about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2021-09-16 r/2878 refactor(ops/restic): Move restic configuration into a new moduleVincent Ambo2-22/+75
Relates to b/147. First step towards giving depot modules the ability to declare their own backup directories by moving all restic configuration into a new module and adding a NixOS option for inclusion/exclusion paths for backups. This still keeps all backup paths within the whitby config. Change-Id: Ia96833668f1a3d02da892261153d8b02156b8ac0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3565 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-09-16 r/2877 feat(git-serving): Configure josh to serve the depot over HTTPVincent Ambo3-16/+72
Previously we served the dumb git HTTP protocol from code.tvl.fyi via cgit. This CL disables this feature and instead runs josh in the same location (by redirecting appropriately), but while also enabling partial cloning of all subtrees of the depot. For example, after this CL the following would result in an independent clone of //nix/readTree: git clone https://code.tvl.fyi/depot.git:/nix/readTree.git Note that there are no josh workspaces configured at all for now, these references are only for static depot subpaths. Please refer to the documentation for josh for more information on available kinds of josh filters. Josh state is kept in a systemd state directory in /var/lib/josh and backed up to Restic. Backing this up is necessary, as josh uses stateful information to do things like tracking merges and rewriting history per subtree appropriately to avoid cloned repositories ending up in peculiar states. Change-Id: I156f0298c2aa42e3bdbf5a0e86109070d640c56e Reviewed-on: https://cl.tvl.fyi/c/depot/+/3563 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2021-09-11 r/2848 fix(deploy-whitby): Add jq to script $PATHVincent Ambo1-1/+2
Change-Id: Ide669bce545394335b8643fa2896a242cac3df65 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3528 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 r/2847 fix(deploys.*): Folder for diffs is in /diff/Vincent Ambo1-1/+1
... this was missing before. Change-Id: I5b79cb78665f24fdb7cc6496e3782d3940dc77b6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3527 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 r/2846 feat(sourcegraph): Upgrade 3.30.4 -> 3.31.2Vincent Ambo1-1/+1
This one seems a little more involved: https://docs.sourcegraph.com/admin/migration/3_31 I believe we skip that corruption issue in the previous CL though, by simply never deploying a version with that weird broken image. See b/144 Change-Id: I3bbf1b719d00905e08a92011ace5485467f504ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/3525 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 r/2845 feat(sourcegraph): Upgrade 3.29.1 -> 3.30.4Vincent Ambo1-1/+1
See b/144 Change-Id: Ied9490f3ce6fb3fda8cbb9983416b02ea451fb44 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3524 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 r/2844 feat(sourcegraph): Upgrade 3.28.0 -> 3.29.1Vincent Ambo1-1/+1
See b/144 Change-Id: Ia62d4cbf581caaefa0dba455376eec60b8c817d6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3523 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 r/2843 fix(sourcegraph): Temporarily comment out our syntax highlighterVincent Ambo1-1/+2
We changed away from the default sourcegraph one because it didn't support Nix, but it seems that there's been a change in the interaction protocol. Change-Id: I3a2691df6a87672cf83b819143f25d93d9cd6d13 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3531 Tested-by: BuildkiteCI Reviewed-by: eta <tvl@eta.st> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 r/2842 feat(sourcegraph): Upgrade 3.27.5 -> 3.28.0Vincent Ambo1-1/+1
See b/144 Change-Id: Ia09ad2af6043dcac6681c549103d1e6f52b4e0a0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3522 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 r/2841 feat(sourcegraph): Upgrade 3.26.0 -> 3.27.5Vincent Ambo1-1/+1
See b/144 Change-Id: I50d417c51b05bafcd3fe7e285f30079db8be499a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3521 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 r/2840 fix(deploy-whitby): Make diffs world-readableVincent Ambo1-0/+1
Change-Id: I1610a8d189f95908bab4cd00057cc080ae47a21a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3530 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 r/2839 fix(deploy-whitby): Add .html suffix to diff filenamesVincent Ambo1-1/+1
This makes nginx' content-type recognition work correctly. Change-Id: I990b00f1e0f4ef311f53a8885718fa33d249c886 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3529 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-10 r/2838 feat(ops/deploy-whitby): Add the start of a script to deploy whitbyGriffin Smith2-0/+75
Add the beginnings of an auto-deploy script for whitby, intended to be (eventually) suitable for running automatically in a systemd timer. The current iteration of the script doesn't actually do any deploying, but instead takes as an argument a revision, creates a new git worktree in /tmp with that revision checked out, runs a nix-diff of whitby's system derivation in the running system and at that closure, puts an html-rendered version of that diff in the public directory used by deploy.tvl.fyi, and finally sends a message to IRC via irccat with a link to that HTML page. Refs: b/110 Change-Id: Id40525567f8845590c909568befd8d00c07a481c Reviewed-on: https://cl.tvl.fyi/c/depot/+/3145 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: kn <klemens@posteo.de>
