<vika_nezrimaya>
wait what does the require attribute do?
<globin>
require and imports are aliases
<vika_nezrimaya>
aliases to what?
<globin>
to each other
<vika_nezrimaya>
wtf
<vika_nezrimaya>
error: infinite recursion encountered at vika's brain
<globin>
not sure about flakes and nixops though, sry
<globin>
and have to go to bed, way too late already o/
teto has joined #nixops
ixxie has quit [Ping timeout: 240 seconds]
<vika_nezrimaya>
wait a seq
<vika_nezrimaya>
so
ixxie has joined #nixops
<vika_nezrimaya>
I can do { require = [ ./physical.nix ]; network = {...}; primrose = { config, pkgs, ...}: { deployment.targetHost = "primrose"; }; } and in physical.nix I get to write another network definition?
<vika_nezrimaya>
wow
<vika_nezrimaya>
except I can't do that from a flake
<clever>
vika_nezrimaya: ive been using that style for a while
<clever>
require doesnt work exactly the same as imports though
<clever>
imports will put all of the modules thru a fixpoint, so they can refer to eachother
<clever>
require doesnt really do that at the deployment level, so you cant cross-reference
<clever>
but the individual machine modules within, can still fixpoint via nixos modules
<vika_nezrimaya>
oh well
<vika_nezrimaya>
that doesn't make it any easier to use from a flake which gets called directly without resolving the require attribute
<vika_nezrimaya>
see `(builtins.getFlake "github:NixOS/nixops/flake-support") + "/nix/eval-machine-info.nix:39"`
<vika_nezrimaya>
if I understand that part correctly of course
<vika_nezrimaya>
that code could of course be modified...
<vika_nezrimaya>
but it'll require filing a PR and I'm not sure that's what we need
<vika_nezrimaya>
what we need is a way to package multiple Nix expressions in a flake though
<vika_nezrimaya>
Also while traversing the sources I found an undocumented builtin in the manual
<vika_nezrimaya>
Nix contains many secrets
<vika_nezrimaya>
I might just file a PR for adding more configurations beyond default
<vika_nezrimaya>
but for now
<vika_nezrimaya>
sleep
vika_nezrimaya has quit [Quit: ERC (IRC client for Emacs 26.3)]
ixxie has quit [Ping timeout: 246 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
teto has quit [Ping timeout: 260 seconds]
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixops
ixxie has quit [Remote host closed the connection]
ixxie has joined #nixops
aszlig has quit [Quit: Kerneling down for reboot NOW.]
<{^_^}>
nixops#1264 (by grahamc, 5 weeks ago, open): Example NixOps State Backends
<adisbladis>
And that the correct solution is to make the evaluation as cheap as possible so all subcommands can consistently do things without a full NixOS eval
<gchristensen>
adisbladis: how cheap is cheap? I was just doing some looking at this, and it looks like nixops is already evaluating just the deployment data for a network pretty quickly:
<vika_nezrimaya>
gchristensen: the libvirtd backend works perfectly with nixops-flake, just a little bit of release.nix patching was needed to make it build
<gchristensen>
nice!
<vika_nezrimaya>
but
<vika_nezrimaya>
I have a libvirtd-related question
<vika_nezrimaya>
how to stuff a deployment in qemu:///session and create a default network with a bridge in the session? It requires root rights AFAIK
<vika_nezrimaya>
there's qemu-bridge-helper installed on the system though, but I'm not sure how to configure it
<vika_nezrimaya>
currently I have no networks in session and the qemu:///system has a default network with a virbr0 device
<ixxie>
aanderse, gchristensen, adisbladis - for future reference, I had similar situations with Jitsi (also its a privacy nightmare) and recently discovered Discord is a decent option for meetings because it has good screen sharing. Sometimes during peak hours the audio can be choppy, in which case you can use Riot for audio and Discord for screen share to get stable results.
<gchristensen>
how is it a privacy nightmare?
<cole-h>
Kinda funny how you tout Jitsi as a privacy nightmare (maybe you meant Zoom?), but are spreading the Good Word of Discord lol
<ixxie>
Well maybe I was using it wrong but as far as I can tell it has zero authentication: all links seem to be fully public
<gchristensen>
yeah they are
<ixxie>
cole-h: I don't know about Discord in depth, but at least the links aren't public
<cole-h>
You can set a password, if you like.
<gchristensen>
also, I'm not sure how Discord, a company whose ceo got in trouble for "computer fraud, invasion of privacy, breach of contract, bad faith and seven other statutory violations" is more trustworthy
<ixxie>
well I guess its not as bad as I thought
<ixxie>
it seems we have no good options these days
<ixxie>
anyway, the main issue for me was more the choppyness of the Jitsi experience... it was just unfortunately unusuable
<gchristensen>
yeah, that is why I mostly use zoom
<ixxie>
In a perfect world Riot would support screen sharing :D
<gchristensen>
they do with jitsi :)
<ixxie>
yeah 'kinda'
<ixxie>
anyway, back to topic
<ixxie>
NixOps has ResourceDefinition and ResourceOptions (shown in the tutorial adisbladis linked) but it seems there is also ResourceState
<ixxie>
is there maybe also some reference documentation for this complementing the useful tutorial style intro in authoring.rst?
<gchristensen>
tragicalyl not yet
<gchristensen>
ixxie: if I asked you to hold off on doing it, would that be reasonable, and if so, for how long?
<ixxie>
gchristensen: I can easily wait a week with this
<gchristensen>
okay
<ixxie>
maybe even longer
<gchristensen>
adisbladis and I are trying to merge a few in-flight PRs to stabilize some changes to how plugins work
<ixxie>
Oh
<ixxie>
well then I definitely wait for that :D
<ixxie>
this would be my first plugin
<ixxie>
so I don't wanna have to change it in two weeks again :D
<ixxie>
on a different note maybe I could somehow contribute this scripty script I have been working on which converts a remote machine to NixOS based of Clevers Kexec magic
<ixxie>
Its currently written in bash but probably better to port it to Python anyway
<ixxie>
In Hetzner Cloud for example, while NixOS ISOs exist, its pretty much impossible to fully automate their installation
<danderson>
Is there a good place to keep track of what's happening in nixops development? I'm still planning to NixOS-ify our production systems here, and nixops is one option for doing that... But I don't know how the 2.0 stuff is coming.
<ixxie>
So I was thinking it would be neat to have something that lets you not only convert machines but rather declaratively define snapshots for VMs, so it would build a VM, convert to NixOS, and same the image
<danderson>
That's useful, thanks
<gchristensen>
I need to solidify my *own* thinking there, probably this week, about what 2.0 means and when we've reached it
<ixxie>
Clever told me there is some work to reduce state requirements, and to support PostgreSQL? Is that involved?
<gchristensen>
I don't know anything about postgresql
<{^_^}>
nixops#1264 (by grahamc, 5 weeks ago, open): Example NixOps State Backends
<ixxie>
wait so I will be able to write a definition for where to store _NixOps_ state in a plugin?
<gchristensen>
I'm not sure I'm parsing your question right, but yeah you will be able to write a plugin to teach nixops new ways to store nixops state
<ixxie>
yeah neat
<gchristensen>
with the caveat that all state backends store a .sqlite file
<gchristensen>
so postgresql isn't really a great plan
<ixxie>
makes sense... so you can store your nixops state in the same cloud provider
<gchristensen>
yea
<ixxie>
well I don't care about Postgre so much
<ixxie>
but I am guessing that ResourceState is not the same thing as NixOps state right
<gchristensen>
ResourceState is stored in the state file
<gchristensen>
(I'm debugging on a call with adisbladis, so sort of half paying attention)
<adisbladis>
danderson: The changes from a user perspective should be very small
<adisbladis>
gchristensen: Let's give jitsi another shot when we go again
<gchristensen>
cool
<gchristensen>
go eat so we're somewhat synced :P
<cole-h>
You guys bouncing back and forth between Jitsi and Zoom for your meetings?
<gchristensen>
we moved to a slack call
<cole-h>
Oh, interesting. Never used them, so I didn't know they had that
<danderson>
adisbladis: I think I'm blocked on being able to share/lock the state store, and... something else I can't remember
<danderson>
still not 100% convinced that nixops's workflow will work for us, but once shared state is released I can at least give it a test drive
<adisbladis>
danderson: Feel free to join in and ask some questions
<adisbladis>
In ~1h
<danderson>
Will do. I already talked to gchristensen a while back about my plans to get NixOS into production _somehow_
<danderson>
but it's not on the list right now. Early startup == gotta prioritize stuff other than tinkering with prod infra right now :(
<cole-h>
Tinkering with infra is fun (he says after never having really tinkered with infra, much less prod)
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixops
<danderson>
it's a lot of fun, and it's what I've done for most of my career.
<danderson>
But tinkering with prod doesn't sign up new customers :)
<danderson>
At some point it'll be necessary from a hygiene POV, so we can make claims about the security and auditability of prod with a straight face
<danderson>
and NixOS will help hugely with that.
<gchristensen>
=)
<cole-h>
(=
<adisbladis>
Cursed idea: A new programming language called psil, it's lisp but the parens are inversed. Happy typing.
<gchristensen>
NO.
<clever>
adisbladis: what about having to terminate every ( with a }? :D
<cole-h>
adisbladis: wtf lol
<gchristensen>
clever: maybe all )'s should be zero width spaces
<danderson>
or a unicode glyph that looks like ) but isn't )
<danderson>
and add a compiler intrinsic for ascii ) that deletes the source code
<danderson>
adisbladis: the worst thing about your cursed idea is it's easy to implement with a reader macro
<clever>
danderson: i saw somebody explaining an idea, where every time you hit save, the testcases are ran
<clever>
danderson: and if the testcases fail, it automatically does `git reset --hard` to undo EVERYTHING
<clever>
write good code, or do it over
<danderson>
so you can immediately launch emehcs, psil nommoc, tekcar...
<gchristensen>
adisbladis: btw ready when you are
<danderson>
(is this a public meeting I can join to listen in on, or a private thing?)
<gchristensen>
we're trying to do everything public, the only times they're private is either we forgot or jitsi wasn't working :)
<danderson>
fair enough :) Is it the jitsi link in topic?
<danderson>
I have nothing to contribute, I'm just curious.
<gchristensen>
yep!
<danderson>
wow the camera on this laptop is cold garbage lol
<gchristensen>
lol
<danderson>
I guess it's fine, just used to my logitech pro and ipad
<danderson>
(neither of which I can use now, yay)
<cole-h>
It's like a masquerade ball in here
ixxie has quit [Quit: Lost terminal]
<danderson>
... and it's just me again.
<cole-h>
:)
ixxie has joined #nixops
<ixxie>
hmm can't seem to hear anything
<danderson>
I'm the only other one in the call, and I'm muted
<danderson>
so that's probably why :)
<ixxie>
lol
<ixxie>
lets just share a moment of silence then
<ixxie>
:D
<danderson>
I'm learning all about jitsi's "bwoop" joining/leaving noises
<danderson>
and not much about nixops :D
<ixxie>
bwoop
<gchristensen>
we aren't meeting for a bit more
<adisbladis>
Ready in two minutes
<adisbladis>
gchristensen: ^
<adisbladis>
danderson: ^
<cole-h>
:( No ping for me
<adisbladis>
cole-h: <3
<adisbladis>
Hm, is the sound working?
