gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
<gchristensen> man, these mac vms are great
<gchristensen> so easy to fix
<infinisil> gchristensen: Was that sarcastic?
<samueldr> I would bet on genuine, a couple (all?) macs of the infra now run nixos and macOS in a vm, so checkpoints, snapshots, clean slate boots
<gchristensen> no
<gchristensen> right
<infinisil> Ahh
<elvishjerricco> gchristensen: The stuff you did to achieve that is now the basis of my windows VM and soon my macOS VM.
<gchristensen> just `ssh apple-host systemctl restart run-macos-vm`
<gchristensen> oh cool!
<elvishjerricco> gchristensen: Is it possible to snapshot the volume and keep the snapshot after rolling back to the base snapshot? If macs are going down frequently, being able to reset them immediately and examine the cause later via logs and stuff sounds really nice.
<gchristensen> not directly, when you rollback a ZFS dataset, you lose any snapshots after the point you rolled back to
<jasongrossman> I have spare Macs and might be able to run some builds, if it's easy to set up.
<gchristensen> but you could probably duplicate it to another dataset and then keep it
<gchristensen> btw the Computerphile videos on group chats and signal protocol are really good
<elvishjerricco> Can't find a way to `zfs clone` a snapshot such that the original can be rolled back past it. Promoting leaves the oringal depending on the snapshot. Guess you'd have to just `zfs send | zfs recv`
<jasongrossman> " you could probably duplicate it to another dataset and then
<jasongrossman> keep it" - I do this. It takes a lot of extra space, obviously.
<jasongrossman> ^ elvishjerricco
<elvishjerricco> jasongrossman: Do you do that via `zfs send`? Or is there some native zfs thing you can do?
<jasongrossman> elvishjerricco: Yes, `zfs send`.
<jasongrossman> elvishjerricco: I have it automated, and it's simple ... BUT, come to think of it, if you were rolling back one of the datasets then that would make automation more complicated, because `zfs send/receive` needs the two datasets to have a snapshot in common to start from.
<jasongrossman> elvishjerricco: Still easy to do, just harder to automate.
<jasongrossman> elvishjerricco: I've changed my mind. Not hard to automate at all. (I was thinking of my snapshots, which are dated, because they form a backup set, which would make automation complicated, but for building things you could give them fixed names.)
jasongrossman has quit [Ping timeout: 268 seconds]
jasongrossman has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.3]
<colemickens> :( error: unsupported argument ‘sha256’ to ‘fetchTarball’, at 0x24ea608
* colemickens remembers...
<colemickens> these images don't come with a working channel either
<colemickens> I guess maybe they're built for nixops originally?
drakonis has joined #nixos-chat
<elvishjerricco> jasongrossman: For backups, I'm looking at getting proper logarithmic snapshotting, rather than the dating crap that most systems use
<elvishjerricco> i.e. the number of backups that are kept is logarithmic in the number of backups that have ever been taken.
drakonis has quit [Client Quit]
<infinisil> elvishjerricco: There's such a multiple ring strategy that works for that
<elvishjerricco> infinisil: Yea, you and I have talked about this before
<infinisil> Ah it was you then! Yeah
<elvishjerricco> infinisil: We both wished there was a simple function that didn't require a ring state to be saved though
<infinisil> Do you still have that link you sent me?
<elvishjerricco> which I believe I've found :)
<elvishjerricco> it's somewhere, but I've got a better one now :P
<elvishjerricco> infinisil: http://jekor.com/log2rotate
<elvishjerricco> This one is properly logarithmic without any state other than the generation numbers
<elvishjerricco> I'm currently working on allowing it to use bases other than 2
<elvishjerricco> But the gist of it is: The time between surviving generations is logarithmic in how old the generation is
<infinisil> What's the point in non-2 bases
<elvishjerricco> infinisil: Just to be able to change the rate that generations are deleted at
<elvishjerricco> i.e. if you want to keep more or fewer backups
<infinisil> Hold on I'll read that, but if my thinking is right you can just delete them from the back as much as you need/want to keep
<elvishjerricco> I think I misspoke... I don't think it's the time between backups that's logarithmic... math is hard :P
<infinisil> Hmm I dunno, ring buffers seem much more flexible actually
<infinisil> And can implement these bases trivially
<elvishjerricco> infinisil: My problem with it is the discrete blocks, and the fact that you must store internal state
<infinisil> Ah that might be the one I meant earlier
<elvishjerricco> simpson: Yea, isn't that the ring buffer thing?
<simpson> The data structure is called an "inigo" in general, after a quote from The Princess Bride. I have a toy implementation from years ago: https://github.com/mostawesomedude/inigo
<simpson> elvishjerricco: It's pitched as an alternative to ring buffers.
<infinisil> elvishjerricco: Do you really need to though?
<elvishjerricco> simpson: Eek, looks like that's using psuedo random numbers. Psuedo unpredictability is not desirable IMO
<elvishjerricco> infinisil: To store the internal state? I think you do
<infinisil> elvishjerricco: If we can name backups, we can give the first one a name 0, next one 1, 10, 11, 100, 101, ... The leftmost bit says in which ring it is
<simpson> elvishjerricco: It's toy code from half a decade ago. Remember the museum rule: Look, don't touch.
