We switched to stable temporarily in 2023 (!) because of some breakage that has
long been fixed.
In general, running nixery against stable is probably advisable, but because of
our Lisp package situation updating stable is not possible at the moment.
Change-Id: I122ac63d6307cab76a3069101682fc5f8f985914
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12999
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.
Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
This (temporarily) bumps the nixpkgs channel to nixos-unstable-small, because it
has an update I really want, and also to stress-test the new builders.
Included fixes:
* disabled tests in niri to avoid a flaky test; this is fixed upstream already,
but the change is still percolating through
* regenerated Go protobufs
Change-Id: Ia09fdc38f620fe8301c2111b0e4c142f37df2dd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12991
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
I thought this was enabled and got confused when deploying ... cache should
always be enabled on machines that don't build themselves.
Change-Id: Ie52b27c44db4c26387b05553dbe36f7693628e89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12993
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an experimental setup for a builderball-based public cache.
This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.
The idea is this:
All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).
When a request comes in, the first matching cache address is returned and Nix
will substitute from there.
Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Otherwise pushes to Github from CI will fail.
Change-Id: Ib3eb3165577cb98c5a7d5f2055b09dbf118da6c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12994
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Adman (the hoster) have not provided an ETA for native v6 on bugry yet, so we
establish a public v6 connection through nevsky for now.
In traffic flows going West->East the overhead is minimal (a few ms), though I
guess it might be worse if you're in the middle (Yekaterinburg or something).
The prefix was chosen by the bugry public v4 address encoded in hex, and
appended to the nevsky prefix.
Change-Id: I133622c17bd02eade0a6febc6bdf97f403fed14c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12974
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Adds CI configuration that builds the Rust package, and exports the package back
to Github after submits to canon.
Change-Id: I2f8dcff2a614898c55115f44510543ff25d46b55
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12996
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: thk <thomas@koch.ro>
This project is moving into the depot. Upstream is
github/thkoch2001/planet-mars.
This commit does not yet add a Nix build, only imports the code and matches
formatting requirements.
The import has been josh-filtered, which will allow us to continue publishing
the history to the previous repo.
Change-Id: I9cb184b5af3f74a0b4079bac499b4db039b7939b
I omitted the `acls` section when adding the tag configuration. In "normal"
tailscale, emitting this is equivalent to putting the defaults there (i.e. all
traffic inside the tailnet is allowed), however in headscale it defaults to
blocking everything instead.
This meant that internal tailnet traffic wasn't really working correctly anymore.
Change-Id: Ic37504e9a8a97b9f8eb3ac173c88201aef1c044a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12972
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
This is just a carbon-copy of other machine configurations for now. The plan is
to switch this over to sixos, but I have to get a sane NixOS setup first because
this still requires a lot of experimentation (and stuff to be built *on* this
machine, since it's the fastest one we have).
Change-Id: I2e55e63ed5192eb748855999bb87d43498e706fc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12971
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Another new dedicated server, which we can use for various ... dedicated server
things. Located in Novosibirsk.
The name of the old village that used to be where the city now is, Бугры, was
too good to pass up when spelled in English as a hostname. Obvious choice!
Change-Id: I9de7bc078199e9d87284139556024dc3738d3b24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12967
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is a candidate for the new builder, featuring a beefy new AMD CPU with 32
threads and more than double the per-core performance of whitby, as well as
brand-new DDR5 RAM and NVMe disks.
The machine is hosted with Timeweb, in St. Petersburg.
We'll see how this performs.
Change-Id: I5ccbf42cd5274d3a4703afd6942fb42a915bed7a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12966
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Though netdata integrates smartd data it doesn't generate warnings like
smartd does. It would be nice to have them go to IRC. The NixOS module
for some reason has decided to implement its own very restricted
notifications framework on top of the one that smartd provides
dispatching to either mail (note that this is implemented in the NixOS
module and doesn't use smartd's own support for this), wall(1) or some
systemd mechanism. This is implemented in some shell script that can't
be provided by the user.
Luckily, the module is relatively small otherwise and we can easily
inline the relevant service definitions and use our own script instead.
Change-Id: I1e1ceff3c21a92ac42079c02813366671141b9b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12969
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Not all dependencies in //third_party/sources are equally important for
evaluation, some are never used (e.g. rustsec-advisory-db is re-fetched
using fetchFromGitHub). It seems to be a good idea to make it
configurable what to gcroot and thus unconditionally download as soon
as .envrc is loaded for the first time.
This frees //third_party/sources to be used more extensively, e.g. for
managing third_party dependencies that aren't used at eval time.
This commit is very conservative and only gcroots:
- nixpkgs, nixpgs-stable (obviously)
- rust-overlay (applied to our nixpkgs instance unconditionally)
- home-manager (used in //third_party/overlays/tvl)
I'm open to re-enabling gcrooting of the following other sources which
are only necessary to evaluate some targets:
- agenix (obvious candidate, widely used in depot)
- naersk (used for many targets)
- napalm (used in //users/Profpatsch and //users/sterni)
- impermanence (only used in //users/tazjin)
Change-Id: I39eef14d08bec6857499655e30ecf47d5fdd1260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12965
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Nginx's std cfg only returns 304 with If-Unmodified-Since header, if the date
is exactly the one it expects, not the date the client did its last request.
This makes sense as it is much easier to compare two strings for equality than
to parse the date received from the client and check the ordering with the
server known last_modified value.
Adds a Nix cache proxy which can be used to send a Nix cache lookup to the first
available cache that has the given NAR. We will use this for dynamically created
builders.
Relates to b/432.
Change-Id: If970d2393e43ba032b5b7d653f2b92f6ac0eab63
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12949
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an ACL for a tailscale tag that can be added by the `tvl` and
`tvl-builders` users.
This tag will be used by dynamic builders to bootstrap and advertise to other
builders that they might be valid substitution targets.
Relates to b/432.
Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
I have a suspicion that some systemd bugs around this feature (I actually
couldn't figure out what it does and why?) introduced in systemd 256 lead to
issues with suspend that I've seen in recent times.
In the issue, my machine is seemingly frozen after resuming from suspend. I'd
seen this previously on EXWM with xsecurelock, but now I'm seeing it on niri
with swaylock, where it is more severe because switching to a VT is impossible.
Upstream tickets:
- https://github.com/systemd/systemd/issues/33083
- https://github.com/systemd/systemd/issues/33626
- https://bugzilla.redhat.com/show_bug.cgi?id=2321268
I'm not running a VM, but there seem to be multiple different bugs leading to
this, so who knows. It's worth a try.
The long-term fix will be getting rid of systemd)
Change-Id: Ie985a3f222f3daac1e3c7db79ee8624c66297374
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12961
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is kind of a chonker because I went into so many rabbit holes.
Foremost this implements a simple “Refresh Artist” button that fetches
current artist torrent groups.
BUG: the `artist` endpoint torrent struct is shite, it’s missing most
info that we get in the `search` endpoint torrent struct, plus it’s
organized differently (e.g. the `artists` thingy is in the
torrent_group not the torrent).
I should switch everything over to fetching the `torrent_group.id`s
first and then going through and slowly fetching every torrent group
separately … however that might time out very quickly. ugh. There
doesn’t seem to be a way of fetching multiple torrent groups.
Random other shit & improvements:
* intersperse for builders
* fix json errors so that the structs don’t get too
big (`restrictJson`)
* show error messages as json so jaeger displays it with nested UI
* color pretty-printed json outpt on command line
* add some important integral functions to MyPrelude
* add `sintersperse` and `mintersperse` to MyPrelude
Change-Id: If8bfcd68dc5c905e118ad86d50d7416962bf55d4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12960
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
We can’t do more than like 5 requests right next to each other, so
let’s handle the timeout they request.
This kinda destroys search speeds for large search results,
so we might have to filter out collections somehow, or do something
smarter like schedule things out and show a preliminary result at one
point.
Change-Id: If916379eb6e19cf8e960cf7553965b338645e560
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12958
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
