There are a number of different approaches available for NixOS users to handle secrets. The most popular tend to be git-crypt, agenix and sops-nix. But which one should you use? To hopefully help you in answering this question for yourself, here is an overview of a few common use cases and what I think is most appropriate for each. Managing Your Own Physical Machines Maybe you have a desktop, a Macbook and a Raspberry Pi which you are managing from a single NixOS flake repo.

In my last post, I shared how to get a working instance of Nitter deployed on NixOS, but requested advice on how to best automatically provision the guest_accounts.json runtime secret file on the target server. A number of folks reached out to me on Mastodon (thanks @[email protected], @[email protected], @[email protected] and @[email protected]!) to suggest that I use agenix to copy encrypted files to the server and decrypt them in non-world readable directories, and then use systemd’s LoadCredentials option to make them available to the nitter service.

With all of the various user and developer-hostile changes introduced to Twitter over the past year, the importance of a user-friendly alternative frontend for Twitter is greater than ever. After using public instances of Nitter for a while, I wanted to try hosting my own instance. I thought it would be as simple as enabling a service in my NixOS configuration: { services.nitter.enable = true; } Unfortunately, the only builds of Nitter that currently work are taken from a feature development branch which introduces changes both in build-time dependencies and runtime dependencies.

The social media landscape from Twitter and Mastodon to Instagram and TikTok has, for better or worse, centralized on sharing text highlights and quotes as images rather than as plain text. Now I can share my highlights easily as images on social media! I like to share my highlights from across the web, which is why I publish topic-specific RSS feeds for people to subscribe to. However, one of the features that I’ve been missing for a while now on Notado is exporting screenshots for social sharing.

As I write this, the genocide in Gaza being perpetrated against the Palestinian people continues unabated, with the explicit support of many western governments and politicians across the political spectrum. Facilitation of war crimes is generally recognized as a war crime in International Humanitarian Law, the Rome Statue of the International Criminal Court and Customary International Humanitarian Law (I know this thanks to my many years spent as an ICRC field delegate, but you can do your own further research on this point if you’d prefer).

I recently starting using Yubikeys both to store passkeys which allow me to do passwordless logins to websites like GitHub, and to SSH into remote servers with FIDO2. I have a number of machines at home, but I spend the majority of my time using a Windows 11 desktop computer running NixOS on WSL2 (in the past I’ve described Windows 11 + my tiling window manager komorebi as the “desktop environment” on top of my NixOS WSL2 shell).

Have you ever hit alt + backspace while in a zsh session, intending to delete just the last part of a path, or a word, or an identifier, but ended up deleting far more than that? This is probably because you are using the default value for $WORDCHARS. The default value for $WORDCHARS is *?_-.[]~=/&;!#$%^(){}<> i.e. pretty much everything and the kitchen sink. Usually, therefore, you will want to remove characters which you don’t want to be considered parts of words

Last year I read the excellent article “Hands-Free Coding” by Josh Comeau which went into detail about modifying his programming workflow to use dictation and eye-tracking after developing Cubital Tunnel Syndrome. I highly recommend reading the whole article and watching the demonstration videos of his approach. This article was my first exposure to the dictation software Talon, which is specifically built to be hackable and naturally targets software developers. If you know anything about me by now, it’s that I can’t use a computer without a tiling window manager anymore.

For the last few years I have been writing and maintaining a tiling window manager for Windows that has steadily grown in usage and popularity. My first exposure to tiling window managers was on macOS with kwm (which was succeeded by chunkwm and later yabai). Naturally, this meant that whenever I used Linux, I would reach for bspwm. I am a big proponent of what I call the “bspwm architecture” for tiling window managers.

Earlier this month I mentioned on Mastodon that I was replacing a Docker-based local development environment at my day job with a Nix-based one, orchestrated with overmind and a justfile. There was quite a lot of interest in particular in how overmind and just could be used to replace a container / compose-based local development. While I can’t share the details of the significantly more complex migration I did at my day job (yet!