Commit graph

411 commits

Author SHA1 Message Date
c881cf3c22 devtools/hackdoc: init
This is hackdoc, a documentation rendering tool for monorepos.

This is the first code iteration, that can only serve from a local git
checkout.

The code is incomplete, and is WIP.

Change-Id: I68ef7a991191c1bb1b0fdd2a8d8353aba642e28f
2020-04-08 20:03:12 +02:00
154baf1cf6 personal/q3k/factorio: add pymods server
Change-Id: I080ae267ea3afc19ae7d65ca458f71206bb6ed4e
2020-04-05 21:32:02 +02:00
6e985c4530 personal/q3k/factorio: fix deploy selectors
Change-Id: Id116da7d2486f2a2a5206fe1f8b79283a545c4d2
2020-04-01 02:21:45 +02:00
59786c5dfa personal/q3k/factorio: bump, add ds
Change-Id: I15dbbfdd911fb61fc5769443ef4f2e862cf6c7e1
2020-04-01 02:05:42 +02:00
0dcc702c64 cluster: bump nearly-expired certs
This makes clustercfg ensure certificates are valid for at least 30
days, and renew them otherwise.

We use this to bump all the certs that were about to expire in a week.
They are now valid until 2021.

There's still some certs that expire in 2020. We need to figure out a
better story for this, especially as the next expiry is 2021 - todays
prod rollout was somewhat disruptive (basically this was done by a full
cluster upgrade-like rollout flow, via clustercfg).

We also drive-by bump the number of mons in ceph-waw3 to 3, as it shouls
be (this gets rid of a nasty SPOF that would've bitten us during this
upgrade otherwise).

Change-Id: Iee050b1b9cba4222bc0f3c7bce9e4cf9b25c8bdc
2020-03-28 18:01:40 +01:00
973076c0fb app/covid-formity: covid19 hackerspace relief form
Change-Id: I952ca040e85e6305d5241816c3afa8ae69031d5f
2020-03-26 21:40:01 +01:00
q3k
97ce218339 Merge "env: fix missing hscloud_nixos export" 2020-03-26 14:15:48 +00:00
Serge Bazanski
d7bc2ad53d well akshually
Change-Id: I597e4a7c3419e2fe5fb255618c5ec97176d7a5d4
2020-03-26 15:13:09 +01:00
Serge Bazanski
56c74ff0c2 personal/q3k/test: test
Change-Id: I84e827e1ff9a446749fe58b065f9441bc2019d3b
2020-03-26 15:12:30 +01:00
90e8e68bab crdb.k0: add bugless-dev (for q3k)
Change-Id: I3988e1c37f0a0c54ef1ba248f01e026d6e8c72b6
2020-03-25 10:55:05 +01:00
540663904b personal/q3k/factorio: bump
Change-Id: I2a93d24f85d7517a1e2b6247668c5ae63f4e2732
2020-03-25 10:48:52 +01:00
2259437930 env: fix missing hscloud_nixos export
Change-Id: I1887a06908e8b50926288d4cd9c9a820dd795ae0
2020-03-21 23:44:10 +01:00
Michal Zagorski
5b1aa134fe personal/q3k/lelegram: changes by zagura
* Log high verbose debug messages
  * New cli parameter irc_login
  * Change regex for IRC nicks
  * IRC channel names case insensitive
  * IRC usernames truncated to 9 chars without Telegram suffix

Signed-off-by: Michał Zagórski <zagura6@gmail.com>
Change-Id: Ifa32279580a4378cc3b9e255f0311216998e02c9
2020-03-02 12:01:10 +01:00
e186c87c1b cluster: bump rook to 1.0.6
In preparation for updating to 1.1.0, which will be much more involved.

Also fix a typo in registry.libsonnet, whoops.

Change-Id: I7668bf53c7580f99fdf56fe6227f04a468f8de50
2020-02-21 12:57:02 +01:00
9d738cedc3 k8s.io/apimachinery: bypass https://github.com/kubernetes/kubernetes/issues/87675
For us this manifests when doing

   kubecfg update cluster/kube/cluster.libsonnet

To be precise: when hitting the Ceph/Rook CRD definition.

