Commit graph

1134 commits

Author SHA1 Message Date
Vincent Ambo
1e51a2135d fix(ops/nixos/camden): Configure nginx to not log hostnames
Hostname prefixes break JSON serialisation, leading to useless
Stackdriver Logging entries.
2020-02-21 16:01:54 +00:00
Vincent Ambo
703aebe6a9 feat(ops/nixos/camden): Install jq 2020-02-21 15:43:07 +00:00
Vincent Ambo
6e4df43f62 feat(ops/nixos/camden): Forward logs to Stackdriver Logging
Enables the journaldriver service to forward logs into a "home"
log-stream in the "tazjins-infrastructure" project.

The service account key for camden has been placed on the machine
manually.
2020-02-21 15:35:51 +00:00
Vincent Ambo
7290a18cb1 chore(ops/nixos/nugget): Remove input-fonts package
My default font is now Jetbrains Mono everywhere.
2020-02-21 13:54:53 +00:00
Vincent Ambo
4bbbb58cb5 chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
Vincent Ambo
0e54b3eb6a Merge branch 'fix/camden-trusted-users' 2020-02-17 01:02:06 +00:00
Vincent Ambo
ce4042ede7 fix(ops/nixos/camden): Add myself to trusted Nix users 2020-02-17 01:00:12 +00:00
Vincent Ambo
494e006c6b fix(ops/nixos/camden): Use pounce from //third_party 2020-02-17 00:52:07 +00:00
Vincent Ambo
1b31b47ef1 feat(ops/nixos/camden): Install pounce on camden 2020-02-17 00:22:19 +00:00
Vincent Ambo
5bfd2f70ad feat(ops/nixos/camden): Enable support for mosh 2020-02-17 00:06:55 +00:00
Vincent Ambo
4fed63d892 Merge branch 'feat/camden-migration' 2020-02-17 00:04:38 +00:00
Vincent Ambo
120ec820d1 chore(ops/nixos/nugget): Add /etc/hosts entries for camden hostnames 2020-02-17 00:03:31 +00:00
Vincent Ambo
2fd6ec650b refactor(ops/nixos/camden): Merge ACME certificate blocks 2020-02-14 12:00:12 +00:00
Vincent Ambo
bcc797fa2f feat(camden): Move to actual tazj.in hostnames 2020-02-14 11:49:04 +00:00
Vincent Ambo
c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00
Vincent Ambo
4feb306763 feat(ops/nixos/camden): Add nginx vhost for cgit at git.camden 2020-02-12 01:09:03 +00:00
Vincent Ambo
7373edf73a feat(ops/nixos/camden): Move ACME configuration out of nginx
This makes it possible to re-use the same provisioning mechanism for
multiple related domains.
2020-02-12 01:08:27 +00:00
Vincent Ambo
8e52e74bd3 feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
2020-02-12 01:04:12 +00:00
Vincent Ambo
b4c0292753 fix(nix/tailscale): Fix incorrect Tailscale ACL config type 2020-02-11 21:00:50 +00:00
Vincent Ambo
675fed2dca feat(ops/nixos/camden): Serve /blobs/ from /var/www/blobs
This directory is writeable by me and is intended to make it easy to
serve random blobs.
2020-02-11 20:54:50 +00:00
Vincent Ambo
31b021e629 feat(ops/nixos/camden): Enable haveged entropy "generator" 2020-02-11 20:54:31 +00:00
Vincent Ambo
dbb24e0377 feat(ops/nixos/nugget): Set up nginx serving homepage & blog
This nginx does not currently log access correctly because for some
impenetrable reason (as is tradition), neither /dev/stdout nor
/dev/fd/1 exist for nginx at runtime. This is probably systemd's
doing, but I'll debug it later.
2020-02-11 19:32:21 +00:00
Vincent Ambo
2e95822712 fix(ops/nixos/camden): Use package set from depot pin 2020-02-11 16:46:15 +00:00
Vincent Ambo
df1a4fef2b feat(nix/tailscale): Add function for generating tailscale ACLs
... and use it on Camden!
2020-02-11 16:36:28 +00:00
Vincent Ambo
44b57d095b feat(ops/nixos/camden): Join camden.tazj.in into Tailscale mesh 2020-02-11 16:27:34 +00:00
Vincent Ambo
aaa0119a37 fix(ops/nixos): Add camden to rebuilder script
This should probably be templated instead.
2020-02-11 15:49:29 +00:00
Vincent Ambo
3b88611336 feat(ops/nixos): Add initial configuration for host camden 2020-02-11 15:41:00 +00:00
Vincent Ambo
a8792f8372 feat(ops/nixos/nugget): Enable tailscale-relay 2020-02-11 00:55:46 +00:00
Vincent Ambo
b586a04a0a feat(ops/nixos): Add NixOS module for running tailscale
This uses the "legacy" tailscale Linux client, but built from source
as per the previous commits.
2020-02-11 00:53:09 +00:00
Vincent Ambo
77085f5876 chore(ops/nixos/nugget): Install tailscale on nugget 2020-02-11 00:09:34 +00:00
Vincent Ambo
21e0279e08 chore(ops/infra/k8s): Bump website replicas to 3
There are typically 3 machines in the cluster, might as well have 3
website instances!
2020-02-09 02:21:09 +00:00
Vincent Ambo
4a18b3971a fix(ops/infra/k8s): Send www.* to nginx for redirections 2020-02-09 01:54:13 +00:00
Vincent Ambo
d0800197c4 feat(ops/infra/k8s): Add website deployment configuration 2020-02-09 01:30:56 +00:00
Vincent Ambo
87967d5be3 docs: Update README with new website setup 2020-02-09 01:30:34 +00:00
Vincent Ambo
eb6e64ad47 chore(ops/infra/k8s): Delete tazblog deployment 2020-02-09 01:27:46 +00:00
Vincent Ambo
1d7b1334fd feat(ops/nixos/nugget): Install i3lock 2020-02-08 13:32:25 +00:00
Vincent Ambo
ba20ee65f6 feat(ops/nixos/nugget): Enable pcscd & install Yubikey tools 2020-02-07 12:14:37 +00:00
Vincent Ambo
76f7ace273 feat(ops/nixos/nugget): Enable U2F hardware support 2020-02-04 23:41:52 +00:00
Vincent Ambo
264a55e2e0 feat(ops/nixos/nugget): Install unzip 2020-01-25 20:39:54 +00:00
Vincent Ambo
e50c669310 feat(ops/nixos/nugget): Enable Keybase "service" 2020-01-20 22:31:29 +00:00
Vincent Ambo
e93913d6cd feat(ops/mq_cli): Bump dependencies & add derivation 2020-01-20 13:50:29 +00:00
Vincent Ambo
336937814c feat(ops/posix_mq.rs): Set up Nix build 2020-01-20 11:59:21 +00:00
Vincent Ambo
0d4c93878d chore(ops): Remove deprecated .travis.yml files 2020-01-20 11:51:24 +00:00
Vincent Ambo
0b146dc079 chore(ops/posix_mq.rs): Update crate dependencies to recent versions
First bump since 2017! This changes the code to be compatible with
newer versions of the `nix` crate, which has shuffled things around a
bit.
2020-01-20 11:51:24 +00:00
Vincent Ambo
4bc3196c9a Add 'ops/mq_cli/' from commit 'df29b08bff'
git-subtree-dir: ops/mq_cli
git-subtree-mainline: b59c7e693c
git-subtree-split: df29b08bff
2020-01-20 11:32:26 +00:00
Vincent Ambo
b59c7e693c Add 'ops/posix_mq.rs/' from commit 'f7d1a38da6'
git-subtree-dir: ops/posix_mq.rs
git-subtree-mainline: 8f68497269
git-subtree-split: f7d1a38da6
2020-01-20 11:32:02 +00:00
Vincent Ambo
1f68644dc9 feat(third_party/guile): Override guile to version 3.0.0
Lets try this thing out!
2020-01-19 19:34:39 +00:00
Vincent Ambo
0a3613996f feat(ops/nixos/nugget): Install miller 2020-01-19 18:56:44 +00:00
Vincent Ambo
7b011de1b8 chore(ops/nixos/nugget): Aimlessly tweak font configuration
These settings seem to be very mildly better than what I had before,
but I'm not entirely sure.
2020-01-19 16:38:32 +00:00
Vincent Ambo
ee34920a98 fix(infra/k8s/nixery): Add GCSR hosts to SSH known_hosts for Nixery
Unsure how this worked at all previously?
2020-01-19 02:17:52 +00:00