sphalerite changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 19.03 released! https://discourse.nixos.org/t/nixos-19-03-release/2652 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html https://r13y.com | 19.03 RMs: samueldr,sphalerite | https://logs.nix.samueldr.com/nixos-dev
<gchristensen> installs out of the box
<gchristensen> easier to visually compare: http://gsc.io/2.1.3.png http://gsc.io/2.2.2.png
Guanin has quit [Remote host closed the connection]
psyanticy has quit [Quit: Connection closed for inactivity]
Drakonis has quit [Quit: WeeChat 2.4]
Drakonis has joined #nixos-dev
phreedom has quit [Quit: No Ping reply in 180 seconds.]
phreedom has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
Drakonis has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
callahad30 has joined #nixos-dev
ekleog has quit [Read error: Connection reset by peer]
ekleog has joined #nixos-dev
orivej has quit [Ping timeout: 245 seconds]
callahad3 has quit [Ping timeout: 245 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
orivej has joined #nixos-dev
FRidh has joined #nixos-dev
Jackneill has joined #nixos-dev
pie_ has quit [Ping timeout: 252 seconds]
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
teto has quit [Quit: WeeChat 2.5]
teto has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
psyanticy has joined #nixos-dev
Guanin has joined #nixos-dev
michaelpj has joined #nixos-dev
pie_ has joined #nixos-dev
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-dev
orivej has quit [Ping timeout: 258 seconds]
noonien has joined #nixos-dev
<zimbatm> the new issue templates are ready to be reviewed, let me know what you think: https://github.com/NixOS/nixpkgs/pull/64983
<{^_^}> #64983 (by zimbatm, 2 days ago, open): Update issue templates
FRidh has quit [Quit: Konversation terminated!]
justanotheruser has quit [Ping timeout: 244 seconds]
justanotheruser has joined #nixos-dev
Drakonis has joined #nixos-dev
orivej has joined #nixos-dev
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-dev
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
andi- has quit [Client Quit]
andi- has joined #nixos-dev
Drakonis has quit [Quit: WeeChat 2.4]
Drakonis has joined #nixos-dev
drakonis2 has quit [Ping timeout: 245 seconds]
<worldofpeace> jtojnar: lol, didn't realize you had a pr against grilo today and ended up finishing it https://gitlab.gnome.org/worldofpeace/grilo/tree/meson-fixes-finish
Drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-dev
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-dev
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
drakonis_ has quit [Ping timeout: 264 seconds]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
andi- has joined #nixos-dev
andi- has joined #nixos-dev
andi- has quit [Changing host]
andi- has quit [Client Quit]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
magnetophon has joined #nixos-dev
andi- has joined #nixos-dev
andi- has quit [Client Quit]
andi- has joined #nixos-dev
andi- has quit [Client Quit]
andi- has joined #nixos-dev
magnetophon1 has joined #nixos-dev
magnetophon has quit [Ping timeout: 245 seconds]
magnetophon1 is now known as magnetophon
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
Jackneill has quit [Remote host closed the connection]
<ghuntley> @andi- howdy!
<andi-> ghuntley: \o
psyanticy has quit [Quit: Connection closed for inactivity]
orivej has joined #nixos-dev
__monty__ has joined #nixos-dev
<andi-> Can I override a nixos module implementation? Current thought is to replace the systemd implementation with something different (e.g. noop)
<gchristensen> yeah! there is a way to disable modules I think
<tilpner> andi-: You *can* use disabledModules for that, but it's not quite the same
<andi-> that is per file?
<tilpner> Yes, it disables files
<andi-> I was hoping for `optins.systemd = mkForce …` :D
<gchristensen> maybe infinisil can help yo uout
<infinisil> Heloo
<infinisil> andi-: Can't do that I'm pretty sure
drakonis_ has joined #nixos-dev
<infinisil> disabledModules is your best bet
<andi-> I am actually asking for ghuntley since he tries to disable systemd or replace it with something that can work without systemd.
<infinisil> qyliss has been doing something like that some time ago, I'm pretty sure she just forked nixpkgs though, which seems like the best way
<gchristensen> hrm. that would be unfortunate
<infinisil> Would be cool to have an init system abstraction in nixpkgs :)
<{^_^}> #26067 (by copumpkin, 2 years ago, open): Make a service abstraction layer
__monty__ has quit [Quit: leaving]
<gchristensen> on one hand ... yes
<gchristensen> on the other hand, it would make it hard to take advantage of systemd properly
<gchristensen> on the third hand, it would be really good to find a way to make "nixos on wsl" work
<LnL> you might be able to get there by replacing the systemd implementation using disabledModules
<LnL> some of the problems of the abstraction layer remain however, since whatever you replace it with probably won't behave exactly the same
Drakonis has joined #nixos-dev
<gchristensen> I wonder what it means to be "NixOS" on "WSL" minus systemd.
<gchristensen> maybe a nix-wsl would be sufficient, like nix-darwin
<gchristensen> ghuntley: is it wrong to say "whistle"?
