I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.
I did not do a comprehensive check for other places where something
similar could happen though.
Fixes#92.
Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This commit removes my user directory in the depot, my user account on whitby,
my entry in the LDAP database, and my entry in the website graph. I've had my
fun with TVL, but I want to move on to spending time on some other things.
This additionally removes aranea from the website graph, which they have
requested in private.
Change-Id: I2d098c8fe239f20d9f6c6cbf66a3dfb4a955a4cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2436
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Since the slapd data is static and generated using nix, we can simply
move the user list into ops/users, so it's recognized by readTree and we
can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as
a general purpose user registry for depot.
Update docs/REVIEWS.md as well.
Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Prefix all IRC notifications from panettone with a unicode
zero-width-space so that they don't get picked up by other IRC
bots (notably bslsk05).
Change-Id: I350fd1b6d2145e496c22a8f56ba3530fc9f1a978
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2127
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Send an irc notification when issues are marked closed, in a similar
format to the notifications sent when new issues are created.
Change-Id: I2fdde33f0dedc223a5c2265eed778161938f8e9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit e1067b1497.
The original issue here was misusing ISSUE-ID instead of ID, but also
the associated username for the message should've been CN instead of DN
Change-Id: I1629c0cb7597ff2ee2867f27870378eecdafe126
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2125
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
This reverts commit 2e2bdf9c6c.
Reason for revert: this is not working, and is resulting in newly created issues just showing a blank page (b/74)
Change-Id: I3f06afc52d6c5289269402fc75bb32ad9c376bf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2082
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
- The new PANETTONE.IRC package contains the SEND-IRC-NOTIFICATION function,
which opens a new TCP socket to irccat (if it's running and configured) in
order to announce the creation of new issues.
- The IRCCATHOST and IRCCATPORT environment variables must be set for this to
work.
- Additionally, the ISSUECHANNEL environment variable may be used to direct
announcements at a given channel (otherwise it'll just use the first one).
Change-Id: I429a66f24d0f80ed10db173d6af7105fb1d3d023
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2077
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Considered adding hswaw, but after q3k left it'd be a single edge, so
perhaps no point.
Change-Id: Ifd8609a5227e5c3bee1d5726bb5cf70ebb2cefdf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2053
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Some overdue updates: People leaving, people joining. Not all new
people are in here yet either, but you have to start somewhere.
Change-Id: I66dfae443f60d090c02c619d09c12599b936b2dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2051
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Wrap all ldap access in a macro that automatically reconnects and
retries operations that fail due to a connection error, to handle the
case where the ldap server restarts while we still have an open
connection.
Fixes: #44
Change-Id: I4859cf509106e480f97fed17e7f08e0eea909352
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1871
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
The absence of the navbar containing the "all issues" and "log out"
links from the top of the page has been a common complaint - initially I
disagreed, but after some time thinking about it I've come around. This
adds the same nav - with the "All Issues" link and the "Log Out" link -
to the top of every page, and also fixes a bug where query params would
prevent the "All Issues" link from being hidden on the "All Issues"
page, which looked especially weird when they were right next to each other.
Change-Id: I1d07175fa07aee057ddd140a6864d01342fbb7ef
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1868
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
Style blockquotes (which show up in rendered markdown) similarly to how
github does, by rendering a 5px-wide margin to the left with some
padding.
Fixes: #48
Change-Id: I79aa3b6cda5d928885c2cc36f504009232252c17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1869
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
The default was really annoyingly short - 90 days feels perfectly fine
for what we want, though we may want to increase even further.
Fixes: #19
Change-Id: I917abd95c4925f8491cd2be7cd87d91bb6621153
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1867
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Load a SESSION_SECRET env var and set it as the hunchentoot session
secret if present, so that restarting panettone doesn't destroy all
sessions due to the secret getting regenerated.
Refs: #19
Change-Id: Ia2c633fa998e128ecece66e824df01c430da8235
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1866
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
This reverts commit 3115113854.
Reason for revert: this is causing all issues to return a 404 - reverting until we can get it working.
Change-Id: I5f3c5ec3b24f245a1f7ef12645200d16ed0f1b35
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1721
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Passing a nil issue to this was breaking because you can't get the id of
nil. I am too used to clojure.
Change-Id: Icf76cbb23d902ec59fa97c21b134936fa40eb43e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1593
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Allow editing both the subject and the body of issues, recording events
indicating the edit and displaying those events in the issue history.
Fixes: #14
Change-Id: I9ed05271ce9bf6bda4e56f15e249c0f28c862b27
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1517
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Events - which are interleaved with comments - don't have bodies, so
they can't be converted to markdown.
Change-Id: Iba818b95dab59cae5a08c8b4eca94955e11e584b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1509
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Use the new cheddar markdown endpoint to render issue bodies and comment
bodies as JSON. I've checked, and this *also* appears to be XSS
safe (yay)
Change-Id: Ib4b19fd581b0cf40ba03f5d13443535d17df6632
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1500
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Display the history of an issue (which currently is just opening and
closing) inline with the issue's comments on the issue show page
Change-Id: Id167bceef765cb4c24e86983d1dcd6624d0e5956
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1497
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Log in the database, in a way that will generalize to tracking edit
history as well, when users change the status of an issue. To facilitate
easily knowing who is currently authenticated (without introducing a
circular dependency) the authentication-relaated code has also been
factored out into its own package, which is nice because we want to
replace that sooner rather than later anyway.
Fixes: #13
Change-Id: I65a544fab660ed1c295ee8f6b293e0d4945a8203
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1496
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Even if the user fails to log in, maintain the original-uri param if
present, so that if they eventually succeed at logging in they still get
where they were originally trying to get.
Change-Id: I2faa5eced002ab899c803cf19095cea76897d92d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1499
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Add an original-uri query param to the target of the Log In link
pointing at the current URL, so that when the user eventually
successfully logs in they are redirected to the page they were
originally on
Fixes: #21
Change-Id: I75ed7b75fa00b1b09c8b26bf4dcf5bc6b6d7f53a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1498
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Now that we've migrated over all the data to postgresql, we can get rid
of cl-prevalence as a dependency from Panettone along with all code that
mentions it.
Change-Id: I945f50a88fea5770aac5b4a058342b8269c0bea2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1495
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
I have been. Very tired.
Change-Id: Iab9d21e53630be092080cc73196da90534b06553
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1490
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Switch from cl-prevalence to postgres (via postmodern) as the storage
backend for panettone. The first time the application starts up after
this commit, it will (idempotently) initialize the db schema and migrate
over all data from the prevalence snapshot to the database - the plan is
then to get rid of the prevalence classes and dependency once that's
deployed.
Change-Id: I4f35707efead67d8854f1c224ef67f8471620453
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1467
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: eta <eta@theta.eu.org>
Add a docker-compose file and lorri-based direnv for aiding in
running and connecting to a postgres database during development of
panettone.
Change-Id: I319eee52b52cd48e1f3d2e32c558989768dc19d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1465
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: eta <eta@theta.eu.org>
The default hunchentoot behavior is to log all local variables when
logging lisp backtraces - this is nice for debugging, but means that if
we hit an error when checking for auth with the ldap server we log the
password provided by the user. No good! Let's just turn off logging of
backtraces for now.
Change-Id: Ibc4242e3e0f974ac53fffc482d3724b0547425ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1471
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Sly spits these out as a result of the various compile commands, but we
don't want them committed.
Change-Id: I6f45b6de6dc978667a0575d0ed361c573045ef92
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1464
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
Make the site responsive, by making all the hard :widths we were using
into :max-widths, and adding a viewport meta tag.
Change-Id: I02f054f81ff57fbd1c4603b179b2104367f03e3b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1415
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
- who:html-mode needs to be html5 rather than HTML5 apparently, even
though the documentation says otherwise
- wrap content in an :html tag with the :lang "en" attribute
Fixes: #22
Change-Id: I58ff8947d17ac02659e4c8d98155f57127ec7005
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1421
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Make auth optional on the index, closed-issues, and view-issue pages,
and only render the various buttons (close issue, new issue, make
comment, etc.) if the user is authenticated.
Fixes: #5
Change-Id: I0a2aaf4a7cc4c5ef0494cc183410f00d2a3b7e06
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1414
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Generalize the rendering of the footer nav, and add a Log Out button to
the right.
Change-Id: I107e2370fd8f12949218ecacb611649a48abd738
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1413
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This was something that was complained about verbally - if someone gets
a link to an issue directly it's nice to be able to click on a link to
view all issues.
Change-Id: Id4e0c7208edc51980c6577bb10e6c6dea1e7ab55
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1412
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Once the user authenticates, redirect them to the original URI they were
trying to get to
Fixes: #7
Change-Id: Id7c8cbe3547923f6c4c5faed180ea8ea6528fddd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1411
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Disallow creating issues with an empty subject, and render a nice(ish)
alert box indicating the error.
Change-Id: I2857923dc0eb7702c85cd1974a73270ca27720fc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1404
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
Handle if the username submitted to the login form is one of a
nonexistent user, rather than returning a 500
Fixes: #1
Change-Id: Iebc68dea3c91dc928e4386cb172d3c1515fb1556
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1402
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
For some reason cl-prevalence tries to put the snapshot in the *parent
directory* of the directory that's passed to make-prevalence-system.
This is icky, but this should work around it
Fixes: #2Fixes: #3Fixes: #4
Change-Id: I8300246275887653586108cd7b3b033df3bca203
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1401
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Add support for issue statuses, which is currently a trivial groupoid of
open and closed. On the show page for open issues there's a Close
button, and on the show page for closed issues there's a Reopen button.
In addition, the index page is filtered by open issues only and there's
a link to view closed issues.
Change-Id: I6c0c3d2e874b1c801e9e06c804f5c1b12db5dbdc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1352
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Add a new-comment form and list all issue comments on the issue page
Change-Id: Ia74083484614ba0ca0f2879276f717f709d0f42f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1351
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Take an initial crack at styling most of the Panettone application,
taking inspiration from the styles from todo.tvl.fyi and tvl.fyi itself.
This uses the LASS CSS library, after a brief attempt at using css-lite
which I ended up not going with because I don't like the library's
design very much, and also it's not compatible with sbcl's (safety
3) (some macroexpansions SETQ undeclared variables).
Change-Id: I054402e4c68ae1e99884d5164e6e2fc39d2779ff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1350
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Add a line to the issue show page displaying who opened the issue and
when, the latter formatted in dottime.
Change-Id: Ie70d7fd9e62ae92f9a479969d4ea21daddccee40
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1345
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Read the port and data directory from environment variables, in
preparation for deploying as a systemd unit to Whitby
Change-Id: I066dced7b7926b6bdc77132d13a4da6c886b20e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1338
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Initial commit for Panettone, a very simple issue tracker for TVL. In
its current state this launches a web server with authenticates with our
ldap server, and supports listing and creating issues via static html
pages and simple forms.
We've been needing an issue tracker for a while now, but none of the
options out there seem very good - or there are some good ones, but
they're AGPL licensed and we don't want to deal with them. Rather than
muck around with Trac or Bugzilla, we've decided to write our own.
Change-Id: I704f0996d15199329bbd5450f3d959046bf13973
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1337
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This makes it possible to link to the TODOs for a specific user on https://todo.tvl.fyi.
Change-Id: Ibcb43235be187265cda55776582d043a84c96ead
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1301
Reviewed-by: ericvolp12 <ericvolp12@gmail.com>
Tested-by: BuildkiteCI
This invokes ripgrep & jq to construct a list of TODOs from known
users across depot sources, and dumps it into a static page that we
can serve.
The structure is relatively simple, but it might be useful. See here
for an example of what this looks like:
https: //tazj.in/blobs/todos.png
Change-Id: I1edef56606273584ab886b9e762c8ed4d210919d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1296
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
My personal pages have moved out of //web, and various changes were
necessary to keep everything working.
Change-Id: I2f81fdd8ba2ce2ce6fea7e329bbdcda6092cc8a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/604
Reviewed-by: tazjin <mail@tazj.in>
This isn't actually used for anything.
Change-Id: Ief1128e934b1626189453abe3564cb64e1fe5a95
Reviewed-on: https://cl.tvl.fyi/c/depot/+/602
Reviewed-by: tazjin <mail@tazj.in>
Since this is replacing cgit now
Change-Id: I72da8cb30ed70445eb90adf38bb24d4f7b9782a8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/573
Reviewed-by: tazjin <mail@tazj.in>
Moves the host at which cgit is served to 'code.tvl.fyi'.
Also updates related projects that link to this, most importantly:
* Hound's & Gerrit's cgit link bases have been updated
* besadii is updated to request CI builds for the new location
Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/71
Reviewed-by: lukegb <lukegb@tvl.fyi>
Quoting myself from IRC, for those who missed it:
-------------
Alright, some of you might be wondering what 'UNDERGOING CHANGES'
means. The gist of it is that TVL has kind of departed from what it
was originally (a place for friends of mine to hang out) by growing a
little too fast, and I've decided to do a bit of a reboot.
What this means is that for most people I don't know directly, I'll be
asking you to leave (I'll +v/-v accordingly) and see if we can get the
original TVL crowd back before opening it for a wider audience again.
The "opening hours" (heh) will also be more restricted again.
Some people will be a little unhappy about this, but the good news is
that you can easily make your own Meet and use that! Some folks even
started an alternative EU-daytime lounge already. But for now, with
this particular one, it'll be s/The V/tazjin's V/.
----------------
People who're already here know where it is. There's also
tvl.fyi/meet/ but we don't advertise that.
This is primarily because I'm unhappy with the influx of people at the
moment and it seems like a way to throttle it, in combination with
making the IRC channel invite-only.
This post is a draft, i.e. not linked from the index. It's not a
secret, but if you do find it through this commit before its
publication please don't share it too widely yet.
Posts with either `draft = true;` or `listed = false;` will no longer
be included in index generation and will have a warning callout
inserted at the top of the page urging people not to share the links
to them.
Deleting this code feels strange. This project has been around for a
decade, and despite occasionally needing a bunch of tweaks it had aged
well and worked fine for a very long time.
I've reached a strange point where I don't really feel like using
Haskell anymore, and every interaction with this project in recent
years has been fighting dependency management tooling for Haskell, or
dealing with strange build problems.
The simple fact is that the service never really did anything other
than render Markdown dynamically, and at this point I can do that much
better with //tools/cheddar instead.
So, tazblog-hs, it's time to say goodbye. Rest in peace!
This is not yet fully functional, but going in the right direction.
Some concepts are introduced:
* There is a light theme (used for blog entry pages) and a dark
theme (used for the homepage itself)
* Entries can be either blog posts, projects or miscellaneous things
that I want to link people to (possibly with a comment)
It might be interesting to add pages that filter to specific types, or
some such, which should be relatively easy to do.
Note that the layouts of entries are not actually done yet.
This introduces a derivation which builds an instance of nginx
statically serving my blog posts, though as of now no indexes are
being generated and no XML feed is available.
This is just the initial draft of this setup and not yet what shall be
yielded in the end.
This will render about pages using the Comrak renderer defined in
Cheddar.
Note that due to the way its implemented this will have one
interesting behaviour: Markdown files in the tree will *also* be
rendered as HTML.
I will need to see how that works out before deciding whether or not
to disable it.
This moves the various projects from "type-based" folders (such as
"services" or "tools") into more appropriate semantic folders (such as
"nix", "ops" or "web").
Deprecated projects (nixcon-demo & gotest) which only existed for
testing/demonstration purposes have been removed.
(Note: *all* builds are broken with this commit)