kfearsoff/infra
0
0
Fork 0
forked from the-distro/infra
Code Pull requests Activity
%!d() commits 21 branches 0 tags 2 MiB
Commit graph

114 commits

Author SHA1 Message Date
Pierre Bourdon c33326f836
hydra: switch to using mTLS instead of local peer auth 2024-08-16 08:19:18 +02:00
Pierre Bourdon 0dd333c573
postgres: add mTLS support 
New client certs can be minted via the provided script, which is meant
to be run on the postgres server (where the CA private key is
conveniently deployed).
 2024-08-16 07:59:12 +02:00
Pierre Bourdon 29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot"" 
This reverts commit 17c342b33e.

Grapevine's use of IFD was fixed upstream.
 2024-08-15 16:22:22 +02:00
Pierre Bourdon 90325344a3
Reserve builder-11 for build coordination, rename to build-coord 2024-08-13 19:12:36 +02:00
Pierre Bourdon 17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot" 
This partially reverts commit d2f3ca5624.

Said commit requires IFD to eval, which is generally unwanted, and is
currently forbidden on Hydra (imo: rightfully so, we should try to
properly separate evals from builds).

The services/ file for grapevine is kept but will not work without the
flake.nix change reapplied.
 2024-08-13 00:35:10 +02:00
raito 84efd0976d feat(alerts): add a sync failed too often alert 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-09 16:25:34 +02:00
raito e2f5a7b0e4 feat(alerts): add basic postgresql alerts 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-09 16:06:34 +02:00
raito 7388de79c4 feat(alerts): add some basic "host & hardware" alerts 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-09 16:06:34 +02:00
Ilya K f8cad42b5c Set up alertmanager-hookshot-adapter 2024-08-09 14:03:56 +00:00
Ilya K 9ad279a505 Set up admins + DNS for hookshot 2024-08-09 14:03:56 +00:00
Ilya K d2f3ca5624 Add Grapevine Matrix server and matrix-hookshot 
It doesn't want to work.
 2024-08-09 14:03:56 +00:00
Yureka b6375b8294 add staging sync services 2024-08-08 15:16:04 +02:00
Yureka 420e6915df Vous avez des branches divergentes et vous devez spécifier comment les réconcilier 2024-08-08 10:39:00 +02:00
Yureka dbb4e03292 Revert "builders: direct buildbot to /mnt store via ForceCommand" 
This reverts commit dfd48f2179.
 2024-08-08 10:37:42 +02:00
Yureka cd0621ba55 builders/netboot: add separate firmware_part output 2024-08-06 13:26:51 +02:00
Yureka dfd48f2179 builders: direct buildbot to /mnt store via ForceCommand 2024-08-06 13:26:35 +02:00
Yureka 77ff556583 builders: fix provisioning of ssh hostkeys 2024-08-05 08:18:20 +02:00
Yureka fe3cb577c1 fix eval 2024-08-05 07:20:59 +02:00
Yureka 20fc4c8f96 builders: move provisioning of ssh hostkeys to a systemd service 
at first activation it does not yet have a working network setup
 2024-08-05 07:17:45 +02:00
Yureka bce44930b1 builders: provision ssh hostkeys on boot 2024-08-04 18:12:02 +02:00
Yureka 79dea0686b add 'notipxe' netboot loader based on systemd-initrd + u-root 2024-08-03 20:28:57 +02:00
Yureka aeb8102ae4 builders: do not mount / and /boot on netboot systems 2024-08-03 20:01:39 +02:00
Yureka 830dcbf6bc builders: do not mount / and /boot on netboot systems 2024-08-03 18:41:01 +02:00
Yureka 93822775a9 baremetal-builders: do not create swapfile on rootfs when netbooting 2024-08-03 18:10:59 +02:00
Yureka dd028656ac builders: fix serial console 2024-08-02 13:21:04 +02:00
Yureka 88317d099c attempt to fix netboot hydra jobs 2024-08-02 01:05:20 +02:00
Yureka 1cbf286f18 build netboot files from hydra 2024-08-01 22:47:25 +02:00
Yureka 6dc424dd43 wob01: serve an ipxe over iusb-spoof 2024-08-01 22:16:48 +02:00
Yureka 504a443acc adjust hydra-gc numbers 
we want to see how garbage collection would behave on a 480GB drive
 2024-07-31 23:44:08 +02:00
emily 96d58bbd41
forgejo: disable users explore page 
This was requested and should make it a decent bit more difficult to get
a somewhat complete list of users on this instance.

We are, however, aware of other endpoints that can be used to get to a
similar result. Those just aren't as convenient nor obvious.

https://forgejo.org/docs/latest/admin/config-cheat-sheet/#service---explore-serviceexplore
 2024-07-31 01:42:05 +02:00
Yureka 5154906aac fix eval in assignments.nix 2024-07-30 17:23:54 +02:00
Yureka f3828368e6 hydra: set reasonable max-jobs and cores 2024-07-30 17:03:12 +02:00
Yureka 4e2d21930f baremetal-builders: detect percent_filled for the correct partition 2024-07-30 13:59:46 +02:00
Yureka 99259356f2 make buildbot-signing-key accessible to buildbot-worker 2024-07-28 23:30:38 +02:00
Yureka 5474832b07 baremetal builders: filesystem optimizations 2024-07-28 19:20:23 +02:00
Yureka 15a684c5d7 baremetal-builders: more 'intelligent' gc 2024-07-26 12:17:27 +02:00
Yureka 74e06ac6d0 hydra gc every 20h 
metrics analysis has showed that this is unlikely to fill up the builders
 2024-07-24 09:35:18 +02:00
raito e5a3ce2283 buildbot fixes (#76) 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Signed-off-by: Yureka <yureka@forkos.org>
Co-authored-by: raito <raito@noreply.git.lix.systems>
Co-committed-by: raito <raito@noreply.git.lix.systems>
 2024-07-24 06:44:25 +00:00
Ilya K bebc7f2586 We have nothing to hide 2024-07-23 18:09:49 +03:00
Pierre Bourdon 608c0e5973
hydra: bump to 16 evaluation workers, we have enough RAM and cores to afford it 2024-07-22 23:13:33 +02:00
raito 62ccc0282b fix(ows): per-job runtime directories + proper local refspec 
The local refspec was weird and exploiting a edge case for the nixpkgs
jobs where local and from were the same.

We are more explicit now, which fixes the sandbox jobs.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-07-22 15:41:47 +02:00
Yureka d84a43b781 builders: run gc 3x per day 
We can still adjust it if the disks fill up, but currently it is too frequent
 2024-07-21 19:49:21 +02:00
Yureka 2dc5899660 baremetal: run hydra store gc as builder user 2024-07-20 17:00:39 +02:00
Yureka adaf4b0aef baremetal: tmp on the same filesystem as hydra store 2024-07-20 17:00:39 +02:00
Yureka 5bde7e2358 use dedicated store partition for hydra builds 2024-07-20 15:14:00 +02:00
Yureka d9809e1e78 gerrit-one-way-sync: disallow auto-merging a staging iteration into master 2024-07-20 15:14:00 +02:00
Yureka 3fa4a25d87 gerrit-one-way-sync: set git user info 2024-07-20 15:14:00 +02:00
Yureka 0ff5eea4ed gerrit-one-way-sync: merge instead of rebase 2024-07-20 15:14:00 +02:00
raito 80c4757571 gerrit01: add a one-way-sync service 
It's basic and does not handle conflicts which needs to be manually
managed.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-07-19 17:52:44 +02:00
Ilya K d1e64b6610 Fix eval warning here too 2024-07-19 12:06:03 +03:00