Commit graph

1193 commits

Author SHA1 Message Date
97b5cd7b58 go: re-do the entire thing
This is a mega-change, but attempting to split this up further is
probably not worth the effort.

Summary:

1. Bump up bazel, rules_go, and others.
2. Switch to new go target naming (bye bye go_default_library)
3. Move go deps to go.mod/go.sum, use make gazelle generate from that
4. Bump up Python deps a bit

And also whatever was required to actually get things to work - loads of
small useless changes.

Tested to work on NixOS and Ubuntu 20.04:

   $ bazel build //...
   $ bazel test //...

Change-Id: I8364bdaa1406b9ae4d0385a6b607f3e7989f98a9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1583
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 21:50:19 +00:00
291f554164 go/pki: show helpful hint to new contributors about -hspki_disable
Change-Id: I714f503f5962578055b99009aa0eccb72517d37b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1562
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 20:45:15 +00:00
26fb573055 doc: improve cluster/user docs, make it more discoverable
Change-Id: Icbb348865a442a01a3ab191dad88662a88635007
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1565
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 20:44:48 +00:00
603b4f7293 hswaw/kube: add radex to admins
Change-Id: I4f60b139bb86b52399ad84a5373ac5e1eb8828f9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1621
Reviewed-by: radex <radex@hackerspace.pl>
2023-09-22 20:44:29 +00:00
69dd2bfd2a hswaw/paperless: grant access to zarzad *and* paperless-admin groups
Change-Id: I622ee8818da2097914cf0da433e3832d680286db
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1587
Reviewed-by: arsenicum <arsenicum@hackerspace.pl>
2023-09-17 22:33:19 +00:00
f5b1a215f4 app/mailman-web: create
There's a lot of ugly hacks here, but this has been the state of prod
for months now, so we should reflect that.
Also, this bumps a bunch of workspace deps.

Change-Id: I744e0d3aff27036cfed73416cf442c7d62444a8b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1473
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-10 21:11:37 +00:00
8036d7f4da hswaw/site: update README, fix non-breaking whitespace and nitpicks
Change-Id: Id9dac11a1b4f2ac527dacf96e3b5c6fb79f1f3a4
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1561
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-02 16:35:40 +00:00
6715080ebc doc/codelabs: stub of bazel-go.md
Change-Id: Icf408f9edddfb5e446b2675485c6f9e17ff7357a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1564
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-02 16:32:48 +00:00
54183ba222 go/workspace: fix nix-instantiate exec error typecast
Also skip nix tests on systems without nix.

Change-Id: I4c0069a429df10a496b2651c2506b2d4625d5f43
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1585
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-01 17:22:41 +00:00
0d3e609013 bazlets: use python3
Change-Id: Idf8ec4b70eed991874a0bcdcced132b9f6da3f83
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1584
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-01 17:17:24 +00:00
7631880620 *: remove java/minecraft
Change-Id: Id2b1e69dcad240d7ef8a80b844531ef862e27dd2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1582
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-01 16:50:48 +00:00
dc03494c2c third_party/factorio: update version hashes
Change-Id: Ib4e07bdebbb913bf970db9dd124c8177b947ca04
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1581
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-01 16:50:48 +00:00
b6504238e7 *: add gomod placeholders for generated files
Change-Id: I8a4824ff31590185cd45fd43cc065bb8e2fa7bb2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1580
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-01 16:50:48 +00:00
7459bbcd89 hswaw/kube: give ar prod access
Change-Id: I1d03232389a53f7e3a52a3f695071e719482355b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1544
Reviewed-by: ar <ar@hackerspace.pl>
2023-08-17 12:40:32 +00:00
c2c66bf770 cluster/kube: update admitomatic settings for inventory
Change-Id: I62279519f93da338591b1b164878e33027b8f851
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1576
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-08-17 12:39:56 +00:00
5365e7e12c personal/radex/demo-next: add volume mount demo
Change-Id: I992d089c8d345e87667bf4040086a28b2096cc35
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1574
2023-08-15 16:17:05 +00:00
noisersup
dba676d7a8 personal: ferretdb
Change-Id: I0a460e558f2ed068d8bd899b549b230a4f27f0ca
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1573
2023-08-14 02:06:31 +00:00
ae2a725bd2 personal/radex: +demo-next
Change-Id: I7563f509e12ee1d6ec83261f3ad6386d8033fdc5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1570
2023-08-13 09:46:18 +00:00
e632263635 personal/radex/demo: +bruh
Change-Id: Ie0ed25308284f9a9dea59c456bce77968f59524f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1569
2023-08-12 15:30:18 +00:00
5e475370be personal/radex/demo: +tls
Change-Id: Ib10633b90256bbe15131326aa69e19fdc6ef21e3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1568
2023-08-12 15:30:09 +00:00
df18c80b1e personal/radex: +demo
Change-Id: I4948a4ebc33c2331ed8def3396f18def234fbd0d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1567
2023-08-12 15:29:48 +00:00
noisersup
6de8e41f5c personal: update
Change-Id: Ie5352cfab0835ee1c48660eb14092d840a344f33
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1566
2023-08-11 19:14:20 +00:00
8100a2de97 third_party: replace jq with gojq
Building jq portably is annoying, and the way we were doing it (which we
iirc stole from some google project?) sucked. Let's use a Go jq clone
instead.

This is an alternative for 1535. jq is currently used only in one
script, which could really be replaced by a Go program, but let's keep
it simple for now.

Change-Id: Ie25dffadd545df143490f510e9b75a74adf81492
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1540
Reviewed-by: palid <palid@hackerspace.pl>
2023-07-24 14:47:54 +00:00
03c2d996a0 cluster: fix prodvider deploy (after new CA)
Change-Id: Icbdb5e3ac592e9eac3a033ba50af401b706c3e78
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1541
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-24 14:15:46 +00:00
b19e8123ad tools: fix install.sh for non-Nix systems
Change-Id: Id3aa846255129d90be22bce2aa38d468d78d816c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1533
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-24 14:01:55 +00:00
7094d69a70 //go/workspace: fix go workspace on MacOS
Change-Id: I5d287d53b31c36ef19f2ea4ebc7a0647c87f2e29
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1532
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-24 14:01:46 +00:00
844b9b4353 hswaw/site: update deployment
Change-Id: If9a652956743e69cdb822b8686729b389b269e34
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1539
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-24 13:49:33 +00:00
2861c69298 hswaw/site: link statute of the association on the main page
Change-Id: I431bd047bba923c3180266b98781762d3b0c24fd
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1538
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-23 13:24:20 +00:00
1ad72123b6 mastodon: bump to 4.0.6
Fixes after the security bugfix last week.
Not yet rolled out to qa/prod.

Change-Id: I52de0dc1d082fd1c6269025b1f41d87c02c67113
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1536
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-23 11:49:09 +00:00
3cc078e27f hswaw/site: mention fediverse in the social media list
Change-Id: I47dc9b0dbd427e99961e8a81a3d3d191633d54b2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1537
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-23 11:35:14 +00:00
723dfbd829 .bazelversion: use 5.2.0, as that's what we use in nix
Change-Id: Ia64cb4d86f590992116c26b027860a554cc74ec6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1531
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-13 21:19:05 +00:00
a27733bbfc .bazelversion: init
Change-Id: I773db584702894399235642c005d602b6341ed68
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1530
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-13 21:14:58 +00:00
00c7be3fd3 hacklock: document
Change-Id: I949937a050857e3790645cc4ad93ead7a141ccf8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1526
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-09 13:02:12 +00:00
0ec2e31e83 hacklock: init at rev a
Change-Id: Ic0481ae37ca354233658ff0d8d2a9b5d7c7a5a2a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1525
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-09 13:02:12 +00:00
c69ccf8cee mastodon: bump to 4.0.5
Rolled out to prod and qa.

Change-Id: I0b66ccda2f5ffad812a9654fd7edffe239e7e576
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1524
Reviewed-by: ar <ar@hackerspace.pl>
2023-07-09 13:02:12 +00:00
10384cd394 cluster/registry: fix common namespaces
Public pull ACL in the middle had priority over our more specific rules
- moving these to the top fixes common registry namespace ACLs.

Change-Id: Ia6f05cef09c0db4eb71155d2c0e2d9944b81f903
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1522
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 23:15:37 +00:00
2e632b9247 hswaw/sound: add q3k's key
Change-Id: Ic1ee340cb875cb0858af7738d27c3c5b1f13a738
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1523
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-06-19 23:15:28 +00:00
c1f372561a cluster/admitomatic: implement opt-out namespaces
Change-Id: I32d4b019211fa755e2b3b103b88ea3f4c14e500f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1521
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-06-19 22:54:33 +00:00
9f0e1e88f1 cluster/clustercfg: rewrite it in Go
This replaces the old clustercfg script with a brand spanking new
mostly-equivalent Go reimplementation. But it's not exactly the same,
here are the differences:

 1. No cluster deployment logic anymore - we expect everyone to use ops/
    machine at this point.
 2. All certs/keys are Ed25519 and do not expire by default - but
    support for short-lived certificates is there, and is actually more
    generic and reusable. Currently it's only used for admincreds.
 3. Speaking of admincreds: the new admincreds automatically figure out
    your username.
 4. admincreds also doesn't shell out to kubectl anymore, and doesn't
    override your default context. The generated creds can live
    peacefully alongside your normal prodaccess creds.
 5. gencerts (the new nodestrap without deployment support) now
    automatically generates certs for all nodes, based on local Nix
    modules in ops/.
 6. No secretstore support. This will be changed once we rebuild
    secretstore in Go. For now users are expected to manually run
    secretstore sync on cluster/secrets.

Change-Id: Ida935f44e04fd933df125905eee10121ac078495
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1498
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 22:23:52 +00:00
a03b60b310 go/workspace: implement EvalHscloudNix
This allows us to access hscloud nix 'facts' from Go.

Change-Id: Ic8fc3350a7d073947c44529fcae0bbb8627421aa
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1508
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 22:23:52 +00:00
8e22f6c7db hswaw/pretalx: config drift - remove cronjob
Change-Id: I829a80eeed162b654151dc85e467ced85e3fa6a0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1513
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 21:20:53 +00:00
7e841065b0 *: post-certmanager manifests update
Change-Id: I745c850268c31777c5722a9833c8152a55615aed
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 21:20:44 +00:00
3dd3ff5dcd cluster/cert-manager: update to v1.5.0
Change-Id: I7a4cdadc9956141292302bc004d09d6e9e22855e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1497
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-05-26 10:38:16 +00:00
926252c871 app/matrix: synapse v1.79.0 update
Change-Id: I38a47615e7a2a212fe4d06c2e404a2ec1274a977
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1507
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
05f20b206f matrix.hackerspace.pl: disable appservice workers
Change-Id: I12a971fc967f8a45b9b0c16ddb99b9955667da18
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1506
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
6bd5d20073 app/matrix: use paths extracted directly from synapse docs for easier upgrades
Change-Id: Ife95ca0b6572074e225a0ba24a3e11d23b2d78a9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1505
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
b51cdcee68 shell.nix: fix python dependency on NixOS
hermetic python introduced in f21ca38 depends on libcrypt.so.1 which is
provided by libxcrypt

Change-Id: Iff6e34bb75320bb300811878eeb0b0bc95783697
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1504
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
1e6ae55a94 app/matrix: bump element-web
Change-Id: I5a10fbaa055dce3759a3e0e559b731b279931abe
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1503
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
ad3cb5c2e0 app/matrix: adjust media repo config to one deployed in production
Change-Id: Iac32918a1051a676377e5c3cc3c4592959a48e19
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1502
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-05-25 22:20:52 +00:00
ffdb97b7dd cluster/prodaccess: fix cert migration bug
Change-Id: I7426e60731b09c571aa7385f5213e998f04675a6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1510
Reviewed-by: ironbound <ironbound@hackerspace.pl>
2023-04-14 08:13:39 +00:00