Commit graph

413 commits

Author SHA1 Message Date
emily e930a17b0b
fix(forgejo): lower cache.last_commit TTL to limit size of the cache
We really don't want to cache them for a year, which is the default.

Yes, computing them may be expensive, but not worth a multi-gigabyte
redis database that takes minutes to load into RAM on service (re)start.
2024-12-18 17:03:49 +01:00
emily 4e87e35bb5
feat(forgejo): offload custom forgejo package into its own repository
It has been a recurring issue that flake lockfile bumps in this repo
here make the forgejo patches no longer apply.

The dedicated repository (nix-forgejo) solves this by not overriding the
existing forgejo derivation from nixpkgs but rather having its own.

Additionally, nix-forgejo pins and uses a "known good" nixpkgs revision
itself, unless `pkgs` is passed on import.

So if issues should arise after a flake bump, we can use that revision
by modifying our import statement, or we can rollback the nix-forgejo
revision itself.

Moving forgejo out of tree also makes iterating on it a lot easier and
opens a lot of other possibilities :)
2024-12-18 03:39:37 +01:00
raito f4588aff2b feat: listen on Gerrit events and rewrite them as generic VCS events
This introduces the private SSH key for Gerrit event streaming.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 01:25:53 +01:00
raito 90038e80a2 fix: do not propagate rabbitmq-password to all nodes
This was a mistake.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 00:25:54 +01:00
raito 665a750e35 chore: fix vhost and username for ofborg
Username and vhost creation are out of band and manual.

$ cd /var/lib/rabbitmq
$ sudo -u rabbitmq rabbitmqctl create_user ofborg $pwd
$ sudo -u rabbitmq rabbitmqctl set_permissions ofborg '.*' '.*' '.*'

Here's a simple way to reproduce that setup on the RabbitMQ server.

Doing better will require the Vault server which will come soon anyway.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 18:19:49 +01:00
raito ab998c8fb9 chore: bump ofborg
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 17:25:42 +01:00
raito bb7d5c1c7d chore: re-encrypt rabbitmq password
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 17:25:35 +01:00
raito eaee10ec70 chore: bump ofborg
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito df0bd6b4eb feat: introduce statcheck worker
Status & checks RPC & event queue.

The status & checks is set by the rest of OfBorg, the web service needs
to be exposed.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito c007bbeeb9 feat: introduce ofborg gerrit streamer
This pipes events from Gerrit into the whole AMQP broker and enable all
the system to react to VCS changes.

We need a filter to transform raw Gerrit events into ofBorg specific
events that we will continue to send in the system.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito c1cb1ffcad feat: update ofborg
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito 4fe922bcd0 feat: introduce ofborg mass rebuilder
With Gerrit support.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito adb78e633c feat: introduce ofborg pastebin service
The web service is not available yet.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito ebdb7c8aef fix: introduce the newest branch of ofborg
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito 9051ce73c6 fix: disable IPv4 on amqp.forkos.org
Otherwise, the renew fails all the time!

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito 8fa0e5abe3 feat: introduce ofborg stats
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito 47b713ca58 feat: introduce ofborg builder
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito 436882c3eb fix(services/vault): proxy pass to the local vault server web port
Oopsie, forgot that commit.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:11 +01:00
raito 14f5bc10a1 chore(pkgs/openbao): 2.0.2 -> 2.1.0
https://openbao.org/docs/release-notes/2-1-0/
https://openbao.org/docs/release-notes/2-0-0/#203
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:42:48 +01:00
raito a4d4ff8041 feat(build-coord): enable first Vault instance on it
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:30:21 +01:00
raito 2c4e60760f feat: introduce a Vault module for secrets management
Via a fork of the Linux Foundation, called OpenBao.

The module supports high availability but we only have one node for now.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 21:49:44 +01:00
raito dc23bb7054 feat: introduce awareness module for WAN addresses
Introduce a data-only module to perform abstraction on the deployment,
we use it for WAN for now.

The usecase is service discovery for simple cases.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 21:47:53 +01:00
raito 84899b48ea feat(channel-scripts): support push to git and automatic cleanup of failed streaming
Now, we won't pile a bunch of failed streaming attempts and this will
automatically push to git.

Credentials are left to be done for the push to actually work.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 19:06:47 +01:00
raito c3b1a3d1da feat(gerrit01): upgrade to Gerrit 3.10.3
And monitor the performance situation as always.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 17:13:18 +01:00
raito 980709cc02 chore(ows): remove Raito personal sandbox branches
I am not using those branches anymore, we can remove them.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 14:42:22 +00:00
raito 112f60afd1 feat(ows): support moving away onewaysync
We are running into too many out of disk space situations with OWS on
the main disk.

This way, we can reuse the Gerrit disk for all that data, which
hopefully, is quite shared with Gerrit.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 14:42:22 +00:00
raito 879292aa9e chore: bump everything
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 15:17:29 +01:00
raito e912796992 fix(buildbot): use builder-4 for forkos buildbot instance
Since 070d97fd, we have shut down builder-4.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 15:17:22 +01:00
Yureka 070d97fdf1 adjust builders list 2024-12-09 10:46:03 +01:00
Yureka 2e7a702c28 adjust builder assignments 2024-12-09 10:28:20 +01:00
Ilya K cae763e8dd ofborg: enable nginx for certs 2024-11-17 14:48:08 +03:00
Ilya K 4f1378937f Disable nixos-option, it breaks 2024-11-17 14:39:25 +03:00
Ilya K 7e3074a769 Update everything again 2024-11-17 14:39:19 +03:00
Ilya K 3182a036c0 chore: bump everything 2024-11-12 23:42:51 +03:00
Ilya K 54e8282aac fix: use promtool to verify rules, fix format 2024-11-12 23:21:30 +03:00
Ilya K 41be8dc170 fix: pin pyroscope to go 1.22 2024-11-12 23:16:46 +03:00
Ilya K b08330c42b fix: allow insecure netbox 2024-11-12 22:52:11 +03:00
Ilya K 268422f653 fix: update grapevine to build with current nixpkgs 2024-11-12 22:49:33 +03:00
Yureka 4e03cf2309 increase zram on build-coord 2024-11-04 08:48:40 +01:00
Yureka 00a5d373f3 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da' (2024-10-05)
  → 'github:NixOS/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
2024-11-04 08:46:51 +01:00
Yureka ec93c94e7e revert default shell to bash
zsh is unbearably slow on some machines
2024-10-30 13:29:27 +01:00
raito f56576d644 fix: add util-linux in git-gc-preserve
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:54 +01:00
raito 1ae3d7c396 chore: move to forkos branch for buildbot
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:06 +01:00
raito cca8156e52 Revert "chore: move to faster-depinfo branch for Buildbot"
This reverts commit 7df7eaeb9b because
there was a missing intersection in the code and this broke Buildbot
entirely by exhausting all the resources.
2024-10-27 22:01:34 +01:00
raito 7df7eaeb9b chore: move to faster-depinfo branch for Buildbot
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 19:39:18 +01:00
Kiara Grouwstra 5ae71fff99 chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
raito 02f8bc7ca4 chore(o11y): filter by tenancy on node_exporter
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:37 +02:00
raito e0c029ba43 fix: make all buildbot postgres faster
work_mem was effectively absurdly low.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:24 +02:00
raito 3ed36f74fd onboarding: add pennae keys on lix infra
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito b1f4674da0 chore: add tenancy in postgres
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00