<construct>
Can anyone please help me getting firejail working if you know how?
<construct>
I just need it to work for firefox.
b has joined #nixos
<viaken>
I had trouble with that, too.
<construct>
viaken: you couldn't get firejail working for firefox either? Then does something need to be fixed upstream?
<joepie91>
viaken: oh man
<joepie91>
getting anything Chromium to run is a massive pain in the behind
<viaken>
construct: I didn't spend any time with it. Just ran firejail firefox and watched it break. :)
<joepie91>
it has a bunch of bizarre custom build tooling that's 1) very insistent about your environment being precisely how it expects it to be, and 2) very slow
<joepie91>
last time I checked it was that way, at least
<construct>
viaken: that sounds like what I did the first time I tried when I didn't have time to try to fix it hahaha. Good to know it's not just me though. Thanks!
<joepie91>
viaken: reading that article - yep, that seems to be where the issue lies
<viaken>
joepie91: Yeah, I saw some Issues regarding Electron on nixpkgs and thought it'd be an amusing (and possibly helpful?) read.
<joepie91>
viaken: if by amusing you mean frustrating :)
<joepie91>
(kidding :P)
<joepie91>
but yeah, Chromium is a *mess*
Supersonic112 has quit [(Disconnected by services)]
<construct>
Does anyone have the time to please post instructions on how to run apparmor with a firefox profile and put it in the nixos.org website?
<joepie91>
it's rather unfortunate really
Supersonic112_ has joined #nixos
Supersonic112_ is now known as Supersonic112
iyzsong has joined #nixos
<construct>
joepie91: I'm sorry chromium (the web browser I assume) is not working for you. Have you tried a different web browser?
<joepie91>
construct: yep, and for reasons that inevitably turn into half an hour of "have you tried" -> "yes" -> "and how about" -> "yes", there are no viable alternatives :)
<construct>
joepie91: wow. Maybe some applications just can't work with a functional operating system?
<construct>
without bug fixing that is
<construct>
joepie91: personally, I don't trust chromium because it's mainly developed by google
<joepie91>
situation's a bit more complicated than that but I don't have the energy to go into it right now :P
<joepie91>
but tl;dr all browsers suck in some manner and Chromium is just the one that currently sucks least for my usecases
<construct>
joepie91: that's alright, I doubt I'd understand it anyway.
<construct>
haha
<viaken>
suckless.org
<joepie91>
(and I don't expect that to hold true for everybody, so this is not some kind of 'everybody should use Chromium' rant :P)
<construct>
joepie91: mhmm
mbrgm has quit [(Ping timeout: 248 seconds)]
mbrgm has joined #nixos
<construct>
Even without apparmor and firejail, my firefox sessions are more secure than on other distros because nixos is a principle of least priviledge os right?
<construct>
I can't even get Tor Browser working. Do I need to open firewall ports to get it to work?
<construct>
At least I got Firefox working.
MP2E has joined #nixos
<joepie91>
construct: I wouldn't say NixOS follows the 'principle of least privilege' on an OS level; there's no secure isolation between applications nor anything capability-based by default
<joepie91>
not any more than any other Linux distro that is
<joepie91>
dependency isolation, yes; runtime isolation, no
<construct>
joepie91: good to know, though I don't know the implications of either dependency or runtime isolation, such as the differences between the implications
<joepie91>
construct: NixOS, through Nix, implements dependency isolation in the sense that every dependency/'package' is installed in its own 'prefix' on the system, and all dependencies of a given package are explicitly referenced with a 'store path' pointing to the dependency, as opposed to the global /usr/lib/libfoo.so type things you see on most distros
<joepie91>
construct: a 'package' here can be a library, or a font, or an application, or a configuration file, or any other 'unit' that's part of a system's configuration
<joepie91>
so you can have three different versions of the same library installed at the same time, pointed at by three different applications explicitly
<joepie91>
that is what I mean with dependency isolation
<joepie91>
that produces a lot of benefits; concurrent installation of different versions (or even with different build flags), atomic upgrades that can be rolled back, and so on
<joepie91>
with 'runtime isolation', I mean that every application (or even every subprocess of an application) runs in its own, isolated environment, where it cannot see any of the other applications on the system, nor interact with them unless explicitly authorized; NixOS does *not* provide that
<viaken>
Well, I updated this package, but it's got some Darwin-specific patches/additions that I have no ability to test. Volunteers?
<joepie91>
on NixOS, by default, every process runs in the same environment in the same way as it would on eg. Debian
<joepie91>
of course you can use containers and everything, but those don't really provide secure isolation (yet), and this isn't NixOS-specific (even if NixOS makes it easier to configure them)
<joepie91>
Qubes is an example of something that implements runtime isolation (for graphical systems like desktops and laptops)
<joepie91>
and even then it's VM-based, not the 'ideal' solution of capabilities, which I don't think is implementable in Linux at all
<construct>
joepie91: I used to run Qubes. What isn't implemented in Linux at all?
<joepie91>
construct: "implementable", not "implemented"
<joepie91>
as in, you can't do capabilities 'properly' on Linux because its kernel design is incompatible with it
b has quit [(Quit: Lost terminal)]
<construct>
joepie91: oh I see
<joepie91>
construct: I recommend that video if you're interested in these kind of topics; it's a very accessible presentation
<joepie91>
and reasonably short for what it covers :)
<construct>
joepie91: I'm giving it a listen. Thanks!
<construct>
haha
<joepie91>
(although the guy talks pretty fast, with an accent)
pxc has joined #nixos
ladams has quit [(Ping timeout: 252 seconds)]
<joepie91>
construct: you'll want to watch, not just listen :) the slides are fairly important for visualization purposes
<joepie91>
can be a bit tricky to understand how everything ties together otherwise
<construct>
joepie91: I was under the impression each app had to be mounted on its own filesystem to be isolated from other apps and the operating system. You're saying it's about isolating processes, not mount points. I hope that video will tell me how that works a little more :)
b has joined #nixos
<joepie91>
construct: it will - it explicitly addresses filesystems, in fact
<joepie91>
("different mountpoints" is a very Linux-y way of thinking about filesystems, which doesn't apply as such in eg. Genode)
<construct>
joepie91: cool, so filesystem are a part of isolation. Glad I was onto something there. I'll watch the video instead of just listen hah
<construct>
joepie91: ok
<construct>
:)
<joepie91>
:)
pxc has quit [(Ping timeout: 252 seconds)]
<construct>
joepie91: in a capability based operating system, will it overcome the insecurity of macrokernel design? So is it possible to have a secure macrokernel?
<construct>
joepie91: or does genode use a microkernel anyway?
sellout-1 has joined #nixos
<joepie91>
construct: it does, afaik
sellout- has quit [(Ping timeout: 248 seconds)]
<construct>
joepie91: interesting. I just heard a week or so ago that sel4.systems can run genode on a raspberry pi. It's a microkernel verified as secure by Isabelle the proof assistant
freeman42x[nix1] has quit [(Quit: Leaving)]
mizu_no_oto has joined #nixos
acarrico has quit [(Ping timeout: 240 seconds)]
Infinisil has joined #nixos
<Infinisil>
So, I have a problem with zfs + nixos: I booted the system on an external disk, which contains a zpool called "ext". I then reformat the internal disk, adding luks and another zpool on top of that called "main"
<Infinisil>
Now the problem is that when I try to boot into the new system, it still tries to import "ext" even though I never put any reference to it in my config.
<Infinisil>
Which I have no explanation for
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/v53gp
<NixOS_GitHub>
nixpkgs/master fc7397d Leandro Lisboa Penz: Revert "gnu global: set path of default gtags.conf in wrapper"...
NixOS_GitHub has left #nixos []
aw has quit [(Quit: Quitting.)]
spacefrogg has quit [(Quit: Gone.)]
aw has joined #nixos
spacefrogg has joined #nixos
endformationage has joined #nixos
garbas has quit [(Quit: WeeChat 1.7.1)]
pie__ has quit [(Ping timeout: 240 seconds)]
freeman42y has quit [(Ping timeout: 255 seconds)]
<construct>
joepie91: just finished the video. Oh my god, they have a web browser running!
<construct>
The video also mentioned sel4 hahaha
Michael__ has quit [(Quit: Leaving)]
<dash>
everybody's talkin' about seL4
<dash>
joepie91: are you running genode on anything yet
<joepie91>
dash: nope
<dash>
I have that problem too
<joepie91>
I'm looking at it more as an interesting concept/implementation than as something to run on my own systems :)
<joepie91>
doubtlessly some of its concepts will be reused in my OS dev experiments
<dash>
i just want someone to do all the work for me
acarrico has joined #nixos
tmaekawa has joined #nixos
<dash>
construct: microkernels are the past, gigakernels are the future
<dash>
kernels so big you need multiple machines to run them
<hyper_ch>
how do I calculate the sha256 sum from a git commit?
takle has quit [(Remote host closed the connection)]
takle has joined #nixos
<sphalerite>
hyper_ch: just from the git commit hash? You can't
<sphalerite>
hyper_ch: nix-prefetch-git is probably what you want
<hyper_ch>
sphalerite: well, trying to write a nix expression
<hyper_ch>
I point to the commit but I still need the sha256 sum for it
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to master: https://git.io/v53Kb
<NixOS_GitHub>
nixpkgs/master 9d74fd3 Jörg Thalheim: frostwire: add java to PATH...
NixOS_GitHub has left #nixos []
<hyper_ch>
but how to calcualte that?
<sphalerite>
Unless it's from github in which you want nix-prefetch-url --unpack <tarball URL>
<hyper_ch>
it is from github
<hyper_ch>
its my repo
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to release-17.03: https://git.io/v53Kx
<NixOS_GitHub>
nixpkgs/release-17.03 46e6cde Jörg Thalheim: frostwire: add java to PATH...
NixOS_GitHub has left #nixos []
<hyper_ch>
I want to calculate the sha256 for a given commit
<hyper_ch>
so that I can use it in the nix expresion - how can I do that?
<joepie91>
hyper_ch: the lazy solution that most everybody seems to use, is "enter a bogus hash and wait for it to error out, telling you the right one" :)
<hyper_ch>
it doesn't tell me the right one
<joepie91>
it definitely should; something along the lines of "expected X but found Y"
<joepie91>
what's the error you're getting?
<hyper_ch>
error: hash ‘eabda7d3ee3792447ec4c07478ce5771184c0362’ has wrong length for hash type ‘sha256’
<hyper_ch>
(use ‘--show-trace’ to show detailed location information)
takle has quit [(Ping timeout: 246 seconds)]
<sphalerite>
you need to put a hash in nix's base32 format
<joepie91>
oh, right
<hyper_ch>
how to get the hash?
<hyper_ch>
since I have none
<sphalerite>
But try nix-prefetch-url --unpack https://github.com/<owner>/<repo>/archive/<commithash>.tar.gz
<hyper_ch>
I just used the comimt version
<joepie91>
hyper_ch: I just copy a hash from whatever other expression
<joepie91>
(I do agree that this is annoying)
<hyper_ch>
ok, thx
<sphalerite>
you can also just put 64 of any of the permissible character
<sphalerite>
e.g. in vim 64i0<Esc>
<hyper_ch>
one would need to know first that a sha256 has contains 64 characters
<hyper_ch>
also, not everyone is good using vi/m
<sphalerite>
indeed
<sphalerite>
the error message should probably contain that little helpful piece of information :)
<sphalerite>
for github you'll typically want to use fetchFromGitHub rather than fetchgit, just because it's faster (uses github's tarball thing rather than cloning the repo)
Mateon1 has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 2 new commits to master: https://git.io/v536G
<NixOS_GitHub>
nixpkgs/master c4a156e Vincent Laporte: qarte: 3.2.0+158 -> 3.10.0+188
<NixOS_GitHub>
nixpkgs/master 460f640 Vincent Laporte: ocamlPackages.fileutils: 0.5.1 -> 0.5.2
NixOS_GitHub has left #nixos []
takle has quit [(Ping timeout: 240 seconds)]
hamishmack has quit [(Quit: hamishmack)]
Mateon1 has left #nixos []
deltasquared has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 2 new commits to master: https://git.io/v5368
<vegai>
I've installed ncurses as my user, so that library should exist
<vegai>
what to do to make it visible?
dywedir has quit [(Remote host closed the connection)]
<joepie91>
vegai: installing something stand-alone doesn't necessarily make the libraries visible in your environment (although supposedly this happens for *some* libraries? I'm unsure why...)
<joepie91>
vegai: the typical approach is to have a .nix file in your project repo that specifies the environment
<joepie91>
so you can do `nix-shell default.nix` or whatever you've named it
<joepie91>
and spawn a shell with that environment to develop in
<joepie91>
if you're doing actual development I'd recommend having a proper default.nix in the project repo
<vegai>
yeah, that seems like the best option
<vegai>
can I find examples of such?
<joepie91>
at least that .js file should serve as a template for the default.nix format :P
<joepie91>
well, see the .js file
<joepie91>
same idea
<joepie91>
except not a temp file
<joepie91>
it just needs to be a .nix file that returns/produces a derivation
<joepie91>
you should be able to fairly literally take the template in the .js file and use it for your own project, modulo the JS string interpolation going on
<joepie91>
I'm also not sure whether LD_LIBRARY_PATH is normally set when you pass stuff in as buildInputs
<joepie91>
vegai: over time, that'll be replaced with "on Arch I couldn't just do X and have it working"
<joepie91>
:p
<vegai>
v0|d: thanks :) though I'd rather write that nix so I won't have to do that every time
<joepie91>
it's just a different mental model with different tradeoffs and worse docs
<joepie91>
heh
<vegai>
sure
<vegai>
it's the general problem of short-term goals vs long-term goals
<joepie91>
I've had a few cases of that now; bisecting nixpkgs to find bugs, spawning a nix-shell on the spot, installing things with weird dependency requirements, and so on
<joepie91>
rolling back to old system configs
<joepie91>
the rollback-from-GRUB thing has saved my behind more than once :P
<vegai>
yay, crystal compiled. Thanks :)
faffolter has joined #nixos
<v0|d>
nix-shell -p crystal && clear
<v0|d>
sry i couldnt resist
<deltasquared>
joepie91: I agree with vagai's initial feeling but I suspect I would also slowly transition to feeling nix was indispensible.
<deltasquared>
I'll get around to actually diving into nix properly when I've migrated my encryption setup, I swear :P
<vegai>
v0|d: sure :) gives me crystal-0.20.5 though
<vegai>
which in these pre-1.0 times is ancient
<deltasquared>
something similar comes to mind from the shellcheck github page (https://github.com/koalaman/shellcheck): “At first you're like "shellcheck is awesome" but then you're like "wtf are we still using bash"”
<joepie91>
it probably helps that I didn't commit to using NixOS until I had a solid idea of what it does and doesn't provide, and how it works internally
<joepie91>
so I have a reasonable good handle on what is theoretically possible with it and why
<joepie91>
which helps get over the barrier of "why doesn't it just do X" because I understand on a technical level why it doesn't do X and what Y it gives me instead
<v0|d>
0.23 is in unstable.
Infinisil has joined #nixos
<vegai>
v0|d: yeah, I used that to be able to compile crystal itself
<joepie91>
but yeah, I totally understand the initial frustration - it's why every time I've recommended somebody to look into NixOS, I immediately follow up with "but prepare to have to re-learn Linux and be working on that for a few weeks at least"
<vegai>
because compiling crystal requires crystal
<Infinisil>
Aww yeah, I finally got it, after like 20 hours of frustration
<vegai>
v0|d: I just cloned nixpkgs and did nix-build -A crystal, and then nix-env -i <path>
<vegai>
is there a smarter way to do that, too?
<v0|d>
not that I know of.
<vegai>
okay. Well, this is good enough
<Infinisil>
I now have a fully encrypted main disk, 100%, and to decrypt it I have three different encrypted keys on three memory sticks, any one of them can decrypt the main disk
tmaekawa has quit [(Quit: tmaekawa)]
<vegai>
neat
<joepie91>
Infinisil: any... one of them?
<Infinisil>
joepie91: Yes
<joepie91>
any particular reason for that?
<Infinisil>
joepie91: These sticks are cheap, they could break easily, and they could get stolen
<vegai>
are you able to disable a stolen key?
<Infinisil>
I don't wanna just not be able to decrypt my data anymore
<joepie91>
but why three different keys?
<deltasquared>
joepie91: when you say "re-learn linux" are ye referring to compiling things and the like
<Infinisil>
vegai: Yes
<joepie91>
deltasquared: I'm mostly referring to daily usage
<joepie91>
deltasquared: suddenly, there's no /lib, there is no imperative package management
<Infinisil>
joepie91: Then I can disable a single one if
<joepie91>
there's no "edit a config file in nano"
<joepie91>
virtually every tutorial won't work on your system
<deltasquared>
joepie91: oh, so "unlearn" stuff and "relearn" new stuff. eep.
<joepie91>
it's as if you're on a completely different OS that just happens to use the same things under the hood
<Infinisil>
*disable a single one of them
<deltasquared>
joepie91: oh dw I tell my friends when I introduce them to linux that most tutorials on the web are outdated or aren't applicable in some way
<joepie91>
Infinisil: but you should be able to do that anyway?
<joepie91>
rotating keys I mean
<joepie91>
at least on a theoretical level
<hyper_ch>
am I right or does nixos not provide hocr2pdf / exactimage ?
<Infinisil>
joepie91: No idea how to do that
<joepie91>
hyper_ch: seems so
<deltasquared>
rule 35 of nixos: if there isn't an expression for it, get writing :P
<joepie91>
Infinisil: ah, so it's more of an "I don't know where the button for that is, but I know where the button for *this* is" scenario?
<Infinisil>
joepie91: Well, my solution doesn't seem to have a downside, what's the benefit of having a single key?
wowi42 has quit [(Read error: Connection reset by peer)]
<Infinisil>
joepie91: Or how would this key rotation thing work?
<v0|d>
I see no obstacle on detecting build system for most of the stuff.
<joepie91>
Infinisil: not exactly a 'benefit' as such, it just seemed like an unnecessary addition
<joepie91>
Infinisil: well, I would imagine that if you have three different usable keys, that means that the actual encryption key is stored on disk, encrypted with each key individually
<joepie91>
implementation-wise
<joepie91>
and therefore any key could decrypt its copy of the real key
<joepie91>
and disabling a key works by deleting the encrypted key for that key
<vegai>
is there a way to make nix-shell use zsh
<joepie91>
if that is possible implementation-wise, then theoretically it should also be possible to just have an encrypted 'real key' encrypted with one single key, and replace that with a different one to rotate keys
<joepie91>
so I'm approaching this on a "how would I implement it and is it then possible" level
<joepie91>
I don't actually know whether the config options / tools for it exist :P
<Infinisil>
joepie91: Hold, on need to digest what you said
<joepie91>
v0|d: the default builder already more or less does that, but there are many many weird oddities in almost every package
<Infinisil>
Hold on*
<joepie91>
application-specific
<joepie91>
Infinisil: yeah, I need to take a break anyway
<joepie91>
brb 5 mins
<deltasquared>
joepie91: thing is if/when I go into nix again I'd probably abuse it a little. most likely a /usr/bin symlink because I'm not ready to have my /etc be generated that way yet
<vegai>
v0|d: nothing, thanks :) Guess I oughta read the manpage rather than ask here
<v0|d>
tell me more about oddities. i like 'em
<deltasquared>
(two are related because systemd is an ass with demanding abs paths for services)
<vegai>
would be fun if zsh could be made a default there
<vegai>
I already have users.defaultUserShell = pkgs.zsh but seems like that setting doesn't flow to nix-shell
<deltasquared>
side question: in what way is the ARM port still considered experimental? is it just that there's not as many packages yet
<deltasquared>
because I was thinking that a nix store would be waaaay easier to set up on to live hosted on an android device without needing to mess with chroots and the like.
<v0|d>
lol
<v0|d>
i was too lazy to try that, glad somebody did.
<avn>
vegai: nix-shell is bound to bash, but you can `exec zsh` from it
<v0|d>
i would read if you write it up somewhere, i mean the experience.
<joepie91>
deltasquared: ah, were you using Nix on non-NixOS?
<Infinisil>
joepie91: On each stick, there's a different key encrypted with the same password, and each one of those keys can unlock the main disk (this is saved on the main disk, and I think I can modify that)
<joepie91>
Infinisil: the main disk can only be encrypted with one key, otherwise you'd need three copies of your data each encrypted with a different key. therefore, the 'real' encryption key must be stored somewhere that is always accessible, and the logical place for that is on the disk alongside the data... but three copies of it (because a key is small!), each encrypted with one of the "USB keys"
<joepie91>
Infinisil: my point here being: there's a key you don't see, which is the real one
<joepie91>
your data is not encrypted directly with the key on your thumbdrive
<vegai>
avn: okay
<joepie91>
the real key exists likely on the disk itself, just in a way that it's completely useless without one of the thumbdrives (hence, encrypted itself)
<Infinisil>
joepie91: The master key is on a stick though?
<olejorgenb[m]>
vegai: `nix-shell --command zsh` works too
<joepie91>
Infinisil: I don't know what your setup is, I'm just going off logic
<joepie91>
you can't encrypt the same data with >1 keys without having copies of the data, that is a given
<joepie91>
you can't decrypt data without having the key for it present, that is also a given
<Infinisil>
joepie91: Hold on, I'll show you what steps i took
<joepie91>
Infinisil: therefore, logically, for the "any of three thumbdrives" scheme to work, there *must* be an additional key that 1) is not one of the thumbdrive keys, and 2) is always accessible regardless of which thumbdrive you have inserted
<joepie91>
this is not anything specific to your setup or the tools you're using
<joepie91>
it's just plain logic
<joepie91>
if it were encrypted directly with thumbdrive key 1, then key 2 and 3 could never decrypt it
<joepie91>
unless key 1, 2 and 3 are the same one, which you say they're not
<Infinisil>
joepie91: luks allows you to add additional keys to decrypt
<joepie91>
Infinisil: see above; I'm not talking about luks or how you use it
<joepie91>
I'm talking about *implementatioin*
<joepie91>
the actual crypto, how it is implemented
<joepie91>
this is at a lower level than "this is the luks config I used"
<Infinisil>
Hmm right
<hyper_ch>
nix-store optimise uses a lot of power?
<joepie91>
I'm talking about what luks itself is doing to make this feature work
<Infinisil>
Now that I think of it it does indeed not make much sense
<joepie91>
or rather, what it *must* be doing to make it work :P
<Infinisil>
I'll have a look how luksAddKey works
<joepie91>
because it's otherwise physically/mathematically impossible
<joepie91>
I usually approach things by looking at how they work, or rather how they *must* work to make something happen
<joepie91>
helps me understand the exact guarantees and tradeoffs
<Infinisil>
joepie91: But, wouldn't it in theory be possible to create a function that maps exactly n different inputs to the same output?
<v0|d>
subbyte is an APN function
<v0|d>
would they help?
<Infinisil>
joepie91: Like a multi one-way function
<hyper_ch>
luksAddKeys allos up to 8 keys/passwords IIRC
<joepie91>
Infinisil: your question is too generic for me to give a useful answer to it :P
<Infinisil>
hyper_ch: Do you happen to know how it's implemented?
<joepie91>
Infinisil: one way or another, encryption works by having a function that takes in a bunch of data bytes, and a bunch of key bytes, and then produces an encrypted form of it
<joepie91>
function in the mathematical sense
<joepie91>
XOR being the most basic idea
<joepie91>
one of the properties involved is that the same data bytes + the same key bytes result in the same encrypted data
<Infinisil>
joepie91: Yeah, I actually just took a course on this stuff (I'm a bit tired right now though :P2
<hyper_ch>
Infinisil: it's implemented by people smarter than me ;)
<Infinisil>
v0|d: Just found that too, reading it now
<joepie91>
and inversely, only one set of key bytes should, given the encrypted bytes, produce the data bytes
<joepie91>
therefore, if you have one set of encrypted data, it *must* only have a single key that can decrypt it
<joepie91>
usually abstractions are built on top of that (eg. forward secrecy, which uses a persistent key to regularly renegotiate ephemeral keys, that are thrown away after use)
<joepie91>
but in the end there's still always precisely one key applied to the encrypted data that results in the plaintext
<v0|d>
PBKDF is very common in cyrpto i know other trix, see Lamport Hash.
<joepie91>
so if luks allows you to have N keys that all result in data decryption, there must be some function that takes in any of the N keys, and always produces the same output (real key), but that *doesn't* do so for any key that is not in those N keys
<hyper_ch>
it seems luks allows multiple slots... upon creating the device, you have to provider a "key" which encrypts the master they
<joepie91>
the obvious implementation for that is "store N copies of the real key on disk alongside the data, each copy encrypted with its corresponding 'end user key'"
<hyper_ch>
that encrypted master keys is stored in slot 1
<Infinisil>
joepie91: Read the link sent by hyper_ch and v0|d, it explains how luks does it
<joepie91>
yeah, so this is basically what I was guessing at
<joepie91>
:p
<hyper_ch>
then you can uncrypt the master key with your original password.... once you have it unencrypted, you can encrypt it again with a different password... the master key remains the same
<v0|d>
joepie91: read kaufmann
<joepie91>
hence, you should be able to replace the on-disk encrypted key with a copy that's encrypted with a *different* end user key -> you've now rotated your key
<v0|d>
joepie91: u can't learn crypto from *exchange.com
<joepie91>
v0|d: aside from that being nonsensical, I think you're highlighting the wrong person :)
<joepie91>
I'm just explaining my rationale to Infinisil
<Infinisil>
joepie91: Yeah, I think I understand now
<joepie91>
on how I came to the conclusion that key rotation should be possible without a 1-out-of-N scheme
<v0|d>
oh sry if thats the case.
<joepie91>
on a theoretical level
<joepie91>
whether luks actually has a tool for that is a separate issue :D
<v0|d>
i'm distracted atm.
<joepie91>
but it's *implementable* at least
<Infinisil>
Well, what I have for now works flawlessly anyways :D
<joepie91>
yeah, it's probably fine from a practical perspective
<joepie91>
I just switched into the explaining gear there
<joepie91>
lol
MP2E has quit [(Remote host closed the connection)]
<v0|d>
Kaufmann is a very good introduction to protocols book.
<Infinisil>
:P
<joepie91>
professional habit I guess..
<v0|d>
it has PB derivations, Lamport Hash, Kerberos, niedham schroeder pki etc.
<Infinisil>
I'm just really proud I was able to do this
<joepie91>
(I do freelance tutoring, hence :P)
<Infinisil>
I also redid my whole filesystem setup, using better ZFS datasets/subsets
mudri` has joined #nixos
<Infinisil>
I now have an `important` dataset, which will additionall be backed up to a remote location
<v0|d>
more advanced stuff can be found in Boneh's notes.
<v0|d>
like Yao circuits , private information retrieval etc.
<Infinisil>
And `important` is in the dataset `data` which is stuff that needs to be backed up
<joepie91>
time to pay a visit to the supermarket, before my package gets delivered...
<Infinisil>
joepie91: You could add that package to nixpkgs :P
<joepie91>
lol
<joepie91>
it's an expensive package :P
<joepie91>
(new PSU)
<Infinisil>
PSU?
<joepie91>
power supply unit
<joepie91>
for my desktop
<joepie91>
current one is dodgy
<Infinisil>
Ah, like $100-$200?
<kevincox>
Then the ability to clone it will be very useful ;)
<joepie91>
about 95 EUR I think? I shelled out on a high-end one
<joepie91>
modular, 650W I think, seasonic, very quiet / semi-passive cooling
<joepie91>
with lots of connectors
<Infinisil>
kevincox: What usecase are you thinking of?
<Infinisil>
joepie91: (I honestly have pretty much 0 clue about desktop workstation setups)
<kevincox>
I was joking about adding your package to nixpkgs. Then you can clone it. Now you have two expensive packages :P
<Infinisil>
kevincox: Ahh xD
<Infinisil>
I thought you were talking about zfs clones
<joepie91>
Infinisil: fwiw, Seasonic PSUs are generally considered the best desktop PSUs money can buy :P
<joepie91>
extremely close to or sometimes exceeding rated wattage, good protection mechanisms, stable power, durable, etc.
<joepie91>
doesn't matter for a "Facebook PC" but given how heavily I rely on my desktop for my work...
<joepie91>
it needs to pretty much not ever break
<Infinisil>
joepie91: Ah, maybe I'll grep my #nixos logs for that name if I ever need one then :)
<joepie91>
:P
<Infinisil>
joepie91: What's that machine for to be so important?
<joepie91>
Infinisil: I work from home, freelance
<joepie91>
no working desktop means no income
<joepie91>
so I have a reasonable amount of money invested in hardware durability
<joepie91>
and spares etc
<Infinisil>
joepie91: Oh I see, cool! Working like this is my eventual goal. Right now I'm still studying
<joepie91>
Infinisil: obligatory statistic if you're considering freelance: at least half of your work hours are unpaid
<joepie91>
:P
<joepie91>
marketing, accounting, learning new things, following up on leads
<joepie91>
etc.
<joepie91>
(this is why freelancers get paid more per hour than salaried employees)
<Infinisil>
joepie91: Well, maybe not freelance, but working remote is definitely a goal
<joepie91>
right
<Infinisil>
Accounting and management aren't my strengths (currently at least)
<joepie91>
salaried is definitely easier
<joepie91>
anyway, really need to go to the store, brb
pie__ has quit [(Read error: Connection reset by peer)]
<Infinisil>
Oh, I'm just noticing a little problem with my setup
<Infinisil>
Since I have a mirrored boot on all 3 sticks, I need all of them pluggen in to do a rebuild
<Infinisil>
Although, I could use `test` instead of `switch`, so only the running system gets updated, without updating boots
<vegai>
have any of you met a problem with DisplayPort that the max resolution it gives is 1024x768?
<vegai>
HDMI on the same laptop works fine
<vegai>
curiously, this DisplayPort was working fine for about a year
hamishmack has joined #nixos
<Infinisil>
vegai: I do use a (Mini)DisplayPort connector, and the default resolution is indeed so small, but I can change it with xrandr
<vegai>
this is not NixOS -related, but Linux-related; this prompted me to distrohop a bit, and I saw the same problem everywhere
<vegai>
Infinisil: I mean that xrandr gives 1024x768 as the maximum resolution
jellowj has joined #nixos
<vegai>
it almost seems that Linux the kernel broke this at some point
<vegai>
too bad that I wasn't paying attention
<Infinisil>
vandenoever: Yeah that doesn't happen to me, no idea
BurNiinTRee[m] has left #nixos ["User left"]
<vegai>
oh well, I have no reason to stubbornly prefer DP
<v0|d>
vegai: mac?
jtojnar has quit [(Remote host closed the connection)]
jellowj has quit [(Quit: WeeChat 1.7.1)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
jtojnar has joined #nixos
* joepie91
returns
<joepie91>
Infinisil: so if you intend to look for remote work, make sure that it's actual employment and not a weird contractor setup
<joepie91>
otherwise you might get burned by the tax authorities :)
jellowj has joined #nixos
<joepie91>
(and/or be underpaid)
magnetophon has quit [(Ping timeout: 248 seconds)]
<deltasquared>
joepie91: sorry stuff happened. yes, I've only run nix alone thus far
<joepie91>
deltasquared: right, I don't recommend that - you don't get system config and such, meaning that you have to deal with most of the pain while only getting a tiny part of the benefits
<joepie91>
it's not really representative of what eg. working with NixOS is like
<joepie91>
(for example, on NixOS you don't have to do weird path hacks with services because the service configuration is also done in Nix)
<joepie91>
(and that Just Works)
<deltasquared>
argh, so it's an all or nothing deal then?
<Infinisil>
joepie91: I'll keep that in mind
<joepie91>
deltasquared: well, not exactly; it's just that the value proposition makes less sense outside of NixOS :)
<joepie91>
you still get some of the benefits (like isolated dependencies) but compared to the hassle you just get a better deal on NixOS
<joepie91>
Nix on non-NixOS is like 80% of the work and hassle for 20% of the benefits
<joepie91>
the 20% benefits are still nice, but, it's 20%
<joepie91>
comparatively speaking NixOS is not much more hassle but you get way more benefits :P
<deltasquared>
joepie91, Infinisil: my .02 on the luks thing. joepie91 is correct, there is a single master key (which you can extract, but NOT recommended) which is individually encrypted again for each key slot you have - one slot may be a key file, a passphrase etc.
<joepie91>
(I'd say that the one big drawback of NixOS over non-NixOS, is that you don't have an 'escape hatch' anymore for running statically compiled binaries without patchelf'ing them)
<deltasquared>
when you add a new slot, you have to provide an existing authentication so that the master key can be decrypted and then re-encrypted with the new method for the new slot
ahawkins has joined #nixos
<Infinisil>
deltasquared: Thanks, yeah that's what we also found out on crypto.stackexchange
<deltasquared>
joepie91: containers it seems are the way to go then.
<joepie91>
deltasquared: how do you mean?
<deltasquared>
joepie91: I don't want to jump ship arch just yet :P
<joepie91>
deltasquared: but what do you mean with "containers" in this context?
<ahawkins>
does nixos use ~/.pam_environment? If so, what's the correct way append a directory to $PATH for my user?
<deltasquared>
but it seems I need all of that declarative config goodness without clobbering my host system.
<joepie91>
like, use them how to solve what problem?
<deltasquared>
joepie91: running nixos "full" without needing to give up arch for day-to-day stuff in case I need those "escape hatches" :P
<deltasquared>
I'm not that brave, alas.
<joepie91>
deltasquared: right, a container isn't going to work for that
<joepie91>
containers are shared-kernel, that's what sets them apart from VMs
<gleber_>
joepie91: can't you also run them in FHS?
<joepie91>
NixOS will want to control the kernel
<deltasquared>
joepie91: why can't I whack it
<joepie91>
(I'm currently working on getting NixOS going under OpenVZ but it's not entirely clear yet how to do that, without host modifications)
<joepie91>
gleber_: then you still need a global linker and libc and such, and that still requires work
<deltasquared>
ok, let me put this another way. I demand manual control of boot environment and kernel :P
<joepie91>
my point here being that static binaries won't work out of the box
<joepie91>
deltasquared: NixOS controls the *entire* system configuration through Nix, bootloader included
<joepie91>
(that's how you can boot into past system revisions)
<deltasquared>
joepie91: that cannot be universal unfortunately, so many systems I've used require hacks and kludges
<joepie91>
deltasquared: how do you mean?
<deltasquared>
joepie91: can't I just say "don't bather with a kernel package"
<joepie91>
not that I know of
<joepie91>
and a bunch of stuff would likely break then anyway
<deltasquared>
the kernel ABI is usually quite stable
<joepie91>
anyway, what did you mean with [12:27] <deltasquared> joepie91: that cannot be universal unfortunately, so many systems I've used require hacks and kludges
<joepie91>
?
<deltasquared>
joepie91: bootloader and firmware setup is so unique that I would *very much prefer* it not be under the automated control of the OS
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 2 new commits to master: https://git.io/v531g
<joepie91>
'unique' in what sense? there are plenty of options in NixOS on how to set up the bootloader
<deltasquared>
I'm too afraid it'd break, especially with the godawful UEFI firmware I've got on this laptop and the stuff I need to do with faking the windows bootloader
<joepie91>
that NixOS controls it doesn't mean that you can't configure it; it just means that you can't make it not touch it and still have everything work as advertised
<joepie91>
deltasquared: I mean, to be clear, these aren't arbitrary requirements; there are good technical reasons why NixOS needs to control all of those to make things work reliably
<deltasquared>
ok, let's just say then I let nixos build the kernel but I ignore it, 'cause reasons. what about the bootloader, can I "disable" just thata
<joepie91>
deltasquared: you will lose the ability to boot into past revisions, and things will very likely break because they are built against a kernel version you're not running
<deltasquared>
joepie91: where would I hook in a script to copy the systemd-boot binary to another path on the ESP
<deltasquared>
say, to where windows would typically put it's one. because my system's firmware is stupid
<joepie91>
if not, an issue / PR can be made for it :P
<deltasquared>
eww, javascript page
<deltasquared>
I'll have a look later.
<Infinisil>
joepie91: Gogs on your website does look pretty neat
xd1le has joined #nixos
<deltasquared>
just for lols though, because I'm curious to test this thing without too much overhead: assuming I don't request anything that is picky about kernel version (vhba perhaps), are there any known problems currently with starting nixos in a container
<deltasquared>
cause I sure as hell ain't gonna jump ship all in one go ;)
<joepie91>
deltasquared: so to give a bird's eye view of how NixOS does kernel / boot loader management: after a system rebuild, it will create a new system configuration profile, which includes an initrd and such, and then re-generate the GRUB config with all the current boot entries (non-garbage-collected system revisions) and installs that to the EFI partition
<joepie91>
so that you always boot into an initrd that reflects the given system configuration
<Infinisil>
WHAT, how did it just backup 60GB's of data in 10 seconds
<joepie91>
Infinisil: write caching
<joepie91>
it's probably not really stored yet
<joepie91>
:P
<deltasquared>
Infinisil: run sync and time it
<joepie91>
deltasquared: honestly, it sounds like you want a VM instead
<joepie91>
which means you don't need to worry about kernel versions and can just let NixOS do its thing
<deltasquared>
joepie91: argh. alas, my f- *ahem* messing-around desktop doesn't do vt-x
xd1le has quit [(Client Quit)]
<deltasquared>
yes, it's ancient. I know.
<joepie91>
lol
<Infinisil>
Something must be wrong, (and sync doesn't take more than a few seconds)
<joepie91>
I mean, you don't strictly /need/ vt-x...
<joepie91>
it'll just be stupid slow
<deltasquared>
joepie91: correction, test without clawing my eyes out
<joepie91>
qemu (non-kvm) doesn't require vt-x afaik and virtualbox I think has a vt-x-less mode too
<joepie91>
Infinisil: lots of zeroes?
<deltasquared>
but eeeet tooooo slaaooowww
<joepie91>
right
<v0|d>
anyboyd tried MTTCG on qemu?
<joepie91>
yeah, I can't help you with that :P
<joepie91>
I mean, you can try to get NixOS working in a container
<v0|d>
does it really make things faster?
<joepie91>
but you should expect to run into lots of issues
<joepie91>
in particular obscure ones that are hard to Google and/or find solutions for
<deltasquared>
joepie91: out of curiosity, how would nixos (I guess it would be the configuration switch command here) respond if you didn't say anything at all about the bootloader in the system config
<joepie91>
it's /theoretically possible/ I'm sure, but it just ventures so far outside of the 'supported stuff' area (that I know of) that it'll be painful :P
<joepie91>
deltasquared: grub is enabled by default
<joepie91>
I guess you can explicitly disable it?
<deltasquared>
joepie91: so say I enable = false there
<joepie91>
no idea what it'd do then
<Infinisil>
probably fail
<deltasquared>
only one way to find out... :P
<joepie91>
but you certainly won't be booting into your NixOS system config then, that';s for sure :P
<joepie91>
(and again, to have the ability to boot into past revisions from your bootloader, it *must* control the bootloader)
<joepie91>
(though you could maybe chainload?)
xd1le has joined #nixos
<deltasquared>
“I'm an arch user! I can figure it out!” is pretty much what runs through my head rn
<joepie91>
your funeral :P
<joepie91>
hehe
<deltasquared>
RIP me
<joepie91>
deltasquared: anyway, frankly, chainloading sounds like the sanest option in this case
<joepie91>
fake EFI partition that NixOS is told to use
<joepie91>
real bootloader in your custom place
<joepie91>
have it boot into the NixOS-installed bootloader
<joepie91>
brb
<Infinisil>
When it rebuilds, it writes a new grub entry with the new system initrd and kernel (and what have you not)
<Infinisil>
or is it something else that you need to know?
<deltasquared>
I would be a bit leery if the grub setup auto-installed itself to the MBR on a BIOS system.
<Infinisil>
deltasquared: I think you would need to set boot.loader.grub.device = "/dev/sda" for it to do that
<deltasquared>
oh good.
<deltasquared>
I would have noped to the 10th if it tried to do it automatically
<Infinisil>
And setting this to "nodev" would only install it for UEFI
<Infinisil>
I'm not sure how grub gets updated exactly
<deltasquared>
the only other thing that comes to mind is if for whatever crazy reason you wanted to dual-boot another linux distro. I think chainloading nixos's grub would be the sanest way to have nixos not clobber the "master" bootloader
<Infinisil>
By default nixos installs all the entries for different generations in a grub subentry, while there is only one entry at top-level which refers to the latest one
<Infinisil>
No idea about chainloading though (don't even know what that is)
<deltasquared>
I'm not gonna lie here, the amount of things nixos asks for being released from manual control is scaring the crap out of me
<Infinisil>
NixOS has the options boot.loader.grub.extraEntries and boot.loader.grub.extraEntriesBeforeNixOS
<deltasquared>
Infinisil: oh, say I use systemd-boot in the "real" ESP and give it an entry to point to nixos's GRUB
<Infinisil>
deltasquared: You can't enable both systemd-boot and grub afaik
<joepie91>
(you can do chainloading)
<xd1le>
deltasquared: I think systemd-boot is different to GRUB though :/, may be wrong
<joepie91>
yeah, different bootloader
<joepie91>
systemd-boot is former gummiboot
<deltasquared>
Infinisil: hehe, who said I was letting nixos control the master bootloader? :P
<joepie91>
Infinisil: the idea is to have NixOS install in what it *thinks* is the EFI partition
<joepie91>
but not really
<joepie91>
and then manually control the master bootloader and have it chainload the NixOS one
<deltasquared>
I wonder if said "ESP" could be something non-vfat... fscks on my ESP make me worried
<joepie91>
deltasquared: I wouldn't say "released from manual control", I would say "automated" - you can still modify the process of setting it up in whatever way youi want
<joepie91>
you*
<Infinisil>
ESP absolutely *needs* to be vfat
<joepie91>
deltasquared: it's just no longer an imperative do-it-once operation
<joepie91>
(again - for good reason)
<deltasquared>
Infinisil: even if it's a "fake" one just to fool nixos?
<deltasquared>
not actually booted from by the UEFI firmware
<Infinisil>
deltasquared: You mean to just have the label EF00 ?
<Infinisil>
on the "fake" ESP?
<deltasquared>
Infinisil: no, I mean the partition that nixos mounts and writes grub to
<deltasquared>
seeing as it'd be chainloaded by something booted from the real ESP then the "secondary" one wouldn't have to be vfat to appease the firmware.
<Infinisil>
./boot? That doesn't need to be vfat, but /boot/efi does
<deltasquared>
eh, I'm sure I'll figure it out later.
<Infinisil>
As a sidenote, there's the neat option boot.loader.grub.useOSProber which is supposed to detect other OS's. Gonna try that when I install NixOS on my now-Windows machine
<deltasquared>
joepie91: don't get me wrong, I still think being able to regenerate an entire system is cool, but so far it seems like it'd involving so much undoing of the setup I've accumulated over time on my arch installs
<joepie91>
deltasquared: replicating, not undoing
<Infinisil>
deltasquared: I actually just needed to rebuild my entire system, and I'm soooo glad for NixOS
<joepie91>
specifically, replicating in a reproducible manner
filterfish has quit [(Ping timeout: 276 seconds)]
<joepie91>
instead of having a 'special snowflake' system where $deity knows what you need to do to get it going again
<deltasquared>
joepie91: no, I think it'd be undoing, I suspect large bits would be no longer applicable
<joepie91>
if for any reason your current setup dies because of a broken HDD or whatever
<joepie91>
deltasquared: I don't know what kind of setup you're referring to with that exactly, but if special config is "no longer applicable", that sounds like a good thing to me :P
<deltasquared>
joepie91: well there were bits to do with cloning the arch linux repo mirrors for instance, because I liked being able to install packages offline from a consistent snapshot of the "current" packages
<deltasquared>
worrying about "current snapshot" would be completely a non-issue under nixos
<Infinisil>
I may try to write a tool that checks your configuration.nix for redundancy, e.g. setting boot.loader.grub.version = 2; even though that's the default
<Infinisil>
Would be nice
<deltasquared>
that reminds me, is there a formal spec for nix expression grammar? I'm wondering how hard it'd be to parse
<deltasquared>
"hard" in the complexity sense here
<Infinisil>
I don't think so, there's only a reference implementation
<deltasquared>
eww.
<Infinisil>
But there's also hnix which parses (and evaluates) nix, which I think is pretty much done
<Infinisil>
written in Haskell
<deltasquared>
gg you functional programmers, you'd think parsing would be the first thing you'd want to nail down :P
<ahawkins>
I've created an ~/.xession file to support gpg-agent. Is that file supposed to exec the window manager? I'm kicked out after I login now that I've created that file.
<deltasquared>
ahawkins: afaik it's .xinitrc which starts stuff on startx
<joepie91>
deltasquared: There Was Once A Spec
<deltasquared>
so, wm goes in there (most of the time as the last line via exec)
<joepie91>
It Is No More
<joepie91>
(I've been writing a parser, and yeah, it's a bit of a mess)
<deltasquared>
I'm seeing a bit of irony here in a distro about reproducability, yet there's no real spec for nix exprs ;)
<Infinisil>
deltasquared: ahawkins: On NixOS the window manager isn't usually called from .xsession
<deltasquared>
Infinisil: I didn't say it was. always been .xinitrc for me
<vegai>
v0|d: Thinkpad X1 Carbon
<Infinisil>
Also not .xinitrc (on NixOS)
vandenoever has quit [(Ping timeout: 240 seconds)]
<joepie91>
deltasquared: I'm not going to disagree with you there :P that's one of the uglier bits
<deltasquared>
something something truly reproducable mumble same result with different tools implementing spec mumble
<joepie91>
lol
<joepie91>
yeah :P
<joepie91>
deltasquared: anyway, it's worse than that - the operator table in the manual isn't even complete
<joepie91>
there's definitely documentation work to be done there
<vegai>
oh hey, I was wondering about that just now
<joepie91>
(I'm working on this...)
<Infinisil>
ahawkins: You need to put the stuff you need additionally into ~/.xprofile
<vegai>
is there a way to make NixOS session read from .xsession?
<joepie91>
but I've based it on the reference implementation and hnix
<ahawkins>
Infinisil: is ~/.xprofile a nix thing?
<joepie91>
so errors *may* be in it
<Infinisil>
vegai: It does call ~/.xsession if it exists (but then also desn't start DE/WM)
<mbrock>
wow, an operator for logical implication, haven't seen that before :)
<Infinisil>
ahawkins: Yes, if ~/.xprofile exists, it sources that file
<vegai>
Infinisil: hmm
<joepie91>
mbrock: it's actually used, too!
<vegai>
perhaps I had some error in my .xsession because when I had it, my i3 didn't...... aaagh
<vegai>
I had exec /usr/bin/i3 in there :D
<vegai>
surprise, it doesn't work
<joepie91>
I'm not totally convinced that its existence is warranted, but eh :P
michas has quit [(Quit: Verlassend)]
<deltasquared>
joepie91: given that I was having a hard time getting used to the idea of certain things having to change under nixos, you telling me about incomplete things isn't selling it to me :P
* mbrock
personally never tries to sell NixOS to anyone
<joepie91>
deltasquared: eh, I'm not trying to 'sell' it, I'm just giving you a rundown of the relevant benefits and drawbacks
<joepie91>
:P
<joepie91>
you should absolutely be prepared to be spending some time figuring out where all the knobs and levers are
<Infinisil>
This file defines the session
<joepie91>
when switching to NixOS
<joepie91>
once you've figured that out, it's great and absolutely worth it - but the cost is definitely there
<Infinisil>
I agree with joepie91
<Infinisil>
Took me a bit of time, but well worth it
<deltasquared>
it seems it may be time that I may not be able to spare, what with university coming up again in a week or so
<joepie91>
(this cost will be reduced as documentation and such improves, but right now it's still high-ish)
<joepie91>
deltasquared: depends on how functional you need that system to be during university time
<joepie91>
:p
<joepie91>
if it needs to work during university time, I'd probably say "don't, yet"
<deltasquared>
joepie91: completely free of dissonance, so yeah.
<joepie91>
if it's okay for it to be out of commission for a bit, you'd probably be fine
<mbrock>
like my ma always said, focus on your studies instead of messing around with linux distros!
<joepie91>
mbrock: and see where that got you! :P
<joepie91>
hehe
<Infinisil>
mbrock: I totally failed at that
filterfish has joined #nixos
<Infinisil>
Discovered NixOS a few months ago, have totalyl neglected studios
<Infinisil>
studies*
<joepie91>
I have the benefit that NixOS is just a part of my learning processes for me...
<deltasquared>
Infinisil, mbrock: can confirm, also spent much time f- erm *fscking* with linux
<Infinisil>
But I do have a semi-sweet nixos config, so there's that :D
<ahawkins>
Infinisil: thanks!
<mbrock>
I mostly used a Mac throughout university :/ but I digress
<Infinisil>
joepie91: Oh? You work with NiX? Nice!
<mbrock>
Nix even without NixOS can be really useful on any distro, or Mac
<joepie91>
(that is, pretty much any time not spent working is spent working on my projects and learning things, and in particular learning things that are either directly useful for my projects and/or work, or that will be the Next Important Thing in a few years)
<deltasquared>
mbrock: yeah but joepie91 pointed out that I'd run into several difficulties that way
<joepie91>
Infinisil: well, depends on how you define 'work'
<joepie91>
Infinisil: for paid work, Not Yet
<joepie91>
although it is likely that I have my first NixOS/NixOps deployment for freelance work coming up
<Infinisil>
I tried Nix on macOS but wasn't really impressed, admittedly I didn't really dig in too much though
<Infinisil>
joepie91: Awesome
<joepie91>
but I already use it for my own projects, for my own desktop/laptop (ie. work environment)
<joepie91>
and expect it to become significant in the next few years
<mbrock>
it's been really useful for me just in the sense of being able to make complex packages that work on both Linux and Mac
<xd1le>
one cool thing that I can do with NixoS that I can't with others: mess around with the config without fear of breaking anything, especially when I know I need it for tomorrow for example. That applies for anything obviously, but especially for uni where like it might be important for your studying/work.
<joepie91>
so... counts as 'learning for work' to me :)
<mbrock>
that's also part of my work, incidentally :)
<deltasquared>
welp, it seems that any ventures with nixos will have to be confined to qemu-kvm for the time being.
<deltasquared>
speaking of, I wonder if it's possible to pci passthrough the sole GPU in a system and have the host be headless
<Infinisil>
xd1le: I recently heard in #linux that some people wanted to update the kernel and chatted about how it could ruin your machine lol
<joepie91>
mbrock: my earlier remark towards deltasquared was that while Nix on non-NixOS definitely does provide some benefits and useful tools, it's still 80% of the work/hassle for 20% of the benefits... and for 20% extra hassle by using NixOS you get the other 80% of benefits :P
<mbrock>
there's also an AMI so you can easily spin up an AWS EC2 box with NixOS, FYI (and probably also for Google Cloud and whatnot?)
<joepie91>
deltasquared: iirc somebody once talked somewhere about doing that and it being possible
<joepie91>
but I have no idea how
<joepie91>
xd1le: yep, I share this experience
<joepie91>
I'm no longer hesitant to modify configs and such
filterfish has quit [(Remote host closed the connection)]
<joepie91>
worst case I boot into a past revision and revert it
filterfish has joined #nixos
<joepie91>
worst-worse case if I fucked up my bootloader, I boot NixOS from a thumbdrive and rebuild
<Infinisil>
Damn, thinking about this again, it is truly magical
<Infinisil>
And how it's supposed to be for everything really
<deltasquared>
it does seem cool to never have to worry about the nvidia driver blob breaking.
<joepie91>
Infinisil: tbh this is where my interest in NixOS comes from; not so much the immediate practical benefits (although those are nice and useful!) but the fact that this is a sound design that should underlie the average system
<deltasquared>
hell, I'd probably be tempted to use their hardware if I didn't have to worry about xorg/kernel exploding in the precense of their... interesting kernel modules
<joepie91>
and I'm more interested in making that happen, than in waiting for it to happen
<joepie91>
:p
<joepie91>
doesn't have to be in the form of NixOS - if some other established distro adopted the same design, great!
<mbrock>
yeah, I also hope that the model spreads
<deltasquared>
joepie91: was it guix or something that had per-package dirs (not sure about full hashing though)
<xd1le>
Infinisil: that's actually exactly a case that happened with me like a few weeks ago. I had a presentation in a few hours but I decided I wanted to try a new kernel to see if I can could sound working properly for it, so yeah I just did that, so simple. It didn't work but can't even imagine considering that with something else haha
<joepie91>
but absent any movement on this on major distro's, I'm working on my own set ideas about building an end-user distro on top of NixOS
<deltasquared>
there was another distro trying to go along that line
<joepie91>
deltasquared: Guix is Nix-derived
<deltasquared>
oh, 'k then
b has joined #nixos
<xd1le>
(except for GuixSD obvs)
<Infinisil>
joepie91: I believe distros are really almost all emulatable with Nix/NixOS
<joepie91>
Infinisil: right, but I'm thinking in terms of Using It Properly
<joepie91>
not FHS hacks and such
<joepie91>
(unless unavoidable - hi, Steam!)
<deltasquared>
oh noes, not the steam
<deltasquared>
anything but the steam!
<deltasquared>
I can see that being one helluva thorn in the side
<deltasquared>
gl patching games :P
<Infinisil>
joepie91: I mean like to have all standard applications and everything be declared as a nixos module or so, the filesystem structure wouldn't be the same, but the functionality and looks
<joepie91>
from what I've gathered (I don't use Steam myself), Steam has been a major PITA for NixOS
<mbrock>
speaking of proprietary software, it'd be pretty sweet to have a Nix package for Davinci Resolve
<joepie91>
and an ongoing problem case
<joepie91>
Infinisil: sure, but then every sysadmin is hopelessly lost
<joepie91>
:p
<joepie91>
that's the problem - it's a paradigm shift, in the literal sense
<Infinisil>
joepie91: They need to learn The True Way!
<joepie91>
and a lot of people don't like paradigm shifts
<mbrock>
(it's a freely available proprietary program for video editing and postprocessing that's seriously "Hollywood quality")
<deltasquared>
joepie91: /me raises hand
<joepie91>
which is why I don't expect major distros to adopt this any time soon
<joepie91>
not without hacks anyway
<joepie91>
mbrock: do they have a static build?
<deltasquared>
joepie91: considering that steam and games may not have the user's best interests in mind (DRM?), I guess it'd be easier to just run them in a VM with an impure distro and passthrough a good GPU to it.
<mbrock>
no, the internet is full of horrible forum threads about which .so's to symlink where
<Infinisil>
deltasquared: If you manage to paradigm shift to Nix, you'll wonder how you ever did without it
<joepie91>
mbrock: sounds like a case for NixOS!
<joepie91>
heh
<deltasquared>
Infinisil: sounds like what happened when I finally got a 1080p monitor.
<joepie91>
mbrock: have a list of its deps?
<joepie91>
I'm bored, might as well give it a shot
<mbrock>
yeah, I actually had a need for some video postprocessing but my deadline was today, and I didn't have time to mess around with .so's :) :(
<joepie91>
(waiting for my PSU package to arrive, and can't focus on my Rust readings at the moment)
<Infinisil>
joepie91: Rust readings?
<deltasquared>
joepie91: new PSU huh? corsair? silverstone?
<joepie91>
deltasquared: Seasonic
<deltasquared>
hmm, ok.
<joepie91>
Infinisil: reading some Rust-related things, to learn Rust
<joepie91>
deltasquared: "hmm"? :P
<Infinisil>
Ah, should do that too
<deltasquared>
joepie91: I haven't heard of them that much.
<Infinisil>
But Idris is first on my list :)
<joepie91>
deltasquared: they're like, The One True PSU brand
<joepie91>
they produce the PSUs for most of the well-reviewed brands and models
<deltasquared>
joepie91: and rust is the one true safe language? :P
<mbrock>
joepie91: I didn't look into it that much, sry!
<joepie91>
mbrock: which version are you trying to get to work?
<Infinisil>
deltasquared: It does seem like it imo!
<joepie91>
deltasquared: wouldn't say that, no
<joepie91>
it makes a bunch of great tradeoffs for many usecases
<joepie91>
but not for all usecases
<mbrock>
joepie91: I tried for like 20 minutes to get the v14 to work in a Docker container
<joepie91>
programming languages are a little less well-defined than PSUs :D
ris has joined #nixos
<joepie91>
so there's not really a One True Language and very likely never will be
<Infinisil>
Idris ftw
<joepie91>
mbrock: Public Beta or Studio Public Beta?
<xd1le>
Infinisil: omg I was just about to mention idris
<deltasquared>
I was pondering the idea of adding rust's borrow checking to C++ via semantic analysis
<xd1le>
>_>
<xd1le>
hehehe
<deltasquared>
I suspect all the lang features would create a lot of corner cases.
erictapen has quit [(Remote host closed the connection)]
<Infinisil>
xd1le: Just imagine how good Idris could be if it got the support of Haskell over many years
<joepie91>
deltasquared: hmmm. is that not more or less what valgrind does?
<xd1le>
Infinisil: well Idris is still sorta young! But it seriously needs to be used. I swear if Idris dies ima be heaps sad
<deltasquared>
joepie91: no, I meant actually applying rust's borrow rules at the language level during compilation
<xd1le>
(like in the future)
<deltasquared>
it'd probably require differently-coded C++ to go with no doubt.
<joepie91>
deltasquared: anyway, re: Seasonic PSUs, they're pretty much considered some of the best PSUs money can buy, which is why I splashed out on one
<Infinisil>
xd1le: I'd cry
<joepie91>
deltasquared: right, but afaik valgrind does very similar analysis
<joepie91>
and yeah, that's part of the issue
<deltasquared>
joepie91: yeah, after the fact.
<joepie91>
I mean, you can integrate it into your build process I'm sure
<joepie91>
:P
<deltasquared>
I'm referring to the type level rules that rust has.
<joepie91>
anyway, Rust is overly cautious; it disallows things that /could/ be safe, but can't be reliably determined to be such
<deltasquared>
the idea of a value being "consumed" for instanace
<Infinisil>
xd1le: One of my goals is to be able to contribute and bring Idris forward
<joepie91>
so there will be safe things you suddenly can't do in C++ anymore, too
<deltasquared>
joepie91: probably a lot more. C++ is so bloody complex
<xd1le>
Infinisil: but yeah I reckon rust is awesome too, but Idris is like next-gen stuff in my opinion.
<xd1le>
Infinisil: or well, at least for me
<joepie91>
mbrock: still there? :P
<xd1le>
Infinisil: same!!
<Infinisil>
joepie91: There is an RFC for semantic instead of syntactic lifetimes
erictapen has joined #nixos
<xd1le>
Infinisil: I got big plans to contribute, just on time.... :|
<xd1le>
*no
<joepie91>
Infinisil: you referring to the non-lexical lifetimes thing, or?
<joepie91>
but even then Rust will still be overly strict
<joepie91>
which is fine, don't get me wrong
<joepie91>
it's just an important thing to keep in mind
<Infinisil>
xd1le: Yeah, I think if Idris got a Rust-like memory model, it would pretty much do anything
<deltasquared>
maybe I should get back to migrating my rootfs so I can actually get around to rust tinkering
<mbrock>
joepie91: it would be the nonstudio cuz thats free of charge
<joepie91>
(generally speaking, if a computer can't automatically determine whether something is safe to do, then a human certainly won't be able to)
<deltasquared>
or, nixos tinkering, as it were
<joepie91>
(so you proooobably shouldn't be doing it in the first place)
<joepie91>
mbrock: ack
<joepie91>
meh, registration wall
<deltasquared>
joepie91: right, so it suggests you should look for an alternate design
<joepie91>
excellent, 0000000000 is a valid phone number
<joepie91>
or so they think, anyway...
Fuuzetsu has joined #nixos
<Infinisil>
deltasquared: why do you need to migrate your root to use Rust?
<joepie91>
deltasquared: right :P
<Infinisil>
deltasquared: Ah, you mean NixOS
<xd1le>
Infinisil: and I think that could probably be possible to implement as well (but not sure how much of a priority it would be to edwin and co, but what's good is he's all about practical systems programming so I have high hopes for more idris usage)
<deltasquared>
Infinisil: I don't really, it was just something I needed to do as par the course for maintenance.
<joepie91>
blah, self-contained installer
<Infinisil>
xd1le: ++
<deltasquared>
I get the impression that you use nixos for a while and then you look at certain distribution practices with much distain, like self-extracting installers
<Infinisil>
deltasquared: I just did redo my whole storage setup today
<Infinisil>
Well in the last 24 hours really (haven't slept)
<deltasquared>
Infinisil: got any LVM in there?
<joepie91>
deltasquared: yep :P
<joepie91>
anyway, looks like it's just a bz2 with some shell junk prepended
<deltasquared>
lvm is one of those "how did I do without" things
<deltasquared>
joepie91: ewwwww
<Infinisil>
deltasquared: Nope, I originally had planned to use LVM to split the luks partition into swap and root, but then decided to use two encrypted luks partitions instead
<deltasquared>
I mean, it'd probably *work*, but blegh
<joepie91>
nah, I can deal with this
<joepie91>
GOG installers are similar
<joepie91>
except it's zip
<joepie91>
not bz2
<joepie91>
just throw them into the corresponding extract tool, ignore the warnings about the junk, and you're done
<joepie91>
easy enough
<joepie91>
much rather that than some bizarre custom format :)
* deltasquared
glares at kontakt
<deltasquared>
what's wine like under nixos I wonder
<Infinisil>
deltasquared: Because ultimately LVM is just another layer of abstraction which has to slow it down
<deltasquared>
Infinisil: I run luks atop lvm on mine, go figure. I don't even have aes-ni to speed things up
<joepie91>
hrm, or not.
<deltasquared>
hence I'm in the process of separating out my home dir and decrypting my rootfs so I can at least boot the core system unattended
<joepie91>
deltasquared: WINE works fine, and of course you can create packages for specific Windows applications that depend on a specific WINE version and config... :)
<Infinisil>
deltasquared: Ah, so you're managing your 'partitions' with LVM? That's what I have ZFS for
<deltasquared>
Infinisil: I find it much more robust than manually moving partitions around
<Infinisil>
deltasquared: Yeah, ZFS can do that too, couldn't imagine manually managing the linear storeg
<Infinisil>
storage*
<joepie91>
what the fuck is this installer even doing
<joepie91>
why is it using dd
<joepie91>
???
stanibanani has joined #nixos
<deltasquared>
to copy out the crap at the end?
<Infinisil>
There are some pretty weird installers out there
<joepie91>
calculates the amount of 1024kb-large blocks in the filesize
<joepie91>
then the amount of remaining bytes
<deltasquared>
sounds like someone was prematurely optimising
<joepie91>
then reads out the file starting at the offset and, subsequently, pipes it into a dd that reads it out per block and after that reads out the remainder in single bytes
<joepie91>
so that it ends cleanly at the end of the data segment
<joepie91>
well, 'premature', no
<joepie91>
given that this is for software packaging
<joepie91>
but shit like this reminds me why I hate Bash
<joepie91>
:p
<Infinisil>
Same, Bash should burn in a fire
<joepie91>
maybe this is a nice Rust project for today, writing a stand-alone unpacker for this crap
<joepie91>
heh
<deltasquared>
strict posix shell scripting is alright, assuming you've got shellcheck to help you
<deltasquared>
but it has limitations
<joepie91>
I definitely would not class it as 'alright'
<deltasquared>
pushing past them is painful, as I found out yesterday
<joepie91>
more like 'bearable, if you squint'
<joepie91>
from a language design POV it's all awful
<deltasquared>
joepie91: do you want me to show you my nft firewall generator written in shell script?
<joepie91>
deltasquared: I think this little exercise has given me enough Bash for today :P
<Infinisil>
deltasquared: I wanna see
<deltasquared>
it's not bash, it's *sh*. I was rigorous.
<deltasquared>
see, the ideas from nixos have slowly been leaking into what I do
<deltasquared>
the input/output chain fragments are still imperative, though.
<deltasquared>
I'm thinking I should change that so I can control the syntax better, as nft likes to explode at the slightest mistake
<Infinisil>
deltasquared: What kind of stuff do you mean are from nixpkgs?
betaboon has joined #nixos
<deltasquared>
Infinisil: the whole functional generation aspect
<Infinisil>
Ahh
<deltasquared>
though, instead of nix exprs I used flat files in a dir structure because that's all I could afford in sh :P
<Infinisil>
Yeah, I feel like generally the world approaches more functional programs everywhere
<deltasquared>
Infinisil: I had the idea a while back for an "iso exploder" which would separate all the fields and bits out into individual files, then an "unexploder" which could reproducably reassemble it
<deltasquared>
mostly it was so I could "edit" an iso but otherwise keep most other metadata the same
<Infinisil>
deltasquared: Soo, `id`?
<Infinisil>
Ah
<deltasquared>
at that point I guess I wouldn't have gained much from just creating an iso via say mkisoimage or whatever it was, bar precise control over timestamps say
<Infinisil>
Probably
<deltasquared>
what was the other thing... oh yeah, a tar indexer so you "mount" flat tarballs without having to rescan it all the time (because serial structure for tapes), though apparently someone beat me to it
stanibanani has left #nixos []
<deltasquared>
the indexing part, not necessarily the "mounting" part. would have had to be FUSE or smth
<Infinisil>
That could be useful,
<Infinisil>
but I wouldn't use it, probably more of a hassle than just unpacking it
<Infinisil>
If you have the space and power anyways
pie_ has quit [(Remote host closed the connection)]
pie_ has joined #nixos
<deltasquared>
Infinisil: it came from when I wanted to do something akin to the nix per-package directory thing with arch's packages, and not wanting to even have to extract the tarballs (still have to decompress 'em first though)
<deltasquared>
with 3-figure number of packages on my system I'd be curious to see how the VFS performed in such a setup, not to mention all those fuse instances
<joepie91>
theeere we go
<joepie91>
ah yes, of course the makeself-packaged archive contains an install.sh!
romildo has joined #nixos
<joepie91>
:|
<Infinisil>
deltasquared: I see
<joepie91>
joepie91 vs. davince resolve, round 2
<Infinisil>
joepie91: Didn't you say it was packaged for nix?
<romildo>
I am packaging libmatemixer (https://github.com/mate-desktop/libmatemixer) which supports the modules: Null, Alsa, PulseAudio, and OSS. I am looking for advice on how to handle that on the nix expression. Any clues?
<Infinisil>
Oh it's mbrock that said it *would* be sweet to have a nix package for it, I thought he said there was one already
<joepie91>
yeah
<joepie91>
hence why I'm currently trying to package it
<joepie91>
lol
<joepie91>
deltasquared: \cp -rf ${EXTRACTED_DIR}/$1 $2 || Exit_With_Error "Failed to copy $1 to $2" 6
<joepie91>
any idea what the backslash is there?
<joepie91>
before cp
<joepie91>
have not seen that before
<deltasquared>
joepie91: might I humbly suggest you try to work around and retain as much of it's own scripts as possible so as to minimise the possibility it'd break on upgrades
<deltasquared>
also hold on
<romildo>
Is it a good idea to choose one of the sound modules for libmatemixer? The options are Null, Alsa, PulseAudio, and OSS.
<deltasquared>
joepie91: so the backslash is on the same line? pretty sure this guy doesn't know how to shell now, that backslash would be idempotent here
<joepie91>
deltasquared: I would, if it weren't for the installer being totally inflexible in where it is installed :)
<Infinisil>
romildo: Maybe you could search for other packages in nixpkgs that do audio stuff with these modules
<deltasquared>
Infinisil: damnit you said it a lot more succintly than I was going to
<joepie91>
I was going to say readlink
<Infinisil>
:P
<joepie91>
:p
<joepie91>
readlink `which thunderbird`
<deltasquared>
eww, backticks!?
<joepie91>
deltasquared: `
pie_ has quit [(Remote host closed the connection)]
<nwuensche>
Infinisil: Thank you!
<joepie91>
:D
<joepie91>
deltasquared: anyway, should I care about the \?
<deltasquared>
joepie91: those backslashes would mean "interpret this c literally", which it already is
<Infinisil>
joepie91: I think readlink doesn't traverse multiple symlinks
<Infinisil>
But it works in this case
pie_ has joined #nixos
<joepie91>
Infinisil: ah, very possible
* joepie91
mentally replaces with realpath
<deltasquared>
joepie91: I see "dongle permissions" down there in that script, eww
<joepie91>
oh yes
<deltasquared>
it's echoing a UDEV rule damnit!
<joepie91>
yep
<deltasquared>
can I run away screaming yet
<joepie91>
like I said, touches a bunch of system stuff :p
<joepie91>
best part is that this is done only on install
<joepie91>
and I'm preeeetty sure that /dev perms aren't persisted
<Infinisil>
The only positive thing on this installer is that it teaches us what not to do
<joepie91>
mbrock: do you need dongle support?
<joepie91>
(please say no)
Filystyn has joined #nixos
Filystyn has quit [(Changing host)]
Filystyn has joined #nixos
hc has joined #nixos
<deltasquared>
that usb dev node looks like an interesting target for "intercepting" as it were
<deltasquared>
also, mode=666 ewwww
<joepie91>
aye
<joepie91>
I would not run this installer, that's for sure :P
<deltasquared>
"free" program ye say
jellowj has quit [(Ping timeout: 240 seconds)]
<joepie91>
deltasquared: so, about that request to make it use the original scripts as much as possible... :)
ixxie has joined #nixos
<deltasquared>
eehhhh.
<nwuensche>
And what is the best way to add a command to a package ? I want to add a file for the language in the thunderbird langauge, but I don't want to override a complete phase? Or is it possible to extend a phase?
<deltasquared>
well, at least there's no kernel module to worry about... right? RIGHT!?
<joepie91>
deltasquared: I have not looked at rsf/script.update yet...
<joepie91>
nwuensche: you could do a string concat/interpolation with the original, I think?
<joepie91>
ie. take the phase from the original derivation and then add something and set that as the new phase
hc_ has quit [(Ping timeout: 248 seconds)]
<joepie91>
iirc overriding is done with a function that gets the original derivation as an arg
<joepie91>
deltasquared: no kernel modules... yet
<mbrock>
joepie91: haha, no dongles!
<joepie91>
mbrock: excellent!
<joepie91>
that will save me half a sanity
<joepie91>
I can see why people have trouble with this thing :P
hc_ has joined #nixos
<mbrock>
if you get it working we can all make some really nice movies \o/
hc has quit [(Ping timeout: 246 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peterhoeg pushed 1 new commit to master: https://git.io/v53Sz
<NixOS_GitHub>
nixpkgs/master 84459dd Peter Hoeg: sensu: 1.0.2 -> 1.0.3
NixOS_GitHub has left #nixos []
<deltasquared>
I suspect a lot of what makes these "pro" tools in the proprietary area is a certain attention to feature sets and UX
Filystyn has quit [(Ping timeout: 246 seconds)]
<Infinisil>
The best video editor currently on NixOS which I know of is ShotCut
xd1le has joined #nixos
<xd1le>
Hi all, anyone know which package `sh` is under? It seems just 'bash', but not sure if that's correct.
<joepie91>
mbrock: btw, the use of an /opt folder makes me suspicious that this thing is going to try and write stuff to its own installation directory
<joepie91>
Infinisil: 'rewrite'? it's proprietary software with almost certainly hardcoded paths :P
<Infinisil>
joepie91: Do you have the source or just a binary?
<joepie91>
binary, it's proprietary
<deltasquared>
I'm pretty sure this thing is proprietary.
<Infinisil>
Ah, well maybe patchelf can do this, not sure though, haven't used patchesf
<joepie91>
Create_Dir_With_Permissions ${RESOLVE_BASE}/"Resolve Disk Database"\
<joepie91>
er
<joepie91>
Create_Dir_With_Permissions ${RESOLVE_BASE}/"Resolve Disk Database"
<joepie91>
this creates it with a+w
<joepie91>
RESOLVE_BASE is in /opt
<joepie91>
that's almost certainly mutable
<Infinisil>
looks like it
<joepie91>
not going to try and mess with patchelf or such
Filystyn has joined #nixos
<joepie91>
this application is of such complexity that string building is very likely going on
<joepie91>
so it'd just make it fail in weird ways
jtojnar has quit [(Remote host closed the connection)]
<joepie91>
Steam uses a fake FHS chroot, right?
jellowj has joined #nixos
<Infinisil>
I think so yes
<deltasquared>
wait what, steam chroots?
<deltasquared>
or is that just on nixos
<Infinisil>
just nixos
jtojnar has joined #nixos
jtojnar has quit [(Client Quit)]
jtojnar has joined #nixos
takle has quit [(Remote host closed the connection)]
<joepie91>
I may need to just do that
<joepie91>
no obvious way to influence where it writes stuff
freeman42y[m] has joined #nixos
takle has joined #nixos
<deltasquared>
so does nixos provide a way for unprivileged processes to set up containers? like, communicate with a daemon to start the container for such a program
freeman42y[m] has quit [(Read error: Connection reset by peer)]
freeman42y[m] has joined #nixos
<Infinisil>
deltasquared: Don't think so
erictapen has quit [(Ping timeout: 240 seconds)]
<deltasquared>
aww.
<joepie91>
that's a bit out of scope for NixOS :P
<joepie91>
unless you want to do it declaratively, in which case, sure? you'll still need to initiate a rebuild as root though
freeman42x[m] has quit [(Ping timeout: 255 seconds)]
takle has quit [(Ping timeout: 240 seconds)]
<joepie91>
my PSU arrived \o/
<joepie91>
very heavy box...
<deltasquared>
heavy means it's not cheap!
<joepie91>
lol
<joepie91>
also, sent insured apparently?
<deltasquared>
mine was def. heavy enough to be uncomfortable to hold single handed. source: a 500w silverstone one, forget the model
<joepie91>
ffs, this thing is HEAVY
<deltasquared>
the manual that came with mine gave me instructions on how to replicate their testing setup for ripple noise measurement
<joepie91>
also a bizarrely large box
<joepie91>
heh
<joepie91>
nice
<deltasquared>
that's what I like to see, manufacturers giving a shit
stanibanani1 has quit [(Ping timeout: 248 seconds)]
stanibanani has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej opened pull request #28608: kdeApplications: inherit new KDE applications into pkgs (master...kdepkgs) https://git.io/v539b
NixOS_GitHub has left #nixos []
deltasquared has left #nixos ["Leaving"]
takle has joined #nixos
takle has quit [(Remote host closed the connection)]
freeman42y[m] has quit [(Ping timeout: 240 seconds)]
<joepie91>
mbrock: I'm going to continue trying to package resolve tomorrow, since it seems it needs an FHS env and I expect a whole lot of other issues because the installer tries to touch all kinds of system stuff
<joepie91>
and I'm approaching bedtime :P
<joepie91>
but, it should be packageable
darlan has joined #nixos
darlan has quit [(Client Quit)]
b has joined #nixos
erictapen has joined #nixos
tmaekawa has joined #nixos
xd1le has quit [(Quit: Toodaloo padawans! 👣)]
<bachp>
joepie91: joepie91
<joepie91>
that is indeed my name
<joepie91>
:P
<bachp>
Sorry wrong touch on the UI ;-)
<joepie91>
hehe
<joepie91>
(figured as much)
jtojnar has left #nixos []
jtojnar has joined #nixos
jtojnar has quit [(Read error: Connection reset by peer)]
jtojnar has quit [(Remote host closed the connection)]
jtojnar has joined #nixos
<aristid>
the python packages in nixpkgs seem to be some of the worst when it comes to impurity... not that i blame nixpkgs for that
erictapen has quit [(Ping timeout: 260 seconds)]
ixxie has quit [(Ping timeout: 246 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 1 new commit to master: https://git.io/v537R
<NixOS_GitHub>
nixpkgs/master bebaf08 Tim Steinbach: linux-copperhead: 4.12.8.a -> 4.12.9.a
NixOS_GitHub has left #nixos []
stanibanani has quit [(Ping timeout: 252 seconds)]
pie__ has joined #nixos
ixxie has joined #nixos
pie_ has quit [(Ping timeout: 240 seconds)]
erictapen has joined #nixos
iyzsong-x has quit [(Ping timeout: 240 seconds)]
MoreTea has joined #nixos
python476 has joined #nixos
filterfish has joined #nixos
<rnhmjoj[m]>
could someone review PR #27688?
<hyper_ch>
hmmm, I tried to be smart and call a .nix file directly from github instead of just local and using now this in the configuration.nix: (pkgs.callPackage (builtins.fetchurl "https://raw.githubusercontent.com/sjau/pastesl/master/pastesl.nix") {}) --> that seems to work :)
jbgi has joined #nixos
<clever>
hyper_ch: every time you eval the nix expression, it may re-download the nix file, and possibly rebuild things again
<hodapp>
Mic92: wait a minute... I just checked metadata.json on html5lib_0_9999999 (by the path that I saw it populate) and I see "version": "0.9999999"\
<hodapp>
/nix/store/5kk8wivrpcfyk7z0a426f54rwcg9xd2y-python3.5-html5lib-0.9999999/lib/python3.5/site-packages/html5lib-0.9999999.dist-info/metadata.json for me... how did you find the path to html5lib that you used there?
<Ankhers>
Is there anything I can do in order to help with getting a nixpkgs-unstable release?
tmaekawa has joined #nixos
jbgi has quit [(Ping timeout: 248 seconds)]
<Mic92>
hodapp: echo $PYTHONPATH
<Mic92>
in nix-shell
<hodapp>
Mic92: in what nix-shell?
vandenoever has quit [(Ping timeout: 240 seconds)]
takle has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] vbgl pushed 3 new commits to master: https://git.io/v53bZ
<NixOS_GitHub>
nixpkgs/master ef2c0f3 Vincent Laporte: js_of_ocaml-compiler: move
<NixOS_GitHub>
nixpkgs/master 4b1a1c1 Vincent Laporte: js_of_ocaml-ocamlbuild: init at 3.0.0
<NixOS_GitHub>
nixpkgs/master 935e991 Vincent Laporte: js_of_ocaml: 2.8.4 -> 3.0.0...
NixOS_GitHub has left #nixos []
<hodapp>
that just gives "error: attribute ‘callPackage’ missing, at (string):1:28" if I run in nixpkgs/pkgs/development/python-modules/tensorflow_tensorboard
hc_ has quit [(Ping timeout: 248 seconds)]
<Mic92>
but this was the command I run
ShalokShalom has joined #nixos
<hodapp>
yeah, where did you run it?
mudri` has quit [(Ping timeout: 240 seconds)]
ShalokShalom has quit [(Read error: Connection reset by peer)]
tmaekawa has quit [(Quit: tmaekawa)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 2 new commits to master: https://git.io/v53bN
<NixOS_GitHub>
nixpkgs/master a4c2613 Vladimír Čunát: darwin.usr-include: set meta.platforms...
<NixOS_GitHub>
nixpkgs/master 592d23d Vladimír Čunát: maxx: fix evaluation...
NixOS_GitHub has left #nixos []
vandenoever has joined #nixos
<Mic92>
hodapp: on your file with nixpkgs unstable
takle has joined #nixos
<hodapp>
what file? default.nix in tensorflow_tensorboard?
stanibanani has joined #nixos
betaboon has quit [(Quit: This computer has gone to sleep)]
takle has quit [(Remote host closed the connection)]
takle has joined #nixos
freeman42y[m] has joined #nixos
<hodapp>
yeah. that's just giving the error I'm mentioning.
<Ankhers>
gleber_: ping
cfricke has joined #nixos
freeman42x[m] has quit [(Ping timeout: 248 seconds)]
<tokudan[m]>
Ankhers: basically figure out what's causing the failures and then start working on fixing them
proteusguy has joined #nixos
<hodapp>
huh, okay. $PYTHONPATH has both /nix/store/1r0n7kx1jfk9607jvrs2bi93j9j4x822-python3.6-html5lib-0.999999999 and /nix/store/3ybpmdknfvd70dfrli9m9rlhww98cj0p-python3.6-html5lib-0.9999999
<hodapp>
the former is first. I'm guessing that it's finding the incorrect version before the correct one.
<hodapp>
how does one go about figuring out which package added a different version of html5lib as a transitive dependency?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 3 new commits to master: https://git.io/v53ND
<seanparsons>
Are there any functions for manipulating paths in nix? I'm thinking of resolving symlinks primarily.
<hodapp>
the issue appears to be that 'bleach' declares 'html5lib' as a propagatedBuildInput, and it cannot work with html5lib-0.9999999
<Mic92>
seanparsons: you can only read files or directories
<Mic92>
both will probably also follow symlinks
<hodapp>
now I sort of wish I knew why all of these Python dependencies pinned their own dependencies on specific versions
takle has quit [(Remote host closed the connection)]
<jsgrant>
Anyone see anything blatantly wrong with https://paste.fedoraproject.org/paste/BgEjU~J7fynSTFX2UGysWg ; Getting an '''error: The option value `services.xserver.displayManager.lightdm.greeters.gtk.theme.package' in ... is not a package.'
<jsgrant>
Well, it let me set my wallpaper; And it looks like it "tried" to set icons & general theme ... user-icon img is different but coloring on theme is the same default grey; Icons are now missing button slots.
Baughn_ has joined #nixos
<jsgrant>
LnL: That's a very good start though; Ty, ty, ty! :^)
<jsgrant>
Stupid oversight on my part.
Baughn has quit [(Ping timeout: 240 seconds)]
Baughn_ is now known as Baughn
<LnL>
to be fair, the error could be better :)
bbarker has joined #nixos
takle has joined #nixos
cfricke has quit [(Ping timeout: 248 seconds)]
* jsgrant
is pretty happy how his conf.nix is coming along; Sure there's like 50 little problems I'm ignorant of atm.
<hyper_ch>
shouldn't it be configuration.nix ?
<jsgrant>
hyper_ch: It is, shorthanding it.
freeman42x[m] has joined #nixos
<hyper_ch>
updated a few things on mine today as well
* mrkgnao
observes that you can always symlink it to be technically correct
pie__ has quit [(Ping timeout: 276 seconds)]
* jsgrant
needs to see why his luks sdb isn't mounting via initrd; About only other 'more important' things next to lightdm.
<hyper_ch>
and that you have a key on sda that will unlock luks sdb?
<jsgrant>
hyper_ch: Yeah; None of my system partitions is on sdb generally -- sdb is a dedicated borg backup drive.
<jsgrant>
hyper_ch: If you add to boot.initrd.luks.devices it automatically prompts you with unlocking.
freeman42y[m] has quit [(Ping timeout: 252 seconds)]
<jsgrant>
It's just not mounting for some reason to /home/bup
<hyper_ch>
but you could also provide it with a key from seomwhere on /dev7sda
<jsgrant>
Yeah, but meh.
freeman42x[m] has quit [(Ping timeout: 264 seconds)]
ison111 has joined #nixos
<bbarker>
I saw offlinehacker/nixos on the docker hub but I'm not sure if this is fully working based on comments. It seems like using nixos in docker would be a great entry point for many new users who want to gradually adopt nixos - so if anyone knows anything about these efforts, I'd be interested to hear and maybe help out
<bbarker>
(of course there are benefits other than new user adoption)
<simpson>
bbarker: NixOS or just Nix? NixOS in Docker is a much taller task due to systemd; Nix in Docker is easy and I've been doing it all week.
<sphalerite>
bbarker: nixos isn't really suited for running in docker. You'd want a virtual machine.
<hyper_ch>
I still don't see the point of Docker
<bbarker>
is that due to kernel differences in nixos
<Mic92>
sphalerite: it is not different from other linux distributions, I would say
<jsgrant>
hyper_ch: In-general?
<bbarker>
@simpson sorry, i don't think i follow the part about systemd, or how that relates to docker
<hyper_ch>
yes
<Mic92>
bbarker: the kernel is pretty much mainline in nixos
<jsgrant>
hyper_ch: Consistent abstracted means, to run applications?
<hyper_ch>
fail to see the point of doing so
<simpson>
bbarker: systemd in Docker is troublesome.
<jsgrant>
Plus the "you can control the level of access it has to the underlying system".
<jsgrant>
hyper_ch: It's decent tech, but way way too overhyped from what I've seen/used.
<bbarker>
@Mic92 then in principle I would think you could run nixos in docker - I don't even quite care about docker, but i'd like to be able to run it as a container from another linux distro, and docker has been the go-to route to do that forme
* jsgrant
wants to play with Nix-Containers a bit.
<Mic92>
bbarker: we have dockerTools in nixpkgs to build docker container
<simpson>
bbarker: Again, do you want NixOS, or just Nix and nixpkgs? Do you actually want NixOS system services?
<jsgrant>
hyper_ch: Generally, right now containers are "the next big thing" and you see competition everywhere trying to push their tech.
<jsgrant>
Docker, Rocket, Atomic.
<jsgrant>
CoreOS, RancherOS, Project Atomic, NixOS to a small degree, etc, etc.
<jsgrant>
Latter distros.
<bbarker>
@simpson - ideally i'd like my experience to be as close to the real deal as possible; - if that means running in a container instead of just using nixpkgs in the host OS, I'm happy to start there
<simpson>
bbarker: Boot a VM. You can do it locally or in The Cloud.
<jsgrant>
bbarker: At that point though, as other's said (just tuned in now) -- why no vm?
<simpson>
That's the best way to play around and learn the basics.
<Mic92>
bbarker: if you want to run more or less plain nixos, then lxc is better
<jsgrant>
Hell if you install Nix proper, it's pretty trivial to have it launch a vm.
stanibanani has quit [(Quit: Leaving.)]
<sphalerite>
Mic92: nixos is an OS. Docker is not for running OSes.
<jsgrant>
sphalerite: Then why can you run Webbrowsers in it? :^)
<bbarker>
@Mic92, thanks, I'll look into it.
<Mic92>
sphalerite: nothing is preventing you from that.
<jsgrant>
Is the web, the new "emacs" (Decent OS, but etc etc).
<jsgrant>
?*
<bbarker>
@sphalerite - well, as others pointed out, nixos is a Linux OS with a standard kernel ... meaning it should be amenable to run as a linux container
stanibanani has joined #nixos
joelpet has quit [(Ping timeout: 255 seconds)]
<simpson>
bbarker: I feel that you're missing the key part where NixOS's userspace *doesn't work right* in a container.
<Mic92>
simpson: this is wrong
<sphalerite>
Docker != all container systems
<simpson>
Mic92: Okay, TIL. Explain please.
<jsgrant>
LnL: Thanks again -- will look into it more later, but on the right track I think now. :^)
<bbarker>
@jsgrant - I suppose I could, but on a local cloud it is a pain - I've made my own nixos image before and there were issues with cloud-init, etc. So one could run nixos in an existing image supported on said cloud, if it were run as a container
* jsgrant
is going afk.
<jsgrant>
bbarker, Sorry errands. o/
<Mic92>
simpson: nix container?
<sphalerite>
systemd, which is a critical part of NixOS, does not play nicely with docker
<bbarker>
@simpson ok, that's interesting to me - any idea why?
<sphalerite>
Mic92: no, nix*OS* container
<sphalerite>
what we're talking about is how nixOS is unsuitable for running in docker.
<Mic92>
sphalerite: yes, just a typo
<sphalerite>
Nix is fine.
<simpson>
bbarker: systemd.
<bbarker>
hmm ... almost all major distros use systemd these days, ubuntu, redhat, etc - all of which seem to have docker images
<sphalerite>
Yes, but you're not running the OS
<Mic92>
sphalerite: archlinux can run in a container, so can nixos
<sphalerite>
bbarker: with the container image you're not running the OS. you're running parts of the userspace, but not the actual OS
<sphalerite>
Mic92: same. It's not running the OS, just some packages from the OS.
<stanibanani>
is there a way to "throw" warnings in the nix language?
<sphalerite>
Mic92: and I meant show me NixOS running in a docker container, not arch :)
<simpson>
Warnings are done by printing trace messages, usually. There might be a nixpkgs lib function for it.
<Mic92>
sphalerite: this is just nitpicky, sure you cannot run a kernel in operating system container
<bbarker>
@sphaerite - I get that, in the sense that OS = kernel. But I don't get how that is an issue if NixOS uses a basically stock kernel
<sphalerite>
This isn't about the kernel
<simpson>
Mic92: In particular, I have a k8s cluster with spare capacity. Is there an image name that you could give me to pull *right now* to run NixOS?
<sphalerite>
it's about systemd and the service starting mechanism and all that
<sphalerite>
And the declarative config
<sphalerite>
Just having some files that are part of a NixOS installation, doesn't mean you have NixOS
<simpson>
I'm happy to be wrong about *why* there isn't a NixOS official container image. If there actually *is* an image, though, then that's a different and new wrongness that I'd like to know about.
<sphalerite>
bbarker: no, OS ≠ kernel
Neo-- has quit [(Ping timeout: 252 seconds)]
<sphalerite>
bbarker: systemd is the problem. Systemd will not run in a docker container.
<bbarker>
hmm, I guess I might be able to see how that could be an issue - Docker has the notion of an entry point, which is usually not systemd or init. if NixOS depends on that in some way that other distros do not, i guess it could be an issue
<Mic92>
sphalerite: you can also use lxcfs, if you want
ona has joined #nixos
<Mic92>
I run 30 unprivileged container with systemd
<sphalerite>
I'm not arguing that you can't run nixos in a container, I'm arguing that you can't run nixos (contained) in a docker container.
<bbarker>
@sphalerite gotcha ... I'll try lxc then, as a starting point
<Mic92>
lxcfs is not specific to lxc, you can use the same fuse for docker as well
<sphalerite>
I still recommend using a VM
<sphalerite>
because that's a well-trodden path, and straying from the well-trodden path for your first experience with NixOS (or anything really) is unlikely to go well.
<bbarker>
Speaking for myself, it isn't my first experience with nixos, but I take your point. Maybe I'll try running it in KVM, playing around with GPU passthrough to see how much of my desktop tasks I can gradually offload to nixos
et4te has quit [(Quit: Leaving)]
<simpson>
That sounds much more painful than documenting your tasks and seeing whether a hard switch is feasible.
<sphalerite>
^
<bbarker>
maybe, well, any java developers here - my main concern from the past was that running intellij was not a happy experience, but it has been a while and i'm foggy on the details
<sphalerite>
last I tried it was working fine
<clever>
simpson: if you set boot.isContainer = true; in the nixos config, it will omit the initrd and kernel image
<sphalerite>
(about April)
<sphalerite>
clever: it won't make systemd work in docker though :)
<simpson>
clever: What else is missing? Are there docs?
mkoenig has quit [(Remote host closed the connection)]
jellowj has quit [(Ping timeout: 248 seconds)]
mkoenig has joined #nixos
erictapen has joined #nixos
pie__ has joined #nixos
mudri` has joined #nixos
mkoenig has quit [(Quit: Lost terminal)]
<bbarker>
is running docker inside of nixos reasonably easy?
<bbarker>
sorry for my lack of question-mark?- something must be grabbing it
<simpson>
The basics are easy. Networking is as difficult as in other distros.
<bbarker>
great
<bbarker>
and i know what you mean ...
mkoenig has joined #nixos
bfrog has quit [(Ping timeout: 276 seconds)]
<Mic92>
the documentation is probably not as good as archlinux for instances.
seppellll has quit [(Ping timeout: 248 seconds)]
alx741_ has quit [(Quit: alx741_)]
bfrog has joined #nixos
alx741 has joined #nixos
stanibanani has left #nixos []
Lisanna has joined #nixos
<globin>
ping cstrahan, manveru, zimbatm, have some questions regarding ruby/bundler and gitlab
stanibanani1 has joined #nixos
joelpet has joined #nixos
bfrog has quit [(Ping timeout: 255 seconds)]
<bbarker>
I feel like my approach would be to use nixos for most things, and if it is a true PITA (looking at you, MATLAB), then maybe try to run in a docker container
<alunduil>
clever, turns out that it never hits the system. strace doesn't show the filename, and the error comes from somewhere inside of the python libraries.
<clever>
alunduil: adding -f to strace will go deeper into the search
<alunduil>
clever, still not seeing anything about that path in the strace output.
<clever>
which path are you looking for?
<alunduil>
clever, did a search through the output for Caf.
<clever>
try a search for en_US or locale
<alunduil>
clever, will do.
hotfuzz_ has joined #nixos
<hodapp>
Mic92 & clever: thanks for the help earlier; the eventual problem seemed to just be that pip doesn't like conflicting transitive dependencies, and one package wanted html5lib-0.9999999 while another refused to use a version that old.
<hodapp>
annoying pull request forthcoming.
<alunduil>
clever, that has a few hits but only to find the glibc and python locale libraries. Nothing that looks out of place.
hotfuzz has quit [(Ping timeout: 240 seconds)]
ris has joined #nixos
ris has quit [(Client Quit)]
ris has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh pushed 1 new commit to staging: https://git.io/v5svj
<globin>
manveru, cstrahan, zimbatm: from #nixos-dev: do you know how bundler finds gems? as in for gitlab I've tried setting GEM_PATH, GEM_HOME and BUNDLE_PATH and bundle env shows they're read, but gems cannot be found although they seem to be in the path. also GEM_PATH=... irb -> require 'blah' finds it, relevant code in
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to staging: https://git.io/v5sJQ
<NixOS_GitHub>
nixpkgs/staging ccbdab9 Robin Gloster: ed: 1.14.1 -> 1.14.2
NixOS_GitHub has left #nixos []
Ivanych has quit [(Ping timeout: 255 seconds)]
freeman42y has joined #nixos
Baughn has quit [(Quit: ZNC 1.6.2+deb1 - http://znc.in)]
Baughn has joined #nixos
_ris has joined #nixos
<cstrahan>
globin: if you revert that last big Ruby commit, does stuff start working again? I'll see if I can investigate in a couple hours.
ris has quit [(Ping timeout: 240 seconds)]
_ris is now known as ris
<globin>
cstrahan: it was broken before
nwuensche has joined #nixos
Ivanych has joined #nixos
<nwuensche>
Hi! I'm trying to build a package, but it just says "stat: No such file or directory", but there is no stat command. Where does this come from?
<nwuensche>
srhb: Are you online? I have a cups question, again.
griff_ has quit [(Quit: griff_)]
<nwuensche>
Ok, so to the others. I'm trying to convert the deb driver for my Brother DCP145C to a one that works for NixOS. We did it Monday for another Brother Printer of mine, however, I have a problem now. You can find the stuff here: https://github.com/NWuensche/brotherppd2 .
<nwuensche>
If I try to echo "test" | tcsh brlpdwrapperDCP145C in the cups-progs-filter folder, I just get: Bad : modifier in $ '+'.
kicia96 has quit [(Remote host closed the connection)]
<hodapp>
is it preferred, if I'm copying 80-90% of an expression just for something like a different version, to just factor it out and parametrize on the different parts?
catch22 has quit [(Remote host closed the connection)]
<sphalerite>
hodapp: yes. Or use an override
alx741_ has joined #nixos
nwuensche has joined #nixos
<sphalerite>
domenkozar: gchristensen: thanks :)
<Ankhers>
gleber_: Anything I can help with?
<nwuensche>
Hi! So my printer package now says! /nix/store/v4dsrk9hipf3bs4vnj1b404kyp0nl82v-mfc2j47dd 0dw-cupswrapper-3.0.0-1/lib/cups/filter/.brlpdwrapperDCP145C-wrapped: line 66: grep: command not found
seppellll has joined #nixos
<nwuensche>
What's going on there? I wrapped coreutils
<sphalerite>
hodapp: an override is probably simpler to write and doesn't require any change to the original so it might even be a better option than factoring it out
alx741 has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 3 new commits to master: https://git.io/v5sOW
<NixOS_GitHub>
nixpkgs/master 9bacde7 Robin Gloster: prometheus-haproxy-exporter: 0.7.1 -> 0.8.0
<NixOS_GitHub>
nixpkgs/master 73885ee Robin Gloster: prometheus-pushgateway: 0.3.1 -> 0.4.0
<NixOS_GitHub>
nixpkgs/master 20e37ee Robin Gloster: prometheus-statsd-exporter: 0.3.0 -> 0.4.0
stanibanani has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] swflint opened pull request #28624: git-fire: Init at master as of 2017-08-27 14:30 CST (master...git-fire) https://git.io/v5sOA
NixOS_GitHub has left #nixos []
VLetrmx has joined #nixos
<globin>
nwuensche: gnugrep probably
FRidh has quit [(Quit: Konversation terminated!)]
goibhniu has joined #nixos
nwuensche has quit [(Ping timeout: 240 seconds)]
aanderse-laptop has joined #nixos
aanderse-laptop has quit [(Client Quit)]
<aanderse_>
i'm looking for a way to tell nixos that if it can't mount a disk it shouldn't fail during boot
<aanderse_>
i have fileSystems."/mnt/blah" = { device = "/dev/disk/by-partuuid/blah"; fsType = "ntfs"; }
<aanderse_>
but if that partition won't mount during boot the system won't boot
<aanderse_>
so... any option to say "i don't care if it won't mount, keep going"?
<Ralith>
are you sure you want to mount on boot, and not have some sort of automount solution instead?
<aanderse_>
Ralith: either or
<aanderse_>
happy to hear any and all solutions
<Ralith>
it seems like the latter would make more sense for a circumstance like that, but unfortunately I can't actually advise how to pull it off
<Ralith>
would be interested to hear if someone knows!
<clever>
bigvalen: in my case, logged is systemd/journald based
hiratara has joined #nixos
<clever>
logger*
<bigvalen>
# which logger
<bigvalen>
Ah, so systemd has replaced syslog ?
<bigvalen>
I wonder if running systemd + syslog-ng has confused things
<bigvalen>
That's the systemd logger alright
<jeaye>
Is there a good way to mount container filesystems to the host filesystem for quick work? My container doesn't have network access, intentionally, but I'd like to set it up with some files.
<bigvalen>
So, maybe the real question I need to research is "Why is systemd not writing to /var/log"
<clever>
bigvalen: systemd writes everything to /var/log/journal/
<clever>
jeaye: the containers already exist on the rootfs, just look in /var/lib/containers
<jeaye>
wooot
* jeaye
looks
<jeaye>
Yep, very nice. Thanks, clever.
<clever>
[root@edgenodes-scaling:~]# ls -ltrh /var/lib/containers/instance1/var/log/journal/1eee236909a04035bf155336e7d7fbd7/
<clever>
total 609M
<clever>
-rw-r-----+ 1 root systemd-journal 8.0M Aug 26 16:22 system@6d0d720baf6243a3a6b4cd18395eb58c-0000000000000001-000557a407f85f86.journal
<clever>
and then both of you at once, here is the journal for a random container!
<clever>
bigvalen: and with this, i can view the journals within something not mounted at / currently
<clever>
either a container, or a broken system while in a rescue cd
<bigvalen>
The reason I started this ... wild goose chase was to debug samba. It's not logging anything either.
jellowj has quit [(Ping timeout: 246 seconds)]
taktoa has joined #nixos
<clever>
bigvalen: in the case of debugging serives, i usualy tell systemd to stop the service, then i read the /etc/systemd/system/foo.service file, drop to the right user with sudo, and then run the ExecStart under gdb
<clever>
bigvalen: while setting the Environment vars listed in the .service
mizu_no_oto has joined #nixos
<bigvalen>
Joy. Samba is now logging stuff again. I've no idea why. Maybe I stopped telling it to use syslog.
<bigvalen>
[GUEST] FAILED with error NT_STATUS_NO_SUCH_USER
[0x4A6F] has quit [(Remote host closed the connection)]
bennofs has quit [(Ping timeout: 240 seconds)]
akaWolf has quit [(Ping timeout: 260 seconds)]
* bigvalen
does the dance of joy. Thanks for the pointers on systemd. Still think it annoys me, and I don't like it.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] magnetophon opened pull request #28625: Vee One Suite: 0.8.0 -> 0.8.4 (master...VeeOne) https://git.io/v5sGW
NixOS_GitHub has left #nixos []
d3xter has joined #nixos
Neo-- has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] fpletz pushed 13 new commits to master: https://git.io/v5sZA
<NixOS_GitHub>
nixpkgs/master e047722 Franz Pletz: bitkeeper: mark as broken
<NixOS_GitHub>
nixpkgs/master fa7d449 Franz Pletz: bruteforce-luks: 1.2.1 -> 1.3.1
<NixOS_GitHub>
nixpkgs/master a160f34 Franz Pletz: xar: 1.5.2 -> 1.6.1
NixOS_GitHub has left #nixos []
filterfish has quit [(Ping timeout: 276 seconds)]
seppellll has quit [(Ping timeout: 248 seconds)]
<catern>
is there any script in existence that will iterate over a Nix expression and build all the fixed-output derivations?
lilith_ has quit [(Quit: Konversation terminated!)]
<dtzWill>
catern: the stuff in scripts/maintainers/*tarballs* is close, might even do what you're interested in
hamishmack has quit [(Quit: hamishmack)]
<dtzWill>
err maintainers/scripts/
<dtzWill>
:)
<catern>
yes, that's it! thanks!
d3xter has quit [(Quit: Leaving)]
<gchristensen>
international / eu travelers, how is Aer Lingus?
goibhniu has quit [(Ping timeout: 260 seconds)]
Sonarpulse has quit [(Ping timeout: 246 seconds)]
markus1189 has joined #nixos
glenn has joined #nixos
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
markus1199 has quit [(Ping timeout: 276 seconds)]
<Lisanna>
has anyone been able to figureout a good way to make running docker containers part of your NixOS system derivation? I'm reading thruogh the docker daemon and docker client manuals and it sounds kind of tricky
takle has quit [(Remote host closed the connection)]
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<Lisanna>
Yeah, I've gotten that far which is great, but the running part is the hard part
<Lisanna>
Trying to get something like "virtualisation.docker.containers.<name?> = { container = ./container.tar.gz; options = ""; }
<Lisanna>
oh, sorry, misread your link
<Lisanna>
I don't think the NixOS containers will work for me - I'm specifically trying to get a CentOS environment running, and the NixOS containers are only for NixOS things
<Lisanna>
but docker requires you to do a whole bunch of manual steps before you can get a running container, which is pretty lame
<Lisanna>
nixos will start the daemon for you at least, but you have to load the tar.gz, tag it, then call the client's run command with that tag, and then if you restart then all that state gets carried over ):
gnuhurd has quit [(Remote host closed the connection)]
<jeaye>
I haven't seen a way, in the NixOS manual or sources, to grant my container access to /dev/urandom.
filterfish has joined #nixos
<jeaye>
Does NixOS expose this?
<Lisanna>
haha, maybe I'll just run the docker daemon inside a NixOS container to solve the problem
<Lisanna>
> when your container system is so bad that it needs to be put inside of a different container system to be usable
b has quit [(Quit: Lost terminal)]
<gchristensen>
w00p just booked my flights for NixCON