<{^_^}>
tailscale/tailscale#18 (by bradfitz, 14 weeks ago, open): Support connecting over IPv6 or IPv6-to-6to4
<makefu>
emily: i actually have to have ipv6 explicitly deactivate to make some old random software work when rj45 is connected ... that was a sad day when i realized it
<emily>
you know, the one good thing about modern mobile internet connections is that they make people deal with v6
<makefu>
or enterprise-grade NAT
<makefu>
s/enterprise/carrier/
<bqv>
it depresses me that there are things that still only support ipv4
<bqv>
i've had ipv6 at home for several years now
<bqv>
hey wait, it's just occured to me what that means...
* emily
has a /48 from her ISP ^^
<emily>
what I'd really like is some ISP-independent addreses, but I'm not sure I'm ready to become an AS just yet ;w;
<emily>
it's the cursed G.fast "let's do 300 Mbit/s download over VDSL, why not" thing
endformationage has joined #nixos-chat
<emily>
I've had good experiences, had to explicitly opt-in to IPv6 but everything's smooth, connection is stable, support is good, even the bundled router/AP is pretty decent (they give you a fritzbox)
<emily>
was also considering A&A but they had worse speed at higher cost
<bqv>
neat
<bqv>
yeah i think i considered A&A many years ago back when i had housemates
<bqv>
they were uncooperative
<adisbladis>
UK.. The place where they call coax cable fibre...
<bqv>
i think i'll genuinely switch to zen
<bqv>
adisbladis: ha
<bqv>
emily: hang on, that's insanity
<emily>
zen and A&A are also some of the few ISPs that don't, like, block thepiratebay or whatever
<bqv>
for 2 pounds extra i'd get double the speed
<bqv>
and a static ip
<bqv>
yeah i'm switching right now
<emily>
bqv: if that's the case then you could probably get a better deal from Sky or Virgin too, but yeah they're a lot more competitive without new-customer discounts :P
<bqv>
virgin can take their **** and shove it up their ********
<bqv>
i'm done with them forever
<emily>
I grimaced a bit at the extra cost I was paying because of the deep new-customer discounts other providers give, but I've dealt with crappy UK ISPs way too much
<bqv>
but nah i like the idea of getting a far better deal from zen
<bqv>
and i'm bad at haggling
<emily>
(re the blocking: the rule is "if you have the technical capacity or above a certain size, you must comply with our annoying filtering rules")
<emily>
(so the Good ISPs just choose to not build out any infrastructure for it :P)
<bqv>
lol
<sphalerite>
bqv: but would they still be vir— I should really learn to shut up sometimes.
<adisbladis>
emily: Are there actually good UK ISPs?
<sphalerite>
adisbladis: this A&A thing sounds good based on their website
<emily>
adisbladis: pretty much, you can get real fibre if you're in a few cities and that's about it
<emily>
adisbladis: A&A and Zen are pretty great!
<bqv>
emily: want me to say i was referred by you?
<emily>
you're still dealing with the limitations of the Openreach/TalkTalk/whatever backbone but they do a very good job with the conditions
<emily>
bqv: heh, do they actually have a referral program? I didn't realize
<bqv>
yeah it's asking me for a name
EatThem has quit [Quit: Leaving]
<bqv>
oh, nvm, i'm gonna have to call to order anyway because covid
<emily>
(/msg'd)
<emily>
I guess technicians might not even be coming out right now for installations
<emily>
the G.fast stuff required a home visit
<emily>
it's kind of awkward: the fritzbox they give you doesn't support g.fast, even though there are fritzboxes that do, so you have to use the openreach/huawei modem black box with it
<emily>
the reason is that because of $regulations the router you provide needs to be Certified™ and the g.fast ones aren't
monsieurp has quit [Quit: leaving]
monsieurp has joined #nixos-chat
<bqv>
hmm okay, so i can order online, it's just that i do in fact need to pay line rental
<bqv>
..still only 7 quid extra, i reckon it's worth it for the Boons
monsieurp has quit [Client Quit]
hoverbear has joined #nixos-chat
hoverbear has quit [Client Quit]
monsieurp has joined #nixos-chat
hoverbear has joined #nixos-chat
<emily>
worst case you can always call up sky, tell them about your very imminent and concrete plans to leave, and probably get a new customer discount for another year or whatever
<joepie91>
lol
numkem has joined #nixos-chat
<hoverbear>
I find myself testing nix on freebsd this morning
<MichaelRaskin>
Ohhhh interesting
<hoverbear>
I am not sure if I should expect it to work or not
monsieurp has quit [Remote host closed the connection]
<hoverbear>
Excellent: "sh: sorry, there is no binary distribution of Nix for your platform"
<hoverbear>
adisbladis: Literally just fired up a FreeBSD VM and started following our install instructions but trying to use nix for it
<hoverbear>
So no :)
<adisbladis>
Right :)
<hoverbear>
This is insteresting...
<hoverbear>
Okay so I'm going to mark this as a "Future work" for me I think since there is no binary distribution of Nix for FreeBSD I'm going to presume the # of users is minimal.
<adisbladis>
I've heard of a big company running Nix on Freebsd in production
<adisbladis>
They seemed to have a lot of stuff in private repos
<hoverbear>
Yeah, "Big companies who don't share back" aren't really on my list of highly desirable users. :)
<pie_>
hoverbear: btw #freebsd-nix is a thing
<hoverbear>
Oh yay
<pie_>
not very active but it exist
<pie_>
wait what <adisbladis> I've heard of a big company running Nix on Freebsd in production
<emily>
adisbladis: uh, now I'm curious
<adisbladis>
This was in casual conversation, and I was sleep deprived so I can't remember many details
<adisbladis>
But an engineer 3-D Secure (or whatever the company managing/developing that is called) said they're using it
<adisbladis>
Also for declarative jails
<emily>
wild
drakonis has joined #nixos-chat
<emily>
I find it hard to imagine using Nix &co. in such depth without interacting with the upstream at all
<emily>
maybe partly because the docs aren't great >_>
<hoverbear>
Same
<hoverbear>
Nixos with a freebsd core would be sweet though
<pie_>
wonder if they have any suspicious job ads :)
<adisbladis>
It's been annoying me for months that I can't remember the name of the guy I talked to
<hoverbear>
Have you considered you might have been dreaming?
<adisbladis>
hoverbear: CCC feels like a bit of a dream, but pretty sure ;)
<hoverbear>
adisbladis: Been to several and I can confirm: Mostly lucid
<drakonis>
hoverbear: gonna need a lot of package patching here
<drakonis>
and freebsd using companies tend to not share the goods
<hoverbear>
MIT blah blah
<drakonis>
BSD license in this case
<hoverbear>
Oh yes
<MichaelRaskin>
emily: if they can build that, probably they have enough doc analysing skills for Nix* ecosystem
<emily>
I feel like they'd also have enough skills to quickly run into bugs they'd want to report or patches they'd want to make, too
<drakonis>
nix doesnt seem to require a lot of patches to run on freebsd
<drakonis>
ever so interesting
<drakonis>
the real challenge is nixpkgs
<hoverbear>
FreeBSD is a good OS with a bummer init system
<adisbladis>
hoverbear: Letas port systemd to freebsd ;)
ravndal has joined #nixos-chat
<hoverbear>
Ew no what are you a sadist
<adisbladis>
Ok, ok
<adisbladis>
Upstart
<pie_>
adisbladis: maybe you can ask around if you remember what he works on :P
<hoverbear>
I think we've learnt enough lessons from systemd that we could make something less of a political disaster on wheels
<adisbladis>
pie_: I've tried
<adisbladis>
But no cigar
<pie_>
mh
<MichaelRaskin>
Don't you need RH buy-in or something?
<hoverbear>
You only need RH buy in so you can pay the staff to suffer all that verbal abuse
<adisbladis>
Sometimes I feel like I'm the only one who _likes_ systemd
<hoverbear>
I actually rather like using the tool and the consistent UX, but I hate the way we got there
<hoverbear>
I hate that it's basically been "Literal Goliath flagrantly ignored all norms and conventions and singlehandedly kills hundreds of projects"
<drakonis>
hundreds might be hyperbole
<hoverbear>
"Dozens of us!"
<adisbladis>
A big reason for me to switch from Gentoo was having discussions around systemd with the Gentoo hardened people
<hoverbear>
I mean, I got banned for saying shit on the IRC channel
<hoverbear>
That's why I left.
<hoverbear>
Literally, I said 'shit' and got banned.
<MichaelRaskin>
A reason for me to give up and drop NixOS bootscripts was systemd breaking my workflows too often
<hoverbear>
I love configuring everything in toml and having consistent naming/ux though
<MichaelRaskin>
hoverbear: is it at least a consistent and announced policy?
<adisbladis>
I've seen way, way wores than than in #gentoo
<adisbladis>
worse*
<hoverbear>
MichaelRaskin: I don't know it was a decade ago and I didn't feel like grovelling and apologizing for my crimes on their GM channel
<hoverbear>
It was right around when they pushed out drobbins anyways so I don't care
<hoverbear>
adisbladis: Yeah most of the chat on #gentoo was passive aggressive swipes at people so nothing of value was lost
<eyJhb>
adisbladis: I hate the way that systemctl wants it arguments... systemctl <action> <service>, I want to execute one action on a service, then another. Let me do that quickly
<ldlework>
haha, that's a pretty minor thing tho
<drakonis>
i'm still waiting for the day that a nix lang based init appears
<drakonis>
in the same vein that shepherd exists
<lassulus>
a common interface which could be used by systemd, openrc or other init systems could be a first step. But then it would be hard to implement systemd-features
<MichaelRaskin>
lassulus: Most of the services implement basic stuff that could be clearly separated into generic launcher, and then maybe some more specific features on top
<lassulus>
ah, cool, I was also thinking about that, nice that svanderburg already did something
<__monty__>
I see that project brought up so often.
<__monty__>
But it looks more like the start of a prototype than something actually practical.
<emily>
systemd doesn't actually use toml
<emily>
it's a custom ini format
<__monty__>
The approach is very, offer the cross-section.
<drakonis>
it requires dysnomia to work
<__monty__>
I'm not sure who suggested it but a "common stuff + systemd = {}; openrc = {};" approach sounds a lot more likely to catch on. You can slowly offer more generic configuration.
hoverbear has quit [Quit: WeeChat 2.8]
<drakonis>
i'd like to stll have a replacement that provides features on a per OS basis
<drakonis>
but its effort
<MichaelRaskin>
We need nix-darwin ported back to Linux
<drakonis>
ie: if you have linux, use cgroups, namespaces, ebpf
<drakonis>
whatever's available for that OS
<drakonis>
freebsd has rctl and jails
<drakonis>
launchd for mac
<MichaelRaskin>
Well, you actually want to have exporters for various process supervisors
<drakonis>
but then to use those things, it'd require a C to nixlang interface
<lassulus>
I would like nixos on android ;D or have services. syntax inside shell.nix
<drakonis>
would be wonderful
<MichaelRaskin>
Most of the services do not really need to be related to NixOS. Or even to module system
<MichaelRaskin>
They need to have connection data for their dependency services (if any), and their own fully compartmentalised configuration data
<Valodim>
for a nix-shell call.. how do I pass those arguments? it seems to me like there's no way and I'm misunderstanding, I'm just not sure how :)
<Valodim>
avoiding xy problem: what I'd like to do is "run command in an fhs environment"
<drakonis>
write a script for that
<MichaelRaskin>
I would write a script that nix-builds then calls the resulting environment script.
<drakonis>
that bash call drops it into the environment with the packages
<drakonis>
you could call bash with a command that calls something else
<drakonis>
bash -c `command`
<Valodim>
I can replace the value of runScript with something else, that works
<Valodim>
but I'd rather not have multiple script.nix that just differ in runScript value
<Valodim>
MichaelRaskin: could you elaborate on that? :)
<drakonis>
i used "runScript = "bash -c 'bash --help'";" and voila
<drakonis>
it invoked bash--help
<drakonis>
bash --help
<drakonis>
runscript invokes a shell command
<MichaelRaskin>
Valodim: well, it is not based on nix-shell
<Valodim>
can also do bash --help directly there, but that doesn't help me to pass arguments through the nix-shell call
<Valodim>
MichaelRaskin: I'm not set on the nix-shell approach, it was just the only one I could get to work at all
<MichaelRaskin>
Just a script that is basically "$(nix-build --no-out-link ./shell.nix)/bin/fhsenv" "$@"
<MichaelRaskin>
I guess there is some -A
<drakonis>
Valodim: it is an example
<Valodim>
MichaelRaskin: that sounds very good
<Valodim>
drakonis: what I'd like to do is (symbolically): nix-shell --command "bash --help"
<Valodim>
however --command doesn't work with buildFHSUserEnv
<Valodim>
MichaelRaskin: I'll play around with that approach, thank you
<Valodim>
MichaelRaskin: I think I can get that to work! thanks a lot :)
drakonis has quit [Quit: WeeChat 2.8]
drakonis has joined #nixos-chat
monsieurp has joined #nixos-chat
<ashkitten>
i updated to current nixpkgs-unstable and got told that p7zip is insecure, but it still said that after removing my inclusion of p7zip directly... it was very hard to figure out that it was winetricks depending on p7zip that was the issue
<ashkitten>
is it possible to get better errors that actually point you in the right direction?
<ashkitten>
at least i'm listening to good music while dealing with nix's awful error reporting
<pistache>
ashkitten: mind to share that good music's name ?
<gchristensen>
I'm making a lot of netboot images, and every time I make a minor change I have to remake a squashfs (a few minutes) and an initrd (a few minutes)
<eyJhb>
And you need rot13, aes-128-cbc where? :D
<gchristensen>
instead I've replaced the squashfs so every store path is its own squashfs, built with recursive nix, so they only have to be built once and can be reused. next, I'll change the initrd to be one big cpio build to one cpio build per store path with recursive nix, so they also can be cached between iterations
<sphalerite>
I'm having docker layered image déjà-vus
<gchristensen>
similar, the docker builder could be made much faster with recursive nix
<gchristensen>
anyway, I can make an initrd in about 15 seconds now
<joepie91>
I'm actually seriously considering using a hand saw to make it more accurate
<eyJhb>
I always blame the saw, and no one is allowed to use it to test the theory. It is tho saw!
<joepie91>
been using a jigsaw so far
<sphalerite>
bah, I don't like autogroup
<joepie91>
heh
<samueldr>
those foot saw are so bad
<joepie91>
foot saw? is that like a footgun with teeth
<samueldr>
exactly
<sphalerite>
gchristensen: 304MB
<samueldr>
(I was just a tad slow at making a joke, that using a hand saw would be more accurate than a foot saw)
<sphalerite>
very cool to be able to build it faster though. I've often wished the squashfs would build faster to be able to iterate faster
<joepie91>
oh lol
ashkitten has joined #nixos-chat
<sphalerite>
and I guess you could use it for iteration then make one big squashfs when it's all working right
<samueldr>
same here, hopefully this can be broken out into a lib or flake thing
<sphalerite>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 303
<gchristensen>
eh, I'll take the size increase :)
<sphalerite>
shhh, don't tell eelco
<sphalerite>
:D
<gchristensen>
hehe
<gchristensen>
I mean, I can't upstream it anyway
<ashkitten>
infinisil: hmmmm i realized that nixoses' key management doesn't actually work with containers - /var/keys isn't accessible to a container
<infinisil>
Ah haven't thought about that
<gchristensen>
this poor drive
<ashkitten>
i realized that because apparently my mastodon secrets haven't been refreshing as they should, due to lack of access
<pie_>
ashkitten: theres some way or another to symlink external stuff into containers
<pie_>
or osmething like that
<pie_>
idk if thats something you _want_ to do but you _Can_
<ashkitten>
nixoses should automatically do that when a key is used in a container, i feel
<ashkitten>
anyway it works for the moment -- it won't if i delete the stateful secrets_env file that hasn't been updated as it should, but it does for the moment
<cole-h>
It's not nixoses anymore, it's Nixus >:(
<ashkitten>
oh
<ashkitten>
i wish github would've told me that when i pulled down changes today
<samueldr>
(if only the git interface told me that it's because of that!)
