Commit graph

282 commits

Author SHA1 Message Date
Yureka 2dc5899660 baremetal: run hydra store gc as builder user 2024-07-20 17:00:39 +02:00
Yureka adaf4b0aef baremetal: tmp on the same filesystem as hydra store 2024-07-20 17:00:39 +02:00
Pierre Bourdon f33d828552
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=9a4a5dd624a1cedc7cdc40687815739b228e5c77' (2024-07-20)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=abc9f11417e2de515006e0fe8dd345f815dc92a7' (2024-07-20)
2024-07-20 16:09:57 +02:00
Yureka 5bde7e2358 use dedicated store partition for hydra builds 2024-07-20 15:14:00 +02:00
Yureka d4f8cb6c87 add jobset for yureka-staging-test 2024-07-20 15:14:00 +02:00
Yureka 95ec496227 bagel-box: bump number of builders to 10 2024-07-20 15:14:00 +02:00
Yureka d9809e1e78 gerrit-one-way-sync: disallow auto-merging a staging iteration into master 2024-07-20 15:14:00 +02:00
Yureka 3fa4a25d87 gerrit-one-way-sync: set git user info 2024-07-20 15:14:00 +02:00
Yureka 0ff5eea4ed gerrit-one-way-sync: merge instead of rebase 2024-07-20 15:14:00 +02:00
Pierre Bourdon 03b53234d3
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=b0e9b4b2f99f9d8f5c4e780e89f955c394b5ced4' (2024-07-17)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=9a4a5dd624a1cedc7cdc40687815739b228e5c77' (2024-07-20)
2024-07-20 13:16:47 +02:00
Yureka 287a9dc400
flake.lock: update invalid buildbot-nix reference 2024-07-20 13:16:47 +02:00
raito 80c4757571 gerrit01: add a one-way-sync service
It's basic and does not handle conflicts which needs to be manually
managed.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-19 17:52:44 +02:00
raito 99649eeb6c hotfix(buildbot): fix local machine parametrization
buildbot-nix was passing the wrong Python structure.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-19 16:05:13 +02:00
Ilya K d1e64b6610 Fix eval warning here too 2024-07-19 12:06:03 +03:00
Ilya K 766dc4c383 Mimir also wants network-online.target
Thank you helpful eval warning
2024-07-19 12:03:55 +03:00
Ilya K 65b07a936b Make sure Mimir starts after network is up 2024-07-19 12:00:52 +03:00
Janik Haag cfa6d79b75
infra: fix warnings 2024-07-19 09:16:15 +02:00
raito cd846260e4 flake: add buildbot jobs entrypoints
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 12:18:12 +02:00
raito 8afcf249d6 buildbot: upgrade to local machine specifications
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 12:18:02 +02:00
raito 25feb3c9f1 bagel-box: add a proper FQDN
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 11:43:05 +02:00
raito 56a04a6faf buildbot: init
Reviewed-on: #68
2024-07-18 08:57:56 +00:00
raito 4473717e9f gerrit: introduce buildbot checks plugin
It's a modified version of @puck's Lix buildbot checks for
gerrit.lix.systems with a slight generalization in the configuration for
many repositories.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 10:56:46 +02:00
raito da7175303c buildbot: add support for remote builders via baremetal machines
For now, only builder-3 is used.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:28:26 +02:00
raito e00d0331ec common/known-ssh-keys: init
Let's ensure that all our servers are aware of all host keys to avoid
host key verification issues when needed.

(example: buildbot → gerrit)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito a56426e6c9 secrets: rekey for new machine (buildbot)
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito c3394264ba hosts/buildbot: init
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito 7789e9ce75 services/buildbot: init
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito fda59ee6c0 gerrit: factor more configuration in the NixOS module for external consumption
Other modules may require information to configure themselves from the
Gerrit module.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 15:43:35 +02:00
emily cc1e3f2e14
systems/git: make sshd startup less racy and flaky 2024-07-17 15:39:50 +02:00
raito 68d956f1ba flake: add buildbot-nix on the refactor branch
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:57:17 +02:00
raito 81fc914d79 feat: change the default shell to zsh
Reviewed-on: #59
2024-07-17 12:56:45 +00:00
raito 87bd42cf1d tf/dns: pre-add buildbot.forkos.org
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:44:18 +02:00
raito 34e8b4b98a tf/dns: rework the forgejo DNS for the 2 servers
git.forkos.org → Forgejo
git.infra.forkos.org → OpenSSH

(with the .p. variants for the IPv4→IPv6 SNI proxies)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:44:11 +02:00
Pierre Bourdon 5a05e44a95
tf/hydra: add a project for our hydra fork 2024-07-17 13:34:10 +02:00
Pierre Bourdon 234522cc3b
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84' (2024-07-13)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=b0e9b4b2f99f9d8f5c4e780e89f955c394b5ced4' (2024-07-17)
• Added input 'hydra/lix':
    'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=6b4d46e9e0e1dd80e0977684ab20d14bcd1a6bc3' (2024-07-16)
• Added input 'hydra/lix/flake-compat':
    'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Added input 'hydra/lix/nix2container':
    'github:nlewo/nix2container/20aad300c925639d5d6cbe30013c8357ce9f2a2e' (2024-04-13)
• Added input 'hydra/lix/nixpkgs':
    follows 'hydra/nixpkgs'
• Added input 'hydra/lix/nixpkgs-regression':
    'github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2' (2022-01-24)
• Added input 'hydra/lix/pre-commit-hooks':
    'github:cachix/git-hooks.nix/e35aed5fda3cc79f88ed7f1795021e559582093a' (2024-04-02)
• Removed input 'hydra/nix'
• Removed input 'hydra/nix/flake-compat'
• Removed input 'hydra/nix/nix2container'
• Removed input 'hydra/nix/nixpkgs'
• Removed input 'hydra/nix/nixpkgs-regression'
• Removed input 'hydra/nix/pre-commit-hooks'
• Added input 'hydra/nix-eval-jobs':
    'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=c057494450f2d1420726ddb0bab145a5ff4ddfdd' (2024-07-17)
• Added input 'hydra/nix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
• Added input 'hydra/nix-eval-jobs/flake-parts/nixpkgs-lib':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/lix':
    follows 'hydra/lix'
• Added input 'hydra/nix-eval-jobs/nix-github-actions':
    'github:nix-community/nix-github-actions/622f829f5fe69310a866c8a6cd07e747c44ef820' (2024-07-04)
• Added input 'hydra/nix-eval-jobs/nix-github-actions/nixpkgs':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/nixpkgs':
    follows 'hydra/nixpkgs'
• Added input 'hydra/nix-eval-jobs/treefmt-nix':
    'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15)
• Added input 'hydra/nix-eval-jobs/treefmt-nix/nixpkgs':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Updated input 'lix':
    follows 'hydra/nix'
  → follows 'hydra/lix'
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
  → 'github:NixOS/nixpkgs/9355fa86e6f27422963132c2c9aeedb0fb963d93' (2024-07-16)
2024-07-17 13:11:07 +02:00
Luke Granger-Brown c296d0d46d Merge pull request 'forgejo: init, admins: add emilylange' (#62) from forgejo into main
Reviewed-on: #62
2024-07-16 23:11:55 +00:00
emily 95b58de737
forgejo: use redis as cache and session provider 2024-07-16 20:09:15 +02:00
emily 8b9d33d70c
forgejo: disable registrations, enable auto-registration for SSO 2024-07-16 17:14:23 +02:00
emily ab9caaf520
systems: add git.forkos.org 2024-07-16 15:44:08 +02:00
emily dd069c40d7
forgejo: init service 2024-07-16 15:44:06 +02:00
emily 9899b083ad
forgejo: init custom Forgejo patchset 2024-07-16 15:44:01 +02:00
emily d4caf7b71a
admins: add emilylange 2024-07-16 15:43:58 +02:00
raito 37ec674984 dns: pre-add git.forkos.org
Reserved for a Forgejo instances with Emily's optimizations.
Plans: a mirror, code search and will see how it goes!

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-16 11:54:09 +02:00
Luke Granger-Brown e3e60a5e72 services/monitoring: add scraping of Gerrit's internal metrics 2024-07-15 11:02:54 +00:00
Luke Granger-Brown 2e86babc8a services/gerrit: add metrics-prometheus-exporter 2024-07-15 11:02:54 +00:00
Luke Granger-Brown 2b8f42dcda secrets: add gerrit-prometheus-bearer-token 2024-07-15 11:02:54 +00:00
Luke Granger-Brown f14bba14a3 gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
raito 0723b7de42 Merge pull request 'terraform/gandi: more sniproxying for bagel-box,meta-01' (#67) from ckie/moarr-v4 into main
Reviewed-on: #67
Reviewed-by: raito <raito@noreply.git.lix.systems>
2024-07-14 18:44:21 +00:00
mei (ckie) 3c2691d9e2
terraform/gandi: introduce proxyRecords and proxy web services 2024-07-14 21:39:42 +03:00
Luke Granger-Brown a44196fc3c flake: update nix-gerrit 2024-07-13 18:24:05 +01:00