maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21645 commits 1 branch 0 tags 188 MiB
Commit graph

1069 commits

Author SHA1 Message Date
Vincent Ambo
5f17df8548 chore(3p/sources): bump channels & overlays (2025-02-02) 
Included changes/fixes:

* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
  This also included a state migration in the bucket, which I've already
  performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
  digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/

Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-09 09:00:22 +00:00
Vincent Ambo
09c0d75bf9 chore(ops/secrets): replace buildkite agent token 
This replaces the previous Buildkite agent token with one that is tied to the
default agent "cluster".

We haven't used clusters so far, they're a relatively new Buildkite
feature (https://buildkite.com/docs/pipelines/clusters), but I have a suspicion
that weird scheduling behaviour recently has been related to our non-usage of
these clusters.

Change-Id: I30e9c0cf49fe1fc4e263a4dc7d3855c166349939
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13118
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-08 22:39:42 +00:00
Vincent Ambo
c88fae5277 chore: remove whitby configuration 
Removes whitby DNS records and other related configuration that is no longer
required now that whitby is gone.

whitby served us well. RIP.

This resolves b/433.

Change-Id: I56fe6f88cde9112fc3bfc79758ac33e88a743422
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13117
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
 2025-02-07 22:18:00 +00:00
Vincent Ambo
84bdb1e89a feat(ops/restic): configure backups to Yandex Cloud 
Backups are moving from GleSYS to Yandex Cloud (is this motivated by me not
having to pay for them in that case? Maybe!); this changes the default backup
location to accommodate that.

I also noticed that we previously manually placed the backup key on whitby, so
the new key is going into agenix instead, as well as the secrets for protecting
the repositories.

Change-Id: Ibe5dbfec6784345f020a8b4d92bb01c6ad719a89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 15:01:24 +00:00
Vincent Ambo
7851917ebf chore(ops/whitby): retire most services on whitby 
This turns off almost all of the lights. The server will be decomissioned on
2025-02-05. Until then we can keep running the Buildkite builders there for
extra capacity.

Stuff that was left in the whitby config has been migrated to nevsky.

This relates to b/433.

Change-Id: I84953e9d5e912f75b8884cb9d8edd5a1b7d5c85d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13095
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 15:01:24 +00:00
Vincent Ambo
aa13655a39 chore(ops/glesys): clean up post-migration DNS setup 
Change-Id: I3b2901280eb005a53460b7b15ee39480536f493c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13094
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
afcdcc6338 feat(ops/modules): factor grafana & prometheus setup into a module 
... that is then promptly enabled on nevsky.

Change-Id: Ie51037cec810bb7f81099a67ebd2581dcf710bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
75fe623d97 feat(ops/nevsky): run keycloak/panettone/paroxysm 
These are the postgres-database using services.

Change-Id: I4e8d854e798d85e1b14bfa78aae8827ac0881c7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13092
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
3a92f43ee5 feat(ops/nevsky): run TVL OpenLDAP server 
Change-Id: I9afce1500e0888f523fe8b775edaa7a2c3ab53a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13091
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
64ae639cc7 fix(ops/nevsky): ensure CPU is not power-saving unnecessarily 
Change-Id: I5ea6f2fdbf3ccbf993787b1c592539b1fdee151f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13090
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
6f7239b3b8 fix(ops/known-hosts): add bugry & nevsky keys 
Without these, Gerrit replication is unhappy.

Change-Id: Id0edbc6a1cf301f9ed7ef2a88ccb0ef70f469693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13089
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
b867df7ba4 feat(ops/glesys): point git-serving services at nevsky 
Change-Id: Idf944a77fc9f230d938efdff4fc421efe0232ac3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13088
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
f2257abc5d feat(ops/nevsky): run livegrep instance 
Change-Id: Icc17ff919aaf23964b6f35160aaeb437e69ee7bf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13087
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
610cfeda25 feat(ops/nevsky): run cgit & josh on nevsky 
Change-Id: If62177d19c0c4e708dce7a20974f53827a133247
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13086
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
f5a301230a feat(ops/glesys): point cl.tvl.{fyi|su} at nevsky 
Gerrit has been migrated over.

Change-Id: I455d58f28663ab2795dcfdfdeb98259ec36ae0e3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13085
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
c6f2f6924b feat(ops/nevsky): run TVL Gerrit instance 
Runs the Gerrit instance with the same config as previously on whitby. Data has
been migrated manually using `tailscale file` (which worked surprisingly well).

Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
4a1a271644 feat(ops/nevsky): run smtprelay instance for gerrit 
Change-Id: I856fafb4c13a876bb6d9cfdb0cdf554d9d0a6b11
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13076
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
2b828fbb8e feat(ops/nevsky): run clbot 
Change-Id: I2e71ca70b5035041d354a2ba4fa088efb5182d2b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13075
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
4783d83686 feat(ops/nevsky): sync remaining whitby secrets to nevsky 
Change-Id: I604426d8e9e91417607eed71f0dbcaf93e88c31d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13074
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
749a01b681 feat(ops/nevsky): run owothia & irccat on nevsky 
Change-Id: I9234a77967634c9b472151ea5ac7ef4e76c2d7e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13073
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:58:16 +00:00
Vincent Ambo
119df03a50 style(ops/nevsky): centralise depot services in a config block 
Change-Id: I46ceb8fdbcb49e98772cb272a7b775761f9d1ed0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13072
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:58:16 +00:00
Vincent Ambo
899142ed2c feat(ops/nevsky): run ZNC bouncer 
Same as whitby, with the difference that there is now a listener on the
tailnet (just in case).

Change-Id: I841b2283112a0fea54f3c35a2dc4d2dd393b2612
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13071
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:18:10 +00:00
Vincent Ambo
cf919a02b2 feat(ops/nevsky): run postgresql server 
All the postgres-dependent services are going to migrate here.

Change-Id: Ie2a25395f6fe6e3c9f7a45f21cf90c635e208cdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13070
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-02 14:18:10 +00:00
Vincent Ambo
234a324bb6 feat(ops/glesys): move static site DNS records to bugry 
Change-Id: Iaa54675ef37595a2587fcf206dd566f733cfc631
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13068
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-02 14:18:10 +00:00
Vincent Ambo
01016828b8 feat(bugry): run static & mostly static websites on bugry 
Change-Id: Ie4c723f68ce5a07e2c7ab1f10a9d652ad442f44a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13067
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 20:34:24 +00:00
Vincent Ambo
2da13f51d5 chore(ops/secrets): clean up secret config & reencrypt 
This grants access to all relevant keys to the new machines.

Change-Id: I78a7003181ee9977e548fbfe0d78afb67357b56b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13064
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:59:42 +00:00
Vincent Ambo
afe1d579a4 feat(ops/pipelines): configure job priority for 🦙 
🦙 is the blocking step on which everything else is always waiting, so to
avoid a situation where we have idle builders we should prioritise running
llamas within the available slots to spawn other stuff in the build queue.

Change-Id: I76836275edd0b0aedaf702d2626dacc31ced9fe2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13069
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 19:59:42 +00:00
Vincent Ambo
324e050ee6 chore(ops/glesys): prepare DNS setup for whitby decomissioning 
Reduces the whitby record TTLs everywhere, and sets up the scaffolding for
adding nevsky/bugry records.

This relates to b/433.

Change-Id: I31b5503fa4fcf5463c989f4cf47a3d403d34c684
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13066
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:59:42 +00:00
Vincent Ambo
1d54b05445 chore(ops/glesys): remove images.tvl.* 
This is an old unused name.

Change-Id: I63082bb1b0daa38ab63400e956151f1aad53b41a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13065
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 19:59:42 +00:00
Vincent Ambo
11e1b9ffbd feat(ops/nevsky): configure automatic GC module 
Change-Id: I6c89129206773f4855cdda7ddc944ecb5437ec8e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13061
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:34:55 +00:00
Vincent Ambo
658f07a50e fix(ops/nevsky): fix NDP entry for bugry 
Apparently I set this up manually before, and failed to commit it ...

Change-Id: I550a2cd9e1fcc8b508bafc2fd06ddab2a915b597
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13060
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 19:34:55 +00:00
Vincent Ambo
86483c7908 feat(ops/bugry): configure self redirect for the machine 
Change-Id: I25b8541cc9bd66d4c9db6531ce960d224b5e73c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13059
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-02-01 19:34:55 +00:00
Vincent Ambo
8e78f613ec chore(ops/pipelines): flip anchor step over to nevsky 
Change-Id: Ifea931779fab4309ce468a8f14bf6e9222cc3604
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13058
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-02-01 19:34:55 +00:00
sterni
dd5100acf5 chore: rewrite uses of cs.tvl.fyi to code.tvl.fyi 
I've checked the new links manually.

- //web/tvl: changed the target path of links to the tvix docs since
  they were moved in r/2378.

- //users/aspen/resume: Tvix is no longer //third_party/nix.

Change-Id: I419bae1a46bdccc7baa7327215aa2368ffc0f01c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13043
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: fogti <fogti+devel@ytrizja.de>
Reviewed-by: tazjin <tazjin@tvl.su>
 2025-01-30 02:19:06 +00:00
Vincent Ambo
7824f8a91f feat(ops/bugry): configure depot replication to bugry 
Change-Id: I3ee35e76c9ec6d7a175801c45eee073ce23d3dfd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13020
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-01-18 22:31:05 +00:00
Vincent Ambo
de8ffb723c chore(ops): remove nixery-01 VM completely 
This is no longer needed; Nixery is now served by bugry.

Change-Id: Idd072505c4da1e6af636224e092b6fb21eff9250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13001
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
 2025-01-15 15:38:48 +00:00
Vincent Ambo
98aee9f84a fix(ops/machines): add missing bugry & nevsky entries 
Why are we doing this manually again?

Change-Id: I5a941d677e7c6e762f97d8b607d8409b6e9badb9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13000
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
 2025-01-15 15:38:48 +00:00
Vincent Ambo
aea48b54aa chore(ops/nixery): use unstable nixpkgs channel for nixery 
We switched to stable temporarily in 2023 (!) because of some breakage that has
long been fixed.

In general, running nixery against stable is probably advisable, but because of
our Lisp package situation updating stable is not possible at the moment.

Change-Id: I122ac63d6307cab76a3069101682fc5f8f985914
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12999
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-15 15:38:48 +00:00
Vincent Ambo
96a42945a5 feat(ops/glesys): point nixery.dev records at bugry 
Change-Id: I360876dfd416eb1cce4dd2772ef312aae6dd7ac3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12998
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
 2025-01-15 15:38:48 +00:00
Vincent Ambo
5a33dd7ec3 feat(ops/bugry): run nixery instance 
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.

Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
 2025-01-15 15:38:48 +00:00
Vincent Ambo
b153679388 fix(ops/bugry): enable TVL binary cache 
I thought this was enabled and got confused when deploying ... cache should
always be enabled on machines that don't build themselves.

Change-Id: Ie52b27c44db4c26387b05553dbe36f7693628e89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12993
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-14 17:51:54 +00:00
Vincent Ambo
f081642b3a feat(ops/nevsky): run buildkite agents on nevsky 
This relates to b/433.

Change-Id: Ic39e4836ca354ce2f9f365cba95f96ceb5eec281
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12990
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-14 17:51:54 +00:00
Vincent Ambo
d2d06241a0 feat(ops/tvl-cache): add option for using experimental cache 
Adds a `tvl.cache.builderball` option for cache *consumers* which enables the
experimental builderball cache. This cache uses whitby AND nevsky.

Change-Id: I4d99ba52d6ebd9a49e6fcb931d01e69383b15bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12986
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-14 17:51:21 +00:00
Vincent Ambo
c948a26d7d feat(ops/modules): configure builderball cache setup 
Configures an experimental setup for a builderball-based public cache.

This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.

The idea is this:

All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).

When a request comes in, the first matching cache address is returned and Nix
will substitute from there.

Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-14 17:51:21 +00:00
Vincent Ambo
6733b26ba5 feat(ops/secrets): grant nevsky builder secret access 
Change-Id: I2343357b7c92c49a9bb22d1b8ce20091d6ab70ba
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12987
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
 2025-01-14 17:51:21 +00:00
Vincent Ambo
ec06690c42 fix(ops/nevsky): include known hosts module 
Otherwise pushes to Github from CI will fail.

Change-Id: Ib3eb3165577cb98c5a7d5f2055b09dbf118da6c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12994
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2025-01-14 17:40:26 +00:00
Vincent Ambo
bf552f7a9b feat(ops/machines): IPv6 setup for bugry 
Adman (the hoster) have not provided an ETA for native v6 on bugry yet, so we
establish a public v6 connection through nevsky for now.

In traffic flows going West->East the overhead is minimal (a few ms), though I
guess it might be worse if you're in the middle (Yekaterinburg or something).

The prefix was chosen by the bugry public v4 address encoded in hex, and
appended to the nevsky prefix.

Change-Id: I133622c17bd02eade0a6febc6bdf97f403fed14c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12974
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
 2025-01-14 16:44:26 +00:00
Vincent Ambo
dbdf211fe4 chore(ops/pipelines): pin anchoring step to whitby agents 
Change-Id: Ia7d556667faf44094cb5545e4f38d85260c5aafa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12989
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
 2025-01-14 11:34:33 +00:00
Vincent Ambo
4210e2c480 refactor(ops/tvl-buildkite): remove hardcoded whitby references 
Change-Id: I3b2df9d3926f4698cbc0b557ad5b522e1921ca13
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12988
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: aaqaishtyaq <aaqaishtyaq@gmail.com>
Tested-by: BuildkiteCI
 2025-01-14 11:34:33 +00:00
Vincent Ambo
c30344475c fix(tvl-headscale): restore default ACL policy 
I omitted the `acls` section when adding the tag configuration. In "normal"
tailscale, emitting this is equivalent to putting the defaults there (i.e. all
traffic inside the tailnet is allowed), however in headscale it defaults to
blocking everything instead.

This meant that internal tailnet traffic wasn't really working correctly anymore.

Change-Id: Ic37504e9a8a97b9f8eb3ac173c88201aef1c044a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12972
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
 2025-01-12 21:53:54 +00:00