<Mic92>
flokli: I mean in nixos we sometimes rely on fixed secrets paths in our module system because secret locations are part of configuration file. This becomes now dynamic paths due to $CREDENTIAL_PATH beeing dynamic.
<Mic92>
Which means some work and I need to convince nixpkgs maintainer to pick those changes up everywhere.
<flokli>
Yeah true. But the nixos module system shouldn't rely on these being hardcoded anyways. ;-)
<andi->
Good luck changing every software out there to read env variables in their configuration. Just think about TLS certificates in Webservers...
colemickens has quit [*.net *.split]
flokli has quit [*.net *.split]
worldofpeace has quit [*.net *.split]
JJJollyjim has quit [*.net *.split]
ajs124 has quit [*.net *.split]
flokli has joined #nixos-systemd
worldofpeace has joined #nixos-systemd
JJJollyjim has joined #nixos-systemd
ajs124 has joined #nixos-systemd
flokli has quit [Max SendQ exceeded]
worldofpeace has quit [Ping timeout: 246 seconds]
JJJollyjim has quit [Ping timeout: 246 seconds]
jtojnar has quit [Ping timeout: 270 seconds]
aanderse has quit [Ping timeout: 244 seconds]
Ox4A6F has quit [Ping timeout: 246 seconds]
hmpffff[m] has quit [Ping timeout: 244 seconds]
balsoft has quit [Ping timeout: 244 seconds]
danielrf[m] has quit [Ping timeout: 244 seconds]
emily has quit [Ping timeout: 244 seconds]
ma27[m] has quit [Ping timeout: 260 seconds]
flokli has joined #nixos-systemd
aanderse has joined #nixos-systemd
jtojnar has joined #nixos-systemd
worldofpeace has joined #nixos-systemd
hmpffff[m] has joined #nixos-systemd
Ox4A6F has joined #nixos-systemd
colemickens has joined #nixos-systemd
aanderse has quit [Quit: Bridge terminating on SIGTERM]
jtojnar has quit [Quit: Bridge terminating on SIGTERM]
hmpffff[m] has quit [Quit: Bridge terminating on SIGTERM]
Ox4A6F has quit [Quit: Bridge terminating on SIGTERM]
colemickens has quit [Client Quit]
worldofpeace has quit [Quit: Bridge terminating on SIGTERM]
aanderse has joined #nixos-systemd
jtojnar has joined #nixos-systemd
balsoft has joined #nixos-systemd
emily has joined #nixos-systemd
ma27[m] has joined #nixos-systemd
JJJollyjim has joined #nixos-systemd
worldofpeace has joined #nixos-systemd
hmpffff[m] has joined #nixos-systemd
Ox4A6F has joined #nixos-systemd
colemickens has joined #nixos-systemd
danielrf[m] has joined #nixos-systemd
<andi->
So, I'm just looking at the ACME + dns server situation again. While the After=nss-lookup.target statement was probably correct it doesn't solve the story entirely. Lets say you restart unbound & refresh the ACME certificates. The nss-lookup.target will still be active and thus the ACME client will still fail.
<flokli>
andi-: yeah, nss-lookup.target is mostly about ordering services during bootup, not on a running system… https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ discusses this for network.target, and advocates for services having to somewhat cope with dynamic/flaky network situations.
<flokli>
Not much of a help, I know, sorry…
<andi->
A very systemdish answer.. it isn't our fault that we haven't thought about it yet. Move everything to our $newShinyThing :(
<andi->
And I do not blame them for it..
<andi->
It is just sad
<andi->
Maybe patching lego to rety that call is the best approach.. given how many days I've sunken into this rabbithole with DNS already..
<flokli>
yeah…
<flokli>
kloenk: I built and approved the homed PR (which doesn't flip any default, and mostly exposes the option to facilitate testing). I'd like to see someone else taking a look :-)
Ericson2314 has joined #nixos-systemd
<damjan>
so, after https://github.com/NixOS/nixpkgs/pull/101886 gets into master, what will be the recommended way to link to libsystemd for apps that need it (for sd_notify or sd_journal_* etc)?
<{^_^}>
#101886 (by flokli, 6 days ago, merged): systemd: introduce more options for a more minimal build
<damjan>
something like `buildInputs = lib.optional withSystemd (lib.getLib pkgs.systemdMinimal)` ?