gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<cole-h> I don't think I'll ever sleep well again, after reading that
<cole-h> ;^)
claudiii has quit [Quit: Connection closed for inactivity]
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-chat
Church- has quit [Ping timeout: 255 seconds]
Church- has joined #nixos-chat
<aanderse> infinisil: is generators.toINI going to support list values any time soon? or ever?
<infinisil> Ah I wanted to reply to that eventually
<infinisil> aanderse: Does ini have lists?
<infinisil> If not, then the answer is probably no
<aanderse> yeah ini is a pretty loose format
<aanderse> so that answer probably makes sense
<aanderse> the mysql configuration file format is ini (ish)
<aanderse> it allows duplicate keys
<aanderse> key_a = value1
<aanderse> key_a = value2
<aanderse> so looking to map lists to that...
<aanderse> settings.key_a = [ "value1" "value2" ];
<aanderse> put a real hack solution together quickly
<infinisil> "Most implementations only support having one property with a given name in a section. The second occurrence of a property name may cause an abort, it may be ignored (and the value discarded), or it may override the first occurrence (with the first value discarded). Some programs use duplicate property names to implement multi-valued properties."
<infinisil> toINI could get another parameter, `allowDuplicates ? false`
<aanderse> yeah, pretty loose format... but mysql does the latter
<aanderse> i like that :)
<infinisil> Or maybe `listsAsDuplicateKeys ? false`
<aanderse> yeah
<infinisil> Hm I'm now wondering whether such parameters should be supported by #75584
<{^_^}> https://github.com/NixOS/nixpkgs/pull/75584 (by Infinisil, 12 weeks ago, open): Configuration file formats for JSON, INI, YAML and TOML
<gchristensen> (probably not... it risks ballooning the scope to infinity)
<infinisil> It would make the implementation more complicated, but it might be a good idea for changes like this in the future
lopsided98 has joined #nixos-chat
<aanderse> so for me to answer that question
<aanderse> i counter with: is this hack acceptable enough for you to click "merge"? https://github.com/NixOS/nixpkgs/pull/81940/files#diff-04ebdbb88277a2796ce7b9ba78be4c8aR25-R27
<aanderse> if you answer "yes, i'd merge that" then i'd say we can survive without support yet
<aanderse> if you would not click merge on that, maybe we need it now
<aanderse> ;-)
<aanderse> ha ha ha
<infinisil> aanderse: Now that I know that INI implementation sometimes allow that, I think it would make more sense to extend toINI
<aanderse> infinisil: i definitely agree toINI should support that. but will this delay my PR by days or weeks? ;-)
<infinisil> Hehe, I mean you could implement it in the same PR
<aanderse> yeah but i have like 2 or 3 more mysql PRs to put in and i wanted the "settings" PR to be first because it would be cleaner to the rest
<aanderse> also, i'm not a functional programmer... so whatever i could do, you could do much better
<aanderse> <3
<infinisil> Hehe, I wouldn't say that, you're doing pretty well imo!
* infinisil takes a look at how toIni could be extended
<gchristensen> aanderse: you are now
<gchristensen> sorry I don't make the rules
<aanderse> i love how infinisil reacts when you throw interesting problems his way :)
<gchristensen> me too
<drakonis> is hnix production ready?
<aanderse> starts off with "that sounds like work, i'm not touching that!"
<infinisil> Damnit ya sniped me again!
<aanderse> leave it a moment...
<aanderse> "oh that is an interesting problem..."
<aanderse> wait
<aanderse> he comes back X minutes later with code i couldn't have even dreamed up
<aanderse> :D
<aanderse> see he can't respond right now, he's too busy writing awesome code
<aanderse> infinisil++
<{^_^}> infinisil's karma got increased to 230
<infinisil> Hehe
<cole-h> infinisil: Get back to work!
<cole-h> infinisil++
<{^_^}> infinisil's karma got increased to 231
<infinisil> /o\
<samueldr> drakonis: I think it depends on what is needed
<samueldr> for consuming nix, I think it is
<samueldr> for transforming nix, I hope you don't like comments
<gchristensen> probably depends on "whose production?"
