refactored the hydra deployment.

7f7911f6 · Valentin Reis · 10dbae7b · 7f7911f6 · 7f7911f6 · 7f7911f6
Commit 7f7911f6 authored Jul 30, 2018 by Valentin Reis
11 changed files
--- a/deployments/argo.nixops
+++ b/deployments/argo.nixops
--- a/deployments/ci.nix
+++ b/deployments/ci.nix
@@ -15,47 +15,21 @@ in
    { config, ... }:
    {
      require=argomodules;
-      imports = [
-        ./providers/openstack-tacc.nix
-        "${hydraSrc}/hydra-module.nix"
-      ];
-
-      environment.argo.known_hosts.enable=true;
+      environment.argo.known-hosts.enable=true;
+      environment.argo.provider-tacc.enable=true;
+      environment.argo.root-access.enable=true;

+      imports = [ "${hydraSrc}/hydra-module.nix" ];
      networking = {
        firewall = {
-          allowedTCPPorts=[ 22 config.services.hydra.port ];
-          allowedUDPPorts=[ 22 ];
+          allowedTCPPorts=[ config.services.hydra.port ];
        };
      };

      deployment.targetEnv = "none";
      deployment.targetHost = "129.114.111.116";

-      users.extraUsers.fre = {
-        isNormalUser = true;
-        extraGroups= ["wheel"];
-        openssh.authorizedKeys.keys = keys;
-      };
-
-      services.openssh.enable = true;
-      services.openssh.passwordAuthentication = false;
-      users.users.root.openssh.authorizedKeys.keys = keys ;
-
-      systemd.services = {
-         ## nova-config.nix disables these via profiles/headless.nix
-         "serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
-         "getty@tty1".enable = pkgs.lib.mkForce true;
-         ## For some reason, getty@.service is missing
-         ## a dependency on the getty.target.
-         "getty@tty1".wantedBy = [ "getty.target" ];
-       };
-
-       boot.kernelParams = [ "console=tty1" ];
-       boot.kernelPackages = pkgs.linuxPackages_latest;
-
      i18n.defaultLocale = "en_US.UTF-8";
-      services.nixosManual.showManual = false;
      services.ntp.enable = false;
      services.openssh.allowSFTP = false;

@@ -126,66 +100,32 @@ in
          fi
        '';
      };
-
-      #users.users.hydra-www.uid = config.ids.uids.hydra-www;
-      #users.users.hydra-queue-runner.uid = config.ids.uids.hydra-queue-runner;
-      #users.users.hydra.uid = config.ids.uids.hydra;
-      #users.groups.hydra.gid = config.ids.gids.hydra;
-
     };

-
    slave1 =
    { ... }:
    {
-      require=argomodules;
-      imports = [
-        ./providers/openstack-tacc.nix
-      ];
-
-      networking = {
-        firewall = {
-          allowedTCPPorts=[ 22 ];
-          allowedUDPPorts=[ 22 ];
-        };
-      };
-
      deployment.targetEnv = "none";
      deployment.targetHost = "129.114.111.114";

-      users.extraUsers.fre = {
-        isNormalUser = true;
-        extraGroups= ["wheel"];
-        openssh.authorizedKeys.keys = keys;
-      };
-
-      services.openssh.enable = true;
-      services.openssh.passwordAuthentication = false;
-      users.users.root.openssh.authorizedKeys.keys = keys ;
-
-      systemd.services = {
-         "serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
-         "getty@tty1".enable = pkgs.lib.mkForce true;
-         "getty@tty1".wantedBy = [ "getty.target" ];
-       };
-
-       boot.kernelParams = [ "console=tty1" ];
-       boot.kernelPackages = pkgs.linuxPackages_latest;
+      require=argomodules;
+      environment.argo.known-hosts.enable=true;
+      environment.argo.provider-tacc.enable=true;
+      environment.argo.root-access.enable=true;

      i18n.defaultLocale = "en_US.UTF-8";
      nix.useChroot = true;
      nix.nrBuildUsers = 30;
-      services.nixosManual.showManual = false;
      services.ntp.enable = false;
      services.openssh.allowSFTP = false;

-
      nix.gc = {
        automatic = true;
        dates = "05:15";
        options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
      };

+      services.openssh.enable = true;
      users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)];
     };
   }
--- a/modules/known-hosts/default.nix
+++ b/modules/known-hosts/default.nix
@@ -2,13 +2,13 @@

 with lib;
 let
-  cfg=config.environment.argo.known_hosts;
+  cfg=config.environment.argo.known-hosts;
 in
  {
-    options.environment.argo.known_hosts = {
+    options.environment.argo.known-hosts = {
      enable = mkEnableOption "argo_knownhosts";
    };
-    config = mkIf config.environment.argo.known_hosts.enable {
+    config = mkIf config.environment.argo.known-hosts.enable {
      programs.ssh.knownHosts = [
        { hostNames = [ "github.com" ]; publicKey = builtins.readFile ./github.com.pub; }
        { hostNames = [ "xgitlab.cels.anl.gov" ]; publicKey = builtins.readFile ./xgitlab.cels.anl.gov.pub; }

