diff options
Diffstat (limited to 'ops')
31 files changed, 635 insertions, 462 deletions
diff --git a/ops/besadii/default.nix b/ops/besadii/default.nix index 1199c56cfb94..424fa19b2b44 100644 --- a/ops/besadii/default.nix +++ b/ops/besadii/default.nix @@ -1,5 +1,5 @@ # This program is used as a Gerrit hook to trigger builds on -# Buildkite, Sourcegraph reindexing and other maintenance tasks. +# Buildkite and perform other maintenance tasks. { depot, ... }: depot.nix.buildGo.program { diff --git a/ops/besadii/main.go b/ops/besadii/main.go index 809acc29e8b4..aacd8f176ecf 100644 --- a/ops/besadii/main.go +++ b/ops/besadii/main.go @@ -8,7 +8,6 @@ // // Gerrit (ref-updated) hook: // - Trigger Buildkite CI builds -// - Trigger SourceGraph repository index updates // // Buildkite (post-command) hook: // - Submit CL verification status back to Gerrit @@ -55,10 +54,6 @@ type config struct { BuildkiteProject string `json:"buildkiteProject"` BuildkiteToken string `json:"buildkiteToken"` GerritChangeName string `json:"gerritChangeName"` - - // Optional configuration for Sourcegraph trigger updates. - SourcegraphUrl string `json:"sourcegraphUrl"` - SourcegraphToken string `json:"sourcegraphToken"` } // buildTrigger represents the information passed to besadii when it @@ -154,11 +149,6 @@ func loadConfig() (*config, error) { return nil, fmt.Errorf("invalid 'gerritChangeName': %s", cfg.GerritChangeName) } - // Rudimentary config validation logic - if cfg.SourcegraphUrl != "" && cfg.SourcegraphToken == "" { - return nil, fmt.Errorf("'SourcegraphToken' must be set if 'SourcegraphUrl' is set") - } - if cfg.Repository == "" || cfg.Branch == "" { return nil, fmt.Errorf("missing repository configuration (required: repository, branch)") } @@ -299,26 +289,6 @@ func triggerBuild(cfg *config, log *syslog.Writer, trigger *buildTrigger) error return nil } -// Trigger a Sourcegraph repository index update. -// -// https://docs.sourcegraph.com/admin/repo/webhooks -func triggerIndexUpdate(cfg *config, log *syslog.Writer) error { - req, err := http.NewRequest("POST", cfg.SourcegraphUrl, nil) - if err != nil { - return err - } - - req.Header.Add("Authorization", "token "+cfg.SourcegraphToken) - - _, err = http.DefaultClient.Do(req) - if err != nil { - return fmt.Errorf("failed to trigger Sourcegraph index update: %w", err) - } - - log.Info("triggered sourcegraph index update") - return nil -} - // Gerrit passes more flags than we want, but Rob Pike decided[0] in // 2013 that the Go art project will not allow users to ignore flags // because he "doesn't like it". This function allows users to ignore @@ -458,13 +428,6 @@ func gerritHookMain(cfg *config, log *syslog.Writer, trigger *buildTrigger) { if err != nil { log.Err(fmt.Sprintf("failed to trigger Buildkite build: %s", err)) } - - if cfg.SourcegraphUrl != "" && trigger.ref == cfg.Branch { - err = triggerIndexUpdate(cfg, log) - if err != nil { - log.Err(fmt.Sprintf("failed to trigger sourcegraph index update: %s", err)) - } - } } func postCommandMain(cfg *config) { diff --git a/ops/buildkite/tvl.tf b/ops/buildkite/tvl.tf index 4c45909a0c36..ee032a5143cb 100644 --- a/ops/buildkite/tvl.tf +++ b/ops/buildkite/tvl.tf @@ -8,7 +8,9 @@ terraform { } backend "s3" { - endpoint = "https://objects.dc-sto1.glesys.net" + endpoints = { + s3 = "https://objects.dc-sto1.glesys.net" + } bucket = "tvl-state" key = "terraform/tvl-buildkite" region = "glesys" @@ -16,6 +18,8 @@ terraform { skip_credentials_validation = true skip_region_validation = true skip_metadata_api_check = true + skip_requesting_account_id = true + skip_s3_checksum = true } } diff --git a/ops/journaldriver/Cargo.lock b/ops/journaldriver/Cargo.lock index 97bbe16ceb4c..eaf87cc525e3 100644 --- a/ops/journaldriver/Cargo.lock +++ b/ops/journaldriver/Cargo.lock @@ -4,18 +4,18 @@ version = 3 [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" [[package]] name = "base64" @@ -25,9 +25,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "build-env" @@ -37,11 +37,11 @@ checksum = "e068f31938f954b695423ecaf756179597627d0828c0d3e48c0a722a8b23cf9e" [[package]] name = "cc" -version = "1.0.84" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f8e7c90afad890484a21653d08b6e209ae34770fb5ee298f9c699fcc1e5c856" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ - "libc", + "shlex", ] [[package]] @@ -73,9 +73,9 @@ dependencies = [ [[package]] name = "curl" -version = "0.4.44" +version = "0.4.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "509bd11746c7ac09ebd19f0b17782eae80aadee26237658a6b4808afb5c11a22" +checksum = "1e2161dd6eba090ff1594084e95fd67aeccf04382ffea77999ea94ed42ec67b6" dependencies = [ "curl-sys", "libc", @@ -83,14 +83,14 @@ dependencies = [ "openssl-sys", "schannel", "socket2", - "winapi", + "windows-sys 0.52.0", ] [[package]] name = "curl-sys" -version = "0.4.68+curl-8.4.0" +version = "0.4.74+curl-8.