| 21 Dec 2025 |
 jakehamilton | In reply to @sofiedotcafe:matrix.org
@jakehamilton:auxolotl.org do you have an example of Nilla but with agenix or similar? Ah I don't, I am not a fan of agenix and other existing secret solutions due to the manual work required :( | 01:19:08 |
 Acid Bong | In reply to @sofiedotcafe:matrix.org
@jakehamilton:auxolotl.org do you have an example of Nilla but with agenix or similar? Nilla is just a Nix entry point system, like flakes, while Agenix and such live within NixOS | 03:34:10 |
| Acid Bong | i think you should be able to use agenix or sops-nix regardless whether your NixOS is behind flakes, colmena and/or nilla | 03:35:57 |
 piegames | Beta test the next npins release now: https://github.com/andir/npins/pull/185 | 13:21:37 |
 Sofie 🏳️⚧️ (she/her) | I mean, agree :3 | 13:35:18 |
| Sofie 🏳️⚧️ (she/her) | we really do need a better tool | 13:35:33 |
| Acid Bong | In reply to @jakehamilton:auxolotl.org
Ah I don't, I am not a fan of agenix and other existing secret solutions due to the manual work required :( what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? | 13:49:40 |
| jakehamilton | In reply to @acidbong:envs.net
what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? Rekeying, managing keys for different machines, etc. There are still quite a few manual steps which I feel like shouldn't be necessary. | 13:52:18 |
| jakehamilton | Plus the issue of secrets being checked into git (even if encrypted). I think we can do better than that as well. | 13:53:04 |
 tc424 (Steve D) | Added npins add container, which allows pinning OCI containers
Ooooooooh ... | 13:54:11 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
Added npins add container, which allows pinning OCI containers
Ooooooooh ... I wonder if this is specific to container images or if any artifact on an OCI registry can be pinned this way. Helm charts, for example! | 13:56:32 |
| tc424 (Steve D) | I'm currently skimming it - https://github.com/andir/npins/pull/145/files | 13:57:04 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
I'm currently skimming it - https://github.com/andir/npins/pull/145/files Same, seems to call out to nix-prefetch-docker | 13:57:49 |
| jakehamilton | https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/nix-prefetch-docker | 13:58:09 |
| tc424 (Steve D) | yeah, which is something else I didn't know existed :) | 13:59:29 |
| tc424 (Steve D) | and that uses skopeo | 13:59:42 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
and that uses skopeo Was just about to say the same. I think it should just work for any artifact then? | 14:00:02 |
| tc424 (Steve D) | Not sure, but even if it doesn't, it feels like it shouldn't be too complex to add | 14:00:47 |
| tc424 (Steve D) | Anyway, I've been using an ancient static binary of docker-lock, will be nice to be able to use something more modern :) | 14:02:00 |
| Sofie 🏳️⚧️ (she/her) | Nix is nice since I can just quickly spin up a production ready dev environment on my grandparents desktop because I forgot my laptop | 14:10:46 |
| Sofie 🏳️⚧️ (she/her) | Using WSL :3 | 14:10:53 |
| Sofie 🏳️⚧️ (she/her) | * | 14:11:14 |
 jlc | Heya- For mounting SMB shares using cifs, is the "nofail" option relevant like when declaring mounts for physical drives? | 16:25:49 |
| jlc | (looks like the answer is yes - editing the wiki to say as much rn) | 17:06:29 |
 whispers (it/fae) | i feel like this is a reasonable question that we should know the answer to, but i don't, so: if you hand it a big bold graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:55:48 |
| whispers (it/fae) | * i feel like this is a reasonable question that i should know the answer to, but i don't, so: if you hand it a big build graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:56:29 |
| whispers (it/fae) | * out of curiosity, if you hand it a big build graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:59:31 |
| 22 Dec 2025 |
 emily | I don't think it tries to do anything smart at all | 00:06:03 |
| emily | just picks stuff it can build and builds it until it's out of slots | 00:06:22 |
| emily | certainly Hydra isn't smart about it at all | 00:06:44 |
