| 29 Jul 2025 |
 Marcel | ahh ok | 19:59:56 |
| Marcel | at least my vm test works now ;D | 20:00:47 |
 ElvishJerricco | Marcel: yea if you want to do closureinfo stuff to get full closures into systemd initrd I was thinking of something like this:
{
boot.initrd.systemd.storePaths = [
(runCommand "x"
{
info = closureInfo { rootPaths = [ hello ]; };
}
''
mkdir $out
cat "$info"/store-paths | while read path; do
ln -s "$path" "$out/$(basename "$path")"
done
''
)
];
}
| 20:03:53 |
| ElvishJerricco | * Marcel: yea if you want to do closureinfo stuff to get full closures into systemd initrd I was thinking of something like this:
{
boot.initrd.systemd.storePaths = [
(runCommand "x"
{
info = closureInfo { rootPaths = [ hello ]; };
}
''
mkdir $out
cat "$info"/store-paths | while read path; do
ln -s "$path" "$out/$(basename "$path")"
done
''
)
];
}
| 20:03:57 |
| ElvishJerricco | but it'd probably be better to just have a make-initrd-ng feature for this | 20:04:21 |
| ElvishJerricco | something like storePaths = [ { source = hello; closure = true; } ]; | 20:04:47 |
 emily | if I clear my backlog for today I'm going to diff the closure of make-initrd{,-ng} | 20:04:56 |
| emily | and my rampage will begin :P | 20:05:02 |
| Marcel | no pressure - when ifstate releases i will just create an PR without initrd support and keep that initrd stuff localy untill we've figured something out | 20:08:17 |
| Marcel | In reply to @elvishjerricco:matrix.org
Marcel: yea if you want to do closureinfo stuff to get full closures into systemd initrd I was thinking of something like this:
{
boot.initrd.systemd.storePaths = [
(runCommand "x"
{
info = closureInfo { rootPaths = [ hello ]; };
}
''
mkdir $out
cat "$info"/store-paths | while read path; do
ln -s "$path" "$out/$(basename "$path")"
done
''
)
];
}
thx | 20:16:15 |
| 30 Jul 2025 |
|  yan 💕 joined the room. | 01:42:17 |
 Sandro 🐧 | re: ifstate: speaks something against static compilation? | 18:34:31 |
 Marie | it's python | 18:37:51 |
 DenKn | it should be also possible to compile python static. but you are only able to load libs written in plain python. | 19:03:12 |
| DenKn | but why python in initrd? | 19:04:12 |
| Marie | to run ifstate | 19:08:11 |
| DenKn | for configure network, you do not need ifstate. you can do anything with iproute2 except wg, sysctl, ... | 19:28:37 |
| Marcel | yeah, I don't need it, but I am not interested in defining my configuration in tow different formats twice, other than just reusing the configuration from the stage 2 system | 19:30:12 |
| Marcel | (this is about packaging ifstate, everything works already, also initrd, its just about reducing it's addition to the initrd) | 19:31:00 |
| DenKn | so you need network in initrd? | 19:31:08 |
| Marcel | if you have an encrypted systemd which is not directly accessable (e.g. a server in a datancenter) and you wan't to reboot it you someshow need to enter the password - i know. there are thinkgs like ipmi but you cloud also start an sshd in the initrd and connect to it in order to enter the password | 19:32:27 |
| Marcel | see https://wiki.nixos.org/wiki/Remote_disk_unlocking for some background info | 19:33:07 |
| Marcel | * (this is about packaging ifstate, everyth ing works already, also initrd, its just about reducing it's addition to the initrd in terms of size) | 19:34:26 |
| DenKn | There is not secure datacenter. If it is not your hardware, encryption is useless. | 19:34:29 |
| Marcel | its my hardware in a datancenter operator i trust | 19:34:54 |
| Marcel | but i thinks think this is off topic now | 19:35:09 |
| Marcel | * | 19:35:19 |
| DenKn | ah, ok, than it is something different. | 19:35:49 |
| DenKn | so, you have also a sshd in your initrd... | 19:37:53 |
| emily | you can use TPM etc. to get a not-easily-extractable host key prior to decryption | 19:37:54 |
