#nix-darwin on 2021-03-19

00:49 supersandro2000 has quit [Disconnected by services]

00:49 supersandro2000 has joined #nix-darwin

01:33 andremedeiros has quit [Read error: Connection reset by peer]

01:35 andremedeiros has joined #nix-darwin

01:39 squidgy has quit [Quit: ZZZzzz…]

01:58 andremedeiros has quit [Read error: Connection reset by peer]

02:00 andremedeiros has joined #nix-darwin

02:45 <oliver85> abathur when you said 'CA bundle' you mean NIX_SSL_CERT_FILE env in the plist?

02:46 <abathur> yes, sorry

02:48 <oliver85> all good, enabled the secure token, rebooting. then I will launch. I will post the current state of the plist on the issue

02:49 <abathur> ah

02:50 <abathur> I was assuming the PATH edit we did previously as well, don't see that there

02:51 <abathur> with /nix/var/nix/profiles/default/bin instead of /Users/buildkite-agent/.nix-profile/bin

02:53 <abathur> I also see what looks like a partially-removed comment end near the end on the line after NIX_PROFILES

02:57 andremedeiros has quit [Read error: Connection reset by peer]

03:00 andremedeiros has joined #nix-darwin

03:01 squidgy has joined #nix-darwin

03:05 <oliver85> fix and copy paste onto the issue as edit

03:05 <oliver85> nice eye

03:17 <abathur> :)

03:27 <abathur> I live a few lives, and ~spot-the-typo is in the middle of the venn diagram

03:43 <oliver85> hahaha

03:43 <oliver85> sadly launch with that plist still end with a dyld error (bin/bash) when running nix --version

03:44 <abathur> :/

03:45 <abathur> have you tried out either security exemption yet?

03:47 <oliver85> since these are ec2 instances in a private net work, I don't have access to a GUI.

03:47 <oliver85> I been searching on how to give FDA without GUI session but seems like that is the only way

03:47 <abathur> oof

03:47 <abathur> yeah

03:48 <oliver85> I love apple and the *extra* layer(Ssss) of securities

03:48 <abathur> as far as I know at least one person did it with VNC, and I think he was using EC2

03:48 <abathur> oh

03:48 <oliver85> with linux? or mac?

03:49 andremedeiros has quit [Read error: Connection reset by peer]

03:50 <abathur> well

03:50 <abathur> I think either will work? there's a "Screen Sharing" app in macOS, but afaik it uses VNC

03:51 <abathur> it's this one, though I see he doesn't mention VNC so I may be remembering something he said in IRC https://github.com/NixOS/nix/pull/4289#issuecomment-772423793

03:51 <abathur> or perhaps inventing it :)

03:51 andremedeiros has joined #nix-darwin

03:51 <abathur> so we might be able to ping him for help summarizing

03:52 <abathur> ah, no, he did https://logs.nix.samueldr.com/nix-darwin/2021-02-03#4583691

03:52 <abathur> (but he didn't get me that ticket writeup :)

03:53 <abathur> there's one other thought I have

03:53 <abathur> I haven't used this yet, and I don't know if/how well it works with VMs

03:53 <abathur> but I've got trying it out on my to-do list..., let me go find the note

03:55 <abathur> https://twocanoes.com/products/mac/mac-deploy-stick/

03:58 <abathur> but I recall it having a way to automate a few things that I don't think you can normally automate without proper MDM

04:10 <abathur> ah, there it is, man

04:16 <oliver85> ! oh :eye emoj:

04:17 <abathur> oh, lol, sorry

04:17 <abathur> I was looking for an option I remembered in a control command

04:17 <abathur> for enabling remote access

04:17 <abathur> thinking it was gui, but it's just ssh

04:18 <abathur> and it requires FDA anyways :)

04:18 <abathur> I would hope AWS enabled remote access for the VMs, though

04:19 <oliver85> I actually have a good relationship with the AWS architect here, let me poke him tomorrow to see if there is a way we can access VM

04:20 <oliver85> just so we know if FDA is the culprit thats worth chase down

04:21 <abathur> ah, I guess this is the process to enable screensharing/remote management if it isn't https://support.apple.com/en-us/HT209161

04:22 <abathur> oh, meh

04:22 <abathur> there's an asterisk that it's view only

04:22 <abathur> hehe

04:23 <abathur> want me to ping klardotsh in the thread as well?

04:24 <oliver85> heh I got excited lol

04:24 <oliver85> yah I wonder how klardotsh access System prefrence on his mac1.metal instance

04:26 <abathur> ok, mentioned him there

04:34 <oliver85> thank you :]

06:00 squidgy has quit [Quit: ZZZzzz…]

06:57 andremedeiros has quit [Read error: Connection reset by peer]

07:00 andremedeiros has joined #nix-darwin

08:33 Chiliparrot has joined #nix-darwin

09:16 supersandro2000 has quit [Quit: The Lounge - https://thelounge.chat]

09:16 supersandro2000 has joined #nix-darwin

10:39 __monty__ has joined #nix-darwin

10:43 domenkozar[m] has joined #nix-darwin

11:04 bpye has quit [Ping timeout: 260 seconds]

11:07 bpye has joined #nix-darwin

12:07 bpye has quit [Ping timeout: 265 seconds]

12:09 bpye has joined #nix-darwin

12:50 aminechikhaoui has quit [Quit: Ping timeout (120 seconds)]

13:10 squidgy has joined #nix-darwin

13:24 aminechikhaoui has joined #nix-darwin

13:29 __monty_1 has joined #nix-darwin

13:32 Chiliparrot has quit [Ping timeout: 260 seconds]

13:33 eraserhd2 has joined #nix-darwin

13:33 __monty__ has quit [*.net *.split]

13:34 eraserhd has quit [Ping timeout: 264 seconds]

13:36 Chiliparrot has joined #nix-darwin

13:37 __monty_1 is now known as __monty__

14:05 philr_ has quit [Ping timeout: 240 seconds]

16:58 <heywoodlh> Hey guys, what's the proper way to install nix/nix-darwin on the M1 Macbooks? Installing nix on my M1 Macbook always installs the x86_64 bit binary. Do I have to build it from source?

16:59 <heywoodlh> Oh, looking at the manual it looks like x86_64 is the only supported architecture for MacOS.

16:59 <__monty__> I think so yes. Work is actively ongoing though, https://github.com/NixOS/nixpkgs/pull/105026

16:59 <{^_^}> #105026 (by thefloweringash, 16 weeks ago, open): Native support for Apple Silicon

17:00 <__monty__> Not sure whether native nix would take more effort than simply compiling it for arm64 though.

17:02 <heywoodlh> __monty__: to be honest, I really don't care if the nix binary itself is an arm64 executable or not. But is there a way for me to configure nix to install arm64 bit versions of packages when available?

17:03 <heywoodlh> This seems to be relevant, I'm just too much of a noob to understand how to implement it in my setup: https://github.com/NixOS/nix/pull/4310

17:03 <{^_^}> nix#4310 (by matthewbauer, 15 weeks ago, merged): Add x86_64-darwin and aarch64 to "extra-platforms" automatically when Rosetta2 is detected

17:03 <__monty__> heywoodlh: Not yet, afaik, that PR is all about supporting that.

17:03 <heywoodlh> I see

17:10 <__monty__> heywoodlh: Any urgent motivations or just because you'd rather run native software?

18:15 squidgy has quit [Ping timeout: 246 seconds]

18:16 <heywoodlh> __monty__: Just rather run native software. Nothing crazy.

18:17 <oliver85> abathur checkout https://gist.github.com/sebsto/6af5bf3acaf25c00dd938c3bbe722cc1

18:17 <oliver85> trying it out, i will also link on the ticket

18:19 <abathur> ah, should've thought to look for a gist

18:20 <heywoodlh> Does anyone have a module to turn on the option to "Use your Apple Watch to unlock apps and your Mac"?

19:11 oliver85 has quit [Ping timeout: 240 seconds]

19:27 oliver85 has joined #nix-darwin

19:28 <oliver85> @abathur still got dyld after enabling FDA, using the same plist on the issue.

19:28 <oliver85> oh wait, maybe I should addd BUILDKITE_SHELL = /bin/sh on the plist

19:28 <abathur> and that

19:28 <abathur> ah

19:29 <abathur> was going to ask if that was enabling it for the shell or for buildkite-agent, but yeah

19:33 <oliver85> hmm happened before, when I set BUILDKITE_SHELL = /bin/sh

19:33 <oliver85> <key>BUILDKITE_SHELL</key>

19:33 <oliver85> <string>/bin/sh</string>

19:33 <oliver85> the bootstrap shell seems to loose all the context

19:33 <oliver85> "/bin/sh: trap 'kill -- $$' INT TERM QUIT; echo $SHELL: No such file or directory"

19:33 <oliver85> "/bin/sh: trap 'kill -- $$' INT TERM QUIT; nix --version: No such file or directory"

19:37 <oliver85> wait

19:37 <oliver85> worked

19:37 <oliver85> :]

19:37 <oliver85> removed the BUILDKITE_SHELL setting, using bash, but have to grant buildkite-agent binary FDA as well

19:40 <oliver85> i don't think it even neccessary to grant FDA to sh if buildkite-agent have FDA. I am guessing when bk runs nix, nix inherit FDA access from the bootstrap shell

19:40 <oliver85> ya, tested it. removed FDA for sh and ran nix --version from launchd buildkite-agent with FDA, works just find

20:09 <abathur> oliver85: yeah, I was guessing it might be able to propagate from the agent

20:40 flokli is now known as FLOKLI

20:41 <oliver85> still tho, nix not wanting to mount on new machines, have to ssh in to enable security token.

20:42 <oliver85> thats the only piece of the puzzle we need to get this fully automated.

20:46 <oliver85> do you have script/link that has the logic of checking if /nix is mounted, if not then mount? I suspect thats probably written somewhere already.

21:33 philr_ has joined #nix-darwin

22:01 <abathur> oliver85: I know in at least one place I've used `/usr/sbin/diskutil info /nix &>/dev/null` to detect it, but I'm not sure that's ideal here

22:03 <abathur> I wonder if manually running the system/org.nixos.darwin-store launchdaemon will do it

22:04 <abathur> if not, the launchdaemon plist at /Library/LaunchDaemons/org.nixos.darwin-store.plist will show how it "should" get mounted

22:10 eraserhd3 has joined #nix-darwin

22:11 jhuizy9 has joined #nix-darwin

22:11 bpye9 has joined #nix-darwin

22:12 jhuizy has quit [Read error: Connection reset by peer]

22:12 abathur has quit [Read error: Connection reset by peer]

22:12 jhuizy9 is now known as jhuizy

22:12 hedgie has quit []

22:12 bpye has quit [Read error: Connection reset by peer]

22:12 bpye9 is now known as bpye

22:13 eraserhd2 has quit [Ping timeout: 264 seconds]

22:14 hedgie has joined #nix-darwin

22:19 philr_ has quit [Ping timeout: 264 seconds]

23:13 __monty__ has quit [Quit: leaving]

23:31 eraserhd has joined #nix-darwin

23:33 eraserhd3 has quit [Ping timeout: 256 seconds]

23:52 philr_ has joined #nix-darwin