<clever>
sheenobu: i believe nix will recursively search the gcroots directory, to find all roots
<pxc>
sheenobu, clever: for NixUP ( https://github.com/NixOS/nixpkgs/pull/9250 ) they made another directory, /nix/var/nix/profiles/nixup and then put the profiles in user directories under it
<pxc>
I think doing something similar with /nix/var/nix/profiles/homes/<user>/<link-to-profile-of-home> would make sense for nix-home
Kingsquee has joined #nixos
<pxc>
or maybe since homes are per-user we could just put them under per-user but they can be called ‘home’ instead of ‘profile’ in the link name?
<clever>
that sounds better
<clever>
no need to get root to make a new dir for you
<clever>
you can write to the dir you already have write to instead
<pxc>
so an ls of /nix/var/nix/profiles/per-user/pxc might show
<maurer>
Woah, are people working on nixup again? Has it been revived?
<MichaelRaskin>
gchristensen: not a match, we have systemd for no good reaso~n
<MichaelRaskin>
Not sure is «whole system» enough for their definition, either…
<MichaelRaskin>
FrozenCow: re: impressed: I run Nix-on-Nix-based-something on notebook, but wanted to upgrade a pure-NixOS USB drive. So I built (without installing) a minimum NixOS on my notebook, mounted the USB drive and ran nixos-install
<MichaelRaskin>
As an excecise to the reader, try installing Fedora 22 from to a USB drive from a notebook running Fedora 23 — without using VMs and without rebooting…
<clever>
MichaelRaskin: and in 2 cases, i just ran ./result/bin/switch-to-configuration boot to force nixos to overwrite the gentoo MBR and take over the same rootfs
<MichaelRaskin>
I think _not_ overwriting what was on the notebook is more impressive than the takeover of the main system
<sheenobu>
maurer, not sure. We are talking about it in relation to another project.
<clever>
MichaelRaskin: yeah, it depends on what your goals are
<MichaelRaskin>
Of course
<clever>
MichaelRaskin: i have also messed with kexec some, one sec
<MichaelRaskin>
sheenobu: does it also support symlinks?
<nekroze>
Does anyone know how to get gitlab working nowadays? it doesn't host gitlab on a tcp port any more so the reverse proxy example in the wiki doesn't work
<sheenobu>
MichaelRaskin, no. Any file referenced will be placed into the nix store, making .monotone/monotonerc readonly. You can copy via ".monotone/monotonerc" = ./path/to/monotonerc, but I think you already understand that
systemfault has joined #nixos
<MichaelRaskin>
Yes, the copying version in readme is clear
athan has quit [(Read error: Connection reset by peer)]
<alphor>
given a choice between nixos or nix on top of debian, what is the better choice for a newbie to nix in general start with?
<clever>
full nixos has a bit of a steeper learning curve and forces you to learn everything at once, while nix on debian lets you cheat and just apt-get things and learn the right way later
<clever>
so it depends on preference somewhat
markus1189 has joined #nixos
<MichaelRaskin>
On the other hand, Nix on Debian makes you learn how the low level (nix-daemon etc) is configured, in NixOS you learn Nix expressions, and Nix store gets set up automatically
<nekroze>
yeah, if you need to actually use the machine straight away then deb, but if you have the day to play around and learn then do that. You could always install nixos on a VM in debian and dive in that way
athan has joined #nixos
data8 has quit [(Quit: nite nite)]
OfficialLeibniz is now known as officia||eibniz
zraexy has joined #nixos
<sheenobu>
MichaelRaskin, I'm not 100% on symlinking since one of the major points is having your files in nix-store and be readonly.
<sheenobu>
pxc, clever, release is cut thanks a lot for the help
markus1199 has quit [(Ping timeout: 240 seconds)]
<alphor>
yeah I've got a lot of time to figure it out and play with it, so nixos it is. I've got nix locally anyway.
<clever>
alphor: another fun thing you can do on any distro
<clever>
alphor: nix-build '<nixpkgs/nixos>' -A vm -I nixos-config=./configuration.nix
<clever>
alphor: this will build a bash script that runs a build of nixos under qemu
AllanEsp1nosa has quit [(Ping timeout: 240 seconds)]
<clever>
alphor: ive used this on both nixos and gentoo systems to test a basic nixos configuration out without having to setup a proper vm
<pxc>
sheenobu: great! I'm looking forward to playing with it.
<sheenobu>
pxc, cool, thanks. I don't think I would have gotten around to it soon if you didn't ask about it =)
<alphor>
clever: neat!
<clever>
alphor: main limitation with that method is that you cant nixos-rebuild switch, just shutdown and re-run nix-build, then boot it back up
<pxc>
sheenobu: so does it actually add links in /home/<user> after it builds the profile, or does it just put the files in place and leave it to you to link them into your proper home directory?
<alphor>
clever: oh so I've got to build it outside the VM?
<clever>
alphor: yeah
<clever>
alphor: its basicaly building the entire nixos inside the /nix of the host, and then just mounting the host /nix to /nix under qemu
* gchristensen
makes release notes
<sheenobu>
pxc, it adds the links into /home/<user>. .bashrc -> /nix/var/nix/profiles/per-user/sheenobu/nix-home/.bashrc
<sheenobu>
hey gchristensen
<gchristensen>
hi sheenobu!
<clever>
sheenobu: sounds a lot like the job of setup-etc.pl, and like a good chance to rewrite it to be more flexible
<sheenobu>
oh? I wouldn't be shocked if setup-etc.pl is more robust than what I have. I do think there is a bigger concept here though... derivations as overlays
<pxc>
sheenobu: ok. Does `nix-home build` do everything except link? I'd like to start playing with it without actually writing any links directly in my home directory to get started
nekroze has quit [(Quit: Leaving)]
<clever>
sheenobu: one trick setup-etc.pl uses to make things more atomic, is that it symlinks /etc/static to /nix/store/foo-etc/, then it symlinks each config file from /etc/foo.conf to /etc/static/foo.conf
<sheenobu>
pxc, you can do "nix-home --set --dry-run" but it'll still attempt to link. I need to fix that. it's just 'nix-home'. no build parameter.
<clever>
sheenobu: so it can now edit the /etc/static symlink, and atomicly update every single file that exists in the old&new version
<pxc>
sheenobu: I think separating the generation of the $HOME files from installing them could do some nice, interesting stuff. There are lots of different ways to handle installing things into your ‘true home directory’ and imo there's not a clear winner among them in terms of idiomaticity for Nix
<sheenobu>
pxc, hrmmm. good idea
<pxc>
sheenobu: like a real overlay filesystem might be cool, copying might be appropriate for some systems, hard linking for others, symlinking for others still
<clever>
sheenobu: i have been considering rewriting setup-etc.pl in c/c++, it is the only thing in not-os that depends on perl, which is adding a large chunk of bloat
<sheenobu>
setup-etc.pl is not-os? hrm
<NixOS_GitHub>
[nixpkgs] grahamc pushed 5 new commits to master: https://git.io/vMu84
<NixOS_GitHub>
nixpkgs/master 2dab778 Graham Christensen: unrtf: patch against CVE-2016-10091
<NixOS_GitHub>
nixpkgs/master 847647a Graham Christensen: pcsclite: 1.8.17 -> 1.8.20 for CVE-2016-10109
<NixOS_GitHub>
nixpkgs/master 9837dce Graham Christensen: nvidia_x11_legacy304: 304.131 -> 304.134 for CVE-2016-7382, CVE-2016-7389, CVE-2016-8826
eacamero_ has joined #nixos
<clever>
sheenobu: it came from nixos, and i am also using it in not-os to manage /etc there
<sheenobu>
pxc, I'll explore this. Probably add an additional command. 'nix-home' being what it does but 'nix-home-generate' doing the overlay generate and nix-home doing the linking work
<sheenobu>
clever, ahhh
<NixOS_GitHub>
[nixpkgs] grahamc pushed 5 new commits to release-16.09: https://git.io/vMu8K
<NixOS_GitHub>
nixpkgs/release-16.09 2b6ff8c Graham Christensen: unrtf: patch against CVE-2016-10091...
<NixOS_GitHub>
nixpkgs/release-16.09 4acd692 Graham Christensen: pcsclite: 1.8.17 -> 1.8.20 for CVE-2016-10109...
<NixOS_GitHub>
nixpkgs/release-16.09 f1c3402 Graham Christensen: nvidia_x11_legacy304: 304.131 -> 304.134 for CVE-2016-7382, CVE-2016-7389, CVE-2016-8826...
<clever>
sheenobu: but bringing in setup-etc.pl has also brought in perl, and thats something like 10 or 15mb, and the entire distro builds down to 47mb
<sheenobu>
right
<pxc>
plus, sheenobu, installation is hairy in ways that generation is not. If you switch to a config which is unimplementable because it would overwrite an existing file, the Nixiest thing to do would probably be to fail altogether. Linking some things but not others is icky
<clever>
sheenobu: i was initialy just symlinking /etc directly to the store, but sshd gets upset if its private keys are world-readable
<sheenobu>
pxc, it does fail. if nix-env fails the linking won't be performed
<clever>
sheenobu: the way setup-etc.pl handles the situation pxc mentioned, symlinks can overwrite normal files and symlinks, but it cant overwrite a directory
ilja_kuklic has quit [(Ping timeout: 240 seconds)]
<pxc>
or if you want to revert to a previous generation where a symlink didn't exist before, so you want to remove the symlink... but there's a plot twist: it's been replaced with a symlink the user created manually. now removing it does something weird
<clever>
sheenobu: so if a /etc/nix/nix.conf file happens to get in the way, setup-etc just replaces it with the correct symlink, and the previous contents are lost
<sheenobu>
pxc, nix-home should never overrwrite files that aren't symlinks
<pxc>
sheenobu: what if it's a symlink but it goes somewhere else, not to /nix/store/something or a nix-home profile or whatever?
<clever>
from setup-pl, it uses /etc/.clean to keep track of which symlinks it made, and deletes obsolete ones
<sheenobu>
pxc, it'll overwrite that. It probably shouldn't
eacamero_ has quit [(Ping timeout: 248 seconds)]
<pxc>
the home directory can have its ‘state’ corrupted in a way that other objects in the Nix universe generally can't be
joepie91 has quit [(Read error: Connection reset by peer)]
<pxc>
so not to pile all this on or whatever, but all of these are reasons that I think make the management of the generations and the arrangement of the directory structure a very different sort of problem than installing it over an existing, real $HOME
joepie91 has joined #nixos
joepie91 has quit [(Changing host)]
joepie91 has joined #nixos
<clever>
yeah, i would generaly just wrap an executable with a bash script that runs ${pkgs.foo}/bin/bar -c ${configfile}
<clever>
so it has no impure config file access
eacameron has joined #nixos
<sheenobu>
pxc, makes sense.
zraexy has quit [(Quit: Leaving.)]
babygau has joined #nixos
<sheenobu>
eh how do I query a symlink in bash
<NixOS_GitHub>
[nixpkgs] rht opened pull request #21822: coq_HEAD: Update to the latest commit (master...master) https://git.io/vMu4z
<pxc>
clever: that's an interesting way of doing things! another way a tool like nix-home could operate in terms of ‘installation’ is by providing such wrappers to direct applications in the user profile to the nix-home configs
<pxc>
clever: I'm glad to have exploited your resourcefulness and amiability yet again. ☺ I'll been in-channel more frequently in the near future, so I'll see you around
feepo has quit [(Quit: Connection closed for inactivity)]
<clever>
yep :)
data8 has joined #nixos
<pxc>
sheenobu: thanks again for your work on nix-home! I can think of a few small things I want to add. If I'm a good boy and manage my time like I hope to, you'll see a pull request from me in a few days
<pxc>
g'night all
<sheenobu>
pxc, cool. Feel free to file a bug report in the meantime
pxc has quit [(Quit: WeeChat 1.5)]
filterfish has joined #nixos
alx741 has quit [(Quit: alx741)]
alx741 has joined #nixos
filterfish has quit [(Remote host closed the connection)]
filterfish has joined #nixos
filterfish_ has joined #nixos
filterfish_ has quit [(Client Quit)]
pareidolia has quit [(Ping timeout: 260 seconds)]
filterfish has quit [(Client Quit)]
alx741_ has joined #nixos
alx741 has quit [(Read error: Connection reset by peer)]
pareidolia has joined #nixos
alx741_ has quit [(Read error: Connection reset by peer)]
alx741 has joined #nixos
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to release-16.09: https://git.io/vMuRt
mkoenig has quit [(Read error: Connection reset by peer)]
glines has joined #nixos
athan has quit [(Read error: Connection reset by peer)]
athan has joined #nixos
<sheenobu>
Bleh just released 0.3.1. Actually versioning properly is /hard/. BIG release, followed by a bunch of small bugfix releases.
glines has quit [(Ping timeout: 258 seconds)]
<gchristensen>
it is hard
filterfish_ has joined #nixos
filterfish has quit [(Ping timeout: 255 seconds)]
glines has joined #nixos
danharaj has joined #nixos
data8 has quit [(Quit: nite nite)]
glines has quit [(Ping timeout: 240 seconds)]
phanimahesh has quit [(Ping timeout: 240 seconds)]
glines has joined #nixos
data8 has joined #nixos
nekroze has joined #nixos
glines has quit [(Ping timeout: 260 seconds)]
<nekroze>
I am using builtins.readFile but it seems to add a blank line at the end of the string once read when the file is just 1 line. How can I prevent this?
glines has joined #nixos
<clever>
nekroze: can you gist an example of how your using it?
acarrico has quit [(Read error: Connection reset by peer)]
sboosali has quit [(Ping timeout: 258 seconds)]
derjohn_mob has quit [(Ping timeout: 256 seconds)]
<nekroze>
clever: not easily as it is a bit of a mess at the moment and is handling passwords. but for example I am writing a file like this "head -c 500 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 30 | head -n 1 > keys/gitlab-db" then reading it like so "databasePassword = builtins.readFile ../keys/gitlab-db;" and when looking at the preStart script for gitlab I can see the password string for postgres ends on the following line
<clever>
nekroze: ah, it i would expect a dommand with head like that to end the string with \n
<clever>
command*
<nekroze>
Ah that was one of the things I was hoping head would solve
<clever>
i would expect it to return a single line, "foo\n"
<nekroze>
ok, I will focus my googling on striping newlines from the head command output
<gchristensen>
you could pipe to xargs echo -n
<nekroze>
gchristensen: I'll give that a go thanks, it was that or printf
<gchristensen>
use printf
<nekroze>
gchristensen: change of heart?
<gchristensen>
better solution
glines has quit [(Ping timeout: 240 seconds)]
derjohn_mob has joined #nixos
PragCyph1 has joined #nixos
<nekroze>
a bit off topic but does anyone happen to know if there are any character restrictions for postgres user passwords? like could I use "a-zA-Z0-9~!@#$%^&*_-" characters or are some of those special characters going to give me trouble?
<nekroze>
surprisingly hard to find the answer for that on google
<clever>
nekroze: i would also use a tool like pwgen for this kind of thing
<nekroze>
clever, I am using that in other places, but I wasn't sure on restricting the character set of the output with that
<clever>
-s, --secure
<clever>
Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords,
PragCyphr has quit [(Ping timeout: 260 seconds)]
<clever>
$ pwgen -s 20 1
<clever>
2iJKUM3cscE8IIOZcho1
<clever>
a single 20 character password, that ignores the "easy to remember" rules that normaly make it less secure
wkennington has joined #nixos
<nekroze>
fair enough I'll switch to that
<nekroze>
thanks
<clever>
if you where using bash to create the file, it would just be a matter of databasePassword = $(pwgen -s 20 1);
<clever>
within a heredoc of cat
athan has quit [(Read error: Connection reset by peer)]
<nekroze>
But I would need to store it in a file for persistence and have nix read that file still right? otherwise I lose db access next run
<clever>
oh yeah, forgot about that
<nekroze>
lol
<clever>
i would move it over to a pre-start script, that generates the password the first time the service gets ran
<clever>
nekroze: the mysql module has something similar, if /var/lib/mysql does not exist during pre-start, it creates /tmp/mysq_init, and then in post-start (the server is now up), it runs some one-time stuff to configure everything
<nekroze>
clever: at the moment I just need the password to be a single line so I can deploy to a staging environment. Making it smarter/safer will happen later
sdothum has quit [(Quit: ZNC - 1.6.0 - http://znc.in)]
acarrico has joined #nixos
<clever>
you could also do "pwgen -s 20 1 > password" once, and then have a nix build do databasePassword = $(cat ${./password});
<clever>
then it will import that fixed password file into /nix/store, and bash's $( stuff will strip the trailing newline
contrapumpkin has joined #nixos
<contrapumpkin>
yo clever
<contrapumpkin>
I packaged lkl
<contrapumpkin>
and am now able to create a nice filesystem image and copy files to it super speedily
mbrgm has quit [(Ping timeout: 240 seconds)]
* contrapumpkin
grins
pie_ has joined #nixos
mbrgm has joined #nixos
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<contrapumpkin>
has nobody packaged lkl before? I couldn't find it anywhere
<gchristensen>
linux keylogger?
<contrapumpkin>
linux kernel library
mkoenig has joined #nixos
<contrapumpkin>
basically rump kernels for linux
<gchristensen>
oh
<contrapumpkin>
means I get all the nice solid linux FS drivers, in pure userland
<gchristensen>
nice
<contrapumpkin>
so image building galore with no VMs in sight
<contrapumpkin>
which means image building that doesn't take half an hour on EC2
sdothum has joined #nixos
<contrapumpkin>
(literally; it's awful)
<contrapumpkin>
so I'm packaging up LKL, then want to amend the image building machinery we have in Nix to use this LKL thing
<contrapumpkin>
I think LKL should even work on macOS
<contrapumpkin>
my goal is for our image building machinery to take basically as long as a file copy of whatever store paths we put into the image
<contrapumpkin>
stay tuned :)
systemfault has quit [(Quit: Bye!)]
<gchristensen>
(not that people are likely to be interested in these results, but...) search.nix.gsc.io now indexes the security repo
<gchristensen>
(and indexes everything but nixos/nixos, systemd, nixpkgs-channels, nixops-dashboard, nixos-foundation)
<contrapumpkin>
ooh nice
<gchristensen>
maybe that should run on nixos.org :)
<clever>
contrapumpkin: something ive been interested in, another way of solving the same problem, usermode linux, have you heard of it?
hexagoxel has quit [(Ping timeout: 258 seconds)]
data8 has quit [(Quit: nite nite)]
<clever>
contrapumpkin: UML is basicaly compiling the linux kernel, to act as a normal linux program
<clever>
contrapumpkin: so you can still get most of the benefits of a virtual machine, but you can skip qemu itself, the kernel just does the emulation directly
<contrapumpkin>
adelbertc: different machine, so different nick
<adelbertc>
gotcha :)
<adelbertc>
clever naming
<adelbertc>
i expect invariantpumpkin and phantompumpkin somewhere
<shachaf>
invariantpumpkin might be better expressed as a propumpkin
mizu_no_oto has joined #nixos
<contrapumpkin>
:) I've been propumpkin, anapumpkin, pumpkin, and copumpkin at various points
<shachaf>
the end of propumpkin
mizu_no_oto has quit [(Ping timeout: 240 seconds)]
marciogm_ has joined #nixos
<contrapumpkin>
:)
mguentner has quit [(Quit: WeeChat 1.6)]
mizu_no_oto has joined #nixos
mizu_no_oto has quit [(Ping timeout: 248 seconds)]
mguentner has joined #nixos
Lowl3v3l has quit [(Remote host closed the connection)]
systemfault has joined #nixos
mkoenig_ has joined #nixos
glines has joined #nixos
mkoenig has quit [(Ping timeout: 245 seconds)]
marciogm has quit [(Quit: Lost terminal)]
marciogm_ has quit [(Quit: Lost terminal)]
sellout- has joined #nixos
mizu_no_oto has joined #nixos
phanimahesh has joined #nixos
georges-duperon has quit [(Ping timeout: 252 seconds)]
<Ralith>
but have you been pie?
justanotheruser has joined #nixos
officia||eibniz has quit [(Ping timeout: 255 seconds)]
mizu_no_oto has quit [(Ping timeout: 240 seconds)]
sellout- has quit [(Read error: Connection reset by peer)]
sellout- has joined #nixos
<contrapumpkin>
nope
sellout- has quit [(Client Quit)]
sdothum has quit [(Quit: ZNC - 1.6.0 - http://znc.in)]
sdothum has joined #nixos
sellout- has joined #nixos
<Ralith>
growth mindset
<shachaf>
Halith
* Ralith
hals
<nekroze>
I need to deploy a libvirt guest with nixops and then ssh into it and deploy anoter guest (nested kvm) however because the nix store is recreated in the first guest if it gets destroyed and remade I have to re-download and compile anything the second guest needs. Is it possible to mount the hosts /nix/store into the first guest so that it is persistent and does not have to redo everything?
Lowl3v3l has joined #nixos
eacameron has joined #nixos
systemfault has quit [(Quit: Bye!)]
sdothum has quit [(Quit: ZNC - 1.6.0 - http://znc.in)]
uralbash has joined #nixos
sdothum has joined #nixos
athan has joined #nixos
Guest24049 is now known as josePhoenix
josePhoenix is now known as Guest58452
Guest58452 has quit [(Changing host)]
Guest58452 has joined #nixos
mrkgnao has joined #nixos
mguentner2 has joined #nixos
<unlmtd[m]>
if git was able to scale, then it could do nix's job?
mguentner has quit [(Ping timeout: 256 seconds)]
<contrapumpkin>
unlmtd[m]: ?
<contrapumpkin>
they're pretty different
<unlmtd[m]>
cd / ; git init
<unlmtd[m]>
suckless did that
<clever>
unlmtd[m]: i once did that with svn on my router
<clever>
unlmtd[m]: the hdd did fail at one point, i was able to copy an old image of the hdd to a new disk, and basicaly "git pull" the missing changes in
data8 has quit [(Quit: nite nite)]
<contrapumpkin>
unlmtd[m]: doesn't really address the build and caching aspects of nid
<clever>
unlmtd[m]: but now that ive learned more, i would just use zfs snapshots to do the same job
<contrapumpkin>
nix
<unlmtd[m]>
ya im using zfs now
<clever>
unlmtd[m]: i also had a small scare with zfs and defective ram last night
<clever>
memtest86 said the ram in my main desktop was toast
data8 has joined #nixos
<clever>
and after swapping in the ram from my NAS, it said that ram was bad too
<shanemikel>
This package in particular is using the Haskell infrastructure, and cabal2nix to generate the .nix file
Intensity has joined #nixos
<shanemikel>
hmm... could this be because the derivation is itself a function of my <nixpkgs>
glines has quit [(Ping timeout: 255 seconds)]
siarheit_ has joined #nixos
uralbash has quit [(Ping timeout: 248 seconds)]
johann__ has joined #nixos
ccfag has quit [(Quit: The 7 Deadly Sins: a new fragrance for men, by Calvin Klein [www.t7ds.com.br])]
johann__ has quit [(Read error: No route to host)]
MichaelRaskin has quit [(Quit: MichaelRaskin)]
johann__ has joined #nixos
teknico has joined #nixos
johann__ has quit [(Read error: Connection reset by peer)]
<dbe>
So, what makes some packages show up in nix-env -q and not others? So, I'm in nix-repl now, and I've done a import <nixpkgs>, and now I have this huge structure to browse through. Why is only some of it searchable?
johann__ has joined #nixos
<dbe>
Oh, ok, so I can import <nixos> as well. So these are my channels?
trqx has joined #nixos
<ikwildrpepper>
copumpkin: do you still use hologram?
mudri has joined #nixos
filterfish_ has quit [(Ping timeout: 245 seconds)]
ckauhaus has joined #nixos
johann__ has quit [(Read error: No route to host)]
<NixOS_GitHub>
[nixpkgs] abbradar opened pull request #21828: udev service: verify that hwdb is generated without errors (master...hwdb-verify) https://git.io/vMuSJ
johann__ has joined #nixos
<mrkgnao>
gchristensen: I fixed my opengl problem, if you remember what I'm talking about. and I got my first-ever SO bounty :)
<mrkgnao>
the Stack/NixOS interaction is nontrivial and also different from how every other piece of software behaves (I'm talking about the "integrated pure nix-shell" thingy)
<NixOS_GitHub>
[nixpkgs] matthewbauer opened pull request #21829: Add pyobjc to nixpkgs (master...pyobjc) https://git.io/vMuSB
roconnor_ has quit [(Quit: Konversation terminated!)]
wkennington has quit [(Read error: Connection reset by peer)]
uralbash has joined #nixos
nschoe has joined #nixos
jgertm has quit [(Ping timeout: 240 seconds)]
<fpletz>
gchristensen: pong :)
Itkovian has joined #nixos
fritschy has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti pushed 2 new commits to master: https://git.io/vMuQL
<NixOS_GitHub>
nixpkgs/master 2fd0a9f Peter Simons: bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778)
<NixOS_GitHub>
nixpkgs/master b4fcbf4 Peter Simons: callHackage: update database to current version
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to release-16.09: https://git.io/vMuQ4
<NixOS_GitHub>
nixpkgs/release-16.09 7b34209 Peter Simons: bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778)
proteusguy has quit [(Remote host closed the connection)]
proteusguy has joined #nixos
johann__ has quit [(Quit: Leaving.)]
johann__ has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vMuQQ
<NixOS_GitHub>
nixpkgs/master 086fbfa Vincent Laporte: ocamlPackages.owee: init at 0.2...
