No longer connecting to freenode - but I *am* now connecting to both
hackint and libera, so add a prompt to the command to decide which one I
connect to
Change-Id: Iae315ddab753cf9c365cbee7abd94213af656d4c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3177
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use awscli2 rather than awscli to deploy - less because I actually need
any specific functionality from the new version, and more because I
already use awscli2 on my systems and it's nice to always use the same
version of stuff
Change-Id: Id0e5b63dde1857c2e417ac2eeb2f769ebcc0f956
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3175
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
... until hardcoded references are removed upstream.
This is motivated by HEAD-branch related issues when cloning depot via
josh and a naive search for places where `master` was used directly.
Change-Id: I46709631d6ee5561344fc5f407324bcf69c641e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3171
Tested-by: BuildkiteCI
Reviewed-by: cschilling <christian.schilling.de@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Includes a potentially relevant fix (anonymous authentication with the
correct username).
Change-Id: Iabf2eff43e98cc8b7b998ead3775b1fc8f1dfac6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3173
Tested-by: BuildkiteCI
Reviewed-by: cschilling <christian.schilling.de@gmail.com>
There have been a few relevant fixes.
Change-Id: I84b6fb645703972b03f1210cb69d03467caefbfa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3172
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
We still don't support POSIX timezone descriptions and the like,
but I currently don't have the energy to support something just
for POSIX's sake.
Change-Id: Ifbfc798ebe849e886cc31964b7fbc70ff009ef29
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3167
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
... rather than dragging it in as some transitive dep, which actually
stopped happening.
Change-Id: I2331721839d5e53c38236f64487be0e6f1be352e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3170
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit e1c45be3f5. I'm back
in NY now T.T
Change-Id: Iaae2bf778195b9a99ac1a46068703a58e6b69053
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3166
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This small tool prints the current time rounded to half-hour precision
as an emoji clock face and exists. It can use both the local time zone
and UTC. Additionally it supports a pseudo dot time format.
Via fun.🕰️.lib we reexpose the internal library which allows conversion
from LOCAL-TIME:TIMESTAMP to an emoji clock face — maybe we'll want to
integrate this into //web/panettone?
//fun/🕰️ is the spritual (and actual) successor to
<https://github.com/sternenseemann/unicode_clock>.
It likely only works in SBCL due to its heavy usage of unicode symbol
names.
Change-Id: I44204107a14f99b04b0c5290d88e8659f013f423
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3164
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Turns out this is an annoying thingy you sometimes to implement
independently from formatting an entire timestamp, so we expose it for
reuse.
Change-Id: I11de2823eb03849ea78fc79e2f546e413882930f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3163
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
This fix is essentially the same as the one in cl/1263.
Change-Id: I27be280a610914fcfbb6d7fee7aebaa56b993812
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3158
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Add a script (to PATH, so I can launch it from rofi) to take whatever's
in the clipboard, pass it through `dot -Tpng`, and then open the result
with feh.
Change-Id: I1842fca3585a33d902da20dfa6101d1c6d2f2062
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3160
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Until we have declarative ZNC config (which requires a solution for
secrets handling in it), make sure we back this up as well.
Change-Id: Idb186327da171eb6d3dbbd83801639f1f9321a40
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3159
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Use the new module settings which apply configuration in cn=config
instead of slapd.conf.
The module performed this update via lib.mkChangedModuleOption, I've
applied the transformations contained therein manually. Note that some
of the settings were already in place, which means that the `suffix`
and `database` options seemingly disappear into the void.
Fixes b/105.
Change-Id: I8a968c1eb8cb7827618cb732cdb46006a5d011f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3157
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This changes the evaluation order for the `depot` argument and ensures
it is partially evaluated before the module system starts resolving
imports.
This way we can import modules from `depot.path` without `depot`
having to come from readTree.
Fixes b/129.
Change-Id: Icf4dd2be15011055dac8b27e991a4ff6a12bf827
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3156
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
The link for atward's source code was using atward.tvl.fyi,
this makes the cs cookie (if set) for at.tvl.fyi not work.
Change-Id: I644f0341ecaf2caea0b71a950686579dfd18d092
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3155
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This time using `tools.hash-password` because login did not work with the
initially created hash.
Change-Id: I1eb62a496d2d8497d27573af47bf8bf70dac9bbb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3153
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
* This was mostly for //third_party/nix and its dependencies which now
have been set to use llvmPackages_11 manually.
* For //users/grfn/achilles we also manually select the newer LLVM version.
* //tools/cheddar doesn't seem to need llvm anymore.
* //third_party/buzz also compiles with clang 7.1.0
* replace clang-tools everywhere with new attribute clang-tools_11
For the future we may want to have something similar again, but it may
not be necessary to invest too much time into it: nixpkgs is set to
upgrade their default llvmPackages to LLVM 11 as well at some point in
the near future.
Co-Authored-By: sterni <sternenseemann@systemli.org>
Change-Id: Id83868dbc476a6c776b59518b856c933f30ea79d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3135
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
This will be used to serve (nix-) diffs for pending deploys of whitby
Change-Id: Ia864993b1fcb3b7ce5fcc21f32a27528a4c31f08
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3149
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
irccat is passing the realname option as the ident of the user, which
doesn't match what is in ZNC.
It hasn't seen any upstream commits in a long time, so I'm just
leaving this as is and fixing it locally in our config.
Change-Id: I3bf865f37b8df9c1cd891a94245ca3fad376bbe1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3150
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Issue bodies tend to be very long, so displaying the full diff whenever
the issue is updated takes up a lot of visual room and is very hard to
read. Specifically for this field, this changes the display to only show
"updated the body of this issue", hiding the previous and new values.
At some point in the future, I'd love to have some CSS fun with active
anchor links to have an "expanded" view that *does* display the previous
and new value, but for now this should be fine - the data isn't gone,
after all!
Fixes: b/111
Change-Id: I0188540188729142e0b9205ff5cc9ea576c4edb6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3142
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
7aebba7, which added anchor links to comments, also incorrectly added
only the *key* for the `:id` attribute to the `li` element for
issue *events*, swallowing up the next form (which happened to be the
username) as the value. this adds a *proper* value for the `:id`
attribute, bringing back the actual display of the username.
Fixes: b/97
Change-Id: I33ee628ddfd4a291e069980512fcc5f74014aac4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3141
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The accessor function to get the ID of the `model:issue-not-found`
condition is `not-found-id`, not `id`! Also, add a missing space to the
title.
Fixes: b/127
Change-Id: I91c71feaf1fe877e6a14453a9e75cf27d56fee31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3140
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This is fixed in upstream nixpkgs, but we're not yet at a commit where
it's used, so it's important to use the OpenLDAP from //third_party
Change-Id: I7c033cd23f45a95c4a4af864ffe561c496833a0d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3143
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
I like running fail2ban on any machine that has stuff like ssh
world-open, to limit the potential for password brute-force attacks etc.
Change-Id: I0c60811ae5a2fddb44f04679fb455e646b8e39c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3138
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This doesn't replace all of them in the repo, but at least the ones
that are relevant to our move.
Change-Id: I842e7594b4c16af30d880272417874f6b29afd22
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3134
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
This drops the msmtp requirement from my configuration; there's still
some cleanup to be done but I need to double-check this in a few
environments first.
Change-Id: I298f4ff77b45cb214fbccee84e9bbd861508d11a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3132
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This configures owothia to use her new bouncer to HackInt.
Change-Id: I80eb8191c2b0f2a6f8a31d19b60250ade27c1913
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3129
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This is a simple Go module build for https://litestream.io/
If this ends up being useful, we should upstream this to nixpkgs.
Change-Id: I3beb64c9adb3b57fcef4e1dfb27f293a15f90a76
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3085
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Points clbot at the new local ZNC instead. This will make it part of
the things happening through the `tvlbot` account.
Relates to b/101
Change-Id: I1c15ffa5720d3af34475c15bee3fdaa537ac659b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3127
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
The local bouncer on whitby does not use TLS.
Change-Id: Idf9c56f94129b0ddce620eb559082a8f2f088078
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3128
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
owothia is hardcoded to join ##tvl, which is a remnant of when TVL was on
freenode, and on hackint the IRC channel is single-hash #tvl instead. Instead
of hardcoding another channel name, let's make this configurable, so we don't
need to recompile owothia for every different channel we want her in.
It's now possible to set IRC_CHANNELS in owothia's environment to '["#foo",
"#bar"]' to make her join both #foo and #bar automatically.
Additionally IRC_IDENT can now be set to configure owothia's ident,
which is required for ZNC compatibility.
Change-Id: I0fc0856f4ea35f59255b76ae0e594325f18ef993
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3130
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This adds a shadowsocks service, running on port 8443, tcp and udp.
The password is read from /etc/secrets/shadowsocks-secret.sec, and needs
to be populated externally.
Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
The following commit itends to bind on port 8443 on all interfaces,
so let's move this to something else.
Change-Id: Ibb94a0f4e6892b6e543b542b89bcdaaefb617f23
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Bouncer to be used for TVL's IRC bots, see b/101
Change-Id: Ic9f71ecd94365d3baa31e0552b1ce16362f94557
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3124
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
* update some of the project listings
* remove an invalid link to my previous Twitter account (this is from
back before TVL was a multi-person project)
Change-Id: I049c05704d5feecc8c40718665fe98315008423f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3122
Tested-by: BuildkiteCI
Reviewed-by: cynthia <cynthia@tvl.fyi>
We have a bunch of crates in `third_party/rust-crates`; it would be
great if we could check them for existing CVEs.
This tool does that, it takes the rust security advisory database,
parses the applicable CVEs, and cross-checks them against the actual
crate versions we list in our package database.
The dumb parser we wrote is tested against all entries in the
database, so we will notice when upstream breaks their shit.
Checking the semver stuff is easy enough with the semver crate.
If an advisory matches, it prints the whole thing and fails the build.
Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
We can be closed world, so let’s restrict the arguments to the subset
we need for now.
The existing override was wrong, in that `// args` would use the
arguments we already added, again. So instead of deliberating about
how to make this work right in all cases, we don’t need it, we trim
it.
Change-Id: I6443a0808b8bfd5e4db939b669c6afc741954db8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3057
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>