about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2022-01-04 r/3519 chore(3p/overlays/emacs): 2021-12-07 -> 2022-01-04sterni1-3/+3
Change-Id: Ib2cbb2f531488e4e86d63e94b163864924c9189f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4783 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-04 r/3518 feat(ops): Add initial oauth2_proxy configurationVincent Ambo4-0/+58
The intent is to configure oauth2_proxy pointing at Keycloak to enable usage with nginx auth_request directives. I want to expose this as a function from within the module in which nginx server configuration blocks can be wrapped, but the function for that is currently a placeholder. Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3517 chore(ops): Remove login.tvl.fyi moduleVincent Ambo2-25/+0
It looks like we won't need this for oauth2_proxy when combined with nginx auth_request setups. Change-Id: I2294aee6226b4f64a27bf6592c2d18092d0268cc Reviewed-on: https://cl.tvl.fyi/c/depot/+/4766 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3516 fix(emacs-pkgs/nix-util): Fix nix/sly-from-depot functionVincent Ambo1-6/+4
A formatting error broke this at some point (the let clauses were outside of the definition list). Change-Id: Iaa2dc9ad02d2f7e909ca9bf28705e782ad26060b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4765 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3515 feat(grfn/home): Use mold as rust linkerGriffin Smith1-0/+4
This is *way* faster, as advertised Change-Id: Iad452dc3b3b768331d7de0421f768f82e9b76a60 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4785 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2022-01-04 r/3514 fix: address warnings for renamed security.acme.email optionsterni2-2/+2
Can no longer be null and has been renamed to security.acme.defaults.email: https://github.com/nixos/nixpkgs/commit/377c6bcefce8e8ccd471892a1b24621d5a909457 Change-Id: Icac9506185da176365369ed3c7db3c71ffc90b1b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4784 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
2022-01-03 r/3513 chore(3p): bump NixOS channels to 2022-01-02sterni1-6/+6
Change-Id: Ie6882b17380388e20c8d1e9406279c96283b936f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4757 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-02 r/3512 fix(ops/pipelines): Realise anchor derivation for rootingVincent Ambo2-4/+4
Turns the anchor derivation into something that can actually be built (a call creating a propagated build inputs file), and builds it. This should fix the anchoring logic we have on canon. Change-Id: If6a7662b82e2e396388980f65e332cf67a45b46e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4763 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-02 r/3511 refactor(ops/keycloak): Split out clients & user-sourcesVincent Ambo3-106/+113
Without some kind of physical organisation it's a little difficult to understand whether things are going "in" (supplying users to Keycloak) or "out" (getting auth/user info from Keycloak). Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-01-02 r/3510 fix(ops/pipelines): Remove duplicated wait stepVincent Ambo1-4/+0
This now happens in //nix/buildkite instead Change-Id: Ie9e239ee4f28ac34aa4d3279dac55d70a2cb9d86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4764 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-01 r/3509 refactor(modules/smtprelay): Load credentials via agenixVincent Ambo2-7/+15
Change-Id: I56f6887e1fd35551cfc83ad08cafebb611f4a341 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4760 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
2022-01-01 r/3508 feat(ops/secrets): Add smtprelay credentialsVincent Ambo2-0/+15
Change-Id: I489e611a3fb19b4a374a563aa1afd81a130b2e7f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4759 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <mail@tazj.in>
2022-01-01 r/3507 chore(web/atward): Bump all dependenciesVincent Ambo2-477/+115
Change-Id: I4a79204e50cf519dce729e5c86bc397b82715008 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4758 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-01 r/3506 feat(3p/smtprelay): ed1c3a9 -> 1.7.0sterni1-5/+6
Change-Id: Ieac5bb499a9c3281ed8b9de8cf4551e5eea6f2b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4761 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-12-30 r/3505 refactor(zseri/s-r-sc): use inner while loop to improve perfzseri1-8/+9
