| 24 Jul 2025 |
 cleverca22 | even with the small bits that slip thru, the machine is basically idle now, so its all good | 16:05:22 |
 Sandro 🐧 | That list at least put Samsung Mobile Browsers out because they are on Chromium 130 🙃 | 23:13:55 |
| Sandro 🐧 | If you open Developer Tools and choose Android, you get a Nexus with Android 6 | 23:14:37 |
| Sandro 🐧 | Also I quickly found some friends which should have updated their Firefox more often | 23:14:55 |
| 25 Jul 2025 |
|  Luke joined the room. | 03:22:27 |
| Luke | I posted this in the Terranix channel, but am hoping to get more eyes on it - sorry for double posting!
The high level idea I have is as follows:
- Orchestrator flake: sources all other flakes using input following. Hydra builds this flake, and some cron job regularly runs
flake update to pick up new changes to all packages in the pipeline.
- Pipeline flake: a set of impure builds with a sequential dependency chain that are responsible for executing terraform plan and apply for each stage. These builds would use something like fixed output derivations with a fake hash to skirt network sandboxing. Integration tests would also be represented this way.
- Infrastructure flake: defines the terranix infrastructure, gets used by the various pipeline stages for deployment.
- Application flakes: flakes that define how to build and package application code, these get used by the infrastructure flake.
Then configure Hydra, and one machine should be able to act as a full devops pipeline?
This should let developers easily work on any subset of the system in a local workspace by modifying the flake inputs, as well as allowing things like manual deployments for rollbacks or emergency situations. There might be flaws with this idea, but I am curious to hear what folks think
| 03:24:57 |
| Luke | This is for a declarative CI/CD deployment pipeline running from a single machine | 03:26:21 |
 hexa | cleverca22, ma27, Sandro 🐧 we have moved to anubis since | 12:47:44 |
| Sandro 🐧 | I know | 12:48:02 |
| hexa | https://grafana.nixos.org/d/fejx5cl0i0s1sb/anubis?orgId=1&from=now-6d&to=now&timezone=utc&var-site=hydra.nixos.org:9001&viewPanel=panel-3 | 12:48:19 |
| Sandro 🐧 | All those live sucking AI and SEO companies 😒 | 12:48:59 |
|  Vuks joined the room. | 18:04:27 |
| 26 Jul 2025 |
| cleverca22 | i was considering doing that, got a link to how its all configured? | 01:45:12 |
| hexa | https://github.com/NixOS/infra/blob/main/build/hydra-proxy.nix#L14 | 01:46:51 |
| hexa | we currently have a map for some exceptions, but you likely don't need that | 01:47:12 |
| hexa | just bypass the map and point the proxyPass directly at anubis | 01:47:23 |
| Sandro 🐧 | I do proxy auth but that's more complicated | 11:46:58 |
| Sandro 🐧 | And I also patch anubis to not lie about the http status code | 11:47:11 |
| hexa | yeah, I looked into that (realistic status codes) shortly and you have to configure the whole bot policy yourself if you want to override these | 13:29:33 |
| hexa | so patching them in the source is more appealing | 13:29:39 |
| hexa | same with go-away, which has various yaml policy definitions | 13:30:00 |
| hexa | I absolutely don't want to manage my own policy list, if I can get away with it | 13:30:15 |
| cleverca22 | i was also thinking auth proxy would perform better, and then realized there are similar issues at work with other software, where i can apply the same fix | 16:04:16 |
| Sandro 🐧 | I want to write some to skip it if the user is logged in | 20:05:02 |
| 28 Jul 2025 |
|  qubitnano joined the room. | 01:20:38 |
| 30 Jul 2025 |
 sterni | Redacted or Malformed Event | 14:41:12 |
| sterni | Redacted or Malformed Event | 14:41:25 |
| sterni | ah nevermind lol | 14:41:45 |
| 2 Aug 2025 |
|  @saiko:knifepoint.net changed their profile picture. | 00:28:04 |
| 4 Aug 2025 |
 Mic92 | This file longs wrong in the repository: https://github.com/NixOS/hydra/blob/957884d174445b1615e86388254189bbe91f9a40/t/jobs/config.nix here is the source: https://github.com/NixOS/hydra/blob/957884d174445b1615e86388254189bbe91f9a40/t/jobs/config.nix.in | 11:05:47 |
