<jdally987[m]>
if I have a derivation (single default.nix file) that works in nix-shell, but I want to add it to my systemwide config locally
<jdally987[m]>
what's the easiest way to do that? what would I have to call in configuration.nix. I tried something with `callPackage` or something like that before but I totally forget the syntax now
njoko has quit [Ping timeout: 240 seconds]
m0rphism has quit [Ping timeout: 256 seconds]
EmoSpice has quit [Ping timeout: 265 seconds]
aswanson has joined #nixos
EmoSpice has joined #nixos
rb2k has quit [Ping timeout: 256 seconds]
EmoSpice has quit [Ping timeout: 256 seconds]
pitch has quit [Ping timeout: 264 seconds]
pitch has joined #nixos
rb2k has joined #nixos
rb2k has quit [Client Quit]
ml| has joined #nixos
ransom has joined #nixos
ransom has quit [Remote host closed the connection]
K0kada has quit [Ping timeout: 260 seconds]
ransom has joined #nixos
<{^_^}>
[nixpkgs] @adisbladis opened pull request #109246 → emacsPackages: Bump to 2021-01-13 → https://git.io/JtfJd
saschagrunert has quit [Remote host closed the connection]
Siyo has joined #nixos
saschagrunert has joined #nixos
tsrt^ has joined #nixos
Izorkin has quit [Ping timeout: 256 seconds]
Izorkin has joined #nixos
Siyo has quit [Quit: Bye]
Siyo has joined #nixos
noonien5 has joined #nixos
noonien has quit [Ping timeout: 264 seconds]
noonien5 is now known as noonien
<edcragg>
can anyone help with a custom protocol thing? i'm trying to package ringcentral, but get `gio: zoomrc://....The specified location is not supported` when it tries to connect. The .desktop has `MimeType=x-scheme-handler/zoomrc;application/x-ringcentral;`
<{^_^}>
[nixpkgs] @erictapen pushed commit from @Ericson2314 to release-20.09 « nixos/thermald: Allow switching package »: https://git.io/JtfZA
<{^_^}>
[nixpkgs] @petabyteboy pushed commit from @mikroskeem to master « docker: 19.03.4 -> 20.10.2 (#108960) »: https://git.io/JtfcM
Siyo has joined #nixos
Izorkin has joined #nixos
<Siyo>
How come nix flakes is so tightly integrated with git that it won't even allow building unstaged nix files?
noonien9 has joined #nixos
jmeredith has quit [Quit: Connection closed for inactivity]
noonien has quit [Ping timeout: 265 seconds]
noonien9 is now known as noonien
<tejing>
because it's using git's hashing as part of its reproducibility
<Siyo>
ah, that makes sense yes
<tejing>
git commit ids give a individual and unforgeable name for the nix code to build
<Siyo>
though I've been building unstaged changes and that's worked fine so far
<Siyo>
I do get a warning but the unstaged changes are applied to my builds just fine
<tejing>
yeah, there's a bit of a judgement call there
sangoma has joined #nixos
<eyJhb>
Hmm, dminuoso does not seem to work for the module I made. I get that the option is not defined, when I try to nest it. Is there a type of catchAll, so that I can just json it?
<supersandro2000>
attila_lendvai: taking a look at it now
thc202 has joined #nixos
EmoSpice has joined #nixos
est31 has joined #nixos
pitch has quit [Ping timeout: 264 seconds]
malook has joined #nixos
blobdyld has joined #nixos
zarel has joined #nixos
EmoSpice has quit [Ping timeout: 240 seconds]
malook has quit [Client Quit]
<{^_^}>
[nixpkgs] @erictapen opened pull request #109263 → contributing.md: Mention backported commits in the original PR, change labels → https://git.io/JtfC2
<supersandro2000>
attila_lendvai: wrote you something
<aveltras>
i have a problem trying to run home-manager with the wsl under windows (this used to work without problem in the past, i've just recently reinstalled)
<{^_^}>
[nixpkgs] @erictapen pushed commit from @redvers to release-20.09 « botan2: update 2.7.0 -> 2.9.0 »: https://git.io/JtfCi
<aveltras>
when i log in i get the following output in the terminal
hiro98 has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @eduardosm closed pull request #108700 → webbrowser: mark as broken → https://git.io/JLx0Y
hiro98 has joined #nixos
joesventek has joined #nixos
joesventek has quit [Client Quit]
<aforemny>
betawaffle: In addition to boot.kernelParams, the configuration option boot.extraModprobeConfig might also be appropriate
<betawaffle>
ah, thanks
<aforemny>
betawaffle: Both options work for your purpose, they just have different syntax
<betawaffle>
yep
<betawaffle>
with the former, i need to prefix the option with `<modname>.` correct?
<aforemny>
betawaffle: Yes, correct
<betawaffle>
first i'm gonna make sure it works at runtime, then i'll do that
zakame has joined #nixos
hiro98 has quit [Ping timeout: 264 seconds]
nikivi has joined #nixos
<{^_^}>
[nixpkgs] @kraem opened pull request #109274 → linux: version bumps → https://git.io/Jtf81
Diagon has joined #nixos
oida has quit [Quit: byez]
Diagon_ has joined #nixos
EmoSpice has joined #nixos
philr_ has quit [Ping timeout: 264 seconds]
<Reventlov>
Hey there.
<Reventlov>
I have a laptop with two graphic cards (nvidia, and intel): https://0x0.st/-zfc.txt ; My goal is to primarily use wayland, and thus disable the nvidia card to save battery
dstzd has joined #nixos
Diagon has quit [Ping timeout: 264 seconds]
<Reventlov>
can this be set up from nixos ? Reading https://nixos.wiki/wiki/Nvidia, everything hints at being focused for X.org
Diagon_ is now known as Diagon
lsix has quit [Ping timeout: 244 seconds]
joesventek has joined #nixos
m0rphism has joined #nixos
<betawaffle>
does anyone know what i need to install to fix messages like this: `Gdk-Message: 07:47:27.377: Unable to load hand2 from the cursor theme`
rnhmjoj_ has quit [Remote host closed the connection]
<{^_^}>
[nix] @edolstra pushed to master « Convert option descriptions to Markdown »: https://git.io/JtfB5
ericsagnes has quit [Ping timeout: 246 seconds]
wnklmnn has quit [Remote host closed the connection]
wnklmnn has joined #nixos
rnhmjoj_ has joined #nixos
rnhmjoj_ has quit [Remote host closed the connection]
ericsagnes has joined #nixos
K0kada has quit [Ping timeout: 256 seconds]
pitch has quit [Ping timeout: 264 seconds]
Nickli has joined #nixos
<Nickli>
anyone used the signal-desktop lately?
<Nickli>
tried install and link a device, tells me the program is out of date even tho i just downloaded it and says v1.38.1 when i check the about info
aswanson has joined #nixos
test1[m] has joined #nixos
<sphalerite>
Nickli: I'm using signal-desktop and it isn't complaining. But it is on v1.39.4 so I guess yours is out of date
<sphalerite>
Nickli: you probably need to update your nixpkgs.
<Nickli>
i even forced it to 1.39.4 still no luck
wnklmnn has quit [Remote host closed the connection]
wnklmnn has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed to master « nixos ISO image: revert a part of 8ca33835ba »: https://git.io/JtfRF
<sphalerite>
Nickli: "forced it" how?
<sphalerite>
How did you install it in the first place?
<Nickli>
went on a wild goose chase thinking there was a 1.39.5 with override
<Nickli>
still installed it today
<sphalerite>
Did you change the version number in the nix expression without changing the source hash?
<Nickli>
used the same hash it would use otherwise
<Nickli>
testing without it
<{^_^}>
[nixos-homepage] @github-actions[bot] pushed commit from GitHub Actions to master « Update flake.lock and blogs.xml [ci skip] »: https://git.io/Jtf0f
jmeredith has quit [Quit: Connection closed for inactivity]
Volk has quit [Quit: See you next time!]
bitmapper has quit [Quit: Connection closed for inactivity]
sigmundv__ has quit [Remote host closed the connection]
Raito_Bezarius has quit [Ping timeout: 260 seconds]
sigmundv has joined #nixos
owenowen has joined #nixos
dstzd has joined #nixos
dstzd has quit [Client Quit]
lsix has quit [Ping timeout: 244 seconds]
dstzd has joined #nixos
dstzd has quit [Client Quit]
<Duponin>
I noticed I can't create NixOS VM with less than 2048MB RAM. To use a deployement tool such as `morph` (which push store derivation on targets) could reduces RAM usage and allow to grant less RAM?
<{^_^}>
[nixpkgs] @fabaff opened pull request #109298 → python3Packages.poolsense: init at 0.0.8 → https://git.io/JtfVF
ericsagnes has quit [Ping timeout: 258 seconds]
<viric>
do you mean nix needs the 2GB to evaluate nixos?
<viric>
maybe you can skip calling nix evaluation in the vm
<Duponin>
viric: yes, under 2048MB I can't execute a `nixos-rebuild <test/switch>` without it suddently halting
danmatrix[m] has joined #nixos
noudle has quit []
<viric>
I don't know what morph is. Can't it run the evaluation in the host?
<viric>
ah maybe there is no "nixos-rebuild" script that can skip the evaluation
<viric>
if you could evaluate and send the '.drv', then the VM could "realise" the .drv, which doesn't take much memory
lunik1 has quit [Quit: Ping timeout (120 seconds)]
<Duponin>
from my understanding it's what it is done
dstzd has quit [Remote host closed the connection]
nikivi has joined #nixos
dstzd has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
joesventek has joined #nixos
nikivi has quit [Client Quit]
joesventek has quit [Client Quit]
<Izorkin>
Mic92: did not fixing wrapper.c ?
rnea has quit [Ping timeout: 256 seconds]
joesventek has joined #nixos
nikivi has joined #nixos
rnea has joined #nixos
<{^_^}>
[nixpkgs] @Pamplemousse opened pull request #109305 → rizin: init at unstable-2021-01-13 → https://git.io/JtfoT
lsix has quit [Remote host closed the connection]
lsix has joined #nixos
jasongrossman[m] has joined #nixos
berberman_ has joined #nixos
cole-h has quit [Quit: Goodbye]
berberman_ has quit [Max SendQ exceeded]
berberman has quit [Ping timeout: 260 seconds]
fresheyeball has joined #nixos
cole-h has joined #nixos
berberman has joined #nixos
xanderle_ has quit [Ping timeout: 256 seconds]
<Mic92>
Izorkin: I started yesterday but did not finished
berberman has quit [Max SendQ exceeded]
<Izorkin>
ok
saschagrunert has quit [Remote host closed the connection]
berberman has joined #nixos
berberman has quit [Max SendQ exceeded]
berberman has joined #nixos
owenowen has joined #nixos
EmoSpice has joined #nixos
fresheyeball has quit [Quit: WeeChat 2.9]
<noonien>
i have a flake with configurations for different nixos machines, can i do something similar to `nixos-rebuild switch|boot` remotely, without copying the configuration to the machine?
<{^_^}>
[nixpkgs] @NeQuissimus pushed 8 commits to release-20.09: https://git.io/JtfoP
<noonien>
the flaked configuration is chosen based on the hostname, the same thiing will happen for the remote host, correct? i'm guessing this happens durin the activation phase, which is done on the remote host
<cole-h>
I don't think so. Pretty sure that will only happen on a local machine
<cole-h>
So you'd want to specify the hostname
HeN has quit [Quit: Connection closed for inactivity]
meh` has quit [Ping timeout: 264 seconds]
<Duponin>
Just want to say it's amazing how it's easy to install NixOS and really quick. That's about it
<noonien>
cole-h: is there a way to check for this by any chance?
<cole-h>
Check for what?
sss2 has quit [Quit: Leaving]
<noonien>
check to see that the correct configuration is (not) built
<cole-h>
If it will use the remote hostname?
<noonien>
yes
<cole-h>
Exploring the code, I guess.
<noonien>
hmm
veleiro has joined #nixos
mmmattyx has joined #nixos
owenowen has quit [Ping timeout: 272 seconds]
<noonien>
i guess i could put an abort in the configuration i'm expecting to be built, and if it aborts, it should mean that it's building the right one
<cornfeedhobo>
is there a way to get a specific version of a package?
nikivi has joined #nixos
<cole-h>
Check out nixpkgs where the package is at the desired version, `nix-build -A packageAttr`
nikivi has quit [Client Quit]
nikivi has joined #nixos
codygman__ has quit [Quit: Connection closed]
<noonien>
cornfeedhobo: yes, by pinning nixpkgs, copying the derivation to build the package yourself, or in some cases, just overriding the src works. most of the time you'll find different version in nixpkgs, perhaps there's one you need already
zupo has joined #nixos
nikivi has quit [Client Quit]
<bitmapper>
noonien: why would it be there
<noonien>
cole-h: yes, it would appear not specifying the flake output doesn't even build the system
dstzd has joined #nixos
ris has quit []
joesventek has quit [Quit: Quit]
riksteri has quit [Quit: riksteri]
dstzd has quit [Read error: Connection reset by peer]
<noonien>
bitmapper: yeah, i was wrong, you might not find it there.
nikivi has joined #nixos
<cole-h>
Unless you have backups, or it was in a git repo, you're SOL.
lsix has joined #nixos
owenowen has quit [Quit: Leaving.]
<bitmapper>
i'm just rewriting it
<bitmapper>
it wasn't logn
<bitmapper>
*long
<noonien>
there are tools to recover files, but it's usually not worth the hassle if you can just recreate the file easily
nikivi has quit [Client Quit]
ris has joined #nixos
nikivi has joined #nixos
<cole-h>
Hopefully now you've learned the importance of either backing it up, or putting it in a git repo (even if you don't publish it somewhere like GitHub).
<cole-h>
(I made the same mistake when I was just starting out, which is why I started committing everything lol)
nikivi has quit [Client Quit]
<noonien>
(same)
shibboleth has joined #nixos
rb2k has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jumper149 has joined #nixos
<noonien>
anyone using the --use-remote-sudo with nixos-rebuild --target-host? it's throwing an error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
<noonien>
or is it expecting a paswordless sudo?
<{^_^}>
[nixpkgs] @adisbladis merged pull request #109127 → go: Introduce environment variable GO_NO_VENDOR_CHECKS to relax go vendor checks → https://git.io/JtvHJ
<dsx>
How to pass an argument to the flake at build time?
nixnewbie has joined #nixos
<nixnewbie>
hello. i have an issue with /etc/hosts and /etc/resolv.conf - when using dockerTools to build a minimal container from a nix derivation, it seems that these two files are not honored for DNS lookups.
<nixnewbie>
however, docker and kubernetes use these to propagate hostnames and such
<nixnewbie>
not even hostname -i is working inside the container. is there a way to fix this?
<cole-h>
dsx: `--arg arg val`?
<dsx>
cole-h: sorry, I didn't express myself better. I mean, how do I access argument?
<flokli>
so if the application outside docker did try to read /etc/resolv.conf, it should try to inside the container as well
<nixnewbie>
flokli are binaries or libs patched on nixos to ignore /etc/hosts or /etc/resolv.conf in favor of a file in the nix store?
<flokli>
no
<flokli>
on nixos we usually have nscd
<flokli>
and glibc is supposed to probe nscd's socket first and do lookups through it if there is one
<flokli>
so straces might look a bit different
<nixnewbie>
ah, that explains it partially at least
<flokli>
but you should be able to temporarily stop nscd, and then it shouldn't be much different
<flokli>
we use nscd to configure other nss modules at runtime
<{^_^}>
[nixpkgs] @hugolgst opened pull request #109318 → vimPlugins.coc-lua: init at 2021-01-08 → https://git.io/JtfiD
<nixnewbie>
well, for comparison, I did `strace -e open,openat ping heise.de` in a debian container and got hits like `openat(AT_FDCWD, "/etc/resolv.conf",` and also /etc/hosts
EmoSpice has quit [Ping timeout: 256 seconds]
<nixnewbie>
on my nixos machine, nothing is opened, so i'll try to stop nscd next
xanderle has joined #nixos
<nixnewbie>
the only thing I get is `openat(AT_FDCWD, 0x7ffe31f124d0, O_RDONLY|O_CLOEXEC) = 3` and i have no clue if that's even related :(
<hugolgst>
Should I rebase and fixup the merge into the last commit?
<nixnewbie>
nice, that showed it!
<hugolgst>
I'm a bit lost about the structure of the merge
<nixnewbie>
flokli `openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5` with nscd disabled on my machine. so i guess i'll install strace in the container and see what i can dig up?
