<bbigras>
I wish magit-force would support crazy big repos like nixpkgs
<bbigras>
magit-forge*
<adisbladis>
bbigras: I have been running magit-forge on nixpkgs
<adisbladis>
It kinda works
<adisbladis>
I let the intial sync run overnight
<cole-h>
Yeah, I'm rerunning now that I have every single PR ref pulled
bqv has quit [Quit: WeeChat 3.0]
<bbigras>
adisbladis: I tried it once and it was super slow iirc.
<bbigras>
with subsequents fetches be shorter if everything is already fetched?
<adisbladis>
It wasn't exactly fast, but it was workable
<adisbladis>
I stopped using it when I switched laptops
<cole-h>
Nice, I hit my rate limit
<adisbladis>
As is tradition
<cole-h>
:D
<cole-h>
,ping
<{^_^}>
pong
tilpner_ has joined #nixos-chat
tilpner has quit [Ping timeout: 256 seconds]
tilpner_ is now known as tilpner
slack1256 has joined #nixos-chat
<infinisil>
infinisil++
<{^_^}>
infinisil's karma got decreased to 403
<cole-h>
infinisil++
<{^_^}>
infinisil's karma got increased to 404
<cole-h>
>:(
<infinisil>
Damnit!
<infinisil>
Oh
<infinisil>
The code is a mess, I see the problem
<infinisil>
infinisil++
<{^_^}>
infinisil's karma got decreased to 403
<infinisil>
cole-h: (if you would be so kind :P)
<cole-h>
infinisil++
<{^_^}>
404 Karma not found
<cole-h>
:d
<infinisil>
Ayy!
<cole-h>
s/K/k/
<cole-h>
wait
<cole-h>
jk
<infinisil>
The actual status would be "Not found" i think
<infinisil>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 411
<infinisil>
Close to another number hehe
bqv has joined #nixos-chat
bqv has quit [Quit: WeeChat 3.0]
bqv has joined #nixos-chat
slack1256 has quit [Remote host closed the connection]
genevino has quit [Remote host closed the connection]
genevino has joined #nixos-chat
<cole-h>
9 days ago: PR author asks "is there a way forward". 8 days ago: Project collaborator answers "once the CI issues are solved, we can merge this". 7 days ago: Project member asks PR author to essentially rebase in order to fix CI.
<cole-h>
Today:
<cole-h>
<this space intentionally left blank>
<abathur>
is the rebase straightforward? :)
<cole-h>
yes
<cole-h>
As in, I just did it myself.
<abathur>
yeah, I wish owners/maintainers/collaborators would just take stuff when it's in a state like that
<cole-h>
Or just, y'know, push the rebase themselves lol
<abathur>
sure, but it depends
<cole-h>
Well, I guess if the PR author disabled the "allow edits by authors / maintainers / whatevers"
<cole-h>
would make sense why they couldn't
<abathur>
in a lot of cases I'm not going to sit in a loop for 2 days waiting for them
<abathur>
I move on with my life
<abathur>
and if I get myself sucked into something before 2 days is up, shrug
<cole-h>
Maybe the author is just busy or smth, they've disappeared from GH altogether (no activity on GH since they asked how to move forward)
<abathur>
there's a big opportunity cost to letting something sit at the top of my mental stack for 2 days; it's not a big deal if it's something that's a big deal or blocker for me--it'll be on my mind anyways--but if it's a small drive by improvement/fix and they make me spend more time cleaning toilets than I spent on the change, shrug
<abathur>
nod
<abathur>
life snatches you sometimes, too
<cole-h>
I'd really like this PR to be merged though, so I can use age + sops without binary characters in my encrypted file tho :(
<abathur>
stated another way, I get pissed when good contributions aren't getting merged because authors/maintainers are playing passive-aggressive ball-is-in-your-court games with people who already did correct work once and aren't really at fault for whatever has been refactored under them
<abathur>
I basically hit my lifetime limit for that this spring when I had someone completely rewrite their test/CI setup under me because my PR made it obvious that they didn't like their existing CI setup and then started nudging me to redo mine, when they could've just pulled my work in and refactored their CI on top of it
<abathur>
so now it's a smell for me
<abathur>
unless it's a blocker I be a suck up for :P
kini has quit [Remote host closed the connection]
kini has joined #nixos-chat
<pie_>
<__monty__> Wayland has come across to me as "It's too hard to implement all of X11 correctly and performantly, so we're going to implement only the core and leave the hard parts for each WM/DE to deal with."
<pie_>
<etu> That's pretty much it, but at the same time it's kinda nice to have a protocol that doesn't end up doing things like some of the things that ended up in X.org at some point, like the printer server that used to be there
<pie_>
big oof @ lol yall deal with the hard part
endformationage has quit [Quit: WeeChat 2.9]
lunc has quit [Ping timeout: 246 seconds]
lunc has joined #nixos-chat
waleee-cl has quit [Quit: Connection closed for inactivity]
<colemickens>
cole-h: I wish that project were just better all around.
<colemickens>
cole-h: it's not fun at all to use as a library, the cli is brittle as all get out and I've noticed the same with maintainership
kini has quit [Remote host closed the connection]
kini has joined #nixos-chat
<cole-h>
colemickens: Guess that's what happens when you fire X% of your developer force (re: maintainership)
* colemickens
sighs
<cole-h>
colemickens: I wonder what sops (and sops-nix) does that couldn't be achieved by just using age directly. age can encrypt to and decrypt with SSH keys... isn't that most of what sops-nix does?
<cole-h>
And how many of those things unique to sops are actually used (at least in my case)
<colemickens>
sops supports more than just ssh/age/gpg
<colemickens>
age-nix does use age directly, I think
<colemickens>
for me, sops-nix having automatic cloud integration is an important selling point
<cole-h>
Do you have a link to age-nix? A simple GH search doesn't bring it up for me
<cole-h>
colemickens: Thanks for reminding me of that. I don't need any cloud support (yet), so I think I may migrate from sops to agenix :D
<aterius>
This is a dumb question, but what kind of secrets do you need agenix/sops for? I don't have many keys apart from ssh/gpg
<cole-h>
I want to move away from gpg, and age seems nice
<cole-h>
My secrets include a git config include file with an auth token in it, my ~/.ssh/config so as not to leak potentially sensitive hosts, my imgur script with api tokens, my cachix.dhall which holds a secret keypair for my caches
<cole-h>
amongst others
srk has quit [Remote host closed the connection]
srk has joined #nixos-chat
<aterius>
I've been using git-crypt for the everything under ssh
<cole-h>
Which uses gpg :P
<aterius>
Yes, just commenting. I've been thinking of ways to try to make it less annoying for others looking at my dotfiles. Right now if you clone/use them it will yell at you that your ssh config is gibberish :P
<cole-h>
That's why I have a secrets submodule :P
<colemickens>
git-crypt doesn't keep encrypted secrets out of /nix/store though
<cole-h>
Unless you do the little mkOutOfStoreSymlink (from h-m) dance like I do
<colemickens>
and then have to make sure you have stuff cloned on your target hosts :S
<cole-h>
Good thing we can forward the gpg-agent socket through SSH :D
<cole-h>
(But yes, not ideal)
<cole-h>
(which is why I'm switching away)
<aterius>
Yeah, I realize the disadvantages. I am interested in migrating to sops/age once the activation energy is a bit lower
<aterius>
For my case where I am the single user on almost all of my systems, not the biggest deal about the unencrypted store secrets, but still not optimal
cole-h has quit [Ping timeout: 246 seconds]
jared-w has quit [Ping timeout: 258 seconds]
Guest88372 has quit [Ping timeout: 264 seconds]
sorear has quit [Ping timeout: 264 seconds]
sorear has joined #nixos-chat
jared-w has joined #nixos-chat
Guest88372 has joined #nixos-chat
kini has quit [Remote host closed the connection]
kini has joined #nixos-chat
evanjs- has joined #nixos-chat
evanjs has quit [Ping timeout: 256 seconds]
genevino has quit [Ping timeout: 256 seconds]
AtnNn has quit [Ping timeout: 256 seconds]
AtnNn has joined #nixos-chat
genevino has joined #nixos-chat
kini has quit [Remote host closed the connection]
kini has joined #nixos-chat
rajivr has joined #nixos-chat
lunc has quit [Ping timeout: 264 seconds]
<V>
<gchristensen> it looks like mako doesn't support anything but trivial libnotify notifications ← it does support actions, but what you can actually do with them currently is somewhat limited
<V>
there are various as-of-yet unmerged patches, which add things like allowing one to exec a program when clicking a notification
<V>
which is currently impossible to do, because they're layer-shell surfaces, which aren't normal windows that can be scripted in sway
<V>
(I was trying to figure exactly this out a couple of days ago)
<V>
for now, the best thing you can manage to do is bind some kind of global hotkey to a script that runs `makoctl menu`, which in turn runs `makoctl list` and grabs the notification text + action names and presents them to you via dmenu or wofi &c
<V>
otherwise it will still execute the default action if you left-click, which is usually sane
<V>
overall, not ideal
__monty__ has joined #nixos-chat
<eyJhb>
*sigh* Jekyll tries to read symlinks in the main dir, so when I build something and get a results, it cannot build it again...
<gchristensen>
V: gotcha, I actually up and installed Gnome :x
<V>
gchristensen: I've been increasingly tempted to just dump wayland
<gchristensen>
that would be a big shift, esp. since X is dumped :P
<V>
I'll probably at least set up an X profile that mirrors my Wayland one
<V>
eh
<V>
it's just sway <-> i3, mako <-> dunst, etc
<gchristensen>
yea
<V>
I'm just annoyed at things constantly breaking, and being That One Person who's like "hey I'm running wayland and your thing doesn't work"
<gchristensen>
heh, yeah ...
<V>
and it's all consumed more time than I can reasonably allocate to it, tbqh
<gchristensen>
that said, gnome being wayland means a lot of people use wayland and don't know it
<gchristensen>
gnome wasn't working very well on my laptop, and I couldn't figure out how to install useful gnome-shell things, so I installed Ubuntu to see if it is better: maybe snaps are really great ways to install software and maybe they've actually solved a lot of problems and made it work well enough
<V>
while I'm certainly capable of figuring out why something breaks, it doesn't mean I enjoy it after the umpteenth iteration
<gchristensen>
^
<gchristensen>
I regret to share that the gnome terminal is just as slow on ubuntu, and the ubuntu snap package for alacritty doesn't work after I ran software updates --- which doesn't make much sense, since it is a snap it shouldn't really depend on the host much??
<V>
I refuse to touch snaps
<gchristensen>
the software store complains about missing directories, and clickinglinks in gnome terminal won't open my browser
<V>
I absolutely do not trust it to be any decent
<V>
it feels like the kind of thing that gives off the aura of being sandboxed but is actually broken in a somewhat subtle but extremely easy to exploit way
<V>
plus it's chonky as hell
<gchristensen>
lol, yea
<gchristensen>
I was pleasantly surprised and amused that the wormhole snap couldn't access ~/.ssh/id_ed25519.pub
<eyJhb>
Ahh yes, finally... Got my blog setup on my server, with SSL + nginx with webhooks to autoupdate/deploy it :D
<gchristensen>
I should figure out how to install gnome shell extensions and get back to nixos, this system is stressing me out
<eyJhb>
Ubuntu?
<gchristensen>
yea
<joepie91>
gchristensen: life decision crisis over? :P
<gchristensen>
probably not
<joepie91>
I have cases like this sometimes, where I start wondering whether my choice of tool really was the sensible one, and decide to give the alternatives a try again... only to very quickly rediscover why I had settled on that one tool choice
<f0x>
yeah.. especially window managers, everything but bspwm is unusable :P
<__monty__>
s/but/including/ FTFY
<eyJhb>
But sometimes, it is annoying have to package all the stuff you want to use, which is not in Nixpkgs...
<eyJhb>
Or having to keep track of all the bundlers for each language, and knowing how the work/how to be used.
<__monty__>
Tbh, I found that a bigger impediment on Ubuntu. And on Arch it basically necessitated use of the AUR with sometimes questionable package quality.
<eyJhb>
But the global state of just... gem stuff, and just running a bundle install etc.
<eyJhb>
Or Python just using pip
<eyJhb>
It would be a game changer, if we could have access to all of pip
<__monty__>
Yeah, everything being supported like hackage is would be wonderful.
<V>
<__monty__> s/but/including/ FTFY ← so true
chvp has joined #nixos-chat
<eyJhb>
Wondering, how come everything in hackage is supported, but not e.g. pip? Just the want Haskell is packaged?
<eyJhb>
the way* damnit
<siraben>
__monty__: what does AUR have by way of ensuring package quality?
<__monty__>
siraben: Many eyes? No official process I know of. Just people reporting problems to package maintainers.
<__monty__>
eyJhb: I'm not sure why anymore. But I've heard it's hard. I'm sure someone in #nixos could explain.
<gchristensen>
I feel like I'm missing something significant with gnome + nixos lol
<__monty__>
I mean, you *did* sell your soul to the devil...
<gchristensen>
where is the devil?
* eyJhb
*waves*
<gchristensen>
it appears that installing more programs requires I log out and log back in to have gnome se ethem
<eyJhb>
__monty__: that pip is hard, or that haskell is hard?
<__monty__>
(I don't actually like/dislike Gnome but I also don't have any experience with it to form an opinion. I used to like original Gnome, when it was Mate-like.)
<eyJhb>
gchristensen: Is it Ubuntu + Nix?
<srk>
maintaining any large set of packages is hard :)
<__monty__>
eyJhb: That providing all of PyPI is hard. Haskell being hard is a myth.
<gchristensen>
no, nixos
<eyJhb>
__monty__: Would be cool if there was a post about haskell...
<srk>
you can watch Petis twitch streams to get an idea of maintaining haskell packages in nixpkgs
<eyJhb>
Wait, we have someone that streams nixpkgs stuff?
<gchristensen>
I would be shocked if pypi actually only had 11,000
<srk>
that page says 282910 `I'm gathering counts of separate modules, so multiple versions of the same module/package/gem only count once (foo-1.2, foo-1.3 and bar-1.0 would count as 2 total).`
<srk>
npm .. 960/day
<__monty__>
A single haskell package can also contain multiple modules though.
<srk>
multiple library support is relatively new tho
<__monty__>
Even a single library can have multiple modules.
<srk>
example?
<__monty__>
The base package has both Data.List and Data.Map?
<__monty__>
Modules are the wrong thing to count imo.
<srk>
ah, ok
<srk>
I doubt these things actually count modules, that would require understanding the semantics of module in each ecosystem
<__monty__>
I was just going by the discrepancy between repology and modulecounts and the latter's name.
<__monty__>
Can't really find the latter's methodology.
<eyJhb>
But isn't that also because we package python stuff?
<__monty__>
Yes, think it counts *everything*. So that includes all of hackage.
<joepie91>
gchristensen: the GNOME installed application issue reminds me of a bug I think I filed a long time ago on nixpkgs
<__monty__>
Maybe not all, not sure the haskell infra keeps every version of every package, but many.
<joepie91>
but that was with KDE or XFCE
<joepie91>
gchristensen: basically the problem was that the trigger to rescan .desktop files for the application menu etc., was not correctly run
<joepie91>
and those menus use an internal cache
<srk>
__monty__: mostly latest
<joepie91>
so likely just a wiring problem with no rescan taking place upon rebuild
<eyJhb>
Appreciate any comments on my bash script to update my blog - https://termbin.com/6ovr , I am not sure if I can short this? Maybe a cleanup function, that will be called if the command fails?
cole-h has joined #nixos-chat
<__monty__>
Ah, ok. Looks like PyPI doesn't have a Google-less API with suitable data. So repology only cares about python packages in other repos. To have good "up to date" info.
<srk>
I see
<__monty__>
srk: Not quite only the latest haskell packages. I'm fairly certain I remember there being at least 3 GHCs supported so that probably implies about 3 versions per package.
<srk>
well most packages built with either ghc so you don't have to keep multiple versions
<srk>
*build
<__monty__>
Hmm, I guess I'm pessimistic about the number of packages with fairly strict constraints on base.
<eyJhb>
adisbladis: But I was thinking as a, all is packaged in Nixpkgs
<srk>
now turn it into pip2nix :D
<srk>
pypi*
<adisbladis>
srk: Huh?
<adisbladis>
eyJhb: That's impossible
<adisbladis>
Really.
<srk>
hackage2nix just calls cabal2nix for all of hackage :)
<adisbladis>
Ahh, TIL
<adisbladis>
Tbh not a bad idea :P
<eyJhb>
adisbladis: What if I had A LOT of time.
<eyJhb>
:p
<srk>
adisbladis: ^ that
<adisbladis>
eyJhb: You can't create a mutually compatible python set
<eyJhb>
True, that would be insane.
<adisbladis>
Nixpkgs has to patch a lot of version bounds
<__monty__>
adisbladis: Hackage isn't 100% self-consistent that way either.
<eyJhb>
*fucking python not just working with the latest version*
<adisbladis>
Tbh the entire notion of pythonPackages is faulty
<adisbladis>
We should package deps in the leaf packages and scrap the huge set
<__monty__>
A large part of it is because it builds off stackage though.
<__monty__>
adisbladis: Aye!
<__monty__>
I agree, I'm looking forward to having the haskell infra replaced by haskell.nix.
<eyJhb>
Captain my captain! (?)
<srk>
adisbladis: similar reasons as nodePackages?
<__monty__>
The workflow is just so much nicer.
<eyJhb>
Node. Is. Hell.
<srk>
yep
<adisbladis>
srk: Hm? I think nodePackages is much less of a problem
<adisbladis>
Because it's possible to have multiple versions of a package in a nodejs package graph
<adisbladis>
So you _can_ create a mutually compatible set
<srk>
ah. yeah that's what I meant
<adisbladis>
I mean, it is a problem :P
<srk>
didn't quite understand the implication of that
<adisbladis>
Just for other reasons
* srk
spent last week packaging three node apps, one using npm2nix (angular) and the other using yarn2nix (vue). lots of fun
<adisbladis>
Someone recently pointed out how these huge global files result in repo growth, because for even a single line diff you have to store the entire object again
<adisbladis>
Compress, sure, but still
<adisbladis>
Compressed*
<adisbladis>
srk: My condolences
<srk>
I've had to patch npm2nix so it retries downloads from cloudfront
<srk>
always managed to hit few errors when downloading ~1300 package infos
<adisbladis>
I'd like to see this adopted for all node packages eventually
<joepie91>
that looks similar to yarn2nix?
<srk>
it's written in Haskell
<__monty__>
I'm 100% for "Make nixpkgs understand language repositories instead of subsuming them like most (all?) other package repositories tend to do."
<__monty__>
It's one of the greatest leverages nix-the-language gives us.
<srk>
haskell.nix sort-of subsumes hackage / stackage to be able to do its magic
<srk>
IFD magic!
<srk>
eyJhb: one part of the project is gradle/kotlin app, had some fun with gradle2nix but it wasn't able to pick-up all the deps as some of them are dynamically sorted out using some boot modules. settled on fixed output drv instead
<__monty__>
srk: You mean the index tarballs?
<srk>
yup
<eyJhb>
srk: Yeah that's always fun! :D *still dream of a Nix based fdroid...*
<adisbladis>
__monty__: It is pretty hard though
<adisbladis>
It takes _a lot_ more work to get that right
<adisbladis>
But when you do it's an absolute boon
waleee-cl has joined #nixos-chat
<__monty__>
srk: I guess I don't really count that because there's no technical obstruction to fetching them every time. I'm not expecting any magic past "If it's on Hackage (or language repo X) it's in nixpkgs."
<__monty__>
adisbladis: Yeah, not saying it's easy. But I feel like it removes the friction that has always existed between distro-style package repositories and language repositories and that's worth the effort.
<adisbladis>
__monty__: I obviously agree with you being the author of more than one such tool ;)
<__monty__>
I have my hands full improving haskell.nix (with issue reports : ) )
<abathur>
man
<abathur>
I had a dream that was just too real
cole-h has quit [Remote host closed the connection]
<abathur>
I was watching some sort of event happen, not quite sure what, in the U.S. House of Representatives, and late in the event there's a surprise gasp when the speaker instructs the sergeant-at-arms to arrest donald trump in very serious voice. But then it got all jokey, like, "oh, there he goes!", but they've just let a monkey loose, and we get to watch the degrading spectacle
<infinisil>
Lol
<joepie91>
abathur: I only read the "had a dream" *after* getting through most of the description, and only near the end did I realize "hold on a moment..."
<joepie91>
this is probably not a good sign :P
<abathur>
yeah
<abathur>
I didn't realize it was a dream until the monkey
<joepie91>
hah
<abathur>
myself ;)
nckx has quit [Ping timeout: 256 seconds]
AtnNn has quit [Ping timeout: 256 seconds]
nckx has joined #nixos-chat
AtnNn has joined #nixos-chat
<pie_>
wait you mean literally a monkey
<pie_>
xD
<abathur>
yeah, like the small, agile, scampering type :)
rajivr has quit [Quit: Connection closed for inactivity]
Baughn has quit [Quit: ZNC 1.6.2+deb1 - http://znc.in]
BaughnLogBot has joined #nixos-chat
<eyJhb>
In pie_ defense, it might be hard to tell the difference between the two.
<pie_>
i read it as an insult at first
slack1256 has joined #nixos-chat
<eyJhb>
Well, it is! But not against you pie_ :D Or anyone in here
<eyJhb>
*I really hope at least*
<joepie91>
how many layers of ambiguity and miscommunication are we on now? :P
<infinisil>
That does look pretty slick. Is that the standard dbus notification style?
<gchristensen>
yea
<infinisil>
Neat
<gchristensen>
itis using a silly wrapper around `pass` to do that
<__monty__>
What does the Action button do?
<gchristensen>
nothing, lol, just didn't delete it
<__monty__>
>.<
<gchristensen>
I mean, you should ask how it determines Firefox is requesting it
<ekleog>
samueldr: :D (TBF, I picked NixtOS only because it's a pun on $university word by rewriting it Nix-TOS, though TOS doesn't really have any clear meaning per se)
<samueldr>
how it determines Firefox is requesting it?
<gchristensen>
how it determines Firefox is acessing the password
<samueldr>
ekleog: I gathered something like that, but to me it sure stuck, and actually TNG and Enterprise follow-ups would be somehow normal names!
<samueldr>
but Nix The Animated Series would be quite odd
lunc has joined #nixos-chat
<__monty__>
Such Baader-Meinhof. Literally watching TAS rn.
<__monty__>
gchristensen: Is it your pass wrapper?
<gchristensen>
I did write this passwrapper yea
<energizer>
is there an archive/unarchive tool that works with a ton of formats?
<infinisil>
energizer: atool
<energizer>
infinisil: thanks
<ekleog>
:rolling_on_the_floor_laughing: (need to figure out a way to make ibus work again, typing emojis in ascii kinda sucks)
<infinisil>
Though I think it doesn't come with all the archive dependencies, you need to install those separately
<__monty__>
gchristensen: I meant is that the magic that allows it to know firefox called it?
<__monty__>
∠( ᐛ 」∠)_ ekleog How about this one?
<ekleog>
neat ^^
<V>
[16:13] <__monty__> I'm 100% for "Make nixpkgs understand language repositories instead of subsuming them like most (all?) other package repositories tend to do." <- this, so much
<__monty__>
I'm glad there's others out there with a similar opinion : )
<ekleog>
^ don't have the context but this too
<V>
gchristensen: is this an implementation of o.fd.Secrets?
<ekleog>
naersk / poetry2nix for the two I know being good steps in that direction IMO
<adisbladis>
I still can't believe I pulled off poetry2nix
<gchristensen>
this script hard-codes that it is being called by Firefox
<adisbladis>
Python be crazy
<V>
gchristensen: oh, I was just wondering if you were implementing a dbus api
<gchristensen>
nah
<gchristensen>
this thing just blocks on the notify event and then `exec pass "$@"`s
<V>
I have been waist-deep into dbus for the past 4 hours
<gchristensen>
...joy
<V>
it is truly a "it is too late, mother" point for me
<V>
I understand everything
<V>
I went into this adventure thinking that dbus was horribly bloated and overcomplicated without any real facts to back it up
<V>
I now know that it's horribly bloated and overcomplicated :D
<ekleog>
adisbladis: nice :) I guess the last remaining step is to figure out how to actually start using them in nixpkgs for the binaries we have there
<gchristensen>
I like dbus, but thaht is just me :x
<adisbladis>
ekleog: That's pretty easy, and I'm still waiting for the community to do it. I don't have the energy :/
<ekleog>
also, if we found a way to agree on a way to include the crateOverrides & similar to register the native dependencies directly in nixpkgs, so that everyone could benefit from it being in a single place, it'd be so <3
<ekleog>
well, I'm less familiar with poetry2nix, but naersk as-is, ISTR, requires being pointed to a clone of the full repo, so just committing the cargo.lock to nixpkgs wouldn't be enough without also some modifications to naersk :/
<adisbladis>
ekleog: Right... Poetry2nix embraces packageOverrides from pythonPackages
<adisbladis>
And adds some composability on top of that
<V>
gchristensen: it does the job fine, but could be so much simpler
<V>
And it's just a bit overly dynamic for my tastes?
<adisbladis>
ekleog: Adding a native deps is literally `self: super: { foo = foo.overridePythonAttrs(old: {}); }`
<V>
I'm more of a fan of Fuchsia's IDL
<ekleog>
hmm so the RFC you linked appears to start from a great observation (“we have to unify the APIs for package sets”), but the “how” is as far as I can read mostly “TODO” still?
<ekleog>
adisbladis: right, I'm just saying that it'd be great if we could have a centralized repository to make things easier for the general case where someone else already needed that dep :) (though IIUC poetry2nix already does that \o/)
<andi->
gchristensen: also encrypt it with age at the same time for "recovery" or offline usage
<colemickens>
hm. I just went through all of this effort of getting my yubikey usable for gpg signing over SSH, from Windows. Maybe I should've just been setting vault up instead.
<gchristensen>
well ... how about I put up what I have, and y'all can extend it? :p
<gchristensen>
maybe someone wants to make a git repo and commit it (I hereby give it away under whatever license bla bla bla)
<andi->
first i'll have to setup vault and figure out how to sync it between machines etc..
<gchristensen>
"just" setup consul and then "just" ...
<gchristensen>
vault on consul on tailscale
<infinisil>
Lol the help command
<gchristensen>
the only thing it doesn't do that I often use is the -c option
<gchristensen>
oh cool vaultsign is nice
<gchristensen>
that person also wrote the github apps vault plugin
<andi->
does tailscale support my own IP ranges and ipv6 yet? IIRC they didn't last time I checked.
<gchristensen>
note I don't actually use this today because I don't actually have a "highly" "available" vault server, and like you note, it'd suck to not have my passwords
<andi->
Would totally run that on my notebooks and 3 servers to have an entry point into my otherwise already working wireguard mesh
<gchristensen>
sounds pretty good
<andi->
the feature I want from tailscale is NAT hole punching
<andi->
if that isn't there then no benefit in using it
<infinisil>
gchristensen: Do vault servers have some built-in redundancy support between multiple servers?