<xwvvvvwx> mguentner: So your point is that having everything in /nix/store as world readable is a security issue?
<mguentner> xwvvvvwx: yes
<xwvvvvwx> I don't understand why moving to zfs fixes that?
<xwvvvvwx> Makes more sense to me to use something like these systemd InaccessibleDirectories?
<simpson> The correct answer is to not put secrets in the store.
<simpson> I recognize that a *lot* of software isn't designed to operate this way, but most of it is also designed to work with /etc, which we already support.
<simpson> OTOH the bind-and-hide technique seems like it'd work alright, and I'm sure it's pretty flexible.
<xwvvvvwx> what is bind-and-hide ?
<simpson> Like, using the cgroups equivalent for vfs. I don't remember what it's all called. InaccessibleDirectories might be how systemd uses it?
<mguentner> xwvvvvwx: image a global dataset which is only accessible for root/nix-daemon and each environment will be built for each context as a seperate dataset and mounted with respective permissions
<xwvvvvwx> So each user would only see the bits of the store that they need to see?
<mguentner> xwvvvvwx: that's the idea
<xwvvvvwx> sounds sensible
<xwvvvvwx> but is multi-user a big use case?
<rycee[m]> Acou_Bass: You might need a wrapper for the gtk introspection to work. Search python-packages.nix for GI_TYPELIB_PATH...
<simpson> mguentner: Sounds like capabilities. I like it.
<xwvvvvwx> I mean I'm the only one using my laptop?
<simpson> mguentner: I'm now imagining hooking that up to SSH, so that you SSH-to-environment.
markus1209 has joined #nixos
<Acou_Bass> rycee[m]: thanks ill give that a go! :D
markus1219 has joined #nixos
t7 has quit [(Remote host closed the connection)]
markus1199 has quit [(Ping timeout: 240 seconds)]
markus1189 has quit [(Ping timeout: 252 seconds)]
mexisme has joined #nixos
kampfschlaefer has quit [(Ping timeout: 256 seconds)]
<mguentner> xwvvvvwx: it's more relevant to systems with a large attack surface (servers with services facing The Internet(tm))
<xwvvvvwx> right
<xwvvvvwx> makes sense
<gchristensen> bendlas: unfortunately I can't really make those search / files links different :(
digitalmentat has quit [(Ping timeout: 276 seconds)]
<mguentner> simpson: another big improvement would be that the traditional unix/linux fs layout can be used again (/usr/bin /usr/share etc.)
<NixOS_GitHub> [nixpkgs] Profpatsch opened pull request #22855: mpd avahi support & slight refactoring of module (master...mpd) https://git.io/vDDuy
<gchristensen> tbh it doesn't seem so important to me
<gchristensen> or helpful
* gchristensen shouldn't have said anything
<mguentner> gchristensen: that would make it possible to actually develop something in NixOS without using the nix-shell
<mguentner> for example cmake expects make, ar and other stuff to be in /usr/bin, the solution currently is to make a derivation. However all your stuff will be built without debugging symbols...
<Ralith> development with nix-shell is a core selling point of NixOS
<gchristensen> I also don't buy the idea that configuration should be kept private
panostimos has joined #nixos
<Ralith> not sure what you're talking about with cmake, I've done lots of cmake stuff on NixOS and never had any issues at all building with or without debug symbols
erasmas has quit [(Quit: leaving)]
xwvvvvwx has quit [(Ping timeout: 276 seconds)]
<mguentner> Ralith: forget what I said about cmake, sorry :/
Kingsquee has joined #nixos
<gchristensen> its all good :)
<mguentner> gchristensen: I just don't think that postfix should be able to read dovecot's config files
<jchee> is there a way to configure nix-shell to run a shell other than bash? i live in zsh but nix-shell starts bash
<mguentner> gchristensen: basically: Principle of least privilege
<simpson> mguentner: We usually call it POLA, "Principle of Least Authority", in the world of object-capability theory.
<simpson> Although it's not like Nix is an ocap system~
<Ralith> jchee: nix-shell --run zsh
<mguentner> simpson: yeah that one :)
<jchee> Ralith: awesomesauce, thank you!
<Ralith> that would be nice to have
<Ralith> jchee: beware that the default zsh prompt isn't as helpful about reminding you you're in a shell
ryanartecona has joined #nixos
<Ralith> IN_NIX_SHELL may be of interest
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vDD2k
<NixOS_GitHub> nixpkgs/master b207bf5 Graham Christensen: redis: 3.2.5 -> 3.2.7 for two vulnerabilities...
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to release-16.09: https://git.io/vDD2L
<NixOS_GitHub> nixpkgs/release-16.09 3113646 Graham Christensen: redis: 3.2.5 -> 3.2.7 for two vulnerabilities...
<mguentner> gchristensen: having config files in the store is not a problem as long as only the process/context that is using them is able to open/read them
<gchristensen> I agree it isn't most wonderful, but "read-only" is pretty low authority to start with, and doesn't seem like a super high priority to me personally
xwvvvvwx has joined #nixos
<gchristensen> oh wow, Quagga released a new version
<mguentner> gchristensen: indeed, having an up-to-date system is better than having a false sense of security
<gchristensen> oh and the other thing is I'm not willing to give up the benefits having them in the store provides (ie: the unique paths) -- this is huge. how specifically those unique, read-only paths happen, :thumbsup:
<mguentner> it's just something that should be addressed sometime (also within the security team/context of NixOS). It's always better to address the root of the problem instead of hacking around it (carefully moving important stuff out of the store)
<gchristensen> right
<gchristensen> it might be worth looking in to the features systemd provides here
<gchristensen> it has nice sandboxing support
<mguentner> gchristensen: yeah, creating virtual stores with zfs/btrfs/xfs could solve this
<mguentner> also I am in favor of not vendor-locking ourselves completely when it comes to the init system :>
<gchristensen> I won't say that ship has sailed, but systemd is having a lot of success
<ndowens08> I actually like how easy it is to start/enable/disable services vs init
Wizek_ has quit [(Ping timeout: 240 seconds)]
Wizek has quit [(Ping timeout: 240 seconds)]
takle has quit [(Remote host closed the connection)]
<jeaye> Surely that hardcoding isn't good practice.
<jeaye> How can I get the location of a file in pkgs?
<jeaye> I'd like whatever would be ${pkgs.foo}/bin/foo in a bash script.
<jeaye> I'd like to link it to environment.etc.foo though.
<ndowens08> jeaye: yea i have been trying to figure that one out as well
<ndowens08> works in nix files but not in bash/zsh that i can figure out
nckx has quit [(Quit: ☭ + 🐧 + GNU Guix <https://gnu.org/s/guix>)]
<jeaye> Oh, I'm looking to do it in nix, without bash.
<jeaye> I can do it in inline bash, in a nix file, with the above syntax.
<ndowens08> like if you need to say bash is located here, it is like ${pkgs.bash}/bin/bash in a nix file
<tippenein> If I do nix-build default.nix and then nix-shell default.nix, shouldn't the nix-shell use what nix-build already built?
<tippenein> I'll check further after this build is done, but I think it's rebuilding everything with nix-shell. Maybe I'm misunderstanding paths
<ndowens08> I am not sure tippenein; I am still new myself, but i just tend to use nix-build -A PKGNAME (inside my local fork of nixpkgs) and then see if it executes, after it builds it puts it in a result folder
nckx has joined #nixos
takle has joined #nixos
<tippenein> ndowens08: same for me, but I wanted to try haskell's stack integration which uses a shell.nix as the entrypoint
Shoue has quit [(Ping timeout: 258 seconds)]
<Acou_Bass> hmm im running into another issue with this python package... its now complaining that libXfixes.so wasn't found, but when i added pkgs.libXfixes to buildInputs it then tells me that that attribute wasnt found either
<Acou_Bass> am i supposed to be adding library dependencies another way? Xd
<ndowens08> Acou_Bass: in buildinputs put pkgs.xorg.libXfixes
<ndowens08> i believe
takle has quit [(Ping timeout: 268 seconds)]
Shados has quit [(Remote host closed the connection)]
<Acou_Bass> ahh thanks :D back to w ork :)
Shados has joined #nixos
roconnor__ has quit [(Ping timeout: 240 seconds)]
thc202 has quit [(Ping timeout: 260 seconds)]
ilja_kuklic has joined #nixos
xwvvvvwx has quit [(Ping timeout: 240 seconds)]
ryanartecona has quit [(Quit: ryanartecona)]
Shados has quit [(Ping timeout: 245 seconds)]
xwvvvvwx has joined #nixos
takle has joined #nixos
nckx has quit [(Quit: ☭ + 🐧 + GNU Guix <https://gnu.org/s/guix>)]
takle has quit [(Ping timeout: 240 seconds)]
panostimos has quit [(Ping timeout: 252 seconds)]
Shados has joined #nixos
nckx has joined #nixos
<Ralith> always confused me how x libs have a weird path
Shados has quit [(Remote host closed the connection)]
Shados has joined #nixos
jchee has quit [(Ping timeout: 260 seconds)]
ilja_kuklic has quit [(Quit: ilja_kuklic)]
erlandsona has joined #nixos
<NixOS_GitHub> [nixpkgs] jerith666 opened pull request #22856: bins: fix permissions issue regenerating albums (master...bins-perms) https://git.io/vDDK8
<bendlas> hey, is anybody else having trouble with ludicrous memory usage in the find utily, when updatedb runs?
<ndowens08> hmm how do I use nix-shell? i do like nix-shell '<nixos>' -A PKGNAME and it just goes to copy of nixpkgs repo?
systemfault has joined #nixos
Rotaerk has joined #nixos
<cransom> ndowens08: nix-shell -p packagenamehere
<ndowens08> cransom: ah, almost all the docs i found online show -A
<Rotaerk> packagenamehere is a weird name for a package :-o
<ndowens08> yup
<cransom> ndowens08: -A would be for nix-build and nix-env. nix-shell is just a wee bit different.
<ndowens08> cransom: funny thing is i can do -p and then try unpackPhase and it says variable $src should point to src
<cransom> hrm. i didn't realize those functions existed in a plain old nix-shell.
mudri has quit [(Quit: WeeChat 1.7)]
<gchristensen> yup
Rizy has quit [(Quit: Rizy)]
<ndowens08> whoa, i have 80 generations
<ndowens08> dont see how, is there a way to change the generation number? like rename it
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #22853: Fix typo introduced by #22677 (master...fix-22677-quassel) https://git.io/vDD4a
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #22845: redis: 3.2.5 -> 3.2.8 (master...redis-3.2.8) https://git.io/vDMdm
Rizy has joined #nixos
lambdamu has quit [(Ping timeout: 256 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #22844: vim: 8.0.0075 -> 8.0.0329 (master...vim-8.0.0329) https://git.io/vDMMz
<NixOS_GitHub> [nixpkgs] grahamc pushed 2 new commits to master: https://git.io/vDDiD
<NixOS_GitHub> nixpkgs/master 54e3fad Herwig Hochleitner: webkitgtk212x: remove...
<NixOS_GitHub> nixpkgs/master 7943dc8 Graham Christensen: Merge pull request #22843 from bendlas/update-webkitgtk...
mizu_no_oto has joined #nixos
systemfault has quit [(Quit: Bye!)]
MP2E_ has joined #nixos
MP2E_ has quit [(Client Quit)]
<Acou_Bass> winnerr
<Acou_Bass> :D
erlandsona has left #nixos []
<gchristensen> nice!
<ndowens08> guess that means nixos as main?
Rizy has quit [(Quit: Rizy)]
<Acou_Bass> yeah I've still got my configuration on git somewhere so I'll switch back over on the weekend hehe
mbrgm has quit [(Ping timeout: 240 seconds)]
Rizy has joined #nixos
mbrgm has joined #nixos
s33se has joined #nixos
endformationage has joined #nixos
mkoenig has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Remote host closed the connection)]
xwvvvvwx has quit [(Ping timeout: 264 seconds)]
eacameron has joined #nixos
mkoenig has joined #nixos
s33se_ has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
<benley> argh building virtualbox from source takes foreeevvverrrrrrr
MP2E has quit [(Quit: reboot)]
xwvvvvwx has joined #nixos
<benley> Acou_Bass: you got a steam controller working with nixos?
<benley> if so can you point me at whatever docs exist? I have no clue and I want that :P
MP2E has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
<Acou_Bass> yeah it worked fine by adding a bit to my configuration, i think udev rules, can't remember where i found them :D sec I'll link mine
chpatrick has left #nixos []
<Acou_Bass> benley: the bit at the very bottom
<benley> awesome, thank you
<Acou_Bass> and if you want the sc-controller gui well i dunno if it works properly yet but that's here https://gist.github.com/AcouBass/5d97b62ece412f52050f0c10f8170a51 just add it to top-level/python-packages.nix and install from there hehe
<benley> does it work with Steam?
<Acou_Bass> oh yeah the udev rules will make the controller work fully with the official steam gui
tm_ has quit [(Ping timeout: 260 seconds)]
<benley> rock. That is what I primarily want to get working :-)
<Acou_Bass> the Python package is just for the unofficial gui :D
<NixOS_GitHub> [nixpkgs] bendlas opened pull request #22857: findutils: plug memory hole in find (master...findutils) https://git.io/vDDXw
<Acou_Bass> i use the controller for emulators and stuff so sort of like having the external gui if possible
<benley> oh yeah that will be great too - I forgot how frequently I end up wanting a controller for non-steam games
<Acou_Bass> i dunno if the Python gui works on nixos yet but ive been building it on nix on arch Linux and it seems to work
<Acou_Bass> so if you test it let me know how it goes :D
<benley> will do
<benley> I finally got around to actually installing nixos on my home machine rather than ubuntu last month and it's _so nice_
<Acou_Bass> i'm all excited to go back to it on my desktop now... had it but was missing some packages and too lazy to Build them myself so went back to arch... but kept nix on my laptop to remind me what im missing
<benley> I also went a little nuts and put nixos on my chromebook, which I only had time to do because I got laid off. No regrets, amazingly enough.
<Acou_Bass> but now I've built sc-controller and the RS client im ready to go back... might see about getting some themes and fonts packaged too but that's just niceties
sellout- has quit [(Quit: Leaving.)]
<Acou_Bass> ooh chromebook sounds fun
<benley> there are a bazillion fonts available in nixpkgs nowadays, thankfully
<Acou_Bass> XD
<Acou_Bass> even opendyslexia? i love that one
<benley> not sure.
<benley> but yeah, nixos with luks-encrypted ZFS root on a chromebook pixel == super nice
<Acou_Bass> ha! yep there it is
ndowens08 has quit [(Ping timeout: 256 seconds)]
<Acou_Bass> xD that sounds cool
<Acou_Bass> took me a while to figure out how to open luks root with a USB key on nxos but eventually got there
<Acou_Bass> haven't tried zfs yet though
<benley> ZFS turns out to be pretty simple.
<Acou_Bass> im not really picky about file systems, my desktops got an xfmytrfs combo and my laptop is purely ext4, not even sure why i use those 3 :D
<Acou_Bass> xfs/btrfs**
sellout- has joined #nixos
<benley> I'm fond of zfs for its consistency guarantees; I like to _know_ if data gets corrupted
<benley> and lightweight snapshots of my homedir are pretty nice
<Acou_Bass> btrfs snapshots are cool too dunno if zfs does them the same way, opensuse has a great default setup with easy rollbacks and auto snapshots on zypper updates and stuff like that
hexagoxel has quit [(Ping timeout: 260 seconds)]
<benley> I don't know if the implementations are at all similar, but I think it's a similar effect.
hexagoxel has joined #nixos
<bgamari> anyone around know about the new scheme for cross-compilation?
<bgamari> I'm trying and failing to port my RISCV toolchain expressions
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
takle has joined #nixos
Kingsquee has quit [(Read error: Connection reset by peer)]
Kingsquee has joined #nixos
<copumpkin> wow, image builds are pretty slow even on KVM-enabled machines
<copumpkin> I gotta finish my fix
takle has quit [(Ping timeout: 240 seconds)]
eacameron has quit [(Remote host closed the connection)]
<benley> copumpkin: what's your fix?
<copumpkin> avoids copying stuff around as much and uses almost no VM (possibly none when I finish it)
<benley> cool.
<copumpkin> yeah, the old one took almost half an hour on EC2 (because it has no hardware virtualization) and the new one takes about a minute
<benley> the current vm builds don't actually build things inside the VM, do they?
eacameron has joined #nixos
<copumpkin> they build an image inside a VM
<copumpkin> they don't boot the machine being built
<benley> ah, ok
<benley> and in theory that step can be done without a VM, I guess
<copumpkin> yeah, it's just that in the past it's been pretty difficult to manipulate filesystems and partitions without a VM or superuser
<copumpkin> but this neat project solved that
<copumpkin> so I packaged up https://github.com/lkl/linux and am now using that to build my images
<Nafai> Anyone else having problems building Chromium with WideVine enabled on recent NixOS unstable?
<copumpkin> and cleaning up some of the other stuff around today's image building process
<benley> whoa LKL is a cool idea
<copumpkin> yup :)
<copumpkin> rump kernel for linux
<copumpkin> or parts of it
roconnor__ has joined #nixos
* copumpkin -> bed
eacameron has quit [(Remote host closed the connection)]
* benley ughs at pam modules
defel has quit [(Ping timeout: 240 seconds)]
eacameron has joined #nixos
mguentner has quit [(Quit: WeeChat 1.7)]
mguentner has joined #nixos
takle has joined #nixos
AllanEspinosa has quit [(Quit: Reconnecting)]
AllanEspinosa has joined #nixos
takle has quit [(Ping timeout: 264 seconds)]
systemfault has joined #nixos
danharaj has quit [(Ping timeout: 258 seconds)]
xwvvvvwx has quit [(Ping timeout: 240 seconds)]
athan has joined #nixos
MVQq is now known as MarcelineVQ
mguentner2 has joined #nixos
mguentner has quit [(Ping timeout: 240 seconds)]
mkoenig has quit [(Remote host closed the connection)]
alx741 has quit [(Quit: alx741)]
uralbash has left #nixos []
athan has quit [(Quit: leaving)]
scott_____ has joined #nixos
scott_____ has quit [(Changing host)]
scott_____ has joined #nixos
scott_____ has quit [(Changing host)]
scott_____ has joined #nixos
scott has quit [(Disconnected by services)]
scott_____ is now known as scott
scott2 has joined #nixos
tm_ has joined #nixos
\\\\\\\\\\\ has quit [(Remote host closed the connection)]
<fresheyeball> can I install ue4 with nix-env?
AllanEspinosa has quit [(Ping timeout: 268 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 245 seconds)]
brh_ has joined #nixos
proteus-guy has quit [(Remote host closed the connection)]
takle has joined #nixos
Rizy has quit [(Quit: Rizy)]
fhoffmeyer has quit [(Remote host closed the connection)]
alx741 has joined #nixos
takle has quit [(Ping timeout: 258 seconds)]
nwspk has quit [(Ping timeout: 256 seconds)]
<brh_> Has anyone ever seen an issue where a default.nix shell built just fine on NixOS, but when run on a Debian machine it errors with "undefined variable 'licenses'" ?
<brh_> while evaluating meta.license = licenses.mit;
justanotheruser has joined #nixos
nwspk has joined #nixos
<brh_> not sure if I should be putting some extra parameters on my $ nix-shell call
ebzzry has quit [(Ping timeout: 240 seconds)]
ebzzry has joined #nixos
Rizy has joined #nixos
systemfault has quit [(Quit: Bye!)]
stepcut has joined #nixos
endformationage has quit [(Quit: WeeChat 1.6)]
roconnor__ has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
mexisme has quit [(Read error: Connection reset by peer)]
mexisme has joined #nixos
dramforever has joined #nixos
eacameron has quit [(Remote host closed the connection)]
takle has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
marusich has joined #nixos
saintromuald has quit [(Ping timeout: 245 seconds)]
proteus-guy has joined #nixos
Sonarpulse has quit [(Ping timeout: 255 seconds)]
Mercuria1Alchemi has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
alx741 has quit [(Quit: alx741)]
ertesx has joined #nixos
ebzzry has quit [(Ping timeout: 260 seconds)]
ertes has quit [(Ping timeout: 258 seconds)]
ertesx is now known as ertes
katyucha1 has joined #nixos
eacameron has joined #nixos
ebzzry has joined #nixos
Rizy has quit [(Quit: Rizy)]
eacameron has quit [(Ping timeout: 255 seconds)]
ebzzry has quit [(Ping timeout: 268 seconds)]
katyucha has quit [(Killed (verne.freenode.net (Nickname regained by services)))]
katyucha1 is now known as katyucha
katyucha1 has joined #nixos
marusich has quit [(Ping timeout: 240 seconds)]
MoreTea has joined #nixos
DutchWolfie has joined #nixos
saintromuald has joined #nixos
edvorg has joined #nixos
Itkovian has joined #nixos
johann__ has joined #nixos
freusque has joined #nixos
Itkovian has quit [(Client Quit)]
joshie_ has quit [(Ping timeout: 245 seconds)]
kampfschlaefer has joined #nixos
takle has joined #nixos
joshie has joined #nixos
takle has quit [(Ping timeout: 258 seconds)]
hexagoxel has quit [(Ping timeout: 258 seconds)]
hexagoxel has joined #nixos
reinzelmann has joined #nixos
Guest2225 has joined #nixos
takle has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
kampfschlaefer has quit [(Ping timeout: 256 seconds)]
MoreTea has quit [(Ping timeout: 240 seconds)]
saintromuald has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
Guest2225 has quit [(Ping timeout: 240 seconds)]
takle has quit [(Ping timeout: 258 seconds)]
Guest2225 has joined #nixos
fnljk_ has quit [(Quit: ^?^)]
uralbash has joined #nixos
dramforever has quit [(Quit: Leaving)]
takle has joined #nixos
joshie has quit [(Ping timeout: 260 seconds)]
Itkovian has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
sivteck has joined #nixos
takle has joined #nixos
ambro718 has joined #nixos
Guest2225 has quit [(Quit: Verlassend)]
nschoe has joined #nixos
sivan has joined #nixos
sivteck has quit [(Ping timeout: 276 seconds)]
takle has quit [(Ping timeout: 255 seconds)]
sivan has quit [(Read error: Connection reset by peer)]
takle has joined #nixos
flemming has joined #nixos
hamishmack has quit [(Quit: hamishmack)]
takle has quit [(Ping timeout: 240 seconds)]
derjohn_mob has joined #nixos
sivan has joined #nixos
hamishmack has joined #nixos
flemming is now known as fhoffmeyer
ambro718 has quit [(Ping timeout: 276 seconds)]
defel has joined #nixos
<fhoffmeyer> I am new to NixOs, but is really liking it so far. I often do some complex merges, and have previously used P4merge. Since that is closed software it is not available in nix packages. Is there a good open source alternative that is good at three way merging? I have tried meld, but was not at all satisfied. I need the local, remote and common ancestor views to understand what is going on. Or is it possible to
<fhoffmeyer> get P4 working on NixOs?
sivan is now known as sivteck
goibhniu has joined #nixos
<isHavvy> It should be possible to get P4 working, but you're going to have to learn the Nix expression language or convince somebody to write the expression for you.
blahdodo has quit [(Ping timeout: 245 seconds)]
blahdodo has joined #nixos
<fhoffmeyer> I have tried to give it a shot, and fixed the interpreter, but if I try to change the rpath in any way, the binary just segfaults.. I did something like this: http://pastebin.com/psmfVvjF
s1lvester has left #nixos ["Leaving"]
<fhoffmeyer> I tried to run patchelf directly from the command line and change the rpath there.. and that works. So I think I am doing something wrong in the .nix file
<fhoffmeyer> By "works" I mean that the one dependency that i put in the rpath is set corerctly and it complains about the next one. No segfault
joshie has joined #nixos
<makefu> fhoffmeyer: you can always try to run with FHS Environments
<makefu> it essentially prepares an environment which will look like a standard distro with all the packages you specified
<makefu> "They can be used in various situations when patching some program is too hard to make it work in pure, non-FHS environment"
pi3r has joined #nixos
<fhoffmeyer> Ok, I will take a look at that, but I just find it strange that I can run patchelf from the command line, and see the change happen, but when it is run through the .nix file the binary is utterly broken.
fhoffmeyer2 has joined #nixos
olesk has joined #nixos
derjohn_mob has quit [(Ping timeout: 276 seconds)]
<makefu> maybe in the fixupPhase the binary gets stripped and the shebang gets patched
<makefu> you can always overwrite all the phases
edvorg has quit [(Ping timeout: 260 seconds)]
freusque has quit [(Ping timeout: 240 seconds)]
thc202 has joined #nixos
<fhoffmeyer> allright. I will try that too. Thanks!
takle has joined #nixos
saintromuald has joined #nixos
sivteck has quit [(Ping timeout: 240 seconds)]
takle has quit [(Ping timeout: 240 seconds)]
peterhhoeg has joined #nixos
cmercier has joined #nixos
ilyaigpetrov has joined #nixos
MP2E has quit [(Quit: leaving)]
<ilyaigpetrov> I've tried netconsole boot option and it did't work. I guess I need insmod or modprobe for it to work
teknico has joined #nixos
cmercier has quit [()]
peterhhoeg has quit [(Remote host closed the connection)]
Wizek has joined #nixos
Wizek_ has joined #nixos
derjohn_mob has joined #nixos
<goibhniu> I only heard of http://funops.co/nix-cookbook/nix-by-example/ yesterday ... it's awesome!
<goibhniu> there's a nice concise comparison of deployment commands for NixOps too
wkennington has quit [(Quit: Leaving)]
takle has joined #nixos
olesk has quit [(Quit: Lost terminal)]
johann__ has quit [(Quit: Leaving.)]
johann__ has joined #nixos
johann__ has quit [(Client Quit)]
wizeman has joined #nixos
takle has quit [(Ping timeout: 264 seconds)]
fritschy has joined #nixos
Shoue has joined #nixos
mudri has joined #nixos
panostimos has joined #nixos
<clever> makefu: there are also switches to turn those steps off
<clever> makefu: that lets you selectively control what fixup does, without loosing all of it
<makefu> clever: so many hidden features ;)
<clever> fhoffmeyer: ^^^
jgertm has joined #nixos
takle_ has joined #nixos
<fhoffmeyer> Cool, I will try it out tonight. I have kind of made it my goal to make P4 work, as a way of telling if NixOs is for me or not. If I can make it work, I get all of the benefits, but can handle the drawbacks. If not.. well, its back to Arch i guess.
<arianvp2> fuckkkk
<arianvp2> so acme broke _again_
<arianvp2> and now all my certs are gone and I cannot update my nixos box anymore
<arianvp2> wtf
<clever> arianvp2: broke how?, last i ran it, it worked fine
<arianvp2> Permission denied: u'/var/lib/acme/acme-challenge/.well-known/acme-challenge/SidtAjjxOYQb2R10CVxsxy1w0vi25L0GTH_JKFBu3so'
<arianvp2> is what I get
arianvp2 has quit [(Quit: WeeChat 1.6)]
nixos has joined #nixos
<nixos> oh wait
nixos is now known as arianvp2
<arianvp2> clever: ah i was deploying nixos-unstable
<arianvp2> that explains :D
<arianvp2> hehe
<clever> ah
<arianvp2> but that does mean something in unstable is breaking the way acme works
<arianvp2> :/
<clever> [root@chipuppoker:~]# ls -lha /var/lib/acme/acme-challenge
<arianvp2> so perhaps still worth investigating
<clever> drwxr-xr-x 3 root root 3 Jan 24 14:26 .well-known
<NixOS_GitHub> [nixpkgs] peterhoeg opened pull request #22859: terraform: 0.8.6 -> 0.8.7 (master...u/tf) https://git.io/vDym9
ThatDocsLady has joined #nixos
<clever> at least in 16.09, the directory is root-only
<arianvp2> okay
<arianvp2> now acme is broken on stable as well...
<arianvp2> :(
<clever> it might be the impurity that is state!
<clever> what error does 16.09 have?
<globin> fpletz: ^
<arianvp2> wait :D
<arianvp2> nginx didnt start so acme cant connect
<arianvp2> that seems fair
<arianvp2> haha
<clever> ive also found that nginx wont restart after acme gets certs
<clever> so its stuck on self-signed example.com certs until you give it a boot
<arianvp2> nah it was because my config had a syntax error
<arianvp2> this is totally my fault
<clever> oh, lol
<clever> i plan to make a nixos test that boots my services under qemu
<clever> to ensure it can at least start
thaega has quit [(Ping timeout: 252 seconds)]
<fpletz> arianvp2: globin: the nginx module still sets user and group correctly for nginx if the nginx vhost integration is used
<NixOS_GitHub> [nixpkgs] edolstra pushed 1 new commit to master: https://git.io/vDyY4
<NixOS_GitHub> nixpkgs/master 97fc806 Eelco Dolstra: nix-prefetch-zip: Remove...
phreedom has joined #nixos
<arianvp2> hmm
<arianvp2> okay mattermost module says it cannot connect to postgres :(
<NixOS_GitHub> [nixpkgs] peterhoeg pushed 2 new commits to master: https://git.io/vDyYd
<NixOS_GitHub> nixpkgs/master 0418f78 Peter Hoeg: terraform: 0.8.6 -> 0.8.7
<NixOS_GitHub> nixpkgs/master de31599 Peter Hoeg: Merge pull request #22859 from peterhoeg/u/tf...
<fpletz> arianvp2: I upgraded mattermost recently but didn't touch the module config, worked for me \o/
<arianvp2> I get the following error:
<arianvp2> psql: could not connect to server: No such file or directory
<arianvp2> Feb 16 10:36:52 arianvp.me mattermost-pre-start[27460]: Is the server running locally and accepting
<NixOS_GitHub> [nixpkgs] globin pushed 1 new commit to master: https://git.io/vDyOq
<NixOS_GitHub> nixpkgs/master 790e5bf Robin Gloster: ecryptfs: fix after security wrapper change...
<arianvp2> Feb 16 10:36:52 arianvp.me mattermost-pre-start[27460]: connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
<arianvp2> postgresql _is_ running though
<arianvp2> and running psql command from the commandline works perfectly fine
georges-duperon has joined #nixos
<arianvp2> any idea fpletz ??
Shoue has quit [(Ping timeout: 252 seconds)]
thaega has joined #nixos
<arianvp2> so apparently this line is failing
<fpletz> hrm
rjsalts has quit [(Quit: Coyote finally caught me)]
<arianvp2> so it tries to create the postgres database but it cant because psql doesnt connect properly
<fpletz> this is the problem (PrivateTmp)
jensens has joined #nixos
<fpletz> this is weird
rjsalts has joined #nixos
<arianvp2> Ohh of course
<arianvp2> anyhow in /tmp (not privatly mounted version)
<fpletz> I should've written a test, how did this ever work \o/
<arianvp2> the unix socket does not exist either
<fpletz> oh
<fpletz> maybe PrivateTmp doesn't apply for preStart
<fpletz> and something in postgresql changed
<arianvp2> shall we create an issue and collect some facts?
<arianvp2> We can probably fix this
mudri has quit [(Ping timeout: 264 seconds)]
johann__ has joined #nixos
<fpletz> arianvp2: yes, please!
<fpletz> I'm on a train with really shitty internet unfortunately
ebzzry has joined #nixos
<arianvp2> meh this is not mission critical. I needed a chat for my group at Uni. they wanted to use slack
<arianvp2> I said "No wait,I can install free software with 3 lines of code"
phreedom has quit [(Ping timeout: 258 seconds)]
<arianvp2> and they've been staring at my screen with me for an hour seeing me struggle
<arianvp2> =)
<arianvp2> such is life
<fpletz> the easy fix would probably be to use localhost (to use tcp) in preStart instead, mattermost should use tcp anyway
<arianvp2> so add -h localhost
<arianvp2> ?
<fpletz> yup
<clever> depends, some services like mysql take "localhost" as an alias to mean "use the default unix socket"
<clever> and you need to force tcp via 127.0.0.1
<clever> should be simple to test
<NixOS_GitHub> [nixpkgs] peti pushed 4 new commits to master: https://git.io/vDy3S
<NixOS_GitHub> nixpkgs/master 34584b2 Peter Simons: hackage: update snapshot to 2017-02-12T15:49:03Z
<NixOS_GitHub> nixpkgs/master 918a592 Peter Simons: hackage2nix: drop obsolete extra packages
<NixOS_GitHub> nixpkgs/master 5e910bc Peter Simons: hackage-packages.nix: automatic Haskell package set update...
jarlg has joined #nixos
cornu[m] has joined #nixos
kthnnlg has joined #nixos
<arianvp2> alright
<arianvp2> thanks
<NixOS_GitHub> [nixpkgs] romildo closed pull request #14183: texlive-new: fix updmap in combine function (master...fix.texlive-new) https://git.io/vapqz
<arianvp2> how do I override a module locally?
