about summary refs log tree commit diff
path: root/ops
AgeCommit message (Collapse)AuthorFilesLines
2024-10-23 r/8852 chore(3p/sources): bump channels & overlays (2024-10-12)Vincent Ambo1-1/+2
* amend keycloak configuration as per upgrade guide for their latest, most innovative breaking changes. https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option * users/aspen: remove deprecated noXlibs option. This option has no alternative. Change-Id: I49f45e38cda6b01ddf6f014b7b1c43972b76629f Reviewed-on: https://cl.tvl.fyi/c/depot/+/12601 Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi> Autosubmit: tazjin <tazjin@tvl.su>
2024-10-19 r/8848 feat(ops/users): add marijan to usersMarijan Petričević1-0/+5
Change-Id: I2d2277915d3e679c9388ea9bc0328b4040b22bf6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12671 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-10-19 r/8840 fix(ops/pipelines): limit depot-nix-eval to concurrency of 3Florian Klink1-1/+1
It seems we need more memory these days, and llama frequently ran OOM. Decrease the number of concurrent evaluations. Change-Id: I2648ebdedf09b80c9a231c4614004f953a646bc0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12662 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu>
2024-09-26 r/8721 feat(whitby): switch from nix-serve to harmonia for the cacheVincent Ambo3-11/+125
Harmonia is, ostensibly, faster and better and, most importantly, not a giant pile of wonky Perl. I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think we should be good to go here. We have a vendored copy of the upstream module for now. We need to fix Nix 2.3 compatibility in upstream for the module, but the service itself works fine. Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2024-09-22 r/8707 feat(aspen/system): Move metrics to ogopogo, refreshAspen Smith1-1/+0
Change-Id: I93ddc961b473e15febe22a16879875dbd926236a Reviewed-on: https://cl.tvl.fyi/c/depot/+/12501 Autosubmit: aspen <root@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi>
2024-09-21 r/8705 chore(ops): remove volgasprint cache machineVincent Ambo2-154/+0
Change-Id: I1030393d843f03af3617487fc70829fcca792839 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12499 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi>
2024-09-14 r/8691 chore(users/tazjin): move my homepage module into //usersVincent Ambo1-54/+0
This was in //ops for legacy reasons, but this is really not necessary. Change-Id: I758b257838993ef0f7d55809c137118826e2ba85 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12483 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-09-01 r/8635 chore(ops/journaldriver): bump Rust dependenciesVincent Ambo1-145/+125
Required to bump past the broken time crate. Change-Id: Ied9e3367f5fc69db0671732a75f2e410f4f234f6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12407 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2024-09-01 r/8634 fix(ops/keycloak): update client ID and client secretFlorian Klink2-1/+1
This points to a "GitHub App" now ("https://github.com/organizations/tvlfyi/settings/apps"), rather than an "OAuth App" ("https://github.com/organizations/tvlfyi/settings/applications"). Apparently this makes a big difference, and we should be using a "GitHub App", not an "OAuth App". The defails on why are in https://github.com/keycloak/keycloak/issues/9429#issuecomment-1578953468 The App can be configured at https://github.com/organizations/tvlfyi/settings/apps/tvl-keycloak . With this, we should get rid of spurious Exceptions with some GitHub users trying to log in, hopefully fixing https://b.tvl.fyi/issues/201. Change-Id: I25d0d6cd1b05ad54ed3d760d3a48ce1f430c0e7d Reviewed-on: https://cl.tvl.fyi/c/depot/+/12413 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-09-01 r/8633 fix(ops/keycloak): ignore delete_default_mappers fieldFlorian Klink1-0/+7
Without this, terraform wants to recreate the resource, just because we do /not/ want to delete the default mappers: ``` # keycloak_ldap_user_federation.tvl_ldap must be replaced -/+ resource "keycloak_ldap_user_federation" "tvl_ldap" { + delete_default_mappers = false # forces replacement ~ id = "4e68e9f0-7aba-4465-8357-f2af6a55fd0e" -> (known after apply) name = "tvl-ldap" ~ use_truststore_spi = "ALWAYS" -> "ONLY_FOR_LDAPS" # (27 unchanged attributes hidden) } ``` Keycloak lists the a few mappers. which are likely the default ones, but in any case, we don't want to recreate this resource. Change-Id: I170a91a44b2efa426fae268cf7fc97a7f28a5760 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12412 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2024-09-01 r/8632 fix(ops/keycloak): set base_pathFlorian Klink1-0/+5
The docs mention this applies to "users of the legacy distribution of keycloak". However, we get a "failed to perform initial login to Keycloak: error sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found" if we don't set this. With this, the provider is able to talk to the API, as long as the secrets are sourced. Change-Id: I0b9cdd45b1628aa0870a1673491c12c07bf7f8d6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12411 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2024-09-01 r/8631 fix(ops/buildkite): fix terraform state configFlorian Klink1-1/+5
The same fix from cl/11021 also needs to be applied to other states. Change-Id: I205b03aab49130639c79702f4bf16f0bf28d89ab Reviewed-on: https://cl.tvl.fyi/c/depot/+/12410 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de>
2024-09-01 r/8630 fix(ops/keycloak): fix terraform state configFlorian Klink1-4/+8
The same fix from cl/11021 also needs to be applied to other states. Change-Id: I0df3ee2e8970e0d08a119ecc6347f24aef0448c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12409 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-08-30 r/8612 feat(ops/users): add domenkozarFlorian Klink1-0/+5
Change-Id: I4d10a17b43918857188c2b1f1babb8890346d9c0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12397 Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Reviewed-by: lukegb <lukegb@tvl.fyi> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-08-28 r/8600 fix(ops/users): fix email address for yl3dyAlexander Kiselyov1-1/+1
Change-Id: Id943cbb486073173a8391074c326749bffb990f7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12361 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: yl3dy <aleksandr.kiselyov@gmail•com> Tested-by: BuildkiteCI
2024-08-27 r/8599 feat(ops/users): add ein-shvedYury Shvedov1-0/+5
Change-Id: Idf8083d7f48fb1eca40596003fad1552b87bcef4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12364 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-08-26 r/8590 feat(ops/users): add yl3dyVincent Ambo1-0/+5
Change-Id: I05a11bb1f3496680c22b31a4450e4675d028c59d Reviewed-on: https://cl.tvl.fyi/c/depot/+/12350 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2024-08-25 r/8584 feat(ops/users): Add azahi to usersAzat Bahawi1-0/+5
Change-Id: I4df81b7f08e173d3c887bc89f869889a7901dbf0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12347 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-08-25 r/8583 feat(volgasprint-cache): enable auto deployVincent Ambo1-1/+6
Change-Id: I3b0a4695f69ef24a4f1f6280402c8a72223ff0c9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12344 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: mrflos <mrflos@yeswiki.pro>
2024-08-25 r/8582 chore(ops/machines): add nixery & cache machines to system listVincent Ambo1-0/+2
Change-Id: I40a4e7b9b993b2af57b03da1036ddeca2a0d298a Reviewed-on: https://cl.tvl.fyi/c/depot/+/12343 Reviewed-by: mrflos <mrflos@yeswiki.pro> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2024-08-25 r/8580 feat(ops/machines): add temporary VolgaSprint cache machineVincent Ambo2-0/+149
Change-Id: I5b5bb98f591e7bf3b1f16673f7f670b758444066 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12327 Reviewed-by: mrflos <mrflos@yeswiki.pro> Tested-by: BuildkiteCI
2024-08-23 r/8573 fix(ops/modules): re-add cheddar highlighting serverVincent Ambo2-0/+33
This was deleted when removing the Sourcegraph module, but it turns out it is also needed by panettone. Change-Id: I8f14165bf783743247894c2b64882fbb032ffbf8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12295 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2024-08-23 r/8564 feat(ops/users): add mrflosVincent Ambo1-0/+5
Patch submitted via public inbox. Change-Id: I5dc2d86aefd909216e8a16f428fc2cf818a125c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12296 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-08-23 r/8559 feat(ops/users): add nikivVincent Ambo1-0/+5
Patch submitted to me IRL. Change-Id: Idd8aa75313ba73d5c1e92b98d390e43e7108c6b6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12292 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2024-08-23 r/8557 chore(ops/besadii): remove sourcegraph index update supportVincent Ambo2-38/+1
Change-Id: I4ee9a5a69c90e2050c60b2ef8483431d691b499f Reviewed-on: https://cl.tvl.fyi/c/depot/+/12287 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2024-08-23 r/8556 chore(whitby): remove Sourcegraph instanceVincent Ambo2-64/+0
Change-Id: I4d03f98e79de5e3a9c8c4a33682d5c78e3e0f028 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12286 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-08-23 r/8555 feat(ops/users): add azizVincent Ambo1-0/+5
Patch submitted to me IRL. Change-Id: I43805e3932ccbe383fb5ec7780a29fae187f64db Reviewed-on: https://cl.tvl.fyi/c/depot/+/12290 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-08-23 r/8554 feat(ops/users): add emeryVincent Ambo1-0/+5
Patch submitted to me IRL. Change-Id: I4cbfb138f616adf8635ca84f25cb77f8b8af7959 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12289 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-08-23 r/8553 feat(ops/www): redirect cs.tvl.fyi to livegrep & cgitVincent Ambo1-7/+42
Goodbye, Sourcegraph. Relates to b/290. Change-Id: Ic1cf3c1cf52ae17cdcc18c675b4c01d477644a3c Reviewed-on: https://cl.tvl.fyi/c/depot/+/12285 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2024-08-20 r/8546 feat(kontemplate): defaults can now have nested valuesArmin Schlegel2-1/+23
See https://b.tvl.fyi/issues/409 for details. Change-Id: Ibb54fab7a78e0e5f708c2a7dc8bb26ac0b2b4689 Signed-off-by: Armin Schlegel <a.schlegel@gridx.de> Reviewed-on: https://cl.tvl.fyi/c/depot/+/11972 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-08-19 r/8517 feat(ops/pipelines): support buildkite retriesFlorian Klink1-4/+6
cl/12228 did enable automatic retries for some flaky tests, which generally did work, as can be seen in https://buildkite.com/tvl/depot/builds/35893 However, ":duck:" still reports as failing, because we check the number of steps to be nonzero, which is not the case if retries have happened. We cannot check for the overall status of the build, as it's still "RUNNING", but instead of counting all failed steps so far, we can query all failed jobs and then filter out the ones that were already retried. Change-Id: Ib9d27587c8a8ba7970850812c4302fecdc4482e7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12233 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-08-11 r/8478 feat(ops/users): Add elle to usersElle Najt1-0/+5
Change-Id: I18492d6e6167f3c010e8f66670a127807ac7d99c Reviewed-on: https://cl.tvl.fyi/c/depot/+/12183 Reviewed-by: aspen <root@gws.fyi> Autosubmit: aspen <root@gws.fyi> Tested-by: BuildkiteCI
2024-07-21 r/8389 feat(ops/users): add sinavir to userssinavir1-0/+5
Change-Id: I54c47f8119d38f7403e27cbc23efd919dcf8e8d5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12006 Reviewed-by: yuka <yuka@yuka.dev> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-06-12 r/8253 feat(ops/users): Add toastal to userstoastal1-0/+5
Change-Id: Ie25e2f1f0b7557be01b6f78142f1a40952988e53 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11792 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-06-10 r/8245 feat(ops/users): Add fmzakari to usersFarid Zakaria1-0/+5
Change-Id: I6e5d0b56e932427e6285556106fba277e05a26cd Reviewed-on: https://cl.tvl.fyi/c/depot/+/11785 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2024-06-10 r/8240 docs(ops/terraform/deploy-nixos): document variables in READMEFlorian Klink1-3/+9
Give some more context about what these mean. Mostly copied from the descriptions in nix-eval.sh Change-Id: I845f4227206f7035bcd185a708c14877a040c46a Reviewed-on: https://cl.tvl.fyi/c/depot/+/11778 Tested-by: BuildkiteCI Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: flokli <flokli@flokli.de> Reviewed-by: flokli <flokli@flokli.de>
2024-06-10 r/8235 chore(kontemplate): Migrate to Go modulesMoritz Sanft6-116/+106
This switches to [Go modules](https://go.dev/blog/using-go-modules), which have now been the standard for dependency management in Go codebases for a while. In addition to initializing a new Go module, it also updates the paths of some gopkg.in dependencies, which are deprecated as well. Change-Id: Ie5c9faa415a65ab76cbe59f4afb437a9250be392 Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Reviewed-on: https://cl.tvl.fyi/c/depot/+/11773 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-06-09 r/8234 feat(tazjin/keys): add SSH key for arbatVincent Ambo1-0/+3
