<infinisil>
So I'm thinking, if youtube videos could be exposed directly at like youtube.infinisil.com/<id>, then these urls could be used in syncplay instead
<infinisil>
energizer: Yeah, I tested that too, and it works. But not in syncplay
<infinisil>
"Failed to recognize file format" to give an error
<infinisil>
Maybe I should debug it a bit more
<sphalerite>
infinisil: in case you're interested, I hacked together an in-browser syncplay-oid recently
<sphalerite>
with some little adjustments and no corresponding documentation updates
<infinisil>
Hehe, as all hacks should be
<sphalerite>
this was literally something I put together in an hour to use it the same evening
<infinisil>
:o
<sphalerite>
(which is very unlike me, I usually think "oh but I should do this and that properly" and end up bikeshedding the whole thing before anything is working
<sphalerite>
)
<sphalerite>
I guess the time pressure helped
<infinisil>
Hehe yeah I'm usually also a perfectionist
<sphalerite>
well you still get more projects into a working state than me :p
<infinisil>
Not sure about that! I have so many things I'd like to work on
<infinisil>
Recently I've thought a lot again about how to organize/rate/tag music
<infinisil>
And I feel like I have the idea of the century
<infinisil>
But I don't really have much time to implement it :(
<sphalerite>
you got nixbot out of the hangar
<infinisil>
Hehe I guess
<sphalerite>
and nixus is in a working state
<abathur>
should be like a yearly competition to do the weirdest thing you can possibly do with normal syscalls without breaking <test suite>
<abathur>
(new test suite choice each year, to keep it interesting?)
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-chat
rajivr has joined #nixos-chat
slack1256 has joined #nixos-chat
<energizer>
something's wonky with the audio of this talk. which settings should i change to make it more comfortable to listen to? https://www.youtube.com/watch?v=Rk76BurH384
<energizer>
(i dont have the framework to even describe audio problems)
<infinisil>
energizer: Hmm maybe you need a high-pass filter
* infinisil
tries out different things in pulseeffects
<infinisil>
Actually just noise reduction works great
<supersandro2000>
also I think for daily usage that does not matter to much
<cole-h>
Anybody have any reading material for protecting a server (esp. in the context of NixOS)? I should probably make sure my mailserver is decently protected.
<cole-h>
Is fail2ban still something that should be enabled?
<jtojnar>
“You are probably unaware that encryption is a heavy-weight operation and that even with hardware support in the CPU, you will be limited by what your CPU crypto-accelerator can do.”
<supersandro2000>
the default ssh-server settings for nixos are actually not that bad
<supersandro2000>
fail2ban is mostly to avoid spam attacks that slow down your system or try to brute force something
<supersandro2000>
but can't recommend anything to read from the top of my head right npow
<energizer>
cole-h: i think people disagree on that. some people argue that adding extra internet-facing code is just adding risk without matching benefit
<supersandro2000>
whut. fail2ban is not strictly required but if you get a lot of spam or brute force attacks it can be really useful
<energizer>
what's the use?
<supersandro2000>
blocking ips which exceed rate limits in the form of authentication failures
<supersandro2000>
if we go by this rule we can also remove encryption from your disk because it is slightly slower
<bbigras>
is using the hardening nixos profile a good idea?
<supersandro2000>
maybe a mail server is not a perfect example for fail2ban I can think of
<supersandro2000>
but it could block ips which scrape your web server or try to exploit something
<supersandro2000>
at least for ssh I found something way more effective than fail2ban: you only enable newer cryptos (eg ed25519) and most bots can't connect to you because they only know ecdsa and rsa
<bbigras>
you can also only allow ssh when using a vpn
<bbigras>
maybe only for servers that you can connect without ssh in case of problems. like on digital ocean
<energizer>
depending on how big your internal network is, there might be 0 or many compromised machines on it
<supersandro2000>
idk why I would want to wrap ssh over a VPN
<supersandro2000>
both use a pre shared secret and ssh has password login disabled
<supersandro2000>
and a vpn wont save you anything if you have a bad machine in most cases
<energizer>
it's nice to not have my computers routable on the public internet, "defense in depth" and all that
<supersandro2000>
if I have some remote network somewhere it makes sense to connect to it via VPN
<supersandro2000>
but if I have a single server with ssh in some data center I can just connect to it via ssh
endformationage has quit [Quit: WeeChat 2.9]
<cole-h>
lovesegfault: ping
<lovesegfault>
cole-h: pong
<cole-h>
lovesegfault: You use deploy-rs -- if I use `--build-host` with nixos-rebuild, should I just set up that host as a builder for the machine I'm deploying to?
<lovesegfault>
I haven't used nixos-rebuild in >1y now
<lovesegfault>
I don't really know
<cole-h>
basically just makes it build locally before pushing the paths to the remote host
<lovesegfault>
doesn't deploy-rs do this?
<bbigras>
`nix build .#host` ?
<cole-h>
lovesegfault: I don't use deploy-rs yet, which is why I was asking :P
<lovesegfault>
cole-h: time to start using it :P
<cole-h>
I guess ;P
<lovesegfault>
are you on nixus or nixops?
<cole-h>
Neither
<cole-h>
:D
<cole-h>
nixos-rebuild
<bbigras>
another nix deploy tool was announced today in the forum
<lovesegfault>
Yeah, I wanted to do that for deploy-rs
<cole-h>
It's been around IIRC
<cole-h>
I remember seeing it on r/nixos I think
<lovesegfault>
Ah, I know justinas
<lovesegfault>
he's a great engineer
<bbigras>
I kinda lost track of every deploy tools to be honest. we should put all of them in a locked room and force them to breed to something.
<energizer>
does nixus do concurrent deploy?
<lovesegfault>
nope
<lovesegfault>
neither does deploy-rs
<aleph->
Does nixops already do concurrent deploys?
<aleph->
Doesn't*
<aleph->
Huh I do like a decent amount of what I read on colmena. Saved
<supersandro2000>
> Entirely stateless
<supersandro2000>
I am sold
<{^_^}>
undefined variable 'Entirely' at (string):472:1
<supersandro2000>
with nixops I am usually like: yeah something something with state is broken, just delete it
waleee-cl has quit [Quit: Connection closed for inactivity]
<energizer>
nixops 2 is stateless by default iirc, morph is too
<energizer>
morph doesnt parallel tho
<infinisil>
Hmm parallel eval..
<supersandro2000>
let me check my nixops version...
<supersandro2000>
NixOps @version@
<supersandro2000>
1.7 still
Hurttila has joined #nixos-chat
<energizer>
feels like multiple evals of similar systems should be able to share memory
<supersandro2000>
I am not sure if that would save anything
<supersandro2000>
if you would build the things first and re-use those builds across the hosts you could save build time
<energizer>
that discourse page says "If I remember correctly, for large NixOps networks of e.g. 100 nodes, you have to do 100 machine evaluations, which takes a long time."
cole-h has quit [Ping timeout: 272 seconds]
<supersandro2000>
yeah read that
<supersandro2000>
but you can't easily do that in nix
<supersandro2000>
because you would still need to revalidate large parts
<adisbladis>
energizer: I think that you could make an eval cache by considering the derivations as nodes in a persistent data structure
lejonet has quit [Ping timeout: 240 seconds]
lejonet has joined #nixos-chat
<infinisil>
The satisfaction of packaging something complicated with Nix, making it completely selfcontained is just so good
<eyJhb>
It is nice of Minecraft to know I might be running NOEXEC on /tmp `INFO: /tmp/libnetty_transport_native_epoll_x86_645749315839084536968.so exists but cannot be executed even when execute permissions set; check volume for "noexec" flag; use -Dio.netty.native.workdir=[path] to set native working directory separately.`
<adisbladis>
eyJhb: At least with Go you can type golang and get good results
<philipp[m]1>
adisbladis: I also did that with rustlang and it was alright, when I was using it.
<adisbladis>
Good to know :)
<adisbladis>
I don't do Rust (yet)
<adisbladis>
One massive rabbit hole at a time..
<leons>
eyJhb: re Haskell, I know the feeling. I've tried to get started with it so many times and always failed. I think the issue is my desire to always write fully-fledged CLI/Network applications, that's way to much complexity at once.
<leons>
Recently I've started implementing simple algorithms which map well to the language (for example, simple SAT solvers) and that turns out to be a much better approach to learn the language
<adisbladis>
leons: My last attempt at Rust was a super tiny project, but where I wanted to do async
<adisbladis>
I spent a couple of hours on tokio, but I'm too dumb for that
<adisbladis>
Not a good way to learn Rust
<adisbladis>
I think the entire thing took less than an hour in Go
<eyJhb>
Go is really really nice
<adisbladis>
I mean...
<eyJhb>
Also, leons I think haskell can do some pretty complex Netowkring stuff.. But Do not expect me to read it
<adisbladis>
Go the language isn't exactly great
<eyJhb>
adisbladis: NO!
<eyJhb>
Let it stay
<eyJhb>
Go is really nice *.*
<adisbladis>
Go's standard library is 95% of the value I'd say
<eyJhb>
That is meant as a bold period, not a weird ass smiley
<eyJhb>
Yeah true..
<adisbladis>
eyJhb: I still enjoy writing things in Go
<adisbladis>
But I'm under no illusion that the language itself is really a good one
<eyJhb>
For anyone wondering, I am guessing none, I got my first PoC of my Minecraft proxy working in Go :p I can imitate the server + throw a disconnect message right at them.
<eyJhb>
Eh, I do quite enjoy it and find it quite powerful. It does however have its shortcomings.
<patagonicus>
I like Go as a language. It's not perfect, but so far it's the language I enjoy most.
<eyJhb>
*nix is also nice, but for other stuff* but yeah, also the langugae I enjoy the most atm.
Synthetica has quit [Quit: Connection closed for inactivity]
julm has joined #nixos-chat
__monty__ has joined #nixos-chat
<eyJhb>
Does.. Does anyone have a Craftbukkit module for MC?
<infinisil>
eyJhb: At one point I want to implement tracking exactly when somebody joins or leaves
<infinisil>
And then maybe even bill people based on how long they're on :P (getting cheaper the more people are on at one time)
<__monty__>
But free for the first couple? Otherwise there's a bit of an incentive bump, no?
<infinisil>
__monty__: incentive bump?
<__monty__>
Though that probably matters less when it's friends.
<__monty__>
Yeah, like a hump to get over before it picks up. Because playing alone is both the least fun *and* the most expensive.
<infinisil>
Ah I see
<__monty__>
But if no one plays alone, how can you get to two or more.
kcalvinalvin has quit [Quit: ZNC 1.7.4 - https://znc.in]
<__monty__>
If it's more like agree out-of-band to play with a group it's less of an issue.
<infinisil>
Yeah
<infinisil>
The out-of-band thing makes sense, people would be encouraged to agree to play together
<infinisil>
Hmm, I feel like I could make a business out of this
<__monty__>
I was kinda thinking of this as a model for providing open servers for fairly cheap.
<__monty__>
Yeah, it sounds like a decent business model.
<__monty__>
Scale to 0 instead of scale to the minimum monthly cloud payment.
<infinisil>
Yee
<infinisil>
And minecraft has a huge community
kcalvinalvin has joined #nixos-chat
<infinisil>
> timeTo mars
<{^_^}>
"5 days, 3 hours, 32 minutes, 6 seconds"
<gchristensen>
> timeTo die
<{^_^}>
undefined variable 'die' at (string):472:8
<infinisil>
> die = date.epochToDateTime builtins.currentTime
<{^_^}>
die defined
<infinisil>
> timeTo die
<{^_^}>
""
<infinisil>
Lol
<adisbladis>
It's dead
<__monty__>
> roll 1d6
<{^_^}>
undefined variable 'roll' at (string):473:1
<gchristensen>
> roll = _: 1
<{^_^}>
roll defined
<__monty__>
> roll = _: 4 # Standard random number
<{^_^}>
error: syntax error, unexpected '=', expecting ';', at (string):373:12
<__monty__>
: (
<gchristensen>
it does't work for a 1d2 :(
<infinisil>
Oh damn, can't handle comments
<__monty__>
gchristensen: But 1 doesn't work for 2d6.
<__monty__>
(╯°□°)╯︵ ┻━┻
<__monty__>
┬─┬ノ( º _ ºノ)
cole-h has joined #nixos-chat
<gchristensen>
guhhhhhhh znapzend is fine when everything is fine, and such garbage when things aren't fine
<philipp[m]1>
So you say an ideal tool for backups?
<__monty__>
: s
<gchristensen>
lol
* infinisil
agrees
<__monty__>
I'm not sure what the proper behavior is when not every target has your snapshot yet though. Since a single copy isn't a backup.
