Age | Commit message (Collapse) | Author | Files | Lines |
|
Rename my //users directory and all places that refer to glittershark to
grfn, including nix references and documentation.
This may require some extra attention inside of gerrit's database after
it lands to allow me to actually push things.
Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Splits //ops/nixos into:
* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)
This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.
Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Fixes included:
* exposed gtest in the package set, required for protobuf
* pinned SBCL to version 2.0.8: The channel moved it to >2.1, and a
bunch of warnings seemed to be killing our builds - we should
investigate this later.
* removed kernel patches from //users/tazjin/frog: this machine is
currently out of service anyways, not worth fixing while it's offline
* removed steam & lutris from frog (they're currently broken)
* removed Haskell overrides for hedgehog-classes & hgeometry-combinatorial
* use gRPC sources from upstream and inject Abseil via Nix instead
* fix for renamed grpc import in //third_party/nix
* use libfprint-tod from upstream nixpkgs in glittershark/yeren and
delete glittershark/pkgs/fprintd entirely, since all of the patches used
there are available and working from upstream now (and stopped working
here after the bump)
Change-Id: Ia90e6f774f7b88bc9e60d28351b900ca43ee2695
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2901
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
This wasn't working because yerenSystem wasn't actually accessing the
`system` attribute (like the other systems), which meant it was just
an attribute set full of stuff.
Change-Id: I0abe56f0a1f18e4e542cb458dfcdf81e8a0ddc01
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2923
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Please read b/108 to make sense of this.
This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.
To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.
Pay extra attention to:
* overlay-like functionality that was partially moved to actual
overlays (partially as in, the minimum required to get a green
build)
* modified uses of the package set path, esp. in NixOS systems
Special notes:
* xanthous has been disabled in CI because of issues with the Haskell
overlay
* //third_party/nix has been disabled because of other unclear
dependency issues
Both of these will be tackled in a followup CL.
Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Add kolide, the endpoint monitoring system / MDM we're using at work, to
the system derivation for my work computer.
I hate MDMs almost universally, and this one is no different, but SOC2
waits for no one.
Change-Id: I99bcb5341182a81512699d50b279efd9e1b2194b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2903
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Previously the tvl depot attrset was provided as the config.depot
argument, but to make NixOS modules look more like the rest of the depot
this is being switched to being provided as the "depot" argument
instead.
Change-Id: I7e011fe5c44ac3e4142177afd168f1bbc602d56f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2764
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
ops.nixos.nixosFor is intended to provide the "basic" readTree-like
system arguments to NixOS systems; in particular, it provides "depot" as
a module argument, as well as, for the moment, config.depot.
Change-Id: I442c7d79ac0eb2ff8e1bf606f4e083e15eb0a8f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2761
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Iba48c8ac8c45075ecb9741572bca9cea4f8b0f9d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2748
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
The way this loads the api key is a hack, but also... I don't care!
Change-Id: I4d417b1a824007620661188b60b21a1f73867dca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2747
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add blackbox prometheus exporters to Mugwump with config for scraping
gws.fyi, windtunnel.ci, and app.windtunnel.ci
Change-Id: Ied9e329d44b506763b600e4978f65a5a3abcf5df
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2702
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: Ib8d589bd2110eb23d26a789a9f069f80815dadf3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2665
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: Ibe48761b3161b1dfa6989dd25ec25593b7fe98ec
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2664
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
hibernate on low battery, and when the power button is pressed
Change-Id: I6560fc770ee5707e59fb2763614de2b8000e156e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2550
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490
Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.
Things done to resolve upstream breakages:
* grpc no longer takes abseil-cpp as an input, it has also been removed
in the override.
* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
attribute has been removed by upstream and the patch used by them is
available for 5.11 as well.
* The fixed output hash for third_patry.apereo-cas changed for some reason.
* Remove the pin of haskellPackages.vector from the haskell overlay. It
broke as the most recent version of vector in nixos-unstable no longer
depends on semigroups. This effectively updates vector from 0.12.1.2
to 0.12.2.0.
* Align two comments in tvix/libstore/worker-protocol.hh because the
updated clang-format now demands that.
Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This gives a permission denied error when I try to log in
Change-Id: Ibb9a66bb0ccec5fdf6839dd38ffd7e0a782687d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2425
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
There appears to be an issue where the internal trackpad tries to
register itself as a ps1 mouse rather than a usb one, which causes some
dmesg warnings that may or may not cause actual problems. Regardless,
blacklisting this should be harmless.
Change-Id: I00fb539b8acf4fbf1b9125786ea6dc4f649b08c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2364
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Change-Id: Idafb951eb995a92e955e42bee5b563a738ce49c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2361
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Your regularly scheduled channel update, but slightly more regular
than before.
Included fixes:
* 3p/emacs: Pick telega.el from stable channel, unstable is broken.
* glittershark/fprintd: Compile with gcc9, since build fails with the
new default of gcc10
* glittershark/fprintd: Use a global overlay for the fprintd package
until https://github.com/NixOS/nixpkgs/pull/108962 lands in
nixos-unstable
* glittershark/home: Don't install rr, as it's not building with gcc10
Co-Author: Griffin Smith <grfn@gws.fyi>
Change-Id: Ia715fef64a405a220049fc540017356fa7370e0b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2341
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Changes:
* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
ability to configure OpenLDAP directly and now forces users to use
some kind of weird Nix->OLC mapping that is mostly undocumented.
This moves the config we need to the new format in a way that may or
may not work and does the other arbitrary dance steps that someone
decided to impose on us. Note that this now throws lots of warnings,
but I can't be bothered to fix them.
* 3p: Random package removals accomodated
* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
is not yet updated for 5.10
* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
this changed because of something in the Go build machinery in
nixpkgs. The deleteVendor flag also has no effect anymore and has been
removed.
* users/glittershark: agda build is broken, commenting out development
home-manager environment until it can be fixed
* third_party/haskell_overlay: updating random needs upper boundarles
of a few dependencies relaxed (curse them)
* third_party/gerrit_plugins: for some cursed reason the fixed-output
hash of the gerrit owners plugin fetchgit changed, updated.
Same for the checks plugin.
Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
I'm building a database! I have to open all the files!
Change-Id: Ie77ad6fafe837c0ddba6b5d56cdc06d787807d4e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2257
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
cache.nixos.org is way faster
Change-Id: If6f9a448b5a5ad7dab6d01e19c447e113a8d933a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2256
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
These didn't appear to be the source of the flickering after all.
Change-Id: Id3cce3e7905d0af21dc6ec4dc3a11828451378fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2254
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Split the 6 channels of input I have from my audio interface into 2
separate channels for inputs 1 and 2, so that I can have only the one
microphone feed into video chat apps.
The way this is done right now is less than ideal as it doesn't support
any sort of hotplugging - at some point, I should figure out the
appropriate udev invocations to make that work.
Change-Id: I53dc363173fa8db591b0e9cb08258d90835c1109
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2249
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
An ec2 node I'm using as a remote dev box
Change-Id: I7d81371ecdc11d6c1b5bc06d1b4f55de534d25ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2244
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This is kinda nifty
Change-Id: I1b9a6762a5349974f539d2c4938a2b3dcdf488ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2219
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
This is a whole pile of things suggested by the internet to fix the
weird text flickering issues I've been seeing. upon first look it seems
like one of the kernel params (or all of them, or some combination of
them) fixed the issue.
Change-Id: Idc98902b46d4cba3bab367f6e22fb9ad10b26a26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2216
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Running docker is silly if I can't access it
Change-Id: I476915dacd44fac1ce4c533a84849fa6175d8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2215
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
My new work laptop, a dell XPS 13.
Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This was locked away in the urbint-specific module, but I use it
elsewhere.
Change-Id: Ifced2196dc22a9dbed74a18d4e1fed9488eb0e26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2152
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
bye urbint!
Change-Id: I87ded275e6e5298e4e29c38775bae47a8fc07bac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2149
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Mugwump is too unstable for such an important internet service
Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Included fixes for random breakage:
* 3p/awscli: pick from the stable channel; it is broken on unstable
* 3p/googletest: bumped version & removed patches that nixpkgs applies
* 3p/lisp/cffi: bumped library version for SBCL compat
* 3p/nix: fix libsystemd attribute
* 3p/nix: reformatted (clang-format handling of ternaries changed)
* glittershark/home: Use home-manager from nixkpgs
* glittershark/kernel: bumped linux-ck patch hash
* glittershark/kernel: removed "patch patch"
* multi/whitby: Use home-manager from nixpkgs
* tazjin/frog: drop Sourcetrail (it doesn't build currently)
Note that in addition to these changes, some previous CLs updated the
versions of git and cgit which was necessary for this channel bump,
but which could not be done in the same commit due to the nature of
the subtree merges.
Change-Id: If2563e8a68e2750c4b913a976ff7b93b42e8b7f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2110
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Previously changed kernel versions would not cachebust the patch
download, because it would still be using the same SHA hash.
Forcing a different store path (by adding the version to the name)
also forces a redownload of the patch (and in turn cause the hash to
mismatch), avoiding this as a silent cause of failures in channel
updates.
Change-Id: I81a136ee2401126795cf042b0aadf2a1e7a707b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2114
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This machine is significantly faster. Also, drop nixbuild, since the
transfer speed is too slow to make it worth it.
Change-Id: Ic14ef96e03a81dc429e4b4fec961c891dbb4b2b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2066
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I954fcca422f2e1325c2455cb1c4d77d53673901f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2061
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I3b81fe5a76c26e42fb6d2937ce980e12964d70b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2060
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
There's just not enough juice in this machine to run more than one.
Change-Id: I6e6afc86337ca023e718023e4789fc29b6d8e175
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2059
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Don't enable whitby+nixbuild as remote builders on every machine (eg not
mugwump), only chupacabra
Change-Id: I8aa8f20d76da4ec0d8caa64ef04697b7e76cbc03
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2058
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Install some packages and enable the necessary services + udev stuff to
make yubikeys usable
Change-Id: I8aee8a8b06895880c8195f02fb57b1216a5fdffc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2049
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
In this case mostly so I can have it on mugwump
Change-Id: Ifa24caf607b30c1d034f4a9e7044ece88fcee38e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2048
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Since buildkite is running on there, it'll be nice to be able to
download things. Obviously if this laptop ever becomes a laptop again
this'll have to go away (or just become the external domain)
Change-Id: I5fc49c061dbf79f8d523244bcf822e8d96fa6d42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2047
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
I accidentally dropped this when reconfiguring things around to get
mugwump working, and when I rebuilt my x session turned off!
Change-Id: I252c90b6f4d796fef1f8183739fcc8dbfdd0fbf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2046
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.
Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.
Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Kids Love Wiggly Donkers!
Change-Id: I1d37ecc88dd81d91e05fb597155bb91b93f1bccb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2041
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I200f206b609675632ad6103c84cc37b629ef9708
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2025
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi
with an Acme SSL cert.
Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I577b42abe76c7be3434e7ca4f34bcf84a4a6e6bc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2023
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|
|
Init the config for mugwump, a NUC that I bought from ncl and which I'm
going to use as a simple home server and ssh bastion box. Since this is
the first time I've set up a server using my nixos config, this also
moves a bunch of desktop (xserver, audio, etc.) related config out of
modules/common.nix and into a new modules/desktop.nix.
Coming soon: nixos-rebuild switch --target, but in the depot!
Change-Id: I67bd5ba6e3c26f80f77058af186fd41cc245d5d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2016
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
|