This is a weird bug. I've seen it manifest earlier on NixOS, but I am
now also seeing it on Gentoo. I've thought that it was because of Go API
breakage, but I've quickly tried to specify older toolchain versions,
but that didn't seem to help? :/

Regardless, I've applied a patch by rnb [1] that seems to fix this. I
also have a suspicion that updating to a newer k8s version might just
fix this, that's why I'm not not too concerned about this for now.

[1] - a32521024f

Change-Id: Id66e3c0bd56e84d785e1baeca86373aa2d0eb6f9
2020-02-21 12:54:05 +01:00
02aae3628c hswaw/kube: encrypt keys, update expired keys
cz2's key has expired. Removing it for now as there's no easy way to
force gpg to encrypt content for expired keys.

Change-Id: Ib27b9a09385fcead1ba2d48ebf45426038d8b647
2020-02-18 23:28:14 +01:00
74818e155c hswaw/kube: add pretalx
Change-Id: Ia7512aa988022c3c7fd89f81927fbad03f933cf1
2020-02-18 22:56:21 +01:00
114edc2398 kube/mirko: add kube.CephObjectStoreUser
Change-Id: I2a67076eeaf41ada41f5ae3ee588025e4c16b9e1
2020-02-18 22:55:13 +01:00
c5a77b8f81 env/tools: fix NixOS detection, maybe
Change-Id: Ifa4c1c53ed918f67e68e190709edc417d0d3b4d6
2020-02-17 23:04:35 +01:00
q3k
3c14185ce4 Merge "cluster: set ceph-waw3 mon replicas to 1" 2020-02-15 11:49:06 +00:00
0d83300b18 cluster: set ceph-waw3 mon replicas to 1
This reflects current production. This needs to get bumped up to 3 at some point as otherwise we lose HA for this cluster.

Change-Id: Ie5937e6a216b635ecbc4c82ecd182a410167c3f8
2020-02-15 11:48:39 +00:00
q3k
8703e9d29f Merge "hswaw/kube/frab: use more unique labels for postgres service" 2020-02-15 11:41:41 +00:00
q3k
90b19a7fd1 Merge "kube/redis: run as unprivileged user" 2020-02-15 11:41:31 +00:00
q3k
50af9b991c Merge "kube/postgres: run bouncer" 2020-02-15 11:41:21 +00:00
q3k
f635260a0a Merge "kube/mirko: allow specifying securityContext" 2020-02-15 11:41:03 +00:00
e95c0e2dfd hswaw/kube/frab: use more unique labels for postgres service
Change-Id: Ic118f8663acbd6f9559ad61c7e026b95c7628809
2020-02-15 12:40:25 +01:00
f8b4cd7b06 kube/redis: run as unprivileged user
Change-Id: If117384748cb6d06097742329095ae8936ed001c
2020-02-15 12:39:35 +01:00
c622a19d36 kube/postgres: run bouncer
Change-Id: Id85cf1f32f8d41bf909dae380c4a5b3351cac29b
2020-02-15 12:39:14 +01:00
aa8c2b0cca kube/mirko: allow specifying securityContext
Change-Id: Iebafd6b1480ed1e1c1f3cf83361376987720766e
2020-02-15 12:38:39 +01:00
q3k
0532cc4bee Merge "env.fish: add" 2020-02-15 00:26:05 +00:00
d42
90efd491e5 env.fish: add
Change-Id: I53584e8e99a668c602b8361417782a84f3834042
2020-02-15 01:22:58 +01:00
q3k
80c9b015d0 Merge "go: bump rules_go, autodetect nix for go toolchains" 2020-02-15 00:12:02 +00:00
e03c217cc1 go: bump rules_go, autodetect nix for go toolchains
Change-Id: If10a7843e5e54ade82fbeec85f4e6727e4d2a117
2020-02-15 01:04:38 +01:00
58d08595f1 {cluster,}/README: update
Change-Id: Ie211fd34316c407f29506b67187632fd22a4f75b
2020-02-15 01:00:42 +01:00
d7364520e9 cluster: bump kubelets to 1.14.3
Change-Id: I02ed978a49629cdfc3f3587ad640e8cc5a5fad23
2020-02-02 23:43:28 +01:00
e2095b2ce9 cluster: remove unused module-cluster.nix
Change-Id: I819d803fc7454cfd63a11a109ec73c9578f598b8
2020-02-02 23:43:00 +01:00
c78cc13528 cluster/nix: locally build nixos derivations
We change the existing behaviour (copy files & run nixos-rebuild switch)
to something closer to nixops-style. This now means that provisioning
admin machines need Nix installed locally, but that's probably an okay
choice to make.

