Commit 5bce51cb authored by Valentin Reis's avatar Valentin Reis
Browse files

updates for CI.

parent 85ccd4af
Pipeline #9460 failed with stages
in 6 minutes and 49 seconds
No preview for this file type
{
pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;}
}:
{ pkgs ? import ../pin.nix { jsonpath = ../nixpkgs-unstable.json; } }:
let
keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ];
argopkgs = import ../pkgs {};
hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz;
keys = [
(pkgs.lib.readFile keys/id_rsa_swann.pub)
(pkgs.lib.readFile keys/id_rsa_vrg.pub)
];
argopkgs = import ../pkgs { };
hydraSrc = builtins.fetchTarball
"https://github.com/nixos/hydra/archive/master.tar.gz";
argomodules = import ../modules/module-list.nix;
mkChameleonRunner = ip: { ... }:
{
deployment.targetEnv = "none";
deployment.targetHost = ip;
mkChameleonRunner = ip:
{ ... }: {
deployment.targetEnv = "none";
deployment.targetHost = ip;
imports = [ ./gitlab-runner.nix];
imports = [ ./gitlab-runner.nix ];
time.timeZone = "America/Chicago";
time.timeZone = "America/Chicago";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./keys/id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./keys/id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./keys/gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./keys/gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-tacc.enable=true;
environment.argo.root-access.enable=true;
environment.argo.ssh-config.enable=true;
require = argomodules;
environment.argo.known-hosts.enable = true;
environment.argo.provider-tacc.enable = true;
environment.argo.root-access.enable = true;
environment.argo.ssh-config.enable = true;
environment.argo.singularity ={
enable = true;
package = argopkgs.singularity;
};
environment.argo.singularity = {
enable = true;
package = argopkgs.singularity;
};
environment.variables.TERM = "xterm";
environment.variables.TERM = "xterm";
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.nrBuildUsers = 30;
nix.trustedUsers = [ "root" "fre" ];
services.ntp.enable = false;
services.openssh.allowSFTP = false;
services.ntp.enable = false;
services.openssh.allowSFTP = false;
environment.systemPackages = [ pkgs.unar pkgs.wget pkgs.git ];
environment.systemPackages = [ pkgs.unar pkgs.wget pkgs.git ];
virtualisation.docker.enable = true;
virtualisation.docker.enable = true;
services.gitlabrunner.enable = true;
services.gitlabrunner.name = "chameleon-runner-"+ip;
services.gitlabrunner.registrationConfigFile = "/run/gitlab.cfg";
services.gitlabrunner.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
services.gitlabrunner.enable = true;
services.gitlabrunner.name = "chameleon-runner-" + ip;
services.gitlabrunner.registrationConfigFile = "/run/gitlab.cfg";
services.gitlabrunner.packages =
[ pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git ];
#nix.gc = {
#nix.gc = {
#automatic = false;
#dates = "05:15";
#options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
#};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys ;
};
in
{
network.description = "argo-ci";
network.enableRollback = false;
gitlab-runner-1 = mkChameleonRunner "129.114.24.216";
gitlab-runner-2 = mkChameleonRunner "129.114.24.194";
gitlab-runner-3 = mkChameleonRunner "129.114.24.215";
gitlab-runner-4 = mkChameleonRunner "129.114.24.218";
gitlab-runner-5 = mkChameleonRunner "129.114.24.212";
gitlab-runner-physical =
{ ... }:
let ip = "140.221.10.88"; in
{
#};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys =
[ (pkgs.lib.readFile ./keys/id_buildfarm.pub) ] ++ keys;
users.extraUsers.fre.openssh.authorizedKeys.keys =
[ (pkgs.lib.readFile ./keys/id_buildfarm.pub) ] ++ keys;
};
in {
network.description = "argo-ci";
network.enableRollback = false;
gitlab-runner-1 = mkChameleonRunner "129.114.24.216";
gitlab-runner-2 = mkChameleonRunner "129.114.24.194";
gitlab-runner-3 = mkChameleonRunner "129.114.24.215";
gitlab-runner-4 = mkChameleonRunner "129.114.24.218";
#gitlab-runner-5 = mkChameleonRunner "129.114.24.212";
nix-store = { config, services, networking, ... }:
let ip = "129.114.24.212";
in {
deployment.targetEnv = "none";
deployment.targetHost = ip;
environment.argo.singularity ={
time.timeZone = "America/Chicago";
require = argomodules;
environment.argo.known-hosts.enable = true;
environment.argo.provider-openspace.enable = true;
environment.argo.root-access.enable = true;
#services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys =
[ (pkgs.lib.readFile ./keys/id_buildfarm.pub) ] ++ keys;
users.extraUsers.fre.openssh.authorizedKeys.keys =
[ (pkgs.lib.readFile ./keys/id_buildfarm.pub) ] ++ keys;
deployment.keys."nix-cache-key.sec" = {
destDir = "/run";
keyFile = ./keys/nix-cache-key.sec.secret;
user = "nix-serve";
group = "nogroup";
permissions = "600";
};
services.nix-serve = {
enable = true;
package = argopkgs.singularity;
secretKeyFile = "/run/nix-cache-key.sec";
};
imports = [ ./gitlab-runner.nix];
time.timeZone = "America/Chicago";
deployment.keys."id_buildfarm" = {
destDir = "/run";
keyFile = ./keys/id_buildfarm.secret;
user = "fre";
group = "users";
permissions = "600";
};
deployment.keys."gitlab.cfg" = {
destDir = "/run";
keyFile = ./keys/gitlab.cfg.secret;
user = "fre";
group = "users";
permissions = "600";
};
systemd.services.tunnel-hydra= {
path = [pkgs.autossh];
enable= true;
description = "ssh tunnel to hydra";
after = [];
wantedBy = [ "multi-user.target" ];
environment.AUTOSSH_GATETIME="0";
environment.AUTOSSH_POLL="30";
serviceConfig = {
User = "fre";
Restart = "on-success";
Type = "simple";
ExecStart = ''
${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm
'';
};
};
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-openspace.enable=true;
environment.argo.root-access.enable=true;
networking.firewall.allowedTCPPorts = [ 5000 80 3000 ];
networking.firewall.allowedUDPPorts = [ 5000 80 3000 ];
environment.variables.TERM = "xterm";
services.nginx = {
enable = true;
virtualHosts."_" = {
locations."/" = {
proxyPass =
"http://localhost:${toString config.services.hydra.port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
locations."/serve/" = {
proxyPass =
"http://localhost:${toString config.services.nix-serve.port}/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
i18n.defaultLocale = "en_US.UTF-8";
nix.useSandbox = true;
nix.maxJobs = 1;
nix.nrBuildUsers = 30;
nix.trustedUsers=["root" "fre" ];
services.postgresql = {
enable = true;
dataDir =
"/var/db/postgresql-${config.services.postgresql.package.psqlSchema}";
};
services.ntp.enable = false;
services.openssh.allowSFTP = false;
programs.ssh.extraConfig = ''
StrictHostKeyChecking no
'';
environment.systemPackages = [ pkgs.git pkgs.unar pkgs.wget ];
services.hydra = {
enable = true;
hydraURL = "https://${ip}/hydra";
notificationSender = "fre@freux.fr";
useSubstitutes = true;
smtpHost = "localhost";
extraConfig = ''
store_uri = file:///var/lib/hydra/cache?secret-key=/run/nix-cache-key.sec
using_frontend_proxy 1
'';
};
virtualisation.docker.enable = true;
systemd.services.hydra-manual-setup = {
description = "Initial setup for Hydra";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
environment =
builtins.removeAttrs (config.systemd.services.hydra-init.environment)
[ "PATH" ];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/${ip}
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/${ip}
# create cache
/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
# done
touch ~hydra/.setup-is-complete
fi
'';
};
services.gitlabrunner.name = "desktop-val-"+ip ;
services.gitlabrunner.enable = true;
services.gitlabrunner.registrationConfigFile = "/run/gitlab.cfg";
services.gitlabrunner.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git];
};
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)] ++ keys;
};
}
}
example-nix-cache-1:HSwzbJmGDidTrax3Lvx1vMSvto04VN2O5cjfXAG9uz0=
\ No newline at end of file
{ config, pkgs, lib, ...}: {
options.simple-hydra = {
hostName = lib.mkOption {
description = ''
The hostname to use for nginx, acme, and the notification
sender.
'';
type = lib.types.str;
example = "hydra.example.org";
};
enable = lib.mkOption {
description = ''
Enable the simple Hydra setup. This will enable
`services.postfix`, `services.postgresql`, and configure
various `hydra` services.
