gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
boredom101 has joined #nixos-chat
<srk> anyone running cisco switches? what's your typical configuration? :)
<gchristensen> #nixos-on-your-router is semi related
<srk> lol
<srk> pretty much
boredom101 has quit [Quit: Page closed]
<samueldr> gchristensen: a user recently linked something about that; when they lock their machine it unauthorizes any connections
* samueldr searches
<gchristensen> yeah
<samueldr> yep, that
<gchristensen> samueldr: reading about it, it seems most sensible that new USB devices be unauthorized by default, then authorized when a user logs in, but that likely requires a kernel patch :P
<samueldr> maybe something logind can handle, are there "user at console" hooke?
<samueldr> hooks*
<gchristensen> I think so, but there is a race at boot
<samueldr> hmmm, not only a race, but an issue where: how do you authorize a usb keyboard to allow login?
<gchristensen> :) also that
<gchristensen> maybe explicitly authorize devices which are not removable according to /sys/bus/usb/devices/N/removable
<infinisil> gchristensen: Argh, but I'm using autoindex on
<gchristensen> maybe you can use location pattern trickery
<infinisil> locations."/global/commands".extraConfig = ''autoindex on; add_header ...''
<gchristensen> like location/index.html => force html, otherwise ...
<infinisil> Hmm..
<infinisil> Trying that
<infinisil> *adds semicolon*
lopsided98_ is now known as lopsided98
<infinisil> gchristensen: nope, still broken..
<infinisil> ,index.html =
<{^_^}> Undefined index.html, was defined as: nope, still broken
<infinisil> !
<gchristensen> I dunno, nginx config has always been voodoo t ome
<infinisil> It totally is..
<infinisil> It's impossible to prevent..
<gchristensen> hrm
<infinisil> I *need* an index file (setting none is not possible), and this config will be public, so I can't just set it to file "boohoo-nobody-will-assign-this"
<infinisil> Well it probably is possible somehow, but requires more hackery than I'd think should be needed
<gchristensen> you could do a little php script to list it with links, at a different location
sir_guy_carleton has joined #nixos-chat
jackdk has quit [Ping timeout: 246 seconds]
<infinisil> Yeah..
<infinisil> The easiest hack around this is probably to just disallow assigning to index.html (or equivalent) in my haskell code
<infinisil> Disappointing, nginx!
<gchristensen> jwz says every screen locker but xscreensaver is broken... but xscreensaver is so full of junk
<jasongrossman> Really? He's tried them all?
<samueldr> are they ideologically broken or are they provably broken?
<samueldr> and how is "broken" defined?
<gchristensen> you asked for it
<samueldr> e.g. does logging-in in another fashion and killing $locker and getting control back broken, because IIRC jwz says it is
<samueldr> ah, so "nothing new"; I would have to re-read to remember all the details :)
<gchristensen> broken because if they fails, almost all of them fail-unsafe
<samueldr> (not saying jwz's wrong!)
<infinisil> gchristensen: This is what I ended up doing: https://github.com/Infinisil/nixbot/blob/master/module.nix#L147-L149
<samueldr> infinisil: if spaces are already verboten in assignable names, could you use that fact for the "you cannot assign this" name?
<gchristensen> nice
<samueldr> (thus no need to have a specific name for it)
<infinisil> samueldr: Oh, you're right. Technically they're not verboten, but it's just not possible to assign them
<samueldr> yeah, that kind of forbidden, forbidden by being impossible :)
* samueldr has to check
<samueldr> I think plasma now delegates locking to sddm
<samueldr> or if it doesn't it uses the exact same frameworks :/
<samueldr> hm maybe not, I see a process
Synthetica has quit [Quit: Connection closed for inactivity]
<samueldr> the argument, imho, is flawed (like I remembered) it's basically "gnome-screensaver doesn't lock, thus xscreensaver is the only one locking"
<samueldr> (though I sound critical, I do not dislike xscreensaver)
<gchristensen> as I read it the argument is gnome-screensaver fails unsafe
<mdash> yeah jwz's argument is that every other thing's lock screen is not simple enough to exclude fail-unsafe bugs
<mdash> gchristensen: what's the "full of junk" part?
<samueldr> the xscreensaver applets I guess?
<mdash> as I understand it that's orthogonal since they're in separate processes and are shared with gnome-screensaver etc
<gchristensen> for sure
<samueldr> full of junk as "full of programs I have no use for" and not "full of running things and badly written stuff"?
<gchristensen> right
<gchristensen> it is like a showcase of >100 cute opengl demos
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 244 seconds]
lassulus_ is now known as lassulus
<jasongrossman> I'm not so sure they're even cute.
<mdash> all you really need is 'bsod'
endformationage has quit [Quit: WeeChat 2.3]
pie__ has joined #nixos-chat
pie___ has quit [Ping timeout: 268 seconds]
ottidmes has quit [Ping timeout: 258 seconds]
Jackneilll has quit [Ping timeout: 246 seconds]
Jackneill has quit [Ping timeout: 246 seconds]
Jackneilll has joined #nixos-chat
Jackneill has joined #nixos-chat
sir_guy_carleton has quit [Quit: WeeChat 2.2]
<elvishjerricco> Anyone tried to get luksSuspend working for their root device?
<elvishjerricco> I saw some stuff for doing it on Arch. Didn't know if it'd be any different on NixOS
jasongrossman has quit [Ping timeout: 246 seconds]
<sphalerite> ugh jwz
jasongrossman has joined #nixos-chat
jasongrossman has quit [Client Quit]
iqubic has quit [Ping timeout: 268 seconds]
jasongrossman has joined #nixos-chat
jasongrossman has quit [Remote host closed the connection]
jasongrossman has joined #nixos-chat
hedning has joined #nixos-chat
Jackneill has quit [Quit: Leaving]
__monty__ has joined #nixos-chat
jasongrossman has quit [Ping timeout: 240 seconds]
jasongrossman has joined #nixos-chat
ottidmes has joined #nixos-chat
Guanin has joined #nixos-chat
jD91mZM2 has quit [Quit: WeeChat 2.3]
jD91mZM2 has joined #nixos-chat
Guanin has quit [Ping timeout: 272 seconds]
jD91mZM2 has quit [Quit: WeeChat 2.3]
Guanin has joined #nixos-chat
Synthetica has joined #nixos-chat
jD91mZM2 has joined #nixos-chat
<jD91mZM2> Wow, Nix just saved my scaleway ubuntu install. Was trying to do a very quick and dirty workaround by symlinking /usr/bin/python to something, but accidentally overwrite python2.7. Then dpkg wouldn't work. So I got nix's python, symlinked, and reinstalled python with apt
<jD91mZM2> s/overwrite/overwrote
<jD91mZM2> And the crazy thing is that the thing I wanted to try and work around randomly started to work after that episode.
<mdash> jD91mZM2: sounds like it's time to switch your scaleway to nixos ;-)
<jD91mZM2> mdash: Yeah that'd be nice, but there's no official NixOS image and I'm very lazy
endformationage has joined #nixos-chat
<sphalerite> jD91mZM2: ahahaha
<etu> jD91mZM2: The last part to recover from that must have felt rewarding :-)
infinisil is now known as infinisil_testus
infinisil_testus is now known as infinisil
<mdash> jD91mZM2: ivan wrote a guide
infinisil is now known as infinisil_testus
infinisil_testus is now known as infinisil
<gchristensen> elvishjerricco: interesting, didn't know luks supported that
ottidmes has quit [Ping timeout: 268 seconds]
<LnL> wait... dpkg doesn't have a upgrade hook that runs while both the source and target versions are installed :/
Guanin has quit [Ping timeout: 252 seconds]
<ivan> xscreensaver is more fail-unsafe than physlock
<samueldr> ivan: could you elaborate?
<gchristensen> does physlock work with x?
<samueldr> (not doubting, I want the deets)
<ivan> gchristensen: well I mean you can start physlock from X and it'll switch to some text-mode VT
<ivan> samueldr: hmm I see killing physlock results in the same unlocked desktop
<ivan> never mind, maybe
<ivan> xscreensaver does have the 'things may appear on top of it' problem https://github.com/xmonad/xmonad/issues/74
<{^_^}> xmonad/xmonad#74 (by feuerbach, 1 year ago, open): Notifications pop up on top of xscreensaver
<gchristensen> ivan: I have a minor bug to report
<ivan> gchristensen: the main problem with physlock is that the display doesn't go to sleep
<gchristensen> well, plus the other problem
<ivan> gchristensen: yeah I saw that too on NixOS
<ivan> then I switched to using the service and that worked
<ivan> systemctl start physlock.service
<gchristensen> well at least I can be confident nobody will be able to unlock my computer once I've started physlock :P
<ivan> hahaha
<ivan> services.physlock.enable = true;
<gchristensen> good thing emacs keeps unsaved edits :P
<gchristensen> if the screen doesn't sleep, that is a dealbreaker for me
<simpson> Yeah, 'lightweight' might be a bit of an exaggeration: https://github.com/muennich/physlock/blob/master/main.c#L187-L216
<emily> what's wrong with that?
<gchristensen> well, it is a hard loop
ottidmes has joined #nixos-chat
<simpson> To its credit, it *does* sometimes sleep().
<jD91mZM2> It's it prett optimal, if pam_authenticate asks for the password
<jD91mZM2> Then pam_authenticate surely uses a nice blocking read, which is better than a sleep, no?
<jD91mZM2> Wow I am not typing well. s/It's it prett/It is pretty/
<elvishjerricco> gchristensen: Yea, one day I want suspend to trigger both physlock and luksSuspend. Lock the VT to a script asking for the LUKS passphrase and unlock once the disk is available
<gchristensen> neat
<clever> gchristensen: oh, wow, the plex app can even "cast" to another device like netflix
<clever> gchristensen: so i can select the nas, from the website, and remote-control it
<gchristensen> oh cool
<clever> only problem that remains, is dpms
<clever> xorg shut off the hdmi output half way thru an episode, and the tv tried to turn itself off
<clever> gchristensen: running strings on the main binary, reveals mpv symbols!?
<clever> libmpv.so.1 => /nix/store/5dfv10pmc0ik7493gyjz0xcr1v0v9d4q-mpv-0.29.1/lib/libmpv.so.1 (0x00007f251f360000)
<clever> its directly linking to mpv!
<joepie91> hah
<clever> somebody finally avoided electron!!
<clever> libQt5WebEngine.so.5 => /nix/store/0nwnmbdhk5c0fz1fqkkcsk13893klasb-qtwebengine-5.9.3/lib/libQt5WebEngine.so.5 (0x00007fbdddf80000)
<gchristensen> :o
<clever> it appears to be QT web-engine based, with a real video player as a library
<gchristensen> praise be!
<joepie91> hmmm, isn't mpv GPL?
<mdash> yeah plex is pretty nice
<clever> nix-repl> plex-media-player.meta.position
<clever> "/nix/store/qgimqkw4dcza4zddkmbfhmgg6ca8inz8-nixos-19.03pre165037.eebd1a92637/nixos/pkgs/applications/video/plex-media-player/default.nix:81"
<mdash> pretty much the only thing i use my chromecast for
<mdash> i signed up for plex pass so i can stream music off my NAS while driving
<joepie91> seems you *can* use libmpv as LGPL
<clever> joepie91: the source for this thing is on github!
<joepie91> wait since when
<joepie91> okay now I'm not sure which part of Plex I'm remembering as Very Proprietary
<clever> yeah, this is a surprise to me too
<clever> it also has a pmphelper binary, that appears to do nothing
<samueldr> isn't it the *service* which is very proprietary, and without it you only get a fraction of the experience?
<clever> samueldr: i think without the service, you get absolutely nothing
<clever> samueldr: it needs a server to host the media
<samueldr> 0/1 is a fraction
<clever> previously, i was viewing all media via the browser app
<samueldr> though I meant the service as in the plex website service, though going from memory
<mdash> samueldr: nah you can get 90% of the usefulness of plex without an account or paying for anything
<clever> samueldr: i think the nixos service is also closed-source
<mdash> i used it for 5+ years that way
<clever> mdash: though the android app will only play 60 seconds of content if your cheap :P
<clever> you must either pay for the android app (in the play store) or get a plex pass, to make it play longer
<mdash> oh, yeah i did pay for the android app at one point
<mdash> but that's like $5 i think?
<clever> i think buying the android app is worse, since you dont get all of the other features of the plex pass, which ive heard is a lifetime thing
<mdash> nah it's a subscription
<clever> it may have had lifetime options in the past, which they are nice enough to not take away now
<clever> "lifetime subscription, until we decide not :P"
<mdash> This is an interesting bit of work btw: https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/
<clever> mdash: ive mainly been getting self-signed warnings, but i'm also messing around with forwarding the http port via ngingx with lets encrypt, lol
<mdash> clever: heheh
<mdash> i didn't bother with https until i made it accessible off my network
<clever> mdash: i think even if you dont forward the port, its still accessible from outside
<clever> it will just tunnel backwards down a connection the service opened
<clever> but that turn leeches bandwidth from plex servers
<clever> looks like a fairly simple json protocol
<clever> it sends a set with version&path when you connect
<mdash> yeah i'm getting these things mixed up in my head because I didn't even sign up for an account on plex.tv until I paid for plex pass
<clever> mdash: when i first fired my server up, i had to access it via 127.0.0.1 (security reasons) and it just gave non-helpfull errors when i used the LAN ip
<mdash> yeah
<clever> and it basically refused to do anything, until i signed up for a plex account, and then tied the service to my acct
<mdash> huh, you can definitely configure it for lan only use without an account though
<clever> opening the http port on the local plex instance is almost useless, it just gives an identical site to app.plex.tv
<clever> in either case, it then asks the plex servers what the LAN&public IP of all services are, and tries to contact them
<clever> they have a weird subdomain, that resolves every valid v4 ip, like 1-2-3-4.example.com
<clever> so you can trick the browser into thinking it falls under same-origin policy
<mdash> yeah the blog post i just linked describes that
<clever> and then app.plex.tv can freely access 192.168.2.15
<clever> ive reversed enginered parts of it using the chrome network console, when it had connection trouble
<mdash> the thing that persuaded me to sign up for a subscription was camera upload, i'd been using syncthing before but this has been way less hassle
* clever scratches head
<clever> pmhelper only supports 2 commands, quit, and info
<clever> and info just saves some things to cfg
<clever> mdash: ive also installed syncplay to the media center, that allows synchronized playback between multiple users
<clever> but it cant stream from plex, so i need to host the media under https as well, or just have all users download the same files
<clever> but now that i see that plex is using libmpv, and is open source ....
<clever> if i can just convince plex to open the mpv command socket, and then convince syncplay to control it ....
<clever> then should pause/play/rewind the mpv instance inside plex, to match another user
<clever> joepie91: in response to "since when", i see a abnormal amount of files in the 1st git commit, from 3 years ago, titled "initial public commit of ...", https://github.com/plexinc/plex-media-player/tree/master/src/plugins/RPI_jpeg
<clever> heh, and the files in that dir actually contain a broadcom license!
<clever> looks like hardware jpeg decode
<clever> oh, nice!
<clever> its a QT plugin for jpeg decode accel, i think
<clever> so now QT just magically does hardware decode for jpegs!
<clever> gchristensen: reading the source, i think it relies on xdg-screensaver to enable/disable dpms
<clever> despite having its own built-in screensaver (a moving plex logo)
<clever> which is in PATH ...
<clever> and it also supports dbus, so which does it use...
<clever> #elif defined(LINUX_DBUS)
<clever> #elif defined(USE_X11POWER)
<clever> ah, dbus is the default on linux
<clever> i think its using dbus to talk to the login manager to initiate shutdown
<clever> but this is my main hydra!
<clever> lol, and the dbus implementation doesnt support screensaver control, that explains things
<clever> cmakeFlags = old.cmakeFlags ++ [ "-DLINUX_X11POWER=ON" ];
<clever> with this in an override, it has now lost the ability to shutdown/reboot/suspend
<clever> and i suspect it will correctly control dpms via xdg-screensaver
jasongrossman has quit [Read error: Connection reset by peer]
hedning has quit [Quit: hedning]
jD91mZM2 has quit [Quit: WeeChat 2.3]
jD91mZM2 has joined #nixos-chat
* jD91mZM2 just went on autopilot and closed weechat instead of detaching
nokomprendo has joined #nixos-chat
jasongrossman has joined #nixos-chat
nokomprendo has quit [Quit: Leaving]
iqubic has joined #nixos-chat
__monty__ has quit [Quit: leaving]
<tilpner> jD91mZM2: /set weechat.look.confirm_quit on
meizikyn has quit [Quit: WeeChat 2.3]
Peetz0r has quit [Ping timeout: 252 seconds]
<andi-> /alias add quit /print nope nope nope <- using that since a few years ;-)
<andi-> in addition to the confirm
<andi-> also the /upgrade -yes switch is important to me..
Peetz0r has joined #nixos-chat
Guanin has joined #nixos-chat
Peetz0r has quit [Ping timeout: 268 seconds]
Peetz0r has joined #nixos-chat