Vincent Ambo
a9f3621fd7
feat(camden): Move hound to cs.tvl.fyi
...
The old host at cs.tazj.in now redirects there, and I've added a
helper function for creating these redirections.
Change-Id: I66794d752df46c8e795e47aedfaffd8c27c45627
Reviewed-on: https://cl.tvl.fyi/c/depot/+/89
Reviewed-by: riking <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 02:17:02 +00:00
Vincent Ambo
7bad1fe852
fix(camden): addSSL -> forceSSL for all pages
...
Change-Id: I451d1bc1a21d4ff25c0c70c963cf17bb924961db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/84
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 01:51:32 +00:00
edef
52c0be524e
chore(ops/nixos/modules): Add edef to slapd
...
Change-Id: I063a09cdc3bb81397a44f7356f1c11ebd715f74f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/88
Reviewed-by: tazjin <mail@tazj.in>
2020-06-12 01:44:51 +00:00
Kane York
1783239c3f
feat(camden): add /irc/ shortlink
...
Change-Id: If17c758c323aaf00fdf26ddfafaea10acbf1453e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/70
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-12 01:15:02 +00:00
Vincent Ambo
37bbc43146
feat(camden): Move cgit to code.tvl.fyi
...
Moves the host at which cgit is served to 'code.tvl.fyi'.
Also updates related projects that link to this, most importantly:
* Hound's & Gerrit's cgit link bases have been updated
* besadii is updated to request CI builds for the new location
Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/71
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 01:14:21 +00:00
Sergiusz Bazanski
79fdb0bb5f
chore(ops/nixos/modules): Add q3k to slapd
...
Change-Id: I083bc4e9283a882e97a6b9098d6a126ca7bb0a93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/68
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 00:44:36 +00:00
Vincent Ambo
dc2fd3b521
chore(nixos/camden): Point hound at the depot on gerrit
...
Change-Id: I19cbffae75017ceefbc19397c54156eb348eda27
Reviewed-on: https://cl.tvl.fyi/c/depot/+/65
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-11 23:47:24 +00:00
Vincent Ambo
4e3d3b6c22
chore(nixos/frog): Move frog to nixos-unstable
...
There are no remaining traces of Emacs breakage in unstable - as far
as I can tell.
Change-Id: I06c5d78aa3ff9c0cc00c62e6d6966c5079fb3b24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/63
Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 23:20:41 +00:00
Vincent Ambo
80d324b53b
feat(nixos/frog): Enable lieer sync for mail@tazj.in
...
Change-Id: I38a338143d57d5f49532d200910f9406fa49f535
Reviewed-on: https://cl.tvl.fyi/c/depot/+/61
Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 23:18:25 +00:00
Luke Granger-Brown
a342bdb80b
feat(monorepo-gerrit): link to git.tazj.in as source browser
...
Change-Id: Ia31389a958c1927b63dfebb7c2ed2054177410b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/23
Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 22:17:23 +00:00
Vincent Ambo
7875753659
fix(monorepo-gerrit): Disable 'DynamicUser' feature for Gerrit
...
This change makes Gerrit run as the 'git' user, which can be shared by
other services such as hound or cgit to access the git trees.
Change-Id: Ic6c91f3e852184f5ef21f4374738cbf687462194
Reviewed-on: https://cl.tvl.fyi/c/depot/+/21
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: isomer <isomer@tvl.in>
2020-06-11 21:52:30 +00:00
Vincent Ambo
ea3cab8755
fix(monorepo-gerrit): Extract SSH username from LDAP correctly
2020-06-11 21:13:04 +00:00
Vincent Ambo
fba9d0b387
feat(tvl-slapd): Add lukegb's user account
2020-06-11 21:13:04 +00:00
Vincent Ambo
1d40329609
fix(monorepo-gerrit): Configure nginx reverse proxy correctly
...
Configures the reverse-proxy as per Gerrit's documentation at
https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
2020-06-11 21:13:04 +00:00
Perry Lorier
8ace1010bc
feat(ops/nixos/modules): Add myself.
...
Also alphabetise
2020-06-11 21:13:04 +00:00
Kane York
6d4cae9359
chore(ops/nixos/modules): Add riking to slapd
2020-06-11 21:13:04 +00:00
Vincent Ambo
35df1b94fc
fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timer
2020-06-11 21:13:04 +00:00
Vincent Ambo
4000a76678
feat(monorepo-gerrit): Configure Gerrit for LDAP authentication
2020-06-11 21:13:04 +00:00
Vincent Ambo
740b4b37fc
feat(ops/nixos/modules): Add TVL slapd module
...
