<lukegb>
gchristensen: I'm especially thinking in terms of +putting system closure into a PCR
<lukegb>
and dynamically verifying that the kernel and initrd were the ones intended for that system from my depot head
kalbasit_ has joined #nixos-chat
<bbigras>
w.r.t?
<bbigras>
vault & tpm? to unseal it?
<lukegb>
verify kernel + initrd to fetch the disk encryption key remotely, because eh I update relatively frequently and remembering to reseal the key statically is a pain, then continue boot and get a proper vault token for all the other secrets I might need
<Church->
samueldr: We ever get nixOS running on the helios64?
<samueldr>
I still haven't, but others did
<Church->
Haven't been keeping up with aarch64 last few months
<Church->
Oh rad
* samueldr
eyes the box under the desk
<Church->
Anybody I should ping?
<samueldr>
I don't recall
<samueldr>
look through the #nixos-aarch64 logs
<Church->
Fair enough I'll ask in the aarch64 channel
<bbigras>
lukegb: would you use that on your workstation? it might be a problem if vault is down.
<lukegb>
Mostly on remote machines since I don't really have a wired WS with a reliable connection anymore. I'd be tempted to use BLE to bootstrap it like mjg demoed was feasible-ish for that though
<bbigras>
for full disk encryption on desktop/laptop I think I saw people using tpm directly for that
<colemickens>
the new systemd-cryptsetup stuff looks :100_emoji:
<bbigras>
I was actually trying to find that right now. I forgot how it was called.
<bbigras>
I probably learned about it from you the other day
<lukegb>
yeah, I'm more interested in the TPM2 PCR stuff
<lukegb>
but I'd rather defer it to a separate server because I want to do some dynamic root of trust stuff
<abathur>
grumble
<pie_>
rotting
endformationage has quit [Quit: WeeChat 2.9]
bqv has quit [Quit: WeeChat 3.0]
bqv has joined #nixos-chat
slack1256 has quit [Remote host closed the connection]
cole-h has quit [Ping timeout: 256 seconds]
<colemickens>
what do people do for maintenance on machines that auto-update one way or another beyond auto GC?
<colemickens>
hm the options search is slightly less dense :/
<colemickens>
also what is --max-freed used for in practice
<colemickens>
seems like it changes what is prioritized for deletion so that it can optimistically leave more around
kalbasit_ has quit [Ping timeout: 260 seconds]
<bbigras>
I wonder if `--max-freed` is to do something like if you want to always have 100 GB of free space and you do. 100 - current-free-space = some_value. and you use that value with --max-freed if it's > 0.
<colemickens>
that's all I could come up with too, but you'd think you'd just add `--ensure-free` instead?
<colemickens>
¯\_(ツ)_/¯
<bbigras>
yeah
<samueldr>
it is about freeing up to "max freed" amount
<samueldr>
I think it's something like you can incrementally collect in regular intervals or something like that?
<samueldr>
or if you have a daemon that checks that your system has at least 10GB free, it can free an amount using that, without blowing through the whole cache
<samueldr>
so yeah, like bbigras said I guess
<samueldr>
I should add a timer task that every night frees --max-freed some small amount from my builder
<samueldr>
just so it doesn't work for long freeing stuff, but in the long run always tidies up a little
<bbigras>
you can combine it with other parameters? to not delete your last generations
<samueldr>
by default collect-garbage doesn't delete generations, no?
<samueldr>
only what is unrooted
<bbigras>
right. yeah that could be useful for deps that are not rotted.
<bbigras>
rooted*
<samueldr>
chipping away, little by little at the ever-expanding nix store
<samueldr>
maybe I could do something like "ensure there's at least 10GB free in the rootfs, but always collect at least 1GB"
<samueldr>
--max-freed could be also helpful when I accidentally fill the rootfs
<samueldr>
rather than do a complete collect of the unrooted stuff
<samueldr>
which can take... way too long
<bbigras>
I wish it could delete stuff not accessed recently
<bbigras>
like cachix does now.
waleee-cl has quit [Quit: Connection closed for inactivity]
kalbasit has quit [Quit: WeeChat 2.9]
<siraben>
gc cleaned up 666 files
kalbasit has joined #nixos-chat
<LinuxHackerman>
🤘😈
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-chat
<bbigras>
I guess you have some sacrifice to make. next full moon in on the 28th
kalbasit has quit [Ping timeout: 256 seconds]
* siraben
checks the phases with M-x lunar-phases in Emacs
tilpner has quit [Quit: tilpner]
arcnmx has quit [Quit: Idle for 30+ days]
<eyJhb>
I really con't wait to move away from my neighbour, who can scream at her boyfriend for 6-7 hours straight. 21.00 to 03.00...
<eyJhb>
If I wasn't so tired, I would be impressed. Who the hell can manage to do that
<siraben>
jeez
tilpner has joined #nixos-chat
<ashkitten>
does ralith hang out around here?
<ashkitten>
i thought they used to
<eyJhb>
talyz++ good patch! :D
<{^_^}>
talyz's karma got increased to 8
leah2 has quit [Ping timeout: 260 seconds]
leah2 has joined #nixos-chat
__monty__ has joined #nixos-chat
<Ke>
I'd mostly love to always keep all build deps
<__monty__>
Is this about nix-shells getting GCed?
<ashkitten>
hmm, need to figure out why qemu build fails when i'm building a bunch of stuff at once
<__monty__>
hexa-: Is there clarity whether this affects distros who've received their own API keys?
<ar>
surprised_pikachu.gif
<lukegb>
__monty__: it seems to, yes
<__monty__>
Bit of a weird move from the company that wants to look foss positive, what with the 20% time thing.
<ar>
__monty__: they've apparently decided to drop the charade
<lukegb>
20% time doesn't really have anything to do with foss
<hexa->
__monty__: the api key thing goes away
<ar>
it should be of no surprise to anyone. it's all about browser marketshare
<sphalerite>
ashkitten: yep definitely used to
<lukegb>
ar: I don't really buy that argument, Chromium's a rounding error
<lukegb>
(although I guess I should whip out the \i_am_a_google_employee_these_are_my_own_opinions{} TeX macro)
<__monty__>
If it's a rounding error anyway, why take away the access in the first place?
<__monty__>
Traffic/disk/etc. costs must be a rounding error too. And it's not like they're obligated to keep API compatibility, that's on chromium.
<lukegb>
probably a security and privacy team asked them to, or $SOMEONE actually launched a "proper" chromium fork that wasn't just building the OSS code, or something? I dunno, I don't really have insight into why
<joepie91>
<lukegb "ar: I don't really buy that argu"> chromium gives google a strong hand in terms of influence over both the direction of the web, and how people access services
<joepie91>
or well, chrome*
<joepie91>
presumably this is an attempt to prevent competitors taking that away
<lukegb>
joepie91: I agree that chromium in general does, especially with e.g. edge/brave/opera all just being chromium derivatives these days
<lukegb>
but all the commercially branded forks replace the google services anyway
<lukegb>
like, if you're going to launch a chrome competitor you'd be silly to continue to rely on google services for e.g. sync
<lukegb>
(fwiw: I don't really agree with this decision anyway but don't have any stake in it or have any additional context to bring to the pitchfork party)
<joepie91>
:)
<__monty__>
No need for context, lukegb, just bring your pitchfork.
<joepie91>
pitchfork emporium now open, half price for the next 20 minutes!
<{^_^}>
^: Ping for space stuff (edit this command to add yourself, see ",help"): infinisil Taneb ldlework etu philipp[m] eyJhb gchristensen __red__ red red[evilred]
<{^_^}>
in 2 minutes!: Ping for space stuff (edit this command to add yourself, see ",help"): infinisil Taneb ldlework etu philipp[m] eyJhb gchristensen __red__ red red[evilred]
<Taneb>
infinisil++
<{^_^}>
infinisil's karma got increased to 407
<infinisil>
looks like we got a vroom today!
<eyJhb>
I SAW THE VROOOOM :o Finally
<infinisil>
Damn that sunlight on the rocket looked awesome
<philipp[m]>
I just missed the VROOOM! Was it a good one?
<__monty__>
It was great because the feed didn't cut out during landing!
<philipp[m]>
Oh! Nice! Did they say anything about changed antenna setup or did they just get lucky?
<infinisil>
l
<infinisil>
(ignore that)
<philipp[m]>
As I understand it, the feed cuts out because the barge shakes so much that they have trouble aligning their antennas and the amount of plasma in the air is also not great for receiving radio signals right next to the rocket.
<philipp[m]>
infinisil: Please don't change it. It would probably break bazel builds or something.
<infinisil>
Lol
<eyJhb>
What
<eyJhb>
Didn't know Nix was that old.
<eyJhb>
`Date: Fri Mar 14 16:43:14 2003 +0000` first commit in nixpkgs
<eyJhb>
` svn path=/nix/trunk/pkg/; revision=5` <-- No no no no
<philipp[m]>
It really solved problems that other people didn't recognise for a decade. Pretty impressive stuff.
<eyJhb>
SVN?
<philipp[m]>
nix
<eyJhb>
People still don't see the issue
<eyJhb>
But Nix has it shortcomings as well
<philipp[m]>
Oh, sure it does. It's software.
<eyJhb>
I really want to see a nice way, to get "any version" or the closest version to a piece of software in nix. Ie. I want this very specific PHP version. ATm. you can try to inspect the version line and grep if it matches
<eyJhb>
^ More -dev I guess
leah2 has quit [Ping timeout: 244 seconds]
leah2 has joined #nixos-chat
waleee-cl has joined #nixos-chat
<__monty__>
Yeah the nix model seems excellently amenable to keeping around old versions.
rajivr has quit [Quit: Connection closed for inactivity]
<ldlework>
Is DigitalWiki in #nixos correct that I have to spend hours bisecting nixpkgs to find out why my GPU config doesn't work anymore?
<__monty__>
Rather predictably my comment on the matrix PR made things spiral out and the result is they probably won't even try to improve the quotes, let alone improve the IRC-side experience.
<mjlbach>
Seems like it's just the one PR author
endformationage has joined #nixos-chat
<__monty__>
Yes, it does. But the end result is still the PR was closed. And maintainers rarely consider that a good sign, at least I don't : )
<__monty__>
I don't understand OP's reaction, how is self-censoring going to improve anything?
<ashkitten>
sphalerite: have you seen them lately? are they involved with nixos still?
<__monty__>
mjlbach: That looks exactly like matrix's reply-to functionality, yeah. But afaict IRCv3 is pretty nebulous still, more or less just describing all the various extensions to IRC that proprietary implementations have.
<joepie91>
__monty__: well no, it does actually get implemented
<joepie91>
but... doesn't matterbridge have a puppeting mode?
<samueldr>
nothing from IRC in one IRC-client height on the pinebook channel of pine64
<samueldr>
I don't know
<samueldr>
I really don't care enough about enabling silo ossification
<samueldr>
so I'm not looking
<__monty__>
Does anyone feel like comments that disagree with a PR undermine the code in the PR or their original intent in making the PR?
<samueldr>
I think it depends
<samueldr>
but it can
<joepie91>
yep, can
<__monty__>
What if there's no verbal abuse or spam?
<samueldr>
it can, still
<mjlbach>
I think PR feedback that's tangential to the purpose of the PR can be off-putting, not saying yours was
<samueldr>
(I don't know the context)
<mjlbach>
If a PR make a feature that doesn't work well work slightly better, then saying something like "this feature should be removed and it's a waste to improve it" I would consider toxic/off-topic
<samueldr>
if, let's say, a project lead comes to a PR and says "I don't like this PR", or similar-intent messages
<samueldr>
I said project lead, but anyone with authority on the project can too
<colemickens>
abathur: Discourse is chastising me from sending three fire emojis in response to the RiiR
<__monty__>
samueldr: As a maintainer the dynamic is very different. I meant as peers.
<abathur>
colemickens: oh? :P
<rmcgibbo[m]>
If anyone's a big rust hacker, I'm in the process of adding some rust code using `rnix` to nixpkgs-hammering in order to add a check (used for linting PRs to nixpkgs) that all `patches` have a comment associated with them.
<rmcgibbo[m]>
But I'm not a big rust hacker, so although my code gets the job done, I bet I could use your help + code review.
<{^_^}>
jtojnar/nixpkgs-hammering#16 (by rmcgibbo, 4 hours ago, open): Add missing-patch-comment check using rust and rnix
ixxie has joined #nixos-chat
<lovesegfault>
rmcgibbo[m]: reviewing now
<rmcgibbo[m]>
Thanks so much!
<rmcgibbo[m]>
I've probably written <1000 lines of rust in my life, so... sorry in advance.
<lovesegfault>
rmcgibbo[m]: I think you learned how to use Rust iterators halfway through writing that code, so part of it uses them perfectly and then the other part doesn't use them :P
<rmcgibbo[m]>
:P no comment
<lovesegfault>
posted an initial review
<lovesegfault>
just a fast pass
<lovesegfault>
TL;DR: some style things, only one semantic issue, some "not using iterators when they would be nice"
<rmcgibbo[m]>
thanks so much lovesegfault
__monty__ has quit [Quit: leaving]
veleiro has joined #nixos-chat
<veleiro>
Speaking of matrix bridge. I cant figure out how to unbridge my account
<veleiro>
oh well, i was considering znc but i guess a bridge works too
<bbigras>
maybe send a dm to freenode-connect
<veleiro>
ok
ixxie has quit [Quit: Lost terminal]
<veleiro>
i think i used the matrix bridge to connect my accounts more than a year ago and then after 30 days of inactivity it logs out, and i started using norm irc again. but as soon as you login to matrix.org it bridges again
<joepie91>
I think it's a command that you can send to the bridge bot
<joepie91>
the appservice user
<bbigras>
yeah probably. well I know you can do something automatic for nickserv and join/leave channel