<colemickens>
I was a bit confused, Channels are a nix primitive? I didn't grok that section of the blog post.
<drakonis_>
ask the devs
<ekleog>
colemickens: the channels section of the blog post appears wrong to me, unless you consider as “channels” things `nix-channel` doesn't consider as channels
<ekleog>
(disclaimer: I read only this section)
<ekleog>
a channel is, from my recollection of what nix-channel does, a way to track evolutions to versions of package sets
<ekleog>
which is entirely out-of-band wrt. the nix language (though I can't remember whether the `channel:` syntax can be used in `.nix` now or not)
<drakonis_>
a correction is in order
<ekleog>
I'm trying very hard to stop doing https://www.xkcd.com/386/ nowadays, please don't tempt me .p
<drakonis_>
is that the "someone is wrong on the internet" one
<drakonis_>
damn
<drakonis_>
i knew it
<drakonis_>
nix is popular...
<drakonis_>
ish
<joepie91>
there's been surprisingly little abuse originating from both my last two hackernews listings, and the last two for Nix
<joepie91>
what has changed?
<colemickens>
luck
<infinisil>
Hehe yeah, not sure what's up with that
<drakonis_>
fascinating question
<joepie91>
I'm used to getting flooded with a torrent of bullshit any time I hit HN...
<joepie91>
but none of that this time
<joepie91>
relatedly, I've noticed that things seem to fall off the HN frontpage faster recently
<joepie91>
maybe that has something to do with it?
<joepie91>
or maybe they're more heavily penalizing controversy now... dunno
<infinisil>
joepie91: Yeah I noticed the faster falloff too.. The recent >200 NixOS post went from #1 to #10 in an hour or so
<sphalerite>
gchristensen: hmmm not quite the functional programming you were expecting I'm guessing :D
<sphalerite>
the German high-speed trains have WiFi and a portal which allows accessing trip information. Naturally it uses a simple JSON curl API, so I hooked it up to my i3bar. And I'm far too happy with the result. https://sphalerite.org/dump/trainspeed.png
<sphalerite>
s/curl //
<__monty__>
Is the happiness always at 100%?
kisik21 has joined #nixos-chat
kisik21 is now known as vika
<sphalerite>
__monty__: hahaha yes
<sphalerite>
well actually the smiley face represents a full batter (the laptopt has two batteries)
vika has left #nixos-chat ["WeeChat 2.4-dev"]
<wirew0rm>
sphalerite: did they fix their XSFR vulnerability in the meantime? :D
<sphalerite>
wirew0rm: I don't know of this vuln's existence, so I can't tell you that :p
<fpletz>
though your log indicates that networkmanger seems to have tried that
<andi->
Did you guys read the post where switching to networks increased network throughput by 30%?
<gchristensen>
:o
<gchristensen>
fpletz: seems it auto-detects resolved and tries it
<gchristensen>
fpletz: anything I should try in my debugging?
<fpletz>
gchristensen: hm, what does networkctl report about wlp2s0? is it unmanaged?
<gchristensen>
networkctl says it is managed, iirc, when I'm on networkd, but unmanaged now. I can test if necessary, but requires 2 reboots I think: to try networkd, to go back to scripted (is that wrong? can I do run-time swapping?)
<fpletz>
ah, then that may be the reason… the dreaded 99-main network unit matches all interfaces
<gchristensen>
colemickens: you can use them both together, purportedly :)
<colemickens>
I guess I'm still not sure it makes sense on my laptop and I couldn't really get it to painlessly work with libvirt/docker like networkmanager seemed to.
<gchristensen>
I'm not sure I understand, they're not (supposed to be) mutually exclusive
<gchristensen>
fpletz: ^ any ideas w.r.t. those gists? I'm still on networkd + networkmanager, but tethered :)
<globin>
gchristensen: he's just ran away for something, should be back in a minute or two
<gchristensen>
no worries :)
<colemickens>
It's more that everything in my day-to-day scenarios works out of box with NM managing everything, and I don't see much advantage in adding networkd in the mix just to manage my wired interfaces.
