gchristensen changed the topic of #nixos-borg to: https://www.patreon.com/ofborg https://monitoring.nix.ci/dashboard/db/ofborg?refresh=10s&orgId=1&from=now-1h&to=now "I get to skip reviewing the PHP code and just wait until it is rewritten in something sane, like POSIX shell. || https://logs.nix.samueldr.com/nixos-borg
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-borg
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-borg
<supersandro2000> cole-h: no, not really if they are symlinked into the store
<supersandro2000> or I just make the store writtable
<cole-h> (-> #nixos if you want to discuss more)
cole-h has quit [Ping timeout: 264 seconds]
<gchristensen> https://buildkite.com/grahamc/ofborg/builds/126#_ progress is being made
supersandro2000 has quit [Quit: The Lounge - https://thelounge.chat]
supersandro2000 has joined #nixos-borg
orivej has joined #nixos-borg
kalbasit has quit [Ping timeout: 240 seconds]
cole-h has joined #nixos-borg
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-borg
hexa- has quit [Ping timeout: 258 seconds]
hexa- has joined #nixos-borg
cole-h has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 260 seconds]
andi- has quit [Ping timeout: 260 seconds]
andi- has joined #nixos-borg
orivej has joined #nixos-borg
supersandro2000 has quit [Quit: Ping timeout (120 seconds)]
supersandro2000 has joined #nixos-borg
WilliButz has quit [Ping timeout: 240 seconds]
WilliButz has joined #nixos-borg
kalbasit has joined #nixos-borg
orivej has quit [Ping timeout: 240 seconds]
cole-h has joined #nixos-borg
evanjs has quit [Ping timeout: 272 seconds]
evanjs has joined #nixos-borg
<cole-h> gchristensen: I really enjoy seeing your frustrated commit messages lol. "SIGH."
<gchristensen> :))
<cole-h> I also find it funny how you switch cases (e.g. `ci: rabbit -> rabbitmq` and `CI: drop dependencies which may not materialize`) :D
<cole-h> Let's go!
<gchristensen> lol
<cole-h> :D
<gchristensen> I really, really, really want a Vault plugin which creates temporary (writable) deploy keys for git repos
<cole-h> Brain slow and not immediately seeing what that could be used for. Mind expanding?
<gchristensen> sure
<gchristensen> and then I want to commit and push that
<cole-h> ah, OK
<cole-h> But you don't want to permanently configure an access token or something
<gchristensen> yea
<gchristensen> (it'd be basically the only one)
<cole-h> Ah, right, you want to leverage vault's strength in temporary creds (e.g. as you were experimenting earlier in the infra repo with TTL creds)
<cole-h> If it didn't require me to learn or read Go, I'd think about attempting it :')
<gchristensen> hahaha
<gchristensen> I hear that
<cole-h> Rust really has me spoiled :(
<gchristensen> the nice thing about go is everything has good client libraries
<cole-h> gchristensen: Would it be an auth plugin or a secrets plugin?
<gchristensen> secrets plugin
<gchristensen> ummmmhi
<cole-h> :D?
<cole-h> Looks like I don't have to break my promise of not attempting it :P
<gchristensen> I love how simple vault makes these plugins
<gchristensen> [grahamc@Petunia:~/projects/github.com/martinbaillie/vault-plugin-secrets-github]$ find . -name '*.go' | xargs cat | wc -l
<gchristensen> 2524
<gchristensen> like, short enough I can read it all
<gchristensen> heyyyy the author is a member of the nixos org too
<cole-h> :D
<cole-h> It's like this was made for us
orivej has joined #nixos-borg
<{^_^}> martinbaillie/vault-plugin-secrets-github#14 (by grahamc, 7 seconds ago, open): Support for roles?
<cole-h> gchristensen: so it's "almost there"?
<gchristensen> it is 100% usable already
<gchristensen> this is like a quality of life thing
<cole-h> Right, sweet!
* cole-h closes all the "Build Your Own Plugins" hashicorp tabs
* cole-h wipes sweat from brow
<gchristensen> but instead of being able to say "give me a github-app/role/ofborg-deploy token" you have to say "give me a token for xxx with read/write access"
<cole-h> So it allows for less hardcoding? The repo and permissions would be codified in that role, rather than having to be explicit?
<gchristensen> yea
<gchristensen> and you can audit access to the role, expand / restrict access to it better, etc.
<cole-h> Ah, I see
kalbasit has quit [Quit: kalbasit]
<gchristensen> hrm..
<gchristensen> Jan 12 23:21:59 kif vault[29581]: 2021-01-12T23:21:59.975Z [DEBUG] secrets.github.github_f45e480f.github.vault-plugin-secrets-github: attempted to create a new installation token: permissions=<nil> repository_ids=[] took=139.020446ms err="unable to create access token: 403 Forbidden" timestamp=2021-01-12T23:21:59.975Z
<cole-h> :(
<gchristensen> probably just not knowing something
<supersandro2000> that is a lot of noise for a 403
<cole-h> gchristensen: Semi-unrelated, but could that plugin be used to circumvent GitHub's lack of SSH CA support? I remember you complaining about this in the past, I think.
<gchristensen> that is exactly my hope :P
<cole-h> hehe