gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
drakonis2 has joined #nixos-chat
drakonis1 has quit [Ping timeout: 245 seconds]
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
<elvishjerricco> Is it just always best to have every vdev in ZFS be identical? Same hardware, same configuration?
<gchristensen> no
<gchristensen> oh, vdev, probably
<gchristensen> for consistent performance
<gchristensen> log and cache vdevs being an exception
<elvishjerricco> Oh yea those use vdevs don't they
<elvishjerricco> Didn't know about spares. That's neat
<elvishjerricco> Lots of guides, like that one, are suddenly gonna be wrong about it being impossible to remove devices from a zpool when 0.8 comes out :P
<gchristensen> hehe
endformationage has joined #nixos-chat
drakonis has quit [Quit: WeeChat 2.3]
drakonis_ has joined #nixos-chat
drakonis2 has quit [Ping timeout: 258 seconds]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 246 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 268 seconds]
jasongrossman has joined #nixos-chat
endformationage has quit [Quit: WeeChat 2.4]
drakonis_ has quit [Ping timeout: 245 seconds]
drakonis_ has joined #nixos-chat
jasongrossman has quit [Ping timeout: 245 seconds]
drakonis_ has quit [Ping timeout: 250 seconds]
drakonis_ has joined #nixos-chat
Zer000 has quit [Ping timeout: 268 seconds]
jasongrossman has joined #nixos-chat
jasongrossman has quit [Ping timeout: 250 seconds]
jasongrossman has joined #nixos-chat
lejonet has quit [Ping timeout: 246 seconds]
__monty__ has joined #nixos-chat
<manveru> man svg is pretty cool :)
<gchristensen> oh?
<manveru> just building a go game with elixir liveview and generating all the svg on the fly :)
<gchristensen> omg
<manveru> even got the wood texture done with feTurbulence and some lighting
<gchristensen> nicely done :D
<__monty__> It's not playable though, where's the alphaGo integration? #notgoodenough #complainingaboutfoss : )
<manveru> :D
<manveru> that's just the svg part
<gchristensen> pretty sure N years ago I'd have throw a big ol' <table>... in to there
<manveru> i had this implemented in elm already, but it got super slow when i introduced move history and stuff :(
<jasongrossman> manveru: Beautiful.
endformationage has joined #nixos-chat
drakonis_ has quit [Ping timeout: 246 seconds]
drakonis_ has joined #nixos-chat
jasongrossman has quit [Remote host closed the connection]
pie__ has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 250 seconds]
<colemickens> gchristensen: random questions for you if you are around / have time - one do you have an example of lorri and buildRustPackage/carnix ? And when you were playing with Secure Boot, did you ever get into TPM and sealing a LUKS key or no?
<gchristensen> is there an OSS thing like btsync?
<gchristensen> colemickens: no to all of your questions :P sorry
<gchristensen> colemickens: should be fine with b.r.p. & carnix
<sphalerit> gchristensen: syncthing?
<gchristensen> ooo
<gchristensen> this + tieronezero might be something else
<colemickens> tieronezero?
<samueldr> zeroonetier
<samueldr> oops, zerotier
<gchristensen> right
<gchristensen> (ooh let's execute a name squatting attack)
<samueldr> which zerotier one is the upstream client
<colemickens> surprised I've never heard of it, or forgot if I had. looks cool, thx
<colemickens> are you using it already gchristensen ? or new to you recently?
<__monty__> I don't have the network chops to understand what it *is*. Should I learn about it?
<joepie91> zerotier is open-core, not open-source
<joepie91> at least, last I checked
<{^_^}> zerotier/ZeroTierOne#610 (by apognu, 1 year ago, closed): Is there a way to totally bypass ZeroTier's servers?
<samueldr> joepie91: all the required parts to run it are OSS, the servers are and the client is?
<joepie91> samueldr: afaik there is still a network dependency on their centralized hub, which is not open-source; plus, afaik there's no OSS management panel at all
<samueldr> though yeah, no built-in way to directly use the main servers
<joepie91> hence open-core
<sphalerite> gchristensen: not sure I understand what zerotier does beyond what tinc does. And syncthing doesn't need LAN
<joepie91> you get a severely limited experience when only using the open-source components
<joepie91> (again, from what I know, I haven't used it myself yet because of the aforementioned issues)
<samueldr> though at least it's not a service-based thing where the server parts are closed; though yeah, you're right in that the management part will be more annoying
* colemickens goes back to just worrying about learning more about WireGuard then
<gchristensen> does tinc require some systems to have a stable IP?
<gchristensen> I really don't mind having their roots do introductions
<simpson> tinc can resolve DNS names, IIRC.
<elvishjerricco> Yea my tinc network uses a domain name to point to my main server.
<sphalerite> gchristensen: yes and no. It can discover other nodes within a LAN
<sphalerite> simpson: elvishjerricco: huh, that works now?
<simpson> sphalerite: I've done it. I don't know whether it works.
<elvishjerricco> sphalerite: Yea my server's host file has `Address = elvishjerricco.io`
<elvishjerricco> and that's all I ever needed to let everything connect remotely to everything
<sphalerite> I tried that when I first started using tinc, and it didn't work… I can't remember how it failed to work though. Maybe it's been fixed by now.
<sphalerite> Which is great.
<elvishjerricco> sphalerite: Maybe you just had a dns issue
<sphalerite> nah, it was something specifically about tinc
<elvishjerricco> I turn off the chroot stuff in tinc because it broke my tinc-down script
<elvishjerricco> maybe the chroot doesn't contain the resolv file it needs?
<sphalerite> or maybe it was a nixos-- yeah
<sphalerite> #14433
<{^_^}> https://github.com/NixOS/nixpkgs/issues/14433 (by mogorman, 2 years ago, closed): running tinc via systemd does not seem to able to use dns
<__monty__> clever's toxvpn uses tox as a DHT to find nodes.
tomberek has joined #nixos-chat
<__monty__> gchristensen: Are you looking at syncthing for dropbox behavior or just some odd file transfers? magic-wormhole and croc are great for those.
* colemickens this irc room provides more technical distractions for me than any subreddit/HN post.
<gchristensen> +1
<gchristensen> __monty__: I want to sync a local directory between two laptops
<gchristensen> regularly
<gchristensen> elvishjerricco: so does elvishjerricco.io serve as an introducer?
<joepie91> colemickens: there's much less shouting here though :)
<elvishjerricco> gchristensen: git push, git pull? :P
<gchristensen> elvishjerricco: it would be a very ... not ideal ... way to do it :P
<gchristensen> merkle trees really suck unless you actually want / need / require holding on to every change
<elvishjerricco> gchristensen: I'm not sure how it works really. I *think* traffic gets routed through elvishjerricco.io, so I have `Address = 192.168.x.y`, and `Subnet = 10.x.y.z/32#2` in my desktop so that my laptop will use the local network when possible (#2 sets a priority)
<elvishjerricco> But I read that it's at least possible to have tinc do everything p2p
<joepie91> (tinc does have mesh discovery with point-to-point routing afaik)
<gchristensen> the thing is that I don't really want to maintain my VPN, heh
<joepie91> elvishjerricco: afaik the default is point-to-point
<joepie91> and mesh routing only happens when you specify as such
<elvishjerricco> gchristensen: I set mine up 8 months ago and haven't touched the nix config for it since.
<joepie91> can confirm, tinc is quite low-maintenance
<joepie91> (though I use it in a server environment)
<sphalerite> gchristensen: syncthing syncs continuously rather than punctually. I'm very happy with it, I use it mainly for syncing music to and photos from my phone
<gchristensen> sounds perfect
<elvishjerricco> actually that's not quite true. A little while ago, I switched the mode from Router to Switch so I could experiment with avahi services over tinc... That ended up being a bad idea :P
<__monty__> I use avahi over toxvpn with some nginx proxying.
<gchristensen> your hired!
<gchristensen> you're hired!
<colemickens> Why tinc over wireguard?
<joepie91> wireguard isn't meshed/P2P, is it?
tomberek has quit [Ping timeout: 256 seconds]
<colemickens> ah, I don't think it's meshy ( by itself?)
<joepie91> right
<gchristensen> a fun thing to do is use openvpn in tcp mode
<clever> gchristensen: that will ruin your latency!
<gchristensen> =)
<sphalerite> does anyone know a magical way to find an initramfs in an OS image? There isn't any particular obfuscation applied or anything, but I don't know how to actually find it…
<sphalerite> OS image = SD card image
<clever> lrwxrwxrwx 1 root root 57 Dec 31 1969 /nix/var/nix/profiles/system/initrd -> /nix/store/hni3n8vx1z27p8ps61fzf6pnpmx2hbwf-initrd/initrd
<clever> sphalerite: youll want to follow this symlink
<sphalerite> specifically, any of the SD card images from https://drive.google.com/drive/folders/1gaLKSlIHvqhJ5cASTFGSjJ9XvtgosZFQ
<sphalerite> clever: not nixos
<sphalerite> actually, not sure if the buildroot one has what I want. I should have a look at the buildroot one though.
<clever> sphalerite: then youll want to look at the bootloader config
<samueldr> sphalerite: binwalk is amazing at finding things
<sphalerite> clever: the bootloader (u-boot) config is pretty much just the command bootrk
<clever> sphalerite: pygrub is a python implementation of the grub config parser, so you can boot grub things in xen
<sphalerite> clever: no GRUB.
<clever> sphalerite: then there should be some files in /boot/ at the default names for u-boot i believe
<samueldr> sphalerite: might be no initrd proper. might be kernel at 0x8000 up to 0x40000 where the rootfs starts
<sphalerite> samueldr: hm, maybe I should give that another shot. I didn't find anything useful with it last time, but maybe I didn't look at the output right.
<samueldr> (as 512bytes sectors)
<samueldr> so maybe the initrd is the kind that's appended to the kernel
<sphalerite> samueldr: hmm, but then overwriting the kernel with my own wouldn't have worked, would it?