Change-Id: I13e95b91351af33c2452f1c4de45cc47aeae1dc0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4745 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de>
2021-12-30 r/3504 feat(zseri/s-r-sc): tune fuzzer release profilezseri1-0/+5
Change-Id: I85b0066574b45490d61ed1edf29587689ba63c6d Reviewed-on: https://cl.tvl.fyi/c/depot/+/4744 Reviewed-by: zseri <zseri.devel@ytrizja.de> Autosubmit: zseri <zseri.devel@ytrizja.de> Tested-by: BuildkiteCI
2021-12-30 r/3503 feat(grfn/bbbg): Filter signup form by rsvpd attendingGriffin Smith1-17/+20
Change-Id: Icf40fb125cc3fe9e1c70de2ac253d70349a213d2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4743 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-12-30 r/3502 feat(grfn/bbbg): Add "RSVP" column to event attendeesGriffin Smith1-1/+11
Also sort, first by rsvp, then by signed in, then by last check, then by name Change-Id: I15d2e4a5693290d9c1cfd09196982e7a6957a138 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4742 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-12-29 r/3501 feat(wpcarro/scratch): Upload my solutions to cryptopalsWilliam Carroll6-0/+409
More beginner problems/solutions for CTF-style challenges. Change-Id: Ide229e99e3ccc1ede5a5ca1c2ad039498e49ea4c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4740 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-29 r/3500 feat(wpcarro/scratch): Upload my solutions to picoCTF challengesWilliam Carroll9-0/+107
Just getting my feet wet... Change-Id: Ia1db0c69fe7d5ea5cb5585853d0688ef97f2680a Reviewed-on: https://cl.tvl.fyi/c/depot/+/4739 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-29 r/3499 feat(wpcarro/terraform): Attach 100GB external disk to VMWilliam Carroll1-0/+11
I'm mimmicking the setup of diogenes-1 until I switch everything over to the terraform-defined diogenes. Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de> Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 r/3498 feat(wpcarro/terraform): Support SSHWilliam Carroll1-5/+8
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn for the pointers. Problem: When I originally setup my Google VM, I followed this tutorial, https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing `nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l gs://nixos-images`). Critically, I missed this important footnote: > NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and > will instead need to be found at > <nixpkgs/nixos/modules/virtualisation/gce-images.nix>. It turns out that *newer* images include this script... https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash ...which reads the key, "sshKeys", from the Google metadata server and copies the value into /root/.ssh/authorized_keys. To make matters a bit misleading, the NixOS script expects the key to be "sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both versions appear in this commit). TL;DR: - upgrading to a newer NixOS image - adding an empty access_config block so Google will assign my VM an external IP - removing oslogin (not necessary to do, and I may add it back later) - adding my public SSH key as metadata Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 r/3497 feat(wpcarro/marcus): Support home-managerWilliam Carroll3-0/+87
For now: - git confg - picom: X compositor - dunst: system notifications (not working for quassel) I still need to port various configs and ensure I support both gLinux and NixOS machines. Change-Id: I31a635eaacac25ef6219e079fc968d2ece026a5f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4736 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-29 r/3496 docs(zseri): Add RFC document dbwospof.mdzseri1-0/+112
Title: distributed builds without single points-of-failure Change-Id: I54275ea75d7e29269162f6158743d64d17f79915 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4550 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de> Autosubmit: zseri <zseri.devel@ytrizja.de>
2021-12-28 r/3495 fix(ops/keycloak): redefine buildkite client, correctly this timeVincent Ambo1-15/+26
This client definition was previously nonsense. What happened is that I accidentally imported the client as an OIDC client, which Keycloak accepted because apparently those are the same entities on the API level, and that ended up getting mangled into some broken hybrid shape by Terraform. This sets up the Buildkite provider again but with the correct SAML configuration this time. Change-Id: Id7ba318984d2fcc9e2ca91ed45ccbfd227278bbe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4731 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <mail@tazj.in>
2021-12-28 r/3494 feat(sterni/aoc/2021): day 10 solutionsterni1-0/+45
Change-Id: I5feb7187bd9aee45478aa5759e94df49e92565bf Reviewed-on: https://cl.tvl.fyi/c/depot/+/4734 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-12-28 r/3493 feat(sterni/aoc/2021): day 11 solutionsterni1-0/+46
Change-Id: I59087cd855953d0ebdcaaea2374788e9e015e1ea Reviewed-on: https://cl.tvl.fyi/c/depot/+/4733 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-12-28 r/3492 refactor(tools/depotfmt): Move depotfmt check into a real build stepVincent Ambo2-7/+14
Produces more useful output and also makes for a good target for the upcoming extraSteps logic. Change-Id: Ifd389d433d9e27f97940a48999f4fba35646e37a Reviewed-on: https://cl.tvl.fyi/c/depot/+/4727 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-12-28 r/3491 refactor: Generalise pipeline generation in //nix/buildkiteVincent Ambo2-115/+172
Extracts the logic for generating our Buildkite pipeline (which has been copy&pasted and slightly modified in some places outside of depot) into a generic //nix/buildkite library. This should cause no change in functionality. Change-Id: Iad3201713945de41279b39e4f1b847f697c179f7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4726 Autosubmit: tazjin <mail@tazj.in> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-12-28 r/3490 fix(ops/users): change my email to the @tvl.su oneVincent Ambo1-1/+1
Change-Id: Id608fe66b203c1d08958c85be44506a86eec56d5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4730 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Autosubmit: tazjin <mail@tazj.in>
2021-12-28 r/3489 style(wpcarro/terraform): Apply terraform fmt to filesVincent Ambo1-9/+9
This is going to be enforced in CI very shortly (it already kind of was, but not really). Change-Id: I8569d030e31230f077371bd1644b75f048271a0e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4728 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: wpcarro <wpcarro@gmail.com>
2021-12-28 r/3488 chore(3p/overlays/haskell): nix-diff patch has been upstreamedsterni1-8/+0
https: //hackage.haskell.org/package/nix-diff-1.0.17/changelog Change-Id: Ied02395151ec62619721ad5e78d0841fa87d1b3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4729 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-12-28 r/3487 feat(3p/nixpkgs): allow injecting user nixpkgs configzseri2-3/+9
use case: system-wide 'testing' usage of content-addressed derivations Change-Id: I1f63ddf679da7d53ff0d8a851642dd081a70fe55 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4551 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de> Reviewed-by: tazjin <mail@tazj.in> Autosubmit: zseri <zseri.devel@ytrizja.de>
2021-12-28 r/3486 feat(wpcarro/terraform): Configure firewallWilliam Carroll1-2/+20
When I include "80" and "443" in the allowed TCP ports, the ports don't appear to be open, but when I add the tags "http-server" and "https-server", which I don't control, they do. I'm not sure what's going on, but I don't want to let perfect be the enemy of good... Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-28 r/3485 feat(wpcarro/terraform): Encode diogenes as terraform configurationWilliam Carroll2-0/+51
Some reference commands for my future self (blog post forthcoming?): ```shell $ nix-shell -p google-cloud-sdk terraform $ gcloud auth application-default login # stateful $ terraform init $ terraform apply ``` What's left for feature parity? - Encode 100GB external disk as resource - Encode firewall as resource - Ensure marcus can SSH to instance Stretch goals: - Spin-up fully NixOS-configured instances Change-Id: If156a5b0a2a0f8bfdf2548a4b5f592a77409fcb5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4724 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-28 r/3484 fix(wpcarro/blog): Fix broken post linksWilliam Carroll2-10/+7
TL;DR: - copy rendered posts to $out/posts - update postUrl attr - remove unused attrs Change-Id: I027c20d6244e4626128788ad9aa1f1aad7855f32 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4723 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-28 r/3483 refactor(wpcarro/website): Prefer substituteAllWilliam Carroll8-82/+91
`substituteAll` supports templating with @variables@, which I think really cleans things up. Change-Id: Icfad15ac9e174495ba02260d817f7330f1616c6f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4722 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-27 r/3482 refactor(ops/secrets): optimize + typecheck mkSecretszseri1-11/+19
Change-Id: I592c8f2f82cef8fe4509e90a8c48504a0c74d133 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4688 Reviewed-by: zseri <zseri.devel@ytrizja.de> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi> Autosubmit: zseri <zseri.devel@ytrizja.de> Tested-by: BuildkiteCI
2021-12-27 r/3481 feat(ops/glesys): Import DNS records for tvl.suVincent Ambo1-0/+120
These records were previously configured manually in the GleSYS web UI during our DNS outage (b/155). Note that I could not find a way to `terraform import` these records and have instead recreated the set and then cleaned up in the UI. Change-Id: If7de9a7e6dad20953ba8b610589a62dce400e87b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4716 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3480 feat(ops/glesys): Import DNS records for tvl.fyiVincent Ambo3-2/+111
These records were previously configured manually in the GleSYS web UI during our DNS outage (b/155). Note that I could not find a way to `terraform import` these records and have instead recreated the set and then cleaned up in the UI. Since we often point things at whitby, I have extracted variables for its IPs in this change. Change-Id: I09fda94d3734e8aaa278fa858e160d046740da1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4714 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3479 feat(ops/glesys): Import DNS records for nixery.devVincent Ambo1-0/+44
These records were previously configured manually in the GleSYS web UI during our DNS outage (b/155). Note that I could not find a way to `terraform import` these records and have instead recreated the set and then cleaned up in the UI. Change-Id: I2b7e0ed0931f50e7fa49c1f6e3400dfe958def04 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4713 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3478 chore(wpcarro/website): Archive dusty, old websitesWilliam Carroll17-6033/+0
Change-Id: I07b6e70ec4026644733e58a2c5f2aa6696a038f3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4719 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-27 r/3477 fix(wpcarro/blog): Fix broken hrefs to blog postsWilliam Carroll3-124/+2
Remove remaining references to blog.wpcarro.dev Change-Id: I364763459b195fc17753da4a7c5918ce5136e891 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4718 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-27 r/3476 feat(wpcarro/blog): Add a blog index pageWilliam Carroll8-18/+174
TL;DR: - Create an index page to list blog posts - Drop blog.wpcarro.dev -> wpcarro.dev/blog - Create fragments directory to host reusable static website components - Consume fragments in wpcarro.dev and wpcarro.dev/blog for brand consistency Change-Id: Ib8440300c008c3c0c5e5a6f207e4ea207dd41b47 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4717 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-27 r/3475 fix(grfn/bbbg): Allow importing empty attendee listsGriffin Smith2-19/+21
Change-Id: I278c586db7a8641a9e254f05075ee4e8bdf78d67 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4715 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi>
2021-12-27 r/3474 feat(ops/secrets): Import secrets for tf-glesysVincent Ambo3-0/+21
Adds the secrets and some instructions for deploying the GleSYS Terraform infrastructure. Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3473 feat(ops/keycloak): Import Buildkite OIDC clientVincent Ambo1-0/+21
This was previously configured in the UI. Change-Id: I68361b1489093b76736adab2e38ed7b474b10881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4711 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3472 feat(ops/keycloak): Import Gerrit OIDC clientVincent Ambo1-0/+21
This was previously configured in the UI. Change-Id: Ib15b8ecca96d7814dc85d62199865b22bdb63f95 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4710 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3471 fix(ops/keycloak): Move Terraform state to GleSYS bucketVincent Ambo2-12/+24
This should never sit around locally the way it does now. Change-Id: Icfbdaf1949d6d948a796a0759282ea6144af3621 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4709 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3470 feat(ops/secrets): Add tf-keycloak secrets fileVincent Ambo4-1/+33
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>