This deploys irccat, connected to the #snix channel.
We drop the custom irccat third_party, it's 2 years older than the
latest version in nixpkgs.
The irccat.nix module file contains some of the code present in the TVL
version, it however moves the secrets merging to ExecStartPre=,
given https://github.com/systemd/systemd/issues/19604#issuecomment-989279884
has been fixed for almost a year.
Contrary to the setup there, we don't let irccat connect to ZNC, but
hackint directly (so make use of the secrets logic).
We also drop the network-online.target, and make this overall more
tolerant by using Restart=on-failure.
Change-Id: Ieac3b744b7ea58b8dddf1cdc37a8bc057b205b1b
Reviewed-on: https://cl.snix.dev/c/snix/+/30504
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
Tested-by: besadii
This blocks a bunch of AI scrapers from Forgejo, which seems to be
particularly attractive.
Especially meta-externalagent has been scraping very excessively.
The list comes from https://github.com/ai-robots-txt/ai.robots.txt,
let's see how often this needs updating.
Change-Id: I55ae7c42c6a3eeff6f0457411a8b05d55cb24f65
Reviewed-on: https://cl.snix.dev/c/snix/+/30370
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
Without this, the website just shows a white page with a "This line is
from …" message. Downgrading hugo to 0.145.0 fixes it.
Change-Id: I5a4e2b5d00d3772580daf8d863375471979a5825
Reviewed-on: https://cl.snix.dev/c/snix/+/30368
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Bence Nemes <nemes.bence1@gmail.com>
Tested-by: besadii
* Update Snix' verify-lang-tests to 2.28, as 2.25 has been removed
from nixpkgs
* Update snix/cli integration tests, iso_gnome is called iso_graphical
(again?)
* Address clippy lints
* Regenerate go bindings
* Remove grpc-health-check from our overlay, it's long been merged
Change-Id: I9d33cabdd3e7065a1f28bcccf4f979f08a456f88
Reviewed-on: https://cl.snix.dev/c/snix/+/30333
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
We probably don't need to control Broadlink IR/RF controllers to develop
Snix.
Change-Id: I97a5c8b22830dcb8fe649727f16a461dd6ebb92c
Reviewed-on: https://cl.snix.dev/c/snix/+/30246
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Type checking of secrets was removed in cff6575948 to get rid of yants.
This adds back type checking using Korora.
Fixes https://git.snix.dev/snix/snix/issues/71
Change-Id: I27cd47b7e1810be5c4cd5d86366e860ca217f9c4
Reviewed-on: https://cl.snix.dev/c/snix/+/30118
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
This allows us to remove npmlock2nix as a dependency.
Change-Id: Ic08a2ba082618292c6ea34141bcaeb3b04a306a9
Reviewed-on: https://cl.snix.dev/c/snix/+/30117
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
A similar fix was indeed merged upstream a year ago, but later partially reverted.
Change-Id: I9c0ed259507511ca4e3180f752ba527ea9bca4f8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13241
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
* Bump Emacs 29 to 30 to address CVEs in prior versions:
https://github.com/NixOS/nixpkgs/pull/386174
* //3p/overlays/tvl:
- Drop upstreamed fix for buildkite-agent
- Drop tpm2-pkcs11 patch for an issue that has been
addressed in 1.9.1.
- Drop Nix 2.3 patch for home-manager. An alternative
to it has been upstreamed in
<https://github.com/nix-community/home-manager/pull/5067>.
* //users/flokli/presentations: disable derivations that have
been failing since the latest chromium upgrade (presumably).
reveal-md … --print fails to export a PDF. Enabling debug
output reveals that a timeout in pupeteer is hit.
Change-Id: Id83eb5e5fe2db77e648817c5c737b2f95b43deeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13217
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Upstream has removed its fancy support for units and calculations. It
appears panettone does not rely on this at all.
Change-Id: I9ee3637ba44d1d3c225e6bbfc02b820f3a7d028c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13230
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Extracts the required version out of the telega.el Dockerfile (this seems to be
the authoritative source), and matches that against what nixpkgs has.
In a future commit I'll improve this to reduce the likelihood of blocking a
channel bump (by also pinning tdlib, and issuing warnings when nixpkgs has a
newer telega/tdlib).
Change-Id: I1129c1f6b38aa58eb8661f2ad9bc6fa19382d81c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13220
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Buildkite introduced a weird check that determines whether the bootstrap agent
path (?) matches the binary that the agent was started from:
https://github.com/buildkite/agent/pull/3123
They did this to work around some internal development flow problems. However,
this check is toggled by whether or not the `buildNumber` compile-time variable
is set to the special `x` sentinel value.
In their publicly released binaries (which we do not use, of course), this is
set to some other value. In Nix builds they are at the default sentinel value,
causing crashes at startup because of the wrapper script not matching the binary
path:
```
buildkite-agent: fatal: check binary paths: mismatched buildkite-agent paths: host="/nix/store/rmp9g00bppi8yimr0ngnx6490w196in8-buildkite-agent-3.89.0/bin/.buildkite-agent-wrapped" bootstrap="/nix/store/rmp9g00bppi8yimr0ngnx6490w196in8-buildkite-agent-3.89.0/bin/buildkite-agent"
```
To work around this we just set the build "number" to `nix`.
Change-Id: I794861aeaf63764689148cae841ce56f88752186
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13205
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Our maintenance branch includes additional concurrency fixes which are not in
the upstream 2.3 branch.
These issues are fixed in C++ Nix HEAD, but in a more invasive way (by removing
the second set of locks completely).
This also retains additional debug information in the built binaries to make
future issues easier to debug.
Change-Id: I4e7a8baabd059c96404822d9634df52c403a869f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13135
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
* //tvix/*-go: regenerate protobuf files
* //tvix/boot:
- Explicitly set compression method of mkBinaryCache which has
made this configurable and (at the same time) changed the default.
- Adjust to change of extension of the nar files from .nar.xz to
plain .xz.
Change-Id: Ie79ea8e0ac8fe04ae01f5558bffca93e9314f56d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13174
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Build //3p/lisp from pkgs proper, i.e. nixpkgs' nixos-unstable channel
instead of nixos-23.11 (yikes).
Basically, multiple package sets are attached to the different lisp
implementations now instead of having a “generic” lispPackages
set (which defaults to sbcl). We can just use that instead even though
it looks a bit weird having `srcOnly sbcl.pkgs.foo` everywhere when the
packages is not necessarily related to SBCL.
We could in theory create a source only package set by abusing how the
infrastructure works internally, but it's probably somewhat brittle:
callPackage (pkgs.path + "/pkgs/development/lisp-modules/imported.nix") {
build-asdf-system = { src, ... }: src;
}
Since we do a pretty hefty jump in package versions, many packages have
to be adapted to internal changes and restructuring:
- bordeaux-threads
- cffi
- cl-colors2 (which has been deprecated, but is still required by other
packages)
- cl-smtp
- cl-plus-ssl
- cl-prevalence
- hunchentoot (compiling the asd file no longer seemed to work)
- ironclad (fixes for SBCL compiler warnings caused a CCL compiler
warning)
- nibbles (revert the only commit to sbcl-opt/x86-vm.lisp that's new
compared to canon since it broke compilation for unknown reasons)
The following new packages had to be added as existing packages added
new dependencies:
- frugal-uuid, frugal-uuid/non-frugal
- trivial-clock
Change-Id: I8b94894df0357907cf2b27cf1e34a7e804b68e02
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13134
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Included changes:
* targeted primary NixOS channel back at `nixos-unstable`
* //3p/chicago95: disable new broken symlink check
* //tvix: omit unnecessary lifetime clippy recommends
* //users/sterni/blipqn: wait a bit for data to arrive in test so it
succeeds under load.
* //fun/paroxysm: force pkg-config flag of pq-sys by adding a bogus
dependency on it. Otherwise, pq-sys will try to use pg_config
which does not work correctly in pkgs.libpq at the moment.
* //users/flokli/keyboards/dilemma: disable temporarily
Change-Id: I6d53bd7bca6886f3457e1f41505e97314f4cd191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13119
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Included changes/fixes:
* bumped all `wasm-bindgen` usages again
* regenerated protobuf files
* keycloak terraform provider has been migrated to new name
This also included a state migration in the bucket, which I've already
performed.
* tvix/boot: disable tests that are broken in CI
* users/aspen/yeren: avoid upgrading kernel to 6.12
digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/
Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
These have been deprecated for a while.
Change-Id: Iafeac725c84d6c5cae42dd7acdf01239bbcfdd96
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13114
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
This (temporarily) bumps the nixpkgs channel to nixos-unstable-small, because it
has an update I really want, and also to stress-test the new builders.
Included fixes:
* disabled tests in niri to avoid a flaky test; this is fixed upstream already,
but the change is still percolating through
* regenerated Go protobufs
Change-Id: Ia09fdc38f620fe8301c2111b0e4c142f37df2dd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12991
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Not all dependencies in //third_party/sources are equally important for
evaluation, some are never used (e.g. rustsec-advisory-db is re-fetched
using fetchFromGitHub). It seems to be a good idea to make it
configurable what to gcroot and thus unconditionally download as soon
as .envrc is loaded for the first time.
This frees //third_party/sources to be used more extensively, e.g. for
managing third_party dependencies that aren't used at eval time.
This commit is very conservative and only gcroots:
- nixpkgs, nixpgs-stable (obviously)
- rust-overlay (applied to our nixpkgs instance unconditionally)
- home-manager (used in //third_party/overlays/tvl)
I'm open to re-enabling gcrooting of the following other sources which
are only necessary to evaluate some targets:
- agenix (obvious candidate, widely used in depot)
- naersk (used for many targets)
- napalm (used in //users/Profpatsch and //users/sterni)
- impermanence (only used in //users/tazjin)
Change-Id: I39eef14d08bec6857499655e30ecf47d5fdd1260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12965
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
The Nix code used to access niv's pins has changed and now deals with plain git
dependencies slightly differently.
This change should be no-op functionally.
Change-Id: I6834594d10078b03f23252901143c941ff523cdf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12946
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Last one of the year! С наступающим)
Fixes:
* users/wpcarro: remove use-package from emacs packages (it has been built-in
for a while now)
* users/sterni: the same thing
* users/aspen: remove `coz`, forwardport `gdmap` from stable
* users/flokli: dropped corneish_zen firmware from CI
This firmware depends on a non-reproducible FOD which, when updated, causes
build failures. We have worked around this repeatedly, but it needs to be
fixed properly.
* tvix: regenerate Go protobufs
* tvix: address new clippy lints
* tvix/{castore,store,build}-go: update grpc/protobuf libraries
* tvix/eval: formatting fixes
* 3p/overlays/tvl: work around GCC 14 -Werrors
Change-Id: Ice5948ca7780192fb7d2abc6a48971fb875f03c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12933
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I'm not really describing what the problem here is because I don't
think a writeup is really useful. It would just be speculation and
I don't need to syncronize my efforts with anyone at the moment,
so it's best to keep those notes offline.
Basically, the next problem I want to tackle is that the initial
parsing of a multipart message (to get the number, types, offsets
etc. of the different parts) is very slow. This is because READ-LINE
on a FLEXI-STREAM dispatches to READ-CHAR which is laughably slow.
Change-Id: Ia5d6e335abb23639cfe9c2149ead99ffa5dbbcf5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12936
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI