This wasn't working because yerenSystem wasn't actually accessing the
`system` attribute (like the other systems), which meant it was just
an attribute set full of stuff.
Change-Id: I0abe56f0a1f18e4e542cb458dfcdf81e8a0ddc01
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2923
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Please read b/108 to make sense of this.
This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.
To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.
Pay extra attention to:
* overlay-like functionality that was partially moved to actual
overlays (partially as in, the minimum required to get a green
build)
* modified uses of the package set path, esp. in NixOS systems
Special notes:
* xanthous has been disabled in CI because of issues with the Haskell
overlay
* //third_party/nix has been disabled because of other unclear
dependency issues
Both of these will be tackled in a followup CL.
Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Add kolide, the endpoint monitoring system / MDM we're using at work, to
the system derivation for my work computer.
I hate MDMs almost universally, and this one is no different, but SOC2
waits for no one.
Change-Id: I99bcb5341182a81512699d50b279efd9e1b2194b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2903
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Previously the tvl depot attrset was provided as the config.depot
argument, but to make NixOS modules look more like the rest of the depot
this is being switched to being provided as the "depot" argument
instead.
Change-Id: I7e011fe5c44ac3e4142177afd168f1bbc602d56f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2764
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
ops.nixos.nixosFor is intended to provide the "basic" readTree-like
system arguments to NixOS systems; in particular, it provides "depot" as
a module argument, as well as, for the moment, config.depot.
Change-Id: I442c7d79ac0eb2ff8e1bf606f4e083e15eb0a8f4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2761
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
The way this loads the api key is a hack, but also... I don't care!
Change-Id: I4d417b1a824007620661188b60b21a1f73867dca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2747
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
hibernate on low battery, and when the power button is pressed
Change-Id: I6560fc770ee5707e59fb2763614de2b8000e156e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2550
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490
Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.
Things done to resolve upstream breakages:
* grpc no longer takes abseil-cpp as an input, it has also been removed
in the override.
* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
attribute has been removed by upstream and the patch used by them is
available for 5.11 as well.
* The fixed output hash for third_patry.apereo-cas changed for some reason.
* Remove the pin of haskellPackages.vector from the haskell overlay. It
broke as the most recent version of vector in nixos-unstable no longer
depends on semigroups. This effectively updates vector from 0.12.1.2
to 0.12.2.0.
* Align two comments in tvix/libstore/worker-protocol.hh because the
updated clang-format now demands that.
Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
This gives a permission denied error when I try to log in
Change-Id: Ibb9a66bb0ccec5fdf6839dd38ffd7e0a782687d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2425
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
There appears to be an issue where the internal trackpad tries to
register itself as a ps1 mouse rather than a usb one, which causes some
dmesg warnings that may or may not cause actual problems. Regardless,
blacklisting this should be harmless.
Change-Id: I00fb539b8acf4fbf1b9125786ea6dc4f649b08c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2364
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Your regularly scheduled channel update, but slightly more regular
than before.
Included fixes:
* 3p/emacs: Pick telega.el from stable channel, unstable is broken.
* glittershark/fprintd: Compile with gcc9, since build fails with the
new default of gcc10
* glittershark/fprintd: Use a global overlay for the fprintd package
until https://github.com/NixOS/nixpkgs/pull/108962 lands in
nixos-unstable
* glittershark/home: Don't install rr, as it's not building with gcc10
Co-Author: Griffin Smith <grfn@gws.fyi>
Change-Id: Ia715fef64a405a220049fc540017356fa7370e0b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2341
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Changes:
* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
ability to configure OpenLDAP directly and now forces users to use
some kind of weird Nix->OLC mapping that is mostly undocumented.
This moves the config we need to the new format in a way that may or
may not work and does the other arbitrary dance steps that someone
decided to impose on us. Note that this now throws lots of warnings,
but I can't be bothered to fix them.
* 3p: Random package removals accomodated
* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
is not yet updated for 5.10
* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
this changed because of something in the Go build machinery in
nixpkgs. The deleteVendor flag also has no effect anymore and has been
removed.
* users/glittershark: agda build is broken, commenting out development
home-manager environment until it can be fixed
* third_party/haskell_overlay: updating random needs upper boundarles
of a few dependencies relaxed (curse them)
* third_party/gerrit_plugins: for some cursed reason the fixed-output
hash of the gerrit owners plugin fetchgit changed, updated.
Same for the checks plugin.
Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
I'm building a database! I have to open all the files!
Change-Id: Ie77ad6fafe837c0ddba6b5d56cdc06d787807d4e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2257
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
These didn't appear to be the source of the flickering after all.
Change-Id: Id3cce3e7905d0af21dc6ec4dc3a11828451378fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2254
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Split the 6 channels of input I have from my audio interface into 2
separate channels for inputs 1 and 2, so that I can have only the one
microphone feed into video chat apps.
The way this is done right now is less than ideal as it doesn't support
any sort of hotplugging - at some point, I should figure out the
appropriate udev invocations to make that work.
Change-Id: I53dc363173fa8db591b0e9cb08258d90835c1109
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2249
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
An ec2 node I'm using as a remote dev box
Change-Id: I7d81371ecdc11d6c1b5bc06d1b4f55de534d25ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2244
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This is a whole pile of things suggested by the internet to fix the
weird text flickering issues I've been seeing. upon first look it seems
like one of the kernel params (or all of them, or some combination of
them) fixed the issue.
Change-Id: Idc98902b46d4cba3bab367f6e22fb9ad10b26a26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2216
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Running docker is silly if I can't access it
Change-Id: I476915dacd44fac1ce4c533a84849fa6175d8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2215
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
My new work laptop, a dell XPS 13.
Change-Id: Ieab06622c9b280182025edfa63adf649e5fc70d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2205
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
This was locked away in the urbint-specific module, but I use it
elsewhere.
Change-Id: Ifced2196dc22a9dbed74a18d4e1fed9488eb0e26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2152
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Mugwump is too unstable for such an important internet service
Change-Id: Ic714200ce5ce51f366777f538b4a6f443f010960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2124
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Included fixes for random breakage:
* 3p/awscli: pick from the stable channel; it is broken on unstable
* 3p/googletest: bumped version & removed patches that nixpkgs applies
* 3p/lisp/cffi: bumped library version for SBCL compat
* 3p/nix: fix libsystemd attribute
* 3p/nix: reformatted (clang-format handling of ternaries changed)
* glittershark/home: Use home-manager from nixkpgs
* glittershark/kernel: bumped linux-ck patch hash
* glittershark/kernel: removed "patch patch"
* multi/whitby: Use home-manager from nixpkgs
* tazjin/frog: drop Sourcetrail (it doesn't build currently)
Note that in addition to these changes, some previous CLs updated the
versions of git and cgit which was necessary for this channel bump,
but which could not be done in the same commit due to the nature of
the subtree merges.
Change-Id: If2563e8a68e2750c4b913a976ff7b93b42e8b7f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2110
Tested-by: BuildkiteCI
Reviewed-by: multi <depot@in-addr.xyz>
Reviewed-by: glittershark <grfn@gws.fyi>
Previously changed kernel versions would not cachebust the patch
download, because it would still be using the same SHA hash.
Forcing a different store path (by adding the version to the name)
also forces a redownload of the patch (and in turn cause the hash to
mismatch), avoiding this as a silent cause of failures in channel
updates.
Change-Id: I81a136ee2401126795cf042b0aadf2a1e7a707b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2114
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This machine is significantly faster. Also, drop nixbuild, since the
transfer speed is too slow to make it worth it.
Change-Id: Ic14ef96e03a81dc429e4b4fec961c891dbb4b2b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2066
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
There's just not enough juice in this machine to run more than one.
Change-Id: I6e6afc86337ca023e718023e4789fc29b6d8e175
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2059
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Don't enable whitby+nixbuild as remote builders on every machine (eg not
mugwump), only chupacabra
Change-Id: I8aa8f20d76da4ec0d8caa64ef04697b7e76cbc03
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2058
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Install some packages and enable the necessary services + udev stuff to
make yubikeys usable
Change-Id: I8aee8a8b06895880c8195f02fb57b1216a5fdffc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2049
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
In this case mostly so I can have it on mugwump
Change-Id: Ifa24caf607b30c1d034f4a9e7044ece88fcee38e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2048
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Since buildkite is running on there, it'll be nice to be able to
download things. Obviously if this laptop ever becomes a laptop again
this'll have to go away (or just become the external domain)
Change-Id: I5fc49c061dbf79f8d523244bcf822e8d96fa6d42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2047
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
I accidentally dropped this when reconfiguring things around to get
mugwump working, and when I rebuilt my x session turned off!
Change-Id: I252c90b6f4d796fef1f8183739fcc8dbfdd0fbf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2046
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.
Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.
Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi
with an Acme SSL cert.
Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Init the config for mugwump, a NUC that I bought from ncl and which I'm
going to use as a simple home server and ssh bastion box. Since this is
the first time I've set up a server using my nixos config, this also
moves a bunch of desktop (xserver, audio, etc.) related config out of
modules/common.nix and into a new modules/desktop.nix.
Coming soon: nixos-rebuild switch --target, but in the depot!
Change-Id: I67bd5ba6e3c26f80f77058af186fd41cc245d5d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2016
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add configuration for a live install iso based on the depot's nixpkgs
pin and with a couple of networking-based options tweaked a bit.
Change-Id: I208bd0f7815fe54fc805e8995a8288d7a0d36f84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2014
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Also move fcitx to system, since it's a nixos thing not a home-manager
thing.
Change-Id: I3e047494a478520e939d48fc72cc91a2d797bf74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1969
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
