Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
argo
argopkgs
Commits
7f7911f6
Commit
7f7911f6
authored
Jul 30, 2018
by
Valentin Reis
Browse files
refactored the hydra deployment.
parent
10dbae7b
Pipeline
#3697
canceled with stage
Changes
11
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
deployments/argo.nixops
View file @
7f7911f6
No preview for this file type
deployments/ci.nix
View file @
7f7911f6
...
...
@@ -15,47 +15,21 @@ in
{
config
,
...
}:
{
require
=
argomodules
;
imports
=
[
./providers/openstack-tacc.nix
"
${
hydraSrc
}
/hydra-module.nix"
];
environment
.
argo
.
known_hosts
.
enable
=
true
;
environment
.
argo
.
known-hosts
.
enable
=
true
;
environment
.
argo
.
provider-tacc
.
enable
=
true
;
environment
.
argo
.
root-access
.
enable
=
true
;
imports
=
[
"
${
hydraSrc
}
/hydra-module.nix"
];
networking
=
{
firewall
=
{
allowedTCPPorts
=
[
22
config
.
services
.
hydra
.
port
];
allowedUDPPorts
=
[
22
];
allowedTCPPorts
=
[
config
.
services
.
hydra
.
port
];
};
};
deployment
.
targetEnv
=
"none"
;
deployment
.
targetHost
=
"129.114.111.116"
;
users
.
extraUsers
.
fre
=
{
isNormalUser
=
true
;
extraGroups
=
[
"wheel"
];
openssh
.
authorizedKeys
.
keys
=
keys
;
};
services
.
openssh
.
enable
=
true
;
services
.
openssh
.
passwordAuthentication
=
false
;
users
.
users
.
root
.
openssh
.
authorizedKeys
.
keys
=
keys
;
systemd
.
services
=
{
## nova-config.nix disables these via profiles/headless.nix
"serial-getty@ttyS0"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
"getty@tty1"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
## For some reason, getty@.service is missing
## a dependency on the getty.target.
"getty@tty1"
.
wantedBy
=
[
"getty.target"
];
};
boot
.
kernelParams
=
[
"console=tty1"
];
boot
.
kernelPackages
=
pkgs
.
linuxPackages_latest
;
i18n
.
defaultLocale
=
"en_US.UTF-8"
;
services
.
nixosManual
.
showManual
=
false
;
services
.
ntp
.
enable
=
false
;
services
.
openssh
.
allowSFTP
=
false
;
...
...
@@ -126,66 +100,32 @@ in
fi
''
;
};
#users.users.hydra-www.uid = config.ids.uids.hydra-www;
#users.users.hydra-queue-runner.uid = config.ids.uids.hydra-queue-runner;
#users.users.hydra.uid = config.ids.uids.hydra;
#users.groups.hydra.gid = config.ids.gids.hydra;
};
slave1
=
{
...
}:
{
require
=
argomodules
;
imports
=
[
./providers/openstack-tacc.nix
];
networking
=
{
firewall
=
{
allowedTCPPorts
=
[
22
];
allowedUDPPorts
=
[
22
];
};
};
deployment
.
targetEnv
=
"none"
;
deployment
.
targetHost
=
"129.114.111.114"
;
users
.
extraUsers
.
fre
=
{
isNormalUser
=
true
;
extraGroups
=
[
"wheel"
];
openssh
.
authorizedKeys
.
keys
=
keys
;
};
services
.
openssh
.
enable
=
true
;
services
.
openssh
.
passwordAuthentication
=
false
;
users
.
users
.
root
.
openssh
.
authorizedKeys
.
keys
=
keys
;
systemd
.
services
=
{
"serial-getty@ttyS0"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
"getty@tty1"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
"getty@tty1"
.
wantedBy
=
[
"getty.target"
];
};
boot
.
kernelParams
=
[
"console=tty1"
];
boot
.
kernelPackages
=
pkgs
.
linuxPackages_latest
;
require
=
argomodules
;
environment
.
argo
.
known-hosts
.
enable
=
true
;
environment
.
argo
.
provider-tacc
.
enable
=
true
;
environment
.
argo
.
root-access
.
enable
=
true
;
i18n
.
defaultLocale
=
"en_US.UTF-8"
;
nix
.
useChroot
=
true
;
nix
.
nrBuildUsers
=
30
;
services
.
nixosManual
.
showManual
=
false
;
services
.
ntp
.
enable
=
false
;
services
.
openssh
.
allowSFTP
=
false
;
nix
.
gc
=
{
automatic
=
true
;
dates
=
"05:15"
;
options
=
''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 |
${
pkgs
.
gawk
}
/bin/awk '{ print $4 }')))"''
;
};
services
.
openssh
.
enable
=
true
;
users
.
extraUsers
.
root
.
openssh
.
authorizedKeys
.
keys
=
[
(
pkgs
.
lib
.
readFile
./keys/id_buildfarm.pub
)];
};
}
modules/known-hosts/default.nix
View file @
7f7911f6
...
...