<ashkitten>
infinisil: hmmmm looks like `chown $user:` doesn't work with a numeric user
<ashkitten>
`chown $user` does
<emily>
can you really just push to someone else's branch like that?
<emily>
I knew maintainers could edit PRs but I assumed it would detach it from the other person's repo somehow... github's access control model is a joke
<Valodim>
it's an opt-in feature when making a PR to allow upstream maintainers to push to that particular branch
<MichaelRaskin>
Isn't it opt-out?
<cole-h>
It's opt-out.
<Valodim>
ah, so it is. guess they changed that
<Valodim>
eh, still seems like a reasonable feature to me
<samueldr>
it's not obvious what the checkbox actually allows
<samueldr>
and that's my main gripe with that
<MichaelRaskin>
It's not always what tree a commit on GitHub belongs to, either… par for the course
<samueldr>
(looks like that one isn't named 000-readme... how peculiar)
<emily>
Valodim: it means that if you PR from your personal branch to someone else's project, they can push malicious commits to it, and then you git clone git@github.com:myusername/myrepo.git and get their exploit
<emily>
obviously the solution is "don't trust branches you opened as PRs", but I think it's far from obvious that cloning your own repository can sometimes give you commits from an upstream maintainer
<emily>
especially when github already maintains the pull/X/head refs it could use on the upstream repository
<emily>
just another entry in a long list of github features that seem to be designed to point out the value of git commit signing
<samueldr>
"but the git commit is signed"
<samueldr>
(by the new author!)
<emily>
yeah, you need your own custom per-repo validation machinery which sucks...
<samueldr>
authored-by and committed-by
<samueldr>
yeah
<emily>
shouldn't be too hard to build something simple like "all commits to my config repo have to be signed by one of my keys" at least
monsieurp has joined #nixos-chat
<Valodim>
not hard, except for the key management part
<Valodim>
which is, uh, one of the harder problems out there these days
<MichaelRaskin>
The problem is much simpler if most predicates contain the word «my»
monsieurp has quit [Remote host closed the connection]
<samueldr>
wouldn't "breaking" all git interactions if the current commit isn't signed by "my" key be enough? up to requiring an empty signed commit to mark the current chain valid?
<bqv>
emily: ordered, and sky have already registered my cancellation
<bqv>
This is beautiful
<samueldr>
but, yeah, that wouldn't stop anything else from using that data
<samueldr>
unless you can't checkout
<bqv>
So much nicer than ditching virgin
<samueldr>
(with 'sky' and 'virgin', I thought it was flight plans or something along the line)
<__monty__>
Is there a way to make youtube *alway* open to a channel's "videos" page? I literally *never* want to see the "home" page with the auto-play video.
<MichaelRaskin>
And lose that click of Engagement™?? Never
<__monty__>
:'(
<samueldr>
__monty__: better bookmarks
<samueldr>
as in, not an extension, but only using a direct link
<samueldr>
that's how I do it
<samueldr>
the home page is terrible
<samueldr>
and I'm 99% sure that's why you hear "your video didn't get into my sub box"
<samueldr>
people thinking the youtube home is the sub box
<__monty__>
samueldr: I don't mean the youtube homepage, rarely go there.
<samueldr>
oh!
<__monty__>
If you go to a channel's page there's a channel "home" page.