Commit graph

901 commits

Author SHA1 Message Date
f97c9688d5 tools/secretstore: fix gpg encryption for expired key
We also set --trust-model=always, as we explicitly ship GPG
fingerprints, so there's no need to rely on GPG's web of trust
shenanigans.

Change-Id: If2976130315c044f1d1727c61a6f6d489c876a52
2021-07-10 16:53:59 +00:00
4e534cc03c WORKSPACE: use pip_parse
This switches over to rules_python's new pip_parse remote dependency
fetching, which significantly reduces Python hell in Bazel.

Now each Python dependency gets its own external repository, which means
we don't have to build psycopg on every hscloud checkout!

Change-Id: Icc3b39197fae1046648d9a483876f5de5bd415d0
2021-07-10 13:41:51 +00:00
q3k
7a13fdbf12 Merge changes I51a93360,I60a1577e
* changes:
  third_party/py: remove flask-oauthlib
  WORKSPACE: update rules_python
2021-07-10 13:41:46 +00:00
5d94a7b434 third_party/py: remove flask-oauthlib
This fixes resolution errors with newer pip versions (where
flask-oauthlib wants to pull in oauthlib==2 while requests-oauthlib
wants to pull in oauthlib==3).

We remove flask-oauthlib fully, as it's abandoned. Our copy of
flask-spaceauth (//hswaw/lib/flask_spaceauth) depends on it, but we will
update it to use authlib instead.

Change-Id: I51a9336015ddc0cad7457844d186bd8408371ab3
2021-07-10 15:41:08 +02:00
q3k
1cf2907450 Merge "bgpwtf/oob: document OOB setup" 2021-07-08 13:07:39 +00:00
ed421911ce app/matrix: matrix.hackerspace.pl: give psql more storage
We ran out of disk space on the old PVC. Made a new one, copied data
over, and this change points the postgres data mount to that new PVC.

Change-Id: Iea4e140680066a3335cc69caf9293093f90bb568
2021-06-30 21:23:49 +00:00
1c80bd7563 bgpwtf: allow route with ptp to dcr03sw48
Change-Id: Ia1173deec1cd3bfc00d543c112df06b7b82dfad0
2021-06-30 21:23:24 +00:00
999a8f53a2 WORKSPACE: update rules_python
fixes https://github.com/bazelbuild/rules_python/issues/489

Change-Id: I60a1577e168376b23a8daac5dc4d976713a4eaeb
2021-06-29 20:20:09 +02:00
0808034e6a games/factorio: make more configurable
This makes the server fully configurable, and adds the contents of
example JSON configs as the defaults for all servers.

Change-Id: I8ff3e66a586a9db3acb9721810c8c5aa13072b4b
2021-06-21 20:13:35 +00:00
68e2b18d4d bgpwtf/oob: document OOB setup
Moved from the hackerspace wiki
(https://wiki.hackerspace.pl/staff:network:lte).

Change-Id: I44cc8d1b8d588df2a58874060b5d56e03f36660d
2021-06-21 11:01:29 +00:00
f7efc40ea4 factorio: bump to 1.1.35
Change-Id: I1b61b70d0d4c3b7506fbac5319fa9ed86de08bb4
2021-06-18 19:31:07 +00:00
9c7e539315 factorio: bump up resource limits
Change-Id: If43889bb820abb2c034378d0af3fa2bcfde1361e
2021-06-18 19:31:03 +00:00
092dbfd53f Merge "update kube.libsonnet" 2021-06-18 09:57:10 +00:00
3a15b832cd update kube.libsonnet
Change-Id: I130bb2c9d799036daba8be4837f6070e65f31243
2021-06-16 19:14:50 +02:00
ba0fd8671c
games/factorio: add mciancia mods
Change-Id: I4335cb1cf62ec240a5301b1d076111909941b1ca
2021-06-16 10:41:07 +02:00
c6cc561212 games/factorio: default proxyImage to version in proxy.libsonnet
Change-Id: Ic4c793311bc6ac6e3194a7b1464bb21d4ad7d1bd
2021-06-13 21:56:24 +00:00
q3k
f07d5c39aa Merge "games/factorio: set default storage to waw-hdd-redundant-3" 2021-06-13 21:12:55 +00:00
04adbfeeb4 Merge "games/factorio: run new pymods instance" 2021-06-13 21:12:39 +00:00
50a041d7af games/factorio: set default storage to waw-hdd-redundant-3
Change-Id: I1b8ecaf38d88f7403b07db7e95543a1a6f797fa7
2021-06-13 21:11:58 +00:00
b3799c80e8
games/factorio: run new pymods instance
Change-Id: I0a5c3b016e30f277744889cc93fa1ca576cdf1a0
2021-06-13 23:10:23 +02:00
c684ca9b81 games/factorio: factor out modproxy jsonnet
This moves all the proxy Kube resources to proxy.libsonnet.

Effect is a zero diff against prod:

    $ kubecfg diff --diff-strategy=subset prod.jsonnet
    [...]
    namespaces factorio unchanged
    [...]
    deployments factorio.proxy unchanged
    [...]
    services factorio.proxy unchanged
    [...]
    persistentvolumeclaims factorio.proxy-cas unchanged

Change-Id: I9c6281e836f7b78373aad21120340994e801f8b4
2021-06-12 22:03:52 +00:00
e7f4cc121a games/factorio: move jsonnet from //personal/q3k
We also remove the definition of two instances that are long since dead.

Change-Id: I0cd83321403053cb72837da1497842109eeacd2b
2021-06-12 21:59:16 +00:00
q3k
b0dc22cda9 Merge "app/matrix: bump riot to 1.7.29" 2021-06-06 15:59:08 +00:00
q3k
f923b6c07e Merge "cluster/admitomatic: allow use-regex n-i-c annotation" 2021-06-06 14:31:02 +00:00
q3k
7a735243a9 Merge changes I3b66b586,Ib9052c14,I50f33935
* changes:
  matrix: bump version and remove default options
  app/matrix: matrix.hackerspace.pl: add libera.chat static mappings
  app/matrix: appservice-irc: use secret in bootstrap job
2021-06-06 14:25:30 +00:00
abca7901a2 app/matrix: bump riot to 1.7.29
Change-Id: I26c99f110abb7a68320587d7056558403b34a122
2021-06-06 14:23:26 +00:00
viq
a1501ab250 matrix: bump version and remove default options
Change-Id: I3b66b5869957b574b0d5e58d52d45ff5832bccbc
2021-06-06 13:10:36 +00:00
q3k
e693be4810 Merge "shell.nix: add random utilities" 2021-06-06 13:08:50 +00:00
43b0e0920f shell.nix: add random utilities
Change-Id: I49bfe400af054a8bcc0861f6066e7ca426590268
2021-06-06 12:59:44 +00:00
1431d1d2db app/matrix: matrix.hackerspace.pl: add libera.chat static mappings
Change-Id: Ib9052c14ab9c91ed2d11fce40bccf214d08df340
2021-06-06 12:59:25 +00:00
972e54651c app/matrix: appservice-irc: use secret in bootstrap job
Previously: 856b216459 switched to using a
Secret instead of a ConfigMap for appservice-irc. That however didn't
update the bootstrap job which still used the ConfigMap. This fixes
that.

Change-Id: I50f33935691678ce24ecf4e04d7ce1b13c184929
2021-06-06 12:59:25 +00:00
89a16f4de4 cluster/admitomatic: allow use-regex n-i-c annotation
This annotation is used to permit routes defined by regexes instead of
simple prefix matching. This is used by our synapse deployment for
routing incomming HTTP requests to diffferent Synapse components.

I've stumbled upon this while deploying a new Matrix/Synapse instance.
This hasn't been yet a problem because the existing ingresses for Matrix
deployments predate admitomatic.

Change-Id: I821e58b214450ccf0de22d2585c3b0d11fbe71c0
2021-06-06 12:58:11 +00:00
383fefa14b hswaw/site: attempt multi-column layout
Change-Id: I19924b40cbed51866ed25260962bb5454fb8e544
2021-06-02 01:24:09 +00:00
1f0623064f hswaw/site: load leaflet from NPM package
Instead of manually packaging leaflet.js into the Git repository, this
uses an http_archive to download it on demand, and augments the static
serving code to accept different regexes as paths so that the
http_archive's contents can be served directly.

Change-Id: Icb8d624fea855fb748f107471133ac8adb5f2776
2021-06-01 22:25:23 +00:00
4d7b2f01ec hswaw/site: add landing page prototype
This rips out the existing HTML and CSS. In the end, we're not going to
use it.

In its place, it adds a simplistic landing page, hoping to gather more
attention and curiosity from other hackers that would like to make it
prettier.

Change-Id: I322b071a8510536bd6aad9252ae7aa8fe3a734bc
2021-06-01 21:53:47 +00:00
3c9092ad5f hswaw/site: render main page and blog feed
This reimplements the blog rendering functionality and the main/index
page.

www-main used to combine multiple atom feeds into one (Redmine and the
wordpress blog at blog.hackerspace.pl). We retain the functionality, but
only render the wordpress blog now (some other content might follow).

We also cowardly comment out the broken calendar iframe.

Change-Id: I9abcd8d85149968d06e1cb9c97d72eba7f0bc99f
2021-05-30 23:21:49 +00:00
56c888b443 hswaw/site: basic /about and /about_en rendering
This renders the About and About-but-in-English templates already
present.

It integrates header.html and rotimage_at.html into the basic template.
These were separates so that different webapps on boston-packets could
serve the same header file from the same sources, but this approach will
have to be abandoned for this version of the site anyway.

We'll have to figure out how/if to share these things between different
webapps, but probably only after we actually come up with a new site
theme. Let's keep it simple for now.

We also skip porting the 'subscribe to lists' template and
functionality, as it's broken right now anyway.

Change-Id: Ia89bfcaa1e250bd74d1771e095b3c8505b08c606
2021-05-30 21:55:40 +00:00
5c10652d1b hswaw/site: add README.md
Change-Id: I283fca8c1347723c8b8dd2ce3c7775e96f5c7362
2021-05-30 21:16:43 +00:00
a7674679ec hswaw/site: serve static
This adds a minimum serving Go binary, and static/template file
embedding.

The templates are not yet served or even loaded. The static files are
served at /static/..., eg.:

    $ curl 127.0.0.1:8080/static/mapka.png

Change-Id: Iedd8696db2c2e5d434dc2e7fbd0199d0f6ee5fff
2021-05-30 21:15:50 +00:00
3f06905504 hswaw/site: init templates and static from www-main
Retrieved from code.hackerspace.pl/q3k/www-main at
afd7415f582b474e737f830037e4c23178220032 .

No cleanup/conversion yet - straight from the repository.

Change-Id: Ia7ef50483541863cb1a7509607d549cdfe15522e
2021-05-30 21:13:56 +00:00
q3k
7251f2720e Merge changes Ib068109f,I9a00487f,I1861fe7c,I254983e5,I3e2bedca, ...
* changes:
  cluster/identd/ident: update README
  cluster/kube: deploy identd
  cluster/identd: implement
  cluster/identd/kubenat: implement
  cluster/identd/cri: import
  cluster/identd/ident: add TestE2E
  cluster/identd/ident: add Query function
  cluster/identd/ident: add IdentError
  cluster/identd/ident: add basic ident protocol server
  cluster/identd/ident: add basic ident protocol client
2021-05-28 23:08:10 +00:00
196c556001 app/matrix: matrix.hackerspace.pl: unplumb a static secret channel
Change-Id: I63801798b2bd7f97f6c6f16b9243dc98102911ea
2021-05-26 19:46:44 +00:00
7711224d73 app/matrix: matrix.hackerspace.pl: add libera.chat
Apart from this, we also had to manually edit the registration yaml to
add @libera_ and #libera_ prefixes to the allowlists.

Change-Id: If85f58cf3d1291e0bf9099ef13d9397040a47782
2021-05-26 19:46:40 +00:00
46c3137d36 cluster/identd/ident: update README
Change-Id: Ib068109ff37749207e7b2a18c07f51d3c4ed3fd6
2021-05-26 19:46:13 +00:00
2414afe3c0 cluster/kube: deploy identd
Change-Id: I9a00487fc4a972ecb0904055dbaaab08221062c1
2021-05-26 19:46:09 +00:00
044386d638 cluster/identd: implement
This implements the main identd service that will run on our production
hosts. It's comparatively small, as most of the functionality is
implemented in //cluster/identd/ident and //cluster/identd/kubenat.

Change-Id: I1861fe7c93d105faa19a2bafbe9c85fe36502f73
2021-05-26 19:46:06 +00:00
6b649f8234 cluster/identd/kubenat: implement
This is a library to find pod information for a given TCP 4-tuple.

Change-Id: I254983e579e3aaa04c0c5491851f4af94a3f4249
2021-05-26 19:46:02 +00:00
ae052f0804 cluster/identd/cri: import
This imports the CRI protobuf/gRPC specs. These are pulled from:

    https://raw.githubusercontent.com/kubernetes/cri-api/master/pkg/apis/runtime/v1alpha2/api.proto

Our host containerd does not implement v1, so we go with v1alpha2.

Change-Id: I3e2bedca76edc85eea9b61a8634c92175f0d2a30
2021-05-26 19:45:58 +00:00
b387f57497 app/matrix: matrix.hackerspace.pl: run apppservice-irc identd
This doesn't have to be publicly reachable, as the future
//cluster/identd will dial into the pod directly to access the
appservice's identd.

Change-Id: I139341ead76309a6640eeb9a278462565290dd34
2021-05-26 19:45:22 +00:00
3638a3d76a cluster/identd/ident: add TestE2E
Change-Id: I8a95fadf19376de2806cb63897b77e370559392f
2021-05-23 16:27:22 +00:00