Commit graph

472 commits

Author SHA1 Message Date
Vincent Ambo
817cd6f166 feat(ops/nixos/www): Enable tvl.su aliases for dev tools
This is not for the domain root though, as that's going to be
something else eventually.

The canonical URLs are the .fyi ones (at least for now), and some of
these tools will eventually generate links that make user sessions
started from *.tvl.su converge on *.tvl.fyi.

Relates to b/98

Change-Id: I1c3bcf72a3063059002e4b0bdd57c269a410a8bc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2758
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-04-02 11:10:51 +00:00
sterni
8cc1dcf588 feat(ops/users): add milan to users
Change-Id: I77e5e9a0ae1bf2ee59ac4967c5481b9044f97934
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2757
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-02 10:21:37 +00:00
sterni
27b300fe34 feat(ops/whitby): add sterni to trusted users
I am somewhat trustworthy… maybe? Also I tend to gc depot stuff so ssh
serve would be neat.

Change-Id: I4672f20a32a756692dd156b5e40e5a7f37ba5ad0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2660
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-02 10:21:32 +00:00
Vincent Ambo
53d8dd6a1e feat(ops/nixos/www): Serve rendered Tvix component SVG (hack!)
This is a quick hack to make it possible to view the rendered SVG on
https://code.tvl.fyi/about/tvix/docs/components.md

We want to be able to do this sort of thing dynamically in the future,
but we can't yet, so ... well. Deal with it.

Change-Id: Id2b819679d748b6f517018a9c6e72d5c1d806c4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2743
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2021-03-31 23:10:54 +00:00
tazjin
99148c9b8f revert(monorepo-gerrit): Revert to using cgit for Gerrit
This reverts commit 3b05be2fd0.

Reason for revert: Sourcegraph still does not support fetching arbitrary refs, so we'll have to wait until its Gerrit integration lands before this will work correctly.

Change-Id: Icee82c50f92c34ba1741b608449aed16538ccbaa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2721
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-03-31 21:48:06 +00:00
Vincent Ambo
03a2616ccb feat(ops/dns): Add GSuite site aliases for tvl.su
Change-Id: Ib18b5bef23a198e7ca031f48290cf0ff0655d8dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2687
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-03-27 11:06:56 +00:00
Florian Klink
372b35dffa feat(ops/nixos/whitby): add flokli user
Change-Id: Ibdb5b498f8bbc837fffdb38cdf95499b279773aa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2683
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2021-03-26 20:31:48 +00:00
Vincent Ambo
93af4644ab chore(ops/users): Purge some inactive users from LDAP
Change-Id: Iab2d2d6b7096ef302ea2fd8b051041426c6c8ca6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2670
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-26 20:00:22 +00:00
Florian Klink
3026891302 feat(ops/users): Add flokli to users
Change-Id: I87ca0f20663ff858237f641ef2245778601e0416
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2671
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-03-26 19:31:37 +00:00
Vincent Ambo
743993d7b1 feat(ops/dns): Configure email settings for tvl.su.
Change-Id: Ida5beca7b4efd39fad15ba220dc1fc887ed79b4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2669
Tested-by: BuildkiteCI
Reviewed-by: adisbladis <adisbladis@gmail.com>
2021-03-26 19:31:10 +00:00
Vincent Ambo
5a90c8276b feat(ops/dns): Add Google Workspace verification for tvl.su.
Change-Id: I44db2bca7aa5814bbefd8943d727cc66ab800fd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2668
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-26 18:26:34 +00:00
Griffin Smith
f2963cffcd fix(ops/whitby): Set tcp congestion control to bbr
Some quick testing shows that this improves my data transfer speed to
whitby by roughly 200%.

Change-Id: Id94de975b1ae0930f8d0fe038582dbac0037676c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2659
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: ben <tvl@benjojo.co.uk>
2021-03-26 02:42:37 +00:00
Vincent Ambo
d34c527372 refactor: Replace some uses of builtins.toFile with pkgs.writeText
I'm looking at removing some of these because they can cause
unnecessary build steps during CI pipeline generation.

Change-Id: I84742968918090c050d2eedab8a1b42692632a42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2655
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-03-25 19:14:36 +00:00
Vincent Ambo
a747b46f19 chore(ops/nixos): Update Sourcegraph to 3.26.0
Reading through the changelogs, this includes the following two
changes that may require us to do something:

* For users of single-image Sourcegraph instance, please delete the
  secret key file /var/lib/sourcegraph/token inside the container before
  attempting to upgrade to 3.21.x.

* A campaigns.restrictToAdmins site configuration option has been
  added to prevent non site-admin users from using campaigns.

Change-Id: Ieacf85a9059ad5222800f8d7d4a43435f489a39f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2638
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-22 20:46:31 +00:00
Vincent Ambo
1c719cdc14 feat(ops/dns): Add status subdomain
I want to host something like Vigil[0] on this to show the status of
Gerrit, SourceGraph and maybe other components.

(Yes, the status page will be on the same infrastructure ... but this
is mostly for service failure cases).

[0]: https://github.com/valeriansaliou/vigil

Change-Id: If71496300b94035976a685d9bf166d525d89fc5e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2637
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-22 16:15:07 +00:00
Vincent Ambo
2f7cb2b6c4 chore(whitby): Remove SSH key from root
This was a leftover from the time we were installing.

