gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
drakonis1 has joined #nixos-chat
drakonis has quit [Ping timeout: 245 seconds]
drakonis has joined #nixos-chat
drakonis1 has quit [Ping timeout: 252 seconds]
<infinisil> Aw man, I wrote a neat systemd service + socket I can use to view the webcam of my laptop, a la livestreaming on demand
<infinisil> It's really cool
<gchristensen> oh cool
<infinisil> But it's totally insecure..
<infinisil> The only thing I have it limited to right now is the ips that can connect
<infinisil> It's set to a 192.168.*.* IP right now, which means that if I go into some random wifi network, somebody else could just start my webcam and watch it..
<infinisil> Which I don't like!
<gchristensen> haha
<gchristensen> minor problem
<samueldr> listen to local only and ssh in to stream?
<infinisil> samueldr: Ohh, you gave me a good idea
<gchristensen> tieronezero?
drakonis1 has joined #nixos-chat
<infinisil> I have all my machines connected through openvpn
<infinisil> And I can restrict the socket to only listen on the vpn interface
<samueldr> zerotier != network security :) only a way to discover afaiui
<samueldr> (but I think when it tunnels it tunnels securely)
<gchristensen> zerotier encrypts all its traffic unless you say no
<gchristensen> :o just did a kernel compile in 5min..!
<samueldr> even locally? (maybe probably so)
<gchristensen> like if we're on the same LAN? yeah
drakonis2 has joined #nixos-chat
drakonis has quit [Ping timeout: 245 seconds]
drakonis1 has quit [Ping timeout: 257 seconds]
<infinisil> Ohh, but I can't do the vpn thing
<infinisil> Because then traffic would leave my house, go to my server in germany, and return
<infinisil> I don't mind the leaving and returning part, but I don't like unnecessary internet roundtrips
<infinisil> It should be local
* gchristensen motions seductively towards zerotier
<infinisil> I'll do the ssh thing!
<infinisil> Oh I can use unix sockets then instead of a network one
<infinisil> Neat
<gchristensen> nice
<gchristensen> I did that recently for my keyboard injection software
<infinisil> Ugh but then I need to set up some folder to put it in
<infinisil> Trying to keep things simple
<gchristensen> temp?
<infinisil> When I ssh to the machine it needs to find the file
<infinisil> Guess I'll use /run/cam/socket and tmpfiles to set up /run/cam
<infinisil> Ah no, RuntimeDirectory :)
<infinisil> Oh, can't have RuntimeDirectory for systemd socket definitions
<infinisil> Actually I think I can, trying it out..
<gchristensen> yesss nix-build my kernel is at 2min30s
<samueldr> oooh
<samueldr> any particular reason for slimming the kernel?
<gchristensen> I'm playing with some VMs, and got tired of the enormous recompiles
<gchristensen> but it is kernelBaseConfig = "allnoconfig", and the "common config" patched out
<gchristensen> I can't seem to convince nix to produce vmlinux instead of bzimage
<gchristensen> hmmm maybe I can't easily convince Nix to produce vmlinux directly?
<samueldr> I've had similar annoying problems with mobile-nixos; our manual-config.nix for the kernel (which generic ends up calling) derives kernelTarget from platform, which isn't exactly right for what I'm doing either
<gchristensen> interesting
<samueldr> I have to re-do the whole kernel building infra of it, but right now I'm using overrideAttrs on linuxManualConfig and override installTargets to include whatever I need for it to work
<gchristensen> hmmm
<elvishjerricco> Hm. TIL iOS's emergency SoS mode (press lock button five times fast) is a little less secure than lost mode ("find my iPhone"). The former drops the master key from memory, as well as the key for all files in a certain data protection class. But it doesn't drop the key for the class that is default for third party app data. Apps can easily opt in to the more secure class. But in order to let them continue running in
<elvishjerricco> the background while in SoS mode, the key for that class still needs to be in memory. Lost mode, by contrast, kills all apps, so it is able to drop that key.
pie__ has joined #nixos-chat
pie___ has quit [Ping timeout: 245 seconds]
jasongrossman has quit [Ping timeout: 246 seconds]
jasongrossman has joined #nixos-chat
<infinisil> Finally did it (almost), I now have a window that exists on all xmonad workspaces, and it starts floating (not tiled) in the right position from the start
<jasongrossman> Your dog will be delighted.
endformationage has quit [Ping timeout: 246 seconds]
lnikkila has quit [Quit: lnikkila]
<infinisil> Definitely :)
qyliss_ has joined #nixos-chat
averell- has joined #nixos-chat
Haskellfant has joined #nixos-chat
qyliss has quit [*.net *.split]
averell has quit [*.net *.split]
NinjaTrappeur has quit [*.net *.split]
cbarrett has quit [*.net *.split]
cocreature has quit [*.net *.split]
qyliss_ is now known as qyliss
Haskellfant is now known as cocreature
averell- is now known as averell
johanot has joined #nixos-chat
johanot has quit [Quit: WeeChat 2.2]
<ldlework> I made this in blender, https://i.imgur.com/Snssb87.jpg
<elvishjerricco> gchristensen: You've used Time Machine over netatalk, right? If so, did you ever get unacceptably slow transfer speeds?
<elvishjerricco> I've been tinkering with this for a while now and I'm starting to think I need to give up on it and look for a solution that was actually designed to work over the network.
<joepie91> ldlework: fancy!
cbarrett has joined #nixos-chat
<ma27> infinisil: in case you remember the discussion from last wednesday about config options in nixos modules where you referenced https://github.com/NixOS/nixpkgs/pull/56345: I personally think that in case of openssh we actually want more config options to provide strict validation. The main intention of this PR was to make it much harder to screw openssh config up as a revert with broken ssh can be quite
<{^_^}> #56345 (by Ma27, 1 week ago, open): nixos/sshd: implement support for `Match` groups
<ma27> painful.
__monty__ has joined #nixos-chat
<infinisil> ma27: Ah yeah, thanks for the input, I might start with an rfs draft today
<aanderse> infinisil: +1
<aanderse> or how does that go... infinisil++ ?
<{^_^}> infinisil's karma got increased to 59
<aanderse> there we go
<aanderse> infinisil: it will be interesting to discuss scope
<infinisil> ma27: does openssh not have any way to check the config before it runs?
<infinisil> Yeah :)
<aanderse> what pieces of software are important enough to warrant options, what software should just have a config
<infinisil> I think this will have to be on a case-by-case basis
<infinisil> In general
<aanderse> yeah, for sure, though some sort of criteria should be used as a guiding basis
<infinisil> Yeah
<aanderse> ie. whatever process your brain goes through to decide should be outlined
NinjaTrappeur has joined #nixos-chat
<gchristensen> elvishjerricco: I never did, sorry
jasongrossman has quit [Ping timeout: 252 seconds]
<aanderse> i can't seem to remember... i'm trying to run a nixos test interactively but it is in a file where there are multiple nixos tests defined, so nix-build nixos/tests/blah.nix -A driver does not work... can anyone remind me what i want to type for a specific test, say called test1
<sphalerite> Does nayone know a tool for doing unicode normalisation on filenames?
<__monty__> sphalerite: Detox? http://detox.sourceforge.net/
<sphalerite> __monty__: it doesn't look like that does unicode normalisation
<__monty__> Guess I don't know what you mean.
<MichaelRaskin> Unicode normalisation is converting valid but complicated Unicode to a more consistent valid Unicode
<MichaelRaskin> For example, should e-with-accent be a single Unicode codepoint or e+combining-accent?
jasongrossman has joined #nixos-chat
<MichaelRaskin> Hm, apparently iconv doesn't provide a cheap interface to normalisation…
<__monty__> What's the point of it though? Bypassing broken unicode implementations?
<MichaelRaskin> Well, searching in a normalised Unicode dataset is cheaper
<MichaelRaskin> And there are more or less no non-broken Unicode implementations in use anyway.
<MichaelRaskin> And having two files that have the same name represented as different UTF-8 is annoying
<__monty__> It almost sounds like unicode's not terribly well designed : >
<MichaelRaskin> It's almost as if Unicode is trying to solve a problem that is impossible to solve consistently, and tries to do it with limited resources and over long enough term that things change underneath anyway
<sphalerite> ^
<sphalerite> Unicode is pretty good considering the problem it addresses
<sphalerite> IMHO
<MichaelRaskin> Unicode is pretty bad, but there is no way resources for a better solution would be allocated. People working on it did a fantastic job personally, and did a great job on maintaining processes, it is just not enough to solve impossible problems.
<__monty__> But why is there latin small letter e with acute accent *and* combining acute accent + latin small letter e?
<MichaelRaskin> Because in the initial request it was mandatory that the top-20 encodings have 1-1 translatoin into Unicode?
<__monty__> Why do all standards have to start with "Please make sure all the crap from old standards still works, tyvm."
<MichaelRaskin> Because Unicode already had problems with adoption as it was?
<__monty__> Thanks for explaining the issue though. Another day, another bit of knowledge attained.
<MichaelRaskin> Case study: IPv6 tried to drop a bit more legacy from IPv4, observe its adoption struggles
<__monty__> It's not quite the same though, is it? IPv6 required lots of hardware changes so it's not abnormal that it'd be slower.
<MichaelRaskin> I think to the current day a lot of software still doesn't have full first-class suport for codepoint ≠ glyph in Unicode… so yes, it is not the same, probably worse
jasongrossman has quit [Ping timeout: 250 seconds]
<__monty__> : o Dream come true.
<MichaelRaskin> I am not claiming it is working perfectly
<MichaelRaskin> (Personally, I have enough of text bias that I can grab most of the stuff into text before even reading it)
<joepie91> see also: https://archivebox.io/
jasongrossman has joined #nixos-chat
<ma27> infinisil: there's `sshd -t`, but it also validates the environment (e.g. are host keys set?), so we'd probably have to patch it for our needs. As this is not a critical change, I'd leave this PR open for now and wait for your RFC %)
<__monty__> Cool projects. Anyone running something like webrecorder? How's disk space requirements?
<MichaelRaskin> I only save HTML and text rendering (which I then read in an editor), which obviously dosen't have too much of storage requirements
endformationage has joined #nixos-chat
<sphalerite> __monty__: because human language is the oldest legacy software we have ;)
<sphalerite> ok, since iconv apparently can't do it, making rsync's --iconv option unhelpful for this, does anyone know a tool that will take a directory hierarchy and run all the filenames through an arbitrary filter?
<das_j> sphalerite: can rename do this?
<sphalerite> nope, rename only does simple pattern replacement
<sphalerite> not even regex
<das_j> oh
<das_j> sounds like while read -r path; do mv; done < <(find / -type f)
<sphalerite> except handling spaces and renaming of parent directories
<das_j> oh
vikingman has joined #nixos-chat
<das_j> I'm out
<sphalerite> something something print0
<sphalerite> there might be a find option that makes it order them suitably, not sure htough
<sphalerite> otherwise, progressively increase depth >_<
drakonis has joined #nixos-chat
asymmetric has joined #nixos-chat
<MichaelRaskin> Aargh why I was too lazy to write this before
lopsided98 has quit [Quit: No Ping reply in 180 seconds.]
lopsided98 has joined #nixos-chat
lopsided98 has quit [Ping timeout: 252 seconds]
<srhb> MichaelRaskin: fwiw nix eval might clean those up a bit
<srhb> MichaelRaskin: eg. nix eval nixpkgs.hello.src.outputHash --raw
<MichaelRaskin> That nixpkgs. notation assumes having channels, though
<srhb> MichaelRaskin: It does not, it just needs nixpkgs on NIX_PATH
<srhb> (Ie. exactly the same assumption)
<MichaelRaskin> Nope
<srhb> Really? How is it different?
<MichaelRaskin> error: attribute 'nixpkgs' in selection path 'nixpkgs.hello.src.urls' not found
<MichaelRaskin> If I only have Nixpkgs in NIX_PATH I need
<MichaelRaskin> nix eval -f '<nixpkgs>' hello.src.urls
<srhb> Peculiar.
<srhb> I guess I don't understand how those two differ..
<srhb> Both yield the same thing for me.
lopsided98 has joined #nixos-chat
<MichaelRaskin> If you do have a channel, they do the same thing via different routes
<srhb> I do not.
<srhb> And this works for me too: NIX_PATH=nixpkgs=channel:nixos-18.09 nix eval nixpkgs.hello.src.urls
<srhb> I wonder where the discrepancy arises...
<MichaelRaskin> Maybe you have ~/.nix-defexpr with something sensible
<srhb> I do not.
<MichaelRaskin> Hm
<srhb> Go figure :-)
<srhb> This works too: NIX_PATH=foo=/home/sarah/src/nixpkgs nix eval foo.hello.src.urls
* srhb shrugs
<MichaelRaskin> Hm, it does work for me too (with a path change)
<MichaelRaskin> A-aah
<srhb> The only way I can make it fail is if I include the parent dir as a bare dir in NIX_PATH and don't have nixpkgs explicitly named there
<srhb> eg. NIX_PATH=foo=/home/sarah/src/nixpkgs nix eval foo.hello.src.urls
<srhb> Oops, no.
<srhb> NIX_PATH=/home/sarah/src/ nix eval -f '<nixpkgs>' hello.src.urls
<srhb> ^ That only works with -f
<MichaelRaskin> Yes, indeed that's what I have
<srhb> Ah, then it makes sense indeed :)
<MichaelRaskin> I guess the reason I usually don't care is because I have a wrapper that wraps stuff in 'with import <nixpkgs> {}; '
<srhb> Makes sense!
<srhb> Mystery solved, sanity restored. Phew :)
<srhb> I really do like that NIX_PATH entries are named in nix eval and friends though.
<MichaelRaskin> Indeed, that's nice
<MichaelRaskin> … until I want a general expresion, thich I often do want
<srhb> It's probably the one nix 2.0 style interface I regularly use.
<srhb> heh, yeah.. The wrapping in paranthesis does seem arbitrary..
<MichaelRaskin> wrapping in parenthesis is fine — something that is obviously a noop for Nix, and almost never makes sense for paths
<MichaelRaskin> But even with -f I seem to lose the scope
<srhb> Oh, how so?
<srhb> Oh, you can't refer back to it... Yeah.
<MichaelRaskin> Then I am back to using my wrapper
<srhb> I suppose so, yeah. Would be easy enough to just include it in the expression itself, but the benefit does drop off for sure.
<MichaelRaskin> Well, that's what my wrapper does! It still uses nix-instantiate, though
<srhb> Right, I just mean vs. '(with import <nixpkgs> {}; hello.src.urls)' or whatever.
<MichaelRaskin> Just _how_ deply LO have reworked their fetching in a point release??
<MichaelRaskin> nix log is nice, by the way
<MichaelRaskin> Although nix-store -l is also fine
<MichaelRaskin> I would use nix build if it actually printed the output path, at least in the no-link mode
<MichaelRaskin> (or call it -o - or whatever)
<srhb> MichaelRaskin: Yeah. I'm sure there's a bunch of open PRs with that desire :P
<MichaelRaskin> I think we don't fail at coordination _that_ badly
<MichaelRaskin> I think there is only one or two
<srhb> MichaelRaskin: OK, I guess that's fair. :-P
<{^_^}> nix#2622 (by Mic92, 8 weeks ago, open): nix build: print built derivation paths (cachix support/nix-build compatibility)
<{^_^}> nix#2423 (by ElvishJerricco, 25 weeks ago, open): nix build: Print result paths to stdout with --no-link
<MichaelRaskin> These are slightly different behaviours even!
drakonis2 has quit [Quit: WeeChat 2.3]
<drakonis> https://michael.stapelberg.ch/posts/2019-03-10-debian-winding-down/ relevant to NixOS in some aspects
<drakonis> AKA "don't copy debian"
asymmetric has quit [Ping timeout: 245 seconds]
<MichaelRaskin> «threaded mailing list». hee-hee
<drakonis> i have previously bitched about how debian handles package maintainers and i'm glad someone else has the same take
<MichaelRaskin> Getting consensus on large process changes is hard, Debian is old, ouch
<drakonis> very.
asymmetric has joined #nixos-chat
<gchristensen> oh nice to see that PR by elvishjerricco, to explain why it isn't a good idea
<MichaelRaskin> I am not sure GC race safety
<MichaelRaskin> is a universal issue
<gchristensen> it becomes universal with automatic, Nix-triggered GC based on available disk space
<tilpner> Anyone familiar with how name resolution works?
<tilpner> I have a domain that resolve with dig, but fails with curl
<tilpner> And I suspect the issue might be somewhere in nscd or nsswitch.conf
<MichaelRaskin> Do we actually have auto-GC at Nix level as a thing??
<tilpner> (But I don't have any evidence)
<MichaelRaskin> I think NixOS-level auto-GC is more of a minority feature
<gchristensen> yeah, Nix has that feature
<tilpner> The domain is ovgu.de, if you want to check for yourself
<MichaelRaskin> tilpner: I would start with looking at resolv.conf
<gchristensen> works from here tilpner
<tilpner> gchristensen: Works how? With curl?
<gchristensen> tilpner: curl, dig, firefax
<tilpner> dig and firefox work here too, but not with curl
<MichaelRaskin> So this basically can happen mid-build and free some space to prevent the build from failing?
<gchristensen> I think it can happen at any time
<MichaelRaskin> I think setting this option is not too frequent. Except on machines where one doesn't run builds manually anyway…
<gchristensen> aye
<MichaelRaskin> But yes, printing should indeed be independent of link creation
<gchristensen> right
iqubic has joined #nixos-chat
MichaelRaskin has quit [Quit: MichaelRaskin]
iqubic has quit [Remote host closed the connection]
asymmetric has quit [Ping timeout: 250 seconds]
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-chat
lopsided98 has quit [Client Quit]
lopsided98 has joined #nixos-chat
tilpner has quit [Quit: WeeChat 2.4]
pita has joined #nixos-chat
tilpner has joined #nixos-chat
__monty__ has quit [Quit: leaving]