Break out the configuration for the prometheus fail2ban exporter, which
is a simple python script that exports stats from fail2ban as a
prometheus-scrapable textfile, from Mugwump into a reusable nixos module
in //ops/nixos/modules.
Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This does not appear to be working
Change-Id: I195e44f799981343a7b9dc60b25eb068d5d42530
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3182
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Includes the following depot changes & fixes:
* stable moves to NixOS 21.05
* stable isn't used anymore (but we'll keep the mechanism)
* haskell overlay's `random` override is removed (YAY!)
* grfn/iso: Switch to regular kernel rather than
latest kernel, as latest kernel is currently marked as broken due to zfs
* grfn/home: Use julia_16-bin temporarily
julia 1.5 (current julia-stable, source built release in nixpkgs)
doesn't pass its own test suite. Julia 1.6 doesn't have a source built
package in nixpkgs yet, so julia_16-bin appears to be the only working
julia derivation currently.
* tazjin/tverskoy: Use zfs unstable, as stable zfs doesn't work with the
latest kernel
Co-Authored-By: Griffin Smith <grfn@gws.fyi>
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: I6f2e3d9f75077e4755de6bde9104d44b584cbe4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3174
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
I don't really like the perspective-specific stuff after all.
Change-Id: I214e481a29ed5734de232d6cbd8fabbc6368359d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3181
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Work is now using JIRA instead of Clubhouse, so I've started writing
org-tracker[0] as a pluggable-backend version of org-clubhouse (I'll
probably add github issue support as well!). This switches my personal
config to use that instead of org-clubhouse, including the
checkout-branch-with-ticket-id stuff I had locally.
[0]: https://github.com/glittershark/org-tracker
Change-Id: I3cf72d6640b155c92ca9ddd1d9d9b5167367951a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3180
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
For some reason some org config was still living in the global config.el
Change-Id: I2145a054ace97b91877a4397a52fd18a5c273434
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3178
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
No longer connecting to freenode - but I *am* now connecting to both
hackint and libera, so add a prompt to the command to decide which one I
connect to
Change-Id: Iae315ddab753cf9c365cbee7abd94213af656d4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3177
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use awscli2 rather than awscli to deploy - less because I actually need
any specific functionality from the new version, and more because I
already use awscli2 on my systems and it's nice to always use the same
version of stuff
Change-Id: Id0e5b63dde1857c2e417ac2eeb2f769ebcc0f956
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3175
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
... until hardcoded references are removed upstream.
This is motivated by HEAD-branch related issues when cloning depot via
josh and a naive search for places where `master` was used directly.
Change-Id: I46709631d6ee5561344fc5f407324bcf69c641e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3171
Tested-by: BuildkiteCI
Reviewed-by: cschilling <christian.schilling.de@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Includes a potentially relevant fix (anonymous authentication with the
correct username).
Change-Id: Iabf2eff43e98cc8b7b998ead3775b1fc8f1dfac6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3173
Tested-by: BuildkiteCI
Reviewed-by: cschilling <christian.schilling.de@gmail.com>
There have been a few relevant fixes.
Change-Id: I84b6fb645703972b03f1210cb69d03467caefbfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3172
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
We still don't support POSIX timezone descriptions and the like,
but I currently don't have the energy to support something just
for POSIX's sake.
Change-Id: Ifbfc798ebe849e886cc31964b7fbc70ff009ef29
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3167
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
... rather than dragging it in as some transitive dep, which actually
stopped happening.
Change-Id: I2331721839d5e53c38236f64487be0e6f1be352e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3170
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit e1c45be3f5. I'm back
in NY now T.T
Change-Id: Iaae2bf778195b9a99ac1a46068703a58e6b69053
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3166
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This small tool prints the current time rounded to half-hour precision
as an emoji clock face and exists. It can use both the local time zone
and UTC. Additionally it supports a pseudo dot time format.
Via fun.🕰️.lib we reexpose the internal library which allows conversion
from LOCAL-TIME:TIMESTAMP to an emoji clock face — maybe we'll want to
integrate this into //web/panettone?
//fun/🕰️ is the spritual (and actual) successor to
<https://github.com/sternenseemann/unicode_clock>.
It likely only works in SBCL due to its heavy usage of unicode symbol
names.
Change-Id: I44204107a14f99b04b0c5290d88e8659f013f423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3164
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Turns out this is an annoying thingy you sometimes to implement
independently from formatting an entire timestamp, so we expose it for
reuse.
Change-Id: I11de2823eb03849ea78fc79e2f546e413882930f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3163
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
This fix is essentially the same as the one in cl/1263.
Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Add a script (to PATH, so I can launch it from rofi) to take whatever's
in the clipboard, pass it through `dot -Tpng`, and then open the result
with feh.
Change-Id: I1842fca3585a33d902da20dfa6101d1c6d2f2062
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3160
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Until we have declarative ZNC config (which requires a solution for
secrets handling in it), make sure we back this up as well.
Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.
The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.
Fixes b/105.
Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This changes the evaluation order for the `depot` argument and ensures
it is partially evaluated before the module system starts resolving
imports.
This way we can import modules from `depot.path` without `depot`
having to come from readTree.
Fixes b/129.
Change-Id: Icf4dd2be15011055dac8b27e991a4ff6a12bf827
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3156
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
The link for atward's source code was using atward.tvl.fyi,
this makes the cs cookie (if set) for at.tvl.fyi not work.
Change-Id: I644f0341ecaf2caea0b71a950686579dfd18d092
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3155
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This time using `tools.hash-password` because login did not work with the
initially created hash.
Change-Id: I1eb62a496d2d8497d27573af47bf8bf70dac9bbb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3153
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
* This was mostly for //third_party/nix and its dependencies which now
have been set to use llvmPackages_11 manually.
* For //users/grfn/achilles we also manually select the newer LLVM version.
* //tools/cheddar doesn't seem to need llvm anymore.
* //third_party/buzz also compiles with clang 7.1.0
* replace clang-tools everywhere with new attribute clang-tools_11
For the future we may want to have something similar again, but it may
not be necessary to invest too much time into it: nixpkgs is set to
upgrade their default llvmPackages to LLVM 11 as well at some point in
the near future.
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: Id83868dbc476a6c776b59518b856c933f30ea79d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3135
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
This will be used to serve (nix-) diffs for pending deploys of whitby
Change-Id: Ia864993b1fcb3b7ce5fcc21f32a27528a4c31f08
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3149
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
irccat is passing the realname option as the ident of the user, which
doesn't match what is in ZNC.
It hasn't seen any upstream commits in a long time, so I'm just
leaving this as is and fixing it locally in our config.
Change-Id: I3bf865f37b8df9c1cd891a94245ca3fad376bbe1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3150
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Issue bodies tend to be very long, so displaying the full diff whenever
the issue is updated takes up a lot of visual room and is very hard to
read. Specifically for this field, this changes the display to only show
"updated the body of this issue", hiding the previous and new values.
At some point in the future, I'd love to have some CSS fun with active
anchor links to have an "expanded" view that *does* display the previous
and new value, but for now this should be fine - the data isn't gone,
after all!
Fixes: b/111
Change-Id: I0188540188729142e0b9205ff5cc9ea576c4edb6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3142
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
7aebba7, which added anchor links to comments, also incorrectly added
only the *key* for the `:id` attribute to the `li` element for
issue *events*, swallowing up the next form (which happened to be the
username) as the value. this adds a *proper* value for the `:id`
attribute, bringing back the actual display of the username.
Fixes: b/97
Change-Id: I33ee628ddfd4a291e069980512fcc5f74014aac4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3141
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The accessor function to get the ID of the `model:issue-not-found`
condition is `not-found-id`, not `id`! Also, add a missing space to the
title.
Fixes: b/127
Change-Id: I91c71feaf1fe877e6a14453a9e75cf27d56fee31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3140
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This is fixed in upstream nixpkgs, but we're not yet at a commit where
it's used, so it's important to use the OpenLDAP from //third_party
Change-Id: I7c033cd23f45a95c4a4af864ffe561c496833a0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3143
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
I like running fail2ban on any machine that has stuff like ssh
world-open, to limit the potential for password brute-force attacks etc.
Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This doesn't replace all of them in the repo, but at least the ones
that are relevant to our move.
Change-Id: I842e7594b4c16af30d880272417874f6b29afd22
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3134
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
This drops the msmtp requirement from my configuration; there's still
some cleanup to be done but I need to double-check this in a few
environments first.
Change-Id: I298f4ff77b45cb214fbccee84e9bbd861508d11a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3132
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This configures owothia to use her new bouncer to HackInt.
Change-Id: I80eb8191c2b0f2a6f8a31d19b60250ade27c1913
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3129
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This is a simple Go module build for https://litestream.io/
If this ends up being useful, we should upstream this to nixpkgs.
Change-Id: I3beb64c9adb3b57fcef4e1dfb27f293a15f90a76
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3085
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Points clbot at the new local ZNC instead. This will make it part of
the things happening through the `tvlbot` account.
Relates to b/101
Change-Id: I1c15ffa5720d3af34475c15bee3fdaa537ac659b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3127
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
The local bouncer on whitby does not use TLS.
Change-Id: Idf9c56f94129b0ddce620eb559082a8f2f088078
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3128
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>