| 3 Jan 2024 |
 hexa | aye | 14:06:50 |
| hexa | although, maybe not | 14:06:55 |
| hexa | that only works for groups that can write to nixpkgs | 14:07:08 |
 adamcstephens | the entire group needs write access? or just individuals in it | 14:07:37 |
| hexa | the group needs to have nixpkgs committers as a parent | 14:07:49 |
| adamcstephens | ahh | 14:08:01 |
| adamcstephens | not all of our members are committers | 14:08:06 |
| hexa | yeah, the only team that has this relationship is the security team I think | 14:08:23 |
| adamcstephens | and maybe systemd? | 14:09:08 |
| adamcstephens | or their notifications don't work | 14:09:16 |
| hexa | yeah, possibly | 14:09:55 |
| 16 Jan 2024 |
|  sysedwinistrator joined the room. | 11:37:11 |
| 17 Jan 2024 |
 aanderse | does anyone remember why the `systemd` `LoadCredential` is disabled on LXC? i think that is an upstream thing... anyone remember why? | 19:30:18 |
| hexa | disabled where? | 20:03:24 |
| hexa | * aanderse: disabled where? | 20:08:30 |
| aanderse | nixos/modules/virtualisation/lxc-container.nix | 20:13:26 |
| aanderse | distro builder says to turn it off... but apparently only required if `security.nesting` is set to `false` | 20:14:13 |
| aanderse | we can't detect the value of that at build time | 20:14:33 |
| aanderse | but we could detect the value at runtime | 20:14:47 |
| aanderse | so I'm not sure what we should do here... | 20:14:56 |
| hexa | what does security.nesting do? | 20:15:15 |
| aanderse | add a nixos option or try to do the right thing via shell scripting at runtime | 20:15:22 |
| hexa | like how does it interfere with loadcredential? | 20:15:56 |
| hexa | namespacing restrictions? | 20:16:03 |
| aanderse | that sounds right | 20:16:12 |
| aanderse | it's necessary for the nix sandbox in the container | 20:16:29 |
| aanderse | so make sense | 20:16:37 |
| aanderse | we're starting to play with cachix and i was surprised when it didn't work | 20:17:51 |
| aanderse | huh? | 20:17:54 |
| aanderse | that can't be... | 20:18:02 |
