This was originally intended to work around the issue caused by me
accidentally ending up proxy_set_header'ing the Host header twice (which
nginx *concatenates with slashes*, rather than overwriting!), but seems
sensible regardless to make that whole thing (hopefully) a bit less
brittle
Change-Id: I877fa594b46e88d1ba05e793832beab3d0aaccdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4697
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Also update log deps so things actually log, using a new :outdated alias
based on antq
Change-Id: I6f87f474bea101fa1b396c519b234eb3aac1c4f1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4696
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Start of a production deployment of the app with nixos+terraform, using
provisioners and null-resources to provision nixos machines a'la espes.
Change-Id: I2ddaed76d0037dadbf9fc9e2ee27e9e67a852228
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4695
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Start setting up agenix with secrets in //users/grfn/secrets for
mugwump, starting with my cloudflare API key which I use for the ddns
from my home apartment
Change-Id: Ida66cb91da3415357a512039d6c23402f0ae9388
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4683
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Generalize out a reusable mkSecrets function from the
secrets-tree-building that's happening in //ops/secrets, so the same
thing can happen in other places in the depot (I want to use it for my
personal infrastructure).
Change-Id: I059295c8c257d78ad7fa0802859f57c2c105f29b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4679
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Let's see what mosh is all about...
Change-Id: I0439130f55dc056370397c3e4ea8039f888703c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4690
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Building nix derivations needs tar (provided by gnutar) and gzip on the
PATH in order to extract .tar.gz archives.
Change-Id: Ia2df7a3a770cfd342dfede58ad34e04805fbd1f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4685
Tested-by: BuildkiteCI
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
The content needs small gutters to improve readability on my iPhone 12.
Change-Id: I751ae5387ad93c95729e642c21c37e481412c00e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4678
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Without this, the hand is properly position only some of the time... it's almost
quantum-like behavior ⚛
Change-Id: I7d5d9ed953f84bd097623e9f8abb1b2140c5bdc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4666
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).
Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
Verified emails are required for some things, like e.g. oauth2_proxy
Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
This is still missing most of the client configuration etc., in part
due to bugs in the provider which are preventing resource imports.
Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
`terraform fmt` can only handle a single path, but treefmt expects
formatters to be able to handle multiple paths at once.
this wraps it in a small shell script that calls `terraform fmt` with
at most one path at a time.
Change-Id: I2b9c1b89b5a276f3d4915b95608ce36b2509e334
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4639
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
WIP: currently just a simple setup that creates an empty git repo if
it doesn’t exist yet, and writes a commit to it.
A simple database backed by a bare git repository.
WIP: Will speak a simple interactive protocol to query files and
update them atomically.
It could be made atomic on the git repo level, if a lock is taken
between reading the current commit ref and creating the commit.
Change-Id: I1fd30a046ac977063c3e08c36d96e835b35ff07d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3046
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Also make rust-crates into a rec argument for now, which is simpler.
Change-Id: Ie443f72d9633614f0ffa0c43aac1785e8577b0ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3045
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
It's difficult to know whether or not I need this. When I run the following
commands...
```
wpcarro@diogenes> nmap localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
wpcarro@diogenes> nmap wpcarro.dev
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3389/tcp closed ms-wbt-server
```
...neither localhost nor wpcarro.dev reports 6698 being open even though 6698 is
configured to be open in both:
- diogenes/default.nix
- GCP console
Right now, quasselcore is WAI, so I don't want to invest more time into closing
this loop.
Change-Id: I3d68fd901314aa7d364abf9381dff101411e6d15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4629
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Note that the login.tvl.fyi WWW configuration is still kind of hanging
around until we've settled where Keycloak lives.
Change-Id: Iaca4e394a7371cafa3716ca66ef09c4eca5b1520
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4626
Autosubmit: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
