Commit graph

120 commits

Author SHA1 Message Date
Vincent Ambo
84a1e9e081 chore(whitby): upgrade to PostgreSQL 16
Relates to b/330

Change-Id: If5ef3e999511754e6eb69a4c0a44e6eed21b56b5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9949
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-11-05 09:16:28 +00:00
Vincent Ambo
e60478ae3c chore(whitby): upgrade to PostgreSQL 12
Relates to b/330

Change-Id: I9169374a2324dc39e539d3e803f8ab15a308e5fd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9945
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-11-05 09:04:58 +00:00
Vincent Ambo
a63f991351 feat(ops/www): add experimental grep.tvl.fyi setup
This points a reverse proxy at a manually run, highly experimental
container. The actual setup is not yet nixified.

Change-Id: I8e1d5ec94a3f1e9b4b0bfc7ffd2a9badf4e79291
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9577
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2023-10-09 07:03:05 +00:00
Vincent Ambo
4bf541109a chore(whitby): remove Nixery configuration
nixery.dev is running on a separate host now, it's not required here anymore.

Change-Id: Ie03d5847f8313fdfcf56fa43bb03651b3e4925f0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9552
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
2023-10-06 09:20:15 +00:00
Vincent Ambo
053643c66f chore(ops): remove images.tvl.fyi
I don't even know what this is/was.

Change-Id: I743efa88258bbc13b7a3d4b8de8df222325b00ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9553
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
2023-10-06 09:17:22 +00:00
Vincent Ambo
6b607976ea feat(ops): add nixery-01 instance for hosting nixery.dev
Change-Id: Ida21ac7240a532bb6063b362155f2b14b2859aae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9426
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 17:52:23 +00:00
Vincent Ambo
e187a7bcb1 feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyi
I verified on whitby that the password hashes generated by
//web/pwcrypt are compatible with our OpenLDAP, so it's time to make
this thing public.

Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
2023-09-05 14:44:36 +00:00
Vincent Ambo
b12cd279a4 fix(ops/whitby): remove tazj.in module
this moved out of whitby some time ago (to koptevo.tazj.in), but is
now causing failures because of ACME cert renewal

Change-Id: I4da5512db0d85d416511a1d10f784e978c5ccc93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8948
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2023-07-10 08:22:07 +00:00
Vincent Ambo
763c57b456 chore(ops/whitby): remove broken oauth2_proxy service
this never worked and was never used, but for now the module itself is
still around in case somebody wants it for something

Change-Id: Id8e449e08c8012786bca0ea57d9c7b97056a1f3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8905
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-30 20:21:24 +00:00
sterni
f46a0f7d6e chore(ops/whitby): drop obsolete grub version option
Change-Id: I8f89f00d3eca5cef23dc7698208b08e0b6826393
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8854
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-23 23:20:51 +00:00
Vincent Ambo
8cdad7d45c feat(ops): introduce (head|tail)scale server at net.tvl.fyi
This runs a headscale server on sanduny which lets users join their
machines to the TVL tailscale network.

This would theoretically let people communicate with each other on the
internal network, but also more notably joined servers can advertise
exit node capability so that we can have our own "VPN network", for
starters with endpoints in Germany, UK and Russia (whitby, sanduny and
koptevo respectively).

This setup isn't fully stable yet, notably:

* The IP range used by tailscale is just the default one right now,
  I'm not sure if that should be changed or what.

* The system is stateful (on sanduny), but the state is not (yet)
  backed up anywhere. Use with caution.

* Machine joining is a manual process requiring SSH & root access to
  sanduny.

  The process is to log in to sanduny, then get a headscale shell with
  `sudo -u headscale bash`, and to use the `headscale` CLI within
  there to administrate access.

  I've opted to create a user account `tvl` for TVL-owned machines,
  and a personal account for myself and my machines.

Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2023-06-22 13:23:14 +00:00
sterni
d2fa4e7c86 chore(3p/sources): Bump channels & overlays
* //ops/modules/depot-inbox: Adapt to upstream option type declaration.
  See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076.

* //ops/machines/sanduny, //users/tazjin/polyanka:
  Remove boot.loader.grub.version options (no longer has any effect).

