vandenoever has quit [(Ping timeout: 258 seconds)]
hamishmack has joined #nixos
eacameron has quit [(Remote host closed the connection)]
rpifan has joined #nixos
eacameron has joined #nixos
<adelbertc> if i do systemctl status display-manager.service I do see X11 Server failed to start up
<rnhmjoj[m]> are you sure the driver is ok?
<adelbertc> how do i check
eacameron has quit [(Remote host closed the connection)]
<adelbertc> when i did the nixos-rebuild switch it seemed to work?
eacameron has joined #nixos
<rnhmjoj[m]> check if the kernel version is supported. the closed source driver most likely won't work on the latest kernel.
b has quit [(Quit: Lost terminal)]
Kingsquee has joined #nixos
Wizek_ has quit [(Ping timeout: 240 seconds)]
<rnhmjoj[m]> amdgpu-pro for example doesn't seem to work with kernel >4.8
bgamari has quit [(Quit: ZNC - http://znc.in)]
bgamari has joined #nixos
ebzzry_ has quit [(Ping timeout: 260 seconds)]
<adelbertc> hmm alright ill check that
ebzzry_ has joined #nixos
griff_ has quit [(Quit: griff_)]
tvon has quit [(Quit: System is sleeping...)]
zraexy has quit [(Ping timeout: 246 seconds)]
newhoggy_ has quit [(Remote host closed the connection)]
newhoggy has joined #nixos
bgamari has quit [(Ping timeout: 246 seconds)]
<adelbertc> rnhmjoj[m]: how do i check what kernel versions amd_unfree supports?
<adelbertc> and what do i do to fix
<rnhmjoj[m]> the officially supported systems should be somewhere on the amd website.
<catern> what would I name a variable that is nixpkgs, but before being applied to an empty set?
<catern> i.e. it contains (import <nixpkgs>) not ((import <nixpkgs>) {})
<catern> (because I'm going to supply it some arguments)
<rnhmjoj[m]> adelbertc: anyway, i have just found this https://github.com/NixOS/nixpkgs/issues/24210
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] jgertm opened pull request #28249: Fix HDA recording latency (master...fix-qemu-recording) https://git.io/v7QwQ
NixOS_GitHub has left #nixos []
<adelbertc> ahh
<adelbertc> cool, thanks!
bgamari has joined #nixos
<rnhmjoj[m]> adelbertc: to downgrade the kernel, if needed, you have to set the option boot.kernelPackages
gnuhurd has quit [(Remote host closed the connection)]
betaboon has quit [(Quit: This computer has gone to sleep)]
python476 has joined #nixos
<clever> catern: ive called that variable raw_func before
phinxy has joined #nixos
mbrgm has quit [(Ping timeout: 255 seconds)]
mbrgm has joined #nixos
nikivi has joined #nixos
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/059d722e5c (from 3 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
nix-gsc-io`bot has quit [(Client Quit)]
ebzzry_ has quit [(Ping timeout: 246 seconds)]
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
<catern> clever: ah, that suggests to me naming it nixpkgsFunc, which I like
<catern> (Nix naming style is camel case right?)
<clever> yeah, that names also fits
ebzzry_ has joined #nixos
Myrl-saki has joined #nixos
spear2 has quit [(Quit: ChatZilla 0.9.93 [Firefox 54.0/20170616104331])]
sigmundv__ has quit [(Ping timeout: 258 seconds)]
Supersonic112 has quit [(Ping timeout: 240 seconds)]
Supersonic112_ has joined #nixos
Supersonic112_ is now known as Supersonic112
blahdodo has quit [(Quit: Bye bye)]
blahdodo has joined #nixos
blahdodo has quit [(Client Quit)]
ison111 has quit [(Ping timeout: 258 seconds)]
blahdodo has joined #nixos
zeus_ has joined #nixos
sellout- has quit [(Quit: Leaving.)]
tvon has joined #nixos
mizu_no_oto has joined #nixos
Wizek has quit [(Quit: Connection closed for inactivity)]
<Myrl-saki> Why can't I do `nix-build -A inputs` https://github.com/adrianparvino/CellGame/blob/master/default.nix
python476 has quit [(Ping timeout: 260 seconds)]
<clever> Myrl-saki: there is no attribute in that file
<clever> so nix-build -A cant find inputs
<clever> inputs attribute
<Myrl-saki> clever: I guess it becomes a question of what attributes ae
<clever> it doesnt return an attribute set
<clever> so just no -A flag
tvon has quit [(Quit: Peace out, y'all!)]
<Myrl-saki> clever: I think I get it.
hamishmack has quit [(Quit: hamishmack)]
ison111 has joined #nixos
<Myrl-saki> clever: So. `nix-build '(import ./. {})' -A buildInputs` or something?
<clever> why are you trying to build a list?
<Myrl-saki> clever: Build tools and dependencies are too slow to build on my laptop.
zraexy has joined #nixos
<clever> ah, then you want to use a nix build slave, or nix-copy-closure
<Myrl-saki> clever: Yeah, I'm build buildInputs then nix-copy-closure
<clever> you can run nix-copy-closure on a .drv file
<clever> so just "nix-instantiate" with no args, that will give a .drv for the whole thing
<Myrl-saki> clever: I did, and it's not enough.
<clever> then use nix-copy-closure to copy that elsewhere, and nix-store -r to build it
<clever> what fails when you do that?
<Myrl-saki> clever: The buildInputs don't seem to be copied.
<clever> yeah, nix-copy-closure on a .drv doesnt copy all the inputs, so the destination has to rebuild/download them
<clever> a nix build slave is better
<clever> [root@nas:~]# cat /etc/nix/machines
<clever> builder@192.168.2.15 i686-linux,x86_64-linux /etc/nixos/keys/distro 3 4 big-parallel,kvm,nixos-test
<clever> this says to ssh into the given user@host, and to use that ssh privkey to get in
<clever> nix-daemon (running as root) needs read on the key
<clever> nixos also has options to configure it
<clever> when done right, it will copy all inputs out, and copy the products back
<Myrl-saki> clever: Even the buildInputs?
<clever> it will just do it for any expression
<Myrl-saki> clever: Mkay.
<Myrl-saki> I guess I also wanted to try a distributing build inside my house.
<Myrl-saki> 5 cores > 4 cores.
donbright has joined #nixos
<Myrl-saki> clever: How to set up distributed build? I'm not sure if the one in Nix manuals is the right way.
<clever> are you on nixos or another distro?
<Myrl-saki> NixOS.
<Myrl-saki> Both.
<donbright> hello, i did configure, make, make install from nix source (1.11.13) but i cant seem to use nix-env etc. for example nix-env -qa says "error getting information about '/home/don/.nix-defexpr': no such file or directory
<donbright> how do i get it to create my ~/.nix- folders and whatnot? how do i load my profile thingy?
<donbright> im also wondering about updating the nix install instructions but cant figure out where the sources are for https://nixos.org/nix/manual/#ch-supported-platforms
<clever> donbright: nix-defexpr is usually managed by nix-channel
justan0theruser has joined #nixos
justanotheruser has quit [(Ping timeout: 240 seconds)]
<Myrl-saki> clever: Should I set up a new sshUser for this?
<donbright> HTTP response code said error (22)
<clever> Myrl-saki: yeah, i try to always use a builder user for this
<clever> donbright: the correct url is https://nixos.org/channels/nixpkgs-unstable
<timclassic> Is KRDC not available in Nixpkgs or am I just having trouble finding it?
* timclassic is looking for a decent client that does VNC and RDP and isn't Remmina
timofonic has joined #nixos
<timofonic> Hello
<timofonic> I used Gentoo (and Paludis in the past), now I use Archlinux. I miss the configurability, availability of bleeding edge packages and optimization of Gentoo. Arch provides faster upgrading due to binary packages and AUR packages provide extra stuff, but there's lots of bitrot (outdated, orphaned, broken packages). Is it possible to compare the packages of my distro with the ones in NixOS? Does NixOS provides
<timofonic> the flexibility of Gentoo's USE flags?
<donbright> ok thanks... but how do i create my ~/.nix-profile
<rnhmjoj[m]> timclassic: I'm not sure. this seem to be the only reference in nixpkgs: https://github.com/NixOS/nixpkgs/search?q=krdc&type=Code&utf8=%E2%9C%93
<clever> donbright: nix-env will automatically create .nix-profile
<timclassic> rnhmjoj: Okay, that's what I found too
<timclassic> Ugh, remmina is working pretty well, FINE ;)
<timclassic> rnhmjoj: Thanks for looking! :D
<donbright> don@sakharov:/tmp/nix-1.11.13$ nix-env -i hello error: Unknown CPU type: powerpc64
<timofonic> I would love remmina and tons of other apps but using a lot more lightweight toolkit, efl for example :P
<Myrl-saki> clever: Do you set isNormalUser ?
<clever> Myrl-saki: yeah
<clever> donbright: and the expressions within nixpkgs need to know how to build a gcc for the current platform
<donbright> clever: thanks... what should i read to be able to figure this out?
<rnhmjoj[m]> timofonic: I have never used gentoo but I think nix is quite flexible. currently in my configuration I have custom build flags set for firefox and wine, an override of some haskell package to disable failing test, a version override of some package, and I used to have a patches for a few programs before they were fixed.
roni has quit [(Ping timeout: 240 seconds)]
MP2E has quit [(Quit: be back later)]
<clever> donbright: what does this print? nix-instantiate --eval -E 'builtins.currentSystem'
<donbright> "powerpc64-linux"
<clever> nix-instantiate -E 'with import <nixpkgs> { system = "powerpc64-linux"; }; hello' --show-trace
<clever> donbright: this outputs a backtrace to the source of the problem, even if you run it on an x86 machine
<rodarmor> I want to submit a PR that improves the way the mpd service is configured under NixOS. I think I made the right changes, but how do I test them?
<rodarmor> I have the changes in a local nixpkgs checkout
schoppenhauer has quit [(Ping timeout: 248 seconds)]
<donbright> error: file ‘nixpkgs’ was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:13
<clever> donbright: you may also need to set the env var NIX_PATH=nixpkgs=/path/to/nixpkgs
schoppenhauer has joined #nixos
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<Myrl-saki> clever: I guess the question starts becoming "How do I not nuke my build system if I do a nix-collect-garbage"?
<donbright> clever: thanks, looks like nixpkgs/lib/systems/parse.nix only has 'powerpc' as 32bit, no entry for powerpc64
<Myrl-saki> Well
<donbright> lol problem is all of /nix/store is read only
Myrl-saki has quit [(Quit: WeeChat 1.9)]
<clever> donbright: /nix/store is supposed to be read-only, it must never be modified by hand
<donbright> yeah ... this project is amazing but its very different from everything im used to
<donbright> how do you hack on something that is read only?
<dash> you don't, you hack on a source repo as usual
<donbright> so basically i need to hack on a source version of 'nixpkgs', and then install the "built" version into /nix/store ?
<donbright> then reset my NIXPATH then re-run the nix setup
<clever> donbright: copy the nixpkgs version to your home folder and edit the copy
<clever> donbright: and you can use a command like: nix-build ~/nixpkgs -A hello, to test it
<donbright> thanks... very cool.
Kingsquee has quit [(Quit: https://i.imgur.com/qicT3GK.gif)]
donbright has quit [(Quit: Page closed)]
mizu_no_oto has joined #nixos
Myrl-saki has joined #nixos
<Myrl-saki> Whoops. Did I miss anything?
<Myrl-saki> Last log was :29:56 because I had to reboot my system.
<clever> nope
<Myrl-saki> Ah good.
<Myrl-saki> Does callPackage actally do anything than just fill up the arguments?
<clever> it also adds a .override function to let you change those arguments
<Myrl-saki> Ah. Right. So it's more of a convenience function than a building function.
reinzelmann has joined #nixos
<clever> yeah
Myrl-saki has quit [(Quit: WeeChat 1.9)]
hamishmack has joined #nixos
Myrl-saki has joined #nixos
<Myrl-saki> I barely use `reboot`, but when I do, it's always followed by a `C-r reb --> reboot`
<Myrl-saki> `C-r rebu` is too long to type. :(
<Myrl-saki> Maybe I should use `C-r swi` instead.
inflames has joined #nixos
phinxy has quit [(Read error: Connection reset by peer)]
rpifan has quit [(Read error: Connection reset by peer)]
rpifan_ has joined #nixos
<Myrl-saki> clever: Am I missing something? http://ix.io/z7G
<clever> Myrl-saki: make sure you quote the private key path, or it lands in /nix/store/
<Myrl-saki> clever: Right. I did that, but it didn't appear on /nix/machines.
<Myrl-saki> clever: Is having it in /root a problem?
<Myrl-saki> Oh wait what. It's now here.
<Myrl-saki> I may have just misread. Sorry.
rauno_ has quit [(Ping timeout: 246 seconds)]
rauno has quit [(Ping timeout: 240 seconds)]
<Myrl-saki> clever: error: imported archive of ‘/nix/store/l8wcfjdn3isg6mha5p22g41qgk46pxbl-echo-0.1.3-doc’ lacks a signature
<clever> Myrl-saki: you need to add the build user to the trusted-users list in the slaves nix.conf file
<clever> nix = {
<clever> trustedUsers = [ "builder" ];
<Myrl-saki> Ah
<Myrl-saki> Thanks.
<tnks> I hear people say they tried using Python and Nix, but gave up... but I'm not having so sad of an experience.
<tnks> Does anyone know what the major complaint is?
<tnks> Maybe it doesn't seem as bad to me because I've accepted that occaisionally I need to write up Nix expressions for dependencies.
<clever> i'm guessing its users trying to just nix-env all deps or just blindly using pip as always
<Myrl-saki> Lmao
<Myrl-saki> How do I errr
<Myrl-saki> I set NIX_BUILD_HOOK to "", but it still insists on remote building
<Myrl-saki> I guess I could turn off one of my systems for a bit lol
<clever> if NIX_REMOTE is set to daemon, then its nix-daemons hook that matters
<Myrl-saki> Ohhh
<Myrl-saki> This was a funny deadlock tho
<clever> but if you run nix-build as root, you can safely unset NIX_REMOTE
<clever> it will internally do the same things as nix-daemon
<Myrl-saki> clever: nix-build but not nix-rebuiuld?
<clever> that should also work
<clever> another option in that case
<Myrl-saki> Oh wait, you said NIX_REMOTE
<clever> just delete /etc/nix/machines
<Myrl-saki> Right.
<clever> nixos-rebuild will restore it
<Myrl-saki> clever: Mhm
<Myrl-saki> Thanks.
<Myrl-saki> clever: Hypothetical example. I run nix-build on Machine A. It finishes. Then I run it on Machine B, will the built things on machine A be copied to B?
<clever> only if B tries to build it on A
<clever> it will discover it was already done
<Myrl-saki> clever: Makes sense.
<clever> Myrl-saki: nix-serve is one option, that runs a binary cache
<clever> so it gets checked sooner
<clever> and it will be checked even if build slaves are off
stepcut has joined #nixos
<Myrl-saki> clever: Would it be a good itea to run this on a desktop(non-dedicated build server)?
<clever> sure
<Myrl-saki> clever: I think I get the general idea.
<Myrl-saki> clever: What if I instead set the relative speed to an insanely high number? How does that differ?
<Myrl-saki> clever: I guess there'll be less slots?
<clever> havent looked into the code of how that controls things
<stepcut> I wasn't paying close attention, and Linode switched me from Xen to KVM and now my NixOS install no longer boots. I can boot into a rescue console and mount the partitions -- but is there some way to chroot into the nixos system so that I can update it using nixops deploy?
<clever> stepcut: i think you could run this kexec trick inside the rescue shell, then you will have nixos running from ram
<clever> stepcut: then you can use "nixos-install --chroot" to chroot into it properly
<stepcut> nixos-install --chroot just does a chroot, it doesn't actually install things?
<clever> correct
<stepcut> I wonder what would happen if I didn't kexec first
<clever> there are some directories and env vars that nixos needs set when using chroot
<clever> nixos-install handles all of it
<Myrl-saki> clever: If I have a buildMachine config that's local->remote and remote->local, will it deadlock?
<clever> Myrl-saki: maybe
inflames has quit [(Ping timeout: 240 seconds)]
<stepcut> clever: I am unclear how I would run this kexec expression with out first being able to boot nixos
<clever> stepcut: its designed to be built into a tar on another nix machine, uploaded, then unpacked and ran
<clever> stepcut: have a look at the session.md file
<stepcut> So, I boot up some random rescue disk (Finnix in this case), upload and extract the tarball, and then run the ./kexec_nixos command. That leaves me with a system that now has a NixOS kernel -- but still has the Finnix filesystems mounted. Then I use the nixos-install --chroot command to switch into the nixos environment?
<stepcut> do I need the `--root /mnt` flag for nixos-install as well?
<clever> stepcut: kexec will mount a nixos filesystem that was inside the tarball
<clever> stepcut: so it will be running a fully nixos based system, from ram
<stepcut> ah
<stepcut> that makes a bit more sense
<stepcut> I'm going to guess things will go more smoothly if I don't try to build that tarball on an nix-darwin system :-/
<clever> yeah
<clever> *looks*
<clever> nothing in the expression forces it to be a linux build
<clever> so it will try to make a darwin build of the linux kernel
<clever> which isnt valid
simukis_ has joined #nixos
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable advanced to https://github.com/NixOS/nixpkgs/commit/48541d463b (from 17 hours ago, history: https://channels.nix.gsc.io/nixos-unstable)
nix-gsc-io`bot has quit [(Client Quit)]
<stepcut> yeah, I already booted up a NixOS virtualbox instance
<stepcut> now things are happening -- hopefully good things
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<stepcut> it built -- now I am jumping throw the hoops of getting from a virtualbox instance the rescue system -- the lack of ssh makes things.. challenging
<clever> :S
<clever> if you can enable an sshd in the vbox, you can use agent forwarding to hop around
<stepcut> well, mostly tedious
loupgaroublond has quit [(Quit: Bisy backson!)]
<stepcut> the issue is that I need to get things to the system booted from a rescue disk -- and that system is not running sshd. I am copying the file to a webserver and can just use wget
loupgaroublond has joined #nixos
<clever> ah
<clever> you will also want to populate /ssh_pubkey before you /kexec_nixos
<stepcut> at least after this is all done I will be on KVM and will get twice as much ram for the same price :)
<clever> that will become the authorized_keys file
silver_hook has joined #nixos
silver_hook has quit [(Changing host)]
silver_hook has joined #nixos
<stepcut> k
<stepcut> ok! nixos ramdisk booted.
<stepcut> so I did, `mount /dev/sdc /mnt && mount /dev/sda /mnt/boot` and now I do `nixos-install --chroot --root /mnt` ?
<sphalerite> --root /mnt is the default
<sphalerite> So you don't need to specify it
<sphalerite> Only for nixos-generate-config
inflames has joined #nixos
<clever> also, the --chroot arg parsing is rather dumb
<clever> the command you gave will run --root as a shell in --chroot
<stepcut> so just `nixos-install --chroot` then
<clever> yep
<stepcut> it seems to be downloading a bunch of packages -- should I be scared?
<clever> what packages?
<stepcut> fontconfig, fonts, gawk, other stuff
HurricaneHarry has quit [(Ping timeout: 246 seconds)]
<stepcut> I guess it is downloading those to the ramdisk /nix, not the /mnt/nix
<Lisanna> Hey, how come nix-build isn't picking up my NixOS proxy settings?
<Lisanna> if I run echo ${http_proxy} in one of the build hooks it prints an empty string :/
<clever> Lisanna: all networking is disabled during builds
<Lisanna> err, echo $http_proxy
<stepcut> perl, dbus, gnugrep, sudoers, etc
<Lisanna> clever: ah, I was afraid it might be something like that
<Lisanna> I guess it makes sense though
<Lisanna> handwritten makefiles are the worst <_<
<timofonic> alacritty or kitty? :)
<Myrl-saki> Lisanna: As opposed to cmake?
<Lisanna> Myrl-saki: as oppoed to just autotools, at least I always know what I'm getting with that
MercurialAlchemi has joined #nixos
<stepcut> clever: it seems like this wants to do a lot more than just 'chroot' but not sure why.. seems to want to build a bunch of units and other things and copy them into my /mnt
<clever> stepcut: and your sure you used just --chroot?
<clever> stepcut: its safe to ctrl+c
<stepcut> [root@kexec:/]# nixos-install --chroot
<clever> stepcut: what are the contents of /mnt//nix/var/nix/profiles
<stepcut> I did ^C
<stepcut> there are a bunch things in there, http://lpaste.net/8150819407694659584
<clever> stepcut: i checked the source, and i think i see a problem
<clever> stepcut: one minute
<clever> stepcut: yeah, the --chroot flag is broken
<stepcut> =)
<clever> stepcut: its still right on nixos 17.03, so if you clone this branch in virtualbox: nixos-17.03 from https://github.com/NixOS/nixpkgs-channels
<clever> stepcut: and then update NIX_PATH and re-build the tarball
<clever> that will fix the --chroot flag
<stepcut> ok
<stepcut> clever: what are the chances this will work? https://nixos.org/nix-dev/2014-December/015253.html
<clever> stepcut: that might work
<Lisanna> is there an easy way to evaluate a bash expression as part of evaluationg a nix expression?
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] bjornfor pushed 1 new commit to master: https://git.io/v7QDN
<NixOS_GitHub> nixpkgs/master e615745 Jean-Pierre PRUNARET: nixos/munin: scripts need to be executable in order to build a wrapper...
NixOS_GitHub has left #nixos []
oida has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] bjornfor closed pull request #28208: munin-node: scripts need to be executable to build a wrapper (master...pr-munin) https://git.io/v7HlK
NixOS_GitHub has left #nixos []
phreedom has quit [(Ping timeout: 246 seconds)]
oida_ has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] fpletz pushed 2 new commits to master: https://git.io/v7Qyq
<NixOS_GitHub> nixpkgs/master 3317c71 Franz Pletz: grub2: 2.x-2015-11-16 -> 2.02...
<NixOS_GitHub> nixpkgs/master eb9f427 Franz Pletz: zfs: use multiple outputs...
NixOS_GitHub has left #nixos []
<Myrl-saki> Lmao
<Myrl-saki> No wonder it wasn't working
<Myrl-saki> «derivation /nix/store/vs6w2bk07hrp500z01fqlw5fcb5ybm51-Cabal-1.24.0.0.drv» «derivation /nix/store/wlw6q1nbzmv53hkvad19scpv53wvhgmw-ghc-8.0.2.drv» null
<clever> what was the null?'
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] fpletz closed pull request #24451: grub: Bump to 2.02-rc2 (master...master) https://git.io/vSGqG
NixOS_GitHub has left #nixos []
<clever> containers?
<Myrl-saki> clever: No idea. I'm checking now.
zraexy has quit [(Ping timeout: 260 seconds)]
<hyper_ch> is it possible to use /var/tmp for compilation of nixos instead of /tmp ?
<hyper_ch> since /tmp is ramdisk for me and I often get not enough space
<Myrl-saki> Does `optional` result in null if false?
<Myrl-saki> Should you do something like `optional ... ... ? []` instead?
vandenoever has joined #nixos
<Myrl-saki> Seems like it's around here.
<clever> Myrl-saki: what are the deps being passed into your package?
<clever> when generic-builder was called?
<Myrl-saki> Wait, I passed base.
<clever> base is null, its part of ghc
<Myrl-saki> Rip.
<Myrl-saki> No wonder.
<clever> base and containers cant have their versions overriden
<Myrl-saki> Oh cool. I didn't know about the containers part.
<clever> i ran into the same problem a week ago, somebody increased the required version of containers
<clever> stack could build it, but nix couldnt
<stepcut> ok. Getting closer. I rebuilt using nixos 17.03. But when I try to do 'systemctl start sshd' it says, 'Running in chroot, ignoring request.'
<Myrl-saki> clever: So... containers should be implicitly passed?
<Myrl-saki> base and containers
<clever> nixpkgs will just ignore it when you try to pass those in
<clever> so there is no real point in trying
<Myrl-saki> Right.
<Myrl-saki> Doing nix-build -A buildInputs gets me what I want now.
<Myrl-saki> But it's a list.
<Myrl-saki> Is there like a list -> derivation?
aloiscochard has joined #nixos
<clever> buildEnv
<Myrl-saki> clever: Thanks. :D
FRidh has quit [(Ping timeout: 240 seconds)]
filterfish has joined #nixos
filterfish has quit [(Remote host closed the connection)]
<Myrl-saki> clever: Will doing `nix-build -A buildInputs` keep it from getting gc'd?
<clever> depends on if it makes a link for each output or not
<rodarmor> I have kind of a stupid setup that requires me to make sure that I set some acls on mpd's data dir, so it can read it. I'd like to include these commands in configuration.nix, so that they're always applied. Where is the appropriate place to put commands so that they run after all the filesystems have been mounted, but before starting services?
<rodarmor> Maybe `boot.postBootCommands`?
<clever> rodarmor: preStart on the proper systemd unit
<rodarmor> clever: Oh, crazy, I didn't see all the generic systemd.services.<name>.*
<rodarmor> Awesome, thanks!
ShalokShalom_ has joined #nixos
ShalokShalom has quit [(Ping timeout: 248 seconds)]
zeus_ has quit [(Remote host closed the connection)]
<rodarmor> clever: It looks like mpd already has a preStart command defined in the service. Will the one I set in my configuration.nix override it?
<clever> rodarmor: you can use mkForce to override it, but that will entirely replace
<clever> so your new preStart has to create and fix the owner
inflames has quit [(Ping timeout: 246 seconds)]
<rodarmor> clever: The existing preStart does some unrelated permissions stuff, which are fine. The new preStart stuff does other permissions stuff. They should both run, ideally
nslqqq has quit [(Ping timeout: 248 seconds)]
<clever> you will need to manualy paste the old preStart into your override
Fannar has joined #nixos
<rodarmor> clever: Ah, gotcha, okay
rauno has joined #nixos
<rauno> hi
<rauno> which packages does include make in nix manager ?
<clever> rodarmor: nix-shell -p gnumake
ebzzry_ has quit [(Ping timeout: 240 seconds)]
<simpson> clever: How are you so fast!?
* simpson still in nix-repl
<clever> ive memorized an unually large chunk of nixpkgs
<cocreature> clever is just a really good AI
<rodarmor> loooool
<Lisanna> I've never seen clever not active in this channel
<rauno> thx clever
<rodarmor> clever bot ;)
<rodarmor> Is there a `with X as ALIAS;` construct in nix lang?
<clever> nope, but you could maybe do it with a let block
<clever> let alias = x; in
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable advanced to https://github.com/NixOS/nixpkgs/commit/9ed9ede922 (from 10 hours ago, history: https://channels.nix.gsc.io/nixos-unstable)
nix-gsc-io`bot has quit [(Client Quit)]
<rodarmor> clever: Cool, that's perfect
takle has joined #nixos
filterfish has joined #nixos
Fannar has quit [(Ping timeout: 240 seconds)]
<Myrl-saki> clever: I think I understand what I should do now.
<Myrl-saki> clever: nix-instantiate, nix-store -q --referrers, nix-copy closure
Fannar has joined #nixos
<Myrl-saki> Rather, --references
<Myrl-saki> Maybe some xargs
<clever> copy-closure can take a list
nslqqq has joined #nixos
<Myrl-saki> clever: Right, but the buildInputs is incomplete, I think.
<Myrl-saki> Which does `import` prioritize, shell.nix or default.nix?
<Myrl-saki> Well, this is weird.
<Myrl-saki> I nix-shelled on a foo.nix
<clever> import always does default.nix
<Myrl-saki> Basically, what happened.
<Myrl-saki> foo.nix contained `import ./. ...`
<Myrl-saki> I nix-shelled to it. It didn't have to compile. I changed it to ./default.nix, it recompiles. I changed it back to ./., it recompiles.
rpifan_ has quit [(Quit: Leaving)]
Ivanych has joined #nixos
<Myrl-saki> I wonder if it's just PEBCAK though. :P]
<clever> do you have a src of ./. ?
mkoenig has quit [(Ping timeout: 246 seconds)]
<Myrl-saki> clever: Yeah.
<clever> the source depends on the nix files
<clever> any change to the nix files makes it rebuild everything
<clever> even a .swp file by vim will make it rebuild everything
<Myrl-saki> Whoops
<Myrl-saki> Lmao
<Myrl-saki> I need to fix that.
mkoenig has joined #nixos
<Myrl-saki> clever: I actually have a ~/
<Myrl-saki> clever: In another nix file. It was also funny when I did a sudo nix-build
<Myrl-saki> I'm pretty sure I spent 12 hours in the span of 3 days trying to work with nix.
<Myrl-saki> Welp. It's fun-ish anyway.
vandenoever has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] vcunat pushed 3 new commits to staging: https://git.io/v7QHu
<NixOS_GitHub> nixpkgs/staging e3d10cf Vladimír Čunát: pango: revert the doCheck = true change...
<NixOS_GitHub> nixpkgs/staging b04a77a Vladimír Čunát: wayland-protocols: 1.7 -> 1.10...
<NixOS_GitHub> nixpkgs/staging 26b7eda Vladimír Čunát: gdk-pixbuf: downgrade a bit for now...
NixOS_GitHub has left #nixos []
newhoggy_ has joined #nixos
vandenoever has joined #nixos
vandenoever has quit [(Changing host)]
vandenoever has joined #nixos
newhoggy has quit [(Ping timeout: 240 seconds)]
newhoggy_ has quit [(Ping timeout: 258 seconds)]
xd1le has joined #nixos
justan0theruser has quit [(Ping timeout: 240 seconds)]
ylwghst has joined #nixos
FRidh has joined #nixos
ThatDocsLady has joined #nixos
ylwghst has quit [(Ping timeout: 258 seconds)]
pie__ has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] FRidh pushed 3 new commits to staging: https://git.io/v7QQz
<NixOS_GitHub> nixpkgs/staging 817fdff Johannes Frankenau: pythonPackages.lxml: 3.7.2 -> 3.8.0
<NixOS_GitHub> nixpkgs/staging 791e440 Johannes Frankenau: pythonPackages.html5-parser: init at 0.4.3
<NixOS_GitHub> nixpkgs/staging d87f53b Johannes Frankenau: calibre: 3.3.0 -> 3.5.0
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] FRidh pushed 1 new commit to staging: https://git.io/v7QQ2
<NixOS_GitHub> nixpkgs/staging 62dac1b Frederik Rietdijk: Merge remote-tracking branch 'upstream/master' into HEAD
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] FRidh closed pull request #27707: calibre: 3.3.0 -> 3.5.0 (master...update-calibre) https://git.io/v7c8D
NixOS_GitHub has left #nixos []
thc202 has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] casey opened pull request #28252: services.mpd: allow configuring playlist directory (master...mpd) https://git.io/v7Q7m
NixOS_GitHub has left #nixos []
roberth has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] kamilchm opened pull request #28253: pony-stable: unstable-2017-07-26 -> 0.0.1 (master...ponyc) https://git.io/v7Q7z
NixOS_GitHub has left #nixos []
ertes-w has joined #nixos
dpino has joined #nixos
xd1le has quit [(Quit: Toodaloo padawans! 👣)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] nonsequitur opened pull request #28254: ruby docs: improve example (master...patch-5) https://git.io/v7Q5i
NixOS_GitHub has left #nixos []
goibhniu has joined #nixos
jtojnar has joined #nixos
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable advanced to https://github.com/NixOS/nixpkgs/commit/059d722e5c (from 10 hours ago, history: https://channels.nix.gsc.io/nixos-unstable)
nix-gsc-io`bot has quit [(Client Quit)]
roundhouse has joined #nixos
ShalokShalom_ is now known as ShalokShalom
Kanarme has joined #nixos
roberth has quit [(Ping timeout: 240 seconds)]
<Kanarme> hey i try to package the iota-wallet, with node2nix. if i do nix-build i will get the error "sh: rimraf: command not found" so i package rimraf, what work fine and installed it. but i get still the same error, so how i can tell nix to use rimraf? i was trying to use buildinputs, it is the right way?
kalhauge has joined #nixos
cathod has joined #nixos
<cathod> hey, is it possible to access ${stdenv.glibc} for example from bash ?
ShalokShalom has quit [(Quit: No Ping reply in 180 seconds.)]
ShalokShalom has joined #nixos
<stepcut> success at last! I have switched from Xen to KVM
cathod has quit [(Quit: Page closed)]
<rauno> another question :) how to configure tcp keepalives under nixos ?
<ben> is that a sysctl thing? https://nixos.org/nixos/options.html#sysctl ?
<rauno> ah, thx :D
<ben> np, hope it works out!
<rauno> almost found same thing but you guys were faster :)
<ben> :))
__Sander__ has joined #nixos
snikkers has joined #nixos
Kanarme has quit [(Quit: http://www.kiwiirc.com/ - A hand crafted IRC client)]
ebzzry_ has joined #nixos
<makefu> nixos/options.html is always a good starting point. most of the time it is just much faster nixos-option or grepping the source code.
<makefu> i'd love if nixos-option would support fuzzy search
taktoa has quit [(Ping timeout: 246 seconds)]
stepcut has quit [(Remote host closed the connection)]
taktoa has joined #nixos
stepcut has joined #nixos
gm152 has joined #nixos
newhoggy has joined #nixos
<MoreTea> cathod, nix-build '<nixpkgs>' -A glibc
stepcut has quit [(Ping timeout: 240 seconds)]
HurricaneHarry has joined #nixos
takle has quit [(Remote host closed the connection)]
layus has joined #nixos
takle has joined #nixos
hiberno has quit [(Quit: WeeChat 1.6)]
takle has quit [(Remote host closed the connection)]
Fannar has quit [(Ping timeout: 255 seconds)]
aliqua has quit [(Ping timeout: 260 seconds)]
layus has quit [(Client Quit)]
takle has joined #nixos
takle has quit [(Ping timeout: 248 seconds)]
schoppenhauer has quit [(Ping timeout: 248 seconds)]
<michaelpj_> makefu: you know about `man configuration.nix`, right? basically `nixos/options.html` in the terminal. I use it a ton
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/eb9f427d4e (from 4 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
nix-gsc-io`bot has quit [(Client Quit)]
hiberno has joined #nixos
newhoggy has quit [(Remote host closed the connection)]
newhoggy has joined #nixos
jensens has joined #nixos
waern has joined #nixos
mpcsh has quit [(Quit: THE NUMERICONS! THEY'RE ATTACKING!)]
<waern> Hi, is there some way to check (in nix lang) if a string has a context or not?
python476 has joined #nixos
mpcsh has joined #nixos
<layus_> waern, none that I know of. Have you looked at the builtins in nix man ?
layus_ is now known as layus
pie_ has joined #nixos
ebzzry_ has quit [(Ping timeout: 246 seconds)]
<waern> layus_: yes, I couldn't find any such function there. But I think I can do `hasStringContext = s: (builtins.unsafeDiscardContext s != s)`
astsmtl has quit [(Ping timeout: 260 seconds)]
<layus> waern, that's a nifty hack. I was looking for something that extracts the context, but your solution should work.
<waern> :-)
<layus> By the way, that builtin is not in the manual...
<layus> waern, Specifically, have you tested that `hasStringContext = s: (builtins.unsafeDiscardContext s != s)` is not always true ?
<waern> layus: it is false for strings without contexts
astsmtl has joined #nixos
astsmtl has quit [(Changing host)]
astsmtl has joined #nixos
newhoggy has quit [(Remote host closed the connection)]
<layus> waern, yep, and also false for strings with context for me
kalhauge has quit [()]
<layus> `nix-instantiate --eval --expr 'with import <nixpkgs> {}; let s = "${pkgs.hello}/lol"; in (builtins.unsafeDiscardStringContext s != s)'` => false
<layus> `nix-instantiate --eval --expr 'with import <nixpkgs> {}; let s = "lol"; in (builtins.unsafeDiscardStringContext s != s)'` => also false...
<waern> layus: Ah, yes, it doesn't seem to work here either
<waern> I had read somewhere that == on strings took string contexts into account
takle has joined #nixos
taktoa has quit [(Remote host closed the connection)]
waern has quit [(Ping timeout: 246 seconds)]
waern has joined #nixos
ebzzry_ has joined #nixos
schoppenhauer has joined #nixos
Wizek_ has joined #nixos
ylwghst has joined #nixos
<viric> (
waern has quit [(Quit: leaving)]
bennofs has joined #nixos
gnuhurd has joined #nixos
<makefu> michaelpj_: yes i know about `man configuration.nix` but it is not as nearly as convenient as the website. especially when you are not 100% sure what you are searching for.
ison111 has quit [(Ping timeout: 258 seconds)]
phinxy has joined #nixos
roberth has joined #nixos
sellout- has joined #nixos
<LnL> lol, so I have a go binary that panics because we remove the references to it's source
sellout- has quit [(Client Quit)]
Infinisil has joined #nixos
roundhouse has quit [(Ping timeout: 260 seconds)]
eschnett has joined #nixos
eschnett has quit [(Client Quit)]
eschnett has joined #nixos
bennofs has quit [(Quit: WeeChat 1.9)]
python476 has quit [(Remote host closed the connection)]
sellout- has joined #nixos
python476 has joined #nixos
kiloreux has joined #nixos
bennofs1 has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] kiloreux opened pull request #28256: exiftool from 10.55 -> 10.60 (master...exiftool) https://git.io/v77Ox
NixOS_GitHub has left #nixos []
Wizek__ has joined #nixos
Infinisil has quit [(Read error: Connection reset by peer)]
TMVector has quit [(Ping timeout: 260 seconds)]
eschnett has quit [(Quit: eschnett)]
betaboon has joined #nixos
betaboon has quit [(Changing host)]
betaboon has joined #nixos
Wizek_ has quit [(Ping timeout: 248 seconds)]
Wizek has joined #nixos
gnuhurd has quit [(Remote host closed the connection)]
<__Sander__> hoorray
<__Sander__> finally I've managed to get a simple NPM registry dependency deployed in a Nix expression
<__Sander__> with NPM 5.x
<__Sander__> still a long way to go, but this is a good first step
freusque has joined #nixos
gnuhurd has joined #nixos
<gchristensen> nice, __Sander__!
<__Sander__> gchristensen: sad thing is that I have to reengineering node2nix again
<__Sander__> the old approach will no longer work
<__Sander__> we require a complete new approach
<gchristensen> ugh
<__Sander__> in which we have to cope with the cache
<__Sander__> I have created a script that uses the cacache and pacote APIs
<LnL> fun...
<gnuhurd> I use this inside of my systemPackages: (emacsWithPackages (with emacsPackagesNg; [ erlang ]))
<__Sander__> I can use the packge-lock.json to determine which dependencies we exactly need
<gnuhurd> yet when I open Emacs, and (require 'erlang-start) it doesn't load. any idea what to do? it worked previously when I installed nix-mode
<__Sander__> in the builder I use the cacache API to populate the cache myself
<__Sander__> then I run npm in offline mode
dynamicudpate has quit [(Quit: Leaving)]
thblt has quit [(Ping timeout: 246 seconds)]
iyzsong has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] edolstra pushed 1 new commit to staging: https://git.io/v77Z1
<NixOS_GitHub> nixpkgs/staging 9eb901b Eelco Dolstra: Merge remote-tracking branch 'origin/gcc-6' into staging
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] edolstra deleted gcc-6 at 505e942: https://git.io/v77Z9
NixOS_GitHub has left #nixos []
<gchristensen> gnuhurd: I think it should be emacsWithPackages (epkgs: [ epkgs.erlang ])
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to master: https://git.io/v77Zp
<NixOS_GitHub> nixpkgs/master 3c136e5 Rickard Nilsson: dpkg: 1.18.18 -> 1.18.24...
NixOS_GitHub has left #nixos []
<srhb> Has anyone gotten Rise of Industry to run on NixOS? Trying to package it up, but seeing a blue screen and then crash on startup.
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to release-17.03: https://git.io/v77Zj
<NixOS_GitHub> nixpkgs/release-17.03 51a8326 Rickard Nilsson: dpkg: 1.18.18 -> 1.18.24...
NixOS_GitHub has left #nixos []
Wizek has quit [()]
Wizek has joined #nixos
<layus> waren, you can detect if a string has a context by producing errors:
<layus> `nix-instantiate --eval --expr 'with import <nixpkgs> {}; let s = "${pkgs.hello}/lol"; in { ${s} = 5; }'`
thetet has joined #nixos
erictapen has joined #nixos
cpennington has joined #nixos
justan0theruser has joined #nixos
Phillemann has joined #nixos
<Phillemann> I'm trying to nixos-rebuild switch --upgrade, but compiling some package fails. From the console output, I'm not sure _which_ package that is, however.
<Phillemann> Ah, wait, I missed some lines of output telling me which one.
<Phillemann> Okay, so it's noto-fonts-emoji. Can I somehow just update this one package (to isolate the failure)?
gnuhurd has quit [(Remote host closed the connection)]
gnuhurd has joined #nixos
<Phillemann> Or maybe the package with its closure.
gm152 has quit [(Ping timeout: 246 seconds)]
<srhb> Phillemann: Sure, nix-env or nix-build
<srhb> nix-build '<nixpkgs>' -A noto-fonts-emoji
roundhouse has joined #nixos
<Phillemann> Ah, thanks!
<srhb> Phillemann: Looks like a segfault in optipng...
<srhb> Fun.
<Phillemann> I'm creating an issue for that right now.
<srhb> Hm, maybe not related
<srhb> Yeah, probably not.
Mateon4 has joined #nixos
<srhb> Actually yes, it seems to crash no matter what I do.
<Phillemann> #28259
justbeingglad has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to release-17.03: https://git.io/v77W3
<NixOS_GitHub> nixpkgs/release-17.03 5096e3b Eelco Dolstra: elfutils: 0.168 -> 0.169...
NixOS_GitHub has left #nixos []
Mateon3 has quit [(Ping timeout: 258 seconds)]
Mateon4 is now known as Mateon2
<gnuhurd> so now I have `(emacsWithPackages (epkgs: [ erlang ]))', and it still doesn't work
<gnuhurd> with what I had before but instead of erlang, I had nix-mode, nix-mode worked perfectly and I could require it from my init file
gnuhurd has left #nixos ["Killed buffer"]
gnuhurd has joined #nixos
justbeingglad has left #nixos []
<srhb> gnuhurd: Did you mean epkgs.erlang?
mbrgm_ has joined #nixos
<gnuhurd> oh... right
gnuhurd has quit [(Remote host closed the connection)]
<mbrgm_> hey! does someone have an explanation for why `nix-build '<nixpkgs>' -A libproxy` fails for me on latest nixos-unstable, while building inside a shell by invokin the individual build phases succeeds?
<srhb> mbrgm_ Does it work with nix-shell --pure ?
gnuhurd has joined #nixos
<gnuhurd> that still didn't work, I can't (require 'erlang-start)
<srhb> mgrgm_: It builds correctly for me on 17.09.git.059d722 (Hummingbird)
newhoggy has joined #nixos
<mbrgm_> srhb: yeah, also works with --pure
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] peterhoeg pushed 1 new commit to master: https://git.io/v77W9
<NixOS_GitHub> nixpkgs/master 806af3d Peter Hoeg: syncthing: 0.14.32 -> 0.14.36
NixOS_GitHub has left #nixos []
<gchristensen> mbrgm_: what happens?
<mbrgm_> oh shsh, I'm sorry :-/... rebased a custom branch after pulling and was on that branch
<mbrgm_> damn ^^
<mbrgm_> srhb: thx for pointing me to chech the hash!
<srhb> mbrgm_ :-) Happy to help.
nh2 has joined #nixos
<srhb> gnuhurd: I cannot reproduce that.
<srhb> gnuhurd: I did this: nix-shell -p 'pkgs.emacsWithPackages (epkgs: [ epkgs.erlang ])'
<srhb> gnuhurd: Afterwards I can (require 'erlang-start)
<srhb> gnuhurd: Without epkgs.erlang, it fails (as expected)
<srhb> gnuhurd: I'm on nixos-unstable, for the record.
<gnuhurd> I am on nixos-unstable as well, I put this line in my environment.systemPackages part in /etc/nixos/configuration.nix
<srhb> gnuhurd: Which line?
<gnuhurd> (emacsWithPackages (epkgs: [
<gnuhurd> epkgs.erlang
<gnuhurd> ]))
<mbrgm_> humm... breakage occured after cherry-picking 748589bf60feb00f54c325503e87771754bdc044 onto nixos-unstable
<srhb> gnuhurd: Are you shadowing that emacs with another emacs perhaps?
<mbrgm_> FRidh: ^
eschnett has joined #nixos
<gnuhurd> that might be a problem srhb
ylwghst has quit [(Ping timeout: 248 seconds)]
<gnuhurd> I have another emacs in my environment.systemPackages
<srhb> gnuhurd: Sounds likely then, yes. :)
<gnuhurd> alright, I'll try it and come back to thank you
gnuhurd has quit [(Remote host closed the connection)]
gnuhurd has joined #nixos
<gnuhurd> okay, that worked, thanks :-)
mbrgm has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
mbrgm has joined #nixos
<srhb> gnuhurd: Great! :-)
Phillemann has left #nixos ["WeeChat 1.9"]
newhoggy has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to master: https://git.io/v774i
<NixOS_GitHub> nixpkgs/master 129f8d7 Rickard Nilsson: kibana: 4.6.0 -> 4.6.5...
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to release-17.03: https://git.io/v774D
<NixOS_GitHub> nixpkgs/release-17.03 10f0290 Rickard Nilsson: kibana: 4.6.0 -> 4.6.5...
NixOS_GitHub has left #nixos []
ona has joined #nixos
bennofs1 has quit [(Ping timeout: 240 seconds)]
Infinisil has joined #nixos
bennofs1 has joined #nixos
reinzelmann has quit [(Quit: Leaving)]
rauno has quit [(Ping timeout: 246 seconds)]
ThatDocsLady is now known as ThatDocsLady_nom
peacememories has joined #nixos
newhoggy has joined #nixos
<Infinisil> LnL: I didn't know about your nix docker image, nice!
<LnL> that reminds me, I should update it
mbrgm has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
newhoggy has quit [(Ping timeout: 240 seconds)]
<Infinisil> LnL: How is the size of it?
python476 has quit [(Ping timeout: 240 seconds)]
<Infinisil> You mention that your image looks a lot more like NixOS, in what sense does it not?
mbrgm has joined #nixos
justelex has joined #nixos
<Infinisil> I should probably just look at it myself tbh
<LnL> the nixos/nix image is just alpine + nix
<LnL> mine doesn't have stuff in global stuff except for /bin/sh and /usr/bin/env
<Infinisil> LnL: Hmm, where is the source of this base image? I can't find it in your repo
mbrgm_ has quit [(Quit: WeeChat 1.9)]
<Infinisil> The thing that actually installs nix & co.
<LnL> it's generated by nix and uses the dockerTools :D
<Infinisil> Oh lol
bennofs1 has quit [(Ping timeout: 246 seconds)]
jensens has quit [(Ping timeout: 240 seconds)]
<Infinisil> LnL: I somehow still don't fully grasp docker images. But Would it be possible to have a full NixOS running in docker?
<LnL> systemd doesn't work in docker
bfrog has joined #nixos
<Infinisil> Ahh, so docker is just some half-baked VM, for running single programs
ona has quit [(Quit: ...)]
newhoggy has joined #nixos
<catern> Infinisil: though keep in mind that other container mechanisms do support running a full NixOS. but Docker restricts itself to "application containers", i.e. a terrible hack that people who don't use Nix use to manage their dependencies :)
newhoggy has quit [(Ping timeout: 240 seconds)]
<catern> for a single application at a time
<catern> (which might be multiple processes)
<Infinisil> I see
<Infinisil> What other container mechanisms are you talking about?
bgamari has quit [(Quit: ZNC - http://znc.in)]
freusque has quit [(Ping timeout: 260 seconds)]
freusque has joined #nixos
newhoggy has joined #nixos
ebzzry_ has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] rickynils pushed 1 new commit to release-17.03: https://git.io/v77uF
<NixOS_GitHub> nixpkgs/release-17.03 65752b2 Franz Pletz: sudo: 1.8.20p1 -> 1.8.20p2...
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 240 seconds)]
bfrog has quit [(Quit: WeeChat 1.9)]
vandenoever has quit [(Ping timeout: 276 seconds)]
<catern> Infinisil: rkt and lxc are two
<catern> Infinisil: containers that can run systemd (and in general are equivalent in power to a full VM) are sometimes called "operating system containers"
<dash> docker is, in general, a poor man's substitute for nix ;)
<Infinisil> catern: Then what's the difference between a VM and such a container?
<dash> Infinisil: a VM simulates an entire machine
<dash> containers just provide some separate namespaces for processes to use
<dash> same kernel, no significant security isolation, etc
<Infinisil> Hmm alright, are there any significant downsides to containers then?
newhoggy has joined #nixos
<Infinisil> I guess less flexibility
<Infinisil> Alright I got it
<Infinisil> Gonna use nixos containers while in nixos land :D
bgamari has joined #nixos
<catern> all of this is silliness though :) IMO Nix replaces containers for the most part :) just need to pair it with a sandboxing story
<Infinisil> Yeah, I'm more thinking about other operating systems
<catern> dash: containers are fairly significant security isolation - much more than regular processes at the moment, unfortunately...
<gchristensen> "containers" is not a bad word
rauno has joined #nixos
<gchristensen> divorce "container" from "docker"
newhoggy has quit [(Ping timeout: 246 seconds)]
<catern> IMO it is a bad word :) I prefer Nix-like things for application deployment, and more granular sandboxing for security (like capability security things like Capsicum/CloudABI). unfortunately while Nix is ready for production, the latter is not
<catern> so we have to use the poorly designed "container" idea
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<Infinisil> I had a problem some months ago: University distributed a full Ubuntu VM to run jdk6 and 2 libraries, because they didn't know any better
<Infinisil> I was pretty new to nix at that time, so I sadly wasn't able to write a nix expression for it
<Infinisil> And I didn't know much docker, so I couldn't do that either
<Infinisil> It needs to run on windows as well
newhoggy has joined #nixos
<Infinisil> If something happened again, I'd use LnL's nix docker image, best of both worlds (portability + nix)
bennofs1 has joined #nixos
<Infinisil> Oh and their VM was 3GB.. and super friggin slow to run on my poor laptop, it was horrible and I was so discouraged that I avoided it as much as I could
erictapen has quit [(Remote host closed the connection)]
<Infinisil> Oh and something else: jdk6 doesn't exist in nix..
<LnL> gchristensen: well it's pretty overloaded since people it's used for both the image format and the execution sandbox
erictapen has joined #nixos
<gchristensen> yeah :/
newhoggy has quit [(Ping timeout: 246 seconds)]
<hodapp> I still end up having to use Docker to run things that just don't play nice or are royal pains to install because they want to be like an octopus with its tentacles all over every part of the system
MercurialAlchemi has quit [(Ping timeout: 258 seconds)]
<adisbladis> catern: You can apply pretty much all of what container solutions provide via systemd units :)
<adisbladis> A well written systemd unit file is not that far from being a container
<Infinisil> I really need to have a closer look at systemd unit files, it seems they are pretty powerful
* hodapp goes to make popcorn for the ensuing systemd argument
newhoggy has joined #nixos
<hodapp> adisbladis: but how much can one isolate in a systemd unit file?
<adisbladis> hodapp: Pretty damn much. You can do syscall filtering, private tmp, protecting readable/writeable directories (basically giving the process its complete own view of the system), setting up capabilities, doing all the normal cgroup things like process and memory limitations
<adisbladis> Granular access to devices etc etc
newhoggy has quit [(Ping timeout: 260 seconds)]
freusque has quit [(Quit: WeeChat 1.7.1)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] joachifm pushed 2 new commits to master: https://git.io/v77wk
<NixOS_GitHub> nixpkgs/master c27f692 Chris Hodapp: opencv: Add optional Tesseract support
<NixOS_GitHub> nixpkgs/master 16f6913 Joachim F: Merge pull request #27011 from Hodapp87/opencv_tesseract...
NixOS_GitHub has left #nixos []
<Infinisil> adisbladis: Whoa, how does it do the directory thing? (And how do I google that?)
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] zimbatm pushed 1 new commit to master: https://git.io/v77wt
<NixOS_GitHub> nixpkgs/master aa60296 zimbatm: direnv: 2.10.0 -> 2.12.2
NixOS_GitHub has left #nixos []
<Infinisil> Lol, I just was on the same page, a few paragragh above
<Infinisil> Interesting
Capprentice has joined #nixos
<adisbladis> Infinisil: You have a few pretty nice "shortcuts" like ProtectSystem, ProtectHome and PrivateTmp too
newhoggy has joined #nixos
iyzsong has quit [(Quit: bye.)]
<hodapp> woohoo! my tesseract support was merged into OpenCV, weeks after I stopped needing it :P
<Infinisil> adisbladis: Whoa nice
<hodapp> ah, now that I think about it, don't NixOS containers do basically this with systemd?
felipedvorak has quit [(Ping timeout: 246 seconds)]
<Infinisil> hodapp: \o/
<shapr> hodapp: oh hi!
<adisbladis> hodapp: nixos-container uses systemd-nspawn iirc
* hodapp stares at the wall and pretends to not know shapr
* shapr is sad
<hodapp> shapr: o hai!
<mog> shapr, stop FOLLOWING ME
<shapr> mog: aw man, you too?
<mog> ive been nix for just over 2 years now
Isorkin has joined #nixos
<shapr> I'm thinking about switching
<Infinisil> What the hell is going on here, what did you do shapr ?
<hodapp> he probably started another group or something
<hodapp> he's always starting groups
<gchristensen> shapr: keep following! bring your friends!
* adisbladis is confused, but it's all good
<shapr> I haven't started a nixOS group, I'm still experimenting
<Infinisil> What do you mean by a 'group'/
<Infinisil> ?*
<adisbladis> I just deployed our first nixos thingy at work the other day :)
<Isorkin> Hi. Latest build programs.zsh.enableCompletion - not work. How to fix?
newhoggy has quit [(Ping timeout: 255 seconds)]
<shapr> Infinisil: I have a habit of starting in-person groups, for all kinds of things.
<shapr> and IRC channels, and that sort of thing
<Infinisil> Heh I see
<hodapp> he MIGHT have started #haskell
bgamari has quit [(Quit: ZNC - http://znc.in)]
<Infinisil> Isorkin: What doesn't work exactly?
<gchristensen> adisbladis: oh dang, awesome!
tvon has joined #nixos
<shapr> I fired up a NixOS vm, that was ok.. then I tried NixOS in docker
<gchristensen> adisbladis: what was it? will your company write about it?
<gchristensen> adisbladis: (hint: they should!)
<adisbladis> gchristensen: I think we might :)
<adisbladis> It's a prive ethereum consortium
<mog> shapr, just try nix on your box direct, then convert to nixos later
<shapr> mog: I have a slot for another drive, why not put nixos on that?
<mog> that works too
bgamari has joined #nixos
<mog> i tried nix as a package manager a bit and then wiped debian later
newhoggy has joined #nixos
* Infinisil has said he's gonna wipe osx off his main disk for weeks now
bgamari has quit [(Client Quit)]
<shapr> Does nixos use systemd?
<Infinisil> yes
Capprentice has quit [(Ping timeout: 246 seconds)]
<Isorkin> indefini: http://pastebin.ru/fMGrZBAH - I copy the working file zshrc_work to /etc/zshrc - programs.zsh.enableCompletion - worked
Infinisil is now known as indefini1
dbe_ has quit [(Ping timeout: 240 seconds)]
newhoggy has quit [(Ping timeout: 246 seconds)]
<Ankhers> Does anyone have experience using NixOS on a MBP?
<Ankhers> More precisely, actually removing the OSX partition and giving NixOS the full disk?
<indefini1> Isorkin: Did you copy a file manually to there? :O
<indefini1> Ankhers: Ahh, yes I'm planning to do that
bgamari has joined #nixos
<hodapp> shapr: I switched back in December and it's mostly been great
felipedvorak has joined #nixos
<hodapp> though it has also done a good job at finding builds that are completely awful
<shapr> huh?
<indefini1> Ankhers: Shouldn't be a problem if you don't mind losing OSX
<hodapp> shapr: 'huh' to what?
<adisbladis> I would keep OSX around for firmware updates and such
<Isorkin> indefini: yes - sudo rm /etc/zshrc || sudo cp ~/zshrc_work /etc/zshrc and restart zsh
<adisbladis> Iirc it needs about 15G or something like that
<shapr> hodapp: what does that mean? it did a good job and finding builds that are awful?
<Ankhers> That kinda sucks. I guess I will give OSX some space then and just dual boot.
<indefini1> adisbladis: Ankhers: I have osx installed on an external disk, that shouldn't prevent firmware updates, right?
<hodapp> shapr: Nix runs builds in environments where a lot of builds that do silly things tend to break
<shapr> ohh
<Ankhers> But I first need to find a decent setup. I haven't used linux as a main computer in years :(
<adisbladis> indefini1: As long as you can boot it its fine
<hodapp> e.g. try to write files all over the place, try to access stuff on the Internet when they should only be compiling
Kingsquee has joined #nixos
<hodapp> do ad-hoc dependency management
<shapr> now I'm even more interested
<indefini1> adisbladis: Alright then, full nixos disk it shall be then
<hodapp> shapr: it's interesting except when you just need things to work :|
<indefini1> But, I have a MacBook Air from 2012, I doubt there's gonna be much firmware upgrades
<shapr> yeah, that's why I'm a bit wary
<hodapp> it doesn't come up much with me, and I do still have the option of just running it in a container or *not* packing something up neatly as a proper Nix build
<indefini1> Isorkin: That's totally not what you should do. You can just use the users zsh config dir
<hodapp> but I tend to try to solve it properly
newhoggy has joined #nixos
<indefini1> Isorkin: That is, ~/.zshrc, that file gets sourced by zsh automatically by default
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dtzWill opened pull request #28261: busybox: 1.26.2 -> 1.27.1, fix bootstrap (master...fix/busybox-1.27-bootstrap) https://git.io/v77Kd
NixOS_GitHub has left #nixos []
indefini1 is now known as Infinisil
<catern> adisbladis: yes, that's true, systemd is a really great way to get isolation/sandboxing without a full container... but my issue is that it only works for system services - you can't use systemd as an unprivileged user
bgamari has quit [(Quit: ZNC - http://znc.in)]
<mog> shapr, i have had 0 real problems running on stable
<Isorkin> indefini: ~/zshrc_work copied from other coinfiguration build
<adisbladis> catern: You can run systemd user units
newhoggy has quit [(Ping timeout: 240 seconds)]
<Infinisil> Isorkin: Can you show your relevant config and stuff that might be helping us debug?
<adisbladis> All the nice security facilities might not be available. I don't really know.
ylwghst has joined #nixos
<Infinisil> adisbladis: I recently found out that namespaces can be created by non-privileged users, so I think it might still be possible
<Isorkin> indefini: http://pastebin.ru/ZxwDi4Xu
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] fpletz pushed 1 new commit to master: https://git.io/v776E
<NixOS_GitHub> nixpkgs/master 2a0c6c7 Yann Hodique: dns-root-data: 2017-07-11 -> 2017-07-26
NixOS_GitHub has left #nixos []
<adisbladis> Infinisil: Yes quite a lot should be available, but capabilities for example reasonably shouldnt
<catern> adisbladis: they don't have the security things
<catern> any of them
<catern> at least without user namespaces being enabled
<catern> but user namespaces are mega-insecure
<Infinisil> catern: How so?
<bennofs1> Infinisil: most applications don't expect them
magnetophon has joined #nixos
ison111 has joined #nixos
<bennofs1> Infinisil: for example, you can fake paths with userns + unsharing the mount namespace (allowing the user to do chroot)
<Infinisil> Isorkin: And why do you copy the file manually?
<Infinisil> This should all be managed by nixos
<Infinisil> bennofs1: Ohh, I'm actually doing that for something
proteusguy has quit [(Remote host closed the connection)]
<Isorkin> indefini: I do not know how to fix the error in the config
<Infinisil> Isorkin: Which error?
<magnetophon> is it possible to do "nixos-rebuild switch -p profileName -I nixos-config=/config" without making it the default boot? So IOW: just build and put it in the GRUB sub-menu.
<Isorkin> Infinisil: not work autocompletion
proteusguy has joined #nixos
<avn> magnetophon: boot -- add to menu w/o switch, test -- switch without modify boot menu
<avn> switch does both
python47` has joined #nixos
<Infinisil> magnetophon: And there's also --install-bootloader (don't know exactly what it does though)
erictapen has quit [(Ping timeout: 255 seconds)]
newhoggy has joined #nixos
<adisbladis> catern: TIL. Did not know they are not available.
<magnetophon> avn, Infinisil: thanks. but what I mean is: when you switch (and presumably also when you boot) with a "-p" flag, to put it in a GRUB submenu, it also gets added to the grub main menu, so IOW it becomes the default boot. I don't want that, I want it only in the submenu. Is that possible?
<Infinisil> magnetophon: I think you need grub.extraEntries for that
newhoggy has quit [(Ping timeout: 240 seconds)]
<magnetophon> Infinisil: I know that as a way to put other distros in GRUB. can you also link that to a NixOS build?
<Infinisil> magnetophon: I'm 70% certain that's possible, but I don't know how. Since the system should be just another derivation, it should also have an $out path somewhere, and that's where the initrd and stuff is located, which I think the grub entries need
nix-gsc-io`bot has joined #nixos
<joepie91> very much worth a watch for those interested in OS-level security and isolation: https://www.youtube.com/watch?v=Nr2h9eigpqA -- tl;dr, Genode, an OS that implements capability-based security throughout (with processes requesting resources and permissions from their parent processes, with the parents being responsible for delegated resources/permissions), allowing for isolation and/or restrictions at arbitrary levels
<nix-gsc-io`bot> Channel nixos-17.03 advanced to https://github.com/NixOS/nixpkgs/commit/51a83266d1 (from 3 hours ago, history: https://channels.nix.gsc.io/nixos-17.03)
nix-gsc-io`bot has quit [(Client Quit)]
<joepie91> ~25 minute presentation
* Infinisil puts that video on his Watch Later list
newhoggy has joined #nixos
ixxie has joined #nixos
newhoggy has quit [(Ping timeout: 255 seconds)]
dbe has joined #nixos
vandenoever has joined #nixos
vandenoever has quit [(Changing host)]
vandenoever has joined #nixos
zraexy has joined #nixos
newhoggy has joined #nixos
newhoggy has quit [(Ping timeout: 248 seconds)]
bgamari has joined #nixos
newhoggy has joined #nixos
snikkers has quit [(Ping timeout: 258 seconds)]
newhoggy has quit [(Ping timeout: 255 seconds)]
afics has quit [(Quit: afics)]
ij has quit [(Ping timeout: 240 seconds)]
afics has joined #nixos
bgamari has quit [(Ping timeout: 240 seconds)]
<michalrus> So I removed a partition which UUID is listed in boot.filesystems… And now I’m stuck in a ‘you’re in an emergency mode’ loop. :\ When I run `systemd default`, it gets back to emergency mode after ~2 minutes. To little to do nixos-rebuild without that line.
<michalrus> What to do? :/
<mog> michalrus, what if you boot an older revision and fix it?
<michalrus> I had this partition from the very beginning…
<michalrus> But why does it loop back to ‘welcome to emergency mode’ message after 2 minutes? I’m in the middle of fixin’ it, goddamit! =)
<Infinisil> michalrus: Why are you rebooting while it's not fixed?
<michalrus> I’m not. It’s doing it on its own. Somehow.
python47` has quit [(Remote host closed the connection)]
<michalrus> But not full reboot, just back to ‘you’re in an emergency mode’ message.
newhoggy has joined #nixos
<Infinisil> Wait, are you removing a partition currently in use by the system?
<michalrus> And most services get restarted.
<michalrus> No.
* Infinisil doesn't really understand the problem
<michalrus> Me neither, TBH.
<michalrus> :c
<catern> Infinisil: user namespaces allow you to make your unprivileged user appear as root and have access to a few extra root-only functionalities. that is the intended use case, but it has had a ton of security problems in the kernel, where other syscalls were not properly checking your *real* credentials, but only your apparent (root) credentials, so you got access to those syscalls
<michalrus> Infinisil: I physically removed a partition which is still listed in configuration.nix. The system won’t boot.
<michalrus> More/less.
python476 has joined #nixos
<Infinisil> catern: Hmm, does that mean a program that uses this functionality, run with user privileged, has access to certain syscalls as root?
<Infinisil> Because that could be literally any program
ij has joined #nixos
<catern> Infinisil: yes
<Infinisil> michalrus: Well that does seem like something that could give you problems, there's systemd targets and stuff made for these filesystems
<michalrus> Indeed, so how to fix this, if *for some reason* it keeps throwing me out of emergency console, and getting back to the ‘welcome to emergency mode’ message?
<Infinisil> catern: That seems very bad, but why isn't this seemingly huge security hole fixed? Or is it already?
<michalrus> That loop seems pretty useless. :)
newhoggy has quit [(Ping timeout: 246 seconds)]
<Infinisil> michalrus: You could boot from an usb stick :)
<michalrus> This is a very strange laptop, it won’t. :\
<Infinisil> michalrus: How did you install nixos on it?
<michalrus> Gets stuck on some kernel line.
<michalrus> Infinisil: by taking the drive out. :P
<michalrus> But it’s a lot of work.
<Infinisil> Oh damn
<michalrus> Yeah…
<Infinisil> I also had problems with certain usb disks before, some of them work, some of them don't
erasmas has joined #nixos
<michalrus> +
jmeredith has joined #nixos
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-17.03-small advanced to https://github.com/NixOS/nixpkgs/commit/65752b2d04 (from 2 hours ago, history: https://channels.nix.gsc.io/nixos-17.03-small)
nix-gsc-io`bot has quit [(Client Quit)]
<catern> Infinisil: some syscalls that can currently be only used as root, are actually safe for unprivileged users to use, as long as they are used in the slightly-restricted environment of a user namespace. for example, setuid executables don't function inside user namespaces, and you can't ptrace things outside the usernamespace. those are two restrictions that make things safer.
<catern> but other syscalls are always unsafe even with those restrictions
<Infinisil> michalrus: Does rollback not work?
<catern> those are the ones that should not be allowed, but were accidentally allowed
<michalrus> Infinisil: I don’t have a system build that didn’t have this partition configured.
<michalrus> It was there from the very beginning.
<Infinisil> michalrus: Ahh, so you actually deleted the disk, fully?
<michalrus> The partition, yes.
<Infinisil> catern: Nice to know, thanks
<michalrus> Without first updating configuration.nix.
<Infinisil> michalrus: Hmm, I'm no data recovery specialist, but I feel like it should be possible to get the partitioning table back somehow
<michalrus> But I don’t want it, at all. I deleted it purposefully. =) I just want my system to boot back. It wasn’t /, just some /mnt/randomStuff
<Infinisil> Oh, and you have no normal command line in recovery mode?
endformationage has joined #nixos
<Infinisil> (I can't remember what recovery mode exactly is and what it allows you to do)
<michalrus> I do. For 90 seconds. Too little to nixos-rebuild to succeed. :/
<michalrus> Almost anything. But it loops after 90 seconds. Kills the recovery console and everything running in it (nixos-rebuild).
<Infinisil> Why only 90 seconds?
<Infinisil> Ah that's the problem
<michalrus> Yes.
<michalrus> > However dev-sda10.device never appears, so eventually (after 90 seconds, IIRC) it times out and systemd-fsck@dev-sda10.service fails.
<michalrus> Crazy.
ylwghst has quit [(Ping timeout: 246 seconds)]
<Infinisil> Maybe there's a way to modify that systemd unit, e.g. stop it or smth
<michalrus> I tried that first. :(
ylwghst has joined #nixos
M1k3y has joined #nixos
<Infinisil> michalrus: No idea then
<Infinisil> Maybe ask #linux :P
<michalrus> They’ll tell me to modify /etc/fstab or remove some systemd symlinks to the mount unit.
<michalrus> Can’t do that on NixOS.
<michalrus> :c
erictapen has joined #nixos
phreedom has joined #nixos
<Infinisil> Well, you might be able to do that actually. You can write to /etc as root, and /nix/store can be made writable too iirc
<michalrus> All in 90 s.
<Infinisil> nix.readOnlyStore is the option, but it requires a rebuild, hmm
* michalrus considering going for the screwdriver
<Infinisil> Might be your best option, or try with a different usb drive
<michalrus> #imanengineer
roberth has quit [(Ping timeout: 240 seconds)]
Lyric has joined #nixos
Lyric has left #nixos ["Leaving"]
digitus has joined #nixos
<Infinisil> I want a bot here that evaluates nix
<disasm> haha, that would be pretty cool :)
<Infinisil> `nix-instantiate --eval -E '(n: "That would be pretty ${n} indeed!") "cool"'`
<Infinisil> "That would be pretty cool indeed!"
newhoggy has joined #nixos
Capprentice has joined #nixos
stepcut has joined #nixos
ison111 has quit [(Ping timeout: 246 seconds)]
newhoggy has quit [(Ping timeout: 255 seconds)]
ThatDocsLady_nom has quit [(Quit: Arma-geddin-outta-here!)]
<Infinisil> This works decently well: /alias nix say $*; exec -o - nix-instantiate --eval -E '$*';
<Infinisil> (import <nixpkgs> {}).bash.meta.description
<Infinisil> "GNU Bourne-Again Shell, the de facto standard shell on Linux"
nwuensche has joined #nixos
<nwuensche> Hello everybody! I installed NixOS now on my system, but I can't get audio working
<nwuensche> Which alsa packages do I have to install?
<sphalerite> nwuensche: try enabling pulseaudio in the system configuration
<clever> Infinisil, michalrus: manualy editing things in the nix store will break a lot of things
<nwuensche> sphalerite: What do I have to add?
<clever> nwuensche: https://nixos.org/nixos/options.html#hardware.pulseaudio
newhoggy has joined #nixos
<michalrus> clever: I’ll just run nixos-install on that drive. :p
betaboon has quit [(Quit: This computer has gone to sleep)]
hotfuzz_ has joined #nixos
newhoggy has quit [(Ping timeout: 260 seconds)]
hotfuzz has quit [(Ping timeout: 246 seconds)]
zeus_ has joined #nixos
zeus_ has quit [(Remote host closed the connection)]
zeus_ has joined #nixos
simukis_ has quit [(Ping timeout: 246 seconds)]
bgamari has joined #nixos
ertes-w has quit [(Ping timeout: 240 seconds)]
bgamari has quit [(Client Quit)]
__Sander__ has quit [(Quit: Konversation terminated!)]
newhoggy has joined #nixos
<Ankhers> Infinisil: That should be fairly easy to build, no? (the bot)
justelex has quit [(Ping timeout: 246 seconds)]
Mercuria1Alchemi has joined #nixos
Sonarpulse has joined #nixos
ison111 has joined #nixos
goibhniu has quit [(Ping timeout: 240 seconds)]
newhoggy has quit [(Ping timeout: 248 seconds)]
<Infinisil> Ankhers: I have no idea how to integrate it into this channel
seagreen has quit [(Ping timeout: 246 seconds)]
<Infinisil> But the bot itself would be pretty trivial
<Ankhers> Maybe I will throw one together in the next couple days. I would need permission from at least one of the channel ops to put it in here though.
freusque has joined #nixos
<Infinisil> Ankhers: Nice :D You have experience with this then?
thblt has joined #nixos
<Ankhers> Kinda, not really. I haven't done anything "production" with it, but I have toyed with things in the past.
<srhb> I had a slack bot lying around that evaluated haskell. Though I guess there is no evaluator for nix aside from the nix tools.
<Ankhers> But it should be as simple as getting an IRC connection, connecting to different channels, and then listen for messages that start with a certain character, like `> 4 + 4` or something simple.
<srhb> It would be nice if one could use it "as a library"
<Infinisil> Ankhers: Probably "!" instead, > is often used for quoting
<Ankhers> Yeah, it was just an example.
<Ankhers> It doesn't matter what the first char is really.
<Infinisil> srhb: What do you mean by as a library?
nwuensche has quit [(Quit: Leaving)]
[0x4A6F] has joined #nixos
frankpf has joined #nixos
<srhb> Infinisil: I meant, in Haskell I could just import some libraries that allowed me to evaluate a String as Haskell code itself. If Nix could work as a library like that, it would be really easy to do something like this :)
<frankpf> is it possible to redefine an option?
<srhb> frankpf: Generally no.
<frankpf> I'm running NixOS on EC2 and I'm trying to redefine services.sshd.permitRootLogin
<sphalerite> srhb: that exists, it's just a C++ library :p
<frankpf> but it's already defined in <nixpkgs/nixos/modules/virtualisation/amazon-image.nix>
<frankpf> can I edit that file?
<srhb> sphalerite: Oh, nice. Though c++ bindings are difficult :(
<frankpf> or should I keep my config in /etc/nixos/configuration.nix
<Infinisil> sphalerite: srhb: Or hnix, a haskell module for nix :D
<sphalerite> frankpf: you can override that setting using mkForce
<srhb> Infinisil: Isn't that mostly syntactic?
<srhb> Infinisil: Huh, apparently not. Cool!
<Infinisil> srhb: It can evaluate too
<sphalerite> frankpf: e.g. `services.sshd.permitRootLogin = lib.mkForce false;`
<frankpf> sphalerite: Thanks
Mercuria1Alchemi has quit [(Ping timeout: 246 seconds)]
<Infinisil> srhb: But I think for this bot a simple `nix-instantiate` should be enough
<srhb> Indeed.
<Infinisil> I'll go eat, bbl
<frankpf> sphalerite: But then nixos-rebuild complains about lib being undefined
<clever> frankpf: add lib to the arguments on line 1 of the file
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] NeQuissimus opened pull request #28263: linux-copperhead: 4.12.5.a -> 4.12.7.a (master...copperhead_4_12_7_A) https://git.io/v77Fy
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] NeQuissimus closed pull request #28263: linux-copperhead: 4.12.5.a -> 4.12.7.a (master...copperhead_4_12_7_A) https://git.io/v77Fy
NixOS_GitHub has left #nixos []
<M1k3y> Hello, just getting started with nixos. I want a script to run every time the config changes. Tried using activationScripts. The script executes, but it can't find the tool "tar". When running manually it works. What am I missing here?
<ToxicFrog> M1k3y: activation scripts (and scripts in configuration.nix in general) don't run with the same $PATH you have as a user.
<clever> michalrus: what are you trying to do with the activation script? those run extremely early in the boot
<sphalerite> M1k3y: it presumably has an empty PATH. Refer to the full path to tar
<ToxicFrog> Use ${pkgs.tar}/bin/tar or similar rather than just `tar`.
<M1k3y> sounds logic, will try. Thanks for the quick help.
<frankpf> clever: that worked, but nixos-rebuild is still complaining about me redefing openssh.permitRootLogin.
<frankpf> redefining*
<clever> frankpf: what did you put into configuration.nix?
newhoggy has joined #nixos
<frankpf> services = { sshd = { enable = true; permitRootLogin = lib.mkForce "without-password" } }
<clever> frankpf: and what is the exact error?
<frankpf> The unique option `services.openssh.permitRootLogin' is defined multiple times, in `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/rename.nix' and `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/virtualisation/amazon-image.nix
<clever> frankpf: try setting services.openssh rather then services.sshd
<clever> this sounds like a bug in the rename module not allowing overrides
<frankpf> Ah, yeah. That worked
<frankpf> seems like I hit an edge case :p
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] NeQuissimus opened pull request #28264: [staging] curl: 7.55.0 -> 7.55.1 (staging...curl_7_55_1) https://git.io/v77bo
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 255 seconds)]
<M1k3y> ok, your solution kind of worked. Now it's finding the tar command, but can't find "gzip", which is getting called since my script unpacks a .tar.gz "tar (child): gzip: Cannot exec: No such file or directory"
<clever> M1k3y: why are you trying to unpack a tar so early in the boot?
<adisbladis> M1k3y: tar -z -j etc are actually just shelling out to gzip and bzip2, so you can just explicitly do that instead
<adisbladis> But I'm thinking the same as clever.. It doesn't really feel right
FRidh has quit [(Quit: Konversation terminated!)]
<clever> ive seen somebody break the system so hard it couldnt even find systemd, because he tried to do networking in the activation script
bennofs1 has quit [(Ping timeout: 240 seconds)]
hotfuzz_ is now known as hotfuzz
<M1k3y> clever: I'm using this to deploy some files to all home directories and check for some files. This action only runs on initial installation or when there are new users on the system.
<clever> M1k3y: i think a systemd unit would be better for that, set the type to one-shot
<clever> the activation scripts may run before the users have even been created
<srhb> I've done something similar with systemd one-shots too, works quite well. :)
<clever> they can even run before you have a /etc or /home directory
<M1k3y> good to know. I'll look inte the systemd one-shots then.
[0x4A6F]1 has joined #nixos
tokudan has joined #nixos
tokudan has quit [(Client Quit)]
bgamari has joined #nixos
<M1k3y> since I'm already here. Anyone knows why gnome ignores 'services.xserver.layout = "de";'?
[0x4A6F] has quit [(Ping timeout: 255 seconds)]
[0x4A6F]1 is now known as [0x4A6F]
acertain has joined #nixos
tokudan has joined #nixos
<shapr> ok, I just realized the reason the NixOS manual starts out describing the configuration system, is that the entire OS is effectively chef/puppet.. I should have realized that earlier.
tokudan has quit [(Client Quit)]
<adisbladis> M1k3y: I can't help you with why but I have seen it on the issue tracker before https://github.com/NixOS/nixpkgs/issues/14318
<sphalerite> shapr: but better ;)
<srhb> shapr: I recent the comparison ;-)
<srhb> resent*
newhoggy has joined #nixos
<shapr> srhb: I'm just getting started, I'll try to come up with better comparisons
<sphalerite> Does anyone know of a neat way to give one-time SSH access to one host from another?
<clever> sphalerite: https://tmate.io/
<clever> sphalerite: its basicaly teamviewer for ssh
tokudan has joined #nixos
ixxie has quit [(Quit: Lost terminal)]
<sphalerite> clever: can I do rsync through that?
<clever> sphalerite: not sure, ive only used it for ssh
<clever> sphalerite: but you can always do the copy in the reverse direction once your in, if the other end is under your control and more open
<sphalerite> both ends are under my control
newhoggy has quit [(Ping timeout: 240 seconds)]
pxc has joined #nixos
thetet has quit [(Ping timeout: 246 seconds)]
<sphalerite> hm, how do I get `ip route` to show IPv6 routes as well?
<clever> ip -6 route
[0x4A6F]1 has joined #nixos
[0x4A6F] has quit [(Remote host closed the connection)]
[0x4A6F]1 is now known as [0x4A6F]
takle has quit [(Remote host closed the connection)]
takle has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] markus1189 opened pull request #28265: http-prompt: 0.9.1 -> 10.0.2 (master...http-prompt-0.10.2) https://git.io/v77pE
NixOS_GitHub has left #nixos []
seagreen has joined #nixos
takle has quit [(Ping timeout: 246 seconds)]
miefda has joined #nixos
newhoggy has joined #nixos
takle has joined #nixos
q6AA4FD has quit [(Ping timeout: 248 seconds)]
<sphalerite> oooh, the -6 goes before route >_>
takle has quit [(Read error: Connection reset by peer)]
<sphalerite> it's annoying how ip a[ddress] defaults to showing ipv6 and route doesn't
takle has joined #nixos
q6AA4FD has joined #nixos
<disasm> sphalerite: agreed, dunno why it just doesn't dump both by default.
newhoggy has quit [(Ping timeout: 240 seconds)]
roundhouse has quit [(Ping timeout: 255 seconds)]
<Sonarpulse> niksnut: see what I then wrote in https://github.com/NixOS/nixpkgs/pull/28057 ?
python47` has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
python476 has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 255 seconds)]
newhoggy has joined #nixos
python47` has quit [(Ping timeout: 260 seconds)]
newhoggy has quit [(Ping timeout: 248 seconds)]
python476 has joined #nixos
bgamari has quit [(Ping timeout: 240 seconds)]
dhess has quit [(Remote host closed the connection)]
dhess has joined #nixos
<clever> sphalerite: something of note, nixos-install --chroot doesnt work on nixos-unstable right now
<sphalerite> was that highlight meant for me?
<clever> yeah
<clever> the topic had come up lastnight
<sphalerite> oooh right
<clever> but it turns out we where both wrong, because its broken
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
bennofs1 has joined #nixos
erictapen has joined #nixos
ison111 has quit [(Ping timeout: 255 seconds)]
ona has joined #nixos
FRidh has joined #nixos
ison111 has joined #nixos
vandenoever has quit [(Ping timeout: 248 seconds)]
ylwghst has quit [(Quit: Lost terminal)]
bgamari has joined #nixos
pxc has quit [(Ping timeout: 240 seconds)]
newhoggy has joined #nixos
pxc has joined #nixos
bgamari has quit [(Client Quit)]
newhoggy has quit [(Ping timeout: 246 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] layus opened pull request #28266: grisbi: init at 1.0.2 (master...grisbi-init) https://git.io/v75J1
NixOS_GitHub has left #nixos []
bgamari has joined #nixos
Mercuria1Alchemi has joined #nixos
<aristid> sphalerite: i think "ip" is one of the most annoying commands for me
ison111 has quit [(Ping timeout: 240 seconds)]
newhoggy has joined #nixos
Myrl-saki has quit [(Ping timeout: 248 seconds)]
bgamari has quit [(Client Quit)]
* bennofs1 thinks ss is worse
bennofs1 is now known as bennofs
bgamari has joined #nixos
<sphalerite> lsof ftw
newhoggy has quit [(Ping timeout: 240 seconds)]
magnetophon has quit [(Ping timeout: 255 seconds)]
<aristid> sphalerite: lsof can do what netstat/ss can do?
<aristid> bennofs: netstat -nltup is still what i know :D
<sphalerite> idk the details of what netstat/ss can do, but it can certainly list all the connections that processes have open (lsof -i) and has various filtering options too
DutchWolfie has joined #nixos
DutchWolfie has quit [(Changing host)]
DutchWolfie has joined #nixos
newhoggy has joined #nixos
<sphalerite> `lsof -iTCP -sTCP:LISTEN` does what you would probably guess it does
bgamari- has joined #nixos
<aristid> bennofs: ss -nltup works
erictapen has quit [(Ping timeout: 255 seconds)]
<aristid> bennofs: so i think ss is great!
<aristid> it can do what i know that netstat can do, with fewer characters to type!
<adelbertc> Is there a way to have a default Xresources which Nix applies for everyone?
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] mimadrid opened pull request #28267: meson: 0.40.0 -> 0.41.2 (master...update/meson-0.41.2) https://git.io/v75T0
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 246 seconds)]
bgamari has quit [(Ping timeout: 276 seconds)]
erictapen has joined #nixos
bennofs has quit [(Ping timeout: 255 seconds)]
<Infinisil> Why is my .xsession-errors always empty?
justelex has joined #nixos
<Infinisil> Or is that just because there were no errors?
justelex_ has joined #nixos
<srhb> Infinisil: I think something weird happens with it combined with the systemd user session or whatever
<srhb> Unfortunately I don't know exactly when it broke...
newhoggy has joined #nixos
justelex has quit [(Ping timeout: 240 seconds)]
newhoggy has quit [(Ping timeout: 240 seconds)]
bennofs has joined #nixos
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/2a0c6c7bee (from 4 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
nix-gsc-io`bot has quit [(Client Quit)]
miefda_ has joined #nixos
ison111 has joined #nixos
silver_hook has quit [(Ping timeout: 248 seconds)]
tvon has left #nixos ["Peace out, y'all!"]
newhoggy has joined #nixos
miefda has quit [(Ping timeout: 240 seconds)]
Mercuria1Alchemi has quit [(Ping timeout: 240 seconds)]
nix-gsc-io`bot has joined #nixos
<nix-gsc-io`bot> Channel nixos-unstable advanced to https://github.com/NixOS/nixpkgs/commit/129f8d7e99 (from 6 hours ago, history: https://channels.nix.gsc.io/nixos-unstable)
nix-gsc-io`bot has quit [(Client Quit)]
newhoggy has quit [(Ping timeout: 246 seconds)]
bgamari- has quit [(Ping timeout: 255 seconds)]
bgamari has joined #nixos
newhoggy has joined #nixos
vandenoever has joined #nixos
newhoggy has quit [(Ping timeout: 248 seconds)]
ona has quit [(Quit: ...)]
newhoggy has joined #nixos
thetet has joined #nixos
<Infinisil> I'm just trying to debug an xmonad problem
newhoggy has quit [(Ping timeout: 276 seconds)]
<Infinisil> Trying to get a second xmobar running
<Infinisil> And damn, xmobar putting a *compiled* binary in ~/.xmonar is really ugly
<srhb> Infinisil: Uglier than xmonad doing it? :-P
newhoggy has joined #nixos
<Infinisil> Ugh
<Infinisil> Especially on nixos
<catern> what is wrong with that
<catern> that is perfectly ok
<srhb> I also don't find it problematic.
<catern> though maybe, given Nix, you maybe should just stick it in the store instead?
<catern> and symlink to it?
<Infinisil> Well it's not that bad really, but on nixos usually binaries live in the store
<Infinisil> yes
<Ankhers> But xmonad recompiles itself becase on a user config. Where would that go in the store?
<catern> xmonad shouldn't recompile itself, a small Nix derivation should do it for it :)
<Infinisil> Good argument
<srhb> It could recompile itself, but it should use nix-build
<Infinisil> Yeah, and not recompile if the config didn't change
<srhb> nix-build should take care of that, no?
<Infinisil> the standard key command does `xmonad --recompile; xmonad --restart`
<srhb> As in, it would be a no-op.
<Infinisil> Yeah
M1k3y has quit [(Ping timeout: 260 seconds)]
<catern> can you get nix-shell to build the expression you pass it? then you could do nix-shell xmonad.nix --run xmonad
<catern> or something like that
<srhb> I think with the recent changes to xmonad to support stackified deployments, it might actually not be too hard to make these changes to support nix-build
newhoggy has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
bgamari has quit [(Read error: Connection reset by peer)]
bgamari has joined #nixos
<frankpf> how can I run sshd on a non-standard port on NixOS?
<frankpf> when I change services.sshd.ports to something other than 22, sshd stops working
zeus_ has quit [(Read error: Connection reset by peer)]
hellrazor has joined #nixos
zeus_ has joined #nixos
<srhb> frankpf: With services.openssh.ports as well?
<frankpf> srhb: yes
<frankpf> sorry, sshd is actually running
<Ankhers> How are you setting it?
<frankpf> But I can't connect using ssh
<srhb> frankpf: I can't reproduce this.
<srhb> frankpf: Perhaps your problem lies elsewhere.
<srhb> firewall perhaps?
newhoggy has joined #nixos
endformationage has quit [(Read error: Connection reset by peer)]
<clever> srhb: nixos automatically opens the ports that ssh is configured to
<clever> frankpf: run the ssh client with -vvvv and then pastebin the output
endformationage has joined #nixos
<srhb> frankpf: are you actually testing it locally on the machine running openssh?
<frankpf> Nah, I'm just stupid.
<srhb> Ah, ok. :)
<frankpf> Firewall was blocking ports other than 22
<clever> which firewall?
<frankpf> AWS :P
<clever> ah
<aristid> frankpf: ah lol i think i made the exact same mistake when i was using AWS for my little VPS
newhoggy has quit [(Ping timeout: 248 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] mdorman opened pull request #28268: Semi-automated Emacs package updates (master...emacs-updates) https://git.io/v75Yw
NixOS_GitHub has left #nixos []
ylwghst has joined #nixos
<gchristensen> uhhh maybe we could get a azures-version-of-cloudfront endpoint out in AU https://azure.microsoft.com/en-us/blog/microsoft-azure-expands-with-two-new-regions-for-australia/
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] Ericson2314 opened pull request #28269: cc-wrapper: Improve `set -u` compliance (staging...cc-wrapper-set-u) https://git.io/v753H
NixOS_GitHub has left #nixos []
newhoggy has joined #nixos
viaken[m] has joined #nixos
ylwghst has quit [(Quit: Lost terminal)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dezgeg pushed 2 new commits to master: https://git.io/v75sa
<NixOS_GitHub> nixpkgs/master c20d41d Will Dietz: Revert "busybox: downgrade 1.27.1 -> 1.26.2"...
<NixOS_GitHub> nixpkgs/master 3e8d68e Will Dietz: make-bootstrap-tools: Fix config opts for ash builtins after upgrade
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 246 seconds)]
bgamari has quit [(Ping timeout: 255 seconds)]
ylwghst has joined #nixos
bgamari has joined #nixos
justelex_ has quit [(Ping timeout: 240 seconds)]
newhoggy has joined #nixos
FRidh has quit [(Remote host closed the connection)]
zeus_ has quit [(Read error: Connection reset by peer)]
zeus_ has joined #nixos
roberth has joined #nixos
ylwghst has quit [(Quit: Lost terminal)]
newhoggy has quit [(Ping timeout: 260 seconds)]
ylwghst has joined #nixos
gnuhurd has quit [(Remote host closed the connection)]
gnuhurd has joined #nixos
ison111 has quit [(Ping timeout: 246 seconds)]
simukis has joined #nixos
bgamari has quit [(Ping timeout: 240 seconds)]
bgamari has joined #nixos
ison111 has joined #nixos
newhoggy has joined #nixos
wak-work_ has joined #nixos
miefda_ has quit [(Read error: Connection reset by peer)]
MP2E has joined #nixos
gnuhurd has quit [(Remote host closed the connection)]
gnuhurd has joined #nixos
newhoggy has quit [(Ping timeout: 240 seconds)]
bennofs has quit [(Ping timeout: 246 seconds)]
ison111 has quit [(Quit: WeeChat 1.7.1)]
bgamari has quit [(Read error: Connection reset by peer)]
bgamari has joined #nixos
frankpf has quit [(Ping timeout: 258 seconds)]
newhoggy has joined #nixos
snikkers has joined #nixos
wak-work_ has quit [(Quit: Leaving)]
Isorkin has quit [(Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org)]
bennofs has joined #nixos
newhoggy has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dezgeg opened pull request #28271: [WIP] Travis tweaks (master...travis-tweaks) https://git.io/v75cA
NixOS_GitHub has left #nixos []
sigmundv__ has joined #nixos
bgamari has quit [(Quit: ZNC - http://znc.in)]
<srhb> How do I tell which haskell packagesets are cached at any given point?
<bennofs> srhb: look at hydra? :D
<sphalerite> Anyone got lxc working on nixos? I've got a debian container I unfortunately need to run and I'm having some difficulties
<srhb> bennofs: More specifically? :-)
bgamari has joined #nixos
<sphalerite> Specifically, I'm getting: lxc-start 20170814201257.973 ERROR lxc_conf - conf.c:setup_rootfs:1194 - No such file or directory - Failed to access to "/var/lib/lxc/rootfs". Check it is present.
<bennofs> srhb: generally, everything that is part of haskellPackages: https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix#L103
newhoggy has joined #nixos
<sphalerite> Even though it should be using /var/lib/lxc/<containername>/rootfs
<sphalerite> bennofs: ♥ for the permalink thing, I should do that too
<srhb> Really? That can't be right, 821 already has a lot of cached packages.
<bennofs> srhb: hmm. that may be due to dependencies from other packages that use 821?
MP2E has quit [(Read error: Connection reset by peer)]
<srhb> Randomly checking, 7103 seems cached too
<srhb> 801 not
<srhb> 7102 not.
<bennofs> srhb: you mean packages are cached or the compiler itself?
<srhb> Packages :)
MP2E has joined #nixos
<bennofs> srhb: ghc7103 is probably due to legacy applications requiring it
<bennofs> srhb: (so gets pulled in of some other haskell app that is at the toplevel)
<srhb> Okay. :/
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] lzhang10 opened pull request #28272: fix broken patch url in pkgs/tools/misc/fontforge/default.nix #28270 (master...28270-fix-patrh-url) https://git.io/v75Ch
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 276 seconds)]
bgamari- has joined #nixos
erictapen has quit [(Ping timeout: 240 seconds)]
<bennofs> srhb: although i wonder where the cached packages for 821 come from...
<clever> bennofs: also, half of the ghc compilers depend on eachother, just for bootstraping
<clever> bennofs: the chain is 3 or 4 ghc's long
<bennofs> yeah, but this is about packages, not the compiler itself
<clever> ah
newhoggy has joined #nixos
bgamari has quit [(Ping timeout: 258 seconds)]
<bennofs> srhb, clever: ah, haskell-updates runs a few more builds: https://github.com/peti/ci/blob/212210000971b8cade4b403e230307593a34d4a4/haskell-nixpkgs.nix
lewo has quit [(Remote host closed the connection)]
roni has joined #nixos
<srhb> bennofs: What is haskell-updates?
lewo has joined #nixos
<bennofs> srhb: peti's branch where bigger changes and updates from new hackage are merged for testing
<srhb> bennofs: Aha. So should I understand this as all being the list of packagesets that ge tcached?
tokudan has quit [(Quit: Leaving)]
<bennofs> srhb: well, everything that is ever build by hydra is cached. and haskell-updates has a jobset on hydra
bgamari- has quit [(Client Quit)]
<clever> the jobset for peti's branch
<bennofs> srhb: so, if say, gnu emacs started depending on ghc821 packages for whatever reason, you would also see them getting cached :)
<bennofs> (and used the same nixpkgs version so recursive hash matches)
erictapen has joined #nixos
newhoggy has quit [(Ping timeout: 240 seconds)]
stepcut has quit [(Remote host closed the connection)]
bgamari has joined #nixos
stepcut has joined #nixos
<bennofs> I find it funny how almost every jobset on hydra is red ;)
<srhb> I am none the wiser. :-P
kiloreux has quit [(Ping timeout: 255 seconds)]
<srhb> I understand that if something pulls in, say, lens from ghc821, it gets cached
<srhb> I am not clear on whether all packages in, say, ghc821, are explicitly pulled in by that job.
<clever> only a subset, lens, and the deps of lens
<bennofs> clever: i don't think lens is in the list?
<clever> if lens was a dep of something
ylwghst has quit [(Quit: Lost terminal)]
<srhb> Yeah, I understand that.
<srhb> I didn't mean to imply that pulling in lens would automatically cache all of 821.
<bennofs> the list for ghc821 appears to be: funcmp, hackage-db, hsdns, hsemail, hsyslog, jailbreak-cabal, language-nix, nix-paths, titlecase
stepcut has quit [(Remote host closed the connection)]
<bennofs> and of course all deps of those
<srhb> bennofs: How do you figure?
<Ankhers> Infinisil: ##nix-bot-testing -- I decided to take a couple minutes to just do it...
stepcut has joined #nixos
<bennofs> srhb: i looked at https://github.com/peti/ci/blob/212210000971b8cade4b403e230307593a34d4a4/haskell-nixpkgs.nix and looked at "mapHaskellTestOn { ... }" where it says for each pkg what versions it tests it on
bgamari has quit [(Read error: Connection reset by peer)]
bgamari has joined #nixos
<bennofs> there may be more (don't think so much stuff depends on haskell so unlikely), but those are cached at the very least
ylwghst has joined #nixos
newhoggy has joined #nixos
<srhb> Hmm.
<srhb> Unless one of those contains all of Hackage, I don't believe that's the entire story.
<bennofs> srhb: well, haskellPackages contains all of hackage
<bennofs> srhb: and that is build above by the mapTestOn
<srhb> Then that would mean distribution-nixpkgs is the one.
eschnett has quit [(Quit: eschnett)]
<bennofs> srhb: no distribution-nixpkgs is just a haskell package on hackage :)
<srhb> Oh.
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dezgeg pushed 2 new commits to master: https://git.io/v75lA
<NixOS_GitHub> nixpkgs/master 59ad93a Tuomas Tynkkynen: travis: Hide more unnecessary build spam from installing nox...
<NixOS_GitHub> nixpkgs/master fe078d7 Tuomas Tynkkynen: travis: Add dummy environment variables as build labels...
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dezgeg closed pull request #28271: [WIP] Travis tweaks (master...travis-tweaks) https://git.io/v75cA
NixOS_GitHub has left #nixos []
newhoggy has quit [(Ping timeout: 240 seconds)]
bgamari has quit [(Quit: ZNC - http://znc.in)]
bgamari has joined #nixos
<srhb> For now, the mysterious explanation I will go with is that lens is somehow explicitly cached and therefore a large percentage of Hackage is also cached. :-)
<bennofs> srhb: i believe lens is a dependency of language-nix :)
kiloreux has joined #nixos
ylwghst has quit [(Remote host closed the connection)]
<srhb> I'll buy it.
<clever> the nix source tarball also depends on shellcheck, which pulls in a decent amount of haskell (unknown ghc version)
roberth has quit [(Ping timeout: 240 seconds)]
<srhb> It's just really strange to try and reconstruct the tree and try to match it with the "observed cached" packages, but I guess there really is no good way of determining it. :)
ylwghst has joined #nixos
<clever> srhb: i think you would need root on hydra to find it easily
* srhb nods
justbeingglad has joined #nixos
justbeingglad has left #nixos []
<bennofs> we would need a reverse dependency db for that
<srhb> I wish we had infinity capacity.
<srhb> Nix is theoretically so good for testing backwards compatibility with multiple ghc versions with some CI service
<bennofs> one more reason to just set up some server that streams every nar that is build by hydra and stores info about it in some db :=)
MP2E has quit [(Read error: Connection reset by peer)]
erictapen has quit [(Ping timeout: 255 seconds)]
<srhb> Yeah.
<clever> there is an api url in hydra that spits out the storepath for every job in an eval
<clever> the programs.sqlite util used that
MP2E has joined #nixos
<bennofs> clever: oh? but afaik, it only contains jobids, right?
anelson_ has joined #nixos
Geeky[m] has joined #nixos
<bennofs> clever: i'd kinda want the info about the job as well
<bennofs> but don't think it'd be good to fetch every job detail page individually from hydra, may be a bit too much load :)
newhoggy has joined #nixos
<clever> one min
DutchWolfie has quit [(Quit: Konversation terminated!)]
Capprentice has quit [(Remote host closed the connection)]
Capprentice has joined #nixos
ShalokShalom has quit [(Read error: Connection reset by peer)]
<anelson_> hi guys, I'm on CentOS, I compiled a version of nix with storeDir = /tmp/nix/store, and when I use it to build e.g. `pkgs.bash` I'm seeing something really weird when I `ldd` the bash binary
<clever> bennofs: curl https://hydra.nixos.org/eval/1384033/store-paths -v -H 'Accept: application/json'
Curiontice has joined #nixos
<clever> bennofs: it returns a json list of every storepath in the eval
<anelson_> It lists libdl.so.2 and libc.so.6 pointing at nix store objects, which is great, but then it has a third entry where the *name* of the library is a nix store path, but the path after the => is *not* a nix store path
<anelson_> specifically it says /tmp/nix/store/1qqd5d9bab6cd4glmpmijdviqc4k4qdx-glibc-2.25/lib/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
<bennofs> clever: right. you can also get this by just fetching store-paths.xz from the channel path :)
ShalokShalom has joined #nixos
<bennofs> clever: i want some info for it though: reverse-dependencies, job name, system etc
<clever> bennofs: and once you have that from either source, you can query each narinfo on the binary cache, to form the runtime dep trees
<bennofs> clever: oh right, reverse deps are actually easy
<clever> but that wont help with build-time only deps
newhoggy has quit [(Ping timeout: 248 seconds)]
sigmundv__ has quit [(Ping timeout: 248 seconds)]
<bennofs> ah, drvs are not cached :/
<bennofs> clever: still, you wont get the job name <-> store path assocation from it
<clever> yeah
jensens has joined #nixos
Capprentice has quit [(Ping timeout: 240 seconds)]
<clever> was going to bring up nix-index, then i remembered the github url, lol
<bennofs> it was actually one of my thoughts for getting the package names from store paths for nix index (you could get it from the hydra job name)
<bennofs> or rather, the attribute path
hsk3 has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] womfoo opened pull request #28274: gpxsee: 4.8 -> 4.9 (master...bump/gpxsee-4.9) https://git.io/v75Bb
NixOS_GitHub has left #nixos []
newhoggy has joined #nixos
<clever> bennofs: simplest thing i can think of is to just repeat the eval locally, run hydra-eval-jobs on the same release.nix
<hsk3> Debian and Ubuntu have been really battle-tested as production servers, security-wise.
<hsk3> Do you guys feel confident running NixOS production servers for high-traffic websites?
<clever> bennofs: this requires no special config on the host, and will spit out a json mapping job names to drv files
<clever> and it will populate the host store with those drv's
<bennofs> clever: thats... kind of what nix-index does :)
<clever> it can also optionaly GC root each drv it creates
<bennofs> clever: but it's slow
<bennofs> and also fails whenever nixpkgs has an eval error (granted, i could perhaps fix that with some try eval, but then it gets even slower)
<bennofs> clever: and it depends on exact hash matches
<clever> yeah
<clever> you would need to fetch the same nixpkgs hydra/channel has
newhoggy has quit [(Ping timeout: 240 seconds)]
Ivanych has quit [(Ping timeout: 255 seconds)]
ylwghst has quit [(Quit: Lost terminal)]
bennofs1 has joined #nixos
gnuhurd has quit [(Remote host closed the connection)]
gnuhurd has joined #nixos
bennofs has quit [(Ping timeout: 248 seconds)]
hl has quit [(Ping timeout: 240 seconds)]
ninegua[m] has quit [(Ping timeout: 246 seconds)]
newhoggy has joined #nixos
taktoa has joined #nixos
ycy[m] has quit [(Ping timeout: 246 seconds)]
etcinit[m] has quit [(Ping timeout: 240 seconds)]
StuK[m] has quit [(Ping timeout: 240 seconds)]
trikl[m] has quit [(Ping timeout: 240 seconds)]
Barnabas[m] has quit [(Ping timeout: 240 seconds)]
Exee7uvo[m] has quit [(Ping timeout: 258 seconds)]
dalaing has quit [(Ping timeout: 258 seconds)]
ptotter[m] has quit [(Ping timeout: 258 seconds)]
sudoreboot[m] has quit [(Ping timeout: 258 seconds)]
timclassic has quit [(Ping timeout: 258 seconds)]
florianjacob has quit [(Ping timeout: 258 seconds)]
rnhmjoj[m] has quit [(Ping timeout: 258 seconds)]
Drakonis[m] has quit [(Ping timeout: 246 seconds)]
NickHu has quit [(Ping timeout: 246 seconds)]
thematter[m] has quit [(Ping timeout: 246 seconds)]
copumpkin has quit [(Ping timeout: 246 seconds)]
spacekitteh[m] has quit [(Ping timeout: 246 seconds)]
primeos[m] has quit [(Ping timeout: 246 seconds)]
Geeky[m] has quit [(Ping timeout: 246 seconds)]
reactormonk[m] has quit [(Ping timeout: 246 seconds)]
ArdaXi[m] has quit [(Ping timeout: 246 seconds)]
musicmatze[m] has quit [(Ping timeout: 246 seconds)]
octalsrc[m] has quit [(Ping timeout: 255 seconds)]
bendlas has quit [(Ping timeout: 255 seconds)]
matrixkrav has quit [(Ping timeout: 240 seconds)]
wak-work has quit [(Ping timeout: 240 seconds)]
jsv[m] has quit [(Ping timeout: 240 seconds)]
revoltmedia[m] has quit [(Ping timeout: 240 seconds)]
sphalerite has quit [(Ping timeout: 240 seconds)]
indefini has quit [(Ping timeout: 240 seconds)]
TimePath has quit [(Ping timeout: 240 seconds)]
chominist[m] has quit [(Ping timeout: 255 seconds)]
jlle[m] has quit [(Ping timeout: 240 seconds)]
Guest65834 has quit [(Ping timeout: 240 seconds)]
ylwghst has joined #nixos
danielrf has quit [(Ping timeout: 246 seconds)]
seif[m] has quit [(Ping timeout: 246 seconds)]
kainospur[m] has quit [(Ping timeout: 246 seconds)]
BurNiinTRee[m] has quit [(Ping timeout: 246 seconds)]
sargon[m] has quit [(Ping timeout: 246 seconds)]
berot3[m] has quit [(Ping timeout: 246 seconds)]
regnat[m] has quit [(Ping timeout: 246 seconds)]
magnap has quit [(Ping timeout: 246 seconds)]
Naughtmare[m] has quit [(Ping timeout: 258 seconds)]
adisbladis[m] has quit [(Ping timeout: 246 seconds)]
hedning[m] has quit [(Ping timeout: 246 seconds)]
sk23[m] has quit [(Ping timeout: 276 seconds)]
AmineChikhaoui[m has quit [(Ping timeout: 240 seconds)]
icetan has quit [(Ping timeout: 240 seconds)]
qtness[m] has quit [(Ping timeout: 240 seconds)]
AdamSlack[m] has quit [(Ping timeout: 240 seconds)]
lecorpsnoir[m] has quit [(Ping timeout: 240 seconds)]
peterhoeg has quit [(Ping timeout: 240 seconds)]
Ralith has quit [(Ping timeout: 240 seconds)]
unlmtd has quit [(Ping timeout: 240 seconds)]
davidar has quit [(Ping timeout: 240 seconds)]
zimbatm has quit [(Ping timeout: 240 seconds)]
baconicsynergy[m has quit [(Ping timeout: 264 seconds)]
WinterFox[m] has quit [(Ping timeout: 264 seconds)]
Kallegro[m] has quit [(Ping timeout: 264 seconds)]
eqyiel[m] has quit [(Ping timeout: 240 seconds)]
corngood has quit [(Ping timeout: 240 seconds)]
dash has quit [(Ping timeout: 240 seconds)]
Sovereign_Bleak has quit [(Ping timeout: 240 seconds)]
herzmeister[m] has quit [(Ping timeout: 240 seconds)]
aniketd[m] has quit [(Ping timeout: 255 seconds)]
hendrik[m]1 has quit [(Ping timeout: 255 seconds)]
dtz has quit [(Ping timeout: 255 seconds)]
bachp has quit [(Ping timeout: 255 seconds)]
xj9[m] has quit [(Ping timeout: 255 seconds)]
a123123123[m] has quit [(Ping timeout: 255 seconds)]
wmertens[m] has quit [(Ping timeout: 255 seconds)]
qrilka[m] has quit [(Ping timeout: 255 seconds)]
abbafei[m] has quit [(Ping timeout: 255 seconds)]
cwopel has quit [(Ping timeout: 255 seconds)]
edef[m] has quit [(Ping timeout: 255 seconds)]
spawnthink[m] has quit [(Ping timeout: 246 seconds)]
<roni> :q
roni has left #nixos []
offlinehacker[m] has quit [(Ping timeout: 264 seconds)]
benkolera has quit [(Ping timeout: 264 seconds)]
M-liberdiko has quit [(Ping timeout: 264 seconds)]
ylwghst has quit [(Client Quit)]
ylwghst has joined #nixos
fiveht has joined #nixos
puffnfresh has quit [(Ping timeout: 246 seconds)]
myklam[m] has quit [(Ping timeout: 240 seconds)]
Oo[m] has quit [(Ping timeout: 258 seconds)]
viaken[m] has quit [(Ping timeout: 258 seconds)]
tommyangelo[m] has quit [(Ping timeout: 246 seconds)]
rycee[m] has quit [(Ping timeout: 246 seconds)]
yochai[m] has quit [(Ping timeout: 246 seconds)]
bhipple[m] has quit [(Ping timeout: 246 seconds)]
DIzFer[m] has quit [(Ping timeout: 246 seconds)]
jyp[m] has quit [(Ping timeout: 246 seconds)]
Yaniel has quit [(Ping timeout: 246 seconds)]
newhoggy has quit [(Ping timeout: 260 seconds)]
admin[m] has quit [(Ping timeout: 258 seconds)]
retrry[m] has quit [(Ping timeout: 258 seconds)]
mhsjlw[m] has quit [(Ping timeout: 258 seconds)]
sziszi[m] has quit [(Ping timeout: 258 seconds)]
dibblego[m] has quit [(Ping timeout: 258 seconds)]
olejorgenb[m] has quit [(Ping timeout: 246 seconds)]
Khorne[m] has quit [(Ping timeout: 246 seconds)]
bgamari has quit [(Ping timeout: 255 seconds)]
JameySharp[m] has quit [(Ping timeout: 246 seconds)]
mtncoder[m] has quit [(Ping timeout: 276 seconds)]
<Infinisil> Lol
mith[m] has quit [(Ping timeout: 264 seconds)]
scott2 has quit [(Ping timeout: 264 seconds)]
Dezgeg[m] has quit [(Ping timeout: 276 seconds)]
Kirill[m] has quit [(Ping timeout: 276 seconds)]
jack[m]1 has quit [(Ping timeout: 276 seconds)]
AlanPearce[m] has quit [(Ping timeout: 276 seconds)]
Elephant454[m] has quit [(Ping timeout: 276 seconds)]
necronian has quit [(Ping timeout: 276 seconds)]
bennofs[m] has quit [(Ping timeout: 276 seconds)]
Wysteriary[m] has quit [(Ping timeout: 276 seconds)]
sirius[m] has quit [(Ping timeout: 276 seconds)]
cornu[m] has quit [(Ping timeout: 276 seconds)]
pstn has quit [(Ping timeout: 276 seconds)]
aspiwack[m] has quit [(Ping timeout: 276 seconds)]
newhoggy has joined #nixos
<Infinisil> In the Container section of the NixOS manual, there is this: "Warning: Currently, NixOS containers are not perfectly isolated from the host system. This means that a user with root access to the container can do things that affect the host."
<Infinisil> Any idea what this is referring to?
<simpson> It's not a reference. It's the truth itself.
<simpson> A container, on Linux, is not perfect isolation.
<LnL> I mentioned that before, you can get out if the container with root
<Infinisil> How exactly?
<gchristensen> look up any numerous container exploits :)
bgamari has joined #nixos
<ylwghst> hi
<ylwghst> any idea how to achieve this http://forums.bodhilinux.com/index.php?/topic/8544-backlight-module-fix/ on nix?
<simpson> Infinisil: By making syscalls while root inside a container. It's not magic, but it's not obvious because the container model is a hybrid of so many different pieces of functionality.
<LnL> you are sharing the kernel with the host, it's less secure as a vm by design
<Infinisil> Hmm okay
<Infinisil> So just not give root to untrusted users and it should be fine
<Infinisil> Asking regarding Ankhers nix-bot, which shouldn't be able to trash his machine
<simpson> Infinisil: You can't just not give root when working with containers. It's a big part of the problem.
<Infinisil> simpson: Can't a container have a normal user accessible via ssh?
newhoggy has quit [(Remote host closed the connection)]
<simpson> Infinisil: Sure, but that doesn't make me feel any better about containers as security.
<tilpner> simpson - With user namespace you can? (Though the frequent news don't inspire confidence in their security either)
<simpson> Just don't think of containers as a security measure!
<Infinisil> Hmm alright
<LnL> ^^
<thoughtpolice> You can do that, but it's more about authority. You generally want processes inside a container to be able to do "root like things", for example, bind to port 80. Why shouldn't it be able to bind to port 80? It's not really port 80 on the host, in a network namespace. It should be "fine", after all.
<simpson> thoughtpolice: And in a capability system, where we could reason about authority piecemeal, that'd be great. Sadly, Linux "capabilities" are not capabilities.
<thoughtpolice> The problem is Linux hasn't ever really had an idea of "your uid == 0, but you're not actually root". So in practice, tons of "root level" code throughout the kernel and system assume the root user isn't hostile.
fiveht has quit [(Quit: WeeChat 1.7.1)]
<thoughtpolice> e.g. people always assumed only Root would ever be able to make certain syscalls, so why harden those syscalls if you're already root? The game was already over. That was true 10 years ago, but not now.
<tilpner> thoughtpolice - Again, what about user namespaces?
<thoughtpolice> simpson: I prefer to call Linux capabilities "crapabilities"
<Infinisil> So we need to rewrite the linux kernel with this in mind
<Infinisil> Preferably in Rust
<Infinisil> \s
fiveht has joined #nixos
<thoughtpolice> tilpner: They suffer from the exact same problem. In fact the scenario I just outlined is a huge problem with user namespaces -- many parts of Linux are not hardened against an attacker who has uid == 0 and is extremely hostile.
<simpson> Infinisil: http://genode.org/
<sphalerite_> ooooh, the matrix bridge is down again. That explains why I haven't seen the updates
fiveht has quit [(Client Quit)]
<Infinisil> simpson: I haven't watched the talk yet :)
<Infinisil> sphalerite_: Ahh, i wondered why you left
fiveht has joined #nixos
<thoughtpolice> This is why systems like grsec completely disabled them. You have code all throughout the kernel that things "uid == 0, ok", but doesn't take into consideration things like this. So you get exploits like user-namespaced root users (uid == 0) able to do things like bind mount host folders, etc etc.
<tilpner> thoughtpolice - But they are the mechanism for "your uid == 0, but you're not actually root", so stating that "Linux hasn't ever really had" them is inaccurate. They're just not very trustworthy
ylwghst has quit [(Quit: Lost terminal)]
<tilpner> (If you know about implementation details, please tell me if I'm wrong)
<sphalerite_> meh. I really like matrix but it's not all that reliable :(
<thoughtpolice> Well, that's fair -- but it's all the same to me, frankly, if exploits pop up on the regular. It will likely take years to suss out all those issues, I imagine. In the mean time, just never assume containers provide security; you can only really assume they provide some level of resource isolation.
<kiloreux> How can I use a specific commit of nixpkgs as my channel ?
<kiloreux> I tried adding the commit in the default.nix
<kiloreux> as well as nix-env -f commit -i
<Infinisil> You can't
<Infinisil> channels are already picked out specifit commits of nixpkgs
<kiloreux> is there anyway to install a package only available in the last commits ?
<thoughtpolice> (I'm hoping one day something like Capsicum (true capability security) will come to Linux, but they've been working on it for years now and I have less and less hope on that front.)
<sphalerite_> I believe
<kiloreux> sphalerite_, tried that. Negative.
<simpson> thoughtpolice: Capsicum and pledge() are probably never coming to Linux. I've been working on a successor to E for a few years so that I can have a capability-safe userspace.
filterfish has quit [(Remote host closed the connection)]
filterfish has joined #nixos
newhoggy has joined #nixos
<Infinisil> kiloreux: unstable = import (builtins.fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/master.tar.gz) { config = {}; };
<tilpner> simpson - Do you know how Genode compares to Qubes?
[0x4A6F] has quit [(Ping timeout: 246 seconds)]
<thoughtpolice> You could approximate pledge() easily enough for most cases I think if you extended seccomp, but Capsicum is a little harder. That said, the only reason I was under the impression Capsicum would ever come to Linux is because they actually have patches for it... somewhere
<thoughtpolice> They were still working on that set as recently as last year, IIRC
<sphalerite_> kiloreux: works for me
<sphalerite_> kiloreux: how is it not working?
<simpson> tilpner: Sure; Genode is a capability-based system in the tradition of KeyKOS and EROS, while Qubes is based on more practical, battle-tested, but also historically kinda buggy systems.
<kiloreux> sphalerite_, well, i submitted a PR for a new package opencore-amr that was accepted a few days ago. And I picked a commit today the last ones and tried installing everything.
<kiloreux> opencore is still not available
<tilpner> simpson - Oh. Does that mean not everything in Genode is sandboxed with VirtualBox? I interpreted the "Virtualization" line like that...
<simpson> tilpner: Maybe it is, but that is 0% of what makes it interesting to me.
<manveru> anyone here got 64bit wine working?
<simpson> In the future, if we are in a not-so-dark timeline, it should be possible to be virus-free *and* not need context switches. I will settle for one of two though.
<sphalerite_> works for me
<sphalerite_> not sure if opencore-amr is the thing you want?
<Infinisil> simpson: I consider virus-free only a possiblitiy when every program has been written purely functional, with a good type system to represent what a program can do
<kiloreux> Okay I will try to delete everything in nix and see :D
<kiloreux> Thanks for the help.
<Infinisil> And it being type-checked to make sure it doesn't do anything else
newhoggy has quit [(Ping timeout: 276 seconds)]
<simpson> Infinisil: Why do you think that either of those things prevent viruses? Do you know about confused deputies?
<thoughtpolice> I admit, I don't fully 'get' Qubes security model. It is supposed to use AppVMs or whatever to isolate applications, but isolation isn't really what I want. If someone sends me an exploit for Thunderbird's Gecko engine -- who cares if it can or cannot read my ~/.ssh or something? It already has my mail spool. And presumably that AppVM will happily open a socket to send my spool to a server somewhere. The game was over.
<simpson> thoughtpolice: Qubes is oriented more towards low-level hardware-software-interaction security instead of higher-level capability-aware security.
<joepie91> tilpner: in Genode, a process by default does not have any privileged capabilities whatsoever (and 'privileged' includes things like 'access the filesystem'), and to gain access to any such capabilities, a process needs to ask its parent process for them; the parent process can then ask *its* parent process, etc. ad infinitum, until a point is reached where the resource that the capability represents can be accessed, after which some sort of access to
dash1 has joined #nixos
<dash1> hsk3: People are using nixos for production services, though.
<joepie91> the resource (or a virtualized form thereof) is passed back. any 'node' in that path can modify or refuse to propagate the request that is being sent up the tree, which provides for very flexible isolation/restriction policies that can be enforced at any level
<dash1> Hmmm. I'm trying to use spark and one of its shell scripts wants to invoke `ps`
<dash1> i've added procps to my nix-shell invocation but still no bueno... wonder what else is going on
<dash1> ultimately i guess i'll have to patch it
<dash1> hsk3: I would. But I'm a developer professionally, only do ops on an amateur basis right now :)
<hsk3> cool
<Infinisil> simpson: I have no idea what confused deputies is
<thoughtpolice> It mostly just seems to be papering over poor isolation in a lot of application designs... You'd be better off just using a Chrome-derived mailclient vs anything Qubes could do for e.g. Thunderbird. I guess hardware level isolation makes some amount of sense...
<joepie91> tilpner: this isn't done through VMs or containers; rather, through a fundamentally different process model that starts out with zero capabilities and has to request everything it needs and have it approved by the tree above it (as opposed to the kernel deciding whether a process can have a resource or not). there's a bunch of other aspects to it as well, such a resource accounting
<srhb> hsk3: I feel more safe with NixOS than either of those, yes.
<srhb> hsk3: The problem being that I generally don't know what the heck is even on that Debian or Ubuntu machine.
<joepie91> tilpner: I linked a presentation earlier that gives a pretty solid idea of how it works at a high level: https://www.youtube.com/watch?v=Nr2h9eigpqA
<srhb> hsk3: It's just a ball of "hopefully not too bad"
<hsk3> :)
<simpson> tilpner: To be pithy, "virtual" as in "virtual memory" or "virtual filesystem", not "virtual machine".
<thoughtpolice> (I also admit I didn't really take away much confidence the first time I saw Qubes since it mostly looked like it was papered together with Python and shell. Then again, the sausage-making process is rarely nice)
<srhb> hsk3: (And I *do* unfortunately run a lot of that in production)
<Infinisil> simpson: I think it's more like one of todays lucky 10 or so in such a domain :P
<joepie91> tilpner: Qubes, OTOH, uses Xen(-derived?) tools to essentially create virtualized environments, with potentially virtualized hardware, and so on. it's still shared environments with a single set of capabilities that applies to the entire environment, though, unlike Genode where capabilities and resource allocations are managed on a per-process basis; and following a one-environment-per-process model is not great because it entails a lot of overhead
<joepie91> and hassle to share data between environments without sharing access that's *too* broad
<sphalerite_> simpson: what about "virtual environment" à la Python :D
<joepie91> tilpner: disclaimer: I'm not an expert on either of these technologies, so I'm just explaining it as best as I can, according to the understanding I have of them :P
zeus_ has quit [(Read error: Connection reset by peer)]
betaboon has joined #nixos
betaboon has quit [(Changing host)]
betaboon has joined #nixos
<simpson> sphalerite_: Yeah, same meaning. VMs are the odd ones out, because virtualizing the act of computation itself is equivalent to interpreting, whereas all the others are done via API.
unlmtd has joined #nixos
zeus_ has joined #nixos
<tilpner> simpson, joepie91 - Thank you for the overview! I've also found "Genode as virtualization layer for Qubes OS" in /about/challenges, but I don't understand how that would work yet. Maybe the presentation will clear that up. :)
<joepie91> tilpner: simpson: speculation: I would imagine that 'virtualization' in the context of Genode refers to the fact that because parent processes can modify a capability request to ask for something else, it's possible for them to transparently provide virtualized resources to the child process instead of the real resources that were asked for, without the child process being aware of this
<joepie91> (and so on and so forth, recursively)
<hsk3> srhb run into what?
<joepie91> tilpner: the presentation does include an example of virtualbox, that might be related; I'm not sure though :)
<simpson> joepie91: Yep. This is related to the theoretical idea of membrane/powerbox. We really should have called it "relativized filesystem", "relativized memory", etc.
<thoughtpolice> tilpner: To be fair, I find Genode to have amazingly obtuse documentation.
<srhb> hsk3: I run a lot of Debian in production, I meant. :)
<hsk3> ok i see :)
pxc has quit [(Quit: WeeChat 1.9)]
<joepie91> heh. my impression of the Genode site was "this looks way too academic, obtuse, and theoretical - is this just a research project?"
<joepie91> it's really only because I spoke to somebody about it at SHA2017 that I knew where to start looking
<joepie91> their presentation needs work :)
<taktoa> joepie91: that was my impression of NixOS when I first saw it
<joepie91> I do think NixOS has that problem to a degree
<dash1> joepie91: I don't think one-environment-per-process has to be heavyweight, necessarily
<joepie91> but eg. the website is a bunch less hostile-looking than that of Genode
<joepie91> from an "I just want a thing that works" perspective
<joepie91> still could be better, though
<taktoa> well actually the impression I got of NixOS was that there are probably barely any packages
<taktoa> maybe we should mention "hey, we have like 20k packages lol"
<joepie91> taktoa: hm, any particular reason for that?
jensens has quit [(Ping timeout: 240 seconds)]
<taktoa> joepie91: well because it seemed like a niche weird OS with some weird (but cool) package manager
<simpson> joepie91: I find that capability theory, in general, has really obtuse presentation. I'm not sure why. It might just be difficult to reconcile with modern computing.
<dash1> ffff, matrix doesn't tell you when your nick done been stole.
<joepie91> (personally I feel like the declarative/reliable/devops-friendly boxes really need work to make it look more attractive from a practical perspective... although this probably needs to be mirrored by the corresponding increase in docs accessibility, so perhaps shouldn't be a priority for now)
<taktoa> joepie91: granted, I think I first checked out NixOS in 2012, so that may have been true at the time
dash1 is now known as dash2
<Infinisil> dash2: Register your nick ;)
<dash2> oh this is hilarious
<joepie91> simpson: honestly, my experience in general has been that there's very, very little overlap between "people who understand complex and/or low-level and/or highly theoretical concepts" and "people who can explain concepts in an easy-to-understand way that doesn't require much background knowledge"
<dash2> Infinisil: I did.
<joepie91> simpson: which is probably part of the problem
<Infinisil> joepie91: ++
<dash2> joepie91: no website where you can search the package list
<joepie91> dash2: ?
<ToxicFrog> dash2: you mean apart from https://nixos.org/nixos/packages.html ?
<Infinisil> dash2: Isn't the whole point of registering a nick so you can claim it? Can't you do that?
hiratara has quit [(Ping timeout: 258 seconds)]
<thoughtpolice> simpson: My hope is that someone re-builds a capability-based QNX clone on top of seL4. That would be a dream. QNX got many, many things right.
<joepie91> simpson: anyway, I'm not convinced that capability theory is inherently *hard to understand*, I think it just requires some translation between mental models and sets of background knowledge
<thoughtpolice> (And if QNX is any indication you can probably do it with some level of compatibility/familiarity people in the POSIX world are accustomed to.)
<joepie91> to be comprehensible to different audiences
dash2 is now known as das4
<das4> oh hey, there is one now! nice.
<das4> lol this bridge is amazing
hsk3 has quit [(Quit: Textual IRC Client: www.textualapp.com)]
hiratara has joined #nixos
<ToxicFrog> (caveat: the website package search doesn't show nonfree packages. I'm working on that on and off.)
newhoggy has joined #nixos
das4 is now known as das6
<Infinisil> What the hell dash
das6 is now known as dash
M-fishy has joined #nixos
<dash> infinisil: I think the matrix->freenode bridge is overloaded
<dash> so the nick-stealer got to reconnect before it changed my nick
<dash> thoughtpolice, infinisil: Anyway! capability OS written in Rust: https://robigalia.org/
<M-fishy> sorry if this question was asked before, but why does nix package manager insist on being installed under /nix and with sudo? why can't it be installed under, say, $HOME/nix?
<dash> fishy: Because that way you can use the binary cache of prebuilt packages
<dash> fishy: which all are compiled to refer to paths in /nix
<joepie91> M-fishy: the hash of a built derivation is based on all of the inputs to the derivation; these inputs include absolute paths referencing /nix store paths
gm152 has joined #nixos
<dash> You can certainly put it in $HOME/nix but you'll have to build every single thing yourself.
<joepie91> M-fishy: therefore, changing the store path would change the hash for every single derivation, and then what dash is describing would happen :P
<M-fishy> thanks :)
frankpf has joined #nixos
<joepie91> M-fishy: (binary cache downloads are entirely hash-based, to ensure that you get a build that's actually the same as it would be if you'd built it locally, even if you have certain config flags set)
baconicsynergy[m has joined #nixos
cornu[m] has joined #nixos
jyp[m] has joined #nixos
abbafei[m] has joined #nixos
Guest76101 has joined #nixos
sirius[m] has joined #nixos
primeos[m] has joined #nixos
indefini has joined #nixos
xj9[m] has joined #nixos
scott2 has joined #nixos
berot3[m] has joined #nixos
aspiwack[m] has joined #nixos
bachp has joined #nixos
revoltmedia[m] has joined #nixos
mith[m] has joined #nixos
NickHu has joined #nixos
davidar has joined #nixos
puffnfresh has joined #nixos
Naughtmare[m] has joined #nixos
hendrik[m]1 has joined #nixos
TimePath has joined #nixos
M-liberdiko has joined #nixos
aniketd[m] has joined #nixos
timclassic has joined #nixos
wak-work has joined #nixos
ptotter[m] has joined #nixos
Kallegro[m] has joined #nixos
Oo[m] has joined #nixos
ArdaXi[m] has joined #nixos
AlanPearce[m] has joined #nixos
octalsrc[m] has joined #nixos
chominist[m] has joined #nixos
olejorgenb[m] has joined #nixos
sudoreboot[m] has joined #nixos
Exee7uvo[m] has joined #nixos
copumpkin has joined #nixos
matrixkrav has joined #nixos
Drakonis[m] has joined #nixos
myklam[m] has joined #nixos
Elephant454[m] has joined #nixos
hl has joined #nixos
herzmeister[m] has joined #nixos
Geeky[m] has joined #nixos
viaken[m] has joined #nixos
thematter[m] has joined #nixos
florianjacob has joined #nixos
reactormonk[m] has joined #nixos
magnap has joined #nixos
spacekitteh[m] has joined #nixos
sargon[m] has joined #nixos
spawnthink[m] has joined #nixos
Wysteriary[m] has joined #nixos
necronian has joined #nixos
benkolera has joined #nixos
peterhoeg has joined #nixos
offlinehacker[m] has joined #nixos
Yaniel has joined #nixos
edef[m] has joined #nixos
dtz has joined #nixos
cwopel has joined #nixos
pstn has joined #nixos
bennofs[m] has joined #nixos
BurNiinTRee[m] has joined #nixos
bhipple[m] has joined #nixos
rnhmjoj[m] has joined #nixos
WinterFox[m] has joined #nixos
zimbatm has joined #nixos
Sovereign_Bleak has joined #nixos
sk23[m] has joined #nixos
mtncoder[m] has joined #nixos
DIzFer[m] has joined #nixos
danielrf has joined #nixos
sphalerite has joined #nixos
Ralith has joined #nixos
musicmatze[m] has joined #nixos
dibblego[m] has joined #nixos
Barnabas[m] has joined #nixos
jsv[m] has joined #nixos
hedning[m] has joined #nixos
bendlas has joined #nixos
lecorpsnoir[m] has joined #nixos
qrilka[m] has joined #nixos
jack[m]1 has joined #nixos
kainospur[m] has joined #nixos
dalaing has joined #nixos
regnat[m] has joined #nixos
wmertens[m] has joined #nixos
adisbladis[m] has joined #nixos
yochai[m] has joined #nixos
Dezgeg[m] has joined #nixos
AdamSlack[m] has joined #nixos
rycee[m] has joined #nixos
seif[m] has joined #nixos
ycy[m] has joined #nixos
StuK[m] has joined #nixos
qtness[m] has joined #nixos
tommyangelo[m] has joined #nixos
a123123123[m] has joined #nixos
trikl[m] has joined #nixos
Kirill[m] has joined #nixos
corngood has joined #nixos
etcinit[m] has joined #nixos
eqyiel[m] has joined #nixos
icetan has joined #nixos
Khorne[m] has joined #nixos
retrry[m] has joined #nixos
admin[m] has joined #nixos
sziszi[m] has joined #nixos
AmineChikhaoui[m has joined #nixos
ninegua[m] has joined #nixos
mhsjlw[m] has joined #nixos
JameySharp[m] has joined #nixos
jlle[m] has joined #nixos
<joepie91> dash: is that your project?
<joepie91> robigalia.org, that is
<dash> nope, all I know about it is "EROS, sel4, Rust"
<joepie91> right, okay :P
<dash> obviously it is not as far along as Genode.
* joepie91 bookmarks
<Infinisil> joepie91: I don't know anything about seL4, EROS, etc. but I do like seeing rust used for more stuff ++
josePhoenix has left #nixos []
* joepie91 has an interest in developing a cap-based OS in Rust
* joepie91 has an interest in a lot of things, actually... <.<
hc has joined #nixos
<Infinisil> Wait, are these capabilities stuff like "This app can only access bluetooth, this directory, this server, etc"?
<hc> hi
<joepie91> Infinisil: for example, yes. as fine-grained as you want, at least in theory
<sphalerite_> M-fishy: there is an option for installing and running without root though — https://github.com/lethalman/nix-user-chroot
<joepie91> depending on the type of resource there will be practical limits, or cases where you want to reduce granularity and present a virtualized resource instead
<LnL> joepie91: have you heard about redox?
<hc> is this the right place to ask about trouble with nixos-rebuild switch --upgrade? :)
<joepie91> (eg. for filesystem-based things, where it's easier to write an application against a virtualized filesystem than it is to request a capability for every file you want to access)
<sphalerite_> I use it to run nix on uni computers where I don't have root :)
<sphalerite_> hc: yes
<dash> infinisil: think of it like programming without global variables; anything the code needs has to be passed in when it starts
<joepie91> hc: yep!
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] dezgeg pushed 1 new commit to master: https://git.io/v75ov
<NixOS_GitHub> nixpkgs/master 55a642f Tuomas Tynkkynen: linuxHeaders: Remove cruft
NixOS_GitHub has left #nixos []
<joepie91> LnL: yep, I know of it
<Infinisil> iOS and macOS has a capabilites thing for its applications (in the app store)
<hc> awesome. specifically, i have a machine that runs nixos an github... on upgrade i'm getting this message:
<hc> "tar: ./opt/gitlab/embedded/bin/ksu: Cannot change mode to rwsr-xr-x: Operation not permitted
<joepie91> dash: mm, I don't believe that "passed in when it starts" is necessarily a requirement
<hc> any ideas? :)
<joepie91> capabilities can be requested on runtime, depending on design
<M-fishy> sphalerite_: thanks, I'll give that a try
<dash> joepie91: ok yes, it can be passed in later too :)
<hc> s/github/gitlab/
<dash> joepie91: but that's the three ways to get a capability: create one, start with one, or receive one by some communication channel
<Infinisil> dash: joepie91: That reminds me very much of Idris' effects system
erictapen has joined #nixos
<joepie91> Infinisil: I would say that there's a difference between 'permissions' (what Android and iOS and such have) and 'capabilities' (what Genode has)
<joepie91> Infinisil: permissions are transitive; that is, everything executed *by* a process with certain permissions will also receive those permissions
<joepie91> capabilities are not; each process starts out with zero capabilities, and has to request each capability, typically from the parent process
jbrechtel has joined #nixos
<joepie91> and that a parent process has a certain capability does not mean that a child process of it does too
<joepie91> I don't believe that this is a model that's supported on either Android or iOS
<joepie91> hc: can you pastebin the last 50 lines or so of your rebuild output?
<joepie91> Infinisil: anyway, permissions as such are way less granular and way less secure, as eg. a particular subprocess of an application will still have access to resources it does not need, and if a subprocess of an application is compromised then the application's entire set of permissions can be abused
<joepie91> to just give an example
<joepie91> Infinisil: an interesting example of capability-based model benefits was given to me by somebody at SHA2017; say you have a browser, and that browser has an image parsing process, and a CSS parsing process, and a layout calculation process, and so on
<dash> yep, that's what the DarpaBrowser paper is about
<joepie91> Infinisil: if somebody finds a vulnerability in the image parser that allows them to trick it into making a network request... it'll do absolutely nothing, because even though the browser has network access, the image parser does not, as it doesn't have a *reason* to have network access, thus it was never granted to it
NixOS_GitHub has joined #nixos
<NixOS_GitHub> [nixpkgs] layus opened pull request #28275: blueman: fix python wrapper mockup (master...fix-blueman-path) https://git.io/v75o1
NixOS_GitHub has left #nixos []
<joepie91> so exploitation will fail
<Infinisil> joepie91: Nice example
<hc> joepie91: unfortunately not atm, because when i ran the command again, now the kernel is build from source and that fails first =)
<hc> joepie91: i'll get back to you tomorrow or so
<joepie91> alright :)
<joepie91> Infinisil: anyhow, Genode also applies this concept to resource accounting; a particularly interesting example from the presentation was that of one program 'paying' some of its resource allocation to another program, when asking it to do something on its behalf
<joepie91> Infinisil: such that the resource cost for handling the request is paid by the originating program, not the executing program
<joepie91> which allows for more realistic resource accounting and limitations
<joepie91> I haven't looked into how this is implemented exactly or what its limitations are, but it's a rather interesting concept
<dtzWill> https://news.ycombinator.com/item?id=15010438 ; TO ARMS, NIX'ERS! DEFEND OUR HONOR!
<dtzWill> jk but interesting anyway, and ♥ debian and the reproducible builds project ^_^
<joepie91> dash: will look in a moment
silver_hook has joined #nixos
silver_hook has quit [(Changing host)]
silver_hook has joined #nixos
MP2E has quit [(Quit: brb)]
<joepie91> dtzWill: https://news.ycombinator.com/item?id=15013440 is a valid point I think
<joepie91> they're different kinds of reproducability
<joepie91> for now anyway :)
<Dezgeg> yup
<joepie91> one is about reliability, the other is about auditability
jbrechtel has quit [(Quit: Lost terminal)]
<Infinisil> joepie91: Damn, that resource accounting stuff sounds really nice
<joepie91> dash: meh, proprietary deps? :/
<dash> joepie91: this was in 2002
<dash> and mainly to show it could be done
<joepie91> sure, but unless deps have gone open-source since then, it's of limited educational value
<joepie91> :p
<dash> joepie91: "some guys said they did it" is the current standard for scientific research
<joepie91> may very well be, but that's a standard I do not particularly care for :)
<joepie91> my standard is more like "some guys have shown that they did it"
<joepie91> for broad values of "shown"
Infinisil has quit [(Quit: Going to sleep)]
digitus has quit [(Quit: digitus)]
hiratara has quit [(Quit: ZNC - http://znc.in)]
<dtzWill> jophish: yeah it's a fair point although I think it's a bit unfair. Anyway luckily it's not a competition, and debian's been doing /awesome/ things re:finding and fixing all kinds of issues
Myrl-saki has joined #nixos
digitus has joined #nixos
<dtzWill> hopefully Nix/NixOS grows to get their kind of reproducibility soon, I think it's something everyone's interested in
hiratara has joined #nixos
newhoggy has quit [(Remote host closed the connection)]
Mateon2 has quit [(Remote host closed the connection)]
Mateon2 has joined #nixos
Myrl-saki has quit [(Ping timeout: 240 seconds)]
Khetzal_ has quit [(Ping timeout: 276 seconds)]
python476 has left #nixos ["ERC (IRC client for Emacs 25.2.1)"]
Myrl-saki has joined #nixos
johnsonav has joined #nixos
silver_hook has quit [(Ping timeout: 276 seconds)]
Fare has joined #nixos
<Fare> hi.
georgiy has joined #nixos
Fare has quit [(Client Quit)]
Fare has joined #nixos
<Fare> I'm desperately trying to get nix-copy-closure to work, and after installing identical keys in /etc/nix/signing-key.{sec,pub} on machines ff and ff2, I get this error when I try this on ff: nix-copy-closure --sign --from ff /nix/store/alhr9h8aqp06flxvl50crj7icf42kqb1-gerbil-0.12-DEV-0576f56
<Fare> copying 2 missing paths from ‘ff’...
<Fare> error: program ‘/nix/store/58w4l758i2pz5j30dkn80krv99n8jnvh-openssl-1.0.2l-bin/bin/openssl’ failed with exit code 1
<Fare> unexpected end-of-file at /run/current-system/sw/bin/nix-copy-closure line 104.
<Fare> I mean --from ff on ff2, or --to ff2 on ff
<Fare> same error
alexteves_ has joined #nixos
alexteves_ has quit [(Client Quit)]
<anelson_> is it possible to install a package with a prefix such that the binaries don't clash with other installed packages?
mizu_no_oto has joined #nixos
alexteves_ has joined #nixos
<srhb> anelson_: Not exactly as stated, you'd have to override the build or make another derivation that depends on it.
<srhb> That could probably be generalized, now that I think about it
gnuhurd has quit [(Remote host closed the connection)]
<Myrl-saki> Welll
<anelson_> srhb: cool, thanks
<Myrl-saki> This takes 4 minutes or so to compile on my laptop.
<Myrl-saki> How do I make a nix-shell with a temporary space?
<srhb> anelson_: But, let me just ask, why do you need this?
<Myrl-saki> I guess I can just drop to $TMPDIR
<anelson_> srhb: I don't; I can work around it. I'm building a version of nix which operates out of a different directory than standard
<srhb> anelson_: Normally that need arises when you're, say, developing some packages. In that case you'd usually simply not install them into your profile at all, but let the build shell get whichever version that specific build needs.
<srhb> Ah ok.
<srhb> You already know this then :-)
<anelson_> yeah :) this is a bit of a weird case ;)
georgiy has quit [(Remote host closed the connection)]
<Myrl-saki> Because like, I don't want to ruin my repo with build artifacts.
<alexteves_> hey; I'm trying to bundle my entire /nix/store into a file but can't get nix-store --export to do this
<srhb> alexteves_: tar cf?
<Myrl-saki> Wtf
<Myrl-saki> haskellPackages.mkDerivation doesn't have cabal in buildInputs?
<alexteves_> srhb: i had some troubles manually doing that
<alexteves_> or rather
<Myrl-saki> How does it like build then? @_@
<anelson_> ok now I'm running into something else... I built a version of nix that has a different storeDir, stateDir and confDir. However, when I'm running it on nixos, it's still trying to use nix-daemon (I just want it to run as my user)
<alexteves_> that worked, but nix redownloaded things anyway, even if they were already in /nix/store
<alexteves_> also need to bundle the database or something
<anelson_> Myrl-saki: glad I'm not the only one who is mystified by this
<anelson_> even the .env version doesn't have cabal T_T
<anelson_> Myrl-saki: if you want to use cabal you can add `cabal-install` to your package's testHaskellDepends
athan has quit [(Remote host closed the connection)]
<anelson_> anyone know what causes nix to attempt to use a daemon? Because that's not what I want to happen...
<Myrl-saki> anelson_: I think I get the build system now.
ebzzry_ has joined #nixos
<Myrl-saki> anelson_: That's why we have preparreCompiler and stuff
<Myrl-saki> setup*
<anelson_> Myrk-saki: to be honest the majority of the haskell stuff confuses the heck out of me. It's great that it works and all, but it's very poorly documented and elaborate as heck
<dash> word to the wise, if you get a baffling "cannot compare a set with a function" error
<dash> it's because you typed "import <nixpkgs>>"
Kingsquee has quit [(Excess Flood)]
Kingsquee has joined #nixos
<anelson_> dash: yikes, that does not sound fun
<anelson_> soooo.... anyone know enough about nix internals to know what makes it decide to use a daemon
<anelson_> oh ok, I got passed that one, it's `unset NIX_REMOTE`
<anelson_> next problem I'm getting is `error: setting uid: Operation not permitted`
<anelson_> why is it trying to set the UID??
<Myrl-saki> Ugh
<Myrl-saki> Can anyone teach me how to use *phase?
<Myrl-saki> $prePhases
<Myrl-saki> bash: setupCompilerEnvironmentPhase: command not found
<Myrl-saki> I mean, I get why it's like that.
<Myrl-saki> But, "how do I make it work?"
<anelson_> what are you trying to accomplish
<anelson_> what are you setting `prePhases` to?
<alexteves_> ok bundling the entire /nix folder works, problem fixed
digitus has quit [(Quit: digitus)]
kiloreux has quit [(Ping timeout: 246 seconds)]
phdoerfler has joined #nixos
alexteves_ has quit [(Quit: Page closed)]
<Myrl-saki> Back.
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<Myrl-saki> anelson_: I'm using haskellPackages.mkDerivation's prePhases
<Myrl-saki> That's set to setupCompilerEnvironmentPhase
<anelson_> is that a phase that you're defining, or is it already in mkDerivation
<Myrl-saki> anelson_: Former.
<Myrl-saki> Err
<Myrl-saki> Latter*
<anelson_> oh
<anelson_> ok
<anelson_> can you try `echo "$setupCompilerEnvironmentPhase"` in a nix shell?
<Myrl-saki> If I nix-shell, then the environment is weird.
<Myrl-saki> anelson_: That works, and it does set it up.
<anelson_> you mean an `eval` or what
<Myrl-saki> anelson_: Yep, I've been using `eval`s
<anelson_> to be honest I'm not totally sure what your situation is
<anelson_> what's broken?
<Myrl-saki> Right.
<anelson_> what problem are you seeing?
<Myrl-saki> So the environment is weird. buildPhase and the like are running the default functions, but $buildPhase shows the correct stuff.
<anelson_> not quite sure what you mean
<Myrl-saki> [nix-shell:/run/user/1000/CellGame]$ type buildPhase | grep Makefile
<Myrl-saki> if [[ -z "$makeFlags" && ! ( -n "$makefile" || -e Makefile || -e makefile || -e GNUmakefile[[ ) ]]; then
<anelson_> ok so buildPhase is a function
<Myrl-saki> [nix-shell:/run/user/1000/CellGame]$ echo $buildPhase | grep Makefile
<Myrl-saki> <no output>
<anelson_> that means it's a function, not an environment variable
<Myrl-saki> and $buildPhase is the correct one.
<Myrl-saki> anelson_: Right.
<anelson_> ok, so again, what problem are you seeing
<anelson_> both of them are defined, but one of them is an environment variable, and the other one is a bash function?
<Myrl-saki> anelson_: I think buildPhase should have been set to $buildPhase.
<Myrl-saki> anelson_: Looking at nixpkgs manual, buildPhase isn't prefixed with a $
<anelson_> it can be either, I beliece
<anelson_> *believe
<Myrl-saki> anelson_: Right, but they're not equal to each other.
<anelson_> phases can be defined as functions or as variables
<anelson_> I assume the variables take precedence
<anelson_> but I'm not sure
<anelson_> I'm still not sure what *problem* you are encountering
<anelson_> is something failing to build?
<Myrl-saki> anelson_: Aside from a missing executable(which doesn't error in nix-build), then no.
<Myrl-saki> Well
<Myrl-saki> anelson_: I also can't just $prePhases
<Myrl-saki> Or eval "$prePhases"
<anelson_> what happens when you echo $prePhases
<Myrl-saki> setupCompilerEnvironmentPhas
<Myrl-saki> But I can do $setupCompilerEnvironmentPhase
<Myrl-saki> It's basically just a matter of convenience.
<anelson_> hmm
frankpf has quit [(Ping timeout: 246 seconds)]
<anelson_> why do you need to execute $prePhases
<anelson_> I'm really just trying to understand the problem
betaboon has quit [(Quit: This computer has gone to sleep)]
<Myrl-saki> anelson_: It sets up the compiler environment, but I'm not sure if it's required.
<anelson_> what problem is this causing for you ?
<anelson_> I mean in the sense of, is some package failing to build, or failing to build correctly
<Myrl-saki> anelson_: nix-build works but nix-shell doesn't.
erasmas has quit [(Quit: leaving)]
<anelson_> ah, ok
<Myrl-saki> anelson_: nix-build takes 6 minutes on my laptop for a 4-file project.
<Myrl-saki> anelson_: I mean, I think I can force nix-shell to work, but it's not easy.
<anelson_> the shell doesn't start at all? or it starts but displays error messages? or it starts but doesn't execute the commands you meant?
<anelson_> *want
<Myrl-saki> anelson_: The last.
<Myrl-saki> Peti | Profpatsch: The generic builder calls "$configurePhase" if that variable exists and "configurePhase()" otherwise. The shell function exists by default. The variable is defined by Nix iff you define it in your derivation.
<Myrl-saki> Profpatsch: Lmao. Sorry for the ping.
<Myrl-saki> anelson_: You seem to be correct there.
<srhb> I just rewatched a NixOS talk and was reminded of a question: Do we have the ability to optionally and in a standardized way guarantee that the output derivation meets a certain hash, bit for bit?
filterfish has quit [(Ping timeout: 240 seconds)]
<srhb> Like "I promise that this build is bit-for-bit reproducible"
<Myrl-saki> But there's still the issue of $prePhases returning the variable name rather than a function to use the variable name.
<anelson_> srhb: I don't think that in general that is possible to guarantee
<Myrl-saki> Oh.
<Myrl-saki> `runHook $prePhases`
phdoerfler has quit [(Quit: Leaving.)]
<Myrl-saki> That makes sense.
<srhb> anelson_: No, but on a per-package basis it might be.
<anelson_> easy example: `runCommand "user" {} "whoami > $out"`
newhoggy has joined #nixos
newhoggy has quit [(Remote host closed the connection)]
Kingsqueee has joined #nixos
newhoggy has joined #nixos
<anelson_> srhb: I suppose if you know the build steps then yes
mkoenig_ has joined #nixos
<anelson_> of course you could only prove that if you also could prove that all of its dependencies are bit-for-bit deterministic
Kingsquee has quit [(Ping timeout: 255 seconds)]
<srhb> Right, I know that it is possible for a number of packages, I'm wondering whether we have an option to say "enforce this output hash for this derivation"
<Myrl-saki> So
<anelson_> srhb: just set the outputHash?
<Myrl-saki> I think I'm supposed to do `runHook prePhases && $patchPhase && $configurePhase && $buildPhase'
<Myrl-saki> runHook "$prePhases" && runHook "$preConfigurePhases" && eval "$configurePha
<Myrl-saki> se" && eval "$buildPhase"
<Myrl-saki> Close enough. :D
<schoppenhauer> hi. is anyone using quicklisp with nixos? is it possible to have different quicklisp-environments in different nix-shells?
<Myrl-saki> I'm happy now.
samueldr has joined #nixos
<> changed the topic of #nixos to: Topic for #nixos is "https://nixos.org || Latest NixOS: https://nixos.org/nixos/download.html || Latest Nix: https://nixos.org/nix/download.html || Logs: https://botbot.me/freenode/nixos/ || Darwin: ##nix-darwin"
<> changed the topic of #nixos to: Topic set by gchristensen!~gchristen@unaffiliated/grahamc on 2017-04-26 15:31:22 UTC
pikajude has joined #nixos
<> changed the topic of #nixos to: Channel #nixos created on 2008-04-25 12:32:07 UTC
watersoul has joined #nixos
jtojnar has joined #nixos
fpletz has joined #nixos
ok2`` has joined #nixos
orbekk1 has joined #nixos
v0|d has joined #nixos
reardencode has joined #nixos
CodingWithClass has joined #nixos
simpson has joined #nixos
nh2 has joined #nixos
sigmundv has quit [(Ping timeout: 253 seconds)]
cheshircat has quit [(Ping timeout: 253 seconds)]
alpha_sh_ has quit [(Ping timeout: 253 seconds)]
boegel has joined #nixos
smola_ has joined #nixos
wavewave has joined #nixos
mbrock has joined #nixos
ninegua[m] has quit [(Ping timeout: 246 seconds)]
aniketd[m] has quit [(Ping timeout: 246 seconds)]
jml has joined #nixos
dmj` has joined #nixos
vdemeester has joined #nixos
spawnthink[m] has quit [(Ping timeout: 240 seconds)]
magnap has quit [(Ping timeout: 240 seconds)]
Guest76101 has quit [(Ping timeout: 240 seconds)]
baconicsynergy[m has quit [(Ping timeout: 240 seconds)]
davidar has quit [(Ping timeout: 240 seconds)]
Yaniel has quit [(Ping timeout: 240 seconds)]
mith[m] has quit [(Ping timeout: 255 seconds)]
M-fishy has quit [(Ping timeout: 255 seconds)]
Barnabas[m] has quit [(Ping timeout: 255 seconds)]
mtncoder[m] has quit [(Ping timeout: 264 seconds)]
chominist[m] has quit [(Ping timeout: 264 seconds)]
herzmeister[m] has quit [(Ping timeout: 264 seconds)]
jack[m]1 has quit [(Ping timeout: 246 seconds)]
hendrik[m]1 has quit [(Ping timeout: 246 seconds)]
bachp has quit [(Ping timeout: 246 seconds)]
olejorgenb[m] has quit [(Ping timeout: 246 seconds)]
sirius[m] has quit [(Ping timeout: 246 seconds)]
unlmtd has quit [(Ping timeout: 246 seconds)]
dibblego[m] has quit [(Ping timeout: 246 seconds)]
NickHu has quit [(Ping timeout: 246 seconds)]
Exee7uvo[m] has quit [(Ping timeout: 246 seconds)]
offlinehacker[m] has quit [(Ping timeout: 246 seconds)]
wak-work has quit [(Ping timeout: 246 seconds)]
joelpet has joined #nixos
dgonyeo has joined #nixos
admin[m] has quit [(Ping timeout: 240 seconds)]
sziszi[m] has quit [(Ping timeout: 240 seconds)]
Kirill[m] has quit [(Ping timeout: 240 seconds)]
lecorpsnoir[m] has quit [(Ping timeout: 240 seconds)]
kainospur[m] has quit [(Ping timeout: 240 seconds)]
AlanPearce[m] has quit [(Ping timeout: 240 seconds)]
BurNiinTRee[m] has quit [(Ping timeout: 240 seconds)]
sargon[m] has quit [(Ping timeout: 240 seconds)]
cwopel has quit [(Ping timeout: 240 seconds)]
Elephant454[m] has quit [(Ping timeout: 240 seconds)]
WinterFox[m] has quit [(Ping timeout: 240 seconds)]
sphalerite has quit [(Ping timeout: 240 seconds)]
hl has quit [(Ping timeout: 240 seconds)]
bendlas has quit [(Ping timeout: 240 seconds)]
dtz has quit [(Ping timeout: 240 seconds)]
xj9[m] has quit [(Ping timeout: 240 seconds)]
justan0theruser has joined #nixos
ona has joined #nixos
pstn has quit [(Ping timeout: 255 seconds)]
Ralith has quit [(Ping timeout: 255 seconds)]
edef[m] has quit [(Ping timeout: 255 seconds)]
posco has joined #nixos
Myrl-saki has joined #nixos
Khorne[m] has joined #nixos
seif[m] has joined #nixos
wmertens[m] has joined #nixos
sk23[m] has joined #nixos
matrixkrav has joined #nixos
indefini has joined #nixos
abbafei[m] has joined #nixos
jyp[m] has joined #nixos
dash has joined #nixos
bgamari has joined #nixos
anelson_ has joined #nixos
hellrazor has joined #nixos
schoppenhauer has joined #nixos
astsmtl has joined #nixos
HurricaneHarry has joined #nixos
oida has joined #nixos
eacameron has joined #nixos
avn has joined #nixos
ee has joined #nixos
Arcaelyx has joined #nixos
rtjure has joined #nixos
nliadm has joined #nixos
mw has joined #nixos
detran has joined #nixos
contrapumpkin has joined #nixos
primeos has joined #nixos
tnias has joined #nixos
mitchty has joined #nixos
Enzime has joined #nixos
statusfailed has joined #nixos
AtnNn_ has joined #nixos
ent- has joined #nixos
nil has joined #nixos
mudri|srcf has joined #nixos
iMatejC has joined #nixos
stew has joined #nixos
page has joined #nixos
orbekk has joined #nixos
predkambrij has joined #nixos
raxius has joined #nixos
oleks has joined #nixos
abrar has joined #nixos
kragniz has joined #nixos
Unode has joined #nixos
jonafato has joined #nixos
srk has joined #nixos
pingveno has joined #nixos
bdimcheff has joined #nixos
a123123123[m] has quit [(Ping timeout: 255 seconds)]
Dezgeg[m] has quit [(Ping timeout: 255 seconds)]
viaken[m] has quit [(Ping timeout: 255 seconds)]
bennofs[m] has quit [(Ping timeout: 255 seconds)]
necronian has quit [(Ping timeout: 255 seconds)]
aspiwack[m] has quit [(Ping timeout: 255 seconds)]
copumpkin has quit [(Ping timeout: 255 seconds)]
AmineChikhaoui[m has quit [(Ping timeout: 246 seconds)]
StuK[m] has quit [(Ping timeout: 246 seconds)]
danielrf has quit [(Ping timeout: 246 seconds)]
berot3[m] has quit [(Ping timeout: 246 seconds)]
florianjacob has quit [(Ping timeout: 246 seconds)]
Khorne[m] has quit [(Ping timeout: 240 seconds)]
seif[m] has quit [(Ping timeout: 240 seconds)]
wmertens[m] has quit [(Ping timeout: 240 seconds)]
abbafei[m] has quit [(Ping timeout: 240 seconds)]
sk23[m] has quit [(Ping timeout: 240 seconds)]
matrixkrav has quit [(Ping timeout: 240 seconds)]
indefini has quit [(Ping timeout: 240 seconds)]
jyp[m] has quit [(Ping timeout: 240 seconds)]
dash has quit [(Ping timeout: 240 seconds)]
corngood has quit [(Ping timeout: 246 seconds)]
qtness[m] has quit [(Ping timeout: 246 seconds)]
tommyangelo[m] has quit [(Ping timeout: 246 seconds)]
musicmatze[m] has quit [(Ping timeout: 246 seconds)]
dalaing has quit [(Ping timeout: 240 seconds)]
sigmundv has joined #nixos
JameySharp[m] has quit [(Ping timeout: 264 seconds)]
scott2 has quit [(Ping timeout: 264 seconds)]
benkolera has quit [(Ping timeout: 264 seconds)]
Wysteriary[m] has quit [(Ping timeout: 264 seconds)]
eqyiel[m] has quit [(Ping timeout: 255 seconds)]
icetan has quit [(Ping timeout: 255 seconds)]
Oo[m] has quit [(Ping timeout: 255 seconds)]
trikl[m] has quit [(Ping timeout: 246 seconds)]
Drakonis[m] has quit [(Ping timeout: 246 seconds)]
primeos[m] has quit [(Ping timeout: 246 seconds)]
regnat[m] has quit [(Ping timeout: 246 seconds)]
timclassic has quit [(Ping timeout: 246 seconds)]
mhsjlw[m] has quit [(Ping timeout: 276 seconds)]
yochai[m] has quit [(Ping timeout: 276 seconds)]
qrilka[m] has quit [(Ping timeout: 276 seconds)]
revoltmedia[m] has quit [(Ping timeout: 276 seconds)]
Kallegro[m] has quit [(Ping timeout: 276 seconds)]
Sovereign_Bleak has quit [(Ping timeout: 276 seconds)]
zimbatm has quit [(Ping timeout: 276 seconds)]
spacekitteh[m] has quit [(Ping timeout: 276 seconds)]
cornu[m] has quit [(Ping timeout: 276 seconds)]
rtjure has quit [(Max SendQ exceeded)]
Arcaelyx has quit [(Max SendQ exceeded)]
feepo has joined #nixos
mjvoge02 has joined #nixos
gleber_ has joined #nixos
mjvoge02 has quit [(Changing host)]
mjvoge02 has joined #nixos
jlle[m] has quit [(Ping timeout: 255 seconds)]
thematter[m] has quit [(Ping timeout: 255 seconds)]
puffnfresh has quit [(Ping timeout: 255 seconds)]
sudoreboot[m] has quit [(Ping timeout: 255 seconds)]
TimePath has quit [(Ping timeout: 255 seconds)]
rtjure has joined #nixos
Myrl-saki has quit [(Ping timeout: 248 seconds)]
carter has joined #nixos
rodarmor has joined #nixos
alpha_sh has joined #nixos
etcinit[m] has quit [(Ping timeout: 276 seconds)]
newhoggy_ has joined #nixos
ebzzry_ has joined #nixos
stepcut has joined #nixos
phreedom has joined #nixos
slyfox has joined #nixos
alx741_ has joined #nixos
Lisanna has joined #nixos
sary has joined #nixos
apeyroux has joined #nixos
garbas has joined #nixos
sauyon has joined #nixos
kwork has joined #nixos
s4sha has joined #nixos
joachifm has joined #nixos
beanmachine has joined #nixos
rsa has joined #nixos
ncode has joined #nixos
ikwildrpepper has joined #nixos
exi has joined #nixos
baroncha3lus has joined #nixos
qmmm has joined #nixos
kvz has joined #nixos
kini has joined #nixos
Ankhers has joined #nixos
jaym has joined #nixos
Swant has joined #nixos
Profpatsch has joined #nixos
Guest6666 has joined #nixos
niksnut has joined #nixos
kini has quit [(Max SendQ exceeded)]
amir has joined #nixos
flyx has joined #nixos
tilpner has joined #nixos
fiveht has joined #nixos
vandenoever has joined #nixos
dbe has joined #nixos
Wizek has joined #nixos
phinxy has joined #nixos
spacefrogg has joined #nixos
aw has joined #nixos
nckx has joined #nixos
m0rphism1 has joined #nixos
acarrico has joined #nixos
Twey has joined #nixos
acowley_away has joined #nixos
bara has joined #nixos
globin has joined #nixos
gsora has joined #nixos
hyper_ch has joined #nixos
ertes has joined #nixos
Jackneill has joined #nixos
socksy has joined #nixos
Forkk has joined #nixos
siel has joined #nixos
ben has joined #nixos
bigs has joined #nixos
datakurre has joined #nixos
adamCS has joined #nixos
MarcWeber has joined #nixos
jasom has joined #nixos
wrl has joined #nixos
cocreature has joined #nixos
RayNbow`TU has joined #nixos
the-kenny has joined #nixos
nhill1 has joined #nixos
pareidolia has joined #nixos
Biappi has joined #nixos
luto has joined #nixos
yurrriq has joined #nixos
GlennS has joined #nixos
grenade has joined #nixos
dgpratt has joined #nixos
suvash_away has joined #nixos
snikkers has joined #nixos
<taktoa> rip matrix
hc has joined #nixos
phinxy has joined #nixos
markus1189 has joined #nixos
phinxy has quit [(Read error: Connection reset by peer)]
metaphysician has quit [(Ping timeout: 240 seconds)]
newhoggy has quit [(Ping timeout: 246 seconds)]