Commit graph

282 commits

Author SHA1 Message Date
Vincent Ambo
8fa3087067 feat(whitby): Use Tvix as the system Nix on whitby
... this is going to break so much stuff. Lets have some fun.

Change-Id: If0185e0323391c7055d47b797083bb5afde57cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1829
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-21 01:37:25 +00:00
V
d6f17f48de chore(tvl-slapd): decapitalise V's username, use displayName instead
Change-Id: I59cf5e1c850960ae639c6a3ebeb273a4441c48bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1788
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 01:23:39 +00:00
V
b8fe5469c6 feat(whitby): add V
Change-Id: I887760edd67135df4e2f58a874314b317838d2e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1787
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-19 01:08:33 +00:00
V
8179fb6285 feat(tvl-slapd): add V
Change-Id: Id9253635b73b0eac7871a6baa4f0c7417d135cfe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1786
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-08-19 00:12:04 +00:00
eta
737d192aec feat(whitby): add eta
Change-Id: I7aa2bd2cb2c001b48ebd25b20f28cdfb0883ba3f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1782
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-08-17 22:27:25 +00:00
Vincent Ambo
85f53a45db chore(nixos/sourcegraph): Bump version to 3.18.0
Change-Id: I5cb8b2da7e40075c99fab6bd57295c8c1d770e86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1781
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-17 21:52:48 +00:00
Vincent Ambo
a7868e4e17 feat(nixos/clbot): Add ability to post in multiple channels
Adds the ability to post to multiple channels by simply running
multiple instances of clbot.

We should probably implement support for this in clbot itself, but
right now I can't be bothered to write Go.

Change-Id: I5cffd0dc10a7f6cc19c37c5834c5610166b4ae23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1771
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-17 21:50:45 +00:00
multi
9108256ce4 feat(whitby): enable programs.mosh.
Change-Id: Ibc8df6f6382b5b64e272bedece6b65762f9693c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1750
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-14 21:08:27 +00:00
multi
8af65f6858 fix(whitby): disable sshd(8) password authentication.
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-08-13 16:38:58 +00:00
multi
5e58c8bc28 feat(whitby): add multi
Change-Id: Ibfc2a5fcf73099b8414b8c46958007374d14fd0a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1701
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
2020-08-09 19:42:07 +00:00
multi
c0baddeed0 feat(tvl-slapd): add multi
Change-Id: I2fec9b5dd92da0343426c4a129d882fa87d92e6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1699
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-08-09 15:44:04 +00:00
Vincent Ambo
81f09b2dcd fix(whitby): Increase nrBuildUsers to 128
Change-Id: I3a444e163745d17d10f923c0be7565840937c53a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1662
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 00:21:23 +00:00
Vincent Ambo
bc1293b944 fix(whitby): I'm a trusted user, owo
Change-Id: I2666b3cf8bdefcb5d4caeddf191dc65f6a8cb05f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1661
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-06 00:21:23 +00:00
edef
6a128fc162 chore(whitby): add edef
Change-Id: I7265259bc87594bd481c7bd455187c09b1effd1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1650
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-08-05 22:32:54 +00:00
edef
c9a645b69d chore(tvl-slapd): refresh edef's password
Change-Id: I5a7a913656bfb9dd6c9fb4e2b4a1212607c50dd3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1592
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-08-03 11:15:23 +00:00
Vincent Ambo
cc3c45f739 fix(whitby): Move Restic's cache into /var/backup/restic
It tries to write this to ~/.cache otherwise, which worked for the git
user but does not work for root (??)

Change-Id: I02d04da7d8e2b8782ce70bc72bce0b90c3961aa0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1546
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 22:28:50 +00:00
Vincent Ambo
cc8033f592 fix(whitby): Make timer unit match the unit it should start
Oversight in the previous CL.

Change-Id: I8767322d7d860fc410796f8d63b7a6c38a8ab447
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1545
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 22:25:05 +00:00
Vincent Ambo
09b3d20031 feat(whitby): Include PostgreSQL dumps in Restic backups
Changes the restic backup service to run as root, rather than git, and
include the PostgreSQL dumps in its scope.

The on-machine credentials have already been placed in the right
location in /var/backup/restic

Fixes: 27
Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-08-01 21:50:15 +00:00
Vincent Ambo
717d12f2f3 feat(whitby): Enable daily PostgreSQL backups
... daily is just the default cron pattern for this, but we might also
want this to happen more frequently. Not sure yet.

Change-Id: I4e433fefebd93488891e765b5842fdb6537e3c6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1518
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-08-01 16:52:00 +00:00
Vincent Ambo
1fe4a47aa2 fix(ops/paroxysm): Ensure paroxysm is started on boot
Change-Id: Iba6557cbf4e0001277bd996df59318b4308fc92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1510
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-01 02:46:20 +00:00
Vincent Ambo
f41324db8c feat(ops/nixos): Add module for running paroxysm on whitby
Change-Id: I415e3b046d4e0fcd7e800ddab0c7f1aeb639c5e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1502
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
2020-07-31 21:58:34 +00:00
Griffin Smith
e8f893ee10 refactor(web/panettone): Remove prevalence
Now that we've migrated over all the data to postgresql, we can get rid
of cl-prevalence as a dependency from Panettone along with all code that
mentions it.

Change-Id: I945f50a88fea5770aac5b4a058342b8269c0bea2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1495
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-29 01:57:49 +00:00
Griffin Smith
d9262bd6c6 feat(ops/nixos): Use database password for Panettone
It appears this didn't even *work* without a password, so we've been
forced into being more secure.

Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 01:35:25 +00:00
Griffin Smith
9ae4ac8f50 fix(ops/nixos): allow connections on hostnossl
This is how panettone is currently connecting, so this needs to be here
in order for it to work. Shortly I'll update all of this to use
passwords, but for now this gets things up and running again

Change-Id: If87f4dbce0800dcbc4f7bf10e88f3e591410b416
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1488
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-28 00:46:26 +00:00
Griffin Smith
69f402563a feat(whitby): Create a Postgres database for Panettone
Create a running Postgres database server along with a user and database
for Panettone, and pass configuration for it to the panettone module

Change-Id: I333994288131be328e62069382d6d40f8034c400
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-27 21:04:50 +00:00
Luke Granger-Brown
c7cd12eb25 chore(monorepo-gerrit): add Checks plugin to Gerrit module
This adds the Gerrit checks plugin. Hooray.

Change-Id: I784e9728256d1665b85b666d58bc0308bd6614ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1463
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-27 00:00:48 +00:00
Luke Granger-Brown
3542e1f62b chore(whitby): add rxvt-unicode's terminfo
Otherwise I have to set TERM to something else so that I can actually use the
machine when I'm booted into Linux and it's incredibly tedious and I hate it.

Change-Id: Icfb5aacfea8cd6227743d29d9b07dc1b745d22c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1435
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-25 20:27:47 +00:00
Luke Granger-Brown
b8fa8ff4a4 chore(monorepo-gerrit): enable attention set, disable assignee, disable polygerrit CDN
Change-Id: I66c09afc0813e032a1b5a04cbdbe4b95db2e97d7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1438
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
2020-07-25 20:27:13 +00:00
Bartosz Stebel
32c3f7731b feat(tvl-slapd): add implr
Change-Id: I7d22bf61ac72e86a17035d6125055da8aa53d762
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1387
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-23 22:19:23 +00:00
Griffin Smith
7101cc5375 feat(ops/nixos): Deploy Panettone to Whitby
Deploy Panettone to whitby as a systemd service, proxied to from an
nginx virtual host listening at b.tvl.fyi

Change-Id: I69755566151a45120e6b3453751af0e9291fa241
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 22:09:15 +00:00
Vincent Ambo
37cc98d078 fix(whitby): Use fish shell as my default shell
I don't have time for bash's history.

