hedgie has quit [Ping timeout: 260 seconds]
<abathur> so something like .../bin/nix build $.checks.x86_64-darwin.binaryTarball will "run", but it doesn't output anything at all--not even a store path?
hedgie has joined #nix-darwin
hedgie_ has quit [Ping timeout: 260 seconds]
hedgie_ has joined #nix-darwin
hedgie has quit [Ping timeout: 260 seconds]
hedgie has joined #nix-darwin
hedgie_ has quit [Ping timeout: 260 seconds]
<Mic92> abathur: it tried to bring this upstream, but it was rejected. you can use `--out-link` to get a symlink at least
__monty__ has joined #nix-darwin
eraserhd has quit [Quit: WeeChat 2.9]
W1lkins has quit [Quit: Bye]
cptrbn has quit [Ping timeout: 260 seconds]
evalexpr has joined #nix-darwin
evalexpr has quit [Remote host closed the connection]
evalexpr has joined #nix-darwin
eraserhd has joined #nix-darwin
philr has quit [Ping timeout: 260 seconds]
<abathur> Mic92: Hmm. Tried that, but with and without the flag it doesn't output anything, and the result in dir just points to the normal Nix build
<Mic92> abathur: what other symlink do you expect?
<Mic92> it won't print the store path on stdout
<abathur> .../bin/nix build $.checks.x86_64-darwin.binaryTarball
<abathur> I'm just trying to find any way to a release tarball in flakeland
<abathur> to test installer changes
<abathur> but I haven't used flakes yet so I'm probably just holding it wrong :]
<abathur> oops, # was in the real command, sorry
<abathur> not $, not sure how I did that here
<Mic92> abathur: it should be nix build --out-link /tmp/foo "#.checks.x86_64-darwin.binaryTarball" && link=$(readlink -f /tmp/foo)
<abathur> hmm, that gives a bad URL error :)
<Mic92> abathur: sorry it should be ".#checks.x86_64-darwin.binaryTarball"
<abathur> aha!
<abathur> <3 Mic92 that appears to work :)
<{^_^}> Mic92's karma got increased to 35
<emily> crossposting this from #nixos:
<emily> > does anyone on macOS Catalina have a working encrypted /nix setup or could give me pointers to getting one? going by https://discourse.nixos.org/t/nix-on-macos-catalina-risks-with-unencrypted-nix-store-possibilities-for-encrypted-nix-store/8134, https://discourse.nixos.org/t/nix-var-nix-opt-nix-usr-local-nix/7101/66 and https://logs.nix.samueldr.com/nix-darwin/2020-05-26#1590512003-1590514818 it seems like the viable approaches are to either hardcode the
<emily> password in the plain on the root volume or use the system keychain, but it's not entirely clear to me how to put all the pieces together
<{^_^}> error: syntax error, unexpected ID, expecting ')', at (string):323:115
<emily> like, that Ruby snippet doesn't seem to set up a login hook or anything to mount the volume? does just injecting the password into the system keychain and putting it in fstab manually work, or is that part just left to the reader to figure out?
<emily> uh, oops, forgot about {^_^} :) it's been a while...
nikivi has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
nikivi has joined #nix-darwin
<antifuchs> emily: hi - I just set that up the day before yesterday (copy&pasting liberally from that snippet)
<antifuchs> ...it worked for me, that is, the volume gets decrypted and mounted at the time that my login session starts using data off the volume, but also: when I first rebooted, app resume caused stuff to start _before_ that volume was available
<antifuchs> but, effectively, yep: putting the decryption passphrase on the system keychain is the necessary step, along with the fstab entry.
xcmw has joined #nix-darwin
<emily> hm :s
<emily> I thought the whole point of the system keychain was to make restore work properly
<emily> I'm planning on using a Nix login shell etc. so I'm a bit worried about the early mount availability
<antifuchs> this was only on the first reboot (and it was post-OS-upgrade) though, I'm not sure if this was a fluke or not
<antifuchs> "more data needed" I think! if you know a way to log or test for when it's available, I'd love to test it (:
<emily> yeah, maybe the keychain stuff needs initializing first time or something
<emily> I'll give it a try and make sure to cd into /nix before rebooting I suppose
<emily> do you know if there has been any movement on integrating this setup into the installer? all the discussions seem months old
<antifuchs> good plan - I had some files in ~/Library/Application Support/iTerm2 linked to the /nix store and iTerm was very confused when it got app-restored
<antifuchs> so that's where my suspicion came from
<antifuchs> I don't know... didn't find any concrete action around this, though
<antifuchs> so my suspicion is "no" /:
<emily> Nix on Darwin seems a little unloved :(
<emily> hopefully I can find the time to work on that a little
<emily> did you use a multi-user install, btw? it seems the `chown_mountpoint` from that gist is expecting to chown it as the currently running user which presumably doesn't apply for that
<antifuchs> I tried doing a single-user install, but then accidentally said "n" to "edit the default config" and it activated multi-user mode
<antifuchs> sooo no, not currently S:
<emily> I also wanted nix-darwin to manage the Nix install so I guess I will have lots of exciting ways for things to go wrong :)
<antifuchs> hahaha, indeed
<antifuchs> (definitely edit the default config)
<emily> hm, does it even work in Catalina? it talks about managing a system in /run/current-system but /run doesn't exist out of the box either
<antifuchs> I have `run private/var/run` in /etc/synthetic.conf so I think that's how (:
<emily> I guess a symlink for /run is probably less problematic than for /nix
<emily> (that sets up a symlink right? sorry, it's been an awful long time since I used macOS...)
<antifuchs> it sets up a firmlink, I think is what they're called?
<antifuchs> there's a `nix` entry in synthetic.conf too, for the store. you need that on the SIP'd macOSes for entries in the / dir
<emily> synthetic.conf(5) says it just sets up symlinks, which I think is why you can't just do `nix /private/var/nix` and have everything work
<emily> but yeah, it seems the nix-darwin installer actually handles thsi
<LnL> yeah simlink for run is fine
<LnL> in principle it also is for /nix, there's just no way to hide the real location from builds
<LnL> are you trying to fresh install multi user or upgrade an existing installation?
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
nikivi has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
nikivi has joined #nix-darwin
nikivi has quit [Client Quit]
nikivi has joined #nix-darwin
__monty__ has quit [Quit: leaving]
<emily> former
hedgie has quit [Read error: Connection reset by peer]
hedgie has joined #nix-darwin
<emily> one difference between the upstream installer and the Ruby snippet is that the former uses APFS while the latter uses APFSX (case-sensitive); I guess the latter results in fewer potential problems with derivations that assume case-sensitivity, but might break Darwin-only derivations that expect a case-insensitive store?
philr has joined #nix-darwin
<abathur> emily antifuchs it'll be good to know for sure if the system keychain approach does/doesn't circumvent the mount/restore race-condition; our *impression* has been that this works, but I don't know that anyone who has reliably produced the problem in the first place has tried it, to validate that it's not just the same behavior as the login keychain would be
<emily> it does seem likely that it is available earlier because e.g. my WiFi password is in the system keychain and I am pretty sure that connects before login
<emily> perhaps there is a pathological case where you log in fast enough that not everything that runs "before login" has yet happened?
<abathur> we're under the impression system is available early enough, but I'm inclined to be a skeptic on it until someone who has reported running into the problem can vouch for it as a solution
<antifuchs> Makes sense. Do you have any docs on what happens when on macOS boot? I imagine we can do stuff with weird launchdaemons
<abathur> nod
<abathur> I'm not terribly knowledgeable on the boot process, I just sort of happen to be in the loop as an interested party and then helping LnL get the installer update for Catalina semi-documented
<abathur> so I'm vocal on the topic because I happen to be one of the people who had to read everything at the time and am trying to make sure knowledge doesn't get lost, but I'm also not the origin of much of it :)
<abathur> speaking of installers
<abathur> when release.nix got collapsed down into flake.nix, all of the references to create-darwin-volume.sh got dropped
<abathur> so I finally got all of the hoop-jumping to get a release tarball for my installer updates, only to get an anticlimactic ".../create-darwin-volume.sh: No such file or directory" error
<abathur> if there isn't an official doc on the boot process, it's possible eclecticlight.co has a good write-up
hedgie_ has joined #nix-darwin
hedgie has quit [Ping timeout: 260 seconds]
<antifuchs> Oooh I didn’t know that site but there’s something useful in the comments: apparently synthetic.conf takes effect only at login time?
xcmw has joined #nix-darwin
<abathur> there's an asterisk, but yeah
<abathur> calling apfs.util with a flag can also make it ~take
<abathur> the flag is -B for catalina, but it's changed to -t for big sur O_o