| 2 Dec 2022 |
 Wanja Hentze | brought down eval time from several minutes to a little over one minute, so that's great :) | 13:42:43 |
| Wanja Hentze | what also helped: using disabledModules extensively to blacklist things that we never use | 13:44:44 |
| Wanja Hentze | the streaming evaluator also brought down RAM usage from ~40GB to a little under 10 | 13:45:17 |
 Linux Hackerman | In reply to @ask-yourself:matrix.org
In the NixOS server the had me run nix store verify --all, which outputted:
.dotfiles on main [!?] ⊥ nix store verify --all
path '/nix/store/4nhcx0ndfa374cgvi6x9sg73prmxmc04-publicsuffix-list-2021-09-03' is untrusted
path '/nix/store/y1hybm8h1kln0hg06c42m4g1wsblc0ig-freefont-ttf-20120503' is untrusted
path '/nix/store/ah9gyp7rxak9ig2q829myn6172jn302f-hack-font-3.003' is untrusted
path '/nix/store/dbn507rrsmgmdxwknhb3554nmkl0kvgi-gyre-fonts-2.005' is untrusted
path '/nix/store/jcqky5xbknabz7wn5p90qk0g9s031yzb-nixos-22.05.2764.0ba2543f8c8' is untrusted
That means the path isn't signed by a key listed in trusted-public-keys | 13:52:19 |
| Linux Hackerman | if you deploy as root, you won't have this problem | 13:52:31 |
| Linux Hackerman | as is, you either need to make sure the machine you build on signs its paths (I wrote a little nixos module that does that https://github.com/NixOS/nix/issues/3023#issuecomment-781131502) and that the targets trust the key | 13:53:44 |
| Linux Hackerman | or add your deploy user to trusted-users, which is root-equivalent access | 13:54:03 |
| Linux Hackerman | Why don't you just deploy as root? | 13:54:26 |
 Ask Yourself🍉 | Thank you! | 14:00:02 |
| Ask Yourself🍉 | Yeah I accidentally removed this line while refactoring: trustedUsers = ["${user}"]; | 14:00:19 |
| Ask Yourself🍉 | What does it mean for a path to be untrusted? | 14:00:44 |
| Ask Yourself🍉 | * Thank you! Works now. | 14:01:03 |
| Linux Hackerman | In reply to @linus:schreibt.jetzt
That means the path isn't signed by a key listed in trusted-public-keys ^ this | 14:01:06 |
| Ask Yourself🍉 | Right ok. | 14:01:21 |
| Linux Hackerman | oh right, there are two more ways I can think of for a path to be trusted: being built locally, or being content-addressed (like the output of a fixed-output derivation) | 14:02:13 |
| Ask Yourself🍉 | The last is a bit over my head, but ok noted. | 14:10:16 |
| Linux Hackerman | That usually means that a file with a known hash was downloaded and verified to match the hash | 14:10:48 |
| Ask Yourself🍉 | Ohhhh. | 14:11:06 |
| Ask Yourself🍉 | Ok I see. | 14:11:10 |
| Ask Yourself🍉 | Yeah I've really gotta learn how all this stuff works, I currently don't know how the store works really. Gonna do a big doc-read sometime soon.. | 14:11:39 |
| 3 Dec 2022 |
|  hanemile changed their profile picture. | 22:48:13 |
| 4 Dec 2022 |
|  Alok Parlikar joined the room. | 08:21:53 |
 Rémy Grünblatt | Hey | 09:25:28 |
| Rémy Grünblatt | So i'm trying to deploy a system on a node that has no internet access, and i'm getting weird errors from colmena : https://0x0.st/okwD.txt | 09:26:33 |
| Rémy Grünblatt | there is no problem with the build, but as soon as I deploy, it tries to communicate with cache.nixos.org… I was under the impression that only my local machine was used for the build and that remote machines didn't need internet access unless I wanted to build on them, am i mistaken ? | 09:27:45 |
| hanemile changed their profile picture. | 11:13:41 |
| Rémy Grünblatt | (seems it was --no-substitutes I was searching for) | 14:02:40 |
|  CRTified (old handle) changed their display name from CRTified to CRTified (old handle). | 14:19:48 |
| 5 Dec 2022 |
|  luxus joined the room. | 01:22:47 |
| 6 Dec 2022 |
| CRTified (old handle) changed their profile picture. | 14:11:31 |
