freshlybakedca.ke
commits
We can do this by redefining the function zsh calls to be a no-op...
I haven't decided if we want this on user machines, but we definitely
don't want it on servers
Refs: https://discourse.nixos.org/t/zsh-configuration-for-new-users-keeps-recurring
Most of this is fairly straightforward, there's just a couple of bits of
complication:
- We need to update packetmix to use the new clone URL
- The order filters are applied in really matters, we need to add the
folders first before we then move out from the top of the workspace
- Our README also needs updating
There were various problems with it before - it was only really
half-modified from the tangled.yml workflow we had over on GitHub!
It now works and has been tested to put up a branch with a test push
The footnote.social dev is interested in using our proxy. We're happy to
let them
Speaking of, we haven't run an npins bump in a while... let's do that
This is a nontrivial npins bump, because catppuccin has added a module
that isn't in the version of home-manager we're using so we need to
import it.
There was an update to the record format of spindle which meant adding
new repos was broken. This bump fixes that
Umber is a system that'll be replacing firebrick in the long term. I
need to transfer over the private silverbullet and set up backups on
here for it to fulfil that role...
Previously we were starting swayidle on niri. Unfortunately, this caused
a race condition where niri idle inhibitions were not respected. As niri
gets idle inhibitions from, say, browsers when playing video, this meant
we had to do nasty hacks such as manually systemd-inhibiting via a shell
By moving startup to systemd, we can start swayidle later - and in much
the same way as starting our SSH agent later avoids its race conditions,
starting swayidle later fixes this issue...
deadnix is a package to find unused nix code, we can add it to enforce
that we don't leave let bindings/inputs/etc. around when they are not
needed
We previously had these records, but we lost them when migrating
stuff...
They are internal mirrors of some external mostlyturquoise records
We want to add some patches to our PDS to enable SSO - and those patches
need us to be on a later version. Therefore, let's upgrade!
bluesky-pds is packaged in a rather interesting way
- The vast majority of the code is in a different repo which is normally
fetched with pnpm - we need to twist stuff so that we build it with
nix
This is part of a series of atproto migration patches. Our plan so
far is:
- [x] Set up a tangled.org spindle
- [x] Set up a PDS
- [ ] Pull in upcoming external idp patches for PDS
^ You are here
- [ ] Set up email for our PDS
- [ ] Set up a tangled.org knot
- [ ] Rename tangled.org spindle to spindle.freshly.space
Internally for Freshly we use Tailscale to access hosts, but Collabora
now also use Tailscale to access hosts. For a while, I've been using
'tailscale switch' to move back/forth but this takes some time and
doesn't allow me to use multiple nets at once.
I evaluated what I wanted to use my own personal tailscale for, and it
was the following things:
- https://files.freshly.space (I have a mounted webdav drive which is
only available over tailscale, and the web interface auto-logs-in over
tailscale which is very nice...)
- https://silverbullet.clicks.codes (All of my notes are here. I would
need to switch notetaking app for work stuff if I were to stop using
my own tailnet)
- https://silverbullet.starrysky.fyi (Actually, some work stuff is also
here because I have some things which I am contractually obliged not
to make public - even to my friends. This one does tailscale auth to
check that I am my own tailscale user)
- My own devices (which I could put on to the work tailnet, although I
would either forgo nice device names or manage my own /etc/hosts and I
would need to manage switching back/forth (potentially making any
/etc/hosts editing pretty fraught...))
While some of this could be put on the work tailnet, by no means all of
it could be.
In contrast, I need the work tailnet to access SSH/web interfaces for
several internal services. These can't be used without it, but I only
really need to use them from redhead.
The cleanest solution is to have multiple tailnets at once - and select
which one I'm using such that the collabora tailnet is only used for the
things it's needed for.
Here's how I'm proxying SSH hosts through the tailnet
Host collabora-foo foo
ProxyCommand nc -X 5 -x localhost:1055 %h %p
Hostname <some tailnet hostname>
...
And I'm using the "FoxyProxy" extension in Firefox to do the same for
specific URL matches. I'm hoping this'll be enough to let me neatly
access everything I want to all of the time...
We'd like to move off bluesky's PDS, and the obvious candidate is to set
up our own...
...we've chosen to have our handles *.at.freshlybakedca.ke because they
are technically publicly visible - although we expect to be using custom
domains for most/all accounts on this PDS
...we've chosen to have the pds at pds.freshly.space because, like
files.freshly.space, while *technically* publicly usable (file shares
or accessing our bsky accounts), it is only going to host accounts of
friends and patissiers of freshlybakedca.ke. There is no process to get
an account on our PDS as a general member of the public. It also isn't
generally particularly visible in public UIs. (This criteria also means
that spindle.freshlybakedca.ke should be at spindle.freshly.space, which
we will migrate in the future. Other than that everything we host meets
this criteria)
This is part of a series of atproto migration patches. Our plan so
far is:
- [x] Set up a tangled.org spindle
- [x] Set up a PDS
^ You are here
- [ ] Set up email for our PDS
- [ ] Set up a tangled.org knot
- [ ] Pull in upcoming external idp patches for PDS
- [ ] Rename tangled.org spindle to spindle.freshly.space
While we created the release bookmark fine, we can't push to it unless
we have a non-shallow history...
We just set up a binary cache with nix-serve - let's use it!
We'll keep the old cachix around for now, but it's considered deprecated
:)
Nix-serve is [a cache server](https://github.com/edolstra/nix-serve)
that sets up your nix store to be served as a binary cache. As we're
not going to be using cachix anymore as we are on tangled, we need to do
this to have a cache
I accidentally used the old .sh url when setting this push url. We're
using .org everywhere, let's switch over...
I typoed this command - and unfortunately we can't easily test this
without pushing to main...
We're remote building in CI to get around Tangled's limitations for nix
(and to avoid us having to figure out how to make nixery play nice with
a mounted nix daemon...)
Therefore, we'll need a remoteBuilds key that our Spindle can use
There's a race condition here where teal sometimes looks up midnight
when not connected to tailscale. If it does that, it resolves midnight
on the local network. That would be entirely fine if we weren't just
listening on Tailscale.
Further, that lookup can then get cached, bringing down the spindle even
when tailscale comes up
We trust the local network, let's just allow this route too...
Spindles don't really like it when you delete their state every
time they turn on. It tends to lead to lost logs and repulled nixery
containers. Let's fix that...
We've overloading midnight with our CI - let's stop ourselves from
trying to do more things than midnight supports at once...
On GitHub, we had a workflow which released packetmix when we built
successfully on main - avoiding rebases breaking release builds/etc.
Let's do that again here :)
When we push, josh sometimes seems to pull before it pushes. That causes
our SSH key to be used twice, triggering a double pin entry/etc. with a
security key. That's mildly annoying...
Luckily, we should always be able to pull over http, so we can just use
that for all pulls whether we're nominally using SSH or not!
Tangled has renamed from https://tangled.sh to https://tangled.org
https://bsky.app/profile/tangled.org/post/3lz5dmdtl4s2s
We love that for them - but Josh doesn't properly follow the redirects
for http URLs so we'll have to change them...
Jujutsu's templates for this are for how far ahead/behind the remote
branch is than compared to the local branch vs how far ahead/behind we
are from the remote branch... it makes more sense to have this the other
way around (and clarify in the comment...)
I've attempted to use colors that are fairly close to the original
colors, and use the 8-bit shell colors where possible so these should
change nicely with different terminal themes...
I've not changed colors of anything that looked related to a specific
project (e.g. python logo colors) though I *did* change colors of some
projects that didn't seem to particularly identify with the color picked
(taskwarrior). I'm sure I've done something wrong. Oh well :shrugging: -
maybe we should slim down/split up this p10k file as much as possible...
we don't use most of the things here anyway...
I've not tested this on any theme except latte... perhaps
at://thecoded.prof could take a look at how this looks on dark themes?
It'd be nice to use nix output monitor for builds - there's a project
which automatically uses nix output monitor when nix is called (even
supporting nix-direnv/nixos-rebuild)... this looks probably good for us
to use.
There is [one issue](https://github.com/ners/nix-monitored/issues/3)
of some importance on the nix-monitored tracker which suggests that
nix-monitored incorrectly transforms some 'nix run' invocations...
fortunately, we don't use flakes so this shouldn't be a huge issue
If it is, using
NIX_MONITOR=disable
will temporarily disable nix monitor, allowing you to run whatever you
needed without issue while using nom for everything else
So, we've done some things here...
- We're no longer evaluating homes - which was basically a double-eval
anyway until we get MacOS/etc. up
- We're splitting system evals apart from each other, which will take
longer over all but reduces the peak memory usage from >10GB to ~3GB
- >10GB was unsustainable for midnight ... we were constantly OOMing
when we accidentally triggered CI twice
- ~3GB is very sustainable for midnight :)
ci.nix has different licensing requirements to nilla.nix, namely unfree
packages are not allowed to be built at all in ci.nix. Therefore, it's
good to use it over nilla.nix to avoid accidentally building a package
we cannot distribute
I accidentally merged something in without formatting it locally when
our CI was down - here's that reformat...
We previously didn't use atuin because it was printing garbage
characters in bash... by switching to zsh we seem to have avoided this
problem :)
I've installed zsh, including
- zsh4humans
- powerlevel10k
This is because
- I'm interested installing atuin, and we've had some problems using it
with bash
- I'm interested in adding jujutsu information to my prompt, and zsh
will let me do this much more easily than bash
This isn't an ingredient of its own yet because it doesn't integrate
nicely with, say, catppuccin (or really anything that isn't itself) but
it's a start...
Timestamps currently display only the time, which is... fine, but can
be somewhat annoying to see how long ago something actually was. It's
possible to use timestamp.ago() to show how long ago a thing was as
well. Let's add it to our default timestamp formatter so we can see that
everywhere jujutsu shows us timestamps
We recently reset midnight - and in doing so changed its host key. We
need the new one for remote builds...
- As we've adopted josh, I've needed to type :work (the start of
:workspace) a lot more than I was expecting
- Coded often co-authors stuff with me and I'd like to type his credits
easily
- Speaking of which, I only made ways to add my own co-author credit
but didn't make an easy way to type a blank trailer to credit someone
else...
- And finally, coded also uses the same companies email scheme, and I
occasionally need to type his emails for administrative reasons...
I do Android development - the tools for it aren't in packetmix (see
https://github.com/CollaboraOnline/nix-build-support) but we still need
to persist the data here...
We've been using github CI for a while, let's translate everything to
tangled format so that we can move across!
We need to put our CI in the root of our monorepo as otherwise it won't
run on our tangled spindle...
We've been using https://reuse.software in packetmix for our licensing,
but we haven't made it work in the monorepo and we haven't got sprinkles
under it. Let's change that
We've seen some weird consequences which appear to be from setting the
base=main push option all the time - it's better to use some aliases or
something to set the options only when needed...
Workspaces are not the default filter when you clone a directory,
however we want them so we can have folders such as .tangled shared
between multiple workspaces. Therefore, we should recommend them for our
clone URLs
Sprinkles is widgets for our Niri desktop. Currently we're working on a
notification daemon, and we plan to move our clock out from PacketMix
into sprinkles as well...
Josh doesn't seem to be working correctly with cloning over SSH, but we
know it works for pushing. Therefore, we should mention git's support
for having a different push URL and recommend always cloning over HTTPS
We've exposed teal's SSH to the outside world, so it's now possible to
use the SSH push URL for josh
We don't capitalize our project names, with the exception of at the
start of sentences, so it's nice to make them italic: it makes them
stand out a little bit from the text around them
Additionally, several projects weren't linked/etc.
I've done that now :)
Josh does weird things when creating branches, it's worth documenting
them (particularly as we tend to use jujutsu where push option
specification has to be done via the git config)
Josh wants workspace files to exist before workspaces are cloned to
avoid rewriting commits, so let's add some...
We are moving over to tangled and want to have a spindle so that we can
run long builds like PacketMix needs :sweat_smile:
Midnight is our CI server so it makes sense to host the spindle on it,
proxied to the outside world via teal
We're reinstalling midnight! Previously we had the old hardware config
here, but that one didn't support impermanence and was pretty different
to teal's. As part of our reinstall we've repartitioned our disks to
have a much more similar layout...
We can do this by redefining the function zsh calls to be a no-op...
I haven't decided if we want this on user machines, but we definitely
don't want it on servers
Refs: https://discourse.nixos.org/t/zsh-configuration-for-new-users-keeps-recurring
Most of this is fairly straightforward, there's just a couple of bits of
complication:
- We need to update packetmix to use the new clone URL
- The order filters are applied in really matters, we need to add the
folders first before we then move out from the top of the workspace
- Our README also needs updating
Previously we were starting swayidle on niri. Unfortunately, this caused
a race condition where niri idle inhibitions were not respected. As niri
gets idle inhibitions from, say, browsers when playing video, this meant
we had to do nasty hacks such as manually systemd-inhibiting via a shell
By moving startup to systemd, we can start swayidle later - and in much
the same way as starting our SSH agent later avoids its race conditions,
starting swayidle later fixes this issue...
We want to add some patches to our PDS to enable SSO - and those patches
need us to be on a later version. Therefore, let's upgrade!
bluesky-pds is packaged in a rather interesting way
- The vast majority of the code is in a different repo which is normally
fetched with pnpm - we need to twist stuff so that we build it with
nix
This is part of a series of atproto migration patches. Our plan so
far is:
- [x] Set up a tangled.org spindle
- [x] Set up a PDS
- [ ] Pull in upcoming external idp patches for PDS
^ You are here
- [ ] Set up email for our PDS
- [ ] Set up a tangled.org knot
- [ ] Rename tangled.org spindle to spindle.freshly.space
Internally for Freshly we use Tailscale to access hosts, but Collabora
now also use Tailscale to access hosts. For a while, I've been using
'tailscale switch' to move back/forth but this takes some time and
doesn't allow me to use multiple nets at once.
I evaluated what I wanted to use my own personal tailscale for, and it
was the following things:
- https://files.freshly.space (I have a mounted webdav drive which is
only available over tailscale, and the web interface auto-logs-in over
tailscale which is very nice...)
- https://silverbullet.clicks.codes (All of my notes are here. I would
need to switch notetaking app for work stuff if I were to stop using
my own tailnet)
- https://silverbullet.starrysky.fyi (Actually, some work stuff is also
here because I have some things which I am contractually obliged not
to make public - even to my friends. This one does tailscale auth to
check that I am my own tailscale user)
- My own devices (which I could put on to the work tailnet, although I
would either forgo nice device names or manage my own /etc/hosts and I
would need to manage switching back/forth (potentially making any
/etc/hosts editing pretty fraught...))
While some of this could be put on the work tailnet, by no means all of
it could be.
In contrast, I need the work tailnet to access SSH/web interfaces for
several internal services. These can't be used without it, but I only
really need to use them from redhead.
The cleanest solution is to have multiple tailnets at once - and select
which one I'm using such that the collabora tailnet is only used for the
things it's needed for.
Here's how I'm proxying SSH hosts through the tailnet
Host collabora-foo foo
ProxyCommand nc -X 5 -x localhost:1055 %h %p
Hostname <some tailnet hostname>
...
And I'm using the "FoxyProxy" extension in Firefox to do the same for
specific URL matches. I'm hoping this'll be enough to let me neatly
access everything I want to all of the time...
We'd like to move off bluesky's PDS, and the obvious candidate is to set
up our own...
...we've chosen to have our handles *.at.freshlybakedca.ke because they
are technically publicly visible - although we expect to be using custom
domains for most/all accounts on this PDS
...we've chosen to have the pds at pds.freshly.space because, like
files.freshly.space, while *technically* publicly usable (file shares
or accessing our bsky accounts), it is only going to host accounts of
friends and patissiers of freshlybakedca.ke. There is no process to get
an account on our PDS as a general member of the public. It also isn't
generally particularly visible in public UIs. (This criteria also means
that spindle.freshlybakedca.ke should be at spindle.freshly.space, which
we will migrate in the future. Other than that everything we host meets
this criteria)
This is part of a series of atproto migration patches. Our plan so
far is:
- [x] Set up a tangled.org spindle
- [x] Set up a PDS
^ You are here
- [ ] Set up email for our PDS
- [ ] Set up a tangled.org knot
- [ ] Pull in upcoming external idp patches for PDS
- [ ] Rename tangled.org spindle to spindle.freshly.space
There's a race condition here where teal sometimes looks up midnight
when not connected to tailscale. If it does that, it resolves midnight
on the local network. That would be entirely fine if we weren't just
listening on Tailscale.
Further, that lookup can then get cached, bringing down the spindle even
when tailscale comes up
We trust the local network, let's just allow this route too...
When we push, josh sometimes seems to pull before it pushes. That causes
our SSH key to be used twice, triggering a double pin entry/etc. with a
security key. That's mildly annoying...
Luckily, we should always be able to pull over http, so we can just use
that for all pulls whether we're nominally using SSH or not!
I've attempted to use colors that are fairly close to the original
colors, and use the 8-bit shell colors where possible so these should
change nicely with different terminal themes...
I've not changed colors of anything that looked related to a specific
project (e.g. python logo colors) though I *did* change colors of some
projects that didn't seem to particularly identify with the color picked
(taskwarrior). I'm sure I've done something wrong. Oh well :shrugging: -
maybe we should slim down/split up this p10k file as much as possible...
we don't use most of the things here anyway...
I've not tested this on any theme except latte... perhaps
at://thecoded.prof could take a look at how this looks on dark themes?
It'd be nice to use nix output monitor for builds - there's a project
which automatically uses nix output monitor when nix is called (even
supporting nix-direnv/nixos-rebuild)... this looks probably good for us
to use.
There is [one issue](https://github.com/ners/nix-monitored/issues/3)
of some importance on the nix-monitored tracker which suggests that
nix-monitored incorrectly transforms some 'nix run' invocations...
fortunately, we don't use flakes so this shouldn't be a huge issue
If it is, using
NIX_MONITOR=disable
will temporarily disable nix monitor, allowing you to run whatever you
needed without issue while using nom for everything else
So, we've done some things here...
- We're no longer evaluating homes - which was basically a double-eval
anyway until we get MacOS/etc. up
- We're splitting system evals apart from each other, which will take
longer over all but reduces the peak memory usage from >10GB to ~3GB
- >10GB was unsustainable for midnight ... we were constantly OOMing
when we accidentally triggered CI twice
- ~3GB is very sustainable for midnight :)
I've installed zsh, including
- zsh4humans
- powerlevel10k
This is because
- I'm interested installing atuin, and we've had some problems using it
with bash
- I'm interested in adding jujutsu information to my prompt, and zsh
will let me do this much more easily than bash
This isn't an ingredient of its own yet because it doesn't integrate
nicely with, say, catppuccin (or really anything that isn't itself) but
it's a start...
Timestamps currently display only the time, which is... fine, but can
be somewhat annoying to see how long ago something actually was. It's
possible to use timestamp.ago() to show how long ago a thing was as
well. Let's add it to our default timestamp formatter so we can see that
everywhere jujutsu shows us timestamps
- As we've adopted josh, I've needed to type :work (the start of
:workspace) a lot more than I was expecting
- Coded often co-authors stuff with me and I'd like to type his credits
easily
- Speaking of which, I only made ways to add my own co-author credit
but didn't make an easy way to type a blank trailer to credit someone
else...
- And finally, coded also uses the same companies email scheme, and I
occasionally need to type his emails for administrative reasons...