Benjamin Hipple
6605ea0197
doc: touchup release notes for 2.3
...
- At the top of the release notes, we announce sandboxing is now enabled by default,
then at the bottom it says it's now disabled when missing kernel support. These
can be merged into one point for clarity.
- The point about `max-jobs` defaulting to 1 appears unrelated to sandboxing.
(cherry picked from commit 5d24e18e29ea1fff8fa316701fd95be6941da770)
2020-02-18 16:45:56 +01:00
Robin Gloster
b51ecc02c8
structured-attrs: chown .attrs.* files to builder
...
Otherwise `chmod .`'ing the build directory doesn't work anymore, which
is done in nixpkgs if sourceRoot is set to '.'.
(cherry picked from commit f8dbde0813c4e8beed6dfd09b093589e027a6675)
2020-02-18 16:45:43 +01:00
Domen Kožar
ed25fdd66e
retry on HTTP status code 429
...
(cherry picked from commit 48ddb8e481c0ba0b59b7193df4aa914ce83a9032)
2020-02-18 16:45:34 +01:00
Eelco Dolstra
475c2e5de7
Bump version number
2020-02-18 16:44:55 +01:00
Carlos O'Ryan
3e4f8c025e
fix: fix dependencies for trace.proto ( #35 )
2020-02-17 20:17:01 -05:00
Vincent Ambo
0e54b3eb6a
Merge branch 'fix/camden-trusted-users'
2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7
fix(ops/nixos/camden): Add myself to trusted Nix users
2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b
fix(ops/nixos/camden): Use pounce from //third_party
2020-02-17 00:52:07 +00:00
Vincent Ambo
24de5683aa
chore(third_party/pounce): Override version to 1.1
...
This has not yet propagated to nixos-unstable
2020-02-17 00:51:13 +00:00
Vincent Ambo
51a2b9a95d
chore(third_party): Bump nixos-unstable
2020-02-17 00:40:37 +00:00
Vincent Ambo
1b31b47ef1
feat(ops/nixos/camden): Install pounce on camden
2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad
feat(ops/nixos/camden): Enable support for mosh
2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892
Merge branch 'feat/camden-migration'
2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1
chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames
2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b
refactor(ops/nixos/camden): Merge ACME certificate blocks
2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f
feat(camden): Move to actual tazj.in hostnames
2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7
feat(ops/nixos/nugget): Add camden to /etc/hosts
...
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763
feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden
2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a
feat(ops/nixos/camden): Move ACME configuration out of nginx
...
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3
feat(ops/nixos/camden): Set up cgit service
...
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.
The depot checkout was configured as:
mkdir -p /var/git && chown git: /var/git
# now, as the git user, in /var/git
git clone --bare ... depot
chmod -R g+rw /var/git
chmod g+s (find /var/git -type d)
git init --bare --shared=all depot
My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.
Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
f60eb6c3c7
refactor(web/cgit-taz): Serve depot from disk location on camden
2020-02-12 01:03:31 +00:00
Vincent Ambo
b4c0292753
fix(nix/tailscale): Fix incorrect Tailscale ACL config type
2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca
feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
...
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629
feat(ops/nixos/camden): Enable haveged entropy "generator"
2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377
feat(ops/nixos/nugget): Set up nginx serving homepage & blog
...
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
b5c50f4699
refactor(web): Let //web/ derivations build static pages only
...
Removes nginx configuration built by the web targets (with the
exception of the includable block used to set up redirects for old
blog URLs).
2020-02-11 19:31:20 +00:00
Vincent Ambo
2e95822712
fix(ops/nixos/camden): Use package set from depot pin
2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b
feat(nix/tailscale): Add function for generating tailscale ACLs
...
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b
feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh
2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37
fix(ops/nixos): Add camden to rebuilder script
...
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336
feat(ops/nixos): Add initial configuration for host camden
2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372
feat(ops/nixos/nugget): Enable tailscale-relay
2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a
feat(ops/nixos): Add NixOS module for running tailscale
...
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
78b82c82a2
fix(third_party/tailscale): Add patch to make taillogin work
2020-02-11 00:43:55 +00:00
Vincent Ambo
77085f5876
chore(ops/nixos/nugget): Install tailscale on nugget
2020-02-11 00:09:34 +00:00
Vincent Ambo
9b37bad180
fix(third_party/tailscale): Add default relaynode acl.json to output
2020-02-11 00:09:34 +00:00
Vincent Ambo
04ffc5e66f
fix(third_party/tailscale): Build all sub-packages
...
At the moment it seems like all of them are still required - things
are in flux!
2020-02-10 23:39:38 +00:00
Vincent Ambo
9e38e02c46
feat(third_party): Add package for tailscale
...
Adds a package for the now-opensourced tailscale client tailscale
client.
2020-02-10 22:16:41 +00:00
Vincent Ambo
042df0b523
docs(web/blog): Add some TODO entries for the draft
2020-02-10 01:34:54 +00:00
Vincent Ambo
541306f1bd
docs(web/blog): Rewrite some style issues in the Emacs post
2020-02-10 01:24:34 +00:00
Vincent Ambo
9f75c91adc
feat(web/blog): Add draft blog post on Emacs
...
This post is a draft, i.e. not linked from the index. It's not a
secret, but if you do find it through this commit before its
publication please don't share it too widely yet.
2020-02-10 00:29:51 +00:00
Vincent Ambo
b56b3db2f4
style(web/homepage): Highlight <kbd> elements like buttons
2020-02-10 00:08:53 +00:00
Vincent Ambo
9ed53f4201
fix(web/homepage): Make .uncoloured-link work again
2020-02-10 00:08:43 +00:00
Vincent Ambo
1e770f5d88
feat(web/blog): Add support for draft & unlisted posts
...
Posts with either `draft = true;` or `listed = false;` will no longer
be included in index generation and will have a warning callout
inserted at the top of the page urging people not to share the links
to them.
2020-02-09 21:44:48 +00:00
Vincent Ambo
0bc2f8995e
style(web/blog): Minor formatting fixes in Watchguard post
2020-02-09 21:24:53 +00:00
Vincent Ambo
30e8f59d02
style(web/homepage): Overflow long code lines into scroll bars
2020-02-09 21:24:31 +00:00
Vincent Ambo
bd2d96d053
chore(web/blog): Move Watchguard images into static assets
...
Rather than sending user data to imgur ... lets get rid of all the
external stuff!
2020-02-09 21:16:03 +00:00
Vincent Ambo
de9f51de82
chore(web/blog): Remove duplicate CSS file
2020-02-09 21:06:37 +00:00
Vincent Ambo
386692d39d
chore(web/homepage): Configure caching for fonts & images
2020-02-09 21:05:03 +00:00
Vincent Ambo
74a78de081
style(web/homepage): Unify page max-width at 800px
2020-02-09 20:52:14 +00:00