Age | Commit message (Collapse) | Author | Files | Lines |
|
Deploy Panettone to whitby as a systemd service, proxied to from an
nginx virtual host listening at b.tvl.fyi
Change-Id: I69755566151a45120e6b3453751af0e9291fa241
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
I don't have time for bash's history.
Change-Id: I741107d33f09999ef43a7609079ad926e8127e69
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
... also bootstraps her user directory to store the key in.
Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
|
|
This is inline with how other user keys are managed.
Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
|
|
Note that this is not yet updated automatically, so the page will be
stale until somebody rebuilds whitby.
Change-Id: I91f4b03c9309aed289df055fac292a214dca7668
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Tested-by: BuildkiteCI
|
|
Change-Id: I33cc1324eac9a13be56d296d09cfdbe066d90e13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1256
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Not having this set led to gerrit setting the committer to
"qyliss <hi@alyssa.is>", which is wrong.
Change-Id: I3fe02264e22dd6d739575b34ceb1221d1d6a9d98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1267
Tested-by: BuildkiteCI
Reviewed-by: qyliss <hi@alyssa.is>
|
|
Change-Id: I289400de6638844586a32a729333cb65a0dca4a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1254
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ia95c77be8a9c123f2e52174f76c4b01d44272191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1260
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
The Hetzner DNS servers were unhappy after today's Cloudflare outage,
and that broke some of our builds - this wouldn't have happened with
Google DNS!
Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Iec66fea0f3991ba74aede3911ea9f6ae5adb0188
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1082
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I6bc25d039cbe497bc9aa8784ac2f95219b5c617c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1066
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
... and enable it on whitby
Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
There is only one minor configuration change: CLBot now connects to
cl.tvl.fyi, instead of localhost, because Gerrit is still on camden.
Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This is required for the Gerrit setup.
Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Ib4ffc1d9b030a5982b9063c1d6322fb87ba7f910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1022
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
(this translates to -Xmx)
Change-Id: I31bbbd247952fa6a592cb66ad144025af640d2db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1021
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
|
|
This prevents a request that takes >1s on each page load.
Change-Id: Ic91bb602e3059b1f17681aa468739bb0a103f8cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1003
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
|
|
Message-Id: <20200710190623.26573-1-andi@notmuch.email>
Change-Id: Ibd74f93f589beecbf7fa9090550ecf95caa0a3b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/982
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
The upstream module is not flexible enough for my needs, so I made my
own.
Change-Id: Ie9f786da7eb8c878e0782b07a075c064ad8cd253
Reviewed-on: https://cl.tvl.fyi/c/depot/+/953
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd
Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba2840
Reviewed-on: https://cl.tvl.fyi/c/depot/+/951
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/950
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/935
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/936
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.
As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.
Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I3fac108802671abfb9a508359390b063bce16202
Reviewed-on: https://cl.tvl.fyi/c/depot/+/923
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Id1e67bb30bb7f4d329006688f1783b900d16d164
Reviewed-on: https://cl.tvl.fyi/c/depot/+/914
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
|
|
This exposes a binary cache over SSH.
Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/895
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.
Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
So I can remote builder
Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/856
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
This is the point of the machine, afterall.
Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014
Reviewed-on: https://cl.tvl.fyi/c/depot/+/852
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
systemd gets sad otherwise and it is very difficult to console it
Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.
Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/848
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
|
|
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/845
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
This adds NixOS configuration for the machine whitby.tvl.fyi.
No interesting services are configured yet, so this configuration is
quite plain.
Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/843
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I7d77c3ea48b181d7b9f754ac4807ed44735a8925
Reviewed-on: https://cl.tvl.fyi/c/depot/+/841
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I3ec53d5223a4ff0871eed7615f11f534ed74653b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/839
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
This does not work for ARGON2 hashes.
Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/834
Reviewed-by: Kane York <rikingcoding@gmail.com>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
|
|
Change-Id: Id1a60121e4254e7ccff77ac17fd39d0955aedc8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/832
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
|
|
This makes it possible to use {ARGON2} hashes instead of the current
salted SHA hashes, which is a much better idea.
Unfortunately the nixpkgs module does not have an option for
overridding the package used, so it is overlaid into the system
package set - this causes widespread rebuilds.
This is fine for us for now, but I have opened a PR upstream to add a
package option: https://github.com/NixOS/nixpkgs/pull/91963
Change-Id: Ib4be931d88e74b91566639f8656742cf096f6cc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/831
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/821
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
|