{ pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;} }: let keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ]; argopkgs = import ../pkgs {}; hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz; argomodules = import ../modules/module-list.nix; mkChameleonRunner = ip: name: { ... }: { deployment.targetEnv = "none"; deployment.targetHost = ip; imports = [ ./gitlab-runner.nix]; time.timeZone = "America/Chicago"; deployment.keys."id_buildfarm" = { destDir = "/run"; keyFile = ./id_buildfarm.secret; user = "fre"; group = "users"; permissions = "600"; }; deployment.keys."gitlab.cfg" = { destDir = "/run"; keyFile = ./gitlab.cfg.secret; user = "fre"; group = "users"; permissions = "600"; }; systemd.services.tunnel-hydra= { path = [pkgs.autossh]; enable= true; description = "ssh tunnel to hydra"; after = []; wantedBy = [ "multi-user.target" ]; environment.AUTOSSH_GATETIME="0"; environment.AUTOSSH_POLL="30"; serviceConfig = { User = "fre"; Restart = "on-success"; Type = "simple"; ExecStart = '' ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm ''; }; }; require=argomodules; environment.argo.known-hosts.enable=true; environment.argo.provider-tacc.enable=true; environment.argo.root-access.enable=true; environment.argo.ssh-config.enable=true; environment.variables.TERM = "xterm"; i18n.defaultLocale = "en_US.UTF-8"; nix.useSandbox = true; nix.nrBuildUsers = 30; nix.trustedUsers=["root" "fre" ]; services.ntp.enable = false; services.openssh.allowSFTP = false; environment.systemPackages = [ pkgs.git ]; virtualisation.docker.enable = true; services.gitlab-runner2.enable = true; services.gitlab-runner2.name = name; services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg"; services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git]; nix.gc = { automatic = true; dates = "05:15"; options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"''; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; }; in { network.description = "argo-ci"; network.enableRollback = false; gitlab-runner-4 = mkChameleonRunner "129.114.111.114" "chameleon-129.114.111.114"; gitlab-runner-3 = mkChameleonRunner "129.114.110.3" "chameleon-129.114.110.3"; gitlab-runner-2 = mkChameleonRunner "129.114.111.116" "chameleon-129.114.111.116"; gitlab-runner-1 = mkChameleonRunner "129.114.33.201" "chameleon-129.114.33.201"; slave-desktop = { ... }: { deployment.targetEnv = "none"; deployment.targetHost = "140.221.10.9"; imports = [ ./gitlab-runner.nix]; time.timeZone = "America/Chicago"; deployment.keys."id_buildfarm" = { destDir = "/run"; keyFile = ./id_buildfarm.secret; user = "fre"; group = "users"; permissions = "600"; }; deployment.keys."gitlab.cfg" = { destDir = "/run"; keyFile = ./gitlab.cfg.secret; user = "fre"; group = "users"; permissions = "600"; }; systemd.services.tunnel-hydra= { path = [pkgs.autossh]; enable= true; description = "ssh tunnel to hydra"; after = []; wantedBy = [ "multi-user.target" ]; environment.AUTOSSH_GATETIME="0"; environment.AUTOSSH_POLL="30"; serviceConfig = { User = "fre"; Restart = "on-success"; Type = "simple"; ExecStart = '' ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm ''; }; }; require=argomodules; environment.argo.known-hosts.enable=true; environment.argo.provider-openspace.enable=true; environment.argo.root-access.enable=true; environment.variables.TERM = "xterm"; i18n.defaultLocale = "en_US.UTF-8"; nix.useSandbox = true; nix.nrBuildUsers = 30; nix.trustedUsers=["root" "fre" ]; services.ntp.enable = false; services.openssh.allowSFTP = false; environment.systemPackages = [ pkgs.git ]; virtualisation.docker.enable = true; services.gitlab-runner2.enable = true; services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg"; services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git]; #services.gitlab-runner = { #enable = true; #packages = [ pkgs.bash pkgs.docker-machine pkgs.shadow]; #configFile = ./gitlab-ci.toml; #configOptions = { #concurrent = 2; #runners = [ { builds_dir = ""; #docker = { cache_dir = ""; #disable_cache = true; #host = ""; #image = "nixos/nix:2.1.3"; #privileged = true; #}; #executor = "docker"; #name = "docker-nix-2.1.3"; #token = pkgs.lib.removeSuffix "\n" (builtins.readFile ./gitlab_token.secret); #url = "https://xgitlab.cels.anl.gov/"; #}]; #}; #}; nix.gc = { automatic = true; dates = "05:15"; options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"''; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; }; } #hydra-tacc = #{ config, ... }: #{ #deployment.targetEnv = "none"; #deployment.targetHost = "argo.freux.fr"; #deployment.keys."id_buildfarm" = { #destDir = "/run"; #keyFile = ./id_buildfarm.secret; #user = "hydra-queue-runner"; #group = "hydra"; #permissions = "600"; #}; #time.timeZone = "America/Chicago"; #require=argomodules; #environment.argo.known-hosts.enable=true; #environment.argo.provider-tacc.enable=true; #environment.argo.root-access.enable=true; #environment.argo.ssh-config.enable=true; #environment.variables.TERM = "xterm"; #imports = [ "${hydraSrc}/hydra-module.nix" ]; #i18n.defaultLocale = "en_US.UTF-8"; #services.ntp.enable = false; #services.openssh.allowSFTP = false; #assertions = pkgs.lib.singleton { #assertion = pkgs.system == "x86_64-linux"; #message = "unsupported system ${pkgs.system}"; #}; #nix = { #sshServe= { inherit keys; enable=true;}; #package = pkgs.nixUnstable; trustedUsers = [ "hydra" ]; binaryCaches = [ "https://cache.nixos.org" ]; #useChroot = true; #nrBuildUsers = 30; #distributedBuilds = true; #buildMachines = [ #{ #hostName = "localhost"; #maxJobs = 40; #speedFactor = 1; ##sshKey = "/run/id_buildfarm"; #sshUser = "fre"; #systems = ["builtin" "x86_64-linux" "i686-linux"]; #supportedFeatures = [ "nixos-test" "benchmark" ]; #} ##{ ##hostName = "slave-desktop-tunnel"; ##maxJobs = 40; ##speedFactor = 1; ##sshKey = "/run/id_buildfarm"; ##sshUser = "fre"; ##systems = ["builtin" "x86_64-linux" "i686-linux"]; ##supportedFeatures = [ "nixos-test" "benchmark" "icc" ]; ##} #]; #extraOptions = "auto-optimise-store = true"; #}; ##programs.ssh.extraConfig = '' ##Host slave-desktop-tunnel ##HostName localhost ##Port 2210 ##User frex ##IdentityFile /run/id_buildfarm ##''; #networking = { #firewall = { #allowedTCPPorts=[ 2210 80 443 8081]; #allowedUDPPorts=[ 2210 80 443 8081]; #}; #}; #services.nginx = { #enable = true; #user = "hydra-queue-runner"; #group= "hydra"; #virtualHosts = { #"argo.freux.fr" = { #basicAuth = { argo = "${builtins.readFile ./auth_argo.secret}"; }; #enableACME = true; #forceSSL = true; #locations."/store".root="/nix"; #locations."/store".extraConfig="autoindex on;"; #locations."/cache".root="/var/lib/hydra"; #locations."/cache".extraConfig="autoindex on;"; #locations."/"= { #proxyPass="http://127.0.0.1:6080/"; #extraConfig = '' #proxy_redirect http://127.0.0.1:6080 https://argo.freux.fr; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header X-Request-Base /; #''; #}; #locations."