Vincent Ambo
8fe90430ee
chore(ops/besadii): Pin git version used in besadii
2020-02-21 23:13:53 +00:00
Vincent Ambo
c689df0dc7
fix(ops/besadii): Replace slashes in branch names
...
Submitting a build with a branch containing a slash (which is common
for my branches) returns this error:
Invalid tag name, tags must use lowercase alphanumeric characters,
underscores, dashes, or dots
This commit replaces all slashes with underscores to work around that.
2020-02-21 23:06:19 +00:00
Vincent Ambo
21b76cb023
feat(ops/besadii): Run 'git update-server-info' at startup
...
Since besadii is effectively the entire post-receive hook, it also
needs to do the entire job of the hook.
2020-02-21 22:58:34 +00:00
Vincent Ambo
8377fd48f5
fix(ops/besadii): Send auth token in correct format
2020-02-21 22:51:40 +00:00
Vincent Ambo
59d02771b5
refactor(ops/besadii): Log to syslog instead of stdout
2020-02-21 22:46:34 +00:00
Vincent Ambo
dcbe3d1f9b
feat(ops/besadii): Use post-receive hook input to trigger builds
...
Parses the input passed to besadii from git to extract ref updates and
trigger builds.
2020-02-21 22:32:23 +00:00
Vincent Ambo
5058f3928a
feat(ops/besadii): Read sourcehut token from secrets file on disk
2020-02-21 22:31:57 +00:00
Vincent Ambo
0a34810e27
chore(ops/besadii): Fail if sourcehut token is unset
2020-02-21 22:09:23 +00:00
Vincent Ambo
80c6680eda
feat(ops/besadii): Refactored tool to trigger sourcehut builds
...
Refactors //ops/sync-gcsr which was previously responsible for
synchronising the git repository between GCSR and the git.tazj.in cgit
instance to simply be responsible for triggering builds on sourcehut.
This program is intended to run as a git post-update hook.
Note: Not yet feature complete, as interpolation of concrete git
values and also sourcehut secrets is missing.
2020-02-21 22:05:43 +00:00
Vincent Ambo
68d1d87a9b
fix(ops/nixos/camden): Add missing quote in nginx config
2020-02-21 16:12:48 +00:00
Vincent Ambo
25d8e7ce25
feat(ops/nixos/camden): Modify nginx log format
...
This log format contains more structured and correctly typed
information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 16:10:08 +00:00
Vincent Ambo
1e51a2135d
fix(ops/nixos/camden): Configure nginx to not log hostnames
...
Hostname prefixes break JSON serialisation, leading to useless
Stackdriver Logging entries.
2020-02-21 16:01:54 +00:00
Vincent Ambo
703aebe6a9
feat(ops/nixos/camden): Install jq
2020-02-21 15:43:07 +00:00
Vincent Ambo
6e4df43f62
feat(ops/nixos/camden): Forward logs to Stackdriver Logging
...
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.
The service account key for camden has been placed on the machine
manually.
2020-02-21 15:35:51 +00:00
Vincent Ambo
7290a18cb1
chore(ops/nixos/nugget): Remove input-fonts package
...
My default font is now Jetbrains Mono everywhere.
2020-02-21 13:54:53 +00:00
Vincent Ambo
4bbbb58cb5
chore: Rename pkgs->depot in all Nix file headers
2020-02-21 13:54:53 +00:00
Vincent Ambo
0e54b3eb6a
Merge branch 'fix/camden-trusted-users'
2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7
fix(ops/nixos/camden): Add myself to trusted Nix users
2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b
fix(ops/nixos/camden): Use pounce from //third_party
2020-02-17 00:52:07 +00:00
Vincent Ambo
1b31b47ef1
feat(ops/nixos/camden): Install pounce on camden
2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad
feat(ops/nixos/camden): Enable support for mosh
2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892
Merge branch 'feat/camden-migration'
2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1
chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames
2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b
refactor(ops/nixos/camden): Merge ACME certificate blocks
2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f
feat(camden): Move to actual tazj.in hostnames
2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7
feat(ops/nixos/nugget): Add camden to /etc/hosts
...
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763
feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden
2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a
feat(ops/nixos/camden): Move ACME configuration out of nginx
...
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3
feat(ops/nixos/camden): Set up cgit service
...
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.
The depot checkout was configured as:
mkdir -p /var/git && chown git: /var/git
# now, as the git user, in /var/git
git clone --bare ... depot
chmod -R g+rw /var/git
chmod g+s (find /var/git -type d)
git init --bare --shared=all depot
My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.
Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753
fix(nix/tailscale): Fix incorrect Tailscale ACL config type
2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca
feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
...
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629
feat(ops/nixos/camden): Enable haveged entropy "generator"
2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377
feat(ops/nixos/nugget): Set up nginx serving homepage & blog
...
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712
fix(ops/nixos/camden): Use package set from depot pin
2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b
feat(nix/tailscale): Add function for generating tailscale ACLs
...
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b
feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh
2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37
fix(ops/nixos): Add camden to rebuilder script
...
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336
feat(ops/nixos): Add initial configuration for host camden
2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372
feat(ops/nixos/nugget): Enable tailscale-relay
2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a
feat(ops/nixos): Add NixOS module for running tailscale
...
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
77085f5876
chore(ops/nixos/nugget): Install tailscale on nugget
2020-02-11 00:09:34 +00:00
Vincent Ambo
21e0279e08
chore(ops/infra/k8s): Bump website replicas to 3
...
There are typically 3 machines in the cluster, might as well have 3
website instances!
2020-02-09 02:21:09 +00:00
Vincent Ambo
4a18b3971a
fix(ops/infra/k8s): Send www.* to nginx for redirections
2020-02-09 01:54:13 +00:00
Vincent Ambo
d0800197c4
feat(ops/infra/k8s): Add website deployment configuration
2020-02-09 01:30:56 +00:00
Vincent Ambo
87967d5be3
docs: Update README with new website setup
2020-02-09 01:30:34 +00:00
Vincent Ambo
eb6e64ad47
chore(ops/infra/k8s): Delete tazblog deployment
2020-02-09 01:27:46 +00:00
Vincent Ambo
1d7b1334fd
feat(ops/nixos/nugget): Install i3lock
2020-02-08 13:32:25 +00:00
Vincent Ambo
ba20ee65f6
feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools
2020-02-07 12:14:37 +00:00
Vincent Ambo
76f7ace273
feat(ops/nixos/nugget): Enable U2F hardware support
2020-02-04 23:41:52 +00:00
Vincent Ambo
264a55e2e0
feat(ops/nixos/nugget): Install unzip
2020-01-25 20:39:54 +00:00
Vincent Ambo
e50c669310
feat(ops/nixos/nugget): Enable Keybase "service"
2020-01-20 22:31:29 +00:00
Vincent Ambo
e93913d6cd
feat(ops/mq_cli): Bump dependencies & add derivation
2020-01-20 13:50:29 +00:00
Vincent Ambo
336937814c
feat(ops/posix_mq.rs): Set up Nix build
2020-01-20 11:59:21 +00:00
Vincent Ambo
0d4c93878d
chore(ops): Remove deprecated .travis.yml files
2020-01-20 11:51:24 +00:00
Vincent Ambo
0b146dc079
chore(ops/posix_mq.rs): Update crate dependencies to recent versions
...
First bump since 2017! This changes the code to be compatible with
newer versions of the `nix` crate, which has shuffled things around a
bit.
2020-01-20 11:51:24 +00:00
Vincent Ambo
4bc3196c9a
Add 'ops/mq_cli/' from commit 'df29b08bffc90cfd4f2d963a8e48d89f7a86308d'
...
git-subtree-dir: ops/mq_cli
git-subtree-mainline: b59c7e693c
git-subtree-split: df29b08bff
2020-01-20 11:32:26 +00:00
Vincent Ambo
b59c7e693c
Add 'ops/posix_mq.rs/' from commit 'f7d1a38da67e92e0e87dbb988d288f0be2714f5c'
...
git-subtree-dir: ops/posix_mq.rs
git-subtree-mainline: 8f68497269
git-subtree-split: f7d1a38da6
2020-01-20 11:32:02 +00:00
Vincent Ambo
1f68644dc9
feat(third_party/guile): Override guile to version 3.0.0
...
Lets try this thing out!
2020-01-19 19:34:39 +00:00
Vincent Ambo
0a3613996f
feat(ops/nixos/nugget): Install miller
2020-01-19 18:56:44 +00:00
Vincent Ambo
7b011de1b8
chore(ops/nixos/nugget): Aimlessly tweak font configuration
...
These settings seem to be very mildly better than what I had before,
but I'm not entirely sure.
2020-01-19 16:38:32 +00:00
Vincent Ambo
ee34920a98
fix(infra/k8s/nixery): Add GCSR hosts to SSH known_hosts for Nixery
...
Unsure how this worked at all previously?
2020-01-19 02:17:52 +00:00
Vincent Ambo
89b0a43786
feat(ops/nixos/nugget): Connect to wifi & install Google Chrome
...
This adds configuration which, sometimes, when the stars align just
right, makes it possible to cast to the Chromecast from nugget.
2020-01-19 01:44:40 +00:00
Vincent Ambo
d05489adaa
chore(build): Rename tazjins-depot -> depot
...
Sourcehut namespaces this under ~tazjin/ anyways.
2020-01-19 01:44:26 +00:00
Vincent Ambo
028559610f
chore(ops/sync-gcsr): Rotate Cachix secret in sourcehut
2020-01-19 01:08:00 +00:00
Vincent Ambo
6a0b37a196
fix(ops/sync-gcsr): Ensure cachix is installed
2020-01-18 17:33:21 +00:00
Vincent Ambo
7aa8f32065
docs(ops/kontemplate): Update installation notes
...
Removed the AUR package (which has not been updated since 2017) and
made Nix the recommended installation method.
2020-01-18 17:31:28 +00:00
Vincent Ambo
48d31b7770
fix(ops/sync-gcsr): Avoid echoing the Cachix secret
...
sourcehut does not censor secret strings in build logs, but this
workaround should avoid the issue.
2020-01-18 16:34:54 +00:00
Vincent Ambo
526b9c4572
feat(ops/sync-gcsr): Log successful build triggers
2020-01-18 15:49:12 +00:00
Vincent Ambo
61830ebc5b
feat(ops/infra/k8s): Add sourcehut configuration to sync-gcsr
2020-01-18 15:48:52 +00:00
Vincent Ambo
af63d2604e
feat(sync-gcsr): Add builds.sr.ht build manifest
...
Adds a simple build manifest that builds everything in ci-builds.nix
and pushes results to Cachix on success.
2020-01-18 15:37:05 +00:00
Vincent Ambo
b8355066e8
feat(sync-gcsr): Trigger sourcehut builds on master branch changes
...
Calls the sourcehut API at builds.sr.ht to trigger a build if the
master branch changes.
The build manifest is going to be stored in the depot too, coming up
next ...
2020-01-18 15:36:15 +00:00
Vincent Ambo
44116522dd
feat(ops/sync-gcsr): Skip unneccessary branch updates
...
Checks whether branches are already up-to-date before setting
references.
This also makes it possible to hook additional logic on the update
flow.
2020-01-18 14:49:34 +00:00
Vincent Ambo
a21be17719
chore(ops/infra/gcp): Update enabled GCP APIs
2020-01-18 12:43:53 +00:00
Vincent Ambo
a52c0c4198
feat(nixos/nugget): Install cachix binary
2020-01-18 11:29:18 +00:00
Vincent Ambo
31f66491a9
feat(ops/nixos/nugget): Install SBCL in system packages
2020-01-07 22:26:01 +00:00
Vincent Ambo
33a9dccba1
chore(ops/secrets): Add Google Maps API key
2020-01-05 21:12:08 +00:00
Vincent Ambo
d66c7a8942
feat(ops/nixos/nugget): Install msmtp & lieer timers
2020-01-05 16:59:52 +00:00
Vincent Ambo
e5608cf079
chore(ops/nixos/nugget): Install various needed packages
2020-01-05 16:59:52 +00:00
Vincent Ambo
85ee07457c
feat(ops/nixos): Add 'rebuilder' helper script
...
This script rebuilds & activates system configuration based on the
hostname.
Currently since there is only one host this isn't particularly
interesting.
2020-01-04 22:50:34 +00:00
Vincent Ambo
63dc41bcf3
feat(ops/nixos): Check in updated system configuration for 'nugget'
...
This is the rebrand of the desktop machine, now running a config
straight out of the depot.
2020-01-04 22:50:34 +00:00
Vincent Ambo
496648f237
chore(ops/nixos): Remove deprecated NixOS config files
2020-01-04 22:50:34 +00:00
Vincent Ambo
1d687c5303
chore(ops/nixos): Move NixOS configuration one level up
2020-01-04 22:50:19 +00:00
Vincent Ambo
fd5fd57cc1
docs(kontemplate): Update documentation for depot changes
2019-12-30 17:01:22 +01:00
Vincent Ambo
36beb6d43c
feat(sync-gcsr): Synchronise all remote branches
...
Explicitly sets all local branches to all equivalent remote branches
after each update.
Branches deleted on the remote will eventually disappear when the
container is restarted.
2019-12-30 05:06:46 +01:00
Vincent Ambo
7c52a205ee
refactor(sync-gcsr): Split clone into separate function
...
This is in preparation for adding more complex branch-related logic to
both functions.
2019-12-29 04:50:31 +01:00
Vincent Ambo
3c94625a5f
chore(lieer): Remove OAuth client patch
...
This is now done in my work-specific configuration, which is
elsewhere.
2019-12-25 14:09:09 +01:00
Vincent Ambo
41eea96e63
feat(third_party/lieer): Overwrite included client secret
2019-12-23 13:26:30 +01:00
Vincent Ambo
a260eba3cf
refactor(ops/kms_pass): Pin encrypted secrets into Nix store
2019-12-23 13:26:09 +01:00
Landon Spear
98f8b660e2
docs(cluster-config): Correct term in cluster config doc
...
Including external variables does not work. You must import them. This
change corrects the External Variables section of the cluster-config
README.
Signed-off-by: Vincent Ambo <tazjin@google.com>
2019-12-20 22:32:06 +00:00
Vincent Ambo
db30770101
fix(kontemplate): Make build compatible with readTree
...
The kontemplate build will keep using `buildGoPackage` for now until
I've had the time to add tests to //nix/buildGo
2019-12-20 22:19:52 +00:00
Vincent Ambo
a9f5c63707
merge(kontemplate): Integrate kontemplate at //depot/ops/kontemplate
2019-12-20 22:14:40 +00:00
Vincent Ambo
795a974665
chore(kontemplate): Prepare kontemplate for depot-merge
...
This merge will not yet include moving over to buildGo.nix, as support
for testing and such is not present in that library yet.
2019-12-20 22:13:07 +00:00
Vincent Ambo
61c8ac4338
fix(infra/k8s): Fix Nixery image URLs for moved local projects
2019-12-20 20:39:27 +00:00
Vincent Ambo
8de5d093d8
refactor: Fix a variety of filepaths for repo relayouting
...
This fixes readTree and the various project builds, as well
as (hopefully) most documentation links inside of the projects.
2019-12-20 20:37:02 +00:00
Vincent Ambo
03bfe08e1d
chore: Significantly restructure folder layout
...
This moves the various projects from "type-based" folders (such as
"services" or "tools") into more appropriate semantic folders (such as
"nix", "ops" or "web").
Deprecated projects (nixcon-demo & gotest) which only existed for
testing/demonstration purposes have been removed.
(Note: *all* builds are broken with this commit)
2019-12-20 20:18:41 +00:00