raito
cf98ed80dc
chore: introduce finer-grained baremetal management
...
for multiple roles such as storage or builders.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-23 21:30:38 +01:00
raito
f4588aff2b
feat: listen on Gerrit events and rewrite them as generic VCS events
...
This introduces the private SSH key for Gerrit event streaming.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 01:25:53 +01:00
raito
adb78e633c
feat: introduce ofborg pastebin service
...
The web service is not available yet.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito
8fa0e5abe3
feat: introduce ofborg stats
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito
47b713ca58
feat: introduce ofborg builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito
a4d4ff8041
feat(build-coord): enable first Vault instance on it
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:30:21 +01:00
raito
dc23bb7054
feat: introduce awareness module for WAN addresses
...
Introduce a data-only module to perform abstraction on the deployment,
we use it for WAN for now.
The usecase is service discovery for simple cases.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 21:47:53 +01:00
raito
980709cc02
chore(ows): remove Raito personal sandbox branches
...
I am not using those branches anymore, we can remove them.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 14:42:22 +00:00
raito
112f60afd1
feat(ows): support moving away onewaysync
...
We are running into too many out of disk space situations with OWS on
the main disk.
This way, we can reuse the Gerrit disk for all that data, which
hopefully, is quite shared with Gerrit.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 14:42:22 +00:00
raito
e912796992
fix(buildbot): use builder-4 for forkos buildbot instance
...
Since 070d97fd
, we have shut down builder-4.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 15:17:22 +01:00
Yureka
070d97fdf1
adjust builders list
2024-12-09 10:46:03 +01:00
Yureka
4e03cf2309
increase zram on build-coord
2024-11-04 08:48:40 +01:00
raito
8c0c7b517f
feat: block automatically crawlers if the blocker is enabled
...
This help us getting rid of useless traffic by crawlers.
It is enabled for gerrit01 which is suffering the most from this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
raito
eaf48a0cdd
fix(buildbot): use builder-9 as builder-10 is down
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito
e3129fec51
fix(buildbot): fix CORS properly
...
wildcards are not allowed in the headers.
We need to include credentials as well.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito
437293bdaa
fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
...
wildcards are not supported in CORS headers, so this design was quite
wrong actually.
We can just use the actual Gerrit hostname for now.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
Luke Granger-Brown
de085155a6
fix: update paths to floral secrets to secrets/floral/
2024-10-07 15:48:05 +00:00
raito
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
raito
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
76276a8da3
feat: add build01.aarch64.lix.systems
...
This is the first Lix machine we are enrolling in our infrastructure
(!).
It's using all the previous commits to make it cozy with our current
infra style.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
raito
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
Kiara Grouwstra
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
Ilya K
e2c6550796
Hydra metrics
...
Yoink the nixos org exporter, rewrite most of it, deploy
2024-10-01 19:06:26 +03:00
raito
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
Ilya K
c1712dc1fa
Set up tempo
2024-08-31 15:05:30 +03:00
raito
c38e9b482f
feat(web): provide a directory listing via s3-revproxy
...
Thanks to Jade Lovelace who built all this machinery for Lix initially.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:29:18 +02:00
raito
1b22c1f0ae
fix(hydra): proxy it over my sniproxy
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-30 18:34:35 +02:00
raito
4f4a25a5ad
feat(gerrit): push pyroscope profiling to Pyroscope
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 22:37:33 +02:00
raito
db46b01ae9
feat(monitoring): add pyroscope to the infrastructure
...
Vendored for the time being.
See https://cl.forkos.org/c/nixpkgs/+/181 for upstreaming properly.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 20:43:00 +02:00
raito
58c0dd3d2e
feat(public): add listmonk instance on news.forkos.org
...
To prepare for public communications and updates.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-21 16:45:12 +02:00
Pierre Bourdon
6881351f23
build-coord: copy the baremetal-builders DNS64 config
2024-08-16 09:33:48 +02:00
Pierre Bourdon
5fdce0e2b5
hydra: move from bagel-box to build-coord
2024-08-16 09:03:29 +02:00
Pierre Bourdon
ce3a40671c
acme: make ToS and contact config common
2024-08-16 09:03:08 +02:00
Pierre Bourdon
c33326f836
hydra: switch to using mTLS instead of local peer auth
2024-08-16 08:19:18 +02:00
Pierre Bourdon
29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot""
...
This reverts commit 17c342b33e
.
Grapevine's use of IFD was fixed upstream.
2024-08-15 16:22:22 +02:00
Pierre Bourdon
50fadb45e2
common: define TZ in base server configs, remove heretical host-specific configuration
2024-08-13 22:38:40 +02:00
Pierre Bourdon
5dd9ad553c
build-coord: add initial config
2024-08-13 22:36:30 +02:00
Pierre Bourdon
90325344a3
Reserve builder-11 for build coordination, rename to build-coord
2024-08-13 19:12:36 +02:00
Pierre Bourdon
17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot"
...
This partially reverts commit d2f3ca5624
.
Said commit requires IFD to eval, which is generally unwanted, and is
currently forbidden on Hydra (imo: rightfully so, we should try to
properly separate evals from builds).
The services/ file for grapevine is kept but will not work without the
flake.nix change reapplied.
2024-08-13 00:35:10 +02:00
Ilya K
9ad279a505
Set up admins + DNS for hookshot
2024-08-09 14:03:56 +00:00
Ilya K
d2f3ca5624
Add Grapevine Matrix server and matrix-hookshot
...
It doesn't want to work.
2024-08-09 14:03:56 +00:00
Yureka
d635042e57
adjust timer for staging sync services
2024-08-08 15:22:44 +02:00
Yureka
b6375b8294
add staging sync services
2024-08-08 15:16:04 +02:00
Yureka
bce44930b1
builders: provision ssh hostkeys on boot
2024-08-04 18:12:02 +02:00
Yureka
27d66d390e
update iusb-spoof and start service on boot
2024-08-03 23:38:21 +02:00
Yureka
79dea0686b
add 'notipxe' netboot loader based on systemd-initrd + u-root
2024-08-03 20:28:57 +02:00
Yureka
6dc424dd43
wob01: serve an ipxe over iusb-spoof
2024-08-01 22:16:48 +02:00
Yureka
504a443acc
adjust hydra-gc numbers
...
we want to see how garbage collection would behave on a 480GB drive
2024-07-31 23:44:08 +02:00
raito
bd8aa2eb08
gerrit01: adjustments for master → main OWS
...
Due to rename, we need a `mkNixpkgsJob` slightly more complicated.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 23:35:06 +02:00
raito
22a10e158f
hosts/public01: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 20:46:20 +02:00