<gchristensen>
(I had just realized I didn't ping him when linkking the gists)
<colemickens>
I *think* it might just be a matter of changing the default networkd units to disable DHCP for virbr* type interfaces, but I haven't had time to chase that down, just wound up switching back and putting it on a list in my head somewhere.
<gchristensen>
well if fpletz gets his way, nixos will be all-networkd soon :)...
<colemickens>
That's what inspired my attempt to switch, he made it look so enticing!
<gchristensen>
aye
<gchristensen>
I think he's proposing a whole new networking module based on networkd, which may be more "correct" for you
<fpletz>
colemickens: there are a few issues to work out how we configure networkd before it works smoothly :)
<fpletz>
gchristensen: looking into it now
<gchristensen>
^ those few issues is why I'm using it now :)
<fpletz>
gchristensen: mh, that's odd… it does work work with your iphone's hotspot though, right?
<gchristensen>
yeah, I'm on that now:)
<fpletz>
I don't understand why the dns server wouldn't be reachable in that scenario
<gchristensen>
so bizarre.
<maurer>
gchristensen: Uh, hasn't networkd had a series of really bad bugs in it recently?
<maurer>
Why would we want to switch to it?
<gchristensen>
ooo
<fpletz>
maurer: security issues even :) but our scripted networking has even more weird bugs unfortunately
<gchristensen>
s/ooo//
<gchristensen>
my servers, for exmple, fail to boot regularly because the scripted networking doesn't predicatbly bring up bonds properly
<maurer>
fpletz: But were ours security bugs?
<gchristensen>
I'd rather put my eggs in the networkd basket than a set of shell scripts with few reviewers
<maurer>
>_>
<maurer>
Our scripts may have fewer reviewers, but not being written in C gives them some degree of defense to begin with
drakonis has joined #nixos-chat
<gchristensen>
yeah but they don't work
<emily>
could just standardise on, like, connman, which is both widely used and also not a broken mess >_>;
<emily>
(and also fast!)
<gchristensen>
fpletz: where would you go next to debug this? :/
<fpletz>
maurer: creating a robust network management stack with just iproute2 and shell scripting is pretty hard if not impossible
<fpletz>
emily: iirc connman only supports a few selected interface types, not even close to the features we want
drakonis_ has quit [Ping timeout: 252 seconds]
<maurer>
fpletz: 1.) What about emily's suggestion, 2.) What we've got right now is robust for "normal" usage, and while it'd be nice to support more features more robustly, doing so by bringing up the vulnerability profile of *every* system seems like a loss
<fpletz>
gchristensen: can you check why you can't reach the dns server? does it answer to pings? is it on the same network? ip route get 10.0.0.1 should yield the route that it would take
<gchristensen>
seems we're not the target user for connman
<emily>
to be fair I only really care about the laptop user case here
<emily>
where it's miuch nicer than networkmanager
<fpletz>
maurer: I agree that it raises the vulnerability surface but for advanced network configuration we don't have any useful other option, except maybe for ifupdown from debian which doesn't have a comparable feature set without resorting to custom shell scripting either
<fpletz>
maybe we can keep scripted networking with a reduced feature set
<fpletz>
I don't want to bash the other options out there but I need networkd for some of my use cases - making networkd the default is certainly controversial and we might not do it in the end but we shouldn't break networking for advanced users either
<maurer>
emily: In any case, it's less "grr networkd, I will now quit" and more a current tendency in nixos to go for more features over saner design/fewer moving parts
<maurer>
This is just the latest instance
<emily>
shrug, nixos has always been a transitional kind of thing
<emily>
devuan otoh is a step back
<andi->
I think networkd is the better option of all the current options.. It is not great... It works well for me. Works on my laptopns, desktops, servers and it worked well on machines with 10k VLAN interfaces and plenty of VRFs.. Was the most reliable piece of the whol stack..
sir_guy_carleton has joined #nixos-chat
<fpletz>
maurer: have you even looked at our networking scripts? I fixed some of the issues or at least tried in the last few years. it's a mess. calling it a sane design is madness. sorry. :/
maurer has left #nixos-chat ["WeeChat 1.5"]
<andi->
The biggest misconception of most network configurations is that the poin that configuration is async.. even if your `ip address add ..` command finished doesn't mean it is done... Shell scripts usually run in to a lot of trouble there.
<colemickens>
fpletz: while we're on the topic, do you use NixOS to run libvirt VMs or containers, and if so, do you have some configuration.nix I could peek at?
<fpletz>
colemickens: we do, but there's nothing special in there. on servers we setup up bridges with vlans and connect the VMs on there. no declarative config with nixos though
<fpletz>
only for the network interfaces - the bridges will be teared down and brought up on network changes though and the VMs will lose their connection
<fpletz>
they have to be restarted and manually added - that's one of the problems of our scripted networking :)
<fpletz>
same goes for nixos containers that are connected to bridges
<gchristensen>
this particlar flavour of captive portal doesn't use dns, but search domains apparently
<fpletz>
wow \o/
<gchristensen>
another thing which should be long dead
<gchristensen>
...imvho
Myrl-saki has joined #nixos-chat
<fpletz>
gchristensen: so networkmanager doesn't pass the search domains to resolved?
<gchristensen>
ok, so searc domains are being passed, and that didn't fix it
Synthetica has quit [Quit: Connection closed for inactivity]
<colemickens>
emily: btw, can I ask why you like connman more? I googled it but there weren't a lot of good answers and certainly nothing recent.
<infinisil>
Aww :( "Is Hercules CI open source? Everything that you run on your systems, including the agent is open source, but the backend services are closed source. We are not planning to open source the backend services."
<simpson>
infinisil: It's okay, Hercules is for people who are paying. Cachix is free.
<infinisil>
simpson: Hercules will be free for opensource
<fpletz>
gchristensen: but is dig able to resolve when you append the search domain?
<simpson>
infinisil: So? We shouldn't put up with non-free tools just because they're affordable.
<simpson>
My point is more that, just like some companies pay for Github, some companies will pay for Hercules. It's not *for* the open community.
<simpson>
But in all seriousness, I'm not sure why I'd *ever* want Hercules if I already can have free Cachix.
<emily>
colemickens: just fairly good past experiences with it. it's pretty fast at DHCP too, compared to e.g. dhcpcd
<emily>
and means not having to deal with wpa_supplicant
<infinisil>
simpson: Not sure I get that. You just don't need CI then?
<gchristensen>
fpletz: no :(
<simpson>
infinisil: I don't need CI to build something that my laptop already built and checked.
<infinisil>
So you don't need a CI. I'm more interested in it for if I ever need one
<infinisil>
Because I'm not a big fan of hydra
<gchristensen>
fpletz: when I manually put10.0.0.1 wireless.hp.internal in my hosts file I cango through the authentication process, but even after that I'm not able to access the external internet.
<infinisil>
Admittedly I didn't look too much into hydra though, just from my experience using it
<infinisil>
Hmm I guess there is lots of cool stuff. Maybe I just got this bad impression from hydra.nixos.org being so slow and sluggyish
<fpletz>
gchristensen: can you query an external dns server like google's 8.8.8.8 when you're authenticated?
<gchristensen>
no
<simpson>
infinisil: Oh, I agree. I'm speaking as somebody who just turned *off* a Hydra for the Monte language project, because it was far too much.
<gchristensen>
fpletz: I'd also like to poke at the various open ports the machine has, but ... I hear the eu frowns upon that
<infinisil>
I see. But yeah you have a point, no need to use hydra for small things I can build on my local machines
<infinisil>
s/hydra/any CI/
<infinisil>
Especially with Nix due to reproducibility
<fpletz>
gchristensen: well, you've already used nmap which at least in germany can be qualified as a "hacker tool" :P
<fpletz>
hm, not sure how to proceed though, they might be using a weird dns server that works with the glibc resolver but not with others? :/
<gchristensen>
simpson: cachix is also not free/oss
<colemickens>
a Nix focused CI seems nice for visualization of results, but I'm not sure I understand what else Hydra adds?
<gchristensen>
fpletz: can't be, it works with the scripted network setup :)
<fpletz>
but without resolved, right?