<samueldr> maybe it's doing it without initrd?
<sphalerite> no
<clever> sphalerite: you can specially compile the kernel to include the initrd in the kernel blob
<samueldr> sphalerite: what's the u-boot env like?
<sphalerite> samueldr: it fscks the filesystem and stuff first
<samueldr> (use printenv)
<samueldr> sphalerite: bootrk seems to be using the android bootimage format
<samueldr> unless there is a boot.scr thing that overrides the environment
<sphalerite> ooooh binwalk found me something interesting
<samueldr> sphalerite: which image exactly?
<samueldr> I want to follow at home :)
<samueldr> won't be able to boot it though obv.
<sphalerite> I'm not actually sure which one it was :/ I think lubuntu
<sphalerite> yes
<sphalerite> lubuntu
<sphalerite> yaaaay it does seem to be the initramfs
<samueldr> sd-ubuntu I presume?
<samueldr> sd-lubuntu*
<sphalerite> rk3399-sd-lubuntu-desktop-xenial-4.4-armhf-20181219.img
<sphalerite> ok what seems to be the initramfs is at the offset 0x4000008
<sphalerite> which seems to be... almost round :p
<samueldr> bet the preceding 8 bytes are a header?
<sphalerite> hmm the first 4 of the preceding 8 bytes are KRNL
<sphalerite> which are also in the header of the actual kernel
<sphalerite> iiiinteresting.
<sphalerite> oddly, I can't find any mention of KRNL in this u-boot's source
<clever> it may be in hex
<clever> [ 0x11, 0x22, 0x33, 0x44 ]
<clever> magic numbers are often treated like that
<clever> you can also check the linux source
<sphalerite> nah, doesn't seem to be there in hex either
<sphalerite> nor in linux
<samueldr> offset 0x20000 at 512 bytes per offset; seems to match with something I found about a "rkunpack" tool
<samueldr> sorry
<samueldr> missed a bit
<samueldr> 0x20000 - 0x8000 = 0x18000
<samueldr> (still waiting on the download to finish)
<sphalerite> hmm, if I try to replace the initramfs with my own the kernel just panics though…
<sphalerite> being unable to mount the root filesystem
<sphalerite> it just doesn't seem to find the initramfs
Zer000 has joined #nixos-chat
drakonis1 has joined #nixos-chat
<gchristensen> $ time nix-instantiate ./default.nix
<gchristensen> user1m30.207s
<gchristensen> a favorite thing of Packet is each hostautomatically has <shortuuid>.packethost.net point to it, and then you can get LetsEncrypt
<Ralith> that is neat
<joepie91> OVH also does this, no?
<joepie91> with numbers though
<gchristensen> I guess it isn't unique or special
<gchristensen> but it is *such* a nice thing to have
<joepie91> well, dunno, I can only think of a few providers that maybe do it
<joepie91> so it's fairly unique I think :)
<joepie91> just not strictly unique!
<joepie91> and yeah, I agree, it's handy
<joepie91> another example of an unexpectedly handy feature (also from OVH) is the ability to pay for server renewal without being logged in
<gchristensen> AWS does it too
<joepie91> by providing aforementioned auto-generated hostname to the billing panel
<joepie91> which will then show you the invoice, minus any PII
<joepie91> and let you pay for it
<gchristensen> nice
<joepie91> very
<joepie91> I wish more providers did that
<joepie91> it makes things like "oh crap I'm on the go and don't have access to my paypal here, can you pay this one for me real quick" much easier
<Ralith> I had to ditch ovh due to garbage ipv6 support
ninjin has quit [Ping timeout: 256 seconds]
<clever> joepie91: there was an "exploit" against a cell-provider that is similar to what you just described
<clever> joepie91: basically, you can pay for somebodies cellphone bill if you know their phone#
<clever> and once you have paid for the bill, you can convince the provider its your account, because you have proof of paying the bill
<clever> (facepalm)
<gchristensen> ...
<joepie91> heh
<joepie91> clever: right, for OVH this is by design, and that won't let you claim an account
<joepie91> :p
<joepie91> somehow it does not surprise me that it's a cell provider fucking this up...
<clever> there is an entirely different cell-provider case i have heard of
<clever> where a malicious party was calling up the provider, claiming that they lost the phone and need to bind a new SIM to the acct
<clever> but they failed the security questions, and where rejected repeatedly
<clever> so, they went to the online support portal, which then happoly "fixed" the problem for them
<clever> they then did a password reset against gmail, with sms verification
<clever> password reset to dns register with email verication
<clever> and transfered the whole domain!
ekleog has quit [Quit: back soon]
ekleog has joined #nixos-chat
das_j has quit [Remote host closed the connection]
das_j has joined #nixos-chat
__monty__ has quit [Quit: leaving]
jackdk has joined #nixos-chat
pie__ has quit [Ping timeout: 258 seconds]
jasongrossman has joined #nixos-chat