We also set --trust-model=always, as we explicitly ship GPG
fingerprints, so there's no need to rely on GPG's web of trust
shenanigans.
Change-Id: If2976130315c044f1d1727c61a6f6d489c876a52
This switches over to rules_python's new pip_parse remote dependency
fetching, which significantly reduces Python hell in Bazel.
Now each Python dependency gets its own external repository, which means
we don't have to build psycopg on every hscloud checkout!
Change-Id: Icc3b39197fae1046648d9a483876f5de5bd415d0
This fixes resolution errors with newer pip versions (where
flask-oauthlib wants to pull in oauthlib==2 while requests-oauthlib
wants to pull in oauthlib==3).
We remove flask-oauthlib fully, as it's abandoned. Our copy of
flask-spaceauth (//hswaw/lib/flask_spaceauth) depends on it, but we will
update it to use authlib instead.
Change-Id: I51a9336015ddc0cad7457844d186bd8408371ab3
We ran out of disk space on the old PVC. Made a new one, copied data
over, and this change points the postgres data mount to that new PVC.
Change-Id: Iea4e140680066a3335cc69caf9293093f90bb568
This makes the server fully configurable, and adds the contents of
example JSON configs as the defaults for all servers.
Change-Id: I8ff3e66a586a9db3acb9721810c8c5aa13072b4b
This moves all the proxy Kube resources to proxy.libsonnet.
Effect is a zero diff against prod:
$ kubecfg diff --diff-strategy=subset prod.jsonnet
[...]
namespaces factorio unchanged
[...]
deployments factorio.proxy unchanged
[...]
services factorio.proxy unchanged
[...]
persistentvolumeclaims factorio.proxy-cas unchanged
Change-Id: I9c6281e836f7b78373aad21120340994e801f8b4
Previously: 856b216459 switched to using a
Secret instead of a ConfigMap for appservice-irc. That however didn't
update the bootstrap job which still used the ConfigMap. This fixes
that.
Change-Id: I50f33935691678ce24ecf4e04d7ce1b13c184929
This annotation is used to permit routes defined by regexes instead of
simple prefix matching. This is used by our synapse deployment for
routing incomming HTTP requests to diffferent Synapse components.
I've stumbled upon this while deploying a new Matrix/Synapse instance.
This hasn't been yet a problem because the existing ingresses for Matrix
deployments predate admitomatic.
Change-Id: I821e58b214450ccf0de22d2585c3b0d11fbe71c0
Instead of manually packaging leaflet.js into the Git repository, this
uses an http_archive to download it on demand, and augments the static
serving code to accept different regexes as paths so that the
http_archive's contents can be served directly.
Change-Id: Icb8d624fea855fb748f107471133ac8adb5f2776
This rips out the existing HTML and CSS. In the end, we're not going to
use it.
In its place, it adds a simplistic landing page, hoping to gather more
attention and curiosity from other hackers that would like to make it
prettier.
Change-Id: I322b071a8510536bd6aad9252ae7aa8fe3a734bc
This reimplements the blog rendering functionality and the main/index
page.
www-main used to combine multiple atom feeds into one (Redmine and the
wordpress blog at blog.hackerspace.pl). We retain the functionality, but
only render the wordpress blog now (some other content might follow).
We also cowardly comment out the broken calendar iframe.
Change-Id: I9abcd8d85149968d06e1cb9c97d72eba7f0bc99f
This renders the About and About-but-in-English templates already
present.
It integrates header.html and rotimage_at.html into the basic template.
These were separates so that different webapps on boston-packets could
serve the same header file from the same sources, but this approach will
have to be abandoned for this version of the site anyway.
We'll have to figure out how/if to share these things between different
webapps, but probably only after we actually come up with a new site
theme. Let's keep it simple for now.
We also skip porting the 'subscribe to lists' template and
functionality, as it's broken right now anyway.
Change-Id: Ia89bfcaa1e250bd74d1771e095b3c8505b08c606
This adds a minimum serving Go binary, and static/template file
embedding.
The templates are not yet served or even loaded. The static files are
served at /static/..., eg.:
$ curl 127.0.0.1:8080/static/mapka.png
Change-Id: Iedd8696db2c2e5d434dc2e7fbd0199d0f6ee5fff
Retrieved from code.hackerspace.pl/q3k/www-main at
afd7415f582b474e737f830037e4c23178220032 .
No cleanup/conversion yet - straight from the repository.
Change-Id: Ia7ef50483541863cb1a7509607d549cdfe15522e
Apart from this, we also had to manually edit the registration yaml to
add @libera_ and #libera_ prefixes to the allowlists.
Change-Id: If85f58cf3d1291e0bf9099ef13d9397040a47782
This implements the main identd service that will run on our production
hosts. It's comparatively small, as most of the functionality is
implemented in //cluster/identd/ident and //cluster/identd/kubenat.
Change-Id: I1861fe7c93d105faa19a2bafbe9c85fe36502f73
This doesn't have to be publicly reachable, as the future
//cluster/identd will dial into the pod directly to access the
appservice's identd.
Change-Id: I139341ead76309a6640eeb9a278462565290dd34