable
=
true
;
environment
.
argo
.
provider-openspace
.
enable
=
true
;
environment
.
argo
.
root-access
.
enable
=
true
;
environment
.
variables
.
TERM
=
"xterm"
;
i18n
.
defaultLocale
=
"en_US.UTF-8"
;
nix
.
useSandbox
=
true
;
nix
.
nrBuildUsers
=
30
;
nix
.
trustedUsers
=
[
"root"
"fre"
];
services
.
ntp
.
enable
=
false
;
services
.
openssh
.
allowSFTP
=
false
;
nix
.
gc
=
{
automatic
=
true
;
dates
=
"05:15"
;
options
=
''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 |
${
pkgs
.
gawk
}
/bin/awk '{ print $4 }')))"''
;
};
services
.
openssh
.
enable
=
true
;
users
.
extraUsers
.
root
.
openssh
.
authorizedKeys
.
keys
=
[
(
pkgs
.
lib
.
readFile
./keys/id_buildfarm.pub
)];
users
.
extraUsers
.
fre
.
openssh
.
authorizedKeys
.
keys
=
[
(
pkgs
.
lib
.
readFile
./keys/id_buildfarm.pub
)];
};
}
deployments/id_buildfarm.secret
0 → 100644
View file @
416bbc2a
File added
deployments/send-secret.sh
deleted
100755 → 0
View file @
6fa74c77
#!/usr/bin/env bash
echo
"extracting/sending hydra-master secret key from password store"
pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@140.221.10.9
'cat > /run/id_buildfarm'
echo
"chown-ing the key on the machine"
ssh root@140.221.10.9
'chown hydra-queue-runner:hydra /run/id_buildfarm'
ssh root@140.221.10.9
'chmod 600 /run/id_buildfarm'
modules/ssh-config/ssh_config
View file @
416bbc2a
Host
argo-phi2
HostName
localhost
Port
2210
User
freux
IdentityFile
/run/id_buildfarm
pkgs/default.nix
View file @
416bbc2a
...
...
@@ -97,6 +97,8 @@ let
constituents
=
[
];
};
debs
=
{
libnrm
=
pkgs
.
releaseTools
.
debBuild
argopkgs
.
nodelevel
.
libnrm
;};
};
in
argopkgs
in
argopkgs
//
debs
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment