Commit graph

16482 commits

Author SHA1 Message Date
Vincent Ambo
1c6dc510a6 test(tools/hash-password): ensure that script can execute correctly
This tests loading of the argon2 OpenLDAP module. Relates to b/184

Change-Id: I661af4ddc238ad02d082b3a0cede55af5ef13f1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5750
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 23:48:37 +00:00
William Carroll
deb8796cc5 feat(wpcarro/tarasco): firewall.checkReversePath = loose
Tailscale is warning about this in `nix-build` via `trace`.

Change-Id: Ia44100f5a3cd12fbf9fd10dbf40bef10805aff12
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5749
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:31:34 +00:00
William Carroll
932a03e224 feat(wpcarro/tarasco): Enable earlyoom
See the comment or other CLs I've made in the past about earlyoom.

Change-Id: Ia4c0c61784aa3e76644de91a95e8b9fbdd743b54
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5748
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:31:33 +00:00
William Carroll
3dbfa04f21 fix(wpcarro/tarasco): Blacklist rtw88_8821ce
This naughty RealTek wireless module crashes my machine. I'm also moving other
`boot`-prefixed options out of `hardware.nix` and into `default.nix`. In
general, I'm not *really* a fan of the distinction between the two files in the
first place.

Change-Id: Iabdc776afc78f00971f426c5931b7235c8c0ee20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5747
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:27:31 +00:00
William Carroll
8adf2c3740 feat(wpcarro/emacs): Add wpcarro@tarasco to ssh-hosts
For `M-x ssh-cd-home`

Change-Id: I8c16d9d0c420cb9feafcb466c4a416a04a4b1a26
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5746
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:27:30 +00:00
William Carroll
1f96143f48 feat(wpcarro/emacs): Add wpcarro@ava to ssh-hosts
For `M-x ssh-cd-home`

Change-Id: Iacb236793414b905071284e72d64e9dab3116319
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5745
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:27:30 +00:00
sterni
e86d0101d5 feat(sterni/emacs): function to display texcount for current file
Change-Id: Iae09dd79494d65e4025e1e34ab1d848ef2b9cd47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5722
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 23:24:28 +00:00
sterni
0d694afee4 docs(README.md): reflect recent upheaval in depot
* //third_party/nix is no more

* //users/tazjin/blog was promoted to //web

* We merged in cgit-pink and might as well do a bit of advertising.

Change-Id: I70c26a687517c196970fd2e7cd1397e430f3201f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5721
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-27 23:24:28 +00:00
William Carroll
ed29aed5bc chore(wpcarro/readme): Prefer shell pseudocode to bullet points
These docs get stale pretty often. Maybe my installation should be similar
like...

```shell
$ # pseudocode
$ nix-build https://code.tvl.fyi/depot.tar -A users.wpcarro.baseSystem
```

...where that automates more toil 🤷

Change-Id: I548142d9dff284afeb233ecf23036655b7f7c2df
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5744
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-05-27 23:21:25 +00:00
William Carroll
11a8eea0e3 feat(wpcarro/tarasco): Support tarasco 🇲🇽
Named after the Mexican restaurant, El Tarasco, in El Porto, which I live 3m
walking distance from.

Change-Id: I2cd4b68eaa974ad6c8fec73e0566bc0b831c57a8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5743
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-05-27 23:21:25 +00:00
William Carroll
e3530149c5 refactor(wpcarro/ava): Prefer disk/by-label to disk/by-uuid
I broke LVM (Logical Volume Manager - maybe?) when I did the following:

```shell
$ HOSTNAME=ava sudo rebuild-system
$ sudo reboot now
```

I had to rollback to the initial NixOS version and try again.

Change-Id: If90e5e23767392202425181be986f81deb5ddff7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5742
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-05-27 22:41:16 +00:00
William Carroll
534d7c34fc chore(wpcarro): Drop Makefile
Thank you for your service

Change-Id: I2e13aa7c28f461e80bd7ffcbc13cbe79594e0aee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5741
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2022-05-27 22:41:15 +00:00
Griffin Smith
e05e603201 docs(views/kit): mention magrathea
Change-Id: I3cf2d66fdc6c258ca9d3a502ce9eacc5926a8546
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5703
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-27 22:15:59 +00:00
Vincent Ambo
e9e8e38db7 fix(ops/gerrit-tvl): Filter builds by commit hash
The patchsetSha is one of the things passed in to the `fetch()`
interface, and Buildkite's API (now?) supports filtering by the commit
hash in addition.

With this combination, we should not accidentally display builds for
the wrong patch set.

Change-Id: I6bb26dd7387f2dd00291990cadd38629ecda999b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5702
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 22:13:58 +00:00
sterni
0e705fedb0 chore(3p/sources): Bump channels & overlays
* //nix/buildLisp: disable CCL once again due to
  The Mysterious Runtime Bug™.

* //users/tazjin/nixos: uninstall dmd which is broken in nixpkgs atm.

Change-Id: I8dd2220af48a7e087584b6f50529fb8477e6a2fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5699
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-27 21:15:10 +00:00
Vincent Ambo
b9342b5751 chore(3p/dfmt): Remove package
Not used by anything.

Change-Id: I31822e02ee34964c25952f7c0ee928a0de62aff7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5700
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-27 21:10:35 +00:00
Vincent Ambo
bdccd2c111 fix(ops/modules): Increase RestartSec= of oauth2_proxy service
When Keycloak and oauth2_proxy are restarted simultaneously, the
latter might try to come up (repeatedly!) before Keycloak can serve it
properly.

This leads to systemd considering the unit failed.

Since this all happens in the span of a second or so, slightly
increase the restart delay of the service to ensure it comes back
after Keycloak is ready.

A "proper" fix might be to add a script that runs before the actual
service and waits for Keycloak, but I don't want to prioritise that
right now.

Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 21:10:35 +00:00
Vincent Ambo
1521599fe2 chore(3p/terraform-provider-glesys): bump to v0.3.2
This fixes an issue with object storage instances that don't have the
default credential, which is actually the case for one of ours.

Change-Id: I805b4957d85a0a5e91e7027cce30e5fd69d8fb69
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5694
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-27 21:10:35 +00:00
Vincent Ambo
aa29f359b8 chore(tazjin/home): persist another path on both laptops
Change-Id: I57f174c66b06212cf6fbce26ec9097a83b24abd0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5693
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-26 17:40:59 +00:00
Vincent Ambo
772f8f1b90 feat(ops/pipelines): Evaluate depot pipeline in restricted-eval mode
Change-Id: Ic5b98a0777860b68dabb9a9b59e8c682236a71c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4884
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-26 16:57:16 +00:00
Vincent Ambo
46d71fbff8 refactor(wpcarro): Prepare for restricted-eval
Change-Id: Ieb3b28d56ecd2819c3a7c08c22e33493d9e0be7f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5687
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 16:50:25 +00:00
William Carroll
d100c1f49f feat(wpcarro/ava): Support earlyoom
Strange start to my Monday where I spent ~2h debugging my hanging
NixOS. Strangely I'm not sure I made any changes to my configuration to trigger
this, and I was finding this hard to reproduce:
- graphical X sessions hung (once when opening Chrome)
- TTYs hung (during `nix-build` and `rebuild-system`)

Per kn's recommendations whenever a system is hanging, see if it's reachable
over the network (e.g. SSH). Since I didn't have my laptop, I downloaded Termius
on my iPhone, which I used to mosh into ava, which is a surprisingly nice UX.

I suspect my machine (with only 8GB of RAM) was OOMing, but I'm not
certain. Thanks to grfn I installed `earlyoom`. For more commentary, check-out
Profpatsch's blog post about this: https://profpatsch.de/notes/preventing-oom

What went well:
- Thankfully I installed a Matrix client on my iPhone last week, which allowed
  me to troubleshoot with the #tvl folks

AIs:
- I'd like some instrumentation like Prometheus, Loki (`journald`, `dmesg`), so
  that I can accumulate troubleshooting information that isn't destroyed when I
  reboot my machine (which I did 1/2-dozen times today).
- Consider adding `git` metadata to `system.nixos.label` to get more useful
  information in a GRUB/EFI context.

More unknowns:
- Why can't I switch back to EFI (from GRUB) for my bootloader?

Change-Id: Ie2a5a15f5c0ead346d50e331fa2937f8f3453960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5625
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-26 16:48:53 +00:00
Vincent Ambo
c16a18a718 chore(nix/utils): Comment out tests for detection-ish of symlinks
This is broken for (as of yet unclear reasons) with restricted
evaluation mode.

Change-Id: Idbc16e7e21dfb113995c045659fefe2c1a535741
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5691
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 16:44:52 +00:00
Vincent Ambo
5d9d03057c refactor(grfn): Prepare for restricted-eval
Change-Id: I672ad0898b2ef6a11f8bc9233da0ded4a296fe0e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5686
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-26 16:37:02 +00:00
Vincent Ambo
7a0a4224a5 refactor(ops/nixos): Prepare for restricted eval
Change-Id: I7b5304dda3040830fe90fc188b35da3fd95451a0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5682
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 16:24:34 +00:00
Vincent Ambo
d10cbc711d refactor(Profpatsch/blog): Prepare for restricted-eval
Change-Id: Ia73db534634b11c6361e4e88a4d73a1512d969ca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5685
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-05-26 16:09:47 +00:00
Vincent Ambo
565993f016 refactor(tazjin): Additional restricted-eval cleanup
Change-Id: I4baa94f65a16248023b5fb0e2dd305d6984566c8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5690
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-26 15:40:44 +00:00
Vincent Ambo
48dfefe40d refactor(sanduny): Prepare for restricted-eval
Change-Id: I83a404dc7dbaf5ca53659d03df4e4de461a9d046
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5688
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 14:17:33 +00:00
Vincent Ambo
65953e0913 refactor(3p): Prepare for restricted-eval
Change-Id: I1e577400717833c3de75bfef38950565716580bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5684
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 14:17:32 +00:00
Vincent Ambo
250300f167 refactor(whitby): Prepare for restricted-eval
Change-Id: I7604ca29310d759b0ffee2ffb0048b6365a2894c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5683
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 14:17:32 +00:00
Vincent Ambo
9eb4002d18 refactor(tazjin/nixos): Prepare for restricted-eval
Change-Id: I6adbe1d53581dddc4c7c3a44516fbed3a661daff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5689
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-26 12:53:21 +00:00
sterni
1ad9b249f4 feat(sterni/emacs): configure lsp-ui-sideline for code actions
Change-Id: Idd0d09c47466f77cc04a628c95152d306af563d5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5680
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 12:13:16 +00:00
sterni
80a80a0706 feat(sterni/emacs): configure lsp-ui add proper lsp bindings
Change-Id: I1a81feca1bde663d1fbea1e2520f25f0bb57453c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5679
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:51:13 +00:00
sterni
3a2ad8ed3b feat(sterni/emacs): fill background of languagetool issues
This used to be the behavior of languagetool.el which we now restore
finally. The yellow underline was really easy to miss on a white
background.

Change-Id: I8b34ed64f9f7a82c39de84575877910335024ffe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5678
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:51:13 +00:00
sterni
66d2ea3dfd feat(sterni/emacs): add binding for switch-to-buffer-other-window
Change-Id: Idbc6a9a080dc606d653b7fcf683182698836da43
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5677
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:50:12 +00:00
sterni
e4d87b1fd2 feat(sterni/emacs): load org-tracker from mutable path in home dir
Packaging this seemed a little tricky due to some quirks of the code,
but it's best to solve that whenever it's actually in depot. For now I
break it often enough that it's useful to be able to edit its source
quickly.

Still missing some necessary configuration which I'll probably steal
from grfn next week or so.

Change-Id: I1300807f7b1bc39ddb9f792c2ee500f4dd72d002
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5676
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:50:11 +00:00
sterni
462c85e2d8 refactor(sterni/emacs): banish elfeed and languagetool to ,m
I'll probably want to use <leader>f and <leader>l for different things
in the near future.

Change-Id: Iaf3de2dac90c018db8ca8797673bd1bf21df9c74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5675
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:47:09 +00:00
sterni
72f0c3b6c1 fix(sterni/emacs): reflect changed command name in languagetool.el
Also delete duplicate java-arguments while we're at it.

Change-Id: I6e129f3aaefaa06e812d4dec36bd754fab4ab4e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5674
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:47:08 +00:00
sterni
4bef7ef946 feat(sterni/emacs): default to ormolu as Haskell formatter
Change-Id: I4ce9c190e812cae56c00745e703fe3cc17755223
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5673
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:47:07 +00:00
sterni
71407ab2a6 feat(sterni/emacs): allow launching magit from project-switch
I always found myself starting a shell or dired to do ,gr right after…

Change-Id: I609bbe13c74a9360608939aca79748a8e59343fd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5672
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 11:47:07 +00:00
Vincent Ambo
385591d8bf chore(nixery): Bump Go dependencies
Change-Id: Id6ff48d66368732cba0b8af6e1cbab64b0f2afbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5671
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 10:05:55 +00:00
Vincent Ambo
bc42c5a61b fix(ops/modules): adapt for changed ssh.knownHosts
Somehow this ended up generating an empty file, with this change it is
fine again. I was looking at the recent commits of the module in
nixpkgs but couldn't quite figure it out, there are also some vague
references to the attribute set key being used as a hostname, but this
doesn't seem to be true in practice.

To be clear, the previous code was wrong, but at some point it
generated a file that accidentally worked.

Change-Id: I42d55730c09daafe6d6fe0eb3647135e84737bca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5670
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-26 10:05:54 +00:00
Vincent Ambo
85943eeed4 feat(nixery): Automatically mirror subtree to Github
This exports the `:/tools/nixery` subtree to Github automatically
after merges to `canon`.

Due to the way the project was imported this continues the existing
git history in the external repository.

Change-Id: Ie871c14ad5d8f1019f8be86adecbe9b130ffb01a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5667
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 08:41:57 +00:00
Vincent Ambo
74c422d0a0 feat(tools/releases): Add release helper for mirroring to Github
This adds an extra step definition which can push the result of
running a josh filter on the repository to Github.

Change-Id: I1f93ae78e1bf452fbd1b21ce943a60acc85c944f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5666
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-26 08:41:57 +00:00
Vincent Ambo
6a17cf232d chore(3p/naersk): Bump and fetch via niv instead
Change-Id: Icae69a1170e06f61aea5494963913c7278f18dce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5669
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-26 00:00:42 +00:00
Vincent Ambo
e3a31b702a feat(whitby): Deploy private SSH key for build agents
Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-25 23:53:09 +00:00
Vincent Ambo
77f096771d feat(ops/secrets): Add private SSH key for Buildkite agent(s)
The public key is:

  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME13zAw3Fk6qsbWCe6mH2zkxOJ+NmG+FwMjLw00mcWt buildkite@tvl

Change-Id: Ia8591e5df42727e4068f26865d83d0af85424fde
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5664
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-25 23:53:09 +00:00
Vincent Ambo
e3c26a0083 chore(cheddar): Bump dependencies within bounds
Change-Id: I58a18b41c883c73450fdfafa93a565777710be3b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5663
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-25 23:53:09 +00:00
Klemens Nanni
3a53587c2a feat(ops/modules/open_eid.nix): Access all key slots
`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required.

Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: kn <klemens@posteo.de>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25 20:38:11 +00:00
Klemens Nanni
45c46d4a73 feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATH
libdigidocpp is a dependency of qdigidoc4(1) already.

This will need https://github.com/NixOS/nixpkgs/pull/174055
"libdigidocpp: Fix PKCS11 module library path" to work, though.

Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25 20:37:53 +00:00