samueldr changed the topic of #nixops to: NixOps related talk | logs:
teto has quit [Ping timeout: 260 seconds]
<vika_nezrimaya> wait what does the require attribute do?
<globin> require and imports are aliases
<vika_nezrimaya> aliases to what?
<globin> to each other
<vika_nezrimaya> wtf
<vika_nezrimaya> error: infinite recursion encountered at vika's brain
<globin> not sure about flakes and nixops though, sry
<globin> and have to go to bed, way too late already o/
teto has joined #nixops
ixxie has quit [Ping timeout: 240 seconds]
<vika_nezrimaya> wait a seq
<vika_nezrimaya> so
ixxie has joined #nixops
<vika_nezrimaya> I can do { require = [ ./physical.nix ]; network = {...}; primrose = { config, pkgs, ...}: { deployment.targetHost = "primrose"; }; } and in physical.nix I get to write another network definition?
<vika_nezrimaya> wow
<vika_nezrimaya> except I can't do that from a flake
<clever> vika_nezrimaya: ive been using that style for a while
<clever> require doesnt work exactly the same as imports though
<clever> imports will put all of the modules thru a fixpoint, so they can refer to eachother
<clever> require doesnt really do that at the deployment level, so you cant cross-reference
<clever> but the individual machine modules within, can still fixpoint via nixos modules
<vika_nezrimaya> oh well
<vika_nezrimaya> that doesn't make it any easier to use from a flake which gets called directly without resolving the require attribute
<vika_nezrimaya> see `(builtins.getFlake "github:NixOS/nixops/flake-support") + "/nix/eval-machine-info.nix:39"`
<vika_nezrimaya> if I understand that part correctly of course
<vika_nezrimaya> that code could of course be modified...
<vika_nezrimaya> but it'll require filing a PR and I'm not sure that's what we need
<vika_nezrimaya> what we need is a way to package multiple Nix expressions in a flake though
<vika_nezrimaya> Also while traversing the sources I found an undocumented builtin in the manual
<vika_nezrimaya> Nix contains many secrets
<vika_nezrimaya> I might just file a PR for adding more configurations beyond default
<vika_nezrimaya> but for now
<vika_nezrimaya> sleep
vika_nezrimaya has quit [Quit: ERC (IRC client for Emacs 26.3)]
ixxie has quit [Ping timeout: 246 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
teto has quit [Ping timeout: 260 seconds]
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixops
ixxie has quit [Remote host closed the connection]
ixxie has joined #nixops
aszlig has quit [Quit: Kerneling down for reboot NOW.]
aszlig has joined #nixops
cole-h has quit [Quit: Goodbye]
teto has joined #nixops
ixxie has quit [Ping timeout: 264 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 246 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 272 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 265 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
<adisbladis> clever: Ping? :)
<clever> adisbladis: pong
<adisbladis> clever: I'm considering something:
<clever> adisbladis: moving things to a machines key does seem like a good idea
<clever> adisbladis: what would go into the deployment key though?
<adisbladis> clever: targetPort/keys
<clever> adisbladis: what if i want the keys to depend on more modular-y config flags?
<adisbladis> clever: Me and gchristensen have been playing with the idea of adopting the module system for nixops
<clever> i think infinisil also worked on that before
<adisbladis> Cool, I haven't started hacking on that yet, so any previous effort could help
vika_nezrimaya has joined #nixops
<adisbladis> I think that statement is also true for
<{^_^}> nixops#1264 (by grahamc, 5 weeks ago, open): Example NixOps State Backends
<adisbladis> And that the correct solution is to make the evaluation as cheap as possible so all subcommands can consistently do things without a full NixOS eval
<gchristensen> adisbladis: how cheap is cheap? I was just doing some looking at this, and it looks like nixops is already evaluating just the deployment data for a network pretty quickly:
<gchristensen> 0.57user 0.11system 0:00.70elapsed 98%CPU (0avgtext+0avgdata 236984maxresident)k
<gchristensen> 25268inputs+96outputs (8major+72429minor)pagefaults 0swaps
<clever> gchristensen: is what just for a `nixops info`?
