about summary refs log tree commit diff
path: root/ops/nixos/whitby/default.nix
AgeCommit message (Collapse)AuthorFilesLines
2021-04-09 r/2456 refactor(whitby): Extract Buildkite agents into a moduleVincent Ambo1-16/+5
There will be more Buildkite-agent specific configuration, and it's already more than just the module setup, so extracting this makes sense. Change-Id: I56ce205c0cb4365317ed7ed5f2d525a0b425b861 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2906 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-04 r/2436 feat(whitby): Configure nix-serve on cache.tvl.suVincent Ambo1-0/+8
Having a slow cache is better than having no cache. Change-Id: Ie3cfcd4a2937d90b0e2ad899816bc31ae806631f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2847 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-02 r/2407 refactor(ops/nixos): migrate to depot module argLuke Granger-Brown1-2/+0
Previously the depot argument was provided as config.depot, but the "new way" of doing things (which is more like the args list provided in the rest of the depot) is to provide this as the "depot" NixOS module argument instead. Change-Id: Ib48b1c7c1bdff9c1eb0618c6cbacc22b651f5f98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2763 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-02 r/2398 feat(ops/whitby): add sterni to trusted userssterni1-1/+4
I am somewhat trustworthy… maybe? Also I tend to gc depot stuff so ssh serve would be neat. Change-Id: I4672f20a32a756692dd156b5e40e5a7f37ba5ad0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2660 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-26 r/2347 feat(ops/nixos/whitby): add flokli userFlorian Klink1-0/+6
Change-Id: Ibdb5b498f8bbc837fffdb38cdf95499b279773aa Reviewed-on: https://cl.tvl.fyi/c/depot/+/2683 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2021-03-26 r/2332 fix(ops/whitby): Set tcp congestion control to bbrGriffin Smith1-0/+4
Some quick testing shows that this improves my data transfer speed to whitby by roughly 200%. Change-Id: Id94de975b1ae0930f8d0fe038582dbac0037676c Reviewed-on: https://cl.tvl.fyi/c/depot/+/2659 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: ben <tvl@benjojo.co.uk>
2021-03-21 r/2314 chore(whitby): Remove SSH key from rootVincent Ambo1-4/+0
This was a leftover from the time we were installing. Change-Id: Id875b907d7f76081a45e7f8f2666b7fba6aefc86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2632 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-23 r/2140 chore(users/multi): remove user from the depot.multi1-8/+1
This commit removes my user directory in the depot, my user account on whitby, my entry in the LDAP database, and my entry in the website graph. I've had my fun with TVL, but I want to move on to spending time on some other things. This additionally removes aranea from the website graph, which they have requested in private. Change-Id: I2d098c8fe239f20d9f6c6cbf66a3dfb4a955a4cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/2436 Tested-by: BuildkiteCI Reviewed-by: multi <depot@in-addr.xyz> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-01-19 r/2133 chore: Remove banned userV1-6/+0
Change-Id: Icd61f7c567a327c74a4f381168e94737b2b30702 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2422 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Reviewed-by: tazjin <mail@tazj.in>
2021-01-18 r/2130 chore(ops/whitby): Move ACME registrations to an @tvl.fyi addressVincent Ambo1-1/+1
Change-Id: I371550aa456c0fb64da4789feed494cc50497522 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2410 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-17 r/2116 feat(ops/nixos): Serve tazj.in from whitby temporarilyVincent Ambo1-1/+2
camden.tazj.in (the host in my flat) is going down as my belongings are being moved into storage. Change-Id: Id66512fd2ec6dbdcb6dfc3862af49cfadb15cfa1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2405 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-15 r/2111 feat(ops/nixos/whitby): Enable remote use of whitby for my Thinkpad.multi1-2/+3
My main workstation is a Thinkpad without a great deal of compute power available, so enabling the use of whitby as both a substituter (services.sshServe) and a remote builder (openssh.authorizedKeys) will save me some time when working on nix things and depot things. Change-Id: I17bfcbb9860f42fb667603ad819e38e82e6052da Reviewed-on: https://cl.tvl.fyi/c/depot/+/2399 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2021-01-13 r/2094 feat(ops/nixos/whitby): add sterni usersterni1-0/+6
Change-Id: Ia6790913ea2777a9d4ca89830436623766991c13 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2368 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-12-26 r/2030 chore(whitby): Double number of build usersVincent Ambo1-1/+1
more = betterer Change-Id: I6d5414d6ebb087e7f9fb912d5a514c31ebcd8b7e Reviewed-on: https://cl.tvl.fyi/c/depot/+/2296 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-12-20 r/2023 fix(whitby): Include lukegb's & grfn's SSH keys in initrdVincent Ambo1-3/+4
Change-Id: I8921d645b1a81510e04314e519195c1c01d3fd14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2286 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-12-20 r/2022 fix(whitby): Disable git's gc.autoDetach featureVincent Ambo1-0/+6
This feature can cause object removal to happen while the git folder is in use in Buildkite, causing CI to fail semi-reegularly. Change-Id: Ide1a9b2f1761be029e97a058c1983b4cff5e27bf Reviewed-on: https://cl.tvl.fyi/c/depot/+/2285 Tested-by: BuildkiteCI Reviewed-by: multi <depot@in-addr.xyz>
2020-11-22 r/1907 feat(whitby): Move wigglydonke.rs to whitbyGriffin Smith1-0/+1
Mugwump is too unstable for such an important internet service Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-11-17 r/1880 feat(ops/panettone): Add configuration for irccatVincent Ambo1-0/+1
Adds configuration options for the (inconsistently named) environment variables that configure irccat integration with Panettone. The defaults match the irccat setup on whitby. Change-Id: I6857512a2e3f29f16777493eb981cc69ce3c045f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2080 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-11-08 r/1876 feat(whitby): Enable irccat moduleVincent Ambo1-0/+19
Enables irccat, running as 'tvlbot' on ##tvl and ##tvl-dev and listening on TCP 4722. Change-Id: Ia1eb533d0aacb0c15d6b3fa1cfd854ffbce27d23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2075 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-05 r/1870 fix(whitby): Use new IRC bouncer location for clbotVincent Ambo1-1/+1
... I found this location in the logs, because the certs are now valid for this, but I'm not actually sure if it's right. Change-Id: I5ac88073e3bf6a95fead4c1d34515622c4416c6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/2070 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-09-28 r/1828 feat(whitby): add firefly userJonas Höglund1-0/+6
Change-Id: Ib785577c173795d5cc6ccd7a3ee7e6a568439a0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2013 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 r/1823 feat(whitby): add cynthia owoCynthia Revström1-0/+6
Change-Id: Id9e06ce8645ec2dbe1167d2b0b023159d3e91487 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2008 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-06 r/1765 chore(whitby): Double the number of build agents againVincent Ambo1-1/+1
The main bottleneck of our builds right now is Nix evaluation, which means that most of the time is spent idling during builds. Since we're evaluating in parallel, lets give it a few more builders. I don't want to go all the way to 64 immediately to first see if we get any adverse effects from highly concurrent builds running concurrently (if we do we could group them into different "concurrency groups" in Buildkite). Change-Id: Ibc3f89fb59cb4ee471b152ff36887ffe2b39f8f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1932 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-31 r/1751 feat(whitby): Double the number of Buildkite agentsVincent Ambo1-1/+1
Allow 16 things to happen in parallel, which is useful now that the CI granularity is on a per-target level. Change-Id: Ie65dd119ea0666618fbb249613e70a68276db834 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1902 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-23 r/1705 feat(whitby): Enable log forwarding via journaldriverVincent Ambo1-0/+7
Change-Id: I474159acfe514f6f2eb7867e4eba854016590ab1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1836 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-21 r/1701 revert(whitby): Use Tvix as the system Nix on whitbytazjin1-1/+0
This reverts commit 8fa30870673fcdd5410c2593321153ab7cfbe36f. Reason for revert: This almost worked. We discovered two important issues: - The daemon startup does not correctly handle the socket passed in by systemd. - There is some issue with chunking of large calls, running a build for ci-builds resulted in: tazjin@whitby /depot (canon)> nix-build -A ciBuilds.__allTargets E20200821 01:42:22.846053 12601 shared.cc:306] error: Rpc call addTextToStore to unix:///nix/var/nix/daemon-socket/socket failed (RESOURCE_EXHAUSTED): Received message larger than max (10889961 vs. 4194304) Change-Id: Ic5ba4ef06a4953cf71a36b139fe25ea673cb6fee Reviewed-on: https://cl.tvl.fyi/c/depot/+/1802 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-21 r/1700 feat(whitby): Use Tvix as the system Nix on whitbyVincent Ambo1-0/+1
... this is going to break so much stuff. Lets have some fun. Change-Id: If0185e0323391c7055d47b797083bb5afde57cb5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1829 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-19 r/1679 feat(whitby): add VV1-0/+6
Change-Id: I887760edd67135df4e2f58a874314b317838d2e8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1787 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-08-17 r/1670 feat(whitby): add etaeta1-0/+6
Change-Id: I7aa2bd2cb2c001b48ebd25b20f28cdfb0883ba3f Reviewed-on: https://cl.tvl.fyi/c/depot/+/1782 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-08-17 r/1667 feat(nixos/clbot): Add ability to post in multiple channelsVincent Ambo1-0/+5
Adds the ability to post to multiple channels by simply running multiple instances of clbot. We should probably implement support for this in clbot itself, but right now I can't be bothered to write Go. Change-Id: I5cffd0dc10a7f6cc19c37c5834c5610166b4ae23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1771 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-14 r/1651 feat(whitby): enable programs.mosh.multi1-0/+1
Change-Id: Ibc8df6f6382b5b64e272bedece6b65762f9693c9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1750 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-08-13 r/1643 fix(whitby): disable sshd(8) password authentication.multi1-1/+5
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-08-09 r/1629 feat(whitby): add multimulti1-0/+6
Change-Id: Ibfc2a5fcf73099b8414b8c46958007374d14fd0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1701 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-06 r/1606 fix(whitby): Increase nrBuildUsers to 128Vincent Ambo1-0/+1
Change-Id: I3a444e163745d17d10f923c0be7565840937c53a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1662 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 r/1605 fix(whitby): I'm a trusted user, owoVincent Ambo1-0/+1
Change-Id: I2666b3cf8bdefcb5d4caeddf191dc65f6a8cb05f Reviewed-on: https://cl.tvl.fyi/c/depot/+/1661 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-05 r/1602 chore(whitby): add edefedef1-0/+6
Change-Id: I7265259bc87594bd481c7bd455187c09b1effd1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/1650 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-01 r/1533 fix(whitby): Move Restic's cache into /var/backup/resticVincent Ambo1-0/+1
It tries to write this to ~/.cache otherwise, which worked for the git user but does not work for root (??) Change-Id: I02d04da7d8e2b8782ce70bc72bce0b90c3961aa0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1546 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1532 fix(whitby): Make timer unit match the unit it should startVincent Ambo1-1/+1
Oversight in the previous CL. Change-Id: I8767322d7d860fc410796f8d63b7a6c38a8ab447 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1545 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1531 feat(whitby): Include PostgreSQL dumps in Restic backupsVincent Ambo1-7/+6
Changes the restic backup service to run as root, rather than git, and include the PostgreSQL dumps in its scope. The on-machine credentials have already been placed in the right location in /var/backup/restic Fixes: 27 Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541 Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1523 feat(whitby): Enable daily PostgreSQL backupsVincent Ambo1-0/+7
... daily is just the default cron pattern for this, but we might also want this to happen more frequently. Not sure yet. Change-Id: I4e433fefebd93488891e765b5842fdb6537e3c6d Reviewed-on: https://cl.tvl.fyi/c/depot/+/1518 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-07-31 r/1513 feat(ops/nixos): Add module for running paroxysm on whitbyVincent Ambo1-0/+4
Change-Id: I415e3b046d4e0fcd7e800ddab0c7f1aeb639c5e2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1502 Tested-by: BuildkiteCI Reviewed-by: eta <eta@theta.eu.org>
2020-07-28 r/1502 feat(ops/nixos): Use database password for PanettoneGriffin Smith1-3/+6
It appears this didn't even *work* without a password, so we've been forced into being more secure. Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 r/1500 fix(ops/nixos): allow connections on hostnosslGriffin Smith1-0/+1
This is how panettone is currently connecting, so this needs to be here in order for it to work. Shortly I'll update all of this to use passwords, but for now this gets things up and running again Change-Id: If87f4dbce0800dcbc4f7bf10e88f3e591410b416 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1488 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-27 r/1494 feat(whitby): Create a Postgres database for PanettoneGriffin Smith1-1/+27
Create a running Postgres database server along with a user and database for Panettone, and pass configuration for it to the panettone module Change-Id: I333994288131be328e62069382d6d40f8034c400 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-25 r/1476 chore(whitby): add rxvt-unicode's terminfoLuke Granger-Brown1-0/+1
Otherwise I have to set TERM to something else so that I can actually use the machine when I'm booted into Linux and it's incredibly tedious and I hate it. Change-Id: Icfb5aacfea8cd6227743d29d9b07dc1b745d22c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1435 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 r/1439 feat(ops/nixos): Deploy Panettone to WhitbyGriffin Smith1-2/+9
Deploy Panettone to whitby as a systemd service, proxied to from an nginx virtual host listening at b.tvl.fyi Change-Id: I69755566151a45120e6b3453751af0e9291fa241 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 r/1432 fix(whitby): Use fish shell as my default shellVincent Ambo1-0/+1
I don't have time for bash's history. Change-Id: I741107d33f09999ef43a7609079ad926e8127e69 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 r/1431 feat(whitby): Add SSH key for qylissVincent Ambo1-0/+6
... also bootstraps her user directory to store the key in. Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361 Tested-by: BuildkiteCI Reviewed-by: Alyssa Ross <hi@alyssa.is>
2020-07-23 r/1430 chore(whitby): Move isomer's SSH key to user directoryVincent Ambo1-3/+1
This is inline with how other user keys are managed. Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-19 r/1405 feat(whitby): Deploy todo.tvl.fyi page with //web/todolistVincent Ambo1-0/+1
Note that this is not yet updated automatically, so the page will be stale until somebody rebuilds whitby. Change-Id: I91f4b03c9309aed289df055fac292a214dca7668 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297 Reviewed-by: Alyssa Ross <hi@alyssa.is> Tested-by: BuildkiteCI