Commit graph

371 commits

Author SHA1 Message Date
sterni
8cc1dcf588 feat(ops/users): add milan to users
Change-Id: I77e5e9a0ae1bf2ee59ac4967c5481b9044f97934
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2757
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-02 10:21:37 +00:00
sterni
27b300fe34 feat(ops/whitby): add sterni to trusted users
I am somewhat trustworthy… maybe? Also I tend to gc depot stuff so ssh
serve would be neat.

Change-Id: I4672f20a32a756692dd156b5e40e5a7f37ba5ad0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2660
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-02 10:21:32 +00:00
Vincent Ambo
53d8dd6a1e feat(ops/nixos/www): Serve rendered Tvix component SVG (hack!)
This is a quick hack to make it possible to view the rendered SVG on
https://code.tvl.fyi/about/tvix/docs/components.md

We want to be able to do this sort of thing dynamically in the future,
but we can't yet, so ... well. Deal with it.

Change-Id: Id2b819679d748b6f517018a9c6e72d5c1d806c4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2743
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2021-03-31 23:10:54 +00:00
tazjin
99148c9b8f revert(monorepo-gerrit): Revert to using cgit for Gerrit
This reverts commit 3b05be2fd0.

Reason for revert: Sourcegraph still does not support fetching arbitrary refs, so we'll have to wait until its Gerrit integration lands before this will work correctly.

Change-Id: Icee82c50f92c34ba1741b608449aed16538ccbaa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2721
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-03-31 21:48:06 +00:00
Vincent Ambo
03a2616ccb feat(ops/dns): Add GSuite site aliases for tvl.su
Change-Id: Ib18b5bef23a198e7ca031f48290cf0ff0655d8dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2687
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2021-03-27 11:06:56 +00:00
Florian Klink
372b35dffa feat(ops/nixos/whitby): add flokli user
Change-Id: Ibdb5b498f8bbc837fffdb38cdf95499b279773aa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2683
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2021-03-26 20:31:48 +00:00
Vincent Ambo
93af4644ab chore(ops/users): Purge some inactive users from LDAP
Change-Id: Iab2d2d6b7096ef302ea2fd8b051041426c6c8ca6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2670
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-26 20:00:22 +00:00
Florian Klink
3026891302 feat(ops/users): Add flokli to users
Change-Id: I87ca0f20663ff858237f641ef2245778601e0416
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2671
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-03-26 19:31:37 +00:00
Vincent Ambo
743993d7b1 feat(ops/dns): Configure email settings for tvl.su.
Change-Id: Ida5beca7b4efd39fad15ba220dc1fc887ed79b4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2669
Tested-by: BuildkiteCI
Reviewed-by: adisbladis <adisbladis@gmail.com>
2021-03-26 19:31:10 +00:00
Vincent Ambo
5a90c8276b feat(ops/dns): Add Google Workspace verification for tvl.su.
Change-Id: I44db2bca7aa5814bbefd8943d727cc66ab800fd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2668
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-26 18:26:34 +00:00
Griffin Smith
f2963cffcd fix(ops/whitby): Set tcp congestion control to bbr
Some quick testing shows that this improves my data transfer speed to
whitby by roughly 200%.

Change-Id: Id94de975b1ae0930f8d0fe038582dbac0037676c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2659
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: ben <tvl@benjojo.co.uk>
2021-03-26 02:42:37 +00:00
Vincent Ambo
d34c527372 refactor: Replace some uses of builtins.toFile with pkgs.writeText
I'm looking at removing some of these because they can cause
unnecessary build steps during CI pipeline generation.

Change-Id: I84742968918090c050d2eedab8a1b42692632a42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2655
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-03-25 19:14:36 +00:00
Vincent Ambo
a747b46f19 chore(ops/nixos): Update Sourcegraph to 3.26.0
Reading through the changelogs, this includes the following two
changes that may require us to do something:

* For users of single-image Sourcegraph instance, please delete the
  secret key file /var/lib/sourcegraph/token inside the container before
  attempting to upgrade to 3.21.x.

* A campaigns.restrictToAdmins site configuration option has been
  added to prevent non site-admin users from using campaigns.

Change-Id: Ieacf85a9059ad5222800f8d7d4a43435f489a39f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2638
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-22 20:46:31 +00:00
Vincent Ambo
1c719cdc14 feat(ops/dns): Add status subdomain
I want to host something like Vigil[0] on this to show the status of
Gerrit, SourceGraph and maybe other components.

(Yes, the status page will be on the same infrastructure ... but this
is mostly for service failure cases).

[0]: https://github.com/valeriansaliou/vigil

Change-Id: If71496300b94035976a685d9bf166d525d89fc5e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2637
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-22 16:15:07 +00:00
Vincent Ambo
2f7cb2b6c4 chore(whitby): Remove SSH key from root
This was a leftover from the time we were installing.

Change-Id: Id875b907d7f76081a45e7f8f2666b7fba6aefc86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2632
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-03-21 18:04:22 +00:00
Vincent Ambo
6e94b3ca2f feat(tazjin/nixos): Initial check in of new host (tverskoy)
This is my new X13 AMD Thinkpad, on which many fun things will be done.

Change-Id: I4de114a8c5ebb37d2f4844f407d2dc0e7cc9557e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2620
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-21 00:55:58 +00:00
sterni
c32e8424be refactor(ops/dns): use drvTargets for meta.targets population
Since we have a dedicated util for this, we may as well use it
to reduce code duplication.

Change-Id: Ie52647be8c786d0b6a4dceb2fa6778b94625fafc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2604
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-15 22:16:19 +00:00
Vincent Ambo
5b9229186f feat(ops/dns): Configure tvl.su zone
Change-Id: I6016d92e9c231a257e06644dfcf44a4aaa12ac4d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2601
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-03-15 21:23:35 +00:00
Vincent Ambo
b4e87f8254 feat(ops/dns): Import tvl.fyi DNS zone into depot
Imports the current state of the tvl.fyi zone and configures simple CI
checks on the file format.

No deployment automation exists for this (yet?).

Change-Id: Ia7d72e02b9f6d3adef994c5dc1898cc0df9dfcfb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2600
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-15 21:23:35 +00:00
Adam H
4d193f2395 feat(users/adisbladis): Add to users
Change-Id: I2a3532605c602dd6ba44a6c723333db219a55907
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2599
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-03-13 19:55:24 +00:00
Vincent Ambo
c9726d8a00 chore(ops/journaldriver): Expand wildcard imports
... to appease Profpatsch.

Change-Id: Id8576645a6920312c2304ea7880524d9cda8e21b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2544
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-02-24 14:07:22 +00:00
Vincent Ambo
3a45e029af fix(ops/www/tazj.in): Force SSL for git.tazj.in redirect
Change-Id: If5b8096cb693d96936f9b954e2ebe3dc9b63af66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2521
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-10 17:56:29 +00:00
Vincent Ambo
8d7c24d3db fix(ops/www/tazj.in): Redirect git.tazj.in to our cgit
Change-Id: Ia0be95e2618aeb4f8d394a8e3602c73faec0d72f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2508
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-10 17:38:05 +00:00
sterni
e91d5e4e61 fix(config): remove ciBuilds inherit
The ciBuilds attribute seems to no longer exist and it breaks the
evaluation of the config attribute. It's only appearance was in
besadii which doesn't actually use the attribute.

Removing the ciBuilds inherit fixes these issues.

Change-Id: Ibbf3413ba6efe10ad868cf57cf0711d574860f97
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2487
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-06 17:54:18 +00:00
Profpatsch
e7ad8143e4 fix(ops/piplines/static-pipeline): add --show-trace to nix-build
Change-Id: Ib0473f916b1436934844e620ce981f52d11e8512
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2467
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-30 09:02:09 +00:00
Vincent Ambo
8f57ca92bd chore(3p|nix): Remove typed Go
Nobody has actually done any experimentation with typed Go, so we're
getting rid of it for now - it's causing annoying IFD during build
graph generation.

Change-Id: Ibac3dea98ebed1b3ee08acda184d24c500cf695d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2458
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-30 08:20:45 +00:00
multi
4ac51ea504 chore(users/multi): remove user from the depot.
This commit removes my user directory in the depot, my user account on whitby,
my entry in the LDAP database, and my entry in the website graph. I've had my
fun with TVL, but I want to move on to spending time on some other things.

This additionally removes aranea from the website graph, which they have
requested in private.

Change-Id: I2d098c8fe239f20d9f6c6cbf66a3dfb4a955a4cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2436
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-01-23 21:13:39 +00:00
V
29db630a39 chore: Remove banned user
Change-Id: Icd61f7c567a327c74a4f381168e94737b2b30702
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2422
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: tazjin <mail@tazj.in>
2021-01-19 10:30:19 +00:00
sterni
2d136e0327 feat(todolist): use static slapd user data for knownUsers
Since the slapd data is static and generated using nix, we can simply
move the user list into ops/users, so it's recognized by readTree and we
can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as
a general purpose user registry for depot.

Update docs/REVIEWS.md as well.

Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-18 23:18:55 +00:00
Vincent Ambo
c033229a61 chore(ops/whitby): Move ACME registrations to an @tvl.fyi address
Change-Id: I371550aa456c0fb64da4789feed494cc50497522
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2410
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-18 00:54:33 +00:00
Vincent Ambo
e4976c49dc feat(ops/nixos): Serve tazj.in from whitby temporarily
camden.tazj.in (the host in my flat) is going down as my belongings
are being moved into storage.

Change-Id: Id66512fd2ec6dbdcb6dfc3862af49cfadb15cfa1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2405
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-17 05:42:55 +00:00
multi
2fe90c34c0 feat(ops/nixos/whitby): Enable remote use of whitby for my Thinkpad.
My main workstation is a Thinkpad without a great deal of compute
power available, so enabling the use of whitby as both a substituter
(services.sshServe) and a remote builder (openssh.authorizedKeys) will save me
some time when working on nix things and depot things.

Change-Id: I17bfcbb9860f42fb667603ad819e38e82e6052da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2399
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2021-01-15 13:06:33 +00:00
sterni
e93a2fc48f feat(ops/nixos/whitby): add sterni user
Change-Id: Ia6790913ea2777a9d4ca89830436623766991c13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2368
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-01-13 22:05:33 +00:00
sternenseemann
dd323b5c0d feat(tvl-slapd): add sterni to slapd
Change-Id: I4b832f60c69e1bdd1a6bf0595d523c052aa8f794
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2348
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-11 10:58:52 +00:00
Vincent Ambo
88bf43878f chore(3p): Bump NixOS channels to 2020-12-28
Changes:

* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
  ability to configure OpenLDAP directly and now forces users to use
  some kind of weird Nix->OLC mapping that is mostly undocumented.

  This moves the config we need to the new format in a way that may or
  may not work and does the other arbitrary dance steps that someone
  decided to impose on us. Note that this now throws lots of warnings,
  but I can't be bothered to fix them.

* 3p: Random package removals accomodated

* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
  is not yet updated for 5.10

* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
  this changed because of something in the Go build machinery in
  nixpkgs. The deleteVendor flag also has no effect anymore and has been
  removed.

* users/glittershark: agda build is broken, commenting out development
  home-manager environment until it can be fixed

* third_party/haskell_overlay: updating random needs upper boundarles
  of a few dependencies relaxed (curse them)

* third_party/gerrit_plugins: for some cursed reason the fixed-output
  hash of the gerrit owners plugin fetchgit changed, updated.
  Same for the checks plugin.

Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-01-09 13:21:00 +00:00
Vincent Ambo
4a86a06466 chore(whitby): Double number of build users
more = betterer

Change-Id: I6d5414d6ebb087e7f9fb912d5a514c31ebcd8b7e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2296
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-12-26 14:56:20 +00:00
Vincent Ambo
c3bbb861b8 fix(whitby): Include lukegb's & grfn's SSH keys in initrd
Change-Id: I8921d645b1a81510e04314e519195c1c01d3fd14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2286
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-12-20 22:03:39 +00:00
Vincent Ambo
86ec8c1b94 fix(whitby): Disable git's gc.autoDetach feature
This feature can cause object removal to happen while the git folder
is in use in Buildkite, causing CI to fail semi-reegularly.

Change-Id: Ide1a9b2f1761be029e97a058c1983b4cff5e27bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2285
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
2020-12-20 17:54:19 +00:00
Griffin Smith
d4fb573cf7 feat(gs/system): Init yeren
My new work laptop, a dell XPS 13.

Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-30 00:03:50 +00:00
Luke Granger-Brown
b344ae8783 fix(cl.tvl.fyi): Correct Gerrit shortlink redirects.
Before: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi:80/c/depot/+/123/
After: http://cl.tvl.fyi/123 -> https://cl.tvl.fyi/c/depot/+/123/

I think Jetty changed it's behaviour, and Gerrit is now configuring it
incorrectly.

Fixes #88.

Change-Id: I9238c0922b9f627e06eb81fa99dc748dada8909a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2202
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-29 11:50:53 +00:00
Jamie McClymont
3cbef06629 feat(tvl-slapd): add jamie to slapd
o/

- Jamie

Change-Id: I9c21e9a58c4514160f08133465a9cca720055cbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2148
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-11-26 00:36:06 +00:00
Griffin Smith
64ef09c475 feat(whitby): Move wigglydonke.rs to whitby
Mugwump is too unstable for such an important internet service

Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-11-22 22:55:49 +00:00
Griffin Smith
9f4d37e5df feat(ops/nixos): Give all nixoses a config.depot
Add the depot.nix module and a depot config option to all nixos system
derivations that're build through the `bin/rebuild-system` machinery.
I can't imagine a scenario where we wouldn't want this level of
integration.

Change-Id: Ieeb98db2eee23919256adb4654bc45d540e055ec
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2128
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-22 21:59:58 +00:00
Vincent Ambo
73c862279a feat(ops/pipelines): Check in the static pipeline
This file represents the static pipeline which is configured in the
Buildkite web UI. Updates to this file should be applied in the admin
interface.

These steps are responsible for launching the dynamic pipeline
evaluation, or falling back to the fallback pipeline if evaluation fails.

Change-Id: I6d7dd623cde65e8c69faea729f737c9bba00c2fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2103
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 22:33:11 +00:00
Vincent Ambo
1857334d37 feat(ops/pipelines): Add a fallback Buildkite configuration
This adds a simple fallback Buildkite pipeline configuration which
always fails the pipeline, but correctly reports back the failure
status.

Note that this also requires changes in the Buildkite configuration
that is not in version-control.

Relates to b/66.

Change-Id: I6802a6f76448c3893798a06d514e6ccba0f50dd2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2102
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-17 22:33:11 +00:00
Vincent Ambo
77097f8056 feat(ops/panettone): Add configuration for irccat
Adds configuration options for the (inconsistently named) environment
variables that configure irccat integration with Panettone.

The defaults match the irccat setup on whitby.

Change-Id: I6857512a2e3f29f16777493eb981cc69ce3c045f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2080
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-11-17 22:00:52 +00:00
Vincent Ambo
1442c5c8ac feat(whitby): Enable irccat module
Enables irccat, running as 'tvlbot' on ##tvl and ##tvl-dev and listening on TCP 4722.

Change-Id: Ia1eb533d0aacb0c15d6b3fa1cfd854ffbce27d23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2075
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-08 18:38:08 +00:00
Vincent Ambo
cbfcf14301 feat(ops/irccat): Add a NixOS module for launching irccat
This module configures irccat by creating a JSON configuration file
from a user-supplied Nix struct (this is not checked for correctness),
and merging it recursively with secrets from
`/etc/secrets/irccat.json` at service launch time.

This way we get the ability to configure (most) options declaratively
via Nix, while providing the secrets outside of Nix.

Side note: We need to figure out a secrets distribution mechanism.

Tested: Wrote a dummy config in whitby/default.nix locally and checked
that this builds, but I have not actually run the service yet. I
expect that some minor tweaks will end up being necessary.

Change-Id: I02a2e8dc40a7f8417fd77afcf8a12ac3df117988
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2074
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-11-08 18:38:08 +00:00
Vincent Ambo
e84f9ef0ad fix(whitby): Use new IRC bouncer location for clbot
... I found this location in the logs, because the certs are now valid
for this, but I'm not actually sure if it's right.

Change-Id: I5ac88073e3bf6a95fead4c1d34515622c4416c6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2070
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-11-05 14:22:01 +00:00
Griffin Smith
e39b7e002c feat(ops/nixos/paroxysm): Set Restart = "always"
Sometimes (like today) paroxysm crashes. We'd like it to restart if that
happens.

Change-Id: I98841096bcd6605c4279744ae5c65a9c92092a21
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2069
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-11-05 13:30:42 +00:00