Commit graph

477 commits

Author SHA1 Message Date
sterni
3f0de23d61 feat(ops/users): add smitop to users
Change-Id: I1fc67c0e33e1e1add8a4ea53c8c94e90e53d8bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3687
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-10-05 22:20:51 +00:00
Vincent Ambo
0eef0e343f feat(whitby): serve static.tvl.{fyi|su} with max cache settings
The setup is explained in the comment, but TL;DR: Use the derivation
hash of static files to create permanent URLs.

Relates to b/151.

Change-Id: Ib1ca3a1a00c90a47f4bf39c29a8b4bbf5b215e7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3664
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-10-01 20:45:50 +00:00
Vincent Ambo
9f177062c7 feat(ops/dns): add static.tvl.{fyi|su}
This hostname can be used for hosting static assets with aggressive
caching for everything, or potentially CDNing stuff if we ever have
large things here.

Change-Id: I10afdad5eb08125d8d09108e9e099f5573362fe5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3663
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-10-01 15:59:53 +00:00
Vincent Ambo
ce575bf65b feat(whitby): Serve //corp/website on tvl.su
Change-Id: I21e1ddf9a32568cac8ad2595869ac8670867efa9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3658
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-10-01 15:24:35 +00:00
Vincent Ambo
94cebe41f3 chore(ops/git-serving): Remove josh state from whitby backups
As cschilling explained on cl/3563, there isn't actually anything in
this state that we *need* to persist. We're still keeping it in a
persistent directory on disk as this serves as an optimisation after
restarts of josh.

Change-Id: Ia88886792a5acac34508b5b8a669bd519ca033de
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3631
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-24 16:14:30 +00:00
Vincent Ambo
0e3858b5e5 refactor(whitby): Move restic path configuration into modules
This lets each service declare their backup paths together with the
configuration for the service, which is a lot more sensible than what
we had before.

Fixes b/147

Change-Id: If76fe62639f4cc0e6fbb63a2959d584479d8f0fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3583
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-18 15:10:34 +00:00
Vincent Ambo
86a114ac45 fix(ops/restic): types.string -> types.str
I can never remember which is which.

Change-Id: I69b8235862b8c5b49030a74bfca25aaa113273b7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3582
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-18 14:38:19 +00:00
Vincent Ambo
98e4d4b18f feat(besadii): Link to started builds in CL comments
This makes it easier to click through to a build from Gerrit after
submitting a CL.

Change-Id: Ic5c6eeb81c87bc4ea23c5c5ca25704434b081fd0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3572
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-18 14:28:26 +00:00
Vincent Ambo
ae93094ebf refactor(besadii): Extract logic for posting review comments
Currently besadii only posts comments when builds succeed, but it
might be very useful to also have a link to a build when the build is
started.

This just shuffles code around. The only functional change is that the
`labels` field in the review input is marked as `omitempty`, as this
will not be needed when posting the build start comment.

Change-Id: Id4a43fad8817c9a15da02f01ab2b781d48b46978
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3571
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-18 14:28:26 +00:00
Vincent Ambo
b6957923ff docs(kontemplate): Remove mention of kontemplate website
This doesn't exist anymore.

Change-Id: I4535e056acba3bbc7bbd1e764a0b3043639b0877
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3570
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-09-18 12:35:47 +00:00
Vincent Ambo
80fb67a75d docs(kontemplate): Update cloning docs in README
Change-Id: I42bf2524650bf09104e48c1c1a54c97f3470b628
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3566
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2021-09-16 20:34:05 +00:00
Vincent Ambo
387c55582b refactor(ops/restic): Move restic configuration into a new module
Relates to b/147.

First step towards giving depot modules the ability to declare their
own backup directories by moving all restic configuration into a new
module and adding a NixOS option for inclusion/exclusion paths for
backups.

This still keeps all backup paths within the whitby config.

Change-Id: Ia96833668f1a3d02da892261153d8b02156b8ac0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3565
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-09-16 20:34:05 +00:00
Vincent Ambo
ec38839c33 feat(git-serving): Configure josh to serve the depot over HTTP
Previously we served the dumb git HTTP protocol from code.tvl.fyi via
cgit. This CL disables this feature and instead runs josh in the same
location (by redirecting appropriately), but while also enabling
partial cloning of all subtrees of the depot.

For example, after this CL the following would result in an
independent clone of //nix/readTree:

    git clone https://code.tvl.fyi/depot.git:/nix/readTree.git

Note that there are no josh workspaces configured at all for now,
these references are only for static depot subpaths.

Please refer to the documentation for josh for more information on
available kinds of josh filters.

Josh state is kept in a systemd state directory in /var/lib/josh and
backed up to Restic. Backing this up is necessary, as josh uses
stateful information to do things like tracking merges and rewriting
history per subtree appropriately to avoid cloned repositories ending
up in peculiar states.

Change-Id: I156f0298c2aa42e3bdbf5a0e86109070d640c56e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3563
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-09-16 20:34:05 +00:00
Vincent Ambo
48091a3416 fix(deploy-whitby): Add jq to script $PATH
Change-Id: Ide669bce545394335b8643fa2896a242cac3df65
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3528
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 14:33:42 +00:00
Vincent Ambo
933edf7764 fix(deploys.*): Folder for diffs is in /diff/
... this was missing before.

Change-Id: I5b79cb78665f24fdb7cc6496e3782d3940dc77b6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3527
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 14:33:42 +00:00
Vincent Ambo
f5f0b80843 feat(sourcegraph): Upgrade 3.30.4 -> 3.31.2
This one seems a little more involved:
https://docs.sourcegraph.com/admin/migration/3_31

I believe we skip that corruption issue in the previous CL though, by
simply never deploying a version with that weird broken image.

See b/144

Change-Id: I3bbf1b719d00905e08a92011ace5485467f504ef
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3525
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 14:11:52 +00:00
Vincent Ambo
4d0eb5037a feat(sourcegraph): Upgrade 3.29.1 -> 3.30.4
See b/144

Change-Id: Ied9490f3ce6fb3fda8cbb9983416b02ea451fb44
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3524
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 14:08:36 +00:00
Vincent Ambo
90971e07a1 feat(sourcegraph): Upgrade 3.28.0 -> 3.29.1
See b/144

Change-Id: Ia62d4cbf581caaefa0dba455376eec60b8c817d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3523
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 14:04:50 +00:00
Vincent Ambo
c148f89251 fix(sourcegraph): Temporarily comment out our syntax highlighter
We changed away from the default sourcegraph one because it didn't
support Nix, but it seems that there's been a change in the
interaction protocol.

Change-Id: I3a2691df6a87672cf83b819143f25d93d9cd6d13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3531
Tested-by: BuildkiteCI
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 14:00:38 +00:00
Vincent Ambo
5e61c5d246 feat(sourcegraph): Upgrade 3.27.5 -> 3.28.0
See b/144

Change-Id: Ia09ad2af6043dcac6681c549103d1e6f52b4e0a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3522
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 13:47:10 +00:00
Vincent Ambo
52c040eed5 feat(sourcegraph): Upgrade 3.26.0 -> 3.27.5
See b/144

Change-Id: I50d417c51b05bafcd3fe7e285f30079db8be499a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3521
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-09-11 11:30:37 +00:00
Vincent Ambo
164fc97b4f fix(deploy-whitby): Make diffs world-readable
Change-Id: I1610a8d189f95908bab4cd00057cc080ae47a21a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3530
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 01:41:36 +00:00
Vincent Ambo
3a80ab2ba5 fix(deploy-whitby): Add .html suffix to diff filenames
This makes nginx' content-type recognition work correctly.

Change-Id: I990b00f1e0f4ef311f53a8885718fa33d249c886
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3529
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-11 01:41:36 +00:00
Griffin Smith
9c038cbff0 feat(ops/deploy-whitby): Add the start of a script to deploy whitby
Add the beginnings of an auto-deploy script for whitby, intended to
be (eventually) suitable for running automatically in a systemd timer.
The current iteration of the script doesn't actually do any deploying,
but instead takes as an argument a revision, creates a new git worktree
in /tmp with that revision checked out, runs a nix-diff of whitby's
system derivation in the running system and at that closure, puts an
html-rendered version of that diff in the public directory used by
deploy.tvl.fyi, and finally sends a message to IRC via irccat with a
link to that HTML page.

Refs: b/110
Change-Id: Id40525567f8845590c909568befd8d00c07a481c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3145
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: kn <klemens@posteo.de>
2021-09-10 16:13:20 +00:00
Griffin Smith
79b39bb66e feat(whitby): Serve static HTML dir for deploys.tvl.fyi
Add a new domain and nginx virtual host at deploys.tvl.fyi, serving out
of a static directory on whitby which is created by systemd-tmpfiles.

This will be used to serve diffs rendered by nix-diff for
pending deploys for whitby

Since this contains stateful data, it is added to the restic backups
on whitby.

Refs: b/110
Change-Id: I5869d40800bbf5fb8fb39878a857f66ff5787830
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3144
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-09-10 14:37:36 +00:00
Mike Johnson
9fc206f072 fix(ops/users): Another try at a working password hash for mdjnsn
Change-Id: I8b4aea53abb2004585241ad17c5fdfd9186c58f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3481
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-08-31 20:23:00 +00:00
Mike Johnson
fa8dd0f3ab feat(ops/users): Add mdjnsn to users
Change-Id: I94975d848287c32e11b1d3986986f2dbc6c220b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3466
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-08-31 18:43:49 +00:00
Vincent Ambo
43269730e6 refactor(ops/pipelines): Move failure status zeroing to setup
We changed the configured pipeline in Buildkite to upload
`static-pipeline.yaml` instead of containing the steps of that
pipeline itself.

