Everything was large=true and then nothing was small=true and did not
have a hostname.
This is fixed.
Change-Id: Id90e6246f9ab44ce020d999e975dd8b4cd4492c9
Signed-off-by: Ryan Lahfa <raito@lix.systems>
cl.snix.fyi/q/$ID where $ID ≤ 30K will redirect (301) to
cl.tvl.fyi/q/$ID to keep the old links working.
Change-Id: I27b496a1c52a3de3d106292ba7a2931b0f15fa49
Signed-off-by: Ryan Lahfa <raito@lix.systems>
This is definitely faster than doing a roundtrip via a build.
Change-Id: I7a02b828462def735fdb241ce729143e90bc5c75
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13236
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
Something recently caused us to replace Docker with Podman (I guess a default
changed in nixpkgs? I don't remember making the change explicitly), which broke
the reindexing unit.
Change-Id: I1d3453ed970e536abb540c6ef79765cfda271810
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
These bots are doing unthrottled requests to cgit 24/7, and it's starting to
annoy me.
Change-Id: I6b7d7a68e9becb8ed4b5c52b376c2a60febc6ec6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13145
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Adds a new tagging system to Buildkite agents, where agents are tagged with
large/small slots. All agents have small slots, only some agents have large
slots. The small slots are purely informative - nothing targets them, whereas
large slots will be used for filtering agents.
This allows us to target large slots in some builds and minimise the concurrent
execution of extremely large builds, while keeping a large number of small slots
around for all the light targets.
This will need some tuning over time (also because tagging is a manual process).
Change-Id: I15aa657773ed874d84d98e55238fb31c75d4efa7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13120
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Removes whitby DNS records and other related configuration that is no longer
required now that whitby is gone.
whitby served us well. RIP.
This resolves b/433.
Change-Id: I56fe6f88cde9112fc3bfc79758ac33e88a743422
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13117
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Backups are moving from GleSYS to Yandex Cloud (is this motivated by me not
having to pay for them in that case? Maybe!); this changes the default backup
location to accommodate that.
I also noticed that we previously manually placed the backup key on whitby, so
the new key is going into agenix instead, as well as the secrets for protecting
the repositories.
Change-Id: Ibe5dbfec6784345f020a8b4d92bb01c6ad719a89
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13096
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This turns off almost all of the lights. The server will be decomissioned on
2025-02-05. Until then we can keep running the Buildkite builders there for
extra capacity.
Stuff that was left in the whitby config has been migrated to nevsky.
This relates to b/433.
Change-Id: I84953e9d5e912f75b8884cb9d8edd5a1b7d5c85d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13095
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
... that is then promptly enabled on nevsky.
Change-Id: Ie51037cec810bb7f81099a67ebd2581dcf710bd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13093
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This is no longer needed; Nixery is now served by bugry.
Change-Id: Idd072505c4da1e6af636224e092b6fb21eff9250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13001
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
We switched to stable temporarily in 2023 (!) because of some breakage that has
long been fixed.
In general, running nixery against stable is probably advisable, but because of
our Lisp package situation updating stable is not possible at the moment.
Change-Id: I122ac63d6307cab76a3069101682fc5f8f985914
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12999
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Running Nixery on bugry is much more cost efficient (better traffic economics
than on a cloud provider, and Nixery is mostly a traffic-heavy service), and
frees up my Yandex Cloud credits for adding another builder.
Change-Id: Id6c8c76b28a5ce13cc8b743ad6e72fffd19353fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12997
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Configures an experimental setup for a builderball-based public cache.
This cache only includes the two build machines (whitby & nevsky), for the time
period where both of them exist simultaneously.
The idea is this:
All participating hosts run a harmonia binary cache locally (whitby already
does). They then run builderball instances pointing at each other's harmonia
caches (through dedicated public hostnames).
When a request comes in, the first matching cache address is returned and Nix
will substitute from there.
Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
I omitted the `acls` section when adding the tag configuration. In "normal"
tailscale, emitting this is equivalent to putting the defaults there (i.e. all
traffic inside the tailnet is allowed), however in headscale it defaults to
blocking everything instead.
This meant that internal tailnet traffic wasn't really working correctly anymore.
Change-Id: Ic37504e9a8a97b9f8eb3ac173c88201aef1c044a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12972
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Configures an ACL for a tailscale tag that can be added by the `tvl` and
`tvl-builders` users.
This tag will be used by dynamic builders to bootstrap and advertise to other
builders that they might be valid substitution targets.
Relates to b/432.
Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
I've decided to use the commit view instead of the log view (which cgit
uses) for now. It really depends on how you use it in commit messages:
To refer to a depot state or to a specific change (independently of what
CL gerrit assigned). I'm happy to change it to use the log view.
Change-Id: I472b511fa1322f91304f6543473b51f9c5f21ca2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12837
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I've discovered that it is possible for irccat to fail enough times to
run into the restart limit before network is online after booting.
Change-Id: Ia54a46d56bdc765a825fee50e7bdc8206718edc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12790
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Harmonia is, ostensibly, faster and better and, most importantly, not a giant
pile of wonky Perl.
I've tested locally that Harmonia works with Nix 2.3 (on both ends), so I think
we should be good to go here.
We have a vendored copy of the upstream module for now. We need to fix Nix 2.3
compatibility in upstream for the module, but the service itself works fine.
Change-Id: I3897bb02b83bd466b6fe7077c05728ac49ea4406
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12517
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
This was in //ops for legacy reasons, but this is really not necessary.
Change-Id: I758b257838993ef0f7d55809c137118826e2ba85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12483
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This was deleted when removing the Sourcegraph module, but it turns out it is
also needed by panettone.
Change-Id: I8f14165bf783743247894c2b64882fbb032ffbf8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12295
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
In #tvix-dev, we want to display only CLs that relate to tvix and
related projects.
So use a pretty dumb allow-list for which CLs to display in that
channel.
Change-Id: I3ef50b64e3d7fbc27a6690be6a10f1b55c04cd6e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11658
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
For the duration of the sprint, this bot will take care of
synchronising the IRC channel with the Telegram group.
After the sprint, it will be removed again.
Change-Id: I6d5b1316fc85ddd26adf55e31f6bff742907fc24
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11727
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
The change we need has been released and propagated to nixos channels.
Change-Id: Ib10a1d42d7ef6deaf5665a13b72ece345e83d7dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11457
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
We just had a minor incident where apparently our build cache for the
critical security fix was deleted by automatic-gc (which I had stopped
manually) being reenabled by an unrelated whitby deploy.
This adds a new mechanism where by touching a file called
`/run/stop-automatic-gc` the GC can be prevented from running.
We might want to configure an occasional alert or something if this
file exists, so we don't forget about it when we are using it.
Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
In hope that iwlwifi works again on this commit, and I don't actually
have to debug it.
Includes following changes:
* users/aspen: home-manager is shuffling around pinentry options again
* users/flokli: rebase ipu6-softisp patches to Linux 6.8
make cl/11097 a separate patch
* ops/modules: remove unused (and now broken) v4l2loopback module
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I763f1f075778f2ed8db7803f87248c9dabde4213
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11174
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Some of the docs are still outdated (like architecture and drv path
inconsistencies).
Change-Id: I7a6afceb008ef4cd19a764dd6c637b39fa842a2e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11072
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
A recent change in nixpkgs introduced evaluation warnings if a systemd
service is configured to start after network-online.target, but does
not directly depend on it.
This is done because the existing dependency from multi-user.target to
network-online.target is being removed, leaving these services without
an actual dependency on the service.
This affected autosubmit (I added a weak dependency here, for now the
service is actually on the same host as Gerrit), and sterni's mirror
setup (I added a strong dependency here).
Change-Id: I88a4aa69f6788c489f59533d34be3c9cea681326
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11026
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
The .dev TLS is on the HSTS preload list, so there's no need to set this
header here at all.
Change-Id: I253fa2427e75bd0808945cd5d53159cac74e7f8b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11018
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Make tvixbolt.tvl.su just serve a redirect to the new domain, and fold
everything into the tvix.dev.nix module.
Change-Id: I3a9ccf37d2ceee8886208d6f662e7598ce395b1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11015
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Assigning copyright to the TVL community (whatever that is), and
adding AGPL-3.0-or-later license.
I also cleaned up some of the stuff on the landing page.
Change-Id: I4dbca19406e00e5105fed50e8fb64e0fcca23e3a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11013
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
