linux, systemd 

I‘ve been looking at NixOS for years, even used it as a daily driver back in 2017. It wasn‘t ready. A few months ago I gave it another chance and it totally hooked me. I’d say it‘s quiet usable for prod environments, though not very beginner-friendly, mostly because of bad documentation.
The future of linux computing is bright!

Show thread

Check this out: wiki.nikitavoloboev.xyz/

This guy's blog is somewhere between a wiki and a book. Apparently it's based on the idea of a "digital garden"? It's pretty cool.

Whoa. Someone built a router out of NixOS and ran it on a raspi 3. I'm neck deep with OPNSense, but this is *incredibly* tempting.

labs.quansight.org/blog/2020/0

I wish there were published standards for life. Like a design doc declaring the optimal tooth care routine, or a diet plan outlined like it's an IETF RFC. Just a collection of known goods to start from.

It's stuff like this that makes me concerned about the viability of progressive web apps. We lock down so many native APIs in the name of fingerprinting countermeasures. In the end, if you want something to work reliably, you're pushed towards Electron.

Show thread

Hmm. Seems browsers suppress local IPs from WebRTC ICE candidates unless you get audio/video permission. Makes sense for fingerprinting, but that's kind of annoying. It means P2P data channels have to take a slower route unless you're building a video application.

I didn't realize NewPipe supported PeerTube. Wicked.

My testing of Consul/Nomad/Vault has actually gone so well I've gone ahead and started migrating production systems to it.

Honestly I find it just phenomenal for our use case.

If we fully reverse engineer the brain as a computing machine, it's just a matter of time before it runs DOOM.

I'm migrating our SSH to use Signed SSH keys generated by Vault and there's been a lot of resistance.

As the only security guy all I have to say is

I want to write code but nothing sounds fun right now.

So I got Consul's Envoy integration up and running on my raspi cluster... that was unexpectedly complicated. Apparently support for the platform is still pretty new and rough around the edges.

The wikipedia page about humans doesn't say anywhere on it that it was written by them, which imo is a conflict of interest

Dependabot PRs only solves half the problem. It automatically opens PRs when your dependencies fall out of date. But I still gotta wait for tests to pass, merge it, wait for the others to rebase, wait for tests to pass, rinse/repeat. And it's something you've gotta do *every week* or it all piles up.

I drop kicked Dependabot in favor of WhiteSource Renovate which can automatically merge. Waaaay nicer. Been going steady for a month and I rarely ever need to intervene.

Once I had NixOS deploying correctly, I just flipped two switches for Consul + Nomad.

services.consul.enable = true
services.nomad.enable = true

All that's missing is configuration. Gotta read me some manuals.

I can't believe Nix works this well. It does *so much* and it's all amazing.

Show thread

It freaking works. I got NixOps deploying to a raspi cluster.

The controller (x86) uses Nix distributed builds to farm out arm compilation which builds NixOS changes in parallel, then syncs the file deltas back to the pi cluster.

I've spent the whole day debugging cross compilation bugs for a raspberry pi. It hurts now but the end result is gonna be sick!

I'm playing with Nomad as an alternative to Kubernetes. It seems really nice so far.

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.