2021-09-10 r/2837 feat(whitby): Serve static HTML dir for deploys.tvl.fyiGriffin Smith2-1/+22
Add a new domain and nginx virtual host at deploys.tvl.fyi, serving out of a static directory on whitby which is created by systemd-tmpfiles. This will be used to serve diffs rendered by nix-diff for pending deploys for whitby Since this contains stateful data, it is added to the restic backups on whitby. Refs: b/110 Change-Id: I5869d40800bbf5fb8fb39878a857f66ff5787830 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3144 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-08-31 r/2804 fix(ops/users): Another try at a working password hash for mdjnsnMike Johnson1-1/+1
Change-Id: I8b4aea53abb2004585241ad17c5fdfd9186c58f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3481 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-08-31 r/2803 feat(ops/users): Add mdjnsn to usersMike Johnson1-0/+6
Change-Id: I94975d848287c32e11b1d3986986f2dbc6c220b9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3466 Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2021-08-29 r/2799 refactor(ops/pipelines): Move failure status zeroing to setupVincent Ambo2-13/+7
We changed the configured pipeline in Buildkite to upload `static-pipeline.yaml` instead of containing the steps of that pipeline itself. This makes it easier to test changes to builds and such, but adds another build step with scheduling overhead etc. However - we can work around this by killing one of the existing build steps. There's no reason the failure status zeroing (required for status reporting) shouldn't be part of the pipeline setup, so I've moved it there instead and nuked that step. This should mean that the pipeline is configurable from within the repo, but without slowing anything down. Change-Id: I206ecc02647de42a461e33c02879ab84daf5ed2b Reviewed-on: https://cl.tvl.fyi/c/depot/+/3461 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-26 r/2791 refactor(gs/system): Remove chupacabraGriffin Smith1-1/+0
This machine no longer exists Change-Id: I8e549b8397777a01404bd84c10c195e80f281744 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3431 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2021-08-26 r/2787 fix(ops/pipelines/depot): Buildkite branches use full ref namesVincent Ambo1-1/+1
... otherwise the filtering also applies to canon. Change-Id: Ia1c67b99282fb8fd0e4d22e997535170f0326e33 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3432 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-08-26 r/2786 feat(pipelines/depot): Skip build steps if their out paths existVincent Ambo1-0/+12
Skip build steps if they have already been built, reducing pipelines to the things that actually changed between builds. On canon all targets are always built (we require this for anchoring). Note that this is not perfect, garbage collection and competing pipelines may affect each other. Also note that we have some impure targets that change on every commit. Change-Id: Ic6bae3b6c8e1e7fd2116ec252f5089f471854ab6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3427 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-08-26 r/2783 feat(ops/pipelines/depot): only evaluate once if possiblesterni1-3/+15
We currently evaluate every target twice -- once when the depot pipeline is built and once when actually running the build step in question. Nix evaluation is quite slow especially given heavy use of import from derivation in depot, so avoiding the second evaluation is desireable. Evaluating a derivation yields a `drv` file in the nix store which can be passed to `nix-store --realise` in order to build it eliminating the need to wait for evaluation. We can obtain the path to the `drv` file while building the pipeline via `target.drvPath` and remember it for the build later. However we need to work around a flaw (or oversight) in Nix's dependency tracking via string context: This is based on derivations, not output path (because this is what evaluation deals with, likely). This is no problem per se, but an issue is that Nix can't express a dependency on a `drv` file without any of its output paths. This means for us that we either have to build all output paths at evaluation time (which we don't want, obviously) or to deal with the fact that the `drv` file we need may be garbage collected at any moment after discarding the string context -- then nix is unable to track the reference from the pipeline to the `drv` file in the store. So to prevent a race condition between the pipeline and the garbage collector we fall back to the normal nix-build invocation as we did before. Change-Id: I9ef8bd233085dc6e30eba54f403ea03ac2d35748 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3426 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-08-24 r/2758 fix(tvl-sso): set memory limit to 512MLuke Granger-Brown1-0/+1
This is because I'm bored of CAS gradually consuming all the RAM on Whitby. Change-Id: Idcc14c19d99a6d3553739c5765be3faf2bdf9d84 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3233 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2021-08-24 r/2757 feat(besadii): Tag gerrit comments as autogeneratedGriffin Smith1-7/+10
This is a bit of an under-documented feature, but if the "tag" field for a gerrit review starts with the string "autogenerated:<something>~<something-else>", only the last comment per instance of <something> will be shown by default on the CL page (with the rest viewable by toggling the "Show all entries" switch). The idea behind the "<something-else>" tag is to be used for the "type" of comment within a particular system - gerrit's documentation gives the example of one tag for "the build is running" and another for "the build has finished, here's the result". Change-Id: I9199a6ed97beca1b3a51ec5d6230c6c8358ba2b3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3374 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-08-24 r/2752 feat(ops/dns): Point nixery.dev to whitbyVincent Ambo1-15/+4
The dropping of `www.` is intentional, that was unused. Change-Id: I300f82bb6e5626e2658be8fc5b5e3cf872ab7099 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3384 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-24 r/2751 feat(ops): Serve nixery.dev from whitbyVincent Ambo2-0/+22
Adds a new module for the nixery.dev domain and serves it from whitby. Note that the DNS records do *not* point to whitby yet, so deploying this will lead to a failed TLS provisioning unit - but this is intentional. Change-Id: I911f67a0aa24f8df3cb52d2cfc49a8b6132cf718 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3383 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-24 r/2750 chore(ops/dns): Reduce Nixery TTLs to 1 minute temporarilyVincent Ambo1-10/+10
We'll need to do a DNS switchover, likely with a short amount of downtime due to TLS provisioning. It would be possible to avoid this by provisioning a cert manually pre-hoc through the DNS challenge and then configuring whitby to use that, however I simply don't have time for that right now and the Google Cloud Project for Nixery is going away in O(days) for $reasons. Change-Id: I88dface5aaacec5acfa525ae117462f8ad296d92 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3382 Tested-by: BuildkiteCI Reviewed-by: kn <klemens@posteo.de>
2021-08-15 r/2735 fix(monorepo-gerrit): Enable adding new email addresses to accountsVincent Ambo1-0/+3
This is required when people change their email addresses (e.g. cl/3349) as nothing in Gerrit will update that information from the OAuth provider. Change-Id: I1eafdf22efd37898dcd0d06bb9a5d1471ffb5e31 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3356 Tested-by: BuildkiteCI Reviewed-by: eta <eta@theta.eu.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-08-13 r/2729 chore(ops/users): change my email address to tvl@eta.steta1-1/+1
I got a new domain, etc. Change-Id: Ic8ffc01f4e5e89dc2458d80a9c38757438cfa764 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3349 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-08-13 r/2726 feat(ops/www): Point images.tvl.* at NixeryVincent Ambo2-0/+23
Change-Id: I39f979c68e7b74f6da6a7da0f07aaa470886d451 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3346 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 r/2724 chore(ops/dns): Move nixery.dev to tvl-fyi GCP projectVincent Ambo1-6/+6
Change-Id: Ifbe7939a98a12d52ffbed3fb198558e6a7743e93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3344 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 r/2723 feat(ops/dns): Add images.tvl.* recordVincent Ambo2-2/+4
This record is intended to serve Nixery. Change-Id: I575dedac18c98f9f4bd5e459babe79e850361651 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3343 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 r/2721 feat(ops/modules): Add module for running NixeryVincent Ambo2-0/+46
This sets up a very simple Nixery instance with some things lacking: * no support for garbage-collecting image fragments (yet) * no popularity setup The plan is to use this to get the ball rolling on a separate domain (e.g. images.tvl.fyi), iron things out and then look into flipping over nixery.dev Change-Id: Ic594809f9d487fec7a0f632d608752a3f9c61315 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3280 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 r/2719 fix(monorepo-gerrit): Pin JVM version used for GerritVincent Ambo1-0/+7
Change-Id: Ib22cdc415cbd5a8345b9589b2c34b3908996dd57 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3322 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-06 r/2708 feat(ops/dns): Import current nixery.dev zoneVincent Ambo2-0/+22
Change-Id: I3c5684fedb516740c7048c117cdfda01a2a23260 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3278 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-06-12 r/2651 refactor(ops): Break out prometheus-fail2ban-exporter moduleGriffin Smith1-0/+52
Break out the configuration for the prometheus fail2ban exporter, which is a simple python script that exports stats from fail2ban as a prometheus-scrapable textfile, from Mugwump into a reusable nixos module in //ops/nixos/modules. Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-25 r/2631 fix(wigglydonke.rs): Don't rebuild nginx config unnecessarilyVincent Ambo1-1/+1
