| 15 Jul 2025 |
 Daniel Ramos | I'm seeing sops being used for declaring secrets: https://discourse.nixos.org/t/k3s-clusters-and-deployments-in-pure-nix/61794#p-205785-deploy-secrets-6
Then.. can I suppose that my approach with agenix is safe?
| 16:59:37 |
| Daniel Ramos | * I'm seeing sops being used for declaring secrets at the docs: https://discourse.nixos.org/t/k3s-clusters-and-deployments-in-pure-nix/61794#p-205785-deploy-secrets-6
Then.. can I suppose that my approach with agenix is safe?
| 16:59:57 |
 Zhaofeng Li |
Then.. can I suppose that my approach with agenix is safe?
No, your secrets will end up in the store
| 17:11:53 |
| Zhaofeng Li | (which might be acceptable depending on your risk model) | 17:12:13 |
 n4ch723hr3r | i'd still caution against it since you might set up a cache in the future for example and accidentialy upload some credentials | 17:18:13 |
| Zhaofeng Li | but I guess the more important issue is that reading config.age.secrets.x.path is semantically incorrect | 17:18:37 |
| Zhaofeng Li | (the path is on the target host after activation, not your host running the evaluation) | 17:18:41 |
| Daniel Ramos | I guess I'm going with sealed secrets in the end. | 17:19:00 |
| Daniel Ramos | thanks for the help π«Άπ½ | 17:19:08 |
| Daniel Ramos | Another question: does anyone know if it's possible to inject helm chart values via YAML? reading the docs, it seems that it only supports nix attribute sets? | 20:08:19 |
| Daniel Ramos | (sorry, I don't know if this is the right channel for this kind of questions) | 20:26:05 |
| Zhaofeng Li | Doesn't look easy, but you could use a derivation to parse yaml into json and then read it from Nix (import from derivation). But anyways, personally I don't like the HelmChart CRD in k3s and render everything locally so I can easily patch and check diffs before applying. I've been having fun with tanka which I recently switched to from kustomize | 20:40:34 |
| Zhaofeng Li | You don't have to use nix and k3s all the way, and half-baked abstractions can be counterproductive | 20:41:34 |
| Zhaofeng Li | Actually, you could just bypass the NixOS module altogether and emit your own HelmChart resource with valuesContent containing the yaml. But still, I personally don't use it | 20:43:36 |
|  iv3n0 joined the room. | 21:17:59 |
|  Chris Norman joined the room. | 22:53:23 |
|  0xcafca joined the room. | 23:06:20 |
| 16 Jul 2025 |
|  cods joined the room. | 13:47:27 |
| 17 Jul 2025 |
|  @imadalin:matrix.org left the room. | 16:14:55 |
| 18 Jul 2025 |
|  @dmjio:matrix.org set a profile picture. | 00:21:19 |
|  @nyxvectar:matrix.org changed their display name from Nyxvectar to Nyxvectar Yan. | 09:55:16 |
|  Sandro π§ joined the room. | 12:29:06 |
|  @haauler:matrix.org joined the room. | 14:22:45 |
|  @jonhermansen:matrix.org left the room. | 15:01:35 |
|  @dakammy:matrix.org joined the room. | 17:01:13 |
| @dakammy:matrix.org left the room. | 17:03:11 |
| 19 Jul 2025 |
|  mrdev023 joined the room. | 10:29:51 |
| mrdev023 | Hi everyone,
I want continue this package https://github.com/NixOS/nixpkgs/pull/170443 but i newbie about FHS management.
Here https://github.com/mrdev023/nixpkgs/commit/f4fc41b9498c455b5ebc3a50163f29b38a27acf4#diff-091e9b8c02fccb9fc7059db6a16c5f22a00e88427b29749bd917bdeadc785ac3R10 i got this error error: path '/nix/store/h8ya86bfricd2vkm2mr7gfbyig0yf727-source/pkgs/build-support/build-fhs-userenv/chrootenv' does not exist
What's the recommended solution to replace this ?
| 10:34:21 |
 [0x4A6F] | Hey, better look into the #gaming:nixos.org channel or the general channel. This is for deployment tools. | 10:51:22 |
| mrdev023 | Okay thx | 10:52:15 |
