| 22 Jul 2025 |
 K900 | Ugh didn't capture cursor | 19:01:27 |
| K900 | The "x86_64-linux" link goes to Hydra | 19:01:32 |
 jonhermansen | Ahh, thank you! | 19:01:51 |
| K900 | Last eval 2024-02 | 19:02:30 |
| K900 | Great | 19:02:31 |
| jonhermansen | search query performance is improved due to ElasticSearch cache | 19:02:34 |
| K900 | Oh, freeimage dep | 19:03:00 |
| jonhermansen | I'm cleaning up dependents of openimage library in the tree now | 19:03:02 |
| jonhermansen | err yeah freeimage. | 19:03:06 |
| K900 | Those didn't eval for over a year at this point | 19:04:14 |
| K900 | Just delete the damn thing | 19:04:17 |
| K900 | 
Download image.png | 19:04:45 |
| K900 | You know it's a good one when the CVE list doesn't fit on the screen | 19:04:52 |
| jonhermansen | Yup. I tried looking to see if the broken package I found could even be saved, but no. The discussion upstream went nowhere, so I figured it's a good chance to clean up unused code | 19:06:26 |
| jonhermansen | I added trenchbroom to my system packages and it blew everything up because of this throw, so I went down the rabbithole.
pkgs/by-name/li/libjpeg_turbo/package.nix: dev_private = throw "not supported anymore";
Anyways, thanks for the help, I'll use search.nixos.org next time | 19:07:35 |
| 24 Jul 2025 |
 cleverca22 | my hydra is being swamped by some kind of scrapper/bot/ddos
they are just recursively following every link on every page, ignoring robots.txt, and causing performance problems
user-agents are total garbage, even claiming to be things like macos on ppc, or linux on ppc
no cookies
every ip hits me up once, and then never comes back!
what can be done to block this kind of garbage? | 15:21:14 |
 ma27 | I essentially stole https://github.com/NixOS/infra/blob/7ee3f5c95beda825b742580178f84034ec48aa9c/non-critical-infra/hosts/staging-hydra/hydra-proxy.nix#L9 | 15:25:41 |
| ma27 | and it's working surprisingly well | 15:25:49 |
| cleverca22 | hmmm, i'm getting some like:
Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3 like Mac OS X; as-IN) AppleWebKit/532.43.7 (KHTML, like Gecko) Version/3.0.5 Mobile/8B119 Safari/6532.43.7
Opera/9.82.(X11; Linux i686; mg-MG) Presto/2.9.176 Version/11.00
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_11_5; rv:1.9.5.20) Gecko/3574-09-12 00:50:37.474434 Firefox/3.6.2
Mozilla/5.0 (X11; U; Linux ppc; fr; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12
| 15:27:13 |
| cleverca22 | i do see ipod in the list you linked | 15:28:05 |
| cleverca22 | let me see what happens if i apply that..... | 15:28:30 |
| cleverca22 | ma27: yep, i can confirm, traffic is now 403'ing and going to abuse.log! | 15:34:48 |
| cleverca22 | some still slips thru though, but i could tweak the regex to improve that | 15:35:06 |
| cleverca22 | even with the small bits that slip thru, the machine is basically idle now, so its all good | 16:05:22 |
 Sandro 🐧 | That list at least put Samsung Mobile Browsers out because they are on Chromium 130 🙃 | 23:13:55 |
| Sandro 🐧 | If you open Developer Tools and choose Android, you get a Nexus with Android 6 | 23:14:37 |
| Sandro 🐧 | Also I quickly found some friends which should have updated their Firefox more often | 23:14:55 |
| 25 Jul 2025 |
|  Luke joined the room. | 03:22:27 |
| Luke | I posted this in the Terranix channel, but am hoping to get more eyes on it - sorry for double posting!
The high level idea I have is as follows:
- Orchestrator flake: sources all other flakes using input following. Hydra builds this flake, and some cron job regularly runs
flake update to pick up new changes to all packages in the pipeline.
- Pipeline flake: a set of impure builds with a sequential dependency chain that are responsible for executing terraform plan and apply for each stage. These builds would use something like fixed output derivations with a fake hash to skirt network sandboxing. Integration tests would also be represented this way.
- Infrastructure flake: defines the terranix infrastructure, gets used by the various pipeline stages for deployment.
- Application flakes: flakes that define how to build and package application code, these get used by the infrastructure flake.
Then configure Hydra, and one machine should be able to act as a full devops pipeline?
This should let developers easily work on any subset of the system in a local workspace by modifying the flake inputs, as well as allowing things like manual deployments for rollbacks or emergency situations. There might be flaws with this idea, but I am curious to hear what folks think
| 03:24:57 |
| Luke | This is for a declarative CI/CD deployment pipeline running from a single machine | 03:26:21 |
