about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2022-02-18 r/3854 chore(journaldriver): Migrate to Rust Edition 2021Vincent Ambo2-20/+6
Change-Id: I858738b6fc554060824bbb4e69d5ccd03789535d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5309 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3853 chore(journaldriver): Update crates within boundsVincent Ambo1-246/+206
Basically just `cargo update`. Change-Id: I86e58d73ff67d69201124d65136773325b240cbe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5308 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3852 refactor(journaldriver): Use anyhow instead of failureVincent Ambo3-313/+241
Apparently failure is not hip anymore, and crate updates are forcing the use of anyhow now. Whatever. The functionality basically stays the same, maybe error messages will look a little bit different now. Change-Id: I173d644688785339c16161ddeec47a534123710f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5307 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3851 feat(ops/glesys): add DNS record for AAAA sanduny.tvl.su.Vincent Ambo2-0/+12
Change-Id: I4a74cd173b326941c12b7611841ced2038650137 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5314 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 r/3850 feat(ops/glesys): add DNS record for A sanduny.tvl.su.Vincent Ambo2-0/+12
Change-Id: I12e678f161ca9bfb7e982ed067a0b8bd0325d737 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5296 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-02-18 r/3849 fix(ops/modules/www): Make self-redirect to config a generic moduleVincent Ambo5-35/+29
As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 r/3848 feat(sanduny): Enable journaldriver moduleVincent Ambo1-0/+1
Change-Id: I9026386664000448642ff635bd71a7af5ed546c3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5303 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3847 refactor(ops/modules): Move journaldriver configuration into moduleVincent Ambo2-7/+27
This makes the journaldriver configuration machine-independent. The secret is loaded from agenix instead of being persisted on disk. Change-Id: I592ae7f5726fcb7f37a406f69dcf5ac498eeb1b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5302 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3846 feat(sanduny): Configure Bitfolk nameserversVincent Ambo1-0/+8
Change-Id: I81b252aedbf1ce3543a167b6c1942c404d4f1f1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5312 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 r/3844 feat(ops/machines): Add a module for known SSH keysVincent Ambo3-0/+23
Change-Id: I443e479f3edf9c6540de7b5a33bc6f7e2a9c5183 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5305 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3843 feat(ops/modules): Redirect machine base names to their configVincent Ambo4-0/+35
With this change, entering just "whitby.tvl.fyi" or "sanduny.tvl.su" in a browser will redirect users to their machine configurations. Change-Id: Ibf076a469bcce073e1b1970aa568d6fe16a5c75a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5304 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 r/3842 refactor(ops/modules): Move ACME base configuration into base.nixVincent Ambo2-5/+5
This needs to be present on all machines that run ACME stuff. I've switched the address for a .su one because I have a catchall for these. Change-Id: I7af8e1f1cb2fcfbcba4b7d1930ed0edef0106d72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5306 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-17 r/3841 feat(ops/secrets): Add journaldriver keyVincent Ambo2-20/+23
This changes the structure of secrets.nix a bit to split between secrets for whitby, and secrets for all TVL machines. Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3840 feat(ops/machines): Add tvl-users to sanduny.tvl.suVincent Ambo1-7/+7
Change-Id: I20f54f4ab298cfee91062f7bf4cdc8b0b3ccb37c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5299 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3839 feat(ops/machines): add configuration for sanduny.tvl.suVincent Ambo3-1/+103
This will be an additional web host / fallback git server for whitby incidents. Change-Id: Icd6f7ce574ffd520b5783a50ff317feed7b71fc6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5297 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 r/3838 refactor(ops/modules): Move user configuration into moduleVincent Ambo2-80/+95
Rather than defining all system users inline on whitby, move them into a module that can be imported on multiple machines. Configuration for terminfos that we've added follows along. Note that while doing this I've disabled logins for riking and isomer since they are currently inactive in TVL. Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-16 r/3837 refactor(ops/modules): Rename git-serving -> joshVincent Ambo3-8/+8
cgit has its own module now Change-Id: I9b4cc322374517b8bd3db43345831e2bf43c4bb1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5295 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-16 r/3836 refactor(ops/modules): Move cgit configuration into a moduleVincent Ambo4-22/+108
The ancient `//web/cgit-taz` path stems from the time I had code.tazj.in serving my initial version of the depot. I've been meaning to clean this up for forever, so here we go. Note that this leaves the git-serving module in a strange state where it only deals with josh. I'll rename it accordingly. Change-Id: I47ed1e9d90958299b5440a18a1b9075274754e33 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5294 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-13 r/3812 chore(3p/sources): Bump channels & overlayssterni1-1/+2
