{ pkgs ? import ../pin.nix {jsonpath=../nixpkgs-unstable.json;} }: let keys = [ (pkgs.lib.readFile keys/id_rsa_swann.pub) (pkgs.lib.readFile keys/id_rsa_vrg.pub) ]; argopkgs = import ../pkgs {}; hydraSrc = builtins.fetchTarball https://github.com/nixos/hydra/archive/master.tar.gz; argomodules = import ../modules/module-list.nix; mkChameleonRunner = ip: name: { ... }: { deployment.targetEnv = "none"; deployment.targetHost = ip; imports = [ ./gitlab-runner.nix]; time.timeZone = "America/Chicago"; deployment.keys."id_buildfarm" = { destDir = "/run"; keyFile = ./keys/id_buildfarm.secret; user = "fre"; group = "users"; permissions = "600"; }; deployment.keys."gitlab.cfg" = { destDir = "/run"; keyFile = ./keys/gitlab.cfg.secret; user = "fre"; group = "users"; permissions = "600"; }; require=argomodules; environment.argo.known-hosts.enable=true; environment.argo.provider-tacc.enable=true; environment.argo.root-access.enable=true; environment.argo.ssh-config.enable=true; environment.variables.TERM = "xterm"; i18n.defaultLocale = "en_US.UTF-8"; nix.useSandbox = true; nix.nrBuildUsers = 1; nix.trustedUsers=["root" "fre" ]; services.ntp.enable = false; services.openssh.allowSFTP = false; environment.systemPackages = [ pkgs.git ]; virtualisation.docker.enable = true; services.gitlab-runner2.enable = true; services.gitlab-runner2.name = name; services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg"; services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git]; nix.gc = { automatic = true; dates = "05:15"; options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"''; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; }; in { network.description = "argo-ci"; network.enableRollback = false; gitlab-runner-4 = mkChameleonRunner "129.114.111.114" "chameleon-129.114.111.114"; gitlab-runner-3 = mkChameleonRunner "129.114.110.3" "chameleon-129.114.110.3"; gitlab-runner-2 = mkChameleonRunner "129.114.111.116" "chameleon-129.114.111.116"; gitlab-runner-1 = mkChameleonRunner "129.114.33.201" "chameleon-129.114.33.201"; gitlab-runner-0 = mkChameleonRunner "129.114.111.64" "chameleon-129.114.111.64"; gitlab-runner-physical = { ... }: { deployment.targetEnv = "none"; deployment.targetHost = "140.221.10.9"; imports = [ ./gitlab-runner.nix]; time.timeZone = "America/Chicago"; deployment.keys."id_buildfarm" = { destDir = "/run"; keyFile = ./keys/id_buildfarm.secret; user = "fre"; group = "users"; permissions = "600"; }; deployment.keys."gitlab.cfg" = { destDir = "/run"; keyFile = ./keys/gitlab.cfg.secret; user = "fre"; group = "users"; permissions = "600"; }; systemd.services.tunnel-hydra= { path = [pkgs.autossh]; enable= true; description = "ssh tunnel to hydra"; after = []; wantedBy = [ "multi-user.target" ]; environment.AUTOSSH_GATETIME="0"; environment.AUTOSSH_POLL="30"; serviceConfig = { User = "fre"; Restart = "on-success"; Type = "simple"; ExecStart = '' ${pkgs.autossh}/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -T -R 2210:localhost:22 fre@argo.freux.fr -i /run/id_buildfarm ''; }; }; require=argomodules; environment.argo.known-hosts.enable=true; environment.argo.provider-openspace.enable=true; environment.argo.root-access.enable=true; environment.variables.TERM = "xterm"; i18n.defaultLocale = "en_US.UTF-8"; nix.useSandbox = true; nix.nrBuildUsers = 2; nix.trustedUsers=["root" "fre" ]; services.ntp.enable = false; services.openssh.allowSFTP = false; environment.systemPackages = [ pkgs.git ]; virtualisation.docker.enable = true; services.gitlab-runner2.enable = true; services.gitlab-runner2.registrationConfigFile = "/run/gitlab.cfg"; services.gitlab-runner2.packages = [pkgs.bash pkgs.docker-machine pkgs.shadow pkgs.git]; nix.gc = { automatic = true; dates = "05:15"; options = ''--max-freed "$((32 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"''; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; users.extraUsers.fre.openssh.authorizedKeys.keys = [ (pkgs.lib.readFile ./keys/id_buildfarm.pub)]; }; }