<ashkitten>
everything works and nothing is broken
<ashkitten>
we're all immune to bullets and it's a miracle
<Irenes[m]>
lovesegfault: I believe the way to boot a custom image that you prepared locally is to upload it to GCS first and then tell GCE to use it as the snapshot
<Irenes[m]>
I don't think .iso is the appropriate format, I think it's something else
<infinisil>
gchristensen: I see you explicitly mentioned that the steps there are executed independently. But wouldn't it make sense that if the deploy-prepare fails for one machine, none of them should even start the activation script?
<lovesegfault>
WHY DOES NOTHING I TRY WORK
<lovesegfault>
GRRRRR
<infinisil>
cole-h: Noted! Hearing it now I like that a lot too :)
<gchristensen>
infinisil: a *really* good question -- could you write that up as a question on that issue?
<gchristensen>
lovesegfault: lucky timing and then a client happened to need it :P
<infinisil>
Will do
<gchristensen>
thank you!
<infinisil>
gchristensen: This also very much reminds me of 2-commit schemes
<lovesegfault>
Have any of you tried to gen a gce image with Nix?
<lovesegfault>
it's horrible
<colemickens>
What is so horrible?
<lovesegfault>
colemickens: I can't do it
<lovesegfault>
it doesn't work
<infinisil>
gchristensen: In an ideal world I'm also thinking that machines should probably be allowed to be dependent on each other. E.g. you could say "This machine needs to start before the other one"
<lovesegfault>
c.f. the gist I posted above
<infinisil>
Like inter-machine systemd dependencies
<infinisil>
waleee-cl: Ah just a template thing, substituteAll replaces @FOO@ with the contents of the environment variable FOO
<colemickens>
afaik, the Google Compute image module doesn't affect the regular disk paritioning that make-disk-image makes. My image built and I am just including the google-compute-image.nix file.
<infinisil>
(substituteAll is called on the script before it's actually used)
<infinisil>
It's really easy to use: Assign `secrets.foo.file = ./path/to/secret`, then you can use e.g. `services.foo.passwordFile = config.secrets.foo.file`
<infinisil>
The secret never touches the store, yet things get properly tracked in nix (via a hash of the secret)
<infinisil>
E.g. if you change the contents of path/to/secret and rebuild, it will recopy the secret over
<infinisil>
Also: If you don't reference a secret anywhere in the config, it won't be copied over at all
<infinisil>
Some magic was needed to make that happen, but I think it works really well
<infinisil>
(currently secrets are stored on persistent storage, but that could be changed)
<ashkitten>
infinisil: ooooo
<ashkitten>
*saves that to look at later*
<infinisil>
Actually, I should double check that it actually never touches the store, hold on..
<lovesegfault>
and nix is like OH GOD RECURSION XINFINITY OH NOOOOOOO EXPLOSION SOUNDS
<ashkitten>
infinisil: where do you keep your git repo?
<infinisil>
lovesegfault: That's a classic case of imports depending on pkgs
<lovesegfault>
infinisil: is that a bad thing?
<infinisil>
infinite recursion comes from pkgs needing to know all overlays -> overlays can be defined in all imports -> to know all imports it needs to know pkgs
<infinisil>
(among other reasons)
<ashkitten>
infinisil: also, how is assinging to `secrets.foo.file` different than just using the assigned value directly?
<infinisil>
ashkitten: That's what allows the magic to work. Because with some nixos module system tricks you can make those *not* the same
<infinisil>
ashkitten: Assigning `secrets.foo.file = ./secret` and using that directly would import the secret into the store
<infinisil>
I mean
<infinisil>
Using ./secret directly would import it into the store
<ashkitten>
oh i see
<infinisil>
lovesegfault: In your case it's pretty easy: Add `modulesPath` to the argument list at the top, then use `(modulesPath + "/virtuali...`
<lovesegfault>
O.o
<ashkitten>
infinisil: how does this interact with remote deploys? does `services.foo.passwordFile` get set to the original path of the secret, or is it copied somewhere?
<infinisil>
ashkitten: Hehe, so here's the magic: config.secrets.foo.file actually refers to a /nix/store path, that *symlinks* to /var/secrets/foo
<infinisil>
So a pure /nix/store path symlinks to a path outside the store
<infinisil>
The other parts of the module then ensures that this path actually exists at runtime
<infinisil>
By coping the secret over with scp
<infinisil>
s/scp/rsync
<ashkitten>
i see...
<ashkitten>
very cool
<ashkitten>
might have to steal that ;p
<infinisil>
So the secret file is really accessed during the deployment
<infinisil>
Though I also experimented with creating a "secret archive": A single file where all secrets are copied into, which can then be used to deploy at a later time
<ashkitten>
right, this is very cool
<infinisil>
:D
<ashkitten>
i see you have nixpkgs as a submodule as well... i might have to do that
<ashkitten>
currently my nixpkgs is separate from nixos-config, and managed via channels
<infinisil>
It is very convenient to just be able to change nixpkgs directly when you need it, e.g. for cherry-picking or experimenting
<ashkitten>
i do have my own nixpkgs fork for that, but it's using the channels mechanism
<infinisil>
Ah I see
<ashkitten>
how would you suggest i use your nixoses repo?
<infinisil>
Well it is very WIP, so probably not at all :P
<infinisil>
ashkitten: One really cool thing about nixoses imo is that there's no special tool you need to install. All you need is a Nix file and `nix-build` that, which outputs a binary you can run to deploy
<ashkitten>
huh
<cole-h>
Binary-binary, or "binary" binary?
<infinisil>
"binary" binary :), Just a bash script
<infinisil>
So the actual command to deploy as of now is really just `$(nix-build)`
<ashkitten>
infinisil: can you have it deploy to a specific host or do you need multiple derivations importing nixoses?
<infinisil>
Not sure what you mean by that
<ashkitten>
so my current workflow is: make changes to devices/foo/default.nix; nixos-rebuild switch -I nixos-config=./devices/foo --target-host root@foo
<ashkitten>
how does that look with nixoses?
<infinisil>
ashkitten: Define a default.nix that says host root@foo has configuration ./devices/foo, nix-build that, the call the resulting script (`$(nix-build)` in a single step)
<infinisil>
Oh also you'll need to define what nixpkgs that machine should use (could be <nixpkgs> or any other pinned version as I did in the example I linked)
<ashkitten>
right, okay. so should i have something like foo.nix since i have multiple devices i want to be able to deploy?
<infinisil>
ashkitten: Ah no, nixoses is made for multiple machines (this is why I called it nixos*es* in the first place :))
<infinisil>
So you can define any number of machines in that single default.nix file
<ashkitten>
okay
<infinisil>
Like how nixops does it
<ashkitten>
can you choose just one to deploy?
<ashkitten>
i don't know much about nixops heh
<infinisil>
Yes and no!
<infinisil>
No because there's no functionality for that
<infinisil>
But Yes because you can customize nix-build's very easily
<ashkitten>
really i just want a thing that lets me manage secrets like you've said nixoses lets you
drakonis has quit [Ping timeout: 256 seconds]
<ashkitten>
also the auto rollback functionality looks a lot better than the systemd timer i'm currently using
<infinisil>
E.g. define the default.nix to have `{ machine ? null }` in the beginning, which disables/enables deployments of machines. Then you can call `nix-build --argstr machine foo`
<lovesegfault>
I think the problem is gcloud tried to use it's own key?
<cole-h>
idek where I added my SSH key in here
<cole-h>
Ah, in Metadata
<lovesegfault>
omg
<lovesegfault>
I know what I am doing wrong
<lovesegfault>
UGH
<lovesegfault>
cole-h: remember I forgot to add my user to a system description?
<lovesegfault>
I copied that one to write this one
* lovesegfault
jumps out of window
<cole-h>
lool
drakonis has joined #nixos-chat
<lovesegfault>
cole-h: YES
<lovesegfault>
YEEEEESSSSSS
<lovesegfault>
IT WORKS
<cole-h>
Blog post #2?
drakonis has quit [Ping timeout: 240 seconds]
<lovesegfault>
:P
<ashkitten>
nixos sure makes you feel good about spending massive amounts of effort on slightly improved workflow and future-proofing... not sure if that's good or bad
drakonis has joined #nixos-chat
<cole-h>
Yes
<lovesegfault>
ok
<lovesegfault>
now I can learn how to set up znc
<cole-h>
Blog post #3?
<lovesegfault>
I'm deciding on whether I want ZNC or weechat relay
<lovesegfault>
I think I want ZNC so I can connect from my phone
<lovesegfault>
but I can't find adisbladis's example ZNC setup
* emily
doesn't understand why everyone wants a weird pragma rather than just a different back-compat operator...
<emily>
lovesegfault: did you actually add a record to irc.? you need to add records for every subdomain individually, or else add a wildcard
<gchristensen>
emily: Haskell probably
<emily>
especially because imo having it mangle strings with newlines in by default would be really confusing
<emily>
that could easily break stuff, feels like it should definitely be another operator rather than just a magic behaviour of antiquotation
<__monty__>
Magic?
neeasade has joined #nixos-chat
<eyJhb>
Anyone knows a place where rserpool is used?
abathur has joined #nixos-chat
abathur has quit [Ping timeout: 240 seconds]
abathur has joined #nixos-chat
<emily>
__monty__: automatically replacing all \ns with \n[spaces] because you included a variable in a certain position in a string is really weird and can definitely break things
abathur has quit [Ping timeout: 258 seconds]
waleee-cl has quit [Quit: Connection closed for inactivity]
abathur has joined #nixos-chat
AluisioASG has joined #nixos-chat
cole-h has joined #nixos-chat
rardiol has joined #nixos-chat
<averell>
anyone know why we put nginx state in /var/spool/ ?
waleee-cl has joined #nixos-chat
endformationage has joined #nixos-chat
<makefu>
just an nginx thing. there is also /var/spool/log for some reason
<lovesegfault>
emily: I fixed it, I think
claudiii has joined #nixos-chat
<lovesegfault>
adisbladis: did you manage to get SASL on zmq working?
<adisbladis>
lovesegfault: No, I never tried.
abathur has quit [Ping timeout: 260 seconds]
drakonis has joined #nixos-chat
drakonis has quit [Ping timeout: 256 seconds]
<Taneb>
How on-topic is debugging outloud why a game in steam isn't running for me
drakonis has joined #nixos-chat
<adisbladis>
Taneb: This is -chat, where on topic is off topic & off topic is on topic
<adisbladis>
=)
<Taneb>
adisbladis: so, asking about topics is off topic and hence on topic
drakonis has quit [Ping timeout: 256 seconds]
<gchristensen>
lol
<__monty__>
If it's not a flame war it's off-topic.
<gchristensen>
flame wars are off topic too
<adisbladis>
Taneb: I guess a more actionable answer is, as long as you're nice anything goes.
<adisbladis>
(Sometimes discussions here move to #nixos or -dev)
<samueldr>
the main thing to remember is that this channel shouldn't become #nixos-2 or #nixos-dev-2 where fewer people are involved in answering actual questions
<samueldr>
or discussing actual issues
<gchristensen>
samueldr: it reached 18C here, today!
<samueldr>
it's been snowing since ~noon here
Jackneill has quit [Remote host closed the connection]
<__monty__>
In the shadow?
<gchristensen>
samueldr: I could stand to have some more snow tbh, we are almost out.
<samueldr>
about -6°C though it's warming during the night and will become snow/sleet/freezing rain and all the above
* adisbladis
has had enough snow for a few lifetimes already
<samueldr>
I can't wait until it melts enough that cycling as a transportation means is not a suicidal endeavour
<gchristensen>
that gets gross
<__monty__>
adisbladis: You're not one of those californians that has seen one day of snowflakes and come to that conclusion, are you?
<cole-h>
lovesegfault: btw looks like you fixed irc. -- can ping it now
<adisbladis>
__monty__: I'm from sweden
<cole-h>
61ms +/- :D
<samueldr>
does the wather get sweady (sweaty) in sweden?
<samueldr>
(I asked it only for the pun)
<__monty__>
Ah, then you're snow views are probably pretty credible : )
* colemickens
has been brainstorming conferencing / hangout-from-home type solutions
<adisbladis>
__monty__: And my relatives are from the northern part of the country. Used to spend my winters up there as a kid.
<samueldr>
uphill both ways in the snow?
<adisbladis>
__monty__: I absolutely hate the cold.
<adisbladis>
samueldr: :D
drakonis has joined #nixos-chat
<lovesegfault>
colemickens: yep :)
<lovesegfault>
I just need to figure out SASL now
<__monty__>
lovesegfault: What's SASL over zmq?
<__monty__>
Did you mean ZNC?
<lovesegfault>
__monty__: znc, yes :)
<lovesegfault>
got zmq issues on my mind
<__monty__>
I've been having some SASL trouble myself. Anyone run into an irc server not recognizing a client certificate?
<adisbladis>
Oh :)
<adisbladis>
SASL over ZNC was easy!
<adisbladis>
I thought you really meant ZMQ
<adisbladis>
I did think there for a second I never talked about zmq with you ^_^
<adisbladis>
lovesegfault: I just followed the wiki example
<__monty__>
lovesegfault: What SASL method were you trying to use? Plain, external?
<lovesegfault>
adisbladis: lol
<lovesegfault>
thanks __monty__ for helping me clarify
<gchristensen>
adisbladis: let's move nixops to pijul :)
<adisbladis>
Production Ready (tm)
<drakonis>
quick, someone convince drew devault to offer pijul on srht
<drakonis>
he says nixpkgs is the largest repository? did he not try linux?
<drakonis>
linux is significantly larger
abathur has quit [Ping timeout: 256 seconds]
<sphalerite>
drakonis: depends.
<sphalerite>
drakonis: nixpkgs has significantly more commits, around 900k while linux has about 200k
<gchristensen>
I think you have that reversed
<adisbladis>
sphalerite: Huh, you mean the other way around
<sphalerite>
err
<sphalerite>
yeah never mind me lol
<samueldr>
that robot ry*n-tm will need to work harder
<adisbladis>
Lazy bots..
<sphalerite>
meeeh it seems like the error might not have been due to the SATA cable after all…
<sphalerite>
but if the controller is at fault, maybe I have an excuse to buy a kobol NAS?
<samueldr>
the early order discount is ending soon!
<adisbladis>
Must not buy more things....
<waleee-cl>
nice to see that pijul developement hadn't faded away
<adisbladis>
Must resist urge
<sphalerite>
samueldr: well, it's $10… not the world
<gchristensen>
waleee-cl: afaik they have actual users using it for Very Real Things, it just happens to be they're not using it for managing lines of software code
<samueldr>
they also are bundling in two type-c cables (type-c -> hdmi, and type-c to usb 3.0) in orders made before the 15th
<samueldr>
sphalerite: but 10 freedom dollars!
<samueldr>
that's like 13.50$ canuckbucks!
<sphalerite>
lol canuckbucks
<sphalerite>
€8.75
<sphalerite>
thing is, I'd save a lot more by not buying it at all
<samueldr>
also likely to save the headache of early adopting it
<samueldr>
but think about all the fun you'd be losing on!
<adisbladis>
This ^
<adisbladis>
I'm not too keen on aarch64 hardware because of this
<gchristensen>
don't like fun?
<samueldr>
(tbf, the fact they bundle a known good type-c to usb 3 cable is worth its weight in gold)
<adisbladis>
gchristensen: I need to pick my battles.
<samueldr>
(it's **hard** to find known good cables)
<gchristensen>
:P
<sphalerite>
rk3399 is a fairly safe bet though
<samueldr>
yeah
<sphalerite>
and it has an rtc clock unlike the nanopi!
<samueldr>
they were supposed to use rk3399k, but turns our they won't
<samueldr>
and just use rk3399
<sphalerite>
That's another little annoyance I'll be spared
<samueldr>
rk3399 is well-supported by mainline u-boot, and the "fancy features" in the listing are all mainline u-boot features
<sphalerite>
err rtc battery*
<sphalerite>
oh and with the SPI flash I can boot it without an SD card
<sphalerite>
and maybe it'll even be able to reboot!
<samueldr>
mainline rk3399 pinebook pro reboots, so maybe!
<sphalerite>
poo, the errors are still occurring
<sphalerite>
so either I have 2 bad cables, 2 bad SSDs, or a bad controller
<drakonis>
is there any particular reason to why all shells have a new line on the PS1?
<samueldr>
I never noticed, my PS1 also has a leading newline since so far back
<adisbladis>
Huh
<adisbladis>
Never noticed that.
<drakonis>
wow...
<LnL>
lol
<drakonis>
its weird that nobody noticed it until i pointed it out
<samueldr>
in my case it's because it's my preference already I suppose :)
<adisbladis>
drakonis: I rarely drop into a nix-shell like that. I mostly drop a .envrc with `use nix` at the root of every project
<drakonis>
its not unique to nix-shell
<__monty__>
Heh, change blindness maybe?
<drakonis>
its on bash
<drakonis>
any shell that reads PS1
* adisbladis
is not using bash :)
<drakonis>
well, does your shell read PS1?
<adisbladis>
Nope
<samueldr>
bash on nixos, I suppose
<sphalerite>
samueldr: hmm, I could get a new SATA hat for my nanopi for $25. Or I could get an intel motherboard+cpu+ram to replace the whole thing for approx €125. Both are a fair bit cheaper than the kobol NAS…
<drakonis>
hmm, well, i suppose that's why you can't notice it
<sphalerite>
drakonis: PS1 is a shell variable, not an environment variable
<drakonis>
hm, i see.
<samueldr>
sphalerite: sure :) I'm mostly joking when pushing you
<samueldr>
though it sure looks good
<sphalerite>
samueldr: it doooooes
<sphalerite>
samueldr: my heart wants it but my brain says I probably shouldn't.
<samueldr>
lungs, liver, spleen, stomach?
<__monty__>
Well that's no fair, an arm nas with more computing power than any of my machines >.<
<gchristensen>
__monty__: what country are you in?
<sphalerite>
__monty__: are you sure?
<samueldr>
I think __monty__ said pentium M
<__monty__>
Well, let a man be dramatic about hardware, sheesh ; p
<adisbladis>
sphalerite: Buy my old nas :P
<__monty__>
My desktop's a nehalem. That's probably more powerful but still.
<gchristensen>
nice
<drakonis>
a nehalem...
<drakonis>
aint that nearly a decade old now?
<__monty__>
Exactly, yes.
<samueldr>
over
<drakonis>
11 soon to be 12 years old now
<drakonis>
yowza
abathur has joined #nixos-chat
<adisbladis>
__monty__: Only a few more years and it can drive a light motorbike
<drakonis>
soon it'll be old enough to drink and drive
<__monty__>
adisbladis: Might splurge on an ssd by then.
<samueldr>
no one should drink and drive
<thefloweringash>
It’s times like these I wish I could find my old Intel arm board
<gchristensen>
wow
<drakonis>
not that anyone should ever do that
<drakonis>
__monty__: are you sure the ssd wont be bottlenecked by the cpu :V?
<samueldr>
XScale, whew
<thefloweringash>
It was even a nas appliance
abathur has quit [Ping timeout: 240 seconds]
<samueldr>
almost sounds like a thread
<samueldr>
threat*
<samueldr>
XScale was used in a couple Windows CE devices IIRC
mrCyborg has joined #nixos-chat
<colemickens>
How long to wait after asking for LGPL sources before poking again?
<colemickens>
Company makes plenty of revenue off product to justify the hour it would take to have their rebase script also do a gitpush to a public repo.
<lovesegfault>
colemickens: What's the co?
<colemickens>
Plex
<gchristensen>
colemickens: how did you contact?
abathur has joined #nixos-chat
<colemickens>
Forum, but a forum moderator replied within 24 hours saying Plex had been notified.
<colemickens>
So Plex had notice.... 11 days ago? They've been out of compliance likely since sometime in September, or shortly there after.
<gchristensen>
send mail
<gchristensen>
mail mail
<colemickens>
Somehow that feels pushy, but I think thats a me-issue. I should go ahead and do that.
<gchristensen>
yes
<lovesegfault>
mail'em
<lovesegfault>
what LGPL thing are they using?
<colemickens>
ffmpeg
<gchristensen>
colemickens: their compliance people (if they have any) probably don't operate on pleases :P
<colemickens>
I just have this naive thought that somehow my plea might end up on a decent devs desk and they could just bang it out. But that's silly, it may well be strategic to drag their feet, don't have autonomy to do that, aren't incentivized to care, etc.
<colemickens>
Just looking around for a template or something now...
wildtrees has quit [Remote host closed the connection]
<__monty__>
Sounds like something the FSF might be able to help with?
wildtrees has joined #nixos-chat
neeasade has quit [Remote host closed the connection]
Jackneill has joined #nixos-chat
wildtrees has quit [Remote host closed the connection]
wildtrees has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
__monty__ has quit [Quit: leaving]
mrCyborg has quit [Quit: WeeChat 2.7.1]
<jackdk>
software freedom conservancy does some of this but looks like it's only for member projects? https://sfconservancy.org/copyleft-compliance/ maybe they can point you at people to wave sticks