kampfschlaefer has quit [(Ping timeout: 258 seconds)]
<p3ace>
well, turns out my kernel doesn't support user namespaces. imma try turning it on.
ambro718 has quit [(Ping timeout: 258 seconds)]
ugjka has quit [(Ping timeout: 260 seconds)]
Shou has quit [(Ping timeout: 246 seconds)]
frumpagumpus has joined #nixos
<frumpagumpus>
has anyone running gnome successfully connected hdmi cable on nixos?
frumpagumpus has quit [(Remote host closed the connection)]
takle has quit [(Remote host closed the connection)]
katyucha has quit [(Ping timeout: 250 seconds)]
katyucha has joined #nixos
goibhniu has quit [(Ping timeout: 245 seconds)]
plumps has joined #nixos
p3ace has quit [(Quit: Konversation terminated!)]
acertainkind has joined #nixos
plumps has quit [(Ping timeout: 260 seconds)]
zraexy has quit [(Ping timeout: 256 seconds)]
tmobile has quit [(Quit: leaving)]
markus1199 has joined #nixos
p3ace has joined #nixos
markus1189 has quit [(Ping timeout: 260 seconds)]
<p3ace>
ok, everything seems to be working fine with CONFIG_USER_NS=y
ilja_kuklic has quit [(Ping timeout: 260 seconds)]
stepcut has quit [(Remote host closed the connection)]
angerman has joined #nixos
stepcut has joined #nixos
<NixOS_GitHub>
[nixpkgs] sh01 opened pull request #20702: pkgs/tools/misc/less: Adjust version after disappearance of source package (master...fix_less) https://git.io/v1Jdv
stepcut has quit [(Ping timeout: 256 seconds)]
p3ace has quit [(Quit: Konversation terminated!)]
jmiven has quit [(Quit: co'o)]
frankpf has joined #nixos
jmiven has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
eacameron has joined #nixos
systemfault has joined #nixos
thc202 has quit [(Ping timeout: 240 seconds)]
herzmeister has quit [(Quit: Leaving)]
herzmeister has joined #nixos
frankpf has quit [(Quit: Leaving)]
lel_ has quit [(Quit: leaving)]
eacameron has quit [(Remote host closed the connection)]
stepcut has joined #nixos
stepcut has quit [(Remote host closed the connection)]
yegods has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] sh01 closed pull request #20702: less: Adjust version after disappearance of source package (master...fix_less) https://git.io/v1Jdv
<NixOS_GitHub>
[nixpkgs] sh01 opened pull request #20703: less: 483 -> 481: Use recommended upstream version since less-483.tar.gz has disappeared (master...fix_less) https://git.io/v1Jb1
stepcut has joined #nixos
stepcut has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] evfool opened pull request #20707: gnome-mines:update license to GPLv3 (master...master) https://git.io/v1UT8
johann__ has joined #nixos
jacob__ has joined #nixos
plumps has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh pushed 2 new commits to master: https://git.io/v1UTj
<NixOS_GitHub>
nixpkgs/master 205aecd Benjamin Saunders: matrix-synapse: 0.18.0 -> 0.18.4
<NixOS_GitHub>
nixpkgs/master 1b5e981 Frederik Rietdijk: Merge pull request #20705 from Ralith/matrix-synapse...
<NixOS_GitHub>
[nixpkgs] FRidh pushed 6 new commits to master: https://git.io/v1Ukf
<NixOS_GitHub>
nixpkgs/master 99e6b63 Carl Sverre: pycryptodome: init at 3.4.3
<NixOS_GitHub>
nixpkgs/master 555928c Carl Sverre: mutagen: 1.32 -> 1.34
<NixOS_GitHub>
nixpkgs/master 8602f82 Carl Sverre: gpsoauth: 0.0.4 -> 0.2.0
johann__ has quit [(Quit: Leaving.)]
ambro718 has quit [(Ping timeout: 252 seconds)]
civodul has joined #nixos
johann__ has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh pushed 2 new commits to master: https://git.io/v1Ukd
<NixOS_GitHub>
nixpkgs/master 18637d8 Frederik Rietdijk: magic-wormhole: move to python-packages...
<NixOS_GitHub>
nixpkgs/master 4f51481 Frederik Rietdijk: pythonPackages.pynacl: fix tests
cfricke has joined #nixos
FRidh has joined #nixos
arjen-jonathan has joined #nixos
rly has joined #nixos
<rly>
Does Hydra have a persistent queue?
<rly>
In the sense that when I have a cluster of Hydra machines, pull the plug out of *all* of them at the same time, but the plug back in and it will just restart whatever job it was running?
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to master: https://git.io/v1UIs
<NixOS_GitHub>
nixpkgs/master 841b195 Karn Kallio: ats2 : advance Postiats to version 0.2.12, which is the latest release.
<fpletz>
rly: yup, the queue is stored in postgresql
<rly>
fpletz: sure, but there is still a single point of failure then?
<rly>
fpletz: I am looking for a job scheduling system without such SPOFs.
<clever>
i have seen hydra glitch pretty weirdly when it ran out of disk space and cant update postgresql
<clever>
at one point, it claimed 4 jobs have been running for over 12 hours, when they had long since died
<fpletz>
rly: well, postgresql can be clustered and/or replicated, though I'm not sure if multiple instances of hydra-queue-runner and hydra-evaluator can be run with the same database
<clever>
the queue-runners would need to contact eachother and co-operate
<clever>
or the schema updated to allow a queue-runner you cant contact to claim a job
arjen-jonathan has quit [(Ping timeout: 258 seconds)]
<clever>
another tricky part, the queue-runner needs the .drv files to exist to start a job
<clever>
and those are made by the evaluator
<clever>
so it wouldnt be easy to fire up a job on the wrong host
<clever>
but nix-copy-closure does work on drv files
takle has joined #nixos
takle has quit [(Remote host closed the connection)]
takle has joined #nixos
amarsman_ has joined #nixos
amarsman has quit [(Ping timeout: 250 seconds)]
amarsman_ is now known as amarsman
plumps has quit [(Read error: Connection reset by peer)]
plumps has joined #nixos
plumps_ has joined #nixos
plumps has quit [(Read error: Connection reset by peer)]
plumps_ has quit [(Read error: Connection reset by peer)]
<NixOS_GitHub>
[nixpkgs] FRidh pushed 6 new commits to python3: https://git.io/v1Utq
<NixOS_GitHub>
nixpkgs/python3 04d3796 Frederik Rietdijk: gpodder: use python2
<NixOS_GitHub>
nixpkgs/python3 71f79f3 Frederik Rietdijk: wicd: use python2
<NixOS_GitHub>
nixpkgs/python3 c84c4bb Frederik Rietdijk: zim: use python2
<pierron>
zimbatm: unless you prefer us to copy over the rustPlatform packaging?
plumps has joined #nixos
dmi3y has quit [(Quit: dmi3y)]
Itkovian has quit [(Client Quit)]
<zimbatm>
pierron: fair enough :) I don't mind if you revert that commit
edvorg has joined #nixos
<LnL>
arjen-jonathan: I don't use channels
<the-kenny>
zimbatm: FIY: I just pushed my `direnv.el`. https://github.com/the-kenny/direnv.el - it's quite rough but it works fine for me. It basically automates applying direnv-environments to processes started from emacs (i.e. M-x compile, M-x run-python, etc)
<the-kenny>
zimbatm: heh, no I didn't. I'll have a look in a minute
<zimbatm>
any cross-polination possible?
<the-kenny>
ah direnv-el seems to change the global process-environment. I'm only changing it locally based on `default-directory` of `buffer-file-name`
<the-kenny>
else it looks quite similar
<the-kenny>
jml: I don't like melpa at all. Can't stand daily snapshots ;)
<the-kenny>
Maybe we should work together on one :)
echo-area has quit [(Remote host closed the connection)]
<the-kenny>
(I personally don't care which one)
iyzsong has joined #nixos
<jml>
ah, interesting technique. I didn't know about advice for start-process
<jml>
bbiab
Itkovian_ has joined #nixos
Itkovian has quit [(Ping timeout: 248 seconds)]
<the-kenny>
jml: Yeah, it's quite nice at it doesn't depend on any global state. It works quite well on my machine (and I didn't see any breakage from non-direnv-related stuff)
Shou has joined #nixos
ugjka has quit [(Ping timeout: 245 seconds)]
Lowl3v3l has quit [(Remote host closed the connection)]
JagaJaga has joined #nixos
akaWolf has quit [(Ping timeout: 268 seconds)]
takle has joined #nixos
cfricke has quit [(Quit: WeeChat 1.6)]
plumps_ has joined #nixos
plumps has quit [(Read error: Connection reset by peer)]
takle has quit [(Remote host closed the connection)]
Shou has quit [(Ping timeout: 244 seconds)]
takle has joined #nixos
c__ has quit [(Ping timeout: 245 seconds)]
plumps_ has quit [(Read error: Connection reset by peer)]
plumps has joined #nixos
MatrixBot_icetan has quit [(Remote host closed the connection)]
MatrixBot_icetan has joined #nixos
[0x4A6F] has quit [(Ping timeout: 260 seconds)]
[0x4A6F] has joined #nixos
filterfish has joined #nixos
MatrixBot_icetan has quit [(Remote host closed the connection)]
ugjka has joined #nixos
Shou has joined #nixos
plumps has quit [(Read error: Connection reset by peer)]
plumps has joined #nixos
__Sander__ has joined #nixos
arjen-jonathan has quit [(Ping timeout: 260 seconds)]
edvorg has quit [(Ping timeout: 265 seconds)]
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to master: https://git.io/v1U4j
<loskutov>
Hi everyone! I'm trying to learn how buffer overflow works and exploit it in a simple program. Unfortunately, glibc doesn't let me overflow the buffer, as it substitutes the string functions with checked ones. Is there a way to disable this behaviour?
<NixOS_GitHub>
[nixpkgs] sh01 opened pull request #20711: less: 483 -> 481: Use recommended upstream version since less-483.tar.gz has disappeared (release-16.09...cp_fix_less) https://git.io/v1U2G
<loskutov>
clever: thank you so much, will try it :)
<clever>
loskutov: there is also a NIX_DEBUG=true; you can add to a derivation, which will tell you when stuff like overflow protection is being enabled
IITaudio has quit [(Quit: Leaving)]
<mbrgm>
is there a way to add an entry to the generated grub kernel cmdline? specifically, I want to enable a serial terminal, which usually do by adding `serial=ttyS0` to the kernel cmdline.
<ixxie>
is there a config option for which is the default browser?
Shou has joined #nixos
frankpf has joined #nixos
plumps_ has joined #nixos
plumps has quit [(Ping timeout: 250 seconds)]
ben_____ is now known as \ben
johann__ has joined #nixos
amarsman has joined #nixos
lverns has joined #nixos
Shou has quit [(Ping timeout: 248 seconds)]
asymmetric has joined #nixos
nh2_ has joined #nixos
<zimbatm>
ixxie: one option is to `export BROWSER=firefxo` in your ~/.xsession
sdothum has joined #nixos
plumps_ has quit [(Ping timeout: 260 seconds)]
<rly>
Does anyone have a nix expression for always running the very latest aws cli tools?
<rly>
The only version which matters in a cloud context during development is the very latest one, at least for what I am doing.
plumps has joined #nixos
Shou has joined #nixos
<avn>
rly: override awscli and botocore src with new git hashes and rebuild each day? ;)
johann__ has quit [(Quit: Leaving.)]
<rly>
avn: there is also "aws". Is that the old version?
<avn>
rly: idk, but if you need `git head` version, it can be option.
greymalkin has quit [(Ping timeout: 248 seconds)]
<rly>
avn: I think the one in master is already good enough. I have that available as <my-nixpkgs>. How do I then replace the symbol awscli by something relative to that that particular path?
<rly>
s/that that/that
zagy has quit [(Read error: Connection reset by peer)]
<avn>
rly: I haven't example myself, but pinning arbitrary set of packages to specific nixpkgs revision was posted in few channel few times. I myself prefer a bit curated version of master myself.
<rly>
avn: I just read the manual and also was able to do it.
<rly>
That's always a good sign.
<rly>
Let's hope it works :)
<rly>
Yes, it did. How nice.
<rly>
I could even set it up such that I could test with every aws client ever created by Amazon. That's pretty sick.
<rly>
Not that I need it, but still nice.
Shou has quit [(Ping timeout: 256 seconds)]
Shou has joined #nixos
ugjka is now known as blitter_monist
<NixOS_GitHub>
[nix] layus opened pull request #1140: Get rid of unicode quotes (master...remove-unicode-quotes) https://git.io/v1Uym
nh2_ has quit [(Quit: Leaving.)]
<NixOS_GitHub>
[nix] domenkozar closed pull request #1140: Get rid of unicode quotes (master...remove-unicode-quotes) https://git.io/v1Uym
loskutov has quit [(Ping timeout: 260 seconds)]
asymmetric has quit [(Ping timeout: 246 seconds)]
nh2_ has joined #nixos
katyucha has quit [(Quit: leaving)]
MercurialAlchemi has quit [(Ping timeout: 260 seconds)]
Shou has quit [(Ping timeout: 250 seconds)]
lverns has quit [(Ping timeout: 260 seconds)]
johann__ has joined #nixos
iyzsong has quit [(Quit: bye!)]
ebzzry has joined #nixos
Shou has joined #nixos
rly has quit [(Ping timeout: 250 seconds)]
* lonokhov
has just optimized haskell executable closure size from 2500Mib to 44 MiB
<clever>
lonokhov: sweet
<the-kenny>
ohh nice
<civodul>
interesting, we are at 1.3G in Guix
<lonokhov>
yeah. had to drop `ekg` though.
<clever>
lonokhov: one area i ran into, which may not be fixed yet, is with multiple outputs
<clever>
lonokhov: for example, the jquery package (a haskell library that just returns the path to jquery.js on-disk)
<clever>
lonokhov: that jquery.js path, is in the same output as the .so files(which depend on ghc), but the .so files got staticly linked and arent needed
<lonokhov>
clever: yeah, that's the reason I dropped ekg
<clever>
so it only needs a single <500kb js file, but depends on the entirety of ghc
<clever>
what does ekg do?
<lonokhov>
clever: server monitoring data. Useful stuff
<lonokhov>
ekg-core has counters and gauges. and ekg is a server which draws pretty graphs
<clever>
not sure how that effects the above issue, are your fixed on master yet?
odi` has joined #nixos
frankpf has quit [(Ping timeout: 258 seconds)]
<lonokhov>
clever: ekg has some data, and uses cabal generated Paths_ekg module which has path to ekg library, with .so and .hi and all that. So my executable imports ekg library and even static linking does not help
<steveeJ>
has anyone attempted to run theforeman on nixos? it seems very difficult because all the installation/configuration logic is in the puppet-based foreman-installer
<clever>
lonokhov: the only fix i can see here, is to split lib, doc, and share into multiple outputs on js-jquery, and patch the share path it returns to the runtime
<clever>
lonokhov: yeah, thats pretty tiny compared to what i currently have
<lonokhov>
clever: Well, ./Setup.hs has a --datadir arg. Idk how such overloads are done right now. But it should be possible to add an option to generic-builder.nix without breaking backwards compat
<clever>
arjen-jonathan: and the area starting at line 464
<arjen-jonathan>
Ah so basically just add n systemd."worker@name" entries
tomb has joined #nixos
<clever>
arjen-jonathan: looks like you make a "worker@foo" that only has things like wants on it, then another "worker@" service, that has the start scripts
<clever>
and systemd will fill in %i with foo
<arjen-jonathan>
K, thanks!
