Previously, the buildkite users were not able to traverse there.
Removing /nix/var/nix/gcroots/buildkite/canon might not be needed, and
is racy with other anchor step - the first one might still be building
`ci.gcroot` (and didn't create the new symlink), so the second one will
fail trying to remove the non-existing symlink.
Change-Id: I0449447f7193113d807d597750b26c7beb48a3a6
Reviewed-on: https://cl.snix.dev/c/snix/+/30257
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Add a bit more information, callouts to prevent people potentially
bricking their laptops.
Also change the performance section, we will
Change-Id: Id516c4bb0f0c2cbe99db86199b91c7d68becdd44
Reviewed-on: https://cl.snix.dev/c/snix/+/30254
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
These are migrated to https://git.snix.dev/snix/snix/issues.
Change-Id: I39c901e2cc719d5a1bf957da50b6b54ea5454481
Reviewed-on: https://cl.snix.dev/c/snix/+/30255
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Tested-by: besadii
This is pointing to the wrong URLs. This isn't set up yet.
Change-Id: Ie21146311c2adcf5d9c5a80132cf1f8333a6baa2
Reviewed-on: https://cl.snix.dev/c/snix/+/30250
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
This allows Keycloak to send emails.
Using naked TLS fails with:
```
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525;
Mar 23 00:10:50 public01 keycloak-start[875412]: nested exception is:
Mar 23 00:10:50 public01 keycloak-start[875412]: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245)
Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729)
Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:342)
Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:222)
Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:243)
Mar 23 00:10:50 public01 keycloak-start[875412]: at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161)
Mar 23 00:10:50 public01 keycloak-start[875412]: ... 17 more
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
```
With starttls, we can send emails, so use that.
Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183
Reviewed-on: https://cl.snix.dev/c/snix/+/30249
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Every buildkite user needs to be able to update these symlinks, and the
directory doesn't exist. It was probably created imperatively on whitby.
Use a tmpfiles rule creating a /nix/var/nix/gcroots/buildkite directory,
and add a `canon` symlink in there.
Change-Id: Ic4d67fbb69f77cebe891b0fff9b824713ebec87c
Reviewed-on: https://cl.snix.dev/c/snix/+/30247
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
We probably don't need to control Broadlink IR/RF controllers to develop
Snix.
Change-Id: I97a5c8b22830dcb8fe649727f16a461dd6ebb92c
Reviewed-on: https://cl.snix.dev/c/snix/+/30246
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Some of these don't even exist anymore (like nint or josh-filter).
People who want to use these can have them in their global user
environment.
Change-Id: I02119ad13beeac352a2184fda9c7a7146d89a8d5
Reviewed-on: https://cl.snix.dev/c/snix/+/30243
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
This doesn't really work in all cases anyways, and currently isn't used
to deploy - remove it.
Change-Id: I6684d9583cb036d851ab6cd9f4c811973a7882fc
Reviewed-on: https://cl.snix.dev/c/snix/+/30242
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
While we want it long term, disabing it for now as it causes runc
startup failure when it runs inside nested cgroup namespaces.
Change-Id: I121f1d79c6a02e68e7883e0edeba7f57627c20ed
Reviewed-on: https://cl.snix.dev/c/snix/+/30236
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
These directories don't exist anymore, so no need to have them in the
excludes.
Change-Id: Ie379b966a59295b833afaf31bf48213f50c756e0
Reviewed-on: https://cl.snix.dev/c/snix/+/30237
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
We have a `impl From<NixString> for BString` already.
Change-Id: I278b62ac06ffaf47b2b0ecf394f0bc67213b5c40
Reviewed-on: https://cl.snix.dev/c/snix/+/30226
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
There's been a lot of
```
nix-daemon[2039685]: unexpected Nix daemon error: error: writing to file: Broken pipe
```
log messages, and failed builds in CI.
These don't seem to occur with Lix.
Change-Id: Ida277064282905154ea9265f935a221bf8006c8d
Reviewed-on: https://cl.snix.dev/c/snix/+/30225
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This configures Forgejo to use the "Forgejo" Message Stream on our "Snix"
server in Postmark.
Change-Id: I298966a8b43b55b0f1992a8fedf0fffcd6dde472
Reviewed-on: https://cl.snix.dev/c/snix/+/30206
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
This configures Gerrit to use the "Gerrit" Message Stream on our "Snix"
server in Postmark.
Change-Id: I4d021919c666aabc94008f9f705163cb9639f1aa
Reviewed-on: https://cl.snix.dev/c/snix/+/30205
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Type checking of secrets was removed in cff6575948 to get rid of yants.
This adds back type checking using Korora.
Fixes https://git.snix.dev/snix/snix/issues/71
Change-Id: I27cd47b7e1810be5c4cd5d86366e860ca217f9c4
Reviewed-on: https://cl.snix.dev/c/snix/+/30118
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
This configures the DNS records necessary to send emails from Postmark.
Change-Id: I2e55151f40c4f5e54f6d7f06ae24f2e863b7c656
Reviewed-on: https://cl.snix.dev/c/snix/+/30204
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
They are linked to Snix repo because this is the only one we are using.
Fixes#81.
Change-Id: I3c47547128a7dc5e1fe67a8fbe87b17c7e94f153
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Reviewed-on: https://cl.snix.dev/c/snix/+/30144
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
They were not going to q/ but just the root of the website, this was not
working.
Change-Id: I1acda0bb630198a8eef5b6fe991a395f1be1f796
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Reviewed-on: https://cl.snix.dev/c/snix/+/30170
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Code Owners was disabled because it's very sensitive about the identity
of the committers and while pushing the original history, this was a
distraction.
Now that the history has been pushed and everyone is back to their
normal identity, it's fine to enable it again.
Fixes#83.
Change-Id: I4181d6af4eca489d4827b1c1ee606dfbb28a05c9
Reviewed-on: https://cl.snix.dev/c/snix/+/30173
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
We are not going to use Panettone neither r/ revisions.
Change-Id: Icc037fc02861cfbe53690ca6641eb7ea777f7b74
Reviewed-on: https://cl.snix.dev/c/snix/+/30172
Autosubmit: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
It looks like setting TMPDIR did not have the desired effect. I still
see a bunch of recent nix-build directories in /tmp.
Let's use the dedicated nix.conf setting, maybe it does do the job.
Change-Id: I17dc1e33bd0f20707adfbf9ad925251ac9aa77a5
Reviewed-on: https://cl.snix.dev/c/snix/+/30171
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
The BuildRequest trait currently still uses the proto Build struct
as a response type, and that one uses nodes with names, causing
.try_into_anonymous_node() to panic.
Use try_into_name_and_node(), and discard the name for now. We should
update the trait to use a stricter type for this.
Change-Id: Ib183a163e885443c58c42808e464d0611eaae324
Reviewed-on: https://cl.snix.dev/c/snix/+/30169
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Add other keys used in the snix-cache VM to //ops/users, and drop the
`all` alias.
Change-Id: I030d0d49e8a6d9e3d8f1e1c2fc19f17ecb7ecb93
Reviewed-on: https://cl.snix.dev/c/snix/+/30165
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>