Commit graph

48 commits

Author SHA1 Message Date
raito 58f2ff9858 chore: connect terraform to the hive
This way, we can autogenerate records for storage and builders nodes by
reading directly the configuration.

This makes evaluation of `nix run .#tf` slower, but this makes things
more safer and easier, so it's good.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 21:33:45 +01:00
Maxine Aubrey 86e833f52a
chore(tf): drop all gandi resources 2024-10-05 18:46:45 +02:00
Kiara Grouwstra b291caac46 feat(monitoring): add uptime-kuma for status page, fixes #97
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/).
2024-10-01 16:13:23 +00:00
Maxine Aubrey 8d95d1f850
fix(dns): dnsimple expects FQDNs in CNAMEs
DNSimple doesn't appear to follow the typical behaviour of appending the
domain unless the CNAME is terminated with `.`

To avoid further problems, let's just explicilty use the FQDN for all
CNAMEs.

https://support.dnsimple.com/articles/cname-record/

For comparison:
```
;; ANSWER SECTION:
alerts.forkos.org.	300	IN	CNAME	meta01.infra.p.
```

```
;; ANSWER SECTION:
alerts.forkos.org.	181	IN	CNAME	meta01.infra.p.forkos.org.
meta01.infra.p.forkos.org. 181	IN	A	163.172.69.160
```
2024-09-24 23:11:28 +02:00
Maxine Aubrey 29c1b366c6
feat(dns): migrate forkos.org zone to dnsimple 2024-09-24 21:10:39 +02:00
Maxine Aubrey 16027be2ca
fix(dns): apex cnames are not allowed
change flowery.systems from CNAME to ALIAS pointing to news.forkos.org
2024-09-24 20:50:41 +02:00
Janik Haag 8acc60e328
feat(dns): migrate functions from gandi to dnsimple 2024-09-24 00:25:58 +02:00
Maxine Aubrey e3b6cb72b4
feat(dns): add dnsimple to terraform configuration 2024-09-23 19:49:21 +02:00
Ilya K c1712dc1fa Set up tempo 2024-08-31 15:05:30 +03:00
raito 322f10d9ae feat(dns): add raw S3 reverse proxies domains for channel scripts
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:19:40 +02:00
Ilya K bf7252c210 terraform/hydra: more nixpkgses now 2024-08-30 21:34:30 +03:00
Ilya K 30d759edf4 terraform/hydra: switch k900-experiments jobset to less-nixpkgses branch 2024-08-30 19:22:09 +03:00
raito 42cfa695ea dns: add pyroscope.forkos.org → meta01
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 21:03:07 +02:00
raito 58c0dd3d2e feat(public): add listmonk instance on news.forkos.org
To prepare for public communications and updates.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-21 16:45:12 +02:00
Yureka a72a991863 add A record for cache.forkos.org 2024-08-19 23:06:46 +02:00
Pierre Bourdon 8ffb7e51f1
tf/gandi: reduce all TTLs from 1h to 5m
Serving DNS is absurdly cheap (and we don't even do it ourselves right
now), and this makes it easier to iterate on DNS configs.
2024-08-16 08:51:31 +02:00
Pierre Bourdon b7d913b22f
tf/gandi: move hydra CNAME to build-coord 2024-08-16 08:50:35 +02:00
Pierre Bourdon e7f25d6ee2
tf/gandi: add a postgres CNAME to bagel-box 2024-08-16 07:34:55 +02:00
Pierre Bourdon 90325344a3
Reserve builder-11 for build coordination, rename to build-coord 2024-08-13 19:12:36 +02:00
Pierre Bourdon ca904d7b4e
tf: use tf.ref instead of config.resource.* when dependencies matter
Using config.resource.* gets interpolated by Nix, whereas tf.ref gets
interpolated by Terraform. The latter ends up generating implicit
dependencies between resources.

