<abathur>
but my reasons for git-annex are pretty git-annexy; not sure much else can meet them; like having a repository for binary files that I can share across my desktop and laptop, not having to have a fully copy on my laptop, avoiding an always-on sync service sort of thing, being able to store document variants in branches with good commit messages rather than in-tree naming schema
<abathur>
but I do like what I perceive to be tahoe's approach to security; I've spent a little time trying to balance ease-of-use with stuff like my dotfiles or annexes and the risk that a compromised device could do something adversarial like force-push
<joepie91>
right, tahoe does not have commits natively, though I guess you could reconstruct that on top of its storage API
<joepie91>
it *does* have what's basically "RAID over the network"
<joepie91>
in principle that could be used as a way to represent data files stored across multiple systems, as a single coherent object store
<joepie91>
one issue you might run into is with the deletion model though
<joepie91>
it currently does not have a 'delete' feature AFAIK, just an expiry-and-renewal mechanism
<joepie91>
which kinda sorta looks like a 'delete' operation if you squint, but not quite :P
<energizer>
abathur: just occurred to me, https://www.plasticscm.com/ is proprietary but might meet your needs
waleee-cl has quit [Quit: Connection closed for inactivity]
<iqubic>
You know what's weird? I'm using a tiling window manager, and when ever I try to do screen sharing in like Zoom, or Discord or something, and I click on "share single application" I'm only given a list of applications open on the same workspace as the program that's doing the screen sharing.
<iqubic>
If I choose instead to share "whole monitor", then I can switch to any monitor and share any screen. However, this might show status bars and other things that I'd rather not share.
<ldlework>
There's this Go AI called KataJigo which instead of trying to crush you as hard as possible, it tries to win by the smallest margin possible. It's really funny, it comes up with some pretty clever ways to cull its lead.
<samueldr>
is it like playing bastet for tetris?
FRidh has joined #nixos-chat
drakonis has quit [Read error: Connection reset by peer]
<lovesegfault>
talyz: Oh my I tried to use impermanence and it was hard
<lovesegfault>
It doesn't seem to support erasing all of /home/ very well, it relies on /home/$user existing
<lovesegfault>
Does anyone know how to create a folder during Nix's early boot?
<lovesegfault>
I'm going to give this a shot and see if it fixes it
<talyz>
Weird.. My home directory is created automatically on boot, and I thought that was what did it 🤷
<lovesegfault>
rebooting, brb
<lovesegfault>
talyz: nope doesn't work
<lovesegfault>
those trigger before systemd mounts the disk
<talyz>
Oh :/
<talyz>
Still, you shouldn't really have to do that anyway
<talyz>
I mean, I don't have to on any of my systems, and I don't mount any special home volume or anything like that
<lovesegfault>
How do you wipe /home?
<talyz>
lovesegfault: I don't treat /home in any special way at all - it's part of /, which is either a tmpfs mount or a new btrfs subvolume created on boot
<talyz>
lovesegfault: do you have isNormalUser = true set for your user, btw?
<talyz>
huh, that should cause the update-users-groups.pl script to create the home directory in the activation script, if I'm reading the code correctly..
cole-h has quit [Quit: Goodbye]
* lovesegfault
goes look at code
<lovesegfault>
talyz: What line?
<talyz>
215
<lovesegfault>
jesus christ perl code
<talyz>
:D
<lovesegfault>
When does this get run?
<talyz>
on every activation
<lovesegfault>
And when is activation run in the boot process?
<talyz>
pretty early, I think
<talyz>
before any systemd services
<lovesegfault>
I wonder if this is assuming /home exists?
<lovesegfault>
When is /home created
<lovesegfault>
OH
<lovesegfault>
WAIT
<lovesegfault>
I HAVE A THEORY
<talyz>
it's run at line 131 in stage-2-init.sh
<lovesegfault>
nvm, theory invalid
<talyz>
:/
<lovesegfault>
talyz: Do you see that end up in your /run/current-system/activate?
<talyz>
lovesegfault: you mean the perl script? yes, that's in there
<ashkitten>
i just realized, the moto atrix 4g is... fairly cheap?
<ashkitten>
like, i could get one for $30 on ebay
<lovesegfault>
talyz: Yeah, for me too, weird
<ashkitten>
lapdock for $50
<ashkitten>
multimedia dock for $30
<lovesegfault>
This is weird
<talyz>
lovesegfault: look at the json file it reads and see if you can spot anything strange, maybe?
