blog(nix-iceberg): explain tic tac toe in nix repl

apply.nu

@@ -11,20 +11,23 @@ def --wrapped sync [...arguments] {
 
 # Applies the changes to the site by uploading it to the VPS.
 def main [] {
+  const dest_directory = "_site_production"
+  const deno_arguments = [ "task", "build", "--dest", $dest_directory, "--location", "https://rgbcu.be/" ]
+
   if (pwd | str starts-with "/data/data/com.termux") {
     sync ./ nine:site
 
-    ssh -tt nine "
+    ssh -tt nine $"
       cd site
-      LUME_DRAFTS=false nix run default#deno -- task build --location https://rgbcu.be/
+      LUME_DRAFTS=false nix run nixpkgs#deno -- ($deno_arguments | str join ' ')
     "
 
-    sync nine:site/_site ./
+    sync ("nine:site/" + $dest_directory) ./
   } else {
-    LUME_DRAFTS=false deno task build --location https://rgbcu.be/
+    LUME_DRAFTS=false deno ...$deno_arguments
   }
 
-  cd _site
+  cd $dest_directory
 
   let host = "root@best";
 

site.ts

@@ -176,7 +176,7 @@ site.use(checkUrls({
 site.use(feed({
   output: ["/blog.rss", "/blog.json"],
 
-  query: "type=article",
+  query: "type=article unlisted!=true",
   sort: "date=asc",
   limit: Infinity,
 

site/_includes/default.vto

@@ -15,10 +15,10 @@ layout: null
   <meta name="darkreader-lock">
 
   <!-- META -->
-  {{ if title }}       <title>{{ title }}</title>                                   {{ /if }}
-  {{ if description }} <meta name="description" content="{{ description }}">        {{ /if }}
-  {{ if author }}      <meta name="author"      content="{{ author }}">             {{ /if }}
-  {{ if keywords }}    <meta name="keywords"    content="{{ keywords.join(",") }}"> {{ /if }}
+  {{ if title }}       <title>{{ title }}</title>                               {{ /if }}
+  {{ if description }} <meta name="description" content="{{ description }}">    {{ /if }}
+  {{ if author }}      <meta name="author"      content="{{ author }}">         {{ /if }}
+  {{ if tags }}        <meta name="keywords"    content="{{ tags.join(",") }}"> {{ /if }}
 
   <!-- FANCY -->
   <link rel="icon" href="/assets/icons/icon.gif">

site/blog.vto

@@ -18,7 +18,7 @@ Blog Articles
 
 <style>ul * { overflow-wrap:anywhere !important; }</style>
 <ul>
-  {{ for article of search.pages("type=article", "order=asc date=desc")}}
+  {{ for article of search.pages("type=article unlisted!=true", "order=asc date=desc")}}
   <li class="flex">
     <a id="matrix" class="text-right font-mono" style="margin-right:calc(var(--spacing)*2)" href="{{ article.url }}">
       {{ article.date.toISOString().slice(2, 10).replaceAll("-", " ") }}

site/blog/2024-03-04-htmnix.md

@@ -2,7 +2,7 @@
 title: HTMNIX
 description: How the absolutely cursed HTMNIX project works.
 
-keywords:
+tags:
 - html
 - nix
 ---

site/blog/2024-04-02-cosmic-drift.md

@@ -2,9 +2,9 @@
 title: Cosmic Drift
 description: Or how I missed the school bus because of a cosmic ray.
 
-keywords:
-  - time
-  - unix-timestamps
+tags:
+- time
+- unix-timestamps
 ---
 
 So, every day I wake up at 6:55, get dressed by 7, walk to the bus stop by 7:13

site/blog/2024-04-15-nix-iceberg.md

@@ -2,9 +2,9 @@
 title: Explaining the Nix iceberg
 description: And revealing how cursed Nix is.
 
-draft: true
+unlisted: true
 
-keywords:
+tags:
 - nix
 ---
 
@@ -226,8 +226,6 @@ in builtins.break {
 
 Evaluate this expression with `nix eval --debugger --expr/--file` and see.
 
-<!-- TODO: Mention that this didn't use to work. -->
-
 ## `tvix`
 
 [Tvix](https://tvix.dev/) is an alternate implementation of Nix written in Rust.
@@ -564,15 +562,22 @@ print t
 
 The
 [`accept-flake-config`](https://nix.dev/manual/nix/2.29/command-ref/conf-file#conf-accept-flake-config)
-Nix configuration variable or `--accept-flake-config` flag in Nix commands
-allows Nix to unconditionally accept flake `nixConfig`'s.
+Nix configuration variable or `--option accept-flake-config true` flag in Nix
+commands allows Nix to unconditionally accept flake `nixConfig`'s.
 
 This is dangerous, because this can enable `builtins.importNative` by enabling
 the
 [`allow-unsafe-native-code-during-evaluation`](https://nix.dev/manual/nix/2.29/command-ref/conf-file#conf-allow-unsafe-native-code-during-evaluation)
-option, which then allows Nix expresions to load arbitrary dynamic libraries,
+option, which then allows Nix expressions to load arbitrary dynamic libraries,
 which can do anything as they are not confined to the Nix evaluation sandbox.
 
+However, a malicious flake doesn't even have to go that far. It can define an
+evil substituter using the `extra-substituters` key in `nixConfig`, and you may
+get served malicious packages.
+
+This is why you should generally be wary of using this option or typing in `Y`
+when asked to trust a substituter/enable a setting in interactive mode.
+
 ## Zilch
 
 ZilchOS is a decidedly tiny Nix-based distro. It is a great project to see how
@@ -583,7 +588,13 @@ It was created by [t184256](https://github.com/t184256) on GitHub, here is the
 
 ## `set.a or "meow"` is set-specific
 
-TODO
+[As mentioned previously,](#let-a-1-or-6-in-a-or-9-) the Nix parser is weird and
+treats `or` as an identifier when it is not right after an attribute selection
+expression.
+
+So, the `or` in `set.key or default` is the keyword, but in `set or default` it
+is not, and the latter expression is actually a double function application,
+where we apply `or` to `set`, and then `default` to the result of that.
 
 ## `builtins.toString [true false true] == "1  1"`
 
@@ -814,7 +825,20 @@ evaluate to 1.
 
 ## `__impure`
 
-TODO
+With the
+[`impure-derivations`](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-impure-derivations)
+experimental Nix feature, you can set the `__impure` attribute to `true` within
+derivations to mark them "impure".
+
+What this does is:
+
+1. Let the derivation build have access to the network.
+2. Prevent the impure derivation from becoming a
+   [content-addressed](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-ca-derivations)
+   derivation.
+
+Impure derivations can also only be used by other impure derivations or
+fixed-output derivations (FODs).
 
 # Tier 5: `normal and can be trusted with nix`
 
@@ -879,38 +903,67 @@ Give feedback at https://github.com/NixOS/nix/pull/11121
 
 ## `restrict-eval`
 
-[From the Nix manual:](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html?highlight=restrict-eval#conf-restrict-eval)
+[From the Nix manual:](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-restrict-eval)
 
 > If set to true, the Nix evaluator will not allow access to any files outside
 > of `builtins.nixPath`, or to URIs outside of `allowed-uris`.
 
 ## nix2
 
+`nix2` is commonly used to refer to `nix-<action>` style commands, such as
+`nix-build`, `nix-shell` while `nix3` is used to refer to `nix <action>` style
+commands, such as `nix build`, `nix develop`, and so on.
+
 ## `__noChroot`
 
 When the
-[`sandbox`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html?highlight=__nos#conf-sandbox)
+[`sandbox`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-sandbox)
 Nix configuration value is set to `relaxed`, fixed-output derivations (FODs)
 that have the `__noChroot` attribute set to `true` will not run in the Nix
 sandbox.
 
 ## cloud scale hydra
 
-TODO
+[Cloudscale hydra](https://web.archive.org/web/20220624223053/https://cloudscalehydra.com/)
+was
+Graham[^![Graham "Determinate" Christensen](/assets/images/graham-sickos-resized.webp)]
+Christensen's previous failed project.
+
+He then went on to create [FlakeHub](https://flakehub.com/), which could be said
+is the successor to Cloudscale Hydra.
+
+It is curious that the following links are the only non-automated mentions of
+the project on the open internet:
+
+- [Meeting about nixpkgs `cudaPackages` from February 13th, 2025.](https://pad.lassul.us/p/KXm3h1AS-?print-pdf#/)
+  ([archive](https://archive.is/fbNMP)) (Search for `cloud-scale hydra`)
+
+- [A link to a now-defunct Hydra instance hosted by Cloudscale Hydra, in the Determinate Systems blog.](https://determinate.systems/posts/hydra-deployment-source-of-truth/)
+  ([archive](https://web.archive.org/web/20250319031645/https://determinate.systems/posts/hydra-deployment-source-of-truth/))
+  (Search for `cloudscalehydra`)
+
+- [A tweet from the Determinate Systems, about the availability of Cloudscale Hydra](https://x.com/DeterminateSys/status/1445785369941889024)
+  ([archive, actually check this one out! it's from 2021](https://web.archive.org/web/20220112074900/https://twitter.com/DeterminateSys/status/1445785369941889024))
+
+If you can't find the mentions in these pages, check the archives out.
+
+![Cloudscale Hydra landing page sketch](/assets/images/cloudscale-hydra.webp)
 
 ## `(_:_) != (_:_)` but `(a:a) == (a:a)`
 
 Evaluating `(_:_) == (_:_)`, we see that it is `false`, which means the two
 functions aren't equal to eachother, as we are comparing them directly and when
-compared directly, functions return false.
+compared directly, function comparisons return false.
 
-But then why does `(a:a) == (a:a)` return `true`? Aren't they both functions?
+But then why does `(a:a) == (a:a)` return `true`? Aren't we still comparing
+functions?
 
 **Nope!**
 
 `a:a` is a
-[legacy URL literal](https://nix.dev/manual/nix/2.29/development/experimental-features.html?highlight=url%20literal#no-url-literals),
-which can be disabled using the `no-url-literals` Nix feature.
+[legacy URL literal](https://nix.dev/manual/nix/2.29/development/experimental-features.html#no-url-literals),
+which can be disabled using the
+[`no-url-literals` experimental Nix feature.](https://nix.dev/manual/nix/2.29/development/experimental-features.html#xp-feature-no-url-literals)
 
 ## de betekenis van @niksnut
 
@@ -920,14 +973,14 @@ TODO
 
 This is the legacy `let` syntax. Equivalent to `let huh = "?"; in huh`.
 
-## Tier 6: `has meowed before`
+# Tier 6: `has meowed before`
 
-### `let { body = 1; __overrides.body = 2; }`
+## `let { body = 1; __overrides.body = 2; }`
 
 This is a combination of [`__override`](#rec-a-5-b-a-1-overridesa-6-) for keyed
-experessions and the [`legacy let syntax`](#let-huh-body-huh-).
+expressions and the [`legacy let syntax`](#let-huh-body-huh-).
 
-### function identity is load bearing on importing nixpkgs
+## function identity is load bearing on importing nixpkgs
 
 Since
 [attribute sets with function members compare function identities (memory locations)](#let-f-a-a-s-ff-in-f-f-s-s),
@@ -941,9 +994,9 @@ determine whether if we are cross-compiling.
 
 Therefore, function identity really **is** load bearing on importing nixpkgs.
 
-### `import <nix/fetchurl.nix>`
+## `import <nix/fetchurl.nix>`
 
-This looks like we are importing <nix>, and getting the `fetchurl.nix` file in
+This looks like we are importing `<nix>`, and getting the `fetchurl.nix` file in
 it.
 
 Let's see if that is true:
@@ -998,15 +1051,15 @@ and its contents are set to a
 You do not need to be in impure evaluation mode to use `corepkgs`, aka
 `<nix/*>`.
 
-### test suite of nix wasn't run
+## test suite of nix wasn't run
 
 TODO
 
-### fixed-output derivation sandboxing
+## fixed-output derivation sandboxing
 
 TODO
 
-### `importNative`
+## `importNative`
 
 [`builtins.importNative`](https://nix.dev/manual/nix/2.29/command-ref/conf-file.html#conf-allow-unsafe-native-code-during-evaluation)
 allows Nix expressions to import arbitrary dynamic libraries to produce Nix
@@ -1015,11 +1068,11 @@ expressions.
 Of course, this is turned off by default as it is a security risk. You probably
 shouldn't use this.
 
-### `chromium recompressTarball`
+## `chromium recompressTarball`
 
 TODO
 
-### more than 1 million chars of indents breaks things
+## more than 1 million chars of indents breaks things
 
 The weird Nix parser
 [hard codes `1000000`](https://github.com/NixOS/nix/blob/2afc84fddf463b22196aeb70587bc0c9259e330f/src/libexpr/include/nix/expr/parser-state.hh#L250)
@@ -1029,7 +1082,7 @@ spanning multiple lines.
 So when you have a line with more than a million spaces for the indent, it is
 ignored and not included in the minimum indent calculation.
 
-## Tier 7: `wears animal ears to NixCon`
+# Tier 7: `wears animal ears to NixCon`
 
 <h2><small>
 
@@ -1044,11 +1097,37 @@ TODO
 
 ## `(_: builtins.break _)`
 
-TODO
+Historically, the [`builtins.break`](#-debugger) function used to not work
+reliably in some cases, such as `let-in`'s and function calls.
+
+This was fixed in [this merge request](https://github.com/NixOS/nix/pull/9917),
+in February 8, 2024.
+
+But before that fix, you would use `(_: builtins.break _)` or an equivalent
+instead of `builtins.break` itself.
 
 ## multiplayer tic-tac-toe in nix repl
 
-TODO
+You want to read this blog post:
+[Are Nix Expressions Pacman-Complete?](https://stuebinm.eu/posts/nix-tic-tac-toe-complete.html)
+
+You can run it using the following bash/zsh/etc (any shell that implements
+`$(( RANDOM ))`):
+
+```sh
+git clone https://stuebinm.eu/git/playground nix-tic-tac-toe
+
+# In first shell:
+nix-build --argstr seed $(( RANDOM )) nix-tic-tac-toe/nix-turing/game.nix
+
+# In second shell, in parallel:
+move=0
+while true; do
+  read -p "move: " content
+  echo "$content" > "/tmp/input-${move}"
+  ((move++))
+done
+```
 
 ## `let e="e"; in [001.2e01e.30.4]`
 
@@ -1067,3 +1146,5 @@ TODO
 TODO
 
 ## `builtins.derivationStrict`
+
+TODO

site/blog/2024-05-20-swap-i.md

@@ -2,7 +2,7 @@
 title: Swap the `ı` and `i` key on your keyboard for faster modal editing
 description: How to swap the ı and i key on your Turkish keyboard on Linux.
 
-keywords:
+tags:
 - localisation
 - modal-editors
 ---

site/blog/2024-09-30-gitignore.md

@@ -5,7 +5,7 @@ description: And how to roll the rock over the edge.
 color: "#A5804C"
 thumbnail: /assets/images/sisyphus-ds-store.webp
 
-keywords:
+tags:
 - vcs
 ---
 

site/blog/2025-06-05-why-cores.md

@@ -4,7 +4,7 @@ title: "Why more `/sys/class/hwmon/*/temp*_label` than CPU cores?"
 color: "#99CF9F"
 thumbnail: /assets/images/cpu-dumb.webp
 
-keywords:
+tags:
 - hardware
 ---