Commit graph

876 commits

Author SHA1 Message Date
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
21e0279e08 chore(ops/infra/k8s): Bump website replicas to 3
There are typically 3 machines in the cluster, might as well have 3
website instances!
2020-02-09 02:21:09 +00:00
Vincent Ambo
4a18b3971a fix(ops/infra/k8s): Send www.* to nginx for redirections 2020-02-09 01:54:13 +00:00
Vincent Ambo
d0800197c4 feat(ops/infra/k8s): Add website deployment configuration 2020-02-09 01:30:56 +00:00
Vincent Ambo
87967d5be3 docs: Update README with new website setup 2020-02-09 01:30:34 +00:00
Vincent Ambo
eb6e64ad47 chore(ops/infra/k8s): Delete tazblog deployment 2020-02-09 01:27:46 +00:00
Vincent Ambo
1d7b1334fd feat(ops/nixos/nugget): Install i3lock 2020-02-08 13:32:25 +00:00
Vincent Ambo
ba20ee65f6 feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools 2020-02-07 12:14:37 +00:00
Vincent Ambo
76f7ace273 feat(ops/nixos/nugget): Enable U2F hardware support 2020-02-04 23:41:52 +00:00
Vincent Ambo
264a55e2e0 feat(ops/nixos/nugget): Install unzip 2020-01-25 20:39:54 +00:00
Vincent Ambo
e50c669310 feat(ops/nixos/nugget): Enable Keybase "service" 2020-01-20 22:31:29 +00:00
Vincent Ambo
e93913d6cd feat(ops/mq_cli): Bump dependencies & add derivation 2020-01-20 13:50:29 +00:00
Vincent Ambo
336937814c feat(ops/posix_mq.rs): Set up Nix build 2020-01-20 11:59:21 +00:00
Vincent Ambo
0d4c93878d chore(ops): Remove deprecated .travis.yml files 2020-01-20 11:51:24 +00:00
Vincent Ambo
0b146dc079 chore(ops/posix_mq.rs): Update crate dependencies to recent versions
First bump since 2017! This changes the code to be compatible with
newer versions of the `nix` crate, which has shuffled things around a
bit.
2020-01-20 11:51:24 +00:00
Vincent Ambo
4bc3196c9a Add 'ops/mq_cli/' from commit 'df29b08bffc90cfd4f2d963a8e48d89f7a86308d'
git-subtree-dir: ops/mq_cli
git-subtree-mainline: b59c7e693c
git-subtree-split: df29b08bff
2020-01-20 11:32:26 +00:00
Vincent Ambo
b59c7e693c Add 'ops/posix_mq.rs/' from commit 'f7d1a38da67e92e0e87dbb988d288f0be2714f5c'
git-subtree-dir: ops/posix_mq.rs
git-subtree-mainline: 8f68497269
git-subtree-split: f7d1a38da6
2020-01-20 11:32:02 +00:00
Vincent Ambo
1f68644dc9 feat(third_party/guile): Override guile to version 3.0.0
Lets try this thing out!
2020-01-19 19:34:39 +00:00
Vincent Ambo
0a3613996f feat(ops/nixos/nugget): Install miller 2020-01-19 18:56:44 +00:00
Vincent Ambo
7b011de1b8 chore(ops/nixos/nugget): Aimlessly tweak font configuration
These settings seem to be very mildly better than what I had before,
but I'm not entirely sure.
2020-01-19 16:38:32 +00:00
Vincent Ambo
ee34920a98 fix(infra/k8s/nixery): Add GCSR hosts to SSH known_hosts for Nixery
Unsure how this worked at all previously?
2020-01-19 02:17:52 +00:00
Vincent Ambo
89b0a43786 feat(ops/nixos/nugget): Connect to wifi & install Google Chrome
This adds configuration which, sometimes, when the stars align just
right, makes it possible to cast to the Chromecast from nugget.
2020-01-19 01:44:40 +00:00
Vincent Ambo
d05489adaa chore(build): Rename tazjins-depot -> depot
Sourcehut namespaces this under ~tazjin/ anyways.
2020-01-19 01:44:26 +00:00
Vincent Ambo
028559610f chore(ops/sync-gcsr): Rotate Cachix secret in sourcehut 2020-01-19 01:08:00 +00:00
Vincent Ambo
6a0b37a196 fix(ops/sync-gcsr): Ensure cachix is installed 2020-01-18 17:33:21 +00:00
Vincent Ambo
7aa8f32065 docs(ops/kontemplate): Update installation notes
Removed the AUR package (which has not been updated since 2017) and
made Nix the recommended installation method.
2020-01-18 17:31:28 +00:00
Vincent Ambo
48d31b7770 fix(ops/sync-gcsr): Avoid echoing the Cachix secret
sourcehut does not censor secret strings in build logs, but this
workaround should avoid the issue.
2020-01-18 16:34:54 +00:00
Vincent Ambo
526b9c4572 feat(ops/sync-gcsr): Log successful build triggers 2020-01-18 15:49:12 +00:00
Vincent Ambo
61830ebc5b feat(ops/infra/k8s): Add sourcehut configuration to sync-gcsr 2020-01-18 15:48:52 +00:00
Vincent Ambo
af63d2604e feat(sync-gcsr): Add builds.sr.ht build manifest
Adds a simple build manifest that builds everything in ci-builds.nix
and pushes results to Cachix on success.
2020-01-18 15:37:05 +00:00
Vincent Ambo
b8355066e8 feat(sync-gcsr): Trigger sourcehut builds on master branch changes
Calls the sourcehut API at builds.sr.ht to trigger a build if the
master branch changes.

