4e03cf2309
increase zram on build-coord
2024-11-04 08:48:40 +01:00
8c0c7b517f
feat: block automatically crawlers if the blocker is enabled
...
This help us getting rid of useless traffic by crawlers.
It is enabled for gerrit01 which is suffering the most from this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
eaf48a0cdd
fix(buildbot): use builder-9 as builder-10 is down
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
e3129fec51
fix(buildbot): fix CORS properly
...
wildcards are not allowed in the headers.
We need to include credentials as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
437293bdaa
fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
...
wildcards are not supported in CORS headers, so this design was quite
wrong actually.
We can just use the actual Gerrit hostname for now.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
de085155a6
fix: update paths to floral secrets to secrets/floral/
2024-10-07 15:48:05 +00:00
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
76276a8da3
feat: add build01.aarch64.lix.systems
...
This is the first Lix machine we are enrolling in our infrastructure
(!).
It's using all the previous commits to make it cozy with our current
infra style.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
e2c6550796
Hydra metrics
...
Yoink the nixos org exporter, rewrite most of it, deploy
2024-10-01 19:06:26 +03:00
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
c1712dc1fa
Set up tempo
2024-08-31 15:05:30 +03:00
c38e9b482f
feat(web): provide a directory listing via s3-revproxy
...
Thanks to Jade Lovelace who built all this machinery for Lix initially.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:29:18 +02:00
1b22c1f0ae
fix(hydra): proxy it over my sniproxy
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-30 18:34:35 +02:00
4f4a25a5ad
feat(gerrit): push pyroscope profiling to Pyroscope
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 22:37:33 +02:00
db46b01ae9
feat(monitoring): add pyroscope to the infrastructure
...
Vendored for the time being.
See https://cl.forkos.org/c/nixpkgs/+/181 for upstreaming properly.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 20:43:00 +02:00
58c0dd3d2e
feat(public): add listmonk instance on news.forkos.org
...
To prepare for public communications and updates.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-21 16:45:12 +02:00
6881351f23
build-coord: copy the baremetal-builders DNS64 config
2024-08-16 09:33:48 +02:00
5fdce0e2b5
hydra: move from bagel-box to build-coord
2024-08-16 09:03:29 +02:00
ce3a40671c
acme: make ToS and contact config common
2024-08-16 09:03:08 +02:00
c33326f836
hydra: switch to using mTLS instead of local peer auth
2024-08-16 08:19:18 +02:00
29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot""
...
This reverts commit 17c342b33e
2024-08-15 16:22:22 +02:00
50fadb45e2
common: define TZ in base server configs, remove heretical host-specific configuration
2024-08-13 22:38:40 +02:00
5dd9ad553c
build-coord: add initial config
2024-08-13 22:36:30 +02:00
90325344a3
Reserve builder-11 for build coordination, rename to build-coord
2024-08-13 19:12:36 +02:00
17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot"
...
This partially reverts commit d2f3ca5624
2024-08-13 00:35:10 +02:00
9ad279a505
Set up admins + DNS for hookshot
2024-08-09 14:03:56 +00:00
d2f3ca5624
Add Grapevine Matrix server and matrix-hookshot
...
It doesn't want to work.
2024-08-09 14:03:56 +00:00
d635042e57
adjust timer for staging sync services
2024-08-08 15:22:44 +02:00
b6375b8294
add staging sync services
2024-08-08 15:16:04 +02:00
bce44930b1
builders: provision ssh hostkeys on boot
2024-08-04 18:12:02 +02:00
27d66d390e
update iusb-spoof and start service on boot
2024-08-03 23:38:21 +02:00
79dea0686b
add 'notipxe' netboot loader based on systemd-initrd + u-root
2024-08-03 20:28:57 +02:00
6dc424dd43
wob01: serve an ipxe over iusb-spoof
2024-08-01 22:16:48 +02:00
504a443acc
adjust hydra-gc numbers
...
we want to see how garbage collection would behave on a 480GB drive
2024-07-31 23:44:08 +02:00
bd8aa2eb08
gerrit01: adjustments for master → main OWS
...
Due to rename, we need a `mkNixpkgsJob` slightly more complicated.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 23:35:06 +02:00
22a10e158f
hosts/public01: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 20:46:20 +02:00
297ddbb28c
one-way-sync: master -> main
2024-07-23 16:24:36 +02:00
eedc719889
add one-way-sync jobs for staging branches
2024-07-23 11:15:27 +02:00
62ccc0282b
fix(ows): per-job runtime directories + proper local refspec
...
The local refspec was weird and exploiting a edge case for the nixpkgs
jobs where local and from were the same.
We are more explicit now, which fixes the sandbox jobs.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-22 15:41:47 +02:00
95ec496227
bagel-box: bump number of builders to 10
2024-07-20 15:14:00 +02:00
80c4757571
gerrit01: add a one-way-sync service
...
It's basic and does not handle conflicts which needs to be manually
managed.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-19 17:52:44 +02:00
cfa6d79b75
infra: fix warnings
2024-07-19 09:16:15 +02:00
25feb3c9f1
bagel-box: add a proper FQDN
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 11:43:05 +02:00
56a04a6faf
buildbot: init
...
Reviewed-on: #68
2024-07-18 08:57:56 +00:00
da7175303c
buildbot: add support for remote builders via baremetal machines
...
For now, only builder-3 is used.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:28:26 +02:00
c3394264ba
hosts/buildbot: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
fda59ee6c0
gerrit: factor more configuration in the NixOS module for external consumption
...
Other modules may require information to configure themselves from the
Gerrit module.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 15:43:35 +02:00
