mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1095 commits 5 branches 0 tags 172 MiB
Commit graph

1095 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Ambo
2e4c630f64
Merge pull request #7 from tazjin/chore/bump-19.09 
Update nixpkgs set to NixOS 19.09
 2019-10-25 18:48:12 +01:00
Vincent Ambo
d35debf882 chore: Bump Nixery version & package set configuration 2019-10-25 15:52:23 +02:00
Vincent Ambo
9081e4aae4 chore: Bump nixpkgs and use Terraform from stable 2019-10-25 10:03:52 +02:00
Vincent Ambo
d290684669 refactor(build): Only build projects explicitly set as CI projects 2019-09-22 17:21:35 +01:00
Vincent Ambo
2bc1bedd9e chore(gemma): Mark gemma as broken (again) 
Something broke in one of the Lisp dependencies (again).
 2019-09-22 17:20:00 +01:00
Vincent Ambo
3a79e8b932 refactor(build): Add ciProjects attribute for CI builds 
This attribute contains a list of all derivations that should be built
by the CI for this repository.

This includes all of my own packages that are not marked as broken, as
well as select third-party packages.
 2019-09-22 17:19:13 +01:00
Vincent Ambo
5b446efb66 chore(tazblog): Remove more unneeded dependencies 2019-09-22 17:05:24 +01:00
Vincent Ambo
2fceba1618 chore(k8s): Bump deployed Nixery version 2019-09-21 15:46:58 +01:00
Vincent Ambo
415dc01e5e chore: Bump Nix channel to a more recent version 
This version has Nixery popularity data available.
 2019-09-21 15:41:19 +01:00
Vincent Ambo
bcdd2d3fcb chore(third_party): Bump Nixery version 2019-09-21 15:39:45 +01:00
Vincent Ambo
4c3f27b9a7 refactor(k8s): Parameterise the nginx version 2019-09-21 15:37:44 +01:00
Vincent Ambo
52fabe4423 fix(k8s): Reinsert passLookup newline after kontemplate trims it 
SSH can not read the key without the trailing newline. Ideally
kontemplate would expose a toggle for this.
 2019-09-04 16:59:38 +01:00
Vincent Ambo
b41be36bb7
Merge pull request #6 from tazjin/fix/nixery-secrets-namespace 
Fix Nixery resources namespace & bump kontemplate
 2019-09-04 14:18:08 +01:00
Vincent Ambo
16b317fa5a chore: Update kontemplate to v1.8.0 
This version is agnostic of the working directory even if
insertFile/insertTemplate are used, which makes it a lot nicer to work
with in this repository structure.
 2019-09-04 12:58:04 +01:00
Vincent Ambo
56f9e37755 fix(k8s): Move nixery-secrets to the correct namespace 2019-09-04 10:34:20 +01:00
Vincent Ambo
628cec3433
Merge pull request #5 from tazjin/feat/cloud-kms-secrets 
Introduce secrets management via Google Cloud KMS
 2019-09-03 16:26:17 +01:00
Vincent Ambo
283951388c feat(k8s): Insert Nixery's secrets via kontemplate 
Instead of having a manually prepared secret, use Cloud KMS (as per
the previous commits) to decrypt the in-repo secrets and template them
into the Secret resource in Kubernetes.

Not all of the values are actually secret, it has thus become a bit
easier to edit the known hosts, SSH config and such now.
 2019-09-03 16:12:30 +01:00
Vincent Ambo
0bc548e75e feat(secrets): Check in secrets required by Nixery 2019-09-03 16:12:30 +01:00
Vincent Ambo
bcd7710be5 feat(tools): Introduce pass-compatible wrapper using Cloud KMS 
Adds a shell script that supports a subset of the 'pass' interface for
compatibility with kontemplate, and wraps kontemplate in a script that
places this version on the PATH.

This makes it possible to use Cloud KMS encrypted secrets with kontemplate.
 2019-09-03 16:12:30 +01:00
Vincent Ambo
abd5d7538c feat(gcp): Create Cloud KMS resources for encrypting secrets 
The idea here is to use Cloud KMS and a shell script that mimics
'pass' to trick kontemplate into using Cloud KMS to decrypt secrets.
 2019-09-03 16:12:30 +01:00
Vincent Ambo
eb43ba75d2 chore(gcp): Remove monorepo repository 
The repository is now public on Github.
 2019-09-03 16:12:30 +01:00
Vincent Ambo
be28462a8a
Merge pull request #4 from tazjin/fix/blog-substitutes 
fix(tazblog): Explicitly allow substitutes for the blog
 2019-09-03 01:11:55 +01:00
Vincent Ambo
0d93594347 fix(tazblog): Explicitly allow substitutes for the blog 
Not entirely sure which part of the setup set this to 'false', but
this is potentially the key for why tazblog ends up being rebuilt all
the time.
 2019-09-03 00:43:49 +01:00
Vincent Ambo
5e4157e4a2 chore(k8s): Update deployed Nixery version 2019-09-03 00:31:09 +01:00
Vincent Ambo
d9a0f07c73 chore(third_party): Bump Nixery version 2019-09-03 00:25:40 +01:00
Vincent Ambo
3a4d8544fe
Merge pull request #3 from tazjin/chore/pin-travis-nix 
Pin Nix version in Travis builds
 2019-09-02 22:54:58 +01:00
Vincent Ambo
cfeb6e57c7 chore(tazblog): Clean up unneeded files 2019-09-02 22:34:06 +01:00
Vincent Ambo
68d14b6cfc chore(gemma): Delete old image build configuration 2019-09-02 22:06:55 +01:00
Vincent Ambo
8ae6cb2b95 chore: Pin Nix version in Travis builds 
There are some unexpected cache misses in the Travis builds and I
suspect this might be due to mismatching Nix versions.
 2019-09-02 21:58:39 +01:00
Vincent Ambo
d577629b5b fix(k8s): Add nginx route for load-balancer health checks 2019-09-02 20:16:49 +01:00
Vincent Ambo
f2e0f3ee27 chore(third_party): Remove git-appraise 
Not actually in use here ...
 2019-09-02 20:01:25 +01:00
Vincent Ambo
2f239426aa
Merge pull request #2 from tazjin/refactor/nixos-nginx-cleanup 
Remove old NixOS config and move oslo.pub
 2019-09-02 19:04:28 +01:00
Vincent Ambo
e2feae3387 fix(k8s): nginx does not need to be pinned to gitHEAD 2019-09-02 18:42:18 +01:00
Vincent Ambo
07a17501cc chore(k8s): Point Nixery at public depot URL 2019-09-02 18:38:24 +01:00
Vincent Ambo
a0089892dd feat(k8s): Route oslo.pub to nginx in ingress 2019-09-02 18:28:39 +01:00
Vincent Ambo
785a5a2997 feat(k8s): Add nginx instance for oslo.pub redirect 
The redirect is currently all that this instance does. It is required
because HTTP load balancers in GCP don't support URL rewriting.
 2019-09-02 18:19:35 +01:00
Vincent Ambo
e6cb12ebfb chore(k8s): Provision certificate for oslo.pub 2019-09-02 18:19:06 +01:00
Vincent Ambo
640b497950 feat(tools): Add stern, a k8s log watcher 2019-09-02 18:18:28 +01:00
Vincent Ambo
4881a84eaa chore(infra): Remove NixOS configuration for servers 
This configuration is no longer in use. The Gemma configuration file
has been moved over to the k8s folder from where it will be templated
into the actual configuration.
 2019-09-02 17:19:07 +01:00
Vincent Ambo
4bd6d52800
Merge pull request #1 from tazjin/feat/travis-ci 
Add Travis CI configuration
 2019-09-02 17:17:22 +01:00
Vincent Ambo
86d8c748a7 chore: Catch all Nix results in gitignore 2019-09-02 17:12:06 +01:00
Vincent Ambo
4d94254642 docs: Add crude top-level README 2019-09-02 17:12:06 +01:00
Vincent Ambo
99ee84b477 refactor(blog): Use callPackage to import derivation 2019-09-02 16:53:54 +01:00
Vincent Ambo
6472b2645c feat: Add Travis CI configuration 
Adds a configuration that builds all of my own services and pushes the
resulting closures to Cachix.
 2019-09-02 16:38:59 +01:00
Vincent Ambo
5e9b91a6d2 chore: Remove leftover Bazel files 2019-09-02 16:24:21 +01:00
Vincent Ambo
4411eea11f fix(gemma): Fix build process in Nix 2019-09-02 02:14:39 +01:00
Vincent Ambo
b43e5529f7 feat(third_party): Add missing Quicklisp packages for Gemma 
Gemma depends on cl-prevalence, which isn't in the nixpkgs Quicklisp
snapshot.

This adds the package and its dependencies to the overlay.
 2019-09-02 01:24:41 +01:00
Vincent Ambo
a635beabfa fix: Correct naming of variables in overlay function 2019-09-02 01:24:23 +01:00
Vincent Ambo
a58af3e371 feat(k8s): Configure HTTPS ingress for the blog 
Uses Google-managed certificates and an Ingress resource to set up an
HTTPS load-balancer.

This probably won't be the final version as the GKE Ingress is very
limited and can not do things like redirect URLs, which I need to
decommission the old setup.
 2019-08-27 12:44:37 +01:00
Vincent Ambo
cae99692de feat(k8s): Add Google managed TLS certificates 
Introduces certificates for tazj.in & www.tazj.in.
 2019-08-27 12:43:55 +01:00