<danderson>
I can hear you
<danderson>
if you can't hear me my microphone settings are probably busted
<adisbladis>
Ok, I can't hear anyone
<danderson>
I'm the only unmuted person right now :)
<adisbladis>
Right
<adisbladis>
I'm muting myself and turning off the camera while we wait for gchristensen
<cole-h>
danderson: Oh, I can hear you now
<gchristensen>
omw adisbladis
<cole-h>
A little soft, but
<cole-h>
SGTM
<danderson>
my bad, I have my modmic dongle plugged in, so it was using that input... But my modmic is off.
<cole-h>
adisbladis: I didn't do anything for the "nixops ssh,mount: document the interaction with targetUser" commit, so no need for adding me as co-author :^)
<adisbladis>
Whatever :P
<adisbladis>
You're helping out with the docs session =)
<cole-h>
Hehe
<adisbladis>
(I'm too lazy to update)
<cole-h>
If there's anything I can do well, it's nitpick literally anything
<gchristensen>
cole-h: (a) how did you have that so ready? (b) make sure to `exec` whatever it is you're running so if sway crashes you're not left logged in
<cole-h>
gchristensen: I had it in my old `swayrun` shell script lol
<cole-h>
The only downside is that it's literally impossible for me to launch it from the TTY anymore (I do `exec systemctl start --user sway` in my fish profile)
<adisbladis>
The entire KDE session is managed by home-manager, but running on top of a debian based distro
<cole-h>
Yep, most of my stuff is home-manager managed and it's fantabulous
<cole-h>
Ouch, what a nasty bug
<adisbladis>
cole-h: The linux containers situation is "great"
<cole-h>
adisbladis: You missed 1 suggestion on non-root btw
<adisbladis>
cole-h: Liar! ;)
<cole-h>
A few more things, sorry
<cole-h>
Suggestions inc again
<cole-h>
THEN it should be good
<cole-h>
Without these newlines, the code blocks get swallowed
<cole-h>
adisbladis: I wanted to wait for qyliss's feedback on the function splitting, but if you say current function split is good, I'll squash and unmark WIP
<vika_nezrimaya>
I must confess, most of the time when some open-source software is in beta or testing, it's actually fairly stable, maybe a bit rough around the edges but certainly working
<vika_nezrimaya>
NixOps+Flakes are no exception
<cole-h>
OKOKOK, the document looks good now. Thanks for hanging in there adisbladis :^)
<adisbladis>
\o/
<vika_nezrimaya>
Thanks to the roughness though, I learned a lot about how NixOps works :3
<adisbladis>
cole-h: I think it looks pretty nice
<adisbladis>
A release note is in order
<cole-h>
Oh shit
<cole-h>
Please don't do this to me
<cole-h>
Don't make me write... *shudders* /docbook/
<gchristensen>
lol
clever has quit [Ping timeout: 265 seconds]
clever has joined #nixops
<gchristensen>
uh oh cole-h
<gchristensen>
I started sway that way, but still no go
<cole-h>
Strange, you're the first keyboard masher to not have started with a, s, d, f, or g...
<gchristensen>
dvorak
<cole-h>
Understood
<gchristensen>
Remove this line and just exec sway, the FAQ tells you this is needed in situations where you do not have logind available, which is not the case given that you are still running systemd.
<gchristensen>
"Sway makes use of systemd's logind to handle sessions and allows sway to run without elevated privileges. This is the recommended way to use Sway."
<cole-h>
(:
<gchristensen>
I'm super confused
<cole-h>
Sorry, I don't know either :D
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 240 seconds]
ixxie has joined #nixops
<abathur>
vika_nezrimaya: looks like you found some help here, if not exactly what you wanted? :)
<vika_nezrimaya>
well, maybe?
<vika_nezrimaya>
at least now I know more stuff which is good
<abathur>
input, at least
<abathur>
yes
<abathur>
glad you found some input; I was a little worried I would send you over to crickets :)
<vika_nezrimaya>
also running a libvirtd machine fully deployed from a flake, with secrets being passed with an experimental keyCmd option that isn't in upstream yet because I need to tidy the code in the PR