kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity
882 commits 107 branches 0 tags 49 MiB
Commit graph

882 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kiara Grouwstra
51345a4d8e
proper templating 2025-08-13 12:52:13 +02:00
Kiara Grouwstra
6da6cc678a
comment forgejo actions runner 2025-08-06 21:09:31 +02:00
Kiara Grouwstra
b415e5d597
nginx group acme 2025-08-06 21:07:40 +02:00
Kiara Grouwstra
7cfcf39209
unforce ssl 2025-08-06 21:07:19 +02:00
Kiara Grouwstra
2feb245231
try more firewall holes 2025-08-06 21:06:53 +02:00
Kiara Grouwstra
e620a56ab4
poke forceSSL hole to fix ACME issue Timeout during connect (likely firewall problem) 2025-08-06 10:21:45 +02:00
Kiara Grouwstra
029d98b191
mv to forgejo-ci 2025-08-06 09:03:06 +02:00
Kiara Grouwstra
f0f7959896
rekey 2025-08-06 09:01:45 +02:00
Kiara Grouwstra
c0324642d7
reproduce group woodpecker-server 2025-08-06 09:01:45 +02:00
Kiara Grouwstra
10f4764e45
make it secure
Some checks failed
ci/woodpecker/manual/check-deployment-cli Pipeline failed
Details
ci/woodpecker/manual/check-deployment-basic Pipeline failed
Details
ci/woodpecker/manual/check-deployment-panel Pipeline failed
Details
ci/woodpecker/manual/check-mastodon Pipeline failed
Details
ci/woodpecker/manual/check-panel Pipeline failed
Details
ci/woodpecker/manual/check-peertube Pipeline failed
Details
ci/woodpecker/manual/check-pre-commit Pipeline was successful
Details
ci/woodpecker/manual/check-data-model Pipeline was successful
Details
ci/woodpecker/manual/update Pipeline was successful
Details
ci/woodpecker/manual/check-resources Pipeline was successful
Details
ci/woodpecker/manual/cd Pipeline failed
Details
2025-08-05 17:06:46 +02:00
Kiara Grouwstra
f9b05f36f5
add host alias
Some checks failed
ci/woodpecker/manual/check-deployment-cli Pipeline failed
Details
ci/woodpecker/manual/check-deployment-basic Pipeline failed
Details
ci/woodpecker/manual/check-deployment-panel Pipeline failed
Details
ci/woodpecker/manual/check-mastodon Pipeline failed
Details
ci/woodpecker/manual/check-panel Pipeline failed
Details
ci/woodpecker/manual/check-peertube Pipeline failed
Details
ci/woodpecker/manual/check-pre-commit Pipeline was successful
Details
ci/woodpecker/manual/check-resources Pipeline failed
Details
ci/woodpecker/manual/check-data-model Pipeline was successful
Details
ci/woodpecker/manual/update Pipeline failed
Details
ci/woodpecker/manual/cd Pipeline failed
Details
2025-08-05 15:03:21 +02:00
Kiara Grouwstra
6df2cc78c0
simplify 2025-08-05 12:32:47 +02:00
Kiara Grouwstra
1eae31c876
unverbose 2025-08-05 12:09:06 +02:00
Kiara Grouwstra
4e2f0e810c
enable flakes thru env var
Some checks failed
ci/woodpecker/manual/check-deployment-basic Pipeline failed
Details
ci/woodpecker/manual/check-deployment-cli Pipeline failed
Details
ci/woodpecker/manual/check-deployment-panel Pipeline failed
Details
ci/woodpecker/manual/check-mastodon Pipeline failed
Details
ci/woodpecker/manual/check-panel Pipeline failed
Details
ci/woodpecker/manual/check-peertube Pipeline failed
Details
ci/woodpecker/manual/check-pre-commit Pipeline was successful
Details
ci/woodpecker/manual/check-data-model Pipeline was successful
Details
ci/woodpecker/manual/update Pipeline was successful
Details
ci/woodpecker/manual/check-resources Pipeline was successful
Details
ci/woodpecker/manual/cd Pipeline failed
Details
2025-08-05 11:40:15 +02:00
Kiara Grouwstra
7c8087c0a9
mv woodpecker
Some checks failed
ci/woodpecker/manual/check-deployment-basic Pipeline failed
Details
ci/woodpecker/manual/check-deployment-cli Pipeline failed
Details
ci/woodpecker/manual/check-deployment-panel Pipeline failed
Details
ci/woodpecker/manual/check-mastodon Pipeline failed
Details
ci/woodpecker/manual/check-panel Pipeline failed
Details
ci/woodpecker/manual/check-peertube Pipeline failed
Details
ci/woodpecker/manual/check-pre-commit Pipeline was successful
Details
ci/woodpecker/manual/check-data-model Pipeline was successful
Details
ci/woodpecker/manual/cd Pipeline failed
Details
ci/woodpecker/manual/update Pipeline failed
Details
ci/woodpecker/manual/check-resources Pipeline was successful
Details
2025-08-04 23:32:01 +02:00
Kiara Grouwstra
dcc1fe777e
mount /dev/kvm 
This reverts commit 32a8c011133045f624f23d0cacd6e2b81ccc78eb.

