For this we create a directory containing a nix-inject.el file using
writeTextFile where we can string interpolate as much as we please and
merge that into a single emacs.d directory with the config *.el files
tracked in the normal tree using symlinkJoin.
Change-Id: I0e39591587a54527214783d4380456d2763da091
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4324
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
We can gcroot the derivation files and drop this step, but have
elected not to do so for the moment, see cl/3436.
Change-Id: I993a1f3921e9f21e18fa260e76d3dd15ffa556bd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4327
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
By default besadii will set the `Verified` label in Gerrit. This adds
a config option to set a different label instead if desired.
Co-authored-by: Vincent Ambo <mail@tazj.in>
Change-Id: I254159e46994e01182987ed5e5e26e27c57f46ce
Get flash working via a functioning cookie-store session middleware, and
display flash messages if present at the top of every page.
Change-Id: If5f267dee3f41ef7954ea82667822c596e1b0474
This version interpolated in by Nix in the lines above instead of
being loaded from Elisp, as that would require starting telega inside
of that build (which is a bit messy because of async elisp).
Change-Id: I775844acb6928db76516f06188b19c713f765ab8
Currently in NixOS configuration using agenix secrets there is no
build time validation of secret paths - things fail at runtime (system
activation).
To prevent that, this CL makes the secrets part of the tree based on
the same configuration file used by agenix itself.
This guards against:
* agenix secrets.nix definition for a non-existent file
* age.secrets value in a NixOS config for a non-existent secret
Change-Id: I5b191dcbd5b2522566ff7c38f8a988bbf7679364
The l= is part of the command, not of the shape of commands, and the
previous command concatenation logic was wrong because of that.
Fix is done in the most obvious way: Make the l= part of the command.
Change-Id: Ia3c08c3da60fe5fc38f29a2d94adcd123e4f3052
... okay, this is like the 5th error related to something with this
and file paths. Need to write some validation logic.
Change-Id: I4314818aa1bc25b8cf7bd3593850d3836ccb867c
Git only allows binary names prefixed with `git-credential-` if the
path to the helper is not absolute.
Why? Who knows.
Change-Id: I216b2a621f62a73f05e21def7ec8016b29ede892
Currently this functionality is provided by a shell script stored in
/etc/secrets (which has the password value hardcoded).
This needs to happen in a separate commit from the one that changes
the pipeline to avoid breaking it (it needs to be deployed first).
Change-Id: I680754c828ccefbacfcf0d5c813a4bc19493ba4c
We already checked this in, but this commit adds the configuration for
making use of it.
There are two copies of besadii's JSON configuration with different
permissions.
Note that the buildkite-graphql-token path needs to be updated in
static-pipeline.yml, but this needs to happen in a separate commit
after deploy because the pipeline will break otherwise.
Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
This makes this function a true rubberstamp again, leading to
rubberstamped CLs automatically being merged after CI passes.
This is similar to the initial functionality we had last year, where
this directly submitted changes, but with the addition of the CI
checks.
Change-Id: I946b074b968eb18a64c4edb0043f7a4af28759b4
This almost makes for a sort of fire&forget button, except we don't
have a way to automatically pick reviewers yet :)
Change-Id: I6f446270f8aaf0409ccb6321bdbb5c349079cd19
... this option really is a pitfall! The list of programs is now the
same as in the upstream module, plus curl and jq.
Change-Id: I29edae4b2400a2724f62df9efa1dc184a8b0af5f