Age | Commit message (Collapse) | Author | Files | Lines |
|
1.21.1 fixes an exploit in 1.21 without any other changes, so we can
safely skip it.
Change-Id: I72503c9f3869d7bafdfc78842b61804627a1d452
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12798
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: If48823b7992aa61fee9b1a6f458434a596bead90
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12795
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
`requires` is not recommended in this context. I think I tried it out of
desperation trying to combat the issue that these units would be started
before they were able to resolve names in switch-to-configuration.
Unfortunately, network access during switch-to-configuration can't be
detected using network-online.target, it seems.
Change-Id: Ia98a0a3b505ffa56eb37fb58a5375a1215d6cb1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12794
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Repositories (especially nixpkgs) WILL grow to ridiculous sizes
otherwise, killing cgit performance in the process.
Change-Id: I3bef3e5dc5a61152e89fd53e31f14e78193a4888
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12793
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Mostly it's important (which I did this time at least) to remember that
with how things work at the moment, the initrd sshd is only reachable
via IPv4.
Change-Id: Ie9a87b6a38b2e128a8a2141d2221bbe7cfe24cdb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12792
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
nixos-generate-config claims I need this, so let's add it…
Change-Id: I3d852ffce5d0e7c65d9a1bbe887d3de15136698a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12791
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
* //users/sterni/machines/ingeborg: adjust to yet another API
change in the fcgiwrap module
Change-Id: Ic601bb7161887dec5cfbe68205be816cf9b92d17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12202
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
* Treewide: re-run depotfmt
* //third_party/nixpkgs:html5validator: build with Python 3.11,
dependency openstackdocstheme doesn't support 3.12
* //users/sterni/machines/ingeborg: adapt to poorly handled fcgiwrap
module API change: https://github.com/NixOS/nixpkgs/pull/318599
* //tvix/*-go: regenerate protobuf files
* //third_party/nixpkgs:treefmt: Remove patch for merged pull request
* //users/flokli/ipu6-softisp: rebase, drop upstreamed kernel patches
Change-Id: Ie4e0df007c287e8cd6207683a9a25838aa5bd39a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11971
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
|
|
Change-Id: I2970f47e22e6984db49d455b31903814fa94ec76
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11529
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
A recent change in nixpkgs introduced evaluation warnings if a systemd
service is configured to start after network-online.target, but does
not directly depend on it.
This is done because the existing dependency from multi-user.target to
network-online.target is being removed, leaving these services without
an actual dependency on the service.
This affected autosubmit (I added a weak dependency here, for now the
service is actually on the same host as Gerrit), and sterni's mirror
setup (I added a strong dependency here).
Change-Id: I88a4aa69f6788c489f59533d34be3c9cea681326
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11026
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
We skip 1.20.3 which had a somewhat nasty bug that was immediately fixed
in 1.20.4 with no other changes.
Change-Id: Ib7ef12912b3ed7a7ed2e00fea654d5d7532a92f7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10863
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I2ec2e61f6b8a3d706966a9d259d350a010424ef1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10862
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
1.20.1 doesn't seem to have any substantial changes except bug fixes, so
let's jump to it right away.
Change-Id: If41f06352f5e5351e37af1969fa8152693a227e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10861
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
The btrfs scrub causes 8 WARNING messages otherwise, followed by
8 CLEAR messages.
Change-Id: Ib43d419461c154f74022b3051e256102ab2b03cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10688
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I8070b44b15b585e32d4939515d742a2800a2d762
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10641
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs
Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
This is just intended as a local backup in case things go wrong
horribly, so you can revert to a recent state.
Change-Id: I1d666bad77045a1c807204df144422ba69d1d99f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10417
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I6917a9633c998148d6e5d23b17d949ee007898e5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10180
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I5a850e0d98069483e89d90022b624feba60ceebc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10179
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I2a39a6e5125e95c4ea10836694b594d068ceda73
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10178
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Main objective was to get SMART/md monitoring working, alerts go (via
some awful glue code) to #sterni.lv on hackint. Bot nick should also be
registered in the future.
Change-Id: Ia73c5a64ee9f6df62f5fbe21fc1606477e3d6e73
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10174
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
We currently don't need it actively and it is easy to re-enable if
needed. Due to spawn chunks simulation it is not really idling either.
Change-Id: I2e4e5ff2271fd61ee1affec27a614244d4a87fcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This will hopefully prevent failures on system deploys where DNS is
briefly not available, so git(1) fails to resolve github.com. Thanks
flokli for the tip.
Change-Id: I6096e9f3655cbe28ca2a71142de22337814e0be1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10172
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
While we are at it, rename disk-checkup.nix to btrfs-auto-scrub.nix and
move it into //ops/modules. I originally wanted to have additionally
disk health related services in that module, but the btrfs scrub
functionality is nicely self-contained and reusable, so I think it makes
sense to have this in a more central location.
Change-Id: Iabdd62838eef009540ca71abafd921afda2a9b47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10128
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Network configuration and initrd setup is basically the same as with
edwin, but we are using md for Software RAID this time as well as LVM
over two partitions with LUKS:
- sda2 <-- RAID1 --> sdb2 (boot-raid)
└ boot partition, ext4 (encrypted-container-raid)
- sda3 <-- RAID1 --> sdb3
└ LUKS container
└ Volume Group vgmain
├ Logical Volume vgmain/swap
│ └ swap
└ Logical Volume vgmain/root
└ btrfs
So we no longer rely on btrfs raid1 due to question marks over its
reliability (I personally did not have any problems though). This also
means that we have less LUKS containers we need to unlock when
booting (kind of neglible improvement). The biggest improvement is that
we have redundancy for the swap, so a disk failure shouldn't cause
memory corruption/loss.
Change-Id: I14f065b659857415917d9a60a7ec019e687f8d1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10127
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
These settings would also be applied to a machine that'd replace edwin,
so it's useful to have them outside edwin's default.nix.
Change-Id: I4e8f464118a103645e53909a87c6ee4446022fa3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10125
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
nixpkgs changed something in how it deals with configuration of the
package set itself when that is externally instantiated (like in
depot)
It seems like we can work around this mostly by just ... deleting some
code, as all instances of this were for allowing unfree code, which
we've already set on the top-level anyways.
* //users/sterni: fix nixpkgs config assertion to point at
pkgs.config
* //users/wpcarro: disable locate service, which is broken in nixpkgs
Change-Id: Iacf6f1c8fd5b5289e7265e155d74f8269a858ceb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9541
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: I40452e0a4f7237eb7352fb3f7342a64bf0e37cd2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8841
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Upstream server no longer answers to git://.
Change-Id: I9c3608222a02f04d1cd77fa15738fa91e0088247
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8533
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Ib6141a6d905220395d822ac1d8e4f47aa89161a3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8425
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I4d002c933929508baab12d3802ac67d42813507b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8333
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Starting with 1.18.1 we no longer need to pass an extra flag to work
around the log4j CVE, so baseJvmOpts can be empty.
Change-Id: I6d6c5a366ecbb499b2e3945db81ca0a8b2e2dcbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8332
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: If9f6ee1c49a6c427530e56ceff60a2508f6fd9c6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8331
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I5e27eb7cfb87cd20a87aa49af114f43aaadc32d5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8330
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I3393c16db76fba839ea72612f54e6a2a72d0b69d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8329
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I8b163614b588d1cfb8d758cafb8fb407397a1ef7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8188
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: Icfd167e608955ec33367ca51dd8ae1d8d2740b4d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7837
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
The commit graph can be quite slow for repositories like nixpkgs, so it
is disabled there. For this we refactor the module a bit, allowing us to
set arbitrary cgit settings for repositories. This feature can also
handle all instances of defaultBranch now.
Change-Id: I22e44b7398d2692e8cc16555fb5203ad6a7a69a9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7672
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
This fixes cgit's ability to infer the idle time on the repo overview
properly. While we're at it, use the proper remote URL, so the redirection
warning doesn't clutter the logs.
Change-Id: Ie3a75886bdf9c704c18950290b1f7115d0ca0c02
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7496
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I83bd86540bb1de7c02b204165c094d8514ffcae9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7487
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
I primarily use GitHub for most of these preexisting repositories,
but they should be properly replicated on edwin in case I want to
stop. Pushing the respective refs manually is cumbersome and error
prone, so let's automate it.
The repositories are basically chowned to git:git currently and
`git fetch <remote> 'refs/*:refs/*' --prune` is execute regularly
to update the repository. In the future I could contemplate doing
it the other way round – using edwin as upstream and using
`git push --mirror` to update the GitHub repositories.
Change-Id: Icb8a11223c0b4d3c8ce9a2da7fb2b4d4df4887f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7486
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This should make it a bit clearer where not a lot is to be expected –
either yet or anymore.
Change-Id: I8139213814f2645f376ef2175aa2bc3721ee1e51
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7442
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Occasionally I debug i686-linux builds on this machine, the
headcounter.org binary cache (despite being slow due to Hydra serving
it) speeds this up with significant cache available.
Change-Id: Ic8bc6139cf31f412676ef2925ceb726740987ff0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7295
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Small module that regularly runs btrfs scrub on all btrfs filesystems.
Eventually the module should also do SMART value monitoring, as edwin is
a server from Hetzner's server auction, so a disk failure may not be too
far away.
Change-Id: I11e423a5d91c99ad455c2bb29b632efb79ef908e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7294
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
This adds edwin, the machine running sterni.lv, as well as my
idiosyncratic deployment solution. It is based on instantiating the
system configuration locally (where you'd work on the configuration),
copying the derivation files to the remote machine where the system
derivation is realised and deployed. Unfortunately, the first step tends
to be quite slow (despite gzip compression), so this may not be the
definite way despite its advantages.
Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|