Commit most of the prod config
Include tools for generating the known user list, and a thing to allow me to keep secrets out of the main config while still keeping almost exactly my config in version control nearby.
This commit is contained in:
parent
d894dd7e23
commit
1326fdbe33
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -4,6 +4,9 @@ vendor
|
|||
test.php
|
||||
config.json
|
||||
.bash_hist
|
||||
/config*
|
||||
config.private.json
|
||||
config.prod.json
|
||||
config.local.json
|
||||
config.*irc*.json
|
||||
result
|
||||
target
|
||||
|
|
11
README.md
11
README.md
|
@ -144,6 +144,17 @@ Run
|
|||
```
|
||||
|
||||
|
||||
Note the config.public.json for the public pieces of how I run ofborg,
|
||||
which is merged with config.known-users.json and a third private
|
||||
config file of credentials. These files contain some special keys like
|
||||
|
||||
- known users
|
||||
- authorized users
|
||||
- log storage
|
||||
|
||||
they are only used in the backend processing tasks, and there is no
|
||||
need for them on builders. However, to update the list in
|
||||
config.known-users.json, run `./scripts/update-known-users.sh`.
|
||||
|
||||
## old php stuff...
|
||||
|
||||
|
|
111
config.known-users.json
Normal file
111
config.known-users.json
Normal file
|
@ -0,0 +1,111 @@
|
|||
{
|
||||
"runner": {
|
||||
"known_users": [
|
||||
"7c6f434c",
|
||||
"abbradar",
|
||||
"adisbladis",
|
||||
"aforemny",
|
||||
"amiddelk",
|
||||
"aminechikhaoui",
|
||||
"andersontorres",
|
||||
"andir",
|
||||
"antono",
|
||||
"aristidb",
|
||||
"armijnhemel",
|
||||
"astsmtl",
|
||||
"aszlig",
|
||||
"aycanirican",
|
||||
"bendlas",
|
||||
"benley",
|
||||
"bennofs",
|
||||
"bjornfor",
|
||||
"bluescreen303",
|
||||
"c0bw3b",
|
||||
"chaoflow",
|
||||
"cillianderoiste",
|
||||
"civodul",
|
||||
"copumpkin",
|
||||
"cpages",
|
||||
"cstrahan",
|
||||
"damiencassou",
|
||||
"dezgeg",
|
||||
"dguibert",
|
||||
"disassembler",
|
||||
"domenkozar",
|
||||
"edolstra",
|
||||
"edwtjo",
|
||||
"ehmry",
|
||||
"ericson2314",
|
||||
"errge",
|
||||
"falsifian",
|
||||
"fpletz",
|
||||
"fridh",
|
||||
"fuuzetsu",
|
||||
"garbas",
|
||||
"gebner",
|
||||
"globin",
|
||||
"grahamc",
|
||||
"grahamcofborg",
|
||||
"gridaphobe",
|
||||
"hrdinka",
|
||||
"jagajaga",
|
||||
"jgeerds",
|
||||
"joachifm",
|
||||
"jtojnar",
|
||||
"jwiegley",
|
||||
"kevincox",
|
||||
"kosmikus",
|
||||
"lethalman",
|
||||
"lnl7",
|
||||
"lovek323",
|
||||
"lsix",
|
||||
"madjar",
|
||||
"maggesi",
|
||||
"matejc",
|
||||
"matthewbauer",
|
||||
"mic92",
|
||||
"mornfall",
|
||||
"mp2e",
|
||||
"nbp",
|
||||
"nckx",
|
||||
"ndowens",
|
||||
"nequissimus",
|
||||
"nicolaspetton",
|
||||
"obadz",
|
||||
"ocharles",
|
||||
"offlinehacker",
|
||||
"orivej",
|
||||
"peterhoeg",
|
||||
"peti",
|
||||
"phreedom",
|
||||
"pikajude",
|
||||
"primeos",
|
||||
"profpatsch",
|
||||
"psub",
|
||||
"qknight",
|
||||
"rasendubi",
|
||||
"rbvermaa",
|
||||
"rickynils",
|
||||
"roconnor",
|
||||
"rushmorem",
|
||||
"ryantrinkle",
|
||||
"rycee",
|
||||
"shlevy",
|
||||
"srhb",
|
||||
"svanderburg",
|
||||
"the-kenny",
|
||||
"thoughtpolice",
|
||||
"ts468",
|
||||
"ttuegel",
|
||||
"vbgl",
|
||||
"vcunat",
|
||||
"viric",
|
||||
"vrthra",
|
||||
"wizeman",
|
||||
"wkennington",
|
||||
"wmertens",
|
||||
"yegortimoshenko",
|
||||
"zimbatm"
|
||||
]
|
||||
}
|
||||
}
|
50
config.public.json
Normal file
50
config.public.json
Normal file
|
@ -0,0 +1,50 @@
|
|||
{
|
||||
"feedback": {
|
||||
"full_logs": true
|
||||
},
|
||||
"log_storage": {
|
||||
"path": "/var/lib/nginx/ofborg/logs/"
|
||||
},
|
||||
"runner": {
|
||||
"trusted_users": [
|
||||
"7c6f434c",
|
||||
"adisbladis",
|
||||
"andir",
|
||||
"ankhers",
|
||||
"aneeshusa",
|
||||
"aszlig",
|
||||
"copumpkin",
|
||||
"disassembler",
|
||||
"domenkozar",
|
||||
"fpletz",
|
||||
"fridh",
|
||||
"garbas",
|
||||
"globin",
|
||||
"grahamc",
|
||||
"jb55",
|
||||
"joachifm",
|
||||
"jtojnar",
|
||||
"lheckemann",
|
||||
"lnl7",
|
||||
"mic92",
|
||||
"nequissimus",
|
||||
"orivej",
|
||||
"peti",
|
||||
"rbvermaa",
|
||||
"shlevy",
|
||||
"srhb",
|
||||
"veprbl",
|
||||
"vcunat",
|
||||
"yegortimoshenko",
|
||||
"zimbatm"
|
||||
]
|
||||
},
|
||||
"checkout": {
|
||||
"root": "/var/lib/gc-of-borg/.nix-test-rs"
|
||||
},
|
||||
"nix": {
|
||||
"system": "x86_64-linux",
|
||||
"remote": "daemon",
|
||||
"build_timeout_seconds": 3600
|
||||
}
|
||||
}
|
1
ofborg/.gitignore
vendored
1
ofborg/.gitignore
vendored
|
@ -2,3 +2,4 @@ target
|
|||
rust-amqp
|
||||
test-scratch
|
||||
*.bk
|
||||
rust-amq-proto
|
4
scripts/merge-config.sh
Executable file
4
scripts/merge-config.sh
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -p bash -p jq -p curl -i bash
|
||||
|
||||
jq -s '.[0] * .[1] * .[2]' ./config.public.json ./config.known-users.json ./config.private.json > ./config.prod.json
|
35
scripts/update-known-users.sh
Executable file
35
scripts/update-known-users.sh
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -p bash -p jq -p curl -i bash
|
||||
|
||||
readonly token=$(jq -r '.github.token' ./config.private.json)
|
||||
|
||||
readonly dest=config.known-users.json
|
||||
readonly scratch=user-list.scratch
|
||||
readonly accumulator=user-list.accumulator
|
||||
readonly result=user-list.result
|
||||
|
||||
function fetch_users() {
|
||||
curl \
|
||||
-H "Authorization: token $token" \
|
||||
"https://api.github.com/orgs/NixOS/members?page=$1" \
|
||||
| jq 'map(.login | ascii_downcase)'
|
||||
}
|
||||
|
||||
echo '[]' > "$accumulator"
|
||||
|
||||
page=0
|
||||
while true; do
|
||||
page=$((page + 1))
|
||||
fetch_users "$page" > "$scratch"
|
||||
|
||||
jq -s '.[0] + .[1]' "$accumulator" "$scratch" > "$result"
|
||||
mv "$result" "$accumulator"
|
||||
|
||||
if [ $(jq -r 'length' "$scratch") -eq 0 ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
jq -s '{ "runner": { "known_users": .[0]}}' "$accumulator" > "$dest"
|
||||
|
||||
rm -f "$result" "$scratch" "$accumulator"
|
Loading…
Reference in a new issue