<gchristensen>
oh I see, yeah could be
<fpletz>
you could try to disable resolved manually
<gchristensen>
eanyway, I'll just switch back ot scripted for the rest of my trip
<fpletz>
services.resolved.enable = false;
<gchristensen>
someone should come to Eden Hotel in Amsterdam when doing the nix hackday for networkd for testing
<simpson>
gchristensen: Yeah, but I bet that we could fix that. Disks aren't free, so I'm happy to let somebody else pay for my disks today.
<fpletz>
oh, amsterdam? hope you're having a good time there :)
<gchristensen>
simpson: the server code is not open
<simpson>
gchristensen: Sure. But that's not very interesting to me; the tough-to-solve problems are all client-side.
<simpson>
So I'm sure that a FLOSS version will magically show up if the community needs it.
<infinisil>
simpson: You mean like a reverse engineered thing??
<gchristensen>
ah
<gchristensen>
well a cachix-like client but pushing to S3 for example :)
<gchristensen>
fpletz: well that works!
<colemickens>
Even the client side stuff isn't that hard though. I had shell scripts doing it with Azure and it wasn't that bad at all. nix copy, nix sign-paths, diff, upload
<fpletz>
woa… what \o/
<infinisil>
That's a good point
<gchristensen>
the --watch-store part is very cool
sir_guy_carleton has quit [Ping timeout: 240 seconds]
<gchristensen>
fpletz: and dig is still broken.. haha
<colemickens>
oh, the 'cachix use' is the secret sauce IMO. and piping into `cachix push` is pretty sweet.
<fpletz>
well, their dns server is veeery broken then :/
<colemickens>
not secret sauce, but I really like the UX it adds to the whole experience of using another binary cache
<joepie91>
from what I've seen of cachix, I don't feel that any one particular part of it is really complex
<joepie91>
the value is in the coherent whole
<joepie91>
(which is also why not having an OSS server kinda impairs the use of it in OSS scenarios)
<fpletz>
they're probably also redirecting all dns traffic to their resolver
sir_guy_carleton has joined #nixos-chat
sir_guy_carleton has quit [Client Quit]
<gchristensen>
everything is awful
sir_guy_carleton has joined #nixos-chat
<joepie91>
unfortunately, the value being in the coherent whole also means that implementing an OSS equivalent for cachix would not really be less work than it would have been before cachix existed..
<fpletz>
gchristensen: what about: nslooup google.com 4.2.2.2
<joepie91>
by which the stack2nix script is excluded from the license :P
<gchristensen>
fpletz: we were seeing "systemd-resolved[946]: Using degraded feature set (TLS+EDNS0) for DNS server 10.0.0.1." <- maybe it didn't downgradefar enough?
<fpletz>
gchristensen: hm, you could try to play with some dig options like +noednsnegotiation
<gchristensen>
I've tried several, but no luck. I'd try wireshark but I'm on vacation :P
<gchristensen>
fpletz: have you used networkd + networkmanager on Thalys trains? I had similar problems there, I wonder if disabling resolved would have fixed it. also, what am I losing not using resolevd?
<joepie91>
gchristensen: oh, did you have the problem where DNS didn't work on the train
<gchristensen>
nothing worked b/c I couldn't get past the captive portal, possibly b/c broken DNS. whats up?
<joepie91>
gchristensen: I've been having this exact issue with the NS trains in NL, where only `host` still worked; using that to get the IP and then going to the IP (or some curl magic with a Host header, depending on the version of the network hardware) got me access to the captive portal, and after connecting I use an sshuttle tunnel to VPN through my home PC including DNS, which then works
<joepie91>
everything that isn't `host` will fail to resolve anything
<joepie91>
I've never quite been able to track down why this breaks
<joepie91>
(the issue does not happen on other public wifi networks, with or without captive portal, but I haven't tried the thalys one)
<joepie91>
(it also works on the RET metro, which is also an icomera system though maybe a different model from what the thalys has)
drakonis_ has joined #nixos-chat
hyperfekt has joined #nixos-chat
hyperfekt has quit [Ping timeout: 256 seconds]
jasongrossman has joined #nixos-chat
hyperfekt has joined #nixos-chat
<elvishjerricco>
Can anyone explain this escape sequence in C++ to me? "\r\e[K"
<elvishjerricco>
I know about \r, but what is the \e[K?
<elvishjerricco>
I'm seeing this in the progress bar source code in Nix.