the-distro/infra
9
0
Fork 5
Code Issues 38 Pull requests 7 Projects 1 Releases Packages Wiki Activity
403 commits 28 branches 0 tags 2.9 MiB
Commit graph

87 commits

Author SHA1 Message Date
Raito Bezarius
adb78e633c feat: introduce ofborg pastebin service 
The web service is not available yet.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
8fa0e5abe3 feat: introduce ofborg stats 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
47b713ca58 feat: introduce ofborg builder 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:51:45 +01:00
Raito Bezarius
a4d4ff8041 feat(build-coord): enable first Vault instance on it 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-15 16:30:21 +01:00
Raito Bezarius
dc23bb7054 feat: introduce awareness module for WAN addresses 
Introduce a data-only module to perform abstraction on the deployment,
we use it for WAN for now.

The usecase is service discovery for simple cases.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 21:47:53 +01:00
Raito Bezarius
980709cc02 chore(ows): remove Raito personal sandbox branches 
I am not using those branches anymore, we can remove them.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 14:42:22 +00:00
Raito Bezarius
112f60afd1 feat(ows): support moving away onewaysync 
We are running into too many out of disk space situations with OWS on
the main disk.

This way, we can reuse the Gerrit disk for all that data, which
hopefully, is quite shared with Gerrit.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 14:42:22 +00:00
Raito Bezarius
e912796992 fix(buildbot): use builder-4 for forkos buildbot instance 
Since 070d97fd, we have shut down builder-4.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-12-14 15:17:22 +01:00
Yureka
070d97fdf1 adjust builders list 2024-12-09 10:46:03 +01:00
Yureka
4e03cf2309 increase zram on build-coord 2024-11-04 08:48:40 +01:00
Raito Bezarius
8c0c7b517f feat: block automatically crawlers if the blocker is enabled 
This help us getting rid of useless traffic by crawlers.

It is enabled for gerrit01 which is suffering the most from this.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-19 19:12:10 +02:00
Raito Bezarius
eaf48a0cdd fix(buildbot): use builder-9 as builder-10 is down 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-18 23:22:51 +00:00
Raito Bezarius
e3129fec51 fix(buildbot): fix CORS properly 
wildcards are not allowed in the headers.
We need to include credentials as well.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-18 23:22:51 +00:00
Raito Bezarius
437293bdaa fix(buildbot): remove CORS wildcards for their precise Gerrit hosts 
wildcards are not supported in CORS headers, so this design was quite
wrong actually.

We can just use the actual Gerrit hostname for now.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-18 23:22:51 +00:00
Luke Granger-Brown
de085155a6 fix: update paths to floral secrets to secrets/floral/ 2024-10-07 15:48:05 +00:00
Raito Bezarius
decc9963ee feat: add buildbot.lix.systems 
This introduces a new Buildbot instance using all the previous work.

This is a "Raito's VM" hardware type.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-06 11:53:25 +02:00
Raito Bezarius
b56b8963a2 feat: introduce Buildbot multi-tenancy 
This shares the same expression to deploy the Buildbot.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-06 11:28:29 +02:00
Raito Bezarius
76276a8da3 feat: add build01.aarch64.lix.systems 
This is the first Lix machine we are enrolling in our infrastructure
(!).

It's using all the previous commits to make it cozy with our current
infra style.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-06 11:10:28 +02:00
Raito Bezarius
92560708b8 feat: multi-tenant secrets 
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.

This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-10-06 08:10:44 +00:00
Kiara Grouwstra
b291caac46 feat(monitoring): add uptime-kuma for status page, fixes #97 
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/).
 2024-10-01 16:13:23 +00:00
K900
e2c6550796 Hydra metrics 
Yoink the nixos org exporter, rewrite most of it, deploy
 2024-10-01 19:06:26 +03:00
Raito Bezarius
9a04ef909b feat(nixpkgs): run oxidized channel scripts 
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 19:32:23 +02:00
K900
c1712dc1fa Set up tempo 2024-08-31 15:05:30 +03:00
Raito Bezarius
c38e9b482f feat(web): provide a directory listing via s3-revproxy 
Thanks to Jade Lovelace who built all this machinery for Lix initially.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-31 00:29:18 +02:00
Raito Bezarius
1b22c1f0ae fix(hydra): proxy it over my sniproxy 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-30 18:34:35 +02:00
Raito Bezarius
4f4a25a5ad feat(gerrit): push pyroscope profiling to Pyroscope 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-23 22:37:33 +02:00
Raito Bezarius
db46b01ae9 feat(monitoring): add pyroscope to the infrastructure 
Vendored for the time being.
See https://cl.forkos.org/c/nixpkgs/+/181 for upstreaming properly.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-23 20:43:00 +02:00
Raito Bezarius
58c0dd3d2e feat(public): add listmonk instance on news.forkos.org 
To prepare for public communications and updates.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-08-21 16:45:12 +02:00
Pierre Bourdon
6881351f23
build-coord: copy the baremetal-builders DNS64 config 2024-08-16 09:33:48 +02:00
Pierre Bourdon
5fdce0e2b5
hydra: move from bagel-box to build-coord 2024-08-16 09:03:29 +02:00
Pierre Bourdon
ce3a40671c
acme: make ToS and contact config common 2024-08-16 09:03:08 +02:00
Pierre Bourdon
c33326f836
hydra: switch to using mTLS instead of local peer auth 2024-08-16 08:19:18 +02:00
Pierre Bourdon
29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot"" 
This reverts commit 17c342b33e.

Grapevine's use of IFD was fixed upstream.
 2024-08-15 16:22:22 +02:00
Pierre Bourdon
50fadb45e2
common: define TZ in base server configs, remove heretical host-specific configuration 2024-08-13 22:38:40 +02:00
Pierre Bourdon
5dd9ad553c
build-coord: add initial config 2024-08-13 22:36:30 +02:00
Pierre Bourdon
90325344a3
Reserve builder-11 for build coordination, rename to build-coord 2024-08-13 19:12:36 +02:00
Pierre Bourdon
17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot" 
This partially reverts commit d2f3ca5624.

Said commit requires IFD to eval, which is generally unwanted, and is
currently forbidden on Hydra (imo: rightfully so, we should try to
properly separate evals from builds).

The services/ file for grapevine is kept but will not work without the
flake.nix change reapplied.
 2024-08-13 00:35:10 +02:00
K900
9ad279a505 Set up admins + DNS for hookshot 2024-08-09 14:03:56 +00:00
K900
d2f3ca5624 Add Grapevine Matrix server and matrix-hookshot 
It doesn't want to work.
 2024-08-09 14:03:56 +00:00
Yureka
d635042e57 adjust timer for staging sync services 2024-08-08 15:22:44 +02:00
Yureka
b6375b8294 add staging sync services 2024-08-08 15:16:04 +02:00
Yureka
bce44930b1 builders: provision ssh hostkeys on boot 2024-08-04 18:12:02 +02:00
Yureka
27d66d390e update iusb-spoof and start service on boot 2024-08-03 23:38:21 +02:00
Yureka
79dea0686b add 'notipxe' netboot loader based on systemd-initrd + u-root 2024-08-03 20:28:57 +02:00
Yureka
6dc424dd43 wob01: serve an ipxe over iusb-spoof 2024-08-01 22:16:48 +02:00
Yureka
504a443acc adjust hydra-gc numbers 
we want to see how garbage collection would behave on a 480GB drive
 2024-07-31 23:44:08 +02:00
Raito Bezarius
bd8aa2eb08 gerrit01: adjustments for master → main OWS 
Due to rename, we need a `mkNixpkgsJob` slightly more complicated.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-07-25 23:35:06 +02:00
Raito Bezarius
22a10e158f hosts/public01: init 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
 2024-07-25 20:46:20 +02:00
Yureka
297ddbb28c one-way-sync: master -> main 2024-07-23 16:24:36 +02:00
Yureka
eedc719889 add one-way-sync jobs for staging branches 2024-07-23 11:15:27 +02:00