* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs
Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This thing has been introduced recently and prints annoying warnings
when running manually patchelfed binaries with the default loader
path (which used to work fine!).
This doesn't actually fix running the binaries, which now segfault,
but at least it doesn't print a paragraph of annoying text in the
terminal instead.
Change-Id: Ie0d8c3cc124b71d244e10f3755431fb3401ff81b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10479
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This has some effect on the Emacs 29 hollow cursor bug, though I
honestly don't fully understand what this does.
Change-Id: I03eaa0a64e81f01a86736ad17b4c1b3a56fe3d5a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10461
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
* all: update wasm-bindgen to 0.2.89 in WASM projects
* users/grfn: explicitly set pinentry for gpg-agent
* 3p/crate2nix: drop patches that were merged upstream
* 3p/rust-crates: fix one more package name that was broken by crates.io
* 3p/overlays: bump telega backend to new required version
The update for agenix has been dropped. It caused strange build errors
with messages like these:
patching script interpreter paths in /nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0
/nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0/bin/agenix: interpreter directive changed from "#!/usr/bin/env bash" to "/nix/store/q8qq40xg2grfh9ry1d9x4g7lq4ra7n81-bash-5.2-p21/bin/bash"
stripping (with command strip and flags -S -p) in /nix/store/0g0wpa3vxfb4w461s6ny3s1wr08faj73-agenix-0.15.0/bin
Running phase: installCheckPhase
no Makefile or custom installCheckPhase, doing nothing
agenix version: 0.15.0
error: creating directory '/nix/var': Permission denied
There is no rule for secret1.age in ./secrets.nix.
/nix/store/d4jf1cbbk494zwgbqz31pxgigpsbh6w2-stdenv-linux/setup: line 138: test: =: unary operator expected
/nix/store/d4jf1cbbk494zwgbqz31pxgigpsbh6w2-stdenv-linux/setup: line 131: pop_var_context: head of shell_variables not a function context
builder for '/nix/store/0ivvf44hxy0zv4gg8nvchdkp895xw5ri-agenix-0.15.0.drv' failed with exit code 2
I can't be bothered to deal with that right now.
Change-Id: Ia052af0d97dbe9ef0c0d4f3e2214ac00ca8645a2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10458
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
This is just intended as a local backup in case things go wrong
horribly, so you can revert to a recent state.
Change-Id: I1d666bad77045a1c807204df144422ba69d1d99f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10417
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
The correct one is cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=,
defined in ops/modules/tvl-cache.nix for example, but as
ssh://nix-ssh@whitby.tvl.fyi is configured, these signatures don't apply
anyways.
Change-Id: I7008a005fe34568d7504b66d979de68bfcfc7acf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10192
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
The correct one is cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=,
defined in ops/modules/tvl-cache.nix for example, but as
ssh://nix-ssh@whitby.tvl.fyi is configured, these signatures don't apply
anyways.
Change-Id: Ib6d429b198f2d4853d6a7d302d91c51dad3c9cab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10191
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: flokli <flokli@flokli.de>
the keys.gnupg.net keyserver has been down for some time now, let's not
link to that in favor of linking to a self-hosted version of my GPG
public key
Change-Id: I9f645c562c2b04e9fb755f21d1ec8a89f89c2230
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10032
Tested-by: BuildkiteCI
Autosubmit: grfn <grfn@gws.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
This passes all tests I could find so far, but doesn't work on the
website. I wrote an interactive debugger for looking at the input, and
haven't found anything incorrect, so not sure what it wants from me.
Change-Id: I506001735e15b2d02eaaebc6d1da8c26e92acde0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10188
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Deletes some stuff that I think isn't necessary anymore, and
consolidates the modes.el content into settings.el.
Change-Id: Ib682dbdb4eb89b3a7ee2eca89da4151af806a508
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10187
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
The second task was very annoying because you had to guess the actual
rules (overlapping words), as they're not explained correctly in the
task. My solution hardcodes those cases.
Change-Id: Idf24579a78a1b8ede368504d3ff0c58c9978f069
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10183
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Lets see if it's good now. Chrom(e|ium) (and by extension (pun
intended) derivatives) are getting rid of ad blockers, so need to
do *something*.
Change-Id: Id7c69d38ddb0ad929aed9e6fbae4d9919ed0731f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10177
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
I have a suspicion that some strange behaviour I occasionally get is
related to company mode.
Change-Id: I26f25c31967ae092d15248a806acdf4f28cb4c10
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10176
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I don't really like this package, it's kinda wonky, and now that part
of my mode line logic is in the tab-bar, it's no longer needed.
Change-Id: I4791a75e5ce2f0c49ef0d239cadf6a4f81c73636
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10171
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
I lost a yubikey :(
this is the way to recover my cloudflare account
Change-Id: Iaffb567ec4a072baa93e78073b47e99a1dc2bb36
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10181
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Main objective was to get SMART/md monitoring working, alerts go (via
some awful glue code) to #sterni.lv on hackint. Bot nick should also be
registered in the future.
Change-Id: Ia73c5a64ee9f6df62f5fbe21fc1606477e3d6e73
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10174
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
We currently don't need it actively and it is easy to re-enable if
needed. Due to spawn chunks simulation it is not really idling either.
Change-Id: I2e4e5ff2271fd61ee1affec27a614244d4a87fcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10173
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This actually allows disabling a service for the first time, since the
configuration structure for the service is created irrespective of the
enable option.
Change-Id: I08e5e67565d6fe210fb0f65600b8750433ce4712
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10175
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This will hopefully prevent failures on system deploys where DNS is
briefly not available, so git(1) fails to resolve github.com. Thanks
flokli for the tip.
Change-Id: I6096e9f3655cbe28ca2a71142de22337814e0be1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10172
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This removes the wonky hack with detecting the bottom right window,
and gives me saner, unified handling of this display in the tab
bar (of which there is only one!)
Change-Id: Id21c6b2472d0c89fc4d000a10a9e90d2ddba86b6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10165
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
While we are at it, rename disk-checkup.nix to btrfs-auto-scrub.nix and
move it into //ops/modules. I originally wanted to have additionally
disk health related services in that module, but the btrfs scrub
functionality is nicely self-contained and reusable, so I think it makes
sense to have this in a more central location.
Change-Id: Iabdd62838eef009540ca71abafd921afda2a9b47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10128
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Network configuration and initrd setup is basically the same as with
edwin, but we are using md for Software RAID this time as well as LVM
over two partitions with LUKS:
- sda2 <-- RAID1 --> sdb2 (boot-raid)
└ boot partition, ext4 (encrypted-container-raid)
- sda3 <-- RAID1 --> sdb3
└ LUKS container
└ Volume Group vgmain
├ Logical Volume vgmain/swap
│ └ swap
└ Logical Volume vgmain/root
└ btrfs
So we no longer rely on btrfs raid1 due to question marks over its
reliability (I personally did not have any problems though). This also
means that we have less LUKS containers we need to unlock when
booting (kind of neglible improvement). The biggest improvement is that
we have redundancy for the swap, so a disk failure shouldn't cause
memory corruption/loss.
Change-Id: I14f065b659857415917d9a60a7ec019e687f8d1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10127
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
These settings would also be applied to a machine that'd replace edwin,
so it's useful to have them outside edwin's default.nix.
Change-Id: I4e8f464118a103645e53909a87c6ee4446022fa3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10125
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This introduces a new structure, as activities are moved to a separate
AWS Account for reasons (tm).
Change-Id: Ic310eca2dc0d4ee81bae8944238b26910067336a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10124
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
This removes everything related to workspaces, as well as the current
RandR configuration, creating a (cleaner) slate for switching to tabs.
This was supposed to be committed earlier, but got broken by
clbot (see b/333).
Change-Id: I2d110bca0d6629a505699210f0aba12882f83d48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10115
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Sets up tab-bar-mode for EXWM, and adds simple initial configuration
and shortcuts to make it behave sanely. I had to assign tab switching
shortcuts myself, as the EXWM input key stuff doesn't work correctly
with the built-in way of setting these shortcuts in tab-bar-mode.
Change-Id: Icd96f03ae7bd2bd5f7c2d59f9aca7a1ca2e7f788
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10116
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Adds an `exwm-assign-workspaces` function that automatically creates
and assigns workspaces to each currently connected monitor. The first
workspace (index 0) is always on the primary monitor.
This function should be idempotent and can be called at any point to
synchronise X outputs and what EXWM is displaying on them.
This works because tabs are disconnected from workspaces completely,
so I don't have to care about what's going on on other workspaces
anymore.
Still missing:
* functions to connect/disconnect outputs
* switching to other outputs from within emacs commands (i.e. without
the mouse)
Change-Id: I7c24aa1b45218fe35de6939e799852b5d11d1272
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10119
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This one is a bit stupid because I couldn't figure out a way to
determine the active workspace. It's definitely possible (either
through some XCB calls, or through state management in screen change
hooks), but for now this is fine.
Change-Id: I5e4c531b248caa0021664bad9dc196bef60cfbac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10122
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
By default, this will be the (only) remaining monitor. In N>2
situations, ask the user.
Change-Id: Id68fcf60d56d0414d1072b8ffeef72c608678f52
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10121
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Uses a bunch of weird xrandr invocations and completing reads to
configure screens the way I want.
Note that this has a known bug where disconnecting a primary screen
will *not* make one of the remaining screens primary.
Change-Id: Ide5322df446685cc4740d4ddd7b6ca8682375050
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10120
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Something changed in the machinery and broke the overriding. I didn't
notice this, as a I was temporarily using an unpatched EXWM.
Change-Id: I1a4e8ea63bd116d86a430e680c2b631474e9a0fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10047
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Make these keys behave a bit more like the Fn+F* keys on the thinkpad
keyboards.
Seems there's currently no trivial way to get mic mute, keyboard mute
and wifi toggle sent out, but considering the thinkpad usb keyboard is
able to, this should be possible somehow here too - but not today, left
for a followup.
Change-Id: I529a958c78116dd9f7250c938e2e7989b296d6c6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10076
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
It seems the regex is not perfect, it choked on a single log line:
```
Nov 13 03:10:19 archeology-ec2 59nkrwmih3ywaxrgxqj79pn395fs6m17-parse-bucket-logs-continuously[11105]: Code: 117. DB::Exception: Line "d57bd890fbd1ae16625bdb8168064125e013198099b7e1b3c24878a4d03c3ab8 nix-cache [12/Nov/2023:09:13:02 +0000] xxx.xx.xxx.xxx - VB7SJVZ108DSSN67 REST.POST.OBJECT index.html "POST /index.html HTTP/1.1" 405 MethodNotAllowed 348 - 4 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" - 0bFdGKbi0n9JHXU1a2hijcJwmYdc6lG2xgbdozc3wS6mlUkBE7ssrQCHIDdOLebo78o2cGbhivY= - ECDHE-RSA-AES128-GCM-SHA256 - nix-cache.s3.amazonaws.com TLSv1.2 - -" doesn't match the regexp.: (in file/uri log/2023-11-12-10-19-50-80805A702ECF65EB): (at row 5)
```
This was due to the user-agent field. The regex is now fixed.
The request itself is fun (someone trying to POST an index.html to the
bucket), and we should probably filter this on the Fastly side already,
not via IAM,
In any case, there's no point failing to parse if a single line doesn't
match the regex - we can just skip them.
For the sake of completeness, logs for that day have been reprocessed
and reuploaded.
Change-Id: Id98a7167a381cda06d150ad5118ee9e70ead277e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10034
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>