Sender | Message | Time |
---|---|---|
11 Oct 2024 | ||
emily | though I don't know how the finances work at all :) | 06:39:44 |
emily | In reply to @vcunat:matrix.orgI think we should do whatever you think is best for Hydra out of trying an existing AArch64 machine and getting an EPYC to try. | 06:40:24 |
emily | (without consideration of the costs, since they seem trivial compared to the potential benefit) | 06:40:42 |
vcunat | Keeping it at x86 seems better in our current situation (less risks/complications). | 06:53:55 |
vcunat | We might consider splitting it up. At least the queue-runner away from the public web (hydra.nixos.org). I don't feel too comfortable having the signing keys on same machine as a public web. I think these only communicate through the DB which is on a separate machine already. | 06:55:56 |
fricklerhandwerk | In reply to @joerg:thalheim.io http://sectracker.nixpkgs.lahfa.xyz/ Config here: https://github.com/Nix-Security-WG/nix-security-tracker/tree/main/staging | 07:28:08 |
GaƩtan Lepage | Redacted or Malformed Event | 07:30:30 |
fricklerhandwerk | In reply to @emilazy:matrix.orgThe infra team can get expenses reimbursed out of the foundation's regular budget. The problem is that in the past there was no process to do anything else. tomberek and I have been pushing to have discretionary budgets for teams, but there needs to be someone on the other end to make those decisions. | 07:30:34 |
emily | gotcha | 07:33:51 |
emily | In reply to @vcunat:matrix.orgmaybe the website could continue being on the x86 server? | 07:34:24 |
emily | or, right, the idea was to upgrade the x86 | 07:34:39 |
emily | then maybe the site could move to one of the AArch64 boxes? :) | 07:34:48 |
emily | btw, maybe should upgrade Hydra's Nix to 2.24 if it's moving to a new server anyway. since Hydra supports it now and it would solve that Nix bug that didn't get a fix backported because of only 2.18 and 2.24 being supported versions. | 07:51:44 |
Mic92 | In reply to @emilazy:matrix.orgYes. that was the plan. We recently fixed 2.24 support in hydra. | 07:59:38 |
Mic92 | In reply to @fricklerhandwerk:matrix.orgok. Seems to be down just now. | 07:59:56 |
emily | (btw I never realized that the cache signing key is on the machine that hosts the hydra.nixos.org site) | 08:00:49 |
emily | (that terrifies me) | 08:00:52 |
emily | (strong support for any plan that fixes that) | 08:01:35 |
fricklerhandwerk | In reply to @joerg:thalheim.ioYeah we're debugging it, there's some weird Django issues where some stupid script hangs itself to death | 08:04:49 |
dgrig | In reply to @joerg:thalheim.ioI'm catching up with the channel now, for some reason Element didn't ping me about this mention (maybe because it was capitalized). Just want to point out that what fricklerhandwerk linked too is also Raito's work, don't want to take credit for it. At this point I'm not sure what's the best way to move forward, since it seems that Raito has already done a lot of the work needed to deploy this properly? | 08:05:26 |
fricklerhandwerk | Mic92: back online | 08:06:32 |
Mic92 | What is your expected update cadence? | 08:06:41 |
Mic92 | dgrig: what is blocking you specifically? | 08:07:55 |
dgrig | In reply to @joerg:thalheim.ioI don't have a "blocker" per se from the nixos infra team. I've been experimenting locally with the security tracker and some other software that fricklerhandwerk wants deployed in an official namespace and manner. On the security tracker front I have some thing to figure out still, but for others (say Odoo if it's ok for us in the end) I want to sync with someone at some point on how we best want it deployed (i.e. does it belong on the non-critical infra, how do we want to backup the database, etc). | 08:21:11 |
Mic92 | Sure. Do Thursday, 18:00 CEST the next week work for you? | 08:23:58 |
Mic92 | * Sure. Does Thursday, 18:00 CEST the next week work for you? | 08:24:09 |