This annotation is used to permit routes defined by regexes instead of
simple prefix matching. This is used by our synapse deployment for
routing incomming HTTP requests to diffferent Synapse components.
I've stumbled upon this while deploying a new Matrix/Synapse instance.
This hasn't been yet a problem because the existing ingresses for Matrix
deployments predate admitomatic.
Change-Id: I821e58b214450ccf0de22d2585c3b0d11fbe71c0
Instead of manually packaging leaflet.js into the Git repository, this
uses an http_archive to download it on demand, and augments the static
serving code to accept different regexes as paths so that the
http_archive's contents can be served directly.
Change-Id: Icb8d624fea855fb748f107471133ac8adb5f2776
This rips out the existing HTML and CSS. In the end, we're not going to
use it.
In its place, it adds a simplistic landing page, hoping to gather more
attention and curiosity from other hackers that would like to make it
prettier.
Change-Id: I322b071a8510536bd6aad9252ae7aa8fe3a734bc
This reimplements the blog rendering functionality and the main/index
page.
www-main used to combine multiple atom feeds into one (Redmine and the
wordpress blog at blog.hackerspace.pl). We retain the functionality, but
only render the wordpress blog now (some other content might follow).
We also cowardly comment out the broken calendar iframe.
Change-Id: I9abcd8d85149968d06e1cb9c97d72eba7f0bc99f
This renders the About and About-but-in-English templates already
present.
It integrates header.html and rotimage_at.html into the basic template.
These were separates so that different webapps on boston-packets could
serve the same header file from the same sources, but this approach will
have to be abandoned for this version of the site anyway.
We'll have to figure out how/if to share these things between different
webapps, but probably only after we actually come up with a new site
theme. Let's keep it simple for now.
We also skip porting the 'subscribe to lists' template and
functionality, as it's broken right now anyway.
Change-Id: Ia89bfcaa1e250bd74d1771e095b3c8505b08c606
This adds a minimum serving Go binary, and static/template file
embedding.
The templates are not yet served or even loaded. The static files are
served at /static/..., eg.:
$ curl 127.0.0.1:8080/static/mapka.png
Change-Id: Iedd8696db2c2e5d434dc2e7fbd0199d0f6ee5fff
Retrieved from code.hackerspace.pl/q3k/www-main at
afd7415f582b474e737f830037e4c23178220032 .
No cleanup/conversion yet - straight from the repository.
Change-Id: Ia7ef50483541863cb1a7509607d549cdfe15522e
Apart from this, we also had to manually edit the registration yaml to
add @libera_ and #libera_ prefixes to the allowlists.
Change-Id: If85f58cf3d1291e0bf9099ef13d9397040a47782
This implements the main identd service that will run on our production
hosts. It's comparatively small, as most of the functionality is
implemented in //cluster/identd/ident and //cluster/identd/kubenat.
Change-Id: I1861fe7c93d105faa19a2bafbe9c85fe36502f73
This doesn't have to be publicly reachable, as the future
//cluster/identd will dial into the pod directly to access the
appservice's identd.
Change-Id: I139341ead76309a6640eeb9a278462565290dd34
This is a high-level wrapper for querying identd, and uses IdentError to
carry errors received from the server.
Change-Id: I6444a67117193b97146ffd1548151cdb234d47b5
This is the first pass at an ident protocol client. In the end, we want
to implement an ident protocol server for our in-cluster identd, but
starting out with a client helps me getting familiar with the protocol,
and will allow the server implementation to be tested against the
client.
Change-Id: Ic37b84577321533bab2f2fbf7fb53409a5defb95
We want to access the clientset (or at least check the fact that we're
in a cluster) outside of the Mirko object lifecycle.
In reality, this should _probably_ be moved outside of the Mirko library
and get a better API than this (ie. one that returns complete
information about the state of being in production/dev/...).
Change-Id: I86444477e0306a39a1611207855127a7b963603e
These can be used by production jobs to get the source port of the
client connecting over HTTP. A followup CR implements just that.
Change-Id: Ic8e29eaf806bb196d8cfcfb604ff66ae4d0d166a
* changes:
matrix.hackerspace.pl: add secret appservice-irc mappings
matrix.hackerspace.pl: give appservce-irc admin access to q3k and inf
matrix.hackerspace.pl: disable bootstrap jobs
matrix: appservice-irc: set debugService.enable if needed
matrix: add bootstrapJob config flag to appservices
matrix: bump appservice-irc
This emits short-lived user credentials for a `dev-user` in crdb-waw1
any time someone prodaccesses.
Change-Id: I0266a05c1f02225d762cfd2ca61976af0658639d
DeveloperCredentialsLocation used to glog.Exitf instead of returning an
error, and a consumer (prodaccess) used to not check the return code.
Bad refactor?
Change-Id: I6c2d05966ba6b3eb300c24a51584ccf5e324cd49
These contain a channel key for a secret channel.
We also had to migrate the appservice-irc config to a secret.
Change-Id: I92c7cdf9679f65d9e655e22d690cef2e83180135
This is the case for any IRC server that has ignoreIdleUsersOnStartup
set, because of what seems like an appservice-irc bug.
Change-Id: If5063a3bc2d79c7f2fc79ec7560bf9bfe2b25aba
This allows us to bypass the issue where Kubernetes jobs cannot be
updated once completed, so bumping appservice image versions was
painful.
But really, though, this is probably someting that kubecfg/kartongips
should handle.
Change-Id: I2778c5433f699db89120a3c44e55d2fbe2a10015
We don't have pug/scss in Bazel/hscloud, so we just go ahead and rewrite
this to the lowest common denominator of web technologies.
Alternatively, we could at least go for gcss, which does have Bazel
rules - but it's probably not worth the effort.
Change-Id: I379157d8fd8682c4bcb87768e9cfe1f051fe9033