Commit graph

64 commits

Author SHA1 Message Date
Florian Klink
cd2e889f41 feat(apereo-cas): move away from 127.0.0.1:8443
The following commit itends to bind on port 8443 on all interfaces,
so let's move this to something else.

Change-Id: Ibb94a0f4e6892b6e543b542b89bcdaaefb617f23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 11:33:13 +00:00
Vincent Ambo
c7af7ca91d chore(sourcegraph): Increase nofile ulimit for Sourcegraph
Sourcegraph logs warnings about this on startup otherwise. Unclear
to what degree it really affects operation though.

Change-Id: I6ee7c5358631aafd9a7f8155150361bf7499314d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3098
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-06 19:28:14 +00:00
Vincent Ambo
55c4b8d4c0 fix(ops/www): Fix typo in nginx configuration
Change-Id: I5ee7307acae548cc7779fe715ea4aad620fe8f5c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:48:49 +00:00
Vincent Ambo
7926482f1c feat(ops/www): Configure atward.tvl.fyi and its aliases
Change-Id: I20dfb057f8184899226bcb4527010a6982d426f0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3094
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:02:58 +00:00
Vincent Ambo
47d07e7b5f refactor(atward): Configure listen address
This appeases the flokli.

Change-Id: Ib6a6c1a2cc8780e7944913d9204b42505b29fdc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:02:58 +00:00
Vincent Ambo
790c0d938e feat(ops): Add NixOS module for atward
Very standard, nothing fancy.

Change-Id: Ibb286f221a4752abfb62e971b98e9496357040f5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3090
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-05-03 23:47:30 +00:00
Vincent Ambo
54f59a5cc5 feat(ops/modules/www): Disable FLoC tracking for all TVL pages
.. this is actually likely not disabling it for some pages, that will
need this to be copy & pasted, but it's hard to tell just from the
nginx docs. We'll make sure after deploying.

Change-Id: I2fa6e31ca10835a206673b858594fa071e729d82
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3020
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-20 10:44:43 +00:00
Vincent Ambo
7e74e17931 fix(automatic-gc): Fix garbage collection script
It needs to refer to this by full path of course.

Change-Id: I911c876ba18877681accb722426314d92b9f2318
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3042
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-04-18 09:44:04 +00:00
Vincent Ambo
75d507223b fix(modules/automatic-gc): Add nix-daemon to requisites
This will require the daemon to be running when launching GC, but
won't start it if it happens to not be running for some reason.

Change-Id: If48fe336030173f028428fc00a81d339ef4b8bce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3015
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-14 19:53:14 +00:00
Vincent Ambo
cc903bc3b0 feat(ops/modules): Add module for automatically collecting garbage
Adds a module that automatically collects garbage based on disk space
thresholds, and configures it to run hourly on whitby.

This is implemented as an alternative to cl/2937, which I've been told
uses a Nix feature that doesn't actually work.

Under-the-hood this is simply a systemd timer running a shell script
which checks available disk space and runs GC when necessary.

Change-Id: I3c6b5de85b74ea52e7e16c53f2f900e0911c9805
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3014
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-14 19:37:21 +00:00
Vincent Ambo
da5512f2e9 feat(whitby): Enable Grafana at status.tvl.su
Enables a Grafana service pointing to whitby's local Prometheus
instance, accessible at status.tvl.su.

I've no idea how to configure Grafana and if it's possible to link it
to CAS, but we'll see about that later.

Notes:
* the explicit fixpoint for whitby config has been removed as we
  have the `config` parameter available now
* backups are enabled for the Grafana storage location

Change-Id: If5ffe0c1a3378d1c88529129487c643642705fd2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2948
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 22:01:05 +00:00
Vincent Ambo
f520bd40ca refactor: Replace 'depotPath' with 'depot.path'
Instead of having two ways of accessing the path to the depot (one of
which was stuttering, depot.depotPath) we settle on only one:
depot.path.

This was mostly used for NixOS module imports.

Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 21:55:07 +00:00
Griffin Smith
6266c5d32f refactor(users/glittershark): Rename to grfn
Rename my //users directory and all places that refer to glittershark to
grfn, including nix references and documentation.

This may require some extra attention inside of gerrit's database after
it lands to allow me to actually push things.

Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-12 14:45:51 +00:00
Vincent Ambo
90281c4eac refactor(ops): Split //ops/nixos into different locations
Splits //ops/nixos into:

* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)

This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.

Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 22:18:22 +00:00