Luke Granger-Brown
2b8f42dcda
secrets: add gerrit-prometheus-bearer-token
2024-07-15 11:02:54 +00:00
Luke Granger-Brown
f14bba14a3
gitignore: add secrets (but not encrypted secrets) to gitignore
2024-07-15 11:02:54 +00:00
raito
0723b7de42
Merge pull request 'terraform/gandi: more sniproxying for bagel-box,meta-01' ( #67 ) from ckie/moarr-v4 into main
...
Reviewed-on: the-distro/infra#67
Reviewed-by: raito <raito@noreply.git.lix.systems>
2024-07-14 18:44:21 +00:00
mei (ckie)
3c2691d9e2
terraform/gandi: introduce proxyRecords
and proxy web services
2024-07-14 21:39:42 +03:00
Luke Granger-Brown
a44196fc3c
flake: update nix-gerrit
2024-07-13 18:24:05 +01:00
Ilya K
7a937e837a
Unlimit Mimir max series
2024-07-13 15:52:46 +03:00
Pierre Bourdon
ecfe0ec886
flake.lock: Update
...
Flake lock file updates:
• Updated input 'hydra':
'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14 ' (2024-07-13)
→ 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84 ' (2024-07-13)
2024-07-13 06:13:22 +02:00
Pierre Bourdon
7d9461808c
builders: configure a swapfile + zswap
2024-07-13 04:40:51 +02:00
Pierre Bourdon
293bc52ace
hydra: reduce number of parallel builds per builder to limit RAM consumption
2024-07-13 04:38:24 +02:00
Pierre Bourdon
64079be3c0
flake.lock: Update
...
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
→ 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
• Updated input 'hydra':
'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=a9a2679793a17325c966dec4cbb27d44b0531694 ' (2024-06-24)
→ 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14 ' (2024-07-13)
• Updated input 'hydra/nix':
'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4c3d93611f2848c56ebc69c85f2b1e18001ed3c7 ' (2024-06-24)
→ 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4b109ec1a8fc4550150f56f0f46f2f41d844bda8 ' (2024-07-11)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
→ 'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
2024-07-13 03:12:13 +02:00
Janik Haag
9189b73a5f
devShell: change colmena to the nixpkgs version
...
this is done to avoid unnecessarily recompiling colmena
2024-07-13 01:10:59 +00:00
Janik Haag
af515792cc
admins: add janik
2024-07-13 01:10:39 +00:00
Janik Haag
b4deee29af
editorconfig: init
...
Add a barebones `.editorconfig` to at least trim whitspaces and enforce some minimal norms
2024-07-13 01:10:18 +00:00
Pierre Bourdon
756341ea4c
builders: tune sshd MaxStartups to avoid rate limiting Hydra
2024-07-12 21:57:04 +02:00
Janik Haag
bed5ef022f
change the default user shell to zsh
2024-07-12 19:50:34 +02:00
Yureka
e6ead602f0
builders get a special treatment for dns64
2024-07-11 02:05:58 +02:00
Yureka
329f267b02
enable nftables on all hosts
2024-07-11 02:05:35 +02:00
Yureka
b14f155d55
add ipmitool on vpn-gw and builders
2024-07-10 20:49:17 +02:00
Pierre Bourdon
c8208f42ef
flake: attempt to fix the hydraJobs definition
2024-07-10 19:03:18 +02:00
Pierre Bourdon
087d17c681
tf/hydra: add a project/jobset for infra machine configurations
2024-07-10 18:52:43 +02:00
Pierre Bourdon
d2336262fb
hydra: set allowed URIs in restricted mode for flake inputs
2024-07-10 18:52:22 +02:00
Pierre Bourdon
f35cfbd567
flake: configure some hydra jobs (all machine configurations)
2024-07-10 18:43:54 +02:00
Pierre Bourdon
58325e30dd
common/nix: use bagel-cache by default
2024-07-10 18:17:30 +02:00
Pierre Bourdon
411d514ab9
hydra: user hydra-www needs nix-daemon access too
2024-07-10 17:36:39 +02:00
Pierre Bourdon
f74d1ca0f6
hydra: start signing paths
2024-07-10 17:34:57 +02:00
Pierre Bourdon
70e608a8f7
common: provide a pinned nixpkgs on all infra machines
2024-07-10 17:17:18 +02:00
Yureka
4e869a9f43
fix bmc dhcp
2024-07-10 15:54:46 +02:00
Yureka
3cbdbc45f7
more quality of life improvements...
