Commit 416bbc2a authored by Valentin Reis's avatar Valentin Reis
Browse files

[Refactor] adding deb builds.

parent 6fa74c77
No preview for this file type
......@@ -11,12 +11,23 @@ in
network.description = "argo-ci";
network.enableRollback = false;
hydra =
hydra-tacc =
{ config, ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = "argo.freux.fr";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./id_buildfarm.secret;
user = "hydra-queue-runner";
group = "hydra";
permissions = "600";
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-openspace.enable=true;
environment.argo.provider-tacc.enable=true;
environment.argo.root-access.enable=true;
environment.argo.ssh-config.enable=true;
......@@ -24,8 +35,6 @@ in
imports = [ "${hydraSrc}/hydra-module.nix" ];
deployment.targetEnv = "none";
deployment.targetHost = "140.221.10.9";
i18n.defaultLocale = "en_US.UTF-8";
services.ntp.enable = false;
......@@ -44,11 +53,11 @@ in
distributedBuilds = true;
buildMachines = [
{
hostName = "argo-phi2";
hostName = "slave-desktop-tunnel";
maxJobs = 40;
speedFactor = 1;
sshKey = "/run/id_buildfarm";
sshUser = "freux";
sshUser = "fre";
systems = ["builtin" "x86_64-linux" "i686-linux"];
supportedFeatures = [ "nixos-test" "benchmark" "icc" ];
}
......@@ -56,6 +65,14 @@ in
extraOptions = "auto-optimise-store = true";
};
programs.ssh.extraConfig = ''
Host slave-desktop-tunnel
HostName localhost
Port 2210
User frex
IdentityFile /run/id_buildfarm
'';
networking = {
firewall = {
allowedTCPPorts=[ 2210 80 443 8081];
......@@ -67,10 +84,10 @@ in
user = "hydra-queue-runner";
group= "hydra";
virtualHosts = {
"140.221.10.9" = {
basicAuth = { argo = "${builtins.readFile ./auth_argo.secret}"; };
#enableACME = true;
#forceSSL = true;
"argo.freux.fr" = {
basicAuth = { argo = "${builtins.readFile ./auth_argo.secret}"; };
enableACME = true;
forceSSL = true;
locations."/store".root="/nix";
locations."/store".extraConfig="autoindex on;";
locations."/cache".root="/var/lib/hydra";
......@@ -78,7 +95,7 @@ in
locations."/"= {
proxyPass="http://localhost:6080/";
extraConfig = ''
proxy_redirect http://127.0.0.1:6080 http://140.221.10.9;
proxy_redirect http://127.0.0.1:6080 https://argo.freux.fr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......@@ -89,7 +106,7 @@ in
locations."/hydra"= {
proxyPass="http://localhost:8080/";
extraConfig = ''
proxy_redirect http://127.0.0.1:8080 http://140.221.10.9/hydra;
proxy_redirect http://127.0.0.1:8080 https://argo.freux.fr/hydra;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......@@ -104,17 +121,17 @@ in
services.hydra = {
useSubstitutes = true;
enable = true;
hydraURL = "http://140.221.10.9/hydra";
hydraURL = "https://argo.freux.fr/hydra";
listenHost = "localhost";
notificationSender = "hydra@example.org";
port = 8080;
extraConfig = ''
store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/140.221.10.9/secret
store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/argo.freux.fr/secret
using_frontend_proxy 1
base_uri 140.221.10.9/hydra
binary_cache_public_uri 140.221.10.9/cache
base_uri argo.freux.fr/hydra
binary_cache_public_uri argo.freux.fr/cache
max_output_size = 4294967296
secret-key=/etc/nix/140.221.10.9/secret
secret-key=/etc/nix/argo.freux.fr/secret
'';
buildMachinesFiles = [ "/etc/nix/machines" ];
};
......@@ -153,11 +170,11 @@ in
/run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin
/run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/140.221.10.9
/run/current-system/sw/bin/nix-store --generate-binary-cache-key 140.221.10.9 /etc/nix/140.221.10.9/secret /etc/nix/140.221.10.9/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/140.221.10.9
/run/current-system/sw/bin/chmod 440 /etc/nix/140.221.10.9/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/140.221.10.9/public
/run/current-system/sw/bin/install -d -m 551 /etc/nix/argo.freux.fr
/run/current-system/sw/bin/nix-store --generate-binary-cache-key argo.freux.fr /etc/nix/argo.freux.fr/secret /etc/nix/argo.freux.fr/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/argo.freux.fr
/run/current-system/sw/bin/chmod 440 /etc/nix/argo.freux.fr/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/argo.freux.fr/public
#store
/run/current-system/sw/bin/install -d -m 776 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
......@@ -194,34 +211,65 @@ in
}
'';
};
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
#slave1 =
#{ ... }:
#{
#deployment.targetEnv = "none";
#deployment.targetHost = "129.114.111.114";
#require=argomodules;
#environment.argo.known-hosts.enable=true;
#environment.argo.provider-tacc.enable=true;
#environment.argo.root-access.enable=true;
#environment.variables.TERM = "xterm";
#i18n.defaultLocale = "en_US.UTF-8";
#nix.useSandbox = true;
#nix.nrBuildUsers = 30;
#services.ntp.enable = false;
#services.openssh.allowSFTP = false;
#nix.gc = {
#automatic = true;
#dates = "05:15";
#options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
#};
#services.openssh.enable = true;
#users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
#};
slave-desktop =
{ ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = "140.221.10.9";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
systemd.services.tunnel-hydra= {
path = [pkgs.autossh];
enable= true;
description = "ssh tunnel to hydra";
after = [];
wantedBy = [ "multi-user.target" ];
environment.AUTOSSH_GATETIME="0";
environment.AUTOSSH_POLL="30";
serviceConfig = {
User = "fre";
Restart = "on-success";
Type = "simple";
ExecStart = ''
${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
'';
};
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-openspace.enable=true;
environment.argo.root-access.enable=true;
environment.variables.TERM = "xterm";
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
services.ntp.enable = false;
services.openssh.allowSFTP = false;
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
}
#!/usr/bin/env bash
echo "extracting/sending hydra-master secret key from password store"
pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@140.221.10.9 'cat > /run/id_buildfarm'
echo "chown-ing the key on the machine"
ssh root@140.221.10.9 'chown hydra-queue-runner:hydra /run/id_buildfarm'
ssh root@140.221.10.9 'chmod 600 /run/id_buildfarm'
Host argo-phi2
HostName localhost
Port 2210
User freux
IdentityFile /run/id_buildfarm
......@@ -97,6 +97,8 @@ let
constituents = [ ];
};
debs = {libnrm = pkgs.releaseTools.debBuild argopkgs.nodelevel.libnrm;};
};
in argopkgs
in argopkgs // debs
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment