| 24 Sep 2025 |
|  waltmck joined the room. | 18:41:00 |
| waltmck | Hey everyone! nixos-apple-silicon is looking to move to a full kernel, which would simplify things and solve many open bugs but brings the build time from about 20 minutes to 2 hours on my MacBook Air. nixpkgs does not allow vendor kernels, so we are looking for an alternative cache.
Unfortunately, it looks like the nix-communitybuilder builds arbitrary untrusted derivations from PRs, which most of the nixos-apple-silicon maintainers find unacceptable in light of the recent Nix CVE's. How are other projects handling this? Are you just using the nix-community cache or self-hosting your own builders, or something else?
| 18:54:29 |
| waltmck | * Hey everyone! nixos-apple-silicon is looking to move to a full kernel, which would simplify things and solve many open bugs but brings the build time from about 20 minutes to 2 hours on my MacBook Air. nixpkgs does not allow vendor kernels, so we are looking for an alternative cache.
Unfortunately, it looks like the nix-community builder builds arbitrary untrusted derivations from PRs, which most of the nixos-apple-silicon maintainers find unacceptable in light of the recent Nix CVE's. How are other projects handling this? Are you just using the nix-community cache or self-hosting your own builders, or something else?
| 18:54:53 |
 Jonas Chevalier | The best I can think of is to use the namespace.so GitHub Action builders they are gracefully providing to nix-community, and then push to your own Cachix cache. Hopefully it takes less than 2h to build on their hardware but worth trying out to find out. | 21:12:43 |
| Jonas Chevalier | Otherwise, help us secure and bring the Nix builders up to a level that makes you happy, that would be pretty awesome too. | 21:13:44 |
| 25 Sep 2025 |
|  nyanbinary 🏳️⚧️ removed their profile picture. | 16:30:49 |
| nyanbinary 🏳️⚧️ set a profile picture. | 16:35:19 |
 SomeoneSerge (back on matrix) | Hydra question: when using services.hydra.buildMachinesFiles, does one need to explicitly specify localhost as a builder for hydra to scedule some builds on it? | 22:57:39 |
|  pluie (leah c.) joined the room. | 23:14:21 |
| 26 Sep 2025 |
| waltmck | Thanks! | 01:21:57 |
|  teanyth joined the room. | 09:07:54 |
|  Yureka (she/her) joined the room. | 09:58:09 |
| Yureka (she/her) | Do we have any custom profiles on the namespace.so plan? I'm thinking of adding the ~/.cache/nix to their caching solution to speed up no-rebuild runs | 12:40:04 |
| Jonas Chevalier | Not sure. We have a the equivalent of the "Team" plan (see https://namespace.so/pricing ) | 13:48:23 |
| Yureka (she/her) | The profiles need to be configured in the namespace.so dashboard: https://namespace.so/docs/solutions/github-actions#configure-your-runners | 13:54:26 |
 Mic92 | we did this in nix-eval-jobs for a while until I switched it back to nix-eval-jobs | 14:41:15 |
| Mic92 | but you might be still able to see this in the history | 14:41:23 |
| Mic92 | yes, localhost is not included by default. | 14:41:52 |
| Mic92 | zowoq: I hope my latest PR no longer reveal any surprises, tested it in two buildbot servers: https://github.com/nix-community/buildbot-nix/pull/515#event-19945865657 should make restarting failed builds way faster. | 14:45:38 |
| Mic92 | I would do another release after that. | 14:45:50 |
 Austin Horstman | Really appreciate the change to linking to the last known log of a cached error btw. Much appreciated | 15:17:58 |
| Austin Horstman | Hated having to manually trace back to the associated build and finding the log for that particular failure | 15:18:24 |
| Mic92 | cached builds are now disabled by default in buildbot-nix, but not in nix-community? | 15:38:26 |
| Mic92 | * cached builds are now disabled by default in buildbot-nix, but not in nix-community. | 15:38:30 |
| Mic92 | Same. Just never took the time to fix it. | 15:38:58 |
|  @aidalgol:tchncs.de left the room. | 18:36:41 |
| @aidalgol:tchncs.de joined the room. | 18:39:37 |
| Yureka (she/her) | https://github.com/nix-community/nixos-apple-silicon/actions/runs/18046802271 | 19:01:03 |
| Yureka (she/her) |
nscloud-cache-action requires a cache volume to be configured. Please enable Caching in your runner profile.
| 19:01:16 |
| Yureka (she/her) | This is why I asked about profiles | 19:01:21 |
