gchristensen changed the topic of #nixos-chat to: NixOS but much less topical || https://logs.nix.samueldr.com/nixos-chat
nullheroes has joined #nixos-chat
cole-h has quit [Ping timeout: 246 seconds]
pinpox2 has joined #nixos-chat
pinpox has quit [Ping timeout: 240 seconds]
pinpox2 is now known as pinpox
rajivr has joined #nixos-chat
Ashy has quit [Ping timeout: 244 seconds]
Ashy has joined #nixos-chat
<elvishjerricco> Wow this dumb experiment is getting up to 48GB of memory usage
<elvishjerricco> Just saw 51G actually
maxdevjs has joined #nixos-chat
<ldlework> Anyone wanna try my networked chess app I've been working on?
cjpbirkbeck has quit [Quit: Goodbye, take care]
ldlework has quit [Quit: co'o ro do]
ldlework has joined #nixos-chat
evanjs has quit [Quit: ZNC 1.8.1 - https://znc.in]
evanjs has joined #nixos-chat
<lovesegfault> I finally did it
<lovesegfault> I cooked a curry so obscenely spicy neither me nor my wife were able to finish
<lovesegfault> and now my stomach hurts
<lovesegfault> at last GLORY
maxdevjs has quit [Read error: Connection reset by peer]
ivan has left #nixos-chat [#nixos-chat]
cole-h has joined #nixos-chat
<eyJhb> I have a hard time figuring out, when my mic is muted/not muted
<eyJhb> Does the icon show the state or the action...
<elvishjerricco> Eight and a half hours later, my silly experiment succeeded! And calculating primes is only like five times slower with the emulated aarch64 ghci :P
<talyz> eyJhb: That always confuses me too, and it varies from app to app :/
<eyJhb> talyz: It is so annoying. I figured it out with Jitsi by using the webcam as the same indicator
cole-h has quit [Ping timeout: 272 seconds]
hmpffff has joined #nixos-chat
<makefu> lovesegfault: achievement unlocked! Created a dish which was actually undigestable
vaibhavsagar has left #nixos-chat ["Kicked by @appservice-irc:matrix.org : Idle for 30+ days"]
__monty__ has joined #nixos-chat
jD91mZM2 has quit [Quit: ZNC 1.8.1 - https://znc.in]
jD91mZM2 has joined #nixos-chat
ky0ko has quit [Remote host closed the connection]
ky0ko has joined #nixos-chat
<gchristensen> anyone know of a cgroup-aware `top`?
<tilpner> systemd-cgtop ish
<gchristensen> wow!
<tilpner> You can also use some of the tools meant for containers
<tilpner> I vaguely remember abusing ctop for this, but I might be wrong
<tilpner> What's in all those scopes?
<gchristensen> everything I launch as my user gets its own scope
<tilpner> It gets grouped as one large scope here. What did you do to make it fine-grained?
<gchristensen> https://github.com/grahamc/nixos-config/blob/master/packages/swayconfig/config#L68 every sway config which launches a program is prefixed with systemd-run. this lets me do nice things like have a keyboard button to kill, at the cgroup level, the currently focused, frozen window
<tilpner> And that's the only way you launch top-level applications?
<tilpner> Does this mess with communication (e.g. ipc to firefox instances (shouldn't, xshmem))?
<gchristensen> it doesn't
bridge[evilred] has quit [Remote host closed the connection]
<gchristensen> err bemenu :)
<hexa-> programs started from bmenu inherit it's cgroup though?
<gchristensen> yeah, but it is its own cgroup each launch
<gchristensen> bemenu isn't a persistent process
<gchristensen> btw this whole idea is based off adisbladis (iirc) doing it first
<srk> pretty cool
<tilpner> Aww, I tried to set a few isolation properties, but something forbids it
<tilpner> systemd-run --user --scope -p PrivateNetwork=yes curl nixos.org
<tilpner> This fails entirely, doesn't understand PrivateNetwork
<gchristensen> yes... unfortunately as a user scope, you can't setup a lot of the nicer isolation
<tilpner> But if you change --scope to --unit, it does understand it, but doesn't have the permission to create a network namespace
<gchristensen> I think there was a reason I wanted --scope instead of --unit... but maybe that only applies if I actually want the parent to still own the child process
<gchristensen> this is also how my "freezer" works, suspending background programs I haven't used in a while (the freezer also doesn't have the behavior I want, so I don't use it often, so maybe I should say "could work.")
<srk> tilpner: systemd-run --user --scope unshare -nU curl nixos.org
<srk> how to setup network in namespace is left as an exercise .. :D
<gchristensen> lol
<gchristensen> anyway I feel like this sort of thing, plus some more limitations by default, makes linux feel like a better os :P
<tilpner> srk: Sure, I can script it myself (probably with bwrap instead), but systemd system services make it much easier to combine and setup isolation. With unshare I now need to set up all those mounts manually
<__monty__> gchristensen: Is this a concrete feeling or more of an "I feel good because there's less weirdness that could be going on in the background." Like, better car seats or a better timing belt?
<gchristensen> good question
<gchristensen> well... I don't know. I like that, for example, none of the gui programs I launch have nothing in their PATH and run entirely out of their closure
<gchristensen> maybe just good seat belts
<__monty__> (Mostly asking because it seems like a really cool idea but one that requires more know-how than I have to use effectively. And unless there's usability improvements I think my time's spent more wisely gathering different know-how.)
<__monty__> Probably sprinkle that with a couple ,'s for it to make sense.
<gchristensen> yeah, there probably isn't a concrete advantage to you today
<tilpner> I was going to mention a chance at granular resource control, but none of the properties seem to do anything
<gchristensen> the freezer, systemd-cgtop, etc. are all things I like a lot. switching away from scopes for many of these would let you use properties I think and would be an interesting way to explore making it more useful
<__monty__> tilpner: Like limiting memory use? I do use systemd-run effectively to keep nix in line sometimes.
<tilpner> __monty__: With --user and --scope?
<__monty__> Ah, not --user.
<gchristensen> but unfortunately systemd seems to have this caveat a lot: "This option is only available for system services and is not supported for services running in per-user instances of the service manager."
<{^_^}> systemd/systemd#9887 (by LockRing, 2 years ago, closed): resource control does not apply automatically with user instance
<tilpner> This seems to say that memory.max should be delegated to user@, but is not
<gchristensen> it isn't clear to me why ProtectHome, for example, can't work for a user unit
<__monty__> Does seem like limiting further shouldn't require any permissions, while lifting limits obviously might.
<gchristensen> https://github.com/systemd/systemd/blob/8441ff688636dba5e458fb5e95fef1e817f79349/test/units/testsuite-43.sh#L33-L35 it appears to indeed sometimes work: "However, most namespacing settings, that will not work on their own in user services, will work when used in conjunction with PrivateUsers=true."
<tilpner> config.systemd.enableCgroupAccounting only enables a few
<gchristensen> ^ that whole test suite seems Interesting
<tilpner> systemd-run --user --wait -Pq -p PrivateUsers=yes -p PrivateNetwork=yes curl nixos.org
<tilpner> That seems promising
<gchristensen> O.o I wonder why PrivateUsers is a magic switch
<srk> user namespace?
<gchristensen> I suppose
<srk> similar to `unshare -U -n ip a` vs `unshare -n ip a`
<srk> latter requires sudo
<gchristensen> yeah.... hrm
<gchristensen> okay, I'll take it
<tilpner> MemoryMax is still ineffective, even with MemoryAccounting=yes
<tilpner> ProtectHome=read-only works though
<hexa-> Need to thaw this discussion and unthaw later when I'm not on the damn phone
<hexa-> Eh freeze and thaw obc
<hexa-> Obviously
<joepie91> was gonna say :D
<gchristensen> systemctl freeze #nixos-chat
<hexa-> weechat@#nixos-chat.service
<gchristensen> hehehehe
<hexa-> Okay, frozen apparently
adisbladis has quit [Quit: ZNC 1.8.1 - https://znc.in]
adisbladis has joined #nixos-chat
das_j has quit [Quit: killed]
ajs124 has quit [Quit: killed]
ajs124 has joined #nixos-chat
das_j has joined #nixos-chat
<hexa-> ok, thaw now
<hexa-> thanks everyone
<gchristensen> hexa-: it seems all the processes got too cold and went to sleep
<abathur> probably an adorable cross-stitch in there somewhere
<hexa-> rip
<gchristensen> SIGCONT
eyJhb has quit [Quit: Clever message]
eyJhb has joined #nixos-chat
eyJhb has joined #nixos-chat
eyJhb has quit [Changing host]
<eyJhb> Somebody give cole-h a ZNC :(
<adisbladis> eyJhb: I'm guessing a lot of leave/join?
<adisbladis> I think it's better to ignore those events entirely, especially in larger channels
<eyJhb> No, just wanted to share a link :p - Yeah I mostly do as well
<eyJhb> Did you just update your znc adisbladis ?
<adisbladis> Yeah?
<adisbladis> Why?
<eyJhb> Just the reconnect as well :D
<adisbladis> Ah, right. That was intentional.
<hexa-> I am quite annoyed by the znc.in url advertising in every quit message
<hexa-> I pipe all urls to wofi and the znc to useful urls ratio is way off
<gchristensen> yeah my IRC url shortener dedups on input b/c of that
<__monty__> You autoshorten all urls?
<gchristensen> yea
<__monty__> Hmm, to avoid using the clipboard?
<gchristensen> assigns every URL the lowest available integer, and old URLs age out after 12h so they stay quite low -- 50-60
<hexa-> sort|uniq would work, but that way I loose order
<gchristensen> $ printf "foo\nbar\nbaz\nfoo\nbar\n" | cat -n | sort -k2 | uniq -f1 | awk '{print $2}'
<gchristensen> bar
<gchristensen> baz
<gchristensen> foo
<gchristensen> not quite right ...
<gchristensen> not right at all haha
<adisbladis> gchristensen: What's the point though?
<gchristensen> printf "foo\nbar\nbaz\nfoo\nbar\n" | cat -n | sort -k2 | uniq -f1 | sort -k1 | awk '{print $2}' there we go
<gchristensen> adisbladis: point to what?
<adisbladis> Assigning urls to an int
<gchristensen> oh, I can type in my browser "g 12" and go to that link shared in IRC, and the number is always short so easy to remember
<__monty__> gchristensen: Urls are replaced in-backlog?
<gchristensen> annotated
<__monty__> Bit of a roundabout way to get url hinting, but I dig it : )
<adisbladis> Right, I struggle to think of a case where just "clicking" the url isn't a better flow?
<__monty__> I have to admit I use url hints most of the time.
<gchristensen> ah. weechat makes that crappy sometimes
<adisbladis> Someone I know made an interesting url shortener https://noun.ly/
<adisbladis> It shortens URLs to a simple word you can actually tell someone in real life
<adisbladis> Or over a phone or whatever
<__monty__> Like the wormhole codes idea?
<gchristensen> nice. I wanted to do thaht but with route53 as the database
<adisbladis> __monty__: What now?
<__monty__> adisbladis: Wormhole codes (from magic-wormhole) are supposed to be short, unique and easily communicated unambiguously.
dingenskirchen has quit [Quit: ZNC 1.7.5 - https://znc.in]
dingenskirchen has joined #nixos-chat
<gchristensen> I think it is a bit funny that we have tests like this in our generic bash prompt code https://github.com/NixOS/nixpkgs/blob/9524e93607ae5b8287fb356af31e49c19be8fc9e/nixos/modules/programs/bash/bash.nix#L106
maxdevjs has joined #nixos-chat
<NinjaTrappeur> gchristensen: Interesting. How are you implementing that in practice? I'm especially interested in how you forward the URL to the browser.
<NinjaTrappeur> Incidentally: is this public? :D
<gchristensen> mmmmitisn't
<gchristensen> one sec
<__monty__> NinjaTrappeur: I suspect a keyword bookmark in firefox, g 12, will fill out grhm.short/12 (or whatever the url is).
<gchristensen> yeah, but I can't fetch the source right now
<gchristensen> it is on an Old Machine ... one I forgot I even had, hah
<NinjaTrappeur> No problem :)
<NinjaTrappeur> Thanks __monty__, I did not think about the custom search engine trick. Makes a lot of sense, indeed.
<gchristensen> it is old PHP and uses the filesystem as a database fwiw so you may not want it
<__monty__> FS-as-DB, oof
<gchristensen> meh 1 write per minute and 1 read per hour is pretty fine
<__monty__> It's all fine until it's not.
<gchristensen> lol okay
<__monty__> : )
<gchristensen> if my personal URL shortener goes down, which it never has in the last 6 years apparently, I really earned it
<__monty__> Performance isn't what I worry about with filesystems v. databases.
<__monty__> And I'm sure it's fine for this usecase.
<__monty__> It's still a scary common pattern.
<gchristensen> aye
<gchristensen> nothing accounts for taste
<eyJhb> __monty__: Databases uses filesystems! :o You just skip the middleman
<cransom> the url shortener could just map directly to an inode number.
<NinjaTrappeur> :q
Baughn has quit [Ping timeout: 240 seconds]
Baughn has joined #nixos-chat
cole-h has joined #nixos-chat
rajivr has quit [Quit: Connection closed for inactivity]
hmpffff has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil> Oh my lord
<infinisil> I just debugged like 2 hours for a one-char typo
<infinisil> Ugh
<gchristensen> those are the good ones
<infinisil> I gasped when I saw it
<andi-> I like systems that just use the filesystem instead of some database system when I need basically nothing the DB has to offer besides a key/value store.
maxdevjs has quit [Ping timeout: 272 seconds]
<cole-h> When you start writing a script in bash, then shell out to python, only to realize you should probably write that script in python instead...
__Sander__ has joined #nixos-chat
<__monty__> andi-: It sure is convenient. Problems are with reliability.
hplar has quit [Ping timeout: 256 seconds]
<andi-> __monty__: my fielsystem, that also backs the database, must always be reliable.
<andi-> If it is write-once data I argue a filesystem is more reliable. You can even still use it while the disk went r/o. While most databases probably require writing some kind of lock file to read.
<andi-> Most mailservers are an excellent example of how well files scale.
hmpffff has joined #nixos-chat
<eyJhb> cole-h: !
<eyJhb> If you are bored I have a ugly as hell test event up and running :p
<sphalerite> gchristensen: hahahahaha, this sounds like a case for not bash.
<gchristensen> my impression is the next step in complexity after zenity is very complicated
hplar has joined #nixos-chat
<abathur> expect script + an AI that decides whether to take the update or not?
<gchristensen> lel
<sphalerite> gchristensen: HTML and a bash+nc server.
<sphalerite> (or socat if you're feeling extra fancy)
<gchristensen> lol
<sphalerite> xulrunner :D
<gchristensen> I take it you're trying to prove my point :P
<abathur> what's the bit catching you beyond zenity? is it composing a multi-part dialog? I wondered before if just opening the diff in a text editor and the zenity dialog separately would work
<abathur> I guess you might be able to do something like what git does with commits or interactive rebases; open the thing in a window, take action based on what's in the file when they close it?
<abathur> not sure if that mechanism is trivial or not
<sphalerite> gchristensen: oh oh oh I've got one! glade previewer!!
<gchristensen> not really the UX I'm going for, I'd like a little text box, checkbox and 4 buttons
* abathur hopes figuring out how to enable FileVault in CI isn't some sort of ToS violation...
<gchristensen> heh
<samueldr> abathur: aggravating edge case: figuring it out is a ToS violation, doing it is not
<abathur> yeah :]
<sphalerite> even edgier case: figuring out whether it's a ToS violation is a ToS violation.
<sphalerite> I'm sorry
<abathur> also possible it's the sort of ToS violation that earns a job offer
<abathur> presumably their infra recovers cleanly from it
<gchristensen> oh this is github's?
<abathur> guess I'll find out if there aren't any workers available at some point today :)
<samueldr> oof
<samueldr> just like how on bare metal you could do ______________[redacted] possibly to NVMe storage
<samueldr> not sure if it is even fixable, and if it was reported to that one baremetal provider by the individual who found out about ____________[redacted]
<gchristensen> lol
<gchristensen> is this about me?
<samueldr> yes
<gchristensen> b/c I think they fixed it :)
<sphalerite> is this about making it permanently read-only by any chance? Just a stab in the dark
<gchristensen> though they were thoroughly confused for a few hours as to why their internal ______ was reporting __________ instead of ____________
<gchristensen> sphalerite: nah
<sphalerite> I'm thoroughly intrigued though.
<samueldr> but, is it disabled? or is it still something someone can do to make things weird?
<gchristensen> bahaha
Baughn has quit [Ping timeout: 264 seconds]
<__monty__> andi-: It's just really hard to avoid corruption in the face of crashes and stuff. Databases are basically an API in between that take care of the really hard stuff.
<__monty__> This blog puts it way better than I can, https://danluu.com/file-consistency/
<sphalerite> gchristensen: is, say, pygtk that much more complicated than zenity though?
<samueldr> aren't there databases that can directly use a partition?
<gchristensen> __monty__: https://www.usenix.org/conference/atc20/presentation/rebello related, very interesting
<__monty__> gchristensen: Thanks, I'll be sure to check it out.
<__monty__> samueldr: I'm sure there are.
<__monty__> Anyone familiar with RFC-2047, encoded-words in particular? https://tools.ietf.org/html/rfc2047#section-2
<sphalerite> I want to run home-assistant without using the nixpkgs packaging, because I've found it to be unreliable and high-maintenance… So I've been considering using the docker image, but I need the container to have multiple network interfaces living on host bridges and getting their IP addresses via DHCP. Is anyone aware of a nice solution for this?
<sphalerite> also joepie91: you linked the "matt" mattress a while back, mine arrived today. :p
<cransom> sphalerite: best i can think of is using --network=host and extra firewall rules, depending on what you need.
<sphalerite> cransom: hmm ok. Another path I'm considering is using the docker image but not docker
<cransom> it's also a little inceptionny, but maybe possible a nixos-container with all the interfaces with dhcp, which then happens to run the docker container with --network=host
<sphalerite> hmmm…
<sphalerite> hm, supplying my bedroom light controller with power is quite helpful for making it reachable via the network.
<gchristensen> lol
<sphalerite> hmm, I could also maybe just throw the rpi home assistant image on a pi and use that… Just not sure what sort of options it has for configuring the network.
<sphalerite> why is this so hard
<gchristensen> computers are bad
<samueldr> oops
<samueldr> wrong window
<sphalerite> gchristensen: don't you have a great solution for running a docker image withoout docker? :D
Mic92 has quit [Quit: WeeChat 2.9]
<gchristensen> one time I was just about hired by a company that makes an operating system for ports, managing all of the dockers and containers, but mostly the cranes
Mic92 has joined #nixos-chat
<sphalerite> gchristensen: is this just a joke, or real?
<cransom> (pretty sure that was real)
<gchristensen> it was real
<gchristensen> their downtime window was 1 hour each month for deployments, because they didn't like to lose more than 1 hours worth of revenue (several million dollars), and backing up the line of ships caused big problems in the nearby shipping channels
<gchristensen> it sounded like a lot of fun, and also really hard with big consequences, but I bailed when it sounded like they hadn't really changed how they work in 10 years and didn't *really* want to start now, while having fairly questionable hygiene
<gchristensen> lol
bridge[evilred] has joined #nixos-chat
bridge[evilred] has quit [Remote host closed the connection]
<FireFly> haha
<infinisil> Oh wow, in C/C++, `Value * l, r` isn't equivalent to `Value * l; Value * r`
<infinisil> Because the `*` operates on the variable, not the type
<FireFly> infinisil: yeah, I think that's the usual argument for putting the asterisk with the identifier
<FireFly> but it's confusing indeed >.>
* infinisil might has to start doing that
<cole-h> tbh I'd do `Value * l; Value * r;` just to avoid that :P
<samueldr> cole-h: we all know you'd RiiR just to avoid that ;)
<cole-h> Guilty.
<cole-h> Can I RiiR my brain pls
<cole-h> Hydra, you need to build ONE. STINKING. JOB. for unstable to advance
<cole-h> And you still haven't >:(
<samueldr> isn't metrics one that requires a specific box to build on?
<samueldr> didn't I see a specific box having issues in the infra repo?
* samueldr could be wrong
<samueldr> requiredSystemFeatures = [ "benchmark" ];
<gchristensen> sounds likely
<samueldr> uh, that's not something that's in the hydra interface it looks like
* cole-h cries
<cole-h> Hydra was at only 30k queued jobs yesterday
<cole-h> Now it's at 100k
<gchristensen> runnable
<samueldr> gchristensen: I meant on the job itself
<cole-h> Oh
<cole-h> I know why
<{^_^}> nixos-org-configurations#127 (by edolstra, 1 day ago, open): t2a unreachable
<cole-h> Oof
<samueldr> [17:26:37] <samueldr> didn't I see a specific box having issues in the infra repo?
<samueldr> :)
<cole-h> t2a is the only machine with benchmark
<cole-h> I missed that message lol
<samueldr> and you're right too
<samueldr> any further discussion should be moved to #nixos-dev
<cole-h> :(
<samueldr> see, there _is_ an explanation, it's not doing it *just* to spite you
<cole-h> I think it is
<cole-h> ;P
<cole-h> samueldr++ gchristensen++ Thanks for help tracking it down :)
<{^_^}> gchristensen's karma got increased to 353
<{^_^}> samueldr's karma got increased!
<cole-h> Gonna update that issue with that info, in case it wasn't obvious to others as well.
__monty__ has quit [Quit: leaving]
__Sander__ has quit [Quit: Konversation terminated!]
<FireFly> fancy
<gchristensen> neat
endformationage has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat
hmpffff has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
maxdevjs has joined #nixos-chat
das_j has quit [Quit: killed]
ajs124 has quit [Quit: killed]
ajs124 has joined #nixos-chat
das_j has joined #nixos-chat