* //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk

* //3p/overlays: update tdlib to match emacs-overlay

* //3p/overlays: give EXWM from depot a separate name

* //users/grfn/system/home: disable Slack support in ntfy

Change-Id: I03bde088bc70e05b23925f244899807210cb7b20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-15 17:09:02 +00:00
sterni
b22b685f0b chore: address renames of boot & tmp related options
Change-Id: I78f2116a63675fff5a36826b3e5390798ab9db9f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8526
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: flokli
2023-05-11 10:10:58 +00:00
sterni
faa45f076d chore: adapt to ssh option renames
Change-Id: I6fc2aaefe40e449bd1937bb68f3a2ab4abaa5cd0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8372
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2023-04-11 14:29:06 +00:00
Vincent Ambo
0965600fe6 feat(ops): serve Tvix website & docs on (docs.)tvix.dev
Change-Id: I198ea197867f9b9a48e51665d0665f722202e02e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8299
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-03-14 22:10:40 +00:00
Alyssa Ross
3c68159b81 chore(whitby): enable zram swap
Whitby has a lot of memory, but I've still been fighting with the OOM
Killer trying to build a few big packages at the same time.  Besides,
it's generally a good idea to always have swap available even if
there's lots of memory for caching optimisation reasons[1], and zram
swap is efficient enough to basically provide bonus memory for free.

[1]: https://haydenjames.io/linux-performance-almost-always-add-swap-space/

Change-Id: I1fbe60f7975ebfa38e341e0de76848ec79b6fcf0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8065
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-02-11 12:14:35 +00:00
Vincent Ambo
d446143413 feat(ops/modules): set up public-inbox at inbox.tvl.su
Initial setup which does not yet include fetching mails at all, this
is for now only going to display a manually populated view of the
existing mailing list while the rest of this stuff is set up.

Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2022-12-27 19:46:11 +00:00
William Carroll
9166a9915a feat(wpcarro/nixos): Support kyoko
Yet Another NixOS System

Change-Id: I29590c5e7c2a651f3ef56642018649dddd9f06b6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7297
Reviewed-by: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-12-12 18:46:16 +00:00
sterni
83dabf8955 fix(ops/machines/whitby): serve grafana at status.tvl.su again
This is a follow up to cl/7191 which neglected to adjust the
status.tvl.su.nix module and re-enable it.

Change-Id: Icc1917004cd50e5eab61a29bc68b393ba9bd6325
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7226
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
2022-11-07 14:43:18 +00:00
Griffin Smith
8240b2959e chore(whitby): Update grafana config
Uncomment and update the grafana config for whitby based on the new
config format that nixos accepts. I've validated this locally by
visually inspecting the resulting `ini` file, but not actually run it
yet.

Change-Id: I12d78ae48146e1b01bd2a4152276d4c6b16c1a3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7191
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-05 15:06:41 +00:00
sterni
57cf952ea9 chore(3p/sources): Bump channels & overlays (OpenSSL edition)
* //ops/machines/whitby: Disable grafana, since the grafana module was
  changed upstream in a way that our configuration no longer works.
  Since the OpenSSL security update is relatively pressing, adapting the
  grafana configuration beforehand is not a hard requirement. See
  https://github.com/NixOS/nixpkgs/pull/191768.

* //tools/depotfmt: keep Go at version 1.18 to forgo a reformat of the
  tree.

* //nix/buildGo: keep Go at version 1.18, as 1.19 changed the CLI
  interface (?) in a way that breaks buildGo.

* //3p/overlays/tvl: drop upstreamed tdlib upgrade.

* //3p/overlays/tvl: patch buf to work around breakage due to git 2.38.1

TODO items for Go are tracked in b/215.

