| 1 Dec 2021 |
 @ultranix:matrix.org | ah, ok. thanks for the info | 23:48:15 |
 David Arnold (blaggacao) | Download 0001-Fix-parent-path-check-boundary.patch | 23:53:32 |
| David Arnold (blaggacao) | ^^ we're going back to the roots & traditional again 😄 | 23:54:20 |
| David Arnold (blaggacao) | Who said people couldn't live happy lives 200 years ago? 😸 | 23:54:44 |
| @ultranix:matrix.org | it works, thank you Pacman99 ! | 23:55:09 |
| @ultranix:matrix.org | In reply to @blaggacao:matrix.org
sent a file. what's this for? | 23:55:37 |
 Pacman99 | We should update secrets.md in devos then | 23:55:48 |
| @ultranix:matrix.org | well, stable would still look for /run/secrets i suppose | 23:56:47 |
| Pacman99 | Ohh true, yeah I'm not sure if theres anything we can do then | 23:57:15 |
| Pacman99 | update agenix I guess then switch secrets.md | 23:57:28 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
what's this for? revert https://github.com/divnix/digga/commit/9c5115fa6143f51851f58055f0e2ecb9253ff15d | 23:58:22 |
| David Arnold (blaggacao) | ^^ this breaks the inner local check-feedback-loop. | 23:58:53 |
| 2 Dec 2021 |
| @ultranix:matrix.org | ah | 00:06:07 |
| @ultranix:matrix.org | i never liked the idea of subflakes anyways, is that widely used somewhere else? | 00:06:26 |
| @ultranix:matrix.org | its understandable for the examples part though | 00:06:44 |
| @ultranix:matrix.org | by the way, i still found a lot of use for git-crypt. I use it to encrypt secrets in public repositories | 00:12:34 |
| @ultranix:matrix.org | i could not figure out how to do that with the agenix replacement | 00:12:45 |
| @ultranix:matrix.org | stringPassword = "${builtins.readFile ./secrets/password}" | 00:13:27 |
| @ultranix:matrix.org | agenix only works for deployment keys | 00:13:47 |
| @ultranix:matrix.org | afaict, it doesnt work well otherwise | 00:14:07 |
| @ultranix:matrix.org | * by the way, i still found a lot of use for git-crypt. I use it to encrypt string secrets in public repositories | 00:16:22 |
| @ultranix:matrix.org | i dont see any other way to do it though. i wish i could not involve a gpg private key; one ssh key is much simpler to use | 00:22:08 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
i never liked the idea of subflakes anyways, is that widely used somewhere else? At the very least it is a way of placing multiple flake-guarantees-backed interfaces into a big project, such as you can't break (../../) out of the flake boundary. that's actually nice if you are task with auditing a big chunk of nix code. | 00:46:21 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
stringPassword = "${builtins.readFile ./secrets/password}" that looks like you try to manipulate secrets ahead of their final use? or is it conceptually that you wanna use them in some sort of local script? | 00:47:56 |
| David Arnold (blaggacao) | I'm trying to figure out the bigger / biggest picture. | 00:49:30 |
| Pacman99 | In reply to @ultranix:matrix.org
stringPassword = "${builtins.readFile ./secrets/password}" Well if you are doing something like this, I'm pretty sure that secret will end up in the nix store at some point | 00:50:39 |
| @ultranix:matrix.org | In reply to @pachumicchu:myrdd.info
Well if you are doing something like this, I'm pretty sure that secret will end up in the nix store at some point that doesnt matter. i use it to encrypt location.latitude or location.longitude etc, things that are of personal information for pseudonyms etc | 01:30:13 |
| @ultranix:matrix.org | but also, there's a lot of configuration ini's that still use string keys within config files | 01:30:46 |
| @ultranix:matrix.org | and i'm not sure that can change? | 01:31:14 |
| Pacman99 | In reply to @ultranix:matrix.org
but also, there's a lot of configuration ini's that still use string keys within config files Thats where I think envsubst is really useful and I've seen a lot of services integrate it | 01:31:45 |
