| 19 Dec 2025 |
 hexa | but that might make it hard to test | 02:50:11 |
| hexa | escapeShellArgs makes sense when there is user input, that needs escaping | 02:51:18 |
| hexa | there is also utils.escapeSystemdExecArgs, which is more suited to systemd units | 02:51:35 |
 zsuper | okay, i have the raw secret option as str, but you're saying make the secretFile option also just a str? | 02:51:36 |
| hexa | the nixos config being built might also end up in the nix store, so plain text secret string options are also a bad idea | 02:52:27 |
| hexa | I would also recommend to construct ExecStart from a list for proper tokenization | 02:52:47 |
| hexa | so escapeShellArgs or escapeSystemdExecArgs, the plural versions | 02:53:00 |
| hexa | literalExpression gets used in e.g. defaultText or exampleText to render the string as nix code without evaluating it | 02:53:37 |
| hexa | it gets rendered in place of the actual default or example value | 02:53:49 |
| hexa | which might be a reference to something else | 02:54:06 |
| zsuper | regarding this, my plan is to create a raw secret option as well as a secretFile option (where the latter takes precedence), just to keep options open for users. But I'll use a regular str for both to avoid secret paths getting copied to the store. | 02:57:58 |
| hexa | the raw secret string option is a bad idea | 02:58:32 |
| zsuper | but it's fine if used with sopsnix right? | 02:58:59 |
| hexa | they pass files | 02:59:24 |
| hexa | not strings | 02:59:25 |
| zsuper | i have not yet setup/learned how sopsnix works, so I am unsure tbh | 02:59:31 |
| hexa | agenix/sopsnix encrypt and pass files | 02:59:42 |
| zsuper | i see, okay thanks | 02:59:57 |
| zsuper | then ill re-evaluate how i go about this. but thanks for the advice regardless! | 03:00:17 |
|  班泽 💕 joined the room. | 08:08:40 |
| 班泽 💕 left the room. | 08:25:17 |
| zsuper | okay, i've been working on the PR for the nixos/bore module, but I'm at a bit of a roadblock when it comes to nixos tests. Since bore local requires a connection to a remote proxy server (i.e. "bore.pub"), should the nixos tests really be connecting to it to verify functionality? Rather, how does networking work with the test suite? Or should I only run tests for the server variant, which simply needs to check if it can listen on 0.0.0.0:<specified port>? | 20:59:24 |
| zsuper | actually i think i might be able to set up a server and a local proxy on the same machine that just interact with each other | 21:14:52 |
| 20 Dec 2025 |
| zsuper | if anyone has free time, could you skim over this PR and see if things look fine? https://github.com/NixOS/nixpkgs/pull/472353
I'm hoping to ask some non-reviewers before I post in the Nixpkgs Review Requests, just so I can minimize the number of cycles I approach reviewers, who might be busy. Thanks in advance! | 02:39:01 |
| zsuper | * if anyone has free time, could you skim over this PR and see if things look fine? https://github.com/NixOS/nixpkgs/pull/472353
I'm hoping to ask some non-reviewers before I post in the Nixpkgs Review Requests channel, just so I can minimize the number of cycles I approach reviewers, who might be busy. Thanks in advance! | 02:39:10 |
| 8 Feb 2024 |
|  zrsk joined the room. | 10:38:02 |
| 15 Feb 2024 |
|  a-kenji joined the room. | 19:15:14 |
| 16 Feb 2024 |
|  Qyriad joined the room. | 14:56:15 |
|  mr-qubo joined the room. | 14:59:24 |
| mr-qubo | I recently stumbled upon similar issue when working on home-manager. https://discourse.nixos.org/t/is-it-possible-to-define-systemd-services-in-a-submodule/39538/5
The idea is that enabling https://nix-community.github.io/home-manager/options.xhtml#opt-programs.bash.enableCompletion should set environment.pathsToLink = [ "/share/bash-completion" ];.
I think that module system is missing an option to pass config options recursively up to all ancestors.
| 15:06:01 |