Change-Id: Id875b907d7f76081a45e7f8f2666b7fba6aefc86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2632
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-21 18:04:22 +00:00
Vincent Ambo
6e94b3ca2f feat(tazjin/nixos): Initial check in of new host (tverskoy)
This is my new X13 AMD Thinkpad, on which many fun things will be done.

Change-Id: I4de114a8c5ebb37d2f4844f407d2dc0e7cc9557e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2620
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-21 00:55:58 +00:00
sterni
c32e8424be refactor(ops/dns): use drvTargets for meta.targets population
Since we have a dedicated util for this, we may as well use it
to reduce code duplication.

Change-Id: Ie52647be8c786d0b6a4dceb2fa6778b94625fafc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2604
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-15 22:16:19 +00:00
Vincent Ambo
5b9229186f feat(ops/dns): Configure tvl.su zone
Change-Id: I6016d92e9c231a257e06644dfcf44a4aaa12ac4d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2601
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-03-15 21:23:35 +00:00
Vincent Ambo
b4e87f8254 feat(ops/dns): Import tvl.fyi DNS zone into depot
Imports the current state of the tvl.fyi zone and configures simple CI
checks on the file format.

No deployment automation exists for this (yet?).

Change-Id: Ia7d72e02b9f6d3adef994c5dc1898cc0df9dfcfb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2600
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-15 21:23:35 +00:00
Adam H
4d193f2395 feat(users/adisbladis): Add to users
Change-Id: I2a3532605c602dd6ba44a6c723333db219a55907
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2599
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-13 19:55:24 +00:00
Vincent Ambo
c9726d8a00 chore(ops/journaldriver): Expand wildcard imports
... to appease Profpatsch.

Change-Id: Id8576645a6920312c2304ea7880524d9cda8e21b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2544
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-02-24 14:07:22 +00:00
Vincent Ambo
3a45e029af fix(ops/www/tazj.in): Force SSL for git.tazj.in redirect
Change-Id: If5b8096cb693d96936f9b954e2ebe3dc9b63af66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2521
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-10 17:56:29 +00:00
Vincent Ambo
8d7c24d3db fix(ops/www/tazj.in): Redirect git.tazj.in to our cgit
Change-Id: Ia0be95e2618aeb4f8d394a8e3602c73faec0d72f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2508
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-10 17:38:05 +00:00
sterni
e91d5e4e61 fix(config): remove ciBuilds inherit
The ciBuilds attribute seems to no longer exist and it breaks the
evaluation of the config attribute. It's only appearance was in
besadii which doesn't actually use the attribute.

Removing the ciBuilds inherit fixes these issues.

Change-Id: Ibbf3413ba6efe10ad868cf57cf0711d574860f97
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2487
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-06 17:54:18 +00:00
Profpatsch
e7ad8143e4 fix(ops/piplines/static-pipeline): add --show-trace to nix-build
Change-Id: Ib0473f916b1436934844e620ce981f52d11e8512
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2467
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-30 09:02:09 +00:00
Vincent Ambo
8f57ca92bd chore(3p|nix): Remove typed Go
Nobody has actually done any experimentation with typed Go, so we're
getting rid of it for now - it's causing annoying IFD during build
graph generation.

Change-Id: Ibac3dea98ebed1b3ee08acda184d24c500cf695d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2458
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-30 08:20:45 +00:00
multi
4ac51ea504 chore(users/multi): remove user from the depot.
This commit removes my user directory in the depot, my user account on whitby,
my entry in the LDAP database, and my entry in the website graph. I've had my
fun with TVL, but I want to move on to spending time on some other things.

This additionally removes aranea from the website graph, which they have
requested in private.

Change-Id: I2d098c8fe239f20d9f6c6cbf66a3dfb4a955a4cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2436
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-01-23 21:13:39 +00:00
V
29db630a39 chore: Remove banned user
Change-Id: Icd61f7c567a327c74a4f381168e94737b2b30702
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2422
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: tazjin <mail@tazj.in>
2021-01-19 10:30:19 +00:00
sterni
2d136e0327 feat(todolist): use static slapd user data for knownUsers
Since the slapd data is static and generated using nix, we can simply
move the user list into ops/users, so it's recognized by readTree and we
can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as
a general purpose user registry for depot.

Update docs/REVIEWS.md as well.

Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-18 23:18:55 +00:00
Vincent Ambo
c033229a61 chore(ops/whitby): Move ACME registrations to an @tvl.fyi address
Change-Id: I371550aa456c0fb64da4789feed494cc50497522
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2410
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-18 00:54:33 +00:00
Vincent Ambo
e4976c49dc feat(ops/nixos): Serve tazj.in from whitby temporarily
camden.tazj.in (the host in my flat) is going down as my belongings
are being moved into storage.

Change-Id: Id66512fd2ec6dbdcb6dfc3862af49cfadb15cfa1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2405
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-17 05:42:55 +00:00
multi
2fe90c34c0 feat(ops/nixos/whitby): Enable remote use of whitby for my Thinkpad.
My main workstation is a Thinkpad without a great deal of compute
power available, so enabling the use of whitby as both a substituter
(services.sshServe) and a remote builder (openssh.authorizedKeys) will save me
some time when working on nix things and depot things.

Change-Id: I17bfcbb9860f42fb667603ad819e38e82e6052da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2399
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2021-01-15 13:06:33 +00:00
sterni
e93a2fc48f feat(ops/nixos/whitby): add sterni user
Change-Id: Ia6790913ea2777a9d4ca89830436623766991c13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2368
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-13 22:05:33 +00:00
sternenseemann
dd323b5c0d feat(tvl-slapd): add sterni to slapd
Change-Id: I4b832f60c69e1bdd1a6bf0595d523c052aa8f794
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2348
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-11 10:58:52 +00:00
Vincent Ambo
88bf43878f chore(3p): Bump NixOS channels to 2020-12-28
Changes:

* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
  ability to configure OpenLDAP directly and now forces users to use
  some kind of weird Nix->OLC mapping that is mostly undocumented.

  This moves the config we need to the new format in a way that may or
  may not work and does the other arbitrary dance steps that someone
  decided to impose on us. Note that this now throws lots of warnings,
  but I can't be bothered to fix them.

* 3p: Random package removals accomodated

* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
  is not yet updated for 5.10

* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
  this changed because of something in the Go build machinery in
  nixpkgs. The deleteVendor flag also has no effect anymore and has been
  removed.

* users/glittershark: agda build is broken, commenting out development
  home-manager environment until it can be fixed

* third_party/haskell_overlay: updating random needs upper boundarles
  of a few dependencies relaxed (curse them)

* third_party/gerrit_plugins: for some cursed reason the fixed-output
  hash of the gerrit owners plugin fetchgit changed, updated.
  Same for the checks plugin.

Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-01-09 13:21:00 +00:00
Vincent Ambo
4a86a06466 chore(whitby): Double number of build users
more = betterer

Change-Id: I6d5414d6ebb087e7f9fb912d5a514c31ebcd8b7e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2296
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-12-26 14:56:20 +00:00
Vincent Ambo
c3bbb861b8 fix(whitby): Include lukegb's & grfn's SSH keys in initrd
Change-Id: I8921d645b1a81510e04314e519195c1c01d3fd14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2286
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-12-20 22:03:39 +00:00
Vincent Ambo
86ec8c1b94 fix(whitby): Disable git's gc.autoDetach feature
This feature can cause object removal to happen while the git folder
is in use in Buildkite, causing CI to fail semi-reegularly.

Change-Id: Ide1a9b2f1761be029e97a058c1983b4cff5e27bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2285
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
2020-12-20 17:54:19 +00:00
Griffin Smith
d4fb573cf7 feat(gs/system): Init yeren
My new work laptop, a dell XPS 13.

Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-30 00:03:50 +00:00
Luke Granger-Brown
b344ae8783 fix(cl.tvl.fyi): Correct Gerrit shortlink redirects.
Before: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi:80/c/depot/+/123/
After: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi/c/depot/+/123/

I think Jetty changed it's behaviour, and Gerrit is now configuring it
incorrectly.

Fixes #88.

Change-Id: I9238c0922b9f627e06eb81fa99dc748dada8909a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2202
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-29 11:50:53 +00:00
Jamie McClymont
3cbef06629 feat(tvl-slapd): add jamie to slapd
o/

- Jamie

Change-Id: I9c21e9a58c4514160f08133465a9cca720055cbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2148
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-11-26 00:36:06 +00:00
Griffin Smith
64ef09c475 feat(whitby): Move wigglydonke.rs to whitby
Mugwump is too unstable for such an important internet service

Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-11-22 22:55:49 +00:00
Griffin Smith
9f4d37e5df feat(ops/nixos): Give all nixoses a config.depot
Add the depot.nix module and a depot config option to all nixos system
derivations that're build through the `bin/rebuild-system` machinery.
I can't imagine a scenario where we wouldn't want this level of
integration.

Change-Id: Ieeb98db2eee23919256adb4654bc45d540e055ec
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2128
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-22 21:59:58 +00:00
Vincent Ambo
73c862279a feat(ops/pipelines): Check in the static pipeline
This file represents the static pipeline which is configured in the
Buildkite web UI. Updates to this file should be applied in the admin
interface.

These steps are responsible for launching the dynamic pipeline
evaluation, or falling back to the fallback pipeline if evaluation fails.

Change-Id: I6d7dd623cde65e8c69faea729f737c9bba00c2fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2103
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 22:33:11 +00:00
Vincent Ambo
1857334d37 feat(ops/pipelines): Add a fallback Buildkite configuration
This adds a simple fallback Buildkite pipeline configuration which
always fails the pipeline, but correctly reports back the failure
status.

Note that this also requires changes in the Buildkite configuration
that is not in version-control.

Relates to b/66.

Change-Id: I6802a6f76448c3893798a06d514e6ccba0f50dd2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2102
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 22:33:11 +00:00
Vincent Ambo
77097f8056 feat(ops/panettone): Add configuration for irccat
Adds configuration options for the (inconsistently named) environment
variables that configure irccat integration with Panettone.

The defaults match the irccat setup on whitby.

Change-Id: I6857512a2e3f29f16777493eb981cc69ce3c045f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2080
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-11-17 22:00:52 +00:00
Vincent Ambo
1442c5c8ac feat(whitby): Enable irccat module
Enables irccat, running as 'tvlbot' on ##tvl and ##tvl-dev and listening on TCP 4722.

Change-Id: Ia1eb533d0aacb0c15d6b3fa1cfd854ffbce27d23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2075
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-08 18:38:08 +00:00
Vincent Ambo
cbfcf14301 feat(ops/irccat): Add a NixOS module for launching irccat
This module configures irccat by creating a JSON configuration file
from a user-supplied Nix struct (this is not checked for correctness),
and merging it recursively with secrets from
`/etc/secrets/irccat.json` at service launch time.

This way we get the ability to configure (most) options declaratively
via Nix, while providing the secrets outside of Nix.

Side note: We need to figure out a secrets distribution mechanism.

Tested: Wrote a dummy config in whitby/default.nix locally and checked
that this builds, but I have not actually run the service yet. I
expect that some minor tweaks will end up being necessary.

Change-Id: I02a2e8dc40a7f8417fd77afcf8a12ac3df117988
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2074
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-08 18:38:08 +00:00
Vincent Ambo
e84f9ef0ad fix(whitby): Use new IRC bouncer location for clbot
... I found this location in the logs, because the certs are now valid
for this, but I'm not actually sure if it's right.

Change-Id: I5ac88073e3bf6a95fead4c1d34515622c4416c6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2070
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-05 14:22:01 +00:00
Griffin Smith
e39b7e002c feat(ops/nixos/paroxysm): Set Restart = "always"
Sometimes (like today) paroxysm crashes. We'd like it to restart if that
happens.

Change-Id: I98841096bcd6605c4279744ae5c65a9c92092a21
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2069
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-11-05 13:30:42 +00:00
Elis Hirwing
2a6be2b484 feat(tvl-slapd): add etu to slapd
Change-Id: I39ecf2167fd65f305853bf0e48c6208d94a5bf1f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2055
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-10-22 13:26:25 +00:00
htbf
41f1b01ba4 feat(tvl-slapd): add htbf
Change-Id: I6da03700708bcafc4f476b01c0a27d27fb85cc4a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2050
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-10-18 02:20:19 +00:00
Cynthia Revström
df6a1d47d2 chore(tvl-slapd): use ARGON2 for cynthia
Change-Id: I81efffe384644cc2d2a625fc96ef5264dedd76ea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2019
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-10-05 13:00:59 +00:00
Jonas Höglund
b2870615f7 feat(whitby): add firefly user
Change-Id: Ib785577c173795d5cc6ccd7a3ee7e6a568439a0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2013
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-09-28 13:42:08 +00:00
Jonas Höglund
3a5e908111 feat(tvl-slapd): add firefly
Change-Id: I28b71a429f2093e2ff3d7148cfaa2425f322dfea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2010
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 23:38:48 +00:00
Cynthia Revström
8e31495b9d feat(whitby): add cynthia owo
Change-Id: Id9e06ce8645ec2dbe1167d2b0b023159d3e91487
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2008
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 23:27:23 +00:00
Ben Cartwright-Cox
e3d0585fcd feat(tvl-slapd): add ben to slapd
Change-Id: Iadec1d04b086f878c408a8867778f6bd75254dfc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2005
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-09-27 22:56:09 +00:00
Vincent Ambo
afc07b1b74 chore(whitby): Double the number of build agents again
The main bottleneck of our builds right now is Nix evaluation, which
means that most of the time is spent idling during builds.

Since we're evaluating in parallel, lets give it a few more builders.

I don't want to go all the way to 64 immediately to first see if we
get any adverse effects from highly concurrent builds running
concurrently (if we do we could group them into different "concurrency
groups" in Buildkite).

Change-Id: Ibc3f89fb59cb4ee471b152ff36887ffe2b39f8f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1932
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-09-06 14:42:40 +00:00
Griffin Smith
7a83b8fe40 fix(ops/monorepo-gerrit): Escape escape characters with more escape characters
Escape!

Change-Id: Idec7d17feda13ccf1ec03c41106ec6ed581d9e47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1901
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-31 23:21:45 +00:00
Vincent Ambo
2afa22e512 feat(whitby): Double the number of Buildkite agents
Allow 16 things to happen in parallel, which is useful now that the
CI granularity is on a per-target level.

Change-Id: Ie65dd119ea0666618fbb249613e70a68276db834
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1902
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-31 23:21:16 +00:00
Vincent Ambo
9c482d6238 feat(ci): Add subtarget support for builds
We have naturally evolved a distinction between logical and physical
targets.

Physical targets are those which correspond directly to a tree
location on disk and can be built with `-A path.to.files`, while
logical targets are those that are exported from within an expression
but do not have a corresponding file on disk.

This change adds support for exporting logical targets from any tree
location by adding a `meta.targets` attribute containing keys into
itself, which will be consumed by the CI target gathering logic and
included in the generated pipeline.

Note that the labels for subtargets are syntactically different to
emphasise that they do not correspond to a file location. For example,
this change enables 'ops.nixos.whitbySystem' as a subtarget, which is
labeled in CI as `ops/nixos:whitbySystem`.

Change-Id: Ied09647a62c2ba98e3914548e3742ad422c63ecf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1893
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-31 23:14:11 +00:00
Vincent Ambo
61d2d2d503 feat(ops/pipelines): Dynamically generate CI pipeline from targets
Create the pipeline by outputting a file that contains nix-build
invocations for each target's *derivation path*.

Each invocation has a generated Nix expression passed to it with `-E`
which fetches the correct target from the tree while correctly
handling targets with strange characters (such as in Go-packages).

This makes it possible to run target-level granular pipelines. We're
getting somewhere!

