about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2020-07-17 r/1363 feat(whitby): Hardcode Google DNS serversVincent Ambo1-2/+18
The Hetzner DNS servers were unhappy after today's Cloudflare outage, and that broke some of our builds - this wouldn't have happened with Google DNS! Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 r/1347 chore(whitby): += Isomerisomer1-0/+8
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142 Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1268 feat(whitby): Configure Gerrit backups on whitbyVincent Ambo1-0/+22
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1267 chore(whitby): Give the git user a home directoryVincent Ambo1-0/+2
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1265 fix(www/base): Add nginx fix timerVincent Ambo1-1/+23
Change-Id: Iec66fea0f3991ba74aede3911ea9f6ae5adb0188 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1082 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1264 feat(whitby): Enable Gerrit & cgit deploymentsVincent Ambo3-1/+67
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-07-12 r/1262 feat(whitby): Enable SourceGraph serverVincent Ambo2-1/+36
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1261 chore(sourcegraph): Bump version to 3.17.3Vincent Ambo1-1/+1
Change-Id: I6bc25d039cbe497bc9aa8784ac2f95219b5c617c Reviewed-on: https://cl.tvl.fyi/c/depot/+/1066 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1260 feat(nixos/sourcegraph): Move cheddar server to module & make ports configurableVincent Ambo1-6/+30
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 r/1259 feat(nixos/www): Add configuration for tvl.fyi homepageVincent Ambo2-0/+31
... and enable it on whitby Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1257 feat(whitby): Move over clbot deployment from camdenVincent Ambo1-0/+22
There is only one minor configuration change: CLBot now connects to cl.tvl.fyi, instead of localhost, because Gerrit is still on camden. Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1256 feat(whitby): Enable smtprelay moduleVincent Ambo1-1/+13
This is required for the Gerrit setup. Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1255 fix(monorepo-gerrit): Use Google's CDN to serve static assetsVincent Ambo1-2/+9
Change-Id: Ib4ffc1d9b030a5982b9063c1d6322fb87ba7f910 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1022 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 r/1254 chore(monorepo-gerrit): Increase Gerrit's heap limit to 4gVincent Ambo1-0/+2
(this translates to -Xmx) Change-Id: I31bbbd247952fa6a592cb66ad144025af640d2db Reviewed-on: https://cl.tvl.fyi/c/depot/+/1021 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-11 r/1253 fix(monorepo-gerrit): Explicitly set gerrit.docUrlVincent Ambo1-0/+1
This prevents a request that takes >1s on each page load. Change-Id: Ic91bb602e3059b1f17681aa468739bb0a103f8cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/1003 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-10 r/1248 feat(tvl-slapd): add `andi`Andreas Rammhold1-0/+5
Message-Id: <20200710190623.26573-1-andi@notmuch.email> Change-Id: Ibd74f93f589beecbf7fa9090550ecf95caa0a3b0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/982 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-08 r/1241 feat(ops/nixos): Add module for running a Quassel daemonVincent Ambo1-0/+76
The upstream module is not flexible enough for my needs, so I made my own. Change-Id: Ie9f786da7eb8c878e0782b07a075c064ad8cd253 Reviewed-on: https://cl.tvl.fyi/c/depot/+/953 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-08 r/1239 chore(apereo-cas): fix up configurationLuke Granger-Brown1-0/+1
- X-Forwarded-Proto support so it knows it's behind TLS - Remove extraneous logs and just log to stdout so it's caught be systemd Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639 Reviewed-on: https://cl.tvl.fyi/c/depot/+/952 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-06 r/1236 chore(ops/nixos/tvl-sso): add secretsLuke Granger-Brown1-0/+1
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba2840 Reviewed-on: https://cl.tvl.fyi/c/depot/+/951 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1235 fix(ops/nixos/tvl-sso): correct path to executableLuke Granger-Brown1-1/+1
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283f Reviewed-on: https://cl.tvl.fyi/c/depot/+/950 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1234 feat(whitby): add apereo-cas/tvl-ssoLuke Granger-Brown2-0/+24
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283e Reviewed-on: https://cl.tvl.fyi/c/depot/+/935 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1230 feat(ops/nixos/www): create login.tvl.fyi hostLuke Granger-Brown3-0/+43
Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c Reviewed-on: https://cl.tvl.fyi/c/depot/+/936 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 r/1221 feat(ops/nixos): Add generic rebuild-system scriptGriffin Smith3-7/+49
This adds a first crack at one idea for a generic, non-user-specific rebuild-system script to ops.nixos.rebuild-system. The idea here is that we enumerate all the nixos systems stored in the monorepo (similarly to what we do for ci-builds right now) then search through them by hostname to find the one matching the hostname of the current system, which is an attempt at a more generic version of tazjin's rebuilder script which does the same thing but with an explicit case block. As a caveat, it feels like there's a slight possibility that this way of finding systems is going to get slow to evaluate - on my system it feels fine but if it grows out of hand it's probably feasible to just bake this into the built script as a dynamically generated case statement. Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/894 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-05 r/1213 feat(whitby): enable tvl-slapd on whitbyLuke Granger-Brown1-0/+1
Change-Id: I3fac108802671abfb9a508359390b063bce16202 Reviewed-on: https://cl.tvl.fyi/c/depot/+/923 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-07-04 r/1210 chore(whitby): add lukegb to trusted-users for remote buildsLuke Granger-Brown1-0/+1
Change-Id: Id1e67bb30bb7f4d329006688f1783b900d16d164 Reviewed-on: https://cl.tvl.fyi/c/depot/+/914 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-03 r/1202 chore(besadii): Stop adding Code-Review label on CLsVincent Ambo1-7/+0
We now use the actual 'Verified' label instead of Code-Review from Buildkite, this workaround is no longer required. This reverts commit d3f9cb0ec398d25a3be01cbc7c9b1ee8716b877f. Change-Id: Ib8c1680eae844cb7b45bf8837acf2af03d4ed344 Reviewed-on: https://cl.tvl.fyi/c/depot/+/909 Reviewed-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-03 r/1185 feat(whitby): Enable nix.sshServeVincent Ambo1-3/+9
This exposes a binary cache over SSH. Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a Reviewed-on: https://cl.tvl.fyi/c/depot/+/895 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1174 feat(whitby): Allow wheel users to sudo without a passwordGriffin Smith1-0/+7
This *should* translate to the required invocation to make sudo allow nopasswd for users in the wheel group. Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/857 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-07-02 r/1172 feat(whitby): Add grfn as a trusted userGriffin Smith1-0/+4
So I can remote builder Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/856 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-02 r/1171 feat(whitby): Run a handful of Buildkite agentsVincent Ambo1-0/+21
This is the point of the machine, afterall. Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/853 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1170 feat(whitby): Enable Nix signing for the binary cacheVincent Ambo1-0/+3
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014 Reviewed-on: https://cl.tvl.fyi/c/depot/+/852 Reviewed-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-02 r/1169 fix(whitby): Explicitly set an interface for the v6 default gwVincent Ambo1-1/+5
systemd gets sad otherwise and it is very difficult to console it Change-Id: Ic6405489532c407273e5634474185f2947420b37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/851 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1168 feat(whitby): Add grfnGriffin Smith1-0/+8
it's not glittershark because grfn is the username I have on my laptop and I want to be able to ssh without an `@`. Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768 Reviewed-on: https://cl.tvl.fyi/c/depot/+/850 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-07-02 r/1166 feat(whitby): add lukegbLuke Granger-Brown2-0/+7
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b Reviewed-on: https://cl.tvl.fyi/c/depot/+/848 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: BuildkiteCI
2020-07-02 r/1163 fix(whitby): Set correct IPv6 default gateway for Hetzner envVincent Ambo1-0/+1
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88 Reviewed-on: https://cl.tvl.fyi/c/depot/+/845 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-02 r/1160 feat(nixos/whitby): Hello, World!Vincent Ambo2-0/+161
This adds NixOS configuration for the machine whitby.tvl.fyi. No interesting services are configured yet, so this configuration is quite plain. Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/843 Tested-by: BuildkiteCI Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-02 r/1158 chore(nixos/whitby): Bootstrap //ops/nixos/whitby folderVincent Ambo2-0/+10
Change-Id: I7d77c3ea48b181d7b9f754ac4807ed44735a8925 Reviewed-on: https://cl.tvl.fyi/c/depot/+/841 Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2020-07-02 r/1157 chore(tvl-slapd): rotate password for rikingKane York1-1/+1
Change-Id: I3ec53d5223a4ff0871eed7615f11f534ed74653b Reviewed-on: https://cl.tvl.fyi/c/depot/+/839 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-01 r/1152 chore(tvl-slapd): Remove old password generation scriptVincent Ambo1-5/+0