<arianvp2> so I can hot patch this for now?
Shoue has joined #nixos
ebzzry has quit [(Ping timeout: 240 seconds)]
<clever> arianvp2: modules cant easily be overriden, simplest thing is to mkForce the setting that the module was configuring
<clever> arianvp2: so an mkForce on the prestart entry i believe
johann__ has quit [(Read error: Connection reset by peer)]
<pareidolia> clever: Or prefix everything
<arianvp2> i will just copy over the module now
fhoffmeyer2 has quit [(Ping timeout: 276 seconds)]
<clever> if you copy the module, then youll need to rename it to make it a new service
johann__ has joined #nixos
fhoffmeyer2 has joined #nixos
<mbrgm> when I'm creating a nixpkg and use the documentation text from a man page for option descriptions, do I have to take care of the package's licensing?
<arianvp2> ahh
<arianvp2> it still doesn't work..
<arianvp2> now I get
<arianvp2> Feb 16 11:08:19 arianvp.me mattermost2-pre-start[30932]: psql: fe_sendauth: no password supplied
<arianvp2> so even more seems to be broken
<arianvp2> as you can't just connect to psql without a password it seems
<arianvp2> eventhough the script assumes that
<arianvp2> ahh
<arianvp2> if you connect through TCP a password is required
<arianvp2> so that wont work :)
<jarlg> Anyone using CUDA? I'm confused as to how to specify $CUDA_ROOT to Theano..
<arianvp2> okay
<arianvp2> PrivateTmp=true was the problem :)
johann__ has quit [(Quit: Leaving.)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<NickHu> I have a pr to add a new nixpkg; it's been tagged with 8.has: package (new) and I don't think there's anything left to be done except the merge
<NickHu> Do I just wait until that happens, or should I ping the pr or something?
yenzenz has joined #nixos
jensens has quit [(Read error: Connection reset by peer)]
fhoffmeyer3 has joined #nixos
fhoffmeyer2 has quit [(Read error: Connection reset by peer)]
eacameron has joined #nixos
Shoue has quit [(Ping timeout: 258 seconds)]
eacameron has quit [(Read error: Connection reset by peer)]
eacameron has joined #nixos
nwspk has quit [(Remote host closed the connection)]
nwspk has joined #nixos
eacameron has quit [(Ping timeout: 260 seconds)]
<gchristensen> NickHu: link?
<NixOS_GitHub> [nix] edolstra pushed 3 new commits to master: https://git.io/vDyCI
<NixOS_GitHub> nix/master e6e74f9 Renzo Carbonara: Add netrc-file support
<NixOS_GitHub> nix/master e2257d4 Renzo Carbonara: Documentation.
<NixOS_GitHub> nix/master d1139ff Eelco Dolstra: Merge pull request #1215 from k0001/netrc-1...
proteus-guy has quit [(Remote host closed the connection)]
Shoue has joined #nixos
<gchristensen> ahh yeah this one :/ complicated
<NickHu> What's the problem?
ebzzry has joined #nixos
ixxie has joined #nixos
<gchristensen> linking libraries in to your $out is a bit unconventional
kthnnlg has quit [(Remote host closed the connection)]
<mbrgm> let's say I split up config options for a module into several files (as some of them are part of a submodule list). is there a recommended way to specify assertions in the same file as the submodule options?
pi3r has quit [(Ping timeout: 268 seconds)]
<mbrgm> or does someone have an example (module) for that case?
mudri has joined #nixos
<gchristensen> mbrgm: can you just put the asserts at the top of your configuration.nix, or in any one of your configs?
<mbrgm> gchristensen: I can. would you recommend it? it seems kinda counter-intuitive to me, as 1) it's in a different place than where the related options are and 2) I'd have to map over several manifolds, as there's a submodule-in-submodule involved
<gchristensen> I don't know :)
<mbrgm> gchristensen: ah, I see the submodule can have its own config!
<gchristensen> indeed! ):
<gchristensen> :)
freusque has joined #nixos
Itkovian has joined #nixos
hamishmack has quit [(Read error: Connection reset by peer)]
hamishmack has joined #nixos
mizu_no_oto has joined #nixos
<NixOS_GitHub> [nixpkgs] abbradar pushed 1 new commit to master: https://git.io/vDyR4
<NixOS_GitHub> nixpkgs/master 434affb Nikolay Amiantov: openbox: fix openbox-xdg-autostart...
Kingsquee has quit [(Quit: https://i.imgur.com/qicT3GK.gif)]
<gchristensen> 11 days ...! *excited*
<gchristensen> globin: 2017-02-27 right?
Ralith_ has joined #nixos
Ralith__ has quit [(Ping timeout: 258 seconds)]
johann__ has joined #nixos
<NixOS_GitHub> [nixpkgs] romildo opened pull request #22863: pygments: 2.1.3 -> 2.2.0 (master...upd.pygments) https://git.io/vDyRp
ebzzry has quit [(Ping timeout: 240 seconds)]
<ixxie> gchristensen: 11 days until?
<gchristensen> branch-off for 17.03
<ixxie> hurrah :)
* sziszi says: HUZZAH!
<gchristensen> davidak: is there a changelog?
<gchristensen> what is motivating the update?
<gchristensen> oh nice
<gchristensen> and it is definitely fixed? I'm surprised that issue is still open
<davidak> they are waiting for me to test. i don't want to update the whole server to test
mudri has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #22839: boost: 1.63.0 (not default) (master...master) https://git.io/vDMnC
<davidak> other people have confirmed that it is fixed with later versions
mudri has joined #nixos
<gchristensen> hmm I'd prefer if you used packageoverrides to use this package from unstable to test
pi3r has joined #nixos
<davidak> gchristensen: do you have an example how to use it?
<gchristensen> something like this, davidak https://gist.github.com/grahamc/e0d52271ece2f9887d07c6324bd3a6fd
<NixOS_GitHub> [nixpkgs] abbradar opened pull request #22864: Redo DBus configuration (staging...dbus-etc) https://git.io/vDyEO
<davidak> thx
<ocharles> haskell people, any idea why the above doesn't work to get me xmonad 0.13? When I nixos-rebuild, it does try and build 0.13, but it tries to apply the old 0.12 patch
<ocharles> Even though I have patches = [] in my overrides
<NixOS_GitHub> [nixpkgs] romildo opened pull request #22865: lxappearance: 0.6.2 -> 0.6.3 (master...upd.lxappearance) https://git.io/vDyEc
<ocharles> (I do need a patch, but I'm trying to figure out why the 0.12 patch is being applied)
derjohn_mob has quit [(Ping timeout: 260 seconds)]
mudri has quit [(Ping timeout: 240 seconds)]
* gchristensen recompiles boost...
<gchristensen> go on without me
<davidak> gchristensen: i can confirm the issue is fixed in latest version
<gchristensen> gerat
<gchristensen> thank you
edvorg has joined #nixos
<7GHAAAW85> [nixpkgs] grahamc pushed 2 new commits to release-16.09: https://git.io/vDyue
<7GHAAAW85> nixpkgs/release-16.09 a597e30 rnhmjoj: caddy: 0.9.2 -> 0.9.5
<7GHAAAW85> nixpkgs/release-16.09 c1f2331 Graham Christensen: Merge pull request #22544 from rnhmjoj/caddy-backport...
<17SAAAVXP> [nixpkgs] grahamc closed pull request #22544: caddy: 0.9.2 -> 0.9.5 (backport) (release-16.09...caddy-backport) https://git.io/vDRtx
<copumpkin> gchristensen: my fix seems to work, thanks to a certain test rig someone gave me!
<copumpkin> will push soon :)
<gchristensen> :D
<gchristensen> woot!
davidak has quit [(Quit: Leaving.)]
CcxWrk has joined #nixos
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vDyuq
<NixOS_GitHub> nixpkgs/master 073ca2b Graham Christensen: aspcu: 1.9.0 -> 1.9.1
freusque has quit [(Ping timeout: 258 seconds)]
<gchristensen> oh wtf
<gchristensen> because of mfi we have a 4 year old MongoDB: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/mfi.nix
davidak has joined #nixos
panostimos has quit [(Ping timeout: 258 seconds)]
<mbrgm> does nix have something like the '$' infix operator in haskell?
<gchristensen> what is it supposed to do?
<gchristensen> copumpkin: you know what would be neat?
<gchristensen> an `insecure` flag that we could add, like `broken` but without a global toggle, but a per-package whitelist
<maurer> gchristensen: It's function application with reverse fixity, to avoid needing to parenthesize an argument
<maurer> e.g. if you have f x y (g q)
<maurer> you can write
<maurer> f x y $ g q
<gchristensen> oh, no, we don't have that
<maurer> mbrgm: I'm not aware of one, but that doesn't mean it doesn't exist
<gchristensen> I'm sure I would have seen it :D
<mbrgm> too bad ;)
<copumpkin> gchristensen: why insecure?
<NixOS_GitHub> [nixpkgs] abbradar pushed 1 new commit to master: https://git.io/vDyz4
<NixOS_GitHub> nixpkgs/master 5125ecb Nikolay Amiantov: blueman: add librsvg
<gchristensen> because for example, mongodb248 should just go away, but mfi depends on it. kde4 should go away entirely, but a lot of people depend on it. being able to have a period of "this is insecure and leaving, but for now you can still have it" would be nice
<sziszi> I'd put an allowInsecure option in the configuration
<maurer> Are these packages insecure, or just legacy?
<gchristensen> I really don't like that because it lets you "set it and forget it" and then not know
<sziszi> both
<copumpkin> gchristensen: ah, it would be nice to mark things with some sort of status, yeah
<maurer> insecure may not be the best word for legacy stuff, since it weakens the word to users
<maurer> e.g. if I needed an old version of a library that did a major API rev for a package, and as a user I had to flip "allowInsecure" on for it, I'd be less hesitant to flip it on for other packages
<gchristensen> legacy isn't a problem
derjohn_mob has joined #nixos
<maurer> Is KDE not just legacy at this point?
<gchristensen> KDE hasn't received security patches in 2 years
<gchristensen> and by security I mean _any_
<copumpkin> wait, KDE is abandoned?
<gchristensen> KDE4 is
<maurer> copumpkin: no, it's KDE5 now
<copumpkin> oh
<NixOS_GitHub> [nixpkgs] romildo opened pull request #22866: qbittorrent: 3.3.7 -> 3.3.10 (master...upd.qbittorrent) https://git.io/vDyzD
<gchristensen> I agree with ttuegal's assessment that it is embarrassing that we ship kde4
<maurer> In fairness to developers, it has literally been less than a year since the first LTS KDE release
<copumpkin> is there already an issue/discussion about killing it?
<gchristensen> yeah
<copumpkin> niksnut: I think I've successfully switched the amazon-init to a systemd service!
<gchristensen> you can't use kde4/kdm as your DM/DE in unstable-17.03 already
<maurer> So if you are an application developer, switching off kde5 may legitimately be a thing you haven't gotten the time to do yet
<copumpkin> oh okay, so it'll be gone by 17.03
<maurer> err, *to kde5
<gchristensen> copumpkin: well the services are, but not the packages: https://github.com/NixOS/nixpkgs/issues/15866
<maurer> copumpkin: No, it'll be gone as a dm
<maurer> kde4 mixed dm+libs together
Rizy has joined #nixos
<maurer> (this is one of teh changes in kde5, they split this up a bit)
<copumpkin> is it amusing or sad that I've been using NixOS for a couple of years now and have still never configured anything graphical on it?
<maurer> vov, people use it for different stuff
<maurer> I know a lot of mac users whose whole interface to the linux world is a pimped iterm connected to their linux server
<copumpkin> that's basically me
<copumpkin> I have a NixOS VM always running in the background and otherwise a bunch of NixOS EC2 instances
<ikwildrpepper> copumpkin: ah, you don't run nixos on your laptop?
<ikwildrpepper> :o
<maurer> But yeah, I'd expect it to take probably a minimum of 6 months before 80% of kde4 requiring applications are able to be upgraded to kde5.
<maurer> simply due to needing upstream to move too
<copumpkin> hell no, I still have bad dreams from last time I tried running linux on a laptop
<copumpkin> it never wakes up!
<ikwildrpepper> :D
<gchristensen> copumpkin: nixos is better :|
<ikwildrpepper> copumpkin: oh yeah, I never use sleep/suspend/etc
<copumpkin> :P
<gchristensen> seriously, I swore off linux on the laptop forever until I tried nixos.
<ikwildrpepper> nowadays everything boots so quick, that I just shut it off :D
<gchristensen> maurer: can you provide your feedback on that ticket?
<copumpkin> gchristensen: and you sleep/suspend regularly? on a MacBook Pro?
<gchristensen> yep, 11,3
<copumpkin> maybe I'll give it a go someday, but I still like lots of my mac-isms, and I do still enjoy doing the darwin+nix hacking when I get time for it
<gchristensen> fair enough
<gchristensen> it is nice having you on darwin, fixing all the problems
<ikwildrpepper> copumpkin: yeah, better stay on OSX, we might get awesome nix support on OSX then one day ;)
<copumpkin> hah
<gchristensen> :D
<copumpkin> ikwildrpepper: had a chance to try out SSM yet?
<ikwildrpepper> !m copumpkin
<[0__0]> You're doing good work, copumpkin!
<LnL> gchristensen: same, but I'm already halfway to nixos now ;)
<gchristensen> hehe
<copumpkin> also, did you see the volume resize?
<copumpkin> LnL: nooooo not you too
<ikwildrpepper> copumpkin: no not yet (ssm). yeah, volume resize is awesome
<copumpkin> ikwildrpepper: I'm now trying to work up the courage to get involved with the linux kernel community to ask them to give me a uevent for volume resizes
<copumpkin> or possibly submit a patch
<copumpkin> ikwildrpepper: since we don't get a udev event for it, so we can't respond
<gchristensen> I'm imagining a nixpkgs config of `allowInsecure = [ pkg1 pkg2 pkg3 ];` which somehow "fixes" a pkg's meta.insecure = true
<ikwildrpepper> copumpkin: yeah, I am just already happy that the ebs volume itself is now easy to grow :D
<copumpkin> yeah, it's quite nice
<ikwildrpepper> that saves already so much hassle with snapshots etc
<copumpkin> unfortunately they gave it a "refractory period" for some reason
<copumpkin> so you can't resize more than once every 6 hours
<maurer> copumpkin: Yeah, the main thing that prevents me from ever seriously using another OS for work at this point is the lack of tiling window manager
<LnL> copumpkin: I'm talking about the module system ai wrote for darwin
<maurer> I didn't realize how badly I needed one until I had one
<ikwildrpepper> copumpkin: yeah, it's not too bad for us, we never had to do a resize twice in such a perios ;)
<ikwildrpepper> period
<copumpkin> ikwildrpepper: hah, I was just tinkering with the udev events and trying to see if there were notifications that appeared anywhere
<copumpkin> the only thing is a very unassuming line showing up in dmesg
<copumpkin> the thing about NixOS VM tests is that they could easily be nondeterministic
<copumpkin> but I can't run them more than once without calling nix-store --delete
<gchristensen> rerun with --check
<copumpkin> last I tried --check didn't work with a daemon
<gchristensen> ah
<copumpkin> is that fixed?
<gchristensen> hrm no it should
* copumpkin tries it after this current test run finishes
<copumpkin> oh lovely
<copumpkin> it des!
<copumpkin> hmm, or maybe not
<copumpkin> error: some outputs of ‘/nix/store/gimbxrp735xdb5v5grjg54zqrw5ihdx9-vm-test-run-ec2-config-userdata.drv’ are not valid, so checking is not possible
adev has joined #nixos
ebzzry has joined #nixos
<copumpkin> oh never mind, wrong execution
<copumpkin> the problem with --check for VM tests is that it'll always output a failure because the test reports produced will contain different timings :)
<copumpkin> next someone needs to make VM tests deterministic ;)
<NixOS_GitHub> [nixpkgs] zimbatm closed pull request #22865: lxappearance: 0.6.2 -> 0.6.3 (master...upd.lxappearance) https://git.io/vDyEc
ixxie has quit [(Ping timeout: 245 seconds)]
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<gchristensen> yeah :(
<copumpkin> gchristensen: I'm now abusing your machine by running the VM test 100 times in a loop
<gchristensen> LOL
<gchristensen> I mean
<gchristensen> you're not abusing that machine until you're running at least 48 of them at once
<copumpkin> dammit
<copumpkin> I should've used gnu parallel
<gchristensen> you really, really should have
<copumpkin> also, you know what I hate? that message that "we're dumping >256MB path"
<gchristensen> and you're like, "I have 1,000x that in ram"?
<copumpkin> lol not just that
<copumpkin> just in general :)
<gchristensen> :)
IITaudio has joined #nixos
<maurer> gchristensen: there, I wrote a bunch of stuff and now sound like a snide stability maintainery person on the internet
<gchristensen> perfect
<gchristensen> whoa you wrote a lot
ebzzry has quit [(Quit: Lost terminal)]
<copumpkin> :O
<IITaudio> Hi, anybody on 16.09 can compile android apps? android-sdk continue trying to download to /nix/store/..android/../libexec and I can't find a way to change its path
ebzzry has joined #nixos
<gchristensen> copumpkin: what do you think about my insecure idea? (`allowInsecure = [ pkg1 pkg2 pkg3 ];`)
<copumpkin> that seems nice, but not sure how to do it unless you make pkg1 into strings
<copumpkin> or some other voodoo
<gchristensen> yeah I'm thinking voodoo >.>
<maurer> gchristensen: is there an issue for that too? I'll keep it short but just want to register my complaint about the word insecure for packages we don't have known vulns against
<copumpkin> a meta.insecure seems good regardless
<copumpkin> even if you can't opt out for now except broadly
<gchristensen> maurer: I don't know where you got the idea we'd use it for packages without known vulns.
<maurer> (using insecure for packages there are released vulns against on the other hand sounds great)
<copumpkin> gchristensen: my only fear with meta.insecure is that we need to drive home that it isn't authoritative
<maurer> gchristensen: Oh, I thought you were just going to plop it on all unmaintained packages
<maurer> My bad
<gchristensen> no
<copumpkin> i.e., just because something doesn't have insecure on it doesn't mean it's secure
<gchristensen> copumpkin: definitely
<copumpkin> it just means that we don't know that it's insecure, or that we do and nobody's gotten around to updating the meta field
<copumpkin> :P
<maurer> You know what would be really cool? There was a security maintainer nixos site at some point
<maurer> I forget what it was
<copumpkin> also, insecurity feels like it exists outside of time
<gchristensen> maurer: monitor.nixos.org?
<copumpkin> as in, it shouldn't live in the commit
* maurer looks
<copumpkin> because known insecurity applies retroactively to code
<maurer> I get conn-refused
<gchristensen> copumpkin: ugh I know, this is why I use git notes for security notes
<copumpkin> gchristensen: I'm thinking...
<copumpkin> gchristensen: this might get weirder
<copumpkin> but a parallel channel that gets overlaid over nixpkgs
<copumpkin> and updated at different frequencies, possibly by machine
<maurer> In any case, my point here was that what that site did could be used to autogenerate periodic PRs marking things as insecure when they go out of date due to a known sec bug
<gchristensen> copumpkin: `git pull origin refs/notes/security:refs/notes/security; git log --notes=security`
<maurer> It'd not be perfect, but it'd be better thanw hat we have now
<maurer> *than
ndowens08 has joined #nixos
<maurer> I like copumpkin's idea - if we made sure you could easily override the meta attribute to secure
<maurer> you could have a security function that you apply to nixpkgs
<maurer> which would produce a nixpkgs with all the insecure flags set
<gchristensen> this sounds hard, though, and I'd rather not cause breakage on pinned nixpkgs versions
<copumpkin> yeah, my main point is that it can update independently of the main nixpkgs, so even if you stay on 14.12 for years, you'll still know it's insecure
<gchristensen> it throws wrenches in to reproducible research projects
<copumpkin> but yeah, it does seem tricky
<copumpkin> it doesn't have to
<maurer> gchristensen: That's the nice part about doing it as a function
<copumpkin> the ooverlay channel is jsut informational
<maurer> gchristensen: the research project can just pin to nixpkgs
<maurer> not security {inherit nixpkgs;}
<copumpkin> anyway, just ruminating :)
<copumpkin> gotta do something while my 100 iterations of the VM test run, right?
<gchristensen> anyway, so, the bad way I'm planning to do this is with using overridePackages in the fn that evaluates the allowInsecure list to remove the `insecure` flag from the meta
<maurer> gchristensen: Maybe just add two bools?
<maurer> one for insecure, and the other for approved?
<maurer> and then when asserting, check both?
<maurer> That way you can e.g. print an informational warning message when installing
<maurer> "foo-1.3 is insecure, but has been manually approved, building anyways"
<gchristensen> also, perhaps a better thing than an insecure flag is `meta.knownVulnerabilities = [ "<info-about-issue>" "<info-about-issue>" ];
<copumpkin> config.shutUpAboutInsecurePackagesKthxBai = true;
<maurer> gchristensen: Yeah, that'd be nice
<gchristensen> copumpkin: yeah, but I specifically think a global switch isn't so good
<copumpkin> oh this is about the warnings that maurer was proposing
<gchristensen> ah
<maurer> Yeah, for muting warnings if you've approved stuff
<copumpkin> the errors wouldn't have a global override
<mbrgm> gchristensen: tracking vulns with the package sounds like a great idea to me
Rotaerk has quit [(Read error: Connection reset by peer)]
<copumpkin> but warnings could STFU with my flag
<maurer> iono, I'd appreciate the warnings, don't know if others would
<copumpkin> but I demand you call it what I called it
<maurer> haha
<copumpkin> ©opumpkin
<gchristensen> mbrgm: I mean, only for things we're keeping around for some reason. otherwise the tracking of issues needs to be outside of the git repository in a way that we can time-travel.
Rotaerk has joined #nixos
<maurer> gchristensen: I mean, there's always the answer of just doing it like normal releases
<maurer> where we just backport all security metadata to any channels
<maurer> it's not as idyllic, but it'll get the job done
[0__0] has quit [(Remote host closed the connection)]
<gchristensen> I encourage you to look at the security notes channel, where I've semi-solved this
<gchristensen> err... security notes git ref
<gchristensen> via: `git pull origin refs/notes/security:refs/notes/security; git log --notes=security`
[0__0] has joined #nixos
<LnL> gchristensen: is there something we should do for that when we create security fixes?
<NixOS_GitHub> [nixpkgs] joachifm pushed 2 new commits to master: https://git.io/vDywE
<NixOS_GitHub> nixpkgs/master 2d64361 Joachim Fasting: mozart: refactoring...
<NixOS_GitHub> nixpkgs/master bc2f53f Joachim Fasting: grsecurity: 4.9.8-201702071801 -> 4.9.10-201702152052
<maurer> Is this only on the nix-channel repo or something?
<maurer> nixpkgs is giving me no ref on the remote
<gchristensen> LnL: I do it once a week, but I could try and write some instructions
<maurer> Nevermind, I am a dummy
<LnL> gchristensen: how do you gather the info for that?
<gchristensen> LnL: I've gotta do an urgent thing for work, let's talk in a bit
<LnL> sure
<maurer> Oh god, I just realized, this could be the holy grail if done right
<maurer> gchristensen: When you get back ping me, there's something useful we could do with this for security researchers
<LnL> yeah I didn't even know about git notes until gchristensen showed this to me
phI||Ip has joined #nixos
<maurer> I'm more thinking about the fact that nixpkgs has usually reproducible builds
<maurer> and someone is already noting down security metadata
<maurer> You could potentially create a repository that could reproducibly allow you to build and exercise buggy code
<maurer> with the ability to build with your instrumentation etc
<maurer> One of the problems researchers in software security always face is that when it comes time to evaluate their tool, it takes a lot of legwork to get a running, verified buggy copy of software
<maurer> This might be a nice way to catalog them and even allow for easy build hooking
<gchristensen> if you'd like to do that, that could be very cool
<copumpkin> maurer: I vaguely remember seeing you involved with BAP
<maurer> copumpkin: Yes (sadly)
<copumpkin> why sadly?
<copumpkin> it looked cute last I looked (which was a while ago)
<maurer> copumpkin: I am not a big fan of the new project architecture, and have become increasingly vexed with ocaml toolchain
<copumpkin> ah yes
<gchristensen> LnL: do you have a few minutes to put in patches for openssl in to stable / unstable? the issue was made public a couple hours ago.
<copumpkin> I wanted to do something similar in Haskell ages ago, but my other interests won over it
<maurer> Did you look at around 0.8, or when it was in several repos, or after it was released on opam?
<copumpkin> maurer: can't even remember, just read docs, didn't actually run it
<maurer> If you're still interested, I'm more than happy to answer questions. rev.ng also came out recently, and is a little less NIH about things
<maurer> (I even have a BAP nixexpr)
<copumpkin> oh interesting
<copumpkin> rev.ng looks more dynamic
<maurer> (The creation of which is why I accidentally ended up maintaining a bunch of ocaml)
<maurer> rev.ng is a static rewriting utility
<maurer> it uses qemu TCG to lift the code to a semantic IR
<copumpkin> oh interesting
<maurer> then manipulates it
<maurer> and uses LLVM to produces output code
<maurer> The only other systems with similar capabilities I'm aware of are mcsema and bap
<maurer> bap is more focused on analysis
<copumpkin> seems hard (err, impossible in general) to statically rewrite a binary though
<maurer> It is
<gchristensen> or maurer, can you do it? ^ what I sent to LnL
<maurer> I haven't looked into rev.ng's implementation enough to know what tricks they're using, but they openly admit to assuming things like "functions are intended to be used as functions"
<copumpkin> ah
<phI||Ip> Who pays for NixOS? Is the foundation the preferred way to support the project? It's not clear who is in charge and how to assist the project.
<jarlg> Anyone using CUDA? cudatoolkit installs fine, but then cuda-install-samples fails miserably..
<NixOS_GitHub> [nixpkgs] abbradar pushed 2 new commits to master: https://git.io/vDyok
<NixOS_GitHub> nixpkgs/master 109ee2a Nikolay Amiantov: kbd service: use systemd-vconsole-setup even with early setup...
<NixOS_GitHub> nixpkgs/master 0c81594 Nikolay Amiantov: kbd service: use /dev/tty1 for systemd-vconsole-setup...
<copumpkin> phI||Ip: it's mostly just open source work, but there's some support from LogicBlox for some of the infrastructure, via the foundation, and private donations to the foundation
<gchristensen> copumpkin: there are other companies supporting it, see the website
<copumpkin> yeah sorry
<phI||Ip> So the foundation is the preferred way to donate? I am using it more and more for personal/corporate reasons and I want to make sure I am doing my part to keep it going.
<copumpkin> yay
<copumpkin> I think so, yeah. Keep in mind it's not tax-deductible if you're in the US
<copumpkin> since it's not a registered US non-profit
<gchristensen> phI||Ip: yep that is the preferred way indeed :)
ebzzry has quit [(Ping timeout: 268 seconds)]
<phI||Ip> copumpkin got it thanks
<phI||Ip> gchristensen thanks!
<gchristensen> no no, thank _you_ phI||Ip!
DutchWolfie has quit [(Remote host closed the connection)]
<maurer> gchristensen: Do you want more than PRs with the patch applied and CVE in the commit message?
<gchristensen> nope, that'll be perfect
<niksnut> jarlg: I don't use CUDA directly, but I use packages that build against it (e.g. Blender)
<maurer> gchristensen: OK, building locally now to test
Itkovian has quit [(Quit: Textual IRC Client signing off)]
Itkovian has joined #nixos
danielrf has quit [(Read error: Connection reset by peer)]
danielrf has joined #nixos
reinzelmann has quit [(Ping timeout: 240 seconds)]
cpennington has joined #nixos
kanzure has quit [(Ping timeout: 240 seconds)]
olejorgenb has quit [(Ping timeout: 240 seconds)]
page has quit [(Ping timeout: 240 seconds)]
panostimos has joined #nixos
kanzure has joined #nixos
olejorgenb has joined #nixos
<maurer> gchristensen: It appears I am too slow for stable
<gchristensen> oh?
page has joined #nixos
<maurer> stable already has 1.1.0e
<gchristensen> what
<gchristensen> who did it? :P
<maurer> oh nvm
<maurer> I typod a git command
proteus-guy has joined #nixos
johnsonav has joined #nixos
cpennington has quit [(Ping timeout: 258 seconds)]
DutchWolfie has joined #nixos
reinzelmann has joined #nixos
<NixOS_GitHub> [nixpkgs] bjornfor pushed 3 new commits to release-16.09: https://git.io/vDyKj
<NixOS_GitHub> nixpkgs/release-16.09 e355b97 Profpatsch: geteltorito: init at 0.6 (#18614)...
<NixOS_GitHub> nixpkgs/release-16.09 5e303aa Profpatsch: geteltorito: switch to upstream dist (#19226)...
<NixOS_GitHub> nixpkgs/release-16.09 3c227aa Bjørn Forsman: genimage: init at 9...
<NixOS_GitHub> [nixpkgs] maurer opened pull request #22867: openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733 (master...openssl-cve-2017-3733) https://git.io/vDy6I
<ndowens08> Well gonna try and see if I can make a darkhttpd module :) first time trying lol
<gchristensen> thank you maurer
<gchristensen> maurer: I'll backport
<NixOS_GitHub> [nixpkgs] grahamc pushed 2 new commits to master: https://git.io/vDy6s
<NixOS_GitHub> nixpkgs/master 0d2ba7e Matthew Maurer: openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733
<NixOS_GitHub> nixpkgs/master cfbddd3 Graham Christensen: Merge pull request #22867 from maurer/openssl-cve-2017-3733...
<ndowens08> mostly going by tomcat's module
<maurer> OK, all three PRs up
<maurer> err, four
<gchristensen> wat?
<jarlg> niksnut: Are there any tricks to getting it working? Or you simply have cudatoolkit as a dependency, and it works?
<maurer> (there's one to master, one to unstable, one to 16.09, and one to 16.09-small)
<gchristensen> err
<maurer> was that not what I was supposed to do?
<gchristensen> where did you send these PRs?
<maurer> to the nix-channels repo
<gchristensen> ahh, we don't do PRs there
<gchristensen> I'll explain in a bit, still doing a thing
<maurer> OK, I'll close them
<niksnut> jarlg: pretty much, e.g. blender has: buildInputs = ... optional cudaSupport cudatoolkit;
<maurer> Had I known I didn't need to build/test/PR for the three other branches, you would have gotten the patch much faster
<maurer> :P
<maurer> most of that time was me reapplying and rebuilding my patch
<gchristensen> so maurer, it does need to be reapplied to the release-16.09 branch in nixpkgs. master in nixpkgs goes to unstable in nixpkgs-channels. release-16.09 in nixpkgs goes to nixos-16.09 and nixos-16.09-small in nixpkgs-channels
<maurer> Ah, OK
<maurer> Should I send to release-16.09, or are you handling that?
<gchristensen> I'll handle this one, thank you :)
<maurer> k
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to release-16.09: https://git.io/vDy6h
<NixOS_GitHub> nixpkgs/release-16.09 9f7ec81 Matthew Maurer: openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733...
cpennington has joined #nixos
peterhoeg has quit [(Remote host closed the connection)]
<copumpkin> dammit, I wish I'd done `echo $i` in this loop of 100 tests :)
<copumpkin> I don't know how many more are left
<gchristensen> I know that feeling
<copumpkin> anyway, the test is probably fine
<copumpkin> it just feels sad to cancel it
<gchristensen> restart with parallel for a good time
<gchristensen> also pop open htop
xadi has quit [(Quit: Leaving.)]
xadi has joined #nixos
<copumpkin> parallel is harder because of needing to clear out the intermediate store paths to convince nix not to avoid work
<gchristensen> aww ok
<gchristensen> oh right, it won't do it in parallel because of the locks :|
<copumpkin> also I made some progress on my fast image build stuff yesterday
<copumpkin> I think it'll be super cute and maintainable too
<gchristensen> "and maintainable too" :)
<copumpkin> factored out most of the filesystem building stuff from nixos-install
<copumpkin> so we can use it from different places
<copumpkin> and share code
<copumpkin> and I think it makes a bit more sense than the old process, too
<copumpkin> the previous thing was doing stuff to the store of the VM building the image, for example
<copumpkin> and then setting up a fake substituter to "install" from
<copumpkin> this is much more direct and just populates the store the first time around
<gchristensen> neat
<copumpkin> I wanna try to get it into 17.03
<copumpkin> will update the PR by this weekend I think
eacameron has joined #nixos
<copumpkin> it'll be a thing of great beauty and everyone will swoon over it
* copumpkin rolls eyes
<copumpkin> oh my god my 100 iterations finished!
