<sphalerite>
cmcdragonkai1: re your question quite a while ago about composing multiple repos, I'd use a fetchgit for each one then runCommand to symlink them all into the expected filesystem tree
<sphalerite>
Or cp if they need to be modifiable by the build
jb55 has quit [(Ping timeout: 240 seconds)]
<sphalerite>
disasm Infinisil: re your earlier discussion about nix-daemon
<sphalerite>
It's only required if you don't have write access to the nix store
<sphalerite>
(Which should normally be the case!)
<sphalerite>
In a single-user setup you won't have a daemon, but single-user is bad :p
hamishmack has joined #nixos
eacameron has joined #nixos
<disasm>
sphalerite: right, the person we were talking to was on nixos and wanted to limit who could build/install stuff
<disasm>
anyone ever seen this error? install: cannot stat 'strip': No such file or directory
<disasm>
in nix-shell for the same build, strip exists and is runnable
<disasm>
in the PATH
<grahamc>
I love how much this community cares about each other and how good NixOS and the NixOS experience. Even when it becomes frustrating doc***k discussions Thank you everyone.
eacameron has quit [(Ping timeout: 248 seconds)]
<sphalerite>
disasm: yeah, I figure the easiest way of doing that (providing it's actually what they want which it's probably not) is to set ACLs on the daemon socket
<sphalerite>
v0lZy: ^
<sphalerite>
Did disasm and Infinisil manage to convince you that you don't actually want to restrict access? :p
<pxc>
I want to add a node package to 17.09. Will I have to make a PR against 17.09 as well as master, since the process for adding a package also updates all the other node packages?
<qz>
looks like as (gcc assembler) is not a part of gcc.cc package, how do i get it then?
<disasm>
qz: nix-shell -p stdenv.cc
<disasm>
oh, gcc assembler
<disasm>
one sec...
<disasm>
you mean gas?
<qz>
disasm: no, as. its part of compilation for gcc and its strange that gcc does not bring it in
<disasm>
yeah, use stdenv.cc
<qz>
i'm trying to write a derivation for c program and bringing gcc in. you mean i should use mkDerivation and friends instead of derivation?
<disasm>
well this is a new one... RPATH of binary /nix/store/xn8v5xlibqkhl5z0yyhr0skxvszdsjk1-qxt-0.6.2/lib/libQxtGui.so.0.6.2 contains a forbidden reference to /tmp/nix-build-qxt-0.6.2.drv-0
<disasm>
eqyiel[m]: that's really odd
<disasm>
eqyiel[m]: can you run nix-shell -p nox --pure --run "nox-review wip"
ryanarte_ has quit [(Quit: ryanarte_)]
Shados has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] therealpxc opened pull request #29687: nodePackages.typings: init at 2.1.1 (master...typings) https://git.io/vdJD6
NixOS_GitHub has left #nixos []
Supersonic112 has quit [(Disconnected by services)]
Supersonic112_ has joined #nixos
Supersonic112_ is now known as Supersonic112
<qz>
i built newer nix-env from sources but when i run it, it fails to find /usr/local/share/nix/corepkgs/derivation.nix any way to make it use nix store for corepkgs? or wherever old nix-env used
mbrgm has quit [(Ping timeout: 252 seconds)]
mbrgm has joined #nixos
pxc has quit [(Ping timeout: 248 seconds)]
<disasm>
eqyiel[m]: ah, that's normal, guess nox-review doesn't work in a pure shell by itself
<eqyiel[m]>
disasm: thanks for looking into it for me, don't worry about it too much right now though
<eqyiel[m]>
hoepfully someone more clued in than me will see that issue and ask the right question :)
drakonis has quit [(Remote host closed the connection)]
_ris has quit [(Ping timeout: 248 seconds)]
drakonis has joined #nixos
kiloreux has joined #nixos
kiloreux has quit [(Client Quit)]
kiloreux has joined #nixos
<disasm>
aha, it's linking the rpath of the tmp build dir.. but why???
<NixOS_GitHub>
[nixpkgs] Ericson2314 opened pull request #29688: ghc prebuilt: Add 7.8.4 and 7.10.3, and make consistent style (master...ghc-prebuilt) https://git.io/vdJSI
<eqyiel[m]>
does anyone have an opinion on which of these is better: having two kerberos services (one for each implementation) or having one that installs different services depending on which implementation is selected? is there anything like this in nixpkgs right now?
<eqyiel[m]>
I'm leaning in favour of the first one so it would look like`services.kerberos_server.implementation = "heimdal"`
<eqyiel[m]>
considering that you can't really have both at the same time (they would be fighting over ports)
pxc has joined #nixos
ryanarte_ has joined #nixos
<eqyiel[m]>
I also wonder if I know enough about heimdal to support both
jellowj has quit [(Ping timeout: 248 seconds)]
lambdamu_ has joined #nixos
lambdamu has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] therealpxc opened pull request #29690: varnish: enable Darwin build (master...varnish) https://git.io/vdJS7
NixOS_GitHub has left #nixos []
takle has quit [(Ping timeout: 248 seconds)]
Wizek has quit [(Quit: Connection closed for inactivity)]
<eqyiel[m]>
adding it to `environment.systemPackages` won't do anything for the apache service
<xthinker>
OK so dependency a pulled by the http service i does not cared about installed packages right?
<xthinker>
.. are pulled ...
<eqyiel[m]>
xthinker: if I understand you correctly, yeah, services typically install their own dependencies :D
<xthinker>
juhu it worked
<xthinker>
It also my first time using IRC
ebzzry has quit [(Ping timeout: 240 seconds)]
<xthinker>
was a very fast solutuinn, thank you very much. I tried do google a lot for this problem. But nothing did fit . I guess I understood the main concept of nixos but not how to use this concept correctly.
schoppenhauer has quit [(Ping timeout: 252 seconds)]
schoppenhauer has joined #nixos
kiloreux has joined #nixos
<jcarr>
okay, so how do I configure the power management to stay active when the lid is closed
<jcarr>
or at least what's the nixos way to do this
<jcarr>
I guess I can set it in logind?
<jcarr>
Nevermind sorry for any time wasted
<jcarr>
The config setting services.logind.extraConfig is what I wanted, the example is even what I was doing :|
Robinson2 has joined #nixos
<Robinson2>
hi i'm trying to install nixos on a chromebook with libreboot but I can't seem to get the device to boot from the usb
slack1256 has quit [(Remote host closed the connection)]
mkoenig has quit [(Ping timeout: 248 seconds)]
MP2E has quit [(Quit: leaving)]
takle has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
<jcarr>
1. how'd you put it on the usb
<jcarr>
and 2. what's your bios settings
<jcarr>
check if it's UEFI or BIOS
<jcarr>
*boot settings
<Robinson2>
jcarr, put it on with dd, using libreboot
<Robinson2>
so coreboot not uefi or bios
<jcarr>
Oh okay, I don't know anything about that tbh
kiloreux has quit [(Ping timeout: 240 seconds)]
rtjure has quit [(Ping timeout: 248 seconds)]
eacameron has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
sary has quit [(Ping timeout: 248 seconds)]
endertux has joined #nixos
sary has joined #nixos
leat has joined #nixos
Ridout has quit [(Quit: Lost terminal)]
proteusguy has quit [(Remote host closed the connection)]
eacameron has joined #nixos
rtjure has joined #nixos
Intensity has quit [(Ping timeout: 246 seconds)]
derchris has quit [(Ping timeout: 248 seconds)]
derchris has joined #nixos
drakonis has quit [(Read error: Connection reset by peer)]
pie_ has quit [(Read error: Connection reset by peer)]
pie_ has joined #nixos
justbeingglad has joined #nixos
justbeingglad has left #nixos []
a6a3uh has joined #nixos
phdoerfler has joined #nixos
glenn has quit [(Remote host closed the connection)]
a6a3uh has quit [(Client Quit)]
glenn has joined #nixos
glenn has quit [(Ping timeout: 248 seconds)]
a6a3uh has joined #nixos
a6a3uh has quit [(Client Quit)]
griff_ has joined #nixos
griff_ has quit [(Ping timeout: 248 seconds)]
eacameron has quit [(Remote host closed the connection)]
sellout- has quit [(Quit: Leaving.)]
eacameron has joined #nixos
glenn has joined #nixos
glenn has quit [(Remote host closed the connection)]
glenn has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
glenn has quit [(Remote host closed the connection)]
glenn has joined #nixos
leat has quit [(Quit: WeeChat 1.9)]
jcarr has quit [(Ping timeout: 252 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh pushed 8 new commits to master: https://git.io/vdJbV
pie_ has quit [(Remote host closed the connection)]
pie_ has joined #nixos
takle has joined #nixos
_rvl has quit [(Ping timeout: 240 seconds)]
numerobis has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
justanotheruser has joined #nixos
Intensity has joined #nixos
glenn has quit [(Remote host closed the connection)]
takle has joined #nixos
glenn has joined #nixos
_rvl has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
glenn has quit [(Remote host closed the connection)]
glenn has joined #nixos
<sphalerite>
Robinson2: I think that's pretty much unexplored territory. Is it arm or x86?
<Robinson2>
sphalerite, ARM
<sphalerite>
C201?
<Robinson2>
yup, from the articles i've read i'm getting the impression that I can install NixOS onto a USB or something and then copy that over to the C201 internal hard drive
<Robinson2>
not sure if there is any better methods
<sphalerite>
It's something I've wanted to do but I haven't even got Debian booting successfully yet
<sphalerite>
All I've got is a Debian chroot with nix installed in it
<sphalerite>
The screen just goes black if I try to boot the Debian kernel
<Robinson2>
oh I see
<sphalerite>
FWIW it might be booting successfully and just not know how to talk to the graphics chip
<sphalerite>
But I have no way of telling
<sphalerite>
Well actually I could try checking if logs get updated
<Robinson2>
well graphics chip was proprietary right?
<sphalerite>
Yeah I think I installed the firmware for it though
<Robinson2>
maybe try with Tamil binary blob?
<sphalerite>
That's what I did I think
jensens has joined #nixos
<Robinson2>
hmm
<sphalerite>
This was a couple months back though, I don't remember all the details
<sphalerite>
Oh wait no, I tried the stock kernel as well
<sphalerite>
I'm guessing it doesn't have a text mode built in so I would have had to have it start fbterm
<sphalerite>
Or something like that
<sphalerite>
Either way it's not simple :(
<sphalerite>
Have you already installed libreboot on yours?
justanotheruser has quit [(Ping timeout: 252 seconds)]
<Robinson2>
yup
<Robinson2>
had trouble figuring out how to get a distro on it though without chrome's kernel
_rvl has quit [(Ping timeout: 248 seconds)]
<sphalerite>
But you've got it booting with chrome os's kernel?
Intensity has quit [(Ping timeout: 246 seconds)]
a6a3uh has joined #nixos
<Robinson2>
no not that either
<Robinson2>
I'm about to try the debian installation now
<sphalerite>
Good luck! If you get anywhere please do let me know because I'd love to get it working too
_rvl has joined #nixos
<Robinson2>
will do
glenn has quit [(Remote host closed the connection)]
glenn has joined #nixos
Intensity has joined #nixos
FRidh has quit [(Quit: Konversation terminated!)]
numerobis has quit [(Ping timeout: 252 seconds)]
ryanarte_ has quit [(Quit: ryanarte_)]
pxc has quit [(Ping timeout: 240 seconds)]
leat has joined #nixos
simukis has joined #nixos
hexa- has quit [(Ping timeout: 260 seconds)]
JosW has joined #nixos
<sphalerite>
I have a bunch of machines that will all be running similar configurations. Would it make sense to have nix-serve running on each one, and have each one use each other one as a binary cache, in order to have them download stuff from cache.nixos.org only once collectively?
freeman42x has quit [(Ping timeout: 240 seconds)]
_rvl has quit [(Ping timeout: 240 seconds)]
numerobis has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to staging: https://git.io/vdJxa
<NixOS_GitHub>
nixpkgs/staging 73282c8 Vladimír Čunát: Merge branch 'master' into staging...
NixOS_GitHub has left #nixos []
Anarazael has joined #nixos
<Anarazael>
Hello folks, I'm using Nix on Arch. I cannot manage systemd modules, there's no .service file in the daemons packages... Does anyone can help me?
taktoa has joined #nixos
numerobis has quit [(Ping timeout: 240 seconds)]
<sphalerite>
vimNox depends on X libraries >_>
<makefu>
Anarazael: when you only use the nix daemon then you will not be able to manage systemd services. the module system is only available when you buy the professional version ( just kidding, it is only available when you use NixOS)
<makefu>
s/nix daemon/nix tool/
takle has joined #nixos
<Anarazael>
Ok, tnx. Any chance to have it in future for non-Nixos systems?
mattcode has joined #nixos
Neo-- has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to master: https://git.io/vdJpE
<NixOS_GitHub>
nixpkgs/master f7d7c7b Michael Raskin: singular: use gcc5...
NixOS_GitHub has left #nixos []
takle has quit [(Ping timeout: 240 seconds)]
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c closed pull request #29682: singular: use gcc5 to fix build (master...fix/singular-build) https://git.io/vdJ6H
NixOS_GitHub has left #nixos []
a6a3uh has joined #nixos
glenn has quit [(Remote host closed the connection)]
<ersran9>
Hi, I'm getting an error "/nix/store/sgj56cvdq6j36f0d6qhdcmh5xr70lih4-stdenv/setup: line 922: ./Setup: Permission denied" repeatedly when trying to do a nix-build. Any pointers on where to look?
ryanart__ has joined #nixos
ryanarte_ has quit [(Ping timeout: 240 seconds)]
koserge has joined #nixos
endformationage has quit [(Quit: ZZzz.)]
ericsagnes has joined #nixos
a6a3uh has joined #nixos
_ris has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] taku0 opened pull request #29693: oraclejdk: add version 9 (master...oraclejdk-9) https://git.io/vdJjy
NixOS_GitHub has left #nixos []
mmmrrr has quit [(Read error: Connection reset by peer)]
<Dezgeg>
no, you need to chainload u-boot at least
<sphalerite>
Robinson2: all references to 0x100000 are in reference to x86 models
<sphalerite>
on that page at least
<sphalerite>
AFAICT
<sphalerite>
Robinson2: which payload do you have in your libreboot?
<sphalerite>
depthcharge? Because for depthcharge you'll need to set up the chromium os partition layout where the kernel lives directly in a partition afaik
<Robinson2>
yea i have depthcharge
<Robinson2>
Ah, silly misread. my bad
thc202 has joined #nixos
_rvl has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] etu opened pull request #29694: testssl.sh: init at 2.9.5-1 (master...testssl-sh) https://git.io/vdUvn
NixOS_GitHub has left #nixos []
<fearlessKim[m]>
I read nixops would eventually move to python3 but couldn't find any related brnach ?
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
mudri has joined #nixos
freeman42x has joined #nixos
a6a3uh has joined #nixos
proteusguy has joined #nixos
a6a3uh has quit [(Client Quit)]
<sphalerite>
Robinson2: I think you'll need to use the chromeos setup where you have the kernel living with a config and a signature in its own partition
<srhb>
Basically I have a file that I'd like to xkbcomp -merge file $DISPLAY -- but in a more declarative manner
<sphalerite>
srhb: I'd probably try and get the display manager to run that command
proteusguy has quit [(Ping timeout: 248 seconds)]
a6a3uh has joined #nixos
<srhb>
sphalerite: Yeah, that's what I'm currently doing, but rebuild switch tends to pummel that.
<sphalerite>
srhb: yeah I mean using the declarative config
<sphalerite>
somehow
<srhb>
I don't think that'll pick up on rebuild.
ertes has quit [(Ping timeout: 255 seconds)]
<sphalerite>
which DM are you using?
<srhb>
xmonad
<srhb>
Oh, dm
<srhb>
lightdm
pie_ has joined #nixos
<sphalerite>
oh, I know even less about that one than about other DMs :/
<sphalerite>
just that it's hardcoded to log to the wrong place and that it lives on launchpad >_>
<srhb>
lol, okay, perhaps I should switch. I have no strong opinion on the subject, it's just non-ugly by default.
<srhb>
Any recommendations?
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
freeman42x has quit [(Quit: Leaving)]
freeman42x has joined #nixos
<sphalerite>
I like sddm because it logs to the journal. That's about it as far as its merits I know of go :p
<sphalerite>
but I've just been poking through its source (its documentation is not a strong point, at least not in terms of discoverability) and found that it will run a configurable script on starting the display manager
<sphalerite>
s/display manager/x server/
<etu>
It seems like lightdm has stopped being dead?
<sphalerite>
s/on starting/after starting/
<sphalerite>
so that would be the perfect place to hook into
<sphalerite>
etu: lightdm was dead?
<etu>
Not sure, but one of the popular DM's was considered abandoned for a while afaik
<sphalerite>
I feel like DMs in general don't get much love
nh2 has joined #nixos
<srhb>
sphalerite: I don't follow. Are you suggesting that it is the displaymanagers job to set up the keyboard on log-in?
<Dezgeg>
even suspending or changing virtual consoles affects on some hardware (and other distros than nixos)
<Dezgeg>
and no way around that either than putting it in xorg.conf (or running something like gnome-settings-daemon which listens to those Random Events and resets the layout)
pxc has quit [(Ping timeout: 264 seconds)]
tmaekawa has joined #nixos
joepie91___ is now known as joepie91
erictapen has quit [(Ping timeout: 240 seconds)]
M-berdario has joined #nixos
jellowj has joined #nixos
<sphalerite>
what a mess…
elurin has joined #nixos
nh2 has quit [(Ping timeout: 252 seconds)]
<srhb>
I think I'll try to write up an issue. I think the easiest solution might be to make it possible to generate the corresponding files to variant, layout, etc. and make them choosable in the existing xserver.xkb* settings...
thblt has joined #nixos
<srhb>
It does sound a little messy though, I'm not sure how much of the dependency graph will be affected
<sphalerite>
I don't think it should since xkbDir is already a setting
<srhb>
Hmm. Maybe it's already possible then. If I duplicate the entire xkb dir from xserver-config or whatever it's called, apply my changes to it and refer to that...
kanshazan has joined #nixos
jellowj has quit [(Ping timeout: 260 seconds)]
orivej has joined #nixos
<sphalerite>
yeah that should probably do the trick
nh2 has joined #nixos
abiya has joined #nixos
<abiya>
hi, how do i ignore a failure (exit code 1) in derivation installPhase?
<srhb>
abiya: || true ?
<abiya>
srhb: it worked, thanks!
stanibanani has joined #nixos
abiya has quit [(Quit: Page closed)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to master: https://git.io/vdUJN
<NixOS_GitHub>
nixpkgs/master 35f205a Antoine Eiche: dockerTools.buildImage: Switch to the format image generated by Skopeo...
NixOS_GitHub has left #nixos []
kanshazan has quit [(Ping timeout: 246 seconds)]
kanshazan has joined #nixos
kanshazan has quit [(Client Quit)]
jellowj has joined #nixos
pie__ has quit [(Ping timeout: 252 seconds)]
<fearlessKim[m]>
this looks strange; python is capable of autowrapping programs but lookint at perl programs, it seems to be done manually wiht postInstall = ''wrapProgram --prefix PERL5LIB : $PERL5LIB:$out/lib/perl5/site_perl" . Why not doing as in python ?
<sphalerite>
fearlessKim: there are lots of inconsistencies like that across nixpkgs and usually the reason is that nobody's done it the better way for one of them
<fearlessKim[m]>
sphalerite: ok I asked because I am trying to do the python way for lua and it's really tough
<fearlessKim[m]>
so I thought I would look at some other hooks
<fearlessKim[m]>
to the point I am thinking of going the perl way xD
<sphalerite>
yeah, "it's hard" might also be a reason why it's not done for Perl. There might be some technical reasons too, I don't really know
<fearlessKim[m]>
I am writing a luarocks2nix program and came across the problem when I actually wanted to test the generated packages
andymandias has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
andymandias has joined #nixos
<joepie91>
sphalerite: wondering if it might be worth it to have a 'cleanup' tag, and keep track of oddities like this in the issue tracker
<joepie91>
it seems like something that a meetup/sprint might be useful for
<joepie91>
going through the pile of oddities and solving a lot of them in one go :P
<sphalerite>
I'm integrating a nixos system with an existing LDAP setup. I want users to be able to choose their shells, but they're all set as e.g. /bin/bash in the LDAP database. Is there a nicer solution than symlinking /bin/bash -> /run/current-system/sw/bin/bash for this?
<joepie91>
totally unrelated annoyance: I have *no clue* how I'm supposed to get KDE Telepathy to work
<sphalerite>
fearlessKim: I could try and help you set up a nice way of doing it though!
<sphalerite>
joepie91: I seem to recall it works via d-bus, so you'll probably have to install the necessary backends and then restart your session to get the session bus daemon to pick up the service files
<joepie91>
sphalerite: the problem is that there's no clear indication of what the necessary backends *are*, or what things are responsible for the UI
<joepie91>
there's just a pile of "stuff" in nixpkgs
b has joined #nixos
<sphalerite>
Depends on what you want to do I suppose
<joepie91>
I feel like somebody took the modularity thing a bit too far :P
<joepie91>
sphalerite: anyway, I just want an XMPP client
<joepie91>
with the usual IM client features
<fearlessKim[m]>
sphalerite: what do you mean by help ? doc/code/advice xD ? you can see the current status here: https://github.com/teto/nixpkgs/tree/luafix it doesn't work, for some reason the LUA_PATH/LUA_CPATH variables are not picked up by the lua wrapper
<fearlessKim[m]>
and lua interpreters are not abstracted as in python so I just targeted lua5.2
<sphalerite>
if it all works nicely maybe just installing e.g. telepathy_gabble and restarting the dbus session daemon would be enough to get it working
<sphalerite>
if you're using Plasma
<joepie91>
I am
<joepie91>
sphalerite: how does one reload dbus again without a logoff?
<joepie91>
there was something odd about that
Fare has joined #nixos
<sphalerite>
not sure it's possible, I think sending the daemon HUP might do it but the easiest way is probably just logging off and back on
<sphalerite>
it's what I do ¯\_(ツ)_/¯
<joepie91>
can't really log off atm :P
<joepie91>
meh, will see later
ShalokShalom_ has joined #nixos
nh2 has quit [(Ping timeout: 248 seconds)]
<sphalerite>
"There is no way to cause the D-BUS daemon to reload its configuration file (HUP will not do so). The reason is that changing configuration would break the semantics expected by applications connected to the message bus. Thus, changing configuration would require kicking all apps off the bus; so you may as well just restart the daemon. "
nix-gsc-io`bot has joined #nixos
ShalokShalom has quit [(Ping timeout: 252 seconds)]
takle has quit [(Remote host closed the connection)]
<sphalerite>
maybe you could kill the running one and start a new one listening on the same path. But that could go wrong in various ways
<sphalerite>
fearlessKim: rather a lot to go through, I'm looking at it though
<joepie91>
yeah, this isn't something I really feel like messing with now :)
<joepie91>
telepathy isn't important enough to me to kill a bunch of running tasks
takle has joined #nixos
<joepie91>
generally I have to say I'm unimpressed with the now-increasing amount of "you need to restart your system/session to do X" things
<joepie91>
in Linux-land
<joepie91>
somehow developers seem to have forgotten that systems do multitasking now...
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 2 new commits to master: https://git.io/vdUTH
<NixOS_GitHub>
nixpkgs/master 8bb57bc Daniel Ehlers: radsecproxy: init at 1.6.9
<NixOS_GitHub>
nixpkgs/master 2756fac Joachim F: Merge pull request #29667 from sargon/radsecproxy...
NixOS_GitHub has left #nixos []
<fearlessKim[m]>
sphalerite: I started via copying python hooks then modifying to fit lua. I started understaning a few things afterwards buth didn't have the time to work on it last week
takle has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 11 new commits to release-17.09: https://git.io/vdUT5
<NixOS_GitHub>
nixpkgs/release-17.09 a8120e1 Joachim Fasting: tor: enable parallel building...
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 2 new commits to master: https://git.io/vdUTF
<NixOS_GitHub>
nixpkgs/master 2c5ab79 Mikael Brockman: solc: v0.4.16 -> v0.4.17
<NixOS_GitHub>
nixpkgs/master 6cd2ebc Joachim F: Merge pull request #29674 from dapphub/solc-0-4-17...
NixOS_GitHub has left #nixos []
jtojnar has quit [(Read error: Connection reset by peer)]
jtojnar has joined #nixos
<sphalerite>
meh
<sphalerite>
nixpkgs has more than enough copied code
freeman42x has quit [(Ping timeout: 260 seconds)]
<unlmtd>
im trying velox window manager. I can use ```swc-launch -- velox``` from the tty, and it launches no problem, but other applications seem inaccessible. this is most certainly the wrong way to do it, but what is keeping the compositor from launching applications you think?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 3 new commits to master: https://git.io/vdUkv
<NixOS_GitHub>
nixpkgs/master dbf4d4e Joachim F: Merge pull request #29658 from teto/ctags...
NixOS_GitHub has left #nixos []
orivej has quit [(Ping timeout: 240 seconds)]
orivej has joined #nixos
tmaekawa has quit [(Ping timeout: 240 seconds)]
<sphalerite>
unlmtd: you probably need xwayland
justanotheruser has joined #nixos
<unlmtd>
sphalerite: Im using termite terminal which runs flawlessy on wayland
<sphalerite>
and that doesn't work either?
<unlmtd>
exactly
<sphalerite>
try wrapping velox with `strace -ff -e execve` and see if it provides any useful information
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vdUk2
<NixOS_GitHub>
nixpkgs/master 7c7f8c9 Vladimír Čunát: knot-*: simplify lmdb dependency...
NixOS_GitHub has left #nixos []
<unlmtd>
sphalerite: thanks
<sphalerite>
it might have PATH set wrong or something
<unlmtd>
how should I set PATH on nixos
Neo-- has quit [(Ping timeout: 240 seconds)]
<unlmtd>
or maybe just give it termite's PATH directly prefixed to try?
<unlmtd>
lemme see
jensens has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] ttuegel pushed 3 new commits to staging: https://git.io/vdUkP
<NixOS_GitHub>
nixpkgs/staging eabe2ef Alexander V. Nikolaev: qt5: Fallback to mktemp -d for temporary QT root....
<NixOS_GitHub>
nixpkgs/staging a830aa3 Alexander V. Nikolaev: qt5: Cleanup temporary Qt root on nix-shell exit
<NixOS_GitHub>
nixpkgs/staging 5eb2c7a Thomas Tuegel: Merge pull request #28237 from avnik/qt5-mktemp...
NixOS_GitHub has left #nixos []
acarrico has quit [(Ping timeout: 240 seconds)]
eacameron has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 3 new commits to release-17.09: https://git.io/vdUkN
<NixOS_GitHub>
nixpkgs/release-17.09 ea18f35 Hamish Hutchings: Traefik init at 1.3.8...
<NixOS_GitHub>
nixpkgs/release-17.09 c0f4005 Hamish Hutchings: Change to using source files to build traefik...
<NixOS_GitHub>
nixpkgs/release-17.09 3b2e3df Jörg Thalheim: traefik: link against libc, set build version/codename...
NixOS_GitHub has left #nixos []
<sphalerite>
fearlessKim: did you say somethign about a luarocks2nix?
<fearlessKim[m]>
sphalerite: WIP at https://github.com/teto/luarocks/tree/nix , it's a fork but luarocks plans to support addons, so that could eventually turn into one
<fearlessKim[m]>
it runs as "luarocks convert2nix ~/busted-2.0.rc12-1.rockspec "
FRidh has joined #nixos
<FRidh>
fearlessKim[m]: does the luarocks command do dependency resolution? Looking at a rockspec, it seems they specify dependency constraints.
<FRidh>
fearlessKim[m]: are there any curated package lists based on luarocks, like e.g. stackage for haskell?
<fearlessKim[m]>
so I've written a update-nixpkgs.sh just like the haskell one
<fearlessKim[m]>
FRidh: well luarocks is the client to the luarocks curated list
<fearlessKim[m]>
it's not huge but I guess it's the main lua list available
<FRidh>
fearlessKim[m]: I thought luarocks is more like PyPI, an index of packages offering multiple versions per package
ShalokShalom_ has quit [(Ping timeout: 252 seconds)]
mog has quit [(Ping timeout: 264 seconds)]
mog has joined #nixos
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<fearlessKim[m]>
you could say that I think. I am not a Lua specialist either but a project I am working on use lua
griff_ has joined #nixos
pxc has joined #nixos
a6a3uh has joined #nixos
<Fare>
ahem. I want to define a flag in my configuration and use it in other parts of the configuration, but it says that it can't see it, unless I wrap everything in rec, but then it tells me the option doesn't exist.
<Fare>
how do I define extra local options?
pxc has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Remote host closed the connection)]
<Fare>
as for xinetd, I suppose I gotta extend xinetd.nix
eacameron has quit [(Ping timeout: 264 seconds)]
<Fare>
and add an internalServices option that accepts a list of internal services
freeman42y has quit [(Ping timeout: 252 seconds)]
freeman42x has joined #nixos
freeman42z has quit [(Ping timeout: 240 seconds)]
<sphalerite>
I have a bridge configured via configuration.nix and an interface that attaches to that bridge (created by lxc). Whenever I switch ocnfigurations, the bridge is recreated and the interface isn't reattached. How can I neatly get the interface reattached when the bridge is recreated?
freeman42x has quit [(Ping timeout: 246 seconds)]
freeman42x has joined #nixos
eacameron has joined #nixos
freeman42x has quit [(Remote host closed the connection)]
jensens has quit [(Ping timeout: 240 seconds)]
<eacameron>
I'm using haskell.lib.justStaticExecutables around my web server but the closure size is still huge (500 mb). How can I debug this closure?
<Fare>
oh, no: if I edit xinetd, it means I have to fork nixos. Sigh.
<LnL>
you can get the runtime dependencies by running nix-store -qR for the store path
<Fare>
not hard, but yet some more yak shaving
<eacameron>
LnL: Thanks!
jellowj has joined #nixos
k2s_ has joined #nixos
<LnL>
and then grep -r the output for the paths that shouldn't be there
<Fare>
how in my configuration.nix do I override just xinetd.nix ?
<eacameron>
LnL: arg...it depends on GHC
<eacameron>
That must be the culprit
<tilpner>
Fare - Is it okay to copy xinted related files into /etc/nixos?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to master: https://git.io/vdUqv
<NixOS_GitHub>
nixpkgs/master d6879f9 Robin Gloster: radsecproxy: fix license
NixOS_GitHub has left #nixos []
<Fare>
tilpner, I suppose so, if I figure the incantation for overrides
Sonarpulse has joined #nixos
<tilpner>
Fare - If so, copy <nixpkgs/nixos/modules/services/networking/xinetd.nix> to /etc/nixos, change services.xinetd to services.yourCustomXinetd consistently, then add this new module to the imports in your <nixos-config>
griff_ has quit [(Quit: griff_)]
k2s_ has quit [(Remote host closed the connection)]
<tilpner>
That will not override services.xinetd. Doing that would be a lot harder (not possible AFAIK without a wrapper around nixos-rebuild)
<Fare>
I know how to override packages, but how do I override modules or services?
ibor has joined #nixos
<tilpner>
Do you really need to override it? It's going to be a lot of effort
<Fare>
or just add it
<sphalerite>
unfortunately, you can't really
<tilpner>
Adding your "forked" services.xinetd will be easier
k2s_ has joined #nixos
<Fare>
I still don't understand how I add it
<tilpner>
I described that above
<Fare>
so I copy the file, but how do I refer to it?
<ibor>
Is there a way to override a package in a way that the modified version is used as dependency of other packages in the tree?
<LnL>
are you sure you need to replace the entire module, usually you can customize things by overriding an option
<sphalerite>
LnL: Fare: as for xinetd, I suppose I gotta extend xinetd.nix \n and add an internalServices option that accepts a list of internal services
<ibor>
The dependency (js_of_ocaml) is currently broken (does not build).
phreedom has quit [(Ping timeout: 246 seconds)]
lambdamu_ has quit [(Remote host closed the connection)]
<ibor>
I posted a fix to nixos-devel, but didn't manage to fix is locally.
noobineer has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rvl opened pull request #29695: nixos/release-notes: MySQL declarative users/databases (master...rl-1709-mysql) https://git.io/vdUmn
NixOS_GitHub has left #nixos []
<M-berdario>
fpletz: do you read me?
lambdamu has joined #nixos
noobineer has quit [(Client Quit)]
noobineer1 has joined #nixos
hexa- has quit [(Remote host closed the connection)]
lambdamu has quit [(Read error: Connection reset by peer)]
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<lejonet>
Hmm, what could be the problem if I have nixops deploy whining about not being able to find nixos/modules/profiles/hardened.nix even tho I've verified that it exists in the paths pointed to by NIX_PATH?
<M-berdario>
in particular, stuff which fails due to their dependencies (but whose dependencies aren't exposed) like gcj, is not reported in the github issue
<lejonet>
(I'm using it like this: imports = [ <nixos/modules/profiles/hardened.nix> ] and system.stateVersion = "17.09")
<sphalerite>
lejonet: what does nix-instantiate --eval -E '<nixos/modules/profiles/hardened.nix>' say?
<sphalerite>
or nix-instantiate --find-file nixos/modules/profiles/hardened.nix
elurin has quit [(Ping timeout: 252 seconds)]
<eacameron>
If a module specifies values for environment.systemPackages, does that list get overwritten or is it appended by all modules?
acarrico has joined #nixos
<sphalerite>
eacameron: they're all concatenated
<lejonet>
Both of em fails to find the file :( but I can clearly find the file in /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/profiles/hardened.nix, could it simply be that its only the root user that is on the 17.09 channel and I'm running nixops as my user, which isn't on 17.09 and thus can't find it?
<eacameron>
sphalerite: Sweet. Is that how all lists are merged in modules? Or just this one in particular?
<eacameron>
I'm trying to get the hang of modules...
hexa- has joined #nixos
<lejonet>
(oh, that path I said I could find it in, I got the base path from the NIX_PATH var...)
<sphalerite>
" When multiple modules define an option, NixOS will try to merge the definitions. In the case of environment.systemPackages, that’s easy: the lists of packages can simply be concatenated. The value in configuration.nix is merged last, so for list-type options, it will appear at the end of the merged list. If you want it to appear first, you can use mkBefore: "
<LnL>
no it's the default, but an option can specify a custom apply function
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] cocreature opened pull request #29696: ghcjsHEAD: Bump ghcjs and ghcjs-boot revisions (master...ghcjsHEAD) https://git.io/vdUYe
<pstn>
Corngood: Is it much work for you to update amdgpu-pro to 17.30? I've started doing it but I'd have to redo all your patches. Just replacing in them doesn't cut it. Do you still have the target for them lying around?
proteusguy has joined #nixos
<eacameron>
LnL: Thanks. I thought I had seen that before...
<lejonet>
sphalerite: that command can't even find base.nix, so most likely I'm screwing up the path or something
<eacameron>
But it would be nice to know if, say, the apply function was +. firewall.allowedPorts; (when merging, your ports are all added together for the final port)
<eacameron>
:P
<corngood>
philipp: I actually have a fork with that but I haven't tested it too much
<sphalerite>
lejonet: *derp* it's <nixpkgs/nixos> not <nixos>
<sphalerite>
don't know why I didn't see that before >.>
<lejonet>
sphalerite: AH, that would explain a lot xD
<pstn>
Corngood: Is it somewhere public? I'd test it a litte.
<Infinisil>
lejonet: I mean the ssh default is to just use `whoami` as the ssh user
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fare opened pull request #29699: Xinetd (master...xinetd) https://git.io/vdUYS
NixOS_GitHub has left #nixos []
<Infinisil>
Oh actually you can just ssh `user@example.com` instead
<Infinisil>
no need to use a hosts config even
<lejonet>
Infinisil: so I could set that as targetHost? deployment.targetHost = "derp@herp.machine"; ?
<Infinisil>
Haven't tried that, but it's almost certainly gonna work
<lejonet>
Infinisil: and yeah, the smart thing to do is to figure out what user you are before starting, but not all tools are that smart by default (i.e. ansible assumes the user ansible unless you tell it otherwise etc etc)
<lejonet>
lol nope, it just prepends "root@" it seems
oahong has joined #nixos
oahong has quit [(Changing host)]
oahong has joined #nixos
<Infinisil>
:(
<Infinisil>
But why do you need something other than root?
<pstn>
Corngood: The bot already sent the PR. Building right now.
<lejonet>
isn't all too bloody if I need to use ssh config, as long as it can be done I'm happy :)
<gchristensen>
I think nixops requires root :(
<lejonet>
gchristensen: damnit :(
<Infinisil>
Actually i don't know if ssh config works with this, I thought you used something else, not the nixos config
<lejonet>
I'd very much prefer to not allow ssh into with root at all :(
<gchristensen>
lejonet: I agree
<joepie91>
not sure there's a point to using not-root since it'll need to run arbitrary commands anyway
<pstn>
Corngood: Syntax error. Can I send PRs to your PR?
<corngood>
philipp: comment on there if you have any trouble. The sketchy part is how I did the custom kernel. I'm not sure if that's a good idea
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] woffs opened pull request #29700: youtube-viewer: init at 3.3.0 (master...youtube-viewer) https://git.io/vdUOt
NixOS_GitHub has left #nixos []
<lejonet>
joepie91: yeah, but that is where sudo comes in :D
<gchristensen>
lejonet: it does use an ssh key generated per host, so you can and should disable password login
<joepie91>
lejonet: point being: there's no meaningful difference between being root and being able to run arbitrary stuff with sudo
<joepie91>
for automated things
<joepie91>
people quite overestimate the security benefits of sudo, and the scenarios in which it is applicable
<joepie91>
:P
<lejonet>
joepie91: the thing with not allowing root to login over ssh is a lot more than automated tools, it reduces a lot of common skiddie attacks to a moot point
<joepie91>
lejonet: how does it?
<corngood>
philipp: I just cherry picked it from my branch, so I must have missed something. Post the error on the PR and I'll take a look. You can always send a PR to the source branch on my repo
<lejonet>
joepie91: it doesn't allow root to login, so any attack trying to bruteforce root will fail automatically, regardless
<gchristensen>
requiring they know or guess a different valid account
mt has quit [(Remote host closed the connection)]
<lejonet>
any attempt to pivot into allowing the sshd to allow root to login to ssh is foiled
<joepie91>
lejonet: you solve that by using keypair auth, not by using different usernames :)
<joepie91>
the username is not a credential
<gchristensen>
the other obvious issue is nixops would never pass a security audit using root like this
<lejonet>
joepie91: keypairs aren't the perfect security solution either, but yes, that they added prohibit-password is quite nice
<joepie91>
any approach to security that involves a secret username is inherently flawed because that's not what it's designed to be
<joepie91>
and systems will not treat the username as a secret
mt has joined #nixos
<joepie91>
lejonet: what scenario do you see where keypair auth does not mitigate this scenario?
k2s__ has joined #nixos
<lejonet>
its not the fact that username is supposed to be secret or so at all, its about removing the attack vector all together by simply not allowing any type of attempts to login in as root over ssh :)
<gchristensen>
I believe security must be done in layers and not using root is a thin but valid layer
k2s_ has quit [(Ping timeout: 252 seconds)]
<lejonet>
joepie91: what gchristensen said :P
<lejonet>
It isn't the end all, be all of security, but its a nice step
<joepie91>
multi-faceted security does not mean security theater
<joepie91>
and security theater can in fact *reduce* security
<lejonet>
joepie91: this isn't security theater either
<joepie91>
lejonet: disallowing non-root, which is a form of security through obscurity, absolutely is security theater
<joepie91>
for the reason I already described
<joepie91>
it's just not an effective security measure
<lejonet>
joepie91: you mean disallowing root?
<gchristensen>
globin: ping
<joepie91>
multi-faceted security means you combine multiple *effective* measures, not one effective measure and a bunch of ineffective ones
<joepie91>
lejonet: err, yes, sorry.
acarrico has quit [(Ping timeout: 240 seconds)]
lambdamu has joined #nixos
<joepie91>
[16:30] <lejonet> its not the fact that username is supposed to be secret or so at all, its about removing the attack vector all together by simply not allowing any type of attempts to login in as root over ssh :)
<joepie91>
except it doesn't
<joepie91>
because logging in as the user-that-isn't-root gives you equivalent access
<lejonet>
joepie91: no, its not security theater, its a checkbox that is nice to be able to check, so that you can in log analysis put in a search to flag any login with ssh and root as suspicious and needing investigation directly, instead of having to muddy through a whitelist
<joepie91>
because you can just sudo everything
<joepie91>
lejonet: what?
<joepie91>
what does this have to do with log analysis?
<lejonet>
joepie91: that is a part of security
<joepie91>
what is?
<lejonet>
log analysis
<gchristensen>
let's just finish this by saying "disabling SSH over root is a very common and mandatory feature by security audits and internal security teams" and that alone makes it a valid thing for nixops to support
<joepie91>
okay, but that is not what I asked
<joepie91>
disabling root login just means that you login with a different username that has equivalent access, so how does that make any difference in terms of log analysis?
<gchristensen>
regardless of the true security it provides
<Fare>
... a nix recipe for genera would be great... but it's still proprietary software
acarrico has joined #nixos
<joepie91>
sudo audit logs aren't useful either because if you can do arbitrary sudo you can remove those
<joepie91>
which is the whole point of "don't allow arbitrary sudo"
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] bjornfor pushed 1 new commit to master: https://git.io/vdUO9
<NixOS_GitHub>
nixpkgs/master 3a58e41 Bjørn Forsman: nixos/gitolite: use group 'gitolite' instead of 'nogroup'...
NixOS_GitHub has left #nixos []
<lejonet>
joepie91: I just explained why I personally want to be able to disable root logins over ssh, to make the multi-faceted security easier by easily being able to flag a root login over ssh in other parts of my security, if you agree with that or not I will leave with you :)
phaebz has joined #nixos
<joepie91>
?
<joepie91>
there *is* no root login to flag if you disable root login
<joepie91>
you've just changed the username
<joepie91>
this doesn't add any meaningful data or security
<lejonet>
Exactly, which means that any root login over ssh means you have a bug in your sshd
<lejonet>
which otherwise is hard to find (and its necessary to find such a thing quickly)
teh[m] has joined #nixos
<joepie91>
this is an incredibly unrealistic scenario where there is no reason to assume that your disallowing of a root login will make it less likely to occur undetected
<joepie91>
(or an equivalent exploit)
<lejonet>
That is completely up to you to decide, but lets, like gchristensen said above, just finish this with "lets agree to disagree" :)
<joepie91>
if there is a bug in your SSHd that allows login of otherwise-disallowed accounts, you very likely have a much bigger problem than root logins
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
<joepie91>
like, sure, this might be required by certain audit requirements, and that can be a valid usecase for supporting it... but supporting it for 'security reasons' in the above context would be ludicrous and introduce an amount of complexity that absolutely doesn't warrant the highly obscure and theoretical scenario it may or may not prevent
<joepie91>
in fact, at that point it's more likely that the complexity of sudo support *adds* security issues, than that it solves them
<lejonet>
Infinisil: ssh config doesn't work with it either
<lejonet>
it simply prepends root@
<Infinisil>
Alright them, learned something new
<Infinisil>
but like, how would it run the commands if it's not root
simendsjo has joined #nixos
<lejonet>
that was the next question, if it is smart enough to realize its not root and thus either automatically using fallbacks or requiring the user to specify stuff
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to release-17.09: https://git.io/vdU3m
<NixOS_GitHub>
nixpkgs/release-17.09 23a021d Peter Simons: Revert "nixos: add option for bind to not resolve local queries (#29503)"...
NixOS_GitHub has left #nixos []
<lejonet>
Because unlike root, unless SELinux or similar MAC, sudo can be narrowed down to allowed commands, additional logging and stuff like that
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to master: https://git.io/vdU3Y
<NixOS_GitHub>
nixpkgs/master 99f759d Peter Simons: Revert "nixos: add option for bind to not resolve local queries (#29503)"...
<lejonet>
pstn: one of the bigger patrs of using a elevation mechanism is the possibility of making the amount of time with elevated privs to a minimum
<lejonet>
parts*
nix-gsc-io`bot has joined #nixos
<lejonet>
and to be able to police that usage more refined than limiting a whole user :)
<globin>
gchristensen: no, but the case that I'd might want to see only the bot notifications holds :)
<gchristensen>
globin: OH so a _second_ channel where these messages go?
<globin>
gchristensen: yes :)
noobineer2 has joined #nixos
<lejonet>
pstn: what is it that you deem I've been informed about for the first time today? :)
<gchristensen>
globin: that fits very nicely in to my ~evil schemes~
<pstn>
lejonet: I thought about the caps system, but I might just have missunderstood your message.
<lejonet>
pstn: fair enough, but no, I've know about the caps system, and played around with it, for quite some time ^^
<pstn>
lejonet: Unlucky ^^
<lejonet>
I was very happy with the transition that has been ongoing the past 5-6 years of atleast getting suid/sgid binaries to use caps instead, like ping
thblt has quit [(Ping timeout: 240 seconds)]
<lejonet>
s/I was/I am/
<symphorien>
ah, according to the arch wiki, "Note: SLiM no longer supports a 'default' session where multiple sessions have been enabled. "
jtojnar has quit [(Read error: Connection reset by peer)]
jtojnar has joined #nixos
<Infinisil>
(F1 does nothing for me)
<Infinisil>
never heard of that
<Fare>
where are X11 fonts on NixOS?
<Infinisil>
soo, would it make sense to have 2 sessions for work and private? Because I kinda need this. Or would I get into some annoying problems with it
<M-berdario>
Dezgeg: ok, I found maintainers/scripts/hydra-eval-failures.py
<symphorien>
Infinisil: what display manager are you using ?
<M-berdario>
and I updated the script to also print "Dependency failed" builds
acarrico has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rvl opened pull request #29703: mysqlBackup service: Grant privileges to backup user (master...mysql-backup-privileges) https://git.io/vdUGi
<symphorien>
but long story short you can enable as many {desktop,window}-manager as you want, and somehow, you display manager should let you choose any of those
<JoJoen>
hmm ssh-add cant get a connection to ssh-agent? How do i configure this?
<Infinisil>
Ah, I just saw from sddm's github page that you can select a session in the top left, in the screenshot: https://github.com/sddm/sddm
<symphorien>
there is no specific trouble to be expected
<Infinisil>
I've never actually seen this login page though, because I enabled autologin
<symphorien>
except if some programs you use need a different conf depending on the session (I'm thinking at starting nm-applet manually or not, and so on)
<symphorien>
ah this is incompatible
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti pushed 1 new commit to release-17.09: https://git.io/vdUZU
<NixOS_GitHub>
nixpkgs/release-17.09 bfbbfa0 Peter Simons: yi: mark builds broken...
NixOS_GitHub has left #nixos []
<JoJoen>
oh, it's a fish - posix kinda things.
erictapen has quit [(Ping timeout: 240 seconds)]
acarrico has quit [(Ping timeout: 255 seconds)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
<Infinisil>
Well I could just set some env vars or so for havign different behaviour for different sessions
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
<sphalerite>
Infinisil: for work/play separation I'd use separate user accounts instead
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
<Infinisil>
Hmm
<symphorien>
Infinisil: those env var already exist : XDG_SESSION_DESKTOP=xfce+i3
<Infinisil>
Ahh
<Infinisil>
isn't set for me currently though
<Infinisil>
what I really need I guess is a user hierarchy, where user P (for private stuff) has access to all stuff of user N (non-private), but not the other way
<sphalerite>
so P = NP? :p
<Infinisil>
I'm always excited to be able to use P and N as variables xD
<Fare>
sphalerite, P=NP, but through a polynomial of degree 2^2^2^1000
civodul has joined #nixos
<Fare>
P=NP because I posit N=1
<Fare>
or P=0
<sphalerite>
Infinisil: I have a user called steam that runs any proprietary software and my main user "linus" which has sudo and all my projects and stuff
<Infinisil>
since most answers in mathematics are either 0, 1 or pi, I believe you
<sphalerite>
Infinisil: and I have /home/steam set world-readable
eacamero_ has joined #nixos
<symphorien>
Infinisil: you can put the private user in the group of the non-private one
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] teh opened pull request #29705: Release 17.09 (release-17.09...release-17.09) https://git.io/vdUZK
NixOS_GitHub has left #nixos []
<sphalerite>
and use sudo to access stuff that I still can't reach
<Infinisil>
Hmm, I'll think about it some more. I guess I can make it work with the permissions via unix groups or so
<sphalerite>
(sorry, repeat of my earlier question) I'm integrating a nixos system with an existing LDAP setup. I want users to be able to choose their shells, but they're all set as e.g. /bin/bash in the LDAP database. Is there a nicer solution than symlinking /bin/bash -> /run/current-system/sw/bin/bash for this?
<sphalerite>
Infinisil: no, because then you can't log into the debian servers any more
griff_ has joined #nixos
<Infinisil>
And chsh doesn't work for me, errors with Cannot change ID to root (not invoking it with sude either)
griff_ has quit [(Client Quit)]
<Fare>
Wow. Is there a way to disable CAPS LOCK from the command-line? Looks like mine is stuck.
<sphalerite>
Infinisil: do you have mutableUsers set to false?
<symphorien>
Fare: in a tty, setleds I think
<Infinisil>
sphalerite: Nope
<Infinisil>
sphalerite: Does chsh work for you?
Acou_Bass is now known as eddie
<sphalerite>
Infinisil: nope. It should probably have a setuid wrapper like passwd so it can edit /etc/passwd
eddie is now known as Guest61586
sigmundv has quit [(Ping timeout: 240 seconds)]
<Fare>
symphorien, in X. I used xkbset nullify lock to cope with it.
<Fare>
In other news, I'm looking for an NFS2 server, because genera can't talk to NFS 3 or 4.
Guest61586 is now known as Acou_Bass
<Infinisil>
Maybe an old nixpkgs version has it
phaebz has quit [(Ping timeout: 246 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to master: https://git.io/vdUnX
<NixOS_GitHub>
nixpkgs/master 08b09fd Robin Gloster: fanctl, fan module: remove...
NixOS_GitHub has left #nixos []
<Fare>
resurrecting old software is hard :-/
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to release-17.09: https://git.io/vdUny
<NixOS_GitHub>
nixpkgs/release-17.09 5825331 Robin Gloster: fanctl, fan module: remove...
NixOS_GitHub has left #nixos []
<Infinisil>
In theory nixpkgs should make this easy, right?
ibor has quit [(Ping timeout: 240 seconds)]
<gchristensen>
I checked out 15.09 and built emacs okay
<gchristensen>
actually no, I got it from the binary cache :D
lambdamu has quit [(Remote host closed the connection)]
Itkovian has joined #nixos
<Infinisil>
Trying to build emacs on 15.09 now, first with cache, then without
<gchristensen>
same
<Fare>
or maybe the server is not running? rpcinfo -p localhost shows the portmapper and status but not nfs
<gchristensen>
it built :)
mudri has quit [(Ping timeout: 260 seconds)]
<Infinisil>
No idea about nfs, will want to use it eventually when I put nixos on my other machine
<Infinisil>
gchristensen: Nice. My network is so slow I didn't even get to the cached version
lambdamu has joined #nixos
noobineer2 has quit [(Quit: Leaving)]
noobineer2 has joined #nixos
noobineer2 has quit [(Remote host closed the connection)]
<Fare>
ok, I removed the hostName = option from configuration.nix and now I can see the nfs service using rpcinfo -p localhost... but nfs is 3 or 4, not 2 :-(
noobineer2 has joined #nixos
noobineer2 has quit [(Remote host closed the connection)]
<eacamero_>
cc clever: During the check phase of a haskell build, is it possible to get the path to a ghc-pkg that includes the haskell library under test?
<Fare>
I see in man nfsd that it has an option vers2... but not reflected in nfsd.nix
<Fare>
sigh
Wizek_ has joined #nixos
stanibanani has joined #nixos
mortum5 has joined #nixos
jellowj has joined #nixos
Wizek_ has quit [(Ping timeout: 240 seconds)]
mudri has joined #nixos
pxc has joined #nixos
endformationage has joined #nixos
_rvl has quit [(Quit: Leaving)]
_rvl has joined #nixos
pxc has quit [(Ping timeout: 240 seconds)]
<pstn>
Is there a package in nixos that does anything with opencl and has a good debug output?
<pstn>
I just want to ensure functionality, not actually do anything usefull.
bennofs has joined #nixos
justanotheruser has quit [(Ping timeout: 252 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<rotaerk>
sphalerite, can use it without nixos; might have trouble using it without a CPU though
<sphalerite>
:p
<lejonet>
sphalerite: if you're really good at parsing and executing machine code, you might be able to be the CPU ;)
<lejonet>
question is if you're fast enough tho... :P
<sphalerite>
rotaerk: I meant if I can use nixos without a CPU :p
<sphalerite>
lejonet: nah it's probably easier to use nixos with a broken CPU than to do all the computations myself :D
<jcarr>
Well what's your definition of use?
<lejonet>
sphalerite: fair enough xD
<sphalerite>
jcarr: good point! I suppose admiring the shininess of the installation CD is one way of using it for instance
<pstn>
sphalerite: That really depends: How fast can you compute by hand?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] gnidorah opened pull request #29706: termite: fix fonts in wayland (master...wayland) https://git.io/vdUWR
NixOS_GitHub has left #nixos []
<sphalerite>
philipp: but if I'm doing it then I'm the CPU really, no?
a6a3uh has joined #nixos
<pstn>
sphalerite: Eeasy: Just make sure you are nowhere central.
mudri has quit [(Ping timeout: 264 seconds)]
<sphalerite>
philipp: but if I'm talking to the RAM and stuff wouldn't I still be central functionally?
jcarr has quit [(Ping timeout: 240 seconds)]
<gchristensen>
who is philipp?
<pstn>
gchristensen: That's me. Different name when you see me from IRC or Matrix. It's a bit strange but I can't change it for now...
<gchristensen>
ah
<gchristensen>
some of these attributes about the matrix bridge makes it feel a bit like adversarial "marketing." make it uncomfortable for IRc users interacting with matrix users, and more comfortable to use matrix to get more users
<pstn>
I get both mentions though at least.
<gchristensen>
see also the tapping an IRC person puts "username (IRC)" as the auto-complete
<gchristensen>
this is all just my own thinking, not sure it is really true of course. I generally like matrix
<lejonet>
Well this is interesting, why does nixops even bother with generating a ssh keypair if its not going to use it when trying to deploy? xD
<gchristensen>
lejonet: it definitely should use it on deploy
<gchristensen>
it does for me
<pstn>
gchristensen: I think it has more to do with the general alpha-ness of matrix and the team that has to handle many different problems.
<LnL>
what's the advantage of matrix compared to a znc setup or something?
shlevy has quit [(Ping timeout: 255 seconds)]
<gchristensen>
pstn: that sounds like a much more charitable and likely explanation :)
shlevy has joined #nixos
<gchristensen>
LnL: I like the long messages, read receipts, encrypted chats, group messaging without making a channel, having to accept invitations to chat vs. out-of-the-blue PMs
<gchristensen>
sending photos is cool
<LnL>
well sure, but most of that only works if everybody uses it right?
mog has quit [(Ping timeout: 240 seconds)]
<sphalerite>
and history
<lejonet>
gchristensen: my nixops doesn't seem to understand that xD I've verified that it works outside of nixops, by taking the privkey from the state db and doing ssh -i <key> root@<target>
<gchristensen>
LnL: read receipts, encrypted chats, group messages yes
<lejonet>
(I've ofc manually copied the pubkey to .ssh/authorized_keys of root at the target)
eacameron has joined #nixos
<clever>
lejonet: ive found that nixops will accept help from the ssh agent
<gchristensen>
lejonet: oh if you've had to manualy copy the pubkey over it seems it is still trying to place the public key on the host
<clever>
lejonet: but because nixops passes a -i flag, it wont be able to use the ~/.ssh/id_rsa
<gchristensen>
so it is trying to use your SSH key for the first time? not 100% I have this right, but maybe
<gchristensen>
LnL: but I have a few people I talk to regularly on matrix only
eacamero_ has quit [(Ping timeout: 246 seconds)]
<lejonet>
I'm unsure how it is trying to access the host in the first place, I've not managed to get out what it is trying to do explicitly to figure out where its going wrong :P
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] risicle opened pull request #29707: python.pkgs.python-gnupg: disable failing test test_search_keys (master...ris-python-gnupg-test-fix) https://git.io/vdUlG
NixOS_GitHub has left #nixos []
<lejonet>
clever: you mean like automatically adding the keys it generates to the agent and such?
<clever>
lejonet: which command is failing, and have you sucessfully done a deploy?
mog has joined #nixos
<lejonet>
I've never managed to do a deploy, I'm trying to get a deploy to work at all xD
<pstn>
And multi device support is a great feature of matrix for my use cases.
<sphalerite>
^
<clever>
lejonet: what does "ssh-add -l" say?
<lejonet>
clever: it'll say that the agent isn't running, because it isn't
<gchristensen>
matrix is _much_ easier to use than znc
<clever>
lejonet: then fire up ssh-agent, and run ssh-add on a key that can access the machine
<gchristensen>
I prefer screen + weechat over znc or matrix, but use matrix when I'm mobile
<lejonet>
clever: this is made so much more complicated by the fact that my qemu setup is screwing around, making it hard for me to ssh into the vm with nixos I'm trying to use as the host for nixops :P
hotfuzz_ is now known as hotfuzz
<clever>
gchristensen: i run irssi under screen, and its configured to save logs, and i never shut off that machine
<gchristensen>
same, but weechat
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ericson2314 opened pull request #29708: ghc prebuilt: Normalize style without changing hashes (master...ghc-prebuilt-indent) https://git.io/vdUl4
<NixOS_GitHub>
[nixpkgs] Ericson2314 pushed 5 new commits to master: https://git.io/vdUl2
<NixOS_GitHub>
nixpkgs/master d72647b John Ericson: ghc-6.10.2-binary: Remove dead Darwin code...
<NixOS_GitHub>
nixpkgs/master 17de435 John Ericson: ghc prebuilt: Don't hardcode the version in a few more places...
<NixOS_GitHub>
nixpkgs/master a8ef3f6 John Ericson: ghc prebuilt: Clean up syntax, without changes hashes...
NixOS_GitHub has left #nixos []
<LnL>
was just wondering since a quite a bunch of people are using it
<gchristensen>
LnL: I'd say give it a try :)
justanotheruser has joined #nixos
<LnL>
maybe sometime
<lejonet>
clever: so basically what it tries to do is bootstrap its own key with either one of the ones it can fetch from the agent or ask for a password from the user?
<gchristensen>
a big reason I use it is to give them better numbers so maybe projects will pick it over slack
<clever>
lejonet: yeah
<lejonet>
clever: would be nice if that was documented, I would've saved a loot of time today then xD
<clever>
lejonet: and it will then put its own key into /etc/ssh/authorized_keys.d/root
mog has quit [(Ping timeout: 260 seconds)]
<sphalerite>
What's also nice (although it doesn't work that well with IRC bridges and can be annoying sometimes) is the markdown thing
<sphalerite>
gchristensen: ++
<gchristensen>
yeah markdown is cool
hotfuzz has quit [(Quit: WeeChat 1.7.1)]
nh2 has joined #nixos
<sphalerite>
except when you want to write ¯\_(ツ)/¯ and it comes out as ¯_(ツ)/¯
<sphalerite>
ah bugger it came out wrong (there's my point proving itself)
mog has joined #nixos
<gchristensen>
hahaha yeah
<lejonet>
clever: I guess this wouldn't have been a problem if I didn't run nixos in its own VM aka nixos was my host platform, because most likely my SSH keys and such would then already be read into the agent and such
<gchristensen>
lejonet: hard to know, I've seen people have troubles with this before
<clever>
lejonet: you can also use "ssh -A user@nixosvm"
<clever>
lejonet: that will forward the agent onward, so the vm can access the agent you used to get into it
<sphalerite>
resizing a previously 917G ext4fs with 745G used to 800G takes a long time :(
hotfuzz has joined #nixos
<lejonet>
clever: that I know, there is only 2 problems with that with my setup: 1. qemu, bridges and such is making my life hard, by intermittently dropping all traffic to the VM in question (I can even see all the traffic on the bridge, but its not being delivered to the VM...) which means I can't really ssh to the VM to do all this and 2. I use a yubikey mainly, so its a bit trickier to forward the agent, even tho
<lejonet>
socket forwarding sometimes work :P
<lejonet>
gchristensen: Mhm
<lejonet>
and look at that, something decided to drop the VMs traffic again, in the middle of the deploy lol xD
<gchristensen>
good thing nixos is atomic
<lejonet>
Mhm
<lejonet>
its just so frustrating because I'm using virtio, and the other machine I've got running with virtio has no problems with it, the firewall has FORWARD policy set to accept etc etc
Itkovian has joined #nixos
<gchristensen>
:/
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ericson2314 pushed 1 new commit to staging: https://git.io/vdU8I
<NixOS_GitHub>
nixpkgs/staging ff88f79 John Ericson: Merge master-merged PR #29708 into staging
NixOS_GitHub has left #nixos []
<gchristensen>
that does suck, I don't know why that is happening
<clever>
lejonet: the FORWARD policy is only for use when its acting as a gateway
<lejonet>
me neither, maybe I should just setup openvswitch... xD
<sphalerite>
Your host OS isn't nixos so it's probably its fault 😉
iyzsong has quit [(Ping timeout: 252 seconds)]
<lejonet>
clever: very true, but when the bridge is connected to the physical interface, that can become a problem as the host technically is acting as a gw, at a physical layer atleast and thus, if you don't do a setting, iptables get referenced
<clever>
lejonet: ah, i had also ran into some weird problems with bridging, where the vm couldnt receive traffic from the host, but it could talk to anything else
nix-gsc-io`bot has quit [(Client Quit)]
<lejonet>
and now that I wrote that, I do remember that there is a fancy sysctl to tell it to not forward the traffic from a bridge to iptables
<gchristensen>
hydra is running well these days ...
<clever>
lejonet: linux doesnt set the packet checksum when sending packets out (in certain conditions)
<lejonet>
clever: oh?
<clever>
lejonet: and the bridge then sends packets with an invalid checksum to the guests
<sphalerite>
oh yeah I remember having fun with that stuff
<clever>
lejonet: but when it sends it out the real card, the checksum accel in the hardware fills in the blank
<clever>
but packets coming in from the real workd already have a checksum
<lejonet>
clever: which will make the guest drop it
<clever>
yeah
<sphalerite>
Oh yeah, is it hard to migrate an lxc container to nspawn?
<lejonet>
clever: you'd think that would be logged somewhere but nooooo :P
<lejonet>
now to figure out what that sysctl was called... :P
<clever>
lejonet: in the case i saw, it was hans and halvm as the guest
<sphalerite>
wait philipp why can't you change your irc name?
<lejonet>
clever: never heard of those :P
acarrico has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<pstn>
sphalerite: Not a technical problem, would just be a hassle with a few channels.
<sphalerite>
ah right
frankpf has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to master: https://git.io/vdU8E
<NixOS_GitHub>
nixpkgs/master 8d00191 Michael Raskin: asymptote: do not install sty-files, let texlive care of it...
NixOS_GitHub has left #nixos []
frankpf has quit [(Client Quit)]
frankpf has joined #nixos
Neo-- has joined #nixos
kuznero has joined #nixos
Fare has quit [(Ping timeout: 252 seconds)]
<lejonet>
clever: the annoying part is that the error I get is "Connection refused", not just a blackhole that never responds, so SOMETHING is actively rejecting the connections
<lejonet>
and I've ofc made sure that dport 22 is allowed in the VMs firewall
sary has quit [(Ping timeout: 240 seconds)]
<lejonet>
I guess I could just as well turn off the firewall on the VM and try that
<clever>
lejonet: at this point, i would point a tcpdump at every interface in the path, and see where the RST packet came from
<clever>
the nixos firewall doesnt block with refused, and it always allows 22 for safety
<lejonet>
clever: Mhm, I've pointed tcpdump at the bridge that connects the physical interface, but not the one that I think virtio creates for the veth pair
Fare has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] chrisrosset opened pull request #29710: ephem: init at 3.7.6.0 (master...python-ephem) https://git.io/vdU87
NixOS_GitHub has left #nixos []
<lejonet>
clever: yeah, it blocks with just dropping it
tnks has quit [(Ping timeout: 240 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to release-17.03: https://git.io/vdU4v
<NixOS_GitHub>
nixpkgs/release-17.03 3d04a55 Michael Raskin: asymptote: do not install sty-files, let texlive care of it...
NixOS_GitHub has left #nixos []
<lejonet>
its kindof annoying that it creates a slirp interface, even tho I have -net none to remove that :P
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to release-17.09: https://git.io/vdU4U
<NixOS_GitHub>
nixpkgs/release-17.09 81e4fbe Michael Raskin: asymptote: do not install sty-files, let texlive care of it...
NixOS_GitHub has left #nixos []
Ivanych has quit [(Ping timeout: 260 seconds)]
<lejonet>
O.o tcpdump says its the VM sending the RST
Ivanych has joined #nixos
Fare has quit [(Ping timeout: 264 seconds)]
sary has joined #nixos
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<lejonet>
oh no, its this issue again... I never found the real root cause for this -.- pinging the VM gives a cyclic nature of added latency that goes down with subsequent pings, until it rearches a few 10s of ms, then it restarts at a high latency value (usually >500 ms)
ersran9_ has joined #nixos
<lejonet>
but this time the VM isn't just "slow" when SSHing, SSH is actively rejected -.-
<lejonet>
sorry for the spam, I'm gonna go and eat instead xD
erictapen has quit [(Remote host closed the connection)]
dustmote has joined #nixos
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
Neo-- has quit [(Ping timeout: 264 seconds)]
ersran9 has quit [(Ping timeout: 260 seconds)]
orivej has quit [(Ping timeout: 240 seconds)]
dustmote has quit [(Client Quit)]
<qz>
are there any differences between doing nix-build and nix-env -i package when it comes to build process?
<sphalerite>
Robinson2: have you been fiddling with the chromebook at all? If so, any luck?
<sphalerite>
qz: depends on the exact commands you're invoking, but globally no
a6a3uh has joined #nixos
athan has quit [(Ping timeout: 240 seconds)]
<qz>
sphalerite: first command: nix-build '<nixpkgs>' -A haskellPackages.jailbreak-cabal and second one nix-env -i jailbreak-cabal and i somehow get two different derivations
ibor has joined #nixos
<qz>
/nix/store/4mw2kdh7l53ckx386ya4pbap6as6cvz3-jailbreak-cabal-1.3.2.drv is from nix-env and /nix/store/3p6b52zsqb1x4av7fwlmyv84anplgn6b-jailbreak-cabal-1.3.2.drv from nix-build
justanotheruser has quit [(Ping timeout: 252 seconds)]
<sphalerite>
qz: -i without -A takes long and will often yield unexpected results. Use nix-env -f '<nixpkgs>' -iA haskellPackages.jailbreak-cabal
<sphalerite>
That should get you the same one
oida_ has quit [(Quit: WeeChat 1.7.1)]
<kiloreux>
Assuming I mount /nix/ and ~/.nix-profile into docker container as volumes. How can I use them or set them up to be able to use binaries fully inside the docker container?
riclima has quit [(Quit: riclima)]
obadz- has quit [(Ping timeout: 260 seconds)]
<qz>
sphalerite: cool, that worked same way as nix-build. what are differences though? manual does not warn against using -i
<sphalerite>
qz: without -A, -i evaluates all of nixpkgs and looks for a package whose name matches what you give on the command line
jb55 has quit [(Ping timeout: 240 seconds)]
<sphalerite>
(the evaluation of everything is what makes it take long)
<sphalerite>
There are some rules to the searching but it's not very predictable
immix has joined #nixos
<sphalerite>
whereas with -A you're specifying an attribute path, which means that it knows exactly what you want
jellowj has quit [(Ping timeout: 246 seconds)]
<qz>
sphalerite: so it takes wrong package (there are several jailbreak-cabal?)
<sphalerite>
yes, there must be somehow. I don't know exactly what the difference is, you could try comparing the contents of the drvs to find out, if you care
kuznero has quit [(Remote host closed the connection)]
<immix>
sorry
<immix>
how can I change the time zone
<immix>
nixos
Itkovian has joined #nixos
<sphalerite>
immix: set the time.timeZone option
<sphalerite>
Or if you're on 17.09 or unstable I think you can use timedatectl
<immix>
I am new user Nixos
oida has joined #nixos
a6a3uh has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<sphalerite>
Edit /etc/nixos/configuration.nix, if you installed nixos normally it should even be there, possibly commented out (I can't remember)
<immix>
exactly where am I supposed to make the change
oida has quit [(Client Quit)]
<sphalerite>
once you've done that, use nixos-rebuild switch to apply the change
oida has joined #nixos
<immix>
timedatectl set-timezone not supportted Nixos
oida has quit [(Client Quit)]
oida has joined #nixos
<sphalerite>
Yeah, then you'll want to set the time.timeZone option
<sphalerite>
I changed it so it is supported, but the change isn't in nixos 17.03, it'll be in the next release
leat has joined #nixos
<qz>
looks like nix-env ignores NIX_PATH setting. is this intended?
<rnhmjoj[m]>
how is the nix cli redesign progressing?
<qz>
what's preferred way to upgrade to nix from master? if i use default installation script nix binaries sit in nix store, but if i build it from source it gets NIX_DATA_DIR and other settings wrong
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 2 new commits to master: https://git.io/vdURt
leothrix has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
orivej has joined #nixos
ryanarte_ has joined #nixos
pie__ has quit [(Read error: Connection reset by peer)]
pie__ has joined #nixos
nickels has joined #nixos
bigs has left #nixos []
Acou_Bass is now known as eddie
blawiz has joined #nixos
eddie is now known as Guest7781
<blawiz>
i have nix package manager on debian stretch, how usual is it that binaries installed wont run? seem qutebrowser doesnt run
<nickels>
hi everyone. i'm trying to install nix. I used gdisk as usual, and it reports what I told it: an EFI boot, a swap, a root, and a home partition; it shows these as sda1-4. However, lsblk shows sda1 as 1G, and sda2 as an LVM with swap, root, and home partitions each of different sizes than I'd specified in gdisk. Am I missing something?
erictapen has quit [(Remote host closed the connection)]
<sphalerite>
I've heard legends of blacklisting kernel modules via kernel command line parameters, but never found an incantation that actually works. Can anyone confirm/deny these rumours and show me the way?
<kiloreux>
Assuming I mount /nix/ and ~/.nix-profile into docker container as volumes. How can I use them or set them up to be able to use binaries fully inside the docker container?
<joepie91>
that's what I used for blacklisting amdgpu
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fare opened pull request #29717: nfsd: add extraNfsdConfig (master...nfsd) https://git.io/vdU2p
NixOS_GitHub has left #nixos []
kkini has quit [(Remote host closed the connection)]
kkini has joined #nixos
<sphalerite>
slyfox: that did the trick thanks
<sphalerite>
joepie91: not helpful because I didn't have any working system generations
<joepie91>
ah.
pxc has quit [(Ping timeout: 240 seconds)]
<joepie91>
sphalerite: fwiw you can always boot into a NixOS CD/thumbdrive, mount your existing system, modify the config, and run a nixos-install
<joepie91>
which, with the right flags, is equivalent to a rebuild of that system
<sphalerite>
True, but that's even more of a pain :p
<joepie91>
well, depends on how bork things are :P
<Fare>
problems... because I had checkout the wrong branch of nixpkgs without my usual stuff (while publishing patches for upstream)
nh2 has quit [(Quit: Leaving.)]
mkoenig has joined #nixos
<nickels>
spalerite: That's what I'd think, and that's what gdisk thinks, but the Nix kernel is showing /dev/sda, /dev/sda1, and /dev/sda2.... Guess I'll try the 'ol failsafe: restarting :p
blawiz has quit [(Quit: Lost terminal)]
rardiol has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 2 new commits to master: https://git.io/vdUa2
<NixOS_GitHub>
nixpkgs/master bb02b80 Daiderd Jordan: darwin-frameworks: add impure version of CoreFoundation
<NixOS_GitHub>
nixpkgs/master 7d98316 Daiderd Jordan: libjack2: fix darwin build
NixOS_GitHub has left #nixos []
nickels has quit [(Ping timeout: 260 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 2 new commits to release-17.09: https://git.io/vdUaw
<NixOS_GitHub>
nixpkgs/release-17.09 cb78d96 Daiderd Jordan: darwin-frameworks: add impure version of CoreFoundation...
<NixOS_GitHub>
nixpkgs/release-17.09 5a59b45 Daiderd Jordan: libjack2: fix darwin build...
NixOS_GitHub has left #nixos []
erictapen has quit [(Remote host closed the connection)]
Ivanych has quit [(Ping timeout: 252 seconds)]
nickels has joined #nixos
erictapen has joined #nixos
Mateon3 has joined #nixos
<nickels>
FYI so that if anyone else asks, the incorrect listing of /dev/sda as lvm by lsblk for non-lvm partitions created by gdisk WAS remedied by simply restarting; on reboot of Nix live disk, lsblk correctly shows /dev/sda* as created in gdisk.
Mateon1 has quit [(Ping timeout: 260 seconds)]
Mateon3 is now known as Mateon1
kiloreux has quit [(Ping timeout: 252 seconds)]
nickels has quit [(Quit: Page closed)]
rardiol has quit [(Ping timeout: 252 seconds)]
oida has quit [(Ping timeout: 248 seconds)]
erictapen has quit [(Ping timeout: 252 seconds)]
rardiol has joined #nixos
kakashiAL has joined #nixos
Wizek_ has quit [(Ping timeout: 260 seconds)]
<eacameron>
When writing a custom module, do I need to make it a top-level option on config? Like myModule.options = {}. Or is it possible to add it to, say, services: services.myModule.options = {...} ?
FRidh has quit [(Quit: Konversation terminated!)]
<eacameron>
er...options.myModule
<gchristensen>
our rabbitmq module has a hilarious bug, where you can only ever start it once :) echo -n "foo" > /var/lib/rabbitmq/.erlang.cookie; chmod 400 /var/lib/rabbitmq/.erlang.cookie
<LnL>
heh
<LnL>
eacameron: you can just define services.myModule.foo in the options
<eacameron>
LnL: Oh very cool
<eacameron>
Modules are amazing.
<eacameron>
I am just now learning how they work.
<eacameron>
Fantastic design.
<LnL>
yeah never really looked at them before I made nix-darwin
<LnL>
but I like how it works for the most part
<sphalerite>
Is there a way to set the primary monitor using nixos config? xrandrHeads allows me to set the positioning, but I don't see a way to set the primary one
phaebz has joined #nixos
<woffs>
Am I right when I see that firefox gets rebuilt for enabling a plugin via config?
<gchristensen>
how long does the perceived rebuild take, woffs?
<woffs>
I guess half an hour
<gchristensen>
wow
<johnw>
whoa
<LnL>
euh
<LnL>
isn't there some kind of wrapper for the plugins?
<woffs>
that is my question :-)
<woffs>
I set nixpkgs.config.firefox.icedtea = true
rardiol has quit [(Ping timeout: 240 seconds)]
<sphalerite>
yeah it shouldn't need to rebuild firefox…
<sphalerite>
Oh wait no I think it uses an older version if you enable icedTea
<woffs>
Don't know if this is the right way to get firefox and icedtea together. NB, I'm also setting override icedtea_web = pkgs.icedtea7_web
<gchristensen>
anyone around familiar with rabbitmq + nixos? cc offlinehacker[m] pstn
<gchristensen>
pSub: ^
<pstn>
Nope
oida has joined #nixos
<woffs>
sorry, I'm talking of firefox-esr (because I think only esr handles icedtea). Ah, maybe it changes compile flags then. I'll read the code
<sphalerite>
Is there a way to get all the standard KDE applications along with plasma, rather than just the fairly minimal setup you get by enabling services.xserver.desktopManager.plasma5.enable?
<kuznero>
gchristensen: only rabbit
<gchristensen>
hm, okay
<gchristensen>
I'm trying to setup rabbitmq with the management plugin and nixos' module seems unable to do that
<LnL>
not rabbitmq, but I've configured other erlang based services before
<kuznero>
management plugin is built-in, it just needs to be enabled in the config as far as I remember
<gchristensen>
I have RABBITMQ_ENABLED_PLUGINS_FILE=/nix/store/vdqp0x0lw64cdcn31n80gy1qn9ddhsml-enabled_plugins set in the environment on startup, and the file contains [ rabbitmq_management ].
Guest7781 is now known as Acou_Bass
andi- has quit [(Remote host closed the connection)]
<gchristensen>
I suspect journald's suppression of 50 lines is hurting me here. I wonder if I can turn that off
andi- has joined #nixos
<kuznero>
gchristensen: but there is no reference to management plugin in rabbitmq service definition in nixpkgs (if I am not missing anything). How did you add management plugin to it?
stanibanani has quit [(Ping timeout: 248 seconds)]
<kuznero>
gchristensen: taking into account that there are 2 distinct docker images on hub.docker.com, I would assume it does not come pre-installed
<gchristensen>
kuznero: /nix/store/r794f61b7whzjy0f2d0s32ws463jfdys-rabbitmq-server-3.6.10/plugins/rabbitmq_management-3.6.10.ez does exist
Fare has quit [(Ping timeout: 240 seconds)]
<gchristensen>
(which is at, relative to the rabbitmq executable: ../plugins/ )
<kuznero>
gchristensen: then it should work, then LnL is right - it is probably about config then?
freeman42y has joined #nixos
<gchristensen>
LnL: but I think it still needs to be enabled?
<gchristensen>
I'll disable it and see :)
glenn has joined #nixos
<LnL>
also: It is important that effective RabbitMQ user has sufficient permissions to read, write and create this file at any time.
<gchristensen>
yeah, my config without enabling the plugin doesn't hurt anything but it doesn't enable the plugin "Server startup complete; 0 plugins started." and it isn't listening on the management port
<LnL>
but that might just be if you want the enable-plugin commands to work
<gchristensen>
maybe you'd both join me in #rabbitmq? :)
freeman42x has quit [(Ping timeout: 240 seconds)]
<bachp>
What's the best way to check if an element is present in a list? Until now I found `builtins.any` that could be used. Is there another way?
<gchristensen>
(I don't really need to spam #nixos with rabbitmq stuff)
justanotheruser has quit [(Ping timeout: 252 seconds)]
<kuznero>
gchristensen: :) gladly
<LnL>
:)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] primeos pushed 1 new commit to master: https://git.io/vdUwy
<NixOS_GitHub>
nixpkgs/master 699231e Michael Weiss: sshfs: 3.2.0 -> 3.3.0
NixOS_GitHub has left #nixos []
glenn has quit [(Ping timeout: 240 seconds)]
Robinson2 has left #nixos ["Leaving"]
glenn has joined #nixos
glenn has quit [(Remote host closed the connection)]
glenn has quit [(Remote host closed the connection)]
glenn has joined #nixos
<Infinisi1>
bachp: There isn't
<lassulus>
is there a way to get the configuration.nix from a system deployed with nixops?
<lassulus>
system.copySystemConfiguration sadly points to the system I deployed from
<Infinisi1>
I don't think there's a way if you haven't saved/backed up the nix files yourself
<Infinisi1>
What I add to my systems is system.extraSystemBuilderCmds = "ln -sv ${./.} $out/configuration";
jtojnar has quit [(Read error: Connection reset by peer)]
<lassulus>
well I would backup it, but nixops doesn't generate it in the first place
jtojnar has joined #nixos
<Infinisi1>
lassulus: Don't you have a single file you give nixops to create the system from?
<Infinisi1>
Isn't that the whole system config?
<lassulus>
no, there are 2 files, and they get somehow translated into one
<Infinisi1>
I think one of them is for deployment, the other for config
<lassulus>
especially the part which translates the deployments.hetzner.partitions part to the configuration.nix part is important, because in my config there is no network/fs stuff
<eacameron>
I know nothing about it but one of my clients is interested in using Ganeti but he also likes the idea of NixOS. Do they play nicely together?
justanotheruser has joined #nixos
JosW has quit [(Quit: Konversation terminated!)]
<Infinisi1>
lassulus: I see the show-option in nixops --help, does that do it?
<Infinisi1>
I usually use nix-instantiate --eval '<nixpkgs/nixos>' -A config.nix.trustedUsers to see what options evaluate to in the end, so I guess nixops show-option uses something like that
<lassulus>
hmm, sadly nixops show-option $machine fileSystems just shows an empty set
erictapen has joined #nixos
drakonis has joined #nixos
hiratara has quit [(Ping timeout: 255 seconds)]
<Infinisi1>
maybe add --xml?
<bachp>
Infinisi1: Thanks
<lassulus>
still empty, guess I will have to read the nixops source then (;^◇^;)ゝ
<manveru>
lassulus: isn't it in the sqlite file?
hiratara has joined #nixos
<manveru>
hm, guess not
<gchristensen>
kuznero: what're you thinking about re rabbitmq clustering?
<lassulus>
I don't even know where the sqlite file is ¯\_(ツ)_/¯
<manveru>
it's that localstate.nixops
<manveru>
or whatever name you used for the nixops state
<manveru>
which is not ideal... you have to coordinate, but otherwise you need a singleton machine that keeps the state, which is also not good
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vdUos
<NixOS_GitHub>
nixpkgs/master f3b9ac7 Graham Christensen: nixos/rabbitmq: fix restarts and sasl logs...
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to release-17.09: https://git.io/vdUoG
<NixOS_GitHub>
nixpkgs/release-17.09 beb1f1e Graham Christensen: nixos/rabbitmq: fix restarts and sasl logs...
NixOS_GitHub has left #nixos []
<gchristensen>
kuznero: ^ :)
<bachp>
manveru: I'm waiting for https://github.com/NixOS/nixops/pull/624 to finalize and then I plan to add some functionality to put the state in s3 or similar
<kuznero>
gchristensen: that was fast from fix to commit :)
<gchristensen>
kuznero: easy fix *shrug*
<gchristensen>
and if I don't do it know, I'll forget
justanotheruser has quit [(Ping timeout: 246 seconds)]
<gchristensen>
kuznero, LnL: thank you both for your help
jcarr has quit [(Ping timeout: 240 seconds)]
<kuznero>
gchristensen: np
<LnL>
no problem, I'm still waiting for my build :)
justanotheruser has joined #nixos
justanotheruser has quit [(Client Quit)]
justanotheruser has joined #nixos
phreedom has joined #nixos
<woffs>
also my firefox build takes some hours
<pstn>
I find it a bit confusing how the kernels are built in nixos. Where can I find the actuall callPackage to them?
kuznero has quit [(Remote host closed the connection)]
<pstn>
I'm trying to build my own experimental Kernel directly from the config but I keep getting strange errors, so I think I missunderstand what's happening.
simendsjo has quit [(Quit: ERC (IRC client for Emacs 25.3.1))]