| 20 Dec 2025 |
 bandithedoge | real | 19:49:12 |
 raitobezarius | In reply to @cyclopentane:aidoskyneen.eu
another missing puzzle piece imo: currently, Nix treats the eval process and the build process as two conceptually separate things. But afaict there's nothing stopping us from treating the evaluation of, say, a flake as a derivation too - that derivation would have the flake source, its dependencies and nix as inputs, and output a .drv file I also have this in my mind and I'd like it to happen | 23:47:22 |
| 21 Dec 2025 |
 SomeoneSerge (back on matrix) | It's more like aterm drv and nixlang are two different languages and both are by default applicative, with ifd making nixlang monadic and dyndrv making aterm monadic. But also I've never managed to read "a la carte" as anything more than a bunch of handwavy metaphors when applied to nix, so idk, maybe I'm too slow for this | 01:17:51 |
 jakehamilton | In reply to @sofiedotcafe:matrix.org
@jakehamilton:auxolotl.org do you have an example of Nilla but with agenix or similar? Ah I don't, I am not a fan of agenix and other existing secret solutions due to the manual work required :( | 01:19:08 |
 Acid Bong | In reply to @sofiedotcafe:matrix.org
@jakehamilton:auxolotl.org do you have an example of Nilla but with agenix or similar? Nilla is just a Nix entry point system, like flakes, while Agenix and such live within NixOS | 03:34:10 |
| Acid Bong | i think you should be able to use agenix or sops-nix regardless whether your NixOS is behind flakes, colmena and/or nilla | 03:35:57 |
 piegames | Beta test the next npins release now: https://github.com/andir/npins/pull/185 | 13:21:37 |
 Sofie 🏳️⚧️ (she/her) | I mean, agree :3 | 13:35:18 |
| Sofie 🏳️⚧️ (she/her) | we really do need a better tool | 13:35:33 |
| Acid Bong | In reply to @jakehamilton:auxolotl.org
Ah I don't, I am not a fan of agenix and other existing secret solutions due to the manual work required :( what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? | 13:49:40 |
| jakehamilton | In reply to @acidbong:envs.net
what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? Rekeying, managing keys for different machines, etc. There are still quite a few manual steps which I feel like shouldn't be necessary. | 13:52:18 |
| jakehamilton | Plus the issue of secrets being checked into git (even if encrypted). I think we can do better than that as well. | 13:53:04 |
 tc424 (Steve D) | Added npins add container, which allows pinning OCI containers
Ooooooooh ... | 13:54:11 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
Added npins add container, which allows pinning OCI containers
Ooooooooh ... I wonder if this is specific to container images or if any artifact on an OCI registry can be pinned this way. Helm charts, for example! | 13:56:32 |
| tc424 (Steve D) | I'm currently skimming it - https://github.com/andir/npins/pull/145/files | 13:57:04 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
I'm currently skimming it - https://github.com/andir/npins/pull/145/files Same, seems to call out to nix-prefetch-docker | 13:57:49 |
| jakehamilton | https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/nix-prefetch-docker | 13:58:09 |
| tc424 (Steve D) | yeah, which is something else I didn't know existed :) | 13:59:29 |
| tc424 (Steve D) | and that uses skopeo | 13:59:42 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
and that uses skopeo Was just about to say the same. I think it should just work for any artifact then? | 14:00:02 |
| tc424 (Steve D) | Not sure, but even if it doesn't, it feels like it shouldn't be too complex to add | 14:00:47 |
| tc424 (Steve D) | Anyway, I've been using an ancient static binary of docker-lock, will be nice to be able to use something more modern :) | 14:02:00 |
| Sofie 🏳️⚧️ (she/her) | Nix is nice since I can just quickly spin up a production ready dev environment on my grandparents desktop because I forgot my laptop | 14:10:46 |
| Sofie 🏳️⚧️ (she/her) | Using WSL :3 | 14:10:53 |
| Sofie 🏳️⚧️ (she/her) | * | 14:11:14 |
 jlc | Heya- For mounting SMB shares using cifs, is the "nofail" option relevant like when declaring mounts for physical drives? | 16:25:49 |
| jlc | (looks like the answer is yes - editing the wiki to say as much rn) | 17:06:29 |
 whispers (it/fae) | i feel like this is a reasonable question that we should know the answer to, but i don't, so: if you hand it a big bold graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:55:48 |
| whispers (it/fae) | * i feel like this is a reasonable question that i should know the answer to, but i don't, so: if you hand it a big build graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:56:29 |
| whispers (it/fae) | * out of curiosity, if you hand it a big build graph, how does lix/nix choose what to build first? it doesn't seem to start from the most depended-on derivations or any other metric which i would expect. | 22:59:31 |
