<GlancingMind>
Hello, I'm currently working on my first module and I'd like to add an option to link a bookmark file to the users config directory. As this bookmark file could change frequently and possible contain sensitive data, I prefer to create an out-of-store-symlink via mkOutOfStoreSymlink.The only problem I still have is, that the symlink still seems to
<GlancingMind>
be somewhere in the nix-store. E.g. this is my current symlink: bookmarks -> /nix/store/84hrfqzi7hgn205sia8y31xjys85qg30-home-manager-files/.config/surfraw/bookmarksIf I'm right, then bad users could find the bookmark file (with the sensitive data) in the nix-store and possible trace it back to some specific user. So should I better use an
<GlancingMind>
activation script, which links the bookmark file?
<piegames>
GlancingMind: Doing things in Nix without them landing in the store is a rather difficult thing to do.
<piegames>
How do you configure that module without that configuration landing in the Nix store?
cole-h has joined #home-manager
<GlancingMind>
piegames Well currently I do xdg.configFile."surfraw/bookmarks".source = config.lib.file.mkOutOfStoreSymlink cfg.linkBookmarkFile; But I tried it also with an activation script, which currently has still one edge case. https://pastebin.com/5V2QVKm7 I would prefer the mkOutOfStoreSymlink usage, but I'm not comfortable with placing the users
<GlancingMind>
bookmark file in the nix-store.
<GlancingMind>
The activation script basically links the users bookmark file to the config directory. E.g. .config/surfraw/bookmarks -> /home/foobar/data/bookmarks
<piegames>
GlancingMind: So basically you want dotfiles-like semantics
<GlancingMind>
I'm not sure what you mean by dotfiles-like semantic, but yes, the bookmark file is a configuration file in the users xdg.configHome.
<GlancingMind>
Well to be honest, user could itself link the bookmark file to the config directory, but this would quiet likely end in a symlink to the nix-store (dependent on the current nix programming skill). With the burden to run home-manager every time the bookmark file is changed and the possible exposure of sensitive data via the nix-store. That's why I
<GlancingMind>
would rather implement this functionality in the module.
<GlancingMind>
Currently it looks like I have to use my activation script. But I still wanted to assure myself if there might be a more elegant solution. :)
<GlancingMind>
Like mkOutOfStoreSymlink without nix-store.
<simpson>
Some dotfiles simply aren't going to be a good fit for home-manager.
<simpson>
You have discovered today that we don't have a good answer for how to put secrets into the Nix store.
<cole-h>
GlancingMind: just FYI, mkOutOfStoreSymlink does what it says on the tin: the contents are not copied into the store at all.
<cole-h>
However, the location of the file with the contents will be.
<cole-h>
(e.g. a symlink to the provided path is created and added to the store; the provided path's contents are not)
<GlancingMind>
Ah, so then some bad user can only see that some other user has a bookmark file but not read the files content. Then this would still fit my use-case perfectly.
<__monty__>
Why does the program have to look in the store in the first place?
<__monty__>
The XDG spec is supposed to standardize where programs should look for configuration and the like, no?
cole-h has quit [Ping timeout: 246 seconds]
<GlancingMind>
__monty__ The program doesn't look in the nix-store. I just want prevent other users from reading strangers bookmark file. Which could be a possibility if this file is placed in the nix-store.
<piegames>
__monty__: Because how the home-manager works internally with the generations and such. Also files "owned" by home-manager are recognizable as links to `/nix/store/somethin` which is important for deployment.
<piegames>
GlancingMind: Well, the program will resolve a double symlink, of which one part lies in the store. It's up to you if you call this "lok in the nix-store" or not.
<piegames>
* look
<__monty__>
This is because you want to manage the bookmarks file from the module? How will you deal with manual edits to the file?
<GlancingMind>
piegames I'm totaly fine with other seeing, that there exists a bookmark file for some user, as long as the content is only readable by the owner respective owner.
<piegames>
__monty__: Through symlinks to that file.
<piegames>
GlancingMind: Also note that you might end up with dead symlinks when deploying your configuration for different machines, if that fits your use case.
<__monty__>
But a symlink doesn't contain any bookmarks so how does the module manage them? Are we talking about two bookmarks files where one sources the other?