Change-Id: Ib83f22b8ee4c79b61b9be9d8cd176d759f6081ab Reviewed-on: https://cl.tvl.fyi/c/depot/+/11772 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2024-06-03 r/8212 feat(fun/clbot,ops/machines/whitby): filter tvix-dev clbotProfpatsch2-6/+12
In #tvix-dev, we want to display only CLs that relate to tvix and related projects. So use a pretty dumb allow-list for which CLs to display in that channel. Change-Id: I3ef50b64e3d7fbc27a6690be6a10f1b55c04cd6e Reviewed-on: https://cl.tvl.fyi/c/depot/+/11658 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2024-05-31 r/8185 feat(ops/users): Add chickadeeMatthew Tromp1-0/+5
Change-Id: I7b06473f67ee630a02676b19ff42ef02dd4014ed Reviewed-on: https://cl.tvl.fyi/c/depot/+/11742 Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi> Autosubmit: aspen <root@gws.fyi>
2024-05-26 r/8171 feat(ops/modules): launch teleirc for Volga SprintVincent Ambo4-0/+49
For the duration of the sprint, this bot will take care of synchronising the IRC channel with the Telegram group. After the sprint, it will be removed again. Change-Id: I6d5b1316fc85ddd26adf55e31f6bff742907fc24 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11727 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2024-05-17 r/8155 feat(ops/users): add benjaminedwardwebb to userssterni1-0/+5
https://inbox.tvl.su/depot/20240505153017.26572-1-benjaminedwardwebb@gmail.com/T/#u Change-Id: I6cf47468750afbf7fa703bb2800e7b67a17c2a70 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11686 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-05-14 r/8145 feat(ops/users): add yuka to usersYureka1-0/+5
Change-Id: I4526339648958e4e633ca8259b93513dc9406362 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11664 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2024-04-30 r/8039 fix(tazj.in): fix redirectVincent Ambo1-1/+1
Change-Id: I0b695f0104bc587b1c5b7591c8d512a265d96873 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11534 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-04-28 r/8023 refactor(3p): use josh from nixpkgssterni1-1/+1
The change we need has been released and propagated to nixos channels. Change-Id: Ib10a1d42d7ef6deaf5665a13b72ece345e83d7dc Reviewed-on: https://cl.tvl.fyi/c/depot/+/11457 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2024-04-28 r/8022 chore(tazj.in): add a convenience redirectVincent Ambo1-0/+5
Change-Id: Ia41fbff390a2b1df0926ab33e9f4f66b1fd92512 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11533 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-04-25 r/8006 feat(ops/users): add caralice to userssterni1-0/+5
Change-Id: I3d907589c75939c86faa3c1276e4023126ad3d17 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11513 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-04-18 r/7953 fix(ops/nixery-01): enable automatic GCVincent Ambo1-0/+9
This relates to nixery#167. Using our GC module is much more reliable than what we were doing previously. Change-Id: I1956457812a3a847a7c8a1f4e7e91e50fad08ac0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11453 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2024-04-18 r/7952 fix(ops): update DNS record for nixery-01Vincent Ambo2-2/+2
I accidentally deallocated the previous public IP, and had to make a new one :( Change-Id: Ie30305bdfdb8443e058270e5324baf555343441c Reviewed-on: https://cl.tvl.fyi/c/depot/+/11452 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>
2024-03-31 r/7835 feat(automatic-gc): robust way to disable automatic-gcVincent Ambo1-0/+5
We just had a minor incident where apparently our build cache for the critical security fix was deleted by automatic-gc (which I had stopped manually) being reenabled by an unrelated whitby deploy. This adds a new mechanism where by touching a file called `/run/stop-automatic-gc` the GC can be prevented from running. We might want to configure an occasional alert or something if this file exists, so we don't forget about it when we are using it. Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: flokli <flokli@flokli.de>