14935c5e92
fix: update grapevine config
2024-10-21 16:31:26 +03:00
bee402fecc
fix: ensure that pg_stat_statements is always created as an ext
...
Otherwise, we will have issues with this exporter.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-21 14:33:18 +02:00
3efdd0f6c9
fix: disable gitiles on gerrit01
...
It is generating too much traffic and CPU load for no good reason.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-20 11:24:58 +02:00
8c0c7b517f
feat: block automatically crawlers if the blocker is enabled
...
This help us getting rid of useless traffic by crawlers.
It is enabled for gerrit01 which is suffering the most from this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
d5500d7c4e
fix(buildbot): bring back the old Gerrit reporting
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
eaf48a0cdd
fix(buildbot): use builder-9 as builder-10 is down
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
e3129fec51
fix(buildbot): fix CORS properly
...
wildcards are not allowed in the headers.
We need to include credentials as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
437293bdaa
fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
...
wildcards are not supported in CORS headers, so this design was quite
wrong actually.
We can just use the actual Gerrit hostname for now.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
df8a57f91a
users: add ckie
2024-10-18 14:43:25 +03:00
97bee26977
new ssh key for yureka
2024-10-10 13:42:29 +00:00
84cfbdb050
feat: check formatting and validity of alerts
...
Fixes #94 .
2024-10-07 20:00:54 +00:00
6a8f49f180
feat(gerrit): add some basic theming
...
This is based on some of the preliminary colour work done by @ckie in
the the-distro/floral.systems repo.
2024-10-07 19:27:13 +00:00
06dd4d6e85
update hydra
2024-10-07 19:25:51 +02:00
de085155a6
fix: update paths to floral secrets to secrets/floral/
2024-10-07 15:48:05 +00:00
2001012325
feat(uptime-kuma): status.forkos.org should point at the ForkOS page
2024-10-07 15:47:33 +00:00
fbf26302b6
hotfix(lix): use build01 features for build02 remote builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:27 +02:00
1701a2b388
hotfix: bump buildbot-nix to restore backward compat with Lix deployments
...
We oopsie dropped `hydraJobs` support to move to `buildbotJobs`.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:19 +02:00
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
daa99e83e8
fix(buildbot): add gerrit.lix.systems as known host
...
Otherwise, buildbot cannot listen to the stream of events.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:04 +02:00
160e7c5ecb
fix(secrets): rekey for buildbot.lix.systems and build02.aarch64.lix.systems
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:52:37 +02:00
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
192ba49f7c
fix(secrets): lists of lists are wrong, prepend the globals
...
Otherwise, I won't be in the list.
This adds the active infra core members of Lix as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
9ad7e7b139
feat(tenancy): tag machines accordingly to their tenancy
...
@lix for Lix machines.
@floral for Floral machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
96f5d45ff3
feat(lix): add buildbot.lix.systems key for extra build capacity
...
Otherwise, buildbot.lix.systems will not be able to access it anymore.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
3df1697289
fix(secrets): rekey the monitoring password
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
76276a8da3
feat: add build01.aarch64.lix.systems
...
This is the first Lix machine we are enrolling in our infrastructure
(!).
It's using all the previous commits to make it cozy with our current
infra style.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
7e205b16d0
feat(common/hardware/oracle-vm): enable systemd initrd
...
Let's minimize the amount of scripted initrd stuff if we can.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
1e421889e4
feat(monitoring): add static label for tenancy
...
So we can distinguish easily things in the dashboards.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
8838709a95
fix(common/hardware/oracle-vm): forgotten virtio modules
...
Otherwise, the machine won't reboot because virtio-scsi is not available
in the initrd.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:04 +02:00
002db9a78f
feat: introduce tenant-specific extra build capacity
...
At Lix, we have few aarch64-linux and aarch64-darwin systems we use to
boost our CI.
This is a module to handle tenant-specific extra build capacity without
it leaking over the rest of the deployment.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:23 +02:00
6978c1271d
feat: introduce floral and lix common modules
...
This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:11 +02:00
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
3b6be269d6
feat: introduce Oracle VMs and Hetzner VMs as hardware types
...
This includes aarch64-linux variants for these hosters.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
acaaad68bb
feat: introduce resource control over all machines
...
We were using over all our machines in the Lix infrastructure.
It still makes sense for all our machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
3c9b077bb2
feat: add more admins tools from lix infra
...
We had this in our equivalent file.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
c23d290647
docs(README.md): explain how to deploy things
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
c0689e6832
feat: add @localboot tags for machine which can be deployed
...
colmena does not support netboot deployment, this is fine. We can fix it
later.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
a2eecd1886
feat(buildbot): disable manhole debugging
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
b5d412a5ba
feat: adopt new version of Buildbot with incoming ref data
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
01f8322df9
update hydra/lix
2024-10-05 23:33:17 +02:00
3072dfad55
update flake inputs
2024-10-05 23:30:21 +02:00
86e833f52a
chore(tf): drop all gandi resources
2024-10-05 18:46:45 +02:00
1a862b2b0f
hotfix: add the path to the stateless uptime kuma's password file
...
Forgotten in the previous merge.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:33:38 +02:00
6d3e14ec27
feat: finer-grained ACLs for server accesses
...
In the process of adding multi-tenant infrastructure, it seems relevant
to add finer-grained ACLs.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:20:19 +02:00
5582a0a29b
Fix Hydra exporter crash loop nonsense
2024-10-01 19:27:13 +03:00
4ddf87fa8e
Add new metric to Hydra exporter
2024-10-01 19:27:05 +03:00
98d899fabc
Update Hydra
2024-10-01 19:26:58 +03:00
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
e2c6550796
Hydra metrics
...
Yoink the nixos org exporter, rewrite most of it, deploy
2024-10-01 19:06:26 +03:00
4749d204bf
feat: add stateless-uptime-kuma-password secret
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-29 16:01:23 +02:00