| 10 Nov 2025 |
 Arian | Does Hetzner do BGP any cast? | 18:11:00 |
| 11 Nov 2025 |
|  Robert Rose changed their display name from Robert Rose - 🏝️ bis 10.11.25 to Robert Rose. | 09:22:17 |
|  xentec joined the room. | 14:05:12 |
 Erik | @lillecarl:matrix.org: I didnt have enought time to check nix-csi yet, sorry | 19:32:22 |
| Erik | In reply to @lillecarl:matrix.org
I'm building my own Hetzner Kubernetes (ClusterAPI managed) cluster using some of the Nix Kubernetes tools I've been working on (nix-csi and by proxy dinix, easykubenix). The goal of the cluster is to be the cheapest shit you could possibly imagine meaning no LoadBalancers. To do this I had to write a little Python thing that creates ipaddresspools for the MetalLB(controller no speaker) to assign service IP's from the nodes externalip list. I expanded it to split the IPv6 /64 you get from Hetzner into two and assign one to services and one to pods. Anyways to deploy this Python script I used nix-csi so here's a public example of how it works
commit Since the cluster is x86 and arm I had to build the script for both x86 and arm which was no problem (nix-csi picks arch by where it's scheduled) 😄) Here's the nix-csi magic
Aye it also makes DNSEndpoint resources from the control-plane nodes IP's so I don't need an LB there either
Disclaimer: The Python script is a collaboration with AI About this, pretty amazing! | 19:32:35 |
 lillecarl | Nop | 19:59:24 |
| 12 Nov 2025 |
|  Inayet changed their display name from inayet to Inayet. | 12:38:46 |
| 13 Nov 2025 |
|  devusb joined the room. | 21:55:51 |
| 17 Nov 2025 |
|  insipx joined the room. | 01:54:18 |
| 19 Nov 2025 |
|  josqu4red joined the room. | 22:02:20 |
| 20 Nov 2025 |
|  John joined the room. | 06:09:48 |
| 22 Nov 2025 |
|  cameronraysmith joined the room. | 18:11:19 |
|  easel joined the room. | 19:10:28 |
| 24 Nov 2025 |
|  BPub joined the room. | 13:22:19 |
| BPub changed their display name from bpub to Robert. | 13:32:01 |
| BPub set a profile picture. | 13:34:23 |
|  Vinetos joined the room. | 16:50:03 |
| 4 Dec 2025 |
|  onur-ozkan joined the room. | 04:20:23 |
| 6 Dec 2025 |
|  P J joined the room. | 07:43:09 |
| 7 Dec 2025 |
|  W changed their display name from William Sewell to W. | 00:30:02 |
| 11 Dec 2025 |
|  suua joined the room. | 16:09:32 |
|  TG × ⊙ joined the room. | 19:53:02 |
| 15 Dec 2025 |
 Sandro 🐧 | Would be nice if someone could look at https://github.com/NixOS/nixpkgs/pull/427694 | 16:07:34 |
| 19 Dec 2025 |
| Arian | I dont think this does what you think it does? If a derivation could leak this information from the host builder we have a vulnerability -- not a feature | 09:58:00 |
| Arian | Oooh wait. It disables sandboxing | 09:58:08 |
| Arian | This is a terrible idea imo | 09:58:21 |
| Arian | Feels like it's way better to attach this as OCI metadata outside of nix build sandbox after doing the build | 09:59:36 |
| Arian | Leaking this into the build sandbox feels cursed | 09:59:46 |
| Arian | I really don't like this. closureInfo is already a nightmare for reproducibility and this just makes it even worse ._. | 10:03:18 |
| Arian | Though maybe a generic mechanism for this *is* useful. I guess our ISO images have the same issue of shipping nix store paths without provenance information | 10:04:05 |