This initialises an OpenLDAP server for tvl.fyi
This is the least annoying way to bootstrap Gerrit. Yep.
2020-06-11 21:13:04 +00:00
Vincent Ambo
afe0841e9d
feat(ops/nixos): Add module for configuring Gerrit for the repo
2020-06-11 21:13:04 +00:00
Vincent Ambo
b7766431f4
chore(ops/nixos/camden): Move camden back to nixos-unstable
2020-06-11 21:13:04 +00:00
Vincent Ambo
9ed7f13ab9
feat(nixos/frog): Enable settings required for hardware support
...
... also updates to the latest kernel (this is 5.4 -> 5.6 atm)
2020-06-11 18:28:17 +01:00
Vincent Ambo
ccd63aae8d
fix(nixos/frog): Use correct label for LUKS device
2020-06-11 18:27:56 +01:00
Vincent Ambo
eda1616242
feat(ops/nixos): Initial NixOS configuration for frog
...
This is mostly based on the nugget configuration, because frog
replaces nugget.
2020-06-11 12:21:10 +01:00
Vincent Ambo
923ca074ff
feat(ops/nixos/camden): Link to the TVL monorepo doc
2020-06-07 17:48:24 +01:00
Vincent Ambo
976b49f2ed
feat(ops/nixos/nugget): Install zoxide
2020-05-31 19:16:05 +01:00
Vincent Ambo
dcb39d3198
feat(ops/nixos/camden): Index nixpkgs in hound
...
There is a local nixpkgs clone at /var/git/nixpkgs which must be
manually set to have 'master' point at the desired ref (hound only
supports master).
2020-05-26 11:55:13 +01:00
Vincent Ambo
b9b741287a
feat(ops/nixos/camden): Set up hound at cs.tazj.in
2020-05-26 00:19:27 +00:00
Vincent Ambo
587b0a8b0b
feat(ops/nixos): Add a module for hound
...
This module sets up hound, a generic code search engine.
2020-05-26 00:18:53 +00:00
Vincent Ambo
68e384a77f
ffeat(ops/nixos): Add a dummy to make depot available in modules
...
Because modules are not called via the default depot setup (for now
...), this introduces a dummy module that stores the depot tree itself
in the module configurations.
This makes it possible to write modules that use packages from the
depot.
2020-05-26 00:17:55 +00:00
Vincent Ambo
41bf99bd9e
feat(ops/nixos/nugget): Add sysctl setting necessary for perf
2020-05-24 17:32:48 +01:00
Vincent Ambo
d53f0a2d05
feat(ops/nixos/nugget): Install perf tool
2020-05-24 02:48:49 +01:00
Vincent Ambo
06217f70d2
feat(ops/nixos/nugget): Install rr and hyperfine
2020-05-23 20:37:26 +01:00
Vincent Ambo
56261f1c08
fix(ops/nixos): Pin systems to stable channel
...
NixOS unstable has some software I want when building things, but it's
also broken.
This pins systems to the stable channel for now.
2020-05-22 20:50:25 +01:00
Vincent Ambo
f459332f32
chore: Update from Clang 9 to Clang 10 for all projects
2020-05-22 18:29:47 +01:00
Vincent Ambo
0623fec60a
chore(ops/nixos/nugget): Increase user RuntimeDirectory size to 4GB
...
clangd needs more space to run successfully on the Nix repository.
2020-05-22 18:06:14 +01:00
Vincent Ambo
f2b211131f
chore(ops/nixos/nugget): Use upstream Chromium again
...
Ostensibly there is also a new way to enable VAAPI, need to look into that.
2020-05-22 17:44:16 +01:00
Vincent Ambo
1bb9cd7749
chore(ops/nixos/nugget): Enable fstrim service
2020-05-21 16:56:18 +01:00
Vincent Ambo
f605577d5c
feat(ops/nixos/nugget): Replace system-nix with meson-built one
...
What could possibly go wrong.
2020-05-17 20:49:44 +01:00
Vincent Ambo
3a7434a088
feat(ops/nixos/nugget): Install meson build system
2020-05-17 02:43:05 +01:00
Luke Granger-Brown
9993b0beba
feat(ops/nixos/camden): add /meet/ redirect to tvl.fyi
...
I'm too lazy to keep going to the website to click the button
and also too lazy to add my own redirect.
Add one to tvl.fyi.
