This makes our routers less likely to reject connections when they're
being bruteforced: first, by disabling password auth (which we don't
use, anyway), second by making connection limits a bit less draconian.
Change-Id: I4e1e3b0be85dd5ad07a10610ca28a6f094249d8c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1174
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
The grapevine says that people were being fined for not supporting a
punycode domain. This was broken in rsh-unbound, so I had to fix it. I
then also realized we never were reloading unbound, so some changes
might've been slow to propagate.
Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180
Reviewed-by: q3k <q3k@hackerspace.pl>
This removes our dependency on a userspace EoIP implementation that is
mildly broken, and that doesn't build correctly on new gcc versions.
Change-Id: I404c79585336ebaf3bc1761b54ee2433f0841324
This call will return a stream of repeated Invoices, in order to submit
monthly audit summaries to accounting, including PDFs and JPK_V7 codes
(ie. GTU and SP codes).
Change-Id: Id9da2952a6358c5c2c737eee08c473c1fbcfbe7d
Also drive-by fix two proto issues:
- rename gtu_codes to gtu_code (following convention)
- move denormalized Item.due_date field past denormalized comment.
Change-Id: Ibfe0a21aadc0a5d4e2f784b182e530b9603aae62
These are codes defined in JPK_V7, ie. the control file submitted to
Polish tax authorities for all invoices created in a given month. We
need to now tag our invoices with the appropriate codes when submitting
them to our accountants, which will pass them on over to the tax
authoritiex in a JPK_V7M file.
This only adds the relevant enums and adds them to proto messages, but
does not actually implement any control/model logic.
Change-Id: I695d05b55143a248dab9346151da3c572c7665d4
This combats this:
[126624.252775] Route cache is full: consider increasing sysctl net.ipv[4|6].route.max_size.
This used to be fixed manually on edge01.waw, but we forgot to actually
set this in configuration. Whoops
Change-Id: Ibd45f019a9f4d8d6c2bf1db27f438589acaffd77
A customer was missing a static v6 route via their router. Since we
don't want to add them to networking.interfaces.routes.* (as this
restarts the whole scripted network stack in NixOS), we add them to
bird. This requires implementing hscloud.routing.static.
Change-Id: I0a205ed1e1f17a86de43aaf72ab6c2694a069112
This imports a snapshot of the current landing page (that used to be
versioned in a separate repository, but we want to pull into hscloud).
Change-Id: Ia98bca294ae64bfd57c4a4250d7d3a5a7e5f8145
instead of Python packages
As usual with Python sadness, the @pydeps wheels are built on the bazel
host, so stuffing them inside a container_image (or py_image) will cause
new and unexpected kinds of misery.
Change-Id: Id4e4d53741cf2da367f01aa15c21c133c5cf0dba
This doesn't automatically bump generated numbers - however, new users
will at least have sensible IDs now :).
To bump an existing deployment, you will have to do some mild surgery:
- edit the touched query to once generate a new, appropriate serial
(eg. 20001)
- run and seal one invoice
- restore original code (now with the new 20000 default)
In the future we should have an RPC override for the new sealed final
UID with some basic sanity checks.
Change-Id: Idd8187618869f6ea76f1b187acfbdd2f1c94005b
rules_pip has a new version [1] of their rule system, incompatible with the
version we used, that fixes a bunch of issues, notably:
- explicit tagging of repositories for PY2/PY3/PY23 support
- removal of dependency on host pip (in exchange for having to vendor
wheels)
- higher quality tooling for locking
We update to the newer version of pip_rules, rename the external
repository to pydeps and move requirements.txt, the lockfile and the
newly vendored wheels to third_party/, where they belong.
[1] - https://github.com/apt-itude/rules_pip/issues/16
Change-Id: I1065ee2fc410e52fca2be89fcbdd4cc5a4755d55