this machine is now sort of permanently stationed in the office, and
thus permanently connected to the big screen.
with this setup, it's comfortable to have it available for a single
workspace (e.g. for videos playing there), but it's too confusing and
unergonomic to use that screen for anything else.
Change-Id: I03556b777c79f68d65d4d8bf1ba1f18982650a8b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5872
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
It only sometimes works and that's not enough times.
Change-Id: I11c1bc6e5c2eec4706bd935352188ffa83057c8f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5869
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Maybe this will lead to me being able to log in to this machine again
eventually.
Change-Id: I348d6ea3b8d4cc6b8083766669ba1371b3d1216b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5866
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
I still have the issue where after reboots I can't log in to my
machines without going through a horrible dance with booting a NixOS
installer and so on.
I suspect this has somethign to do with this initial hashed password
set here, but I was unable to verify what password I've actually set
up there, so I'm resetting it to a known string to verify my theory.
Change-Id: Ic9d495255ca48110920cf2df371946ac146dcd72
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5865
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Before this commit besadii only worked for repos having
'refs/heads/canon' as main branch.
Change-Id: Ia2ceb8a720c675be84bc3d81b89338522cea6ebd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5862
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: asmundo <asmundo@gmail.com>
This makes CI utility functions available in TVL kit. For now this is
only the Terraform check, but said check has come up in other repos
before so it's useful to centralise here (and we might add more!)
Change-Id: I18acb19fc3407650ab9bad53dfba022dda498c07
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5858
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: asmundo <asmundo@gmail.com>
This can be re-used across Terraform environments.
Change-Id: I3d964a17d1cda1aff1df12bd4c0c3ee84b7f7748
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5850
Tested-by: BuildkiteCI
Reviewed-by: asmundo <asmundo@gmail.com>
Generating a release-only pipeline skips a bigger chunk of eval this
way (the step itself is never actually evaluated, which means we never
actually compute the drv), which can be quite beneficial in terms of
evaluation time.
Change-Id: I2739026ddd1c6a86f82627ac26a046c5fe7359ea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5830
Tested-by: BuildkiteCI
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Extra steps that use `depends_on` (e.g. if they need output from their
parent) should not actually depend on their parents build step if the
build phase is not active.
This is required to actually decouple the phases.
Change-Id: I398da9a8a53e97ca3c635342259fc722d54b8e4a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5829
Tested-by: BuildkiteCI
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Using the `activePhases` attribute, the set of phases included in an
evaluation can be modified.
This lets users generate e.g. ONLY the release steps of a pipeline.
Change-Id: Ib0c38826dd69666094d619f5f324d1baafce8134
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5828
Tested-by: BuildkiteCI
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Remove a workaround for a GleSYS provider bug that was fixed in the
last release.
Change-Id: Ibd25de0b4dcccd781518d5d0ae1c75d296f6b05f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5845
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
In order to run this the secrets needs to be sourced, e.g.:
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)
Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Of course we can't pass the overlays without causing an infinite
recursion, but they are also intended purely for unstable nixpkgs,
so it doesn't matter.
Change-Id: I0e1b42e37ad12872f9420cf59dff6d944b2bc5d3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5847
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This has come up a couple of times. This way system is passed to all
derivations. Maybe we can do something useful with it.
Change-Id: Ia7dfcffbc82abbd3128342a8971a3861865be713
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5832
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
this way the tooling provided by //.envrc will not disappear
Change-Id: Icba1fe85d65316fde939ed3451e0cf80d9064382
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5836
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This will avoid things like extra steps being accidentally ignored
because of typos.
Change-Id: Ic4fa5925e42a7a449f89b4cde1510e216e91da6a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5827
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
This would block CI on human-approval if people were allowed to do it,
so they're just not.
Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Previously the extra steps were roughly divided into steps that run
"at build time" (i.e. before we publish results to Gerrit), and
"post-build" (i.e. later on).
In practice, these are something like a build/release pairing, where
steps running after the build results are returned are mostly run for
side-effects (e.g. publishing git subtrees to external repos).
This refactoring makes this distinction explicit in //nix/buildkite
and changes the extraSteps API with an explicit `phases` attribute
instead of the previous `postStep` attribute.
In practice the previous API is still supported, but will throw
evaluation warnings until an arbitrarily chosen cutoff date of
2022-10-01 at which point we will change using it into a hard error.
This uncovered a few strange behaviours which we only accidentally
avoided, most of which I have left TODOs about and will clean up in
subsequent commits.
The purpose of this commit is to allow for separate evaluations of
only build or only release steps, for example if release steps are
evaluated in a slightly different context (e.g. with overridden
versioning that is not relevant to standard CI functionality).
Change-Id: I0b0186e3824273c15a774260708702d4a5974dac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5825
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
This is in preparation for a subsequent CL that will do much more
significant changes in //nix/buildkite.
Change-Id: I80a8d67d3a7d593854c8d711572483c2581e7881
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5824
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Tested-by: BuildkiteCI
The isPowerPC predicate has been [removed], since it was misleadingly
named (it just matches PowerPC, 32bit, little endian). This means the
64bit code path could now actually work.
Not sure about endianess, the CCL docs don't really say much regarding
that topic.
[removed]: https://github.com/NixOS/nixpkgs/pull/168113
Change-Id: Icf4a8c6b1df95fa597ed87508f57aaa73e6185ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5796
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
`mg repl` is essentially a shortcut for nix repl $(mg path //) which
comes up often enough for me. Launching a repl only really makes sense
in the repository root with how readTree works at the moment, so I think
this is a convenient addition.
Change-Id: I32b695885c2e6eaecdcc656c7249afa504439913
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5822
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This is merely a little demonstration of nix#6579:
`users.sterni.nix.misc.isRestrictEval` returns whether the restrict-eval
setting is true or false by exploiting the aforementioned Nix bug.
Change-Id: Icca354d1cd6571cdf0804abae27aac91a18cda1e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5692
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Not updating the stable channel to 22.05 yet, since it ships a too
recent bat for us.
Change-Id: Ie8a541e972879f92c62b5e04254cca7b5880c813
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5821
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.
Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This switches upstream from hankhero/cl-json to
sharplispers/cl-json (the former of which had its last commit in 2014).
Sadly the new upstream hasn't decided on an appropriate fix for b/145
yet (due to concern about backwards compatibility, apparently). I did
not look before working on a fix, so I have an 90% finished fix which
is (I think) better than the already proposed ones, so I'll patch it in
here eventually.
Change-Id: I9e39e138fa655794b864db5f268bdfdc35788fcc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5795
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
I keep having this in the user env instead, not good.
Change-Id: I683efc9782281053cb4aee1875c3a664c8dcdae8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5794
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI