<mog>
i have nix installed on my catalina box, but i am a bit confused on where i would configure an overlay? i want to use the emacs-overlay on my work machine
<qyliss>
mog: ~/.config/nixpkgs/overlays
<mog>
thanks got the import working now
ntropix has joined #nix-darwin
<ntropix>
Could someone please help me figure out why /run/current-system/sw/bin isn't in my $PATH?
<abathur>
ntropix: do you source /etc/static/bashrc?
<abathur>
it should source /nix/store/<hash>-set-environment which in turn adds /run/current-system/sw/bin to PATH
<abathur>
in my case the first line of /etc/bashrc is `if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi`
<ntropix>
What if I'm using ZSH?
<abathur>
probably forgot to sacrifice the goat
<ntropix>
lmao what
<abathur>
I haven't used zsh, and I just checked my /etc/zshrc and don't see any attempt to import from static
<{^_^}>
LnL7/nix-darwin#158 (by dmvianna, 37 weeks ago, open): multi user install does not work in zsh (works in bash)
<kyren>
I use synthetic.conf to symlink /var/run to /run, does anyone know of a way to hide the /run symlink from Finder, or is there possibly a nicer way to handle that?
<abathur>
you mean, when viewing root with finder, you don't want run to be visible?
<kyren>
yeah exactly
<kyren>
it's a super minor issue obviously
<abathur>
mitchellh mac your daily driver? see you in #nixos as well
<mitchellh>
abathur: yeah it is. I have a nixos VM I do a lot of work in too (but on Mac).
<abathur>
kyren not sure; chflags hidden maybe?
<kyren>
abathur: doesn't seem to work if I do it to the target of the symlink and doing it on the symlink itself isn't allowed because it's in /
<kyren>
like I said it's a super minor issue I just wondered if there was an obvious answer, is that what people are currently doing on catalina, symlinking via synthetic.conf?
<abathur>
mitchellh nice; I started using nixos a smidge over 2y ago when I rebuilt a windows system that with a motherboard that smoked out and I figured the new Windows license fee was a good push to take a dive on Nix since it'd been on my to-do list for a bit, but
<abathur>
but, really, using it on my macbook has been more compelling?
<abathur>
kyren hmm, yeah; not sure if there's another option there if chflags doesn't work
<abathur>
kyren it might be possible that there's like a defaults/pref flag for *finder* that changes to what extent it respects things like hidden?
<ntropix>
i see, removing /etc/zshrc and adding programs.zsh.enable = true; "fixed" it for me
<ntropix>
but I don't want to use the zshrc generated by nix-darwin since I use home-manager for that
<ntropix>
weird
<kyren>
abathur: chflags hidden works on /nix but not /run somehow, I'm not even 100% sure why but on /run I get a perf error, anyway it's not a big deal I can live with it :)
<abathur>
kyren: as in you added `chflags hidden` for /nix and the behavior changed? I noticed that the `nobrowse` hid it from my desktop and spotlight
<abathur>
but I haven't specifically fiddled with chflags hidden on it to see if it did anything extra
<kyren>
nobrowse for me hides the drive from the finder sidebar, chflags hidden hides it when browsing 'Macintosh HD' aka / from Finder, and those two things are separate but they both work
<abathur>
bog, I just have nobrowse and it's still in my sidebar
<abathur>
(under locations)
<kyren>
*from the sidebar and also when browsing the uhhh, "Computer" section
<kyren>
oh huh I have nobrowse and it's not in my sidebar?
<abathur>
did you ever right-click and remove it?
<abathur>
I did that on a previous install and it worked
<kyren>
weird, anyway chflags hidden works without error and has an effect on /nix and errors on /run (if I use the -h flag), and has n effect on /run if I don't use the -h flag (presumably it would affect /var/run if I browsed /var thought)
<kyren>
no I didn't manually remove it I just added nobrowse and it doesn't appear there, nor does it appear in "Computer"
<abathur>
ah, guess the behavior's still a mystery to me, then :D
<kyren>
:shrug emoji:
<abathur>
I intentionally left my Nix Store in the sidebar this time because LnL thought nobrowse should be hiding it but I was indeed seeing it, in case we find energy to fiddle
<abathur>
ntropix I know this is a crappy answer, but it might help to poke around a bit in the dotfiles of a few people using Nix/darwin/zsh on github
<kyren>
it should work anyway but one thing I always do shortly after setting up nix-darwin is to do a 'sudo chsh -s /var/current-system/sw/bin/zsh myname', maybe that helps?
<kyren>
then I regret it if I ever have to restore from backup or mess up nix because my shell doesn't work until I change it back
<abathur>
heh heh
<abathur>
I've spent *entirely* too much time over the last ~18 months picking at my bootstrap and ~persistence~ scripts
<abathur>
but it got me decent backups of my user data, and a script that can stand up a fresh install of macOS with minimal interruption and a tolerable amount of manual input
<abathur>
and be up and ready to work again in about an hour?
<kyren>
as someone who has had to send their macbook in for repairs one too many times recently, I regret NOT having such a thing :/
<abathur>
I feel dumb when I think about the *time*, but I feel better when I think about the fact that my macbook could take a surprise bath or stray bullet without also setting me back more than the time to find new hardware and maybe 12-24h of work?
<kyren>
random other question, what do people do to deal with catalina protected directories, just not put source code in ~/Documents at all?
<abathur>
yeah, that's honestly been a bit of a spur
<abathur>
oh hmm, is that particularly protected?
<ntropix>
yeah ill have to dig around into the zsh stuff. i think there's probably an opportunity in the installer to determine which shell the user is using and prompt them to overwrite the corresponding file in /etc/. The installer prompts honestly made no sense to me
<ntropix>
and they aren
<ntropix>
and they aren't really documented**
<kyren>
I've had to give /bin/sh full disk access to get lorri working reliably and that seems........ wrong, also emacs likes to yell at me while trying to open folders in Documents, and yeah Documents, Desktop, Photos are all special now?
<kyren>
(I start lorri as a launchd daemon so I seriously don't know any other way, that's been the only way that's worked at all)
<abathur>
ntropix may be worth catching LnL since it looks like he uses it. He probably won't be around for a few hours; guessing he's in europe
<ntropix>
kyren FWIW I don't use ~/Documents at all lol. code goes in ~/src/github.com/{USER}/{REPO}
<ntropix>
when I started playing around with Go it seems like that's the pattern they use and I liked it
<abathur>
kyren ah, yeah; I guess that's part of the new protections; they're trying to stop apps/scripts/malware from exfiltrating places where ~confidential data~ is likely to lurk
<ntropix>
~confidential data~ lol
<abathur>
I do a weird thing with my ~/Documents, so I hadn't really noticed
<ntropix>
abathur yeah I'll catch up with him when he's on
<kyren>
yeah that seems like it would be easier, sigh I guess I'll just change my behavior and put the most confidential thing on my laptop outside of the directory meant to protect confidential data
<abathur>
my bootstrap deletes ~/Desktop and ~/Documents, replaces them both with symlinks to ~/Downloads, and then `chflags -h uimmutable ~/Desktop ~/Documents`
<abathur>
so, my desktop is my downloads is my documents
<ntropix>
interesting. why's that
<abathur>
they're all places untriaged state tends to build up
<abathur>
receipts, files, screenshots
<ntropix>
that's pretty good actually
<qyliss>
I used to symlink ~/Downloads to /tmp on macOS
<abathur>
so, collapsing them all onto the desktop makes it harder to ignore them for months on end
<qyliss>
made sure I really didn't leave anything I cared about in there
<abathur>
nod qyliss I'm tempted to take that next step, but this was the first :]
<ntropix>
abathur what's left manual input-wise in your bootstrap/
<ntropix>
Just getting started with nix here. Seems like a lot of the brew cask stuff will never be possible
<abathur>
more than I'd love? I log in, I open safari and use bitwarden on another device to pull up credentials that'll get me to my dotfiles repo
<abathur>
the README includes the most-true bootstrap script, written like a function wrapped in parens so it's easy to copy-paste in
<abathur>
that installs the xcode command line tools for git
<abathur>
prompts me to do some manual preference stuff that I could potentially script but which I can do manually while the xcode shit is installing anyways
<abathur>
runs the create-darwin-volume script, at the moment, install nix, then it automatically loads a specific page I need to visit to generate a new temporary set of credentials to actually clone my dotfiles
<ntropix>
any gui apps you use that you need to download and install?
<abathur>
yes
<abathur>
and once nix finishes, it runs `caffeinate -dsiu nix-shell -p yadm -p gnupg -p wget --command "yadm clone <repo_url> --bootstrap"`
<abathur>
I think wget and maybe gnupg could be removed, now; my most recent bootstrap I added a nix-shell shebang to my bootstrap that installs most of the remaining software that's essential for the actual bootstrap
<abathur>
it prompts me for my bitwarden password once the bitwarden CLI is installed in order to restore my backups in
<abathur>
it opens some of the GUI apps (I cheat, and install them with brew--I don't really see the point in trying to wrangle a bunch of stuff that wants to autoupdate with Nix anyways)
<ntropix>
that's what I was looking to hear haha. I guess i'll do the same
<abathur>
oops, opens them as they install for a little additional action (log in, etc.)
<ntropix>
the brew cask stuff
<abathur>
yeah, I use a brew bundle to do a bunch of casks
<ntropix>
interestingly, homebrew could probably be added to nixpkgs eh?
<ntropix>
I don't think it autoupdates
<abathur>
I dunno, some of the apps do, but I haven't dug too deeply; I know there are some dotfiles were people explicitly build the apps with nix
<abathur>
but, really, anything with an autoupdater I've found a bit annoying to have Nix-managed on NixOS, so I didn't bother with them on macOS
<abathur>
f.lux, dash, st3-dev, tunnelblick, bitwarden (GUI--cli is nix-managed), evernote, spotify, teams, chrome, acrobat reader, a few smaller utils
<abathur>
I don't love the brew bundle process though, sometimes stuff fails in there in a crappy way
<ntropix>
i mean the application homebrew itself
<abathur>
oh
<abathur>
uhrm
<abathur>
it wants to update any time you run it for the first time in a bit
<ntropix>
oh yea
<abathur>
but I'm not sure what it means by update
<ntropix>
i think it updates its "channels"
<abathur>
if it's just updating some database that may be finessable
<abathur>
yeah
<ntropix>
casks or whatever
<ntropix>
or taps
<ntropix>
idk
<abathur>
it may even be done at this point for all I know, homebrew on not-macOS has grown a bit since I set it up
<abathur>
I'd be happy to do it all with Nix some day
<ntropix>
nah, homebrew isn't on nixpkgs
<abathur>
but as soon as I could tell it wasn't an immediate possibility, I figured I'd just go with the flow on most .app installs
<ntropix>
so you could skip that step where you curl the homebrew installer and pipe it to sh
<abathur>
IIRC the only one of those I do with nix is mpv
<abathur>
yeah
<abathur>
it would be nice to stick that up in the shebang or something
<ntropix>
anyway, im gonna go clean up my config now that I've got nix-darwin working with home-manager. thanks for the help again, I'll probably be back pretty often since I took the week off and have nothing to do other than nixify my life lol
<ntropix>
cya
<abathur>
<3 ntropix
<{^_^}>
ntropix's karma got increased to 1
ntropix has quit [Remote host closed the connection]
<kyren>
I would love to be able to drop homebrew but I also use it just for brew cask
<abathur>
nod
<abathur>
I find it fairly tolerable when I'm just using it for apps really
<kyren>
it's alright, really, but I would actually prefer apps not to auto update, especially when it goes wrong (transmission?)
<abathur>
It'd be nice for drop it to consolidate everything, but since I'm not really relying on it for anything but user facing apps anymore, it's not like it's caused me any great consternation
<kyren>
yeah that is also a minor complaint but I have to keep a separate list of apps I had installed via homebrew, maybe I should get off my butt and try to get some of the apps that I use that are in nixpkgs working on macos
<mitchellh>
atm I made a drv that creates a shell script that runs all my brew setup (I have to run it manually).
<abathur>
kyren: my basic rubric is that I'll move them to Nix when they're being built *the Nix way*, but not do some of the nix-expression-just-to-install-a-dmg
<mitchellh>
My thesis is: I can still do a Nix setup of my mac environment and get it all setup, just on first boot or w/e I have to run some extra setup scripts that do the stuff Nix isn't good at (brew + mas)
<mitchellh>
so its still... mostly automated :P
<kyren>
mitchellh: heh, that's not a terrible idea actually
<mitchellh>
I currently manually do a `brew bundle` and commit that bundle file to my nix configs repo
<abathur>
mitchellh nod, I've been moving more of my stuff towards Nix, but it's been like user/shell side? I've been working on a not-yet-in-nixpkgs executable-resolver for shell code, for example
<abathur>
mitchellh I have a dotfile repo managed by yadm, so I do something like 1) log into my git host for dotfiles, 2) copy barebones bootstrap from README and paste in term, 3) twiddle my thumbs and do occasional point-click labor as it installs xcode utils, nix, etc, 4.) start real nix-run bootstrap, which clones my dotfiles, runs the dotfile bootscript (which has a nix-shell shebang to install the
<abathur>
remaining required programs), runs brew bundle, restores backups from restic, etc.
<abathur>
*dotfile bootstrap
<mitchellh>
Nice. Do you have the barebones bootstrap script available in the public? That part for me is still pretty manual.
<abathur>
no, though that is an eventual goal; I can gist a sanitized version if you'd like though
<kyren>
I really like that style of setup script where it either performs an action or if can't do that it prompts you to do an action like a checklist, and you can slowly turn checklist items into automated items
<abathur>
it's been a lot more work than I wish, but I've got a whole flipside to it
<abathur>
so first I built roughly that script, when I was moving to a late 2018 macbook air
<abathur>
and within a couple weeks of having the air up I was having
<abathur>
~keeyborad troublls~
<abathur>
so I also started working on like the inverse script? one for checking whether random crap was buttoned up and ready-to-go?
<abathur>
there's an odd mention at the end of that gist about whether yadm will/won't have gpg in scope until it's "resholved", that's just a note-too-self about the fact that yadm is a shell program, which Nix doesn't currently handle all that well; yadm's current Nix expression declares gnupg as a buildInput so I'm pretty sure it won't actually be available unless the environment also declares gpg; my
<abathur>
shell "resholver" is for fixing things like that...
<abathur>
forgot to cut that out :(
<mitchellh>
Cool this is really helpful abathur
<abathur>
open and osascript are good little tools for moving things along
<abathur>
I open up little dialogs for myself to remind me what I'm supposed to do in some phases
<abathur>
they get a little annoying when I'm doing multiple installs in a row to hack on it, but when it's been X months since I did one and have no idea what I'm supposed to do with an app that just opened, it's nice
<abathur>
for example, I open the appleID preference pane, and then a dialog that reminds me to go disable all of the services I don't care about
<abathur>
but I repeat that pattern in the true bootstrap too as stuff becomes available
<abathur>
once the dotfiles are cloned and my terminal theme is available, I pop up one to tell me to delete the defaults and import it, etc.
<abathur>
set up waits for the brew-installed apps
<abathur>
so it launches each one as it installs and reminds me to log in and set any key settings that I haven't been able to automate
<abathur>
the yadm bootstrap on the other side of that does some fun stuff, too, I guess; like I back up my Terminal.app windows with restic and figured out how to restore them into the new system :P
plumm has quit [Ping timeout: 256 seconds]
<abathur>
probably doesn't matter for most people; but I tend to leave a tab open for each long-running project so I've still got a context stack in case I don't get to touch it for 18 months or something
<LnL>
morning
__monty__ has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nix-darwin
hmpffff has quit [Client Quit]
hmpffff has joined #nix-darwin
hmpffff has quit [Client Quit]
hmpffff has joined #nix-darwin
hmpffff has quit [Client Quit]
daGrevis has joined #nix-darwin
hmpffff has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
<abathur>
yo
ntropix has joined #nix-darwin
<ntropix>
Anyone see this before? `error: opening lock file '/nix/store/cf25gdkvdvp6r9lpbd2lcnmfga9sk9sv-home-manager-files.drv.lock': Permission denied`This is happening when I run `darwin-rebuild switch`
<ntropix>
Also, when I do `nix-env -iA nixpkgs.ripgrep` I get a similar issue: `error: opening lock file '/nix/store/9kyi7qf0s1wyswigkc85lxl906hf3n0a-env-manifest.nix.lock': Permission denied`. So it looks like my user is not able to install stuff to nix because of permissions? If I run `sudo nix-env -iA nixpkgs.ripgrep` it is installed correctly.
<LnL>
sounds like you're on a non daemon install (check with nix doctor)
<LnL>
did you run a nix command as root or enable the nix-daemon?
hmpffff has joined #nix-darwin
<ntropix>
in my darwin config I have `nix.useDaemon = false;` and `services.nix-daemon.enable = false;`
<ntropix>
output of nix doctor
<ntropix>
Store uri: localWarning: multiple versions of nix found in PATH. /nix/store/jq6npmpld02sz4rgniz0qrsdfnm6j17a-nix-2.3/bin /nix/store/vnzp925rgq8cv9q9rpndjz1l5flm8jgw-nix-2.3.4/bin
<LnL>
yeah, so if a nix command runs as root it will change ownership of /nix/store
<ntropix>
i didn't run anything as root, but I `chown`ed my dotfiles repo with my darwin and home-manager configs to the `admin` user on macos
<ntropix>
then i ran darwin-rebuild switch, which could have done that?