Change-Id: Ia6946e389dafd1d4926130bb8891446d6e17133b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1855
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-31 23:14:11 +00:00
Griffin Smith
9b4986c5ed feat(monorepo-gerrit): Auto-link panettone issues
Auto-link b/\d+ in gerrit comments + patch comments to panettone issues.
This is a departure from the previous syntax of #\d+ that we were using
historically, but has been requested by multiple people

Fixes: b/40
Change-Id: I8e556eb6b2f55ae80d945b86b51041751ecb053b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1888
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-30 22:16:50 +00:00
Vincent Ambo
4ff9d5dee8 feat: Implement automatic CI target detection for the depot
Automatically walk the entire depot tree and pick out things that are
"buildable", then include them in the attribute `ci.targets` (which is
now also the target for CI builds).

A long time ago, in a land far away, we (well, I, at the time) had a
prototype of this which ran into constant issues with infinite
recursions while trying to walk the tree. In fact, this is why
readTree originally gained the `__readTree`-attribute which marks
things that were imported automatically.

Based on some code edef whipped up earlier (with the breakthrough
being that we also add the attribute to top-level folders, which
suddenly resolves a whole bunch of problems), I've now implemented
this actually working version.

At the moment all builds still happen as one big bag of builds, but at
some point we will granularise this.

Change-Id: I86f12ce7f63dae98e7e5c6646a4e9d220de783f2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1854
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-26 23:49:32 +00:00
Vincent Ambo
88317aea0d fix(besadii): Remove unused Nix code from the derivation
This was used previously when build granularity was besadii's task,
which it no longer is.

Change-Id: I6df2db1ed4730a7953199b7b48aa9ad916418b22
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1853
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-26 23:49:32 +00:00
Vincent Ambo
5ad61ee408 chore: Add __readTree attributes on systems that need to be built
This is a temporary state (TODO added) to be picked up by the new CI
logic.

Change-Id: Id4702740ffd18325088e2a8a0c6157a8cee7ccf7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1852
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-26 23:49:32 +00:00
Vincent Ambo
d4824b64f6 feat(whitby): Enable log forwarding via journaldriver
Change-Id: I474159acfe514f6f2eb7867e4eba854016590ab1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1836
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-23 20:45:18 +00:00
tazjin
674d921202 revert(whitby): Use Tvix as the system Nix on whitby
This reverts commit 8fa3087067.

Reason for revert:

This almost worked. We discovered two important issues:

- The daemon startup does not correctly handle the socket passed in by systemd.

- There is some issue with chunking of large calls, running a build for ci-builds resulted in:

tazjin@whitby /depot (canon)> nix-build -A ciBuilds.__allTargets
E20200821 01:42:22.846053 12601 shared.cc:306] error: Rpc call addTextToStore to unix:///nix/var/nix/daemon-socket/socket failed (RESOURCE_EXHAUSTED): Received message larger than max (10889961 vs. 4194304)

Change-Id: Ic5ba4ef06a4953cf71a36b139fe25ea673cb6fee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1802
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-21 02:01:33 +00:00
Vincent Ambo
8fa3087067 feat(whitby): Use Tvix as the system Nix on whitby
... this is going to break so much stuff. Lets have some fun.

Change-Id: If0185e0323391c7055d47b797083bb5afde57cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1829
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-21 01:37:25 +00:00
V
d6f17f48de chore(tvl-slapd): decapitalise V's username, use displayName instead
Change-Id: I59cf5e1c850960ae639c6a3ebeb273a4441c48bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1788
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 01:23:39 +00:00
V
b8fe5469c6 feat(whitby): add V
Change-Id: I887760edd67135df4e2f58a874314b317838d2e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1787
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 01:08:33 +00:00
V
8179fb6285 feat(tvl-slapd): add V
Change-Id: Id9253635b73b0eac7871a6baa4f0c7417d135cfe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1786
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-08-19 00:12:04 +00:00
eta
737d192aec feat(whitby): add eta
Change-Id: I7aa2bd2cb2c001b48ebd25b20f28cdfb0883ba3f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1782
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-08-17 22:27:25 +00:00
Vincent Ambo
f7687b1ea7 docs: Update README for the repository itself
Adds a lot more information about what is actually going on here, as
well as links to relevant things such as our Monorepo document.

I'm aware that I didn't make all `//...` links clickable, but I
realised at some point that it might be easier to just update cheddar
to support highlighting those natively :-)

Change-Id: Icbb212a6c07a5cf38ab8e65d83a64bec783eb8d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1768
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-17 21:52:58 +00:00
Vincent Ambo
85f53a45db chore(nixos/sourcegraph): Bump version to 3.18.0
Change-Id: I5cb8b2da7e40075c99fab6bd57295c8c1d770e86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1781
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-17 21:52:48 +00:00
Vincent Ambo
a7868e4e17 feat(nixos/clbot): Add ability to post in multiple channels
Adds the ability to post to multiple channels by simply running
multiple instances of clbot.

We should probably implement support for this in clbot itself, but
right now I can't be bothered to write Go.

