This should never sit around locally the way it does now.
Change-Id: Icfbdaf1949d6d948a796a0759282ea6144af3621
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4709
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This file can be sourced (somehow, depending on the user) while
working with //ops/keycloak to get the relevant secrets.
Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Grafana was still pointing at the (now non-existent) CAS setup. This
changes the endpoints to use Keycloak instead and updates the client
secret.
Change-Id: Ib25d38330aba2ef6d894e8c33d86852c884ab5be
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4706
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
Figured this out by opening web inspector for the discord web app and
looking at the responses for role memeber counts.
Change-Id: I0fa6418c4d1781a65ef50c9ed14665e2b142ae32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4707
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Hugo is a bit too heavyweight for my taste.
Change-Id: I331bc5898bd40f1a03bbde8ad69fe3cc9f72c18b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4704
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
while trying to yantsify `mkSecrets` in https://cl.tvl.fyi/c/depot/+/4688,
I(zseri) needed to debug a failing evaluation which boiled down
to a result.ok containing something which wasn't boolean,
but the error message didn't indicate where that value came from.
I debugged yants and found that the only place which didn't
simply combine boolean values or use functions which always
return booleans, I managed to isolate the error to the
`pred v` expression. To avoid the necessity to debug yants
to find this, I improve the error message for this case
to mention that
- a restriction predicate is invalid
- what's the name of the failing restriction
- the unexpected predicate return value
Change-Id: I6c570a33ccc5afc445f208e2e8855c49fb37abaf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4698
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Reviewed-by: tazjin <mail@tazj.in>
Autosubmit: zseri <zseri.devel@ytrizja.de>
I have a (unconfirmed) suspicion that this is paying more in CPU time
than it's saving in disk space - regardless, I have a bounty of the
latter and a deficit of the former.
Change-Id: I3375b8d904e0878fd47c1845e3c3b9b6c6359189
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4700
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This was originally intended to work around the issue caused by me
accidentally ending up proxy_set_header'ing the Host header twice (which
nginx *concatenates with slashes*, rather than overwriting!), but seems
sensible regardless to make that whole thing (hopefully) a bit less
brittle
Change-Id: I877fa594b46e88d1ba05e793832beab3d0aaccdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4697
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Also update log deps so things actually log, using a new :outdated alias
based on antq
Change-Id: I6f87f474bea101fa1b396c519b234eb3aac1c4f1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4696
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Start of a production deployment of the app with nixos+terraform, using
provisioners and null-resources to provision nixos machines a'la espes.
Change-Id: I2ddaed76d0037dadbf9fc9e2ee27e9e67a852228
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4695
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Start setting up agenix with secrets in //users/grfn/secrets for
mugwump, starting with my cloudflare API key which I use for the ddns
from my home apartment
Change-Id: Ida66cb91da3415357a512039d6c23402f0ae9388
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4683
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Generalize out a reusable mkSecrets function from the
secrets-tree-building that's happening in //ops/secrets, so the same
thing can happen in other places in the depot (I want to use it for my
personal infrastructure).
Change-Id: I059295c8c257d78ad7fa0802859f57c2c105f29b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4679
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Let's see what mosh is all about...
Change-Id: I0439130f55dc056370397c3e4ea8039f888703c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4690
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Building nix derivations needs tar (provided by gnutar) and gzip on the
PATH in order to extract .tar.gz archives.
Change-Id: Ia2df7a3a770cfd342dfede58ad34e04805fbd1f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4685
Tested-by: BuildkiteCI
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
The content needs small gutters to improve readability on my iPhone 12.
Change-Id: I751ae5387ad93c95729e642c21c37e481412c00e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4678
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Without this, the hand is properly position only some of the time... it's almost
quantum-like behavior ⚛
Change-Id: I7d5d9ed953f84bd097623e9f8abb1b2140c5bdc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4666
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).
Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
Verified emails are required for some things, like e.g. oauth2_proxy
Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
This is still missing most of the client configuration etc., in part
due to bugs in the provider which are preventing resource imports.
Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
`terraform fmt` can only handle a single path, but treefmt expects
formatters to be able to handle multiple paths at once.
this wraps it in a small shell script that calls `terraform fmt` with
at most one path at a time.
Change-Id: I2b9c1b89b5a276f3d4915b95608ce36b2509e334
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4639
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
WIP: currently just a simple setup that creates an empty git repo if
it doesn’t exist yet, and writes a commit to it.
A simple database backed by a bare git repository.
WIP: Will speak a simple interactive protocol to query files and
update them atomically.
It could be made atomic on the git repo level, if a lock is taken
between reading the current commit ref and creating the commit.
Change-Id: I1fd30a046ac977063c3e08c36d96e835b35ff07d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3046
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Also make rust-crates into a rec argument for now, which is simpler.
Change-Id: Ie443f72d9633614f0ffa0c43aac1785e8577b0ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3045
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