<gchristensen> nice
<maurer> Ugh, I'm getting more and more peeved with this "linux applications only know about one DPI" thing the more I use my new setup
<maurer> Maybe I should just intentionally user a lower resolution to avoid it
shlevy has quit [(Ping timeout: 264 seconds)]
shlevy has joined #nixos
<NixOS_GitHub> [nixpkgs] abbradar pushed 1 new commit to master: https://git.io/vDyXz
<NixOS_GitHub> nixpkgs/master a72dc9f Nikolay Amiantov: compton: 0.1_beta2 -> 0.1_beta2.5
<NixOS_GitHub> [nix] edolstra pushed 5 new commits to master: https://git.io/vDyX7
<NixOS_GitHub> nix/master 40f0e3b Eelco Dolstra: Include "curl" in the User-Agent header...
<NixOS_GitHub> nix/master b63f791 Eelco Dolstra: <nix/fetchurl.nix>: Remove unnecessary assertion
<NixOS_GitHub> nix/master bd5388e Eelco Dolstra: Tweak netrc docs
<LnL> gchristensen: didn't notice your message, busy at work
Rotaerk has quit [(Quit: Leaving)]
<gchristensen> no worries :) maurer got it (thank you, maurer!)
freusque has joined #nixos
estewei has joined #nixos
<copumpkin> niksnut: https://github.com/NixOS/nixpkgs/pull/22869 :) :) :)
<NixOS_GitHub> [nixpkgs] copumpkin opened pull request #22869: amazon-init NixOS module: fix (I think) race condition with network (master...amazon-init-fix) https://git.io/vDy1D
<ikwildrpepper> three smileys? :o
<gchristensen> brown-noser :)
<ndowens08> gchristensen: is there soemthing special i have to do to try my module i created; i created a seperate configuration and exported it as the default file to use; added the location of module in that module_list file, added the call for my options in configuration file and says option 'services.darkhttpd' does not exist?
<copumpkin> :) :) :) :)
danharaj has joined #nixos
<ndowens08> which I am sure is true, since it isn't in the repo, hmm
<niksnut> copumpkin: cool!
<copumpkin> niksnut: you wrote that error message :)
<niksnut> eh
<copumpkin> which is a good thing to test
<copumpkin> you added it when you added the volume resize on startup
<copumpkin> I think it's just racing with sshd.service now
<copumpkin> and you're able to SSH into the box before the volume has been resized, and fail the test
georges-duperon has quit [(Ping timeout: 252 seconds)]
<niksnut> ah
<copumpkin> niksnut: was also thinking of introducing an artificial network startup delay with some systemd-fu to actually test the race
<copumpkin> but maybe not in this commit
<niksnut> okay, that suggests the resize sometimes fails
<niksnut> anuthing else in the log?
<copumpkin> rebuilding again now, but nothing obvious jumped out at me
<copumpkin> it didn't look like it had a chance to nixos-rebuild in the log
<copumpkin> so I think it's just that race
<niksnut> anyway, that's a separate issue
Shoue has quit [(Ping timeout: 240 seconds)]
<copumpkin> yeah
<copumpkin> I added a before = sshd.service, which I think will fix that too
<copumpkin> I'll push in a few
<copumpkin> also, the more I look at the EC2 test, the more I wonder why I made it build a full image each time
<copumpkin> annoys the hell out of me now :)
johann__ has quit [(Ping timeout: 268 seconds)]
<copumpkin> I'll probably revamp it to not build an image sometime soon
Mercuria1Alchemi has quit [(Ping timeout: 258 seconds)]
<ndowens08> gchristensen: was that link for me or the others? the ec2 one
<copumpkin> and just work like the other VM tests, only differing from them in supporting the metadata service
johann__ has joined #nixos
<copumpkin> ndowens08: 'twas for me
<copumpkin> or for niksnut
<ndowens08> copumpkin: ah, was wondering :)
<ndowens08> Is there a way to test a module i built locally on a build-vm?
<copumpkin> yeah!
<ndowens08> i found one listing on the wiki, saying to point to this config file, and use this repo and nixos-rebuild -I module build-vm or so
alx741 has joined #nixos
<copumpkin> nixos-rebuild -I nixpkgs=$PATH_TO_NIXPKGS_CLONE -I nixos=$PATH_TO_NIXPKGS_CLONE/nixos -I nixos-config=/some/config/file.nix build-vm
<copumpkin> or something like that
<ndowens08> that didnt work, just gave the services.darkhttpd doesnt exist
<ndowens08> not to your latest reply copumpkin , finished my last msg :)
<copumpkin> :)
<copumpkin> niksnut: can you clarify what RemainAfterExit would do? I'm not a systemd guru :)
<copumpkin> or I can shut up and just add it. I don't think it defaults to true
danharaj has quit [(Ping timeout: 240 seconds)]
erasmas has joined #nixos
<goibhniu> hrm, I have an imperative 16.03 nixos-container and I'd like to connect to a VPN from it using openconnect, but it fails to create tun0 ... `tunctl` gives me "Failed to open '/dev/net/tun' : Operation not permitted" ... I've tried to configure a virtual interface: http://sprunge.us/FXFJ ... any idea what I'm doing wrong?
<ndowens08> ok i am getting darkhttpd attribute is missing and that line looks like: cfg = config.services.darkhttpd;
<gchristensen> goibhniu: /dev/net/tun was broken in 16.03 and fixed in 16.09
<gchristensen> for nixos containers
<goibhniu> oh dear, thanks!
fhoffmeyer has quit [(Ping timeout: 240 seconds)]
* goibhniu gives 16.09 a shot
<gchristensen> goibhniu: also 17.03 is about to be released :) did you not know about 16.09?
<goibhniu> IIRC I had some other problem with containers, but I didn't make time to investigate further
fhoffmeyer has joined #nixos
ixxie has joined #nixos
<joko> Hello, is anyone using LUKS and decrypting partitions during boot via SSH?
fhoffmeyer3 has quit [(Ping timeout: 240 seconds)]
* goibhniu sees from the logs that it was an openvpn issue the last time ... hope this works!
<copumpkin> joko: I remember a wiki page about that a while back... haven't done it myself though
<joko> copumpkin: supposedly there is support (https://github.com/NixOS/nixpkgs/pull/10460) but someone having tried it before would make me more confident to try it, too
* goibhniu fears it's only possible to enable tun with declaratively defined containers now: https://github.com/NixOS/nixpkgs/pull/19523/
<joko> I've checked the diffs, but I still can't tell what happens once you log in via SSH, do you have to type something, the passphrase directly, what next etc.?
thc202 has quit [(Ping timeout: 258 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #19523: Allow access to /dev/net/tun inside containers (port to 16.09) (release-16.09...containers-dev-tun) https://git.io/vPwKf
<goibhniu> oh! :D
<goibhniu> so, it doesn't currently work for me on 16.09 either
<goibhniu> do you happen to know if it's only possible using declarative containers in 16.09 gchristensen?
edvorg has quit [(Ping timeout: 276 seconds)]
<ndowens08> why would cfg = config.services.darkhttpd; produce error atrribute darkhttpd missing?
thc202 has joined #nixos
<copumpkin> ndowens08: perhaps make a gist of your config?
<LnL> ndowens08: is it enabled?
<copumpkin> ndowens08: you need to add your module to the modules list if you haven't already
<copumpkin> (I'm assuming you're writing a new module)
<ndowens08> LnL: copumpkin it is a module i created/trying and i did add it to the module list, but gonna double check
<ndowens08> ./services/web-servers/darkhttpd/default.nix yup it is there
<LnL> ndowens08: did you add it to module-list.nix?
<copumpkin> that doesn't quite follow convention, but that's an easy fix
<copumpkin> we don't typically put modules in their own folder today
<ndowens08> ah copumpkin :)
<copumpkin> but the module-list.nix is the important bit
<copumpkin> as LnL says
<ndowens08> was following what others had theirs as :)
<gchristensen> goibhniu: I don't know, but without that PR it is broken on 16.09 ... so it'll take a bit for that fix to reach 16.09's channel :(
<ndowens08> LnL: that paste is from module-list.nix
mudri has joined #nixos
<ndowens08> still gives that error, i removed it from dir and changed it in the module list
<goibhniu> thanks for merging gchristensen! IIUC an extra capability needs to be passed to systemd-nspawn ... I don't know anything about capabilities ... I wonder if I can just do that on the fly ....
<LnL> ndowens08: how are you building it?
<ndowens08> nixos-rebuild -I nixpkgs=. -I nixos=. -I nixos-config=/etc/nixos/configuration.test build-vm
<copumpkin> nixos needs to point at the nixos dir
<ndowens08> the . is b/c i am currently in my forked copy of nixpkgs
<copumpkin> I think
<copumpkin> at least that's how I've used it
<copumpkin> not sure it's even necessary
<LnL> I don't think you need -I nixos=. but the command looks good
<ndowens08> even writing out the complete path to my nixpkgs doesnt change the error.
<ndowens08> took out the nixos= line, same error :) i wrote it while looking at lighttpd's module
<copumpkin> show us the module text?
<LnL> yeah, create a gist with the module and configuration
<ndowens08> LnL: will do copumpkin
bennofs has joined #nixos
<copumpkin> options = { enable
<copumpkin> options.services.darkhttpd = { enable =
<copumpkin> yours is creating a top-level enable option
<copumpkin> not scoped or anything
<ndowens08> woops lol
Shou has joined #nixos
bennofs has quit [(Ping timeout: 252 seconds)]
<copumpkin> ndowens08: I'd also call it something like documentRoot or document-root, which seems to be the convention from lighttpd and apache modules
<copumpkin> "convention"
digitalmentat has joined #nixos
<ndowens08> don't know if this gonna work, but thought why not try :)
pi3r has quit [(Quit: Nettalk6 - www.ntalk.de)]
<NixOS_GitHub> [nixpkgs] vrthra opened pull request #22870: dateutil: 2.5.3 -> 2.6.0 (master...dateutil) https://git.io/vDy5p
<ndowens08> lol wth, the vm gives me wrong password hah
<LnL> ndowens08: users.users.root.password = "foo";
<ndowens08> ah
reinzelmann has quit [(Quit: Leaving)]
fhoffmeyer2 has joined #nixos
fhoffmeyer has quit [(Read error: Connection reset by peer)]
<NixOS_GitHub> [nixpkgs] FlorentBecker opened pull request #22871: Default ocaml 402 (master...default_ocaml_402) https://git.io/vDyF0
<NixOS_GitHub> [nixpkgs] ttuegel opened pull request #22872: Update isync-git, with several other improvements (master...isync) https://git.io/vDyFF
<ndowens08> LnL: set that in the test config and still gives incorrect password
<joko> If I want to use only a remote machine to build nix derivations, should I set build-max-jobs to 0 in /etc/nix/nix.conf so that the localhost does nothing?
<ndowens08> even set my user acct password there too and nothing
<ndowens08> seems the rebuild isn't really rebuilding as i disabled display-manager and still it starts
<qknight_> to include external code in nix i can only use import/imports (which expects a module) and mkDerivation. how could i write a new way to import stuff?
<qknight_> the problem is that i would like to call a function which applies parameters which then create new modules (modules which are parameterized) and with simply using imports i can't pass parameters to the nix expressions if i understand it correctly
<copumpkin> qknight_: imports doesn't have to be file paths; you can pass in expressions too
<copumpkin> for a NixOS module, that is
<copumpkin> i.e., you can do imports = [ (import ./path/to/module.nix) ] and it'll behave almost the same way
<k0001> joko: that, or you can just pass `--max-jobs 0` to `nix-shell`, `nix-build`, `nixos-reubild`, etc..
<copumpkin> the only difference is around error reporting, which currently works a bit better with file paths than with expressions
<copumpkin> qknight_: having said that, the "endorsed" way to parametrize modules is to define options in them and define those options elsewhere
<copumpkin> I'm not always a huge fan of that, but so it goes :)
<qknight_> copumpkin: ah, so the combination of the two is what i seek?
<copumpkin> well, I don't know. you should be able to get away with passing the path to your module, and defining an option schema inside it
<copumpkin> that's I think the more idiomatic way
<joko> k0001: ok, thanks, apparently distributed builds are still not working on my host and it complains that it is unable to start any build due to max-jobs set to 0 >_<
<copumpkin> if you want to make a nix _function_ that returns a module, that's also possible, but less idiomatic
<clever> qknight_: you can also add to the arguments that nixos passes to EVERY module
<qknight_> copumpkin: i want a nix _function_ that retunrs a module!
johann__ has quit [(Ping timeout: 268 seconds)]
<copumpkin> yeah, so no reason that won't work
<qknight_> clever: i tried that but it didn't work. what is the syntac?
<clever> qknight_: this is how pkgs winds up in the args for modules
<ndowens08> why does nix make me look stupid lol, i use useSandbox = true; in which ya'd think it would clean the sandbox so it builds cleanly, but it seems it just remembers past configuration and doesn't use one i just updated to disable X
<ndowens08> nor does it set password
<qknight_> comex: clever thanks so much!
<copumpkin> hi comex :)
<clever> qknight_: i think nixops uses something similar, so you can refer to the ip of other boxes in the deployment
johnsonav has quit [(Ping timeout: 256 seconds)]
endformationage has joined #nixos
<NixOS_GitHub> [nixpkgs] ttuegel pushed 2 new commits to master: https://git.io/vDyxZ
<NixOS_GitHub> nixpkgs/master 463e902 Benjamin Staffin: pam: add optional pam_kwallet5 integration
<NixOS_GitHub> nixpkgs/master 7c260ad Thomas Tuegel: Merge pull request #22813 from benley/pam-kwallet...
Rizy has quit [(Quit: Rizy)]
digitalmentat has quit [(Quit: Leaving)]
<eacameron> Is anyone using nixops to deploy servers with encrypted file systems?
<clever> eacameron: the bulk of what nixops does is just nix-copy-closure, so as long as the fileSystems attrset is right and you can ssh the machine, it will keep working
<clever> eacameron: unlocking luks on bootup is a seperate issue, but it should be solveable the same as a local machine
<clever> and there is a boot.initrd.ssh that recently got added, to let you ssh in and answer luks prompts
<eacameron> clever: Thats cool! I've hardly worked with luks at all so I was curious if it was "easy" or "hard" to setup with nixops.
<copumpkin> also, if you use EC2 you can use their native "trust us" encryption
<clever> eacameron: pretty easy, let me dig up the config for my laptop
<eacameron> copumpkin: Interesting. I don't use EC2 but that's good to know anyhow. (I'm using DigitalOcean)
<copumpkin> cool, yeah, they have native (optional) encryption on all block volumes nowadays
<copumpkin> but it's completely transparent to guest machines
<copumpkin> so that's what I mean by "Trust us"
<copumpkin> they could be giving you a https://en.wikipedia.org/wiki/Placebo_button
georges-duperon has joined #nixos
<eacameron> copumpkin: Yah that's interesting. I wonder how it helps exactly since they must have the encryption keys
<NixOS_GitHub> [nixpkgs] FRidh closed pull request #22593: Update scrapy & dependencies (master...master) https://git.io/vDzlW
<7JTAAJW67> [nixpkgs] FRidh pushed 5 new commits to master: https://git.io/vDypc
<7JTAAJW67> nixpkgs/master 17e9f21 Tom Hunger: parsel: 1.0.3 -> 1.1.0
<7JTAAJW67> nixpkgs/master dde5350 Tom Hunger: w3lib: 1.14.2 -> 1.17.0
<7JTAAJW67> nixpkgs/master c10b0e7 Tom Hunger: scrapy: 1.1.2 -> 1.3.1
<copumpkin> eacameron: yeah they have a full key management system called KMS
<clever> copumpkin: yeah, if they can access your aws console or the vm, they can just read the block thru the decryptor, and it does nothing
<clever> copumpkin: i suspect that crypto only works against physical intrusions into the datacenter, assuming the attacker doesnt also steal the box of keys
<copumpkin> it works fine if your threat model doesn't include Amazon itself
<copumpkin> :)
<eacameron> copumpkin: Ah right. Well...I hope we can do better without much work.
<copumpkin> yeah, it's to guard against datacenter intrustions and it's harder for their employees to break into it
<gchristensen> you're acting like it is without use
<ndowens08> aggh!
<clever> eacameron: line 20 of configuration.nix opens the luks, line 16 opens the zfs for root, and the rest is unrelated stuff
<gchristensen> having the data on disk being encrypted is not without use
<ndowens08> :)
<eacameron> gchristensen: Oh certainly. But I'm just saying if I can set up some quick configurations in nixos then that would be much better and not much harder.
<clever> gchristensen: it also gives you peace of mind when the drives get retired
<clever> zero chance of data in the garbage being recovered
<gchristensen> yep
<eacameron> clever: Wow thanks! This uses zfs too??
<clever> eacameron: and lvm
<clever> eacameron: nixos, zfs, lvm, and luks
<joko> clever: any chance you have tested this with SSH on another host, e.g. logging in and entering the passphrase remotely?
<eacameron> clever: Wow! This is awesome. `memtest86.enable = true;` sets ZFS?
<clever> joko: havent tried the new boot.initrd.ssh stuff yet
<clever> eacameron: nope, that just puts a copy of memtest in /boot and adds it to grub.cfg
<clever> eacameron: i have an ext4 /boot partition with no crypto, and the initrd contains the zfs drivers
<eacameron> clever: Oh...line 16 of the hardware file. lol
georges-duperon has quit [(Remote host closed the connection)]
<clever> 20-23
bennofs has joined #nixos
<joko> eacameron: for ZFS you do need to have boot.supportedFilesystems = [ "zfs" ];
johnsonav has joined #nixos
<eacameron> joko: Ah ok.
<clever> joko, eacameron: nixos will use add the .fsType of every entry in fileSystems to boot.supportedFilesystems
<clever> and any filesystem with requiredForBoot also gets put in boot.initrd.supportedFilesystems
<eacameron> clever: Oh so it's "automatic"?
<nahamu> NixOS's supprot for ZFS made me so happy when I discovered it.
<clever> eacameron: yeah
<nahamu> *support
<eacameron> clever: And you think this will work with nixops....
georges-duperon has joined #nixos
<eacameron> I've never configured the file systems in a nixops machine.
<clever> eacameron: as long as its in the fileSystems attrset, it will just work
<clever> eacameron: but nixops doesnt handle the partitioning/formating
<clever> eacameron: so you need to pre-make an image with that zfs config
<clever> eacameron: the only time you need to boot.supportedFilesystems = [ "zfs" ]; is when you want to force zfs support in and not define what to mount via zfs
<clever> for example, making a usb stick that lacks zfs, but will mount zfs drives manualy
<eacameron> clever: Oh. That might work for some other backends but DigitalOcean doesn't support custom images.
<eacameron> DigitalOcean might even use your script to kexec and swap out the OS underneath.
<clever> eacameron: my kexec trick may work
fhoffmeyer2 has quit [(Ping timeout: 240 seconds)]
<clever> eacameron: in theory, you could use kexec to get nixos running from ram, then format the hdd and make a zfs based image
<clever> eacameron: and i believe DO lets you clone the machine after that, so you just have to configure nixops to use that as the base
<clever> eacameron: this code maps over all filesystems, and extracts the .fsType from each
<eacameron> clever: Hahah...we're getting into some dark magic here with nixops... ;)
<clever> eacameron: i have considered mixing my kexec trick with nixops before
<clever> eacameron: so you point nixops to the ssh on an ubuntu server in any datacenter, and nixos just takes over by force
IITaudio has quit [(Quit: Leaving)]
<clever> eacameron: that would essentialy give nixops support for every datacenter that boots a user-controled kernel
<eacameron> clever: I believe that's already how the DO backend works
fhoffmeyer has joined #nixos
<NixOS_GitHub> [nixpkgs] teh opened pull request #22873: WIP: Various python (master...various-python) https://git.io/vDSeN
<clever> i was thinking that DO worked the same as AWS, just clone a base-image managed by the nixos foundation
fhoffmeyer has quit [(Read error: Connection reset by peer)]
<eacameron> clever: I know it doesn't do that. DO only has a fixed set of base images.
<clever> oh right, i think i read one of those scripts
fritschy has quit [(Quit: Leaving.)]
fritschy has joined #nixos
<devoid> What's the right way to get a stable ipv6 address (not sac "global temporary dynamic")?
<eacameron> clever: sure enough!
fritschy has quit [(Client Quit)]
<clever> eacameron: the network stuff on lines 81-89, ive heard its buggy
<clever> eacameron: and somebody else in #nixos wrote a module that properly queries the DO metadata at boot time
<eacameron> clever: Oh?? I need to know about this...
<clever> eacameron: and this script appears to do the same thing i did to a gentoo system, it just jams nix onto the box with curl https://nixos.org/nix/install
danharaj has joined #nixos
<clever> eacameron: and then builds nixos under ubuntu, and overwrites the MBR
<clever> eacameron: so you are forced to keep whatever partitions DO made for you
<eacameron> clever: Bummer.
<eacameron> clever: Does that mean no Luks or zfs?
fhoffmeyer has joined #nixos
<clever> eacameron: yeah, with nixos-infect
<clever> eacameron: but with the kexec tool i linked, you can boot nixos in ram, without any changes to the MBR
<copumpkin> aszlig: you still around? :)
<clever> eacameron: then you can ssh into that, and do whatever you want to the hdd
johnsonav has quit [(Ping timeout: 276 seconds)]
regnat has quit [(Read error: Connection reset by peer)]
<eacameron> clever: That's awesome. But I wonder how well DO would take to losing *all* semblance of control over the box.
<clever> eacameron: ive heard that when you clone a droplet, DO will try to mount the rootfs, and overwrite /etc/network/interfaces and /root/.ssh/authorized_keys
<clever> eacameron: i would expect that to sanely fail when it encounters luks and skip it
<eacameron> clever: But your machine might be borked.
<clever> in the case of DO, it doesnt sound like they have any tools to allow recovery
<clever> but this goes into 2 more ideas i had this week
<clever> #1 (for datacenters with more manual stuff), put the kernel/initrd from my kexec tool into /boot and grub.cfg
<clever> so when it breaks, you open a ticket and tell them to boot the rescue option, then you can ssh into that and repair it
<copumpkin> ManualOcean?
<ndowens08> ugh still getting darkhttpd attribute missing :\
<clever> this can also be of use for local systems
<clever> you essentialy are embeding the install cd in /boot
<copumpkin> ndowens08: update your gist? :)
<clever> copumpkin: so you get a very cheap repair ANYTHING option, as long as /boot is intact
<copumpkin> HalfManualOcean?
<copumpkin> (I've never used them)
<eacameron> clever: Hah wow that would be sweet. I wouldn't actually know how to do anything with it but somebody would.
freusque has quit [(Quit: WeeChat 1.6)]
<clever> eacameron, copumpkin: my second idea, is to make a linux bootloader, that runs as a stripped down kernel+initrd+gui app
<clever> so on bootup, it runs a custom bootloader, that listens on the network for control
<aszlig> copumpkin: yep
<clever> and if it hits a timeout, it will kexec nixos
<clever> and if you do take control, you can pick which generation to kexec, or kexec into the rescue system
freusque has joined #nixos
<clever> so you essentialy control GRUB over the internet
<eacameron> clever: Haha wow now that would be very nice for nixops
<clever> eacameron: yeah
* eacameron wishes nixops had a vultr backend since it does support custom images.
<ndowens08> says at line 41
<eacameron> clever: do you recall what module fixed that network code?
<mbrgm> how can I override a service definition? in particular I want to override systemd...preStart for it.
<copumpkin> ndowens08: have you added a uid for it? line 41 is referencing that
<ndowens08> copumpkin: nope, maybe that is it lol
<copumpkin> ndowens08: also line 30 would be cleaner if you referenced cfg rather than the full config.services.darkhttpd
<clever> eacameron: hmmm, where was it now....
<clever> eacameron: cant find it on a github search or chrome history, checking my irc logs now
<eacameron> clever: thanks for looking!
<clever> eacameron: i believe you just put the module.nix into imports, and you get an IP, thats it
<eacameron> clever: imports?
<clever> and if you clone the machine via the DO control panel, it automaticaly gets the right ip, no need for nixos to rebuild things
<NixOS_GitHub> [nixpkgs] rbvermaa pushed 1 new commit to release-16.09: https://git.io/vDSU3
<NixOS_GitHub> nixpkgs/release-16.09 780a38c Rob Vermaas: nixops: update to 1.5
<clever> eacameron: yeah, imports = [ ./systemd-digitalocean/module.nix ]; in configuration.nix
<ndowens08> copumpkin: hmm copumpkin looked at other modules that is similar, and none of them create the uids in theres, they look like mine, sorta
<ndowens08> may start over
<copumpkin> ndowens08: no, there's just a list of uids
<copumpkin> you need to add something to it if you want a user
<eacameron> clever: Wow thanks for this. So does this mainly apply when cloning droplets?
<NixOS_GitHub> [nixpkgs] rbvermaa pushed 1 new commit to master: https://git.io/vDSUV
<NixOS_GitHub> nixpkgs/master 1c366b4 Rob Vermaas: nixops: update to 1.5...
<clever> eacameron: it also means you cant mess up the config when using nixos-infect (if you turn off the code thats potentialy buggy)
<clever> or other methods to install
teknico has quit [(Quit: Leaving.)]
<clever> eacameron: one of the datacenters ive been dealing with lately has similar but worse setup, you need static ip's configured, but it has no metadata service
<eacameron> clever: ug
<clever> eacameron: the datacenter IT guys normaly login manualy via the console, and update the config
<ikwildrpepper> clever: ugh, yeah, that is terrible
<clever> ikwildrpepper: i gave them a .vmdk file to replace my vm with, and they asked for the pw so they could apply that
<eacameron> clever: I'm trying to determine how "freaked out" I should be about this since I have a few production servers running nixos on do
<clever> ikwildrpepper: its nixos, i dont think they would be able to figure it out :P
<NixOS_GitHub> [nixops] rbvermaa tagged v1.5 at master: https://git.io/vDSUF
<clever> ikwildrpepper: 5mins after they asked for the pw, they noticed i had pre-configured the IP and ssh was already up
<ikwildrpepper> clever: we actually had a datacenter that did figure it out :o
<ikwildrpepper> somewhere in russia
<clever> ikwildrpepper: nice
cpennington has quit [(Ping timeout: 255 seconds)]
<mbrgm> how can I override a service definition? in particular I want to override systemd...preStart for it.
<clever> mbrgm: the serviceconfig is weird, mkforce doesnt work on prestart
<ikwildrpepper> mbrgm: just set the option
<ikwildrpepper> with an override value, e.g. lib.mkOverride 0 value
<copumpkin> hmm, if it's not a submodule that might be awkward
<copumpkin> do we just take an attrset parameter for serviceConfig?
<ikwildrpepper> clever: it doesn't? :o /me runs away
<copumpkin> if not, it should probably be a submodule
ryanartecona has joined #nixos
<clever> copumpkin, ikwildrpepper: yeah, i think nixos just takes a raw attrset, and will merge non-conflicting keys
roconnor__ has joined #nixos
roconnor__ is now known as roconnor
endformationage has quit [(Quit: WeeChat 1.6)]
<clever> copumpkin: reading the source, i think .serviceConfig and .unitConfig are entirely untyped, so the option framework is left to defaults
endformationage has joined #nixos
<clever> copumpkin: you might as well be using php to configure that part of services, lol
cpennington has joined #nixos
johnsonav has joined #nixos
<copumpkin> :)
<copumpkin> perhaps worth splitting into base + extra, so base is modeled and managed by submodule
<copumpkin> and extra is a freeform attrset in case we forgot to add a field
<copumpkin> or something like that
ambro718 has joined #nixos
zraexy has joined #nixos
Wizek__ has joined #nixos
zraexy has quit [(Client Quit)]
pi3r has joined #nixos
freusque has quit [(Quit: WeeChat 1.6)]
freusque has joined #nixos
Sonarpulse has joined #nixos
regnat[m] has joined #nixos
jarlg has quit [(Quit: WeeChat 1.5)]
freusque has quit [(Client Quit)]
nschoe has quit [(Quit: Program. Terminated.)]
<copumpkin> merged \o/
<NixOS_GitHub> [nixpkgs] copumpkin closed pull request #22869: amazon-init NixOS module: fix (I think) race condition with network (master...amazon-init-fix) https://git.io/vDy1D
fhoffmeyer has quit [(Ping timeout: 260 seconds)]
georges-duperon has quit [(Remote host closed the connection)]
yenzenz has quit [(Ping timeout: 240 seconds)]
jgertm has quit [(Ping timeout: 240 seconds)]
zx2c4 has left #nixos []
fhoffmeyer has joined #nixos
neeasade has quit [(Ping timeout: 276 seconds)]
digitus has joined #nixos
georges-duperon has joined #nixos
layus__ has joined #nixos
regnat[m]1 has joined #nixos
ThatDocsLady has quit [(Quit: Arma-geddin-outta-here!)]
layus_ has quit [(Ping timeout: 252 seconds)]
neeasade has joined #nixos
regnat[m] has left #nixos ["User left"]
<ndowens08> yay, almost have darkhttpd module ready
t7 has joined #nixos
<NixOS_GitHub> [nixpkgs] vcunat pushed 2 new commits to staging: https://git.io/vDSsw
<NixOS_GitHub> nixpkgs/staging 55cc770 Vladimír Čunát: Revert "Merge: glibc: 2.24 -> 2.25"...
<NixOS_GitHub> nixpkgs/staging e962a3c Vladimír Čunát: Merge branch 'master' into staging
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
goibhniu has quit [(Ping timeout: 268 seconds)]
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to staging: https://git.io/vDScs
<NixOS_GitHub> nixpkgs/staging 524de86 Vladimír Čunát: findutils: plug a memory leak (close #22857)...
<ndowens08> ok let me see if I am correct, in an option I have foward = mkOption { default = ""; url =""; description...}; to call it from config would i do ${cfg.foward.url}?
endformationage has quit [(Quit: WeeChat 1.6)]
<NixOS_GitHub> [nixpkgs] vcunat closed pull request #22857: findutils: plug memory hole in find (staging...findutils) https://git.io/vDDXw
mudri has quit [(Ping timeout: 260 seconds)]
fresheyeball has quit [(Ping timeout: 276 seconds)]
takle_ has quit [(Remote host closed the connection)]
<NixOS_GitHub> [nixpkgs] acowley opened pull request #22875: ghostscript: fix installed library name on darwin (master...ghostscript-id) https://git.io/vDSlF
simendsjo has joined #nixos
digitalmentat has joined #nixos
kampfschlaefer has joined #nixos
<ndowens08> ok if I have url in this example: foward = mkOption { default = ""; url = " "; description=""}; how do i extract the data in foward option?
fresheyeball has joined #nixos
Itkovian has joined #nixos
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22876: consul: 0.7.3 -> 0.7.5 (master...consul) https://git.io/vDSRp
katyucha is now known as Guest48113
Guest48113 has quit [(Killed (rajaniemi.freenode.net (Nickname regained by services)))]
katyucha1 is now known as katyucha
katyucha1 has joined #nixos
pi3r has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
JagaJaga has joined #nixos
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22877: consul-template: 0.18.0 -> 0.18.1 (master...consul-template-update) https://git.io/vDSE3
<eacameron> clever: Do you have a sense of how hard it is to port a package from say, apt, to nix? I want to port do-agent (DigitalOcean server metrics agent) but I'm not sure where to start.
