Commit graph

1880 commits

Author SHA1 Message Date
Vincent Ambo
24de5683aa chore(third_party/pounce): Override version to 1.1
This has not yet propagated to nixos-unstable
2020-02-17 00:51:13 +00:00
Vincent Ambo
51a2b9a95d chore(third_party): Bump nixos-unstable 2020-02-17 00:40:37 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
f60eb6c3c7 refactor(web/cgit-taz): Serve depot from disk location on camden 2020-02-12 01:03:31 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
b5c50f4699 refactor(web): Let //web/ derivations build static pages only
Removes nginx configuration built by the web targets (with the
exception of the includable block used to set up redirects for old
blog URLs).
2020-02-11 19:31:20 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
78b82c82a2 fix(third_party/tailscale): Add patch to make taillogin work 2020-02-11 00:43:55 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
9b37bad180 fix(third_party/tailscale): Add default relaynode acl.json to output 2020-02-11 00:09:34 +00:00
Vincent Ambo
04ffc5e66f fix(third_party/tailscale): Build all sub-packages
At the moment it seems like all of them are still required - things
are in flux!
2020-02-10 23:39:38 +00:00
Vincent Ambo
9e38e02c46 feat(third_party): Add package for tailscale
Adds a package for the now-opensourced tailscale client tailscale
client.
2020-02-10 22:16:41 +00:00
Vincent Ambo
042df0b523 docs(web/blog): Add some TODO entries for the draft 2020-02-10 01:34:54 +00:00
Vincent Ambo
541306f1bd docs(web/blog): Rewrite some style issues in the Emacs post 2020-02-10 01:24:34 +00:00
Vincent Ambo
9f75c91adc feat(web/blog): Add draft blog post on Emacs
This post is a draft, i.e. not linked from the index. It's not a
secret, but if you do find it through this commit before its
publication please don't share it too widely yet.
2020-02-10 00:29:51 +00:00
Vincent Ambo
b56b3db2f4 style(web/homepage): Highlight <kbd> elements like buttons 2020-02-10 00:08:53 +00:00
Vincent Ambo
9ed53f4201 fix(web/homepage): Make .uncoloured-link work again 2020-02-10 00:08:43 +00:00
Vincent Ambo
1e770f5d88 feat(web/blog): Add support for draft & unlisted posts
Posts with either `draft = true;` or `listed = false;` will no longer
be included in index generation and will have a warning callout
inserted at the top of the page urging people not to share the links
to them.
2020-02-09 21:44:48 +00:00
Vincent Ambo
0bc2f8995e style(web/blog): Minor formatting fixes in Watchguard post 2020-02-09 21:24:53 +00:00
Vincent Ambo
30e8f59d02 style(web/homepage): Overflow long code lines into scroll bars 2020-02-09 21:24:31 +00:00
Vincent Ambo
bd2d96d053 chore(web/blog): Move Watchguard images into static assets
Rather than sending user data to imgur ... lets get rid of all the
external stuff!
2020-02-09 21:16:03 +00:00
Vincent Ambo
de9f51de82 chore(web/blog): Remove duplicate CSS file 2020-02-09 21:06:37 +00:00
Vincent Ambo
386692d39d chore(web/homepage): Configure caching for fonts & images 2020-02-09 21:05:03 +00:00
Vincent Ambo
74a78de081 style(web/homepage): Unify page max-width at 800px 2020-02-09 20:52:14 +00:00
Vincent Ambo
e70b88b3c2 fix(third_party/cgit): Make vpath & repo available for about cmd
This change makes cgit pass the current repo and vpath inside of the
repo on to the about cmd, which makes it possible for it to correctly
render `tree`, `log` and other links to the same vpath.
2020-02-09 17:01:21 +00:00
Vincent Ambo
fb1b4b9bd3 style(web/homepage): Use somewhat livelier colours
The previous ones looked kind of dull. These are from my gruber-darker
rainbow-delimiters theme.
2020-02-09 13:39:12 +00:00
Vincent Ambo
b836a0df28 feat(web/homepage): Add styling for Cheddar callouts 2020-02-09 13:02:14 +00:00
Vincent Ambo
14b5447aac Merge branch 'feat/cheddar-extensions' 2020-02-09 12:07:10 +00:00
Vincent Ambo
c3d930aa7f docs(web/blog): Update best-tools post with new phone 2020-02-09 12:06:46 +00:00
Vincent Ambo
a8fa0edd72 feat(web/homepage): Add an entry for the Principia Discordia 2020-02-09 12:01:23 +00:00
Vincent Ambo
21e0279e08 chore(ops/infra/k8s): Bump website replicas to 3
There are typically 3 machines in the cluster, might as well have 3
website instances!
2020-02-09 02:21:09 +00:00
Vincent Ambo
ac2c9b7e87 style(web/homepage): Wrap links around the entire entry
This makes it much easier to click on them. Required some style
reshuffling to satisfy CSS.
2020-02-09 02:20:41 +00:00