<joepie91>
manveru: that auditing subthread is weird
<samueldr>
sounds like nix is being blamed wrongly
<samueldr>
as with any tool, it can be used badly!
<samueldr>
now, (if we ever know what was wrong), what led to it being used badly in that way, and what can be done so it doesn't happen, or is better communicated why it's so "slow"
<samueldr>
(e.g. no binary cache, that would be slow, but a good use, so it's communication here)
<gchristensen>
too much ifd
<clever>
gchristensen: ive been thinking lately about how to make hydra capable of caching IFD
<samueldr>
from the info in th thread, it doesn't sound like "nix is slow to eval" but "takes hours to build their project"
<samueldr>
and build time can be long for good reasons!
<clever>
gchristensen: i also found a critical mistake in some performance areas of hydra-eval-jobs recently
<gchristensen>
oh?
<samueldr>
like if you're building the world because you're not "trusting" the binary cache in your blockchain based fintech startup
<clever>
gchristensen: do you remember the prefork/postfork stuff around the restarting logic?
<gchristensen>
yeah
<clever>
gchristensen: boehmgc assumes your forking to execve()
<clever>
gchristensen: so it doesnt bother restarting all of the parallel gc threads
<gchristensen>
huh
<clever>
your child proc now has worse gc performance
<samueldr>
could it also be why it stays fragmented?
<clever>
samueldr: i think it will still defrag, but it takes longer to mark all garbage
<samueldr>
(or seem to)
<clever>
the prefork code grabs all the mutexes in the "main" thread
<clever>
for the parent post-fork, it just unlocks and resumes acting as normal, and threads can do their job
<clever>
for the child, it destroys all thread related state, sets itself to single-threaded mode, and releases all locks
<colemickens>
lots of meta feedback about how people want to be introduced to nix, I find that kind of interesting when thinking about how to evangelize nix
<joepie91>
samueldr: my main question is why the auditor is not aware of the actual reason
<cransom>
joyfully, the least annoyed i've ever been about compiling a kernel has been via nix.
<samueldr>
while it can take some time... it's so trivial to deal with
<cransom>
i think 90% of the happiness is that once it happened, there was no saving of the other config or binarys or updating init/etc. kernel just came along for the ride for the rest of the laptops existence
<gchristensen>
what if you could pipe any build of any package, built with nix or not, in to a program, and have it look up those lines and corresponding progress in the corpus of all nix builds
<gchristensen>
my log just printed " CC net/bridge/netfilter/nf_tables_bridge.mod.o
<gchristensen>
how much left
<infinisil>
Nice idea
vika_nezrimaya has quit [Ping timeout: 272 seconds]
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
<JJJollyjim>
if i switch from fetchFromGitHub to fetchGit, will nix be able to incrementally update the repository?
<JJJollyjim>
i'm fetching a multi-gigabyte repo which is frequently updated :/
endformationage has quit [Quit: WeeChat 2.6]
<JJJollyjim>
(but almost always updates are just adding a single file)
slack1256 has joined #nixos-chat
<ldlework>
JJJollyjim: you can provide a commit hash in either case
<ldlework>
not sure what you mean by incremental
<ldlework>
i mean i'm pretty sure what you mean, and i'm pretty sure the answer is no
<JJJollyjim>
yeah, the issue is that fetchfromgithub downloads a 2GB zip file on every change
<JJJollyjim>
where if i were to "git pull", it would only download the changes
<JJJollyjim>
and i'm hoping fetchGit behaves the same
<ldlework>
it doesn't
<JJJollyjim>
damn
<cole-h>
There's no way to do that because .git isn't reproducible
<ldlework>
you can maintain your own external package though
<JJJollyjim>
yeah
<ldlework>
like I have /nixcfg/external/
<ldlework>
which are submodules
<ldlework>
which allows me to control when those modules are pulled, etc
<cole-h>
Yeah, I do the same
<JJJollyjim>
i'm eyeing up doing something dumb with the github API, having each file be its own derivation and making the nix build symlink every individual file into the output
<JJJollyjim>
which would be great incrementally, but the original download might anger the rate limit gods
<ldlework>
seems like submodule is cleaner
<ldlework>
src = /nixcfg/external/some-submodule;
<ldlework>
tada
<ldlework>
pull and rebuild whenver you'd like
<JJJollyjim>
hmmm
<JJJollyjim>
it'd be nice for the output (which is almost as large) to also be not redownloaded though
<JJJollyjim>
by others
<ldlework>
redownloaded?
<ldlework>
ah well
* ldlework
shrugs.
<ldlework>
stupid material monism and it's intrinsic limtiations of information propogation!
<ashkitten>
would be interesting if fetchgit could have a sort of cache of git repos to --reference on clone, though
<ashkitten>
.git may not be reproducible but it doesn't matter where you get the objects from, as long as they're the same
<ashkitten>
that might get into the same thing with "why we can't use ccache/sccache" though, which i still think is possible to work around in a reasonable way for local dev at least
<ashkitten>
i strongly believe nix should be able to use build caches (for local dev) even if it means breaking purity a little
<ashkitten>
being able to use distcc would be nice too
<lovesegfault>
ashkitten++ 1000 times
<{^_^}>
ashkitten's karma got increased to 8
<lovesegfault>
I'm a big "no" on distcc because it's so broken IME
<lovesegfault>
but ccache would be a life saver
<lovesegfault>
I was trying to get ff with lto and had to rebuild it 100 times and it killed me
<ashkitten>
as an optional thing distcc might be nice for some people
<ashkitten>
<3 lovesegfault
<{^_^}>
lovesegfault's karma got increased to 32
<ashkitten>
y'ever get that working?
<lovesegfault>
ashkitten: Nope :D
<lovesegfault>
I tried for hours
<ashkitten>
f
<cole-h>
is for friendship
<srk>
lovesegfault: distcc or ccache?
<ashkitten>
hardest part is lto is the very last build step
<lovesegfault>
srk: distcc never works, ccache would've been a lifesaver
* srk
used to run distcc years ago with gentoo :D
<lovesegfault>
ashkitten: I have it building and linking
<lovesegfault>
but the install test fails to find nscd or some other crap
<srk>
someone even made it work with ghc
<lovesegfault>
like, when you run it asplodes
<ashkitten>
lovesegfault++
<{^_^}>
lovesegfault's karma got increased to 33
<lovesegfault>
srk: I used ccache and distcc with Gentoo too!
<lovesegfault>
fun times
<srk>
hehe, yeah
<ashkitten>
can't even imagine trying to build firefox with pgo
<lovesegfault>
ashkitten: If LTO works PGO is, cough, trivial
<ashkitten>
we heard you liked building firefox, so now you can build it twice whenever you fuck up!
