about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2021-03-26 r/2341 feat(ops/dns): Add Google Workspace verification for tvl.su.Vincent Ambo1-1/+4
Change-Id: I44db2bca7aa5814bbefd8943d727cc66ab800fd5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2668 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-03-26 r/2332 fix(ops/whitby): Set tcp congestion control to bbrGriffin Smith1-0/+4
Some quick testing shows that this improves my data transfer speed to whitby by roughly 200%. Change-Id: Id94de975b1ae0930f8d0fe038582dbac0037676c Reviewed-on: https://cl.tvl.fyi/c/depot/+/2659 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: ben <tvl@benjojo.co.uk>
2021-03-25 r/2329 refactor: Replace some uses of builtins.toFile with pkgs.writeTextVincent Ambo1-3/+1
I'm looking at removing some of these because they can cause unnecessary build steps during CI pipeline generation. Change-Id: I84742968918090c050d2eedab8a1b42692632a42 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2655 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-03-22 r/2318 chore(ops/nixos): Update Sourcegraph to 3.26.0Vincent Ambo1-1/+1
Reading through the changelogs, this includes the following two changes that may require us to do something: * For users of single-image Sourcegraph instance, please delete the secret key file /var/lib/sourcegraph/token inside the container before attempting to upgrade to 3.21.x. * A campaigns.restrictToAdmins site configuration option has been added to prevent non site-admin users from using campaigns. Change-Id: Ieacf85a9059ad5222800f8d7d4a43435f489a39f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2638 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-03-22 r/2316 feat(ops/dns): Add status subdomainVincent Ambo2-16/+18
I want to host something like Vigil[0] on this to show the status of Gerrit, SourceGraph and maybe other components. (Yes, the status page will be on the same infrastructure ... but this is mostly for service failure cases). [0]: https://github.com/valeriansaliou/vigil Change-Id: If71496300b94035976a685d9bf166d525d89fc5e Reviewed-on: https://cl.tvl.fyi/c/depot/+/2637 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-21 r/2314 chore(whitby): Remove SSH key from rootVincent Ambo1-4/+0
This was a leftover from the time we were installing. Change-Id: Id875b907d7f76081a45e7f8f2666b7fba6aefc86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2632 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-21 r/2299 feat(tazjin/nixos): Initial check in of new host (tverskoy)Vincent Ambo1-0/+1
This is my new X13 AMD Thinkpad, on which many fun things will be done. Change-Id: I4de114a8c5ebb37d2f4844f407d2dc0e7cc9557e Reviewed-on: https://cl.tvl.fyi/c/depot/+/2620 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-03-15 r/2283 refactor(ops/dns): use drvTargets for meta.targets populationsterni1-7/+8
Since we have a dedicated util for this, we may as well use it to reduce code duplication. Change-Id: Ie52647be8c786d0b6a4dceb2fa6778b94625fafc Reviewed-on: https://cl.tvl.fyi/c/depot/+/2604 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-03-15 r/2281 feat(ops/dns): Configure tvl.su zoneVincent Ambo2-0/+30
Change-Id: I6016d92e9c231a257e06644dfcf44a4aaa12ac4d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2601 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-03-15 r/2280 feat(ops/dns): Import tvl.fyi DNS zone into depotVincent Ambo3-0/+58
Imports the current state of the tvl.fyi zone and configures simple CI checks on the file format. No deployment automation exists for this (yet?). Change-Id: Ia7d72e02b9f6d3adef994c5dc1898cc0df9dfcfb Reviewed-on: https://cl.tvl.fyi/c/depot/+/2600 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-13 r/2278 feat(users/adisbladis): Add to usersAdam H1-0/+5
Change-Id: I2a3532605c602dd6ba44a6c723333db219a55907 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2599 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-02-24 r/2226 chore(ops/journaldriver): Expand wildcard importsVincent Ambo2-3/+5
... to appease Profpatsch. Change-Id: Id8576645a6920312c2304ea7880524d9cda8e21b Reviewed-on: https://cl.tvl.fyi/c/depot/+/2544 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-02-10 r/2201 fix(ops/www/tazj.in): Force SSL for git.tazj.in redirectVincent Ambo1-0/+1
Change-Id: If5b8096cb693d96936f9b954e2ebe3dc9b63af66 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2521 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-02-10 r/2200 fix(ops/www/tazj.in): Redirect git.tazj.in to our cgitVincent Ambo1-0/+5
Change-Id: Ia0be95e2618aeb4f8d394a8e3602c73faec0d72f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2508 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-02-06 r/2182 fix(config): remove ciBuilds inheritsterni1-1/+1
The ciBuilds attribute seems to no longer exist and it breaks the evaluation of the config attribute. It's only appearance was in besadii which doesn't actually use the attribute. Removing the ciBuilds inherit fixes these issues. Change-Id: Ibbf3413ba6efe10ad868cf57cf0711d574860f97 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2487 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-01-30 r/2160 fix(ops/piplines/static-pipeline): add --show-trace to nix-buildProfpatsch1-1/+1
Change-Id: Ib0473f916b1436934844e620ce981f52d11e8512 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2467 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-01-30 r/2159 chore(3p|nix): Remove typed GoVincent Ambo2-2/+2
Nobody has actually done any experimentation with typed Go, so we're getting rid of it for now - it's causing annoying IFD during build graph generation. Change-Id: Ibac3dea98ebed1b3ee08acda184d24c500cf695d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2458 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-23 r/2140 chore(users/multi): remove user from the depot.multi2-13/+1
This commit removes my user directory in the depot, my user account on whitby, my entry in the LDAP database, and my entry in the website graph. I've had my fun with TVL, but I want to move on to spending time on some other things. This additionally removes aranea from the website graph, which they have requested in private. Change-Id: I2d098c8fe239f20d9f6c6cbf66a3dfb4a955a4cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/2436 Tested-by: BuildkiteCI Reviewed-by: multi <depot@in-addr.xyz> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-01-19 r/2133 chore: Remove banned userV2-12/+0
Change-Id: Icd61f7c567a327c74a4f381168e94737b2b30702 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2422 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Reviewed-by: tazjin <mail@tazj.in>
2021-01-18 r/2131 feat(todolist): use static slapd user data for knownUserssterni2-130/+134
Since the slapd data is static and generated using nix, we can simply move the user list into ops/users, so it's recognized by readTree and we can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as a general purpose user registry for depot. Update docs/REVIEWS.md as well. Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-01-18 r/2130 chore(ops/whitby): Move ACME registrations to an @tvl.fyi addressVincent Ambo1-1/+1
Change-Id: I371550aa456c0fb64da4789feed494cc50497522 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2410 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-17 r/2116 feat(ops/nixos): Serve tazj.in from whitby temporarilyVincent Ambo2-1/+32
camden.tazj.in (the host in my flat) is going down as my belongings are being moved into storage. Change-Id: Id66512fd2ec6dbdcb6dfc3862af49cfadb15cfa1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2405 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-15 r/2111 feat(ops/nixos/whitby): Enable remote use of whitby for my Thinkpad.multi1-2/+3
My main workstation is a Thinkpad without a great deal of compute power available, so enabling the use of whitby as both a substituter (services.sshServe) and a remote builder (openssh.authorizedKeys) will save me some time when working on nix things and depot things. Change-Id: I17bfcbb9860f42fb667603ad819e38e82e6052da Reviewed-on: https://cl.tvl.fyi/c/depot/+/2399 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2021-01-13 r/2094 feat(ops/nixos/whitby): add sterni usersterni1-0/+6
Change-Id: Ia6790913ea2777a9d4ca89830436623766991c13 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2368 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-01-11 r/2072 feat(tvl-slapd): add sterni to slapdsternenseemann1-0/+5
Change-Id: I4b832f60c69e1bdd1a6bf0595d523c052aa8f794 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2348 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-09 r/2065 chore(3p): Bump NixOS channels to 2020-12-28Vincent Ambo1-15/+14
Changes: * ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the ability to configure OpenLDAP directly and now forces users to use some kind of weird Nix->OLC mapping that is mostly undocumented. This moves the config we need to the new format in a way that may or may not work and does the other arbitrary dance steps that someone decided to impose on us. Note that this now throws lots of warnings, but I can't be bothered to fix them. * 3p: Random package removals accomodated * users/glittershark: Pin grfn's kernel to 5.9, because the CK patch is not yet updated for 5.10 * users/glittershark: Update vendor hash for pg-dump-upsert, I suspect this changed because of something in the Go build machinery in nixpkgs. The deleteVendor flag also has no effect anymore and has been removed. * users/glittershark: agda build is broken, commenting out development home-manager environment until it can be fixed * third_party/haskell_overlay: updating random needs upper boundarles of a few dependencies relaxed (curse them) * third_party/gerrit_plugins: for some cursed reason the fixed-output hash of the gerrit owners plugin fetchgit changed, updated. Same for the checks plugin. Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2020-12-26 r/2030 chore(whitby): Double number of build usersVincent Ambo1-1/+1
more = betterer Change-Id: I6d5414d6ebb087e7f9fb912d5a514c31ebcd8b7e Reviewed-on: https://cl.tvl.fyi/c/depot/+/2296 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-12-20 r/2023 fix(whitby): Include lukegb's & grfn's SSH keys in initrdVincent Ambo1-3/+4
Change-Id: I8921d645b1a81510e04314e519195c1c01d3fd14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2286 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2020-12-20 r/2022 fix(whitby): Disable git's gc.autoDetach featureVincent Ambo1-0/+6
This feature can cause object removal to happen while the git folder is in use in Buildkite, causing CI to fail semi-reegularly. Change-Id: Ide1a9b2f1761be029e97a058c1983b4cff5e27bf Reviewed-on: https://cl.tvl.fyi/c/depot/+/2285 Tested-by: BuildkiteCI Reviewed-by: multi <depot@in-addr.xyz>
2020-11-30 r/1962 feat(gs/system): Init yerenGriffin Smith1-0/+1
My new work laptop, a dell XPS 13. Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-29 r/1959 fix(cl.tvl.fyi): Correct Gerrit shortlink redirects.Luke Granger-Brown1-1/+2
Before: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi:80/c/depot/+/123/ After: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi/c/depot/+/123/ I think Jetty changed it's behaviour, and Gerrit is now configuring it incorrectly. Fixes #88. Change-Id: I9238c0922b9f627e06eb81fa99dc748dada8909a Reviewed-on: https://cl.tvl.fyi/c/depot/+/2202 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-26 r/1918 feat(tvl-slapd): add jamie to slapdJamie McClymont1-0/+5
o/ - Jamie Change-Id: I9c21e9a58c4514160f08133465a9cca720055cbf Reviewed-on: https://cl.tvl.fyi/c/depot/+/2148 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-11-22 r/1907 feat(whitby): Move wigglydonke.rs to whitbyGriffin Smith2-0/+16
Mugwump is too unstable for such an important internet service Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-11-22 r/1905 feat(ops/nixos): Give all nixoses a config.depotGriffin Smith1-1/+7
Add the depot.nix module and a depot config option to all nixos system derivations that're build through the `bin/rebuild-system` machinery. I can't imagine a scenario where we wouldn't want this level of integration. Change-Id: Ieeb98db2eee23919256adb4654bc45d540e055ec Reviewed-on: https://cl.tvl.fyi/c/depot/+/2128 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-17 r/1882 feat(ops/pipelines): Check in the static pipelineVincent Ambo1-0/+15
This file represents the static pipeline which is configured in the Buildkite web UI. Updates to this file should be applied in the admin interface. These steps are responsible for launching the dynamic pipeline evaluation, or falling back to the fallback pipeline if evaluation fails. Change-Id: I6d7dd623cde65e8c69faea729f737c9bba00c2fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/2103 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 r/1881 feat(ops/pipelines): Add a fallback Buildkite configurationVincent Ambo1-0/+8
This adds a simple fallback Buildkite pipeline configuration which always fails the pipeline, but correctly reports back the failure status. Note that this also requires changes in the Buildkite configuration that is not in version-control. Relates to b/66. Change-Id: I6802a6f76448c3893798a06d514e6ccba0f50dd2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2102 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 r/1880 feat(ops/panettone): Add configuration for irccatVincent Ambo2-0/+21
