| 21 Jan 2022 |
 kenran_ | Redacted or Malformed Event | 12:57:07 |
| kenran_ | In reply to @grahamc:nixos.org
Can you open a ticket for this? Sure; it's nixos-unstable though, does that make a difference? | 12:57:33 |
| kenran_ | In reply to @andreas.schraegle:helsinki-systems.de
feel free to ask about that here in case that's not properly documented or you run into any issues with it.
someone here should be familiar with the code. Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. | 12:58:24 |
| kenran_ | Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about `erisn though, I'll definitely have a look. | 13:00:42 |
| kenran_ | [First time in Matrix, somehow I keep clicking reply and then messing it up... sorry] | 13:01:17 |
| kenran_ | * Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about eris though, I'll definitely have a look. | 13:01:37 |
 @grahamc:nixos.org | In reply to @kenran_:matrix.org
Sure; it's nixos-unstable though, does that make a difference? Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. | 13:02:22 |
| kenran_ | In reply to @grahamc:nixos.org
Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. https://github.com/NixOS/hydra/issues/1128 | 13:19:37 |
| @grahamc:nixos.org | Thanks! | 13:20:02 |
| @grahamc:nixos.org | It occurs to me this test is not very good :). https://github.com/NixOS/hydra/blob/master/t/scripts/hydra-create-user.t | 13:33:12 |
| @grahamc:nixos.org | hum. no, the test is fine. the instructions are not. | 14:05:12 |
| @grahamc:nixos.org | [nix-shell:~/projects/github.com/NixOS/hydra]$ argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
foobar
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo -n foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$JPC5oN19OhwpmzRs98CUjA
| 14:08:25 |
| @grahamc:nixos.org | maybe there should be a --password-prompt option? | 14:10:52 |
| kenran_ | In reply to @kenran_:matrix.org
Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. Can I see somehow whether LDAP access is "enabled" for the hydra-server? I've added the variable HYDRA_LDAP_CONFIG pointing to the mentioned yaml file to my environment.variables, and then rebooted. Was that correct? | 14:14:01 |
| kenran_ | I still only see the "Sign in with a Hydra account" option, though that might just be the only one. Still getting "Bad username or password". | 14:16:45 |
 ajs124 | It's the same signin menu and same accounts. It just checks LDAP for auth and takes the groups from it and writes them to the database. | 14:22:38 |
 das_j | In reply to @andreas.schraegle:helsinki-systems.de
It's the same signin menu and same accounts. It just checks LDAP for auth and takes the groups from it and writes them to the database. To be more precise: You need to be in a group called hydra-user or hydra-admin | 14:23:14 |
| das_j | (or just hydra-admin?) | 14:23:31 |
| ajs124 | you do? | 14:23:35 |
| ajs124 | I only remember the substring thing, where it removes the first 6 characters (hydra-) from the groups it gets from LDAP 😬 | 14:25:03 |
| kenran_ | The manual describes those groups as hydra_admin with underscore instead of dash. Does that make a difference? | 15:07:48 |
| kenran_ | We can't get it to work, even though we've created the groups, but have to stop now. Do you have any tips on how to get actual feedback what went wrong? | 15:08:27 |
| das_j | Redacted or Malformed Event | 15:08:45 |
| @grahamc:nixos.org | I would be cautious about making the assumption that it'd work like that forever without it being documented as being a thing | 15:12:48 |
| @grahamc:nixos.org | especially since I think you just dropped a possibly CVE-worthy bug in chat | 15:14:10 |
| kenran_ | I don't think I'll get it to work without any debug output. I can't even tell if my connection to LDAP even works. | 15:19:13 |
| @grahamc:nixos.org | kenran_: https://github.com/NixOS/hydra/pull/1129 | 15:42:00 |
| @grahamc:nixos.org | and a follow-up: https://github.com/NixOS/hydra/pull/1130 | 15:42:43 |
| kenran_ | grahamc (he/him): nice, thanks! | 15:46:07 |
| @grahamc:nixos.org | yep! I'd hit something similar recently but thought I was doing it wrong | 15:46:20 |
