| 27 Apr 2023 |
 CyntheticFox | In reply to @adtya:adtya.xyz
I've just noticed that all the symlinks created by home-manager are pointing to files in the store which are owned by root:root and are rwxrwxrwx. is that how it's supposed to be? shouldn't the files be owned by the respective user? I never noticed this before Nix is pretty much built on removing per-user restrictions (running user is a type of undefined build input), so home-manager inherits that property by being built on it (I think the linked files are rwxr-xr-x though). In general, if you're worried about other users modifying the data, the file would be considered "sensitive", so you'll have to try to encrypt it to be safe.
There are some tools like sops-nix that achieve this at an OS level in NixOS by encrypting the files and relying on external keys, but those keys need to be on an encrypted drive to be secure. Trying to achieve this at a user level typically is done by hooking into the system PAM modules to pass your login password to some secrets-manager like gnome-keyring or pass-secret-service, or using an encrypting filesystem like ecryptfs or however systemd-homed does it | 11:47:47 |
| CyntheticFox | I'm not sure though if there's any good NixOS module support for anything beyond unlocking gnome-keyring, but I also dont keep up with unstable very well | 11:49:33 |
 @adtya:adtya.xyz | I'm not worried about anyone else modifying the files. It's on my laptop and the disk is encrypted. it's just that seeing files in the user home directory owned by root seemed weird. it's not an issue though, since all these files are managed by home-manager so they won't be touched by anything else | 12:18:18 |
| @adtya:adtya.xyz | * I'm not worried about anyone else modifying the files. It's on my laptop and the disk is encrypted. it's just that seeing files in the user home directory owned by root seemed weird. it's not an issue either, since all these files are managed by home-manager so they won't be touched by anything else | 12:18:30 |
| @adtya:adtya.xyz | the only "secrets" that i have are the user passwords, though they're encrypted with git-crypt before pushing to git. all other secrets are read from gnome-keyring on runtime | 12:21:34 |
|  @eisfunke:eisfunke.com joined the room. | 15:21:32 |
| 28 Apr 2023 |
 figsoda | are the hercules agents down? | 14:42:35 |
| figsoda | I've retried a few times but workers are still failing https://hercules-ci.com/github/nix-community/nix-init/jobs/688 | 14:43:13 |
 Ilan Joselevich (Kranzes) | The agents are up. | 18:29:01 |
| Ilan Joselevich (Kranzes) | Not sure what's up with it, can you retry the job? | 18:29:30 |
| figsoda | I've retried a few times | 18:31:46 |
| figsoda | and this is not the only repository failing | 18:31:54 |
| figsoda | https://hercules-ci.com/github/nix-community/namaka
https://hercules-ci.com/github/nix-community/nurl | 18:32:52 |
| figsoda | including neovim-nightly-overlay which you are maintaining Ilan Joselevich (Kranzes) | 18:33:16 |
| figsoda | but that looks like it could be a different issue | 18:33:47 |
| Ilan Joselevich (Kranzes) | I was able to just restart the job on neovim nightly and it worked | 18:41:48 |
| Ilan Joselevich (Kranzes) | Maybe the agents need to be restarted i am not sure | 18:42:13 |
| Ilan Joselevich (Kranzes) | Robert might know about this more | 18:42:43 |
 Mic92 | figsoda: hercules on build02 was running and I also restarted it. | 18:43:39 |
| Mic92 | I also restarted your build | 18:44:01 |
| Ilan Joselevich (Kranzes) | You'll have to look into the error -11 in hci source code | 18:44:09 |
| Mic92 | oh you are right. | 18:44:33 |
| Mic92 | I get a (code=dumped, signal=SEGV) | 18:44:36 |
| Mic92 | mmap 4096 bytes at (nil): Cannot allocate memory | 18:44:58 |
| Mic92 | It seems to go out of memory | 18:45:03 |
| Mic92 | but there is memory free... | 18:45:12 |
| Ilan Joselevich (Kranzes) | I might know what's going on | 18:45:31 |
| Ilan Joselevich (Kranzes) | Where is the agent configuration | 18:46:07 |
| Mic92 | https://dl.thalheim.io/KnkWthhAXVtsP81lUr8ueg/foo.log | 18:46:30 |
| Mic92 | Too many eval threads? | 18:47:05 |
