From d63ed67aa74ccbbaad817abf9f55f65cdbe2c5b3 Mon Sep 17 00:00:00 2001 From: Ari Gerus Date: Tue, 20 Feb 2024 21:06:16 +0100 Subject: [PATCH] h/m/customs: compress connection logs We need to keep a year's worth of connection logs for legal reasons, and in uncompressed form they took around 170G, but only around 25G compressed, while rootfs on the machine is a bit over 180G. Also a drive-by build fix for laserproxy which also removes a workaround that (IMHO) introduced more problems than it solved. Change-Id: If91224b0c3bc5ccdd096f0c722e82dbe4de29b95 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1907 Reviewed-by: informatic Reviewed-by: q3k --- hswaw/laserproxy/default.nix | 11 ++++-- hswaw/laserproxy/nix-use-system-go.patch | 2 +- .../customs.hackerspace.pl/configuration.nix | 5 +++ .../laserproxy/service.nix | 35 +------------------ 4 files changed, 15 insertions(+), 38 deletions(-) diff --git a/hswaw/laserproxy/default.nix b/hswaw/laserproxy/default.nix index 45d5ae69..9bba78ca 100644 --- a/hswaw/laserproxy/default.nix +++ b/hswaw/laserproxy/default.nix @@ -34,10 +34,11 @@ pkgs.buildBazelPackage rec { lib.strings.hasSuffix "/WORKSPACE" name || lib.strings.hasSuffix "/.bazelrc" name ); - src = hscloud.root; + src = ../..; }; - bazelTarget = "//hswaw/laserproxy"; + bazel = pkgs.bazel_5; + bazelTargets = [ "//hswaw/laserproxy" ]; nativeBuildInputs = with pkgs; [ git python3 postgresql go ]; @@ -51,6 +52,10 @@ pkgs.buildBazelPackage rec { fetchAttrs = { # Nicked from nixpkgs' usages of buildBazelPackage in bazel_watcher. preInstall = '' + # FIXME: dirty hack to avoid permission errors later from "rm" calls + # without "-f" + ${pkgs.findutils}/bin/find $bazelOut/external/python3* -exec chmod u+w {} + + # Remove the go_sdk (it's just a copy of the go derivation) and all # references to it from the marker files. Bazel does not need to download # this sdk because we have patched the WORKSPACE file to point to the one @@ -71,7 +76,7 @@ pkgs.buildBazelPackage rec { rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker} sed -e '/^FILE:@bazel_gazelle_go_repository_tools.*/d' -i $bazelOut/external/\@*.marker ''; - sha256 = "sha256-WbM9+9Pt//21MCwb/zVro29uKVdNXHnWpuh7kILUbco="; + sha256 = "sha256-Z6H8K10DhbeoKQ3+3vPHrRE6VD/HBSnYfbMWCLModAk="; }; buildAttrs = { inherit patches; diff --git a/hswaw/laserproxy/nix-use-system-go.patch b/hswaw/laserproxy/nix-use-system-go.patch index 92880f57..db80ce07 100644 --- a/hswaw/laserproxy/nix-use-system-go.patch +++ b/hswaw/laserproxy/nix-use-system-go.patch @@ -4,7 +4,7 @@ # Setup Go toolchain. load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains") --go_register_toolchains(version = "1.17") +-go_register_toolchains(go_version = "1.20.5", nogo = "@//:nogo") +go_register_toolchains(go_version = "host") # IMPORTANT: match protobuf version above with the one loaded by grpc diff --git a/hswaw/machines/customs.hackerspace.pl/configuration.nix b/hswaw/machines/customs.hackerspace.pl/configuration.nix index f2f88129..3351e6cf 100644 --- a/hswaw/machines/customs.hackerspace.pl/configuration.nix +++ b/hswaw/machines/customs.hackerspace.pl/configuration.nix @@ -415,6 +415,11 @@ in { ${pkgs.killall}/bin/killall -HUP ulogd ''; rotate = 55; + delaycompress = null; + compresscmd = "${pkgs.zstd}/bin/zstd"; + uncompresscmd = "${pkgs.zstd}/bin/unzstd"; + compressext = ".zst"; + compressoptions = "--rm"; }; }; }; diff --git a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix index e76c51f0..20c1e257 100644 --- a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix +++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix @@ -4,39 +4,6 @@ let name = "laserproxy"; user = name; group = name; - - # Building hscloud bazel from nix is often broken on master branch. Building - # laserproxy from older hscloud is not a pretty solution, but seem like a - # best option for now. - # TODO use upstream laserproxy when CI testing is added - # see https://issues.hackerspace.pl/issues/9 - laserproxy = - let - old = pkgs.fetchgit { - url = "https://gerrit.hackerspace.pl/hscloud.git"; - rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb"; - sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU="; - }; - old-patched = pkgs.runCommandNoCC "hscloud" { } '' - cp -r "${old}" $out - chmod +w $out/WORKSPACE $out/default.nix - - # backport passing system to allow (pure) builds from flakes - chmod +w $out/default.nix - echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix - sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix - - # hotfix failing bazel build: - # - # Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not - # a package; perhaps you meant to put the colon here: - # '//:hswaw/site/deps.bzl'? - chmod +w $out/WORKSPACE - sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE - ''; - in - (import old-patched { inherit (pkgs) system; }).hswaw.laserproxy; - in { users.users."${user}" = { @@ -55,7 +22,7 @@ in serviceConfig.Type = "simple"; serviceConfig.Restart = "always"; serviceConfig.RestartSec = "30"; - serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137"; + serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137"; }; services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {