about summary refs log tree commit diff
path: root/ops/modules
AgeCommit message (Collapse)AuthorFilesLines
2023-10-09 r/6751 fix(ops/code.tvl.fyi): fix josh-proxy cmdline argsFlorian Klink2-2/+2
It looks like josh is only listening on v4 currently: https://github.com/josh-project/josh/blob/1586eab06284ce668779c87f00a1fb5fa9763be0/josh-proxy/src/bin/josh-proxy.rs#L1429 Also, the remote URL to push to is (or became) https://cl.tvl.fyi/a, not just https://cl.tvl.fyi/, update it Change-Id: Ic59bc51c28be913d833186c715e9a9eb960bbd6e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9591 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-09 r/6748 chore(ops): expose nar-bridge for go getBrian McGee1-0/+10
Change-Id: I9d8f444ed625502cfaeea83e0b330f52dac24118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9589 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-09 r/6745 feat(ops/www): add experimental grep.tvl.fyi setupVincent Ambo1-0/+22
This points a reverse proxy at a manually run, highly experimental container. The actual setup is not yet nixified. Change-Id: I8e1d5ec94a3f1e9b4b0bfc7ffd2a9badf4e79291 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9577 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-10-08 r/6733 chore(ops/modules): enable passwordless sudo in users moduleVincent Ambo1-0/+5
Change-Id: I8522a106bbadacf1b5720b4cd1102052aa360ff0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9575 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-10-08 r/6732 chore(users): remove inactive usersVincent Ambo1-15/+0
Change-Id: I3cfb425e4dac0a467e3917df996e9800a3ebe875 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9576 Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-10-08 r/6730 fix(ops/modules): remove cloud-init from yandex-cloud moduleVincent Ambo1-1/+0
cloud-init stopped working for unknown reasons, enabling it will break DHCP and SSH, and make the image inaccessible. This means that access needs to be provided by baking keys into the image instead. Change-Id: Ib8d32a02d0a8ea61d75921f147349d73a27ef751 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9572 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-06 r/6717 chore(ops): remove images.tvl.fyiVincent Ambo1-22/+0
I don't even know what this is/was. Change-Id: I743efa88258bbc13b7a3d4b8de8df222325b00ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/9553 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-24 r/6647 fix(ops/modules/tvl-buildkite): add /run/wrappers/bin to $PATHFlorian Klink1-0/+3
It looks like since cl/9341, the tvix buildkite pipeline fails. We're not yet sure what's causing it, it might be the lack of the `fusermount` binary in $PATH. Change-Id: Ie95678fbd07201e96ca3d43b53827781b49f1f46 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9386 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-09-22 r/6634 chore(ops): move yandex-cloud image module out of corpVincent Ambo1-0/+79
Change-Id: Idc8cc3a640fc895cd3882e93a193212adb743abb Reviewed-on: https://cl.tvl.fyi/c/depot/+/9425 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6631 chore(ops/modules/www/code.tvl.fyi): add missing go get redirectFlorian Klink1-0/+6
This was missing in cl/9370. Change-Id: I02048b0e65d1192e9e300160bb8f78fe30a70da1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9405 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Connor Brewster <cbrewster@hey.com> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-09-22 r/6629 refactor(tvix): move castore into tvix-castore crateFlorian Klink1-0/+4
This splits the pure content-addressed layers from tvix-store into a `castore` crate, and only leaves PathInfo related things, as well as the CLI entrypoint in the tvix-store crate. Notable changes: - `fixtures` and `utils` had to be moved out of the `test` cfg, so they can be imported from tvix-store. - Some ad-hoc fixtures in the test were moved to proper fixtures in the same step. - The protos are now created by a (more static) recipe in the protos/ directory. The (now two) golang targets are commented out, as it's not possible to update them properly in the same CL. This will be done by a followup CL once this is merged (and whitby deployed) Bug: https://b.tvl.fyi/issues/301 Change-Id: I8d675d4bf1fb697eb7d479747c1b1e3635718107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9370 Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-09-10 r/6575 feat(ops/modules/code.tvl.fyi): fix go get for tvix store protosFlorian Klink1-1/+11
There's a go.mod in in tvix/store/protos, which sets the module path to code.tvl.fyi/tvix/store/protos. While this path makes kinda sense, it's currently not possible to `go get` it from that location, as we serve the cgit interface from there. Fortunately, `go get` has a mechanism to determine clone URLs for a given go module path, as documented in https://go.dev/ref/mod#vcs-find. We simply need to serve a small HTML file at that path, describing the proper clone URL. This points the clone URL for code.tvl.fyi/tvix/store/protos to a josh- provided subtree of just :/tvix/store/protos, which will contain the root go.mod file. We need another layer of indirection as nginx can't have an `alias` directive inside a conditional block (but can have a redirect). Contrary to https://b.tvl.fyi/issues/299#comment-464, it seems to work for our usecase. It might become a problem if we actually serve `go.mod` files in a nested fashion at some point, but let's look at that once we get there. Fixes b/299. Change-Id: Idcad795105af5d57e6d06de6e232881dccf9110b Reviewed-on: https://cl.tvl.fyi/c/depot/+/9290 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: adisbladis <adisbladis@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-05 r/6552 feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyiVincent Ambo1-0/+19
I verified on whitby that the password hashes generated by //web/pwcrypt are compatible with our OpenLDAP, so it's time to make this thing public. Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2023-08-22 r/6517 fix(ops/nixery): switch nixery.dev to stable nixpkgs channelVincent Ambo1-2/+3
The current unstable has a bunch of breakage which people have been reporting, lets move the public instance to the stable channel until that is sorted out. Example breakage: https://github.com/tazjin/nixery/issues/159 Change-Id: Id5eb11ebd235928b85c01c178c32da3badea517f Reviewed-on: https://cl.tvl.fyi/c/depot/+/9126 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-08-21 r/6516 feat(tvl-users): grant wheel privileges to flokliVincent Ambo1-1/+1
Flokli needs deploy access to whitby to ~~break auth~~ experiment with Dex. Change-Id: If39763192961e227ee569a312f6a0e3ae2c10786 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9113 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-07-01 r/6381 chore(ops/modules): remove oauth2_proxy moduleFlorian Klink1-60/+0
This was dropped from whitby itself in cl/8905, but didn't drop the module because we were worried someone else might still be using it. However, this relies on the "oauth2-proxy" client ID, which only has the following supported redirect uris (as per ops/keycloak/clients.tf): - https://login.tvl.fyi/oauth2/callback - http://localhost:4774/oauth2/callback … which means, noone can really run this properly anyways, so let's drop it. We can always restore it from git. Change-Id: I7d700f59a62cce1254ad4ba0792a7d7b3960b769 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8913 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-06-22 r/6343 feat(ops): introduce (head|tail)scale server at net.tvl.fyiVincent Ambo1-0/+62
This runs a headscale server on sanduny which lets users join their machines to the TVL tailscale network. This would theoretically let people communicate with each other on the internal network, but also more notably joined servers can advertise exit node capability so that we can have our own "VPN network", for starters with endpoints in Germany, UK and Russia (whitby, sanduny and koptevo respectively). This setup isn't fully stable yet, notably: * The IP range used by tailscale is just the default one right now, I'm not sure if that should be changed or what. * The system is stateful (on sanduny), but the state is not (yet) backed up anywhere. Use with caution. * Machine joining is a manual process requiring SSH & root access to sanduny. The process is to log in to sanduny, then get a headscale shell with `sudo -u headscale bash`, and to use the `headscale` CLI within there to administrate access. I've opted to create a user account `tvl` for TVL-owned machines, and a personal account for myself and my machines. Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-06-15 r/6317 fix(ops/modules/quassel): use systemd LoadCredential to read certsVincent Ambo1-1/+5
This avoids permission issues with nginx vs. quassel Change-Id: I770f8284d8fd8fc6d38add93c1681f9daebe8749 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8786 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-15 r/6311 chore(3p/sources): Bump channels & overlayssterni1-1/+1
* //ops/modules/depot-inbox: Adapt to upstream option type declaration. See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076. * //ops/machines/sanduny, //users/tazjin/polyanka: Remove boot.loader.grub.version options (no longer has any effect). * //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk * //3p/overlays: update tdlib to match emacs-overlay * //3p/overlays: give EXWM from depot a separate name * //users/grfn/system/home: disable Slack support in ntfy Change-Id: I03bde088bc70e05b23925f244899807210cb7b20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-28 r/6117 feat(ops/modules/open_eid): add support for Web eID extensionFlorian Klink1-20/+37
Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-04-19 r/6099 fix(ops/modules/open_eid): use libdigidocpp.binFlorian Klink1-1/+1
nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-04-07 r/6072 chore(3p/sources): Bump channels & overlayssterni1-3/+3
* Satisfy new assert that the corresponding shell needs to be enabled via programs.* if it is as the login shell of at least one user. * //users/tazjin: “Address” removal of hardware.video.hidpi option. * //3p/gerrit: update fetch sha256 Change-Id: Id0988a0ea7f393d6b7848a7104fc3526ee1177f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8407 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-31 r/6064 fix(views/kit): communicate :unsign in the tvl-kit URL directlyFlorian Klink1-1/+1
Instead of prepending :unsign to all URLs in josh-proxy, and for all calls to filteredGitPush, explicitly use it only in the filter we use for the `export-kit` extraStep. This means, people cloning tvl-kit via > https://code.tvl.fyi/depot.git:workspace=views/kit.git now need to update the URL to point to > https://code.tvl.fyi/depot.git:unsign:workspace=views/kit.git instead. git@github.com:tvlfyi/kit.git will keep the same hashes, as it's updated to export the unsigned workspace view of it. This is less invasive than dooming every josh workspace to have to strip signatures. Change-Id: I6de05182fad4c3695081388c3bbf37306521d255 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8369 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-29 r/6054 fix(ops/www): allow all indexing on cl.tvl.fyiVincent Ambo1-0/+4
I *want* search engines to index our CLs, they might be useful! Change-Id: I956d92c80d812e1aefefb6daeba77a1588055b94 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8361 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2023-03-14 r/6005 feat(ops): serve Tvix website & docs on (docs.)tvix.devVincent Ambo1-0/+39
Change-Id: I198ea197867f9b9a48e51665d0665f722202e02e Reviewed-on: https://cl.tvl.fyi/c/depot/+/8299 Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-07 r/5895 chore(3p/josh): update josh to recent master commitVincent Ambo1-1/+1
It's been a long time since we updated josh, almost 400 commits in between. I read through the entire changelog, and here are relevant josh commits from in between that might be interesting to us: 38eecee Fix optimisation bug for compose filter (#1159) e1d10b6 Add :rev(...) filter 0f1a07b Initial implementation of refs locking (#929) 88cea2a Initial work on meta repo support 030ad93 Change magic refs to include "for" 28b1d75 Add split changes feature (#904) 1f908d7 Discover filters only on HEAD (#774) a368d8f Make --require-auth only apply to push 8d80230 Add :linear filter (#741) 3460ec2 Implement redundant refs filtering (#700) 55b4e50 Implement stacked changes support (#699) ea1f814 Handle @sha urls by creating magic ref (#690) 883a381 Run filter discovery only on changed refs (#685) 4bb004f Prepend refs/heads to base parameter as default (#664) Of particular interest is a368d8f, which allows us to drop our authentication patch and use the standard --require-auth flag again. The default behaviour of dropping signatures on commits (which are invalid after filtering) has also been changed in josh, now only occuring when the `:unsign` filter is present. Since this breaks commit hashes with our existing exported histories, we are opting to set a `:unsign` filter prefix on all proxy requests to ensure that the hashes stay consistent. During this update we found a bug (josh#1155) which was fixed in the commit that this CL moves josh to. Change-Id: I3afac1619f3aa90313a0441da91f0e4a96fe0a3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/8186 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-02-09 r/5844 chore(ops/modules): add a GECOS for my userAlyssa Ross1-0/+1
This way, I won't have to teach my name one at a time to every program that wants to know my it (e.g. git). Change-Id: I45ddd9c2343a10cd4c13bacd9a97b7470db95c14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8038 Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-02-01 r/5798 fix(ops/www): increase buffer memory size for auth.tvl.fyiVincent Ambo1-0/+4
Keycloak seems to have decided today that it will now send headers that are larger than what the nginx default configuration can handle. The numbers are a mix of made up and taken from random nginx voodoo posts on the internet, so they're as good a guess as anyone's. Change-Id: If037bcba48eee371cc96304b150276c669930c75 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7992 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2022-12-29 r/5547 feat(ops/modules): enable mail address obfuscation in public web UIVincent Ambo1-3/+11
Change-Id: I47b5313bee84893d405f86aefb3682cda3cfc6d7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7637 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-29 r/5546 fix(ops/modules): list IMAP server on public-inbox pageVincent Ambo1-0/+1
This fix can only be applied after the upstream public-inbox fix (https://github.com/NixOS/nixpkgs/pull/207693) has been merged. Change-Id: I957473e2895b7e57baad25c9e908b36aa790f3a6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7636 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-12-28 r/5515 feat(web/inbox): add landing page for inbox.tvl.suVincent Ambo1-2/+9
This landing page explains how to use the public-inbox. Change-Id: I37d74decad5173ab35051970593f1d28001af2b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7645 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-28 r/5513 style(ops/modules): add inbox email address to public-inbox headerVincent Ambo1-1/+1
Change-Id: Ib7d9089b63bba7ebc44d3438ed284e752f0595e9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7638 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-28 r/5512 feat(ops/modules): enable NNTP on inbox.tvl.suVincent Ambo1-2/+14
Change-Id: Iec564860a247fe51a5549129be294a3629645519 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7635 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-28 r/5511 feat(ops/modules): enable IMAP access for public-inboxVincent Ambo1-1/+27
