<gchristensen>
to actually submit I had to enter a 1 in every field
andi- has quit [Ping timeout: 260 seconds]
<jared-w>
gchristensen: I had to do that for a financial aid form for college once. And then someone submitted a bug to the IT department and the head of the department just deleted the email as "not our problem"
<gchristensen>
hah
<jared-w>
The thing that sucked was it took 15 minutes to fill out the form and the error was completely unobvious. To make matters worse, every input wiped on submit... Good ol php xml soap whatever nonsense
<samueldr>
what's the over under that it's because of one of those language where truthiness means 0 is false?
<gchristensen>
hehe
ivan` has joined #nixos-chat
andi- has joined #nixos-chat
<jared-w>
> what's the over under
<{^_^}>
undefined variable 'what's' at (string):273:1
* jared-w
realizing I don't speak this dialect of English
<infinisil>
I think I might have to link zeta to this..
<infinisil>
Thanks gchristensen :)
<gchristensen>
:)
<gchristensen>
they have been very very needy, indeed, and don't seem to have ... absorbed ... much :/ I hope they will!
<infinisil>
Indeed..
<jackdk>
infinisil: that's a really good link. I like the advice in ESR's article, but I saw it years ago and went "yeah this seems like good advice". the text around it makes it hard to swallow if you're presented with it in response to your question.
<gchristensen>
it definitely stung the first time I got S.Q.'d
endformationage has quit [Quit: WeeChat 2.6]
ivan` is now known as ivan
drakonis has quit [Quit: WeeChat 2.6]
tilpner has quit [Ping timeout: 258 seconds]
tilpner_ has joined #nixos-chat
tilpner has joined #nixos-chat
tilpner_ has quit [Ping timeout: 258 seconds]
Jackneill has joined #nixos-chat
Guanin has joined #nixos-chat
veske has joined #nixos-chat
veske has quit [Quit: This computer has gone to sleep]
<{^_^}>
trofi/nix-guix-gentoo#3 (by flokli, 2 minutes ago, open): nix: gentoo-provided busybox causes ar to fail
<ar>
:(
* ar
fails
<andi->
yeah, I had fun debugging that the other day..
Synthetica has joined #nixos-chat
__monty__ has joined #nixos-chat
kenjis has joined #nixos-chat
kenjis has quit [Remote host closed the connection]
kenjis has joined #nixos-chat
tilpner_ has joined #nixos-chat
tilpner has quit [Ping timeout: 240 seconds]
tilpner_ is now known as tilpner
<eyJhb>
Anyone using fzf, who has a good way of having it match the first and best file?
<eyJhb>
Want to use it for my md wiki, so I can have a bash alias that is just "wiki wishlist", and it will open my wishlist
<flokli>
sorry ar
<flokli>
ar++
<{^_^}>
ar's karma got increased to 3
drakonis has joined #nixos-chat
<jared-w>
eyJhb: The answer is essentially that fzf has a /very/ fuzzy algorithm. You'll want a different finder with a different algorithm if you want that property
<worldofpeace>
Jan Tojnar: yessssssss, singular they 2019 all the way. that made and still makes me soo happy to read
<gchristensen>
anyone know how to type the ž with the Compose key?
<qyliss>
Compose v z
<qyliss>
(I just guessed that and it worked. I love Compose. :D)
<gchristensen>
:o thanks!
<eyJhb>
How would any of you answer the following? "23.A server node shows has a down-time of 20 hours per year. Calculate the resulting availability Pr(Server operational)"
<adisbladis>
When are we migrating NixOS to systemE ?
<savanni>
That is so shocking I have to share it with my friends.
kenjis has quit [Remote host closed the connection]
<gchristensen>
infinisil: I wonder if {^_^}'s karma should have a decay function
<gchristensen>
it feels a bit bad to me when giving karma to someone who does super good work consistently, and then {^_^} says they have ~5 karma. karma isn't worth anything, but it sort of isn't meaningless I guess
<__monty__>
Is losing karma unless you keep contributing much better though?
<gchristensen>
maybe it should just ditch numbers :P
<__monty__>
You also lose recognizing old regulars.
<gchristensen>
"«foo»'s karma goes up!"
<adisbladis>
I wonder what social effects karma has
<adisbladis>
I have a vague leaning towards not liking it, but I cant put my finger on why
<gchristensen>
it is nice to recognize people's good work
<__monty__>
I liked being able to see which people were probably knowledgeable/helpful.
<gchristensen>
you can't see that, though
<__monty__>
Yeah you can. It pops up in chat, so you slowly get to know.
<adisbladis>
gchristensen: I think it's worse in the case of discourse though
<adisbladis>
Having these "great contributor" and things
<__monty__>
Imo it shouldn't be immediately visible all the time. That'd lead to people fixating on the numbers more.
<adisbladis>
Which are not at all related to how you interact with the community in other places
<adisbladis>
Just discourse
<__monty__>
Hmm, yeah, those sound a bit generic for "regular poster."
<adisbladis>
__monty__: It also doesn't really reflect community involvement, even though it looks like it.
<__monty__>
What do you mean?
<__monty__>
I don't agree that github/irc is a more important part of the community than discourse.
<adisbladis>
__monty__: Let's say someone is contributing like crazy on github
<adisbladis>
That's not reflected in discourse
<gchristensen>
adisbladis: so true
<adisbladis>
I tend to dislike gamification
<jared-w>
I've seen karma implemented before as "karma goes up" where you could /karma $user to see the number
<__monty__>
That's why I used "regular poster," that'd make clear the badge is about discourse, not github.
<__monty__>
I like it's impossible/hard for people to check their own karma.
<gchristensen>
me too
<adisbladis>
jared-w: Karma boards...
<Irenes[m]>
Yeah if it were up to me I'd look for ways to recognize people's contributions that are based on somebody keeping track by hand and expressing it in an official way. Like a "thanks to..." section in a newsletter that goes out regularly, or something.
<Irenes[m]>
Automated voting-based recognition doesn't feel as special and it kind of encourages people to game it
<jared-w>
Particularly since it always has to be super specific. "Thanks, person!" doesn't work, "+1" doesn't work, only "$user++" does
<gchristensen>
<3 jared-w works
<{^_^}>
jared-w's karma got increased to 3
<jared-w>
oh nice
<gchristensen>
:P
<adisbladis>
gchristensen: I think I don't have a problem with {^_^} so much as discourse tbh..
Jackneill has quit [Remote host closed the connection]
<joepie91>
adisbladis: the main issue with karma, as with any popularity system, is that it rewards charisma much more than it does contribution
drakonis has joined #nixos-chat
<joepie91>
(for a very broad definition of 'charisma' - for example, on stackoverflow there's a semi-common problem where the highest-voted answer to a question is the one that's made to look the easiest by the author, even if the answer itself is totally wrong or even unsafe from a technical perspective)
<__monty__>
I'm not sure that holds up. I haven't seen people give karma just because they had a good conversation. They give karma to recognize someone's effort in helping find a solution or for an outright solution.
<joepie91>
that isn't what I'm saying, though
<joepie91>
people help other people find solutions all the time without getting karma for it
<joepie91>
what I'm saying is that whether someone gets karma for that, is determined largely by the charismatic aspect
<__monty__>
Yep, because not everyone knows about the karma system, especially the newer people who come asking for help all the time.
<__monty__>
It's mostly based on mimicry. The help-petitioners hand out karma iff they know about karma. And they learn about it by seeing someone who knows, use it.
<joepie91>
that's an entirely different aspect than what I'm talking about
<__monty__>
Is this vulnerability known to be actively exploited? It didn't seem all that straightforward when I read about it.
<gchristensen>
yes
<gchristensen>
per that link, "This vulnerability was detected in exploits in the wild."
* joepie91
hands gchristensen a ⚠️
* aanderse
looks up
<aanderse>
thanks gchristensen
drakonis has quit [Ping timeout: 268 seconds]
<gchristensen>
yep!
<__monty__>
gchristensen <3
<__monty__>
{^_^}: -.-
<gchristensen>
<3 is infix
<__monty__>
gchristensen <3 karma!
<__monty__>
Prefix then I guess?
<gchristensen>
oops wait duh prefix :|
<__monty__>
Well, that bad advice cancels out the karma : >
<gchristensen>
I earned it
drakonis has joined #nixos-chat
<jared-w>
<3 gchristensen -- karma is as karma does
<{^_^}>
gchristensen's karma got increased to 193
<ar>
> For example, maybe my worst programming habit is declaring temporary variables like i, j and k as members of each class, so that I didn’t have to declare them inside functions (which is annoying to do in flash for boring reasons). This led to some nasty and difficult to track down bugs, to say the least.
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):273:12
drakonis has quit [Ping timeout: 240 seconds]
drakonis has joined #nixos-chat
neeasade has joined #nixos-chat
<pie_[bnc]>
ar: vvvvvv ?
<ar>
i think so
<neeasade>
^^^^^^
drakonis has quit [Ping timeout: 265 seconds]
drakonis has joined #nixos-chat
<pie_[bnc]>
neeasade: ;P
<neeasade>
pie_[bnc]: : - )
<neeasade>
what's the best way to grok nix dev -- nix-pills --> configuration.nix --> start to package what you want? nix-shell is still a little weird to me -- like conceptually I get it and can spawn a shell from existing package definitions but everything feels idk
<neeasade>
'funky'
<drakonis>
no you're right it is
<drakonis>
the development path needs to improve a bit
<ldlework>
neeasade: i've been using nix for like three years now, and I still can't really figure out how to properly do Python dev, so don't ask me!
<drakonis>
python dev is not fun :|
<ldlework>
since nix has text assets which do all the things, you'd think there would just be standard derrivations for various programming environments
<ldlework>
just stick it in a directory and nix-shell and you're ready to pip install or install gems or whatever it is
<ldlework>
but alas
<drakonis>
the nix user experience
<ldlework>
i think right now it is basically "fully learn how to package arbitrary python libraries as nix packages and do this for literally all your deps -- or gtfo"
<jared-w>
watching a stream where someone's connected to zoom watching someone share their screen is like 4 levels of meta
<ldlework>
i have this issue right now, where in several of my nix-shells, when I try to pip install tensorflow, I get errors about running out of disk. But none of my temp filesystems are low on disk use and stuff.
<ldlework>
like, I have a lot of disk space
<jared-w>
You sure that's a pip thing or an inode thing? What's your file system format?
<ldlework>
so I have to do some wierd shit to get pip to point it's temp caches at my home directory, then it works
<jared-w>
nix makes an insane amount of symlinks and if your FS is something like ext4 that'll still use up inodes and can exhaust things before it actually runs out (from what I've heard)
<ldlework>
xfs for my main fs
<drakonis>
jared-w: do housekeeping on your store
<pie_[bnc]>
jared-w: re thos repos: OWO WHAT ARE THESE
<jared-w>
neeasade: didn't expect to see you in #nixos-chat tbh. All my niche weird interests are coliliding :p
<drakonis>
niche interests you say?
<ldlework>
anyway, I don't mind stumbling through this stuff but I know for a fact that there is no selling of nix to the typical organizations I've worked in
<neeasade>
jared-w: feel you on those interests -- but um have we met
<neeasade>
ldlework: 𝚋𝚊𝚎𝚜𝚙𝚠𝚖
tokudan has quit [Quit: Dunno.]
<jared-w>
Probably not. I was on the old rice irc around the 2016ish era but was using bspwm + btwIUseArch at the time
<neeasade>
jared-w: what was your nick
<jared-w>
probs thang1 at the time
<jared-w>
I do remember vaguely having a few conversations at some point but it was a while ago and they weren't that involving so :p
<neeasade>
thang sounds familiar, cool!
<jared-w>
I switched to nixos a few months ago when I found out my root partition was super messed up and corrupted yet somehow still booting, so I wiped everything and went "yolo been wanting an excuse anyways"
<neeasade>
nice nice nice
<ldlework>
rip your productivity
<neeasade>
I've been on nixos as a user for a few years, but not devving on it -- want to grok that
<jared-w>
However I couldn't afford to sit there for a few weeks/months and slowly move all my dotfiles so I went with a scrub setup of gnome
<jared-w>
ldlework: actually was completely moved over in like a few hours. Really pissed me off too
Synthetica has quit [Quit: Connection closed for inactivity]
<ldlework>
jared-w: and then you tried to run one of your python projects
<drakonis>
python is suffering
<neeasade>
rip the dream -- I migrated at a time when I had space to figure out all my rice migration as well
<neeasade>
just werked after I moved so it was nice
<jared-w>
wifi worked without issues, suspend worked perfectly, multiple monitors... Absolutely disgusting. Could no longer pretend that the dots tweaking was a productivity booster :p
tokudan has joined #nixos-chat
<neeasade>
lmaoooo
<ldlework>
drakonis: it's the same for other environments too
<neeasade>
totally feel that -- eg fedora/gnome is the highest just werked I've ever experienced
<jared-w>
*sighs* its fine, now I do it with no shame. Am I wasting my life? Meh, define "waste"
tokudan has quit [Remote host closed the connection]
<neeasade>
I just like the bspwm/emacs battle too much
<neeasade>
it's a fun way to compute : - )
<jared-w>
why install two WMs tho /s
<neeasade>
gottemmm
tokudan has joined #nixos-chat
<jared-w>
I'll switch to xmonad at some point because I just enjoy tiling way too much and it's legitimately a productivity booster for me, but I'll probably wait to build a split ergo keyboard first and see if I can 99% ditch a mouse. I'm more or less already there but web browsing is just annoyingly broken for keyboard users atm. Thx javascript I owe you /s
<drakonis>
ldlework: i have been experimenting...
<neeasade>
> web browsing is just annoyingly broken for keyboard users atm
<{^_^}>
undefined variable 'web' at (string):273:1
<jared-w>
ldlework: I'm not foolish enough to use python for anything outside the standard library. What dependency pain? :p
<neeasade>
qb is nice
<drakonis>
we got a bot
<neeasade>
except the extensions/ublock
<neeasade>
> jared-w: ldlework: I'm not foolish enough to use python for anything outside the standard library. What dependency pain? :p
<neeasade>
LOL
<{^_^}>
error: syntax error, unexpected ':', expecting ID or OR_KW or DOLLAR_CURLY or '"', at (string):273:122
<drakonis>
dont use greater than signs because it runs them on nix's repl
<neeasade>
drakonis: oh
<jared-w>
yeh, I need the ublock in my life unfortunately. And multiple tab groups are also nice
<ldlework>
jared-w: yeah it's the same for other environments too unfortunately
<neeasade>
my quote keybind adds > how can you live like this
<ldlework>
qb is nice, but slow and buggy
<jared-w>
> mfw I wanna meme text but need to put a space before the bracket so my ultra customized leet filters that makes the text green no longer works
<neeasade>
ldlework: it's nice enough for me unless I'm doing like media heavy sites
* jared-w
actually had a filter in weechat that made the text green for meme quotes
<ldlework>
drakonis: experimenting?
