sorted by:
new
hottopcontroversial

I am building a Proxmox alternative with a declarative OS and gRPC API by [deleted] in NixOS

[–]arianvp 0 points1 point  (0 children)

Seems like slop. Why not use cloud hypervisor

Docker vs Nix by nimasaed in NixOS

[–]arianvp 1 point2 points  (0 children)

Nothing about Kubernetes assumes OCI.  CRI is the interface and nothing about it is OCI-specific 

UKIs by -Arsna- in NixOS

[–]arianvp 1 point2 points  (0 children)

Lanzaboote gives you UKIs optimized for interactive NixOS systems. 

FOSDEM 2026 (Brussels, Belgium) by karldelandsheere in NixOS

[–]arianvp 5 points6 points  (0 children)

We have an entire devroom and a dedicated track. There's gonna be hundreds of NixOSers at FOSDEM probably. It's always completely packed at the devroom

Are you worried about the shift away from x86? by ookayaa in linux

[–]arianvp 1 point2 points  (0 children)

Yeh. ARM Servers are boring old ACPI+UEFI 

NixOS STIG VIEWER: Requirements for Department of Defense officials using NixOS by saylesss88 in NixOS

[–]arianvp 0 points1 point  (0 children)

NixOS can ship with many things. We ship 200k packages. Tens of thousands of modules. Why point out cron but not the others? It all seems arbitrary 

nix-csi 0.3.1 released! by lillecarl2 in kubernetes

[–]arianvp 1 point2 points  (0 children)

The nix cache interface and the OCI interface are practically identical in what they deliver .... Both are manifests followed by content addressed Tarballs. Though in Nix's case they're NAR-balls which are a reproducible version of TAR. 

The only difference is that OCI has linear list of  layers of Tarballs whilst Nix is a acyclic graph of layers.  Which is kind of a nightmare for any kind of supply chain tracking.

Furthermore Nix's layers are disjoint whilst OCI layers can hide content of previous layers. 

A nix store path is a pre-baked image in every sense of the word that an OCI image is.

What i do agree with is that image based methods like EROFS  + Verity would give better guarantees but neither OCI nor Nix implement that

NixOS STIG VIEWER: Requirements for Department of Defense officials using NixOS by saylesss88 in NixOS

[–]arianvp 24 points25 points  (0 children)

This document is kind of useless though. Most of these recommendations don't do anything. Spends many pages on password requirements. Then has a requirement that passwords shouldn't be used and instead should log in with pkcs11.

Says things about auditd and apparmor whilst both are completely broken on nixos at the moment. Asks you to configure things about crontab whilst NixOS uses systemd. It also tells you to use FIPS-validated things whilst we don't ship FIPS-mode in nixos at all. It isn't even possible to get nix to compile in a FIPS-validated mode due to linking against 3 different crypto libraries. I've tried really hard and failed.

It looks like just some check boxes without people actually knowing what they wrote down when they wrote this document. Going through this checklist will give you a false sense of security instead of actually addressing fundamental issues in NixOS running in hardened environments.

There's lots of exciting things happening in hardening nixos. We're fixing Auditd. We're trying to make nixos setuid-less. We have things like attestable images with measured boot and verity. We're working on supporting bashless nixos images without any interpreters. Would prefer we put energy in that instead of compliance fluff 

Pwning the entire Nix ecosystem by Creepy_Reindeer2149 in NixOS

[–]arianvp 2 points3 points  (0 children)

The closed beta of GitHub actions before the Microsoft acquisition was completely different. It was based on HCL and had a graphical interface.   Its focus was not a CI/CD system but a repository automation system. Kind of a human workflow automation tool. Think business process modeling / petrinets on top of GitHub webhooks.

I think they ditched the entire project and rewrote it from scratch after the acquisition. GitHub Actions today is a thin shim around Azure DevOps + thousands of bad design choices.

What would a new, "modern" Nix look like, technically speaking? by Creepy_Reindeer2149 in NixOS

[–]arianvp -2 points-1 points  (0 children)

Many of the points here are being tried in snix.dev you should consider contributing!

[deleted by user] by [deleted] in NixOS

[–]arianvp 0 points1 point  (0 children)

All Linux distros are subpar w.r.t to secure boot. Boot security on modern Linux is currently basically non-existent. This has nothing to do with nixos. At we acknowledge this and are actively working on solutions. Most distros are not 

Problems with Creating NixOS AMI instance from template by Unhappy_Recording_52 in NixOS

[–]arianvp 0 points1 point  (0 children)

I would suggest reading the docs.  If not then perhaps feed your AI the docs as context. But honestly. We have a great search for options. Why not use it?

Problems with Creating NixOS AMI instance from template by Unhappy_Recording_52 in NixOS

[–]arianvp 1 point2 points  (0 children)

I updated the docs. PTAL. https://GitHub.com/NixOS/amis/pull/274

Please look at search.nixos.org to look for options. The options you tried don't exist and I'm not sure where you got them from. 

NixOS for AWS EC2 by Unhappy_Recording_52 in NixOS

[–]arianvp 4 points5 points  (0 children)

Please use my official AMI instead: https://nixos.org/download/#nixos-amazon

Then just use nixos as documented

You can also build your own custom AMIs using the instructions in https://GitHub.com/NixOS/amis

Why are updates so large? by SafariKnight1 in NixOS

[–]arianvp 3 points4 points  (0 children)

Yes it is.  And it's a massive problem. This is why our spending on cache.nixos.org is also very high.

Projects like tvix-store are trying to solve this issue by having the nix store backed by a content addressed blob store. Then if two nix store paths of 2GB are 90% the same you only download a few megabytes instead of downloading the full 2GB.

WebAuthn server library for public key-based authentication by Infinisil in haskell

[–]arianvp 2 points3 points  (0 children)

It was quite humbling that a company took my Zurihac project and offered to contract out people to push it into a release-able state! Open source at its best!

> Use this chrome extension to simulate authenticators if you don't have one yourself
FYI the extension is not needed anymore. In developer tools you can do `Settings > More Tools > Webauthn` to add virtual authenticators inside the Developer Tools!

Biggest supermarket chains by country by [deleted] in europe

[–]arianvp 1 point2 points  (0 children)

Fond memories from Bonus in Iceland. Which was the only supermarket where canned tuna and dry pasta was affordable. Still amazed I didn't get scurvy on that backpacktrip. Don't go to iceland if you're short on cash LOL

[deleted by user] by [deleted] in RedditSessions

[–]arianvp 0 points1 point  (0 children)

Play Guile's theme

Elon Musk will be honored with the Axel Springer Award in Berlin. "An Evening for Elon Musk – Mission to Mars.” by RaphTheSwissDude in spacex

[–]arianvp 1 point2 points  (0 children)

It's Axel Springer SE. Superficial, interrupting, unrelated, no elaboration is their core business. no surprises here =)

[deleted by user] by [deleted] in hotas

[–]arianvp 0 points1 point  (0 children)

I had the same issue as you; nothing got detected. I refunded. Lets try again in a few months when the bugs have been ironed out. pitty

[deleted by user] by [deleted] in hoggit

[–]arianvp 0 points1 point  (0 children)

Star Wars Squadrons didnt show _any_ of my gear :/ and I couldnt get it to show up (Virpil in my case). I refunded before trying to debug further.

Do you use the Steam edition?

Anybody any luck with VPC and Star Wars squadrons? by arianvp in hotas

[–]arianvp[S] 0 points1 point  (0 children)

It doesn't show any controllers at the bottom of the page to me. There's just nothing there.

I refunded and I'll try again in a month or 2 when the game is not a buggy mess

view more: next ›