10 Jan 2022 |
Winter (she/her) | In terms of time | 20:35:07 |
m1cr0man | It'd be nice if there was some automation to it, like if two members of the target team approve it, it gets merged | 20:36:08 |
Winter (she/her) | Not a bad idea
~~RFC time?~~ | 20:39:20 |
hexa | In reply to @winterqt:nixos.dev it was not my intention at all to come off as pushy or demanding or anything like that, as I fear I may be coming off as don't worry about it, I think its just fair to let you know my boundaries in return. does that sound ok? | 20:39:45 |
hexa | like nixpkgs commiters are few in numbers given the amount of changes we need to review, so it's a mess anyway | 20:40:24 |
Winter (she/her) | In reply to @hexa:lossy.network don't worry about it, I think its just fair to let you know my boundaries in return. does that sound ok? that’s completely fine yeah, i can’t even begin to fathom how much work it is | 20:44:56 |
m1cr0man | In reply to @winterqt:nixos.dev Not a bad idea
~~RFC time?~~ painful effort noises | 20:46:45 |
hexa | I think we need to talk about maintainer expectations first | 20:47:17 |
Winter (she/her) | What maintainers are you talking about specifically? | 20:57:54 |
Winter (she/her) | Like, module maintainers, nixpkgs commiters? | 20:58:03 |
hexa | package, module and test maintainers | 21:02:27 |
hexa | basically committing to something and saying when you can no longer fulfill that committment | 21:02:58 |
Winter (she/her) | ah | 21:28:11 |
20 Jan 2022 |
| andi- left the room. | 08:30:51 |
24 Jan 2022 |
m1cr0man | Wrt https://github.com/NixOS/nixpkgs/pull/156562 is this a concern? Warning: a test defined in passthru.tests did not pass The passthru test is the acme test. | 20:38:04 |
hexa | they were built by ofborg | 20:39:18 |
hexa | https://github.com/NixOS/nixpkgs/runs/4925831593 | 20:39:35 |
hexa | https://github.com/NixOS/nixpkgs/runs/4925858190 | 20:39:45 |
m1cr0man | ah awesome ok :) | 20:41:39 |
Winter (she/her) | I wonder why r-ryantm failed but not OfBorg 🤔 | 20:59:30 |
m1cr0man | If it's acme test pseudo-randomness, I was really under the impression I had fixed all that 😢 | 21:01:46 |
27 Jan 2022 |
m1cr0man | So I hear LE is about to nuke some certs. https://www.theregister.com/2022/01/26/lets_encrypt_certificates/ this shouldn't affect most NixOS users since you'd have to really get into the weeds to configure TLS-ALPN-01 validation | 12:41:26 |
31 Jan 2022 |
Winter (she/her) | in renewService , why is network-online.target in wants and after , but network.target isn't in wants (but is in after )? | 03:22:33 |
Winter (she/her) | any reason? | 03:22:36 |
Arian | There is no point in actively pulling in network.target. see https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ | 10:05:42 |
Arian | But we can probably remove the network.target altogether if network-online.target is used | 10:06:30 |
2 Mar 2022 |
iclanzan | I’ve upgraded NixOS to a recent commit from unstable and ACME is not working anymore. All I see in the logs is:
Failed to start Renew ACME certificate for example.com.
acme-example.com.service: Failed to load environment files: No such file or directory
acme-example.com.service: Failed to run 'start' task: No such file or directory
acme-example.com.service: Failed with result 'resources'.
over and over again. (I replaced my actual domain with example.com) I am using the cloudflare DNS challenge .
Does anyone have any pointers as to how I could debug this?
| 01:01:25 |
hexa | start looking at the systemd unit | 09:33:15 |
hexa | look for what paths are actually missing | 09:33:26 |
4 Mar 2022 |
Winter (she/her) | m1cr0man: so do you remember #153942? i didn't notice it at the time but the issue that it solved may be able to be made redundant.
https://github.com/NixOS/nixpkgs/commit/81a67a3353b09c0abade5f2d17e91d23873fc7fb added SupplementalGroups=acme if ACME certs are used to the Caddy service, which gives the Caddy service access to the certs mo matter what group the Caddy service user is a part of. (In fact, I think my assertions made it so you'd have to add the acme group to the caddy user, even if it would work fine without it due to SupplementalGroups, whoops.)
I think we can make this change across the board, and (potentially) remove the assertions? Let me know what you think. | 19:34:56 |