lukegb/depot
1
0
Fork 0
Code Issues1 Pull requests Projects Packages Activity Actions

depotwide: migrate to git.lukegb.com

Browse source
This commit is contained in:
Luke Granger-Brown 2024-11-16 15:30:41 +00:00
parent 96eebb817d
commit 18cc5d7cd9
76 changed files with 117 additions and 117 deletions

2
go/buildgo2/asm/default.nix
View file

@ -2,6 +2,6 @@
depot.third_party.buildGo2.package {
name = "asm";
path = "hg.lukegb.com/lukegb/depot/go/buildgo2/asm";
path = "git.lukegb.com/lukegb/depot/go/buildgo2/asm";
srcs = [ ./buildgo2.go ./add.S ];
}

2
go/buildgo2/cgo/default.nix
View file

@ -2,7 +2,7 @@
depot.third_party.buildGo2.package {
name = "cgo";
path = "hg.lukegb.com/lukegb/depot/go/buildgo2/cgo";
path = "git.lukegb.com/lukegb/depot/go/buildgo2/cgo";
srcs = [ ./cgo.go ./cgo.h ./cgo.c ];
cgo = true;
}

4
go/buildgo2/main.go
View file

@ -3,8 +3,8 @@ package main
import (
"fmt"
"hg.lukegb.com/lukegb/depot/go/buildgo2/asm"
//"hg.lukegb.com/lukegb/depot/go/buildgo2/cgo"
"git.lukegb.com/lukegb/depot/go/buildgo2/asm"
//"git.lukegb.com/lukegb/depot/go/buildgo2/cgo"
)
func main() {

2
go/go.mod
View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
module hg.lukegb.com/lukegb/depot/go
module git.lukegb.com/lukegb/depot/go
go 1.18

4
go/nix/bcachegc/bcachegc.go
View file

@ -18,10 +18,10 @@ import (
"gocloud.dev/blob"
"golang.org/x/sync/errgroup"
"golang.org/x/sync/singleflight"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
_ "gocloud.dev/blob/gcsblob"
_ "hg.lukegb.com/lukegb/depot/go/vault/vaultgcsblob"
_ "git.lukegb.com/lukegb/depot/go/vault/vaultgcsblob"
)
var (

8
go/nix/bcacheup/bcacheup.go
View file

@ -21,13 +21,13 @@ import (
"gocloud.dev/blob"
"golang.org/x/sync/errgroup"
"golang.org/x/sync/singleflight"
"hg.lukegb.com/lukegb/depot/go/nix/nar"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nar"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
_ "gocloud.dev/blob/fileblob"
_ "gocloud.dev/blob/gcsblob"
_ "hg.lukegb.com/lukegb/depot/go/vault/vaultgcsblob"
_ "git.lukegb.com/lukegb/depot/go/vault/vaultgcsblob"
)
var (

8
go/nix/bnix/bnix.go
View file

@ -9,10 +9,10 @@ import (
"os"
"sync"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixpool"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixpool"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
var (

8
go/nix/bnixbuild/bnixbuild.go
View file

@ -11,10 +11,10 @@ import (
"strings"
"sync"
"hg.lukegb.com/lukegb/depot/go/nix/nixbuild"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixpool"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nixbuild"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixpool"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
type remoteDefinition struct {

2
go/nix/nar/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }@args:
(depot.third_party.buildGo.package {
name = "nar";
path = "hg.lukegb.com/lukegb/depot/go/nix/nar";
path = "git.lukegb.com/lukegb/depot/go/nix/nar";
srcs = [
./dirfs.go
./inmemoryfs.go

2
go/nix/nar/narinfo/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "narinfo";
path = "hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo";
path = "git.lukegb.com/lukegb/depot/go/nix/nar/narinfo";
srcs = [
./narinfo.go
];

2
go/nix/nar/narpacker.go
View file

@ -7,7 +7,7 @@ import (
"path"
"sort"
"hg.lukegb.com/lukegb/depot/go/nix/nixwire"
"git.lukegb.com/lukegb/depot/go/nix/nixwire"
)
type FS interface {

2
go/nix/nar/narpacker_test.go
View file

@ -7,7 +7,7 @@ import (
"testing"
"github.com/google/go-cmp/cmp"
"hg.lukegb.com/lukegb/depot/go/nix/nixwire"
"git.lukegb.com/lukegb/depot/go/nix/nixwire"
)
func TestHeader(t *testing.T) {

2
go/nix/nar/narunpacker.go
View file

@ -10,7 +10,7 @@ import (
"io"
"strings"
"hg.lukegb.com/lukegb/depot/go/nix/nixwire"
"git.lukegb.com/lukegb/depot/go/nix/nixwire"
)
type WriteFile interface {

6
go/nix/nixbuild/config.go
View file

@ -9,9 +9,9 @@ import (
"io"
"strings"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixpool"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixpool"
)
type Fetcher interface {

4
go/nix/nixbuild/coordinator.go
View file

@ -9,8 +9,8 @@ import (
"sort"
"sync"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
type Coordinator struct {

2
go/nix/nixbuild/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "nixbuild";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixbuild";
path = "git.lukegb.com/lukegb/depot/go/nix/nixbuild";
srcs = [
./config.go
./coordinator.go

2
go/nix/nixbuild/httpresolver.go
View file

@ -13,7 +13,7 @@ import (
"regexp"
"github.com/numtide/go-nix/nixbase32"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
)
var (

10
go/nix/nixbuild/peerresolver.go
View file

@ -13,11 +13,11 @@ import (
"io"
"path"
"hg.lukegb.com/lukegb/depot/go/nix/nar"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixpool"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nar"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixpool"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
type PeerFetcher struct {

4
go/nix/nixbuild/peerresolver_test.go
View file

@ -4,8 +4,8 @@ import (
"context"
"testing"
"hg.lukegb.com/lukegb/depot/go/nix/nixpool"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nixpool"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
// DELETE ME

6
go/nix/nixbuild/workitem.go
View file

@ -14,9 +14,9 @@ import (
"sort"
"sync"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
type WorkItem struct {

2
go/nix/nixdrv/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "nixdrv";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixdrv";
path = "git.lukegb.com/lukegb/depot/go/nix/nixdrv";
srcs = [
./nixdrv.go
./localfs.go

2
go/nix/nixdrv/nixdrv.go
View file

@ -14,7 +14,7 @@ import (
"sort"
"strings"
"hg.lukegb.com/lukegb/depot/go/nix/nixhash"
"git.lukegb.com/lukegb/depot/go/nix/nixhash"
)
type Output struct {

2
go/nix/nixdrv/nixdrvhash_test.go
View file

File diff suppressed because one or more lines are too long

2
go/nix/nixhash/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "nixhash";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixhash";
path = "git.lukegb.com/lukegb/depot/go/nix/nixhash";
srcs = [
./nixhash.go
];

2
go/nix/nixpool/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "nixpool";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixpool";
path = "git.lukegb.com/lukegb/depot/go/nix/nixpool";
srcs = [
./dialer.go
./nixpool.go

2
go/nix/nixpool/dialer.go
View file

@ -12,7 +12,7 @@ import (
"os"
"golang.org/x/crypto/ssh"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
// DaemonFactory is the shape of a factory function.

2
go/nix/nixpool/nixpool.go
View file

@ -12,7 +12,7 @@ import (
"sync"
"time"
"hg.lukegb.com/lukegb/depot/go/nix/nixstore"
"git.lukegb.com/lukegb/depot/go/nix/nixstore"
)
type Pool struct {

2
go/nix/nixstore/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "nixstore";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixstore";
path = "git.lukegb.com/lukegb/depot/go/nix/nixstore";
srcs = [
./activities.go
./nixstore.go

2
go/nix/nixstore/nixstore.go
View file

@ -3,7 +3,7 @@ package nixstore
import (
"fmt"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
)
type Store interface {

8
go/nix/nixstore/remotestore.go
View file

@ -13,10 +13,10 @@ import (
"strings"
"sync"
"hg.lukegb.com/lukegb/depot/go/nix/nar"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"hg.lukegb.com/lukegb/depot/go/nix/nixwire"
"git.lukegb.com/lukegb/depot/go/nix/nar"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixwire"
)
const (

2
go/nix/nixstore/sqlitestore.go
View file

@ -7,7 +7,7 @@ import (
"path"
"strings"
"hg.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
"git.lukegb.com/lukegb/depot/go/nix/nar/narinfo"
_ "github.com/mattn/go-sqlite3"
)

2
go/nix/nixwire/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }@args:
depot.third_party.buildGo.package {
name = "nixwire";
path = "hg.lukegb.com/lukegb/depot/go/nix/nixwire";
path = "git.lukegb.com/lukegb/depot/go/nix/nixwire";
srcs = [
./nixwire.go
];

2
go/nix/nixwire/nixwire.go
View file

@ -5,7 +5,7 @@ import (
"fmt"
"io"
"hg.lukegb.com/lukegb/depot/go/nix/nixdrv"
"git.lukegb.com/lukegb/depot/go/nix/nixdrv"
)
type Serializer struct {

8
go/trains/cmd/darwiningestd/darwiningestd.go
View file

@ -14,10 +14,10 @@ import (
"github.com/jlaffaye/ftp"
"gocloud.dev/blob"
"gocloud.dev/blob/s3blob"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"hg.lukegb.com/lukegb/depot/go/trains/darwin/darwindb"
"hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest"
"hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingeststomp"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin/darwindb"
"git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest"
"git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingeststomp"
)
var (

4
go/trains/cmd/db2web/db2web.go
View file

@ -18,8 +18,8 @@ import (
"golang.org/x/sync/errgroup"
"google.golang.org/grpc"
"google.golang.org/protobuf/encoding/protojson"
"hg.lukegb.com/lukegb/depot/go/trains/webapi"
"hg.lukegb.com/lukegb/depot/go/trains/webapi/summarize"
"git.lukegb.com/lukegb/depot/go/trains/webapi"
"git.lukegb.com/lukegb/depot/go/trains/webapi/summarize"
)
var (

2
go/trains/cmd/train2livesplit/train2livesplit.go
View file

@ -13,7 +13,7 @@ import (
"text/template"
"time"
"hg.lukegb.com/lukegb/depot/go/trains/webapi"
"git.lukegb.com/lukegb/depot/go/trains/webapi"
)
var (

2
go/trains/darwin/darwindb/darwindb.go
View file

@ -6,7 +6,7 @@ import (
"log"
pgx "github.com/jackc/pgx/v4"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
// handleDataResponse handles a Darwin DataResponse message (i.e. a SnapshotResponse or a UpdateResponse).

2
go/trains/darwin/darwindb/ddbref.go
View file

@ -5,7 +5,7 @@ import (
"fmt"
pgx "github.com/jackc/pgx/v4"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
// ProcessReferenceData updates the database by processing a PportReferenceData message in the given transaction.

2
go/trains/darwin/darwindb/ddbschedule.go
View file

@ -7,7 +7,7 @@ import (
"log"
pgx "github.com/jackc/pgx/v4"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
type scheduleMode int

2
go/trains/darwin/darwindb/ddbtrainstatus.go
View file

@ -8,7 +8,7 @@ import (
"time"
pgx "github.com/jackc/pgx/v4"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
// handleTrainStatus handles a Darwin "TS" (train status) message.

