Skip to content

Commit

Permalink
Recreate ghaf-coverity host with fixes (#302)
Browse files Browse the repository at this point in the history
Signed-off-by: fayad <[email protected]>
  • Loading branch information
fayadf authored Nov 19, 2024
1 parent 9b8b273 commit d0f044a
Show file tree
Hide file tree
Showing 7 changed files with 108 additions and 18 deletions.
3 changes: 2 additions & 1 deletion .sops.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ keys:
- &build3 age1q7c2wlrpj0dvthdg7v9j4jmee0kzda8ggtp4nq8jay9u4catee3sn9pa0w
- &hetzarm age1ppunea05ue028qezt9rvhp59dgcskkleetyjpqtxzea7vtp4ppfqh7ltuy
- &ghaf-log age15kk5q4u68pfsy5auzah6klsdk6p50jnkr986u7vpzfrnj30pz4ssq7wnud
- &ghaf-coverity age172azvwv5vne79mqfhvdvk9j95gn5v04uk9t3fjdfe5p7dv7kucvqpygxkx
- &ghaf-coverity age1z825k99myjmfcml86pujcmtj96psvj8c3m08me8kkq03tkpwy9xql4jt9y
- &ghaf-webserver age1f643hcr8xvzm6fha93xhn6dw552tfd6zvu7eulxk7vedgt09d9ysljsayq
- &ghaf-proxy age1sv50w7ydcqxxng4nfpvretqhusfkjewtrzpu4006z685xgplha2sa9tv9v

Expand Down Expand Up @@ -74,6 +74,7 @@ creation_rules:
- age:
- *ghaf-coverity
- *jrautiola
- *fayad
- path_regex: hosts/ghaf-proxy/secrets.yaml$
key_groups:
- age:
Expand Down
12 changes: 12 additions & 0 deletions hosts/ghaf-coverity/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,12 @@
inputs,
modulesPath,
lib,
pkgs,
...
}:
let
coverity = pkgs.callPackage ../../pkgs/coverity/default.nix { };
in
{
sops.defaultSopsFile = ./secrets.yaml;

Expand All @@ -30,6 +34,14 @@

nixpkgs.hostPlatform = "x86_64-linux";
hardware.enableRedistributableFirmware = true;
environment.systemPackages = with pkgs; [
coverity
emacs
meson
ninja
gcc
nix-index
];

networking = {
hostName = "ghaf-coverity";
Expand Down
2 changes: 1 addition & 1 deletion hosts/ghaf-coverity/disk-config.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
{
disko.devices.disk.os = {
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_52101387";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_53714277";
type = "disk";
content = {
type = "gpt";
Expand Down
37 changes: 23 additions & 14 deletions hosts/ghaf-coverity/secrets.yaml
Original file line number Diff line number Diff line change
@@ -1,30 +1,39 @@
ssh_host_ed25519_key: ENC[AES256_GCM,data:ilXl33AwzQmAzaVtGK6FcPwLgI/9Cr79ah6ToRzKmg7meHPEt+aAKhmKBHHW0Pu5G+Ga4woWLkydveUpuMqA4YSQFfGgBsroNnPQ20BnKMC8exXdh0GR+35O0JvMvMxYQx1fN7d9x8bI4C30qIpWNxyV6uwrA+hoPt1HT+hrTNf0jyfwz4UsEfcd7yH8AjrS/oJvlep19M7ZWicfcUb6AFQmLNR20UE24IHIozptFv2QKndmjFr9SEbgDetc1Y75R2JAW545vp6ZvFxHOtf3GVPmhOhIXlkdBnPNrVZ8c+Ygq0VGAkGFRQagSG1fHZArwRFnXShZT/npYW5xelKlJgZiRCR8KF31Gn0UfJsw/WLxCJ60unFwd8qTVkEFpjB4e/JI7ybjd1NqlkwWa0EDBa+xjKh4/VshtxZl4XoCfwoJRkzC8ML93HA2LgOmvdfVMhZpMLpoCHiFr0ACLzsIEICShFFNCk6iMJJXjotwid1FuXvro2W+qKRWAep+qKwoFsBIsySoiAMmaXhcwV3Wd5oXW4xHge++1G0/,iv:pw443wskOHT5z8jS0wV+D4FgqVkhESa4TQqjKB1LjT8=,tag:L+ntfxoM8WLmwbI8OVo8jw==,type:str]
ssh_host_ed25519_key: ENC[AES256_GCM,data:mz/nbtkpCCI1IMqXMne6/i5F6JwpXvuNCs9DbNCgQGYP2MtVYAIL0FLi4glpWmE64rPeF60XLoNFGRVomALwF6we+a8YbA5y1rNx/Zympn/1RJ7GqMoEhJ4vHOWUyYeTWnzD0NGfLdmcBvTaWRT9a3jFLj9plYD5DnNluCdBzzif0XCBSlAnM3KAlJVY/0kByAo1aXCjQ1p67xN8yRuSbrJ6+DD+Q2cL8ITuUGQROZa9c06aWahwfmzESscfm623T3k6t9IiePojHI6wLNZJ2wKHjtvtRZjhLt6ykYSMwfxdZTf3xxvGW88z24hHCs1fpMBowIh2z5ip1kAsZcWpohjZL/QKMSjW3/zAR99qkG/2BDmK0lrEs50plWh4B21hEFf7iHAT049qTUf219P6iPlyMVW4B1l3C2eYsWZQQsWSwamzAw2h94RFQtoEdfcZVg7M0fmlO4Q2smHn5YsqxkxMghVSyLb+ytcl29bq2AnKBZt4gkzCTeSYzdnL0wfZyaYd5ITHRJNz3eJFlXrq1XuQj8wZbr4Hj9r9,iv:dlg6VLNBUgD7I9dsalaDkZSwaacPDkd8GraM/xBPTow=,tag:/7V8JCGBmForB2KUz+Aw9w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age172azvwv5vne79mqfhvdvk9j95gn5v04uk9t3fjdfe5p7dv7kucvqpygxkx
- recipient: age1z825k99myjmfcml86pujcmtj96psvj8c3m08me8kkq03tkpwy9xql4jt9y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvY0Rxa0hJTXBpaGhQME9w
SzZTdHlrVFFaeVhDTUxzYjB1VHIxNUhLSWdnCkxxY2Jpd0cvTWFTOFJCQkZQNHFu
K3RwY3dDKy9DL3g2TWIxT1BVYlhPalUKLS0tIFhNd3Rpc3BKRVdSSnJiTHFKTkFm
UXB3eVI2cUNacm4xWnltc2pxTFFIalkK4LMlFdwqjggE05rPQdxMfpDP0ezCWsQI
wbR72DGVQcr901mmpIryE3qY6ACkBLF8r5pJOtIa2PxYXcnOFkPfYQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUEZGNExLdURCcnpKT05y
OVFpNml0YjV3bUpPQ2V6SVIvajZDOWxSNURjClBDNlJ1VmtyY0ZmZ2hpb3ZxbGNI
M0NqL2pkNjFVMXdzbnZSNVlvZXZLUUUKLS0tIENzV2hhWGdQemRrbVpaZUwydzhq
SFh1OVpXWFRxc3VLZTdHU2xKVFN0cFEKwHfcKV8xp8D5qHyo3KeAQ9wUiQjUqokX
u6MKaIvEVgQ9tp0sQnR8vtxscp5v1/ioHmwJaSs3r74Yn+YHgakZFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hszrldafdz09hzze4lgq58r0r66p4sjftn6q8z6h0leer77jhf4qd9vu9v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUXdBeWVzYXB5NE1EN01P
aWhVSVhlUFpPRGEwMWdrUkd5UlBNYklqUEd3ClBTVWRER1pkRFpzOC9nTlkwUGNz
b2pvdG5oZnVzMDdlcUp0ZCtLbXJ0Y2sKLS0tIDMrKzY2MWI4QVlsUWxzd1ZwNFdw
U1p2c2FVRVk1Tlh5bjR2bWxhUnVTQkEKmAtSSrPdSBVQB5tMIQvgljqxb9Hd8WV8
c//R9nH5xcwIUqU9V0XDRqtF/g4zTEbw/NvnUcFy36qko4DBxl05+A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLb1l6OTRMcGwvZXJ5WDhG
aEhHZHoxeGdsMktpSDRVb2F6d0o4RisvTVRNCldJSXltRzNHNkV1YnlhZnNLRmU2
YzRhalEvT0VmTURZOEFNalBxeFc0UHcKLS0tIGNTV3FvL3ZabCtxcGhxLzhIVzRO
NngrallCbTZNdW85NVJwQXN1V1hIaTgK9LV8OaTBCchuxyNz/1Qux9mw1u3PP+mI
lhvgIaIaiUa7TSNDjrPdj0dx3miWWWQb49ku6r9zKr1IogQzyW6aAw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-11T11:38:32Z"
mac: ENC[AES256_GCM,data:r/7H97Vxzom8vK3DMp+BaVASCoDefCY4JOVyTYAI8jIfOpPGkFm1sB4LgmcYM+u2aqqxyD5z3J9Ytg812gzuRK03BXhm3rVLbg7DonagBdkbEZvw2vXF8qrplvRJFOYsHRSIa3Gyqiyz0J9542SzdMnIJ0yRVcy902rQS9AeMfg=,iv:Ab+AGKlTESd48qXxiPFWcmM4s2RCqhjjIFdETCYt0bw=,tag:tqzzvzKWACkS6MRvexLe6Q==,type:str]
- recipient: age18t3gss4l6l629rd8s93eh3ctycu9vjnsftehy38c8tstu2gqycxs64t4sw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMTF4QW9KQkp3bDJiSUcw
eDZBVDNEVmI5cTh3VytlUXdWcUw0bHFFNmc0Ckx0M01WSHlGMW1SOGV2VGx4VDhN
Ulk0cGxTMFRGZEUydU5WNkdWYVJwbTAKLS0tIGpYVG45R3FwYzZqeWhSbVdiaExR
NFVtTVo1bVVaTVArOEIxczcreDlvNWsKKejdCZQu8gTgOxg6SeAhc7Z32FDF2PnA
6v+weMlyfHLKpCYLf6XJ+kx+tTynQZ6LE24aXQYqeGqnOlE35sATOw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-23T12:43:55Z"
mac: ENC[AES256_GCM,data:lJ9e/flUsu6QWTLw629+IFz05xGIK2RZc3lZYcHovz/yTTXrToWWF3SeObcQdroZk73v62sT3V5BCSLAxkyk7RRqhCO+cXdwpAVN2loDwY1xc8wCNBGw63vK1sEQQEji05ze0ftpr45Qhreor+2edPrYPzRrGyt08TeX6HnoX/Y=,iv:iheHyL5AA+m8TgM+5hdNm6wbUh+NPAkCntdQpxjFpi8=,tag:rvaULYObpUkDccDdRgx9Iw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
2 changes: 1 addition & 1 deletion nix/deployments.nix
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ let
testagent-dev = mkDeployment "x86_64-linux" "testagent-dev" "172.18.16.33";
testagent-release = mkDeployment "x86_64-linux" "testagent-release" "172.18.16.32";
ghaf-log = mkDeployment "x86_64-linux" "ghaf-log" "95.217.177.197";
ghaf-coverity = mkDeployment "x86_64-linux" "ghaf-coverity" "37.27.204.82";
ghaf-coverity = mkDeployment "x86_64-linux" "ghaf-coverity" "135.181.103.32";
ghaf-proxy = mkDeployment "x86_64-linux" "ghaf-proxy" "95.216.200.85";
ghaf-webserver = mkDeployment "x86_64-linux" "ghaf-webserver" "37.27.204.82";
};
Expand Down
68 changes: 68 additions & 0 deletions pkgs/coverity/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{
stdenv,
lib,
autoPatchelfHook,
fetchurl,
curl,
systemd,
zlib,
xorg,
alsaLib,
libxcrypt-legacy,
...
}:
stdenv.mkDerivation {
pname = "coverity";
version = "2411.6";

