<Infinisil>
I'm actually a bit sad that pass(wordstore.org) is written with bash.. and doesn't use github..
jtojnar has joined #nixos
<gchristensen>
oh its by zx2c4, neat
<taktoa>
I love jq
<Infinisil>
Well it's not that bad, pass is pretty much just a wrapper for gpg and git
<nh2>
Infinisil: maybe even that will be fixed at some point. He already verified WireGuard with a Haskell tool
<zx2c4>
uh what
* gchristensen
waves
<zx2c4>
youre upset im not on github or that i wrote a bash script or what?
<Infinisil>
zx2c4: Damn you're here
<zx2c4>
re:github -- i use free software to host my free software. (i also maintain cgit)
jtojnar has quit [(Client Quit)]
<taktoa>
catern: you might be able to do `nix-instantiate --parse` + JSON to get the best of both worlds
<zx2c4>
re:bash -- pass is just "stick your passwords in a gpg encrypted file in a directory tree". i wrote a tiny script for this and used it for a long time. at some point i put it on the internet, and then people got excited
<Infinisil>
zx2c4: Yeah, but issues and PR's and stuff are pretty nice. Have you thought about using GitLab?
<taktoa>
there should be a kythe indexer for nix
<zx2c4>
seems like for a small dinky thing that just manages...files in a directory tree... bash should be sufficient
<zx2c4>
i prefer mailing lists for patches and issues
<Infinisil>
zx2c4: Agreed
<zx2c4>
same flow as the linux kernel
<zx2c4>
which is, of course, what git was actually designed for
<Infinisil>
zx2c4: At least you're not using Google groups ugh (*cough* nixos mailing list *cough*)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] cstrahan opened pull request #27629: Envoy: init at 1.3.0 (master...envoy-staged) https://git.io/v7q6f
NixOS_GitHub has left #nixos []
<zx2c4>
haha
Fare has joined #nixos
<zx2c4>
yea everything is on lists.zx2c4.com
<zx2c4>
(and code is on git.zx2c4.com )
<Infinisil>
zx2c4: Thanks for writing pass btw! Using it a lot and it has worked pretty much perfect so far
<Infinisil>
zx2c4: Yeah saw that
<nh2>
yeah lots of pass users in here
<zx2c4>
sometimes i think about rewriting it in C
<zx2c4>
but then it stops being just a quick and dirty script
<zx2c4>
and then whats the point
<zx2c4>
gpg kind of sucks anyway
<hexa->
oh yes, indeed
<Infinisil>
Heard that lots, haven't used it so long that I could express my opinion about it though
<hexa->
loving pass especially since I can encrypt passwords for teams and use revision control :)
<Infinisil>
Doesn't it get easier once you 'master' gpg?
<zx2c4>
yea i mean its not too hard to learn
<catern>
taktoa: interesting idea!
<zx2c4>
its just crypto from the 1990s
<zx2c4>
and a massive complicated implementation
<catern>
okay, okay, maybe I will indeed generate JSON
<copumpkin>
"sometimes i think about rewriting it in C. but then it stops being just a quick and dirty script" -> yeah, it turns into a buffer overflow cum format string vulnerability :)
<zx2c4>
haha
<nh2>
and UI from 2100 when humans are long dead
<Infinisil>
There must be something better than gpg now, right?
<zx2c4>
there are a bunch of random things that try to reimplement parts
<zx2c4>
but everybody has gpg
<zx2c4>
so my reasoning on pass is just like
<Infinisil>
We have blockchains now :DDD
<ToxicFrog>
zx2c4: ooo. That looks really nice. I'm not sure if it looks nice enough for me to convert my existing keepass db to it, though.
<copumpkin>
Infinisil: oh yeah, I was wondering what the 140GB folder on my computer was
<zx2c4>
"use the filesystem, and something that's around like gpg, with bash and git and whatnot, and then the thing will remain uncomplicated and reasonable secure" vs "invent something new, and make a beautiful minimal implementation with spaceage cryptography"
sidpatil has joined #nixos
<zx2c4>
so in the absence of motivation for the latter, i went with the former
<zx2c4>
which seems to be _good enough_ for storing passwords
<Infinisil>
zx2c4: Sometimes I wish it wasn't using files though
<hexa->
and it behaves unixy, if I don't like pass I can easily take my passwords and move on
<zx2c4>
for the info leak?
adeohluwa has joined #nixos
<zx2c4>
i think soembody else made "pass-tomb" -- a plugin that puts the whole thing in some container
<Infinisil>
zx2c4: Yes and also because sometimes you want to query something more complicated, maybe assign tags, maybe sort them into categories, a schema for username/email/whatnot would be nice. A database would provide lots of possibilities
<zx2c4>
oh, yea
<zx2c4>
but
<zx2c4>
you can use the filesystem for this too
<ToxicFrog>
Infinisil: we have stuff like keepassx for that already, though
pie_ has quit [(Read error: Connection reset by peer)]
<zx2c4>
Site/accountname/{field}
<hexa->
passwords are usually attached to a host, so I rely on reverse notation
<ToxicFrog>
(and sorting into categories/tags can already be done; use directories for categories and dirs-of-symlinks for tags)
pie_ has joined #nixos
<Infinisil>
zx2c4: Sure, but it won't ever be as powerful as a database
<zx2c4>
yea
<zx2c4>
certainly
<zx2c4>
so for more powerful databasey things, you probably dont want something quick&dirty with the filesystem
<gchristensen>
niksnut: : how much traffic does planet.nixos.org and releases.nixos.org get?
<zx2c4>
which is a totally reasonable need for some folks
<Infinisil>
I don't know how encryption with a database works though, with files it's pretty easy
<zx2c4>
but i'd rather have the convenience of files. i dont have to worry about weird formats or weird manipulation tools or whatever
<ToxicFrog>
Infinisil: the way keepass handles it is the entire database is an encrypted file
<ToxicFrog>
When you open it it decrypts the whole db in memory
<Infinisil>
zx2c4: There are some tools that allow you to choose between multiple store formats, maybe something like this could work
<zx2c4>
ToxicFrog: you seem to know about keepass
gm152 has joined #nixos
<nh2>
zx2c4: I think the approach was pretty good given the circumstances and came at the right time -- for me at least, it solved my password issues in exactly the way I wanted in terms of simplicity and behaviour (sure, I'd prefer something memory-safe as a replacement for gpg and something sane as a replacement for bash from a technical perspective, but from a user perspective I don't see them)
<ToxicFrog>
zx2c4: it's my password manager of choice
<Infinisil>
ToxicFrog: I see
<zx2c4>
ToxicFrog: is keepass easy enough that my girlfriend could use it? and which of the keepass{,x,2,whatever} is the one to use these days?
<ToxicFrog>
And it occurs me to that one thing that might stop me from using `pass` is no phone client :/
<Infinisil>
ToxicFrog: There's a pretty good iOS client
<zx2c4>
ToxicFrog: false! there is a phone client
<zx2c4>
theres an android and an ios client
<zx2c4>
maybe multiple
<Infinisil>
The iOS client is actually surprisingly well done
<zx2c4>
ive never used it i should take a look
<zx2c4>
i cant figure out the need for password managers on the phone
<zx2c4>
all the apps on my phone
<zx2c4>
auto login
<zx2c4>
i sign in once, and then i'm set
<zx2c4>
ive never needed it there
<zx2c4>
maybe i dont use enough apps or something?
<gchristensen>
ok Infinisil here goes
ryanartecona has quit [(Quit: ryanartecona)]
<Infinisil>
zx2c4: Browser logins, sites i rarely use, browser changing, logins that expire, etc.
<gchristensen>
zx2c4: maybe your passwords aren't painfully long enough
<Infinisil>
Yeah my passwords are all random bits, won't want to type that in :P
<zx2c4>
they are long, but when i need to login that one time, i just use `pass -q` to get a qrcode on my screen, scan that, and then use it from there {LOL at universal paste buffer vuln}
<gchristensen>
oh :)
<nh2>
zx2c4: for me the use case of pass-on-the-phone is for emergency mode. If I'm somewhere without my laptop and I have to fix something via some other computer or even SSH from my phone, I can retrieve the passwords if I have to
<Infinisil>
zx2c4: But then I also need a qr scanner, and always access to my laptop (which is admittedly most of the time, but still)
<ToxicFrog>
zx2c4: KeePass is pretty straightforward, it has a bunch of power user features but you don't need to know them to use it for password management. I've introduced non-technical friends and family to it without issues. It's probably not the cleanest/simplest password manager out there but it's cross-platform and FOSS.
<nh2>
Infinisil: thanks
<Infinisil>
Ohh, passforios is available in the App Store now :D Last time I checked I had to build it myself
<zx2c4>
another way is just using sendkeys over adb
<zx2c4>
to make your laptop type into your phone
<gchristensen>
:o
<ToxicFrog>
As for which one, KeePass2 runs on all mono platforms, KeePassX/XC run on all *nix platforms
<zx2c4>
Mono!
<Infinisil>
gchristensen: You wanted to tell me something?
<ToxicFrog>
They use the same on-disk format
<ToxicFrog>
Er, mono and/or .NET
jgertm has quit [(Ping timeout: 258 seconds)]
<zx2c4>
i thought there were a couple different formats?
<ToxicFrog>
Same on-disk format, different implementation.
<ToxicFrog>
KP1 didn't run on anything but windows, so KPX originated as a linux version of it.
<ToxicFrog>
(IIRC)
<ToxicFrog>
KP2 targets .NET and thus runs on *nix systems with mono installed as well as on windows, and at the same time KPX (now KPXC) expanded to target OSX.
<ToxicFrog>
They support the same features but have some UI differences.
<Infinisil>
gchristensen: \o/
<zx2c4>
interesting okay thanks for the overview ToxicFrog
<gchristensen>
Infinisil: you could have figured it out :) I just copy pasted from that website
<ToxicFrog>
There's also KeeWeb, which is a pure JS implementation
<ToxicFrog>
And thus runs in the browser with no installation needed
<zx2c4>
yikes
gm152 has quit [(Quit: Lost terminal)]
<zx2c4>
i think ill pass on that
<ToxicFrog>
I have no idea how secure/stable it is, I haven't used it, but it looks pretty slick
<Infinisil>
gchristensen: Yeah I would've done the same. What do you think of migrating to nginx though?
<gchristensen>
meh
<gchristensen>
offers almost no value, is probably error prone and difficult
<Infinisil>
gchristensen: I actually don't know much about apache vs nginx, but I heard tha nginx was the future. Also nginx has superb nixos options
<ToxicFrog>
zx2c4: it's not, but on the plus side it looks like it has a much less cluttered UI than KP2/KPXC
<gchristensen>
sure
<gchristensen>
nginx has taken off in popularity
<gchristensen>
but I'd rather people spend time improving docs, moving to nix 1.12, updating patches, fixing bugs, than migrating apache to nginx :P
<Infinisil>
gchristensen: Heh, that's your standard argument but it's true
<ToxicFrog>
Oo, found a KP to pass importer.
<gchristensen>
I'd have a different position if apache was actually causing us harm
<ToxicFrog>
I may give pass a shot, it looks like a UI that will work better with my normal workflow if I can get gpg-agent to play nice over ssh.
<ToxicFrog>
(at the moment I'm using kpcli + keepassdroid)
<zx2c4>
wtf why does keepass2 implement their own csprng?
<zx2c4>
also looks like kpx and kp2 support different ciphers
<zx2c4>
i didnt see any chacha20 support in kpx
<zx2c4>
but i se it here in kp2
<zx2c4>
yikes and random 96-bit nonces are not good
obadz has quit [(Ping timeout: 276 seconds)]
<ToxicFrog>
I don't know enough to answer that question.
sigmundv__ has joined #nixos
<gchristensen>
ToxicFrog: I'm not sure he's looking for an answer :P
<Infinisil>
zx2c4: Damn, just looking at your website, you wrote a hell of a lot of open source stuff, I'm impressed
<zx2c4>
Infinisil: glad you dig it
<cstrahan>
zx2c4: hey, I didn't know you hanged around here :). do you use Nix{,OS}?
<zx2c4>
okay, uh, i think im gonna pass on keepass
<zx2c4>
cstrahan: no, but im kind of jealous of people who do, and i think at some point ill probably take the plunge
<zx2c4>
i follow its development
<Infinisil>
zx2c4: What are you using instead?
<gchristensen>
we're always happy to help people get going ):
sigmundv_ has quit [(Ping timeout: 255 seconds)]
<cstrahan>
:P
<gchristensen>
erm ... :) *
<zx2c4>
Infinisil: see my /whois
lambdael has quit [(Quit: WeeChat 1.7.1)]
<zx2c4>
ToxicFrog: wait what is kpxc?
<nh2>
when today I cherry-picked that stdenv change, that made for a nice Gentoo-like experience
<zx2c4>
(we can take this conversation into #pass or something if doing it here is obnoxious)
<gchristensen>
zx2c4: maybe we can tempt you over with a nixos/developer cloak :P
<zx2c4>
haha
<zx2c4>
some day some day
obadz has joined #nixos
<Infinisil>
Before I used NixOS I didn't even know I needed it
<Infinisil>
zx2c4: Alright I have no idea what you mean by /whois
<zx2c4>
yea i imagine once the declarative functional bug bytes you, you dont go back
<zx2c4>
oh, on irc, if you type "/whois zx2c4" you'll see im a gentoo dev
<Infinisil>
Your website spews a 404 for /whois. And my `whois` doesn't work for some reason
<zx2c4>
s/bytes/bites/
<Infinisil>
Oh lol
<ToxicFrog>
zx2c4: KeePassXC, a fork of KeePassX that's still under active development (KPX stopped getting updates a year or so ago)
<Infinisil>
zx2c4: So, what OS *are* you using? whois didn't give me that
<gchristensen>
lol gentoo
<gchristensen>
he's using gentoo
<Infinisil>
:O
pareidolia has quit [(Ping timeout: 240 seconds)]
<gchristensen>
from nickserv: "freenode -- | [zx2c4] (sid204921@gentoo/developer/zx2c4): Jason A. Donenfeld"
<gchristensen>
or not from nickserv, but from the network
<Infinisil>
I see
ebzzry has quit [(Ping timeout: 248 seconds)]
<Infinisil>
(totally missed zx2c4 message about using gentoo)
<zx2c4>
IM A HEATHEN FOREIGNER IN HERE
<zx2c4>
:D
<copumpkin>
hey, we're a source distro, you're a source distro
<copumpkin>
all friends
<zx2c4>
a meddlesome outsider
<zx2c4>
:)
<gchristensen>
although I like to joke that nixos is the only distro to rebuild _more_ than gentoo :0
ebzzry has joined #nixos
<nh2>
gchristensen: I would laugh if I weren't waiting for my build to finish for 8 hours now
<nh2>
:D
<Infinisil>
gchristensen: What does this tell me about gentoo? That it updates a lot?
<zx2c4>
ToxicFrog: okay so keepass{x,xc}'s crypto does not inspire confidence
<gchristensen>
Infinisil: gentoo is famous for recompiling because they don't have binary packages -- users compile everything.
<ToxicFrog>
zx2c4: in what way?
<zx2c4>
it looks like keepass2 tried to rectify some issues at he beginning of tht his year with their kp4 format
<Infinisil>
gchristensen: I see
<zx2c4>
but even then im not super impressed
<gchristensen>
Infinisil: nixos recompiles _more_, because if a simple teeny tiny shell script in stdenv changes, _everything_ rebuilds whereas that doesn't happen on gentoo
<zx2c4>
yea. it turns out it's not enough to encrypt something. you also have to add an "authenticator tag" -- usually 16 extra bytes -- that demonstrate that the encrypted text wasn't tampered with
<gchristensen>
:)
<copumpkin>
zx2c4: GCM can do it "inline"
<Infinisil>
gchristensen: This needs changing setup.sh, I gave up building the hello package after about 2 hours because I couldn't be bothered
<ToxicFrog>
I kind of assumed that tampering with the ciphertext would result in the cleartext no longer being a well-formed database
<zx2c4>
yea so GCM is an authenticated encryption construction that does it all for you
<gchristensen>
Infinisil: exactly
<zx2c4>
usually it appends a 16byte tag itself
<zx2c4>
ToxicFrog: maybe, maybenot
<copumpkin>
because it turns out you can screw up adding a MAC by hand pretty badly
<zx2c4>
there have been lots of attacks of people really cleverly messing with ciphertext
<zx2c4>
rearranging blocks and so forth
<zx2c4>
to create wellformed outputs
pareidolia has joined #nixos
<zx2c4>
so you start then going down this path of "how could we design a format such that it'd be impossible for an attacker to mess with any cipher text and get a well formed output?"
<ToxicFrog>
Aah.
<zx2c4>
and the answer to that question inevitably winds up looking the same as using a cryptographic authenticator
sigmundv__ has quit [(Remote host closed the connection)]
* ToxicFrog
nods
<ToxicFrog>
Makes sense.
<ToxicFrog>
That said -- that's not part of my threat model. If someone has write access to ~ I'm already completely hosed.
<zx2c4>
yea, right
<zx2c4>
most full disk encryption isn't authenticated either, in fact
<ToxicFrog>
My threat model is "someone steals my phone/laptop and tries to extract my passwords from the KP file"
<zx2c4>
right
<zx2c4>
so yea thats the thing, and taps into what i was saying earlier
<zx2c4>
the threat model of password managers usually isnt that insane
<zx2c4>
which is why something sort of crappy that uses gpg (like pass) is probably good enough
<zx2c4>
(gpg uses signing, which is sort of like an authentication tag, but different)
<Infinisil>
There must be some sort of more convenient interface to gpg
<zx2c4>
where things would probably stop being so nice, though, would be if you were synchronizing your database with some untrusted server -- like amazon or whatever -- and things were tampered there
<ToxicFrog>
If they can make arbitrary edits to stuff in ~, they have a lot of easier attack vectors, including installing a malicious version of kpcli, gpg-agent, and ssh-agent to ~/bin that I probably won't notice until it's too late.
<zx2c4>
yea, of course. if your world is totally local, then arbitrary file modification means code execution anyway, so whatever
<ToxicFrog>
And since the KP file is stored entirely locally, "someone compromises the keepass service and serves me a modified password file" isn't a threat either, because there is no keepass service to compromise, unlike, say, lastpass.
<zx2c4>
i think some people, though, use dropbox to "sync" their kpx file
<ToxicFrog>
Probably.
<ToxicFrog>
What's the attack vector there, though? Like, assume dropbox is compromised, and you can edit the KP ciphertext to produce well-formed but different cleartext -- what does this get you?
sigmundv_ has joined #nixos
michas has quit [(Read error: Connection reset by peer)]
<zx2c4>
in some cases, an attacker could actually use this to decrypt data!
michas has joined #nixos
<ToxicFrog>
o.O
<ToxicFrog>
Do tell!
jgertm has joined #nixos
<zx2c4>
sounds insane, but there's an attack called an oracle attack
<zx2c4>
the most well known one is the "padding oracle"
<zx2c4>
basically, if the attacker can get somebody to answer the question "is this file well formed after decryption?",
<zx2c4>
then he can twiddle one byte at a time
<zx2c4>
to eventually decode blocks
<zx2c4>
change a byte, ask the question, cahnge the byte, ask the question
<ToxicFrog>
Aah.
<zx2c4>
and in certain schemes, this works catastrophically well
<ToxicFrog>
Hmm. This would probably require modifying the file and then seeing if the user restores it from backup (and having some way to tell if they've opened it or not)
<ToxicFrog>
(by default KP creates a lockfile adjacent to the database when opening it, so that's easy if you control dropbox)
<zx2c4>
yea. i doubt that kind of thing would be feasible with dropbox
<zx2c4>
but maybe there's some crazy vector
<zx2c4>
where kp2 tries to re-open after failure
<zx2c4>
something nuts like that
<zx2c4>
but a bit impractical probably
<zx2c4>
where you see this kind of thing in practice is for example
<Infinisil>
Semi-related: I'm excited for the upcoming Filecoin + IPFS stuff, would work very well for password stores
<zx2c4>
if a web server sends you a aes-cbc-encrypted cookie, and forgets the authtag
<zx2c4>
and then gives you a "503" error if the cookie you send back isnt well formed
<zx2c4>
in this case you can play that game in a totally automated way
<zx2c4>
in the literature, the web server in this example is the "oracle", indicating whether or not your modification was a good one
* ToxicFrog
nods
<ToxicFrog>
Cool.
justelex has joined #nixos
<Infinisil>
I have an upcomming exam about this kind of stuff heh
<ToxicFrog>
Re dropbox, it would probably be infeasibly slow but theoretically possible; dropbox does versioning and automatically uploads new files, so you can tell if the file was opened or not by watching for the lockfile get created, and if you assume the user will use dropbox's "roll back" command if the cleartext is no longer well-formed, you'll see that server-side too.
Supersonic112 has quit [(Disconnected by services)]
Supersonic112_ has joined #nixos
Supersonic112_ is now known as Supersonic112
<copumpkin>
clever, niksnut: failed again! this time the non-bootstrappy one
<copumpkin>
I wonder why it started happening all of a sudden though
<copumpkin>
no changes in perl recently
lambdael has joined #nixos
lambdael has quit [(Client Quit)]
lambdael has joined #nixos
<zx2c4>
Infinisil: hah cool bout exam
<zx2c4>
ToxicFrog: thats a good point
<zx2c4>
im sure if youre dropbox server you can push the client to do all sorts of shady things too
<gchristensen>
especially with that kext on osx
<copumpkin>
gchristensen: and now it passed, sigh
hyphon81 has joined #nixos
<gchristensen>
lucky break :/
<copumpkin>
I guess I'll restart failed builds again?
<gchristensen>
the perils of using nixUnstable on hydra
<copumpkin>
hard to even say if it's nixUnstable
<gchristensen>
you can or I can
taktoa has quit [(Remote host closed the connection)]
lambdamu_ has joined #nixos
<hyphon81>
My openblasCompat package was broken. After reinstalling it, it is running fine.
lambdamu has quit [(Ping timeout: 240 seconds)]
erictapen has quit [(Ping timeout: 248 seconds)]
<gchristensen>
"Queued: 41,112" :D
<gchristensen>
scaled up to 12 spot instance builders too... nice.
erictapen has joined #nixos
imalsogr` has joined #nixos
mightybyte has joined #nixos
dalaing has left #nixos []
<mightybyte>
I just reinstalled nix on my mac and now I'm getting this error.
<mightybyte>
error: couldn't change to directory of ‘/nix/var/nix/daemon-socket/socket’: No such file or directory
<mightybyte>
Anyone know how to fix that?
<hyphon81>
It is hard the package binary broken caused in Nix. I followed dependencies for the openblasCompat package and deleted dependent packages all.
<mightybyte>
gchristensen: I was told that you were the person to talk to about this.
<hyphon81>
Is there better method?
erictapen has quit [(Ping timeout: 240 seconds)]
<grahamc>
mightybyte give me 5min and I'll be back.
<imalsogr`>
mightybyte: grahamc = gchristensen :)
<mightybyte>
grahamc: Cool, thanks.
<Infinisil>
Whoa why are you using 2 nicks gchristensen ?
<clever>
i think one is on matrix
<clever>
mightybyte: what user owns the /nix/store dir?
<mightybyte>
clever: root
<clever>
mightybyte: is nix-daemon running?
jtojnar has joined #nixos
<gchristensen>
mightybyte: you fully erased nix from your system before reinstalling?
<gchristensen>
yeah it sounds like the daemon isn't running
<mightybyte>
gchristensen: Yes, I believe I fully erased everything.
<clever>
mightybyte: ps aux | grep nix-daemon
s33se_ has joined #nixos
<mightybyte>
I went through a couple steps of restoring backup-before-nix files
<gchristensen>
good enough for me -- the installer is quite thorough at searching for remnants.
<mightybyte>
clever: That ps command does show that nix is running.
<clever>
mightybyte: does it say when nix started?
<mightybyte>
clever: ~2 hours ago
<clever>
and you also reinstalled nix 2 hours ago?
<mightybyte>
...which may be before I completely removed stuff
<clever>
thats what i was thinking
<clever>
that daemon pre-dates everything being deleted, including the directory it cant get into
<jtojnar>
how does `envHooks` work? I cannot find it in neither nix or nixpkgs source code
<clever>
the launchd unit has to be restarted
mbrgm has quit [(Ping timeout: 276 seconds)]
<mightybyte>
clever: So just kill it?
<clever>
there is a launchctl command for that
<clever>
gchristensen: what was it?
<copumpkin>
looks like a bunch of our mac builders are dead
s33se has quit [(Ping timeout: 276 seconds)]
<gchristensen>
mightybyte: I'd just kill it :)
<mightybyte>
It's not listed in `launchctl list`
cpennington has joined #nixos
<copumpkin>
sudo launchctl list?
<copumpkin>
I think launchctl will only show you user services by default
<mightybyte>
copumpkin: Already killed it. :P
<copumpkin>
oh ok
<clever>
mightybyte: ls -ltrh /nix/var/nix/daemon-socket/
<clever>
mightybyte: the directory should exist now
<mightybyte>
clever: No such file or directory.
<gchristensen>
mightybyte: what does ` sudo launchctl list | grep nix` say
<clever>
ps aux | grep nix-daemon
<clever>
did launchd start a replacement?
<mightybyte>
clever: Nope
<mightybyte>
Ok, I got it started again with launchctl
<gchristensen>
yeah but if we have multiple .plists in /Library/LaunchDaemons/ we can't really guess which one it might've come from, and it may point to some magic paths
<gchristensen>
like /nix/var/nix/profiles/...
<clever>
gchristensen: but if /nix doesnt exist, nix-daemon better not be running!
<gchristensen>
I know
<gchristensen>
but think about the next restart
<gchristensen>
mightybyte: good to know! thank you :D
<mightybyte>
gchristensen: After the first attempt to install nix via the website's script failed, I decided to give try-reflex a try.
<clever>
heading off for the night
<gchristensen>
night clever :)
<gchristensen>
mightybyte: how did it fail?
<mightybyte>
Don't remember :/
obadz has joined #nixos
<mightybyte>
I think it failed because I had not completely removed the old nix.
<gchristensen>
oh interesting, I hope it told you how to fix it :)
Supersonic112 has quit [(Disconnected by services)]
Supersonic112_ has joined #nixos
Supersonic112_ is now known as Supersonic112
<gchristensen>
I wish my mac system was "pristine" so I could test a more normal install
justelex has quit [(Ping timeout: 260 seconds)]
<copumpkin>
Mac VMs!
<copumpkin>
\o/
<copumpkin>
my VM is running 10.13 so I can't test your installer
<copumpkin>
but you could get a different version
magnetophon has quit [(Ping timeout: 248 seconds)]
<copumpkin>
speaking of which I should probably backport the change
rpifan has quit [(Quit: Leaving)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] copumpkin opened pull request #27630: Fix Darwin stdenv to work on 10.13 (backport to 17.03) (release-17.03...backport-high-sierra-17.03) https://git.io/v7qy9
NixOS_GitHub has left #nixos []
eacameron has joined #nixos
hyphon81 has quit [(Ping timeout: 248 seconds)]
gm152 has joined #nixos
hyphon81 has joined #nixos
rcschm has joined #nixos
rcschm has quit [(Client Quit)]
sigmundv_ has quit [(Ping timeout: 255 seconds)]
zeus_ has quit [(Remote host closed the connection)]
moet has quit [(Quit: leaving)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] grahamc opened pull request #1486: Test to see if nix-daemon is running already (1.11-maintenance...detect-already-running) https://git.io/v7qSN
NixOS_GitHub has left #nixos []
<gchristensen>
mightybyte: ^ check that PR :)
hyphon81 has quit [(Remote host closed the connection)]
lostInTheMatrix has quit [(Ping timeout: 260 seconds)]
<Infinisil>
I'm asking here too, even though it (probably) isn't strictly nix-related: How can it be that nslookup and dig return the new correct ip, but curl and my browser still use the old (incorrect one)? I noticed it being wrong and then corrected it
magnetophon has joined #nixos
<adisbladis[m]>
Infinisil: Are you using a caching resolver?
<adisbladis[m]>
nslookup and dig wont use your resolver iirc
<Infinisil>
adisbladis[m]: I'm using my server as a nameserver
<Infinisil>
I'm pretty sure nslookup and dig do look at them (in /etc/resolv.conf)
<Infinisil>
It just doesn't update to the newest one
endformationage has quit [(Quit: WeeChat 1.7)]
<adisbladis[m]>
Anyway.. Browsers usually come with their own caching so that might be the browser problem.. Idk why curl would fail in that manner though
<tilpner>
Infinisil - What happens on $ dig @domain.of.your.server domain.to.test?
hellrazo1 has quit [(Quit: WeeChat 1.9)]
<Infinisil>
tilpner: Returns the correct one
<Infinisil>
dig @infinisil.io swisscom.mobile
<Infinisil>
curl swisscom.mobile -v shows it's trying to connect to 192.0.0.1 (which I entered previously and then realized it's wrong)
<tilpner>
What does swisscom.mobile. 10800 IN A 192.168.0.1 mean?
<Infinisil>
tilpner: Ohh
<Infinisil>
I'd guess the 10800 would be seconds it's valid for
<Infinisil>
I'll try lower it
* Infinisil
doesn't know how to lower it..
fikse has joined #nixos
<tilpner>
I was more wondering about the 192.168.0.1. If you think the TTL is the issue, don't change anything for three hours (that's how I solve all my DNS issues...)
eacameron has quit [(Remote host closed the connection)]
<Infinisil>
tilpner: Ohh, it should be 192.168.1.1
<Infinisil>
It's my local router
adeohluwa has quit [(Quit: Connection closed for inactivity)]
<Infinisil>
it does a weird thing where it redirects to swisscom.mobile, and if the router isn't also your dns server then you can't get to the admin panel
justan0theruser has quit [(Quit: WeeChat 1.7.1)]
justanotheruser has joined #nixos
AllanEspinosa has joined #nixos
jsgrant has quit [(Remote host closed the connection)]
<Infinisil>
I'll just wait a couple hours
<Infinisil>
But it kinda annoys me that I don't understand why it doesn't work
<copumpkin>
just add an entry to /etc/hosts?
justanotheruser has quit [(Client Quit)]
justanotheruser has joined #nixos
rpifan has joined #nixos
<Infinisil>
copumpkin: Ah, yes I could do that
<justanotheruser>
Hey, I'm trying to get a USB mic/headphone working. Is using pavucontrol a good way to do that? When I try to use it, it hangs on "attempting to establish a connection to pulse audio". I have libpulseaudio installed.
<Infinisil>
copumpkin: That's actually pretty nice, did'nt know about that
jsgrant has joined #nixos
AllanEspinosa has quit [(Quit: leaving)]
hyphon81 has joined #nixos
fikse has quit [(Ping timeout: 240 seconds)]
<copumpkin>
:)
<Infinisil>
justanotheruser: Seems like the pulseaudio daemon isn't running, you can check with `systemctl --user status pulseaudio`
<justanotheruser>
you're right
michas has quit [(Ping timeout: 248 seconds)]
<Infinisil>
justanotheruser: Did you do `hardware.pulseaudio.enable = true;`?
imalsogr` has quit [(Ping timeout: 248 seconds)]
benkolera[m] is now known as benkolera
sary has quit [(Quit: leaving)]
Wizek_ has joined #nixos
dalaing[m] is now known as dalaing
sidpatil has left #nixos []
gm152 has quit [(Quit: Lost terminal)]
schoppenhauer has quit [(Ping timeout: 260 seconds)]
schoppenhauer has joined #nixos
sk23[m] has joined #nixos
rauno has quit [(Ping timeout: 240 seconds)]
ChongLi has quit [(Read error: Connection reset by peer)]
ChongLi has joined #nixos
aborsu has joined #nixos
<et4te>
arrrrf so now getting host verification failure on build slaves.. I tried adding known hosts / setting keys on all slaves and all users i could think of except for the build users but basically all private pulls which happen from a nix package fail whereas pulls from hydra succeed.
RayNbow`TU has quit [(Read error: Connection reset by peer)]
RayNbow`TU has joined #nixos
butchery has joined #nixos
<butchery>
has anyone got nvidia-docker running on nixos?
rpifan_ has joined #nixos
rpifan has quit [(Ping timeout: 248 seconds)]
rpifan__ has joined #nixos
reinzelmann has joined #nixos
rpifan_ has quit [(Ping timeout: 260 seconds)]
aborsu has quit [(Ping timeout: 246 seconds)]
indi_ has quit [(Remote host closed the connection)]
justelex_ has quit [(Ping timeout: 260 seconds)]
indi_ has joined #nixos
<hyper_ch>
Infinisil: swisscom.mobile?
RayNbow`TU has quit [(Ping timeout: 240 seconds)]
page_ has joined #nixos
reinzelmann has quit [(Quit: Leaving)]
page has quit [(Ping timeout: 260 seconds)]
eacameron has joined #nixos
Wizek_ has quit [(Ping timeout: 255 seconds)]
Wizek_ has joined #nixos
eacameron has quit [(Ping timeout: 255 seconds)]
cpennington has quit [(Remote host closed the connection)]
rauno has joined #nixos
Wizek_ has quit [(Ping timeout: 276 seconds)]
reinzelmann has joined #nixos
<sphalerite[m]>
clever: FWIW the errors were indeed due to the SD card being hosed. Need to get a new one before I can proceed :(
<dalaing>
is there a way to use a NixOS module from nixkpgs-unstable on a machine running primarily with nixos-17.03?
<dalaing>
I can bring packages in, just scratching my head about how to do the same for services
<sphalerite[m]>
clever: and I'm getting gateway timeouts on your hydra
MercurialAlchemi has joined #nixos
<Infinisil>
hyper_ch: Hmm?
Intensity has quit [(Ping timeout: 258 seconds)]
Intensity has joined #nixos
ebzzry has quit [(Ping timeout: 240 seconds)]
<Infinisil>
Damnit, for some reason I'm getting a ton of DNS queries for cpsc.gov on my server.
<Infinisil>
I just configured the DNS server, but I have no idea how that would happen
<butchery>
so nvidia-docker uses ld.so.cache, is there any documentation on why nixos doesnt have ld.so.cache / any advice on what to do about it?
<sphalerite[m]>
Do we have something like debootstrap? I'd like to set up a chroot with nix
<butchery>
yeah, I'm just looking at that but the only doc seems to be a comment saying "Don't use /etc/ld.so.cache, for non-NixOS systems" so I'm now wondering if theres any real reason for just NixOS specifically...I'm able to generate ld.so.cache, but nvidia-docker has the location hard coded so maybe generating one and patching nvidia-docker is the way to go, I'm still investigating
kuznero has joined #nixos
<kuznero>
Hi All!
alx741 has quit [(Quit: alx741)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 2 new commits to master: https://git.io/v7qAb
<NixOS_GitHub>
nixpkgs/master 251043e Patrick Callahan: pythonPackages.yapf: 0.11.0 -> 0.16.3
<butchery>
new problem entirely, nvidia-docker fails if the volume directory and the driver directory are on different devices...doesn't seem to like /nix/store...pretty much at a loss now
<kuznero>
Have a strange problem - when packing haskell app in docker container (dockerTools) and running as container got `Network.BSD.getProtocolByName "tcp"` raising exception saying cannot find tcp protocol in the system. Am I missing some sort of package like inetutils to be added to my docker image?
<kuznero>
iproute package perhaps?
<kuznero>
Or perhaps one of the "High performance TCP/IP stack" packages?
<butchery>
turns out nvidia-docker passes the host nvida binaries through to the docker container, on nixos they're patched with patchelf during install so they dont work in the container...even if I get past this its to the point where I have no idea if this can be cleanly packaged on nixos : (
<kuznero>
Didn't help adding linuxPackages.ofp to get tcp stack in... :(
Ivanych has quit [(Ping timeout: 240 seconds)]
FRidh has joined #nixos
jsgrant has quit [(Quit: Peace Peeps. o/ If you need me asap, message me at msg[(at)]jsgrant.io & I'll try to get back to you within 24-36 hours.)]
<Infinisil>
hyper_ch: Yeah, we're living on the countryside and it's the best internet we can get (over 4G)
<hyper_ch>
Infinisil: no sunrise?
freusque has joined #nixos
Khetzal has joined #nixos
takle has joined #nixos
<kuznero>
ok, problem with tcp protocol was solved by adding alpine layer to the image...
<Infinisil>
hyper_ch: I think swisscom was the only provider that had a truly unlimited 4G option for home usage last time I checked
<Infinisil>
And it's not too expensive
hamishmack has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra closed pull request #1486: Test to see if nix-daemon is running already (1.11-maintenance...detect-already-running) https://git.io/v7qSN
NixOS_GitHub has left #nixos []
18VABR5PO has joined #nixos
<18VABR5PO>
[nix] edolstra pushed 2 new commits to 1.11-maintenance: https://git.io/v7qjQ
<18VABR5PO>
nix/1.11-maintenance 9a04bc6 Graham Christensen: Test to see if nix-daemon is running already...
justanotheruser has quit [(Ping timeout: 246 seconds)]
Fare has quit [(Ping timeout: 248 seconds)]
nschoe has joined #nixos
<hyper_ch>
Infinisil: qoqa had in december a really nice offer:
<hyper_ch>
sunrise unlimited calls, 4g, a lot of unlimited calls to european countries... 1 or 2gb mobile internet in EU and an additional sim card (data only) for a tablet for only CHF 55/M
<hyper_ch>
that's what I'm using now... before I was with orange/salt on a similar deal....
<adisbladis[m]>
I have the same problem in my home.. Either 8M ADSL or "600Mbps" 4g (unlimited)... The choice was fairly obvious
justanotheruser has joined #nixos
Ivanych has joined #nixos
<adisbladis[m]>
Worst part is I live ~30minutes by bus from an internet exchange... Still no fiber
<hyper_ch>
1gbps fiber is nice :)
<adisbladis[m]>
Gonna be moving soon though, at least 100Mbps fiber :)
<adisbladis[m]>
hyper_ch: They have that at my parents place.. Cost is around 16EUR per month
<hyper_ch>
Infinisil: https://www.qoqa.ch/de/offers/12720 - seems there's evey december a sunrise offer... at least the last two years it was :)
<hyper_ch>
adisbladis[m]: gigabit inernet for € 16/M? oO
<hyper_ch>
I pay like € 60/M for gigabit
zraexy has joined #nixos
<adisbladis[m]>
hyper_ch: Sweden... The whole building goes to the ISP together and gives them exclusive rights for about 5-10 years
civodul has joined #nixos
<adisbladis[m]>
You can get very preferential pricing that way
<hyper_ch>
adisbladis[m]: well, my town decided to deploy fiberoptic to every apartement
<hyper_ch>
then swisscom came and complained that they'd be at a disadvantage that way
<adisbladis[m]>
hyper_ch: Ahh but it's open market fiber? So any ISP can connect?
<hyper_ch>
so an agreement was made where every apartement gets 4 fibers, 2 of them are for swisscom only for the next 30 years and swisscom pays 60% of the costs
<adisbladis[m]>
hyper_ch: Poor them... They have to compete just like everyone else does
<adisbladis[m]>
This cannot stand!
<adisbladis[m]>
hyper_ch: Hmm, strange deal
<hyper_ch>
since the other 2 are free, I can have up to 3 different providers.... I chose now Init7 which offers gigabit for CHF 777/y
<hyper_ch>
adisbladis[m]: it's good.... the cost per inhabitant for fiber would be like € 900
<hyper_ch>
with that deal, 60% pays swisscom, 40% pays the town
<hyper_ch>
swisscom didn't have any plans to deploy fiber here
<hyper_ch>
until we decided to deploy one for everyone
<hyper_ch>
then swisscom came crawling
<hyper_ch>
"we decided" - the mayor and the administration wanted to do that and then it was voted on by the people and approved
<adisbladis[m]>
hyper_ch: You are still paying less than I would for gigabit fiber
<adisbladis[m]>
Hong Kong ISP market is incredibly broken
<hyper_ch>
I pay less than what I paid before with dsl 75/7.5
<hyper_ch>
unfortunately I still ahve to wait with internet for my office
<hyper_ch>
it's opened to the market only if a block has been finished upgrading to fiber
<hyper_ch>
so, despite having fiber already in the office, the neighbourhood the office is in, isn't opened for the market for another 2 months
<hyper_ch>
(i'll survive)
<butchery>
AU is also totally buggered, I pay about 150AUD (about 100euro) for 100Mb but get closer to 40Mb-20Mb, you guys make me jelous
<hyper_ch>
AU was good in 1996 for mobile and internet
<hyper_ch>
my first mobile and first internet I got 1996 in AU
<hyper_ch>
but now it seems AU has fallen really behind
<hyper_ch>
butchery: btw, it's really hard (currently) to make full use of gigabit internet... :)
<butchery>
We privatized, let Telstra have an infrastructure monopoly for years, and then when we had a decent plan to modernise it got gutted by a change in government, basically only because when they were in opposition they ran againt it
<adisbladis[m]>
hyper_ch: Back in the day when I had 100Mbps I was saturating it 24/7 ;)
<butchery>
hyper_ch: I know but I'd like to try ; )
<hyper_ch>
adisbladis[m]: well, I try to download Linux ISOs from the ETH Zurich.... but I can't get over 60-70 MB/s
<hyper_ch>
and the ETH should have great internet access
<adisbladis[m]>
hyper_ch: Ah mine was mostly upload
<hyper_ch>
as said, it's really hard to max 1gpbs
<hyper_ch>
maybe if I'd use multiple sources to download it's easier
<>
changed the topic of #nixos to: Topic set by gchristensen!~gchristen@unaffiliated/grahamc on 2017-04-26 15:31:22 UTC
<>
changed the topic of #nixos to: Channel #nixos created on 2008-04-25 12:32:07 UTC
reinzelmann has joined #nixos
<spear2>
is there something like psensor (displays a system CPU/GPU, etc. temperature graph) for NixOS?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 2 new commits to master: https://git.io/v7mTA
<NixOS_GitHub>
nixpkgs/master ace5535 Vincent Laporte: gst_all_1.gst-libav: set meta.platforms to unix
<NixOS_GitHub>
nixpkgs/master efad0d5 Vincent Laporte: julia: 0.5.1 -> 0.5.2
NixOS_GitHub has left #nixos []
<ikwildrpepper>
spear2: looks like there is something called psensor in nixpkgs-master
seppellll has joined #nixos
<ikwildrpepper>
not in 17.03 though
<spear2>
ikwildrpepper: okay, that must be why i couldn'd find it with searches? either with `nix-env -qaP` or from https://nixos.org/nixos/packages.html
stew has joined #nixos
<ikwildrpepper>
spear2: you can install it from nixpkgs master in your user env, to try
<ikwildrpepper>
spear2: also possible from declarative config btw, you can just import nixpkgs master: (import /path/to/nixpkgs-master {}).psensor
<spear2>
ty
aborsu has quit [(Ping timeout: 276 seconds)]
nh2 has joined #nixos
ThatDocsLady has joined #nixos
freusque has quit [(Ping timeout: 246 seconds)]
takle has joined #nixos
pie_ has joined #nixos
foxmean has joined #nixos
<foxmean>
hello, I'm new NixOS user.
<foxmean>
I wont your help on one problem. For now, I'm finished installation process. But during install I type root password mismatch and now I cannot loging to system.
<foxmean>
Are there any solution to this problem (change the root password)?
bennofs has joined #nixos
freusque has joined #nixos
<Infinisil>
foxmean: Did you set your password at the end of the installation process?
<foxmean>
@Infiniail I've set that but it's not match and the setup process was end, then I've try to boot and it was go well except cannot login.
<foxmean>
Now. I've plan to install again, but I want to know may be there are bettet way?
<sphalerite[m]>
foxmean: if you boot the installer again you can reset it from there by mounting the target system again and rerunning nixos-install, or just chrooting into it and running passwd
<sphalerite[m]>
(Rerunning nixos-install won't do the whole installation again)
<foxmean>
@saphalerite[m] thank you so much. I'll try that.
mrcheeks has quit [(Quit: ERC (IRC client for Emacs 26.0.50))]
<domenkozar>
can someone update me on perl issue?
aborsu has quit [(Ping timeout: 255 seconds)]
<LnL>
from yesterday?
<butchery>
so, finally got nvidia-docker working on nixos but it involved a bit of finessing. Not sure how to finish up packaging it, is it ok to make an issue with my current progress or is that bad form?
aborsu has joined #nixos
Ivanych has quit [(Ping timeout: 268 seconds)]
k2s has quit [(Ping timeout: 240 seconds)]
Ross has quit [(Ping timeout: 240 seconds)]
<adisbladis[m]>
butchery: The usual way to go about that from what I have seen is make a PR put WIP in the title
hyphon81 has quit [(Remote host closed the connection)]
Ross has joined #nixos
pie_ has quit [(Remote host closed the connection)]
pie_ has joined #nixos
bennofs has quit [(Ping timeout: 246 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] nlewo opened pull request #27633: docker: lowercase image name and tag (master...docker-lowercase) https://git.io/v7mtd
NixOS_GitHub has left #nixos []
stubborn_d0nkey has joined #nixos
michas has quit [(Ping timeout: 255 seconds)]
<LnL>
is there a way to add a gcroot like nix-build -o for a store path?
catch22__ has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] nlewo opened pull request #27634: docker: do not import configuration from the base image (master...docker-remove-config) https://git.io/v7mqZ
NixOS_GitHub has left #nixos []
aborsu has joined #nixos
<adisbladis[m]>
Anyone have any pointers how to use fetchfromgit if you need authentication?
<adisbladis[m]>
Only my user has the key necessary and I'd like to keep it that way
elurin has joined #nixos
aborsu has quit [(Ping timeout: 255 seconds)]
Ivanych has joined #nixos
simukis has joined #nixos
<domenkozar>
LnL: yes
<domenkozar>
aha it works now
<LnL>
rebuilding worked, might be related to a nix change but don't think it was clear yet
<Infinisil>
Setting up my dns server, I found it quite odd that the zone files are in /var, as opposed to included in the system config
imalsogr` has joined #nixos
<LnL>
btw what was the vim syntax issue again?
simukis has quit [(Quit: simukis)]
<Infinisil>
LnL: "${${foo.bar}baz}"
elurin has left #nixos ["ERC (IRC client for Emacs 25.2.1)"]
<Infinisil>
It works correctly without the dot
pie_ has quit [(Ping timeout: 248 seconds)]
imalsogr` has quit [(Ping timeout: 260 seconds)]
michas has joined #nixos
k2s has quit [(Ping timeout: 240 seconds)]
<clever>
sphalerite[m]: that hydra is a bit slow, just try again
zraexy has quit [(Ping timeout: 258 seconds)]
erictapen has joined #nixos
nhill1 has joined #nixos
simukis has joined #nixos
k2s has joined #nixos
k2s has quit [(Remote host closed the connection)]
catch22_ has joined #nixos
k2s has joined #nixos
<gchristensen>
oh the mass rebuild is progressing nicely
<gchristensen>
half done since last night
<FRidh>
Now if only we would stop building i686 packages.
spear2 has quit [(Quit: ChatZilla 0.9.93 [Firefox 46.0.1/20160521140538])]
<gchristensen>
17.09 is coming up
<gchristensen>
it could be the last release to support i686
<ikwildrpepper>
could be?
<ikwildrpepper>
or should be?
<gchristensen>
I was trying to be much more diplomatic :P
<ikwildrpepper>
hehe
hexagoxel has joined #nixos
ertes-w has joined #nixos
cpennington has joined #nixos
<gchristensen>
fpletz and I were talking about having an infrastructure discussion at nixcon
<gchristensen>
ikwildrpepper, FRidh: either of you want to send mail to the list about i686 / 17.09 to gather feedback?
<ikwildrpepper>
nope :) /me stays away from politics :p
<ikwildrpepper>
but am all for removing i686 :D
xadi has joined #nixos
<gchristensen>
I can see it now, the year is 2027, nixos builds for x86_256, x86_64, i686, and in an odd turn of events ppc. The channel has not budged in six months.
<domenkozar>
last time we raised the question a few people said they are using i686
<symphorien>
I do
<domenkozar>
then it becomes a question what's the policy/ratio that's reasonable
<gchristensen>
I thought people said they'd _like_ to use it on i686, not that they actually did.
<gchristensen>
symphorien: you actually doO?
<ikwildrpepper>
I think niksnut has some old laptop still that run i686 :D
<symphorien>
do you think that if you stop to build i686 on hydra nixpkg i686 will stop building without most people noticing ?
<gchristensen>
yeah I think so
<symphorien>
just like linux people often break darwin build and vice versa
<gchristensen>
what is a user in the hand worth, vs.two channel updates in the bush?
<domenkozar>
people could still maintain i686
<ikwildrpepper>
gchristensen: we could have separate channel for i686
<domenkozar>
as some other do for weird platforms
<symphorien>
now I use it as a handy cross compilation toolchain for binary analysis tools that only work on 32 bits binary
<domenkozar>
things just wouldn't be fixed for them
<FRidh>
note that there are some (popular) packages that require i686 packages
<gchristensen>
this isn't about not building any i686
<symphorien>
and I used to use it on my university outdated 32 bits machines
<symphorien>
nix enabled me to have up to date software
<domenkozar>
probably cheaper to donate some hardware to people
<domenkozar>
:D
<domenkozar>
than to maintain software
<symphorien>
without recompiling everything
<ikwildrpepper>
domenkozar: free 64bit machines for i686 users!
<symphorien>
here are may use cases, gchristensen
<symphorien>
-a
<domenkozar>
ikwildrpepper: yes!
<domenkozar>
onelaptopperchild
<gchristensen>
symphorien: listening
<FRidh>
gchristensen: indeed, and that's why we should be clear about that.
<gchristensen>
symphorien: re university machines: I'm comfortable ignoring that use case, because it is a "used to" and I used to use i686 too :)
<gchristensen>
symphorien: so you cross-build tools to i686 but your systemt is x86_64?
<symphorien>
used to is until spring, but I understand
<symphorien>
yes
<symphorien>
I am not sure it is proper cross building
<gchristensen>
ok, that should continue working
<symphorien>
but I mean, I am on ubuntu (not my choice) and nix-shell --argstr linux-i686 -p gcc lib1 lib2 --pure "gcc myfile.c" is easier than installing the i686 version of ubuntu packages without breaking my system
<gchristensen>
we'll still build a few things with i686 (skype for example) but not 20,000 packages with i686
<symphorien>
I see
<symphorien>
some sort of nixpkgs-stable-small
<gchristensen>
no, I don't think we'd make a new channel for it
<symphorien>
you just intend to build the dependencies of things like skype, then ?
<LnL>
yeah, what about just building the small channels for i686 and dropping it for the rest
<gchristensen>
small channels are small to advance quickly, the only reason to build it on i686 is to see if it fails, and we don't want our small channels to be a i686 canary
<LnL>
right
<LnL>
well the question with adding a separate channel is who will maintain that?
<gchristensen>
b/c we'll still build _some_ i686 packages, we'll still be building stdenv and the much of the toolchain, but not the massive graph that branches from that
<gchristensen>
isn't that right FRidh ^?
pie_ has joined #nixos
<FRidh>
gchristensen: yes, but. Most if not all of those i686 packages are proprietary. Those are therefore not build by Hydra so that would mean it also wouldn't build their dependencies. I think we should therefore explicitly list packages or something.
<gchristensen>
good idea
iyzsong has joined #nixos
<LnL>
I have a script that gathers all the attributes for a closure
<FRidh>
or just keep building wine32, then you would implicitly get many of these dependencies
<symphorien>
maybe you could try to build nixos tests and their dependencies as well
<symphorien>
no idea if it the closure is big
<gchristensen>
that is an idea
<FRidh>
yes. We could build nixos-small, but there is no small set for nixpkgs.
<adisbladis[m]>
Speaking of the rebuild.. What is the point of having python 3.3, 3.4 and 3.5 around?
<LnL>
that's why I was talking about the small channel
<adisbladis[m]>
Wouldn't it make more sense to just have 2.7 and one from the 3.x series?
<gchristensen>
FRidh: we could only do it for nixos-* disable i686 for nixpkgs
<FRidh>
adisbladis[m]: yes in my opinion we should drop 3.3 and 3.4 because both are in security-fix only mode. Note that we do not build their package sets, just the interpreters, and that hardly takes time.
<adisbladis[m]>
FRidh: Ahh, not as bad as I thought then.
<adisbladis[m]>
FRidh: Why just 3.3 and 3.4? Why not 3.5?
<FRidh>
adisbladis[m]: They don't take much work to maintain either. 3.5 is still actively supported.
<FRidh>
gchristensen: seems like a good trade-off to me. Let's see what for feedback we get on the list.
<bendlas>
is anybody else having trouble with starting virtualbox?
<gchristensen>
I'd be comfortable doing that _for_ 17.09, as it'll still _run_ but it'll push build time to the users
<gchristensen>
instead of a hard cliff they'll get a firm nudge
<FRidh>
Could staging be paused since master (that had a mass-rebuild) hasn't been merged into it.
<LnL>
the jobset could be disabled
<butchery>
how would I go about getting the location / version of the nvidia drivers in a package? Adding linuxPackages.nvidia_x11 to buildInputs seems to rebuild it, I'd ideally want to refrence the exact installed version by services.xserver.videoDrivers = [ "nvidia" ]
aborsu has joined #nixos
<LnL>
but merging master into staging would be the correct thing to do
<spacefrogg>
gchristensen: If I may hook into your discussion. Pushing build time of i686 to user's is particularly hard for them, as these machines tend to be very slow.
<gchristensen>
I know
<gchristensen>
it isn't wonderful
tmaekawa has joined #nixos
<gchristensen>
domenkozar: can you reach out to ttuegel see what he'd like to do?
<gchristensen>
re staging (cc LnL / FRidh)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to master: https://git.io/v7mlO
<NixOS_GitHub>
[nixpkgs] Mic92 closed pull request #27633: docker: lowercase image name and tag (master...docker-lowercase) https://git.io/v7mtd
NixOS_GitHub has left #nixos []
Isorkin has quit [(Ping timeout: 260 seconds)]
justelex_ has joined #nixos
imalsogr` has joined #nixos
<gchristensen>
niksnut: thank you for merging the installer PR. I'm not rushed to get it out. Do you have any thoughts on the HSTS PR? if you're anxious, one idea I had was to comment out the HSTS bits, only do the redirects, then when do HSTS a few days later in case we get error reports
k2s has quit [(Ping timeout: 248 seconds)]
ThatDocsLady is now known as ThatDocsLady_nom
imalsogr` has quit [(Ping timeout: 246 seconds)]
cpennington has quit [(Remote host closed the connection)]
takle has quit [(Read error: Connection reset by peer)]
<spacefrogg>
gchristensen: For honesty reasons, one should not stop CI for i686 without officially dropping support for it, as both effectively come to the same result after some time.
<gchristensen>
spacefrogg: it wouldn't go quietly
<gchristensen>
it'd be like a "reduced support" period before being "unsupported"
<spacefrogg>
While support is dropped effectively for everything outside the "small" channel?
<gchristensen>
in my proposal: we'd stop building those things, yes, but PRs fixing those things would be accepted
<spacefrogg>
Without proper testing infrastructure...
<spacefrogg>
Well, when the path is clear.
<gchristensen>
we'd still build the tests for i686
<gchristensen>
so the systems will still boot and run and not erase your bootloader and some packages will still be built out of the box
<spacefrogg>
Sure, psychologically, a partly broken system is more frustrating than a completely broken one.
<spacefrogg>
So the path of abandoning i686 support should be clear from the start. Including a deprecation timeline, I'd suggest.
<gchristensen>
but non-essentnial packages wouldn't be built automatically. this is really similar to what we do already. we don't hold up the channel if an arbitrary i686 packages are broken, only if the tests pass
<gchristensen>
the only difference is we'll stop building those i686 packages we already don't depend on to release
<ikwildrpepper>
we could just give i686 separate channel and give i686 builds superlow prio :D
<ikwildrpepper>
(sorry, just trolling)
phinxy has quit [(Quit: Leaving)]
<spacefrogg>
Is hydra capable of cancelling outdated builds, yet?
<gchristensen>
sure
<spacefrogg>
Automatically, I meant.
catch22_ has quit [(Ping timeout: 246 seconds)]
<gchristensen>
no
<gchristensen>
why?
<gchristensen>
it seems like you think I'm trying to be dishonest about what I'm doing
<spacefrogg>
Hm, because that is the main problem of super low priority builds, they never finish.
<gchristensen>
and I'm not
<spacefrogg>
I'm sorry? I don't think any of that sort.
Neo-- has quit [(Ping timeout: 260 seconds)]
<gchristensen>
"For honesty reasons" is what I based that on
<spacefrogg>
I apologize. I used this term in the sense of communications management towards the concerned user base.
mudri has quit [(Read error: Connection reset by peer)]
<gchristensen>
ah okay
<gchristensen>
yes we'll definitely want to clearly communicate what we're doing :)
<spacefrogg>
Good. :)
<gchristensen>
and I'm actually proposing a more difficult task. it'd be easy to just drop i686 on the floor and walk away, trying to add some reduced level of support for a time requires much more effort
goibhniu has joined #nixos
mudri has joined #nixos
<spacefrogg>
Exactly, that was why I was referring to the possible frustration level regarding reduced support.
<spacefrogg>
It may be even more frustrating to users than having no support at all.
<spacefrogg>
Going into the direction of "unmatched expectations"...
thaega has quit [(Ping timeout: 255 seconds)]
thaega has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to master: https://git.io/v7mur
<NixOS_GitHub>
nixpkgs/master a7f4c87 Jörg Thalheim: vim-plugins: update set
NixOS_GitHub has left #nixos []
Ivanych has quit [(Ping timeout: 260 seconds)]
<gchristensen>
I disagree, it is possible to continue working with nixos in the proposed state on i686, but it'll take _some_ effort.
<gchristensen>
dropping it entirely means you're screwed and if you're a business depending on it, there is nothing to be done
erictapen has joined #nixos
pie_ has joined #nixos
<gchristensen>
or if you're a user, you're screwed
<gchristensen>
this at least build stdenv and toolchain (easily several hours on a native i686 system) and keeps you limping along for a while
<copumpkin>
oddly there seem to be several idle mac boxes even though the darwinqueue is yuge
<gchristensen>
copumpkin: I don't think hydra's queue runner is smart enough to find work for starved resources, but goes in order of the builds
cpennington has joined #nixos
<copumpkin>
hmm, I'm struggling to imagine that :)
<copumpkin>
there are 4 active mac jobs right now across all the machines
* copumpkin
shrugs
seppellll has quit [(Ping timeout: 258 seconds)]
xadi has quit [(Quit: Leaving.)]
pietranera has quit [(Ping timeout: 248 seconds)]
<gchristensen>
I thought the queue was a not very smart list of drvs to build
peel has joined #nixos
peel has quit [(Client Quit)]
reinzelmann has quit [(Quit: Leaving)]
<TimePath>
I'd say an important i686 package to keep working would be cups
<TimePath>
I have a printer the vendor only supplies an i686 driver for
ThatDocsLady_nom is now known as ThatDocsLady
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to master: https://git.io/v7m2g
<copumpkin>
domenkozar: no objection from me. I on
<gchristensen>
can we wait for now?
<copumpkin>
yeah, not in a rush to overload hydra more than it is now :)
<gchristensen>
fix the current disaster before making it harder
<gchristensen>
<3
<LnL>
forgot to look at that yesterday, but I reviewed the original changes so should be fine
<copumpkin>
especially with its weird behavior and half the mac builders being frozen
<LnL>
yeah, that's not ideal :/
<spacefrogg>
gchristensen: I'll be more specific. Sure, it is possible to supply an arbitrary level of support. But one has to make sure that communication and support match up in the user's mind. I always found debian a highlight in this regard especially their communication on the deprecation of PA/RISC.
<copumpkin>
something funky going on with the queue runner I think
<copumpkin>
as well as with the individual machines running builds
<gchristensen>
spacefrogg: yes I do agree :) would you like to take ownership of making sure the communication is awesome?
<copumpkin>
note how many of the macs have been running jobs for literally days
<MoreTea>
niksnut and ikwildrpepper will probably be there
Ivanych has joined #nixos
<gchristensen>
oohh niksnut -- looks like the same nix-store --serve --write situation on mac2, mac6, mac8, and m ac9
<LnL>
oh?
<spacefrogg>
I would sure stay around with advice and goodwill. :) I am no official and will stop commenting as soon as it becomes a burden to you. Is there somebody in charge of community communications?
<gchristensen>
builders have been getting stuck like this, packet-t2-2 did that yesterday. they just hang in nix-store --serve --write "forever"
<gchristensen>
spacefrogg: nope :) what does it mean to be official?
jedai has joined #nixos
<gchristensen>
for the most part, it is official if someone does it :P
<LnL>
is there's some sort of issue with that, might also have run into that before
<gchristensen>
not sure, here is a eu-stack dump: http://ix.io/yG7
noam__ has joined #nixos
m0rphism has quit [(Quit: WeeChat 1.9)]
nh2 has left #nixos []
capisce_ has joined #nixos
junaidali has quit [(Read error: Connection reset by peer)]
watersoul_ has joined #nixos
freusque has quit [(Quit: WeeChat 1.9)]
noam_ has quit [(Read error: Connection reset by peer)]
capisce has quit [(Read error: Connection reset by peer)]
watersoul has quit [(Remote host closed the connection)]
HappyEnte has quit [(Ping timeout: 260 seconds)]
junaidali has joined #nixos
marcinkuzminski has quit [(Excess Flood)]
lambdamu_ has quit [(Quit: No Ping reply in 180 seconds.)]
goodwill has quit [(Ping timeout: 260 seconds)]
<copumpkin>
I think niksnut is looking into it
xadi has joined #nixos
goodwill has joined #nixos
marcinkuzminski has joined #nixos
lambdamu has joined #nixos
HappyEnte has joined #nixos
mood has quit [(Ping timeout: 259 seconds)]
Bane^ has quit [(Ping timeout: 259 seconds)]
dejanr has quit [(Ping timeout: 260 seconds)]
erictapen has quit [(Ping timeout: 246 seconds)]
Bane^ has joined #nixos
reinhardt has joined #nixos
mood has joined #nixos
<justanotheruser>
Infinisil: sorry, just saw your message. I ended up getting the mic working with alsa.
tvon has joined #nixos
goibhniu has quit [(Ping timeout: 260 seconds)]
goibhniu has joined #nixos
reinzelmann has quit [(Ping timeout: 240 seconds)]
<joepie91>
(note, one is a .drv, the other is an output)
<joepie91>
what is the formal name for each of these things?
<joepie91>
(the hash is the same, as this is dummy data)
<gchristensen>
joepie91: https://nixos.org/nix/manual/#idm140737315922352 I think the .drv is a "store derivation" (see the def. for derivation) and the -dev is a "store path" or it could be the "output path" in the context of creating the output
<joepie91>
hm, your link seems to call it a 'store object'
<joepie91>
derivation: A description of a build action. The result of a derivation is a store object.
<joepie91>
but...
<joepie91>
Store objects can be sources (objects copied from outside of the store), derivation outputs (objects produced by running a build action), or derivations (files describing a build action).
<joepie91>
so, 'derivation output' then I guess?
<spacefrogg>
gchristensen: First, it does mean being regarded as official. ;) Second, having the responsibility for certain aspects of NixOS and access rights to fulfill that responsibility.
eacameron has joined #nixos
xadi has quit [(Remote host closed the connection)]
foxmean has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Ping timeout: 268 seconds)]
fikse has joined #nixos
erictapen has joined #nixos
ebzzry has quit [(Ping timeout: 240 seconds)]
MercurialAlchemi has quit [(Ping timeout: 246 seconds)]
<gchristensen>
spacefrogg: sure, but you can still help with the communications, we can help you make sure it says the right things
freusque has joined #nixos
<ocharles>
Ok, how am I being stupid?
<ocharles>
"Error: no AMI defined for EC2 machine blah"
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] edolstra pushed 2 new commits to gcc-6: https://git.io/v7miL
<NixOS_GitHub>
nixpkgs/gcc-6 b9c403c Eelco Dolstra: stdenvLinux: Remove bootstrapTools from closure...
<NixOS_GitHub>
nixpkgs/gcc-6 70d4d22 Eelco Dolstra: cc-wrapper: Add a "man" output...
NixOS_GitHub has left #nixos []
<ocharles>
I have deployment.ec2.instance-type = "t1.micro", in region us-west-1
<ocharles>
that gives me "<Response><Errors><Error><Code>InvalidAMIID.NotFound</Code><Message>The image id '[ami-587b2138]' does not exist</Message></Error></Errors><RequestID>ac36451f-61ad-4e43-a34e-dc29c38cea3e</RequestID></Response>"
<domenkozar>
ocharles: also what nixpkgs commit
<ikwildrpepper>
wow, that's weird
<ocharles>
17.03.1556.4d1e1d07f9 (Gorilla)
<ikwildrpepper>
ocharles: I can try in about 20-30m
<ocharles>
let me just try updating my channel
<ocharles>
ok, that is up to date
erasmas has joined #nixos
<ocharles>
doing a switch --upgrade now
<domenkozar>
ocharles: strange, the ami should be ami-10754c76
<ocharles>
I did nix-channel --update, that should be enough, right?
<domenkozar>
ah no
<domenkozar>
it should be ami-587b2138
python476 has quit [(Ping timeout: 268 seconds)]
Myrl-saki has joined #nixos
<Myrl-saki>
How ot have multiple sources?
<domenkozar>
ocharles: the ami is on amazon community place
<ToxicFrog>
Myrl-saki: as in multiple channels? Or a mix of channels and local checkouts and stuff?
<domenkozar>
ocharles: maybe amazon permissions don't allow using public amis?
<ocharles>
domenkozar: ok, do I have to do something to get it?
<Myrl-saki>
I mean how to fetch multiple URLs in a nix script
<ocharles>
hm, maybe
<ocharles>
let me add more privs to this user
MoreTea has joined #nixos
<ocharles>
added full admin rights and still no go
<ikwildrpepper>
trying in a few moments with your example
<Myrl-saki>
Wait, in mkDerivation, is `src` just a standard?
<ocharles>
if I try eu-west-1, I get this:
<ocharles>
<Response><Errors><Error><Code>VPCResourceNotSpecified</Code><Message>The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.</Message></Error></Errors><RequestID>b8609fa9-bb9d-4269-8d13-d6782ada3fd8</RequestID></Response>
<Myrl-saki>
a de-facto standard*
<ocharles>
that uses ami-10754c76
<MoreTea>
ocharles, lots of things are per-region
<domenkozar>
most of aws stuff is per region
<ikwildrpepper>
ocharles: that is probably because t2 only works in vpc, and you might still have an EC2 Classic account
ng0 has joined #nixos
<domenkozar>
yeah old accounts might see different regions even compared to newly created ones on aws
<ikwildrpepper>
ocharles: could you run 'aws ec2 describe-account-attributes' on your account?
<MoreTea>
(I have a colleague that used to work on AWS, and he states that your eu-west-1d can be someone elses eu-west-1c, they have like 20 A-Z actually to which the logical names map, randomly)
pie_ has quit [(Ping timeout: 246 seconds)]
Daemonik has joined #nixos
<ikwildrpepper>
yes, AZ's are not the same for all accounts
<ikwildrpepper>
but regions are
<ikwildrpepper>
and same regions for everyone, except for Gov
<domenkozar>
you see different list of regions based on when you created the account
<domenkozar>
anyway, sorry for offtopic
<MoreTea>
ikwildrpepper, lol, that would be fun
<ikwildrpepper>
domenkozar: I have never seen that
<Daemonik>
When I download a CentOS or Gentoo ISO or USB image file there is a file next to these files ending in _.asc or _.sig to run "gpg --verify" against so I know I'm not downloading poison. Why is this not the case with NixOS? How can I verify that a NixOS _.iso is legit?
<ocharles>
ikwildrpepper: sure thing
peel has joined #nixos
<ikwildrpepper>
ocharles: ah, looks like we do not generate PV grub images anymore
<ikwildrpepper>
yeah, that's EC2 classic account, so that explains the VPC error (if not default VPC is set on the account)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] dezgeg pushed 4 new commits to master: https://git.io/v7mXu
<NixOS_GitHub>
nixpkgs/master b3b1ae6 Tuomas Tynkkynen: quota: init at 4.03
<NixOS_GitHub>
nixpkgs/master c1597af Tuomas Tynkkynen: dateutils: Fix whitespace
<NixOS_GitHub>
nixpkgs/master dd248fa Tuomas Tynkkynen: xfstests: 2017-03-26 -> 2017-07-16
NixOS_GitHub has left #nixos []
<ocharles>
ok, so do I need to change an option somewhere?
peel has quit [(Client Quit)]
<clever>
ec2 classic?
pie_ has joined #nixos
<ikwildrpepper>
ocharles: so for now, you cannot use pv grub instance types (pvGrubGroups = [ "c1" "hi1" "m1" "m2" "t1" ];) unless you explictly give it an ami (e.g. 16.09 pv image)
<gchristensen>
a shame, the m1.mediums are nice -- and very cheap
<gchristensen>
on spot
<ikwildrpepper>
checking the logs, if we did this on purpose
<ocharles>
thanks ikwildrpepper
<domenkozar>
yes
<ikwildrpepper>
gchristensen: cheap yeah
<gchristensen>
$0.001/hr on the spot market :)
<ikwildrpepper>
but I get a lot of broken instances on the older instance types
<clever>
dang, irc is unreadable in this app, i'll be back later
<domenkozar>
btw did anyone ever find the information how much does it cost to ddos an amazon instance?
<domenkozar>
I mean without other infrastructured tied in (ELB, etc)
<domenkozar>
-d
<ocharles>
we aren't ready to use spot instances yet, so no need for that
<ikwildrpepper>
domenkozar: ddos an amazon instance?
<ocharles>
ikwildrpepper: but I'm not using a pv grub instance types, am I? I'm on t2 not t1
<ikwildrpepper>
why would you want to do that?
<ikwildrpepper>
ocharles: well, the t2 error is due to the fact you are not deploying to a VPC
<domenkozar>
ikwildrpepper: I'd like to know how much it costs someone to ddos my instance
<ocharles>
ok, time to read what a vpc is :)
<domenkozar>
VPC is where all AWS stuff becomes fun
<domenkozar>
and makes sure you're not jobless :)
<ikwildrpepper>
aminechikhaoui is working on implementing deploying vpc resources in nixosp
<ikwildrpepper>
nixops
<ocharles>
haha
<domenkozar>
ikwildrpepper: but we already have some support already
<domenkozar>
although very limited
<ocharles>
so what exactly has changed? previously I just did what I have in my nix file and I was good
<ikwildrpepper>
domenkozar: only for deploying instances to existing vpc's
<ikwildrpepper>
not to deploy the actual vpc
<domenkozar>
right, provisioning wasn't done by nixops
<ikwildrpepper>
ocharles: nixpkgs changed
<ikwildrpepper>
nixpkgs 17.03 doesn't include pv grub images anymore
Jackneillll has quit [(Quit: Leaving)]
kuznero has quit [(Quit: Page closed)]
<ikwildrpepper>
niksnut: do you remember why you didn't add PV images for 17.03?
<ikwildrpepper>
looks like the script should still generate them (nixpkgs/nixos/maintainers/scripts/ec2)
seanz has joined #nixos
seanz has quit [(Client Quit)]
<ocharles>
so this t2.medium in us-west-1, but we just have to work out why it can't see the AMI
<ikwildrpepper>
ocharles: you can use an explicit ami based on 16.09 for now
<ocharles>
or would I just get the same error as I finally get in eu-west-1, about it only being available for VPCs
<ocharles>
ok, and it's ok to deploy 17.03 onto that?
<domenkozar>
wouldn't it be easier to just assign a VPC?
<ocharles>
presumably, I just don't know what that is
<ikwildrpepper>
domenkozar: ec2 classic accounts don't have a default vpc, nor a automatically created one, so ocharles would need to create one first
<ocharles>
I don't mind doing that
<ikwildrpepper>
ocharles: it should have a wizarg
<ikwildrpepper>
wizard
<domenkozar>
ocharles: or even simpler, create a new AWS account
<domenkozar>
those are the two options I'd pick
<ikwildrpepper>
I think AWS can convert the account the VPC
<ocharles>
this is works account that already has plenty of production data, so I don't see that being simpler
<ocharles>
I don't really want to have two billable AWS accounts
<ikwildrpepper>
but creating a VP shouldn't be too hard
aminechikhaoui_ has joined #nixos
<ikwildrpepper>
(with the wizard)
<ocharles>
with the VPC, do I need to add it to my nix expression?
<ocharles>
we apparently do have a vpc
<ocharles>
at least the vpc dashboard lists a vpc-foo entry in us-west-1
<ikwildrpepper>
ocharles: yeah, you can set subnetId in your deployment.
<ikwildrpepper>
note that not all VPC's give instances a public IP address by default
<ocharles>
ok, cool - let me with that
<ikwildrpepper>
so you might need to set deployment.ec2.associatePublicIpAddress as well
Jackneill has joined #nixos
<ikwildrpepper>
(unless you have direct network access to the VPC using a vpn)
<domenkozar>
ikwildrpepper: btw, have you ever implemented cross-region vpn?
<ocharles>
I probably want the former, as this is a public web server
<ikwildrpepper>
domenkozar: no, I have VPC/VPN
<ikwildrpepper>
have -> hate
<ikwildrpepper>
:)
<domenkozar>
good, me too
<ocharles>
it's weird that us-west-1 can't find the ami. unfortunate, as that's where the vpc is. But I'll set one up in eu-west-1 now to try
<ocharles>
hurrah, deploying
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] edolstra pushed 1 new commit to gcc-7: https://git.io/v7mDq
<NixOS_GitHub>
nixpkgs/gcc-7 e34a139 Eelco Dolstra: Merge branch 'gcc-6' into gcc-7
NixOS_GitHub has left #nixos []
<ikwildrpepper>
ocharles: I think vpc stuff is complicated
<ikwildrpepper>
I liked the simplicity of ec2 without vpc :D
stanibanani has joined #nixos
<gchristensen>
boy has that ship sailed
<niksnut>
I want that ship to return
<domenkozar>
and the sad part is, VPC can't go cross region
<domenkozar>
although GCE does have that
<domenkozar>
:(
<ikwildrpepper>
but other than that, EC2 is very nice :)
<domenkozar>
so as soon as you have multiple regions, VPC-VPN is such a pita
<ocharles>
i feel like chemistry dog today
<ocharles>
or an old man
<ikwildrpepper>
I love it how it often just gives me 2000 machines
<ocharles>
back in my day we just had servers and ip packets!
<srhb>
ocharles: *snort*
<srhb>
I long for those days
* ocharles
continues to wait patiently for ssh
<ocharles>
oh, I bet the subnet is blocking my ip to ssh in
<ocharles>
this one has a pretty secure security group thingy
<ikwildrpepper>
ocharles: if you use default sg, make sure to open up ssh in the 'default' sg
<ikwildrpepper>
:)
aminechikhaoui_ has quit [(Ping timeout: 260 seconds)]
<copumpkin>
omg I'm so glad VPC exists
<aminechikhaoui>
ocharles: also make sure you have a route in your route table to an internet gateway
<Myrl-saki>
How do I run something as a background in a package?
<Myrl-saki>
(Or should I not?)
<ocharles>
I'm just reading the docs on VPC now. Lot sof moving parts
<copumpkin>
but yes, you need to manage all the networking programmatically to not hate yourself
<MoreTea>
ocharles, I dislike the AWS docs compared to GCP.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] dtzWill opened pull request #27641: snowman: init at 2017-07-22 (master...feature/snowman) https://git.io/v7mys
NixOS_GitHub has left #nixos []
<ocharles>
what is GCP?
<MoreTea>
google cloud platform
<ocharles>
oh, right
<MoreTea>
train has arrived, have to run
<ikwildrpepper>
I hate GCP
<ocharles>
I don't know anything about that :)
<ikwildrpepper>
especially the support
MoreTea has quit [(Quit: Leaving)]
<gchristensen>
the support is atrocious
<ikwildrpepper>
google support in general is horrible
<gchristensen>
^
<copumpkin>
wait, Google support is a thing?
<gchristensen>
I mean, no
<copumpkin>
oh okay
<copumpkin>
had me scared for a moment
<gchristensen>
they say they have it but it isn't real
<niksnut>
hehe
<ikwildrpepper>
not that AWS support is awesome, but at least they respond :p
<niksnut>
I can't even use GCP for private stuff
<gchristensen>
they gave me $500 to use for hydra builders but wouldn't tell me how to use it, and their support wouldn't reply
<copumpkin>
gchristensen: twist: it was a google interview question
<ikwildrpepper>
500 total or per month?
<copumpkin>
to see if they wanted to hire you
<gchristensen>
total lol
<ikwildrpepper>
that's the standard 500 dollar you get when you are interested in google cloud
<gchristensen>
oh hmm no you're right, it was per month
<copumpkin>
ah, the "free tier" equivalent?
<copumpkin>
niksnut: any sudden revelations on what's going on with all those mac builders?
<niksnut>
no
ryanartecona has joined #nixos
freusque has quit [(Quit: WeeChat 1.9)]
FRidh has quit [(Quit: Konversation terminated!)]
nslqqq has quit [(Ping timeout: 260 seconds)]
aminechikhaoui has quit [(Quit: leaving)]
aminechikhaoui has joined #nixos
<copumpkin>
niksnut: not sure what you did, but all the multi-day jobs on the macs are gone and replaced by fresh builds \o/ \o/
<ocharles>
ok, I needed to associate a public ip address, but now I'm all good
<ocharles>
does that mean nixops can only deploy to machines with a public ip?
<copumpkin>
keep in mind that a public IP address only works in a subnet with an IGW (even though you can associate them with instances even if there's no IGW)
<ikwildrpepper>
ocharles: nixops can only deploy to machines it can reach
<copumpkin>
and of course you need a route to the IGW
<ocharles>
ikwildrpepper: well that much seems obvious :)
<ocharles>
I guess I'm just wondering how I'd manage, say, a private postgresql server that I don't want on the public web
<LnL>
copumpkin: I think my hydra might be stuck in the same way
<ocharles>
it seems my only option is to give it a public ip, but then aggresively limit access with a security group
<copumpkin>
ocharles: you set up a VPN/direct connect into your VPC
<ocharles>
oh, right
<copumpkin>
or just a bastion of some sort
<copumpkin>
which I guess you could see the VPN as a fancy version of
<ocharles>
thanks for the help all!
<GlennS>
Anyone know what the likely cause of a Travis CI job taking 45m and timing out would be for a Nixpkgs pull request?
<GlennS>
does I need to rebase my pull request onto a newer master or something?
<GlennS>
*do I
<simpson>
GlennS: Don't worry about Travis unless you know that your PR needs to pass Travis.
zraexy has joined #nixos
<GlennS>
ah, ok
<GlennS>
problem solved then :)
<dash>
I'm trying to build some annoying C++ thing that wants to statically link stuff, is there a convenient toggle in stdenv.mkDerivation for building libraries as static?
<dash>
(so I can override a bunch of its deps that way)
nslqqq has joined #nixos
<dash>
aha, "dontDisableStatic"
obadz has quit [(Ping timeout: 260 seconds)]
obadz has joined #nixos
page_ is now known as page
pbogdan_ is now known as pbogdan
python476 has joined #nixos
<joepie91>
testing my .drv parser...
<joepie91>
what better way to test a parser than to let it parse your entire Nix store? :D
<copumpkin>
first evaluate your entire nixpkgs :)
<copumpkin>
then you should have all sorts of unusual drvs
<joepie91>
hahaha
<joepie91>
copumpkin: I do actually have hardware constraints to mind :P
<joepie91>
32k/41k derivations parsed...
<joepie91>
no errors so far
<joepie91>
I had one bug early on that's now fixed
magnetophon has quit [(Ping timeout: 255 seconds)]
pie__ has joined #nixos
DavidEGr1yson has joined #nixos
catern has quit [(Ping timeout: 260 seconds)]
<ToxicFrog>
seequ: did you create a boot directory in the --root you're installing nixos to?
kriztw_ has joined #nixos
Neo-- has quit [(Remote host closed the connection)]
magnetophon has joined #nixos
mbrgm_ has joined #nixos
ThatDocsLady has quit [(Quit: Arma-geddin-outta-here!)]
mounty has quit [(Remote host closed the connection)]
pie_ has quit [(Remote host closed the connection)]
simendsj` has joined #nixos
<seequ>
I didn't.
qknight_ has joined #nixos
DavidEGrayson has quit [(Ping timeout: 260 seconds)]
<gchristensen>
ikwildrpepper: on nixops network if a spot instance request goes away nixops can't destroy the resource. do you know of a fix? it is very annoying, I have dozens of spot-requested instances that I can't get rid of
simendsjo has quit [(Remote host closed the connection)]
qknight has quit [(Ping timeout: 260 seconds)]
gchristensen has quit [(Ping timeout: 260 seconds)]
fikse has joined #nixos
<Daemonik>
Why aren't NixOS ISOs signed?
<seequ>
ToxicFrog: I apparently missed that I need to mount /mnt/boot
<domenkozar>
Daemonik: signed in what way? they are automatically generated so it's hard to sign them
astsmtl has quit [(Ping timeout: 260 seconds)]
astsmtl has joined #nixos
astsmtl has quit [(Changing host)]
astsmtl has joined #nixos
<ToxicFrog>
seequ: yeah, otherwise it has no idea what you want for a boot partition. I think this is mentioned in the docs, but if not, it should be.
<Daemonik>
domenkozar, then have your build server sign them
<seequ>
ToxicFrog: It is. Noticed it when re-reading it
<domenkozar>
Daemonik: what threat attack does that prevent?
magnicida has joined #nixos
<magnicida>
hi!
<magnicida>
is it possible to start a nix-shell environment that on top of that adds additional packages?
<magnicida>
i am trying "nix-shell ./shell.nix -p some-extra-package" but it doesn't work :(
<domenkozar>
magnicida: nope, just what you have in shell.nix
<Daemonik>
domenkozar, Would be very easy for a state or otherwise clever actor to prepare a poisoned _.ISO and insert it via MITM. SSL PKI is broken so the SHA256 hash on the site isn't so great. Have you not watched Jacob Applebaum's 2013 talk To Protect & Infect?
<domenkozar>
-p generated a nix file on-the-fly
<Daemonik>
NixOS is interesting and attractive because of its community's focus on reproducible builds.
<domenkozar>
Daemonik: MITM between what two parties?
<Daemonik>
All of the other distros including Gentoo and CentOS provide GPG signatures. FreeBSD does this too.
<Daemonik>
MITM between a NixOS user and the NixOS website.
<magnicida>
domenkozar: the thing is, I want to easily change the compiler I get in the environment (gcc5, 6, clang38, ...)
<copumpkin>
the ISOs probably exist in a nar somewhere, which is probably signed
<Daemonik>
Or cloudflare
<Daemonik>
Cloudflare is an untrusted third party.
<Daemonik>
excuse me, cloudfront
<magnicida>
i guess i could provide various versions in the shell.nix that just change the compiler
<copumpkin>
too much cloud*
<magnicida>
and use -A
magnetophon has quit [(Ping timeout: 240 seconds)]
<magnicida>
but I don't know what the tersest way in Nix language is to say "this is exacly like that plus this input"
Sigma has quit [(Ping timeout: 260 seconds)]
catern has joined #nixos
mounty has quit [(Remote host closed the connection)]
Wizek_ has joined #nixos
mounty has joined #nixos
joshie has quit [(Quit: No Ping reply in 180 seconds.)]
fikse has quit [(Ping timeout: 260 seconds)]
MarcWeber has quit [(Ping timeout: 260 seconds)]
joshie has joined #nixos
Myrl-saki has quit [(Ping timeout: 260 seconds)]
MarcWeber has joined #nixos
Sigma has joined #nixos
fikse has joined #nixos
ryanartecona has joined #nixos
civodul has quit [(Remote host closed the connection)]
[0x4A6F] has joined #nixos
<srhb>
magnicida: Usually more arguments.
nschoe has quit [(Quit: Program. Terminated.)]
gchristensen has joined #nixos
dredozubov has quit [(Ping timeout: 260 seconds)]
<srhb>
magnicida: As in, think of the shell.nix file as a function that, given some argument(s) produce the environment that you want.
magnetophon has joined #nixos
<magnicida>
oh yeah, the import .asdasd.nix { my argument } syntax
colabeer has joined #nixos
<magnicida>
how do I pass the arguments when invoking nix-shell?
joshie has quit [(Quit: No Ping reply in 180 seconds.)]
joshie has joined #nixos
<magnicida>
I guess then I would just have one derivation, the module is parametrized over the compiler, and when I pass nix-shell then I have to pass the compiler somehow
dredozubov has joined #nixos
MarcWebe1 has joined #nixos
<Infinisil>
mightybyte: --arg and --argstr
<srhb>
I think Infinisil meant magnicida :)
<Infinisil>
Ohh right
<Infinisil>
Heh
lsyoyom has quit [(Ping timeout: 260 seconds)]
MarcWeber has quit [(Ping timeout: 260 seconds)]
catern has quit [(Ping timeout: 260 seconds)]
<srhb>
magnicida: The default haskell derivations produced by cabal2nix take a compiler argument by default.
<srhb>
magnicida: So I can go nix-shell --argstr compiler ghc812 for instance
<srhb>
magnicida: And of course you could use all sorts of logic to decide on what to do based on the arguments.
<magnicida>
i think i am starting to get it--i had some trouble understanding how things are parametrized but now I realized its all just functions
<magnicida>
thanks a lot for your patience, it was really helpful--Infisil that example is great!
[0x4A6F] has quit [(Quit: [0x4A6F])]
<Infinisil>
Glad I could help :)
<srhb>
Note that passing those arguments might be a little awkward.
<srhb>
(Since an "extra package" is usually not a string)
MinceR has joined #nixos
<magnicida>
I must say i am very impressed with both guix and nix. I am now writing nix formulas for my C++ libraries, so they can be easily tested on Travis in a sane way
sjouke has joined #nixos
<gchristensen>
nix expressions :)
<gchristensen>
very cool! we're (of course) very happy to help
<Infinisil>
srhb: It could be made a string though, actually
fikse has quit [(Ping timeout: 260 seconds)]
Fuuzetsu has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 4 new commits to master: https://git.io/v7Yv5
<NixOS_GitHub>
nixpkgs/master 099ce92 Robert Helgesson: gpsbabel: remove failing tests for mac and aarch64
<NixOS_GitHub>
nixpkgs/master 1b88217 Robert Helgesson: perl-CryptX: 0.044 -> 0.050
<NixOS_GitHub>
nixpkgs/master 46383f4 Robert Helgesson: perl-Perl-Critic: 1.128 -> 1.130
NixOS_GitHub has left #nixos []
<srhb>
Yup.
<Infinisil>
By just doing pkgs.${name}
<Infinisil>
It was kinda eye opening the first time I realised that ${} can be used in other places than strings
<magnicida>
if you use ${X} outside of a string (outside some quotes "") you turn a string into an identifier?
Fuuzetsu has joined #nixos
<dash>
Ugh. Multiple outputs from derivations is a nice idea but now i'm trying to build a cmake-using thing that expects dynamic and static libraries to be in the same lib/ :-(
<Infinisil>
magnicida: It's really the same in strings vs non-strings, "hello ${foo}" is "hello baz" and hello.${foo} is hello.baz
<srhb>
magnicida: Think of it as antiquotation
<Infinisil>
Hmm, what happens when foo isn't a string though..
sjouke has quit [(Ping timeout: 260 seconds)]
pietranera has quit [(Quit: Leaving.)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] edolstra pushed 1 new commit to staging: https://git.io/v7Yfd
<NixOS_GitHub>
nixpkgs/staging 47821f1 Eelco Dolstra: cc-wrapper: More quadratic performance fixes...
NixOS_GitHub has left #nixos []
erictapen has quit [(Ping timeout: 255 seconds)]
jgertm has joined #nixos
<srhb>
Infinisil: Depends on the context.
<Infinisil>
srhb: Yeah, it just fails where one would expect it
<Infinisil>
to fail
goibhniu has quit [(Ping timeout: 240 seconds)]
<copumpkin>
you know what would be a very valuable service from community volunteers who don't feel confident writing Nix but want to help? Going through hydra failures and categorizing/ranking failure causes
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to master: https://git.io/v7YJs
<NixOS_GitHub>
nixpkgs/master ea63fd4 Peter Simons: multi-ghc-travis: update to latest git version...
NixOS_GitHub has left #nixos []
<srhb>
copumpkin: I think all that's stopping people from doing that is probably the lack of a good guide :)
<Infinisil>
srhb: It's hard to make guides to debug, I believe that comes mainly from experience
<srhb>
Sure.
<srhb>
Often I bet just extracting the last relevant information would be good.
<srhb>
Which I think a lot of people can do.
<Infinisil>
srhb: True
<Infinisil>
I'm surprised this doesn't happen automatically though
<seequ>
How can I get "fi" as my keyboard layout. I have it set on i18n.consoleKeyMap and services.xserver.layout, but it's still using the us keyboard.
<Infinisil>
copumpkin: I actually don't know what's harder, doing what you said or writing nix expressions.. nix is pretty easy..
<seequ>
There was meant to be a question mark somewhere. :
<Infinisil>
seequ: Have you rebuilt and restarted the display-manager?
<seequ>
Rebooted entirely.
<seequ>
After nixos-rebuild switch
<seequ>
Which didn't error
<Infinisil>
seequ: Hmm, maybe check the imperative way first if that works: setxkbmap -layout fi
<seequ>
Yup, worked.
<sphalerite[m]>
clever: I'm not very good at navigating hydra, could you point me to a successful arm build of nix from yours? The one you started yesterday had a failed dependency
catern has joined #nixos
lsyoyom has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/v7YUG
<magnicida>
so <EXPR> does look for EXPR.nix and evaluates to 'import ...EXPR.nix'?
Fare has quit [(Ping timeout: 260 seconds)]
<magnicida>
oh no, it does not do the import, that is why we still put "with import <nixpkgs>"...
<LnL>
nix-instantiate --eval -E '<nixpkgs>' will show you what it resolves to
<magnicida>
ok
<magnicida>
aha, thanks!
<sphalerite[m]>
magnicida: no. <expr> will look for NIX_PATH entries of the form expr=/some/path OR /some/path where /some/path/expr exists
<sphalerite[m]>
And evaluate to that path. It will not import anything
fikse has quit [(Ping timeout: 255 seconds)]
erictapen has joined #nixos
mudri has quit [(Ping timeout: 258 seconds)]
<mpickering>
If I see this warning "warning: dumping very large path (> 256 MiB); this may run out of memory", have I done something wrong?
<Infinisil>
mpickering: Probably
<Infinisil>
mpickering: When using a path expression in your nix file, it imports that whole folder into the nix store
stubborn_d0nkey has quit [(Ping timeout: 240 seconds)]
Fuuzetsu_ has joined #nixos
Fuuzetsu has quit [(Ping timeout: 260 seconds)]
<Infinisil>
mpickering: E.g. if you use '../.' in ~/test/default.nix it will import all of $HOME into the store
<mpickering>
I stopped it now and will just use fetchGit instead
Fuuzetsu_ is now known as Fuuzetsu
JagaJaga has quit [(Ping timeout: 240 seconds)]
joshie has quit [(Quit: No Ping reply in 180 seconds.)]
<Infinisil>
mpickering: Why so? importing paths is nothing bad
joshie has joined #nixos
<mpickering>
Because it was taking over 5 minutes and my machine started swapping
<mpickering>
I had ../ghc as the path
<Infinisil>
mpickering: Well, does that path contain more than 256MB?
<mpickering>
Does that mean, the total contents of the folder is > 256mb? Then probably yes
FRidh has joined #nixos
<seequ>
Can I sommehow build a completely fresh os (users and all) without reinstalling?
ng0 has quit [(Quit: Alexa, when is the end of world?)]
<seequ>
Originally installed with the wrong locale, and that's kind of annoying.
<Infinisil>
mpickering: Using fetchgit wouldn't make any speed difference, it would probably be even slower
<FRidh>
copumpkin: some of that could be automated really nicely. For example, it would be nice to have a view in Hydra that shows what reverse dependencies cannot be build package a package fails. That would right away show you what the most important failures are.
<mpickering>
But it won't have to deal with all the build products which were in that folder
<copumpkin>
FRidh: yeah, I've often wanted to find red crosses vs. black ones
<Infinisil>
seequ: All the config of nixos is either in configuration.nix or in your home folder
<seequ>
I know.
<Infinisil>
mpickering: I feel like you're doing something nix wasn't intended for
<seequ>
The root home folder still has folders with the wrong language and they are used somewhere.
<Infinisil>
You shouldn't include built products, this is only mass duplication in your case
<mpickering>
Infinisil: I have a modified version of GHC which I want to use to build some packages so I am overriding the src attribute of the ghcHEAD derivation
<Infinisil>
bbl
<domenkozar>
/buffer 50
<domenkozar>
meh
<sphalerite[m]>
mpickering: it would probably work if you excluded .git which I presume is included in your copy of ghc?
<sphalerite[m]>
or whatever other VCS it uses
<sphalerite[m]>
not sure if it uses that other one?
<mpickering>
how can I do that?
<sphalerite[m]>
Regardless, the issue is likely to be that you're importing the entire history of ghc into your store rather than just what you actually want to compile
<mpickering>
There are also lots of build products and binaries so I just made a clean tree and removed .git
<sphalerite[m]>
Using the filterSource builtin. There's a handy function (lib.cleanSource) in nixpkgs that will take out common cases like .git
<sphalerite[m]>
oh right
<sphalerite[m]>
And that's still too big?
<seequ>
Infinisil: Hmm, actually I'd just need to rebuild the user folder.
<mpickering>
using cleanSource it is still too big
<et4te>
Infinisil: another thing that cost me serious hours... the builders in hydra dont work with private repos. A temporary fix i found was to use local sources instead for the private packages, but it took a long time to figure out what was going on.
<sphalerite[m]>
mpickering: Aw. fetchgit is probably your best option then -- you can still point it at your local copy to stop it from downloading all of it again though.
<mpickering>
actually this is stupid, I have already built the binary already. Is there someway I can point ghcWithPackages to use it rather than build it again from source?
<mpickering>
almost certainly not is my guess
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 3 new commits to master: https://git.io/v7Yts
<Infinisil>
rycee[m]: Was just wondering, how do you feel about putting premade non-specific modules into home-manager (or something else)? E.g. I just cobbled together a webdav contact/calendar server thing and it would be nice if other wouldn't have to struggle as much as I did and just do premades.webdav.contacts = true or something like that
<copumpkin>
LnL: oh thanks! turns out I was being stupid and had 17.03 on my local working copy from my backport yesterday
<copumpkin>
and I couldn't find any reference :D
<LnL>
heh
<Infinisil>
Part of that would be to also manage some initial state. E.g. create the directory it needs
<LnL>
was probably added for the docs or something then
michalrus_ has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 2 new commits to master: https://git.io/v7Yma
<rycee[m]>
Infinisil: Hmm, not sure if I follow. You developed your own contact/calendar server and want to put it into home manager? Do you have the code on github?
<rycee[m]>
Infinisil: Or you have made some service for Radicale or whatever?
<Infinisil>
rycee[m]: I'm using radicale + nginx
<Infinisil>
But it required a whole bunch of config stuff
michalrus has quit [(Read error: Connection reset by peer)]
michalrus_ is now known as michalrus
fikse has joined #nixos
<Infinisil>
Basically what I think of is a config that's an abstraction layer higher
<Infinisil>
E.g. setting `theme = "black"` would use a dark theme for every program that can do it
<Infinisil>
So you wouldn't need to set all of them yourself
<sphalerite[m]>
So I've built nix in debian and added a nixbld group and some users to it. Yet nix-store -r complains about the group having no members. WHat's up with that?
<Infinisil>
rycee[m]: Just an idea
<rycee[m]>
Infinisil: Right, yeah. I've thought a bit about themes and such but haven't come to any good conclusion. In principle I don't mind putting such things into HM but I think its best to be a bit restrictive about too grandiose things :-)
<Infinisil>
rycee[m]: I feel like more of a high-level config could eventually lead to having a GUI configurator and more adoption by common folks
<rycee[m]>
But yeah, it would be sweet to set an option like `theme.colorScheme = "Tomorrow Night"; theme.toolkitTheme = "Vertex Dark";` and it setting up my Emacs, Terminal, GTK, QT, etc accordingly.
<Infinisil>
rycee[m]: Indeed, and nixpkgs modules are the perfect infrastructure for that
<rycee[m]>
For the specific case of contact and calendar server I've been meaning to create a service module for radicale. I would be a bit wary of also including nginx in that mix.
georges-duperon has quit [(Ping timeout: 260 seconds)]
<sphalerite[m]>
yeah why the nginx in the mix?
<et4te>
Infinisil: yes it is, it doesn't affect public repos
<Infinisil>
sphalerite[m]: I'm thinking of a more high-level approach, where the user could just say "I want my own contacts server" and it does the thing.
<seequ>
Can you describe additional files for /root/ in configuration.nix?
<et4te>
Infinisil: but there should be a way fro the builders at least to be able to do fetchgitPrivate
georges-duperon has joined #nixos
<sphalerite[m]>
Infinisil: yes I understood that
<sphalerite[m]>
but why did you use nginx for your setup?
<Infinisil>
sphalerite[m]: Taking it to the extreme, this could be extended to create digitalocean droplet for you, installing nixos there and deploying the nginx + radicale server there
<Infinisil>
sphalerite[m]: The options for nginx are pretty nice
Ivanych has joined #nixos
michaelpj has quit [(Read error: Connection reset by peer)]
<Infinisil>
enableACME especially
<Infinisil>
Could also totally use apache, or just radicale without any proxying going on actually
<dhess>
Dezgeg: around?
Fare has joined #nixos
fikse has quit [(Ping timeout: 248 seconds)]
fikse has joined #nixos
Ivanych has quit [(Ping timeout: 240 seconds)]
bennofs has joined #nixos
jonte has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ericson2314 opened pull request #27645: darwin stdenv: Ensure libSystem reexports the right libraries (staging...libSystem-reexport-purity) https://git.io/v7YCq
NixOS_GitHub has left #nixos []
<Infinisil>
Is mguenter from github here? Maybe a different nick/?
Filystyn has joined #nixos
<Infinisil>
rycee[m]: Oh another high-level config thing example: synaptics touchpad settings to be as close to Apple's one
<rycee[m]>
Infinisil: I think for that case you could have a synaptics module, for example under `services.synaptics` with an `services.synaptics.preset = "apple";` option or whatever. I don't think that would be a problem, the user can then always override the other options if they'd like.
<Infinisil>
Or even: Have options to reflect the standard DE's and applications of distros, so <person that doesn't like the 'look' of nixos> can just set `preset = "ubuntu"`
<Infinisil>
rycee[m]: True
<Infinisil>
rycee[m]: The preset would just be a lower priority
ElGoreLoco has joined #nixos
pikajude has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
pikajude has joined #nixos
<dhess>
Anyone here build aarch64? I cannot figure out why the hell the kernel build takes 12+GB
<dhess>
I'm running out of space on my poor little SD cards
<dhess>
arm7vl does not have this problem
Ivanych has joined #nixos
stanibanani has joined #nixos
ryanartecona has quit [(Quit: ryanartecona)]
alx741 has joined #nixos
ElGoreLoco has quit [(Ping timeout: 240 seconds)]
magnicida has quit [(Ping timeout: 255 seconds)]
ertes-w has quit [(Ping timeout: 255 seconds)]
<pikajude>
"The .jobsets jobset must only have a single job named 'jobsets' at /nix/store/irx741vl329393bcrz8ckjc6fpiwf7c1-hydra-2017-07-24/bin/.hydra-eval-jobset-wrapped line 616."
<pikajude>
so, you have to create a spec.json that points to a nix file
<pikajude>
the nix file produces a json file that produces more nix files
<pikajude>
that's why i was confused
jgertm has quit [(Ping timeout: 246 seconds)]
<aristid>
nobody seems to care, but i'm trying to test for the spurious nixos test failures now by using a patch that runs the test 30 times in a row, and git-bisect-run
<gchristensen>
I assure you we care
<gchristensen>
it is difficult to fix them, any work you do making them more stable is extremely well appreciated
<pikajude>
seems a bit backward, tbh
<dhess>
wow, *just* made it with that aarch64 kernel build before /tmp ran out of space. And thank god, because it took about 8 hours :\
<copumpkin>
gchristensen++, aristid++
<pikajude>
why do there need to be two steps of procuding JSON files
<pikajude>
instead of just providing a JSON file with jobsets
<aristid>
thanks gchristensen and copumpkin :)
<pikajude>
producing even
<copumpkin>
dhess: curses! I'll have to add some more `dd if=/dev/urandom of=/tmp/spacefiller`
<dhess>
copumpkin: it sure seems like that's what's going on with these aarch64 kernel builds!
<dhess>
I have an arm7vl build host with the same amount of disk and it gets tight, but not like this
<LnL>
the last build failed I think
<copumpkin>
ouch, I don't envy building kernels on ARM
<dhess>
copumpkin: I did one stock and one tweaked. Neither one hit the cache
<gchristensen>
its terrible
<copumpkin>
what takes longer, gcc or the kernel?
<dhess>
aristid: no, I ended up mounting /tmp on the eMMC
* copumpkin
challenges dhess to a GHC build on ARM
<dhess>
so it had about 14GB free
<dhess>
and just squeaked by
<aristid>
copumpkin: you're just mean! :D
<dhess>
copumpkin: wow, is that worse than the kernel? Hard to imagine
<dhess>
GHC is also not very nice. I haven't attempted that yet on this aarch64
<copumpkin>
for a while GHC had to hop through 3 compilers to get to 8.x
<copumpkin>
I don't know if it still does
<dhess>
Trying to get an SMP-capable kernel running first
<copumpkin>
each of the 3 had a couple of bootstrap phases
<dhess>
copumpkin: it does. But I have a hacked derivation to skip that :)
<dhess>
I've actually filed an issue on it
<LnL>
I thought it where more then 3
<copumpkin>
oh goodie
<copumpkin>
I might be misremembering the details
<dhess>
My hacked derivation downloads the Debian binary and uses that to bootstrap
<dhess>
in upstream nixpkgs you can't even build GHC for arm (either variant) because there are no arm binaries for the bootstrap version (7.6.3 I think)
<dhess>
no GHC binaries available for arm from haskell.org for any version until 7.10.3 or so
<dhess>
anyway, I just grab the .deb and use that
<dhess>
Anyway I think I'm about to have an SMP-capable Jetson TX1 running aarch64. Just waiting for this NixOps deployment to finish
Negher has joined #nixos
<dhess>
And I have a Jetson TX2 on the way. 8GB of ram and pretty decent quad-core CPU. Should be a good aarch64 build server
<dhess>
assuming it boots :)
ottidmes has joined #nixos
Infinisil has quit [(Quit: leaving)]
<aristid>
copumpkin: an integration of git-bisect-run with nix-build, such that it would for example automatically skip if any build dependency failed, would be cool!
<et4te>
on a nix-prefetch-git i'm getting the following error: fatal: No url found for submodule path 'pkgs/zero/zero-client' in .gitmodules
<et4te>
after adding pkgs/zero/zero-client to a custom nixpkgs
<et4te>
when I add the repo to .gitmodules then prefetch fails as well
<et4te>
does this mean nix-prefetch-git fails in the presence of submodules?
<et4te>
or its something nixpkg related?
reinzelmann has quit [(Quit: Leaving)]
iSma has quit [(Ping timeout: 248 seconds)]
leat has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ericson2314 pushed 1 new commit to staging: https://git.io/v7Y6i
<NixOS_GitHub>
nixpkgs/staging 98cff3f John Ericson: darwin stdenv: Ensure libSystem reexports the right libraries...
NixOS_GitHub has left #nixos []
<seequ>
Can I enable +clipboard for vim_configurable?
<symphorien>
isn't it on by default ?
<seequ>
symphorien: Apparently so. Wasn't on vim, so didn't expect it to be on vim_configurable
ElGoreLoco has joined #nixos
<symphorien>
vim configurable has more things on by default
<symphorien>
mine has +clipboard without specific configuration
tvon has quit [(Quit: System is sleeping...)]
sheenobu has joined #nixos
guillaum1 has quit [(Quit: Lost terminal)]
jgertm has joined #nixos
<catern>
hey #nixos, is there a way to have a fixed-output derivation coming from a local path?
jonte has quit [(Ping timeout: 255 seconds)]
<sheenobu>
what are you trying to accomplish?
<catern>
i.e. say I have some path in the local filesystem, and I know its hash, so I want to load sources from it to perform a build (but get the optimization of not performing the build when it's already been done and has its output in the store)
simendsj` has quit [(Remote host closed the connection)]
<catern>
it's a terrible internal thing that I hope to delete ASAP :)
<catern>
gchristensen: ah! interesting! right! I'm an idiot!
<gchristensen>
:)
<sheenobu>
oooo gchristensen . and the dep fetching won't run again until you change the hash
<gchristensen>
yeah
ryanartecona has quit [(Client Quit)]
<gchristensen>
your build phase would be like cp ${./whatever} $out
<sheenobu>
s-m-r-t
<symphorien>
so there is no check ?
<sheenobu>
+1 gchristensen
<catern>
let's see
<gchristensen>
symphorien: sorry?
<sheenobu>
oh that doesn't work here?
<symphorien>
If you change the file underneath, it won't fail ?
catch22__ has joined #nixos
<joachifm>
it just returns whatever it finds in the store with that checksum
<gchristensen>
symphorien: it will fail
<sheenobu>
symphorien if it's in /nix/ already it'll fetch from that. if it's not in /nix it'll try to fetch and get a checksum fail
<gchristensen>
if it hasn't been fetched already
<catern>
that is great and I'm embarrassed I forgot it. but maybe you can have say if there's one more bit of magic... I already have hashes for the contents of these paths. but the hashes are calculated in a different way from Nix's NAR-based calculation. is there anything I can do to avoid needing to recalculate the hashes for Nix?
<symphorien>
ah ok
<gchristensen>
catern: what kind of hashes do you have?
sheenobu has quit [(Quit: My Mac has gone to sleep. ZZZzzz…)]
<catern>
not sure really :) maybe hashes of the sources after being tarred up?
josiah has joined #nixos
fikse has joined #nixos
sheenobu has joined #nixos
<sheenobu>
what were the hashes? i closed my laptop (Gotta setup weechat)
<sheenobu>
i'm just curious
Fare has joined #nixos
FRidh has quit [(Quit: Konversation terminated!)]
seppellll has joined #nixos
jgertm has quit [(Ping timeout: 240 seconds)]
fikse has quit [(Ping timeout: 248 seconds)]
<pikajude>
jesus this is such a nightmare
<pikajude>
"{UNKNOWN}: invalid keys in declarative specification file at /nix/store/12mhs2h73lx3az5f2gncwsgdvw9lk2b9-hydra-perl-deps/lib/perl5/site_perl/5.24.1/Catalyst/Model/DBIC/Schema.pm line 526"
<pikajude>
i think declarative hydra needs a biiiiit more work
<LnL>
I've not even tried it before
<pikajude>
it definitely has promise
<pikajude>
it just seems a bit obtuse
ison111 has joined #nixos
erictapen has joined #nixos
<Olgierd>
srhb: spotify works, thanks a bunch <3
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/v7YHC
<NixOS_GitHub>
nixpkgs/master b33b400 Franz Pletz: ddccontrol: disable bindnow hardening...
NixOS_GitHub has left #nixos []
Ivanych has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to release-17.03: https://git.io/v7YHK
<NixOS_GitHub>
nixpkgs/release-17.03 0357e2f Franz Pletz: ddccontrol: disable bindnow hardening...
NixOS_GitHub has left #nixos []
cpennington has quit [(Remote host closed the connection)]
<sheenobu>
i was able to get unstable running on my stable machine via nix-channel add unstable, then nix-env -iA unstable.spotify. that said i'm not sure if it is defaulting to nixos or unstable when i nix-env -i ?
<sheenobu>
eh i gotta run again. i can't weechat it
sheenobu has quit [(Quit: My Mac has gone to sleep. ZZZzzz…)]
<nh2>
clever: do you know if there's an equivalent to RPATH that links straight the the .so file instead of into a dir? I just did some measurements for ghc an found that statting 160k files (which is exactly what happens when you have 400 haskell deps as dynamic libraries) takes 0.7 seconds on my system, so a dynamic executable that has those will always start up that slowly
jgertm has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 2 new commits to release-17.03: https://git.io/v7YQC
<NixOS_GitHub>
nixpkgs/release-17.03 ea1410d georgewhewell: broadcom-sta: add patch for kernel 4.11+...
<NixOS_GitHub>
nixpkgs/release-17.03 040921d aszlig: broadcom_sta: Add patch for supporting Linux 4.12...
NixOS_GitHub has left #nixos []
ison111 has quit [(Ping timeout: 240 seconds)]
<seequ>
Hmm. I have `services.xserver.videoDrivers = [ "nvidia" ];`, but X can't find 'nvidia' drivers on startup
<seequ>
Any clue why?
sheenobu has joined #nixos
sheenobu has quit [(Client Quit)]
<nh2>
clever taktoa[m]: Also take the above into account for the #nix-incremental topic, as if `ghc --make` is not used, then each TemplateHaskell invocation will likely incur the penalty, so each single file built and using TH will have a default 0.7 second penalty if the project has many dependencies (a common thing these days)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] taktoa opened pull request #27648: lib/string: added parseDomain and parseEmail (master...feature/parseEmail) https://git.io/v7Y7X
NixOS_GitHub has left #nixos []
ElGoreLoco has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/v7Y7H
<NixOS_GitHub>
nixpkgs/master 0051247 Volth: tinc service: add CLI tools to the $PATH...
NixOS_GitHub has left #nixos []
ElGoreLoco has joined #nixos
<seequ>
More precisely: LoadModule 'nvidia' fails with 'module does nt exist, 0'
bennofs has quit [(Ping timeout: 246 seconds)]
simukis has quit [(Ping timeout: 260 seconds)]
ison111 has joined #nixos
<sphalerite[m]>
Aaah, compiler bootstrapping on ARM... SO much fun
Filystyn has quit [(Quit: Konversation terminated!)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ericson2314 pushed 1 new commit to staging: https://git.io/v7Ydk
<NixOS_GitHub>
nixpkgs/staging 34c0ba4 John Ericson: stdenv-setup: Add quotes that don't do anything for consistency....
NixOS_GitHub has left #nixos []
<LnL>
yeah
<ocharles>
My created ec2 machine with nixops has a disk size of 3gb - what should I be looking at to change that?
<nh2>
ocharles: I would be surprised if nixops can already resize EBS volumes (is your disk an EBS volume), because resizing EBS is a relatively new feature of AWS
<ocharles>
Right, but it provisions the initial EBS, no?
mkoenig has quit [(Quit: Lost terminal)]
mkoenig has joined #nixos
mkoenig has quit [(Client Quit)]
mkoenig has joined #nixos
mkoenig has quit [(Client Quit)]
mkoenig has joined #nixos
mkoenig_ has joined #nixos
civodul has quit [(Quit: ERC (IRC client for Emacs 25.2.1))]
ElGoreLoco has quit [(Ping timeout: 255 seconds)]
<grahamc>
Deployment.ec2.initialebsvolumesize or something like that ocharles
<ocharles>
oh, it is that one
<ocharles>
cool, thanks grahamc - i'll try that
taktoa has joined #nixos
<ocharles>
deployment.ec2.ebsInitialRootDiskSize I think
<grahamc>
You're welcome :) had to solve that today too
<sphalerite[m]>
nh2: I opened an issue about that (linking through absolute paths rather than rpath) a couple of months back https://github.com/NixOS/nixpkgs/issues/24844 it's possible, just not implemented
<sphalerite[m]>
on linux that is -- on macOS it's already done through absolute paths
<Sonarpulse>
niksnut: instead of using an associative array in stdenv/setup
<Sonarpulse>
to memoize
<Sonarpulse>
I can just define some already_seen_FO_SLASH_BAR_SLASH_BAZ
<Sonarpulse>
etc
<Sonarpulse>
....I suppose that keeps the O(1)?
<Sonarpulse>
but is gross and litters env vars
mkoenig has quit [(Quit: Lost terminal)]
mkoenig_ has quit [(Quit: Lost terminal)]
<nh2>
sphalerite[m]: that's excellent news, can you give me a short summary of what I have to do to give it an explicit path? Also, will the resulting link just be a "hint", so still be overridable with LD_LIBRARY_PATH?
<sphalerite[m]>
nh2: It's not implemented in nixpkgs's machinery yet, so you'd need to pass absolute paths to the linker manually instead of using `-l<library>`
<sphalerite[m]>
nh2: and no, it would not be overridable using LD_LIBRARY_PATH at that point. LD_PRELOAD would still work though.
mkoenig has joined #nixos
<sphalerite[m]>
That stuff is all discussed in the issue comments though
<nh2>
sphalerite[m]: I'm getting a bit lost in the amount of comments; what feature/flags to ld is the magic that has this effect?
<sphalerite[m]>
nh2: passing absolute paths instead of -lXYZ
<sphalerite[m]>
so rather than -lreadline, /nix/store/...-readline-1.2.3/lib/libreadline.so.12345
<nh2>
sphalerite[m]: ah, so passing explicit .so to `ld` doesn't do the same as `-l` does, but instead makes it do this "default path link"? I always assumed `-l` just finds files and then passes them normally (or so at least `man ld` suggests)
<sphalerite[m]>
Yeah no, it's not the same
riclima has quit [(Ping timeout: 240 seconds)]
<nh2>
sphalerite[m]: OK thanks, that is very useful info
zeus_ has quit [(Read error: Connection reset by peer)]
zeus_ has joined #nixos
<sphalerite[m]>
oh wow
<sphalerite[m]>
The problem with the link-time absolute paths approach is that basically none of the build systems support it
<sphalerite[m]>
Which is why people seem to be leaning more towards having this be a patching step that happens in the fixup phase rather than doing it at link time
<catern>
sphalerite[m]: I'm just talking about what taktoa said
<catern>
taktoa: it's not incremental Nix I care about
hiratara has joined #nixos
<nh2>
sphalerite[m]: I would definitely prefer if upstream build systems supported it; I think the less patching, the better, and this feature would clearly be useful for other use cases too
<catern>
taktoa: it's automatically generating Nix expressions from the package definition files from a different package management system
<catern>
sphalerite[m]: why is it discouraged to have evaluation depend on the result of realising a derivation?
<taktoa>
catern: it means you can't evaluate nixpkgs without building shit
<sphalerite[m]>
nh2: thing is it's not really suited for the traditional package manager setup, only for more exotic stuff like nix. So while it's certainly possible to introduce support for it it's not likely to show up in the smaller NIH build systems
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] knedlsepp opened pull request #27649: python3: Add C++ compiler support for distutils (master...fix-python3x-distutils) https://git.io/v7OJQ
NixOS_GitHub has left #nixos []
<catern>
taktoa: why can't it still be cached?
<sphalerite[m]>
catern: usually the stages from nix source to outputs are completely distinct -- evaluate then realise.
<taktoa>
catern: it will be cached
<catern>
taktoa: if I have a fixed-output derivation as my input, then my output should be deterministic
<catern>
so I shouldn't need to build
<taktoa>
but it has to build the first time
<sphalerite[m]>
catern: if evaluation depends on realisation of some other stuff, it becomes much much more expensive
<catern>
even if I actually inspect the fixed-output derivation
<catern>
sphalerite[m]: what I don't get is why it actually has to become more expensive
<taktoa>
honestly I think IFD is demonized more than it should be, but idk
<catern>
(IFD?)
<taktoa>
import-from-derivation
<taktoa>
the feature we're talking about
<catern>
oh
<sphalerite[m]>
I'd say it's great that it exists and people are welcome to use it but it definitely has no place in nixpkgs
<taktoa>
yeah, I can agree with that
ryanartecona has joined #nixos
<sphalerite[m]>
it's not "nobody should ever use this", more "there are some major caveats which should be considered carefully before using it"
<catern>
sorry for being a noob but I still don't get why IFD requires that you build the derivation you are importing from
<taktoa>
you have to build it the first time
<catern>
even the first time
<catern>
because, suppose it's a fixed-output derivation
<catern>
then your evaluation should be deterministic, right?
<sphalerite[m]>
catern: so you want to read a file that doesn't exist?
<sphalerite[m]>
sure it's deterministic, but it still depends on the output of building
<catern>
sphalerite[m]: no, I expect Nix to be lazy and not evaluate me if I'm not needed
seppellll has quit [(Ping timeout: 268 seconds)]
<taktoa>
yes, that will work
<sphalerite[m]>
that's still the case
<taktoa>
but hydra evaluates everything in nixpkgs
<catern>
okay
<catern>
and then the further feature I expect is
<sphalerite[m]>
but if you do evaluate it, it needs to build it before it can finish evaluating it.
<sphalerite[m]>
Fixed-output has nothing to do with it really
<catern>
I expect Nix to, for any function that has known inputs, compute the hash of (inputs, function), and download that hash instead of actually computing the function
<catern>
isn't that still possible even in the presence of IFD? which means, you don't actually need to build the inputs
<catern>
(what I mean is, isn't it still possible to do that, even if the function does IFD?)
<taktoa>
Nix doesn't cache evaluation
<taktoa>
only builds
<catern>
oh hmm
<catern>
even if the function returns a derivation I guess?
<catern>
(of course)
<catern>
so is that the blocker for IFD then?
<taktoa>
catern: think of Nix as a string templating language on top of a primop that creates a drv file (which consists of the data necessary to build something)
<catern>
hmm
<taktoa>
i.e.: a drv file has a set of output paths, a set of input drv paths (that must be built first), a map of environment variables, a path to an executable, and a list of arguments
<catern>
right... I see...
<catern>
Nix functions don't go into the store
<taktoa>
yeah
<catern>
the only thing that goes into the store is, er... derivations and realized derivations (if that's the right terms)
josiah has quit [(Remote host closed the connection)]
<catern>
hmm
<taktoa>
yes, that seems correct to me
nil has joined #nixos
<sphalerite[m]>
to me too, FWIW :D
<catern>
hmm
<taktoa>
I do think that there's a lot of room for improving how Nix evaluates stuff
<catern>
so what is the best way to handle the situation where I want to build software from another packaging system? is "regenerate Nix expressions whenever package specs change" really my only option?
<catern>
that is why I wanted to do IFD in the first place
<taktoa>
either way works
<catern>
so I could load package specs
<taktoa>
"regenerate Nix expressions" is what you do if you want to upstream it
<catern>
it will never be upstreamed since it's a terrible proprietary package system that I want to kill ASAP :)
<taktoa>
then just use IFD, nbd
<catern>
hmm... I still don't get it though
rigelk has quit [(Remote host closed the connection)]
<taktoa>
IFD becomes a problem when you are using Hydra and when you have a project at the scale of nixpkgs
<taktoa>
it's fine if you're doing something small and local
<Ralith>
has anyone ever seein a case where "g++ -o foo bar.o baz.so" causes bar to have all of baz.so's DT_NEEDED entries? is that expected behavior, and if so, can it be suppressed? It's breaking my build because baz.so's RUNPATH is not being copied, which of course means foo then has no idea where to find the copied DT_NEEDED libraries.
<catern>
to ask it again concretely: if I want to deploy a derivation that is built using IFD, does that mean all the derivations that are imported from, must be downloaded to the host I am deploying to?
ryanartecona has quit [(Quit: ryanartecona)]
<catern>
(in this case, those derivations are fixed-output derivations to provide sources)
<catern>
because that's what I want to avoid at all costs... given the large amount of sources I have, it's not practical for me to have the sources downloaded on to each deployed host
<catern>
taktoa: sphalerite[m]: btw thanks for the patient guidance :)
Daemonik has quit [(Ping timeout: 255 seconds)]
<taktoa>
catern: depends on what you mean by "deploy"
justelex_ has quit [(Ping timeout: 246 seconds)]
<taktoa>
if deploy == nix-copy-closure, then no
<catern>
deploy == evaluate a nix expression
<taktoa>
if deploy == nix-build it on the remote, then yes
<catern>
yeah
<catern>
being able to nix-build things seems like a pretty desirable feature...
<taktoa>
part of the confusing part here
<taktoa>
is that even if you've "wrapped" a Nix value with undesirable dependencies in a fixed-output derivation
<taktoa>
it will still have those dependencies
<taktoa>
because every derivation has a .drv and a .out
<taktoa>
the .out dependency graph for a fixed-output derivation may not include the IFDed stuff
<taktoa>
but the .drv dependency graph will :(
<catern>
i am not really sure of the relevance?
<taktoa>
I'm just saying that you can't, for example, wrap a bunch of IFD-using derivations in a fixed-output derivation that combines them all together
<taktoa>
so as to maximize cacheability
<catern>
hmm
<catern>
I see
<taktoa>
if you do that, the IFD-using derivations will still need to be on the system for the build to proceed
<gchristensen>
niksnut: maybe we can deploy the HSTS thing tomorrow? :)
<catern>
argh
<catern>
this IFD problem seems a lot like the monorepo problems that copumpkin was thinking about (and I also am thinking about)
<catern>
where if you put the default.nix with the source code
ryanartecona has joined #nixos
<catern>
that means to deploy, you've got to put the source code on the box you're deploying to
<catern>
v. painful
<catern>
hm
<catern>
so okay
<catern>
given that this is a proprietary system wherein I am like a god, I can resolve this in some way, maybe you can say whether this is a terrible way... I can lift out the proprietary package information from the actual package, and store it separately
<catern>
and then access it separately
<catern>
well, wait a second! can't I do that with Nix, too?
<catern>
I could have the source of each package as a fixed-output derivation, then another derivation which just contains the proprietary package information
<catern>
then I can do IFD on that derivation which contains the package information
<catern>
wouldn't that avoid downloading the sources?
k2s has joined #nixos
<catern>
er - the derivation containing the package information would be generated from the fixed-output derivation containing the package source
jedai has quit [(Ping timeout: 276 seconds)]
<catern>
i'm maybe overly excited, but this seems like the perfect fix!
<catern>
at least for my use case...
tvon has joined #nixos
<catern>
and other use cases too, actually! because then, while you would still need to download some additional package information to use nixpkgs, it would just be package information and not the entire source of some package
<Sonarpulse>
hmm
<Sonarpulse>
hmm
<Sonarpulse>
oops
<catern>
hmm
<Sonarpulse>
this thread seems relevant to me
<Sonarpulse>
IFD has no problems that aren't silly and easily solvable
<copumpkin>
multun: there's another 15 or so of them after that
<multun>
that's *exactly* what I was looking for
<multun>
thanks again !
<gchristensen>
the pills are truly excellent, I wish I had read them soonere
erictapen has joined #nixos
<multun>
are these articles linked somewhere on the nix website ?
<gchristensen>
no idea :/
<catern>
Sonarpulse: an extra nice thing for my use case is that I can not only extract a default.nix, but I can actually generate it at that time
<nh2>
copumpkin: and on the others? I'm wondering if I can use std::filesystem
<catern>
Sonarpulse: or be cleverly backwards-compatible by, if there is already a default.nix, just extract it out
<copumpkin>
nh2: gcc5 on linux stdenv. I assume it works with 17
<erictapen>
I'm expierencing a weird issue on nixops. I want to deploy to my host system (not a VM but my real laptop) and it says "Permission denied (publickey,password,keyboard-interactive).". If i try ssh root@127.0.0.1 it works. Has anyne an idea how to debug this?
seanparsons has quit [(Read error: Connection reset by peer)]
<globin>
nh2: you can always add a different gcc/clang version to nativeBuildInputs if you need something special
<nh2>
globin: I want to write a program that works in the stdenv / nix bootstrap though
<copumpkin>
:O
seanparsons has joined #nixos
<copumpkin>
nh2: what is it?
<erictapen>
I never specified any special ssh keys for nixops
<copumpkin>
whoa writing a parser in something other than bash? that's wild!!
<copumpkin>
we can't allow that
<nh2>
!copumpkin
<taktoa>
lmao
<nh2>
copumpkin: how do I use the "great work" bot
<dash>
nh2: !m
<taktoa>
!m copumpkin
<[0__0]>
You're doing good work, copumpkin!
<copumpkin>
:)
<nh2>
!m copumpkin
<[0__0]>
You're doing good work, copumpkin!
<copumpkin>
I hereby choose to be known exclusively for my snark in #nixos
<nh2>
erictapen: is it possible that you simply didn't need it so far because you used cloud deployments?
<nh2>
those install your pubkey automatically on instance creation
<erictapen>
nh2: nope, only had physical machines so far
<erictapen>
nh2: just did an strace on nixops ssh and discovered, that it is using an id file in my /tmp ...
<nh2>
erictapen: strace would have been my next suggestion
frankpf has quit [(Ping timeout: 255 seconds)]
endformationage has quit [(Quit: WeeChat 1.7)]
<nh2>
copumpkin: OK here's a good one for bash lovers and very related to why on nix everything links slower: How long does this take (guess without checking): `for i in {1..1000000}; do X=1; done`
<erictapen>
What amazes me, is that I did'nt stumble into that problme before
<gchristensen>
nh2: I dunno, not thath long
<nh2>
1.2 seconds
<gchristensen>
ok
<nh2>
and how much RAM does that need
<nh2>
two hundred megabytes
<gchristensen>
I'm guessing a good bit
<gchristensen>
sure
<gchristensen>
should I be distressed by that? :P
Fare has quit [(Ping timeout: 240 seconds)]
<nh2>
I find it distressing (at least the part that these facts make me wait forever to have my executables built when they build instantly on other OSs)