This does not work for ARGON2 hashes. Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f Reviewed-on: https://cl.tvl.fyi/c/depot/+/834 Reviewed-by: Kane York <rikingcoding@gmail.com> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-07-01 r/1150 chore(tvl-slapd): Rotate my LDAP passwords and use ARGON2 hashesVincent Ambo1-2/+2
Change-Id: Id1a60121e4254e7ccff77ac17fd39d0955aedc8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/832 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI
2020-07-01 r/1149 feat(tvl-slapd): Load Argon2 password module in OpenLDAPVincent Ambo1-0/+15
This makes it possible to use {ARGON2} hashes instead of the current salted SHA hashes, which is a much better idea. Unfortunately the nixpkgs module does not have an option for overridding the package used, so it is overlaid into the system package set - this causes widespread rebuilds. This is fine for us for now, but I have opened a PR upstream to add a package option: https://github.com/NixOS/nixpkgs/pull/91963 Change-Id: Ib4be931d88e74b91566639f8656742cf096f6cc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/831 Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI
2020-07-01 r/1144 fix(besadii): Do not pass on update values for meta refsVincent Ambo1-2/+2
Before this change, besadii would skip further processing of meta refs (which happen for every CL metadata change), but it would still schedule a build by returning an update - which would then inevitably fail. This change makes besadii skip meta refs the same way it skips non-depot builds, i.e. completely. Move *on* from meta refs, do *not* collect $100. Change-Id: I269d2299f4d3cb1f9c041da8c92fa00ae7794b38 Reviewed-on: https://cl.tvl.fyi/c/depot/+/825 Reviewed-by: eta <eta@theta.eu.org> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
2020-06-30 r/1142 feat(nixos/clbot): Add a module for running clbotVincent Ambo1-0/+52
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa Reviewed-on: https://cl.tvl.fyi/c/depot/+/821 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: BuildkiteCI
2020-06-30 r/1141 feat(tvl-slapd): update camsbury in slapdCameron Kingsbury1-1/+1
Change-Id: Idce92352ad01f85bd7fbb102decdd1df26dda5f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/823 Reviewed-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-06-30 r/1140 fix(nixos/smtprelay): Only enable if the user asks for itVincent Ambo1-1/+2
Change-Id: Ifbdf9bf9e89a1da68e8c823f61a33275183afcb1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/822 Reviewed-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-06-30 r/1135 fix(besadii): Don't log errors for /meta refsVincent Ambo1-2/+3
These are updated for all sorts of things and should just be silently ignored by besadii. Change-Id: I0a6de373b21d6bef5fd31d0a1d3f72c501073bba Reviewed-on: https://cl.tvl.fyi/c/depot/+/801 Reviewed-by: BuildkiteCI Reviewed-by: Kane York <rikingcoding@gmail.com> Tested-by: BuildkiteCI
2020-06-29 r/1130 chore(ops): Clean up old GCP infrastructure filesVincent Ambo28-687/+0
This removes almost all of the GCP-infrastructure leftovers from my previous setup. The DNS configuration is retained, but moves to my user folder instead. Change-Id: I1867acd379443882f11a3c645846c9902eadd5b0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/782 Tested-by: BuildkiteCI Reviewed-by: eta <eta@theta.eu.org> Reviewed-by: isomer <isomer@tvl.fyi>
2020-06-29 r/1129 feat(besadii): Temporarily add Code-Review labels on CLsVincent Ambo1-0/+7
Besadii already adds 'Verified'-labels, which are used to signal CI status on CLs, however we don't actually use these labels (yet) which also means that they are not displayed in the Gerrit UI. This change temporarily introduces the Code-Review label *in addition* (with the same values as Verified), providing a build status signal on the CL but without being required for submission. Change-Id: I2c3a37c59aceb426815ad4e400c80ab85be482dd Reviewed-on: https://cl.tvl.fyi/c/depot/+/781 Tested-by: BuildkiteCI Reviewed-by: ericvolp12 <ericvolp12@gmail.com> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-29 r/1127 feat(besadii): Implement support for Buildkite's post-command hookVincent Ambo1-19/+118
This hook is invoked by Buildkite (on the runner) after every build stage. This change adds support in Besadii to run as this hook and update the build status on a Gerrit CL. Change-Id: Ie07a94d9b41645a77681cf42f6969d218abf93c1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/761 Tested-by: BuildkiteCI Reviewed-by: Kane York <rikingcoding@gmail.com>
2020-06-29 r/1122 feat(besadii): Propagate Gerrit change ID & patchset to BuildkiteVincent Ambo1-4/+9
I previously implemented this in a CL that ended up being abandoned, but it turns out we need it for the hook setup, anyways. These environment variables become available during the build and, crucially, to the post-build hooks. Change-Id: Id6c1657947995e8bae1fa7b76184dd8be4c01525 Reviewed-on: https://cl.tvl.fyi/c/depot/+/739 Reviewed-by: Kane York <rikingcoding@gmail.com>