Skip to content

GitLab

Commit 7f7911f6 authored by Valentin Reis's avatar Valentin Reis
Browse files

refactored the hydra deployment.

parent 10dbae7b
Pipeline #3697 canceled with stage
Hide whitespace changes
Inline Side-by-side
deployments/argo.nixops
View file @ 7f7911f6
No preview for this file type
deployments/ci.nix
View file @ 7f7911f6
......@@ -15,47 +15,21 @@ in
{ config, ... }:
{
require=argomodules;
imports = [
./providers/openstack-tacc.nix
"${hydraSrc}/hydra-module.nix"
];
environment.argo.known_hosts.enable=true;
environment.argo.known-hosts.enable=true;
environment.argo.provider-tacc.enable=true;
environment.argo.root-access.enable=true;
imports = [ "${hydraSrc}/hydra-module.nix" ];
networking = {
firewall = {
allowedTCPPorts=[ 22 config.services.hydra.port ];
allowedUDPPorts=[ 22 ];
allowedTCPPorts=[ config.services.hydra.port ];
};
};
deployment.targetEnv = "none";
deployment.targetHost = "129.114.111.116";
users.extraUsers.fre = {
isNormalUser = true;
extraGroups= ["wheel"];
openssh.authorizedKeys.keys = keys;
};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = keys ;
systemd.services = {
## nova-config.nix disables these via profiles/headless.nix
"serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
"getty@tty1".enable = pkgs.lib.mkForce true;
## For some reason, getty@.service is missing
## a dependency on the getty.target.
"getty@tty1".wantedBy = [ "getty.target" ];
};
boot.kernelParams = [ "console=tty1" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
i18n.defaultLocale = "en_US.UTF-8";
services.nixosManual.showManual = false;
services.ntp.enable = false;
services.openssh.allowSFTP = false;
......@@ -126,66 +100,32 @@ in
fi
'';
};
#users.users.hydra-www.uid = config.ids.uids.hydra-www;
#users.users.hydra-queue-runner.uid = config.ids.uids.hydra-queue-runner;
#users.users.hydra.uid = config.ids.uids.hydra;
#users.groups.hydra.gid = config.ids.gids.hydra;
};
slave1 =
{ ... }:
{
require=argomodules;
imports = [
./providers/openstack-tacc.nix
];
networking = {
firewall = {
allowedTCPPorts=[ 22 ];
allowedUDPPorts=[ 22 ];
};
};
deployment.targetEnv = "none";
deployment.targetHost = "129.114.111.114";
users.extraUsers.fre = {
isNormalUser = true;
extraGroups= ["wheel"];
openssh.authorizedKeys.keys = keys;
};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = keys ;
systemd.services = {
"serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
"getty@tty1".enable = pkgs.lib.mkForce true;
"getty@tty1".wantedBy = [ "getty.target" ];
};
boot.kernelParams = [ "console=tty1" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
require=argomodules;
environment.argo.known-hosts.enable=true;
environment.argo.provider-tacc.enable=true;
environment.argo.root-access.enable=true;
i18n.defaultLocale = "en_US.UTF-8";
nix.useChroot = true;
nix.nrBuildUsers = 30;
services.nixosManual.showManual = false;
services.ntp.enable = false;
services.openssh.allowSFTP = false;
nix.gc = {
automatic = true;
dates = "05:15";
options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
};
}
modules/known-hosts/default.nix
View file @ 7f7911f6
......@@ -2,13 +2,13 @@
with lib;
let
cfg=config.environment.argo.known_hosts;
cfg=config.environment.argo.known-hosts;
in
{
options.environment.argo.known_hosts = {
options.environment.argo.known-hosts = {
enable = mkEnableOption "argo_knownhosts";
};
config = mkIf config.environment.argo.known_hosts.enable {
config = mkIf config.environment.argo.known-hosts.enable {
programs.ssh.knownHosts = [
{ hostNames = [ "github.com" ]; publicKey = builtins.readFile ./github.com.pub; }
{ hostNames = [ "xgitlab.cels.anl.gov" ]; publicKey = builtins.readFile ./xgitlab.cels.anl.gov.pub; }
......
modules/module-list.nix
View file @ 7f7911f6
[
./known-hosts
./root-access
./provider-tacc
]
modules/provider-tacc/default.nix 0 → 100644
View file @ 7f7911f6
{ config, lib, pkgs, ... }:
with lib;
let
cfg=config.environment.argo.provider-tacc;
in
{
options.environment.argo.provider-tacc = {
enable = mkEnableOption "provider_tacc";
};
imports = [
<nixpkgs/nixos/modules/profiles/headless.nix>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
config = {
boot.growPartition=true;
boot.kernelParams = [ "console=tty1" ];
#boot.kernelParams = [ "console=ttyS0" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
services.nixosManual.enable = false;
systemd.services = {
"serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
"getty@tty1".enable = pkgs.lib.mkForce true;
"getty@tty1".wantedBy = [ "getty.target" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
boot.loader.grub.device = "/dev/vda";
boot.loader.timeout = 0;
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = mkDefault false;
};
services.cloud-init.enable = true;
};
}
modules/provider-tacc/id_rsa_vrg.pub 0 → 100644
View file @ 7f7911f6
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
modules/root-access/default.nix 0 → 100644
View file @ 7f7911f6
{ config, lib, pkgs, ... }:
with lib;
let
keys = [ (pkgs.lib.readFile ./id_rsa_vrg.pub) ];
cfg=config.environment.argo.root-access;
in
{
options.environment.argo.root-access = {
enable = mkEnableOption "argo_knownhosts";
};
config = mkIf config.environment.argo.root-access.enable {
networking = {
firewall = {
allowedTCPPorts=[ 22 ];
allowedUDPPorts=[ 22 ];
};
};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = keys ;
users.extraUsers.fre = {
isNormalUser = true;
extraGroups= ["wheel"];
openssh.authorizedKeys.keys = keys;
};
};
}
modules/root-access/id_rsa_vrg.pub 0 → 100644
View file @ 7f7911f6
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
pkgs/nrm/bandit.json
View file @ 7f7911f6
{
"url": "git@gitlab.inria.fr:vreis/nrm.git",
"url": "https://xgitlab.cels.anl.gov/argo/nrm.git",
"rev": "4c195e4ef936c7be88cfb8d82428e19a6dbf3b10",
"date": "2018-02-25T17:56:41+01:00",
"sha256": "1bylp2lxarbgr5rhg959bs6s3zqq8vvnxa9p6qkzfqg9yzvirv6g",
......
pkgs/nrm/master.json
View file @ 7f7911f6
{
"url": "https://xgitlab.cels.anl.gov/argo/nrm.git",
"rev": "a2274c7f00f0f5ba23875409edb37f2fc80b7d42",
"date": "2018-07-17T12:36:11-05:00",
"sha256": "01xrmzv2nq46hgc65m58y5nrcsv51qp9azrhs9p2c6krkyjqvnxb",
"rev": "8d57923b301c64d60d0becfb498515ee5168c468",
"date": "2018-07-25T10:18:09-05:00",
"sha256": "11xk7yknqh2vnpcig9cv6giy4fr081srj176k4i0w2wqhpab5syg",
"fetchSubmodules": true
}
pkgs/nrm/pin.sh
View file @ 7f7911f6
#!/usr/bin/env bash
nix-prefetch-git https://xgitlab.cels.anl.gov/argo/nrm.git refs/heads/master > master.json
nix-prefetch-git git@gitlab.inria.fr:vreis/nrm.git refs/heads/bandit > bandit.json
nix-prefetch-git https://xgitlab.cels.anl.gov/argo/nrm.git refs/heads/bandit > bandit.json
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment