For mystifying reasons, Type=simple and CREDENTIALS_DIRECTORY in
ExecStop have stopped working (when exactly I don't know, but presumably
256). Apparently, you are supposed to use Type=exec with credentials due
to raciness (I've personally never experienced):
<https://github.com/systemd/systemd/issues/32583>.
Just changing the type did not resolve the issue of
CREDENTIALS_DIRECTORY being unset, though. It appears, though, that the
issue is merely an unset environment variable and not the credentials
being unavailable: We can work around the problem by setting an
appropriate environment variable ourselves.
Change-Id: Ifcdb1f3bce782ea1c568a9bc413f3fb29f0985c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12649
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
The bundled tool is sort of convenient, I first tried it when debugging
an issue (that doesn't affect this module) and it seems a bit nicer.
Change-Id: Ief948f8e46e51f05b04fe7628ab9298284f780e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12444
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
This function is inspired by BQN's [⍉] though it is much less elegant
since Nix lacks multi-dimensional arrays. I thought this would be useful
to to avoid multiple `map`s over a single list if we want to return
multiple, separate values from it:
transpose (builtins.map (x: [ (calcA x) (calcB x) ]) myList)
# => [ [ (calcA a) … ] [ (calcB a) … ] ]
While this is quite elegant, it turns out that it is faster to write out
multiple maps:
[ (builtins.map calcA myList) (builtins.map calcB myList) ]
[⍉]: https://mlochbaum.github.io/BQN/doc/transpose.html
Change-Id: Ic333c33af38ab03573b215c9696d75caf2ee18e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11113
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
A recent change in nixpkgs introduced evaluation warnings if a systemd
service is configured to start after network-online.target, but does
not directly depend on it.
This is done because the existing dependency from multi-user.target to
network-online.target is being removed, leaving these services without
an actual dependency on the service.
This affected autosubmit (I added a weak dependency here, for now the
service is actually on the same host as Gerrit), and sterni's mirror
setup (I added a strong dependency here).
Change-Id: I88a4aa69f6788c489f59533d34be3c9cea681326
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11026
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
We skip 1.20.3 which had a somewhat nasty bug that was immediately fixed
in 1.20.4 with no other changes.
Change-Id: Ib7ef12912b3ed7a7ed2e00fea654d5d7532a92f7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10863
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
1.20.1 doesn't seem to have any substantial changes except bug fixes, so
let's jump to it right away.
Change-Id: If41f06352f5e5351e37af1969fa8152693a227e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10861
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs
Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This is just intended as a local backup in case things go wrong
horribly, so you can revert to a recent state.
Change-Id: I1d666bad77045a1c807204df144422ba69d1d99f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10417
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Main objective was to get SMART/md monitoring working, alerts go (via
some awful glue code) to #sterni.lv on hackint. Bot nick should also be
registered in the future.
Change-Id: Ia73c5a64ee9f6df62f5fbe21fc1606477e3d6e73
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10174
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
We currently don't need it actively and it is easy to re-enable if
needed. Due to spawn chunks simulation it is not really idling either.
Change-Id: I2e4e5ff2271fd61ee1affec27a614244d4a87fcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This actually allows disabling a service for the first time, since the
configuration structure for the service is created irrespective of the
enable option.
Change-Id: I08e5e67565d6fe210fb0f65600b8750433ce4712
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10175
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This will hopefully prevent failures on system deploys where DNS is
briefly not available, so git(1) fails to resolve github.com. Thanks
flokli for the tip.
Change-Id: I6096e9f3655cbe28ca2a71142de22337814e0be1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10172
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
While we are at it, rename disk-checkup.nix to btrfs-auto-scrub.nix and
move it into //ops/modules. I originally wanted to have additionally
disk health related services in that module, but the btrfs scrub
functionality is nicely self-contained and reusable, so I think it makes
sense to have this in a more central location.
Change-Id: Iabdd62838eef009540ca71abafd921afda2a9b47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10128
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Network configuration and initrd setup is basically the same as with
edwin, but we are using md for Software RAID this time as well as LVM
over two partitions with LUKS:
- sda2 <-- RAID1 --> sdb2 (boot-raid)
└ boot partition, ext4 (encrypted-container-raid)
- sda3 <-- RAID1 --> sdb3
└ LUKS container
└ Volume Group vgmain
├ Logical Volume vgmain/swap
│ └ swap
└ Logical Volume vgmain/root
└ btrfs
So we no longer rely on btrfs raid1 due to question marks over its
reliability (I personally did not have any problems though). This also
means that we have less LUKS containers we need to unlock when
booting (kind of neglible improvement). The biggest improvement is that
we have redundancy for the swap, so a disk failure shouldn't cause
memory corruption/loss.
Change-Id: I14f065b659857415917d9a60a7ec019e687f8d1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10127
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
These settings would also be applied to a machine that'd replace edwin,
so it's useful to have them outside edwin's default.nix.
Change-Id: I4e8f464118a103645e53909a87c6ee4446022fa3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10125
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
nixpkgs changed something in how it deals with configuration of the
package set itself when that is externally instantiated (like in
depot)
It seems like we can work around this mostly by just ... deleting some
code, as all instances of this were for allowing unfree code, which
we've already set on the top-level anyways.
* //users/sterni: fix nixpkgs config assertion to point at
pkgs.config
* //users/wpcarro: disable locate service, which is broken in nixpkgs
Change-Id: Iacf6f1c8fd5b5289e7265e155d74f8269a858ceb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9541
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
This mirrors the terminology Haskell uses: quot and rem truncate towards
zero which is also the case for builtins.div. We can give us the option
to introduce Haskell-style int.div and int.mod (to complete the
confusion) which would truncate towards negative infinity.
Change-Id: Ibebb0a01a73c9718cd62121b2fc2a19c3a4be0de
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9009
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Only implements the different conversion types from and to ints for now.
Unfortunately very reliant on builtins.{floor,ceil} which can't be
implemented purely except very inefficiently (to my knowledge), so it
only really works for C++ Nix >= 2.4. Tests are thus skipped for
C++ Nix 2.3.
Change-Id: Idcb1a11df11e214cdba3f2a0715472b370daa7dc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9008
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
We omit type checks for performance reasons in most places currently, so
the library grouping is important in showing people what to use for what
sort of input. The moved functions make sense to use with floats as
well, so we'll move them to the num library. Some of the remaining
functions could theoretically be adapted and moved, but aren't for now.
Change-Id: Ifdecaa60be594f4438b2a58b9ea6445e2da080e3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9007
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This means we can subtitute the base package for my emacs derivation
instead of compiling it from scratch (which is quite slow).
This means I'll be using 29.1-rc1 until
https://github.com/NixOS/nixpkgs/pull/246203 or
https://github.com/NixOS/nixpkgs/pull/247496 are merged which is okay,
as it includes pgtk support.
Change-Id: Ie7cfec1ca0df9974c049be0b00d75f32143ac905
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9065
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This stops it from shadowing org-mode's C-c ! which I wanted to use a
few times, curiously. Surprisingly, this seems to work correctly even
though no special evil binding facilities are involved, i.e. the keys
only work in normal mode.
Change-Id: I184321c1f1b02d1661dc915bb3a384a349a04068
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8928
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
* //ops/modules/depot-inbox: Adapt to upstream option type declaration.
See nixpkgs commit b6ed3b8f402893df91a8e21ce993520301c2f076.
* //ops/machines/sanduny, //users/tazjin/polyanka:
Remove boot.loader.grub.version options (no longer has any effect).
* //users/sterni/emacs: reflect rename emacsPgtk -> emacs-pgtk
* //3p/overlays: update tdlib to match emacs-overlay
* //3p/overlays: give EXWM from depot a separate name
* //users/grfn/system/home: disable Slack support in ntfy
Change-Id: I03bde088bc70e05b23925f244899807210cb7b20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8547
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
/**/ is a nice way to align if statements which doesn't work with
nixpkgs-fmt, since it'll reflow the comment to the line preceding the
if. Consequently, we can delete these comments now.
Change-Id: Ifa5327f846a903e07607b21f8eedbc32fc36f758
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8689
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Eventually, we'll want to replace dump-stream-binary with something more
efficient—given that we have flexi-streams we can use something that
only does matching element types no problem. REDIRECT-STREAM is much
more efficient thanks to using an internal buffer.
streams.lisp gets a new section at the beginning for grouping utilities
that don't have any real (internal) dependencies.
Change-Id: I141cd36440d532131f389be2768fdaa54e7c7218
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8583
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Porting over the rest of the decoding (RFC2047) and especially encoding
over to qbase64 is still pending, as it is a little trickier.
Change-Id: Id4740eb074a387aeea2cb94b781e204248530799
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8582
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
The input adapter streams were input streams yielding either binary or
character data that could be constructed from a variable data source.
The stream would take care not to destroy the underlying data
source (i.e. not close it if it was a stream), so similar to with
FILE-PORTIONs, but simpler.
Unfortunately, the implementation was quite inefficient: They are
ultimately defined in terms of a function that retrieves the next
character in the source. This only allows for an implementation of
READ-CHAR (and READ-BYTE). Thanks to cl/8559, READ-SEQUENCE can be used
on e.g. FILE-PORTION, but this was still negated by a input adapter
based on one—then, READ-SEQUENCE would need to fall back on READ-CHAR or
READ-BYTE again.
Luckily, we can replace BINARY-INPUT-ADAPTER-STREAM and
CHARACTER-INPUT-ADAPTER-STREAM with a much simpler abstraction: Instead
of extra stream classes, we have a function, MAKE-INPUT-ADAPTER, which
returns an appropriate instance of FLEXI-STREAM based on a given source.
This way, the need for a distinction between binary and character input
adapter is eliminated, since FLEXI-STREAMS supports both binary and
character reads (external format is not yet handled, though).
Consequently, the :binary keyword argument to MIME-BODY-STREAM can be
dropped.
flexi-streams provides stream classes for everything except a stream
that doesn't close the underlying one. Since we have already implemented
this in POSITIONED-FLEXI-INPUT-STREAM, we can split this functionality
into a new superclass ADAPTER-FLEXI-INPUT-STREAM.
This change also allows addressing the performance regression
encountered in cl/8559: It seems that flexi-streams performs worse when
we are reading byte by byte or char by char. (After this change mblog is
still two times slower than on r/6150.) By eliminating the adapter
streams, we can start utilizing READ-SEQUENCE via decoding code that
supports it (i.e. qbase64) and bring performance on par with r/6150
again. Surely there are also ways to gain back even more performance
which has to be determined using profiling. Buffering more aggressively
seems like a sure bet, though.
Switching to flexi-streams still seems like a no-brainer, as it allows
us to drop a lot of code that was quite hacky (e.g. DELIMITED-INPUT-
STREAM) and implements en/decoding handling we did not support before,
but would need for improved correctness.
Change-Id: Ie2d1f4e42b47512a5660a1ccc0deeec2bff9788d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8581
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Starting with 1.18.1 we no longer need to pass an extra flag to work
around the log4j CVE, so baseJvmOpts can be empty.
Change-Id: I6d6c5a366ecbb499b2e3945db81ca0a8b2e2dcbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8332
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>