maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21750 commits 1 branch 0 tags 188 MiB
Commit graph

1091 commits

Author SHA1 Message Date
Ryan Lahfa
9aea7dc6df feat(ops/modules/gerrit): push r/* as well 
Change-Id: I367d5136749286c377b35dd05c242a65d75b5100
Signed-off-by: Ryan Lahfa <raito@lix.systems>
 2025-03-17 17:15:08 +00:00
Florian Klink
2f3fbf854d feat(ops/machines/build01): bump nrBuildUsers and max-jobs 
Change-Id: I8aa4e87eb41483164e284cd5649953081af92711
 2025-03-17 17:15:08 +00:00
Florian Klink
c9eae6d8d8 feat(ops/machines/build01): use large slots 
build01 can deal with llama.

Change-Id: I9c01dabfb4dfff0061fd16ea37ef8dc0693ad453
 2025-03-17 17:15:08 +00:00
Ryan Lahfa
a7916624dc feat(ops/users): move ops' keys in ops/ 
Change-Id: Ia51eaea658030a893e36d9d6b0c999ca7e71133e
Signed-off-by: Ryan Lahfa <raito@lix.systems>
 2025-03-17 17:15:08 +00:00
Ryan Lahfa
073142f796 feat(ops/www/gerrit): backward compatibility to TVL shortlinks 
cl.snix.fyi/q/$ID where $ID ≤ 30K will redirect (301) to
cl.tvl.fyi/q/$ID to keep the old links working.

Change-Id: I27b496a1c52a3de3d106292ba7a2931b0f15fa49
Signed-off-by: Ryan Lahfa <raito@lix.systems>
 2025-03-17 17:15:08 +00:00
Florian Klink
dd392ef054 feat(ops/keycloak): add GitLab SSO 
Change-Id: I41ee3cb2988288e6b282d85b111c41064f09eaec
 2025-03-17 17:15:08 +00:00
Florian Klink
97f22e0ea6 fix(ops/modules/forgejo): disable downloading source archives 
We're probably getting crawled by LLM scrapers, and this unnecessarily
fills up disk space.

Change-Id: Ib20d04337aa26a73889c97d12fb109261b8da56d
 2025-03-17 17:15:08 +00:00
Florian Klink
4c65a325a8 public01: deploy snix.dev 
Change-Id: Ia0a439dd1628299569503370c21a0bbf9552830e
 2025-03-17 17:15:08 +00:00
Florian Klink
9ac1b9a798 fix(ops/deploy-machine): drop 
This doesn't look like it's actually being used.

Change-Id: I06e15d01b793748d9ed216b23b95a757bc2d0f0e
 2025-03-17 17:15:08 +00:00
Florian Klink
944acead3e chore(web/snixbolt): move to contrib 
Change-Id: Ic69648c526e6c1a0b769b26642b3c799872eb87c
 2025-03-17 17:15:08 +00:00
Florian Klink
cff6575948 refactor(nix/*): drop yants and consumers, and some more 
Change-Id: I96ab5890518c7bb0d4a676adbad20e4c49699b63
 2025-03-17 17:15:08 +00:00
Florian Klink
a52ea3675c feat(*): initialize new Snix infrastructure 
Co-Authored-By: edef <edef@edef.eu>
Co-Authored-by: Ryan Lahfa <raito@lix.systems>
Change-Id: Ica1cda177a236814de900f50a8a61d288f58f519
 2025-03-17 17:15:07 +00:00
Florian Klink
067eff3427 fix(ops/pipelines): allow git+https:// 
We need this to fetch some third-party sources.

Change-Id: If542f88c5d517d20b530486fafbc7f6c391f072a
 2025-03-17 16:18:26 +00:00
Florian Klink
df4500ea2b chore(*): drop everything that is not required for Tvix 
Co-Authored-By: edef <edef@edef.eu>
Co-Authored-By: Ryan Lahfa <raito@lix.systems>
Change-Id: I9817214c3122e49d694c5e41818622a08d9dfe45
 2025-03-17 16:18:26 +00:00
Florian Klink
fc7f013066 refactor(ops/clbot): use escapeSystemdPath 
This is definitely faster than doing a roundtrip via a build.

Change-Id: I7a02b828462def735fdb241ce729143e90bc5c75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13236
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-03-10 15:09:14 +00:00
sterni
3f94a09648 chore(ops/modules): use smtprelay from nixpkgs 
This upgrades smtprelay from 1.7.0 -> 1.11.2:

- https://github.com/decke/smtprelay/releases/tag/v1.8.0
- https://github.com/decke/smtprelay/releases/tag/v1.9.0
- https://github.com/decke/smtprelay/releases/tag/v1.10.0
- https://github.com/decke/smtprelay/releases/tag/v1.11.1
- https://github.com/decke/smtprelay/releases/tag/v1.11.2

Change-Id: Ia0641f67fcc4672302a51b3ad422e447ea32b203
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13115
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
 2025-03-02 21:16:00 +00:00
sterni
11681612c3 chore: lib.types.string -> lib.types.str 
lib.types.string concatenates conflicting definitions on module merge
which is counter intuitive and hard to debug behavior.

Change-Id: I8ccdca0e8895fb5cc4600c367f8d52a9ab80ff75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13177
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
 2025-03-02 13:55:21 +00:00
Vincent Ambo
dddcc6ef01 fix(ops/livegrep): adapt reindexer command for podman 
Something recently caused us to replace Docker with Podman (I guess a default
changed in nixpkgs? I don't remember making the change explicitly), which broke
the reindexing unit.

Change-Id: I1d3453ed970e536abb540c6ef79765cfda271810
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-24 11:35:36 +00:00
Vincent Ambo
27f8a8367a fix(ops/www): block ClaudeBot/GPTBot/Amazonbot from cgit 
These bots are doing unthrottled requests to cgit 24/7, and it's starting to
annoy me.

Change-Id: I6b7d7a68e9becb8ed4b5c52b376c2a60febc6ec6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13145
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-16 16:10:56 +00:00
Vincent Ambo
eeb6fdd7d4 refactor(ops/pipelines): use large build slots for eval 
Change-Id: I22b3ebb91695a3d43696196c0a189d3b1656df8d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13128
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-15 08:21:38 +00:00
Vincent Ambo
84940c7cee chore(ops/nevsky): increase buildkite agent slot count 
Normal agents can easily go from 16 -> 24 (proportionally to whitby, this makes
more sense).

I've kind of randomly decided to label 6 agents as large ones. We will filter
things like eval, or building tvix tests (until b/431 is resolved).

Change-Id: Ib38d2c56410c2ad9d86a01546c00192f87274bb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13121
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-09 20:59:31 +00:00
Vincent Ambo
2d989ef6cb refactor(ops/tvl-buildkite): add concept of small/large slots 
Adds a new tagging system to Buildkite agents, where agents are tagged with
large/small slots. All agents have small slots, only some agents have large
slots. The small slots are purely informative - nothing targets them, whereas
large slots will be used for filtering agents.

This allows us to target large slots in some builds and minimise the concurrent
execution of extremely large builds, while keeping a large number of small slots
around for all the light targets.

This will need some tuning over time (also because tagging is a manual process).

Change-Id: I15aa657773ed874d84d98e55238fb31c75d4efa7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13120
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-09 20:59:31 +00:00
Vincent Ambo
5f17df8548 chore(3p/sources): bump channels & overlays (2025-02-02) 
Included changes/fixes:

* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
  This also included a state migration in the bucket, which I've already
  performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
  digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/

Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-09 09:00:22 +00:00
Vincent Ambo
09c0d75bf9 chore(ops/secrets): replace buildkite agent token 
This replaces the previous Buildkite agent token with one that is tied to the
default agent "cluster".

We haven't used clusters so far, they're a relatively new Buildkite
feature (https://buildkite.com/docs/pipelines/clusters), but I have a suspicion
that weird scheduling behaviour recently has been related to our non-usage of
these clusters.

Change-Id: I30e9c0cf49fe1fc4e263a4dc7d3855c166349939
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13118
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-08 22:39:42 +00:00
Vincent Ambo
c88fae5277 chore: remove whitby configuration 
Removes whitby DNS records and other related configuration that is no longer
required now that whitby is gone.

whitby served us well. RIP.

This resolves b/433.

Change-Id: I56fe6f88cde9112fc3bfc79758ac33e88a743422
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13117
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-07 22:18:00 +00:00
Vincent Ambo
84bdb1e89a feat(ops/restic): configure backups to Yandex Cloud 
Backups are moving from GleSYS to Yandex Cloud (is this motivated by me not
having to pay for them in that case? Maybe!); this changes the default backup
location to accommodate that.

I also noticed that we previously manually placed the backup key on whitby, so
the new key is going into agenix instead, as well as the secrets for protecting
the repositories.

Change-Id: Ibe5dbfec6784345f020a8b4d92bb01c6ad719a89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 15:01:24 +00:00
Vincent Ambo
7851917ebf chore(ops/whitby): retire most services on whitby 
This turns off almost all of the lights. The server will be decomissioned on
2025-02-05. Until then we can keep running the Buildkite builders there for
extra capacity.

Stuff that was left in the whitby config has been migrated to nevsky.

This relates to b/433.

Change-Id: I84953e9d5e912f75b8884cb9d8edd5a1b7d5c85d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13095
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 15:01:24 +00:00
Vincent Ambo
aa13655a39 chore(ops/glesys): clean up post-migration DNS setup 
Change-Id: I3b2901280eb005a53460b7b15ee39480536f493c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13094
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
afcdcc6338 feat(ops/modules): factor grafana & prometheus setup into a module 
... that is then promptly enabled on nevsky.

Change-Id: Ie51037cec810bb7f81099a67ebd2581dcf710bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
75fe623d97 feat(ops/nevsky): run keycloak/panettone/paroxysm 
These are the postgres-database using services.

Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
3a92f43ee5 feat(ops/nevsky): run TVL OpenLDAP server 
Change-Id: I9afce1500e0888f523fe8b775edaa7a2c3ab53a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13091
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
64ae639cc7 fix(ops/nevsky): ensure CPU is not power-saving unnecessarily 
Change-Id: I5ea6f2fdbf3ccbf993787b1c592539b1fdee151f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13090
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
6f7239b3b8 fix(ops/known-hosts): add bugry & nevsky keys 
Without these, Gerrit replication is unhappy.

Change-Id: Id0edbc6a1cf301f9ed7ef2a88ccb0ef70f469693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13089
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
b867df7ba4 feat(ops/glesys): point git-serving services at nevsky 
Change-Id: Idf944a77fc9f230d938efdff4fc421efe0232ac3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13088
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
f2257abc5d feat(ops/nevsky): run livegrep instance 
Change-Id: Icc17ff919aaf23964b6f35160aaeb437e69ee7bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13087
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
610cfeda25 feat(ops/nevsky): run cgit & josh on nevsky 
Change-Id: If62177d19c0c4e708dce7a20974f53827a133247
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13086
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
f5a301230a feat(ops/glesys): point cl.tvl.{fyi|su} at nevsky 
Gerrit has been migrated over.

Change-Id: I455d58f28663ab2795dcfdfdeb98259ec36ae0e3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13085
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
c6f2f6924b feat(ops/nevsky): run TVL Gerrit instance 
Runs the Gerrit instance with the same config as previously on whitby. Data has
been migrated manually using `tailscale file` (which worked surprisingly well).

Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
4a1a271644 feat(ops/nevsky): run smtprelay instance for gerrit 
Change-Id: I856fafb4c13a876bb6d9cfdb0cdf554d9d0a6b11
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13076
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
2b828fbb8e feat(ops/nevsky): run clbot 
Change-Id: I2e71ca70b5035041d354a2ba4fa088efb5182d2b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13075
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
4783d83686 feat(ops/nevsky): sync remaining whitby secrets to nevsky 
Change-Id: I604426d8e9e91417607eed71f0dbcaf93e88c31d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13074
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
749a01b681 feat(ops/nevsky): run owothia & irccat on nevsky 
Change-Id: I9234a77967634c9b472151ea5ac7ef4e76c2d7e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13073
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
119df03a50 style(ops/nevsky): centralise depot services in a config block 
Change-Id: I46ceb8fdbcb49e98772cb272a7b775761f9d1ed0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13072
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
899142ed2c feat(ops/nevsky): run ZNC bouncer 
Same as whitby, with the difference that there is now a listener on the
tailnet (just in case).

Change-Id: I841b2283112a0fea54f3c35a2dc4d2dd393b2612
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13071
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:18:10 +00:00
Vincent Ambo
cf919a02b2 feat(ops/nevsky): run postgresql server 
All the postgres-dependent services are going to migrate here.

Change-Id: Ie2a25395f6fe6e3c9f7a45f21cf90c635e208cdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13070
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:18:10 +00:00
Vincent Ambo
234a324bb6 feat(ops/glesys): move static site DNS records to bugry 
Change-Id: Iaa54675ef37595a2587fcf206dd566f733cfc631
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13068
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:18:10 +00:00
Vincent Ambo
01016828b8 feat(bugry): run static & mostly static websites on bugry 
Change-Id: Ie4c723f68ce5a07e2c7ab1f10a9d652ad442f44a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13067
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 20:34:24 +00:00
Vincent Ambo
2da13f51d5 chore(ops/secrets): clean up secret config & reencrypt 
This grants access to all relevant keys to the new machines.

Change-Id: I78a7003181ee9977e548fbfe0d78afb67357b56b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13064
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:59:42 +00:00
Vincent Ambo
afe1d579a4 feat(ops/pipelines): configure job priority for 🦙 
🦙 is the blocking step on which everything else is always waiting, so to
avoid a situation where we have idle builders we should prioritise running
llamas within the available slots to spawn other stuff in the build queue.

Change-Id: I76836275edd0b0aedaf702d2626dacc31ced9fe2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13069
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 19:59:42 +00:00
Vincent Ambo
324e050ee6 chore(ops/glesys): prepare DNS setup for whitby decomissioning 
Reduces the whitby record TTLs everywhere, and sets up the scaffolding for
adding nevsky/bugry records.

This relates to b/433.

Change-Id: I31b5503fa4fcf5463c989f4cf47a3d403d34c684
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13066
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:59:42 +00:00