@lyse@lyse.isobeef.org Lalala, ich höre nix. 🙉

Aber total unrealistisch. Die „Fokuszeit“ hätte überbucht sein müssen durch ein anderes, wichtiges Meeting. Sonst war ja kein Platz mehr dafür.

@arne@uplegger.eu Der Real-O-Mat ging neulich auch rum: https://real-o-mat.de/ (Ändert bei mir im Ergebnis nix, die Antworten/Begründungen sind aber interessant(er).)

The GNU Guix System
GNU Guix is a package manager for GNU/Linux systems. It is designed to give users more control over their general-purpose and specialized computing environments, and make these easier to reproduce over time and deploy to one or many devices. ↫ GNU Guix website Guix is basically GNU’s approach to a reproducible, functional package manager, very similar to Nix because, well, it’s based on Nix. GNU also has a Linux distribution built around Nix, the GNU Guix System, which is fully ‘libre’ as al … ⌘ Read more

a new emmanation of my trusty old vim config, now available as a home-manager nix module. now i can track my dependencies with nix instead of using git subtree and it makes installing backend programs like language servers and such way easier. https://src.ix.cyb.red/pe-vim/

minibase has a network security architecture with a number of overlapping layers of protection. first, routers and discovery endpoints either require a password or an authorized public key to accept traffic. this setup restricts who can reach the endpoints to an extent, but peering with enough third parties with less restrictive policies will practically allow global routing. since this is a possible policy choice, minibase also requires internal traffic to be authenticated. overlay traffic is automatically encrypted by yggdrasil, but applications should still treat the traffic like its clearnet and use tls. currently i’m requiring a dns acme challenge to generate wildcard certs, but eventually it might make sense to scope the certificates to the specific service its associated with. we don’t have much config generation in the nix modules yet, but something like this should be possible eventually. i’m working on configurations for ory oathkeeper, hydra, and kratos to provide a federated auth framework that your network services and minibase configs can integrate with.

freebsd makes a lovely server os, nixing it would be fucking excellent. i wonder if they ported systemd? shit’s making me curious

so it looks like genode has taken some inspiration from nix.. that’s a rabbit-hole for another time https://genode.org/documentation/developer-resources/package_management

it would be interesting to build a new nixpkgs based on a totally different base system. like, genode (sel4+) that can take the interesting security properties of nix and apply them to a non-posix secure-by-construction type of OS

I wonder if bento has slightly missed the key to being a total genius approach to host management. ok hear me out. each node periodically pulls configuration from a coordination node that hosts a binary cache. the admin may make changes and pre-build them maybe kick off an update task manually if they want, but the point is there’s an automated checkin. for my case, the device I have available for coordination isn’t really capable of hosting a binary cache for any of my other machines. the nix store for my dev machine is larger than the entire disk of the coordinator! and due to the yearly heat my best machine can’t be reliably powered on all the time. so i started thinking to myself, “self, what if instead of having a central coordinator we fetched configuration from a reliable git mirror (maybe git+torrent some day) and consume it as a flake. the source could even be swapped out using a flake registry (so you don’t even have to commit to self-hosting anything other than a json file). then managed hosts only have to be setup to consume the registry and the shared flake (which registers the update agent) and DONE?”

some day, you’ll be able to download nix-on-android from f-droid and nix run git+https://git.cyb.red/pkgs/free-internet.flake and join the no se vende mesh collective.. something like that

this is what i like to see https://gerbil.scheme.org/guide/nix.html

today i will start trying to extract my dots from my memex database and manage the dependency tree entirely using nix flakes

minibase bootstrap iso first look is up on the gits https://git.ix.cyb.red/IX/minibase/src/branch/main/dev/bootstrap #nix #lix

installing lix fixed my busted nix install. i installed the rpm from their website and it didn’t work so i typed curl -sSf -L https://install.lix.systems/lix and was happy happy happy

nix lix aux is for sure a winner

my first nix flake https://git.ix.cyb.red/pkgs/msmart-ng.flake its kind of ok i guess. i’m still learning ^^

learning Nix.. but the lenguage…damn.. bro im done!