| 21 Jan 2022 |
 kenran_ | Ah, nice, that's your PR :D The PR #981 is merged though, wouldn't setting the option (where though?) suffice? | 11:03:45 |
 das_j | pure eval != restricted eval though :D | 11:04:20 |
| kenran_ | Oh, my bad | 11:04:59 |
| kenran_ | Woo, it's working, thanks again (I've never used postPatch, but I've just applied your PR as patch instead). | 11:35:18 |
| kenran_ | Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) | 11:36:01 |
| das_j | In reply to @kenran_:matrix.org
Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) Hydra can do the serviing stuff as well but I recommend setting up a dedicated binary cache server like https://github.com/thoughtpolice/eris | 11:37:07 |
| das_j | it's slightly faster by not including an entire CI with web framework ;) | 11:37:26 |
 @grahamc:nixos.org | In reply to @janne.hess:helsinki-systems.de
https://github.com/NixOS/hydra/pull/888 would do that properly but you can also just patch it out of hydra because the PR is not merged I’m not sure you even need that patch for that. I think you can add GitHub to allowed uri’s. | 11:40:24 |
| das_j | ah right if it's only that URI that should work, yeah | 11:41:39 |
| das_j | I didn't fully read it and expected IFD | 11:41:50 |
| @grahamc:nixos.org | In reply to @kenran_:matrix.org
I just tried using the exact example line from hydra-create-user --help, user alice with password foobar, and it doesn't work either, so I guess something else is not working as expected here. Or maybe I misconfigured something, but so far everything should be copied from the article. Guess I'll stick with the plain text password for now and change it via the web interface. Can you open a ticket for this? | 11:46:15 |
| @grahamc:nixos.org | I’ll look at the rest of the scrollback when I get to my desk :) | 11:47:48 |
 ajs124 | In reply to @kenran_:matrix.org
Now LDAP login to go (not my job), and serving /nix/store to our soon-to-be-legacy GitLab jobs, and that was it :) feel free to ask about that here in case that's not properly documented or you run into any issues with it.
someone here should be familiar with the code. | 11:53:17 |
| ajs124 | (the LDAP part, that is) | 11:53:31 |
| kenran_ | Redacted or Malformed Event | 12:57:07 |
| kenran_ | In reply to @grahamc:nixos.org
Can you open a ticket for this? Sure; it's nixos-unstable though, does that make a difference? | 12:57:33 |
| kenran_ | In reply to @andreas.schraegle:helsinki-systems.de
feel free to ask about that here in case that's not properly documented or you run into any issues with it.
someone here should be familiar with the code. Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. | 12:58:24 |
| kenran_ | Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about `erisn though, I'll definitely have a look. | 13:00:42 |
| kenran_ | [First time in Matrix, somehow I keep clicking reply and then messing it up... sorry] | 13:01:17 |
| kenran_ | * Oh, Hydra itself can do that? I must have missed it. I've tried setting up a cache with nixServe before that, and also over ssh, and both seemed to work. I'd have used nixServe for now as a first step. Didn't know about eris though, I'll definitely have a look. | 13:01:37 |
| @grahamc:nixos.org | In reply to @kenran_:matrix.org
Sure; it's nixos-unstable though, does that make a difference? Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. | 13:02:22 |
| kenran_ | In reply to @grahamc:nixos.org
Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. https://github.com/NixOS/hydra/issues/1128 | 13:19:37 |
| @grahamc:nixos.org | Thanks! | 13:20:02 |
| @grahamc:nixos.org | It occurs to me this test is not very good :). https://github.com/NixOS/hydra/blob/master/t/scripts/hydra-create-user.t | 13:33:12 |
| @grahamc:nixos.org | hum. no, the test is fine. the instructions are not. | 14:05:12 |
| @grahamc:nixos.org | [nix-shell:~/projects/github.com/NixOS/hydra]$ argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
foobar
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo -n foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$JPC5oN19OhwpmzRs98CUjA
| 14:08:25 |
| @grahamc:nixos.org | maybe there should be a --password-prompt option? | 14:10:52 |
| kenran_ | In reply to @kenran_:matrix.org
Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. Can I see somehow whether LDAP access is "enabled" for the hydra-server? I've added the variable HYDRA_LDAP_CONFIG pointing to the mentioned yaml file to my environment.variables, and then rebooted. Was that correct? | 14:14:01 |
| kenran_ | I still only see the "Sign in with a Hydra account" option, though that might just be the only one. Still getting "Bad username or password". | 14:16:45 |
| ajs124 | It's the same signin menu and same accounts. It just checks LDAP for auth and takes the groups from it and writes them to the database. | 14:22:38 |
