| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
After enabling buildkite-agent using NixOS, it runs as its own user,
buildkite-agent-socrates, which does not have its own home directory. I moved
the SSH key that I made when running buildkite-agent as wpcarro into /etc/ssh
and `chown`'d it for buildkite-agent-socrates.
|
|
Instead of enabling `buildkite-agent` ad hoc, use NixOS to configure it.
|
|
For now, I'm supporting two CI pipelines:
- build-socrates
- build-briefcase
Conceptually, build-briefcase should cover what build-socrates does now, but
eventually I would like build-socrates to call `switch-to-configuration` so that
all of my websites, etc. stay fresh.
|
|
Unforeseen problem: `buildkite-agent` runs its builds in a separate directory,
so if I want the `nix-build` command to build the newly checked out code, I need
to set <briefcase> to the CWD.
|
|
I've encountered a few problems with attempting to support nixos-rebuild:
- the activation step requires `sudo` privileges
- the `buildkite-agent` runs on the same machine, socrates, that is rebuilding
itself. This means that when the activation step runs, it will attempt to
restart `buildkite-agent` when the agent is still working
I'm slowly removing places in my nix code that rely on '<bracket>' notation, so
that I no longer depend on NIX_PATH being set. I still have more work to do.
{covid-uk,sandbox}/default.nix are breaking when I attempt to run my
build-socrates.sh script locally, so I'm temporarily disabling them until I can
get CI working as I expect.
|
|
I'd like my buildkite-agent to run as its own user, so I'm defining that user
here.
|
|
I would like to setup a polkit rule to allow `buildkite-agent` (i.e. a
forthcoming user) to call `nixos-rebuild`. I need to know the `action.id` before
I can write a reliable rule.
|
|
Let's see what happens...
|
|
Much better than manually running:
```shell
$ cd ~/briefcase && git pull --rebase origin master
$ nix-rebuild switch
$ nix-build -A zoo
$ pkill zoo
$ ./result/zoo &
$ job -l
$ disown %<job-number>
```
|
|
I'd like to filter logs from {blog,git,zoo}.wpcarro.dev, etc.
|
|
Problem: The JSON that Nginx outputs cannot be successfully parsed by
journaldriver because Nginx prefixes it with "socrates nginx:". Adding
`nohostname` to `access_log` should solve this problem.
I borrow this from @tazjin's most recent definition of `commonHttpConfig`.
|
|
Attempting to use @tazjin's delightful simple logging library!
|
|
I haven't used this since I wrote it... and now the .tokens attribute is missing
and it's screwing up my other deployment... *sigh*
|
|
Right now the 8000 port is hard-coded into the zoo server, which isn't ideal,
but "it works" (TM).
|
|
At this point, I'm starting to lose interest.
|
|
Setting `authMode = "Registered"` prevents me from running the `register
<password>` command from inside of `bitlbee`, which I *believe* I need to
run...
|
|
I'm having trouble getting PAM auth to work, so I'm temporarily disabling it.
TIL that I can use the following to verify that PAM is properly setup for a
program (e.g. `bitlbee`).
```
pamtester -v bitlbee $(whoami) authenticate
```
...but despite this succeeding, I still cannot use the `identify` command in
`bitlbee` to successfully authenticate. It just tells me "Incorrect password"
even though I'm providing it the same password that I type when doing the
`pamtester` command from above.
Computers!
|
|
Use Linux's PAM for Bitlbee's auth.
|
|
TLS support for bitlbee...
|
|
Attempt to access Bitlbee from IRCCloud.com client...
|
|
I'm still not entirely sure what bitlbee does, but I know this: I want as many
messengers in the same place as possible: IRC, Slack, Telegram. @tazjin tells me
that Bitlbee will help me get to the promised land. This is hopefully one step
of many in that direction.
|
|
In the spirit of "keep it simple, stupid", I am naming this application as
closely to the functionality as I can imagine.
|
|
Thankfully @tazjin builds Gemma (an Elm project) with Nix, so I could reference
Gemma's default.nix to help me with mine. Elm problematically attempts to
HTTP-fetch a list of packages to verify my project's dependencies. Because Nix
builds derivations in a sandbox without network access, I need to use some
escape hatches (i.e. NIX_REDIRECTS, LD_PRELOAD,
SYSTEM_CERTIFICATE_PATH). Welp... it's packaged now...
I'm also pointing learnpianochords.app to this project's index.html. It will be
live soon! :)
TODO(wpcarro): Rename "Chord Drill Sergeant" -> "Learn Piano Chords" (KISS)
|
|
This value defaults to localhost:3000, which works, but then Gitea
renders "http://localhost:3000/wpcarro/briefcase" as the URL to clone my
briefcase repository.
|
|
Gitea is running a web server on localhost:3000.
|
|
Gitea's announcement notes explain some of the benefits of Gitea over
Gogs:
https://blog.gitea.io/2016/12/welcome-to-gitea/
Also, I never configured Gogs such that I could use it, so the cost of
switching from Gogs to Gitea was basically zero.
|
|
Lorri does not cleanly integrate with my corporate device, which cannot run
NixOS. To expose dependencies to Emacs buffers, I will use nix-buffer.el, which
reads its values from dir-locals.nix. To easily expose dependencies from my
existing shell.nix files into dir-locals.nix, I wrote a Nix utility function.
|
|
Nest the sandbox work under ./website.
|
|
Nest the learn directory in the website directory.
|
|
Nest the blog work within the website directory.
|
|
- Create ./website directory
- Add a sitemap to wpcarro.dev
- Move covid-uk directory to sandbox directory
TODO: Next sandbox, blog, and learn in the website directory
|
|
Right now my website is serving at sandbox.wpcarro.dev, but I would rather
people view it at sandbox.wpcarro.dev/covid-19.
I previously tried to accomplish this with the following Nginx configuration:
```nix
locations."/covid-19" = {
root = briefcase.covid-uk;
}
```
I am now trying `alias = ...` instead of `root = ...`. I got the idea from this
SO question, https://stackoverflow.com/questions/10631933/nginx-static-file-serving-confusion-with-root-alias.
|
|
- Prefer hosting on sandbox.wpcarro.dev; I would prefer to host it at
sandbox.wpcarro.dev/covid-19, but I haven't figure out how to use Nginx to do
serve locations like /covid-19 yet.
- Splice the src directory: When I develop locally and index.html exists within
./src, I cannot access ./node_modules because ./node_modules is in a parent
directory. I could fix this if I used a bundler like Parcel or Webpack, but I
do not want to set that up at this time.
- Introduce Tailwind for CSS. This complicates my build a bit as well. For now,
I'm including output.css even though ideally I should not version-control this
file. I haven't figured out how to `yarn install` and run commands like `npx
tailwindcss build styles.css -o output.css` in a Nix derivation yet. Hopefully
I will learn and refactor this.
- Add some content about why I made this chart
- Add some content about some of my covid-19 predictions
- Add a footer to the webpage
- Delete timeseries.json and prefer fetching the published data instead
|
|
This is not currently working and it is causing Nginx to enter a retry loop. I
am removing it until I choose to focus on it.
|
|
I was having trouble tracking the growth of corona virus cases in the UK.
Thankfully someone is publishing some daily COVID data as JSON. I downloaded
that data manually and plotted it using the chart.js library as a programming
exercise with Mimi.
Now I'm attempting to deploy to https://wpcarro.dev/covid-uk.
TODO(wpcarro): Prefer the live API data instead my soon-to-be-stale downloaded.
|
|
Creating a derivation to abstract over the build process for learn.wpcarro.dev.
|
|
Gogs claims to be an easy-to-use Git server and web frontend written in
golang. I'm eager to try it as an alternative to cgit.
|
|
Create a derivation for building the static files of my blog.
|
|
Nix runs the `rebuild` command as root, so ~ resolves to /root, which is not
what I want.
|
|
With this simple change, Nix should copy the static directory and all of its
contents to /nix/store and return the path to that directory.
See TODO for more what I would have liked to do ideally.
|
|
readTree uses the output attribute set of default.nix as the value for
nixos.socrates, which disables me from resolving nixos.socrates.rebuild since
there is no rebuild attribute in the output attribute set from default.nix.
If I rename default.nix -> configuration.nix, I can resolve
nixos.socrates.{configuration,hardware,rebuild}.
|
|
Nix complains that `nixos.socrates` is not a function but a set. By adding
`{ ... }:` to the top of the file, I'm hoping to change it from a set to a
function.
|
|
Reading an Nginx tutorial and trying to port the information over to NixOS.
|
|
The fixed-point recursion isn't necessary.
|
|
When I build socrates using `sudo nixos-rebuild [...] switch`, my
`nixos-config` (i.e. <briefcase/nixos/socrates/default.nix>) is a simple Nix
anonymous function. Typically readTree populates my pkgs, briefcase, depot
function parameters with <nixpkgs>, <briefcase>, <depot>, but `nixos-rebuild` is
unaware of `readTree`.
For now I'm manually importing these dependencies, and I'm leaving a TODO to
reconsider switching to the `{ pkgs, briefcase, ... }` style when I better
understand NixOS.
|
|
I'm neither using config nor pkgs, so I'm deleteing them.
|
|
Create a socrates directory to store configuration for socrates.
|
|
At the moment, I don't think nixos-rebuild is reading $NIX_PATH, which
appropriately sets the paths for depot and briefcase. I'm going to explicitly
expose these values in the rebuild script for now.
|
|
After I considered the security implications of calling
`systemctl --user cat monzo-token-server`, I realized that monzo-token-server
should be a root service instead of a user service.
This service unit now also explicitly depends on briefcase.monzo_ynab.tokens,
which is a big improvement.
|
|
Exposing store_path to the tokens module to support the newly updated kv
module, which requires an explicit storePath parameter.
|
