Age | Commit message (Collapse) | Author | Files | Lines |
|
In case `target_user_ssh_key` points to an empty string, nixos-copy.sh
just doesn't set `IdentityFile=` at all.
This allows using deploy-nixos without any explicitly passed ssh keys,
but picking up whatever ssh setup the user has configured locally.
Change-Id: If335ce8434627e61da13bf6923b9767085af08a5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Change-Id: I35aaf174c7193c6fa6610989d8334ceabcdb6ced
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8575
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Change-Id: Ia3ad49be1cf81d84eac2f4d13191ef355007e450
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8574
Tested-by: BuildkiteCI
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
It's okay if these calls mutate some internal state inside an
implementation.
Change-Id: I12bb11bde0310778c3da1275696bf7de058863a3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8571
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Make it more explicit that we expect the from_string calls to fail here.
Change-Id: Ib3d46fc0850e364125e3548670ef301eeea2e45c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8565
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
This connects to a (remote) tvix-store BlobService over gRPC.
Change-Id: If31f706738a5c3445886c117feca8b61f3203e9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8552
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Change-Id: I448b9241726c3bb08f14188775a66e1da1225e02
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5004
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
emacs-overlay has been held back because package(s) needed for
//users/sterni/emacs are broken in the latest version.
Change-Id: Icb8bf34b4d039f5c24ec8f30fd8f47205a343988
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8562
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|
|
Change-Id: Icf577396035474d6977e627058aba5805c61985e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8563
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|
|
Change-Id: Ic9ac1b6fecb564eafb41b265bf317cd385fdc170
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8560
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
|
|
Whether chunking is involved or not, is an implementation detail of each
Blobstore. Consumers of a whole blob shouldn't need to worry about that.
It currently is not visible in the gRPC interface either. It
shouldn't bleed into everything.
Let the BlobService trait provide `open_read` and `open_write` methods,
which return handles providing io::Read or io::Write, and leave the
details up to the implementation.
This means, our custom BlobReader module can go away, and all the
chunking bits in there, too.
In the future, we might still want to add more chunking-aware syncing,
but as a syncing strategy some stores can expose, not as a fundamental
protocol component.
This currently needs "SyncReadIntoAsyncRead", taken and vendored in from
https://github.com/tokio-rs/tokio/pull/5669.
It provides a AsyncRead for a sync Read, which is necessary to connect
our (sync) BlobReader interface to a GRPC server implementation.
As an alternative, we could also make the BlobReader itself async, and
let consumers of the trait (EvalIO) deal with the async-ness, but this
is less of a change for now.
In terms of vendoring, I initially tried to move our tokio crate to
these commits, but ended up in version incompatibilities, so let's
vendor it in for now.
Change-Id: I5969ebbc4c0e1ceece47981be3b9e7cfb3f59ad0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8551
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I78f2116a63675fff5a36826b3e5390798ab9db9f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8526
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: flokli
|
|
Change-Id: I6b872a33885f4e29082c554062a60317db754188
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8550
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: Johannes Kirschbauer <hsjobeki+github@gmail.com>
|
|
Change-Id: I183580732e1dd33ed079a2593097ec790def0a55
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8554
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
We already returned UnexpectedEof in case the reader stopped returning
bytes too early, but similarly we should also fail if there's still
bytes left to be read in the reader passed.
We normally use the NAR writer to produce new NAR files, so the readers
point to the blobs we actually want to render, and having some data left
in there should be an error.
If for some reason the reader points to more data than just the blob,
the `.take` method can be used to limit it to the (known) size.
Change-Id: I9e8fa0a6dd9c794492abb6dc9e55995e619cb3bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8553
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Ia674705b27fbc4ae3055973eec563b078a4a873c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8558
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
CL's path handling strikes once again…
Change-Id: I4345941c8e2856f80cfddecc5356464f92b1a150
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8557
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: If47a8ffde5b4910f6c52fe82a2372431a0e46045
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8556
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This makes sure that initializing coder-stream-mixin (for the most part)
has the same interface as initializing qbase64:decode-stream. This will
make integrating that as a faster replacement to
mime4cl:base64-decoder-stream a bit easier.
