Age | Commit message (Collapse) | Author | Files | Lines |
|
* amend keycloak configuration as per upgrade guide for their latest, most
innovative breaking changes.
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
* users/aspen: remove deprecated noXlibs option. This option has no alternative.
Change-Id: I49f45e38cda6b01ddf6f014b7b1c43972b76629f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12601
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: I2d2277915d3e679c9388ea9bc0328b4040b22bf6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12671
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
It seems we need more memory these days, and llama frequently ran OOM.
Decrease the number of concurrent evaluations.
Change-Id: I2648ebdedf09b80c9a231c4614004f953a646bc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12662
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
|
|
Harmonia is, ostensibly, faster and better and, most importantly, not a giant
pile of wonky Perl.
I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think
we should be good to go here.
We have a vendored copy of the upstream module for now. We need to fix Nix 2.3
compatibility in upstream for the module, but the service itself works fine.
Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I93ddc961b473e15febe22a16879875dbd926236a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12501
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
|
|
Change-Id: I1030393d843f03af3617487fc70829fcca792839
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12499
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
|
|
This was in //ops for legacy reasons, but this is really not necessary.
Change-Id: I758b257838993ef0f7d55809c137118826e2ba85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12483
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Required to bump past the broken time crate.
Change-Id: Ied9e3367f5fc69db0671732a75f2e410f4f234f6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12407
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
|
|
This points to a "GitHub App" now
("https://github.com/organizations/tvlfyi/settings/apps"), rather than an
"OAuth App"
("https://github.com/organizations/tvlfyi/settings/applications").
Apparently this makes a big difference, and we should be using a "GitHub
App", not an "OAuth App".
The defails on why are in
https://github.com/keycloak/keycloak/issues/9429#issuecomment-1578953468
The App can be configured at
https://github.com/organizations/tvlfyi/settings/apps/tvl-keycloak .
With this, we should get rid of spurious Exceptions with some GitHub
users trying to log in, hopefully fixing https://b.tvl.fyi/issues/201.
Change-Id: I25d0d6cd1b05ad54ed3d760d3a48ce1f430c0e7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12413
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Without this, terraform wants to recreate the resource, just because we
do /not/ want to delete the default mappers:
```
# keycloak_ldap_user_federation.tvl_ldap must be replaced
-/+ resource "keycloak_ldap_user_federation" "tvl_ldap" {
+ delete_default_mappers = false # forces replacement
~ id = "4e68e9f0-7aba-4465-8357-f2af6a55fd0e" -> (known after apply)
name = "tvl-ldap"
~ use_truststore_spi = "ALWAYS" -> "ONLY_FOR_LDAPS"
# (27 unchanged attributes hidden)
}
```
Keycloak lists the a few mappers. which are likely the default ones,
but in any case, we don't want to recreate this resource.
Change-Id: I170a91a44b2efa426fae268cf7fc97a7f28a5760
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12412
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
|
|
The docs mention this applies to "users of the legacy distribution of keycloak".
However, we get a "failed to perform initial login to Keycloak: error
sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found"
if we don't set this.
With this, the provider is able to talk to the API, as long as the
secrets are sourced.
Change-Id: I0b9cdd45b1628aa0870a1673491c12c07bf7f8d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12411
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
The same fix from cl/11021 also needs to be applied to other states.
Change-Id: I205b03aab49130639c79702f4bf16f0bf28d89ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12410
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
|
|
The same fix from cl/11021 also needs to be applied to other states.
Change-Id: I0df3ee2e8970e0d08a119ecc6347f24aef0448c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12409
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
Change-Id: I4d10a17b43918857188c2b1f1babb8890346d9c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12397
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
Change-Id: Id943cbb486073173a8391074c326749bffb990f7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12361
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: yl3dy <aleksandr.kiselyov@gmail•com>
Tested-by: BuildkiteCI
|
|
Change-Id: Idf8083d7f48fb1eca40596003fad1552b87bcef4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12364
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Change-Id: I05a11bb1f3496680c22b31a4450e4675d028c59d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12350
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: I4df81b7f08e173d3c887bc89f869889a7901dbf0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12347
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Change-Id: I3b0a4695f69ef24a4f1f6280402c8a72223ff0c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12344
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: mrflos <mrflos@yeswiki.pro>
|
|
Change-Id: I40a4e7b9b993b2af57b03da1036ddeca2a0d298a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12343
Reviewed-by: mrflos <mrflos@yeswiki.pro>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: I5b5bb98f591e7bf3b1f16673f7f670b758444066
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12327
Reviewed-by: mrflos <mrflos@yeswiki.pro>
Tested-by: BuildkiteCI
|
|
This was deleted when removing the Sourcegraph module, but it turns out it is
also needed by panettone.
Change-Id: I8f14165bf783743247894c2b64882fbb032ffbf8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12295
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
|
|
Patch submitted via public inbox.
Change-Id: I5dc2d86aefd909216e8a16f428fc2cf818a125c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12296
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Patch submitted to me IRL.
Change-Id: Idd8aa75313ba73d5c1e92b98d390e43e7108c6b6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12292
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
|
|
Change-Id: I4ee9a5a69c90e2050c60b2ef8483431d691b499f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12287
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
|
|
Change-Id: I4d03f98e79de5e3a9c8c4a33682d5c78e3e0f028
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12286
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
Patch submitted to me IRL.
Change-Id: I43805e3932ccbe383fb5ec7780a29fae187f64db
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12290
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Patch submitted to me IRL.
Change-Id: I4cbfb138f616adf8635ca84f25cb77f8b8af7959
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12289
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Goodbye, Sourcegraph.
Relates to b/290.
Change-Id: Ic1cf3c1cf52ae17cdcc18c675b4c01d477644a3c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12285
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
|
|
See https://b.tvl.fyi/issues/409 for details.
Change-Id: Ibb54fab7a78e0e5f708c2a7dc8bb26ac0b2b4689
Signed-off-by: Armin Schlegel <a.schlegel@gridx.de>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11972
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
cl/12228 did enable automatic retries for some flaky tests, which
generally did work, as can be seen in
https://buildkite.com/tvl/depot/builds/35893
However, ":duck:" still reports as failing, because we check the number
of steps to be nonzero, which is not the case if retries have happened.
We cannot check for the overall status of the build, as it's still
"RUNNING", but instead of counting all failed steps so far, we can query
all failed jobs and then filter out the ones that were already retried.
Change-Id: Ib9d27587c8a8ba7970850812c4302fecdc4482e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12233
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I18492d6e6167f3c010e8f66670a127807ac7d99c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12183
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I54c47f8119d38f7403e27cbc23efd919dcf8e8d5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12006
Reviewed-by: yuka <yuka@yuka.dev>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
Change-Id: Ie25e2f1f0b7557be01b6f78142f1a40952988e53
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11792
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
Change-Id: I6e5d0b56e932427e6285556106fba277e05a26cd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11785
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Give some more context about what these mean. Mostly copied from the
descriptions in nix-eval.sh
Change-Id: I845f4227206f7035bcd185a708c14877a040c46a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11778
Tested-by: BuildkiteCI
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: flokli <flokli@flokli.de>
|
|
This switches to [Go modules](https://go.dev/blog/using-go-modules), which have now been the standard for dependency management in Go codebases for a while. In addition to initializing a new Go module, it also updates the paths of some gopkg.in dependencies, which are deprecated as well.
Change-Id: Ie5c9faa415a65ab76cbe59f4afb437a9250be392
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11773
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Ib83f22b8ee4c79b61b9be9d8cd176d759f6081ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11772
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
|
|
In #tvix-dev, we want to display only CLs that relate to tvix and
related projects.
So use a pretty dumb allow-list for which CLs to display in that
channel.
Change-Id: I3ef50b64e3d7fbc27a6690be6a10f1b55c04cd6e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11658
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I7b06473f67ee630a02676b19ff42ef02dd4014ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11742
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
|
|
For the duration of the sprint, this bot will take care of
synchronising the IRC channel with the Telegram group.
After the sprint, it will be removed again.
Change-Id: I6d5b1316fc85ddd26adf55e31f6bff742907fc24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11727
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
https://inbox.tvl.su/depot/20240505153017.26572-1-benjaminedwardwebb@gmail.com/T/#u
Change-Id: I6cf47468750afbf7fa703bb2800e7b67a17c2a70
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11686
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I4526339648958e4e633ca8259b93513dc9406362
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11664
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
|
|
Change-Id: I0b695f0104bc587b1c5b7591c8d512a265d96873
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11534
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
The change we need has been released and propagated to nixos channels.
Change-Id: Ib10a1d42d7ef6deaf5665a13b72ece345e83d7dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11457
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: Ia41fbff390a2b1df0926ab33e9f4f66b1fd92512
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11533
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I3d907589c75939c86faa3c1276e4023126ad3d17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11513
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
|
|
This relates to nixery#167.
Using our GC module is much more reliable than what we were doing previously.
Change-Id: I1956457812a3a847a7c8a1f4e7e91e50fad08ac0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11453
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|
|
I accidentally deallocated the previous public IP, and had to make a
new one :(
Change-Id: Ie30305bdfdb8443e058270e5324baf555343441c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11452
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|
|
We just had a minor incident where apparently our build cache for the
critical security fix was deleted by automatic-gc (which I had stopped
manually) being reenabled by an unrelated whitby deploy.
This adds a new mechanism where by touching a file called
`/run/stop-automatic-gc` the GC can be prevented from running.
We might want to configure an occasional alert or something if this
file exists, so we don't forget about it when we are using it.
Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
|