samueldr changed the topic of #nixos-infra to: NixOS infrastructure | logs:
cole-h has quit [Ping timeout: 240 seconds]
<gchristensen> garbas: I think adding visibility and transparency is critical before adding more automated tasks that the foundation does. Access to the infra is highly limited, and depending on those few people to go look at secret logs puts a lot of burden on them
<gchristensen> (me, for example :P)
<garbas> i completely agree.
<garbas> your suggestion was buildkite right?
<garbas> s/was/is/
<gchristensen> yeah
<garbas> is there any other option?
<gchristensen> I think part of the concern was that it gives buildkite a lot of privilege to our infrastructure
<garbas> ok that is a valid concern. from what i understand buildkite would run agents on our infra, right/
<gchristensen> yeah
<gchristensen> and at a minimum be able to publish AMIs and cloudy images
<garbas> what about doing this with systemd one of scripts?
<garbas> and forwarding logs somewhere
<garbas> i know i'm reinventing here, but i'm trying to use what we already have
<gchristensen> well, maybe that would work, but overall system logs are quite privileged so we'd probably want to limit the visible logs
<gchristensen> and having the concept of runners and how many things run at once would be nice (right now the channel update script uses a complicated set of systemd directives to make this work)
<garbas> i wonder if we can only forward logs from few systemd scripts
<garbas> +1
cole-h has joined #nixos-infra