mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1889 commits 5 branches 0 tags 172 MiB
Commit graph

1889 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Ambo
6e4df43f62 feat(ops/nixos/camden): Forward logs to Stackdriver Logging 
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.

The service account key for camden has been placed on the machine
manually.
 2020-02-21 15:35:51 +00:00
Vincent Ambo
7290a18cb1 chore(ops/nixos/nugget): Remove input-fonts package 
My default font is now Jetbrains Mono everywhere.
 2020-02-21 13:54:53 +00:00
Vincent Ambo
3d1f568ddb fix(fun/amsterdump): Fix call to os.Getenv 
Not sure how this broken version ended up committed ...
 2020-02-21 13:54:53 +00:00
Vincent Ambo
f2235ba0ae feat(build): Add //fun and //ops/nixos projects to CI builds 2020-02-21 13:54:53 +00:00
Vincent Ambo
4bbbb58cb5 chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
Vincent Ambo
5d9d84f4cf refactor: Pass the depot as an argument named 'depot' 
This change, which I've been meaning to do for a while, renames the
attributes passed by readTree to things in the tree so that:

* the depot root is now 'depot'
* depot.third_party is additionally passed as 'pkgs' (for
  compatibility with exported subtrees)
 2020-02-21 12:45:43 +00:00
Vincent Ambo
0e54b3eb6a Merge branch 'fix/camden-trusted-users' 2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7 fix(ops/nixos/camden): Add myself to trusted Nix users 2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b fix(ops/nixos/camden): Use pounce from //third_party 2020-02-17 00:52:07 +00:00
Vincent Ambo
24de5683aa chore(third_party/pounce): Override version to 1.1 
This has not yet propagated to nixos-unstable
 2020-02-17 00:51:13 +00:00
Vincent Ambo
51a2b9a95d chore(third_party): Bump nixos-unstable 2020-02-17 00:40:37 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts 
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
 2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx 
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
 2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service 
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
 2020-02-12 01:04:12 +00:00
Vincent Ambo
f60eb6c3c7 refactor(web/cgit-taz): Serve depot from disk location on camden 2020-02-12 01:03:31 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs 
This directory is writeable by me and is intended to make it easy to
serve random blobs.
 2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog 
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
 2020-02-11 19:32:21 +00:00
Vincent Ambo
b5c50f4699 refactor(web): Let //web/ derivations build static pages only 
Removes nginx configuration built by the web targets (with the
exception of the includable block used to set up redirects for old
blog URLs).
 2020-02-11 19:31:20 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs 
... and use it on Camden!
 2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script 
This should probably be templated instead.
 2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale 
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
 2020-02-11 00:53:09 +00:00
Vincent Ambo
78b82c82a2 fix(third_party/tailscale): Add patch to make taillogin work 2020-02-11 00:43:55 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
9b37bad180 fix(third_party/tailscale): Add default relaynode acl.json to output 2020-02-11 00:09:34 +00:00
Vincent Ambo
04ffc5e66f fix(third_party/tailscale): Build all sub-packages 
At the moment it seems like all of them are still required - things
are in flux!
 2020-02-10 23:39:38 +00:00
Vincent Ambo
9e38e02c46 feat(third_party): Add package for tailscale 
Adds a package for the now-opensourced tailscale client tailscale
client.
 2020-02-10 22:16:41 +00:00
Vincent Ambo
042df0b523 docs(web/blog): Add some TODO entries for the draft 2020-02-10 01:34:54 +00:00
Vincent Ambo
541306f1bd docs(web/blog): Rewrite some style issues in the Emacs post 2020-02-10 01:24:34 +00:00
Vincent Ambo
9f75c91adc feat(web/blog): Add draft blog post on Emacs 
This post is a draft, i.e. not linked from the index. It's not a
secret, but if you do find it through this commit before its
publication please don't share it too widely yet.
 2020-02-10 00:29:51 +00:00
Vincent Ambo
b56b3db2f4 style(web/homepage): Highlight <kbd> elements like buttons 2020-02-10 00:08:53 +00:00
Vincent Ambo
9ed53f4201 fix(web/homepage): Make .uncoloured-link work again 2020-02-10 00:08:43 +00:00
Vincent Ambo
1e770f5d88 feat(web/blog): Add support for draft & unlisted posts 
Posts with either `draft = true;` or `listed = false;` will no longer
be included in index generation and will have a warning callout
inserted at the top of the page urging people not to share the links
to them.
 2020-02-09 21:44:48 +00:00
Vincent Ambo
0bc2f8995e style(web/blog): Minor formatting fixes in Watchguard post 2020-02-09 21:24:53 +00:00
Vincent Ambo
30e8f59d02 style(web/homepage): Overflow long code lines into scroll bars 2020-02-09 21:24:31 +00:00
Vincent Ambo
bd2d96d053 chore(web/blog): Move Watchguard images into static assets 
Rather than sending user data to imgur ... lets get rid of all the
external stuff!
 2020-02-09 21:16:03 +00:00
Vincent Ambo
de9f51de82 chore(web/blog): Remove duplicate CSS file 2020-02-09 21:06:37 +00:00
Vincent Ambo
386692d39d chore(web/homepage): Configure caching for fonts & images 2020-02-09 21:05:03 +00:00