ebzzry has quit [(Ping timeout: 256 seconds)]
eacameron has joined #nixos
ThatDocsLady has quit [(Ping timeout: 246 seconds)]
ThatDocsLady has joined #nixos
yegods has joined #nixos
rly has quit [(Ping timeout: 256 seconds)]
eacameron has quit [(Remote host closed the connection)]
plumps has joined #nixos
johann__ has joined #nixos
dmi3y has quit [(Quit: dmi3y)]
Shou has quit [(Ping timeout: 256 seconds)]
eacameron has joined #nixos
derjohn_mobi has quit [(Ping timeout: 252 seconds)]
<NixOS_GitHub>
[nixpkgs] primeos opened pull request #20717: sks: init at 1.1.6 (master...sks) https://git.io/v1UN3
blitter_monist is now known as UgJkA
herzmeister has quit [(Quit: Leaving)]
angerman has quit [(Quit: Gone)]
herzmeister has joined #nixos
mizu_no_oto has joined #nixos
mizu_no_oto has quit [(Remote host closed the connection)]
eacameron has quit [(Ping timeout: 250 seconds)]
Shou has joined #nixos
lonokhov has quit [(Quit: leaving)]
mizu_no_oto has joined #nixos
plumps has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
xadi has joined #nixos
jgertm has quit [(Ping timeout: 256 seconds)]
Shou has quit [(Ping timeout: 268 seconds)]
herzmeister has quit [(Quit: Leaving)]
herzmeister has joined #nixos
JonReed has joined #nixos
<JonReed>
Hi, wasn't there some tool to search nix packages instead of using "nix-env -qaP"
<JonReed>
that was faster and better
<JonReed>
CLI tool
<the-kenny>
nox
<JonReed>
ah
<JonReed>
thx, that's it
tomb has quit [(Ping timeout: 258 seconds)]
tomb has joined #nixos
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<clever>
JonReed: there is also nix-repl
Fare has quit [(Quit: Leaving)]
derjohn_mobi has joined #nixos
<IITaudio>
clever: wow. *That's* strange
<steveeJ>
I've been thinking. if we ever want to be able to switch from systemd to something else, the modules/application structure needs an intermediate layer from which the service files can be generated
rly has joined #nixos
Lowl3v3l has joined #nixos
filterfish_ has quit [(Read error: No route to host)]
__Sander__ has quit [(Quit: Konversation terminated!)]
johann__ has quit [(Quit: Leaving.)]
<steveeJ>
I've been reluctant to open an issue because I can't possibly be the first one to mention this. is anyone aware of an issue covering the topic?
Lowl3v3l has quit [(Remote host closed the connection)]
<clever>
steveeJ: part of the problem, what do you do with options like ReadWriteDirectories or PrivateTmp and PrivateNetwork
<clever>
steveeJ: not all init systems have those, and the security of some services depends on them, so now you need to re-implement sections of systemd, and use custom wrappers to launch things
<clever>
steveeJ: if you run nix-build on this, you get an executable that starts postgresql, and obeys all of the service config setup in nixos, including the pre/post start/stop
Lowl3v3l has joined #nixos
<clever>
though it probably doesnt cover the special cases i initialy mentioned
<steveeJ>
acn you point me to the perl script? it's not obvious to me
<steveeJ>
clever: thanks. so this thing wraps a systemd service run in perl
<clever>
yep
<clever>
i think its meant for testing the service on nixos, but it can also be abused to run the service on another distro
Lowl3v3l has quit [(Client Quit)]
bin7me has quit [(Remote host closed the connection)]
arjen-jonathan has quit [(Ping timeout: 252 seconds)]
<clever>
steveeJ: in theory, that could be rewritten in c++, then have mount and user namespaces added to it, to cover all of the other systemd features
<clever>
steveeJ: and then just have other init systems run the wrapper, when unsupported features are detected
<steveeJ>
clever: I'd prefer a neutral list of features and translators
<steveeJ>
but I'm aware that it's quite some initial work to start with all systemd features that are in use in the modules
yodeler has joined #nixos
<steveeJ>
clever: if you were to implement this in C++ you would create another service manager, that's not exactly what I would suggest
civodul has quit [(Quit: ERC (IRC client for Emacs 25.1.1))]
<clever>
steveeJ: yeah, to cover the missing features, you would almost need to do that, it would become a thin wrapper between the host init system, and the service, that translates kill -int to ExecStop
<steveeJ>
clever: I was thinking of a mere translator *for* the respective host init system. if it misses a feature, the translator will simply drop the requested feature (with a warning/error if we would want so)
arjen-jonathan has joined #nixos
akaWolf has joined #nixos
<clever>
that would also be possible
amarsman has quit [(Quit: amarsman)]
<steveeJ>
it would be clean. if you wanted to implement another service manager (we might have misaligned definitions on init/service system/manager), I will surely not stop you ;-)
<steveeJ>
the line between init system and service manager is probably system configuration, but that is very interconnected in systemd AFAICT
<steveeJ>
e.g. networking, hostname, etc.
tomb has quit [(Ping timeout: 246 seconds)]
johann__ has joined #nixos
<clever>
and now ive lost video on the main system
<steveeJ>
clever: I don't follow :-O
<clever>
i unplugged the 3rd monitor to shuffle the wires around, and the other 2 monitors went dead
<steveeJ>
okay clearly unrelated to the discussion. if you're using an intel gpu, sometimes I have to enable 1, then 2, then the third one
<clever>
amd, and i have no easy way to control it when blind
ThatDocsLady has quit [(Quit: Arma-geddin-outta-here!)]