@@ -2,13 +2,13 @@
with
lib
;
let
cfg
=
config
.
environment
.
argo
.
known
_
hosts
;
cfg
=
config
.
environment
.
argo
.
known
-
hosts
;
in
{
options
.
environment
.
argo
.
known
_
hosts
=
{
options
.
environment
.
argo
.
known
-
hosts
=
{
enable
=
mkEnableOption
"argo_knownhosts"
;
};
config
=
mkIf
config
.
environment
.
argo
.
known
_
hosts
.
enable
{
config
=
mkIf
config
.
environment
.
argo
.
known
-
hosts
.
enable
{
programs
.
ssh
.
knownHosts
=
[
{
hostNames
=
[
"github.com"
];
publicKey
=
builtins
.
readFile
./github.com.pub
;
}
{
hostNames
=
[
"xgitlab.cels.anl.gov"
];
publicKey
=
builtins
.
readFile
./xgitlab.cels.anl.gov.pub
;
}
...
...
modules/module-list.nix
View file @
7f7911f6
[
./known-hosts
./root-access
./provider-tacc
]
modules/provider-tacc/default.nix
0 → 100644
View file @
7f7911f6
{
config
,
lib
,
pkgs
,
...
}:
with
lib
;
let
cfg
=
config
.
environment
.
argo
.
provider-tacc
;
in
{
options
.
environment
.
argo
.
provider-tacc
=
{
enable
=
mkEnableOption
"provider_tacc"
;
};
imports
=
[
<
nixpkgs/nixos/modules/profiles/headless.nix
>
<
nixpkgs/nixos/modules/profiles/qemu-guest.nix
>
];
config
=
{
boot
.
growPartition
=
true
;
boot
.
kernelParams
=
[
"console=tty1"
];
#boot.kernelParams = [ "console=ttyS0" ];
boot
.
kernelPackages
=
pkgs
.
linuxPackages_latest
;
services
.
nixosManual
.
enable
=
false
;
systemd
.
services
=
{
"serial-getty@ttyS0"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
"getty@tty1"
.
enable
=
pkgs
.
lib
.
mkForce
true
;
"getty@tty1"
.
wantedBy
=
[
"getty.target"
];
};
fileSystems
.
"/"
=
{
device
=
"/dev/disk/by-label/nixos"
;
autoResize
=
true
;
};
boot
.
loader
.
grub
.
device
=
"/dev/vda"
;
boot
.
loader
.
timeout
=
0
;
services
.
openssh
=
{
enable
=
true
;
permitRootLogin
=
"prohibit-password"
;
passwordAuthentication
=
mkDefault
false
;
};
services
.
cloud-init
.
enable
=
true
;
};
}
modules/provider-tacc/id_rsa_vrg.pub
0 → 100644
View file @
7f7911f6
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
modules/root-access/default.nix
0 → 100644
View file @
7f7911f6
{
config
,
lib
,
pkgs
,
...
}:
with
lib
;
let
keys
=
[
(
pkgs
.
lib
.
readFile
./id_rsa_vrg.pub
)
];
cfg
=
config
.
environment
.
argo
.
root-access
;
in
{
options
.
environment
.
argo
.
root-access
=
{
enable
=
mkEnableOption
"argo_knownhosts"
;
};
config
=
mkIf
config
.
environment
.
argo
.
root-access
.
enable
{
networking
=
{
firewall
=
{
allowedTCPPorts
=
[
22
];
allowedUDPPorts
=
[
22
];
};
};
services
.
openssh
.
enable
=
true
;
services
.
openssh
.
passwordAuthentication
=
false
;
users
.
users
.
root
.
openssh
.
authorizedKeys
.
keys
=
keys
;
users
.
extraUsers
.
fre
=
{
isNormalUser
=
true
;
extraGroups
=
[
"wheel"
];
openssh
.
authorizedKeys
.
keys
=
keys
;
};
};
}
modules/root-access/id_rsa_vrg.pub
0 → 100644
View file @
7f7911f6
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
pkgs/nrm/bandit.json
View file @
7f7911f6
{
"url"
:
"
git@gitlab.inria.fr:vreis
/nrm.git"
,
"url"
:
"
https://xgitlab.cels.anl.gov/argo
/nrm.git"
,
"rev"
:
"4c195e4ef936c7be88cfb8d82428e19a6dbf3b10"
,
"date"
:
"2018-02-25T17:56:41+01:00"
,
"sha256"
:
"1bylp2lxarbgr5rhg959bs6s3zqq8vvnxa9p6qkzfqg9yzvirv6g"
,
...
...
pkgs/nrm/master.json
View file @
7f7911f6
{
"url"
:
"https://xgitlab.cels.anl.gov/argo/nrm.git"
,
"rev"
:
"
a2274c7f00f0f5ba23875409edb37f2fc80b7d42
"
,
"date"
:
"2018-07-
17T12:36:11
-05:00"
,
"sha256"
:
"
0
1x
rmzv2nq46hgc65m58y5nrcsv51qp9azrhs9p2c6krkyjqvnxb
"
,
"rev"
:
"
8d57923b301c64d60d0becfb498515ee5168c468
"
,
"date"
:
"2018-07-
25T10:18:09
-05:00"
,
"sha256"
:
"
1
1x
k7yknqh2vnpcig9cv6giy4fr081srj176k4i0w2wqhpab5syg
"
,
"fetchSubmodules"
:
true
}
pkgs/nrm/pin.sh
View file @
7f7911f6
#!/usr/bin/env bash
nix-prefetch-git https://xgitlab.cels.anl.gov/argo/nrm.git refs/heads/master
>
master.json
nix-prefetch-git
git@gitlab.inria.fr:vreis
/nrm.git refs/heads/bandit
>
bandit.json
nix-prefetch-git
https://xgitlab.cels.anl.gov/argo
/nrm.git refs/heads/bandit
>
bandit.json
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment