Commit graph

1101 commits

Author SHA1 Message Date
Ilan Joselevich
580f03f6fd chore(ops/modules): Cleanup leftovers from TVL
Change-Id: I979cb18f3b8d461d21424e8dae6b0b2d7407809d
Reviewed-on: https://cl.snix.dev/c/snix/+/30106
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 17:12:35 +00:00
Florian Klink
7b36b8e285 chore(ops/keycloak): move oauth application to snix-project org
This was a personal application before, now it's at the `snix-project`
org.

Change-Id: I6df9393f23593f58739f331e73103022301b4f11
Reviewed-on: https://cl.snix.dev/c/snix/+/30101
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 15:28:54 +00:00
Ilan Joselevich
aefa1eaa28 chore(ops/secrets): remove old secrets from TVL
Change-Id: Id7ffd405bbc7cf1d5b09a9a90941e0f3e7ebd574
Reviewed-on: https://cl.snix.dev/c/snix/+/30100
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 14:51:11 +00:00
Florian Klink
bc62fc0354 chore(ops/builderball): drop
This is unused.

Change-Id: Ida0764680ff128d80580418a8b1a8bc6576c0f07
Reviewed-on: https://cl.snix.dev/c/snix/+/30081
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 00:24:20 +00:00
Florian Klink
afc5c152b8 fix(ops/modules/www): fix rustdoc redirect
Change-Id: Icd78c2209c20aee0931622bfb914e9dc5978d23d
2025-03-17 21:50:54 +00:00
Florian Klink
68896423b9 fix(ops/pipelines): drop snix trigger
This was previously only used to fix the Tvix subtree pipeline, not the
depot pipeline.

Running it for refs/heads/canon in snix is gonna trigger a lot of
unnecessary builds.

Change-Id: I1b5fdfcc0fe5408cda27053beb317cfeecdc6ca4
2025-03-17 21:31:38 +00:00
Florian Klink
a740b08027 fix(ops/pipelines): fix trigger step
The slug of the pipeline to trigger is snix.

Change-Id: I31941451ffc7680ea316c9adf5c933a562f819bc
2025-03-17 21:07:29 +00:00
Florian Klink
3ca022e5c1 fix(ops/pipelines/depot): fix targeting for anchor step
There is no nevsky here.

Change-Id: Id92356e1a401b24b958694cee1268358a58975cd
2025-03-17 21:07:29 +00:00
Ryan Lahfa
a2d77189df fix(ops/secrets/gerrit-autosubmit): rekey
Change-Id: I8591fddbb7583ae51d67269ae6b055ddb619ddb6
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:16:18 +00:00
Ryan Lahfa
b6516a9605 fix(ops/modules/buildkite): merge tags appropriately
Everything was large=true and then nothing was small=true and did not
have a hostname.

This is fixed.

Change-Id: Id90e6246f9ab44ce020d999e975dd8b4cd4492c9
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:16:18 +00:00
Ryan Lahfa
9aea7dc6df feat(ops/modules/gerrit): push r/* as well
Change-Id: I367d5136749286c377b35dd05c242a65d75b5100
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Florian Klink
2f3fbf854d feat(ops/machines/build01): bump nrBuildUsers and max-jobs
Change-Id: I8aa4e87eb41483164e284cd5649953081af92711
2025-03-17 17:15:08 +00:00
Florian Klink
c9eae6d8d8 feat(ops/machines/build01): use large slots
build01 can deal with llama.

Change-Id: I9c01dabfb4dfff0061fd16ea37ef8dc0693ad453
2025-03-17 17:15:08 +00:00
Ryan Lahfa
a7916624dc feat(ops/users): move ops' keys in ops/
Change-Id: Ia51eaea658030a893e36d9d6b0c999ca7e71133e
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Ryan Lahfa
073142f796 feat(ops/www/gerrit): backward compatibility to TVL shortlinks
cl.snix.fyi/q/$ID where $ID ≤ 30K will redirect (301) to
cl.tvl.fyi/q/$ID to keep the old links working.

Change-Id: I27b496a1c52a3de3d106292ba7a2931b0f15fa49
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Florian Klink
dd392ef054 feat(ops/keycloak): add GitLab SSO
Change-Id: I41ee3cb2988288e6b282d85b111c41064f09eaec
2025-03-17 17:15:08 +00:00
Florian Klink
97f22e0ea6 fix(ops/modules/forgejo): disable downloading source archives
We're probably getting crawled by LLM scrapers, and this unnecessarily
fills up disk space.

Change-Id: Ib20d04337aa26a73889c97d12fb109261b8da56d
2025-03-17 17:15:08 +00:00
Florian Klink
4c65a325a8 public01: deploy snix.dev
Change-Id: Ia0a439dd1628299569503370c21a0bbf9552830e
2025-03-17 17:15:08 +00:00
Florian Klink
9ac1b9a798 fix(ops/deploy-machine): drop
This doesn't look like it's actually being used.

Change-Id: I06e15d01b793748d9ed216b23b95a757bc2d0f0e
2025-03-17 17:15:08 +00:00
Florian Klink
944acead3e chore(web/snixbolt): move to contrib
Change-Id: Ic69648c526e6c1a0b769b26642b3c799872eb87c
2025-03-17 17:15:08 +00:00
Florian Klink
cff6575948 refactor(nix/*): drop yants and consumers, and some more
Change-Id: I96ab5890518c7bb0d4a676adbad20e4c49699b63
2025-03-17 17:15:08 +00:00
Florian Klink
a52ea3675c feat(*): initialize new Snix infrastructure
Co-Authored-By: edef <edef@edef.eu>
Co-Authored-by: Ryan Lahfa <raito@lix.systems>
Change-Id: Ica1cda177a236814de900f50a8a61d288f58f519
2025-03-17 17:15:07 +00:00
Florian Klink
067eff3427 fix(ops/pipelines): allow git+https://
We need this to fetch some third-party sources.

Change-Id: If542f88c5d517d20b530486fafbc7f6c391f072a
2025-03-17 16:18:26 +00:00
Florian Klink
df4500ea2b chore(*): drop everything that is not required for Tvix
Co-Authored-By: edef <edef@edef.eu>
Co-Authored-By: Ryan Lahfa <raito@lix.systems>
Change-Id: I9817214c3122e49d694c5e41818622a08d9dfe45
2025-03-17 16:18:26 +00:00
Florian Klink
fc7f013066 refactor(ops/clbot): use escapeSystemdPath
This is definitely faster than doing a roundtrip via a build.

Change-Id: I7a02b828462def735fdb241ce729143e90bc5c75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13236
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-03-10 15:09:14 +00:00
sterni
3f94a09648 chore(ops/modules): use smtprelay from nixpkgs
This upgrades smtprelay from 1.7.0 -> 1.11.2:

- https://github.com/decke/smtprelay/releases/tag/v1.8.0
- https://github.com/decke/smtprelay/releases/tag/v1.9.0
- https://github.com/decke/smtprelay/releases/tag/v1.10.0
- https://github.com/decke/smtprelay/releases/tag/v1.11.1
- https://github.com/decke/smtprelay/releases/tag/v1.11.2

Change-Id: Ia0641f67fcc4672302a51b3ad422e447ea32b203
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13115
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2025-03-02 21:16:00 +00:00
sterni
11681612c3 chore: lib.types.string -> lib.types.str
lib.types.string concatenates conflicting definitions on module merge
which is counter intuitive and hard to debug behavior.

Change-Id: I8ccdca0e8895fb5cc4600c367f8d52a9ab80ff75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13177
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
2025-03-02 13:55:21 +00:00
Vincent Ambo
dddcc6ef01 fix(ops/livegrep): adapt reindexer command for podman
Something recently caused us to replace Docker with Podman (I guess a default
changed in nixpkgs? I don't remember making the change explicitly), which broke
the reindexing unit.

Change-Id: I1d3453ed970e536abb540c6ef79765cfda271810
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2025-02-24 11:35:36 +00:00
Vincent Ambo
27f8a8367a fix(ops/www): block ClaudeBot/GPTBot/Amazonbot from cgit
These bots are doing unthrottled requests to cgit 24/7, and it's starting to
annoy me.

Change-Id: I6b7d7a68e9becb8ed4b5c52b376c2a60febc6ec6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13145
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-16 16:10:56 +00:00
Vincent Ambo
eeb6fdd7d4 refactor(ops/pipelines): use large build slots for eval
Change-Id: I22b3ebb91695a3d43696196c0a189d3b1656df8d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13128
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2025-02-15 08:21:38 +00:00
Vincent Ambo
84940c7cee chore(ops/nevsky): increase buildkite agent slot count
Normal agents can easily go from 16 -> 24 (proportionally to whitby, this makes
more sense).

I've kind of randomly decided to label 6 agents as large ones. We will filter
things like eval, or building tvix tests (until b/431 is resolved).

Change-Id: Ib38d2c56410c2ad9d86a01546c00192f87274bb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13121
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-09 20:59:31 +00:00
Vincent Ambo
2d989ef6cb refactor(ops/tvl-buildkite): add concept of small/large slots
Adds a new tagging system to Buildkite agents, where agents are tagged with
large/small slots. All agents have small slots, only some agents have large
slots. The small slots are purely informative - nothing targets them, whereas
large slots will be used for filtering agents.

This allows us to target large slots in some builds and minimise the concurrent
execution of extremely large builds, while keeping a large number of small slots
around for all the light targets.

This will need some tuning over time (also because tagging is a manual process).

Change-Id: I15aa657773ed874d84d98e55238fb31c75d4efa7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13120
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-09 20:59:31 +00:00
Vincent Ambo
5f17df8548 chore(3p/sources): bump channels & overlays (2025-02-02)
Included changes/fixes:

* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
  This also included a state migration in the bucket, which I've already
  performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
  digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/

Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2025-02-09 09:00:22 +00:00
Vincent Ambo
09c0d75bf9 chore(ops/secrets): replace buildkite agent token
This replaces the previous Buildkite agent token with one that is tied to the
default agent "cluster".

We haven't used clusters so far, they're a relatively new Buildkite
feature (https://buildkite.com/docs/pipelines/clusters), but I have a suspicion
that weird scheduling behaviour recently has been related to our non-usage of
these clusters.

Change-Id: I30e9c0cf49fe1fc4e263a4dc7d3855c166349939
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13118
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-08 22:39:42 +00:00
Vincent Ambo
c88fae5277 chore: remove whitby configuration
Removes whitby DNS records and other related configuration that is no longer
required now that whitby is gone.

whitby served us well. RIP.

This resolves b/433.

Change-Id: I56fe6f88cde9112fc3bfc79758ac33e88a743422
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13117
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2025-02-07 22:18:00 +00:00
Vincent Ambo
84bdb1e89a feat(ops/restic): configure backups to Yandex Cloud
Backups are moving from GleSYS to Yandex Cloud (is this motivated by me not
having to pay for them in that case? Maybe!); this changes the default backup
location to accommodate that.

I also noticed that we previously manually placed the backup key on whitby, so
the new key is going into agenix instead, as well as the secrets for protecting
the repositories.

Change-Id: Ibe5dbfec6784345f020a8b4d92bb01c6ad719a89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 15:01:24 +00:00
Vincent Ambo
7851917ebf chore(ops/whitby): retire most services on whitby
This turns off almost all of the lights. The server will be decomissioned on
2025-02-05. Until then we can keep running the Buildkite builders there for
extra capacity.

Stuff that was left in the whitby config has been migrated to nevsky.

This relates to b/433.

Change-Id: I84953e9d5e912f75b8884cb9d8edd5a1b7d5c85d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13095
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 15:01:24 +00:00
Vincent Ambo
aa13655a39 chore(ops/glesys): clean up post-migration DNS setup
Change-Id: I3b2901280eb005a53460b7b15ee39480536f493c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13094
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00
Vincent Ambo
afcdcc6338 feat(ops/modules): factor grafana & prometheus setup into a module
... that is then promptly enabled on nevsky.

Change-Id: Ie51037cec810bb7f81099a67ebd2581dcf710bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
75fe623d97 feat(ops/nevsky): run keycloak/panettone/paroxysm
These are the postgres-database using services.

Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
3a92f43ee5 feat(ops/nevsky): run TVL OpenLDAP server
Change-Id: I9afce1500e0888f523fe8b775edaa7a2c3ab53a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13091
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
64ae639cc7 fix(ops/nevsky): ensure CPU is not power-saving unnecessarily
Change-Id: I5ea6f2fdbf3ccbf993787b1c592539b1fdee151f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13090
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00
Vincent Ambo
6f7239b3b8 fix(ops/known-hosts): add bugry & nevsky keys
Without these, Gerrit replication is unhappy.

Change-Id: Id0edbc6a1cf301f9ed7ef2a88ccb0ef70f469693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13089
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
b867df7ba4 feat(ops/glesys): point git-serving services at nevsky
Change-Id: Idf944a77fc9f230d938efdff4fc421efe0232ac3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13088
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00
Vincent Ambo
f2257abc5d feat(ops/nevsky): run livegrep instance
Change-Id: Icc17ff919aaf23964b6f35160aaeb437e69ee7bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13087
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
610cfeda25 feat(ops/nevsky): run cgit & josh on nevsky
Change-Id: If62177d19c0c4e708dce7a20974f53827a133247
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13086
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00
Vincent Ambo
f5a301230a feat(ops/glesys): point cl.tvl.{fyi|su} at nevsky
Gerrit has been migrated over.

Change-Id: I455d58f28663ab2795dcfdfdeb98259ec36ae0e3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13085
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
c6f2f6924b feat(ops/nevsky): run TVL Gerrit instance
Runs the Gerrit instance with the same config as previously on whitby. Data has
been migrated manually using `tailscale file` (which worked surprisingly well).

Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 14:58:16 +00:00
Vincent Ambo
4a1a271644 feat(ops/nevsky): run smtprelay instance for gerrit
Change-Id: I856fafb4c13a876bb6d9cfdb0cdf554d9d0a6b11
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13076
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00
Vincent Ambo
2b828fbb8e feat(ops/nevsky): run clbot
Change-Id: I2e71ca70b5035041d354a2ba4fa088efb5182d2b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13075
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-02 14:58:16 +00:00