@sandro@c3d2.social avatar

sandro

@sandro@c3d2.social

Some lefti :AFD:, NixOS :nixos:, Linux :tux:, Chaos :fairydust:

Don't be afraid of colorful flags :progress_pride: πŸ³οΈβ€πŸŒˆπŸ³οΈβ€βš§οΈπŸš©πŸ΄

This profile is from a federated server and may be incomplete. Browse more on the original instance.

squirrelroad, to NixOS
@squirrelroad@mas.to avatar

why is there https://lix.systems and https://aux.computer ?
Why not just merge them together ? #nix #nixos

sandro,
@sandro@c3d2.social avatar

@dwagenk @squirrelroad I don't see how replacing nix with different 3 letters in all terms would solve the naming quirk.

Also IMO that's not such a big issue. Most languages have a language and compiler/interpreter which is named the same.

sandro, to NixOS
@sandro@c3d2.social avatar

If you are testing all the experimental features, you also need to create PRs from time to time.
https://github.com/NixOS/hydra/pull/1377 fixes .doi resolution in hydra on the latest version.

baer, to NixOS

can someone help me with what i should expect from the
services.xserver.virtualScreen option.
From the source code I gather that it just appends

"Virtual ${toString cfg.virtualScreen.x} ${toString cfg.virtualScreen.y}"}

to the monitor section
but what does that do? I don't know enough about x11 and the docs are not really helping me...
thanks

sandro,
@sandro@c3d2.social avatar

@baer That's the x and y of the virtual screen.
The example will turn into

"Virtual 2048 2048"

tcurdt, to NixOS
@tcurdt@mastodon.social avatar

After using NixOS, the whole container ecosystem feels like holding it wrong.

I can no longer un-see it 🫣
I am doomed.

sandro,
@sandro@c3d2.social avatar

@tcurdt same

publicvoit, to ubuntu
@publicvoit@graz.social avatar

I AM SO DISAPPOINTED WITH UBUNTU 24.04 😑
https://news.itsfoss.com/ubuntu-24-04-disappointment/

I'm so glad that I got rid of #Ubuntu (actually #Xubuntu) and #snap.

Now, I need to get rid of #NixOS as well, despite having invested (too) much effort. 😞

#Debian is my true and only safe heaven, as it seems.

sandro,
@sandro@c3d2.social avatar

@publicvoit Debian doesn't offer that majority of software I use out of the box and using out of tree sources is usually up for upgrade disaster.

And if I need to use containers, then I might as well use something which focuses on that.

jakehamilton, to NixOS
@jakehamilton@hachyderm.io avatar

I like , I do not like what has happened to it. is an incredible technology and it deserves better. Nobody else has started the process so I guess I have to be the one to do it. We are forking. I would rather try and fail alongside all the people who love Nix but were pushed away from the project than give up.

https://aux.computer/

sandro,
@sandro@c3d2.social avatar

@soupglasses @jakehamilton Well, technically there is already a loose grouping. Everything going into the stdenv is absolute core and anything requiring to go to staging could also be classified important. All packages that are just one rebuild, are leaf packages and sometimes can be considered for fun.

18+ hexa, to NixOS
@hexa@chaos.social avatar

What a week, huh?

sandro,
@sandro@c3d2.social avatar

@hexa It's only Wednesday Monday captain.

pimeys, to NixOS
@pimeys@social.nauk.io avatar

Thank you for the TPM2 article @jnsgruk. I decided to give it a go last weekend, and it was a bit longer process than 10 minutes. For anybody who struggle to get rid of the password prompt for the LUKS volume, this setting is essential:

boot.initrd.systemd.enable = true;

The initrd must have systemd installed, so the settings defined with systemd-cryptenroll are available during the boot. Alternative way is to use Clevis to encrypt the LUKS password using the TPM module, and invoke it during boot. This is not super complex either, but I kind of like the systemd approach more.

Also the article didn’t mention much about the different PCR ids you can use with TPM. These define the system state when a secret key can be accessed from the TPM module. If any of the policies trigger, the TPM module will not output any secrets and the user needs to enter the LUKS password. The article uses three policies:

  • 0: firmware updates
  • 2: extended ROMs from pluggable hardware (e.g. USB)
  • 7: secure boot disabled, or firmware certificates update

Additionally, one policy is needed to ensure an attacker cannot boot the system to a single user mode from the bootloader:

  • 12: kernel config change, e.g. changing the boot parameters.

It is important to wipe the old slots with systemd-cryptenroll when changing the PCRs. Changing them is additional, and doesn’t modify the existing policies.

Edit: and do not wipe the password slot! This will render your disk unbootable.

sandro,
@sandro@c3d2.social avatar

@pimeys @jnsgruk Did you find documention on the numbers you can turn on and off? I briefly looked and didn't find anything.

Having to enter the password with almost any configuration change, including plugged in USBs makes me almost want to try it.

sandro, to random
@sandro@c3d2.social avatar

It is always DNS πŸ˜…

One of the domains I manage has flaky results with Quad 9 because one of the nameservers it uses has a wrong glue record set for its own nameservers.

astrid, to random
@astrid@fedi.astrid.tech avatar

what nix fork projects currently exist, im curious

sandro,
@sandro@c3d2.social avatar

@dieweltist @astrid Guix has it's roots in NixOS but I would consider it a standalone project by now.

danvolchek, to linux
@danvolchek@mastodon.social avatar

Declarative operating systems sound really neat - I'd love to be able to configure my system + applications through files.

