Eventually this should be generalized, but for now this is good enough +
nice to have
Change-Id: Icca815b651cfb6f8f0cd2d6a1f64e56c63d2fef5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2057
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Install some packages and enable the necessary services + udev stuff to
make yubikeys usable
Change-Id: I8aee8a8b06895880c8195f02fb57b1216a5fdffc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2049
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
In this case mostly so I can have it on mugwump
Change-Id: Ifa24caf607b30c1d034f4a9e7044ece88fcee38e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2048
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Since buildkite is running on there, it'll be nice to be able to
download things. Obviously if this laptop ever becomes a laptop again
this'll have to go away (or just become the external domain)
Change-Id: I5fc49c061dbf79f8d523244bcf822e8d96fa6d42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2047
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
I accidentally dropped this when reconfiguring things around to get
mugwump working, and when I rebuilt my x session turned off!
Change-Id: I252c90b6f4d796fef1f8183739fcc8dbfdd0fbf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2046
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.
Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.
Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi
with an Acme SSL cert.
Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Init the config for mugwump, a NUC that I bought from ncl and which I'm
going to use as a simple home server and ssh bastion box. Since this is
the first time I've set up a server using my nixos config, this also
moves a bunch of desktop (xserver, audio, etc.) related config out of
modules/common.nix and into a new modules/desktop.nix.
Coming soon: nixos-rebuild switch --target, but in the depot!
Change-Id: I67bd5ba6e3c26f80f77058af186fd41cc245d5d2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2016
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add configuration for a live install iso based on the depot's nixpkgs
pin and with a couple of networking-based options tweaked a bit.
Change-Id: I208bd0f7815fe54fc805e8995a8288d7a0d36f84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2014
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Bind a key, which I've located at the top-left of my right keyboard, to
a momentary push-to-talk by muting and unmuting my pulseaudio source
using xbindkeys. I had been putting this off for a while because i3
doesn't support binding different commands to keyup than to keydown
events, but the xbindkeys support appears to have solved that reasonably
well, plus it's got Scheme in it so that's cool.
If there's demand for it I'll gladly expose this as a reusable,
configurable home-manager module outside my users dir in the depot.
Change-Id: Ie591c93037dbdac364d5d8a718d99edb70780789
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1975
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Also move fcitx to system, since it's a nixos thing not a home-manager
thing.
Change-Id: I3e047494a478520e939d48fc72cc91a2d797bf74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1969
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
These depend on graalvm which is gonna be a big ol build
Change-Id: I3b67e22677390921e408b9fea12191718b27cd7f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1967
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Use a block cursor in normal mode, and a beam cursor in insert mode.
Change-Id: I1cf5eebeaadf41cd006b324de62eb7f6804e149a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1965
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Create the pipeline by outputting a file that contains nix-build
invocations for each target's *derivation path*.
Each invocation has a generated Nix expression passed to it with `-E`
which fetches the correct target from the tree while correctly
handling targets with strange characters (such as in Go-packages).
This makes it possible to run target-level granular pipelines. We're
getting somewhere!
Change-Id: Ia6946e389dafd1d4926130bb8891446d6e17133b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1855
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
This reverts commit 475d41f698. I'd like
my derivations back, please.
Changes necessary to get this working:
- Don't depend on `nixpkgs` being in the NIX_PATH for my website - it's
not necessary anyway since emacs 27 is mainline now
- .skip-subtrees on things that shouldn't be evaluated anyway
- Get rid of system/pkgs, and move the one thing in there that *wasn't*
already in third_party (alsi) to third_party
- Drop notifymuch for now - it's not working, and I'll probably get it
landed in nixpkgs before I manage to get it working
- Add __readTree = true to my systems so they get built.
- explicitly disable ci for xanthous, which is failing to build and had
been omitted previously
Change-Id: I20f5e81d6eb7ffe040091a08d75d0cb15304f707
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1864
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This bumps the channel to a commit that includes fixes for an nginx
issue we have been seeing:
https://github.com/NixOS/nixpkgs/pull/95264
Includes the following compatibility fixes:
- tests disabled in third_party.bufbuild: These were enabled
unexpectedly by the update, but don't run in the sandbox because
they want to download things from github
Change-Id: I98a3b5de57f62f1fd3a37701fa1896eddeedff85
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1759
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
This is kind of difficult to read otherwise because the boot
configuration is scattered throughout the file.
Change-Id: I8977b1bd2b9162c898c96aa249c40749b3d46180
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1762
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
I have an encrypted drive, so this extra layer of security is pointless
Change-Id: Ifa523ee5ea545b5ee17536d34f60d7235e47f25c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1741
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Bumps both nixos-unstable and nixos-20.03 to today's versions, as per
status.nixos.org
Contains minor fixes to things that broke because of the update:
* tazjin/frog: hardware.u2f is a deprecated setting
* glittershark/system: modSha256 in Go modules is now vendorSha256
* glittershark/owothia: removed version constraint on relude
Change-Id: Ib3e9612b1b06ed547b90e4f8b0ffe5ed7fe0a5c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1642
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Bump to alacritty 0.5.0 (which is happening by fetching YANNPP (Yet
Another Nixpkgs Pin) because overriding versions of rust packages is not
very well supported) and update the relevant home-manager version and
pin to get it installed and configured with vi-mode.
Change-Id: I4fd96bd0c0611ce76500c33bf0b2c680ee7f44c3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1583
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
For when I'm building stuff I don't want to build on whitby.
Change-Id: Ic377fe0d68436a81ee479ff4aa029a51e0a5babf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1215
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This uses the notifymuch package pulled from
https://github.com/NixOS/nixpkgs/pull/92797 right now, but eventually I
would like to pull from a vendored version since there are some changes
I would like to make to how the notifications are rendered and it looks
like upstream is unmaintained.
Change-Id: I3d1d355a09171a33677f095aa068f2499d50b37b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1177
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This was done originally to make the snippet shareable, but is nice
regardless.
Change-Id: Ie51302a020cbb262b1e802e94786ebb8a9f843c8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1170
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Essentially the same as for nixos, so I can get whitby to compile stuff
for me. Eventually I'll generalize this so things aren't as hardcoded to
my particular setup, but for now I'm the only one in the depot who's
using home-manager so this should be fine.
Change-Id: I1cb0344f5a11eea68bddc98976999c0928dfa84e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/937
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.
As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.
Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>