Jonas Chevalier
Jonas Chevalier
Good question. So far, we left this up to the user, and need a clear policy. As a first iteration, I would say: 1. Use as many resources as possible....
I deleted the CACHIX_SIGNING_KEY as it's the most critical one and hard to rotate once leaked. I thought I already deleted it. The only impacted project AFAIK is https://github.com/nix-community/hardware-mnt-reform. /cc...
How reliable and easy to use is Hercules CI? Is it something you would recommend all the repos migrate to? If not, we still have the self-hosted GitHub runners route....
It would be cool to offer more architecture for Hercules and Hydra if we can. The main question is how to organize ourselves so that the coordination overhead stays minimal....
If we can get to a point where there is a nixos-unstable-riscv channel that is uptodate, it wouldn't be more work for us. But I don't know how far along...
Sounds good, I am OK taking up that role. I agree that we want nixpkgs to be in a relatively stable state before adding the builders to the infrastructure.
What Linux distribution should be used to reproduce the problem? Normally Nix should come with its own version of libcrypto.
I don't know how terranix is being setup, it's better to ask them. Typically the `.terraform` and `terrafork.lock` and created by terraform and we don't control that content.
@andir what we tested was on a builtin derivation. Maybe `builtins.fetchurl` has a different rule.
very meta :) It's a good idea, but it needs to be properly documented in the README. Otherwise, it's just going to add weight to the repo for nothing.