about summary refs log tree commit diff
path: root/ops (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-12-01 r/5357 feat(ops/users): add IslandUsurper to users.Lyle Mantooth1-0/+5
Change-Id: Id6bda45acd33dc4e57775321aa8f318164ca7ee0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7469 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-11-23 r/5304 feat(ops/users): Add brainrake to usersMárton Boros1-0/+5
Change-Id: I6bb611fd802ed3f1e748d4c75dc2fd4bea9cc91a Reviewed-on: https://cl.tvl.fyi/c/depot/+/7365 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-11-21 r/5294 feat(ops/users): Add noteed to usersVo Minh Thu1-0/+5
Change-Id: I40b99a46b76d0df40b811350f3560c629babdbc4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7319 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-11-09 r/5275 feat(ops/users): Add jrhahn to usersjhahn1-0/+5
Change-Id: I00913a302ecc23fec2e60875dc164b24d73ba4ad Reviewed-on: https://cl.tvl.fyi/c/depot/+/7257 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-11-07 r/5260 fix(ops/machines/whitby): serve grafana at status.tvl.su againsterni2-2/+2
This is a follow up to cl/7191 which neglected to adjust the status.tvl.su.nix module and re-enable it. Change-Id: Icc1917004cd50e5eab61a29bc68b393ba9bd6325 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7226 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-11-05 r/5249 chore(whitby): Update grafana configGriffin Smith1-63/+44
Uncomment and update the grafana config for whitby based on the new config format that nixos accepts. I've validated this locally by visually inspecting the resulting `ini` file, but not actually run it yet. Change-Id: I12d78ae48146e1b01bd2a4152276d4c6b16c1a3d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7191 Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-03 r/5232 chore(3p/sources): Bump channels & overlays (OpenSSL edition)sterni1-58/+59
* //ops/machines/whitby: Disable grafana, since the grafana module was changed upstream in a way that our configuration no longer works. Since the OpenSSL security update is relatively pressing, adapting the grafana configuration beforehand is not a hard requirement. See https://github.com/NixOS/nixpkgs/pull/191768. * //tools/depotfmt: keep Go at version 1.18 to forgo a reformat of the tree. * //nix/buildGo: keep Go at version 1.18, as 1.19 changed the CLI interface (?) in a way that breaks buildGo. * //3p/overlays/tvl: drop upstreamed tdlib upgrade. * //3p/overlays/tvl: patch buf to work around breakage due to git 2.38.1 TODO items for Go are tracked in b/215. Change-Id: Ie08fef49cf3db12e6b5225a8b992a990ddc5b642 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7141 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>
2022-10-27 r/5212 chore(ops/pipelines/depot/protoCheck): include name in labelFlorian Klink1-1/+1
Change-Id: I2010bd6e4600e9f1dd6e6af40e81ecbbb72c20d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7054 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-10-08 r/5059 feat(ops/pipelines): allow accessing the nix storesterni1-1/+2
This is already allowed de facto, since there seems to be a special exception for reading from derivation outputs. What is forbidden, is access to files imported to the store (even via builtins.toFile) and derivation files. The latter is required for doing dependency analysis on arbitrary derivations, unfortunately. Access to the store allows kind of evil things, but it should be (hopefully) hard to do this by accident, and accessing derivation files is not impure, though it relies on store implementation internals so to speak. Change-Id: I33a7de83ef0ee20a7076690329d62f6caffffe5f Reviewed-on: https://cl.tvl.fyi/c/depot/+/6835 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-10-03 r/5025 fix(ops/www): fix port templating for keycloakVincent Ambo1-1/+1
Change-Id: I714b12f996d7dbe705f1f553d449f2dbc4910b1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/6848 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-10-02 r/5017 chore(ops/whitby): use renamed 'kbdInteractiveAuthentication' optionVincent Ambo1-1/+1
Relates to b/200 Change-Id: Ica7a32e3d2392aba22c2de93cc9be49c4a57eeb9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6838 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-10-02 r/5016 chore(ops/whitby): use new keycloak HTTP port optionVincent Ambo1-1/+1
Relates to b/200 Change-Id: Id8f415d5c4a8947b56031e1671f4f84ac5f2665d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6837 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-09-28 r/4980 chore(3p/sources): Bump channels & overlayssterni8-9/+9
Upstream nixpkgs removed a lot of aliases this time, so we needed to do the following transformations. It's a real shame that aliases only really become discoverable easily when they are removed. * runCommandNoCC -> runCommand * gmailieer -> lieer We also need to work around the fact that home-manager hasn't catched on to this rename. * mysql -> mariadb * pkgconfig -> pkg-config This also affects our Nix fork which needs to be bumped. * prometheus_client -> prometheus-client * rxvt_unicode -> rxvt-unicode-unwrapped * nix-review -> nixpkgs-review * oauth2_proxy -> oauth2-proxy Additionally, some Go-related builders decided to drop support for passing the sha256 hash in directly, so we need to use the generic hash arguments. Change-Id: I84aaa225ef18962937f8616a9ff064822f0d5dc3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6792 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-09-20 r/4930 feat(ops/keycloak): import github identity provider configurationVincent Ambo3-1/+24
For some reason Terraform decided that it would otherwise like to *delete* this configuration, which is undesirable. Note that there is a "magic" special behaviour when the `alias` and `provider_id` are set to the name of a built-in supported provider (github, gitlab etc.), which lets us skip the authorization_url setup. Change-Id: Ib66154c2896dda162c57bdc2d7964a9fa4e15f20 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6706 Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-20 r/4929 feat(ops/keycloak): add SMTP settings in configurationVincent Ambo1-0/+10
I think these were set up in the UI and previously not supported in the Terraform config, now they're supported and Terraform wanted to delete them ... Change-Id: I83eb49ceb774ac835dc81638f962e937c7e936c6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6707 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-19 r/4923 feat(monorepo-gerrit): swap owners plugin for code-ownersLuke Granger-Brown1-1/+10
Change-Id: I9e05384b58dac258bc2da41c22e321b20451ef00 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6686 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
2022-09-19 r/4922 chore(gerrit): migrate OWNERS files to code-owners styleLuke Granger-Brown1-4/+3
Change-Id: Iacc521dfdd4b4a2d5cef3920cf8189bcce35a488
2022-09-16 r/4871 feat(ops/users): Add talyz to userstalyz1-0/+5
Change-Id: I3bbc9d31e4d00b26dcef470816c0b44a949ecb7a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6614 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4829 feat(ops/modules): deploy tvixbolt to tvixbolt.tvl.suVincent Ambo2-0/+20
Change-Id: I534cf918fc3e03ce8c14cf15f6d3280b6a657c8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/6536 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-13 r/4828 feat(ops/glesys): add CNAME for tvixbolt.tvl.suVincent Ambo1-0/+11
I could not get nginx to serve it from `tvl.su/tvixbolt`, and ran out of interest in trying to fix it, so lets put it on a subdomain instead. Change-Id: I1313d75cc9831d94a894191376534b1e5186a76a Reviewed-on: https://cl.tvl.fyi/c/depot/+/6537 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-08-25 r/4490 fix: reflect renames of Nix configuration optionssterni2-14/+14
Change-Id: I7e28ac3d71acd7d99a1d3ef97bef9422097e4abf Reviewed-on: https://cl.tvl.fyi/c/depot/+/6154 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-08-13 r/4426 chore(3p/sources): Bump channels & overlaysVincent Ambo1-1/+1
* tvl-slapd: move database to subdirectory (somehow now required) Change-Id: I1792b856cf68b11959c0cc9caab4135e556f8c58 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6090 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-07-28 r/4337 feat(ops/www): add predlozhnik redirect on tazj.inVincent Ambo1-0/+4
otherwise posting this to reddit's /r/russian is not possible, as they ban all links to Russian-affiliated sites Change-Id: I8d23f0961ec7ef097fc2dbdd0aaa178861a19c10 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5992 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4317 feat(ops/users): Add jfroche to usersJean-François Roche1-0/+5
Change-Id: I60cb0acffd1d21b4660e819799206a0cde4facb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5970 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-22 r/4316 refactor(ops/glesys): add explicit records pointing to whitbyVincent Ambo3-14/+33
instead of setting a wildcard record (which causes really weird behaviour if you set your search domain to tvl.su/tvl.fyi, which I do), DNS records for services running on whitby are now set explicitly. Change-Id: Ia05399b62dad326942fe0efda30782ce153df99d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5961 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
2022-07-20 r/4307 feat(grfn/system): Add ogopogoGriffin Smith1-0/+1
This is my new work desktop https://en.wikipedia.org/wiki/Ogopogo Change-Id: I198d8757ff85eec00a303b990efdd2658cbc3e6a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5963 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-07-19 r/4306 fix(ops/www): redirect very old tazj.in feed URLs correctlyVincent Ambo1-0/+4
at some point in the far past, there was an RSS feed at `/en/rss.xml`. It seems to still get a single hit or so every hour, which currently 404s. Change-Id: Ieb13c2c0232861a50a54bc2a4087d9ccb21185cf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5962 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-07-18 r/4305 fix(ops/www): issue certificate for 'www.tazj.in'Vincent Ambo1-0/+1
Change-Id: I6179f785bb6bd6168a2a11836b90da5ee93adc69 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5953 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-07-12 r/4295 refactor(ops/cgit): make user configurableVincent Ambo2-4/+24
on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 r/4294 fix(depot-replica): make the depot replica world readableVincent Ambo1-1/+1
Change-Id: Idc0b5210793ab0d83b3ac99cf36d7f7f02a35a37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 r/4293 feat(ops/sanduny): run cgit instanceVincent Ambo1-0/+7
Change-Id: Id869fa46d74f215a9034e86f795a4cd9e93acb16 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5930 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4274 feat(ops): configure depot replication to sandunyVincent Ambo2-0/+21
this configures gerrit's built-in replication plugin to push every change in depot to sanduny. this allows us to serve a replica of depot from sanduny. manual config that was needed which needs to be automated: * system-wide known_hosts does not work, needed one in /var/lib/git * .ssh/config MUST be present and configured for sanduny.tvl.su Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4273 feat(ops/secrets): add private key for depot git replicationVincent Ambo2-1/+2
Change-Id: Iaf86d1fe635be8fbd9bc8a397999a2cffcc21606 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5914 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 r/4272 feat(ops/modules): add module for receiving a depot replicaVincent Ambo2-0/+49
This module sets up a user with an SSH key and permissions to receive a (pushed) replica of depot from Gerrit. This still needs appropriate configuration in Gerrit's replication plugin on the other end. This module has been enabled for sanduny. For now it does not (yet) configure git serving. Change-Id: I0fb6f7e696609e71008308e855bdf305dcbcd4f7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5913 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-27 r/4261 fix(ops/sanduny): Enable our binary cacheVincent Ambo1-0/+3
Change-Id: I53f4c5b667018c0d3b01b307411200b66f6a7de3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5901 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: tazjin <tazjin@tvl.su>
2022-06-27 r/4254 refactor(web/cgit-tvl): Move cgit config back out of moduleVincent Ambo4-106/+40
It occured to me yesterday that with the config inside of the module it is kind of difficult to test cgit locally. This moves it back to a separate location (//web/cgit-tvl) and makes the most important things configurable via overrides. Change-Id: I9b0f4c60b75c31441e1718e63b5b55aba3100aae Reviewed-on: https://cl.tvl.fyi/c/depot/+/5893 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-09 r/4232 fix(ops/besadii) test trigger.ref against configured branchÅsmund Østvold1-1/+1
Before this commit besadii only worked for repos having 'refs/heads/canon' as main branch. Change-Id: Ia2ceb8a720c675be84bc3d81b89338522cea6ebd Reviewed-on: https://cl.tvl.fyi/c/depot/+/5862 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: asmundo <asmundo@gmail.com>
2022-06-07 r/4227 refactor(ops/keycloak): Use tools.checks.validateTerraformVincent Ambo1-5/+5
Remove some ~commit message~ ... uh, code duplication. Change-Id: Id6e8f2132999e153d3984848f95ccabd52e4f45f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5853 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-07 r/4226 refactor(ops/glesys): Use tools.checks.validateTerraformVincent Ambo1-8/+6
Remove some code duplication. Change-Id: Ia9e0b3b22926eb9e72f302e2c1ebcee68eaa1db9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5852 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-07 r/4225 refactor(ops/buildkite): Use tools.checks.validateTerraformVincent Ambo1-8/+6
Remove some code duplication. Change-Id: I7ff49e728e1bd584bca3b84cdc033d93e60aefc2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5851 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-06 r/4219 fix(ops/glesys): Remove now unnecessary workaroundVincent Ambo1-4/+0
Remove a workaround for a GleSYS provider bug that was fixed in the last release. Change-Id: Ibd25de0b4dcccd781518d5d0ae1c75d296f6b05f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5845 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-06 r/4218 test(ops/keycloak): Validate Terraform configuration in CIVincent Ambo1-2/+8
Change-Id: I5602cf722b9fe9502c9d7610eefc7ba0ab647362 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5844 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-06-06 r/4217 test(ops/glesys): Validate Terraform configuration in CIVincent Ambo1-2/+11
Change-Id: I8d251d3ee1de77feca865d0a677041c9c485d211 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5843 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-06-06 r/4216 test(ops/buildkite): Validate Terraform configuration in CIVincent Ambo1-2/+11
Change-Id: Ieef4d7d0a717107ee67432474683f3344b6561f8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5842 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4215 feat(ops/buildkite): Import tvl-kit pipelineVincent Ambo2-0/+11
Change-Id: I21f6e0adba3dca3be741761a226ab6810d8bcf8d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5841 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4214 feat(ops/buildkite): Import main depot pipelineVincent Ambo2-0/+13
Change-Id: Id470750aa90505002c6a7e4f840e56c4939ed391 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5840 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4213 docs(ops/buildkite): Add documentation about this configVincent Ambo2-1/+25
Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-06 r/4212 feat(ops/buildkite): Bootstrap Buildkite Terraform configurationVincent Ambo3-0/+33
In order to run this the secrets needs to be sourced, e.g.: eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-06 r/4211 feat(ops/secrets): Add Buildkite API token for TerraformVincent Ambo2-0/+17
Change-Id: I0930f4fb34015ddcaa791b07e4d5d87d069d2b0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5837 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-03 r/4202 refactor(nix/buildkite): Rename "post" steps to "release" stepsVincent Ambo1-3/+3
This is in preparation for a subsequent CL that will do much more significant changes in //nix/buildkite. Change-Id: I80a8d67d3a7d593854c8d711572483c2581e7881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5824 Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Tested-by: BuildkiteCI
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-27T22·28+0000