--- a/modules/module-list.nix
+++ b/modules/module-list.nix
 [
  ./known-hosts
+  ./root-access
+  ./provider-tacc
 ]
--- a/modules/provider-tacc/default.nix
+++ b/modules/provider-tacc/default.nix
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg=config.environment.argo.provider-tacc;
+in
+  {
+    options.environment.argo.provider-tacc = {
+      enable = mkEnableOption "provider_tacc";
+    };
+
+    imports = [
+      <nixpkgs/nixos/modules/profiles/headless.nix>
+      <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+    config = {
+      boot.growPartition=true;
+      boot.kernelParams = [ "console=tty1" ];
+      #boot.kernelParams = [ "console=ttyS0" ];
+      boot.kernelPackages = pkgs.linuxPackages_latest;
+
+      services.nixosManual.enable = false;
+
+      systemd.services = {
+         "serial-getty@ttyS0".enable = pkgs.lib.mkForce true;
+         "getty@tty1".enable = pkgs.lib.mkForce true;
+         "getty@tty1".wantedBy = [ "getty.target" ];
+       };
+
+      fileSystems."/" = {
+        device = "/dev/disk/by-label/nixos";
+        autoResize = true;
+      };
+
+      boot.loader.grub.device = "/dev/vda";
+      boot.loader.timeout = 0;
+
+      services.openssh = {
+        enable = true;
+        permitRootLogin = "prohibit-password";
+        passwordAuthentication = mkDefault false;
+      };
+
+      services.cloud-init.enable = true;
+    };
+  }
--- a/modules/provider-tacc/id_rsa_vrg.pub
+++ b/modules/provider-tacc/id_rsa_vrg.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
--- a/modules/root-access/default.nix
+++ b/modules/root-access/default.nix
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  keys = [ (pkgs.lib.readFile ./id_rsa_vrg.pub) ];
+  cfg=config.environment.argo.root-access;
+in
+  {
+    options.environment.argo.root-access = {
+      enable = mkEnableOption "argo_knownhosts";
+    };
+    config = mkIf config.environment.argo.root-access.enable {
+
+      networking = {
+        firewall = {
+          allowedTCPPorts=[ 22 ];
+          allowedUDPPorts=[ 22 ];
+        };
+      };
+
+      services.openssh.enable = true;
+      services.openssh.passwordAuthentication = false;
+      users.users.root.openssh.authorizedKeys.keys = keys ;
+
+      users.extraUsers.fre = {
+        isNormalUser = true;
+        extraGroups= ["wheel"];
+        openssh.authorizedKeys.keys = keys;
+      };
+    };
+  }
--- a/modules/root-access/id_rsa_vrg.pub
+++ b/modules/root-access/id_rsa_vrg.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC43Mdq5Q8i/cfcF+Y0rveBPGEJVoTE+lotZEMOdX8zJs89QinbfqjTJiqAM6cksMOFcM+iJ01LpKWAx1+EVFT4kkVphGHahiSuL86OuD/46d3dd3pwbmmRsQLjQvDzs+R3BHljWbfh4kt2R3DklChFM+u14EWu62M1QSRhNHgTGhwOfWZj1sw770c4TqovFgfc0k7aKLfJfd4227IkWwor1AaGVKBJIjIQFVki4ELWQ3IlpohVwDW734gU3AZ64Jnm22I+ebN4bIhoOYdSsLBPfDNDMTNcLKeTLzZN/929BqPtJaYSpDsR1EUl6NcwA75KsP1PZEYXd3UG8zHPnbOt valentin.reis@gmail.com
--- a/pkgs/nrm/bandit.json
+++ b/pkgs/nrm/bandit.json
 {
-  "url": "git@gitlab.inria.fr:vreis/nrm.git",
+  "url": "https://xgitlab.cels.anl.gov/argo/nrm.git",
  "rev": "4c195e4ef936c7be88cfb8d82428e19a6dbf3b10",
  "date": "2018-02-25T17:56:41+01:00",
  "sha256": "1bylp2lxarbgr5rhg959bs6s3zqq8vvnxa9p6qkzfqg9yzvirv6g",

--- a/pkgs/nrm/master.json
+++ b/pkgs/nrm/master.json
 {
  "url": "https://xgitlab.cels.anl.gov/argo/nrm.git",
-  "rev": "a2274c7f00f0f5ba23875409edb37f2fc80b7d42",
-  "date": "2018-07-17T12:36:11-05:00",
-  "sha256": "01xrmzv2nq46hgc65m58y5nrcsv51qp9azrhs9p2c6krkyjqvnxb",
+  "rev": "8d57923b301c64d60d0becfb498515ee5168c468",
+  "date": "2018-07-25T10:18:09-05:00",
+  "sha256": "11xk7yknqh2vnpcig9cv6giy4fr081srj176k4i0w2wqhpab5syg",
  "fetchSubmodules": true
 }
--- a/pkgs/nrm/pin.sh
+++ b/pkgs/nrm/pin.sh
 #!/usr/bin/env bash
 nix-prefetch-git https://xgitlab.cels.anl.gov/argo/nrm.git refs/heads/master > master.json
-nix-prefetch-git git@gitlab.inria.fr:vreis/nrm.git refs/heads/bandit > bandit.json
+nix-prefetch-git https://xgitlab.cels.anl.gov/argo/nrm.git refs/heads/bandit > bandit.json