2
go/trains/darwin/darwindb/default.nix
View file

@ -13,7 +13,7 @@ depot.third_party.buildGo.package {
./ddbtrainstatus.go
./tsutil.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin/darwindb";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin/darwindb";
deps = with depot.third_party; [
gopkgs."github.com".jackc.pgx.v4
depot.go.trains.darwin

2
go/trains/darwin/darwindb/tsutil.go
View file

@ -4,7 +4,7 @@ import (
"fmt"
"time"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
// secondsify adds :00 onto the end of a string if it's HH:MM formatted, otherwise does nothing.

6
go/trains/darwin/darwingest/darwingest.go
View file

@ -15,9 +15,9 @@ import (
"github.com/go-stomp/stomp/v3"
"github.com/jlaffaye/ftp"
"gocloud.dev/blob"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingestftp"
"hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingests3"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingestftp"
"git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingests3"
)
func degzip(b []byte) ([]byte, error) {

2
go/trains/darwin/darwingest/darwingestftp/darwingestftp.go
View file

@ -12,7 +12,7 @@ import (
"time"
"github.com/jlaffaye/ftp"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
func loadGzippedFile(ctx context.Context, sc *ftp.ServerConn, fn string, cb func(pp *darwin.PushPort) error) error {

2
go/trains/darwin/darwingest/darwingestftp/default.nix
View file

@ -8,7 +8,7 @@ depot.third_party.buildGo.package {
srcs = [
./darwingestftp.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingestftp";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingestftp";
deps = with depot.third_party; [
gopkgs."github.com".jlaffaye.ftp

2
go/trains/darwin/darwingest/darwingests3/darwingests3.go
View file

@ -14,7 +14,7 @@ import (
"time"
"gocloud.dev/blob"
"hg.lukegb.com/lukegb/depot/go/trains/darwin"
"git.lukegb.com/lukegb/depot/go/trains/darwin"
)
var (

2
go/trains/darwin/darwingest/darwingests3/default.nix
View file

@ -8,7 +8,7 @@ depot.third_party.buildGo.package {
srcs = [
./darwingests3.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingests3";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingests3";
deps = with depot.third_party; [
gopkgs."gocloud.dev".blob

2
go/trains/darwin/darwingest/darwingeststomp/default.nix
View file

@ -8,7 +8,7 @@ depot.third_party.buildGo.package {
srcs = [
./darwingeststomp.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingeststomp";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest/darwingeststomp";
deps = with depot.third_party; [
gopkgs."github.com".go-stomp.stomp.v3

2
go/trains/darwin/darwingest/default.nix
View file

@ -8,7 +8,7 @@ depot.third_party.buildGo.package {
srcs = [
./darwingest.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin/darwingest";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin/darwingest";
deps = with depot.third_party; [
gopkgs."github.com".cenkalti.backoff.v4
gopkgs."github.com".go-stomp.stomp.v3

2
go/trains/darwin/default.nix
View file

@ -11,7 +11,7 @@ depot.third_party.buildGo.package {
./timezone.go
./util.go
];
path = "hg.lukegb.com/lukegb/depot/go/trains/darwin";
path = "git.lukegb.com/lukegb/depot/go/trains/darwin";
} // {
darwindb = import ./darwindb args;
darwingest = import ./darwingest args;

2
go/trains/go.mod
View file

@ -1,4 +1,4 @@
module hg.lukegb.com/lukegb/depot/go/trains
module git.lukegb.com/lukegb/depot/go/trains
go 1.16

2
go/trains/webapi/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }@args:
depot.third_party.buildGo.grpc {
name = "webapi";
path = "hg.lukegb.com/lukegb/depot/go/trains/webapi";
path = "git.lukegb.com/lukegb/depot/go/trains/webapi";
goPackage = "webapi";
protos = [ ./types.proto ./webapi.proto ];
withGrpc = true;

