| 31 Mar 2024 |
 hexa | different primitives though | 23:48:07 |
 @adam:robins.wtf | I like it. :) | 23:48:54 |
 @janik0:matrix.org | In reply to @raitobezarius:matrix.org
we didn't invent yet The One True Architecture for deployment tool that's fair and it's probably impossible to get the one perfect solution for everyone. | 23:49:14 |
| hexa | I tried using it, but secret handling becomes an issue 🙂 | 23:49:19 |
| @adam:robins.wtf | NetBoot is cool when it’s an option | 23:50:05 |
| * hexa nods | 23:50:19 |
| hexa | https://github.com/DeterminateSystems/nix-netboot-serve/issues/22 | 23:50:42 |
| @janik0:matrix.org | In reply to @raitobezarius:matrix.org
hot take yep. imo most companies and people tend to build their own tailor made solution too often instead of just forking something almost working and building (and whenever possible upstreaming) the missing bits and pieces. | 23:52:06 |
 raitobezarius | In reply to @hexa:lossy.network
https://github.com/DeterminateSystems/nix-netboot-serve/issues/22 i wrote a no_std cpio generator | 23:52:36 |
| raitobezarius | maybe i could plug it in there | 23:52:39 |
| raitobezarius | (for lanzaboote) | 23:52:43 |
| raitobezarius | In reply to @janik0:matrix.org
yep. imo most companies and people tend to build their own tailor made solution too often instead of just forking something almost working and building (and whenever possible upstreaming) the missing bits and pieces. yeah there's a spectrum | 23:52:54 |
| raitobezarius | (hexa you won't be able to say this room is silent) | 23:53:00 |
| hexa | fwiw, it can serve directly from hydra, which is why nobody(TM) cares about this issue | 23:53:02 |
| raitobezarius | (i win) | 23:53:03 |
| raitobezarius | In reply to @hexa:lossy.network
fwiw, it can serve directly from hydra, which is why nobody(TM) cares about this issue yeah but i'm planning to use it as a replacement of matchbox | 23:53:16 |
| @adam:robins.wtf | Yeah building in CI seems the workaround | 23:53:46 |
| @janik0:matrix.org | In reply to @hexa:lossy.network
I tried using it, but secret handling becomes an issue 🙂 how do you do disk state handling with netboot (I'm not sure what the default for this is OTOH) | 23:53:47 |
| raitobezarius | you just join a ceph cluster | 23:54:05 |
| raitobezarius | easy? | 23:54:11 |
| hexa | doesn't necessarily mean you nuke the disks | 23:54:12 |
| hexa | you can serve each machine a dedicated image | 23:54:20 |
| hexa | that knows what to mount where | 23:54:25 |
| hexa | if you really want that | 23:54:28 |
| @adam:robins.wtf | In reply to @raitobezarius:matrix.org
easy? Joining may be easy. Having ceph on the other hand… | 23:55:15 |
| raitobezarius | honestly you can even do fancier things | 23:55:38 |
| raitobezarius | you can serve one image | 23:55:40 |
| raitobezarius | but it contains N installation scripts | 23:55:44 |
| @janik0:matrix.org | In reply to @janik0:matrix.org
how do you do disk state handling with netboot (I'm not sure what the default for this is OTOH) maybe using ElvishJerricco luks tpm key bundle trick might be a solution for your secret needs with netboot. (that would still require initial bootstraping, but I guess you have that anywhere where secrets are involved) https://github.com/ElvishJerricco/stage1-tpm-tailscale | 23:55:49 |
| raitobezarius | and you can dynamically choose the installation script based on the actual hardware | 23:55:52 |
