<ldlework>
infinisil: did your znc changes make it into unstable yet
<ldlework>
or do you have an overlay that enables it?
<samueldr>
it isn't in unstable yet, and only two weeks from the branch-off date ;)
<infinisil>
Ahhh
<infinisil>
Need to finish it
<infinisil>
I'll have my last exam soon, after that I'll have more time, and hopefully enough motivation to finish it
<ldlework>
ok hopefully I don't need to mess with my server because I forgot what I did to get that to work for nixops heh
<ldlework>
i removed something and now it wont deploy because your attribute doesn't exist heh
<ldlework>
oops
Drakonis has joined #nixos-chat
Ericson2314 has joined #nixos-chat
disasm has joined #nixos-chat
pie__ has quit [Ping timeout: 272 seconds]
Drakonis has quit [Remote host closed the connection]
jD91mZM2 has joined #nixos-chat
tertle||eltret has quit [Quit: Connection closed for inactivity]
disasm has quit [Quit: WeeChat 2.0]
disasm has joined #nixos-chat
Lisanna has quit [Quit: Lisanna]
Ericson2314 has quit [Remote host closed the connection]
<jD91mZM2>
OH FUK! We just got a stack overflow with my recursive descent parser, peeps
<jD91mZM2>
Oh, unless it's just stuck in an infinite loop. Would make more sense. False alarm... hopefully
<jD91mZM2>
Yep, false alarm! All good :D
* jD91mZM2
looking at the code he wrote yesterday: "Dear god, who wrote this crap"
<jD91mZM2>
Woah! TODO list finally done! Now I need to try parsing my own nixos config and see how it goes
<ekleog>
one nice thing to do for tests is write a basic program that outputs the AST passed to it, and try to parse->output->parse, and check it's parsed twice the same thing (preferably, using another parser than the first one, but it's enough to discover at least some errors)
<ekleog>
you can run it on all nixpkgs, then, I've uncovered at least one bug in hnix by doing so :°
Lisanna has joined #nixos-chat
<MichaelRaskin>
nix-instantiate --parse is probably a suitable normaliser
<jD91mZM2>
ekleog: Yep, currently writing a dump-ast example
<jD91mZM2>
I don't currently have a way to print out the AST to valid nix but I'll make another example that does that
<jD91mZM2>
Darn, first try at running it against my own config was a failure
<jD91mZM2>
I forgot you could do thing."some text".other_thing
<jD91mZM2>
Oh, so you can make idents with strings... but only inside sets. That's kinda weird.
<jD91mZM2>
Second attempt, success! Don't know if it's valid AST, but it does parse!
<infinisil>
jD91mZM2: do you have dynamic attrnames working?
<ekleog>
(the test-* are hard-coded hacks for testing)
<ekleog>
the idea being that each module states what other kinds of modules it can extend, and doesn't hardcode its dependencies
<MichaelRaskin>
In my system I just try to treat the system composition as a normal overridable package set
<MichaelRaskin>
But good override logic for package sets is still complicated…
<infinisil>
Hmm
<MichaelRaskin>
(but even in Nixpkgs we suffer from imperfections of available override approaches…)
<ekleog>
(currently the extends syntax is pointlessly complex, I've got to refactor this, but this udev issue has made me ragequit and I haven't managed to find the motivation to change it again)
<ekleog>
basically started from a “what if I want to remove systemd” reasoning, here it'd be enough to just set init = systemd or init = runit or whatever instead of using core-system :)
<ekleog>
MichaelRaskin: I don't really get it, how do you handle that?
<MichaelRaskin>
Well, in Nixpkgs we have ImageMagick that can be built with different subsets of image libraries
<MichaelRaskin>
In a system you have system path that can be built with different sets of installed packages
<MichaelRaskin>
I don't really want these to be different
<MichaelRaskin>
And I like what we have for package sets more than the module systems
<MichaelRaskin>
But still, there are problems…
<ekleog>
How do you handle eg. configuring your init system to run your webserver, and have the webserver log to your logger?