<clever> gchristensen: iohk has some pretty nutty deployments, that need 30gig of ram to eval...
<gchristensen> yeah that is `nixops ionf`
<gchristensen> info*
<gchristensen> `nixops info`'s eval has all the `deployment` attributes + the version + the networking.publicIPv4 value
<gchristensen> clever: on those bigguns, how long does nixops info take?
* clever looks
<clever> [mainnet@mainnet-deployer:~/mainnet]$ time nixops info --no-eval --plain | wc -l
<clever> 522
<clever> real 0m18.651s
<clever> ec2 instances, security groups, elastic-ip's, route53 entries
<clever> User time (seconds): 37.95
<clever> Maximum resident set size (kbytes): 8805384
<clever> ok, thats not the big one, lol
ixxie has quit [Ping timeout: 260 seconds]
<clever> 18sec for --no-eval, 37 sec with eval
<gchristensen> okay but passing --no-eval is cheating :P
<clever> second pass was with eval
<clever> ah, the old deployer is still up
ixxie has joined #nixops
<gchristensen> okay hold on a tic
<clever> 58 machines according to `nixops list`
<gchristensen> what is it doing for 18s if not evaluating?
<clever> something else was hogging cpu on that box
<clever> but it wasnt the biggest deployment
<clever> i found a bigger one, with 58 machines and no cpu contention
<clever> `command time -v nixops info` completed in 46 seconds and Maximum resident set size (kbytes): 1842888
<clever> hmmmm
<clever> `command time -v nixops deploy --dry-run` now running..
<gchristensen> I can't imagine a way for nixops to reasonably support a network of that many nodes lol
<clever> thats why i started spinning up side-clusters of 20 each
<clever> so we didnt add any more to that 58 node cluster
<clever> and thats why i was looking into builtins.fork at the last nixcon
<gchristensen> omg lol
<clever> --dry-run is still going
<clever> 13gig used
<clever> i see now, that `info` doesnt do a full eval, thats why it was "too fast"
<vika_nezrimaya> builtins.fork?
<vika_nezrimaya> I assume with builtins.fork Nix could fork a subprocess to asynchronously evaluate a Nix expression?
<clever> vika_nezrimaya: the idea, was to basically just `builtins.fork { ... }` and each thunk in that top-level set will be eval'd in a diff proc
<clever> vika_nezrimaya: it would still be sync, but the heap costs of that child can be throw out the window and reset
<gchristensen> adisbladis: O.o
<adisbladis> gchristensen: :)
<gchristensen> what are we seeing here? :)
<adisbladis> I think we should be able to get that to a few seconds?
<clever> gchristensen: oh, i want something like network.nixpkgs = builtins.fetchTarball ...;
<adisbladis> gchristensen: `nixops info` on a 500 node deployment
<clever> gchristensen: where it will eval just that attr, then do `-I nixpkgs=foo` for all further evals
<clever> Command being timed: "nixops deploy -d mainnet --dry-run"
<clever> User time (seconds): 522.71
<clever> Maximum resident set size (kbytes): 33959140
<{^_^}> nixops#1291 (by grahamc, 2 weeks ago, open): Specify NIX_PATH / nixpkgs from within a network's expression itself
<clever> ~33gig
<gchristensen> adisbladis: I don't think nixops can feasibly target 500 nodes
<clever> dee
<clever> oops
<adisbladis> gchristensen: Maybe not. This was totally bogus and just to get some data.
* clever tries the summoning ritual again
<adisbladis> gchristensen: Why not though?
<adisbladis> What's stopping us from getting to huge deployments?
<gchristensen> we can't evaluate that many machines
<vika_nezrimaya> how to add plugins to the nixops' flakeSupport branch? I need to libvirtd
<vika_nezrimaya> virtualize the deployment to test it out
<adisbladis> gchristensen: Can machines affect each other?
<gchristensen> adisbladis: yeah
<clever> adisbladis: evaluating a deployment with 58 machines, needs 33gig of ram
<clever> and nearly 10mins
<gchristensen> vika_nezrimaya: hmm interesting question, I don't know -- I've never looked at that branch's code
<adisbladis> clever: I know that's the case now.
<vika_nezrimaya> well it should be fairly similar to the default branch
<vika_nezrimaya> probably?
<adisbladis> I was thinking if we could split the eval into multiple "runs" or something like that
<vika_nezrimaya> assume I've got a checkout at /home/vika/Projects/nixops
<gchristensen> adisbladis: I have an idea
<clever> adisbladis: and the grafana machine, is going to inspect thins like the nginx config on every other machine, to know what ports to scrape
<adisbladis> If each machine can be evaluated hermetically
<gchristensen> adisbladis: let's do a call?
<adisbladis> +1
<adisbladis> Gimme a few minutes to make some coffee first
gchristensen changed the topic of #nixops to: NixOps related talk | logs:
<gchristensen> vika_nezrimaya: master has changed significantly since the flakes branch was made :/
<gchristensen> I will take a quick look and hopefully Ic an help
<gchristensen> oof I have no idea vika_nezrimaya
* vika_nezrimaya considering writing a NixOps replacement in an ungodly amalgamation of shell-scripts and Nix expressions
<gchristensen> I wonder why you're using the flakes branch?
<gchristensen> flakes are not stable in any degree
<vika_nezrimaya> only in theory
<gchristensen> what do you mean only in theory
<gchristensen> there have been significant changes to it in the last month
<vika_nezrimaya> where, I can't see them, my flake still runs fine
<gchristensen> and the tools don't support it
<vika_nezrimaya> I wrote my own tools
<clever> adisbladis: we basically do that manually, `nixops deploy --include a b c d` to make the evals smaller
<gchristensen> well, nixops doesn't support it :P
<clever> adisbladis: but, any shared parts, have to be eval'd each time, raising the cpu cost
<clever> adisbladis: thats where builtins.fork could help, in theory
<vika_nezrimaya> Well, how comes I find flakes in github:nixos/nixos-org-configurations?
<gchristensen> vika_nezrimaya: that is called eating our own dogfood
<vika_nezrimaya> is clearly dogfooding them
<gchristensen> to find all the bad spots
<vika_nezrimaya> if someone's using it it's good enough for me
<gchristensen> lol okay cool
<vika_nezrimaya> so I started doing that too
<gchristensen> well, that nixops doesn't support plugins I imagine
<vika_nezrimaya> well it does
<gchristensen> ok
<vika_nezrimaya> because aws and hetzner are included
<gchristensen> cool
<vika_nezrimaya> and looks like I figured out how to hack in something else, lemme try
<gchristensen> maybe the way to add another pulgin is to fork it and add it like aws?
* vika_nezrimaya $ nix build
<vika_nezrimaya> OUCH forgot to add it in function args
<adisbladis> gchristensen: I'm in the call
* vika_nezrimaya $ nix build # again
<gchristensen> adisbladis: I got a bit sidetracked before starting coffee, I'll be there shortly
<adisbladis> Ok =)
<gchristensen> (... water is hot, but the mokapot needs to mokapot ...)
<aanderse> adisbladis: don't mind me... just bored and listening :)
<aanderse> (tasked with migrating ancient perl cgi web app today... looking for any distractions :))
<adisbladis> mokapot gonna mokapot
<gchristensen> okay
<gchristensen> adisbladis: here
<vika_nezrimaya> yay it evaluated! buildin~
<gchristensen> adisbladis: did you disappear?
<adisbladis> aanderse: What's your observation? Can you see/hear me?
<aanderse> can't see anyone right now, just the jitsi first letter of your name in a circle
<aanderse> but
<gchristensen> sounsd like jitsi is busted
<aanderse> once in a while i hear someones breath
<gchristensen> jits ijust makes that sound sometimes
<aanderse> well honestly that was more fun that moving a perl cgi app, so i'm happy with the results of that meeting ¯\_(ツ)_/¯
<adisbladis> Jitsi sampled too much of the hooch
cole-h has joined #nixops
<infinisil> adisbladis: clever: Yeah I'm using the module system for my thing, check out
<infinisil> And I made to support this at all
<{^_^}> #75031 (by Infinisil, 21 weeks ago, merged): Module system improvements for NixOS as a submodule
<ixxie> Heya folks; I wanna make a backend for Hetzner Cloud for NixOps; any instructions anywhere to be found on how to get started on a backend?
teto has quit [Ping timeout: 272 seconds]
<adisbladis> ixxie: We have some authoring docs in the nixops repo
<adisbladis> is a pretty good minimal example of a backend
<ixxie> great! thanks adisbladis
<vika_nezrimaya> gchristensen: the libvirtd backend works perfectly with nixops-flake, just a little bit of release.nix patching was needed to make it build
<gchristensen> nice!
<vika_nezrimaya> but
<vika_nezrimaya> I have a libvirtd-related question
<vika_nezrimaya> how to stuff a deployment in qemu:///session and create a default network with a bridge in the session? It requires root rights AFAIK
<vika_nezrimaya> there's qemu-bridge-helper installed on the system though, but I'm not sure how to configure it
<vika_nezrimaya> currently I have no networks in session and the qemu:///system has a default network with a virbr0 device
<ixxie> aanderse, gchristensen, adisbladis - for future reference, I had similar situations with Jitsi (also its a privacy nightmare) and recently discovered Discord is a decent option for meetings because it has good screen sharing. Sometimes during peak hours the audio can be choppy, in which case you can use Riot for audio and Discord for screen share to get stable results.
<gchristensen> how is it a privacy nightmare?
<cole-h> Kinda funny how you tout Jitsi as a privacy nightmare (maybe you meant Zoom?), but are spreading the Good Word of Discord lol
<ixxie> Well maybe I was using it wrong but as far as I can tell it has zero authentication: all links seem to be fully public
<gchristensen> yeah they are
<ixxie> cole-h: I don't know about Discord in depth, but at least the links aren't public
<cole-h> You can set a password, if you like.
<gchristensen> also, I'm not sure how Discord, a company whose ceo got in trouble for "computer fraud, invasion of privacy, breach of contract, bad faith and seven other statutory violations" is more trustworthy
<ixxie> well I guess its not as bad as I thought
<ixxie> it seems we have no good options these days
<ixxie> anyway, the main issue for me was more the choppyness of the Jitsi experience... it was just unfortunately unusuable
<gchristensen> yeah, that is why I mostly use zoom
<ixxie> In a perfect world Riot would support screen sharing :D
<gchristensen> they do with jitsi :)
<ixxie> yeah 'kinda'
<ixxie> anyway, back to topic
<ixxie> NixOps has ResourceDefinition and ResourceOptions (shown in the tutorial adisbladis linked) but it seems there is also ResourceState
<ixxie> is there maybe also some reference documentation for this complementing the useful tutorial style intro in authoring.rst?
<gchristensen> tragicalyl not yet
<gchristensen> ixxie: if I asked you to hold off on doing it, would that be reasonable, and if so, for how long?
<ixxie> gchristensen: I can easily wait a week with this
<gchristensen> okay
<ixxie> maybe even longer
<gchristensen> adisbladis and I are trying to merge a few in-flight PRs to stabilize some changes to how plugins work
<ixxie> Oh
<ixxie> well then I definitely wait for that :D
<ixxie> this would be my first plugin
<ixxie> so I don't wanna have to change it in two weeks again :D
<ixxie> on a different note maybe I could somehow contribute this scripty script I have been working on which converts a remote machine to NixOS based of Clevers Kexec magic
<ixxie> Its currently written in bash but probably better to port it to Python anyway
<ixxie> In Hetzner Cloud for example, while NixOS ISOs exist, its pretty much impossible to fully automate their installation
<danderson> Is there a good place to keep track of what's happening in nixops development? I'm still planning to NixOS-ify our production systems here, and nixops is one option for doing that... But I don't know how the 2.0 stuff is coming.