<lovesegfault>
I used to run Gentoo building ff with LTO + PGO
<srk>
I've tried to enable ccache for linux packages where it would help quite a lot but it failed to pick it up, needs disabling sandboxing as well maybe?
<cole-h>
Anybody know: does the minimal ISO have rsync in its PATH?
<lovesegfault>
IME ccache works well when you're working on exactly one project will small changes in between, otherwise it ends up filling 100's of GBs of cache with no noticeable speed improvement :P
<ashkitten>
srk: yeah sandboxing is the issue, but it'd be nice if we could half-sandbox it at least, with persisting the ccache artifacts?
<srk>
yup, sounds good
<srk>
you can probably bind mount additional paths into sandbox as well
<srk>
hm, that's already implemented I think
<lovesegfault>
I wish there was a cccheStdenv
<ashkitten>
it'd be nice to flip a switch and have ccache in stdenv while building
<ashkitten>
lovesegfault++
<{^_^}>
lovesegfault's karma got increased to 34
<lovesegfault>
*ccacheStdenv
<srk>
would it change hashes? :)
<ashkitten>
yes
<lovesegfault>
and you would just override stdenv with ccacheStdenv and ta-daa
<colemickens>
I thought that was a thing? or isn't there something like it that was always not working?
<lovesegfault>
srk: yeah, but I'm even fine with that
<srk>
not good, needs intensional store and reproducibility :)
<lovesegfault>
I got loads of xeon gold machines to build stuff
<ashkitten>
idk, i don't have that
<lovesegfault>
I want it just to hack on stuff
<ashkitten>
i don't know if ccache is really reproducible and it's certainly not pure, we definitely shouldn't use it for anything but hacking at big builds locally
<srhb>
colemickens: Indeed, it is, and has been for a long time.
<lovesegfault>
ashkitten++
<{^_^}>
ashkitten's karma got increased to 9
<srk>
it should be, iff passed the same arguments and file
<srhb>
Of course, it's woefully dangerdanger
<srk>
crosscompiling would benefit from intensional even more iff reproducible
<srhb>
srk: Not pure, no. Unless you always pass in the first result, in which case eventually it won't cache anything..
<lovesegfault>
I'd be very surprised if ccache was r10e
<ashkitten>
i wasn't aware that there is ccacheStdenv
<lovesegfault>
ashkitten: nani?!
<srhb>
It's not as great as you might think.
<lovesegfault>
Oh
<srk>
srhb: makes sense
<ashkitten>
i'd also really like sccache, so i can use it for rust
<lovesegfault>
Confession: I always confuse srk and srhb
<ashkitten>
srk is purple, srhb is green
<srhb>
We even have different lengths. :)
<ashkitten>
easy
<srk>
:D
<lovesegfault>
ashkitten: I tried using sccache on Gentoo and it asploded
<lovesegfault>
ashkitten: they are both yellow for me!
<ashkitten>
it's very confusing i will admit when people of the same name color talk at once
<ashkitten>
i primarily identify people based on their color and the rough length of their name
<srhb>
Yeah, same.
<ashkitten>
so graham is long purple
<srhb>
Periodically that has been a problem, but not recently
<ashkitten>
lovesegfault is actually the only teal regular in this channel, i think
<lovesegfault>
Teal rocks!
<ashkitten>
er, cyan?
<ashkitten>
cyan
<lovesegfault>
c*lemickens is teal/cyan for me
<lovesegfault>
*shkitten is blue
<ashkitten>
i don't think i have a teal, it's just cyan and turquoise
<srhb>
Prple for me.
<srhb>
colem, that is.
<lovesegfault>
sr{hb,k} are yellow
<srhb>
I swear, some new change has started eating some of my keypresses.
<srhb>
It's infuriating and definitely not just me fatfingering.
<ashkitten>
it's unfortunate that there's only 16 colors available and one of them is allocated only for myself
<srk>
heh, the nick coloring should have some heuristic to not colorize close edit-distance nicks the same :D
<ashkitten>
srk++
<{^_^}>
srk's karma got increased to 15
<lovesegfault>
AI nick coloring NOW
<srk>
colorize_nicks.pl
<srk>
almost :D
<ashkitten>
or! we could have more than 16 colors
<srhb>
And attempt to make a rainbow.
<ashkitten>
64 colors with enough variation would probably be enough
<ashkitten>
srhb: on whose screen?
<srhb>
Everyones! I'd be OK with just mine though
<srk>
ashkitten: 256 colors will be enough for everyone!
<ashkitten>
✨ srk
<{^_^}>
srk's karma got increased to 16
<srk>
:D
<ashkitten>
but in reality this is just another map coloring problem, right? except the countries rearrange themselves at will
* lovesegfault
nods
<ashkitten>
i need to purchase more music on bandcamp
<ashkitten>
i mean
<ashkitten>
bandcamp sucks
<srk>
heh, map coloring exactly.. fun
<ashkitten>
but big giant circles has really catchy chiptunes
<srk>
why? you can at least download oggs and flacs from there
<lovesegfault>
I need to get some poop coffee to roast
<ashkitten>
yeah but i've heard from friends that they're not great to use as creators and also they send the creator the name on my paypal account or credit card without asking for any preferred name
<ashkitten>
which, not having legally changed my name yet, is not great
<lovesegfault>
the good stuff
<lovesegfault>
with poop certificate
<srk>
ashkitten: I've considered creating a webapp for selfhosting music few years ago
<lovesegfault>
ashkitten: is that just out of their inertia or could it be a more stingy issue with receipts being legal documents and all that?
cole-h has quit [Quit: Goodbye]
<ashkitten>
lovesegfault: it's them being a shitty website that doesn't care about people's needs, to be blatantly honest
<ashkitten>
it's not a receipt, it's a message to the artist
<ashkitten>
afaict
<ashkitten>
i get called the wrong name enough by services that actually need my government name for legal reasons
<ashkitten>
everything needs a preferred name field, btw
<lovesegfault>
idea: may gov. docs could exhibit a "preferred name" next to your legal name that can be more easily changed and then people can call each other by that 99% of the time
<lovesegfault>
oh wow
<lovesegfault>
I swear I wrote that before seeing your message :D
<ashkitten>
or! they could make government names easier to change and quit oppressing people who want to change their name
<srhb>
I mean, the idea of a legal name in itself is kinda bullshitty in this day and name. Could just make everything preferred name (or like, name) and sort out identity troubles with Real Solutions.
<srhb>
But apparently that's just crazy talk.
<ashkitten>
srk++
<{^_^}>
srk's karma got increased to 17
<ashkitten>
names are outdated anyways
<srk>
srk++ srhb++
<{^_^}>
srhb's karma got increased to 109
<{^_^}>
srk's karma got decreased to 16
<srhb>
xD
<lovesegfault>
lol
<ashkitten>
everyone has hacker aliases now that they call each other
<lovesegfault>
I mean getting rid of legal names is a nice idea but it sounds to me like "how about we don't use cobol" but on crack
<ashkitten>
i live with my girlfriend in meatspace and i call her by her usernames lol
<srhb>
Yes, we can't have good things because inertia is a thing is a common problem.
<lovesegfault>
lol "meatspace"
<ashkitten>
it's where your meat body is
<srhb>
fwiw in my country changing "government name" is easy, if not cheap for the less-fortunate.
<srhb>
But there are gendered name lists.
<ashkitten>
germany?
<srhb>
Denmark.
<ashkitten>
ah
<srhb>
However, changing "legal gender" (again, what the fuck does legal even mean) is also easy, but takes one year.
<ashkitten>
i read a little about the situation in other countries (i'm in the US)
<lovesegfault>
srhb: I think usually "legal" == "what the government has on their books"
<srhb>
So ultimately, a name change that crosses the name gender list costs $60 and a year.
<srhb>
lovesegfault: Yeah, I'm really just protesting the concept. :P
<ashkitten>
here it varies by state, in some it requires paying a fee to appear in court and/or publish the name change in a local newspaper, which is utterly ridiculous and prohibitive for many people
<srhb>
Oh yeah, for sure.
<lovesegfault>
Honestly having gone through immigration recently anything that costs less than $1000 and takes less than 18mo sounds like a great deal :P
<srhb>
It is a huge improvement over the previous situation
<srhb>
Which involved a board of "court doctors" doing a moral approval of whether you reaaaaaaaaally meant it
<lovesegfault>
ashkitten: the whole newspaper thing is so outmoded it's funny, definitely from a far an forgotten time; insane that it's still a thing
<ashkitten>
you should be able to change your government name with an online form (actually the government should not care about your name, but whatever)
<srhb>
ashkitten: Yeah, that's how it works here.
<ashkitten>
hot take: if you want to change your name every week nobody should be able to stop you
<lovesegfault>
I'll also add: I think a lot of people wouldn't like to be referred to by the gov. by not-their-names as it can feel dehumanizing
<srhb>
For sure.
<lovesegfault>
I only get referred to, and I shit you not that's what it's called, my alien number and I hate it
<ashkitten>
well, yes. that's why it's a problem
<lovesegfault>
I'm A3948029384092 (not my real alien number)
<ashkitten>
oh, i see what you mean
<srhb>
lovesegfault: That's vaguely dystopian.
<srhb>
Well, not really vaguely.
<lovesegfault>
it's really weird
<ashkitten>
yeah i guess, but it'd be nice if government names didn't severely impact everything else
<lovesegfault>
Agreed, just going over the impacts in my head
<lovesegfault>
or, well, out loud
<eyJhb>
srhb: does the CPR number change as well when you legally change gender?
<ashkitten>
being referred to as whatever name my parents decided was good at birth is worse than no name, though
<srhb>
eyJhb: Yes, it must. Because they're still gendered for some reason.
<srhb>
(social security number, sort of, for anyone wondering)
<lovesegfault>
ashkitten: for you it might but, for example, someone who doesn't share your experiences might be pretty appalled by hearing "so A2908432498 have you filed your form I-765 in Chicago?"
<ashkitten>
shrug
<ashkitten>
a lot of people share similar experiences, tbh
<lovesegfault>
Scale of Bad: Your right name <---------------- some numbo <-------------------------------------------------------------------------------------------------------------your dead name
<lovesegfault>
(as I imagine it)
<eyJhb>
srhb: the SSN are generally broken here in DK
<eyJhb>
Since 2001 I think
<srhb>
eyJhb: I think they're broken everywhere. Or are you thinking about mod 13 specifically?
<ashkitten>
it'd be cool if there was a preferred name field and it didn't affect anything outside of what the people from the government call you
<srhb>
mod 11, even
<ashkitten>
that's what i meant
<srhb>
ashkitten: Yeah that would go a long way
<ashkitten>
people have many names, anyways
<eyJhb>
srhb: mod 13, and also that when you get to above 99
<srhb>
eyJhb: Yeah, I think most systems have learned to deal with it finally though
<ashkitten>
people can't be reduced to having only one real name, that's ridiculous
<srhb>
Unfortunately still hits a few people who emmigrated here in the 70s
<lovesegfault>
ashkitten: Yeah, that I can 100% agree with
<lovesegfault>
like the address field in the passport that you just write with a pencil yourself :)
<srhb>
eyJhb: (Er, who were _born_ in the 70s)
<srhb>
But it's like.. less than 20 people :P
<srhb>
Must be a pain to be one of those.
<ashkitten>
what if i want government people to call me one thing but my friends to call me another thing, and businesses to call me yet another thing?
<srhb>
eyJhb: So I bet the check is just bolted on in a lot of systems.. if mod11... else if (birthdate in one of these)... else
<eyJhb>
But purely from seeing the number, you are no longer 1. Able to validate it without external help 2. Actually know the age of a person
<srhb>
It's a stupid system. :-) Let's get rid of it.
<eyJhb>
I want my UUID4.
<eyJhb>
:p
<srhb>
Yeah.
<srhb>
Or better yet, a cryptographic key
<eyJhb>
"So can you say your SSN for me?" "SURE! Hang on"
<lovesegfault>
bashkitten, for business, fashkitten for frens, gashkitten for the government 😎
<srhb>
But that's never going to happen.
<eyJhb>
Nope, never.
<eyJhb>
But using CPR numbers to validate ones identity is stupid
<srhb>
Indede.
<ashkitten>
lovesegfault: none of those names are good and fashkitten has other implications i'd rather not consider
<ashkitten>
lol
<eyJhb>
It is so easy, and SO many leaks
<lovesegfault>
mnemonic ssn? house yard shy lock tower rash mount horse water
<lovesegfault>
ashkitten: 😅
<eyJhb>
A colleague of mine just found anyother company leaking them
<srhb>
eyJhb: The world only works at this level because people are generally not assholes. It's incredibly easy to misuse.
<srhb>
And I mean, that's a sort-of-acceptable stance most of the time.
<ashkitten>
lovesegfault: interestingly all of those were real words, though
<ashkitten>
bash, cash, dash, fash, gash, hash, okay i see a pattern
<colemickens>
those names are something else, haha
<lovesegfault>
ashkitten: :D
<lovesegfault>
oh wow
<srhb>
ashkitten: cashkitten for business, for sure.
<ashkitten>
lol
<ashkitten>
as if i could run a business
<eyJhb>
Have to recreate my NixOS USB installer... Not enjoying this journey so far
<ashkitten>
congratulations, you've managed to make my name look incorrect
<lovesegfault>
sash: a long strip or loop of cloth worn over one shoulder or around the waist, especially as part of a uniform or official dress.
<lovesegfault>
TIL
<eyJhb>
srhb: mounting a dataset in a tmpfs will for some reason not work in the installer, but got everything to work. But it seems like it would not boot. Just got the "choose a boot device" menu each time I chose my SSD
<eyJhb>
Seems like the active/boot flag is not set (is my guess)
<ashkitten>
lovesegfault: a sash is what they give out at beauty pageants
<srhb>
eyJhb: That doesn't sound right.
<srhb>
ashkitten: Thanks, I was wracking my brain. :P
<ashkitten>
worf wears one in tng
<lovesegfault>
ashkitten: gorge
<eyJhb>
srhb: appreciate the help if you have some spare time :p
<lovesegfault>
whats a worf
<srhb>
lovesegfault: >:|
<ashkitten>
idk what's worf with u
<lovesegfault>
wolf?
<srhb>
eyJhb: Sure, though I think your approach of redoing from the install medium is the easiest route
<lovesegfault>
tng = the new gang?
<colemickens>
:(
<lovesegfault>
tissues not good
<lovesegfault>
tampers needed glamping
<ashkitten>
tanuki needle grower
<lovesegfault>
tubers need girth
<lovesegfault>
hehehehe
<lovesegfault>
I like that one
<lovesegfault>
going to write it down
<ashkitten>
tuba not glowing
<lovesegfault>
buff it!
<ashkitten>
http error 586: tuba not glowing
<srhb>
I think i suffer from eternal dwarf fortress restarts. At this point I'm just playing map gen.
<srhb>
This is something I do in basically every game, what's wrong with me.
<srhb>
Like.. Playing worldgen, or character creation. For hours.
<eyJhb>
srhb: currently have it started up again, and have mounted my zpool again. But, not sure where to go from here tbh.
<ashkitten>
character creation is the only part of the game
<srhb>
I guess so.
<ashkitten>
oh no, eyJhb and srhb are both green
<colemickens>
I let my BF do the character creation pages for me.
<srhb>
eyJhb: remount everything, particularly boot, reinstall the bootloader explicitly, verify that it looks good?
<srhb>
ashkitten: :|
<srhb>
colemickens: To avoid falling into that trap?
<colemickens>
Last time he took like 45 minutes and then I stopped playing the game about 10 minutes later as I realized it was, in fact, too RPG-y.
<eyJhb>
srhb: looks fine from what I see, except a little cannot copy error to boot
<srhb>
eyJhb: That sounds possibly relevant.
<srhb>
eyJhb: It this systemd-boot?
<lovesegfault>
oh god
<lovesegfault>
I can't read anything
<ashkitten>
there are in fact people who speak klingon fluently, btw
<eyJhb>
srhb: cannot copy /nix/store/.../grub/unicode.pf2 to /boot
<srhb>
eyJhb: So, grub.
<eyJhb>
Yes, good old grub
<srhb>
eyJhb: Might want to pastebin your bootloader config. Though we're getting dangerously on-topic.
<eyJhb>
Wait a minte
<eyJhb>
I should specify --root, right?
<srhb>
eyJhb: For nixos-install? I think it defaults to /mnt
<eyJhb>
(with nixos-install --root /mnt)
<eyJhb>
Hmm
<eyJhb>
Also, cannot pastebin anything. Or. Maybe I should start the SSH server
<colemickens>
you could pastebin with: `echo Hello world. | curl -F 'f:1=<-' ix.io`
<eyJhb>
Well, swithching to #nixos then srhb ! colemickens got SSH working. but that would help anyways
<srhb>
eyJhb: yep yep :)
<viric>
MichaelRaskin: the key/cert is generated in firefox, and the state CA signs it.
<viric>
isn't it the common way?
<viric>
browsers have that 'keygen' thing in html or so
slack1256 has quit [Remote host closed the connection]
<colemickens>
I'm surprised there's not a bodypix obs plugin already
<colemickens>
or maybe not bodypix but whatever appropraite OSS body-detection library
<colemickens>
it's a bot right?
<srhb>
I don't think so.
<srhb>
But someone very confused.
<srhb>
Or just trolling, who knows...
<srhb>
I'm choosing a very naive interpretation :P
* JJJollyjim
wonders if a quick nix-instantiate needs to lstat `/nix/store/8928ygfyf9iassfrnj76v55s6zid58ja-nix-2.3.4/share/nix/corepkgs//fetchurl.nix` 1200 times
<adisbladis>
Iirc imports are memoised
<adisbladis>
So that shouldn't be the case
<JJJollyjim>
all the other ones seem to be
<JJJollyjim>
i wonder if it's the //
<JJJollyjim>
building master to see if i can reproduce
parsley936 has joined #nixos-chat
waleee-cl has joined #nixos-chat
<bqv>
Master and the actively developed branch are quite different by now
<JJJollyjim>
ah
<JJJollyjim>
what's that branch?
<JJJollyjim>
all the PRs I see are against master
<bqv>
Flakes
<Valodim>
what's a good starting point to try out flakes? there's tons of info all over the place but I'm kind of missing a thing I can actually use
<MichaelRaskin>
viric: BTW, re: all these key stuff, you did use keys3.db and not only cert8.db, right?
__monty__ has joined #nixos-chat
<bqv>
Valodim: find a flake user's repo and copy it, is probably easiest
<bqv>
Ideally not mine since I do a lot of crazy ***t
<Valodim>
I suspect that's true for everyone who uses flakes though :P
<bqv>
:p
<bqv>
Search github for flake.nix, theres tonnes
<Valodim>
hm, yeah. that's kind of as specific as the info gets at this point.
<Valodim>
oh well. maybe I'll dig into it :)
<bqv>
Maybe I'll sharpen up my template branch so its actually usable again… just, its gonna diverge so much from live
<JJJollyjim>
sweet, posted an issue about the lstats
<JJJollyjim>
reproduced it on flake as well
<viric>
MichaelRaskin: properly paired keys3.db+cert8.db and keys4.db+cert9.db
<viric>
MichaelRaskin: I think my keys3.db is empty and I have no backup since the time it had my keypairs.
<viric>
My bet is a firefox update wiped them out
<eyJhb>
manveru: For some reason it will not work with 1920x1080
<eyJhb>
On Discord
<eyJhb>
Works now, needs to scale
xd1le has joined #nixos-chat
xd1le has quit [Client Quit]
waleee-cl has quit [Quit: Connection closed for inactivity]
xd1le has joined #nixos-chat
<joepie91>
I wonder when the people running HN will realize that maybe some moderation is needed
<joepie91>
(probably never)
<gchristensen>
I saw dang moderate once!
