This makes the journaldriver configuration machine-independent.
The secret is loaded from agenix instead of being persisted on disk.
Change-Id: I592ae7f5726fcb7f37a406f69dcf5ac498eeb1b7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5302
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
josh-proxy calls git at runtime and needs to have it available
Change-Id: Ifccc6879cc5911060c7e6681c202fe5e8c2f5440
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5269
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: grfn <grfn@gws.fyi>
With this change, entering just "whitby.tvl.fyi" or "sanduny.tvl.su"
in a browser will redirect users to their machine configurations.
Change-Id: Ibf076a469bcce073e1b1970aa568d6fe16a5c75a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5304
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
This needs to be present on all machines that run ACME stuff.
I've switched the address for a .su one because I have a catchall for
these.
Change-Id: I7af8e1f1cb2fcfbcba4b7d1930ed0edef0106d72
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5306
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This changes the structure of secrets.nix a bit to split between
secrets for whitby, and secrets for all TVL machines.
Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
This will be an additional web host / fallback git server for whitby
incidents.
Change-Id: Icd6f7ce574ffd520b5783a50ff317feed7b71fc6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5297
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Rather than defining all system users inline on whitby, move them into
a module that can be imported on multiple machines.
Configuration for terminfos that we've added follows along.
Note that while doing this I've disabled logins for riking and isomer
since they are currently inactive in TVL.
Change-Id: Id18031d355afc34079c5e6e49dc6943e61809a8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5298
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
cgit has its own module now
Change-Id: I9b4cc322374517b8bd3db43345831e2bf43c4bb1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5295
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The ancient `//web/cgit-taz` path stems from the time I had
code.tazj.in serving my initial version of the depot.
I've been meaning to clean this up for forever, so here we go.
Note that this leaves the git-serving module in a strange state where
it only deals with josh. I'll rename it accordingly.
Change-Id: I47ed1e9d90958299b5440a18a1b9075274754e33
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5294
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Move the current window to a new named EXWM workspace and focus that workspace.
Change-Id: Ibb3d3b3df09c6853d2eaf02882714a5c62623d2b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5293
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
I've had the notion that builtins.genericClosure can be used to express
any recursive algorithm, but a proof is much better than a notion of
course! In this case we can easily show this by implementing a function
that converts a tail recursive function into an application of
builtins.genericClosure.
This is possible if the function resolves its self reference using a
fixed point which allows us to pass a function that encodes the call to
self in a returned attribute set, leaving the actual call to
genericClosure's operator. Additionally, some tools for collecting meta
data about functions (argCount) and calling arbitrary functions (apply,
unapply) are necessary.
Change-Id: I7d455db66d0a55e8639856ccc207639d371a5eb8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5292
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
This was temporarily commented-out and never uncommented.
Change-Id: If770721aa10c65c5601b9f53a2d1810aef57b61d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5290
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
This is handy for pasting a git commit SHA in magit's checkout minibuffer.
I also removed the dependency on clipboard.el because clipboard-yank is defined
elsewhere.
Change-Id: I6872bf63e4ba9c2b186466d083e6798123d417cc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5286
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Thankfully CI caught this bug by evaluating my Emacs init script; however, this
could've been caught even earlier if each of my Elisp modules were packaged with
Nix and be individually evaluated.
That change will come soon enough...
Change-Id: I987bab22a388c43183f79ace41ed97be83578ba6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5285
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
TODO:
- import this into SQL
- support ST-like query syntax to simplify SELECT statements
- add server and web app to query the table
- deploy web app
- add URLs to table
- extend web app to track how often users hit these techniques in rolls
Change-Id: Icecfbbc5e457a1dddad7b37fc1c0752d6e4b62e1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5284
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
It turns out that the netencode spec requiring to ignore *later*
entries meant that every parser has to do an extra check for each
element, instead of just overriding the key in the hash map.
This leads to a situation where the simple implementation is the wrong
one, which would lead to very subtle problems in parsers (see also the
infamous “json duplicate record entry” problem which has been used for
various exploits in the past).
To be fair, exploits are still possible, but at least a `Map.fromList`
will be the right implementation (provided it folds from the left) now
instead of the wrong one.
Examples of the trivial implementation being now right:
Python:
> dict([("foo", 1), ("foo", 2)])
{'foo': 2}
Rust:
> println!("{:?}", HashMap::from([
("foo", 1),
("foo", 2)
]));
{"foo": 2}
Haskell:
> Data.Map.fromList [ ("foo", 1), ("foo", 2) ]
fromList [("foo",2)]
Change-Id: Ife9593956f4718e5e720f4f348c227e4f3a71e2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5108
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: Profpatsch <mail@profpatsch.de>
Trying out this workflow for awhile to see if I save some keystrokes.
Change-Id: I28532be04b1de971559c8df5a3717facbdfc4f00
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5278
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
This will make sure that the db is updated regularly (on every channel
bump). This is fine, because an advisory no longer implies a build
failure.
Change-Id: I1dc0b335e0881b5c58015da63c3c47f1ab1e645f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4554
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Instead of the strict check-all-our-crates, generate a fake Cargo.lock
and add it to the report generated by check-all-our-lock-files.
check-all-our-crates was a reimplementation of cargo-audit anyways and
prevented us from updating the advisory db due to its strict
model (failing on any advisory).
Change-Id: I264a7f1a5058a527cbc46d26225352ecd437a22b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5230
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Rename check-all-our-lock-files to tree-lock-file-report and pull out
all the buildkite-specific code which makes the code less awkward.
check-all-our-lock-files is then only executed in extraSteps and runs
tree-lock-file-report on depot, adding it as a warning to the pipeline
if it is non-empty.
Change-Id: If6bd236d90cc680cba0ed4e988f2f28ddb8012d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5229
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
This script is somewhat usable by humans (it even has a help screen!)
and can be reused in //users/sterni/nixpkgs-crate-holes. We are using
bash since that allows us to exit with the actual exit code of
cargo-audit - something that's not possible in execline.
Change-Id: I3331ae8222a20e23b8e30dc920ab48af78f0247c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5228
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
With this change it becomes possible to push back to code.tvl.fyi
through josh views.
We probably want to change this patch so that it can be upstreamed,
but for now I just want to get this to work.
Change-Id: I7cdacf384e38da6ba9621e5818cfaf7c5d5c99a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5273
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Instead of managing Postgres connections on our own, use the
`with-connection` postmodern function with pooling enabled as a route
decorator.
This should resolve at least some of the issues from b/113 with
leaking connections, and an unreported issue with connections being
reused while transactions are in progress.
Change-Id: I1ed68667a3240900de1ae69df37d2d3018caf204
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5198
Tested-by: BuildkiteCI
Reviewed-by: eta <tvl@eta.st>
Autosubmit: tazjin <tazjin@tvl.su>
I want to add a shortcut to build and run e.g. scripts that are depot
targets - for which it would be useful to not have stdout polluted by
magrathea itself.
Change-Id: Ic58fe28eafb4d0715e53beae041bfaa5d1745812
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5276
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
* //nix/buildLisp: re-enable CCL, as the crash has been fixed upstream,
although it is unclear what exactly caused / fixed it.
* //ops/whitby: the kitty build broke upstream, so we can't install the
terminfo on whitby for a bit.
Change-Id: I5710acbe837fbc936e334b2e81f9cf00ed6ae280
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5274
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
TL;DR:
- remove stale entries
- add entry for buying TSLA for 401k
- (partially) normalize habits.org by referencing ./first-of-the-month.org
Background:
Earlier today I automated as much of my investments as I can...
- crypto account auto-buys crypto 2x/mo
- Fidelity doesn't support auto-purchases of individual stocks, so I opened a
Robinhood account to auto-purchase stock 2x/mo
The only remaining thing that AFAIK I *cannot* automate is auto-stock-purchases
for TD Ameritrade (my SDBO 401k account). I don't think I can transfer this to
Robinhood because Vanguard controls which brokerages they're compatible
with. This should still be a big time-saver.
As such, it's time to rely on playbooks for this, so I'm dusting-off the
first-of-the-month.org playbook.
Change-Id: I545f8de20a0a30cac597400c4114b4549671a91d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5267
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
josh adds all of the contents from the directory that hosts the `workspace.josh`
file.
Change-Id: I7564454df88886f72d02a9be88640c42cee60fc5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5266
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Reuse the same buffer from which magit was invoked.
Change-Id: I20f661c8414cd6482d9374f9412186c66b736b94
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5265
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>