Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-02-14 | r/550 refactor(ops/nixos/camden): Merge ACME certificate blocks | Vincent Ambo | 1 | -11/+7 | |
2020-02-14 | r/549 feat(camden): Move to actual tazj.in hostnames | Vincent Ambo | 1 | -4/+15 | |
2020-02-12 | r/548 feat(ops/nixos/nugget): Add camden to /etc/hosts | Vincent Ambo | 1 | -0/+7 | |
At the moment there is no other way for requests from nugget to camden to resolve correctly, as the Hyperoptic router is eating this traffic on the LAN. | |||||
2020-02-12 | r/547 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden | Vincent Ambo | 1 | -0/+21 | |
2020-02-12 | r/546 feat(ops/nixos/camden): Move ACME configuration out of nginx | Vincent Ambo | 1 | -4/+13 | |
This makes it possible to re-use the same provisioning mechanism for multiple related domains. | |||||
2020-02-12 | r/545 feat(ops/nixos/camden): Set up cgit service | Vincent Ambo | 1 | -5/+27 | |
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. | |||||
2020-02-11 | r/543 fix(nix/tailscale): Fix incorrect Tailscale ACL config type | Vincent Ambo | 1 | -8/+10 | |
2020-02-11 | r/542 feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs | Vincent Ambo | 1 | -1/+5 | |
This directory is writeable by me and is intended to make it easy to serve random blobs. | |||||
2020-02-11 | r/541 feat(ops/nixos/camden): Enable haveged entropy "generator" | Vincent Ambo | 1 | -3/+4 | |
2020-02-11 | r/540 feat(ops/nixos/nugget): Set up nginx serving homepage & blog | Vincent Ambo | 1 | -0/+53 | |
This nginx does not currently log access correctly because for some impenetrable reason (as is tradition), neither /dev/stdout nor /dev/fd/1 exist for nginx at runtime. This is probably systemd's doing, but I'll debug it later. | |||||
2020-02-11 | r/538 fix(ops/nixos/camden): Use package set from depot pin | Vincent Ambo | 1 | -2/+9 | |
2020-02-11 | r/537 feat(nix/tailscale): Add function for generating tailscale ACLs | Vincent Ambo | 1 | -1/+8 | |
... and use it on Camden! | |||||
2020-02-11 | r/536 feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh | Vincent Ambo | 1 | -3/+21 | |
2020-02-11 | r/535 fix(ops/nixos): Add camden to rebuilder script | Vincent Ambo | 1 | -0/+4 | |
This should probably be templated instead. | |||||
2020-02-11 | r/534 feat(ops/nixos): Add initial configuration for host camden | Vincent Ambo | 3 | -7/+96 | |
2020-02-11 | r/533 feat(ops/nixos/nugget): Enable tailscale-relay | Vincent Ambo | 1 | -0/+12 | |
2020-02-11 | r/532 feat(ops/nixos): Add NixOS module for running tailscale | Vincent Ambo | 2 | -0/+78 | |
This uses the "legacy" tailscale Linux client, but built from source as per the previous commits. | |||||
2020-02-11 | r/530 chore(ops/nixos/nugget): Install tailscale on nugget | Vincent Ambo | 1 | -0/+1 | |
2020-02-09 | r/508 chore(ops/infra/k8s): Bump website replicas to 3 | Vincent Ambo | 1 | -1/+1 | |
There are typically 3 machines in the cluster, might as well have 3 website instances! | |||||
2020-02-09 | r/506 fix(ops/infra/k8s): Send www.* to nginx for redirections | Vincent Ambo | 1 | -1/+9 | |
2020-02-09 | r/503 feat(ops/infra/k8s): Add website deployment configuration | Vincent Ambo | 1 | -0/+37 | |
2020-02-09 | r/502 docs: Update README with new website setup | Vincent Ambo | 1 | -1/+1 | |
2020-02-09 | r/500 chore(ops/infra/k8s): Delete tazblog deployment | Vincent Ambo | 3 | -37/+3 | |
2020-02-08 | r/483 feat(ops/nixos/nugget): Install i3lock | Vincent Ambo | 1 | -0/+1 | |
2020-02-07 | r/478 feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools | Vincent Ambo | 1 | -0/+8 | |
2020-02-04 | r/476 feat(ops/nixos/nugget): Enable U2F hardware support | Vincent Ambo | 1 | -0/+1 | |
2020-01-25 | r/456 feat(ops/nixos/nugget): Install unzip | Vincent Ambo | 1 | -0/+1 | |
2020-01-20 | r/435 feat(ops/nixos/nugget): Enable Keybase "service" | Vincent Ambo | 1 | -0/+2 | |
2020-01-20 | r/434 feat(ops/mq_cli): Bump dependencies & add derivation | Vincent Ambo | 4 | -124/+62 | |
2020-01-20 | r/433 feat(ops/posix_mq.rs): Set up Nix build | Vincent Ambo | 3 | -1/+57 | |
2020-01-20 | r/432 chore(ops): Remove deprecated .travis.yml files | Vincent Ambo | 2 | -6/+0 | |
2020-01-20 | r/431 chore(ops/posix_mq.rs): Update crate dependencies to recent versions | Vincent Ambo | 5 | -26/+18 | |
First bump since 2017! This changes the code to be compatible with newer versions of the `nix` crate, which has shuffled things around a bit. | |||||
2020-01-20 | r/430 Add 'ops/mq_cli/' from commit 'df29b08bffc90cfd4f2d963a8e48d89f7a86308d' | Vincent Ambo | 8 | -0/+537 | |
git-subtree-dir: ops/mq_cli git-subtree-mainline: b59c7e693c21cf76619ad89ae008d92ebbb92dad git-subtree-split: df29b08bffc90cfd4f2d963a8e48d89f7a86308d | |||||
2020-01-20 | r/429 Add 'ops/posix_mq.rs/' from commit 'f7d1a38da67e92e0e87dbb988d288f0be2714f5c' | Vincent Ambo | 9 | -0/+521 | |
git-subtree-dir: ops/posix_mq.rs git-subtree-mainline: 8f684972695aeb64d1c09499bb14c5cd65bafd91 git-subtree-split: f7d1a38da67e92e0e87dbb988d288f0be2714f5c | |||||
2020-01-19 | r/423 feat(third_party/guile): Override guile to version 3.0.0 | Vincent Ambo | 1 | -0/+1 | |
Lets try this thing out! | |||||
2020-01-19 | r/422 feat(ops/nixos/nugget): Install miller | Vincent Ambo | 1 | -0/+1 | |
2020-01-19 | r/419 chore(ops/nixos/nugget): Aimlessly tweak font configuration | Vincent Ambo | 1 | -0/+11 | |
These settings seem to be very mildly better than what I had before, but I'm not entirely sure. | |||||
2020-01-19 | r/417 fix(infra/k8s/nixery): Add GCSR hosts to SSH known_hosts for Nixery | Vincent Ambo | 1 | -0/+1 | |
Unsure how this worked at all previously? | |||||
2020-01-19 | r/416 feat(ops/nixos/nugget): Connect to wifi & install Google Chrome | Vincent Ambo | 1 | -0/+10 | |
This adds configuration which, sometimes, when the stars align just right, makes it possible to cast to the Chromecast from nugget. | |||||
2020-01-19 | r/415 chore(build): Rename tazjins-depot -> depot | Vincent Ambo | 1 | -1/+1 | |
Sourcehut namespaces this under ~tazjin/ anyways. | |||||
2020-01-19 | r/414 chore(ops/sync-gcsr): Rotate Cachix secret in sourcehut | Vincent Ambo | 1 | -1/+1 | |
2020-01-18 | r/413 fix(ops/sync-gcsr): Ensure cachix is installed | Vincent Ambo | 1 | -0/+1 | |
2020-01-18 | r/412 docs(ops/kontemplate): Update installation notes | Vincent Ambo | 1 | -9/+8 | |
Removed the AUR package (which has not been updated since 2017) and made Nix the recommended installation method. | |||||
2020-01-18 | r/411 fix(ops/sync-gcsr): Avoid echoing the Cachix secret | Vincent Ambo | 1 | -2/+3 | |
sourcehut does not censor secret strings in build logs, but this workaround should avoid the issue. | |||||
2020-01-18 | r/409 feat(ops/sync-gcsr): Log successful build triggers | Vincent Ambo | 1 | -0/+2 | |
2020-01-18 | r/408 feat(ops/infra/k8s): Add sourcehut configuration to sync-gcsr | Vincent Ambo | 2 | -1/+8 | |
2020-01-18 | r/407 feat(sync-gcsr): Add builds.sr.ht build manifest | Vincent Ambo | 2 | -0/+25 | |
Adds a simple build manifest that builds everything in ci-builds.nix and pushes results to Cachix on success. | |||||
2020-01-18 | r/406 feat(sync-gcsr): Trigger sourcehut builds on master branch changes | Vincent Ambo | 1 | -6/+69 | |
Calls the sourcehut API at builds.sr.ht to trigger a build if the master branch changes. The build manifest is going to be stored in the depot too, coming up next ... | |||||
2020-01-18 | r/405 feat(ops/sync-gcsr): Skip unneccessary branch updates | Vincent Ambo | 1 | -4/+12 | |
Checks whether branches are already up-to-date before setting references. This also makes it possible to hook additional logic on the update flow. | |||||
2020-01-18 | r/404 chore(ops/infra/gcp): Update enabled GCP APIs | Vincent Ambo | 1 | -0/+5 | |