forgejo: init, admins: add emilylange #62

Merged

lukegb merged 6 commits from forgejo into main 2024-07-16 23:11:58 +00:00

Conversation 3 Commits 6 Files changed 11 +405

emilylange commented 2024-07-12 20:38:53 +00:00

Member

Copy link

This adds Forgejo with a custom patchset. One that is just enough to get us started and to be polished later.
It tries to make Forgejo fast when used with large repositories.

There are still some rough edges, e.g. you can totally shoot yourself, as an end user, in the foot by comparing nixpkgs:master with nixpkgs:release-24.05.
Not a blocker, I believe. But we should talk to upstream to implement proper pagination in the compare view, I suppose.

The most expensive bits in Forgejo are code paths that shell out to git. Those shell invocations then often pin a CPU core at 100%.
Forgejo itself is fairly light on the RAM.

Forgejo with those patches and a full nixpkgs pull-mirror ran snappy on a NixOS-shell with

virtualisation = {
  cores = 4;
  memorySize = 4 * 1024;
  diskSize = 20 * 1024;
};

and me clicking around, trying to find expensive code paths and some occasional stress testing.

As such, I think the following specs should suffice for now:

• Storage: 50GB SSD
• RAM: 8 GB
• CPU: 8 cores (though more would do better for those slow code paths)

I would like to use the builtin go ssh server instead of the hosts' OpenSSH one.
But we can't let both bind on the same IP+port.

So how about two IPv6. One for Forgejo's :22 and the other for OpenSSH?

Alternative, we can just use the Forgejo with the OpenSSH one, or move OpenSSH to :2222.
The latter is nicely supported in colmena by setting deployment.targetPort.

@raito can you provision the VM please when you find time? :)

Things left to do:

• SSO, disable registrations: I know how to do that in Forgejo. I don't know who to contact for the SSO.
• Transactional mail: We can probably ignore that for know.
• Setup Redis and configure it as proper Cache, surviving forgejo.service restarts: Not blocking, nice to have.

This adds Forgejo with a custom patchset. One that is just enough to get us started and to be polished later. It tries to make Forgejo fast when used with large repositories. There are still some rough edges, e.g. you can totally shoot yourself, as an end user, in the foot by comparing `nixpkgs:master` with `nixpkgs:release-24.05`. Not a blocker, I believe. But we should talk to upstream to implement proper pagination in the compare view, I suppose. The most expensive bits in Forgejo are code paths that shell out to `git`. Those shell invocations then often pin a CPU core at 100%. Forgejo itself is fairly light on the RAM. Forgejo with those patches and a full nixpkgs pull-mirror ran snappy on a NixOS-shell with ```nix virtualisation = { cores = 4; memorySize = 4 * 1024; diskSize = 20 * 1024; }; ``` and me clicking around, trying to find expensive code paths and some occasional stress testing. As such, I think the following specs should suffice for now: - Storage: 50GB SSD - RAM: 8 GB - CPU: 8 cores (though more would do better for those slow code paths) I would like to use the builtin go ssh server instead of the hosts' OpenSSH one. But we can't let both bind on the same IP+port. So how about two IPv6. One for Forgejo's `:22` and the other for OpenSSH? Alternative, we can just use the Forgejo with the OpenSSH one, or move OpenSSH to `:2222`. The latter is nicely supported in colmena by setting `deployment.targetPort`. @raito can you provision the VM please when you find time? :) Things left to do: - [ ] SSO, disable registrations: I know how to do that in Forgejo. I don't know who to contact for the SSO. - [ ] Transactional mail: We can probably ignore that for know. - [ ] Setup Redis and configure it as proper Cache, surviving `forgejo.service` restarts: Not blocking, nice to have.

emilylange added 3 commits 2024-07-12 20:38:57 +00:00

admins: add emilylange ee58e7c823

forgejo: init custom Forgejo patchset 3452db9037

forgejo: init service fa4fa0b64c

lukegb commented 2024-07-14 00:21:18 +00:00

Member

Copy link

What's left to make this ready for review?

What's left to make this ready for review?

emilylange commented 2024-07-14 12:56:26 +00:00

Author

Member

Copy link

What's left to make this ready for review?

@raito needs to provision the VM and I need to configure SSO when it's running on that VM.

Feel free to review as is, @lukegb :)

> What's left to make this ready for review? @raito needs to provision the VM and I need to configure SSO when it's running on that VM. Feel free to review as is, @lukegb :)

raito commented 2024-07-16 09:49:04 +00:00

Owner

Copy link

Your SSH keys are available on root@2001:bc8:38ee:100:be24:11ff:fe0b:8a81, please take 2001:bc8:38ee:100:1000::40/64 for the VM.

MAC address for WAN: bc:24:11:0b:8a:81
MAC address for NAT-LAN: bc:24:11:83:71:56 (DHCP)

Please use the raito-vm template for the configuration and follow how fodwatch was introduced (add an host entry, etc, etc.)

FYI, you will need to colmena boot then reboot, I don't recommend applying a interface rename at runtime, it will just break down.
If you need manual KVM assistance, @jade is authorized to access it and can assist.

If you need a larger HDD or a smol cache SSD, let me know, you are provisioned with a 40G encrypted (null key) disk.

Your SSH keys are available on `root@2001:bc8:38ee:100:be24:11ff:fe0b:8a81`, please take `2001:bc8:38ee:100:1000::40/64` for the VM. MAC address for WAN: `bc:24:11:0b:8a:81` MAC address for NAT-LAN: `bc:24:11:83:71:56` (DHCP) Please use the raito-vm template for the configuration and follow how fodwatch was introduced (add an host entry, etc, etc.) FYI, you will need to colmena boot then reboot, I don't recommend applying a interface rename at runtime, it will just break down. If you need manual KVM assistance, @jade is authorized to access it and can assist. If you need a larger HDD or a smol cache SSD, let me know, you are provisioned with a 40G encrypted (null key) disk.

emilylange force-pushed forgejo from fa4fa0b64c to f60e01b019 2024-07-16 13:40:22 +00:00 Compare

emilylange added 1 commit 2024-07-16 13:43:14 +00:00

systems: add git.forkos.org 12101e80fa

emilylange force-pushed forgejo from 12101e80fa to ab9caaf520 2024-07-16 13:44:38 +00:00 Compare

emilylange added 1 commit 2024-07-16 15:15:37 +00:00

forgejo: disable registrations, enable auto-registration for SSO 8b9d33d70c

emilylange added 1 commit 2024-07-16 18:10:26 +00:00

forgejo: use redis as cache and session provider 95b58de737

emilylange changed title from WIP: forgejo: init, admins: add emilylange to forgejo: init, admins: add emilylange 2024-07-16 18:17:28 +00:00

lukegb merged commit c296d0d46d into main 2024-07-16 23:11:58 +00:00

lukegb referenced this pull request from a commit 2024-07-16 23:11:59 +00:00

Merge pull request 'forgejo: init, admins: add emilylange' (#62) from forgejo into main

lukegb deleted branch forgejo 2024-07-16 23:12:05 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: the-distro/infra#62

No description provided.