The idea is to replace the char by char base64 decoder with one that
supports read-sequence. After that deliminited-input-stream needs to
gain support for read-sequence as well, so we can actually take
advantage of this fact. Finally, we'll have to evaluate the remaining
decoders and think about switching the (base64) encoders over as well.
Change-Id: If971da02437506e00a7c9fab2b94efc42725e62d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8555
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I3d6aa178243474fa87a8f32433bb1ae4e54a4a0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8549
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
|
|
Change-Id: I97cf04ae6a950fa84262e94d297775edc5273852
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8548
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
For whatever reason, there were two sort of identical tests, mime.1 and
mime.2, in the mime4cl test suite: The former tested *sample1-file* and
the latter all messages *samples-directory*—in the same way, parsing the
original and a re-rendered version of the message to check if they were
equal.
We can just move sample1.msg into *samples-directory*, get rid
of *sample1-file* and thus pave the way for more test messages in the
future.
Change-Id: I843be331682b731af6ae02a4648ba1c64aaf59a5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8546
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I78eb4a6d21117784d7684e05d4cc92a92e43e482
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8545
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Upstream server no longer answers to git://.
Change-Id: I9c3608222a02f04d1cd77fa15738fa91e0088247
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8533
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
The generic function itself needs to be defined using defgeneric,
defmethod is used for a defining method of a generic function, i.e. how
it should behave when confronted with a certain class.
Change-Id: Idd38afa02b56c5002e215decfff7f0c25267eab5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8532
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
These packages are invalid in Nix, and worked around in nixpkgs with
underscores, but the underscores are invalid in the Docker registry
protocol.
We work around this by detecting this case and adding the underscore
to yield the correct package reference. There is no case where this
workaround can break something, as there can be no valid package
matching the regular expression.
This relates to https://github.com/tazjin/nixery/issues/158
Change-Id: I7990cdb534a8e86c2ceee2c589a2636af70a4a03
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8531
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|
|
Most likely due to bad UX in browsers for hardware-backed TLS client
cert auth, most websites have switched from client-side TLS to the "Web
eID" extension.
Once installed, the extension uses [Native Messaging] to talk to a
`web-eid-app` application, which handles the communication with the
smart card itself.
This can be tested on https://web-eid.eu/ .
The commit needs nixpkgs to be bumped past
https://github.com/NixOS/nixpkgs/pull/227354 .
[Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
This uses tonic to generate the full set of gRPC clients for Yandex
Cloud. Includes some utility functions like an authentication
interceptor to make these actually work.
Since the upstream protos are exported regularly I've decided that the
versioning will simply be date-based.
The point of this is journaldriver integration, of course, hence also
the log-centric example code.
Change-Id: I00a615dcba80030e7f9bcfd476b2cfdb298f130d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8525
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Ib5f8c314d2c7ad6af948ff23754eeb895b1f1e94
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8529
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: flokli <flokli@flokli.de>
|
|
Change-Id: Ibeb3a8bc568cef336be2e70d071fd9e84a479788
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8528
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
This should make the canon pipeline gcroot the deps tarball, making it
less likely to be garbage-collected and rebuilt unnecessarily (which
usually incurs a hash change due to impurities).
Change-Id: I92a353d0f45056fffbc016c44a1ae05a63d76849
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8527
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
* //3p/sources: Note that emacs-overlay is not updated for now, as
changes in emacs HEAD break //users/sterni/emacs.
* //3p/gerrit_plugins/code-owners: deps hash changed once again
or was no longer in the Nix store.
Unfortunately, building the deps derivations from scratch for gerrit
and the gerrit plugins no longer works due to a nixpkgs regression:
Due to a (operator precedence) mistake in the way the deps
derivation's installPhase is computed, it would append extra code to
the installPhase provided by us, causing a bash syntax error.
I have proposed a fix for this
upstream (<https://github.com/NixOS/nixpkgs/pull/228305>). Adding a
workaround in the repo would be possible, but a bit annoying. Since
the derivations are fixed output anyways, I've opted to build the
missing deps derivation (for code-owners) locally using the fixed
nixpkgs, updated the sha256 and copied the result into whitby's Nix
store. Hopefully by the next time we'll be rebuilding the deps
derivations again the fix will have propagated into the NixOS unstable
channel.
* //users/grfn/system/system:roswellSystem: Use mysql80 from stable.
See also https://github.com/NixOS/nixpkgs/issues/226673.
Change-Id: I9b9d57f589be4cdc3fd4f39729c170a25a655b74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8483
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
Sets up a virtual machine image that is bootable on Yandex Cloud.
There are some slightly wonky behaviours still, like cloud-init
apparently putting all keys into root's authorized_keys no matter what
is specified in the metadata, but it does work now.
Change-Id: I57dcb7fcfa6872a28855dc1347f73a6db3c56828
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8496
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Iad5ad8d9a48c300faf2e4be7003879656817b518
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8495
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
This was a bit trickier than I anticipated, because there's no good
ways to avoid passing the credentials around manually.
What's basically happening now is that the credentials for the state
bucket are checked in (encrypted), and sourcing `creds.fish` uses the
cloud HSM to decrypt and load them into the environment.
Change-Id: I3f5ce1c9bd9d5efbf1013414f94771a09ea3a488
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8494
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: If6578693a5d5ef49d059735eeade3bebf13c4d16
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8493
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Doesn't actually contain any configuration yet, just setting up TF
with the right providers and so on.
Change-Id: Ia7128dd977b4ff69eebaa36c6cad6ac104cafcdb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8492
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Introduces a `.overrideDeps` attribute with which additional tools can
be supplied. This works like `.override` in nixpkgs.
Change-Id: I69a009b51f7f073a2d030eda5e3b5310e0f8e883
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8491
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
|
|
this is for a... party
Change-Id: Ida5e0effb071ac39194cabec507eef58de2bf279
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8506
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: grfn <grfn@gws.fyi>
|
|
This is a little late, but whatever
Change-Id: I06a28c2c81f1653576a15d3aec2658d356d219d5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8505
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
|
|
Change-Id: I08231027a7363ba89006e4dcd510302599be7b4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8499
Tested-by: BuildkiteCI
Autosubmit: Profpatsch <mail@profpatsch.de>
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
Change-Id: I1e5e5fcd1e065f42ea2cff555d6fce7d54b5aae8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8498
Autosubmit: Profpatsch <mail@profpatsch.de>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
|
|
Change-Id: I757ec06ccbae99106d4472d8396a9f106447fb88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8497
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
Something in recent nixpkgs made things a little ... less bold. This
makes them more bold again. It looks vaguely correct after.
Change-Id: I6fc60cc1ec2d21d193f46f4d80998f041941add0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8488
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the
digidoc-tool binary to the `bin` output, so this wasn't actually
providing the digidoc-tool binary anymore.
Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
|
|
Change-Id: I3ca79e51b749e018816fc52d9d957f799e3aad73
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8484
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
Tailscale just works better out of the box than Zerotier, and its
clients aren't unfree.
Change-Id: Ie35ef1adde0edbe923992b02e6b636269a96a81e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8482
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
some telegram channels do not allow embedding of messages, but do
allow a preview to be shown on twitter. this preview is just embedded
in the html, and can be scraped out if no message was found.
technically this preview also contains image links, but they are to
very low resolution, thumbnail-style images so i decided not to
include them here.
Change-Id: Ifb89f9fbde8140d577a5ee3af6e60b04232e53e3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8480
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
we don't need these and they add a bunch of unnecessary deps.
Change-Id: I88a30ec8443090a2c61934b35848bea6f1d9597a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8479
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: I6fc2aaefe40e449bd1937bb68f3a2ab4abaa5cd0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8372
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
|