Commit graph

287 commits

Author SHA1 Message Date
Luke Granger-Brown 2b8f42dcda secrets: add gerrit-prometheus-bearer-token 2024-07-15 11:02:54 +00:00
Luke Granger-Brown f14bba14a3 gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
raito 0723b7de42 Merge pull request 'terraform/gandi: more sniproxying for bagel-box,meta-01' (#67) from ckie/moarr-v4 into main
Reviewed-on: the-distro/infra#67
Reviewed-by: raito <raito@noreply.git.lix.systems>
2024-07-14 18:44:21 +00:00
mei (ckie) 3c2691d9e2
terraform/gandi: introduce proxyRecords and proxy web services 2024-07-14 21:39:42 +03:00
Luke Granger-Brown a44196fc3c flake: update nix-gerrit 2024-07-13 18:24:05 +01:00
Ilya K 7a937e837a Unlimit Mimir max series 2024-07-13 15:52:46 +03:00
Pierre Bourdon ecfe0ec886
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14' (2024-07-13)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84' (2024-07-13)
2024-07-13 06:13:22 +02:00
Pierre Bourdon 7d9461808c
builders: configure a swapfile + zswap 2024-07-13 04:40:51 +02:00
Pierre Bourdon 293bc52ace
hydra: reduce number of parallel builds per builder to limit RAM consumption 2024-07-13 04:38:24 +02:00
Pierre Bourdon 64079be3c0
flake.lock: Update
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
  → 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=a9a2679793a17325c966dec4cbb27d44b0531694' (2024-06-24)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14' (2024-07-13)
• Updated input 'hydra/nix':
    'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4c3d93611f2848c56ebc69c85f2b1e18001ed3c7' (2024-06-24)
  → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4b109ec1a8fc4550150f56f0f46f2f41d844bda8' (2024-07-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
  → 'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
2024-07-13 03:12:13 +02:00
Janik Haag 9189b73a5f devShell: change colmena to the nixpkgs version
this is done to avoid unnecessarily recompiling colmena
2024-07-13 01:10:59 +00:00
Janik Haag af515792cc admins: add janik 2024-07-13 01:10:39 +00:00
Janik Haag b4deee29af editorconfig: init
Add a barebones `.editorconfig` to at least trim whitspaces and enforce some minimal norms
2024-07-13 01:10:18 +00:00
Pierre Bourdon 756341ea4c
builders: tune sshd MaxStartups to avoid rate limiting Hydra 2024-07-12 21:57:04 +02:00
Janik Haag bed5ef022f
change the default user shell to zsh 2024-07-12 19:50:34 +02:00
Yureka e6ead602f0 builders get a special treatment for dns64 2024-07-11 02:05:58 +02:00
Yureka 329f267b02 enable nftables on all hosts 2024-07-11 02:05:35 +02:00
Yureka b14f155d55 add ipmitool on vpn-gw and builders 2024-07-10 20:49:17 +02:00
Pierre Bourdon c8208f42ef
flake: attempt to fix the hydraJobs definition 2024-07-10 19:03:18 +02:00
Pierre Bourdon 087d17c681
tf/hydra: add a project/jobset for infra machine configurations 2024-07-10 18:52:43 +02:00
Pierre Bourdon d2336262fb
hydra: set allowed URIs in restricted mode for flake inputs 2024-07-10 18:52:22 +02:00
Pierre Bourdon f35cfbd567
flake: configure some hydra jobs (all machine configurations) 2024-07-10 18:43:54 +02:00
Pierre Bourdon 58325e30dd
common/nix: use bagel-cache by default 2024-07-10 18:17:30 +02:00
Pierre Bourdon 411d514ab9
hydra: user hydra-www needs nix-daemon access too 2024-07-10 17:36:39 +02:00
Pierre Bourdon f74d1ca0f6
hydra: start signing paths 2024-07-10 17:34:57 +02:00
Pierre Bourdon 70e608a8f7
common: provide a pinned nixpkgs on all infra machines 2024-07-10 17:17:18 +02:00
Yureka 4e869a9f43 fix bmc dhcp 2024-07-10 15:54:46 +02:00
Yureka 3cbdbc45f7 more quality of life improvements... 2024-07-10 15:54:30 +02:00
Yureka 7ba42d99d1 reduce hydra builders to 4 2024-07-10 15:08:28 +02:00
Ilya K 254e161c07 Give wob-vpn-gw a proper hostname 2024-07-10 15:34:05 +03:00
Ilya K a9f45daac8 Rename machine folders, clean up flake 2024-07-10 15:24:47 +03:00
Ilya K 787b3af638 Add wob-vpn-gw key, rekey metrics push password for it 2024-07-10 15:13:05 +03:00
Ilya K e608b92e4f Add htop and btop to default machine config 2024-07-10 15:01:09 +03:00
Ilya K e84b362b7a Allow 12 hour of backfill for metrics
This is somewhat experimental and may explode, but we'll see, I guess
2024-07-10 14:59:09 +03:00
Ilya K 9e7e6d42ab Make nginx/loki/mimir go fast 2024-07-10 14:55:28 +03:00
Pierre Bourdon f2c2bc5ab6
hydra: output machine host key as base64 in the generated machines.conf 2024-07-10 02:16:45 +02:00
Pierre Bourdon f214da9228
hydra: add hydra to nix trusted-users 2024-07-10 02:03:33 +02:00
Pierre Bourdon 0e24c18815
tf/hydra: add a test staging-small nixpkgs jobset 2024-07-10 01:57:12 +02:00
Pierre Bourdon 2ac0a599fb
bagel-box: fix missing toString 2024-07-10 01:51:31 +02:00
raito 0ccf0b023e Merge pull request 'hydra: moar power' (#51) from moar-builders into main
Reviewed-on: the-distro/infra#51
Reviewed-by: Luke Granger-Brown <lukegb@noreply.git.lix.systems>
2024-07-09 23:32:38 +00:00
Luke Granger-Brown 82db8f7f1e gerrit01: some more tuning
* flip off proxy_buffering again
* enable REVWALK_USE_PRIORITY_QUEUE
* enable delta compression, because that's not a bottleneck and it's
  nicer on bandwidth
2024-07-10 00:27:36 +01:00
raito 7b7a645cfc hydra: moar power
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:27:35 +02:00
Yureka 39d2352bbc general quality of life improvements 2024-07-09 23:26:12 +00:00
Yureka a7d21e96a0 add global hardening options 2024-07-09 23:26:12 +00:00
raito c51676a560 Merge pull request 'hydra: unplug the EPYC' (#49) from unplug-epyc into main
Reviewed-on: the-distro/infra#49
2024-07-09 23:26:08 +00:00
raito 9988811be5 hydra: unplug the EPYC
thank you for your testing services

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:13:10 +02:00
Pierre Bourdon afaf49eb97
secrets: rekey 2024-07-10 01:05:05 +02:00
Pierre Bourdon bc8ef7b5fc
ssh-keys: remove raito's key which is too NSA'd for agenix 2024-07-10 01:04:48 +02:00
Pierre Bourdon 61e8048445
sysadmin: remove pwru, does not build on latest nixpkgs 2024-07-10 01:01:27 +02:00
Pierre Bourdon 2ebb0e82e8
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9693852a2070b398ee123a329e68f0dab5526681' (2024-06-22)
  → 'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
2024-07-10 01:01:17 +02:00