raito
2c4e60760f
feat: introduce a Vault module for secrets management
...
Via a fork of the Linux Foundation, called OpenBao.
The module supports high availability but we only have one node for now.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 21:49:44 +01:00
raito
dc23bb7054
feat: introduce awareness module for WAN addresses
...
Introduce a data-only module to perform abstraction on the deployment,
we use it for WAN for now.
The usecase is service discovery for simple cases.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 21:47:53 +01:00
raito
84899b48ea
feat(channel-scripts): support push to git and automatic cleanup of failed streaming
...
Now, we won't pile a bunch of failed streaming attempts and this will
automatically push to git.
Credentials are left to be done for the push to actually work.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 19:06:47 +01:00
raito
112f60afd1
feat(ows): support moving away onewaysync
...
We are running into too many out of disk space situations with OWS on
the main disk.
This way, we can reuse the Gerrit disk for all that data, which
hopefully, is quite shared with Gerrit.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 14:42:22 +00:00
Yureka
2e7a702c28
adjust builder assignments
2024-12-09 10:28:20 +01:00
Ilya K
cae763e8dd
ofborg: enable nginx for certs
2024-11-17 14:48:08 +03:00
Ilya K
54e8282aac
fix: use promtool to verify rules, fix format
2024-11-12 23:21:30 +03:00
Ilya K
b08330c42b
fix: allow insecure netbox
2024-11-12 22:52:11 +03:00
raito
f56576d644
fix: add util-linux in git-gc-preserve
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:54 +01:00
raito
02f8bc7ca4
chore(o11y): filter by tenancy on node_exporter
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:37 +02:00
raito
e0c029ba43
fix: make all buildbot postgres faster
...
work_mem was effectively absurdly low.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:24 +02:00
raito
b1f4674da0
chore: add tenancy in postgres
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito
226eacdeec
chore: add tenancy in node_exporter
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
Ilya K
14935c5e92
fix: update grapevine config
2024-10-21 16:31:26 +03:00
raito
bee402fecc
fix: ensure that pg_stat_statements is always created as an ext
...
Otherwise, we will have issues with this exporter.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-21 14:33:18 +02:00
raito
3efdd0f6c9
fix: disable gitiles on gerrit01
...
It is generating too much traffic and CPU load for no good reason.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-20 11:24:58 +02:00
raito
8c0c7b517f
feat: block automatically crawlers if the blocker is enabled
...
This help us getting rid of useless traffic by crawlers.
It is enabled for gerrit01 which is suffering the most from this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
raito
e3129fec51
fix(buildbot): fix CORS properly
...
wildcards are not allowed in the headers.
We need to include credentials as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
Luke Granger-Brown
84cfbdb050
feat: check formatting and validity of alerts
...
Fixes #94 .
2024-10-07 20:00:54 +00:00
Luke Granger-Brown
6a8f49f180
feat(gerrit): add some basic theming
...
This is based on some of the preliminary colour work done by @ckie in
the the-distro/floral.systems repo.
2024-10-07 19:27:13 +00:00
Luke Granger-Brown
de085155a6
fix: update paths to floral secrets to secrets/floral/
2024-10-07 15:48:05 +00:00
Luke Granger-Brown
2001012325
feat(uptime-kuma): status.forkos.org should point at the ForkOS page
2024-10-07 15:47:33 +00:00
raito
fbf26302b6
hotfix(lix): use build01 features for build02 remote builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:27 +02:00
raito
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
1e421889e4
feat(monitoring): add static label for tenancy
...
So we can distinguish easily things in the dashboards.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
raito
002db9a78f
feat: introduce tenant-specific extra build capacity
...
At Lix, we have few aarch64-linux and aarch64-darwin systems we use to
boost our CI.
This is a module to handle tenant-specific extra build capacity without
it leaking over the rest of the deployment.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:23 +02:00
raito
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
a2eecd1886
feat(buildbot): disable manhole debugging
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
raito
b5d412a5ba
feat: adopt new version of Buildbot with incoming ref data
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
raito
1a862b2b0f
hotfix: add the path to the stateless uptime kuma's password file
...
Forgotten in the previous merge.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:33:38 +02:00
Ilya K
5582a0a29b
Fix Hydra exporter crash loop nonsense
2024-10-01 19:27:13 +03:00
Ilya K
4ddf87fa8e
Add new metric to Hydra exporter
2024-10-01 19:27:05 +03:00
Kiara Grouwstra
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
Ilya K
e2c6550796
Hydra metrics
...
Yoink the nixos org exporter, rewrite most of it, deploy
2024-10-01 19:06:26 +03:00
Janik Haag
d462e8ca9c
feat(gerrit): run git-gc-preserve on a daily timer
2024-09-18 22:27:57 +02:00
raito
94d1881e10
feat(gerrit): add git-gc-preserve script
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-02 11:05:54 +02:00
raito
a14f496db8
fix(channel-scripts): fix RUST_LOG=info
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 20:03:11 +02:00
raito
c2ad3d6d26
fix(channel-scripts): push OTLP properly now
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:56:46 +02:00
raito
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
Ilya K
c1712dc1fa
Set up tempo
2024-08-31 15:05:30 +03:00
raito
8073ae6942
feat(s3-revproxy): tune the cache-control
...
Adopt the original values from the Perl script.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:52:13 +02:00
raito
c38e9b482f
feat(web): provide a directory listing via s3-revproxy
...
Thanks to Jade Lovelace who built all this machinery for Lix initially.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:29:18 +02:00
raito
024b431cbc
feat(grafana): plug jsonnet-based dashboards in provisioning
...
Add the gerrit dashboards as an example.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-24 16:32:21 +02:00
Ilya K
aef541829e
Fix pyroscope datasource
2024-08-24 11:39:25 +03:00
raito
1fc15526d7
fix(pyroscope): add the gRPC endpoint as proxy as well
...
This is not documented but necessary for Alloy to operate.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-24 10:33:49 +02:00
raito
2544adba8e
fix(gerrit): setup Alloy & Pyroscope more according to the docs
...
Still not working due to "unimplemented: error 404 not found" at push
time, but it's really unclear now why this occur.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-24 08:45:20 +02:00
raito
4f4a25a5ad
feat(gerrit): push pyroscope profiling to Pyroscope
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 22:37:33 +02:00
raito
702867cd62
feat(pyroscope): add push API & reverse proxy
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 21:04:22 +02:00
raito
7cde6e92ae
feat(grafana): add Pyroscope datasource
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 21:04:11 +02:00
raito
ac7815321a
feat(pyroscope): add secrets and storage
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 20:58:08 +02:00