2
go/trains/webapi/summarize/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "summarize";
path = "hg.lukegb.com/lukegb/depot/go/trains/webapi/summarize";
path = "git.lukegb.com/lukegb/depot/go/trains/webapi/summarize";
srcs = [ ./service.go ];
deps = with depot.third_party; [
gopkgs."github.com".jackc.pgx.v4

2
go/trains/webapi/summarize/service.go
View file

@ -6,7 +6,7 @@ import (
"strings"
"github.com/jackc/pgx/v4"
"hg.lukegb.com/lukegb/depot/go/trains/webapi"
"git.lukegb.com/lukegb/depot/go/trains/webapi"
)
type Querier interface {

2
go/vault/vaultgcp/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "vaultgcp";
path = "hg.lukegb.com/lukegb/depot/go/vault/vaultgcp";
path = "git.lukegb.com/lukegb/depot/go/vault/vaultgcp";
srcs = [
./token.go
];

2
go/vault/vaultgcsblob/default.nix
View file

@ -5,7 +5,7 @@
{ depot, ... }:
depot.third_party.buildGo.package {
name = "vaultgcsblob";
path = "hg.lukegb.com/lukegb/depot/go/vault/vaultgcsblob";
path = "git.lukegb.com/lukegb/depot/go/vault/vaultgcsblob";
srcs = [
./vaultgcsblob.go
];

2
go/vault/vaultgcsblob/vaultgcsblob.go
View file

@ -11,7 +11,7 @@ import (
"gocloud.dev/blob"
"gocloud.dev/blob/gcsblob"
"gocloud.dev/gcp"
"hg.lukegb.com/lukegb/depot/go/vault/vaultgcp"
"git.lukegb.com/lukegb/depot/go/vault/vaultgcp"
)
var (

2
web/barf/frontend/barfcli/barfcli.go
View file

@ -7,7 +7,7 @@ import (
"strings"
"github.com/spf13/cobra"
"hg.lukegb.com/lukegb/depot/web/barf/frontend/barfdb"
"git.lukegb.com/lukegb/depot/web/barf/frontend/barfdb"
_ "github.com/mattn/go-sqlite3"
)

2
web/barf/frontend/frontend.go
View file

@ -14,7 +14,7 @@ import (
"net/http/httputil"
"net/url"
"hg.lukegb.com/lukegb/depot/web/barf/frontend/barfdb"
"git.lukegb.com/lukegb/depot/web/barf/frontend/barfdb"
_ "github.com/mattn/go-sqlite3"
)

2
web/barf/frontend/go.mod
View file

@ -1,4 +1,4 @@
module hg.lukegb.com/lukegb/depot/web/barf/frontend
module git.lukegb.com/lukegb/depot/web/barf/frontend
go 1.21.7

2
web/barf/sapi/go.mod
View file

@ -1,3 +1,3 @@
module hg.lukegb.com/lukegb/depot/web/barf/sapi
module git.lukegb.com/lukegb/depot/web/barf/sapi
go 1.21

2
web/fup/cmd/extractstatic.go
View file

@ -13,7 +13,7 @@ import (
"path/filepath"
"github.com/spf13/cobra"
"hg.lukegb.com/lukegb/depot/web/fup/fupstatic"
"git.lukegb.com/lukegb/depot/web/fup/fupstatic"
)
func init() {

6
web/fup/cmd/serve.go
View file

@ -16,9 +16,9 @@ import (
"github.com/google/safehtml"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp"
"hg.lukegb.com/lukegb/depot/web/fup/fupstatic"
"hg.lukegb.com/lukegb/depot/web/fup/minicheddar"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp"
"git.lukegb.com/lukegb/depot/web/fup/fupstatic"
"git.lukegb.com/lukegb/depot/web/fup/minicheddar"
)
func init() {

2
web/fup/default.nix
View file

@ -25,7 +25,7 @@ pkgs.buildGoModule {
meta = with pkgs.lib; {
description = "Simple file upload manager.";
homepage = "https://hg.lukegb.com";
homepage = "https://git.lukegb.com";
license = licenses.asl20;
platforms = platforms.linux;
};

2
web/fup/fup.go
View file

@ -8,7 +8,7 @@ import (
"fmt"
"os"
"hg.lukegb.com/lukegb/depot/web/fup/cmd"
"git.lukegb.com/lukegb/depot/web/fup/cmd"
// Include various gocloud.dev backends.
_ "gocloud.dev/blob/fileblob"

2
web/fup/fuphttp/auth_test.go
View file

@ -7,7 +7,7 @@ import (
"net/http/httptest"
"testing"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp"
)
func TestTokenAuthMiddlewareNoToken(t *testing.T) {

2
web/fup/fuphttp/fngen/fngen_test.go
View file

@ -10,7 +10,7 @@ import (
"strings"
"testing"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
)
func TestIdentityGenerator(t *testing.T) {

4
web/fup/fuphttp/fuphttp.go
View file

@ -19,8 +19,8 @@ import (
shuncheckedconversions "github.com/google/safehtml/uncheckedconversions"
"github.com/gorilla/mux"
"gocloud.dev/blob"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
"hg.lukegb.com/lukegb/depot/web/fup/hashfs"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
"git.lukegb.com/lukegb/depot/web/fup/hashfs"
)
const (

4
web/fup/fuphttp/fuphttp_test.go
View file

@ -14,8 +14,8 @@ import (
"strings"
"testing"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp"
"hg.lukegb.com/lukegb/depot/web/fup/fupstatic"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp"
"git.lukegb.com/lukegb/depot/web/fup/fupstatic"
"gocloud.dev/blob"
"gocloud.dev/blob/fileblob"

2
web/fup/fuphttp/fupoidc/fupoidc.go
View file

@ -16,7 +16,7 @@ import (
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp"
)
const (

2
web/fup/fuphttp/httpupload.go
View file

@ -22,7 +22,7 @@ import (
"github.com/gabriel-vasile/mimetype"
"github.com/gorilla/mux"
"gocloud.dev/blob"
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
"git.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
)
// parseExpiry parses an expiry string.

2
web/fup/fupstatic/fupstatic.go
View file

@ -8,7 +8,7 @@ import (
"embed"
"io/fs"
"hg.lukegb.com/lukegb/depot/web/fup/hashfs"
"git.lukegb.com/lukegb/depot/web/fup/hashfs"
)
//go:embed css js img

2
web/fup/go.mod
View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
module hg.lukegb.com/lukegb/depot/web/fup
module git.lukegb.com/lukegb/depot/web/fup
go 1.16

2
web/fup/minicheddar/minicheddar_test.go
View file

@ -9,7 +9,7 @@ import (
"os/exec"
"testing"
"hg.lukegb.com/lukegb/depot/web/fup/minicheddar"
"git.lukegb.com/lukegb/depot/web/fup/minicheddar"
)
func TestSpawn(t *testing.T) {

2
web/int/index.html
View file

@ -21,7 +21,7 @@ SPDX-License-Identifier: Apache-2.0
<li><a href="https://unifi.int.lukegb.com">unifi</a></li>
<li><a href="https://invoices.lukegb.com">invoices</a></li>
<li><a href="https://twitterchiver.int.lukegb.com">twitterchiver</a></li>
<li><a href="https://hg.lukegb.com">hg (heptapod)</a></li>
<li><a href="https://git.lukegb.com/user/login">git (forgejo)</a></li>
<li><a href="https://rundeck.int.lukegb.com">rundeck</a></li>
<li><a href="https://netbox.int.lukegb.com">netbox</a></li>
<li><a href="https://paperless.int.lukegb.com">paperless</a></li>

16
web/lukegbcom/posts/2022-04-07-vault-and-me.md
View file

@ -53,7 +53,7 @@ Broadly speaking, my setup roughly mirrors Kelsey Hightower's [Serverless Vault
with Cloud
Run](https://github.com/kelseyhightower/serverless-vault-with-cloud-run) -
although I build the Docker container [using
Nix](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/nix/docker/vault/default.nix).
Nix](https://git.lukegb.com/lukegb/depot/src/branch/canon/nix/docker/vault/default.nix).
It's a relatively neat setup, although... it turns out to be expensive. Maybe
I'll move it to Oracle Cloud's free tier running on one of their ARM64
@ -106,7 +106,7 @@ However sometimes there are users which are deployed on more than one machine -
such as `gitlab-runner` - and that user should only get access to secrets on
one specific host. I use this concept for granting access to `gitlab-runner` on
a server called `clouvider-lon01` to be able to deploy to this blog! It [has
access](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/vault/cfg/lukegbcom-deployer.nix)
access](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/vault/cfg/lukegbcom-deployer.nix)
to get an OAuth token to a specific GCP service account with permission to
deploy to Firebase Hosting via the `server/clouvider-lon01/app/gitlab-runner`
policy, but the `gitlab-runner` user anywhere else is not permitted to get
@ -135,7 +135,7 @@ Servers are also permitted to have server-wide secrets. This is mostly just
used for `secretsmgr` at the moment - arguably this could be its own app.
By default, servers [have
access](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/vault/cfg/policies/server.hcl)
access](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/vault/cfg/policies/server.hcl)
to `kv/server/$HOSTNAME`, and to issue ACME certificates, and the Nix binary
cache credentials. They also have the power to issue subtokens with
lesser-power than themselves.
@ -175,14 +175,14 @@ policy hierarchy, so here's an example:
I use the "App ID" mode in Vault to provision secrets to servers; when setting
a machine up (a process I have not yet automated), I run
[`reissue-secret-id.sh`](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/vault/reissue-secret-id.sh)
[`reissue-secret-id.sh`](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/vault/reissue-secret-id.sh)
which revokes all existing secret IDs for that host and dumps out a Vault
[response wrapped
token](https://www.vaultproject.io/docs/concepts/response-wrapping), which can
be used one time only to get the secret ID for that host.
There's a
[`provision-secret-id`](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/vault/default.nix)
[`provision-secret-id`](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/vault/default.nix)
script installed on every machine which will then install the secret for me.
Future work in this space for me is binding the secret to the TPM (e.g. using
@ -211,7 +211,7 @@ Unix socket effectively gets all the secrets shared to anything on the server.
The secrets I use it to write to disk are strictly the plain KV type, rather
than anything more sophisticated, but I do use some [relatively complicated
Polkit
rules](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/nixos/lib/vault-agent-secrets.nix)
rules](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/nixos/lib/vault-agent-secrets.nix)
to allow it to reload/restart services when those secrets change.
@ -219,7 +219,7 @@ to allow it to reload/restart services when those secrets change.
The user-based authentication I mentioned above (with the app policies and the
`server-user`) policy is powered by
[`tokend`](https://hg.lukegb.com/lukegb/depot/-/tree/branch/default/go/tokend),
[`tokend`](https://git.lukegb.com/lukegb/depot/src/branch/canon/go/tokend),
which is a daemon that listens on a Unix socket and proxies requests through
the local Vault Agent, with a token issued that has a subset of the powers of
the original server-wide token.
@ -239,7 +239,7 @@ checks the remaining lifetime of the certificates it's responsible for, and
then reissues them if required.
Similar to the Vault Agent above, I use some [Polkit
rules](https://hg.lukegb.com/lukegb/depot/-/blob/branch/default/ops/nixos/lib/secretsmgr.nix)
rules](https://git.lukegb.com/lukegb/depot/src/branch/canon/ops/nixos/lib/secretsmgr.nix)
to allow it to restart the ACME certificate consumers (usually nginx or
pomerium), and sshd.