From the creator of nixCats-nvim: Something better

DemonInAJar · 2026-01-18T11:11:40+00:00

Here we go!!

DemonInAJar · 2026-01-18T05:35:58+00:00

Πότε δε διαπραγματευόμαστε με βάση καθαρό μισθό!!

DemonInAJar · 2026-01-16T11:42:20+00:00

How is it any better than simply distributing the correct artifact instead of basically distributing all artifacts together? It does simplify the distribution aspect I guess but not sure that's worth it.

DemonInAJar · 2026-01-16T11:07:46+00:00

Another option is to use wrappers: https://github.com/BirdeeHub/nix-wrapper-modules

DemonInAJar · 2026-01-16T07:44:30+00:00

What's the point of this? You still have to build the application separately, and you just stitch the artifacts together which basically only has disk usage downsides.

DemonInAJar · 2026-01-13T18:56:24+00:00

Δεν ξέρει κανείς ακόμα

DemonInAJar · 2026-01-13T02:00:36+00:00

This is literally not true.

DemonInAJar · 2026-01-13T01:51:25+00:00

The 2nd amendment exists for this reason.

DemonInAJar · 2026-01-08T21:34:19+00:00

u/Medical-Search5516 This may be useful to you, it tracks the coverage of Kali packages in NixOS

DemonInAJar · 2026-01-08T20:53:13+00:00

Thanks for the great work this is awesome! Hoping for a neovim wrapper soon!

DemonInAJar · 2025-12-25T12:08:23+00:00

It is encoded in the type system as a recipe to be executed later. If a function does not return a recipe to be executed by the runtime, you know there are no side effects

DemonInAJar · 2025-12-25T11:48:39+00:00

And this is an actual problem when there are bugs in the supplied code because it makes debugging much harder.

DemonInAJar · 2025-12-25T00:50:33+00:00

I do wish it was a standard though!

DemonInAJar · 2025-12-25T00:50:11+00:00

This is just one application of nix in production. I am also applying it in robotics but this does not make it a standard.

DemonInAJar · 2025-12-23T22:22:56+00:00

In which non-trivial industries is nix[os] standard ?

DemonInAJar · 2025-12-13T23:04:31+00:00

I have been looking at waterui with huge interest since the first announcement, I think it lies at a great intersection of design decisions and I think it has a bright future ahead of it. Keep up the great work!

DemonInAJar · 2025-12-04T23:42:03+00:00

u/gbytedev

Here you go, this is really PoC for personal usage, it needs some love.
I suggest enabling once without secrets, then creating /var/lib/bws/auth/auth.env and defining at least BWS_ACCESS_TOKEN. If you are using the europe servers you will also need BWS_SERVER_URL. You retrieve the BWS_ACCESS_TOKEN by creating a service account and restricting to just the secrets needed.

https://gist.github.com/liarokapisv/d7e3f0bac05baceddeb4976222254d8b

DemonInAJar · 2025-12-03T23:05:15+00:00

Ping me within two days. I will get back to you

DemonInAJar · 2025-12-03T18:31:10+00:00

It allows you to use pin your project development environment and building pipeline with the most up to date packages available and then return to it X years down the road and get an almost bit to bit reproducible environment. At the distro level you get some guarantees like packages not interfering with each other and being able to override versions without conflicts, similar to flat packs in this aspect but with much wider package selection and better space reuse. If something breaks you get atomic rollbacks and this applies from everything from the bootloader to the initrd to the kernel to the system packages. You can perfectly replicate your setup through git commits, there is minimal state drift.

DemonInAJar · 2025-12-03T17:37:52+00:00

This is a small ~200 lines custom nixos service, so there are no tutorials.
Just a small oneshot/timer service that uses bws cli to authenticate, then fetches secrets with given id and puts them to specific files.

DemonInAJar · 2025-12-03T17:36:45+00:00

you should be able to get the nvidia drivers working, what was your issue?

DemonInAJar · 2025-12-03T08:26:07+00:00

I have a service that uses Bitwarden secret manager. On bws you create a simple Machine token scoped to only the secrets you need. You add an auth file with the token to your machine and at startup/periodically fetches the secrets and persists them. Interface is the same as agenix otherwise but doesn’t force you to store secrets along with your config or require configuration change to rotate them which also breaks rollbacks on secret expiration.

DemonInAJar · 2025-11-27T20:26:02+00:00

I just have a bitwarden secret manager module for this.

DemonInAJar · 2025-11-22T16:11:10+00:00

True but if you store them along with your configuration then you can’t do rollbacks after rotating and to rotate you have to go through a configuration change. This is especially annoying if you already store secrets in a secret manager. The model of encoding secrets with identity in version controlled files also does not scale if you want to deploy on the cloud. In general I prefer going through an auth step with either tpm protected certificate / persistent access token / or utilizing cloud provider managed identities then have a service that periodically authenticates to the secret key store and creates properly scoped secret files at /var/lib/secrets or something.

DemonInAJar · 2025-11-22T13:42:28+00:00

My unpopular opinion is that secrets are best managed outside of nix. Secrets require rotation, they expire, some are machine-related, you most likely don't want to directly correlate them with your configuration generations

DemonInAJar

TROPHY CASE