2020-05-11 01:24:13 +01:00
Vincent Ambo
30ebf2ee9e
feat(ops/nixos/nugget): Enable SSH agent on nugget
2020-04-26 18:40:16 +01:00
Vincent Ambo
7ef00d0f27
feat(ops/nixos/camden): Enable SSH agent auth
2020-04-26 18:34:10 +01:00
Vincent Ambo
15323a6ee4
feat(ops/nixos/nugget): Install idualctl
2020-04-26 15:52:23 +01:00
Vincent Ambo
322a76cb7a
fix(ops/nixos/camden): Use new //fun/idual CLI structure
2020-04-26 15:51:38 +01:00
Vincent Ambo
64894062a9
feat(ops/nixos/camden): Disable camden firewall
...
The local network is considered trusted and ingress from the outside
world is now handled by the Edgerouter.
2020-04-26 14:58:42 +01:00
Vincent Ambo
6644d0031d
feat(fun/idual && nixos/camden): Add light alarm systemd units
...
Adds a systemd unit to run the idual light alarm using a transient
timer created by systemd-run.
2020-04-26 00:28:19 +01:00
Vincent Ambo
eac683f69c
chore(ops/nixos/nugget): Remove camden from /etc/hosts
...
The new router can actually deal with this sensibly.
2020-04-25 21:46:27 +01:00
Vincent Ambo
8465a5435b
fix(ops/nixos/camden): Introduce brute-force nginx issue fix
...
This adds a timer running every minute that fixes the nginx
permissions that were broken in NixOS 20.03
2020-04-22 12:04:05 +01:00
Vincent Ambo
a488bd3702
feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden
2020-04-21 22:56:37 +01:00
Vincent Ambo
2ca4287cf0
feat(ops/nixos/camden): Use my cachix cache on camden
...
This cache is populated by sourcehut builds.
2020-04-21 22:55:32 +01:00
Vincent Ambo
6a2beb5a6a
feat(ops/nixos/camden): Add vhost for TVL homepage
2020-04-21 03:17:30 +01:00
Vincent Ambo
1229621d7b
feat(ops/nixos/camden): Provision certificate for tvl.fyi
2020-04-21 03:05:03 +01:00
Vincent Ambo
d6f5ca7caf
feat(ops/nixos/camden): Add static IPv6 address to camden
2020-04-20 17:06:19 +01:00
Vincent Ambo
0f0f1a547f
feat(ops/nixos/camden): Configure honk service
2020-04-19 22:58:41 +00:00
Vincent Ambo
688175c1f7
feat(ops/nixos/camden): Install honk
2020-04-19 23:30:19 +01:00
Vincent Ambo
066d34b50e
feat(ops/nixos/nugget): Add chromium with VAAPI patches
...
These patches enable hardware-accelerated video decoding, which is
useful for Stadia.
The main issue with this is that Hydra doesn't currently cache
Chromium with these patches, which means that it is built from scratch
which takes in the order of 5 hours on an otherwise unused nugget.
2020-04-17 12:43:25 +01:00
Vincent Ambo
b4bf0b37b0
chore(ops/nixos/nugget): Install steam again
2020-04-11 13:31:17 +01:00
Vincent Ambo
e90e3153f8
chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in
2020-04-04 21:49:03 +01:00
Vincent Ambo
f43294cd90
chore(ops/nixos/camden): Use upstream tailscale module
2020-04-04 13:17:18 +01:00
Vincent Ambo
de81e087d4
chore(ops/nixos/nugget): Use upstream tailscale module
2020-04-04 13:16:39 +01:00
Vincent Ambo
0f3d11f541
chore(third_party): Remove Tailscale derivation
...
This is now part of nixpkgs itself.
2020-04-04 13:02:57 +01:00
Vincent Ambo
9caf09a244
feat(ops/nixos/camden): Enable RTMP support in nginx
...
This makes it possible to live-stream various things at rtmp://tazj.in/tvl
2020-04-04 01:39:37 +00:00
Vincent Ambo
c3de37f54d
fix(ops/nixos/nugget): Point camden host at new internal IP
...
This changed due to the router replacement.
2020-04-04 02:36:20 +01:00
Vincent Ambo
a89d22eb75
chore(ops/nixos/nugget): Install ffmpeg (including libnpp support)
2020-04-04 02:36:20 +01:00
Vincent Ambo
d2d7385833
feat(ops/nixos/nugget): Add module for v4l2loopback support
...