Change-Id: I741107d33f09999ef43a7609079ad926e8127e69
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-23 19:39:07 +00:00
Vincent Ambo
b422688da1 feat(whitby): Add SSH key for qyliss
... also bootstraps her user directory to store the key in.

Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
2020-07-23 19:37:09 +00:00
Vincent Ambo
cbad0991de chore(whitby): Move isomer's SSH key to user directory
This is inline with how other user keys are managed.

Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-23 19:32:15 +00:00
Vincent Ambo
406e37fde1 feat(whitby): Deploy todo.tvl.fyi page with //web/todolist
Note that this is not yet updated automatically, so the page will be
stale until somebody rebuilds whitby.

Change-Id: I91f4b03c9309aed289df055fac292a214dca7668
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Tested-by: BuildkiteCI
2020-07-19 23:40:42 +00:00
Kane York
3c9ee24929 chore(whitby): add riking
Change-Id: I33cc1324eac9a13be56d296d09cfdbe066d90e13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1256
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-07-18 21:21:10 +00:00
Alyssa Ross
effbb277c3 chore(tvl-slapd): add display name for qyliss
Not having this set led to gerrit setting the committer to
"qyliss <hi@alyssa.is>", which is wrong.

Change-Id: I3fe02264e22dd6d739575b34ceb1221d1d6a9d98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1267
Tested-by: BuildkiteCI
Reviewed-by: qyliss <hi@alyssa.is>
2020-07-18 16:50:07 +00:00
Kane York
501d6bdaab chore(tvl-slapd): change display name to a username-like
Change-Id: I289400de6638844586a32a729333cb65a0dca4a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1254
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-07-18 01:23:13 +00:00
Alyssa Ross
0f7bdd6711 feat(tvl-slapd): add qyliss
Change-Id: Ia95c77be8a9c123f2e52174f76c4b01d44272191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1260
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-17 22:53:17 +00:00
Vincent Ambo
67f0fbfcea feat(whitby): Hardcode Google DNS servers
The Hetzner DNS servers were unhappy after today's Cloudflare outage,
and that broke some of our builds - this wouldn't have happened with
Google DNS!

Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-17 22:27:49 +00:00
isomer
cbff4fab9e chore(whitby): += Isomer
Change-Id: I446ab16d009dc24340606ab2f411197af24d79c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1142
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-17 19:38:51 +00:00
Vincent Ambo
356dde149f feat(whitby): Configure Gerrit backups on whitby
Change-Id: I84245fb809725853a301f217cdb11eacc1984cae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1103
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 14:11:24 +00:00
Vincent Ambo
e035c46c6e chore(whitby): Give the git user a home directory
Change-Id: I5e6e13fa8a1656434ca897c83fe7ac48eb869369
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1102
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:51:20 +00:00
Vincent Ambo
8b6b3df5c4 fix(www/base): Add nginx fix timer
Change-Id: Iec66fea0f3991ba74aede3911ea9f6ae5adb0188
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1082
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
405b7ec95b feat(whitby): Enable Gerrit & cgit deployments
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-12 13:36:45 +00:00
Vincent Ambo
93575158c6 feat(whitby): Enable SourceGraph server
Change-Id: Ia8a20d54a4ac77d64f5e3fd2255ffad78dce0fb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1067
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
6ed4e7d4d1 chore(sourcegraph): Bump version to 3.17.3
Change-Id: I6bc25d039cbe497bc9aa8784ac2f95219b5c617c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1066
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
5abdc16f6f feat(nixos/sourcegraph): Move cheddar server to module & make ports configurable
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
90b8433828 feat(nixos/www): Add configuration for tvl.fyi homepage
... and enable it on whitby

Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-12 13:36:45 +00:00
Vincent Ambo
31f65f5d2b feat(whitby): Move over clbot deployment from camden
There is only one minor configuration change: CLBot now connects to
cl.tvl.fyi, instead of localhost, because Gerrit is still on camden.

Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 12:20:17 +00:00
Vincent Ambo
ea428faf99 feat(whitby): Enable smtprelay module
This is required for the Gerrit setup.

Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 11:58:43 +00:00
Vincent Ambo
b53d25ab3f fix(monorepo-gerrit): Use Google's CDN to serve static assets
Change-Id: Ib4ffc1d9b030a5982b9063c1d6322fb87ba7f910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1022
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-11 01:00:31 +00:00
Vincent Ambo
5de644a597 chore(monorepo-gerrit): Increase Gerrit's heap limit to 4g
(this translates to -Xmx)

Change-Id: I31bbbd247952fa6a592cb66ad144025af640d2db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1021
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-11 01:00:31 +00:00
Vincent Ambo
a8c77b9c2a fix(monorepo-gerrit): Explicitly set gerrit.docUrl
This prevents a request that takes >1s on each page load.

Change-Id: Ic91bb602e3059b1f17681aa468739bb0a103f8cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1003
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-11 01:00:31 +00:00
Andreas Rammhold
d06237707b feat(tvl-slapd): add andi
Message-Id: <20200710190623.26573-1-andi@notmuch.email>
Change-Id: Ibd74f93f589beecbf7fa9090550ecf95caa0a3b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/982
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-10 19:10:18 +00:00
Vincent Ambo
449afaa384 feat(ops/nixos): Add module for running a Quassel daemon
The upstream module is not flexible enough for my needs, so I made my
own.

Change-Id: Ie9f786da7eb8c878e0782b07a075c064ad8cd253
Reviewed-on: https://cl.tvl.fyi/c/depot/+/953
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-08 22:10:08 +00:00
Luke Granger-Brown
2c7e9986e2 chore(apereo-cas): fix up configuration
- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd

Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-08 17:49:25 +00:00
Luke Granger-Brown
cb52c9e41d chore(ops/nixos/tvl-sso): add secrets
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba2840
Reviewed-on: https://cl.tvl.fyi/c/depot/+/951
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 23:08:00 +00:00
Luke Granger-Brown
1e8dbd5b1b fix(ops/nixos/tvl-sso): correct path to executable
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/950
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 23:08:00 +00:00
Luke Granger-Brown
57ade16b9d feat(whitby): add apereo-cas/tvl-sso
Change-Id: I29f5e762852593f05b9936d5635aadcc7eba283e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/935
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 22:59:56 +00:00
Luke Granger-Brown
aae3d25234 feat(ops/nixos/www): create login.tvl.fyi host
Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/936
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-06 22:48:40 +00:00
Griffin Smith
a73714a93c feat(ops/nixos): Add generic rebuild-system script
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.

As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.

Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-06 15:16:36 +00:00
Luke Granger-Brown
25cebc3a62 feat(whitby): enable tvl-slapd on whitby
Change-Id: I3fac108802671abfb9a508359390b063bce16202
Reviewed-on: https://cl.tvl.fyi/c/depot/+/923
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-07-05 16:54:48 +00:00
Luke Granger-Brown
f54a48f831 chore(whitby): add lukegb to trusted-users for remote builds
Change-Id: Id1e67bb30bb7f4d329006688f1783b900d16d164
Reviewed-on: https://cl.tvl.fyi/c/depot/+/914
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
2020-07-04 21:27:27 +00:00
Vincent Ambo
3ce41f4fa4 feat(whitby): Enable nix.sshServe
This exposes a binary cache over SSH.

Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/895
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-03 14:25:35 +00:00
Griffin Smith
0d4f709757 feat(whitby): Allow wheel users to sudo without a password
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.

Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-02 22:00:41 +00:00
Griffin Smith
1ecae26afa feat(whitby): Add grfn as a trusted user
So I can remote builder

Change-Id: I8106244d3d197c010b618e4337a9ccfc13a116f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/856
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-02 21:36:11 +00:00
Vincent Ambo
4d9c6dbbe2 feat(whitby): Run a handful of Buildkite agents
This is the point of the machine, afterall.

Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Vincent Ambo
7114e72d81 feat(whitby): Enable Nix signing for the binary cache
Change-Id: I9047667cc1a40668c0c7da72c070044b91b53014
Reviewed-on: https://cl.tvl.fyi/c/depot/+/852
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Vincent Ambo
cabdd4aa51 fix(whitby): Explicitly set an interface for the v6 default gw
systemd gets sad otherwise and it is very difficult to console it

Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 20:54:11 +00:00
Griffin Smith
298060dba9 feat(whitby): Add grfn
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.

Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-07-02 20:28:48 +00:00
Luke Granger-Brown
8ad55c9095 feat(whitby): add lukegb
Change-Id: I26356632b86a64519128bc673178f1cd1b55b99b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/848
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
2020-07-02 19:33:44 +00:00
Vincent Ambo
c18b0a7c57 fix(whitby): Set correct IPv6 default gateway for Hetzner env
Change-Id: Ic3d4c6ebf7c40e27a453e08295bb0f2f999c0d88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/845
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 18:59:01 +00:00
Vincent Ambo
62dd3fdc3c feat(nixos/whitby): Hello, World!
This adds NixOS configuration for the machine whitby.tvl.fyi.

No interesting services are configured yet, so this configuration is
quite plain.

Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/843
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-07-02 18:32:47 +00:00
Vincent Ambo
b1f0de3fde chore(nixos/whitby): Bootstrap //ops/nixos/whitby folder
Change-Id: I7d77c3ea48b181d7b9f754ac4807ed44735a8925
Reviewed-on: https://cl.tvl.fyi/c/depot/+/841
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
2020-07-02 18:32:47 +00:00
Kane York
2215ae98b9 chore(tvl-slapd): rotate password for riking
Change-Id: I3ec53d5223a4ff0871eed7615f11f534ed74653b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/839
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-02 06:20:04 +00:00
Vincent Ambo
7dbdd2d13e chore(tvl-slapd): Remove old password generation script
This does not work for ARGON2 hashes.

Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/834
Reviewed-by: Kane York <rikingcoding@gmail.com>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
2020-07-01 20:55:48 +00:00
Vincent Ambo
a1556d71e6 chore(tvl-slapd): Rotate my LDAP passwords and use ARGON2 hashes
Change-Id: Id1a60121e4254e7ccff77ac17fd39d0955aedc8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/832
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-01 19:10:13 +00:00
Vincent Ambo
5b4ff0c393 feat(tvl-slapd): Load Argon2 password module in OpenLDAP
This makes it possible to use {ARGON2} hashes instead of the current
salted SHA hashes, which is a much better idea.

Unfortunately the nixpkgs module does not have an option for
overridding the package used, so it is overlaid into the system
package set - this causes widespread rebuilds.

This is fine for us for now, but I have opened a PR upstream to add a
package option: https://github.com/NixOS/nixpkgs/pull/91963

Change-Id: Ib4be931d88e74b91566639f8656742cf096f6cc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/831
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
2020-07-01 19:10:13 +00:00
Vincent Ambo
feb3f1a374 feat(nixos/clbot): Add a module for running clbot
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/821
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
2020-06-30 23:39:48 +00:00
Cameron Kingsbury
7839b7b7a3 feat(tvl-slapd): update camsbury in slapd
Change-Id: Idce92352ad01f85bd7fbb102decdd1df26dda5f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/823
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-06-30 23:34:04 +00:00
Vincent Ambo
1eb8067bb0 fix(nixos/smtprelay): Only enable if the user asks for it
Change-Id: Ifbdf9bf9e89a1da68e8c823f61a33275183afcb1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/822
Reviewed-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2020-06-30 23:32:45 +00:00
Profpatsch
d640027f66 chore(tvl-slapd): sort alphabetically
bad ericvolp12

Change-Id: I508c7de48d4c2a7c734c38f79d0efeafec5d1e34
Reviewed-on: https://cl.tvl.fyi/c/depot/+/622
Reviewed-by: Profpatsch <mail@profpatsch.de>
2020-06-27 02:39:15 +00:00
Profpatsch
9851063f93 feat(tvl-slapd): add Profpatsch
Change-Id: I2d865a5271e7a3a2fe17009b306fe3f561a1290f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/621
Reviewed-by: tazjin <mail@tazj.in>
2020-06-27 02:38:33 +00:00
Artemis Tosini
41a094bf87 feat(tvl-slapd): add artemist to slapd
Signed-off-by: Artemis Tosini <me@artem.ist>
Change-Id: I11fc0cb58660d3cc55c6cf5489cc872a51454cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/609
Reviewed-by: tazjin <mail@tazj.in>
2020-06-26 22:50:29 +00:00
Cameron Kingsbury
e7dd5e30e9 feat(tvl-slapd): add camsbury to slapd
add camsbury

From ccd385879ed384389983f4ddc55ef675f40e6119 Mon Sep 17 00:00:00 2001
From: Cameron Kingsbury <camsbury7@gmail.com>
Date: Tue, 23 Jun 2020 14:13:51 -0400
Subject: [PATCH] feat(tvl-slapd): add camsbury to slapd

Change-Id: I0fbf05ca80a006c9b2055509661fc1e93211e30f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/565
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-06-23 18:56:19 +00:00
Vincent Ambo
3b05be2fd0 feat(monorepo-gerrit): Use Sourcegraph as the gitweb for Gerrit
This points commit/file/etc. links from Gerrit to Sourcegraph instead
of cgit.

There's a minor problem with this: Some, but not all unsubmitted CLs
are missing in Sourcegraph for unclear reasons so they lead to 404s.

That problem is unrelated to this change and something we need to
investigate separately.

Change-Id: I9b0c1eca8781dc96984ba09b4a71960eb43583bd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/541
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-20 17:29:50 +00:00
Vincent Ambo
d18faddba3 chore(nixos/sourcegraph): Configure Sourcegraph to use Cheddar
Change-Id: I2b91bef97c16254ffefcbc4da48ef161a859e7a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/521
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-20 03:00:46 +00:00
Vincent Ambo
8f6309fe22 fix(monorepo-gerrit): Use displayName attribute as accountFullName
This attribute makes much more sense in this position semantically.

Change-Id: I16cc6304f42c577a2368bd7c9573fcb7dd276a9d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/448
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-17 03:03:22 +00:00
Vincent Ambo
27db1fc86b refactor(tvl-slapd): Move user definitions into Nix code
Implements a function that generates the LDIF record for each user and
templates it into the configuration.

This is slightly more user-friendly and less error-prone (people kept
getting the DNs wrong) than editing the contents manually.

Change-Id: Ic419d2ef464f9a94be5d54b666f7d53134b53eed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/447
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-17 03:03:22 +00:00
Vincent Ambo
9a7a0aa597 chore: Remove traces of Hound
We can always revert this if we want it back.

Change-Id: I1332b6dd541199584b7b5b94a8651172d79e53a9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/442
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-16 20:32:18 +00:00
Vincent Ambo
2a764503be fix(monorepo-gerrit): Don't expire sessions unreasonably quickly
Changes the default session timeout to 3 months, which is a lot more
reasonable than the default of 12 hours.

See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cache.name.maxAge

Change-Id: I33bce8b072d64ab07f1b954c11068595dca5def7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/431
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-16 17:42:03 +00:00
Vincent Ambo
654f13d405 feat(nixos/sourcegraph): Add a module for running SourceGraph
This module spins up the Sourcegraph container.

Builds:

Note that this is contrary to how our other deployments work, but
packaging Sourcegraph is quite difficult (it's a Gitlab style
deployment with a lot of moving parts and third-party things that it
bundles).

If we decide to keep it around, we will want to look at packaging it
in Nix in the future.

Deployment:

The deployment is a hack. Sourcegraph does not support public
instances, but we want it to be public. To work around this we have
configured HTTP-proxy based authentication (i.e. auth via a header)
and hardcoded a static header.

This works, but lets anonymous users change the "Anonymous" user's
settings. We can expect this to get defaced (profile picture, name
etc), until we figure out how to write some nginx configuration to
drop those requests. See git-bug for details.

The Sourcegraph configuration is also not checked in to the
repository. It's unclear where in the data directory it is stored.

Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/425
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-16 13:40:49 +00:00
Eric Volpert
bf911a119e feat(tvl-slapd): Enable ericvolp12 user in LDAP
Thanks.

Change-Id: I5df1e5075b2e056ebde3e66e1cf17b220d650977
Reviewed-on: https://cl.tvl.fyi/c/depot/+/398
Reviewed-by: tazjin <mail@tazj.in>
2020-06-16 02:19:09 +00:00
Vincent Ambo
76c20f6bf7 fix(ops/nixos/tvl-slapd): Sort users & fix glittershark's DN
Change-Id: I33feedacfadaae53da000aff7d42fa06d2189f52
Reviewed-on: https://cl.tvl.fyi/c/depot/+/391
Reviewed-by: tazjin <mail@tazj.in>
2020-06-15 23:18:57 +00:00
Griffin Smith
849afbaeef chore(ops/nixos/tvl-slapd): add glittershark
Change-Id: I2e537079b88a3857964c6b7c66cd9221ca580958
Reviewed-on: https://cl.tvl.fyi/c/depot/+/390
Reviewed-by: tazjin <mail@tazj.in>
2020-06-15 23:17:06 +00:00
Vincent Ambo
a577fd83d6 chore(monorepo-gerrit): Remove 'owners-autoassign' plugin
This plugin just blindly assigns everyone and, as q3k has already
pointed out, just isn't particularly useful.

We might want to roll our own, for example:

19: 40:41 <+Remosi> I want the virtual owner thing, we could call it
 Gerrit Workgroup Synthesizer Queuing, or gwsq for short.
Change-Id: Ib12a921ae4047ac6a734035dd0900c8964fb12d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/350
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-15 00:38:48 +00:00
Vincent Ambo
a4b3f9af93 fix(3p/gerrit): Fix Gerrit derivation name and module configuration
Without these changes, the NixOS module isn't able to use the new
Gerrit derivation.

These changes are already deployed as I needed to make them to get
Gerrit back up.

Change-Id: Iad3aa6158789a014134fddccd40b508b81486100
Reviewed-on: https://cl.tvl.fyi/c/depot/+/301
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-14 18:50:16 +00:00
Cynthia Revström
8dda9e56d7 feat(tvl-slapd): add cynthia to slapd
Change-Id: Ifb55ebd234d15fbaa6ef2e71f97ba7b8203ffcd9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/255
Reviewed-by: tazjin <mail@tazj.in>
2020-06-14 13:37:26 +00:00
Vincent Ambo
268729083e refactor(ops/nixos): Move my NixOS configurations to //users/tazjin
NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).

This is the first users folder, so it is also added to the root
readTree invocation for the repository.

Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>
2020-06-13 23:52:35 +00:00
eta
ae85e8a871 feat(tvl-slapd): add eta to slapd
Change-Id: Ib34d59006645b992bd7b6cbd04fc7121ad3f0219
Reviewed-on: https://cl.tvl.fyi/c/depot/+/223
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 19:01:42 +00:00