raito
7e205b16d0
feat(common/hardware/oracle-vm): enable systemd initrd
...
Let's minimize the amount of scripted initrd stuff if we can.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito
1e421889e4
feat(monitoring): add static label for tenancy
...
So we can distinguish easily things in the dashboards.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
raito
8838709a95
fix(common/hardware/oracle-vm): forgotten virtio modules
...
Otherwise, the machine won't reboot because virtio-scsi is not available
in the initrd.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:04 +02:00
raito
002db9a78f
feat: introduce tenant-specific extra build capacity
...
At Lix, we have few aarch64-linux and aarch64-darwin systems we use to
boost our CI.
This is a module to handle tenant-specific extra build capacity without
it leaking over the rest of the deployment.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:23 +02:00
raito
6978c1271d
feat: introduce floral and lix common modules
...
This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:11 +02:00
raito
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
3b6be269d6
feat: introduce Oracle VMs and Hetzner VMs as hardware types
...
This includes aarch64-linux variants for these hosters.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
acaaad68bb
feat: introduce resource control over all machines
...
We were using over all our machines in the Lix infrastructure.
It still makes sense for all our machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
3c9b077bb2
feat: add more admins tools from lix infra
...
We had this in our equivalent file.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
c23d290647
docs(README.md): explain how to deploy things
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito
c0689e6832
feat: add @localboot tags for machine which can be deployed
...
colmena does not support netboot deployment, this is fine. We can fix it
later.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito
a2eecd1886
feat(buildbot): disable manhole debugging
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
raito
b5d412a5ba
feat: adopt new version of Buildbot with incoming ref data
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
Yureka
01f8322df9
update hydra/lix
2024-10-05 23:33:17 +02:00
Yureka
3072dfad55
update flake inputs
2024-10-05 23:30:21 +02:00
Maxine Aubrey
86e833f52a
chore(tf): drop all gandi resources
2024-10-05 18:46:45 +02:00
raito
1a862b2b0f
hotfix: add the path to the stateless uptime kuma's password file
...
Forgotten in the previous merge.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:33:38 +02:00
raito
6d3e14ec27
feat: finer-grained ACLs for server accesses
...
In the process of adding multi-tenant infrastructure, it seems relevant
to add finer-grained ACLs.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:20:19 +02:00
Ilya K
5582a0a29b
Fix Hydra exporter crash loop nonsense
2024-10-01 19:27:13 +03:00
Ilya K
4ddf87fa8e
Add new metric to Hydra exporter
2024-10-01 19:27:05 +03:00
Ilya K
98d899fabc
Update Hydra
2024-10-01 19:26:58 +03:00
Kiara Grouwstra
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
Ilya K
e2c6550796
Hydra metrics
...
Yoink the nixos org exporter, rewrite most of it, deploy
2024-10-01 19:06:26 +03:00
raito
4749d204bf
feat: add stateless-uptime-kuma-password secret
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-29 16:01:23 +02:00
raito
c86cefe21f
Merge pull request 'feat(gerrit): run git-gc-preserve on a daily timer' ( #110 ) from gerrit-gc into main
2024-09-28 20:13:39 +00:00
raito
f321ab6450
users: add winterqt
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-28 21:09:06 +02:00
Maxine Aubrey
8d95d1f850
fix(dns): dnsimple expects FQDNs in CNAMEs
...
DNSimple doesn't appear to follow the typical behaviour of appending the
domain unless the CNAME is terminated with `.`
To avoid further problems, let's just explicilty use the FQDN for all
CNAMEs.
https://support.dnsimple.com/articles/cname-record/
For comparison:
```
;; ANSWER SECTION:
alerts.forkos.org. 300 IN CNAME meta01.infra.p.
```
```
;; ANSWER SECTION:
alerts.forkos.org. 181 IN CNAME meta01.infra.p.forkos.org.
meta01.infra.p.forkos.org. 181 IN A 163.172.69.160
```
2024-09-24 23:11:28 +02:00
Maxine Aubrey
29c1b366c6
feat(dns): migrate forkos.org zone to dnsimple
2024-09-24 21:10:39 +02:00
Maxine Aubrey
16027be2ca
fix(dns): apex cnames are not allowed
...
change flowery.systems from CNAME to ALIAS pointing to news.forkos.org
2024-09-24 20:50:41 +02:00
Janik Haag
d780f18534
Merge pull request 'feat(dns): migrate functions from gandi to dnsimple' ( #113 ) from janik/dnsimple into main
...
