| 8 Feb 2026 |
 raitobezarius | That being said, after the hard packaging (eBPF) problems are fixed, integrating nsresourced in the sandbox is fairly easy; what is not easy is to stabilize cgroups
Stabilizing UID range without cgroups is probably a bad idea albeit possible because killing process tree in Linux without cgroups is annoyingly hard, so there would be an increase of deadlocked builds if they don't terminate well in the sandbox because process group killing is well not that good | 21:45:14 |
|  Kierán joined the room. | 21:45:57 |
| raitobezarius | Obviously macOS is its own open question as it does not enjoy clear system APIs to get ranges of UIDs locked properly, but that's not my department :D | 21:46:12 |
| raitobezarius | out of completeness, artemist did the work for CppNix: https://github.com/NixOS/nix/pull/15103 | 21:57:42 |
| raitobezarius | (but i think their intent behind this is unprivileged nix-daemons) | 21:58:07 |
| 9 Feb 2026 |
|  tfc joined the room. | 00:18:36 |
|  Ivan Mincik (imincik) changed their profile picture. | 06:05:39 |
 K900 | Running an unstable-small eval for kernel 6.19 | 08:17:53 |
| K900 | @hexa (signing key rotation when) channel update failed, can you poke it? | 09:49:51 |
 hexa (signing key rotation when) | Hm? | 09:50:37 |
| K900 | update-nixos-unstable-small.service | 09:50:45 |
| K900 | Not sure why it failed | 09:50:48 |
| hexa (signing key rotation when) | And yet no alert | 09:51:17 |
| hexa (signing key rotation when) | Give me a minute | 09:51:33 |
| K900 | Maybe not processed yet | 09:51:42 |
| K900 | I'm just looking at grafana | 09:51:48 |
| hexa (signing key rotation when) | To https://github.com/NixOS/nixpkgs.git
! [remote rejected] 69ecaffa7deb4daa5a83cb813f8251665e3af93e -> nixos-unstable-small (Internal Server Error)
error: failed to push some refs to 'https://github.com/NixOS/nixpkgs.git'
Command failed with code (1) errno (0).
| 09:53:33 |
| hexa (signing key rotation when) | it went through | 09:54:17 |
| K900 | Huh | 09:56:06 |
| hexa (signing key rotation when) | after the restart | 09:56:28 |
| K900 | Oh | 09:56:32 |
| K900 | I thought it said internal error and went through anyway | 09:56:41 |
| K900 | https://www.githubstatus.com/incidents/ffz2k716tlhx | 10:03:32 |
| K900 | Github is on fire | 10:03:34 |
| K900 | AGAIN. | 10:03:36 |
 sinan | monitoring the situation 🍿 | 11:54:02 |
| 10 Feb 2026 |
 dgrig | At some point in the past, a budget for https://tracker.security.nixos.org/ was approved by the foundation and the security tracker was deployed on a Hetzner Cloud project. We're still way below the budget limit, but we want to increase the size of the hosts (staging and prod) soon which will increase the cost and make it comparable to getting a dedicated host in Hetzner (for way more performance/€).
Is there a reason we should stay in Hetzner Cloud instead of getting a dedi? I vaguely remember someone (no idea who) saying back in late 2024 that Hetzner Cloud was easier to provision in terms of billing/permissions for the foundation and the infra team. Is this still true and a concern?
| 10:57:18 |
 vcunat | We do have dedicated Hetzner machines already (and added titan machine recently), so I wouldn't expect issues really. | 11:11:22 |
 Bot_wxt1221 | 
Download 图像.png | 11:29:19 |
| Bot_wxt1221 | nixos wiki has something strange happened. | 11:29:28 |
