<NixOS_GitHub>
[nixpkgs] rnhmjoj opened pull request #23470: update and fix mitmproxy (master...mitmproxy) https://git.io/vyCNS
magnetophon has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] dezgeg pushed 1 new commit to master: https://git.io/vyCN9
<NixOS_GitHub>
nixpkgs/master 2552b03 Tuomas Tynkkynen: unionfs-fuse: Use fetchFromGitHub
digitus has quit [(Quit: digitus)]
ryanartecona has quit [(Quit: ryanartecona)]
griff_ has joined #nixos
roygbiv has joined #nixos
sellout- has quit [(Quit: Leaving.)]
<Acou_Bass>
umm, question, im having trouble doing nixos-rebuild - it seems to get stuck on the updating GRUB 2 menu... ive been running for a few weeks without this issue (with lots of rebuilds/upgrades) so not really sure what couldve caused this?
hamishmack has quit [(Ping timeout: 260 seconds)]
erasmas has quit [(Quit: leaving)]
hamishmack has joined #nixos
<clever>
Acou_Bass: can you pastebin "ps -eH x"'s output when its hung?
<clever>
Acou_Bass: ah, so stdin/stderr/stdout are all pointing to /dev/pts/3, and it has no open files, but its probably doing stat on an nfs mount
<Acou_Bass>
hmm
<clever>
Acou_Bass: up next is "strace df -h" to find out which mount it is
<Acou_Bass>
yep the last one it pops up with and sticks on, is /mnt/pi which is my NFS mount :P
<Acou_Bass>
so you reckon restart the NFS client service?
<clever>
Acou_Bass: umount and the problem should go away, if umount hangs, there is umount -l
<clever>
Acou_Bass: its more likely that the nfs server is to blame
<clever>
"umount -l" is a lazy umount, it will un-hook it from the visible FS's and let it take its time (potentialy forever) in the background where it wont bother anything
<Acou_Bass>
ok yep umount /mnt/pi worked :D
Rizy has joined #nixos
<clever>
ive had issues before where a normal umount also hangs, because the nfs client is dumb and wants a server up to disconnect cleanly
<Acou_Bass>
yeah
<clever>
ive also had systemd refuse to shutdown because nfs is busy umounting, when there is less then 30 seconds left on the UPS, and the entire network is down because of a power outage!
<devoid>
Looks like on the release-16.09 train I can select "nvidiaBeta"… but this is actually an *older* release 349.12 than the main one… :-)if I switch to the "release-17.03" branch I can actually
<Acou_Bass>
ahhh crap yeah, you know what it was clever
<clever>
the pi was off?
<Acou_Bass>
i setup my NFS server and never actually added all the bind mounts to /etc/fstab
<devoid>
get a newer release, 375.26 or the beta...
<clever>
ah
<Acou_Bass>
which never really became an issue until i rebooted the pi today
<Acou_Bass>
:P
<clever>
heh
mudri has quit [(Quit: WeeChat 1.7)]
<devoid>
So… is it a *bad idea* (TM) to switch to the 17.03 release branch now?
<gchristensen>
if anything goes wrong, you'll be able to revert to 16.099 safely.
<clever>
16.09 has a seperate beta.nix rather then an all-in-one
<devoid>
clever, not sure what you mean by "peek" I'm just cloning the nixpkgs repo and checking out the release branch then set my NIX_PATH to that directory?
<clever>
devoid: you can change branches right on the github web-ui
<gchristensen>
devoid: now that is not safe
<devoid>
If you look at the 16.09's beta release, it's using an older version 349.12 than the non-beta.
<Acou_Bass>
probably just better off waiting till 17
<clever>
devoid: the last link i gave is the 17.03 version of nvidia's package
<Acou_Bass>
17.03*
<devoid>
Acou_Bass but my second monitor isn't working :-(
<Acou_Bass>
isn't 17.03 scheduled to be at some point this month anyway
<Acou_Bass>
0,o really what gfx card?
<clever>
devoid: also, the release-17.03 branch on nixpkgs isnt the safe one, you want release-17.03 of nixpkgs-master
<clever>
oops
<clever>
nixpkgs-channels
<gchristensen>
nixos-17.03 on nixpkgs-channels
<clever>
what gchristensen said
<clever>
i should get sleep soon, lol
<gchristensen>
:)
<clever>
but i need to finish this code
<gchristensen>
take care of yourself, clever
<Acou_Bass>
I'm patiently waiting for 17.03 for a kernel they'll actually support my wifi card, sadly 16.09 doesn't seem to wanna use nvidia driver with Linux latest XD
<Acou_Bass>
but yeah fair point if your two monitors won't work at all
<devoid>
gchristensen, thanks. What's the syntax for adding a nix-channel that's one of these git repos
<devoid>
or do I just add this as a remote to my nixpkgs repo and do the install that way?
<devoid>
clever, thanks for your help.
kampfschlaefer has quit [(Ping timeout: 240 seconds)]
<clever>
devoid: if you just want to use a channel, what gchristensen said
<clever>
devoid: if you want to develop or edit expressions in a channel line 6/7 of http://pastebin.com/r5pDRFhv
<clever>
devoid: by adding other forks of nixpkgs like that, i can checkout branches from any of them, and switch back to master easily, so i only need 1 copy of the nixpkgs git repo
<devoid>
clever, thanks! out of curiosity why have a separate repo for these channels and not just a protected branch in the main nixpkgs repo?
<clever>
no idea why it was setup like that
<Profpatsch>
Can anybody tell me why that trivial option throws a totally non-descript error?
<devoid>
xrandr reports two monitors 2560x1440 as "DP-0.8" and "DP-0.1" while nvidia-settings reports these as "DFP-2.8" and "DFP-2.1"
<clever>
devoid: are you using xfce?
<devoid>
clever: gnome3 for desktopManager and slim for displayManager, but for no particular reason.
<clever>
ah, i was wondering if xfce4-display-settings helped any
<clever>
i believe it uses xrandr to apply the changes, so you can probably just run it under nix-shell to test
<clever>
but it needs xfce in full control to persist, so it can restore upon login
hexagoxel has quit [(Ping timeout: 260 seconds)]
<Acou_Bass>
i use xfce but dont use its configuration manager at all i just use nvidia-settings
<Acou_Bass>
before i added the config to my configuration.nix
<Acou_Bass>
i had to fire up nvidia-settings and go on the monitors settings bit
<spacekitteh>
clever: are you cleverca22?
<Acou_Bass>
and manually drag the first monitor 'off' the second one
hexagoxel has joined #nixos
<Acou_Bass>
because it was covering it up
<Acou_Bass>
then turn the other one on
<clever>
spacekitteh: yes
<spacekitteh>
kk
<devoid>
lol xfce's desktop is very confused about zfs...
griff_ has quit [(Quit: griff_)]
<clever>
devoid: cacti/snmp is also confused, it refuses to let me graph a 2nd filesystem within the same pool
<devoid>
8 grey'ed out "rpool" volumes.
<spacekitteh>
joachifm_: how do i view the log for update-dnscrypt-resolvers?
<spacekitteh>
oh -u
<clever>
devoid: and df in general, the size of every mount-point is in constant flux
<devoid>
not sure what I'm supposed to try under xfce … still one blank monitor
<clever>
devoid: try draging that monitor?
<clever>
devoid: anything in the dropdown?
thc202 has quit [(Ping timeout: 240 seconds)]
<devoid>
clever, nothing seems to change the fact that one display won't get a signal
<clever>
cant think of anything else then
<devoid>
clever, ya I feel like MST support in Linux is still a mystery to me.
<devoid>
Everthing I read online indicates that it should be working since late 3.x kernels
<devoid>
but I've never gotten it to work
<gchristensen>
I'm working on open sourcing my tooling around nixpkgs, the first is this git pre-push hook which doesn't let me make new branches on NixOS/nixpkgs (hi peterhoeg :) ) doesn't let me delete master or release branches, and since I only once in a blue moon push more than one commit at a time, blocks pushes with more than one commit since that is likely an error:
<clever>
spacekitteh: reguarding your 2nd point, i have thought about what would happen if i just jam every git project into a single .git directory
<clever>
spacekitteh: it would need to map the branch names about to avoid collisions, and to keep the GC from eating other projecs, and with the recent sha1 news, id be more warry about merging projects controlled by different groups
<spacekitteh>
clever: i've been wanting to make git compression better, too
<spacekitteh>
aye
<clever>
internaly, git will store all files with a header of "blob %d\0", the %d is the file size
<clever>
and then it zlib's that whole string, to make the raw object in .git/objects/
<spacekitteh>
indeed
<spacekitteh>
zlib is pretty crappy
<spacekitteh>
there are much better compression algorithms these days
<ben>
think about all the COPYINGs you could deduplicate w/ a single git store...
<spacekitteh>
especially for structured data
<clever>
the pack files clean that up more, and produce some inteligent binary diffs between objects
<clever>
while still allowing the original object to be extracted
<spacekitteh>
clever: honestly, git should just leave the diffing to the compression algorithm
Kendos-Kenlen has quit [(Quit: Konversation terminated!)]
mkoenig_ has joined #nixos
<spacekitteh>
clever: basically, compression is isomorphic to AI
<spacekitteh>
clever: and AI has made leaps and bounds since rsync + DEFLATE were created
<spacekitteh>
and as a result, compression has as well
mkoenig has quit [(Ping timeout: 264 seconds)]
<spacekitteh>
(git's diffing algorithm is based on rsync)
smw_ has joined #nixos
* spacekitteh
is studying AI
<spacekitteh>
sorta.
<spacekitteh>
in my spare time :V
<clever>
i remember making my own "compression algo" back when i was like 15, it was a php script that just ran gzip, bzip2, and something else, then compared them to see which gave the best result (it didnt bzip the gzip)
<clever>
and then it kept the smallest version, and deleted the other files
<spacekitteh>
clever: that's called context mixing!
<clever>
main downside, is that it took 3-4 times as long, and a crap-ton of disk
<spacekitteh>
aye
Rizy has joined #nixos
<spacekitteh>
that's due to the fact that compression is basically trying to find the kolgomorov complexity of the input data
<spacekitteh>
and finding the kolmogorov complexity of something is uncomputable in general
<peterhoeg>
gchristensen: I'm flattered you're thinking about me!
mbrgm_ has joined #nixos
<peterhoeg>
On the issue of multiple commits, I personally don't think that's such a bad idea in many cases. If they each encapsulate one logical block that can stand alone, it makes perfect sense to do so.
<gchristensen>
peterhoeg: I agree, I just never make them.
mbrgm has quit [(Ping timeout: 260 seconds)]
mbrgm_ is now known as mbrgm
<spacekitteh>
clever: basically, finding the optimial compression of something is equivalent to the halting problem in terms of complexity class :) it's doable... but only as a supertask!
<clever>
heh
<gchristensen>
if you look at my history, almost 100% of my commits are one-off merging commits or cherry-picks. that is a sanity check for me, not necessary for others :)
<spacekitteh>
i mean sure, you can find optimal compression for plenty of things, just like you can determine plenty of programs halt or not
<clever>
spacekitteh: this is a first person shooter, in a 96kb executable
<spacekitteh>
i remember that game! it's so cool
<clever>
with full textures, 3d models, music, and mobs with ai
<spacekitteh>
i was really into demos for a while
<clever>
the trick, is that they dont try to compress the textures, its basicaly SVG's
<spacekitteh>
i thought they were completely procedurally generated
<spacekitteh>
ohh
<spacekitteh>
right
<spacekitteh>
yeah same thing basically
<taktoa>
I mean, an SVG is just a procedure for generating an image
<clever>
yep
<clever>
and apply the same logic to the music, the 3d models, and the maps
AllanEspinosa has joined #nixos
<clever>
you have now removed 99% of the data in a typical game
<spacekitteh>
indeed
<spacekitteh>
when i was a game dev i always wanted to do something like that
<taktoa>
yeah it's a typical time-space tradeoff
<spacekitteh>
but alas
<clever>
and nix would also help with the loss of time at startup!
<clever>
it could generate all that to the nix store, and optionaly GC it at any time
<taktoa>
clever: that's just trading disk for memory
<clever>
taktoa: more trading disk for loading time
<clever>
it will load faster the next time, because the data was cached to disk
<clever>
no need to re-generate it all
echo-area has joined #nixos
<smw_>
clever: guess what. It is still compiling! :-P
<clever>
smw_: :D, it may take several days
<taktoa>
yeah, and then what's the point of compressing all the data as an SVG if you are just going to cache the compilation of the SVG (well, bandwidth, but who cares about that :))
<clever>
taktoa: with modern connection speeds, yeah
<spacekitteh>
anyone who doens't live in south korea
<spacekitteh>
lol
<smw_>
clever: it has been compiling the kernel for quite a long time :-)
<clever>
hmmmm.... how big of a QR code do i need for 96kb?.....
* spacekitteh
stabs her 700KB/s ADSL connection
<clever>
smw_: my pi2 took ~2h 50mins to build a kernel recently
<spacekitteh>
i once ran gentoo on a 2007ish netbook
<spacekitteh>
oh the pain
<smw_>
clever: anyways, quick question, can I rebuild a nixos system by chrooting?
Rizy has quit [(Quit: Rizy)]
Kingsquee has quit [(Ping timeout: 264 seconds)]
<clever>
smw_: as long as you use "nixos-rebuild boot", yes, and there is "nixos-install --root /mnt --chroot" to chroot for you
<echo-area>
Hi, I am making a patch, and get stuck at the step of rebasing master. I got a conflict there and I checked that it was not related to my patch. Do I blindly accept whatever from the master branch, as that will result in the patch only contains my expected changes?
danharaj has joined #nixos
<clever>
smw_: it will stop mid-way thru the install (while inside the chroot), and drop to a shell, with /run/current-system setup
<smw_>
clever: cool
danharaj has quit [(Remote host closed the connection)]
<spacekitteh>
taktoa: it's a pity superoptimisation is usually done in a dumb way
<taktoa>
spacekitteh: thanks for the twitter follow :^)
<smw_>
clever: I have raspian and a usb with an extra sd card.
<spacekitteh>
taktoa: "Currently I am most interested in functional programming, category theory, and constructive mathematics." twins
<smw_>
clever: so I am doing building on my raspian then switch the cards to test it out.
<spacekitteh>
taktoa: even aerospace stuff :V
* spacekitteh
is a former avionics engineer :V
derjohn_mob has quit [(Ping timeout: 260 seconds)]
<clever>
smw_: sounds like it should work
<roygbiv>
spacekitteh, why did you get out of that line of work?
<spacekitteh>
roygbiv: i didn't want to help improve ICBMs, basically
<roygbiv>
understood
<roygbiv>
just being nosy!
<spacekitteh>
plus the field is awfully rigid and conservative etc
<spacekitteh>
research is sneered at
<taktoa>
I got out of it because 90% of the curriculum was focused on improving your ability to multiply matrices
systemfault has quit [(Read error: Connection reset by peer)]
<taktoa>
and I realized that that was not a good use of my time
<spacekitteh>
heh
<spacekitteh>
that too
<spacekitteh>
"we're gonna do some really advanced mathematics now!" *basic functional analysis*
<clever>
ive made a 3d rendering engine, from scratch, before i knew that matrix multiplication was a thing
<spacekitteh>
hehe
<smw_>
clever: is there a way to suppress compilation output?
<smw_>
I just want to see what is being compiled
<clever>
smw_: -Q
<spacekitteh>
i made a ray tracer in grade 12 for an IT assignment (it was basically "make this simple program") and i was bored so i... didn't
<smw_>
clever: is it safe to cancel so
<clever>
spacekitteh: lol
<smw_>
clever: cancel the run so I can add -Q
<clever>
smw_: reasonably, it will need to restart the current derivation
<clever>
and if your 2 hours into a 3 hour derivation, id wait
<clever>
enless you dont mind another 2 hours of compiling
<smw_>
makes sense
Rizy has joined #nixos
derjohn_mob has joined #nixos
<clever>
smw_: oh god, llvm started to compile!
<smw_>
hah
<clever>
the last time it passed, it took 6 hours!
<clever>
and after that, it took 5h 44mins, then failed!
<smw_>
clever: I see the nixos integration tests (with VMs) but are there unit tests?
<smw_>
clever: also, any chance of writing tests in a nicer language than perl? :-P
<clever>
the closest thing i can think of to a unit test in nix is to just run "make test" between "make" and "make install"
<clever>
which can be done by just setting doCheck = true; in a derivation
<clever>
but the package has to provide its own tests
<clever>
smw_: also, i'm now starting some integration tests for a large project on my end, and rather then implement its network protocol in perl, ive written a c++/lua app to handle it
Kingsquee has joined #nixos
echo-area has joined #nixos
<smw_>
clever: cool, it looked like only perl when reading the nix guide. But I was thinking about nixos tests, not nix package tests. Something like "give the following setting, I expect the file to contain this"
<smw_>
clever: just normal sanity tests to ensure that your code is sound.
<clever>
ah
<smw_>
clever: especially if you have many options
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<smw_>
clever: in reality, nothing has to be executed. Just know that given some input the function (yay functional programming) will produce a certain output config.
<smw_>
clever: it seems like that would be really important.
<echo-area>
I have still not yet finished the rebase, and I don't know how long it will take further. My patch is on release 16.09 and there are too many changes since then. What do I do now?
<echo-area>
Maybe try the patch in another branch?
<gchristensen>
echo-area: that should be easier, yes
<clever>
smw_: you could put asserts into your nix expression, but you would have to hard-code the input and exptect value, and it might still trigger building of derivations your string references
<clever>
and its getting late here, i'm off to bed now
<echo-area>
Okay
dramforever has quit [(Quit: Leaving)]
<smw_>
clever: g'night
<smw_>
clever: tomorrow I install nixos! Or at least try.
AllanEspinosa has joined #nixos
echo-area has quit [(Remote host closed the connection)]
echo-area has joined #nixos
systemfault has joined #nixos
systemfault has quit [(Read error: Connection reset by peer)]
k0001 has quit [(Ping timeout: 260 seconds)]
<echo-area>
In the preview of the pull request, I see other changes that I don't want to be merged into master, i.e. those changes are not made by me but by git rebase. Should I still create the pull request, or should I start the process over?
cmr has joined #nixos
cmr has quit [(Changing host)]
cmr has joined #nixos
<echo-area>
I think I must have used the wrong commit at the beginning
smw_ has quit [(Quit: leaving)]
Piece_Maker has joined #nixos
Acou_Bass has quit [(Ping timeout: 240 seconds)]
Piece_Maker is now known as Acou_Bass
<ndowens08>
how do you search for a package that provides a library.
Rizy has quit [(Quit: Rizy)]
Rizy has joined #nixos
phreedom has joined #nixos
alx741 has quit [(Quit: alx741)]
<dmj`>
seems like the gitlab oauth provider for the oauth2_proxy module is trying to use gmail...
roconnor has joined #nixos
ertes has joined #nixos
<ndowens08>
this package i am trying to update needs libavcodec but i can not figure out package provides it
alx741 has joined #nixos
mguentner2 has quit [(Quit: WeeChat 1.7)]
<MP2E>
ndowens08: ffmpeg provides libavcodec
<MP2E>
I think libav does too if that project still exists
<MP2E>
ffmpeg is preferred I think
<ndowens08>
MP2E: ah, is there a way to query things such for future reference?
<ndowens08>
so I can figure out what provides what, generally i can do nox to find something, but oculdntd for that library
<MP2E>
good question, not sure actually. that'd be useful
<ndowens08>
very
roconnor has quit [(Ping timeout: 260 seconds)]
hexagoxel has quit [(Ping timeout: 260 seconds)]
Wizek has joined #nixos
Wizek_ has joined #nixos
deepfire has quit [(Ping timeout: 260 seconds)]
mguentner has joined #nixos
hexagoxel has joined #nixos
RchrdB has quit [(Ping timeout: 240 seconds)]
<ndowens08>
hmm if there was a way for when hydra built the packages, it would create a list of dir/files that the package created; then a cmd could be used to search for it
mguentner2 has joined #nixos
eacameron has joined #nixos
mguentner has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Ping timeout: 240 seconds)]
filterfish has quit [(Ping timeout: 258 seconds)]
ndowens08 has quit [(Ping timeout: 258 seconds)]
hamishmack has quit [(Read error: Connection reset by peer)]
hamishmack has joined #nixos
justanotheruser has quit [(Ping timeout: 264 seconds)]
systemfault has joined #nixos
wedens has quit [(Ping timeout: 268 seconds)]
RchrdB has joined #nixos
eacameron has joined #nixos
jsgrant-_ has joined #nixos
sibi has quit [(Quit: Connection closed for inactivity)]
jsgrant- has quit [(Ping timeout: 260 seconds)]
systemfault has quit [(Read error: Connection reset by peer)]
<spacekitteh>
it's a pity that nix's core AST isn't JITted
filterfish has joined #nixos
justanotheruser has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
<spacekitteh>
it's also a pity it's written in C++ :/ it seems like it could be a fifth of the size if it was in haskell or another similar language
<simpson>
Write it in RPython.
filterfish has quit [(Remote host closed the connection)]
filterfish has joined #nixos
filterfish has quit [(Remote host closed the connection)]
<spacekitteh>
TIL about RPython
filterfish has joined #nixos
<simpson>
It's the most practical way to make a JIT right now.
<spacekitteh>
eh, assuming you count python as being practical
<simpson>
You write a light AST interpreter, and then you put the JIT annotation on builtins.map, and then you're done.
phreedom has quit [(Ping timeout: 260 seconds)]
<spacekitteh>
+ for a compiler
<simpson>
Well, it's proven practical; PyPy is written using RPython.
<spacekitteh>
i mean using a dynamic, duck-typed language
<simpson>
Moreover, there aren't many competing toolkits. LLVM's JIT tooling is not good, and Truffle isn't able to run without a JVM unless you pay big bucks to Oracle.
<spacekitteh>
aye, LLVM's JIT api really needs a hell of a lot of improvement
<simpson>
RPython is statically-scoped and statically-typed. It's like writing Java with good syntax, or OCaml with bad syntax.
<simpson>
In proper Monte, this'd be: if (expr =~ m`escape ej { ej.run(@inner) }`) { return inner }
phreedom has joined #nixos
<simpson>
But yeah, this is all statically type-checked during a translation-and-compile phase, and the semantics are roughly somewhere between C++ and Java, with the understanding that NPEs are segfaults.
<c74d>
does RPython have language support for tagged unions like OCaml has?
<simpson>
"Arrakis teaches the way of the knife" and all that.
<simpson>
c74d: If you have a bunch of subclasses of a common class, they'll share an object-and-vtable layout when compiled to C structs. So it's like C++, not OCaml.
<c74d>
oh, RPython isn't a language itself
<simpson>
The only really really shitty part is no first-class closures at runtime. So you have to pass around executors like a peasant in Javaland.
<simpson>
Well, there's rpython.rlib, which is a stdlib tailored towards writing interpreters. Bigints, C FFI, syscalls, GC, plus basic Python-style data structures.
* c74d
was thinking of how I've heard that tagged unions and matching over them, as OCaml has, are especially desirable for writing compilers
filterfish has quit [(Ping timeout: 240 seconds)]
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<simpson>
I'm using a nanopass-style AST rewriter. It's powered by a great little module; the best part of RPython is that your metalanguage is full unrestricted Python.
<qknight>
oPn7: you don't have a etc entrie and you have to make a entry in your /etc/nixos/configuration.nix and do a nixos-rebuild switch to make it active
<clever>
obadz: id also need bindings for the ioctls to control routing tables/addresses, toxcore, and /dev/tun, and thats already half the code in toxvpn
<obadz>
pony calls C without bindings
<clever>
ah
<obadz>
you can give optional type hints in one place to avoid having to do it at the call site
<obadz>
but that's about it
<clever>
what about its cross-compile support?
xadi has joined #nixos
<obadz>
it outputs llvm
<clever>
ah
<obadz>
though I'm not sure the runtime is well ported yet
stepcut has quit [(Remote host closed the connection)]
lwf has joined #nixos
c0bw3b has joined #nixos
ixxie has quit [(Ping timeout: 268 seconds)]
jsgrant-_ has quit [(Read error: Connection reset by peer)]
jsgrant- has joined #nixos
bjarki is now known as SuprDewd
SuprDewd has quit [(Quit: SuprDewd)]
jgertm has quit [(Ping timeout: 264 seconds)]
mkoenig has joined #nixos
<gchristensen>
interesting: our git packaging isn't correct if you only put git in its own path
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to release-17.03: https://git.io/vyWE1
<NixOS_GitHub>
nixpkgs/release-17.03 84deb22 Graham Christensen: jitsi: 2.8.5426 -> 2.10.5550 for CVE-2017-5603...
edvorg has quit [(Ping timeout: 260 seconds)]
jgertm has joined #nixos
houqp has quit [(Ping timeout: 240 seconds)]
Aexoden has quit [(Quit: No Ping reply in 180 seconds.)]
pikajude has quit [(Ping timeout: 240 seconds)]
<gchristensen>
also interesting: I had never considered I'd have to send notices for _three_ branches, I wonder how my tooling will handle that.
pikajude has joined #nixos
simpson has quit [(Ping timeout: 240 seconds)]
Aexoden has joined #nixos
simpson has joined #nixos
houqp has joined #nixos
magnetophon has joined #nixos
<magnetophon>
I'm trying to get nix-serve working again, and the caches and keys seem OK, but I get: "NAR info file ‘ $the-url.narinfo’ has an incorrect signature; ignoring ". It then correctly installs from cache.nixos.
Rizy has joined #nixos
<clever>
magnetophon: did you give the key a unique name?
<magnetophon>
clever: I don't think so. how?
<clever>
when you ran nix-store --generate
<clever>
the command you gave a few days ago creates a key claiming to be cache.nixos.org-1, so it will use the real nixos pubkey, and fail
<clever>
you must name it after your own domain
<magnetophon>
i did: nix-store --generate-binary-cache-key mixos /tmp/tst/sk1 /tmp/tst/pk1
<clever>
and the docs say it has to be in the form of domain-number, like example.com-1
<magnetophon>
clever: aha
<clever>
and the publickey it generates has to go into the nix.conf of the devices that are going to download from it
<magnetophon>
clever: yup. doing that in the global configuration.nix
<clever>
and you need to make sure nix-serve is reading the matching secret key, it might be reading an older one you made days ago
<NixOS_GitHub>
[nixpkgs] FlorentBecker opened pull request #23487: Update to latest eliom + add ocsigen_start (master...ocsigen_start) https://git.io/vyWzE
<magnetophon>
clever: sorry, I didn't mention yet: when I run "nix-env -f $NIXPKGS -iA qutebrowser" it doesn't try the local cache, only when I put it in the flags
<clever>
you also need to add the binary cache to nix.conf
<pierron>
\o/ I made an efficient TOML parser in Nix. Now I can look at making a Nixpkgs overlay to provide rust & rustc & cargo versions out of the manifest files.
<ben>
:D
<ben>
did you literally write a pure nix function taking a toml string as input and returning a bunch of attrsets
<clever>
magnetophon: the % at the end of that public key doesnt look right to me, can you double-check the contents of /tmp/tst/pk1?
<pierron>
ben: yes
<pierron>
ben: it fits in 147 lines :D
<ben>
nice
<pierron>
no error checking of course
jgertm has quit [(Ping timeout: 258 seconds)]
SuprDewd has joined #nixos
<pierron>
the challenge was to avoid deep recursions while parsing a 200KB file
<RchrdB>
Does the nix language have tail-call elimination?
<pierron>
RchrdB: no
mkoenig has quit [(Ping timeout: 258 seconds)]
<pierron>
RchrdB: this was the other challenge :P
<RchrdB>
So um
<RchrdB>
wait how
<magnetophon>
clever: heh, that's an artifact of cat. thanks
<RchrdB>
that sounds infeasible? you can only loop by recursively calling functions, so don't you need to recurse at least 200k times, once to take in each input byte?
<clever>
magnetophon: both the public and private keys are base64, so they can only contain the characters listed here, and optionaly end in =
<pierron>
RchrdB: They are primops which are not recursive.
<pierron>
RchrdB: such as builtins.foldl'
<RchrdB>
pierron, did you do something excessively clever like recursively eating a few hundred or thousand bytes at a time and then returning intermediate state to a trampoline function further up the stack?
<RchrdB>
ah okay
<pierron>
RchrdB: and that too
<RchrdB>
lol nice
devoid1 has quit [(Read error: Connection reset by peer)]
<RchrdB>
I am legitimately impressed.
<pierron>
RchrdB: otherwise reading each byte in Nix is awfully slow.
<RchrdB>
Yeah I imagine it would be.
<pierron>
I guess I should push this one to Nixpkgs.
<pierron>
I will first make the overlay work, and then I will make a PR for adding this fromTOML function to the Nixpkgs library.
<pierron>
RchrdB: the first thing I do, is compute the ceil(log(length(file))) :P
<RchrdB>
Should you, though? this sounds difficult enough that it might be less work maintenance overall to put a toml parser into the nix builtins rather than maintaining one written in the nix language itself?
<RchrdB>
Obviously my opinion carries no weight if you don't agree, I'm just some tool on the internet.
<RchrdB>
Depending, I guess, on whether that code will ever need maintenance in future now that you've already written it.
<pierron>
RchrdB: I agree that this would be nicer, but we probably don't want to support every format in the Nix interpreter.
<RchrdB>
I was trying to suspend judgement about "nicer" and only think about the total amount of work. :)
echo-are` has quit [(Remote host closed the connection)]
<magnetophon>
clever: getting closer: when I generate a key named mixos-1 I get "narinfo’ is signed by unknown key ‘mixos’; ignoring", but when I generate one for mixos I get "narinfo’ has an incorrect signature; ignoring". I guess that means the nix.conf is OK, but nix-serve is using the old key? How do I fix that?
<ben>
let's just host a toml to nix cgi script somewhere that accepts really long query strings and fetchurl that >:U
devoid has joined #nixos
<NixOS_GitHub>
[nixpkgs] ehmry pushed 1 new commit to master: https://git.io/vyWg0
<clever>
magnetophon: check the nix-serve config, and possibly restart nix-serve
<clever>
magnetophon: how is nix-serve being given the key?
<magnetophon>
clever: idk
<clever>
magnetophon: how did you enable nix-serve?
<magnetophon>
clever: lemme check
xadi has joined #nixos
<magnetophon>
clever: in my global config, I have services.nix-serve.enable and .secretKeyFile. I'll copy /tmp/tst/sk1 to there, and rebuild.
<gchristensen>
globin, fpletz: around?
<clever>
magnetophon: what exactly did you set secretKeyFile to?
<magnetophon>
clever: /etc/nix/nix-serve.sec
<clever>
magnetophon: ah, so its simply using an old secret key, not the new one
<clever>
magnetophon: and that must be a quoted string, not an unquoted one
<magnetophon>
so I'd do "cp /tmp/tst/sk1 /etc/nix/nix-serve.sec" and rebuild?
<magnetophon>
I have secretKeyFile = "/etc/nix/nix-serve.sec";
<clever>
then you only need to copy and restart the nix-serve unit in systemd
<clever>
rebuild wont do anything
<magnetophon>
clever: right. thanks!
xadi has quit [(Client Quit)]
<magnetophon>
clever: \o/
<magnetophon>
many thanks for your patience
<clever>
yep :)
<magnetophon>
clever: is this stuff documented somewhere?
<ben>
pierron: is your parser on github rn?
smw_ has joined #nixos
<clever>
magnetophon: only documentation ive found is a small entry in the nix-store manpage for the --generate option
ryanartecona has quit [(Quit: ryanartecona)]
<smw_>
clever: so, some time last night one of the builds failed. So I restarted it and nothing is failing now :-\
<clever>
smw_: -k can help with that some, it will keep building what it can even after a failure, so it doesnt waste hours waiting for you to notice
<smw_>
clever: also, it isn't really using my full CPU, I am using -J and --cores, is there another way to run more jobs at once?
<pierron>
ben: not yet
<magnetophon>
clever: OK, thanks again.
<clever>
smw_: the nix level -j builds each derivation in parallel, but that only helps once you get past the stdenv bootstrap
<pierron>
ben: I will push it later today, when I finish the rust overlay.
<ben>
ok :)
<clever>
smw_: the make level -j (probably --cores) only does something if enableParallelBuilding=true; has been set inside a derivation, and only helps after ./configure has finished
<SuprDewd>
in the fixup phase, why are interpreter paths in executables not fixed, just as shell shebangs are fixed?
<clever>
SuprDewd: interpreter paths are meant to be fixed via a gcc flag in the gcc wrapper, and for pre-compiled stuff, you need patchelf
<smw_>
clever: I am using -j 4 --cores 4
<smw_>
clever: what I think I want is to run multiple derivation builds at once
<clever>
smw_: so it will try to do up to 16 gcc processes at once, and probably eat all of your ram up and die
<SuprDewd>
clever: I was packaging a pre-compiled binary, and fpletz mentioned on Github that the rpath and interpreter should be automatically fixed in the fixup phase
<smw_>
clever: I fixed that by adding 4GB of swap :-P
<clever>
SuprDewd: ah, i havent seen it do that before
<clever>
smw_: then it will just go into swap hell and take 4x longer :P
<smw_>
clever: nice theory... but that hasn't happened.
<clever>
whenever it goes try to run 16 gcc's at once
<smw_>
clever: but it isn't doing that
<smw_>
that is what has me confused
<clever>
mine runs fine for days with -j4, then every now and then, all 4 gcc's decide they want 500mb of ram each
<clever>
and it cripples itself
<SuprDewd>
clever: yeah, it's weird. The derivations I've seen for pre-built binaries seem to doing this manually, so I don't know if it's me or fpletz who's missing something..
<clever>
you can check top and "ps -eH x" to get some idea of what its actualy using
<smw_>
clever: I know that! What I am saying is that it isn't really running multiple derivations
<smw_>
clever: only one nix user is ever in use
<clever>
smw_: which derivations is it currently building?
<smw_>
spidermonkey
<clever>
ah, that should be well past the stdenv
* joepie91
has seen high variance in concurrent builds and thread use
<smw_>
wait, why is it building spidermonkey?!
<clever>
not sure why its not building more then
<clever>
smw_: policykit uses spidermonekey to parse its rule files
<smw_>
joelpet: yeah, but only one nix build user is running.
<joepie91>
seems to have something to do with most deps finishing faster than the few biggest deps, and a number of deps just flat-out ignoring thread count configuration
<joepie91>
as far as I've been able to tell
<clever>
smw_: ive asked the exact same question, then i just read the source to find my own answer
<smw_>
clever: of course it does... wait, why does the sd card have policykit?
<joepie91>
smw_: if you graph things out you'll likely find that it *does* parallelize, just not all the time :)
<Acou_Bass>
i wonder if i ran it on my pi too, we could setup some sort of build farm across the Internet ( obviously with more than just the two of us)
<smw_>
Acou_Bass: doesn't seem very secure
<joepie91>
Acou_Bass: the problem with distributed build farms is that you introduce lots of possible points of compromise
<Acou_Bass>
probably the Internet speed bottleneck would be worse than the time saved anyway hehe
<joepie91>
for ARM, I wouldn't be too sure about that :)(
<joepie91>
:)*
<smw_>
Acou_Bass: nah, I think it would work.
<Acou_Bass>
XD true
<joepie91>
but yeah, security is a big issue
<Acou_Bass>
yeah
<joepie91>
if you have 20 people running the build farm that means 20 people you can pwn to consequently pwn everybody running NixOS on ARM
seppellll has joined #nixos
<Acou_Bass>
guys we'd need to VPN it or something
<Acou_Bass>
yeah true
<Acou_Bass>
i didn't think of that
<joepie91>
Acou_Bass: the problem isn't the network, it's the people :)
sziszi[m] has joined #nixos
<joepie91>
it's just much easier to paranoically protect a centralized system than a distributed one, hehe
<Acou_Bass>
but isn't that true of the public hydra nix uses?
<joepie91>
that is centralized afaik
<joepie91>
and sure, it's a single point of failure, but it's a single single point of failure
<Acou_Bass>
hmm, so as long as the peers were trusted
<gchristensen>
joepie91: we have a sponsorship from Packet.net to provide 96-core Cavium ThunderXs
zraexy has joined #nixos
<gchristensen>
Acou_Bass: right now the "trusted peers" means "eelco runs them"
<clever>
joepie91: one thing i have been working on with my rpi3, is full network booting
<Acou_Bass>
XD fair enough
<clever>
joepie91: this means 2 things, a: no SD cards to fail
<joepie91>
gchristensen: ahhhh. that sounds sufficiently powerful :)
<joepie91>
gchristensen: and I'd imagine that their interest in sponsorship is roughly what I described above?
<clever>
joepie91: B, with a bit more config, i can just plug pi's in, and they join the hydra automagicaly, and if the pi goes offline, hydra stops trying to use it
<Acou_Bass>
I'd be really interested to run nixos on my pi but screw compiling everything hehe
<Gravious>
i'll go and have a look at whatever your 'get nix' script installs
<joepie91>
clever: pi cluster
<joepie91>
:p
<clever>
joepie91: that second point, means i can just throw more pi's at the problem to make it go faster, and i can unplug pi's when the load is low
<Acou_Bass>
XD
<joepie91>
Gravious: are you installing from master?
<Gravious>
1.11.7
<Gravious>
hrm
<joepie91>
Gravious: because that looks like somebody botched a PR/commit in master
<joepie91>
:p
<joepie91>
either that or your Nix is too old
<joepie91>
for the nixpkgs version
<Gravious>
joepie91, yes i'm not sure, could be either couldn't it, i haven't done anything with nix for a while, i'll try 1.11.7 and see if it works with that
<joepie91>
(read: nixpkgs uses a newer Nix language construct)
<joepie91>
Gravious: note that I'm totally unqualified to comment on what version works with what
<Gravious>
joepie91, ack :)
<clever>
Gravious: can you pastebin /nix/store/wi77m54m6w5mi246r7g8cws7qb7i56bm-nixpkgs-17.09pre102350.fa03b82/nixpkgs/pkgs/top-level/node-packages.nix
<joepie91>
but if you share your nixpkgs and Nix versions here then I'm sure somebody else will pitch in :)
<joepie91>
clever: the pi cluster sounds interesting but financially unscalable... a pi isn't all that cheap if bulk computing power is what you're going for
<clever>
Gravious: ok, so its not a corrupt file
<joepie91>
clever: since the pi targets lowest price point for reasonable perf, not best bang for the buck
<clever>
joepie91: yeah, but similar software can also be deployed against any other arm board, and even x86 machines
<joepie91>
if it works with any ARM board, then yeah, it'd be fine :)
<joepie91>
I think the hardkernel stuff currently has the best computational bang for the buck
<joepie91>
but not 100% certain
<clever>
joepie91: the key part, is that hydra supports a : seperated list of /etc/nix/machines files, so you can give hydra a 2nd file, that is imperatively modified
<joepie91>
(aside from questionable unmarked aliexpress boards)
<clever>
joepie91: then you make a service that listens for machines coming online/offline, and have it manage that 2nd file
<clever>
Gravious: what version of nix are you using?, which nix-env
<joepie91>
clever: right, and use a declarative file to specify the machines that *could* exist? or just autodetect entirely through some other mechanism?
<NixOS_GitHub>
[nixpkgs] rardiol opened pull request #23489: gplates: use boost 160 (master...gplates) https://git.io/vyWas
<clever>
joepie91: just auto-detect any machine that connects with the right auth codes
<joepie91>
right
<clever>
joepie91: and depending on how you setup the network boot, you could boot all of them from the same disk image
<joepie91>
sounds like a fine approach to me
<joepie91>
:p
<Gravious>
clever, 1.11
<joepie91>
yeah, that'd seriously bring down maintenance
<clever>
joepie91: which means the only limiting factor for scaling is cost, electricity, and bandwidth of the LAN
wak-work has joined #nixos
<joepie91>
then you just have interchangeable 'stateless units'
<clever>
yep
<joepie91>
makes perfect sense :P
<clever>
Gravious: you generaly always want to use -iA anyways, nix-env -iA nixpkgs.nix-repl
<joepie91>
clever: do keep in mind the network limitations of the rpi
<joepie91>
resulting from their ethernet being on the USB bus for some reason
<clever>
yeah, ethernet over usb
<joepie91>
yeah
<clever>
but thats only going to bottleneck each pi by itself
<clever>
but when you put 100 pi's on a switch, the NAS with the rootfs becomes a bottleneck
<Gravious>
clever, a, ok, is it the case that i should be using a newer nix?
<joepie91>
right :P
<clever>
Gravious: 1.11 is pretty recent
<ben>
hi here's a dumb question, why's it -iA nixpkgs.? where does the nixpkgs attrset come from exactly?
<ben>
is that because its got nixpkgs= in my NIX_PATH?
<Gravious>
clever, ok
<clever>
ben: the channel called nixpkgs
<clever>
ben: nix-env entirely ignores $NIX_PATH, its weird
<ben>
ah
roconnor has joined #nixos
<clever>
joepie91: i have ran 2 of my pi's from iscsi roots before, but each one had its own root, so it still had state and maintance
<clever>
joepie91: i have recently ran the rpi3 100% rootless, the initrd contained a squashfs, with a bare-bones distro, just nix-daemon, sshd, and the closure of them
<clever>
that one was entirely stateless
<Gravious>
clever, alright it works with -A, cheers, not clear from what i read in the man page, but i guess -A means it doesn't evaluate expressions it doesn't need to?
<clever>
Gravious: yeah
<smw_>
clever: why a nix-daemon?
<clever>
Gravious: your telling it exactly which attribute you want, so it doesnt have to walk the entire nixpkgs tree, and it skips node packages entirely
<clever>
smw_: i was using it as a nix build slave
<smw_>
clever: ah
<clever>
smw_: and because sandboxing was enabled, there was pretty much no way for the build jobs to know it wasnt nixos
<Gravious>
clever, cool, thanks :)
<smw_>
clever: how was it not nixos? :-P
<clever>
smw_: it was a custom distro, based on nixos
<Gravious>
ah so i'm using the unstable channel, i guess there's a bug in node-packages.nix there
MoreTea has joined #nixos
<MoreTea>
hi, has anyone experience packaging a ruby app that tries to use gtk3 with nix?
<NickHu>
So, am I supposed to do a nix-channel --update before upgrading my system packages?
<MoreTea>
NickHu, nix-channel --update is equivalent to apt-get update
<MoreTea>
you could also do `nixos-rebuild <VERB> --upgrade`
<MoreTea>
that will run the nix-channel --update for you before doing the rebuild
<smw_>
clever: do you know if any work is being done to secure access to the nix store?
<NickHu>
MoreTea: I see
<MoreTea>
smw_, at FOSDEM, there was consensus that it would be best to start a RFC process for that
<clever>
smw_: there are 2 issues about that open on the nix project in github
<smw_>
clever: I saw those, but it seemed like there was no progress. A lot of the info there looks stale
<smw_>
clever: I figured you would know if people were still thinking about that :-)
michaelpj has quit [(Ping timeout: 240 seconds)]
<smw_>
MoreTea: the only thing that makes sense to me for securing the nix store is to only allow access if you are following a symlink. Probably would need a kernel module for that.
<NixOS_GitHub>
[nix] zimbatm closed pull request #605: Norc for pure env (master...norc-for-pure-env) https://git.io/v3bxe
<smw_>
MoreTea: obviously you would also have root or some capability able to access the entire nix store.
<clever>
smw_: a bigger issue i can see, if i can read /run/current-system, i can traverse the entire closure, which will lead me to every secret in the currently running nixos
<smw_>
clever: yeah
<clever>
ls /run/current-system/etc/
<clever>
in here is the original etc that is used to build /etc, before config files become read restricted
<clever>
and if a secret's path is in a config file anywhere, you will probably find it thru the above path
<smw_>
clever: so, why are people able to read that?
<MoreTea>
because it is a very hard problem to solve properly
<NixOS_GitHub>
[nixpkgs] ttuegel pushed 2 new commits to master: https://git.io/vyWwf
<NixOS_GitHub>
nixpkgs/master acb1032 Eric Sagnes: fcitx: fix fcitx-qt5 attribute path
<NixOS_GitHub>
nixpkgs/master ca8edb7 Thomas Tuegel: Merge pull request #23411 from ericsagnes/pkg-fix/fcitx...
<clever>
the /run/current-system/etc is a directory in the store, and all storepaths must currently be world-readable
<zimbatm>
there were talks of removing the read attribute on /nix/store as well
<MoreTea>
I would probably take the approach of storing secrets outside of the store.
<lwf>
hi. i'm trying out nixos and i've hit a snag, wondering about that to do here. i set up a VM with 1 GB of RAM, and tried to "nix-env -i hello". that didn't work because nix-env runs out of memory.
<clever>
zimbatm: but if i can read /run/current-system, i can still find the secret paths, the same way the service finds them
<MoreTea>
smw_, take a look at how ACME (let's encrypt) is implemented
<clever>
zimbatm: so -r to /nix/store wont help
<lwf>
i found i should "nix-env -iA nixos.hello" instead, and that worked
<zimbatm>
clever: yeah it doesn't solve that problem, it's just an easy way to hide
<lwf>
however, i don't see how i should uninstall
<clever>
lwf: nix-env -e hello
<smw_>
MoreTea: I think it should be implemented in the store personally. It would make a bunch of tools work for your secrets as well as your code.
<gchristensen>
it is obscurity and that is not a reasonable plan for securing secrets in the store
<MoreTea>
lwf, nix-env -eA hello
<clever>
MoreTea: i believe ACME works purely by storing the secrets outside of the store, they get generated at runtime
<zimbatm>
I think I would treat secrets like state like MoreTea says
<MoreTea>
gchristensen, +1
<zimbatm>
but it would be nice if we had a better mechanism to fence mutable stuff than just : it lives in this folder
<MoreTea>
Clever, indeed.
<MoreTea>
zimbatm, time for a RFC!
<lwf>
oh my, that worked fine! i tried to use -u... and couldn't find any combination that did not run out of RAM.
<magnetophon>
I'm trying to run "pandoc README.md --latex-engine=xelatex -o readme.pdf", and get "xelatex not found". IIUC I need to install texlive, right? Is it normal that texlive needs to build *a lot* of stuff?
<clever>
one of my testcases needs an ssl cert+key, and in the past i have made this work by just embeding a cert+key into the git project
deciduously has joined #nixos
<clever>
so now the key is world-readable!
<lwf>
maybe i still have the problem if i try to upgrade then, have not tried that yet...
endformationage has joined #nixos
<clever>
today, with the same problem, i just made it generate a fresh keypair on bootup, and refer to its cert from the test scripts
<smw_>
MoreTea: if it is outside the store I need to manage it outside the store.
<clever>
which also solves a second issue, the pre-made cert i git expired a while back, causing all tests to fail
<MoreTea>
clever, I know of people who use git-crypt. It apparently works for them to have the secret stored (impurely) on the nixops managed machines.
<lwf>
yes, i found that now, stupid mistake. i'll see if i can run upgrade as well, since it turns out that was what i had problems with.
<MoreTea>
zimbatm, if you need help doing something very specific, please do ask for help.
Rizy has quit [(Quit: Rizy)]
shymega has quit [(Quit: So long, and thanks for all the talking doors.)]
<smw_>
MoreTea: I have a half formed idea to only allow following if the store you are using contains a syslink. So you start at your profile, it has a link to x which links to y and you now have access to y.
<zimbatm>
MoreTea: would you be interested in becoming co-author on the RFC?
Kendos-Kenlen has joined #nixos
<Kendos-Kenlen>
Hi :)
<MoreTea>
zimbatm, yep
<zimbatm>
cool, I'll add you to the RFC then :)
shymega has joined #nixos
<lwf>
no, no problems there either, nix-env -uA nixos.hello works fine too, unlike when not adding the -A. i thought it didn't because expected it to Uninstall. cool.
<MoreTea>
smw_, but that would not work on e.g. Debian or OSX right?
alx741 has joined #nixos
<smw_>
MoreTea: oh, I don't care about them. :-)
<MoreTea>
smw_, then it's not going to be merged in nixpkgs
<zimbatm>
MoreTea: if you can have a good read through, takes some notes and then we can have a call some time next week it would be awesome
<smw_>
MoreTea: you don't need secrets unless you are doing configuration.
<smw_>
MoreTea: nixpkgs does installation of software, not setup.
<MoreTea>
smw_, sound reasoning.
<smw_>
MoreTea: ?
<MoreTea>
I agree with the sentiment
<clever>
one minor problem there, one sec
<MoreTea>
s/sentiment/argumentation
<MoreTea>
I thought about having a secrets daemon / program that can give a service user secrets.
<zimbatm>
smw_: the issue is the re-use of configuration generation
<MoreTea>
Not sure how that would hook into the store though.
<gchristensen>
I don't see a path forward of having secrets in the store, as their lifecycle should be, IMO, completely isolated from the rest of the system
<clever>
MoreTea: this game manages the download of the binary, by you putting a name/pw into config.nix
deepfire has quit [(Ping timeout: 256 seconds)]
<smw_>
zimbatm: I don't understand
<clever>
MoreTea: and if you have paid for the game, nix can sign in, and download a copy
<clever>
MoreTea: your password is now in the nix store, in a .drv file
<MoreTea>
I see.
<zimbatm>
smw_: take the nginx module, it has a nix to nginx config generator
Rizy has joined #nixos
<MoreTea>
Making that completely private would require VERY invasive surgery.
<zimbatm>
smw_: as a nix user, how do you re-use that while hiding the embedded secret?
<smw_>
zimbatm: yes, but that is nixos, not nix on other OSes
<zimbatm>
somehow the secret would have to be tainted
<clever>
MoreTea: yeah, best option i can think of is an impureEnv, but then you need to set the variable every time you run nix-env or nixos-rebuild
<MoreTea>
zimbatm, indeed. The trouble is how the hashing should work then.
<smw_>
zimbatm: you reuse that by already having the derivation for the builder.
<NixOS_GitHub>
[nixpkgs] benley pushed 2 new commits to master: https://git.io/vyWwo
<clever>
MoreTea: allow a "git clone" inside a nix build to access an ssh-agent running near the nix-build command
<clever>
MoreTea: even if the build is being relayed via nix-daemon
<zimbatm>
that would allow that bit to be stored and evaluated at a later time, say in a systemd daemon
<LnL>
gchristensen: yeah, I think just not having them in the store might make it easier
<smw_>
guix looks really interesting. But it is GNU. If they don't allow "non-free" it is probably out for me.
<gchristensen>
if we rollback currently, do passwords rollback?
<clever>
gchristensen: depends on where the passwords are configured
<smw_>
I would expect many secure credentials to be rollbackable.
<clever>
and thats something you would loose if you store them outside of the store
<gchristensen>
yeah
<gchristensen>
which I think is an improvement
<Kendos-Kenlen>
smw_: I recently tried Parabola, the GNU complient version of Arch, and the only things missing were blob in the kernel for wifi, and chromium. Otherwise, everything worked well.
<NixOS_GitHub>
[nixpkgs] Zimmi48 opened pull request #23490: Use default OCaml compiler for Coq 8.4 and change default Coq to 8.6 (master...coq_8_4_does_not_require_ocaml_4_01) https://git.io/vyWwp
<smw_>
Kendos-Kenlen: exactly
<Kendos-Kenlen>
So I created an Arch repository and just copied arch' packages in it :P
<clever>
:D
<smw_>
Kendos-Kenlen: I requite unrar-unfree, wifi (duh), and chromium (wait, I thought chromium was free)
<Kendos-Kenlen>
But chromium should be soonly accepted as GNU complient I think, with the ungoogled patchset.
<clever>
smw_: nixpkgs has the blob version of chromium, and an open-source chromium
<clever>
smw_: but netflix support requires a blob
<smw_>
clever: interesting... what is in the blob?
<gchristensen>
DRM keys of course
<Kendos-Kenlen>
clever: nixpkgs miss ungoogled chromium :(
<clever>
smw_: netflix specific DRM code
* smw_
sighs
<clever>
smw_: its a new framework that allows html5 <video> tags to handle DRM'd content
<Kendos-Kenlen>
smw_: I think there is a free version of unrar, it's called unar, but not sure about it.
<clever>
smw_: so you dont need a new flash player of the week from every vendor
<smw_>
Kendos-Kenlen: it sucks.
<clever>
smw_: and now the browser is free to properly do hw video decode accel
deciduously has quit [(Quit: WeeChat 1.7)]
keith_analog has joined #nixos
<Kendos-Kenlen>
smw_: I didn't had problem with it.
<smw_>
Kendos-Kenlen: I have on debian. Don't know about nixos
<Kendos-Kenlen>
Well, I don't open rar files regularly, but if I'm right, it was the soft used on parabola for rar archives.
devoid has joined #nixos
shymega has quit [(Quit: So long, and thanks for all the talking doors.)]
shymega has joined #nixos
devoid1 has quit [(Ping timeout: 246 seconds)]
<Kendos-Kenlen>
Is there any option or package which allow to install all KDE applications?
<Kendos-Kenlen>
I'm thinking to right a medium about installing NixOS with KDE and its applications set.
<icetan>
anyone else having problems installing python2.7-pip2nix?
<icetan>
from nixpkgs-unstable
<icetan>
it's complaining about an incompatible pip version 9.0.1 but needs pip<9,>=8
<smw_>
clever: yay, it is done!
johnsonav has quit [(Ping timeout: 246 seconds)]
<clever>
smw_: :D
<smw_>
clever: sudo dd if=sd-image-armv7l-linux.img of=/dev/sda, will let you know how it goes
keith_analog has quit [(Quit: Konversation terminated!)]
ryanartecona has joined #nixos
wangoe has joined #nixos
<gchristensen>
I have a problem, y'all -- reviewing commits each week for the announcement takes ages. now, reviewing 3 branches takes even longer. how could this be better?
<MichaelRaskin>
Are you actually looking up the updates to check for upstream security announcements?
<smw_>
clever: so yay, it didn't even boot :-P
<clever>
smw_: how far did it go?, did you get a rainbow on the hdmi?
<smw_>
clever: I am trying to rewrite it now. raspian doesn't seem to even see a partition on the system
<smw_>
clever: no, firmware failed to load
<clever>
smw_: you can run "fdisk -l" on the .img file, before even flashing the card
<clever>
that will confirm the img is even right
<clever>
and what you should expect on the sd later
<smw_>
good plan
<gchristensen>
MichaelRaskin: on important looking ones (openssl, screen, glibc, ...) I look up the change to see if it has security implications. otherwise I look for packages that match packages in the latest roundup, and commit messages with "Security" or "CVE" in them somewhere
<smw_>
the image looks right
<gchristensen>
I also pay close attention to fpletz's commits
<NickHu>
I'm trying to uninstall vimplugin-vimproc-vim-2016-08 with nix-env -e but it seems to do nothing and the shell return is 0; can anyone else reproduce?
<smw_>
clever: only uboot talks of mmc
<NickHu>
Strange issue that I haven't had happen before
<smw_>
clever: also dm_mod was not found
<smw_>
clever: that didn't show up in the console, just the monitor
<Dezgeg>
what are you trying to do? rpi3 with mainline kernel in armv7 mode?
<smw_>
Dezgeg: end goal: run nixos in some form on rpi3. Current strategy: built sd-image-armv7l-multiplatform.nix from master
<Dezgeg>
I saw that, but what is the desired end result? 32-bit mode with the mainilne kernel? 32-bit mode with the foundation/raspbian kernel? 64-bit mode with the mainline kernel?
<smw_>
Dezgeg: see end goal :-)
<smw_>
Dezgeg: preferably it would be pure nixos. I don't want to have the raspian kernel.
<clever>
smw_: nixpkgs can build the foundation kernel
<smw_>
I suppose that would be OK. It would certainly work temporarily.
glines has joined #nixos
<smw_>
Dezgeg: I want to move on to building my media center. I want to do it with nix which is why I am building nixos. Which kernel is used doesn't really matter to me.
<smw_>
Dezgeg: I would certainly prefer the kernel.org kernel, but I prefer a working system way more :-).
<Dezgeg>
ok, it does matter because probably only the foundation kernel can do hardware video decoding
<clever>
yeah, only the foundation kernel can accel video decode
<smw_>
sweet, I totally want the foundation kernel
glines has quit [(Remote host closed the connection)]
<Dezgeg>
I haven't tried that, but perhaps editing nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix temporarily and building the image gets that
<smw_>
Dezgeg: can you give me the lines to add? Also, should I make my own configuration.nix that imports the sdcard nix file?
justbeingglad has joined #nixos
<Dezgeg>
I think adding boot.kernelPackages = linuxPackages_rpi; nixpkgs.config.platform = pkgs.platforms.raspberrypi2; might do it, but it's 100% untested
<clever>
Dezgeg: ive seen people getting recursion problems when setting nixpkgs.config.platform = pkgs.platforms.raspberrypi2
<Dezgeg>
but yeah, boot.kernelPackages = linuxPackages_rpi; nixpkgs.config.platform = (import <nixpkgs> { config = {}; }).platforms.raspberrypi2; in sd-image-armv7l-multiplatform.nix would sound like the solution
devoid1 has joined #nixos
<alunduil>
Anyone have ideas as to why 16.03 will boot and mount USB drives fine but 16.09 times out waiting for those devices even though the disk shows as "Attached SCSI removable disk" (no further USB registration occurs)?
devoid has quit [(Ping timeout: 260 seconds)]
m0rphism has quit [(Quit: WeeChat 1.4)]
chattered has joined #nixos
FRidh has quit [(Remote host closed the connection)]
xadi has joined #nixos
<c0bw3b>
LnL : the description of khd pkg reads "A simple modal _hototkey_ daemon for OSX"
<LnL>
yes?
<c0bw3b>
LnL : maybe your PR is a chance to fix that :)
<LnL>
oh I made a typo?
<c0bw3b>
no it was there before I believe
<LnL>
I added the package, so it was still me :)
<c0bw3b>
oh :p
<c0bw3b>
then yheah you made a typo :p
<Profpatsch>
If one changes /etc/locale.conf to include e.g. LC_TIME, should the user’s locale change accordingly?
<Profpatsch>
Or is there some systemd magic involved?
<Profpatsch>
The systemd manpage says it *should* be picked up.
<Profpatsch>
localectl status tells me it should be okay3
<Profpatsch>
but e.g. locale(1) doesn’ show the correct one.
k0001 has quit [(Ping timeout: 240 seconds)]
ertesx has joined #nixos
ertes has quit [(Ping timeout: 240 seconds)]
ertesx is now known as ertes
k2s has joined #nixos
DutchWolfie has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to master: https://git.io/vyWXH
<NixOS_GitHub>
nixpkgs/master 7b914b2 Joachim Fasting: mu: leave mug off by default...
<joachifm_>
clever: ^ re: mu
<clever>
joachifm_: i dont really know what mu does, but i helped somebody with that issue a few days ago in here
<joachifm_>
clever: I see, it should work now anyway :)
<clever>
joachifm_: yep, all i gave as the previous solution was an override that turned mug off
<pierron>
garbas: ^ I added a rust-overlay.nix to pull prebuild Rust binaries.
noctux has quit [(Remote host closed the connection)]
noctux has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy opened pull request #23495: haskellSrc2nix: Change sha arg when sha256 is null. (master...haskellSrc2nix-no-sha) https://git.io/vyW1Q
<ben>
cool, cheers
<RchrdB>
pierron, it's cleaner than I was expecting.
justbeingglad has left #nixos []
<RchrdB>
probably because you neatly separated out the scary trampolining code from the perfectly ordinary lexer
<pierron>
the performance issue was for making a proper tokenizer.
<RchrdB>
I didn't want to look at those regexes too closely
<RchrdB>
just in case Cthulhu bit me
<pierron>
RchrdB: then don't look too closely at the generatePatterns function ;)
<pierron>
RchrdB: which basically generate a string as large as the file, for reading token in C++, without much Nix code.
<RchrdB>
wait… *groan*
k2s has quit [(Quit: Leaving)]
<pierron>
RchrdB: :D
<pierron>
RchrdB: to be exact, it generates a list of patterns, and as soon as one no longer match anything (because we expect more tokens) then we fallback on a smaller patterm
xadi has joined #nixos
derjohn_mob has joined #nixos
joachifm_ is now known as joachifm
glines has joined #nixos
<glines>
I'm having this crazy problem where I can't set my keyboard layout to anything but qwerty
<glines>
running setxkbmap no longer works as expected... if I set the layout, it changes back almost immediately. I have resorted to this:
<srhb>
glines: Wrong channel?
<glines>
while 1; do setxkbmap dvorak; sleep 1; done
<srhb>
No, *I'm* in the wrong channel. :D
<srhb>
Sorry.
<glines>
srhb: what.. you guys don't want to help me? ;P
<srhb>
glines: I thought I was somewhere else. Q_Q
<glines>
lol
<glines>
I suspect my problem might be with plasma5
<glines>
but I have been using it for some time without problems...
<srhb>
Tried setting it with KDE's own tools? assuming there is one.
<glines>
I even set the key layout with the KDE tool, yes
<srhb>
Hm.
<glines>
interrestingly, whenever I right click on the system tray icon, it instantly switches to qwerty and closes the pop-up menu
<glines>
killing plasmashell does not seem to resolve the problem though :(
ryanartecona has quit [(Quit: ryanartecona)]
kampfschlaefer has quit [(Ping timeout: 256 seconds)]
<c0bw3b>
glines : have you tried setting i18n.consoleKeyMap and/or i18n.consoleUseXkbConfig in your configuration.nix ?
<c0bw3b>
glines : also look at services.xserver.layout
<NixOS_GitHub>
[nixpkgs] shlevy pushed 1 new commit to master: https://git.io/vyWDC
<NixOS_GitHub>
[nixpkgs] peti closed pull request #23495: haskellSrc2nix: Change sha arg when sha256 is null. (master...haskellSrc2nix-no-sha) https://git.io/vyW1Q
proteusguy has joined #nixos
devoid has joined #nixos
devoid1 has quit [(Ping timeout: 246 seconds)]
<glines>
c0bw3b: I'll try those. I'm already using i18n for Japanese input through ibus
<glines>
(speaking of which, ibus doesn't seem to be working either)
systemfault has joined #nixos
glines has quit [(Remote host closed the connection)]
nadley has joined #nixos
glines has joined #nixos
<zraexy>
Am I right in thinking that callPackage fills in arguments that have default values too?
kampfschlaefer has joined #nixos
<glines>
I found my problem. I was setting xserver.layout = "dvorak" when I actually needed xserver.layout = "us" and xserver.xkbVariant = "dvorak"
<glines>
somehow that was causing it to flip out and keep changing my layout
* peti
uses xserver.layout = "dvorak" and it works fine.
<glines>
better watch out for the next update then :P
<glines>
I have been using xserver.layout = "dvorak" for a long time
dustmote has joined #nixos
devoid1 has joined #nixos
devoid has quit [(Ping timeout: 256 seconds)]
noctux has left #nixos ["WeeChat 1.7"]
dustmote has quit [(Client Quit)]
<avn>
glines: I use xkbcomp directly to load my keymap, and it works as well
m0rphism has joined #nixos
<peti>
glines: What exactly did you update to break the layout?
ilja_kuklic has quit [(Ping timeout: 260 seconds)]
athan has joined #nixos
<peti>
Is somone around with access to a Darwin machine? I could use a favour, i.e. a test build of the latest R release candidate. Can somone help?
<LnL>
peti: I can make a jobset for you on my desktop
<peti>
Hmm, a Hydra jobset is probably overkill. I have a very specific question, i.e. the build contains a Darwin-specific option that I believe to be obsolete, but it would be nice to check.
mog has quit [(Ping timeout: 268 seconds)]
<LnL>
I have some configuration to build a subset of nixpkgs
<peti>
LnL: If you check out the r-updates branch from https://github.com/peti/nixpkgs/, then you'll see a postConfigure attribute in pkgs/applications/science/math/R/default.nix that is applied only for Darwin.
<peti>
LnL: What I would need to know is (a) does the build succeed as-is and does it (b) still succeed after that attribute's been removed?
c0bw3b has left #nixos []
devoid has joined #nixos
devoid has quit [(Client Quit)]
<glines>
peti: I am updated to the latest nixos-unstable channel (as of this moment) with plasma5
<glines>
not sure what specifically updated. probably X or something
<peti>
glines: Oh, okay.
devoid1 has quit [(Ping timeout: 246 seconds)]
<peti>
If something breaks, then I know what to look out for.
oPn7 has joined #nixos
paperd has joined #nixos
<pierron>
LnL: did you fix the release note for the removed modules?
<pierron>
zraexy: yes, callPackage looks for names expected by the function, so it will fill attributes even if there is a default value.
<oPn7>
hello guys, added yaml to dependencies cabal2nixed and nix can't figure out yaml , i am stuck what i need to do ?
<LnL>
pierron: I didn't move it to 17.09 or are you talking about something else
sigmundv has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee opened pull request #23499: photivo: fix build with lensfun >= 0.3 (master...fix/photivo) https://git.io/vyW9B
<pierron>
LnL: ok, we should probably do that then.
<pierron>
LnL: otherwise there is chances for loosing the changelog entry.
<peti>
oPn7: I'm not sure whether I understand the problem.
<oPn7>
i added yaml to dependencies then did cabal2nix then nix-build -A clitool clitool.nix nix-shell -A clitool clitool.nix
<oPn7>
returns me , cabal: Encountered missing dependencies: yaml -any
<oPn7>
however there yaml on my system which is 0.8.21.2
* pierron
wonders if we would see other language parsers written in Nix.
<oPn7>
i did yaml == 0.8.21.2 , 0.8.21.2 >= 0.8.21.2, still same
<oPn7>
yaml >= 0.8.21.2
<oPn7>
this happened only with yaml
<peti>
oPn7: How did you run cabal2nix?
<oPn7>
cabal2nix . > default.nix
<LnL>
pierron: yeah, btw. I can't reproduce the ordering issue anymore (master and 17.03)
<peti>
Your binary lives at result/bin/clitool, which is a symlink to /nix/store/irk4rm2q9rqlyhssrl902bz28hsgn429-clitool-0.1.0.0/bin/clitool.
<oPn7>
so you are saying dont use cabal run ?
<peti>
oPn7: Yes. If you want to use cabal run, then you'll need to use a different approach.
<peti>
oPn7: Wait a sec ...
<oPn7>
okey
jgertm has joined #nixos
<NixOS_GitHub>
[nixpkgs] zraexy opened pull request #23501: eclipse: don't use webkitgtk2, fixed dependency passing (master...eclipse) https://git.io/vyWHo
<peti>
oPn7: Run: nix-shell clitool.nix -A clitool.env --run "cabal configure"
<peti>
oPn7: Afterwards, you can use the normal cabal build, cabal repl, cabal run commands. With that approach, you're not building with Nix. Instead, Nix just provides the compilation environment.
<clever>
as a random example, echo "/tmp/core.%p.%e" > /proc/sys/kernel/core_pattern
<clever>
if you ran that, then line 135 of your hastebin would have created /tmp/core.2181.X
<Mateon1>
clever, Okay, awesome, thank you
jgertm has quit [(Ping timeout: 268 seconds)]
<clever>
another great thing about nixos, i can get the exact same xorg as you by running: nix-store -r /nix/store/sr9yg251855xh3ic3jb4zr3jd959kapr-xorg-server-1.18.4
<clever>
which makes it trivial for me to open your coredumps, with any other distro, id have to risk breaking my system by downgrading to your "known-broken" version so gdb can find crap
Mateon1 has quit [(Remote host closed the connection)]
<clever>
but with nix, i can safely download potentialy broken stuff, with zero risk
tadni- has quit [(Read error: Connection reset by peer)]
Mateon1 has joined #nixos
hiratara has quit [(Ping timeout: 246 seconds)]
tadni- has joined #nixos
<Mateon1>
Does the /proc/sys/kernel/core_pattern setting persist after reboot? I don't have a core file in /tmp
Mateon1 has quit [(Remote host closed the connection)]
hiratara has joined #nixos
Mateon1 has joined #nixos
yumbox has joined #nixos
<Mateon1>
Oh whoops, I had a typo in my configuration file
<yumbox>
is it easy/possible to install NixOS while keeping a bootloader?
<Mateon1>
But I noticed that half the time I reboot, I can't use IPv6...
<Mateon1>
Well, that must wait
Mateon1 has quit [(Remote host closed the connection)]
<clever>
yumbox: i have done it before, but you need to source the nixos grub.conf from the other distro's grub
<clever>
yumbox: its much simpler to add the other distro to the nixos grub, most of the time
<yumbox>
at the moment i use systemd-bootloaderd
<yumbox>
(or whatever it's called)
Mateon1 has joined #nixos
<ben>
do you just not but a boot.loader.*.enable = true line into your configuration dot nix?
<clever>
ben: then you have no way to boot nixos
suolrihm has joined #nixos
<yumbox>
doesn't nixos put a default boot option in place?
<yumbox>
like, latest kernel or something
roconnor has joined #nixos
<clever>
yumbox: it doesnt copy the latest kernel to a special name, every kernel has a unique name based on a hash, and you need a bootloader config file to know whcih one is the right one
<clever>
yumbox: and for that, a bootloader has to be enabled
<yumbox>
but can't you just make a symlink?
<Mateon1>
Hm, how can I share these coredumps?
<clever>
Mateon1: just upload it to any service that allows sharing files
<suolrihm>
hello everyone, i got a little problem (once again), this time with emacs: when i'm trying to open a file over the gtk interface/buttons, it crashes but not only crashes but xorg hangs up - open emacs via bash doesnt change anything. anyone got an idea why this happens?
<clever>
Mateon1: or run gdb on it and X, and get a backtrace
<NixOS_GitHub>
[nixpkgs] moretea opened pull request #23505: Add docFn to lib, to automatically generate documentation for lib functions (master...document_functions) https://git.io/vyWA0
m0rphism has joined #nixos
<Mateon1>
Okay, let's see if that works
Mateon1 has quit [(Remote host closed the connection)]
m0rphism has quit [(Client Quit)]
m0rphism has joined #nixos
Mateon1 has joined #nixos
<Mateon1>
Okay, that did crash it, generate core dumps, and used the proper themes with backup drivers
<clever>
ok, "bt full" again and we should see more
<pshendry>
How do I go about passing a variable to an imported module, e.g. so my radicale-configuration.nix can get access to a 'sslCertificateDir' value I define?
<clever>
Mateon1: though i dont think d works like that, i think you want helpers.d[0]
<clever>
Mateon1: most QT objects have a d pointer, for shared state between copy-on-write clones, and its just a normal pointer, not an array
<clever>
and then you would need to somehow navigate the internals of QMap to find the entry with a key of 2
<pshendry>
The 'imports' list doesn't pass parameters. Should I be defining an option and then referring to option.x in the imported module?
<c74d>
pshendry: I think the module should declare a configuration option (e.g. `config.radicale.sslCertificateDir`), which can then be defined (set) in some other module
<clever>
an entry with left=2
<clever>
Mateon1: those numbers look more sane, size is 4, and the head of the list has left=0
<clever>
Mateon1: last comment is a person claiming ABI problems, but nix cant really have those
suolrihm has quit [(Quit: Leaving)]
<Mateon1>
It's interesting that it seems to be related to Screen, I have multiple screens, but one of the reasons I want to install a proper graphics driver, is that currently my GPU is working in mirror/multiplex mode, in which I get the same image on all screens
<clever>
Mateon1: if you post your backtrace and some config details, the sddm guys can probably find the problem better
alx741_ has quit [(Ping timeout: 268 seconds)]
jophish_ has quit [(Ping timeout: 240 seconds)]
<smw_>
clever: haha nixos doesn't work on gce out of the box right now. Thankfully I think it is an easy fix.
gwlan has joined #nixos
roconnor has quit [(Ping timeout: 240 seconds)]
<smw_>
clever: why is everything I try to do with nixos so hard?
<smw_>
clever: meh, I guess the issue is lack of critical mass. In other distros hundreds of other people would have already solved the problem :-P
<clever>
smw_: maybe you should start with a normal x86 machine you have physical access to?
<smw_>
clever: that sounds wonderful. I don't have any at the moment
<gwlan>
hello, i'm trying to install nixos but i'm stuck with grub : when nixos-install performs the installation and (i guess runs grub-install), it tries to copy a /nix/store/.../share/artwork/gnome/Gnome_Dark.png to /boot and fails
<clever>
or a local vm
<clever>
there are pre-made virtualbox images available for download
<gwlan>
does anybody issued the same problem?
<gwlan>
"cannot copy .../Gnome_Dark.png to /boot"
<smw_>
clever: I am going to continue going the GCP route. While I know nothing of nixos, I know GCP.
<clever>
ah
<gwlan>
the symlink exists in /mnt/nix/store/... but the files doesn't exist
<clever>
gwlan: all of those symlinks are absolute, and refer to the other /nix/store, so they wont resolve right until you chroot or manualy resolve them in your head
<Mateon1>
clever, I posted the backtrace and some information in the Github issue. I couldn't find any X server config, though
<clever>
Mar 04 23:17:04 hydra X[3082]: (++) Using config file: "/nix/store/aqcgdqm1z8lnnl6yqx30mxq7gi7wc4y6-xserver.conf"
<clever>
Mateon1: from one of your previous pastebins
<clever>
gwlan: cant see anything obvious as to why its broken, and its getting late here
<Mateon1>
I'll see if I can solve some more issues tomorrow (intermittent IPv6, no multi-screen support, networking issues, samba share issues)
<gwlan>
np, i'll look at it a bit more and post on the bugtracker, good night
k0001 has joined #nixos
<smw_>
clever: so, I have imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; That nix file defines systemd.services.fetch-ssh-keys, is there a way to override that from my nix configuration/
<smw_>
?
<smw_>
clever: if not, I need to copy it because it has a ton of good setting
<smw_>
settings*
<smw_>
clever: (also, I have it booted now)
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to master: https://git.io/vyWhp
<NixOS_GitHub>
nixpkgs/master a7645c2 Michael Raskin: getmail: 4.53.0 -> 4.54.0
alx741_ has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 2 new commits to master: https://git.io/vyWjG
<NixOS_GitHub>
nixpkgs/master 3f817d0 Michael Raskin: Merge pull request #23430 from rnhmjoj/libchop...
alx741 has quit [(Ping timeout: 256 seconds)]
m0rphism has quit [(Quit: WeeChat 1.4)]
m0rphism has joined #nixos
gwlan has quit [(Quit: Page closed)]
<tilpner>
Hi, is anyone successfully using firejail on NixOS? I'm having trouble whitelisting /nix/store/<specific-path> and something seems to trigger firejails sandbox detection a lot
<smw_>
anyone ever seen this? sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
<smw_>
sudo: /nix/store/fwgh4ccjndcc4cw62kh5zx0c63whb5j6-sudo-1.8.19p2/libexec/sudo/sudoers.so must be owned by uid 0
<smw_>
god damn it. I see the problem
<smw_>
I built the image as non-root
eacameron has joined #nixos
takle_ has quit [(Remote host closed the connection)]
<smw_>
haha, I can't nix-env -i without running out of memory