<hugolgst>
there were merging conflicts with master
<flokli>
nixnewbie: if it's a longer-running thing, you could also try stracing it from the outside if you manage to figure out the pid
shibboleth has quit [Remote host closed the connection]
lostnet[m] has joined #nixos
<flokli>
(you just need to interpret the syscalls and their location from inside the container mount namespace ofc)
<cole-h>
hugolgst: `git rebase -i HEAD^`, change pick to drop, then `git pull origin/master --rebase`
<cole-h>
is what I would do
<nixnewbie>
flokli well, its tough since its running inside k8s. in general that seems to be an unexplored area, or is someone successfully running a large amount of nixbased (dockertools) containers in kubernetes?
lsix has quit [Remote host closed the connection]
shibboleth has joined #nixos
mmlb has quit [Ping timeout: 268 seconds]
lsix has joined #nixos
<flokli>
nixnewbie: why would it be tough? ssh to the node it's running on, get the list of processes and attach from there ;-)
<nixnewbie>
hmm, that's worth a shot, didn't think about that
<flokli>
it's still containers running on linux boxes ;-)
hiro98 has quit [Remote host closed the connection]
<flokli>
of course, you could also bake a new image, with strace in $PATH, or modify the executable to wrap the real application in a fork-following strace
<hugolgst>
and I don't even know why there are conflicts I pulled master just before
weechat2 has joined #nixos
<cole-h>
¯\_(ツ)_/¯
<cole-h>
GitHub. Not even once.
<hugolgst>
ahahah
weechat2 has left #nixos [#nixos]
<{^_^}>
[nixpkgs] @Ekleog merged pull request #109230 → nixos/matrix-synapse: enable HTTPS in example → https://git.io/JtvA8
<{^_^}>
[nixpkgs] @Ekleog pushed commit from @sephalon to master « nixos/matrix-synapse: enable HTTPS in example (#109230) »: https://git.io/JtfP9
zebrag has quit [Quit: Konversation terminated!]
zebrag has joined #nixos
<hugolgst>
cole-h: I solved that, should I squash the merge into the init commit or create a merge commit?
<cole-h>
merge commit bad
<hugolgst>
okok
<cole-h>
Squash it into the `vimPlugins: update` commit
<cole-h>
(easy way to do that: stage the changes, then `git commit --fixup=a676e5788ad5783bac6d974f28f714249121606e`)
<hugolgst>
amazing, thanks for these tips
<noonien>
do you guys have anything to check when a package gets updated? for packages that you want extra security for?
<noonien>
for example, electrum
rb2k_ has joined #nixos
nixnewbie has quit [Quit: Connection closed]
rb2k has quit [Ping timeout: 264 seconds]
est31 has quit [Remote host closed the connection]
qbit has joined #nixos
<qbit>
hi!
<hugolgst>
hey
est31 has joined #nixos
<DigitalKiwi>
noonien: do you mean in nixpkgs or upstream?
<noonien>
hmm, just personal configs i guess
<noonien>
i'm thinking of just adding a trace when a package i care about changes its hash. then i'll have to figure out a way to get the changes that changed the hash
lordcirth_ has joined #nixos
<qbit>
is there a way to refer to tls certificates snagged by nginx? say i want to use a given cert in nginx and in grafana
<noonien>
DigitalKiwi: that's not what i mean. i want to make sure that i trust that the electrum package nixpkgs provides. and to be able to check when the package is modified.
<qbit>
but it would also mean i wouldn't have to disable / enable bits of my config in order to get the certs up and running
<noonien>
qbit: you can use security.acme.certs.<name>.directory as a variable in your configuration.nix though
<DigitalKiwi>
cole-h: doesn't it? i use it all of the tiem
<noonien>
DigitalKiwi: i don't inherently distrust the nixpkgs package, just would like to check when the package hash is changed, and check out what caused it
<cole-h>
hugolgst: Ah, one step I missed was `git rebase -i origin/master --autosquash` which will automatically mark fixup! and squash! commits so all you have to do is save and quit your editor
vidbina_ has quit [Ping timeout: 260 seconds]
<DigitalKiwi>
do you do automatic updates or something
<hugolgst>
ty
<cole-h>
DigitalKiwi: Ah, it works in bash but not fish.
<cole-h>
DigitalKiwi: fish doesn't expand ~ in args that don't match the regex `^~`, probably
<DigitalKiwi>
i was worried it hadn't been working for me :( like when i had settings in my nix config that weren't actually doing anything because they were misspelled and nix isn't statically typed :(
<chloekek>
The Yubikey wiki page recommends services.udev.packages = [ pkgs.libu2f-host ];. But libu2f is no longer maintained and the repo recommends libfido2. Should I enable FIDO2 support using services.udev.packages = [ pkgs.libfido2 ]; instead?
ericsagnes has joined #nixos
nikivi has quit [Client Quit]
nikivi has joined #nixos
nikivi has quit [Client Quit]
dstzd has quit [Client Quit]
dstzd has joined #nixos
dstzd has quit [Client Quit]
dstzd has joined #nixos
dstzd has quit [Client Quit]
dstzd has joined #nixos
<chloekek>
Hmm yeah seems to work, a little bit
dstzd has quit [Client Quit]
dstzd has joined #nixos
joesventek has joined #nixos
hugolgst has quit [Read error: Connection reset by peer]
iknacx has joined #nixos
joesventek has quit [Client Quit]
iknacx has quit [Client Quit]
joesventek has joined #nixos
<astronavt>
is there a collection of "recipes" for packaging certain common types of applications? e.g. basic C-with-makefile, autotools, cmake, python, go, rust
bitmapper has quit [Quit: Connection closed for inactivity]
mananamenos has quit [Ping timeout: 246 seconds]
<{^_^}>
[nixos-homepage] @github-actions[bot] pushed commit from GitHub Actions to master « Update flake.lock and blogs.xml [ci skip] »: https://git.io/Jtf1I
zebrag has quit [Quit: Konversation terminated!]
zebrag has joined #nixos
mananamenos_ has quit [Client Quit]
gustavderdrache has joined #nixos
xelxebar has joined #nixos
dstzd has joined #nixos
<pinpox>
Thanks, that's helpful
xelxebar_ has quit [Ping timeout: 240 seconds]
lsix has quit [Ping timeout: 272 seconds]
stigo has quit [Quit: WeeChat 2.9]
b42 has quit [Ping timeout: 268 seconds]
b42 has joined #nixos
lsix has joined #nixos
lejonet1 has quit [Ping timeout: 260 seconds]
stigo has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ManiacOfMadness has quit [Ping timeout: 272 seconds]
<pinpox>
cole-h: one more related question: If I want to check in a script that my system (flake enabled) has been updated in the last X days, how would i do that? Can I get the build time of the current system or the commit time of the nixpkgs it's using?
<cole-h>
The ssh key is just whatever I have set up with github. At the moment, it's using a GPG auth subkey.
<cole-h>
git+ssh is required since it's a private repo on GitHub
<noonien>
yes, but when doing a build, the key is for your personal user, right? no need to set it up on root? (i'm not exactly sure under what user the input flakes are gotten from)
<noonien>
s/from/with
<cole-h>
The key is from my logged-in user, yes. Specifically, from ssh-agent (provided by gpg-agent).
<noonien>
great!
<cole-h>
Also note that it's only required when updating that input.
<noonien>
hmm, i've not completely read the entire configuration yet, but is the input fetched from the local git submodule checkout?
<cole-h>
No
chloekek has quit [Remote host closed the connection]
<noonien>
hmm, so why do you have the secrets as a git sit submodules?
<cole-h>
I do a bit of weird impurity stuff to access my decrypted secrets. The flake is just to enumerate the filenames, but the contents are referred to by string-paths (e.g. "/home/vin/flake/secrets/somesecret")
<cole-h>
I have it as a submodule so it's stored in the same place
<noonien>
aaah, ok, that makes sense
<cole-h>
But if I were to link my secret files from the flake input, they'd still be encrypted
<pinpox>
noonien: isn't --use-remote-sudo what you are looking for?
<noonien>
pinpox: that only works for paswordless sudo
<pinpox>
I see
<noonien>
if sudo requires a password, you get an error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
<noonien>
i plan on making sudo not require a password, once i setup a more acceptable authentication mechanism
jboyens has joined #nixos
<noonien>
i don't want to make it just work without authentication
<noonien>
nixus looks pretty attractive, especially the auto-rollback, i saw that somewhere else and wanted to set it up for quite a while, nice that nixus does that for you
<cole-h>
deploy-rs also has that, I believe
<pinpox>
There is also krops (which I use), but it's pretty minimal
dandart has quit [Quit: dandart]
<pinpox>
I chose it mainly because it supports secrets management via `pass` which I was using already. Also it works nicely with flakes