Hydra - Public Room Timeline

	Hydra	385 Members
		109 Servers

Load older messages

Sender	Message	Time
10 Jul 2023
das_j	In reply to @hacker1024:matrix.org Thanks. But what is the purpose of printing it at build time? Take [this one](https://github.com/dhess/pinpon/tree/f4f984f3a45e4239914c912f489fd37110b65d45/nix/jobsets), for example - the input in spec.json is just the repository. I guess debug things	08:16:21
das_j	Btw if you try hard enough, you don't even need nixpkgs in your declarative spec: https://git.helsinki.tools/helsinki-systems/hydra-nixos/-/blob/master/default.nix#L44	08:18:02
das_j	* Btw if you try hard enough, you don't even need nixpkgs in your declarative spec: https://git.helsinki.tools/helsinki-systems/hydra-nixos/-/blob/master/default.nix#L44 - makes it nicer imo because you don't have to fetch/update nixpkgs every time	08:18:34
hacker1024	Thanks, that's pretty cool. Another question: Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view output hashes or access our binary cache.	23:17:17
hacker1024	* Thanks, that's pretty cool. Another question: Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view build logs or output hashes or access our binary cache.	23:17:38
hacker1024	* Thanks, that's pretty cool. Another question: Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view build logs or output hashes, or access our binary cache.	23:17:44
11 Jul 2023
hacker1024	How can I stop Hydra from serving my whole system Nix store as a binary cache? I have the following line in my config, but it seems to have no effect at all. `store_uri = file:///var/cache/hydra/nar-cache?secret-key=/path/to/key&want-mass-query=true&compression=zstd&parallel-compression=true`	13:25:53
ajs124	I think the answer to both those questions is using a reverse proxy in front of it	13:44:32
hacker1024	I've got Caddy set up doing basic auth, but I don't see how I could use that to only serve the specific derivations I'm building in Hydra (excluding other things I have installed in my system)?	13:45:47
ajs124	ah, I assumed you'd just want to block access to the binary-cache altogether	13:47:24
hacker1024	Actually, upon futher inspection, I think I can see why my `store_uri` is not working: Jul 11 23:46:29 ulna hydra-queue-runner[6168]: copying path '/nix/store/7bkh0cf19p465g7xx61azjz41j0s75wk-xgcc-12.3.0-libgcc' (148784 bytes, compressed 66.6% in 1 ms) to binary cache Jul 11 23:46:29 ulna hydra-queue-runner[6168]: error (ignored): error: cannot unlink '/var/cache/hydra/nar-cache/nar/03wkk6rg44cqkvwnam72zhp3npx4adkq9cf7ylh0i0mpwdyabb5k.nar.zst.tmp.6168.2310': No such file or directory Jul 11 23:46:29 ulna hydra-queue-runner[6168]: while copying/substituting output ‘/nix/store/x19damrys2xs84sl9wk0h5ff5vyg6mjh-libiec61883-1.2.0’ of ‘/nix/store/ypxw5dxdcp8i0626byimgckldy686apr-libiec61883-1.2.0.drv’: error: opening file '/var/cache/hydra/nar-cache/nar/03wkk6rg44cqkvwnam72zhp3npx4adkq9cf7ylh0i0mpwdyabb5k.nar.zst.tmp.6168.2310': Permission denied I don't understand why this is happening, though - `/var/cache/hydra/nar-cache/nar` exists and is owned by the `hydra` user and group.	13:48:16
hacker1024	Ah. `hydra-queue-runner` runs as the `hydra-queue-runner` user.	13:49:37
hacker1024	* Ah. `hydra-queue-runner` runs as the `hydra-queue-runner` user, and the directory only has group read permissions.	13:52:55
hacker1024	Hmm. Now the store path is working for building, but my main store still seems to be getting served as a binary cache.	14:06:57
magic_rb	is it possible to override an input inside hydra? or is that not a thing	19:10:23
12 Jul 2023
hacker1024	What do you mean by override? Inputs are just paths.	08:21:33
@linus:schreibt.jetzt	In reply to @magic_rb:matrix.redalder.org is it possible to override an input inside hydra? or is that not a thing if you mean flake inputs, currently no. I want it and intend to implement it at some point though.	08:22:20
@linus:schreibt.jetzt	I implemented this as part of the work on it: https://github.com/NixOS/nix/pull/8042	08:22:46
@linus:schreibt.jetzt	* ElvishJerricco and I implemented this as part of the work on it: https://github.com/NixOS/nix/pull/8042	08:23:09
magic_rb	yeah, i need to override a certain input which points at a folder which isnt present on the hydra machine	08:23:21
magic_rb	its how i do semi secret things like ips, dhcp ranges and wireguard configuration	08:23:48
hacker1024	I am trying to build x86_64 packages on aarch64 using QEMU + binfmt_misc, but evaluation keeps failing. Jul 12 21:48:56 hydra-evaluator[16842]: (project:job) Evaluating... Jul 12 21:49:07 hydra-evaluator[16842]: hydra-eval-jobs returned exit code 1: Jul 12 21:49:07 hydra-evaluator[16842]: warning: unknown setting 'allowed-users' Jul 12 21:49:07 hydra-evaluator[16842]: warning: unknown setting 'trusted-users' Jul 12 21:49:07 hydra-evaluator[16842]: Collecting from unknown thread Jul 12 21:49:07 hydra-evaluator[16842]: child process (16944) killed by signal=6 Jul 12 21:49:07 hydra-evaluator[16842]: error: unexpected EOF reading a line Has anyone seen this before?	11:50:58
K900 (deprecated)	It's probably QEMU being QEMU	11:54:31
K900 (deprecated)	It's far from perfect	11:54:35
K900 (deprecated)	Especially when it comes to obscure x86 stuff	11:54:40
hacker1024	To be honest, I'm not even sure that it's getting to the stage where it needs QEMU	11:54:56
hacker1024	I don't know how to work out what process is crashing as the PID is only logged when it dies	11:55:18
hacker1024	QEMU seems to be running normally outside of Hydra, I can launch x86_64 binaries without any issues	11:56:07
magic_rb	strace the hydra process and filter to execve	12:34:23
magic_rb	thatll tel you hacker1024:	12:34:35

Show newer messages

Back to Room ListRoom Version: 6