<joepie91>
I will just let that point make itself :P
<eyJhb>
Any good program to monitor the CPU/MEM usage over time?
<eyJhb>
That I can start, will measure and on ctrl+c, will give me the average?
waleee-cl has joined #nixos-chat
<gchristensen>
eyJhb: over what timescale?
<eyJhb>
gchristensen: basically just seconds
<eyJhb>
nmon does not work for some reason
<eyJhb>
So basically anything. If it can output to CSV and meassure each X second, that would be OK, if I just get average, good as well
<evax>
eyJhb: you could check netdata maybe
<eyJhb>
Waaay too overkill for this evax. Running some benchs on throwaway servers
<gchristensen>
do you mind doing some of it yourself?
<adisbladis>
Reminds me of an old common friend of mine, etu & talyz.. She sent pics of hardcore porn saying it was sfw because there are no nipples visible
<cole-h>
ZFS friends: if I enable encryption for tank/system/root, tank/system/var, and tank/user/home and have the same passphrase for all 3, will I have to enter that passphrase three different times?
<ajs124>
AFAIR, yes. you can use keyfiles and a "keystore" dataset. That's what I do on one of my machines, but I never got around to any of that actually properly automounting.
<ajs124>
I only reboot that machine once every 2 months or so anyways, so I just do it manually, every time.
<cole-h>
So something like tank/keystore (which is encrypted with a passphrase) which has some keyfile, where all the other datasets refer to that keyfile?
<ajs124>
Exactly. Or multiple keyfiles, doesn't really matter.
<danderson>
hm, I thought ZFS tried already-loaded keys on a dataset before prompting again
<danderson>
never tried it though, my datasets are all encrypted at the top level and inherited down, as it's more of an anti-theft and drive recycling thing for me.
<eyJhb>
adisbladis: Join the Bitwarden people!
<emily>
cole-h: I just have encryption enabled on the whole pool
<cole-h>
emily: Yeah, I'm leaning towards that as well.
<emily>
not really sure why you'd need this more elaborate setup unless you want /boot in the same pool or something
<cole-h>
Nah, was really just curious
<eyJhb>
danderson: I can't remember if the key is a wrapper around the actual encryption key, or it is used to generate it
<danderson>
my constant mantra with security things: what is your threat model? :)
<danderson>
under many threat models, all-or-nothing encryption makes the most sense.
<eyJhb>
I too can now join the ZFS discussions as of this morning! And my pool is encrypted as well
<danderson>
Because in general, it turns out that you care about cryptographic integrity on the unencrypted datasets, even if you don't care about the privacy aspect
<danderson>
i.e. what damage can I do if I mount your cleartext datasets and futz with their content, while your computer is off?
<danderson>
If the answer is in any way "execute arbitrary code during a trusted boot, or trick the user into running arbitrary code"...
<gchristensen>
can confirm, want as few unencrypted bytes as possible *glares at the bootloader*
* gchristensen
glares at his wip secureboot pr
<cole-h>
I tried setting up secureboot on my Arch install once.
<danderson>
<3 secureboot
<gchristensen>
me too danderson
<gchristensen>
maybe you could help me finish it :)
<cole-h>
I ended up having to pull the battery on my mobo
<danderson>
gchristensen: how does your pr get around the kernel signing issue?
<danderson>
i.e. how do you avoid an interactive "okay sign the kernel now pls" step in the nixos build or activation?
<gchristensen>
it stores a signing key on disk and signing isn't interactive
<gchristensen>
it does the signing during the bootloader setup phase of `nixos-switch boot`
<danderson>
okay, so it solves the problem by altering the threat model :)
<eyJhb>
gchristensen: where is that PR?
<danderson>
(which is fine, that's what I did on my arch laptop as well)
<gchristensen>
danderson: yeah, I'm not equipped to draw the entire owl for you :)
<{^_^}>
#53901 (by grahamc, 1 year ago, open): WIP: Sign systemd boot EFI images for secure booting.
<danderson>
gchristensen: BUT I WANT AN OWL NOW!
<cole-h>
^ I believe it's that one
<cole-h>
eyJhb:
<danderson>
seriously though, very exciting. Secure boot is one bit thing I gave up when I moved to nixo
<gchristensen>
danderson: draw a circle: o, and then another circle: O, and then finish it
<danderson>
+s
<eyJhb>
((OvO))
<eyJhb>
((ovO))
<eyJhb>
^^ somewhat owl
<gchristensen>
Nix is amazing, yall
<cole-h>
100%
<cole-h>
I've spent the past ~5 days messing with NixOS and I love it so freaking much
<danderson>
does the owl draw correctly in sandbox mode
<bqv>
i wish there was a way to ban myself from using `git commit` with `-a`
<gchristensen>
I'm iterating on some netboot images, and using Nix + resholved I can practically guarantee I didn't make a boneheaded mistake in a script
<bqv>
i think it actually costs me more time than it saves
<eyJhb>
bqv: I have a "cam" commit all message, it is terrifying
<eyJhb>
git cam "msg"
<bqv>
:D i also refuse to ever use git aliases
<danderson>
til resholved
<bqv>
i've even managed to remove all shell aliases from my system, finally
<bqv>
thanks xonsh
<danderson>
(it's not what Sean Connery says when discussing systemd-resolved)
<bqv>
i'm sure they are, but it falls under the same argument that prevents me from using any vim plugins besides syntax highlighters
<gchristensen>
abathur: ^ that link
<eyJhb>
What about autocompleters?
<bqv>
if i wanted an IDE i'd use emacs :p
<eyJhb>
bqv get over in the corver with adisbladis
<cole-h>
gchristensen: "wipefs af" hehe
<gchristensen>
:)
<bqv>
heh
<bqv>
adisbladis: speaking of which, was there something in emacs 26->27 that changed url handling? suddenly weechat.el is complaining that it doesn't know what a browser is
<bqv>
could maybe recompile git and disable the -a handling..
<adisbladis>
bqv: I don't know
<adisbladis>
I've tried getting on emacs 27 a few times but still some pretty nasty bug that keeps biting me
<adisbladis>
And I can't be bothered to debug it, I'm just hoping it'll magically be fixed at some point
<bqv>
hmm, i wonder if gccEmacs would solve it magically too
<bqv>
i don't currently native-compile external packages so i can't tell
<adisbladis>
I'm tempted to throw up a hydra jobset and see how it goes
<bqv>
now? nah. i just tried, it still fails
<sphalerite>
I'm a bit confused by my shiny new ryzen hetzner box. It heats up to 95°C under full load, which I think shouldn't happen? Disabling boost (echo 0 > /sys/devices/system/cpu/cpufreq/boost) prevents this, but that shouldn't really be necessary, right?
<sphalerite>
it's not an issue with the individual box, because support replaced first the fan then the whole box at my request…
<sphalerite>
Does anyone know things about this?
<emily>
are you sure they don't just have bad cooling?
<emily>
those things have a lot of cores
<emily>
admittedly I'd kind of hope a server can maintain better temperatures than an ultrabook
<sphalerite>
exactly
<emily>
still... so many cores!
<andi->
which CPU is it?
<sphalerite>
but maybe the server case was designed for only operating with boost disabled?
<sphalerite>
andi-: ryzen 5 3600
<andi->
I have an 9 3900X unde my desk and no overheating issues at all.. it also defaults to boost=0
<adisbladis>
bqv: libgccjit is still not on master
<adisbladis>
As soon as it is I'll start experimenting with the native-comp branch
<bqv>
yeah, fair
<abathur>
danderson: I do hear Connery in my head every time I read it, though
<cransom>
is 95c an issue though? is it thermal throttling?
<cole-h>
What is the gold standard for taking ZFS incremental backups (snapshots, I guess) to a local disk (not ZFS)? I'd also like to be able to mount this backup somewhere temporarily for browsing
<gchristensen>
what do you mean not zfs
<cole-h>
I mean my external is not formatted ZFS
<cole-h>
and it has so much not-ZFS data on it I'm reluctant to wipe it until I get another external that I /can/ format as ZFS.
<gchristensen>
I suppose you could rsync from a recent snapshot directory
<adisbladis>
You can zfs send to a file
<gchristensen>
not very mountable :)
<sphalerite>
also no integrity checking
<andi->
sphalerite: have you tried a never kernel?
<sphalerite>
andi-: currently on 5.6.11, that should be new enough right?
<andi->
yeah
<abathur>
gchristensen: nice; I thought about putting shellcheck directly into the builder at first
<sphalerite>
cole-h: maybe this is a terrible idea, but then again maybe it isn't — you could use a file as a device for a zpool
<andi->
sphalerite: any dmesg readings before it overheats?
<sphalerite>
cole-h: that does require you to decide how much space you want to give it though.
<gchristensen>
abathur: :) I'm a bit flummoxed by this busybox thing though
<abathur>
?
<cole-h>
Sounds like what I want is not easily achievable... Then, what if the external /was/ ZFS? Would it be relatively easy to mount/browse arbitrary snapshots that have been sent to that disk?
<gchristensen>
if I add busybox to the inputs, it does strange things
<sphalerite>
gchristensen: probably because it replaces cp and find and other stuff that stdenv uses with coreutils-incompatible versions?
<sphalerite>
cole-h: yes, it would
<sphalerite>
andi-: no, but maybe loglevel=7 would help there
<gchristensen>
hmm yeah I'm not sure why this is a thing: propagatedBuildInputs = inputs;
<sphalerite>
cole-h: then you import the external pool, mount the filesystems (if they're mountpoint=legacy), then cd /mountpoint/.zfs/snapshot and there you have all your snapshots
<sphalerite>
(exactly like with the snapshots you have on your main pool)
<cole-h>
:o
<abathur>
gchristensen: one of many things in the PR that I'm unsure about and could use review on :)
<cole-h>
New to ZFS, so this is pretty nifty.
<sphalerite>
cole-h: yes! I love it too
<cole-h>
Only problem is, now I have to get another external x)
<andi->
sphalerite: I could imagine them not having tested it with boost on. CPU burn without boost might just work fine over time.
<andi->
I'll try mine with boost enabled
<andi->
another 800MHz I haven't made use of
<sphalerite>
cole-h: you can also explicitly mount a snapshot to a specific path with `mount -t zfs pool/dataset@snapshot $mountpoint`
<cole-h>
waow
<sphalerite>
cole-h: which can be useful if you want to convert zfs snapshots to borg archives, e.g. for long-term storage where you want deduplication
<cole-h>
WAIT I CAN CONVERT SNAPSHOTS TO BORG ARCHIVES?!
<sphalerite>
yeah it's slow though
<gchristensen>
you can use the snapshot as a source for borg
<cole-h>
I already use borg for Arch, so I could probably use that to tide me over :o
<andi->
cole-h: that is how I do backups for some systems.. snapshot the dir, create a borg backup, delete the snapsht
<cole-h>
That's actually insane holy cow
<sphalerite>
zfs list -t snapshot -r backup/lugn/home -o name -H | while read snap ; do mount -t zfs $snap /mnt ; ( cd /mnt ; echo -n "$dir " ; date ; time borg --progress create /backup/borg::lugn-home-${snap##*@} . ); umount /mnt ; done
<sphalerite>
^ my hacky script for converting all the snapshots on a dataset into borg archives
<cole-h>
So basically you just mount the snapshot to /mnt, cd there and create a backup of that directory with borg? Am I reading that right?
<cole-h>
That's... pretty simple.
<cransom>
hrm. i don't mount my snapshots. they show up under <mountpoint>/.zfs/snapshot/<snapname>
<gchristensen>
same, cransom
<sphalerite>
cransom: gchristensen: that makes borg a loooot slower
<sphalerite>
cole-h: yep
<sphalerite>
cransom: gchristensen: borg will rely on the size and modified date of a file by default, but only if the path is exactly the same — hence mounting the snapshots to the same place for the "assimilation" :)
<sphalerite>
andi-: nope nothing at all in dmesg even after `echo 7 >/proc/sysrq-trigger`
<cole-h>
sphalerite: So, borg's dedup works in this scenario, right?
<sphalerite>
cole-h: yes, since you almost never want to use zfs dedup
<gchristensen>
aah
<sphalerite>
cole-h: I mean, it's no different from regular use of borg really
<cole-h>
Yeah, I've read that very frequently :P
<gchristensen>
sphalerite: I don't suppose you can use `zfs diff` to *tell* borg what changed
<sphalerite>
gchristensen: that would be _really_ cool.
<gchristensen>
would be nice :)
<sphalerite>
andi-: hm, so by letting it reach 95°C, I get about 6% better performance. Now I guess the question is whether to do that.
<sphalerite>
But if the CPU dies Hetzner will replace it I guess…
<gchristensen>
not your hardware not your problem
<sphalerite>
so you're saying I should also overclock it? :D
<sphalerite>
I kind of feel socially irresponsible for it, but then again I guess exactly this kind of thing is factored into the prices Hetzner set for their services.
<sphalerite>
(not the overclocking, that was a joke)
<gchristensen>
it is absolutely factored in
<sphalerite>
(plus it probably wouldn't help, I'm guessing that all that's keeping it from going above 95 is thermal throttling)
<sphalerite>
so I guess the remaining question is if I should terminate the server and ask for a refund since it doesn't reach the performance I'd expect of the hardware.
<gchristensen>
you bet
<sphalerite>
well, the alternative is keeping it and still having decent hardware that's a lot more fun to use than anything else I have available.
<gchristensen>
its pegged at 95c and thermal throttling to uselessness
<gchristensen>
ask for a replacement :)
<sphalerite>
I already got a(n identical) replacement
<gchristensen>
still throttling?
<sphalerite>
yeah same story
<gchristensen>
eh.
<andi->
I should ask for a new work laptop. That Intel shit was full of security issues (and thus now speedbreaks) from the start ;)
<gchristensen>
up to you then
<sphalerite>
except it's only "throttling" insofar as it's limiting its boostiness
<sphalerite>
it can operate at full load and "normal" max frequency at perfectly acceptable temperatures
<eyJhb>
sphalerite: what are you using the server for?
<sphalerite>
eyJhb: video encoding right now, so definitely heavy stuff
<eyJhb>
AH
<eyJhb>
Doet it have a GPU?
<samueldr>
not nice, the bluetooth card on my main computer decided to kill the usb stack out of the blue
<sphalerite>
eyJhb: no
<sphalerite>
samueldr: fuuuuun
<samueldr>
as in, from power off, the moment the firmware file is loaded the xhci stack is dead
<samueldr>
at least it's something I can remove, but I wonder if it's the bluetooth card *or* the computer that's having an issue in the end
<gchristensen>
oof
<sphalerite>
eyJhb: I don't think I'd want to do the encoding on a GPU anyway, since (iiuc) hardware-accelerated encoders generally have poorer compression/quality characteristics
<talyz>
sphalerite: maybe they pack the hardware super tightly and use the cheapest cooling they could get? 95c is still pretty impressive, though..
<gchristensen>
nearly guaranteed
<cransom>
empty space in the data center costs money.
<talyz>
yup
<gchristensen>
and they don't charge enough for anything else
<talyz>
no, they seemed unreasonably cheap last i looked
<gchristensen>
definitely
<samueldr>
after a wirelessechtomy it all works fine
* samueldr
digs for a bluetooth dongle
* sphalerite
just compared packet's t1.small.x86's pricing and is quite impressed
<emily>
t1.small.x86 is a joke
<emily>
atoms aren't useful for anything
<emily>
and then the next packet.net server up from that is like $250/month or something
<emily>
if you just want an atom dedi then online.net / kimsufi / etc. sell them even cheaper (though with worse infra/support to be sure)
<emily>
I mean, it's not that you can't do anything with it of course, it's just still a $50/month Atom, a VPS will probably beat it for perf handily
<gchristensen>
it is pretty much a loss-leader to get you in to the platform
<emily>
I wish I had the budget for packet.net :p
<gchristensen>
hehe
<emily>
would be so much nicer than dealing with hetzner, especially the KVM, ugh
<gchristensen>
yeah
<emily>
I wonder if you could get coreboot on a Hetzner, and also how much they'd hate you for doing it
<emily>
they snapped at me for adjusting some basic BIOS settings like boot timeout once
<gchristensen>
if they snapped at that it makes me question the security of their entire everything
<MichaelRaskin>
Well, you cannot _securely_ ensure anything for a machine that someone had a root on for a year!
<MichaelRaskin>
You can do a best effort, sure
<emily>
tbf it was more like I mentioned it unnecessarily when explaining why I needed the KVM and they said some stock thing like "please leave the bios settings alone for compatibility"
<danderson>
Fairly sure they would consider a coreboot-ed machine damaged goods, it's no longer the same as the others
<danderson>
which actually makes me wonder how packet does hardware security, given that I would expect that I can just reflash anything I want?...
<MichaelRaskin>
And of course they want some level of uniformity just for running support on a pre-boot uniform setup
<gchristensen>
MichaelRaskin: boot timeout is such a low bar
<MichaelRaskin>
I am pretty sure they were annoyed by the idea that they might some day need to do a support task for this machine for the current customer (emily) and then argh, it is not exactly as their scripts expect
<emily>
I mean I think some part of it was "changing the boot order messed up the boot" and the intended meaning was probably "ok, so don't do that then"
<emily>
but in general the tone of their support is ... weird
<gchristensen>
if hte ycannot tolerate modified boot timeout then what are they not even finding
<emily>
I told them about connectivity issues to Let's Encrypt at the request of the latter's support forums and they were just like "go away peon, we won't help you with software issues"
<emily>
and it's like, yeah I wasn't really expecting that I was just letting you know you have a connectivity issue with Cloudflare...
<emily>
but oh well
<MichaelRaskin>
gchristensen: during normal support they do not even want to find anything, they want to run their script!
<emily>
hence the price tag
<sphalerite>
idk, support was pretty helpful for me with the temperature issue.
<sphalerite>
I think I got more than my money's worth there
<emily>
you're probably paying more than me, I don't even have a ryzen ^_^
<emily>
I got mine on the auction thing
<MichaelRaskin>
gchristensen: sanitising a currently-used machine is _not_ a strategy you want them to follow!
<gchristensen>
haha fair
<gchristensen>
danderson: I'm not sure the depth of it, but I know something something eclypsium
<sphalerite>
not that the issue is actually fixed or anything, but they replaced the fan and then the whole machine so yay
<samueldr>
Sysadmins can configure things by editing /etc/xdg/user-dirs.conf. At the moment there are only two settings, you can disable the whole thing, and you can specify the charset encoding used for filenames. They can also set or change the default directories and their initial values in /etc/xdg/user-dirs.defaults.
<samueldr>
so you kinda have a choice, for well-behaved software
<samueldr>
now, that won't stop misbehaving software!
<bqv>
i even have my userDirs set to not be this uppercase nonsense using home-manager
<bqv>
so it's not even something adhering to xdg that's creating them
<bqv>
that's the most frustrating part
<colemickens>
for me, it was firefox aggressively creating ~/Downloads and once fixing the xdg user dir config, I never had ~/Downloads again
<emily>
I get ~/Desktop periodically but not ~/Downloads
<samueldr>
I'm sure y'all would have a bad reaction to my full home dir :)
<eyJhb>
samueldr: what have you done?
<bqv>
i think i might make my homedir readonly again
<samueldr>
~ $ pwd
<samueldr>
/Users/samuel
<eyJhb>
^^ get out
<eyJhb>
MacOS X?
<samueldr>
eyJhb: though I do have, planned, to try "/C:/Documents and Settings/Samuel Dionne-Riel/" at some point
<samueldr>
and see the world burn
<bqv>
or at least `chattr +i` it and whitelist things that can write to it
<eyJhb>
OUt samueldr -;p
numkem has quit [Remote host closed the connection]
* colemickens
spies a wild Go font user in the wild
<joepie91>
samueldr: you could turn /nix/store into /C:/Program files !
<samueldr>
joepie91: yes!
<bqv>
i don't like you
<samueldr>
I also have an on-pause project I need to thaw out that uses fuse to merge all xdg application dirs with .desktop files, to mount them under /Applications
<samueldr>
even handling the user's own!
<joepie91>
heh
<colemickens>
I would love to see a space in `/nix/store` prefix and see what happens :)
<samueldr>
so each UID sees a different set of desktop files
<joepie91>
something involving fire probably
<samueldr>
or a firing?
<samueldr>
eyJhb: btw that's all on NixOS, with a mostly normal Linux kernel
<samueldr>
it is using the gobohide patchset to allow rootkit-like behaviour of hiding things
<samueldr>
colemickens: I even use Go on the VT!
<MichaelRaskin>
samueldr: store must not have spaces
<MichaelRaskin>
More or less unfixable in middle-term
<MichaelRaskin>
colemickens:
<samueldr>
do you mean that it's nix that enforces that?
<samueldr>
or that things invariably will break?
<samueldr>
the latter I assume would happen
<MichaelRaskin>
It might enforce this, but also we need Shell for loop over a variable containing a list of store paths to work
<MichaelRaskin>
In some places including reasonably central ones
<samueldr>
that shouldn't break on spaces, except if the code is buggy
<eyJhb>
Why the use of gobohide?
<samueldr>
eyJhb: because I can
<eyJhb>
WELL!
<eyJhb>
Okay then :p
<colemickens>
I feel like I overly aggressively quote and try to defensively write my bash and I still would get nervous for someone running spaced-paths through them
<samueldr>
eyJhb: that's one thing I like to point out about nixos, it makes doing funky stuff trivial
<MichaelRaskin>
samueldr: well, step by step: ":" will just break everything starting with $PATH
<samueldr>
that's another issue, and I didn't propose it
<samueldr>
(neither did for the space)
<MichaelRaskin>
You agreed to /C:/Program\ Files
<samueldr>
yeah, bind mount and never actually use it!
<samueldr>
just have it present to troll people
<MichaelRaskin>
But bind mount and not symlink so that the shock lasts longer?
<samueldr>
yep
<MichaelRaskin>
And the real store is /.nix/store so ls does not show it?
<samueldr>
also patch udisks to mount disks at the root level with levvers
<samueldr>
MichaelRaskin: gobohide
<samueldr>
I already hide paths like a macOS does
<samueldr>
they're removed from readdir, but still exist
<samueldr>
as in readdir in the kernel
<gchristensen>
okay I absolutely want to make my home dir /C:/Documents and Settings/grahamc
<eyJhb>
samueldr: stop spreading this madness!
<samueldr>
gchristensen: you also need the udisks patch to mount external drives as D:, E:, F:
<gchristensen>
this might be what pushes me over the edge to reinstalling on encrypted ZFS
<MichaelRaskin>
Come on, stop imitating _bad_ examples.
<samueldr>
what I actually intend to do is have home as C:/Documents and Settings/Samuel Dionne-Riel/Application Data or whatever the "legacy" one for windows, and XDG dir the not legacy one
<samueldr>
so all dotfile creating stuff will fill that dir
<colemickens>
I love how even MS wants peopel to forget "Documents and Settings" and yet it is burned into all of us
<samueldr>
or worse yet, use the localized paths!
<MichaelRaskin>
Just /Dynamically composed/User directories/grahamc
<colemickens>
can get get some DOS-style paths too? That's even better since they have a tilde in them! C:\DOCUMEN~1\...
<samueldr>
hmm
<MichaelRaskin>
Mid-tilde is actually harmless
<samueldr>
I should patch 8.3 path resolution in the kernel readdir
<samueldr>
just to break EVERYTHING
<gchristensen>
lol
<MichaelRaskin>
samueldr: good thing patents are unenforceable in EU
* samueldr
is confused
<samueldr>
I'm not in the EU, and what is patented?
<samueldr>
or, better, patented _still_
<MichaelRaskin>
I think there was something about short names and long names that was patented by MS
<samueldr>
I would assume 8.3 is done
<MichaelRaskin>
Not sure if this expired
<eyJhb>
samueldr: nixos is not good for you
<samueldr>
no, it's perfect
<eyJhb>
You have too much power and fun with it
<samueldr>
exactly
<samueldr>
maintaining such a setup on Arch Linux was painful
<MichaelRaskin>
samueldr: I think at some point we have NIX_CFLAGS_COMPILE that we want to be re-splittable
* samueldr
hates byte soups
<MichaelRaskin>
Byte soups asked to tell you that you are a fine human, and thus you are among the target group they hate!
<bqv>
eyJhb: i've just set `chattr +i` on my home instead. anything that tries to create those directories will fail
<bqv>
the only hiccup seems to be .Xauthority which i've had to move
<bqv>
can't see anything else at a glance that needs to be in toplevel ~
<bqv>
oh shitebiscuits
<bqv>
this is going to break home-manager
<MichaelRaskin>
Doesn't it support store $HOME?
<eyJhb>
Setting up tmpfs $HOME atm. bqv , so should not be much
<bqv>
mm, i'm not fussed on tmpfs, i want things to write what they want, just not where i don't want them to
<bqv>
MichaelRaskin: well all the files are in the store, but they're symlinked to ~
<bqv>
so if it's readonly or +i then not even symlinks can go there
<MichaelRaskin>
Well, next level is that all that symlinking is inside a store path, and $HOME points there (via one more symlink, I guess)
<bqv>
oh, hm
<eyJhb>
gchristensen: ZFS+Encryption and tmpfs / so far
<gchristensen>
nice
<eyJhb>
And just finished the persistent NetworkManager
<bqv>
so you suggest having that directory be actual home and symlink stuff i need from /home to the store?
<eyJhb>
Getting ready to try getting it to work in $HOME as well now :|
<bqv>
cause if that's doable i feel like i'll totally do that
<eyJhb>
Also, didn't think much of it, and wanted to see if my computer would crash when I did a big dd from zero to disk. Compression does compress :p I was a amazing moment watching that
<gchristensen>
oh fun :)
<MichaelRaskin>
bqv: $HOME is a symlink, target is in store, writeable stuff is symlinks to whatever is writeable
<eyJhb>
And it did not crash.. My current system will halt everything when I try
<MichaelRaskin>
At least that's how my /etc currently works
<bqv>
don't see why not
<Valodim>
the way that retroarch is supposed to be configured is so odd