<GlancingMind>
piegames Yes, that is a problem that I could live with. Also I could provide another option to place the file in the nix-store for the reproducability.
<GlancingMind>
__monty__ Yes, the user would have a bookmark file somewhere on his system or maybe a mounted usb-stick. And the file in the config directory will just symlink to the real bookmark file.
<piegames>
__monty__: Think of dotfiles. You put your files in one place and then "deploy" them into your home by putting symlinks to them at the correct place
<GlancingMind>
__monty__ In this way, the user can alter the bookmark file without rerunning home-manager switch all the time.
<__monty__>
Doesn't sound like something the module should do tbh? If I want a bookmarks file I either put it in .config/program or I put a symlink there (or change the XDG directory), no?
<__monty__>
*Configuring* the configuration path is something the module would be responsible for.
<piegames>
__monty__: The thing is, you can view bookmarks of a program as part of its configuration
<__monty__>
But that's not what GlancingMind seems to be doing? Since you can't add bookmarks in a symlink. Hence my assumption of two bookmarks files, one sourcing/importing/including the other.
GlancingMind has quit [Remote host closed the connection]
<thibm>
Hm, I cannot use 1 email account with, say, notmuch and 1 with, say, neomutt. Both notmuch and neomutt modules require 1 of the account to be primary, but I can't obviously set 2 primary accounts
GlancingMind has joined #home-manager
<GlancingMind>
__monty__ The symlinks work fine. I just was needed to know, if I mkOutOfStoreSymlink fits my use-case or if I have to hand role my own solution.
<GlancingMind>
*The symlinks work fine. I just needed to know, if mkOutOfStoreSymlink fits my use-case or if I have to hand role my own solution.
<GlancingMind>
thibm So you want one email account to be the primary one for notmuch and another one to be the primary one for neomutt?
<thibm>
GlancingMind: I don't want any primary email account, really, but both modules requires that one of their "enabled" account be the primary.
<__monty__>
GlancingMind: I'm not saying it's not possible or doesn't work. Just that adding symlinks doesn't really sound like the module's responsibility.
<thibm>
in other words, I can't use two MUA for two accounts
<__monty__>
thibm: Are you using the mail config or client-specific config? The former's just for convenience afaik so maybe you can get what you want by just using the client-specific modules?
<__monty__>
Oh, or let mail.whatever = something in client1 = { config = ...;};` something like this might work?
GlancingMind has quit [Remote host closed the connection]
<thibm>
the given patch seems to change the error message. But I still did not defined account "default" more than once :/
<thibm>
(And my msmtp has this patch)
<thibm>
The config file contains one account block + the "account default : X" (from primary). Any idea what causes this error?
<thibm>
if I remove the last line ("account default : X") it works.
<__monty__>
Anyone know how I can overlay a module?
<thibm>
Got it: in msmtp configuration file, if no account is given then the "default" account is used. I made a mistake in the extraConfig block, so msmtp created a buggy account "default" for this block and threw an error when it reached the "real" account "default"
<thibm>
src/conf.c: 'compatibility with 1.2.x: if no account command is given, the first account will be named "default"' => thanks compatibility with poor configuration syntax choice
EncodePanda has joined #home-manager
<EncodePanda>
hello kind folks, I have a question regarding configuring zsh on my fresh new Mac using home manager
<EncodePanda>
now funny thing, my Mac came with zsh by default (not bash)
<EncodePanda>
so after installing Nix I've added the `source $HOME/.nix-profile/etc/profile.d/nix.sh` to .zshrc
<EncodePanda>
which worked like a charm, I got Nix running
<EncodePanda>
I've started playing with home manager, got few things working (like git or Emacs), so far so good
<EncodePanda>
so this is how things were so far, now we are (finally :) ) reaching the question part
<EncodePanda>
I've enalbed zsh in my home manager config
<EncodePanda>
but when I've `home-manager switch` it
<EncodePanda>
I've got working `Existing file '/Users/encodepanda/.zshrc' is in the way of '/nix/store/f4awysazblx3c0gmn68v1kb7hg5nbspx-home-manager-files/.zshrc'`
<EncodePanda>
I was like "oh, great, awesome, I don't have to store .zshrc, it will be autogenerated, great
<EncodePanda>
BUT
<EncodePanda>
:)
<EncodePanda>
that new file does not have the entry to source the `nix.sh`, what's the correct way to add it into that file?
<__monty__>
EncodePanda: Do you use nix-darwin? Because I don't have it in my h-m managed rc file but I do in the nix-darwin managed one in /etc.
<EncodePanda>
I don't have nix-darwin yet, was planning to add it eventually
<EncodePanda>
so nix-darwin manages the rc file?
<EncodePanda>
this means that you don't enable zsh integration in your home manager?
<__monty__>
Not quite. System and user configuration don't interfere, they compose. But the system configuration takes care of nix.sh etc.
<EncodePanda>
but I still wonder, I thought that nix-darwin was for the system level configuration, not user level
<__monty__>
Yes, but nix-darwin adds /etc/fish/config.fish while home-manager adds ~/.config/fish/config.fish. Fish then simply reads both, which is quite a common way for this to work.
<EncodePanda>
I see
<EncodePanda>
ok, so I want to give nix-darwin a try but want to finish my home-manager config first
<EncodePanda>
so I got this ` initExtra = ''. ~/.nix-profile/etc/profile.d/nix.sh'';`
<EncodePanda>
and it seems to work
<EncodePanda>
thx __monty__for the help
<EncodePanda>
Second question, I've installed git via nix (home-manager) but my system keeps on insisting that I install command line developer tools from Apple
<EncodePanda>
I don't want to install that, I can get all my dev tools with Nix
<EncodePanda>
is there a known work around for this?
<rycee>
EncodePanda: Unfortunately I have no idea, perhaps somebody in #nixos or #nix-darwin knows? It is probably not related to HM.
<EncodePanda>
it's not, just assumed that maybe some folks here are on Mac and had that issue in the past
<__monty__>
You probably do want to install those. They're not git and stuff but they make command line life on macOS bearable afaict : )
<EncodePanda>
`git` works like a charm btw, it's only the fact that my ZSH has a plugin `git-extras` and that plugin, when I enter new shell, gets enabled
<__monty__>
rycee: Ah, did you catch my question re how to test the programs.fish patch?
<EncodePanda>
and I get this annoying message (which is a pop-out sic)
<__monty__>
Hmm, doesn't look like it generated a new config.fish.
<__monty__>
Does it matter that I edited it as a stop-gap measure?
<__monty__>
Yeah, the switch even says "No change reusing generation..."
<__monty__>
Oh, probably because I have to nix-channel --update after add.
<rycee>
__monty__: Hmm, do you have an old or new nixpkgs? I.e., does it contain `pkgs.fishPlugins.foreign-env` or `pkgs.fish-foreign-env`?
<__monty__>
It's new.
<rycee>
Ah, right. Yeah you'll have to `--update` :-)
veleiro has joined #home-manager
srk has quit [Ping timeout: 240 seconds]
<__monty__>
rycee: Ok, looks like cole-h's change works just fine. Maybe worth thinking about an easy way to override modules so you don't have to whip up a channel for people to test a patch : )
srk has joined #home-manager
Crush has joined #home-manager
thibm has quit [Ping timeout: 264 seconds]
thibm has joined #home-manager
srk has quit [Remote host closed the connection]
srk has joined #home-manager
<rycee>
__monty__: `disabledModules` and `imports` is the mechanism for replacing modules.
<rycee>
Thanks for testing. I'll try mergin it.
<rycee>
I've never used it, though so I can't assist much in its use.
<rycee>
Somebody in #nixos might be more knowlegable :-)
<__monty__>
I know that mechanism. Even use it for some NixOS modules I changed. It not working when you use h-m as a module is the unfortunate bit.
cole-h has joined #home-manager
thibm has quit [Quit: WeeChat 2.9]
kalbasit has quit [Ping timeout: 240 seconds]
Crush has quit [Read error: Connection reset by peer]
__monty__ has quit [Quit: leaving]
Crush has joined #home-manager
Crush has quit [Read error: Connection reset by peer]