<samueldr>
so my github to IRC gateway is rabbitmq in, rabbitmq out, never a miscommunication
<samueldr>
can't explain that!
<gchristensen>
a pure function!
<gchristensen>
rabbitmq is beautiful
<samueldr>
gchristensen: so if I understand it right, you want to have only the github webhooks under the purview of what you intend to get hosted *wherever*?
<gchristensen>
ideally it would all become part of community infrastructure and stop being one-person-maintained
<gchristensen>
it is really clear to me my brain isn't tops these days, and my time availability is even less... so I need to not hold things back
<aanderse>
[gchristensen](https://matrix.to/#/@freenode_gchristensen:matrix.org): after they hit 2 you start to get a little mental capacity back
<aanderse>
unless you have another... but once they hit 2 or 3... :-D
<samueldr>
as a twin, I wonder if I've been twice as detrimental
<abathur>
like a college fund, but for infra...
<gchristensen>
lol
<aleph->
gchristensen: Stupid question, you might know. Setting up a zfs pool on my NAS. If I flash the eMMC with nixOS (whenever it's ported) from Debian. What would be the way to import my zpool on the new OS? Would it just be a zpool import? Given I'm not moving my disks or anything.
<gchristensen>
yeah zpool import should do the trick. you might want to zpool export poolname before you shutdown the old os
<aleph->
Yep, thought so. What does export do exactly? Just store the info on the drives? Or to a binary file I'd pass to import?
<gchristensen>
it just stores in the pool that another host will import it
<gchristensen>
zfs doesn't like to import another machine's pools without some convincing (-f I think) to avoid accidents
<aleph->
Nod
<aleph->
Thanks
<gchristensen>
I think it has to do with maybe networked / serially attached storage where you could feasibly, easily, accidentally, mount another machine's root as your own
<gchristensen>
s/root/pool/
andi- has quit [Ping timeout: 240 seconds]
andi- has joined #nixos-chat
rajivr has joined #nixos-chat
<pie_>
MichaelRaskin: would this be a relevant comment on 0078 "as a data point for usecases; I recently started wanting to be able - in nix-on-droid - to start web servers for apps from f-droid that are just frontend clients."
<samueldr>
direct bypasses writing to the cache (IIRC) and sync is thus probably redundant
<samueldr>
so pv will show the real ETA and progress
<samueldr>
fullblock is mainly because otherwise dd will throw a fit
steveeJ has quit [Ping timeout: 240 seconds]
raboof has quit [Read error: Connection reset by peer]
steveeJ has joined #nixos-chat
raboof has joined #nixos-chat
davidtwco has quit [Ping timeout: 264 seconds]
davidtwco has joined #nixos-chat
cjpbirkbeck has joined #nixos-chat
cjpbirkb1 has quit [Ping timeout: 260 seconds]
cjpbirkb1 has joined #nixos-chat
cjpbirkbeck has quit [Ping timeout: 240 seconds]
cjpbirkb2 has joined #nixos-chat
cjpbirkb1 has quit [Ping timeout: 258 seconds]
cjpbirkbeck has joined #nixos-chat
cjpbirkb2 has quit [Ping timeout: 260 seconds]
cjpbirkb1 has joined #nixos-chat
cjpbirkbeck has quit [Ping timeout: 264 seconds]
cjpbirkbeck has joined #nixos-chat
da_dada has joined #nixos-chat
cjpbirkb1 has quit [Ping timeout: 264 seconds]
dadada_ has quit [Ping timeout: 264 seconds]
cjpbirkb1 has joined #nixos-chat
cjpbirkbeck has quit [Ping timeout: 260 seconds]
LnL- has joined #nixos-chat
LnL- has quit [Changing host]
LnL- has joined #nixos-chat
LnL has quit [Ping timeout: 260 seconds]
<bqv>
__monty__: not trying to be funny but, i just broke void-linux by installing a package ._.
<bqv>
i forgot non-nixos's were this brittle
<drakonis>
lol
<drakonis>
i have to manage an ubuntu server and it is so goddamn brittle :|
<bqv>
Apparently the way I installed the package (that being, using the package installer) is extremely dangerous and the reason my system no longer boots and no binary on it will run
<bqv>
I only know because of one reddit post where someone did the same thing
<bqv>
So close to just installing nixos.
