aminechikhaoui has quit [Ping timeout: 240 seconds]
aminechikhaoui has joined #nix-darwin
aminechikhaoui has quit [Quit: Ping timeout (120 seconds)]
aminechikhaoui has joined #nix-darwin
__monty__ has joined #nix-darwin
mbrgm has quit [Quit: ZNC 1.7.5 - https://znc.in]
mbrgm has joined #nix-darwin
philr_ has quit [Ping timeout: 260 seconds]
eraserhd3 has quit [Quit: WeeChat 2.8]
eraserhd has joined #nix-darwin
<LnL> uhoh, somebody at apple just reviewed the installer pr
<gchristensen> oh shit
<gchristensen> :o
<gchristensen> what'd they think? :)
<gchristensen> link?
<gchristensen> :o
<gchristensen> :o
<gchristensen> :o
<LnL> have a feeling there's a magic tool they didn't include in the release
<gchristensen> oh
<gchristensen> is it called nix?
<LnL> :D
<evelyn> thye clearly havi inside knowledge about the magical firmlinks :P
<gchristensen> very interesting that they're reviewing the PR, I assume this means they were *told* to review the PR
<evelyn> maybe it's in the beta?
<gchristensen> since they have an absolutely draconian internal policy around OSS contributions
<evelyn> i guess this kind of suggests that synthetic.conf was dropped for us + other oss projects like fink
<gchristensen> interesting
<LnL> yeah pretty sure it was, or at least a big part of the reason they decided to add it
<LnL> from synthetic.conf(5)
<LnL> synthetic.conf is intended to be used for creating mount points at / (e.g. for use as NFS mount points in enterprise deployments) and symbolic links (e.g. for creating a package manager root without modifying the system volume)
<LnL> aparenlty we're an enterprise nfs mount
<abathur> :]
<gchristensen> nice
<abathur> I dunno if told, it smells like from his repo that he does already use nix
<evelyn> would be funny if apple were using nix internally
<abathur> he's got a fork of vgo2nix last updated in mid march for example
<gchristensen> LnL: michaelraskin got me thinking things about nix-darwin's model of applying service management, that I'm kind of interested in trying more generally
<LnL> not sure I follow
<gchristensen> nix-darwin adding services to the system's service manager
<gchristensen> which is something nix-on-systemd-linux could do really trivially, with systemd generators
<__monty__> What is this service manager? Launchd? How are the systemd services different?
<abathur> gchristensen: not certain it's related, but have you seen this https://github.com/svanderburg/nix-processmgmt
<gchristensen> LnL: if we look at the "getting in to nixos" as a ramp of try nix -> nix shell -> nix-built docker container -> [...] -> nixos, something to fit in that [...] could be "running a service on rhel, but built by nix"
<gchristensen> abathur: oh wow hello
<gchristensen> LnL: and nix-darwin so perfectly fits in that [...] already
<__monty__> Oh yeah, that would be really cool.
<__monty__> "Just install this thing with nix." "Oh, yeah, you could run that service with nix." "Now just remove pacman/apt-get. >: )"
<gchristensen> :)
<LnL> right
<gchristensen> nice!
<LnL> well I'm not sure if nixos modules as they are now would be the way to go for this
<gchristensen> yeah, probably not
<LnL> they are not very composable and you want that for something like this much more compared to nixos
<gchristensen> they're have lots and lots of assumptions about being "on nixos"
<__monty__> Yeah, we should probably just migrate them all to hnix and use the haskell module system. : >
<gchristensen> well that is ... an idea
<gchristensen> :)
<LnL> and on the activation part sharing the host system makes things also much more complicated
<gchristensen> yeah
<LnL> I've mostly opted to be safe and not touch anything that nix-darwin doesn't know about / expect
<gchristensen> yeah
<LnL> but that has a bunch of annoying downsides
<LnL> bigger picture I think nixos handles many of these things too much in the traditional way (ie. global)
<gchristensen> you are speaking michaelraskin's language
<evelyn> hmm tolfaeletti writes "
<evelyn> Sorry, looks like this isn't available. I'll see if I can find another way.
<LnL> environment.etc is an old concept, things like vim_configurable are _way_ more powerful since it's decoupled
<evelyn> so apfsctl must be an internal apple tool? .oO
<gchristensen> +1
<LnL> but that's an easy example, services are already quite a bit more complicated to approach in a similar way
<gchristensen> there are _some_ things I want in /etc, like my `sway` configuration, so I can reload the config withouht killing my gui
<gchristensen> but almost all things -> none of that please
<LnL> well no, you don't want it in /etc you just want it to support reloading
<gchristensen> I need a mutable file to pivot the configuration at, I think
<LnL> yeah probably, but it's tied to the lifetime of that service if you stop that it could go away
<gchristensen> yeah true
<LnL> on linux a good example could be to tie that to the namespace of the process like containers do
<LnL> but that's not a very generic feature across other platforms
<evelyn> i wonder what apfsctl actually does, why would they keep such a program internally? :(
<gchristensen> can't trust us hooligans with the tools
<LnL> I have a feeling it just wasn't ready yet
<gchristensen> yeah probably :)
<LnL> the synthetic.conf story came pretty late, or at least that's what it seemed like to me, so I wouldn't be surprised they had to rush that out a bit
<gchristensen> yeah
<abathur> hmm
<abathur> does something about the create volumes script implicitly disable encryption on other volumes?
<abathur> I could swear I left filevault enabled during install, but fiddling around with diskutil now and it doesn't look like it's enabled on either my system or data volumes
<LnL> I doubt that's even possible to automate
__monty__ has quit [Quit: leaving]
<abathur> yeah, not sure; I had the same discovery on my previous system still on mojave, but it had been so long since setup that I thought maybe I had just forgotten
<abathur> but when I was setting up this new system I don't think I did a single install without leaving FV enabled, but disabling the reset-from-my-appleid option
<abathur> maybe the installer is just dumb
<LnL> you mean the check I added?
<abathur> sorry, maybe the macOS installer is just dumb
<abathur> I
<abathur> I'm talking through the loop of clean macOS install with FV ostensibly enabled, run your create volume script, install nix, pull in my dotfiles, run my bootstrap script
<evelyn> I don't think the macOS installer enables filevault by default?
<abathur> and then ~5 days later noticing FV is off on all volumes, when my reasoning about the process was that it would only be off for the Nix Store volume
<LnL> yeah, unless there's a step somewhere it's not on by default
<abathur> plausible; I'd have to re-do it to know for sure, in any case I make sure the top checkbox is ticked to enable it but untick the 2nd one to disable the icloud-reset part
<gchristensen> btw LnL I don't have brain space to think about the PR fixing installation to macos, so I guess I'd like to say ... tell me when it is ready, and I can push merge? and if something breaks, I trust you'd fix it :)
* gchristensen feels guilty for not looking at that
<abathur> it looks like it IS enabled on my older macbook running mojave
<abathur> and I was installing both of these systems repeatedly last week to make sure my bootstrap still worked for both mojave and for catalina
<LnL> gchristensen: well at this point I think it's only the filevault error message
<LnL> stuff can still be improved and whatever, but that's no reason not to have a working version
<gchristensen> so good to merge?
<LnL> error: FileVault detected, refusing to create unencrypted volume See https://nixos.org/nix/manual/#sect-apfs-volume-installation
<abathur> the script worked fine for me bootstrapping on catalina, though I did set up my bootstrap to only run it when the sw_vers was 10.15+
<LnL> that's the current error which should probably give a bit more context
<abathur> with the asterisk that I'm not quite sure why my FV is off, and could swear I enabled it; but I'm also the kind of person who just occasionally forgets to close the front door
<abathur> or take my keys out of it
<abathur> so, anything's possible :)
<abathur> I did run the create volume script on my older MBA on mojave with FV enabled and the script did detect FV and refuse to create the volume
philr_ has joined #nix-darwin
mbrgm_ has joined #nix-darwin
mbrgm has quit [Ping timeout: 260 seconds]
mbrgm_ is now known as mbrgm