This includes a bump for mullvad to 2022-5, which is crucial for me.
Note that the Emacs packages bump has been manually excluded.
Fixes:
* //users/grfn/system: removed `ec2.hvm` option from roswell, this
option is no longer necessary and fails eval with an error now
Change-Id: I23f4998591397a820b5912f24ed9526d9bb1532d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7400
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reference the non-deprecated version of the grafana http port option in
the proxyPass for the nginx config of mugwump.
Change-Id: Ic7f370c7f7a451fe95a046d491d7b1cdf5f728cd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7200
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Lots of deprecations were made in the new nixos version for the grafana
config - this updates all of those settings in mugwump's system config
Change-Id: I69cdc9d2d59702c38d6334a4d27a04bef4e8c132
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7190
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
I've found that this is the best way to convince nix to actually prefer
cache.nixos.org - it tries to use whitby as a builder, then if the store
path is already built it just downloads it.
Change-Id: I4c78079bfb0013155feb2d39f60d99779123109e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5972
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
I don't really need this, and it's breaking for reasons I don't
understand
Change-Id: I55e31fe4a97b4b8d9e254695d62639024b6ebbf2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5939
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.
Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
The new version brings the new secretsDir setting which means we no
longer have to hardcode /run/agenix everywhere.
Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
This tends to step on my toes way more often than I actually want it to
work
Change-Id: Ifd5e38ca307d7882392b2399194aca1231b68db6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5440
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Let's see if this'll prevent my system from locking up when I try to do
too much compilation at once
Change-Id: Ie1ecb973801a6ea51f57ed5f25a1964647f54e77
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5156
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Basically any system I have is going to want to be able to flash an
ergodox, so it makes sense to have these always present
Change-Id: I88f556d4484e282e712062a488321bf80baa87ac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5028
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use agenix for the buildkite ssh key and agent token on mugwump, instead
of storing stuff in /etc/secrets
Change-Id: I56951587b949fc0854e56f5c4e33b601e9cd964e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5027
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Can no longer be null and has been renamed to security.acme.defaults.email:
377c6bcefc
Change-Id: Icac9506185da176365369ed3c7db3c71ffc90b1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4784
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
I have a (unconfirmed) suspicion that this is paying more in CPU time
than it's saving in disk space - regardless, I have a bounty of the
latter and a deficit of the former.
Change-Id: I3375b8d904e0878fd47c1845e3c3b9b6c6359189
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4700
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Start setting up agenix with secrets in //users/grfn/secrets for
mugwump, starting with my cloudflare API key which I use for the ddns
from my home apartment
Change-Id: Ida66cb91da3415357a512039d6c23402f0ae9388
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4683
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add a nixos module for running the xanthous server in a docker
container, and install it on mugwump including a prometheus scrape
config.
Change-Id: Ifeb315845b7eef2ee33af98fa3f71acdd3d9fe6b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3812
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This is really just not worth the performance hit
Change-Id: I6f603aa154c562da2803bd8f73b1135faad243be
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3642
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
I no longer use this, I just use the rebuild-system that all nixos
systems get now.
Change-Id: I2272ff13b21b3194c06b51dbc340c19b8bb336a9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3430
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Wanted to port my emacs config to depot, but missing a dependency from
the channel. Adjustments:
* Downgrade grfn's Kernel to 5.10: The ck1 patch is not yet available
for 5.13 unfortunately and the 5.12 set has been removed upstream.
Change-Id: Ifaf315427bda2af590549ca0abec02a79f19a3ec
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3375
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
I used //tools/depot-nixpkgs-update for this - thanks again, sterni!
Included fixes:
* temporary workaround for building notmuch python package, fixed in
upstream already (but channel hasn't advanced there)
* Disable fprintd in grfn.system.yeren, as the fprintd-tod package
currently has a version mismatch in nixpkgs
Co-authored-by: Griffin Smith <grfn@gws.fyi>
Change-Id: If6d71b08ace9db57daadfe3b69b9cd4aec6a5a4e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3274
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Break out the configuration for the prometheus fail2ban exporter, which
is a simple python script that exports stats from fail2ban as a
prometheus-scrapable textfile, from Mugwump into a reusable nixos module
in //ops/nixos/modules.
Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Includes the following depot changes & fixes:
* stable moves to NixOS 21.05
* stable isn't used anymore (but we'll keep the mechanism)
* haskell overlay's `random` override is removed (YAY!)
* grfn/iso: Switch to regular kernel rather than
latest kernel, as latest kernel is currently marked as broken due to zfs
* grfn/home: Use julia_16-bin temporarily
julia 1.5 (current julia-stable, source built release in nixpkgs)
doesn't pass its own test suite. Julia 1.6 doesn't have a source built
package in nixpkgs yet, so julia_16-bin appears to be the only working
julia derivation currently.
* tazjin/tverskoy: Use zfs unstable, as stable zfs doesn't work with the
latest kernel
Co-Authored-By: Griffin Smith <grfn@gws.fyi>
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: I6f2e3d9f75077e4755de6bde9104d44b584cbe4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3174
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
This reverts commit e1c45be3f5. I'm back
in NY now T.T
Change-Id: Iaae2bf778195b9a99ac1a46068703a58e6b69053
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3166
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
This service performes automatic power tuning and has effectively
replaced powertop's tuning functionality in modern systems.
Change-Id: I63c6999beed64d96c77b8b9287ed0d5fa6ddd9fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3121
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This might help with the issue of devices being stuck in a slow
power-saving mode after hibernation. Dell enables this on laptops
shipping with Linux by default according to some forum posts.
Change-Id: I3d7fdb5c2ed5e24289a6c20f21d027e11b7826e5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3120
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
