Commit graph

208 commits

Author SHA1 Message Date
Vincent Ambo
01016828b8 feat(bugry): run static & mostly static websites on bugry
Change-Id: Ie4c723f68ce5a07e2c7ab1f10a9d652ad442f44a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13067
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-01 20:34:24 +00:00
Vincent Ambo
11e1b9ffbd feat(ops/nevsky): configure automatic GC module
Change-Id: I6c89129206773f4855cdda7ddc944ecb5437ec8e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13061
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-01 19:34:55 +00:00
Vincent Ambo
658f07a50e fix(ops/nevsky): fix NDP entry for bugry
Apparently I set this up manually before, and failed to commit it ...

Change-Id: I550a2cd9e1fcc8b508bafc2fd06ddab2a915b597
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13060
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-01 19:34:55 +00:00
Vincent Ambo
86483c7908 feat(ops/bugry): configure self redirect for the machine
Change-Id: I25b8541cc9bd66d4c9db6531ce960d224b5e73c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13059
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-02-01 19:34:55 +00:00
Vincent Ambo
7824f8a91f feat(ops/bugry): configure depot replication to bugry
Change-Id: I3ee35e76c9ec6d7a175801c45eee073ce23d3dfd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13020
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-01-18 22:31:05 +00:00
Vincent Ambo
de8ffb723c chore(ops): remove nixery-01 VM completely
This is no longer needed; Nixery is now served by bugry.

Change-Id: Idd072505c4da1e6af636224e092b6fb21eff9250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13001
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2025-01-15 15:38:48 +00:00
Vincent Ambo
98aee9f84a fix(ops/machines): add missing bugry & nevsky entries
Why are we doing this manually again?

Change-Id: I5a941d677e7c6e762f97d8b607d8409b6e9badb9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13000
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2025-01-15 15:38:48 +00:00
Vincent Ambo
5a33dd7ec3 feat(ops/bugry): run nixery instance
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.

Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2025-01-15 15:38:48 +00:00
Vincent Ambo
b153679388 fix(ops/bugry): enable TVL binary cache
I thought this was enabled and got confused when deploying ... cache should
always be enabled on machines that don't build themselves.

Change-Id: Ie52b27c44db4c26387b05553dbe36f7693628e89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12993
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-14 17:51:54 +00:00
Vincent Ambo
f081642b3a feat(ops/nevsky): run buildkite agents on nevsky
This relates to b/433.

Change-Id: Ic39e4836ca354ce2f9f365cba95f96ceb5eec281
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12990
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-14 17:51:54 +00:00
Vincent Ambo
d2d06241a0 feat(ops/tvl-cache): add option for using experimental cache
Adds a `tvl.cache.builderball` option for cache *consumers* which enables the
experimental builderball cache. This cache uses whitby AND nevsky.

Change-Id: I4d99ba52d6ebd9a49e6fcb931d01e69383b15bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12986
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-14 17:51:21 +00:00
Vincent Ambo
c948a26d7d feat(ops/modules): configure builderball cache setup
Configures an experimental setup for a builderball-based public cache.

This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.

The idea is this:

All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).

When a request comes in, the first matching cache address is returned and Nix
will substitute from there.

Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-14 17:51:21 +00:00
Vincent Ambo
ec06690c42 fix(ops/nevsky): include known hosts module
Otherwise pushes to Github from CI will fail.

Change-Id: Ib3eb3165577cb98c5a7d5f2055b09dbf118da6c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12994
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-01-14 17:40:26 +00:00
Vincent Ambo
bf552f7a9b feat(ops/machines): IPv6 setup for bugry
Adman (the hoster) have not provided an ETA for native v6 on bugry yet, so we
establish a public v6 connection through nevsky for now.

In traffic flows going West->East the overhead is minimal (a few ms), though I
guess it might be worse if you're in the middle (Yekaterinburg or something).

The prefix was chosen by the bugry public v4 address encoded in hex, and
appended to the nevsky prefix.

Change-Id: I133622c17bd02eade0a6febc6bdf97f403fed14c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12974
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-14 16:44:26 +00:00
Vincent Ambo
70282aa412 feat(ops/machines): add NixOS configuration for nevsky
This is just a carbon-copy of other machine configurations for now. The plan is
to switch this over to sixos, but I have to get a sane NixOS setup first because
this still requires a lot of experimentation (and stuff to be built *on* this
machine, since it's the fastest one we have).

Change-Id: I2e55e63ed5192eb748855999bb87d43498e706fc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12971
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-12 21:50:52 +00:00
Vincent Ambo
dacbde58ea feat(ops/machines): add system configuration for bugry
WIP

Change-Id: Icac44225ca340cc57505bbd85e117334af42ad68
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12968
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2025-01-11 19:00:58 +00:00
Vincent Ambo
3c5feb7ebc fix(ops/whitby): fix keycloak header configuration
The copy&paste from the documentation didn't work ...

Change-Id: Ic894356354d6ac2b66562da5aa89590cd94ae347
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12705
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2024-10-27 20:32:11 +00:00
Vincent Ambo
ea0f2d1130 chore(3p/sources): bump channels & overlays (2024-10-12)
* amend keycloak configuration as per upgrade guide for their latest, most
  innovative breaking changes.

  https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
* users/aspen: remove deprecated noXlibs option. This option has no alternative.

Change-Id: I49f45e38cda6b01ddf6f014b7b1c43972b76629f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12601
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
2024-10-23 09:39:11 +00:00
Vincent Ambo
143f35e003 feat(whitby): switch from nix-serve to harmonia for the cache
Harmonia is, ostensibly, faster and better and, most importantly, not a giant
pile of wonky Perl.

I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think
we should be good to go here.

We have a vendored copy of the upstream module for now. We need to fix Nix 2.3
compatibility in upstream for the module, but the service itself works fine.

Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2024-09-26 23:27:29 +00:00
Aspen Smith
a15760671d feat(aspen/system): Move metrics to ogopogo, refresh
Change-Id: I93ddc961b473e15febe22a16879875dbd926236a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12501
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
2024-09-22 20:39:17 +00:00
Vincent Ambo
0320d778d9 chore(ops): remove volgasprint cache machine
Change-Id: I1030393d843f03af3617487fc70829fcca792839
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12499
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
2024-09-21 15:10:03 +00:00
Vincent Ambo
fe07ebfb30 feat(volgasprint-cache): enable auto deploy
Change-Id: I3b0a4695f69ef24a4f1f6280402c8a72223ff0c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12344
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: mrflos <mrflos@yeswiki.pro>
2024-08-25 11:29:56 +00:00
Vincent Ambo
a77b1d176b chore(ops/machines): add nixery & cache machines to system list
Change-Id: I40a4e7b9b993b2af57b03da1036ddeca2a0d298a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12343
Reviewed-by: mrflos <mrflos@yeswiki.pro>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2024-08-25 11:29:24 +00:00
Vincent Ambo
d504f668e0 feat(ops/machines): add temporary VolgaSprint cache machine
Change-Id: I5b5bb98f591e7bf3b1f16673f7f670b758444066
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12327
Reviewed-by: mrflos <mrflos@yeswiki.pro>
Tested-by: BuildkiteCI
2024-08-25 09:38:57 +00:00
Vincent Ambo
bfab474d0c fix(ops/modules): re-add cheddar highlighting server
This was deleted when removing the Sourcegraph module, but it turns out it is
also needed by panettone.

Change-Id: I8f14165bf783743247894c2b64882fbb032ffbf8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12295
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-08-23 23:41:39 +00:00
Vincent Ambo
11665f4e0a chore(whitby): remove Sourcegraph instance
Change-Id: I4d03f98e79de5e3a9c8c4a33682d5c78e3e0f028
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12286
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-08-23 14:40:09 +00:00
Profpatsch
9559ef56e3 feat(fun/clbot,ops/machines/whitby): filter tvix-dev clbot
In #tvix-dev, we want to display only CLs that relate to tvix and
related projects.

So use a pretty dumb allow-list for which CLs to display in that
channel.

Change-Id: I3ef50b64e3d7fbc27a6690be6a10f1b55c04cd6e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11658
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2024-06-03 19:35:34 +00:00
Vincent Ambo
61cf4905fe feat(ops/modules): launch teleirc for Volga Sprint
For the duration of the sprint, this bot will take care of
synchronising the IRC channel with the Telegram group.

After the sprint, it will be removed again.

Change-Id: I6d5b1316fc85ddd26adf55e31f6bff742907fc24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11727
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-05-26 19:36:29 +00:00
Vincent Ambo
019b6d260e fix(ops/nixery-01): enable automatic GC
This relates to nixery#167.

Using our GC module is much more reliable than what we were doing previously.

Change-Id: I1956457812a3a847a7c8a1f4e7e91e50fad08ac0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11453
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
2024-04-18 08:50:32 +00:00
Aspen Smith
d706ebda65 feat(aspen/system): Add lusca
A Framework laptop

Change-Id: I646e705d12b76c83e8cdcf11c618d07db3a21f0c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11235
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
2024-03-31 19:32:14 +00:00
Florian Klink
5ce76a1bae feat(ops/machines/whitby): let clbot post in #tvix-dev too
Change-Id: Ic49304291ec2f276e1329ffc7e8b4184d472cbe3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11111
Reviewed-by: raitobezarius <tvl@lahfa.xyz>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2024-03-10 18:35:27 +00:00
Vincent Ambo
a9f8491891 feat(ops/sanduny): deploy volgasprint.org
Change-Id: I5058e78ee3d7c26f2abafedeb5c0fb9d55a4da6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11066
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: Mark Shevchenko <markshevchenko@gmail.com>
2024-02-28 20:34:47 +00:00
Vincent Ambo
3dfba5901b fix(ops/whitby): use ensureDBOwnership option for panettone
The other option is deprecated and prints scary eval warnings.

This probably has no effect, as the database is already initialised.

Change-Id: Ida4e79517436fa4572e69317b28f3712afc17159
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11029
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2024-02-26 11:57:11 +00:00
Florian Klink
f3faeae52a feat(ops/glesys): add bolt.tvix.dev
Make tvixbolt.tvl.su just serve a redirect to the new domain, and fold
everything into the tvix.dev.nix module.

Change-Id: I3a9ccf37d2ceee8886208d6f662e7598ce395b1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11015
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-02-23 18:44:18 +00:00
Vincent Ambo
a9f5bb859f feat(ops/modules): initialise module for running livegrep
Change-Id: Ic22118def24089cda25ccc74c9da670d41c6b323
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10936
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-02-17 07:11:25 +00:00
Aspen Smith
82ecd61f5c chore(users): grfn -> aspen
Change-Id: I6c6847fac56f0a9a1a2209792e00a3aec5e672b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10809
Autosubmit: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2024-02-14 19:37:41 +00:00
Vincent Ambo
a554531e28 chore(ops): move from gerrit-queue to gerrit-autosubmit
Enables the new autosubmit bot, albeit without rebase
functionality (this will be a separate change).

Change-Id: Ia42a4f08c0edca5e6cc8bf4770ec24dbf16a5db7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10132
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2023-11-27 21:51:08 +00:00
Vincent Ambo
ac3025e883 fix(whitby): disable gerrit-queue due to b/333
Change-Id: I53084dcf033b8e7b2b7188fbef0a8d1ce15ceb83
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10123
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-11-25 15:45:46 +00:00
Vincent Ambo
84a1e9e081 chore(whitby): upgrade to PostgreSQL 16
Relates to b/330

Change-Id: If5ef3e999511754e6eb69a4c0a44e6eed21b56b5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9949
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-11-05 09:16:28 +00:00
Vincent Ambo
e60478ae3c chore(whitby): upgrade to PostgreSQL 12
Relates to b/330

Change-Id: I9169374a2324dc39e539d3e803f8ab15a308e5fd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9945
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-11-05 09:04:58 +00:00
Vincent Ambo
a63f991351 feat(ops/www): add experimental grep.tvl.fyi setup
This points a reverse proxy at a manually run, highly experimental
container. The actual setup is not yet nixified.

