Commit graph

431 commits

Author SHA1 Message Date
Vincent Ambo
b36a75a223 fix(wigglydonke.rs): Don't rebuild nginx config unnecessarily
This fix is essentially the same as the one in cl/1263.

Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2021-05-25 17:10:50 +00:00
Vincent Ambo
65be8f20e0 chore(nixpkgs): Bump channels to 2021-05-25
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides

* ops: make new isSystemUser || isNormalUser assertion happy

* users/grfn/system/system/mugwump: make buildkite agents system users

* users/tazjin/nixos/camden: set isSystemUser = true for git

* users/tazjin/emacs: Remove missing & broken packages

* third_party/openldap: remove, as the argon2 module is now enabled upstream

* third_party/gerrit_plugins: Pinned new unstable hashes

* third_party/nix, third_party/grpc: Disabled CI as these are broken

* third_party/overlays/emacs: Bumped version to stay in sync with channel

* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
  since libclang's default output no longer contains libclang.so

* users/grfn/system/home: Install julia-stable instead of julia (which
  aliases to julia-lts), as the latter depends on an insecure version of
  libgit

Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 17:09:28 +00:00
Vincent Ambo
878957d2f6 chore(whitby): Add ZNC state to Restic backups
Until we have declarative ZNC config (which requires a solution for
secrets handling in it), make sure we back this up as well.

Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 08:15:19 +00:00
Vincent Ambo
46b136c22e fix(tvl-slapd): Replace deprecated OpenLDAP module options
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.

The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.

Fixes b/105.

Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-24 22:52:59 +00:00
Vincent Ambo
4a89bcd6a5 refactor(ops/nixos): Pass depot as a special argument
This changes the evaluation order for the `depot` argument and ensures
it is partially evaluated before the module system starts resolving
imports.

This way we can import modules from `depot.path` without `depot`
having to come from readTree.

Fixes b/129.

Change-Id: Icf4dd2be15011055dac8b27e991a4ff6a12bf827
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3156
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 21:48:37 +00:00
Cynthia Revström
ab7c409530 chore(ops/users): Update email address for cynthia
Change-Id: Ieb59d9215c5c1159113375dea0dd96d3d29e1303
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3154
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-05-24 20:22:53 +00:00
Klemens Nanni
a26c4a1c77 fix(ops/users): Rehash password for kn
This time using `tools.hash-password` because login did not work with the
initially created hash.

Change-Id: I1eb62a496d2d8497d27573af47bf8bf70dac9bbb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3153
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-05-24 18:31:10 +00:00
Klemens Nanni
c420f122f3 feat(ops/users): Add kn
Change-Id: Ib615743fc57357b0de17600c9a3f400c48fd0f70
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3151
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-24 17:30:36 +00:00
Griffin Smith
4aa8f7d7e3 feat(dns): Add record for deploys.tvl.fyi
This will be used to serve (nix-) diffs for pending deploys of whitby

Change-Id: Ia864993b1fcb3b7ce5fcc21f32a27528a4c31f08
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3149
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 21:22:17 +00:00
Vincent Ambo
4b584e5259 fix(whitby): Fix irccat configuration for incorrectly named option
irccat is passing the realname option as the ident of the user, which
doesn't match what is in ZNC.

It hasn't seen any upstream commits in a long time, so I'm just
leaving this as is and fixing it locally in our config.

Change-Id: I3bf865f37b8df9c1cd891a94245ca3fad376bbe1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3150
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2021-05-23 20:34:10 +00:00
Vincent Ambo
9bb8736a45 feat(whitby): Let sterni bear the wheel
Change-Id: Ib4f7dcbdc754d2fc271f501a9ea270e983a3645f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3147
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-23 19:06:15 +00:00
Vincent Ambo
6c243d40a3 fix(ops/users): Fix hash format for cschilling
Change-Id: Ib0c53e8f6bc030cbdfe31020ed9d6764bd732a62
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3146
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-05-23 17:53:47 +00:00
sterni
c8dff5fc5f feat(ops/users): Add cschilling to users
Change-Id: I8afc23c749a5318d7c2ce893903980112ff13c12
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3137
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 12:41:09 +00:00
Griffin Smith
75f19a05a1 feat(whitby): Enable fail2ban
I like running fail2ban on any machine that has stuff like ssh
world-open, to limit the potential for password brute-force attacks etc.

Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 12:40:00 +00:00
Vincent Ambo
780bb86eff chore: Replace Freenode mentions with HackInt
This doesn't replace all of them in the repo, but at least the ones
that are relevant to our move.

Change-Id: I842e7594b4c16af30d880272417874f6b29afd22
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3134
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 21:37:13 +00:00
Vincent Ambo
687f978b1c feat(ops/owothia): Add owothia module and deploy on whitby
This configures owothia to use her new bouncer to HackInt.

Change-Id: I80eb8191c2b0f2a6f8a31d19b60250ade27c1913
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3129
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 19:40:45 +00:00
Vincent Ambo
814feed0ce chore(whitby): Move clbot to HackInt
Points clbot at the new local ZNC instead. This will make it part of
the things happening through the `tvlbot` account.

Relates to b/101

Change-Id: I1c15ffa5720d3af34475c15bee3fdaa537ac659b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3127
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 17:57:32 +00:00
Vincent Ambo
1aad1d9beb chore(whitby): Move irccat & panettone notifications to HackInt
Change-Id: I6bd5c183d2c1c28b8c6b0201bdf22a66333d4aea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3131
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-22 17:52:01 +00:00
Florian Klink
48b052c1e4 feat(whitby): Add shadowsocks server
This adds a shadowsocks service, running on port 8443, tcp and udp.

The password is read from /etc/secrets/shadowsocks-secret.sec, and needs
to be populated externally.

Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-22 13:28:36 +00:00
Florian Klink
cd2e889f41 feat(apereo-cas): move away from 127.0.0.1:8443
The following commit itends to bind on port 8443 on all interfaces,
so let's move this to something else.

Change-Id: Ibb94a0f4e6892b6e543b542b89bcdaaefb617f23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 11:33:13 +00:00
Vincent Ambo
5036ae4376 feat(whitby): Initial ZNC configuration
Bouncer to be used for TVL's IRC bots, see b/101

Change-Id: Ic9f71ecd94365d3baa31e0552b1ce16362f94557
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3124
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-05-21 11:30:42 +00:00
Vincent Ambo
dbb011850a fix(ops/nixos): Fix typo in NIX_PATH name
Change-Id: Ic29b219ca1c536f8a99860ecdf2957a62ba95889
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3123
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-05-20 23:11:02 +00:00
Vincent Ambo
c7af7ca91d chore(sourcegraph): Increase nofile ulimit for Sourcegraph
Sourcegraph logs warnings about this on startup otherwise. Unclear
to what degree it really affects operation though.

Change-Id: I6ee7c5358631aafd9a7f8155150361bf7499314d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3098
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-05-06 19:28:14 +00:00
Vincent Ambo
55c4b8d4c0 fix(ops/www): Fix typo in nginx configuration
Change-Id: I5ee7307acae548cc7779fe715ea4aad620fe8f5c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:48:49 +00:00
Vincent Ambo
7926482f1c feat(ops/www): Configure atward.tvl.fyi and its aliases
Change-Id: I20dfb057f8184899226bcb4527010a6982d426f0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3094
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:02:58 +00:00
Vincent Ambo
47d07e7b5f refactor(atward): Configure listen address
This appeases the flokli.

Change-Id: Ib6a6c1a2cc8780e7944913d9204b42505b29fdc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-05-05 09:02:58 +00:00
Vincent Ambo
790c0d938e feat(ops): Add NixOS module for atward
Very standard, nothing fancy.

Change-Id: Ibb286f221a4752abfb62e971b98e9496357040f5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3090
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-05-03 23:47:30 +00:00
Vincent Ambo
5b45eae276 feat(ops/dns): Add hostnames for atward (at.*, atward.*)
The shorter one is going to be more convenient when we get
go-link (or, well, at-link) support.

Change-Id: Ic24adcdad679b893c40c87731add818660259dac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3091
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2021-05-03 22:55:36 +00:00
Evgeny Zemtsov
e98afefc00 feat(ops/users): Add ezemtsov to users
Change-Id: I78a06540e97c0f294d81abe65c15122ed422dd8a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3059
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-04-28 21:38:54 +00:00
Vincent Ambo
54f59a5cc5 feat(ops/modules/www): Disable FLoC tracking for all TVL pages
.. this is actually likely not disabling it for some pages, that will
need this to be copy & pasted, but it's hard to tell just from the
nginx docs. We'll make sure after deploying.

Change-Id: I2fa6e31ca10835a206673b858594fa071e729d82
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3020
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-20 10:44:43 +00:00
Vincent Ambo
5f19e8e6a7 refactor(ops/nixos): Ensure that pkgs == depot.third_party.nixpkgs
This is currently done ad-hoc in a bunch of our systems, but we should
just do it centrally.

The commit message is a bit of a lie, as this doesn't yet update
grfn's systems.

Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-20 10:43:19 +00:00
Vincent Ambo
7e74e17931 fix(automatic-gc): Fix garbage collection script
It needs to refer to this by full path of course.

Change-Id: I911c876ba18877681accb722426314d92b9f2318
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3042
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-04-18 09:44:04 +00:00
Vincent Ambo
75d507223b fix(modules/automatic-gc): Add nix-daemon to requisites
This will require the daemon to be running when launching GC, but
won't start it if it happens to not be running for some reason.

Change-Id: If48fe336030173f028428fc00a81d339ef4b8bce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3015
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-14 19:53:14 +00:00
Vincent Ambo
cc903bc3b0 feat(ops/modules): Add module for automatically collecting garbage
Adds a module that automatically collects garbage based on disk space
thresholds, and configures it to run hourly on whitby.

This is implemented as an alternative to cl/2937, which I've been told
uses a Nix feature that doesn't actually work.

Under-the-hood this is simply a systemd timer running a shell script
which checks available disk space and runs GC when necessary.

Change-Id: I3c6b5de85b74ea52e7e16c53f2f900e0911c9805
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3014
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-14 19:37:21 +00:00
Luke Granger-Brown
a0cfa097e0 feat(whitby/grafana): use CAS SSO
There's a hard-coded list of Admin usernames for the moment. We should
revisit this and get an actual groups setup in LDAP that's propagated
through...

Change-Id: Ic3601f1a9753573076769f4912038e9f1b60e139
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2982
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
2021-04-13 00:08:36 +00:00
Vincent Ambo
da5512f2e9 feat(whitby): Enable Grafana at status.tvl.su
Enables a Grafana service pointing to whitby's local Prometheus
instance, accessible at status.tvl.su.

I've no idea how to configure Grafana and if it's possible to link it
to CAS, but we'll see about that later.

Notes:
* the explicit fixpoint for whitby config has been removed as we
  have the `config` parameter available now
* backups are enabled for the Grafana storage location

Change-Id: If5ffe0c1a3378d1c88529129487c643642705fd2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2948
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 22:01:05 +00:00
Vincent Ambo
f520bd40ca refactor: Replace 'depotPath' with 'depot.path'
Instead of having two ways of accessing the path to the depot (one of
which was stuttering, depot.depotPath) we settle on only one:
depot.path.

This was mostly used for NixOS module imports.

Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 21:55:07 +00:00
Vincent Ambo
e09b44bdec chore(besadii): Stop passing explicit messages to Buildkite
Dropping the message field will make Buildkite use the commit messages
instead, which makes for much more readable build logs.

Change-Id: I1849f811632526893b700f117c9f6cf64888c329
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2949
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-12 17:42:36 +00:00
Vincent Ambo
adc9d026e0 feat(whitby): Enable Prometheus instance on whitby
Enables Prometheus with a local node exporter, and nothing else for
now.

Some additional collectors have been enabled for things that might be
relevant on whitby:

* systemd: all our services run in systemd
* processes: might be interesting for build-related stats
* logind: might be interesting for interactive usage stats

Change-Id: I48dacdd9c68b4be9edff7b3cb6256dad562498c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2930
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-04-12 17:32:48 +00:00
sterni
0e6ac814c6 feat(ops/pipelines): pass --show-trace to nix-build
--show-trace should make it easier to debug tricky evaluation errors
without running nix-build -A ops.pipelines.depot locally again.

Change-Id: Ice540562c3b389fc2a49ec1fc0adacb17db2a528
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2947
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-12 15:50:43 +00:00
Griffin Smith
6266c5d32f refactor(users/glittershark): Rename to grfn
Rename my //users directory and all places that refer to glittershark to
grfn, including nix references and documentation.

This may require some extra attention inside of gerrit's database after
it lands to allow me to actually push things.

Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-12 14:45:51 +00:00
Vincent Ambo
90281c4eac refactor(ops): Split //ops/nixos into different locations
Splits //ops/nixos into:

* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)

This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.

Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 22:18:22 +00:00
Vincent Ambo
9073ac18c4 fix(pipelines/depot): Buildkite refers to branches by full ref
This change is required to run the  step on canon builds.

Change-Id: Ib3cebac67c9f5337b27a948f120b0a9ba834ef2a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2932
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 21:18:59 +00:00
Vincent Ambo
d7b89df748 feat(ops/pipelines): Add gcroots for depot builds on canon
Adds a conditional build step that only runs on the canon branch, and
only if 🦆 (the status reporting step) succeeds, which creates a
new Nix GC root for all depot targets named `depot-canon`.

In practice this might be a bit racey, as canon builds are not
guaranteed to succeed in order (though it is likely). This shouldn't
matter much in practice: We only want to prevent rebuilds of the whole
world.

This fixes b/102

Change-Id: Id3d0bf4158bffcb1ed6929888a29d31609b6ece1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2904
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 20:09:53 +00:00
Vincent Ambo
6c3585f764 fix(tvl-buildkite): Set agents' primary group to buildkite-agents
This ensures files created by the Buildkite agents are always owned by
the same group, without having to manually chgrp afterwards.

Change-Id: Idbaedec43c16b2ee137d1a95719a05d46db8f900
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2929
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2021-04-11 16:03:17 +00:00
Vincent Ambo
473604f567 refactor: Move nixpkgs attribute to third_party.nixpkgs
Please read b/108 to make sense of this.

This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.

To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.

Pay extra attention to:

* overlay-like functionality that was partially moved to actual
  overlays (partially as in, the minimum required to get a green
  build)

* modified uses of the package set path, esp. in NixOS systems

Special notes:

* xanthous has been disabled in CI because of issues with the Haskell
  overlay
* //third_party/nix has been disabled because of other unclear
  dependency issues

Both of these will be tackled in a followup CL.

Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-04-10 21:18:55 +00:00
Vincent Ambo
d8ec573bc7 feat(ops/nixos/www): Enable short links for b/ and cl/
This configures accepting requests for b/ and cl/ on plain HTTP ports,
and redirecting to b.tvl.fyi & cl.tvl.fyi appropriately.

Additionally, Panettone request URIs that only contain decimals are
redirected to `/issues/$request_uri` to enable issue short-links.

This fixes b/32.

Change-Id: I56954d8d69a3624267778b467520c509f4daa6c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2908
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-10 15:33:55 +00:00
Vincent Ambo
f205d8ee73 feat(gerrit): Auto link 'cl/123'-style shortlinks
Same as linking to bugs (e.g. b/108).

Change-Id: I447020bc07059c98c53322d745f961d8d471d9a4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2919
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-04-10 15:28:59 +00:00
Vincent Ambo
9c5b5600ea refactor(ops): Consistent use of depot.third_party vs. pkgs
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.

This commit cleans up a huge chunk of these uses in //ops

Change-Id: I00faeb969eaa70760a26256274925b07998c2351
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2915
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-10 12:09:20 +00:00
Vincent Ambo
4b78875726 feat(tvl-buildkite): Add all buildkite agent users to a local group
This lets us grant permissions to them, e.g. on local folders.

Change-Id: I823ac414be1cb7d6baa4f17d95003709e5911b04
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2905
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-04-09 19:58:28 +00:00