about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2022-05-26 r/4136 refactor(sanduny): Prepare for restricted-evalVincent Ambo1-1/+1
Change-Id: I83a404dc7dbaf5ca53659d03df4e4de461a9d046 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5688 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 r/4134 refactor(whitby): Prepare for restricted-evalVincent Ambo1-40/+42
Change-Id: I7604ca29310d759b0ffee2ffb0048b6365a2894c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5683 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 r/4122 fix(ops/modules): adapt for changed ssh.knownHostsVincent Ambo1-3/+3
Somehow this ended up generating an empty file, with this change it is fine again. I was looking at the recent commits of the module in nixpkgs but couldn't quite figure it out, there are also some vague references to the attribute set key being used as a hostname, but this doesn't seem to be true in practice. To be clear, the previous code was wrong, but at some point it generated a file that accidentally worked. Change-Id: I42d55730c09daafe6d6fe0eb3647135e84737bca Reviewed-on: https://cl.tvl.fyi/c/depot/+/5670 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-05-25 r/4118 feat(whitby): Deploy private SSH key for build agentsVincent Ambo2-0/+7
Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-05-25 r/4117 feat(ops/secrets): Add private SSH key for Buildkite agent(s)Vincent Ambo2-0/+1
The public key is: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME13zAw3Fk6qsbWCe6mH2zkxOJ+NmG+FwMjLw00mcWt buildkite@tvl Change-Id: Ia8591e5df42727e4068f26865d83d0af85424fde Reviewed-on: https://cl.tvl.fyi/c/depot/+/5664 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-25 r/4115 feat(ops/modules/open_eid.nix): Access all key slotsKlemens Nanni1-3/+4
`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25 r/4114 feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATHKlemens Nanni1-0/+1
libdigidocpp is a dependency of qdigidoc4(1) already. This will need https://github.com/NixOS/nixpkgs/pull/174055 "libdigidocpp: Fix PKCS11 module library path" to work, though. Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25 r/4112 feat(3p/agenix): update to 2022-05-16 and add to nivsterni9-12/+12
The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
2022-05-24 r/4108 feat(ops/users): add j4m3sJames Landrein1-0/+5
I've only been a couple months lurking in the IRC ... Change-Id: Idebf96d3bf1124f0a97e11e0f854e8c6d4be8d8e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5662 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2022-05-23 r/4106 refactor(nixery): Modernise structure of binariesVincent Ambo1-1/+1
Nixery is going to gain a new binary (used for building images without a registry server); to prepare for this the server binary has moved to cmd/server and the Nix build logic has been updated to wrap this binary and set the required environment variables. Change-Id: I9b4f49f47872ae76430463e2fcb8f68114070f72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5603 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-17 r/4092 chore(ops/secrets): add key for tazjin/zamalekVincent Ambo21-105/+123
Change-Id: Ieb2fe49a67940d7cfbd261edbe10d0a8577a466d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5628 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-10 r/4048 feat(tazjin/nixos): Add system configuration for zamalekVincent Ambo1-0/+1
This is my new Huawei MateBook X. Change-Id: I32a8b77dd8f53b3c89bf63f448cd2880f9a457b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5554 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-05-08 r/4017 feat(ops/modules/open_eid.nix): document firefoxFlorian Klink1-0/+3
Firefox users can add p11-kit-proxy (or other SecurityDevices) system-wide, by making use of the extraPolicies functionality. Change-Id: Id58b6cab425199fb0e09e846db2a86d302c0de0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5534 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2022-05-07 r/4016 feat(ops/modules/open_eid.nix): use p11-kit-proxyFlorian Klink1-7/+11
… instead of onepin-opensc-pkcs11. This acts as a glue to multiple PKCS#11 modules, and reads configuration files from /etc/pkcs11/modules. p11-kit is also used to propagate the system trust store to NSS: https://p11-glue.github.io/p11-glue/sharing-trust-policy.html See-Also: https://p11-glue.github.io/p11-glue/p11-kit.html Change-Id: I135c3a80a4eea0bd06f6b00089dc197c82476746 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5533 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-05-04 r/4004 subtree(3p/cgit): update for git 2.36.0 supportsterni1-1/+1
Merge commit '51596ba1c25ff0dbba894153015203b4f1d3947b' into canon Change-Id: Iaaf7a849d111aebc6bf85cec118439ba1d49f1e3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5521 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-04 r/4003 chore(3p/sources): Bump channels & overlayssterni1-1/+1
* //nix/buildLisp: ccl dumped images have fixed themselves… again * //3p/git: rebase patch on 2.36.0 * //3p/overlays/haskell: remove upstreamed workarounds * Disable everything depending on cgit temporarily, since it doesn't compile with git 2.36 yet. Change-Id: I9dc11c0846641341adbdcc7162cbf149a15fe0cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5519 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-04-26 r/3991 fix(ops/besadii): Fix output formatting for non-CL buildsVincent Ambo1-1/+1