<ntropix>
`drwxrwxr-t 7024 root nixbld 224768 May 13 11:31 store` those are the permissions of the nix store
<ntropix>
they are supposed to be under my uer?
<LnL>
chown ¥USER /nix/store to restore it
<LnL>
if your store isn't huge, finding which store paths are also owned by root might give an indication of what caused it
<ntropix>
dammnit I already ran the command
<ntropix>
haha
<LnL>
that only fixes the store itself
<ntropix>
`z8kf4b6rm5lbnn51gvsgiz02w623ilrv-user-environment.drv` `p6qb07b8i5w5fphmvlwy6fqasvm5xv1f-env-manifest.nix` `1fg9bgfidgkrs3551mhkhlnfr71n2xih-user-environment` were all owned by root
<LnL>
those are created by nix-evn
<LnL>
so two things that should help figuring out here those came from
<LnL>
nix-store -qR <manifest> to list what's installed in that profile
<LnL>
nix-store -q --roots <manifest> to see what profile it's part of
<ntropix>
one of the roots of the manifest is that second user environment 1fg9bgfidgkrs3551mhkhlnfr71n2xih
<ntropix>
nothing interesting in the output of nix-store -qR
<LnL>
second user environment?
<ntropix>
`1fg9bgfidgkrs3551mhkhlnfr71n2xih-user-environment` this one
<ntropix>
nix-store -q --roots /nix/store/p6qb07b8i5w5fphmvlwy6fqasvm5xv1f-env-manifest.nixremoving stale link from '/nix/var/nix/gcroots/auto/c57hwww0n866fsg2y62kayxgf0lbcjwq' to '/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-3738-0/result'removing stale link from '/nix/var/nix/gcroots/auto/s89p9w7rvqffimfg2cykhm3s2h4l2w42' to
<ntropix>
'/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-5088-0/result'removing stale link from '/nix/var/nix/gcroots/auto/9zrnwhr8sr8bjah6anwhnssk99bqylqm' to '/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-1085-0/result'removing stale link from '/nix/var/nix/gcroots/auto/i63b88ck0qiw9nln7g3jyhdr85zxhi8y' to
<ntropix>
'/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-6961-0/result'removing stale link from '/nix/var/nix/gcroots/auto/zaz01fahly39a7mgcvp2wv8xklys6nd5' to '/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-3723-0/result'removing stale link from '/nix/var/nix/gcroots/auto/hqwlixfym4m1q7m50jvf7nvbaqhy6wfp' to
<ntropix>
'/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-3737-0/result'removing stale link from '/nix/var/nix/gcroots/auto/2xaqd8002qxzxw1jrx27sb07hy1k916y' to '/private/var/folders/2m/mmnk9qzd7qngr3wmwtvbg0z00000gn/T/nix-build-5087-0/result'removing stale link from '/nix/var/nix/gcroots/auto/4bd4rxi8amymkwil1hw0y34vnr5zprws' to
<LnL>
it doesn't list something like this? /nix/var/nix/profiles/per-user/lnl/profile-133-link -> /nix/store/81ss90l08831hbi1rbzlzxi3fkblwwby-user-environment
<ntropix>
oh yeah it does, profile 94 and 96 for me
<LnL>
activation runs as root, but should be dropping down to the currect user
<LnL>
correct*
<ntropix>
i definitely ran sudo nixpkgs -iA hello, but I was still having this issue before I ran taht
<ntropix>
i definitely ran sudo nixpkgs -iA hello, but I was still having this issue before I ran that
Xirrin has joined #nix-darwin
<ntropix>
anyway, thanks for your help LnL :) its looking better now
ntropix has quit [Remote host closed the connection]
<LnL>
hmm doesn't break anymore?
philr has quit [Ping timeout: 256 seconds]
eraserhd has quit [Quit: WeeChat 2.8]
eraserhd has joined #nix-darwin
<__monty__>
I've added openssl-1.0.2 to nixpkgs.config.permittedInsecurePackages but I still get the error saying to do that if I run without NIXPKGS_ALLOW_INSECURE=1.
<__monty__>
Does that setting not work with darwin-rebuild?
<LnL>
nixpkgs.config is opaque AFAIK
<__monty__>
So it can't work with darwin-rebuild?
<LnL>
but you need to thread that through multiple times if you import other things however
<LnL>
no I mean that the config option can contain anything, it's just passed to nixpkgs