Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.
Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.
Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi
with an Acme SSL cert.
Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Init the config for mugwump, a NUC that I bought from ncl and which I'm
going to use as a simple home server and ssh bastion box. Since this is
the first time I've set up a server using my nixos config, this also
moves a bunch of desktop (xserver, audio, etc.) related config out of
modules/common.nix and into a new modules/desktop.nix.
Coming soon: nixos-rebuild switch --target, but in the depot!
Change-Id: I67bd5ba6e3c26f80f77058af186fd41cc245d5d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2016
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add configuration for a live install iso based on the depot's nixpkgs
pin and with a couple of networking-based options tweaked a bit.
Change-Id: I208bd0f7815fe54fc805e8995a8288d7a0d36f84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2014
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Bind a key, which I've located at the top-left of my right keyboard, to
a momentary push-to-talk by muting and unmuting my pulseaudio source
using xbindkeys. I had been putting this off for a while because i3
doesn't support binding different commands to keyup than to keydown
events, but the xbindkeys support appears to have solved that reasonably
well, plus it's got Scheme in it so that's cool.
If there's demand for it I'll gladly expose this as a reusable,
configurable home-manager module outside my users dir in the depot.
Change-Id: Ie591c93037dbdac364d5d8a718d99edb70780789
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1975
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Also move fcitx to system, since it's a nixos thing not a home-manager
thing.
Change-Id: I3e047494a478520e939d48fc72cc91a2d797bf74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1969
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
These depend on graalvm which is gonna be a big ol build
Change-Id: I3b67e22677390921e408b9fea12191718b27cd7f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1967
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use a block cursor in normal mode, and a beam cursor in insert mode.
Change-Id: I1cf5eebeaadf41cd006b324de62eb7f6804e149a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1965
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Create the pipeline by outputting a file that contains nix-build
invocations for each target's *derivation path*.
Each invocation has a generated Nix expression passed to it with `-E`
which fetches the correct target from the tree while correctly
handling targets with strange characters (such as in Go-packages).
This makes it possible to run target-level granular pipelines. We're
getting somewhere!
Change-Id: Ia6946e389dafd1d4926130bb8891446d6e17133b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1855
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
This reverts commit 475d41f698. I'd like
my derivations back, please.
Changes necessary to get this working:
- Don't depend on `nixpkgs` being in the NIX_PATH for my website - it's
not necessary anyway since emacs 27 is mainline now
- .skip-subtrees on things that shouldn't be evaluated anyway
- Get rid of system/pkgs, and move the one thing in there that *wasn't*
already in third_party (alsi) to third_party
- Drop notifymuch for now - it's not working, and I'll probably get it
landed in nixpkgs before I manage to get it working
- Add __readTree = true to my systems so they get built.
- explicitly disable ci for xanthous, which is failing to build and had
been omitted previously
Change-Id: I20f5e81d6eb7ffe040091a08d75d0cb15304f707
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1864
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This bumps the channel to a commit that includes fixes for an nginx
issue we have been seeing:
https://github.com/NixOS/nixpkgs/pull/95264
Includes the following compatibility fixes:
- tests disabled in third_party.bufbuild: These were enabled
unexpectedly by the update, but don't run in the sandbox because
they want to download things from github
Change-Id: I98a3b5de57f62f1fd3a37701fa1896eddeedff85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1759
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
This is kind of difficult to read otherwise because the boot
configuration is scattered throughout the file.
Change-Id: I8977b1bd2b9162c898c96aa249c40749b3d46180
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1762
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
I have an encrypted drive, so this extra layer of security is pointless
Change-Id: Ifa523ee5ea545b5ee17536d34f60d7235e47f25c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1741
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Bumps both nixos-unstable and nixos-20.03 to today's versions, as per
status.nixos.org
Contains minor fixes to things that broke because of the update:
* tazjin/frog: hardware.u2f is a deprecated setting
* glittershark/system: modSha256 in Go modules is now vendorSha256
* glittershark/owothia: removed version constraint on relude
Change-Id: Ib3e9612b1b06ed547b90e4f8b0ffe5ed7fe0a5c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1642
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Bump to alacritty 0.5.0 (which is happening by fetching YANNPP (Yet
Another Nixpkgs Pin) because overriding versions of rust packages is not
very well supported) and update the relevant home-manager version and
pin to get it installed and configured with vi-mode.
