| 24 Apr 2023 |
 phaer | In reply to @0x4a6f:matrix.org
#matrix-suggestions:nixos.org and #matrix-discussion:nixos.org are the place to be. Wait, I thought #matrix-suggestions:nixos.org was for Rooms inside the official Nixos space on Matrix? While #community-rooms:nixos.org says it isn't managed by the foundation? So i believe those are two differently administered orgs, github.com/nixos and github.com/nix-community respectively? | 07:53:55 |
 zowoq | "Rooms about Nix which aren't administered by the Nix Foundation." | 08:30:20 |
| zowoq | This just means that the rooms are controlled by the maintainers of the corresponding projects instead of the foundation admins. | 08:30:24 |
| zowoq | The rooms are still under the nixos space, nix-community doesn't administer them. | 08:30:35 |
| zowoq | * The rooms are still under the nixos foundation space, nix-community doesn't administer them. | 08:30:49 |
| phaer | 
Download image.png | 08:38:10 |
| phaer | Thanks, got that wrong. Names can be quite confusing around the nix ecosystems ;) | 08:38:13 |
| Jitsi widget added by  Jonas Chevalier | 11:48:15 |
| Jitsi widget removed by Jonas Chevalier | 11:48:21 |
| 25 Apr 2023 |
| zowoq | cole-h grahamc (he/him) Looks like the machine that the pipeline runs on is down? | 00:38:39 |
| zowoq | https://buildkite.com/grahamc/nix-community-aarch64-build-box | 00:38:43 |
| 26 Apr 2023 |
|  Yuddite G changed their display name from Yuddite Pilot to Yuddite Groyper. | 04:49:13 |
|  @lotte:chir.rs changed their profile picture. | 07:54:03 |
 ottidmes | Would it be possible for me to move https://github.com/msteen/nixos-vscode-server to nix-community? I made it just for fun, but hardly use it myself, and I have a lot of other things I want to spend my time on, so I feel like I cannot give it the attention it deserves. Yet I know some people really depend on it, so I don't just want to abandon it. | 09:40:49 |
| zowoq | ottidmes: I've sent you an invite to the nix-community org, should let you transfer the repo. | 09:56:16 |
| ottidmes | Thanks! | 09:57:34 |
| ottidmes | Do I need to make a fork, so that it won't break existing URLs, or does Github do redirects? | 10:01:23 |
| zowoq | GitHub should handle the redirects. | 10:03:46 |
| ottidmes | Good to know! | 10:11:14 |
| ottidmes | I am now going to make a Discourse post, hoping to find more maintainers | 10:11:56 |
| Yuddite G changed their display name from Yuddite Groyper to Yuddite G. | 21:02:20 |
| 27 Apr 2023 |
 @adtya:adtya.xyz | I've just noticed that all the symlinks created by home-manager pointing to files in the store which are owned by root:root and are rwxrwxrwx. is that how it's supposed to be? I never noticed this before | 08:04:31 |
| @adtya:adtya.xyz | * I've just noticed that all the symlinks created by home-manager are pointing to files in the store which are owned by root:root and are rwxrwxrwx. is that how it's supposed to be? I never noticed this before | 08:04:45 |
| @adtya:adtya.xyz | * I've just noticed that all the symlinks created by home-manager are pointing to files in the store which are owned by root:root and are rwxrwxrwx. is that how it's supposed to be? shouldn't the files be owned by the respective user? I never noticed this before | 08:05:14 |
 CyntheticFox | In reply to @adtya:adtya.xyz
I've just noticed that all the symlinks created by home-manager are pointing to files in the store which are owned by root:root and are rwxrwxrwx. is that how it's supposed to be? shouldn't the files be owned by the respective user? I never noticed this before Nix is pretty much built on removing per-user restrictions (running user is a type of undefined build input), so home-manager inherits that property by being built on it (I think the linked files are rwxr-xr-x though). In general, if you're worried about other users modifying the data, the file would be considered "sensitive", so you'll have to try to encrypt it to be safe.
There are some tools like sops-nix that achieve this at an OS level in NixOS by encrypting the files and relying on external keys, but those keys need to be on an encrypted drive to be secure. Trying to achieve this at a user level typically is done by hooking into the system PAM modules to pass your login password to some secrets-manager like gnome-keyring or pass-secret-service, or using an encrypting filesystem like ecryptfs or however systemd-homed does it | 11:47:47 |
| CyntheticFox | I'm not sure though if there's any good NixOS module support for anything beyond unlocking gnome-keyring, but I also dont keep up with unstable very well | 11:49:33 |
| @adtya:adtya.xyz | I'm not worried about anyone else modifying the files. It's on my laptop and the disk is encrypted. it's just that seeing files in the user home directory owned by root seemed weird. it's not an issue though, since all these files are managed by home-manager so they won't be touched by anything else | 12:18:18 |
| @adtya:adtya.xyz | * I'm not worried about anyone else modifying the files. It's on my laptop and the disk is encrypted. it's just that seeing files in the user home directory owned by root seemed weird. it's not an issue either, since all these files are managed by home-manager so they won't be touched by anything else | 12:18:30 |
| @adtya:adtya.xyz | the only "secrets" that i have are the user passwords, though they're encrypted with git-crypt before pushing to git. all other secrets are read from gnome-keyring on runtime | 12:21:34 |
|  @eisfunke:eisfunke.com joined the room. | 15:21:32 |
