| 17 Mar 2025 |
 antifuchs | rebooting now to capture that behavior | 18:39:01 |
 emily | how do you get your tailscale keys in initrd btw? | 18:42:20 |
| antifuchs | using tpm-encrypted systemd credentials (: | 18:43:16 |
| antifuchs | LoadCredential is really pretty sweet | 18:43:25 |
| antifuchs | got a screen recording that hopefully doesn't have passwords in it. just need to upload it somewhere | 18:43:51 |
| antifuchs | https://vimeo.com/1066686462?share=copy#t=0 is the screencap | 18:45:51 |
| antifuchs | at minute 1:00 or so you can see it popping up the emergency password prompt after I started the unit | 18:46:43 |
| antifuchs | then I entered the first 10c of the password and didn't press enter, but it popped up another prompt | 18:47:02 |
| antifuchs | (you can also see some multiple zfs password prompts that might stem from the same issue tbh) | 18:49:53 |
 gdamjan | why not use TPM credentials for the ZFS pool too? | 19:58:35 |
| antifuchs | mainly because I prefer to have a human in the loop knowing that this system was booted (: | 20:03:48 |
| antifuchs | (and confirming that it should boot) | 20:03:56 |
| 18 Mar 2025 |
 @rosscomputerguy:matrix.org | I heard something changed with QuickAck in networkd that needs to change. Someone told me about it but I don't understand what's not working with it so maybe someone here could fix it? I was told something needs to be duplicated. | 16:53:01 |
 @elvishjerricco:matrix.org | Is this a good idea? https://github.com/NixOS/nixpkgs/pull/375975 I've certainly needed it quite a few times. But you wouldn't want people just blindly enabling it because they got an error without understanding it | 21:38:37 |
 @adam:robins.wtf | Maybe give a stern warning with it? | 21:39:42 |
| @elvishjerricco:matrix.org | adamcstephens: like an actual warnings = ... type warning? Or just in the description? | 21:42:39 |
| @adam:robins.wtf | just the description. | 21:43:20 |
| @elvishjerricco:matrix.org | I just realized... we ought to give the kernelModules / availableKernelModules options the same treatment as supportedFilesystems | 21:44:37 |
| @elvishjerricco:matrix.org | i.e. kernelModules.foo = true; rather than kernelModules = [ "foo" ]; | 21:44:53 |
| @elvishjerricco:matrix.org | Then you could properly target the modules you want to exclude with mkForce | 21:45:22 |
| @elvishjerricco:matrix.org | I should probably just do that instead of adding this footgun | 21:45:36 |
| @elvishjerricco:matrix.org | Hmph that will inevitably lead to some people thinking boot.kernelModules.foo = false; will blacklist it, even though blacklistedKernelModules existts | 21:57:18 |
| @elvishjerricco:matrix.org | * Hmph that will inevitably lead to some people thinking boot.kernelModules.foo = false; will blacklist it, even though blacklistedKernelModules exists | 21:57:19 |
| @elvishjerricco:matrix.org | not sure now | 21:57:35 |
 Nick Cao | Is it possible to define something like lib.mkRemove, which at option merge time, would remove the matching entry from the list | 21:59:12 |
| Nick Cao | Here: https://github.com/linyinfeng/nixpkgs/commit/80be7b4c5c1842147b569fb50670952ba726d90c | 22:01:19 |
| @elvishjerricco:matrix.org | I feel like it'd be better to have a mkApply or something that just adds a finalization function to that priority layer | 22:02:38 |
| @elvishjerricco:matrix.org | Ok, I'm happier with this now: https://github.com/NixOS/nixpkgs/pull/375975 | 23:42:39 |
| @elvishjerricco:matrix.org | I made it possible to set / unset kernel modules as an attrset, with descriptions making it clear that this does not do blacklisting (though I made a similar change to blacklistedKernelModules). And I added a warning to the allowMissingModules description telling people they should disable individual modules instead. | 23:43:52 |
| @elvishjerricco:matrix.org | oh shit I have to document that type I factored out into lib now don't I | 23:44:26 |
