gchristensen changed the topic of #nixops to: NixOps related talk | logs: https://logs.nix.samueldr.com/nixops/ https://meet.jit.si/NixOpsReview
kalbasit has quit [Ping timeout: 264 seconds]
kalbasit has joined #nixops
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixops
kalbasit_ has joined #nixops
manveru_ has joined #nixops
manveru has quit [Ping timeout: 256 seconds]
grfn has quit [Ping timeout: 256 seconds]
grfn has joined #nixops
kalbasit has quit [Ping timeout: 256 seconds]
manveru_ is now known as manveru
kalbasit has joined #nixops
kalbasit has quit [Ping timeout: 256 seconds]
kalbasit has joined #nixops
kalbasit_ has quit [Ping timeout: 256 seconds]
kalbasit_ has joined #nixops
kalbasit_ has quit [Ping timeout: 260 seconds]
kalbasit_ has joined #nixops
kalbasit_ has quit [Ping timeout: 264 seconds]
kalbasit has quit [Ping timeout: 260 seconds]
grfn` has joined #nixops
grfn has quit [Ping timeout: 256 seconds]
grfn` is now known as grfn
cole-h has quit [Ping timeout: 272 seconds]
teto has quit [Ping timeout: 264 seconds]
teto has joined #nixops
<srk> hmm, I'm trying dev env with nixops and nixops-libvirtd. nix-shell in nixops-libvirtd using modified pyproject.toml with nixops = {path = "/localcheckout/" } and it seems to pick it up when doing poetry lock, poetry install, poetry shell but not update it in virtualenv afterwards
<madonius[m]> How are you people managing the secrets that you use in nixops? I kinda want to avoid having them in the git-repo
<srk> have them somewhere on filesystem, like /secrets
<srk> for one deployment we were using git-crypt, then it was switched to /secrets since there's only one machine that deploys the cluster. the one I'm working on currently uses git-crypt again
<madonius[m]> do you version them?
<srk> downside is you cannot deploy without decrypting
<srk> yes
<madonius[m]> I see
<srk> they are opaque binary blobs until decrypted, it's a little weird. there's also nix-sops and ... w8 a sec
<srk> git diffs are working properly when unlocked
<madonius[m]> I did have a look into sops. But to be honest it does not make the best impression in terms of maturity ^^'
<srk> the only thing I'm missing from git-crypt solution is being able to provide "demo" secrets, so the deployment can be built without unlocking
meh` has joined #nixops
awaxa has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
kalbasit has joined #nixops
kalbasit has quit [Quit: WeeChat 2.9]
meh` has quit [Ping timeout: 272 seconds]
cole-h has joined #nixops
blueberrypie has quit [Quit: Ping timeout (120 seconds)]
blueberrypie has joined #nixops
dmj` has quit [Ping timeout: 246 seconds]
davidtwco_ has quit [Ping timeout: 260 seconds]
davidtwco_ has joined #nixops
dmj` has joined #nixops
teto has quit [Quit: WeeChat 3.0]