Commit graph

400 commits

Author SHA1 Message Date
34e8b4b98a tf/dns: rework the forgejo DNS for the 2 servers
git.forkos.org → Forgejo
git.infra.forkos.org → OpenSSH

(with the .p. variants for the IPv4→IPv6 SNI proxies)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:44:11 +02:00
5a05e44a95
tf/hydra: add a project for our hydra fork 2024-07-17 13:34:10 +02:00
234522cc3b
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84' (2024-07-13)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=b0e9b4b2f99f9d8f5c4e780e89f955c394b5ced4' (2024-07-17)
• Added input 'hydra/lix':
    'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=6b4d46e9e0e1dd80e0977684ab20d14bcd1a6bc3' (2024-07-16)
• Added input 'hydra/lix/flake-compat':
    'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Added input 'hydra/lix/nix2container':
    'github:nlewo/nix2container/20aad300c925639d5d6cbe30013c8357ce9f2a2e' (2024-04-13)
• Added input 'hydra/lix/nixpkgs':
    follows 'hydra/nixpkgs'
• Added input 'hydra/lix/nixpkgs-regression':
    'github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2' (2022-01-24)
• Added input 'hydra/lix/pre-commit-hooks':
    'github:cachix/git-hooks.nix/e35aed5fda3cc79f88ed7f1795021e559582093a' (2024-04-02)
• Removed input 'hydra/nix'
• Removed input 'hydra/nix/flake-compat'
• Removed input 'hydra/nix/nix2container'
• Removed input 'hydra/nix/nixpkgs'
• Removed input 'hydra/nix/nixpkgs-regression'
• Removed input 'hydra/nix/pre-commit-hooks'
• Added input 'hydra/nix-eval-jobs':
    'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=c057494450f2d1420726ddb0bab145a5ff4ddfdd' (2024-07-17)
• Added input 'hydra/nix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
• Added input 'hydra/nix-eval-jobs/flake-parts/nixpkgs-lib':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/lix':
    follows 'hydra/lix'
• Added input 'hydra/nix-eval-jobs/nix-github-actions':
    'github:nix-community/nix-github-actions/622f829f5fe69310a866c8a6cd07e747c44ef820' (2024-07-04)
• Added input 'hydra/nix-eval-jobs/nix-github-actions/nixpkgs':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/nixpkgs':
    follows 'hydra/nixpkgs'
• Added input 'hydra/nix-eval-jobs/treefmt-nix':
    'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15)
• Added input 'hydra/nix-eval-jobs/treefmt-nix/nixpkgs':
    follows 'hydra/nix-eval-jobs/nixpkgs'
• Updated input 'lix':
    follows 'hydra/nix'
  → follows 'hydra/lix'
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
  → 'github:NixOS/nixpkgs/9355fa86e6f27422963132c2c9aeedb0fb963d93' (2024-07-16)
2024-07-17 13:11:07 +02:00
c296d0d46d Merge pull request 'forgejo: init, admins: add emilylange' (#62) from forgejo into main
Reviewed-on: #62
2024-07-16 23:11:55 +00:00
95b58de737
forgejo: use redis as cache and session provider 2024-07-16 20:09:15 +02:00
8b9d33d70c
forgejo: disable registrations, enable auto-registration for SSO 2024-07-16 17:14:23 +02:00
ab9caaf520
systems: add git.forkos.org 2024-07-16 15:44:08 +02:00
dd069c40d7
forgejo: init service 2024-07-16 15:44:06 +02:00
9899b083ad
forgejo: init custom Forgejo patchset 2024-07-16 15:44:01 +02:00
d4caf7b71a
admins: add emilylange 2024-07-16 15:43:58 +02:00
37ec674984 dns: pre-add git.forkos.org
Reserved for a Forgejo instances with Emily's optimizations.
Plans: a mirror, code search and will see how it goes!

