| 1 Jun 2022 |
 Mic92 | Documentation is severe lacking and the error message are not helpful. | 17:33:58 |
 @grahamc:nixos.org | I haven't personally found that to be true, but it may be that I come to it with some important background context | 17:34:20 |
| @grahamc:nixos.org | * I haven't personally found that to be true, but it is probable that I come to it with some important background context | 17:34:30 |
| Mic92 | They ask end-users to deal with Nonces. If you don't have a background in cryptography, this is just care-less | 17:38:48 |
| @grahamc:nixos.org | ah, yeah, that has to do with the otherwise insecure method that the deprecated aws-ec2 auth method uses | 17:39:06 |
| @grahamc:nixos.org | the iam method doesn't need it and is much safer | 17:39:14 |
| @grahamc:nixos.org | I guess the ec2 method isn't deprecated, but the iam approach is recommended in a way that feels like ec2 was deprecated | 17:41:47 |
| Mic92 | Yeah, than I would need to hard set the aws region in my instances somehow... | 17:48:44 |
| Mic92 | * Yeah, than I would need to set the aws region in my instances somehow to use iam... | 17:49:20 |
| @grahamc:nixos.org | why's that? | 17:51:11 |
| Mic92 | Because I would for each region a different vault role because of the inferred_aws_region option that I need to set for aws_auth_backend_role. | 17:58:39 |
| @grahamc:nixos.org | ah, gotcha | 17:58:47 |
| Mic92 | * Because I would need for each region a different vault role because of the inferred_aws_region option that I need to set for aws_auth_backend_role. | 17:59:13 |
| 2 Jun 2022 |
| Mic92 | Wow systemd-creds is actually quite cool. This could be used to secure ssh host keys in the initrd for remote unlocking: https://man7.org/linux/man-pages//man1/systemd-creds.1.html | 05:45:24 |
| Mic92 | Using TPM | 05:45:29 |
| 6 Jun 2022 |
|  shimun ⚡️ joined the room. | 12:00:32 |
| 15 Jun 2022 |
|  Florian | W3F changed their display name from Florian | W3F to Florian | OoO till 20.06.. | 09:20:58 |
| 18 Jun 2022 |
|  wiredhikari joined the room. | 10:04:14 |
| 20 Jun 2022 |
| Florian | W3F changed their display name from Florian | OoO till 20.06. to Florian | W3F. | 08:58:53 |
| 27 Jun 2022 |
|  Minijackson joined the room. | 08:11:41 |
| 30 Jun 2022 |
| Florian | W3F changed their profile picture. | 13:15:17 |
| 4 Jul 2022 |
|  Jakob changed their profile picture. | 15:48:56 |
| 10 Jul 2022 |
|  @da:esclear.de joined the room. | 19:18:36 |
| 22 Jul 2022 |
|  Chris Portela joined the room. | 20:52:14 |
| 26 Jul 2022 |
|  @tinybronca:sibnsk.net changed their display name from tinybronca to tailrec. | 14:39:36 |
| @tinybronca:sibnsk.net changed their display name from tailrec to tinybronca. | 15:39:05 |
| 28 Jul 2022 |
| Mic92 | Because I have been asked now several times. Secure boot is still not a thing, right? Have someone may be published a manual guide though? | 15:26:45 |
 raitobezarius | In reply to @joerg:thalheim.io
Because I have been asked now several times. Secure boot is still not a thing, right? Have someone may be published a manual guide though? Well, there is the bootspec-secureboot project | 16:03:55 |
| raitobezarius | But SB with GRUB or systemd-boot is not trivial to achieve now | 16:04:07 |
| raitobezarius | I will be working on this in 2-3 days FWIW | 16:04:23 |
