about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2020-02-21 feat(ops/besadii): Run 'git update-server-info' at startupVincent Ambo1-1/+13
Since besadii is effectively the entire post-receive hook, it also needs to do the entire job of the hook.
2020-02-21 fix(ops/besadii): Send auth token in correct formatVincent Ambo1-1/+1
2020-02-21 refactor(ops/besadii): Log to syslog instead of stdoutVincent Ambo1-10/+19
2020-02-21 feat(ops/besadii): Use post-receive hook input to trigger buildsVincent Ambo1-2/+48
Parses the input passed to besadii from git to extract ref updates and trigger builds.
2020-02-21 feat(ops/besadii): Read sourcehut token from secrets file on diskVincent Ambo1-7/+7
2020-02-21 chore(ops/besadii): Fail if sourcehut token is unsetVincent Ambo1-2/+7
2020-02-21 feat(ops/besadii): Refactored tool to trigger sourcehut buildsVincent Ambo5-239/+127
Refactors //ops/sync-gcsr which was previously responsible for synchronising the git repository between GCSR and the git.tazj.in cgit instance to simply be responsible for triggering builds on sourcehut. This program is intended to run as a git post-update hook. Note: Not yet feature complete, as interpolation of concrete git values and also sourcehut secrets is missing.
2020-02-21 r/567 fix(ops/nixos/camden): Add missing quote in nginx configVincent Ambo1-1/+1
2020-02-21 r/566 feat(ops/nixos/camden): Modify nginx log formatVincent Ambo1-8/+8
This log format contains more structured and correctly typed information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 r/565 fix(ops/nixos/camden): Configure nginx to not log hostnamesVincent Ambo1-1/+1
Hostname prefixes break JSON serialisation, leading to useless Stackdriver Logging entries.
2020-02-21 r/564 feat(ops/nixos/camden): Install jqVincent Ambo1-0/+1
2020-02-21 r/563 feat(ops/nixos/camden): Forward logs to Stackdriver LoggingVincent Ambo1-0/+8
Enables the journaldriver service to forward logs into a "home" log-stream in the "tazjins-infrastructure" project. The service account key for camden has been placed on the machine manually.
2020-02-21 r/562 chore(ops/nixos/nugget): Remove input-fonts packageVincent Ambo1-1/+0
My default font is now Jetbrains Mono everywhere.
2020-02-21 r/559 chore: Rename pkgs->depot in all Nix file headersVincent Ambo9-46/+44
2020-02-17 r/557 Merge branch 'fix/camden-trusted-users'Vincent Ambo1-0/+2
2020-02-17 fix(ops/nixos/camden): Add myself to trusted Nix usersVincent Ambo1-0/+2
2020-02-17 r/556 fix(ops/nixos/camden): Use pounce from //third_partyVincent Ambo1-1/+1
2020-02-17 r/553 feat(ops/nixos/camden): Install pounce on camdenVincent Ambo1-1/+8
2020-02-17 r/552 feat(ops/nixos/camden): Enable support for moshVincent Ambo1-0/+2
2020-02-17 r/551 Merge branch 'feat/camden-migration'Vincent Ambo1-1/+1
2020-02-17 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnamesVincent Ambo1-1/+1
2020-02-14 r/550 refactor(ops/nixos/camden): Merge ACME certificate blocksVincent Ambo1-11/+7
2020-02-14 r/549 feat(camden): Move to actual tazj.in hostnamesVincent Ambo1-4/+15
2020-02-12 r/548 feat(ops/nixos/nugget): Add camden to /etc/hostsVincent Ambo1-0/+7
At the moment there is no other way for requests from nugget to camden to resolve correctly, as the Hyperoptic router is eating this traffic on the LAN.
2020-02-12 r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camdenVincent Ambo1-0/+21
2020-02-12 r/546 feat(ops/nixos/camden): Move ACME configuration out of nginxVincent Ambo1-4/+13
This makes it possible to re-use the same provisioning mechanism for multiple related domains.
2020-02-12 r/545 feat(ops/nixos/camden): Set up cgit serviceVincent Ambo1-5/+27
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport.
2020-02-11 r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config typeVincent Ambo1-8/+10
2020-02-11 r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobsVincent Ambo1-1/+5
This directory is writeable by me and is intended to make it easy to serve random blobs.
2020-02-11 r/541 feat(ops/nixos/camden): Enable haveged entropy "generator"Vincent Ambo1-3/+4
2020-02-11 r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blogVincent Ambo1-0/+53
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later.
2020-02-11 r/538 fix(ops/nixos/camden): Use package set from depot pinVincent Ambo1-2/+9
2020-02-11 r/537 feat(nix/tailscale): Add function for generating tailscale ACLsVincent Ambo1-1/+8
... and use it on Camden!
2020-02-11 r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale meshVincent Ambo1-3/+21
2020-02-11 r/535 fix(ops/nixos): Add camden to rebuilder scriptVincent Ambo1-0/+4
This should probably be templated instead.
2020-02-11 r/534 feat(ops/nixos): Add initial configuration for host camdenVincent Ambo3-7/+96
2020-02-11 r/533 feat(ops/nixos/nugget): Enable tailscale-relayVincent Ambo1-0/+12
2020-02-11 r/532 feat(ops/nixos): Add NixOS module for running tailscaleVincent Ambo2-0/+78
This uses the "legacy" tailscale Linux client, but built from source as per the previous commits.
2020-02-11 r/530 chore(ops/nixos/nugget): Install tailscale on nuggetVincent Ambo1-0/+1
2020-02-09 r/508 chore(ops/infra/k8s): Bump website replicas to 3Vincent Ambo1-1/+1
There are typically 3 machines in the cluster, might as well have 3 website instances!
2020-02-09 r/506 fix(ops/infra/k8s): Send www.* to nginx for redirectionsVincent Ambo1-1/+9
2020-02-09 r/503 feat(ops/infra/k8s): Add website deployment configurationVincent Ambo1-0/+37
2020-02-09 r/502 docs: Update README with new website setupVincent Ambo1-1/+1
2020-02-09 r/500 chore(ops/infra/k8s): Delete tazblog deploymentVincent Ambo3-37/+3
2020-02-08 r/483 feat(ops/nixos/nugget): Install i3lockVincent Ambo1-0/+1
2020-02-07 r/478 feat(ops/nixos/nugget): Enable pcscd & install Yubikey toolsVincent Ambo1-0/+8
2020-02-04 r/476 feat(ops/nixos/nugget): Enable U2F hardware supportVincent Ambo1-0/+1
2020-01-25 r/456 feat(ops/nixos/nugget): Install unzipVincent Ambo1-0/+1
2020-01-20 r/435 feat(ops/nixos/nugget): Enable Keybase "service"Vincent Ambo1-0/+2
2020-01-20 r/434 feat(ops/mq_cli): Bump dependencies & add derivationVincent Ambo4-124/+62