forked from the-distro/infra
emily
4e87e35bb5
It has been a recurring issue that flake lockfile bumps in this repo here make the forgejo patches no longer apply. The dedicated repository (nix-forgejo) solves this by not overriding the existing forgejo derivation from nixpkgs but rather having its own. Additionally, nix-forgejo pins and uses a "known good" nixpkgs revision itself, unless `pkgs` is passed on import. So if issues should arise after a flake bump, we can use that revision by modifying our import statement, or we can rollback the nix-forgejo revision itself. Moving forgejo out of tree also makes iterating on it a lot easier and opens a lot of other possibilities :) |
||
---|---|---|
common | ||
dashboards | ||
hosts | ||
lib | ||
overlays | ||
secrets | ||
services | ||
terraform | ||
.editorconfig | ||
.envrc | ||
.gitignore | ||
flake.lock | ||
flake.nix | ||
LICENSE | ||
README.md | ||
secrets.nix |
Infrastructure for the donut shaped thing that is absolutely not a donut.
Quick start
Build the infrastructure
$ colmena build --on @localboot
Notice that @localboot
is load-bearing as we have some machines that cannot be deployed with vanilla Colmena. Fixing this is welcome.
Recommended deploy process
$ colmena apply dry-activate $machine # Verify that the nvd log is reasonable.
$ colmena apply $machine
Recommended upgrade process
$ nix flake update
$ colmena apply dry-activate --on @localboot # Verify that the nvd log is reasonable. Run it twice to get only NVD logs shown.
$ colmena apply --on @localboot
Troubleshooting
I failed to deploy gerrit01
Our Gerrit source build is known to have some hiccups sometimes, we are always interested in build logs, feel free to attach information in a new issue so we can make it more reliable.