Commit graph

983 commits

Author SHA1 Message Date
Vincent Ambo
b41be36bb7
Merge pull request #6 from tazjin/fix/nixery-secrets-namespace
Fix Nixery resources namespace & bump kontemplate
2019-09-04 14:18:08 +01:00
Vincent Ambo
16b317fa5a chore: Update kontemplate to v1.8.0
This version is agnostic of the working directory even if
insertFile/insertTemplate are used, which makes it a lot nicer to work
with in this repository structure.
2019-09-04 12:58:04 +01:00
Vincent Ambo
56f9e37755 fix(k8s): Move nixery-secrets to the correct namespace 2019-09-04 10:34:20 +01:00
Vincent Ambo
628cec3433
Merge pull request #5 from tazjin/feat/cloud-kms-secrets
Introduce secrets management via Google Cloud KMS
2019-09-03 16:26:17 +01:00
Vincent Ambo
283951388c feat(k8s): Insert Nixery's secrets via kontemplate
Instead of having a manually prepared secret, use Cloud KMS (as per
the previous commits) to decrypt the in-repo secrets and template them
into the Secret resource in Kubernetes.

Not all of the values are actually secret, it has thus become a bit
easier to edit the known hosts, SSH config and such now.
2019-09-03 16:12:30 +01:00
Vincent Ambo
0bc548e75e feat(secrets): Check in secrets required by Nixery 2019-09-03 16:12:30 +01:00
Vincent Ambo
bcd7710be5 feat(tools): Introduce pass-compatible wrapper using Cloud KMS
Adds a shell script that supports a subset of the 'pass' interface for
compatibility with kontemplate, and wraps kontemplate in a script that
places this version on the PATH.

This makes it possible to use Cloud KMS encrypted secrets with kontemplate.
2019-09-03 16:12:30 +01:00
Vincent Ambo
abd5d7538c feat(gcp): Create Cloud KMS resources for encrypting secrets
The idea here is to use Cloud KMS and a shell script that mimics
'pass' to trick kontemplate into using Cloud KMS to decrypt secrets.
2019-09-03 16:12:30 +01:00
Vincent Ambo
eb43ba75d2 chore(gcp): Remove monorepo repository
The repository is now public on Github.
2019-09-03 16:12:30 +01:00
Vincent Ambo
be28462a8a
Merge pull request #4 from tazjin/fix/blog-substitutes
fix(tazblog): Explicitly allow substitutes for the blog
2019-09-03 01:11:55 +01:00
Vincent Ambo
0d93594347 fix(tazblog): Explicitly allow substitutes for the blog
Not entirely sure which part of the setup set this to 'false', but
this is potentially the key for why tazblog ends up being rebuilt all
the time.
2019-09-03 00:43:49 +01:00
Vincent Ambo
5e4157e4a2 chore(k8s): Update deployed Nixery version 2019-09-03 00:31:09 +01:00
Vincent Ambo
d9a0f07c73 chore(third_party): Bump Nixery version 2019-09-03 00:25:40 +01:00
Vincent Ambo
3a4d8544fe
Merge pull request #3 from tazjin/chore/pin-travis-nix
Pin Nix version in Travis builds
2019-09-02 22:54:58 +01:00
Vincent Ambo
cfeb6e57c7 chore(tazblog): Clean up unneeded files 2019-09-02 22:34:06 +01:00
Vincent Ambo
68d14b6cfc chore(gemma): Delete old image build configuration 2019-09-02 22:06:55 +01:00
Vincent Ambo
8ae6cb2b95 chore: Pin Nix version in Travis builds
There are some unexpected cache misses in the Travis builds and I
suspect this might be due to mismatching Nix versions.
2019-09-02 21:58:39 +01:00
Vincent Ambo
d577629b5b fix(k8s): Add nginx route for load-balancer health checks 2019-09-02 20:16:49 +01:00
Vincent Ambo
f2e0f3ee27 chore(third_party): Remove git-appraise
Not actually in use here ...
2019-09-02 20:01:25 +01:00
Vincent Ambo
2f239426aa
Merge pull request #2 from tazjin/refactor/nixos-nginx-cleanup
Remove old NixOS config and move oslo.pub
2019-09-02 19:04:28 +01:00
Vincent Ambo
e2feae3387 fix(k8s): nginx does not need to be pinned to gitHEAD 2019-09-02 18:42:18 +01:00
Vincent Ambo
07a17501cc chore(k8s): Point Nixery at public depot URL 2019-09-02 18:38:24 +01:00
Vincent Ambo
a0089892dd feat(k8s): Route oslo.pub to nginx in ingress 2019-09-02 18:28:39 +01:00
Vincent Ambo
785a5a2997 feat(k8s): Add nginx instance for oslo.pub redirect
The redirect is currently all that this instance does. It is required
because HTTP load balancers in GCP don't support URL rewriting.
2019-09-02 18:19:35 +01:00
Vincent Ambo
e6cb12ebfb chore(k8s): Provision certificate for oslo.pub 2019-09-02 18:19:06 +01:00
Vincent Ambo
640b497950 feat(tools): Add stern, a k8s log watcher 2019-09-02 18:18:28 +01:00
Vincent Ambo
4881a84eaa chore(infra): Remove NixOS configuration for servers
This configuration is no longer in use. The Gemma configuration file
has been moved over to the k8s folder from where it will be templated
into the actual configuration.
2019-09-02 17:19:07 +01:00
Vincent Ambo
4bd6d52800
Merge pull request #1 from tazjin/feat/travis-ci
Add Travis CI configuration
2019-09-02 17:17:22 +01:00
Vincent Ambo
86d8c748a7 chore: Catch all Nix results in gitignore 2019-09-02 17:12:06 +01:00
Vincent Ambo
4d94254642 docs: Add crude top-level README 2019-09-02 17:12:06 +01:00
Vincent Ambo
99ee84b477 refactor(blog): Use callPackage to import derivation 2019-09-02 16:53:54 +01:00
Vincent Ambo
6472b2645c feat: Add Travis CI configuration
Adds a configuration that builds all of my own services and pushes the
resulting closures to Cachix.
2019-09-02 16:38:59 +01:00
Vincent Ambo
5e9b91a6d2 chore: Remove leftover Bazel files 2019-09-02 16:24:21 +01:00
Vincent Ambo
4411eea11f fix(gemma): Fix build process in Nix 2019-09-02 02:14:39 +01:00
Vincent Ambo
b43e5529f7 feat(third_party): Add missing Quicklisp packages for Gemma
Gemma depends on cl-prevalence, which isn't in the nixpkgs Quicklisp
snapshot.

This adds the package and its dependencies to the overlay.
2019-09-02 01:24:41 +01:00
Vincent Ambo
a635beabfa fix: Correct naming of variables in overlay function 2019-09-02 01:24:23 +01:00
Vincent Ambo
a58af3e371 feat(k8s): Configure HTTPS ingress for the blog
Uses Google-managed certificates and an Ingress resource to set up an
HTTPS load-balancer.

This probably won't be the final version as the GKE Ingress is very
limited and can not do things like redirect URLs, which I need to
decommission the old setup.
2019-08-27 12:44:37 +01:00
Vincent Ambo
cae99692de feat(k8s): Add Google managed TLS certificates
Introduces certificates for tazj.in & www.tazj.in.
2019-08-27 12:43:55 +01:00
Vincent Ambo
593e96da60 chore(tazblog): Clean up unused dependencies 2019-08-25 23:21:26 +01:00
Vincent Ambo
1247848d76 refactor(tazblog): Implement HLint lints in all files 2019-08-25 23:07:43 +01:00
Vincent Ambo
561ed1fbbb chore(tazblog): Remove i18n features
The blog has been English only for a few years. Old entries that
survived the migration to DNS will still be accessible.
2019-08-25 22:53:38 +01:00
Vincent Ambo
094aafecdd chore(tazblog): Remove 'read more' feature 2019-08-25 20:22:57 +01:00
Vincent Ambo
6450347bf1 chore(tools): Remove ormolu from tools
The Ormolu derivation is too large to be instantiated on-demand. I've
resorted to installing this tool into my profile instead.
2019-08-25 20:17:03 +01:00
Vincent Ambo
1747df418e chore(tazblog): Format source files with ormolu
Ormolu's formatting is quite annoying (it uses a lot of unnecessary
vertical space and doesn't align elements), but I can't be bothered to
do manual formatting - especially because whatever formatting
haskell-mode in Emacs produces seems to depend on an opaque state
machine or something.
2019-08-25 20:15:53 +01:00
Vincent Ambo
2fdc872228 feat(build): Add Terraform from unstable channel 2019-08-25 17:55:08 +01:00
Vincent Ambo
155f17173b chore(gcp): Enable Cloud DNS service 2019-08-25 17:47:34 +01:00
Vincent Ambo
d3f8dd15f3 fix(gemma): Almost fix Gemma build by porting an old Elm
This pulls in an old version of Elm from NixOS 17.09 which can still
build the Elm code in Gemma.

However, the Common Lisp build is now broken in some other way.
2019-08-23 15:28:23 +01:00
Vincent Ambo
31e83b33cc chore(k8s): More tazblog replicas 2019-08-23 14:13:13 +01:00
Vincent Ambo
be074c6085 refactor(tazblog): Move blog configuration to envvars
The port and resource directory are now specified via environment
variables and a wrapper script is created by Nix that sets the
resource path and so on correctly.
2019-08-23 12:03:17 +01:00
Vincent Ambo
fb930e4db7 fix(tazblog): Remove debug trace 2019-08-23 11:42:23 +01:00