# NixCon Speaker Questions Questions for Q&A sessions. format: - person name - Text of their question. ---- # Day 1 ## Talk 1: Nix modules: Improving Nix's discoverability and usability - andi - What is the cost of having more features (that other languages already built) into nix? - davidak[m]> was Dhall considered? why was TOML choosen? - andi - Will I also need a `nix integration-tests` at some point? I wonder whats wrong with just `nix-build -A doc`? - viric - How to debug NixOS modules? I find them hard to debug because they are more intertwined compared to nixpkgs. - ## Talk 2: An Intelligent System to Recommend Configurations ## Talk 3 : Nix at Chatroulette v2 - LambdaDuck> - How do you build docker images from mac machines (if you do)? - nbathum - what was the most surprising part of introducing nix? (at work) - aminechikhaoui> Have you considered running actual nix builds in CI for the Scala projects ? We have some Scala projects at work and we use Sbtix, it works ok-ish but as you said it's not actively maintained. Is there plans to either extend it or have other tooling built for that as part of Chatroulette ? ## Talk 4 : Nix Flakes in Production: What, Why, and How - farlion - What's the most challenging part about using flakes right now? - If you could change one thing what would it be? - risson - I have found that substituting inputs isn't recursive, is that intented? - To extend on my question. Let's say I want to use flake B. Flake B uses flake C and substitues its nixpkgs. - Now, I am in flake A and substituting flake B's nixpkgs with my own. - Flake B nixpkgs gets substituted, but flake C's nixpkgs stays the same as the origin flake B's nisxpkgs ---- (break) ---- ## Talk 5 : How to change Nix ecosystem to become mainstream? - zie - how does one get started doing documentation? ## Talk 6 : Remote deployments with NixOS and Nixops at Yakkertech - Is the name Yakkertech derived from the Japanese word for baseball yakyū? - What system architecture do your industrial PCs use? - You mention a live directory mechanism, how the changes are picked up by this live directory? Is it a NFS directory? if I do a commit on an experimental branch, how does it get picked up? - Rolling your own nixpkgs repo/not using official channels how much rebuilding do you have to do vs leveraging the official cache? - Do you have references to the nixos-bootstrapping-via-kexec part? - Do you do Secure Boot and enforce rootfs integrity (like with dm-verity) on your industrial PCs? - Could he explain a bit more how he kexec'd from debian to nixos? - ever tried autoPatchelf? should be less painful than patchelf manually [this is a comment] - henri- It is possible to locally configure systems deployed with NixOps. - You can just copy the configuration to the remote machine in an activation script. - I first saw this here: https://pascal-wittmann.de/entry/autoupgrade-with-nixops-and-nixops - misc - can that hardware be corebooted? ## Talk 7 : Robotnix - Build Android (AOSP) using Nix - edef - given that the signing is done in a derivation, do the signing keys end up in the Nix store? - Sander Would it also be possible to compile APKs from source using Nix-compiled Android SDK components? Currently, in Nixpkgs we use binaries from Google's Android SDK, but they have license restrictions: you are not allowed to use compiled APKs for non-Google branded Android distros. If we compile these ourselves, then we are not affected by these restrictions? - viric - "How do you go from building AOSP with nix to using nix to develop/modify AOSP"? - "Why did you do all this work? Do you contribute to any AOSP variant?" - jpo - "the bind mount you mention for avoiding copying 50gb of source: can you elaborate on the details of how this works, and if it has any negative interactions with sandboxed builds?" - Mic92 - do you all build this in your freetime? Are there are other people helping you? - Raito_Bezarius - Q: Is it possible to test those builds in a virtual machine and run automatic software, like fuzzing, etc? - mschwaig - Does Robotnix directly use those small existing patches you mentioned to get reproducibility, or does it go another way to get that? - droman038 - "How can I trigger an incremental over the air update package?" - nicoo- Q: Would you consider using threshold signatures, to have k-out-of-n people reproduce the build and jointly sign the OTA update image ? ## Talk 8 : Bringing NixOS to my school - Raito_Bezarius- Have you tried to bring Nix(OS) to