about summary refs log tree commit diff
path: root/ops/nixos
AgeCommit message (Collapse)AuthorFilesLines
2020-06-16 r/1002 chore: Remove traces of HoundVincent Ambo1-62/+0
We can always revert this if we want it back. Change-Id: I1332b6dd541199584b7b5b94a8651172d79e53a9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/442 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-16 r/1000 fix(monorepo-gerrit): Don't expire sessions unreasonably quicklyVincent Ambo1-0/+1
Changes the default session timeout to 3 months, which is a lot more reasonable than the default of 12 hours. See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cache.name.maxAge Change-Id: I33bce8b072d64ab07f1b954c11068595dca5def7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/431 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-16 r/995 feat(nixos/sourcegraph): Add a module for running SourceGraphVincent Ambo1-0/+26
This module spins up the Sourcegraph container. Builds: Note that this is contrary to how our other deployments work, but packaging Sourcegraph is quite difficult (it's a Gitlab style deployment with a lot of moving parts and third-party things that it bundles). If we decide to keep it around, we will want to look at packaging it in Nix in the future. Deployment: The deployment is a hack. Sourcegraph does not support public instances, but we want it to be public. To work around this we have configured HTTP-proxy based authentication (i.e. auth via a header) and hardcoded a static header. This works, but lets anonymous users change the "Anonymous" user's settings. We can expect this to get defaced (profile picture, name etc), until we figure out how to write some nginx configuration to drop those requests. See git-bug for details. The Sourcegraph configuration is also not checked in to the repository. It's unclear where in the data directory it is stored. Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/425 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-16 r/984 feat(tvl-slapd): Enable ericvolp12 user in LDAPEric Volpert1-0/+9
Thanks. Change-Id: I5df1e5075b2e056ebde3e66e1cf17b220d650977 Reviewed-on: https://cl.tvl.fyi/c/depot/+/398 Reviewed-by: tazjin <mail@tazj.in>
2020-06-15 r/972 fix(ops/nixos/tvl-slapd): Sort users & fix glittershark's DNVincent Ambo1-9/+9
Change-Id: I33feedacfadaae53da000aff7d42fa06d2189f52 Reviewed-on: https://cl.tvl.fyi/c/depot/+/391 Reviewed-by: tazjin <mail@tazj.in>
2020-06-15 r/971 chore(ops/nixos/tvl-slapd): add glittersharkGriffin Smith1-0/+9
Change-Id: I2e537079b88a3857964c6b7c66cd9221ca580958 Reviewed-on: https://cl.tvl.fyi/c/depot/+/390 Reviewed-by: tazjin <mail@tazj.in>
2020-06-15 r/961 chore(monorepo-gerrit): Remove 'owners-autoassign' pluginVincent Ambo1-1/+0
This plugin just blindly assigns everyone and, as q3k has already pointed out, just isn't particularly useful. We might want to roll our own, for example: 19: 40:41 <+Remosi> I want the virtual owner thing, we could call it Gerrit Workgroup Synthesizer Queuing, or gwsq for short. Change-Id: Ib12a921ae4047ac6a734035dd0900c8964fb12d8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/350 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-14 r/955 fix(3p/gerrit): Fix Gerrit derivation name and module configurationVincent Ambo1-0/+2
Without these changes, the NixOS module isn't able to use the new Gerrit derivation. These changes are already deployed as I needed to make them to get Gerrit back up. Change-Id: Iad3aa6158789a014134fddccd40b508b81486100 Reviewed-on: https://cl.tvl.fyi/c/depot/+/301 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-14 r/944 feat(tvl-slapd): add cynthia to slapdCynthia Revström1-0/+9
Change-Id: Ifb55ebd234d15fbaa6ef2e71f97ba7b8203ffcd9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/255 Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 r/941 refactor(ops/nixos): Move my NixOS configurations to //users/tazjinVincent Ambo20-1258/+7
NixOS modules move one level up because it's unlikely that //ops/nixos will contain actual systems at this point (they're user-specific). This is the first users folder, so it is also added to the root readTree invocation for the repository. Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/244 Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 r/937 feat(tvl-slapd): add eta to slapdeta1-0/+9
Change-Id: Ib34d59006645b992bd7b6cbd04fc7121ad3f0219 Reviewed-on: https://cl.tvl.fyi/c/depot/+/223 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/936 feat(monorepo-gerrit): Include owners & owners-autoassign pluginsVincent Ambo1-0/+5
Change-Id: I62b90fb94293fc5148fe0fd7a06ea3d0e4d44199 Reviewed-on: https://cl.tvl.fyi/c/depot/+/222 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/934 fix(monorepo-gerrit): Do not place hooks in $out/binVincent Ambo1-2/+2
Gerrit does not expect a bin/ there. Change-Id: I907f96690b8c6bb614dc11889712d7b122c5d5cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/181 Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 r/933 feat(camden): add builds shortlinkKane York1-1/+2
Change-Id: Iedd524d775349f24c13fe7c118830b7d4dfdec49 Reviewed-on: https://cl.tvl.fyi/c/depot/+/81 Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 r/932 feat(monorepo-gerrit): Enable Gerrit hooks & configure besadiiVincent Ambo1-2/+11
Loads the 'hooks' plugin into Gerrit, which - as per my interpretation of the docs - is going to execute any hooks for which there are matching binaries. The intention here is that besadii should implement most of the hooks we care about. As a start, it is symlinked here to the `ref-updated` hook. Change-Id: I6482a9d71cc08908c29dd10f786cbba32b33d04d
2020-06-13 r/930 feat(monorepo-gerrit): Enable download-commands pluginVincent Ambo1-0/+9
This enables the display of various download commands on change pages, which makes things like checking out refs for review locally easier. Change-Id: I3c29854aa0cf1aa393efb89b7516bbf84e0083d4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/162 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/929 fix(monorepo-gerrit): Configure advertised address for SSH correctlyVincent Ambo1-0/+1
This is a prerequisite for setting up the download-commands plugin. Change-Id: I7803ef18be759f95aec020e4a00ca8e0fb48bfe0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/161 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/927 chore(monorepo-gerrit): Point SMTP configuration at smtprelayVincent Ambo1-5/+4
Change-Id: I33085974fb3764f8a6df7f16245b2f5602f94118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/102 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/926 feat(tvl-slapd): Add nyanotech to slapd, sort the listnyanotech1-19/+28
Change-Id: I9ffd2fb3b9ae3f6c8c381f496769eb8977caadeb Reviewed-on: https://cl.tvl.fyi/c/depot/+/124 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-13 r/924 feat(nixos/smtprelay): Add derivation & module for SMTP relayVincent Ambo2-0/+64
This adds a little tool that can be used to relay mail to Gmail (and other SMTP servers). It is intended to be used by Gerrit, which is incompatible with Gmail's SMTP servers. Configuration has been tested by performing a few sends through the tvlbot@tazj.in account. Note that this is using the standard Gmail SMTP server. Using the smtp-relay server relies on IP whitelisting, but camden.tazj.in has a larger number of IPv6 addresses than can be whitelisted (the maximum is 65k). This means that we are limited to 2000 mails per recipient per day, which should be fine. Change-Id: Ie43564d753030f5c800a9cdb4ae98292877d80dc Reviewed-on: https://cl.tvl.fyi/c/depot/+/101 Reviewed-by: edef <edef@edef.eu>
2020-06-12 r/923 feat(monorepo-gerrit): Configure outbound emails for reviewsVincent Ambo1-0/+19
Configures Gerrit send emails from tvlbot@tazj.in for outgoing review notifications. Emails are always plain-text and can contain diffs (up to a maximum size of 256KiB). The configuration options for this are documented at: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail Note: The password for this user is stored on the host, in a file that is not part of version-control and is only readable by the 'git' user. We should probably figure out a way to do secrets management ... Change-Id: I2f99b34b1a774c28d814b0aba1f1b78fd512854e Reviewed-on: https://cl.tvl.fyi/c/depot/+/92 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-12 r/920 feat(camden): Move hound to cs.tvl.fyiVincent Ambo1-13/+22
The old host at cs.tazj.in now redirects there, and I've added a helper function for creating these redirections. Change-Id: I66794d752df46c8e795e47aedfaffd8c27c45627 Reviewed-on: https://cl.tvl.fyi/c/depot/+/89 Reviewed-by: riking <rikingcoding@gmail.com> Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 r/919 fix(camden): addSSL -> forceSSL for all pagesVincent Ambo1-4/+4
Change-Id: I451d1bc1a21d4ff25c0c70c963cf17bb924961db Reviewed-on: https://cl.tvl.fyi/c/depot/+/84 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 r/918 chore(ops/nixos/modules): Add edef to slapdedef1-0/+9
