When I’ve done this it’s generally done with JWTs where each micro service is configured with a trusted public key that is used to authenticate the JWT. The JWT can be sent to the client when they log in, and used to authenticate all API requests (forwarding the JWT as necessary for service-to-service requests). It’s also possible to have a gateway mint JWTs after using some other means to authenticate client requests.

Sometimes service-to-service requests don’t have a client request in context to pull a JWT from. In those cases you need another authentication mechanism, like a different signed token, or a shared secret.

I’m not informed on all the details, but a key difference between the async_trait macro and a native async keyword is that async_trait gives you that boxed, trait object type. IIUC the thinking is native support should not automatically box futures, which implies it shouldn’t use dyn either. Using Box and dyn is an easy way to make sure the code works no matter what type of future a method returns. But the trade-off is some runtime overhead from heap allocation (due to Box), and dynamic dispatch (due to dyn).

According to areweasyncyet.rs:

async fn in trait method not stabilized yet

• Workaround is available as an attribute macro: async-trait

With callPackage you need to specify an argument set to the package expression, like this:

callPackage ../brei/package.nix {}

Without the curly braces what you have is a function instead of a derivation, which is why the error message says it’s an invalid type.

The argument set lets you override inputs to the package set, or pass in arguments that aren’t provided by nixpkgs. But if you want all package inputs to be automatically pulled from nixpkgs then you provide an empty set.

I get into hyper-focusing on my computer configuration. That’s stuff like Neovim configs, NixOS configs, sometimes keyboard firmware. Or hobby programming.

That’s not an unreasonable answer. But I find this thread a little frustrating. As I see it, it’s gone like this:

• phpinjected: Why don’t I have a tool to do these non-hierarchical things?
• frongt: You already have a tool that does those specific things.
• hallettj: What could change to make that tool better suited for those non-hierarchical / tagging things?
• frongt: Don’t use that tool to do tagging things. It’s the wrong tool.

Why bring up hard links if people shouldn’t use them for the requested use case? I mean, I do think your original reply was interesting and relevant as a starting point to get to what I think OP has in mind. But that line of thinking does require getting into how to use hard links for a non-hierarchical workflow.

I feel like OP was trying to start a discussion about what might be, if things were different. I tried to reply in the same spirit. I feel like I’m asking, “What if things were different?”, and I’m being told “It doesn’t work that way.” Which doesn’t feel like an especially helpful response to me.

We have hard links, but is there any good UI out there for them? I only know of using the ln command directly. Or put another way, do you know of anyone who actually uses hard links in a way similar to how a tagging filesystem would be used? What are the obstacles that prevent this use case from being easy or discoverable enough to be in common use?

With a tagging system you can remove tags without fear of losing file data. But with hard links you could easily delete the last link without realizing that it’s the last link, and then the file is gone.

That relates to another issue: in a tagging system you can look at file metadata to see all of the file’s tags. Is there a convenient way to do that with hard links? I see there is find . -samefile /path/to/one/link, but requiring a filesystem scan is not optimal.

Whoops! Guess I was wrong. After some experimenting it looks like the flake system parses, but does not evaluate flake.nix to read inputs. I also experimented with string concatenation, and that failed with the same error:

nixpkgs.url = "github:nixos/nixpkgs" ++ "/nixos-25.05"; # error: expected a string or path, but got a thunk

A “thunk” is an expression whose evaluation has been delayed. It’s a key piece of lazy evaluation. Remember that every expression in Nix is lazily evaluated.

It looks only literal attribute set, string, and path expressions will work in inputs. I think that means it is not possible to split inputs over multiple files.

Good point! But I think lib.mkMerge only merges options in a module system like the ones used in NixOS, Home Manager, and flake-parts configs. In this situation I think the function to use would be lib.attrsets.recursiveUpdate

I think you can use import to load the expression from each file, and the // operator to combine imported attribute sets. Like this:

Edit: This doesn’t work - see replies

# flake.nix
{
  inputs =
    import ./inputs/nixpkgs.nix //
    import ./inputs/nix-index.nix;

  # ...
}

# inputs/nixpkgs.nix
{
  nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
  nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
}

# inputs/nix-index.nix
{
  nix-index-database = {
    url = "github:Mic92/nix-index-database";
    inputs.nixpkgs.follows = "nixpkgs";
  };
}

I think publicly operated social media could be a good thing. If you want to remove profit motive, you need an operator that is not motivated by profit. Take a look at how effective public broadcasting is.

Lemmy and Mastodon do much better than the big corporate apps. But currently these are small-scale operations. A state or federal government program would be better suited to scale up, and better able to resist capitalist takeover.

I haven’t tried it, but I know people use it to run Minecraft Bedrock Edition. Although I’m reading reports that that broke recently, so I’m not sure if it’s working at the moment.

Minecraft BE is very frustrating - there is a native Linux build for Android, that works great when you can get it to run on a proper computer. But Microsoft’s authentication system makes it very difficult to do that. Minecraft Java Edition works without problems, and is probably the better Minecraft; but the two editions don’t interoperate without server mods, a lot of people run BE, and the kids want to be able to play online with their friends.

I just rewatched TNG season 1, and I found it much more fun than I remembered! (Excluding Code of Honor ofc.) Super goofy, super Wesley-heavy. But fun!

Oh, I hadn’t heard about choose!

I have been using Nushell, and you’re right, it is great at parsing input. Commands like detect columns and parse are very nice, and have been supplanting awk for me.

Oh yeah, I do find Helix interesting! I sometimes recommend it to people who don’t have a background with modal editing as a batteries-included option for getting started. I have tried it a little bit myself. It’s hard for me to give up leap.nvim and fugitive, which is holding me back.

I’ve been meaning to try out dedicated git programs to see how comfortable I can be without fugitive. Tig is one that caught my eye. Or sometimes I even think about using Gitbutler because its virtual branch feature seems very useful, and I haven’t seen any other tool that does that.

That’s the only think I know how to do with awk, and I reach for it a lot! cut is purpose-built for that function, and is supposedly easier to understand; but it doesn’t seem to just work like awk does.

I certainly see the value in this strategy! But I’m not going to give up my top-level aliases. I enjoy saving two keystrokes too much!

Here are my most used aliases (these ones use Nushell syntax):

alias st = git status
alias sw = git switch
alias ci = git commit
alias lg = git log --color --graph '--pretty=format:%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
alias push = git push

I was also delighted to learn that I could get the same short aliases for corresponding fugitive commands in vim/neovim using the vim-alias plugin:

-- This is a lazy.nvim plugin module
return {
  'Konfekt/vim-alias',
  config = function()
    -- Shortcuts for git operations to match some of the shell aliases I have.
    -- For example, `:sw ` expands to `:Git switch `
    vim.cmd [[Alias sw Git\ switch]]
    vim.cmd [[Alias ci Git\ commit]]
    vim.cmd [[Alias pull Git\ pull]]
    vim.cmd [[Alias push Git\ push]]
    vim.cmd [[Alias show Git\ show]]
    vim.cmd [[Alias re Git\ restore]]
    vim.cmd [[Alias lg GV]]
  end,
}

Fugitive is very nice for integrating git workflows in the editor, and its commands have very nice tab completion for branches and such.

I have to dual boot for work, so every day I have to reboot into a different OS install. It’s on its own drive with its own bootloader, so I can’t use systemctl reboot --boot-loader-entry. But I was able get a smooth process using efibootmgr.

This is my Nushell implementation:

def boot-to [
  device: string@boot-devices # Identifier of device to boot to (e.g. 0003)
] {
  sudo efibootmgr --bootnext $device
  systemctl reboot
}

# This function exists to provide tab completion for boot-to
def boot-devices [] {
  efibootmgr | parse --regex 'Boot(?<value>\S+)\* (?<description>(?:\w+ )*\w+)'
}

I like mkcd! I have the same thing. Although what I use more is a function I pair with it that specifically creates a temporary directory, and cds to it. It’s useful for temporary work, like extracting from a zip file.

These are my Nushell implementations:

# Create a directory, and immediately cd into it.
# The --env flag propagates the PWD environment variable to the caller, which is
# necessary to make the directory change stick.
def --env dir [dirname: string] {
  mkdir $dirname
  cd $dirname
}

# Create a temporary directory, and cd into it.
def --env tmp [
  dirname?: string # the name of the directory - if omitted the directory is named randomly
] {
  if ($dirname != null) {
    dir $"/tmp/($dirname)"
  } else {
    cd (mktemp -d)
  }
}

When I’m in some subdirectory of a git repository, I use this command to jump to the repo root:

alias gtop="cd \$(git rev-parse --show-toplevel)"

Not OP, but I’ve been using Niri as my daily driver for almost two years (since v0.1.2). The stability and polish have really impressed me. In addition to the scrolling workflow it has some especially nice features for screen sharing & capturing, like key binds to quickly switch which window you are sharing, and customizable rules to block certain windows when showing your whole desktop.

I do use a 40" ultrawide. Looking for options for getting the most out of an ultrawide was how I got into scrolling window managers.

I only occasionally use my 13" laptop display. I still like scrolling because I like spatial navigation. Even if windows end up mostly or entirely off the screen I still think about my windows in terms of whether they’re left, right, up, or down from where I’m currently looking.

I don’t like traditional tiling as much because I find squishing every window to be fully in view to be awkward; and with e.g. i3-style wms if I want to stash a window out of view, like in a tab that’s a separate metaphor I have to keep track of, with another axis where windows might be. Scrolling consistently uses on spatial metaphor, placing all windows on one 2D plane with one coordinate system.