Vincent Ambo
bcc797fa2f
feat(camden): Move to actual tazj.in hostnames
2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7
feat(ops/nixos/nugget): Add camden to /etc/hosts
...
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763
feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden
2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a
feat(ops/nixos/camden): Move ACME configuration out of nginx
...
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3
feat(ops/nixos/camden): Set up cgit service
...
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.
The depot checkout was configured as:
mkdir -p /var/git && chown git: /var/git
# now, as the git user, in /var/git
git clone --bare ... depot
chmod -R g+rw /var/git
chmod g+s (find /var/git -type d)
git init --bare --shared=all depot
My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.
Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753
fix(nix/tailscale): Fix incorrect Tailscale ACL config type
2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca
feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
...
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629
feat(ops/nixos/camden): Enable haveged entropy "generator"
2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377
feat(ops/nixos/nugget): Set up nginx serving homepage & blog
...
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712
fix(ops/nixos/camden): Use package set from depot pin
2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b
feat(nix/tailscale): Add function for generating tailscale ACLs
...
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b
feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh
2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37
fix(ops/nixos): Add camden to rebuilder script
...
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336
feat(ops/nixos): Add initial configuration for host camden
2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372
feat(ops/nixos/nugget): Enable tailscale-relay
2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a
feat(ops/nixos): Add NixOS module for running tailscale
...
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
77085f5876
chore(ops/nixos/nugget): Install tailscale on nugget
2020-02-11 00:09:34 +00:00
Vincent Ambo
21e0279e08
chore(ops/infra/k8s): Bump website replicas to 3
...
There are typically 3 machines in the cluster, might as well have 3
website instances!
2020-02-09 02:21:09 +00:00
Vincent Ambo
4a18b3971a
fix(ops/infra/k8s): Send www.* to nginx for redirections
2020-02-09 01:54:13 +00:00
Vincent Ambo
d0800197c4
feat(ops/infra/k8s): Add website deployment configuration
2020-02-09 01:30:56 +00:00
Vincent Ambo
87967d5be3
docs: Update README with new website setup
2020-02-09 01:30:34 +00:00
Vincent Ambo
eb6e64ad47
chore(ops/infra/k8s): Delete tazblog deployment
2020-02-09 01:27:46 +00:00
Vincent Ambo
1d7b1334fd
feat(ops/nixos/nugget): Install i3lock
2020-02-08 13:32:25 +00:00
Vincent Ambo
ba20ee65f6
feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools
2020-02-07 12:14:37 +00:00
Vincent Ambo
76f7ace273
feat(ops/nixos/nugget): Enable U2F hardware support
2020-02-04 23:41:52 +00:00
Vincent Ambo
264a55e2e0
feat(ops/nixos/nugget): Install unzip
2020-01-25 20:39:54 +00:00
Vincent Ambo
e50c669310
feat(ops/nixos/nugget): Enable Keybase "service"
2020-01-20 22:31:29 +00:00
Vincent Ambo
e93913d6cd
feat(ops/mq_cli): Bump dependencies & add derivation
2020-01-20 13:50:29 +00:00
Vincent Ambo
336937814c
feat(ops/posix_mq.rs): Set up Nix build
2020-01-20 11:59:21 +00:00
Vincent Ambo
0d4c93878d
chore(ops): Remove deprecated .travis.yml files
2020-01-20 11:51:24 +00:00
Vincent Ambo
0b146dc079
chore(ops/posix_mq.rs): Update crate dependencies to recent versions
...
First bump since 2017! This changes the code to be compatible with
newer versions of the `nix` crate, which has shuffled things around a
bit.
2020-01-20 11:51:24 +00:00
Vincent Ambo
4bc3196c9a
Add 'ops/mq_cli/' from commit 'df29b08bffc90cfd4f2d963a8e48d89f7a86308d'
...
git-subtree-dir: ops/mq_cli
git-subtree-mainline: b59c7e693c
git-subtree-split: df29b08bff
2020-01-20 11:32:26 +00:00
Vincent Ambo
b59c7e693c
Add 'ops/posix_mq.rs/' from commit 'f7d1a38da67e92e0e87dbb988d288f0be2714f5c'
...
git-subtree-dir: ops/posix_mq.rs
git-subtree-mainline: 8f68497269
git-subtree-split: f7d1a38da6
2020-01-20 11:32:02 +00:00
Vincent Ambo
1f68644dc9
feat(third_party/guile): Override guile to version 3.0.0
...
Lets try this thing out!
2020-01-19 19:34:39 +00:00
Vincent Ambo
0a3613996f
feat(ops/nixos/nugget): Install miller
2020-01-19 18:56:44 +00:00
Vincent Ambo
7b011de1b8
chore(ops/nixos/nugget): Aimlessly tweak font configuration
...
These settings seem to be very mildly better than what I had before,
but I'm not entirely sure.
2020-01-19 16:38:32 +00:00
Vincent Ambo
ee34920a98
fix(infra/k8s/nixery): Add GCSR hosts to SSH known_hosts for Nixery
...
Unsure how this worked at all previously?
2020-01-19 02:17:52 +00:00
Vincent Ambo
89b0a43786
feat(ops/nixos/nugget): Connect to wifi & install Google Chrome
...
This adds configuration which, sometimes, when the stars align just
right, makes it possible to cast to the Chromecast from nugget.
2020-01-19 01:44:40 +00:00
Vincent Ambo
d05489adaa
chore(build): Rename tazjins-depot -> depot
...
Sourcehut namespaces this under ~tazjin/ anyways.
2020-01-19 01:44:26 +00:00
Vincent Ambo
028559610f
chore(ops/sync-gcsr): Rotate Cachix secret in sourcehut
2020-01-19 01:08:00 +00:00
Vincent Ambo
6a0b37a196
fix(ops/sync-gcsr): Ensure cachix is installed
2020-01-18 17:33:21 +00:00
Vincent Ambo
7aa8f32065
docs(ops/kontemplate): Update installation notes
...
Removed the AUR package (which has not been updated since 2017) and
made Nix the recommended installation method.
2020-01-18 17:31:28 +00:00
Vincent Ambo
48d31b7770
fix(ops/sync-gcsr): Avoid echoing the Cachix secret
...
sourcehut does not censor secret strings in build logs, but this
workaround should avoid the issue.
2020-01-18 16:34:54 +00:00
Vincent Ambo
526b9c4572
feat(ops/sync-gcsr): Log successful build triggers
2020-01-18 15:49:12 +00:00
Vincent Ambo
61830ebc5b
feat(ops/infra/k8s): Add sourcehut configuration to sync-gcsr
2020-01-18 15:48:52 +00:00
Vincent Ambo
af63d2604e
feat(sync-gcsr): Add builds.sr.ht build manifest
...
Adds a simple build manifest that builds everything in ci-builds.nix
and pushes results to Cachix on success.
2020-01-18 15:37:05 +00:00
Vincent Ambo
b8355066e8
feat(sync-gcsr): Trigger sourcehut builds on master branch changes
...
Calls the sourcehut API at builds.sr.ht to trigger a build if the
master branch changes.
The build manifest is going to be stored in the depot too, coming up
next ...
2020-01-18 15:36:15 +00:00
Vincent Ambo
44116522dd
feat(ops/sync-gcsr): Skip unneccessary branch updates
...
Checks whether branches are already up-to-date before setting
references.
This also makes it possible to hook additional logic on the update
flow.
2020-01-18 14:49:34 +00:00
Vincent Ambo
a21be17719
chore(ops/infra/gcp): Update enabled GCP APIs
2020-01-18 12:43:53 +00:00
Vincent Ambo
a52c0c4198
feat(nixos/nugget): Install cachix binary
2020-01-18 11:29:18 +00:00