ed64fb31ed
chore: add BAO_ADDR in the devshell to point to our Vault deployment
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-31 18:29:57 +01:00
fb267d4184
feat: add openbao to the dev shell
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-31 18:01:30 +01:00
02b140aa3d
chore: rewire everything to a single flake-compat
...
Please do not make me do more Flakes bullshit, I hate this so hard.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-31 17:37:22 +01:00
fe87407c65
chore(gerrit): go back to refs/heads/main
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-29 17:39:54 +01:00
b541b78145
chore: connect terraform to the hive
...
This way, we can autogenerate records for storage and builders nodes by
reading directly the configuration.
This makes evaluation of `nix run .#tf` slower, but this makes things
more safer and easier, so it's good.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-23 21:30:38 +01:00
cf98ed80dc
chore: introduce finer-grained baremetal management
...
for multiple roles such as storage or builders.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-23 21:30:38 +01:00
4e87e35bb5
feat(forgejo): offload custom forgejo package into its own repository
...
It has been a recurring issue that flake lockfile bumps in this repo
here make the forgejo patches no longer apply.
The dedicated repository (nix-forgejo) solves this by not overriding the
existing forgejo derivation from nixpkgs but rather having its own.
Additionally, nix-forgejo pins and uses a "known good" nixpkgs revision
itself, unless `pkgs` is passed on import.
So if issues should arise after a flake bump, we can use that revision
by modifying our import statement, or we can rollback the nix-forgejo
revision itself.
Moving forgejo out of tree also makes iterating on it a lot easier and
opens a lot of other possibilities :)
2024-12-18 03:39:37 +01:00
ebdb7c8aef
fix: introduce the newest branch of ofborg
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
47b713ca58
feat: introduce ofborg builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
c3b1a3d1da
feat(gerrit01): upgrade to Gerrit 3.10.3
...
And monitor the performance situation as always.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-14 17:13:18 +01:00
070d97fdf1
adjust builders list
2024-12-09 10:46:03 +01:00
00a5d373f3
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da' (2024-10-05)
→ 'github:NixOS/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
2024-11-04 08:46:51 +01:00
1ae3d7c396
chore: move to forkos branch for buildbot
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:06 +01:00
cca8156e52
Revert "chore: move to faster-depinfo branch for Buildbot"
...
This reverts commit 7df7eaeb9b
because
there was a missing intersection in the code and this broke Buildbot
entirely by exhausting all the resources.
2024-10-27 22:01:34 +01:00
7df7eaeb9b
chore: move to faster-depinfo branch for Buildbot
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 19:39:18 +01:00
d5500d7c4e
fix(buildbot): bring back the old Gerrit reporting
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
b56b8963a2
feat: introduce Buildbot multi-tenancy
...
This shares the same expression to deploy the Buildbot.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
9ad7e7b139
feat(tenancy): tag machines accordingly to their tenancy
...
@lix for Lix machines.
@floral for Floral machines.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
96f5d45ff3
feat(lix): add buildbot.lix.systems key for extra build capacity
...
Otherwise, buildbot.lix.systems will not be able to access it anymore.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
76276a8da3
feat: add build01.aarch64.lix.systems
...
This is the first Lix machine we are enrolling in our infrastructure
(!).
It's using all the previous commits to make it cozy with our current
infra style.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:28 +02:00
1e421889e4
feat(monitoring): add static label for tenancy
...
So we can distinguish easily things in the dashboards.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:10:16 +02:00
6978c1271d
feat: introduce floral and lix common modules
...
This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:09:11 +02:00
c0689e6832
feat: add @localboot tags for machine which can be deployed
...
colmena does not support netboot deployment, this is fine. We can fix it
later.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:09:53 +00:00
b5d412a5ba
feat: adopt new version of Buildbot with incoming ref data
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 07:59:56 +00:00
86e833f52a
chore(tf): drop all gandi resources
2024-10-05 18:46:45 +02:00
6d3e14ec27
feat: finer-grained ACLs for server accesses
...
In the process of adding multi-tenant infrastructure, it seems relevant
to add finer-grained ACLs.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-05 16:20:19 +02:00
b291caac46
feat(monitoring): add uptime-kuma for status page, fixes #97
...
Adds a service for a status page using
[`uptime-kuma`](https://uptime.kuma.pet/ ).
2024-10-01 16:13:23 +00:00
e3b6cb72b4
feat(dns): add dnsimple to terraform configuration
2024-09-23 19:49:21 +02:00
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
d1ffce9336
feat(grafana): jsonnet-based dashboards
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-24 16:17:52 +02:00
29babfc5c4
Revert "Partial revert "Add Grapevine Matrix server and matrix-hookshot""
...
This reverts commit 17c342b33e
.
Grapevine's use of IFD was fixed upstream.
2024-08-15 16:22:22 +02:00
5dd9ad553c
build-coord: add initial config
2024-08-13 22:36:30 +02:00
90325344a3
Reserve builder-11 for build coordination, rename to build-coord
2024-08-13 19:12:36 +02:00
8b1ade5580
Revert "update hydra"
...
This reverts commit f7907a2915
.
We develop straight on lix-project/hydra, as discussed a few times on
the Lix development channel.
