Age | Commit message (Collapse) | Author | Files | Lines |
|
Note that the login.tvl.fyi WWW configuration is still kind of hanging
around until we've settled where Keycloak lives.
Change-Id: Iaca4e394a7371cafa3716ca66ef09c4eca5b1520
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4626
Autosubmit: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Same approach as in cl/4270.
Change-Id: I3a5a3533ab97513a4b9d8cacc26d013b58441f93
|
|
Included fixes:
* 3p/apereo-cas: Don't use stdenv.lib
* grfn/system: Bump Linux to 5.12 (5.11 is gone)
Change-Id: Ie32d476e659ba482418d4035333c2797a7dbd106
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3211
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
The following commit itends to bind on port 8443 on all interfaces,
so let's move this to something else.
Change-Id: Ibb94a0f4e6892b6e543b542b89bcdaaefb617f23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Panettone currently uses the LDAP DN as the user key, so we collect it
here so that we can later make sure its exposed to Panettone.
Change-Id: Ia2048cb479a2afe6fe9f47181115ae7ec13dedf3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2811
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
There's some non-secret config that made its way into the secrets file.
This CL moves it into git so we can track it properly.
Change-Id: I3f5bf5e1f7addabb199997fb7b1f805b9157fbbe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2810
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490
Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.
Things done to resolve upstream breakages:
* grpc no longer takes abseil-cpp as an input, it has also been removed
in the override.
* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
attribute has been removed by upstream and the patch used by them is
available for 5.11 as well.
* The fixed output hash for third_patry.apereo-cas changed for some reason.
* Remove the pin of haskellPackages.vector from the haskell overlay. It
broke as the most recent version of vector in nixos-unstable no longer
depends on semigroups. This effectively updates vector from 0.12.1.2
to 0.12.2.0.
* Align two comments in tvix/libstore/worker-protocol.hh because the
updated clang-format now demands that.
Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd
Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: I5193cb7695d37c1770257741e600d7029b6596a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/934
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Change-Id: Ie7d52370dd554b110bbfa041b943fcf246373b94
Reviewed-on: https://cl.tvl.fyi/c/depot/+/933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
'2e185f50c38db1a85f39a6bd5ad4c4e58462f003' as 'third_party/apereo-cas/overlay'
Change-Id: Ic3590a8da009199100f6dd9f8c9c41196b5ea9ff
|