depot - monorepo for the virus lounge

Age	Commit message (Collapse)	Author	Files	Lines
2023-11-27	r/7078 chore(ops): move from gerrit-queue to gerrit-autosubmit	Vincent Ambo	1	-1/+1
	Enables the new autosubmit bot, albeit without rebase functionality (this will be a separate change). Change-Id: Ia42a4f08c0edca5e6cc8bf4770ec24dbf16a5db7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10132 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-07-01	r/6383 chore(ops/secrets): drop oauth2_proxy.age	Florian Klink	1	-1/+0
	This was already removed from whitby a while ago, no reason to keep this secret. Change-Id: I4742dd0138a3eff91325c94e44e64b72c644ee3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/8915 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2023-02-01	r/5810 feat(ops/secrets): add flokli to terraform secrets access	Vincent Ambo	1	-3/+5
	Change-Id: I9ede20028560f2da0fef89dfe431609c21bda51c Reviewed-on: https://cl.tvl.fyi/c/depot/+/8005 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-02-01	r/5808 feat(ops/secrets): add key for flokli	Florian Klink	1	-0/+3
	Change-Id: I52299b39d1d68ee1b700b631f70ef809af682e26 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8004 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-27	r/5504 feat(ops/secrets): add secret for IMAP to depot@tvl.su	Vincent Ambo	1	-0/+2
	Change-Id: If3b3981e5d68ceba2bcc85ed0ad9cc0b46148b74 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7629 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-07-03	r/4273 feat(ops/secrets): add private key for depot git replication	Vincent Ambo	1	-1/+2
	Change-Id: Iaf86d1fe635be8fbd9bc8a397999a2cffcc21606 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5914 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06	r/4211 feat(ops/secrets): Add Buildkite API token for Terraform	Vincent Ambo	1	-0/+1
	Change-Id: I0930f4fb34015ddcaa791b07e4d5d87d069d2b0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5837 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25	r/4117 feat(ops/secrets): Add private SSH key for Buildkite agent(s)	Vincent Ambo	1	-0/+1
	The public key is: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME13zAw3Fk6qsbWCe6mH2zkxOJ+NmG+FwMjLw00mcWt buildkite@tvl Change-Id: Ia8591e5df42727e4068f26865d83d0af85424fde Reviewed-on: https://cl.tvl.fyi/c/depot/+/5664 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-17	r/4092 chore(ops/secrets): add key for tazjin/zamalek	Vincent Ambo	1	-0/+3
	Change-Id: Ieb2fe49a67940d7cfbd261edbe10d0a8577a466d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5628 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-17	r/3841 feat(ops/secrets): Add journaldriver key	Vincent Ambo	1	-20/+23
	This changes the structure of secrets.nix a bit to split between secrets for whitby, and secrets for all TVL machines. Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-01-31	r/3723 style: format entire depot with nixpkgs-fmt	Vincent Ambo	1	-1/+2
	This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-29	r/3714 feat(ops/secrets): Add secret for telegram alerts bot token	Griffin Smith	1	-0/+1
	This isn't actually used by anything that would use agenix, but this seems like a vaguely sensible way of sharing the token with other people regardless. Anyone who finds this commit and wants to be added to the telegram channel where the alerts go, lmk. Change-Id: I06d6ed2d4bec099cbf68ede8fd00a5e6f4e7bc60 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5124 Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-01-04	r/3518 feat(ops): Add initial oauth2_proxy configuration	Vincent Ambo	1	-0/+1
	The intent is to configure oauth2_proxy pointing at Keycloak to enable usage with nginx auth_request directives. I want to expose this as a function from within the module in which nginx server configuration blocks can be wrapped, but the function for that is currently a placeholder. Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-01-01	r/3508 feat(ops/secrets): Add smtprelay credentials	Vincent Ambo	1	-0/+1
	Change-Id: I489e611a3fb19b4a374a563aa1afd81a130b2e7f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4759 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <mail@tazj.in>
2021-12-27	r/3474 feat(ops/secrets): Import secrets for tf-glesys	Vincent Ambo	1	-0/+1
	Adds the secrets and some instructions for deploying the GleSYS Terraform infrastructure. Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27	r/3470 feat(ops/secrets): Add tf-keycloak secrets file	Vincent Ambo	1	-0/+1
	This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-25	r/3402 refactor(ops/whitby): Move Gerrit secrets into agenix	Vincent Ambo	1	-0/+1
	Gerrit has OAuth2 and email related secrets which now live in agenix instead of a random file on disk. Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-25	r/3401 feat(whitby): Configure initial Keycloak setup	Vincent Ambo	1	-0/+1
	Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-11	r/3207 feat(ops/secrets): add keys for sterni	sterni	1	-1/+5
	Change-Id: Idf13f7737dd51e74e87093e07cdf22ad24407944
2021-12-10	r/3203 refactor(ops): Move panettone secrets to agenix	Vincent Ambo	1	-0/+1
	Relates to b/161 Change-Id: I508e5a0eacab668f4bd39a2c888d894b96bed093
2021-12-10	r/3199 refactor(ops): Move Nix cache secret to agenix	Vincent Ambo	1	-0/+2
	... and also the public key, just to keep the distribution mechanism the same. Change-Id: Ief14daf9344c0fb99eeb5789c1ec9bfb1f12bee0
2021-12-10	r/3198 refactor(ops): Use besadii configuration from agenix	Vincent Ambo	1	-0/+1
	We already checked this in, but this commit adds the configuration for making use of it. There are two copies of besadii's JSON configuration with different permissions. Note that the buildkite-graphql-token path needs to be updated in static-pipeline.yml, but this needs to happen in a separate commit after deploy because the pipeline will break otherwise. Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
2021-12-10	r/3197 refactor(ops): Move grafana secret into agenix	Vincent Ambo	1	-0/+1
	Change-Id: Id141758135c796881e91d20b950dae74c40d9ab3
2021-12-10	r/3187 feat(ops/secrets): Add key for grfn	Griffin Smith	1	-1/+5
	Change-Id: I8063ae804932e3815e9a499e0206806818b9b021
2021-12-10	r/3184 refactor(ops): Move irccat secret into agenix	Vincent Ambo	1	-1/+2
	The irccat module uses DynamicUser, so to grant permission to it a new group has been added for irccat. I have some vague memory of DynamicUser + Group not behaving as one would expect, but we'll see what happens. Change-Id: Iab9f6a3f1a53c4133b635458ce173250cc9a3fac
2021-12-10	r/3183 refactor(ops): Move clbot SSH key into agenix	Vincent Ambo	1	-0/+1
	Change-Id: Iae03ead7dda0509689a76f0d76f9cfeb8434e967
2021-12-10	r/3176 refactor(ops): Move buildkite-agent-token into agenix	Vincent Ambo	1	-0/+1
	Relates to b/161 Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
2021-12-10	r/3175 refactor(ops): Move owothia secret into agenix	Vincent Ambo	1	-1/+2
	Relates to b/161 Change-Id: I25445281b0dd3c3f3660f8bb0d8337506a1e427b
2021-12-10	r/3174 refactor(ops): Move clbot secret into agenix	Vincent Ambo	1	-0/+1
	Relates to b/161 Change-Id: I7badf22ff93bb4e8b06e4dd4a8bf880b0bd48f09
2021-12-10	r/3173 feat(ops/secrets): Configure secrets for gerrit-queue	Vincent Ambo	1	-0/+1
	Adds a systemd EnvironmentFile secret that contains the Gerrit username & password for gerrit-queue. Change-Id: I25acf87764c26774045138402b8a417b6813ee8f
2021-12-08	r/3159 feat(ops/secrets): Bootstrap agenix secrets folder	Vincent Ambo	1	-0/+12
	Sets up the key set and adds an initial secret (besadii config with tokens) to be deployed to whitby. Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d