* //nix/buildLisp: re-enable CCL, as the crash has been fixed upstream, although it is unclear what exactly caused / fixed it. * //ops/whitby: the kitty build broke upstream, so we can't install the terminfo on whitby for a bit. Change-Id: I5710acbe837fbc936e334b2e81f9cf00ed6ae280 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5274 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-08 r/3791 style(rust): Format all Rust code with rustfmtVincent Ambo6-92/+115
Change-Id: Iab7e00cc26a4f9727d3ab98691ef379921a33052 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5240 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-08 r/3790 chore: move some meta.targets definitions to meta.ci.targetsVincent Ambo1-1/+1
Change-Id: Icdec1dec89158fb596c5185ac7105892081947f5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5252 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-05 r/3773 chore(mq_cli): Rename cargo project to mq_cliVincent Ambo3-6/+8
I am trying to publish this to crates.io, and `mq` is already taken up by what seems to be a dead project. Change-Id: I14d1f5f31f167fde954d9c1e39fc9fec5f4c3d10 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5234 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-02-05 r/3772 chore(mq_cli): prepare new releaseVincent Ambo4-69/+91
Same trick as in the last commit, trying to hit the right revision. Change-Id: I0af9e88b4d2fd8239a7819dbe0da13f26cca8d6b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5233 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-02-05 r/3771 chore(posix_mq.rs): Prepare new release to crates.ioVincent Ambo2-4/+16
... and update some outdated stuff in the README while we're at it. Change-Id: Ib3a12596bd1ba61e91ac6e1d37106b616da3030d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5232 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-02-04 r/3769 chore(ops/posix_mq.rs): upgrade to nix 0.23Vincent Ambo3-49/+50
The previous version had a CVE. As part of this upgrade, the handling of errors inside of the Nix crate changed, which we now accommodate. Change-Id: Iad9a473c1782e0d79919cb5dc3f76316852d8a16 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5226 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-04 r/3766 fix(ops/posix_mq.rs): use newer struct mem::MaybeUninitVincent Ambo1-42/+20
The previous mem::unitialized method was deprecated in favour of this struct which carries information about the initialisation state forward to the compiler. Change-Id: Ib5f5d1ad91f9957b18eebabc1048f8649bc74049 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5225 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-04 r/3765 refactor(ops/posix_mq.rs): Update code using deprecated Error traitVincent Ambo1-18/+21
The previous Error::description method was deprecated. Change-Id: I63efd272484c8715b9f324ab09e967fbf53cf55a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5224 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-31 r/3723 style: format entire depot with nixpkgs-fmtVincent Ambo29-159/+209
This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-29 r/3716 fix(ops/whitby): enable services.nginx.statusPageGriffin Smith1-0/+3
This is necessary for the nginx prometheus exporter to work Change-Id: I2343d6f5d3d6d6772777d5e14426a537aa1c8ef7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5127 Autosubmit: grfn <grfn@gws.fyi> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2022-01-29 r/3715 feat(whitby): Enable nginx prometheus exporterGriffin Smith1-7/+22
Might be nice to look at rates of requests etc. Change-Id: I4d12ab0c1a555793e803de4a9614e616951a94e5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5125 Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: grfn <grfn@gws.fyi>
2022-01-29 r/3714 feat(ops/secrets): Add secret for telegram alerts bot tokenGriffin Smith2-0/+15
This isn't actually used by anything that would use agenix, but this seems like a vaguely sensible way of sharing the token with other people regardless. Anyone who finds this commit and wants to be added to the telegram channel where the alerts go, lmk. Change-Id: I06d6ed2d4bec099cbf68ede8fd00a5e6f4e7bc60 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5124 Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-01-29 r/3713 fix(www/tvl.fyi): Anchor /blog redirects at #blogVincent Ambo1-2/+2
Since our blog index is on the index page, this makes slightly more sense. Change-Id: I7b8164490c133e23d892abef21275f8bfed50b66 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5123 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-01-29 r/3712 fix(tvl.fyi): Redirect /blog/ (with trailing /) to /Griffin Smith1-0/+4
This was already happening without the trailing slash, but needs to happen separately with it. Fixes: b/172 Change-Id: Ic3423fd7a2eaf76a073badd80965cee953df4ce9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5121 Tested-by: BuildkiteCI Autosubmit: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-29 r/3711 feat(ops/www): Write JSON access log to journaldVincent Ambo1-0/+18
This means it will end up in journaldriver. Change-Id: I66f781085b5dac9946b3b9a2bf30e447863e1213 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5122 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-01-29 r/3703 feat(ops/glesys): Move tvl.su email over to Yandex 360Vincent Ambo1-39/+18
This fixes b/158 Change-Id: Ie58737dfe144a342b6d4d30f72ec60d70405af31 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5110 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-01-29 r/3702 feat(ops/glesys): Set up Yandex 360 verification record on tvl.suVincent Ambo1-0/+9
Relates to b/158 Change-Id: I6738505bcf0088d35bb7c8f9215dcf0b4e27f9ca Reviewed-on: https://cl.tvl.fyi/c/depot/+/5109 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-01-22 r/3659 refactor(ops/pipelines): Move :anchor: into postBuildStepsVincent Ambo2-18/+18
There is no need for this step to be part of the static pipeline (it should not run if the build fails anyways). Change-Id: I71400a452d6f8f4708d146b346eaffda5da2f766 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5049 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-22 r/3658 feat(ops/pipelines): Upload post-build steps in static pipelineVincent Ambo1-0/+15
Change-Id: I5ce6d51837c734951fe10c4f21806cf0fc57ed23 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5048 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-22 r/3657 refactor(ops/pipelines): Split build/post steps into separate chunksVincent Ambo1-1/+1
This will create `build-chunk-$n.json` files for steps that should run _before_ duck, and `post-chunk-$n.json` files for steps that should run after duck. The post steps are not yet uploaded to Buildkite, but we also don't have any right now. Change-Id: I7e1b59cf55a8bf1d97266f6e988aa496959077bf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5047 Tested-by: BuildkiteCI Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Autosubmit: tazjin <tazjin@tvl.su>
2022-01-22 r/3656 refactor(ops/pipelines): Use branches filter for canon-only stepsVincent Ambo1-2/+2
Using this instead of a conditional leads to nicer output in the UI, but has no semantic difference. Change-Id: I5b368d663f417d256e4792d2d46b84fc50d42d0e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5045 Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-01-22 r/3655 refactor(ops/pipelines): Move :git: step up in the pipelineVincent Ambo1-14/+15
This step is independent of the build result and can be scheduled at the beginning while pipeline eval is still in progress. Change-Id: I2ee268e4c333efa654dcb12c0b1562b43231d241 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5044 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-22 r/3654 feat(ops/pipelines): Always upload entire pipeline outputVincent Ambo1-1/+1
Previously we only stored the drvmap, but we will also need the build chunks to refactor the generation of dynamic post-steps. Change-Id: I256fffe13af8f8c4521835257f5d87dda323b248 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5043 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-21 r/3653 refactor(depotfmt): Move formatting check into an extra stepVincent Ambo1-8/+1
Change-Id: I7e4cf6bb2351bd11a5396f1663c0d4cc97c0d94e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5009 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-20 r/3650 feat(ops/pipelines): Trigger pipeline for tvl-kit through canonVincent Ambo1-0/+10
This CI pipeline in Buildkite verifies the external (josh-provided) view of the depot at //views/kit. See https://buildkite.com/tvl/tvl-kit Note that this always triggers a build of HEAD. This is because we don't know the transformed commit ID, and we currently have no way to pass a ref through. The pipeline is configured to skip intermediate builds. I asked Buildkite for some ideas on how to improve this, lets see. Change-Id: I6c60fb1ea7606c1c90219ef04fd7bada64661529 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5010 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-19 r/3637 refactor(nix/buildkite): Move fetch-parent-targets script hereVincent Ambo2-42/+1
This is no longer TVL-specific and should live here with the other generalised stuff. Change-Id: I95a1b4c0321f34812162d6fd40568269abf639dd Reviewed-on: https://cl.tvl.fyi/c/depot/+/5006 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-19 r/3636 refactor(ops/pipelines): Generalise fetch-parent-targets scriptVincent Ambo2-14/+15
Removes all TVL-specific values in favour of environment variables supplied by Buildkite. This makes it possible to reuse this script outside of TVL. Change-Id: Ic543bc41e4c81e65ee349ad241c515231e97ab30 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5005 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-01-19 r/3633 feat(ops/besadii): make text 'cl' posted BuildKite configurableÅsmund Østvold1-4/+20
Some companies do not know the 'cl' term. They do know of 'change' and would maybe not like to introduce one more synonym. This cl introduce an optional entry 'gerritChangeName' in besadii.json. The string has to match `^[a-z0-9]+$` for readability. Change-Id: Id70fcb1e45158869f88bf37669be49b8b8a3b295 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4825 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: asmundo <asmundo@gmail.com>
2022-01-17 r/3616 fix(ops/oauth2_proxy): Fix cookie secret lengthVincent Ambo2-1/+1
The cookie secret in the encrypted file was too long, because the generation command in the oauth2_proxy docs is also wrong. Should probably fix that upstream as well. Also noticed that an extra '2' snuck into the service name and fixed that. Change-Id: I9a344a75993ab1f98299a8d45e7f5b2e146b7fc5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4957 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-17 r/3603 feat(ops/pipelines): Fetch parent target map for pipeline generationVincent Ambo2-1/+51
Change-Id: I1c7d48fc0974549d67146a15f79ddb0b6ddfe805 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4947 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-17 r/3602 feat(nix/buildkite): Check target map of parent to determine skipsVincent Ambo1-2/+6
This changes the logic for build pipeline generation to inspect an (optional) parentTargetMap attribute which contains the derivation map of a target commit. Targets that existed in a parent commit with the same drv hash will be skipped, as they are not considered to have changed. This does not yet wire up any logic for retrieving the target map from storage, meaning that at this commit all targets are always built. The intention is that we will have logic to fetch the target map (initially from Buildkite artefact storage), which we then pass to the depot via externalArgs when actually generating the pipeline. Change-Id: I3373c60aaf4b56b94c6ab64e2e5eef68dea9287c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4946 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>