<aanderse>
they only utilize local account, socket based authentication
<aanderse>
this works reasonably well for services
<aanderse>
@ScriptKiddi, among others, want to extend the ability to provision databases and database users
<aanderse>
my question is
<aanderse>
is the ability to provision mysql/postgresql users above and beyond the basics of what nixos can currently do something that people want in nixos?
<aanderse>
i know some people would say account provisioning is not the job of nixos
<aanderse>
so i'm just curious if people have opinions on that
<eyJhb>
I would have loved it, when I setup my MySql database
<eyJhb>
But also, the MySQL module seems broken when using MySql, and not MariaDB
<aanderse>
i came up with a reasonable implementation for mysql and included examples of how to use it in the linked PR
<adisbladis>
I think this also ties in to the discussion of platform tiers
<edef>
right now it's not clear how large changes like this work
<edef>
and ideally they'd be coordinated with release management
<samueldr>
gchristensen: he *has* to do it again
<samueldr>
:D
<edef>
we've probably got stuff like wayland-by-default way down the road and that'd definitely be more work than just a release manager's work
<adisbladis>
worldofpeace_: yy.mm
<samueldr>
YY.MM worldofpeace/worldofpeace_
<worldofpeace_>
thanks
<samueldr>
why change tradition? :)
<gchristensen>
edef++
<{^_^}>
edef's karma got increased to 6
<worldofpeace_>
edef: wayland-by-default is chosen by upstream?
<edef>
worldofpeace_: ?
<gchristensen>
we could push sway over i3, for example
<edef>
gchristensen: qyliss and i joked about writing a variant of the eternal september date program but by NixOS release
<gchristensen>
lmao
<adisbladis>
worldofpeace_: Well, if you enable a plasma desktop we should default to wayland
<adisbladis>
Ideally
<infinisil>
I wouldn't mind having branchoff at 1 February/August so the release can happen in March/September
<worldofpeace_>
eventually, WIP I believe
<edef>
early branchoff would be welcome yeah
<worldofpeace_>
I'd want a different branchoff date for sure
<adisbladis>
How much of the release manager work could be automated?
<adisbladis>
That's not currently automated
<samueldr>
some at release time
<samueldr>
there's a couple manual steps
<samueldr>
though done only twice yearly
__monty__ has joined #nixos-officehours
<edef>
i should probably get a better sense of what release manager duties feel like from the perspective of actually doing it
<edef>
(i'm on zoom as well, but typing because i have a hard time cutting into voice convos)
<gchristensen>
:)
<samueldr>
release management, as it is, shouldn't be about goals for a release, but wrangling the current sate, imo
<adisbladis>
nixpkgs subsystem maintainers ++
<gchristensen>
edef: want me to make space for you?
<infinisil>
samueldr: +1 to that
<edef>
shrug, i think this works for me right now
<gchristensen>
okay :)
<gchristensen>
(did I miss your hand, by chance?)
<samueldr>
like, not "wayland for 20.03", but "wayland ASAP" if desired
<samueldr>
no
<edef>
i don't know how to do the hand thing actually
<samueldr>
and whenever wayland by default lands in master, next release has it
<worldofpeace_>
edef: participants window raise hand
<manveru>
wayland has no nvidia support still, i think
<adisbladis>
manveru: "It depends"
<infinisil>
I really don't think we could get rid of x11 support anytime soon, maybe in 10-20 years
<adisbladis>
It's up to each compositor to implement eglstreams
<infinisil>
If at all
<edef>
fwiw i did not mean to push wayland-as-default as specific thing to like, plan or whatever
<gchristensen>
x11 is losing its last maintainer
<adisbladis>
Nah, no point in getting rid of x11 any time soon
<edef>
more in terms of "large, realistic overhaul" we've likely got coming soon
* adisbladis
is saying this as someone stuck on x11
<infinisil>
And neither x11 nor wayland is default. The default is nothing at all
<gchristensen>
+1
<edef>
thing-requiring-coordination
<samueldr>
my opinion is that big goals are tagential to release management; releases being a snapshot of a known state
<aanderse>
infinisil: mhm mhm, x will be here for a **long** time to come
<edef>
i'm very curious what usage numbers for stable look like
<samueldr>
my feeling from "known" users on irc, is maybe about half, but it's not necessarily representative
<edef>
like, i've never actually run nixos stable myself, i really don't have a sense of what using stable is like
<adisbladis>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 164
<infinisil>
edef: It's really just unstable without the occasional breakage, it shouldn't feel any more magical :P
<edef>
i think that makes a meaningful difference
xwvvvvwx has joined #nixos-officehours
xwvvvvwx has left #nixos-officehours ["WeeChat 2.6"]
<edef>
like, if you break compat in unstable, sure, you can do that twice, and you get to update release notes twice
ddima has joined #nixos-officehours
<edef>
but i think we oughta size up the release notes and actually figure out "are we delivering the fewest / least disruptive breaking changes we can"
<gchristensen>
aanderse: we moved on for now, and we'll try to get back to it after a PR revietw
* adisbladis
waves
<gchristensen>
thank you , adisbladis :)
<gchristensen>
oops did I miss your hand?
<samueldr>
view option -> fit to window in the green pill at the top if it's all weird for you too
<aanderse>
mmk. ok played around with mic, might work now... if time after i can talk
<gchristensen>
aanderse: thanks
<aanderse>
if mic doesn't work just move on though :P
<edef>
hmm. eternally unsure what PRs are worth pointing like two dozen eyeballs at
<aanderse>
i don't want to awkwardly hold things up
<gchristensen>
edef: a super cool thing about worldofpeace_ doing a review is they're really good about describing what is in their mind during the review
<gchristensen>
infinisil: I try to make them finish up on time so they are really predictable
<worldofpeace_>
everybody say love! 💓
<adisbladis>
This community <3
<worldofpeace_>
thanks for coming
<infinisil>
<3
<gchristensen>
<3
<adisbladis>
You're all remarkable people in the best possible way
<infinisil>
worldofpeace with the fancy emoji heart
<gchristensen>
that is super true
<worldofpeace_>
edef: my personal mission for the next hour. review your pr's :D
<worldofpeace_>
I gonna do it, beat my goal from last release on PR review
<edef>
that's like eight of 'em i popped out of my ~/src/nixpkgs/outbox today q=
<adisbladis>
worldofpeace_: Just a question.. When do you sleep?
<worldofpeace_>
adisbladis: I have a really powerful skill, and I told gchristensen about this, with not really needing rest. Just really long blinks sometimes and a deep breath
<adisbladis>
:O
<adisbladis>
Teach me your ways
<worldofpeace_>
y kno, maybe eat an olive
<adisbladis>
I eat plenty of olives
<adisbladis>
Doesn't really help
<samueldr>
long blink is only another word for sleep
<samueldr>
right?
<worldofpeace_>
adisbladis: Nixos Office Hours #8, worldofpeace's 48 stream let's do this
<worldofpeace_>
* 48 hour
<gchristensen>
zzz.gif
<adisbladis>
worldofpeace_: You're reminding me of one of my favourite tv programs when I was younger
<infinisil>
I've been thinking about streaming Nix stuff
<adisbladis>
They had that twice per year
<samueldr>
next stream, 48 hours of me failing to input the password for sudo
<gchristensen>
bahaha
<adisbladis>
You can really see how the program goes down hill over time :D
<adisbladis>
And the last few hours they basically just sit there
<samueldr>
tig
<samueldr>
oops
<worldofpeace_>
lol, NixOS office hours #9. Does worldofpeace need sleep? haha adisbladis, nice joking with you
<gchristensen>
I had half a thought of doing a special office hours at the conference
<gchristensen>
OH SHOOT
<gchristensen>
I had a really important announcement!
<infinisil>
gchristensen: Like stream some hackday stuff?
<gchristensen>
yeah
<infinisil>
That would be neat
<adisbladis>
gchristensen: What did you miss :O
<adisbladis>
Totally not office hour related, but I was inspired by http://retreat.mirage.io/ . I think we should have something similar once per year.
<gchristensen>
edef: I have a system here which runs obs and zoom, and it records and streams from that machine. it is a different machine from the one I actually use to participate
<edef>
right
<gchristensen>
interesting
<gchristensen>
youtube seems to not have saved the stream today. no matter. I have a copy of it.
<samueldr>
though youtube seems (again) quite weird, right now you're scheduled for 5:00 PM for office hours
<gchristensen>
interesting
<aanderse>
eyJhb: please let me know about broken mysql when you're around as I'd like to fix that asap
<gchristensen>
samueldr: that is weird, I can't find it
<eyJhb>
aanderse: I think it is basically if you do any provision thingy with it, that it breaks
* aanderse
thought we had nixos tests for that
<aanderse>
hmm
<eyJhb>
Aww, missed office hours.. :(
<eyJhb>
aanderse: I might be able to find the config later
<eyJhb>
But not sure if I still have the breaking thingy in it
<aanderse>
eyJhb: much appreciated if you can
* aanderse
runs nixos tests
<eyJhb>
I would pull it now, if it wasn't because they still have blocked outside SSH access to the server..............
<aanderse>
test does not test provisioning
* aanderse
slightly modifies and tests
<eyJhb>
Go go! I can see I have deleted the conflicting thingies
<eyJhb>
I think it is something with ensureUsers,ensureDatabsaes or something along those lines
<eyJhb>
Oh, where did rootPassword go? Might also be that
<gchristensen>
ensureUsers :(
<aanderse>
yeah root password nuked
<gchristensen>
`ensure*` is not nice for a declarative system
<aanderse>
#no-more-passwords-in-nix-store
<aanderse>
gchristensen: exactly
<eyJhb>
I think it might have been the rootPassword thingy
<aanderse>
the changes proposed are not declarative
<gchristensen>
-1
<aanderse>
they provision things on a best effort basis
<eyJhb>
But why no passwords in nix store? :(
<eyJhb>
=> pointing to a file
<aanderse>
gchristensen: what we currently do for "ensureUsers" works out reasonably well
<aanderse>
the account will be created, and the access will be granted
<aanderse>
it is very simple
<aanderse>
but yeah, extending ensureUsers the way described in this PR makes it very much so "best effort"
<aanderse>
much more room for things to go wrong, and become not so reproducible
<gchristensen>
IMO we shouldn't include options which are best effort like that
<aanderse>
hence my question if these changes are desirable for nixos :)
<aanderse>
and this is the type of feedback i was hoping for
<gchristensen>
cool
<aanderse>
i can use nixops deployment.keys to push sensitive mysql scripts to my boxes and create users that way
<gchristensen>
having an "ensureUsers" means later on we'll have a "ensureDeletedUsers" junk like chef and puppet do
<aanderse>
gchristensen: that sounds unimaginably terrible :D
<aanderse>
but ensureUsers for simple system accounts is something i continue to support as it makes modules which need a database much nicer, and generally doesn't cause problems ;-)
<aanderse>
gchristensen: please leave your opinion in the PR