<clever> eacameron: if the source is available, start with just a derivation containing a name and src = fetchurl and see what happens
<clever> eacameron: nixpkgs will handle ./configure and everything automaticaly
takle has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] mogria opened pull request #22878: phpPackages.memcached: add missing zlib build dependency (master...fix-php-memcached) https://git.io/vDSEF
ilyaigpetrov has quit [(Quit: Connection closed for inactivity)]
JagaJaga has quit [(Ping timeout: 260 seconds)]
danharaj has quit [(Ping timeout: 260 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<ndowens08> clever: is there a way to force nix-rebuild to clean the build env, b/c even when i change my configuration-test.nix to build a vm, but never seems to change anything when i start the vm session, for example, i am telling configuration to disable xserver.autorun and xserver starts up anyway
<ndowens08> nixos-rebuild -I nixpkgs=/home/ndowens/nixpkgs -I nix-config=/etc/nixos/configuration-test.nix build-vm
<ndowens08> is the command i am using
<clever> ndowens08: nix always uses a new directory in /tmp for every build, no mater what the sandbox is set to
<clever> ndowens08: and the option is nixos-config, not nix-config
adev has quit [(Quit: Ex-Chat)]
<ndowens08> hmm, the url it gives me is always the same
<ndowens08> that might be why
<clever> its probably using the real configuration.nix, and ignoring your changes entirely
<ndowens08> yup, now it gives me error in that config which is promising lol
<clever> about the only way to break nix and make it disobey the nix expressions is to forcibly edit existing files in /nix/store/
fhoffmeyer has quit [(Ping timeout: 240 seconds)]
<ndowens08> clever: you are clever :D :p
takle has joined #nixos
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22879: awless: init at 0.0.13 (master...awless) https://git.io/vDSgl
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to staging: https://git.io/vDSgR
<NixOS_GitHub> nixpkgs/staging 5ad81ab Vladimír Čunát: libxml2: bugfix updates from git upstream...
<gchristensen> I thought clever's nick was a bit overconfident but they've proven me wrong time and time again.
fhoffmeyer has joined #nixos
riptawr has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vDS2f
<NixOS_GitHub> nixpkgs/master 03024b3 Vladimír Čunát: tex4ht: fixup evaluation errors in the broken package...
pi3r has joined #nixos
danharaj has joined #nixos
ixxie has quit [(Ping timeout: 258 seconds)]
fhoffmeyer has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22880: wuzz: 2017-02-09 -> 0.1.0 (master...wuzz-update) https://git.io/vDS2b
<ndowens08> gchristensen: lol
<contrapumpkin> niksnut: dammit :( http://hydra.nixos.org/build/48803033/nixlog/2
fhoffmeyer has joined #nixos
<hyper_ch> how can I find out what the current kernel options are? especially I'd like to check the intel_pstate
<thoughtpolice> hyper_ch: cat /proc/cmdline?
<thoughtpolice> Or do you mean module options?
takle has joined #nixos
<clever> hyper_ch: find /sys | grep module | grep para | head
<clever> /sys/module/sg/parameters
<clever> /sys/module/sg/parameters/allow_dio
<clever> hyper_ch: in here is every option to every module loaded into the kernel, including modules that linked in at compile time
<clever> hyper_ch: some of them are also r/w and can be changed at runtime
<hyper_ch> but how do I know if intel_pstate=disabled or not?
griff_ has joined #nixos
takle has quit [(Ping timeout: 256 seconds)]
takle has joined #nixos
danielrf1 has joined #nixos
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22881: vault: 0.6.4 -> 0.6.5 (master...vault-update) https://git.io/vDSo8
takle has quit [(Ping timeout: 240 seconds)]
phreedom has joined #nixos
takle_ has joined #nixos
danielrf has quit [(Ping timeout: 260 seconds)]
fhoffmeyer has quit [(Ping timeout: 240 seconds)]
derjohn_mob has quit [(Ping timeout: 268 seconds)]
pi3r has quit [(Ping timeout: 240 seconds)]
takle_ has quit [(Ping timeout: 276 seconds)]
fhoffmeyer has joined #nixos
<ndowens08> ok clever, clever how do i fix uid = config.ids.uids.darkhttpd gives darkhttpd attribute missing?
<pikajude> define that attribute maybe
<ndowens08> if i remove that line it doesnt give that error and darkhttpd is used several places?
cpennington has quit [(Ping timeout: 276 seconds)]
<ndowens08> trying to create a module and looking at other modules that are close to what i am creating it for
takle has joined #nixos
tokudan has joined #nixos
tokudan has quit [(Client Quit)]
<ndowens08> ah think i see now
<ndowens08> yup didnt realize there was a nix for id too lol
AllanEspinosa has joined #nixos
mbrgm has quit [(Quit: ZNC 1.6.3 - http://znc.in)]
riptawr has quit [(Remote host closed the connection)]
acowley_away is now known as acowley
fhoffmeyer has quit [(Ping timeout: 245 seconds)]
Itkovian has joined #nixos
mbrgm has joined #nixos
cpennington has joined #nixos
<sziszi> i'm using a networking.localCommands option with double singlequotes, resulting systemd script builds successfully when I rebuild the system, also the commands working when I run the file manually, so I assume the configuration is correct but these commands didn't ran(maybe they do, but I didn't find any evidence) is there a logfile or something I can look into about this issue? i'm stuck right now
takle has quit [(Remote host closed the connection)]
pi3r has joined #nixos
<mbrgm> fpletz: I remember you're using gitlab on nixos in production. how is it though to be brought to the frontend?
<cransom> sziszi: i found when adding extra commands to the firewall via iptables that if not cleaned up properly, the stop/start script would get confused and due to a set -e in the script, would fail on the first error. you might be hitting something like that there.
<mbrgm> I see nothings listening on a http-alike port
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
mexisme2 has joined #nixos
AllanEspinosa has quit [(Ping timeout: 245 seconds)]
<sziszi> cransom: thanks! but afaik there is no error in this script, atleast manually there is none, but who knows :))
<NixOS_GitHub> [nixpkgs] Profpatsch closed pull request #22388: networking.bonds: add support for arbitrary driverOptions (master...bonding) https://git.io/vDsrk
<Ralith> cransom: systemctl status/list-units should report when that's happened, right?
Shou has quit [(Ping timeout: 260 seconds)]
JagaJaga has joined #nixos
mudri has joined #nixos
<cransom> Ralith: it does, yes. in my experience, nixos-rebuild would succeed but the firewall unit still failed slightly after nixos-rebuild returned.
takle has joined #nixos
mexisme has quit [(Ping timeout: 240 seconds)]
<Ralith> that sounds right
johnsonav has quit [(Ping timeout: 245 seconds)]
takle has quit [(Ping timeout: 264 seconds)]
simendsjo has quit [(Quit: ERC (IRC client for Emacs 24.5.2))]
AllanEspinosa has joined #nixos
<sziszi> Ralith: ohohoh, you're my man
<sziszi> I got the error
<sziszi> a few reboot and I'll be done :D
<ndowens08> doing nixos-rebuild switch usually makes it where you dont have to reboot, most of the time i think?
<NixOS_GitHub> [nixpkgs] viric pushed 1 new commit to master: https://git.io/vDSDt
johnsonav has joined #nixos
<NixOS_GitHub> nixpkgs/master 0cee46d Lluís Batlle i Rossell: brotli: update to 0.5.2...
DarcsAurelius has joined #nixos
<sziszi> ndowens08: sadly not this time
<ndowens08> ah that sux :\
<sziszi> Feb 16 20:50:11 narancs systemd[1]: Failed to start Extra networking commands..
<mbrgm> is someone using gitlab on nixos?
mudri has quit [(Ping timeout: 240 seconds)]
<sziszi> even better: I have FDE, and the boot process is extremely slow till the system unlocks the disk + typing in my 50+ char long pw...
<sziszi> mbrgm: if you need a smaller solution I'd look at gitea
<mbrgm> sziszi: thx for the recommendation. need to gitlab though :-/
mojjo has joined #nixos
<mojjo> hi! is there a way to run skype or another application that servers as a skype client on nixos?
derjohn_mob has joined #nixos
Shou has joined #nixos
AllanEspinosa has quit [(Ping timeout: 240 seconds)]
bennofs has quit [(Ping timeout: 276 seconds)]
<mojjo> simpson: Which would be the command I'd use to install this? nix-env -i skype does not do it..
<simpson> mojjo: Well, you need to be running i686 and enable unfree software.
<NixOS_GitHub> [nixpkgs] viric pushed 1 new commit to master: https://git.io/vDSH7
<NixOS_GitHub> nixpkgs/master e62fe37 Lluís Batlle i Rossell: zstd: update to 1.1.3
<simpson> I see other Skype clients in nixpkgs too, but I haven't used any of them.
<simpson> (I have used the official Skype client. It's shit.)
mkoenig has joined #nixos
<mojjo> ok, unfree software I have enabled. I'm really bad at that hardware stuff :-) how could I find out, if I'm running i686?
<simpson> Is your computer 32-bit or 64-bit?
<ndowens08> uname -a tends to show
<ndowens08> at the very end
<simpson> Or yes, $(uname -a), if you know how to read that.
<ndowens08> x86_64 GNU/Linux is mine at the end of the line so it is 64bit
<mojjo> yes, I know. Alright, its 64
<mojjo> I'm getting 'error: selector ‘skype’ matches no derivations'. I remember for some packages the install command was slightly different...
<viric> simpson: x86_64 can run i686 binaries fine
<viric> mojjo: nix-env -iA nixos.skype
<viric> simpson: uh?
<philipp[m]> Is there any documentation / best practices how to actually use nixos containers?
<viric> simpson: all-packages sets i686
<simpson> viric: Oh, TIL.
<simpson> I figured it would have been set to amd64/x86_64/etc.
<viric> uh?
<viric> skype = callPackage_i686 ../applications/networking/instant-messengers/skype { };
<simpson> Ah, and TIL again.
<viric> I don't understand TIL
<simpson> "Today I Learned"
<viric> simpson: you can install any i686 package
chris| has quit [(Quit: Quit)]
<clever> simpson: callPackage_i686 forces skype to use 32bit libraries and to build in a 32bit way
<viric> nix-env -iA nixos.pkgsi686Linux.brotli
<viric> and shazam you have it for i686
<clever> simpson: and also, it forces a linux-32bit build, even on a mac system!!
<mojjo> Alright, now I'm getting the 'unfree' error. Which I'm wondering, why, since I have allowUnfree allowUnfree = true; in my configuration.nix
<clever> mojjo: configuration.nix is only used for nixos-rebuild, nix-env never reads it
<clever> mojjo: nix-env and nix-build only ever use ~/.nixpkgs/config.nix
Shou has quit [(Ping timeout: 240 seconds)]
<philipp[m]> I'd like to know how to properly update all my containers that are defined in the hosts configuration.
<philipp[m]> *with minimal downtime
deepfire has joined #nixos
<mojjo> ah, good to know. The file does not exist on my machine. Would I have to create it?
chris| has joined #nixos
<clever> philipp[m]: the only way to update the declarative containers is to restart their systemd units on the host, which does a full container shutdown, and then bootup
<clever> mojjo: yeah, the unfree error should tell you what contents it needs
<clever> philipp[m]: imperative containers gain the use of "nixos-rebuild switch" within them for faster updates, but they also have some cons: each container has its own channel, and you now have to nixos-rebuild every container one by one
<clever> with declarative containers, nixos-rebuild on the host updates the build of every container at once for you
georges-duperon has quit [(Ping timeout: 252 seconds)]
<mojjo> now it installs. nice.
<simpson> clever: Huh, but even though they each have their own channel (in the imperative setup), they still share the same store, right?
fhoffmeyer has joined #nixos
<clever> simpson: yeah, they all share the store, but the "active" nixos build is going to be entirely out of sync
<clever> simpson: so you need to "nixos-rebuild --upgrade switch" every container seperately
<simpson> Mm.
<clever> or one container may wind up on a month old nixos-unstable, because you forgot to run updates on it
<simpson> I keep wanting to do containers on my laptop, but I don't know what I'd put into the container. Maybe I'm not thinking with containers yet.
<clever> declarative containers just update every single container, since the host depends on the container builds
<mojjo> if someone has a good alternative to the official skype client one, I'm keen to here a reommendation...
<clever> mojjo: toxcore has been working to take over the skype users, https://tox.chat/
bennofs has joined #nixos
ndowens08 has quit [(Ping timeout: 240 seconds)]
<mojjo> looks good, but I need a way to communicate with skype accounts. Which tox can't I guess..
<clever> yeah, tox can only talk to other tox users
<clever> and ive heard rumors that skype is shutting down the p2p network and going purely "cloud" based
<clever> so any pre-existing skype clients are going to break
<clever> and then only the official one will remain, and only if you update
<viric> don't we have SDL2Main?
<simpson> I've given up, FWIW; my Skype contacts have to use non-Skype to reach me now.
AllanEspinosa has joined #nixos
<mojjo> simpson: good attitude!
<viric> what are the multiple outputs? .bin and .dev? that's all?
<clever> simpson: either M$ thinks their cloud is bigger then the sum of every single user, or the NSA wants help spying on things, lol
<clever> viric: every string listed in the outputs attribute becomes an output
<viric> clever: by default I mean
<clever> viric: and derivations are free to make their own ones up, i have one for logs and static binaries
<viric> SDL2 should have a libsdl2main.a
<clever> viric: ive seen bin, dev, lib, and dbg within nixpkgs
<clever> viric: and sometimes a static
<simpson> clever: Man, don't get me started on USA spying. It ticks me off so much.
<clever> viric: checking .outputs should tell you what that package has
<viric> really?
<viric> out & dev
<viric> none with libsdl2main. werid
<clever> viric: i only see a .out on SDL2, no .outputs, so it has 1 output, thats it
<viric> no no
<clever> nix-repl> SDL2.out
<clever> «derivation /nix/store/x21l6wp6qvbz262avzjdziz4n18cigpi-SDL2-2.0.4.drv»
<viric> it has .outputs
ndowens08 has joined #nixos
<viric> $ nix-instantiate --eval -A SDL2.outputs .
<viric> [ "out" "dev" ]
<clever> ah
<clever> on 16.09 it doesnt
<clever> on nixos-unstable, it does
<viric> :)
<mojjo> is there a way to split up the nix store on two hard disks?
<clever> viric: nix-repl also helps a lot with this: http://pastebin.com/fc0EDyaX line 33&34
ryanartecona has quit [(Quit: ryanartecona)]
<viric> I'm outdated
<philipp[m]> clever: Do the declarative containers pull from the active profile, so is a switch or just a build needed?
<viric> I see in hydra log: /nix/store/zy2g06kpg8d5byd8yss1c227gf2wm3cf-coreutils-8.26/bin/install -c -m 644 build/libSDL2main.a /nix/store/h03qmjqfczaadhrlhpbr9prm0fh4pv6b-SDL2-2.0.5/lib/libSDL2main.a
<clever> mojjo: not really, you would need some ugly hacks with unionfs, or just use something raid capable (mdadm, zfs, lvm)
<viric> ranlib /nix/store/h03qmjqfczaadhrlhpbr9prm0fh4pv6b-SDL2-2.0.5/lib/libSDL2main.a
ryanartecona has joined #nixos
<viric> But that file is not there. o_O
<clever> philipp[m]: the declarative containers dont have their own profiles, so when you build the host, it also updates the active nixos for every container in the systemd config
<clever> philipp[m]: and next time systemd boots that container, it uses that version
<viric> is there anything removing static libs automatically?
<philipp[m]> Ah, makes sense, so I can also roll back containers by rolling back my system profile.
<clever> yeah
<viric> what?
<sziszi> I found out: the vde switch fork to the background before a tap device initialize properly, so the next command which needs the tap0 device will fail; therefore i had to insert a "sleep 1" for a quick fix
<clever> [clever@amd-nixos:~]$ nix-store -r /nix/store/h03qmjqfczaadhrlhpbr9prm0fh4pv6b-SDL2-2.0.5
<viric> wtf. postInstall = ''
<viric> rm $out/lib/*.a
<clever> viric: oh, that will do it, heh
Itkovian has joined #nixos
<viric> :)
<clever> viric: i would add a static output, and mv all of them to $static/lib/
<viric> manually? nah
<clever> viric: if you do that, 99% of the nixpkgs builds will ignore it, so it just sits in the binary cache and costs almost nothing
<clever> viric: and then if something wants the statics, it can depend on SDL2.static
AllanEspinosa has quit [(Ping timeout: 240 seconds)]
<viric> clever: it's not the static version of the libs
endformationage has joined #nixos
<clever> ?
<viric> they are only tiny libs that include a main() wrapper
<viric> (so can't be shared)
<clever> ah
<clever> i would put those into $dev/lib/
<viric> $dev is automatically done
<clever> if they are tiny, there is no real cost to having them
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to staging: https://git.io/vDSbA
<NixOS_GitHub> nixpkgs/staging 6c1ba72 Vladimír Čunát: kde5.khotkey: fix patch hash wrongly added in b719852
<viric> separation of out, bin and dev is automatic
<clever> modify the postInstall that deletes them, to instead move them to $dev/lib/
<clever> you are free to augment that automation as you need
fhoffmeyer has quit [(Ping timeout: 240 seconds)]
AllanEspinosa has joined #nixos
Shou has joined #nixos
<viric> clever: there is moveToOutput
fhoffmeyer has joined #nixos
nckx has quit [(Quit: ☭ + 🐧 + GNU Guix <https://gnu.org/s/guix>)]
<NixOS_GitHub> [nixpkgs] viric pushed 2 new commits to master: https://git.io/vDSAU
<NixOS_GitHub> nixpkgs/master 0c42efd Lluís Batlle i Rossell: SDL2: fix creation of libSDL2main.a...
<NixOS_GitHub> nixpkgs/master 1e7da9e Lluís Batlle i Rossell: trigger: update to 0.6.5
<NixOS_GitHub> [nixpkgs] LnL7 closed pull request #22875: ghostscript: fix installed library name on darwin (master...ghostscript-id) https://git.io/vDSlF
fhoffmeyer has quit [(Read error: Connection reset by peer)]
freusque has joined #nixos
fhoffmeyer2 has joined #nixos
<freusque> Hello, does someone here have recent nix binaries for ARM?
<freusque> (I'm using the wiki's help to install on RPI)
nckx has joined #nixos
<NixOS_GitHub> [nixpkgs] bjornfor opened pull request #22882: nixos: add programs.wireshark option (master...wireshark) https://git.io/vDSAE
* viric hides
<viric> freusque: ask Dezgeg and clever
<freusque> thanks viric
mudri has joined #nixos
freusque has quit [(Client Quit)]
<Sonarpulse> does cc-wrapper add the underlying unwrapped stuff to the path?
mbrgm has quit [(Quit: ZNC 1.6.3 - http://znc.in)]
mbrgm has joined #nixos
<NixOS_GitHub> [nixpkgs] copumpkin pushed 2 new commits to master: https://git.io/vDSpr
<NixOS_GitHub> nixpkgs/master 3f971d9 Pradeep Chhetri: vault: 0.6.4 -> 0.6.5
<NixOS_GitHub> nixpkgs/master 96c152f Daniel Peebles: Merge pull request #22881 from pradeepchhetri/vault-update...
mojjo has quit [(Remote host closed the connection)]
<NixOS_GitHub> [nixpkgs] globin pushed 1 new commit to master: https://git.io/vDSpQ
<NixOS_GitHub> nixpkgs/master 6e12406 Robin Gloster: Revert "nginx: Format the config file"...
takle has joined #nixos
jgertm has joined #nixos
ryanartecona has quit [(Quit: ryanartecona)]
hiratara has quit [(Ping timeout: 245 seconds)]
ryanartecona has joined #nixos
takle has quit [(Ping timeout: 268 seconds)]
freusque has joined #nixos
<ndowens08> Anyone see the post that someone is using emacs as their window manager? I found that crazy it could be
hiratara has joined #nixos
ryanartecona has quit [(Quit: ryanartecona)]
cpennington has quit [(Remote host closed the connection)]
<endformationage> ndowens08: Did you need the high color icons for the default awesomewm4 theme?
<ndowens08> yup endformationage
<ndowens08> wait
<ndowens08> to use copycat's themes i did
<endformationage> Ah, that sounds familiar
<ndowens08> but even w/o the hicolor, the default looked like the old 3.5.9
<endformationage> Did you have to override.. in the config, or can you just install via nix-env with -f to a cloned nixpkgs repo?
<ndowens08> just install hicolor and it works
<endformationage> I mean, reagarding awesome4
<ndowens08> what copycat's theme or what, i am confused?
<endformationage> Sorry, upgrading from the awesome avail under nixos 16.09
<ndowens08> ah, well my issue was errors when using copycats theme, and installing hicolor fided those errors
<NixOS_GitHub> [nixpkgs] joachifm closed pull request #22754: keepalived: 1.2.19 -> 1.3.2 (master...update-keepalived) https://git.io/vDKn2
sellout- has quit [(Quit: Leaving.)]
JagaJaga has quit [(Ping timeout: 260 seconds)]
<ndowens08> updated the awesome pkg, though it isn't mine to package added hicolor as part of the install, though overrideable though through assert
<ndowens08> though i must have done it wrong, wont build :)
JagaJaga has joined #nixos
georges-duperon has joined #nixos
takle has joined #nixos
<viric> Why does "nix-shell -p stdenv" tell me that it's dumping a very large path > 256MiB?
takle has quit [(Ping timeout: 255 seconds)]
<Dezgeg> what's the nix-push replacement in nix master?
<qknight_> anyone from india here?
freusque has quit [(Ping timeout: 258 seconds)]
<ndowens08> Anyone know who maintains the awesome package?
<ndowens08> awesomewm that is
hiratara has quit [(Quit: ZNC - http://znc.in)]
<qknight_> ndowens08: you can look it up at https://nixos.org/nixos/packages.html
<ndowens08> qknight_: I am looking at the actual nix file but no meta is listed there
<ndowens08> but i see the person for 3.5.9 atleast
hiratara has joined #nixos
<eacameron> How do I make my own configurations that are overridable via recursion fixpoint?
MichaelRaskin has joined #nixos
<eacameron> Do I somehow just do something like config = fix (config: config // {defaults})?
<eacameron> er...{defaults} // config
nckx has quit [(Quit: ☭ + 🐧 + GNU Guix <https://gnu.org/s/guix>)]
nckx has joined #nixos
sellout- has joined #nixos
<pikajude> your own config option you mean?
<pikajude> options*
AllanEspinosa has quit [(Ping timeout: 240 seconds)]
rawtaz has quit [(Quit: bailing)]
DarcsAurelius has quit [(Ping timeout: 240 seconds)]
<thomassgn> Hi, trying to write a nix expression for fpm2, but keep getting "error: cannot auto-call a function that has an argument without a default value (‘stdenv’)" from nix-build -A fpm2. The default.nix can be seen at http://pastebin.ca/3768612
<thomassgn> how to understand error?
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
DutchWolfie has quit [(Quit: Konversation terminated!)]
pikajude has quit [(Quit: ZNC 1.6.3 - http://znc.in)]
AllanEspinosa has joined #nixos
pikajude has joined #nixos
phreedom has quit [(Ping timeout: 240 seconds)]
<ndowens08> thomassgn: can you pastebin your nix file?
phreedom has joined #nixos
fhoffmeyer2 has quit [(Read error: Connection reset by peer)]
digitalmentat has quit [(Quit: Leaving)]
pi3r has quit [(Quit: Nettalk6 - www.ntalk.de)]
freusque has joined #nixos
ebzzry has joined #nixos
fhoffmeyer has joined #nixos
<thomassgn> ndowens08: http://pastebin.ca/3768612
<ndowens08> sry didnt see your first pastebin
<NixOS_GitHub> [nixpkgs] globin pushed 1 new commit to staging: https://git.io/vD9qn
<NixOS_GitHub> nixpkgs/staging 31ff2ac Robin Gloster: systemd: add patch to fix docker...
ebzzry has quit [(Ping timeout: 260 seconds)]
fresheyeball has quit [(Ping timeout: 276 seconds)]
ebzzry has joined #nixos
fresheyeball has joined #nixos
<schoppenhauer> hi.
<schoppenhauer> does anyone have experience with the teamviewer-package?
<schoppenhauer> because it somehow doesnt work for me
<schoppenhauer> without a real error message
acowley is now known as acowley_away
<ndowens08> thomassgn: just noticed, that pkg is already in the repo
<ndowens08> atleast in unstable channel
srhb has quit [(Quit: Quit)]
<schoppenhauer> ah ok, I just need to wait longer
<ndowens08> yeah i dont use things like that schoppenhauer , so cant answer
srhb has joined #nixos
<schoppenhauer> ndowens08: wuuus?
<NixOS_GitHub> [nixpkgs] globin pushed 36 new commits to staging: https://git.io/vD9Yy
<NixOS_GitHub> nixpkgs/staging 108c6d1 Robin Gloster: socat: 1.7.3.1 -> 1.7.3.2...
<NixOS_GitHub> nixpkgs/staging 71e8ef6 Robin Gloster: afflib: 3.7.6 -> 3.7.15
<NixOS_GitHub> nixpkgs/staging 4277978 Robin Gloster: gsoap: 2.8.37 -> 2.8.42
<thomassgn> ndowens08: ah thanks, still get the same error though. It is a standalone in my configuration dir, though. I understand there is a difference, but not what the difference is.
<ndowens08> thomassgn: have you tried to install through nix-env -i ?
<thomassgn> no, trying now.
<thomassgn> It doesn't find fpm2 in store or as an attribute. I'm not trying to have it in nixpkgs, just as a standalone thing for hacking ++
<clever> thomassgn: you need to add it as an override in config.nix for nix tools to know it exists
<ndowens08> you must not be using nixos-unstable channel to get it. and nix is sorta standalone, if you install using one profile, it wont be in another
<clever> thomassgn: http://pastebin.com/HCwLhErm line 7, i truncated the file
<clever> so youll need to add a few }; and }
takle has joined #nixos
* clever heads to bed
<thomassgn> clever: thanks
<ndowens08> yeah i am new to nix myself, i have packaged a couple of the apps in the repo, so i know just a little lol
<pikajude> does there exist a guide for testing kubernetes deployments on nixos?
<pikajude> maybe by having nixos act as a kube master?
takle has quit [(Ping timeout: 260 seconds)]
ryanartecona has joined #nixos
<benley> anyone know if it's possible to refer to other things from NIX_PATH in a NIX_PATH element? Like if I wanted to have NIX_PATH="foo=https://github.com/path/to/foo.tar.gz:bar=<foo>/path/within/foo.nix" (except this syntax doesn't actually seem to work)
<benley> or, is it possible to refer to a specific file within a http remote tarball in NIX_PATH?
thc202 has quit [(Ping timeout: 240 seconds)]
bennofs has quit [(Ping timeout: 264 seconds)]
<pikajude> kubelet service doesn't start
tm_ has quit [(Ping timeout: 255 seconds)]
<globin> pikajude: ping offlinehacker[m] on kubernetes
tm_ has joined #nixos
bobthejanitor has joined #nixos
<offlinehacker[m]> pikajude: what's the error?
<pikajude> offlinehacker[m]: 'ln: target '/opt/cni/bin' is not a directory'
<pikajude> for one
<offlinehacker[m]> oh that's still a bug
<offlinehacker[m]> create this directory for now, I must fix this
<pikajude> oh, ok
<pikajude> is it just a missing preStart or something
<pikajude> ok, now i'm getting a bunch of error messages from kubelet.service
<pikajude> Failed to list *api.Pod: Get http://127.0.0.1:8080/api/v1/pods?fieldSelector=
<pikajude> spec.nodeName%3Dtoothless&resourceVersion=0: dial tcp 127.0.0.1:8080: getsockopt: connection refused
<pikajude> oops, sorry
<pikajude> didn't mean to paste that here
<offlinehacker[m]> is apiserver running?
<offlinehacker[m]> kube-apiserver
<pikajude> oh, no, that is NOT working
<offlinehacker[m]> what's the error there?
<pikajude> "Will report 192.168.29.156 as public IP address."
<pikajude> then exit 255
<bobthejanitor> Quick question, I've gotten output from installing a package about collisions, and it recommends I use nix-env --set-flag priority to fix it. I cannot get it do work, because it states "matches no derivations". Should I state priority name in full (eg nixos.kde5...) because that didn't work
<offlinehacker[m]> pikajude: hmm wierd, it just exists?
ambro718 has quit [(Ping timeout: 264 seconds)]
<pikajude> yea
mudri has quit [(Ping timeout: 260 seconds)]
<bobthejanitor> How do I deal with package collisions?
<offlinehacker[m]> pikajude: are this all logs from apiserver, i'm running this profile locally, and it works, except for manually creating /opt/cni/bin
takle has joined #nixos
<pikajude> offlinehacker[m]: that's all that there is in the logs, yeah
Rizy has joined #nixos
<offlinehacker[m]> pikajude: what does `etcdclt cluster-health` says?
<pikajude> "command not found"
<pikajude> lol
<Ralith> bobthejanitor: uninstall whatever you're colliding with
<offlinehacker[m]> sorry, `etcdctl cluster-health`
<pikajude> says cluster is healthy
<bobthejanitor> I don't know what I'm colliding with, the store hash is given, but it's not clear what is conflicting
<offlinehacker[m]> pikajude: what do you have under /opt/cni/bin
<offlinehacker[m]> can you try restart kube-apiserver
<pikajude> bridge, dhcp, flannel, host-local, ipvlan, loopback, macvlan, ptp, tuning
<pikajude> no need, it restarts over and over on its own
<offlinehacker[m]> systemctl restart kube-apiserver
<offlinehacker[m]> ok, that looks good
<offlinehacker[m]> ahh, i see
<offlinehacker[m]> pikajude: which version of nixpkgs/kubernetes?
<pikajude> nixpkgs is master
<offlinehacker[m]> unstable or latest release?
<pikajude> as of like an hour ago
<bobthejanitor> I've just done a blanket install of kde5, I'll probably go through and manually install each so I know everything I'm installing, but I'd like to know the best way to solve this for the future
<pikajude> kubernetes is 1.5.2
takle has quit [(Ping timeout: 240 seconds)]
<pikajude> anyone know how to get systemctl to show full lines in status output
<offlinehacker[m]> hmm ok, and i guess docker is running
<pikajude> and as an aside, why someone thought it was a good idea for systemctl to not show full lines by default
<offlinehacker[m]> journalctl -r -u kube-apiserver.service
<pikajude> no, i want to see the start command
<pikajude> not the logs
<pikajude> so i can run it myself and strace it or something
<offlinehacker[m]> ahh ok
jgertm has quit [(Ping timeout: 260 seconds)]
<offlinehacker[m]> systemctl status -l kube-apiserver.service
<pikajude> yea, that doesn't work
bobthejanitor has quit [(Quit: http://www.kiwiirc.com/ - A hand crafted IRC client)]
<pikajude> well, if I run the start command manually, I get Failed to generate service certificate: open /var/run/kubernetes/apiserver.crt: permission denied
<offlinehacker[m]> ok, if i move left and right i can see full command
<pikajude> but it doesn't exit 255
<offlinehacker[m]> what are permissions of /var/run/kubernetes
<pikajude> root:root
<offlinehacker[m]> folder
<pikajude> 0755
<offlinehacker[m]> it should be kubernetes user
<pikajude> that makes sense
<pikajude> ok that fixed it
<pikajude> how the hell did that get to be owned by root
<pikajude> ok, everything appears to be running now
<pikajude> thanks offlinehacker[m]
mudri has joined #nixos
<pikajude> oh, I should be using minikube, shouldn't
<pikajude> I
<pikajude> damn it
<offlinehacker[m]> pikajude: not a problem, this somehow seems to have no effect: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes.nix#L838
<pikajude> i don't even need kubernetes running, do I?
<pikajude> not if I'm going to use minikube
<offlinehacker[m]> but it might be the case that these only get created on boot
<offlinehacker[m]> pikajude: if you want, you can just use minikube for sure
<offlinehacker[m]> pikajude: the only difference it will run another vm
<offlinehacker[m]> but is a more portable solution
<pikajude> well i just want to experiment with k8s at the moment
<pikajude> this isn't going to be exposed anywhere
<offlinehacker[m]> pikajude: if you will be using nixos module, if you see any other issue, please report, me and @matejc are deploying a cluster using it, but i haven't had time to write complete tests for it
<pikajude> i see, apparently both do the same thing :)
<pikajude> offlinehacker[m]: ok, thanks for the help
<pikajude> it looks like I've gotten it working
<offlinehacker[m]> cool :)
peterhoeg has joined #nixos
MP2E has joined #nixos