No description
Find a file
silver 1fb4318310
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m14s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
feat: got the pipelines configured now
Update .mailmap

See if making it .mailmap fixes it

Signed-off-by: silver <silver@skynet.ie>

Add .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

feat: initial test of flake update

Signed-off-by: silver <silver@skynet.ie>

test: seeing if I can push changes

testing

fix: set the url of the external plugin correctly

Signed-off-by: silver <silver@skynet.ie>

fix: go back to using nix

fix: update command

Signed-off-by: silver <silver@skynet.ie>

Apply automatic changes

revert 26c7781fad

revert Apply automatic changes

test: add teh cache and colmena build

Signed-off-by: silver <silver@skynet.ie>

test: see if this helps

Signed-off-by: silver <silver@skynet.ie>

test: see if using another plugin will work

Signed-off-by: silver <silver@skynet.ie>

test: the cache key

test: more testing

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

test: s[pplit up teh build and cache propegation

attic push --ignore-upstream-cache-filter mycache $(ls -d /nix/store/*/ | grep -v fake_nixpkgs)

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

revert 35887a8fba

revert Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

fix: no need to upload in pipeline now,

Signed-off-by: silver <silver@skynet.ie>

ci: initial commit of the deploy pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for agenix

test: force pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

ci: testing if I can get this working right

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert b6cd168c38

revert Updated flake for arion

ci: more changes to see if this will help

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert da380ed0f4

revert Updated flake for arion

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert f0ee4a9e69

revert Updated flake for arion

fix: reformatted flake

ci: testing out deploy

ci: testing out deploy, new ssh manager

ci: more testing

ci: see if going back to basics helps

ci: test a few things

ci: test a few things

ci: for testing

ci: more testing

ci: some bastardisation for thbe ssh

ci: more testing

ci: check if setting root as teh user helps

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: more testing

ci: more testing

ci: more testing

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: clean up testing

ci: final tests

ci:: final, fixing

ci: need logging

ci: more testing

ci: gahhhhhhhhhh

ci: AAAAAAAAAAAAAAAAAA

ci: lets go back

ci: lets go backaaaaaaaa

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: add the final deploy config

Add .forgejo/workflows/testing.yaml

(cherry picked from commit f2cf71ef98)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit e156b61105)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 80e1fcc545)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 423f2dd5b3)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit f446ba5443)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 44a7186a40)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit ed0be4507a)
2024-08-07 22:10:16 +01:00
.forgejo/workflows feat: got the pipelines configured now 2024-08-07 22:10:16 +01:00
.gitlab/issue_templates misc: added other important info 2023-08-11 08:04:24 +00:00
applications feat: basic forgejo setup 2024-08-07 21:52:50 +01:00
config committee: added Emilia 2024-07-21 21:18:06 +01:00
ITD Update VPN_Admins.csv 2024-07-22 13:01:37 +00:00
machines feat: basic forgejo setup 2024-08-07 21:52:50 +01:00
secrets feat: basic forgejo setup 2024-08-07 21:52:50 +01:00
sync doc: added instructions on how to force a new linking for teh sync 2023-12-27 23:04:26 +00:00
.gitattributes git: enforce use of LF since we have linux servers 2023-08-07 02:11:07 +01:00
.gitignore git: update the lockfile to deal with open office 2024-06-17 01:17:27 +01:00
.gitlab-ci.yml ci: improve teh pipeline 2024-07-20 14:16:55 +01:00
.mailmap feat: got the pipelines configured now 2024-08-07 22:10:16 +01:00
flake.lock feat: basic config for ForgeJo 2024-08-06 20:52:19 +01:00
flake.nix dns: use better date for teh serial 2024-07-20 12:28:53 +01:00
Possible_Server_Names.md doc: added a new page for names ideas 2024-06-17 20:58:33 +01:00
README.md [skip ci] fix: bump nixpkgs 2024-02-04 20:17:46 +00:00

Skynet

This is teh core config for teh skynet cluster which uses NixOS.

Dev

Prep

  1. Install Nix
  2. Enable Flakes

The system ye use does nto matter much, I (@silver) use nix in wsl and it works grand.

Shell

Now ye got nix installed and flakes enabled run nix develop in the root folder (same place this readme is).
The dev dependencies you need to work with the project will be automatically installed.
The specific config for this can be found here.

Specifically it installs Colmena and Agenix.
Colmena is a build and deployment tool, Agenix is for secret management.

All following commands are inside the shell.

Colmena

Building

To build all nodes (servers) run:

colmena build

To build a specific one

colmena build --on skynet

To build a group (for example the dns servers)

colmena build --on @active-dns

Deploy

Deploying is putting (apply-ing) the config tat was built onto the server, there is no need to build first, it will automatically do so.

While the recommended way of deploying is using the CI/CD process there are times when you will have to manually deploy the config.
One such case is the @active-gitlab group if either Gitlab or Gitlab-runner got updated.
Another is if ye have fecked up DNS.

Your ~/.ssh/config should be set up as follows and you should be a member of skynet-admins-linux

Host *.skynet.ie 193.1.99.* 193.1.96.165
   User username
   IdentityFile ~/.ssh/skynet/username
   IdentitiesOnly yes

Then you can run the following commands like so:

colmena apply
colmena apply --on @active-dns
colmena apply --on @active-gitlab

The CI/CD pipeline has a manual job that can be triggered to update @active-gitlab if you know it wont cause issues.

Agenix

Agenix is for storing secrets in an encrypted manner using ssh keys.

All these commands require you to be in the secrets folder cd secrets

Prep

  1. Go to yer .ssh folder and see if you have a id_ed25519 key (tutorial)
  2. Make a pull request to add (id_ed25519.pub) to the secrets config.
  3. An existing admin will pull, run agenix --rekey and commit changes.
  4. Once committed and pushed up and merged in, you will be able to edit secrets.

id_ed25519 is preferred due to its neatness and security (Yes @silver is pedantic.)

Editing

When editing a terminal editor will open (nano).
You must use teh path defined in the secrets.nix file.

agenix -e stream_ulfm.age
agenix -e ldap/self_service.age
agenix -e gitlab/runners/runner01.age

Updating inputs

Occasionally you will want to update the inputs for the project.
It is best to do this every few months or so, there is always a risk of things changing so a small pain often is better than a nightmare if left longer.
As seen in this merge request the layout of one config changed which had to be fixed.

We should be updating nixpkgs at least once a semester, ideally to teh next NixOS release so we cna show ITD our servers are patched and up to date.

nix flake lock --update-input nixpkgs
# newser versions
nix flake update nixpkgs

Formatting

Formatting helps keep everything nice and consistent.
The pipeline will only run if the file is correctly formatted.

nix fmt