| 7 Feb 2025 |
 @elvishjerricco:matrix.org | sure | 17:58:54 |
| @elvishjerricco:matrix.org | but if upstream defaults to true, then we need to disable it in stage 1, right? | 17:59:41 |
 Arian | if stage-1 doesn’t have auditing enabled (doesn’t ship auditd; and also journald doesn’t enable it) then the audit logs will just buffer in ak ernel buffer | 17:59:44 |
| Arian | yeh good point. but I don’t think we ship the socket in stage-1 which means the whole functionality is disabled | 18:00:03 |
| @elvishjerricco:matrix.org | ah ok that'll do then | 18:00:15 |
| Arian | I can fix that too; but then will also have to default Audit=null in the stage-1 kernel config | 18:00:29 |
| @elvishjerricco:matrix.org | yea best leave stage 1 out of it entirely if we can | 18:00:45 |
| Arian | how is the stage-1 journal configured anyway? if at all? | 18:00:50 |
| @elvishjerricco:matrix.org | it's not :P | 18:00:56 |
| Arian | then I suggest we just don’t ship the socket in stage-1 | 18:01:11 |
| @elvishjerricco:matrix.org | though I think there's an open issue about maybe duplicating the stage 2 config in stage 1 | 18:01:15 |
| Arian | (which I think is already the case today?) | 18:01:30 |
| @elvishjerricco:matrix.org | Yea, I think we currently don't ship that socket and I agree we probably shouldn't | 18:01:47 |
| @elvishjerricco:matrix.org | so no action required, it seems | 18:02:15 |
| Arian | good callout though | 18:02:24 |
|  terrorjack joined the room. | 22:46:14 |
| 8 Feb 2025 |
| terrorjack set a profile picture. | 02:24:25 |
| terrorjack removed their profile picture. | 02:24:59 |
|  @marcel:envs.net joined the room. | 20:27:51 |
| 9 Feb 2025 |
|  infowski joined the room. | 22:34:51 |
|  @tired:fairydust.space left the room. | 22:50:18 |
| 11 Feb 2025 |
| Arian | hmm I wanna try to get systemd-vmspawn work | 11:57:38 |
| Arian | it looks for firmware config in /usr/share/qemu/firmware and /etc/qemu/firmware
which obviously doesn’t work. but I have two options here:
- Make it in NixOS config to re-expose ${qemu}/share/qemu to /etc/qemu
- Patch systemd and add a dependency on qemu
| 11:59:20 |
| Arian | option 1 seems better right? it’s calling qemu as a binary — it just needs to be able to discover the configs shipped with qemu | 11:59:45 |
| @elvishjerricco:matrix.org | Depends on if you want to use this within the nix build sandbox, I guess | 12:02:01 |
 K900 | Can you not give it a firmware at runtime? | 12:02:08 |
| K900 | Also IIRC libvirt does something like that already with /run/libvirt/firmware | 12:03:00 |
| K900 | So maybe there should be one standard place for that | 12:03:10 |
| Arian | yeh there’s a —firmware argumentb | 12:03:41 |
| Arian | but by default it points to /etc/qemu/firmware | 12:03:50 |
