Commit graph

53 commits

Author SHA1 Message Date
William Carroll
42efb3b08a Support build-briefcase.sh
For now, I'm supporting two CI pipelines:
- build-socrates
- build-briefcase

Conceptually, build-briefcase should cover what build-socrates does now, but
eventually I would like build-socrates to call `switch-to-configuration` so that
all of my websites, etc. stay fresh.
2020-08-20 11:26:32 +01:00
William Carroll
59f7481411 Revise previous opinions about absolute paths GT <bracket-notation>
Unforeseen problem: `buildkite-agent` runs its builds in a separate directory,
so if I want the `nix-build` command to build the newly checked out code, I need
to set <briefcase> to the CWD.
2020-08-20 11:26:31 +01:00
William Carroll
7833632a79 Attempt nix-build instead of nixos-rebuild switch
I've encountered a few problems with attempting to support nixos-rebuild:
- the activation step requires `sudo` privileges
- the `buildkite-agent` runs on the same machine, socrates, that is rebuilding
  itself. This means that when the activation step runs, it will attempt to
  restart `buildkite-agent` when the agent is still working

I'm slowly removing places in my nix code that rely on '<bracket>' notation, so
that I no longer depend on NIX_PATH being set. I still have more work to do.

{covid-uk,sandbox}/default.nix are breaking when I attempt to run my
build-socrates.sh script locally, so I'm temporarily disabling them until I can
get CI working as I expect.
2020-08-20 11:26:31 +01:00
William Carroll
0a0b09c714 Define buildkite-agent user
I'd like my buildkite-agent to run as its own user, so I'm defining that user
here.
2020-08-20 11:26:31 +01:00
William Carroll
2bf3c6c926 Log all polkit actions to find action.id for nixos-rebuild
I would like to setup a polkit rule to allow `buildkite-agent` (i.e. a
forthcoming user) to call `nixos-rebuild`. I need to know the `action.id` before
I can write a reliable rule.
2020-08-20 11:26:31 +01:00
William Carroll
208883243f Attempt to build Socrates using BuildKite
Let's see what happens...
2020-08-20 11:26:31 +01:00
William Carroll
d903afeb54 Define the monoserver as a systemd service
Much better than manually running:

```shell
$ cd ~/briefcase && git pull --rebase origin master
$ nix-rebuild switch
$ nix-build -A zoo
$ pkill zoo
$ ./result/zoo &
$ job -l
$ disown %<job-number>
```
2020-08-20 11:26:31 +01:00
William Carroll
309c5452e1 Add host field for nginx JSON logs
I'd like to filter logs from {blog,git,zoo}.wpcarro.dev, etc.
2020-08-20 11:26:31 +01:00
William Carroll
979cbda33c Remove logging prefix from Nginx logs
Problem: The JSON that Nginx outputs cannot be successfully parsed by
journaldriver because Nginx prefixes it with "socrates nginx:". Adding
`nohostname` to `access_log` should solve this problem.

I borrow this from @tazjin's most recent definition of `commonHttpConfig`.
2020-08-20 11:26:31 +01:00
William Carroll
2eb52379b6 Use journaldriver to view journald logs from Socrates
Attempting to use @tazjin's delightful simple logging library!
2020-08-20 11:26:31 +01:00
William Carroll
4a836f363b Disabling the monzo-token-server
I haven't used this since I wrote it... and now the .tokens attribute is missing
and it's screwing up my other deployment... *sigh*
2020-08-20 11:26:31 +01:00
William Carroll
0b34482b6d Forward zoo.wpcarro.dev connections to :8000
Right now the 8000 port is hard-coded into the zoo server, which isn't ideal,
but "it works" (TM).
2020-08-20 11:26:31 +01:00
William Carroll
82b40e8d37 Now removing "Closed"
At this point, I'm starting to lose interest.
2020-06-30 23:22:13 +01:00
William Carroll
7e6daaf21a Prefer "Closed" authMode
Setting `authMode = "Registered"` prevents me from running the `register
<password>` command from inside of `bitlbee`, which I *believe* I need to
run...
2020-06-30 23:12:18 +01:00
William Carroll
fa4eb2c61b Remove auth from Bitlbee
I'm having trouble getting PAM auth to work, so I'm temporarily disabling it.

TIL that I can use the following to verify that PAM is properly setup for a
program (e.g. `bitlbee`).

```
pamtester -v bitlbee $(whoami) authenticate
```

...but despite this succeeding, I still cannot use the `identify` command in
`bitlbee` to successfully authenticate. It just tells me "Incorrect password"
even though I'm providing it the same password that I type when doing the
`pamtester` command from above.

Computers!
2020-06-30 23:02:57 +01:00
William Carroll
a276eddf54 Add auth to bitlbee
Use Linux's PAM for Bitlbee's auth.
2020-06-30 20:01:01 +01:00
William Carroll
6cb921739d Support bitlbee + stunnel
TLS support for bitlbee...
2020-06-30 19:53:10 +01:00
William Carroll
58dc543a7b Open :6667
Attempt to access Bitlbee from IRCCloud.com client...
2020-06-30 18:59:43 +01:00
William Carroll
4d577bd8a9 Support bitlbee
I'm still not entirely sure what bitlbee does, but I know this: I want as many
messengers in the same place as possible: IRC, Slack, Telegram. @tazjin tells me
that Bitlbee will help me get to the promised land. This is hopefully one step
of many in that direction.
2020-06-30 17:55:11 +01:00
William Carroll
f0803547e4 "Chord Drill Sergeant" -> "Learn Piano Chords"
In the spirit of "keep it simple, stupid", I am naming this application as
closely to the functionality as I can imagine.
2020-04-18 13:30:38 +01:00
William Carroll
277ad983d4 Nixify build for Chord Drill Sergeant
Thankfully @tazjin builds Gemma (an Elm project) with Nix, so I could reference
Gemma's default.nix to help me with mine. Elm problematically attempts to
HTTP-fetch a list of packages to verify my project's dependencies. Because Nix
builds derivations in a sandbox without network access, I need to use some
escape hatches (i.e. NIX_REDIRECTS, LD_PRELOAD,
SYSTEM_CERTIFICATE_PATH). Welp... it's packaged now...

I'm also pointing learnpianochords.app to this project's index.html. It will be
live soon! :)

TODO(wpcarro): Rename "Chord Drill Sergeant" -> "Learn Piano Chords" (KISS)
2020-04-17 15:08:38 +01:00
William Carroll
5c378aadcb Change Gitea's rootUrl
This value defaults to localhost:3000, which works, but then Gitea
renders "http://localhost:3000/wpcarro/briefcase" as the URL to clone my
briefcase repository.
2020-04-05 16:36:10 +01:00
William Carroll
444da4aa05 Forward git.wpcarro.dev connections to :3000
Gitea is running a web server on localhost:3000.
2020-04-05 14:57:08 +01:00
William Carroll
2686a9a2ed Prefer gitea to gogs
Gitea's announcement notes explain some of the benefits of Gitea over
Gogs:

https://blog.gitea.io/2016/12/welcome-to-gitea/

Also, I never configured Gogs such that I could use it, so the cost of
switching from Gogs to Gitea was basically zero.
2020-04-05 14:33:02 +01:00
William Carroll
6b224a9e31 Drop support for lorri
Lorri does not cleanly integrate with my corporate device, which cannot run
NixOS. To expose dependencies to Emacs buffers, I will use nix-buffer.el, which
reads its values from dir-locals.nix. To easily expose dependencies from my
existing shell.nix files into dir-locals.nix, I wrote a Nix utility function.
2020-03-27 10:59:50 +00:00
William Carroll
f4fea2346e Move sandbox into website
Nest the sandbox work under ./website.
2020-03-20 00:52:05 +00:00
William Carroll
1d5ab45303 Move learn to website/learn
Nest the learn directory in the website directory.
2020-03-20 00:47:21 +00:00
William Carroll
95e761e59b Move blog into website/blog
Nest the blog work within the website directory.
2020-03-20 00:46:29 +00:00
William Carroll
54d1a0048a Add sitemap to wpcarro.dev
- Create ./website directory
- Add a sitemap to wpcarro.dev
- Move covid-uk directory to sandbox directory

TODO: Next sandbox, blog, and learn in the website directory
2020-03-20 00:22:13 +00:00
William Carroll
76210a217c Attempt to serve sandbox.wpcarro.dev/covid-19
Right now my website is serving at sandbox.wpcarro.dev, but I would rather
people view it at sandbox.wpcarro.dev/covid-19.

