maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(ops): move archivist machine to ops and contrib

Browse source 
contrib/ gets the clickhouse patching, the bucket log parsing code and
the awscli setup and shell.

ops/ gets the machine config itself.

Change-Id: If8b8f8cce5ca9c2b4d19e17be9a8b895ac35e84a
Reviewed-on: https://cl.snix.dev/c/snix/+/30163
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This commit is contained in:
Florian Klink 2025-03-19 23:42:36 +00:00 committed by clbot
parent c3de9e21eb
commit ae4d967288
14 changed files with 21 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

0
users/flokli/archivist/OWNERS → contrib/archivist/OWNERS
View file

4
users/flokli/archivist/README.md → contrib/archivist/README.md
View file

@ -2,7 +2,7 @@
This directory contains various scripts and helpers used for nix-archivist tasks.
It's used from some of the archivist EC2 instance, as well as standalone.
It's used from the archivist EC2 instance, as well as standalone.
## AWS Profile setup
There's 2 AWS Accounts, reachable via the nixos.awsapps.com SSO portal.
@ -14,7 +14,7 @@ This is assuming the `archeologist` AWS role in the main NixOS account.
This is a separate AWS Account, only for the archivist project. We can assume
`AWSAdministratorAccess` in there.
## Machine
## archivist-ec2 Machine
The `archivist-ec2` machine currently is deployed in the main NixOS account.
It regularly processes S3 bucket logs and dumps them in parquet format into

1
users/flokli/archivist/default.nix → contrib/archivist/default.nix
View file

@ -35,7 +35,6 @@ depot.nix.readTree.drvTargets {
--prefix PATH : ${pkgs.lib.makeBinPath [ clickhouseLocalFixedAWS ]}
'';
# A shell, by default pointing us to the archivist SSO profile / account by default.
shell = pkgs.mkShell {
name = "archivist-shell";

0
users/flokli/archivist/parse_bucket_logs.rs → contrib/archivist/parse_bucket_logs.rs
View file

2
ops/machines/all-systems.nix
View file

@ -1,6 +1,8 @@
{ depot, ... }:
(with depot.ops.machines; [
# Archivist EC2 machine
archivist-ec2
# Gerrit instance
gerrit01
# Public-facing services

0
users/flokli/nixos/archivist-ec2/OWNERS → ops/machines/archivist-ec2/OWNERS
View file

12
users/flokli/nixos/archivist-ec2/configuration.nix → ops/machines/archivist-ec2/default.nix
View file

@ -1,9 +1,13 @@
{ depot, pkgs, modulesPath, ... }:
{ depot, pkgs, ... }: # readTree options
{ modulesPath, ... }: # passed by module system
let
mod = name: depot.path.origSrc + ("/ops/modules/" + name);
in
{
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
../profiles/archivist.nix
(mod "archivist.nix")
];
nixpkgs.hostPlatform = "x86_64-linux";
@ -14,7 +18,7 @@
};
systemd.services.parse-bucket-logs = {
path = [ depot.users.flokli.archivist.parse-bucket-logs ];
path = [ depot.contrib.archivist.parse-bucket-logs ];
serviceConfig = {
Type = "oneshot";
ExecStart = (pkgs.writers.writePython3 "parse-bucket-logs-continuously"
@ -27,7 +31,7 @@
};
environment.systemPackages = [
depot.users.flokli.archivist.parse-bucket-logs
depot.contrib.archivist.parse-bucket-logs
];
networking.hostName = "archivist-ec2";

0
users/flokli/nixos/archivist-ec2/hardware-configuration.nix → ops/machines/archivist-ec2/hardware-configuration.nix
View file

0
users/flokli/nixos/archivist-ec2/parse-bucket-logs-continuously.py → ops/machines/archivist-ec2/parse-bucket-logs-continuously.py
View file

0
users/flokli/nixos/profiles/archivist.nix → ops/modules/archivist.nix
View file

10
ops/nixos.nix
View file

@ -58,10 +58,18 @@ in rec {
'';
# Systems that should be built in CI
archivistEC2System = nixosFor depot.ops.machines.archivist-ec2;
gerrit01System = nixosFor depot.ops.machines.gerrit01;
public01System = nixosFor depot.ops.machines.public01;
build01System = nixosFor depot.ops.machines.build01;
meta01System = nixosFor depot.ops.machines.meta01;
nixosSnixCache = nixosFor depot.ops.machines.snix-cache;
meta.ci.targets = [ "gerrit01System" "public01System" "build01System" "meta01System" ];
meta.ci.targets = [
"archivistEC2System"
"gerrit01System"
"public01System"
"build01System"
"meta01System"
];
}

1
users/flokli/OWNERS
View file

@ -1 +0,0 @@
set noparent

0
users/flokli/nixos/.skip-subtree
View file

31
users/flokli/nixos/default.nix
View file

@ -1,31 +0,0 @@
{ depot, pkgs, ... }:
let
# assumes `name` is configured appropriately in your .ssh/config
deployScript = name: sys: pkgs.writeShellScriptBin "deploy-${name}" ''
set -eo pipefail
nix-copy-closure --to ${name} --gzip --use-substitutes ${sys}
ssh ${name} nix-env --profile /nix/var/nix/profiles/system --set ${sys}
ssh ${name} ${sys}/bin/switch-to-configuration switch
'';
in
depot.nix.readTree.drvTargets rec {
archivistEc2System = (depot.ops.nixos.nixosFor ({ ... }: {
imports = [
./archivist-ec2/configuration.nix
];
})).config.system.build.toplevel;
deploy-archivist-ec2 = (deployScript "archivist-ec2" archivistEc2System);
deps = (depot.nix.lazy-deps {
deploy-archivist-ec2.attr = "users.flokli.nixos.deploy-archivist-ec2";
aws.attr = "third_party.nixpkgs.awscli";
});
shell = pkgs.mkShell {
name = "flokli-nixos-shell";
packages = [ deps ];
};
}