<gchristensen> danderson: I am not stellar at it, but I try to keep and updated :x
<ixxie> So I was thinking it would be neat to have something that lets you not only convert machines but rather declaratively define snapshots for VMs, so it would build a VM, convert to NixOS, and same the image
<danderson> That's useful, thanks
<gchristensen> I need to solidify my *own* thinking there, probably this week, about what 2.0 means and when we've reached it
<ixxie> Clever told me there is some work to reduce state requirements, and to support PostgreSQL? Is that involved?
<gchristensen> I don't know anything about postgresql
<{^_^}> nixops#1264 (by grahamc, 5 weeks ago, open): Example NixOps State Backends
<ixxie> wait so I will be able to write a definition for where to store _NixOps_ state in a plugin?
<gchristensen> I'm not sure I'm parsing your question right, but yeah you will be able to write a plugin to teach nixops new ways to store nixops state
<ixxie> yeah neat
<gchristensen> with the caveat that all state backends store a .sqlite file
<gchristensen> so postgresql isn't really a great plan
<ixxie> makes sense... so you can store your nixops state in the same cloud provider
<gchristensen> yea
<ixxie> well I don't care about Postgre so much
<ixxie> but I am guessing that ResourceState is not the same thing as NixOps state right
<gchristensen> ResourceState is stored in the state file
<gchristensen> (I'm debugging on a call with adisbladis, so sort of half paying attention)
<ixxie> gchristensen: typo in this tag
<adisbladis> danderson: The changes from a user perspective should be very small
<adisbladis> gchristensen: Let's give jitsi another shot when we go again
<gchristensen> cool
<gchristensen> go eat so we're somewhat synced :P
<cole-h> You guys bouncing back and forth between Jitsi and Zoom for your meetings?
<gchristensen> we moved to a slack call
<cole-h> Oh, interesting. Never used them, so I didn't know they had that
<danderson> adisbladis: I think I'm blocked on being able to share/lock the state store, and... something else I can't remember
<danderson> still not 100% convinced that nixops's workflow will work for us, but once shared state is released I can at least give it a test drive
<adisbladis> danderson: Feel free to join in and ask some questions
<adisbladis> In ~1h
<danderson> Will do. I already talked to gchristensen a while back about my plans to get NixOS into production _somehow_
<danderson> but it's not on the list right now. Early startup == gotta prioritize stuff other than tinkering with prod infra right now :(
<cole-h> Tinkering with infra is fun (he says after never having really tinkered with infra, much less prod)
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixops
<danderson> it's a lot of fun, and it's what I've done for most of my career.
<danderson> But tinkering with prod doesn't sign up new customers :)
<danderson> At some point it'll be necessary from a hygiene POV, so we can make claims about the security and auditability of prod with a straight face
<danderson> and NixOS will help hugely with that.
<gchristensen> =)
<cole-h> (=
<adisbladis> Cursed idea: A new programming language called psil, it's lisp but the parens are inversed. Happy typing.
<gchristensen> NO.
<clever> adisbladis: what about having to terminate every ( with a }? :D
<cole-h> adisbladis: wtf lol
<gchristensen> clever: maybe all )'s should be zero width spaces
<danderson> or a unicode glyph that looks like ) but isn't )
<danderson> and add a compiler intrinsic for ascii ) that deletes the source code
<danderson> adisbladis: the worst thing about your cursed idea is it's easy to implement with a reader macro
<clever> danderson: i saw somebody explaining an idea, where every time you hit save, the testcases are ran
<clever> danderson: and if the testcases fail, it automatically does `git reset --hard` to undo EVERYTHING
<clever> write good code, or do it over
<danderson> so you can immediately launch emehcs, psil nommoc, tekcar...
<gchristensen> adisbladis: btw ready when you are
<danderson> (is this a public meeting I can join to listen in on, or a private thing?)
<gchristensen> we're trying to do everything public, the only times they're private is either we forgot or jitsi wasn't working :)
<danderson> fair enough :) Is it the jitsi link in topic?
<danderson> I have nothing to contribute, I'm just curious.
<gchristensen> yep!
<danderson> wow the camera on this laptop is cold garbage lol
<gchristensen> lol
<danderson> I guess it's fine, just used to my logitech pro and ipad
<danderson> (neither of which I can use now, yay)
<cole-h> It's like a masquerade ball in here
ixxie has quit [Quit: Lost terminal]
<danderson> ... and it's just me again.
<cole-h> :)
ixxie has joined #nixops
<ixxie> hmm can't seem to hear anything
<danderson> I'm the only other one in the call, and I'm muted
<danderson> so that's probably why :)
<ixxie> lol
<ixxie> lets just share a moment of silence then
<ixxie> :D
<danderson> I'm learning all about jitsi's "bwoop" joining/leaving noises
<danderson> and not much about nixops :D
<ixxie> bwoop
<gchristensen> we aren't meeting for a bit more
<adisbladis> Ready in two minutes
<adisbladis> gchristensen: ^
<adisbladis> danderson: ^
<cole-h> :( No ping for me
<adisbladis> cole-h: <3
<adisbladis> Hm, is the sound working?
<danderson> I can hear you
<danderson> if you can't hear me my microphone settings are probably busted
<adisbladis> Ok, I can't hear anyone
<danderson> I'm the only unmuted person right now :)
<adisbladis> Right
<adisbladis> I'm muting myself and turning off the camera while we wait for gchristensen
<cole-h> danderson: Oh, I can hear you now
<gchristensen> omw adisbladis
<cole-h> A little soft, but
<cole-h> SGTM
<danderson> my bad, I have my modmic dongle plugged in, so it was using that input... But my modmic is off.
<cole-h> lol
<gchristensen> ssh
<cole-h> adisbladis: `-fusshd` vs `-fu sshd` work the same, is the astonishment
<vika_nezrimaya> Wow. Looks like an unintended side effect of running nixops in a nixops checkout is that nixops is being run from a checkout instead
<vika_nezrimaya> great for debugging I guess
<cole-h> gchristensen: Cancelling video so we can't read the join code thing from your glasses? :P
<gchristensen> ssh
<adisbladis> cole-h: So we can use tmate instead
<cole-h> Careful, gchristensen, that's a controversial opinion!
<cole-h> gchristensen: There will also be `doas` for priv esc soon ;^)
<gchristensen> hehe
<adisbladis> cole-h: The default will be sudo regardless ;)
<cole-h> I know :(
<cole-h> gchristensen: Hermes maybe? "Hermes is considered the herald of the gods"
<cole-h> :D
<adisbladis> cole-h: I don't like Hermes :/ They keep losing parcels
<cole-h> lool
<cole-h> Then maybe Mercury, which is the Roman counterpart? :^)
<cole-h> gchristensen: "In this guide... This guide assume" is repetitive
<cole-h> OK
<gchristensen> cole-h: are you going to suggest on the PR directly, or as a follow-up UP after this merges?
<cole-h> In the middle of writing the suggestions, but I can follow-up if you like
<gchristensen> I'll wait
<cole-h> gchristensen: OK, submitted. Note that the headers aren't properly formatted.
<cole-h> adisbladis: Or maybe even "We assume the following"
<cole-h> (I'm still in the call... lol :D)
<adisbladis> We're talking about now
<{^_^}> nixops#1325 (by adisbladis, 1 week ago, merged): tests: Add functional tests using NixOS in Docker
<cole-h> gchristensen: adisbladis: Sorry to go back a bit, but the RST headers are still busted for the non-root deploy docs
<gchristensen> cole-h: d'you know a fix?
