Age | Commit message (Collapse) | Author | Files | Lines |
|
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.
Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
So I can remote builder
Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/856
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
This is the point of the machine, afterall.
Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014
Reviewed-on: https://cl.tvl.fyi/c/depot/+/852
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
systemd gets sad otherwise and it is very difficult to console it
Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.
Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/848
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
|
|
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/845
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
This adds NixOS configuration for the machine whitby.tvl.fyi.
No interesting services are configured yet, so this configuration is
quite plain.
Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/843
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I7d77c3ea48b181d7b9f754ac4807ed44735a8925
Reviewed-on: https://cl.tvl.fyi/c/depot/+/841
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I3ec53d5223a4ff0871eed7615f11f534ed74653b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/839
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
This does not work for ARGON2 hashes.
Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/834
Reviewed-by: Kane York <rikingcoding@gmail.com>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
Change-Id: Id1a60121e4254e7ccff77ac17fd39d0955aedc8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/832
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
|
|
This makes it possible to use {ARGON2} hashes instead of the current
salted SHA hashes, which is a much better idea.
Unfortunately the nixpkgs module does not have an option for
overridding the package used, so it is overlaid into the system
package set - this causes widespread rebuilds.
This is fine for us for now, but I have opened a PR upstream to add a
package option: https://github.com/NixOS/nixpkgs/pull/91963
Change-Id: Ib4be931d88e74b91566639f8656742cf096f6cc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/831
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/821
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
|
|
Change-Id: Idce92352ad01f85bd7fbb102decdd1df26dda5f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/823
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: Ifbdf9bf9e89a1da68e8c823f61a33275183afcb1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/822
Reviewed-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
bad ericvolp12
Change-Id: I508c7de48d4c2a7c734c38f79d0efeafec5d1e34
Reviewed-on: https://cl.tvl.fyi/c/depot/+/622
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
Change-Id: I2d865a5271e7a3a2fe17009b306fe3f561a1290f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/621
Reviewed-by: tazjin <mail@tazj.in>
|
|
Signed-off-by: Artemis Tosini <me@artem.ist>
Change-Id: I11fc0cb58660d3cc55c6cf5489cc872a51454cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/609
Reviewed-by: tazjin <mail@tazj.in>
|
|
add camsbury
From ccd385879ed384389983f4ddc55ef675f40e6119 Mon Sep 17 00:00:00 2001
From: Cameron Kingsbury <camsbury7@gmail.com>
Date: Tue, 23 Jun 2020 14:13:51 -0400
Subject: [PATCH] feat(tvl-slapd): add camsbury to slapd
Change-Id: I0fbf05ca80a006c9b2055509661fc1e93211e30f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/565
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
This points commit/file/etc. links from Gerrit to Sourcegraph instead
of cgit.
There's a minor problem with this: Some, but not all unsubmitted CLs
are missing in Sourcegraph for unclear reasons so they lead to 404s.
That problem is unrelated to this change and something we need to
investigate separately.
Change-Id: I9b0c1eca8781dc96984ba09b4a71960eb43583bd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/541
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I2b91bef97c16254ffefcbc4da48ef161a859e7a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/521
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This attribute makes much more sense in this position semantically.
Change-Id: I16cc6304f42c577a2368bd7c9573fcb7dd276a9d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/448
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
Implements a function that generates the LDIF record for each user and
templates it into the configuration.
This is slightly more user-friendly and less error-prone (people kept
getting the DNs wrong) than editing the contents manually.
Change-Id: Ic419d2ef464f9a94be5d54b666f7d53134b53eed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/447
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
We can always revert this if we want it back.
Change-Id: I1332b6dd541199584b7b5b94a8651172d79e53a9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/442
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Changes the default session timeout to 3 months, which is a lot more
reasonable than the default of 12 hours.
See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cache.name.maxAge
Change-Id: I33bce8b072d64ab07f1b954c11068595dca5def7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/431
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
This module spins up the Sourcegraph container.
Builds:
Note that this is contrary to how our other deployments work, but
packaging Sourcegraph is quite difficult (it's a Gitlab style
deployment with a lot of moving parts and third-party things that it
bundles).
If we decide to keep it around, we will want to look at packaging it
in Nix in the future.
Deployment:
The deployment is a hack. Sourcegraph does not support public
instances, but we want it to be public. To work around this we have
configured HTTP-proxy based authentication (i.e. auth via a header)
and hardcoded a static header.
This works, but lets anonymous users change the "Anonymous" user's
settings. We can expect this to get defaced (profile picture, name
etc), until we figure out how to write some nginx configuration to
drop those requests. See git-bug for details.
The Sourcegraph configuration is also not checked in to the
repository. It's unclear where in the data directory it is stored.
Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/425
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Thanks.
Change-Id: I5df1e5075b2e056ebde3e66e1cf17b220d650977
Reviewed-on: https://cl.tvl.fyi/c/depot/+/398
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I33feedacfadaae53da000aff7d42fa06d2189f52
Reviewed-on: https://cl.tvl.fyi/c/depot/+/391
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I2e537079b88a3857964c6b7c66cd9221ca580958
Reviewed-on: https://cl.tvl.fyi/c/depot/+/390
Reviewed-by: tazjin <mail@tazj.in>
|
|
This plugin just blindly assigns everyone and, as q3k has already
pointed out, just isn't particularly useful.
We might want to roll our own, for example:
19: 40:41 <+Remosi> I want the virtual owner thing, we could call it
Gerrit Workgroup Synthesizer Queuing, or gwsq for short.
Change-Id: Ib12a921ae4047ac6a734035dd0900c8964fb12d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/350
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
Without these changes, the NixOS module isn't able to use the new
Gerrit derivation.
These changes are already deployed as I needed to make them to get
Gerrit back up.
Change-Id: Iad3aa6158789a014134fddccd40b508b81486100
Reviewed-on: https://cl.tvl.fyi/c/depot/+/301
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Ifb55ebd234d15fbaa6ef2e71f97ba7b8203ffcd9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/255
Reviewed-by: tazjin <mail@tazj.in>
|
|
NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).
This is the first users folder, so it is also added to the root
readTree invocation for the repository.
Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ib34d59006645b992bd7b6cbd04fc7121ad3f0219
Reviewed-on: https://cl.tvl.fyi/c/depot/+/223
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I62b90fb94293fc5148fe0fd7a06ea3d0e4d44199
Reviewed-on: https://cl.tvl.fyi/c/depot/+/222
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Gerrit does not expect a bin/ there.
Change-Id: I907f96690b8c6bb614dc11889712d7b122c5d5cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/181
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Iedd524d775349f24c13fe7c118830b7d4dfdec49
Reviewed-on: https://cl.tvl.fyi/c/depot/+/81
Reviewed-by: tazjin <mail@tazj.in>
|
|
Loads the 'hooks' plugin into Gerrit, which - as per my interpretation
of the docs - is going to execute any hooks for which there are
matching binaries.
The intention here is that besadii should implement most of the hooks
we care about. As a start, it is symlinked here to the `ref-updated`
hook.
Change-Id: I6482a9d71cc08908c29dd10f786cbba32b33d04d
|
|
This enables the display of various download commands on change pages,
which makes things like checking out refs for review locally easier.
Change-Id: I3c29854aa0cf1aa393efb89b7516bbf84e0083d4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/162
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This is a prerequisite for setting up the download-commands plugin.
Change-Id: I7803ef18be759f95aec020e4a00ca8e0fb48bfe0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/161
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I33085974fb3764f8a6df7f16245b2f5602f94118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/102
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I9ffd2fb3b9ae3f6c8c381f496769eb8977caadeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/124
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
This adds a little tool that can be used to relay mail to Gmail (and
other SMTP servers). It is intended to be used by Gerrit, which is
incompatible with Gmail's SMTP servers.
Configuration has been tested by performing a few sends through the
tvlbot@tazj.in account.
Note that this is using the standard Gmail SMTP server. Using the
smtp-relay server relies on IP whitelisting, but camden.tazj.in has a
larger number of IPv6 addresses than can be whitelisted (the maximum
is 65k). This means that we are limited to 2000 mails per recipient
per day, which should be fine.
Change-Id: Ie43564d753030f5c800a9cdb4ae98292877d80dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/101
Reviewed-by: edef <edef@edef.eu>
|
|
Configures Gerrit send emails from tvlbot@tazj.in for outgoing review
notifications. Emails are always plain-text and can contain diffs (up
to a maximum size of 256KiB).
The configuration options for this are documented at:
https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail
Note: The password for this user is stored on the host, in a file that
is not part of version-control and is only readable by the 'git' user.
We should probably figure out a way to do secrets management ...
Change-Id: I2f99b34b1a774c28d814b0aba1f1b78fd512854e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/92
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
The old host at cs.tazj.in now redirects there, and I've added a
helper function for creating these redirections.
Change-Id: I66794d752df46c8e795e47aedfaffd8c27c45627
Reviewed-on: https://cl.tvl.fyi/c/depot/+/89
Reviewed-by: riking <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I451d1bc1a21d4ff25c0c70c963cf17bb924961db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/84
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I063a09cdc3bb81397a44f7356f1c11ebd715f74f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/88
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: If17c758c323aaf00fdf26ddfafaea10acbf1453e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/70
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: riking <rikingcoding@gmail.com>
|