<sphalerite>
I have an application that includes its git revision hash in its version number for builds from the master branch, but I want to exclude .git from the source. Just doing this directly results in the hash not being excluded, because the git repo isn't there anymore. Is there a neat way to do this while still having the revision hash in the version string and avoiding the inclusion of the (fairly volatile
<sphalerite>
and irrelevant) contents of .git?
thc202 has joined #nixos
deepfire has joined #nixos
<deepfire>
had anyone seen grub installation failures on recent master?
<hlavaty>
hi, is there a way to override a module, something like there is a way to override package?
<hlavaty>
without forking sources i mean
<LnL>
no, you can add modules but you can't override existing ones
<hlavaty>
hmm, thats really annoying
goibhniu has joined #nixos
<LnL>
you can override config values using mkForce
<hlavaty>
i need to work around broken module, so overriding config values doesnt help
ixxie has joined #nixos
<ixxie>
mornin
johann__ has quit [(Read error: No route to host)]
jgertm has joined #nixos
<LnL>
hlavaty: you can usually work around it with mkForce, but you might have to copy some stuff
<hlavaty>
the thing i need to change is not an mkOption, so that would not work, unless i am missing something
mguentner2 is now known as mguentner
<hlavaty>
LnL: thanks for help!
johann__ has joined #nixos
<LnL>
hlavaty: mkForce is for config values not options
<LnL>
it just makes the value have a higher priority then whatever the options generate
<hlavaty>
yeah, i know, sorry for not expressing myself well, i mean the bug is not in anything configurable
<hlavaty>
but directly in the module text/function
<hlavaty>
anyway, i just copied the module and renamed it for now
FRidh has joined #nixos
Kingsquee has quit [(Read error: Connection reset by peer)]
Kingsquee has joined #nixos
jensens has joined #nixos
jmeredith has quit [(Quit: Connection closed for inactivity)]
Lowl3v3l has quit [(Remote host closed the connection)]
ilja_kuklic has joined #nixos
PragCyph1 has quit [(Quit: leaving)]
filterfish has quit [(Quit: Leaving)]
michas has joined #nixos
shanemikel has quit [(Quit: My MacBook Air has gone to sleep. ZZZzzz…)]
dbe has quit [(Quit: leaving)]
pstn has joined #nixos
mkoenig has quit [(Ping timeout: 240 seconds)]
michas has quit [(Ping timeout: 240 seconds)]
lsix has joined #nixos
johann__ has quit [(Read error: No route to host)]
johann__ has joined #nixos
michas has joined #nixos
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to master: https://git.io/vMzeQ
<NixOS_GitHub>
nixpkgs/master 6043569 Domen Kožar: haskellPackages.servant-auth: fix build
ilja_kuklic has quit [(Ping timeout: 252 seconds)]
michas has quit [(Ping timeout: 256 seconds)]
trqx has quit [(Quit: WeeChat 1.6)]
trqx has joined #nixos
derjohn_mob has quit [(Ping timeout: 240 seconds)]
<ixxie>
is there a nice tutorial out there for reproducing nixos build problems in vms?
<LnL>
ixxie: nixos-rebuild build-vm
bennofs1 has joined #nixos
michas has joined #nixos
proteusguy has quit [(Ping timeout: 240 seconds)]
<ixxie>
how do I make it take a different file as argument for the config?
johann__ has quit [(Read error: No route to host)]
phanimahesh has quit [(Ping timeout: 240 seconds)]
<LnL>
-I nixos-config=./configuration.nix IIRC
polyrod has quit [(Ping timeout: 240 seconds)]
angerman has quit [(Quit: Gone)]
nanobapt has joined #nixos
<nanobapt>
Hi there
<nanobapt>
I'm using vim in order to code
<nanobapt>
but I have some trouble with the copy/paste
<nanobapt>
from system clipboard
<nanobapt>
it seems that what I want is the option +xtermclipboard
<nanobapt>
but it's not in my nixos config
<nanobapt>
anyone know how I could change that ?
<ixxie>
cheers LnL
<srhb>
nanobapt: You mean for Vim configurable?
<LnL>
not sure if there's a proper guide for it, would be nice
<srhb>
nanobapt: Doesn't it have something like vimrcConfig.customRC = ... ?
<nanobapt>
srhb: I read that +xtermclipboard is an compilation option ...
<nanobapt>
not the vimrc file
<srhb>
nanobapt: Are you sure it's disabled by default? You also need to set the relevant clipboard in the vim config.
<ixxie>
LnL: I am thinking of writing a series of blog posts outlining the very basics of NixOS system managemnt, since by far most of the guides seem to be geared towards developers intersted in packaging their project
<srhb>
nanobapt: ie. does :version show that it's disabled?
<nanobapt>
srhb: don't know if default is disabled but mine yes using vim --version
<nanobapt>
srhb: yes
<srhb>
nanobapt: Oh, okay.
<srhb>
My mistake.
<nanobapt>
srhb: no prob
<srhb>
nanobapt: Does vimHugeX have it enabled?
<srhb>
nanobapt: If so, you can look at the top level packages to see how it's defined.
<nanobapt>
srhb: don't know, I'm not using it
<nanobapt>
srhb: will take a look
<srhb>
nanobapt: Well, you could try. nix-shell -p vimHugeX
<srhb>
nanobapt: Then vim --version :)
<nanobapt>
srhb: will try that
michas has quit [(Ping timeout: 240 seconds)]
bennofs1 has quit [(Ping timeout: 258 seconds)]
<gchristensen>
fpletz: I had some gnutls questions but your commit messages were super good, and ended up answering them for me :) nice messages!
ertesx has joined #nixos
<ixxie>
wow building the vm sure takes a loooong time
orbekk has quit [(Ping timeout: 260 seconds)]
<LnL>
ixxie: are you building from master?
ertes has quit [(Ping timeout: 240 seconds)]
ertesx is now known as ertes
michas has joined #nixos
<ixxie>
I ran nixos-rebuild build-vm -I nixos-config=./mytest.nix
<ixxie>
I am not sure what you mean by master
<ixxie>
you mean master branch LnL?
<LnL>
yes, or a channel?
mkoenig has joined #nixos
<ixxie>
LnL: since the configuration has system.stateVersion = "16.09" I suppose its the stable channel?
<LnL>
wouldn't expect it to take do long then
lsix has quit [(Read error: Connection reset by peer)]
orbekk has joined #nixos
<ixxie>
It seems to build everything from scratch
<ixxie>
I guess it makes sense for a first build?
<ixxie>
but the weird thing is the failure appears in the build but it keeps going
<srhb>
ixxie: I don't think stateVersion has anything to do with channel at all (or were you just using it to infer the active channel?)
Shou has joined #nixos
<srhb>
ie. I have that in my configuration.nix on a 17.03pre thingy :)
<ixxie>
srhb: so it uses the channel your host hast?
<ixxie>
when you build a vm?
<srhb>
ixxie: I believe so.
<LnL>
yes unless you override nixpkgs, like you did with nixos-config
johann__ has joined #nixos
<LnL>
you can see what it's building with --dry-run
data8 has quit [(Quit: nite nite)]
<ixxie>
LnL: dry-build?
lsix has joined #nixos
MaZ- has joined #nixos
<ixxie>
well that doesn't work because the configuration test I made doesn't have a hardware config included
<ixxie>
btw nix-channel --list gives nixpkgs unstable and nixos stable.... why do I get the feeling that is not right? 8=>.<=8
johann__ has quit [(Read error: Connection reset by peer)]
Shou has quit [(Ping timeout: 252 seconds)]
<srhb>
ixxie: If that's with sudo you should probably only have the one, main channel that you want for your system.
<srhb>
ixxie: If that's for your user, you can have as many different as you like.
<MaZ->
http://lpaste.net/158231#line77 so I came across this code which appears to use nix's laziness to generate zookeeper servers (services.zookeeper.servers is only generated when read, when all server values are already created) - as far as I can tell the makeZookeeperServer sets the zookeeper servers to a list of all servers created by the same function - am i right in that assumption?
<ixxie>
aha
Avaq has joined #nixos
derjohn_mob has joined #nixos
johann__ has joined #nixos
dannyg has joined #nixos
<srhb>
MaZ-: I'm not sure where you're seeing the laziness exactly. Can you elaborate?
jgertm has quit [(Ping timeout: 258 seconds)]
<MaZ->
srhb: well... i assume that the point of that code is that you can create 3 zk servers, and the function will automatically populate the list of servers to join on each zk server to be the full list
<MaZ->
maybe i'm wrong
<MaZ->
since you need 3 zk servers to know about each other to bootstrap
<MaZ->
(i have the same 'issue' with consul)
<MaZ->
i haven't actually tested that code but my gut is that by the time services.zookeeper.servers is evaluated, the zookeeperServers list already has all 3 servers in
<NixOS_GitHub>
[nixpkgs] abbradar pushed 1 new commit to master: https://git.io/vMzmL
<NixOS_GitHub>
[nixpkgs] grahamc pushed 2 new commits to release-16.09: https://git.io/vMzmB
<NixOS_GitHub>
nixpkgs/release-16.09 bb452bc Peter Hoeg: dropbox: 16.4.30 -> 17.4.33
<NixOS_GitHub>
nixpkgs/release-16.09 55a3cb6 Graham Christensen: Merge pull request #21825 from peterhoeg/u/dropbox_stable...
mkoenig has quit [(Ping timeout: 245 seconds)]
<NixOS_GitHub>
[nixpkgs] grahamc pushed 2 new commits to master: https://git.io/vMzmS
<NixOS_GitHub>
nixpkgs/master 167795c Reno Reckling: rust: make rust beta and nightly be build by hydra
<NixOS_GitHub>
nixpkgs/master 193d206 Graham Christensen: Merge pull request #21804 from exi/include-rust-beta-nightly...
mkoenig has joined #nixos
<srhb>
MaZ-: Sorry, I don't see it.
<sphalerite>
I'm trying to typeset some xelatex documents but am missing certain style files (fullpage.sty, enumitem.sty), even with scheme-full. It worked fine on debian with all the texlive packages installed.
<sphalerite>
Any ideas?
<nanobapt>
srhb: vimHugeX was the solution !
<srhb>
nanobapt: Great. :)
<nanobapt>
srhb: thx
<nanobapt>
an other question I'd like to install teamviewer
<nanobapt>
I've got some trouble with the hash result of teamviewer.deb
<nanobapt>
Itried a solution proposed by LnL which include overriding the url
<nanobapt>
but I've got : error: value is a function while a set was expected
<gchristensen>
that specific stuff being "${pkgs.bluez5}/bin/bluetoothd -n --compat";
<aloiscochard>
gchristensen: thanks! I tried that but I get "The unique option `systemd.services.dbus-org.bluez.serviceConfig.ExecStart' is defined multiple times".
<sphalerite>
add lib.mkForce before the string
proteusguy has joined #nixos
<sphalerite>
A nicer solution would be having the bluetooth module allow passing in additional options of course...
<NixOS_GitHub>
[nixpkgs] ttuegel pushed 4 new commits to master: https://git.io/vMzO0
<NixOS_GitHub>
nixpkgs/master adbc201 Michael Alan Dorman: elpa-packages: 2017-01-11
<NixOS_GitHub>
nixpkgs/master 2c4ee51 Michael Alan Dorman: melpa-stable-package: 2017-01-11...
