about summary refs log tree commit diff
path: root/ops (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-10-02 r/5016 chore(ops/whitby): use new keycloak HTTP port optionVincent Ambo1-1/+1
Relates to b/200 Change-Id: Id8f415d5c4a8947b56031e1671f4f84ac5f2665d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6837 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-09-28 r/4980 chore(3p/sources): Bump channels & overlayssterni8-9/+9
Upstream nixpkgs removed a lot of aliases this time, so we needed to do the following transformations. It's a real shame that aliases only really become discoverable easily when they are removed. * runCommandNoCC -> runCommand * gmailieer -> lieer We also need to work around the fact that home-manager hasn't catched on to this rename. * mysql -> mariadb * pkgconfig -> pkg-config This also affects our Nix fork which needs to be bumped. * prometheus_client -> prometheus-client * rxvt_unicode -> rxvt-unicode-unwrapped * nix-review -> nixpkgs-review * oauth2_proxy -> oauth2-proxy Additionally, some Go-related builders decided to drop support for passing the sha256 hash in directly, so we need to use the generic hash arguments. Change-Id: I84aaa225ef18962937f8616a9ff064822f0d5dc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6792 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-09-20 r/4930 feat(ops/keycloak): import github identity provider configurationVincent Ambo3-1/+24
For some reason Terraform decided that it would otherwise like to *delete* this configuration, which is undesirable. Note that there is a "magic" special behaviour when the `alias` and `provider_id` are set to the name of a built-in supported provider (github, gitlab etc.), which lets us skip the authorization_url setup. Change-Id: Ib66154c2896dda162c57bdc2d7964a9fa4e15f20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6706 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-20 r/4929 feat(ops/keycloak): add SMTP settings in configurationVincent Ambo1-0/+10
I think these were set up in the UI and previously not supported in the Terraform config, now they're supported and Terraform wanted to delete them ... Change-Id: I83eb49ceb774ac835dc81638f962e937c7e936c6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6707 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-19 r/4923 feat(monorepo-gerrit): swap owners plugin for code-ownersLuke Granger-Brown1-1/+10
Change-Id: I9e05384b58dac258bc2da41c22e321b20451ef00 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6686 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2022-09-19 r/4922 chore(gerrit): migrate OWNERS files to code-owners styleLuke Granger-Brown1-4/+3
Change-Id: Iacc521dfdd4b4a2d5cef3920cf8189bcce35a488
2022-09-16 r/4871 feat(ops/users): Add talyz to userstalyz1-0/+5
Change-Id: I3bbc9d31e4d00b26dcef470816c0b44a949ecb7a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6614 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4829 feat(ops/modules): deploy tvixbolt to tvixbolt.tvl.suVincent Ambo2-0/+20
Change-Id: I534cf918fc3e03ce8c14cf15f6d3280b6a657c8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6536 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4828 feat(ops/glesys): add CNAME for tvixbolt.tvl.suVincent Ambo1-0/+11
I could not get nginx to serve it from `tvl.su/tvixbolt`, and ran out of interest in trying to fix it, so lets put it on a subdomain instead. Change-Id: I1313d75cc9831d94a894191376534b1e5186a76a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6537 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-08-25 r/4490 fix: reflect renames of Nix configuration optionssterni2-14/+14
Change-Id: I7e28ac3d71acd7d99a1d3ef97bef9422097e4abf Reviewed-on: https://cl.tvl.fyi/c/depot/+/6154 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-08-13 r/4426 chore(3p/sources): Bump channels & overlaysVincent Ambo1-1/+1
* tvl-slapd: move database to subdirectory (somehow now required) Change-Id: I1792b856cf68b11959c0cc9caab4135e556f8c58 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6090 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-07-28 r/4337 feat(ops/www): add predlozhnik redirect on tazj.inVincent Ambo1-0/+4
otherwise posting this to reddit's /r/russian is not possible, as they ban all links to Russian-affiliated sites Change-Id: I8d23f0961ec7ef097fc2dbdd0aaa178861a19c10 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5992 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4317 feat(ops/users): Add jfroche to usersJean-François Roche1-0/+5
Change-Id: I60cb0acffd1d21b4660e819799206a0cde4facb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5970 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4316 refactor(ops/glesys): add explicit records pointing to whitbyVincent Ambo3-14/+33
instead of setting a wildcard record (which causes really weird behaviour if you set your search domain to tvl.su/tvl.fyi, which I do), DNS records for services running on whitby are now set explicitly. Change-Id: Ia05399b62dad326942fe0efda30782ce153df99d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5961 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2022-07-20 r/4307 feat(grfn/system): Add ogopogoGriffin Smith1-0/+1
This is my new work desktop https://en.wikipedia.org/wiki/Ogopogo Change-Id: I198d8757ff85eec00a303b990efdd2658cbc3e6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5963 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-07-19 r/4306 fix(ops/www): redirect very old tazj.in feed URLs correctlyVincent Ambo1-0/+4
at some point in the far past, there was an RSS feed at `/en/rss.xml`. It seems to still get a single hit or so every hour, which currently 404s. Change-Id: Ieb13c2c0232861a50a54bc2a4087d9ccb21185cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5962 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-18 r/4305 fix(ops/www): issue certificate for 'www.tazj.in'Vincent Ambo1-0/+1
Change-Id: I6179f785bb6bd6168a2a11836b90da5ee93adc69 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5953 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-07-12 r/4295 refactor(ops/cgit): make user configurableVincent Ambo2-4/+24
on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 r/4294 fix(depot-replica): make the depot replica world readableVincent Ambo1-1/+1
Change-Id: Idc0b5210793ab0d83b3ac99cf36d7f7f02a35a37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 r/4293 feat(ops/sanduny): run cgit instanceVincent Ambo1-0/+7
Change-Id: Id869fa46d74f215a9034e86f795a4cd9e93acb16 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5930 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4274 feat(ops): configure depot replication to sandunyVincent Ambo2-0/+21
this configures gerrit's built-in replication plugin to push every change in depot to sanduny. this allows us to serve a replica of depot from sanduny. manual config that was needed which needs to be automated: * system-wide known_hosts does not work, needed one in /var/lib/git * .ssh/config MUST be present and configured for sanduny.tvl.su Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4273 feat(ops/secrets): add private key for depot git replicationVincent Ambo2-1/+2
Change-Id: Iaf86d1fe635be8fbd9bc8a397999a2cffcc21606 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5914 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4272 feat(ops/modules): add module for receiving a depot replicaVincent Ambo2-0/+49
This module sets up a user with an SSH key and permissions to receive a (pushed) replica of depot from Gerrit. This still needs appropriate configuration in Gerrit's replication plugin on the other end. This module has been enabled for sanduny. For now it does not (yet) configure git serving. Change-Id: I0fb6f7e696609e71008308e855bdf305dcbcd4f7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5913 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-27 r/4261 fix(ops/sanduny): Enable our binary cacheVincent Ambo1-0/+3
Change-Id: I53f4c5b667018c0d3b01b307411200b66f6a7de3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5901 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: tazjin <tazjin@tvl.su>
2022-06-27 r/4254 refactor(web/cgit-tvl): Move cgit config back out of moduleVincent Ambo4-106/+40
It occured to me yesterday that with the config inside of the module it is kind of difficult to test cgit locally. This moves it back to a separate location (//web/cgit-tvl) and makes the most important things configurable via overrides. Change-Id: I9b0f4c60b75c31441e1718e63b5b55aba3100aae Reviewed-on: https://cl.tvl.fyi/c/depot/+/5893 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-09 r/4232 fix(ops/besadii) test trigger.ref against configured branchÅsmund Østvold1-1/+1
Before this commit besadii only worked for repos having 'refs/heads/canon' as main branch. Change-Id: Ia2ceb8a720c675be84bc3d81b89338522cea6ebd Reviewed-on: https://cl.tvl.fyi/c/depot/+/5862 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: asmundo <asmundo@gmail.com>
2022-06-07 r/4227 refactor(ops/keycloak): Use tools.checks.validateTerraformVincent Ambo1-5/+5
Remove some ~commit message~ ... uh, code duplication. Change-Id: Id6e8f2132999e153d3984848f95ccabd52e4f45f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5853 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-07 r/4226 refactor(ops/glesys): Use tools.checks.validateTerraformVincent Ambo1-8/+6
Remove some code duplication. Change-Id: Ia9e0b3b22926eb9e72f302e2c1ebcee68eaa1db9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5852 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-07 r/4225 refactor(ops/buildkite): Use tools.checks.validateTerraformVincent Ambo1-8/+6
Remove some code duplication. Change-Id: I7ff49e728e1bd584bca3b84cdc033d93e60aefc2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5851 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-06 r/4219 fix(ops/glesys): Remove now unnecessary workaroundVincent Ambo1-4/+0
Remove a workaround for a GleSYS provider bug that was fixed in the last release. Change-Id: Ibd25de0b4dcccd781518d5d0ae1c75d296f6b05f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5845 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-06 r/4218 test(ops/keycloak): Validate Terraform configuration in CIVincent Ambo1-2/+8
Change-Id: I5602cf722b9fe9502c9d7610eefc7ba0ab647362 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5844 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-06-06 r/4217 test(ops/glesys): Validate Terraform configuration in CIVincent Ambo1-2/+11
Change-Id: I8d251d3ee1de77feca865d0a677041c9c485d211 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5843 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-06-06 r/4216 test(ops/buildkite): Validate Terraform configuration in CIVincent Ambo1-2/+11
Change-Id: Ieef4d7d0a717107ee67432474683f3344b6561f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5842 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4215 feat(ops/buildkite): Import tvl-kit pipelineVincent Ambo2-0/+11
Change-Id: I21f6e0adba3dca3be741761a226ab6810d8bcf8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5841 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4214 feat(ops/buildkite): Import main depot pipelineVincent Ambo2-0/+13
Change-Id: Id470750aa90505002c6a7e4f840e56c4939ed391 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5840 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4213 docs(ops/buildkite): Add documentation about this configVincent Ambo2-1/+25
Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4212 feat(ops/buildkite): Bootstrap Buildkite Terraform configurationVincent Ambo3-0/+33
In order to run this the secrets needs to be sourced, e.g.: eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-06 r/4211 feat(ops/secrets): Add Buildkite API token for TerraformVincent Ambo2-0/+17
Change-Id: I0930f4fb34015ddcaa791b07e4d5d87d069d2b0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5837 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-03 r/4202 refactor(nix/buildkite): Rename "post" steps to "release" stepsVincent Ambo1-3/+3
This is in preparation for a subsequent CL that will do much more significant changes in //nix/buildkite. Change-Id: I80a8d67d3a7d593854c8d711572483c2581e7881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5824 Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Tested-by: BuildkiteCI
2022-05-29 r/4185 fix(ops/nixos): use builtins.storePath to avoid dumping pkgs.pathsterni1-4/+12
This is a less invasive way to achieve the same goal as cl/5681, by preventing the already existing nixpkgs store path from being dumped again at the call site. To support nixpkgsBisectPath, we simply check if pkgs.path is below builtins.storeDir and use builtins.storePath based on that. This is actually similar to the approach taken in the nixpkgs documentation system which tries to limit the amount of nixpkgs that needs to be dumped by using filterSource on specific subtrees of nixpkgs. For this to work it has to insist on pkgs.path being an ordinary Nix path, though. Change-Id: Idf892f90a5d811184568e4702a901c334d56210e Reviewed-on: https://cl.tvl.fyi/c/depot/+/5787 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4179 feat(ops/secrets): Add OAuth2 client secret for panettoneVincent Ambo1-15/+16
Change-Id: Icc53b161b260632e50b7bdc4c908912fd377bb87 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5771 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-05-28 r/4177 feat(ops/keycloak): Add OIDC client for panettoneVincent Ambo1-0/+14
Change-Id: Idb4352e3bbf412df5569aa988a78c6438063f93a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5769 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-05-28 r/4176 fix(gerrit-tvl): Use only one build filterVincent Ambo1-4/+1
Buildkite can't handle more than one filter for the query; as of the last commit it just returned an empty list. I've verified with curl based on the request the previous attempt constructed that this works as intended with only setting the commit. Behaviour is probably undefined if there are two builds for the same commit (i.e. a retry). Which one will you see? Who knows! However, since the commit hash contains the Change-Id, we can't get a situation where the build was for two different CLs at the same commit. Gerrit wouldn't allow that. Change-Id: I0dcd0ff44c28d3d15cba23461970bfc8483f4e48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5768 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-28 r/4174 chore(ops/sourcegraph): Bump to 3.40.0Vincent Ambo1-1/+1
Change-Id: I77438201d8ed5237095b3d2e8a855dec3e58b641 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5766 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4173 chore(ops/sourcegraph): Bump to 3.39.1Vincent Ambo1-1/+1
Change-Id: I76d0a3ede7cc23a9a6e8db61ed7e9d91670f1699 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5765 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4172 chore(ops/sourcegraph): Bump to 3.38.1Vincent Ambo1-1/+1
Change-Id: Ib1f4f9591acab537607c9d9c9b123e9c711e331b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5764 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4171 chore(ops/sourcegraph): Bump to 3.37.0Vincent Ambo1-1/+1
Change-Id: If333f28dd0bec4eb965a6e3005ef5aca810c86f3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5763 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4170 chore(ops/sourcegraph): Bump to 3.36.3Vincent Ambo1-1/+1
Change-Id: I3a6caeeb06919b25a9c1200c8f286b0bd34916b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5762 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4169 chore(ops/sourcegraph): Bump to 3.35.2Vincent Ambo1-1/+1
Change-Id: Ia829b4ffa2e7e37438f766d0ff98e504c0d856b4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5755 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-28 r/4167 chore(ops/sourcegraph): Bump to 3.34.2Vincent Ambo1-1/+1
Change-Id: I865335006a091986f8a98e4d5da7161a25e948d9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5754 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-19T06·33+0000