The build manifest is going to be stored in the depot too, coming up
next ...
2020-01-18 15:36:15 +00:00
Vincent Ambo
44116522dd feat(ops/sync-gcsr): Skip unneccessary branch updates
Checks whether branches are already up-to-date before setting
references.

This also makes it possible to hook additional logic on the update
flow.
2020-01-18 14:49:34 +00:00
Vincent Ambo
a21be17719 chore(ops/infra/gcp): Update enabled GCP APIs 2020-01-18 12:43:53 +00:00
Vincent Ambo
a52c0c4198 feat(nixos/nugget): Install cachix binary 2020-01-18 11:29:18 +00:00
Vincent Ambo
31f66491a9 feat(ops/nixos/nugget): Install SBCL in system packages 2020-01-07 22:26:01 +00:00
Vincent Ambo
33a9dccba1 chore(ops/secrets): Add Google Maps API key 2020-01-05 21:12:08 +00:00
Vincent Ambo
d66c7a8942 feat(ops/nixos/nugget): Install msmtp & lieer timers 2020-01-05 16:59:52 +00:00
Vincent Ambo
e5608cf079 chore(ops/nixos/nugget): Install various needed packages 2020-01-05 16:59:52 +00:00
Vincent Ambo
85ee07457c feat(ops/nixos): Add 'rebuilder' helper script
This script rebuilds & activates system configuration based on the
hostname.

Currently since there is only one host this isn't particularly
interesting.
2020-01-04 22:50:34 +00:00
Vincent Ambo
63dc41bcf3 feat(ops/nixos): Check in updated system configuration for 'nugget'
This is the rebrand of the desktop machine, now running a config
straight out of the depot.
2020-01-04 22:50:34 +00:00
Vincent Ambo
496648f237 chore(ops/nixos): Remove deprecated NixOS config files 2020-01-04 22:50:34 +00:00
Vincent Ambo
1d687c5303 chore(ops/nixos): Move NixOS configuration one level up 2020-01-04 22:50:19 +00:00
Vincent Ambo
fd5fd57cc1 docs(kontemplate): Update documentation for depot changes 2019-12-30 17:01:22 +01:00
Vincent Ambo
36beb6d43c feat(sync-gcsr): Synchronise all remote branches
Explicitly sets all local branches to all equivalent remote branches
after each update.

Branches deleted on the remote will eventually disappear when the
container is restarted.
2019-12-30 05:06:46 +01:00
Vincent Ambo
7c52a205ee refactor(sync-gcsr): Split clone into separate function
This is in preparation for adding more complex branch-related logic to
both functions.
2019-12-29 04:50:31 +01:00
Vincent Ambo
3c94625a5f chore(lieer): Remove OAuth client patch
This is now done in my work-specific configuration, which is
elsewhere.
2019-12-25 14:09:09 +01:00
Vincent Ambo
41eea96e63 feat(third_party/lieer): Overwrite included client secret 2019-12-23 13:26:30 +01:00
Vincent Ambo
a260eba3cf refactor(ops/kms_pass): Pin encrypted secrets into Nix store 2019-12-23 13:26:09 +01:00
Landon Spear
98f8b660e2 docs(cluster-config): Correct term in cluster config doc
Including external variables does not work. You must import them. This
change corrects the External Variables section of the cluster-config
README.

Signed-off-by: Vincent Ambo <tazjin@google.com>
2019-12-20 22:32:06 +00:00
Vincent Ambo
db30770101 fix(kontemplate): Make build compatible with readTree
The kontemplate build will keep using `buildGoPackage` for now until
I've had the time to add tests to //nix/buildGo
2019-12-20 22:19:52 +00:00
Vincent Ambo
a9f5c63707 merge(kontemplate): Integrate kontemplate at //depot/ops/kontemplate 2019-12-20 22:14:40 +00:00
Vincent Ambo
795a974665 chore(kontemplate): Prepare kontemplate for depot-merge
This merge will not yet include moving over to buildGo.nix, as support
for testing and such is not present in that library yet.
2019-12-20 22:13:07 +00:00
Vincent Ambo
61c8ac4338 fix(infra/k8s): Fix Nixery image URLs for moved local projects 2019-12-20 20:39:27 +00:00
Vincent Ambo
8de5d093d8 refactor: Fix a variety of filepaths for repo relayouting
This fixes readTree and the various project builds, as well
as (hopefully) most documentation links inside of the projects.
2019-12-20 20:37:02 +00:00
Vincent Ambo
03bfe08e1d chore: Significantly restructure folder layout
This moves the various projects from "type-based" folders (such as
"services" or "tools") into more appropriate semantic folders (such as
"nix", "ops" or "web").

Deprecated projects (nixcon-demo & gotest) which only existed for
testing/demonstration purposes have been removed.

(Note: *all* builds are broken with this commit)
2019-12-20 20:18:41 +00:00