about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2023-11-27 r/7077 feat(ops/gerrit-autosubmit): init simple gerrit autosubmitterVincent Ambo5-0/+515
Adds a small Rust program that connects to the Gerrit API and uses a simple algorithm to figure out which changes should be submitted, and submits them: * it fetches all changes the Gerrit query API considers submittable (i.e. all requirements fulfilled), and that have the `Autosubmit` label set * it filters these changes down to those that are _actually_ submittable (in Gerrit API terms: that have an active Submit button) * it filters out those that would submit ancestors that are *not* marked with the `Autosubmit` label * it submits the longest chain After that it just loops. There is no rebasing logic yet for when it "runs out" of submittable changes, but it will not be difficult to add. Relates to b/333. Change-Id: Ib91ecf2c45b178e8c64ff7b2174d617d4c45efe2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10131 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Autosubmit: tazjin <tazjin@tvl.su>
2023-11-26 r/7071 fix(ops/modules/irccat): recursively merge config attribute setsterni1-1/+1
`lib.types.attrs` is deprecated in favor of `lib.types.attrsOf lib.types.anything` because it doesn't merge attribute sets /recursively/. `attrsOf` and `anything` do, the former is used to ensure that the top value is an attribute set as expected by irccat. Change-Id: I2a9d943a06c8f99f7d6d20c9944288e854924bff Reviewed-on: https://cl.tvl.fyi/c/depot/+/10129 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-26 r/7070 feat(sterni/ingeborg): enable btrfs auto scrubsterni1-0/+25
While we are at it, rename disk-checkup.nix to btrfs-auto-scrub.nix and move it into //ops/modules. I originally wanted to have additionally disk health related services in that module, but the btrfs scrub functionality is nicely self-contained and reusable, so I think it makes sense to have this in a more central location. Change-Id: Iabdd62838eef009540ca71abafd921afda2a9b47 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10128 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-25 r/7063 fix(whitby): disable gerrit-queue due to b/333Vincent Ambo1-1/+2
Change-Id: I53084dcf033b8e7b2b7188fbef0a8d1ce15ceb83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10123 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-12 r/7006 chore(ops/journaldriver): bump cargo dependenciesVincent Ambo1-132/+138
Fixes: * RUSTSEC-2023-0022 * RUSTSEC-2023-0044 * RUSTSEC-2023-0023 * RUSTSEC-2023-0024 Change-Id: Ib2813cf7a7a38fd50a1695de7b380cef4299a0c3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10019 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2023-11-05 r/6945 fix(monorepo-gerrit): fix linking to bugs & CLs in commitsVincent Ambo1-4/+4
In some Gerrit version upgrade the syntax of this config element seems to have changed. There's now one less level of escaping, and it no longer produces raw HTML but rather a link. Fixes b/319. Change-Id: I8d86d23e91cb003e950d9a6723bb0a5ee5d80bb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9952 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-05 r/6943 chore(whitby): upgrade to PostgreSQL 16Vincent Ambo1-1/+1
Relates to b/330 Change-Id: If5ef3e999511754e6eb69a4c0a44e6eed21b56b5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9949 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-05 r/6942 chore(whitby): upgrade to PostgreSQL 12Vincent Ambo1-0/+1
Relates to b/330 Change-Id: I9169374a2324dc39e539d3e803f8ab15a308e5fd Reviewed-on: https://cl.tvl.fyi/c/depot/+/9945 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-10-30 r/6906 chore(third_party/gerrit-queue): move to tvl overlayFlorian Klink1-1/+1
Bump to a version including https://github.com/flokli/gerrit-queue/pull/15 Change-Id: Ie316498ca2c608e5489901c5705ce5f2dc047f29 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9808 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-10-17 r/6848 chore(tvix/store-go): rename go moduleFlorian Klink1-4/+4
`code.tvl.fyi/tvix/store/protos` now points to a directory that only contains the `.proto` files, while all golang tooling and .pb.go files live in tvix/store-go. As discussed in https://cl.tvl.fyi/c/depot/+/9787/comment/fc5d155c_1bd38e3a/, the amount of people currently using this is still small, so rename the go.mod now, while it doesn't yet hurt. Also, use code.tvl.fyi/tvix/castore-go instead of code.tvl.fyi/tvix/ castore/protos, to make use of cl/9791. Change-Id: I9ea89957d7c29dfae4c893b9aae8ac8a0bad2d8e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9792 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-10-17 r/6847 chore(tvix/castore-go): rename go moduleFlorian Klink1-4/+4
`code.tvl.fyi/tvix/castore/protos` now points to a directory that only contains the `.proto` files, while all golang tooling and .pb.go files live in tvix/castore-go. As discussed in https://cl.tvl.fyi/c/depot/+/9787/comment/fc5d155c_1bd38e3a/, the amount of people currently using this is still small, so rename the go.mod now, while it doesn't yet hurt. Change-Id: Ib3c6a2dac2923b3806ebb05be00af66d0da9f698 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9791 Reviewed-by: Connor Brewster <cbrewster@hey.com> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-10-17 r/6844 chore(tvix): move store golang bindings to tvix/store-goFlorian Klink1-1/+1
Similar to the castore-go CL before, this also updates the store-go bindings to the new layout. Change-Id: Id73d7ad43f7d70171ab021728e303300c5db71f0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9788 Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-10-17 r/6843 chore(tvix): move castore golang bindings to tvix/castore-goFlorian Klink1-1/+1
Have `tvix/castore/protos` only contain the protos, no go noise. Make the `.pb.go` file generation a pure Nix build at `//tvix/castore/protos:go-bindings`, and have a script at `//tvix:castore-go-generate` (TBD) that copies the results to `tvix/castore-go`. `//tvix:castore-go`, with sources in `tvix/castore-go` now contains the tooling around the generated bindings, and the generated bindings themselves (So go mod replace workflows still work). An additional CI step is added from there to ensure idempotenty of the .pb.go files. The code.tvl.fyi webserver config is updated to the new source code path. I'm still unsure if we want to also update the go.mod name. While being a backwards-incompatible change, it'll probbaly make it easier where to find these files, and the amount of external consumers is still low enough. Part of b/323. Change-Id: I2edadd118c22ec08e57c693f6cc2ef3261c62489 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9787 Reviewed-by: Connor Brewster <cbrewster@hey.com> Tested-by: BuildkiteCI
2023-10-10 r/6762 revert(ops/code.tvl.fyi): fix josh-proxy cmdline argstazjin1-1/+1
This partially reverts commit eb167c71a779b978a1fd4d6cd29fdf47268c578d. Reason for revert: Broke anonymous cloning. Change-Id: I10d148f8deed5d9a200d1e731fe341b9ee0782c3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9625 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2023-10-09 r/6751 fix(ops/code.tvl.fyi): fix josh-proxy cmdline argsFlorian Klink2-2/+2
It looks like josh is only listening on v4 currently: https://github.com/josh-project/josh/blob/1586eab06284ce668779c87f00a1fb5fa9763be0/josh-proxy/src/bin/josh-proxy.rs#L1429 Also, the remote URL to push to is (or became) https://cl.tvl.fyi/a, not just https://cl.tvl.fyi/, update it Change-Id: Ic59bc51c28be913d833186c715e9a9eb960bbd6e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9591 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-09 r/6748 chore(ops): expose nar-bridge for go getBrian McGee1-0/+10
Change-Id: I9d8f444ed625502cfaeea83e0b330f52dac24118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9589 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-09 r/6745 feat(ops/www): add experimental grep.tvl.fyi setupVincent Ambo2-0/+25
This points a reverse proxy at a manually run, highly experimental container. The actual setup is not yet nixified. Change-Id: I8e1d5ec94a3f1e9b4b0bfc7ffd2a9badf4e79291 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9577 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-10-08 r/6733 chore(ops/modules): enable passwordless sudo in users moduleVincent Ambo1-0/+5
Change-Id: I8522a106bbadacf1b5720b4cd1102052aa360ff0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9575 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-10-08 r/6732 chore(users): remove inactive usersVincent Ambo1-15/+0
Change-Id: I3cfb425e4dac0a467e3917df996e9800a3ebe875 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9576 Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-10-08 r/6731 chore(ops): move yandex-base-image to //ops and bake in keysVincent Ambo1-0/+9
