Previously, we set up headscale
We need to enable tailscale on baxter, as we intend to use tailscale to
connect builders to its buildbot instance
As the headscale server doesn't automatically put the server running it
into the tailscale network, we also need to set up the tailscale daemon
on axol
Reviewed-on: #14
Co-authored-by: Skyler Grey <sky@a.starrysky.fyi>
Co-committed-by: Skyler Grey <sky@a.starrysky.fyi>
Headscale is an open server for tailscale. Clicks, another group I work
on nix stuff with, has a module which makes it extremely easy to set up
a headscale server. I've spent a while over the past week making it safe
to import, and it's finally ready for Auxolotl to have!
We want to use headscale for internal communication between servers, so
it's OK to avoid setting up OIDC ... similarly, the only people who are
on the headscale should be relatively-well trusted. The expectation is
that to start with, this will be people who want to run buildbot workers
Reviewed-on: #13
Co-authored-by: Skyler Grey <sky@a.starrysky.fyi>
Co-committed-by: Skyler Grey <sky@a.starrysky.fyi>
I have forked buildbot-nix to https://git.auxolotl.org/auxolotl/buildbot-nix
I have made an improvement there to how output paths are written, and
this input change pulls in the update
Reviewed-on: #12
Co-authored-by: Skyler Grey <sky@a.starrysky.fyi>
Co-committed-by: Skyler Grey <sky@a.starrysky.fyi>
For a while we've been lacking a CI, which has led to problems such as
an inability to enforce REUSE, as well as an inability to build and
deploy docs-site automatically
Buildbot is commonly used (nix-community, lix, etc.), and very
extensible, which we hope will benefit us over something like Hydra or
Typhon
The buildbot instance is available at https://builds.auxolotl.org
Update's mailerPasswordFile to secrets.mailer.PASSWD and removes our
custom overlay as it was already merged into current nixpkgs
Change-Id: Ic2c8079094fdd93a3350a35f6dbdd67465cee1da
Reviewed-on: #9
Co-authored-by: Samuel Shuert <me@thecoded.prof>
Co-committed-by: Samuel Shuert <me@thecoded.prof>
Openssh had a security vulnerability that allowed RCE as root, this
flake update includes a openssh patch for said CVE
Change-Id: Ic7a3b58d9f3bc32d952b34e1995ed2ab740af76c
A while ago we set up forgejo. After that, we discovered that in certain
circumstances you could cause forgejo to give an error 500 when
approving a pull request.
Please see https://codeberg.org/forgejo/forgejo/issues/3860
This has been fixed upstream, but we are impatient so we would like to
pull in the patch before it lands in nixpkgs.
https://reuse.software is a way of specifying licenses in a simple way
that easily allows us to specify multiple licenses in a project and
check that we are correctly specifying our licenses
We plan to add an MIT-licensed file to the project in a future commit,
which prompted us to look at REUSE to make this simpler
We're starting to need a few packages which people are less likely to
have on their system. Let's provide an environment where everyone can
quickly install everything we need.