Commit graph

174 commits

Author SHA1 Message Date
Pierre Bourdon 756341ea4c
builders: tune sshd MaxStartups to avoid rate limiting Hydra 2024-07-12 21:57:04 +02:00
Janik Haag bed5ef022f
change the default user shell to zsh 2024-07-12 19:50:34 +02:00
Yureka e6ead602f0 builders get a special treatment for dns64 2024-07-11 02:05:58 +02:00
Yureka 329f267b02 enable nftables on all hosts 2024-07-11 02:05:35 +02:00
Yureka b14f155d55 add ipmitool on vpn-gw and builders 2024-07-10 20:49:17 +02:00
Pierre Bourdon c8208f42ef
flake: attempt to fix the hydraJobs definition 2024-07-10 19:03:18 +02:00
Pierre Bourdon 087d17c681
tf/hydra: add a project/jobset for infra machine configurations 2024-07-10 18:52:43 +02:00
Pierre Bourdon d2336262fb
hydra: set allowed URIs in restricted mode for flake inputs 2024-07-10 18:52:22 +02:00
Pierre Bourdon f35cfbd567
flake: configure some hydra jobs (all machine configurations) 2024-07-10 18:43:54 +02:00
Pierre Bourdon 58325e30dd
common/nix: use bagel-cache by default 2024-07-10 18:17:30 +02:00
Pierre Bourdon 411d514ab9
hydra: user hydra-www needs nix-daemon access too 2024-07-10 17:36:39 +02:00
Pierre Bourdon f74d1ca0f6
hydra: start signing paths 2024-07-10 17:34:57 +02:00
Pierre Bourdon 70e608a8f7
common: provide a pinned nixpkgs on all infra machines 2024-07-10 17:17:18 +02:00
Yureka 4e869a9f43 fix bmc dhcp 2024-07-10 15:54:46 +02:00
Yureka 3cbdbc45f7 more quality of life improvements... 2024-07-10 15:54:30 +02:00
Yureka 7ba42d99d1 reduce hydra builders to 4 2024-07-10 15:08:28 +02:00
Ilya K 254e161c07 Give wob-vpn-gw a proper hostname 2024-07-10 15:34:05 +03:00
Ilya K a9f45daac8 Rename machine folders, clean up flake 2024-07-10 15:24:47 +03:00
Ilya K 787b3af638 Add wob-vpn-gw key, rekey metrics push password for it 2024-07-10 15:13:05 +03:00
Ilya K e608b92e4f Add htop and btop to default machine config 2024-07-10 15:01:09 +03:00
Ilya K e84b362b7a Allow 12 hour of backfill for metrics
This is somewhat experimental and may explode, but we'll see, I guess
2024-07-10 14:59:09 +03:00
Ilya K 9e7e6d42ab Make nginx/loki/mimir go fast 2024-07-10 14:55:28 +03:00
Pierre Bourdon f2c2bc5ab6
hydra: output machine host key as base64 in the generated machines.conf 2024-07-10 02:16:45 +02:00
Pierre Bourdon f214da9228
hydra: add hydra to nix trusted-users 2024-07-10 02:03:33 +02:00
Pierre Bourdon 0e24c18815
tf/hydra: add a test staging-small nixpkgs jobset 2024-07-10 01:57:12 +02:00
Pierre Bourdon 2ac0a599fb
bagel-box: fix missing toString 2024-07-10 01:51:31 +02:00
raito 0ccf0b023e Merge pull request 'hydra: moar power' (#51) from moar-builders into main
Reviewed-on: the-distro/infra#51
Reviewed-by: Luke Granger-Brown <lukegb@noreply.git.lix.systems>
2024-07-09 23:32:38 +00:00
Luke Granger-Brown 82db8f7f1e gerrit01: some more tuning
* flip off proxy_buffering again
* enable REVWALK_USE_PRIORITY_QUEUE
* enable delta compression, because that's not a bottleneck and it's
  nicer on bandwidth
2024-07-10 00:27:36 +01:00
raito 7b7a645cfc hydra: moar power
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:27:35 +02:00
Yureka 39d2352bbc general quality of life improvements 2024-07-09 23:26:12 +00:00
Yureka a7d21e96a0 add global hardening options 2024-07-09 23:26:12 +00:00
raito c51676a560 Merge pull request 'hydra: unplug the EPYC' (#49) from unplug-epyc into main
Reviewed-on: the-distro/infra#49
2024-07-09 23:26:08 +00:00
raito 9988811be5 hydra: unplug the EPYC
thank you for your testing services

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 01:13:10 +02:00
Pierre Bourdon afaf49eb97
secrets: rekey 2024-07-10 01:05:05 +02:00
Pierre Bourdon bc8ef7b5fc
ssh-keys: remove raito's key which is too NSA'd for agenix 2024-07-10 01:04:48 +02:00
Pierre Bourdon 61e8048445
sysadmin: remove pwru, does not build on latest nixpkgs 2024-07-10 01:01:27 +02:00
Pierre Bourdon 2ebb0e82e8
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9693852a2070b398ee123a329e68f0dab5526681' (2024-06-22)
  → 'github:NixOS/nixpkgs/ab82a9612aa45284d4adf69ee81871a389669a9e' (2024-07-07)
2024-07-10 01:01:17 +02:00
raito 664fa033aa Merge pull request 'hydra: wire up new builders' (#47) from hydra-wire-up into main
Reviewed-on: the-distro/infra#47
2024-07-09 23:00:27 +00:00
raito 2308870aa5 builders: add a nice tag to deploy all of them at once
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:59:31 +02:00
raito f9f955214f ssh-keys: add raito to secrets set
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:59:22 +02:00
raito 90e54d7292 terraform: add DNS records for VPN-GW & builders
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:55:42 +02:00
raito 645ad7d062 builders: add builder user
currently hardcoded to hydra's coordinator public key

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:55:25 +02:00
raito a30c1f7d78 hydra: wire up new builders
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-10 00:45:02 +02:00
Yureka eb21cb6916 add baremetal builders 2024-07-10 00:35:01 +02:00
Yureka 62af42fc97 init wob-vpn-gw host 2024-07-09 23:42:20 +02:00
Yureka 7396107bf4 add a shim to provide nixosConfigurations from colmena hive 2024-07-09 10:49:29 +02:00
Yureka c0e1d05b3c admins: add yuka 2024-07-09 10:34:30 +02:00
raito 3828721e4f services/netbox: enable OIDC via Lix SSO
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-09 02:45:58 +02:00
Luke Granger-Brown 8a9ff8c40d services/gerrit: migrate to Gerrit from the-distro/nix-gerrit flake 2024-07-08 23:30:59 +01:00
raito 48579e8818 feat: add gdb to sysadmin tooling
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-08 22:10:06 +00:00