Adds configuration options for the (inconsistently named) environment variables that configure irccat integration with Panettone. The defaults match the irccat setup on whitby. Change-Id: I6857512a2e3f29f16777493eb981cc69ce3c045f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2080 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-11-08 r/1876 feat(whitby): Enable irccat moduleVincent Ambo1-0/+19
Enables irccat, running as 'tvlbot' on ##tvl and ##tvl-dev and listening on TCP 4722. Change-Id: Ia1eb533d0aacb0c15d6b3fa1cfd854ffbce27d23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2075 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-08 r/1875 feat(ops/irccat): Add a NixOS module for launching irccatVincent Ambo1-0/+49
This module configures irccat by creating a JSON configuration file from a user-supplied Nix struct (this is not checked for correctness), and merging it recursively with secrets from `/etc/secrets/irccat.json` at service launch time. This way we get the ability to configure (most) options declaratively via Nix, while providing the secrets outside of Nix. Side note: We need to figure out a secrets distribution mechanism. Tested: Wrote a dummy config in whitby/default.nix locally and checked that this builds, but I have not actually run the service yet. I expect that some minor tweaks will end up being necessary. Change-Id: I02a2e8dc40a7f8417fd77afcf8a12ac3df117988 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2074 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-05 r/1870 fix(whitby): Use new IRC bouncer location for clbotVincent Ambo1-1/+1
... I found this location in the logs, because the certs are now valid for this, but I'm not actually sure if it's right. Change-Id: I5ac88073e3bf6a95fead4c1d34515622c4416c6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/2070 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-05 r/1869 feat(ops/nixos/paroxysm): Set Restart = "always"Griffin Smith1-0/+1
Sometimes (like today) paroxysm crashes. We'd like it to restart if that happens. Change-Id: I98841096bcd6605c4279744ae5c65a9c92092a21 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2069 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-10-22 r/1854 feat(tvl-slapd): add etu to slapdElis Hirwing1-0/+5
Change-Id: I39ecf2167fd65f305853bf0e48c6208d94a5bf1f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2055 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-10-18 r/1850 feat(tvl-slapd): add htbfhtbf1-0/+5
Change-Id: I6da03700708bcafc4f476b01c0a27d27fb85cc4a Reviewed-on: https://cl.tvl.fyi/c/depot/+/2050 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-10-05 r/1834 chore(tvl-slapd): use ARGON2 for cynthiaCynthia Revström1-1/+1
Change-Id: I81efffe384644cc2d2a625fc96ef5264dedd76ea Reviewed-on: https://cl.tvl.fyi/c/depot/+/2019 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2020-09-28 r/1828 feat(whitby): add firefly userJonas Höglund1-0/+6
Change-Id: Ib785577c173795d5cc6ccd7a3ee7e6a568439a0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/2013 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 r/1825 feat(tvl-slapd): add fireflyJonas Höglund1-0/+5
Change-Id: I28b71a429f2093e2ff3d7148cfaa2425f322dfea Reviewed-on: https://cl.tvl.fyi/c/depot/+/2010 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 r/1823 feat(whitby): add cynthia owoCynthia Revström1-0/+6
Change-Id: Id9e06ce8645ec2dbe1167d2b0b023159d3e91487 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2008 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 r/1819 feat(tvl-slapd): add ben to slapdBen Cartwright-Cox1-0/+5
Change-Id: Iadec1d04b086f878c408a8867778f6bd75254dfc Reviewed-on: https://cl.tvl.fyi/c/depot/+/2005 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2020-09-06 r/1765 chore(whitby): Double the number of build agents againVincent Ambo1-1/+1
The main bottleneck of our builds right now is Nix evaluation, which means that most of the time is spent idling during builds. Since we're evaluating in parallel, lets give it a few more builders. I don't want to go all the way to 64 immediately to first see if we get any adverse effects from highly concurrent builds running concurrently (if we do we could group them into different "concurrency groups" in Buildkite). Change-Id: Ibc3f89fb59cb4ee471b152ff36887ffe2b39f8f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1932 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-31 r/1752 fix(ops/monorepo-gerrit): Escape escape characters with more escape charactersGriffin Smith1-1/+1
Escape! Change-Id: Idec7d17feda13ccf1ec03c41106ec6ed581d9e47 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1901 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>