predator217 has quit [(Ping timeout: 260 seconds)]
sigmundv has quit [(Ping timeout: 248 seconds)]
ivanovs-4 has joined #nixos
<boxofrox>
i'm running nixos 17.03 on a vm. I ran `su -c "usermod -aG wheel,adm,systemd-journal boxofrox` and after using the system for an hour or so, I find my group assignments have disappeared... while I'm logged in. /etc/group shows zero occurances of user boxofrox. anyone know why?
<tilpner>
Have you activated a new configuration in the meantime?
<tilpner>
(nixos-rebuild would do it)
<boxofrox>
no, i haven't run nixos-rebuild in that time.
<boxofrox>
been tinking with database replication.
<tilpner>
Then I don't know why, but you should do that modification in your nixos-config, if possible
oida has quit [(Quit: WeeChat 1.9)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/vd30P
<NixOS_GitHub>
nixpkgs/master 538b016 Franz Pletz: pythonPackages.pyalgotrade: incompatible with python3
NixOS_GitHub has left #nixos []
<ivanovs-4>
i have NixOps 1.5.1. There are two machines in the network. Virtualization is libvirtd. Documentation says that NixOps generates a /etc/hosts file that contains entries for all the logical machines in the network. But in my /etc/hosts is only localhost.
<boxofrox>
hmm.. for some reason I thought nixos would leave /etc/groups alone if `users.mutableUsers` was false.
<tilpner>
It can't leave it completely alone, otherwise how would it apply group changes specified in the config?
<tilpner>
It might not wipe your manual modifications, but I don't know the specifics
<gchristensen>
ivanovs-4: on the 2 machines, not the controlling / deploy machine
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 2 new commits to release-17.09: https://git.io/vd30d
<NixOS_GitHub>
nixpkgs/release-17.09 d9298e3 Franz Pletz: openmodelica: mark as broken, unmaintained
<NixOS_GitHub>
nixpkgs/release-17.09 90c8b6e Franz Pletz: pythonPackages.pyalgotrade: incompatible with python3...
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/vd30F
<NixOS_GitHub>
nixpkgs/master e68e149 Franz Pletz: pythonPackages.pyalgotrade: fix typo
NixOS_GitHub has left #nixos []
<ivanovs-4>
gchristensen: both machines is virtual, and is defined in network.nix
<gchristensen>
ivanovs-4: the two virtual machines will have host entries on themselves
<ivanovs-4>
yes
<boxofrox>
tilpner: description for `users.mutableUsers` says I can add users and groups and the file is merged with contents generated from configuration.nix. it reads like you say, manual changes will be overwritten.
<boxofrox>
i just find it so wierd that i lost group privileges in the middle of a shell session. usually I have to logout/login or newgrp to modify my list of groups.
<ivanovs-4>
each of virtual machine have only its own localhost entry in /etc/hosts
<gchristensen>
boxofrox: uhh yeah that is wrong :/
<gchristensen>
boxofrox: shells don't reload group perms during a run
<boxofrox>
i can't find any other way to describe it. i am using ssh (maybe it dropped and automatically reconnected, it normally doesn't autoreconnect for me). but going back through my shell history, I changed my groups, exit, ssh back in, screw around with my database for a few hours, and then sudo stops working.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 2 new commits to release-17.09: https://git.io/vd3EZ
<NixOS_GitHub>
nixpkgs/release-17.09 5b09ca0 Franz Pletz: gplates: mark as broken
<NixOS_GitHub>
nixpkgs/release-17.09 4beb7d1 Franz Pletz: djbdns: don't try to build on hydra
NixOS_GitHub has left #nixos []
<boxofrox>
i'll chalk it up to wierd and see if it happens again.
<NixOS_GitHub>
nixpkgs/master 7d7c8cd Franz Pletz: Merge pull request #29901 from WilliButz/packageUpdates...
NixOS_GitHub has left #nixos []
infinisil has quit [(Quit: WeeChat 1.9)]
endformationage has quit [(Ping timeout: 248 seconds)]
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
<boxofrox>
alright, i concede. the shell can't reload groups and didn't. i did run `nixos-rebuild` after using `usermod`. the order was reversed in my memory and i missed it rereading my shell history. thanks for setting me straight!
_ris has quit [(Ping timeout: 240 seconds)]
pxc has joined #nixos
Wizek_ has quit [(Ping timeout: 248 seconds)]
<disasm>
boxofrox: if mutableUsers is false, you don't want to alter users at all using system utilities. if you want to do that, set it to true.
pxc has quit [(Ping timeout: 240 seconds)]
<disasm>
also, if you accidentally set it to false and you don't have your password hashes set in configuration.nix all your user passwords are no longer set.
pxc has joined #nixos
<boxofrox>
disasm: i did not set mutableUsers, so it should be the default of true. I suspect mutableUsers=true only works for new users and groups, existing "system-configured" entries seem to be overwritten upon nixos-rebuild (e.g. the wheel group in /etc/group). I've added the extraGroups as tilpner suggested and my groups are restored. i've had password hashes since I first installed nixos and it was then I
<boxofrox>
learned about mutableUsers with respect to setting/changing passwords manually. i erroneously thought the behavior extended to `usermod -aG`.
sellout- has quit [(Quit: Leaving.)]
pie_ has quit [(Ping timeout: 248 seconds)]
dieggsy has quit [(Remote host closed the connection)]
<gchristensen>
hot dog
<gchristensen>
NixOS is at 620 members
<boxofrox>
congrats \o/
<gchristensen>
up from 350 early 2016
<gchristensen>
kmicu: yuno make these announcements anymore
<iqubic>
What package provides the ACPI command?
zeus_ has quit [(Read error: Connection reset by peer)]
zeus_ has joined #nixos
<disasm>
boxofrox: ah, I was just commenting on your comment above "for some reason I thought nixos would leave /etc/groups alone if `users.mutableUsers` was false" -- I think you meant true there.
superherointj has joined #nixos
<superherointj>
Hello.
<disasm>
welcome!
<boxofrox>
disasm: doh, yes, i meant to say true. :D
<superherointj>
Today I use Ubuntu, and I hate the way I screw my OS everytime I install a new package from a unknown PPA.
<superherointj>
Can I replace a Desktop Ubuntu with NixOS?
<gchristensen>
yes!
<superherointj>
Or is it supposed to be used only in servers?
<disasm>
superherointj: you've come to the right place :)
<disasm>
superherointj: it makes a GREAT desktop/laptop OS. I run it on my macbook.
<superherointj>
Oh great! :D
<superherointj>
Do you do Dual Boot? I've got a Macbook too.
<gchristensen>
I dual boot on my macbook, but have a minimally sized osx partition just for firmware updates
<disasm>
superherointj: yeah, but I boot into OSX maybe once every other month
<boxofrox>
iqubic: not sure, i suspect if `acpi` doesn't, then `acpitool` will.
<boxofrox>
that's how i found acpitool :D does it list files in the package, too?
<superherointj>
Heh! I like here already. People are talking! :D
<gchristensen>
no :(
<gchristensen>
superherointj: #nixos is typically a very friendly, polite, and supportive community :)
<disasm>
gchristensen: how big is your EFI boot partition on your mac?
<gchristensen>
oh uh
<gchristensen>
I don't know :) it isn't nearby, but probably <1G?
<gchristensen>
probably like 200m
globin has quit [(Ping timeout: 258 seconds)]
<disasm>
gchristensen: do you just garbage collect frequently? mine is 200 MB as well and I keep running out of disk :)
<boxofrox>
i had 200mb for EFI on a Asus Zenbook. worked well for one kernel, two initramfs, and refind, beyond that it was too small.
<gchristensen>
that one yeah, I do
<gchristensen>
my current laptop is 500M and fits nicely
<disasm>
probly need to wipe out osx and reinstall to increase mine to 500M :(
globin has joined #nixos
<gchristensen>
superherointj: I thought nixos was crazy and like it wasn't going to work and was unpleasant like most linuxes on the desktop, but I tried it in a VM on a thursday and then the following saturday erased my macbook to switch to nixos
<gchristensen>
and have been in love ever since
<superherointj>
I plan having it in parallel. Not replacing Ubuntu, nor Windows.
<iqubic>
boxofrox: My Asus Zenbook is dying slowly but surely.
<superherointj>
I just need to learn how I can do so. I have 512GB disk splitted between win/ubuntu 256GB each. :-)
Arcaelyx has joined #nixos
<boxofrox>
iqubic: yea, my fans are about gone. i lost the 30gb embedded flash drive twice on it. luckily i get by with a SSD in the sata slot.
Arcaelyx_ has quit [(Ping timeout: 264 seconds)]
<iqubic>
See I have an earlier model that came without fans or anything fancy
<boxofrox>
iqubic: really? my Zenbook is first gen. UX32VD. has discrete nvidia graphics though. might be why I have the fans.
<disasm>
superherointj: are you up for reinstalling ubuntu?
<superherointj>
Is it necessary?
<superherointj>
I which I could keep my current instalation.
<superherointj>
*wish
<superherointj>
I am fine about installing a new OS.
<superherointj>
But I don't want to lose what I have already.
<superherointj>
That would be a lot of trouble.
<boxofrox>
you could tarball your ubuntu installation onto a backup drive, repartition, mkfs, then `tar -x` onto its new home.
<gchristensen>
superherointj: do you have a backup of important files?
<superherointj>
I don't have back-ups.
<gchristensen>
superherointj: it is always good to backup before trying things like this
<gchristensen>
_just in case_ :)
mbrgm has quit [(Ping timeout: 252 seconds)]
<superherointj>
It would be easy to back-up what I got here. I'd need another disk. My idea was just to resize Ubuntu partition, free space, and install NixOS on the free space.
<superherointj>
*wouldn't
<superherointj>
Sorry, I am sleep deprived right now. My mind is making mistakes. lol
<disasm>
gchristensen: can I just garbage collect kernels/initrd or is it safe to manually remove some of the older ones from /boot?
<superherointj>
I'll only install Nix tomorrow morning.
<boxofrox>
meh, my brain thinks one thing and my fingers type the opposite.
mbrgm has joined #nixos
<disasm>
superherointj: what filesystem is ubuntu?
<gchristensen>
disasm: I wouldn't ... are you out of space?
<superherointj>
Ext4
<gchristensen>
in boot
<iqubic>
How does one configure specific packages?
<superherointj>
fat32
<iqubic>
As in, I want to use Chrome/Chromium, but I also want to be able to watch netflix.
<superherointj>
Grub is Fat32 I think. Not sure. I don't know much about it.
<iqubic>
What if you want to install a program for just one user?
<boxofrox>
iqubic: no, I doubt chromium options would work with chrome, but like gchristensen said, installing google-chrome should work out of the box.
<gchristensen>
iqubic: do you really have multiple users?
<iqubic>
No.
<boxofrox>
iqubic: su - username -c 'nix-env -i google-chrome'? not sure about package name, I use arch on desktop :)
<iqubic>
So I have to rebuild my config to install new software?
<iqubic>
boxofrox: then why do you hang out here?
<disasm>
superherointj: yeah, shrinking ext4 is possible if you have a lot of free space left
<boxofrox>
i use nixos on servers
<iqubic>
I see.
<gchristensen>
iqubic: I do, it is much more pleasant and easy and quick to do
<gchristensen>
iqubic: but for temporary use, I use nix-shell
<gchristensen>
example for chrome:
<gchristensen>
nix-shell -p google-chrome
<iqubic>
Is nix-shell installed by default?
<gchristensen>
or even magically: nix-shell -p google-chrome --run google-chrome-stable
<gchristensen>
yeah
<disasm>
superherointj: I'm personally using btrfs with subvol root so I can dual boot arch/nixos on the same filesytem although haven't rebooted into arch in over 6 months
<iqubic>
What does nix-shell provide that other programs don't?
<disasm>
gchristensen: I probly need to delete older generations first, rebuild switch is still getting out of disk space errors (even without --upgrade)
<gchristensen>
iqubic: it lets you "install" programs just for that shell
<clever>
iqubic: nix-build will just build a package, nix-shell gives you a shell suitable for building things, "nix-shell -p" creates a shell with given packages available
<gchristensen>
disasm: yeah, delete old generations, then /boot will still be full, but /boot is cleared of old gens on nixos-rebuild-switch
<iqubic>
I see/
<iqubic>
How does one check if a package is still being maintained?
<boxofrox>
'nix-env -i google-chrome' is permanent install for user?
<gchristensen>
nix-env -iA google-chrome would be better, but again really I'd recommend using configuration.nix + systemPackages
<clever>
boxofrox: it will persist until removed with nix-env -e
<iqubic>
So apparently services.emacs is a thing.
<iqubic>
I did not know that.
<disasm>
iqubic: look at nixpkgs and see if it has meta.maintainers set
<boxofrox>
clever: it persists until the same user runs nix-env -e? or can user2 run nix-env -e and affect the installed apps of user1?
Piece_Maker has joined #nixos
Acou_Bass has quit [(Ping timeout: 240 seconds)]
<clever>
boxofrox: the same user
<clever>
boxofrox: nix-env will edit a per-user profile
Piece_Maker is now known as Acou_Bass
<superherointj>
I already have Grub installed, If I free space for NixOs, and install NixOS, is it going to replace my current grub? Or just add entry for NixOS?
<clever>
superherointj: by default, it will overwrite the grub
<disasm>
gchristensen: removed older than 30 days and still get No space left on device did I really install that many kernel upgrades this month? :)
<clever>
superherointj: and it needs to overwrite the grub config every time you make a change
<gchristensen>
iqubic: pkgs.google-chrome goes in to your systemPackages and also a nixpkgs.config = { allowUnfree = true; }
<gchristensen>
near the top of thte config file
<iqubic>
I have to allow unFree???
python47` has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] AndersonTorres opened pull request #29914: twolame: init at git-2017-09-27 (master...upload/twolame) https://git.io/vd3aL
NixOS_GitHub has left #nixos []
<boxofrox>
iqubic: yes, you have to willingly acknowledge that you want to install software that could not be vetted by the package maintainers and suffer any consequences thereof... or that's how I've always interpretted such features.
<iqubic>
Maybe nix-env can spit out a warning saying that the package it is looking for is unfree.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] globin pushed 1 new commit to release-17.09: https://git.io/vd3aq
<NixOS_GitHub>
nixpkgs/release-17.09 3663760 Robin Gloster: tests.hibernate: disable on 32 bit...
NixOS_GitHub has left #nixos []
<gchristensen>
iqubic: add google-chrome to your systemPackages without adding the allowUnfree part and try to rebuild :)
<iqubic>
Having to put all the packages I use in one big long list is making me think about what I actually use my linux machine for
<gchristensen>
disasm: your disk space reminds me of my system here with an 8GB /
<gchristensen>
disasm: after a mass rebuild I have to disable most of the config, update, collect garbage, enable the config, and rebuild b/c it can't fit 2 full generations :D
<iqubic>
I assume attribute name is the xxx in pkgs.xxx ?
<iqubic>
Am I right in that assumption?
<gchristensen>
iqubic: yeah, add pkgs.google-chrome to the list
python47` has quit [(Ping timeout: 258 seconds)]
Arcaelyx_ has joined #nixos
<iqubic>
what are the names of the LaTeX and Bibliotex packages?
<disasm>
gchristensen: doh! have to collect garbage as root, lol
<gchristensen>
ah! :)
takle has quit [(Remote host closed the connection)]
Arcaelyx has quit [(Read error: Connection reset by peer)]
Fare has quit [(Ping timeout: 240 seconds)]
<disasm>
down to 4 kernels, much better :)
<iqubic>
So, I've added a bunch of options to configure zsh. Can I still have a .zshrc to configure some more options, or does that stuff also go into configuration.nix?
<gchristensen>
you can have a zshrc
<iqubic>
Mostly I want to add a bunch of aliases, but there are certain things that must go in .zsh, like ohMyZsh promt configuration.
<boxofrox>
i think nixos-rebuild leaves your home folder alone once it's created, yes?
<gchristensen>
yeah
<iqubic>
Wait, so where does zsh get it's settings from?
<iqubic>
And how do I add aliases and other such stuff to zsh?
<gchristensen>
the nixos config sets up /etc/zshrc probably, but you can have a .zshrc
<iqubic>
I see. Won't a user specific config override the /etc/zshrc?
<gchristensen>
just like any other zshrc setup
<iqubic>
So where do I go to add aliases to my shell?
<iqubic>
Oh, I see where. Found that.
lambdamu has joined #nixos
nh2 has quit [(Quit: Leaving.)]
<iqubic>
Well, how do I tell nixos which fonts to use? Because I want some powerline fonts on my terminal.
<gchristensen>
did you try searching for fonts in man configuration.nix
<iqubic>
No. I should do that.
<boxofrox>
iqubic: you should be able to put them in $HOME/.local/share/fonts i imagine. it's what I do on arch linux. there's an XDG spec for it.
<gchristensen>
but also you'll have to configure your programs as usual
lambdamu_ has quit [(Ping timeout: 240 seconds)]
<boxofrox>
the benefit of putting most of your settings in configuration.nix is the ability to rebuild your environment on a new system with the single file. it certainly works great for duplicating servers for testing.
<iqubic>
boxofrox: That's why I've migrated to NixOS
<boxofrox>
i also love the whole `nixos-rebuild switch --rollback`
Supersonic112 has quit [(Disconnected by services)]
<gchristensen>
me too :)
Supersonic112_ has joined #nixos
<gchristensen>
and rollbacks by boot
Supersonic112_ is now known as Supersonic112
<boxofrox>
i haven't used that yet. but i did see my grub menu getting longer
<gchristensen>
you don't want to need it, but when you need it, it is there
<boxofrox>
it would have saved many a weekend of EFI boot rebuilds on my arch laptop. I did not have that set up very well and sometimes kernel upgrades would break my system. didn't help that I encrypted my hard drive either ><
<sellout->
Anyone using structured-haskell-mode? the elisp directory seems to have disappeared from the derivation between 1.1.0 and the timestamped git version. It seems like https://github.com/NixOS/nixpkgs/commit/ef6849ca63ffa01e10aa28ade7d8afff7a856922 could maybe be the culprit? (since the change prior to that removed the 1.0.20 hardcoded version, and the one after hardcoded the git version).
noobineer has quit [(Read error: Connection reset by peer)]
RayNbow`TU has quit [(Quit: leaving)]
JosW has joined #nixos
<clever>
hyper_ch: theres a github link at the bottom
<hyper_ch>
but that requires you to scroll down :)
<hyper_ch>
what I was wondering, why is 18.03 not in that list yet :)
<clever>
open an issue against its github
<clever>
hyper_ch: you may not get a reply from domen for a day or 2 though
<hyper_ch>
why domen?
<clever>
his name is on some of the recent commits and issues
<clever>
and i think he mentioned something about running it
<hyper_ch>
ah
Nobabs27 has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej pushed 2 new commits to master: https://git.io/vd3P6
<NixOS_GitHub>
nixpkgs/master 3e91da5 José Romildo Malaquias: efl: 1.20.3 -> 1.20.4
<clever>
gentoo has an option the sudo group to be speical, but its commented out
<richierich_>
gotcha
<richierich_>
and 'wheelNeedsPassword' forces sudo-enabled users to enter their password whenever accessing root, correct? (was looking for the option earlier)
<hyper_ch>
yes
<richierich_>
alright
<srhb>
richierich_: I believe that's true by default
<hyper_ch>
probably
<richierich_>
srhb: Didn't seem to be the case for me
<srhb>
richierich_: That's.. Strange.
<richierich_>
srhb: yea...
<clever>
richierich_: in what context did you notice that?
<richierich_>
clever: whenever I use sudo?
<clever>
richierich_: from a normal install? from the livecd?
<srhb>
richierich_: sudo remembers that you logged in for some time after you type the password the first time, did that possibly happen?
<richierich_>
clever: normal install from the livecd, but config pieced together from random examples online
<clever>
richierich_: the livecd gives you a root shell, and root doesnt need to use sudo
<richierich_>
srhb: I know that, but if that's true in my case then it remembers it for a long time
<richierich_>
clever: I mean using sudo *after* installing from a livecd
<richierich_>
clever: i.e. on the system i have up and running right now
<clever>
richierich_: can you gist your configuration.nix?
<richierich_>
clever: hang on, I spotted my mistake...thought the "%" in the sudoers file was a comment
<richierich_>
clever: welp
<clever>
A User_List is made up of one or more user names, user IDs (prefixed with ‘#’), system group names and IDs (prefixed with ‘%’ and ‘%#’ respectively)
<clever>
% is the prefix for group names
<richierich_>
clever: yea, admittedly I did not pay much attention to that part of the config
<richierich_>
clever: so "%wheel ALL = (ALL) SETENV: NOPASSWD: ALL" probably does not help :)
orivej has quit [(Read error: Connection reset by peer)]
<clever>
correct
<clever>
if you dont set that, it will do the sane thing
justanotheruser has quit [(Ping timeout: 258 seconds)]
orivej has joined #nixos
sellout- has quit [(Quit: Leaving.)]
<richierich_>
so I guess at this point I'll ask another dumb question: is the only way to understand the various options for a nix package to read the .nix file itself in nixpkgs? Or is there an easier way to query what a specific option might do?
<makefu>
the pills are now an official part of the nixos documentation (in contrast to the new wiki). But then again this is how the community can get over "yay wiki, nay wiki" :)
<makefu>
i really like the dontbreakdebian article
<ixxie>
we need a don't break nixos article
<ixxie>
its harder to break nixos but not impossible
<makefu>
but you can still try stupid things
<ixxie>
I once had a scary moment where some channel changes actually broke previous generations
<makefu>
like editing shit in /etc
<makefu>
or adding files in /usr
<makefu>
or patchelf'ing all the tools by hand
<ixxie>
"NixOS: you can still be an idiot, it's just *that* much more difficult."
<goibhniu>
using the nixpkgs channel for NixOS is also pretty dangerous
numerobis has quit [(Ping timeout: 246 seconds)]
nico202 has joined #nixos
<fearlessKim[m]>
any advice on how to debug a builder ? I've a shellHook that is not triggered I've no idea why. I would like to run the builder with sthg akin to 'bash -x' ?
kuznero has joined #nixos
numerobis has joined #nixos
<makefu>
ixxie: i think the article should be more about the philosophy of nix then. "what are stupid ideas in first place"
<kuznero>
Hi All! I have slightly unrelated question to nix (it is docker related), but I know there are smart people who can help me here.
<kuznero>
I have a problem with apache server running in docker container (httpd, lighttpd services) running as www-data user (normally uid: 33 and gid: 33 in ubuntu images). Problem here is that as soon as I mount a volume that apache suppose to have write access to, it simply cannot write to it regardless the fact that I set proper access on the host directory with `sudo chown -R 33:33 ...`. There are several exact examples for this - mediawik
<kuznero>
And that is irrelevant if I start unmanaged container with `docker run` or a service with `docker service create`...
arianvp2 has joined #nixos
<kuznero>
Each time I mount a volume (type=bind|volume) apache becomes unable to write to these folders...
<ixxie>
makefu: Nixosophy
<kuznero>
Am I missing something - perhaps it shouldn't be uid:33 and gid:33 on the host? How do I find uid:gid that I need to set permissions on the host?
<fearlessKim[m]>
arf that's weird, "nix-shell ~/nixpkgs2 -A lua52Packages.cjson" triggers my shellHook (cool), but "nix-shell -p lua52Packages.cjson --verbose -I nixpkgs=$HOME/nixpkgs2" didn't ?
<makefu>
difference is -p and -A
<drnick`>
hi. has anyone benn able to successfully build samba 4.7.0 with mitkrb?
Wizek_ has joined #nixos
<fearlessKim[m]>
makefu: I see... means I have some work to do then xD
<drnick`>
the problem I have is that, while trying to build it, i get an error during the `./confgure` stage - krb5kdc is not found, even though I've tried installing it manually in advance via configuration.nix and it is present on my path
<makefu>
bkchr: not sure how to fix it but "site" is a python module for managing site-packages paths
<bkchr>
makefu: Yeah, I already found this information. Maybe something broke with python3 or so
k0001_ has joined #nixos
<makefu>
maybe some paths got skewed with the python executable and it is unable to find the stdlib
<makefu>
or there is a new mechanism in nixpkgs now how to handle site paths
pxc has joined #nixos
<makefu>
it seems like the build mechanism from ibus changed
<makefu>
(or maybe not)
mudri has joined #nixos
pxc has quit [(Ping timeout: 258 seconds)]
<LnL>
what package contains the unsquashfs binary?
<LnL>
ah squashfsTools
koserge has joined #nixos
<freeman42x>
was NixOS 17.09 released? was supposed to be released on: 2017-09-28
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] jyp opened pull request #29920: Revert "cudatoolkit: Move libcudart to a separate output" (master...fix-tensorflow-runtime) https://git.io/vd3Ar
NixOS_GitHub has left #nixos []
<makefu>
LnL: when in doubt, try `nix-index` package with `nix-locate bin/unsquashfs`
<LnL>
that's exactly what I did, was just waiting for the index to rebuild :)
<makefu>
haha okay
blahdodo has quit [(Remote host closed the connection)]
mudri has quit [(Ping timeout: 258 seconds)]
<vegai>
nix-env -qaP doesn't seem to search from overlays
<vegai>
is there way to do that?
<bkchr>
makefu: the last changes in ibus seem not to change the build system that much..
<makefu>
vegai: actually it does (at least for me)
blahdodo has joined #nixos
<Mic92>
clever: Is there anything special I have to do to get remote builds working? I created a user and add the the ssh key specified in /etc/nix/machines to authorized_keys. However nix only returns unable to `connect to ‘nix@inspector.r’`
<sphalerite>
gchristensen: re "NixOS is at 620 members" what do you mean?
<makefu>
vegai: not sure if this is the right snippet
FRidh has quit [(Quit: Konversation terminated!)]
<vegai>
heh, oops, sorry.
<sphalerite>
vegai: it does, but it may be that the overlay in question creates a non-searched subset (I don't know how that actually works, but e.g. haskellPackages is such a set)
<vegai>
concurrent discussion race there
<sphalerite>
s/subset/nested set/
<vegai>
well, I have the firefox-overlay enabled for my user, but cannot find any of the packages in it
<vegai>
even though I can install them
kini has quit [(Ping timeout: 248 seconds)]
<vegai>
in other words, nix-env -iA nixos.firefox-nightly-bin installs the nightly firefox
<vegai>
but nix-env -qaP '.*firefox.*' seems to find only the system-wide firefoxes
<makefu>
i installed firefox nightly like this some days ago, maybe the overlay is not configured correctly?
<vegai>
umm, wait. Now I see them.
<vegai>
ok, clear case of pebkac
<vegai>
sorry
<makefu>
DI DI DIIII
kini has joined #nixos
mudri has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej pushed 2 new commits to master: https://git.io/vd3xF
<goibhniu>
sphalerite: there are 621 people/bots in the #nixos channel ... I think it was even up to 640 yesterday ... I wonder if the release will bump us over 700 :D
<sphalerite>
aah right
<gchristensen>
yeah, when early 2016 it was 350 in here
<sphalerite>
huh. Riot shows 881 people in the room which is bridged to the IRC channel
guillaum2 has quit [(Quit: leaving)]
<sphalerite>
Maybe the bridge missed leave events or something
<gchristensen>
yeah, weird
kuznero has quit [(Quit: Page closed)]
fendor has joined #nixos
ertes-w has joined #nixos
<Dezgeg>
are the matrix users perhaps counted twice?
<NixOS_GitHub>
nixpkgs/master a047e19 volth: timescaledb: include schema migration .sql scripts
NixOS_GitHub has left #nixos []
<ertes-w>
have the blueborne vulnerabilities been fixed in one of the channels?
nschoe has quit [(Quit: Program. Terminated.)]
<gchristensen>
iirc all of them since 17.03
<gchristensen>
and-including 17.03
phreedom has joined #nixos
numerobis has quit [(Ping timeout: 248 seconds)]
simukis has joined #nixos
<Mic92>
clever: I figured the authentication problem out
<corpix>
Is there a way to unlock luks devices in the order? I have encrypted disk A with passphrase, generated a key /root/b which is used for drive B and want system to ask me for the passphrase to the A disk only. At this time there is no order varanty so system may "waiting 10 seconds for /root/b to appear" and after some fails it finally comes to the password prompt for drive A...
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej pushed 2 new commits to master: https://git.io/vdsUL
<NixOS_GitHub>
nixpkgs/master 8ebe47a José Romildo Malaquias: gparted: 0.28.1 -> 0.29.0
<sphalerite>
corpix: I think they might be unlocked in alphabetical order?
<sphalerite>
Or does it fail nondeterministically?
<corpix>
sphalerite: It fails same way every time, probably it has alphabetic order, will check it out now
__Sander__ has joined #nixos
nico202 has joined #nixos
nslqqq has quit [(Ping timeout: 240 seconds)]
<sphalerite>
corpix: it works consistently for a similar setup that I have, and "cryptkey", the name of the luks volume that's required for the others, precedes "rootpool" and "swap" alphabetically so that would be my guess
<sphalerite>
Then again, that might be an implementation details as opposed to a guarantee
<whald>
hi! i've just installed nixos for the first time and obviously got an IRC client running. yeah! so could someone here please recommend me some documentation helping me to profit from this: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vscode/default.nix ? it seems i manage to install only version 1.9, while it seems 1.16.1 should be possible. somehow...
phreedom has quit [(Ping timeout: 240 seconds)]
phreedom has joined #nixos
<vegai>
upgrading to 17.09 beta. Exciting.
nh2 has joined #nixos
<hyper_ch>
you use pdftk?
<whald>
vegai, i already managed zfs root plus uefi boot, so it seems i'm in for exciting stuff today. :-)
<vegai>
would you guys have any idea what could cause a displayport connection to suddenly only output max 1024x768?
<vegai>
this is probably not nixos-related
<nh2>
bachp: ping
<bachp>
nh2: yes?
whald has quit [(Read error: Connection reset by peer)]
<bachp>
nh2: Lokks good to me, I haven't tested it tough
<nh2>
bachp: can you set an approval checkmark via the github review feature or make a comment in that direction? It wasn't clear to me whether you're done looking at it or if you want to look/test more before it being merged
<nh2>
at the step "==> Merging PR into base" it says there are conflicts in files that my PR doesn't touch at all (it's only bumping a package version)
<whald>
tilpner, i feel like having a "mostly stable" system is what i want, so could you please provide me a pointer on how to install specific packages from nixos-unstable? i can't find the relevant documentation as it seems.
musicmatze_ has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
<tilpner>
whald - Note that unstable refers to the stability of the channel (how often the expressions in it change), not the stability of the packaged software (how often it crashes/breaks)
<tilpner>
(Though newer versions may also have received less testing)
<whald>
tilpner, so i'll go all in on unstable -- the installation is fresh anyway, there's not much i could mess up. :-)
musicmatze_ has joined #nixos
dannyg has joined #nixos
<tilpner>
You can use nix-channel to manage the channels you're subscribed to. "nix-channel --list" will show what channel you're currently on
<whald>
tilpner, my original intention was to have unstable as an additional channel, and pull in only vscode from there, what i did not manage to figure out is how to do that
<tilpner>
Do you want to install vscode via your nixos-config/configuration.nix or via nix-env?
<whald>
tilpner, currently i'm just upgrading the whole system to unstable, but knowing how to pick specific packages from channels might come in handy later on
<gchristensen>
whald: you should not go to unstable, but to 17.09 :)
<whald>
tilpner, i this nix-env is good enough
<gchristensen>
17.09 will be stable soon
<gchristensen>
and won't be ... unstable :P
jellowj has quit [(Ping timeout: 248 seconds)]
<tilpner>
whald - But the other one is easier :/
<tilpner>
gchristensen - It doesn't have 1.16.* yet, which whald may require
<tilpner>
(A multi-channel setup would be best, of course)
<Leo`_>
Is anyone having issues with the NixOS firewall? When I boot up the server it starts dropping all the connections on port 22 (which is supposed to be opened).
<gchristensen>
17.09 doesn't? it was just forked from master
<whald>
so can i just "nix-env -i ..." something and say "but give me that package from channel X"?
<Leo`_>
I had the same problem yesterday but I managed to just restart the firewall service and it would work again for a while, but now it's right when the machine boots so I'm basically locked outside.
<hyper_ch>
why do old building not have "cable lanes" at the wall socket or in the floor...... couldn't they anticipate 50 years ago that we want to have everything connected with ethernet...
<disasm>
hyper_ch: they anticipated in a 100 years everything would be wireless :)
<hyper_ch>
:)
<infinisil>
Idea: Contrary to packages, it's currently quite annoying to have a module from unstable. And the reason is right here: nixpkgs/nixos/modules/module-list.nix (a list of all modules). How about we make these overridable, similar to overlays
<hyper_ch>
it just really sucks if your bottle neck is the wifi
<hyper_ch>
I only get 1/4 of my internet speed when I use wifi
<lluchs>
even today's buildings are often without any ethernet wiring
<hyper_ch>
they don't need to have wiring
<lluchs>
people only miss it once the building is done and they figure out the wifi doesn't reach all rooms
<hyper_ch>
it would already be good if they just have cable lanes ready so you can put calbes in if you want
<hyper_ch>
cable channel or whatever it's called
<lluchs>
at that point, they buy lots of repeaters which gives you full wifi bars at shitty performance
<hyper_ch>
or they go for mesh network
<hyper_ch>
or use powerline adapters
<hyper_ch>
to interconnect the wifi
acarrico has quit [(Ping timeout: 252 seconds)]
<hyper_ch>
if I'll ever build a house, I'll make sure it has cable channels
<tilpner>
disasm - That's what I wanted to show them initially, but they said they wanted nix-env :/
goibhniu has joined #nixos
orivej has quit [(Ping timeout: 258 seconds)]
<tilpner>
(Well, not that article specifically. Still too much to do)
<disasm>
tilpner: buy why? Life is so much better when everything is in configuration.nix!
<hodapp>
hummm, is exwm in NixOS 17.03 even though nix-env -qa doesn't show it? it looks like it should be, but perhaps not as a separate package
<hyper_ch>
I wonder if I should switch over to unstable small
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 1 new commit to master: https://git.io/vdsBg
<NixOS_GitHub>
nixpkgs/master ad2c63a Tim Steinbach: kotlin: 1.1.50 -> 1.1.51
NixOS_GitHub has left #nixos []
<makefu>
makefu: what i do is to prepare software which is able to read config from arbitrary locations (like vim,emacs) and include them in users.users.<username>.packages
<iqubic>
makefu: can you help help me understand how to use home-manager?
magnetophon has joined #nixos
eacameron has joined #nixos
mkoenig has quit [(Remote host closed the connection)]
<iqubic>
What does users.users.<username>.packages do?
<infinisil>
Ah, I did'nt check the options page. Seems this was just added recently then
<infinisil>
man configuration.nix contains it
<infinisil>
I quote: users.users.<name?>.packages: "The set of packages that should be made availabe to the user. This is in contrast to environment.systemPackages, which adds packages to all users."
<infinisil>
Never used it though, using home-manager for that
<iqubic>
That readme wants me to use nix-env. Is that safe?
magnetophon has quit [(Ping timeout: 248 seconds)]
magnetophon has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] jyp opened pull request #29925: cudatoolkit: move libcu[...] to lib output (master...cudatoolkit-move-more-libs) https://git.io/vds0Z
NixOS_GitHub has left #nixos []
<iqubic>
Also where is home-manager getting the names for things like programs.git?
pxc has quit [(Ping timeout: 255 seconds)]
<hyper_ch>
iqubic: there's a huge disclaimer for home-manager on top... so "Is that safe?" is a pretty moot question :)
<iqubic>
I see.
<hyper_ch>
still fail to see the point of what you're wanting to do.. it's different if you had to support tens, or hundreds or thousands of user accounts
<hyper_ch>
but if it's just you... I fail to see the point
<iqubic>
I'm not sure.
<iqubic>
I guess I'll just manually deal with my application specific configs myself
<hyper_ch>
of course to get to know more things you can try home-manager :)
<hyper_ch>
nobody will stop you :)
<hyper_ch>
or might just be your curiosity to figure out how to get it to work...
<iqubic>
I'm not going to use it.
<iqubic>
So, do you know which fonts are installed by the nerdfont package?
<hyper_ch>
no
<iqubic>
Do you know how I can even check such a thing?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Infinisil opened pull request #29926: encrypted devices: fix label set assertion (master...encrypted-label-assertion-fix) https://git.io/vdsEk
NixOS_GitHub has left #nixos []
<clever>
iqubic: run nix-build against it and look at the files it contains
<magnetophon>
lightdm gives me a black screen with a pointer, no matter which config I boot. When I click I get the normal greeter and I can login. The greeter log says: "Gdk-Message: lightdm-gtk-greeter: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.". When I google that I get nothing useful.
<clever>
output path ‘/nix/store/3676mpn0q0x46qr795z3c716irkr614l-nerdfonts-1.1.0’ has r:sha256 hash ‘1cg11apglr833a246jnxaibfgaj77w090gqxwpzbqlzmh9aw4zg2’ when ‘1f3qvzl7blqddx3cm2sdml7hi8s56yjc0vqhfajndxr5ybz6g1rw’ was expected
ahawkins has quit [(Quit: Connection closed for inactivity)]
<sphalerite>
Last I checked, the kernel in 17.09 didn't get along too well with my machine and I had semi-frequent complete lockups
<sphalerite>
At least I assume it's the kernel
<hyper_ch>
nah, kernel is fine
<sphalerite>
Anything I can do to debug this issue and hopefully find out how to fix it?
jtojnar_ has quit [(Read error: Connection reset by peer)]
<hyper_ch>
update your cpu :)
jtojnar_ has joined #nixos
<sphalerite>
hyper_ch: alright then, the (kernel, machine) pair
<hyper_ch>
ram check
<sphalerite>
17.03 works fine
<sphalerite>
So it's not a hardware issue
<sphalerite>
I'd also be extremely disappointed if it was a hardware issue given that it's 4 months old
Arcaelyx has joined #nixos
Arcaelyx_ has quit [(Ping timeout: 246 seconds)]
superherointj has joined #nixos
<sphalerite>
Anyway, I don't want to be stuck on 17.03 which I presume won't be supported much longer :(
<sphalerite>
So if anyone could give me any pointers to help debug the issue I'd be very grateful
<sphalerite>
Mic92: did you get my PM?
<Mic92>
sphalerite: yes the second time
<Mic92>
sphalerite: do you get my responses?
<Mic92>
sphalerite: I answered you the first and the second time
<iqubic>
Well, that's a bug report submitted.
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<sphalerite>
Mic92: nope :/ matrix bridge must be broken
<Mic92>
sphalerite: I think I have also a matrix account somewhere
<infinisil>
sphalerite: random black screens that log you out??
bennofs has quit [(Quit: WeeChat 1.9.1)]
<superherointj>
I barely could sleep this night thinking of all the possibilies Nix brings to the table.
bennofs has joined #nixos
<sphalerite>
infinisil: no, no logout, just everything freezing
<sphalerite>
Mic92: I'll just log into IRC with a normal, client, proabbly quicker
<iqubic>
Well, that's a first. Submitting a bug report to a big repo like nixpkgs.
<superherointj>
Lately I am learning oCaml because it is good for Unikernels. And I already use Docker containers. But setting up my Desktop environment has always been painful. I am usually afraid of installing something new and screwing up everything I had done so far.
hotfuzz_ has joined #nixos
<infinisil>
sphalerite: Hmm alright, I've been getting random black screens with logout recently
<superherointj>
Nix solves the Desktop part.
<goibhniu>
superherointj: Yay! \o/
<Mic92>
sphalerite: are you logged in already?
erasmas has joined #nixos
hotfuzz has quit [(Ping timeout: 240 seconds)]
<Mic92>
superherointj: debugging unikernels can be also a pain
<iqubic>
clever: Does fonts.enableDefaultFonts give me a whole lot of Unicode support?
<Mic92>
superherointj: you are missing a lot of convinient apis already built into common operating systems. OS development is a hard buisness
<makefu>
is the board of choice for an aarch64 build server? my google-fu was not strong enough to find an adequate answer
<makefu>
s/^/what /
<superherointj>
The same way OS offers abstraction to applications, libraries offers abstractions to unikernels apps.
<superherointj>
The difference is Unikernels can be better optimized for the application being run.
<gchristensen>
makefu: ours is a cavium thunderx from packet.net
<gchristensen>
makefu: the type 2a
<Mic92>
sphalerite: can you read my messages now?
jacob has joined #nixos
jacob is now known as Guest48395
<Mic92>
makefu: I also looked into that, it is not too cheap, if you want CPU power
<Mic92>
ARM server boards are still a niche
<lucasOfBesaid>
I'm having trouble modifying the expression for Z3. All I want to do is add a configuration option, but it looks like the build script isn't playing nice together with ocaml and findlib. https://gist.github.com/Reilithion/d585f0c722ca3bac2d28278d6314247d
<superherointj>
I agree many things might be rebuilt from scratch to make it work, like, I like Erlang BEAM, I've been considering eventually things will get to a point that the structure of it will be rebuilt somehow. This build, rebuild, rebuild, .. cycle is painful indeed. And it never stops.
<superherointj>
All these tools are solving mostly the same problem. By different implementations.
sellout- has quit [(Quit: Leaving.)]
<superherointj>
I've watched a great video on Erlang and Nix.
<iqubic>
If I install NerdFonts, or an other fonts, will I still have to add them to the fonts.fonts?
<gchristensen>
superherointj: thanks for the link!
<infinisil>
iqubic: you only need to put them in fonts.fonts
ryanartecona has joined #nixos
<iqubic>
I don't need to list the packages in environment.systemPackages?
<makefu>
Mic92: yes exactly, but maybe for testing the raspi3 i have is fast enough (after i've replaced the sd-card with something faster than class-4)
<iqubic>
The font packages I mean.
<infinisil>
iqubic: nope
<iqubic>
Cool
<elasticdog>
was the 17.09 release date pushed?
Arcaelyx has joined #nixos
bennofs has quit [(Quit: WeeChat 1.9.1)]
<iqubic>
Do I need to keep the system.stateVersion in my configuration.nix?
<Mic92>
makefu: recycle phones sounds interesting, but it is not like you can run mainline kernel on these devices
<infinisil>
iqubic: Yeah, don't touch system.stateVersion unless you want trouble or know what you need to do to not get trouble
<iqubic>
How do I get access to unicode symbols, Asian fonts, and Emoji?
<makefu>
Mic92: true :D i still like the idea
<iqubic>
What fonts do I ask for in fonts.fonts?
<Moredread>
I think I saw a way in one of the manuals to drop into a shell where I can execute build phases manually, but I can't find it. Does someone know how this works?
<infinisil>
iqubic: One that has the symbols you need
<iqubic>
Is there a list of valid font names anywhere?
<iqubic>
It's literally pkgs.xxx
<fearlessKim[m]>
got it my problem has nothing to do with autojump xD . Trying to use environment.variables to set XDG_CONFIG_HOME as $HOME/.config etc... will it understand $HOME ?
<samueldr>
`noto-fonts noto-fonts-cjk noto-fonts-emoji` should cover pretty much everything
<fearlessKim[m]>
iqubic: nix-env -A fonts -qP or sthg like
<fearlessKim[m]>
that
<iqubic>
What if a package installs multiple fonts? How does that work?
<iqubic>
samueldr: I see. I wast thinking of just using those
<samueldr>
I believe go-fonts installs Go and Go Mono (to be verified)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej pushed 1 new commit to master: https://git.io/vdswq
civodul has quit [(Remote host closed the connection)]
<adelbertc>
anyone here building docker images through Nix, but then also uploading them to Artifactory and/or deploying to K8s?
rtjure has quit [(Ping timeout: 248 seconds)]
<pingveno>
infinisil: Does that actually work for you? I get an error about firefox-nightly-bin not existing.
<infinisil>
adelbertc: Just ask your actual question
<adelbertc>
Nix builds Docker images as tarballs, which when uploaded to Artifactory don't seem to play nice with Docker or K8s. e.g. docker load can't pull remotely, docker import loses the Cmd setting for reasons unknown to me, and K8s doesn't like pulling down tarballs. Wondering if anyone has run into this as well and what their solution is?
<adelbertc>
My current thinking is to add an additional Nix build step in my Nix build that does something like docker load + docker save (which presumably gets me the actual Docker image format) and then upload that instead
<infinisil>
pingveno: Yeah no, that's how it used to work
<infinisil>
pingveno: Now you need to do what srhb said
zeus_ has quit [(Remote host closed the connection)]
zeus_ has joined #nixos
phreedom has quit [(Ping timeout: 240 seconds)]
__Sander__ has quit [(Quit: Konversation terminated!)]
mattcode has joined #nixos
pxc has joined #nixos
<pingveno>
Sweet, works fine!
<pingveno>
I've also been having trouble getting the Rust overlay to upgrade. error: imported archive of ‘/nix/store/v5bm98n68h1dq67rvqzcg5md2a02dzya-channel-rust-stable.toml’ lacks a signature
nh2 has quit [(Ping timeout: 248 seconds)]
<srhb>
Wow, nightly has.. issues. :D
<infinisil>
srhb: What's the problem for you? I've been using it for a few days now and it works great
jellowj has joined #nixos
<hyper_ch>
there's also a nightly?
<srhb>
infinisil: It can sometimes type an @ sign with a danish keyboard layout (alt gr+2) sometimes not... And sometimes they really are there but appear sometime after being typed.
<infinisil>
pingveno: You may be able to do it by setting nix.trustedUsers = [ "root" "@wheel" ]; in your system config
<NixOS_GitHub>
[nixpkgs] Ericson2314 opened pull request #29935: cc-wrapper: More intelligent sierra hack (release-17.09...appease-sierra-linker-17.09) https://git.io/vdsbj
NixOS_GitHub has left #nixos []
<infinisil>
hold on, in a rocket league game rn
bennofs has joined #nixos
<gchristensen>
Sonarpulse: how are you using nix on sierra? O.O
<iqubic>
infinisil: finish the rocket league game, and then post the config.
<srhb>
They're actually turbo implementing powerlevel9k for nix. ;-)
<iqubic>
What does that mean?
<srhb>
Nothing, it was a silly joke.
hotfuzz has quit [(Quit: WeeChat 1.9)]
MichaelRaskin has joined #nixos
<srhb>
They work poorly when I don't convey them well in English.
<iqubic>
I don't get they joke.
<srhb>
(infinisil isn't actually playing rocket league but creating the nix integration for powerlevel9k as we speak, pretending to be playing rocket league)
<hyper_ch>
do I even want to know what rocket league is....
<iqubic>
It's a game where you play soccer while driving around in cars
zraexy has quit [(Remote host closed the connection)]
<infinisil>
one of the only 2 games i play, it's really well made
<infinisil>
alright I'm done
hotfuzz has joined #nixos
<iqubic>
Take your time in posting the config. I'm in no rush
<pxc>
like sure, there's a lot of work to be done on Hydra and I understand why a replacement might be welcome but I'd so much rather work with it than Jenkins, having spent this week fighting with the latter
fendor has quit [(Remote host closed the connection)]
<iqubic>
I see. And that gets all the latest packages?
<srhb>
iqubic: If you're using channels, something like nixos-rebuild switch --upgrade
<srhb>
iqubic: The upgrade flag will fetch the newest channels
<srhb>
iqubic: switch will build and activate the new configuration immediately.
<iqubic>
I don't use channels?
<hyper_ch>
pretty sure you use channels
<srhb>
iqubic: You're using a nixpkgs checkout?
<hyper_ch>
you're probably on 17.03
<srhb>
iqubic: sudo nix-channel --list
<iqubic>
hyper_ch: That's right
<srhb>
At any rate, the --upgrade flag will essentially call nix-channel --update before nixos-rebuilding to update the channels
<iqubic>
Well, time to port infinisil powerlevel9k setup to configuration.nix
<iqubic>
Can I tell programs.zsh.ohMyZsh.custom to fetch stuff from the github?
<srhb>
iqubic: you can use fetchFromGitHub however you like, if you can coerce the result into something that that parameter will accept.
<iqubic>
Alright then. Time to do some research into how this works.
<infinisil>
Ohh, regarding updating, note that nixos-rebuild switch --upgrade doesn't change your channel aka nixos version, you'll stay on 17.03. If you want to switch to 17.09 you need to switch the channel, and then do nixos-rebuild switch --upgrade
bennofs has quit [(Ping timeout: 264 seconds)]
<hyper_ch>
there should be a stable channel that would auto-forward from 17.03 -> 17.09 -> 18.03 etc... IMHO :)
<hyper_ch>
when according release becomes declared stable
<infinisil>
Don't think that's a good idea, a lot of people have autoupdate enabled
<infinisil>
i'd think at least
<infinisil>
and updating versions isn't always smooth
<iqubic>
I have autoupdate enabled. Is that fine?
<detran>
I'd like to use firefox 57, what's the best way to go about that?
<iqubic>
infinisil: What does fetchToFolder do in your zsh config?
<infinisil>
iqubic: You need to stop worrying so much, of course it's fine to use autoupdate, as is using any other nixos option
aminechikhaoui has quit [(Ping timeout: 248 seconds)]
<infinisil>
iqubic: It's a function i declared which fetches a github repo and puts the result in /nix/store/<hash>-name/<repo-name>
<iqubic>
infinisil: why are you using fetchToFolder and packages, instead of fetchFromGitHub?
Judson1 has joined #nixos
<Judson1>
Is there a git hook to check for commit message formatting?
<Judson1>
I'd love to set one up on my local nixpkgs checkout, and wonder if it's been done already
<infinisil>
iqubic: It's easy to add other zsh plugins like that
<iqubic>
But you only use fetchToFile once.
<infinisil>
Actually if all you need is 1 plugin it's much simpler
<infinisil>
hold on ill rewrite it for 1 plugin
<iqubic>
All I need is powerlevel9k to be cloned to the right spot.
<clever>
2017-09-15 13:16:52< Mic92> disasm: no, requires zfsUnstable anyway
<clever>
found it
CrazedProgrammer has quit [(Remote host closed the connection)]
<hyper_ch>
infinisil: too much info :)
<clever>
hyper_ch, infinisil: i believe with this, you can get raid, encryption, snapshots, and even use znapzend, and the remote backup server has no way to view the contents
<hyper_ch>
but I want the backup server to be able to access the encrypted data
<clever>
then you will need to manualy enter the password on the backup machine
<hyper_ch>
there are times when I need to restore a file from 3 years ago
<clever>
to unlock the data
<hyper_ch>
ok
<clever>
if you set the encryption flag directly on the pool (rather then pool/root like the wiki said), it will be inherited by everything
<clever>
so its nearly the same as FDE
<clever>
some metadata will be readable, the names of datasets, and sizes, but i believe filenames and their contents are totally protected
<hyper_ch>
also bookmarked
<pmade>
Is it possible to use NixOps to deploy 20-30 AWS EC2 instances that all share the same /nix/store somehow?
<Mic92>
clever: works great so far
<clever>
pmade: share them at what level?
<infinisil>
clever: I'm considering redoing my data setup again
<clever>
Mic92: is there also any way to load the passphrase from a file in /boot with no user intervention?
<Mic92>
clever: yes.
<Mic92>
key files are also supported
<clever>
Mic92: i'm thinking, a way to do zfs encryption on a headless server, and i only have to destroy a key in /boot and know the rest is toast
<Mic92>
clever: you probably have to do zfs load-key yourself
<clever>
in postdevice i'm gueessing?
<pmade>
clever: Good question. I want to use AWS to create development environments for teaching a class. But I don't want to have to upload closures N times (when using N servers)
<clever>
pmade: ah, an AMI is better for that
<iqubic>
Is there any guide on how to use fetchFromGitHub?
<pmade>
clever: Okay, researching AMI then...
<clever>
pmade: i believe you can generate an AMI, that has the entire closure, then upload that to amazon, and configure nixops to start with that AMI
detran has quit [(Remote host closed the connection)]
<clever>
pmade: so nixops will only have to copy the differences (hostname, any future updates)
<Mic92>
clever: ok. I just checked. you can also set a fixed key location for the dataset. This will be picked up by zfs load-key
<Mic92>
clever: then it should just work with the current initrd
<clever>
Mic92: ah, so as long as it exists in the initrd at the right path (either via mount, or embeded) it will work
<hyper_ch>
Mic92: I still fail to see why you think FDE is bad
fendor has quit [(Ping timeout: 240 seconds)]
<pmade>
clever: Also, will NixOps put anything sensitive (like AWS keys) in the nix store that I should watch for since students will be able to read the store?
<Mic92>
hyper_ch: correctness is hard to prove
acarrico has joined #nixos
<hyper_ch>
Mic92: I have no idea what you mean by that
<clever>
pmade: i dont think it will do that, but you wil want to obviously restrict access to the user nixops is ran as
<Mic92>
hyper_ch: have you seen the pictures about aes ECB mode?
<hyper_ch>
Mic92: no
Nobabs27 has quit [(Quit: Leaving)]
<clever>
Mic92: what could potentially go wrong if you make 2 luks volumes, and then mdadm mirror them into a single block device?
<pmade>
clever: Hmm, that has me thinking. I was just going to run nixops from my laptop, but it sounds like you are suggestion I run it from another AWS instance.
<iqubic>
clever: Can I control where the cloned repo goes?
<hyper_ch>
Mic92: I read that but I don't understand it
<clever>
iqubic: the repo always goes into /nix/store, and fetchFromGitHub returns the path
<iqubic>
Oh, really is that all it does?
<clever>
iqubic: yeah, thats what every single derivation does
<Mic92>
clever: if you just have mirror over two devices, you have not parity, when a bit flip happens. You cloud use a different raid mode though, like raid 6
<disasm>
clever: what about zfsUnstable? I'm confused
<clever>
Mic92: ah, so mdadm mirror doesnt know which side is "right"
<Mic92>
disasm: this is the zfs master branch, so not a released version
<iqubic>
Oh, I did not know that.
<clever>
Mic92: but what about the luks level, does it have any checksum?
eacameron has quit [(Ping timeout: 255 seconds)]
<Mic92>
clever: no. there is no authentication in luks. Thats the problem with fde. And even if you would have, there is no feedback implemented for mdadm
<clever>
Mic92: ah, so the bitflips will just go clean thru luks (scrambling different bits as it gets decrypted), and then mdadm would get upset about the mismatch, and not know the right answer
<clever>
Mic92: if zfs encryption wasnt an option, then you could do zpool create POOL /dev/luks1 /dev/luks2
<iqubic>
clever: Do I need to tell fetch from package what sha256 checksum to use?
<clever>
Mic92: then the bit flips will be visible to zfs, and it can pick the right size
<clever>
iqubic: yes
<Mic92>
clever: Yes. I still have such a pool deployed
<iqubic>
Where do I find the sha256?
<clever>
iqubic: nix-prefetch-git, or just supply a wrong hash, and look at the error nix-build gives
<hyper_ch>
iqubic: you want to also add the program "nox" to your installed programs list
<clever>
Mic92: hmmm, do you know if luks is just xorg(data, prng), or if its more complex?
<clever>
xor, lol
cpennington has quit [(Remote host closed the connection)]
<infinisil>
that is pretty secure
<infinisil>
nothing wrong with xor
<clever>
infinisil: but if you then have 2 drives, each doing drive1 = xor(data, prng1) and drive2 = xor(data, prng2)
<clever>
infinisil: and then you xor the 2 drives together
<clever>
you get the result of xor(prng1, prng2)
<infinisil>
and what can you do with that
<clever>
yeah, thats the real question
<Mic92>
infinisil: it is deterministic. This is really a problem
<infinisil>
xor(prng1, prng2) is just another prng
<infinisil>
Mic92: I sure hope prng's are deterministic, otherwise you couldn't decrypt stuff with it
<infinisil>
or am i missing something here
<Mic92>
infinisil: but if you what the plaintext looks like, you could figure out the key
<Mic92>
infinisil: aes xts tries to work around that
<clever>
my understanding, is that the prng is based on the master key, and sector#
* infinisil
thinks about that for a second
<clever>
so every sector has a different prng
detran has joined #nixos
<iqubic>
infinisil: what the home-manager zsh initExtra option correspond to in configuration.nix?
<iqubic>
s/what the/what does the/
<Wizek>
How can I switch nixpkgs on a non-nixos nix install? E.g. to 17.03?
lverns has joined #nixos
<clever>
Wizek: with nix-channel
<infinisil>
Mic92: But, isn't a prng just a function that maps a range of values to a greater range which is indistinguishable from true randomness?
jellowj has joined #nixos
<LnL>
iqubic: don't know there are a bunch of shellInit options under programs.zsh
<infinisil>
Damn, I took an intormation security course last year and i still don't know sh*t. That's exactly the kind of thing I'm supposed to know
* disasm
is so confused, I didn't ask anything about zfs :) someone in here with a similar name today?
<infinisil>
I'm not sure if it needs to be in promptInit or shellInit
<Mic92>
infinisil: it is unauthenticated, which means an attacker can change your data. And if you write to the same sector twice an attacker can check if you have written the same data again to the block
<iqubic>
infinisil: no harm in trying bot an seeing what works is there?
callmecabman has joined #nixos
<infinisil>
Mic92: Hmm right
<infinisil>
iqubic: Huh? I don't get your question
<iqubic>
s/bot/both
<Mic92>
clever: actually a copy-on-write fs is more secure in combination with FDE, since it will not write to the same sector twice in a while
detran has quit [(Remote host closed the connection)]
<iqubic>
I'm just telling you that I'm going to try putting my powerlevel9k config in both shellInit and promtInit and seeing what works
<iqubic>
One at a time of course
<infinisil>
iqubic: yeah suer
bennofs has quit [(Quit: WeeChat 1.9.1)]
<clever>
Mic92: yeah, so the prng will rarely get reused
<iqubic>
gchristensen: How does that answer my questions?
<makefu>
Mic92: regarding aarch64, https://softiron.com/development-tools/overdrive-1000/ seems to be the thing i am looking for. advertising is "Cross-compiling or using emulation can be slow and time consuming. Go faster with native 64-bit and save time, money and frustration."
<Mic92>
makefu: I don't get why cross-compiling is slow
<makefu>
`can be slow and time consuming.` :D
<Mic92>
makefu: how much do they want for this box
<makefu>
i think retail was around 600 dollars (last year)
hotfuzz has quit [(Quit: WeeChat 1.9.1)]
mortum5 has quit [(Ping timeout: 240 seconds)]
hotfuzz has joined #nixos
<Mic92>
makefu: now the only question is, what kernel they support
lverns has quit [(Quit: Leaving)]
<adelbertc>
are there any examples of Nix builds that run a daemon process, interact with it, and shut it down, as part of the build? if that even is possible/is a thing?
<clever>
adelbertc: that should be possible, as long as you can control what ports the daemon listens on, so it cant conflict with another instance of itself
orivej has joined #nixos
<makefu>
Mic92: nice find, opteron A1100 is also what i've found
<kuznero>
Hi All! In order to upgrade to 17.09 is that enough to set `system.stateVersion = "17.09";` Then `sudo nix-channel --add https://nixos.org/channels/nixos-17.09 nixos` and then `sudo nixos-rebuild switch --upgrade`?
<LnL>
\o/
<LnL>
kuznero: don't change the stateVersion that could break stuff
<makefu>
Mic92: with this we could "just" cross-compile?
<LnL>
hydra is still building, the next update will be the stable one
<kuznero>
ok, thanks
<fpletz>
garbas: yeah, if you think if it is useful ;) we will continue to monitor master and cherry pick fixes anyway though
lucasOfBesaid has quit [(Quit: Page closed)]
takle has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] pmahoney opened pull request #29938: universal-ctags: include libiconv on darwin (master...universal-ctags-darwin) https://git.io/vdGcF
<yegortimoshenko>
are nixpkgs derivation options a part of public api?
ona has quit [(Ping timeout: 258 seconds)]
ona has joined #nixos
<LnL>
dtzWill: did you see my comment on the llvm-5 pr
<infinisil>
I don't quite understand what you mean, but the answer is yes, because everything is open source
<infinisil>
yegortimoshenko: ^^
<yegortimoshenko>
infinisil: what i mean is if a derivation option could be dropped from the derivation if not needed anymore or if it should be deprecated and left as a non-op
<infinisil>
you mean the basic nix type of a derivation? Or mkDerivation?
ona has quit [(Ping timeout: 240 seconds)]
<yegortimoshenko>
i mean, some specific derivation option has, say, enableGTK2 option (or input), but upstream has switched to GTK3
<yegortimoshenko>
or if there was some feature that could be disabled at build-time, and there was a derivation input, say, enableFeature ? true, and now it's mandatory, what should be done with the option?
Wizek_ has quit [(Ping timeout: 255 seconds)]
<infinisil>
ohh, you mean an argument, and that's no derivation argument, it's an argument to a function that produces a derivation
<infinisil>
It depends I'd say
<yegortimoshenko>
technically you are right, ok, package argument
<infinisil>
If it's easily possible I'd keep it in there for a bit longer, having a warning for when it's still used, and deprecate it later
<infinisil>
but if not many people are using it I'd just remove it
<infinisil>
the users that know nix/nixpkgs will just realize that it got removed by looking at the commits, and lesser advanced users will just ask the former :P
<infinisil>
and optionally put it in the release notes
<yegortimoshenko>
i see, thanks
<LnL>
I would say that it depends, don't think you should keep it around if it doesn't make sense
<yegortimoshenko>
i personally prefer java's approach with deprecated functions that never go away
<yegortimoshenko>
(but i was asking specifically about nixpkgs policy)
Neo-- has joined #nixos
hiratara has quit [(Ping timeout: 258 seconds)]
jensens has joined #nixos
hiratara has joined #nixos
eacameron has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej closed pull request #29815: fetchFromGitHub: Always add meta.homepage to the derivation (master...fetchFromGitHub) https://git.io/vdt2O
NixOS_GitHub has left #nixos []
mudri has quit [(Ping timeout: 246 seconds)]
<pie_>
has anyone tried installing the unity ide
k0001 has quit [(Ping timeout: 258 seconds)]
<tilpner>
Yes
<infinisil>
pie_: Just ask your question directly
<pie_>
how do i install the unity ide
<pie_>
i dont see a package listed on the online package list
<pie_>
but i see allusions to it existing
<tilpner>
You don't see the unity3d package?
<MP2E>
is unity3d a nonfree package? perhaps you need to enable unfree packages
<MP2E>
(to be fair, this is a bit obtuse to figure out)
<tilpner>
(You'll also need programs.unity3d.enable = true; for permissions)
deepfire has quit [(Ping timeout: 258 seconds)]
<pie_>
why the heck does unity need permissions...
<pie_>
huh well ill give that a shot
koserge has quit [(Ping timeout: 248 seconds)]
<clever>
pie_: ah, the option tilpner mentioned is an alias to security.chromium.SuidSandbox.enable
<clever>
pie_: unity must be reusing the chromium setuid wrapper for its sandboxing
<MP2E>
huh. interesting
<clever>
and nix doesnt allow setuid binaries in the store, so you need to enable it in the nixos config
<yegortimoshenko>
can i get an interactive shell if boot stage 1 has failed? (i get `mounting rpool/root on /mnt/root failed: Input/output error` after forced shutdown)
<pie_>
huhhhh. what does that even mean? (i know what sandboxing is in general)
<clever>
yegortimoshenko: add "boot.allow_shell" to the kernel parameters i believe
<clever>
pie_: its dropping some perms that it doesnt need, i dont remember what exactly
<clever>
pie_: but on some kernel configs, you need root to drop them further
<pie_>
need perms to drop perms...that sounds...counterproductive.
<clever>
pie_: its more like switching to the nobody account
malwarebr has joined #nixos
<clever>
the kernel doesnt allow changing uid once you have dropped root
<pie_>
if you say so.
<pie_>
ah.
<pie_>
right.
* pie_
scratches head
<pie_>
is there any way to see why my store is so big
<clever>
pie_: many, one sc
<clever>
pie_: first, have you tried just a normal "nix-collect-garbage" with no flags?
<clever>
that would get rid of just 44, and then follow it up with a normal nix-collect-garbage
<pie_>
right
<pie_>
well that freed about 1.8 gigs
<tilpner>
Are there generations you want to keep?
<clever>
there is also `nix-collect-garbage --delete-older-than 30d` (as root), which gets rid of any generation over 30 days old
<pie_>
rinse repeat
<pie_>
tilpner, to be fair, probably not
<clever>
so you can choose between the nuclear "anything old" option, or prune i carefully
<tilpner>
Then do what clever said, or delete all old ones with "sudo nix-collect-garbage -d"
<clever>
-d just gets rid of everything old, with no time limit
numerobis has joined #nixos
<pie_>
right.
hke has quit [(Ping timeout: 246 seconds)]
<infinisil>
This should be a longer option tbh
<infinisil>
something like --delete-every-generation
hke has joined #nixos
<clever>
the man page is also fairly sparse
<clever>
and people often run it without root then wonder why it didnt delete anything
<tilpner>
Hey clever, quick question: I import a package from GitHub via fetchFromGitHub [ tx0.co/E0ke.nix ], then callPackage that repo. The package installs fine, but the checked-out repo is gc-ed on next collection. What's the prettiest way to make sure they're not collected?
silver_hook has quit [(Ping timeout: 260 seconds)]
<clever>
infinisil: though i do see a long form, -d (--delete-old),
<pie_>
oh for chrissake i freed up 4 gigs how much space does this thing need haha
<clever>
pie_: back to the previous du output, any ghc's left?
<tilpner>
A manual solution is no good, unless I can automate the nix-build somehow and keep the result symlink in the store? gc-keep-outputs looks nice, but I'm worried it will keep a lot of other unnecessary build outputs aronud too
<clever>
what roots them?
<pie_>
ah yeah i can do the spacce freeing stuff im just annoyed at unity now
<Phyra[m]>
is 17.09 out?
<pie_>
clever, hm, profile links apparently
<clever>
pie_: latest generation?
<pie_>
clever, not even close afaict
malwarebr has quit [(Read error: Connection reset by peer)]
jellowj has joined #nixos
<pie_>
well i said screw it and nuked anyhting older than 100 days
jellowj has quit [(Client Quit)]
jtojnar_ has quit [(Read error: Connection reset by peer)]
jtojnar_ has joined #nixos
<globin>
Phyra[m]: it is tagged but waiting for hydra for a channel bump and the official announcement which will probably happen tomorrow afternoon GMT
k2s has joined #nixos
mattcode has quit [(Quit: Leaving)]
jellowj has joined #nixos
jensens has quit [(Ping timeout: 240 seconds)]
ryanartecona has quit [(Quit: ryanartecona)]
ryanartecona has joined #nixos
<garbas>
yaaaay!
ryanartecona has quit [(Client Quit)]
kungfukenny has quit [(Ping timeout: 240 seconds)]
<garbas>
anybody using alacritty as their terminal? is it stable?
<garbas>
probably i should asked, is it usable :)
digitus has quit [(Quit: digitus)]
k2s has quit [(Quit: Leaving)]
acarrico has joined #nixos
numerobis has quit [(Ping timeout: 240 seconds)]
<pie_>
i like how installing winetricks pulls in most of x11 :I
<pie_>
oh apparently it pulls in wine too..
* pie_
shrugs
<pie_>
garbas, i think so? but they have a channel at #alacritty
Neo--- has quit [(Ping timeout: 258 seconds)]
colabeer has joined #nixos
sigmundv has joined #nixos
<colabeer>
how did you guys setup your screen locker in nixos so it starts when you close your laptop?
erasmas has quit [(Quit: leaving)]
<infinisil>
sddm the display manager does that for me
<colabeer>
hm i wonder if i3 has an option for that
<kkini>
wow, written in rust huh
<kkini>
I should try it
simukis has quit [(Quit: simukis)]
<garbas>
pie_: thx, i'll look at the issue / PRs
<pie_>
uh does nix-collect-garbage -d 70d also collect normal garbage? because thats kind of annoying because i keep running out of space and having to delete more and then it also cleans up the large already downloaded stuff that i have to dl again
<kkini>
what is "normal garbage"?
<pie_>
"nix-collect-garbage"
<pie_>
i mean i guess this is a "my use case at the moment " thing
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 1 new commit to master: https://git.io/vdGab
pie_ has quit [(Remote host closed the connection)]
pie_ has joined #nixos
ryantrinkle has quit [(Ping timeout: 248 seconds)]
<kkini>
How much work would it be to move the nix store (for a multi-user Nix installation on a non-NixOS system) to a different path?
<kkini>
I understand I'd have to rebuild everything since paths are hardcoded into a lot of things by patchelf etc., but is there tooling that supports such a procedure?
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]