<{^_^}>
"# Expose the minimum required version for evaluating Nixpkgs\n\"2.0\"\n"
<infinisil>
Profpatsch: ^
phreedom has quit [Ping timeout: 260 seconds]
<infinisil>
globin_ niksnut rycee (who isn't here apparently) fpletz: RFC 42 discussion in a bit?
rycee has joined #nixos-dev
<rycee>
Hey, hey.
<infinisil>
:D
<rycee>
But no start for another 20 minutes?
<rycee>
Then there is time to go to the store :-)
<infinisil>
Yeah I'd say
<infinisil>
Unless somebody ( globin_ ?) has something else, I'll make a jitsi meeting for then
Jackneill has quit [Remote host closed the connection]
<rycee>
Anybody have idea of how difficult it would be to add a `removed` attribute to `mkOption`? With the idea of supporting e.g. `removed = !(versionAtLeast config.system.stateVersion "20.03")`. The option value could be `null` or something if the option removed.
<rycee>
Perhaps `removed = versionAtLeast config.system.stateVersion "20.03"` makes more sense :-)
<samueldr>
what should happen with documentation?
<samueldr>
the documentation doesn't have "a" stateVersion
<infinisil>
I think i announced it here, guess i'll send a mail next time
<infinisil>
Sorry, haven't done such planning before :)
<niksnut>
irssi only highlights messages for me if a line starts with "niksnut:"
<niksnut>
yeah mail is better :-)
<infinisil>
Ahh, I'll ping everybody like that next time then (plus mail)
<drakonis>
nodejs packages are automatically generated, right?
<drakonis>
if so, it appears i have found a issue with the generation script, it creates packages with .js and this causes nix-shell to flip out when trying to create an environment
<infinisil>
aanderse: Do you have any opinion on setting passwords with createLocally?
<infinisil>
Ah there's some more occurences with `CREATE ROLE` in miniflux, mattermost and gitlab
nbp has quit [Remote host closed the connection]
<gchristensen>
Nix shouldn't set passwords
nbp has joined #nixos-dev
<infinisil>
Huh why not?
<gchristensen>
the passwords end up in the store
<infinisil>
No I'd be using passwordFile
<infinisil>
And make sure that can't happen (unless the user explicitly puts it in)
<gchristensen>
ah
drakonis has quit [Quit: WeeChat 2.6]
<aanderse>
infinisil: most (probably all) modules don't support passwords with `database.createLocally`
<infinisil>
Yeah I noticed
<aanderse>
my opinion is that it wouldn't be as useful as one might think
<aanderse>
if the database is hosted locally then you should use a socket
<aanderse>
if the database is not hosted locally
<aanderse>
maybe you don't want nixos running your migrations for you...
<aanderse>
or provisioning your database, etc...
<aanderse>
unsure
<aanderse>
reasons i personally would run database on a separate server? performance
<aanderse>
if i'm dealing with something that has those sorts of performance requirements i'm not sure how often i'll want nixos managing things
<infinisil>
aanderse: I want to use a database both locally and remotely
<infinisil>
create it automatically locally
<infinisil>
I need a password so the remote end can access it
<infinisil>
But locally I can use socket auth
<aanderse>
yeah the youtube like app you were talking about right?
<infinisil>
Yup!
<infinisil>
Working on it again
<aanderse>
so in that case i think you're best to just go with createLocally, using socket....
<gchristensen>
(I'm still not sure about nixos setting credentials, since it is an imperative action and removing the user from the configuration doesn't remove it from the database)
<infinisil>
aanderse: Well but I still need a password
<aanderse>
then provisioning users via a separate script maybe
<aanderse>
** provisioning external users via a separate script maybe
<infinisil>
I don't want to use an imperative script just to have a service work
<infinisil>
I want `services.invidious = { enable = true; database.passwordFile = ...; }` all be needed to allow other machines to use the local database
<aanderse>
gchristensen: some day i come to boston area and you tell me about your thoughts on services.mysql.ensure* in detail :)
<gchristensen>
okay, but I'll have to also go to boston :P
<aanderse>
infinisil: i'll speak to mysql specifically right now... but those are 2 different users
<aanderse>
gchristensen: aren't you in boston area?
<infinisil>
Not sure what you mean by that
<gchristensen>
I'm actually in the farthest west part of the state
<aanderse>
infinisil: invidious@localhost is one user, which uses socket authentication. invidious@remoteIP is a second user, which uses password authentication
<aanderse>
those 2 separate users have half of their username the same... but they are not the same user
<aanderse>
so you're asking how you can provision 2 separate users
<infinisil>
And why would I want that instead of just a single user?
<aanderse>
i don't think database.* should ever create 2 separate users
<infinisil>
Yeah a single user should work just fine
<gchristensen>
aanderse: heh, that trivia about mysql users tripped me up *hard* a few years ago.
<aanderse>
the @ symbol isn't just for fun, it is important. a remote user can never authenticate as @localhost
<aanderse>
ever
<aanderse>
the @localhost or @remoteIP controls where the user must be
<aanderse>
gchristensen: yeah, i can't recall how other dbs do it because i've been so deep in mariadb/mysql land for the past 5-7 years...
<aanderse>
infinisil: so if you use socket authentication that user can never be accessed outside the local box, even if you set a password
<infinisil>
Oh and this is with mysql?
<aanderse>
yes
<infinisil>
invidious only works with postgresql
<infinisil>
But I guess that's something to consider for other services
<aanderse>
right. ok. i don't recall off the top of my head how postgres limits users
<aanderse>
i have only had to use postgres a couple times, and rarely as a sysadmin
<infinisil>
I think it should work, I'll just try it out with setting a password with `ALTER ROLE`
<ivan>
how do I get the hash for this on a linux machine?
<ivan>
error: a 'x86_64-darwin' with features {} is required to build '/nix/store/wq16nq31nk5q9imkqfkrg4sw584syjh4-VSCodium-darwin-1.40.2.zip.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test}
<clever>
ivan: run `nix-store --query --binding out` on the drv file
<clever>
if you just want its $out path
<ivan>
er, the hash for the source I mean
<ivan>
I'm bumping the version
<clever>
ivan: --query --binding urls, then
<clever>
and nix-prefetch-url
<ivan>
thanks clever
<clever>
perhaps with --unpack
<jtojnar>
worldofpeace have you seen "unable to login" with lightdm & elementary