about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2021-05-25 r/2631 fix(wigglydonke.rs): Don't rebuild nginx config unnecessarilyVincent Ambo1-1/+1
This fix is essentially the same as the one in cl/1263. Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-05-25 r/2630 chore(nixpkgs): Bump channels to 2021-05-25Vincent Ambo6-16/+9
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides * ops: make new isSystemUser || isNormalUser assertion happy * users/grfn/system/system/mugwump: make buildkite agents system users * users/tazjin/nixos/camden: set isSystemUser = true for git * users/tazjin/emacs: Remove missing & broken packages * third_party/openldap: remove, as the argon2 module is now enabled upstream * third_party/gerrit_plugins: Pinned new unstable hashes * third_party/nix, third_party/grpc: Disabled CI as these are broken * third_party/overlays/emacs: Bumped version to stay in sync with channel * third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib, since libclang's default output no longer contains libclang.so * users/grfn/system/home: Install julia-stable instead of julia (which aliases to julia-lts), as the latter depends on an insecure version of libgit Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 r/2628 chore(whitby): Add ZNC state to Restic backupsVincent Ambo1-1/+1
Until we have declarative ZNC config (which requires a solution for secrets handling in it), make sure we back this up as well. Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 r/2627 fix(tvl-slapd): Replace deprecated OpenLDAP module optionsVincent Ambo1-5/+7
Use the new module settings which apply configuration in cn=config instead of slapd.conf. The module performed this update via lib.mkChangedModuleOption, I've applied the transformations contained therein manually. Note that some of the settings were already in place, which means that the `suffix` and `database` options seemingly disappear into the void. Fixes b/105. Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-24 r/2626 refactor(ops/nixos): Pass `depot` as a special argumentVincent Ambo1-4/+4
This changes the evaluation order for the `depot` argument and ensures it is partially evaluated before the module system starts resolving imports. This way we can import modules from `depot.path` without `depot` having to come from readTree. Fixes b/129. Change-Id: Icf4dd2be15011055dac8b27e991a4ff6a12bf827 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3156 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 r/2624 chore(ops/users): Update email address for cynthiaCynthia Revström1-1/+1
Change-Id: Ieb59d9215c5c1159113375dea0dd96d3d29e1303 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3154 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-24 r/2623 fix(ops/users): Rehash password for knKlemens Nanni1-1/+1
This time using `tools.hash-password` because login did not work with the initially created hash. Change-Id: I1eb62a496d2d8497d27573af47bf8bf70dac9bbb Reviewed-on: https://cl.tvl.fyi/c/depot/+/3153 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-24 r/2621 feat(ops/users): Add knKlemens Nanni1-0/+5
Change-Id: Ib615743fc57357b0de17600c9a3f400c48fd0f70 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3151 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-23 r/2620 feat(dns): Add record for deploys.tvl.fyiGriffin Smith1-10/+11
This will be used to serve (nix-) diffs for pending deploys of whitby Change-Id: Ia864993b1fcb3b7ce5fcc21f32a27528a4c31f08 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3149 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 r/2619 fix(whitby): Fix irccat configuration for incorrectly named optionVincent Ambo1-1/+3
irccat is passing the realname option as the ident of the user, which doesn't match what is in ZNC. It hasn't seen any upstream commits in a long time, so I'm just leaving this as is and fixing it locally in our config. Change-Id: I3bf865f37b8df9c1cd891a94245ca3fad376bbe1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3150 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-05-23 r/2617 feat(whitby): Let sterni bear the wheelVincent Ambo1-1/+1
Change-Id: Ib4f7dcbdc754d2fc271f501a9ea270e983a3645f Reviewed-on: https://cl.tvl.fyi/c/depot/+/3147 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-23 r/2616 fix(ops/users): Fix hash format for cschillingVincent Ambo1-1/+1
Change-Id: Ib0c53e8f6bc030cbdfe31020ed9d6764bd732a62 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3146 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-23 r/2611 feat(ops/users): Add cschilling to userssterni1-0/+5
Change-Id: I8afc23c749a5318d7c2ce893903980112ff13c12 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3137 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 r/2610 feat(whitby): Enable fail2banGriffin Smith1-0/+2
I like running fail2ban on any machine that has stuff like ssh world-open, to limit the potential for password brute-force attacks etc. Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-22 r/2609 chore: Replace Freenode mentions with HackIntVincent Ambo1-1/+2
This doesn't replace all of them in the repo, but at least the ones that are relevant to our move. Change-Id: I842e7594b4c16af30d880272417874f6b29afd22 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3134 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2606 feat(ops/owothia): Add owothia module and deploy on whitbyVincent Ambo2-0/+75
This configures owothia to use her new bouncer to HackInt. Change-Id: I80eb8191c2b0f2a6f8a31d19b60250ade27c1913 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3129 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2604 chore(whitby): Move clbot to HackIntVincent Ambo1-9/+7
Points clbot at the new local ZNC instead. This will make it part of the things happening through the `tvlbot` account. Relates to b/101 Change-Id: I1c15ffa5720d3af34475c15bee3fdaa537ac659b Reviewed-on: https://cl.tvl.fyi/c/depot/+/3127 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2602 chore(whitby): Move irccat & panettone notifications to HackIntVincent Ambo1-5/+4
Change-Id: I6bd5c183d2c1c28b8c6b0201bdf22a66333d4aea Reviewed-on: https://cl.tvl.fyi/c/depot/+/3131 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 r/2600 feat(whitby): Add shadowsocks serverFlorian Klink1-1/+8
This adds a shadowsocks service, running on port 8443, tcp and udp. The password is read from /etc/secrets/shadowsocks-secret.sec, and needs to be populated externally. Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 r/2599 feat(apereo-cas): move away from 127.0.0.1:8443Florian Klink1-1/+1
The following commit itends to bind on port 8443 on all interfaces, so let's move this to something else. Change-Id: Ibb94a0f4e6892b6e543b542b89bcdaaefb617f23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3126 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 r/2598 feat(whitby): Initial ZNC configurationVincent Ambo1-0/+27
Bouncer to be used for TVL's IRC bots, see b/101 Change-Id: Ic9f71ecd94365d3baa31e0552b1ce16362f94557 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3124 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-05-20 r/2597 fix(ops/nixos): Fix typo in NIX_PATH nameVincent Ambo1-1/+1
Change-Id: Ic29b219ca1c536f8a99860ecdf2957a62ba95889 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3123 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-05-06 r/2571 chore(sourcegraph): Increase nofile ulimit for SourcegraphVincent Ambo1-0/+6
Sourcegraph logs warnings about this on startup otherwise. Unclear to what degree it really affects operation though. Change-Id: I6ee7c5358631aafd9a7f8155150361bf7499314d Reviewed-on: https://cl.tvl.fyi/c/depot/+/3098 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-05 r/2568 fix(ops/www): Fix typo in nginx configurationVincent Ambo1-1/+1
Change-Id: I5ee7307acae548cc7779fe715ea4aad620fe8f5c Reviewed-on: https://cl.tvl.fyi/c/depot/+/3096 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 r/2567 feat(ops/www): Configure atward.tvl.fyi and its aliasesVincent Ambo2-0/+34
Change-Id: I20dfb057f8184899226bcb4527010a6982d426f0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3094 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 r/2566 refactor(atward): Configure listen addressVincent Ambo1-1/+7
This appeases the flokli. Change-Id: Ib6a6c1a2cc8780e7944913d9204b42505b29fdc0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3093 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-03 r/2562 feat(ops): Add NixOS module for atwardVincent Ambo2-0/+35
Very standard, nothing fancy. Change-Id: Ibb286f221a4752abfb62e971b98e9496357040f5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3090 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-05-03 r/2561 feat(ops/dns): Add hostnames for atward (at.*, atward.*)Vincent Ambo2-2/+6
The shorter one is going to be more convenient when we get go-link (or, well, at-link) support. Change-Id: Ic24adcdad679b893c40c87731add818660259dac Reviewed-on: https://cl.tvl.fyi/c/depot/+/3091 Tested-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi>
2021-04-28 r/2550 feat(ops/users): Add ezemtsov to usersEvgeny Zemtsov1-0/+5
Change-Id: I78a06540e97c0f294d81abe65c15122ed422dd8a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3059 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-04-20 r/2529 feat(ops/modules/www): Disable FLoC tracking for all TVL pagesVincent Ambo1-0/+4
.. this is actually likely not disabling it for some pages, that will need this to be copy & pasted, but it's hard to tell just from the nginx docs. We'll make sure after deploying. Change-Id: I2fa6e31ca10835a206673b858594fa071e729d82 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3020 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-20 r/2527 refactor(ops/nixos): Ensure that pkgs == depot.third_party.nixpkgsVincent Ambo1-0/+7
This is currently done ad-hoc in a bunch of our systems, but we should just do it centrally. The commit message is a bit of a lie, as this doesn't yet update grfn's systems. Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-18 r/2524 fix(automatic-gc): Fix garbage collection scriptVincent Ambo1-1/+1
It needs to refer to this by full path of course. Change-Id: I911c876ba18877681accb722426314d92b9f2318 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3042 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-04-14 r/2512 fix(modules/automatic-gc): Add nix-daemon to requisitesVincent Ambo1-0/+1
This will require the daemon to be running when launching GC, but won't start it if it happens to not be running for some reason. Change-Id: If48fe336030173f028428fc00a81d339ef4b8bce Reviewed-on: https://cl.tvl.fyi/c/depot/+/3015 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-14 r/2511 feat(ops/modules): Add module for automatically collecting garbageVincent Ambo2-0/+100
Adds a module that automatically collects garbage based on disk space thresholds, and configures it to run hourly on whitby. This is implemented as an alternative to cl/2937, which I've been told uses a Nix feature that doesn't actually work. Under-the-hood this is simply a systemd timer running a shell script which checks available disk space and runs GC when necessary. Change-Id: I3c6b5de85b74ea52e7e16c53f2f900e0911c9805 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3014 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-13 r/2500 feat(whitby/grafana): use CAS SSOLuke Granger-Brown1-0/+52
There's a hard-coded list of Admin usernames for the moment. We should revisit this and get an actual groups setup in LDAP that's propagated through... Change-Id: Ic3601f1a9753573076769f4912038e9f1b60e139 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2982 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 r/2498 feat(whitby): Enable Grafana at status.tvl.suVincent Ambo2-4/+47
Enables a Grafana service pointing to whitby's local Prometheus instance, accessible at status.tvl.su. I've no idea how to configure Grafana and if it's possible to link it to CAS, but we'll see about that later. Notes: * the explicit fixpoint for whitby config has been removed as we have the `config` parameter available now * backups are enabled for the Grafana storage location Change-Id: If5ffe0c1a3378d1c88529129487c643642705fd2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2948 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 r/2497 refactor: Replace 'depotPath' with 'depot.path'Vincent Ambo3-22/+22
Instead of having two ways of accessing the path to the depot (one of which was stuttering, depot.depotPath) we settle on only one: depot.path. This was mostly used for NixOS module imports. Co-Authored-By: Florian Klink <flokli@flokli.de> Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 r/2494 chore(besadii): Stop passing explicit messages to BuildkiteVincent Ambo1-6/+0
Dropping the message field will make Buildkite use the commit messages instead, which makes for much more readable build logs. Change-Id: I1849f811632526893b700f117c9f6cf64888c329 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2949 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 r/2493 feat(whitby): Enable Prometheus instance on whitbyVincent Ambo1-1/+24
Enables Prometheus with a local node exporter, and nothing else for now. Some additional collectors have been enabled for things that might be relevant on whitby: * systemd: all our services run in systemd * processes: might be interesting for build-related stats * logind: might be interesting for interactive usage stats Change-Id: I48dacdd9c68b4be9edff7b3cb6256dad562498c4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2930 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-12 r/2492 feat(ops/pipelines): pass --show-trace to nix-buildsterni1-1/+1
--show-trace should make it easier to debug tricky evaluation errors without running nix-build -A ops.pipelines.depot locally again. Change-Id: Ice540562c3b389fc2a49ec1fc0adacb17db2a528 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2947 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-04-12 r/2485 refactor(users/glittershark): Rename to grfnGriffin Smith4-6/+6
