Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-02-21 | feat(ops/besadii): Read sourcehut token from secrets file on disk | Vincent Ambo | 1 | -7/+7 | |
2020-02-21 | chore(ops/besadii): Fail if sourcehut token is unset | Vincent Ambo | 1 | -2/+7 | |
2020-02-21 | feat(ops/besadii): Refactored tool to trigger sourcehut builds | Vincent Ambo | 5 | -239/+127 | |
Refactors //ops/sync-gcsr which was previously responsible for synchronising the git repository between GCSR and the git.tazj.in cgit instance to simply be responsible for triggering builds on sourcehut. This program is intended to run as a git post-update hook. Note: Not yet feature complete, as interpolation of concrete git values and also sourcehut secrets is missing. | |||||
2020-02-21 | r/568 merge: Add june's cgit patches to //third_party/cgit | Vincent Ambo | 3 | -4/+29 | |
june maintains some patches on https://git.causal.agency/cgit/log/ that seem sensible to include in this tree. | |||||
2020-02-21 | feat(cgit/ui-commit): show subject in page title | C. McEnroe | 1 | -0/+1 | |
2020-02-21 | feat(cgit/ui-tree): show symlink targets in tree listing | C. McEnroe | 1 | -2/+20 | |
Add links to symbolic link targets in tree listings, formatted like "ls -l". Path normalization collapses any ".." components of the link. | |||||
2020-02-21 | feat(cgit/ui-tree): don't link to blame for binary blobs | C. McEnroe | 1 | -2/+4 | |
2020-02-21 | feat(cgit/ui-blame): bail if blob is binary | C. McEnroe | 1 | -0/+4 | |
This avoids piping binary blobs through the source-filter. | |||||
2020-02-21 | r/567 fix(ops/nixos/camden): Add missing quote in nginx config | Vincent Ambo | 1 | -1/+1 | |
2020-02-21 | r/566 feat(ops/nixos/camden): Modify nginx log format | Vincent Ambo | 1 | -8/+8 | |
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver. | |||||
2020-02-21 | r/565 fix(ops/nixos/camden): Configure nginx to not log hostnames | Vincent Ambo | 1 | -1/+1 | |
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries. | |||||
2020-02-21 | r/564 feat(ops/nixos/camden): Install jq | Vincent Ambo | 1 | -0/+1 | |
2020-02-21 | r/563 feat(ops/nixos/camden): Forward logs to Stackdriver Logging | Vincent Ambo | 1 | -0/+8 | |
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually. | |||||
2020-02-21 | r/562 chore(ops/nixos/nugget): Remove input-fonts package | Vincent Ambo | 1 | -1/+0 | |
My default font is now Jetbrains Mono everywhere. | |||||
2020-02-21 | r/561 fix(fun/amsterdump): Fix call to os.Getenv | Vincent Ambo | 1 | -1/+1 | |
Not sure how this broken version ended up committed ... | |||||
2020-02-21 | r/560 feat(build): Add //fun and //ops/nixos projects to CI builds | Vincent Ambo | 1 | -8/+13 | |
2020-02-21 | r/559 chore: Rename pkgs->depot in all Nix file headers | Vincent Ambo | 113 | -349/+318 | |
2020-02-21 | r/558 refactor: Pass the depot as an argument named 'depot' | Vincent Ambo | 1 | -3/+7 | |
This change, which I've been meaning to do for a while, renames the attributes passed by readTree to things in the tree so that: * the depot root is now 'depot' * depot.third_party is additionally passed as 'pkgs' (for compatibility with exported subtrees) | |||||
2020-02-17 | r/557 Merge branch 'fix/camden-trusted-users' | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | fix(ops/nixos/camden): Add myself to trusted Nix users | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/556 fix(ops/nixos/camden): Use pounce from //third_party | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | r/555 chore(third_party/pounce): Override version to 1.1 | Vincent Ambo | 2 | -1/+19 | |
This has not yet propagated to nixos-unstable | |||||
2020-02-17 | r/554 chore(third_party): Bump nixos-unstable | Vincent Ambo | 1 | -3/+3 | |
2020-02-17 | r/553 feat(ops/nixos/camden): Install pounce on camden | Vincent Ambo | 1 | -1/+8 | |
2020-02-17 | r/552 feat(ops/nixos/camden): Enable support for mosh | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/551 Merge branch 'feat/camden-migration' | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames | Vincent Ambo | 1 | -1/+1 | |
2020-02-14 | r/550 refactor(ops/nixos/camden): Merge ACME certificate blocks | Vincent Ambo | 1 | -11/+7 | |
2020-02-14 | r/549 feat(camden): Move to actual tazj.in hostnames | Vincent Ambo | 1 | -4/+15 | |
2020-02-12 | r/548 feat(ops/nixos/nugget): Add camden to /etc/hosts | Vincent Ambo | 1 | -0/+7 | |
At the moment there is no other way for requests from nugget to camden to resolve correctly, as the Hyperoptic router is eating this traffic on the LAN. | |||||
2020-02-12 | r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden | Vincent Ambo | 1 | -0/+21 | |
2020-02-12 | r/546 feat(ops/nixos/camden): Move ACME configuration out of nginx | Vincent Ambo | 1 | -4/+13 | |
This makes it possible to re-use the same provisioning mechanism for multiple related domains. | |||||
2020-02-12 | r/545 feat(ops/nixos/camden): Set up cgit service | Vincent Ambo | 1 | -5/+27 | |
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. | |||||
2020-02-12 | r/544 refactor(web/cgit-taz): Serve depot from disk location on camden | Vincent Ambo | 1 | -4/+3 | |
2020-02-11 | r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config type | Vincent Ambo | 2 | -11/+24 | |
2020-02-11 | r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs | Vincent Ambo | 1 | -1/+5 | |
This directory is writeable by me and is intended to make it easy to serve random blobs. | |||||
2020-02-11 | r/541 feat(ops/nixos/camden): Enable haveged entropy "generator" | Vincent Ambo | 1 | -3/+4 | |
2020-02-11 | r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blog | Vincent Ambo | 1 | -0/+53 | |
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later. | |||||
2020-02-11 | r/539 refactor(web): Let //web/ derivations build static pages only | Vincent Ambo | 3 | -93/+14 | |
Removes nginx configuration built by the web targets (with the exception of the includable block used to set up redirects for old blog URLs). | |||||
2020-02-11 | r/538 fix(ops/nixos/camden): Use package set from depot pin | Vincent Ambo | 1 | -2/+9 | |
2020-02-11 | r/537 feat(nix/tailscale): Add function for generating tailscale ACLs | Vincent Ambo | 2 | -1/+27 | |
... and use it on Camden! | |||||
2020-02-11 | r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh | Vincent Ambo | 1 | -3/+21 | |
2020-02-11 | r/535 fix(ops/nixos): Add camden to rebuilder script | Vincent Ambo | 1 | -0/+4 | |
This should probably be templated instead. | |||||
2020-02-11 | r/534 feat(ops/nixos): Add initial configuration for host camden | Vincent Ambo | 3 | -7/+96 | |
2020-02-11 | r/533 feat(ops/nixos/nugget): Enable tailscale-relay | Vincent Ambo | 1 | -0/+12 | |
2020-02-11 | r/532 feat(ops/nixos): Add NixOS module for running tailscale | Vincent Ambo | 2 | -0/+78 | |
This uses the "legacy" tailscale Linux client, but built from source as per the previous commits. | |||||
2020-02-11 | r/531 fix(third_party/tailscale): Add patch to make taillogin work | Vincent Ambo | 2 | -0/+30 | |
2020-02-11 | r/530 chore(ops/nixos/nugget): Install tailscale on nugget | Vincent Ambo | 1 | -0/+1 | |
2020-02-11 | r/529 fix(third_party/tailscale): Add default relaynode acl.json to output | Vincent Ambo | 1 | -1/+6 | |
2020-02-10 | r/528 fix(third_party/tailscale): Build all sub-packages | Vincent Ambo | 1 | -0/+2 | |
At the moment it seems like all of them are still required - things are in flux! |