| 2 Dec 2022 |
 @ask-yourself:matrix.org | But after that they were not sure where to go. They said it wasn't an eval issue, so I thought maybe it's Colmena? Not sure. | 12:45:13 |
| @ask-yourself:matrix.org | * inherit (config.lib.formats.rasi) mkLiteral;
| 12:45:29 |
 Wanja Hentze | In reply to @zhaofeng:zhaofeng.li
Have you tried `--evaluator streaming`? It makes evaluation actually parallel using nix-eval-jobs. It's not the default yet but may be soon yes, actually that's what made us move from morph to colmena | 13:42:23 |
| Wanja Hentze | brought down eval time from several minutes to a little over one minute, so that's great :) | 13:42:43 |
| Wanja Hentze | what also helped: using disabledModules extensively to blacklist things that we never use | 13:44:44 |
| Wanja Hentze | the streaming evaluator also brought down RAM usage from ~40GB to a little under 10 | 13:45:17 |
 Linux Hackerman | In reply to @ask-yourself:matrix.org
In the NixOS server the had me run nix store verify --all, which outputted:
.dotfiles on main [!?] ⊥ nix store verify --all
path '/nix/store/4nhcx0ndfa374cgvi6x9sg73prmxmc04-publicsuffix-list-2021-09-03' is untrusted
path '/nix/store/y1hybm8h1kln0hg06c42m4g1wsblc0ig-freefont-ttf-20120503' is untrusted
path '/nix/store/ah9gyp7rxak9ig2q829myn6172jn302f-hack-font-3.003' is untrusted
path '/nix/store/dbn507rrsmgmdxwknhb3554nmkl0kvgi-gyre-fonts-2.005' is untrusted
path '/nix/store/jcqky5xbknabz7wn5p90qk0g9s031yzb-nixos-22.05.2764.0ba2543f8c8' is untrusted
That means the path isn't signed by a key listed in trusted-public-keys | 13:52:19 |
| Linux Hackerman | if you deploy as root, you won't have this problem | 13:52:31 |
| Linux Hackerman | as is, you either need to make sure the machine you build on signs its paths (I wrote a little nixos module that does that https://github.com/NixOS/nix/issues/3023#issuecomment-781131502) and that the targets trust the key | 13:53:44 |
| Linux Hackerman | or add your deploy user to trusted-users, which is root-equivalent access | 13:54:03 |
| Linux Hackerman | Why don't you just deploy as root? | 13:54:26 |
| @ask-yourself:matrix.org | Thank you! | 14:00:02 |
| @ask-yourself:matrix.org | Yeah I accidentally removed this line while refactoring: trustedUsers = ["${user}"]; | 14:00:19 |
| @ask-yourself:matrix.org | What does it mean for a path to be untrusted? | 14:00:44 |
| @ask-yourself:matrix.org | * Thank you! Works now. | 14:01:03 |
| Linux Hackerman | In reply to @linus:schreibt.jetzt
That means the path isn't signed by a key listed in trusted-public-keys ^ this | 14:01:06 |
| @ask-yourself:matrix.org | Right ok. | 14:01:21 |
| Linux Hackerman | oh right, there are two more ways I can think of for a path to be trusted: being built locally, or being content-addressed (like the output of a fixed-output derivation) | 14:02:13 |
| @ask-yourself:matrix.org | The last is a bit over my head, but ok noted. | 14:10:16 |
| Linux Hackerman | That usually means that a file with a known hash was downloaded and verified to match the hash | 14:10:48 |
| @ask-yourself:matrix.org | Ohhhh. | 14:11:06 |
| @ask-yourself:matrix.org | Ok I see. | 14:11:10 |
| @ask-yourself:matrix.org | Yeah I've really gotta learn how all this stuff works, I currently don't know how the store works really. Gonna do a big doc-read sometime soon.. | 14:11:39 |
| 3 Dec 2022 |
|  hanemile changed their profile picture. | 22:48:13 |
| 4 Dec 2022 |
|  @happyalu:matrix.org joined the room. | 08:21:53 |
 Reventlov | Hey | 09:25:28 |
| Reventlov | So i'm trying to deploy a system on a node that has no internet access, and i'm getting weird errors from colmena : https://0x0.st/okwD.txt | 09:26:33 |
| Reventlov | there is no problem with the build, but as soon as I deploy, it tries to communicate with cache.nixos.org… I was under the impression that only my local machine was used for the build and that remote machines didn't need internet access unless I wanted to build on them, am i mistaken ? | 09:27:45 |
| hanemile changed their profile picture. | 11:13:41 |
| Reventlov | (seems it was --no-substitutes I was searching for) | 14:02:40 |
