Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2019-09-04 | chore: Update kontemplate to v1.8.0 | Vincent Ambo | 1 | -4/+13 | |
This version is agnostic of the working directory even if insertFile/insertTemplate are used, which makes it a lot nicer to work with in this repository structure. | |||||
2019-09-04 | fix(k8s): Move nixery-secrets to the correct namespace | Vincent Ambo | 1 | -6/+5 | |
2019-09-03 | r/80 Merge pull request #5 from tazjin/feat/cloud-kms-secrets | Vincent Ambo | 14 | -15/+129 | |
Introduce secrets management via Google Cloud KMS | |||||
2019-09-03 | feat(k8s): Insert Nixery's secrets via kontemplate | Vincent Ambo | 5 | -4/+25 | |
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now. | |||||
2019-09-03 | feat(secrets): Check in secrets required by Nixery | Vincent Ambo | 3 | -0/+0 | |
2019-09-03 | feat(tools): Introduce pass-compatible wrapper using Cloud KMS | Vincent Ambo | 5 | -0/+78 | |
Adds a shell script that supports a subset of the 'pass' interface for compatibility with kontemplate, and wraps kontemplate in a script that places this version on the PATH. This makes it possible to use Cloud KMS encrypted secrets with kontemplate. | |||||
2019-09-03 | feat(gcp): Create Cloud KMS resources for encrypting secrets | Vincent Ambo | 1 | -8/+28 | |
The idea here is to use Cloud KMS and a shell script that mimics 'pass' to trick kontemplate into using Cloud KMS to decrypt secrets. | |||||
2019-09-03 | chore(gcp): Remove monorepo repository | Vincent Ambo | 1 | -5/+0 | |
The repository is now public on Github. | |||||
2019-09-03 | r/79 Merge pull request #4 from tazjin/fix/blog-substitutes | Vincent Ambo | 1 | -6/+10 | |
fix(tazblog): Explicitly allow substitutes for the blog | |||||
2019-09-03 | fix(tazblog): Explicitly allow substitutes for the blog | Vincent Ambo | 1 | -6/+10 | |
Not entirely sure which part of the setup set this to 'false', but this is potentially the key for why tazblog ends up being rebuilt all the time. | |||||
2019-09-03 | r/78 chore(k8s): Update deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-03 | r/77 chore(third_party): Bump Nixery version | Vincent Ambo | 1 | -3/+3 | |
2019-09-02 | r/76 Merge pull request #3 from tazjin/chore/pin-travis-nix | Vincent Ambo | 7 | -95/+1 | |
Pin Nix version in Travis builds | |||||
2019-09-02 | chore(tazblog): Clean up unneeded files | Vincent Ambo | 5 | -76/+0 | |
2019-09-02 | chore(gemma): Delete old image build configuration | Vincent Ambo | 1 | -19/+0 | |
2019-09-02 | chore: Pin Nix version in Travis builds | Vincent Ambo | 1 | -0/+1 | |
There are some unexpected cache misses in the Travis builds and I suspect this might be due to mismatching Nix versions. | |||||
2019-09-02 | r/75 fix(k8s): Add nginx route for load-balancer health checks | Vincent Ambo | 3 | -3/+11 | |
2019-09-02 | r/74 chore(third_party): Remove git-appraise | Vincent Ambo | 43 | -7327/+0 | |
Not actually in use here ... | |||||
2019-09-02 | r/73 Merge pull request #2 from tazjin/refactor/nixos-nginx-cleanup | Vincent Ambo | 14 | -3793/+110 | |
Remove old NixOS config and move oslo.pub | |||||
2019-09-02 | fix(k8s): nginx does not need to be pinned to gitHEAD | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | chore(k8s): Point Nixery at public depot URL | Vincent Ambo | 1 | -2/+1 | |
2019-09-02 | feat(k8s): Route oslo.pub to nginx in ingress | Vincent Ambo | 1 | -1/+9 | |
2019-09-02 | feat(k8s): Add nginx instance for oslo.pub redirect | Vincent Ambo | 3 | -0/+92 | |
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting. | |||||
2019-09-02 | chore(k8s): Provision certificate for oslo.pub | Vincent Ambo | 1 | -0/+5 | |
2019-09-02 | feat(tools): Add stern, a k8s log watcher | Vincent Ambo | 2 | -0/+4 | |
2019-09-02 | chore(infra): Remove NixOS configuration for servers | Vincent Ambo | 8 | -3791/+0 | |
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration. | |||||
2019-09-02 | r/72 Merge pull request #1 from tazjin/feat/travis-ci | Vincent Ambo | 5 | -4/+30 | |
Add Travis CI configuration | |||||
2019-09-02 | chore: Catch all Nix results in gitignore | Vincent Ambo | 1 | -0/+1 | |
2019-09-02 | docs: Add crude top-level README | Vincent Ambo | 1 | -0/+15 | |
2019-09-02 | refactor(blog): Use callPackage to import derivation | Vincent Ambo | 2 | -4/+4 | |
2019-09-02 | feat: Add Travis CI configuration | Vincent Ambo | 1 | -0/+10 | |
Adds a configuration that builds all of my own services and pushes the resulting closures to Cachix. | |||||
2019-09-02 | r/71 chore: Remove leftover Bazel files | Vincent Ambo | 1 | -2/+0 | |
2019-09-02 | r/70 fix(gemma): Fix build process in Nix | Vincent Ambo | 2 | -51/+28 | |
2019-09-02 | r/69 feat(third_party): Add missing Quicklisp packages for Gemma | Vincent Ambo | 5 | -0/+115 | |
Gemma depends on cl-prevalence, which isn't in the nixpkgs Quicklisp snapshot. This adds the package and its dependencies to the overlay. | |||||
2019-09-02 | r/68 fix: Correct naming of variables in overlay function | Vincent Ambo | 1 | -9/+9 | |
2019-08-27 | r/67 feat(k8s): Configure HTTPS ingress for the blog | Vincent Ambo | 3 | -0/+29 | |
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup. | |||||
2019-08-27 | r/66 feat(k8s): Add Google managed TLS certificates | Vincent Ambo | 2 | -0/+19 | |
Introduces certificates for tazj.in & www.tazj.in. | |||||
2019-08-25 | r/65 chore(tazblog): Clean up unused dependencies | Vincent Ambo | 2 | -28/+17 | |
2019-08-25 | r/64 refactor(tazblog): Implement HLint lints in all files | Vincent Ambo | 5 | -15/+13 | |
2019-08-25 | r/63 chore(tazblog): Remove i18n features | Vincent Ambo | 7 | -164/+77 | |
The blog has been English only for a few years. Old entries that survived the migration to DNS will still be accessible. | |||||
2019-08-25 | r/62 chore(tazblog): Remove 'read more' feature | Vincent Ambo | 3 | -15/+7 | |
2019-08-25 | r/61 chore(tools): Remove ormolu from tools | Vincent Ambo | 2 | -4/+0 | |
The Ormolu derivation is too large to be instantiated on-demand. I've resorted to installing this tool into my profile instead. | |||||
2019-08-25 | r/60 chore(tazblog): Format source files with ormolu | Vincent Ambo | 5 | -151/+187 | |
Ormolu's formatting is quite annoying (it uses a lot of unnecessary vertical space and doesn't align elements), but I can't be bothered to do manual formatting - especially because whatever formatting haskell-mode in Emacs produces seems to depend on an opaque state machine or something. | |||||
2019-08-25 | r/59 feat(build): Add Terraform from unstable channel | Vincent Ambo | 1 | -7/+18 | |
2019-08-25 | r/58 chore(gcp): Enable Cloud DNS service | Vincent Ambo | 1 | -0/+1 | |
2019-08-23 | r/57 fix(gemma): Almost fix Gemma build by porting an old Elm | Vincent Ambo | 2 | -8/+15 | |
This pulls in an old version of Elm from NixOS 17.09 which can still build the Elm code in Gemma. However, the Common Lisp build is now broken in some other way. | |||||
2019-08-23 | r/56 chore(k8s): More tazblog replicas | Vincent Ambo | 1 | -1/+1 | |
2019-08-23 | r/55 refactor(tazblog): Move blog configuration to envvars | Vincent Ambo | 2 | -22/+24 | |
The port and resource directory are now specified via environment variables and a wrapper script is created by Nix that sets the resource path and so on correctly. | |||||
2019-08-23 | r/54 fix(tazblog): Remove debug trace | Vincent Ambo | 1 | -2/+1 | |
2019-08-23 | r/53 fix(blog_cli): Quote JSON output for post dates | Vincent Ambo | 1 | -2/+6 | |