<lovesegfault>
Let me try one more thing
monsieurp has quit [Remote host closed the connection]
<talyz>
lovesegfault: how do you deploy your systems, btw? nixops?
<lovesegfault>
talyz: I use nixus (infinisil's tool)
<lovesegfault>
Success!!!
<lovesegfault>
it works
<talyz>
:D
<lovesegfault>
I'm ashamed to reveal why it wasn't working :P
<lovesegfault>
The main challenge is getting bind mount to a file
<lovesegfault>
I recommend you try this: create a file in your state dir, add `touch /home/etu/test` to activationScripts. Add a fileSystem bind-mount from the the file to that test
<lovesegfault>
then see what happens
<etu>
Will do :)
<lovesegfault>
For me what happened is the mount target ended up being a directory instead of a file (?!) and then the mount correctly failed
<lovesegfault>
Anyone: what does ll -d / say to you
<etu>
drwxr-xr-x 17 root root 340 Jun 6 10:37 /
<etu>
lovesegfault: Have you set the mode option for your tmpfs?
<etu>
Without it some things will be sad, such as sshd that complain about unsafe permissions and don't start.
<lovesegfault>
Yep, that fixed my woes
<lovesegfault>
etu++
<{^_^}>
etu's karma got increased to 21
<eyJhb>
Having Firefox and chromium shit all over XDG and where to place files really screws with my tmpfs
<eyJhb>
Put the files in the XDG_DOWNLOADS_DIR or else I get the disk full again
<lovesegfault>
my zsh_history keeps ketting clobbered, I wonder why
<eyJhb>
lovesegfault: assume retorical?
<eyJhb>
gchristensen: when I use a zvol with EXT4, does it then ALWAYS use the assigned space, or is it dynamic?
<lovesegfault>
eyJhb: Not rhetorical, I do wonder why
<lovesegfault>
it doesn't get set up as symlink by home-manager correctly
<etu>
One benefit of tmfs /home: "nix search" is building the cache on first use after each boot so I never have to think about adding -u to update the cache.
<etu>
tmpfs
<lovesegfault>
Oh, it's zsh's fault
<lovesegfault>
when I start it clobbers the symlink with a file
* lovesegfault
wonders
<lovesegfault>
This is why I want to bind everything
<etu>
lovesegfault: A bind mount would probably solve that :p
<lovesegfault>
Yeah
<lovesegfault>
Did you test the bind mount file thing?
<etu>
Not yet"
<lovesegfault>
You'll see the issue
<etu>
lovesegfault: Gonna test it now
<eyJhb>
Why does zfs history differ from bash?
<eyJhb>
etu: I have set mine to cache the nix search
<etu>
eyJhb: boring :D
<adisbladis>
etu: talyz: Btw, it would be nice to use RequiresMountsFor
<eyJhb>
I only ever use it when I can't find the package, then I do `-u` :P
<lovesegfault>
adisbladis: What is that?
<etu>
lovesegfault: It broke stuff badly for me
<lovesegfault>
etu: Yep
<lovesegfault>
It creates a dir for the mountpoint
<lovesegfault>
I'm going to solve 1.2b before going to bed
<lovesegfault>
damn you
<eyJhb>
Row reduction is kind of fun
<eyJhb>
When it goes right! But when a single step is wrong 2 steps back.. Theeeen...
__monty__ has joined #nixos-chat
<talyz>
adisbladis: for which unit?
<etu>
Maybe we can make our own unit...
<etu>
talyz: Idea: based on lovesegfault's suggested api: persist.users.etu.files would create a user unit (which can be done systemwide) that will set up that users home directory. That way we'd buypass home-manager entierly
Jackneill has quit [Ping timeout: 272 seconds]
Jackneill has joined #nixos-chat
parsley936 has joined #nixos-chat
Jackneill has quit [Ping timeout: 246 seconds]
Jackneill has joined #nixos-chat
<talyz>
etu: Yes, if the point is to get rid of the home-manager module (or lessen the need for it, at least), then that would work.
Jackneill has quit [Ping timeout: 265 seconds]
Jackneill has joined #nixos-chat
<Valodim>
if anyone else is having "Requires Steam!" trouble starting C&C remastered from steam: it's some kind of steam directory layout issue. delete your .local/share/Steam and redownload stuff, and it'll work.
<pie_>
Valodim: make a post somewhere that people will actually find via google? :P
<pie_>
(sometimes i file and immediately close an issue with an answer)
<eyJhb>
lovesegfault: did you finish it?
Jackneill has quit [Ping timeout: 246 seconds]
<Valodim>
pie_: I found that info via google, it was just kinda obscure :)
Jackneill has joined #nixos-chat
KeiraT has left #nixos-chat [#nixos-chat]
<pie_>
*nod*
Jackneill has quit [Ping timeout: 260 seconds]
ninjin has quit [Ping timeout: 240 seconds]
ninjin has joined #nixos-chat
Jackneill has joined #nixos-chat
Jackneill has quit [Ping timeout: 246 seconds]
<eyJhb>
etu: I hate this Windows nonesense
Jackneill has joined #nixos-chat
<eyJhb>
Thought resizing would be ideal
<eyJhb>
Now the drive won't boot, the previous backup is corrupt and I cannot copy 5% of the files :D
Jackneill has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-chat
lucus16 has joined #nixos-chat
<gchristensen>
lovesegfault: I don't like to use my valuable RAM for /
<eyJhb>
gchristensen: $HOME sucks more atm. for me
<gchristensen>
hmm I don't put anything in to tmpfs really except for /run
<eyJhb>
what about /tmp?
<gchristensen>
nor that
<gchristensen>
I'm not sure why I would when / gets blown away anyway and my disk is nvme
<__monty__>
Are there better password manager recommendations for tech-adverse people than 1password? OS or browser specific keychains?
<__monty__>
Is bitwarden reliable enough with a nice UI on all platforms for someone who doesn't care about foss?
<gchristensen>
browser (ff, chrome) keychains are pretty good. I usually recommend 1p b/c they try pretty hard to be pleasant to use
<__monty__>
Ok, not the answer I wanted to hear but the answer I was expecting.
<__monty__>
Thank you.
zimbatm has quit []
zimbatm_ has joined #nixos-chat
<__monty__>
Does anyone have experience reports of Radicale or EteSync and Tahoe-LAFS (especially compared to NextCloud)?
<gchristensen>
yeah, I don't really like 1p for me anyway, but using 1p is going to be way better than not using anyting -- so picking the easiest-best
<__monty__>
Bitwarden looks like a viable alternative but I haven't really seen glowing recommendations. And I don't think it's seen as much scrutiny.
<eyJhb>
__monty__: currently using Bitwarden
<eyJhb>
Seems fine, not had any problems with it so far
<eyJhb>
I know that srhb have been using it for some time
<__monty__>
Would you recommend it for the "barely able to use an ipad" kind of people?
<eyJhb>
Yes and no, it is quite simple but wouldn't the build in suffice?
zimbatm_ is now known as zimbatm
parsley936 has quit [Remote host closed the connection]
<__monty__>
I don't like the idea of trusting Apple/Microsoft/Google. Mozilla is *slightly* less bad but what about non-web passwords? And the platform-specific solutions complicate matters if people have an iphone *and* a laptop running windows.
parsley936 has joined #nixos-chat
<__monty__>
So I'd rather be able to blanket recommend a solution that'll work on any platform rather than going "You want my recommendation? Fill out this 2 hour questionnaire first."
<gchristensen>
arianvp: what do you think about bitwarden?
<eyJhb>
Well, I would say Bitwarden works well and it somewhat easy to use
<eyJhb>
Have only had some folder issues (wheret to create them from chrome), and if I hover away from the popup in chrome, it closes and I have to fill out the info again
<__monty__>
Don't know what's going on there. A password manager that can use your approximate location to maybe stay unlocked for longer or something could be cool. Like, if you're at home don't require the master password every minute. Probably horribly insecure though not sure how trustworthy location services on smartphones are.
<gchristensen>
I think arianvp's point is more what are the moral guidelines of the company that let them put location tracking on their marketing page
<__monty__>
Otoh offering people more opportunities to glance your master password when in public might be backwards.
<__monty__>
Probably, current web is a disaster sadly.
<__monty__>
I especially love all the GDPR confirmation windows that "require 3rd-party cookies to be enabled" to be able to *disable* cookies...
<arianvp>
I've used bitwarden as a paying customer for years
<arianvp>
But they're suddenly shipping marketing spyware so I'm very concerned
<arianvp>
Hope they answer soon
<arianvp>
:/
<__monty__>
: (
<__monty__>
I'm not sure whether that makes it worse than 1password or just only least-worst though?
<gchristensen>
is a "this end up" instruction on a box for the shipping company, or more for "Don't open it the other way" instruction
<manveru>
it's mostly to fill up space on blank boxes...
<__monty__>
I don't think shipping companies care about such instructions.
