mirror of https://gerrit.hackerspace.pl/hscloud
h/m/customs: compress connection logs
We need to keep a year's worth of connection logs for legal reasons, and in uncompressed form they took around 170G, but only around 25G compressed, while rootfs on the machine is a bit over 180G. Also a drive-by build fix for laserproxy which also removes a workaround that (IMHO) introduced more problems than it solved. Change-Id: If91224b0c3bc5ccdd096f0c722e82dbe4de29b95 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1907 Reviewed-by: informatic <informatic@hackerspace.pl> Reviewed-by: q3k <q3k@hackerspace.pl>changes/07/1907/8
parent
51788262af
commit
d63ed67aa7
|
@ -34,10 +34,11 @@ pkgs.buildBazelPackage rec {
|
|||
lib.strings.hasSuffix "/WORKSPACE" name ||
|
||||
lib.strings.hasSuffix "/.bazelrc" name
|
||||
);
|
||||
src = hscloud.root;
|
||||
src = ../..;
|
||||
};
|
||||
|
||||
bazelTarget = "//hswaw/laserproxy";
|
||||
bazel = pkgs.bazel_5;
|
||||
bazelTargets = [ "//hswaw/laserproxy" ];
|
||||
nativeBuildInputs = with pkgs; [
|
||||
git python3 postgresql go
|
||||
];
|
||||
|
@ -51,6 +52,10 @@ pkgs.buildBazelPackage rec {
|
|||
fetchAttrs = {
|
||||
# Nicked from nixpkgs' usages of buildBazelPackage in bazel_watcher.
|
||||
preInstall = ''
|
||||
# FIXME: dirty hack to avoid permission errors later from "rm" calls
|
||||
# without "-f"
|
||||
${pkgs.findutils}/bin/find $bazelOut/external/python3* -exec chmod u+w {} +
|
||||
|
||||
# Remove the go_sdk (it's just a copy of the go derivation) and all
|
||||
# references to it from the marker files. Bazel does not need to download
|
||||
# this sdk because we have patched the WORKSPACE file to point to the one
|
||||
|
@ -71,7 +76,7 @@ pkgs.buildBazelPackage rec {
|
|||
rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker}
|
||||
sed -e '/^FILE:@bazel_gazelle_go_repository_tools.*/d' -i $bazelOut/external/\@*.marker
|
||||
'';
|
||||
sha256 = "sha256-WbM9+9Pt//21MCwb/zVro29uKVdNXHnWpuh7kILUbco=";
|
||||
sha256 = "sha256-Z6H8K10DhbeoKQ3+3vPHrRE6VD/HBSnYfbMWCLModAk=";
|
||||
};
|
||||
buildAttrs = {
|
||||
inherit patches;
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# Setup Go toolchain.
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains")
|
||||
|
||||
-go_register_toolchains(version = "1.17")
|
||||
-go_register_toolchains(go_version = "1.20.5", nogo = "@//:nogo")
|
||||
+go_register_toolchains(go_version = "host")
|
||||
|
||||
# IMPORTANT: match protobuf version above with the one loaded by grpc
|
||||
|
|
|
@ -415,6 +415,11 @@ in {
|
|||
${pkgs.killall}/bin/killall -HUP ulogd
|
||||
'';
|
||||
rotate = 55;
|
||||
delaycompress = null;
|
||||
compresscmd = "${pkgs.zstd}/bin/zstd";
|
||||
uncompresscmd = "${pkgs.zstd}/bin/unzstd";
|
||||
compressext = ".zst";
|
||||
compressoptions = "--rm";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,39 +4,6 @@ let
|
|||
name = "laserproxy";
|
||||
user = name;
|
||||
group = name;
|
||||
|
||||
# Building hscloud bazel from nix is often broken on master branch. Building
|
||||
# laserproxy from older hscloud is not a pretty solution, but seem like a
|
||||
# best option for now.
|
||||
# TODO use upstream laserproxy when CI testing is added
|
||||
# see https://issues.hackerspace.pl/issues/9
|
||||
laserproxy =
|
||||
let
|
||||
old = pkgs.fetchgit {
|
||||
url = "https://gerrit.hackerspace.pl/hscloud.git";
|
||||
rev = "5319e611b2be9241c01994eb8e42bd349bb6eabb";
|
||||
sha256 = "sha256-KdVAlaXHW2CE2kJoOT0jJ+a20u6HPAgx5g/7ifX8iqU=";
|
||||
};
|
||||
old-patched = pkgs.runCommandNoCC "hscloud" { } ''
|
||||
cp -r "${old}" $out
|
||||
chmod +w $out/WORKSPACE $out/default.nix
|
||||
|
||||
# backport passing system to allow (pure) builds from flakes
|
||||
chmod +w $out/default.nix
|
||||
echo "{ system ? builtins.currentSystem, ... }@args:" > $out/default.nix
|
||||
sed -e '1d' -e 's/import nixpkgsSrc {/\0 inherit system; /g' ${old}/default.nix >> $out/default.nix
|
||||
|
||||
# hotfix failing bazel build:
|
||||
#
|
||||
# Label '//hswaw/site:deps.bzl' is invalid because 'hswaw/site' is not
|
||||
# a package; perhaps you meant to put the colon here:
|
||||
# '//:hswaw/site/deps.bzl'?
|
||||
chmod +w $out/WORKSPACE
|
||||
sed '/hswaw.site.deps/d' "${old}/WORKSPACE" > $out/WORKSPACE
|
||||
'';
|
||||
in
|
||||
(import old-patched { inherit (pkgs) system; }).hswaw.laserproxy;
|
||||
|
||||
in
|
||||
{
|
||||
users.users."${user}" = {
|
||||
|
@ -55,7 +22,7 @@ in
|
|||
serviceConfig.Type = "simple";
|
||||
serviceConfig.Restart = "always";
|
||||
serviceConfig.RestartSec = "30";
|
||||
serviceConfig.ExecStart = "${laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
|
||||
serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
|
||||
|
|
Loading…
Reference in New Issue