about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2023-02-01 r/5810 feat(ops/secrets): add flokli to terraform secrets accessVincent Ambo25-138/+135
Change-Id: I9ede20028560f2da0fef89dfe431609c21bda51c Reviewed-on: https://cl.tvl.fyi/c/depot/+/8005 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-02-01 r/5808 feat(ops/secrets): add key for flokliFlorian Klink1-0/+3
Change-Id: I52299b39d1d68ee1b700b631f70ef809af682e26 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8004 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-02-01 r/5798 fix(ops/www): increase buffer memory size for auth.tvl.fyiVincent Ambo1-0/+4
Keycloak seems to have decided today that it will now send headers that are larger than what the nginx default configuration can handle. The numbers are a mix of made up and taken from random nginx voodoo posts on the internet, so they're as good a guess as anyone's. Change-Id: If037bcba48eee371cc96304b150276c669930c75 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7992 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2023-01-13 r/5656 chore(journaldriver): bump version numberVincent Ambo2-3/+3
Changes basically only include dependency bumps. This is r/5656. Change-Id: If2ad8914c45b61de6525e2640a15d167fef1dfd4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7819 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-01-13 r/5655 chore(journaldriver): simple dependency bumpsVincent Ambo2-135/+263
This bumps all dependencies to their newest version that does not require code changes. Change-Id: I7c7f01ce08de0cced86bab93b441327d3061f12d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7818 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-12-29 r/5547 feat(ops/modules): enable mail address obfuscation in public web UIVincent Ambo1-3/+11
Change-Id: I47b5313bee84893d405f86aefb3682cda3cfc6d7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7637 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-29 r/5546 fix(ops/modules): list IMAP server on public-inbox pageVincent Ambo1-0/+1
This fix can only be applied after the upstream public-inbox fix (https://github.com/NixOS/nixpkgs/pull/207693) has been merged. Change-Id: I957473e2895b7e57baad25c9e908b36aa790f3a6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7636 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-12-28 r/5529 fix(ops/pipelines): explicitly set contexts for annotationsVincent Ambo1-1/+1
I think what might be going on with b/231 is that the annotations somehow started conflicting because they don't have contexts set. Lets try setting a context and see if it changs anything ... Change-Id: I62ed57f9e24f08e4e7215f05d35cfa769e2e2c24 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7640 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-12-28 r/5515 feat(web/inbox): add landing page for inbox.tvl.suVincent Ambo1-2/+9
This landing page explains how to use the public-inbox. Change-Id: I37d74decad5173ab35051970593f1d28001af2b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7645 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-28 r/5513 style(ops/modules): add inbox email address to public-inbox headerVincent Ambo1-1/+1
Change-Id: Ib7d9089b63bba7ebc44d3438ed284e752f0595e9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7638 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-28 r/5512 feat(ops/modules): enable NNTP on inbox.tvl.suVincent Ambo1-2/+14
Change-Id: Iec564860a247fe51a5549129be294a3629645519 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7635 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-28 r/5511 feat(ops/modules): enable IMAP access for public-inboxVincent Ambo1-1/+27
This sets up IMAP on inbox.tvl.su:993 I added a hack to work around problems with the NixOS ACME module. Spent way too much time of my life with problems with that module, so I only use it with blunt force these days. Others are welcome to make a cleaner solution. Change-Id: Ice828766020856cf17d2f0a5b4491f4cec8ad9b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7633 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-12-27 r/5507 docs: change email address mentions to depot@tvl.suVincent Ambo1-1/+1
This is the new address which leads to the public inbox at inbox.tvl.su Change-Id: I45d98a373b8acda49b05c4f74669ffb9ad1f1a3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/7632 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-27 r/5506 feat(ops/modules): index incoming mail in public-inboxVincent Ambo1-0/+4
Change-Id: I8a3e2c0e789057fd1edd015ccb8fdcc0cbb52cd8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7631 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2022-12-27 r/5505 feat(ops/modules): configure offlineimap for depot@tvl.suVincent Ambo1-1/+48
On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-27 r/5504 feat(ops/secrets): add secret for IMAP to depot@tvl.suVincent Ambo2-0/+18
Change-Id: If3b3981e5d68ceba2bcc85ed0ad9cc0b46148b74 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7629 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-12-27 r/5503 feat(ops/modules): set up public-inbox at inbox.tvl.suVincent Ambo3-0/+79
Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-12-25 r/5483 feat(ops/glesys): set up DNS record for inbox.tvl.suVincent Ambo1-0/+7
Change-Id: I85365e5e0bb3e464b439266cb6efad9b2e3763cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7627 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-12-24 r/5482 feat(ops/users): add raitobezarius to usersRyan Lahfa1-0/+5
Change-Id: Ia6cb935f4358526891ece20538d0fa60cfc81095 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7621 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-12-12 r/5410 feat(wpcarro/nixos): Support kyokoWilliam Carroll1-0/+1
