cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
493 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

493 Commits (9736a6adc3054df4dcf500a949ea8641e300aa73)

Author SHA1 Message Date
q3k c5a77b8f81 env/tools: fix NixOS detection, maybe 
Change-Id: Ifa4c1c53ed918f67e68e190709edc417d0d3b4d6
 2020-02-17 23:04:35 +01:00
q3k 3c14185ce4 Merge "cluster: set ceph-waw3 mon replicas to 1" 2020-02-15 11:49:06 +00:00
q3k 0d83300b18 cluster: set ceph-waw3 mon replicas to 1 
This reflects current production. This needs to get bumped up to 3 at some point as otherwise we lose HA for this cluster.

Change-Id: Ie5937e6a216b635ecbc4c82ecd182a410167c3f8
 2020-02-15 11:48:39 +00:00
q3k 8703e9d29f Merge "hswaw/kube/frab: use more unique labels for postgres service" 2020-02-15 11:41:41 +00:00
q3k 90b19a7fd1 Merge "kube/redis: run as unprivileged user" 2020-02-15 11:41:31 +00:00
q3k 50af9b991c Merge "kube/postgres: run bouncer" 2020-02-15 11:41:21 +00:00
q3k f635260a0a Merge "kube/mirko: allow specifying securityContext" 2020-02-15 11:41:03 +00:00
q3k e95c0e2dfd hswaw/kube/frab: use more unique labels for postgres service 
Change-Id: Ic118f8663acbd6f9559ad61c7e026b95c7628809
 2020-02-15 12:40:25 +01:00
q3k f8b4cd7b06 kube/redis: run as unprivileged user 
Change-Id: If117384748cb6d06097742329095ae8936ed001c
 2020-02-15 12:39:35 +01:00
q3k c622a19d36 kube/postgres: run bouncer 
Change-Id: Id85cf1f32f8d41bf909dae380c4a5b3351cac29b
 2020-02-15 12:39:14 +01:00
q3k aa8c2b0cca kube/mirko: allow specifying securityContext 
Change-Id: Iebafd6b1480ed1e1c1f3cf83361376987720766e
 2020-02-15 12:38:39 +01:00
q3k 0532cc4bee Merge "env.fish: add" 2020-02-15 00:26:05 +00:00
daz 90efd491e5 env.fish: add 
Change-Id: I53584e8e99a668c602b8361417782a84f3834042
 2020-02-15 01:22:58 +01:00
q3k 80c9b015d0 Merge "go: bump rules_go, autodetect nix for go toolchains" 2020-02-15 00:12:02 +00:00
q3k e03c217cc1 go: bump rules_go, autodetect nix for go toolchains 
Change-Id: If10a7843e5e54ade82fbeec85f4e6727e4d2a117
 2020-02-15 01:04:38 +01:00
q3k 58d08595f1 {cluster,}/README: update 
Change-Id: Ie211fd34316c407f29506b67187632fd22a4f75b
 2020-02-15 01:00:42 +01:00
q3k d7364520e9 cluster: bump kubelets to 1.14.3 
Change-Id: I02ed978a49629cdfc3f3587ad640e8cc5a5fad23
 2020-02-02 23:43:28 +01:00
q3k e2095b2ce9 cluster: remove unused module-cluster.nix 
Change-Id: I819d803fc7454cfd63a11a109ec73c9578f598b8
 2020-02-02 23:43:00 +01:00
q3k c78cc13528 cluster/nix: locally build nixos derivations 
We change the existing behaviour (copy files & run nixos-rebuild switch)
to something closer to nixops-style. This now means that provisioning
admin machines need Nix installed locally, but that's probably an okay
choice to make.

The upside of this approach is that it's easier to debug and test
derivations, as all data is local to the repo and the workstation, and
deploying just means copying a configuration closure and switching the
system to it. At some point we should even be able to run the entire
cluster within a set of test VMs.

We also bump the kubernetes control plane to 1.14. Kubelets are still at
1.13 and their upgrade is comint up today too.

Change-Id: Ia9832c47f258ee223d93893d27946d1161cc4bbd
 2020-02-02 22:31:53 +01:00
q3k f15da82393 lelegram: disable 
Change-Id: I3e1deef6aa5984971d35905c9feabe196a6da201
 2020-02-02 17:16:17 +01:00
q3k 649469611a hswaw/frab: deploy 
Change-Id: I4e433fe8dac86c8c3309bb84e6f2ad9c4a281fdf
 2020-02-02 17:15:55 +01:00
q3k e048331e25 teleimg: fix RE for IRC names 
Change-Id: Ief1bda751553361bcbbd18031205ae70804f1dd4
 2020-02-02 16:58:57 +01:00
q3k 83e2690070 lelegram: stuckness fixes, timeout 
Change-Id: I3c1ad4e589ea66db846a56aab8a2c1698bdee539
 2020-01-23 14:18:25 +01:00
q3k 400ac7a88d go/{mirko,statusz}: enable profiling 
Change-Id: I5f1a51f349196f2a187e484f44fdbff5d0acde3f
 2020-01-23 14:17:30 +01:00
q3k a2ee865a0c postgres: run unprivilged 
Change-Id: I8d7e92093c0df91b6cd601a4d8e2484fca97ee88
 2020-01-22 21:48:48 +01:00
q3k 083b176f74 factorio: bump, allow mods 
Change-Id: I5604bda27a54205f4e11578cf0efa7ac66115ac9
 2020-01-22 21:48:22 +01:00
q3k 9377313ae0 lelegram: irc conn deadlock fix 
Change-Id: I04b479c6ecb7e34cfcc5b8e43c6315893252e4e5
 2020-01-22 21:47:25 +01:00
q3k 572d766096 bgpwtf/invoice: bump for 2020 
This doesn't automatically bump generated numbers - however, new users
will at least have sensible IDs now :).

To bump an existing deployment, you will have to do some mild surgery:

 - edit the touched query to once generate a new, appropriate serial
   (eg. 20001)
 - run and seal one invoice
 - restore original code (now with the new 20000 default)

In the future we should have an RPC override for the new sealed final
UID with some basic sanity checks.

Change-Id: Idd8187618869f6ea76f1b187acfbdd2f1c94005b
 2020-01-14 14:03:38 +01:00
q3k 9937146d25 personal/q3k: bump factorio 
Change-Id: Id472ad9fffd09917b040ce8572b760862b4fcd2f
 2020-01-14 13:47:26 +01:00
q3k 92b48d6216 {matrix,lelegram}: pin to bc01n0{1,2}.hswaw.net 
Only these nodes (and bc01n03( are #blesed by freenode.

In the future we should fix this by having custom node labels for
blessed nodes. But this will do for now.

Change-Id: Ia5d7cfcb9329da0de8d596ed40b20b0e0f286f43
 2020-01-08 13:59:04 +01:00
q3k effafe9032 teleimg: allow underscores and hyphens in file id 
Change-Id: I6f6cdd3a13cdbed41f57c40ac1b2e46c4707be32
 2020-01-05 22:31:39 +01:00
q3k a07688fe74 lelegram: mutually exclude multimedia 
Change-Id: I6c300e8627c825f5b2f1281efc8f4c33574289f7
 2020-01-05 21:21:07 +01:00
q3k a885488fd0 lelegram: init 
This is an IRC/Telegram bridge.

It does multi-account puppet-like access to IRC making everyone's life
easier.

Compared to teleirc it also:
 - is smarter about converting messages
 - uses teleimg for public image access
 - is not written in JS

Experimental for now.

Change-Id: I66ba3f83abdfdea6463ab3be5380d8d3f2769291
 2020-01-05 21:01:07 +01:00
q3k c315aaccc7 teleimg: init 
This is a shitty small proxy to unfuck telegram's bot image URLs, ie. do
not add content-disposition and send a proper MIME in content-type.

