Commit graph

16 commits

Author SHA1 Message Date
Vincent Ambo
472f727c24 fix(ops/gerrit): mitigate Quarkus temporarily
Keycloak has a new thing going on: Wildfly (whatever that is) is out,
and Quarkus (whatever that is) is in.

https://www.keycloak.org/migration/migrating-to-quarkus

This breaks our stuff, however, so we're using the Gerrit OAuth
plugins recommendations for how to work around that:

8d467e9945%5E%21/#F1

Change-Id: I2391a89c6791015e66c5e480b905b6ee56663020
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10905
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-02-15 16:23:32 +00:00
Luke Granger-Brown
28173ca4b9 chore(3p/gerrit): 3.8.2 -> 3.9.1
Change-Id: I8fa10b52c44bd3d5efb0fff740ad6d5da6e96831
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10802
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2024-02-12 15:59:15 +00:00
Vincent Ambo
47e34b2c36 fix(monorepo-gerrit): fix linking to bugs & CLs in commits
In some Gerrit version upgrade the syntax of this config element seems
to have changed. There's now one less level of escaping, and it no
longer produces raw HTML but rather a link.

Fixes b/319.

Change-Id: I8d86d23e91cb003e950d9a6723bb0a5ee5d80bb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9952
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2023-11-05 10:39:40 +00:00
sterni
0c178a0ef6 chore(3p/sources): Bump channels & overlays
Upstream nixpkgs removed a lot of aliases this time, so we needed to do
the following transformations. It's a real shame that aliases only
really become discoverable easily when they are removed.

* runCommandNoCC -> runCommand
* gmailieer -> lieer
  We also need to work around the fact that home-manager hasn't catched
  on to this rename.
* mysql -> mariadb
* pkgconfig -> pkg-config
  This also affects our Nix fork which needs to be bumped.
* prometheus_client -> prometheus-client
* rxvt_unicode -> rxvt-unicode-unwrapped
* nix-review -> nixpkgs-review
* oauth2_proxy -> oauth2-proxy

Additionally, some Go-related builders decided to drop support for
passing the sha256 hash in directly, so we need to use the generic hash
arguments.

Change-Id: I84aaa225ef18962937f8616a9ff064822f0d5dc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6792
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-09-28 08:02:31 +00:00
Luke Granger-Brown
adf092a26b feat(monorepo-gerrit): swap owners plugin for code-owners
Change-Id: I9e05384b58dac258bc2da41c22e321b20451ef00
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6686
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2022-09-19 11:17:07 +00:00
Vincent Ambo
c08e47903e feat(ops): configure depot replication to sanduny
this configures gerrit's built-in replication plugin to push every
change in depot to sanduny.

this allows us to serve a replica of depot from sanduny.

manual config that was needed which needs to be automated:

* system-wide known_hosts does not work, needed one in /var/lib/git
* .ssh/config MUST be present and configured for sanduny.tvl.su

Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 20:54:06 +00:00
Vincent Ambo
aa122cbae7 style: format entire depot with nixpkgs-fmt
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-31 16:11:53 +00:00
Vincent Ambo
738cca62c1 feat(monorepo-gerrit): Configure for Keycloak compatibility
Change-Id: Ic3fce02b071c09cf03e652510f16bafb795a5a1d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4614
Autosubmit: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
2021-12-26 00:10:09 +00:00
Vincent Ambo
82a885a750 refactor(ops): Use besadii configuration from agenix
We already checked this in, but this commit adds the configuration for
making use of it.

There are two copies of besadii's JSON configuration with different
permissions.

Note that the buildkite-graphql-token path needs to be updated in
static-pipeline.yml, but this needs to happen in a separate commit
after deploy because the pipeline will break otherwise.

Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
2021-12-10 19:31:36 +00:00
Vincent Ambo
6faf0edaff fix(ops): Correctly pass command name to besadii invocations
Ensure that besadii sees $0 as the correct command name, since that is
the sole mechanism by which its functionality is switched around.

There was a lingering commit that introduced this bug and hadn't been
deployed in a couple of days. Maybe time to tighten deploy cycles soon
...

Change-Id: Ie4284c0f6e5e06d71a71a3702ec7e092260e0ce5
2021-12-07 18:27:44 +00:00
Vincent Ambo
ee635d4645 chore(ops/modules): Configure besadii call sites to load config
On whitby, the besadii config will live in
/etc/secrets/besadii.json. This CL updates the call sites to pass this
config path to besadii so that it can load Sourcegraph configuration.

Change-Id: Ia139b9fa3b827e7a5f2386214390acc6fe19a75a
2021-12-02 13:10:20 +03:00
Vincent Ambo
c1aab56a02 feat(besadii): Support invocation as different Gerrit hooks
Removes besadii support for the previously used 'ref-updated' hook and
instead introduces support for the 'change-merged' and
'patchset-created' hooks.

These hooks more accurately capture the semantics of when besadii
should trigger CI builds and using them will avoid problems such as
skipping 'canon' builds if chains of CLs are submitted together.

Change-Id: Ib90356c069780bf0c0250e56b927e46a5b31ce7f
2021-12-01 12:49:31 +03:00
Vincent Ambo
0e3858b5e5 refactor(whitby): Move restic path configuration into modules
This lets each service declare their backup paths together with the
configuration for the service, which is a lot more sensible than what
we had before.

Fixes b/147

Change-Id: If76fe62639f4cc0e6fbb63a2959d584479d8f0fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3583
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-09-18 15:10:34 +00:00
Vincent Ambo
03c3d49b87 fix(monorepo-gerrit): Enable adding new email addresses to accounts
This is required when people change their email addresses (e.g.
cl/3349) as nothing in Gerrit will update that information from the
OAuth provider.

Change-Id: I1eafdf22efd37898dcd0d06bb9a5d1471ffb5e31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3356
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-08-15 13:59:18 +00:00
Vincent Ambo
79c9506eea fix(monorepo-gerrit): Pin JVM version used for Gerrit
Change-Id: Ib22cdc415cbd5a8345b9589b2c34b3908996dd57
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3322
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-08-12 13:07:55 +00:00
Vincent Ambo
90281c4eac refactor(ops): Split //ops/nixos into different locations
Splits //ops/nixos into:

* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)

This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.

Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
2021-04-11 22:18:22 +00:00
Renamed from ops/nixos/monorepo-gerrit.nix (Browse further)