2024-07-10 15:54:30 +02:00
Yureka
7ba42d99d1
reduce hydra builders to 4
2024-07-10 15:08:28 +02:00
Ilya K
254e161c07
Give wob-vpn-gw a proper hostname
2024-07-10 15:34:05 +03:00
Ilya K
a9f45daac8
Rename machine folders, clean up flake
2024-07-10 15:24:47 +03:00
Ilya K
787b3af638
Add wob-vpn-gw key, rekey metrics push password for it
2024-07-10 15:13:05 +03:00
Ilya K
e608b92e4f
Add htop and btop to default machine config
2024-07-10 15:01:09 +03:00
Ilya K
e84b362b7a
Allow 12 hour of backfill for metrics
...
This is somewhat experimental and may explode, but we'll see, I guess
2024-07-10 14:59:09 +03:00
Ilya K
9e7e6d42ab
Make nginx/loki/mimir go fast
2024-07-10 14:55:28 +03:00
Pierre Bourdon
f2c2bc5ab6
hydra: output machine host key as base64 in the generated machines.conf
2024-07-10 02:16:45 +02:00
Pierre Bourdon
f214da9228
hydra: add hydra to nix trusted-users
2024-07-10 02:03:33 +02:00
Pierre Bourdon
0e24c18815
tf/hydra: add a test staging-small nixpkgs jobset
2024-07-10 01:57:12 +02:00
Pierre Bourdon
2ac0a599fb
bagel-box: fix missing toString
2024-07-10 01:51:31 +02:00
raito
0ccf0b023e
Merge pull request 'hydra: moar power' ( #51 ) from moar-builders into main
...
Reviewed-on: the-distro/infra#51
Reviewed-by: Luke Granger-Brown <lukegb@noreply.git.lix.systems>
2024-07-09 23:32:38 +00:00
Luke Granger-Brown
82db8f7f1e
gerrit01: some more tuning
...
* flip off proxy_buffering again
* enable REVWALK_USE_PRIORITY_QUEUE
* enable delta compression, because that's not a bottleneck and it's
nicer on bandwidth
2024-07-10 00:27:36 +01:00
raito
7b7a645cfc
hydra: moar power
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:27:35 +02:00
Yureka
39d2352bbc
general quality of life improvements
2024-07-09 23:26:12 +00:00
Yureka
a7d21e96a0
add global hardening options
2024-07-09 23:26:12 +00:00
raito
c51676a560
Merge pull request 'hydra: unplug the EPYC' ( #49 ) from unplug-epyc into main
...
Reviewed-on: the-distro/infra#49
2024-07-09 23:26:08 +00:00
raito
9988811be5
hydra: unplug the EPYC
...
thank you for your testing services
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:13:10 +02:00
Pierre Bourdon
afaf49eb97
secrets: rekey
2024-07-10 01:05:05 +02:00
Pierre Bourdon
bc8ef7b5fc
ssh-keys: remove raito's key which is too NSA'd for agenix
2024-07-10 01:04:48 +02:00
Pierre Bourdon
61e8048445
sysadmin: remove pwru, does not build on latest nixpkgs
2024-07-10 01:01:27 +02:00
Pierre Bourdon
2ebb0e82e8
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/9693852a2070b398ee123a329e68f0dab5526681' (2024-06-22)
→ 'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
2024-07-10 01:01:17 +02:00