<joepie91>
gchristensen: from a nutritional point of view, it may be worth stocking up on some of those instant food thingems
<joepie91>
a la soylent
<joepie91>
(I have no idea which of them ship to US)
<gchristensen>
we are a long way away from that being a concern
<c74d>
oh dear, https://grahamc.com/blog/nixos-on-zfs reminds me I've been forgetting to set the I/O scheduler to none for the ~5 years I've been using NixOS >_>
<gchristensen>
good news c74d I keep meaning to just delete that line
<c74d>
back on Gentoo I'd set that in the kernel configuration, but, using pre-built kernels, I just never thought about it
<c74d>
oh?
<samueldr>
joepie91: you meant stocking so you can get nutrition while being too hot, and not because of lack of food, I presume, right?
<joepie91>
samueldr: both
<joepie91>
IIRC gchristensen was having issues with the shop only actually fulfilling a tiny part of the food order
<samueldr>
ok
<joepie91>
I have a stock of it mainly for "making sure I still get actual nutrients even when I am unmotivated to cook" reasons, but it's turned out to be quite useful as a fallback food source
<joepie91>
(like when I couldn't go out due to symptoms, and hadn't found the supermarket without a 3 week lead time for deliveries yet)
<gchristensen>
yeah, out of our $560 order $260 of things came (and it wasn't a lot of food things)
<samueldr>
let them eat stationeries
hoverbear has joined #nixos-chat
<joepie91>
lol
<colemickens>
Is there a non-gpg replacement for (go)pass?
waleee-cl has quit [Quit: Connection closed for inactivity]
<gchristensen>
the first quarter was manipulative, and the other half was just a lot of verbose context
<cole-h>
Nice. And completely out of the blue, or...?
<gchristensen>
it was sent to me in my capacity as a board member of this org
<cole-h>
l o l
<cole-h>
Well, gchristensen, *are* you gonna enforce the Bill Gates approved vaccine? I think we all deserve to know... (/s)
<gchristensen>
probably not
<gchristensen>
(like, I don't think we can?)
<samueldr>
I think that individual needs their bill gates custom shot
* c74d
watches as a file being `cat`ed together from eight ≤10 GB files approaches 100 GB :|
hoverbear has quit [Quit: Connection closed]
<c74d>
oh, right >_< ... many years and three operating systems ago I aliased `cat` to `cat -v`, which makes my oversized tarball that I've been spending hours concatenating useless v_v
<cole-h>
lol
<cole-h>
Now you know
<bkv>
Aliases are bad
<bkv>
Read your irc logs, I've said it many times
drakonis has quit [Quit: WeeChat 2.8]
<cole-h>
Aliases bad, abbrs good.
<bkv>
Yee
<ldlework>
aliases are bad
<ldlework>
use ranger customizations instead
<kiwiirc>
gchristensen what's unhinged about that email? bill gates is a genocidal billionaire who's been promoting depopulation for decades, contaminated vaccines he's connected with caused many ppl to be injured for life in india, the tracking abilities of vaccines "patches" are known, etc
<kiwiirc>
"rich psychopaths wouldn't possibly conspire to do great oppressive evil guys c'mon"
<ldlework>
kiwiirc: you are pretty far of script here
<kiwiirc>
just replying to something gchristensen brought up take it up with him
<JJJollyjim>
...
CRTified has quit [Ping timeout: 258 seconds]
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 265 seconds]
<colemickens>
Do we have stats on how much of nixpkgs is built or buildable for aarch64 compared to amd64?
<samueldr>
I don't know that we do
<samueldr>
I'm sure though that many build failures are x86 only packages using platforms.all
<samueldr>
i started at one point looking into all failures and fixing all bad platforms, but stopped quite early
<samueldr>
the kind of packages which are using e.g. ASM for x86_64 and no generic implementation
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 260 seconds]
<colemickens>
Just thought it might be interesting in the context of today's ARM news.
andi- has quit [Ping timeout: 272 seconds]
liff has joined #nixos-chat
andi- has joined #nixos-chat
<colemickens>
I don't know if gungoman followed me here, but they were randomly spamming abuse me at me in #neovim, in addition to their inflammatory message sent in #nixos. (though it seems not to have taken off)
cole-h has quit [Quit: Goodbye]
<srhb>
colemickens: I saw, I'll remove if it keeps up, but usually if the channel ignores the first bout, like this time, it's easier to not start the ban/join war :P
* colemickens
nods, thank you srhb!
jdmarhee has joined #nixos-chat
jdmarhee is now known as jmarhee
jmarhee has left #nixos-chat [#nixos-chat]
jmarhee has joined #nixos-chat
<eyJhb>
colemickens: as far as I know you can't really follow people on Freenode, as you cannot see other peoples channels, without being a part of them yourself :)
<colemickens>
hm, bit of an interesting coincidence then, thanks for the heads up
<eyJhb>
e.g. if you whois my, I am certain you will not see #octp :D ANd np
__monty__ has joined #nixos-chat
<colemickens>
I make one tiny change to a python script and get: File "./update.py", line 110, in latest_commit
<colemickens>
AttributeError: __enter__
<colemickens>
with urllib.request.urlopen(r, timeout=10).close() as req:
<colemickens>
sometimes I just don't know
<elvishjerricco>
Sweet, I figured out how to get NixOS to ask for passphrases for encrypted ZFS datasets in stage 2 using systemd-ask-password
<eyJhb>
Uhh, nice elvishjerricco !
<elvishjerricco>
I should probably also figure out a crypttab module so we can do the same for LUKS disks
<elvishjerricco>
Right now they're all loaded in stage 1 by custom bash stuff...
c4rc4s_ has joined #nixos-chat
adisbladis has quit [Remote host closed the connection]
adisbladi has joined #nixos-chat
c4rc4s_ is now known as c4rc4s
<kiwiirc>
what's the difference between nix and guix?
<Valodim>
guile
<__monty__>
And the attitude towards non-foss.
<__monty__>
Guix has some really cool bootstrapping that nix doesn't do (yet) I think.
<kiwiirc>
so it's either base your system config on a config lang (nix) or general purpose programming lang (guix)?
<__monty__>
That's the most noticeable user-facing difference, yes.
<__monty__>
Though lack of binary caching is probably very user-noticeable as well : )
<kiwiirc>
when the functionality nix adds to make nixos is added to systemd maybe then there can be some interop where systemd would let you use either nix or guix and mix them in the same system
<__monty__>
manveru: Is this electron but for haskell?
<__monty__>
kiwiirc: I think guix already uses the nix store. So they're already kinda sorta compatible a little bit.
<manveru>
no, but i think it's actually super neat haskell :)
<kiwiirc>
neat
<kiwiirc>
heh
<manveru>
just wondering what it uses nix for atm... watching the video :)
bqv has joined #nixos-chat
bkv has quit [Ping timeout: 260 seconds]
<pie_>
joepie91: wow. everything hates tor these days.
<pie_>
joepie91: everything uses recaptcha and recaptcha wont let you pass
<NinjaTrappeur>
manveru: I did not watch the video but the pitch looks faily similar to obelisk
<srk>
manveru: I have mixed feelings about that but why not.. :)
<NinjaTrappeur>
oh right, it also comes with its own dev tools
<__monty__>
pie_: Google really needs those cars trained.
<pie_>
they make yo do throgh several captchas and then tell yo your system is suspicious and dont let you past
<pie_>
*go through
<__monty__>
pie_: Maybe you'll have better luck with I2P?
vika_nezrimaya has joined #nixos-chat
<viric>
pie_: isn't it "everything uses google-something these days"?
<pie_>
idk
parsley936 has joined #nixos-chat
<kiwiirc>
i refuse to use any services using google captcha
<kiwiirc>
hostile network actors i block in firewall
adisbladi is now known as adisbladis
<eyJhb>
adisbladis: and he is back!
<eyJhb>
Beggining to realise more and more, how much I hate race-conditions.
<manveru>
bootstrapping trust is like the hardest puzzle...
<manveru>
esp if you wanna keep it out of the nix store :P
<manveru>
srk: i think it's really nice, at least readable haskell and pretty normal templating are a big plus :)
<srk>
manveru: guess I'll try it to see for myself :)
<manveru>
and the speed, i had no idea Haskell could have such fast turnaround times
<srk>
yup, autoreloading looks neat
<srk>
:r in ghci is near instant in most cases
<manveru>
will have to wait until the weekend to try this i fear, but i'll definitely make a little site with it for fun
<srk>
ghcid uses similar approach, from-scratch compilation to actual binaries is way slower
<manveru>
i'm still not sure what it uses nix for other than the haskell dependencies... but well
<NinjaTrappeur>
manveru: it uses the haskell nixpkgs infrastructure as build system
<NinjaTrappeur>
Which is quite and standard nice deployment-wise.
<{^_^}>
manveru/nix-inclusive#1 (by grahamc, 5 days ago, open): Require all paths exist
<manveru>
oh, i didn't see that
<gchristensen>
I assumed not, that is okay
<manveru>
sorry, been hacking away almost 24/7 at this nixops replacement :P
<gchristensen>
hehe
<manveru>
last puzzle step is how to get secrets into aws autoscale groups via the user_data...
<manveru>
and i think i'm just gonna go with sops for that
<eyJhb>
manveru: nixops replacement you say?
<manveru>
jup
<manveru>
basically nixops, but with terraform as provisioner
<manveru>
and built in flakes
<eyJhb>
That sounds cool. Then it would support all the same things as Terraform?
* eyJhb
*praying*
<manveru>
yes
<eyJhb>
Same things -> cloud services
<gchristensen>
adisbladis: ^ :)
<eyJhb>
E.g... DIGITAL OCEAN, but better :p
<eyJhb>
Everytime I see Terraform mentioned, I am always unsure if the way I am going with my platform is the right way. But seeing as the use case is weird, I am not sure, ever
<gchristensen>
what is the way you're going with your platform?
<gchristensen>
also, manveru, do you describe your network with Nix, or with HCL?
<manveru>
it's JSON generated by Nix
<eyJhb>
Ehm... Kinda hard.. gchristensen do you know HackTheBok etc.?
<eyJhb>
Box*
<manveru>
which terraform accepts instead of HCL just fine
<gchristensen>
manveru: cool, do you have a plan for interpolating HCL values?
<manveru>
yeah, that's easy too
<gchristensen>
really! that is where I got stuck
<gchristensen>
*interest intensifies*
<manveru>
well, not interpolating it back into Nix :)
<manveru>
that requires a roundtrip
<manveru>
but still possible, if you do a git add in between...
<gchristensen>
how do you interpolate the way you have now?
<manveru>
anyway, i haven't open-sourced this yet, and will probably take some time to extract everything back into a standalone thing
<manveru>
you simply do "${var.something}", but in JSON
<gchristensen>
neat
<manveru>
haven't found a way yet to encode terraform functions though, but usually nix is superior anyway
<manveru>
the harder part was bootstrapping Consul and Nomad without user intervention
<manveru>
haven't even gotten to Vault yet :|
<gchristensen>
that sounds like a lot :D
<manveru>
yeah
<manveru>
the end goal is to have nix generate nomad jobs and run them on a easily scalable nixos cluster :)
<manveru>
atm we build massive AMIs and scale those, but the turnaround time is just absymal
<gchristensen>
how long is your time?
<manveru>
what time?
<gchristensen>
turnaround
<manveru>
initial deployment... maybe 2 minutes
<manveru>
depends on spot request speed
<manveru>
spawning new services after that, seconds
<gchristensen>
I mean, building amis
<manveru>
oh
<manveru>
an hour or so?
<gchristensen>
whoa
<manveru>
yeah...
<gchristensen>
what is taking so long? I switched to nixos to bring down my chef-based ami deploy pipeline from 15 minutes to closer to 5
<eyJhb>
That is a one time thing, isn't it?
<manveru>
the initial build is pretty awful, and waiting for propagation to all regions takes forever
<gchristensen>
ouch!
<gchristensen>
eyJhb: my (and manveru's) deploy technique is to make an AMI for every deploy
<manveru>
yeah...
<eyJhb>
Ahh, that is quite some time then
<manveru>
we make massive AMIs that contain a bunch of services for load testing
<eyJhb>
What is the fastest it COULD be done?
<eyJhb>
(a Guess)
<eyJhb>
Just to put it into perspective
<gchristensen>
manveru: maybe you could adapt netboot.nix to work for AMIs :) (though, the nomad scheduler sounds great)
<manveru>
that'd be really cool too...
<manveru>
and why not combine them :P
<gchristensen>
yup
<manveru>
i tried working with the vanilla NixOS AMI for this
<gchristensen>
yesterday using some magic sauce I was able to deploy to a Packet server from nix-build of the netboot expression to "nixops deploy" being done in 7 minutes
<manveru>
so atm i put the configuration.nix into the user_data, but of course the AMIs have no flakes yet :|
<gchristensen>
yeah.
<manveru>
otherwise all it'd need is a flake url and deployment key :)
<manveru>
won't work for tiny instances though, since they won't have enough memory to build themselves...
<gchristensen>
manveru: how about a cache URL and store path to realize
<manveru>
yep, that'd work too
<thefloweringash>
gchristensen: that sounds like it would also solve the packet netboot initrd size limit and let us bring back the armv7l builder :-)
<manveru>
i think at least :)
<gchristensen>
thefloweringash: true :)
<manveru>
or using lifecycle hooks to indicate provisioning status and using some other machine to automatically push versions...
<manveru>
atm i just put the flake url in the tag and work based off of that
evils_ has joined #nixos-chat
evils has quit [Ping timeout: 258 seconds]
<cransom>
building an ami is about a 3 minute process for me, uploading to s3 is nealry no time. it just takes forever for aws to register an ami, 8-10 minutes.
<gchristensen>
let's make awsPXE
waleee-cl has joined #nixos-chat
<cransom>
hrm. nix-store -r $path-to-toplevel; $path-to-toplevel/bin/activate is technically all you need, right? if ci has already done the build. i just want to avoid the nixos-rebuild step to bring up a machine fast.
<gchristensen>
you need to make a GC root
<gchristensen>
how about nixE: iPXE but juuuust enough Linux to nix-store -r and activate
<cransom>
the lifecycle of the machines in an asg (at leas tmine) never see a nix-build. they come up from scratch. but nixE. hrm.
<gchristensen>
I'm back to classic ops: tossing `pkill -f vault-plugin-secrets-packet` in to a cronjob
<Valodim>
enterprise
hoverbear has joined #nixos-chat
evils_ is now known as evils
<philipp[m]>
Is anybody here happy with using emacs for sql stuff? Mainly for short inspections of existing databases?
<gchristensen>
whoa what?
<neeasade>
philipp[m]: I'm not currently but I have this on my backlog to checkout:
<philipp[m]>
gchristensen: You think it is outlandish? I have a feeling that emacs interfaces could be kinda nice for sql work.
<gchristensen>
nope, just isn't what I'd expect out of my editor :P sounds cool
<philipp[m]>
I mean, not much on top of a regular cli client, but maybe some more structured way to display data and maybe toggle columns.
<adisbladis>
gchristensen: Emacs is not an editor :P
<adisbladis>
It's a lisp environment that happens to edit text
* neeasade
looks over at the "smug lisp weeny" wiki page
<neeasade>
(but I'm really sold, emacs a bae)
<philipp[m]>
neeasade: The end result looks pretty cool, I'm not sure how much pain that whole jdbc connector will be in the end.
<neeasade>
yes indeed
<philipp[m]>
Any takers on packaging that nicely? xD
<eyJhb>
To debug Docker Registry, or not to debug it...
<eyJhb>
I should just accept, that it never really works
<cransom>
are there any matrix aficionado's in the house? i have some local rooms that now functionally without an admin and i don't see how to promote someone else as a server admin. updating m.room.power_levels complains about permissions.
<Valodim>
cransom: "functionally" without an admin?
<Valodim>
if there really is no admin left in a room, there is no way to spawn one
<cransom>
they got created by the slackbridge
<Valodim>
is the slack bridge still room admin?
<cransom>
it is.
<Valodim>
you can snatch its login credentials and use that to increase someone else's power level
<cransom>
hrrm.
<Valodim>
generally, homeservers can only affect room state through their users. that's because a room doesn't "belong" to any server, so being admin on a server only indirectly gives a room admin escape hatch
<eyJhb>
Anyone that has a good tool, to meassure packet drops? Both locally in outbound
<cransom>
Valodim++ . thank you.
<{^_^}>
Valodim's karma got increased to 5
hoverbear has quit [Quit: Connection closed]
hoverbear has joined #nixos-chat
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-chat
<__monty__>
Hmm, this seems like a weird statement (from the P2P Matrix announcement): "Hooking up E2E Encryption APIs in Dendrite (not that it buys us much in a pure P2P world)"
<__monty__>
Do they intend to cut the federated network out of routing?
<__monty__>
Even distributed-first networks sometimes add strong nodes just for routing, so I don't understand why E2EE would suddenly not be useful?
drakonis has joined #nixos-chat
drakonis_ has quit [Ping timeout: 264 seconds]
<philipp[m]>
As I understand it, right now they have central turn server and all the nodes live inside the riot instances.
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 240 seconds]
<adisbladis>
Haha, nice. I did an improvised reflow job on my laptop this morning and it's been holding up all day :)
<adisbladis>
I didn't even have a proper rework station, I used a full sized heatgun
<adisbladis>
I'm so happy
<philipp[m]>
Congrats!
<gchristensen>
nice!
drakonis has joined #nixos-chat
cole-h has joined #nixos-chat
<gchristensen>
just exchanged some secrets over slack with `age` and it was super easy and nice
<cole-h>
Oh no. Issues/PRs are now omega wide
<gchristensen>
what
<gchristensen>
oh
<adisbladis>
cole-h: :<
<adisbladis>
Omg the new design is off-putting
<adisbladis>
IT'S NOT CENTERED
<cole-h>
lol
<cole-h>
Yep x)
<adisbladis>
I'm not a person who usually cares too much about UI design
<colemickens>
I don't plan to use my Hey invite if anyone wants to, I guess its good for three uses: vjawzau
<infinisil>
What's up with these three letter word products!
<Valodim>
fun fact, the sks keyserver pool for https is down to a single operator today (from two as has been for a year or so) due to an expired certificate
<cole-h>
Hey requires a backup email to signup :( It has the same chicken-or-the-egg problem most others do...
<adisbladis>
gchristensen: age still doesn't have hw token support, right?
<cransom>
i'm not anxious at all to support/get into the arm stuff on apple gear, but i am super curious to see what performance is really like compared to an x86 machine
<gchristensen>
anyone know what the name of that meme is with the woman who is unsure and considering a point, and makes that face?
<ldlework>
Wasn't clear if nix-community wanted it at first
drakonis1 has joined #nixos-chat
<gchristensen>
manveru: PR'd :)
<ldlework>
gchristensen: if you use it will you show me
<gchristensen>
yep
<ldlework>
<3
drakonis_ has quit [Ping timeout: 240 seconds]
<manveru>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 322.9999999999998
<manveru>
lol
<ldlework>
hehe
<manveru>
first time i see deepSeq used
<manveru>
cool usecase :)
<gchristensen>
:)
drakonis1 has quit [Ping timeout: 244 seconds]
<gchristensen>
sent another PR too :)
drakonis_ has joined #nixos-chat
<manveru>
cool, thanks a lot
<gchristensen>
manveru: "Directories will be added recursively" is that an intentional choice in your design?
<manveru>
yes
<gchristensen>
cool
<gchristensen>
I like it
<manveru>
it tries to be a balance between just doing `./.` and being tied to a `.gitignore` list...
<manveru>
since for a lot of derivations you only want a couple of files
<gchristensen>
yeah
<manveru>
and i found that super confusing with what's available in lib
<gchristensen>
I was thinking about my exactSource, which if you specified a directory, it would include an empty directory to your source
<gchristensen>
which is pretty strict
<manveru>
hehe
<manveru>
not sure how useful that'd be in practice
<gchristensen>
it sort of depends on if you have editors or programs dropping gunk next to your source files
<gchristensen>
it is a tricky problem without a clear right answer
<gchristensen>
imo :)
<manveru>
true that
<gchristensen>
I like that your option lets me be precise with each file individually, and then also gives the choice to be a bit less precise until I wantto be
<gchristensen>
and I'm not sure there is a clear use case for wanting to include an empty directory
<manveru>
maybe inclusive could be a bit more configurable to add exclusion patterns
<manveru>
but i think you can always add another filter before/after it anyway
<gchristensen>
yeah, I think it is nice to keep inclusive fairly simple
<gchristensen>
I think if you have complicated include/exclude rules ... maybe your software or directory structure should be reconfigured :0
<manveru>
hehe
<manveru>
anw, back to bootstrapping fun
<gchristensen>
thanks for merging those PRs
<gchristensen>
I am glad to standardize on this one
<manveru>
if enough people use it, i'll add it to nixpkgs
<energizer>
i want to make some encrypted backups on a timer. where do i put the encryption key?
<gchristensen>
is it a symmetric key or assymetrical?
<energizer>
this is for my personal backups, so i'm the only person who'll be decrypting, so i dont think i have a preference for a/symmetric
<gchristensen>
well, asymmetrical has the advantage that your encryption key doesn't have to be secret
<energizer>
that does make things easier :)
__monty__ has quit [Quit: leaving]
<elvishjerricco>
energizer: What backup method do you plan to use?
<energizer>
elvishjerricco: my plan is: `snapshot=$(date) && btrfs subvolume snapshot /persist $snapshot && btrfs send $snapshot | age -r my.pubkey | b2 upload_file ${HOST} -`
<elvishjerricco>
energizer: Hm yea I guess you can't do encrypted incremental sends with btrfs.
<gchristensen>
neat
slack1256 has joined #nixos-chat
* c74d
goes through an old backup to prune useless files, finds a Google account I forgot I had :/
<gchristensen>
heh
<infinisil>
I have an old youtube account with some minecraft let's plays on it xD
<infinisil>
(no I won't link it!)
<infinisil>
Oh, past me set the videos to private at some point apparently, smart move!
<abathur>
energizer: may be idiomatic or unworkable in your case, but I'm a little spooked by the chance of something intentionally or unintentionally overwriting the destination, so I put that stuff in a credential manager and make it prompt me to auth every backup
<infinisil>
Apparently I can't log into the account anymore because password isn't enough anymore and google wants to send a verification code to my old phone number..
* c74d
wonders what to do with the dozens of old passwords in here... I imagine some of them still work, but determining which work would be... effort :\
<energizer>
abathur: i want to be able to run backups automatically
<c74d>
I suppose I really should go through and delete these old, unused accounts where possible
<abathur>
well
<abathur>
I *run* it automatically
<abathur>
it just doesn't get to do anything if I'm not around to consent :]
<abathur>
but yeah, I figured
<gchristensen>
I wish I could setup an SSH key with my github account which is read-only
<gchristensen>
maybe just using HTTPS for pulls would be sufficient
<energizer>
gchristensen: repo deploy keys can be read only
<gchristensen>
yeah
<gchristensen>
my editor automatically does a `git fetch` periodically and I get skeeved out when I get prompted for my SSH key's password when I didn't trigger it
<gchristensen>
so I'd want it to be applied to pretty much every repo
<qyliss>
What editor is that??
<samueldr>
gchristensen: I generally use https for pulling open projects because I don't like the noise of `git pull` asking for my key :)
<qyliss>
I'm generally quite dependent on FETCH_HEAD being what I expect it to be in my workflow
<samueldr>
but it's something I manually do on the remotes
<gchristensen>
qyliss: vscodium
<gchristensen>
samueldr: that is a cool idea
<qyliss>
You can have seperate push and pull URLs per-remote also