Age | Commit message (Collapse) | Author | Files | Lines |
|
This reverts commit 5e036ed9fc579d14353eb7da4af4b426c99f96e6.
Reason for revert: This introduced a logic error since the remaining
step runs at the wrong point in the pipeline. Temporarily reverting to
having duplicated waits in order to clean up later.
Change-Id: Ifa6ece50dd22924f02efd7b790a5863ca1189af7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4841
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
|
|
telega.el currently throws errors related to some broken internal
logic about media codecs, which breaks this check in CI.
Change-Id: I8518977dba801dec90b966c84771ff0f59dcbb3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4824
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
We are going to have a 1:1 drop-in replacement for the old-style nix
tools, and this starts implementing the cli parser part.
The first step is to have a simple integration test suite that can
verify that we match the nix CLI.
clap is a super complicated parsing library, but looking through the
rest they are either too opinioated to be of use for us, or depend on
clap as implementation.
Change-Id: I4cf6051f3a4f782c3242fd0d2b9eab3fbe33d8ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4756
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: Profpatsch <mail@profpatsch.de>
|
|
First steps for baba
Change-Id: Id6a68c5630cb85f280f4dcc7b2acf10c02454fd6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4732
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Id259341e251170c1caeeab5c9fcb6fbd973372f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4816
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ib2cbb2f531488e4e86d63e94b163864924c9189f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4783
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
The intent is to configure oauth2_proxy pointing at Keycloak to enable
usage with nginx auth_request directives.
I want to expose this as a function from within the module in which
nginx server configuration blocks can be wrapped, but the function for
that is currently a placeholder.
Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
It looks like we won't need this for oauth2_proxy when combined with
nginx auth_request setups.
Change-Id: I2294aee6226b4f64a27bf6592c2d18092d0268cc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4766
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
A formatting error broke this at some point (the let clauses were
outside of the definition list).
Change-Id: Iaa2dc9ad02d2f7e909ca9bf28705e782ad26060b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4765
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This is *way* faster, as advertised
Change-Id: Iad452dc3b3b768331d7de0421f768f82e9b76a60
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4785
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Can no longer be null and has been renamed to security.acme.defaults.email:
https://github.com/nixos/nixpkgs/commit/377c6bcefce8e8ccd471892a1b24621d5a909457
Change-Id: Icac9506185da176365369ed3c7db3c71ffc90b1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4784
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ie6882b17380388e20c8d1e9406279c96283b936f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4757
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Turns the anchor derivation into something that can actually be
built (a call creating a propagated build inputs file), and builds it.
This should fix the anchoring logic we have on canon.
Change-Id: If6a7662b82e2e396388980f65e332cf67a45b46e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4763
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Without some kind of physical organisation it's a little difficult to
understand whether things are going "in" (supplying users to Keycloak)
or "out" (getting auth/user info from Keycloak).
Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
This now happens in //nix/buildkite instead
Change-Id: Ie9e239ee4f28ac34aa4d3279dac55d70a2cb9d86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4764
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I56f6887e1fd35551cfc83ad08cafebb611f4a341
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4760
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
|
|
Change-Id: I489e611a3fb19b4a374a563aa1afd81a130b2e7f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4759
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <mail@tazj.in>
|
|
Change-Id: I4a79204e50cf519dce729e5c86bc397b82715008
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4758
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ieac5bb499a9c3281ed8b9de8cf4551e5eea6f2b7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4761
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I13e95b91351af33c2452f1c4de45cc47aeae1dc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4745
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
|
|
Change-Id: I85b0066574b45490d61ed1edf29587689ba63c6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4744
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: zseri <zseri.devel@ytrizja.de>
Tested-by: BuildkiteCI
|
|
Change-Id: Icf40fb125cc3fe9e1c70de2ac253d70349a213d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4743
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Also sort, first by rsvp, then by signed in, then by last check, then by
name
Change-Id: I15d2e4a5693290d9c1cfd09196982e7a6957a138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4742
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
More beginner problems/solutions for CTF-style challenges.
Change-Id: Ide229e99e3ccc1ede5a5ca1c2ad039498e49ea4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4740
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Just getting my feet wet...
Change-Id: Ia1db0c69fe7d5ea5cb5585853d0688ef97f2680a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4739
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
I'm mimmicking the setup of diogenes-1 until I switch everything over to the
terraform-defined diogenes.
Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn
for the pointers.
Problem: When I originally setup my Google VM, I followed this tutorial,
https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing
`nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l
gs://nixos-images`). Critically, I missed this important footnote:
> NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and
> will instead need to be found at
> <nixpkgs/nixos/modules/virtualisation/gce-images.nix>.
It turns out that *newer* images include this script...
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash
...which reads the key, "sshKeys", from the Google metadata server and copies
the value into /root/.ssh/authorized_keys.
To make matters a bit misleading, the NixOS script expects the key to be
"sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both
versions appear in this commit).
TL;DR:
- upgrading to a newer NixOS image
- adding an empty access_config block so Google will assign my VM an external IP
- removing oslogin |