The Layoff Along with 25% of my former colleagues, I was laid off by Beamery (glassdoor reviews) immediately before “American Thanksgiving”. I was provided with a number of informational pamphlets at the end of a 5-minute layoff call at 9am which was scheduled with less than 15 minutes of notice. The following Wednesday, I was at the neighborhood social dance, trying to take my mind off the stress of job hunting in Q4 and interview preparation with some live music.

Before this week, it had been a long time since I visited the Plex subreddit. I shared my last article there, which was a technical write-up of moving my Plex instance from a Hetzner auction server to a virtual machine running on hardware in my home network, and the considerations that influenced the migration. It didn’t take long for me to realize that a culture of hostility towards even the mention of Hetzner or other cloud hosting providers has strongly taken root since Plex announced it’s blanket network ban on IP ranges associated with Hetzner data centers.

Last October, Plex started blocking access to instances running on servers hosted by Hetzner. I have a Hetzner Auction server that I renew every year or so to make use of newer hardware, which I use to run various workloads, from web services, to scheduled jobs and self-hosted instances of privacy-friendly alternative web frontends like Nitter. Another one of those workloads, until recently, was Plex. I didn’t have the time to put too much effort into getting around the Hetzner network ban when it was first implemented, so I just started running Jellyfin instead.

I came across an interesting thread on the NixOS subreddit today that helped me fix a problem that I didn’t even know I had with my NixOS system configuration. Every now and then, I’ll try to quickly do nix-shell -p somepackage, and it will fail, because somepackage couldn’t be found. I go and check https://search.nixos.org and it’s there. Huh. Weird. So I just go and add it to my environment.systemPackages to install it, and remove it if it turns out I don’t really need it.

I have a confession to make. Until yesterday, I did not have any form of dotfiles management or versioning for my Windows 11 machine. Yes, I, the person who wrote an entire tiling window manager for Windows from scratch in Rust, did not manage my dots. I had to sheepishly admit this on more than one occasion in the project Discord server when people would watch my live programming videos and then ask if I could share my Windows dotfiles repo.

There are a number of different approaches available for NixOS users to handle secrets. The most popular tend to be git-crypt, agenix and sops-nix. But which one should you use? To hopefully help you in answering this question for yourself, here is an overview of a few common use cases and what I think is most appropriate for each. Managing Your Own Physical Machines Maybe you have a desktop, a Macbook and a Raspberry Pi which you are managing from a single NixOS flake repo.

In my last post, I shared how to get a working instance of Nitter deployed on NixOS, but requested advice on how to best automatically provision the guest_accounts.json runtime secret file on the target server. A number of folks reached out to me on Mastodon (thanks @[email protected], @[email protected], @[email protected] and @[email protected]!) to suggest that I use agenix to copy encrypted files to the server and decrypt them in non-world readable directories, and then use systemd’s LoadCredentials option to make them available to the nitter service.

With all of the various user and developer-hostile changes introduced to Twitter over the past year, the importance of a user-friendly alternative frontend for Twitter is greater than ever. After using public instances of Nitter for a while, I wanted to try hosting my own instance. I thought it would be as simple as enabling a service in my NixOS configuration: { services.nitter.enable = true; } Unfortunately, the only builds of Nitter that currently work are taken from a feature development branch which introduces changes both in build-time dependencies and runtime dependencies.

The social media landscape from Twitter and Mastodon to Instagram and TikTok has, for better or worse, centralized on sharing text highlights and quotes as images rather than as plain text. Now I can share my highlights easily as images on social media! I like to share my highlights from across the web, which is why I publish topic-specific RSS feeds for people to subscribe to. However, one of the features that I’ve been missing for a while now on Notado is exporting screenshots for social sharing.

As I write this, the genocide in Gaza being perpetrated against the Palestinian people continues unabated, with the explicit support of many western governments and politicians across the political spectrum. Facilitation of war crimes is generally recognized as a war crime in International Humanitarian Law, the Rome Statue of the International Criminal Court and Customary International Humanitarian Law (I know this thanks to my many years spent as an ICRC field delegate, but you can do your own further research on this point if you’d prefer).