summaryrefslogtreecommitdiffstats
path: root/hosts/p64b-armhf-rb/etc
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2017-06-02 13:18:04 +0200
committerHolger Levsen <holger@layer-acht.org>2017-06-02 13:18:04 +0200
commit344e2a492a776601c7e3b1843102d6918ba30cf0 (patch)
tree3718c8f2e9584f5facff9a1ebf67a7b7be25ddcf /hosts/p64b-armhf-rb/etc
parent595ac0c255f140dfb20ef683e994554b93e263b1 (diff)
downloadjenkins.debian.net-344e2a492a776601c7e3b1843102d6918ba30cf0.tar.xz
reproducible Debian: fixup directory name and remake link
Signed-off-by: Holger Levsen <holger@layer-acht.org>
Diffstat (limited to 'hosts/p64b-armhf-rb/etc')
-rw-r--r--hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions1
-rw-r--r--hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy2
-rw-r--r--hosts/p64b-armhf-rb/etc/apt/listchanges.conf6
-rw-r--r--hosts/p64b-armhf-rb/etc/apt/sources.list11
-rwxr-xr-xhosts/p64b-armhf-rb/etc/cron.d/dsa10
-rw-r--r--hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn9
-rw-r--r--hosts/p64b-armhf-rb/etc/munin/munin-node.conf66
-rw-r--r--hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df6
-rw-r--r--hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats4
-rw-r--r--hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node117
-rwxr-xr-xhosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds56
-rwxr-xr-xhosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup17
-rwxr-xr-xhosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup21
-rwxr-xr-xhosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment56
-rw-r--r--hosts/p64b-armhf-rb/etc/pbuilderrc52
-rw-r--r--hosts/p64b-armhf-rb/etc/postfix/main.cf41
-rwxr-xr-xhosts/p64b-armhf-rb/etc/rc.local102
-rw-r--r--hosts/p64b-armhf-rb/etc/schroot/default/fstab24
-rw-r--r--hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases11
-rw-r--r--hosts/p64b-armhf-rb/etc/sudoers.d/jenkins51
-rw-r--r--hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm7
-rw-r--r--hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf4
22 files changed, 674 insertions, 0 deletions
diff --git a/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions
new file mode 100644
index 00000000..2318f84e
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions
@@ -0,0 +1 @@
+Acquire::Languages "none";
diff --git a/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy
new file mode 100644
index 00000000..9e738254
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy
@@ -0,0 +1,2 @@
+Acquire::http::Proxy "http://10.0.0.15:8000/";
+
diff --git a/hosts/p64b-armhf-rb/etc/apt/listchanges.conf b/hosts/p64b-armhf-rb/etc/apt/listchanges.conf
new file mode 100644
index 00000000..8b598c0a
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/apt/listchanges.conf
@@ -0,0 +1,6 @@
+[apt]
+frontend=mail
+email_address=root
+confirm=0
+save_seen=/var/lib/apt/listchanges.db
+which=both
diff --git a/hosts/p64b-armhf-rb/etc/apt/sources.list b/hosts/p64b-armhf-rb/etc/apt/sources.list
new file mode 100644
index 00000000..70669281
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/apt/sources.list
@@ -0,0 +1,11 @@
+deb http://ftp.us.debian.org/debian/ jessie main contrib non-free
+#deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free
+
+deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
+#deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
+
+deb http://security.debian.org/ jessie/updates main contrib non-free
+#deb-src http://security.debian.org/ jessie/updates main contrib non-free
+
+deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
+#deb-src http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
diff --git a/hosts/p64b-armhf-rb/etc/cron.d/dsa b/hosts/p64b-armhf-rb/etc/cron.d/dsa
new file mode 100755
index 00000000..9be64c36
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/cron.d/dsa
@@ -0,0 +1,10 @@
+# m h dom mon dow (0|7=sun,1=mon) command
+
+#
+# cron-jobs for jenkins.debian.net and nodes
+#
+
+MAILTO=root
+
+0 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-running-kernel
+2 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-packages
diff --git a/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn b/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn
new file mode 100644
index 00000000..c1f207a7
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn
@@ -0,0 +1,9 @@
+/var/log/jenkins/update_jdn.log {
+ daily
+ copytruncate
+ missingok
+ rotate 7
+ compress
+ delaycompress
+ notifempty
+}
diff --git a/hosts/p64b-armhf-rb/etc/munin/munin-node.conf b/hosts/p64b-armhf-rb/etc/munin/munin-node.conf
new file mode 100644
index 00000000..e42e1972
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/munin/munin-node.conf
@@ -0,0 +1,66 @@
+#
+# Example config-file for munin-node
+#
+
+log_level 4
+log_file /var/log/munin/munin-node.log
+pid_file /var/run/munin/munin-node.pid
+
+background 1
+setsid 1
+
+user root
+group root
+
+# This is the timeout for the whole transaction.
