| 29 Jun 2023 |
 toonn | I'm not sure if there is anything. But splitting a single derivation into multiple would work everywhere. I'm not entirely sure why Nixpkgs errs on the side of more monolithic derivations. | 12:32:29 |
 cransom | if you were super big on always adding gcroots, you could add a postbuildhook that would add a root for every build you had.
postBuildHook = pkgs.writeScript "nix-copy-paths" ''
export IFS=' '
mkdir -p /nix/var/nix/gcroots/nixcache
for path in $OUT_PATHS; do
nix-store --add-root /nix/var/nix/gcroots/nixcache/$(basename $path) -r $path
done
'';
| 15:48:02 |
| cransom | that's a nix postbuildhook, apart from hydra. | 15:48:15 |
| 30 Jun 2023 |
 Sandro | I would need to clean them up manually, right? | 01:48:04 |
|  fabaff joined the room. | 14:22:47 |
| 1 Jul 2023 |
|  @lotte:chir.rs changed their profile picture. | 09:47:24 |
| 3 Jul 2023 |
|  Nate joined the room. | 18:01:50 |
| 4 Jul 2023 |
|  @tomh:riotchat.de left the room. | 14:26:16 |
| 5 Jul 2023 |
|  @rimuru:gentoo.chat changed their profile picture. | 14:20:06 |
|  AtnNn joined the room. | 18:19:58 |
| 6 Jul 2023 |
|  Hayley joined the room. | 20:16:47 |
| 7 Jul 2023 |
| @lotte:chir.rs changed their profile picture. | 05:36:35 |
| 8 Jul 2023 |
|  d3routr joined the room. | 13:59:18 |
|  @easel:matrix.org joined the room. | 16:30:14 |
| 9 Jul 2023 |
|  hacker1024 joined the room. | 10:53:38 |
| hacker1024 | Hi all, I am trying to make a declarative project. I am trying to wrap my head around the declInput argument. Why do so many projects cat it? | 10:57:41 |
| 10 Jul 2023 |
 das_j | In reply to @hacker1024:matrix.org
Hi all, I am trying to make a declarative project. I am trying to wrap my head around the declInput argument. Why do so many projects cat it? Depends on what your declInput is. For me it's usually a git repo so it's not cat-table | 06:58:58 |
| das_j | declInput is what you configure in the "Declarative input type" in the project settings | 06:59:27 |
| hacker1024 | Thanks. But what is the purpose of printing it at build time? Take [this one](https://github.com/dhess/pinpon/tree/f4f984f3a45e4239914c912f489fd37110b65d45/nix/jobsets), for example - the input in spec.json is just the repository. | 07:25:21 |
| das_j | In reply to @hacker1024:matrix.org
Thanks. But what is the purpose of printing it at build time? Take [this one](https://github.com/dhess/pinpon/tree/f4f984f3a45e4239914c912f489fd37110b65d45/nix/jobsets), for example - the input in spec.json is just the repository. I guess debug things | 08:16:21 |
| das_j | Btw if you try hard enough, you don't even need nixpkgs in your declarative spec: https://git.helsinki.tools/helsinki-systems/hydra-nixos/-/blob/master/default.nix#L44 | 08:18:02 |
| das_j | * Btw if you try hard enough, you don't even need nixpkgs in your declarative spec: https://git.helsinki.tools/helsinki-systems/hydra-nixos/-/blob/master/default.nix#L44 - makes it nicer imo because you don't have to fetch/update nixpkgs every time | 08:18:34 |
| hacker1024 | Thanks, that's pretty cool. Another question:
Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view output hashes or access our binary cache. | 23:17:17 |
| hacker1024 | * Thanks, that's pretty cool. Another question:
Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view build logs or output hashes or access our binary cache. | 23:17:38 |
| hacker1024 | * Thanks, that's pretty cool. Another question:
Does Hydra have a way to limit all access to logged in users, or do I need to set up a reverse proxy with authentication? In particular I do not want anyone to be able to view build logs or output hashes, or access our binary cache. | 23:17:44 |
| 11 Jul 2023 |
| hacker1024 | How can I stop Hydra from serving my whole system Nix store as a binary cache? I have the following line in my config, but it seems to have no effect at all.
store_uri = file:///var/cache/hydra/nar-cache?secret-key=/path/to/key&want-mass-query=true&compression=zstd¶llel-compression=true
| 13:25:53 |
 ajs124 | I think the answer to both those questions is using a reverse proxy in front of it | 13:44:32 |
| hacker1024 | I've got Caddy set up doing basic auth, but I don't see how I could use that to only serve the specific derivations I'm building in Hydra (excluding other things I have installed in my system)? | 13:45:47 |
| ajs124 | ah, I assumed you'd just want to block access to the binary-cache altogether | 13:47:24 |
| hacker1024 | Actually, upon futher inspection, I think I can see why my store_uri is not working:
Jul 11 23:46:29 ulna hydra-queue-runner[6168]: copying path '/nix/store/7bkh0cf19p465g7xx61azjz41j0s75wk-xgcc-12.3.0-libgcc' (148784 bytes, compressed 66.6% in 1 ms) to binary cache
Jul 11 23:46:29 ulna hydra-queue-runner[6168]: error (ignored): error: cannot unlink '/var/cache/hydra/nar-cache/nar/03wkk6rg44cqkvwnam72zhp3npx4adkq9cf7ylh0i0mpwdyabb5k.nar.zst.tmp.6168.2310': No such file or directory
Jul 11 23:46:29 ulna hydra-queue-runner[6168]: while copying/substituting output ‘/nix/store/x19damrys2xs84sl9wk0h5ff5vyg6mjh-libiec61883-1.2.0’ of ‘/nix/store/ypxw5dxdcp8i0626byimgckldy686apr-libiec61883-1.2.0.drv’: error: opening file '/var/cache/hydra/nar-cache/nar/03wkk6rg44cqkvwnam72zhp3npx4adkq9cf7ylh0i0mpwdyabb5k.nar.zst.tmp.6168.2310': Permission denied
I don't understand why this is happening, though - /var/cache/hydra/nar-cache/nar exists and is owned by the hydra user and group.
| 13:48:16 |
