| 18 Nov 2025 |
 Zoe Z | what does nix-eval-jobs --no-instantiate actually do? | 18:21:17 |
 raitobezarius | simply not write the .drv | 18:21:45 |
| raitobezarius | it's used in Nixpkgs CI to accelerate things from what I gather | 18:22:05 |
| raitobezarius | in practice, what it does is just enable the read only mode for the store | 18:22:30 |
| raitobezarius | which means that all code that writeDerivation will perform the hash modulo calculation without touching the disk | 18:22:54 |
| raitobezarius | a bunch of performance could be obtained without that no-instantiate with ideas like https://gerrit.lix.systems/c/lix/+/4088 | 18:23:14 |
| raitobezarius | (which is completely vapourware right now) | 18:23:34 |
 Grimmauld (any/all) | i am confused. I am trying to do remote builds with an ssh sk key. nix store ping --store ssh://grimmauld.de?ssh-key=~/.ssh/id_ed25519_sk_nix_build works, but trying to use the builder with that key does not. Using a different (non-sk key) does work. The key does not have a password, and is configured as no-touch-required. Am i missing something? | 18:27:47 |
| raitobezarius | yeah | 18:28:16 |
| raitobezarius | it's the daemon that needs to access it | 18:28:20 |
| raitobezarius | so when you do your first command | 18:28:25 |
| raitobezarius | you are not going through the daemon, it works | 18:28:32 |
| raitobezarius | when you do your second command, you are going via the daemon which cannot make use of your private key material due to SSH permissions checks | 18:28:46 |
| raitobezarius | your SSH key material needs to live owned by root | 18:28:56 |
| Grimmauld (any/all) | but sk keys should work? | 18:29:34 |
| raitobezarius | it's independent to sk or not sk | 18:29:43 |
| raitobezarius | your private key material is considered insecure by SSH | 18:29:49 |
| raitobezarius | leading it not to use it for ssh connections | 18:29:54 |
| raitobezarius | cp id_ed25519_sk_nix_build in /etc/nix/id_ed25519_sk_nix_build, chown root:root on it, point your nix builder config to there and it should work | 18:30:52 |
| Grimmauld (any/all) | (thats dumb, the key is on the yubikey, unix permissions/ownership shouldn't matter at all... but oh well, not a lix issue) | 18:30:59 |
| raitobezarius | ssh is a bit dumb about this | 18:31:13 |
| raitobezarius | patches welcome to openssh | 18:31:21 |
| raitobezarius | but uhm | 18:31:23 |
| raitobezarius | we should have a doctor command for such things | 18:31:27 |
| raitobezarius | it's number 1 biggest UX cut in my nix life | 18:31:35 |
| Grimmauld (any/all) | ro /etc via overlayfs, i'll need to send it through the nix store (but thats alright, the private key isn't really private anyways) | 18:31:43 |
| raitobezarius | if you are willing to open an issue for this, that'd be great :) | 18:31:47 |
| raitobezarius | you don't have to put it in etc | 18:31:56 |
 Sofie 🏳️⚧️ (she/her) | how would one patch libreoffice?
do I patch libreoffice or libreoffice-qt6 or libreoffice-qt6-fresh?
It's just an simple regression patch
| 18:31:57 |
| raitobezarius | you can put it in var, in run, in whatever you want | 18:32:04 |