<infinisil> gchristensen: What systemd functionality are you thinking of that you couldn't take advantage of?
<infinisil> I'm not trying to say there is none, I'm just interesting in thinking how we could abstract them
<qyliss> I plan on getting s6 support in NixOS
<samueldr> dependencies in services, tmpfiles
<qyliss> I haven't had time to work on it for a while
<qyliss> But I'd like it to happen and do want to put the work in
<samueldr> not that those don't exist elsewhere, but making an abstraction layer means "dumbing" down to the most common features generally
<infinisil> Nice
<samueldr> and conversely, anything else having nice features systemd doesn't have means those features can't be part of the abstraction layer
<samueldr> and the abstracted features can also differ in subtly incompatible ways
<qyliss> You could still expose those outside the abstraction
<infinisil> Hm yeah..
<qyliss> Use the abstraction 80/20
<samueldr> yes, exactly
<qyliss> It's not going to be perfect, sure.
<Drakonis> doesn't nix have this exact same situation with osx support?
<qyliss> Or even musl support
<samueldr> at that point it's a balancing act
<qyliss> Not every package works with musl or Darwin out of the box, but lots do
<Drakonis> you can't use more linux features because osx support is a thing
<gchristensen> at that point, might as well just pretend to be the systemd thing
<samueldr> drakonis: not really, nix on macOS doesn't aim to build a _system_
<samueldr> it integrates with the system through nix-darwin, though that's external
<infinisil> qyliss: But the things outside the abstraction can't be used to implement necessary functionality. Only to give extra bonuses, like maybe a bit more sandboxing or so
<qyliss> Yeah
<infinisil> So it's not terribly useful imo
<qyliss> But I'd hope necessary functionality could be abstracted
* infinisil nods
<qyliss> Gentoo manages to support two inits
<qyliss> I haven't looked into how.
<qyliss> But you can choose OpenRC or systemd
<Drakonis> qyliss: its all compiled
<Drakonis> systemd support is mostly documented
<Drakonis> but the default assumption is still openrc
<samueldr> imo supporting more inits is good because of the general "monocultures are annoying" issue
<Drakonis> i ran systemd on gentoo once, it was mostly annoying
<qyliss> that too
<qyliss> I'm not saying it's going to be as convenient an experience as using systemd
<gchristensen> on the other hand, monoculture has benefits
<Drakonis> monoculture has its benefits like tightly coupling with kernel features
<LnL> gchristensen: that's a different story, but I would assume wsl needs a little more then what nix-darwin does since there's no host distro?
<samueldr> abstracting away could (maybe?) allow launchd integration to flourish better
<gchristensen> abstracting away could also make it much more difficult to add and secure services
<infinisil> samueldr: Ohhh
<gchristensen> it has pros and cons
<infinisil> samueldr: I remember launchd being a pain
<LnL> gchristensen: pulling apart the nixos base modules from the rest might be feasible
<Drakonis> adding and securing modules can always be done directly
<Drakonis> by avoiding the abstraction
<infinisil> gchristensen: If all inits default to fully sandboxed by default, I don't think that should be a problem
<gchristensen> how do you abstract away AmbientCapabilities, PermissionsStartOnly, etc.
<gchristensen> at somelevel, systemd unit files *are* the abstraction
<LnL> don't?
<LnL> the abstraction can generate stuff that works with every implementtation, but with modules the implementation details can still be overridden/extended
<infinisil> NixOS might have a pretty good advantage with our tests in getting multiple inits supported :D
<clever> LnL: one issue ive had with running nixos services in docker, is that it assumes users exist, and sudo works
<clever> postgres refuses to run as "root" (even if its in docker)
<clever> for "security reasons"
<clever> and the postStart requires a working sudo to drop root
<LnL> right, but that's complicated stuff which can't be defined with the common abstraction primitives
<infinisil> clever: Where is the user created?
<infinisil> Ah I was blind
<infinisil> nvm
<clever> LnL: we would need both the user creation logic, and the service backend, to work on say both systemd+linux and launchd+darwin
<clever> then you could just load postgresql.nix on a mac and it just work
<clever> and then runit and docker could have an alternative implementation, that creates passwd at build time, and lacks the tools to modify it at runtime
<Profpatsch> andi-: nlewo does that
<infinisil> We'd be kicking dockers butt if we get this working on linux, darwin and wsl
<LnL> yeah for example
<andi-> yep, that was my hope
<Profpatsch> andi-: He showed it to me today actually https://github.com/cloudwatt/nix-container-images
<Profpatsch> This replaces the systemd backend with s6 to run normal NixOS services in docker
<clever> Profpatsch: one min...
<clever> Profpatsch: https://gist.github.com/cleverca22/f3e54a2e0ade7e5f38a6ee4b20d83e14 and this uses runit to run nixos services in docker
<Profpatsch> clever: It’s just a gist …
<clever> Profpatsch: running nix-build on that default.nix (after applying the nixpkgs patch) will generate a docker image that contains the entire monitoring framework from iohk
<clever> grafana + prometheus + graylog + alert manager
<clever> line 5-32 is the nixos config
noonien has quit [Quit: Connection closed for inactivity]
<Drakonis> Profpatsch: run it with podman instead of docker
orivej has quit [Ping timeout: 268 seconds]
webster23 has joined #nixos-dev
orivej has joined #nixos-dev
<gchristensen> ghuntley: I'm getting the impression from the office hours that we should prioritize implementation of the "adding people to a read only team" a bit higher
<andi-> just read-only or the triage thingy?
<gchristensen> well the RFC was for read-only, but triage might be more appropriate for maintainerns
<samueldr> I'm on the case of the sd image being too big; blocking the advancing of the unstable channel
<samueldr> found the change that made the image a bit bigger, #64575
<{^_^}> https://github.com/NixOS/nixpkgs/pull/64575 (by pasqui23, 1 week ago, merged): nixos/xdg: add portal option
<samueldr> worldofpeace: do you have an idea of how this could default to true only when relevant?
orivej has quit [Ping timeout: 248 seconds]
<Drakonis> does the sd image have to be built along the unstable channel?
<samueldr> yes
<Drakonis> rather, i think i have phrased it badly
<worldofpeace> samueldr: this isn't the first time I think there was issues with xdg modules. let me see if I can find the lengthy discussion
<Drakonis> can it be built separately?
<samueldr> not really, because it's, in a way, an integration test of the system
<Drakonis> ah, okay.
<samueldr> it's known that a specific release builds the sd image correctly; if it cannot then it's not good to advance
<samueldr> (same with installer isos)
<worldofpeace> samueldr: but we won't be able to just change the default value for one xdg module. we'd have to do it for all of them
<gchristensen> Note that with the exception of https://github.com/NixOS/nixpkgs/blob/release-19.03/nixos/modules/config/xdg/mime.nix, none of the other ones actually increase the closure
<samueldr> portal brings in a bunch of gnomey stuff
<samueldr> I don'T have a really good visualization of the diff
<gchristensen> 601M closure size
<samueldr> in reality it ends up being less of an increase because of shared stuff
<gchristensen> interesting
<gchristensen> xdg-desktop-portal depends upon flatpak
<worldofpeace> can we do it on xserver.enable
<samueldr> what about wayland?
<gchristensen> xserver.enable & sway.enable? :P
<samueldr> what about swayless wayland? :)
<gchristensen> they're used to it
<Drakonis> portals are also needed for pipewire
<samueldr> :/ I think we don't have a good meaningful "I'm a teapot^W desktop" toggle :/
<gchristensen> imo we can just just disable it by default for now, nobody will lose any behavior
<Drakonis> but its not a hard requirement yet
<Drakonis> rather, its needed for some pipewire integration with wayland
<worldofpeace> yeah I'll submit a PR that just enables portals in the desktop manager modules
<worldofpeace> or maybe default from config.services.xserver.enable
<samueldr> so, a change to default it to false for now, and you handle re-toggling it to true?
<samueldr> it'd be nice to have a nixos-unstable advance, since it didn't eval for a small while due to infra issues
<Drakonis> it would be nice to have a pipewire module
<worldofpeace> I think there is drakonis
<Drakonis> but does it replace running pulseaudio?
<Drakonis> its supposed to be able to do that
<Drakonis> ah, it also replaces jack
<Drakonis> okay, so that's not available yet
<Drakonis> the module enables the socket but none of the other features, fair enough, then the portals already use it
<worldofpeace> actually I think this situation would be the same as with the gtk.iconCache module https://github.com/NixOS/nixpkgs/commit/80738ed9dc0ce48d7796baed5364eef8072c794d
<samueldr> maybe we can factor out something for those, that they can rely on?
<worldofpeace> are there still concerns about clousure size even if the module is enabled for x environments?
<samueldr> not really, AFAIK it's expected that graphical environments are a bit heavier by default
<samueldr> and portals are (I think) likely to be a good feature overall
<worldofpeace> well TBH it's a larger issue that would have to be dealt with outside of this one
<samueldr> yeah
<worldofpeace> yes portals give firefox native filechoosers
<samueldr> even without appimage or such, one dumb thing I ...
<samueldr> yes that
<worldofpeace> but we need to set the env var
<samueldr> I like how it leaves desktop environment things to a protocol instead of built into the software
<worldofpeace> ++
<samueldr> I was a user of ROX-Filer and the "DE" around if in the past, and I would have killed at the time to have all load/save dialogs work like the ROX ones
<worldofpeace> and this is for qt as well I think
<samueldr> started an eval on trunk-combined, hopefully everything's green
<worldofpeace> assuming we'll switch to conditioning on xserver after that's moved
<samueldr> you can do it whenever :)
<samueldr> it's already checked out a revision, and anyway as long as it's implemented so the sd image doesn't have the portals enabled, it shouldn't change a thing
drakonis_ has quit [Ping timeout: 250 seconds]