Commit graph

1134 commits

Author SHA1 Message Date
Florian Klink
09c1e3d25b feat(ops/keycloak): allow log in with Bornhack account
This adds bornhack.dk as an OIDC provider.

We currently do not yet map the `nickname` claim as a username field.

This means users logging in via Bornhack need to choose their username
manually, until https://github.com/bornhack/bornhack-website/issues/1837
is solved.

Change-Id: Ia91594107a0cd1d1e0a2ee7ca48d603a2ac681a5
Reviewed-on: https://cl.snix.dev/c/snix/+/30326
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
2025-04-26 11:58:25 +00:00
edef
d814c7afa8 feat(ops/keycloak): configure user profile declaratively
This mostly matches the default configuration, but notably does not
make the lastName field mandatory, in order to accommodate mononymy.

Change-Id: I47ca86a179eb9b7dcf5f3e761681c78e22f5265c
Fixes: https://git.snix.dev/snix/snix/issues/104
Reviewed-on: https://cl.snix.dev/c/snix/+/30289
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-04-04 16:41:12 +00:00
Florian Klink
6e45456fec fix(ops/machines/snix-cache): support old /nar/tvix-castore URLs
Nix clients still might have old .narinfo files cached, containing old
NAR URLs. Send a redirect to the new URL.

Fixes: #103
Change-Id: Ie3b77e4fdc4be0f982e023f2a2acd3f9f0257f9b
Reviewed-on: https://cl.snix.dev/c/snix/+/30291
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
2025-04-02 17:20:10 +00:00
Ilan Joselevich
5551d0ea5e feat(ops): Deploy harmonia on cache.snix.dev
Deploys Harmonia on build01, proxied through public01.
We cannot serve from build01 directly because it only supports IPv6.

Closes: https://git.snix.dev/snix/snix/issues/66
Change-Id: Iff3c16366d60c0fbfd1315a18c27fcd636a0261a
Reviewed-on: https://cl.snix.dev/c/snix/+/30274
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-31 12:39:21 +00:00
edef
683458d604 fix(ops/modules/forgejo): disable native sign-in
We only use the OAuth flow (with Keycloak), and the native login
mechanism is an unnecessary source of user confusion.

Change-Id: I819e0b6ac507013c903c55a28f0db52e8706d8dc
Reviewed-on: https://cl.snix.dev/c/snix/+/30282
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
Autosubmit: edef . <edef@edef.eu>
2025-03-25 14:56:20 +00:00
Florian Klink
00950aa91d fix(ops): add +x for /nix/var/nix/gcroots
Previously, the buildkite users were not able to traverse there.

Removing /nix/var/nix/gcroots/buildkite/canon might not be needed, and
is racy with other anchor step - the first one might still be building
`ci.gcroot` (and didn't create the new symlink), so the second one will
fail trying to remove the non-existing symlink.

Change-Id: I0449447f7193113d807d597750b26c7beb48a3a6
Reviewed-on: https://cl.snix.dev/c/snix/+/30257
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-03-23 15:02:22 +00:00
Florian Klink
7e22d4f55f feat(ops/keycloak): update group memberships
Change-Id: I3b881fec1ee0d67cbfac636e99460b3491e2c653
Reviewed-on: https://cl.snix.dev/c/snix/+/30252
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-23 00:50:26 +00:00
Florian Klink
2d98b56d5b chore(ops/keycloak): drop wiki groups/roles
Change-Id: I215778faf2045865d0416296f32a6cfa335ed241
Reviewed-on: https://cl.snix.dev/c/snix/+/30251
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Tested-by: besadii
2025-03-23 00:50:26 +00:00
Florian Klink
9130830912 chore(ops/keycloak): disable buildkite keycloak SAML settings for now
This is pointing to the wrong URLs. This isn't set up yet.

Change-Id: Ie21146311c2adcf5d9c5a80132cf1f8333a6baa2
Reviewed-on: https://cl.snix.dev/c/snix/+/30250
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-23 00:50:26 +00:00
Florian Klink
5f0697083f feat(ops/keycloak): configure smtp settings
This allows Keycloak to send emails.

Using naked TLS fails with:

```
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525;
Mar 23 00:10:50 public01 keycloak-start[875412]:   nested exception is:
Mar 23 00:10:50 public01 keycloak-start[875412]: 	javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:342)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:222)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:243)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	... 17 more
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
```

With starttls, we can send emails, so use that.

Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183
Reviewed-on: https://cl.snix.dev/c/snix/+/30249
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
2025-03-23 00:49:59 +00:00
Florian Klink
8c4f447ec7 fix(ops/pipelines): fix anchor steps
Every buildkite user needs to be able to update these symlinks, and the
directory doesn't exist. It was probably created imperatively on whitby.

Use a tmpfiles rule creating a /nix/var/nix/gcroots/buildkite directory,
and add a `canon` symlink in there.

Change-Id: Ic4d67fbb69f77cebe891b0fff9b824713ebec87c
Reviewed-on: https://cl.snix.dev/c/snix/+/30247
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-23 00:48:45 +00:00
Paul Meyer
bfd948c6e2 fix(treewide): remove trailing whitespace
Change-Id: I3116d3f397ba309be2418e188327143c7187b789
Reviewed-on: https://cl.snix.dev/c/snix/+/30235
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Paul Meyer <katexochen0@gmail.com>
Autosubmit: Paul Meyer <katexochen0@gmail.com>
2025-03-22 17:29:59 +00:00
Florian Klink
8e1fa6435c chore(ops/nixos): drop ops.rebuild-system
This doesn't really work in all cases anyways, and currently isn't used
to deploy - remove it.

Change-Id: I6684d9583cb036d851ab6cd9f4c811973a7882fc
Reviewed-on: https://cl.snix.dev/c/snix/+/30242
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-22 15:57:46 +00:00
Florian Klink
22c2770f42 fix(ops/machines/build01): switch to Lix in nix.package
There's been a lot of

```
nix-daemon[2039685]: unexpected Nix daemon error: error: writing to file: Broken pipe
```

log messages, and failed builds in CI.

These don't seem to occur with Lix.

Change-Id: Ida277064282905154ea9265f935a221bf8006c8d
Reviewed-on: https://cl.snix.dev/c/snix/+/30225
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-21 13:46:35 +00:00
Paul Meyer
df802d93df fix(treewide): add missing final newlines
Change-Id: Ib20d37803d56a2d1b7b6ddfc0d5a80b65eff29ed
Reviewed-on: https://cl.snix.dev/c/snix/+/30232
Autosubmit: Paul Meyer <katexochen0@gmail.com>
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-03-21 13:33:32 +00:00
Florian Klink
d99819280a feat(ops): configure email for Forgejo
This configures Forgejo to use the "Forgejo" Message Stream on our "Snix"
server in Postmark.

Change-Id: I298966a8b43b55b0f1992a8fedf0fffcd6dde472
Reviewed-on: https://cl.snix.dev/c/snix/+/30206
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-21 01:40:52 +00:00
Florian Klink
3191a6c8d0 feat(ops): configure sendemail for gerrit
This configures Gerrit to use the "Gerrit" Message Stream on our "Snix"
server in Postmark.

Change-Id: I4d021919c666aabc94008f9f705163cb9639f1aa
Reviewed-on: https://cl.snix.dev/c/snix/+/30205
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-21 01:40:52 +00:00
adisbladis
7aef14c57f chore(ops/besadii): switch from buildGo to buildGoModule
Change-Id: I0457419d6b74d4f4c3c999a656a22ddd6c9d9ac3
Reviewed-on: https://cl.snix.dev/c/snix/+/30186
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-03-20 21:25:25 +00:00
adisbladis
b69cd940cf feat(ops/secrets): Use korora for type checking secrets
Type checking of secrets was removed in cff6575948 to get rid of yants.
This adds back type checking using Korora.

Fixes https://git.snix.dev/snix/snix/issues/71
Change-Id: I27cd47b7e1810be5c4cd5d86366e860ca217f9c4
Reviewed-on: https://cl.snix.dev/c/snix/+/30118
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-03-20 21:25:05 +00:00
Florian Klink
cfe842effa feat(ops/dns): setup Postmark DNS records
This configures the DNS records necessary to send emails from Postmark.

Change-Id: I2e55151f40c4f5e54f6d7f06ae24f2e863b7c656
Reviewed-on: https://cl.snix.dev/c/snix/+/30204
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-03-20 21:18:40 +00:00
Florian Klink
29b4d0367b chore(ops/kontemplate): drop
We don't use this.

Change-Id: I3e6825521928f444a50426e493f448400c752b4e
Reviewed-on: https://cl.snix.dev/c/snix/+/30183
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
2025-03-20 13:57:33 +00:00
Raito Bezarius
dd7372782a feat(ops/modules/monorepo-gerrit): link to Forgejo issues
They are linked to Snix repo because this is the only one we are using.

Fixes #81.

Change-Id: I3c47547128a7dc5e1fe67a8fbe87b17c7e94f153
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Reviewed-on: https://cl.snix.dev/c/snix/+/30144
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-03-20 13:46:01 +00:00
Raito Bezarius
77669c14d2 fix(ops/modules/monorepo-gerrit): fix CL links
They were not going to q/ but just the root of the website, this was not
working.

Change-Id: I1acda0bb630198a8eef5b6fe991a395f1be1f796
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Reviewed-on: https://cl.snix.dev/c/snix/+/30170
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-03-20 13:44:00 +00:00
Raito Bezarius
7643267eb2 feat(ops/modules/monorepo-gerrit): re-enable Code Owners
Code Owners was disabled because it's very sensitive about the identity
of the committers and while pushing the original history, this was a
distraction.

Now that the history has been pushed and everyone is back to their
normal identity, it's fine to enable it again.

Fixes #83.

Change-Id: I4181d6af4eca489d4827b1c1ee606dfbb28a05c9
Reviewed-on: https://cl.snix.dev/c/snix/+/30173
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
2025-03-20 13:33:28 +00:00
Raito Bezarius
5d789a3ef4 chore(ops/modules/monorepo-gerrit): drop more unnecessary code
We are not going to use Panettone neither r/ revisions.

Change-Id: Icc037fc02861cfbe53690ca6641eb7ea777f7b74
Reviewed-on: https://cl.snix.dev/c/snix/+/30172
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-03-20 13:33:28 +00:00
Florian Klink
91c752549c fix(ops/machines): set build-dir Nix setting
It looks like setting TMPDIR did not have the desired effect. I still
see a bunch of recent nix-build directories in /tmp.

Let's use the dedicated nix.conf setting, maybe it does do the job.

Change-Id: I17dc1e33bd0f20707adfbf9ad925251ac9aa77a5
Reviewed-on: https://cl.snix.dev/c/snix/+/30171
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
2025-03-20 12:36:48 +00:00
Florian Klink
3bd4674179 refactor(ops): use ops.users for ssh keys consistently
Add other keys used in the snix-cache VM to //ops/users, and drop the
`all` alias.

Change-Id: I030d0d49e8a6d9e3d8f1e1c2fc19f17ecb7ecb93
Reviewed-on: https://cl.snix.dev/c/snix/+/30165
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-20 12:21:44 +00:00
Florian Klink
ae4d967288 chore(ops): move archivist machine to ops and contrib
contrib/ gets the clickhouse patching, the bucket log parsing code and
the awscli setup and shell.

ops/ gets the machine config itself.

Change-Id: If8b8f8cce5ca9c2b4d19e17be9a8b895ac35e84a
Reviewed-on: https://cl.snix.dev/c/snix/+/30163
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-20 12:21:44 +00:00
Florian Klink
c3de9e21eb chore(ops): move nixos-tvix-cache to ops/machines
Change-Id: Id112f4e9ef195f9366a11f7b0dce326e7951fb49
Reviewed-on: https://cl.snix.dev/c/snix/+/30142
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
2025-03-20 12:21:44 +00:00
Raito Bezarius
8eca846d09 fix(ops/machines/build01): put Nix builds temp dir in /var/tmp
This solves issues such as
```
cargo:warning=Fatal error: can't create
/build/source/target/debug/build/zstd-sys-fa4cde6de82f89a8/out/88f362f13b0528ed-zstd_decompress_block.o:
No space left on device
```

on the Buildkite CI.

Fixes #82.

Change-Id: Iee9516d8d595b718824c3e7b28c01c3ef9e9d090
Signed-off-by: Raito Bezarius <raito@lix.systems>
Reviewed-on: https://cl.snix.dev/c/snix/+/30143
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-03-19 20:55:02 +00:00
Florian Klink
9e7cadeded fix(ops): delete email config for now
We don't have an email server configured (yet), we can resurrect it once
we do.

Change-Id: I568075154c6169d031462f39b43ce5897a754f19
Reviewed-on: https://cl.snix.dev/c/snix/+/30109
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 21:52:06 +00:00
Florian Klink
512cbb0813 fix(ops/machines/build01): stop using Nix 2.3 in CI
There's been a few deadlock problems with Nix 2.3, as discusssed in the
commit message of https://cl.tvl.fyi/c/depot/+/12334.

However, since the fork nothing prevents us from dropping the Nix 2.3
requirement for CI.

Change-Id: Ib00603597dbc11dc1b619fdeee264d7d519eaa02
Reviewed-on: https://cl.snix.dev/c/snix/+/30108
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 17:29:38 +00:00
Florian Klink
a59e95a287 fix(ops/nixos): don't set nixpkgs.pkgs explicitly
As soon as you pass in an already-instantiated nixpkgs version, it will
cause nixpkgs.hostPlatform etc. to be not applied.

This means it's impossible to describe the architecture of a VM closure
you're deploying, and have it deviate from the machine you're evaluating
from, making it quite hard to deploy that x86_64-linux machine from
aarch64-linux (where I'm writing this commit message from).

Drop explicitly passing in nixpkgs.path, and set nixpkgs.hostPlatform
explicitly for all remaining system configurations in the repository
where not already set.

Change-Id: Ie2a596e0826da54674b4f02fcd8fed3569fee0a4
Reviewed-on: https://cl.snix.dev/c/snix/+/30104
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 17:23:37 +00:00
Ilan Joselevich
580f03f6fd chore(ops/modules): Cleanup leftovers from TVL
Change-Id: I979cb18f3b8d461d21424e8dae6b0b2d7407809d
Reviewed-on: https://cl.snix.dev/c/snix/+/30106
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 17:12:35 +00:00
Florian Klink
7b36b8e285 chore(ops/keycloak): move oauth application to snix-project org
This was a personal application before, now it's at the `snix-project`
org.

Change-Id: I6df9393f23593f58739f331e73103022301b4f11
Reviewed-on: https://cl.snix.dev/c/snix/+/30101
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 15:28:54 +00:00
Ilan Joselevich
aefa1eaa28 chore(ops/secrets): remove old secrets from TVL
Change-Id: Id7ffd405bbc7cf1d5b09a9a90941e0f3e7ebd574
Reviewed-on: https://cl.snix.dev/c/snix/+/30100
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 14:51:11 +00:00
Florian Klink
bc62fc0354 chore(ops/builderball): drop
This is unused.

Change-Id: Ida0764680ff128d80580418a8b1a8bc6576c0f07
Reviewed-on: https://cl.snix.dev/c/snix/+/30081
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
2025-03-18 00:24:20 +00:00
Florian Klink
afc5c152b8 fix(ops/modules/www): fix rustdoc redirect
Change-Id: Icd78c2209c20aee0931622bfb914e9dc5978d23d
2025-03-17 21:50:54 +00:00
Florian Klink
68896423b9 fix(ops/pipelines): drop snix trigger
This was previously only used to fix the Tvix subtree pipeline, not the
depot pipeline.

Running it for refs/heads/canon in snix is gonna trigger a lot of
unnecessary builds.

Change-Id: I1b5fdfcc0fe5408cda27053beb317cfeecdc6ca4
2025-03-17 21:31:38 +00:00
Florian Klink
a740b08027 fix(ops/pipelines): fix trigger step
The slug of the pipeline to trigger is snix.

Change-Id: I31941451ffc7680ea316c9adf5c933a562f819bc
2025-03-17 21:07:29 +00:00
Florian Klink
3ca022e5c1 fix(ops/pipelines/depot): fix targeting for anchor step
There is no nevsky here.

Change-Id: Id92356e1a401b24b958694cee1268358a58975cd
2025-03-17 21:07:29 +00:00
Ryan Lahfa
a2d77189df fix(ops/secrets/gerrit-autosubmit): rekey
Change-Id: I8591fddbb7583ae51d67269ae6b055ddb619ddb6
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:16:18 +00:00
Ryan Lahfa
b6516a9605 fix(ops/modules/buildkite): merge tags appropriately
Everything was large=true and then nothing was small=true and did not
have a hostname.

This is fixed.

Change-Id: Id90e6246f9ab44ce020d999e975dd8b4cd4492c9
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:16:18 +00:00
Ryan Lahfa
9aea7dc6df feat(ops/modules/gerrit): push r/* as well
Change-Id: I367d5136749286c377b35dd05c242a65d75b5100
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Florian Klink
2f3fbf854d feat(ops/machines/build01): bump nrBuildUsers and max-jobs
Change-Id: I8aa4e87eb41483164e284cd5649953081af92711
2025-03-17 17:15:08 +00:00
Florian Klink
c9eae6d8d8 feat(ops/machines/build01): use large slots
build01 can deal with llama.

Change-Id: I9c01dabfb4dfff0061fd16ea37ef8dc0693ad453
2025-03-17 17:15:08 +00:00
Ryan Lahfa
a7916624dc feat(ops/users): move ops' keys in ops/
Change-Id: Ia51eaea658030a893e36d9d6b0c999ca7e71133e
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Ryan Lahfa
073142f796 feat(ops/www/gerrit): backward compatibility to TVL shortlinks
cl.snix.fyi/q/$ID where $ID ≤ 30K will redirect (301) to
cl.tvl.fyi/q/$ID to keep the old links working.

Change-Id: I27b496a1c52a3de3d106292ba7a2931b0f15fa49
Signed-off-by: Ryan Lahfa <raito@lix.systems>
2025-03-17 17:15:08 +00:00
Florian Klink
dd392ef054 feat(ops/keycloak): add GitLab SSO
Change-Id: I41ee3cb2988288e6b282d85b111c41064f09eaec
2025-03-17 17:15:08 +00:00
Florian Klink
97f22e0ea6 fix(ops/modules/forgejo): disable downloading source archives
We're probably getting crawled by LLM scrapers, and this unnecessarily
fills up disk space.

Change-Id: Ib20d04337aa26a73889c97d12fb109261b8da56d
2025-03-17 17:15:08 +00:00