<gchristensen>
holding on to the 5minutely snapshots isn't helping anything
<philipp[m]1>
btw: Does it play nice with encrypted zfs snapshots (as in sends them encrypted to the remotes without change) yet?
<gchristensen>
zrepl does
<gchristensen>
(raw sends)
<philipp[m]1>
Cool, might want to replace my homegrown mess with that.
<__monty__>
Oof yeah that's a high frequency to be holding onto.
<philipp[m]1>
Or do I quit playing around with zfs snapshots and just use borbackup? So many questions.
kraem has quit [Ping timeout: 246 seconds]
<gchristensen>
I found borgbackup to be quite slow when I wanted to spelunk through it, that is why I don't use it anymore
<infinisil>
Once you go zfs you can't go back
kraem has joined #nixos-chat
<philipp[m]1>
Do I really want to go spelunking into it though? I'd still have my zfs-auto-snapshots in case I deleted a file and borgbackup would be more of a disaster recovery solution.
<gchristensen>
3-2-1 suggests not putting all your eggs in the zfs basket
<gchristensen>
(but I did)
<philipp[m]1>
That is a very good argument.
<aleph->
Heh I can't even think of off-site backups for a 7TB dataset.
<aleph->
Looking at two months continuous easy for an initial snapshot
<philipp[m]1>
At this point you might just want to ship a few disks.
<aleph->
Eyep. I've taken to just rsyncing files to two externals from my torrent host before they even make it to my nas
<cole-h>
gchristensen: I'm currently hacking on a zrepl module (using the one we've previously looked at as a base). Don't have much free time atm, but I think I'll be able to at least have a PR around Monday
<cole-h>
Just FYI
<gchristensen>
if you do, that is wonderful, znapzend has taken down hydra 2x this week
<cole-h>
Yep, that's what prompted this adventure :P
<cole-h>
To that end: is there an easy way to use a systemd unit from an upstream package?
rajivr has quit [Quit: Connection closed for inactivity]
<philipp[m]1>
aleph-: rsync is great. At my job I just rsync all the critical data to the offsite backup into a zfs data set every day and then snapshot it. Works from all systems (except windows I think but that isn't a concernn for us), it is reasonably fast, has very low complexity and is easy to monitor.
kraem has quit [Read error: Connection reset by peer]
<aleph->
Eyep.
<philipp[m]1>
Also shout out to rrsync.
kraem has joined #nixos-chat
kcalvinalvin has quit [Quit: ZNC 1.7.4 - https://znc.in]
kcalvinalvin has joined #nixos-chat
<cole-h>
Ah, I think I'm looking for `systemd.packages`
<philipp[m]1>
One day I will figure out a better scheme to generate ipv6 addresses than hexdumping /dev/urandom but this day is not today.
lejonet has quit [Ping timeout: 256 seconds]
cole-h has quit [Ping timeout: 272 seconds]
<supersandro2000>
rmcgibbo[m]: would it be feasible for the bot or hammering to check for common lib and devs files and suggest adding outputs for them?
<ehmry>
philipp[m]1: I use this sometimes `seed: concatStringsSep ":" (map (i: builtins.substring (4 * i) 4 (builtins.hashString "sha256" seed)) [ 0 1 2 3 ])`
<rmcgibbo[m]>
Like splitting /include and /lib into separate output drvs?
<ehmry>
deterministic ipv6 addresses are nice if you have a bunch of machines, because then you can populate /etc/hosts and authorized keys in a convergent way
<rmcgibbo[m]>
supersandro2000: Maybe we should make a new project (or a new mode inside hammering) where it takes as input the /nix/store directory of a built package and runs checks on the logs or the final derivation and reports its results in the same json format as hammering?
<gchristensen>
-> -dev please :)
<rmcgibbo[m]>
sry -- will move to dm
<gchristensen>
oh no please keep it in public, it is interesting!
<rmcgibbo[m]>
:) kk
waleee-cl has joined #nixos-chat
<philipp[m]1>
ehmry: I actually have a small kresd for internal name resolution but deterministic IPs would make it easier to maintain it.
<ehmry>
philipp[m]1: I figured that out trying to do address allocation in a hackspace with multiple people adding and removing machines
<philipp[m]1>
ehmry: ++
lejonet has joined #nixos-chat
<aleph->
Alright I am really hating nixops wrt to some upgrades. Seems no tables can be found in my pg server unless I roll back from nixOS unstable. Grumble
<srk>
stateVersion?
monsieurp has quit [Ping timeout: 246 seconds]
monsieurp has joined #nixos-chat
monsieurp_ has joined #nixos-chat
<adisbladis>
Thank the gods for pulseaudio/pulseeffects
<adisbladis>
I don't know how people do calls without them
<supersandro2000>
with windows
<adisbladis>
I meant the ability to apply filters to the output
<adisbladis>
To remove sibilance and other noise that makes my head hurt
monsieurp has quit [Quit: Lost terminal]
monsieurp_ has quit [Quit: Lost terminal]
<adisbladis>
Afaik windows doesn't have that, at least not out of the box
monsieurp has joined #nixos-chat
<energizer>
not knowing anything about audio, there is a missing feature in pulseeffects: figure out what filter needs to be applied to this audio
<adisbladis>
energizer: Yeah.. I know just enough to use it.
<adisbladis>
But I think the bar graphs at the top help a bit with just eyeballing it, at least the frequence response
<adisbladis>
But I'm also one of those audiophiles who are pretty good at guesstimating what needs to happen
<supersandro2000>
or you just turn down the person that makes weird noises
<adisbladis>
In this case I was just talking to one person
<adisbladis>
Turning down the volume doesn't help when it's background noise / movement
<adisbladis>
But applying a bit of filtering does
<adisbladis>
I find it strange that there is no software that's actually good at making calls
<adisbladis>
That actually makes a voice sound pleasing on the other end
<adisbladis>
It's always a super sibilant hot mess
<__monty__>
adisbladis: The trick is to be oblivious as to what sibilance is, BAM, never hear it ; )
<adisbladis>
That doesn't work for me :/
<adisbladis>
I wish it did
<aleph->
Ugh... okay what the heck is up with postgres in nixos 21.03pre. Completely unable to access my tt_rss db...
<aleph->
Hmm.
<rmcgibbo[m]>
anyone know if you can coax github gists to render ansi terminal color codes?
<adisbladis>
aleph-: Some statversion thing?
<adisbladis>
Did you bump your stateversion?
<adisbladis>
(you shouldn't)
<adisbladis>
Also this is more #nixos territory
<aleph->
Blah always in the wrong channel
<energizer>
rmcgibbo[m]: not sure that's possible, tho Github Pages is likely more flexible than gist
<rmcgibbo[m]>
or like a pastebin, maybe that's what i need.
<rmcgibbo[m]>
thanks. i'd prefer not to host my own tho
<hexa->
I maintain the pinnwand/steck pkgs and module in nixos, it's pretty easy to setup
<energizer>
those logs will get into gigabytes pretty quickly, not sure which pastebins are ok with that
<rmcgibbo[m]>
i could do my own s3+cloudfront, but if possible i'd prefer to just hand them off to someone else if there's a free service :P (which is why i'm currently uploading to gist.github.com, but i find the lack of color annoying)
<energizer>
on my pc /nix/var/log is 147M
<adisbladis>
925M /nix/var/log/ :3
<rmcgibbo[m]>
it's not that bad if i only upload logs from failing builds. but the people still demand ansi colors! :P
<supersandro2000>
rmcgibbo[m]: I would rather go the other way and filter them out with something like | sed -E "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g"
<rmcgibbo[m]>
:eyes explode:
<supersandro2000>
either we have working or none
<supersandro2000>
your emojis do not render on IRC 😂
<supersandro2000>
that sed should filter escape codes like \u001b[0
<energizer>
i hear github repos are limited to 100GB, and github pages could render them
<supersandro2000>
also there are certain build tools which do not recognize that we are headless and send you line clear characters and such
<supersandro2000>
and in the log you have 100 lines of garbage
<energizer>
but they'll probably send you an email before that
<supersandro2000>
maybe we should convert the logs to html and render the escape codes?
<adisbladis>
That sounds terrible
<energizer>
adisbladis: how far back? find /nix/var/log -type f -printf '%T+ %p\n' | sort | head -n 1
<adisbladis>
Couldn't you curl the output if you want to render colours?
<samueldr>
finally, managed to reduce the complexity of my issue to a simple thing I can test on a computer without the need to push a boot image to a device, and do some annoying incantation to get the output!
<supersandro2000>
rmcgibbo[m]: rawgit is shuting down and does not allow new pastes