<NixOS_GitHub>
nixpkgs/master ac393d2 Michael Alan Dorman: melpa-packages: 2017-01-11...
<gchristensen>
yeah
mudri` has joined #nixos
<gchristensen>
aloiscochard: can you open an issue on github.com/nixos/nixpkgs describing what you're wanting to do? then maybe it'll be easier to do it later / for the next person
mudri has quit [(Ping timeout: 240 seconds)]
sdothum has joined #nixos
<sphalerite>
Why is the getBin there in the bluetooth module? Is bin not the default output for the bluez packages?
<sphalerite>
(and why does getBin exist? getBin x is longer and less clear than x.bin...)
<gchristensen>
dunno
<sphalerite>
oh right because it falls back to .out
<NixOS_GitHub>
[nixpkgs] the-kenny closed pull request #21742: rustc: enable codegen units and parallel building (master...rust-parallel) https://git.io/vMCB7
<gchristensen>
ok so I _thought_ I understood it, but now I need to think about this a few more times :|
<LnL>
gchristensen: when I learned about fixpoints in haskell I stared at the definition for about an hour
<ixxie>
in the logistic map you sometimes have x = f (f (x))
<gchristensen>
heh
<gchristensen>
nix is the only functional language I know :)
<ixxie>
maybe its my background but the concept seems easier to understand when you explicitly show the iteration dynamics
<gchristensen>
oh?
<ixxie>
x_{n+1} = f x_n
<ixxie>
f iterates the value of x in subsequent iterations n
<ixxie>
the fixed point is when this converges to some value, so x_{n+1}=x_n
proteusguy has quit [(Ping timeout: 240 seconds)]
<ixxie>
the weird thing for me about the way functional languages are expressed is that all the recursion is implicit
<ixxie>
when I implement a simulation of a dynamical system I explictly describe the whole iteration process, and plot all the steps to view the dynamics
<srhb>
ixxie: I wouldn't call recursion implicit in functional languages at all.
<gchristensen>
ok lnl
dottedmag has joined #nixos
<LnL>
gchristensen: what helps to understand why it works is let vs letrec
<gchristensen>
LnL: maybe I'm missing a thing here, but `let x = f x; in` does x in a `let`/`in` recur, so the x in `f x` is the `x =` bit?
<ixxie>
srhb, I guess implicit is relative to what you are used to xD
<srhb>
ixxie: Yeah, you seem to be calling iteration "Explicit recursion" :)
<LnL>
gchristensen: some languages have different builtins for those but in nix/haskell there's only letrec and that is what introduces the recursion
<dottedmag>
I'm reading Nix manual and have a question about this chapter: http://nixos.org/nix/manual/#ch-env-variables -- it says "PATH should contain the directories prefix/bin and ~/.nix-profile/bin". However I have installed nix on OS X, and nix-* binaries are available via ~/.nix-profile/bin, and there is no /nix/bin at all. Is documentation in error?
<gchristensen>
LnL: but just that one point -- I think I get it, if `x` in on the right side of the = is the result of `f x`
<gchristensen>
omg it is
<gchristensen>
omg I get it
<LnL>
gchristensen: yep :D
<gchristensen>
`self` is a function which only gets evaluated to an attrset when you get an attribute off it
* gchristensen
dies
<LnL>
yes, a thunk or function without arguments
<LnL>
lazy evaluation <3
Mic92 has quit [(Quit: WeeChat 1.6)]
<nanobapt>
LnL: is there an other way to replace sha256 from teamviewer package ?
<gchristensen>
ohh so that is a thunk
<nanobapt>
ie simple hack ?
xadi1 has quit [(Ping timeout: 255 seconds)]
<srhb>
nanobapt: Aside from specifying it as an argument to fetchurl?
<LnL>
nanobapt: you can callPackage your own file and fix it there
<nanobapt>
LnL: and how would you do that ?
<LnL>
gchristensen: yes if it only gets evaluated once
<nanobapt>
srhb: yes cause it is not working :/
<LnL>
gchristensen: or called, if you think of it as a function
<srhb>
nanobapt: The paste you gave me didn't contain the sha hash at least.
<gchristensen>
LnL: gosh, now the module system and options vs. config makes sense to me
<nanobapt>
srhb: yeah I know
<nanobapt>
srhb: you mean I shoul override it ?
<ixxie>
srhb I guess I mean explicit in terms of what happens under the hood, computationally speaking
<nanobapt>
the same way ?
<srhb>
nanobapt: The sha hash? Yeah.
<LnL>
gchristensen: this is why I think it's beautiful, so simple yet so powerful
<srhb>
ixxie: I don't think recursion really exists on that level anyway. :)
<nanobapt>
to obtain hash : nix-hash ?
<srhb>
nanobapt: I usually just use the hash from the error message.
<gchristensen>
LnL: `simple` :D `trivial :D
<srhb>
nanobapt: Otherwise nix-prefix-url should work I guess
<srhb>
Er, nix-prefetch-url
<nanobapt>
srhb: have you got an example from overiding a hash ?
<ixxie>
srhb: what I should have said is that its confusing because the *iteration* is implicit when the *recursion* is explicit
<srhb>
nanobapt: it's just the sha256 attribute that you give to fetchurl
<srhb>
ixxie: This I agree with. :-)
abbradar has joined #nixos
<ixxie>
srhb: thanks for the correction ^^
<nanobapt>
srhb: ok
Chobbes has joined #nixos
uralbash has quit [(Quit: Leaving.)]
kuznero has joined #nixos
pstn_ has joined #nixos
<kuznero>
Hi All!
<kuznero>
Can anybody help with pgadmin package? I have it installed on my NixOS machine, but have no idea how to start the application itself... Starting `pdadmin` from terminal does not work...
<abbradar>
kuznero: pgagmin3 maybe?
<abbradar>
pgadmin3*
<pstn_>
abbradar: Didn't work :-D
<kuznero>
yes
<kuznero>
abbradar: yes, it is pgadmin3
<abbradar>
pstn_: D: initrd's logs might be helpful... if you can extract them
<abbradar>
kuznero: good
<pstn_>
abbradar: Yeah, booting into the rescue system right now.
<nanobapt>
is there a way to remove the hash ?
<ixxie>
LnL where is the letrec introduced?
<nanobapt>
there it's always changing due to the fact that it is always changing name
xadi has joined #nixos
<kuznero>
abbradar: can you tell what can go wrong? Or maybe there is just a weird way to start the app?
<gchristensen>
kuznero: what exactly is the problem you're experiencing?
<abbradar>
pstn_: possible points of failure: NIC kernel drivers, invalid network configuration in the command line (IP, mask etc)
<pstn_>
abbradar: It's the disks.
<nanobapt>
nix-prefetch url is always changing the hash result .......
<abbradar>
nanobapt: seems like your upstream does shady things
Itkovian has quit [(Quit: Textual IRC Client signing off)]
<kuznero>
gchristensen: problem is simply I don't know how to start the app
<gchristensen>
nanobapt: is the resulting file you download, is it _actually_ a hash?
<gchristensen>
kuznero: what app? pgadmin?
<abbradar>
kuznero: eh, I meant "pgadmin3" should be the right executable name
<abbradar>
(sorry for confusion)
<nanobapt>
gchristensen: no it's a deb package
<gchristensen>
nanobapt: sorry, is it _actually_ a zip or whatever?
<kuznero>
yes! abbradar: thanks!!!
<gchristensen>
have you checked it with `file` to see that it is actually a deb / zip / and not just an error page?
<abbradar>
deb packages _usually_ are stable... run `curl` on this URL, I'd say
<nanobapt>
gchristensen: oh ! it's a html page
<abbradar>
kuznero: no problem ^_^
<nanobapt>
ok got it !
<abbradar>
pstn_: by "disks" you mean...? (initrd shouldn't need disk drivers to start SSH)
mkoenig has quit [(Ping timeout: 248 seconds)]
Itkovian has joined #nixos
mkoenig has joined #nixos
<pstn_>
abbradar: Ah, right. It must be the name change of the network device then...
sdothum has quit [(Quit: ZNC - 1.6.0 - http://znc.in)]
<abbradar>
(if you have more than one NIC... I'd try cycling eth{0..N} :D
cpennington has joined #nixos
Shou has joined #nixos
sdothum has joined #nixos
sdothum has quit [(Remote host closed the connection)]
<LnL>
ixxie: letrec == let in nix, I was just talking about the conceptual difference to understand where the recursion comes from
mizu_no_oto has joined #nixos
<gchristensen>
LnL: oh I see where you were going with that... sorry, I disregarded it before
<peti>
pierron: I thought about your idea. In my mind, the gist of it is that it changes the meaning of "callPackage" so that it no longer returns a derivation, but rather returns all the information one needs to create the derivation in a format that's open for inspection and modification within Nix (i.e. an attribute set). This improves over the current approach because we no longer need introspection and other
<peti>
advanced features just to replace a dependency, etc. IMHO, this makes perfect sense. Now, the only problem is how to migrate to such a scheme? This change would require backwards-incompatible changes in Nix, no?
mudri` has joined #nixos
sdothum has joined #nixos
sdothum has quit [(Remote host closed the connection)]
<pierron>
peti: yes, This is a thing that I want to do in Nixpkgs as well. The idea I had for the migration was to make a mkDerivation function which only adds a derivationFun attribute. and add the view-scheme at the same time.
<pierron>
peti: this way we could start the migration process to the new scheme by getting rid of useless mkDerivation calls.
<pierron>
peti: this would not be backward incompatible with Nix, as the view functions, which traverse packages that we want to install will basically call the derivation function recursively on the final version.
<LnL>
gchristensen: was just trying to explain it, but if you don't know a language that has both it probably doesn't really help
sdothum has joined #nixos
sdothum has quit [(Client Quit)]
sdothum has joined #nixos
<Profpatsch>
peti: pierron How do you plan on working with the strictness problem of nixpkgs?
<Profpatsch>
That is that hydra and nix-env use it to short-circuit?
leothrix has quit [(Ping timeout: 256 seconds)]
<Profpatsch>
Or will that not be a problem?
<gchristensen>
shots fired by Hochleitner on the mailing list :o
<Profpatsch>
I’d be so happy if that problem finally evaporates all by itself (or if somebody else fixes it ;)).
<Profpatsch>
gchristensen: heh
<nanobapt>
is it possible to change fetchurl by a local file ?
leothrix has joined #nixos
<Profpatsch>
nanobapt: Just use src = ./my/local/file
<nanobapt>
Profpatsch: THX !
<pierron>
Profpatsch: I haven't dig much into that, I want to finish the security-updates branch first.
<gchristensen>
Profpatsch: I said, out loud "WOW!" when I read that reply
<Profpatsch>
nanobapt: Be aware that that copies the whole directory tree recursively into your nix-store.
<pierron>
Profpatsch: anyhow, this would be a mandatorry thing, to shave some memory of Nixpkgs evaluation.
<Profpatsch>
nanobapt: And if any file in that tree changes the whole thing will have to be rebuilt.
michas has quit [(Ping timeout: 240 seconds)]
<Profpatsch>
nanobapt: If that happens you can use the filterSources buitin.
<Profpatsch>
pierron: By “that” you mean abstracting mkDerivation?
<Profpatsch>
Or patching hydra and nix-env?
michas has joined #nixos
sellout- has quit [(Quit: Leaving.)]
aminechikhaoui has quit [(Ping timeout: 245 seconds)]
<pierron>
Profpatsch: this is not abstracting, this is moving the mkDerivation as a view, instead of being a mandatorry step of the evaluation that we have to unwind.
<Profpatsch>
pierron: From what I understood instead of returning a derivation from mkDerivation you want to return a data structure that can afterwards be converted to a derivation?
aminechikhaoui has joined #nixos
<pierron>
Profpatsch: yes, the afterward, is what will do it, which is a traversal of the declarative-pkgs, which are converted into derivation by calling mkDerivation on the package that you want to install.
<pierron>
Profpatsch: as this function would not be evaluated until you resquest one package installation.
ryanartecona has joined #nixos
<Profpatsch>
Or, if you move it you have to be aware that nix-env uses that to list all non-broken packages.
<Profpatsch>
“nonvalid“
<Profpatsch>
Including unfree licenses.
<Profpatsch>
There is a C++ escape hatch that nix-env and hydra uses to catch nixpkgs `throw` and skip that package (and thereby all reverse deps as well).
<Profpatsch>
It feels like I stumble on that in everything I do.
<pierron>
Let's see when we are there, currently we should finish the security-updates branch.
<Profpatsch>
+1
<Profpatsch>
you have time to work on that again?
<pierron>
not really.
<Profpatsch>
oh :(
<Profpatsch>
But I’m afraid you’re the only one with the knowledge to do it.
<Profpatsch>
Or I’d have to watch your talk again, maybe I have learned enough in the meantime to understand what you are doing. :P
<ixxie>
I see LnL
<NixOS_GitHub>
[nixpkgs] volth opened pull request #21835: miredo: do not run miredo-checkconf (master...miredo-no-checkconf) https://git.io/vMz0U
jgertm has joined #nixos
sellout- has joined #nixos
* Rotaerk
runs miredo-checkconf and feels like a rebel.
<Profpatsch>
Ugh, ~1000 commits until 100k
<Profpatsch>
fpletz: Let’s to a 100k party. :D
<Profpatsch>
s/to/do/
<gchristensen>
I feel there are many much harder things to improve before the the quick-fix security tooling makes a big improvement. it takes less than 24 hours to rebuild the release-16.09 channel (not the -small channel, which only takes only about 1 hour)
Rotaerk has quit [(Quit: Leaving)]
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<gchristensen>
hrm... maybe I'm not quite right on that, but we should get more recent numbers. a change which triggers many thousands of packages has almost completed in the full channel in just 12 hours, and on the small channel completed within 1 hour.
<gchristensen>
additionally, we can improve this is dire situations by increasing compute capacity, which hydra already has capabilities of doing (by default, the scaling is a function of the number of jobs to build, but this can easily be overridden)
<Profpatsch>
gchristensen: That’s the google fallacy.
<Profpatsch>
aka chromium fallacy.
<Profpatsch>
Of course chromium build times don’t matter when you are a google employee.
<Profpatsch>
Because there’s millions worth of hardware chugging away on it.
<gchristensen>
I feel the bottleneck to shipping security updates is not hydra and build time, but actually submitting the patches and backporting them to stable in a timely fashion. one of the things I watch for is how many of the things in the weekly roundups are already patched before I get to them that week, and there are usually a few, but in terms of recent bug reports almost all of them are unpatched by the time the
<gchristensen>
report is generated
<Profpatsch>
But if you are running your own internal hydra (which many people now do), it becomes a big problem.
<LnL>
gchristensen: backporting stuff is hard sometimes and takes time
<gchristensen>
it is hard
<gchristensen>
maintaining separate branches is hard, coordinating even the staging branch is hard
<LnL>
ideally each maintainer would help with the packages they know
altphi has joined #nixos
<gchristensen>
the quick-fix code depends on a separate security branch for unstable and a separate security branch for stable
<gchristensen>
but still the point I'm trying to make is the hard part I think isn't build times but people time
<gchristensen>
and for people running their own hydra, I dunno, that is fine, I think it is a bit of a silly thing to do since we have a big dynamic scaling cluster of machines capable of building hard stuff, and it wouldn't hurt you to take advantage of the stuff upstream builds
<LnL>
I agree, the only issue I have with build times sometimes is getting stuff done on master after the roundup
<gchristensen>
and the code optimization makes sense to me if that we're actually patching issues super promptly and the only thing keeping us back is hydra's build time
<gchristensen>
yeah but they have to be done anyway, those rebuilds _will_ happen
<LnL>
but that's because the release branch gets priority for build (obviously) and by that point all the security issues are resolved if you look at nixpkgs
<NixOS_GitHub>
[nixpkgs] kierdavis opened pull request #21836: ckb: init at 0.2.6 (master...ckb) https://git.io/vMzzq
kyod has joined #nixos
kuznero has quit [(Quit: Page closed)]
Geraldus has joined #nixos
<gchristensen>
anyway, that's just my $0.02 on it, and I don't think having a "security team" gives my opinion any more or less "authority"
<kyod>
Hi there. I'm new to NixOs and trying to get a feeling of how stuff are supposed to work for development
<kyod>
In particular I don't find much documentation about how to setup a development environment on a git repo where I want to locally patch the shebangs
<LnL>
gchristensen: maintainers of packages should be more involved in the roundup, like the go patch you pinged me about
<kyod>
anyone knowing the nixOS way to do that ?
<fpletz>
Profpatsch: one shot for every commit until we reach 100k? :P
<gchristensen>
fpletz: one shot each? :o I can see the headlines now: "NixOS dead in the water after international alcohol poisoning event"
<LnL>
gchristensen: perhaps you should ping all the maintainers of the affected packages, the attribute names of the maintainers set *should* be their github handle
jmiven has quit [(Quit: co'o)]
zraexy has joined #nixos
jmiven has joined #nixos
ntc has quit [(Ping timeout: 246 seconds)]
zraexy has quit [(Client Quit)]
<srhb>
kyod: Usually you'd do something with nix-shell, but how to do it depends on the project type exactly.
<srhb>
kyod: (ie. a Haskell project is different from a Python project)
MercurialAlchemi has quit [(Remote host closed the connection)]
justbeingglad has joined #nixos
justbeingglad has left #nixos []
lsix has joined #nixos
johann__ has quit [(Quit: Leaving.)]
siarheit_ has quit [(Ping timeout: 240 seconds)]
p0le has joined #nixos
<pstn_>
I need to chroot into a nixos install from a running debian. How should I best do that //cc abbradar
<abbradar>
pstn_: I did very dirty tricks with nixos-install (It can also act as chroot, but you need to run it first somehow -- on a Debian). I think I ran `find /mnt/nix/store -name nixos-install` and then bashed it until it worked.
georges-duperon has joined #nixos
<abbradar>
The problem with regular chroot is, as you may have noticed already, various env vars
eacameron has quit [(Remote host closed the connection)]
<abbradar>
Oh! I remember one piece now: `mount --bind /mnt/nix /nix` helps greatly
eacameron has joined #nixos
<pstn_>
abbradar: Ewww. Genius. But ewww :-D
<abbradar>
:D
glines has joined #nixos
<pstn_>
I'm in.
<abbradar>
no idea what could you actually try inside. maybe change network interface in cmdline...
greymalkin has quit [(Ping timeout: 272 seconds)]
erasmas has joined #nixos
<pstn_>
abbradar: Oh, I can't run nix-build. That's bad.
<abbradar>
pstn_: what does it say?
<pstn_>
abbradar: error: the group ‘nixbld’ specified in ‘build-users-group’ does not exist
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to master: https://git.io/vMzor
<NixOS_GitHub>
nixpkgs/master 45a677b Domen Kožar: haskell.packages.ghc802: dontCheck vector-algorithms
<abbradar>
hm, I thought chroot also allows one to use slave's users/groups...
wwkeyboard has left #nixos []
<kyod>
srhb: well it's a mixed f#/ocaml project, but isn't there some generic way to say 'execute these commands in a development environment after patching these shell scripts' ?
seanz has joined #nixos
Shou has quit [(Ping timeout: 260 seconds)]
<pstn_>
abbradar: Right, works now. Have to remember to change it back.
<abbradar>
pstn_: wait, you needed to change host's (Debian) /etc/group?
siarheit_ has joined #nixos
<pstn_>
abbradar: I could the nix.conf file to an existing group.
<abbradar>
Oh, that was my second idea :D hacky but good it worked
<pstn_>
I expect that shark attack any minute now :-D
<musicmatze>
is cache.nixos.org down?
<musicmatze>
I cannot update due to "curl: (6) Couldn't resolve host 'cache.nixos.org'"
<gchristensen>
WFM musicmatze
Mic92 has joined #nixos
<musicmatze>
wfm?
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to master: https://git.io/vMzKh
<NixOS_GitHub>
nixpkgs/master e5dcce8 Domen Kožar: nixos: fix terminal-server, fixes #21834
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to release-16.09: https://git.io/vMz6J
<NixOS_GitHub>
nixpkgs/release-16.09 67b2c94 Domen Kožar: nixos: fix terminal-server, fixes #21834...
<gchristensen>
domenkozar: I'm impressed and pleased that you're continuing to sign commmits :]
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to release-16.03: https://git.io/vMz6Z
<NixOS_GitHub>
nixpkgs/release-16.03 5f94adc Domen Kožar: nixos: fix terminal-server, fixes #21834...
<gchristensen>
whoa all the way back to 16.03
<the-kenny>
musicmatze: works for him
<musicmatze>
ah... oka
<musicmatze>
okay*
<globin>
gchristensen: have that in my git config and don't even think about it :>
<gchristensen>
globin: me too, but domenkozar didn't sign anything until very recently :)
<LnL>
I have not enabled mine by default because I don't want to sign WIP stuff
<musicmatze>
gchristensen: okay, restarted nscd and it works now
<gchristensen>
ah, great musicmatze
jensens has quit [(Ping timeout: 258 seconds)]
<globin>
ah %)
<LnL>
but perhaps I should
thc202 has quit [(Ping timeout: 245 seconds)]
bennofs1 has joined #nixos
johann__ has joined #nixos
johann__ has quit [(Read error: No route to host)]
mkoenig has quit [(Read error: Connection reset by peer)]
johann__ has joined #nixos
eacamero_ has joined #nixos
<Profpatsch>
musicmatze: ohai
abbradar has quit [(Remote host closed the connection)]
<musicmatze>
Profpatsch: joi!
mkoenig has joined #nixos
<NixOS_GitHub>
[nixpkgs] Azulinho opened pull request #21837: python docs: add an example for a virtualenv and pip through nix-shell (master...python-docs_add_virtualenv_and_nixshell_example) https://git.io/vMzXL
eacameron has quit [(Ping timeout: 252 seconds)]
johann__ has quit [(Quit: Leaving.)]
tvon has joined #nixos
<pierron>
gchristensen: the security-updates branch is not only about round-trip of compilation, this is also about download size, and some infra for people who are pinning specific versions of Nixpkgs who want to maintain security updates them-self.
<gchristensen>
I'm not sure I understand the pinning story, when the unstable-security branch follows the channel, how does pinning work in that case?
alx741 has joined #nixos
thc202 has joined #nixos
<gchristensen>
they can't just keep a pinned nixpkgs version and then only get security updates if the unstable-security branch is being advanced with the channel
<pierron>
gchristensen: Yes, the Nixpkgs default would be to follow the last stable.
<pierron>
gchristensen: but nothing forces people to do that, and many companies are pinning a specific version of Nixpkgs.
<gchristensen>
(we can substitute "stable" in for "unstable" in everything I've said)
<gchristensen>
so if they pin a version of nixpkgs, are they going to be getting security updates anyway? I'm not sure people/companies want that. but again: how would the updates be applied to a pinned version of nixpkgs when the security branch is advancing?
<pierron>
gchristensen: basically the security-updates branch provide "minimal" rebuild infrastructure, whatever you want to do with it.
eacamero_ has quit [(Remote host closed the connection)]
<gchristensen>
I guess it comes back to I need to try it out first hand to really "get it"
eacameron has joined #nixos
Itkovian has quit [(Ping timeout: 256 seconds)]
<pierron>
gchristensen: I am sure they want that, because they are already doing it today, but they would still have efforts to do, not just taking the security branch, as they are hypothesis about binary compatibilities.
<gchristensen>
but, finally, hydra won't be building the security updates? users would build them locally?
<pierron>
gchristensen: hydra would build the packages which have to be rebuilt, only. Users will do the patching locally.
<gchristensen>
this would then not allow hydra to catch security updates which cause, say, critical tests to fail
<pierron>
gchristensen: if you maintain you own branch of security-updates, you will rebuild the few patches which are linked statically, and patch the rest, no full rebuild.
<pierron>
gchristensen: yes.
<pierron>
gchristensen: but this is why we trust people who are making security updates, to ensure that the changes they are pushing are not violating the APIs.
<gchristensen>
I don't feel good about this solution :/
<pierron>
gchristensen: are you going to the FOSDEM?
deepfire has quit [(Ping timeout: 256 seconds)]
<gchristensen>
no :( I wish, too expensive to get there
<LnL>
I don't understand what you guys are talking about, what's the difference between release-* and security-updates?
<LnL>
pierron: I will be there :)
ryanartecona has quit [(Quit: ryanartecona)]
<gchristensen>
LnL: if I understand correctly: a patch applied to `graphviz` in release-16.09-security would be applied not by rebuilding things that depend on graphviz, but by rebuilding graphviz and using `sed` to patch references to the old one to the new one
<pierron>
LnL: security-updates is a prototype that I am making which aims at reducing the amount of work needed by hydra to provide a security fix, on top of the latest working channel.
<LnL>
oh, so like the graft stuff of guix?
<pierron>
yes
<pierron>
LnL: without any special argument, as guix.
<pierron>
s/argument/attribute/
<LnL>
allright, that explains my confusion
<pierron>
LnL: in the example given by gchristensen, hydra would only rebuild graphviz, and everybody would patch their packages locally. Thus, reducing the round-trip between the security update, and when it got shipped to the users.
<pierron>
LnL: This way, even if the latest master (or whatever branch) does not compile, the security updates would always work on top of the latest working channel.
<pierron>
So if for whatever reason the package you are using failed to be updated on Nixpkgs, it would still receive security updates from its dependencies.
<gchristensen>
hmmm not as bad as I expected for the ticket, $1,200 USD to get to fosdem
<Baughn>
...am I going mad?
<LnL>
I hope not :)
<Baughn>
For some reason, when I redirect stdin in a nix-shell-wrapped python script, bash attempts to interpret the input file and python isn't called.
<pierron>
gchristensen: are you on the other side of the atlantic?
<Baughn>
If I leave it reading from terminal, it works normally.
<Baughn>
I don't even use bash!
<gchristensen>
pierron: yeah, western Massachusetts, USA
<pierron>
gchristensen: ok, I don't have much opportunities to get there :/
<gchristensen>
I'm hoping to come to the next nixcon whenever that is :)
<pierron>
gchristensen: soon apparently.
* gchristensen
pokes whoever organizes that to make an announcement so long-away people can make plans
<fpletz>
ixxie: LnL: yeah, might be in munich this summer, please stay tuned until we have worked out all the pre-preparation (final date and location) :)
<pierron>
ixxie: no, not from me at least.
<gchristensen>
fpletz: no longer spring?
greymalkin has joined #nixos
<pierron>
ixxie: but I am sure fpletz would leak us tons of info.
<fpletz>
gchristensen: spring/summer, may/june
<gchristensen>
fpletz: ok, better than april :)a
* pierron
hopes this would not be at the same time as the Mozilla event in june/july
katyucha has quit [(Quit: leaving)]
<gchristensen>
this is why you don't leak stuff, fpletz, everyone tells you when they can't make it ;)
<fpletz>
gchristensen: we will have a handful of dates and a doodle like the last time
<gchristensen>
cool
<gchristensen>
I'd better go find my passport / renew it before too long
danharaj has quit [(Quit: Leaving.)]
<gchristensen>
a thing I think would be nice to have in nix before the 17.03 release: a tool to report system details for bug reports that comes installed by default on nix
athan has quit [(Ping timeout: 240 seconds)]
<ixxie>
gchristensen: could such a thing also be used to submit the log of a failed build?
<gchristensen>
that may be useful too
<clever>
and some nix.conf options would of of use, ive had the sandbox break small features of a project, without the entire build failing
aminechikhaoui has quit [(Quit: leaving)]
<clever>
it was a nightmare to git bisect, because everything i was building localy had no sandbox and worked
<clever>
but everything from cache.nixos.org was broken
Itkovian has quit [(Read error: Connection reset by peer)]
<clever>
and bisect doesnt find that kind of thing
aminechikhaoui has joined #nixos
jensens has joined #nixos
<gchristensen>
yeah
<gchristensen>
so, this is really good stuff, and having a tool build out a report would be super nice
derjohn_mob has quit [(Ping timeout: 240 seconds)]
tvon_ has joined #nixos
Geraldus has quit [(Quit: Be back later ...)]
civodul has quit [(Quit: ERC (IRC client for Emacs 25.1.1))]
dram_phone has quit [(Read error: Connection reset by peer)]
jensens has quit [(Remote host closed the connection)]
tvon has quit [(Ping timeout: 240 seconds)]
jensens has joined #nixos
dram_phone has joined #nixos
<pi3r>
I have a tiny question. I am currently activating nix in single user mode with`source ~/.nix-profile/etc/profile.d/nix.sh`
derjohn_mob has joined #nixos
<pi3r>
This required all scripts in jenkins to be login script. Is there a way to avoid that ?
jgertm has quit [(Ping timeout: 260 seconds)]
<pi3r>
I mean it is possible to have a sort of permanent activation ? Something that would avoid me to append all scripts with "/usr/bin/env bash -l"
systemfault has joined #nixos
<pi3r>
(the source line is in my .bashrc)
<pi3r>
or bash_profile I don't remember ...
aminechikhaoui has quit [(Quit: leaving)]
cpennington has quit [(Ping timeout: 245 seconds)]
CodingWithClass_ has quit [(Ping timeout: 258 seconds)]
<clever>
pi3r: try copying it to the other one, ive had similar problems
taktoa has quit [(Ping timeout: 258 seconds)]
<pi3r>
clever: it is actually .bash_profile you mean copy the source line in .bashrc ?
CodingWithClass has joined #nixos
relrod has quit [(Ping timeout: 258 seconds)]
abrar has quit [(Ping timeout: 258 seconds)]
taktoa has joined #nixos
<clever>
pi3r: yeah
nanobapt has quit [(Ping timeout: 260 seconds)]
abrar has joined #nixos
relrod_ has joined #nixos
relrod_ has quit [(Changing host)]
relrod_ has joined #nixos
mrkgnao has quit [(Ping timeout: 240 seconds)]
Itkovian has joined #nixos
nschoe has quit [(Quit: Program. Terminated.)]
<dram_phone>
Question: Does anyone here use NixOS daily? (I mean on personal computers not deployed servers)
jensens has quit [(Ping timeout: 240 seconds)]
<dram_phone>
Would you recommend doing so?
<gchristensen>
yeah
<gchristensen>
to both
<dram_phone>
You sound confident ;)
<goibhniu>
dram_phone: most definitely
<ixxie>
dram_phone: I am using it daily and my previous distro was ubuntu (only been a linux user for a few years) and I heartily recommend it
* goibhniu
<3 system rollbacks and declarative config
<ixxie>
indeed!
<clever>
i currently have nixos on my laptop, router, nas, and desktop
Itkovian has quit [(Read error: Connection reset by peer)]
yorick_ has joined #nixos
<ixxie>
oooh clever I have been meaning to ask you about installing it on a Raspberry Pi 3 ^^
eacameron has quit [(Remote host closed the connection)]
<dram_phone>
That escalated quickly
<clever>
heh
<gchristensen>
dram_phone: what did?
eacameron has joined #nixos
yorick has quit [(Ping timeout: 240 seconds)]
<ixxie>
our NixOS evangelism
<clever>
ixxie: i still have the root-disk for a pair of armv6 pi's, but i havent gotten around to finishing a v7 build of nixos, closest i have right now is a not-os build that includes nix-daemon support
<dram_phone>
You literally use nixos everywhere, don't you
Jackneilll has joined #nixos
<clever>
yes
<goibhniu>
dram_phone: you can check if all the programs you care about are already packaged ... just in case there's something you require which isn't packaged yet
mudri`` has quit [(Ping timeout: 256 seconds)]
<ixxie>
clever: I recalled you talking about that not-os
cpennington has joined #nixos
<simpson>
dram_phone: Well, what other distro would we use? Nix is just too good as a package manager.
<gchristensen>
simpson is right
<dram_phone>
This gets a bit weird, tbh
<gchristensen>
how do you mean?
<ixxie>
clever: I cannot seem to find any info on that though
<clever>
ixxie: i used the module framework in nixos, and a small number of its modules, to create a new distro that removes a lot of the un-nessesary things
<clever>
ixxie: for example, nano is pre-installed in nixos and cant be removed easily
<simendsjo>
Does the dotnet CLI tools exist on nixos?
Jackneill has quit [(Ping timeout: 248 seconds)]
<gchristensen>
dram_phone: we like the Nix package manager a whole lot, and think it solves problems in ways almost no other package manager has attempted. it makes things that are dangerous on other distributions extremely safe.
<simpson>
clever: You've gotta have *some* sort of text editor. Do you just ship a fully-loaded busybox?
akiselev has joined #nixos
akiselev has quit [(Remote host closed the connection)]
<simpson>
dram_phone: Could you explain what you find weird? Normally newcomers to Nix have some impedance mismatch.
<dram_phone>
Yeah I can totally understand
<gchristensen>
dram_phone: I would encourage you to give it a try, if not via installing it directly, try it in a VM
<clever>
simpson: my thought, is that after a user switches to a better editor, why do they still need nano?
<gchristensen>
simpson: I think maybe they're not used to people being so excited about a package manager?
<clever>
simpson: and in an embeded situation, you dont need any editor
<simpson>
clever: Before they switch to a better editor, how do they edit configuration.nix?
<simpson>
clever: I aggressively disagree, but I also don't run not-os so I have no stake in the game.
<clever>
simpson: yeah, nano as a default is a good idea, but there is no way to turn that off right now
danielrf has joined #nixos
<simpson>
gchristensen: I dunno if "excited" is the right word. Nix is a mediocre language with poor builtins, middling libraries with terrible names, semicolons everywhere, and wacky builtin types.
<clever>
simpson: another thing that makes not-os special, it can lack all nix tools at runtime, so nixos-rebuild isnt a thing
<gchristensen>
simpson: and yet?
<clever>
simpson: you have to edit the config and build it from another box
<simpson>
It's just that I've also written Debian and RPM packages.
mudri`` has joined #nixos
<clever>
simpson: so it doesnt need the ability to edit its own config
<simpson>
clever: Aha.
__Sander__ has quit [(Quit: Konversation terminated!)]
<simpson>
gchristensen: And yet Nix is the best package manager I've ever worked with.
<gchristensen>
:D
<simpson>
As a friend would say, "Nix sucks, use Nix."
<gchristensen>
emacs' sales pitch: "We aren't gonna lie. Emacs sucks. Some of us tolerate it, but we can't tell you if YOU'LL be able to. Try it and make up your own mind.""
aminechikhaoui has joined #nixos
* dram_phone
is convinced
<dram_phone>
Can't hurt in a virtual machine, and I now believe it's going to worth the time.
oleks has joined #nixos
<ixxie>
hmmm clever that is a bit too light for stuff I have in mind xD
<dram_phone>
*to be
eacameron has quit [(Remote host closed the connection)]
<clever>
ixxie: yeah, i also planned to use not-os as a build slave on my rpi3, to build full nixos
eacameron has joined #nixos
<simpson>
clever: Out of curiosity, have you ever run into situations where an expression evaluates fine locally, but a Hydra evaluation says "stack overflow"?
<clever>
simpson: nope, but i have messed with running the hydra-evaluator outside of hydra
<gchristensen>
dram_phone: a year ago next week on Thursday I installed nixos in a vm, really tried it out on the next day Friday, and then the next day Saturday I erased OSX to replace it with nixos
<clever>
and with 2 pi's in the cluster, it can build twice as fast
<gchristensen>
dram_phone: what is subjective?
ambro718 has joined #nixos
<clever>
simpson: nothing stands out, it should just work
<clever>
simpson: and the nix language has proper support to detect infinite recursion
<dram_phone>
The fact that you tried this for only 2 days before going into it
<gchristensen>
that isn't subjective, that was factually my experience. I'm not saying that is what you'll do
<dram_phone>
It is the fact that quite a few here use it daily that really assured me
<schoppenhauer>
hi. is anyone using gajim with omemo-support? it requires python-axolotl, I am not sure how to install this properly, just doing nix-env --install does not suffice
<dram_phone>
I think there's a good chance I'll *actually* do that :)
<simpson>
clever: Well, to detect a subset of cases, sure. Anyway, I'm not really sure why Hydra behaves differently here. I'm doing more or less the same thing as all of the other language package sets.
<schoppenhauer>
I am using stable
<gchristensen>
cool :)
<dram_phone>
Thanks to the entire channel for your information
<gchristensen>
dram_phone: also
<dram_phone>
also?
<clever>
simpson: my only thought is to try using packageOverride instead
<gchristensen>
dram_phone: I came to nixos from the perspective that the only way to apply changes to a server's configuration is to make a brand new server and replace the old one
<pie_>
from what i can see nixpkgs doesnt have gscan2pdf?
<ixxie>
clever: it would really take that long to build NixOS for rpi3?
<clever>
simpson: you can just pass a custom config attrset via import <nixpkgs> { config = { packageOverrides = ... ; }; }
goibhniu has quit [(Ping timeout: 256 seconds)]
<clever>
ixxie: yeah, about 1 or 2 weeks i think
<gchristensen>
dram_phone: I manage(d) several hundred servers using that process -- replacing servers every time a config change went out, or a package needed to be upgraded. I no longer have that belief as long as nixos is behind it, but still maintain that belief when using debian / redhat
<gchristensen>
I meant to say "the only *safe* way to apply"...
<simpson>
clever: I don't think that that's the full picture; I'm trying to build Monte packages here which depend on other Monte packages. None of this is already in nixpkgs; I'm just trying to reuse nixpkgs machinery.
<dram_phone>
'No devs in prod' on steroids?
<gchristensen>
no, devs could be in prod, that is fine, but after you log in the machine is shut down and replaced within 24 hours
<gchristensen>
same rule as if an admin logged in to prod
<ixxie>
clever: daaaamn..... somewhat related: I was trying to build a NixOS vm today to make a minimal reproduction of a bug I found and after 20m I stopped it; I wonder if I did something wrong there.
<dram_phone>
all changes checked in. code == entire server
<dram_phone>
like that?
<gchristensen>
yeah
<gchristensen>
and the server should be able to be provisioned from scratch every time, and the only way to guarantee that is to practice it every time
jensens has joined #nixos
<dram_phone>
Thanks for more success stories :)
<gchristensen>
:)
<dram_phone>
It's late at night here, and I need more sleep and you can keep all your stories to more newcomers
<dram_phone>
Thanks again :) Wish you a good day (or whatever)
dram_phone has quit [(Quit: Yaaic - Yet another Android IRC client - http://www.yaaic.org)]
<clever>
gchristensen: what about a read-only account that can watch things without the server commiting suicide? lol
<gchristensen>
an eye-opening thing for me was comparing debian's testing to see if a new release works, vs. nixos's tests to see if a release is okay
<gchristensen>
no need, clever, the shut-down and replacement of a node was automated and safe
<gchristensen>
and we replaced nodes every 90 days anyway
<clever>
ah
<cransom>
I've had lots of experience with opposite case. the administrative overhead increases each time you introduce to a change to a redhat/ubuntu machine and aside from perhaps disk cleanup, it doesn't exist in nixos.
Shou has quit [(Ping timeout: 256 seconds)]
<gchristensen>
cransom: yeah, that is part of why we had this elaborate system of shutting down and replacing nodes all the time
<gchristensen>
and nix solved the underlying problems sufficiently well I don't need to do that
<cransom>
indeed.
kampfschlaefer has joined #nixos
danharaj has joined #nixos
Lowl3v3l has joined #nixos
yorick__ has joined #nixos
alx741 has quit [(Quit: alx741)]
yorick_ has quit [(Ping timeout: 240 seconds)]
<zimbatm[m]>
gchristensen: what kind of website idea do you need? :p
<gchristensen>
I
<gchristensen>
was providing you with website improvement ideas for nixos.org :)
ambro718 has quit [(Ping timeout: 252 seconds)]
<zimbatm[m]>
oh no i missed them
<zimbatm[m]>
i need a better bouncer
pi3r has quit [(Ping timeout: 245 seconds)]
<gchristensen>
zimbatm[m]: personal experiences
<gchristensen>
like "a year ago next week on Thursday I installed nixos in a vm, really tried it out on the next day Friday, and then the next day Saturday I erased OSX to replace it with nixos"
Geraldus has joined #nixos
<zimbatm[m]>
ah yes, testimonies would be nice
<ixxie>
"Before NixOS I was miserable, alone, and sad; now I have all the love in the world!"
<gchristensen>
"NixOS cured my debilitating gout!"
<ixxie>
were gonna save so many souls!
<mguentner>
"Before NixOS I actually developed applications - now I spend my time contributing to NixOS/nixpkgs"
<gchristensen>
!m mguentner
<[0__0]>
You're doing good work, mguentner!
aminechikhaoui has quit [(Ping timeout: 245 seconds)]
<NixOS_GitHub>
[nixpkgs] volth opened pull request #21838: scala: fix versions and $PATH (master...scala-fix-version) https://git.io/vMzpA
<ixxie>
how does one use that notification bot on github?
<gchristensen>
ixxie: it just happens
<ixxie>
I guess it just didn't happen for me xD
<gchristensen>
it should have
<ixxie>
know anybody who maintains the Chromium package?
<gchristensen>
aszlig is part of it
<ixxie>
cheers gchristensen; it's not so much the inability to build the widevine plugin which gets to me, but the mystery of why there is a missing *chrome* dependency on a *chromium* plugin that gets to me xD
cpennington has quit [(Ping timeout: 240 seconds)]
<gchristensen>
weird
ryanartecona has quit [(Quit: ryanartecona)]
rmrfroot` has joined #nixos
t7 has joined #nixos
Lowl3v3l has quit [(Remote host closed the connection)]
alx741 has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vMgeP
<NixOS_GitHub>
nixpkgs/master cb6f49a Vladimír Čunát: man-pages: 4.08 -> 4.09...
<LnL>
ixxie: it mentions people that modified the files that are update
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to release-16.09: https://git.io/vMgeH
<NixOS_GitHub>
nixpkgs/release-16.09 d05b502 Vladimír Čunát: man-pages: 4.08 -> 4.09...
<LnL>
d
cpennington has joined #nixos
sdothum has quit [(Read error: Connection reset by peer)]
mudri`` has quit [(Ping timeout: 248 seconds)]
sdothum has joined #nixos
<LnL>
domenkozar: I think there are a bunch of trunk builds in the queue that are stale
<LnL>
I was wondering why the queue was still so big
bennofs1 has quit [(Ping timeout: 258 seconds)]
Shou has joined #nixos
bennofs1 has joined #nixos
proteusguy has joined #nixos
sellout- has quit [(Ping timeout: 252 seconds)]
eacamero_ has joined #nixos
eacameron has quit [(Read error: Connection reset by peer)]
<pierron>
domenkozar: you mean 283.15 K?
<sphalerite>
How do I make the grub module use a patched version of grub? I'm trying nixpkgs.config.packageOverrides = pkgs: {grub2 = pkgs.lib.overrideDerivation pkgs.grub2 (attrs: {patches = attrs.patches ++ [my-patch-here]})) but it complains about grub2 not having the override attribute in the module that sets it up.
mudri`` has joined #nixos
<LnL>
lib.makeOverridable might help
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 2 new commits to master: https://git.io/vMgU3
<NixOS_GitHub>
nixpkgs/master 9c48916 Volth: scala: fix versions and $PATH
<NixOS_GitHub>
nixpkgs/master 558d13b Tim Steinbach: Merge pull request #21838 from volth/scala-fix-version...
uralbash has joined #nixos
<sphalerite>
I think it's easier if I just change it in a copy of nixpkgs and use that in nixos-rebuild
<LnL>
also, does anybody here use hydra on their desktop? I'm wondering if it would make testing PRs, ... easier
katyucha_ is now known as katyucha
ryanartecona has joined #nixos
<gchristensen>
LnL: "no"
<sphalerite>
why are fetchurl and fetchpatch not fetchUrl and fetchPatch? :(
jgertm has joined #nixos
<gchristensen>
LnL: but good to know you're interested in being a beta tester for something
altphi has quit [(Quit: altphi)]
<LnL>
gchristensen: is that a no as in, that's a terrible idea?
<gchristensen>
LnL: I def. don't recommend trying to run hydra against nixpkgs on your desktop :P
<gchristensen>
but I have a thing in the works
<gchristensen>
running a hydra which we can evaluate PRs on
<LnL>
I would want to trigger builds myself, unless that's not possible
jgertm has quit [(Ping timeout: 260 seconds)]
<gchristensen>
I think that would have to be part of it, yeaoh
Havvy has quit [(Ping timeout: 248 seconds)]
yenzenz has joined #nixos
relrod_ is now known as relrod
sellout- has joined #nixos
tvon_ has quit [(Quit: System is sleeping...)]
jensens has quit [(Ping timeout: 240 seconds)]
tvon has joined #nixos
FRidh has quit [(Ping timeout: 256 seconds)]
rmrfroot` has quit [(Ping timeout: 260 seconds)]
<LnL>
I thought we had to wait for hercules to cut off hydra's head(s) in order to get support for building PRs
danharaj has quit [(Ping timeout: 240 seconds)]
<gchristensen>
LnL: depends how committed you are
<LnL>
anything I can help with?
<gchristensen>
definitely :) I'll ping you
obadz has joined #nixos
pstn_ has quit [(Quit: leaving)]
<pie_>
um, do i need to install SANE to use a scanner/how?
<NixOS_GitHub>
[nixpkgs] bjornfor pushed 1 new commit to master: https://git.io/vMgqs
<pie_>
could someone help me get my canoscan lide 220 working?
<pie_>
after random googling, sudo sane-find-scanner shows i
<pie_>
*it
<pie_>
hm, i did see an allusion to needing root
<pie_>
oh yeah looks lie thats it :I
chris__ has joined #nixos
<gchristensen>
domenkozar / ikwildrpepper: could you add a webhook to the nixpkgs repo for me someday soonish? :)
yenzenz has quit [(Ping timeout: 240 seconds)]
<pie_>
a created a "scanner" group and added my user to it but i still need root for sane-find-scanner to list my scanner instead of access denied errors, any ideas?
k0001 has joined #nixos
feepo has joined #nixos
<NixOS_GitHub>
[nixpkgs] bjornfor pushed 1 new commit to release-16.09: https://git.io/vMgYI
<musicmatze>
Hi! Can we install NixOS on ARM already? I guess yes, as it works on RPI, right?
<simpson>
musicmatze: Yes.
<musicmatze>
So, theoretically, I could buy a XIDO X110 and try to get nixos running on it?
ilja_kuklic has joined #nixos
* pie_
pokes clever ;P
<musicmatze>
or an Xido X111
uralbash has quit [(Ping timeout: 240 seconds)]
<k0001>
What do people use inside Docker images (built with Nix's dockerTools) to run more than one daemon commands as the entry point? That is, what's the preferred "daemon supervisor" to run inside Docker?
<NixOS_GitHub>
[nixpkgs] kierdavis opened pull request #21839: i3blocks: search for config in correct system directory (master...i3blocks-sysconfdir) https://git.io/vMgWG
<pie_>
ugh might be DoA...
athan has joined #nixos
Shou has quit [(Ping timeout: 240 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<pie_>
turns out theres a lock on it, seems this might be a "portable" scanner
<joko>
LnL: if you create a new user on your own?
<pie_>
you have to unlock the scan head :)
<pie_>
viric, clever thanks a bunch! hopefully works now
Itkovian has joined #nixos
<k0001>
LnL: what error are you getting? Something about `POST` whatnot/
<LnL>
just that the username/password is wrong
<pie_>
yay it works! \o/ :)
<pie_>
the one time i didnt read the manual...
<pie_>
now if only simple-scan worked
<pie_>
oddly enough it was fine earlier, well my system is being a bit weird anyway so reboot i guess...
pie_ has quit [(Quit: Leaving)]
obadz has joined #nixos
cfricke has quit [(Quit: WeeChat 1.6)]
<NixOS_GitHub>
[nixpkgs] kierdavis opened pull request #21841: docs: fix a couple of unmatched parentheses (master...docs-unmatched-parens) https://git.io/vMg8A
<eacameron>
How do folks normally set up recurring tasks (cron jobs) in the nixos config?
<gchristensen>
eacameron: systemd timers
mudri`` is now known as mudri
<eacameron>
gchristensen: Ah...neato. Never used that before.
<eacameron>
gchristensen: I'm thinking I'll set up a timer then to run a borg backup every day
<gchristensen>
cool :)
<eacameron>
gchristensen: What do you use for backups?
obadz has quit [(Read error: Connection reset by peer)]
aminechikhaoui has joined #nixos
Geraldus has quit [(Quit: Be back later ...)]
<NixOS_GitHub>
[nixpkgs] Mic92 closed pull request #21841: docs: fix a couple of unmatched parentheses (master...docs-unmatched-parens) https://git.io/vMg8A
athan has quit [(Ping timeout: 245 seconds)]
modulistic has quit [(Ping timeout: 258 seconds)]
modulistic has joined #nixos
pie_ has joined #nixos
aminechikhaoui has quit [(Ping timeout: 240 seconds)]
aminechi1haoui has joined #nixos
pi3r has joined #nixos
<joko>
Could anyone help me with libvirtd? I can't run virt-install, it mentions /usr/libexec/qemu-bridge-helper is not found
catch22 has joined #nixos
guillaum1 has joined #nixos
<guillaum1>
Hi there. I'm having fun with buildFHSUserEnv and it does not behaves as I'm expecting it. See my nix file: http://lpaste.net/351149 I want to get the openexr includes files and binaries inside the chroot and I can only see the binaries (inside /usr/bin) but no includes (inside /usr/include). What did I do wrong?
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vMg0v
<NixOS_GitHub>
nixpkgs/master befc294 Vincent Laporte: coqPackages.dpdgraph: 0.5 -> 0.6{,.1}
<sheenobu>
hrm........ tooling which outputs nix expressions
<sheenobu>
mytool myfile.dsl | nix-build - ?
reinzelmann has quit [(Quit: Leaving)]
AllanEsp1nosa has quit [(Ping timeout: 258 seconds)]
AllanEsp1nosa has joined #nixos
alx741_ has joined #nixos
c0bw3b has left #nixos []
shanemikel has joined #nixos
alx741 has quit [(Ping timeout: 260 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
ambro718 has joined #nixos
dbe has joined #nixos
<kier>
guillaum1: the "openexr" package has multiple outputs. by default it will install only the "bin" output, which contains the executables. if you want the header files and libraries, you'll need to include the "dev" output, by changing pkgs.openexr to pkgs.openexr.dev
hiratara has quit [(Ping timeout: 255 seconds)]
Shou has joined #nixos
<kier>
and you can get a shell inside the FHS environment (i.e. where /usr/lib, /usr/include etc. appear to contain the libs and header files that you want) by running "nix-shell ./thisfile.nix -A fhsEnv.env"
<kier>
this sets up the environment, then chroot's into it and starts a shell
hiratara has joined #nixos
<gchristensen>
[0__0]: seen kmicu
<[0__0]>
Yes, I saw kmicu 1 week ago.
<[0__0]>
kmicu said: "gchristensen: ah, that chapter is not updated since 1.6 with ‘Nix now has proper integer arithmetic operators. For instance, you can write x + y instead of builtins.add x y, or x < y instead of builtins.lessThan x y. The comparison operators also work on strings.’."
mkoenig has quit [(Ping timeout: 240 seconds)]
Itkovian has joined #nixos
mkoenig has joined #nixos
johbo has left #nixos ["ERC (IRC client for Emacs 25.1.1)"]
Shou has quit [(Ping timeout: 245 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
cpennington has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] johbo opened pull request #21842: xournal: Support gtk with quartz or x11 backend (master...darwin-xournal-quartz) https://git.io/vMggW
<guillaum1>
kier: thanks you, it works indeed with ".dev", but now I'm wondering why my other package which depends on openexr to build works with only "openexr" inside buildInputs.
<Baughn>
+.
hiratara has joined #nixos
<exi>
now the stable rust fails to build
<exi>
my changes to beta/nightly did not touch those
<Baughn>
gchristensen: I don't know how people can track down bugs without having that option..
<gchristensen>
Baughn: I know! so amazing!
<exi>
{"message":"could not write output to x86_64-unknown-linux-gnu/test/compile-fail-fulldeps/gated-plugin.stage2-x86_64-unknown-linux-gnu.compile-fail.libaux/macro_crate_test.0.o: No such file or directory","code":null,"level":"error","spans":[],"children":[],"rendered":null}
<exi>
sounds like a timing issue and nothing related to rust tests
<gchristensen>
*paging LnL*
<exi>
LnL: ^
<guillaum1>
kier: actually what is the difference between my fhsEnv and fhsEnv.env? Well, actually, the question is more, where was I supposed to find this ".env"?
<Baughn>
copumpkin: I wonder if this is related to your issue #1171
<NixOS_GitHub>
[nixpkgs] johbo opened pull request #21844: Do not trim trailing whitespace in patch files (master...tweak-editorconfig) https://git.io/vMgou
<shanemikel>
I'm not using nix for most things.. I'm using native mac apps for emacs, using macports for bash and gnu coreutils/diffutils/find/grep/sed/make/git.. and nix for just development (idris and haskell)
<Baughn>
clever: Tried that, it doesn't give me a working nix-shell by default. Decided not to bother.
<shanemikel>
at least I'm trying to, :b
<Baughn>
Ok.
<Baughn>
Unfortunately I don't know how to do it with nix-channel
<LnL>
shanemikel: put or symlink you nixpkgs checkout in ~/.nix-defexpr/nixpkgs (for nix-env) and set NIX_PATH=nixpkgs=$HOME/.nix-defexpr/nixpkgs for everything else
<shanemikel>
ahh... right NIX_PATH, that's what I was looking for. So if I change the NIX_PATH, what's the purpose of putting it in ~/.nix-defexpr?
<LnL>
shanemikel: I like the flexibility of using a git checkout, but if things break on master you need to be a bit more comftable with nix
mkoenig has quit [(Ping timeout: 252 seconds)]
<LnL>
git I mean, using a channel you can just nix-channel --rollback to revert an update
<shanemikel>
well I'm probably more comfy with git than nix-channel
<LnL>
with a checkout you have to look at your reflog or tag stable commits, ..
<gchristensen>
I wonder if this would have been good to submit privately first
<gchristensen>
Baughn: I can replicate btw using my local checkout of nixpkgs :(
<LnL>
shanemikel: nix-env doesn't look at NIX_PATH unless you use nix-env -f '<nixpkgs>'
mkoenig has joined #nixos
<shanemikel>
ahh.. I just alias `nix-env -f '<nixpkgs>'` to nix-pkgs
<clever>
nix-env is weird
<LnL>
^ exactly
<LnL>
if you use an alias like that you can do whatever you want
<gchristensen>
very good catch, Baughn
<Baughn>
This really *is* a gaping security hole, so I hope it gets fixed fast.
<Baughn>
It works with sudo as well.
<gchristensen>
Baughn: yes, I wish you had submitted it privately :)
<Baughn>
...good point. :X
<Baughn>
I'll do that next time?
bennofs1 has quit [(Ping timeout: 245 seconds)]
<gchristensen>
sounds good -- instructions are at nixos.org
<sphalerite>
Ideally there won't be a next time, this having been the last security bug in Nix. :D
* Baughn
removes the 'security hole' comment.
<sphalerite>
(lol)
thc202 has quit [(Ping timeout: 248 seconds)]
<Baughn>
I don't think it's a bad one. It'd require a fairly special situation to explot.
<Baughn>
Hmm. nixos-rebuild switch doesn't seem to activate config changes to declarative containers...
michas has quit [(Ping timeout: 258 seconds)]
<NixOS_GitHub>
[nixpkgs] Mic92 closed pull request #21844: Do not trim trailing whitespace in patch files (master...tweak-editorconfig) https://git.io/vMgou
<clever>
Baughn: the containrs have to be manualy restarted
<clever>
Baughn: systemctl restart containers@foo
<Baughn>
Indeed.
<aszlig>
gchristensen: regarding chromium maintenance: not anymore (since a year now)
<gchristensen>
aszlig: I can definitely understand that! :(
civodul has quit [(Quit: ERC (IRC client for Emacs 25.1.1))]
kampfschlaefer has quit [(Ping timeout: 256 seconds)]
Itkovian_ has joined #nixos
Itkovian has quit [(Ping timeout: 256 seconds)]
<aszlig>
btw. i've hit a small roadblock on nixpart, so working an packet integration has delayed as well... i'm currently working on a hybrid UUID/serial implementation until someone comes up with a better idea
<aszlig>
did you work on packet integration in the meantime, btw?
<clever>
aszlig: i had gone with libparted in my installer, but i have since discovered, it has no api to get the UUID out of partitions it has made
<clever>
aszlig: so i need a 2nd library to inspect the tables after libparted write them out to disk, which is just ugly
<aszlig>
clever: yeah, that's why i wanted to make it deterministic in the first place, so it's not needed to reinspect anything
<clever>
aszlig: with some changes, libparted could give the uuid, but you still need to generate parts of configuration.nix after partitioning
<aszlig>
clever: nixpart 0.x already is stateful in this regard, so it creates partitions and spits out a nixos config expr
<clever>
label based is how most of the nixos stuff solves it
<clever>
but i can see how labels can potentialy cause problems in the future
<aszlig>
clever: yeah, but labels are prone to collisions and also differ in restrictions accross fs
<clever>
i had to shove the root-disk of 2 different nixos machines into the same case ~2 days ago
<clever>
and if it wasnt using unique zfs pool names, that could have turned uglier
<aszlig>
ah, does libparted support zfs?
<clever>
it doesnt seem to really handle any fs specialy
<clever>
you have to create the filesystem within after you tell libparted to write the tables to disk
<clever>
main issue i had ~2 days ago, is that memtest86 said my ram was bad, in 3 different machines
<clever>
no amount of shuffling of hardware would clear the error
<aszlig>
O_o
<clever>
everything, including the laptop, had the exact same problem
<clever>
the hardening changes in nixpkgs are to blame
<aszlig>
err... memtest86...
<aszlig>
ah, nvm
<aszlig>
hm, maybe we should have a VM test for memtest86 as well
ryanartecona has joined #nixos
<gchristensen>
aszlig: I haven't worked further, I'm talking to them about other options
<gchristensen>
aszlig: I'll check after supper :)
deepfire has joined #nixos
<clever>
aszlig: there doesnt appear to be any automated way to control memtest, or to read its status back
<aszlig>
clever: ocr?
<clever>
aszlig: and more anoyingly, the fault happens at 257mb, and qemu defaults to 128mb
<gchristensen>
we can read the console directly! :)
<clever>
so you have to know about this exact fault, and bump the ram up
<gchristensen>
we can set as much ram as we want
<clever>
yeah, but you need to know that a fault exists at 257mb to do that
<clever>
are there more faults at higher addresses?
<clever>
how much ram do we give that test?
<gchristensen>
yeah but we _do_ know about _this_ one
yenzenz has quit [(Ping timeout: 240 seconds)]
<aszlig>
mhm, so at least we could do a regression test on that one
<clever>
it also takes 30-40mins to hit the fault, if you dont force it directly to test#9
<gchristensen>
oh gosh!
<aszlig>
okay, that's a show stopper then :-/
<clever>
i did see an option to force it to scan only a range of addresses
<clever>
so you could force it to only test 250 thru 260mb, with #9
<clever>
but you have to do that by pasting keys into the qemu input buffer
<aszlig>
brb
thyfatalblade has joined #nixos
<eacameron>
borgbackup package depends on acl which apparently only works on Linux (not darwin). Is this a dead end or should borgbackup work but with limited features?
<thyfatalblade>
hi all, trying to install nixos in vmware (on win10 if that's important), running into an issue during the install with grub (similar to https://github.com/jeaye/nixos-in-place/issues/4 but the fix isn't applicable)
<clever>
eacameron: i would try just not giving it acl and see what happens
<eacameron>
clever: you mean modify the build-depends to not require it?
<clever>
eacameron: yeah
<eacameron>
clever: I see. I'll try it. Their site says it doesn't support ACLs on OpenBSD so perhaps I could just remove that feature.
<clever>
eacameron: there is also a shortcut, one sec
<clever>
eacameron: this will just build it without acl
<eacameron>
clever: Oh wow...that's sweet.
<clever>
as long as i guessed all of the attribute names right
<eacameron>
clever: If it works, could I submit a patch to only depend on acl when the platform is Linux?
<clever>
i believe there is stdenv.isDarwin you can use
<eacameron>
clever: Right...or that.
<eacameron>
clever: Even better would be a way to say "Am I on a platform supported by X package?"
<clever>
not sure if there is an easy way to detect if acl is compatible
<eacameron>
clever: Is it possible to inspect the meta?
<eacameron>
clever: That would be a handy feature...
<clever>
*looks*
<clever>
nix-repl> (import <nixpkgs> { system = "x86_64-darwin"; }).acl.meta
<clever>
error: Package ‘acl-2.2.52’ in ‘/nix/store/jk5dvrv6w9bcgh88g0x7clk19df3q28f-nixos-17.03pre96925.1c50bdd/nixos/pkgs/development/libraries/acl/default.nix:29’ is not supported on ‘x86_64-darwin’, refusing to evaluate.
<clever>
eacameron: you cant access anything inside acl, because its not a supported package