In practice, the lack of dependencies was only showing up when creating
a new Hydra project + jobset at the same time - the concurrent /
misordered creation sometimes required two different TF applications to
create first the project then the jobset (the first application would
end up with a failure).
2024-08-12 19:36:50 +02:00
Ilya K 9ad279a505 Set up admins + DNS for hookshot 2024-08-09 14:03:56 +00:00
Yureka dd81b78f7a add nixos-main jobset 2024-07-28 23:40:36 +02:00
Yureka 537b3b978c remove yureka-staging-test jobset
I have no idea how, but it seems I accidentally deleted this jobset
2024-07-28 23:39:57 +02:00
Yureka f737c957a5 add staging next jobsets 2024-07-26 21:17:55 +02:00
raito b8a4cd928d tf/dns: prepare public01 DNS records
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 20:40:17 +02:00
raito 6ad9e0416d tf/dns: cache.forkos.org will be born
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-23 17:28:17 +02:00
Yureka 555728ca0f point k900 experiments jobset at nixos/release.nix 2024-07-21 19:41:17 +02:00
raito 60654e45d9 tf/hydra: use that weird commit for testing purpose
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-21 19:18:42 +02:00
raito 8aa5761660 tf/hydra: add k900 experiment jobset
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-21 19:16:20 +02:00
Yureka d4f8cb6c87 add jobset for yureka-staging-test 2024-07-20 15:14:00 +02:00
raito 87bd42cf1d tf/dns: pre-add buildbot.forkos.org
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:44:18 +02:00
raito 34e8b4b98a tf/dns: rework the forgejo DNS for the 2 servers
git.forkos.org → Forgejo
git.infra.forkos.org → OpenSSH

(with the .p. variants for the IPv4→IPv6 SNI proxies)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:44:11 +02:00
Pierre Bourdon 5a05e44a95
tf/hydra: add a project for our hydra fork 2024-07-17 13:34:10 +02:00
raito 37ec674984 dns: pre-add git.forkos.org
Reserved for a Forgejo instances with Emily's optimizations.
Plans: a mirror, code search and will see how it goes!

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-16 11:54:09 +02:00
mei (ckie) 3c2691d9e2
terraform/gandi: introduce proxyRecords and proxy web services 2024-07-14 21:39:42 +03:00
Pierre Bourdon 087d17c681
tf/hydra: add a project/jobset for infra machine configurations 2024-07-10 18:52:43 +02:00
Pierre Bourdon 0e24c18815
tf/hydra: add a test staging-small nixpkgs jobset 2024-07-10 01:57:12 +02:00
raito 90e54d7292 terraform: add DNS records for VPN-GW & builders
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:55:42 +02:00
Pierre Bourdon 7f46e5d9a4
services: add ofborg, currently running rabbitmq only 2024-07-08 23:55:11 +02:00
Ilya K 82e074881f DNS: clean up a bit, add root level record for future Matrix shenanigans 2024-07-08 13:54:15 +03:00
Pierre Bourdon 5ebd71e4d5
tf/hydra: change Hydra URL 2024-07-08 00:01:24 +02:00
Pierre Bourdon 2700ac5efc
tf/dns: fix hydra CNAME 2024-07-08 00:01:14 +02:00
Pierre Bourdon 078f298b8c
tf/dns: add bagel-box and hydra 2024-07-07 23:48:23 +02:00
Pierre Bourdon 4b0a2cd7e5
tf: add DNS management via Gandi 2024-07-07 20:43:05 +02:00
Pierre Bourdon dcd5f68545
tf: store hydra credentials in state via numtide/secret 2024-07-07 19:18:30 +02:00
Pierre Bourdon 2e9483936e
tf/hydra: fix project owner to use an automation account 2024-07-07 18:44:17 +02:00
Pierre Bourdon 30859b2872
terraform: store state on S3 2024-07-07 18:22:41 +02:00
raito 8dc7ee9864
hydra: add declarative controls via terranix
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-07 17:59:56 +02:00