<infinisil>
samueldr: Ohh that's a great idea, I should put disk space in my xmobar
<samueldr>
conky can be docked :)
<infinisil>
samueldr: What's that mean?
<samueldr>
like a taskbar, to a side of the screen
<samueldr>
(that was more for cole-h)
<infinisil>
Ah, but yeah I see
thibm has quit [Quit: WeeChat 2.6]
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
<cole-h>
or I could add that info to my swaybar lol
<ldlework>
oh good idea
<energizer>
having a constant monitor for space seems like the wrong model
<cole-h>
How so?
<cole-h>
Certainly better than nothing
<energizer>
if it's not actionable you don't need information about it
<cole-h>
it is actionable though
<cole-h>
for me
<energizer>
usually it isn't
<energizer>
because it's usually not full
<energizer>
so a notification for the rare almost-full event is more appropriate
<gchristensen>
+1
<joepie91>
<samueldr> conky can be docked :)
<joepie91>
return of the Windows Vista sidebar!
<gchristensen>
vista was the best thing since xp sp1
<joepie91>
SP3*
<samueldr>
yes please
<infinisil>
energizer: Problem with a notification is that it's easy to just brush it away
<samueldr>
make it show up in your *bar when it's about to be full only, and in red, and comic sans
<energizer>
infinisil: that's a good point. the interface should be more like an issue tracker
<samueldr>
and no way to brush it away, other than fixing the problem
<infinisil>
Lol
<joepie91>
weaponized comic sans!
<infinisil>
What if you made the machine beep with a frequency inversely proportional to the space left
<samueldr>
if you can, make it an overlay on top of your display
<samueldr>
that you can click through
<samueldr>
infinisil: sad boops
<infinisil>
Hmm, but the beeps should only occur from a certain point on
<cole-h>
how to compare file sizes from stdin
<infinisil>
You wouldn't want it to beep at all when it's 50% full
<infinisil>
cole-h: wc -c
<cole-h>
e.g. check if $1 is less than 20G, and would still work when $1 is 200G or 200B
<cole-h>
infinisil: File sizes, yet detached from files :P
<lovesegfault>
Mic92: Are you around?
<cole-h>
Hm, maybe `numfmt --from=ie` will help
<cole-h>
s/ie/iec/
<infinisil>
cole-h: Ohh use stat
<infinisil>
stat -c %s <file>
<cole-h>
I meant detached from files in that there is no file
<cole-h>
just sizes
<lovesegfault>
cole-h: are you using nix-sops?
<cole-h>
Nope, sorry.
<cole-h>
My script ended up as: test (zfs list -H | awk '{if ($1 == "rpool") print $3}' | numfmt --from=iec) -lt (echo 20G | numfmt --from=iec) && echo '!! less than 20G left in rpool !!'
<cole-h>
(fish syntax)
<lovesegfault>
s/cole-h/colemickens/
<lovesegfault>
colemickens: ^
<lovesegfault>
damn pinger
<colemickens>
lovesegfault: yep
<infinisil>
colemickens: zfs list -Hp -o used rpool
<infinisil>
:)
<lovesegfault>
colemickens: have you seen this before: /nix/store/1x3hwkmfmin33pb3bmlbxqw9416vp3pk-sops-install-secrets-0.0.1/bin/sops-install-secrets: Failed to decrypt '/nix/store/1x609d7a9n7l4gd208r52kpgx7pfzjhh-stcg-aws-credentials.yml': Error getting data key: 0 successful groups required, got 0
<lovesegfault>
I saw that you had hit something with setting gpgHOme
<lovesegfault>
but I don't think I set that anywhere
<colemickens>
I don't set gpgHome in my configs I don't think either.
<colemickens>
I should be better about my secrets, I just blast them all out to all machines right now
<energizer>
lovesegfault: thanks
<lovesegfault>
np :)
<lovesegfault>
bbigras: really tempted to try flakes nwo
<lovesegfault>
*now
<lovesegfault>
gchristensen: had to revert the spawn-in-cgroup change
<lovesegfault>
consistently had systemd segfaulting after a couple hours use
<bbigras>
lovesegfault: since you figured out how to use sops-nix? I was looking at it today too. I even asked mic92 a dumb question on his dotfiles repo.
<lovesegfault>
so that only the hosts that need a certain secret can actually decrypt it
<bbigras>
awesome. I wish digital ocean would have something like google and aws for the key but pgp will be fine.
<bbigras>
there's no easy way to use sops with something like `services.spotifyd.settings.global.password` right? I'm guessing even if we could it would end up in the nix store. mic92's dotfiles use some trick like https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modules/bitwarden.nix#L50-L54 . It seems a pain to have to define your own systemd servies for everything but I guess it must be the only way.
<lovesegfault>
Yeah, it's the only way I can think of
<lovesegfault>
You can also upstream a passwordFile config for those services
<lovesegfault>
IMHO it should be standard
<bbigras>
yeah I agree
<bbigras>
another cool thing with Sops. https://github.com/direnv/direnv/wiki/Sops . I guess it's like when we put passwords in .env but now it's encrypted. Another thing I saw in mic92's repo.
FireFly has quit [Quit: Goodbye]
<bbigras>
lovesegfault: are some of your hosts on aws?
<Mic92>
bbigras: I have one.
<Mic92>
I think I should just move the README of sops-nix to the wiki
<Mic92>
like direnv.
<Mic92>
Seems to work out great
FireFly has joined #nixos-chat
<bbigras>
oh I don't have one on aws. I was just wondering if he was planning to use AWS KMS instead of pgp. Which seems pretty cool.
<bbigras>
I'll check the wiki for other cool sops usage.
<bbigras>
and I need to check gitAndTools's 9000 packages before adding a new one that I think is useful. I wouldn't be surprised if there's already dozen of them doing the same thing.
<Mic92>
bbigras: aws kms is a bit tricky right now. you can ask colemickens how it can be done. I want to fix is in future with sops-nix
<Mic92>
right how pgp is the sops-nix happy path
<bbigras>
Mic92: thanks 👍️
endformationage has quit [Quit: WeeChat 2.9]
abathur has quit [Quit: abathur]
waleee-cl has quit [Quit: Connection closed for inactivity]
<bbigras>
What would you guys use to for secrets `networking.hosts` hosts? I think I'll still have to use a git submodule with a private repo.
<lovesegfault>
bbigras: nope
<lovesegfault>
one is on GCP
<bbigras>
lovesegfault: gcp has some key thing too. But maybe check with mic first.
<bbigras>
I wonder if using those key things are tricky with sops or only sops-nix. I also wonder how key rotation works when it happens in gcp's side
<colemickens>
Sops works with amazon/google/azure's keyservices.
<colemickens>
For Azure it's "automatic", and it should be roughly the same on the others.
<colemickens>
The gist is that you create a key in their KMS, you put that in sops.yaml, it is used to encrypt. Then the VM is provisioned with access to the KMS resource.
<colemickens>
Sops will look at the encrypted sops file, see that there is, for example, an Azure KV key...
<colemickens>
and then Sops's Azure integration knows how to retrieve a valid oauth token from the Azure control plane, and then can decrypt the file.
<colemickens>
So after initial setup, it's entirely automated and hands-off. cc @bbigras ^. This is basically all just out-of-box functionality. I think I mostly just needed a PR to fix a small bug in Sop's Azure integration
<colemickens>
(this is predicated on sops-nix adopting systemd-activation)
<bbigras>
Cc lovesegfault ^
<colemickens>
(otherwise it requires a couple extra tricks to get networking+dns available for when it executes)
<colemickens>
It makes for a very, very, very cool demo, IMO.
<lovesegfault>
I'm back
<lovesegfault>
moving furniture around :D
<bbigras>
colemickens: yeah it seems awesome. I wish all cloud providers had something similar. Thanks!
<lovesegfault>
TIL I can force jemalloc as my system allocator in nixos
<lovesegfault>
neat
abathur has joined #nixos-chat
<lovesegfault>
hmm systemd segfaulting is unrelated to me spawning everything in a cgroup
<lovesegfault>
one of the recent nixpkgs bumps, it must be
<{^_^}>
#106791 (by petabyteboy, 2 days ago, closed): system instability after updating systems
<lovesegfault>
bingo
kalbasit has quit [Ping timeout: 272 seconds]
cosimone has quit [Quit: cosimone]
ece has quit [Ping timeout: 256 seconds]
ece has joined #nixos-chat
lopsided98 has quit [Ping timeout: 260 seconds]
lopsided98_ has joined #nixos-chat
<lovesegfault>
error: reached FD_SETSIZE limit
<lovesegfault>
Ah, nix how I love you
thibm has joined #nixos-chat
<lovesegfault>
Uuuh what
<lovesegfault>
I can't build anything
<lovesegfault>
complains there's no space
<lovesegfault>
all my disks are pretty much empty
<lovesegfault>
tmpfs is empty
* lovesegfault
scratches head
<etu>
lovesegfault: Hmm
* etu
has experienced "full" EFI, but that was just hindering me from installing nixos on a machine because it couldn't create an EFI entry
<lovesegfault>
Right, I've had annoying full EFI too
<lovesegfault>
but this is just a vanilla nix build
<colemickens>
lovesegfault: I swear I was hitting that on one of my remote builders last week but didn't have time to investigate. I'd be curious if you find out what's up
<eyJhb>
Is there anything like tmate, but for sharing your desktop?
__monty__ has joined #nixos-chat
<talyz>
lovesegfault: Running out of inodes?
<talyz>
Probably not if it's a new system..
<cole-h>
lovesegfault: You probably already tried, but I'd strace it :D
<cole-h>
Does it behave the same with and without going though the daemon?
cole-h has quit [Ping timeout: 264 seconds]
FRidh has joined #nixos-chat
<eyJhb>
,ping
<{^_^}>
pong
lunc has quit [Ping timeout: 256 seconds]
cosimone has joined #nixos-chat
maljub015 has joined #nixos-chat
maljub01 has quit [Ping timeout: 240 seconds]
maljub015 is now known as maljub01
maljub01 has quit [Ping timeout: 256 seconds]
maljub01 has joined #nixos-chat
waleee-cl has joined #nixos-chat
<__monty__>
Does anyone know if the credits on Travis-CI's free plan are one-time or recurring?
<abathur>
__monty__: my impression is that they're one-time, but that the OSS-only credits are recurring
<__monty__>
: /
<__monty__>
I don't think I can log in with one of my organizations. Is there any way I can still request OSS credits?
<abathur>
I'm not sure about that process; I haven't requested and don't have any yet
spudly1 has quit [Ping timeout: 246 seconds]
kalbasit has joined #nixos-chat
waleee-cl has quit [Ping timeout: 260 seconds]
rajivr has quit [Ping timeout: 260 seconds]
rajivr has joined #nixos-chat
LnL has quit [Ping timeout: 260 seconds]
ashkitten has quit [Ping timeout: 260 seconds]
LnL has joined #nixos-chat
LnL has joined #nixos-chat
ashkitten has joined #nixos-chat
waleee-cl has joined #nixos-chat
slack1256 has joined #nixos-chat
lunc has joined #nixos-chat
<Mic92>
one does not simply compile epbf
ixxie has joined #nixos-chat
<Mic92>
never mind :) the ebpf verifer actually prevented me from doing something stupid.
<gchristensen>
nice
<tilpner>
Your previous statement was true though
<tilpner>
It requires all sorts of dances, because how dare you have uninitialised padding in your struct!
ixxie has quit [Remote host closed the connection]
ixxie has joined #nixos-chat
lunc has quit []
<lovesegfault>
talyz: nope, plenty of inodes
<lovesegfault>
it stopped happening all of a sudden
<red[evilred]>
I think we can all relate to this ;-)
* lovesegfault
sighs
<lovesegfault>
I really need to start putting in the work to get my commit bit
<red[evilred]>
I feel ya. I do too (but I still don't feel like I'm ready for it for 99% of things that go by in PR land)
aranea has quit [Ping timeout: 240 seconds]
<red[evilred]>
once that gets to 50% I'll consider applying
<lovesegfault>
IMHO nixpkgs needs people who can build, test, and read medium-complexity drvs much more than people who understand the depths and intricacies of, idk, patchelf
<lovesegfault>
the bulk of the PR load is simple stuff
<lovesegfault>
it just needs someone to look, commend, and maybe merge
aranea has joined #nixos-chat
<abathur>
better sieves might be a nice lever, though there's probably some tension between effciently funneling issues/PRs towards people best-positioned to resolve them and key members burning themselves off on an infiniscroll of work they know they're the backstop for
<abathur>
s/off/out :)
<lovesegfault>
Right, I think being able to accurately understand what PR's you are and are not qualified to review is key
<lovesegfault>
there's this weird culture in nixpkgs where every committer must have total knowledge of things and feel qualified to review any PR, or at least I've been told that before
<lovesegfault>
I find that a bit wacky, I don't know any other large project like that. Usually people find a corner they like and specialize there
<samueldr>
>> there's this weird culture in nixpkgs where every committer must have total knowledge of things and feel qualified to review any PR
<samueldr>
that's the first I hear about that
<samueldr>
maybe if you're interested into managing a release it would help
<lovesegfault>
I've been told that before, admittedly a long while ago
thibm has quit [Ping timeout: 258 seconds]
thibm has joined #nixos-chat
<sphalerite>
lovesegfault: you have 106 commits in nixpkgs and no commit bit? Pfff. Hey gchristensen ! Can we get a commit bit over here? :p
<bbigras>
"managing a release". I wonder if you would get more gray hair than Obama during his terms.
<sphalerite>
bbigras: I didn't
<bbigras>
sphalerite: hehe. great. The last release manager had some help too.
<lovesegfault>
samueldr: What does "managing a release" mean in the context of Nix? (i.e. what is the work around it)
<bbigras>
I have 96 "shitty" commits.
<lovesegfault>
I have never used non-unstable nix 😅
<samueldr>
of Nixpkgs, mainly rounding up the PRs and pushing people into submission
<samueldr>
:)
<samueldr>
and then making sure things do work as expected, and getting the right people to help to fix broken stuf
<samueldr>
stuff*
<lovesegfault>
When is the next release? I remember reading we changed the months?
<samueldr>
there is an RFC open to change the months
<bbigras>
What is the change about? the number of months between the releases? I'm guessing doing it 2 months later of whatever wouldn't change a thing.
<bbigras>
unless some upstreams have a similar schedule
<samueldr>
I'll be blunt, but read the RFC
<samueldr>
it's all explained there :)
<bbigras>
but I read like the first phrase of the pr 😅
<clever>
node_hwmon_in_volts and node_hwmon_curr_amps from the main prometheus node exporter
<clever>
sadly, for my laptop, the amps are positive for both charge and discharge
<clever>
but i can now see that it draws 500mA when idle, ~750mA when idle with the display on, and it can charge at up to 3A
pinage404[m] has quit [Ping timeout: 268 seconds]
leons has quit [Ping timeout: 268 seconds]
leons has joined #nixos-chat
pinage404[m] has joined #nixos-chat
cosimone has quit [Quit: cosimone]
FRidh has quit [Quit: Konversation terminated!]
cosimone has joined #nixos-chat
<energizer>
why does /etc exist in nixos? can't everything be pointed into the store?
<samueldr>
(not exactly the right place to ask)
<energizer>
ok
<samueldr>
but a good question nonetheless
<bbigras>
Can /etc/krb5.keytab be read-only with kerberos?
<viric>
/nix/store is readable by everyonew
Jackneill has quit [Ping timeout: 256 seconds]
<clever>
energizer: /etc is mainly for programs that cant be told to look elsewhere, or for programs that you want to reload and not restart
<clever>
energizer: or for things like alsa, where you cant feasible wrap every binary thats reading it
Jackneill has joined #nixos-chat
<samueldr>
heh, `exec kexec` when ran as PID 1 is seemingly not a good idea
<samueldr>
something about killing init when kexec tries to kill... something?
<samueldr>
or... disregard this as I'm probably misreading the logs
<samueldr>
yep, unrelated output
<clever>
if kexec succeeds, it will never return
<samueldr>
yeah, I definitely didn't read something right
<samueldr>
I don't even have kexec in that initrd yet :)
<samueldr>
(the binary)
slack1256 has joined #nixos-chat
<abathur>
if only past-me knew that current-me would be looking through the blame for every ini file I can find that sets a specific option on the off chance anyone felt the need to document why...
<abathur>
my consolation prize so far is just this very appropriate commit message: "all at once of course"
slack1256 has quit [Remote host closed the connection]
<infinisil>
Oh wow, I could pay my health insurance with bitcoin
* abathur
hopes this isn't one of those dumb scavenger hunts where I spend 2 hours searching for something only to end up at an unanswered SO Q/A I opened myself or already have bookmarked
thibm has quit [Quit: WeeChat 2.6]
<energizer>
good idea/bad idea: configuration file that requires a `reason` field for every setting value
<cole-h>
Would require people to know what they're configuring :P
<samueldr>
good idea
<samueldr>
yeah
<samueldr>
"because"
<cole-h>
"asdf"
<samueldr>
"fixes stuff"
<cole-h>
"idk but why not"
<samueldr>
field = 1 // reason: 2
<infinisil>
Reminds me of this idea I talked about recently, about programs saying exactly why they do each action