Some trezor changes got finally upstreamed in nixpkgs, so here's a quick writeup how I managed without: https://juuso.dev/blogPosts/patching-nixpkgs-flake/patching-nixpkgs-in-a-flake.html #nixos
| homepage | https://juuso.dev |
Juuso Haavisto
@juuso
- 7 Followers
- 24 Following
- 43 Posts
Currently researching #APL at University of Oxford. Part-time #NixOS software entrepreneur https://github.com/ponkila
@crow in wirenix the keys can also be saved to the flake. But it's not deterministic -- it uses agenix-rekey to generate new keys whenever the mesh topology changes. It's also ipv6 only. But yeah, no secrets are leaked, instead it can use hmac secrets of Yubikeys and such which can be public. And agenix encrypts host secrets against hosts persistent SSH private keys (ed25519). Would be interesting to hear about alternative methods though!
@crow You might find wirenix interesting (autogen via agenix implemented there already) https://man.sr.ht/~msalerno/wirenix/
@krutonium @cdown afaik if you do not declare the writeback device then its what the article says "zram", and "zswap" if such writeback device exists. disclaimer: i used to run zram on 100% of RAM space like fedora, but due to the oom hangs eventually switched it off. my systems never had a disk-backed swap. anecdotally, zram was mainly useful with Raspberry Pis.
@bmcgee84 I've been happy with Garage (https://garagehq.deuxfleurs.fr) hosted private Nix binary cache. S3 gives you the same easy replication and versioning as Git, unless I'm missing something. Garage has the former built-in but no versioning for now. With ephemeral setups Garage is particularly useful because it allows persisting Nix packages over reboots without overlayfs tomfoolery (works fine but no idea under what semantics).
@julesh it's also likely the last 32-bit package manager
@weston @BryanBennett it took me time to understand that besides the version pinning, flakes are like json schemas which expect home-manager and nixosConfigurations to be found from their respective locations, so that 3rd party tools can make use of these defaults to build further abstractions (agenix, etc.)
@tomminieminen Mistä olet opetellut? Kaverini kyseli miten aloittaa opettelu, mutta en enää muista miten (tai mistä) itse edes opettelin. Nykypäivänä tietolähteenä toimii lähinnä GitHub (language:Nix hakutermi alkuun) eli muiden koodin lukeminen, mutta ne vaativat jo konseptien ja käytäntöjen ymmärtämistä.
@geerlingguy Wow, cheers! Any plans to try the new Intel Pro B50 or B60 for SR-IOV use-cases on these ARM workstations?
@geerlingguy Hi, do you plan to benchmark gaming on the Ampere computer using fex-emu.com which seems to be the x86-aarch64 translation layer used by the Steam Frame?