<ekleog>
(basically, 1-to-n and n-to-1 dependencies, the two cases I came up with when designing my “module” system à-la GuixSD)
<MichaelRaskin>
Oh well, I actually want the Nix part just to give me scripts and let the stage-3 in Lisp launch what needs launching. And I want logs to go to plain files by redirecting stderr whenever possible. but in general, n-to-1 would be to override the logging services with whatever settings need to be changed, then it gets used as a parameter by whatever services default to using the logger service.
<MichaelRaskin>
(And can be passed by overriding to services that do not use it by default but can use it)
<ekleog>
just so that I can picture it better in my head: for iptables, let's say I have module M that, when enabled, should open a port in the firewall, how would that look like for you? (iow, the 1-to-n case)
<MichaelRaskin>
This is actually what I do not want
<MichaelRaskin>
I.e. I would prefer iptables.override { rulesFromServices = [ M ]; }
<ekleog>
also, for the n-to-1 case, if I have a logging system that accepts logs from /run/${user-defined-value}.sock, then how do you handle propagating that user-defined-value back to all services that depend on it?
<ekleog>
hmm… but at least for init you need to have something like that, don't you? or for nginx / apache / etc. for websites
<MichaelRaskin>
Well, how do we do a global override of libX11 = null; ?
<MichaelRaskin>
(Answer: painfully)
<MichaelRaskin>
(But my system definition is smaller than Nixpkgs, so it is not a problem yet; and a lot of logic is pushed to Lisp code anyway)
<ekleog>
hmm'k :) I think I'll go back to working on my system (when I'm motivated enough to tackle eudev again) with possibility to hotswap any component in/out with a custom fixpoint, then :)
<ekleog>
thank you for this discussion!
<MichaelRaskin>
I want to hotswap many things in runtime, so I want system build to produce a set of bricks, not a monolith
<ekleog>
hmm good point
<ekleog>
but if that requires a custom daemon running to hold everything together… :/
<MichaelRaskin>
Well, having a custom daemon was among the goals
<MichaelRaskin>
I mean, in a location I want to reconfigure the network, the displays, the fetcher daemons…
<MichaelRaskin>
I want to write this all in a language I don't hate, and suitable for weird policies beyond the optimum point of shell scripting.
<ekleog>
“in a location”?
<MichaelRaskin>
It's a laptop
<ekleog>
ooh, a physical location
<ekleog>
hmm… I do agree with you that nixos-rebuild requiring to restart every daemon that has changed is painful
<MichaelRaskin>
I am OK with restarting every daemon
<ekleog>
so the issue is “in a language I don't hate”?
<MichaelRaskin>
I am not OK with systemd failing the basic logic of logging, limiting how I am allowed or not allowed to spawn multiple X servers, etc.
<MichaelRaskin>
Also, my concerns are cross-cutting
<ekleog>
yeah well forcing systemd is stupid, but that sounds orthogonal to the need for a custom daemon holding everything together to me :)
<MichaelRaskin>
nixos-rebuild is not supposed to run xrandr
<ekleog>
(typically, I've defined an interface between services and the init service, so I can have a runit running as pid1, then another runit as pid2 that's run by pid1, and then have some services under runit-pid1 and some services under runit-pid2)
<ekleog>
xrandr?
<MichaelRaskin>
Well, I want a lot of small things. The real logic I want from sudo is orthogonal to what is normally offered
<ekleog>
(it doesn't need to be all runit's btw, can be a runit spawned by openrc, or whatever -- just that actually I've implemented only the runit backend)
<ekleog>
s/actually/currently/
<MichaelRaskin>
Well, in different locations I might have different monitor sets — and different desired brightness
<MichaelRaskin>
I want custom daemon because I will need to implement a lot of small logical pieces anyway
<ekleog>
but… couldn't that be implemented as a small standalone daemon?
<MichaelRaskin>
A ton of them
<MichaelRaskin>
One for true sudo logic
<MichaelRaskin>
One to manage Firefox etc. isolation
* ekleog
rather have a ton of standalone daemons than a single big daemon, makes daemon failure less painful
<MichaelRaskin>
Meh, that's Lisp.
<MichaelRaskin>
Failures are either clean crash or ignorable
<MichaelRaskin>
You don't have the memory walks causing random actions
<ekleog>
even clean crash is an issue when all your computer handling is in there… or not?
<MichaelRaskin>
Nope
<MichaelRaskin>
Main daemon crashes, it is respawned, big deal
<ekleog>
oh, it's stateless?
<MichaelRaskin>
There is a little bit of state (when I grab random high UIDs, I want to remember which user account has access to what transient UIDs).
<MichaelRaskin>
Stored on a tmpfs with sqlite
<MichaelRaskin>
I probably should do better locking around sqlite calls from threads, as it sometimes gets unhappy.
<MichaelRaskin>
But if sqlite gets unhappy, I just crash the daemon and everything is fine again
<ekleog>
hmm'k :)
<ekleog>
so next question because I'm curious about your setup: what do you call “true sudo logic”? 😇
<MichaelRaskin>
Erlang people are right: if you have any doubts, crash it and let it recover
<MichaelRaskin>
Well, what is the true condition when you want a person to ask for reboot?
<ekleog>
policykit? :3
<MichaelRaskin>
a) they know root password, b) they know one of the passwords from accounts in sudoers c) they are sitting at the computer, goddamn it
<MichaelRaskin>
Policykit is getting all that wrong
<MichaelRaskin>
If I am logged in to my notebook but issue the command via SSH, it is a different situation
<MichaelRaskin>
And I don't want an abomination to take over all the sessions to answer the question «is the request from a user near the laptop»
<MichaelRaskin>
I want to use that nice invention called «VTs»
<ekleog>
so if I understand correctly, your daemon checks that you are on a local VT before granting you the right to reboot?
<ekleog>
(yeah, polkit was a bit of a taunt 😇)
<MichaelRaskin>
Nope. It shows me a confirmation dialog on VT63.
<ekleog>
hmm… vt63? what did you bind on it?
<MichaelRaskin>
Nothing. It switches to tty63, locks it, starts fbterm, shows the request, waits for reaction or lack thereof, switches back (unlocking the vt switch)
<ekleog>
oh 'k :)
<ekleog>
all your ideas sound really good, I just find it a bit sad that they come in an all-or-nothing package ^^
<MichaelRaskin>
Well, not completely all-or-nothing
<MichaelRaskin>
As the daemon is ready to be force-crashed, it is also _not_ assuming it is the only daemon managing the system (unlike, well, some other system manangement approaches)
<MichaelRaskin>
So it is not hard to have your normal system, and also run this daemon to invoke only for requests you want to pass it
<ekleog>
hmm, but then the daemon is ~equivalent to a setuid wrapper around some helpers? if it's only reacting to requests you explicitly pass it
<MichaelRaskin>
The daemon is supposed to only reqct to requests, yes
* ekleog
got to go, thank you for the discussion!
<MichaelRaskin>
Bye
<jD91mZM2>
Finally done with dynamic attributes
<infinisil>
> { foo = 10; } ? foo
<{^_^}>
true
<infinisil>
jD91mZM2: Got this? ^^
<jD91mZM2>
infinisil: Darn, no I haven't
<jD91mZM2>
btw renaming rust-nix to rnix
<jD91mZM2>
It looks nicer when using as a library. extern crate rust_nix; vs extern crate rnix;
<jD91mZM2>
Nix patterns should use `or` and not ?, in that case btw
<jD91mZM2>
makes more sense
<jD91mZM2>
infinisil: Implemented that and `or`
<jD91mZM2>
I pretty much just formatted my /etc/nixos/configuration.nix using rnix :D
<jD91mZM2>
Not sure all comments are intact, but I'm honestly surprised at how many were
disasm has quit [Ping timeout: 272 seconds]
<jD91mZM2>
Currently trying to run nixpkgs. Main file has this:
<jD91mZM2>
inherit (trivial) id const concat or and boolToString mergeAttrs
<jD91mZM2>
flip mapNullable inNixShell min max importJSON warn info
<jD91mZM2>
nixpkgsVersion mod compare splitByAndCompare
<jD91mZM2>
Oh yeah, we just discussed that, that's something I gotta fix
<jD91mZM2>
Point is the span informatin
<jD91mZM2>
s/informatin/information
<gchristensen>
aah
<jD91mZM2>
> { if = 5; }
<{^_^}>
error: syntax error, unexpected IF, at (string):169:3
<jD91mZM2>
inconsitencies :D
<jD91mZM2>
> { assert = 4; }
<{^_^}>
error: syntax error, unexpected ASSERT, at (string):169:3
<gchristensen>
nix-repl> { "if" = "hi"; }
<gchristensen>
{ if = "hi"; }
<jD91mZM2>
That works in mine too :D
<gchristensen>
good :)
<jD91mZM2>
Implemented dynamic attributes earlier today. Was a pain :P
<gchristensen>
> let foo = "hi"; in { ${foo} = "there"; }
<{^_^}>
{ hi = "there"; }
<gchristensen>
like that?
<jD91mZM2>
Yep
<jD91mZM2>
Obviously it doesn't need to do any variable lookup though - it's just a parser
<gchristensen>
I don't like that syntax, I think it was a mistake to not put it in quotes.
<jD91mZM2>
Definitely true
<jD91mZM2>
Although, even in quotes they are just uGH
<gchristensen>
they're important to support variables in attrs
<jD91mZM2>
I don't personally see why that needs to be a thing
<MichaelRaskin>
I think builtins.listToAttrs have been enough for a long time
<gchristensen>
well sometimes you need a dynamic key and it just is
<jD91mZM2>
Which keywords can be assigned to variables in nix, and which can't?
<gchristensen>
w/out quotes?
<jD91mZM2>
Yeah
<jD91mZM2>
> { or = 3; if = 2; assert = 1; }
<{^_^}>
error: syntax error, unexpected IF, at (string):169:11
<MichaelRaskin>
Joys of separate lexer
<gchristensen>
> { assert = 1; }
<{^_^}>
error: syntax error, unexpected ASSERT, at (string):169:3
<clever>
> { "assert" = 1; }
<{^_^}>
{ assert = 1; }
<clever>
> ({ "assert" = 1; }).assert
<{^_^}>
error: syntax error, unexpected ASSERT, expecting ID or OR_KW or DOLLAR_CURLY or '"', at (string):169:21
<clever>
> ({ "assert" = 1; })."assert"
<{^_^}>
1
<clever>
> { "assert" = 1; "a.b" = 2; }
<{^_^}>
{ "a.b" = 2; assert = 1; }
<clever>
gchristensen: good luck using any attribute on this set without problems! :D
<gchristensen>
lol
<gchristensen>
{ "" = 1; }.""
<gchristensen>
> { "" = 1; }.""
<{^_^}>
1
<clever>
:O
* gchristensen
shrugs
<clever>
i also recently saw warnings about using HashMap in haskell, and that an attacker can use partial hash collisions to make the performance worse
<samueldr>
and don't forget about `${null}` :)
<samueldr>
> {${null} = 1;}
<clever>
and because aeson uses that for the keys in the json, an attacker can craft json that takes a crap-ton of cpu to parse
<{^_^}>
{ }
<MichaelRaskin>
Horrible question: imagine a sensible language extension where { assert = …; } is useful, makes sense and is not the same as { "assert"=…; }
<clever>
gchristensen: but nix doesnt suffer from this, because all keys in a set are turned into ints, and the id is just an auto-increment in a global variable
<gchristensen>
nice
<clever>
the only cost is a one-time (ish) lookup of the key in the global map
<clever>
and then all keys are basically ints
<gchristensen>
iirc that is an ancient vulnerability of Perl's
<LnL>
samueldr: null is great to avoid rebuilds :)
<clever>
, sColumn(symbols.create("column"))
<samueldr>
and then there's this
<samueldr>
> rec { ${null} = 1; null = "2"; }
<{^_^}>
{ "2" = 1; null = "2"; }
<clever>
, sName(symbols.create("name"))
<clever>
gchristensen: some of the keys in a set are pre-created very early on, and the int version is saved in a field on the class
<clever>
gchristensen: so you can then just read the sName key in a set, and can skip finding out what int is behind "name"
<samueldr>
(I mean, it all makes sense, but it could be surprising still)
<gchristensen>
clever do you know about __overrides?
<samueldr>
(though I'm kinda assuming you know and I'm kinda not-nice for RTFMing)
<jD91mZM2>
I didn't :)
<jD91mZM2>
I've just been experimenting in the repl lol
<samueldr>
that table is great for associativity too
<gchristensen>
for a newbie I think it is really easy to see `assert bootable -> bootImage != ""` and guess from context that it means if bootabl is true, require this other thing to be true
<gchristensen>
without taking the time to learn what it actually means
__monty__ has joined #nixos-chat
<jD91mZM2>
samueldr: That just showed me a bug :D
<samueldr>
:)
<jD91mZM2>
-function arg, in my parser would be (-function) arg
pie_ has quit [Ping timeout: 240 seconds]
<jD91mZM2>
gchristensen: Sorry for not replying earlier btw, didn't wanna get into a discussion. I'm usually for having syntax be as simple and least fancy as possible, but I do get your argument about it being cleaner
<jD91mZM2>
rnix just scanned 22 different nixpkgs files and after some tweaking, all of them work
<jD91mZM2>
(It stopped because it didn't find any import statements, I haven't implemented a search in the full AST yet)
<MichaelRaskin>
simpson: I think in software land it doesn't feel like too much change from a normal pendulum
<jD91mZM2>
But yeah I just made it treat all interpolated strings as multiline lol
<simpson>
MichaelRaskin: Maybe. I see a continued resistance to memory safety, and a continued commitment to avoiding higher-level abstractions and simpler security models.
<gchristensen>
jD91mZM2: I think the replacement will create a \n
<jD91mZM2>
gchristensen: Oh yeah good point
<MichaelRaskin>
simpson: see? business as usual
<gchristensen>
simpson: other than division, what do you think about pony?
<jD91mZM2>
gchristensen: I should probably have some difference between multiline strings and normal ones in the AST lol
<gchristensen>
did I ask you this already?
<gchristensen>
jD91mZM2: how does rnix handle a multiline string without any interpolation?
<jD91mZM2>
gchristensen: It parses it like nix would - disregards leading whitespace
<{^_^}>
ponylang/rfcs#28 (by dckc, 1 year ago, open): FFI taming
<gchristensen>
simpson: h yes!
<gchristensen>
but on re-emitting it, would it emit a multi-line string, or a "..\n..\n"?
<jD91mZM2>
re-emitting?
<gchristensen>
what would rnix's nix formatter do
<jD91mZM2>
gchristensen: FYI the formatter is just an example and not something I'll actually spend much time on
<jD91mZM2>
gchristensen: Currently when you parse a multiline string there's no difference between a normal string and a multiline string
<jD91mZM2>
gchristensen: The reason it chose a multiline string here is because it's interpolation - hardcoded to do that in the formatter. This is not correct.
<gchristensen>
you said: "But yeah I just made it treat all interpolated strings as multiline lol" so, would it read in foo = ''bar\nbaz\n'' and emit foo = "bar\nbaz\n" or foo = ''bar\nbaz\n''?
<jD91mZM2>
Yep.
<gchristensen>
which yep?
<jD91mZM2>
Oh sorry, I misunderstood
<jD91mZM2>
The first one
<gchristensen>
gotcha
<gchristensen>
thanks :)
<jD91mZM2>
I don't even support \n in strings lol. I was so focused on the parser I didn't think of the small things haha
<infinisil>
Oh strings! Right, you got a lot of weird escaping to do