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-16 11:54:09 +02:00
e3e60a5e72 services/monitoring: add scraping of Gerrit's internal metrics 2024-07-15 11:02:54 +00:00
2e86babc8a services/gerrit: add metrics-prometheus-exporter 2024-07-15 11:02:54 +00:00
2b8f42dcda secrets: add gerrit-prometheus-bearer-token 2024-07-15 11:02:54 +00:00
f14bba14a3 gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
0723b7de42 Merge pull request 'terraform/gandi: more sniproxying for bagel-box,meta-01' (#67) from ckie/moarr-v4 into main
Reviewed-on: #67
Reviewed-by: raito <raito@noreply.git.lix.systems>
2024-07-14 18:44:21 +00:00
3c2691d9e2
terraform/gandi: introduce proxyRecords and proxy web services 2024-07-14 21:39:42 +03:00
a44196fc3c flake: update nix-gerrit 2024-07-13 18:24:05 +01:00
7a937e837a Unlimit Mimir max series 2024-07-13 15:52:46 +03:00
ecfe0ec886
flake.lock: Update
Flake lock file updates:

• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14' (2024-07-13)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84' (2024-07-13)
2024-07-13 06:13:22 +02:00
7d9461808c
builders: configure a swapfile + zswap 2024-07-13 04:40:51 +02:00
293bc52ace
hydra: reduce number of parallel builds per builder to limit RAM consumption 2024-07-13 04:38:24 +02:00
64079be3c0
flake.lock: Update
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
  → 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
• Updated input 'hydra':
    'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=a9a2679793a17325c966dec4cbb27d44b0531694' (2024-06-24)
  → 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=05d620a54f38f3764a643d824b55f7790736bb14' (2024-07-13)
• Updated input 'hydra/nix':
    'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4c3d93611f2848c56ebc69c85f2b1e18001ed3c7' (2024-06-24)
  → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=4b109ec1a8fc4550150f56f0f46f2f41d844bda8' (2024-07-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
  → 'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
2024-07-13 03:12:13 +02:00
9189b73a5f devShell: change colmena to the nixpkgs version
this is done to avoid unnecessarily recompiling colmena
2024-07-13 01:10:59 +00:00
af515792cc admins: add janik 2024-07-13 01:10:39 +00:00
b4deee29af editorconfig: init
Add a barebones `.editorconfig` to at least trim whitspaces and enforce some minimal norms
2024-07-13 01:10:18 +00:00
756341ea4c
builders: tune sshd MaxStartups to avoid rate limiting Hydra 2024-07-12 21:57:04 +02:00
bed5ef022f
change the default user shell to zsh 2024-07-12 19:50:34 +02:00
e6ead602f0 builders get a special treatment for dns64 2024-07-11 02:05:58 +02:00
329f267b02 enable nftables on all hosts 2024-07-11 02:05:35 +02:00
b14f155d55 add ipmitool on vpn-gw and builders 2024-07-10 20:49:17 +02:00
c8208f42ef
flake: attempt to fix the hydraJobs definition 2024-07-10 19:03:18 +02:00
087d17c681
tf/hydra: add a project/jobset for infra machine configurations 2024-07-10 18:52:43 +02:00
d2336262fb
hydra: set allowed URIs in restricted mode for flake inputs 2024-07-10 18:52:22 +02:00
f35cfbd567
flake: configure some hydra jobs (all machine configurations) 2024-07-10 18:43:54 +02:00
58325e30dd
common/nix: use bagel-cache by default 2024-07-10 18:17:30 +02:00
411d514ab9
hydra: user hydra-www needs nix-daemon access too 2024-07-10 17:36:39 +02:00
f74d1ca0f6
hydra: start signing paths 2024-07-10 17:34:57 +02:00
70e608a8f7
common: provide a pinned nixpkgs on all infra machines 2024-07-10 17:17:18 +02:00
4e869a9f43 fix bmc dhcp 2024-07-10 15:54:46 +02:00
3cbdbc45f7 more quality of life improvements... 2024-07-10 15:54:30 +02:00
7ba42d99d1 reduce hydra builders to 4 2024-07-10 15:08:28 +02:00
254e161c07 Give wob-vpn-gw a proper hostname 2024-07-10 15:34:05 +03:00
a9f45daac8 Rename machine folders, clean up flake 2024-07-10 15:24:47 +03:00
787b3af638 Add wob-vpn-gw key, rekey metrics push password for it 2024-07-10 15:13:05 +03:00
e608b92e4f Add htop and btop to default machine config 2024-07-10 15:01:09 +03:00
e84b362b7a Allow 12 hour of backfill for metrics
This is somewhat experimental and may explode, but we'll see, I guess
2024-07-10 14:59:09 +03:00
9e7e6d42ab Make nginx/loki/mimir go fast 2024-07-10 14:55:28 +03:00
f2c2bc5ab6
hydra: output machine host key as base64 in the generated machines.conf 2024-07-10 02:16:45 +02:00
f214da9228
hydra: add hydra to nix trusted-users 2024-07-10 02:03:33 +02:00