| 31 Jan 2023 |
 Winter (she/her) | In reply to @m1cr0man:m1cr0man.com
Does that increase the ram for each node or for the encapsulating VM running the suite? There's no encapsulating VM. Each node is run as its own VM. | 01:07:43 |
 m1cr0man | Right I see, see I think the issue is that whatever the test suite is running on is running out of ram. | 01:08:21 |
| Winter (she/her) | let me poke the operator of that specific machine | 01:09:01 |
| m1cr0man | I already did that 103-run test a while ago and it was grand so I don't think the nodes are running out | 01:09:12 |
| m1cr0man | Alright thanks 🙂 lmk if there's something obvious | 01:09:37 |
| Winter (she/her) | poked them in #infra:nixos.org | 01:09:57 |
| m1cr0man | Actually is there system performance dashboards we can correlate against test failure? | 01:09:59 |
| Winter (she/her) | https://monitoring.nixos.org/grafana/ might have something | 01:10:41 |
| m1cr0man | Cool I'll check that out tomorrow | 01:11:05 |
| 2 Feb 2023 |
| Winter (she/her) | m1cr0man: Would you say the best way to guide users wrt DynamicUser services and permissions would be to have them set SupplementalGroups to whatever owns the given cert? | 15:18:49 |
| m1cr0man | Yep | 15:19:25 |
 hexa | https://hydra.nixos.org/build/207980199 acme 😄 | 17:44:04 |
| hexa | https://hydra.nixos.org/log/lbyjk7n05hk7s9mhccrh4h1jzs470lkl-vm-test-run-acme.drv | 17:44:29 |
| hexa | restarting | 17:44:32 |
 K900 | Saved the log to https://termbin.com/nrjp | 17:45:03 |
| hexa | thanks | 17:45:23 |
| hexa | probably as helpful as ever | 17:45:32 |
 raitobezarius | In reply to @winterqt:nixos.dev
m1cr0man: Would you say the best way to guide users wrt DynamicUser services and permissions would be to have them set SupplementalGroups to whatever owns the given cert? I personally do that | 17:58:55 |
| Winter (she/her) | In reply to@hexa:lossy.network
probably as helpful as ever you'd be right :) ``` | 22:42:18 |
| Winter (she/her) | In reply to@hexa:lossy.network
probably as helpful as ever * you'd be right :) webserver: waiting for unit acme-finished-http.example.test.target
Test "Can request certificate with Lego's built in web server" failed with error: "unit "acme-finished-http.example.test.target" is inactive and there are no pending jobs"
| 22:42:21 |
| hexa | In reply to @raitobezarius:matrix.org
I personally do that alternatively LoadCredentials=, but generally SupplementaryGroups= | 22:43:20 |
| hexa | hey and what about TemporaryFilesystem= and BindPath= | 22:46:40 |
| hexa | * hey and what about TemporaryFilesystem= and BindPaths= | 22:46:55 |
| hexa | choices! | 22:47:04 |
| hexa | * hey and what about TemporaryFilesystem= and BindReadOnlyPaths= | 22:47:58 |
| raitobezarius | can BindReadOnlyPaths work hexa | 23:40:14 |
| raitobezarius | I thought it was supposed to honor the classical permissions | 23:40:22 |
| raitobezarius | So even if you bind it, you cannot read it because it's not a+r or you're not in the group (or it's not g+r, whatever) | 23:40:42 |
| raitobezarius | Or am I confusing it with ReadOnlyPaths | 23:40:50 |
| hexa | I don't think you need extra permissions, when systemd provides the mount for the service | 23:49:16 |
