<julm>
last month I spent a fez hours to start reviewing the alternatives for ZFS backuping, it's quite a lot: zfs-auto-snapshot (Bash), zfs_autobackup (Python), zfsnap (sh), znapzend (Perl), zrepl (Go), and of course custom zfs send/receive (+ mbuffer optionally). I still have to motivate myself to resume this reviewing and choose something to try
<gchristensen>
as long as your entire postgresql state and data and tablespace directories are in the same pool, and they're atomically snapshotted together
evils has quit [Ping timeout: 256 seconds]
<gchristensen>
if you recover from a snapshot, it will start as if it crashed
<julm>
and syncoid (Perl), pfiou.. :s
evils has joined #nixos-dev
<julm>
also, I've read it's good practice to have one dataset per database
<gchristensen>
probably depends on your workload, but couldn't hurt as long as they are all in the same pool
<gchristensen>
I did a lot of research before doing it, I didn't want to move hydra and have it be significantly slow because it was a bad idea in the first place
<julm>
and so, is it performing as well as wanted?
<gchristensen>
it does pretty well
<gchristensen>
nobody here knows hydra.nixos.oorg to be fast, so there was some wiggle room :P
<jtojnar>
ryantm did the gnome blacklist stop working?
<Ericson2314>
niksnut: I think we can have unprivilaged drv-file-less building without changing the hashing scheme!
<Ericson2314>
The trick is, the hashes the hashModuloDerivation puts in don't actually matter
<Ericson2314>
(hashes and outputs)
<Ericson2314>
it's just arbitrary data whose only purpose is to compute the store path
<gchristensen>
I hope there are no plans to eliminate drv files altogether, I use them quite significantly
<Ericson2314>
gchristensen: oh no absolutely not; in fact I want more of them!
<gchristensen>
uhoh
<Ericson2314>
:)
<gchristensen>
:)
<Ericson2314>
The issue today is that buildPath require sending over extra data, but is unprivilaged
<Ericson2314>
while buildDerivation allows sending over just what is needed, but is privilaged
<Ericson2314>
but we can have the past of both worlds, by sending over basically the thing that hashModuloDerivation hashes
<Ericson2314>
which can be thought of as BasicDerivation + salt
<Ericson2314>
there's nothing privilaged about choosing the salt (we already prevent primage attacks that would come from that being wrong)
<gchristensen>
what about reuse?
<Ericson2314>
gchristensen: if the client makes the "honest" choice of the salt, then they get reuse
<Ericson2314>
if they spoof it, then they don't
<gchristensen>
I mean salt reuse
<Ericson2314>
oh I shouldn't call it "salt" then
<gchristensen>
usually you want a good salt, and what happens if we can't trust it to be good?
<gchristensen>
ah
<gchristensen>
I need to go outside and sterilize some boxes before I bring them inside. back in a few :)
<Ericson2314>
so right now hashModuloDerivation puts some hashes of dependend-upon derivatitons in there
<Ericson2314>
it doesn't do anything except influence the store path
<gchristensen>
that store path is pretty important though, can we validate it?
<Ericson2314>
gchristensen: OK, enjoy everyone being 6 >>> feet away in the berkshires!
<gchristensen>
:P thanks!
<Ericson2314>
gchristensen: we validate it up to these hashes, but that's it
<Ericson2314>
nothing more is ever needed
<gchristensen>
Ericson2314: so are you saying what was being done is totally unneeded, or that the client will be able to lie in some innocuous way? being able to influence the store path seems shady
<Ericson2314>
gchristensen: sorry, some lag in Riot. The client will be able to lie in an innocuous way, but it's OK. It was always redundant to hash *how the inputs are built* when all that is required is knowing what the inputs are, for computing store paths
<Ericson2314>
you can "make up whatever story you want" i.e. chose weird hashes, for how the inputs are made, but it doesn't matter as you aren't actuallly deciding how they are made, and also require that the remote builder has already built them
<Ericson2314>
it's like the client is comming up with some alternate history which may or may not be correct, and the remote builder doesn't care
<Ericson2314>
Already, there is no way to know which store path corresponds to which input derivation
<Ericson2314>
except for having all the DRVs to redo all the hashing
Jackneill has joined #nixos-dev
justanotheruser has quit [Ping timeout: 256 seconds]
drakonis_ has joined #nixos-dev
drakonis has quit [Ping timeout: 250 seconds]
drakonis_ has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-dev
drakonis_ has joined #nixos-dev
justanotheruser has joined #nixos-dev
drakonis has quit [Ping timeout: 246 seconds]
cole-h has joined #nixos-dev
teto has quit [Ping timeout: 246 seconds]
teto has joined #nixos-dev
drakonis has joined #nixos-dev
drakonis_ has quit [Ping timeout: 246 seconds]
drakonis1 has joined #nixos-dev
drakonis_ has joined #nixos-dev
drakonis has quit [Ping timeout: 246 seconds]
teto has quit [Ping timeout: 246 seconds]
drakonis_ has quit [Ping timeout: 240 seconds]
teto has joined #nixos-dev
drakonis_ has joined #nixos-dev
<bgamari>
gchristensen, have there been any further developments on #69360?
<flokli>
bgamari: if you're still debugging packet.net bonds, try describing things via the systemd.network.links (it now works in unstable and 20.03) - https://github.com/NixOS/nixpkgs/pull/82941
<{^_^}>
#82941 (by flokli, 2 days ago, merged): nixos/systemd: apply .link even when networkd is disabled (without the lib refactor this time)
<flokli>
I'm not sure if the bash script thing works reliably - but this is now directly in udev
<arianvp>
I think he's still on 19.09
<arianvp>
Or .03
<flokli>
well, then not ;-)
<bgamari>
flokli, I am
<flokli>
bgamari: you are what?
<bgamari>
still debugging, that is
<flokli>
ok
<flokli>
so, you might want to try configuring the mac address via systemd.network.link
<bgamari>
flokli, however, I'm already using master
<bgamari>
flokli, I am now doing so
<bgamari>
unfortunately networkd seems not to apply the change
* bgamari
is using 19fc3f3230ea1a31996dbc887603dee683cd39bb
<flokli>
bgamari: networkd doesn't apply the .link stuff
<flokli>
that's udev
<flokli>
but… before that PR, things were only applied IF you also enabled networkd
<flokli>
which is wrong
<bgamari>
FWIW I have also enabled networkd at this point
<flokli>
so, if you're nixpkgs is past that merge or the backport to 20.03, you can try with the .link options
<flokli>
well, then what /etc/systemd/network/*.link files do you have?
<flokli>
and what does networkctl status $bondIf say which .link file it takes?