Recently many machines runs out of disk space regularly.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os):
Free 150GiB instead of 90 GiB.
* hydra/modules/sysadmin/services.scm (cuirass-without-fiber-tests)[inputs]:
Use "guile-3.0/libgc-7" instead of "guile" to workaround libgc memory issues.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)[childhurd-os]:
Use CHILDHURD-GC-JOB, no GC-JOB.
[childhurd-gc-job]: GC at 2PM too.
This enables offloading as user "hydra" to a childhurd.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os):
[childhurd-os]<users>: Add "hydra" user.
<services>: Modify openssh-service-type to set their SSH-key.
This is a followup to Guix commit
0996fcc657593955845c2761d7eb0f656149fe11.
* hydra/modules/sysadmin/services.scm (cleanup-cuirass-roots): Add
".iso" suffix.
Using --cpu base fixes booting the Hurd in QEMU with --enable-kvm.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)
[services]: : Override "options" field; keeping default "--snaphot"
and adding "--cpu" "base".
* hydra/modules/sysadmin/services.scm (disk-space-check)
(disk-space-mcron-jobs, disk-space-watchdog-service-type): New
variables.
* hydra/berlin.scm <services>: Use it.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)
[childhurd-net-options]: Include secret-service local QEMU forwarding.
Use variables from (gnu services virtualization).
For now build machines have guix-daemon "--max-jobs" option unset, which means
that at most one job is allowed to be built by the daemon. By setting max-jobs
to 20, we should be able to make better use of berlin build-machines.
* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os): Add
max-jobs, max-cores and build-accounts-to-max-jobs-ratio arguments. Pass them
to "guix-configuration" record.
* hydra/berlin-nodes.scm: Adapt accordingly to allow at most 20 concurrent
jobs.
* hydra/modules/sysadmin/web.scm (build-program): Use the latest Guile as we
are including Guix modules, which are compiled with a later Guile than the one
used by "program-file".
* hydra/modules/sysadmin/build-machines.scm (childhurd-ip?): New
procedure.
(berlin-new-build-machine-os): Add #:childhurd parameter. If set, add
a Childhurd service.
* hydra/machines-for-berlin.scm (x86_64->childhurd): New procedure.
(x86_64): Use them to define childhurd offload machines.
* hydra/berlin-nodes.scm: Add Childhurd service to the first two
nodes.
* hydra/modules/sysadmin/services.scm (%goggles-irc-log-directory): New
varaible.
(%goggles-activation): Create it and chmod it.
(goggles-shepherd-services): Add it to #:mappings.
* hydra/modules/sysadmin/services.scm (cuirass-specs): Set iso9660-image build
output type to "ISO-9660". It will now be displayed by Cuirass in the Web
interface.
Cuirass recently gained build output support. This means that it is possible
to indicate from the specifications which files from a job output should be
made available for download via the Web UI.
Use it to make ISO9660 images available for download.
* hydra/modules/sysadmin/services.scm (cuirass-specs): Add build-outputs
support.
Support selecting specifications by branch, so that Bayfront can be
configured only to build master.
* hydra/modules/sysadmin/services.scm (cuirass-specs): Support
selecting specifications by branch.
(frontend-services): Add a #:branches parameter, and pass this to
cuirass-specs.
* hydra/modules/sysadmin/services.scm (cleanup-cuirass-roots): Add
iso9660-image derivations to clean-up.
This is a follow-up of f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa0..
So that bayfront can have more build accounts.
* hydra/modules/sysadmin/services.scm (guix-daemon-config): Add
#:build-accounts-to-max-jobs-ratio as a parameter.
(frontend-services): Add #:build-accounts-to-max-jobs-ratio as a
parameter, and pass the value to guix-daemon-config.
* hydra/modules/sysadmin/services.scm (not-config?): New procedure.
(cleanup-cuirass-roots): Wrap gexp in 'with-extensions' and
'with-imported-modules'.
[root-target, derivation-referrers, delete-gc-root-for-derivation]: New
procedures. Delete GC roots for the referrers of DELETED.
Arguments to 'file-system-fold' now preserve RESULT.
* hydra/modules/sysadmin/services.scm (cleanup-cuirass-roots)[handle-gc-root]:
Rename last argument to 'deleted'. Cons FILE to DELETED when it's
actually deleted.
[deleted]: New variable.
Iterate over it to create "/gnu/big-stuff".
Reported by Christopher Baines <mail@cbaines.net>.
* hydra/modules/sysadmin/services.scm (cleanup-cuirass-roots):
Remove *-installation in addition to *-disk-image.
* hydra/modules/sysadmin/services.scm (guix-daemon-config): Set
'build-accounts' to 4 times MAX-JOBS. Bayfront without offloading was
hitting its max number of build users.
This is a machine run by Hetzner, managed by Christopher Baines. It
currently runs an instance of the Guix Data Service.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone): Change "data" to
point at 78.47.68.4, and update the serial.
This matches what 'machines-for-berlin.scm' says.
* hydra/modules/sysadmin/build-machines.scm (berlin-build-machine-os):
Add #:emulated-architectures. Add 'qemu-binfmt-service' only when
EMULATED-ARCHITECTURES is non-empty.
* hydra/berlin-nodes.scm (system-for): Pass #:emulated-architectures to
'berlin-build-machine-os'.
* hydra/modules/sysadmin/dns.scm (berlin-ip6): Remove. This was a
link-local address that should not be advertised.
(guix.gnu.org.zone): Remove AAAA records for BERLIN-IP6.
(guix.gnu.org-zone): Update serial number.
This is a followup to af97a34c50.
Previously we were capturing (%repository-cache-directory) upon 'guix
system reconfigure', meaning it was always "/root/.cache/…".
* hydra/modules/sysadmin/web.scm (build-program)[build]: When
CACHE-DIRECTORY is true, prepend (%repository-cache-directory).
* hydra/berlin.scm: Remove 'cache-directory' field for
"/srv/guix-manual". Change the 'cache-directory' field of
"/srv/guix-manual-devel" to a relative file name.
* hydra/modules/sysadmin/web.scm (static-web-site-configuration): Allow to
pass a custom cache directory.
(static-web-site-mcron-jobs): Pass it to build-program.
(build-program): Accept a cache-directory argument and use it to
customize the name of the checkout directory.
* hydra/berlin.scm (static-web-site-service-type): Use a custom cache-directory
for the manuals of both stable and 'master' releases.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) [ci]: Change this
to an A record holding the berlin-ip4 address.
(guix.gnu.org-zone) [serial]: Increment it.
Before this change, we could not renew our letsencrypt certificates.
After this change, we should be able to renew them again.
Reported by nckx and Ricardo Wurmus <rekado@elephly.net>.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <@>: Replace the
string "letsencrypt" with "letsencrypt.org".
(guix.gnu.org-zone): Increase the zone's serial to 2019072122.
This is a follow-up to commit
44674b7044.
* hydra/modules/sysadmin/build-machines.scm (berlin-build-machine-os):
Pass mcron-configuration to mcron-service-type.
* hydra/modules/sysadmin/web.scm (build-program): Add
#:environment-variables parameter and honor it.
(<static-web-site-configuration>)[environment-variables]: New field.
(static-web-site-mcron-jobs): Pass #:environment-variables to
'build-program'.
* hydra/modules/sysadmin/build-machines.scm (build-machine-os): Use
'file-system-label' instead of (title 'label). Use the 'service' form
instead of 'dhcp-client-service' and 'mcron-service'.
(berlin-build-machine-os): Likewise.
* hydra/modules/sysadmin/web.scm (build-program): Add #:file, #:ref, and
#:name parameters, and honor them.
(<static-web-site-configuration>): New record type.
(static-web-site-mcron-jobs, static-web-site-activation)
(static-web-site-accounts): New procedures.
(static-web-site-service-type): New variable.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <ci>: Change this
CNAME record's value to d1aw3orh0yrgph.cloudfront.net.
(guix.gnu.org-zone) <serial>: Increment it.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <ci>: Change this
to an A record with berlin's address.