the routers? Is there plan to do so? What kind of network setup does EPITA runs? [is there isolation, VLANs] - davidak[m]- what CI is used? ## Talk 9 : Nix in the Java ecosystem - niksnut- any experience with gradle in nix? ---- # Day 2 ## Talk 1: Bridging the stepping stones: using pieces of NixOS without full commitment - srhb> nbathum: Q: Is abstracting the service generation worth it in NixOS proper, maybe? - < nixer|86> It was not obvious from the talk or I missed it, but do you still use systemd? - hyperfekt> how does the usability of the module system and your extensibility mechanism compare in practice? - < ryantm> It sounds like your suggestion to move modules to packages is maybe the opposite of eelco's proposal yesterday. What do you think? - viric> Question: do you use systemd at all? What is your init? - refnil> nbathum: Is there something else apart than nsjail that I could check to learn more about your jail setup? (Raito_Bezarius> nicoo: https://github.com/7c6f434c/lang-os) ## Talk 2: nix-processmgmt: An experimental Nix-based process manager-agnostic framework - nicoo> Q: Do you think that nixos, nix-darwin and other projects managing services around nix packages, could in the near-future move to such an abstraction layer and share more service definitions etc. - Raito_Bezarius> Q: How do you envision to generalize some systemd-specific features like hardening or socket activation that some services uses? - ~~niksnut> systemd has a lot of nice features like startup notification, socket activation, logging etc. - is there a nice way to abstract over those?~~ - Raito_Bezarius> Q: What about a static process manager? e.g. doing a topological sort at Nix build-time to output a certain derivation representing the processes which will run at runtime - viric> Q: "Will NixOS take nix-processmgmt over, or nix-processmgmt will take over NixOS ? I can't wait" - NinjaTrappeur> nbathum: by running process as different user and group, do you mean running the service as a proper system service, not a user service anymore? - l33[m]> it's cool... how do you handle upgrades/roll-backs/logging/pinning? - pastry> In a way the question is how do yuo handle the mass of leaky abstractions this will be? ## Talk 3: Automating deployment with Hercules CI and NixOps - ~~jpo> how do you ensure isolation of secrets? [may be partially answered]~~ - LambdaDuck> What is the risk for vendor lock-in if using this system? - jpo> does your threat model for secrets explicitly address the case of correctly-building malicious PRs with functionality designed to steal your secrets, and if so: how? ## Talk 4: Nix × IPFS [10 minutes] - Raito_Bezarius> Q: Is it feasible that IPFS support the nixpkgs-scale at some point? How much time do you think it will take to reach this level of maturity? - nicoo> Q: What does “CA derivations with contents "floating"” mean? ~~- nicoo> Q: What do you call “Floating content-addressed” ? Are those input-addressed derivations that, when resolved, refer to a content-addressed one?~~ [answered] - pie_> Q: is there hash type whitelisting - andi-> Q: SHA1 is old and has known attacks, is it a good idea to suppoert it? ----- - viric> question: would ipfs give quicker substitutes than usual https on hydra or similar? - hyperfekt> Q: afaik currently the NixOS foundation maintains a mirror of tarballs used in builds - are there any plans to have fetchers in nixpkgs that can fetch from the normal source by default and fall back to IPFS for a chance at long-term reproducibility? - LambdaDuck> Q: Can these changes improve git fetching even when ipfs is not used? ## Talk 5: NixOps for Proxmox [15 minutes] - foo - ## Talk 6: How Nix grew a marketing team - Ox4A6F> : How about planting a tree for each person installing NixOS. ;) - --- <!-- nick will watch this talk first. later. next month maybe --> <!-- WORLDofPEACE trust cuz I love this talk --> worldofpeace notes: Loved the moment you mentioned that we don't have control over the subconcious. And like with awareness you can use it to your advantage. I personally believe I have pretty good hold on my subconcious communication, like it's very much speaking without any words and it is the most powerful way to get things across. Usually you think you'll be "good friends" with someone because both your subconcious are compatible or are communicating and connecting on similar information Other thank you's. Thanks you for taking the initiative to start the marketing team and doing all this research. ---