This blocks a bunch of AI scrapers from Forgejo, which seems to be
particularly attractive.
Especially meta-externalagent has been scraping very excessively.
The list comes from https://github.com/ai-robots-txt/ai.robots.txt,
let's see how often this needs updating.
Change-Id: I55ae7c42c6a3eeff6f0457411a8b05d55cb24f65
Reviewed-on: https://cl.snix.dev/c/snix/+/30370
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
* Update Snix' verify-lang-tests to 2.28, as 2.25 has been removed
from nixpkgs
* Update snix/cli integration tests, iso_gnome is called iso_graphical
(again?)
* Address clippy lints
* Regenerate go bindings
* Remove grpc-health-check from our overlay, it's long been merged
Change-Id: I9d33cabdd3e7065a1f28bcccf4f979f08a456f88
Reviewed-on: https://cl.snix.dev/c/snix/+/30333
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Type checking of secrets was removed in cff6575948 to get rid of yants.
This adds back type checking using Korora.
Fixes https://git.snix.dev/snix/snix/issues/71
Change-Id: I27cd47b7e1810be5c4cd5d86366e860ca217f9c4
Reviewed-on: https://cl.snix.dev/c/snix/+/30118
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
This allows us to remove npmlock2nix as a dependency.
Change-Id: Ic08a2ba082618292c6ea34141bcaeb3b04a306a9
Reviewed-on: https://cl.snix.dev/c/snix/+/30117
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
* Bump Emacs 29 to 30 to address CVEs in prior versions:
https://github.com/NixOS/nixpkgs/pull/386174
* //3p/overlays/tvl:
- Drop upstreamed fix for buildkite-agent
- Drop tpm2-pkcs11 patch for an issue that has been
addressed in 1.9.1.
- Drop Nix 2.3 patch for home-manager. An alternative
to it has been upstreamed in
<https://github.com/nix-community/home-manager/pull/5067>.
* //users/flokli/presentations: disable derivations that have
been failing since the latest chromium upgrade (presumably).
reveal-md … --print fails to export a PDF. Enabling debug
output reveals that a timeout in pupeteer is hit.
Change-Id: Id83eb5e5fe2db77e648817c5c737b2f95b43deeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13217
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
* //tvix/*-go: regenerate protobuf files
* //tvix/boot:
- Explicitly set compression method of mkBinaryCache which has
made this configurable and (at the same time) changed the default.
- Adjust to change of extension of the nar files from .nar.xz to
plain .xz.
Change-Id: Ie79ea8e0ac8fe04ae01f5558bffca93e9314f56d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13174
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Included changes:
* targeted primary NixOS channel back at `nixos-unstable`
* //3p/chicago95: disable new broken symlink check
* //tvix: omit unnecessary lifetime clippy recommends
* //users/sterni/blipqn: wait a bit for data to arrive in test so it
succeeds under load.
* //fun/paroxysm: force pkg-config flag of pq-sys by adding a bogus
dependency on it. Otherwise, pq-sys will try to use pg_config
which does not work correctly in pkgs.libpq at the moment.
* //users/flokli/keyboards/dilemma: disable temporarily
Change-Id: I6d53bd7bca6886f3457e1f41505e97314f4cd191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13119
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Included changes/fixes:
* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
This also included a state migration in the bucket, which I've already
performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/
Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
This (temporarily) bumps the nixpkgs channel to nixos-unstable-small, because it
has an update I really want, and also to stress-test the new builders.
Included fixes:
* disabled tests in niri to avoid a flaky test; this is fixed upstream already,
but the change is still percolating through
* regenerated Go protobufs
Change-Id: Ia09fdc38f620fe8301c2111b0e4c142f37df2dd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12991
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Not all dependencies in //third_party/sources are equally important for
evaluation, some are never used (e.g. rustsec-advisory-db is re-fetched
using fetchFromGitHub). It seems to be a good idea to make it
configurable what to gcroot and thus unconditionally download as soon
as .envrc is loaded for the first time.