(guix.gnu.org-zone) <serial>: Increase it.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <ci>: Change this
CNAME record's value to d1aw3orh0yrgph.cloudfront.net
(guix.gnu.org-zone) <serial>: Increment it.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <@>: Add CAA
records allowing "letsencrypt", "amazon.com", "amazontrust.com",
"awstrust.com", and "amazonaws.com" to issue certificates. This was
not required for the guix.info zone because it lacked CAA records, but
the gnu.org zone already has a CAA record, so here it is required.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
These were unused since commit
a94e1be874.
* hydra/nginx/berlin-locations.conf,
hydra/nginx/berlin.conf: Remove.
* hydra/modules/sysadmin/services.scm (frontend-services): Add
NGINX-SERVICE-TYPE only when NGINX-CONFIG-FILE is true.
* hydra/berlin.scm (services): Remove #:nginx-config-file argument to
'frontend-services'.
* hydra/modules/sysadmin/dns.scm (berlin-ip6): New variable.
(guix.gnu.org.zone): Change "@" to point to berlin rather than gnu.org.
Add "issues" A and AAAA records.
ACM requires us to create a CNAME under ci.guix.gnu.org to prove
domain ownership. It does not require ci.guix.gnu.org itself to be a
CNAME; we can make ci.guix.gnu.org whatever we want.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone) <ci>: Remove this
CNAME record.
<_82c0b5947777eb0bee604d5d2061d85f.ci>: New CNAME.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Suggested by Rubén Rodriguez.
* hydra/modules/sysadmin/dns.scm (guix.gnu.org.zone): Remove "ns1" and
"ns2" NS records. That way, gnu.org can answer for us.
This is a followup to Guix commit
b5f8c2c88543158e8aca76aa98f9009f6b9e743a. Since evaluation now takes
place in an inferior, it's important that the Guix that builds that
inferior has no interference from the Guix-to-build; IOW, we must not
add the Guix-to-build to the load path. Failing to do that can lead to
errors such as patches not found, due to a faulty %PATCH-PATH that
refers to the Guix-to-build.
* hydra/modules/sysadmin/services.scm (cuirass-specs): Set
#:load-path-inputs to the empty list for all the job sets.
* hydra/modules/sysadmin/services.scm (frontend-services): Increase
default NAR-TTL to 90 days. See Cuirass 'ttl' to a third of NAR-TTL.
* hydra/bayfront.scm: Pass #:nar-ttl to 'frontend-services'.
"build-aux/cuirass/guix-modular.scm" is designed to *not* rely on the
latest Guix modules. Adding those to its load path led it to require
guile-gcrypt, which would fail if the host system did not have it
installed.
* hydra/modules/sysadmin/services.scm (cuirass-specs): For
"guix-modular-master", keep #:load-path-inputs empty.
* hydra/modules/sysadmin/services.scm (guix-input): Take a NAME argument.
(cuirass-specs): Use the correct input names. Rename '#:proc-arguments' to
'#:proc-args'. Add specifications for the "staging" and "core-updates"
branches. Add missing '#:load-path-inputs' and '#:package-path-inputs'
fields.
This was possible since Guix commit
66bc1d2aaf74fc7eb4ef9b3519c69bd37142ffb3.
* hydra/modules/sysadmin/services.scm (%cuirass-specs): Rename to...
(cuirass-specs): ... this. Make it a procedure. Change the
configuration to use "build-aux/cuirass/gnu-system.scm" and pass
'systems' in #:arguments.
(frontend-services): Add #:systems and adjust accordingly.
* hydra/berlin-new.scm <top level>: Pass #:systems to
'frontend-services'.
* hydra/modules/sysadmin/services.scm: New file.
* hydra/bayfront.scm: Use it.
(%gc-jobs, %certbot-job, %guix-daemon-config, start-firewall)
(firewall-service, %nginx-mime-types, %nginx-cache-activation)
(%cuirass-specs): Remove.
<top level>: Trim 'services' list and use 'frontend-services'.
* hydra/berlin.scm: Likewise.
* hydra/berlin-new.scm: Likewise.