This removes the old clbot, which kept an SSH connection to gerrit open.
Change-Id: If8faecdd018b45dd087b7332fe3d3a8280947358
Reviewed-on: https://cl.snix.dev/c/snix/+/30525
Tested-by: besadii
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
The config seems a bit underdocumented, but this is what gets it to
listen on 4722 for http.
While we have firewall rules in place, we don't want this to listen on
*:$randomPort, for tcp but just have it disabled.
This doesn't seem to be possible right now, due to a bug in viper, but
we can at least restrict it to listen to localhost only for TCP.
Change-Id: I94d379b8820fd32dc1d75082d3a7fb078f93e4ec
Reviewed-on: https://cl.snix.dev/c/snix/+/30523
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
This deploys irccat, connected to the #snix channel.
We drop the custom irccat third_party, it's 2 years older than the
latest version in nixpkgs.
The irccat.nix module file contains some of the code present in the TVL
version, it however moves the secrets merging to ExecStartPre=,
given https://github.com/systemd/systemd/issues/19604#issuecomment-989279884
has been fixed for almost a year.
Contrary to the setup there, we don't let irccat connect to ZNC, but
hackint directly (so make use of the secrets logic).
We also drop the network-online.target, and make this overall more
tolerant by using Restart=on-failure.
Change-Id: Ieac3b744b7ea58b8dddf1cdc37a8bc057b205b1b
Reviewed-on: https://cl.snix.dev/c/snix/+/30504
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
Tested-by: besadii
In some distant past, stc-ng had some clear troubles while deploying the
machine when we were bootstrapping infra.
This was fixed by rolling back to the old stc. Having retried right now,
stc-ng seems to transition the new system correctly, so let's switch to
it for the time being.
Change-Id: I99f92618841b49357a28212955b62bf5e495e761
Signed-off-by: Raito Bezarius <raito@lix.systems>
Reviewed-on: https://cl.snix.dev/c/snix/+/30503
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
This builds the important website for both snix.systems and its
predecessor, tvix.systems.
Change-Id: I4cce5595098c804bd4df0cc2ae3c05344138e7b1
Reviewed-on: https://cl.snix.dev/c/snix/+/30502
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
Tested-by: besadii
Provide redirects when the old domain is accessed, which Nix seems to
follow.
We keep the same hostname, so historical node exporter graphs are still
visible.
Change-Id: Icecd7f5324ac25bbfd4c003ca9cc65681114f0b5
Reviewed-on: https://cl.snix.dev/c/snix/+/30484
Reviewed-by: edef <edef@edef.eu>
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
This is a read-only Buildkite token, it was generated and installed by
flokli@ and has read_builds, read_build_logs, and read_pipelines
permissions.
Part of #118.
Change-Id: I0bbfbab9ad1152ff8e781b7380f44d3cd7245bab
Reviewed-on: https://cl.snix.dev/c/snix/+/30404
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
grafana-agent has been removed, but the failing eval was missed due
to #80.
Change-Id: I87cfc71c8c98e27e32f4e95e4d85901195cb5b75
Reviewed-on: https://cl.snix.dev/c/snix/+/30347
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
This was missed, due to #80.
Change-Id: I3b10fa615c09fdd9887c63c847cfd70f5a80d277
Reviewed-on: https://cl.snix.dev/c/snix/+/30346
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Nix clients still might have old .narinfo files cached, containing old
NAR URLs. Send a redirect to the new URL.
Fixes: #103
Change-Id: Ie3b77e4fdc4be0f982e023f2a2acd3f9f0257f9b
Reviewed-on: https://cl.snix.dev/c/snix/+/30291
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
Deploys Harmonia on build01, proxied through public01.
We cannot serve from build01 directly because it only supports IPv6.
Closes: https://git.snix.dev/snix/snix/issues/66
Change-Id: Iff3c16366d60c0fbfd1315a18c27fcd636a0261a
Reviewed-on: https://cl.snix.dev/c/snix/+/30274
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Previously, the buildkite users were not able to traverse there.
Removing /nix/var/nix/gcroots/buildkite/canon might not be needed, and
is racy with other anchor step - the first one might still be building
`ci.gcroot` (and didn't create the new symlink), so the second one will
fail trying to remove the non-existing symlink.
Change-Id: I0449447f7193113d807d597750b26c7beb48a3a6
Reviewed-on: https://cl.snix.dev/c/snix/+/30257
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Every buildkite user needs to be able to update these symlinks, and the
directory doesn't exist. It was probably created imperatively on whitby.
Use a tmpfiles rule creating a /nix/var/nix/gcroots/buildkite directory,
and add a `canon` symlink in there.
Change-Id: Ic4d67fbb69f77cebe891b0fff9b824713ebec87c
Reviewed-on: https://cl.snix.dev/c/snix/+/30247
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
There's been a lot of
```
nix-daemon[2039685]: unexpected Nix daemon error: error: writing to file: Broken pipe
```
log messages, and failed builds in CI.
These don't seem to occur with Lix.
Change-Id: Ida277064282905154ea9265f935a221bf8006c8d
Reviewed-on: https://cl.snix.dev/c/snix/+/30225
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This configures Forgejo to use the "Forgejo" Message Stream on our "Snix"
server in Postmark.
Change-Id: I298966a8b43b55b0f1992a8fedf0fffcd6dde472
Reviewed-on: https://cl.snix.dev/c/snix/+/30206
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This configures Gerrit to use the "Gerrit" Message Stream on our "Snix"
server in Postmark.
Change-Id: I4d021919c666aabc94008f9f705163cb9639f1aa
Reviewed-on: https://cl.snix.dev/c/snix/+/30205
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
It looks like setting TMPDIR did not have the desired effect. I still
see a bunch of recent nix-build directories in /tmp.
Let's use the dedicated nix.conf setting, maybe it does do the job.
Change-Id: I17dc1e33bd0f20707adfbf9ad925251ac9aa77a5
Reviewed-on: https://cl.snix.dev/c/snix/+/30171
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
Add other keys used in the snix-cache VM to //ops/users, and drop the
`all` alias.
Change-Id: I030d0d49e8a6d9e3d8f1e1c2fc19f17ecb7ecb93
Reviewed-on: https://cl.snix.dev/c/snix/+/30165
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This solves issues such as
```
cargo:warning=Fatal error: can't create
/build/source/target/debug/build/zstd-sys-fa4cde6de82f89a8/out/88f362f13b0528ed-zstd_decompress_block.o:
No space left on device
```
on the Buildkite CI.
Fixes#82.
Change-Id: Iee9516d8d595b718824c3e7b28c01c3ef9e9d090
Signed-off-by: Raito Bezarius <raito@lix.systems>
Reviewed-on: https://cl.snix.dev/c/snix/+/30143
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
We don't have an email server configured (yet), we can resurrect it once
we do.
Change-Id: I568075154c6169d031462f39b43ce5897a754f19
Reviewed-on: https://cl.snix.dev/c/snix/+/30109
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
There's been a few deadlock problems with Nix 2.3, as discusssed in the
commit message of https://cl.tvl.fyi/c/depot/+/12334.
However, since the fork nothing prevents us from dropping the Nix 2.3
requirement for CI.
Change-Id: Ib00603597dbc11dc1b619fdeee264d7d519eaa02
Reviewed-on: https://cl.snix.dev/c/snix/+/30108
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
As soon as you pass in an already-instantiated nixpkgs version, it will
cause nixpkgs.hostPlatform etc. to be not applied.
This means it's impossible to describe the architecture of a VM closure
you're deploying, and have it deviate from the machine you're evaluating
from, making it quite hard to deploy that x86_64-linux machine from
aarch64-linux (where I'm writing this commit message from).
Drop explicitly passing in nixpkgs.path, and set nixpkgs.hostPlatform
explicitly for all remaining system configurations in the repository
where not already set.
Change-Id: Ie2a596e0826da54674b4f02fcd8fed3569fee0a4
Reviewed-on: https://cl.snix.dev/c/snix/+/30104
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Normal agents can easily go from 16 -> 24 (proportionally to whitby, this makes
more sense).
I've kind of randomly decided to label 6 agents as large ones. We will filter
things like eval, or building tvix tests (until b/431 is resolved).
Change-Id: Ib38d2c56410c2ad9d86a01546c00192f87274bb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13121
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Removes whitby DNS records and other related configuration that is no longer
required now that whitby is gone.
whitby served us well. RIP.
This resolves b/433.
Change-Id: I56fe6f88cde9112fc3bfc79758ac33e88a743422
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13117
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
This turns off almost all of the lights. The server will be decomissioned on
2025-02-05. Until then we can keep running the Buildkite builders there for
extra capacity.
Stuff that was left in the whitby config has been migrated to nevsky.
This relates to b/433.
Change-Id: I84953e9d5e912f75b8884cb9d8edd5a1b7d5c85d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13095
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
... that is then promptly enabled on nevsky.
Change-Id: Ie51037cec810bb7f81099a67ebd2581dcf710bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
These are the postgres-database using services.
Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Runs the Gerrit instance with the same config as previously on whitby. Data has
been migrated manually using `tailscale file` (which worked surprisingly well).
Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Same as whitby, with the difference that there is now a listener on the
tailnet (just in case).
Change-Id: I841b2283112a0fea54f3c35a2dc4d2dd393b2612
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13071
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
All the postgres-dependent services are going to migrate here.
Change-Id: Ie2a25395f6fe6e3c9f7a45f21cf90c635e208cdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13070
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
