12 Jul 2021 |
@gtrunsec:matrix.org | it works for me | 19:59:17 |
David Arnold (blaggacao) | In reply to @citadelcore:nixos.dev Excuse me for going a little bit "off-topic", but I think some of you here may find this interesting - for the past several months I've been working on a framework very heavily inspired by DevOS (and retaining a very similar folder/configuration structure), oriented more towards enterprise/high-complexity configurations. I'd be interested to know what you all think - I believe there are definitely some lessons that could be learnt on either side as far as best practices go :) https://github.com/ArctarusLimited/KuiserOS This is exciting, I have had a similar use case which is why I got involved in devos in the first place. I do plan to retake kubenix at some point (when nixos-vm test refactoring progresses), so that we can bridge access to the kubernetes packaged applications, which there are a lot of in the enterprise world, so that we can combine best of both worlds. | 20:03:56 |
Alex Zero | That's really interesting! As a matter of fact I'm actually working on integrating kubernetes support into the kuiseros repo currently - and I'm probably going to end up using kubenix with the cluster | 20:06:30 |
Alex Zero | Kubernetes support is already present in nixpkgs of course - but I'm leveraging the repo logic for some cool stuff, like Calico for CNI and certificate issuance from Vault | 20:08:23 |
Alex Zero | I built a mechanism for configuring and deploying Vault keys that is currently in the process of being upstreamed - but the repo provides additional tools to actually deploy the approles to the nodes | 20:09:24 |
David Arnold (blaggacao) | I've been bulding something with SPIFFE/Spire for workload attestation and full mTLS with rotating certificates every 5 mins. It will be seom work to put all the puzzles in place, though. I think we have some sort of consensus that we need to stabilize devos in the short term, maybe produce a 1.0 and then take on form there. | 20:11:27 |
David Arnold (blaggacao) | Thank you for your work on the follows issue! I very much appreciate it! | 20:12:20 |
David Arnold (blaggacao) | * I've been bulding something with SPIFFE/Spire for workload attestation and full mTLS with rotating certificates every 5 mins. It will be some work to put all the puzzles in place, though. I think we have some sort of consensus that we need to stabilize devos in the short term, maybe produce a 1.0 and then take on form there. | 20:12:46 |
Alex Zero | No problem! It was pretty much a necessity in order to get my flake setup working, lol. | 20:13:04 |
David Arnold (blaggacao) | This PR was my secret ally 🤣 | 20:14:03 |
David Arnold (blaggacao) | * This PR was my secret ally for testing your branch 🤣 | 20:14:22 |
Alex Zero | Hahaha, can definitely see that | 20:15:10 |
Alex Zero | Right know with kubernetes I'm just working on stabilising the configuration with a single-node cluster (with Calico). Next step after that will be a 6-node with 3 Ceph storage servers, so it's gonna get interesting | 20:17:38 |
Alex Zero | * Right now with kubernetes I'm just working on stabilising the configuration with a single-node cluster (with Calico). Next step after that will be a 6-node with 3 Ceph storage servers, so it's gonna get interesting | 20:17:47 |
David Arnold (blaggacao) | In reply to @citadelcore:nixos.dev Right now with kubernetes I'm just working on stabilising the configuration with a single-node cluster (with Calico). Next step after that will be a 6-node with 3 Ceph storage servers, so it's gonna get interesting Have a look at https://longhorn.io/ | 20:18:18 |
David Arnold (blaggacao) | In reply to @citadelcore:nixos.dev Right now with kubernetes I'm just working on stabilising the configuration with a single-node cluster (with Calico). Next step after that will be a 6-node with 3 Ceph storage servers, so it's gonna get interesting * Have a look at https://longhorn.io/ -- I came to the conclusion it's probably the best persistence layer available right now. And I also trust the Rancher guys for their snout for innovation. | 20:19:09 |
Alex Zero | Huh interesting, I will be sure to check it out! | 20:19:27 |
David Arnold (blaggacao) | I'm planning to do a k3os based on nix on the basis of not-os if I have time. | 20:19:59 |
Alex Zero | Never heard of k3os before but looking at it now it certainly seems nice | 20:21:09 |
David Arnold (blaggacao) | But first, let's make devos /kuiseros stable 🤣🚀 | 20:21:34 |
Alex Zero | Yeah, lol. Definitely an important task :) | 20:22:05 |
David Arnold (blaggacao) | Make sure to check out https://github.com/divnix/digga/ & https://github.com/divnix/bud/ which are kind of the new powerhouses behind devos | 20:23:05 |
Alex Zero | Will do! I'll be honest, when I first started my project it was back in the nixflk days, lol | 20:24:22 |
Alex Zero | A lot has changed since then | 20:24:33 |
David Arnold (blaggacao) | I think what happened thereafter was pure telepathy 😄 | 20:24:52 |
David Arnold (blaggacao) | * I think what happened thereafter was pure telepathy 😄 (we end up with the same follows issue) | 20:25:39 |
Alex Zero | Yep, lol. I'm kind of a perfectionist and didn't want to use any kind of hacky solution, so naturally I just went, and fixed it | 20:26:17 |
Alex Zero | I will say the code is very confusing, many sleepless nights were spent on understanding how flake.cc actually worked | 20:26:45 |
@timdeh:matrix.org | Nix's codebase is a bit intractable 😅 | 21:30:34 |
@gtrunsec:matrix.org | David Arnold: what do you think about this https://github.com/pogobanane/lambda-pirate? | 21:45:37 |