Change-Id: I607af1fc41c1f6ee24eed1386a23663346c3acc2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9574 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-08 r/6730 fix(ops/modules): remove cloud-init from yandex-cloud moduleVincent Ambo1-1/+0
cloud-init stopped working for unknown reasons, enabling it will break DHCP and SSH, and make the image inaccessible. This means that access needs to be provided by baking keys into the image instead. Change-Id: Ib8d32a02d0a8ea61d75921f147349d73a27ef751 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9572 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-06 r/6718 chore(whitby): remove Nixery configurationVincent Ambo1-5/+0
nixery.dev is running on a separate host now, it's not required here anymore. Change-Id: Ie03d5847f8313fdfcf56fa43bb03651b3e4925f0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9552 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2023-10-06 r/6717 chore(ops): remove images.tvl.fyiVincent Ambo2-23/+0
I don't even know what this is/was. Change-Id: I743efa88258bbc13b7a3d4b8de8df222325b00ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/9553 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-24 r/6647 fix(ops/modules/tvl-buildkite): add /run/wrappers/bin to $PATHFlorian Klink1-0/+3
It looks like since cl/9341, the tvix buildkite pipeline fails. We're not yet sure what's causing it, it might be the lack of the `fusermount` binary in $PATH. Change-Id: Ie95678fbd07201e96ca3d43b53827781b49f1f46 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9386 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-09-22 r/6637 chore(ops/glesys): point nixery.dev to nixery-01.tvl.fyiVincent Ambo1-8/+1
Change-Id: I0bfa713511f1565bd2fa9b3c1989fda16e8dfa4a Reviewed-on: https://cl.tvl.fyi/c/depot/+/9428 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6636 feat(ops/glesys): add DNS record for nixery-01 hostVincent Ambo1-0/+7
Change-Id: I9fe8497688764a6a0934a2c02264f93b2078fb1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/9427 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6635 feat(ops): add nixery-01 instance for hosting nixery.devVincent Ambo2-1/+33
Change-Id: Ida21ac7240a532bb6063b362155f2b14b2859aae Reviewed-on: https://cl.tvl.fyi/c/depot/+/9426 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6634 chore(ops): move yandex-cloud image module out of corpVincent Ambo1-0/+79
Change-Id: Idc8cc3a640fc895cd3882e93a193212adb743abb Reviewed-on: https://cl.tvl.fyi/c/depot/+/9425 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 r/6631 chore(ops/modules/www/code.tvl.fyi): add missing go get redirectFlorian Klink1-0/+6
This was missing in cl/9370. Change-Id: I02048b0e65d1192e9e300160bb8f78fe30a70da1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9405 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Connor Brewster <cbrewster@hey.com> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-09-22 r/6629 refactor(tvix): move castore into tvix-castore crateFlorian Klink1-0/+4
This splits the pure content-addressed layers from tvix-store into a `castore` crate, and only leaves PathInfo related things, as well as the CLI entrypoint in the tvix-store crate. Notable changes: - `fixtures` and `utils` had to be moved out of the `test` cfg, so they can be imported from tvix-store. - Some ad-hoc fixtures in the test were moved to proper fixtures in the same step. - The protos are now created by a (more static) recipe in the protos/ directory. The (now two) golang targets are commented out, as it's not possible to update them properly in the same CL. This will be done by a followup CL once this is merged (and whitby deployed) Bug: https://b.tvl.fyi/issues/301 Change-Id: I8d675d4bf1fb697eb7d479747c1b1e3635718107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9370 Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-09-12 r/6588 feat(ops/users): add totikom to usersEugene Lomov1-0/+5
Change-Id: Id2577449ec0a52f8c16f13150896ec0680f02051 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9325 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-12 r/6582 chore(ops/yandex-cloud-rs): bump API definitions to 2023-09-04Vincent Ambo3-4/+4
Change-Id: I6ef83796a01014b01ac8aef6c7f500863f5cbf03 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9305 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-09-10 r/6575 feat(ops/modules/code.tvl.fyi): fix go get for tvix store protosFlorian Klink1-1/+11
There's a go.mod in in tvix/store/protos, which sets the module path to code.tvl.fyi/tvix/store/protos. While this path makes kinda sense, it's currently not possible to `go get` it from that location, as we serve the cgit interface from there. Fortunately, `go get` has a mechanism to determine clone URLs for a given go module path, as documented in https://go.dev/ref/mod#vcs-find. We simply need to serve a small HTML file at that path, describing the proper clone URL. This points the clone URL for code.tvl.fyi/tvix/store/protos to a josh- provided subtree of just :/tvix/store/protos, which will contain the root go.mod file. We need another layer of indirection as nginx can't have an `alias` directive inside a conditional block (but can have a redirect). Contrary to https://b.tvl.fyi/issues/299#comment-464, it seems to work for our usecase. It might become a problem if we actually serve `go.mod` files in a nested fashion at some point, but let's look at that once we get there. Fixes b/299. Change-Id: Idcad795105af5d57e6d06de6e232881dccf9110b Reviewed-on: https://cl.tvl.fyi/c/depot/+/9290 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: adisbladis <adisbladis@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su>
2023-09-05 r/6552 feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyiVincent Ambo2-0/+20
I verified on whitby that the password hashes generated by //web/pwcrypt are compatible with our OpenLDAP, so it's time to make this thing public. Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2023-09-05 r/6551 feat(ops/glesys): delegate signup.tvl.fyi to whitby in DNSVincent Ambo1-0/+1
Change-Id: I7ca1e970228239e87581fd4d65c50334932d85a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9265 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-08-22 r/6517 fix(ops/nixery): switch nixery.dev to stable nixpkgs channelVincent Ambo1-2/+3
The current unstable has a bunch of breakage which people have been reporting, lets move the public instance to the stable channel until that is sorted out. Example breakage: https://github.com/tazjin/nixery/issues/159 Change-Id: Id5eb11ebd235928b85c01c178c32da3badea517f Reviewed-on: https://cl.tvl.fyi/c/depot/+/9126 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-08-21 r/6516 feat(tvl-users): grant wheel privileges to flokliVincent Ambo1-1/+1
Flokli needs deploy access to whitby to ~~break auth~~ experiment with Dex. Change-Id: If39763192961e227ee569a312f6a0e3ae2c10786 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9113 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-07-10 r/6401 fix(ops/whitby): remove tazj.in moduleVincent Ambo1-1/+0
this moved out of whitby some time ago (to koptevo.tazj.in), but is now causing failures because of ACME cert renewal Change-Id: I4da5512db0d85d416511a1d10f784e978c5ccc93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8948 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-07-07 r/6396 fix(users): rename zseri -> fogtiAlain Zscheile1-2/+2
in accordnace with similar renaming on other sites (e.g. GitHub, Exozyme, chaos.social) My experience with exozyme tells me that fully applying this change might require manual editing of gerrits database anyways to fix broken references/patch ownerships. Change-Id: I024ff264c09b25d8f854c489d93458d1fce7e9f4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8919 Autosubmit: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de>
2023-07-05 r/6392 feat(tools/git-r): git subcommand to display r/numbers for commitssterni1-0/+5
Sadly, this can't quite be an alias (which would be difficult to automatically set up anyways), since we want to check if an r/number is part of the (upstream) canon branch. The test script for the subcommand doubles up as a soundness check for our pipelines ref creation. Change-Id: I840af6556e50187c69490668bd8a18dd7dc25a86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8844 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de>
2023-07-01 r/6383 chore(ops/secrets): drop oauth2_proxy.ageFlorian Klink2-1/+0
This was already removed from whitby a while ago, no reason to keep this secret. Change-Id: I4742dd0138a3eff91325c94e44e64b72c644ee3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/8915 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2023-07-01 r/6382 chore(ops/keycloak): drop oauth2-proxy clientFlorian Klink1-21/+0
Nothing is using this, so it can be removed. Change-Id: I1b812b6df89d4f79ed313e646e141909519c6083 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8914 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: flokli <flokli@flokli.de>
2023-07-01 r/6381 chore(ops/modules): remove oauth2_proxy moduleFlorian Klink1-60/+0
This was dropped from whitby itself in cl/8905, but didn't drop the module because we were worried someone else might still be using it. However, this relies on the "oauth2-proxy" client ID, which only has the following supported redirect uris (as per ops/keycloak/clients.tf): - https://login.tvl.fyi/oauth2/callback - http://localhost:4774/oauth2/callback … which means, noone can really run this properly anyways, so let's drop it. We can always restore it from git. Change-Id: I7d700f59a62cce1254ad4ba0792a7d7b3960b769 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8913 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-06-30 r/6374 chore(ops/whitby): remove broken oauth2_proxy serviceVincent Ambo1-5/+0
this never worked and was never used, but for now the module itself is still around in case somebody wants it for something Change-Id: Id8e449e08c8012786bca0ea57d9c7b97056a1f3d Reviewed-on: https://cl.tvl.fyi/c/depot/+/8905 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-23 r/6350 chore(ops/whitby): drop obsolete grub version optionsterni1-1/+0
Change-Id: I8f89f00d3eca5cef23dc7698208b08e0b6826393 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8854 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-22 r/6343 feat(ops): introduce (head|tail)scale server at net.tvl.fyiVincent Ambo3-0/+76
This runs a headscale server on sanduny which lets users join their machines to the TVL tailscale network. This would theoretically let people communicate with each other on the internal network, but also more notably joined servers can advertise exit node capability so that we can have our own "VPN network", for starters with endpoints in Germany, UK and Russia (whitby, sanduny and koptevo respectively). This setup isn't fully stable yet, notably: * The IP range used by tailscale is just the default one right now, I'm not sure if that should be changed or what. * The system is stateful (on sanduny), but the state is not (yet) backed up anywhere. Use with caution. * Machine joining is a manual process requiring SSH & root access to sanduny. The process is to log in to sanduny, then get a headscale shell with `sudo -u headscale bash`, and to use the `headscale` CLI within there to administrate access. I've opted to create a user account `tvl` for TVL-owned machines, and a personal account for myself and my machines. Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-06-20 r/6338 feat(ops/glesys): add `net.tvl.fyi` CNAME for sandunyVincent Ambo1-0/+7
This will host a headscale server for TVL. Change-Id: I8769852aaaf7a02a2d63f48ecf5adfd86747ff72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8835 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-06-15 r/6317 fix(ops/modules/quassel): use systemd LoadCredential to read certsVincent Ambo1-1/+5
This avoids permission issues with nginx vs. quassel Change-Id: I770f8284d8fd8fc6d38add93c1681f9daebe8749 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8786 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-15 r/6311 chore(3p/sources): Bump channels & overlayssterni2-2/+1
* //ops/modules/depot-inbox: Adapt to upstream option type declaration. See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076. * //ops/machines/sanduny, //users/tazjin/polyanka: Remove boot.loader.grub.version options (no longer has any effect). * //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk * //3p/overlays: update tdlib to match emacs-overlay * //3p/overlays: give EXWM from depot a separate name * //users/grfn/system/home: disable Slack support in ntfy Change-Id: I03bde088bc70e05b23925f244899807210cb7b20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-14 r/6292 fix(ops/yandex-cloud-rs): fix dev-dependencies for examplesVincent Ambo2-0/+4
Change-Id: Ib99755d2b49464a6a30442b696ecfeda03038066 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8767 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI