about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2023-09-22 r/6636 feat(ops/glesys): add DNS record for nixery-01 hostVincent Ambo1-0/+7
Change-Id: I9fe8497688764a6a0934a2c02264f93b2078fb1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/9427 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6635 feat(ops): add nixery-01 instance for hosting nixery.devVincent Ambo2-1/+33
Change-Id: Ida21ac7240a532bb6063b362155f2b14b2859aae Reviewed-on: https://cl.tvl.fyi/c/depot/+/9426 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6634 chore(ops): move yandex-cloud image module out of corpVincent Ambo1-0/+79
Change-Id: Idc8cc3a640fc895cd3882e93a193212adb743abb Reviewed-on: https://cl.tvl.fyi/c/depot/+/9425 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6631 chore(ops/modules/www/code.tvl.fyi): add missing go get redirectFlorian Klink1-0/+6
This was missing in cl/9370. Change-Id: I02048b0e65d1192e9e300160bb8f78fe30a70da1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9405 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Connor Brewster <cbrewster@hey.com> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-09-22 r/6629 refactor(tvix): move castore into tvix-castore crateFlorian Klink1-0/+4
This splits the pure content-addressed layers from tvix-store into a `castore` crate, and only leaves PathInfo related things, as well as the CLI entrypoint in the tvix-store crate. Notable changes: - `fixtures` and `utils` had to be moved out of the `test` cfg, so they can be imported from tvix-store. - Some ad-hoc fixtures in the test were moved to proper fixtures in the same step. - The protos are now created by a (more static) recipe in the protos/ directory. The (now two) golang targets are commented out, as it's not possible to update them properly in the same CL. This will be done by a followup CL once this is merged (and whitby deployed) Bug: https://b.tvl.fyi/issues/301 Change-Id: I8d675d4bf1fb697eb7d479747c1b1e3635718107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9370 Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-09-12 r/6588 feat(ops/users): add totikom to usersEugene Lomov1-0/+5
Change-Id: Id2577449ec0a52f8c16f13150896ec0680f02051 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9325 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-12 r/6582 chore(ops/yandex-cloud-rs): bump API definitions to 2023-09-04Vincent Ambo3-4/+4
Change-Id: I6ef83796a01014b01ac8aef6c7f500863f5cbf03 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9305 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-09-10 r/6575 feat(ops/modules/code.tvl.fyi): fix go get for tvix store protosFlorian Klink1-1/+11
There's a go.mod in in tvix/store/protos, which sets the module path to code.tvl.fyi/tvix/store/protos. While this path makes kinda sense, it's currently not possible to `go get` it from that location, as we serve the cgit interface from there. Fortunately, `go get` has a mechanism to determine clone URLs for a given go module path, as documented in https://go.dev/ref/mod#vcs-find. We simply need to serve a small HTML file at that path, describing the proper clone URL. This points the clone URL for code.tvl.fyi/tvix/store/protos to a josh- provided subtree of just :/tvix/store/protos, which will contain the root go.mod file. We need another layer of indirection as nginx can't have an `alias` directive inside a conditional block (but can have a redirect). Contrary to https://b.tvl.fyi/issues/299#comment-464, it seems to work for our usecase. It might become a problem if we actually serve `go.mod` files in a nested fashion at some point, but let's look at that once we get there. Fixes b/299. Change-Id: Idcad795105af5d57e6d06de6e232881dccf9110b Reviewed-on: https://cl.tvl.fyi/c/depot/+/9290 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: adisbladis <adisbladis@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-05 r/6552 feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyiVincent Ambo2-0/+20
I verified on whitby that the password hashes generated by //web/pwcrypt are compatible with our OpenLDAP, so it's time to make this thing public. Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2023-09-05 r/6551 feat(ops/glesys): delegate signup.tvl.fyi to whitby in DNSVincent Ambo1-0/+1
Change-Id: I7ca1e970228239e87581fd4d65c50334932d85a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9265 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-08-22 r/6517 fix(ops/nixery): switch nixery.dev to stable nixpkgs channelVincent Ambo1-2/+3
The current unstable has a bunch of breakage which people have been reporting, lets move the public instance to the stable channel until that is sorted out. Example breakage: https://github.com/tazjin/nixery/issues/159 Change-Id: Id5eb11ebd235928b85c01c178c32da3badea517f Reviewed-on: https://cl.tvl.fyi/c/depot/+/9126 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-08-21 r/6516 feat(tvl-users): grant wheel privileges to flokliVincent Ambo1-1/+1
Flokli needs deploy access to whitby to ~~break auth~~ experiment with Dex. Change-Id: If39763192961e227ee569a312f6a0e3ae2c10786 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9113 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-07-10 r/6401 fix(ops/whitby): remove tazj.in moduleVincent Ambo1-1/+0
this moved out of whitby some time ago (to koptevo.tazj.in), but is now causing failures because of ACME cert renewal Change-Id: I4da5512db0d85d416511a1d10f784e978c5ccc93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8948 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-07-07 r/6396 fix(users): rename zseri -> fogtiAlain Zscheile1-2/+2
in accordnace with similar renaming on other sites (e.g. GitHub, Exozyme, chaos.social) My experience with exozyme tells me that fully applying this change might require manual editing of gerrits database anyways to fix broken references/patch ownerships. Change-Id: I024ff264c09b25d8f854c489d93458d1fce7e9f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8919 Autosubmit: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de>
2023-07-05 r/6392 feat(tools/git-r): git subcommand to display r/numbers for commitssterni1-0/+5
Sadly, this can't quite be an alias (which would be difficult to automatically set up anyways), since we want to check if an r/number is part of the (upstream) canon branch. The test script for the subcommand doubles up as a soundness check for our pipelines ref creation. Change-Id: I840af6556e50187c69490668bd8a18dd7dc25a86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8844 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de>
2023-07-01 r/6383 chore(ops/secrets): drop oauth2_proxy.ageFlorian Klink2-1/+0
This was already removed from whitby a while ago, no reason to keep this secret. Change-Id: I4742dd0138a3eff91325c94e44e64b72c644ee3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/8915 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2023-07-01 r/6382 chore(ops/keycloak): drop oauth2-proxy clientFlorian Klink1-21/+0
Nothing is using this, so it can be removed. Change-Id: I1b812b6df89d4f79ed313e646e141909519c6083 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8914 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: flokli <flokli@flokli.de>
2023-07-01 r/6381 chore(ops/modules): remove oauth2_proxy moduleFlorian Klink1-60/+0
This was dropped from whitby itself in cl/8905, but didn't drop the module because we were worried someone else might still be using it. However, this relies on the "oauth2-proxy" client ID, which only has the following supported redirect uris (as per ops/keycloak/clients.tf): - https://login.tvl.fyi/oauth2/callback - http://localhost:4774/oauth2/callback … which means, noone can really run this properly anyways, so let's drop it. We can always restore it from git. Change-Id: I7d700f59a62cce1254ad4ba0792a7d7b3960b769 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8913 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-06-30 r/6374 chore(ops/whitby): remove broken oauth2_proxy serviceVincent Ambo1-5/+0
this never worked and was never used, but for now the module itself is still around in case somebody wants it for something Change-Id: Id8e449e08c8012786bca0ea57d9c7b97056a1f3d Reviewed-on: https://cl.tvl.fyi/c/depot/+/8905 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-23 r/6350 chore(ops/whitby): drop obsolete grub version optionsterni1-1/+0
Change-Id: I8f89f00d3eca5cef23dc7698208b08e0b6826393 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8854 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-22 r/6343 feat(ops): introduce (head|tail)scale server at net.tvl.fyiVincent Ambo3-0/+76
This runs a headscale server on sanduny which lets users join their machines to the TVL tailscale network. This would theoretically let people communicate with each other on the internal network, but also more notably joined servers can advertise exit node capability so that we can have our own "VPN network", for starters with endpoints in Germany, UK and Russia (whitby, sanduny and koptevo respectively). This setup isn't fully stable yet, notably: * The IP range used by tailscale is just the default one right now, I'm not sure if that should be changed or what. * The system is stateful (on sanduny), but the state is not (yet) backed up anywhere. Use with caution. * Machine joining is a manual process requiring SSH & root access to sanduny. The process is to log in to sanduny, then get a headscale shell with `sudo -u headscale bash`, and to use the `headscale` CLI within there to administrate access. I've opted to create a user account `tvl` for TVL-owned machines, and a personal account for myself and my machines. Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-06-20 r/6338 feat(ops/glesys): add `net.tvl.fyi` CNAME for sandunyVincent Ambo1-0/+7
This will host a headscale server for TVL. Change-Id: I8769852aaaf7a02a2d63f48ecf5adfd86747ff72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8835 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-06-15 r/6317 fix(ops/modules/quassel): use systemd LoadCredential to read certsVincent Ambo1-1/+5
This avoids permission issues with nginx vs. quassel Change-Id: I770f8284d8fd8fc6d38add93c1681f9daebe8749 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8786 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-15 r/6311 chore(3p/sources): Bump channels & overlayssterni2-2/+1
* //ops/modules/depot-inbox: Adapt to upstream option type declaration. See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076. * //ops/machines/sanduny, //users/tazjin/polyanka: Remove boot.loader.grub.version options (no longer has any effect). * //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk * //3p/overlays: update tdlib to match emacs-overlay * //3p/overlays: give EXWM from depot a separate name * //users/grfn/system/home: disable Slack support in ntfy Change-Id: I03bde088bc70e05b23925f244899807210cb7b20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-14 r/6292 fix(ops/yandex-cloud-rs): fix dev-dependencies for examplesVincent Ambo2-0/+4
Change-Id: Ib99755d2b49464a6a30442b696ecfeda03038066 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8767 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-14 r/6291 docs(ops/yandex-cloud-rs): link to folder with usage examplesVincent Ambo1-0/+3
Change-Id: If2596b5a3dc542dca9a06a51a5a0f509034665c8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8766 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-14 r/6290 chore(ops/yandex-cloud-rs): bump API definitions to 2023-06-13Vincent Ambo3-92/+65
Change-Id: Iad2d85eaffe96de0cf9ecb490fe5ba87209e1005 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8765 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-14 r/6289 refactor(ops/yandex-cloud-rs): allow TokenProvider impls to failVincent Ambo1-6/+6
It's actually quite common that a token provider might fail, for example when fetching a token from instance metadata. Change-Id: Ie0126fb92c6c613ad36b5583fd68505fdd97f2c1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8764 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-14 r/6288 chore(ops/yandex-cloud-rs): re-export some tonic typesVincent Ambo1-0/+9
These are useful for downstream users of the library, who might not need all the rest of the tonic stuff. Change-Id: Iab4d941696ae3c7a33b25815b72f92598aa82b80 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8763 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-14 r/6287 fix(ops/yandex-cloud-rs): add `Bearer` prefix to auth tokenVincent Ambo1-2/+3
Change-Id: I27d23de0598e3ca926a85cba3022f2dfff25f6be Reviewed-on: https://cl.tvl.fyi/c/depot/+/8762 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-05-23 r/6175 chore(ops/yandex-cloud-rs): bump API specs to 2023-05-23Vincent Ambo4-17/+15
Change-Id: Ibc98d3878690099d6d95dfe1a2741d551ed7a72a Reviewed-on: https://cl.tvl.fyi/c/depot/+/8608 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-05-19 r/6170 chore(ops/yandex-cloud-rs): explicitly set `include` in manifestVincent Ambo1-0/+1
This makes publishing a bit easier without the build script interfering and other wonkiness. Change-Id: Iadb144aabbdeabae8899ebdc62636315239e5f08 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8601 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-05-19 r/6169 fix(ops/yandex-cloud-rs): set license in Cargo manifestVincent Ambo1-0/+1
Change-Id: Icc15953557585cbb2708a1267ab509caca8b258e Reviewed-on: https://cl.tvl.fyi/c/depot/+/8600 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-05-19 r/6168 chore(ops/yandex-cloud-rs): bump API definitions (2023-05-19)Vincent Ambo3-72/+72
Change-Id: I0c4e77587b9fac14017449eb6a4630265b07950e Reviewed-on: https://cl.tvl.fyi/c/depot/+/8599 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-05-19 r/6167 docs(ops/yandex-cloud-rs): add developer-facing READMEVincent Ambo2-0/+53
Mostly to remind myself about the wonky release process. Change-Id: I76ea8d9a2ed600ebb31f4b1a5368f3cefa0556d6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8598 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-05-16 r/6143 feat(ops/terraform/deploy-nixos): make target_user_ssh_key optionalFlorian Klink2-9/+14
In case `target_user_ssh_key` points to an empty string, nixos-copy.sh just doesn't set `IdentityFile=` at all. This allows using deploy-nixos without any explicitly passed ssh keys, but picking up whatever ssh setup the user has configured locally. Change-Id: If335ce8434627e61da13bf6923b9767085af08a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-05-11 r/6132 chore: address renames of boot & tmp related optionssterni1-1/+1
Change-Id: I78f2116a63675fff5a36826b3e5390798ab9db9f Reviewed-on: https://cl.tvl.fyi/c/depot/+/8526 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: flokli
2023-04-28 r/6117 feat(ops/modules/open_eid): add support for Web eID extensionFlorian Klink1-20/+37
Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-04-28 r/6116 feat(ops/yandex-cloud-rs): generated gRPC clients for Yandex CloudVincent Ambo7-0/+1613
This uses tonic to generate the full set of gRPC clients for Yandex Cloud. Includes some utility functions like an authentication interceptor to make these actually work. Since the upstream protos are exported regularly I've decided that the versioning will simply be date-based. The point of this is journaldriver integration, of course, hence also the log-centric example code. Change-Id: I00a615dcba80030e7f9bcfd476b2cfdb298f130d Reviewed-on: https://cl.tvl.fyi/c/depot/+/8525 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-28 r/6115 feat(ops/users): Add hsjobeki to usersJohannes Kirschbauer1-0/+5
