Instead of having two ways of accessing the path to the depot (one of
which was stuttering, depot.depotPath) we settle on only one:
depot.path.
This was mostly used for NixOS module imports.
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Plumbs an additional internal argument through readTree that indicates
whether the top-level of a tree is being read, and avoids recursing
into itself in that case. This changes the externally visible
behaviour of readTree (it is now expected to be called a level higher
than previously).
This allows us to reduce the amount of boilerplate needed to bootstrap
the TVL repository (by not having to specify the individual folders
that need to be read).
For reasons related to an infinite recursion we could not (be bothered
to) debug, the top-level `config` key (which held the attribute set
passed on by readTree) has been removed. This is not needed, as it is
already passed on by readTree ...
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: Id6e39b57b2f5b3473c4b695a72dd1d01fcfb7a66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2961
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
As a complementation to builtins.functionArgs this function checks if
the function has a set pattern that contains an ellipsis
(i. e. `{ [arg, [ arg1, [ … ]]] ... }:`). The implementation of this is
pretty cursed however since there is no clean way to do this in vanilla
nix: We need to match on the output of builtins.toXML which does try to
serialize functions by outputting their argument and information about
it (whether it is a normal argument or a attribute set pattern, in the
latter case it also serialize every component of the pattern).
Change-Id: I0f33721811a3180cec205a0c98e6d92e10e92075
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2950
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Dropping the message field will make Buildkite use the commit messages
instead, which makes for much more readable build logs.
Change-Id: I1849f811632526893b700f117c9f6cf64888c329
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2949
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Enables Prometheus with a local node exporter, and nothing else for
now.
Some additional collectors have been enabled for things that might be
relevant on whitby:
* systemd: all our services run in systemd
* processes: might be interesting for build-related stats
* logind: might be interesting for interactive usage stats
Change-Id: I48dacdd9c68b4be9edff7b3cb6256dad562498c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2930
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
--show-trace should make it easier to debug tricky evaluation errors
without running nix-build -A ops.pipelines.depot locally again.
Change-Id: Ice540562c3b389fc2a49ec1fc0adacb17db2a528
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2947
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
I'm not using cloudfront for gws.fyi anymore, so this invalidation step
on deploy is pointless
Change-Id: I153848666dc70acfc456b5dcf276bab2410c4716
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2946
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Looks kinda like rebuild-mugwump, only for home
yes, yes, this could gc halfway through, that's so unlikely that I don't
care
Change-Id: Iab3fdac15796e9f8158a9778b897bc3fe88e536e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2942
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Rename my //users directory and all places that refer to glittershark to
grfn, including nix references and documentation.
This may require some extra attention inside of gerrit's database after
it lands to allow me to actually push things.
Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: glittershark <grfn@gws.fyi>
sbcl 2.0.9 introduced a new warning:
> minor incompatible change: the compiler signals a warning at
> compile-time when an initform of T, NIL or 0 does not match
> a STANDARD-CLASS slot's declared type.
This broke a few packages, but they all have been fixed upstream in the
meantime and we only need to bump their versions. The culprits are:
* defclass-std which possibly has become unmaintained since the fix
(december 2020).
* cl-prevalence which also needs one symbol from bt now
* lisp-binary which also includes a new file now
Change-Id: I06bb47a129d5ef912a623315c1281aedd1ceac2a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2934
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Splits //ops/nixos into:
* //ops/nixos.nix - utility functions for building systems
* //ops/machines - shared machine definitions (read by readTree)
* //ops/modules - shared NixOS modules (skipped by readTree)
This simplifies working with the configuration fixpoint in whitby, and
is overall a bit more in line with how NixOS systems in user folders
currently work.
Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
Fixes included:
* exposed gtest in the package set, required for protobuf
* pinned SBCL to version 2.0.8: The channel moved it to >2.1, and a
bunch of warnings seemed to be killing our builds - we should
investigate this later.
* removed kernel patches from //users/tazjin/frog: this machine is
currently out of service anyways, not worth fixing while it's offline
* removed steam & lutris from frog (they're currently broken)
* removed Haskell overrides for hedgehog-classes & hgeometry-combinatorial
* use gRPC sources from upstream and inject Abseil via Nix instead
* fix for renamed grpc import in //third_party/nix
* use libfprint-tod from upstream nixpkgs in glittershark/yeren and
delete glittershark/pkgs/fprintd entirely, since all of the patches used
there are available and working from upstream now (and stopped working
here after the bump)
Change-Id: Ia90e6f774f7b88bc9e60d28351b900ca43ee2695
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2901
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
This change is required to run the ⚓ step on canon builds.
Change-Id: Ib3cebac67c9f5337b27a948f120b0a9ba834ef2a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2932
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: glittershark <grfn@gws.fyi>
The random_1_2_0 attribute of haskellPackages currently holds random
1.2.0 which is what we want to have. We need to disable tests because
they cause an infinite recursion as basically all testing libraries
depend on random. This has the nice side effect that we no longer need
import from derivation for random 1.2.0 (but owothia and xanthous still
use it).
Re-enable CI for xanthous.
Additinonally we need to deal with the fallout of the haskellPackages
overlay now also being pulled in for some machines since cl/2910 and
let pandoc compile with random 1.2.0.
Change-Id: I78d220e5bd35f3469d80d69e77e712a529f21d33
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2924
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Since we are still using third_party, underscores are kind of common in
issue titles and are probably often forgotten to escape. Let's just
support `*` for emphasized text in titles for now.
Change-Id: I305bcf4d4c59123bba4ce816a6da2ee8b022c34e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2926
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Adds a conditional build step that only runs on the canon branch, and
only if 🦆 (the status reporting step) succeeds, which creates a
new Nix GC root for all depot targets named `depot-canon`.
In practice this might be a bit racey, as canon builds are not
guaranteed to succeed in order (though it is likely). This shouldn't
matter much in practice: We only want to prevent rebuilds of the whole
world.
This fixes b/102
Change-Id: Id3d0bf4158bffcb1ed6929888a29d31609b6ece1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2904
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This ensures files created by the Buildkite agents are always owned by
the same group, without having to manually chgrp afterwards.
Change-Id: Idbaedec43c16b2ee137d1a95719a05d46db8f900
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2929
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
I have two YubiKeys now, and using the older one is more painful. Add the new
one, so I don't have to faff with gpg-agent in order to submit CLs.
Change-Id: I3fcd82cdb53f88dc00025de97666872802e270e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2928
Reviewed-by: eta <eta@theta.eu.org>
Tested-by: BuildkiteCI
I've been told that they don't want to be in this any more, so references are
removed in this CL by request.
Change-Id: I80a04b714fc57781e57e8dce977d0aec2da4f009
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2927
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
This lets the import of the depot root accept an additional argument
called `externalArgs`, which can be used to pass additional arguments
into a depot package set.
This is used in //third_party/nixpkgs for replacing the source of the
nixos-unstable channel with a path. With this we can bisect the
nixpkgs used in third_party easily.
Change-Id: I4f65eb3d6b521ed9f437649b7b068f1e6ab8210f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2925
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This wasn't working because yerenSystem wasn't actually accessing the
`system` attribute (like the other systems), which meant it was just
an attribute set full of stuff.
Change-Id: I0abe56f0a1f18e4e542cb458dfcdf81e8a0ddc01
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2923
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Please read b/108 to make sense of this.
This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.
To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.
Pay extra attention to:
* overlay-like functionality that was partially moved to actual
overlays (partially as in, the minimum required to get a green
build)
* modified uses of the package set path, esp. in NixOS systems
Special notes:
* xanthous has been disabled in CI because of issues with the Haskell
overlay
* //third_party/nix has been disabled because of other unclear
dependency issues
Both of these will be tackled in a followup CL.
Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
adisbladis fixed the tdlib/telega versioning issues in nixpkgs at some
point, so this isn't required anymore.
Change-Id: Ib98e73d0e4394765f08f5f3741f70adab459c22f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2909
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This configures accepting requests for b/ and cl/ on plain HTTP ports,
and redirecting to b.tvl.fyi & cl.tvl.fyi appropriately.
Additionally, Panettone request URIs that only contain decimals are
redirected to `/issues/$request_uri` to enable issue short-links.
This fixes b/32.
Change-Id: I56954d8d69a3624267778b467520c509f4daa6c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2908
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
nixpkgs_exposed is going away, and the haskell overlay is independent
from that.
See also b/108, cl/2910
Change-Id: I3aea6dfc427a914f3f88146fd0b45d60dfd45a1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2918
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This is part of paving the way for clearly distinguishing between
packages from nixpkgs and //third_party.
See also: b/108, cl/2910
Change-Id: I28b5abd1f0f9fa3c4478c9f255b2025f4a4139f1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2917
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: tazjin <mail@tazj.in>
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.
This commit cleans up a huge chunk of these uses in //ops
Change-Id: I00faeb969eaa70760a26256274925b07998c2351
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2915
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.
Change-Id: I49d82726b2f3bd7d4923effdd9a7e3f67ddc0659
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2916
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.
This commit cleans up a huge chunk of these uses in //fun
Change-Id: I45a7b392a9749fa7859ff5100dcea415bda807c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2914
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.
This commit cleans up a huge chunk of these uses in //third_party
Change-Id: Ic382c0cdea7330a84d5f0b7d109c824ddceb94e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2912
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This should ease migrating to a distinction between depot.third_party
and pkgs (as in nixpkgs) in the future.
Ref cl/2910, b/108.
Change-Id: I53a854071fddd7c0d0526cc4c5b16998202082c6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2913
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Emails for (re)opening and closing where send out with the user's DN in
the subject which is probably not what we want.
Using displayname-if-known is probably not necessary as there is not
really a case where (not *user*) wouldn't justify a 500 in this context.
Change-Id: Id12d3d9619f42eb5337c2d3482b7c1646b5d6a81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2911
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This lets us grant permissions to them, e.g. on local folders.
Change-Id: I823ac414be1cb7d6baa4f17d95003709e5911b04
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2905
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
There will be more Buildkite-agent specific configuration, and it's
already more than just the module setup, so extracting this makes
sense.
Change-Id: I56ce205c0cb4365317ed7ed5f2d525a0b425b861
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2906
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Add kolide, the endpoint monitoring system / MDM we're using at work, to
the system derivation for my work computer.
I hate MDMs almost universally, and this one is no different, but SOC2
waits for no one.
Change-Id: I99bcb5341182a81512699d50b279efd9e1b2194b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2903
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This small(*) pile of JavaScript queries the Buildkite API for the
latest builds for the depot and displays the results in the rebooted
Check UI.
Change-Id: I7025a1c6d0d0afa000a9df4682133e03824ea10d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2881
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This is just going to be a grab bag of things which do TVL-specific
things to Gerrit, whether that be exposing new Prolog predicates or, as
I intend to do as the first thing, expose Buildkite builds as checks.
Change-Id: Iaeab987a1fdbd078b85e274691c986489903bf3a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2872
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Writing Gerrit plugins that don't use the in-tree build system is more
convenient if the API is actually exposed in the derivation's output.
Change-Id: I3408d35498ca879576d532b005e36fde8ff2ea61
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2871
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
drakma ignores the :external-format-in parameter if :want-stream is t:
> If want-stream is true, the message body is NOT read and instead
> the (open) socket stream is returned as the first return value.
> If the sixth value of HTTP-REQUEST is true, the stream should be
> closed (and not be re-used) after the body has been read. The
> stream returned is a flexi-stream with a chunked stream as its
> underlying stream. If you want to read binary data from this
> stream, read from the underlying stream which you can get with
> FLEXI-STREAM-STREAM.
Since it doesn't return a plain CL stream which would just work with
SBCL, we need to set the external format on the resulting flexi-stream.
Fixes b/107.
Change-Id: I6e3178123c0927ef21fabf8118d9d357c8afbd42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2869
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Move the common part (encoding/decoding json and connecting to cheddar)
into request-markdown-from-cheddar. The two render-markdown
implementations are now only thin wrappers around that function.
Change-Id: I81bb34b684af44228dcad02fca541082e6d060ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2868
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>