Commit graph

1248 commits

Author SHA1 Message Date
f5844311eb */kube: Add kube.SimpleIngress
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-28 17:55:48 +00:00
56df80cf24 hswaw/site: deploy
Remove spurious hspki_disable, now that mirko is ripped out.

Change-Id: I277869e58804cc79bee84334a7abc93c3593c82e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1748
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-28 17:47:11 +00:00
4768e2ff32 hswaw/capacifier: deploy
1. Fix spurious -hspki_disable call now that mirko has been ripped out.
2. Build pure/static binary.

Change-Id: Ibe05f18f23d0794eb1a839064474112e004df824
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1747
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-28 17:47:07 +00:00
49431e8909 gerrit/bazlets: use fork for better fetching
Change-Id: Id0c51b2e1591bef0c3d597cbcae64b373a2aa17f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1744
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-27 19:42:30 +00:00
28b5260753 gerrit: use profile.hackerspace.pl avatars
Change-Id: I44d1ff32843d6239e9728427d479208d853a06d2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1743
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-27 19:42:30 +00:00
5cd3d5299c hacklock: fix documentation
Change-Id: I95d60bf004bd33b91b392cda927794b7dc275b52
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1730
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-19 23:43:43 +00:00
401aa5e754 hswaw/ldapweb: update to latest, add service user
Change-Id: I2cc20d35d0a141bc2ea1948942f9518c84e7ea41
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1727
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-16 19:34:21 +00:00
b17060a688 matrix/0x3c: increase postgres volume size before migration to matrix-ng
Change-Id: I80834986f9aeb629c3eb32c4e824290d9531c4ca
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1602
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-16 17:18:08 +00:00
0bb2fcaa32 hswaw/paperless: upgrade postgres to 15.4, paperless-ngx to 1.17.4
Change-Id: I790f306cf2a7837e11e035615862cf00641d5c96
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1699
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-16 12:02:07 +00:00
ea8e3f9112 kube/postgres: pgupgrade automation
Change-Id: Ibcbddf57b8cdcac75ce366a95db63817bec42a22
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1698
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-16 12:02:07 +00:00
e36beba34c cluster/admitomatic: Regexp-based admission rules
Change-Id: Ic2b1d6a952dc194c0ee2fa1673ceb91c43799308
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1723
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-14 12:21:46 +00:00
f4313b7b26 env.sh: do not set CC=clang in nix(os)
That seems to be broken:

  external/com_google_absl/absl/base/config.h:56:10: fatal error: 'cstddef' file not found

We should probably make it work some day, but let's unbreak things
first.

Change-Id: I5bc6892f8c6353a626f5ca103805c9a0e9a0d494
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1726
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-14 11:51:39 +00:00
a5ba554446 k0: enable fstrim, lower gc thresh for kubelet
fstrim is nice as it might prevent us from killing SSDs so fast.

A lower GC threshold for kubelet is nice as we run non-kubelet services
on these nodes, and they need their space. Notably, Ceph's mons tend to
be extremely claustrophobic, firing alerts at 70% disk usage or so.

Change-Id: I94c1787e62f82a02f107d04a87575327d3d79c01
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1724
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-13 11:47:36 +00:00
4703e55b5c app/mastodon: update to 4.1.9
also add manual db dumper job config

Change-Id: Ifbd85c7452893c26ec1db416b20f2fd8610e1b19
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1691
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-12 21:47:28 +00:00
924d0035fd *: Fix code.hackerspace.pl references
Change-Id: I677cbf743c524bf43cd012579642c34c846f4bcc
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1722
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-11 21:01:13 +00:00
0776a79df3 cluster/kube: Centralize namespace admin RoleBindings
Change-Id: Iec3505b2f4a1647e67cf47cf189c77534b5be6ac
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1696
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-10 17:34:22 +00:00
fe94c9b649 dc/topo: unvendor viz.js
This instead grabs a prebuild viz.js 2.x from a GH release.

Ideally we would use some more generic JS dep mechanism here (there's
some Good (tm) ones for Bazel now!), but this will do for now.

Change-Id: I58e9f67534acd2e3d08d93dc5f9a989dbbbbe3d1
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1721
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-10 15:25:34 +00:00
aafef3373d hswaw/machines/sound: add blitzloop, fix prod diff
Change-Id: I10f9659455842e5a8904183b8929be16c2a633fe
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1633
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-10 11:01:24 +00:00
63ce423ebb hswaw/site: post-deploy changes
This deploys the changes in Id64cccadcd1e109035ed09f62086772fa615dd72
and I34163bbb62ba792d359a5f5e72de1024c0109eab .

Turns out the site actually serves at new.hackerspace.pl and is being
proxy-passed from boston-packets, as that for legacy reasons still has
to live at hackerspace.pl.

Change-Id: Ieaa3e8b6f9c4ced14db83c121e30c9cbaa416b00
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1700
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-10 06:06:06 +00:00
43b6db895d k0: fully disable kube control/data plane on bc01n01,n02
Change-Id: I103f41059d75aa6b3ce318fd6f863f50ad013160
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1697
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-09 23:32:26 +00:00
6534969549 k0: crdb: remove bc01n02, add dcr03s16
Change-Id: I75da414cee50dcdf951cb8968dc56a4873a023fd
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1694
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-09 23:32:17 +00:00
9ae11fdabb matrix: move appservice-irc off blade
Change-Id: I9edbdedc6c2ec7aea30ee7fc5ad83deddb569b00
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1695
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-09 22:46:27 +00:00
a28fa4d7f2 hswaw/site: remove mirko dependency
Change-Id: Id64cccadcd1e109035ed09f62086772fa615dd72
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1690
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-09 21:23:14 +00:00
d318d7e6d4 hswaw/capacifier: remove mirko dependency
Change-Id: I3afbe1857c321ac6db1255d8a2fe1d9aa3da5c12
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1689
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 21:23:07 +00:00
3ca8454555 hswaw/capacifier: migrate deployment away from mirko
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 21:22:55 +00:00
a364934d33 hswaw/site: migrate away from mirko
Change-Id: I34163bbb62ba792d359a5f5e72de1024c0109eab
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1631
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 21:10:10 +00:00
8dcca254ce bazlets: note down version origin
Change-Id: I3fcead7676ec41ae9905c29098f36737668cf475
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1693
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-09 20:28:23 +00:00
6e10e46f96 gerrit-qa: deploy
A little QA environment, currently without any data populated.

Change-Id: Ifbe5e97f312376ca64222a3754fe6fa29d7fda79
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1643
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 19:11:02 +00:00
2ceb69f30b gerrit: bump to 3.7.5
This involved messing with both of our source-built plugins (owners and
oauth).

The main issue seems to have been the desync between Jackson as
requested by different plugins. Jackson is split into multiple Maven
packages, and they all have to be the same version to work together. The
oauth plugin was requesting only part of it, and these parts were
incompatible with the parts that the owners plugin requested.

In addition, we have to make the owners plugin include more bits of
Jackson.

Without these changes, we would get runtime
`java.lang.NoClassDefFoundError: com/fasterxml/jackson/...` errors,
which were a symptom of Jackson either not being included fully into the
plugin's JAR, or a mixup between Jackson component/package versions.

While we're at it, we remove the broken theming attempt.

Change-Id: I26531818a395de2a8bb6054d2583881fd1d5b806
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1642
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 19:11:02 +00:00
bae9499880 cluster/machines: enable controlplane on dcr03s16, disable on bc01n01
Change-Id: I199f66ac60c522c29fe4900702eb9eed48749cfe
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1692
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 19:10:19 +00:00
9a88f28805 cluster/{machines,certs}: add dcr03s16.hswaw.net
Also make dataplane-only nodes actually work:
- make kubeproxy use the same package as kubelet
- disable firewall

Change-Id: I7babbb749656e6f75151c8eda6e3f09f3c6bff5f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1686
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 19:02:18 +00:00
d9567b3b99 java: use JDK 11
This is needed for newer versions of the gerrit owners plugin.

We also need to add zlib to our shell, as binary builds of JDK11 used by
Bazel require it.

Change-Id: Idbbc5e0d88cac13daf2e5f201be6032412bf1a5d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1641
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-09 19:02:12 +00:00
e4519b1419 cluster-k0/admitomatic: add codehosting-prod
Change-Id: If6cd75e2fce73bdc92a3f313f39603616a343fd0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1684
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 21:16:39 +00:00
ba81655145 cluster: cleanup CephObjectStoreUser creation, add codehosting bucket
Change-Id: I6f41ef3d4775b52c43953f1133e56e69c4c462b8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1683
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 21:16:39 +00:00
f549d43b40 matrix: add informatic & q3k as admins
Change-Id: I7c70e5c0c31aa9bae8b5cdc4b4ed5331223913c2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1682
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 21:16:39 +00:00
a7af16d37a hswaw/machines/customs: add htpasswd file support, expose label
This allows for generic service access to hswaw LAN sites.

Change-Id: I2b290b19ae83496d6b878005ae1c57b0d3955e73
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1603
Reviewed-by: vuko <vuko@hackerspace.pl>
2023-10-08 21:12:07 +00:00
7f5f2099c5 gerrit: add ref-updated hook to poke forgejo
This has been deployed already.

Technically depends on I26531818a395de2a8bb6054d2583881fd1d5b806 as this
has been deployed on top of that.

Change-Id: I1b8d453d04f3a9a5435ae0dd6575f82d9ca10db7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1681
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 20:08:50 +00:00
c68343caad gerrit: use Forgejo for viewing repo state
Already deployed.

Change-Id: I3a82e99f22e66676d79baafac85e7263ca140014
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1661
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-08 20:08:50 +00:00
2281b5b618 env.sh: force CC=clang if present
Change-Id: I2369f4ad357b079c2525b7e4cea6d0178aca4c69
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1630
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-08 16:53:01 +00:00
95b8c57415 rules_jvm_external: remove leftovers
This was used by q3k's minecraft plugins, and it was in the process of
being patched to better resolve snapshot versions as used in the Spigot
artifact server.

I have since decided this is not worth it, and yote the plugins and thus
we don't need rules_jvm_external at all.

Change-Id: I1a02354ec5e706c5e44501512149fe9a197ddb7c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1644
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-08 12:38:42 +00:00
924be126f7 Merge remote-tracking branch 'origin/master'
Change-Id: I31065ed4d5ab138a90e0be79a9d00db155896ecc
2023-10-05 00:07:11 +02:00
bdf2defc07 invoicer initial version
Change-Id: Ib20a96c224f5c055874f72f8f9a04a4dc8bbbc24
2023-10-05 00:05:32 +02:00
d60a68d4f3 hswaw/ldapweb: bump app, simplify config
Change-Id: Ia1a0097c097c8d75b7123088b89b51b4cf5ab46c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1632
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-09-24 14:56:13 +00:00
69957c346f devtools/gerrit: add simple healthcheck
This should somewhat temporarily fix gerrit outright dying (ie. refusing
to accept any new http connections) for no reason once in a while.

Change-Id: Ie0dfcab020945d17010c012ecfae19f4c8c5c374
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1601
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-24 13:42:48 +00:00
641fa54783 ci: update presubmit script
Change-Id: I43884faff856b5ca7d8f728ebb9784131544a5e4
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1629
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 23:00:45 +00:00
62b83e04de app: +inventory (spejstore)
Co-authored-by: Radek Pietruszewski <radexpl@gmail.com>
Change-Id: If334f59ae8fe13c6e9362c080b22d53ced49f3ea
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1572
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 22:51:48 +00:00
94d96497b5 hswaw/site: implement recurring events
Change-Id: Ib3c570d058141c4d8441801010f0f1755ccfc0e7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1624
Reviewed-by: radex <radex@hackerspace.pl>
2023-09-22 22:50:39 +00:00
937722e465 hswaw/ldapweb: give admin rights to radex
Change-Id: I5d0ce4b500e7d9c9750dc5f306ea182013362838
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1627
Reviewed-by: radex <radex@hackerspace.pl>
2023-09-22 22:49:05 +00:00
c5f466822e third_party/py: bump/reformat
Change-Id: Ia148d7f56af8ecbf382dfb3d663963f682f64fb9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1628
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 22:44:25 +00:00
80cee0a987 hswaw/site: deploy
Already contains https://gerrit.hackerspace.pl/1624

Change-Id: I248c2f1653a3423d7dfc6ca5374229f072e111dc
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1626
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 22:23:00 +00:00