| 4 Aug 2025 |
 Vladimír Čunát | The links on that page are "generic". Lots of the stuff doesn't exist. | 13:37:12 |
| Vladimír Čunát | * The links on that page are "generic". Lots of the stuff intentionally doesn't exist. | 13:37:27 |
 hexa | graphical never, only minimal | 13:38:32 |
| Vladimír Čunát | Redacted or Malformed Event | 13:38:45 |
| hexa | frankly, I don't know why we have the trailing slash prefixes | 13:38:57 |
| Vladimír Čunát | Oops. I thought I was wrong. Let me repost. Maybe it's better to use links like https://releases.nixos.org/?prefix=nixos/25.05-small/ ? | 13:40:06 |
 Sandro | true, especially since the combined ISO | 13:40:27 |
 djacu | Sorry. By source of truth we meant that we don't want people to treat where the logo files are in the website as stable paths for linking. E.g. the Infra and Nixpkgs README files were previously linking to paths in the website to display the logo in the readme. The goal would be serving up the branding artifacts (currently just logos and branding guide PDF) to a location where we can use it for the website and repos can use it for their README | 15:33:51 |
 Jeremy Fleischman (jfly) | djacu, that makes sense! Pick the tech you want to use, and let us know how we can help. I imagine at the very least you'll need a DNS entry. Feel free to send us a PR (relevant code here), or just ask for help here. | 16:43:15 |
| Sandro | Is it just me or is hydra currently insanely slow? every request takes like 10s | 17:55:58 |
| hexa | https://grafana.nixos.org/d/fejx5cl0i0s1sb/anubis?orgId=1&from=now-24h&to=now&timezone=utc&var-site=hydra.nixos.org:9001&viewPanel=panel-3 | 18:08:36 |
| hexa | Can take a look in 30m | 18:08:53 |
| Sandro | hmmm, so someone or something is doing lots of load currently... | 18:20:40 |
|  @paperdigits:matrix.org left the room. | 18:25:20 |
| hexa | 700+ source addresses hammering out over 2.7million requests | 18:48:01 |
| hexa | over 600k 429 responses | 18:48:06 |
| hexa | source seems to be tor, but there is an email address in the user-agent | 18:48:16 |
 @emma:rory.gay | personally i'd just throw up a few temporary iptables rules | 18:52:28 |
| hexa | yeah, I'm temporarily blocking tor exits | 18:53:12 |
| hexa | the requests stopped a minute after I sent the mail | 18:57:02 |
| hexa | also boo, we're still using iptables | 18:57:17 |
| 5 Aug 2025 |
| @emma:rory.gay | or youre using the nftables wrapper lol | 02:59:30 |
| hexa | the nixos default 🤷 | 03:00:29 |
| hexa | quite a bit of technical debt in there | 03:00:51 |
| @emma:rory.gay | yeah, thats the nftables wraper | 03:02:10 |
| @emma:rory.gay | iptables v1.8.11 (nf_tables) | 03:02:18 |
| @emma:rory.gay | glad that still exists because i have no clue how to manage nftables | 03:02:46 |
| hexa | systemd.services.nft-update-tor-exits = {
wantedBy = [ "nftables.service" ];
after = [ "nftables.service" ];
startAt = "hourly";
script = ''
curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?exit" | sed '/^#/d' | while read IP; do
nft add element inet filter torexits { $IP }
done
'';
path = with pkgs; [
curl
nftables
];
};
| 03:10:29 |
| hexa | set torexits {
type ipv4_addr;
flags dynamic, timeout;
timeout 6h;
}
| 03:11:00 |
| hexa | basically you can create a datatype, e.g. a set | 03:11:06 |