<cole-h> Add a few more characters ;^)
<cole-h> The authoring.rst has 4 characters below the heading, while you only have 3
<gchristensen> hrm
<cole-h> Suggesting changes
<cole-h> One more typo I noticed
<cole-h> Big bundle of suggestions incoming; mostly small changes, though.
<gchristensen> thanks!
<gchristensen> computers.
<cole-h> How do they work?
<gchristensen> badly
<{^_^}> #86830 (by adisbladis, 13 seconds ago, open): podman: Don't symlink the $bin output
<cole-h> adisbladis: I didn't do anything for the "nixops ssh,mount: document the interaction with targetUser" commit, so no need for adding me as co-author :^)
<adisbladis> Whatever :P
<adisbladis> You're helping out with the docs session =)
<cole-h> Hehe
<adisbladis> (I'm too lazy to update)
<cole-h> If there's anything I can do well, it's nitpick literally anything
<gchristensen> ssh
<cole-h> Can anybody connect to that, and do I need tmate to watch with it?
<adisbladis> cole-h: Yep, anyone can connect
<adisbladis> You don't need tmate, just ssh
<cole-h> Cool beans
<adisbladis> tmate is only required on the host
<cole-h> The real question is: how do I leave :o
<gchristensen> press eter then ~.
<gchristensen> enter*
<adisbladis> cole-h: tmate is a bit like hotel california
<cole-h> lol
<cole-h> Interestingly, `Enter + ~.` (nor `~.`) seem to work in the ro tmate connection, but if I ssh into my pihole, it does
<cole-h> Huh, now it worked
<cole-h> Computers are weird.
<adisbladis> ssh
<tokudan> cole-h, the ~. is the ssh version of "disconnect this ssh session now"
<cole-h> Yeah, I understand that now... It's just that for whatever reason it wasn't working in the tmate session until I changed ~something~
<adisbladis> I wish I could just share my entire emacs session
<adisbladis> Instead of firing up terminals
<cole-h> Stream it to Twitch or something :D
<adisbladis> Like tmate, but only for emacs :P
<gchristensen> emate
<adisbladis> There you go
<cole-h> Sounds like an online dating service
<adisbladis> cole-h: Online dating service for emacs users
<cole-h> lol
<cole-h> gchristensen: I thought you said "nutella" instead of GNUTLS lol
<gchristensen> isn't it pronounced nutella? :)
<{^_^}> systemd/systemd#3388 (by gdamjan, 3 years ago, closed): systemd-run --user --scope ... doesn't work with unified cgroup hierarchy
<cole-h> adisbladis: On (old) issues, I'm seeing `setsebool -P container_manage_cgroup 1` pop up as a suggestion
<cole-h> (All I did was Google, so might not even be relevant)
<adisbladis> cole-h: setsebool is selinux stuff
<adisbladis> So not relevant
<cole-h> `dbus-launch --sh-syntax --exit-with-session sway`
<adisbladis> <3 cole-h
<{^_^}> cole-h's karma got increased to 40
<gchristensen> cole-h: (a) how did you have that so ready? (b) make sure to `exec` whatever it is you're running so if sway crashes you're not left logged in
<cole-h> gchristensen: I had it in my old `swayrun` shell script lol
<cole-h> Nowadays I use a systemd unit
<adisbladis> I was pasting this one earlier today in #nixos-chat
<adisbladis> Feels more ironic now
<cole-h> Hahahaha
<adisbladis> I really do like systemd :)
* gchristensen too
<gchristensen> cole-h: link?
