This moves all the proxy Kube resources to proxy.libsonnet.
Effect is a zero diff against prod:
$ kubecfg diff --diff-strategy=subset prod.jsonnet
[...]
namespaces factorio unchanged
[...]
deployments factorio.proxy unchanged
[...]
services factorio.proxy unchanged
[...]
persistentvolumeclaims factorio.proxy-cas unchanged
Change-Id: I9c6281e836f7b78373aad21120340994e801f8b4
Previously: 856b216459 switched to using a
Secret instead of a ConfigMap for appservice-irc. That however didn't
update the bootstrap job which still used the ConfigMap. This fixes
that.
Change-Id: I50f33935691678ce24ecf4e04d7ce1b13c184929
This annotation is used to permit routes defined by regexes instead of
simple prefix matching. This is used by our synapse deployment for
routing incomming HTTP requests to diffferent Synapse components.
I've stumbled upon this while deploying a new Matrix/Synapse instance.
This hasn't been yet a problem because the existing ingresses for Matrix
deployments predate admitomatic.
Change-Id: I821e58b214450ccf0de22d2585c3b0d11fbe71c0
Instead of manually packaging leaflet.js into the Git repository, this
uses an http_archive to download it on demand, and augments the static
serving code to accept different regexes as paths so that the
http_archive's contents can be served directly.
Change-Id: Icb8d624fea855fb748f107471133ac8adb5f2776
This rips out the existing HTML and CSS. In the end, we're not going to
use it.
In its place, it adds a simplistic landing page, hoping to gather more
attention and curiosity from other hackers that would like to make it
prettier.
Change-Id: I322b071a8510536bd6aad9252ae7aa8fe3a734bc
This reimplements the blog rendering functionality and the main/index
page.
www-main used to combine multiple atom feeds into one (Redmine and the
wordpress blog at blog.hackerspace.pl). We retain the functionality, but
only render the wordpress blog now (some other content might follow).
We also cowardly comment out the broken calendar iframe.
Change-Id: I9abcd8d85149968d06e1cb9c97d72eba7f0bc99f
This renders the About and About-but-in-English templates already
present.
It integrates header.html and rotimage_at.html into the basic template.
These were separates so that different webapps on boston-packets could
serve the same header file from the same sources, but this approach will
have to be abandoned for this version of the site anyway.
We'll have to figure out how/if to share these things between different
webapps, but probably only after we actually come up with a new site
theme. Let's keep it simple for now.
We also skip porting the 'subscribe to lists' template and
functionality, as it's broken right now anyway.
Change-Id: Ia89bfcaa1e250bd74d1771e095b3c8505b08c606
This adds a minimum serving Go binary, and static/template file
embedding.
The templates are not yet served or even loaded. The static files are
served at /static/..., eg.:
$ curl 127.0.0.1:8080/static/mapka.png
Change-Id: Iedd8696db2c2e5d434dc2e7fbd0199d0f6ee5fff
Retrieved from code.hackerspace.pl/q3k/www-main at
afd7415f582b474e737f830037e4c23178220032 .
No cleanup/conversion yet - straight from the repository.
Change-Id: Ia7ef50483541863cb1a7509607d549cdfe15522e
Apart from this, we also had to manually edit the registration yaml to
add @libera_ and #libera_ prefixes to the allowlists.
Change-Id: If85f58cf3d1291e0bf9099ef13d9397040a47782
This implements the main identd service that will run on our production
hosts. It's comparatively small, as most of the functionality is
implemented in //cluster/identd/ident and //cluster/identd/kubenat.
Change-Id: I1861fe7c93d105faa19a2bafbe9c85fe36502f73
This doesn't have to be publicly reachable, as the future
//cluster/identd will dial into the pod directly to access the
appservice's identd.
Change-Id: I139341ead76309a6640eeb9a278462565290dd34
This is a high-level wrapper for querying identd, and uses IdentError to
carry errors received from the server.
Change-Id: I6444a67117193b97146ffd1548151cdb234d47b5
This is the first pass at an ident protocol client. In the end, we want
to implement an ident protocol server for our in-cluster identd, but
starting out with a client helps me getting familiar with the protocol,
and will allow the server implementation to be tested against the
client.
Change-Id: Ic37b84577321533bab2f2fbf7fb53409a5defb95
We want to access the clientset (or at least check the fact that we're
in a cluster) outside of the Mirko object lifecycle.
In reality, this should _probably_ be moved outside of the Mirko library
and get a better API than this (ie. one that returns complete
information about the state of being in production/dev/...).
Change-Id: I86444477e0306a39a1611207855127a7b963603e
These can be used by production jobs to get the source port of the
client connecting over HTTP. A followup CR implements just that.
Change-Id: Ic8e29eaf806bb196d8cfcfb604ff66ae4d0d166a
* changes:
matrix.hackerspace.pl: add secret appservice-irc mappings
matrix.hackerspace.pl: give appservce-irc admin access to q3k and inf
matrix.hackerspace.pl: disable bootstrap jobs
matrix: appservice-irc: set debugService.enable if needed
matrix: add bootstrapJob config flag to appservices
matrix: bump appservice-irc
q3k
implr
palid
viq