Rename my //users directory and all places that refer to glittershark to grfn, including nix references and documentation. This may require some extra attention inside of gerrit's database after it lands to allow me to actually push things. Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 r/2482 refactor(ops): Split //ops/nixos into different locationsVincent Ambo32-44/+28
Splits //ops/nixos into: * //ops/nixos.nix - utility functions for building systems * //ops/machines - shared machine definitions (read by readTree) * //ops/modules - shared NixOS modules (skipped by readTree) This simplifies working with the configuration fixpoint in whitby, and is overall a bit more in line with how NixOS systems in user folders currently work. Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 r/2480 fix(pipelines/depot): Buildkite refers to branches by full refVincent Ambo1-1/+1
This change is required to run the :anchor: step on canon builds. Change-Id: Ib3cebac67c9f5337b27a948f120b0a9ba834ef2a Reviewed-on: https://cl.tvl.fyi/c/depot/+/2932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 r/2477 feat(ops/pipelines): Add gcroots for depot builds on canonVincent Ambo1-2/+22
Adds a conditional build step that only runs on the canon branch, and only if :duck: (the status reporting step) succeeds, which creates a new Nix GC root for all depot targets named `depot-canon`. In practice this might be a bit racey, as canon builds are not guaranteed to succeed in order (though it is likely). This shouldn't matter much in practice: We only want to prevent rebuilds of the whole world. This fixes b/102 Change-Id: Id3d0bf4158bffcb1ed6929888a29d31609b6ece1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2904 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 r/2476 fix(tvl-buildkite): Set agents' primary group to buildkite-agentsVincent Ambo1-2/+5
This ensures files created by the Buildkite agents are always owned by the same group, without having to manually chgrp afterwards. Change-Id: Idbaedec43c16b2ee137d1a95719a05d46db8f900 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2929 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2021-04-10 r/2470 refactor: Move nixpkgs attribute to `third_party.nixpkgs`Vincent Ambo2-13/+9
Please read b/108 to make sense of this. This gets rid of the explicit list of exposed packages from nixpkgs, and instead makes the entire package set available at `third_party.nixpkgs`. To accommodate this, a LOT of things have to be very slightly shuffled around. Some of this was done in already submitted CLs, but this change is unfortunately still quite noisy. Pay extra attention to: * overlay-like functionality that was partially moved to actual overlays (partially as in, the minimum required to get a green build) * modified uses of the package set path, esp. in NixOS systems Special notes: * xanthous has been disabled in CI because of issues with the Haskell overlay * //third_party/nix has been disabled because of other unclear dependency issues Both of these will be tackled in a followup CL. Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-04-10 r/2468 feat(ops/nixos/www): Enable short links for b/ and cl/Vincent Ambo2-0/+15
This configures accepting requests for b/ and cl/ on plain HTTP ports, and redirecting to b.tvl.fyi & cl.tvl.fyi appropriately. Additionally, Panettone request URIs that only contain decimals are redirected to `/issues/$request_uri` to enable issue short-links. This fixes b/32. Change-Id: I56954d8d69a3624267778b467520c509f4daa6c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2908 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-10 r/2467 feat(gerrit): Auto link 'cl/123'-style shortlinksVincent Ambo1-0/+6
Same as linking to bugs (e.g. b/108). Change-Id: I447020bc07059c98c53322d745f961d8d471d9a4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2919 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-04-10 r/2464 refactor(ops): Consistent use of depot.third_party vs. pkgsVincent Ambo4-16/+13
In preparation for the solution of b/108, we need to consistently use `depot.third_party` for packages that are only packed in the TVL depot and `pkgs` for things that come from nixpkgs. This commit cleans up a huge chunk of these uses in //ops Change-Id: I00faeb969eaa70760a26256274925b07998c2351 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2915 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-09 r/2457 feat(tvl-buildkite): Add all buildkite agent users to a local groupVincent Ambo1-0/+9
This lets us grant permissions to them, e.g. on local folders. Change-Id: I823ac414be1cb7d6baa4f17d95003709e5911b04 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2905 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>