Change-Id: I8e1d5ec94a3f1e9b4b0bfc7ffd2a9badf4e79291
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9577
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2023-10-09 07:03:05 +00:00
Vincent Ambo
4bf541109a chore(whitby): remove Nixery configuration
nixery.dev is running on a separate host now, it's not required here anymore.

Change-Id: Ie03d5847f8313fdfcf56fa43bb03651b3e4925f0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9552
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
2023-10-06 09:20:15 +00:00
Vincent Ambo
053643c66f chore(ops): remove images.tvl.fyi
I don't even know what this is/was.

Change-Id: I743efa88258bbc13b7a3d4b8de8df222325b00ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9553
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
2023-10-06 09:17:22 +00:00
Vincent Ambo
6b607976ea feat(ops): add nixery-01 instance for hosting nixery.dev
Change-Id: Ida21ac7240a532bb6063b362155f2b14b2859aae
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9426
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2023-09-22 17:52:23 +00:00
Vincent Ambo
e187a7bcb1 feat(ops/modules): deploy //web/pwcrypt to signup.tvl.fyi
I verified on whitby that the password hashes generated by
//web/pwcrypt are compatible with our OpenLDAP, so it's time to make
this thing public.

Change-Id: Icc2f095ca7ce4acff6de91a1642dea6461177423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9266
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
2023-09-05 14:44:36 +00:00
Vincent Ambo
b12cd279a4 fix(ops/whitby): remove tazj.in module
this moved out of whitby some time ago (to koptevo.tazj.in), but is
now causing failures because of ACME cert renewal

Change-Id: I4da5512db0d85d416511a1d10f784e978c5ccc93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8948
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2023-07-10 08:22:07 +00:00
Vincent Ambo
763c57b456 chore(ops/whitby): remove broken oauth2_proxy service
this never worked and was never used, but for now the module itself is
still around in case somebody wants it for something

Change-Id: Id8e449e08c8012786bca0ea57d9c7b97056a1f3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8905
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-30 20:21:24 +00:00
sterni
f46a0f7d6e chore(ops/whitby): drop obsolete grub version option
Change-Id: I8f89f00d3eca5cef23dc7698208b08e0b6826393
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8854
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-23 23:20:51 +00:00
Vincent Ambo
8cdad7d45c feat(ops): introduce (head|tail)scale server at net.tvl.fyi
This runs a headscale server on sanduny which lets users join their
machines to the TVL tailscale network.

This would theoretically let people communicate with each other on the
internal network, but also more notably joined servers can advertise
exit node capability so that we can have our own "VPN network", for
starters with endpoints in Germany, UK and Russia (whitby, sanduny and
koptevo respectively).

This setup isn't fully stable yet, notably:

* The IP range used by tailscale is just the default one right now,
  I'm not sure if that should be changed or what.

* The system is stateful (on sanduny), but the state is not (yet)
  backed up anywhere. Use with caution.

* Machine joining is a manual process requiring SSH & root access to
  sanduny.

  The process is to log in to sanduny, then get a headscale shell with
  `sudo -u headscale bash`, and to use the `headscale` CLI within
  there to administrate access.

  I've opted to create a user account `tvl` for TVL-owned machines,
  and a personal account for myself and my machines.

Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2023-06-22 13:23:14 +00:00
sterni
d2fa4e7c86 chore(3p/sources): Bump channels & overlays
* //ops/modules/depot-inbox: Adapt to upstream option type declaration.
  See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076.

* //ops/machines/sanduny, //users/tazjin/polyanka:
  Remove boot.loader.grub.version options (no longer has any effect).

* //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk

* //3p/overlays: update tdlib to match emacs-overlay

* //3p/overlays: give EXWM from depot a separate name

* //users/grfn/system/home: disable Slack support in ntfy

Change-Id: I03bde088bc70e05b23925f244899807210cb7b20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-15 17:09:02 +00:00