Commit graph

16328 commits

Author SHA1 Message Date
sterni
7fea2bdc45 fix(3p/nixpkgs): pass localSystem from depot to nixpkgs
Change-Id: I75d2ad14ebc81a76cfa7c8d83e77b4a124b03466
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5846
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-03 23:50:07 +00:00
Vincent Ambo
837560c846 fix(nix/emptyDerivation): Use system from readTree parameters
Change-Id: Ia7f9f4d0e7c06fa5433213a315c3354a83e94545
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5833
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-06-03 23:27:03 +00:00
Vincent Ambo
6cfa6bb59e feat: Add top-level system parameter
This has come up a couple of times. This way system is passed to all
derivations. Maybe we can do something useful with it.

Change-Id: Ia7dfcffbc82abbd3128342a8971a3861865be713
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5832
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-03 23:27:03 +00:00
Vincent Ambo
3cbe10c4f6 fix(grfn/achilles): use parent envrc in direnv
this way the tooling provided by //.envrc will not disappear

Change-Id: Icba1fe85d65316fde939ed3451e0cf80d9064382
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5836
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2022-06-03 19:24:33 +00:00
Vincent Ambo
cf00365f84 feat(nix/buildkite): Validate available phases in extra steps
This will avoid things like extra steps being accidentally ignored
because of typos.

Change-Id: Ic4fa5925e42a7a449f89b4cde1510e216e91da6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5827
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
2022-06-03 17:36:15 +00:00
Vincent Ambo
876b71f641 fix(nix/buildkite): Forbid 'prompt' in build phase steps
This would block CI on human-approval if people were allowed to do it,
so they're just not.

Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2022-06-03 17:36:15 +00:00
Vincent Ambo
56a97a0337 refactor(nix/buildkite): Explicit support for build phases
Previously the extra steps were roughly divided into steps that run
"at build time" (i.e. before we publish results to Gerrit), and
"post-build" (i.e. later on).

In practice, these are something like a build/release pairing, where
steps running after the build results are returned are mostly run for
side-effects (e.g. publishing git subtrees to external repos).

This refactoring makes this distinction explicit in //nix/buildkite
and changes the extraSteps API with an explicit `phases` attribute
instead of the previous `postStep` attribute.

In practice the previous API is still supported, but will throw
evaluation warnings until an arbitrarily chosen cutoff date of
2022-10-01 at which point we will change using it into a hard error.

This uncovered a few strange behaviours which we only accidentally
avoided, most of which I have left TODOs about and will clean up in
subsequent commits.

The purpose of this commit is to allow for separate evaluations of
only build or only release steps, for example if release steps are
evaluated in a slightly different context (e.g. with overridden
versioning that is not relevant to standard CI functionality).

Change-Id: I0b0186e3824273c15a774260708702d4a5974dac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5825
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
2022-06-03 17:36:15 +00:00
Vincent Ambo
a027ee9f03 refactor(nix/buildkite): Rename "post" steps to "release" steps
This is in preparation for a subsequent CL that will do much more
significant changes in //nix/buildkite.

Change-Id: I80a8d67d3a7d593854c8d711572483c2581e7881
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5824
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
2022-06-03 17:36:15 +00:00
Vincent Ambo
b8301ed64b docs(nix/buildkite): Fix an out-of-date comment about chunk size
Change-Id: Ic1f874f4ca83f9088355dc0512723ea962e0db52
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5823
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-06-02 20:32:46 +00:00
sterni
3c5da97609 fix(nix/buildLisp): resolve eval problem in ccl code
The isPowerPC predicate has been [removed], since it was misleadingly
named (it just matches PowerPC, 32bit, little endian). This means the
64bit code path could now actually work.

Not sure about endianess, the CCL docs don't really say much regarding
that topic.

[removed]: https://github.com/NixOS/nixpkgs/pull/168113

Change-Id: Icf4a8c6b1df95fa597ed87508f57aaa73e6185ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5796
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-01 10:46:03 +00:00
sterni
89f3f0a5dc feat(tools/magrathea): add repl command
`mg repl` is essentially a shortcut for nix repl $(mg path //) which
comes up often enough for me. Launching a repl only really makes sense
in the repository root with how readTree works at the moment, so I think
this is a convenient addition.

Change-Id: I32b695885c2e6eaecdcc656c7249afa504439913
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5822
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-06-01 10:32:01 +00:00
sterni
ae422c1353 feat(sterni/nix/misc): predicate to check if isRestrictedEval
This is merely a little demonstration of nix#6579:
`users.sterni.nix.misc.isRestrictEval` returns whether the restrict-eval
setting is true or false by exploiting the aforementioned Nix bug.

Change-Id: Icca354d1cd6571cdf0804abae27aac91a18cda1e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5692
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-06-01 10:30:37 +00:00
sterni
f54ea857ec chore(3p/sources): Bump channels & overlays
Not updating the stable channel to 22.05 yet, since it ships a too
recent bat for us.

Change-Id: Ie8a541e972879f92c62b5e04254cca7b5880c813
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5821
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-01 10:30:37 +00:00
Griffin Smith
690e60b1d4 chore(grfn/emacs): Remove racer binding
Change-Id: Ia9d548d4d126fed0faa894006d077c253fa7f13e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5799
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2022-05-31 19:38:16 +00:00
Griffin Smith
8851075c27 feat(grfn/system): Resuscitate roswell
Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.

Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2022-05-31 19:38:16 +00:00
James Landrein
fb22886165 feat(j4m3s): add keys
Change-Id: I8384d37f071a031d92d3d9b0d7692dae25880dc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5797
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-31 16:05:38 +00:00
sterni
a7f9624fb3 chore(3p/lisp/cl-json): use quicklisp source
This switches upstream from hankhero/cl-json to
sharplispers/cl-json (the former of which had its last commit in 2014).
Sadly the new upstream hasn't decided on an appropriate fix for b/145
yet (due to concern about backwards compatibility, apparently). I did
not look before working on a fix, so I have an 90% finished fix which
is (I think) better than the already proposed ones, so I'll patch it in
here eventually.

Change-Id: I9e39e138fa655794b864db5f268bdfdc35788fcc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5795
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-31 14:46:42 +00:00
Vincent Ambo
a3e6e8dc24 fix(tazjin/nixos): Always install moreutils everywhere
I keep having this in the user env instead, not good.

Change-Id: I683efc9782281053cb4aee1875c3a664c8dcdae8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5794
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-30 15:12:02 +00:00
Vincent Ambo
4b830207da chore(tazjin/nixos): Cleanup of systemPackages
Change-Id: Ica651a2c392dc33b4f076e097d7b3889d50d96c6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5793
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-30 08:04:13 +00:00
sterni
58df008ca9 chore(3p/sources): Bump channels & overlays
This time, the emacs-overlay seems to have unbroken itself.

* //users/tazjin: use zfs.latestCompatibleLinuxPackages instead of
  linuxPackages_latest, since ZFS needs time to catch up (i.e. ZFS is
  broken with a 5.18 kernel).
  See https://github.com/NixOS/nixpkgs/pull/174091#issuecomment-1137175076

Change-Id: I8d1123af236a5e56618f6ac7a2e22511594b7d4b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5792
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
2022-05-30 07:42:10 +00:00
Vincent Ambo
0d4cf119bc feat(nix-1p): Export subtree to GitHub
We needed a derivation for that, but this can also be used in the
Nixery docs building process (which includes nix-1p).

Change-Id: If97cf785a33d703af975da3b41de9b69566dfa81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5789
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-29 12:30:49 +00:00
Vincent Ambo
9f6215f6e0 subtree(nix/nix-1p): Merge nix-1p into depot
It's time to stop maintaining this on GitHub, and use the
export-from-depot feature instead.

Change-Id: Ic6b840bb0e8580c7214113467b4995ea3d2fae02
2022-05-29 13:31:03 +02:00
tazjin
94b030f276 revert(users/tazjin): Revert "Welcome to the danger zone!"
This reverts commit ad7f07e6f1.

Reason for revert: This was just a test of b/167.

Change-Id: I1f709ed1c76c69555bf987370d4e521bd61e915e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5801
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-29 11:16:52 +00:00
Vincent Ambo
ad7f07e6f1 feat(users/tazjin): Welcome to the danger zone!
Debugging b/167. Just ignore this.

Change-Id: I516f52b34a2777a0e40e98cda43bb090720a70af
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5785
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
2022-05-29 11:13:52 +00:00
sterni
e2807ec934 fix(ops/nixos): use builtins.storePath to avoid dumping pkgs.path
This is a less invasive way to achieve the same goal as cl/5681, by
preventing the already existing nixpkgs store path from being dumped
again at the call site. To support nixpkgsBisectPath, we simply check if
pkgs.path is below builtins.storeDir and use builtins.storePath based on
that.

This is actually similar to the approach taken in the nixpkgs
documentation system which tries to limit the amount of nixpkgs that
needs to be dumped by using filterSource on specific subtrees of
nixpkgs. For this to work it has to insist on pkgs.path being an
ordinary Nix path, though.

Change-Id: Idf892f90a5d811184568e4702a901c334d56210e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5787
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-29 10:22:25 +00:00
Griffin Smith
8ae5c7a781 feat(web/panettone): Redirect to created issue after creation.
Fixes: b/54
Change-Id: I5ae6c8aa2a4448554a8ba4cb41185ada1ecf8cb0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5784
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-28 18:47:19 +00:00
Vincent Ambo
8b01911e94 fix(panettone): Correctly extract user email
Change-Id: I30c83f93006eed63c20440faf7118c8d22c1a239
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5783
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 18:36:36 +00:00
Griffin Smith
1fbed8e317 fix(web/panettone): Don't add extra padding when already padded
Because of math being upsetting, we were adding 4 padding characters to
an already-properly-padded base64 string, which broke tazjin.

This also breaks this function out into panettone.util, and adds a test
for it.

Change-Id: I7bc8a440ad9d0917272dd9f2e341081ea14693da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5782
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 18:30:35 +00:00
Griffin Smith
b39ca017c0 fix(web/panettone): Properly handle un-padded base64 in jwts
The JWT spec apparently specifies that base64 strings in jwts aren't to
be padded - but the common lisp base64 library doesn't know how to
decode unpadded base64 (it signals a condition in that case). This adds
the extra padding characters (a number of `=` characters such that the
length of the string is a multiple of 4) using some FORMAT wizardry (?).

Change-Id: Ic6b66f05db2699bf1f93f870f5dd614c37eccc2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5781
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: grfn <grfn@gws.fyi>
2022-05-28 18:00:30 +00:00
Vincent Ambo
c1bddf191f feat(web/panettone): Implement OAuth2-based authentication
Instead of directly connecting to LDAP and attempting to bind
usernames/password, authenticate users through an OAuth2 flow to
Keycloak.

This has the advantage of reusing the same SSO we already have for
Gerrit, Buildkite, ...

However, much of panettone's functionality makes assumptions about
LDAP being used. As a result there are some warts introduced by
this (for now):

* Since LDAP DNs are used as primary keys for users, we have to
  construct fake DNs based on LDAP usernames

  It might be sensible to migrate this to the UUIDs used by Keycloak
  eventually.

* LDAP is part of the serving path for issues (for fetching user
  information), however panettone no longer has a way to fetch
  arbitrary user information unless it is persisted in its database.

  To work around this, we construct a "fake" user based only on its
  DN (i.e. only the username is going to be "correct") and use that to
  serve issues.

* Email notifications no longer work (panettone can not access email
  addresses)

Some of these need to be worked around by persisting some of that
information in the panettone database instead, as we don't want to
give the service the ability to access arbitrary user information
anymore.

We can probably do this with the user settings feature that already
exists and populate it on launch, but as of this commit email and
displayName functionality is simply broken.

Change-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5772
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
2022-05-28 18:00:02 +00:00
Vincent Ambo
121fb13648 feat(ops/secrets): Add OAuth2 client secret for panettone
Change-Id: Icc53b161b260632e50b7bdc4c908912fd377bb87
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5771
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-28 17:03:36 +00:00
Vincent Ambo
10768741cd fix(web/panettone): Only send emails if the email is known
Upcoming changes to the authentication model may mean that user
objects do not have an email address attached.

Change-Id: I4fddb810f723c790d243f779714ca7f189a02aeb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5770
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-28 17:03:36 +00:00
Vincent Ambo
38be32c6b0 feat(ops/keycloak): Add OIDC client for panettone
Change-Id: Idb4352e3bbf412df5569aa988a78c6438063f93a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5769
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-05-28 17:03:36 +00:00
Vincent Ambo
aed1fbeb95 fix(gerrit-tvl): Use only one build filter
Buildkite can't handle more than one filter for the query; as of the
last commit it just returned an empty list.

I've verified with curl based on the request the previous attempt
constructed that this works as intended with only setting the commit.

Behaviour is probably undefined if there are two builds for the same
commit (i.e. a retry). Which one will you see? Who knows!

However, since the commit hash contains the Change-Id, we can't get a
situation where the build was for two different CLs at the same
commit. Gerrit wouldn't allow that.

Change-Id: I0dcd0ff44c28d3d15cba23461970bfc8483f4e48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5768
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-28 13:39:58 +00:00
sterni
6813598c17 feat(nix/utils): add onlyDrvPath to get the drvPath w/o the outputs
I want to use this utility in a deploy script where the .drv is
nix-copy-closure-d to a remote host and realized there. Consequently it
doesn't make sense that the local deploy script depends on the
derivation's outputs which drvPath does by default.

This also came up when working on //nix/buildkite, although we didn't
end up using it there.

Change-Id: I952bbfd4d7e9de212569d5ee12182eb50d360f53
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5767
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-28 12:01:46 +00:00
Vincent Ambo
6c3465dc59 chore(ops/sourcegraph): Bump to 3.40.0
Change-Id: I77438201d8ed5237095b3d2e8a855dec3e58b641
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5766
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:58:34 +00:00
Vincent Ambo
b4c4ea074a chore(ops/sourcegraph): Bump to 3.39.1
Change-Id: I76d0a3ede7cc23a9a6e8db61ed7e9d91670f1699
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5765
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:57:20 +00:00
Vincent Ambo
e6ed840788 chore(ops/sourcegraph): Bump to 3.38.1
Change-Id: Ib1f4f9591acab537607c9d9c9b123e9c711e331b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5764
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:55:27 +00:00
Vincent Ambo
291dd44044 chore(ops/sourcegraph): Bump to 3.37.0
Change-Id: If333f28dd0bec4eb965a6e3005ef5aca810c86f3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5763
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:53:41 +00:00
Vincent Ambo
793081905e chore(ops/sourcegraph): Bump to 3.36.3
Change-Id: I3a6caeeb06919b25a9c1200c8f286b0bd34916b2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5762
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:48:27 +00:00
Vincent Ambo
d32fa2bd33 chore(ops/sourcegraph): Bump to 3.35.2
Change-Id: Ia829b4ffa2e7e37438f766d0ff98e504c0d856b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5755
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:37:15 +00:00
sterni
a6367b4bdc fix(nix/utils): remove predicates based on symlink heuristic
Due to [nix#6579] the heuristic which allowed us to determine if a
symlink points to a directory is not reliable – if restrict-eval is
enabled it _will_ return wrong results. Until upstream resolves
this (and we backport the patch) it is probably best to not expose this
functionality at all.

[nix#6579]: https://github.com/NixOS/nix/issues/6579

Change-Id: Id847c794bb279be909c5426953c4fe13c2493343
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5761
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-28 11:35:42 +00:00
Vincent Ambo
c06d47b787 chore(ops/sourcegraph): Bump to 3.34.2
Change-Id: I865335006a091986f8a98e4d5da7161a25e948d9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5754
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:29:01 +00:00
Vincent Ambo
c6024e7a41 chore(ops/sourcegraph): Bump to 3.33.2
Change-Id: I6568e3226a7ff0796cbf3748c0dab1530fb0fb6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5753
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2022-05-28 11:26:03 +00:00
Vincent Ambo
a99e33a107 chore(ops/sourcegraph): Bump to 3.32.1
Change-Id: I8efdf3dbfc5575f24c8e6996a7716d308f1446df
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5752
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-28 11:21:27 +00:00
Vincent Ambo
9bff3ae373 fix(tvl-slapd): load argon2 module with new name
This became an "official" module and dropped the `pw-` prefix.

Relates to b/184

Change-Id: I963f83b55b83015b022ab1b8330ea710d2258631
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5751
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 23:48:37 +00:00
Vincent Ambo
1c6dc510a6 test(tools/hash-password): ensure that script can execute correctly
This tests loading of the argon2 OpenLDAP module. Relates to b/184

Change-Id: I661af4ddc238ad02d082b3a0cede55af5ef13f1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5750
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-27 23:48:37 +00:00
William Carroll
deb8796cc5 feat(wpcarro/tarasco): firewall.checkReversePath = loose
Tailscale is warning about this in `nix-build` via `trace`.

Change-Id: Ia44100f5a3cd12fbf9fd10dbf40bef10805aff12
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5749
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:31:34 +00:00
William Carroll
932a03e224 feat(wpcarro/tarasco): Enable earlyoom
See the comment or other CLs I've made in the past about earlyoom.

Change-Id: Ia4c0c61784aa3e76644de91a95e8b9fbdd743b54
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5748
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:31:33 +00:00
William Carroll
3dbfa04f21 fix(wpcarro/tarasco): Blacklist rtw88_8821ce
This naughty RealTek wireless module crashes my machine. I'm also moving other
`boot`-prefixed options out of `hardware.nix` and into `default.nix`. In
general, I'm not *really* a fan of the distinction between the two files in the
first place.

Change-Id: Iabdc776afc78f00971f426c5931b7235c8c0ee20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5747
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-27 23:27:31 +00:00