| 28 Sep 2021 |
 @gytis-ivaskevicius:matrix.org | also not sure if you guys noticed, but the thing I wrote with toml does not contain any subflakes or anything. I was writing it with RFC92 in mind.
Its more of an idea, might be cool in the future | 18:57:07 |
 @kraftnix:matrix.org | In reply to @pachumicchu:myrdd.info
To me the advantage is readability and clarity. When I look at someone else's flake online I can see what they depend on immediately. The lockfile and json in general is harder to read. i agree, if i had to have access to a cli just to read the inputs of a flake that would massively reduce readability for me. especially when inspecting new projects, i dont always have a laptop with me.
i quite like the separation of concerns between definition of inputs and locking of revision that is currently provided by flake + lock | 21:11:59 |
 @timdeh:matrix.org | I wouldn't mind a hybrid approach either. Adding declarative inputs via the cli when convenient | 21:21:33 |
| @timdeh:matrix.org | * I wouldn't mind a hybrid approach either. Adding declarative inputs via the cli when convenient (which are then written to some inputs file, or just the existing flake.nix) | 21:21:55 |
| @kraftnix:matrix.org | one thing i did find very strange was the "hidden" interaction of the lockfile.
i.e. not having an input defined in flake.nix (or inputs of inputs), but having it defined in flake.lock (because it used to exist) and having that lockfile forever lock on a specific version. the UX of that felt very strange and expected, i would have rathered a more explicit error or warning as i had an old input (nur) for 3 months before it threw an error for a different reason which made me realise this behaviour even existed. | 21:28:01 |
| @kraftnix:matrix.org | * one thing i did find very strange was the "hidden" interaction of the lockfile.
i.e. not having an input defined in flake.nix (or inputs of inputs), but having it defined in flake.lock (because it used to exist) and having that lockfile forever lock on a specific version. the UX of that felt very strange and unexpected, i would have rathered a more explicit error or warning as i had an old input (nur) for 3 months before it threw an error for a different reason which made me realise this behaviour even existed. | 21:28:36 |
| 29 Sep 2021 |
|  @florian:web3.foundation joined the room. | 11:30:57 |
| @florian:web3.foundation | I was trying out DevOS but I hit #376 right away. It seems this was already fixed in digga but the update in #378 seem to wait for more reviewers. Currently this makes for a rather bad user experience for new users. | 11:52:20 |
|  @anderscs:matrix.org joined the room. | 13:06:53 |
| @timdeh:matrix.org | I just had bors merge #378 | 15:38:57 |
| @timdeh:matrix.org | sorry about the trouble, the follows patch should be completely removed at this point since it is now upstream | 15:39:19 |
 Pacman99 | thank you for merging that | 15:44:56 |
| Pacman99 | Also I'm going to commit a quickfix for https://github.com/divnix/digga/commit/44ae205cf72802d0271d59275fed359d5598c3d4#r57149349 to digga main | 15:45:06 |
| Pacman99 | Thank you princemachiavelli for catching that | 15:45:25 |
| Pacman99 | https://github.com/divnix/digga/commit/46c7c712d79ea627faf74739a2e89438a9d214f8 | 15:48:06 |
| @florian:web3.foundation | In reply to @timdeh:matrix.org
sorry about the trouble, the follows patch should be completely removed at this point since it is now upstream No problem, I really appricate the work you have been doing. Just thought mentioning it here might give it some more attention. | 16:56:52 |
| @florian:web3.foundation | Btw, is anybody here using a security key (e.g. yubikey, nitrokey, etc.)? It seems to me that age-nix is not really capable of ever supporting them (due to the way age works) and sops-nix would be a far better candidate. | 17:42:42 |
| Pacman99 | I thought age got support for some security key | 21:03:58 |
 David Arnold (blaggacao) | Florian | W3F - OoO Mon/Tue yeah, please keep pushing on the things you might encounter. 🙂 | 21:39:32 |
| @florian:web3.foundation | In reply to @pachumicchu:myrdd.info
I thought age got support for some security key It seems that age can indeed be used via PIV, but it has some limits, e.g. no RSA4096. | 21:51:29 |
| @florian:web3.foundation | I also just learned that sops now supports age. 😁 | 21:51:48 |
| David Arnold (blaggacao) | sops covers other use cases like secret lease that we don't want to support for devos, since the (current) scope is user machines.
And between pgp & age as the remaining options, we wanted to default to age. | 22:02:18 |
| David Arnold (blaggacao) | sops would be just an additional layer of complexity, in this case. | 22:02:45 |
| David Arnold (blaggacao) | * `sops` covers other use cases like secret lease that we don't want to support for devos, since the (current) scope is user machines.
And between pgp & age as the remaining backend options in `sops`, we wanted to default to `age`. | 22:03:41 |
| @timdeh:matrix.org | Florian | W3F - OoO Mon/Tue:
https://github.com/ryantm/agenix/pull/46 | 22:22:34 |
| @timdeh:matrix.org | It works, just have to make a slight trade off, either never require PIN or always require it. This is better than it was before where there was not even the option to not require the PIN, but it'll be more granular once work on an agent is worked out | 22:23:43 |
| 30 Sep 2021 |
| @kraftnix:matrix.org | In reply to @timdeh:matrix.org
Florian | W3F - OoO Mon/Tue:
https://github.com/ryantm/agenix/pull/46 i have been using this PR since you made it with no issues | 08:29:10 |
| @florian:web3.foundation | I am glad I asked, this is awesome. I have been working on generating Ed25519-based GPG and PIV keys from mnemonics (with the help of BIP39 dictionaries) to be used with security keys. | 08:44:28 |
| @florian:web3.foundation | A very rudimentary version can be found here: https://github.com/gliology/mind-the-gap | 08:48:31 |
| David Arnold (blaggacao) | Florian | W3F - OoO Mon/Tue very interesting! Can you make that work with age? As a general stance, I hold the opinion that we should try to further the deprecation of pgp wherever we can. | 13:51:47 |
