Apparently I set this up manually before, and failed to commit it ...
Change-Id: I550a2cd9e1fcc8b508bafc2fd06ddab2a915b597
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13060
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
I've checked the new links manually.
- //web/tvl: changed the target path of links to the tvix docs since
they were moved in r/2378.
- //users/aspen/resume: Tvix is no longer //third_party/nix.
Change-Id: I419bae1a46bdccc7baa7327215aa2368ffc0f01c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13043
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: fogti <fogti+devel@ytrizja.de>
Reviewed-by: tazjin <tazjin@tvl.su>
This is no longer needed; Nixery is now served by bugry.
Change-Id: Idd072505c4da1e6af636224e092b6fb21eff9250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13001
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
We switched to stable temporarily in 2023 (!) because of some breakage that has
long been fixed.
In general, running nixery against stable is probably advisable, but because of
our Lisp package situation updating stable is not possible at the moment.
Change-Id: I122ac63d6307cab76a3069101682fc5f8f985914
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12999
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.
Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
I thought this was enabled and got confused when deploying ... cache should
always be enabled on machines that don't build themselves.
Change-Id: Ie52b27c44db4c26387b05553dbe36f7693628e89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12993
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an experimental setup for a builderball-based public cache.
This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.
The idea is this:
All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).
When a request comes in, the first matching cache address is returned and Nix
will substitute from there.
Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Otherwise pushes to Github from CI will fail.
Change-Id: Ib3eb3165577cb98c5a7d5f2055b09dbf118da6c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12994
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Adman (the hoster) have not provided an ETA for native v6 on bugry yet, so we
establish a public v6 connection through nevsky for now.
In traffic flows going West->East the overhead is minimal (a few ms), though I
guess it might be worse if you're in the middle (Yekaterinburg or something).
The prefix was chosen by the bugry public v4 address encoded in hex, and
appended to the nevsky prefix.
Change-Id: I133622c17bd02eade0a6febc6bdf97f403fed14c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12974
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
I omitted the `acls` section when adding the tag configuration. In "normal"
tailscale, emitting this is equivalent to putting the defaults there (i.e. all
traffic inside the tailnet is allowed), however in headscale it defaults to
blocking everything instead.
This meant that internal tailnet traffic wasn't really working correctly anymore.
Change-Id: Ic37504e9a8a97b9f8eb3ac173c88201aef1c044a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12972
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
This is just a carbon-copy of other machine configurations for now. The plan is
to switch this over to sixos, but I have to get a sane NixOS setup first because
this still requires a lot of experimentation (and stuff to be built *on* this
machine, since it's the fastest one we have).
Change-Id: I2e55e63ed5192eb748855999bb87d43498e706fc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12971
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Another new dedicated server, which we can use for various ... dedicated server
things. Located in Novosibirsk.
The name of the old village that used to be where the city now is, Бугры, was
too good to pass up when spelled in English as a hostname. Obvious choice!
Change-Id: I9de7bc078199e9d87284139556024dc3738d3b24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12967
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is a candidate for the new builder, featuring a beefy new AMD CPU with 32
threads and more than double the per-core performance of whitby, as well as
brand-new DDR5 RAM and NVMe disks.
The machine is hosted with Timeweb, in St. Petersburg.
We'll see how this performs.
Change-Id: I5ccbf42cd5274d3a4703afd6942fb42a915bed7a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12966
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Adds a Nix cache proxy which can be used to send a Nix cache lookup to the first
available cache that has the given NAR. We will use this for dynamically created
builders.
Relates to b/432.
Change-Id: If970d2393e43ba032b5b7d653f2b92f6ac0eab63
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12949
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Configures an ACL for a tailscale tag that can be added by the `tvl` and
`tvl-builders` users.
This tag will be used by dynamic builders to bootstrap and advertise to other
builders that they might be valid substitution targets.
Relates to b/432.
Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
I've decided to use the commit view instead of the log view (which cgit
uses) for now. It really depends on how you use it in commit messages:
To refer to a depot state or to a specific change (independently of what
CL gerrit assigned). I'm happy to change it to use the log view.
Change-Id: I472b511fa1322f91304f6543473b51f9c5f21ca2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12837
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I've discovered that it is possible for irccat to fail enough times to
run into the restart limit before network is online after booting.
Change-Id: Ia54a46d56bdc765a825fee50e7bdc8206718edc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12790
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
The copy&paste from the documentation didn't work ...
Change-Id: Ic894356354d6ac2b66562da5aa89590cd94ae347
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12705
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
It seems we need more memory these days, and llama frequently ran OOM.
Decrease the number of concurrent evaluations.
Change-Id: I2648ebdedf09b80c9a231c4614004f953a646bc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12662
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Harmonia is, ostensibly, faster and better and, most importantly, not a giant
pile of wonky Perl.
I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think
we should be good to go here.
We have a vendored copy of the upstream module for now. We need to fix Nix 2.3
compatibility in upstream for the module, but the service itself works fine.
Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
This was in //ops for legacy reasons, but this is really not necessary.
Change-Id: I758b257838993ef0f7d55809c137118826e2ba85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12483
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Required to bump past the broken time crate.
Change-Id: Ied9e3367f5fc69db0671732a75f2e410f4f234f6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12407
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Without this, terraform wants to recreate the resource, just because we
do /not/ want to delete the default mappers:
```
# keycloak_ldap_user_federation.tvl_ldap must be replaced
-/+ resource "keycloak_ldap_user_federation" "tvl_ldap" {
+ delete_default_mappers = false # forces replacement
~ id = "4e68e9f0-7aba-4465-8357-f2af6a55fd0e" -> (known after apply)
name = "tvl-ldap"
~ use_truststore_spi = "ALWAYS" -> "ONLY_FOR_LDAPS"
# (27 unchanged attributes hidden)
}
```
Keycloak lists the a few mappers. which are likely the default ones,
but in any case, we don't want to recreate this resource.
Change-Id: I170a91a44b2efa426fae268cf7fc97a7f28a5760
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12412
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
The docs mention this applies to "users of the legacy distribution of keycloak".
However, we get a "failed to perform initial login to Keycloak: error
sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found"
if we don't set this.
With this, the provider is able to talk to the API, as long as the
secrets are sourced.
Change-Id: I0b9cdd45b1628aa0870a1673491c12c07bf7f8d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12411
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
The same fix from cl/11021 also needs to be applied to other states.
Change-Id: I205b03aab49130639c79702f4bf16f0bf28d89ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12410
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
The same fix from cl/11021 also needs to be applied to other states.
Change-Id: I0df3ee2e8970e0d08a119ecc6347f24aef0448c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12409
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