<infinisil> Or something like that
<elvishjerricco> ok but that's still storing the state; just cleverly :P
<infinisil> elvishjerricco: I guess, but it's all one needs, no need to make it more complex. After all you're gonna have to give your ZFS snapshots a name in the end
<infinisil> Unless I'm missing something
<elvishjerricco> infinisil: State like that is just one more thing that can be broken though. And again, I think it's good to have a proper logarithmic distribution, instead of this weird, discrete, blocked thing
<infinisil> Not sure how you could have that non-discrete
<elvishjerricco> I mean it's still discrete with log2rotate, but at a resolution of one generation, not a block length
<elvishjerricco> Though I guess the block state can be easily encoded as a single number per generation, putting it on par in terms of state management to log2rotate
<elvishjerricco> er no, you still need cursor state
<infinisil> elvishjerricco: I mean, you need to store some state somewhere
<infinisil> log2rotate can suggest you a plan, but then you need to store that plan
<iqubic> Does it work with ZFS?
<elvishjerricco> But keeping it down to literally just generation numbers makes it way harder to mess up. You do not store the plan; you just re-generate it and execute it again each time you add a generation
<iqubic> Like can I tell it to set up a cron job to work with ZFS?
<infinisil> elvishjerricco: Ah, and I guess if you fix the starting date to some day, you only need to store that
<elvishjerricco> iqubic: Yea you could. It's just a command line tool that takes a list of dates and tells you which ones you should delete to keep exponential deletion.
<elvishjerricco> infinisil: Not even. It just starts with the earliest generation. You literally store nothing except attaching each generation with its number
<infinisil> elvishjerricco: Ah, and it knows where it is by looking at the number of the previous generation
<elvishjerricco> Nope. It actually converts the numbers so the oldest generation has the highest number
* infinisil admits that he didn't look at the source code very thoroughly
<infinisil> It being in lhs doesn't make it easier :P
<iqubic> what is lhs? Is that literate haskell?
<elvishjerricco> It just starts with oldest (largest) generation, finds the neareast power of two, goes one power less than that, and treats that as the next generation to keep. Repeat. eventually it gets down to 1, which it keeps
<elvishjerricco> iqubic: Yea
<elvishjerricco> nearest power of two less than the generation number*
<iqubic> I know a fair amount of Haskell. I can look at it if you want me too.
<elvishjerricco> iqubic: I think I've almost got the change I want
<infinisil> elvishjerricco: I see, neat
<iqubic> elvishjerricco: Alright. That's fine. Just ping me if you want an extra set of eyes looking at the code.
<infinisil> I still gotta write my own backup tool as well haha
<elvishjerricco> iqubic: http://jekor.com/log2rotate More eyes are always better if you're interested :)
srk has quit [Ping timeout: 245 seconds]
jasongrossman has quit [Remote host closed the connection]
jackdk has quit [Ping timeout: 244 seconds]
endformationage has quit [Quit: WeeChat 2.3]
<colemickens> systemd-boot not supporting submenus irks me an irrational amount
<colemickens> error: syntax error, unexpected $undefined, expecting IND_STR or DOLLAR_CURLY or IND_STRING_CLOSE, at /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix:55:77
<colemickens> is this image too old to be able to update to 18.09?
<colemickens> (moved to #nixos)
ninjin has quit [Quit: WeeChat 2.2]
lopsided98 has quit [Quit: No Ping reply in 180 seconds.]
lopsided98 has joined #nixos-chat
lassulus has quit [Ping timeout: 240 seconds]
lassulus has joined #nixos-chat
ninjin has joined #nixos-chat
jD91mZM2 has quit [Quit: WeeChat 2.3]
jD91mZM2 has joined #nixos-chat
__Sander__ has joined #nixos-chat
nodyn has joined #nixos-chat
nodyn has quit [Ping timeout: 244 seconds]
<tilpner> I have a list of IP ranges I want to block, any suggestions? A script that calls iptables? Any way to do that in-config?
<tilpner> (It's https://www.cloudflare.com/ips-v4 , because someone pointed >1k domains at my server)
* srhb pines for a declarative iptables replacement
<srhb> Should be "simple" with bpf I guess..
<clever> srhb: my biggest complaint, is that the iptables rules are stored in an RCU list
<clever> srhb: every single modification to the rules, involves copying the entire rule list
<clever> so every time you run iptables, the command gets slower and slower
<clever> your supposed to use iptables-restore, to atomicly add everything at once
<clever> but, that means knowing the entire rule-list as a single string, and getting rid of anything that wants to imperatively mutate it
<tilpner> Wow, Cloudflares abuse form is atrocious
<srhb> clever: And it's been buggy more than once. Administering a k8s cluster iptables slowness actually becomes very visible :P
drakonis has joined #nixos-chat
iqubic has quit [Ping timeout: 240 seconds]
<Synthetica> Firefox HiDPI looks so good but doesn't work properly :(
<Synthetica> (Upstream issues)
drakonis has quit [Quit: WeeChat 2.3]
<andi-> clever: have you tried iptables-restore? I had a few bigger (100k+ rules) tables that were doing fine
endformationage has joined #nixos-chat
drakonis has joined #nixos-chat
__monty__ has joined #nixos-chat
<gchristensen> do y'all like fancy graphs? https://www.tweag.io/posts/2019-02-06-mapping-open-source.html "Mapping a Universe of Open Source Software" is a cool showcase of Nix's DAG
<infinisil> Damn
<__monty__> Looks like an xray of tumors.
<__monty__> Wow, nodejs and go are surprisingly tiny.
<infinisil> > length (attrNames nodePackages)
<{^_^}> 129
<emily> <__monty__> Looks like an xray of tumors.
<emily> the software looks like that up close, too
<gchristensen> LOL
<infinisil> __monty__: They probably didn't count all the dependencies but only those 129
drakonis has quit [Quit: Leaving]
<gchristensen> it looked at the .drv tree
<gchristensen> afaik
<__monty__> infinisil: Wouldn't it be the same thing for the other ecosystems though?
<infinisil> Well, I count 4248 package definitions in node-packages-v10.nix
<infinisil> But I can't access those
<infinisil> And the blob in the graph on the top right next to nodejs might just be about 129 packages
<infinisil> But then again, those haskell packages are a bit low too
<__monty__> What I don't get is the 3 versions of perl, all perl 5 and then only 1 GHC.
__Sander__ has quit [Quit: Konversation terminated!]
<cransom> gchristensen: i love fancy graphs.
<gchristensen> yay
<gchristensen> 12:54 / 1:15:18
<gchristensen> #linux #foss #opensource
<gchristensen> Building reproducible computing environments: a workshop for non-experts
<gchristensen> guh, sorry for the spam. meant to share the URL and title only.
<gchristensen> https://youtu.be/B2xzQFQ2hg0?t=4234 start talking about Nix here
<andi-> sounds interesting
<andi-> I was shown this during FOSDEM: https://github.com/nmattia/niv It also looks like an interesting approach
<gchristensen> nmattia is great
<andi-> yeah, I really liked him and got along well which is seldom for people I met the first time ^^
<gchristensen> yeah we nearly came to blows the first time we met? ;)
<andi-> not quite that bad
<gchristensen> :P
<gchristensen> I've been running r13y on my secondary laptop while I work, and I can nearly tell which package is building on my laptop based on (a) shape of the text on the terminal (b) volume of the fans
<__monty__> Is niv like git submodule but for packages in nixpkgs?
<andi-> I know that feeling... many many years ago I could judge by the speed of `tcpdump` scrolling if the network was in good shape or not... just a very rough but reliable feling
<andi-> __monty__: well more like away to manage nix expression sources in your projects
<andi-> you could potentially use it for nixpkgs by importing everything from other repositories but that would be a bit clunky IMO
<__monty__> Hmm, don't quite get it yet.
<__monty__> What's third party about the third party packages niv manages?
<__monty__> Are they third party packages that happen to have a nix expression? Does niv write nix expression for any third party package you want?
<andi-> Lets say you work on a project that builds against nixpkgs. You usually want to pin the version of that for some reason. Also there might be other things that you want to pull into your development enviroment (e.g. carnix, internal tools, …) all with a specific version
<__monty__> And nixster's basically to nixos as ubuntu is to debian?
drakonis has joined #nixos-chat
drakonis has quit [Client Quit]
<infinisil> Aw man I want declarative firefox addons :(
<infinisil> And firefox settings in general
<__monty__> Yes please.
<elvishjerricco> infinisil: Can Firefox settings be configured on the command line or anything? If there's any sort of automation available, it could probably be made a home manager service or something
<elvishjerricco> Addons are another story
<infinisil> I don't know of any way
<infinisil> I mean, you can have a user.js file or something where you can set settings
<infinisil> That could work
<infinisil> But of course, it's not actually declarative then, there's still loads of state in any case
<andi-> having to adjust every ~6 weeks with lack of a proper changelog will be no fun :/
<__monty__> andi-: With that attitude nixpkgs wouldn't happen either : >
<andi-> That is just me being a bit frustrated from the Firefox situation ;-)
<infinisil> A problem with declarative things in Nix is those rebuild times tbh
<infinisil> Nix is kinda really slow
<__monty__> Yeah, dog slow.
<infinisil> A couple days ago I wanted to open a port in the firewall, my friends sitting next to me
<infinisil> Opened Nix file, added the port, rebuilding
<infinisil> For like 1 minute
<infinisil> Until everything was done and I finally had the port open
drakonis has joined #nixos-chat
jackdk has joined #nixos-chat
lassulus_ has joined #nixos-chat
lassulus has quit [Ping timeout: 246 seconds]
lassulus_ is now known as lassulus
<disasm> IOHK posted a blog post on how we use Nix: https://iohk.io/blog/how-we-use-nix-at-iohk/
<simpson> Cool. FWIW doesn't load without JS enabled.
Synthetica has quit [Quit: Connection closed for inactivity]
endformationage has quit [Ping timeout: 250 seconds]
__monty__ has quit [Quit: leaving]
iqubic has joined #nixos-chat