Change-Id: I5cffd0dc10a7f6cc19c37c5834c5610166b4ae23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1771
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-17 21:50:45 +00:00
multi
9108256ce4 feat(whitby): enable programs.mosh.
Change-Id: Ibc8df6f6382b5b64e272bedece6b65762f9693c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1750
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-14 21:08:27 +00:00
multi
8af65f6858 fix(whitby): disable sshd(8) password authentication.
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-08-13 16:38:58 +00:00
multi
5e58c8bc28 feat(whitby): add multi
Change-Id: Ibfc2a5fcf73099b8414b8c46958007374d14fd0a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1701
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-09 19:42:07 +00:00
multi
c0baddeed0 feat(tvl-slapd): add multi
Change-Id: I2fec9b5dd92da0343426c4a129d882fa87d92e6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1699
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-08-09 15:44:04 +00:00
Vincent Ambo
81f09b2dcd fix(whitby): Increase nrBuildUsers to 128
Change-Id: I3a444e163745d17d10f923c0be7565840937c53a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1662
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 00:21:23 +00:00
Vincent Ambo
bc1293b944 fix(whitby): I'm a trusted user, owo
Change-Id: I2666b3cf8bdefcb5d4caeddf191dc65f6a8cb05f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1661
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 00:21:23 +00:00
edef
6a128fc162 chore(whitby): add edef
Change-Id: I7265259bc87594bd481c7bd455187c09b1effd1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1650
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-05 22:32:54 +00:00
edef
c9a645b69d chore(tvl-slapd): refresh edef's password
Change-Id: I5a7a913656bfb9dd6c9fb4e2b4a1212607c50dd3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1592
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-03 11:15:23 +00:00
Luke Granger-Brown
1094e356df fix(besadii): Don't add people back to attention set.
This uses the not very documented ignore_default_attention_set_rules review API.

Change-Id: I650777bbbd24a1922f26967fbbd7da06d14b6782
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1513
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-02 01:18:37 +00:00
Vincent Ambo
cc3c45f739 fix(whitby): Move Restic's cache into /var/backup/restic
It tries to write this to ~/.cache otherwise, which worked for the git
user but does not work for root (??)

Change-Id: I02d04da7d8e2b8782ce70bc72bce0b90c3961aa0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1546
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 22:28:50 +00:00
Vincent Ambo
cc8033f592 fix(whitby): Make timer unit match the unit it should start
Oversight in the previous CL.

Change-Id: I8767322d7d860fc410796f8d63b7a6c38a8ab447
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1545
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 22:25:05 +00:00
Vincent Ambo
09b3d20031 feat(whitby): Include PostgreSQL dumps in Restic backups
Changes the restic backup service to run as root, rather than git, and
include the PostgreSQL dumps in its scope.

The on-machine credentials have already been placed in the right
location in /var/backup/restic

Fixes: 27
Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 21:50:15 +00:00
Vincent Ambo
717d12f2f3 feat(whitby): Enable daily PostgreSQL backups
... daily is just the default cron pattern for this, but we might also
want this to happen more frequently. Not sure yet.

Change-Id: I4e433fefebd93488891e765b5842fdb6537e3c6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1518
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-01 16:52:00 +00:00
Vincent Ambo
1fe4a47aa2 fix(ops/paroxysm): Ensure paroxysm is started on boot
Change-Id: Iba6557cbf4e0001277bd996df59318b4308fc92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1510
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-01 02:46:20 +00:00
Vincent Ambo
f41324db8c feat(ops/nixos): Add module for running paroxysm on whitby
Change-Id: I415e3b046d4e0fcd7e800ddab0c7f1aeb639c5e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1502
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
2020-07-31 21:58:34 +00:00
Griffin Smith
e8f893ee10 refactor(web/panettone): Remove prevalence
Now that we've migrated over all the data to postgresql, we can get rid
of cl-prevalence as a dependency from Panettone along with all code that
mentions it.

Change-Id: I945f50a88fea5770aac5b4a058342b8269c0bea2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1495
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-29 01:57:49 +00:00
Griffin Smith
d9262bd6c6 feat(ops/nixos): Use database password for Panettone
It appears this didn't even *work* without a password, so we've been
forced into being more secure.

Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 01:35:25 +00:00
Griffin Smith
9ae4ac8f50 fix(ops/nixos): allow connections on hostnossl
This is how panettone is currently connecting, so this needs to be here
in order for it to work. Shortly I'll update all of this to use
passwords, but for now this gets things up and running again

Change-Id: If87f4dbce0800dcbc4f7bf10e88f3e591410b416
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1488
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 00:46:26 +00:00
Griffin Smith
69f402563a feat(whitby): Create a Postgres database for Panettone
Create a running Postgres database server along with a user and database
for Panettone, and pass configuration for it to the panettone module

Change-Id: I333994288131be328e62069382d6d40f8034c400
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-27 21:04:50 +00:00
Luke Granger-Brown
c7cd12eb25 chore(monorepo-gerrit): add Checks plugin to Gerrit module
This adds the Gerrit checks plugin. Hooray.

Change-Id: I784e9728256d1665b85b666d58bc0308bd6614ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1463
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-27 00:00:48 +00:00
Luke Granger-Brown
3542e1f62b chore(whitby): add rxvt-unicode's terminfo
Otherwise I have to set TERM to something else so that I can actually use the
machine when I'm booted into Linux and it's incredibly tedious and I hate it.

Change-Id: Icfb5aacfea8cd6227743d29d9b07dc1b745d22c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1435
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-25 20:27:47 +00:00
Luke Granger-Brown
b8fa8ff4a4 chore(monorepo-gerrit): enable attention set, disable assignee, disable polygerrit CDN
Change-Id: I66c09afc0813e032a1b5a04cbdbe4b95db2e97d7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1438
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-07-25 20:27:13 +00:00
Bartosz Stebel
32c3f7731b feat(tvl-slapd): add implr
Change-Id: I7d22bf61ac72e86a17035d6125055da8aa53d762
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1387
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-23 22:19:23 +00:00
Griffin Smith
7101cc5375 feat(ops/nixos): Deploy Panettone to Whitby
Deploy Panettone to whitby as a systemd service, proxied to from an
nginx virtual host listening at b.tvl.fyi

Change-Id: I69755566151a45120e6b3453751af0e9291fa241
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 22:09:15 +00:00
Vincent Ambo
37cc98d078 fix(whitby): Use fish shell as my default shell
I don't have time for bash's history.

Change-Id: I741107d33f09999ef43a7609079ad926e8127e69
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 19:39:07 +00:00
Vincent Ambo
b422688da1 feat(whitby): Add SSH key for qyliss
... also bootstraps her user directory to store the key in.

Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
2020-07-23 19:37:09 +00:00
Vincent Ambo
cbad0991de chore(whitby): Move isomer's SSH key to user directory
This is inline with how other user keys are managed.

Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-23 19:32:15 +00:00
Vincent Ambo
406e37fde1 feat(whitby): Deploy todo.tvl.fyi page with //web/todolist
Note that this is not yet updated automatically, so the page will be
stale until somebody rebuilds whitby.

Change-Id: I91f4b03c9309aed289df055fac292a214dca7668
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Tested-by: BuildkiteCI
2020-07-19 23:40:42 +00:00
Kane York
3c9ee24929 chore(whitby): add riking
Change-Id: I33cc1324eac9a13be56d296d09cfdbe066d90e13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1256
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-07-18 21:21:10 +00:00
Alyssa Ross
effbb277c3 chore(tvl-slapd): add display name for qyliss
Not having this set led to gerrit setting the committer to
"qyliss <hi@alyssa.is>", which is wrong.

Change-Id: I3fe02264e22dd6d739575b34ceb1221d1d6a9d98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1267
Tested-by: BuildkiteCI
Reviewed-by: qyliss <hi@alyssa.is>
2020-07-18 16:50:07 +00:00
Kane York
501d6bdaab chore(tvl-slapd): change display name to a username-like
Change-Id: I289400de6638844586a32a729333cb65a0dca4a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1254
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-07-18 01:23:13 +00:00
Kane York
4dd236be53 feat(ci): run buf check lint in CI
Breaking change detection will run but not enforce.

Emoji of water buffalo was chosen by @pedge fiat in the bufbuild slack.

Change-Id: Ie292f2bfddc0e3bc512e4a138c0b5d0fa2603bad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1247
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 22:55:13 +00:00
Alyssa Ross
0f7bdd6711 feat(tvl-slapd): add qyliss
Change-Id: Ia95c77be8a9c123f2e52174f76c4b01d44272191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1260
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-17 22:53:17 +00:00
Vincent Ambo
67f0fbfcea feat(whitby): Hardcode Google DNS servers
The Hetzner DNS servers were unhappy after today's Cloudflare outage,
and that broke some of our builds - this wouldn't have happened with
Google DNS!

Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 22:27:49 +00:00
isomer
cbff4fab9e chore(whitby): += Isomer
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-17 19:38:51 +00:00
Vincent Ambo
356dde149f feat(whitby): Configure Gerrit backups on whitby
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 14:11:24 +00:00
Vincent Ambo
e035c46c6e chore(whitby): Give the git user a home directory
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:51:20 +00:00
Vincent Ambo
8b6b3df5c4 fix(www/base): Add nginx fix timer
Change-Id: Iec66fea0f3991ba74aede3911ea9f6ae5adb0188
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1082
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
405b7ec95b feat(whitby): Enable Gerrit & cgit deployments
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-12 13:36:45 +00:00
Vincent Ambo
93575158c6 feat(whitby): Enable SourceGraph server
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
6ed4e7d4d1 chore(sourcegraph): Bump version to 3.17.3
Change-Id: I6bc25d039cbe497bc9aa8784ac2f95219b5c617c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1066
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
5abdc16f6f feat(nixos/sourcegraph): Move cheddar server to module & make ports configurable
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
90b8433828 feat(nixos/www): Add configuration for tvl.fyi homepage
... and enable it on whitby

Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
31f65f5d2b feat(whitby): Move over clbot deployment from camden
There is only one minor configuration change: CLBot now connects to
cl.tvl.fyi, instead of localhost, because Gerrit is still on camden.

Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 12:20:17 +00:00
Vincent Ambo
ea428faf99 feat(whitby): Enable smtprelay module
This is required for the Gerrit setup.

Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 11:58:43 +00:00
Vincent Ambo
b53d25ab3f fix(monorepo-gerrit): Use Google's CDN to serve static assets
Change-Id: Ib4ffc1d9b030a5982b9063c1d6322fb87ba7f910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1022
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 01:00:31 +00:00
Vincent Ambo
5de644a597 chore(monorepo-gerrit): Increase Gerrit's heap limit to 4g
(this translates to -Xmx)

Change-Id: I31bbbd247952fa6a592cb66ad144025af640d2db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1021
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-11 01:00:31 +00:00
Vincent Ambo
a8c77b9c2a fix(monorepo-gerrit): Explicitly set gerrit.docUrl
This prevents a request that takes >1s on each page load.

Change-Id: Ic91bb602e3059b1f17681aa468739bb0a103f8cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1003
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-11 01:00:31 +00:00
Andreas Rammhold
d06237707b feat(tvl-slapd): add andi
Message-Id: <20200710190623.26573-1-andi@notmuch.email>
Change-Id: Ibd74f93f589beecbf7fa9090550ecf95caa0a3b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/982
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-10 19:10:18 +00:00
Vincent Ambo
449afaa384 feat(ops/nixos): Add module for running a Quassel daemon
The upstream module is not flexible enough for my needs, so I made my
own.

Change-Id: Ie9f786da7eb8c878e0782b07a075c064ad8cd253
Reviewed-on: https://cl.tvl.fyi/c/depot/+/953
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-08 22:10:08 +00:00
Luke Granger-Brown
2c7e9986e2 chore(apereo-cas): fix up configuration
- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd

Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-08 17:49:25 +00:00
Luke Granger-Brown
cb52c9e41d chore(ops/nixos/tvl-sso): add secrets
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba2840
Reviewed-on: https://cl.tvl.fyi/c/depot/+/951
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 23:08:00 +00:00
Luke Granger-Brown
1e8dbd5b1b fix(ops/nixos/tvl-sso): correct path to executable
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/950
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 23:08:00 +00:00
Luke Granger-Brown
57ade16b9d feat(whitby): add apereo-cas/tvl-sso
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/935
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 22:59:56 +00:00
Luke Granger-Brown
aae3d25234 feat(ops/nixos/www): create login.tvl.fyi host
Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/936
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 22:48:40 +00:00
Griffin Smith
a73714a93c feat(ops/nixos): Add generic rebuild-system script
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.

As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.

Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-06 15:16:36 +00:00
Luke Granger-Brown
25cebc3a62 feat(whitby): enable tvl-slapd on whitby
Change-Id: I3fac108802671abfb9a508359390b063bce16202
Reviewed-on: https://cl.tvl.fyi/c/depot/+/923
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-05 16:54:48 +00:00
Luke Granger-Brown
f54a48f831 chore(whitby): add lukegb to trusted-users for remote builds
Change-Id: Id1e67bb30bb7f4d329006688f1783b900d16d164
Reviewed-on: https://cl.tvl.fyi/c/depot/+/914
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-04 21:27:27 +00:00
Vincent Ambo
10180e70ec chore(besadii): Stop adding Code-Review label on CLs
We now use the actual 'Verified' label instead of Code-Review from
Buildkite, this workaround is no longer required.

This reverts commit d3f9cb0ec3.

Change-Id: Ib8c1680eae844cb7b45bf8837acf2af03d4ed344
Reviewed-on: https://cl.tvl.fyi/c/depot/+/909
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-03 23:17:46 +00:00
Vincent Ambo
3ce41f4fa4 feat(whitby): Enable nix.sshServe
This exposes a binary cache over SSH.

Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/895
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-03 14:25:35 +00:00
Griffin Smith
0d4f709757 feat(whitby): Allow wheel users to sudo without a password
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.

Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-02 22:00:41 +00:00
Griffin Smith
1ecae26afa feat(whitby): Add grfn as a trusted user
So I can remote builder

Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/856
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-02 21:36:11 +00:00
Vincent Ambo
4d9c6dbbe2 feat(whitby): Run a handful of Buildkite agents
This is the point of the machine, afterall.

Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Vincent Ambo
7114e72d81 feat(whitby): Enable Nix signing for the binary cache
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014
Reviewed-on: https://cl.tvl.fyi/c/depot/+/852
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Vincent Ambo
cabdd4aa51 fix(whitby): Explicitly set an interface for the v6 default gw
systemd gets sad otherwise and it is very difficult to console it

Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Griffin Smith
298060dba9 feat(whitby): Add grfn
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.

Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-02 20:28:48 +00:00
Luke Granger-Brown
8ad55c9095 feat(whitby): add lukegb
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/848
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
2020-07-02 19:33:44 +00:00
Vincent Ambo
c18b0a7c57 fix(whitby): Set correct IPv6 default gateway for Hetzner env
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/845
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 18:59:01 +00:00
Vincent Ambo
62dd3fdc3c feat(nixos/whitby): Hello, World!
This adds NixOS configuration for the machine whitby.tvl.fyi.

No interesting services are configured yet, so this configuration is
quite plain.

Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/843
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-02 18:32:47 +00:00
Vincent Ambo
b1f0de3fde chore(nixos/whitby): Bootstrap //ops/nixos/whitby folder
Change-Id: I7d77c3ea48b181d7b9f754ac4807ed44735a8925
Reviewed-on: https://cl.tvl.fyi/c/depot/+/841
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-02 18:32:47 +00:00
Kane York
2215ae98b9 chore(tvl-slapd): rotate password for riking
Change-Id: I3ec53d5223a4ff0871eed7615f11f534ed74653b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/839
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 06:20:04 +00:00
Vincent Ambo
7dbdd2d13e chore(tvl-slapd): Remove old password generation script
This does not work for ARGON2 hashes.

Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/834
Reviewed-by: Kane York <rikingcoding@gmail.com>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-01 20:55:48 +00:00
Vincent Ambo
a1556d71e6 chore(tvl-slapd): Rotate my LDAP passwords and use ARGON2 hashes
Change-Id: Id1a60121e4254e7ccff77ac17fd39d0955aedc8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/832
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-01 19:10:13 +00:00