Use nixos-unstable-small which fixes CVE-2018-25032
(out of bounds write while compressing).
* //users/grfn/xanthous:
- Supporting random-fu 0.3 requires considerable changes and patching
random-extras (https://github.com/aristidb/random-extras/pull/5).
For now we downgrade random-fu and its dependency rvar to 0.2.*,
forcing us to build xanthous with GHC 8.10.7, due to random-fu 0.2.*
not supporting that version.
Nix expressions for the downgraded packages are checked in to avoid
the potential need to compile Haskell at pipeline eval time.
- generic-arbitrary exposes a GenericArbitrary newtype now.
This means we no longer have to implement it in xanthous
downstream and patch generic-arbitrary to expose the
GArbitrary type class.
- Minor adjustments for lens 5.0:
Xanthous.Game.Memo: clear needs to use ASetter' instead of Lens'
Xanthous.Data.EntityMap: TraversableWithIndex no longer has an
itraversed function.
- Xanthous.Orphans: adjust for aeson's KeyMap, use KM.size explicitly
instead of relying on MonoTraversable's length
* //nix/buildLisp: the CCL issue has resurfaced, disabling the
implementation once again.
* //3p/arion: remove, as depot uses the nixpkgs package of it anyways.
* //users/wpcarro: accomodate GHC 9.0.1's stricter parsing of operators.
* //users/tazjin: disable rustfmt as it stopped respecting settings
* //3p/overlays: upgrade home-manager until fix for serivce generation
has landed upstream
* //users/grfn/system: remove rr override, as the pinned commit is part
of the 5.5.0 release shipped by nixpkgs.
Change-Id: If229e7317ba48498f85170b57ee9053f6997ff8a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5428
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: wpcarro <wpcarro@gmail.com>
This wasn't caught when introduced due to b/173
Change-Id: Ifa2a05464c0fd40c16c2ac14ca28d64ca9076f9b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5183
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This avoids leaking $HOME from the environment into the build, which was
previously causing yerenHome to get rebuilt on every single depot CI
invocation.
Change-Id: Icb3c32e91186468e548c7b86b1a12bf9adef4fe9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5118
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use a nixos-unstable revision the channel has not yet advanced to (but
the tested jobset has succeeded already), so we'll benefit from the
polkit security update.
* //users/grfn/home/games: replace multimc with polymc.
Seems like this is the conclusion in in the trademark saga.
* //third_party/terrform-provider-glesys: use new mkProvider interface
See https://github.com/nixos/nixpkgs/commit/e7dbfd7ece0e
Change-Id: Ieb76a3d73c42ce1fa34050ac797fa4e3a905e8ef
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5075
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
This extra nixpkgs import has been around for a while, but seems to no
longer be needed (this software is in nixpkgs).
Change-Id: I9932fe01bda97bd8b50ec9192ab185bea69657f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5050
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Git recently started warning about this behavior, which it's always had
and I've always liked, and I don't want the warning.
Change-Id: I19ae397770b271924cc975e5f8c50d6351ed29ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4569
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Dunst as of 1.7.0 apparently no longer supports keyboard shortcuts (so
much for semantic versioning) in favor of having them be bound in the
window manager to invocations of `dunstctl`.
Change-Id: Ic3f10a29061c19ea0002e0f6d596baeafa58d968
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3815
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
`config.home.homeDirectory` is never set, meaning that when this builds
in CI it just uses the $HOME of the buildkite agent that's running,
causing it to almost always rebuild on new changes - I'm never going to
have a username on a system other than `grfn`, so this is fine to just
hardcode.
Change-Id: I920a0c546f4c06d0429534d116465e8f732218e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3495
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
I have some secret stuff here (not security-secret, just secret that I'm
installing it in my system) so this has to be conditionally included
Change-Id: Idb12e5bbab507ad3dc5eb610199fd384789c0e20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3491
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Didn't bother to update the stable channel as it is unused currently.
Changes required:
* tazjin/frog, grfn/modules/obs:
Remove obs-v4l2sink as it has been integrated into upstream OBS and
the package removed from nixpkgs subsequently (at least according to
the `builtins.throw`-message).
Change-Id: I4335ed060eef2c4ff8ac55a68d894bcc3d8ef4a3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3243
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Telegram adds this itself, which means the file is different from what
home-manager knows about, which means running home-manager switch
breaks unless this is here.
Change-Id: Iad507bf63365a630b7eef349228b633f5b83d78b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3251
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
I'm typesetting a type system! `semantic` is the big winner here, but
also `mathpartir` is nice
Change-Id: I27ee91d30e0fe680377ce48f7539553fd0707684
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3212
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Includes the following depot changes & fixes:
* stable moves to NixOS 21.05
* stable isn't used anymore (but we'll keep the mechanism)
* haskell overlay's `random` override is removed (YAY!)
* grfn/iso: Switch to regular kernel rather than
latest kernel, as latest kernel is currently marked as broken due to zfs
* grfn/home: Use julia_16-bin temporarily
julia 1.5 (current julia-stable, source built release in nixpkgs)
doesn't pass its own test suite. Julia 1.6 doesn't have a source built
package in nixpkgs yet, so julia_16-bin appears to be the only working
julia derivation currently.
* tazjin/tverskoy: Use zfs unstable, as stable zfs doesn't work with the
latest kernel
Co-Authored-By: Griffin Smith <grfn@gws.fyi>
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: I6f2e3d9f75077e4755de6bde9104d44b584cbe4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3174
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Add a script (to PATH, so I can launch it from rofi) to take whatever's
in the clipboard, pass it through `dot -Tpng`, and then open the result
with feh.
Change-Id: I1842fca3585a33d902da20dfa6101d1c6d2f2062
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3160
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
* This was mostly for //third_party/nix and its dependencies which now
have been set to use llvmPackages_11 manually.
* For //users/grfn/achilles we also manually select the newer LLVM version.
* //tools/cheddar doesn't seem to need llvm anymore.
* //third_party/buzz also compiles with clang 7.1.0
* replace clang-tools everywhere with new attribute clang-tools_11
For the future we may want to have something similar again, but it may
not be necessary to invest too much time into it: nixpkgs is set to
upgrade their default llvmPackages to LLVM 11 as well at some point in
the near future.
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: Id83868dbc476a6c776b59518b856c933f30ea79d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3135
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
We don't need these in the depot anymore as the Emacs overlay now
provides newer versions of them, or because they are not used anymore.
Change-Id: I393e1580b66450d0bb128213bc79668172dadacc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3005
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This... mostly works! I had to install it from the latest master branch
to get it functioning on my CPU, hopefully once they release a new
version I can remove the override.
Change-Id: I863d2e822b149838c58aa1c1e7dc73a127a0aeb8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3022
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI