Commit graph

368 commits

Author SHA1 Message Date
Kiara Grouwstra 5ae71fff99 chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
raito 02f8bc7ca4 chore(o11y): filter by tenancy on node_exporter
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:37 +02:00
raito e0c029ba43 fix: make all buildbot postgres faster
work_mem was effectively absurdly low.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:24 +02:00
raito 3ed36f74fd onboarding: add pennae keys on lix infra
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito b1f4674da0 chore: add tenancy in postgres
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito 226eacdeec chore: add tenancy in node_exporter
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
Ilya K 14935c5e92 fix: update grapevine config 2024-10-21 16:31:26 +03:00
raito bee402fecc fix: ensure that pg_stat_statements is always created as an ext
Otherwise, we will have issues with this exporter.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-21 14:33:18 +02:00
raito 3efdd0f6c9 fix: disable gitiles on gerrit01
It is generating too much traffic and CPU load for no good reason.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-20 11:24:58 +02:00
raito 8c0c7b517f feat: block automatically crawlers if the blocker is enabled
This help us getting rid of useless traffic by crawlers.

It is enabled for gerrit01 which is suffering the most from this.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
raito d5500d7c4e fix(buildbot): bring back the old Gerrit reporting
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito eaf48a0cdd fix(buildbot): use builder-9 as builder-10 is down
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito e3129fec51 fix(buildbot): fix CORS properly
wildcards are not allowed in the headers.
We need to include credentials as well.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito 437293bdaa fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
wildcards are not supported in CORS headers, so this design was quite
wrong actually.

We can just use the actual Gerrit hostname for now.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
mei (ckie) df8a57f91a
users: add ckie 2024-10-18 14:43:25 +03:00
Yureka 97bee26977 new ssh key for yureka 2024-10-10 13:42:29 +00:00
Luke Granger-Brown 84cfbdb050 feat: check formatting and validity of alerts
Fixes #94.
2024-10-07 20:00:54 +00:00
Luke Granger-Brown 6a8f49f180 feat(gerrit): add some basic theming
This is based on some of the preliminary colour work done by @ckie in
the the-distro/floral.systems repo.
2024-10-07 19:27:13 +00:00
Yureka 06dd4d6e85 update hydra 2024-10-07 19:25:51 +02:00
Luke Granger-Brown de085155a6 fix: update paths to floral secrets to secrets/floral/ 2024-10-07 15:48:05 +00:00
Luke Granger-Brown 2001012325 feat(uptime-kuma): status.forkos.org should point at the ForkOS page 2024-10-07 15:47:33 +00:00
raito fbf26302b6 hotfix(lix): use build01 features for build02 remote builder
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:27 +02:00
raito 1701a2b388 hotfix: bump buildbot-nix to restore backward compat with Lix deployments
We oopsie dropped `hydraJobs` support to move to `buildbotJobs`.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:19 +02:00
raito decc9963ee feat: add buildbot.lix.systems
This introduces a new Buildbot instance using all the previous work.

This is a "Raito's VM" hardware type.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
raito daa99e83e8 fix(buildbot): add gerrit.lix.systems as known host
Otherwise, buildbot cannot listen to the stream of events.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:04 +02:00
raito 160e7c5ecb fix(secrets): rekey for buildbot.lix.systems and build02.aarch64.lix.systems
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:52:37 +02:00
raito b56b8963a2 feat: introduce Buildbot multi-tenancy
This shares the same expression to deploy the Buildbot.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito 192ba49f7c fix(secrets): lists of lists are wrong, prepend the globals
Otherwise, I won't be in the list.

This adds the active infra core members of Lix as well.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito 9ad7e7b139 feat(tenancy): tag machines accordingly to their tenancy
@lix for Lix machines.
@floral for Floral machines.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito 96f5d45ff3 feat(lix): add buildbot.lix.systems key for extra build capacity
Otherwise, buildbot.lix.systems will not be able to access it anymore.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito 3df1697289 fix(secrets): rekey the monitoring password
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito 76276a8da3 feat: add build01.aarch64.lix.systems
This is the first Lix machine we are enrolling in our infrastructure
(!).

It's using all the previous commits to make it cozy with our current
infra style.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito 7e205b16d0 feat(common/hardware/oracle-vm): enable systemd initrd
Let's minimize the amount of scripted initrd stuff if we can.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito 1e421889e4 feat(monitoring): add static label for tenancy
So we can distinguish easily things in the dashboards.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
raito 8838709a95 fix(common/hardware/oracle-vm): forgotten virtio modules
Otherwise, the machine won't reboot because virtio-scsi is not available
in the initrd.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:04 +02:00
raito 002db9a78f feat: introduce tenant-specific extra build capacity
At Lix, we have few aarch64-linux and aarch64-darwin systems we use to
boost our CI.

This is a module to handle tenant-specific extra build capacity without
it leaking over the rest of the deployment.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:23 +02:00
raito 6978c1271d feat: introduce floral and lix common modules
This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:11 +02:00
raito 92560708b8 feat: multi-tenant secrets
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.

This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito 3b6be269d6 feat: introduce Oracle VMs and Hetzner VMs as hardware types
This includes aarch64-linux variants for these hosters.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito acaaad68bb feat: introduce resource control over all machines
We were using over all our machines in the Lix infrastructure.
It still makes sense for all our machines.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito 3c9b077bb2 feat: add more admins tools from lix infra
We had this in our equivalent file.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito c23d290647 docs(README.md): explain how to deploy things
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito c0689e6832 feat: add @localboot tags for machine which can be deployed
colmena does not support netboot deployment, this is fine. We can fix it
later.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito a2eecd1886 feat(buildbot): disable manhole debugging
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
raito b5d412a5ba feat: adopt new version of Buildbot with incoming ref data
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
Yureka 01f8322df9 update hydra/lix 2024-10-05 23:33:17 +02:00
Yureka 3072dfad55 update flake inputs 2024-10-05 23:30:21 +02:00
Maxine Aubrey 86e833f52a
chore(tf): drop all gandi resources 2024-10-05 18:46:45 +02:00
raito 1a862b2b0f hotfix: add the path to the stateless uptime kuma's password file
Forgotten in the previous merge.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:33:38 +02:00
raito 6d3e14ec27 feat: finer-grained ACLs for server accesses
In the process of adding multi-tenant infrastructure, it seems relevant
to add finer-grained ACLs.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:20:19 +02:00