<steveeJ>
clever: will the VT switch one on at least?
<steveeJ>
if you have ssh access you can run xrandr using DISPLAY=:0
<clever>
running "chvt 1" over ssh causes the monitors to loose signal and re-obtain it
<clever>
but it doesnt give a tty
<clever>
no effect from xrandr --auto
tomb has joined #nixos
dannyg has quit [(Quit: dannyg)]
<steveeJ>
clever: don't you still have to give it a display?
<musicmatze>
don't you think there are more good use cases? :-)
<musicmatze>
ah, nice!
<musicmatze>
thx
athan has joined #nixos
<joepie91>
musicmatze: I'm sure there are, but IPFS is completely unsuitable for most usecases that people come up with, because people don't generally have a good idea of what guarantees IPFS does and doesn't provide
<joepie91>
(or the complexity of distributed systems for that matter)
<musicmatze>
that might be true, yes.
<musicmatze>
I'm currently playing with it and I cannot think of a usecase for me from the top of my head...
<joepie91>
musicmatze: for example, a frequently returning suggestion is to replace <package manager registry> with IPFS based on some mistaken notion that data on IPFS is persistent and automagically kept around like on Freenet
<joepie91>
which... well, it isn't :)
<musicmatze>
joepie91: as far as I understand, data vanishes if hosts vanish, am I right?
<joepie91>
and it can actually make availability worse because no single party feels responsible for the persistence of the data anymore
<joepie91>
musicmatze: correct
<joepie91>
musicmatze: IPFS is basically torrents in filesystem format
<musicmatze>
but it is non-mutable in IPFS (as it is in the nix store, same concept, basically)
<joepie91>
mostly the same technical properties apply
<joepie91>
musicmatze: well, same goal
<joepie91>
the Nix store isn't immutable from a technical perspective
<joepie91>
you *can* mutate, you're just not supposed to
<joepie91>
whereas in IPFS it's enforced cryptographically that you don't mutate
<joepie91>
(without creating new chunks)
<musicmatze>
ok
odi` has quit [(Ping timeout: 248 seconds)]
<joepie91>
anyhow, I think IPFS is very interesting tech that's very useful for a number of usecases, especially in terms of accessibility
<joepie91>
but I also think it's overhyped and unsuitable as a primary store for data
<joepie91>
it's more distribution than storage
<joepie91>
which makes it good for eg. a Nix binary cache
<joepie91>
because that can be reproduced anyway
<musicmatze>
... so exactly what nix channels are supposed to be, right?
<joepie91>
so even if all data is lost, no big deal, you just reproduce it
<joepie91>
by re-running the builds
<musicmatze>
because nix is a source-based deployment mechanism in the first place, and binary substitution is only an optimization...
<joepie91>
musicmatze: Nix channels are just repo branches really
<joepie91>
musicmatze: what you'd use IPFS for would be the binary caches
<joepie91>
which are 100% separate from the rest of Nix really
<musicmatze>
yep, that's what I thought of
<joepie91>
no relation to channels
<joepie91>
purely hash-based
<musicmatze>
yes, just branches, I meant caches, not channels
<joepie91>
but yeah, IPFS would probably be suitable for binary cache replication
<joepie91>
with two caveats
<joepie91>
1) you'd want to use the mutable directory thing (I forgot the name) for mapping hashes
<joepie91>
and 2) you'd have to work out who to make seed what
<musicmatze>
as far as I can see it, the moment we have ipfs as nix-store, we automatically mirror all packages for everyone...
<joepie91>
many people won't want it to automatically seed
<joepie91>
so you need some kind of UX path to let people say "yes, I want to seed packages for others"
<musicmatze>
that's true, yes
<simpson>
...Including those packages which currently have secrets or sensitive information.
filterfish has quit [(Read error: Connection reset by peer)]
<musicmatze>
simpson: well, that's a major point, yes.
<simpson>
IPFS'ing everything in a store isn't currently a very safe operation. Nix doesn't have a good story for secret management yet.
<joepie91>
simpson: not necessarily
<joepie91>
simpson: I'm primarily thinking here of just IPFS'ing the stuff from the binary cache
<joepie91>
that is generated on the buildfarm
<joepie91>
(that's Hydra I believe?)
<joepie91>
ie. you'd move that from plain HTTP to HTTP + IPFS
<joepie91>
as a load distribution mechanism
<joepie91>
automatically IPFS-storing builds from *users* is a separate step
<joepie91>
and that requires some thought, but even then secrets aren't necessarily a problem
<joepie91>
since it's content-addressable
<joepie91>
so you need to already have knowledge of the inputs to be able to access the outputs
<avn>
joepie91: it also need to trust for packages for specific seeder
<avn>
*from
<joepie91>
it still needs more thought though, but distributing all hydra builds on IPFS is a safe first step
<joepie91>
avn: how do you mean?