Reviewed-on: the-distro/infra#113
Reviewed-by: Maxine Aubrey <max@ine.dev>
2024-09-24 18:37:55 +00:00
Janik Haag
8acc60e328
feat(dns): migrate functions from gandi to dnsimple
2024-09-24 00:25:58 +02:00
Maxine Aubrey
e3b6cb72b4
feat(dns): add dnsimple to terraform configuration
2024-09-23 19:49:21 +02:00
Janik Haag
d462e8ca9c
feat(gerrit): run git-gc-preserve on a daily timer
2024-09-18 22:27:57 +02:00
raito
94d1881e10
feat(gerrit): add git-gc-preserve script
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-02 11:05:54 +02:00
raito
132d2866b5
feat(channels): add minimal ISO for x86_64-linux
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 20:14:02 +02:00
raito
a14f496db8
fix(channel-scripts): fix RUST_LOG=info
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 20:03:11 +02:00
raito
c2ad3d6d26
fix(channel-scripts): push OTLP properly now
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:56:46 +02:00
raito
4c7943349b
fix(flake): bump channel-scripts to obtain the fixed rename
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:50:02 +02:00
raito
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
Ilya K
c1712dc1fa
Set up tempo
2024-08-31 15:05:30 +03:00
raito
8073ae6942
feat(s3-revproxy): tune the cache-control
...
Adopt the original values from the Perl script.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:52:13 +02:00
raito
c38e9b482f
feat(web): provide a directory listing via s3-revproxy
...
Thanks to Jade Lovelace who built all this machinery for Lix initially.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:29:18 +02:00
raito
9063138156
feat(secrets): add s3 reverse proxy API keys
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:19:49 +02:00
raito
322f10d9ae
feat(dns): add raw S3 reverse proxies domains for channel scripts
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:19:40 +02:00
Ilya K
bf7252c210
terraform/hydra: more nixpkgses now
2024-08-30 21:34:30 +03:00
raito
c969625b0f
fix(sniproxy): outside/inside of infra, the ingress IPs are different
...
In my infrastructure, the source node is 99::1, outside of my infra,
it's ::1.
All of this machinery was never really meant to be used on this scale,
so oopsie.
We should build our own sniproxy at some point.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-30 19:01:44 +02:00
raito
1b22c1f0ae
fix(hydra): proxy it over my sniproxy
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-30 18:34:35 +02:00
Ilya K
30d759edf4
terraform/hydra: switch k900-experiments jobset to less-nixpkgses branch
2024-08-30 19:22:09 +03:00
Pierre Bourdon
cd92c9588f
flake.lock: Update
...
Flake lock file updates:
• Updated input 'hydra':
'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=f1b552ecbf2d011cd4fdb93d7d117388ab9c0027 ' (2024-08-12)
→ 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=44b9a7b95d23e7a8587cb963f00382046707f2db ' (2024-08-25)
• Updated input 'hydra/lix':
'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=5137cea99044d54337e439510a647743110b2d7d ' (2024-08-10)
→ 'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=278fddc317cf0cf4d3602d0ec0f24d1dd281fadb ' (2024-08-17)
• Updated input 'hydra/nix-eval-jobs':
'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=c057494450f2d1420726ddb0bab145a5ff4ddfdd ' (2024-07-17)
→ 'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=42a160bce2fd9ffebc3809746bc80cc7208f9b08 ' (2024-08-13)
• Updated input 'hydra/nix-eval-jobs/flake-parts':
'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
→ 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
• Updated input 'hydra/nix-eval-jobs/treefmt-nix':
'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15)
→ 'github:numtide/treefmt-nix/349de7bc435bdff37785c2466f054ed1766173be' (2024-08-12)
2024-08-25 22:07:24 +02:00
raito
024b431cbc
feat(grafana): plug jsonnet-based dashboards in provisioning
...
Add the gerrit dashboards as an example.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-24 16:32:21 +02:00