This makes it easier to test changes to builds and such, but adds
another build step with scheduling overhead etc.

However - we can work around this by killing one of the existing build
steps. There's no reason the failure status zeroing (required for
status reporting) shouldn't be part of the pipeline setup, so I've
moved it there instead and nuked that step.

This should mean that the pipeline is configurable from within the
repo, but without slowing anything down.

Change-Id: I206ecc02647de42a461e33c02879ab84daf5ed2b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3461
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-29 12:37:04 +00:00
Griffin Smith
d857d5ad68 refactor(gs/system): Remove chupacabra
This machine no longer exists

Change-Id: I8e549b8397777a01404bd84c10c195e80f281744
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3431
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-08-26 19:41:42 +00:00
Vincent Ambo
60b25b49de fix(ops/pipelines/depot): Buildkite branches use full ref names
... otherwise the filtering also applies to canon.

Change-Id: Ia1c67b99282fb8fd0e4d22e997535170f0326e33
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3432
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2021-08-26 16:35:44 +00:00
Vincent Ambo
d5ddfb7b96 feat(pipelines/depot): Skip build steps if their out paths exist
Skip build steps if they have already been built, reducing pipelines
to the things that actually changed between builds. On canon all
targets are always built (we require this for anchoring).

Note that this is not perfect, garbage collection and competing
pipelines may affect each other.

Also note that we have some impure targets that change on every
commit.

Change-Id: Ic6bae3b6c8e1e7fd2116ec252f5089f471854ab6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3427
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-08-26 16:29:32 +00:00
sterni
17d78867bb feat(ops/pipelines/depot): only evaluate once if possible
We currently evaluate every target twice -- once when the depot pipeline
is built and once when actually running the build step in question. Nix
evaluation is quite slow especially given heavy use of import from
derivation in depot, so avoiding the second evaluation is desireable.

Evaluating a derivation yields a `drv` file in the nix store which can
be passed to `nix-store --realise` in order to build it eliminating the
need to wait for evaluation. We can obtain the path to the `drv` file
while building the pipeline via `target.drvPath` and remember it for the
build later.

However we need to work around a flaw (or oversight) in Nix's dependency
tracking via string context: This is based on derivations, not output
path (because this is what evaluation deals with, likely). This is no
problem per se, but an issue is that Nix can't express a dependency on
a `drv` file without any of its output paths. This means for us that we
either have to build all output paths at evaluation time (which we don't
want, obviously) or to deal with the fact that the `drv` file we need
may be garbage collected at any moment after discarding the string
context -- then nix is unable to track the reference from the pipeline
to the `drv` file in the store.

So to prevent a race condition between the pipeline and the garbage
collector we fall back to the normal nix-build invocation as we did
before.

Change-Id: I9ef8bd233085dc6e30eba54f403ea03ac2d35748
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3426
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-08-26 15:24:33 +00:00
Luke Granger-Brown
febf340303 fix(tvl-sso): set memory limit to 512M
This is because I'm bored of CAS gradually consuming all the RAM on Whitby.

Change-Id: Idcc14c19d99a6d3553739c5765be3faf2bdf9d84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3233
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-08-24 16:28:14 +00:00
Griffin Smith
330b7067a0 feat(besadii): Tag gerrit comments as autogenerated
This is a bit of an under-documented feature, but if the "tag" field for
a gerrit review starts with the string
"autogenerated:<something>~<something-else>", only the last comment per
instance of <something> will be shown by default on the CL page (with
the rest viewable by toggling the "Show all entries" switch). The idea
behind the "<something-else>" tag is to be used for the "type" of
comment within a particular system - gerrit's documentation gives the
example of one tag for "the build is running" and another for "the build
has finished, here's the result".

Change-Id: I9199a6ed97beca1b3a51ec5d6230c6c8358ba2b3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3374
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-08-24 13:00:59 +00:00
Vincent Ambo
eb6c7fd3bf feat(ops/dns): Point nixery.dev to whitby
The dropping of `www.` is intentional, that was unused.

Change-Id: I300f82bb6e5626e2658be8fc5b5e3cf872ab7099
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3384
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-24 11:53:10 +00:00
Vincent Ambo
f218f2fd56 feat(ops): Serve nixery.dev from whitby
Adds a new module for the nixery.dev domain and serves it from whitby.
Note that the DNS records do *not* point to whitby yet, so deploying
this will lead to a failed TLS provisioning unit - but this is
intentional.

Change-Id: I911f67a0aa24f8df3cb52d2cfc49a8b6132cf718
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3383
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-24 11:30:16 +00:00
Vincent Ambo
b033871638 chore(ops/dns): Reduce Nixery TTLs to 1 minute temporarily
We'll need to do a DNS switchover, likely with a short amount of
downtime due to TLS provisioning.

It would be possible to avoid this by provisioning a cert manually
pre-hoc through the DNS challenge and then configuring whitby to use
that, however I simply don't have time for that right now and the
Google Cloud Project for Nixery is going away in O(days) for $reasons.

Change-Id: I88dface5aaacec5acfa525ae117462f8ad296d92
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3382
Tested-by: BuildkiteCI
Reviewed-by: kn <klemens@posteo.de>
2021-08-24 11:30:16 +00:00
Vincent Ambo
03c3d49b87 fix(monorepo-gerrit): Enable adding new email addresses to accounts
This is required when people change their email addresses (e.g.
cl/3349) as nothing in Gerrit will update that information from the
OAuth provider.

Change-Id: I1eafdf22efd37898dcd0d06bb9a5d1471ffb5e31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3356
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-08-15 13:59:18 +00:00
eta
80ecce37b4 chore(ops/users): change my email address to tvl@eta.st
I got a new domain, etc.

Change-Id: Ic8ffc01f4e5e89dc2458d80a9c38757438cfa764
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3349
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-08-13 11:21:19 +00:00
Vincent Ambo
7c16a71156 feat(ops/www): Point images.tvl.* at Nixery
Change-Id: I39f979c68e7b74f6da6a7da0f07aaa470886d451
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3346
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-13 10:57:53 +00:00
Vincent Ambo
6cc065ea09 chore(ops/dns): Move nixery.dev to tvl-fyi GCP project
Change-Id: Ifbe7939a98a12d52ffbed3fb198558e6a7743e93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3344
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 18:04:30 +00:00
Vincent Ambo
aad636c8ae feat(ops/dns): Add images.tvl.* record
This record is intended to serve Nixery.

Change-Id: I575dedac18c98f9f4bd5e459babe79e850361651
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3343
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 15:20:27 +00:00
Vincent Ambo
47409b9610 feat(ops/modules): Add module for running Nixery
This sets up a very simple Nixery instance with some things lacking:

* no support for garbage-collecting image fragments (yet)
* no popularity setup

The plan is to use this to get the ball rolling on a separate
domain (e.g. images.tvl.fyi), iron things out and then look into
flipping over nixery.dev

Change-Id: Ic594809f9d487fec7a0f632d608752a3f9c61315
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3280
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 14:55:59 +00:00
Vincent Ambo
79c9506eea fix(monorepo-gerrit): Pin JVM version used for Gerrit
Change-Id: Ib22cdc415cbd5a8345b9589b2c34b3908996dd57
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3322
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 13:07:55 +00:00
Vincent Ambo
c72f3a73ee feat(ops/dns): Import current nixery.dev zone
Change-Id: I3c5684fedb516740c7048c117cdfda01a2a23260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3278
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-06 13:24:48 +00:00
Griffin Smith
702594ca64 refactor(ops): Break out prometheus-fail2ban-exporter module
Break out the configuration for the prometheus fail2ban exporter, which
is a simple python script that exports stats from fail2ban as a
prometheus-scrapable textfile, from Mugwump into a reusable nixos module
in //ops/nixos/modules.

Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-06-12 15:51:49 +00:00
Vincent Ambo
b36a75a223 fix(wigglydonke.rs): Don't rebuild nginx config unnecessarily
This fix is essentially the same as the one in cl/1263.

Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2021-05-25 17:10:50 +00:00
Vincent Ambo
65be8f20e0 chore(nixpkgs): Bump channels to 2021-05-25
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides

* ops: make new isSystemUser || isNormalUser assertion happy

* users/grfn/system/system/mugwump: make buildkite agents system users

* users/tazjin/nixos/camden: set isSystemUser = true for git

* users/tazjin/emacs: Remove missing & broken packages

* third_party/openldap: remove, as the argon2 module is now enabled upstream

* third_party/gerrit_plugins: Pinned new unstable hashes

* third_party/nix, third_party/grpc: Disabled CI as these are broken

* third_party/overlays/emacs: Bumped version to stay in sync with channel

* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
  since libclang's default output no longer contains libclang.so

* users/grfn/system/home: Install julia-stable instead of julia (which
  aliases to julia-lts), as the latter depends on an insecure version of
  libgit

Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 17:09:28 +00:00
Vincent Ambo
878957d2f6 chore(whitby): Add ZNC state to Restic backups
Until we have declarative ZNC config (which requires a solution for
secrets handling in it), make sure we back this up as well.

Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 08:15:19 +00:00
Vincent Ambo
46b136c22e fix(tvl-slapd): Replace deprecated OpenLDAP module options
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.

The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.

Fixes b/105.

Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-24 22:52:59 +00:00