| 5 Jan 2024 |
 cransom | way back when, yeah, i did something similar for secrets. | 16:01:03 |
 @arcayr:rascals.net | In reply to @hacker1024:matrix.org
Is there any way to read a value from another file or environment variable in the Hydra configuration? I've set up sops-nix for all my secrets, but Hydra requires GitLab tokens to be put in the configuration file itself. The NixOS module generates the entire configuration file during evaluation, so there's no way to put secrets inside it. hydra doesn't have a configFile / environmentFile attr? | 16:02:15 |
 ma27 | I usually do Include foo in hydra.conf and ln -sf ${config.sops.foo.path} /var/lib/hydra/foo in e.g. the poststart. | 16:02:33 |
| ma27 | IIRC the config file format supports inclusions, but not from arbitrary locations, hence the symlink. | 16:02:52 |
| 7 Jan 2024 |
|  iamameatpopsicle joined the room. | 17:44:25 |
| 9 Jan 2024 |
|  @andar1an:matrix.org joined the room. | 20:28:19 |
| 10 Jan 2024 |
 hacker1024 | I have a jobset of NixOS system closures that have custom software installed. The NixOS systems use modules from a third-party repository, and the custom software uses packages from the same third-party repository. The same revision of the repository needs to be used in both cases, as the NixOS modules supply drivers that must be ABI-compatible with the software.
Before making the Hydra jobset, I had a file called revisions.json containing the repository revision and hash. The packages were added in an overlay using self.fetchFromGitHub with those details, and the modules were added using builtins.fetchTarball, as no Nixpkgs is available during module import evaluation.
Is fetchurl disabled in Hydra even when a hash is supplied? It seems so. How then can I use the fixed revision information from inside my main input in another input? Can jobset inputs reference each-other?
| 03:12:21 |
| hacker1024 | On another note, is there a way to make all of a specific jobset's builds always be at the top of the queue? I want my declarative jobset generation jobs to run as soon as they can. | 03:28:53 |
| hacker1024 | Another unrelated question:
We currently have an x86_64 AWS EC2 instance running Hydra and performing local builds, using an S3 store. We want to use the Oracle Cloud free tier for remote ARM builds as well, but network costs to and from the EC2 instance are expensive.
Is there a way to get Nix to use the S3 store to send things to and get things from the remote builder? I believe it normally uses SSH. S3 is much cheaper than generic Internet traffic. | 04:21:03 |
| 11 Jan 2024 |
 jackdk | Try turning on the nix option builders-use-substitutes and add the S3 cache as a substituter on your ARM machine?
Also be sure to use hydra's store_uri parameter and not a nix post-build-hook to copy built derivations back to S3, otherwise you won't get remote-built derivations into your cache.
Also also, in case it helps: AWS are still running their free tier for graviton t4.small instances: https://aws.amazon.com/ec2/faqs/#t4g-instances
| 11:01:21 |
| @andar1an:matrix.org left the room. | 11:44:19 |
| 12 Jan 2024 |
| hacker1024 | Thanks! This looks good.
Unfortunately t4g.small has too little RAM for us, we're on t4g.medium :(. I haven't tried using swap though, that's probably worth looking into. | 00:12:07 |
| 16 Jan 2024 |
| hacker1024 | 
Download image.png | 22:50:19 |
| hacker1024 | I'm getting AWS authentication errors when trying to download build products. What process does the failing code run under? I've made the AWS credentials available to hydra-evaluator, hydra-queue-runner, hydra-server and hydra-notify already, but that doesn't seem to help. | 22:51:36 |
| hacker1024 | Ah, turns out hydra-server was right, but the hydra-www user couldn't access the credential file. | 23:05:28 |
 samueldr | quick question: is there a way to cancel all builds from an eval, without having a new eval to "cancel non-current builds"? | 23:26:16 |
| samueldr | * quick question: is there a way to cancel all builds from an eval, without having a new eval to "cancel queued non-current builds"? | 23:26:22 |
| samueldr | [though the eval apparently just finished, so I don't need it anymore] | 23:30:24 |
| 17 Jan 2024 |
 das_j | 
Download image.png | 08:16:11 |
| das_j | close enough, it will kill all queued ones but not the running ones | 08:16:28 |
|  Swastik Baranwal set a profile picture. | 21:23:42 |
 John Ericson | delroth: is your https://github.com/NixOS/hydra/pull/1335 ready to go? | 21:24:54 |
| John Ericson | happy to approve and merge it if so | 21:25:00 |
 @delroth:delroth.net | I think it is ready, I've done some light testing on hydra.nixos.org and nothing seemed to blow up | 22:03:12 |
| John Ericson | delroth: yeah I definitely trust your testing | 22:07:11 |
