From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id CCAxFR+wdWb5ugAAqHPOHw:P1 (envelope-from ) for ; Fri, 21 Jun 2024 16:53:51 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id CCAxFR+wdWb5ugAAqHPOHw (envelope-from ) for ; Fri, 21 Jun 2024 18:53:51 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b=aiudArf6; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1718988831; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature:autocrypt:autocrypt; bh=lQSgqFIFAQhlXGq4Y/hoLq9xyPMmFvhTGK0zv7PoNWs=; b=ZaAw4fVy5wK/09EcrxlX8f61tMp7TXGdmUIWaz8LrqV6Orsxjvd6S11YglDBO9XYpUHd1F LNSvc+ymwpZgR5OmW2mQdq3YBDb6opEuInxQQjlw+M6+y3YQW27btKdvwRHtF1z1CrjirX BGzBfJ2jy7kn5q9X1aAg2m5hBAndFM1NFUXrgze/oB4/d6vcxfKFuCMeHjxf2hAkVDTJVs OI4wIU2rdALzQcEcuVoSKaU4F+sYlEM58Nh066GVbTJjPMRq1TTUZOMvMTJsrgV8Tzh0xu xaYp/+QkpwN4sw4apAIfxGqCLvbdaiAYZn4FmLJaZWwUMiekTpd+EFQtS8QERw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b=aiudArf6; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1718988831; a=rsa-sha256; cv=none; b=AiCEPBipVkjkwCAjv+fY11/Q20yqCpDjVg+3+Lc2fRF1h8oGapS8hlMXUxg2AVI7Pi703E cC0eeVrBMmvriOEXdIVEN39xGdHjWCBvmcxYi8CVMB9u1Z1VOZCUEpjwXtJwnTsJbcr/dM P0pFm3cYowIet+jezR9ClQAYVPVulTIR+83qXmMROCwxIntXX209FJnxMuVFeIWAZnkbwQ FF+qRuW0ZSxQpQ8zeKVEIRKCHpMvvVuIXDHX93IAZpR8oswM0ZuQd6UwQFiIFNH/j7kxJg G4P6250JHLy9d2vr/0OeMsL/e0rY239712HZYbRdBGTcMf5sjoEXX8ySWld7Bg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 07973387D0 for ; Fri, 21 Jun 2024 18:53:51 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sKhVx-0007JG-Sq; Fri, 21 Jun 2024 12:53:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sKhVv-0007IM-F2 for help-guix@gnu.org; Fri, 21 Jun 2024 12:53:27 -0400 Received: from layka.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sKhVt-0001PT-D5 for help-guix@gnu.org; Fri, 21 Jun 2024 12:53:27 -0400 X-Virus-Scanned: SPAM Filter at disroot.org Date: Fri, 21 Jun 2024 12:53:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1718988801; bh=kedEWnwSzUBbEvcgZ4ykN32CRZPsCcBu7crGNgixVy8=; h=Date:From:To:Subject:In-Reply-To:References; b=aiudArf6SOJxfEtNnmg/xmcWdjQGcc/eXAqbFpXs9reHSW6Pqj1KZxpOYAlfOqVnE Iz+K2VKHy7ZlNext4nJDwxKqnGNB1UT3EJwZ9wgAdsm+h2mY2nJMD78BLoWS4tYO7y urdI5yH4w7Rm7yHquo8SSPaYfuq9h9aRq6a5Fv4rz69diLUPb5uMXKYkBf4sy7UIjs 5qUxc/eZzh/RoZElKgxutWcTh/mN/ZKBJl7DAwUi3g7gBpngx+zM3SxcFo+AfT29t6 sWcufoQfeP5sAYM0S7RbR+PlHMACm5MrYHCxmLieWaLvTHd7hsqTtTPcHmWBhg2NJU IxZphuzx6IrBQ== From: takev To: Felix Lechner , Felix Lechner via , Nathan Dehnel , help-guix@gnu.org Subject: =?US-ASCII?Q?Re=3A_What_is_the_difference_between_the_direct?= =?US-ASCII?Q?ories_in_/_and_in_/run/current-system/profile=3F?= In-Reply-To: <875xw0161o.fsf@lease-up.com> References: <875xw0161o.fsf@lease-up.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=takev@disroot.org; prefer-encrypt=mutual; keydata= mQGNBGIRr9MBDAC40hEmT2Xy+vaHBN/0v8RH9Btwme29vvLtMaxRi0s0nHwu3R44EtKcN+ctdcoF yBRIMmlmqH4I6AejZ9lWj4OmiSODT7gwh0xns32twsotQz7R3qUqqDvijv4HdPaOJYJ3baWo3uLi I7myKEt2b+K+2u2z2CNdUTAv2Zhn0AdbT+WTQ/+blhEq/WgInNPuh3UMTt43PA4fzoV72YPC2lAs jjXVCb11EOdVf8fnfGrXswwVLWEgWuUkhtOkIrNFkqaRG1wvEhEWxrkJNqOdngrSPwPv/0+3Jkwd dyryphIjWRaT+LI7iyM7KVL0aUIvaPnbzE/hVIz6KqXtFqjLl3IrPRD/aOsxxKcjfG1/aGeABlJT 2ZIE8Cl02ispbTBC2Yxp3NrCGce1EC+L5cx+vOL/PBODuUEA5hjut94KQme/Xz+6WxHsx2yS9I9p MVtsKPqBGETW+4DvY5Wg2wJ+uWDjjpPgCKsb12RHBPcEFXaYn3E1VT82eOqrSILYDV6S2lMAEQEA AbQZVGFrZVYgPHRha2V2QGRpc3Jvb3Qub3JnPokB1AQTAQgAPhYhBJCO8CZRw2Lsd2ramGQKZ5Xs 2qwvBQJj300SAhsBBQkFEiSLBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGQKZ5Xs2qwvTkwM AKq253dC3U9AmpsWcq/3nV14HRoAfoyPv2OF1MBe2TP6USWuokMsR8qHs2+wENdhn67jkLkaU4pM 0bz6PkGm/KGuP+qDJri5+r0WKwDg3ZdMpMCHkr9cVldYEj5aE6GSOUGayE7aamRBgUyras07U6aT RsLa4gguz4WG2GaHHT6Cpb6LRI5EvAKkHuana4LfIICVdUIQOUWbs+cQYVOmydKmoaNaLy8aGqod n+FiNy+Ptj+RbM2VItlbq1uTEgSMF4FbmLg4Lg+4lSvnS3ruyje99f7I/aDoOt4Ov6P4ktfuQFfG 2KPnj83B3elf55i8Ggi1sU/BoGJFK2JOVIMHaFtOB4Nb92n/kA9NqLlhfeI8GtXJ+oThPQRfWMzk tbG6HCTOVAJcm6uuWCbzcjYpImE8myYudwQcvctyQXFPsW1anIp6luZth/PAtAyePlaqmloMipPq QVMkbCsthK5l+jfz+B1ErQUir8G4IELauW1Zqc6WQmmUJcMI1OF/FS0oObkBjQRiEa/TAQwAscuY sURQ4inU4PvwlC8PyAUDbdf4dU575zXZ0YmqJOWL9e9cehdUZmHnnE5Pa+0QJu9BulTx71vVQzIC Wws68EQy7/Hg3XpMFpeq9eO/eA+/xSFwPBbRCsRfTa6bs3I4LlqpfWzuY5XKNAhxpnShBrjfIzTm JyG90I6dcArecEMYS5impSZ34T9uHF3RNO0vW06t5Wt8QM/R1B4RorxzEcv9LWVa61zdmMox46VU 6tsDfx5UgMoCYLwLx3ew5Y334SM7bFQAq33Y2h+fMT32XUDl0B7O+VbIUTEzwBcMOMl24WdLAhmq 6yzzu+mb/AKKcBNQtikoZ299HXMUtBa41KNgZ1duhLAETkXaGHUtB8etIoVLkBZj39y5zboKZh6H R2nbGP/n2D3v81TVEHW1YzaoCMt4mgPdUTmTUfdvIK4Ix/OoMDhmh4xE0oSKILAisNalpuL27TcJ 1LPGO4meQDV5WIN0U86JgdnLmSzHW85uKxloBfHR0xfWkSqeya5nABEBAAGJAbwEGAEKAA8FgmIR r9MCmwwFiQUSJLYAIQkQZApnlezarC8WIQSQjvAmUcNi7Hdq2phkCmeV7NqsL69sC/9HiyEL1wPB pGo5qQ4k4BSD/kUOuTIaKVPiBvcUDwVW8WXHbXyQJs26/7OHdkRfH0TcasfQmc3lTzrSnQJsugzk 1eSNIBTGPVc2wngjGxMwlPsQgkQivnl4mvwx8uih+Nzdu7NC7UeSfZKcBZ+FSidhsJfz2eY/Wdel nkDoswvw4vmmKhMnaatdhwMbmx4ELd3/PtAEtr9W2U4+RC+gOmjWA93kob47ErwweGC0tSIEE0nt vt3CRYmcoxCduyFpbOJUZphrBsi0pOOwFdeH1Xt8isdGx048VA46tQ/HIAFoI+V5sCBzM3p6U7Yl G7Ic5TmI8DQCLSQB+GLiqiUdmPpY8Y3E6v3MIkFKpffCNjlhiAHEH2SR7o6Hw7yauNN1NrB8OjP5 UokeSTBFS8uj/DU7WmPFQU3G2XtPJ7TPQYDWTHdEeZiTWlHQnK0HuOLafIDig6qlimfQ1D1i0G9D 3hFwi46ReSmE/vy5oIKcXyHlfSE2J7NPmRJY6lrV70G3mJy5AY0EYhGv0wEMAPHoq4/GsNKLawFu