about summary refs log tree commit diff
path: root/ops/nixos
AgeCommit message (Collapse)AuthorFilesLines
2020-08-21 r/1701 revert(whitby): Use Tvix as the system Nix on whitbytazjin1-1/+0
This reverts commit 8fa30870673fcdd5410c2593321153ab7cfbe36f. Reason for revert: This almost worked. We discovered two important issues: - The daemon startup does not correctly handle the socket passed in by systemd. - There is some issue with chunking of large calls, running a build for ci-builds resulted in: tazjin@whitby /depot (canon)> nix-build -A ciBuilds.__allTargets E20200821 01:42:22.846053 12601 shared.cc:306] error: Rpc call addTextToStore to unix:///nix/var/nix/daemon-socket/socket failed (RESOURCE_EXHAUSTED): Received message larger than max (10889961 vs. 4194304) Change-Id: Ic5ba4ef06a4953cf71a36b139fe25ea673cb6fee Reviewed-on: https://cl.tvl.fyi/c/depot/+/1802 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-21 r/1700 feat(whitby): Use Tvix as the system Nix on whitbyVincent Ambo1-0/+1
... this is going to break so much stuff. Lets have some fun. Change-Id: If0185e0323391c7055d47b797083bb5afde57cb5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1829 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-19 r/1680 chore(tvl-slapd): decapitalise V's username, use displayName insteadV1-1/+2
Change-Id: I59cf5e1c850960ae639c6a3ebeb273a4441c48bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/1788 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 r/1679 feat(whitby): add VV1-0/+6
Change-Id: I887760edd67135df4e2f58a874314b317838d2e8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1787 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 r/1678 feat(tvl-slapd): add VV1-0/+5
Change-Id: Id9253635b73b0eac7871a6baa4f0c7417d135cfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/1786 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-08-17 r/1670 feat(whitby): add etaeta1-0/+6
Change-Id: I7aa2bd2cb2c001b48ebd25b20f28cdfb0883ba3f Reviewed-on: https://cl.tvl.fyi/c/depot/+/1782 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-08-17 r/1668 chore(nixos/sourcegraph): Bump version to 3.18.0Vincent Ambo1-1/+1
Change-Id: I5cb8b2da7e40075c99fab6bd57295c8c1d770e86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1781 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-17 r/1667 feat(nixos/clbot): Add ability to post in multiple channelsVincent Ambo2-13/+41
Adds the ability to post to multiple channels by simply running multiple instances of clbot. We should probably implement support for this in clbot itself, but right now I can't be bothered to write Go. Change-Id: I5cffd0dc10a7f6cc19c37c5834c5610166b4ae23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1771 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-14 r/1651 feat(whitby): enable programs.mosh.multi1-0/+1
Change-Id: Ibc8df6f6382b5b64e272bedece6b65762f9693c9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1750 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-08-13 r/1643 fix(whitby): disable sshd(8) password authentication.multi1-1/+5
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-08-09 r/1629 feat(whitby): add multimulti1-0/+6
Change-Id: Ibfc2a5fcf73099b8414b8c46958007374d14fd0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1701 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-09 r/1625 feat(tvl-slapd): add multimulti1-0/+5
Change-Id: I2fec9b5dd92da0343426c4a129d882fa87d92e6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1699 Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: eta <eta@theta.eu.org> Reviewed-by: edef <edef@edef.eu> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-08-06 r/1606 fix(whitby): Increase nrBuildUsers to 128Vincent Ambo1-0/+1
Change-Id: I3a444e163745d17d10f923c0be7565840937c53a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1662 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 r/1605 fix(whitby): I'm a trusted user, owoVincent Ambo1-0/+1
Change-Id: I2666b3cf8bdefcb5d4caeddf191dc65f6a8cb05f Reviewed-on: https://cl.tvl.fyi/c/depot/+/1661 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-05 r/1602 chore(whitby): add edefedef1-0/+6
Change-Id: I7265259bc87594bd481c7bd455187c09b1effd1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/1650 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-03 r/1562 chore(tvl-slapd): refresh edef's passwordedef1-1/+1
Change-Id: I5a7a913656bfb9dd6c9fb4e2b4a1212607c50dd3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1592 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-08-01 r/1533 fix(whitby): Move Restic's cache into /var/backup/resticVincent Ambo1-0/+1
It tries to write this to ~/.cache otherwise, which worked for the git user but does not work for root (??) Change-Id: I02d04da7d8e2b8782ce70bc72bce0b90c3961aa0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1546 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1532 fix(whitby): Make timer unit match the unit it should startVincent Ambo1-1/+1
Oversight in the previous CL. Change-Id: I8767322d7d860fc410796f8d63b7a6c38a8ab447 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1545 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1531 feat(whitby): Include PostgreSQL dumps in Restic backupsVincent Ambo1-7/+6
Changes the restic backup service to run as root, rather than git, and include the PostgreSQL dumps in its scope. The on-machine credentials have already been placed in the right location in /var/backup/restic Fixes: 27 Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541 Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-08-01 r/1523 feat(whitby): Enable daily PostgreSQL backupsVincent Ambo1-0/+7
... daily is just the default cron pattern for this, but we might also want this to happen more frequently. Not sure yet. Change-Id: I4e433fefebd93488891e765b5842fdb6537e3c6d Reviewed-on: https://cl.tvl.fyi/c/depot/+/1518 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-01 r/1518 fix(ops/paroxysm): Ensure paroxysm is started on bootVincent Ambo1-0/+1
Change-Id: Iba6557cbf4e0001277bd996df59318b4308fc92e Reviewed-on: https://cl.tvl.fyi/c/depot/+/1510 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-31 r/1513 feat(ops/nixos): Add module for running paroxysm on whitbyVincent Ambo2-0/+29
Change-Id: I415e3b046d4e0fcd7e800ddab0c7f1aeb639c5e2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1502 Tested-by: BuildkiteCI Reviewed-by: eta <eta@theta.eu.org>
2020-07-29 r/1505 refactor(web/panettone): Remove prevalenceGriffin Smith1-2/+0
Now that we've migrated over all the data to postgresql, we can get rid of cl-prevalence as a dependency from Panettone along with all code that mentions it. Change-Id: I945f50a88fea5770aac5b4a058342b8269c0bea2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1495 Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-28 r/1502 feat(ops/nixos): Use database password for PanettoneGriffin Smith2-6/+18
It appears this didn't even *work* without a password, so we've been forced into being more secure. Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 r/1500 fix(ops/nixos): allow connections on hostnosslGriffin Smith1-0/+1
This is how panettone is currently connecting, so this needs to be here in order for it to work. Shortly I'll update all of this to use passwords, but for now this gets things up and running again Change-Id: If87f4dbce0800dcbc4f7bf10e88f3e591410b416 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1488 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-27 r/1494 feat(whitby): Create a Postgres database for PanettoneGriffin Smith2-1/+70
Create a running Postgres database server along with a user and database for Panettone, and pass configuration for it to the panettone module Change-Id: I333994288131be328e62069382d6d40f8034c400 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-27 r/1490 chore(monorepo-gerrit): add Checks plugin to Gerrit moduleLuke Granger-Brown1-0/+1
This adds the Gerrit checks plugin. Hooray. Change-Id: I784e9728256d1665b85b666d58bc0308bd6614ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/1463 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-25 r/1476 chore(whitby): add rxvt-unicode's terminfoLuke Granger-Brown1-0/+1
Otherwise I have to set TERM to something else so that I can actually use the machine when I'm booted into Linux and it's incredibly tedious and I hate it. Change-Id: Icfb5aacfea8cd6227743d29d9b07dc1b745d22c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1435 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-25 r/1475 chore(monorepo-gerrit): enable attention set, disable assignee, disable ↵Luke Granger-Brown1-4/+3
polygerrit CDN Change-Id: I66c09afc0813e032a1b5a04cbdbe4b95db2e97d7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1438 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-07-23 r/1440 feat(tvl-slapd): add implrBartosz Stebel1-0/+5
Change-Id: I7d22bf61ac72e86a17035d6125055da8aa53d762 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1387 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-23 r/1439 feat(ops/nixos): Deploy Panettone to WhitbyGriffin Smith3-2/+64
Deploy Panettone to whitby as a systemd service, proxied to from an nginx virtual host listening at b.tvl.fyi Change-Id: I69755566151a45120e6b3453751af0e9291fa241 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 r/1432 fix(whitby): Use fish shell as my default shellVincent Ambo1-0/+1
I don't have time for bash's history. Change-Id: I741107d33f09999ef43a7609079ad926e8127e69 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 r/1431 feat(whitby): Add SSH key for qylissVincent Ambo1-0/+6
... also bootstraps her user directory to store the key in. Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361 Tested-by: BuildkiteCI Reviewed-by: Alyssa Ross <hi@alyssa.is>
2020-07-23 r/1430 chore(whitby): Move isomer's SSH key to user directoryVincent Ambo1-3/+1
This is inline with how other user keys are managed. Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-19 r/1405 feat(whitby): Deploy todo.tvl.fyi page with //web/todolistVincent Ambo2-0/+25
Note that this is not yet updated automatically, so the page will be stale until somebody rebuilds whitby. Change-Id: I91f4b03c9309aed289df055fac292a214dca7668 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297 Reviewed-by: Alyssa Ross <hi@alyssa.is> Tested-by: BuildkiteCI
2020-07-18 r/1385 chore(whitby): add rikingKane York1-0/+6
Change-Id: I33cc1324eac9a13be56d296d09cfdbe066d90e13 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1256 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-07-18 r/1375 chore(tvl-slapd): add display name for qylissAlyssa Ross1-0/+1
Not having this set led to gerrit setting the committer to "qyliss <hi@alyssa.is>", which is wrong. Change-Id: I3fe02264e22dd6d739575b34ceb1221d1d6a9d98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1267 Tested-by: BuildkiteCI Reviewed-by: qyliss <hi@alyssa.is>
2020-07-18 r/1374 chore(tvl-slapd): change display name to a username-likeKane York1-1/+1
Change-Id: I289400de6638844586a32a729333cb65a0dca4a0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1254 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-07-17 r/1364 feat(tvl-slapd): add qylissAlyssa Ross1-0/+5
Change-Id: Ia95c77be8a9c123f2e52174f76c4b01d44272191 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1260 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-17 r/1363 feat(whitby): Hardcode Google DNS serversVincent Ambo1-2/+18
The Hetzner DNS servers were unhappy after today's Cloudflare outage, and that broke some of our builds - this wouldn't have happened with Google DNS! Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 r/1347 chore(whitby): += Isomerisomer1-0/+8
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142 Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1268 feat(whitby): Configure Gerrit backups on whitbyVincent Ambo1-0/+22
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1267 chore(whitby): Give the git user a home directoryVincent Ambo1-0/+2
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1265 fix(www/base): Add nginx fix timerVincent Ambo1-1/+23
Change-Id: Iec66fea0f3991ba74aede3911ea9f6ae5adb0188 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1082 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1264 feat(whitby): Enable Gerrit & cgit deploymentsVincent Ambo3-1/+67
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1262 feat(whitby): Enable SourceGraph serverVincent Ambo2-1/+36
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1261 chore(sourcegraph): Bump version to 3.17.3Vincent Ambo1-1/+1
Change-Id: I6bc25d039cbe497bc9aa8784ac2f95219b5c617c Reviewed-on: https://cl.tvl.fyi/c/depot/+/1066 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1260 feat(nixos/sourcegraph): Move cheddar server to module & make ports configurableVincent Ambo1-6/+30
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1259 feat(nixos/www): Add configuration for tvl.fyi homepageVincent Ambo2-0/+31
... and enable it on whitby Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1257 feat(whitby): Move over clbot deployment from camdenVincent Ambo1-0/+22
There is only one minor configuration change: CLBot now connects to cl.tvl.fyi, instead of localhost, because Gerrit is still on camden. Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>