<yorick>
but it took a while to figure out the signature check thing
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
evils has quit [Quit: Lost terminal]
evils has joined #nixos-dev
evils has quit [Remote host closed the connection]
evils has joined #nixos-dev
<puzzlewolf>
Could someone please invite me to the maintainer team? I didn't have 2FA on yet when my 2 packages were merged, so i guess the automatic invite didn't trigger.
drakonis has joined #nixos-dev
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos-dev
<LnL>
it runs periodically so should eventually happen automatically AFAIK
<LnL>
unless it wasn't enabled again after the github api issues
evils has quit [Quit: Lost terminal]
<puzzlewolf>
it has been a couple of weeks. The criteria are 2FA + maintainer of a package, right?
orivej has quit [Quit: No Ping reply in 180 seconds.]
drakonis has joined #nixos-dev
orivej has joined #nixos-dev
<clever>
puck: ooo, fancy!
drakonis_ has quit [Ping timeout: 272 seconds]
<cole-h>
puck: So, probably dumb question -- how do I try it out? I'd guess I would need to enable Plymouth and point my system's nixpkgs to your PR... Anything else?
<cole-h>
(Though I don't think my testing will really help out, since it's another ZFS setup :P)
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
nschoe has quit [Ping timeout: 256 seconds]
<puck>
cole-h: yeah, enable plymouth and run the PR, and see if it asks for your ZFS password during boot, etc etc
orivej has quit [Ping timeout: 256 seconds]
justanotheruser has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
drakonis has quit [Ping timeout: 260 seconds]
abathur has quit [Quit: abathur]
drakonis1 has joined #nixos-dev
drakonis has joined #nixos-dev
nschoe has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
abathur has joined #nixos-dev
orivej has joined #nixos-dev
justanotheruser has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
<flokli>
puck: is there any zfs crypto integration in systemd?
<flokli>
which brings a zfs-mount-generator, that should at least take care of the mounts
<puck>
right, i'm using a small module from edef for that
<flokli>
zfs needs some love to nicely integrate with all of that
<flokli>
especially if we want to get rid of more of the shell stuff in the early stages
<cole-h>
puck: Slightly related, but do you do anything about ZFS's block scheduler? I was reading a post the other day that suggested the kernel param `elevator=none`, but that doesn't work anymore... Should I be worried that it's using mq-deadline?
<puck>
i don't do anything, no
orivej_ has quit [Ping timeout: 265 seconds]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
abathur has quit [Quit: abathur]
orivej has joined #nixos-dev
justanotheruser has quit [Ping timeout: 272 seconds]
<julm>
for ZFS (which has its own I/O scheduler) and SSD I'm using services.udev.extraRules = ''ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="none"''
andi- has quit [Ping timeout: 260 seconds]
<cole-h>
Is there a way to match udev rules by a path, e.g. `/dev/disk/by-id/ata-....`?
<cole-h>
I feel like that would be a better approach, to not mess with potentially non-ZFS SSDs
<julm>
AFAIK none is good for SSD too, it's on hdd without ZFS that mq-deadline can help (to be checked)
<julm>
cole-h: I guess you have to match on fields returned by udevadm info /dev/your/path
<cole-h>
DEVLINKS= appears to have it, so I could just `DEVLINKS=="*/dev/disk/by-id/ata-....*"` maybe
<julm>
or match on ID_PATH?
<cole-h>
Is that the same across machines, though? I wouldn't think so, since it refers to pci
<LnL>
but yeah I don't use legacy except for the store, etc.
<emily>
cole-h: maybe we should just install udev rules for each zfs mountpoint in nixos to disable the kernel scheduler
<emily>
in nixos upstream I mean
<cole-h>
julm: I read that ZFS sets the IO elevator to noop, but only if it's given the whole disk. I have a boot and swap partition separately from the ZFS partition
justanotheruser has quit [Ping timeout: 260 seconds]
<emily>
cole-h: FWIW I have ID_FS_TYPE=zfs_member
<emily>
for my zpool partition
<emily>
mightn't it be as simple as ACTION=="add|change", ID_FS_TYPE=="zfs_member", ATTR{queue/scheduler}="none"?
<cole-h>
Weird, I don't.
<emily>
(er, maybe that needs an ENV{...})
<emily>
cole-h: huh. wonder if I'm on a newer zfs (nixos unstable)
<cole-h>
:P I'm also on unstable
<emily>
curious to see what you're running, the output, and the relevant mountpoint config
<cole-h>
But I'm not using `boot.zfs.enableUnstable` -- maybe that's it?
<cole-h>
Ahhhh, I was pointing it at the whole disk
<cole-h>
lol
<emily>
then it seems you're fine :D
<cole-h>
Pointing it at the ZFS parition I do indeed see `ID_FS_TYPE=zfs_member`
<emily>
that's good, it means it shows up exactly when we need to set the scheduler
<cole-h>
And yeah, it would be `ENV{ID_FS_TYPE}=="zfs_member"` then
<cole-h>
LnL: So you only do `zfs create -o mountpoint=legacy tank/local/nix` and `zfs create tank/.../...` for everything else?
<emily>
(now I'm wondering if there's any performance penalty from having a catch-all ENV{...} rule for all device changes like that and if I should filter it down further...)
<edef>
ooh, that's a cool trick
<julm>
however the ID_FS_TYPE is on a partition of the disk like /dev/sda1, but the elevator can only be set on the disk like /dev/sda
<LnL>
cole-h: yeah just /, nix store, nix db and persistent etc
<julm>
so the udev rule may be more involved
<cole-h>
julm: Oh... huh...
<LnL>
cole-h: stuff like home and state directories of other services are just regular datasets
<cole-h>
LnL: So, for /, /nix, /var, and /media, you would have it be legacy (basically anything top-level), but anything under root you wouldn't specify the mountpoint, right?
<LnL>
not everything toplevel, just stuff that's needed during early boot
orivej has quit [Read error: Connection reset by peer]
<cole-h>
Oh OK. So /media, where I have my NixOS ISOs, could probably be auto-mounted.
orivej has joined #nixos-dev
<emily>
julm: could do RUN+= with something writing to /sys, I guess, but that's kind of gross
<cole-h>
How do you get the sys path for that disk's scheduler though?
<emily>
well, udevadm info -q all -a already traces it back, we just need to replicate similar logic in the shell
<emily>
it'd be nicer if there's a way to do it in udev proper but I have zero udev-fu so I have no idea if you can propagate something up to a parent device like that
<cole-h>
Oh, OK. That sounds kinda grungy :P
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
justanotheruser has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej_ has joined #nixos-dev
orivej_ has quit [Ping timeout: 272 seconds]
orivej has joined #nixos-dev
cole-h has quit [Quit: Rebooting]
cole-h has joined #nixos-dev
<cole-h>
puck: So, I just tried out your PR. When I got to the plymouth screen and started entering my tank's password, it started flickering between the TTY password prompt and the plymouth password prompt. Could this be because I load nouveau in stage 1?
<puck>
bleh, that shouldn't matter
<puck>
the flickering sounds like keypresses aren't being handled
<puck>
does this happen without my patches?
<puck>
and do you have a wonky console parameter
<puck>
.. oh right, no typing in plymouth before this
<asbachb>
"Do not configure client certificates unless you must present client TLS certificates to one or more servers. Client certificates are not usually needed, and can cause problems in configurations that work well without them." http://www.postfix.org/postconf.5.html#smtp_tls_cert_file
<{^_^}>
#88817 (by asbachb, 18 seconds ago, open): Server certificate is used as client certificate too
drakonis1 has quit [Ping timeout: 256 seconds]
<cole-h>
asbachb: I'd rename the issue to say "postfix: Server certificate..."
<asbachb>
cole-h: You're right.
drakonis1 has joined #nixos-dev
<cole-h>
puck: I'm gonna try without setting nouveau early, see what happens.
<puck>
okay!
cole-h has quit [Quit: Rebooting]
cole-h has joined #nixos-dev
<cole-h>
puck: Yes indeed. Commenting out `boot.initrd.kernelModules` fixed it.
<puck>
mm
<cole-h>
No flickering at all
<puck>
hrmm
<puck>
i'll try it out with a nouveau card later i guess? sorta confused why amdgpu'd not cause it tho, if it was that
<puck>
you're UEFI-booting, right?
<cole-h>
Yep
<puck>
yeah, same here
<puck>
tho, i have set it up to do smooth graphics takeover, so my bootloader has a timeout of 0
<cole-h>
Wait what
<cole-h>
I didn't comment out initrd.kernelModules?????
<cole-h>
Um what
<puck>
oh haha
<puck>
in that case, shrug, transient error
* cole-h
reboots again
cole-h has quit [Client Quit]
nschoe has quit [Ping timeout: 272 seconds]
cole-h has joined #nixos-dev
<cole-h>
puck: OH I KNOW WHAT HAPPENED
<puck>
mm?
<cole-h>
puck: So I have my passphrase as 12345678 cuz this is a test system, right? I was trying to enter it with my numpad. Without numlock. So it would switch between TTY and plymouth every time I hit a numkey
<puck>
.. haha
<puck>
so user error :D
<cole-h>
So my passphrase would be ^[[F^[[6~^[[H instead of 12345678 (and I guess when plymouth sees an escape it switches to TTY?)
<puck>
yes
<puck>
exactly
<cole-h>
loooool
<puck>
indeed
<cole-h>
It's pretty fancy how it shows plymouth on shutdown/reboot as well
<cole-h>
A question, though: is it possible to make the wheel keep spinning during the passphrase prompting thing? As it stands, it stops once the prompt appears.
<cole-h>
A real minor thing, but would be nice :P
<puck>
i think it is possible
<puck>
add --dont-pause-progress to ask-for-password
<puck>
i'm also working on a small commit that updates plymouth to the master branch, which gets you seamless "flicker-free" boot on intel integrated GPU systems at least
<cole-h>
Fancy
<puck>
mostly since it can read the boot logo from an ACPI table and render it on-screen exactly the same way
<puck>
i'm not entirely sure having the progress bar / spinner continue while asking for password is a good default (i suspect nothing else does) -- it's a small patch to local nixpkgs otherwise :p
<cole-h>
Fair enough.
<puck>
i think i might want to add slightly better defaults to plymouth too from this
* cole-h
starts shopping for fancy Plymouth themes
<puck>
exactly :p
<puck>
the default spinner used in e.g. bgrt imo is not great looking
drakonis_ has joined #nixos-dev
drakonis1 has quit [Read error: Connection reset by peer]
drakonis1 has joined #nixos-dev
<cole-h>
puck: Once it's ready for primetime, feel free to re-request me for another look, but I think I'll be rocking this for the next while :D
<puck>
:)
drakonis_ has quit [Ping timeout: 272 seconds]
teto has quit [Quit: WeeChat 2.8]
orivej has quit [Ping timeout: 256 seconds]
orivej_ has joined #nixos-dev
orivej_ has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 265 seconds]
orivej has joined #nixos-dev
calbrecht has quit [Ping timeout: 272 seconds]
calbrecht has joined #nixos-dev
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
drakonis2 has joined #nixos-dev
drakonis1 has quit [Ping timeout: 240 seconds]
asbachb has quit [Remote host closed the connection]