<samueldr> (last I heard quite recently it didn't keep comments and space information)
<drakonis> for the time being i would probably want to consume nix just to see how hnix feels like
<drakonis> but transforming nix might be a bit far away from me right now
<drakonis> you know what's surprising to me, one of emacs's maintainers is a nix user
<gchristensen> good ol' John
<gchristensen> he took me to my first and only Emacs meetup!
<drakonis> its reasonably pleasant to see such adoption
<drakonis> y'all still need someone who'll clean up the nix landing page
<drakonis> make it presentable
<samueldr> gchristensen: you can't stand emacs users either ;)
<jackdk> drakonis: I found hnix quite pleasant for generating nix
<gchristensen> samueldr: I don't have many of them proximal to me :P
<drakonis> jackdk: does it build?
<gchristensen> drakonis: agreed, the website betrays the project
<drakonis> i tried to get it to build for usage and it simply returned "its broken, bud"
<gchristensen> drakonis: btw that is johnw in #nixos
<drakonis> real cool.
<drakonis> oh yeah, do check the landing page, the github avatars are full sized
<drakonis> 512x512 avatars stretching up the page
<gchristensen> eh?
<drakonis> 450x450 actually
<gchristensen> looks good from here
<samueldr> gchristensen: commits list
<gchristensen> yep, looks good from here :P
<cole-h> This is what I see: https://paste.rs/CAH.jpg
<samueldr> I think the netlify transition is uh... something must be cached somewhere that shouldn't
<drakonis> cole-h: that's me
<cole-h> drakonis: o/
<cole-h> :D
<samueldr> that section of the site is going away soon, the commits listing, and the CSS has been removed already
<drakonis> hm, i see.
<samueldr> though *something* happened, I wonder what
* samueldr looks
<drakonis> github probably?
<samueldr> nah, github isn't involved here
<samueldr> well, it is, but not like embedded in the page
<gchristensen> interesting
<samueldr> indeed, considering it should be gone as part of the same commit as the CSS
<samueldr> also stuck at march 5th data
<cole-h> Netlify >:(
<samueldr> thursday, when the homepage alert started acting up *and* was supposed to be removed
<drakonis> ITS BROKE, JIM.
<gchristensen> oh right I should deploy that
<samueldr> :)
<drakonis> wrt website: couple the redesign along with launching a big feature
<drakonis> and that'll probably land you a lot of attention
<drakonis> new docs new webpage?
<cole-h> Funny joke
<gchristensen> I'm not sure we have the kind of budget to do a coordinated release like that :D
<cole-h> :^)
<drakonis> heh
<gchristensen> new website -> shipit
<cole-h> :shipit:
<drakonis> perfect
<gchristensen> but we could gussy up the website today and put on some fanciness and still have a bad website. the content isn't there
wildtrees has quit [Quit: Leaving]
<drakonis> probably, yes.
<drakonis> it'd best be paired with some news worthy change
<gchristensen> yeah
<cole-h> "docs are now on multiple pages"
<cole-h> :o
<gchristensen> I have a PR for that ... it just takes 30min to build them.
<gchristensen> on a fast laptop. I don't want to find out how long on an rpi
<drakonis> a fast laptop you say?
<drakonis> how fast
<samueldr> fast
<drakonis> is it red?
<drakonis> because red runs faster
<gchristensen> it has little flame stickers on the wrist areas below the keyboard
<drakonis> sick, the fastest.
<gchristensen> =)
<cole-h> haha
<infinisil> aanderse: Done the thing, #82208 :D. The code is not superb, but eh it should do
<{^_^}> https://github.com/NixOS/nixpkgs/pull/82208 (by Infinisil, 1 minute ago, open): lib/generators: Add toINI option for duplicate keys
<cole-h> If Nix had docs like Rust does... I would love it so much more than I already do
<drakonis> racket also has some really nice docs
<cole-h> Never heard of it, actually -- got a link for the lazy?
<drakonis> spectacular docs quality
<cole-h> Oh yeah wait I have seen this recently
<cole-h> Maybe it was listed in the docs PR or something
<cole-h> Yeah, I agree that they look really nice
<drakonis> it was brought up recently when docs talk came up
<drakonis> in irc even
<drakonis> they have a dsl for writing docs!
<drakonis> and books!
<cole-h> ๐Ÿ‘€
<drakonis> its so beautiful
<drakonis> there's even a book called beautiful racket, written in a dsl by the guy who wrote the book
<infinisil> I know you didn't say this exactly, but I heard "There's a book, written by the guy who wrote the book" lol
<cole-h> infinisil: Could you briefly explain what `mkKeyValue ? mkKeyValueDefault {} "=",` means? Does that allow the use of a custom `mkKeyValue` function?
<cole-h> (in that toINI PR)
<infinisil> cole-h: Yeah
<cole-h> Just making sure I'm parsing it correctly
<cole-h> Thanks :)
* cole-h still hasn't read the entire Nix/Nixpkgs manual
<infinisil> I don't think anybody has!
<cole-h> :D
<cole-h> Looks like a relatively elegant solution
<cole-h> s/relatively//
<infinisil> Yeah I like how these parameters are done
<infinisil> Even though there aren't any (yet)
<infinisil> I believe Profpatsch++ is the one writing it like this, he's really good at designing libraries :o
<{^_^}> Profpatsch's karma got increased to 11
<drakonis> cole-h: its fairly nice.
evanjs has quit [Quit: ZNC 1.7.5 - https://znc.in]
evanjs has joined #nixos-chat
<cole-h> Every time I see the HomepageUpdateStuck I think of "Door stuck!"
<aanderse> thanks infinisil !
<infinisil> :D
waleee-cl has quit [Quit: Connection closed for inactivity]
<lovesegfault> Dealing with US regulations is so weird
<lovesegfault> Since starting my immigration proceedings I have basically become a bureaucrat
<lovesegfault> I sent an email today basically saying "It seems like I fall under 8 CFR 103.2(10), and in turn 8 CFR 103.2(10)(ii) and CFR 274a.12(b)(20), although on the latter only ยง214.2 is applicable to me, meaning the interim benefits are on hold until 8 CFR 103.2(8)(ii) has been appropriately filed"
<lovesegfault> What am I doing with my life
<lovesegfault> I'm the "you can't file for this form without first having this other form" guy
<cole-h> zzz see you in 20 years
<lovesegfault> Yeah, it's... something
<cole-h> Just be born here lol
<lovesegfault> So much of my mind is taken by USCIS regulations it's insane
<infinisil> Laws feel like some ugly-ass spaghetti code everybody has been adding to for centuries, without ever removing or simplifying anything
<lovesegfault> infinisil: readin the e-CFR is like reading old perl
<{^_^}> #81418 (by JoshuaFern, 1 week ago, open): NixOS for Pentesting Overview
drakonis has quit [Ping timeout: 256 seconds]
<cole-h> Java and NPEs, name a more iconic duo
myskran has quit [Ping timeout: 256 seconds]
drakonis has joined #nixos-chat
* lovesegfault sighs
<lovesegfault> Can I not see the edit date on NixOS wiki?
cole-h has quit [Ping timeout: 260 seconds]
betawaffle has quit [Quit: Oh noes, my ZNC!]
drakonis has quit [Quit: WeeChat 2.7.1]
lovesegfault has quit [Quit: WeeChat 2.7.1]
Jackneill has joined #nixos-chat
__monty__ has joined #nixos-chat
lovesegfault has joined #nixos-chat
lovesegfault has quit [Quit: WeeChat 2.7.1]
lovesegfault has joined #nixos-chat
KeiraT has quit [Remote host closed the connection]
KeiraT has joined #nixos-chat
lovesegfault has quit [Quit: WeeChat 2.7.1]
<{^_^}> sphalerite: I'll pass that on to lovesegfault
lovesegfault has joined #nixos-chat
<sphalerite> lovesegfault: just answered your question lol
<lovesegfault> sphalerite: which one?
<{^_^}> lovesegfault: 24 seconds ago <sphalerite> https://nixos.wiki/index.php?title=NixOS_on_ARM&action=history
<lovesegfault> sphalerite: Ah! Nice!
<lovesegfault> thanks :)
<sphalerite> it's not visible if you're not logged in though, will pass it on to #nixos-wiki
lovesegfault has quit [Client Quit]
lovesegfault has joined #nixos-chat
<sphalerite> lovesegfault: why do you keep disappearing and reappearing? x)
<lovesegfault> I'm trying to get icons on my notifications :P
<sphalerite> oh lol
<icey_> morning
icey_ is now known as iceypoi
<lovesegfault> sphalerite: pingme!
<sphalerite> lovesegfault: join #
<lovesegfault> sphalerite: I got it working :D
<sphalerite> \o/
<lovesegfault> sphalerite: I lied
<lovesegfault> ping me
<sphalerite> lovesegfault: join #bottest, say ",library lovesegfault"
<sphalerite> then the bot will ping you
<lovesegfault> sphalerite: now it's perfect
<lovesegfault> 32x32 icons
* lovesegfault rests
veske has joined #nixos-chat
<andi-> lovesegfault: shouldn't you be in bed? :P
veske has quit [Quit: This computer has gone to sleep]
<gchristensen> emily: PM me when you can?
<gchristensen> (no rush)
mrCyborg has joined #nixos-chat
betawaffle has joined #nixos-chat
mrCyborg has quit [Ping timeout: 268 seconds]
mrCyborg has joined #nixos-chat
myskran has joined #nixos-chat
abathur has joined #nixos-chat
myskran has quit [Ping timeout: 265 seconds]
mrCyborg has quit [Ping timeout: 260 seconds]
neeasade has joined #nixos-chat
waleee-cl has joined #nixos-chat
<infinisil> It's.. beautiful
claudiii has joined #nixos-chat
cole-h has joined #nixos-chat
drakonis has joined #nixos-chat
mrCyborg has joined #nixos-chat
mrCyborg has quit [Ping timeout: 258 seconds]
myskran has joined #nixos-chat
abathur has quit [Ping timeout: 265 seconds]
myskran has quit [Quit: myskran]
Synthetica has joined #nixos-chat
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
neeasade has quit [Ping timeout: 272 seconds]
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
Jackneill has quit [Remote host closed the connection]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
mrCyborg has joined #nixos-chat
avn has joined #nixos-chat
abathur has joined #nixos-chat
<lovesegfault> cole-h: You around?
<cole-h> lovesegfault: pong
<lovesegfault> look what I did
abathur has quit [Quit: abathur]
abathur has joined #nixos-chat
lovesegfault has quit [Quit: WeeChat 2.7.1]
wildtrees has joined #nixos-chat
mrCyborg has quit [Quit: WeeChat 2.7.1]
wildtrees has quit [Remote host closed the connection]
wildtrees has joined #nixos-chat
<eyJhb> joepie91: are you available for some CSS help?
<eyJhb> Or anybody for that case. Using UIKIT an have no clue why it won't show 100% width when on phone
<samueldr> eyJhb: it *could* be that the HTML document doesn't declare the right viewport, or even worse, be in quirks mode, but the latter is inlukely
<samueldr> unlikely*
<samueldr> though "won't show 100% width", I'm not sure what that means
<eyJhb> `<meta name="viewport" content="width=device-width">` is in the head
<eyJhb> Not pretty or anything, I just want it to be full width on mobile. And then I will hide the sidebar as well, when I come to that :D
<eyJhb> And it is very early stage atm.
<samueldr> and what is the issue? that you get an horizontal scrollbar?
<samueldr> you'll probably have to deal with max-width and overflow-x in pre
<samueldr> max-width for images mainly
<samueldr> img { max-width: 100%; } is present in all my base CSS
<samueldr> oh, those are matjax, not images
<eyJhb> samueldr: I would just expect it to expand the navbar https://i.imgur.com/FoLxTE0.png
<samueldr> no idea how that would be fixed for "max-width"
<eyJhb> Because I can see that it is the equations now playing nicely
<eyJhb> Yeah... :(
<samueldr> ah, that's chrome
<samueldr> firefox handles it differently
<eyJhb> Does it work in FF?
<samueldr> literally what I just checked
<samueldr> it looks like chrome helpfully zooms out
<samueldr> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<samueldr> but *don't* forbid scaling!
<samueldr> though yeah, pretty sure chrome only helpfully zoomed out *because* of that width overflowing at scale 1
<samueldr> so, "it works", but you have the usual issue of fitting 10lbs of crap in a 5lbs bag
<eyJhb> Makes sense
<eyJhb> I will just hide the sidebar, that will help a ton not displaying a menu over the text
<samueldr> really looks like your only issue is with mathjax
<samueldr> which I don't know enough about to help
<eyJhb> Me neither, it has been a pain so far. But it works wonderfully at the same time
<eyJhb> Actually pretty cool
<eyJhb> I just need to edit some in my markdown to html parser, to not parse inside $$
<eyJhb> But... It doesn't seem that easy/nice to do in blackfriday (Golang)
<eyJhb> Thanks samueldr !
<eyJhb> :)
lovesegfault has joined #nixos-chat
<cole-h> lovesegfault: ๐Ÿ‘€ That's very interesting. I've been wanting to make systemd units out of that setup for a while
<lovesegfault> cole-h: I pushed some more fixes after that commit
<lovesegfault> but it's all working now :D
<cole-h> Just finished my Java AVL tree implementation. Glad this assignment is over -- much rather be writing Rust :(
<lovesegfault> :)
endformationage has joined #nixos-chat
<infinisil> Trees are ugly in languages that don't support ADTs
<infinisil> ADTs just make everything nicer :)
<ar> adt?
<emily> languages that don't support ADTs include: Nix :'(
<gchristensen> man, printers.
<andi-> They are great if they just work? :)
<samueldr> so they're not great, I see
<andi-> depends, if you are the person in charge actually printing something then probably not
<gchristensen> I have one which refuses to wake from sleep
<gchristensen> and 20.03 seems to be breaking it
<andi-> Sounds like we need a virtual printer for a test?
<gchristensen> absolutely not
<gchristensen> this is unique to my junky setup
<infinisil> Oh, I'm pretty sure this must exist already, but is there a company that prints stuff for you, then sends it via mail?
<infinisil> For people who almost never need to print anything
<andi-> I am actually looking for a (decent) reverse service.
<samueldr> better: sends it to other people
<samueldr> scanning mail? I think there are in the US
<samueldr> now you only need to move :)
<infinisil> reverse would be nice too
<andi-> We also have some here but either they charge you >1โ‚ฌ per mail or there is no proper API / automated way to retrieve stuff without clicking on the website..
<colemickens> I try to wait until I'm near a UPS/FedEx type place that have printers you can use for a dollar or two
<colemickens> again maybe US centric though?
<andi-> I wouldn't mind paying 1โ‚ฌ per page I need to print.. I would rather not pay that per page that was scanned :D
<gchristensen> this breakage has to do with some grayscale thing
<gchristensen> well it works now
mrCyborg has joined #nixos-chat
<lovesegfault> andi-: guess who got multi-arch morph working? :)
<andi-> lovesegfault: me?
<lovesegfault> I did :P
<lovesegfault> tadaa
<andi-> Still don't have any other arch devices with NixOS :/
<lovesegfault> just buy a bunch of RPis
<andi-> I have them and technically they run NixOS.. I just don't use them for anything important so they are mostly off
* lovesegfault feels meh about morph
<lovesegfault> I'm so tempted to riir
<andi-> not worth the effort
<lovesegfault> is gcc borked on i686?
drakonis has quit [Quit: WeeChat 2.7.1]
<adisbladis> What's the big selling point of morph?
<gchristensen> is there a list of fun things a hacker (developer) like me can do with yubikeys?
<andi-> adisbladis: no local state, it feels less clunky for me
<andi-> it doesn't do provisioning, just deployment
<andi-> and it feels more hackable :/
<andi-> (and more alive)
<adisbladis> gchristensen: Ohh boy. Where to start?
<gchristensen> :)
<adisbladis> What would you like to achieve?
<adisbladis> andi-: "no local state" - fixable in nixops
<adisbladis> andi-: "it feels less clunky for me" - Id like this quantified if possible
<adisbladis> I'm genuinely curious
<andi-> adisbladis: yeah, not arguing it is better just different and maybe more suites for some very simple use cases.
<lovesegfault> adisbladis: for me it was way easier to grok morph than NixOps
<andi-> adisbladis: I always had a bad time finding the right incarnation to handle my "deployments" (or whatever it is called). Then I did run into random runtime errors.. and looked at the python code and decided to move on and do something else
<lovesegfault> module some wonkyness around cross-compiling with morph
<lovesegfault> like, this is all I had to do to start using morph: https://github.com/lovesegfault/nix-config/blob/master/deployment.nix
<lovesegfault> its super simple
<joepie91> adisbladis: to me, morph is very much a "does what it says on the tin" tool
<joepie91> it's super easy to reason about it, how it behaves, exactly what it adds on top of NixOS
<joepie91> no "wtf, how does that even work" surprises
<__monty__> What I wonder is why morph gets all the love and krops is rarely mentioned?
<joepie91> I can just assume that it will work as I intended, every time - whereas with NixOps I regularly had to dive into the source to debug some edge case, or to figure out where a bit of seemingly-corrupted state was hiding, etc.
<adisbladis> __monty__: Imho krops is hardly an improvement over `nixos-rebuild --target-host=...`
<__monty__> adisbladis: What does morph do beyond that?
<joepie91> adisbladis: (also, I suspect that a big part of all of the above comes from the fact that morph has a clear, singular purpose; whereas NixOps tries to be an ~infrastructure manager~ and it's not even clear how big that scope is, let alone how all the pieces relate to each other)
<adisbladis> joepie91: Thats fair :)
<adisbladis> __monty__: Well, nothing I think ?
<lovesegfault> adisbladis: do you use NixOps?
<adisbladis> Yes
<__monty__> adisbladis: Well, hence my wonderment re the love for morph and the lack of love for krops : )
<lovesegfault> is your config public?
<infinisil> Relevant is my WIP project, also for managing multiple machines: https://github.com/Infinisil/nixoses
<infinisil> With some cool features
<andi-> __monty__: I guess krops just didn't spread wide enough :)
<adisbladis> __monty__:
<adisbladis> Oh! Morph does local building and `nix copy`
<joepie91> __monty__: one problem I see is that krops doesn't do arbitrary secret management
<joepie91> emphasis on "arbitrary" -- "must store it in passwordstore" is not good enough when you're dealing with credential config files for applications
<infinisil> joepie91: For my own tool, what secret stores would you need?
<infinisil> (For research for my own tool)
<joepie91> infinisil: the filesystem
<lovesegfault> adisbladis: that looks... super simple
<joepie91> infinisil: with morph I can just say "copy this file into that path on the target system"
<joepie91> and it doesn't touch the nix store
<adisbladis> lovesegfault: Because it is :)
<lovesegfault> adisbladis: do you not pin nixpkgs?
<infinisil> joepie91: Yeah that's currently how I do it too with nixoses (in some rather fancy way)
<infinisil> I'm wondering whether people need other things as well
<gchristensen> adisbladis: well, for example, I have a program running as root. it takes a request from a not-root user. I'd like to have the program require a tap-of-the-key to proceed
<gchristensen> but like, a specific, registered key
<__monty__> joepie91: Are you sure you can't achieve a similar result with password-store? I know you can pretty much store arbitrary files.
<adisbladis> lovesegfault: It's a git submodule of my config
<joepie91> __monty__: afaik all files in passwordstore are encrypted
<joepie91> that is not a desirable property for config files that need to be accessible by services :)
<lovesegfault> adisbladis: yeah, I see that now :)
drakonis has joined #nixos-chat
<__monty__> joepie91: You can get them decrypted at runtime though.
<joepie91> __monty__: I don't like unnecessary complexity in my infrastructure
<joepie91> that just constitutes a new thing that can break
<lovesegfault> Hmm, one of our servers has ssh MFA enabled
<lovesegfault> I have a CLI that generates the otp
<lovesegfault> does anyone have any ideas on how to input it automatically?
