Age | Commit message (Collapse) | Author | Files | Lines |
|
Instead of directly connecting to LDAP and attempting to bind
usernames/password, authenticate users through an OAuth2 flow to
Keycloak.
This has the advantage of reusing the same SSO we already have for
Gerrit, Buildkite, ...
However, much of panettone's functionality makes assumptions about
LDAP being used. As a result there are some warts introduced by
this (for now):
* Since LDAP DNs are used as primary keys for users, we have to
construct fake DNs based on LDAP usernames
It might be sensible to migrate this to the UUIDs used by Keycloak
eventually.
* LDAP is part of the serving path for issues (for fetching user
information), however panettone no longer has a way to fetch
arbitrary user information unless it is persisted in its database.
To work around this, we construct a "fake" user based only on its
DN (i.e. only the username is going to be "correct") and use that to
serve issues.
* Email notifications no longer work (panettone can not access email
addresses)
Some of these need to be worked around by persisting some of that
information in the panettone database instead, as we don't want to
give the service the ability to access arbitrary user information
anymore.
We can probably do this with the user settings feature that already
exists and populate it on launch, but as of this commit email and
displayName functionality is simply broken.
Change-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5772
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Upcoming changes to the authentication model may mean that user
objects do not have an email address attached.
Change-Id: I4fddb810f723c790d243f779714ca7f189a02aeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5770
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: Id2786ae93d9bc45ce98834fb4c444510b1beb22f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5474
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I949d71648e82aaed2f1f571c4c537f0a1c075225
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5473
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I16dfe9295866afdd62802b6c35be66646f3f26c8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5446
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Don't render the <ol class="issue-history"> when we have nothing to put
in it, which is the case when there's no issue history and the user is
not logged in. This avoids an awkward-looking double bottom border on
issues with no comments for unauthenticated users.
Change-Id: I1c6aac40e4ba93e9428a0da589c67582b1589c17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5445
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I447bc95b60a7dca912ca75e118c075e52f8c8ebe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5402
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: wpcarro <wpcarro@gmail.com>
|
|
The ancient `//web/cgit-taz` path stems from the time I had
code.tazj.in serving my initial version of the depot.
I've been meaning to clean this up for forever, so here we go.
Note that this leaves the git-serving module in a strange state where
it only deals with josh. I'll rename it accordingly.
Change-Id: I47ed1e9d90958299b5440a18a1b9075274754e33
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5294
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Instead of managing Postgres connections on our own, use the
`with-connection` postmodern function with pooling enabled as a route
decorator.
This should resolve at least some of the issues from b/113 with
leaking connections, and an unreported issue with connections being
reused while transactions are in progress.
Change-Id: I1ed68667a3240900de1ae69df37d2d3018caf204
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5198
Tested-by: BuildkiteCI
Reviewed-by: eta <tvl@eta.st>
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: Iab7e00cc26a4f9727d3ab98691ef379921a33052
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5240
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
unbind & close the stream of newly created LDAP connections after
auth, which might prevent some of the resource leaking we've got going
on
i did actually verify in sly that this still works. yay.
Change-Id: I92c8ca20de642585ae4c24aa455d051ee6e44a87
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5193
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
* //3p/nix: probably not worth investing time into this anymore
* //users/sterni/emacs: The emoji problem disappeared by itself with a
newer emacs version, however a different one remains…
* //web/panettone: If we ever want to change the behavior, we should
just decide the behavior statically instead of using conditions and
restarts, as we only call it in one place, so making different
decisions depending on call sites is not really a use case we have.
Change-Id: Iff9d439ce356db41ce34d690fb7b6a01822022fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5223
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Any other cgit configuration in depot would need this script wrapper as
well.
Change-Id: Ifa04e1c9de9c925eb3f60c5d3854221ae02ef06c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5206
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).
Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
(who:html-mode) needs to be set at macro expansion time to properly take
effect which wasn't the case before, but is ensured now by
:compile-toplevel. :load-toplevel ensures that who inside the repl will
behave the same.
Since the :html5 behavior is now actually used, we need to adjust some
of the test cases to account for the different :html5 escaping mode.
Change-Id: I4dfe1d2db38da6a2486fde86596f7e5f50ed8b9f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4885
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
We have a new channel visitor who joined via Matrix and pointed this
out. Apparently hackint reestablished the Matrix bridge.
Change-Id: I25ec7fdc5c1b68a9b0bc92b6c19ffe12ecb93c5f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4864
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I4a79204e50cf519dce729e5c86bc397b82715008
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4758
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
also import yants functions explicitly
Change-Id: Idd16d130a95efc30216cb54051c7193a42978003
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4689
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: zseri <zseri.devel@ytrizja.de>
|
|
Easier to link to for the sock people.
Change-Id: I5ea5c20ca98e3a4eb7eac41fdcf2e81b026786db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4522
Reviewed-by: tazjin <mail@tazj.in>
Autosubmit: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Postmodern changed[0] how users customize the way lisp values get exported
to SQL - now, in addition to defining methods of
`cl-postgres:to-sql-string`, we have to pass `:col-export` and
`:col-import` args to the field itself in the dao class.
I'm not *entirely* sure why both are necessary, but without both this
doesn't work.
[0]: https://github.com/marijnh/Postmodern/blob/v1.33.1/CHANGELOG.md#changelog-v-1331
Change-Id: Iae8fb63c34fb6c79b9dfa350129032aab5cd2233
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4383
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: grfn <grfn@gws.fyi>
|
|
... the idea being that this might lead to some people from the Moscow
Nix community to reach out, which would be beneficial for me in terms
of having some IRL people to bounce ideas around with.
Change-Id: Ib41f54609e9ec9d7fdafbf7024fb5df7034afd87
|
|
Change-Id: I6f69507c75436e882f2248430eb894b1310bfca8
|
|
Change-Id: I16c565ac1194cec44382b77f1c65c5ff569fdcca
|
|
Change-Id: Ic0ee18466fbaca1a374e7489be640f49571eb9c5
|
|
Change-Id: I76c9c2c5cc82c7d0f59f907b6f1abee92a92cbf7
|
|
This incorporates feedback from sterni from cl/4052 and chipb on IRC.
Change-Id: I0547d130dcd578746d5183c563be4b1d042cb5f8
|
|
Change-Id: I8bec643267785c6d3523380a2a17ab5e9213b51c
|
|
This post is intended to just let people know about the existence of
Tvix, tell them a bit about the background and how to follow along.
Change-Id: Ib5194d3aa385a0e30b4768ba28cb063784f6e0a3
|
|
Change-Id: I8720d49f8f3f4010f57a53e763a4f246bf4eb3d8
|
|
This function is also generally useful for readTree consumers that
have the concept of subtargets.
Change-Id: Ic7fc03380dec6953fb288763a28e50ab3624d233
|
|
This should help when debugging template generated derivations.
Change-Id: I9958a7e67c8442c5ad97da2a9d3622a0556b6a1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3861
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
The string context of drvPath apparently causes a derivation to
_directly_ reference the whole dependency closure of the derivation
drvPath belongs to. This not only is unnecessary in this case (since we
are using drvHash to construct HTTP URLs which are primarily contigent
on the deployed configuration and not the shape of the nix store), but
also creates a very confusing derivation (e. g. web.tvl's index.html
would *directly* reference pandoc).
Change-Id: I6e9900e9e35fbd639061e53322e4ccb3fbb7e7ec
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3862
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
The previous format for entering the shape of the 'V' (as exported by
Inkscape) is incompatible with the PDF rendering process, somehow.
This reverts the letter back to the old path definition format with
the offending point manually removed.
Change-Id: I6ff3310afb5a757d657f2f0d8a761f355a8e50c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3843
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
There was an additional point in this letter's path, which led to a
small fragment of the "buttcrack" remaining.
Change-Id: I4aa25190c2f2d5fbae55d85c499939ec72a25add
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3842
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
This was previously hardcoded to tazj.in, which is not going to work
of course.
Instead it now takes the blog config which has a new baseUrl
parameter. For ease of use, the configs of my and the TVL blog have
been moved into a location that is accessible in the tree for reuse.
Change-Id: I94e71aaa7859db4380eb7013740a17f6b6a02620
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3777
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ie96eae39722c0bd22f3801cc9e24c28148f0a0cd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3779
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Includes the blog posts and feed in the $out directory, but without
linking them from the TVL homepage yet.
Change-Id: If9c094b29e43e9a81b0cc3d731261dc4b10557c1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3776
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
No content yet, but I need this in place to chop up the other changes
nicely.
Change-Id: I4302e14ab513d6d4dd23e9e8ab5493223b9a80b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3774
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This makes it possible for the footer to be reused in other places,
e.g. when templating blog posts (which do not go through
//web/tvl/template (yet)).
Change-Id: Ia8ab0e1c6db4f76b4de49239e11a4474038f60ae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3773
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Redirects these to the cgit commit view. Only supports cgit because we
don't have a good way to coax Sourcegraph into fetching these refs.
Change-Id: I8c28ed015ba37c04eb4b7a667bde70ff6a92bf4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3772
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Name clash went undetected because I called this variable the same
thing, oops.
Change-Id: Iafa508f26887302b1c256088c50c68cd0ed7eea2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3771
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This was previously all inside of my personal homepage configuration,
but that's not really where it belongs.
This moves the blog post -> feed entry logic to //web/blog and moves
some other minor logic (like entry order) into the atom feed
implementation itself.
Change-Id: Idde0241c48e979580de73f2b9afd04e6ca7f4c9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3770
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Required for actually using this generically for the TVL blog.
Change-Id: I92d8d10341f9ab4f92c90f7976be261b3255a0f0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3768
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This will also be used for the TVL blog, with status updates of
projects like Tvix.
Note that while this commit evaluates, there are still some things
specific to my blog in this code which I'll untangle in a future commit.
Change-Id: If59431161b165d7249cbb856073a4cae84a1bfbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3732
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
When the system is set to dark mode, this is detected through
prefers-color-scheme and the color scheme is adjusted accordingly. This
fixes #18.
The colors are set using CSS variables on the body that are overrridden
based on the current color scheme.
Change-Id: Id2f95dee4d6968e1b62ce37534f623e489fabde4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3722
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
I intend to use this for updates on TVL projects, which will end up on
the homepage, which is outside of //users.
Change-Id: I03542d1bcef3d9fc4599294655caab5ed22ba5d9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3728
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
cleanSource needs to import the path into store which is quite slow at
this point. Since we are filtering the path later anyways, using the
original path is probably perfectly fine and speeds up builds (which is
nice when iterating on something).
Change-Id: I0628854d754b5903eb4ae93a3c3e2539b2c1c7e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3705
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Passed strings will be treated as a relative path below the given root,
which is quite convenient when using depot.path by eliminating a lot of
repetition.
Change-Id: I3da6058094484f4a6ffbb84f89ad4472b502a00c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3704
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Replaces all uses of relative static paths in TVL pages with the
static.tvl.fyi domain. Where possible, the drv hash is directly
embedded in the content.
Change-Id: Ia882dd37ceae9d047cd81cf1eb37a856b339643a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3682
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ibccb690dc1371499e9800d4414002ce586490a91
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3681
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|