the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity
443 commits 27 branches 0 tags 3.1 MiB
Commit graph

72 commits

Author SHA1 Message Date
K900
56a6fc766b fix: update ofborg 2025-01-04 16:21:48 +03:00
Raito Bezarius
e02af55beb feat(services/ofborg): add client mTLS for RabbitMQ via Vault 
This adds the counterpart of the mTLS for RabbitMQ connections.

This required:

- an update in OfBorg
- some trick to have a PKCS#12 container
- move to a binary-specific runtime directory

And this is not even done due to OfBorg sending auth mechanism = PLAIN
instead of EXTERNAL. I did not figure out yet how to send the right
thing.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2025-01-02 18:39:43 +01:00
Raito Bezarius
1a5e5a6adb feat(systems): inject systemd-openbao project 
This brings the openbao agent, a Go proxy to make the link between
systemd's LoadCredential and the openbao agent.

All that remains is to configure authentication on every system we need
to use OpenBao and then the templates for every secret we care about.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2025-01-01 03:43:13 +01:00
Raito Bezarius
02b140aa3d chore: rewire everything to a single flake-compat 
Please do not make me do more Flakes bullshit, I hate this so hard.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-31 17:37:22 +01:00
Raito Bezarius
fe87407c65 chore(gerrit): go back to refs/heads/main 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-29 17:39:54 +01:00
emilylange
f593645cde
feat(forgejo): add robots.txt 2024-12-23 21:22:11 +01:00
emilylange
4e87e35bb5
feat(forgejo): offload custom forgejo package into its own repository 
It has been a recurring issue that flake lockfile bumps in this repo
here make the forgejo patches no longer apply.

The dedicated repository (nix-forgejo) solves this by not overriding the
existing forgejo derivation from nixpkgs but rather having its own.

Additionally, nix-forgejo pins and uses a "known good" nixpkgs revision
itself, unless `pkgs` is passed on import.

So if issues should arise after a flake bump, we can use that revision
by modifying our import statement, or we can rollback the nix-forgejo
revision itself.

Moving forgejo out of tree also makes iterating on it a lot easier and
opens a lot of other possibilities :)
 2024-12-18 03:39:37 +01:00
Raito Bezarius
f4588aff2b feat: listen on Gerrit events and rewrite them as generic VCS events 
This introduces the private SSH key for Gerrit event streaming.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-16 01:25:53 +01:00
Raito Bezarius
ab998c8fb9 chore: bump ofborg 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 17:25:42 +01:00
Raito Bezarius
eaee10ec70 chore: bump ofborg 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
c1cb1ffcad feat: update ofborg 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
ebdb7c8aef fix: introduce the newest branch of ofborg 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
47b713ca58 feat: introduce ofborg builder 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
84899b48ea feat(channel-scripts): support push to git and automatic cleanup of failed streaming 
Now, we won't pile a bunch of failed streaming attempts and this will
automatically push to git.

Credentials are left to be done for the push to actually work.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 19:06:47 +01:00
Raito Bezarius
c3b1a3d1da feat(gerrit01): upgrade to Gerrit 3.10.3 
And monitor the performance situation as always.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 17:13:18 +01:00
Raito Bezarius
879292aa9e chore: bump everything 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 15:17:29 +01:00
K900
7e3074a769 Update everything again 2024-11-17 14:39:19 +03:00
K900
3182a036c0 chore: bump everything 2024-11-12 23:42:51 +03:00
K900
268422f653 fix: update grapevine to build with current nixpkgs 2024-11-12 22:49:33 +03:00
Yureka
00a5d373f3 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da' (2024-10-05)
  → 'github:NixOS/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
 2024-11-04 08:46:51 +01:00
Raito Bezarius
1ae3d7c396 chore: move to forkos branch for buildbot 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-28 12:07:06 +01:00
Raito Bezarius
cca8156e52 Revert "chore: move to faster-depinfo branch for Buildbot" 
This reverts commit 7df7eaeb9b because
there was a missing intersection in the code and this broke Buildbot
entirely by exhausting all the resources.
 2024-10-27 22:01:34 +01:00
Raito Bezarius
7df7eaeb9b chore: move to faster-depinfo branch for Buildbot 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-27 19:39:18 +01:00
Raito Bezarius
d5500d7c4e fix(buildbot): bring back the old Gerrit reporting 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-18 23:22:51 +00:00
Yureka
06dd4d6e85 update hydra 2024-10-07 19:25:51 +02:00
Luke Granger-Brown
2001012325 feat(uptime-kuma): status.forkos.org should point at the ForkOS page 2024-10-07 15:47:33 +00:00
Raito Bezarius
1701a2b388 hotfix: bump buildbot-nix to restore backward compat with Lix deployments 
We oopsie dropped `hydraJobs` support to move to `buildbotJobs`.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-07 15:26:19 +02:00
Raito Bezarius
b5d412a5ba feat: adopt new version of Buildbot with incoming ref data 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-06 07:59:56 +00:00
Yureka
01f8322df9 update hydra/lix 2024-10-05 23:33:17 +02:00
Yureka
3072dfad55 update flake inputs 2024-10-05 23:30:21 +02:00
K900
98d899fabc Update Hydra 2024-10-01 19:26:58 +03:00
Kiara Grouwstra
b291caac46 feat(monitoring): add uptime-kuma for status page, fixes #97 
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/).
 2024-10-01 16:13:23 +00:00
Raito Bezarius
132d2866b5 feat(channels): add minimal ISO for x86_64-linux 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 20:14:02 +02:00
Raito Bezarius
c2ad3d6d26 fix(channel-scripts): push OTLP properly now 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 19:56:46 +02:00
Raito Bezarius
4c7943349b fix(flake): bump channel-scripts to obtain the fixed rename 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 19:50:02 +02:00
Raito Bezarius
9a04ef909b feat(nixpkgs): run oxidized channel scripts 
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 19:32:23 +02:00
Pierre Bourdon
cd92c9588f
flake.lock: Update 
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=f1b552ecbf2d011cd4fdb93d7d117388ab9c0027' (2024-08-12)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=44b9a7b95d23e7a8587cb963f00382046707f2db' (2024-08-25)
• Updated input 'hydra/lix':
    'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=5137cea99044d54337e439510a647743110b2d7d' (2024-08-10)
  → 'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=278fddc317cf0cf4d3602d0ec0f24d1dd281fadb' (2024-08-17)
• Updated input 'hydra/nix-eval-jobs':
    'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=c057494450f2d1420726ddb0bab145a5ff4ddfdd' (2024-07-17)
  → 'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=42a160bce2fd9ffebc3809746bc80cc7208f9b08' (2024-08-13)
• Updated input 'hydra/nix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
  → 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
• Updated input 'hydra/nix-eval-jobs/treefmt-nix':
    'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15)
  → 'github:numtide/treefmt-nix/349de7bc435bdff37785c2466f054ed1766173be' (2024-08-12)
 2024-08-25 22:07:24 +02:00
Raito Bezarius
024b431cbc feat(grafana): plug jsonnet-based dashboards in provisioning 
Add the gerrit dashboards as an example.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-24 16:32:21 +02:00
Raito Bezarius
d1ffce9336 feat(grafana): jsonnet-based dashboards 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-24 16:17:52 +02:00
Pierre Bourdon
29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot"" 
This reverts commit 17c342b33e.

Grapevine's use of IFD was fixed upstream.
 2024-08-15 16:22:22 +02:00
Pierre Bourdon
434def3337
flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
  → 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10)
• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=4b107e6ff36bd89958fba36e0fe0340903e7cd13' (2024-07-22)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=f1b552ecbf2d011cd4fdb93d7d117388ab9c0027' (2024-08-12)
• Updated input 'hydra/lix':
    'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=6b4d46e9e0e1dd80e0977684ab20d14bcd1a6bc3' (2024-07-16)
  → 'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=5137cea99044d54337e439510a647743110b2d7d' (2024-08-10)
• Updated input 'hydra/lix/nix2container':
    'github:nlewo/nix2container/20aad300c925639d5d6cbe30013c8357ce9f2a2e' (2024-04-13)
  → 'github:nlewo/nix2container/3853e5caf9ad24103b13aa6e0e8bcebb47649fe4' (2024-07-10)
• Updated input 'hydra/lix/pre-commit-hooks':
    'github:cachix/git-hooks.nix/e35aed5fda3cc79f88ed7f1795021e559582093a' (2024-04-02)
  → 'github:cachix/git-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9355fa86e6f27422963132c2c9aeedb0fb963d93' (2024-07-16)
  → 'github:NixOS/nixpkgs/154bcb95ad51bc257c2ce4043a725de6ca700ef6' (2024-08-09)
 2024-08-13 01:11:38 +02:00
Pierre Bourdon
8b1ade5580
Revert "update hydra" 
This reverts commit f7907a2915.

We develop straight on lix-project/hydra, as discussed a few times on
the Lix development channel.
 2024-08-13 01:11:31 +02:00
Pierre Bourdon
42b3977e8f
flake: remove an extra nixpkgs lying around 2024-08-13 00:38:51 +02:00
Pierre Bourdon
17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot" 
This partially reverts commit d2f3ca5624.

Said commit requires IFD to eval, which is generally unwanted, and is
currently forbidden on Hydra (imo: rightfully so, we should try to
properly separate evals from builds).

The services/ file for grapevine is kept but will not work without the
flake.nix change reapplied.
 2024-08-13 00:35:10 +02:00
K900
d2f3ca5624 Add Grapevine Matrix server and matrix-hookshot 
It doesn't want to work.
 2024-08-09 14:03:56 +00:00
Yureka
a69750b495 update buildbot-nix 2024-08-06 13:26:01 +02:00
Yureka
f7907a2915 update hydra 2024-08-03 18:40:25 +02:00
Yureka
314f1cb363 fix buildbot-nix reference 
accidentally committed the lockfile which points to my local checkout
 2024-07-30 14:02:26 +02:00
Yureka
4e2d21930f baremetal-builders: detect percent_filled for the correct partition 2024-07-30 13:59:46 +02:00
Yureka
924b4e7913 flake.lock: Update 
Flake lock file updates:

• Updated input 'buildbot-nix':
    'git+file:///home/yuka/proj/buildbot-nix' (2024-07-22)
  → 'git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/non-flakes&rev=8f5ad30cb7df5afbc4df1370a79bf3825c60f8b1' (2024-07-28)
 2024-07-28 20:18:36 +02:00