src = fetchurl {
url = "https://archive.ssrcdevops.tii.ae/ghaf/cov-analysis.tar.gz";
hash = "sha256-Y6DvakNzl+FVZjPq+X/R0RQ9SMzyztZlA/yD0slPG7M=";
};

nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = [
# libudev
(lib.getLib systemd)
# libstdc++.so libgcc_s.so
stdenv.cc.cc.lib
# libcurl.so.4
curl
# libz.so.1
zlib
# libXext.so.6
xorg.libXext
# libX11.so.6
xorg.libX11
# libXrender.so.1
xorg.libXrender
# libXtst.so.6
xorg.libXtst
# libXi.so.6
xorg.libXi
# libasound2.so.2
alsaLib
# libcrypt.so.1
libxcrypt-legacy
];

# Unpack the CLI tools.
installPhase = ''
mkdir -p $out/bin
cp -r * $out
'';

meta = with lib; {
description = "Coverity Scan Tools";
longDescription = ''
Coverity tools for code analysis
'';
homepage = "https://coverity.com";
platforms = [ "x86_64-linux" ];
license = licenses.unfree;
maintainers = with maintainers; [ TII ];
mainProgram = "coverity";
};
}
2 changes: 1 addition & 1 deletion tasks.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ class TargetHost:
secretspath="hosts/ghaf-log/secrets.yaml",
),
"ghaf-coverity": TargetHost(
hostname="37.27.204.82",
hostname="135.181.103.32",
nixosconfig="ghaf-coverity",
secretspath="hosts/ghaf-coverity/secrets.yaml",
),
Expand Down

0 comments on commit d0f044a

Please sign in to comment.