/hydra"= { #proxyPass="http://127.0.0.1:8080/"; #extraConfig = '' #proxy_redirect http://127.0.0.1:8080 https://argo.freux.fr/hydra; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header X-Request-Base /hydra; #''; #}; #}; #}; #}; #services.hydra = { #useSubstitutes = true; #enable = true; #hydraURL = "https://argo.freux.fr/hydra"; #listenHost = "127.0.0.1"; #notificationSender = "hydra@example.org"; #port = 8080; #extraConfig = '' #store_uri = file:///var/lib/hydra/cache?secret-key=/etc/nix/argo.freux.fr/secret #using_frontend_proxy 1 #base_uri argo.freux.fr/hydra #binary_cache_public_uri argo.freux.fr/cache #max_output_size = 4294967296 #secret-key=/etc/nix/argo.freux.fr/secret #''; #buildMachinesFiles = [ "/etc/nix/machines" ]; #}; #environment.systemPackages = [ pkgs.nix-serve ]; #services.postgresql = { #package = pkgs.postgresql94; #dataDir = "/var/db/postgresql-${config.services.postgresql.package.psqlSchema}"; #}; #systemd.services.hydra-manual-setup = let #hydraEnv = #{ HYDRA_DBI = config.services.hydra.dbi; #HYDRA_CONFIG = "/var/lib/hydra/hydra.conf"; #HYDRA_DATA = "/var/lib/hydra"; #}; #in { #description = "Create Admin User for Hydra"; #serviceConfig.Type = "oneshot"; #serviceConfig.RemainAfterExit = true; #wantedBy = [ "multi-user.target" ]; #requires = [ "hydra-init.service" ]; #after = [ "hydra-init.service" ]; #environment = { NIX_REMOTE = "daemon"; #SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # Remove in 16.03 #PGPASSFILE = "/var/lib/hydra/pgpass"; #NIX_REMOTE_SYSTEMS = pkgs.lib.concatStringsSep ":" config.services.hydra.buildMachinesFiles; #} // pkgs.lib.optionalAttrs (config.services.hydra.smtpHost != null) { #EMAIL_SENDER_TRANSPORT = "SMTP"; #EMAIL_SENDER_TRANSPORT_host = config.services.hydrasmtpHost; #} // hydraEnv // config.services.hydra.extraEnv; #script = '' #if [ ! -e ~hydra/.setup-is-complete ]; then ## create admin user #/run/current-system/sw/bin/hydra-create-user fre --full-name 'Valentin Reis' --email-address 'fre@freux.fr' --password foobar --role admin #/run/current-system/sw/bin/hydra-create-user swann --full-name 'Swann Perarnau' --email-address 'swann@anl.gov' --password swannswann --role admin ## create signing keys #/run/current-system/sw/bin/install -d -m 551 /etc/nix/argo.freux.fr #/run/current-system/sw/bin/nix-store --generate-binary-cache-key argo.freux.fr /etc/nix/argo.freux.fr/secret /etc/nix/argo.freux.fr/public #/run/current-system/sw/bin/chown -R hydra:hydra /etc/nix/argo.freux.fr #/run/current-system/sw/bin/chmod 440 /etc/nix/argo.freux.fr/secret #/run/current-system/sw/bin/chmod 444 /etc/nix/argo.freux.fr/public ##store #/run/current-system/sw/bin/install -d -m 776 /var/lib/hydra/cache #/run/current-system/sw/bin/chown -R hydra-queue-runner:hydra /var/lib/hydra/cache ## done #touch ~hydra/.setup-is-complete #fi #''; #}; #services.hound={ #enable = true; #listen = "localhost:6080"; #config = '' #{ #"max-concurrent-indexers" : 2, #"dbpath" : "${config.services.hound.home}/data", #"repos" : { #"argopkgs": { "url" : "https://xgitlab.cels.anl.gov/argo/argopkgs.git" }, #"nauts": { "url" : "https://xgitlab.cels.anl.gov/argo/nauts.git" }, #"nrm": { "url" : "https://xgitlab.cels.anl.gov/argo/nrm.git" }, #"infrastructure": { "url" : "https://xgitlab.cels.anl.gov/argo/infrastructure.git" }, #"cuttr": { "url" : "https://xgitlab.cels.anl.gov/argo/cuttr.git" }, #"aml": { "url" : "https://xgitlab.cels.anl.gov/argo/aml.git" }, #"yggdrasil-integration": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil-integration.git" }, #"yggdrasil": { "url" : "https://xgitlab.cels.anl.gov/argo/yggdrasil.git" }, #"libnrm": { "url" : "https://xgitlab.cels.anl.gov/argo/libnrm.git" }, #"progress-benchmarks": { "url" : "https://xgitlab.cels.anl.gov/argo/progress-benchmarks.git" }, #"umap": { "url" : "https://xgitlab.cels.anl.gov/argo/umap.git" }, #"power-bandit": { "url" : "https://xgitlab.cels.anl.gov/argo/power-bandit.git" }, #"kernel": { "url" : "https://xgitlab.cels.anl.gov/argo/kernel.git" }, #"util-linux": { "url" : "https://xgitlab.cels.anl.gov/argo/util-linux.git" }, #"libmsr": { "url" : "https://github.com/LLNL/libmsr.git" } #} #} #''; #}; #users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; #users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; #};