<disasm>
I have too much client data (like names, ip addresses, hostnames, etc...) in my configuration.nix so it's in a private repo, but that's the module I wrote
<disasm>
some of the comments are wrong, my apologies :)
<iqubic>
Totally fine. I'm not gonna be using that set-up
sigmundv__ has quit [(Ping timeout: 258 seconds)]
<iqubic>
What I want is a list of all the zsh themes that are available to me, along with scree shots
<tilpner>
(Thinking about it, these should probably be in environment.sessionVariables
<tilpner>
)
<ee1943>
tilpner: I see. I had a problem with my the theme being reset after setting it with lxappearance
<ee1943>
I guess it was related to those env vars
<ee1943>
do you have any trouble with Qt applications not respecting the GTK theme?
proteusguy has quit [(Remote host closed the connection)]
<tilpner>
I have trouble installing KDE applications, and I don't know any other QT applications that use the... usual widgets
<tilpner>
(I just installed kate, it did have my GTK theme)
<ee1943>
interesting, I'm setting my theme/font/icons using the gtk-settings files etc which is pretty janky so a lot of stuff barely works (i.e. qt). I'll give your method a shot
<ee1943>
thanks for sharing your knowledge :)
sivteck has joined #nixos
michalrus has quit [(Read error: Connection reset by peer)]
michalrus has joined #nixos
<tilpner>
ee1943 - Correction: kate did not actually pick up my theme, that was something else
<ee1943>
hmm, yeah I have problem with some Qt applications that I use where they don't follow the GTK theme
<fearlessKim[m]>
When trying to build an upgraded cmd2, it now requires https://pypi.python.org/pypi/pyperclip which Is present in python36Packages.pyperclip but when nix-build cmd2, I get "Could not find a version that satisfies the requirement pyperclip (from cmd2==0.7.7) (from versions: )
<fearlessKim[m]>
No matching distribution found for pyperclip (from cmd2==0.7.7)". Could it be because https://pypi.python.org/pypi/pyperclip doesn't list python3.6 as a supported platform ?
<hyper_ch>
ah.... that's something totally different :)
<iqubic>
It's a system for extending the functionality of zsh. It also lets you add themes to your zsh prompt
<iqubic>
But the theme stuff is not working properly
<hyper_ch>
yeah, no idea :)
hamishmack has joined #nixos
moet has joined #nixos
<iqubic>
hyper_ch:
<iqubic>
I'm not going to bother. I'm switching to fish now.
<hyper_ch>
I only know fish as a "protocoll" in kde :)
b123400 has joined #nixos
b123400 has quit [(Client Quit)]
rauno has joined #nixos
sivteck has quit [(Quit: user missing.)]
<iqubic>
fish is a shell
<iqubic>
fishshell.com
moet has quit [(Ping timeout: 248 seconds)]
sary has quit [(Ping timeout: 260 seconds)]
pie_ has quit [(Ping timeout: 240 seconds)]
JosW has joined #nixos
zzamboni has joined #nixos
sary has joined #nixos
<etu>
iqubic: I'm also hanging out in the #fish channel on OFTC and was first like: "yeah it is, why would you say that here" before I realized which channel I was reading. :D
eacameron has quit [(Remote host closed the connection)]
<nixo[m]>
iqubic: i have a workaround for zsh themes, i can send you the relevant config part
pie_ has joined #nixos
pie_ has quit [(Read error: Connection reset by peer)]
pie_ has joined #nixos
koserge has joined #nixos
deepfire has joined #nixos
<sphalerite>
iqubic: IMHO omz is kind of awful in general, because it tries to reinvent package management in a kind of half-arsed way. I can help you set up powerlevel9k independently of it
<sphalerite>
Unless of course you're happy with fish, in which case yay
<sphalerite>
I like fish in principle, it's so much nicer than zsh... But its completions aren't as fleshed out, I find.
pie_ has quit [(Ping timeout: 240 seconds)]
jb55 has quit [(Ping timeout: 258 seconds)]
jesuspv has joined #nixos
ebzzry_ has quit [(Ping timeout: 240 seconds)]
phg has quit [(Quit: WeeChat 1.9.1)]
phg has joined #nixos
phg has quit [(Client Quit)]
phg has joined #nixos
radivarig has quit [(Remote host closed the connection)]
<eqyiel[m]>
how can I get nixops to activate a system despite one failing unit
Fare has quit [(Ping timeout: 240 seconds)]
<eqyiel[m]>
I swear I've seen some failing services that don't result in "unable to activate new configuration" being thrown
peacememories has joined #nixos
<eqyiel[m]>
oh, it must be because `wantedBy = [ "multi-user.target" ];`
<sphalerite>
I don't see why that would do it
<sphalerite>
And doesn't it activate the new system partially if part of the activation fails?