<cole-h> Warning: it's managed by h-m so you'll probably need to adjust the syntax and whatnot
<cole-h> and the LD_LIBRARY and LIBGL stuff is cuz not-NixOS, so you can probably drop that too :^)
<adisbladis> cole-h: Nice
<adisbladis> I've done the same on "debian" before
<cole-h> The only downside is that it's literally impossible for me to launch it from the TTY anymore (I do `exec systemctl start --user sway` in my fish profile)
<adisbladis> The entire KDE session is managed by home-manager, but running on top of a debian based distro
<cole-h> Yep, most of my stuff is home-manager managed and it's fantabulous
<cole-h> Ouch, what a nasty bug
<adisbladis> cole-h: The linux containers situation is "great"
<cole-h> adisbladis: You missed 1 suggestion on non-root btw
<adisbladis> cole-h: Liar! ;)
<cole-h> A few more things, sorry
<cole-h> Suggestions inc again
<cole-h> THEN it should be good
<cole-h> Without these newlines, the code blocks get swallowed
<cole-h> Notice the suspicious lack of code blocks
<cole-h> adisbladis: You're gonna hate me...
<adisbladis> cole-h: I'm a lover not a hater
<cole-h> Great, then one final change and then I'll walk away and submit PRs in follow-up if I notice anything else :D
<adisbladis> ^_^
<gchristensen> w00t
<adisbladis> cole-h: Btw
<cole-h> I definitely ninja-edited that lol
<{^_^}> #86488 (by cole-h, 3 days ago, open): [WIP] nixos/doas: init
<cole-h> adisbladis: I wanted to wait for qyliss's feedback on the function splitting, but if you say current function split is good, I'll squash and unmark WIP
<vika_nezrimaya> I must confess, most of the time when some open-source software is in beta or testing, it's actually fairly stable, maybe a bit rough around the edges but certainly working
<vika_nezrimaya> NixOps+Flakes are no exception
<cole-h> OKOKOK, the document looks good now. Thanks for hanging in there adisbladis :^)
<adisbladis> \o/
<vika_nezrimaya> Thanks to the roughness though, I learned a lot about how NixOps works :3
<adisbladis> cole-h: I think it looks pretty nice
<adisbladis> A release note is in order
<cole-h> Oh shit
<cole-h> Please don't do this to me
<cole-h> Don't make me write... *shudders* /docbook/
<gchristensen> lol
clever has quit [Ping timeout: 265 seconds]
clever has joined #nixops
<gchristensen> uh oh cole-h
<gchristensen> I started sway that way, but still no go
<gchristensen> specifically WLR_DRM_NO_MODIFIERS=1 exec dbus-launch --exit-with-session sway -c /etc/sway/config
<cole-h> :(
<cole-h> Maybe that `systemctl --user import-environment` part is necessary
<gchristensen> exec systemctl --user --wait start sway.service that --wait bit is interesting
<gchristensen> exec systemctl --user import-environment WAYLAND_DISPLAY SWAYSOCK
<cole-h> Probably don't want to exec the import lol
<gchristensen> :)
monokrome has quit [Remote host closed the connection]
monokrome has joined #nixops
<gchristensen> cole-h: systemctl --user cat sway.service
<gchristensen> pgdhtcrgifdgc
<cole-h> Strange, you're the first keyboard masher to not have started with a, s, d, f, or g...
<gchristensen> dvorak
<cole-h> Understood
<gchristensen> Remove this line and just exec sway, the FAQ tells you this is needed in situations where you do not have logind available, which is not the case given that you are still running systemd.
<gchristensen> "Sway makes use of systemd's logind to handle sessions and allows sway to run without elevated privileges. This is the recommended way to use Sway."
<cole-h> (:
<gchristensen> I'm super confused
<cole-h> Sorry, I don't know either :D
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 256 seconds]
ixxie has joined #nixops
ixxie has quit [Ping timeout: 240 seconds]
ixxie has joined #nixops
<abathur> vika_nezrimaya: looks like you found some help here, if not exactly what you wanted? :)
<vika_nezrimaya> well, maybe?
<vika_nezrimaya> at least now I know more stuff which is good
<abathur> input, at least
<abathur> yes
<abathur> glad you found some input; I was a little worried I would send you over to crickets :)
<vika_nezrimaya> also running a libvirtd machine fully deployed from a flake, with secrets being passed with an experimental keyCmd option that isn't in upstream yet because I need to tidy the code in the PR