This is a small service for accessing git repos read-only over gRPC.
It's going to be used to allow hackdoc to render arbitrary versions of
hscloud.
Change-Id: Ib3c5eb5a8bc679e8062142e6fa30505d9550e2fa
This is hackdoc, a documentation rendering tool for monorepos.
This is the first code iteration, that can only serve from a local git
checkout.
The code is incomplete, and is WIP.
Change-Id: I68ef7a991191c1bb1b0fdd2a8d8353aba642e28f
For us this manifests when doing
kubecfg update cluster/kube/cluster.libsonnet
To be precise: when hitting the Ceph/Rook CRD definition.
This is a weird bug. I've seen it manifest earlier on NixOS, but I am
now also seeing it on Gentoo. I've thought that it was because of Go API
breakage, but I've quickly tried to specify older toolchain versions,
but that didn't seem to help? :/
Regardless, I've applied a patch by rnb [1] that seems to fix this. I
also have a suspicion that updating to a newer k8s version might just
fix this, that's why I'm not not too concerned about this for now.
[1] - a32521024f
Change-Id: Id66e3c0bd56e84d785e1baeca86373aa2d0eb6f9
This is an IRC/Telegram bridge.
It does multi-account puppet-like access to IRC making everyone's life
easier.
Compared to teleirc it also:
- is smarter about converting messages
- uses teleimg for public image access
- is not written in JS
Experimental for now.
Change-Id: I66ba3f83abdfdea6463ab3be5380d8d3f2769291
This is a shitty small proxy to unfuck telegram's bot image URLs, ie. do
not add content-disposition and send a proper MIME in content-type.
It also does some local caching and hides the Telegram API token.
Change-Id: I0afb29ca3f1807a13fa157fdcf486ee4c857f08d
rules_pip has a new version [1] of their rule system, incompatible with the
version we used, that fixes a bunch of issues, notably:
- explicit tagging of repositories for PY2/PY3/PY23 support
- removal of dependency on host pip (in exchange for having to vendor
wheels)
- higher quality tooling for locking
We update to the newer version of pip_rules, rename the external
repository to pydeps and move requirements.txt, the lockfile and the
newly vendored wheels to third_party/, where they belong.
[1] - https://github.com/apt-itude/rules_pip/issues/16
Change-Id: I1065ee2fc410e52fca2be89fcbdd4cc5a4755d55
Prodaccess/Prodvider allow issuing short-lived certificates for all SSO
users to access the kubernetes cluster.
Currently, all users get a personal-$username namespace in which they
have adminitrative rights. Otherwise, they get no access.
In addition, we define a static CRB to allow some admins access to
everything. In the future, this will be more granular.
We also update relevant documentation.
Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153
This uses github.com/golang-migrate/migrate and adds a Source that
allows using go_embed data files.
We also provide a test/example.
Change-Id: Icd2b6c7f7d0f728073b3fdf39b432b33ce61a3cd
We add a small IRR service for getting a parsed RPSL from IRRs. For now,
we only support RIPE and ARIN, and only the following attributes:
- remarks
- import
- export
Since RPSL/RFC2622 is fucking insane, there is no guarantee that the
parser, especially the import/export parser, is correct. But it should
be good enough for our use. We even throw in some tests for good
measure.
$ grpcurl -format text -plaintext -d 'as: "26625"' 127.0.0.1:4200 ix.IRR.Query
source: SOURCE_ARIN
attributes: <
import: <
expressions: <
peering: "AS6083"
actions: "pref=10"
>
filter: "ANY"
>
>
attributes: <
import: <
expressions: <
peering: "AS12491"
actions: "pref=10"
>
filter: "ANY"
>
>
Change-Id: I8b240ffe2cd3553a25ce33dbd3917c0aef64e804
We start having the need to have our own production image instead ofjust
a bare Ubuntu image. For instance, octorpki will need rync and TLS CA
bundles.
Change-Id: Ia8d9604ae8c320f858cfe8a2dc21ddcc321017ff
python_rules is completely broken when it comes to py2/py3 support.
Here, we replace it with native python rules from new Bazel versions [1] and rules_pip for PyPI dependencies [2].
rules_pip is somewhat little known and experimental, but it seems to work much better than what we had previously.
We also unpin rules_docker and fix .bazelrc to force Bazel into Python 2 mode - hopefully, this repo will now work
fine under operating systems where `python` is python2 (as the standard dictates).
[1] - https://docs.bazel.build/versions/master/be/python.html
[2] - https://github.com/apt-itude/rules_pip
Change-Id: Ibd969a4266db564bf86e9c96275deffb9610dd44
The following services were never ported:
- cmc-proxy
- arista-proxy
- m6220-proxy
- topo
They now build.
Change-Id: I0688bfe43cdff946e6662e21969ef539382c0e86
This change impelements the k8s machinery for Gerrit.
This might look somewhat complex at first, but the gist of it is:
- k8s mounts etc, git, cache, db, index as RW PVs
- k8s mounts a configmap containing gerrit.conf into an external
directory
- k8s mounts a secret containing secure.conf into an external directory
- on startup, gerrit's entrypoint will copy over {gerrit,secure}.conf
and start a small updater script that copies over gerrit.conf if
there's any change. This should, in theory, make gerrit reload its
config.
This is already running on production. You're probably looking at this
change through the instance deployed by itself :)
Change-Id: Ida9dff721c17cf4da7fb6ccbb54d2c4024672572
This now means we require Nix to be installed globally. This shouldn't
be the case in the long run, but will be until
https://github.com/tweag/rules_nixpkgs/issues/75 gets fixed or we maybe
move from rules_nixpkgs to nix-bundle or something similar.