<avn>
joepie91: malicious user can setup builder, which will push packages with proper hash, but malicious content
<joepie91>
avn: no, they can't
<musicmatze>
avn nope, that won't work
<joepie91>
avn: it's content-addressable, so the content can be verified from its address
<joepie91>
it's guaranteed that - with a non-broken IPFS implementation - you always get the same data for the same address/hash
<joepie91>
no matter where it comes from
<joepie91>
you still have to trust the party providing the hash ofc but that's no different from how it works now
<avn>
joepie91: possible I need to take closer look on IPFS
<simpson>
avn: All of the maliciousness of IPFS comes from the inability of IPFS to deal with censorship.
<simpson>
But integrity is not a problem.
ilja_kuklic has joined #nixos
<musicmatze>
joepie91: you seem to know a bit about IPFS... can you tell me the difference to freenet?
<joepie91>
musicmatze: it's completely different :)
<joepie91>
musicmatze: IPFS is closer to BitTorrent than to Freenet
<musicmatze>
yeah, I don't know about freenet...
filterfish has joined #nixos
<joepie91>
it's just a filesystem-y abstraction on top of mostly BitTorrent tech
<musicmatze>
I just mentioned IPFS in my local linux user group and some guy started ranting "They're reinventing freenet"...
<simpson>
Pfft. Freenet is quite different.
JagaJaga has quit [(Ping timeout: 265 seconds)]
<joepie91>
musicmatze: Freenet actually aims to persist data beyond any single set of peers - when you run it, you allocate it some space and it starts filling it up with random data from the network that needs replicating - I believe it somehow looks for the rarest data though I'm not 100% sure of its internals
<joepie91>
I only know the general technical properties :P
<simpson>
Two big differences: On Freenet, each node might hold content that they weren't aware that they were holding; additionally, it's pretty hard to prevent certain content from circulating.
<joepie91>
IPFS doesn't try to do that *at all* - it's just a decentralized distribution mechanisms that pretends to be a filesystem
<joepie91>
data is only there if it's seeded, and if it's not seeded, it goes away
<musicmatze>
okay, I see that this is a clear distinct thing from IPFS
<simpson>
IPFS doesn't have either of those behaviors; it's easy for a node to be confident in which content it currently has, and it's also easy for a plurality of nodes to censor content by refusing to carry it.
<joepie91>
musicmatze: yeah, definitely. entirely different category of tech
<musicmatze>
thanks for your explanation!
<joepie91>
musicmatze: problem is that IPFS marketed itself as the "permanent web" and this misled a ton of people into thinking it was "something like Freenet"
<joepie91>
(and I got a weak hand-wavy "well we mean permanent as in deterministic, not as in persistent" answer when I brought that up...)
<simpson>
IPFS is IMO terrible. But it's a good stepping stone.
<joepie91>
I think IPFS is quite neat, *if* you correctly understands its technical properties and what you can expect from it :P
<joepie91>
understand*
<joepie91>
but few people seem to
<musicmatze>
simpson: why do you think it is terrible?
<simpson>
musicmatze: Mostly because I am a proponent of the Named Data Networking (NDN) working group.
<simpson>
And from that perspective, IPFS solves a similar problem but in a terrible way.
MichaelRaskin has joined #nixos
<joepie91>
simpson: which problem is that?
<simpson>
joepie91: The problem of having some data, putting a name on it, giving somebody else the name, and having the name resolve to the data.
<joepie91>
simpson: strictly speaking that's not the problem that IPFS is trying to solve though
<joepie91>
it's intention is more to be a building block for a distributed filesystem-of-sorts, for other things to build upon
<simpson>
joepie91: Yeah, I know.
<joepie91>
(or well, a set of building blocks)
<simpson>
It's just that NDN is *also* a building block, and it's a far better building block!
<MichaelRaskin>
NDN is not strictly better than anything…
<sphalerite>
I appreciate that there's a large amount of documentation on nixos and related software, but it isn't easy to find how to do things :/ how do I build a package that I have in my nixpkgs tree? nix-build -I path/to/nixpkgs -A packageName?
<simpson>
sphalerite: Pretty much.
pi3r has joined #nixos
<sphalerite>
also, how do I compute a hash for a source archive? Upstream doesn't make it available unfortunately
<MichaelRaskin>
nix-prefetch-url
Itkovian has joined #nixos
<sphalerite>
great thanks
mizu_no_oto has joined #nixos
irctc826 has joined #nixos
<sphalerite>
My package needs gtksourceview, not sure whether it's the GNOME 2 or GNOME 3 version, but how do I specify it in the parameters for the package anyway?
<irctc826>
Hey all, is there any way to manually download a file required by my configuration and sneaker-net it into the nix store so that my configuration can continue?
<joepie91>
irctc826: I believe nix-prefetch-url file:///path/to/file is what you're looking for
<kmicu>
sphalerite: Nixpkgs manual and Nix manual have that ‘missing’ info.
<irctc826>
Perfect, thanks!
<sphalerite>
kmicu: I'm not saying it's missing, it's just hard to find :/ I'm searching the nixpkgs manual for gtk but nothing relevant
<sphalerite>
nor for "gnome"
<joepie91>
(there are quite a few organizational issues with the manuals, imo)
<sphalerite>
or is the expectation that I read the whole manual?
<joepie91>
(I don't find them structurally useful *at all* - there's no quick way to get from "I have a problem" to "this is the solution")
<sphalerite>
^
Fare has joined #nixos
<sphalerite>
They are nicely structured if you want to read them linearly I guess, but I don't think that's the most common use case
<joepie91>
indeed
<joepie91>
ZeroMQ has much the same problem, btw
<joepie91>
basically anything with a length manual
<joepie91>
lengthy*
<Fare>
what's the size of a minimal NixOS image?
<clever>
sphalerite: nox is one util for searching that kind of thing
<clever>
Fare: the iso, or a minimal install?
<Fare>
a minimal install
<clever>
Fare: ive gotten it to fit into 1gig before, but you may want more
<Fare>
also, it looks like some memory leak or something is causing my X server to die every so often.
lverns has quit [(Ping timeout: 265 seconds)]
<Fare>
and X can't recognize my touchpad as such and won't recognize its right click :-/
<clever>
Fare: the journal might say why, "journalctl -u display-manager"
<sphalerite>
clever: Nice! Much better than grep name ~/avail (after having nix-env -qaP > ~/avail ... nox gives me the package I want, but not how to specify it as a dependency for my package: there are multiple versions of gtksourceview, one is under the path nixos.gnome.gtksourceview and the other under nixos.gnome3.gtksourceview. How do I choose one and put it in the arguments for the derivation function?
<clever>
sphalerite: put either gnome or gnome3 into the list of arguments on line 1, then put either gnome.gtksourceview or gnome3.gtksourceview into the buildInputs
<jeaye>
Why do I need to build openjdk on my machine always? I never seem to get a binary for it, unlike other packages, and it takes my single-core VPS quite a bit of disk space and ram (needs a swap file), as well as about an hour of chugging.
<clever>
jeaye: can you compare the output of these 2 commands, "nix-instantiate '<nixpkgs>' -A openjdk" and "nix-instantiate '<nixpkgs>' -A openjdk --arg config '{}'"
<kmicu>
‘nix-shell --dry-run –pure -p openjdk -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-16.09.tar.gz’ wants /nix/store/bn4lzwvxx1bvzzhmxrw706c4kd9h4c1x-openjdk-8u122b04-jre so the hash is different.
<kmicu>
Could you check ‘nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion’ ?
<clever>
kmicu: the hash in that pastebin was the drv hash, not the output hash, so it will differ some because of fetchurl's
<jeaye>
The hash may be different because I'm currently updating openjdk again and it hasn't finished.
<jeaye>
kmicu: "16.09.1113.ee52e98"
<jeaye>
In the middle of an upgrade to the latest 16.09 right now, which caused me to come in here and complain about compiling openjdk again.
<kmicu>
An output hash is known beforehand and it must be the same for all 16.09 users.
<clever>
yeah
<clever>
git checkout ee52e98 ; nix-instantiate -A openjdk perfectly recreates the .drv hash from the pastebin
<clever>
and it is present in the cache
Shou has quit [(Ping timeout: 258 seconds)]
<kmicu>
jeaye: could you share the output of ‘nix-shell --dry-run –pure -p openjdk’?
<kmicu>
--pure*
Shou has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 1 new commit to master: https://git.io/v1TG0
<NixOS_GitHub>
nixpkgs/master 8a424e3 Robert Helgesson: tahoe service: use ExecStart instead of script...
<NixOS_GitHub>
[nixpkgs] rycee closed pull request #20554: tahoe service: use ExecStart instead of script (master...tahoe/use-execstart) https://git.io/vXFwk
<jeaye>
kmicu: There is no --pure for nix-shell
FRidh has quit [(Remote host closed the connection)]
<kmicu>
There is no --pure for ‘nix-env’, ‘nix-shell’ takes --pure since always.
<kmicu>
Ah, it’s probably my en–dash and ‘–pure’ ;)
<kmicu>
‘nix-shell --pure --dry-run -p openjdk’ here you go. This time I’ve copy&pasted directly from terminal emu.
<clever>
the cache is there, i cant think of anything else
civodul has joined #nixos
<clever>
jeaye: oh, the tests are are doing dont handle the nixpkgs.config overrides from configuration.nix
<clever>
jeaye: let me check something
<jeaye>
I know I get cached packages, since I don't build everything. I figured it was an openjdk licensing issue or something, which required me to build it locally.
<clever>
jeaye: this recompiles dbus without x, which triggers an openjdk recompile
<jeaye>
Gah.
<jeaye>
I still get a number of X libs, too, due to python3.
<clever>
and all of the testing we did ignores configuration.nix
<clever>
yeah, that option only turns x off in dbus, it doesnt touch anything else
<jeaye>
clever: Thanks for digging through git to find that!
<clever>
so x is going to come in anyways, enless some major work is done
<clever>
and its going to cause rebuilds
<jeaye>
Maybe I'll try noXlibs = true and see how much my nix store grows.
<jeaye>
It just seemed like an obvious setting for a headless server. In fact, it might make sense to have hydra cache noXlib builds; I imagine they're popular among servers.
<clever>
except, for every similar option, the number of packages doubles
<clever>
x, pulse, gnome, 2*2*2, now it has to build everything ~8 times
<jeaye>
Yep.
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<jeaye>
We need a bigger hydra cluster, with more hard drives. Would Hydra be more likely to support these other configurations if people donated more $$ or hardware/
<jeaye>
s_/_?_
<clever>
it still doesnt scale very well, add one more option and thats 16 builds
<clever>
now you have to double the entire cluster once more
<jeaye>
Word.
<jeaye>
Well, thanks again. I'll give noXlibs a go once this upgrade finishes.
nh2_ has quit [(Quit: Leaving.)]
<sphalerite>
It would IMHO be nice to cover some common use cases (like proper headless) without causing exponential growth by allowing every combination
<sphalerite>
But in that case there would probably be arguments about which use cases are common and should be supported :p
<clever>
ah yeah, and options like pulseaudio have different defaults for every package
<clever>
so forcing it on, and forcing it off, always causes a large number of recompiles
<sphalerite>
right
<sphalerite>
I guess nixos is still primarily a source distribution
<sphalerite>
source-based
<sphalerite>
idk what to call it properly
<clever>
primarily source based, but because of the purity, it is safe to reuse builds other people have made
frankpf has joined #nixos
<clever>
and hydra does 90% of what you will ever want
yegods has quit [(Remote host closed the connection)]
yegods has joined #nixos
<gchristensen>
ikwildrpepper: ping
tomb has quit [(Ping timeout: 260 seconds)]
mizu_no_oto has joined #nixos
val3 has quit [(Quit: WeeChat 1.4)]
val1 has joined #nixos
<sphalerite>
clever: safe in terms of trust, or just compatibility?
<clever>
mostly compatibility
<clever>
you have to trust that the hydra build slave didnt bend the purity rules and inject malware into every single result
<MichaelRaskin>
In terms of trust you need a way to verify faithfulness of the build
<sphalerite>
right
<sphalerite>
yeah
<MichaelRaskin>
And we do not have bit-perfect builds (unfortunately)
<clever>
one random example, by default, mplayer builds on gentoo will auto-detect what cpu features you have
<clever>
and compile those into the binary
<MichaelRaskin>
Now that is bad even from compatibility point of view
<clever>
and if you now run it on an older processor, it will just hard fail
<clever>
MichaelRaskin: thats an option gentoo had enabled, because they are ricers :P
<clever>
MichaelRaskin: by default, mplayer builds everything into it, and auto-detects stuff at runtime, but this results in a bigger binary
<clever>
the runtime detection results in the best performance, and compatibility
<MichaelRaskin>
How to annoy a NixPkgs packager quick: make your package depend on both OpenBLAS and ATLAS via different dependency chains, and make it impossible to pass OpenBLAS in both places. Especially annoying as the «AT» (auto-tunable) part is what we _do not_ want anyway…
<sphalerite>
how does that auto-detection work?
<sphalerite>
Just -march=native?
<gchristensen>
MichaelRaskin: omfg openblas and atlas ...
<gchristensen>
MichaelRaskin: ;_;
<MichaelRaskin>
They run a lot of tests during the build to choose the unroll factors etc
<gchristensen>
yup
<clever>
sphalerite: in mplayer, there are large chunks of hand-optimized assembly
<MichaelRaskin>
Which is Slow™
<clever>
sphalerite: so it has to select the correct codepath, for the current processor
<sphalerite>
oh wow, that sounds fun
<clever>
sphalerite: it also has c implementations, which will probably perform slower
<MichaelRaskin>
At least on some architectures
<clever>
and if runtime detection is on, it can fallback sanely
<gchristensen>
MichaelRaskin: hours and hours and hours of build time.
<sphalerite>
Oh yeah, is there a way to express "soft dependencies" for a package? I'm thinking things that would be useful to have available at runtime but aren't absolutely necessary for a package to function and aren't required for a build, like gnome3.adwaita-icon-theme which is necessary for many gtk3 applications not to look ugly, but not necessary for them to function.
<sphalerite>
Or more generally a sort of "gnome icon theme" metapackage sort of thing
<clever>
sphalerite: plugins in browsers are that sort of thing
<clever>
sphalerite: in that case, the browser is built without plugins by hydra, then the end-user builds a shell script, that sets an env variable saying where to find plugins
<clever>
sphalerite: and the end-user builds a buildEnv to bundle all the plugins into 1 dir
<sphalerite>
aaah right, like the vim config stuff works as well
plumps has joined #nixos
hiratara has quit [(Ping timeout: 245 seconds)]
servilio has left #nixos ["ERC (IRC client for Emacs 24.5.2)"]
phreedom has quit [(Ping timeout: 250 seconds)]
hiratara has joined #nixos
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
lverns has quit [(Ping timeout: 246 seconds)]
Shou has quit [(Ping timeout: 246 seconds)]
goibhniu has joined #nixos
zraexy has quit [(Ping timeout: 246 seconds)]
yegods has quit [()]
Wizek_ has joined #nixos
takle has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
<mw>
how do I disable nixos setting the light blue background color whenever I've landed in my wm?
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<simpson>
Python subsystem: The current packaged version of graphite-web doesn't work with the current Django. Is there a way to specify django_1_9 for that package in a way that works correctly?