H59ZucBNRCQiqTsurrxUpOx/yAiG/QA2Qorvm369JmeVausklwsNgO7UaYOu2jbtXsGRle73Xty0 +xONAnFuu3J5jzVCNTFtUkjHhBiHe4QiLEHeq/WUUj3vgNt0mYyS23wyWXhmSep+9BFzZwaVpI5p MztS1Kz/T9mLtwv3rQpOdNyAEqZuPjzt08PpxtUcj96TBvn9QLFOrvGT8Cx5d5zSKCmSBgdX1iFs GfVuml5OFv8cWVpH8zRQqkGxUnEzJUiOvKnpbYWipHGSrpaLKW3HP7+qQECsEcZdYVsglhTM3Jpb DRsgANzVi2e77NHKQ85cv+uhUDod5vRzBtrnf/dXtZwc1LNC+tgQKC2B4SbVcIhC3muhhSc5GEA3 ewBDN30LdtI7fX8g7ee6Yi84GZE6jK+Dkbxyz6fLaUe4ydnI0M2RI4YpoMRDk+Oign3y2NbQ1ZBU g4bf/JjP0jnUZPQLntBFIRmntr7S72vBIx2RMMjTIQARAQABiQNbBBgBCgAPBYJiEa/TApsCBYkF EiSgAcAJEGQKZ5Xs2qwvwN2gBBkBCgAGBQJiEa/TAAoJEKZPQTRcdACvWHUMAOgwV/FT9eCKCVIk H4BUiBHvd4OJCyo98gSaw2ZcORKBZhMN3LT6rqlG3uMKRx2KfKOMntEm4mOoXu4oHGtA1pAHSTYR 6ssc6gb3rYTUsSrUZRdgUjP/uSOZZ0g50CxF/SiW893BlYNdVJ/JJOKZEE0CVz2iaaq9K+0TcRQ8 9FPjTy3RFmI6oH2k9zT82UizhzOFkfO9yqhpaL5rtI3TJzGmuwuS8eAdxetGHHDDahZDDe3v7ZhI 6JWG8lLAQqUDTVGeJFAW4ZyOTPA/RL3zEyFCZ/7po9/FBfQf57klmg36H7h3M0mz7rXAJ4J77VsS UaA5dxV+ui0ZZ4yUEz/0KMD0+IImlUPc/J26gZWUjZr7v+CdAEJ7AGBT5uGI3JhXrD5w68PpYaGj 9RRk4lU+Uoh9d4qbmV2tkUHqyxrHk9GS+I7u9qZD0Yq4mR993RbYG6THNwvGIsPYnNywbmZGRnl7 uHuCoXfGdTsPuZNCnoOIbWFj9cBTvu585vbPfVEFrBYhBJCO8CZRw2Lsd2ramGQKZ5Xs2qwvzMkL /13Tsm4ojflH3aZQzZRm3P+9TKmO5wVxCHiLD/LMXPmsouf5bECd4nLMbYvn/CVIkbKnte3vhqrv l5nbmV7R45WgzvtHHKr8FJBxJ8jCqCZjq6tiFShHpBfvkFov16Tw9czub/dmD119xO1CP7GUX7k7 VbcicYjNPlWM4p6u+Hk5bu/g7TZrbmVYYyVOqWDvfQ6+CIM4StLsthfofEbC7Q80IzFrzTNDiHCC 4Cpb+YHQgEKCBcEWOa0u2Rekgd5zwAKUznVUdTZvksk1eAh/rrZxHmbBEu0pnni2cbRRKbv2ymfa oJDmCGaH5dIDtYPfopMqyOUPjLGczo46VF4OJjdYeE/BcKoihYes6Y7k2dZGpsaukxRVqL7usUWI wM6+1yos9ms85xgtdDLodNkmB+2d9NrZr7GroqYSWHGYdGGxePMMr3ZsHzI52A4ICVMiZCb2Kz91 49g6TdSW/Uus+yvRJ6PHrJtRtkT/4yq+ZRJD05ZkyKfP5zyRVzC5gflm8w== Received-SPF: pass client-ip=178.21.23.139; envelope-from=takev@disroot.org; helo=layka.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: 07973387D0 X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -7.51 X-Spam-Score: -7.51 X-TUID: OrYE5eIYBPat Just chiming in about the secrets, but I have found that guix-sops works re= ally well so far: https://fishinthecalculator=2Eme/blog/secrets-management-= with-sops-guix=2Ehtml There are a few things I would like to see (i=2Ee=2E symmetrical encryptio= n, being able to use s-expressions instead of yaml, etc), but for the most = part it works very well on my servers=2E On April 29, 2024 12:34:43 PM EDT, Felix Lechner via = wrote: >Ideally, / would be empty, except for /gnu/store and mount points for >/home and /root=2E Some folks run / on a tmpfs and manage to get pretty >close=2E One challenge is that we haven't figured out what to do with >secrets=2E The store is public, so they can't go there=2E