This frees //third_party/sources to be used more extensively, e.g. for
managing third_party dependencies that aren't used at eval time.
This commit is very conservative and only gcroots:
- nixpkgs, nixpgs-stable (obviously)
- rust-overlay (applied to our nixpkgs instance unconditionally)
- home-manager (used in //third_party/overlays/tvl)
I'm open to re-enabling gcrooting of the following other sources which
are only necessary to evaluate some targets:
- agenix (obvious candidate, widely used in depot)
- naersk (used for many targets)
- napalm (used in //users/Profpatsch and //users/sterni)
- impermanence (only used in //users/tazjin)
Change-Id: I39eef14d08bec6857499655e30ecf47d5fdd1260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12965
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Last one of the year! С наступающим)
Fixes:
* users/wpcarro: remove use-package from emacs packages (it has been built-in
for a while now)
* users/sterni: the same thing
* users/aspen: remove `coz`, forwardport `gdmap` from stable
* users/flokli: dropped corneish_zen firmware from CI
This firmware depends on a non-reproducible FOD which, when updated, causes
build failures. We have worked around this repeatedly, but it needs to be
fixed properly.
* tvix: regenerate Go protobufs
* tvix: address new clippy lints
* tvix/{castore,store,build}-go: update grpc/protobuf libraries
* tvix/eval: formatting fixes
* 3p/overlays/tvl: work around GCC 14 -Werrors
Change-Id: Ice5948ca7780192fb7d2abc6a48971fb875f03c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12933
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
* //users/flokli/keyboards/chocofi:
The hash got invalidated somehow which I've updated (to what
https://buildkite.com/tvl/depot/builds/37991#0193f512-78ba-491f-af60-a23e987def95
showed). This seems to have triggered an update of ZMK and some
options have gotten renamed.
Change-Id: I5a62cd4636c23bfdeae671da7b8acb0f02cc2263
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12905
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
* //tools/nixery/popcount:
replace removed buildGoPackage with buildGoModule.
* //users/aspen/system/system/modules:
pkgs.nerdfonts has been removed. Instead we have a
pkgs.nerd-fonts attribute set that contains all fonts
as individual derivations.
* //users/tazjin/presentations:
The ms package was removed from texlive for some reason
in the latest release. Replace it with the packages it
bundles (according to CTAN).
* //tvix/verify-lang-tests:
Test on latest Nix release 2.25.2.
* //tvix/*-go:
regenerate code from protobufs.
Change-Id: I19fcb3a0267f929f6e7388aa69ad99ac53b62236
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12859
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
* //3p/overlays/tvl: build nixos-option with latest Nix version (2.24)
as is required now. It would be nice to avoid this somehow to prevent
NixOS machines in depot having to carry around two versions of Nix.
Maybe we can at least use a statically linked nixos-option?
* //3p/{gerrit,gerrit_plugins}: update deps hash
* //tvix/eval: adjust our nixVersion “user agent” so that it'll pass the
new 2.3.17 minimum version nixpkgs prescribes (to check for zstd
support when substituting from the binary cache).
Change-Id: I4eb715afdc3dbb857340839f08ce86612aa7f117
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12805
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
* update wasm-bindgen in all wasm projects
* //users/wpcarro/website: declare missing dependency on
string-conversions. Presumably this was propagated
before from some other dependency which got updated now.
Change-Id: Ib93de576408974441d532196601e6e53d22cdafe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12770
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
* users/aspen: disable readyset overlay
sysbench + postgresql is broken, which breaks the overlay, but I suspect the
overlay is no longer needed
Change-Id: I1845370c88f5fab35fd700535e6fb0972a4ca556
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12494
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: aspen <root@gws.fyi>
It's easier to implement readTree/depot polyfills for gitignoreSource
when it's imported from third_party.sources, rather than in a file at
//third_party.gitignoreSource.
Change-Id: I1323f932bd0feeb2c50ccc76397a80e035842992
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12248
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
See https://github.com/NixOS/nixpkgs/pull/323753 for details.
Changes:
* git: temporarily comment out dottime patch (it doesn't apply, but it's not critical)
* third-party/cgit: use an older git version where dottime patch still applies
* 3p/crate2nix: remove crate2nix patches included in latest release
* tvix: remove unneeded defaultCrateOverrides (upstreamed to nixpkgs)
* tvix: regenerate Cargo.nix
* tvix/nix-compat: remove unnused AtermWriteable::aterm_bytes pub(crate) function
* tvix/nix-compat: remove redundant trait bounds
* tvix/glue: use clone_into() to set drv.{builder,system}
* tools/crate2nix: apply workaround for https://github.com/numtide/treefmt/issues/327
* toold/depotfmt: expose treefmt config as passthru
* tools/crate2nix: undo some more hacks in the crate2nix-check drv
Change-Id: Ifbcedeb3e8f81b2f6ec1dbf10189bfa6dfd9c75c
Co-Authored-By: Florian Klink <flokli@flokli.de>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11907
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
* agenix has not been updated (https://github.com/ryantm/agenix/pull/241).
* wasm-bindgen bumped to 0.2.92 in Rust WASM projects
* 3p/lisp: port lispPackages from stable channel
The Lisp package set we are using (`pkgs.lispPackages`) is the "old
old" package set, whereas we were supposed to have been using
`pkgs.lispPackages_new` (which is the "old new" package set).
Either way we missed that train, and now there's a "new new" package
set, but with a twist: Lisp packages in nixpkgs are now tied to
their compilers, so the most generic way to access them seems to be
from `pkgs.sbclPackages`.
Switching to the packages from the "new new" package set doesn't
work: Lots of stuff stops building if we just switch the sources
over, and not everything is trivially fixable.
For now we stay on the lispPackages from the stable channel. We need
to look into the migration later.
Or rewrite panettone.
* tvix: update generated protobuf files
* 3p/nixpkgs: pick trunk from stable channel; newer versions try to
read files and do network I/O during build, but don't print enough
details in error messages to figure out why.
* 3p/overlays: remove tdlib override (nixpkgs is currently new enough)
* 3p/overlays: override telega.el sources while updates are lagging in
nixpkgs
* users/flokli/ipu6-softisp: update firmware paths, which NixOS now
stores zstd-compressed.
Change-Id: I5a7a6c8b5d0688461bca92b9e6d654356d3a1cf1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11711
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Update all 3p/sources as we do normally except
- agenix which is still pinned to 0.15.0
- nixpkgs (unstable) which we bump to the HEAD of the staging-next
branch. This branch includes the downgrade of xz from 5.6.1 to
5.4.6 (d6dc19adbd). It
also includes the second haskell-updates rotation with GHC 9.6.4
which contains a few build fixes that seem to be required to get
our Haskell targets to work.
Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
Changes required by the updates:
- //3p/overlays/haskell:
- Update ihp-hsx to latest master to fix build with Stackage LTS 22.
- Update tmp-postgres to latest master to work around failure with
ansi-wl-pprint >= 1.
- Patch punycode for mtl >= 2.3.
- //users/Profpatsch:
- Clean up some warnings, mostly about unused dependencies
- my-prelude: Fix build with ghc-boot-9.6.4
- cas-serve: Use crypton over unmaintained cryptonite
- ical-smolify: skip in ci, iCalendar would require heavy patching to
work with Stackage LTS 22.
- //users/{wpcarro,aspen,flokli}:
Disable home-manager / nixos configuration builds that seem to have
transient failures that should disappear as we move away from
staging-next and closer to an actual channel release.
Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
In hope that iwlwifi works again on this commit, and I don't actually
have to debug it.
Includes following changes:
* users/aspen: home-manager is shuffling around pinentry options again
* users/flokli: rebase ipu6-softisp patches to Linux 6.8
make cl/11097 a separate patch
* ops/modules: remove unused (and now broken) v4l2loopback module
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I763f1f075778f2ed8db7803f87248c9dabde4213
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11174
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
- agenix has not been updated (waiting for
https://github.com/ryantm/agenix/pull/241).
- libgit2_1_5 can be removed (no longer used by cargo-audit).
Change-Id: I96c6a1a4175dc4f2a32b9b2e4ed71caa826a9c42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11077
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
* SBCL issue resolved in 2.4.1 which is included in channel.
* Need to disable the tests of libgit2 1.5 (needed by cargo-audit).
Before this bump they weren't executed either.
* Adjust to rename of overrideScope' -> overrideScope (lib.makeScope).
* tdlib: 1.8.23 -> 1.8.24
Change-Id: I2e1e23c8f20c26c4f9daa01c4d278b4f0e80da92
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10810
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
* update for agenix has been dropped, for the same reason
as with cl/10458
* dropped stable override for avrdude
* dropped stable override for awscli2
* picked SBCL from stable channel due to weird build errors that only
seem to happen on AMD CPUs (like on whitby)
Change-Id: I54557ef09d14ccf243c286101e75e948e65e0217
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10712
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
- Adjust to ecl 23.9.9 release
- Regenerate go protos after protoc-gen-go update
- Drop dhall fork which hasn't kept up with 1.42.*
- Address new clippy warnings:
- Variant naming of Error::ValidationError
- Simplify .try_into().unwrap()
- Drop unnecessary identity function
- Test module must be last in file
- Drop unused `pub use`
- Update agenix to 0.15.0. Current master has a installCheckPhase that
doesn't work with C++ Nix 2.3.*:
a23aa271be (commitcomment-137185861)
Change-Id: Ic29eef20d6fd1362ce1031364a5ca6b4edf195bd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10615
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
* all: update wasm-bindgen to 0.2.89 in WASM projects
* users/grfn: explicitly set pinentry for gpg-agent
* 3p/crate2nix: drop patches that were merged upstream
* 3p/rust-crates: fix one more package name that was broken by crates.io
* 3p/overlays: bump telega backend to new required version
The update for agenix has been dropped. It caused strange build errors
with messages like these:
patching script interpreter paths in /nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0
/nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0/bin/agenix: interpreter directive changed from "#!/usr/bin/env bash" to "/nix/store/q8qq40xg2grfh9ry1d9x4g7lq4ra7n81-bash-5.2-p21/bin/bash"
stripping (with command strip and flags -S -p) in /nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0/bin
Running phase: installCheckPhase
no Makefile or custom installCheckPhase, doing nothing
agenix version: 0.15.0
error: creating directory '/nix/var': Permission denied
There is no rule for secret1.age in ./secrets.nix.
/nix/store/d4jf1cbbk494zwgbqz31pxgigpsbh6w2-stdenv-linux/setup: line 138: test: =: unary operator expected
/nix/store/d4jf1cbbk494zwgbqz31pxgigpsbh6w2-stdenv-linux/setup: line 131: pop_var_context: head of shell_variables not a function context
builder for '/nix/store/0ivvf44hxy0zv4gg8nvchdkp895xw5ri-agenix-0.15.0.drv' failed with exit code 2
I can't be bothered to deal with that right now.
Change-Id: Ia052af0d97dbe9ef0c0d4f3e2214ac00ca8645a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10458
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
* picked avrdude from stable channel
* removed override for texlive, as the upstream fix is merged
* picked awscli2 from stable channel
* bump tdlib to 1.8.21 (new minimum for telega.el)
* tvix/turbofetch: switch to nixpkgs-native mechanism for
CARGO_MANIFEST_LINKS (whatever that is)
Change-Id: Ic695721b5ca750b89d21cab7a257e1db682b23c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10083
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
