forgejo: init, admins: add emilylange #62

Merged
lukegb merged 6 commits from forgejo into main 2024-07-16 23:11:58 +00:00
Member

This adds Forgejo with a custom patchset. One that is just enough to get us started and to be polished later.
It tries to make Forgejo fast when used with large repositories.

There are still some rough edges, e.g. you can totally shoot yourself, as an end user, in the foot by comparing nixpkgs:master with nixpkgs:release-24.05.
Not a blocker, I believe. But we should talk to upstream to implement proper pagination in the compare view, I suppose.

The most expensive bits in Forgejo are code paths that shell out to git. Those shell invocations then often pin a CPU core at 100%.
Forgejo itself is fairly light on the RAM.

Forgejo with those patches and a full nixpkgs pull-mirror ran snappy on a NixOS-shell with

virtualisation = {
  cores = 4;
  memorySize = 4 * 1024;
  diskSize = 20 * 1024;
};

and me clicking around, trying to find expensive code paths and some occasional stress testing.

As such, I think the following specs should suffice for now:

  • Storage: 50GB SSD
  • RAM: 8 GB
  • CPU: 8 cores (though more would do better for those slow code paths)

I would like to use the builtin go ssh server instead of the hosts' OpenSSH one.
But we can't let both bind on the same IP+port.

So how about two IPv6. One for Forgejo's :22 and the other for OpenSSH?

Alternative, we can just use the Forgejo with the OpenSSH one, or move OpenSSH to :2222.
The latter is nicely supported in colmena by setting deployment.targetPort.

@raito can you provision the VM please when you find time? :)

Things left to do:

  • SSO, disable registrations: I know how to do that in Forgejo. I don't know who to contact for the SSO.
  • Transactional mail: We can probably ignore that for know.
  • Setup Redis and configure it as proper Cache, surviving forgejo.service restarts: Not blocking, nice to have.
This adds Forgejo with a custom patchset. One that is just enough to get us started and to be polished later. It tries to make Forgejo fast when used with large repositories. There are still some rough edges, e.g. you can totally shoot yourself, as an end user, in the foot by comparing `nixpkgs:master` with `nixpkgs:release-24.05`. Not a blocker, I believe. But we should talk to upstream to implement proper pagination in the compare view, I suppose. The most expensive bits in Forgejo are code paths that shell out to `git`. Those shell invocations then often pin a CPU core at 100%. Forgejo itself is fairly light on the RAM. Forgejo with those patches and a full nixpkgs pull-mirror ran snappy on a NixOS-shell with ```nix virtualisation = { cores = 4; memorySize = 4 * 1024; diskSize = 20 * 1024; }; ``` and me clicking around, trying to find expensive code paths and some occasional stress testing. As such, I think the following specs should suffice for now: - Storage: 50GB SSD - RAM: 8 GB - CPU: 8 cores (though more would do better for those slow code paths) I would like to use the builtin go ssh server instead of the hosts' OpenSSH one. But we can't let both bind on the same IP+port. So how about two IPv6. One for Forgejo's `:22` and the other for OpenSSH? Alternative, we can just use the Forgejo with the OpenSSH one, or move OpenSSH to `:2222`. The latter is nicely supported in colmena by setting `deployment.targetPort`. @raito can you provision the VM please when you find time? :) Things left to do: - [ ] SSO, disable registrations: I know how to do that in Forgejo. I don't know who to contact for the SSO. - [ ] Transactional mail: We can probably ignore that for know. - [ ] Setup Redis and configure it as proper Cache, surviving `forgejo.service` restarts: Not blocking, nice to have.
emilylange added 3 commits 2024-07-12 20:38:57 +00:00
Member

What's left to make this ready for review?

What's left to make this ready for review?
Author
Member

What's left to make this ready for review?

@raito needs to provision the VM and I need to configure SSO when it's running on that VM.

Feel free to review as is, @lukegb :)

> What's left to make this ready for review? @raito needs to provision the VM and I need to configure SSO when it's running on that VM. Feel free to review as is, @lukegb :)
Owner

Your SSH keys are available on root@2001:bc8:38ee:100:be24:11ff:fe0b:8a81, please take 2001:bc8:38ee:100:1000::40/64 for the VM.

MAC address for WAN: bc:24:11:0b:8a:81
MAC address for NAT-LAN: bc:24:11:83:71:56 (DHCP)

Please use the raito-vm template for the configuration and follow how fodwatch was introduced (add an host entry, etc, etc.)

FYI, you will need to colmena boot then reboot, I don't recommend applying a interface rename at runtime, it will just break down.
If you need manual KVM assistance, @jade is authorized to access it and can assist.

If you need a larger HDD or a smol cache SSD, let me know, you are provisioned with a 40G encrypted (null key) disk.

Your SSH keys are available on `root@2001:bc8:38ee:100:be24:11ff:fe0b:8a81`, please take `2001:bc8:38ee:100:1000::40/64` for the VM. MAC address for WAN: `bc:24:11:0b:8a:81` MAC address for NAT-LAN: `bc:24:11:83:71:56` (DHCP) Please use the raito-vm template for the configuration and follow how fodwatch was introduced (add an host entry, etc, etc.) FYI, you will need to colmena boot then reboot, I don't recommend applying a interface rename at runtime, it will just break down. If you need manual KVM assistance, @jade is authorized to access it and can assist. If you need a larger HDD or a smol cache SSD, let me know, you are provisioned with a 40G encrypted (null key) disk.
emilylange force-pushed forgejo from fa4fa0b64c to f60e01b019 2024-07-16 13:40:22 +00:00 Compare
emilylange added 1 commit 2024-07-16 13:43:14 +00:00
emilylange force-pushed forgejo from 12101e80fa to ab9caaf520 2024-07-16 13:44:38 +00:00 Compare
emilylange added 1 commit 2024-07-16 15:15:37 +00:00
emilylange added 1 commit 2024-07-16 18:10:26 +00:00
emilylange changed title from WIP: forgejo: init, admins: add emilylange to forgejo: init, admins: add emilylange 2024-07-16 18:17:28 +00:00
lukegb merged commit c296d0d46d into main 2024-07-16 23:11:58 +00:00
lukegb deleted branch forgejo 2024-07-16 23:12:05 +00:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: the-distro/infra#62
No description provided.