Unfortunately, I'm not interested in Nix because of how Dolstra is handling the current community outcry. Ideally I'd like to stay on Arch, too.

Does anyone know what the current options are? Are any of them as maintained/supported/documented as Arch itself?

Arch has been great, btw!

sandro,
@sandro@c3d2.social avatar

@danvolchek I think I am to knee deep into NixOS to be able to use an imperative distro in large scale again.

soupglasses, to NixOS
@soupglasses@hachyderm.io avatar

I think the most hurtful thing with seeing in flames and people leaving for other immutable distros is...

NixOS was strong for its module system, not so much its immutable nature.

The rapid development you could do, and test that locally, sewing together an entire fleet in a matter of hours, without much of a thought to the minor details was amazing.

Lets remember to take the NixOS module system with us.

sandro,
@sandro@c3d2.social avatar

@soupglasses I am not sure if there is anything like it for the module system though.

ivan, to random
@ivan@hachyderm.io avatar

Maintaining software sometimes feels like rolling a rock up a hill for all eternity.

Other times, the rock is actually a pile of sand

sandro,
@sandro@c3d2.social avatar

@ivan what helped me in the past, was to not support what I can't easily test. For example I can easily start a Debian container but debugging something on Mac is usually a pain and I now often just decline it and tell people to send a PR of they happen to fix the issue they described.

Or just outright declining new features to keep the scope of the software manageable.

sandro,
@sandro@c3d2.social avatar

@ivan I mean if you're at least get paid well to push up the sand. It kinda makes it bearable for some time.

And eventually you find a way to automate at least something

pmidden, to NixOS
@pmidden@fosstodon.org avatar

Other than posting the PR on Discourse, is there any way to get noticed by reviewers?

sandro,
@sandro@c3d2.social avatar

@pmidden Know one πŸ˜…πŸ˜Š

There's also a matrix channel

sandro, (edited ) to NixOS German
@sandro@c3d2.social avatar

Sometimes I want a reproducibility nightmare in #NixOS : apply a set of changes but only when the derivativion is rebuilt anyway.

sandro,
@sandro@c3d2.social avatar

@nickcao I was thinking about doing this in my nixos configuration to get as much cache hits as possible and test highly experimental stuff πŸ˜‚

I have no clue how practical this would be as a feature for a merge bot. Usually I think they are used to find regressions which only occur when combining PRs which doesn't make sense for most changes.

sandro,
@sandro@c3d2.social avatar

@jeremy_list fetchTarball Wirth a low caching total already achieves that

mart_w, to php German
@mart_w@chaos.social avatar

As fixes for the current and are not reliably available yet, keep in mind that a workaround exists for those of you who don’t need support for the ISO-2022-CN-EXT character set: https://rockylinux.org/news/glibc-vulnerability-april-2024/

This should be quite straightforward to apply on most machines – except those running . If you do use NixOS, my solution might help you bridge the gap until the proper fix is upstream: https://git.brokentech.cloud/mart-w/nixos-workaround-cve-2024-2961

Thanks @hexa for pointing me in the right direction!

sandro,
@sandro@c3d2.social avatar

@mart_w if you are building your systems via hydra, you must stay away from replaceRuntimeDependencies or you brick you're web ui and build everything in evaluation phase.

sandro,
@sandro@c3d2.social avatar

@mart_w No, not really. Maybe we could supply Hydra with the configuration without this setting and only apply it when deploying. This should easily be possible.

domenkozar, to random
@domenkozar@fosstodon.org avatar

http://devenv.sh will use Mold linker when using
@rust by default on Linux to speed up compilation, you can disable it via

languages.rust.mold.enable = false;

sandro,
@sandro@c3d2.social avatar

@domenkozar @rust Is it really just a drop-in replacement? Sounds to good to be true .

jakehamilton, to random
@jakehamilton@hachyderm.io avatar

Nushell is really cool

sandro,
@sandro@c3d2.social avatar

@jakehamilton A friend of mine has it by default and I always tell him to just open bash when he struggles to run basic Linux commands like du -sh πŸ˜…

Shells other than bash/zsh always failed for me because of the hard backwards compatibility break.

jakehamilton, to random
@jakehamilton@hachyderm.io avatar

FYI

If I'm following you, it's because I think you're cool. If I'm not following you, it's because I don't know how cool you are yet.

You're cool, keep doing cool things

sandro,
@sandro@c3d2.social avatar

@jakehamilton 🧊

geerlingguy, to linux
@geerlingguy@mastodon.social avatar

A few years ago, I would've said CentOS or Debian. Now, the answer is much easier

sandro,
@sandro@c3d2.social avatar

@crft @geerlingguy The pain with Debian starts when using out of tree software. Every homelab project I want to use is not in Debian.

sandro, to NixOS
@sandro@c3d2.social avatar

Maybe I didn't delete old system profiles for a bit...

note: currently hard linking saves 273250.45 MiB
119288 store paths deleted, 148805.54 MiB freed

  • All
  • Subscribed
  • Moderated
  • Favorites
  • β€’
  • megavids
  • kavyap
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • khanakhh
  • InstantRegret
  • Youngstown
  • ngwrru68w68
  • slotface
  • rosin
  • tacticalgear
  • mdbf
  • Durango
  • JUstTest
  • modclub
  • osvaldo12
  • ethstaker
  • cubers
  • normalnudes
  • everett
  • tester
  • GTA5RPClips
  • Leos
  • cisconetworking
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •