Age | Commit message (Collapse) | Author | Files | Lines |
|
For example see how Google does it:
```shell
$ dig google.com
142.250.64.206
$ dig -x 142.250.64.206
mia07s56-in-f14.1e100.net. # <- trailing dot
```
Change-Id: I300ffdc03cc740628a4f07f7822e8fadaf12a57a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4755
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
Preferring billandhiscomputer.com in lieu of wpcarro.dev. wpcarro is a bit of a
tough username for others to remember and for me to say out-loud (it usually
involves me spelling it and explaining to others why Carroll is missing
2x-Ls). I think it's time for a change.
During the transition, I don't want to deal with stale links to
https://wpcarro.dev, so I'm templatizing more of my website and blog so that
these values can be replaced.
Expect more forthcoming changes.
Change-Id: Ic2f5519e6b0d76fcb8b737bf50009e8388f1b178
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4754
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
This support reverse-DNS lookups.
I encountered a problem where I accidentally deleted my instance's
`nat_ip` (external, ephemeral IP). I needed to run...
```shell
terraform apply -replace=google_compute_instance.diogenes
```
...which invalidates terraform's local cache of the state. I believe this used
to be called `terraform taint`. Things are mostly WAI, with one known issue:
quasselcore and billandhiscomputer.com complain about missing SSL certs, but I
believe this is a race-condition. Calling...
```shell
systemctl restart quassel.service
```
...resolves the issue for quassel. Unfortunately the same doesn't work for
nginx.service, but after a bit of time https://billandhiscomputer.com "just
works". Clearly I'm not sure what's going on here. At least not yet...
Change-Id: I9f059655cb6e83d56618b77cfe4ed38283614ef6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4753
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
Add quassel to the nginx group because only user=acme and group=nginx can read
/var/lib/acme/*
Change-Id: If456b8ebf43ee098cd8007c3c6235c78c1071250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4752
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
TL;DR:
- Mimmick depot's bin -> __dispatch.sh for personal utils
- Define deploy-diogenes to more tighten my feedback loop
Change-Id: I2b12a1c32a955574f5be5d4f38025bd97e9c7b77
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4751
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
source_tags means:
> the firewall will apply only to traffic with source IP that belongs to a tag
> listed in source tags.
This mechanism exists (presumably) for local networking between instances that I
manage. For ingress traffic, I'd like to open these ports to the wider
internet.
Change-Id: If0963c853f10f3c205581cce100671714a5f6a3a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4750
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
More DNS debugging tools
Change-Id: I5ac192a1f8811149ae3eb0133c7d06496753248b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4749
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
These are now available at https://billandhiscomputer.com. I still need to
update the website copy and transfer wpcarro.dev over from Google Domains. I
think I prefer billandhiscomputer (username bill, bill_and_his_computer,
bill-and-his-computer, the_real_bill), so I may deprecate wpcarro. We'll see...
Change-Id: Ia7831ee4813e2cf639047d22d59d302a50e06e66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4748
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
TL;DR:
- Define googleCloudVM function to provision NixOS VMs on Google Cloud.
- Consume googleCloudVM in diogenes/default.nix
- Define README.md for basic usage instructions (subject to change).
- Delete diogenes's HCL
- Remove `diogenesSystem` from meta.targets
I'm still having trouble with DNS:
- I need to transfer the Google Domains config to Cloud DNS
- `host billandhiscomputer.com` is NXDOMAIN, so I don't trust my tf DNS config
- This is preventing me from getting SSL certs, which blocks my website, quassel
Change-Id: If315876c96298e83a5953f13b62784d2f65a1024
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4747
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
I wasn't sure if removing the email portion would be a schema error, but NixOS's
GCE image relies on the tripartite structure, and maybe other things do too.
Change-Id: I1b045fad974a7227d1980fff19c9d4f48ba58356
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4746
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
On non-NixOS configs, `git` has been complaining about missing `--global`
variables for `user` and `email`.
TODO(wpcarro): Support this in google-briefcase instead.
Change-Id: Iae29fe9aaa6c13295063137f241eeb5861d4b244
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4792
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
I rewrote my `README.md` most recently to show some managers what type
of side-projects I was working on. After successfully transfering to SRE
internally, I don't need the `README.md` to be a marketing document but
rather a tutorial for my future self. This change is a step in that
direction.
Change-Id: Ieaf0e72c8a33a163e6b6adefd76665ca675e8462
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4791
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
After receiving another computer from Google and attempting to "easily"
install my configuration, I realized that I had some holes. In reality
these could (and perhaps should) be easily tested using CI that attempts
to cleanly install my configuration on various platfoms (e.g. Debian,
NixOS), but I'm not interested in supporting something like that (at
least not at the moment).
For now, it suffices to nixify some of the lingering shell scripts with
implicit dependencies on tools like `stow`.
> Don't let perfect be the enemy of good?
Change-Id: Ifdeac2c855e46973e3a4ea416418109a748eb41d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4790
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
telega.el currently throws errors related to some broken internal
logic about media codecs, which breaks this check in CI.
Change-Id: I8518977dba801dec90b966c84771ff0f59dcbb3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4824
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
This is *way* faster, as advertised
Change-Id: Iad452dc3b3b768331d7de0421f768f82e9b76a60
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4785
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Can no longer be null and has been renamed to security.acme.defaults.email:
https://github.com/nixos/nixpkgs/commit/377c6bcefce8e8ccd471892a1b24621d5a909457
Change-Id: Icac9506185da176365369ed3c7db3c71ffc90b1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4784
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I13e95b91351af33c2452f1c4de45cc47aeae1dc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4745
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
|
|
Change-Id: I85b0066574b45490d61ed1edf29587689ba63c6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4744
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: zseri <zseri.devel@ytrizja.de>
Tested-by: BuildkiteCI
|
|
Change-Id: Icf40fb125cc3fe9e1c70de2ac253d70349a213d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4743
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Also sort, first by rsvp, then by signed in, then by last check, then by
name
Change-Id: I15d2e4a5693290d9c1cfd09196982e7a6957a138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4742
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
More beginner problems/solutions for CTF-style challenges.
Change-Id: Ide229e99e3ccc1ede5a5ca1c2ad039498e49ea4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4740
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Just getting my feet wet...
Change-Id: Ia1db0c69fe7d5ea5cb5585853d0688ef97f2680a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4739
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
I'm mimmicking the setup of diogenes-1 until I switch everything over to the
terraform-defined diogenes.
Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn
for the pointers.
Problem: When I originally setup my Google VM, I followed this tutorial,
https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing
`nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l
gs://nixos-images`). Critically, I missed this important footnote:
> NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and
> will instead need to be found at
> <nixpkgs/nixos/modules/virtualisation/gce-images.nix>.
It turns out that *newer* images include this script...
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash
...which reads the key, "sshKeys", from the Google metadata server and copies
the value into /root/.ssh/authorized_keys.
To make matters a bit misleading, the NixOS script expects the key to be
"sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both
versions appear in this commit).
TL;DR:
- upgrading to a newer NixOS image
- adding an empty access_config block so Google will assign my VM an external IP
- removing oslogin (not necessary to do, and I may add it back later)
- adding my public SSH key as metadata
Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
For now:
- git confg
- picom: X compositor
- dunst: system notifications (not working for quassel)
I still need to port various configs and ensure I support both gLinux and NixOS
machines.
Change-Id: I31a635eaacac25ef6219e079fc968d2ece026a5f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4736
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Title: distributed builds without single points-of-failure
Change-Id: I54275ea75d7e29269162f6158743d64d17f79915
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4550
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: zseri <zseri.devel@ytrizja.de>
|
|
Change-Id: I5feb7187bd9aee45478aa5759e94df49e92565bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4734
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I59087cd855953d0ebdcaaea2374788e9e015e1ea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4733
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This is going to be enforced in CI very shortly (it already kind of
was, but not really).
Change-Id: I8569d030e31230f077371bd1644b75f048271a0e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4728
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: wpcarro <wpcarro@gmail.com>
|
|
When I include "80" and "443" in the allowed TCP ports, the ports don't appear
to be open, but when I add the tags "http-server" and "https-server", which I
don't control, they do. I'm not sure what's going on, but I don't want to let
perfect be the enemy of good...
Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Some reference commands for my future self (blog post forthcoming?):
```shell
$ nix-shell -p google-cloud-sdk terraform
$ gcloud auth application-default login # stateful
$ terraform init
$ terraform apply
```
What's left for feature parity?
- Encode 100GB external disk as resource
- Encode firewall as resource
- Ensure marcus can SSH to instance
Stretch goals:
- Spin-up fully NixOS-configured instances
Change-Id: If156a5b0a2a0f8bfdf2548a4b5f592a77409fcb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4724
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
TL;DR:
- copy rendered posts to $out/posts
- update postUrl attr
- remove unused attrs
Change-Id: I027c20d6244e4626128788ad9aa1f1aad7855f32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4723
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
`substituteAll` supports templating with @variables@, which I think really
cleans things up.
Change-Id: Icfad15ac9e174495ba02260d817f7330f1616c6f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4722
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Change-Id: I07b6e70ec4026644733e58a2c5f2aa6696a038f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4719
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Remove remaining references to blog.wpcarro.dev
Change-Id: I364763459b195fc17753da4a7c5918ce5136e891
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4718
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
TL;DR:
- Create an index page to list blog posts
- Drop blog.wpcarro.dev -> wpcarro.dev/blog
- Create fragments directory to host reusable static website components
- Consume fragments in wpcarro.dev and wpcarro.dev/blog for brand consistency
Change-Id: Ib8440300c008c3c0c5e5a6f207e4ea207dd41b47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4717
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
|
|
Change-Id: I278c586db7a8641a9e254f05075ee4e8bdf78d67
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4715
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
|
|
Figured this out by opening web inspector for the discord web app and
looking at the responses for role memeber counts.
Change-Id: I0fa6418c4d1781a65ef50c9ed14665e2b142ae32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4707
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Hugo is a bit too heavyweight for my taste.
Change-Id: I331bc5898bd40f1a03bbde8ad69fe3cc9f72c18b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4704
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
I have a (unconfirmed) suspicion that this is paying more in CPU time
than it's saving in disk space - regardless, I have a bounty of the
latter and a deficit of the former.
Change-Id: I3375b8d904e0878fd47c1845e3c3b9b6c6359189
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4700
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I316af01af87ed6f75d57e4400c95d83d274370a4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4699
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
This was originally intended to work around the issue caused by me
accidentally ending up proxy_set_header'ing the Host header twice (which
nginx *concatenates with slashes*, rather than overwriting!), but seems
sensible regardless to make that whole thing (hopefully) a bit less
brittle
Change-Id: I877fa594b46e88d1ba05e793832beab3d0aaccdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4697
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Also update log deps so things actually log, using a new :outdated alias
based on antq
Change-Id: I6f87f474bea101fa1b396c519b234eb3aac1c4f1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4696
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Start of a production deployment of the app with nixos+terraform, using
provisioners and null-resources to provision nixos machines a'la espes.
Change-Id: I2ddaed76d0037dadbf9fc9e2ee27e9e67a852228
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4695
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I0299242982c183fa9fc1f26b1bacb14f8fc14b28
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4684
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Start setting up agenix with secrets in //users/grfn/secrets for
mugwump, starting with my cloudflare API key which I use for the ddns
from my home apartment
Change-Id: Ida66cb91da3415357a512039d6c23402f0ae9388
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4683
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: Ic2ddbdfadb9d65d5ab1ca57f4593ac4c6d2754d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4687
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: I0b9671dd7e43cf25e8313a10e31b1f19cf897371
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4682
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
|
|
Rely on GCP's VPC configuration, which dedupes my configuration efforts.
Change-Id: Iab0751b2a73a4f41a82b2968ba6aa9ff73bf6ccc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4691
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|
|
Let's see what mosh is all about...
Change-Id: I0439130f55dc056370397c3e4ea8039f888703c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4690
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
|