2024-08-13 01:11:31 +02:00
42b3977e8f
flake: remove an extra nixpkgs lying around
2024-08-13 00:38:51 +02:00
17c342b33e
Partial revert "Add Grapevine Matrix server and matrix-hookshot"
...
This partially reverts commit d2f3ca5624
.
Said commit requires IFD to eval, which is generally unwanted, and is
currently forbidden on Hydra (imo: rightfully so, we should try to
properly separate evals from builds).
The services/ file for grapevine is kept but will not work without the
flake.nix change reapplied.
2024-08-13 00:35:10 +02:00
d2f3ca5624
Add Grapevine Matrix server and matrix-hookshot
...
It doesn't want to work.
2024-08-09 14:03:56 +00:00
f7907a2915
update hydra
2024-08-03 18:40:25 +02:00
1cbf286f18
build netboot files from hydra
2024-08-01 22:47:25 +02:00
6dc424dd43
wob01: serve an ipxe over iusb-spoof
2024-08-01 22:16:48 +02:00
22a10e158f
hosts/public01: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-25 20:46:20 +02:00
7f29885597
flake: support aarch64-linux
...
...I don't know how to remove the mention of x86_64-linux for colmena,
or if it actually matters, so I'm just leaving that there for now.
2024-07-24 09:37:15 +02:00
3ff9d00f7f
Add a wrapper to colmena that stops unintended toe-stepping
...
Taken from lix/web-services, commit hash 6d29ce968e64225faf03450c063d11a0a5c89cac
Co-authored-by: Jade Lovelace <lix@jade.fyi>
2024-07-24 07:25:25 +00:00
e5a3ce2283
buildbot fixes ( #76 )
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Signed-off-by: Yureka <yureka@forkos.org>
Co-authored-by: raito <raito@noreply.git.lix.systems>
Co-committed-by: raito <raito@noreply.git.lix.systems>
2024-07-24 06:44:25 +00:00
cd846260e4
flake: add buildbot jobs entrypoints
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-18 12:18:12 +02:00
c3394264ba
hosts/buildbot: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
68d956f1ba
flake: add buildbot-nix on the refactor branch
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 14:57:17 +02:00
234522cc3b
flake.lock: Update
...
Flake lock file updates:
• Updated input 'hydra':
'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=fb9e29d4d0f2f591cd1d706fd3b7334af7d34b84 ' (2024-07-13)
→ 'git+https://git.lix.systems/lix-project/hydra.git?ref=refs/heads/main&rev=b0e9b4b2f99f9d8f5c4e780e89f955c394b5ced4 ' (2024-07-17)
• Added input 'hydra/lix':
'git+https://git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=6b4d46e9e0e1dd80e0977684ab20d14bcd1a6bc3 ' (2024-07-16)
• Added input 'hydra/lix/flake-compat':
'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Added input 'hydra/lix/nix2container':
'github:nlewo/nix2container/20aad300c925639d5d6cbe30013c8357ce9f2a2e' (2024-04-13)
• Added input 'hydra/lix/nixpkgs':
follows 'hydra/nixpkgs'
• Added input 'hydra/lix/nixpkgs-regression':
'github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2' (2022-01-24)
• Added input 'hydra/lix/pre-commit-hooks':
'github:cachix/git-hooks.nix/e35aed5fda3cc79f88ed7f1795021e559582093a' (2024-04-02)
• Removed input 'hydra/nix'
• Removed input 'hydra/nix/flake-compat'
• Removed input 'hydra/nix/nix2container'
• Removed input 'hydra/nix/nixpkgs'
• Removed input 'hydra/nix/nixpkgs-regression'
• Removed input 'hydra/nix/pre-commit-hooks'
• Added input 'hydra/nix-eval-jobs':
'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=c057494450f2d1420726ddb0bab145a5ff4ddfdd ' (2024-07-17)
• Added input 'hydra/nix-eval-jobs/flake-parts':
'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
• Added input 'hydra/nix-eval-jobs/flake-parts/nixpkgs-lib':
follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/lix':
follows 'hydra/lix'
• Added input 'hydra/nix-eval-jobs/nix-github-actions':
'github:nix-community/nix-github-actions/622f829f5fe69310a866c8a6cd07e747c44ef820' (2024-07-04)
• Added input 'hydra/nix-eval-jobs/nix-github-actions/nixpkgs':
follows 'hydra/nix-eval-jobs/nixpkgs'
• Added input 'hydra/nix-eval-jobs/nixpkgs':
follows 'hydra/nixpkgs'
• Added input 'hydra/nix-eval-jobs/treefmt-nix':
'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15)
• Added input 'hydra/nix-eval-jobs/treefmt-nix/nixpkgs':
follows 'hydra/nix-eval-jobs/nixpkgs'
• Updated input 'lix':
follows 'hydra/nix'
→ follows 'hydra/lix'
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/6794d064edc69918bb0fc0e0eda33ece324be17a' (2024-07-12)
→ 'github:NixOS/nixpkgs/9355fa86e6f27422963132c2c9aeedb0fb963d93' (2024-07-16)
2024-07-17 13:11:07 +02:00
ab9caaf520
systems: add git.forkos.org
2024-07-16 15:44:08 +02:00