Same as whitby, with the difference that there is now a listener on the
tailnet (just in case).
Change-Id: I841b2283112a0fea54f3c35a2dc4d2dd393b2612
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13071
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
All the postgres-dependent services are going to migrate here.
Change-Id: Ie2a25395f6fe6e3c9f7a45f21cf90c635e208cdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13070
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This grants access to all relevant keys to the new machines.
Change-Id: I78a7003181ee9977e548fbfe0d78afb67357b56b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13064
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
🦙 is the blocking step on which everything else is always waiting, so to
avoid a situation where we have idle builders we should prioritise running
llamas within the available slots to spawn other stuff in the build queue.
Change-Id: I76836275edd0b0aedaf702d2626dacc31ced9fe2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13069
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reduces the whitby record TTLs everywhere, and sets up the scaffolding for
adding nevsky/bugry records.
This relates to b/433.
Change-Id: I31b5503fa4fcf5463c989f4cf47a3d403d34c684
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13066
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This is an old unused name.
Change-Id: I63082bb1b0daa38ab63400e956151f1aad53b41a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13065
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Apparently I set this up manually before, and failed to commit it ...
Change-Id: I550a2cd9e1fcc8b508bafc2fd06ddab2a915b597
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13060
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
I've checked the new links manually.
- //web/tvl: changed the target path of links to the tvix docs since
they were moved in r/2378.
- //users/aspen/resume: Tvix is no longer //third_party/nix.
Change-Id: I419bae1a46bdccc7baa7327215aa2368ffc0f01c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13043
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: fogti <fogti+devel@ytrizja.de>
Reviewed-by: tazjin <tazjin@tvl.su>
This is no longer needed; Nixery is now served by bugry.
Change-Id: Idd072505c4da1e6af636224e092b6fb21eff9250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13001
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
We switched to stable temporarily in 2023 (!) because of some breakage that has
long been fixed.
In general, running nixery against stable is probably advisable, but because of
our Lisp package situation updating stable is not possible at the moment.
Change-Id: I122ac63d6307cab76a3069101682fc5f8f985914
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12999
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.
Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
I thought this was enabled and got confused when deploying ... cache should
always be enabled on machines that don't build themselves.
Change-Id: Ie52b27c44db4c26387b05553dbe36f7693628e89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12993
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an experimental setup for a builderball-based public cache.
This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.
The idea is this:
All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).
When a request comes in, the first matching cache address is returned and Nix
will substitute from there.
Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Otherwise pushes to Github from CI will fail.
Change-Id: Ib3eb3165577cb98c5a7d5f2055b09dbf118da6c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12994
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Adman (the hoster) have not provided an ETA for native v6 on bugry yet, so we
establish a public v6 connection through nevsky for now.
In traffic flows going West->East the overhead is minimal (a few ms), though I
guess it might be worse if you're in the middle (Yekaterinburg or something).
The prefix was chosen by the bugry public v4 address encoded in hex, and
appended to the nevsky prefix.
Change-Id: I133622c17bd02eade0a6febc6bdf97f403fed14c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12974
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
I omitted the `acls` section when adding the tag configuration. In "normal"
tailscale, emitting this is equivalent to putting the defaults there (i.e. all
traffic inside the tailnet is allowed), however in headscale it defaults to
blocking everything instead.
This meant that internal tailnet traffic wasn't really working correctly anymore.
Change-Id: Ic37504e9a8a97b9f8eb3ac173c88201aef1c044a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12972
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
This is just a carbon-copy of other machine configurations for now. The plan is
to switch this over to sixos, but I have to get a sane NixOS setup first because
this still requires a lot of experimentation (and stuff to be built *on* this
machine, since it's the fastest one we have).
Change-Id: I2e55e63ed5192eb748855999bb87d43498e706fc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12971
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Another new dedicated server, which we can use for various ... dedicated server
things. Located in Novosibirsk.
The name of the old village that used to be where the city now is, Бугры, was
too good to pass up when spelled in English as a hostname. Obvious choice!
Change-Id: I9de7bc078199e9d87284139556024dc3738d3b24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12967
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is a candidate for the new builder, featuring a beefy new AMD CPU with 32
threads and more than double the per-core performance of whitby, as well as
brand-new DDR5 RAM and NVMe disks.
The machine is hosted with Timeweb, in St. Petersburg.
We'll see how this performs.
Change-Id: I5ccbf42cd5274d3a4703afd6942fb42a915bed7a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12966
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Adds a Nix cache proxy which can be used to send a Nix cache lookup to the first
available cache that has the given NAR. We will use this for dynamically created
builders.
Relates to b/432.
Change-Id: If970d2393e43ba032b5b7d653f2b92f6ac0eab63
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12949
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an ACL for a tailscale tag that can be added by the `tvl` and
`tvl-builders` users.
This tag will be used by dynamic builders to bootstrap and advertise to other
builders that they might be valid substitution targets.
Relates to b/432.
Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
I've decided to use the commit view instead of the log view (which cgit
uses) for now. It really depends on how you use it in commit messages:
To refer to a depot state or to a specific change (independently of what
CL gerrit assigned). I'm happy to change it to use the log view.
Change-Id: I472b511fa1322f91304f6543473b51f9c5f21ca2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12837
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I've discovered that it is possible for irccat to fail enough times to
run into the restart limit before network is online after booting.
Change-Id: Ia54a46d56bdc765a825fee50e7bdc8206718edc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12790
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
The copy&paste from the documentation didn't work ...
Change-Id: Ic894356354d6ac2b66562da5aa89590cd94ae347
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12705
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
It seems we need more memory these days, and llama frequently ran OOM.
Decrease the number of concurrent evaluations.
Change-Id: I2648ebdedf09b80c9a231c4614004f953a646bc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12662
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Harmonia is, ostensibly, faster and better and, most importantly, not a giant
pile of wonky Perl.
I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think
we should be good to go here.
We have a vendored copy of the upstream module for now. We need to fix Nix 2.3
compatibility in upstream for the module, but the service itself works fine.
Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
This was in //ops for legacy reasons, but this is really not necessary.
Change-Id: I758b257838993ef0f7d55809c137118826e2ba85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12483
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Required to bump past the broken time crate.
Change-Id: Ied9e3367f5fc69db0671732a75f2e410f4f234f6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12407
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
