Re: [Nix-dev] nix-daemon and private git repos

2017-07-06 Thread Harmen via nix-dev
On Tue, Jul 04, 2017 at 08:10:09PM +, zimbatm wrote: Thanks for the suggestions. I took away from this that it's best to not have Nix deal with the checkouts. For now I'll keep things as separate repos, to keep things easier. Eventually I would like to go to one pkgs tree for all repos, but

Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread zimbatm
Yes, the source is part of the build input and is uploaded to the worker to run the build. On Tue, 4 Jul 2017, 17:46 Tomas Hlavaty, wrote: > On Tue 04 Jul 2017 at 13:49, "Alexander V. Nikolaev" > wrote: > > On Mon, Jul 03, 2017 at 03:19:31PM

Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread Tomas Hlavaty
On Tue 04 Jul 2017 at 13:49, "Alexander V. Nikolaev" wrote: > On Mon, Jul 03, 2017 at 03:19:31PM +0200, Harmen wrote: > > I have `fetchgitCustom` expression, which can use pre-seeded "deploy" > keys (but with some security implications -- because key is > world-readable). It

Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread Alexander V. Nikolaev
On Mon, Jul 03, 2017 at 03:19:31PM +0200, Harmen wrote: I have `fetchgitCustom` expression, which can use pre-seeded "deploy" keys (but with some security implications -- because key is world-readable). It works with sandbox builds, and should work with hydra as well. If anyone interesting in

Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread Tomas Hlavaty
Hi Harmen, On Mon 03 Jul 2017 at 15:19, Harmen wrote: > I can't be the first to want to use fetchgitPrivate with a sandboxed > nix-daemon. Any experiences or tips? I had it working but there are several cases which needs extra setup that I recommend to avoid fetchgitPrivate

Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread Tomas Hlavaty
On Mon 03 Jul 2017 at 15:38, Harmen wrote: > On Mon, Jul 03, 2017 at 03:27:34PM +0200, Tomas Hlavaty wrote: >> Hi Harmen, >> >> On Mon 03 Jul 2017 at 15:19, Harmen wrote: >> > I can't be the first to want to use fetchgitPrivate with a sandboxed >> >

Re: [Nix-dev] nix-daemon and private git repos

2017-07-03 Thread Harmen
On Mon, Jul 03, 2017 at 03:27:34PM +0200, Tomas Hlavaty wrote: > Hi Harmen, > > On Mon 03 Jul 2017 at 15:19, Harmen wrote: > > I can't be the first to want to use fetchgitPrivate with a sandboxed > > nix-daemon. Any experiences or tips? > > I had it working but there are

Re: [Nix-dev] nix-daemon and private git repos

2017-07-03 Thread Tomasz Czyż
You don't need to know the user itself I think, you could share it with nixbld group (probably). Also, I think this way recommends to use ssh-agent as far as I remember looking at that (but could changed). What I did for one project was: 337 fetchgitPrivate = (args: derivation