Commit graph

9278 commits

Author SHA1 Message Date
Benjamin Hipple
6605ea0197
doc: touchup release notes for 2.3
- At the top of the release notes, we announce sandboxing is now enabled by default,
then at the bottom it says it's now disabled when missing kernel support. These
can be merged into one point for clarity.

- The point about `max-jobs` defaulting to 1 appears unrelated to sandboxing.

(cherry picked from commit 5d24e18e29ea1fff8fa316701fd95be6941da770)
2020-02-18 16:45:56 +01:00
Robin Gloster
b51ecc02c8
structured-attrs: chown .attrs.* files to builder
Otherwise `chmod .`'ing the build directory doesn't work anymore, which
is done in nixpkgs if sourceRoot is set to '.'.

(cherry picked from commit f8dbde0813c4e8beed6dfd09b093589e027a6675)
2020-02-18 16:45:43 +01:00
Domen Kožar
ed25fdd66e
retry on HTTP status code 429
(cherry picked from commit 48ddb8e481c0ba0b59b7193df4aa914ce83a9032)
2020-02-18 16:45:34 +01:00
Eelco Dolstra
475c2e5de7
Bump version number 2020-02-18 16:44:55 +01:00
Carlos O'Ryan
3e4f8c025e
fix: fix dependencies for trace.proto (#35) 2020-02-17 20:17:01 -05:00
Vincent Ambo
0e54b3eb6a Merge branch 'fix/camden-trusted-users' 2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7 fix(ops/nixos/camden): Add myself to trusted Nix users 2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b fix(ops/nixos/camden): Use pounce from //third_party 2020-02-17 00:52:07 +00:00
Vincent Ambo
24de5683aa chore(third_party/pounce): Override version to 1.1
This has not yet propagated to nixos-unstable
2020-02-17 00:51:13 +00:00
Vincent Ambo
51a2b9a95d chore(third_party): Bump nixos-unstable 2020-02-17 00:40:37 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
f60eb6c3c7 refactor(web/cgit-taz): Serve depot from disk location on camden 2020-02-12 01:03:31 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
b5c50f4699 refactor(web): Let //web/ derivations build static pages only
Removes nginx configuration built by the web targets (with the
exception of the includable block used to set up redirects for old
blog URLs).
2020-02-11 19:31:20 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
78b82c82a2 fix(third_party/tailscale): Add patch to make taillogin work 2020-02-11 00:43:55 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
9b37bad180 fix(third_party/tailscale): Add default relaynode acl.json to output 2020-02-11 00:09:34 +00:00
Vincent Ambo
04ffc5e66f fix(third_party/tailscale): Build all sub-packages
At the moment it seems like all of them are still required - things
are in flux!
2020-02-10 23:39:38 +00:00
Vincent Ambo
9e38e02c46 feat(third_party): Add package for tailscale
Adds a package for the now-opensourced tailscale client tailscale
client.
2020-02-10 22:16:41 +00:00
Vincent Ambo
042df0b523 docs(web/blog): Add some TODO entries for the draft 2020-02-10 01:34:54 +00:00
Vincent Ambo
541306f1bd docs(web/blog): Rewrite some style issues in the Emacs post 2020-02-10 01:24:34 +00:00
Vincent Ambo
9f75c91adc feat(web/blog): Add draft blog post on Emacs
This post is a draft, i.e. not linked from the index. It's not a
secret, but if you do find it through this commit before its
publication please don't share it too widely yet.
2020-02-10 00:29:51 +00:00
Vincent Ambo
b56b3db2f4 style(web/homepage): Highlight <kbd> elements like buttons 2020-02-10 00:08:53 +00:00
Vincent Ambo
9ed53f4201 fix(web/homepage): Make .uncoloured-link work again 2020-02-10 00:08:43 +00:00
Vincent Ambo
1e770f5d88 feat(web/blog): Add support for draft & unlisted posts
Posts with either `draft = true;` or `listed = false;` will no longer
be included in index generation and will have a warning callout
inserted at the top of the page urging people not to share the links
to them.
2020-02-09 21:44:48 +00:00
Vincent Ambo
0bc2f8995e style(web/blog): Minor formatting fixes in Watchguard post 2020-02-09 21:24:53 +00:00
Vincent Ambo
30e8f59d02 style(web/homepage): Overflow long code lines into scroll bars 2020-02-09 21:24:31 +00:00
Vincent Ambo
bd2d96d053 chore(web/blog): Move Watchguard images into static assets
Rather than sending user data to imgur ... lets get rid of all the
external stuff!
2020-02-09 21:16:03 +00:00
Vincent Ambo
de9f51de82 chore(web/blog): Remove duplicate CSS file 2020-02-09 21:06:37 +00:00
Vincent Ambo
386692d39d chore(web/homepage): Configure caching for fonts & images 2020-02-09 21:05:03 +00:00
Vincent Ambo
74a78de081 style(web/homepage): Unify page max-width at 800px 2020-02-09 20:52:14 +00:00