I previously tried to accomplish this with the following Nginx configuration:

```nix
locations."/covid-19" = {
  root = briefcase.covid-uk;
}
```

I am now trying `alias = ...` instead of `root = ...`. I got the idea from this
SO question, https://stackoverflow.com/questions/10631933/nginx-static-file-serving-confusion-with-root-alias.
2020-03-19 12:48:03 +00:00
William Carroll
1d45f14615 Update COVID-19 webpage
- Prefer hosting on sandbox.wpcarro.dev; I would prefer to host it at
  sandbox.wpcarro.dev/covid-19, but I haven't figure out how to use Nginx to do
  serve locations like /covid-19 yet.
- Splice the src directory: When I develop locally and index.html exists within
  ./src, I cannot access ./node_modules because ./node_modules is in a parent
  directory. I could fix this if I used a bundler like Parcel or Webpack, but I
  do not want to set that up at this time.
- Introduce Tailwind for CSS. This complicates my build a bit as well. For now,
  I'm including output.css even though ideally I should not version-control this
  file. I haven't figured out how to `yarn install` and run commands like `npx
  tailwindcss build styles.css -o output.css` in a Nix derivation yet. Hopefully
  I will learn and refactor this.
- Add some content about why I made this chart
- Add some content about some of my covid-19 predictions
- Add a footer to the webpage
- Delete timeseries.json and prefer fetching the published data instead
2020-03-19 12:30:49 +00:00
William Carroll
abd2dcc6a3 Remove git.wpcarro.dev entry fron Nginx config
This is not currently working and it is causing Nginx to enter a retry loop. I
am removing it until I choose to focus on it.
2020-03-18 22:08:14 +00:00
William Carroll
dd9788fa73 Create line chart of UK confirmed corona virus cases
I was having trouble tracking the growth of corona virus cases in the UK.
Thankfully someone is publishing some daily COVID data as JSON. I downloaded
that data manually and plotted it using the chart.js library as a programming
exercise with Mimi.

Now I'm attempting to deploy to https://wpcarro.dev/covid-uk.

TODO(wpcarro): Prefer the live API data instead my soon-to-be-stale downloaded.
2020-03-18 22:08:09 +00:00
William Carroll
eb402bca74 Create derivation for learn.wpcarro.dev
Creating a derivation to abstract over the build process for learn.wpcarro.dev.
2020-03-16 16:54:16 +00:00
William Carroll
c23e263a9f Attempt to support gogs
Gogs claims to be an easy-to-use Git server and web frontend written in
golang. I'm eager to try it as an alternative to cgit.
2020-03-10 23:13:52 +00:00
William Carroll
b929a6bb57 Nixify hugo deployment
Create a derivation for building the static files of my blog.
2020-03-09 15:35:12 +00:00
William Carroll
5fd094d39c Replace ~ with /home/wpcarro
Nix runs the `rebuild` command as root, so ~ resolves to /root, which is not
what I want.
2020-03-08 19:14:08 +00:00
William Carroll
9b49731c02 Use static directory path as root for learn.wpcarro.dev
With this simple change, Nix should copy the static directory and all of its
contents to /nix/store and return the path to that directory.

See TODO for more what I would have liked to do ideally.
2020-03-08 19:11:10 +00:00
William Carroll
c187d89f27 Rename socrates/default.nix -> socrates/configuration.nix
readTree uses the output attribute set of default.nix as the value for
nixos.socrates, which disables me from resolving nixos.socrates.rebuild since
there is no rebuild attribute in the output attribute set from default.nix.

If I rename default.nix -> configuration.nix, I can resolve
nixos.socrates.{configuration,hardware,rebuild}.
2020-03-07 16:17:23 +00:00
William Carroll
694ca4a85f Ensure socrates/default.nix is a function
Nix complains that `nixos.socrates` is not a function but a set. By adding
`{ ... }:` to the top of the file, I'm hoping to change it from a set to a
function.
2020-03-07 16:17:23 +00:00
William Carroll
5ba3f2b572 Attempt to serve {learn,blog}.wpcarro.dev
Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:17:22 +00:00
William Carroll
431b4980e4 Remove fix-point recursion from socrates/default.nix
The fixed-point recursion isn't necessary.
2020-03-07 15:07:32 +00:00
William Carroll
6eb239dcce Manually require dependencies for <nixpkgs>, <briefcase>
When I build socrates using `sudo nixos-rebuild [...] switch`, my
`nixos-config` (i.e. <briefcase/nixos/socrates/default.nix>) is a simple Nix
anonymous function. Typically readTree populates my pkgs, briefcase, depot
function parameters with <nixpkgs>, <briefcase>, <depot>, but `nixos-rebuild` is
unaware of `readTree`.

For now I'm manually importing these dependencies, and I'm leaving a TODO to
reconsider switching to the `{ pkgs, briefcase, ... }` style when I better
understand NixOS.
2020-03-01 22:44:35 +00:00
William Carroll
3e51bf600a Removing unused parameters in installer.nix
I'm neither using config nor pkgs, so I'm deleteing them.
2020-03-01 22:32:25 +00:00
William Carroll
fd720fbe4d Nest configuration beneath socrates directory
Create a socrates directory to store configuration for socrates.
2020-03-01 22:32:24 +00:00
William Carroll
6a076e8329 Expose depot and briefcase to rebuild script
At the moment, I don't think nixos-rebuild is reading $NIX_PATH, which
appropriately sets the paths for depot and briefcase. I'm going to explicitly
expose these values in the rebuild script for now.
2020-02-23 20:11:33 +00:00
William Carroll
0973ca006c Define monzo-token-server as a root systemd service
After I considered the security implications of calling
`systemctl --user cat monzo-token-server`, I realized that monzo-token-server
should be a root service instead of a user service.

This service unit now also explicitly depends on briefcase.monzo_ynab.tokens,
which is a big improvement.
2020-02-23 20:01:33 +00:00
William Carroll
a1a4689ad3 Consume updated kv module
Exposing store_path to the tokens module to support the newly updated kv
module, which requires an explicit storePath parameter.
2020-02-23 20:01:15 +00:00
William Carroll
3f46ac6513 Change systemd unit type: oneshot -> simple
"oneshot", according to `man systemd.service`, "will consider the unit up after
the main process exits". Since I designed token-server to run continuously, it
will not intentionally exit; therefore, systemd awaits its exit, which never
comes. "simple", on the other hand, does what I want.
2020-02-23 19:32:52 +00:00
William Carroll
f926b4d61a Expose secrets to Monzo / YNAB service
Here is my first attempt to manage secrets when I deploy onto a NixOS machine.

Background: When I develop, I use direnv, which reads an .envrc file in which I
define my secrets. My secrets are read from `pass` using a pattern like this...

```shell
secret_value="$(pass show path/to/secret)"
```

...Thus far, I've found this pattern convenient. `pass show` invokes GPG, which
asks me for a password to authenticate. This means that when I cd into a
directory with an .envrc file using this pattern, I may be prompted by GPG for a
password. When I'm not, it's because gpg-agent is still caching my
password. This works for development, but I currently do not know how to use
direnv for deployments.

Here is what I'm using until I find a more convenient solution:
- Store the secrets in /etc/secrets on socrates. Ensure that the /etc/secrets
  directory and its contents are only readable by root.
- Use systemd's Environment and NixOS's builtins.readFile to read the files in
  /etc/secrets when I can `sudo nixos-rebuild`.

Ideally I could call a function like `builtins.readFromPasswordStore` within
configuration.nix. This would allow me to skip the step where I run...

```shell
> ssh socrates
> pass show finance/monzo/client-id | sudo tee /etc/secrets/monzo-client-id
> pass show finance/monzo/client-secret | sudo tee /etc/secrets/monzo-client-secret
> # etc
```

...I don't know how to manage secrets using NixOS, but at least this is one
answer.
2020-02-23 19:32:49 +00:00