I previously had some stuff jammed into a hardware-configuration.nix not
committed anywhere, which is silly but also prevented building this
config as a top-level derivation, so this vendors them all in there
Change-Id: Ia76f1d75dcd44aa3e9d86a66c45176afc0946d12
Reviewed-on: https://cl.tvl.fyi/c/depot/+/881
Reviewed-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This *should* translate to the required invocation to make sudo allow
nopasswd for users in the wheel group.
Change-Id: I3713862b8df9087cfbaa72d7e824bc43469f7c1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/857
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
This is the point of the machine, afterall.
Change-Id: I15c11600c1c18fa8962d57f75f99a72e1553f9c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/853
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
systemd gets sad otherwise and it is very difficult to console it
Change-Id: Ic6405489532c407273e5634474185f2947420b37
Reviewed-on: https://cl.tvl.fyi/c/depot/+/851
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
it's not glittershark because grfn is the username I have on my laptop
and I want to be able to ssh without an `@`.
Change-Id: Ie1fb6f5e12f3ac52a44680704179bd27a00a7768
Reviewed-on: https://cl.tvl.fyi/c/depot/+/850
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
I generated a new one for whitby, so it's called whitby because that's
the only thing I'm going to be using it for.
Change-Id: Ie8ebdb1e58c76e447ee3a3ea0b1b244fe000e3e4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/849
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
When visiting buffers that represent home-manager or nixos modules, set
compile-command to the relevant switch command.
Change-Id: I565e092d1e6b97eb7fee9d88211c0ee6ebb30b53
Reviewed-on: https://cl.tvl.fyi/c/depot/+/846
Reviewed-by: glittershark <grfn@gws.fyi>
This adds NixOS configuration for the machine whitby.tvl.fyi.
No interesting services are configured yet, so this configuration is
quite plain.
Change-Id: I67b7c75ebd6e298719b52e6b3bd83cc3be3c45d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/843
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
I don't know why-- but I don't want it breaking this command.
Change-Id: I90c28cd21f3a5bc9f0155a88b50b13434fda4c5d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/838
Reviewed-by: glittershark <grfn@gws.fyi>
This does not work for ARGON2 hashes.
Change-Id: I1e070fa0ff17ef21632e94e6777da637deb6f54f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/834
Reviewed-by: Kane York <rikingcoding@gmail.com>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
This wrapper script correctly invokes slappasswd for generating ARGON2
hashes.
People without Nix will need to figure this out on their own.
Change-Id: I264715ba4932855b868bef70cc9102515b3d129e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/833
Tested-by: BuildkiteCI
Reviewed-by: BuildkiteCI
Reviewed-by: Kane York <rikingcoding@gmail.com>
This makes it possible to use {ARGON2} hashes instead of the current
salted SHA hashes, which is a much better idea.
Unfortunately the nixpkgs module does not have an option for
overridding the package used, so it is overlaid into the system
package set - this causes widespread rebuilds.
This is fine for us for now, but I have opened a PR upstream to add a
package option: https://github.com/NixOS/nixpkgs/pull/91963
Change-Id: Ib4be931d88e74b91566639f8656742cf096f6cc3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/831
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
This enables support for the Argon2 password hashing mechanism in
OpenLDAP. Note that we also need to configure the LDAP module to load
this, so this change is not yet sufficient for actually using Argon2
hashes.
Change-Id: I151b854b777daa924b22224a43851432a88a2760
Reviewed-on: https://cl.tvl.fyi/c/depot/+/830
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
... and remove a package that doesn't exist anymore (at this location)
from the nixpkgs allowlist.
Change-Id: I663c84c387fb04bb3b47448132ad768ed5352474
Reviewed-on: https://cl.tvl.fyi/c/depot/+/829
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Tested-by: BuildkiteCI
This makes the code slightly more readable. For users that use editors
without semantic navigation, this also makes it easier to jump around
between items in the files.
I looked into whether a rustfmt setting exists for this, but
unfortunately the answer is currently no.
Change-Id: I37b19fa6ab038c71b924c45dbc12b298e660e8cf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/827
Reviewed-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Tested-by: BuildkiteCI
Before this change, besadii would skip further processing of meta refs (which happen for every CL metadata change), but it would still schedule a build by returning an update - which would then inevitably fail.
This change makes besadii skip meta refs the same way it skips non-depot builds, i.e. completely.
Move *on* from meta refs, do *not* collect $100.
Change-Id: I269d2299f4d3cb1f9c041da8c92fa00ae7794b38
Reviewed-on: https://cl.tvl.fyi/c/depot/+/825
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
Adds a Naersk-based build to check that this compiles, with a Lockfile
based on the ~2018 crate versions.
Change-Id: I0460a476d3b983fcf71e35e6b480f4a526118b58
Reviewed-on: https://cl.tvl.fyi/c/depot/+/803
Reviewed-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
I dug through my archives for this and found a version that, while
unfortunately not the latest implementation, is close enough to the
real thing to show off what Finito did.
This is a Postgres-backed state-machine library for complex
application logic. I wrote this originally for a work purpose in a
previous life, but have always wanted to apply it elsewhere, too.
git-subtree-dir: users/tazjin/finito
git-subtree-mainline: 0380841eb1
git-subtree-split: b748117225
Change-Id: I0de02d6258568447a14870f1a533812a67127763
These are updated for all sorts of things and should just be silently
ignored by besadii.
Change-Id: I0a6de373b21d6bef5fd31d0a1d3f72c501073bba
Reviewed-on: https://cl.tvl.fyi/c/depot/+/801
Reviewed-by: BuildkiteCI
Reviewed-by: Kane York <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
We have this nice `runExecline` now, so we don’t need to use
`runCommand` (which spawns bash) just to write a simple script.
Change-Id: I2941ed8c1448fa1d7cc02dc18b24a8a945b2c38b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/704
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: BuildkiteCI
runExecline is a primitive that just does not care.
It’s similar to `runCommand`, but instead of concatenating bash
scripts left and right, it actually *uses* the features of
`derivation`, passing things to `args` and making it possible to
overwrite the `builder` in a sensible manner.
Additionally, it provides a way to pass a nix string to `stdin` of the
build script.
Similar to `writeExecline`, the passed script is not a string, but a
nested list of nix lists representing execline blocks. Escaping is
done by the implementation, the user can just use normal nix strings.
Change-Id: I890d9e5d921207751cdc8cc4309381395d92742f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/701
Reviewed-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
The escaping functions are going to be used by both `writeExecline`
and `runExecline`, so let’s move them to their own namespace.
Change-Id: Iccf69eaeca3062573e0751a17c548b7def86196d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/706
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Kane York <rikingcoding@gmail.com>
This removes almost all of the GCP-infrastructure leftovers from my
previous setup.
The DNS configuration is retained, but moves to my user folder
instead.
Change-Id: I1867acd379443882f11a3c645846c9902eadd5b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/782
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: isomer <isomer@tvl.fyi>
Besadii already adds 'Verified'-labels, which are used to signal CI
status on CLs, however we don't actually use these labels (yet) which
also means that they are not displayed in the Gerrit UI.
This change temporarily introduces the Code-Review label *in
addition* (with the same values as Verified), providing a build status
signal on the CL but without being required for submission.
Change-Id: I2c3a37c59aceb426815ad4e400c80ab85be482dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/781
Tested-by: BuildkiteCI
Reviewed-by: ericvolp12 <ericvolp12@gmail.com>
Reviewed-by: lukegb <lukegb@tvl.fyi>
I've done a small amount of investigation and settled on this as my
favorite gitignore source filter function out of the several that are
available.
Change-Id: Idf1f2f643acc7f8e44de6c0c8702b16e0d37face
Reviewed-on: https://cl.tvl.fyi/c/depot/+/762
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This hook is invoked by Buildkite (on the runner) after every build
stage. This change adds support in Besadii to run as this hook and
update the build status on a Gerrit CL.
Change-Id: Ie07a94d9b41645a77681cf42f6969d218abf93c1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/761
Tested-by: BuildkiteCI
Reviewed-by: Kane York <rikingcoding@gmail.com>