q3k
4a024bbd6a
WORKSPACE: fix for newer bazel versions
2019-05-17 18:10:02 +02:00
q3k
36cc4fb61a
bazel-cache: deploy, add waw-hdd-yolo-1 ceph pool
2019-05-17 18:09:39 +02:00
informatic
aa0e755389
app/matrix: bump oauth2-cas-proxy for service_url security
2019-05-17 12:55:48 +02:00
informatic
9ab9f61a67
app/matrix: bump riot-web version to fix broken SSO
2019-05-17 09:53:13 +02:00
informatic
c39fb04451
app/matrix: initial oauth2/casproxy setup
2019-05-17 09:13:56 +02:00
informatic
fef4c12ca1
app/matrix: appservice-irc
2019-05-16 21:05:02 +02:00
informatic
ffbb47c2b3
app/matrix: svc usage cleanup
2019-05-16 12:18:39 +02:00
q3k
a4b3767455
tools/nixops.sh: add
2019-05-15 19:23:38 +02:00
q3k
e986728648
gcp: init, add service account
2019-05-15 19:19:19 +02:00
q3k
bb77892924
tools/install.sh: soft requirement on nix
2019-05-15 19:13:11 +02:00
q3k
1e6b52a194
tools/: add nixops
...
This now means we require Nix to be installed globally. This shouldn't
be the case in the long run, but will be until
https://github.com/tweag/rules_nixpkgs/issues/75 gets fixed or we maybe
move from rules_nixpkgs to nix-bundle or something similar.
2019-05-15 19:08:25 +02:00
informatic
4b4231d900
app/matrix: disable piwik & 3pid auth, allow guest login, fix roomDirectory
2019-05-15 11:41:32 +02:00
informatic
a222691ca5
app/matrix: initial matrix test deployment WIP
2019-05-14 18:49:29 +02:00
q3k
b7e4bd4fa1
nix/cluster-configuration: pin nixpkgs for k8s
...
We pin nixpkgs for k8s and also bypass some issues with the new k8s
startup sequencing.
We also pin the kernel to 5.1.
Next step is to also pin nixpkgs for the rest of the system, I think we
can do it from within cluster-configuration.nix.
2019-05-14 01:45:48 +02:00
informatic
fc514a9b52
cluster/kube/cert-manager: don't add APIService when webhooks are disabled
2019-05-05 12:12:13 +02:00
informatic
b187bf5b2c
cluster/kube/metallb: downgrade to 0.7.3
2019-05-05 12:11:14 +02:00
q3k
ac140b3427
go/svc/invoice: statusz cleanups
...
- Remove internal ID
- Sort by time
2019-05-01 17:11:47 +02:00
q3k
3976e3cee8
go/svc/invoice: refactor
...
We unify calculation logic, move the existing Invoice proto message into
InvoiceData, and create other messages/fields around it to hold
denormalized data.
2019-05-01 15:27:49 +02:00
q3k
57ef6b0d7f
go/svc/invoice: add statusz
2019-05-01 14:08:29 +02:00
q3k
c2d322c504
go/svc/invoice: polishify
2019-05-01 13:14:32 +02:00
q3k
fb18c99df3
go/svc/invoice: import from code.hackerspace.pl/q3k/inboice
2019-05-01 12:27:43 +02:00
q3k
258686cf9a
WORKSPACE: bump gazelle for go 1.12
2019-05-01 12:26:43 +02:00
q3k
a9bb1d5b5b
tools/secretstore: fix decryption of updated secrets
2019-04-28 17:13:12 +02:00
q3k
4232c8b733
nix: bump to new k8s
2019-04-28 17:12:54 +02:00
q3k
b245865087
app/registry: allow anonymous pull access and temporary vms/ push access
2019-04-19 14:41:10 +02:00
q3k
3e59718d3a
WORKSPACE: add bazel docker rules
2019-04-19 14:40:47 +02:00
q3k
321fad9865
cluster/kube/rook: lower debug
2019-04-19 14:14:36 +02:00
q3k
ed2e670c8b
cluster/kube/rook: bump to ceph v14 fully
2019-04-19 13:27:20 +02:00
informatic
56918237ed
cluster: update ceph README
2019-04-09 23:48:33 +02:00
informatic
2c5391b6e6
tools/rook-s3cmd-config: tool to generate s3cmd config from rook.io secrets
2019-04-09 23:30:38 +02:00
informatic
7adc0eb998
app/registry: migrate to ceph object storage
2019-04-09 22:39:42 +02:00
informatic
5ac85c6e73
cluster/kube: refactor rook.io object store configuration
2019-04-09 21:45:32 +02:00
informatic
6da3b288dc
WIP: app/registry: ceph object storage
2019-04-09 13:48:21 +02:00
informatic
e24ccd678c
clustercfg: fix broken admincreds generation
2019-04-09 13:43:54 +02:00
informatic
dc1e5f0cb4
README: update according to new bazel paradigm(tm)
2019-04-09 13:30:28 +02:00
informatic
c10f00b7da
tools/secretstore: decrypt secrets when requesting plaintext path
2019-04-09 13:29:33 +02:00
informatic
598a079f57
clustercfg: extract cfssl handling to separate function
2019-04-09 13:29:33 +02:00
q3k
acd001bf83
tools: add cfssl
2019-04-09 13:17:06 +02:00
q3k
73cef11c85
*: rejigger tls certs and more
...
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
2019-04-07 00:06:23 +02:00
q3k
208f005830
go/svc/leasifier: sort returned leases
2019-04-06 01:28:04 +02:00
q3k
a9a266c08c
go/svc/leasifier: fixes, add statusz table
2019-04-06 01:21:25 +02:00
q3k
1affad42e7
go/statusz: factor out load avg to separate file
2019-04-06 01:21:04 +02:00
q3k
3a2a693e0c
WORKSPACE: bump go
2019-04-06 01:20:19 +02:00
q3k
9dc4b68f24
go: add bazel buildfiles, implement leasifier
2019-04-05 23:53:25 +02:00
q3k
efc7928a73
go/vendor: nuke
2019-04-05 23:50:28 +02:00
q3k
6916f7e244
app/toot: start implementing redis
2019-04-04 16:54:00 +02:00
q3k
242152f65e
cluster/kube/lib/metallb: bump memory hoping to prevent crashes
2019-04-04 16:54:00 +02:00
informatic
ac38d5aeb1
app/registry: oauth2 authentication
2019-04-03 08:41:20 +02:00
informatic
6dc4839d74
app/registry: initial docker registry setup
2019-04-02 18:59:37 +02:00
q3k
0f78cea802
Merge branch 'master' of hackerspace.pl:hscloud
2019-04-02 14:45:23 +02:00