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4a0d18d88360e374b16b2273c832b5e57258ffc1d4aa4f96b108e0738d5752f" +checksum = "8af10b986114528fcdc4b63b6f5f021b7057618411046a4de2ba0f0149a097bf" dependencies = [ "cc", "libc", @@ -98,14 +98,14 @@ dependencies = [ "openssl-sys", "pkg-config", "vcpkg", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "deranged" -version = "0.3.9" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", "serde", @@ -113,9 +113,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" +checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" dependencies = [ "humantime", "is-terminal", @@ -125,16 +125,6 @@ dependencies = [ ] [[package]] -name = "errno" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c18ee0ed65a5f1f81cac6b1d213b69c35fa47d4252ad41f1486dbd8226fe36e" -dependencies = [ - "libc", - "windows-sys", -] - -[[package]] name = "foreign-types" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -178,9 +168,9 @@ checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b" [[package]] name = "hermit-abi" -version = "0.3.3" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "humantime" @@ -190,20 +180,20 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "is-terminal" -version = "0.4.9" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", - "rustix", - "windows-sys", + "libc", + "windows-sys 0.52.0", ] [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "journaldriver" @@ -224,15 +214,15 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libsystemd-sys" @@ -247,9 +237,9 @@ dependencies = [ [[package]] name = "libz-sys" -version = "1.1.12" +version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d97137b25e321a73eef1418d1d5d2eda4d77e12813f8e6dead84bc52c5870a7b" +checksum = "d2d16453e800a8cf6dd2fc3eb4bc99b786a9b90c663b8559a5b1a041bf89e472" dependencies = [ "cc", "libc", @@ -258,16 +248,10 @@ dependencies = [ ] [[package]] -name = "linux-raw-sys" -version = "0.4.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" - -[[package]] name = "log" -version = "0.4.20" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "medallion" @@ -285,21 +269,27 @@ dependencies = [ [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl" -version = "0.10.59" +version = "0.10.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a257ad03cd8fb16ad4172fedf8094451e1af1c4b70097636ef2eac9a5f0cc33" +checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" dependencies = [ "bitflags", "cfg-if", @@ -329,9 +319,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-sys" -version = "0.9.95" +version = "0.9.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40a4130519a360279579c2053038317e40eff64d13fd3f004f9e1b72b8a6aaf9" +checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" dependencies = [ "cc", "libc", @@ -341,9 +331,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "powerfmt" @@ -353,27 +343,27 @@ checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] [[package]] name = "regex" -version = "1.10.2" +version = "1.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" dependencies = [ "aho-corasick", "memchr", @@ -383,9 +373,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -394,52 +384,39 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" - -[[package]] -name = "rustix" -version = "0.38.21" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3" -dependencies = [ - "bitflags", - "errno", - "libc", - "linux-raw-sys", - "windows-sys", -] +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "serde" -version = "1.0.192" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.192" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", @@ -448,30 +425,37 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] [[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] name = "socket2" -version = "0.4.10" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", - "winapi", + "windows-sys 0.52.0", ] [[package]] name = "syn" -version = "2.0.39" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -494,21 +478,22 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.3.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] [[package]] name = "time" -version = "0.3.30" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ "deranged", "itoa", + "num-conv", "powerfmt", "serde", "time-core", @@ -523,10 +508,11 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.15" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" +checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" dependencies = [ + "num-conv", "time-core", ] @@ -549,54 +535,42 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] -name = "winapi" -version = "0.3.9" +name = "winapi-util" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", + "windows-sys 0.59.0", ] [[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-util" -version = "0.1.6" +name = "windows-sys" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "winapi", + "windows-targets", ] [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - -[[package]] name = "windows-sys" -version = "0.48.0" +version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -605,42 +579,48 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf index 923ac1939712..d5698700ce58 100644 --- a/ops/keycloak/main.tf +++ b/ops/keycloak/main.tf @@ -10,20 +10,29 @@ terraform { } backend "s3" { - endpoint = "https://objects.dc-sto1.glesys.net" - bucket = "tvl-state" - key = "terraform/tvl-keycloak" - region = "glesys" + endpoints = { + s3 = "https://objects.dc-sto1.glesys.net" + } + bucket = "tvl-state" + key = "terraform/tvl-keycloak" + region = "glesys" skip_credentials_validation = true skip_region_validation = true skip_metadata_api_check = true + skip_requesting_account_id = true + skip_s3_checksum = true } } provider "keycloak" { client_id = "terraform" url = "https://auth.tvl.fyi" + # NOTE: Docs mention this applies to "users of the legacy distribution of keycloak". + # However, we get a "failed to perform initial login to Keycloak: error + # sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found" + # if we don't set this. + base_path = "/auth" } resource "keycloak_realm" "tvl" { diff --git a/ops/keycloak/user_sources.tf b/ops/keycloak/user_sources.tf index 01307fff8df5..7fa71e36fbb2 100644 --- a/ops/keycloak/user_sources.tf +++ b/ops/keycloak/user_sources.tf @@ -22,6 +22,13 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" { "inetOrgPerson", "organizationalPerson", ] + + lifecycle { + # Without this, terraform wants to recreate the resource. + ignore_changes = [ + delete_default_mappers + ] + } } # keycloak_oidc_identity_provider.github will be destroyed @@ -29,7 +36,7 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" { resource "keycloak_oidc_identity_provider" "github" { alias = "github" provider_id = "github" - client_id = "6d7f8bb2e82bb6739556" + client_id = "Iv23liXfGNIr7InMg5Uo" client_secret = var.github_client_secret realm = keycloak_realm.tvl.id backchannel_supported = false diff --git a/ops/kontemplate/default.nix b/ops/kontemplate/default.nix index 1190869c3fda..be01f9e4f698 100644 --- a/ops/kontemplate/default.nix +++ b/ops/kontemplate/default.nix @@ -12,12 +12,11 @@ { lib, pkgs, ... }: -pkgs.buildGoPackage rec { +pkgs.buildGoModule rec { name = "kontemplate-${version}"; version = "canon"; src = ./.; - goPackagePath = "github.com/tazjin/kontemplate"; - goDeps = ./deps.nix; + buildInputs = [ pkgs.parallel ]; # Enable checks and configure check-phase to include vet: @@ -28,6 +27,8 @@ pkgs.buildGoPackage rec { done ''; + vendorHash = "sha256-xPGVM2dq5fAVOiuodOXhDm3v3k+ncNLhlk6aCtF5S9E="; + meta = with lib; { description = "A resource templating helper for Kubernetes"; homepage = "http://kontemplate.works/"; diff --git a/ops/kontemplate/deps.nix b/ops/kontemplate/deps.nix deleted file mode 100644 index 7693968bd550..000000000000 --- a/ops/kontemplate/deps.nix +++ /dev/null @@ -1,111 +0,0 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.3.0 -[ - { - goPackagePath = "github.com/Masterminds/goutils"; - fetch = { - type = "git"; - url = "https://github.com/Masterminds/goutils"; - rev = "41ac8693c5c10a92ea1ff5ac3a7f95646f6123b0"; - sha256 = "180px47gj936qyk5bkv5mbbgiil9abdjq6kwkf7sq70vyi9mcfiq"; - }; - } - { - goPackagePath = "github.com/Masterminds/semver"; - fetch = { - type = "git"; - url = "https://github.com/Masterminds/semver"; - rev = "5bc3b9184d48f1412b300b87a200cf020d9254cf"; - sha256 = "1vdfm653v50jf63cw0kg2hslx50cn4mk6lj3p51bi11jrg48kfng"; - }; - } - { - goPackagePath = "github.com/Masterminds/sprig"; - fetch = { - type = "git"; - url = "https://github.com/Masterminds/sprig"; - rev = "6f509977777c33eae63b2136d97f7b976cb971cc"; - sha256 = "05h9k6fhjxnpwlihj3z02q9kvqvnq53jix0ab84sx0666bci3cdh"; - }; - } - { - goPackagePath = "github.com/alecthomas/template"; - fetch = { - type = "git"; - url = "https://github.com/alecthomas/template"; - rev = "fb15b899a75114aa79cc930e33c46b577cc664b1"; - sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26"; - }; - } - { - goPackagePath = "github.com/alecthomas/units"; - fetch = { - type = "git"; - url = "https://github.com/alecthomas/units"; - rev = "c3de453c63f4bdb4dadffab9805ec00426c505f7"; - sha256 = "0js37zlgv37y61j4a2d46jh72xm5kxmpaiw0ya9v944bjpc386my"; - }; - } - { - goPackagePath = "github.com/ghodss/yaml"; - fetch = { - type = "git"; - url = "https://github.com/ghodss/yaml"; - rev = "25d852aebe32c875e9c044af3eef9c7dc6bc777f"; - sha256 = "1w9yq0bxzygc4qwkwwiy7k1k1yviaspcqqv18255k2xkjv5ipccz"; - }; - } - { - goPackagePath = "github.com/google/uuid"; - fetch = { - type = "git"; - url = "https://github.com/google/uuid"; - rev = "c2e93f3ae59f2904160ceaab466009f965df46d6"; - sha256 = "0zw8fvl6jqg0fmv6kmvhss0g4gkrbvgyvl2zgy5wdbdlgp4fja0h"; - }; - } - { - goPackagePath = "github.com/huandu/xstrings"; - fetch = { - type = "git"; - url = "https://github.com/huandu/xstrings"; - rev = "8bbcf2f9ccb55755e748b7644164cd4bdce94c1d"; - sha256 = "1ivvc95514z63k7cpz71l0dwlanffmsh1pijhaqmp41kfiby8rsx"; - }; - } - { - goPackagePath = "github.com/imdario/mergo"; - fetch = { - type = "git"; - url = "https://github.com/imdario/mergo"; - rev = "4c317f2286be3bd0c4f1a0e622edc6398ec4656d"; - sha256 = "0bihha1qsgfjk14yv1hwddv3d8dzxpbjlaxwwyys6lhgxz1cr9h9"; - }; - } - { - goPackagePath = "golang.org/x/crypto"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/crypto"; - rev = "9756ffdc24725223350eb3266ffb92590d28f278"; - sha256 = "0q7hxaaq6lp0v8qqzifvysl47z5rfdlrxkh3d29vsl3wyby3dxl8"; - }; - } - { - goPackagePath = "gopkg.in/alecthomas/kingpin.v2"; - fetch = { - type = "git"; - url = "https://gopkg.in/alecthomas/kingpin.v2"; - rev = "947dcec5ba9c011838740e680966fd7087a71d0d"; - sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r"; - }; - } - { - goPackagePath = "gopkg.in/yaml.v2"; - fetch = { - type = "git"; - url = "https://gopkg.in/yaml.v2"; - rev = "51d6538a90f86fe93ac480b35f37b2be17fef232"; - sha256 = "01wj12jzsdqlnidpyjssmj0r4yavlqy7dwrg7adqd8dicjc4ncsa"; - }; - } -] diff --git a/ops/kontemplate/go.mod b/ops/kontemplate/go.mod new file mode 100644 index 000000000000..e3ae158ea2e2 --- /dev/null +++ b/ops/kontemplate/go.mod @@ -0,0 +1,25 @@ +module github.com/tazjin/kontemplate + +go 1.22.3 + +require ( + github.com/Masterminds/sprig/v3 v3.2.3 + github.com/alecthomas/kingpin/v2 v2.4.0 + github.com/ghodss/yaml v1.0.0 +) + +require ( + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect + github.com/google/uuid v1.1.1 // indirect + github.com/huandu/xstrings v1.3.3 // indirect + github.com/imdario/mergo v0.3.11 // indirect + github.com/mitchellh/copystructure v1.0.0 // indirect + github.com/mitchellh/reflectwalk v1.0.0 // indirect + github.com/shopspring/decimal v1.2.0 // indirect + github.com/spf13/cast v1.3.1 // indirect + github.com/xhit/go-str2duration/v2 v2.1.0 // indirect + golang.org/x/crypto v0.3.0 // indirect + gopkg.in/yaml.v2 v2.3.0 // indirect +) diff --git a/ops/kontemplate/go.sum b/ops/kontemplate/go.sum new file mode 100644 index 000000000000..754cffbcb8f6 --- /dev/null +++ b/ops/kontemplate/go.sum @@ -0,0 +1,75 @@ +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY= +github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/ops/kontemplate/main.go b/ops/kontemplate/main.go index e55d42465c6b..c98229f5cd97 100644 --- a/ops/kontemplate/main.go +++ b/ops/kontemplate/main.go @@ -21,9 +21,9 @@ import ( "os/exec" "strings" + "github.com/alecthomas/kingpin/v2" "github.com/tazjin/kontemplate/context" "github.com/tazjin/kontemplate/templater" - "gopkg.in/alecthomas/kingpin.v2" ) const version string = "1.8.0" diff --git a/ops/kontemplate/templater/templater.go b/ops/kontemplate/templater/templater.go index a8f0c670a603..86cbad459f5b 100644 --- a/ops/kontemplate/templater/templater.go +++ b/ops/kontemplate/templater/templater.go @@ -20,7 +20,7 @@ import ( "strings" "text/template" - "github.com/Masterminds/sprig" + "github.com/Masterminds/sprig/v3" "github.com/tazjin/kontemplate/context" "github.com/tazjin/kontemplate/util" ) diff --git a/ops/kontemplate/util/util.go b/ops/kontemplate/util/util.go index 56fa1e3fc9c5..f96f5c1d7aa4 100644 --- a/ops/kontemplate/util/util.go +++ b/ops/kontemplate/util/util.go @@ -29,13 +29,29 @@ func Merge(in1 *map[string]interface{}, in2 *map[string]interface{}) *map[string return in1 } + // The maps are map[string]interface{} with unknown depth. + // Loop over both maps into every level and merge them. new := make(map[string]interface{}) + for k, v := range *in1 { new[k] = v } for k, v := range *in2 { - new[k] = v + if existing, ok := new[k]; ok { + // If both values are maps, merge them recursively + if existingMap, ok := existing.(map[string]interface{}); ok { + if newMap, ok := v.(map[string]interface{}); ok { + new[k] = *Merge(&existingMap, &newMap) + } else { + new[k] = v + } + } else { + new[k] = v + } + } else { + new[k] = v + } } return &new diff --git a/ops/kontemplate/util/util_test.go b/ops/kontemplate/util/util_test.go index 53c56081758c..328add3d250f 100644 --- a/ops/kontemplate/util/util_test.go +++ b/ops/kontemplate/util/util_test.go @@ -47,6 +47,9 @@ func TestMergeWithNilMap(t *testing.T) { func TestMergeMaps(t *testing.T) { map1 := map[string]interface{}{ "foo": "bar", + "baz": map[string]interface{}{ + "qux": "quux", + }, } map2 := map[string]interface{}{ @@ -56,6 +59,9 @@ func TestMergeMaps(t *testing.T) { result := Merge(&map1, &map2) expected := map[string]interface{}{ "foo": "bar", + "baz": map[string]interface{}{ + "qux": "quux", + }, "bar": "baz", } diff --git a/ops/machines/all-systems.nix b/ops/machines/all-systems.nix index c4382fbddb2a..14a8b6b26a11 100644 --- a/ops/machines/all-systems.nix +++ b/ops/machines/all-systems.nix @@ -3,6 +3,7 @@ (with depot.ops.machines; [ sanduny whitby + nixery-01 ]) ++ (with depot.users.tazjin.nixos; [ diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 6a8ee56abc47..7bc02a3fe524 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -11,8 +11,10 @@ in imports = [ (mod "atward.nix") (mod "cgit.nix") + (mod "cheddar.nix") (mod "clbot.nix") (mod "gerrit-autosubmit.nix") + (mod "harmonia.nix") (mod "irccat.nix") (mod "josh.nix") (mod "journaldriver.nix") @@ -24,7 +26,7 @@ in (mod "paroxysm.nix") (mod "restic.nix") (mod "smtprelay.nix") - (mod "sourcegraph.nix") + (mod "teleirc.nix") (mod "tvl-buildkite.nix") (mod "tvl-slapd/default.nix") (mod "tvl-users.nix") @@ -228,10 +230,16 @@ in grafana.file = secretFile "grafana"; irccat.file = secretFile "irccat"; keycloak-db.file = secretFile "keycloak-db"; - nix-cache-priv.file = secretFile "nix-cache-priv"; owothia.file = secretFile "owothia"; panettone.file = secretFile "panettone"; smtprelay.file = secretFile "smtprelay"; + teleirc.file = secretFile "teleirc"; + + nix-cache-priv = { + file = secretFile "nix-cache-priv"; + mode = "0440"; + group = "harmonia"; + }; buildkite-agent-token = { file = secretFile "buildkite-agent-token"; @@ -304,6 +312,9 @@ in agentCount = 32; }; + # Run Markdown/code renderer + services.depot.cheddar.enable = true; + # Start a local SMTP relay to Gmail (used by gerrit) services.depot.smtprelay = { enable = true; @@ -345,7 +356,12 @@ in # Start the Gerrit->IRC bot services.depot.clbot = { enable = true; - channels = [ "#tvix-dev" "#tvl" ]; + channels = { + "#tvl" = { }; + "#tvix-dev" = { + only_display = "tvix,nix-compat,third_party,third-party,3p"; + }; + }; # See //fun/clbot for details. flags = { @@ -367,9 +383,6 @@ in }; services.depot = { - # Run a SourceGraph code search instance - sourcegraph.enable = true; - # Run a livegrep code search instance livegrep.enable = true; @@ -410,6 +423,9 @@ in }; }; + # Run the Telegram<>IRC bridge for Volga Sprint. + teleirc.enable = true; + # Run atward, the search engine redirection thing. atward.enable = true; @@ -467,11 +483,14 @@ in ]; }; - services.nix-serve = { + # Run a Harmonia binary cache. + # + # TODO(tazjin): switch to upstream module after fix for Nix 2.3 + services.depot.harmonia = { enable = true; - port = 6443; - secretKeyFile = config.age.secretsDir + "/nix-cache-priv"; - bindAddress = "localhost"; + signKeyPaths = [ (config.age.secretsDir + "/nix-cache-priv") ]; + settings.bind = "127.0.0.1:6443"; + settings.priority = 50; }; services.fail2ban.enable = true; @@ -607,7 +626,8 @@ in http-port = 5925; # kycl hostname = "auth.tvl.fyi"; http-relative-path = "/auth"; - proxy = "edge"; + proxy-headers = "xforwarded"; + http-enabled = true; }; database = { diff --git a/ops/modules/cheddar.nix b/ops/modules/cheddar.nix new file mode 100644 index 000000000000..8c3036978988 --- /dev/null +++ b/ops/modules/cheddar.nix @@ -0,0 +1,29 @@ +{ depot, config, pkgs, lib, ... }: + +let + cfg = config.services.depot.cheddar; + description = "cheddar - markdown/highlighting server"; +in +{ + options.services.depot.cheddar = with lib; { + enable = mkEnableOption description; + port = mkOption { + description = "Port on which cheddar should listen"; + type = types.int; + default = 4238; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.cheddar-server = { + inherit description; + wantedBy = [ "multi-user.target" ]; + script = "${depot.tools.cheddar}/bin/cheddar --listen 0.0.0.0:${toString cfg.port} --sourcegraph-server"; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + }; + }; + }; +} diff --git a/ops/modules/clbot.nix b/ops/modules/clbot.nix index bdddff6c810b..0a436a8749d0 100644 --- a/ops/modules/clbot.nix +++ b/ops/modules/clbot.nix @@ -7,6 +7,7 @@ let inherit (lib) listToAttrs + mapAttrsToList mkEnableOption mkIf mkOption @@ -25,13 +26,13 @@ let ${pkgs.systemd}/bin/systemd-escape '${name}' >> $out '')); - mkUnit = flags: channel: { + mkUnit = channel: channelFlags: { name = "clbot-${systemdEscape channel}"; value = { description = "${description} to ${channel}"; wantedBy = [ "multi-user.target" ]; - script = "${depot.fun.clbot}/bin/clbot ${mkFlags (cfg.flags // { + script = "${depot.fun.clbot}/bin/clbot ${mkFlags (cfg.flags // channelFlags // { irc_channel = channel; })} -alsologtostderr"; @@ -53,8 +54,8 @@ in }; channels = mkOption { - type = with types; listOf str; - description = "Channels in which to post (generates one unit per channel)"; + type = with types; attrsOf (attrsOf str); + description = "Channels in which to post (generates one unit per channel); nested attrs are used as extra flags to the service, which override the attrs in `flags`"; }; secretsFile = mkOption { @@ -77,6 +78,6 @@ in }; }; - systemd.services = listToAttrs (map (mkUnit cfg.flags) cfg.channels); + systemd.services = listToAttrs (mapAttrsToList mkUnit cfg.channels); }; } diff --git a/ops/modules/harmonia.nix b/ops/modules/harmonia.nix new file mode 100644 index 000000000000..ae0bdc2cf01e --- /dev/null +++ b/ops/modules/harmonia.nix @@ -0,0 +1,110 @@ +# This is a fork of the nixpkgs module for Harmonia, which adds compatibility +# with Nix 2.3. +# +# We will upstream this eventually. +{ config, pkgs, lib, ... }: +let + cfg = config.services.depot.harmonia; + format = pkgs.formats.toml { }; + + credentials = lib.imap0 + (i: signKeyPath: { + id = "sign-key-${builtins.toString i}"; + path = signKeyPath; + }) + cfg.signKeyPaths; +in +{ + options = { + services.depot.harmonia = { + enable = lib.mkEnableOption "Harmonia: Nix binary cache written in Rust"; + + signKeyPaths = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ]; + description = "Paths to the signing keys to use for signing the cache"; + }; + + package = lib.mkPackageOption pkgs "harmonia" { }; + + settings = lib.mkOption { + inherit (format) type; + default = { }; + description = '' + Settings to merge with the default configuration. + For the list of the default configuration, see <https://github.com/nix-community/harmonia/tree/master#configuration>. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.harmonia = { + isSystemUser = true; + group = "harmonia"; + }; + users.groups.harmonia = { }; + + systemd.services.harmonia = { + description = "harmonia binary cache service"; + + requires = [ "nix-daemon.socket" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + CONFIG_FILE = format.generate "harmonia.toml" cfg.settings; + SIGN_KEY_PATHS = lib.strings.concatMapStringsSep " " + ( + credential: "%d/${credential.id}" + ) + credentials; + # Note: it's important to set this for nix-store, because it wants to use + # $HOME in order to use a temporary cache dir. bizarre failures will occur + # otherwise + HOME = "/run/harmonia"; + }; + + serviceConfig = { + ExecStart = lib.getExe cfg.package; + User = "harmonia"; + Group = "harmonia"; + Restart = "on-failure"; + PrivateUsers = true; + DeviceAllow = [ "" ]; + UMask = "0066"; + RuntimeDirectory = "harmonia"; + LoadCredential = builtins.map (credential: "${credential.id}:${credential.path}") credentials; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "~@resources" + ]; + CapabilityBoundingSet = ""; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectHostname = true; + ProtectClock = true; + RestrictRealtime = true; + MemoryDenyWriteExecute = true; + ProcSubset = "pid"; + ProtectProc = "invisible"; + RestrictNamespaces = true; + SystemCallArchitectures = "native"; + PrivateNetwork = false; + PrivateTmp = true; + PrivateDevices = true; + PrivateMounts = true; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + LockPersonality = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; + LimitNOFILE = 65536; + }; + }; + }; +} + diff --git a/ops/modules/sourcegraph.nix b/ops/modules/sourcegraph.nix deleted file mode 100644 index cbf836ab64d5..000000000000 --- a/ops/modules/sourcegraph.nix +++ /dev/null @@ -1,60 +0,0 @@ -# Run sourcegraph, including its entire machinery, in a container. -# Running it outside of a container is a futile endeavour for now. -{ depot, config, pkgs, lib, ... }: - -let - cfg = config.services.depot.sourcegraph; -in -{ - options.services.depot.sourcegraph = with lib; { - enable = mkEnableOption "SourceGraph code search engine"; - - port = mkOption { - description = "Port on which SourceGraph should listen"; - type = types.int; - default = 3463; - }; - - cheddarPort = mkOption { - description = "Port on which cheddar should listen"; - type = types.int; - default = 4238; - }; - }; - - config = lib.mkIf cfg.enable { - # Run a cheddar syntax highlighting server - systemd.services.cheddar-server = { - wantedBy = [ "multi-user.target" ]; - script = "${depot.tools.cheddar}/bin/cheddar --listen 0.0.0.0:${toString cfg.cheddarPort} --sourcegraph-server"; - - serviceConfig = { - DynamicUser = true; - Restart = "always"; - }; - }; - - virtualisation.oci-containers.containers.sourcegraph = { - image = "sourcegraph/server:3.40.0"; - - ports = [ - "127.0.0.1:${toString cfg.port}:7080" - ]; - - volumes = [ - "/var/lib/sourcegraph/etc:/etc/sourcegraph" - "/var/lib/sourcegraph/data:/var/opt/sourcegraph" - ]; - - # TODO(tazjin): Figure out what changed in the protocol. - # environment.SRC_SYNTECT_SERVER = "http://172.17.0.1:${toString cfg.cheddarPort}"; - - # Sourcegraph needs a higher nofile limit, it logs warnings - # otherwise (unclear whether it actually affects the service). - extraOptions = [ - "--ulimit" - "nofile=10000:10000" - ]; - }; - }; -} diff --git a/ops/modules/teleirc.nix b/ops/modules/teleirc.nix new file mode 100644 index 000000000000..9f9ac059ce38 --- /dev/null +++ b/ops/modules/teleirc.nix @@ -0,0 +1,40 @@ +# Run the Telegram<>IRC sync bot for the Volga Sprint channel. +# +# This module is written in a pretty ad-hoc style, as it is sort of a +# throwaway thing (will be removed again after the event). +{ depot, config, lib, pkgs, ... }: + +let + cfg = config.services.depot.owothia; + description = "IRC<>Telegram sync for Volga Sprint channel"; + configFile = builtins.toFile "teleirc.env" '' + # connect through tvlbot's ZNC bouncer + IRC_SERVER="localhost" + IRC_PORT=2627 + IRC_USE_SSL=false + IRC_CHANNEL="#volgasprint" + IRC_BLACKLIST="tvlbot" + IRC_BOT_NAME="tvlbot" + IRC_BOT_REALNAME="TVL bot for Volga Sprint" + IRC_BOT_IDENT="tvlbot" + IRC_SEND_STICKER_EMOJI=false # look into this + TELEGRAM_CHAT_ID=-1002153072030 + ''; +in +{ + options.services.depot.teleirc.enable = lib.mkEnableOption description; + + config = lib.mkIf cfg.enable { + systemd.services.teleirc = { + inherit description; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + EnvironmentFile = "/run/agenix/teleirc"; + ExecStart = "${depot.third_party.teleirc}/bin/teleirc -conf ${configFile}"; + }; + }; + }; +} diff --git a/ops/modules/tvl-headscale.nix b/ops/modules/tvl-headscale.nix index a07021c78861..6e805e4ac728 100644 --- a/ops/modules/tvl-headscale.nix +++ b/ops/modules/tvl-headscale.nix @@ -22,11 +22,7 @@ settings = { server_url = "https://net.tvl.fyi"; - dns_config.nameservers = [ - "8.8.8.8" - "1.1.1.1" - "77.88.8.8" - ]; + dns.magic_dns = false; # TLS is handled by nginx tls_cert_path = null; diff --git a/ops/modules/www/cache.tvl.su.nix b/ops/modules/www/cache.tvl.su.nix index 99bc008cd6a5..27d1c06dd3a7 100644 --- a/ops/modules/www/cache.tvl.su.nix +++ b/ops/modules/www/cache.tvl.su.nix @@ -17,13 +17,8 @@ alias /run/agenix/nix-cache-pub; } - location = /nix-cache-info { - add_header Content-Type text/plain; - return 200 "StoreDir: /nix/store\nWantMassQuery: 1\nPriority: 50\n"; - } - location / { - proxy_pass http://localhost:${toString config.services.nix-serve.port}; + proxy_pass http://${config.services.depot.harmonia.settings.bind}; } ''; }; diff --git a/ops/modules/www/cs.tvl.fyi.nix b/ops/modules/www/cs.tvl.fyi.nix index fac814baf064..9555acf9ac47 100644 --- a/ops/modules/www/cs.tvl.fyi.nix +++ b/ops/modules/www/cs.tvl.fyi.nix @@ -1,3 +1,5 @@ +# This configuration redirects from the previous Sourcegraph instance to +# livegrep/cgit where appropriate. { config, ... }: { @@ -13,17 +15,50 @@ forceSSL = true; extraConfig = '' - location = / { - return 301 https://cs.tvl.fyi/depot; + set $lineno ""; + + # depot root + location = /depot { + return 301 https://code.tvl.fyi/tree/; } - location / { - proxy_set_header X-Sg-Auth "Anonymous"; - proxy_pass http://localhost:${toString config.services.depot.sourcegraph.port}; + # folder/file on canon + location ~ ^/depot/-/(blob|tree)/([^\s]*)$ { + set $path $2; + if ($args ~ ^L(\d+)(-\d+)?$) { + set $lineno "#n$1"; + } + + return 302 https://code.tvl.fyi/tree/$path$lineno; + } + + # folder/file on specific commit + location ~ ^/depot@([a-f0-9]+)/-/(blob|tree)/([^\s]*)$ { + set $commit $1; + set $path $3; + + if ($args ~ ^L(\d+)(-\d+)?$) { + set $lineno "#n$1"; + } + + return 302 https://code.tvl.fyi/tree/$path?id=$commit$lineno; + } + + # commit info + location ~ ^/depot/-/commit/([a-f0-9]+)$ { + set $commit $1; + return 302 https://code.tvl.fyi/commit/?id=$commit; } - location /users/Anonymous/settings { - return 301 https://cs.tvl.fyi; + # search handler + # This only redirects to the new search, it doesn't try to parse and + # rewrite the query. + location /search { + return 302 https://grep.tvl.fyi/search; + } + + location / { + return 404 "TVL code search has moved to grep.tvl.fyi and we could not figure out how to rewrite your query. Sorry!"; } ''; }; diff --git a/ops/modules/www/tazj.in.nix b/ops/modules/www/tazj.in.nix deleted file mode 100644 index 47eefca2a622..000000000000 --- a/ops/modules/www/tazj.in.nix +++ /dev/null @@ -1,54 +0,0 @@ -# serve tazjin's website & blog -{ depot, config, lib, pkgs, ... }: - -{ - imports = [ - ./base.nix - ]; - - config = { - services.nginx.virtualHosts."tazj.in" = { - enableACME = true; - forceSSL = true; - root = depot.users.tazjin.homepage; - serverAliases = [ "www.tazj.in" ]; - - extraConfig = '' - location = /en/rss.xml { - return 301 https://tazj.in/feed.atom; - } - - ${depot.users.tazjin.blog.oldRedirects} - location /blog/ { - alias ${depot.users.tazjin.blog.rendered}/; - - if ($request_uri ~ ^/(.*)\.html$) { - return 302 /$1; - } - - try_files $uri $uri.html $uri/ =404; - } - - location = /predlozhnik { - return 302 https://predlozhnik.ru; - } - - # redirect for easier entry on a TV - location = /tv { - return 302 https://tazj.in/blobs/play.html; - } - - # Temporary place for serving static files. - location /blobs/ { - alias /var/lib/tazjins-blobs/; - } - ''; - }; - - services.nginx.virtualHosts."git.tazj.in" = { - enableACME = true; - forceSSL = true; - extraConfig = "return 301 https://code.tvl.fyi$request_uri;"; - }; - }; -} diff --git a/ops/pipelines/static-pipeline.yaml b/ops/pipelines/static-pipeline.yaml index af4f9d784e60..090518423eb3 100644 --- a/ops/pipelines/static-pipeline.yaml +++ b/ops/pipelines/static-pipeline.yaml @@ -50,7 +50,7 @@ steps: - label: ":llama:" key: "pipeline-gen" concurrency_group: 'depot-nix-eval' - concurrency: 5 # much more than this and whitby will OOM + concurrency: 3 # much more than this and whitby will OOM command: | set -ue @@ -88,10 +88,12 @@ steps: continue_on_failure: true # Exit with success or failure depending on whether any other steps - # failed. + # failed (but not retried). # # This information is checked by querying the Buildkite GraphQL API - # and fetching the count of failed steps. + # and fetching all failed steps, then filtering out the ones that were + # retried (retried jobs create new jobs, which would also show up in the + # query). # # This step must be :duck: (yes, really!) because the post-command # hook will inspect this name. @@ -109,8 +111,8 @@ steps: readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \ --silent \ -H "Authorization: Bearer $(cat ${BUILDKITE_TOKEN_PATH})" \ - -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \ - jq -r '.data.build.jobs.count') + -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false, first: 500 ) { edges { node { ... on JobTypeCommand { retried } } } } } }\"}" | \ + jq -r '.data.build.jobs.edges | map(select(.node.retried == false)) | length') echo "$$FAILED_JOBS build jobs failed." diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix index 5cbf2bf612a2..bc32d23597dd 100644 --- a/ops/secrets/secrets.nix +++ b/ops/secrets/secrets.nix @@ -9,6 +9,12 @@ let # zamalek "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBRXeb8EuecLHP0bW4zuebXp4KRnXgJTZfeVWXQ1n1R" + + # khamovnik + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1ptE5HvGSXxSXo+aHBTKa5PBlAM1HqmpzWz0yAhHLj" + + # arbat + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1Eai0p7eF7XML5wokqF4GlVZM+YXEORfs/GPGwEky7" ]; aspen = [ @@ -47,6 +53,7 @@ in "owothia.age" = whitbyDefault; "panettone.age" = whitbyDefault; "smtprelay.age" = whitbyDefault; + "teleirc.age" = whitbyDefault; "tf-buildkite.age" = terraform; "tf-glesys.age" = terraform; "tf-keycloak.age" = terraform; diff --git a/ops/secrets/teleirc.age b/ops/secrets/teleirc.age new file mode 100644 index 000000000000..ebc88fc9ef1d --- /dev/null +++ b/ops/secrets/teleirc.age Binary files differdiff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age index 237b9377bd79..7d470a6a304e 100644 --- a/ops/secrets/tf-keycloak.age +++ b/ops/secrets/tf-keycloak.age Binary files differdiff --git a/ops/terraform/deploy-nixos/README.md