Change-Id: Ie9ffb2d287f6c8a1e3ae45a7ad6671b9b8fa9c8a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5505 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-04-21 r/3986 chore(3p/sources): Bump channels and overlaysVincent Ambo1-13/+6
Changes: * updated keycloak configuration for new version * migrate to emacs28 outside of //users, re-add emacs27 but with a warning attached urging people to migrate Change-Id: I3e5765a63934541f72f6c4a8673d3b4671850c93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5501 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-04-20 r/3982 chore(nixery): Housekeeping for depot compatibilityVincent Ambo1-1/+1
Cleans up a whole bunch of things I wanted to get out of the door right away: * depot internal references to //third_party/nixery have been replaced with //tools/nixery * cleaned up files from Github * fixed SPDX & Copyright headers * code formatting and inclusion in //tools/depotfmt checks Change-Id: Iea79f0fdf3aa04f71741d4f4032f88605ae415bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5486 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-04-17 r/3971 chore(journaldriver): Bump dependenciesVincent Ambo1-32/+32
Change-Id: I8819639bf5ddcc52510f20a92ab4b93af873682d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5475 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-04-15 r/3953 feat(wpcarro/ava): Support new machineWilliam Carroll1-0/+1
ava is my new (NixOS!) work machine :) Change-Id: I1f089f00c02519d5d1d93d011f29075d53500e74 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5450 Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2022-04-14 r/3948 feat(ops/open_eid): Add script for setting up browser integrationVincent Ambo1-0/+18
Change-Id: Ib339d62d862fd99dab2fda30376b8e47b337a26b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5441 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2022-04-11 r/3941 feat(whitby): Increase prometheus retention time to 90dVincent Ambo1-0/+1
Change-Id: I67287d7b1d8ee2c3004d381b5bc684bf4fc7d42c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5429 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-04-09 r/3938 feat(ops/modules): Add module for using Estonian e-residency cardVincent Ambo1-0/+10
Someone already packaged the required software, so I didn't have to do that. Change-Id: Ifc6a68fd4cd89f4718368a05acb6c6f536e01aab Reviewed-on: https://cl.tvl.fyi/c/depot/+/5431 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2022-03-31 r/3927 fix(ops/oauth_proxy): Depend on Keycloak serviceVincent Ambo1-0/+6
If the Keycloak service is running on the same machine as the oauth2 proxy (spoiler alert: it is!), let the service depend on it. Change-Id: I30e4222b4cd5589e08849ef6f37cf1fb4369f55a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5421 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-03-30 r/3924 refactor(ops/pipelines): Configurable GraphQL token locationVincent Ambo1-1/+3
For external users of the pipeline construction, the token might be in a different path than `/run/agenix/buildkite-graphql-token`. It is made configurable through the BUILDKITE_TOKEN_PATH environment variable. This should be configured on the pipeline level to apply to all steps. Change-Id: I23c52e2d705e4134b8b013f8603f92e5533a6e44 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5424 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-03-19 r/3917 chore(3p/sources): Bump channels & overlayssterni1-2/+2
* Remove use of aliases that have been removed in nixpkgs commit a36f455905d55838a0d284656e096fbdb857cf3a: - ncat - x11 - nologin - dbus_libs - emacsPackagesGen - man-pages - pulseaudioLight Change-Id: Ide603bf48bc7f77e10e4aa715ba025aece3644fd Reviewed-on: https://cl.tvl.fyi/c/depot/+/5387 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-03-11 r/3905 fix(modules/quassel): Open firewall port automaticallyVincent Ambo1-0/+2
Change-Id: Ie815495561f789590b5f49ecfd33441822f79047 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5382 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-20 r/3862 refactor(journaldriver): Replace ureq with crimpVincent Ambo3-287/+88
crimp is in TVL (//net/crimp), and it has fewer dependencies than ureq (including - finally - no more old time or chrono). Change-Id: I354f8f78b34a85abe3af671ffeffbe6a7fded5ee Reviewed-on: https://cl.tvl.fyi/c/depot/+/5318 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-20 r/3860 chore(journaldriver): Bump medallion to 2.5Vincent Ambo2-36/+4
This version includes my patch for removing chrono from medallion (https://gitea.cmdln.net/cmdln/medallion/commit/025b143d) Change-Id: I2b745598538dd34e967e49c2b342be1b04ca9f27 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5316 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-20 r/3859 chore(ops/modules): Remove fix-nginx timer unitVincent Ambo1-22/+0
This doesn't seem to be needed anymore. Change-Id: Id8d4192840e8ab10adb652abc9bd6540009a3dcf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5319 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3856 refactor(journaldriver): Use time crate directly instead of chronoVincent Ambo4-25/+47
