From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Build machine sysadmin support Date: Fri, 19 Aug 2016 09:50:28 +0200 Message-ID: <87bn0pp58b.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49906) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1baeZd-0008KB-FJ for guix-devel@gnu.org; Fri, 19 Aug 2016 03:50:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1baeZZ-0008NK-2B for guix-devel@gnu.org; Fri, 19 Aug 2016 03:50:40 -0400 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-sysadmin@gnu.org Cc: guix-devel@gnu.org, Nacho Gonzalez --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello! After my talk yesterday at the GHM, Nacho and I talked a bit and Nacho kindly offered to help make chapters.gnu.org the first build machine that would use GuixSD. So I quickly hacked up together, in guix-maintenance.git, a couple of modules that allow us to give the high-level view of a build machine, such that the GuixSD configuration of one machine is just: =2D-8<---------------cut here---------------start------------->8--- (use-modules (sysadmin people) (sysadmin build-machines) (guix)) (define %sysadmins ;; The fine folks! (list (sysadmin (name "ludo") (full-name "Ludovic Court=C3=A8s") (lsh-public-key (local-file "keys/lsh/ludo.pub"))) (sysadmin (name "hydra") ;fake sysadmin (full-name "Hydra User") (restricted? #t) (lsh-public-key (local-file "keys/lsh/hydra.gnu.org.pub"))))) (define %authorized-guix-keys ;; List of authorized 'guix archive' keys. (list (local-file "keys/guix/hydra.gnu.org-export.pub"))) ;; The actual machine. (build-machine-os "chapters" %sysadmins #:authorized-guix-keys %authorized-guix-keys) =2D-8<---------------cut here---------------end--------------->8--- =E2=80=A6 and we get a GuixSD config with the relevant accounts created, and with the right lsh and Guix keys authorized. I=E2=80=99ll see with Nacho if we can deploy it on chapters.gnu.org, and fr= om there we can incrementally migrate our build machines to GuixSD! \o/ Also, all the sysadmin work will happen in a bunch of Scheme files, which means that everyone can now contribute to sysadmin, without necessarily having shell access to the machines. No excuses! :-) Ludo=E2=80=99, live from the GHM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXtrpIAAoJEAkLEZk9muu1YgcQAIssgPQs/PL5B5HSnh9HsjZY dmG+PVC6GfCLsywYXeBoGU2jeGmpOVGF1zdlfCV7akVLp3yYf2D72P9IAUPMTxpo Js5LdjqEdfjvjjBnsi0ENO6Y66a8q4smBdDGZQsuW/EzJ8qQP2iW7WhfjhCCJhd3 PGXhnsZ2HHr0L5XA7hZHlV2hjobAM6gkjll+MY8qgr3HQZGkzd9z0f8wFlQ4fN16 WYvXnEOE42C2eTfpKe4sT2aw9ggylbsndmWc+7okdrpcdBIS8eZXBYwgvybjrqS9 wNIoYBrX9Cw7yT/FuB6iVJ5YH+ln0jSNuRnpNLt/pb1MNIglAw1osNAM5AjkXMjo CT3n7//bYenDvH+1KoKAJTJ5UCnlEMRNDn1aIu8PD3lUxILRpWIInmNQN1qv6Sis iRqbQHPyolQ9sofjI6l7oIhi5EJ0m+ue70aZHQH959kEEz/gNwIgexwNXIn/+aIN gqjaZs9XlgF4CfsNmonXOg0zgGZVYkJ59ZVaJ+WyPaiQlwLPr/r2qXPJQjiKzWUP OqQGkuFxLUkCdCdoPo4lur5mMHLrvcbZ3jsXO5kmineVMdlp7PP0zJzTfnCzqGiO bm7S0atwr77OhDG5ymzCNYOQHbeggDB5pxJXz0CqFB+691VG8ThuBQrxDiMjSPr1 aTZbZ2DhGwcsZ4iKo0ks =UwWK -----END PGP SIGNATURE----- --=-=-=--