add kvm

kvm
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
93da9b44fd
container dns 
rm dns
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
97db30b3ce
enable firewall 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
c887f0ba92
document nftables 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
cb1f78cd2a
generalize firewall hole 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
232e9b05fc
rm agent exec 
plug hole in firewall

format
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
3eebbda085
disable firewall nftables 
disables nftables for woodpecker, just like for forgejo-ci
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
3c3df517d4
disable exec agent 
make service group setting conditional

make secrets conditional

make things conditional

rm group
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
87fb01b37d
set service groups 
add agent groups
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
ce6ca38b3d
un-template 
none like _file somehow?
 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
fedf8cdf54
fix container agent 2025-08-04 23:32:01 +02:00
Kiara Grouwstra
b52ccfaf33
add woodpecker CI 
add woodpecker

status: agents error `agent could not auth: individual agent not found
by token: sql: no rows in result set`

allow manual

set `image: bash` to initally test `local` woodpecker back-end

split CI jobs

image: `bash` (`local` back-end) -> `nixos/nix` (`docker` back-end)

add debugging lines to CD pipeline to debug error `Could not open a connection to your authentication agent`

add more debug prints to CD

even more debugging

continue debugging

debug harder

explicitly specify flakes as nixos/nix image is missing this

rm /home

update fedi203

wrap faulty statement

fix check-resources

split

strace pkg

un-strace

un-test cd

dedupe image

max 5

un-bash strace

configure user

simplify secrets

set just group for system users

unverbose npins

schema

add flakes

flakes
 2025-08-04 23:32:01 +02:00
Nicolas “Niols” Jeannerod
1f99a4c6c3 listToAttrs o map o attrsToListmapAttrs' (#489) 
Reviewed-on: Fediversity/Fediversity#489
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
 2025-08-01 13:09:26 +02:00
Nicolas “Niols” Jeannerod
588bb77a94 Infra: expose and use checks for vmOptions and nixosConfigurations (#488) 
Following Fediversity/Fediversity#478 (comment), here is a PR that plugs the infra's `vmOptions` and `nixosConfigurations` outputs into flake checks, instead of calling random Nix commands from the CI. There is still a bit of magic in the CI, but that's because we don't have yet a Nix-aware CI that exposes one job per flake check.

Reviewed-on: Fediversity/Fediversity#488
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
 2025-07-31 15:41:02 +02:00
Nicolas “Niols” Jeannerod
df3a070fa4 Infra: get rid of makeResourceModule (#485) 
Reviewed-on: Fediversity/Fediversity#485
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
 2025-07-31 00:49:00 +02:00
Nicolas “Niols” Jeannerod
be72b82875 Link to upstreaming PR for lib.types.fileset (#487) 
Reviewed-on: Fediversity/Fediversity#487
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
 2025-07-30 13:25:22 +02:00
Nicolas “Niols” Jeannerod
1b66028f32 Fix infra and add more tests (#478) 
This PR contains a bunch of small fixes having to do with infra code. The goal is not to fix everything as that would require a full rewrite. Instead, we fix just what is necessary to get some testing going on. Once that is available, we will be able to work on a full refactor with more guarantees. Something of note is that most of the difficulty was to find code that would make both `nixops4 apply` _and_ `nix build .#nixosConfigurations.<machine>` happy. The takeaway is that the tests that we are adding now will not catch a whole class of tests having to do with how NixOps4 wires up the resources. Still, this is probably less significant as we are supposed to use NixOps4 every now and then.

The commits should be read separately.

Reviewed-on: Fediversity/Fediversity#478
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
 2025-07-30 12:31:03 +02:00
Kiara Grouwstra
4509d277d3 move arguments from _module.args to specialArgs (#469) 
Reviewed-on: Fediversity/Fediversity#469
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-23 18:12:55 +02:00
Kiara Grouwstra
e488230d7b updater: make npins command verbose (#477) 
Reviewed-on: Fediversity/Fediversity#477
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-19 13:00:33 +02:00
Kiara Grouwstra
765183cd0d fix typo in users (#475) 
Reviewed-on: Fediversity/Fediversity#475
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-17 19:02:14 +02:00
Kiara Grouwstra
6cf1d87f0b get parity in authorized keys between procolix and root for nixops4 ssh to non-VMs (#474) 
Reviewed-on: Fediversity/Fediversity#474
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-17 18:59:31 +02:00
Kiara Grouwstra
8253288f8a remove pixelfed from CI until fixed (#472) 
this test is still borked as per #33.
the intent would be to get this test on a feature branch pertaining to that issue - the point being we should be able to rely on CI's boolean result for detecting (newly induced) regressions.

Reviewed-on: Fediversity/Fediversity#472
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-17 15:25:17 +02:00
Kiara Grouwstra
67f50f08de enable continuous deployment (#471) 
closes #177

Reviewed-on: Fediversity/Fediversity#471
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-17 10:01:51 +02:00
Kiara Grouwstra
5402178e7b reinstate import statement for panel module, fixes error deploying fedi201 (#468) 
resolves error on CI run https://git.fediversity.eu/Fediversity/Fediversity/actions/runs/1026:

```
123456       error: attempt to call something which is not a function but a path: /nix/store/93yyf22vw60l1j3l6h02c99p93lp55q5-source/panel
       at /nix/store/93yyf22vw60l1j3l6h02c99p93lp55q5-source/machines/dev/fedi201/fedipanel.nix:13:6:
           12|   imports = [
           13|     (../../../panel { }).module
             |      ^
           14|     "${sources.home-manager}/nixos"```
```

Reviewed-on: Fediversity/Fediversity#468
 2025-07-16 20:51:23 +02:00
Kiara Grouwstra
e627815399 pass SHELL env var in CD (#466) 
see #177

Reviewed-on: Fediversity/Fediversity#466
 2025-07-16 18:18:16 +02:00
Kiara Grouwstra
354dba260a verbose CD (#465) 
debugging effort part of #177

Reviewed-on: Fediversity/Fediversity#465
 2025-07-16 14:14:06 +02:00
Valentin Gagarin
b791bd515d pass sources via specialArgs (#464) 
this gets rid of ugly in-place imports and upward paths

Reviewed-on: Fediversity/Fediversity#464
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-committed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
 2025-07-16 10:53:36 +02:00
Kiara Grouwstra
f2017aaeb4 CD: lump SSH commands into a single shell invocation (#462) 
Reviewed-on: Fediversity/Fediversity#462
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-15 13:00:47 +02:00
Kiara Grouwstra
980a994f83 run ssh commands thru the shell (which has openssh) (#461) 
Reviewed-on: Fediversity/Fediversity#461
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-15 12:26:16 +02:00
Kiara Grouwstra
b9b13df04e allow SSH access from continuous deployment (#460) 
Reviewed-on: Fediversity/Fediversity#460
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-15 11:56:22 +02:00
Kiara Grouwstra
159e4107b8 fix Pixelfed test eval failure (#458) 
Reviewed-on: Fediversity/Fediversity#458
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-15 10:38:10 +02:00
fricklerhandwerk
86305a6a2e fix link; readability 2025-07-15 09:04:56 +02:00
Valentin Gagarin
e62f14d9be expose panel tests in flake 2025-07-15 08:54:48 +02:00
Kiara Grouwstra
82f83eea0d fix mastodon test (#457) 
closes #34.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Reviewed-on: Fediversity/Fediversity#457
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-15 08:54:20 +02:00
Kiara Grouwstra
aef414ffe8 resolve regressions from recent qemu files (#432) 
- move import to match module classes
- manually import sources to resolve infinite recursion

closes #431.

Reviewed-on: Fediversity/Fediversity#432
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
 2025-07-11 16:09:27 +02:00