Attendees: @kiara @fricklerhandwerk @niols

- CI still bad: checkout action flaky, secrets exposed to all contributors
  - We discussed switching to Gerrit (for review suggestions) and buildbot-nix (for CI)
  - It will be a lot of effort, but it's already a lot of effort and we better spend it now than when more people join the project
  - Chances are this will solve the secrets issue automatically
- Regressions in Proxmox provisioning
  - needs tests and docs, `proxmox-provision.sh` was written ad hoc beginning of the year
  - we haven't been exercising our knowledge of provisioning since
  - would be nice to rewrite in Python, also as a way to turn it into a NixOps4 resource provider
- NixOps4 future:
  - @roberth signaled the path to nested deployments may not be all that long
  - @fricklerhandwerk: currently our use case is perfectly suited by the state of affairs (especially having everything one language), but eventually we'll need something more powerful
  - @niols: dry run threatens to be a can of worms with nested deployments
    - @fricklerhandwerk: we'd need to mock away everything, we don't have a programming pattern for that yet (sigh)
    - @niols: for now we expose only the NixOS configurations to get evaluated separately
- @kiara kept dabbling at the data model, fixing small issues
  - @fricklerhandwerk will go through the WIP branch and cherry-pick what works
- @niols will add tests to provisioning code to fix regressions from recent refactorings
  - will start refactoring `infra/flake-parts.nix` to remove the wild function passing