This reverts commit 8fa3087067.
Reason for revert:
This almost worked. We discovered two important issues:
- The daemon startup does not correctly handle the socket passed in by systemd.
- There is some issue with chunking of large calls, running a build for ci-builds resulted in:
tazjin@whitby /depot (canon)> nix-build -A ciBuilds.__allTargets
E20200821 01:42:22.846053 12601 shared.cc:306] error: Rpc call addTextToStore to unix:///nix/var/nix/daemon-socket/socket failed (RESOURCE_EXHAUSTED): Received message larger than max (10889961 vs. 4194304)
Change-Id: Ic5ba4ef06a4953cf71a36b139fe25ea673cb6fee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1802
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
... this is going to break so much stuff. Lets have some fun.
Change-Id: If0185e0323391c7055d47b797083bb5afde57cb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1829
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Adds the ability to post to multiple channels by simply running
multiple instances of clbot.
We should probably implement support for this in clbot itself, but
right now I can't be bothered to write Go.
Change-Id: I5cffd0dc10a7f6cc19c37c5834c5610166b4ae23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1771
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: lukegb <lukegb@tvl.fyi>
It tries to write this to ~/.cache otherwise, which worked for the git
user but does not work for root (??)
Change-Id: I02d04da7d8e2b8782ce70bc72bce0b90c3961aa0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1546
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Changes the restic backup service to run as root, rather than git, and
include the PostgreSQL dumps in its scope.
The on-machine credentials have already been placed in the right
location in /var/backup/restic
Fixes: 27
Change-Id: Iae76357442f07596a2297ce7b6d51aae392d2074
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1541
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
... daily is just the default cron pattern for this, but we might also
want this to happen more frequently. Not sure yet.
Change-Id: I4e433fefebd93488891e765b5842fdb6537e3c6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1518
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
It appears this didn't even *work* without a password, so we've been
forced into being more secure.
Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This is how panettone is currently connecting, so this needs to be here
in order for it to work. Shortly I'll update all of this to use
passwords, but for now this gets things up and running again
Change-Id: If87f4dbce0800dcbc4f7bf10e88f3e591410b416
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1488
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Create a running Postgres database server along with a user and database
for Panettone, and pass configuration for it to the panettone module
Change-Id: I333994288131be328e62069382d6d40f8034c400
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1466
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Otherwise I have to set TERM to something else so that I can actually use the
machine when I'm booted into Linux and it's incredibly tedious and I hate it.
Change-Id: Icfb5aacfea8cd6227743d29d9b07dc1b745d22c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1435
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Deploy Panettone to whitby as a systemd service, proxied to from an
nginx virtual host listening at b.tvl.fyi
Change-Id: I69755566151a45120e6b3453751af0e9291fa241
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1339
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
I don't have time for bash's history.
Change-Id: I741107d33f09999ef43a7609079ad926e8127e69
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1362
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
... also bootstraps her user directory to store the key in.
Change-Id: Iecd341c655adc7d81be5ce9eb765c531b7512e80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1361
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
This is inline with how other user keys are managed.
Change-Id: Ica0b3b30336aee02a78e019b13e1cf576e4e1943
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1360
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Note that this is not yet updated automatically, so the page will be
stale until somebody rebuilds whitby.
Change-Id: I91f4b03c9309aed289df055fac292a214dca7668
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1297
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Tested-by: BuildkiteCI
The Hetzner DNS servers were unhappy after today's Cloudflare outage,
and that broke some of our builds - this wouldn't have happened with
Google DNS!
Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
... and enable it on whitby
Change-Id: Ife45f15227f9d95823ebd3b97d2a17175b84eaff
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1064
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
There is only one minor configuration change: CLBot now connects to
cl.tvl.fyi, instead of localhost, because Gerrit is still on camden.
Change-Id: Ibd8d46ec2c18312a270471a2f0be3e58eaf0cbab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1062
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This is required for the Gerrit setup.
Change-Id: I02e03dafe36e6c47ffabf4d590e0c6f1dea027e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1061
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.
As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.
Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.
Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
This is the point of the machine, afterall.
Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
systemd gets sad otherwise and it is very difficult to console it
Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.
Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