+# Units are in sec. Default is 15 min
+#
+# global_timeout 900
+
+# This is the timeout for each plugin.
+# Units are in sec. Default is 1 min
+#
+# timeout 60
+
+# Regexps for files to ignore
+ignore_file [\#~]$
+ignore_file DEADJOE$
+ignore_file \.bak$
+ignore_file %$
+ignore_file \.dpkg-(tmp|new|old|dist)$
+ignore_file \.rpm(save|new)$
+ignore_file \.pod$
+
+# Set this if the client doesn't report the correct hostname when
+# telnetting to localhost, port 4949
+#
+#host_name localhost.localdomain
+
+# A list of addresses that are allowed to connect. This must be a
+# regular expression, since Net::Server does not understand CIDR-style
+# network notation unless the perl module Net::CIDR is installed. You
+# may repeat the allow line as many times as you'd like
+
+allow ^127\.0\.0\.1$
+allow ^::1$
+
+# If you have installed the Net::CIDR perl module, you can use one or more
+# cidr_allow and cidr_deny address/mask patterns. A connecting client must
+# match any cidr_allow, and not match any cidr_deny. Note that a netmask
+# *must* be provided, even if it's /32
+#
+# Example:
+#
+# cidr_allow 127.0.0.1/32
+# cidr_allow 192.0.2.0/24
+# cidr_deny 192.0.2.42/32
+
+# Which address to bind to;
+host *
+# host 127.0.0.1
+
+# And which port
+port 4949
+
+allow ^78\.137\.96\.196
+hostname p64b-armhf-rb.debian.net
diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df
new file mode 100644
index 00000000..b3fdadcb
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df
@@ -0,0 +1,6 @@
+[df*]
+env.exclude none unknown iso9660 squashfs udf romfs ramfs debugfs devtmpfs sysfs
+env.exclude_re /srv/workspace/pbuilder /run /dev/disk/by /var/lib/schroot/mount /srv/workspace/varlibschroot /dev/shm /sys/fs/cgroup
+env.warning 92
+env.critical 98
+
diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats
new file mode 100644
index 00000000..2d11f397
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats
@@ -0,0 +1,4 @@
+[diskstats]
+env.trim_labels yes
+env.include_only /dev/sda
+
diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node
new file mode 100644
index 00000000..e766928f
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node
@@ -0,0 +1,117 @@
+# This file is used to configure how the plugins are invoked.
+# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
+#
+# PLEASE NOTE: Changes in the plugin-conf.d directory are only
+# read at munin-node startup, so restart at any changes.
+#
+# user <user> # Set the user to run the plugin as.
+# group <group> # Set the group to run the plugin as.
+# command <command> # Run <command> instead of the plugin. %c expands to
+# what would normally be run.
+# env.<variable> <value> # Sets <variable> in the plugin's environment, see the
+# individual plugins to find out which variables they
+# care about.
+
+
+[amavis]
+group adm
+env.MUNIN_MKTEMP /bin/mktemp -p /tmp/ $1
+env.amavislog /var/log/mail.info
+
+[apt]
+user root
+
+[courier_mta_mailqueue]
+group daemon
+
+[courier_mta_mailstats]
+group adm
+
+[courier_mta_mailvolume]
+group adm
+
+[cps*]
+user root
+
+[exim_mailqueue]
+group adm, (Debian-exim)
+
+[exim_mailstats]
+group adm, (Debian-exim)
+env.logdir /var/log/exim4/
+env.logname mainlog
+
+[fw_conntrack]
+user root
+
+[fw_forwarded_local]
+user root
+
+[hddtemp_smartctl]
+user root
+
+[hddtemp2]
+user root
+
+[if_*]
+user root
+
+[if_err_*]
+user nobody
+
+[ip_*]
+user root
+
+[ipmi_*]
+user root
+
+[mysql*]
+user root
+env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
+env.mysqluser debian-sys-maint
+env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
+
+[postfix_mailqueue]
+user postfix
+
+[postfix_mailstats]
+group adm
+
+[postfix_mailvolume]
+group adm
+env.logfile mail.log
+
+[smart_*]
+user root
+
+[vlan*]
+user root
+
+[ejabberd*]
+user ejabberd
+env.statuses available away chat xa
+env.days 1 7 30
+
+[dhcpd3]
+user root
+env.leasefile /var/lib/dhcp3/dhcpd.leases
+env.configfile /etc/dhcp3/dhcpd.conf
+
+[jmx_*]
+env.ip 127.0.0.1
+env.port 5400
+
+[samba]
+user root
+
+[munin_stats]
+user munin
+group munin
+
+[postgres_*]
+user postgres
+env.PGUSER postgres
+env.PGPORT 5432
+
+[fail2ban]
+user root
diff --git a/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds b/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds
new file mode 100755
index 00000000..e990c127
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds
@@ -0,0 +1,56 @@
+#!/bin/sh
+# -*- sh -*-
+
+: << =cut
+
+=head1 NAME
+
+jenkins_reproducible_builds - Plugin to measure number of reproducible builds running
+
+=head1 AUTHOR
+
+Contributed by Holger Levsen
+
+=head1 LICENSE
+
+GPLv2
+
+=head1 MAGIC MARKERS
+
+ #%# family=auto
+ #%# capabilities=autoconf
+
+=cut
+
+. $MUNIN_LIBDIR/plugins/plugin.sh
+
+if [ "$1" = "autoconf" ]; then
+ echo yes
+ exit 0
+fi
+
+JOB_PREFIXES="first second"
+if [ "$1" = "config" ]; then
+ echo 'graph_title Concurrent reproducible builds running'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_scale no'
+ echo 'graph_total total'
+ echo 'graph_vlabel Concurrent reproducible builds running'
+ echo 'graph_category jenkins'
+ draw=AREA
+ for PREFIX in $JOB_PREFIXES ; do
+ echo "jenkins_reproducible_${PREFIX}_build.label $PREFIX build"
+ echo "jenkins_reproducible_${PREFIX}_build.draw $draw"
+ if [ "$draw" = "AREA" ] ; then draw=STACK ; fi
+ done
+ exit 0
+fi
+
+for PREFIX in $JOB_PREFIXES ; do
+ if [ "$PREFIX" = "first" ] ; then
+ NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 1")
+ else
+ NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 2")
+ fi
+ echo "jenkins_reproducible_${PREFIX}_build.value $NR"
+ done
diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup
new file mode 100755
index 00000000..334e03a2
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+# cease using disorderfs
+if [ -d /tmp/disorderfs ] ; then
+ echo -n "Unmounting /tmp/disorderfs…"
+ fusermount -z -u "$BUILDDIR"
+ rmdir "$BUILDDIR"
+ mv /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+fi
diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup
new file mode 100755
index 00000000..47719ae7
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+echo "debug output: disk usage on $(hostname) at $(date -u)"
+df -h
+echo
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+# cease using disorderfs
+if [ -d /tmp/disorderfs ] ; then
+ echo -n "Unmounting /tmp/disorderfs…"
+ fusermount -z -u "$BUILDDIR"
+ rmdir "$BUILDDIR"
+ mv /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+fi
diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment
new file mode 100755
index 00000000..4b4c9ab3
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+#
+# doing variations for the 2nd builds:
+#
+REAL_HOSTNAME=$(hostname)
+echo "disorder-fs debug: Running on $REAL_HOSTNAME."
+
+echo "I: Changing host+domainname to test build reproducibility" >&2
+sed -e '/^127.0.0.1/s/$/ i-capture-the-hostname i-capture-the-hostname.i-capture-the-domain/' -i /etc/hosts
+hostname i-capture-the-hostname
+domainname i-capture-the-domain
+echo "I: Adding a custom variable just for the fun of it..." >&2
+export CAPTURE_ENVIRONMENT="I capture the environment"
+
+echo "I: Changing /bin/sh to bash" >&2
+echo "dash dash/sh boolean false" | debconf-set-selections
+DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash
+if [ -n "$BUILDUSERNAME" ] ; then
+ echo "I: Setting $BUILDUSERNAME's login shell to /bin/bash" >&2
+ usermod -s /bin/bash $BUILDUSERNAME
+ if [ -n "$BUILDUSERGECOS" ] ; then
+ echo "I: Setting $BUILDUSERNAME's GECOS to $BUILDUSERGECOS" >&2
+ usermod -c "$BUILDUSERGECOS" $BUILDUSERNAME
+ fi
+fi
+
+# disable disorderfs due to #844498
+#exit 0
+# use disorderfs on armhf only for now
+if [ "$(dpkg --print-architecture)" != "armhf" ] ; then
+ exit 0
+elif [ "$REAL_HOSTNAME" != "bpi0" ] ; then
+ exit 0
+else
+ echo "disorder-fs debug: bpi0, yay, enabling disorderfs now…"
+fi
+
+# use disorderfs
+if [ -x /usr/bin/disorderfs ] ; then
+ echo -n "Moving $BUILDDIR to /tmp/disorderfs and mounting this as $BUILDDIR via the fuse disorderfs…"
+ mknod -m 666 /dev/fuse c 10 229
+ mv "$BUILDDIR" /tmp/disorderfs
+ mkdir "$BUILDDIR"
+ disorderfs --multi-user=yes /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+else
+ echo "Warning: disorderfs not available."
+fi
diff --git a/hosts/p64b-armhf-rb/etc/pbuilderrc b/hosts/p64b-armhf-rb/etc/pbuilderrc
new file mode 100644
index 00000000..96917baf
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/pbuilderrc
@@ -0,0 +1,52 @@
+# this is your configuration file for pbuilder.
+# the file in /usr/share/pbuilder/pbuilderrc is the default template.
+# /etc/pbuilderrc is the one meant for overwriting defaults in
+# the default template
+#
+# read pbuilderrc.5 document for notes on specific options.
+#
+# cater for different locations
+case $HOSTNAME in
+ jenkins|jenkins-test-vm|profitbricks-build*)
+ MIRRORSITE=http://ftp.de.debian.org/debian ;;
+ bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*|jtk1*|p64*)
+ MIRRORSITE=http://ftp.us.debian.org/debian ;;
+ codethink*)
+ MIRRORSITE=http://ftp.uk.debian.org/debian ;;
+ *)
+ echo "unsupported host, exiting." ; exit 1 ;;
+esac
+# only use eatmydata on armhf+i386 - on amd64+arm64 we build in tmpfs anyway
+case $HOSTNAME in
+ profitbricks-build*i386)
+ EATMYDATA=yes ;;
+ bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*|jtk1*|p64*)
+ EATMYDATA=yes ;;
+ *) ;;
+esac
+EXTRAPACKAGES="" # better list them in bin/reproducible_setup_pbuilder.sh
+APTCACHE=""
+COMPRESSPROG="pigz"
+BUILDPLACE=/srv/workspace/pbuilder # build in /srv/workspace, which is in tmpfs
+
+# set PATH to predictable values, see #780729 and #780725
+PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
+
+# used for reproducible builds tests, when doing the 2nd build
+if [ "$(readlink /proc/1/ns/uts)" != "$(readlink /proc/self/ns/uts)" ]; then
+ PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
+fi
+
+# needed to ignore failures due to running 398 days in the future…
+# (only on those 4 nodes running in the future…)
+if [ "$HOSTNAME" = "profitbricks-build5-amd64" ] || [ "$HOSTNAME" = "profitbricks-build6-i386" ] || \
+ [ "$HOSTNAME" = "profitbricks-build15-amd64" ] || [ "$HOSTNAME" = "profitbricks-build16-i386" ] || \
+ [ "$HOSTNAME" = "codethink-sled9-arm64" ] || [ "$HOSTNAME" = "codethink-sled11-arm64" ] || \
+ [ "$HOSTNAME" = "codethink-sled13-arm64" ] || [ "$HOSTNAME" = "codethink-sled15-arm64" ] ; then
+ case "$PBUILDER_OPERATION" in
+ create)
+ APTGETOPT=(-o Acquire::Check-Valid-Until="false")
+ ;;
+ *) ;;
+ esac
+fi
diff --git a/hosts/p64b-armhf-rb/etc/postfix/main.cf b/hosts/p64b-armhf-rb/etc/postfix/main.cf
new file mode 100644
index 00000000..b1307eab
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/postfix/main.cf
@@ -0,0 +1,41 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = p64b-armhf-rb.debian.net
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = p64b-armhf-rb.debian.net, localhost
+relayhost = mail.holgerlevsen.de
+#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+mailbox_command = /usr/bin/procmail -a "$EXTENSION"
diff --git a/hosts/p64b-armhf-rb/etc/rc.local b/hosts/p64b-armhf-rb/etc/rc.local
new file mode 100755
index 00000000..23952e35
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/rc.local
@@ -0,0 +1,102 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+
+set -x
+
+send_back_to_the_future() {
+ # stop ntp
+ service ntp stop || true
+ # disable systemd date services (and don't fail if systemd ain't running)
+ systemctl disable systemd-timesyncd
+ systemctl disable systemd-timedated
+ systemctl stop systemd-timesyncd || true
+ systemctl stop systemd-timedated || true
+ # set correct date
+ ntpdate -b de.pool.ntp.org
+ # set fake date
+ date --set="+398 days +6 hours + 23 minutes"
+ # finally report success
+ echo "$(date -u) - system is running in the future now" | mail -s "$(hostname -f) in the future" root
+}
+
+put_schroots_on_tmpfs() {
+ # keep schroot sessions on tmpfs
+ [ -L /var/lib/schroot ] || echo "$(date -u) - /var/lib/schroot is not a link (to /srv/workspace/varlibschroot/) as it should, please fix manually"
+ mkdir -p /srv/workspace/varlibschroot
+ cd /srv/workspace/varlibschroot || exit 1
+ mkdir -p mount session union unpack
+ mkdir -p union/overlay union/underlay
+}
+
+fixup_shm() {
+ # this is always harmless
+ chmod 1777 /dev/shm
+}
+
+fixup_mtu() {
+ # only act on systems which have eth0
+ if ip link show eth0 >/dev/null 2>&1 ; then
+ # if MTU != 1500 set it to 1500
+ if [ -z "$(ip link show eth0 | grep 'eth0:' | grep 'mtu 1500 ' || true)" ] ; then
+ ip link set dev eth0 mtu 1500
+ fi
+ fi
+}
+
+#
+# init, notify about reboots
+#
+MESSAGE="$(hostname -f) rebooted"
+echo "$(date -u) - system was rebooted" | mail -s "$MESSAGE" root
+
+#
+# notify jenkins reboots on irc
+#
+if [ "$(hostname)" = "jenkins" ] ; then
+ for channel in debian-qa debian-reproducible ; do
+ kgb-client --conf /srv/jenkins/kgb/$channel.conf --relay-msg "$MESSAGE"
+ done
+fi
+
+#
+# fixup /(dev|run)/shm if needed
+#
+fixup_shm
+
+#
+# fixup eth0's MTU if needed
+fixup_mtu
+
+#
+# put schroots on tmpfs for non debian hosts
+#
+case $(hostname) in
+ profitbricks-build3*) put_schroots_on_tmpfs ;;
+ profitbricks-build4*) put_schroots_on_tmpfs ;;
+ profitbricks-build7*) put_schroots_on_tmpfs ;;
+ *) ;;
+esac
+
+#
+# run some hosts in the future
+#
+case $(hostname) in
+ codethink-sled9*) send_back_to_the_future ;;
+ codethink-sled11*) send_back_to_the_future ;;
+ codethink-sled13*) send_back_to_the_future ;;
+ codethink-sled15*) send_back_to_the_future ;;
+ profitbricks-build4*) send_back_to_the_future ;;
+ profitbricks-build5*) send_back_to_the_future ;;
+ profitbricks-build6*) send_back_to_the_future ;;
+ profitbricks-build15*) send_back_to_the_future ;;
+ profitbricks-build16*) send_back_to_the_future ;;
+ *) ;;
+esac
+
+echo "$(date -u) - system booted up."
+exit 0
diff --git a/hosts/p64b-armhf-rb/etc/schroot/default/fstab b/hosts/p64b-armhf-rb/etc/schroot/default/fstab
new file mode 100644
index 00000000..74468dd2
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/schroot/default/fstab
@@ -0,0 +1,24 @@
+# fstab: static file system information for chroots.
+# Note that the mount point will be prefixed by the chroot path
+# (CHROOT_PATH)
+#
+# <file system> <mount point> <type> <options> <dump> <pass>
+/proc /proc none rw,bind 0 0
+/sys /sys none rw,bind 0 0
+/dev /dev none rw,bind 0 0
+/dev/pts /dev/pts none rw,bind 0 0
+/home /home none rw,bind 0 0
+/tmp /tmp none rw,bind 0 0
+/srv/reproducible-results /srv/reproducible-results none rw,bind 0 0
+/srv/d-i /srv/d-i none rw,bind 0 0
+/srv/jenkins /srv/jenkins none rw,bind 0 0
+/srv/live-build /srv/live-build none rw,bind 0 0
+
+# It may be desirable to have access to /run, especially if you wish
+# to run additional services in the chroot. However, note that this
+# may potentially cause undesirable behaviour on upgrades, such as
+# killing services on the host.
+#/run /run none rw,bind 0 0
+#/run/lock /run/lock none rw,bind 0 0
+/dev/shm /dev/shm none rw,bind 0 0
+/run/shm /run/shm none rw,bind 0 0
diff --git a/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases b/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases
new file mode 100644
index 00000000..72615e5d
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases
@@ -0,0 +1,11 @@
+# System databases to copy into the chroot from the host system.
+#
+# <database name>
+passwd
+shadow
+group
+gshadow
+#services
+protocols
+networks
+hosts
diff --git a/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins
new file mode 100644
index 00000000..96d501ef
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins
@@ -0,0 +1,51 @@
+jenkins ALL= \
+ NOPASSWD: /usr/sbin/debootstrap *, \
+ /usr/bin/tee /schroots/*, \
+ /usr/bin/tee -a /schroots/*, \
+ /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
+ /bin/chmod +x /schroots/*, \
+ /usr/sbin/chroot /schroots/*, \
+ /usr/sbin/chroot /chroots/*, \
+ /usr/sbin/chroot /media/*, \
+ /bin/ls -la /media/*, \
+ /bin/rm -rf --one-file-system /chroots/*, \
+ /bin/rm -rf --one-file-system /schroots/*, \
+ /bin/rm -rf --one-file-system /srv/live-build/*, \
+ /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \
+ /bin/cp -v *.iso /srv/live-build/results/*, \
+ /bin/mv /chroots/* /schroots/*, \
+ /bin/mv /schroots/* /schroots/*, \
+ /bin/umount -l /chroots/*, \
+ /bin/umount -l /schroots/*, \
+ /bin/umount -l /media/*, \
+ /bin/rmdir /media/*, \
+ /bin/mount -o loop*, \
+ /bin/mount --bind *, \
+ /usr/bin/du *, \
+ /bin/kill *, \
+ /usr/bin/file *, \
+ /bin/dd if=/dev/zero of=/dev/jenkins*, \
+ /usr/bin/qemu-system-x86_64 *, \
+ /usr/bin/qemu-img *, \
+ /sbin/lvcreate *, /sbin/lvremove *, \
+ /bin/mkdir -p /media/*, \
+ /usr/bin/guestmount *, \
+ /bin/cp -rv /media/*, \
+ /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
+ SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
+ SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
+ SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
+ /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm -v /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm /var/cache/pbuilder/result/*, \
+ /usr/bin/dcmd rm *.changes, \
+ /usr/bin/dcmd rm *.dsc, \
+ /usr/bin/apt-get update, \
+ /usr/bin/killall timeout, \
+ /usr/sbin/slay 1111, \
+ /usr/sbin/slay 2222, \
+ /usr/sbin/slay jenkins
+
+# keep these environment variables
+Defaults env_keep += "http_proxy", env_reset
diff --git a/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm
new file mode 100644
index 00000000..3c357be2
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm
@@ -0,0 +1,7 @@
+# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner
+# of jenkins script) and the jenkins user itself
+%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL
+%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL
+# allow jenkins-adm to run everything as root
+%jenkins-adm ALL= NOPASSWD: ALL
+
diff --git a/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf b/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf
new file mode 100644
index 00000000..91ed832a
--- /dev/null
+++ b/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf
@@ -0,0 +1,4 @@
+[Unit]
+After=network-online.target
+Wants=network-online.target
+