Change-Id: I4fd96bd0c0611ce76500c33bf0b2c680ee7f44c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1583
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
For when I'm building stuff I don't want to build on whitby.
Change-Id: Ic377fe0d68436a81ee479ff4aa029a51e0a5babf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1215
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This uses the notifymuch package pulled from
https://github.com/NixOS/nixpkgs/pull/92797 right now, but eventually I
would like to pull from a vendored version since there are some changes
I would like to make to how the notifications are rendered and it looks
like upstream is unmaintained.
Change-Id: I3d1d355a09171a33677f095aa068f2499d50b37b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1177
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This was done originally to make the snippet shareable, but is nice
regardless.
Change-Id: Ie51302a020cbb262b1e802e94786ebb8a9f843c8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1170
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Essentially the same as for nixos, so I can get whitby to compile stuff
for me. Eventually I'll generalize this so things aren't as hardcoded to
my particular setup, but for now I'm the only one in the depot who's
using home-manager so this should be fine.
Change-Id: I1cb0344f5a11eea68bddc98976999c0928dfa84e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/937
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.
As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.
Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
for cabal 3 commands that are runnable without new- or old-
Change-Id: Ib00c8654c40c47482e06aec9dd1454dacce42971
Reviewed-on: https://cl.tvl.fyi/c/depot/+/901
Reviewed-by: glittershark <grfn@gws.fyi>
This is needed as well to use it as a substituter it seems
Change-Id: I6cefbccef2a61d665209131084bc58d7b56645f9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/899
Reviewed-by: glittershark <grfn@gws.fyi>
Right now it looks like the time to copy data between local and whitby
essentially eliminates any benefit to using it as a remote builder.
Which is a shame, but ah well.
Change-Id: I71dc4782992a28b196e262d40acc1bbc0b883529
Reviewed-on: https://cl.tvl.fyi/c/depot/+/898
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
This appears to be working! which is nice.
Change-Id: I06f8d2ff4e9b313073cb76c77a8a9bed0cb52516
Reviewed-on: https://cl.tvl.fyi/c/depot/+/887
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
gonna use this instead of nixos-rebuild switch, in part to get away from
global nixpkgs pins.
Change-Id: I46e2951660465790adfdf75e6e3413b5c2dfd7c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/886
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
My laptop, so I can recompile linux-ck not on my machine
Change-Id: Ib42e0440628be6a4d03999220ab2c69b19d6e391
Reviewed-on: https://cl.tvl.fyi/c/depot/+/884
Reviewed-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
If I want to build this on TVL's CI I can't reference ~/code/urb/urbos,
obviously, so I'll just vendor it here which is fine
Change-Id: I40feb4b29fafae1d3bb0119b7cca1613a4582fdc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/885
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
As tazjin pointed out, this is little enough code that pulling it from a
global channel is a little silly, so I've just inlined everything.
Change-Id: I8750f139a3124135a72737c381215a6e812ce0c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/882
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: BuildkiteCI
I previously had some stuff jammed into a hardware-configuration.nix not
committed anywhere, which is silly but also prevented building this
config as a top-level derivation, so this vendors them all in there
Change-Id: Ia76f1d75dcd44aa3e9d86a66c45176afc0946d12
Reviewed-on: https://cl.tvl.fyi/c/depot/+/881
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
To go along with git checkout master
Change-Id: I2a0d09e50cf82368e324e1dfbbd3dc868d30b9f2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/728
Reviewed-by: glittershark <grfn@gws.fyi>
Add jsonnet-mode to emacs, and install jsonnet in the development.nix
module in home-manager.
Change-Id: I11d6417b6a059de151dbb5407682059e0d5a7d3c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/564
Reviewed-by: glittershark <grfn@gws.fyi>
To test out emacs package installs from depot
Change-Id: Ia8bb370d671c566c6ce8de08b47925ec3a1653e4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/493
Reviewed-by: glittershark <grfn@gws.fyi>