Age | Commit message (Collapse) | Author | Files | Lines |
|
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This is currently done ad-hoc in a bunch of our systems, but we should
just do it centrally.
The commit message is a bit of a lie, as this doesn't yet update
grfn's systems.
Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Instead of having two ways of accessing the path to the depot (one of
which was stuttering, depot.depotPath) we settle on only one:
depot.path.
This was mostly used for NixOS module imports.
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Splits //ops/nixos into:
* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)
This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.
Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
Please read b/108 to make sense of this.
This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.
To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.
Pay extra attention to:
* overlay-like functionality that was partially moved to actual
overlays (partially as in, the minimum required to get a green
build)
* modified uses of the package set path, esp. in NixOS systems
Special notes:
* xanthous has been disabled in CI because of issues with the Haskell
overlay
* //third_party/nix has been disabled because of other unclear
dependency issues
Both of these will be tackled in a followup CL.
Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
The depot.nix module is automatically brought in by systemFor, and
shouldn't be included in user configs, since it's going away.
Change-Id: Ib5b60203978b51dbff1f7bcc287f2ac9eb278823
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2762
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Making this a monthly service apparently.
Necessary changes:
* 3p: expose emacs27 instead of emacs26 which got removed
users/tazjin/{camden, frog}: switch from emacs26 to emacs27
* 3p/lieer: google_api_python_client got renamed to
google-api-python-client
Change-Id: I1011665d10eebc99990addbef6a8a6b000b93896
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2605
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
This was previously set up manually in a nix-shell.
Invocation works like this:
screen fswebcam --title 'tazflat' --font 'JetBrains Mono' \
--timestamp "%Y-%m-%d %H·%M+01" -l 60 -r 1280x720 \
-d /dev/video0 --jpeg 95 /var/www/blobs/flat.jpg \
--exec 'cp /var/www/blobs/flat.jpg /var/www/blobs/flat/at_$(date +%s).jpg'
Change-Id: I5ecf8fdf67240faf885fd12f428e368e2bc64dc8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2018
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
The new one is causing breakage for me, but I have no time to debug
this, so I'm backporting the old one.
AFAICT the simp_le included in this channel should be new enough to
have ACMEv2 compat, we'll see if it works.
Change-Id: Ib8b869a5af8a0418a66017a0cf3b9336df5f2d05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2017
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Ie7a438c2038b3689600499f1d3a7e3d70bca120a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2000
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
Makes log access easier ...
Change-Id: I1b4df00ad2015b6a51029772a43f3e6544ba8d18
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1991
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ica3e30105be1ec56023ebf2dd81e5fa0cbe4759c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1713
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Iaf34d0d005285a367fa9730093b553d38acb8ae5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1101
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
These are now on whitby.
Change-Id: I25b1cdedf4ce9cdb377a40edbbbce123938b6828
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1068
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Iaf0c854b148062e30d426c2e92638932caf2e92e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1065
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
There is only one minor configuration change: CLBot now connects to
cl.tvl.fyi, instead of localhost, because Gerrit is still on camden.
Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
tazjin: https://github.com/tazjin/tazjin/issues/1
Change-Id: I655670fed1dd1ba7e9034f165238e2d69b228ee5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1002
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
I'm not actually sure if this will apply cleanly, because the new
NixOS ACME module is kind of broken.
Change-Id: I39584333dbea0a5f7b72e68d5e9f752a4c31bfe6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/957
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I9c10906441c3222b74bcc820a67f11d96462fcfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/821
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
|
|
Change-Id: Id9f6f6035b1e068d0b3d9f649427010c18d43be6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/641
Reviewed-by: tazjin <mail@tazj.in>
|
|
My personal pages have moved out of //web, and various changes were
necessary to keep everything working.
Change-Id: I2f81fdd8ba2ce2ce6fea7e329bbdcda6092cc8a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/604
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I2b91bef97c16254ffefcbc4da48ef161a859e7a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/521
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
I swear I've done this before. Multiple times.
Change-Id: I0d9fcb8fbb05b7b3a24392a204553ce60855f8df
|
|
The homepage is not useful to us because there is only one repo here
anyways.
Change-Id: Ia4e77849dcc54b64bca8b87a3b7dfae3efc382da
|
|
Change-Id: I96bd3802c05f9ab2973bdb1866d60113fcda56e9
|
|
We can always revert this if we want it back.
Change-Id: I1332b6dd541199584b7b5b94a8651172d79e53a9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/442
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This module spins up the Sourcegraph container.
Builds:
Note that this is contrary to how our other deployments work, but
packaging Sourcegraph is quite difficult (it's a Gitlab style
deployment with a lot of moving parts and third-party things that it
bundles).
If we decide to keep it around, we will want to look at packaging it
in Nix in the future.
Deployment:
The deployment is a hack. Sourcegraph does not support public
instances, but we want it to be public. To work around this we have
configured HTTP-proxy based authentication (i.e. auth via a header)
and hardcoded a static header.
This works, but lets anonymous users change the "Anonymous" user's
settings. We can expect this to get defaced (profile picture, name
etc), until we figure out how to write some nginx configuration to
drop those requests. See git-bug for details.
The Sourcegraph configuration is also not checked in to the
repository. It's unclear where in the data directory it is stored.
Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/425
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: Id732f7e2dbc43b2c530a9475499b0dfebff9b273
Reviewed-on: https://cl.tvl.fyi/c/depot/+/424
Reviewed-by: tazjin <mail@tazj.in>
|
|
This configures a timer that will push hourly, incremental backups of
Gerrit's state (including repositories) to GCS.
The GCS bucket tvl-fyi-backups is an Archive-class bucket in the
tazjins-infrastructure project.
Change-Id: I3bb5b084d8dd929bc4c3e51ddfb524b78d9445cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/397
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).
This is the first users folder, so it is also added to the root
readTree invocation for the repository.
Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>
|