b/ops/terraform/deploy-nixos/README.md index fd0bd1b4423a..2580a7c0e102 100644 --- a/ops/terraform/deploy-nixos/README.md +++ b/ops/terraform/deploy-nixos/README.md @@ -25,8 +25,17 @@ deploy is necessary. ```terraform module "deploy_somehost" { + # Clone just this directory through josh. Add a `ref=` parameter to pin to a specific commit. source = "git::https://code.tvl.fyi/depot.git:/ops/terraform/deploy-nixos.git" + + # The attribute.path pointing to the expression to instantiate. attrpath = "ops.nixos.somehost" + + # The path to the Nix file to invoke. Optional. + # If omitted, will shell out to git to determine the repo root, and Nix will + # use `default.nix` in there. + entrypoint = "${path.module}/../../somewhere.nix" + target_host = "somehost.tvl.su" target_user = "someone" target_user_ssh_key = tls_private_key.somehost.private_key_pem @@ -37,9 +46,6 @@ module "deploy_somehost" { Several things can be improved about this module, for example: -* The repository root (relative to which the attribute path is evaluated) could - be made configurable. - * The remote system closure could be discovered to restore remote system state after manual deploys on the target (i.e. "stomping" of changes). diff --git a/ops/users/default.nix b/ops/users/default.nix index a50575f3fb41..a94f355e0f68 100644 --- a/ops/users/default.nix +++ b/ops/users/default.nix @@ -22,6 +22,16 @@ password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$5NEYPJ19nDITK5sGr4bzhQ$Xzpzth6y4w+HGvioHiYgzqFiwMDx0B7HAh+PVbkRuuk"; } { + username = "azahi"; + email = "azat@bahawi.net"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$BVRzgfs8YIorOTq62B00CQ$5UXHyG/Ivn5TqB7UNgfjYJMxTjun3NDvAStWFom4oas"; + } + { + username = "chickadee"; + email = "matthewktromp@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$HoZjVdJ90JmTEJf1MMLuDg$5Pa8kpJdFVsIxgoOTDsH0gv6CLumSIkMqYEn5UVfjwU"; + } + { username = "cschilling"; email = "christian.schilling.de@gmail.com"; password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$9VN3IS6ViW5FFbVKWOZI6Q$gZxuYAYk0Opq4E5i8cbcNjfznCQNc+RiP7Xv1CUnrQU"; @@ -32,11 +42,21 @@ password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk"; } { + username = "domenkozar"; + email = "domen@cachix.org"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$c9WgMrTqPJZenOr5+wlnnQ$XOpRZRTkduzP2+NJBxkg2jhffurg7PDla4/RoAyclwI"; + } + { username = "edef"; email = "edef@edef.eu"; password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0"; } { + username = "elle"; + email = "lnajt4@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$b5Bfq6u+fEKbtpixOl+yPw$nCyTLbSDYsw30ZiSxhJ6N99IIPQAnS2XRNlpEx9os+0"; + } + { username = "ericvolp12"; email = "ericvolp12@gmail.com"; password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk"; @@ -107,6 +127,16 @@ password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4"; } { + username = "marijan"; + email = "marijan.petricevic94@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$KG+6Kx+qi5FA4JmBgIOBDA$bQm9u/9A5VbpVmNuMDqJa+iDCU0JCyboevQ3eEzlMdE"; + } + { + username = "mrflos"; + email = "mrflos@yeswiki.pro"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$/D1y+6n3+0GigG9mCMqK8A$9PseWm3+QATxN/M3Wu4JM+CnIppLD/LbQaVEKLItv9o"; + } + { username = "noteed"; email = "noteed@gmail.com"; password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$rcLfF9xXysSx5sahVQLiMA$EgRgAVXn8+r2Csa3XgIHIEBf3hX4Y58pOHf2eDaBUnA"; @@ -149,6 +179,11 @@ password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y"; } { + username = "yl3dy"; + email = "aleksandr.kiselyov@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$vPvOa0/7RzDLuD/icQuIzQ$IVMSI7hh/frihuL11sNRj6Jz8TTn1wZZHjZZGszz3pI"; + } + { username = "implr"; email = "implr@hackerspace.pl"; password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ"; @@ -239,4 +274,39 @@ email = "benjaminedwardwebb@gmail.com"; password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$kdFNmxgIGsF8TkB/GoPy1A$GUXd3M35Jqxqlfra4gPCcFW3ehE0RVrlHOzaoD7Pu7s"; } + { + username = "fmzakari"; + email = "farid.m.zakaria@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$NzSX6x2+mApMvhNrvVIWaQ$/GUwbj+6GUyJL8XSgxTThc3TmVTM4WLQ+6KMC4NwovE"; + } + { + username = "toastal"; + email = "toastal@posteo.net"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$txwVjPn9kKPUgsZnPtpyaA$pE0ISDGScCE4JCKcmbnzC+GZZ4PP6MqKJKmR/sxo6TY"; + } + { + username = "sinavir"; + email = "tvix@sinavir.fr"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$5GXvoN/enVljV97yE/Zasg$OrgY9/ge2LoxNm9OOqxh/kKLxoAvU54MbQa9WWiT0jY"; + } + { + username = "emery"; + email = "emery@dmz.rs"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$b2k5UpTJafqM7yjHfVRjBg$zFGy/ZeI9Hb71TUfJwFp7qDKyUl8tdyFDUK1uNBYfUI"; + } + { + username = "aziz"; + email = "abd.aziz89@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$xTvdtTF+gavMfF8556CiiQ$IshnauhlEr80skpv5s6ueJLkQxlynzBt6oCp3cQrNCY"; + } + { + username = "nikiv"; + email = "nikita@nikiv.dev"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$79mMAD2XYa5dg7D9ueWMpw$Edf5WODrFpkNDyWaMdLKcgcErFLx4khmPIk8wzmYGUE"; + } + { + username = "ein-shved"; + email = "mestofel13@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=19456,t=2,p=1$D4wzfJoyFye48QNdrC66VA$aBJ/ZaL+rTgXoQa/nFdpHap3G/Oju8WlHaWTii95X8E"; + } ] |