h/m/customs: compress connection logs

We need to keep a year's worth of connection logs for legal reasons, and in uncompressed form they took around 170G, but only around 25G compressed, while rootfs on the machine is a bit over 180G. Also a drive-by build fix for laserproxy which also removes a workaround that (IMHO) introduced more problems than it solved. Change-Id: If91224b0c3bc5ccdd096f0c722e82dbe4de29b95 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1907 Reviewed-by: informatic <informatic@hackerspace.pl> Reviewed-by: q3k <q3k@hackerspace.pl>
2024-02-20 21:06:16 +01:00 · 2024-02-20 21:06:16 +01:00 · d63ed67aa7
parent 51788262af
commit d63ed67aa7
4 changed files with 15 additions and 38 deletions
--- a/hswaw/laserproxy/default.nix
+++ b/hswaw/laserproxy/default.nix
@ -34,10 +34,11 @@ pkgs.buildBazelPackage rec {
      lib.strings.hasSuffix "/WORKSPACE" name ||
      lib.strings.hasSuffix "/.bazelrc" name
    );
-    src = hscloud.root;
+    src = ../..;
  };

-  bazelTarget = "//hswaw/laserproxy";
+  bazel = pkgs.bazel_5;
+  bazelTargets = [ "//hswaw/laserproxy" ];
  nativeBuildInputs = with pkgs; [
    git python3 postgresql go
  ];
@ -51,6 +52,10 @@ pkgs.buildBazelPackage rec {
  fetchAttrs = {
    # Nicked from nixpkgs'  usages of buildBazelPackage in bazel_watcher.
    preInstall = ''
+      # FIXME: dirty hack to avoid permission errors later from "rm" calls
+      # without "-f"
+      ${pkgs.findutils}/bin/find $bazelOut/external/python3* -exec chmod u+w {} +
+
      # Remove the go_sdk (it's just a copy of the go derivation) and all
      # references to it from the marker files. Bazel does not need to download
      # this sdk because we have patched the WORKSPACE file to point to the one
@ -71,7 +76,7 @@ pkgs.buildBazelPackage rec {
      rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
      sed -e '/^FILE:@bazel_gazelle_go_repository_tools.*/d' -i $bazelOut/external/\@*.marker
    '';
-    sha256 = "sha256-WbM9+9Pt//21MCwb/zVro29uKVdNXHnWpuh7kILUbco=";
+    sha256 = "sha256-Z6H8K10DhbeoKQ3+3vPHrRE6VD/HBSnYfbMWCLModAk=";
  };
  buildAttrs = {
    inherit patches;
--- a/hswaw/laserproxy/nix-use-system-go.patch
+++ b/hswaw/laserproxy/nix-use-system-go.patch
@ -4,7 +4,7 @@
 # Setup Go toolchain.
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains")
 
-go_register_toolchains(version = "1.17")
+-go_register_toolchains(go_version = "1.20.5", nogo = "@//:nogo")
 +go_register_toolchains(go_version = "host")
 
 # IMPORTANT: match protobuf version above with the one loaded by grpc
--- a/hswaw/machines/customs.hackerspace.pl/configuration.nix
+++ b/hswaw/machines/customs.hackerspace.pl/configuration.nix
@ -415,6 +415,11 @@ in {
            ${pkgs.killall}/bin/killall -HUP ulogd
        '';
        rotate = 55;
+        delaycompress = null;
+        compresscmd = "${pkgs.zstd}/bin/zstd";
+        uncompresscmd = "${pkgs.zstd}/bin/unzstd";
+        compressext = ".zst";
+        compressoptions = "--rm";
      };
    };
  };
--- a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
+++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
@ -4,39 +4,6 @@ let
  name = "laserproxy";
  user = name;
  group = name;
-
-  # Building hscloud bazel from nix is often broken on master branch. Building
-  # laserproxy from older hscloud is not a pretty solution, but seem like a
-  # best option for now.
-  # TODO use upstream laserproxy when CI testing is added
-  # see https://issues.hackerspace.pl/issues/9
-  laserproxy =
-    let
-      old = pkgs.fetchgit {
-        url = "https://gerrit.hackerspace.pl/hscloud.git";
-        rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb";
-        sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU=";
-      };
-      old-patched = pkgs.runCommandNoCC "hscloud" { } ''
-        cp -r "${old}" $out
-        chmod +w $out/WORKSPACE $out/default.nix
-
-        # backport passing system to allow (pure) builds from flakes
-        chmod +w $out/default.nix
-        echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix
-        sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix
-
-        # hotfix failing bazel build:
-        #
-        #   Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not
-        #   a package; perhaps you meant to put the colon here:
-        #   '//:hswaw/site/deps.bzl'?
-        chmod +w $out/WORKSPACE
-        sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE
-      '';
-    in
-    (import old-patched { inherit (pkgs) system; }).hswaw.laserproxy;
-
 in
 {
  users.users."${user}" = {
@ -55,7 +22,7 @@ in
    serviceConfig.Type = "simple";
    serviceConfig.Restart = "always";
    serviceConfig.RestartSec = "30";
-    serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
+    serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
  };

  services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {