Fork 0
Commit Graph

1070 Commits (211d88a34f95118a223868ddb6d2b23220eb1599)

Author SHA1 Message Date
q3k 211d88a34f dc/hbj11: add hardware info
Change-Id: I34c3906e241117fe56ed903e7cd11f8b804d9e30
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1381
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-08-25 23:50:05 +00:00
informatic a7dbf25588 hswaw/signage: reuse compiled shader, better error handling
Shader will now only be recompiled whenever its code changes. This helps
with hangs on node transitions on underpowered devices.

If shader reload failed an error message will now be rendered over an
existing shader.

File load errors are properly handled.

Change-Id: I97a75b85620614252040b76e4f3aaa0ea1f0a7e3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1337
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-11 08:35:12 +00:00
informatic 8f986c181b hswaw/signage: add development tip
Change-Id: I6dff93498ba2de959f1c7760a21c0972c2277037
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1336
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-11 08:35:12 +00:00
q3k e1aa63c7dd bgpwtf: add rsh tests, fix startup sequencing
Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k 957d91180a bgpwtf: edge01: bump nixpkgs, use networkd
Change-Id: I038f9518e090aecc90f464475f29c5b3c1570eff
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1339
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k d635dc85ce bgpwtf: edge01: fix tests
Change-Id: I66852cc75f3d5a6ce3cc67790c09e248874b0a9b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1338
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 23:51:57 +00:00
q3k 18c1a263cf signage: bring in from external repo
This is b28e6f07aa48f1e2f01eb37bffa180f97a7b03bd from
https://code.hackerspace.pl/q3k/love2d-signage/. We only keep code
commited by inf and q3k, and we're both now licensing this code under
the ISC license, as per COPYING in the root of hscloud.

Change-Id: Ibeee2e6923605e4b1a17a1d295867c056863ef59
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1335
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-07 23:09:07 +00:00
informatic 9c5d866105 h/m/customs/beyondspace: oauth2-based members-only proxy
Change-Id: I4f7102b4c4ddd9d0f085653ad08e071f172f289d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1307
Reviewed-by: vuko <vuko@hackerspace.pl>
2022-07-07 20:24:01 +00:00
q3k c35ea6a220 ops: inject the machine's pkgs into the machine's hscloud tree
This ensures, for example, that the packets are for the correct

Change-Id: If17c307fbad02ee72c6dd21a874c59514415ab2e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1334
Reviewed-by: implr <implr@hackerspace.pl>
2022-07-07 18:10:40 +00:00
q3k dcdbd8425c hswaw/machines: add tv2
Change-Id: I657c316bcc663c79b6886d5843b9de5cbf17f1c3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1333
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-07-07 18:07:18 +00:00
informatic 36ce764818 hswaw/machines: add informatic to larrythebuilder
Change-Id: I756218c857ecbeb9ea398fb259bdc66d72b51194
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1331
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-07 00:35:59 +00:00
q3k 5ac5e4bec3 hswaw/machines: add tv1, larrythebuilder
This adds two brand new AArch64 machines: a generic builder (and
instructions on how to use it) and tv1.waw, an RPi4 acting as digital
signage in the space.

Change-Id: I8d38344ec35f99f4b872cf9526f6e6771fbffc43
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1330
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-07-06 19:49:37 +00:00
q3k 2f6c92c998 customs: add tv1.waw to dns/dhcp
Also drive-by fix build for laserproxy.

Change-Id: I37a5a5fc947e77a4507f5b6a660499ab93c3505d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1329
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-07-06 19:48:57 +00:00
implr 4ea5cdb0eb WORKSPACE: bump protobuf
Change-Id: I7dcf4abc0a4717fd9d6d4ea43cdcfac11fdff359
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1325
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-05 22:51:04 +00:00
implr e69e98da47 third_party/py: update rules_python, use pip-compile for requirements
Change-Id: If8309e8e3a4b58142f7479005a9eb4cbb1043cdb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1324
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-07-05 21:27:31 +00:00
vuko e8a5d8f1fc hswaw/customs: fix laserproxy startup dependencies
fixes https://issues.hackerspace.pl/issues/60

Change-Id: I3601d03898555a0299e6530ca1dee9127a19f1ef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1326
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-06-26 22:10:00 +00:00
informatic 7ad415f7fb hswaw/paperless: initial deployment
Change-Id: Ie6fb0df0bfa047e4fd561c6de8b26ab0fbebbcb8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1305
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-06-19 12:13:21 +00:00
q3k 437b0c335f rook: fix benji
This unforks benji back into upstream. The old fork didn't support a new
authentication method on Ceph, and we don't have multiple clusters
anymore (so we don't need the functionality of the fork).

Change-Id: Ie79313b2321ca2e22ad2874b75a71385af95105f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1321
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-06-19 11:49:12 +00:00
q3k 8e439ed8e3 shell: add vim, openssh (hermeticity)
Change-Id: I846b5e2d3f93159a149d694a40d21f22d4fccddc
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1323
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-06-19 11:48:57 +00:00
q3k 55a486ae49 cluster: refactor nix machinery to fit //ops
This is a chonky refactor that get rids of the previous cluster-centric
defs-* plain nix file setup.

Now, nodes are configured individually in plain nixos modules, and are
provided a view of all other nodes in the 'machines' attribute. Cluster
logic is moved into modules which inspect this array to find other nodes
within the same cluster.

Kubernetes options are not fully clusterified yet (ie., they are still
hardcode to only provide the 'k0' cluster) but that can be fixed later.
The Ceph machinery is a good example of how that can be done.

The new NixOS configs are zero-diff against prod. While this is done
mostly by keeping the logic, we had to keep a few newly discovered
'bugs' around by adding some temporary options which keeps things as they
are. These will be removed in a future CL, then introducing a diff (but
no functional changes, hopefully).

We also remove the nix eval from clustercfg as it was not used anymore
(basically since we refactored certs at some point).

Change-Id: Id79772a96249b0e6344046f96f9c2cb481c4e1f4
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1322
Reviewed-by: informatic <informatic@hackerspace.pl>
2022-06-19 11:48:52 +00:00
informatic 1da87e5209 app/matrix: bump appservice-irc
Change-Id: I70d856125754b3ffab556c7f264616471bfdd47f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1306
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-06-19 08:47:09 +00:00
q3k b0e3693c0e cluster/kube: calico: fix etcd endpoints
Change-Id: Ia93d355ca343fa5a42ec37fbcae9135cb5304f6e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1285
Reviewed-by: implr <implr@hackerspace.pl>
2022-06-11 19:00:52 +00:00
implr 0544d27c04 tools, cluster/tools: bazel5 compat: remove unused import
Change-Id: I8b264a6c36e4d0f1535f38ad1f41495e62061f26
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1308
Reviewed-by: daz <daz@hackerspace.pl>
2022-06-04 19:56:40 +00:00
informatic a13208bf9b ops/sso: bump to latest version, roll out RSA JWT signing
Bump to:

This introduces (and enables) support for RSA id_tokens (that are
required by oauth2_proxy for example) and fixes/improves handling of
non-active members.

Change-Id: Ia7d5e5ca7a2769f11f6190add78114e3b6141c6e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1304
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-05-01 08:17:57 +00:00
informatic 7d0e56cba7 app/matrix: remove stream writer endpoints from generic worker
Change-Id: I93dc263f00becceb1428da99161b883a23a1f027
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1303
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-05-01 08:17:57 +00:00
informatic 5ff2ccf5df app/matrix: force non-id_token flow to fix SSO
Presence of id_token in IDP token response causes synapse to demand
jwks_uri to be present in config/metadata. (login flow failing with
<<Missing "jwks_uri" in metadata>> message)
This behaviour was introduced somewhere between 1.42.0 and 1.56.0.

This is currently not set up correctly on sso.hackerspace.pl (we hand
out hs256 tokens instead of proper rsa ones) so this change will make it
fall back to non-oidc/plain oauth2 flow.

Change-Id: I4ff8aa175b4f0bbdcb3ee993b7cbd4545eac561a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1302
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-05-01 08:17:57 +00:00
mlen 8bd24f4a96 Enable Matrix message thread support.
This change enables experimental message threading support and upgrades
Synapse and Element to their latest stable versions.

Change-Id: I68334982168ffdac98a1602a157be727b04e58d6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1286
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-05-01 08:17:57 +00:00
informatic 529e181497 app/matrix: appservice workers
This change extracts appservice workers (deployed and tested) and prepares for
federation sender workers extraction (still partially broken)

Change-Id: I2d63fe44538ea2a7c5fd492f6ce119bc35a9eb03
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1101
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-05-01 08:17:57 +00:00
informatic 45e4fecf2e shell: improve hermeticity
* Add some missing tools and ssl cert bundles to fix builds when using
nix-shell --pure
* Replaced broken //tools:install with direct bazel build in shell.nix
initialization to prevent cache thrashing
* Added fontconfig file with roboto font for use in wkhtmltopdf

Change-Id: I062380df5f1d83a0fb2df8ca172f362fff9ecf8e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1301
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: pl <pl@hackerspace.pl>
2022-05-01 08:17:57 +00:00
informatic 497870680e app/onlyoffice: bump to v7.0.0.132
Change-Id: I5c75d92126352bd185935125af04f51d4b91acc3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1261
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-04-27 00:18:05 +00:00
q3k d584e76ea3 cluster/clustercfg: fix for nix 2.4
Change-Id: I3f9ebd895495a23ec179ccd237389e8f3e531768
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1284
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-04-04 17:51:44 +00:00
q3k 2ada80423a tools/hscloud/lib.py: fix newlines sneaking in
Change-Id: Iacf956c80486596f02efd901c48f4571f0a76adf
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1283
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-04-04 17:51:44 +00:00
q3k 42c17872fd cluster/certs: bump certs
Change-Id: I549364c050a96f72859886e6b724e07924ee3964
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1282
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-04-04 17:51:44 +00:00
vuko 4306994b4e hswaw/checkinator: convert timestamp to browsers timezone
Change-Id: Ib7439269bf13de530a5f170bf231f89d815b0f3e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1246
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-10 18:33:42 +00:00
vuko 2afcbddf6a hswaw/checkinator: update README
Change-Id: Ib3c92c1b707d9effe566e219cc5d65d850a91ab3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1241
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-07 11:52:33 +00:00
vuko bd124bd066 hswaw/machines/customs: import checkinator via hscloud namespace
Change-Id: I4586c92af4126ec1f1d0d1a1aa2d9dc5c84dec44
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1220
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-07 11:52:17 +00:00
implr 54a34b24a1 cluster/k0: ceph: add tape staging
Change-Id: I7fdba86b15f92157888850d2905440b45fb36f17
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1263
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-05 22:45:29 +00:00
vuko 3cd087d939 check in checkinator into hswaw/checkinator
repository: https://code.hackerspace.pl/checkinator
revision: 713c7e6c1a8fd6147522c1a5e3067898a1d8bf7a

Change-Id: I1bd2975a46ec0d9a89d6594fb4b9d49832001627
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1219
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-02 23:11:05 +00:00
vuko 5319e611b2 hswaw/laserproxy: update deps hash
Change-Id: I1515cf596b9e0f6038ec8c3cc0bcb6f90f77783e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1245
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-03-02 23:08:22 +00:00
patryk d0a0b18e54 cluster: allow namespace admins to access certificate resources
Change-Id: I532dadfe1799da43d12598e388141f8f9a3872de
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1250
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-02-05 15:08:47 +00:00
q3k f642e86724 hswaw/site: bump base image, deploy
Change-Id: Iebe3cbcdb7b10fc125b34d5121e708a538c5d85c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1252
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-02-01 09:46:42 +00:00
q3k 19c8b60a42 hswaw/site: mirror google fonts
More privacy more better.

Change-Id: I2186a3ee47f72e4a8c3e52a45c15727da0a6a9c4
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1251
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-02-01 09:38:54 +00:00
ar f92437451c hswaw/site: spaceapi: make the open state depend on members presence
Change-Id: Ibe5b25a989b06f757a696fc2c325695b6ad9d158
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1248
Reviewed-by: q3k <q3k@hackerspace.pl>
2022-01-25 14:52:07 +00:00
implr 523df5c235 personal/implr: vpn.curs: add anthracite
Change-Id: I5403b89b38e9c1706d8da1ba61085fb5cc0833d3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1247
2021-12-28 21:11:54 +00:00
ironbound e7c8509d48 bump factorio version
Change-Id: I027d45b843b33fe963008b90a5d1c024ecef4e71
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1205
Reviewed-by: ironbound <ironbound@hackerspace.pl>
Reviewed-by: lquawl <lquawl@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-26 10:26:04 +00:00
q3k 5edcf58b8c games/valheim: fix startup, add second server
Change-Id: I7621eb42ee68ff25c0a69b29d4dc1728ce95cd42
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1204
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k f157fbfb08 openrct2: new map
Change-Id: If8130391e17b87aa4396983d3aefa43c477a4f55
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1203
2021-12-13 22:30:46 +00:00
q3k bdd403c587 cluster: k0: move cockroachdb away from bc01n01, fixup joins
Reminded by a power failure on bc01n0{1,2}, we migrate away from at
least one of them into another server.

We also fix up the startup join parameter to not include the node itself
(which is not necessary, but a nice thing to have nonetheless).

Since bc01n01 was the initial node of the cluster, we also disable the
init job for k0 (which we don't care about anyway).

Change-Id: I3406471c0f9542e9d802d39138e400b5a5e74794
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1176
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k 8469691645 bgpwtf: edge01: new customer
Change-Id: I9b871370e310a98848c8266658b17fef17b61011
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1202
Reviewed-by: q3k <q3k@hackerspace.pl>
2021-12-13 22:30:46 +00:00
q3k d602c28df6 bgpwtf: fixup ssh problems
This makes our routers less likely to reject connections when they're
being bruteforced: first, by disabling password auth (which we don't
use, anyway), second by making connection limits a bit less draconian.

Change-Id: I4e1e3b0be85dd5ad07a10610ca28a6f094249d8c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1174
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
2021-12-13 22:30:46 +00:00