about summary refs log tree commit diff
path: root/ops/pipelines (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2022-01-07 r/3524 revert: "fix(ops/pipelines): Remove duplicated wait step"tazjin1-0/+4
This reverts commit 5e036ed9fc579d14353eb7da4af4b426c99f96e6. Reason for revert: This introduced a logic error since the remaining step runs at the wrong point in the pipeline. Temporarily reverting to having duplicated waits in order to clean up later. Change-Id: Ifa6ece50dd22924f02efd7b790a5863ca1189af7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4841 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-01-07 r/3523 fix(tazjin/emacs): comment out tdlibCheck while telega is brokenVincent Ambo1-1/+3
telega.el currently throws errors related to some broken internal logic about media codecs, which breaks this check in CI. Change-Id: I8518977dba801dec90b966c84771ff0f59dcbb3d Reviewed-on: https://cl.tvl.fyi/c/depot/+/4824 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-06 r/3522 feat(tvix): set up a simple command line parser for nix-storeProfpatsch3-2/+347
We are going to have a 1:1 drop-in replacement for the old-style nix tools, and this starts implementing the cli parser part. The first step is to have a simple integration test suite that can verify that we match the nix CLI. clap is a super complicated parsing library, but looking through the rest they are either too opinioated to be of use for us, or depend on clap as implementation. Change-Id: I4cf6051f3a4f782c3242fd0d2b9eab3fbe33d8ad Reviewed-on: https://cl.tvl.fyi/c/depot/+/4756 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: Profpatsch <mail@profpatsch.de>
2022-01-06 r/3521 feat(tvix): set up cargo rust projectProfpatsch9-0/+56
First steps for baba Change-Id: Id6a68c5630cb85f280f4dcc7b2acf10c02454fd6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4732 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-05 r/3520 chore(3p/lisp): remove unused lisp packagesVincent Ambo4-110/+0
Change-Id: Id259341e251170c1caeeab5c9fcb6fbd973372f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4816 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-04 r/3519 chore(3p/overlays/emacs): 2021-12-07 -> 2022-01-04sterni1-3/+3
Change-Id: Ib2cbb2f531488e4e86d63e94b163864924c9189f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4783 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-04 r/3518 feat(ops): Add initial oauth2_proxy configurationVincent Ambo4-0/+58
The intent is to configure oauth2_proxy pointing at Keycloak to enable usage with nginx auth_request directives. I want to expose this as a function from within the module in which nginx server configuration blocks can be wrapped, but the function for that is currently a placeholder. Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3517 chore(ops): Remove login.tvl.fyi moduleVincent Ambo2-25/+0
It looks like we won't need this for oauth2_proxy when combined with nginx auth_request setups. Change-Id: I2294aee6226b4f64a27bf6592c2d18092d0268cc Reviewed-on: https://cl.tvl.fyi/c/depot/+/4766 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3516 fix(emacs-pkgs/nix-util): Fix nix/sly-from-depot functionVincent Ambo1-6/+4
A formatting error broke this at some point (the let clauses were outside of the definition list). Change-Id: Iaa2dc9ad02d2f7e909ca9bf28705e782ad26060b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4765 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 r/3515 feat(grfn/home): Use mold as rust linkerGriffin Smith1-0/+4
This is *way* faster, as advertised Change-Id: Iad452dc3b3b768331d7de0421f768f82e9b76a60 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4785 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2022-01-04 r/3514 fix: address warnings for renamed security.acme.email optionsterni2-2/+2
Can no longer be null and has been renamed to security.acme.defaults.email: https://github.com/nixos/nixpkgs/commit/377c6bcefce8e8ccd471892a1b24621d5a909457 Change-Id: Icac9506185da176365369ed3c7db3c71ffc90b1b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4784 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
2022-01-03 r/3513 chore(3p): bump NixOS channels to 2022-01-02sterni1-6/+6
Change-Id: Ie6882b17380388e20c8d1e9406279c96283b936f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4757 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-02 r/3512 fix(ops/pipelines): Realise anchor derivation for rootingVincent Ambo2-4/+4
Turns the anchor derivation into something that can actually be built (a call creating a propagated build inputs file), and builds it. This should fix the anchoring logic we have on canon. Change-Id: If6a7662b82e2e396388980f65e332cf67a45b46e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4763 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-02 r/3511 refactor(ops/keycloak): Split out clients & user-sourcesVincent Ambo3-106/+113
Without some kind of physical organisation it's a little difficult to understand whether things are going "in" (supplying users to Keycloak) or "out" (getting auth/user info from Keycloak). Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-01-02 r/3510 fix(ops/pipelines): Remove duplicated wait stepVincent Ambo1-4/+0
This now happens in //nix/buildkite instead Change-Id: Ie9e239ee4f28ac34aa4d3279dac55d70a2cb9d86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4764 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-01 r/3509 refactor(modules/smtprelay): Load credentials via agenixVincent Ambo2-7/+15
Change-Id: I56f6887e1fd35551cfc83ad08cafebb611f4a341 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4760 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
2022-01-01 r/3508 feat(ops/secrets): Add smtprelay credentialsVincent Ambo2-0/+15
Change-Id: I489e611a3fb19b4a374a563aa1afd81a130b2e7f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4759 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <mail@tazj.in>
2022-01-01 r/3507 chore(web/atward): Bump all dependenciesVincent Ambo2-477/+115
Change-Id: I4a79204e50cf519dce729e5c86bc397b82715008 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4758 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-01 r/3506 feat(3p/smtprelay): ed1c3a9 -> 1.7.0sterni1-5/+6
Change-Id: Ieac5bb499a9c3281ed8b9de8cf4551e5eea6f2b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4761 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-12-30 r/3505 refactor(zseri/s-r-sc): use inner while loop to improve perfzseri1-8/+9
Change-Id: I13e95b91351af33c2452f1c4de45cc47aeae1dc0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4745 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de>
2021-12-30 r/3504 feat(zseri/s-r-sc): tune fuzzer release profilezseri1-0/+5
Change-Id: I85b0066574b45490d61ed1edf29587689ba63c6d Reviewed-on: https://cl.tvl.fyi/c/depot/+/4744 Reviewed-by: zseri <zseri.devel@ytrizja.de> Autosubmit: zseri <zseri.devel@ytrizja.de> Tested-by: BuildkiteCI
2021-12-30 r/3503 feat(grfn/bbbg): Filter signup form by rsvpd attendingGriffin Smith1-17/+20
Change-Id: Icf40fb125cc3fe9e1c70de2ac253d70349a213d2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4743 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-12-30 r/3502 feat(grfn/bbbg): Add "RSVP" column to event attendeesGriffin Smith1-1/+11
Also sort, first by rsvp, then by signed in, then by last check, then by name Change-Id: I15d2e4a5693290d9c1cfd09196982e7a6957a138 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4742 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-12-29 r/3501 feat(wpcarro/scratch): Upload my solutions to cryptopalsWilliam Carroll6-0/+409
More beginner problems/solutions for CTF-style challenges. Change-Id: Ide229e99e3ccc1ede5a5ca1c2ad039498e49ea4c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4740 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-29 r/3500 feat(wpcarro/scratch): Upload my solutions to picoCTF challengesWilliam Carroll9-0/+107
Just getting my feet wet... Change-Id: Ia1db0c69fe7d5ea5cb5585853d0688ef97f2680a Reviewed-on: https://cl.tvl.fyi/c/depot/+/4739 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-29 r/3499 feat(wpcarro/terraform): Attach 100GB external disk to VMWilliam Carroll1-0/+11
I'm mimmicking the setup of diogenes-1 until I switch everything over to the terraform-defined diogenes. Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de> Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 r/3498 feat(wpcarro/terraform): Support SSHWilliam Carroll1-5/+8
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn for the pointers. Problem: When I originally setup my Google VM, I followed this tutorial, https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing `nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l gs://nixos-images`). Critically, I missed this important footnote: > NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and > will instead need to be found at > <nixpkgs/nixos/modules/virtualisation/gce-images.nix>. It turns out that *newer* images include this script... https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash ...which reads the key, "sshKeys", from the Google metadata server and copies the value into /root/.ssh/authorized_keys. To make matters a bit misleading, the NixOS script expects the key to be "sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both versions appear in this commit). TL;DR: - upgrading to a newer NixOS image - adding an empty access_config block so Google will assign my VM an external IP - removing oslogin