Thanks for expressing your concern, which seems shared with other people. I am interested in knowing what is the actual risk here? I will make the change ASAP.
I will also take the opportunity to say that at some point we want to do an overhaul of our authentication system (quote - unquote). We want to manage several users with different permissions. But we did not want to reinvent the wheel, so we want to maybe use an external authentication system (OAuth?). Any opinion on the way to go is welcome!
It is unsalted password hashed with general purpose, GPU-optimisable, hash function. This mean that rainbow table is all you need to find collision. The sole purpose of password hashes (like Argon2 and Bcrypt) is to make it expensive to compute without RAM (so it will not be feasible to compute that on GPU) and to force use of proper salt.
We have not tested Hercules CI. But Typhon is free software and Hercules CI is not, so for people like Lucas and I who want to deploy their own infrastructure as much as possible Hercules CI is simply not adequate.
My understanding is that the server is completely proprietary, the agent connects to it with a token that’s provided by Hercules CI. It appears that Effects are open-source though, so it could be interesting to look at them and see how they compare with Actions. Both approaches look similar, although according to the documentation effects have access to some local state, actions do not (well I guess you can do anything by using the internet, but it’s not really the spirit ^^)
We added some deployment actions, namely to push to Cachix and to GitHub pages. You can check this out in the documentation and you can take a look at typhon-self-config as an example that uses both.
We created typhon-github-action, so that you can start using Typhon’s actions without deploying your own Typhon instance.
But most importantly we opened a Zulip instance, where you can come to ask for help and where I will probably continue posting semi-regular updates like this one.
I am not sure that I will keep this thread updated unless there is some big piece of news like a first release, as I don’t want to create spam.
Thank you everyone for the feedback, and I hope I will discuss the design of Typhon with some of you on Zulip!
@Marcc The webhook system in Typhon just exposes an API endpoint for each project and passes any POST request that is sent to it to a user-defined action that can in turn send commands to Typhon to create jobsets. Thus as long as you can send POST requests from your forge, you can trigger builds automatically! (in theory… atm you’ll have to do some manual work because of Evaluation is not triggered on new jobsets · Issue #3 · typhon-ci/typhon · GitHub)
You can’t currently retreive build results via SSH, but you can expose them over HTTP! Thanks to the discrete (meaning undocumented) feature that distributes store paths from the API when passthru.typhonDist = true; is set in you job’s derivation.
Zulip seemed like a good solution to have easy access to conversation logs. I personally hate Matrix for this, just scrolling up a few messages is an awful thing to do on Element. I am open to the idea of maintaining a bridge, depending on how much work and resources it requires.
Gitea and cachix support looks great and shows how we can add forgejo and attic story!
lib.gitea.mkProject can be used with forgejo, as it is still a soft fork of gitea and is completely backwards compatible (I actually test Gitea support on codeberg.org)!
I have my complaints about matrix as well, but also don’t have a zulip account and don’t really want another chat service if I can avoid it. I think it’s important to go where the community is, and for better or worse it’s Matrix for the Nix community.
So I’ve just deployed my own typhon instance and put one of my github repository under the typhone instance as CI. However, the job always fails on evaluation. On the web interface, it just says Failure on the Nix evaluation status and I don’t really know where I should look to find out more information why the evaluation would fail. Any clue where I should take a look? By the way, the repo could be built successfully outside of typhon.