This kernel module creates a fake video input device to which I can
stream various things, such as screen grabs or qyliss' video stream
for TVL.
2020-04-04 02:36:20 +01:00
Vincent Ambo
9b606e2c4e
feat(ops/nixos/nugget): Install clang & friends system-wide
2020-04-04 02:36:20 +01:00
Vincent Ambo
576f190972
fix(ops/nixos/nugget): Ensure that 'nuggetEmacs' is used for EXWM
2020-03-12 23:49:39 +00:00
Vincent Ambo
080c3591ca
chore(ops/nixos/nugget): Disable DHCP for Remarkable USB conn
...
This otherwise holds up the boot process if the device is not
connected, which is annoying.
2020-03-12 23:27:12 +00:00
Vincent Ambo
de362fd278
feat(ops/nixos/nugget): Install google-c-style in Emacs
2020-03-12 23:27:12 +00:00
Vincent Ambo
814729bd04
fix(ops/nixos/camden): Add required options for ACME updates
...
The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.
[0]: https://github.com/NixOS/nixpkgs/pull/77578
2020-03-01 01:11:28 +00:00
Vincent Ambo
1f5d2d424c
chore(third_party): Remove guile 3.0 override
...
I don't actually use guile at all, this was just for experimentation.
2020-03-01 01:07:48 +00:00
Vincent Ambo
d38995385b
chore(ops/nixos/nugget): Use DHCP for Remarkable USB connection
2020-03-01 00:50:16 +00:00
Vincent Ambo
68d1d87a9b
fix(ops/nixos/camden): Add missing quote in nginx config
2020-02-21 16:12:48 +00:00
Vincent Ambo
25d8e7ce25
feat(ops/nixos/camden): Modify nginx log format
...
This log format contains more structured and correctly typed
information, which I can now use for dashboards and stuff in Stackdriver.
2020-02-21 16:10:08 +00:00
Vincent Ambo
1e51a2135d
fix(ops/nixos/camden): Configure nginx to not log hostnames
...
Hostname prefixes break JSON serialisation, leading to useless
Stackdriver Logging entries.
2020-02-21 16:01:54 +00:00
Vincent Ambo
703aebe6a9
feat(ops/nixos/camden): Install jq
2020-02-21 15:43:07 +00:00
Vincent Ambo
6e4df43f62
feat(ops/nixos/camden): Forward logs to Stackdriver Logging
...
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.
The service account key for camden has been placed on the machine
manually.
2020-02-21 15:35:51 +00:00
Vincent Ambo
7290a18cb1
chore(ops/nixos/nugget): Remove input-fonts package
...
My default font is now Jetbrains Mono everywhere.
2020-02-21 13:54:53 +00:00
Vincent Ambo
4bbbb58cb5
chore: Rename pkgs->depot in all Nix file headers
2020-02-21 13:54:53 +00:00
Vincent Ambo
0e54b3eb6a
Merge branch 'fix/camden-trusted-users'
2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7
fix(ops/nixos/camden): Add myself to trusted Nix users
2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b
fix(ops/nixos/camden): Use pounce from //third_party
2020-02-17 00:52:07 +00:00
Vincent Ambo
1b31b47ef1
feat(ops/nixos/camden): Install pounce on camden
2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad
feat(ops/nixos/camden): Enable support for mosh
2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892
Merge branch 'feat/camden-migration'
2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1
chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames
2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b
refactor(ops/nixos/camden): Merge ACME certificate blocks
2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f
feat(camden): Move to actual tazj.in hostnames
2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7
feat(ops/nixos/nugget): Add camden to /etc/hosts
...
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763
feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden
2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a
feat(ops/nixos/camden): Move ACME configuration out of nginx
...
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3
feat(ops/nixos/camden): Set up cgit service
...
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.
The depot checkout was configured as:
mkdir -p /var/git && chown git: /var/git
# now, as the git user, in /var/git
git clone --bare ... depot
chmod -R g+rw /var/git
chmod g+s (find /var/git -type d)
git init --bare --shared=all depot
My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.
Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753
fix(nix/tailscale): Fix incorrect Tailscale ACL config type
2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca
feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
...
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629
feat(ops/nixos/camden): Enable haveged entropy "generator"
2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377
feat(ops/nixos/nugget): Set up nginx serving homepage & blog
...
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712
fix(ops/nixos/camden): Use package set from depot pin
2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b
feat(nix/tailscale): Add function for generating tailscale ACLs
...
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b
feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh
2020-02-11 16:27:34 +00:00