This sets up IMAP on inbox.tvl.su:993 I added a hack to work around problems with the NixOS ACME module. Spent way too much time of my life with problems with that module, so I only use it with blunt force these days. Others are welcome to make a cleaner solution. Change-Id: Ice828766020856cf17d2f0a5b4491f4cec8ad9b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7633 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-12-27 r/5506 feat(ops/modules): index incoming mail in public-inboxVincent Ambo1-0/+4
Change-Id: I8a3e2c0e789057fd1edd015ccb8fdcc0cbb52cd8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7631 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-27 r/5505 feat(ops/modules): configure offlineimap for depot@tvl.suVincent Ambo1-1/+48
On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-27 r/5503 feat(ops/modules): set up public-inbox at inbox.tvl.suVincent Ambo2-0/+74
Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-12-05 r/5390 fix(ops/modules): regularly restart panettone for b/225Vincent Ambo1-0/+11
Change-Id: I27565e0e462ecb431d0f82bb3f6026b1eb369279 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7504 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-11-07 r/5260 fix(ops/machines/whitby): serve grafana at status.tvl.su againsterni1-1/+1
This is a follow up to cl/7191 which neglected to adjust the status.tvl.su.nix module and re-enable it. Change-Id: Icc1917004cd50e5eab61a29bc68b393ba9bd6325 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7226 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-10-03 r/5025 fix(ops/www): fix port templating for keycloakVincent Ambo1-1/+1
Change-Id: I714b12f996d7dbe705f1f553d449f2dbc4910b1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/6848 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-28 r/4980 chore(3p/sources): Bump channels & overlayssterni5-6/+6
Upstream nixpkgs removed a lot of aliases this time, so we needed to do the following transformations. It's a real shame that aliases only really become discoverable easily when they are removed. * runCommandNoCC -> runCommand * gmailieer -> lieer We also need to work around the fact that home-manager hasn't catched on to this rename. * mysql -> mariadb * pkgconfig -> pkg-config This also affects our Nix fork which needs to be bumped. * prometheus_client -> prometheus-client * rxvt_unicode -> rxvt-unicode-unwrapped * nix-review -> nixpkgs-review * oauth2_proxy -> oauth2-proxy Additionally, some Go-related builders decided to drop support for passing the sha256 hash in directly, so we need to use the generic hash arguments. Change-Id: I84aaa225ef18962937f8616a9ff064822f0d5dc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6792 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-09-19 r/4923 feat(monorepo-gerrit): swap owners plugin for code-ownersLuke Granger-Brown1-1/+10
Change-Id: I9e05384b58dac258bc2da41c22e321b20451ef00 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6686 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2022-09-13 r/4829 feat(ops/modules): deploy tvixbolt to tvixbolt.tvl.suVincent Ambo1-0/+19
Change-Id: I534cf918fc3e03ce8c14cf15f6d3280b6a657c8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6536 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-08-25 r/4490 fix: reflect renames of Nix configuration optionssterni1-3/+3
Change-Id: I7e28ac3d71acd7d99a1d3ef97bef9422097e4abf Reviewed-on: https://cl.tvl.fyi/c/depot/+/6154 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-08-13 r/4426 chore(3p/sources): Bump channels & overlaysVincent Ambo1-1/+1
* tvl-slapd: move database to subdirectory (somehow now required) Change-Id: I1792b856cf68b11959c0cc9caab4135e556f8c58 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6090 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-07-28 r/4337 feat(ops/www): add predlozhnik redirect on tazj.inVincent Ambo1-0/+4
otherwise posting this to reddit's /r/russian is not possible, as they ban all links to Russian-affiliated sites Change-Id: I8d23f0961ec7ef097fc2dbdd0aaa178861a19c10 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5992 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-19 r/4306 fix(ops/www): redirect very old tazj.in feed URLs correctlyVincent Ambo1-0/+4
at some point in the far past, there was an RSS feed at `/en/rss.xml`. It seems to still get a single hit or so every hour, which currently 404s. Change-Id: Ieb13c2c0232861a50a54bc2a4087d9ccb21185cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5962 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-18 r/4305 fix(ops/www): issue certificate for 'www.tazj.in'Vincent Ambo1-0/+1
Change-Id: I6179f785bb6bd6168a2a11836b90da5ee93adc69 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5953 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-07-12 r/4295 refactor(ops/cgit): make user configurableVincent Ambo1-3/+19
on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 r/4294 fix(depot-replica): make the depot replica world readableVincent Ambo1-1/+1
Change-Id: Idc0b5210793ab0d83b3ac99cf36d7f7f02a35a37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>