Change-Id: I063a09cdc3bb81397a44f7356f1c11ebd715f74f Reviewed-on: https://cl.tvl.fyi/c/depot/+/88 Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 r/917 feat(camden): add /irc/ shortlinkKane York1-0/+2
Change-Id: If17c758c323aaf00fdf26ddfafaea10acbf1453e Reviewed-on: https://cl.tvl.fyi/c/depot/+/70 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-12 r/916 feat(camden): Move cgit to code.tvl.fyiVincent Ambo2-5/+14
Moves the host at which cgit is served to 'code.tvl.fyi'. Also updates related projects that link to this, most importantly: * Hound's & Gerrit's cgit link bases have been updated * besadii is updated to request CI builds for the new location Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/71 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 r/915 chore(ops/nixos/modules): Add q3k to slapdSergiusz Bazanski1-0/+9
Change-Id: I083bc4e9283a882e97a6b9098d6a126ca7bb0a93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/68 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-11 r/914 chore(nixos/camden): Point hound at the depot on gerritVincent Ambo1-1/+1
Change-Id: I19cbffae75017ceefbc19397c54156eb348eda27 Reviewed-on: https://cl.tvl.fyi/c/depot/+/65 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-11 r/912 chore(nixos/frog): Move frog to nixos-unstableVincent Ambo1-7/+2
There are no remaining traces of Emacs breakage in unstable - as far as I can tell. Change-Id: I06c5d78aa3ff9c0cc00c62e6d6966c5079fb3b24 Reviewed-on: https://cl.tvl.fyi/c/depot/+/63 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/910 feat(nixos/frog): Enable lieer sync for mail@tazj.inVincent Ambo1-0/+20
Change-Id: I38a338143d57d5f49532d200910f9406fa49f535 Reviewed-on: https://cl.tvl.fyi/c/depot/+/61 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/909 feat(monorepo-gerrit): link to git.tazj.in as source browserLuke Granger-Brown1-0/+14
Change-Id: Ia31389a958c1927b63dfebb7c2ed2054177410b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/23 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/907 fix(monorepo-gerrit): Disable 'DynamicUser' feature for GerritVincent Ambo1-0/+13
This change makes Gerrit run as the 'git' user, which can be shared by other services such as hound or cgit to access the git trees. Change-Id: Ic6c91f3e852184f5ef21f4374738cbf687462194 Reviewed-on: https://cl.tvl.fyi/c/depot/+/21 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: isomer <isomer@tvl.in>
2020-06-11 r/906 fix(monorepo-gerrit): Extract SSH username from LDAP correctlyVincent Ambo2-2/+3
2020-06-11 r/905 feat(tvl-slapd): Add lukegb's user accountVincent Ambo1-0/+9
2020-06-11 r/904 fix(monorepo-gerrit): Configure nginx reverse proxy correctlyVincent Ambo2-3/+9
Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
2020-06-11 r/903 feat(ops/nixos/modules): Add myself.Perry Lorier1-6/+15
Also alphabetise
2020-06-11 r/902 chore(ops/nixos/modules): Add riking to slapdKane York2-0/+14
2020-06-11 r/901 fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timerVincent Ambo1-1/+1
2020-06-11 r/899 feat(monorepo-gerrit): Configure Gerrit for LDAP authenticationVincent Ambo1-0/+15
2020-06-11 r/898 feat(ops/nixos/modules): Add TVL slapd moduleVincent Ambo3-0/+60
This initialises an OpenLDAP server for tvl.fyi This is the least annoying way to bootstrap Gerrit. Yep.
2020-06-11 r/897 feat(ops/nixos): Add module for configuring Gerrit for the repoVincent Ambo2-1/+35
2020-06-11 r/896 chore(ops/nixos/camden): Move camden back to nixos-unstableVincent Ambo1-1/+1
2020-06-11 r/892 feat(nixos/frog): Enable settings required for hardware supportVincent Ambo1-2/+7
... also updates to the latest kernel (this is 5.4 -> 5.6 atm)
2020-06-11 r/891 fix(nixos/frog): Use correct label for LUKS deviceVincent Ambo1-1/+1
2020-06-11 r/890 feat(ops/nixos): Initial NixOS configuration for frogVincent Ambo3-0/+240
This is mostly based on the nugget configuration, because frog replaces nugget.
2020-06-07 r/885 feat(ops/nixos/camden): Link to the TVL monorepo docVincent Ambo1-0/+2
2020-05-31 r/874 feat(ops/nixos/nugget): Install zoxideVincent Ambo1-1/+7
2020-05-26 r/858 feat(ops/nixos/camden): Index nixpkgs in houndVincent Ambo1-0/+8
There is a local nixpkgs clone at /var/git/nixpkgs which must be manually set to have 'master' point at the desired ref (hound only supports master).
2020-05-26 r/855 feat(ops/nixos/camden): Set up hound at cs.tazj.inVincent Ambo1-2/+30
2020-05-26 r/854 feat(ops/nixos): Add a module for houndVincent Ambo1-0/+62
This module sets up hound, a generic code search engine.