<domenkozar>
to see if any of them fixes your bug :D
<domenkozar>
ofc, there's the danger of running unreviewed code
pie_ has joined #nixos-dev
JosW has quit [Quit: Konversation terminated!]
phreedom has joined #nixos-dev
orivej has joined #nixos-dev
<peti>
Here is a tool I'd like to have: Given a Haskell source code, compute the optimal set of qualified/unqualified import such that I need to qualify as little symbols as possible.
<capisce>
be the tool you want to see in the world
<capisce>
I mean write it
<peti>
Personally, I tend to import everything unqualified and then qualify its use, because I don't want to think about it, but if you make a few smart choices here and there while declarin the imports, the source code could be much simpler.
phreedom has quit [Remote host closed the connection]
<peti>
Also, the fact that there is no abstraction for "union" that works for Map, HashMap, and Sets in the Haskell standard library is a travesty.
jtojnar has quit [Remote host closed the connection]
peti has quit [Ping timeout: 248 seconds]
peti has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
yegortimoshenko has joined #nixos-dev
<yegortimoshenko>
grahamc: hi! i would like to ask your advice on bots
<yegortimoshenko>
(github bots)
<gchristensen>
ok
orivej has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
<domenkozar>
peti: what would be the heuristic?
<gchristensen>
yegortimoshenko: (I am grahamc :) )
<yegortimoshenko>
i'm also nervous that it might mislabel some issues at first, but seemingly it works rather well from my tests
<yegortimoshenko>
gchristensen: sure! sometimes i forget that you use gchristensen handle more actively than grahamc :-)
<domenkozar>
that seems like his commute is short
<domenkozar>
we have all the metadata about gchristensen
<gchristensen>
domenkozar: you saw my commute start and end today :P
<yegortimoshenko>
s/i've/i/
<gchristensen>
I don't know, yegortimoshenko, we should think about that as a community and come to some thoughts about bots. one thing I try to do with anything I set up is make it based on me, so that if it goes wrong it reflects badly on me and people know who to yell at to shut it off
<yegortimoshenko>
good idea!
<yegortimoshenko>
i thought people might be weirded out that i label all issues
<gchristensen>
this is how I came to use the name "grahamcofborg" despite me not really liking how self centered it looks. I feel not great about it using the name "nixpkgs-classifier", I think
<gchristensen>
it would also be very nice if these systems were developed and coded and run on a machine where other people in the community can help administer them (so if something goes wrong we can stop the bot's process, instead of ban the bot on github, for example)
<yegortimoshenko>
it can be disabled from github webhooks
<yegortimoshenko>
(but it requires owner access i think)
<gchristensen>
yeah github.com/nix-community might be a good place for these projects to live, for example, but also don't want to setup too much bureaucracy
<yegortimoshenko>
also, i would have done run it under my name, but i still need a github webhook. i think grahamcofborg is webhook-based too, or does it poll?
<gchristensen>
I have access to all the existing github webhooks right now, but I couldn't send them as webhooks to you, but through rabbitmq events
<gchristensen>
grahamcofborg receives webhooks and puts them in to a queue immediately, everything else runs off the queue
<yegortimoshenko>
i see; that would make it rather more verbose (i mean, the bot). it currently runs as an aws lambda function and requires a http callback to start. it's also reliant on github payload structure.
<gchristensen>
this of course adds another layer to it all, in that if I give you access, things you do with it access also reflects on me, so there is a strong motivation for me to behave responsibly with it, and hopefully a strong motivation for you also to be responsible
<gchristensen>
right
<yegortimoshenko>
s/would have done/could/
<gchristensen>
the data in the queue is the exact event structure from github, so that part wouldn't change
<gchristensen>
the rabbitmq part is a bit annoying I do sympathize
<yegortimoshenko>
are there practical webhook limitations? i could probably write another layer that would turn rabbitmq events into http requests, but practically it would not be different from just a direct webhook, i.e. it would use my github token to label issues.
<gchristensen>
well it takes a lot of work to
<gchristensen>
get a webhook added and the config updated later if necessary, because very few have that level of privs on the github organization
<gchristensen>
thats why I use the system I do, so I can do multiple things with the one webhook I've managed to get added
<yegortimoshenko>
ah, i see! ok.
<gchristensen>
if you make the thing to turn events in to requests, I can happily host it and send you http requests.
<gchristensen>
but please also support the HMAC signature, it is important that always be checked
phreedom has joined #nixos-dev
ma27 has quit [Quit: WeeChat 2.0]
<yegortimoshenko>
sure! should it be handled at rabbitmq->http transport or rather on each specific webhook?
<gchristensen>
each webhook should have a separate secret key, so you'd have a different one from domenkozar when I add his
ma27 has joined #nixos-dev
<gchristensen>
todo: periodically send invalid data signed by the wrong key to each hook to ensure they refuse it :P
<yegortimoshenko>
gchristensen: if you want to only have one webhook that turns github events into rabbitmq events, it would make sense to check hmac there, then strip hmac header and make a new one
<yegortimoshenko>
and specify new secrets on that transport
<gchristensen>
right, so github -> (check hmac, strip hmac) rabbitmq -> forwarder ( forwards to your URL, signs it with the secret key just for your URL)
<gchristensen>
the first half of that is already doing the hmac checking
ma27 has quit [Ping timeout: 255 seconds]
<yegortimoshenko>
ok! i will also need to be able to read from rabbitmq in order to test whether my forwarder works or not
<gchristensen>
yep yep, I can sort out creds for that
<gchristensen>
but not until this evening, currently work hours :)
<yegortimoshenko>
thank you! <3
<gchristensen>
yep! thank you for your interest and work :)
<peti>
domenkozar: I think a simple back-tracking exhaustive search of all permutations is quite feasible.
<gchristensen>
peti: I think the biggest problem I see is it is only "optimal" for a point in time, and if you keep it "optimal" it makes for weird diffs
<peti>
Yeah, one would not re-run that tool with every commit. That would be strange.
<peti>
IMHO, one could normalize the code to "everything needs to be qualified" in a pre-commit hook, and then switch to "qualifiy as little as possible" in the checkout hook. :-)
<gchristensen>
that'd be neat
ma27 has joined #nixos-dev
yegortimoshenko has left #nixos-dev ["ERC (IRC client for Emacs 27.0.50)"]
Sonarpulse has quit [Ping timeout: 265 seconds]
<domenkozar>
peti: that sounds like a rule to hlint to me
phreedom has quit [Ping timeout: 240 seconds]
Profpatsch has quit [Ping timeout: 260 seconds]
<peti>
domenkozar: hlint re-formats source code?
<domenkozar>
afaik no?
<yorick>
peti: thanks1
<yorick>
!*
Sonarpulse has joined #nixos-dev
jtojnar has joined #nixos-dev
ma27 has quit [Ping timeout: 265 seconds]
ma27 has joined #nixos-dev
<gchristensen>
niksnut: how would you feel about a "super bump" button for hydra jobs that only specially-roled people can access, setting the build's priority to be more important than other regular-bumped builds, for cases like "quick quick, get these kernel patches out the door"
<fpletz>
currently thinking about adding a reboot command that does kexec with a special initrd that has luks keyfiles in it to unlock luks partitions automatically on reboots
orivej has quit [Ping timeout: 252 seconds]
<fpletz>
use case are servers with full disk encryption that you want to update but without using the dropbear in the initrd
<fpletz>
just for reboots though, a regular reboot does of course have dropbear in the initrd for boot it e.g. after a power failure or kernel panic
<fpletz>
the special initrd would of course not be placed on the unencrypted boot partition
<fpletz>
does that seem safe? does the initrd remain in memory?
<fpletz>
spoke to some nixos users about this at 34c3
phreedom has joined #nixos-dev
__Sander__ has quit [Quit: Konversation terminated!]
<disasm>
How was 34c3 fpletz? Good time?
<gchristensen>
fpletz: you'd have to be sure to carefully sync and umount prior to kexec
ckauhaus has joined #nixos-dev
layus_ has joined #nixos-dev
layus has quit [Ping timeout: 256 seconds]
layus_ is now known as layus
<samueldr>
I'm seeing divergent opinions on my PR, #33263, which batch edits homepages, should we defer to eelco for the final say on the matter?
<samueldr>
not that there is an issue with the opinions, but I can't do it both ways
<gchristensen>
niksnut: would you mind if I scraped various hydra.nixos.org pages periodically (once every few minutes perhaps?) or would that place an annoying amount of load on the host
<fpletz>
samueldr: one commit would be better for such a change imho
<LnL>
I've been using that for a while now without problems
<LnL>
with a small change in build-remote it will also work there IIRC
<niksnut>
LnL: I've added a comment
<LnL>
thanks
pie___ has joined #nixos-dev
pie__ has quit [Read error: Connection reset by peer]
phreedom has quit [Quit: No Ping reply in 180 seconds.]
phreedom has joined #nixos-dev
phreedom has quit [Ping timeout: 248 seconds]
la_putin has quit [Read error: Connection reset by peer]
la_putin has joined #nixos-dev
ckauhaus has quit [Quit: Leaving.]
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
contrapumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
orivej has joined #nixos-dev
<gchristensen>
niksnut: it seems channels aren't advancing due to something in the channel scripts, 17.09-small should have been ready to advance 17.09 is too