diff --git a/apply.nu b/apply.nu
index 3539cfb..7f36f28 100755
--- a/apply.nu
+++ b/apply.nu
@@ -11,20 +11,23 @@ def --wrapped sync [...arguments] {
# Applies the changes to the site by uploading it to the VPS.
def main [] {
+ const dest_directory = "_site_production"
+ const deno_arguments = [ "task", "build", "--dest", $dest_directory, "--location", "https://rgbcu.be/" ]
+
if (pwd | str starts-with "/data/data/com.termux") {
sync ./ nine:site
- ssh -tt nine "
+ ssh -tt nine $"
cd site
- LUME_DRAFTS=false nix run default#deno -- task build --location https://rgbcu.be/
+ LUME_DRAFTS=false nix run nixpkgs#deno -- ($deno_arguments | str join ' ')
"
- sync nine:site/_site ./
+ sync ("nine:site/" + $dest_directory) ./
} else {
- LUME_DRAFTS=false deno task build --location https://rgbcu.be/
+ LUME_DRAFTS=false deno ...$deno_arguments
}
- cd _site
+ cd $dest_directory
let host = "root@best";
diff --git a/site.ts b/site.ts
index 66a926f..9fdc195 100644
--- a/site.ts
+++ b/site.ts
@@ -176,7 +176,7 @@ site.use(checkUrls({
site.use(feed({
output: ["/blog.rss", "/blog.json"],
- query: "type=article",
+ query: "type=article unlisted!=true",
sort: "date=asc",
limit: Infinity,
diff --git a/site/_includes/default.vto b/site/_includes/default.vto
index 5ab8ccc..74fb1ec 100644
--- a/site/_includes/default.vto
+++ b/site/_includes/default.vto
@@ -15,10 +15,10 @@ layout: null
{{ title }} {{ /if }}
- {{ if description }} {{ title }} {{ /if }}
+ {{ if description }}
- {{ for article of search.pages("type=article", "order=asc date=desc")}}
+ {{ for article of search.pages("type=article unlisted!=true", "order=asc date=desc")}}
{{ article.date.toISOString().slice(2, 10).replaceAll("-", " ") }}
diff --git a/site/blog/2024-03-04-htmnix.md b/site/blog/2024-03-04-htmnix.md
index 847b0ec..b49746a 100644
--- a/site/blog/2024-03-04-htmnix.md
+++ b/site/blog/2024-03-04-htmnix.md
@@ -2,7 +2,7 @@
title: HTMNIX
description: How the absolutely cursed HTMNIX project works.
-keywords:
+tags:
- html
- nix
---
diff --git a/site/blog/2024-04-02-cosmic-drift.md b/site/blog/2024-04-02-cosmic-drift.md
index 862d7cb..612e8f7 100644
--- a/site/blog/2024-04-02-cosmic-drift.md
+++ b/site/blog/2024-04-02-cosmic-drift.md
@@ -2,9 +2,9 @@
title: Cosmic Drift
description: Or how I missed the school bus because of a cosmic ray.
-keywords:
- - time
- - unix-timestamps
+tags:
+- time
+- unix-timestamps
---
So, every day I wake up at 6:55, get dressed by 7, walk to the bus stop by 7:13
diff --git a/site/blog/2024-04-15-nix-iceberg.md b/site/blog/2024-04-15-nix-iceberg.md
index 59218c4..6ba9bf1 100644
--- a/site/blog/2024-04-15-nix-iceberg.md
+++ b/site/blog/2024-04-15-nix-iceberg.md
@@ -2,9 +2,9 @@
title: Explaining the Nix iceberg
description: And revealing how cursed Nix is.
-draft: true
+unlisted: true
-keywords:
+tags:
- nix
---
@@ -226,8 +226,6 @@ in builtins.break {
Evaluate this expression with `nix eval --debugger --expr/--file` and see.
-
-
## `tvix`
[Tvix](https://tvix.dev/) is an alternate implementation of Nix written in Rust.
@@ -564,15 +562,22 @@ print t
The
[`accept-flake-config`](https://nix.dev/manual/nix/2.29/command-ref/conf-file#conf-accept-flake-config)
-Nix configuration variable or `--accept-flake-config` flag in Nix commands
-allows Nix to unconditionally accept flake `nixConfig`'s.
+Nix configuration variable or `--option accept-flake-config true` flag in Nix
+commands allows Nix to unconditionally accept flake `nixConfig`'s.
This is dangerous, because this can enable `builtins.importNative` by enabling
the
[`allow-unsafe-native-code-during-evaluation`](https://nix.dev/manual/nix/2.29/command-ref/conf-file#conf-allow-unsafe-native-code-during-evaluation)
-option, which then allows Nix expresions to load arbitrary dynamic libraries,
+option, which then allows Nix expressions to load arbitrary dynamic libraries,
which can do anything as they are not confined to the Nix evaluation sandbox.
+However, a malicious flake doesn't even have to go that far. It can define an
+evil substituter using the `extra-substituters` key in `nixConfig`, and you may
+get served malicious packages.
+
+This is why you should generally be wary of using this option or typing in `Y`
+when asked to trust a substituter/enable a setting in interactive mode.
+
## Zilch
ZilchOS is a decidedly tiny Nix-based distro. It is a great project to see how
@@ -583,7 +588,13 @@ It was created by [t184256](https://github.com/t184256) on GitHub, here is the
## `set.a or "meow"` is set-specific
-TODO
+[As mentioned previously,](#let-a-1-or-6-in-a-or-9-) the Nix parser is weird and
+treats `or` as an identifier when it is not right after an attribute selection
+expression.
+
+So, the `or` in `set.key or default` is the keyword, but in `set or default` it
+is not, and the latter expression is actually a double function application,
+where we apply `or` to `set`, and then `default` to the result of that.
## `builtins.toString [true false true] == "1 1"`
@@ -814,7 +825,20 @@ evaluate to 1.
## `__impure`
-TODO
+With the
+[`impure-derivations`](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-impure-derivations)
+experimental Nix feature, you can set the `__impure` attribute to `true` within
+derivations to mark them "impure".
+
+What this does is:
+
+1. Let the derivation build have access to the network.
+2. Prevent the impure derivation from becoming a
+ [content-addressed](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-ca-derivations)
+ derivation.
+
+Impure derivations can also only be used by other impure derivations or
+fixed-output derivations (FODs).
# Tier 5: `normal and can be trusted with nix`
@@ -879,38 +903,67 @@ Give feedback at https://github.com/NixOS/nix/pull/11121
## `restrict-eval`
-[From the Nix manual:](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html?highlight=restrict-eval#conf-restrict-eval)
+[From the Nix manual:](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-restrict-eval)
> If set to true, the Nix evaluator will not allow access to any files outside
> of `builtins.nixPath`, or to URIs outside of `allowed-uris`.
## nix2
+`nix2` is commonly used to refer to `nix-` style commands, such as
+`nix-build`, `nix-shell` while `nix3` is used to refer to `nix ` style
+commands, such as `nix build`, `nix develop`, and so on.
+
## `__noChroot`
When the
-[`sandbox`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html?highlight=__nos#conf-sandbox)
+[`sandbox`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-sandbox)
Nix configuration value is set to `relaxed`, fixed-output derivations (FODs)
that have the `__noChroot` attribute set to `true` will not run in the Nix
sandbox.
## cloud scale hydra
-TODO
+[Cloudscale hydra](https://web.archive.org/web/20220624223053/https://cloudscalehydra.com/)
+was
+Graham[^]
+Christensen's previous failed project.
+
+He then went on to create [FlakeHub](https://flakehub.com/), which could be said
+is the successor to Cloudscale Hydra.
+
+It is curious that the following links are the only non-automated mentions of
+the project on the open internet:
+
+- [Meeting about nixpkgs `cudaPackages` from February 13th, 2025.](https://pad.lassul.us/p/KXm3h1AS-?print-pdf#/)
+ ([archive](https://archive.is/fbNMP)) (Search for `cloud-scale hydra`)
+
+- [A link to a now-defunct Hydra instance hosted by Cloudscale Hydra, in the Determinate Systems blog.](https://determinate.systems/posts/hydra-deployment-source-of-truth/)
+ ([archive](https://web.archive.org/web/20250319031645/https://determinate.systems/posts/hydra-deployment-source-of-truth/))
+ (Search for `cloudscalehydra`)
+
+- [A tweet from the Determinate Systems, about the availability of Cloudscale Hydra](https://x.com/DeterminateSys/status/1445785369941889024)
+ ([archive, actually check this one out! it's from 2021](https://web.archive.org/web/20220112074900/https://twitter.com/DeterminateSys/status/1445785369941889024))
+
+If you can't find the mentions in these pages, check the archives out.
+
+
## `(_:_) != (_:_)` but `(a:a) == (a:a)`
Evaluating `(_:_) == (_:_)`, we see that it is `false`, which means the two
functions aren't equal to eachother, as we are comparing them directly and when
-compared directly, functions return false.
+compared directly, function comparisons return false.
-But then why does `(a:a) == (a:a)` return `true`? Aren't they both functions?
+But then why does `(a:a) == (a:a)` return `true`? Aren't we still comparing
+functions?
**Nope!**
`a:a` is a
-[legacy URL literal](https://nix.dev/manual/nix/2.29/development/experimental-features.html?highlight=url%20literal#no-url-literals),
-which can be disabled using the `no-url-literals` Nix feature.
+[legacy URL literal](https://nix.dev/manual/nix/2.29/development/experimental-features.html#no-url-literals),
+which can be disabled using the
+[`no-url-literals` experimental Nix feature.](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-no-url-literals)
## de betekenis van @niksnut
@@ -920,14 +973,14 @@ TODO
This is the legacy `let` syntax. Equivalent to `let huh = "?"; in huh`.
-## Tier 6: `has meowed before`
+# Tier 6: `has meowed before`
-### `let { body = 1; __overrides.body = 2; }`
+## `let { body = 1; __overrides.body = 2; }`
This is a combination of [`__override`](#rec-a-5-b-a-1-overridesa-6-) for keyed
-experessions and the [`legacy let syntax`](#let-huh-body-huh-).
+expressions and the [`legacy let syntax`](#let-huh-body-huh-).
-### function identity is load bearing on importing nixpkgs
+## function identity is load bearing on importing nixpkgs
Since
[attribute sets with function members compare function identities (memory locations)](#let-f-a-a-s-ff-in-f-f-s-s),
@@ -941,9 +994,9 @@ determine whether if we are cross-compiling.
Therefore, function identity really **is** load bearing on importing nixpkgs.
-### `import `
+## `import `
-This looks like we are importing , and getting the `fetchurl.nix` file in
+This looks like we are importing ``, and getting the `fetchurl.nix` file in
it.
Let's see if that is true:
@@ -998,15 +1051,15 @@ and its contents are set to a
You do not need to be in impure evaluation mode to use `corepkgs`, aka
``.
-### test suite of nix wasn't run
+## test suite of nix wasn't run
TODO
-### fixed-output derivation sandboxing
+## fixed-output derivation sandboxing
TODO
-### `importNative`
+## `importNative`
[`builtins.importNative`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-allow-unsafe-native-code-during-evaluation)
allows Nix expressions to import arbitrary dynamic libraries to produce Nix
@@ -1015,11 +1068,11 @@ expressions.
Of course, this is turned off by default as it is a security risk. You probably
shouldn't use this.
-### `chromium recompressTarball`
+## `chromium recompressTarball`
TODO
-### more than 1 million chars of indents breaks things
+## more than 1 million chars of indents breaks things
The weird Nix parser
[hard codes `1000000`](https://github.com/NixOS/nix/blob/2afc84fddf463b22196aeb70587bc0c9259e330f/src/libexpr/include/nix/expr/parser-state.hh#L250)
@@ -1029,7 +1082,7 @@ spanning multiple lines.
So when you have a line with more than a million spaces for the indent, it is
ignored and not included in the minimum indent calculation.
-## Tier 7: `wears animal ears to NixCon`
+# Tier 7: `wears animal ears to NixCon`
@@ -1044,11 +1097,37 @@ TODO
## `(_: builtins.break _)`
-TODO
+Historically, the [`builtins.break`](#-debugger) function used to not work
+reliably in some cases, such as `let-in`'s and function calls.
+
+This was fixed in [this merge request](https://github.com/NixOS/nix/pull/9917),
+in February 8, 2024.
+
+But before that fix, you would use `(_: builtins.break _)` or an equivalent
+instead of `builtins.break` itself.
## multiplayer tic-tac-toe in nix repl
-TODO
+You want to read this blog post:
+[Are Nix Expressions Pacman-Complete?](https://stuebinm.eu/posts/nix-tic-tac-toe-complete.html)
+
+You can run it using the following bash/zsh/etc (any shell that implements
+`$(( RANDOM ))`):
+
+```sh
+git clone https://stuebinm.eu/git/playground nix-tic-tac-toe
+
+# In first shell:
+nix-build --argstr seed $(( RANDOM )) nix-tic-tac-toe/nix-turing/game.nix
+
+# In second shell, in parallel:
+move=0
+while true; do
+ read -p "move: " content
+ echo "$content" > "/tmp/input-${move}"
+ ((move++))
+done
+```
## `let e="e"; in [001.2e01e.30.4]`
@@ -1067,3 +1146,5 @@ TODO
TODO
## `builtins.derivationStrict`
+
+TODO
diff --git a/site/blog/2024-05-20-swap-i.md b/site/blog/2024-05-20-swap-i.md
index 7d3522b..0fc6333 100644
--- a/site/blog/2024-05-20-swap-i.md
+++ b/site/blog/2024-05-20-swap-i.md
@@ -2,7 +2,7 @@
title: Swap the `ı` and `i` key on your keyboard for faster modal editing
description: How to swap the ı and i key on your Turkish keyboard on Linux.
-keywords:
+tags:
- localisation
- modal-editors
---
diff --git a/site/blog/2024-09-30-gitignore.md b/site/blog/2024-09-30-gitignore.md
index 65ea639..67ab938 100644
--- a/site/blog/2024-09-30-gitignore.md
+++ b/site/blog/2024-09-30-gitignore.md
@@ -5,7 +5,7 @@ description: And how to roll the rock over the edge.
color: "#A5804C"
thumbnail: /assets/images/sisyphus-ds-store.webp
-keywords:
+tags:
- vcs
---
diff --git a/site/blog/2025-06-05-why-cores.md b/site/blog/2025-06-05-why-cores.md
index 0476e3f..13f6f07 100644
--- a/site/blog/2025-06-05-why-cores.md
+++ b/site/blog/2025-06-05-why-cores.md
@@ -4,7 +4,7 @@ title: "Why more `/sys/class/hwmon/*/temp*_label` than CPU cores?"
color: "#99CF9F"
thumbnail: /assets/images/cpu-dumb.webp
-keywords:
+tags:
- hardware
---