about summary refs log tree commit diff
path: root/ops/nixos/whitby/default.nix
AgeCommit message (Collapse)AuthorFilesLines
2020-07-23 r/1430 chore(whitby): Move isomer's SSH key to user directoryVincent Ambo1-3/+1
This is inline with how other user keys are managed. Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-19 r/1405 feat(whitby): Deploy todo.tvl.fyi page with //web/todolistVincent Ambo1-0/+1
Note that this is not yet updated automatically, so the page will be stale until somebody rebuilds whitby. Change-Id: I91f4b03c9309aed289df055fac292a214dca7668 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297 Reviewed-by: Alyssa Ross <hi@alyssa.is> Tested-by: BuildkiteCI
2020-07-18 r/1385 chore(whitby): add rikingKane York1-0/+6
Change-Id: I33cc1324eac9a13be56d296d09cfdbe066d90e13 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1256 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-07-17 r/1363 feat(whitby): Hardcode Google DNS serversVincent Ambo1-2/+18
The Hetzner DNS servers were unhappy after today's Cloudflare outage, and that broke some of our builds - this wouldn't have happened with Google DNS! Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 r/1347 chore(whitby): += Isomerisomer1-0/+8
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142 Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1268 feat(whitby): Configure Gerrit backups on whitbyVincent Ambo1-0/+22
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1267 chore(whitby): Give the git user a home directoryVincent Ambo1-0/+2
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1264 feat(whitby): Enable Gerrit & cgit deploymentsVincent Ambo1-1/+17
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1262 feat(whitby): Enable SourceGraph serverVincent Ambo1-1/+6
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1259 feat(nixos/www): Add configuration for tvl.fyi homepageVincent Ambo1-0/+1
... and enable it on whitby Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1257 feat(whitby): Move over clbot deployment from camdenVincent Ambo1-0/+22
There is only one minor configuration change: CLBot now connects to cl.tvl.fyi, instead of localhost, because Gerrit is still on camden. Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1256 feat(whitby): Enable smtprelay moduleVincent Ambo1-1/+13
This is required for the Gerrit setup. Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-06 r/1234 feat(whitby): add apereo-cas/tvl-ssoLuke Granger-Brown1-0/+1
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283e Reviewed-on: https://cl.tvl.fyi/c/depot/+/935 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1230 feat(ops/nixos/www): create login.tvl.fyi hostLuke Granger-Brown1-0/+6
Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c Reviewed-on: https://cl.tvl.fyi/c/depot/+/936 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1221 feat(ops/nixos): Add generic rebuild-system scriptGriffin Smith1-5/+1
This adds a first crack at one idea for a generic, non-user-specific rebuild-system script to ops.nixos.rebuild-system. The idea here is that we enumerate all the nixos systems stored in the monorepo (similarly to what we do for ci-builds right now) then search through them by hostname to find the one matching the hostname of the current system, which is an attempt at a more generic version of tazjin's rebuilder script which does the same thing but with an explicit case block. As a caveat, it feels like there's a slight possibility that this way of finding systems is going to get slow to evaluate - on my system it feels fine but if it grows out of hand it's probably feasible to just bake this into the built script as a dynamically generated case statement. Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/894 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-05 r/1213 feat(whitby): enable tvl-slapd on whitbyLuke Granger-Brown1-0/+1
Change-Id: I3fac108802671abfb9a508359390b063bce16202 Reviewed-on: https://cl.tvl.fyi/c/depot/+/923 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-04 r/1210 chore(whitby): add lukegb to trusted-users for remote buildsLuke Granger-Brown1-0/+1
Change-Id: Id1e67bb30bb7f4d329006688f1783b900d16d164 Reviewed-on: https://cl.tvl.fyi/c/depot/+/914 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-03 r/1185 feat(whitby): Enable nix.sshServeVincent Ambo1-3/+9
This exposes a binary cache over SSH. Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a Reviewed-on: https://cl.tvl.fyi/c/depot/+/895 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1174 feat(whitby): Allow wheel users to sudo without a passwordGriffin Smith1-0/+7
This *should* translate to the required invocation to make sudo allow nopasswd for users in the wheel group. Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/857 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-07-02 r/1172 feat(whitby): Add grfn as a trusted userGriffin Smith1-0/+4
So I can remote builder Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/856 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-02 r/1171 feat(whitby): Run a handful of Buildkite agentsVincent Ambo1-0/+21
This is the point of the machine, afterall. Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/853 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1170 feat(whitby): Enable Nix signing for the binary cacheVincent Ambo1-0/+3
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014 Reviewed-on: https://cl.tvl.fyi/c/depot/+/852 Reviewed-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-02 r/1169 fix(whitby): Explicitly set an interface for the v6 default gwVincent Ambo1-1/+5
systemd gets sad otherwise and it is very difficult to console it Change-Id: Ic6405489532c407273e5634474185f2947420b37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/851 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1168 feat(whitby): Add grfnGriffin Smith1-0/+8
it's not glittershark because grfn is the username I have on my laptop and I want to be able to ssh without an `@`. Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768 Reviewed-on: https://cl.tvl.fyi/c/depot/+/850 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-02 r/1166 feat(whitby): add lukegbLuke Granger-Brown1-0/+6
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b Reviewed-on: https://cl.tvl.fyi/c/depot/+/848 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: BuildkiteCI
2020-07-02 r/1163 fix(whitby): Set correct IPv6 default gateway for Hetzner envVincent Ambo1-0/+1
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88 Reviewed-on: https://cl.tvl.fyi/c/depot/+/845 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1160 feat(nixos/whitby): Hello, World!Vincent Ambo1-0/+148
This adds NixOS configuration for the machine whitby.tvl.fyi. No interesting services are configured yet, so this configuration is quite plain. Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/843 Tested-by: BuildkiteCI Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>