The upside of this approach is that it's easier to debug and test
derivations, as all data is local to the repo and the workstation, and
deploying just means copying a configuration closure and switching the
system to it. At some point we should even be able to run the entire
cluster within a set of test VMs.

We also bump the kubernetes control plane to 1.14. Kubelets are still at
1.13 and their upgrade is comint up today too.

Change-Id: Ia9832c47f258ee223d93893d27946d1161cc4bbd
2020-02-02 22:31:53 +01:00
f15da82393 lelegram: disable
Change-Id: I3e1deef6aa5984971d35905c9feabe196a6da201
2020-02-02 17:16:17 +01:00
649469611a hswaw/frab: deploy
Change-Id: I4e433fe8dac86c8c3309bb84e6f2ad9c4a281fdf
2020-02-02 17:15:55 +01:00
e048331e25 teleimg: fix RE for IRC names
Change-Id: Ief1bda751553361bcbbd18031205ae70804f1dd4
2020-02-02 16:58:57 +01:00
83e2690070 lelegram: stuckness fixes, timeout
Change-Id: I3c1ad4e589ea66db846a56aab8a2c1698bdee539
2020-01-23 14:18:25 +01:00
400ac7a88d go/{mirko,statusz}: enable profiling
Change-Id: I5f1a51f349196f2a187e484f44fdbff5d0acde3f
2020-01-23 14:17:30 +01:00
a2ee865a0c postgres: run unprivilged
Change-Id: I8d7e92093c0df91b6cd601a4d8e2484fca97ee88
2020-01-22 21:48:48 +01:00
083b176f74 factorio: bump, allow mods
Change-Id: I5604bda27a54205f4e11578cf0efa7ac66115ac9
2020-01-22 21:48:22 +01:00
9377313ae0 lelegram: irc conn deadlock fix
Change-Id: I04b479c6ecb7e34cfcc5b8e43c6315893252e4e5
2020-01-22 21:47:25 +01:00
572d766096 bgpwtf/invoice: bump for 2020
This doesn't automatically bump generated numbers - however, new users
will at least have sensible IDs now :).

To bump an existing deployment, you will have to do some mild surgery:

 - edit the touched query to once generate a new, appropriate serial
   (eg. 20001)
 - run and seal one invoice
 - restore original code (now with the new 20000 default)

In the future we should have an RPC override for the new sealed final
UID with some basic sanity checks.

Change-Id: Idd8187618869f6ea76f1b187acfbdd2f1c94005b
2020-01-14 14:03:38 +01:00
9937146d25 personal/q3k: bump factorio
Change-Id: Id472ad9fffd09917b040ce8572b760862b4fcd2f
2020-01-14 13:47:26 +01:00
92b48d6216 {matrix,lelegram}: pin to bc01n0{1,2}.hswaw.net
Only these nodes (and bc01n03( are #blesed by freenode.

In the future we should fix this by having custom node labels for
blessed nodes. But this will do for now.

Change-Id: Ia5d7cfcb9329da0de8d596ed40b20b0e0f286f43
2020-01-08 13:59:04 +01:00
effafe9032 teleimg: allow underscores and hyphens in file id
Change-Id: I6f6cdd3a13cdbed41f57c40ac1b2e46c4707be32
2020-01-05 22:31:39 +01:00
a07688fe74 lelegram: mutually exclude multimedia
Change-Id: I6c300e8627c825f5b2f1281efc8f4c33574289f7
2020-01-05 21:21:07 +01:00