This fix is essentially the same as the one in cl/1263. Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-05-25 r/2630 chore(nixpkgs): Bump channels to 2021-05-25Vincent Ambo6-16/+9
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides * ops: make new isSystemUser || isNormalUser assertion happy * users/grfn/system/system/mugwump: make buildkite agents system users * users/tazjin/nixos/camden: set isSystemUser = true for git * users/tazjin/emacs: Remove missing & broken packages * third_party/openldap: remove, as the argon2 module is now enabled upstream * third_party/gerrit_plugins: Pinned new unstable hashes * third_party/nix, third_party/grpc: Disabled CI as these are broken * third_party/overlays/emacs: Bumped version to stay in sync with channel * third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib, since libclang's default output no longer contains libclang.so * users/grfn/system/home: Install julia-stable instead of julia (which aliases to julia-lts), as the latter depends on an insecure version of libgit Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 r/2628 chore(whitby): Add ZNC state to Restic backupsVincent Ambo1-1/+1
Until we have declarative ZNC config (which requires a solution for secrets handling in it), make sure we back this up as well. Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 r/2627 fix(tvl-slapd): Replace deprecated OpenLDAP module optionsVincent Ambo1-5/+7
Use the new module settings which apply configuration in cn=config instead of slapd.conf. The module performed this update via lib.mkChangedModuleOption, I've applied the transformations contained therein manually. Note that some of the settings were already in place, which means that the `suffix` and `database` options seemingly disappear into the void. Fixes b/105. Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-24 r/2626 refactor(ops/nixos): Pass `depot` as a special argumentVincent Ambo1-4/+4
This changes the evaluation order for the `depot` argument and ensures it is partially evaluated before the module system starts resolving imports. This way we can import modules from `depot.path` without `depot` having to come from readTree. Fixes b/129. Change-Id: Icf4dd2be15011055dac8b27e991a4ff6a12bf827 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3156 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 r/2624 chore(ops/users): Update email address for cynthiaCynthia Revström1-1/+1
Change-Id: Ieb59d9215c5c1159113375dea0dd96d3d29e1303 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3154 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-24 r/2623 fix(ops/users): Rehash password for knKlemens Nanni1-1/+1
This time using `tools.hash-password` because login did not work with the initially created hash. Change-Id: I1eb62a496d2d8497d27573af47bf8bf70dac9bbb Reviewed-on: https://cl.tvl.fyi/c/depot/+/3153 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-24 r/2621 feat(ops/users): Add knKlemens Nanni1-0/+5
Change-Id: Ib615743fc57357b0de17600c9a3f400c48fd0f70 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3151 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2021-05-23 r/2620 feat(dns): Add record for deploys.tvl.fyiGriffin Smith1-10/+11
This will be used to serve (nix-) diffs for pending deploys of whitby Change-Id: Ia864993b1fcb3b7ce5fcc21f32a27528a4c31f08 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3149 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 r/2619 fix(whitby): Fix irccat configuration for incorrectly named optionVincent Ambo1-1/+3
irccat is passing the realname option as the ident of the user, which doesn't match what is in ZNC. It hasn't seen any upstream commits in a long time, so I'm just leaving this as is and fixing it locally in our config. Change-Id: I3bf865f37b8df9c1cd891a94245ca3fad376bbe1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3150 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-05-23 r/2617 feat(whitby): Let sterni bear the wheelVincent Ambo1-1/+1
Change-Id: Ib4f7dcbdc754d2fc271f501a9ea270e983a3645f Reviewed-on: https://cl.tvl.fyi/c/depot/+/3147 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-05-23 r/2616 fix(ops/users): Fix hash format for cschillingVincent Ambo1-1/+1
Change-Id: Ib0c53e8f6bc030cbdfe31020ed9d6764bd732a62 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3146 Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
2021-05-23 r/2611 feat(ops/users): Add cschilling to userssterni1-0/+5
Change-Id: I8afc23c749a5318d7c2ce893903980112ff13c12 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3137 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 r/2610 feat(whitby): Enable fail2banGriffin Smith1-0/+2
I like running fail2ban on any machine that has stuff like ssh world-open, to limit the potential for password brute-force attacks etc. Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-22 r/2609 chore: Replace Freenode mentions with HackIntVincent Ambo1-1/+2
This doesn't replace all of them in the repo, but at least the ones that are relevant to our move. Change-Id: I842e7594b4c16af30d880272417874f6b29afd22 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3134 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: grfn <grfn@gws.fyi>