'';
type = lib.types.bool;
default = false;
};
localBuilder = {
enable = lib.mkOption {
description = ''
Whether to use localhost as a build machine. This adds
localhost to `nix.buildMachines`.
'';
type = lib.types.bool;
default = true;
};
maxJobs = lib.mkOption {
description = ''
Number of jobs to use with `useLocalBuilder`. Defaults to
`nix.maxJobs`.
'';
type = lib.types.int;
default = config.nix.maxJobs;
};
systems = lib.mkOption {
description = ''
The systems the local builder can build.
'';
type = lib.types.listOf lib.types.str;
default = ["x86_64-linux" "i686-linux"];
};
supportedFeatures = lib.mkOption {
description = ''
Features to supply for `supportedFeatures`.
'';
type = lib.types.listOf lib.types.string;
default = [];
};
};
useNginx = lib.mkOption {
description = ''
Configure
`services.nginx.virtualHosts.''${simple-hydra.hostName}` as an
HTTP(S) proxy. This will automatically configure
ACME/LetsEncrypt and redirect HTTP to HTTPS.
'';
type = lib.types.bool;
default = true;
};
recommendedNixSettings = lib.mkOption {
description = ''
Configures automatic Nix GC and store optimisation.
'';
type = lib.types.bool;
default = false;
};
store_uri = lib.mkOption {
description = ''
'';
type = lib.types.str;
defaultText = "file:///var/lib/hydra/cache?secret-key=/etc/nix/\${hostName}/secret";
};
};
config = let
hostName = config.simple-hydra.hostName;
in lib.mkIf config.simple-hydra.enable {
services.postfix = {
enable = true;
setSendmail = true;
domain = hostName;
};
services.postgresql = {
enable = true;
package = pkgs.postgresql;
};
simple-hydra.store_uri = lib.mkOptionDefault "file:///var/lib/hydra/cache?secret-key=/etc/nix/${hostName}/secret";
programs.ssh.extraConfig = ''
StrictHostKeyChecking no
'';
services.hydra = {
enable = true;
hydraURL = lib.mkOptionDefault "https://${hostName}";
notificationSender = "hydra@${hostName}";
useSubstitutes = true;
smtpHost = "localhost";
extraConfig = ''
store_uri = ${config.simple-hydra.store_uri}
'';
};
services.nginx = lib.mkIf config.simple-hydra.useNginx {
enable = true;
recommendedProxySettings = true;
virtualHosts."${hostName}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
};
};
systemd.services.hydra-manual-setup = {
description = "Initial setup for Hydra";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
wantedBy = [ "multi-user.target" ];
requires = [ "hydra-init.service" ];
after = [ "hydra-init.service" ];
environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"];
script = ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create signing keys
/run/current-system/sw/bin/install -d -m 551 /etc/nix/${hostName}
/run/current-system/sw/bin/nix-store --generate-binary-cache-key ${hostName} /etc/nix/${hostName}/secret /etc/nix/${hostName}/public
/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/${hostName}
/run/current-system/sw/bin/chmod 440 /etc/nix/${hostName}/secret
/run/current-system/sw/bin/chmod 444 /etc/nix/${hostName}/public
# create cache
/run/current-system/sw/bin/install -d -m 755 /var/lib/hydra/cache
/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache
# done
touch ~hydra/.setup-is-complete
fi
'';
};
nix.gc = lib.mkIf config.simple-hydra.recommendedNixSettings {
automatic = true;
dates = "15 3 * * *";
};
nix.autoOptimiseStore = lib.mkIf config.simple-hydra.recommendedNixSettings true;
nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"];
nix.buildMachines = lib.mkIf config.simple-hydra.localBuilder.enable [
{
hostName = "localhost";
systems = config.simple-hydra.localBuilder.systems;
maxJobs = config.simple-hydra.localBuilder.maxJobs;
supportedFeatures = config.simple-hydra.localBuilder.supportedFeatures;
}
];
};
}
......@@ -28,9 +28,9 @@ in
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c3efe248-c89b-4992-bdac-1886cabdfca1"; }
];
#swapDevices =
#[ { device = "/dev/disk/by-uuid/c3efe248-c89b-4992-bdac-1886cabdfca1"; }
#];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment