| 24 Nov 2025 |
|  BPub set a profile picture. | 13:34:23 |
|  Vinetos joined the room. | 16:50:03 |
| 4 Dec 2025 |
|  onur-ozkan joined the room. | 04:20:23 |
| 6 Dec 2025 |
|  P J joined the room. | 07:43:09 |
| 7 Dec 2025 |
|  W changed their display name from William Sewell to W. | 00:30:02 |
| 11 Dec 2025 |
|  suua joined the room. | 16:09:32 |
|  TG × ⊙ joined the room. | 19:53:02 |
| 15 Dec 2025 |
 Sandro 🐧 | Would be nice if someone could look at https://github.com/NixOS/nixpkgs/pull/427694 | 16:07:34 |
| 19 Dec 2025 |
 Arian | I dont think this does what you think it does? If a derivation could leak this information from the host builder we have a vulnerability -- not a feature | 09:58:00 |
| Arian | Oooh wait. It disables sandboxing | 09:58:08 |
| Arian | This is a terrible idea imo | 09:58:21 |
| Arian | Feels like it's way better to attach this as OCI metadata outside of nix build sandbox after doing the build | 09:59:36 |
| Arian | Leaking this into the build sandbox feels cursed | 09:59:46 |
| Arian | I really don't like this. closureInfo is already a nightmare for reproducibility and this just makes it even worse ._. | 10:03:18 |
| Arian | Though maybe a generic mechanism for this *is* useful. I guess our ISO images have the same issue of shipping nix store paths without provenance information | 10:04:05 |
| Arian | And all the store paths in it are "ultimately" trusted | 10:04:28 |
|  Frédéric Christ changed their display name from Frédéric Christ to Frédéric Christ (back on 02.01.). | 15:15:32 |
| Sandro 🐧 | Please write feedback into the PR, please 🙈 | 17:05:49 |
| 22 Dec 2025 |
|  n joined the room. | 06:23:43 |
|  @cinerealkiara:matrix.org left the room. | 11:10:05 |
| 27 Dec 2025 |
|  xentec changed their display name from xentec to xentec | metal1nk@39c3. | 22:47:00 |
| 28 Dec 2025 |
|  kalbasit joined the room. | 05:54:37 |
| kalbasit | lillecarl: How does easykubenix compare with nixidy? | 06:14:49 |
 lillecarl | @kalbasit:matrix.org nixidy is a more complete deployment solution. easykubenix should be compared to "kubenix" which nixidy uses to render manifests. My intention is to maybesoonishsoleday™️ make easykubenix compatible with nixidy as "easyApplication" or something. I don't like kubenix codegen. | 16:14:30 |
| kalbasit | Got it, makes sense | 19:43:40 |
| kalbasit | lillecarl: I do have another question: Do you recommend a solution for remote builds on Kubernetes? I have a cluster running on bare metal and I want to leverage for remote builds instead of using my old laptop for that. | 19:44:32 |
| lillecarl | @kalbasit:matrix.org nix-csi enables you to tag nodes as builders, it's pretty barely tested but it works. It completely bypasses resourc constraints.
It works by using the in-cluster cache pod as SSH jump box into the nodes which can run builds.
It'll be developed further :)
| 19:48:37 |
| kalbasit | Do you have a manifest (yaml) I can use to give it a try; sort of a demo or whatever you have on your end?
| 19:49:29 |
| lillecarl | I'll get back to you about that :) | 20:00:31 |
| 29 Dec 2025 |
| kalbasit | Happy holidays btw! | 01:40:54 |