<lovesegfault> so I don't have to ssh and then paste the otp+enter
<johanot> with morph, I feel we've some time been at a crossroads where we either start implementing a lot of extra features for very specific use-cases, or we find a way to make it more extendable / pluggable / hookable. :) that's especially the case when it comes to handling of secrets.
malSet has joined #nixos-chat
<johanot> lovesegfault: sorry, have been busy. did you resolve your cross-build issue with morph?
<lovesegfault> johanot: Yes!
<lovesegfault> No worries
malSet has quit [Read error: Connection reset by peer]
<lovesegfault> It was a bit hacky though, johanot
<joepie91> lovesegfault: uh... if you're generating the OTP code on the same system that you log in from, your MFA is more or less useless
<lovesegfault> joepie91: Yes, I am working around SRE's drudgery
<joepie91> because anyone who obtains your credentials therefore has access to the same system that the OTP key material lives on
<joepie91> (assuming you use SSH keys rather than memorized passwords, which I hope you do :P)
<lovesegfault> the OTP key is gpg encrypted on my local box
<lovesegfault> SRE can't be bothered to support yubikeys so I am waging war on their MFA
<joepie91> lovesegfault: if you have a 'normal' yubikey you can use that to do TOTP safely, fwiw
<joepie91> using the desktop authenticator app
<joepie91> key material is stored on the yubikey and you can make it require a physical press
<joepie91> (this is how I do 2FA for npm, they only support TOTP)
<Church-> joepie91: But pgp yubikeys are nicer :3
<Church-> My digital identity is tied that thing
<Church-> And it's currently fscking lost in my apartment >_>
<johanot> :(
<Church-> Thankfully I have a copy of the key on my phone so I can still get into my password manager there
<Church-> Ugh
<johanot> and where to put all those 2FA recovery codes you get everywhere.. hehe.
<johanot> into the password manager as well, of course
<gchristensen> adisbladis: ^ did you see my folllow-up on what I want to do?
Jackneill has joined #nixos-chat
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<__monty__> Church-: Uhm, if you store the key on your phone, why even bother with a yubikey?
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<Church-> Eh ease of access to my password manager
<Church-> Like I don't think Google or the NSA is gonna give a shit about my key
<Church-> And that's the only ones I'm worried about
<__monty__> What's easier about the yubikey than having the gpg key on your computer?
<gchristensen> you can use it to log in to github etc
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<lovesegfault> if someone wants the easiest review of their lives: https://github.com/NixOS/nixpkgs/pull/82289
<{^_^}> #82289 (by lovesegfault, 2 minutes ago, open): passh: init at 2020-03-10
<__monty__> gchristensen: Don't totp apps on the phone take care of that?
<gchristensen> yes, but TOTP is phishable and U2F is not
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<__monty__> Are many people who are security conscious enough to get a yubikey vulnerable to phishing?
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<gchristensen> yes, everybody is vulnerable to phishing
malSet has joined #nixos-chat
<gchristensen> https://www.yubico.com/about/reference-customers/google/ is an interesting read
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<__monty__> Why is TOTP more phishable than U2F?
malSet has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.7.1]
malSet has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
<__monty__> Why is this so hard to find?
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
<__monty__> Can a phishing site not get the challenge from the target site and relay the response from the U2F key?
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos-chat
malSet has quit [Read error: Connection reset by peer]
claudiii has quit [Quit: Connection closed for inactivity]
<__monty__> So all U2F is is the browser passing the url on to the device?
<adisbladis> gchristensen: Yeah.. That sounds more like a network protocol issue than a yubikey issue?
__monty__ has quit [Quit: leaving]
cocreature has joined #nixos-chat
lovesegfault has quit [Quit: WeeChat 2.7.1]
<gchristensen> adisbladis: I want th eprogram running as root to do the yubikey thing
<gchristensen> adisbladis: though to be fair, my original question was what are some cool things which can be done :P
<gchristensen> and so then I came up with an example idea
drakonis has quit [Ping timeout: 268 seconds]