| 25 Aug 2021 |
 sterni | * GitHub org teams hydra plugin -.- | 14:24:25 |
 @grahamc:nixos.org | sounds like a cool idea | 14:25:06 |
| sterni | does it already have a group concept? | 14:25:24 |
| @grahamc:nixos.org | no | 14:25:29 |
| @grahamc:nixos.org | :) | 14:25:36 |
 andi- | Pluggable permissions might be a first step. | 14:26:37 |
| andi- | e.g. for all of the 3-4 role functions that we have now allow them to be extended by plugins. | 14:26:54 |
| @grahamc:nixos.org | yeah | 14:27:08 |
| @grahamc:nixos.org | sounds like a cool idea | 14:27:12 |
| andi- | Then the first step could be to give each committer restart permissions. | 14:27:32 |
| @grahamc:nixos.org | 😬 maybe :) | 14:28:08 |
| andi- | In reply to @grahamc:nixos.org
😬 maybe :) If not restart what else? Nothing? :D | 14:28:22 |
| andi- | I think that is the lowest priv we have except maybe the bump-to-front role | 14:28:35 |
| sterni | bump-to-front is riskier arguably since it messes with normal scheduling | 14:29:01 |
| @grahamc:nixos.org | we actually have ✨policy ✨ about this | 14:29:34 |
| andi- | I think aborting many jobs is costlier than slightly changed scheduling. It isn't a clear line. | 14:29:48 |
| @grahamc:nixos.org | https://github.com/NixOS/nixos-org-configurations/wiki/Hydra-Accounts#deciding-on-roles | 14:29:49 |
 ajs124 | hm. if the decision is made to give members of a certain github organisation a role in hydra, that can probably just be hacked into src/lib/Hydra/Controller/User.pm github_login | 14:31:32 |
| @grahamc:nixos.org | I would be surprised if that PR merged | 14:32:06 |
| ajs124 | that's the same place where LDAP groups get mapped to hydra roles with some extremly horrible code | 14:32:19 |
| @grahamc:nixos.org | :D | 14:32:30 |
| ajs124 | my @LDAPRoles = grep { (substr $_, 0, 5) eq "hydra" } $LDAPUser->roles;
| 14:32:50 |
| sterni | Sounds like a good opportunity to clean that up using groups as well | 14:33:50 |
| ajs124 | but but… then I might need to adjust my setup | 14:34:12 |
| andi- | It is unreleased software ;) | 14:34:29 |
| andi- | Users are the worst. | 14:34:50 |
| sterni | ajs124: I'll just deem this a space heater type problem | 14:35:05 |
| sterni | * ajs124: I'd just deem this a space heater type problem | 14:35:33 |
| ajs124 | For added context, in case anyone isn't aware: That LDAP login and group mapping code is actually my fault.
If anyone decides to rewrite it and make it less horrible, be my guest. | 14:36:08 |
| @grahamc:nixos.org | fwiw I'm about to smash the merge button on this: https://github.com/NixOS/hydra/pull/1001 | 14:45:31 |
