Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-02-21 | feat(cgit/ui-blame): bail if blob is binary | C. McEnroe | 1 | -0/+4 | |
This avoids piping binary blobs through the source-filter. | |||||
2020-02-21 | r/567 fix(ops/nixos/camden): Add missing quote in nginx config | Vincent Ambo | 1 | -1/+1 | |
2020-02-21 | r/566 feat(ops/nixos/camden): Modify nginx log format | Vincent Ambo | 1 | -8/+8 | |
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver. | |||||
2020-02-21 | r/565 fix(ops/nixos/camden): Configure nginx to not log hostnames | Vincent Ambo | 1 | -1/+1 | |
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries. | |||||
2020-02-21 | r/564 feat(ops/nixos/camden): Install jq | Vincent Ambo | 1 | -0/+1 | |
2020-02-21 | r/563 feat(ops/nixos/camden): Forward logs to Stackdriver Logging | Vincent Ambo | 1 | -0/+8 | |
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually. | |||||
2020-02-21 | r/562 chore(ops/nixos/nugget): Remove input-fonts package | Vincent Ambo | 1 | -1/+0 | |
My default font is now Jetbrains Mono everywhere. | |||||
2020-02-21 | r/561 fix(fun/amsterdump): Fix call to os.Getenv | Vincent Ambo | 1 | -1/+1 | |
Not sure how this broken version ended up committed ... | |||||
2020-02-21 | r/560 feat(build): Add //fun and //ops/nixos projects to CI builds | Vincent Ambo | 1 | -8/+13 | |
2020-02-21 | r/559 chore: Rename pkgs->depot in all Nix file headers | Vincent Ambo | 113 | -349/+318 | |
2020-02-21 | r/558 refactor: Pass the depot as an argument named 'depot' | Vincent Ambo | 1 | -3/+7 | |
This change, which I've been meaning to do for a while, renames the attributes passed by readTree to things in the tree so that: * the depot root is now 'depot' * depot.third_party is additionally passed as 'pkgs' (for compatibility with exported subtrees) | |||||
2020-02-17 | r/557 Merge branch 'fix/camden-trusted-users' | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | fix(ops/nixos/camden): Add myself to trusted Nix users | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/556 fix(ops/nixos/camden): Use pounce from //third_party | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | r/555 chore(third_party/pounce): Override version to 1.1 | Vincent Ambo | 2 | -1/+19 | |
This has not yet propagated to nixos-unstable | |||||
2020-02-17 | r/554 chore(third_party): Bump nixos-unstable | Vincent Ambo | 1 | -3/+3 | |
2020-02-17 | r/553 feat(ops/nixos/camden): Install pounce on camden | Vincent Ambo | 1 | -1/+8 | |
2020-02-17 | r/552 feat(ops/nixos/camden): Enable support for mosh | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/551 Merge branch 'feat/camden-migration' | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames | Vincent Ambo | 1 | -1/+1 | |
2020-02-14 | r/550 refactor(ops/nixos/camden): Merge ACME certificate blocks | Vincent Ambo | 1 | -11/+7 | |
2020-02-14 | r/549 feat(camden): Move to actual tazj.in hostnames | Vincent Ambo | 1 | -4/+15 | |
2020-02-12 | r/548 feat(ops/nixos/nugget): Add camden to /etc/hosts | Vincent Ambo | 1 | -0/+7 | |
At the moment there is no other way for requests from nugget to camden to resolve correctly, as the Hyperoptic router is eating this traffic on the LAN. | |||||
2020-02-12 | r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden | Vincent Ambo | 1 | -0/+21 | |
2020-02-12 | r/546 feat(ops/nixos/camden): Move ACME configuration out of nginx | Vincent Ambo | 1 | -4/+13 | |
This makes it possible to re-use the same provisioning mechanism for multiple related domains. | |||||
2020-02-12 | r/545 feat(ops/nixos/camden): Set up cgit service | Vincent Ambo | 1 | -5/+27 | |
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. | |||||
2020-02-12 | r/544 refactor(web/cgit-taz): Serve depot from disk location on camden | Vincent Ambo | 1 | -4/+3 | |
2020-02-11 | r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config type | Vincent Ambo | 2 | -11/+24 | |
2020-02-11 | r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs | Vincent Ambo | 1 | -1/+5 | |
This directory is writeable by me and is intended to make it easy to serve random blobs. | |||||
2020-02-11 | r/541 feat(ops/nixos/camden): Enable haveged entropy "generator" | Vincent Ambo | 1 | -3/+4 | |
2020-02-11 | r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blog | Vincent Ambo | 1 | -0/+53 | |
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later. | |||||
2020-02-11 | r/539 refactor(web): Let //web/ derivations build static pages only | Vincent Ambo | 3 | -93/+14 | |
Removes nginx configuration built by the web targets (with the exception of the includable block used to set up redirects for old blog URLs). | |||||
2020-02-11 | r/538 fix(ops/nixos/camden): Use package set from depot pin | Vincent Ambo | 1 | -2/+9 | |
2020-02-11 | r/537 feat(nix/tailscale): Add function for generating tailscale ACLs | Vincent Ambo | 2 | -1/+27 | |
... and use it on Camden! | |||||
2020-02-11 | r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh | Vincent Ambo | 1 | -3/+21 | |
2020-02-11 | r/535 fix(ops/nixos): Add camden to rebuilder script | Vincent Ambo | 1 | -0/+4 | |
This should probably be templated instead. | |||||
2020-02-11 | r/534 feat(ops/nixos): Add initial configuration for host camden | Vincent Ambo | 3 | -7/+96 | |
2020-02-11 | r/533 feat(ops/nixos/nugget): Enable tailscale-relay | Vincent Ambo | 1 | -0/+12 | |
2020-02-11 | r/532 feat(ops/nixos): Add NixOS module for running tailscale | Vincent Ambo | 2 | -0/+78 | |
This uses the "legacy" tailscale Linux client, but built from source as per the previous commits. | |||||
2020-02-11 | r/531 fix(third_party/tailscale): Add patch to make taillogin work | Vincent Ambo | 2 | -0/+30 | |
2020-02-11 | r/530 chore(ops/nixos/nugget): Install tailscale on nugget | Vincent Ambo | 1 | -0/+1 | |
2020-02-11 | r/529 fix(third_party/tailscale): Add default relaynode acl.json to output | Vincent Ambo | 1 | -1/+6 | |
2020-02-10 | r/528 fix(third_party/tailscale): Build all sub-packages | Vincent Ambo | 1 | -0/+2 | |
At the moment it seems like all of them are still required - things are in flux! | |||||
2020-02-10 | r/527 feat(third_party): Add package for tailscale | Vincent Ambo | 2 | -0/+33 | |
Adds a package for the now-opensourced tailscale client tailscale client. | |||||
2020-02-10 | r/526 docs(web/blog): Add some TODO entries for the draft | Vincent Ambo | 1 | -1/+17 | |
2020-02-10 | r/525 docs(web/blog): Rewrite some style issues in the Emacs post | Vincent Ambo | 1 | -35/+35 | |
2020-02-10 | r/524 feat(web/blog): Add draft blog post on Emacs | Vincent Ambo | 2 | -0/+223 | |
This post is a draft, i.e. not linked from the index. It's not a secret, but if you do find it through this commit before its publication please don't share it too widely yet. | |||||
2020-02-10 | r/523 style(web/homepage): Highlight <kbd> elements like buttons | Vincent Ambo | 1 | -0/+14 | |
2020-02-10 | r/522 fix(web/homepage): Make .uncoloured-link work again | Vincent Ambo | 1 | -0/+4 | |
2020-02-09 | r/521 feat(web/blog): Add support for draft & unlisted posts | Vincent Ambo | 2 | -8/+39 | |
Posts with either `draft = true;` or `listed = false;` will no longer be included in index generation and will have a warning callout inserted at the top of the page urging people not to share the links to them. |