| 18 Oct 2022 |
 @adis:blad.is | I just don't understand why the drvs aren't too | 00:13:15 |
 terwiz | We added $DRV_PATH in addition to $OUT_PATHS to copy-closure command in our hydra post-build script to accomplish that. | 07:32:51 |
 ivan | if I run Hydra with store_uri = auto and it puts packages into my local /nix, how do I get my packages to be signed? (without running nix store sign --all -k /var/secrets/nix/secret_key myself later?) | 17:20:32 |
 @linus:schreibt.jetzt | ivan: set secret-key-files = /var/secrets/nix/secret_key in nix.conf to get all paths built by Nix on that machine signed, or in the store_uri setting (?secret-key-files=/var/secrets/nix/secret_key) for hydra if you only want hydra stuff signed | 17:22:01 |
| ivan | I tried the deprecated binary_cache_secret_key_file = /var/secrets/nix/secret_key in Hydra and I'm not sure it did anything because some things still weren't signed | 17:22:14 |
| @linus:schreibt.jetzt | I think hydra needs read access to the file in the latter case | 17:22:18 |
| ivan | ok, will try, thank you | 17:22:20 |
| ivan | the secret-key-files = /var/secrets/nix/secret_key on Nix I already had, but I also have Hydra build on two other machines with different keys | 17:29:27 |
| ivan | store_uri = auto?secret-key-files=/var/secrets/nix/secret_key on Hydra shows hydra-queue-runner[1656728]: warning: unknown setting 'secret-key-files' | 17:30:03 |
| ivan | maybe secret-key | 17:30:42 |
| ivan | hydra-queue-runner[2330954]: warning: unknown setting 'secret-key' | 17:32:23 |
| ivan | I guess it's not really supported until something like https://github.com/NixOS/hydra/pull/829 is merged | 17:34:43 |
| ivan | I'll try using nix-serve-ng instead of SSH substituters | 17:37:05 |
 ajs124 | In reply to @ivank:matrix.org
I'll try using nix-serve-ng instead of SSH substituters you can also try harmonia or eris | 17:43:33 |
| ivan | yep, thanks | 17:45:04 |
| ivan | the nix-serve module with package = pkgs.haskellPackages.nix-serve-ng; seems to be working well | 17:56:04 |
| ivan | or not, I guess nix-serve-ng sometimes crashes when requesting something that doesn't exist. https://gist.github.com/ivan/25faf249a5d2efa61332dd1df26eed34 | 18:25:55 |
| ivan | Redacted or Malformed Event | 18:26:08 |
| ivan | * or not, I guess nix-serve-ng sometimes crashes when requesting something that doesn't exist. https://gist.github.com/ivan/25faf249a5d2efa61332dd1df26eed34
(actually possibly my problem because nix-serve also has issues connecting to daemon) | 18:41:36 |
| ivan | * ~~I'll use harmonia or eris...~~ | 18:41:43 |
| ivan | * I'll use harmonia or eris... | 18:41:47 |
| ajs124 | maybe we should have a separate channel for "software serving a nix store over http", where we can talk about all those.
or maybe just a "binary cache stuff" channel. | 19:06:45 |
| ivan | * or not, I guess nix-serve-ng sometimes crashes when requesting something that doesn't exist. https://gist.github.com/ivan/25faf249a5d2efa61332dd1df26eed34
(actually possibly my problem because nix-serve also has issues connecting to daemon. yeah, nix-daemon[3785473]: error: error processing connection: user '62540' is not allowed to connect to the Nix daemon so I'll go deal with that)
| 19:13:51 |
| ivan | It's all finally working with nix.settings.allowed-users = [ "@nix-serve" ]; because thankfully the group isn't dynamic | 19:29:42 |
| 19 Oct 2022 |
|  hxliew joined the room. | 15:04:42 |
| 20 Oct 2022 |
|  @rferris:matrix.org joined the room. | 02:53:59 |
|  @leons:is.currently.online left the room. | 13:03:59 |
| 23 Oct 2022 |
|  r-burns changed their display name from Ryan Burns to r-burns. | 19:48:40 |
| 24 Oct 2022 |
|  @chris:mkaito.net left the room. | 08:02:07 |
| 25 Oct 2022 |
|  jkarni joined the room. | 12:41:14 |
