| 30 Dec 2025 |
 lillecarl | https://github.com/Lillecarl/lix/commit/9ac72bbd0c7802ca83a907d1fec135f31aab6d24 this is the patch for registrationTime repurposed as "last needed time" :) | 16:10:13 |
| 4 Jan 2026 |
|  xentec changed their display name from xentec | metal1nk@39c3 to xentec. | 03:27:24 |
| 5 Jan 2026 |
|  Frédéric Christ (old) changed their display name from Frédéric Christ (back on 02.01.) to Frédéric Christ. | 09:38:41 |
| 10 Jan 2026 |
| lillecarl | kalbasit: I've hit a limitation to running the builds in Kubernetes: Either you run privileged or you disable the sandbox. I added an option that easily configures these settings in tandem for the builders but it doesn't seem to be reasonable to work around. There's user namespaces but they require node configuration which I've banned from nix-csi (it must be deployable everywhere).
Other than that it's chugging along nicely 😄
| 18:17:01 |
| lillecarl | * kalbasit: I've hit a limitation to running the builds in Kubernetes: Either you run privileged or you disable the sandbox. I added an option that easily configures these settings in tandem for the builders because it doesn't seem to be reasonable to work around. There's user namespaces but they require node configuration which I've banned from nix-csi (it must be deployable everywhere).
Other than that it's chugging along nicely 😄
| 23:50:38 |
| 11 Jan 2026 |
|  ivan joined the room. | 01:44:53 |
| 12 Jan 2026 |
|  jimmie joined the room. | 08:05:53 |
| jimmie set a profile picture. | 08:12:25 |
| jimmie changed their display name from zigzen to jimmie. | 08:12:39 |
|  jappie joined the room. | 17:28:21 |
| 14 Jan 2026 |
| lillecarl | kalbasit: Hey you're the ncps guy, nice! I've been wondering why ncps makes it mandatory to re-sign packages rather than serving the key we all already trust? 😄 | 10:45:59 |
|  BPub changed their display name from Robert to BPub. | 18:49:26 |
| 22 Jan 2026 |
|  Astro changed their display name from Astro to Moved to: @astro:c3d2.de. | 21:39:08 |
| 23 Jan 2026 |
 kalbasit | Yep that is me haha. There's a flag to turn it off. --cache-sign-narinfo=false The flag exists to allow you to use ncps only in your binary cache configuration so you don't have to configure every client you have to trust every upstream cache you configure ncps with; Not to mention that ncps does allow to push nars to it directly. | 02:10:25 |
| kalbasit | https://docs.ncps.dev/user-guide/configuration/reference#security-amp-signing
fyi I'm aware the website template sucks, on my list to improve. | 02:10:56 |
| kalbasit | for instance, all of my hosts have only ncps as binary cache (along with cache.nixos.org default) but my ncps is configured to trust the nix-community among other (about 4) upstream servers. does that make sense? | 02:13:42 |
| lillecarl | fwiw I don't mind the site at all except where line breaks are broken.
Thanks for the answer, that ncps allows pushing NARs it's a given to add keys. Resigning to act as an intermediary trust makes sense too.
I'm gonna test-integrate ncps into nix-csi. I don't wanna do a drive-by but here's a drive-by: did you consitered basic auth for both RO and RW operations (htpasswd)? The current nix-csi cache can be LB served to be used both internally and externally | 05:58:56 |
| lillecarl | kalbasit: Forgot to tag you 😄 | 05:59:42 |
| kalbasit | I did consider authentication but given it's still v0.x I'm trying to focus on the main functionality leaving the authentication to be handled by a reverse proxy or something. At some point, I need to consider authentication mechanism (basic auth, tokens, api keys, etc..) I'm not sure yet. | 06:52:17 |
| lillecarl | kalbasit: Fair, I wish I had such discipline! nix-csi originally: mount closures, nix-csi now: mount closures + storepaths in podspec, integrated LRU cache (patched Nix), distributed building (really just "query apiserver and make "machines" file). | 07:02:51 |
| lillecarl | kalbasit: ncps deployed with nix-csi and easykubenix what do you think? 😄 | 09:11:20 |
| kalbasit | Nice! I like how you're migrate the db before startup everytime, replicates my helm chart. Be aware of https://github.com/kalbasit/ncps/issues/623 I will probably release tomorrow, not a good idea to release at 1AM 🙂 | 09:16:37 |
|  spinus joined the room. | 12:27:08 |
|  @speartooth-shark:matrix.org joined the room. | 16:52:02 |
| @speartooth-shark:matrix.org left the room. | 17:00:01 |
| 29 Jan 2026 |
|  sportshead joined the room. | 20:18:39 |
| 30 Jan 2026 |
|  Deep Rest joined the room. | 09:38:52 |
|  TheSN joined the room. | 12:17:54 |
| lillecarl changed their profile picture. | 22:28:02 |
| 1 Feb 2026 |
|  Fernando Rodrigues changed their display name from SigmaSquadron to Fernando Rodrigues. | 10:42:12 |