Yet Another NixOS System Change-Id: I29590c5e7c2a651f3ef56642018649dddd9f06b6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7297 Reviewed-by: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: wpcarro <wpcarro@gmail.com>
2022-12-10 r/5399 feat(ops/users): add aaqaishtyaq to users.aaqa ishtyaq1-0/+5
Signed-off-by: Aaqa Ishtyaq <aaqaishtyaq@gmail.com> Change-Id: I0ee0142d6a57c05347de45305d333d1b705928e9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7552 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-12-05 r/5390 fix(ops/modules): regularly restart panettone for b/225Vincent Ambo1-0/+11
Change-Id: I27565e0e462ecb431d0f82bb3f6026b1eb369279 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7504 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-12-05 r/5389 feat(ops/users): add ghuntley to usersGeoffrey Huntley1-0/+5
Fixed syntax error in the original patch (superfluous quote). Co-authored-by: sterni <sternenseemann@systemli.org> Change-Id: I9b6aac345906def185e30f2a9bbecde84848863a Reviewed-on: https://cl.tvl.fyi/c/depot/+/7527 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-12-03 r/5380 fix(ops/pipelines): limit concurrency of :llama:Vincent Ambo1-0/+2
When pushing a large chain of CLs, builds can fail with OOM issues as many Nix evaluations of the depot are happening simultaneously. To work around this, we limit the concurrency of simultaneous Nix evaluations (i.e. the `:llama` step). This can slow down the start of builds in a large chain of small changes, but that is a better tradeoff than failing the builds entirely and making people click buttons. Change-Id: If351aaad22d52e2bcf871377f22ab1df594c518d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7501 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-12-01 r/5357 feat(ops/users): add IslandUsurper to users.Lyle Mantooth1-0/+5
Change-Id: Id6bda45acd33dc4e57775321aa8f318164ca7ee0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7469 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-11-23 r/5304 feat(ops/users): Add brainrake to usersMárton Boros1-0/+5
Change-Id: I6bb611fd802ed3f1e748d4c75dc2fd4bea9cc91a Reviewed-on: https://cl.tvl.fyi/c/depot/+/7365 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-11-21 r/5294 feat(ops/users): Add noteed to usersVo Minh Thu1-0/+5
Change-Id: I40b99a46b76d0df40b811350f3560c629babdbc4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7319 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-11-09 r/5275 feat(ops/users): Add jrhahn to usersjhahn1-0/+5
Change-Id: I00913a302ecc23fec2e60875dc164b24d73ba4ad Reviewed-on: https://cl.tvl.fyi/c/depot/+/7257 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-11-07 r/5260 fix(ops/machines/whitby): serve grafana at status.tvl.su againsterni2-2/+2
This is a follow up to cl/7191 which neglected to adjust the status.tvl.su.nix module and re-enable it. Change-Id: Icc1917004cd50e5eab61a29bc68b393ba9bd6325 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7226 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-11-05 r/5249 chore(whitby): Update grafana configGriffin Smith1-63/+44
Uncomment and update the grafana config for whitby based on the new config format that nixos accepts. I've validated this locally by visually inspecting the resulting `ini` file, but not actually run it yet. Change-Id: I12d78ae48146e1b01bd2a4152276d4c6b16c1a3d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7191 Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-03 r/5232 chore(3p/sources): Bump channels & overlays (OpenSSL edition)sterni1-58/+59
* //ops/machines/whitby: Disable grafana, since the grafana module was changed upstream in a way that our configuration no longer works. Since the OpenSSL security update is relatively pressing, adapting the grafana configuration beforehand is not a hard requirement. See https://github.com/NixOS/nixpkgs/pull/191768. * //tools/depotfmt: keep Go at version 1.18 to forgo a reformat of the tree. * //nix/buildGo: keep Go at version 1.18, as 1.19 changed the CLI interface (?) in a way that breaks buildGo. * //3p/overlays/tvl: drop upstreamed tdlib upgrade. * //3p/overlays/tvl: patch buf to work around breakage due to git 2.38.1 TODO items for Go are tracked in b/215. Change-Id: Ie08fef49cf3db12e6b5225a8b992a990ddc5b642 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7141 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>
2022-10-27 r/5212 chore(ops/pipelines/depot/protoCheck): include name in labelFlorian Klink1-1/+1
Change-Id: I2010bd6e4600e9f1dd6e6af40e81ecbbb72c20d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7054 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-10-08 r/5059 feat(ops/pipelines): allow accessing the nix storesterni1-1/+2
This is already allowed de facto, since there seems to be a special exception for reading from derivation outputs. What is forbidden, is access to files imported to the store (even via builtins.toFile) and derivation files. The latter is required for doing dependency analysis on arbitrary derivations, unfortunately. Access to the store allows kind of evil things, but it should be (hopefully) hard to do this by accident, and accessing derivation files is not impure, though it relies on store implementation internals so to speak. Change-Id: I33a7de83ef0ee20a7076690329d62f6caffffe5f Reviewed-on: https://cl.tvl.fyi/c/depot/+/6835 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-10-03 r/5025 fix(ops/www): fix port templating for keycloakVincent Ambo1-1/+1
Change-Id: I714b12f996d7dbe705f1f553d449f2dbc4910b1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/6848 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-10-02 r/5017 chore(ops/whitby): use renamed 'kbdInteractiveAuthentication' optionVincent Ambo1-1/+1
Relates to b/200 Change-Id: Ica7a32e3d2392aba22c2de93cc9be49c4a57eeb9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6838 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-10-02 r/5016 chore(ops/whitby): use new keycloak HTTP port optionVincent Ambo1-1/+1
Relates to b/200 Change-Id: Id8f415d5c4a8947b56031e1671f4f84ac5f2665d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6837 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-09-28 r/4980 chore(3p/sources): Bump channels & overlayssterni8-9/+9
Upstream nixpkgs removed a lot of aliases this time, so we needed to do the following transformations. It's a real shame that aliases only really become discoverable easily when they are removed. * runCommandNoCC -> runCommand * gmailieer -> lieer We also need to work around the fact that home-manager hasn't catched on to this rename. * mysql -> mariadb * pkgconfig -> pkg-config This also affects our Nix fork which needs to be bumped. * prometheus_client -> prometheus-client * rxvt_unicode -> rxvt-unicode-unwrapped * nix-review -> nixpkgs-review * oauth2_proxy -> oauth2-proxy Additionally, some Go-related builders decided to drop support for passing the sha256 hash in directly, so we need to use the generic hash arguments. Change-Id: I84aaa225ef18962937f8616a9ff064822f0d5dc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6792 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-09-20 r/4930 feat(ops/keycloak): import github identity provider configurationVincent Ambo3-1/+24
For some reason Terraform decided that it would otherwise like to *delete* this configuration, which is undesirable. Note that there is a "magic" special behaviour when the `alias` and `provider_id` are set to the name of a built-in supported provider (github, gitlab etc.), which lets us skip the authorization_url setup. Change-Id: Ib66154c2896dda162c57bdc2d7964a9fa4e15f20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6706 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-20 r/4929 feat(ops/keycloak): add SMTP settings in configurationVincent Ambo1-0/+10
I think these were set up in the UI and previously not supported in the Terraform config, now they're supported and Terraform wanted to delete them ... Change-Id: I83eb49ceb774ac835dc81638f962e937c7e936c6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6707 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-19 r/4923 feat(monorepo-gerrit): swap owners plugin for code-ownersLuke Granger-Brown1-1/+10
Change-Id: I9e05384b58dac258bc2da41c22e321b20451ef00 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6686 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2022-09-19 r/4922 chore(gerrit): migrate OWNERS files to code-owners styleLuke Granger-Brown1-4/+3
Change-Id: Iacc521dfdd4b4a2d5cef3920cf8189bcce35a488
2022-09-16 r/4871 feat(ops/users): Add talyz to userstalyz1-0/+5
Change-Id: I3bbc9d31e4d00b26dcef470816c0b44a949ecb7a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6614 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4829 feat(ops/modules): deploy tvixbolt to tvixbolt.tvl.suVincent Ambo2-0/+20
Change-Id: I534cf918fc3e03ce8c14cf15f6d3280b6a657c8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6536 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4828 feat(ops/glesys): add CNAME for tvixbolt.tvl.suVincent Ambo1-0/+11
I could not get nginx to serve it from `tvl.su/tvixbolt`, and ran out of interest in trying to fix it, so lets put it on a subdomain instead. Change-Id: I1313d75cc9831d94a894191376534b1e5186a76a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6537 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-08-25 r/4490 fix: reflect renames of Nix configuration optionssterni2-14/+14
Change-Id: I7e28ac3d71acd7d99a1d3ef97bef9422097e4abf Reviewed-on: https://cl.tvl.fyi/c/depot/+/6154 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-08-13 r/4426 chore(3p/sources): Bump channels & overlaysVincent Ambo1-1/+1
* tvl-slapd: move database to subdirectory (somehow now required) Change-Id: I1792b856cf68b11959c0cc9caab4135e556f8c58 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6090 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-07-28 r/4337 feat(ops/www): add predlozhnik redirect on tazj.inVincent Ambo1-0/+4
otherwise posting this to reddit's /r/russian is not possible, as they ban all links to Russian-affiliated sites Change-Id: I8d23f0961ec7ef097fc2dbdd0aaa178861a19c10 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5992 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4317 feat(ops/users): Add jfroche to usersJean-François Roche1-0/+5
Change-Id: I60cb0acffd1d21b4660e819799206a0cde4facb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5970 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4316 refactor(ops/glesys): add explicit records pointing to whitbyVincent Ambo3-14/+33
instead of setting a wildcard record (which causes really weird behaviour if you set your search domain to tvl.su/tvl.fyi, which I do), DNS records for services running on whitby are now set explicitly. Change-Id: Ia05399b62dad326942fe0efda30782ce153df99d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5961 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2022-07-20 r/4307 feat(grfn/system): Add ogopogoGriffin Smith1-0/+1
This is my new work desktop https://en.wikipedia.org/wiki/Ogopogo Change-Id: I198d8757ff85eec00a303b990efdd2658cbc3e6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5963 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>