cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
992 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

992 Commits (9fcce22ef34a9cc20f4837b9b5780db487c2cb8b)

Author SHA1 Message Date
q3k 02e1598eb3 cluster/prodvider: emit crdb certs 
This emits short-lived user credentials for a `dev-user` in crdb-waw1
any time someone prodaccesses.

Change-Id: I0266a05c1f02225d762cfd2ca61976af0658639d
 2021-05-19 22:13:22 +00:00
q3k bade46d45f go/pki: fix error return 
DeveloperCredentialsLocation used to glog.Exitf instead of returning an
error, and a consumer (prodaccess) used to not check the return code.
Bad refactor?

Change-Id: I6c2d05966ba6b3eb300c24a51584ccf5e324cd49
 2021-05-19 22:12:08 +00:00
q3k 856b216459 matrix.hackerspace.pl: add secret appservice-irc mappings 
These contain a channel key for a secret channel.

We also had to migrate the appservice-irc config to a secret.

Change-Id: I92c7cdf9679f65d9e655e22d690cef2e83180135
 2021-05-19 22:04:02 +00:00
q3k 6be8b2e301 matrix.hackerspace.pl: give appservce-irc admin access to q3k and inf 
Change-Id: I54334f4e8d1abd037ae2c821cb3569312bd2fe3b
 2021-05-19 16:32:29 +00:00
q3k e7f14471e1 matrix.hackerspace.pl: disable bootstrap jobs 
Change-Id: I93472c8ca03b9d0a2d4bea1504ec93102d68f258
 2021-05-19 16:10:31 +00:00
q3k 4154673593 matrix: appservice-irc: set debugService.enable if needed 
This is the case for any IRC server that has ignoreIdleUsersOnStartup
set, because of what seems like an appservice-irc bug.

Change-Id: If5063a3bc2d79c7f2fc79ec7560bf9bfe2b25aba
 2021-05-19 16:10:03 +00:00
q3k 25cd650ec9 matrix: add bootstrapJob config flag to appservices 
This allows us to bypass the issue where Kubernetes jobs cannot be
updated once completed, so bumping appservice image versions was
painful.

But really, though, this is probably someting that kubecfg/kartongips
should handle.

Change-Id: I2778c5433f699db89120a3c44e55d2fbe2a10015
 2021-05-19 16:09:13 +00:00
q3k 8eae454769 matrix: bump appservice-irc 
Also drive-by bump appservice-telegram, which was already bumped on
prod.

Change-Id: Ic8222775e7e3dbaa44361e6ccd84bdd6617924c3
 2021-05-19 16:07:52 +00:00
q3k 6751d826f1 Merge changes I2afe9e52,Ideb13ba9 
* changes:
  app/matrix/appservice-irc: implement passwordEncryptionKey
  app/matrix/appservice-irc: add ignoreIdleUsersOnStartup option
 2021-05-19 15:41:55 +00:00
q3k d9f78cee5d Merge "app/matrix: 0x3c: fix secret name" 2021-05-19 15:35:04 +00:00
q3k 5ae5cbec81 Merge "cluster/kube: bump nginx-ingress-controller, backport openssl 1.1.1k" 2021-05-19 15:34:45 +00:00
q3k a21b563926 Merge "cebulacamp/landing: update for 2021" 2021-05-12 21:43:05 +00:00
q3k dad166800e cebulacamp/landing: update for 2021 
Change-Id: I3f740ec0f7c6873905fb520d1d5803a5d999e6f0
 2021-05-12 21:41:11 +00:00
q3k 9d05db751c Merge "hswaw/kube: add cebula.camp" 2021-05-12 21:29:41 +00:00
q3k f98ec010fc Merge "cebulacamp/landing: build and push backend" 2021-05-12 21:29:17 +00:00
q3k a1cbb18fba Merge "cebulacamp/landing: rewrite to plain html and css" 2021-05-12 21:28:48 +00:00
q3k de81b1eb84 Merge "hswaw/cebulacamp/landing: import from github.com/cebulacamp/queens-landing" 2021-05-12 21:28:38 +00:00
q3k 95ba05d970 hswaw/kube: add cebula.camp 
Change-Id: I7659640d4a1445b828a944769aa6d9a08bcd7bbe
 2021-05-12 21:28:10 +00:00
q3k b9ed123ff2 cebulacamp/landing: build and push backend 
Change-Id: I1336fb2fe52de7c42e5de0c4f1e05f42c32a9777
 2021-05-12 21:16:18 +00:00
q3k 69c7f99810 cebulacamp/landing: rewrite to plain html and css 
We don't have pug/scss in Bazel/hscloud, so we just go ahead and rewrite
this to the lowest common denominator of web technologies.

Alternatively, we could at least go for gcss, which does have Bazel
rules - but it's probably not worth the effort.

Change-Id: I379157d8fd8682c4bcb87768e9cfe1f051fe9033
 2021-05-12 21:11:50 +00:00
q3k ed27a8bd7d hswaw/cebulacamp/landing: import from github.com/cebulacamp/queens-landing 
License: WTFPL

At commit: c9b43f5c1e69d6d263a8380a15372bd7d3497ac2

Change-Id: Iedad211589438569c0288c1cc3c2a67846bfcac6
 2021-05-12 21:11:50 +00:00
q3k 87ede25bec bgpwtf/invoice: format for non-eu customers 
Change-Id: I42ec23d911cd69a310a6de8ffe5dca5ff1b30f00
 2021-05-12 21:09:47 +00:00
q3k 8a572cd36a Merge "devtools/ci/remote-cache: init" 2021-05-12 21:09:00 +00:00
q3k 4999dc4b7a Merge "third_party/go: add minio client lib" 2021-05-12 21:08:34 +00:00
q3k ab1f7dc924 app/matrix: 0x3c: fix secret name 
Change-Id: Ifc519c068eb2af4ca1462d438c7b7050d9c0b2d8
 2021-05-12 21:07:07 +00:00
Norbert Szulc a6e1b8dd1d Bump version of "io_bazel_rules_docker" 
This presumably enables build on bazel 4.0.0 outside of nix install

Change-Id: I5acab20a20bc0fb63f20208a86c573529ce65c75
 2021-05-12 14:17:31 +02:00
q3k fa818da7c6 bgpwtf/invoice: add recurrent billing tool 
Change-Id: Ic3cc03d7b04304ae8c7aa76d8bb889ae8c144838
 2021-05-06 00:12:53 +02:00
q3k 605aadbfa4 Merge "bgpwtf/invoice: render SP/GTU codes on invoices" 2021-05-05 20:48:12 +00:00
implr 474e0d1c2c personal/implr: more vpn 
Change-Id: I4918a7b7fbae3da71e61a23e7f5fbe37e5db61f8
 2021-04-30 20:07:51 +02:00
q3k 101747d1df Merge "app/matrix: update mautrix image" 2021-04-21 18:39:54 +00:00
q3k ffb80d0ed6 bgpwtf: add ar's ssh keys to routers 
Change-Id: I87247136052b5b7077cb7eed33f13b60b81b898e
 2021-04-19 07:11:26 +00:00
q3k 0ec06d7b75 ops: update deploy instructions to include profile set 
This is necessary for the NixOS EFI boot machinery to pick up the new
derivation when switching to it, otherwise the machine will not boot
into the newly switched configuration.

Change-Id: I8b18956d2afeea09c38462f09a00c345cf86f80d
 2021-04-18 18:13:33 +00:00
q3k c3ca29512a app/matrix: update mautrix image 
The old image disappearified from their registry:

httpReaderSeeker: failed open: content at https://dock.mau.dev/v2/tulir/mautrix-telegram/manifests/sha256:dc95be8f9cd7c226686bcd8be52872cdc20de6751b5eb9f10c6db87ec478b1ca not found: not found

This is the current latest image. Production (at least
matrix.hackerspace.pl) has been updated.

Change-Id: I754b13f08b569e717295fb48d36c0e6544438aa4
 2021-04-10 11:15:31 +00:00
q3k 3df9d0c082 personal/q3k/shipstuck: free! for now. 
Change-Id: Ie4125396a328b5bb05dea88b6d49d79360221905
 2021-03-29 14:26:08 +00:00
q3k ec1aa355fe personal/q3k/shipstuck: fix caching log (why did go let me do this?) 
Change-Id: I1c299af41e0bccd33b2a180602a1b6c5d942ffc8
 2021-03-29 13:40:59 +00:00
q3k a4ae66b4ac personal/q3k/shipstuck: add TOWED 
Change-Id: I3348fc0730a66c3c64df00f6d3051656bf12e587
 2021-03-29 13:38:45 +00:00
q3k e9c56b581f personal/q3k/shipstuck: science 
Change-Id: I382004def6a490e5bfc8a9e8b30b6d9890b633b0
 2021-03-28 20:05:10 +00:00
q3k 99b91b11f1 cluster/k0/admitomatic: add .hswaw.net to hswaw-prod namespace 
This was preventing certificate refresh in the hswaw-prod mirko ingress.

Change-Id: I14b18b642a3948a9864e2d9a90b2a2b2c145b9b1
 2021-03-28 17:34:34 +00:00
q3k 5da0494b3b personal/q3k/shipstuck: fix time of incident 
istheshipstillstuck.com is wrong!

Change-Id: Ie0c7c29d97f620f294a307e950e4d590fbca1e79
 2021-03-27 16:37:22 +00:00
q3k 5c1ab3c62d personal/q3k/shipstuck: fix detection 
Change-Id: I888eaa95c0012830219bd06fd4d16e66204e2e1d
 2021-03-27 15:58:16 +00:00
q3k 772a133ca1 bgpwtf/invoice: render SP/GTU codes on invoices 
Change-Id: I2f47595c67ae0c945fa680b394cb7d5212cd389a
 2021-03-27 15:58:03 +00:00
q3k 3d116b2952 personal/q3k: door^Wship stuck 
Change-Id: I189fc13971d46790634804c3fa1b54e2c4788273
 2021-03-27 15:44:15 +00:00
q3k 7967ca177b cluster/certs: update k0 certs 
This leaves us with the next set of expiring certs in September 2021.

Fixes b/36.

Change-Id: I536497626c0dd3807fccf28d4b61e5e531cf8d9c
 2021-03-27 12:19:25 +00:00
q3k c8b14e75d7 dc/hbj11/flasher: fix build 
Change-Id: Ic59ad67ab0cf1a5a1c5c83a03936868ad3c89c2f
 2021-03-27 12:19:00 +00:00
q3k 41b882d053 cluster: remove bc01n03 certs/secrets 
Decomissioned node, noticed while rolling over certs in b/36.

Change-Id: Ia386ff846998c52799662179c325b24e78f2eca8
 2021-03-27 12:18:56 +00:00
q3k ef3d7b89e0 dc/hbj11/flasher: fix manufacturer name 
Apparently, at least parts of the M610 (eg. iDRAC) attempt to index
exact bytes from the FRU EEPROM instead of parsing it, and thus were
parsing our FRU's manufacturer/product name wrong. This fixes that.

Change-Id: I18d62ea79df7b7bf30cec3251da2c32d25b73507
 2021-03-25 18:55:34 +00:00
q3k d73dc0e253 Merge "cluster/k0: add dns crdb user" 2021-03-25 18:22:07 +00:00
q3k 2e8d24b84a cluster/kube: bump nginx-ingress-controller, backport openssl 1.1.1k 
This fixes CVE-2021-3450 and CVE-2021-3449.

Deployed on prod:

$ kubectl -n nginx-system exec nginx-ingress-controller-5c69c5cb59-2f8v4 -- openssl version
OpenSSL 1.1.1k  25 Mar 2021

Change-Id: I7115fd2367cca7b687c555deb2134b22d19a291a
 2021-03-25 18:16:13 +00:00
q3k aa131447e5 Merge "cluster/crdb: make init job 'idempotent'" 2021-03-25 17:43:14 +00:00
q3k 1632aaee04 dc/hbj11: link to public WebI2C instance 
Change-Id: I0d7092314dcc9aed488e1ffdf3d51566848e3fff
 2021-03-23 15:54:17 +00:00