@sandro@c3d2.social avatar

sandro

@sandro@c3d2.social

Some lefti :AFD:, NixOS :nixos:, Linux :tux:, Chaos :fairydust:

Don't be afraid of colorful flags :progress_pride: πŸ³οΈβ€πŸŒˆπŸ³οΈβ€βš§οΈπŸš©πŸ΄

This profile is from a federated server and may be incomplete. Browse more on the original instance.

nixos_org, to random
@nixos_org@chaos.social avatar

nix-buildproxy offers reproducible HTTP/HTTPS responders in sandboxed Nix builds. The author is eager for your feedback, so don't hesitate to share your thoughts! https://discourse.nixos.org/t/nix-buildproxy-reproducible-http-https-responder-in-sandboxed-nix-builds/40081

sandro,
@sandro@c3d2.social avatar

@nixos_org Direct GitHub link for anyone interested https://github.com/polygon/nix-buildproxy/

sandro, to NixOS
@sandro@c3d2.social avatar

TIL: You can enter a a process' exact namespace with the following command to debug systemd hardening with ease:
nsenter --all --target $PID

Why did no one tell me this earlier!?

sandro,
@sandro@c3d2.social avatar

And with that it was super easy to find out that the socket I wanted to connect to was owned by nobody:nogroup because I didn't add the supplementary group for it.

sandro,
@sandro@c3d2.social avatar

@mdione I am not using docker containers here, it is all systemd units. I often receive errors like No such file or directory which do not make sense outside the started systemd unit and it's namespace and so far I don't know of any tool systemd offers to debug this. The hardening options offered by systemd especially when combined with Dynamic user can quite change the mounted filesystems and often add read only bind mounts and tmpfs which can break a diverse list of things.

sandro,
@sandro@c3d2.social avatar

@mdione For example nullmailer likes to do hardlinks IIRC and those do not work across different file systems which includes different bind mounts and without entering the file system namespace you require a lot of guesswork to figure this out.

mir, to NixOS

tryna specify an image url in , but it tries to read it as part of the config? like yes. of course that's a syntax error, it's jpeg Metadata bitch...

sandro,
@sandro@c3d2.social avatar

@mir Did you stringify it?

sandro,
@sandro@c3d2.social avatar

@mir then the option is supposed to be used differently. What are you trying to do in code?

fgaz, to NixOS
@fgaz@cdrom.tokyo avatar

What if… used instead of ?

I present you tcl-stdenv!

Previously

@nixos @tcl @tcltk @tcl @tcl

sandro,
@sandro@c3d2.social avatar

@fgaz @nixos @tcl @tcltk @tcl @tcl since shell is probably the smallest common nominator between all builds systems, I don't know where the fit for this would be since we could not remove a shell anyway. Maybe it would be useful to remove Python/Rust/Perl from deep down the dependency chain if shell is just not enough.

sandro,
@sandro@c3d2.social avatar

@fgaz builder language as for the stdenv itself?

ahoneybun, to NixOS
@ahoneybun@hachyderm.io avatar

Am I the only one who does this?

sandro,
@sandro@c3d2.social avatar

@ahoneybun I don't do it by service but by feature like server, desktop, WSL, ...

godmaire, to NixOS
@godmaire@mstdn.social avatar

How much work is it to install and configure a NixOS system if you've never done it before? Like is this a weekend project or just a few hours?

sandro,
@sandro@c3d2.social avatar

@godmaire
Depends on what you want to do. If you just want a standard plasma desktop you can be done in an hour
If you have lots of customization and opinions about things, it can take a lot longer.

clerie, to NixOS German
@clerie@fem.social avatar

I hate updating systems.

sandro,
@sandro@c3d2.social avatar

@clerie If you do it often enough, it gets quite nice. shy look at my homeserver

ls /nix/var/nix/profiles/
.....
system-1831-link

gheja, to factorio
@gheja@mastodon.social avatar

I thought Factorio might be dangerous for my free time, so I haven't even started to play it for a long while.

Recently I realized that I'll have a bunch of time so I gave it a go 5 days ago.

Well... I was not wrong.

(I barely play games and there are only a few ones that I played this long.)

#Factorio #games #gaming #oops #spaceballs

sandro,
@sandro@c3d2.social avatar

@gheja That's only double digit playtime 🀨 we'll talk again when you 4 digits

exclava, to NixOS
@exclava@mastodon.social avatar

desperately needs better documentation lol.

sandro,
@sandro@c3d2.social avatar

@exclava but at least in comparison to other distros it is pretty easy to find the package source and just look at the code

clerie, to NixOS German
@clerie@fem.social avatar

boot.initrd.network is very broken, btw

sandro,
@sandro@c3d2.social avatar

@yuka @clerie @raito We configure bonds and bridges in it and mirror the normal networking setup to make ssh unlock easy

lxsameer, to NixOS
@lxsameer@social.lxsameer.com avatar

I generally don't like #systemd. Mostly because, I'd like to be in control and have a choice, not the other way around.

But #nix is so good that I might switch to #nixOS.

sandro,
@sandro@c3d2.social avatar

@lxsameer systemd provides plenty of control allows you to achieve so many things which where impossible before

sandro,
@sandro@c3d2.social avatar

@lxsameer you don't need to use systemd-boot, networkd, resolved but they have cool integrations and certain things only work with them, which is expected.

The disadvantaged are so minimal and usually people can only name design decisions or things outside of the code itself and all comparable tools lack major features or are designed around shell scripts.

sandro,
@sandro@c3d2.social avatar

@lxsameer I have an openwrt which uses initrd style startup scripts and they are terrible. I have one process which always looses it's pids despite being in a sandbox and sometimes restarting it leaves rogue processes behind. Without some top you never find it. That never happened on systemd to me.

Also it is lacking per service diagnostics, logging and a structured way to configure the service. every service is a little bit different in its shell script.

pi_crew, to NixOS
@pi_crew@social.project-insanity.org avatar

Unfortunately apps are still a bit unstable on . I added some workarounds by @GetPsyched to the wiki on how to get VSCodium running again πŸ”§ https://nixos.wiki/wiki/VSCodium

sandro,
@sandro@c3d2.social avatar

@pi_crew That crash related to the last bigger mesa update should be solved since months. Didn't run into this for a long time myself.

The currently vscode crashes when you open two instances and fancy title bars are enabled.

dennisfaucher, to NixOS

This is a great post by @b0rk regarding . Also, reminds me that my personal use cases don't require recreating OS builds and that's why Nix always makes my head hurt πŸ™‚

Some notes on NixOS

https://jvns.ca/blog/2024/01/01/some-notes-on-nixos/

sandro,
@sandro@c3d2.social avatar

@dennisfaucher @b0rk

> I switched to Caddy a while back from nginx because it automatically sets up Let’s Encrypt certificates.

NixOS does the same for nginx with lego AMD you don't need to rewrite existing nginx in nixos in caddy.

w4tsn, to NixOS
@w4tsn@darmstadt.social avatar

sandro,
@sandro@c3d2.social avatar

@w4tsn I don't understand the question

c3d2, to random German
@c3d2@c3d2.social avatar

πŸ‘€ πŸͺœπŸ’‘ :ablobcatbongo:

sandro,
@sandro@c3d2.social avatar

jakehamilton, to NixOS
@jakehamilton@hachyderm.io avatar

Update scripts for Flake packages? Supported βœ…

https://github.com/snowfallorg/drift

sandro,
@sandro@c3d2.social avatar

@jakehamilton nix-update can do reasonable assumptions so that no update script or change to the package is required. I don't see the advantage here.

charadon, to NixOS
@charadon@8bit.red avatar

Ayyyy, migration successful from my borked install. Now I got it running on a VM because... why not lol

sandro,
@sandro@c3d2.social avatar

@charadon 5 minutes old VM and always in an undefined state and to some extent already broken

sandro, to random
@sandro@c3d2.social avatar

https://www.heise.de/news/Warum-ein-Sicherheitsforscher-im-Fall-Modern-Solution-verurteilt-wurde-9601392.html

🀑 :picardfacepalm:

  • All
  • Subscribed
  • Moderated
  • Favorites
  • β€’
  • JUstTest
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • osvaldo12
  • mdbf
  • Youngstown
  • cisconetworking
  • slotface
  • rosin
  • thenastyranch
  • ngwrru68w68
  • khanakhh
  • megavids
  • ethstaker
  • tacticalgear
  • modclub
  • cubers
  • Leos
  • everett
  • GTA5RPClips
  • Durango
  • anitta
  • normalnudes
  • provamag3
  • tester
  • lostlight
  • All magazines
    •