| 21 Dec 2024 |
 Arian | https://blog.darknedgy.net/technology/2020/05/02/0/ is a nice read | 22:44:57 |
| 22 Dec 2024 |
 m1cr0man | How are we feeling about the acme-setup.service refactor now? https://github.com/NixOS/nixpkgs/pull/355087 I still want to get this merged, it really simplifies the systemd side of things a bit. | 12:31:30 |
| m1cr0man | In reply to @thinkchaos:matrix.org
Either way I think we'll need to make the link between the certs and web server stronger to fix this: I'm thinking certs using HTTP validation can Require the relevant web server I totally forgot that we had a discussion about this a while ago 😅 tl;dr we could add a target for http01 renewal specifically. The web servers can be configured to want + before on it, and the renewals can require + after. This gives us a generic mechanism of linking whatever web server is running on port 80 to the certs using HTTP01. | 12:36:53 |
| m1cr0man | We do have to be careful about circular dependencies, but that's expected. HTTP01 server startup is complicated regardless. | 12:37:36 |
| m1cr0man | In reply to @thinkchaos:matrix.org
Either way I think we'll need to make the link between the certs and web server stronger to fix this: I'm thinking certs using HTTP validation can Require the relevant web server * I totally forgot that we had a discussion about this a while ago 😅 tl;dr we could add a target for http01 renewal specifically. The web servers can be configured to requiredBy + before on it, and the renewals can require + after. This gives us a generic mechanism of linking whatever web server is running on port 80 to the certs using HTTP01. | 12:41:42 |
|  @stablejoy:matrix.org left the room. | 13:25:10 |
|  allrealmsoflife joined the room. | 15:55:13 |
| 27 Dec 2024 |
|  raitobezarius changed their display name from raitobezarius to raitobezarius (DECT: 3538 / EPVPN 2681). | 07:32:42 |
| 30 Dec 2024 |
| raitobezarius changed their display name from raitobezarius (DECT: 3538 / EPVPN 2681) to raitobezarius. | 16:28:56 |
| 31 Dec 2024 |
 K900 | I don't know what's up with that | 07:24:05 |
| K900 | If there was a change or it's just unlucky | 07:24:12 |
| K900 | But it feels like the tests are flakier now again | 07:24:20 |
| 1 Jan 2025 |
|  NixOS Moderation Botchanged room power levels. | 14:26:30 |
| 12 Jan 2025 |
|  Rayane Nakib (ريّان نقيب) joined the room. | 12:39:36 |
| 19 Jan 2025 |
| K900 | OK we need to do something | 08:50:49 |
| K900 | The tests are flaking horribly again | 08:50:53 |
| K900 | @m1c | 08:50:56 |
| K900 | @m1cr0man @ThinkChaos ideas? | 08:51:02 |
| K900 | https://hydra.nixos.org/build/285640256/nixlog/3 | 08:56:42 |
| K900 | That's another new failure mode I think | 08:56:46 |
| K900 | Oh god | 09:15:06 |
| K900 | It's hitting the systemd service restart limit | 09:15:10 |
| K900 | https://github.com/NixOS/nixpkgs/pull/374984 | 09:20:23 |
| m1cr0man | ugh | 12:06:23 |
| K900 | There's more nonsense though | 12:07:56 |
| K900 | But it's funny how presumably the systemd update just makes it too fast now | 12:08:08 |
| m1cr0man | Is there a way for me to get notified on every hydra failure of the test? | 12:26:40 |
| K900 | No | 12:27:05 |
| m1cr0man | What annoys me the most is that in practice the module is stable, yet the test suite is forever flaking on things that I would expect to break in the wild also. I think at this point I need to rewrite the whole thing, and deeply analyze all the systemd service relation chains. | 12:42:49 |
| m1cr0man | I might break the test suite up by web server, and factor out all that code which generates a test suite for each one into its own file. That should allow the test to be further paralleled, and allow isolation of failures | 14:25:50 |
