cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
568 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

568 Commits (c824405e2e75e5a322acb3770982c79bfe6aeb23)

Author SHA1 Message Date
q3k 4f7cc0064f Revert "*: update docs for hackdoc" 
This reverts commit cc8c69c897.

Reason for revert: <INSERT REASONING HERE>

Change-Id: I1315e930e2ef69db3188eda05e4aa0b12db24274
 2020-04-10 20:09:35 +00:00
q3k cc8c69c897 *: update docs for hackdoc 
Change-Id: I256ec4499da2289f8f7ea3766ce40f2b0ffb0dc1
 2020-04-10 21:20:53 +02:00
q3k f157b4d632 devtools/{depotview,hackdoc}: tie both together 
Change-Id: I0a1ca3b4fa0e0a074eccbe0f8748839b926db9c1
 2020-04-10 19:24:48 +02:00
q3k 4c0e9b52c0 devtools/depotview: init 
This is a small service for accessing git repos read-only over gRPC.

It's going to be used to allow hackdoc to render arbitrary versions of
hscloud.

Change-Id: Ib3c5eb5a8bc679e8062142e6fa30505d9550e2fa
 2020-04-08 22:42:33 +02:00
q3k c881cf3c22 devtools/hackdoc: init 
This is hackdoc, a documentation rendering tool for monorepos.

This is the first code iteration, that can only serve from a local git
checkout.

The code is incomplete, and is WIP.

Change-Id: I68ef7a991191c1bb1b0fdd2a8d8353aba642e28f
 2020-04-08 20:03:12 +02:00
q3k 154baf1cf6 personal/q3k/factorio: add pymods server 
Change-Id: I080ae267ea3afc19ae7d65ca458f71206bb6ed4e
 2020-04-05 21:32:02 +02:00
q3k 6e985c4530 personal/q3k/factorio: fix deploy selectors 
Change-Id: Id116da7d2486f2a2a5206fe1f8b79283a545c4d2
 2020-04-01 02:21:45 +02:00
q3k 59786c5dfa personal/q3k/factorio: bump, add ds 
Change-Id: I15dbbfdd911fb61fc5769443ef4f2e862cf6c7e1
 2020-04-01 02:05:42 +02:00
q3k 0dcc702c64 cluster: bump nearly-expired certs 
This makes clustercfg ensure certificates are valid for at least 30
days, and renew them otherwise.

We use this to bump all the certs that were about to expire in a week.
They are now valid until 2021.

There's still some certs that expire in 2020. We need to figure out a
better story for this, especially as the next expiry is 2021 - todays
prod rollout was somewhat disruptive (basically this was done by a full
cluster upgrade-like rollout flow, via clustercfg).

We also drive-by bump the number of mons in ceph-waw3 to 3, as it shouls
be (this gets rid of a nasty SPOF that would've bitten us during this
upgrade otherwise).

Change-Id: Iee050b1b9cba4222bc0f3c7bce9e4cf9b25c8bdc
 2020-03-28 18:01:40 +01:00
informatic 973076c0fb app/covid-formity: covid19 hackerspace relief form 
Change-Id: I952ca040e85e6305d5241816c3afa8ae69031d5f
 2020-03-26 21:40:01 +01:00
q3k 97ce218339 Merge "env: fix missing hscloud_nixos export" 2020-03-26 14:15:48 +00:00
Serge Bazanski d7bc2ad53d well akshually 
Change-Id: I597e4a7c3419e2fe5fb255618c5ec97176d7a5d4
 2020-03-26 15:13:09 +01:00
Serge Bazanski 56c74ff0c2 personal/q3k/test: test 
Change-Id: I84e827e1ff9a446749fe58b065f9441bc2019d3b
 2020-03-26 15:12:30 +01:00
q3k 90e8e68bab crdb.k0: add bugless-dev (for q3k) 
Change-Id: I3988e1c37f0a0c54ef1ba248f01e026d6e8c72b6
 2020-03-25 10:55:05 +01:00
q3k 540663904b personal/q3k/factorio: bump 
Change-Id: I2a93d24f85d7517a1e2b6247668c5ae63f4e2732
 2020-03-25 10:48:52 +01:00
informatic 2259437930 env: fix missing hscloud_nixos export 
Change-Id: I1887a06908e8b50926288d4cd9c9a820dd795ae0
 2020-03-21 23:44:10 +01:00
informatic 57349d2a76 app/matrix: upgrade and migrate to official appservice-irc image 
Change-Id: I9104974bd0906739f08239146737c56efde36cfe
 2020-03-21 23:35:11 +01:00
informatic aca7e28f69 app/matrix: upgrade and migrate to official riot-web container image 
Change-Id: I438e5b6e1bfb4a20bb6613904497e1e8a6d86fc5
 2020-03-21 23:35:03 +01:00
informatic 8ebfc1d338 app/matrix: synapse upgrade 
Change-Id: Ice5f70be190126da5eecfc1d5ec5c1f746679ec9
 2020-03-03 21:01:18 +01:00
Michal Zagorski 5b1aa134fe personal/q3k/lelegram: changes by zagura 
* Log high verbose debug messages
  * New cli parameter irc_login
  * Change regex for IRC nicks
  * IRC channel names case insensitive
  * IRC usernames truncated to 9 chars without Telegram suffix

Signed-off-by: Michał Zagórski <zagura6@gmail.com>
Change-Id: Ifa32279580a4378cc3b9e255f0311216998e02c9
 2020-03-02 12:01:10 +01:00
q3k e186c87c1b cluster: bump rook to 1.0.6 
In preparation for updating to 1.1.0, which will be much more involved.

Also fix a typo in registry.libsonnet, whoops.

Change-Id: I7668bf53c7580f99fdf56fe6227f04a468f8de50
 2020-02-21 12:57:02 +01:00
q3k 9d738cedc3 k8s.io/apimachinery: bypass https://github.com/kubernetes/kubernetes/issues/87675 
For us this manifests when doing

   kubecfg update cluster/kube/cluster.libsonnet

To be precise: when hitting the Ceph/Rook CRD definition.

This is a weird bug. I've seen it manifest earlier on NixOS, but I am
now also seeing it on Gentoo. I've thought that it was because of Go API
breakage, but I've quickly tried to specify older toolchain versions,
but that didn't seem to help? :/

Regardless, I've applied a patch by rnb [1] that seems to fix this. I
also have a suspicion that updating to a newer k8s version might just
fix this, that's why I'm not not too concerned about this for now.

[1] - a32521024f

Change-Id: Id66e3c0bd56e84d785e1baeca86373aa2d0eb6f9
 2020-02-21 12:54:05 +01:00
q3k 02aae3628c hswaw/kube: encrypt keys, update expired keys 
cz2's key has expired. Removing it for now as there's no easy way to
force gpg to encrypt content for expired keys.

Change-Id: Ib27b9a09385fcead1ba2d48ebf45426038d8b647
 2020-02-18 23:28:14 +01:00
q3k 74818e155c hswaw/kube: add pretalx 
Change-Id: Ia7512aa988022c3c7fd89f81927fbad03f933cf1
 2020-02-18 22:56:21 +01:00
q3k 114edc2398 kube/mirko: add kube.CephObjectStoreUser 
Change-Id: I2a67076eeaf41ada41f5ae3ee588025e4c16b9e1
 2020-02-18 22:55:13 +01:00
q3k c5a77b8f81 env/tools: fix NixOS detection, maybe 
Change-Id: Ifa4c1c53ed918f67e68e190709edc417d0d3b4d6
 2020-02-17 23:04:35 +01:00
q3k 3c14185ce4 Merge "cluster: set ceph-waw3 mon replicas to 1" 2020-02-15 11:49:06 +00:00
q3k 0d83300b18 cluster: set ceph-waw3 mon replicas to 1 
This reflects current production. This needs to get bumped up to 3 at some point as otherwise we lose HA for this cluster.

Change-Id: Ie5937e6a216b635ecbc4c82ecd182a410167c3f8
 2020-02-15 11:48:39 +00:00
q3k 8703e9d29f Merge "hswaw/kube/frab: use more unique labels for postgres service" 2020-02-15 11:41:41 +00:00
q3k 90b19a7fd1 Merge "kube/redis: run as unprivileged user" 2020-02-15 11:41:31 +00:00
q3k 50af9b991c Merge "kube/postgres: run bouncer" 2020-02-15 11:41:21 +00:00
q3k f635260a0a Merge "kube/mirko: allow specifying securityContext" 2020-02-15 11:41:03 +00:00
q3k e95c0e2dfd hswaw/kube/frab: use more unique labels for postgres service 
Change-Id: Ic118f8663acbd6f9559ad61c7e026b95c7628809
 2020-02-15 12:40:25 +01:00
q3k f8b4cd7b06 kube/redis: run as unprivileged user 
Change-Id: If117384748cb6d06097742329095ae8936ed001c
 2020-02-15 12:39:35 +01:00
q3k c622a19d36 kube/postgres: run bouncer 
Change-Id: Id85cf1f32f8d41bf909dae380c4a5b3351cac29b
 2020-02-15 12:39:14 +01:00
q3k aa8c2b0cca kube/mirko: allow specifying securityContext 
Change-Id: Iebafd6b1480ed1e1c1f3cf83361376987720766e
 2020-02-15 12:38:39 +01:00
q3k 0532cc4bee Merge "env.fish: add" 2020-02-15 00:26:05 +00:00
daz 90efd491e5 env.fish: add 
Change-Id: I53584e8e99a668c602b8361417782a84f3834042
 2020-02-15 01:22:58 +01:00
q3k 80c9b015d0 Merge "go: bump rules_go, autodetect nix for go toolchains" 2020-02-15 00:12:02 +00:00
q3k e03c217cc1 go: bump rules_go, autodetect nix for go toolchains 
Change-Id: If10a7843e5e54ade82fbeec85f4e6727e4d2a117
 2020-02-15 01:04:38 +01:00
q3k 58d08595f1 {cluster,}/README: update 
Change-Id: Ie211fd34316c407f29506b67187632fd22a4f75b
 2020-02-15 01:00:42 +01:00
q3k d7364520e9 cluster: bump kubelets to 1.14.3 
Change-Id: I02ed978a49629cdfc3f3587ad640e8cc5a5fad23
 2020-02-02 23:43:28 +01:00
q3k e2095b2ce9 cluster: remove unused module-cluster.nix 
Change-Id: I819d803fc7454cfd63a11a109ec73c9578f598b8
 2020-02-02 23:43:00 +01:00
q3k c78cc13528 cluster/nix: locally build nixos derivations 
We change the existing behaviour (copy files & run nixos-rebuild switch)
to something closer to nixops-style. This now means that provisioning
admin machines need Nix installed locally, but that's probably an okay
choice to make.

The upside of this approach is that it's easier to debug and test
derivations, as all data is local to the repo and the workstation, and
deploying just means copying a configuration closure and switching the
system to it. At some point we should even be able to run the entire
cluster within a set of test VMs.

We also bump the kubernetes control plane to 1.14. Kubelets are still at
1.13 and their upgrade is comint up today too.

Change-Id: Ia9832c47f258ee223d93893d27946d1161cc4bbd
 2020-02-02 22:31:53 +01:00
q3k f15da82393 lelegram: disable 
Change-Id: I3e1deef6aa5984971d35905c9feabe196a6da201
 2020-02-02 17:16:17 +01:00
q3k 649469611a hswaw/frab: deploy 
Change-Id: I4e433fe8dac86c8c3309bb84e6f2ad9c4a281fdf
 2020-02-02 17:15:55 +01:00
q3k e048331e25 teleimg: fix RE for IRC names 
Change-Id: Ief1bda751553361bcbbd18031205ae70804f1dd4
 2020-02-02 16:58:57 +01:00
q3k 83e2690070 lelegram: stuckness fixes, timeout 
Change-Id: I3c1ad4e589ea66db846a56aab8a2c1698bdee539
 2020-01-23 14:18:25 +01:00
q3k 400ac7a88d go/{mirko,statusz}: enable profiling 
Change-Id: I5f1a51f349196f2a187e484f44fdbff5d0acde3f
 2020-01-23 14:17:30 +01:00
q3k a2ee865a0c postgres: run unprivilged 
Change-Id: I8d7e92093c0df91b6cd601a4d8e2484fca97ee88
 2020-01-22 21:48:48 +01:00