Commit graph

164 commits

Author SHA1 Message Date
Luke Granger-Brown
a342bdb80b feat(monorepo-gerrit): link to git.tazj.in as source browser
Change-Id: Ia31389a958c1927b63dfebb7c2ed2054177410b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/23
Reviewed-by: tazjin <mail@tazj.in>
2020-06-11 22:17:23 +00:00
Vincent Ambo
7875753659 fix(monorepo-gerrit): Disable 'DynamicUser' feature for Gerrit
This change makes Gerrit run as the 'git' user, which can be shared by
other services such as hound or cgit to access the git trees.

Change-Id: Ic6c91f3e852184f5ef21f4374738cbf687462194
Reviewed-on: https://cl.tvl.fyi/c/depot/+/21
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: isomer <isomer@tvl.in>
2020-06-11 21:52:30 +00:00
Vincent Ambo
ea3cab8755 fix(monorepo-gerrit): Extract SSH username from LDAP correctly 2020-06-11 21:13:04 +00:00
Vincent Ambo
fba9d0b387 feat(tvl-slapd): Add lukegb's user account 2020-06-11 21:13:04 +00:00
Vincent Ambo
1d40329609 fix(monorepo-gerrit): Configure nginx reverse proxy correctly
Configures the reverse-proxy as per Gerrit's documentation at
https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
2020-06-11 21:13:04 +00:00
Perry Lorier
8ace1010bc feat(ops/nixos/modules): Add myself.
Also alphabetise
2020-06-11 21:13:04 +00:00
Kane York
6d4cae9359 chore(ops/nixos/modules): Add riking to slapd 2020-06-11 21:13:04 +00:00
Vincent Ambo
35df1b94fc fix(ops/nixos/camden): Include /var/cache/nginx in nginx fix timer 2020-06-11 21:13:04 +00:00
Vincent Ambo
4000a76678 feat(monorepo-gerrit): Configure Gerrit for LDAP authentication 2020-06-11 21:13:04 +00:00
Vincent Ambo
740b4b37fc feat(ops/nixos/modules): Add TVL slapd module
This initialises an OpenLDAP server for tvl.fyi

This is the least annoying way to bootstrap Gerrit. Yep.
2020-06-11 21:13:04 +00:00
Vincent Ambo
afe0841e9d feat(ops/nixos): Add module for configuring Gerrit for the repo 2020-06-11 21:13:04 +00:00
Vincent Ambo
b7766431f4 chore(ops/nixos/camden): Move camden back to nixos-unstable 2020-06-11 21:13:04 +00:00
Vincent Ambo
9ed7f13ab9 feat(nixos/frog): Enable settings required for hardware support
... also updates to the latest kernel (this is 5.4 -> 5.6 atm)
2020-06-11 18:28:17 +01:00
Vincent Ambo
ccd63aae8d fix(nixos/frog): Use correct label for LUKS device 2020-06-11 18:27:56 +01:00
Vincent Ambo
eda1616242 feat(ops/nixos): Initial NixOS configuration for frog
This is mostly based on the nugget configuration, because frog
replaces nugget.
2020-06-11 12:21:10 +01:00
Vincent Ambo
923ca074ff feat(ops/nixos/camden): Link to the TVL monorepo doc 2020-06-07 17:48:24 +01:00
Vincent Ambo
976b49f2ed feat(ops/nixos/nugget): Install zoxide 2020-05-31 19:16:05 +01:00
Vincent Ambo
dcb39d3198 feat(ops/nixos/camden): Index nixpkgs in hound
There is a local nixpkgs clone at /var/git/nixpkgs which must be
manually set to have 'master' point at the desired ref (hound only
supports master).
2020-05-26 11:55:13 +01:00
Vincent Ambo
b9b741287a feat(ops/nixos/camden): Set up hound at cs.tazj.in 2020-05-26 00:19:27 +00:00
Vincent Ambo
587b0a8b0b feat(ops/nixos): Add a module for hound
This module sets up hound, a generic code search engine.
2020-05-26 00:18:53 +00:00
Vincent Ambo
68e384a77f ffeat(ops/nixos): Add a dummy to make depot available in modules
Because modules are not called via the default depot setup (for now
...), this introduces a dummy module that stores the depot tree itself
in the module configurations.

This makes it possible to write modules that use packages from the
depot.
2020-05-26 00:17:55 +00:00
Vincent Ambo
41bf99bd9e feat(ops/nixos/nugget): Add sysctl setting necessary for perf 2020-05-24 17:32:48 +01:00
Vincent Ambo
d53f0a2d05 feat(ops/nixos/nugget): Install perf tool 2020-05-24 02:48:49 +01:00
Vincent Ambo
06217f70d2 feat(ops/nixos/nugget): Install rr and hyperfine 2020-05-23 20:37:26 +01:00
Vincent Ambo
56261f1c08 fix(ops/nixos): Pin systems to stable channel
NixOS unstable has some software I want when building things, but it's
also broken.