Change-Id: Ib5f8c314d2c7ad6af948ff23754eeb895b1f1e94 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8529 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Reviewed-by: flokli <flokli@flokli.de>
2023-04-19 r/6099 fix(ops/modules/open_eid): use libdigidocpp.binFlorian Klink1-1/+1
nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-04-11 r/6094 chore: adapt to ssh option renamessterni1-2/+4
Change-Id: I6fc2aaefe40e449bd1937bb68f3a2ab4abaa5cd0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8372 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2023-04-07 r/6072 chore(3p/sources): Bump channels & overlayssterni1-3/+3
* Satisfy new assert that the corresponding shell needs to be enabled via programs.* if it is as the login shell of at least one user. * //users/tazjin: “Address” removal of hardware.video.hidpi option. * //3p/gerrit: update fetch sha256 Change-Id: Id0988a0ea7f393d6b7848a7104fc3526ee1177f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8407 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-31 r/6064 fix(views/kit): communicate :unsign in the tvl-kit URL directlyFlorian Klink1-1/+1
Instead of prepending :unsign to all URLs in josh-proxy, and for all calls to filteredGitPush, explicitly use it only in the filter we use for the `export-kit` extraStep. This means, people cloning tvl-kit via > https://code.tvl.fyi/depot.git:workspace=views/kit.git now need to update the URL to point to > https://code.tvl.fyi/depot.git:unsign:workspace=views/kit.git instead. git@github.com:tvlfyi/kit.git will keep the same hashes, as it's updated to export the unsigned workspace view of it. This is less invasive than dooming every josh workspace to have to strip signatures. Change-Id: I6de05182fad4c3695081388c3bbf37306521d255 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8369 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-29 r/6054 fix(ops/www): allow all indexing on cl.tvl.fyiVincent Ambo1-0/+4
I *want* search engines to index our CLs, they might be useful! Change-Id: I956d92c80d812e1aefefb6daeba77a1588055b94 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8361 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2023-03-14 r/6005 feat(ops): serve Tvix website & docs on (docs.)tvix.devVincent Ambo2-0/+40
Change-Id: I198ea197867f9b9a48e51665d0665f722202e02e Reviewed-on: https://cl.tvl.fyi/c/depot/+/8299 Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-14 r/6003 feat(ops/glesys): add CNAME for docs.tvix.devVincent Ambo1-0/+7
Change-Id: Ie1994ac4d14344c82ae184f4e3cd9f5292d96c84 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8297 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-03-14 r/6001 feat(ops/glesys): point tvix.dev at whitbyVincent Ambo1-0/+40
Change-Id: Ied022e6c1a8039a9db375a8593afb76edcaa6dbd Reviewed-on: https://cl.tvl.fyi/c/depot/+/8295 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-08 r/5902 fix(ops/terraform): s/TARGET_ADDRESS/TARGET_HOSTFlorian Klink1-1/+1
We missed renaming this as well while iterating over https://cl.tvl.fyi/c/depot/+/7950. Change-Id: I704d3b60bb3beb1a2148e27bdd4a49075a6649b3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8230 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-03-07 r/5895 chore(3p/josh): update josh to recent master commitVincent Ambo1-1/+1
It's been a long time since we updated josh, almost 400 commits in between. I read through the entire changelog, and here are relevant josh commits from in between that might be interesting to us: 38eecee Fix optimisation bug for compose filter (#1159) e1d10b6 Add :rev(...) filter 0f1a07b Initial implementation of refs locking (#929) 88cea2a Initial work on meta repo support 030ad93 Change magic refs to include "for" 28b1d75 Add split changes feature (#904) 1f908d7 Discover filters only on HEAD (#774) a368d8f Make --require-auth only apply to push 8d80230 Add :linear filter (#741) 3460ec2 Implement redundant refs filtering (#700) 55b4e50 Implement stacked changes support (#699) ea1f814 Handle @sha urls by creating magic ref (#690) 883a381 Run filter discovery only on changed refs (#685) 4bb004f Prepend refs/heads to base parameter as default (#664) Of particular interest is a368d8f, which allows us to drop our authentication patch and use the standard --require-auth flag again. The default behaviour of dropping signatures on commits (which are invalid after filtering) has also been changed in josh, now only occuring when the `:unsign` filter is present. Since this breaks commit hashes with our existing exported histories, we are opting to set a `:unsign` filter prefix on all proxy requests to ensure that the hashes stay consistent. During this update we found a bug (josh#1155) which was fixed in the commit that this CL moves josh to. Change-Id: I3afac1619f3aa90313a0441da91f0e4a96fe0a3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/8186 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI