Commit graph

20278 commits

Author SHA1 Message Date
Florian Klink
f1496f5722 refactor(tvix/nix-compat/wire): rename padding_len to total_padding_len
Make it a bit more clear that this is the total padding length, not the
padding length we still need to write.

Change-Id: I9ff4aa16f256fda367b4b9295abf82ed01b1f989
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11383
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-08 16:51:50 +00:00
Florian Klink
24fd4e963a refactor(tvix/nix-compat/wire): mv Bytes{WriterState,PacketPosition}
This is perfectly fine to track the position inside a reader too, so
rename it to reflect that.
Also make the docstring a bit less write-specific.

Change-Id: I831b0a8fe44a2477d4af96fefc692b9aabc378f1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11382
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
2024-04-08 16:27:13 +00:00
Florian Klink
35d70f94b7 fix(tvix/nix-compat/wire): fix BytesWriter test payloads
We actually did construct other payload sizes than the test function was
intended to, because I'm too stupid to count. Fix that, and also update
a leftover _debug in a test name.

Change-Id: I1bff8551f2078afe82f789646b851f2fcff3e82c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11381
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-08 16:26:12 +00:00
Picnoir
9825404388 refactor(tvix/nix-compat): move handshake function to nix-compat
Moving out the handshake route out of tvix-daemon to nix-compat.

We're bumping the protocol to version 37. It does not change anything
for us. Version 37 introduced a change in the build result
serialization. We do not implement that for now.

Tested tvix-daemon against Nix via the integration test to make sure
we did not break anything in the process.

Taking advantage of this refactor to remove the unused anyhow
dependency in tvix-daemon.

Change-Id: I8a2aad0b6dbb0aaa997446a612a365fd7d70336c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11379
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-04-08 12:32:19 +00:00
Florian Klink
c05f90e611 refactor(tvix/nix-compat/wire): express magics as u64
This allows using read_u64, write_u64, which is a bit easier to juggle
with.

Also, update names to align with the nix codebase, which makes it easier
to spot both the constant name as well as the value.
Leave the ASCII interpretation as a comment afterwards.

Change-Id: I0b9ab187acd22807e2785b0722aa4300dab37c51
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11378
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Autosubmit: flokli <flokli@flokli.de>
2024-04-08 08:40:57 +00:00
Florian Klink
fd749070e2 refactor(tvix/nix-compat/wire): move magic bytes to worker_protocol
`primitive.rs` implements reading and writing primitive (fixed-length)
types in the wire format, used in the the nix daemon protocol and NAR
format.

Move worker-protocol specific magic bytes to worker_protocol.rs (and
possibly further split there once needed)

Change-Id: If681c01e9460294619f1d000229b81f0ac745810
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11377
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-08 07:02:10 +00:00
Florian Klink
71a3855f09 feat(tvix/nix-compat/wire): have write_bytes accept AsRef<[u8]> payloads
This includes String, &str etc. An example testcase with &str is
provided.

Change-Id: I900186d6ceb52f52bd41ef4596524c1f5b52470b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11376
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-08 07:02:10 +00:00
Florian Klink
acee489866 refactor(tvix/nix-compat/wire): simplify write_bytes a bit
Use the same EMPTY_BYTES trick from BytesWriter to write out the
padding, rather than allocating a Vec.

Change-Id: Ifb4ba1b45b7388adbc135fc8e46fd3d3cedd30aa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11375
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-08 06:18:22 +00:00
Florian Klink
eb910dfa3a docs(tvix/nix-compat/wire): update docstrings
Only describe the format once (in `read_bytes`, and simplify the other
docstrings a bit.

Change-Id: Iff898f3c4173d506a357bc14bdffbf69c4c6e0e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11374
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Autosubmit: flokli <flokli@flokli.de>
2024-04-08 06:18:22 +00:00
Florian Klink
f6359bf91f refactor(tvix/nix-compat): drop read_bytes_unchecked
This isn't used anywhere so far, and if someone really wants to, they
can simply make the range open-ended.

Change-Id: Iae9bcaa1f7ea032dd3ee76c8c142a38b6b72894d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11373
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Tested-by: BuildkiteCI
2024-04-07 21:57:11 +00:00
Florian Klink
d00c75ea9c fix(nix-compat/store_path): fix Deserialize with borrow
We were wrongly using `'de` as a lifetime for both `Deserializer` and
`StorePathRef`.

This prevented Deserializing into a struct containing `StorePathRef`.

See https://serde.rs/lifetimes.html#the-deserializede-lifetime, the last
part of the paragraph:

The 'de lifetime should not appear in the type to which the Deserialize
impl applies.

- // Do not do this. Sooner or later you will be sad.
- impl<'de> Deserialize<'de> for Q<'de> {
+ // Do this instead.
+ impl<'de: 'a, 'a> Deserialize<'de> for Q<'a> {

This fixes it, and adds a test, deserializing into a `Container` struct.

It also fixes the existing test cases, deserialize_ref was actually
deserialize_owned, and deserialize_owned didn't exist yet - but they
alone are not enough to provoke the lifetime issues.

Change-Id: Iaed2832998cae5f192eafe7fd5243e82ff6e051e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11372
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 21:21:09 +00:00
Picnoir
efd8ab5e0b feat(users/picnoir/tvix-daemon): implement set_options operation
The protocol is more stateful than I initially thought. We need to
keep track to a bunch of things, including but not limited to: the
client settings, the client version. I moved things around a bit to
keep this state along with the client socket.

Change-Id: Ibd34fbe7821c20a460934ea1af0719f5de46e491
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11359
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-07 20:38:33 +00:00
Picnoir
199f9b0a79 feat(tvix/nix-compat): read client setting from wire
Add the primitives necessary to read the client settings from the Nix
daemon wire protocol.

Introducing the read_string primitive. This trivial primitive parses a
read_bytes call, check the bytes are valid utf-8 bytes and wraps the
result in a String.

Change-Id: Ie1253523a6bd4e31e7924e9898a0898109da2fa0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11358
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-07 20:30:03 +00:00
Florian Klink
289b3126db feat(tvix/castore): drop test-case crate dep
Change-Id: I5049a3682a58ce848d80f413b2964331025a90a8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11370
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 14:51:47 +00:00
Florian Klink
936a175b2f refactor(tvix/castore/directoryservice/from_addr): migrate to rstest
Change-Id: I52b14652822766421d66e95bc646ed7baecc705f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11369
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Tested-by: BuildkiteCI
2024-04-07 14:51:47 +00:00
Florian Klink
d94ff54d42 refactor(tvix/castore): migrate closure_validator to rstest
Change-Id: I6c594d2e670a681484b858c3e04bc25b9e5a2077
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11368
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 14:51:47 +00:00
Florian Klink
c715b6d448 refactor(tvix/castore/tonic): migrate to rstest
Change-Id: Ie088bf03c739bf64abf3432175362a8f92f501c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11367
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 14:51:47 +00:00
Florian Klink
71fb99a265 refactor(tvix/castore/hashing_reader): migrate to rstest
Change-Id: I99ae0e27b4db4799db8af7cd6b9cc8d7f09227de
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11366
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 14:51:47 +00:00
Florian Klink
c7c66abd85 refactor(tvix/castore/blobservice/object_store): drop individual tests
This (and more) should now be covered by the generic testsuite
(in crate::blobservice::tests).

Change-Id: Ib3afc4f19f7e37a561b7398d43663dc941971f5c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11365
Tested-by: BuildkiteCI
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-07 14:51:47 +00:00
Florian Klink
32ac9bd110 refactor(tvix/blobservice/from_addr): move from test_case to rstest
This allows conditionalizing test cases on feature flags.

Change-Id: Ic9ed9ef52f703c973fda2ca4aae5f425e33b67de
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11364
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Tested-by: BuildkiteCI
2024-04-07 14:51:47 +00:00
Aspen Smith
bab3db2fa4 fix(aspen/system): Fix and reenable system build
Change-Id: I36f7a772e70be8711c03150b4b6dfcd6d4e299f2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11371
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
2024-04-07 14:19:01 +00:00
sterni
6e2c143756 chore(3p/sources): Bump channels & overlays
- agenix has not been updated
  (https://github.com/ryantm/agenix/pull/241).

- Re-enable now fixed dependency of flokli/archeology-ec2.

Change-Id: I4e0399e5b5dbaf5e504076e029013f165dd4d191
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11363
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-04-06 18:04:14 +00:00
Florian Klink
f3d8c633f2 feat(tvix/nix-compat/wire): introduce BytesWriter
This deals with writing byte packets of larger sizes to an underlying
AsyncWrite.

Its constructor receives the expected size. It also deals with writing
padding if flush/shutdown is called after writing all the payload.

Change-Id: I8acbf992467f3862ffb8c7d669e8c0c8eced14c1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11355
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: Brian Olsen <me@griff.name>
Tested-by: BuildkiteCI
2024-04-06 14:12:05 +00:00
Florian Klink
39276dc5b4 feat(tvix/store/proto): avoid clone in PathInfo::validate()
Have this return a StorePathRef<'_>, rather than a StorePath, and leave
it up to the caller to possibly convert it to a owned StorePath.

This avoids some allocations, if we only want to validate.

Change-Id: I5cf8e246fe02bd4e631f46a5cb86d3f77a728a0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11361
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: Connor Brewster <cbrewster@hey.com>
2024-04-05 23:28:11 +00:00
Vincent Ambo
9e81063050 feat(tazjin/khamovnik): enable docker
Change-Id: I105aad32cfcebd7a1b9108e4fd847073fb30da15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11360
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2024-04-05 15:53:56 +00:00
sterni
5262e5bf6c refactor(3p/mime4cl): use SB-POSIX for FILE-LENGTH
This is slightly better than the (mostly untested) mess we had before:
Just implement the one thing we need using the tools the one
implementation we support (SBCL) gives us.

Eventually, we'll want to make this portable, probably using osicat.
Unfortunately, packaging this requires support for cffi-grovel (b/383)
which buildLisp lacks at the moment.

Change-Id: I6960015f80e6a5dfde67baf55537c5274a19e4e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11356
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
2024-04-05 11:01:39 +00:00
Vincent Ambo
d13b0791c5 feat(tazjin/homepage): add link to volgasprint
Change-Id: Ia30cb6d533abd73f896b5a303049b2cb9cc26bf1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11357
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2024-04-05 09:18:35 +00:00
Florian Klink
226b5c4b20 refactor(tvix/nix-compat): make padding_len pub(crate)
Let's make this usable for the entire crate.

Change-Id: I754408908a00296ee80dd52680f84b8a7cb22317
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11354
Tested-by: BuildkiteCI
Reviewed-by: Brian Olsen <me@griff.name>
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: picnoir picnoir <picnoir@alternativebit.fr>
2024-04-04 20:23:35 +00:00
Ryan Lahfa
e7af8e0d62 feat(tvix/eval): implement appendContext
`appendContext s ctx` will just append a user-crafted context attrs to `s`.

The most important part of this builtin is to perform all the relevant invariant validations
to avoid letting the user craft invalid contexts which can never be built, e.g. invalid store paths,
inexistent derivations, etc.

This version is incomplete and full of TODOs, but passes all the Nix's
context strings tests, so we turn them on.

Change-Id: I625dc5e7c4f5b784f078b390f04b0ee5a8d65a7c
Signed-off-by: Ryan Lahfa <tvl@lahfa.xyz>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11263
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-04 17:24:26 +00:00
Ryan Lahfa
e9a23bb478 fix(tvix/glue): produce context for builtins.(path|filterSource)
Fixes b/392.

Output paths were created, depending on a plain store path but no
context string was attached to track that plain dependency.

Context string propagation tests are strengthened to prevent any
regression on this.

Change-Id: Ifd6671aeba6949324b0bb9f0f766b87db728d484
Signed-off-by: Ryan Lahfa <tvl@lahfa.xyz>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11351
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-04-03 23:23:29 +00:00
Picnoir
3821fd4224 chore(users/picnoir/tvix-daemon): apply clippy suggestions
Remove potential partial reads/writes and instead read/write the full
buffer size: we want those to be 64 bits.

Change-Id: I1f767baf23fa80c2babb8113f61d1a9e72a8d8dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11350
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-03 13:39:35 +00:00
sterni
c59e11dc3e fix(nix/buildkite): solve bogus realpath errors if build steps fail
- Set pipefail to make sure the correct exit code gets returned.

- Don't let xargs(1) call realpath(1) if the build fails (and nothing is
  printed to stdout).

Change-Id: I526a18df877601d884b83862da5f37336cdf52cd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11312
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-04-03 11:52:10 +00:00
Picnoir
32724d28ee feat(users/picnoir/tvix-daemon): add log verbosity flag
Adding a verbosity flag available through the CLI/ENV variable.

Change-Id: If04cc2e6e26e7cb3c2df7821fce222da2b85a95a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11349
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-03 11:32:50 +00:00
Picnoir
9cec50cb2e refactor(tvix/nix-compat): drop read_u32
Actually these are all u64 LE encoded on the wire.

Change-Id: I5ca22c7639607ac47117cd946e036a444271885a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11348
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-03 11:32:50 +00:00
Picnoir
c35a5ff611 feat(users/picnoir/tvix-daemon): parse up to the operation
Using all the primitives recently implemented to nix-compat to reach
the point where the Nix client start to send us operation requests.

Using a small integration test script (or the VM test, but let's face
it, it's too slow to be useful), we manage to reach the point where
we're able to read a store operation:

    2024-03-21T18:53:27.624876Z  INFO tvix_daemon: Incoming connection addr=unix
    2024-03-21T18:53:27.625312Z  INFO worker:perform_init_handshake: tvix_daemon: Trust sent conn=Connection(unix) conn=Connection(unix)
    2024-03-21T18:53:27.625406Z  INFO worker: tvix_daemon: Client hanshake succeeded conn=Connection(unix)
    2024-03-21T18:53:27.625488Z  INFO worker: tvix_daemon: Operation received op=SetOptions conn=Connection(unix)

We had to take some shortcuts wrt. stderr/log management. The CPP Nix
codebase is a bit confusing in that area. I'll need to spend more time
reading this to fully understand what's happening there. For now,
sending the STDERR_LAST command to the client does the trick.

Change-Id: I9b0e20a52d885e64fe29188496aac5334de61edd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11233
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
2024-04-03 11:32:50 +00:00
Picnoir
08cc27cc20 feat(tvix/nix-compat): introduce write_worker_trust_level
This is used by the nix client to determine whether or not the daemon
trust it. The trust conditions check are daemon-specific, hence not
part of nix-compat.

Change-Id: Icbcba2f7f1fd58f67e7da72d22a264f5a3f3619d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11231
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-03 11:32:50 +00:00
Picnoir
017ff431fe feat(tvix/nix-compat): introduce write_bytes
Write counterpart of read_bytes. Despite its name, we mostly use it to
write strings (as in ascii strings) to the wire.

We also extract the padding calculation in its own function.

Change-Id: I8d936e989961107261b3089e4275acbd2c093a7f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11230
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-03 11:25:14 +00:00
Florian Klink
f7cdbbef45 chore(users/flokli/nixos): restore archeology-ec2 build
Temporarily remove parquet-tools, so this builds again.

Can be re-added once https://github.com/NixOS/nixpkgs/pull/301032 landed
upstream.

Change-Id: Ie74f014eb8158d5f529a5f1c55788a4edc5c805d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11347
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: edef <edef@edef.eu>
Tested-by: BuildkiteCI
2024-04-03 11:19:34 +00:00
sterni
d5e1892d56 chore(3p/sources): return to a proper nixpkgs channel (unstable-small)
Change-Id: I27e3cd95ff4320a81cf74ad1a6e08771b7b682c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11346
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2024-04-03 10:34:56 +00:00
Ryan Lahfa
cecb5e295a feat(tvix/eval): implement builtins.path
Now, it supports almost everything except `recursive = false;`, i.e. `flat`-ingestion
because we have no knob exposed in the tvix store import side to do it.

This has been tested to work.

Change-Id: I2e9da10ceccdfbf45b43c532077ed45d6306aa98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10597
Tested-by: BuildkiteCI
Autosubmit: raitobezarius <tvl@lahfa.xyz>
Reviewed-by: flokli <flokli@flokli.de>
2024-04-01 12:30:26 +00:00
Ryan Lahfa
14fe65a50b refactor(tvix/store): generalize PathInfo constructors
Instead of enforcing NAR SHA256 all the time, we generalize the
`PathInfo` constructor to take a `CAHash` argument which can drive
whether we are having a flat, NAR or text scheme.

With this, it is now possible to implement flat schemes in our
evaluation builtins, e.g. `builtins.path`.

Change-Id: I15bfee0ef4f0f428bfbd2f30c57c012cdcf6a976
Signed-off-by: Ryan Lahfa <tvl@lahfa.xyz>
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11286
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2024-04-01 12:30:26 +00:00
Vincent Ambo
f2ca30774e chore(3p/sources): remove emacs overlay
Change-Id: I374912efcb45273d0a32daa3da4b68a9cad58afa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11328
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2024-03-31 22:35:06 +00:00
sterni
73b1f0407b chore(3p/sources): bump channels & overlays – xz edition
Update all 3p/sources as we do normally except

- agenix which is still pinned to 0.15.0

- nixpkgs (unstable) which we bump to the HEAD of the staging-next
  branch. This branch includes the downgrade of xz from 5.6.1 to
  5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
  also includes the second haskell-updates rotation with GHC 9.6.4
  which contains a few build fixes that seem to be required to get
  our Haskell targets to work.

Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Changes required by the updates:

- //3p/overlays/haskell:

  - Update ihp-hsx to latest master to fix build with Stackage LTS 22.
  - Update tmp-postgres to latest master to work around failure with
    ansi-wl-pprint >= 1.
  - Patch punycode for mtl >= 2.3.

- //users/Profpatsch:

  - Clean up some warnings, mostly about unused dependencies
  - my-prelude: Fix build with ghc-boot-9.6.4
  - cas-serve: Use crypton over unmaintained cryptonite
  - ical-smolify: skip in ci, iCalendar would require heavy patching to
    work with Stackage LTS 22.

- //users/{wpcarro,aspen,flokli}:

  Disable home-manager / nixos configuration builds that seem to have
  transient failures that should disappear as we move away from
  staging-next and closer to an actual channel release.

Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2024-03-31 22:27:04 +00:00
Vincent Ambo
b67b0a6d72 chore(3p/nixpkgs): try disabling Emacs overlay
Change-Id: I63d9d1cc7221bd3f18b0157f423cf3e369482a2f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11327
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2024-03-31 22:08:31 +00:00
Vincent Ambo
9204b58f15 feat(automatic-gc): robust way to disable automatic-gc
We just had a minor incident where apparently our build cache for the
critical security fix was deleted by automatic-gc (which I had stopped
manually) being reenabled by an unrelated whitby deploy.

This adds a new mechanism where by touching a file called
`/run/stop-automatic-gc` the GC can be prevented from running.

We might want to configure an occasional alert or something if this
file exists, so we don't forget about it when we are using it.

Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
2024-03-31 21:44:26 +00:00
Aspen Smith
1d1984e85f fix(web/panettone): Hotfixes for full text search change
- Actually define *static-dir* at build time, to get the search.png in
  the search box
- Better logging for migration running at startup time
- Fix and-where to properly exclude nil clauses
- fix looking up build-time vars in the :build package

Change-Id: Ia2ef3b2715d4c2efb62bbb2c72084f0f0ad09562
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11325
Autosubmit: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2024-03-31 20:58:18 +00:00
Aspen Smith
efe7e8e63a feat(aspen/system): Install patdiff
Change-Id: I86a18fb3fa135c4324064e6acde06bd4dcfbb94d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11294
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Autosubmit: aspen <root@gws.fyi>
2024-03-31 19:35:01 +00:00
Aspen Smith
3ba0948906 fix(aspen/system): Use suspend-then-hibernate for lid close
Change-Id: I07b8cea035050ff90fbb851e4f6401285514db1a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11293
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
2024-03-31 19:32:14 +00:00
Aspen Smith
35a96b47d5 feat(aspen/system): Weather in i3status bar
Change-Id: Ib2572fea5fc81d6b4d321a2e317a02398d0ae612
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11292
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
2024-03-31 19:32:14 +00:00
Aspen Smith
d706ebda65 feat(aspen/system): Add lusca
A Framework laptop

Change-Id: I646e705d12b76c83e8cdcf11c618d07db3a21f0c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11235
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
2024-03-31 19:32:14 +00:00