Adds swann's key to the chameleon gitlab runners.

5aa44127 · Valentin Reis · b1b425c6 · 5aa44127 · 5aa44127 · 5aa44127
Commit 5aa44127 authored Feb 18, 2019 by Valentin Reis
--- a/deployments/argo.nixops
+++ b/deployments/argo.nixops
--- a/deployments/ci.nix
+++ b/deployments/ci.nix
@@ -2,15 +2,197 @@
  pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;}
 }:
 let
-  keys = [ (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
+  keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
  argopkgs = import ../pkgs {};
  hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
  argomodules = import ../modules/module-list.nix;
+  mkChameleonRunner = ip:
+  { ... }:
+  {
+    deployment.targetEnv = "none";
+    deployment.targetHost = ip;
+
+    imports = [ ./gitlab-runner.nix];
+
+     time.timeZone = "America/Chicago";
+
+     deployment.keys."id_buildfarm" = {
+       destDir = "/run";
+       keyFile = ./id_buildfarm.secret;
+       user = "fre";
+       group = "users";
+       permissions = "600";
+     };
+
+     deployment.keys."gitlab.cfg" = {
+       destDir = "/run";
+       keyFile = ./gitlab.cfg.secret;
+       user = "fre";
+       group = "users";
+       permissions = "600";
+     };
+
+     systemd.services.tunnel-hydra= {
+       path = [pkgs.autossh];
+       enable= true;
+       description = "ssh tunnel to hydra";
+       after = [];
+       wantedBy = [ "multi-user.target" ];
+       environment.AUTOSSH_GATETIME="0";
+       environment.AUTOSSH_POLL="30";
+       serviceConfig = {
+         User = "fre";
+         Restart = "on-success";
+         Type = "simple";
+         ExecStart = ''
+           ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
+        '';
+       };
+     };
+
+    require=argomodules;
+    environment.argo.known-hosts.enable=true;
+    environment.argo.provider-tacc.enable=true;
+    environment.argo.root-access.enable=true;
+    environment.argo.ssh-config.enable=true;
+
+    environment.variables.TERM = "xterm";
+
+    i18n.defaultLocale = "en_US.UTF-8";
+    nix.useSandbox = true;
+    nix.nrBuildUsers = 30;
+    nix.trustedUsers=["root" "fre" ];
+
+    services.ntp.enable = false;
+    services.openssh.allowSFTP = false;
+
+    environment.systemPackages = [ pkgs.git ];
+
+    virtualisation.docker.enable = true;
+
+    services.gitlab-runner2.enable = true;
+    services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
+    services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
+
+    nix.gc = {
+      automatic = true;
+      dates = "05:15";
+      options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
+    };
+   services.openssh.enable = true;
+   users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+   users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+   };
 in
  {
    network.description = "argo-ci";
    network.enableRollback = false;

+    gitlab-runner-4 = mkChameleonRunner "129.114.111.114";
+    gitlab-runner-3 = mkChameleonRunner "129.114.110.3";
+    gitlab-runner-2 = mkChameleonRunner "129.114.111.116";
+    gitlab-runner-1 = mkChameleonRunner "129.114.33.201";
+
+    slave-desktop =
+    { ... }:
+    {
+      deployment.targetEnv = "none";
+      deployment.targetHost = "140.221.10.9";
+
+      imports = [ ./gitlab-runner.nix];
+
+       time.timeZone = "America/Chicago";
+
+       deployment.keys."id_buildfarm" = {
+         destDir = "/run";
+         keyFile = ./id_buildfarm.secret;
+         user = "fre";
+         group = "users";
+         permissions = "600";
+       };
+
+       deployment.keys."gitlab.cfg" = {
+         destDir = "/run";
+         keyFile = ./gitlab.cfg.secret;
+         user = "fre";
+         group = "users";
+         permissions = "600";
+       };
+
+       systemd.services.tunnel-hydra= {
+         path = [pkgs.autossh];
+         enable= true;
+         description = "ssh tunnel to hydra";
+         after = [];
+         wantedBy = [ "multi-user.target" ];
+         environment.AUTOSSH_GATETIME="0";
+         environment.AUTOSSH_POLL="30";
+         serviceConfig = {
+           User = "fre";
+           Restart = "on-success";
+           Type = "simple";
+           ExecStart = ''
+             ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
+          '';
+         };
+       };
+
+      require=argomodules;
+      environment.argo.known-hosts.enable=true;
+      environment.argo.provider-openspace.enable=true;
+      environment.argo.root-access.enable=true;
+
+      environment.variables.TERM = "xterm";
+
+      i18n.defaultLocale = "en_US.UTF-8";
+      nix.useSandbox = true;
+      nix.nrBuildUsers = 30;
+      nix.trustedUsers=["root" "fre" ];
+
+      services.ntp.enable = false;
+      services.openssh.allowSFTP = false;
+
+      environment.systemPackages = [ pkgs.git ];
+
+      virtualisation.docker.enable = true;
+
+      services.gitlab-runner2.enable = true;
+      services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
+      services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
+
+      #services.gitlab-runner = {
+        #enable = true;
+        #packages = [ pkgs.bash pkgs.docker-machine pkgs.shadow];
+        #configFile = ./gitlab-ci.toml;
+        #configOptions = 	{
+          #concurrent = 2;
+          #runners = [ { builds_dir = "";
+            #docker = { cache_dir = "";
+              #disable_cache = true;
+              #host = "";
+              #image = "nixos/nix:2.1.3";
+              #privileged = true;
+            #};
+            #executor = "docker";
+            #name = "docker-nix-2.1.3";
+            #token = pkgs.lib.removeSuffix "\n"  (builtins.readFile ./gitlab_token.secret);
+            #url = "https://xgitlab.cels.anl.gov/";
+          #}];
+        #};
+      #};
+
+      nix.gc = {
+        automatic = true;
+        dates = "05:15";
+        options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
+      };
+     services.openssh.enable = true;
+     users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+     users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
+     };
+
+   }
+
    #hydra-tacc =
    #{ config, ... }:
    #{
@@ -225,103 +407,3 @@ in
      #users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
      #users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
     #};
-
-     slave-desktop =
-     { ... }:
-     {
-       deployment.targetEnv = "none";
-       deployment.targetHost = "140.221.10.9";
-
-       imports = [ ./gitlab-runner.nix];
-
-        time.timeZone = "America/Chicago";
-
-        deployment.keys."id_buildfarm" = {
-          destDir = "/run";
-          keyFile = ./id_buildfarm.secret;
-          user = "fre";
-          group = "users";
-          permissions = "600";
-        };
-
-        deployment.keys."gitlab.cfg" = {
-          destDir = "/run";
-          keyFile = ./gitlab.cfg.secret;
-          user = "fre";
-          group = "users";
-          permissions = "600";
-        };
-
-        systemd.services.tunnel-hydra= {
-          path = [pkgs.autossh];
-          enable= true;
-          description = "ssh tunnel to hydra";
-          after = [];
-          wantedBy = [ "multi-user.target" ];
-          environment.AUTOSSH_GATETIME="0";
-          environment.AUTOSSH_POLL="30";
-          serviceConfig = {
-            User = "fre";
-            Restart = "on-success";
-            Type = "simple";
-            ExecStart = ''
-              ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
-           '';
-          };
-        };
-
-       require=argomodules;
-       environment.argo.known-hosts.enable=true;
-       environment.argo.provider-openspace.enable=true;
-       environment.argo.root-access.enable=true;
-
-       environment.variables.TERM = "xterm";
-
-       i18n.defaultLocale = "en_US.UTF-8";
-       nix.useSandbox = true;
-       nix.nrBuildUsers = 30;
-       nix.trustedUsers=["root" "fre" ];
-
-       services.ntp.enable = false;
-       services.openssh.allowSFTP = false;
-
-       environment.systemPackages = [ pkgs.git ];
-
-       virtualisation.docker.enable = true;
-
-       services.gitlab-runner2.enable = true;
-       services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
-       services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
-
-       #services.gitlab-runner = {
-         #enable = true;
-         #packages = [ pkgs.bash pkgs.docker-machine pkgs.shadow];
-         #configFile = ./gitlab-ci.toml;
-         #configOptions = 	{
-           #concurrent = 2;
-           #runners = [ { builds_dir = "";
-             #docker = { cache_dir = "";
-               #disable_cache = true;
-               #host = "";
-               #image = "nixos/nix:2.1.3";
-               #privileged = true;
-             #};
-             #executor = "docker";
-             #name = "docker-nix-2.1.3";
-             #token = pkgs.lib.removeSuffix "\n"  (builtins.readFile ./gitlab_token.secret);
-             #url = "https://xgitlab.cels.anl.gov/";
-           #}];
-         #};
-       #};
-
-       nix.gc = {
-         automatic = true;
-         dates = "05:15";
-         options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
-       };
-      services.openssh.enable = true;
-      users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
-      users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
-      };
-
-   }
--- a/deployments/keys/id_rsa_swann.pub
+++ b/deployments/keys/id_rsa_swann.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7WdTdLtIYB940NdQTTyBVcBkFBoPmBcJGLxCEXkN+lvAkBhv45YkpM5SC1fLgybYAMcMnwg9qOV5z15w3V/tTY+pFx+bMJ7S+AqmSr4/fPe47GvXM8PlN18wh5K4rTXBdWGrqLuLSpadMGVcgG9plYLa/hMygX/WPbKTNKKhZH3mbqlJxiDTmmKNsK8lby6/kiDCEe2riiCXJ4ZervA4PD+mAIhQg9Qw7GpvS1u81LQj1/Wyo8Otjj47y2VME6JIaGMvT9dQeegcD0UIGgncMdnY7htWUuBrEf++oCDeSwte3Asp7DpsQhkVSce+bNa39y1DaNhVlM+UkB+wTnsBJ perarnau@sakura