<drakonis>
yes
<neeasade>
jared-w: I remember when that went around
<jared-w>
Biggest tragedy of my life this last week: Discovering I lost my weechat config in the move. It was gitignored somehow and rsync respected the gitignore... sigh
<drakonis>
i've gone to the other side of the functional distro fence...
<drakonis>
its lispy over here
<neeasade>
speaking of qb/emacs -- I made them hug each other recently
<ldlework>
i rebooted my machine and my config from git was just gone, like rebooting had done a hard revert or something
<ldlework>
one of the great mysteries of my computing life
<jared-w>
that's what pisses me off about weechat sometimes. You dump your configs into text so you can keep them and then somehow you don't keep them? Like wat?
<neeasade>
the solution here is to use an emacs irc client
<infinisil>
Which will contain multi-host abstractions/options in the future
<drakonis>
ohhh that's nice.
<drakonis>
jared-w: it uses webkit for drawing on the screen
<neeasade>
infinisil: that's fucking badass
<drakonis>
its interesting.
<drakonis>
oh that's your deployment tool
<infinisil>
Yup :)
<drakonis>
100% nix in this baby huh
<infinisil>
It does have some bash but it doesn't detect it :)
<jared-w>
drakonis: yeah, webkit, the standard "we're going to be forever incompatible with every website built since 2007" web engine. The one safari made a bunch of incompatible changes to and then is going to give up in exchange for using chrome. That webkit? :p
<infinisil>
Currently I'm working on support for secrets
<drakonis>
i said only for drawing on the screen
<jared-w>
infinisil: nice! Is there a why_not_nixops.txt anywhere?
<drakonis>
it doesnt handle javascript
<neeasade>
jared-w: are they not different purposes -- that is, wouldn't nixops use this as a deployment option sort of thing
<drakonis>
its just a frontend
<infinisil>
jared-w: Nah, but the main reason is that many of the things I do there wouldn't fit onto nixops
<jared-w>
infinisil: that's fair. Is it a matter of making PRs to nixops would be too much emphasis or is it more that philosophically it's more different tools?
<drakonis>
i suppose electron frontends can exist
<gchristensen>
neeasade: finally!
<jared-w>
gchristensen: Now _that's_ what I'm talking about
<neeasade>
gchristensen: finally!
<drakonis>
jared-w: nixops is in python
<jared-w>
iirc that's the biggest single regret that was had in its rewrite. That python ended up being such a pain in the arse it practically ruined nixops
<infinisil>
jared-w: Philosophically they're different tools, especially for future features I plan to add (see notes.md)
<infinisil>
nixops works with a state database, which I don't want. The users ssh keys should be used to give/take ssh access
<jared-w>
makes sense. The state database also is something I've avoided. I get why it exists but it's also not necessarily great
<infinisil>
nixops files also have the structure { network = ...; machine1 = ...; machine2 = ...; }`, so the declaration of different machines is on the same level as other properties, which is just really bad for using it in a module
<jared-w>
and I see the bootstrapping nixos bit in there too; probably doesn't fly super well with the ideal usecases of nixops :p
<jared-w>
ah yeah that's true. Never thought of that, but I haven't done a ton with nixops yet
<gchristensen>
nixops can (and does) bootstrap NixOS on some targets, like on Hetzner bare metal hehe, but yeah...
<infinisil>
jared-w: If you have any wishes for a deployment tool, feel free to tell me about them :D
<infinisil>
I'd like nixoses to become the best deployment tool
<gchristensen>
infinisil++
<{^_^}>
infinisil's karma got increased to 180
neeasade has quit [Ping timeout: 252 seconds]
<infinisil>
Also, I'm not sure if it's alright if I use "NixOS" as part of the name
<gchristensen>
that is an important question
<drakonis>
ditch that for a name that doesnt associate it with the distro, as it can be used without it
<infinisil>
Yeah, I probably have to change that, but nixoses kind of has a nice tone to it
<infinisil>
drakonis: It can't really
<drakonis>
hm, aight
<drakonis>
i cant invoke it with just nix?
<samueldr>
as much as it disgusts people, I think it's time branding guidelines are drafted up :/
<infinisil>
drakonis: Ah yeah that you can, but you need to deploy to nixos systems
<jared-w>
samueldr: branding guidelines and codes of conduct are things people hate to need but wish they had after they need them. Better to be early to the party than late for sure :p
<drakonis>
codes of conduct are honeypots
<jared-w>
infinisil: I'll have to think about that for a bit. I'm not sure what exactly I'm really missing since I haven't needed to manage large scale or overly complex deployments to the same degree as others have yet
<infinisil>
Hm a better name for nixoses..
<infinisil>
How about "Nulti" (as in "N"ixOS, but M"ulti"ple of them)
<gchristensen>
I think the Nix ecosystem has a bit of a oversaturation of punny names
<samueldr>
definitely, using nix, nixpkgs and nixos is not mandatory
<samueldr>
(in the name)
<infinisil>
Fyi: Two other deployment tools are named krops and morph
<infinisil>
And there's nix-deploy
<jared-w>
One thing I do wanna see that would be awesome is a CLI tool or some other thing that lets me bootstrap repos with nix support. Nix shell, (some dependency management: niv, flakes, ?), etc.
<drakonis>
a unified deployment tool is pretty good
<jared-w>
so I could do my-kewl-create-nix-app dirname --haskell (or python, rust, ...)
<aanderse>
infinisil: i'm currently at 28 machines with nixops (after i cut down a few) ... might be interested in checking your tool out given it looks like corporate sponsorship
<zimbatm>
infinisil: secret management is a recuring theme
<infinisil>
zimbatm: I'm figuring that out as of now, and tbh, I have a pretty damn good prototype
<infinisil>
Right now you can do things like `config.secrets.foo.file = ./file`, and then use e.g. `services.foo.passwordFile = config.secrets.foo.file`
<jared-w>
infinisil: nice
<infinisil>
And it will automatically copy the secret to the machine, but only if it's referenced
<infinisil>
And it will restart the foo service if the secret changes
<jared-w>
what do you think about ergonomic support for some sort of magical Vault-like-tool integration?
<jared-w>
(not that I use vault personally, but tools like that do seem to make it really ergonomic for larger teams to deal with secrets vs something like git-crypt)
<infinisil>
jared-w: I haven't looked much into vault, but being able to provide secrets in different ways is a goal
<infinisil>
E.g. `config.secrets.foo.command = "pass foo"`
<aanderse>
infinisil: i'm a fan of how similar this configuration is to nixops
<jared-w>
The command would do it pretty much. Vault requires internet tho so using it with nix might be tricky
<zimbatm>
infinisil: as long as it doesn't roll back the secrets with the config
<aanderse>
it seems like migrating from one system to the other might not be a complete nightmare, at least as far as configuration files go
<aanderse>
:)
<infinisil>
jared-w: That command would be run at deploy-time outside of nix
<jared-w>
ah perfect
<infinisil>
zimbatm: Yup it won't do that
<zimbatm>
secrets is state
<zimbatm>
good :)
<infinisil>
zimbatm: Well, I'm intending rollbacks to be just a redeploy with an older config and have some git integration
<ivan>
it would be good to have a deployment tool that doesn't rely on all the machines being up, i.e. they'd have a master that has a target nixpkgs version for them and they'd autonomously upgrade
<zimbatm>
another scenario that's missing from nixops is that you often want to *also* deploy images that are attached to scaling schedulers
<qyliss>
ivan: there is one of them I thought
<zimbatm>
it a lot of cases it's nice to get ephemeral and dynamically scalable number of hosts
<qyliss>
i don't remember anything else about it though...
<ivan>
qyliss: puppet but it's for the wrong linuxes
<zimbatm>
ivan: you can do that with hydra and a channel updater script
<ivan>
zimbatm: interesting
<zimbatm>
that's for the laptop scenario
<zimbatm>
managed laptop
<zimbatm>
like friends and family
<infinisil>
zimbatm: Hm I'm not sure something like dynamically scalable hosts would be possible with a nixos based deployment tool
<qyliss>
ivan: no, a NixOS one
<infinisil>
I mean nix doesn't run at runtime
<infinisil>
Though you could make it do that
<gchristensen>
I have systems doing that now!
<infinisil>
Have some service that increases a counter when necessary, then rebuilds the nix deployment and does the thing
<gchristensen>
they're great, just annoying to do with nixos
<infinisil>
s
<infinisil>
gchristensen: What's annoying about them?
<gchristensen>
well we just don't have the tooling to make it seamless
<zimbatm>
infinisil: you can use nixos-generators to build the system images from the same configuration.nix, then push them
<infinisil>
gchristensen: What's the current workflow?
<gchristensen>
my deployment creates a static disk image that autoscaler spawns and destroys servers as needed, according to load
<zimbatm>
the auto-scaler is cloud-specific
<gchristensen>
yeah
<zimbatm>
it would be nice to have a generic auto-scaler though
* infinisil
thinks about that
<infinisil>
That might work surprisingly well with how I intend nixoses to work
<gchristensen>
it could be, but the benefit of cloud-specific ones is $0
<zimbatm>
pull vs push model
<gchristensen>
s/the/one/
<zimbatm>
NixOS is the only one that can do both
<gchristensen>
s/but/and/
<zimbatm>
infinisil: you know ansible has this "list-of-hosts" script
<infinisil>
I do not know :)
<zimbatm>
basically they have two abstractions: a list of hosts and a list of tasks
<zimbatm>
and then you map one with the other
<infinisil>
Ah I see
<infinisil>
That's nicely achievable with how nixoses works currently because of the module system :D
<infinisil>
Well you have to write a module for it, but there's nothing stopping anyone from doing that
<zimbatm>
it's very simple to build and understand
<zimbatm>
zzz time for me
<samueldr>
:/
<samueldr>
following the "what's new" links in firefox lead to 404s
<infinisil>
Maybe they want to show off their new 404 page!
<samueldr>
and don't get me started on the disaster ux of coopting the "menu" interface to show information in a button that disappears after the first click
<{^_^}>
Infinisil/nixoses#1 (by Infinisil, 42 seconds ago, open): Name change
<infinisil>
"Okumash" sounds really badass..
<gchristensen>
I wouldn't recommend absys
* infinisil
makes a note of that
<ldlework>
infinisil: I think any ultimate deployment tool has got to be able to account for external management like instrumented autoscaling. Deployment tools are very exciting until you try to use them in production and there's no way to use them to automatically scale. Like, one of k8s largest values adds is not its ability to provision, not to deploy nor schedule work, but that it can be made to do those things
<ldlework>
at scale, automatically. Programmable orchestration.
<gchristensen>
(infinisil, do you recognize the homophone?)
<ldlework>
k8s has a lot of complexity in that it itself is a distributed service with a lot of moving parts in order to achieve what it does, and when you don't need to deploy automatically at scale, k8s seems like an awful lot of complexity and its hard for small teams to understand why they should be taking it on
<gchristensen>
(indeed maybe they should not be taking it on)
<infinisil>
ldlework: Hm I see, though not everybody needs that. I'll make a not of that
<ldlework>
but once you've encountered that real need to go to production at scale you realize there's literally nothing else that can do the job in such a formalized (and hence automatable) way
<infinisil>
gchristensen: Hmm I don't, what is it?
<ldlework>
Anyway, the reason I thought about all of that is because you said you don't want a state database
<gchristensen>
abscess
<infinisil>
Ah :)
<ldlework>
And it ocurred to me that it would be probably really hard to build an actual worldclass deployment system without any state
<gchristensen>
maybe world class isn't needed here
<ldlework>
fair enough, but they said something like 'ultimate deployment tool' and my mind went directly to k8s and the ocean it tries to solve
<gchristensen>
aye
<infinisil>
The basic idea of it is that any machine can deploy and any machine can be deployed to (with permissions of course)
<infinisil>
And that doesn't seem too far away from you deploy a machine that can deploy further machines
<infinisil>
Well not far away at all actually
<infinisil>
And that one machine can be the one where all traffic flows, forwarding it to others
<ldlework>
I get very existential-cliff feelings when I think about idealized orchestration, ngl
<ldlework>
the problem space is cosmic
<gchristensen>
me too, ldlework
<gchristensen>
so easy to go from tractable problem to architectural astronaught
<infinisil>
I don't have any experience with orchestrating many machines, so I'll need some guide from others if that's one of my goals
<gchristensen>
I wouldn't make it a goal :P
<ldlework>
i would say something like, "we already have so many great deployment tools, but just one sufficient orchestrator"
<ldlework>
but a deployment tool specifically based on nix is probably enoug value add for just one more
<infinisil>
What's the main goal of an orchestrator?
<ldlework>
damn that is such a great question
* pie_[bnc]
puts a distributed systems textbook on infinisil's head
<gchristensen>
it is supposed to be *in*, pie_[bnc]
<ldlework>
infinisil: it's really hard to come up with a one-liner that i will be happy with tomorrow
<pie_[bnc]>
wtf infinisil has a job now?
<pie_[bnc]>
sigh the world is passing me by
<ldlework>
infinisil: but essentially you're at the level of provisioning one compute instance
<infinisil>
pie_[bnc]: Just a freelance thing, I can't live off that
<ldlework>
but in the real world, i need tools that can deploy horizontal layers of compute integrated in very very specific ways with a bunch of other non-compute layers
<pie_[bnc]>
ive been making a racket about this for a while "Auto-rollback if the machine can't be reached anymore, protecting against a number of configuration mistakes such as " and yet there is still no module for it in nixos :P
<pie_[bnc]>
i kno wi know i should implement it myself
<ldlework>
from routing, to storage, or networks and on and on
<infinisil>
ldlework: Hm I don't entirely know all the terminology there
<ldlework>
like what?
<infinisil>
Oh yeah routing and networks is another thing, software defined networking
<pie_[bnc]>
this sounds like a space that its hard to get a feel for without having configured several large networks yourself
<gchristensen>
yeah..
drakonis has joined #nixos-chat
<ldlework>
it's probably easier, but you guys are super smart
<gchristensen>
way true
<ldlework>
way smarter than me, so i bet you can just imagine where i had to slog
<pie_[bnc]>
i have an entire rant about how all software defined networking tools suck
<ldlework>
infinisil: compute is just any normal server
<pie_[bnc]>
and i havent even used them
<ldlework>
that you can put software on
<ldlework>
horizontal just means, there are N copies of that server
<ldlework>
all exactly the same
<pie_[bnc]>
iktf <ldlework> it's probably easier, but you guys are super smart<ldlework> way smarter than me, so i bet you can just imagine where i had to slog
<ldlework>
a layer just means a set of horizontally scaled machines that serve the same role
<gchristensen>
(and N can go from 0 to infinity over the course of a day)
<ldlework>
^
<ldlework>
over hours
<ldlework>
it can't be manually managed
* pie_[bnc]
makes a small sidenote about control theory
<infinisil>
pie_[bnc]: I thought about adding a nixos module that does this auto-rollback, but it wouldn't work very well. It couldn't check that ssh still works for example, or it's hard to define "success"
<gchristensen>
infinisil: maybe a implementation note saying the user has to implement the other half of confirming safe
<ldlework>
is 'iktf' a real acronymn
<ldlework>
hehe
<infinisil>
ldlework: Hm I see, how do multiple layers relate? Are they stacked atop each other somehow?
<ldlework>
infinisil: there's so many things
<infinisil>
Maybe database is lowest level, atop that compute instances, then frontend servers or so
<ldlework>
there are the low-level network organization
<ldlework>
like what layers can communicate with what other layers at the network level
<ldlework>
but then you have service routing
<gchristensen>
they're not stacked necessarily, layers is a bit misleading
<ldlework>
maybe they are load balanced, etc
<gchristensen>
its more like ... pools... and they're connected. heh. it is a can of worms!
<ldlework>
sure pools if you want
<gchristensen>
ldlework: what the heck have we done to ourselves
<infinisil>
Ah yeah pools sounds like a better word then
* pie_[bnc]
mumbles something about scaling programs
<pie_[bnc]>
youre running resource management...now on spacetime-separated nodes! wooo~
<pie_[bnc]>
ok maybe this is really astronaut territory
<pie_[bnc]>
(hmm...getting compute time on a mars rover?)
<pie_[bnc]>
woah i just got like a minute of lag
<infinisil>
Yup we noticed :)
<ldlework>
infinisil: layers are not bad because typically a service will be architect such that a request comes in, goes to the next layer, and then the next, a job gets sent, etc
<ldlework>
but it's not always like that, so a graph is a more flexible metaphor
<pie_[bnc]>
infinisil: just put a timer on it and have the user confirm that things still work but turning off the reset flag
<infinisil>
ldlework: I see, alright I definitely know now that I should *not* make this a goal :P
<pie_[bnc]>
dead-nix's switch
<gchristensen>
infinisil: one option is to make it a non-goal, with your goal being "orchestrator compatability"
<ldlework>
yeah that's probably the most realistic thing
<gchristensen>
like nixops is not compatible with an orchestrator due to the database
<ldlework>
i mean you could abstract nixops from an orchestrator
<infinisil>
gchristensen: Yeah that sounds good
<gchristensen>
typically when you're thinking "orchestrator" you're not thinking about "webservers 1, 2, 3, 4, 5"
<gchristensen>
you're thinking "webservers: 5"
<gchristensen>
anyway... blah I should stop, I'm tired :P
<infinisil>
One goal of this is to make it as decentralized as possible
<infinisil>
And that seems to have a bunch of nice consequences
<pie_[bnc]>
maybe look at cfengine
<pie_[bnc]>
not sure tho
<gchristensen>
oh dear
<ldlework>
Basically, I think orchestration is only possible as a service.
<infinisil>
"Deploy a model-based configuration change across 50,000 servers in 5 minutes."
<infinisil>
Hmmm scale might be a problem.. #57477
<gchristensen>
when thinking `webservers: 5` it would have to be build the websrever image once, deploy 5 times
<gchristensen>
(or 500 times)
<infinisil>
gchristensen: Ah yeah that might work without problems
<jared-w>
nixos-rebuild off of nixpkgs-master sure does reduce the desire to make miscelaneous tweaks to your config
<ldlework>
gchristensen: and likely register those machines in a load-balancer and any number of other things
<gchristensen>
yeah
<ldlework>
it may be easier to think of infinisil's tool as a provisioner
<gchristensen>
and on-host post-startup scripts like receiving credentials and fetching service discovery info
<ldlework>
actually no, i guess provision is the creation of the resource
<infinisil>
Right now I'm debating whether I should use Haskell for the implementation. It's a nice language but I'm not sure how well it integrates with Nix
<infinisil>
As in: Things like activationScripts
<gchristensen>
implementation of what?
<infinisil>
Currently it's just bash, so I can jush set deployScripts (that's what it's called) together from different modules
<infinisil>
The thing to run to deploy to machines
<infinisil>
Moving closure, secrets, activating the system, confirming it worked, unloading unneeded secrets
<ldlework>
that sounds really nice
<infinisil>
Currently it's maybe 100-200 lines of bash, and that's about the point where I'm noticing that maybe I need some state from previous phases, and some abstractions would be nice..
<ldlework>
i fear i'll never have the bandwidth and motivation to learn haskell..
<infinisil>
ldlework: What's your current go-to language?
<ldlework>
C# is a robust language with modern features a very good runtime and the best tooling of any ecosystem there is. I know it's not cool, but damn is it good.
<gchristensen>
nice
<ldlework>
And when you're on .NET you get access to the second best modern ML
<__monty__>
infinisil: Pick a language you're comfortable with and consider it a prototype. Haskell and Rust have nix parsers (and maybe more?) implemented so they sound suitable.
<infinisil>
It's less about needing to parse it, more about how Nix can declare functions in language X from different modules while allowing interactions between them
<infinisil>
With bash I can just set variables. Strings get concatted together so subsequent phases can use earlier ones. `script1 = "x=10"; script2 = "echo $x"`
<infinisil>
Haven't thought about how it would work with haskell (which is what I'd want to use)
<ldlework>
heh i wasn't recommend using C# for this, just sort of putting a word out there for C#
<infinisil>
Ah yeah, I did ask for your go-to language in general :)
<ldlework>
C# is also a door to Unity gamedev. It's also got the second best web-framework (ASP.NET Core). .NET is only one of a couple runtimes I know of that can really support idealized inversion-of-control containers. Many people have never even used Rider, but it is leagues and leagues ahead of any other full IDE experience in sophistication when it comes to understanding the target language.
<emily>
a nixpkgs search result of exciting ideological implications: nixpkgs.linuxPackages-libre.zfs
<__monty__>
infinisil: No reason you can't have haskell read env vars. Not sure that's an ideal choice either though.
<infinisil>
Yeah..
<jared-w>
gchristensen: nice micdrop on the package number :)
<jared-w>
infinisil: echo all your env vars as JSON and serialize to the environment but instead of JSON arrays use bash arrays
<jared-w>
/s ... I think?
<infinisil>
Hehe
<__monty__>
Doesn't repology count hackage? And other repos?
<infinisil>
There must be a better metric for this than an arbitrary number
<pie_[bnc]>
usecase for torrent based store? :P <infinisil> "Deploy a model-based configuration change across 50,000 servers in 5 minutes."
<pie_[bnc]>
(what could possibly go wrong)
<infinisil>
Hehe who knows
<pie_[bnc]>
i should have gotten a second qubes mug
* pie_[bnc]
usually has a cup of $drink and one of water
<samueldr>
WARNING open container detected near electronicles
<jared-w>
nah it's fine they're immutable infra what could go wrong
* jared-w
pours water on prod
<samueldr>
is your wallet immutable?
<samueldr>
DoS on your funds
<pie_[bnc]>
kek
<pie_[bnc]>
luckily my keyboard seems to have fixed itself since the last incident
drakonis has joined #nixos-chat
atlas_ has quit [Ping timeout: 246 seconds]
__monty__ has quit [Quit: leaving]
<gchristensen>
pie_[bnc]: I saw something like that recently
<pie_[bnc]>
the mug, my keyboard, or the torrent stuff
<pie_[bnc]>
sidenote idk if they still do it, but i think i read an article about facebook using bittorrent internally for deployment years ago
<gchristensen>
a distributed, peer-to-peer nix store
<pie_[bnc]>
it doesnt sound horribly difficultt [citation needed]
<gchristensen>
maybe not
<emily>
ipfs would be a decent backend, presumbaly
* gchristensen
can't find the documentation he's looking for
<jared-w>
for IPFS?
<gchristensen>
related to, yeah
<jared-w>
IPFS doesn't get along well with things that aren't content addressable, so nix would need to use the intensional store
<gchristensen>
eh, NARs are already content addressed
<jared-w>
oh that's true, forgot the publishing is a NAR
<jared-w>
been nerd sniping myself on "build systems a la carte" and thinking way too hard about nix, intensional nix (which would be equivalent to cloud haskell in their matrix), and other related things
<jared-w>
like, what it means for a package manager to blur the lines with a build system and integration vs re-implementation, etc.
<gchristensen>
:)
drakonis has quit [Ping timeout: 246 seconds]
<jared-w>
Cause like, in theory, nix (the build system) could be rewritten with Shake and you'd get intensional and extensional for free, as well as variable granularity of constructive tracing (equivalent I think to the semi recursive nix RFC thing?)
<ldlework>
man i didn't understand that at all
<jared-w>
but nix the ecosystem builds on top of the raw system by having idioms like overrides, overrideAttr, callpackage, module systems, and so on
drakonis has joined #nixos-chat
<emily>
both idioms and antipatterns :P
<gchristensen>
okay emily I can't find it, so I'm giving up on looking but just telling you what I know
<jared-w>
And reimplementing nix in shake wouldn't fix the proliferation of X2Nix problems or solving that problem better
<jared-w>
(but it would make it easier to implement/reimplement/integrate all of the X2Nix tools directly in shake? probably?)
<ldlework>
what is shake
<jared-w>
Shake is a haskell library that implements a library for creating build systems
<ldlework>
i see
<jared-w>
it's specialty is suspending scheduling with constructive traces, which allows for minimal rebuilds and dynamic dependencies
<jared-w>
at the cost of combinatorial explosion when it comes to checking whether or not something needs to be rebuilt
* ldlework
nods knowingly
<gchristensen>
emily: Hydra write to S3 at roughly 2Mb/s, and 5 files per second, and last I knew, ipfs struggles to be able to sustain that
<jared-w>
(with nix if /nix/store/bighash-firefox is a match, you don't need to check its bajillion dependencies, you can just blindly grab them. That's a property of deep constructive tracing. Checking the root guarantees the entire rest of the dependency tree)
<jared-w>
constructive tracing requires reconstructing the entire dependency tree to verify it
<jared-w>
But... constructive tracing also allows for early cutoff and deep constructive tracing doesn't. So if, say, you edit a comment in a small file somewhere deep in the dependency tree of firefox you have to rebuild the entire thing from scratch. Nix has no ability to do partial rebuilds
<jared-w>
which really sucks when its level of granularity of "thing that is built" is an entire package