raito
58f2ff9858
chore: connect terraform to the hive
...
This way, we can autogenerate records for storage and builders nodes by
reading directly the configuration.
This makes evaluation of `nix run .#tf` slower, but this makes things
more safer and easier, so it's good.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 21:33:45 +01:00
raito
211ef9c15b
chore: introduce finer-grained baremetal management
...
for multiple roles such as storage or builders.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 21:33:45 +01:00
raito
7df7eaeb9b
chore: move to faster-depinfo branch for Buildbot
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 19:39:18 +01:00
Kiara Grouwstra
5ae71fff99
chore: add lorri to prevent direnv from blocking, closes #147
2024-10-27 09:42:11 +00:00
raito
02f8bc7ca4
chore(o11y): filter by tenancy on node_exporter
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:37 +02:00
raito
e0c029ba43
fix: make all buildbot postgres faster
...
work_mem was effectively absurdly low.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:24 +02:00
raito
3ed36f74fd
onboarding: add pennae keys on lix infra
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito
b1f4674da0
chore: add tenancy in postgres
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito
226eacdeec
chore: add tenancy in node_exporter
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
Ilya K
14935c5e92
fix: update grapevine config
2024-10-21 16:31:26 +03:00
raito
bee402fecc
fix: ensure that pg_stat_statements is always created as an ext
...
Otherwise, we will have issues with this exporter.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-21 14:33:18 +02:00
raito
3efdd0f6c9
fix: disable gitiles on gerrit01
...
It is generating too much traffic and CPU load for no good reason.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-20 11:24:58 +02:00
raito
8c0c7b517f
feat: block automatically crawlers if the blocker is enabled
...
This help us getting rid of useless traffic by crawlers.
It is enabled for gerrit01 which is suffering the most from this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
raito
d5500d7c4e
fix(buildbot): bring back the old Gerrit reporting
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito
eaf48a0cdd
fix(buildbot): use builder-9 as builder-10 is down
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito
e3129fec51
fix(buildbot): fix CORS properly
...
wildcards are not allowed in the headers.
We need to include credentials as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito
437293bdaa
fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
...
wildcards are not supported in CORS headers, so this design was quite
wrong actually.
We can just use the actual Gerrit hostname for now.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
mei (ckie)
df8a57f91a
users: add ckie
2024-10-18 14:43:25 +03:00
Yureka
97bee26977
new ssh key for yureka
2024-10-10 13:42:29 +00:00
Luke Granger-Brown
84cfbdb050
feat: check formatting and validity of alerts
...
Fixes #94 .
2024-10-07 20:00:54 +00:00
Luke Granger-Brown
6a8f49f180
feat(gerrit): add some basic theming
...
This is based on some of the preliminary colour work done by @ckie in
the the-distro/floral.systems repo.
2024-10-07 19:27:13 +00:00
Yureka
06dd4d6e85
update hydra
2024-10-07 19:25:51 +02:00
Luke Granger-Brown
de085155a6
fix: update paths to floral secrets to secrets/floral/
2024-10-07 15:48:05 +00:00
Luke Granger-Brown
2001012325
feat(uptime-kuma): status.forkos.org should point at the ForkOS page
2024-10-07 15:47:33 +00:00
raito
fbf26302b6
hotfix(lix): use build01 features for build02 remote builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:27 +02:00
raito
1701a2b388
hotfix: bump buildbot-nix to restore backward compat with Lix deployments
...
We oopsie dropped `hydraJobs` support to move to `buildbotJobs`.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:19 +02:00
raito
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
raito
daa99e83e8
fix(buildbot): add gerrit.lix.systems as known host
...
Otherwise, buildbot cannot listen to the stream of events.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:04 +02:00
raito
160e7c5ecb
fix(secrets): rekey for buildbot.lix.systems and build02.aarch64.lix.systems
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:52:37 +02:00
raito
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
192ba49f7c
fix(secrets): lists of lists are wrong, prepend the globals
...
Otherwise, I won't be in the list.
This adds the active infra core members of Lix as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
9ad7e7b139
feat(tenancy): tag machines accordingly to their tenancy
...
@lix for Lix machines.
@floral for Floral machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
96f5d45ff3
feat(lix): add buildbot.lix.systems key for extra build capacity
...
Otherwise, buildbot.lix.systems will not be able to access it anymore.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
3df1697289
fix(secrets): rekey the monitoring password
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
76276a8da3
feat: add build01.aarch64.lix.systems
...
This is the first Lix machine we are enrolling in our infrastructure
(!).
It's using all the previous commits to make it cozy with our current
infra style.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito
7e205b16d0
feat(common/hardware/oracle-vm): enable systemd initrd
...
Let's minimize the amount of scripted initrd stuff if we can.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito
1e421889e4
feat(monitoring): add static label for tenancy
...
So we can distinguish easily things in the dashboards.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
raito
8838709a95
fix(common/hardware/oracle-vm): forgotten virtio modules
...
Otherwise, the machine won't reboot because virtio-scsi is not available
in the initrd.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:04 +02:00
raito
002db9a78f
feat: introduce tenant-specific extra build capacity
...
At Lix, we have few aarch64-linux and aarch64-darwin systems we use to
boost our CI.
This is a module to handle tenant-specific extra build capacity without
it leaking over the rest of the deployment.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:23 +02:00
raito
6978c1271d
feat: introduce floral and lix common modules
...
This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:11 +02:00
raito
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
3b6be269d6
feat: introduce Oracle VMs and Hetzner VMs as hardware types
...
This includes aarch64-linux variants for these hosters.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
acaaad68bb
feat: introduce resource control over all machines
...
We were using over all our machines in the Lix infrastructure.
It still makes sense for all our machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
3c9b077bb2
feat: add more admins tools from lix infra
...
We had this in our equivalent file.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
c23d290647
docs(README.md): explain how to deploy things
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito
c0689e6832
feat: add @localboot tags for machine which can be deployed
...
colmena does not support netboot deployment, this is fine. We can fix it
later.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
raito
a2eecd1886
feat(buildbot): disable manhole debugging
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
raito
b5d412a5ba
feat: adopt new version of Buildbot with incoming ref data
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
Yureka
01f8322df9
update hydra/lix
2024-10-05 23:33:17 +02:00
Yureka
3072dfad55
update flake inputs
2024-10-05 23:30:21 +02:00