With this change, we still depend on chrono (through medallion), but but I'm going to try and fix that upstream as well. Change-Id: Iefd3d8578ea8870961107f3222dea7f936c2dd9a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5311 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3855 test(journaldriver): Add test for serialising timestampsVincent Ambo1-1/+23
Change-Id: I5b769f5974546fd4f4f853111bd17c9d22d73a5e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5310 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3854 chore(journaldriver): Migrate to Rust Edition 2021Vincent Ambo2-20/+6
Change-Id: I858738b6fc554060824bbb4e69d5ccd03789535d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5309 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3853 chore(journaldriver): Update crates within boundsVincent Ambo1-246/+206
Basically just `cargo update`. Change-Id: I86e58d73ff67d69201124d65136773325b240cbe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5308 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3852 refactor(journaldriver): Use anyhow instead of failureVincent Ambo3-313/+241
Apparently failure is not hip anymore, and crate updates are forcing the use of anyhow now. Whatever. The functionality basically stays the same, maybe error messages will look a little bit different now. Change-Id: I173d644688785339c16161ddeec47a534123710f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5307 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3851 feat(ops/glesys): add DNS record for AAAA sanduny.tvl.su.Vincent Ambo2-0/+12
Change-Id: I4a74cd173b326941c12b7611841ced2038650137 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5314 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 r/3850 feat(ops/glesys): add DNS record for A sanduny.tvl.su.Vincent Ambo2-0/+12
Change-Id: I12e678f161ca9bfb7e982ed067a0b8bd0325d737 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5296 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-02-18 r/3849 fix(ops/modules/www): Make self-redirect to config a generic moduleVincent Ambo5-35/+29
As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 r/3848 feat(sanduny): Enable journaldriver moduleVincent Ambo1-0/+1
Change-Id: I9026386664000448642ff635bd71a7af5ed546c3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5303 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3847 refactor(ops/modules): Move journaldriver configuration into moduleVincent Ambo2-7/+27
This makes the journaldriver configuration machine-independent. The secret is loaded from agenix instead of being persisted on disk. Change-Id: I592ae7f5726fcb7f37a406f69dcf5ac498eeb1b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5302 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3846 feat(sanduny): Configure Bitfolk nameserversVincent Ambo1-0/+8
Change-Id: I81b252aedbf1ce3543a167b6c1942c404d4f1f1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5312 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3844 feat(ops/machines): Add a module for known SSH keysVincent Ambo3-0/+23
Change-Id: I443e479f3edf9c6540de7b5a33bc6f7e2a9c5183 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5305 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3843 feat(ops/modules): Redirect machine base names to their configVincent Ambo4-0/+35
With this change, entering just "whitby.tvl.fyi" or "sanduny.tvl.su" in a browser will redirect users to their machine configurations. Change-Id: Ibf076a469bcce073e1b1970aa568d6fe16a5c75a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5304 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3842 refactor(ops/modules): Move ACME base configuration into base.nixVincent Ambo2-5/+5
This needs to be present on all machines that run ACME stuff. I've switched the address for a .su one because I have a catchall for these. Change-Id: I7af8e1f1cb2fcfbcba4b7d1930ed0edef0106d72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5306 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-17 r/3841 feat(ops/secrets): Add journaldriver keyVincent Ambo2-20/+23
This changes the structure of secrets.nix a bit to split between secrets for whitby, and secrets for all TVL machines. Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3840 feat(ops/machines): Add tvl-users to sanduny.tvl.suVincent Ambo1-7/+7
Change-Id: I20f54f4ab298cfee91062f7bf4cdc8b0b3ccb37c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5299 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3839 feat(ops/machines): add configuration for sanduny.tvl.suVincent Ambo3-1/+103
This will be an additional web host / fallback git server for whitby incidents. Change-Id: Icd6f7ce574ffd520b5783a50ff317feed7b71fc6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5297 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3838 refactor(ops/modules): Move user configuration into moduleVincent Ambo2-80/+95
Rather than defining all system users inline on whitby, move them into a module that can be imported on multiple machines. Configuration for terminfos that we've added follows along. Note that while doing this I've disabled logins for riking and isomer since they are currently inactive in TVL. Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-16 r/3837 refactor(ops/modules): Rename git-serving -> joshVincent Ambo3-8/+8
cgit has its own module now Change-Id: I9b4cc322374517b8bd3db43345831e2bf43c4bb1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5295 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>