It also does some local caching and hides the Telegram API token.

Change-Id: I0afb29ca3f1807a13fa157fdcf486ee4c857f08d
 2020-01-05 20:59:17 +01:00
q3k aa76e55eea cert-manager: fix DNS for http01 k0 splitdns 
Change-Id: I73847daec9796cb891cf2fe58c2633c5fa768861
 2019-12-29 02:49:30 +01:00
q3k 0c337acf89 benji: fix in waw2, run in waw3 
This needed an upstream change to allow only some pools to be backed up,
otherwise benji would crash when stubmling upon the first PVC from a
pool that wasn't backed by the ceph cluster it was acting upon.

Change-Id: I52bf163c16352cb59fdd3dbdd576145ce1dbac03
 2019-12-21 23:45:07 +01:00
Serge Bazanski cd0e01bb7a third_party/py: add wtforms 
Change-Id: Iabb4fa35ee9369aa0c6592d18fbe69855edf0c7f
 2019-12-19 18:29:45 +01:00
Serge Bazanski d828c685ce third_party/py: add cockroachdb 
Change-Id: I0c2f1e820b67bdebc98dd58429048c8a89d37416
 2019-12-19 14:44:56 +01:00
q3k edeb3ccf78 hswaw/lib: add flask_spaceauth 
Change-Id: I3bb47bb65e739eaf27f54c07f03df18e79b398e0
 2019-12-18 14:20:10 +01:00
q3k 43189235bd third_party/py: add flask-spaceauth deps 
Change-Id: I3e153f8992b2a987ce2b0e1db8f869f6cca40f4b
 2019-12-18 14:11:00 +01:00
q3k ba8e79e8f4 kube-apiserver: fix cert mismatch, again 
This time from a bare hscloud checkout to make sure _nothing_ is fucked
up.

This causes no change remotely, just makes te repo reflect reality.

Change-Id: Ie8db01300771268e0371c3cdaf1930c8d7cbfb1a
 2019-12-17 02:13:55 +01:00
q3k 050af01b83 cluster: add q3k's new SSH key 
Change-Id: I872a75cc89a62c9487433fa5e8e5767953e309c9
 2019-12-17 01:58:58 +01:00
q3k 31058185df personal/q3k: 'production' openrct2 game 
Change-Id: I9b0fd29dd4e8a6c2cac3aaceabbdba07de0faf1b
 2019-11-24 02:39:47 +01:00
q3k 262c6e0361 personal/q3k: add openrct2 
Change-Id: I2526d75c577be6712342a60cc5c7c90b21d5242d
 2019-11-24 02:39:47 +01:00
q3k d0ec2c6ac7 hswaw/kube: refactor 
This breaks up hswaw.jsonnet into a component-per-file pattern.

Change-Id: I1b83d44146ae6c3d3f7c5d02abc2c9b764cc0e8e
 2019-11-21 00:08:52 +01:00
q3k e5a956a1c8 *: bump to q3k's kubecfg, kubernetes 1.16 
Change-Id: I302876d5a45cbfb63d87ad9f6ea9aaeff7bec17d
 2019-11-17 22:38:40 +01:00
q3k fd323a0f55 cluster: sync to prod 
Change-Id: If311f1ce44653bb54e0a10ad2fdd65685722a64d
 2019-11-17 19:49:04 +01:00
q3k 96c428f7d7 nixops: fix 
Change-Id: I15ebde319fcae3f9771da6a549e52783e0ec4409
 2019-11-17 19:00:46 +01:00
q3k c33ebcc79f cluster: add ceph-waw3, move metallb to bgp 
Change-Id: Iebf369f9a02e44be163ef4afc2e0f23c4b009898
 2019-11-01 18:43:45 +01:00
q3k e67f6fec98 cluster/secrets: really try to fix apiserver key/cert 
Change-Id: I6b0ea601246b665585adb040b9819344bc683e78
 2019-10-31 17:36:44 +01:00