Change-Id: Ie08fef49cf3db12e6b5225a8b992a990ddc5b642
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7141
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-03 15:10:39 +00:00
Vincent Ambo
e255aff849 chore(ops/whitby): use renamed 'kbdInteractiveAuthentication' option
Relates to b/200

Change-Id: Ica7a32e3d2392aba22c2de93cc9be49c4a57eeb9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6838
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-10-02 14:19:33 +00:00
Vincent Ambo
b5cf6b148c chore(ops/whitby): use new keycloak HTTP port option
Relates to b/200

Change-Id: Id8f415d5c4a8947b56031e1671f4f84ac5f2665d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6837
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-10-02 14:19:33 +00:00
Luke Granger-Brown
f190712b7f chore(gerrit): migrate OWNERS files to code-owners style
Change-Id: Iacc521dfdd4b4a2d5cef3920cf8189bcce35a488
2022-09-19 11:13:28 +00:00
Vincent Ambo
beb78c7104 feat(ops/modules): deploy tvixbolt to tvixbolt.tvl.su
Change-Id: I534cf918fc3e03ce8c14cf15f6d3280b6a657c8d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6536
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-09-13 11:05:54 +00:00
sterni
aaa994137a fix: reflect renames of Nix configuration options
Change-Id: I7e28ac3d71acd7d99a1d3ef97bef9422097e4abf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6154
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-08-25 16:34:39 +00:00
Griffin Smith
7ac9b76c3c feat(grfn/system): Add ogopogo
This is my new work desktop

https://en.wikipedia.org/wiki/Ogopogo

Change-Id: I198d8757ff85eec00a303b990efdd2658cbc3e6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5963
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-07-20 02:48:41 +00:00
Vincent Ambo
fcfd097e65 refactor(ops/cgit): make user configurable
on whitby, cgit runs as the gerrit user to get access to serving
gerrit's repositories directly.

on other machines (e.g. sanduny) this isn't necessary, as we have a
world-readable depot replica.

Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 08:49:55 +00:00
Vincent Ambo
4c25c29505 feat(ops/sanduny): run cgit instance
Change-Id: Id869fa46d74f215a9034e86f795a4cd9e93acb16
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5930
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-12 08:49:55 +00:00
Vincent Ambo
c08e47903e feat(ops): configure depot replication to sanduny
this configures gerrit's built-in replication plugin to push every
change in depot to sanduny.

this allows us to serve a replica of depot from sanduny.

manual config that was needed which needs to be automated:

* system-wide known_hosts does not work, needed one in /var/lib/git
* .ssh/config MUST be present and configured for sanduny.tvl.su

Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 20:54:06 +00:00
Vincent Ambo
6ab6724e4c feat(ops/modules): add module for receiving a depot replica
This module sets up a user with an SSH key and permissions to receive
a (pushed) replica of depot from Gerrit.

This still needs appropriate configuration in Gerrit's replication
plugin on the other end.

This module has been enabled for sanduny. For now it does not (yet)
configure git serving.

Change-Id: I0fb6f7e696609e71008308e855bdf305dcbcd4f7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5913
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 15:02:21 +00:00
Vincent Ambo
f8ed0088ea fix(ops/sanduny): Enable our binary cache
Change-Id: I53f4c5b667018c0d3b01b307411200b66f6a7de3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5901
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: tazjin <tazjin@tvl.su>
2022-06-27 18:17:52 +00:00
Vincent Ambo
1094306aa9 refactor(web/cgit-tvl): Move cgit config back out of module
It occured to me yesterday that with the config inside of the module
it is kind of difficult to test cgit locally.

This moves it back to a separate location (//web/cgit-tvl) and makes
the most important things configurable via overrides.

Change-Id: I9b0f4c60b75c31441e1718e63b5b55aba3100aae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5893
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-27 14:15:07 +00:00
William Carroll
11a8eea0e3 feat(wpcarro/tarasco): Support tarasco 🇲🇽
Named after the Mexican restaurant, El Tarasco, in El Porto, which I live 3m
walking distance from.

Change-Id: I2cd4b68eaa974ad6c8fec73e0566bc0b831c57a8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5743
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-05-27 23:21:25 +00:00
Vincent Ambo
48dfefe40d refactor(sanduny): Prepare for restricted-eval
Change-Id: I83a404dc7dbaf5ca53659d03df4e4de461a9d046
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5688
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 14:17:33 +00:00
Vincent Ambo
250300f167 refactor(whitby): Prepare for restricted-eval
Change-Id: I7604ca29310d759b0ffee2ffb0048b6365a2894c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5683
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 14:17:32 +00:00
Vincent Ambo
e3a31b702a feat(whitby): Deploy private SSH key for build agents
Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-25 23:53:09 +00:00
sterni
03d1986316 feat(3p/agenix): update to 2022-05-16 and add to niv
The new version brings the new secretsDir setting which means we no
longer have to hardcode /run/agenix everywhere.

Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
2022-05-25 15:00:37 +00:00
Vincent Ambo
302b754d7a feat(tazjin/nixos): Add system configuration for zamalek
This is my new Huawei MateBook X.

Change-Id: I32a8b77dd8f53b3c89bf63f448cd2880f9a457b7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5554
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-10 13:41:33 +00:00
Vincent Ambo
c05c4995ab chore(3p/sources): Bump channels and overlays
Changes:

* updated keycloak configuration for new version
* migrate to emacs28 outside of //users, re-add emacs27 but with a
  warning attached urging people to migrate

Change-Id: I3e5765a63934541f72f6c4a8673d3b4671850c93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5501
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: wpcarro <wpcarro@gmail.com>
2022-04-21 16:54:07 +00:00
William Carroll
d843f0bf4c feat(wpcarro/ava): Support new machine
ava is my new (NixOS!) work machine :)

Change-Id: I1f089f00c02519d5d1d93d011f29075d53500e74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5450
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-04-15 19:07:51 +00:00
Vincent Ambo
1a2fe4b063 feat(whitby): Increase prometheus retention time to 90d
Change-Id: I67287d7b1d8ee2c3004d381b5bc684bf4fc7d42c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5429
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-04-11 16:18:38 +00:00
Vincent Ambo
ac6717fe3c fix(ops/modules/www): Make self-redirect to config a generic module
As suggested by sterni, this makes the self-redirect of a machine to
its configuration a generic module working by convention.

In the process of moving this two small fixes have been applied:

* redirect is only applied if the URI is `/`, this is required for
  ACME to work
* addSSL = true is added, otherwise we have a certificate but no TLS
  listener

Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2022-02-18 11:39:01 +00:00
Vincent Ambo
5b701ad713 feat(sanduny): Enable journaldriver module
Change-Id: I9026386664000448642ff635bd71a7af5ed546c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5303
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 11:38:34 +00:00
Vincent Ambo
536e01e967 refactor(ops/modules): Move journaldriver configuration into module
This makes the journaldriver configuration machine-independent.
The secret is loaded from agenix instead of being persisted on disk.

Change-Id: I592ae7f5726fcb7f37a406f69dcf5ac498eeb1b7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5302
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 11:38:34 +00:00
Vincent Ambo
c72abe04f2 feat(sanduny): Configure Bitfolk nameservers
Change-Id: I81b252aedbf1ce3543a167b6c1942c404d4f1f1e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5312
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 11:35:21 +00:00
Vincent Ambo
95780174e1 feat(ops/machines): Add a module for known SSH keys
Change-Id: I443e479f3edf9c6540de7b5a33bc6f7e2a9c5183
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5305
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 08:22:56 +00:00
Vincent Ambo
b936843bb0 feat(ops/modules): Redirect machine base names to their config
With this change, entering just "whitby.tvl.fyi" or "sanduny.tvl.su"
in a browser will redirect users to their machine configurations.

Change-Id: Ibf076a469bcce073e1b1970aa568d6fe16a5c75a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5304
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-02-18 08:15:56 +00:00
Vincent Ambo
f4f1d97052 refactor(ops/modules): Move ACME base configuration into base.nix
This needs to be present on all machines that run ACME stuff.

I've switched the address for a .su one because I have a catchall for
these.

Change-Id: I7af8e1f1cb2fcfbcba4b7d1930ed0edef0106d72
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5306
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-18 08:15:56 +00:00
Vincent Ambo
e1353ff2cf feat(ops/machines): Add tvl-users to sanduny.tvl.su
Change-Id: I20f54f4ab298cfee91062f7bf4cdc8b0b3ccb37c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5299
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-02-17 18:11:58 +00:00