Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-06-13 | r/924 feat(nixos/smtprelay): Add derivation & module for SMTP relay | Vincent Ambo | 1 | -0/+12 | |
This adds a little tool that can be used to relay mail to Gmail (and other SMTP servers). It is intended to be used by Gerrit, which is incompatible with Gmail's SMTP servers. Configuration has been tested by performing a few sends through the tvlbot@tazj.in account. Note that this is using the standard Gmail SMTP server. Using the smtp-relay server relies on IP whitelisting, but camden.tazj.in has a larger number of IPv6 addresses than can be whitelisted (the maximum is 65k). This means that we are limited to 2000 mails per recipient per day, which should be fine. Change-Id: Ie43564d753030f5c800a9cdb4ae98292877d80dc Reviewed-on: https://cl.tvl.fyi/c/depot/+/101 Reviewed-by: edef <edef@edef.eu> | |||||
2020-06-12 | r/920 feat(camden): Move hound to cs.tvl.fyi | Vincent Ambo | 1 | -13/+22 | |
The old host at cs.tazj.in now redirects there, and I've added a helper function for creating these redirections. Change-Id: I66794d752df46c8e795e47aedfaffd8c27c45627 Reviewed-on: https://cl.tvl.fyi/c/depot/+/89 Reviewed-by: riking <rikingcoding@gmail.com> Reviewed-by: tazjin <mail@tazj.in> | |||||
2020-06-12 | r/919 fix(camden): addSSL -> forceSSL for all pages | Vincent Ambo | 1 | -4/+4 | |
Change-Id: I451d1bc1a21d4ff25c0c70c963cf17bb924961db Reviewed-on: https://cl.tvl.fyi/c/depot/+/84 Reviewed-by: lukegb <lukegb@tvl.fyi> | |||||
2020-06-12 | r/917 feat(camden): add /irc/ shortlink | Kane York | 1 | -0/+2 | |
Change-Id: If17c758c323aaf00fdf26ddfafaea10acbf1453e Reviewed-on: https://cl.tvl.fyi/c/depot/+/70 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: riking <rikingcoding@gmail.com> | |||||
2020-06-12 | r/916 feat(camden): Move cgit to code.tvl.fyi | Vincent Ambo | 1 | -4/+13 | |
Moves the host at which cgit is served to 'code.tvl.fyi'. Also updates related projects that link to this, most importantly: * Hound's & Gerrit's cgit link bases have been updated * besadii is updated to request CI builds for the new location Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/71 Reviewed-by: lukegb <lukegb@tvl.fyi> | |||||
2020-06-11 | r/914 chore(nixos/camden): Point hound at the depot on gerrit | Vincent Ambo | 1 | -1/+1 | |
Change-Id: I19cbffae75017ceefbc19397c54156eb348eda27 Reviewed-on: https://cl.tvl.fyi/c/depot/+/65 Reviewed-by: lukegb <lukegb@tvl.fyi> | |||||
2020-06-11 | r/904 fix(monorepo-gerrit): Configure nginx reverse proxy correctly | Vincent Ambo | 1 | -0/+2 | |
Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html | |||||
2020-06-11 | r/901 fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timer | Vincent Ambo | 1 | -1/+1 | |
2020-06-11 | r/898 feat(ops/nixos/modules): Add TVL slapd module | Vincent Ambo | 1 | -0/+1 | |
This initialises an OpenLDAP server for tvl.fyi This is the least annoying way to bootstrap Gerrit. Yep. | |||||
2020-06-11 | r/897 feat(ops/nixos): Add module for configuring Gerrit for the repo | Vincent Ambo | 1 | -1/+19 | |
2020-06-11 | r/896 chore(ops/nixos/camden): Move camden back to nixos-unstable | Vincent Ambo | 1 | -1/+1 | |
2020-06-07 | r/885 feat(ops/nixos/camden): Link to the TVL monorepo doc | Vincent Ambo | 1 | -0/+2 | |
2020-05-26 | r/858 feat(ops/nixos/camden): Index nixpkgs in hound | Vincent Ambo | 1 | -0/+8 | |
There is a local nixpkgs clone at /var/git/nixpkgs which must be manually set to have 'master' point at the desired ref (hound only supports master). | |||||
2020-05-26 | r/855 feat(ops/nixos/camden): Set up hound at cs.tazj.in | Vincent Ambo | 1 | -2/+30 | |
2020-05-26 | r/853 ffeat(ops/nixos): Add a dummy to make depot available in modules | Vincent Ambo | 1 | -0/+5 | |
Because modules are not called via the default depot setup (for now ...), this introduces a dummy module that stores the depot tree itself in the module configurations. This makes it possible to write modules that use packages from the depot. | |||||
2020-05-22 | r/814 fix(ops/nixos): Pin systems to stable channel | Vincent Ambo | 1 | -1/+1 | |
NixOS unstable has some software I want when building things, but it's also broken. This pins systems to the stable channel for now. | |||||
2020-05-11 | r/711 feat(ops/nixos/camden): add /meet/ redirect to tvl.fyi | Luke Granger-Brown | 1 | -0/+2 | |
I'm too lazy to keep going to the website to click the button and also too lazy to add my own redirect. Add one to tvl.fyi. | |||||
2020-04-26 | r/695 feat(ops/nixos/camden): Enable SSH agent auth | Vincent Ambo | 1 | -0/+3 | |
2020-04-26 | r/693 fix(ops/nixos/camden): Use new //fun/idual CLI structure | Vincent Ambo | 1 | -1/+2 | |
2020-04-26 | r/690 feat(ops/nixos/camden): Disable camden firewall | Vincent Ambo | 1 | -1/+1 | |
The local network is considered trusted and ingress from the outside world is now handled by the Edgerouter. | |||||
2020-04-26 | r/688 feat(fun/idual && nixos/camden): Add light alarm systemd units | Vincent Ambo | 1 | -1/+11 | |
Adds a systemd unit to run the idual light alarm using a transient timer created by systemd-run. | |||||
2020-04-22 | r/669 fix(ops/nixos/camden): Introduce brute-force nginx issue fix | Vincent Ambo | 1 | -0/+19 | |
This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03 | |||||
2020-04-21 | feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden | Vincent Ambo | 1 | -0/+2 | |
2020-04-21 | feat(ops/nixos/camden): Use my cachix cache on camden | Vincent Ambo | 1 | -0/+8 | |
This cache is populated by sourcehut builds. | |||||
2020-04-21 | r/650 feat(ops/nixos/camden): Add vhost for TVL homepage | Vincent Ambo | 1 | -0/+15 | |
2020-04-21 | r/648 feat(ops/nixos/camden): Provision certificate for tvl.fyi | Vincent Ambo | 1 | -0/+7 | |
2020-04-20 | r/640 feat(ops/nixos/camden): Add static IPv6 address to camden | Vincent Ambo | 1 | -0/+7 | |
2020-04-19 | r/639 feat(ops/nixos/camden): Configure honk service | Vincent Ambo | 1 | -0/+18 | |
2020-04-19 | r/637 feat(ops/nixos/camden): Install honk | Vincent Ambo | 1 | -0/+1 | |
2020-04-04 | r/626 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in | Vincent Ambo | 1 | -0/+2 | |
2020-04-04 | r/623 chore(ops/nixos/camden): Use upstream tailscale module | Vincent Ambo | 1 | -18/+1 | |
2020-04-04 | r/618 feat(ops/nixos/camden): Enable RTMP support in nginx | Vincent Ambo | 1 | -1/+25 | |
This makes it possible to live-stream various things at rtmp://tazj.in/tvl | |||||
2020-03-01 | r/589 fix(ops/nixos/camden): Add required options for ACME updates | Vincent Ambo | 1 | -12/+17 | |
The implementation for provisioning ACME certificates has changed in nixos-unstable[0] and now requires a few extra options to be set. [0]: https://github.com/NixOS/nixpkgs/pull/77578 | |||||
2020-02-21 | r/567 fix(ops/nixos/camden): Add missing quote in nginx config | Vincent Ambo | 1 | -1/+1 | |
2020-02-21 | r/566 feat(ops/nixos/camden): Modify nginx log format | Vincent Ambo | 1 | -8/+8 | |
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver. | |||||
2020-02-21 | r/565 fix(ops/nixos/camden): Configure nginx to not log hostnames | Vincent Ambo | 1 | -1/+1 | |
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries. | |||||
2020-02-21 | r/564 feat(ops/nixos/camden): Install jq | Vincent Ambo | 1 | -0/+1 | |
2020-02-21 | r/563 feat(ops/nixos/camden): Forward logs to Stackdriver Logging | Vincent Ambo | 1 | -0/+8 | |
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually. | |||||
2020-02-21 | r/559 chore: Rename pkgs->depot in all Nix file headers | Vincent Ambo | 1 | -12/+11 | |
2020-02-17 | r/557 Merge branch 'fix/camden-trusted-users' | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | fix(ops/nixos/camden): Add myself to trusted Nix users | Vincent Ambo | 1 | -0/+2 | |
2020-02-17 | r/556 fix(ops/nixos/camden): Use pounce from //third_party | Vincent Ambo | 1 | -1/+1 | |
2020-02-17 | r/553 feat(ops/nixos/camden): Install pounce on camden | Vincent Ambo | 1 | -1/+8 | |
2020-02-17 | r/552 feat(ops/nixos/camden): Enable support for mosh | Vincent Ambo | 1 | -0/+2 | |
2020-02-14 | r/550 refactor(ops/nixos/camden): Merge ACME certificate blocks | Vincent Ambo | 1 | -11/+7 | |
2020-02-14 | r/549 feat(camden): Move to actual tazj.in hostnames | Vincent Ambo | 1 | -4/+15 | |
2020-02-12 | r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden | Vincent Ambo | 1 | -0/+21 | |
2020-02-12 | r/546 feat(ops/nixos/camden): Move ACME configuration out of nginx | Vincent Ambo | 1 | -4/+13 | |
This makes it possible to re-use the same provisioning mechanism for multiple related domains. | |||||
2020-02-12 | r/545 feat(ops/nixos/camden): Set up cgit service | Vincent Ambo | 1 | -5/+27 | |
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. | |||||
2020-02-11 | r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config type | Vincent Ambo | 1 | -8/+10 | |