This pins systems to the stable channel for now.
2020-05-22 20:50:25 +01:00
Vincent Ambo
f459332f32 chore: Update from Clang 9 to Clang 10 for all projects 2020-05-22 18:29:47 +01:00
Vincent Ambo
0623fec60a chore(ops/nixos/nugget): Increase user RuntimeDirectory size to 4GB
clangd needs more space to run successfully on the Nix repository.
2020-05-22 18:06:14 +01:00
Vincent Ambo
f2b211131f chore(ops/nixos/nugget): Use upstream Chromium again
Ostensibly there is also a new way to enable VAAPI, need to look into that.
2020-05-22 17:44:16 +01:00
Vincent Ambo
1bb9cd7749 chore(ops/nixos/nugget): Enable fstrim service 2020-05-21 16:56:18 +01:00
Vincent Ambo
f605577d5c feat(ops/nixos/nugget): Replace system-nix with meson-built one
What could possibly go wrong.
2020-05-17 20:49:44 +01:00
Vincent Ambo
3a7434a088 feat(ops/nixos/nugget): Install meson build system 2020-05-17 02:43:05 +01:00
Luke Granger-Brown
9993b0beba feat(ops/nixos/camden): add /meet/ redirect to tvl.fyi
I'm too lazy to keep going to the website to click the button
and also too lazy to add my own redirect.

Add one to tvl.fyi.
2020-05-11 01:24:13 +01:00
Vincent Ambo
30ebf2ee9e feat(ops/nixos/nugget): Enable SSH agent on nugget 2020-04-26 18:40:16 +01:00
Vincent Ambo
7ef00d0f27 feat(ops/nixos/camden): Enable SSH agent auth 2020-04-26 18:34:10 +01:00
Vincent Ambo
15323a6ee4 feat(ops/nixos/nugget): Install idualctl 2020-04-26 15:52:23 +01:00
Vincent Ambo
322a76cb7a fix(ops/nixos/camden): Use new //fun/idual CLI structure 2020-04-26 15:51:38 +01:00
Vincent Ambo
64894062a9 feat(ops/nixos/camden): Disable camden firewall
The local network is considered trusted and ingress from the outside
world is now handled by the Edgerouter.
2020-04-26 14:58:42 +01:00
Vincent Ambo
6644d0031d feat(fun/idual && nixos/camden): Add light alarm systemd units
Adds a systemd unit to run the idual light alarm using a transient
timer created by systemd-run.
2020-04-26 00:28:19 +01:00
Vincent Ambo
eac683f69c chore(ops/nixos/nugget): Remove camden from /etc/hosts
The new router can actually deal with this sensibly.
2020-04-25 21:46:27 +01:00
Vincent Ambo
8465a5435b fix(ops/nixos/camden): Introduce brute-force nginx issue fix
This adds a timer running every minute that fixes the nginx
permissions that were broken in NixOS 20.03
2020-04-22 12:04:05 +01:00
Vincent Ambo
a488bd3702 feat(ops/nixos/camden): Install 'bat' and 'ripgrep' on camden 2020-04-21 22:56:37 +01:00
Vincent Ambo
2ca4287cf0 feat(ops/nixos/camden): Use my cachix cache on camden
This cache is populated by sourcehut builds.
2020-04-21 22:55:32 +01:00
Vincent Ambo
6a2beb5a6a feat(ops/nixos/camden): Add vhost for TVL homepage 2020-04-21 03:17:30 +01:00
Vincent Ambo
1229621d7b feat(ops/nixos/camden): Provision certificate for tvl.fyi 2020-04-21 03:05:03 +01:00
Vincent Ambo
d6f5ca7caf feat(ops/nixos/camden): Add static IPv6 address to camden 2020-04-20 17:06:19 +01:00
Vincent Ambo
0f0f1a547f feat(ops/nixos/camden): Configure honk service 2020-04-19 22:58:41 +00:00
Vincent Ambo
688175c1f7 feat(ops/nixos/camden): Install honk 2020-04-19 23:30:19 +01:00
Vincent Ambo
066d34b50e feat(ops/nixos/nugget): Add chromium with VAAPI patches
These patches enable hardware-accelerated video decoding, which is
useful for Stadia.

The main issue with this is that Hydra doesn't currently cache
Chromium with these patches, which means that it is built from scratch
which takes in the order of 5 hours on an otherwise unused nugget.
2020-04-17 12:43:25 +01:00
Vincent Ambo
b4bf0b37b0 chore(ops/nixos/nugget): Install steam again 2020-04-11 13:31:17 +01:00
Vincent Ambo
e90e3153f8 chore(ops/nixos/camden): Enable HSTS headers on *.tazj.in 2020-04-04 21:49:03 +01:00