Age | Commit message (Collapse) | Author | Files | Lines |
|
Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490
Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.
Things done to resolve upstream breakages:
* grpc no longer takes abseil-cpp as an input, it has also been removed
in the override.
* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
attribute has been removed by upstream and the patch used by them is
available for 5.11 as well.
* The fixed output hash for third_patry.apereo-cas changed for some reason.
* Remove the pin of haskellPackages.vector from the haskell overlay. It
broke as the most recent version of vector in nixos-unstable no longer
depends on semigroups. This effectively updates vector from 0.12.1.2
to 0.12.2.0.
* Align two comments in tvix/libstore/worker-protocol.hh because the
updated clang-format now demands that.
Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This gives a permission denied error when I try to log in
Change-Id: Ibb9a66bb0ccec5fdf6839dd38ffd7e0a782687d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2425
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
There appears to be an issue where the internal trackpad tries to
register itself as a ps1 mouse rather than a usb one, which causes some
dmesg warnings that may or may not cause actual problems. Regardless,
blacklisting this should be harmless.
Change-Id: I00fb539b8acf4fbf1b9125786ea6dc4f649b08c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2364
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Idafb951eb995a92e955e42bee5b563a738ce49c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2361
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Your regularly scheduled channel update, but slightly more regular
than before.
Included fixes:
* 3p/emacs: Pick telega.el from stable channel, unstable is broken.
* glittershark/fprintd: Compile with gcc9, since build fails with the
new default of gcc10
* glittershark/fprintd: Use a global overlay for the fprintd package
until https://github.com/NixOS/nixpkgs/pull/108962 lands in
nixos-unstable
* glittershark/home: Don't install rr, as it's not building with gcc10
Co-Author: Griffin Smith <grfn@gws.fyi>
Change-Id: Ia715fef64a405a220049fc540017356fa7370e0b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2341
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Changes:
* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
ability to configure OpenLDAP directly and now forces users to use
some kind of weird Nix->OLC mapping that is mostly undocumented.
This moves the config we need to the new format in a way that may or
may not work and does the other arbitrary dance steps that someone
decided to impose on us. Note that this now throws lots of warnings,
but I can't be bothered to fix them.
* 3p: Random package removals accomodated
* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
is not yet updated for 5.10
* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
this changed because of something in the Go build machinery in
nixpkgs. The deleteVendor flag also has no effect anymore and has been
removed.
* users/glittershark: agda build is broken, commenting out development
home-manager environment until it can be fixed
* third_party/haskell_overlay: updating random needs upper boundarles
of a few dependencies relaxed (curse them)
* third_party/gerrit_plugins: for some cursed reason the fixed-output
hash of the gerrit owners plugin fetchgit changed, updated.
Same for the checks plugin.
Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
I'm building a database! I have to open all the files!
Change-Id: Ie77ad6fafe837c0ddba6b5d56cdc06d787807d4e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2257
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
cache.nixos.org is way faster
Change-Id: If6f9a448b5a5ad7dab6d01e19c447e113a8d933a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2256
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
These didn't appear to be the source of the flickering after all.
Change-Id: Id3cce3e7905d0af21dc6ec4dc3a11828451378fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2254
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Split the 6 channels of input I have from my audio interface into 2
separate channels for inputs 1 and 2, so that I can have only the one
microphone feed into video chat apps.
The way this is done right now is less than ideal as it doesn't support
any sort of hotplugging - at some point, I should figure out the
appropriate udev invocations to make that work.
Change-Id: I53dc363173fa8db591b0e9cb08258d90835c1109
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2249
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
An ec2 node I'm using as a remote dev box
Change-Id: I7d81371ecdc11d6c1b5bc06d1b4f55de534d25ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2244
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This is kinda nifty
Change-Id: I1b9a6762a5349974f539d2c4938a2b3dcdf488ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2219
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
This is a whole pile of things suggested by the internet to fix the
weird text flickering issues I've been seeing. upon first look it seems
like one of the kernel params (or all of them, or some combination of
them) fixed the issue.
Change-Id: Idc98902b46d4cba3bab367f6e22fb9ad10b26a26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2216
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Running docker is silly if I can't access it
Change-Id: I476915dacd44fac1ce4c533a84849fa6175d8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2215
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
My new work laptop, a dell XPS 13.
Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This was locked away in the urbint-specific module, but I use it
elsewhere.
Change-Id: Ifced2196dc22a9dbed74a18d4e1fed9488eb0e26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2152
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
bye urbint!
Change-Id: I87ded275e6e5298e4e29c38775bae47a8fc07bac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2149
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Mugwump is too unstable for such an important internet service
Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Included fixes for random breakage:
* 3p/awscli: pick from the stable channel; it is broken on unstable
* 3p/googletest: bumped version & removed patches that nixpkgs applies
* 3p/lisp/cffi: bumped library version for SBCL compat
* 3p/nix: fix libsystemd attribute
* 3p/nix: reformatted (clang-format handling of ternaries changed)
* glittershark/home: Use home-manager from nixkpgs
* glittershark/kernel: bumped linux-ck patch hash
* glittershark/kernel: removed "patch patch"
* multi/whitby: Use home-manager from nixpkgs
* tazjin/frog: drop Sourcetrail (it doesn't build currently)
Note that in addition to these changes, some previous CLs updated the
versions of git and cgit which was necessary for this channel bump,
but which could not be done in the same commit due to the nature of
the subtree merges.
Change-Id: If2563e8a68e2750c4b913a976ff7b93b42e8b7f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2110
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Previously changed kernel versions would not cachebust the patch
download, because it would still be using the same SHA hash.
Forcing a different store path (by adding the version to the name)
also forces a redownload of the patch (and in turn cause the hash to
mismatch), avoiding this as a silent cause of failures in channel
updates.
Change-Id: I81a136ee2401126795cf042b0aadf2a1e7a707b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2114
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This machine is significantly faster. Also, drop nixbuild, since the
transfer speed is too slow to make it worth it.
Change-Id: Ic14ef96e03a81dc429e4b4fec961c891dbb4b2b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2066
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I954fcca422f2e1325c2455cb1c4d77d53673901f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2061
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I3b81fe5a76c26e42fb6d2937ce980e12964d70b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2060
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
There's just not enough juice in this machine to run more than one.
Change-Id: I6e6afc86337ca023e718023e4789fc29b6d8e175
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2059
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Don't enable whitby+nixbuild as remote builders on every machine (eg not
mugwump), only chupacabra
Change-Id: I8aa8f20d76da4ec0d8caa64ef04697b7e76cbc03
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2058
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Install some packages and enable the necessary services + udev stuff to
make yubikeys usable
Change-Id: I8aee8a8b06895880c8195f02fb57b1216a5fdffc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2049
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
In this case mostly so I can have it on mugwump
Change-Id: Ifa24caf607b30c1d034f4a9e7044ece88fcee38e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2048
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Since buildkite is running on there, it'll be nice to be able to
download things. Obviously if this laptop ever becomes a laptop again
this'll have to go away (or just become the external domain)
Change-Id: I5fc49c061dbf79f8d523244bcf822e8d96fa6d42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2047
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
I accidentally dropped this when reconfiguring things around to get
mugwump working, and when I rebuilt my x session turned off!
Change-Id: I252c90b6f4d796fef1f8183739fcc8dbfdd0fbf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2046
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.
Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.
Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Kids Love Wiggly Donkers!
Change-Id: I1d37ecc88dd81d91e05fb597155bb91b93f1bccb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2041
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I200f206b609675632ad6103c84cc37b629ef9708
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2025
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi
with an Acme SSL cert.
Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I577b42abe76c7be3434e7ca4f34bcf84a4a6e6bc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2023
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Init the config for mugwump, a NUC that I bought from ncl and which I'm
going to use as a simple home server and ssh bastion box. Since this is
the first time I've set up a server using my nixos config, this also
moves a bunch of desktop (xserver, audio, etc.) related config out of
modules/common.nix and into a new modules/desktop.nix.
Coming soon: nixos-rebuild switch --target, but in the depot!
Change-Id: I67bd5ba6e3c26f80f77058af186fd41cc245d5d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2016
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add configuration for a live install iso based on the depot's nixpkgs
pin and with a couple of networking-based options tweaked a bit.
Change-Id: I208bd0f7815fe54fc805e8995a8288d7a0d36f84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2014
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Also move fcitx to system, since it's a nixos thing not a home-manager
thing.
Change-Id: I3e047494a478520e939d48fc72cc91a2d797bf74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1969
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: I3b071cc91af5ee896e88c10d6594333ff4eddf77
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1922
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Ic8a63f76a0b19f6b1f9ab836d1418849cce06aa0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1895
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Create the pipeline by outputting a file that contains nix-build
invocations for each target's *derivation path*.
Each invocation has a generated Nix expression passed to it with `-E`
which fetches the correct target from the tree while correctly
handling targets with strange characters (such as in Go-packages).
This makes it possible to run target-level granular pipelines. We're
getting somewhere!
Change-Id: Ia6946e389dafd1d4926130bb8891446d6e17133b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1855
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This reverts commit 475d41f698415919093ca98f676ffcda218093ac. I'd like
my derivations back, please.
Changes necessary to get this working:
- Don't depend on `nixpkgs` being in the NIX_PATH for my website - it's
not necessary anyway since emacs 27 is mainline now
- .skip-subtrees on things that shouldn't be evaluated anyway
- Get rid of system/pkgs, and move the one thing in there that *wasn't*
already in third_party (alsi) to third_party
- Drop notifymuch for now - it's not working, and I'll probably get it
landed in nixpkgs before I manage to get it working
- Add __readTree = true to my systems so they get built.
- explicitly disable ci for xanthous, which is failing to build and had
been omitted previously
Change-Id: I20f5e81d6eb7ffe040091a08d75d0cb15304f707
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1864
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
This bumps the channel to a commit that includes fixes for an nginx
issue we have been seeing:
https://github.com/NixOS/nixpkgs/pull/95264
Includes the following compatibility fixes:
- tests disabled in third_party.bufbuild: These were enabled
unexpectedly by the update, but don't run in the sandbox because
they want to download things from github
Change-Id: I98a3b5de57f62f1fd3a37701fa1896eddeedff85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1759
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Welcome to the future, baby!
Change-Id: I23124d27df1f7597dbd2b28afd5882e62085665e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1763
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
This is kind of difficult to read otherwise because the boot
configuration is scattered throughout the file.
Change-Id: I8977b1bd2b9162c898c96aa249c40749b3d46180
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1762
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Ida25ae018bcd48adf27b0a5b8d524980c66dc3fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1747
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
I have an encrypted drive, so this extra layer of security is pointless
Change-Id: Ifa523ee5ea545b5ee17536d34f60d7235e47f25c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1741
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Bumps both nixos-unstable and nixos-20.03 to today's versions, as per
status.nixos.org
Contains minor fixes to things that broke because of the update:
* tazjin/frog: hardware.u2f is a deprecated setting
* glittershark/system: modSha256 in Go modules is now vendorSha256
* glittershark/owothia: removed version constraint on relude
Change-Id: Ib3e9612b1b06ed547b90e4f8b0ffe5ed7fe0a5c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1642
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Id61bf6bed41773e398cb6173c33f378937785d94
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1354
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: I62db4951969a0978e929f91d62382b1560d1f89c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1348
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|