<__monty__>
And who can blame the delivery van drivers tbh. Terrible wages and working conditions.
<gchristensen>
yeah, I'm really thinking it is more for the opener
<DigitalKiwi>
lol ghuntley is way ahead of you on that
<DigitalKiwi>
dang can't link his profile's private now
<eyJhb>
arianvp: but the other services still do not track?
<eyJhb>
And it asks, you need to consent,
<eyJhb>
But still weird
<DigitalKiwi>
is arianvp programmerdude
<eyJhb>
also, covid-19 related, all the stores have hand sanitizer on entry and exit, some smell like "nothing", others like strawberry. But currently it smells like tequila
<eyJhb>
Didn't unstable use to be pushed to multiple times a day?
<eyJhb>
Or at least once a day?
<arianvp>
eyJhb: then you had a food-grade alcohol
<arianvp>
They've been approved for hand sanitizer due to shortages in ethanol
<arianvp>
At least here :p
<arianvp>
The smell is very distinctly vodka
<eyJhb>
arianvp: it is no fun. But at least I have no bad experiences with tequila :p
<eyJhb>
But good to know!
<eyJhb>
What can you tell me about the bubblegum/strawberry smelling ones arianvp ? ;)
cole-h has joined #nixos-chat
<arianvp>
They use perfume
<DigitalKiwi>
one tequila two tequila three tequila floor
<arianvp>
Lol
<eyJhb>
Hoped for something better :p
pistache has quit [Ping timeout: 260 seconds]
pistache has joined #nixos-chat
<pie_>
DigitalKiwi: stand up, bottoms up! have a couple more :P
<eyJhb>
Soo.. I have two channels, nixpkgs and unstable
<eyJhb>
But nixpkgs is unstable as well
<gchristensen>
DigitalKiwi: I wonder if people will ask you for one now
bqv has joined #nixos-chat
<sphalerite>
eyJhb: there's nothing precluding it from happening again
<sphalerite>
eyJhb: they get updated automatically from master whenever the appropriate test sets pass
<etu>
lovesegfault, talyz: I made a thing
<etu>
lovesegfault, talyz: It's very much based on talyz initial module, but it bindmounts instead and supports both files and directories in the entire filesystem: http://ix.io/2orz/nix
<cole-h>
👀
<etu>
Slightly updated to support files with spaces in the filename: http://ix.io/2orA
<etu>
lovesegfault: I can boot on it and I can read the files that I expect and enter the directories I expect as well. And they contain contents :)
<sphalerite>
I had a scare with fwupd a while back, tried to install an update, all looked well until the lenovo utility had completed… then the screen was off, power was on, and the power button didn't work
<sphalerite>
as in if I pressed it, the laptop went "beep-beep-beep" and nothing else changed
<sphalerite>
Holding it didn't do anything
<sphalerite>
but after the laptop ran out of battery and I connected it to the power again, everything was fine
<gchristensen>
oof
<sphalerite>
gchristensen: so you're saying we need to backport a newer fwupd version to 20.03?
<gchristensen>
yeah almost ready to PRit
<lovesegfault>
etu: Can you make a PR?
<etu>
sure can do!
<lovesegfault>
One nice thing about the home-manager module is that it more easily allows to track state in the same file as you configure the program
<lovesegfault>
etu: So, what were the issues with bindmounts & how did you fix them?
<etu>
lovesegfault: I never managed to get the same issue as you did, my issue was that I didn't have neededForBoot set to true on the path I was reffering to
<etu>
lovesegfault: so the fs wasn't mounted when the activation script was executed
<lovesegfault>
Aha!
<etu>
lovesegfault: I made nix-community/impermanence#2 at least, it's very much based on talyz work :)
<adisbladis>
lovesegfault: They're a pretty good combo
<lovesegfault>
etu: Going to test mounting one user file
<lovesegfault>
just saved my ass
<lovesegfault>
etu: wow, that assert on the fs being neededForBoot = true is _awesome_
<lovesegfault>
let's see
<adisbladis>
Store pifs metadata in pingfs
<energizer>
with a large enough data collection it's easier to track the data that you *don't* want to store
<lovesegfault>
adisbladis: Oh wow
<lovesegfault>
etu: it doesn't work :D
<etu>
lovesegfault: How?
<lovesegfault>
for an interesting reason
<lovesegfault>
but the dir struct it creates is owned by root
<lovesegfault>
the bind mount, zsh_history, ends up with the right perms
<lovesegfault>
suppose you add /home/foobar/.local/share/zsh_history
<lovesegfault>
so .local/ is owned by root, and so is .local/share
<etu>
That makes sense, we would want some chown
<etu>
For the users files
<lovesegfault>
yep
<lovesegfault>
The _right_ way to do this might be to iterate over the sourcePath and then go mkdir'ing it and doing `chown --reference sourceDirPart targetDirPart
<lovesegfault>
so for /state/home/bemeurer/.local/share/foo we'd go to /home, if it exists keep going, /home/bemeurer exists keep going, /home/bemeurer/.local _doesn't_ so we create it and chown --reference /state/home/bemeurer/.local
<lovesegfault>
and so on
<eyJhb>
sphalerite: so just a lot of failing tests atm.?
<lovesegfault>
And this can be done for any files/dirs, not just users'
<lovesegfault>
and lets users manage their perms using just the state fs, no extra nixery needed
<eyJhb>
Heey you are up lovesegfault
<lovesegfault>
eyJhb: o/
<eyJhb>
Slept well?
<lovesegfault>
My wife kneed me in my balls in her sleep
* tazjin
has a highlight for "nixery" and got mildly confused by this ping
<etu>
lovesegfault: The module needs more hacking, but it can be great I say :) I need some sleep. Got stuff to do tomorrow morning:)
<lovesegfault>
it was a tough night
<lovesegfault>
etu: I'll try to have a PR by when you wake up
<lovesegfault>
24 hour WORK FORCE
<etu>
lovesegfault: :D
<etu>
✨ lovesegfault
<{^_^}>
lovesegfault's karma got increased to 36
<eyJhb>
Which PRs are happening?
<eyJhb>
And why a tough night? :p
<lovesegfault>
<3 etu
<{^_^}>
etu's karma got increased to 23
<etu>
This is the most important project and module :D
<eyJhb>
Holy hell, what doesn't the bot recognize?
<lovesegfault>
etu made great strides while I was sleeping on bind mounting everything, but non-root files don't yet work for reasons I explained above
<lovesegfault>
I have a solution in mind, so now they go to sleep and I hack :D
<eyJhb>
Doesn't bind mounting everything clutter at some point?
<lovesegfault>
clutter what?
<eyJhb>
I just assume something, but I guess not
<eyJhb>
lovesegfault, etu: how have you added the impermanence repo/module?
<ldlework>
lovesegfault: that's awesome
<lovesegfault>
eyJhb: niv
<pie_>
inb4 niv > flakes
<lovesegfault>
The thing is flakes can only pin Nix stuff
<lovesegfault>
I often want to pin non-nix sources as well
<eyJhb>
lovesegfault: like what?
<lovesegfault>
Anything you'd fetchTarball or fetchFromGitHub
<lovesegfault>
etc
<lovesegfault>
fetchgit
<ldlework>
arnt those pinned by virtue of rev+sha?
<lovesegfault>
Yes, but niv let's me update them with ease
<lovesegfault>
I don't have to go diffing for the new rev and sha
<lovesegfault>
I just `niv update myThing`
<aterius>
I do the same thing ^ it's super convenient for versioning everything
<ldlework>
I mostly just change the version of a thing, rebuild, then copy the real hash in, then rebuild again
<ldlework>
but i should check out niv for that
<lovesegfault>
Yeah, that's annoying :P
<lovesegfault>
It's what I used to do
<lovesegfault>
Want to change the branch of the source? nix update -b myOtherBranch mySource
<ldlework>
i keep my configuration highly modular as individual nix modules in folders (so I can also have support artifacts)
<ldlework>
would you use niv in each of my individual modules
<ldlework>
or would you niv in a more global way somehow?
<ldlework>
if the question doesn't make sense just tell me to go read more :)
<energizer>
ldlework: instead of doing fetch in each module you can have niv handle the fetching and put all the fetched stuff into a `sources` attrset and you can use those instead of the fetched thing
<lovesegfault>
see nix/default.nix for niv entry point
<ldlework>
energizer: yeah that's kind of what I was fishing for, but now I worry about two-places-for-one-thing situation
<ldlework>
cool thanks I'll take a look
<lovesegfault>
gchristensen: do you persist your zpool.cache?
<lovesegfault>
cc. cole-h
<cole-h>
My what now
<lovesegfault>
cole-h: ls /etc/zfs
<cole-h>
Oh, I see.
<cole-h>
I haven't spent time in switching to impermanence yet
<cole-h>
So yes lol
<lovesegfault>
cole-h: :D
<lovesegfault>
I'm having a hard time finding out what exactly that cache does