| 16 Mar 2023 |
 Mic92 | I guess if you want to get the green mark than an account is required. | 13:41:44 |
 @brian:bmcgee.ie | Which is why I figure it makes sense to have a nix-community bot profile rather than creating one for each repo potentially | 13:41:48 |
| @brian:bmcgee.ie | with an org wide bot gpg key that can be dropped in if you need signed commits | 13:42:08 |
| Mic92 | Well, than this bot also would need to be a contributor potentially. But maybe not. | 13:42:20 |
| Mic92 | If we had to give than each repo also a github token, this would be not so nice from a security perspective since than every user could potentially use this. But I guess this might be not needed. | 13:43:01 |
| Mic92 | We would only have per project gpg keys | 13:43:45 |
| @brian:bmcgee.ie | I think that makes sense. Isolates the key to a project, but a common github profile for the bot | 13:44:24 |
| @brian:bmcgee.ie | if you need a key ask an admin to drop in a new gpg key on the bot account and then add that as a repo secret | 13:44:48 |
| @brian:bmcgee.ie | ? | 13:44:57 |
| Mic92 | I would probably automate this away with the terraform github provider. | 13:45:34 |
| Mic92 | if this is a feature there. | 13:45:44 |
| Mic92 | so that people would make a PR. | 13:45:54 |
| @brian:bmcgee.ie | even better | 13:46:04 |
| Mic92 | https://registry.terraform.io/providers/integrations/github/latest/docs/resources/user_gpg_key | 13:46:17 |
| Mic92 | That' looks easy enough. | 13:46:27 |
| Mic92 | make an issue here please: https://github.com/nix-community/infra/issues | 13:46:49 |
| @brian:bmcgee.ie | is there already a terraform setup for managing nix-community infra? | 13:46:51 |
| @brian:bmcgee.ie | Ah cool | 13:46:54 |
| Mic92 | yes, we have that for dns stuff | 13:47:03 |
| @brian:bmcgee.ie | https://github.com/nix-community/infra/issues/482 | 13:53:18 |
| Mic92 | BMG: mhm. One issue still. When we have one bot with multiple private keys than each private key would be still recognized as valid... | 13:56:09 |
| @brian:bmcgee.ie | 🤔 | 13:57:04 |
| Mic92 | So that means that if ethereum.nix commits could be still signed from a different's project gnupg keys. | 13:57:44 |
| Mic92 | We don't do a lot of background checks if someone wants to join this org. | 13:58:40 |
| @brian:bmcgee.ie | I can just create a dedicated github bot profile for now until this has had more time to shake out in the issue. | 13:58:45 |
| @brian:bmcgee.ie | Updated the issue with your concerns | 14:01:13 |
| 17 Mar 2023 |
 figsoda | do the hercules agents support recursive nix? | 15:06:37 |
| Mic92 | figsoda: at minium we would need to enable it in the nix build, I guess? Feel free to make a PR: https://github.com/nix-community/infra/blob/692240395447dc57594a39da42af2353e95041a3/roles/nix-daemon.nix#L7 | 18:24:21 |
| 20 Mar 2023 |
 adisbladis | In reply to @figsoda:matrix.org
do the hercules agents support recursive nix? We don't have recursive nix enabled | 05:34:18 |
|  @lotte:chir.rs changed their profile picture. | 21:08:28 |
