@maralorn@ifreund do you run the release branches of NixOS? I think I did so initially, but switched to master because releases didn't work well for me, for reasons I no longer remember. Reconstructing potential issues, is Nixpkgs committed to backporting security fixes?
Man, the longer I have :nixos: #NixOS and :manjaro: #Manjaro running in parallel, the more annoyed I am by the :archlinux: #ArchLinux way, e.g.:
· Python update ⇒ all python-based #AUR packages must be rebuilt. #pipx-installed packages also need reinstallation.
· separation between distro repos and AUR is anoying. 'yay -Syu' (or whatever) never really works in one go (be it some stupid sudo prompt later)
· so many AUR packages don't build reliably or at all.
...
@hasnep@nobodyinperson When I moved to Linux I would maintain markdown files with notes & instructions on what I'd done and how to repeat. Nix let me skip the human step in executing my instructions.
@sandro The churn of individual commits doing reformatting of single packages frankly pisses me off. It consumes too much bandwidth and I wanted that to end.
There is never a good time to do it, but this was the best time to do it.
Wrote a post on how to do reasonable pinning for non-flake configs using a simple shell script, npins, and nixos-rebuild. I also talk about how tools like nixos-rebuild and nix-channel are skeletons in our closet that we need to actually replace and deprecate as a community, to bring people up to modern practices.
@whitequark ok, sure, but that could also be done in a far more scrutible way by a CI job that updates the file and then the machine auto pulls its config or so.
I have been working on something, which is not totally ready.
Most of the deployment tools in the #NixOS ecosystem are tailored to... NixOS. NixOS can run in a bunch of places, but not easily on 256MB RAM devices and 32MB disk.
anyone have a good resource for converting a binary to a #nixos service? I think i got pretty far with @readeckhttps://readeck.org/en/docs/deploy but i have no clue how to handle the /etc/ files it claims it needs and keep getting vague 203 errors.
instead of talking so much about what flakes are for, maybe we should talk more about what they do, because it's actually very little. flakes DO the following:
manage a single, top-level lockfile
force a specific entry point for a Nix expression
change the CLI syntax you use
turn on "pure eval" mode by default
make you git track your files (for git repo flakes)
those are the actual things that flakes effect to Nix code
"there is no moral difference taking money from Anduril or from Microsoft. Microsoft has had multi-billion dollar Pentagon and other agency contracts for many years now, and the things they produce are used wherever the U.S. Government wants to use them, including as tools for war and border control."
100% this. #nixos is so embedded in #github that it is hard to take any complaints about other partners or sponsors seriously.
@yisraeldov@chrism NixOS is not deeply embedded into GitHub. Many CI checks are just executing shell code in the end which can be early run locally and be adopted and everything specific to GitHub would need to find a replacement, like the labeler.
The main problem is scalability. Running your own infrastructure on that level of size, complexity and availability is a major undertaking and eg. Gitea couldn't even handle the amount of forks.
ME: hm I should make one (1) change to my programmable keyboard.
30 MINUTES LATER: well, my random weird devicemapper issue went away after uninstalling/reinstalling docker and rebooting a few times, but now docker seems to require root, when it didn't before? wtf
Computers may have been a mistake. (Also, it's amazing how far my desire to tinker with my #NixOS setup has plummeted now that the community is splintering.)
@bitprophet I was bulk updating a bunch of small servers last night, which included a few DO boxes.
I had one of those oh shit moments while I was upgrading the box to get Tailscale updated. Thankfully, everything was fine, but I thought I would lose access while the box took a minute to respond.