| 21 Jan 2022 |
 kenran_ | Yes exactly. I personally pull via SSH, so I guess I'd have to put some SSH key somewhere. | 10:09:25 |
| kenran_ | In reply to @janne.hess:helsinki-systems.de
This means that this git will pick up private keys in /var/lib/hydra/.ssh if they are owned by the hydra user Currently skimming https://github.com/NixOS/hydra/issues/555, which seems to go well with what you wrote. Thanks for clarifying who does the pull. | 10:09:57 |
| kenran_ | I found out I can eval the jobset interactively as said one linked issue further, which makes debugging easier :) | 10:10:14 |
| kenran_ | das_j: Thank you very much, I'm quite some steps further now. I can actually pull, but I'm getting error: access to URI 'https://github.com/NixOS/nixpkgs/archive/b8512aa7f532794ceb8fa31840cbc8e2f1e60432.tar.gz' is forbidden in restricted mode. This looks like our nix expression which uses a pinned version is not allowed to be downloaded, but it just smells like sandboxing and is probably something easy to get working. | 10:54:12 |
 das_j | You need to disable the restricted mode for this | 11:00:08 |
| das_j | https://github.com/NixOS/hydra/pull/888 would do that properly but you can also just patch it out of hydra because the PR is not merged | 11:00:20 |
| das_j | Just add this to postPatch of your Hydra package in the meantime: sed -i 's/evalSettings.restrictEval = true/evalSettings.restrictEval = false/' "$(find -name hydra-eval-jobs.cc)" | 11:01:27 |
| das_j | also cc grahamc (he/him) what about that PR? 👀 | 11:01:35 |
| das_j | * also cc grahamc (he/him) what about the aforementioned PR? 👀 | 11:01:48 |
| kenran_ | Ah, nice, that's your PR :D The PR #981 is merged though, wouldn't setting the option (where though?) suffice? | 11:03:45 |
| das_j | pure eval != restricted eval though :D | 11:04:20 |
| kenran_ | Oh, my bad | 11:04:59 |
| kenran_ | Woo, it's working, thanks again (I've never used postPatch, but I've just applied your PR as patch instead). | 11:35:18 |
| kenran_ | Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) | 11:36:01 |
| das_j | In reply to @kenran_:matrix.org
Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) Hydra can do the serviing stuff as well but I recommend setting up a dedicated binary cache server like https://github.com/thoughtpolice/eris | 11:37:07 |
| das_j | it's slightly faster by not including an entire CI with web framework ;) | 11:37:26 |
 @grahamc:nixos.org | In reply to @janne.hess:helsinki-systems.de
https://github.com/NixOS/hydra/pull/888 would do that properly but you can also just patch it out of hydra because the PR is not merged I’m not sure you even need that patch for that. I think you can add GitHub to allowed uri’s. | 11:40:24 |
| das_j | ah right if it's only that URI that should work, yeah | 11:41:39 |
| das_j | I didn't fully read it and expected IFD | 11:41:50 |
| @grahamc:nixos.org | In reply to @kenran_:matrix.org
I just tried using the exact example line from hydra-create-user --help, user alice with password foobar, and it doesn't work either, so I guess something else is not working as expected here. Or maybe I misconfigured something, but so far everything should be copied from the article. Guess I'll stick with the plain text password for now and change it via the web interface. Can you open a ticket for this? | 11:46:15 |
| @grahamc:nixos.org | I’ll look at the rest of the scrollback when I get to my desk :) | 11:47:48 |
 ajs124 | In reply to @kenran_:matrix.org
Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) feel free to ask about that here in case that's not properly documented or you run into any issues with it.
someone here should be familiar with the code. | 11:53:17 |
| ajs124 | (the LDAP part, that is) | 11:53:31 |
| kenran_ | Redacted or Malformed Event | 12:57:07 |
| kenran_ | In reply to @grahamc:nixos.org
Can you open a ticket for this? Sure; it's nixos-unstable though, does that make a difference? | 12:57:33 |
| kenran_ | In reply to @andreas.schraegle:helsinki-systems.de
feel free to ask about that here in case that's not properly documented or you run into any issues with it.
someone here should be familiar with the code. Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. | 12:58:24 |
| kenran_ | Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about `erisn though, I'll definitely have a look. | 13:00:42 |
| kenran_ | [First time in Matrix, somehow I keep clicking reply and then messing it up... sorry] | 13:01:17 |
| kenran_ | * Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about eris though, I'll definitely have a look. | 13:01:37 |
| @grahamc:nixos.org | In reply to @kenran_:matrix.org
Sure; it's nixos-unstable though, does that make a difference? Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. | 13:02:22 |
