Commit 5aa44127 authored by Valentin Reis's avatar Valentin Reis
Browse files

Adds swann's key to the chameleon gitlab runners.

parent b1b425c6
Pipeline #5423 passed with stages
in 12 minutes and 28 seconds
No preview for this file type
......@@ -2,15 +2,197 @@
pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;}
}:
let
keys = [ (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
argopkgs = import ../pkgs {};
hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
argomodules = import ../modules/module-list.nix;
mkChameleonRunner = ip:
{ ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = ip;
imports = [ ./gitlab-runner.nix];
time.timeZone = "America/Chicago";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
systemd.services.tunnel-hydra= {
path = [pkgs.autossh];
enable= true;
description = "ssh tunnel to hydra";
after = [];
wantedBy = [ "multi-user.target" ];
environment.AUTOSSH_GATETIME="0";
environment.AUTOSSH_POLL="30";
serviceConfig = {
User = "fre";
Restart = "on-success";
Type = "simple";
ExecStart = ''
${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
'';
};
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-tacc.enable=true;
environment.argo.root-access.enable=true;
environment.argo.ssh-config.enable=true;
environment.variables.TERM = "xterm";
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
services.ntp.enable = false;
services.openssh.allowSFTP = false;
environment.systemPackages = [ pkgs.git ];
virtualisation.docker.enable = true;
services.gitlab-runner2.enable = true;
services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
in
{
network.description = "argo-ci";
network.enableRollback = false;
gitlab-runner-4 = mkChameleonRunner "129.114.111.114";
gitlab-runner-3 = mkChameleonRunner "129.114.110.3";
gitlab-runner-2 = mkChameleonRunner "129.114.111.116";
gitlab-runner-1 = mkChameleonRunner "129.114.33.201";
slave-desktop =
{ ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = "140.221.10.9";
imports = [ ./gitlab-runner.nix];
time.timeZone = "America/Chicago";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
systemd.services.tunnel-hydra= {
path = [pkgs.autossh];
enable= true;
description = "ssh tunnel to hydra";
after = [];
wantedBy = [ "multi-user.target" ];
environment.AUTOSSH_GATETIME="0";
environment.AUTOSSH_POLL="30";
serviceConfig = {
User = "fre";
Restart = "on-success";
Type = "simple";
ExecStart = ''
${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
'';
};
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-openspace.enable=true;
environment.argo.root-access.enable=true;
environment.variables.TERM = "xterm";
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
services.ntp.enable = false;
services.openssh.allowSFTP = false;
environment.systemPackages = [ pkgs.git ];
virtualisation.docker.enable = true;
services.gitlab-runner2.enable = true;
services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
#services.gitlab-runner = {
#enable = true;
#packages = [ pkgs.bash pkgs.docker-machine pkgs.shadow];
#configFile = ./gitlab-ci.toml;
#configOptions = {
#concurrent = 2;
#runners = [ { builds_dir = "";
#docker = { cache_dir = "";
#disable_cache = true;
#host = "";
#image = "nixos/nix:2.1.3";
#privileged = true;
#};
#executor = "docker";
#name = "docker-nix-2.1.3";
#token = pkgs.lib.removeSuffix "\n" (builtins.readFile ./gitlab_token.secret);
#url = "https://xgitlab.cels.anl.gov/";
#}];
#};
#};
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
}
#hydra-tacc =
#{ config, ... }:
#{
......@@ -225,103 +407,3 @@ in
#users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
#users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
#};
slave-desktop =
{ ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = "140.221.10.9";
imports = [ ./gitlab-runner.nix];
time.timeZone = "America/Chicago";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
systemd.services.tunnel-hydra= {
path = [pkgs.autossh];
enable= true;
description = "ssh tunnel to hydra";
after = [];
wantedBy = [ "multi-user.target" ];
environment.AUTOSSH_GATETIME="0";
environment.AUTOSSH_POLL="30";
serviceConfig = {
User = "fre";
Restart = "on-success";
Type = "simple";
ExecStart = ''
${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
'';
};
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-openspace.enable=true;
environment.argo.root-access.enable=true;
environment.variables.TERM = "xterm";
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
services.ntp.enable = false;
services.openssh.allowSFTP = false;
environment.systemPackages = [ pkgs.git ];
virtualisation.docker.enable = true;
services.gitlab-runner2.enable = true;
services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg";
services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
#services.gitlab-runner = {
#enable = true;
#packages = [ pkgs.bash pkgs.docker-machine pkgs.shadow];
#configFile = ./gitlab-ci.toml;
#configOptions = {
#concurrent = 2;
#runners = [ { builds_dir = "";
#docker = { cache_dir = "";
#disable_cache = true;
#host = "";
#image = "nixos/nix:2.1.3";
#privileged = true;
#};
#executor = "docker";
#name = "docker-nix-2.1.3";
#token = pkgs.lib.removeSuffix "\n" (builtins.readFile ./gitlab_token.secret);
#url = "https://xgitlab.cels.anl.gov/";
#}];
#};
#};
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
}
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7WdTdLtIYB940NdQTTyBVcBkFBoPmBcJGLxCEXkN+lvAkBhv45YkpM5SC1fLgybYAMcMnwg9qOV5z15w3V/tTY+pFx+bMJ7S+AqmSr4/fPe47GvXM8PlN18wh5K4rTXBdWGrqLuLSpadMGVcgG9plYLa/hMygX/WPbKTNKKhZH3mbqlJxiDTmmKNsK8lby6/kiDCEe2riiCXJ4ZervA4PD+mAIhQg9Qw7GpvS1u81LQj1/Wyo8Otjj47y2VME6JIaGMvT9dQeegcD0UIGgncMdnY7htWUuBrEf++oCDeSwte3Asp7DpsQhkVSce+bNa39y1DaNhVlM+UkB+wTnsBJ perarnau@sakura
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment