about summary refs log tree commit diff
path: root/ops/nixos
AgeCommit message (Collapse)AuthorFilesLines
2020-06-13 r/927 chore(monorepo-gerrit): Point SMTP configuration at smtprelayVincent Ambo1-5/+4
Change-Id: I33085974fb3764f8a6df7f16245b2f5602f94118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/102 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 r/926 feat(tvl-slapd): Add nyanotech to slapd, sort the listnyanotech1-19/+28
Change-Id: I9ffd2fb3b9ae3f6c8c381f496769eb8977caadeb Reviewed-on: https://cl.tvl.fyi/c/depot/+/124 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-13 r/924 feat(nixos/smtprelay): Add derivation & module for SMTP relayVincent Ambo2-0/+64
This adds a little tool that can be used to relay mail to Gmail (and other SMTP servers). It is intended to be used by Gerrit, which is incompatible with Gmail's SMTP servers. Configuration has been tested by performing a few sends through the tvlbot@tazj.in account. Note that this is using the standard Gmail SMTP server. Using the smtp-relay server relies on IP whitelisting, but camden.tazj.in has a larger number of IPv6 addresses than can be whitelisted (the maximum is 65k). This means that we are limited to 2000 mails per recipient per day, which should be fine. Change-Id: Ie43564d753030f5c800a9cdb4ae98292877d80dc Reviewed-on: https://cl.tvl.fyi/c/depot/+/101 Reviewed-by: edef <edef@edef.eu>
2020-06-12 r/923 feat(monorepo-gerrit): Configure outbound emails for reviewsVincent Ambo1-0/+19
Configures Gerrit send emails from tvlbot@tazj.in for outgoing review notifications. Emails are always plain-text and can contain diffs (up to a maximum size of 256KiB). The configuration options for this are documented at: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#sendemail Note: The password for this user is stored on the host, in a file that is not part of version-control and is only readable by the 'git' user. We should probably figure out a way to do secrets management ... Change-Id: I2f99b34b1a774c28d814b0aba1f1b78fd512854e Reviewed-on: https://cl.tvl.fyi/c/depot/+/92 Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-12 r/920 feat(camden): Move hound to cs.tvl.fyiVincent Ambo1-13/+22
The old host at cs.tazj.in now redirects there, and I've added a helper function for creating these redirections. Change-Id: I66794d752df46c8e795e47aedfaffd8c27c45627 Reviewed-on: https://cl.tvl.fyi/c/depot/+/89 Reviewed-by: riking <rikingcoding@gmail.com> Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 r/919 fix(camden): addSSL -> forceSSL for all pagesVincent Ambo1-4/+4
Change-Id: I451d1bc1a21d4ff25c0c70c963cf17bb924961db Reviewed-on: https://cl.tvl.fyi/c/depot/+/84 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 r/918 chore(ops/nixos/modules): Add edef to slapdedef1-0/+9
Change-Id: I063a09cdc3bb81397a44f7356f1c11ebd715f74f Reviewed-on: https://cl.tvl.fyi/c/depot/+/88 Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 r/917 feat(camden): add /irc/ shortlinkKane York1-0/+2
Change-Id: If17c758c323aaf00fdf26ddfafaea10acbf1453e Reviewed-on: https://cl.tvl.fyi/c/depot/+/70 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-12 r/916 feat(camden): Move cgit to code.tvl.fyiVincent Ambo2-5/+14
Moves the host at which cgit is served to 'code.tvl.fyi'. Also updates related projects that link to this, most importantly: * Hound's & Gerrit's cgit link bases have been updated * besadii is updated to request CI builds for the new location Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/71 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 r/915 chore(ops/nixos/modules): Add q3k to slapdSergiusz Bazanski1-0/+9
Change-Id: I083bc4e9283a882e97a6b9098d6a126ca7bb0a93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/68 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-11 r/914 chore(nixos/camden): Point hound at the depot on gerritVincent Ambo1-1/+1
Change-Id: I19cbffae75017ceefbc19397c54156eb348eda27 Reviewed-on: https://cl.tvl.fyi/c/depot/+/65 Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-11 r/912 chore(nixos/frog): Move frog to nixos-unstableVincent Ambo1-7/+2
There are no remaining traces of Emacs breakage in unstable - as far as I can tell. Change-Id: I06c5d78aa3ff9c0cc00c62e6d6966c5079fb3b24 Reviewed-on: https://cl.tvl.fyi/c/depot/+/63 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/910 feat(nixos/frog): Enable lieer sync for mail@tazj.inVincent Ambo1-0/+20
Change-Id: I38a338143d57d5f49532d200910f9406fa49f535 Reviewed-on: https://cl.tvl.fyi/c/depot/+/61 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/909 feat(monorepo-gerrit): link to git.tazj.in as source browserLuke Granger-Brown1-0/+14
Change-Id: Ia31389a958c1927b63dfebb7c2ed2054177410b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/23 Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 r/907 fix(monorepo-gerrit): Disable 'DynamicUser' feature for GerritVincent Ambo1-0/+13
This change makes Gerrit run as the 'git' user, which can be shared by other services such as hound or cgit to access the git trees. Change-Id: Ic6c91f3e852184f5ef21f4374738cbf687462194 Reviewed-on: https://cl.tvl.fyi/c/depot/+/21 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: isomer <isomer@tvl.in>
2020-06-11 r/906 fix(monorepo-gerrit): Extract SSH username from LDAP correctlyVincent Ambo2-2/+3
2020-06-11 r/905 feat(tvl-slapd): Add lukegb's user accountVincent Ambo1-0/+9
2020-06-11 r/904 fix(monorepo-gerrit): Configure nginx reverse proxy correctlyVincent Ambo2-3/+9
Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
2020-06-11 r/903 feat(ops/nixos/modules): Add myself.Perry Lorier1-6/+15
Also alphabetise
2020-06-11 r/902 chore(ops/nixos/modules): Add riking to slapdKane York2-0/+14
2020-06-11 r/901 fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timerVincent Ambo1-1/+1
2020-06-11 r/899 feat(monorepo-gerrit): Configure Gerrit for LDAP authenticationVincent Ambo1-0/+15
2020-06-11 r/898 feat(ops/nixos/modules): Add TVL slapd moduleVincent Ambo3-0/+60
This initialises an OpenLDAP server for tvl.fyi This is the least annoying way to bootstrap Gerrit. Yep.
2020-06-11 r/897 feat(ops/nixos): Add module for configuring Gerrit for the repoVincent Ambo2-1/+35
2020-06-11 r/896 chore(ops/nixos/camden): Move camden back to nixos-unstableVincent Ambo1-1/+1
2020-06-11 r/892 feat(nixos/frog): Enable settings required for hardware supportVincent Ambo1-2/+7
... also updates to the latest kernel (this is 5.4 -> 5.6 atm)
2020-06-11 r/891 fix(nixos/frog): Use correct label for LUKS deviceVincent Ambo1-1/+1
2020-06-11 r/890 feat(ops/nixos): Initial NixOS configuration for frogVincent Ambo3-0/+240
This is mostly based on the nugget configuration, because frog replaces nugget.
2020-06-07 r/885 feat(ops/nixos/camden): Link to the TVL monorepo docVincent Ambo1-0/+2
2020-05-31 r/874 feat(ops/nixos/nugget): Install zoxideVincent Ambo1-1/+7
2020-05-26 r/858 feat(ops/nixos/camden): Index nixpkgs in houndVincent Ambo1-0/+8
There is a local nixpkgs clone at /var/git/nixpkgs which must be manually set to have 'master' point at the desired ref (hound only supports master).
2020-05-26 r/855 feat(ops/nixos/camden): Set up hound at cs.tazj.inVincent Ambo1-2/+30
2020-05-26 r/854 feat(ops/nixos): Add a module for houndVincent Ambo1-0/+62
This module sets up hound, a generic code search engine.
2020-05-26 r/853 ffeat(ops/nixos): Add a dummy to make depot available in modulesVincent Ambo2-0/+21
Because modules are not called via the default depot setup (for now ...), this introduces a dummy module that stores the depot tree itself in the module configurations. This makes it possible to write modules that use packages from the depot.
2020-05-24 r/837 feat(ops/nixos/nugget): Add sysctl setting necessary for perfVincent Ambo1-0/+4
2020-05-24 r/836 feat(ops/nixos/nugget): Install perf toolVincent Ambo1-0/+1
2020-05-23 r/830 feat(ops/nixos/nugget): Install rr and hyperfineVincent Ambo1-0/+2
2020-05-22 r/814 fix(ops/nixos): Pin systems to stable channelVincent Ambo2-2/+2
NixOS unstable has some software I want when building things, but it's also broken. This pins systems to the stable channel for now.
2020-05-22 r/810 chore: Update from Clang 9 to Clang 10 for all projectsVincent Ambo1-1/+1
2020-05-22 r/809 chore(ops/nixos/nugget): Increase user RuntimeDirectory size to 4GBVincent Ambo1-0/+5
clangd needs more space to run successfully on the Nix repository.
2020-05-22 r/807 chore(ops/nixos/nugget): Use upstream Chromium againVincent Ambo1-1/+1
Ostensibly there is also a new way to enable VAAPI, need to look into that.
2020-05-21 r/798 chore(ops/nixos/nugget): Enable fstrim serviceVincent Ambo1-0/+3
2020-05-17 r/746 feat(ops/nixos/nugget): Replace system-nix with meson-built oneVincent Ambo1-0/+1
What could possibly go wrong.
2020-05-17 r/722 feat(ops/nixos/nugget): Install meson build systemVincent Ambo1-0/+1
2020-05-11 r/711 feat(ops/nixos/camden): add /meet/ redirect to tvl.fyiLuke Granger-Brown1-0/+2
I'm too lazy to keep going to the website to click the button and also too lazy to add my own redirect. Add one to tvl.fyi.
2020-04-26 r/696 feat(ops/nixos/nugget): Enable SSH agent on nuggetVincent Ambo1-0/+1
2020-04-26 r/695 feat(ops/nixos/camden): Enable SSH agent authVincent Ambo1-0/+3
2020-04-26 r/694 feat(ops/nixos/nugget): Install idualctlVincent Ambo1-0/+1
2020-04-26 r/693 fix(ops/nixos/camden): Use new //fun/idual CLI structureVincent Ambo1-1/+2
2020-04-26 r/690 feat(ops/nixos/camden): Disable camden firewallVincent Ambo1-1/+1
The local network is considered trusted and ingress from the outside world is now handled by the Edgerouter.