<bqv>
You know, half the point of me not using nixos on this was to make it as "convenient" as possible
<bqv>
Regret
<bqv>
God help me, I want to try not-os as a desktop OS
vika_nezrimaya has quit [Remote host closed the connection]
<elvishjerricco>
So I've got a webserver running. It's fast if I curl its local address, but not if I curl its remote address (ports are forwarded). It times out more often than not.
<elvishjerricco>
Obviously since I can curl its local address, we're on the same home network
<elvishjerricco>
But when I log into my AWS server and curl the remote address from there, it's fast
<elvishjerricco>
Is there something inherently non-performant about curling your own remote address?
<elvishjerricco>
And it only seems to be HTTP. SSH is perfectly fast when I use the remote address
<abathur>
I guess it depends on how far your remote-address traffic has to go? :)
<elvishjerricco>
abathur: Well then the ssh would have been slow. And wouldn't any decent router realize when traffic is destined for its own IP and never send it to the internet in the first place?
<abathur>
what server?
<elvishjerricco>
abathur: Both the server and my desktop that I'm connecting with are in the same home, on the same router
<abathur>
I notice an issue with my local servers sometimes, with a DNS name in hostsfile, where the first connection takes forever sometimes, and the 2nd works fine
<elvishjerricco>
Mine's not working like 90% of the time
<abathur>
by ip I guess?
LnL- has quit [Quit: exit 1]
<elvishjerricco>
I was hoping to be able to use the DNS name that points to this network without messing with hostsfile. I'm pretty sure this server hardcodes its hostname into the urls it uses.
LnL has joined #nixos-chat
<elvishjerricco>
But I get the same problem if I refer to the remote IP as well
<worldofpeace>
emily: the first line is enough for me to want to hide the comment 😸
<emily>
people sure stretch words to exciting lengths on the internet :P
<worldofpeace>
emily: lmk if they continue to waste ur time
<worldofpeace>
tho, they do actually seem to have a legit PR in nixpkgs
waleee-cl has quit [Quit: Connection closed for inactivity]
<emily>
ah, yeah, I missed that
<MichaelRaskin>
Hmmm, is the person trying to make a comparison offensive to both sides of the comparison? Differently worded, that comment would actually be a reasonable argument for making no-unrar version keep the same name, and unrar version be unfree (as it is rarely used in builds anyway)
<MichaelRaskin>
pie_: I think we have enough divergent copies of things that RFC itself can skip the likely use cases which do not provide any field data or obvious design constraints; but of course I think that it makes perfect sense to discuss in the comment the future use cases, maybe some constraints do arise out of these discussions.
<crazazy[m]>
I decided to turn off upstream cache consideration is cachix and my CI time just tripled lmao
<crazazy[m]>
but after that rebuilding my system went really quickly so thats a plus i guess
andi- has quit [Ping timeout: 260 seconds]
andi- has joined #nixos-chat
cjpbirkb1 has quit [Quit: Goodbye, take care]
__monty__ has joined #nixos-chat
LnL- is now known as LnL
<pie_>
MichaelRaskin: I'll take that as a yes?
<MichaelRaskin>
pie_: for comments, sure; I just was not sure if you expect me to also mention something along this lines in the RFC
<pie_>
no, no expectation
<MichaelRaskin>
It's not like there is currently some highly active and on-topic discussion that you could be accused of derailing! (and possible applications are surely on-topic for comments)
<pie_>
ok, im mostly asking because i didnt bother to read the thread
<MichaelRaskin>
Nothing in the last 48 hours anyway
<pie_>
well, i left a post.
<MichaelRaskin>
Hmm, everything is even more complicated…
<MichaelRaskin>
How exactly did you want to run X server there? I thought only hardware-controlling X server needs setuid ?
<pie_>
MichaelRaskin: probably easiest thing is to peek at the patches, ts gets simpler after all the confusion at the beginning of the post
<pie_>
the comment linked in the first line of the thread shows how to run x11 and the vnc server from a nix generated script - this uses the ld preload style fix so i dont have to recompile
<MichaelRaskin>
But half of the time the launcher scripts are the easy part, and the main part of the code is config file handling
<MichaelRaskin>
So the RFC is for sharing the most valuable code among all users just like Nixpkgs, and for non-systemd service abstraction… well, we do not need to ask NixOS users to agree on anything there
<pie_>
sooooo no services abstraction this time?
<MichaelRaskin>
Nope. But most services are easier to write as oneliners (assuming the config files are already built) than to push through a full-blow service abstractions anyway
<pie_>
wel ok
<pie_>
:c
<pie_>
:p
<MichaelRaskin>
And I mean, a nix-processmgmt template for a service is not expensive to clone
<MichaelRaskin>
It's when it asks you to give it the config that things need per-service work
<MichaelRaskin>
But this work I want to be easier to take from NixOS
<pie_>
i guess ill peek through the thread at some point to see whats goin gon
<MichaelRaskin>
You might also want to NixCon page → room list → service separation meeting notes
<MichaelRaskin>
As this is the discussion notes on what lead to the decisions taking when submitting RFC. I would say that the post-submission discussions so far are more on what need to be presented better.
<pie_>
MichaelRaskin: is it linked /saved or something in the thread?
<supersandro2000>
when you are watching a series while writing something for nixpkgs and they are stranded in the middle of nowhere and the only sign shows "BRNO"
<eyJhb>
Why doesn't his letters connect! Or very little
<MichaelRaskin>
I mean, you can even argue that the is a wrong number of verticle sticks in «am»
<MichaelRaskin>
Doesn't change the fact that the word being written down was «sampled»
<MichaelRaskin>
*there is
<eyJhb>
I can't complain in general
<eyJhb>
My handwriting is pure shit. I can't even read it, as said before. We sometimes play "write and guess" with my handwriting, as I forget what I have written, and we cannot read it.
<eyJhb>
So far my handwriting always wins.
<MichaelRaskin>
Too bad Palm graffitis are slow to write
aleph- has quit [Ping timeout: 260 seconds]
aleph- has joined #nixos-chat
<ldlework>
Has anyone heard of Svelte or Snowpack?
cole-h has joined #nixos-chat
<eyJhb>
V is pretty sus
<cole-h>
Vote 'em out
<V>
oh no
<V>
it's happening
<V>
I wasn't near the body I swear
<eyJhb>
Totally vented. :p
<V>
:V
<eyJhb>
At some point, we need a among us Nix play
<supersandro2000>
eyJhb: aren't you sus noticing he is sus?
<eyJhb>
Fuck.
<eyJhb>
Most of the time, you just need to call a meeting and be a slow writer. Then you are screwed!
<V>
he
<__monty__>
"It's the joggers I don't trust, they're always the ones to find the bodies!"
rajivr has quit [Quit: Connection closed for inactivity]
lejonet has quit [Ping timeout: 264 seconds]
lejonet has joined #nixos-chat
<ldlework>
Well, I am really liking what I'm seeing with Snowpack and Svelte
<pie_>
ldlework: whats svelte and snowpack
<ldlework>
Snowpack is a modern ES6 build tool that doesn't bundle during development so it's like... instant instant fast.
<pie_>
templeos obviously <eyJhb> templeol <-
<ldlework>
Svelte is like React but made as if the year was actually 2020.
<ldlework>
Apparently browsers have module import support now, and it's super efficient.
<ldlework>
So during development Snowpack lets the browser do all the work (beyond transformation ofc)
<pie_>
i have no idea what that does but sounds good
<pie_>
joepie91: more fodder for the "js/wasm/web is the multiplatform", also more whitequark doing big brain http://yowasp.org/
<MichaelRaskin>
Watching nix-builds in ssh to Ubuntu VMs roll by (ssh is spawned in a shell loop)… Because Ubuntu VMs must stay Ubuntu VMs, and I need the infrastructure to be eventually taken over by others.
<MichaelRaskin>
Nix builds they should not have problems learning, but complicated orchestration might be a risk
<drakonis>
hmm
<drakonis>
maybe i should set up nix on the server i'm managing
<gchristensen>
guh. trying to use git rebase, but merges are in the way making it unclean
<samueldr>
I've sometimes resorted to exporting patches and writing them as a less cumbersome and more tangible rebase for harder cases
<samueldr>
and applying them*
<samueldr>
ugh, and "am"ing them
<gchristensen>
ehh yeah I was afraid of that :P
<samueldr>
sometimes needing: git am --show-current-patch=diff | patch -p1
<eyJhb>
pie_: don't be hating on my decoding
<MichaelRaskin>
Ah OK, so the problem was that I am not brave enough to script editing /etc/sudoers in an idemptotent way, and failed to follow my own clear instructions mentioning I should edit it. Situation normal…
<{^_^}>
#102204 (by danderson, 19 hours ago, open): nixos/transmission: point at the settings dir in cfg.home.
<danderson>
Once I fixed that in my own code, transmission fired up and worked happily.
<eyJhb>
I mostly download to /media/entertainment, which no longer works because.. `systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ];`
<eyJhb>
But good catch!
<danderson>
can you set cfg.downloadDir? Or does that break something else?
<danderson>
I have other machinery that pulls things out of transmission's download dir, so I never aim it at anything else
<danderson>
and it's all one big ZFS dataset anyway, so, shrug
<danderson>
but it does feel like with the extra sandboxing, there's a couple of missing options to plumb more FS paths into the service
<gchristensen>
I think I've compiled Nix about 300 times today
<MichaelRaskin>
Are you any closer to understanding the problem?
<samueldr>
hopefully you let it compile itself rather?
<gchristensen>
bisecting, applying a few patches on every check
<samueldr>
if I'm implementing reading a sensitive value like a passphrase, what can be done about ensuring it gets evicted from memory as far as the processes involved know?
<samueldr>
I figure it's a case that's extremely specific to the implementation; the runtime in which that executes
<gchristensen>
I think you're supposed to memprotect it and stuff
<gchristensen>
I think aszlig had a bug report about something like this once
<samueldr>
yeah, I'm looking for usual keywords about that
<samueldr>
I'll have to take a peek at how plymouth handles that
<samueldr>
though I think there's a big loose-end here: my IPC
<samueldr>
using zeromq's ipc:// (which is unix domain sockets), I guess at any point in time zeromq could leave strays around
<elvishjerricco>
gchristensen: I'm curious what's got you bisecting Nix
<andi->
samueldr: simple just add E2E encryption!
<samueldr>
andi-: how? :)
<MichaelRaskin>
elvishjerricco: recursive nix
<andi->
from StackOverflow import E2EE
<samueldr>
andi-: I mean, it's all under the same "security context"
<samueldr>
not like I have some kind of untrusted pipe to go through
<samueldr>
except future reads into memory
<gchristensen>
elvishjerricco: recursive nix broke, and I use that to make building netboot images not miserable... but in the process of trying to make it less miserable again, I've been stuck in a misery of bisecting Nix through a buuuuunch of major changes where individual commits don't work
<pie_>
samueldr: i think there are some new apis that are getting implemented for something related to that too
<pie_>
in the kernel
<samueldr>
pie_: hard mode: vendor kernels
<pie_>
yay :D
<pie_>
technically you also dont want it to end up in swap or such either
<elvishjerricco>
gchristensen: I'm pretty sure this is literally the only use case in favor of squash merges :P Minimal intermediary broken commits on master
<samueldr>
yeah, swap is memory here
<pie_>
samueldr: i swear this is like something there should be a kernel faq for or something :P
<samueldr>
but that's not strictly kernel stuff!
<gchristensen>
elvishjerricco: yeah.
<pie_>
i dunno memory management sounds like kernel stuff >.>
<pie_>
but really i dont have any experience with this
<samueldr>
pie_: not _strictly_, there are considerations in the different userspace ways that will be abstracted away
<pie_>
unless you can somehow use homomorphic encryption to compute stuff
<samueldr>
like, is the scripting runtime caching every input so you will clear "1234" but will have "123", "12", and "1" around
<pie_>
valid
<samueldr>
or even, how to make it skip entirely being handled as a string!
<samueldr>
and then there's the GUI toolkit I'm using
<samueldr>
I *think* the textarea string would be safe as it wouldn't allocate new strings, if I understand how it's working well (without having looked)
<samueldr>
I understand that it's not part of the protocol, but a simple mention of what should be implemented would be helpful
<samueldr>
hmm, plymouth has entry->text = strdup (text);
<gchristensen>
omg: Bisecting: 1 revision left to test after this (roughly 1 step)
<MichaelRaskin>
Hopefully the remaining commit is not a huge merge
<samueldr>
how many time overs has it been roughly 1 step?
<samueldr>
I've had that happen for a couple commits
<gchristensen>
I've bisected down to individual commits 4 times now, as I built up which collection of patches I needed to carry
<samueldr>
so, looking at plymouth, I couldn't find anything ressembling security over the strings other than clearing the memory before every strdup()
<supersandro2000>
when you package something and find this filename: test_aeassessmentsessiondelegate.py
<colemickens>
Have there been surveys of "what type of nixos user are you [desktop/server/embedded/other]?" correlated with "What channel do you follow [nixos-unstable,current-stable,some-older-stable]?"