<sphalerite>
Because configuration activation isn't atomic, so it leaves the system in an inconsistent state if it fails?
<eqyiel[m]>
IIRC that service used to create all kinds of chicken and egg problems with services that wouldn't be able to start until the certificate arrived
pie_ has joined #nixos
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<hyper_ch>
clever: still awake?
<clever>
hyper_ch: yep
<hyper_ch>
clever: what is the ashift=12 option for? I read it's recommended for hdds and ashift=13 for ssds but I don't really get why
<clever>
hyper_ch: it makes the block sizes 2^12
<clever>
12 gives 4096, and 13 gives 8192 i believe
<hyper_ch>
why ssd 13 then? becuase they're so much faster?
<clever>
more because they have larger blocks
<clever>
if you write to a section smaller then a block, the drive has to read the current value, overwrite part of it, then write the entire block back out
<hyper_ch>
ok... then what does the altroot=/mnt option with zpool create?
<clever>
normally, zfs mounts everything under / automatically
<clever>
but when installing, you want to chroot under /mnt
<hyper_ch>
so if you create a dataset xxx it would be automounted as /xxx
<clever>
altroot tells it to mount things under /mnt/
<clever>
the altroot is only active until reboot
<hyper_ch>
and with altroot=/mnt and you created a dataset "xxx" it would mount as /mnt/xxx ?
<clever>
yeah
<hyper_ch>
cool
<hyper_ch>
one more thing.... I was able to send zfs snapshots etc...... zfs send pool/dataset@snapshot | zfs backup/dataset@snapshot that seems to work fine
<hyper_ch>
then I create a new snapshot .... I was able to figure out I could send it like this
<hyper_ch>
the problem is, how do I get the options for the incremental sending programmatically... as far as I understood, you'll need the "old" snapshot and the "new" one
<hyper_ch>
and it sends the differences
<clever>
yeah
<clever>
and both ends need the old snapshot
<hyper_ch>
I mean it would be rather simple if I'd just increase the snapshot numerically
MichaelRaskin has left #nixos []
<sphalerite>
eqyiel: yeah unfortunately I don't think there's a way to make that sort of thing atomic because there's just so much stateful stuff going on
<hyper_ch>
but it's different if I use datetime
jensens has joined #nixos
<sphalerite>
Best way to ensure consistency is to only switch configurations by rebooting
<clever>
hyper_ch: id have a program that will query the remote end to find what the newest shared snapshot is, and then sync via that
<hyper_ch>
clever: ok
<hyper_ch>
then one more thing :)
<hyper_ch>
with rsync I have a backup server
<hyper_ch>
the backup server initiates the rsync -> hence it's a "pull"
<hyper_ch>
but that seems hard to do with zfs snapshots
<etu>
hyper_ch: zfs send/recieve?
<hyper_ch>
the idea is I don't want the active server to write something onto the backup server in case some script got mixed up etc...
<clever>
i dont think this nvme is still using 512 byte blocks .....
<hyper_ch>
oh, you are the one with nvme...
<v0lZy>
dunno, smartctl then maybe.
leat has quit [(Quit: WeeChat 1.9)]
<clever>
v0lZy: its more an issue about the drives having to lie, because crappy OS's crash when they tell the truth
<clever>
so you have to guess at various sizes, and intentionaly write un-aligned blocks, and measure the performance
<clever>
`lsblk -o NAME,PHY-SeC`
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] lsix pushed 1 new commit to release-17.09: https://git.io/vdnyx
<NixOS_GitHub>
nixpkgs/release-17.09 b61d084 Michael Weiss: nox: Add a temporary patch for the "wip" command...
NixOS_GitHub has left #nixos []
<clever>
this command claims that all of my SSD's are 512 byte based
whald_ has joined #nixos
<v0lZy>
clever: I havent heard about that before; I'm skeptic about the lying part; what I think would be more likely is for the manufacturer to introduce a new function to query the disk for; that way, old OS would query just the standard and get 512 block size, while new OS would query both old and new query and only use the value from old query if there was no value returned from the new query.
<hyper_ch>
v0lZy: it's in the corporations' nature to lie ;)
<hyper_ch>
hmmm, where can I find blktool on nixos
<v0lZy>
does 'which' work?
<v0lZy>
which blktool
<hyper_ch>
what package to install
<clever>
hyper_ch: i dont think blktool is a command
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<hyper_ch>
debian knows it
ebzzry_ has joined #nixos
<clever>
what commands does it contain under bin?
<hyper_ch>
haven't installed it on debian
<whald_>
hi! i'm trying to compile glibc on nixos with the compiler provided by the nixos.gcc7 package. this package puts "gcc" executable on $PATH which is a wrapper script. this script in turn unconditionally enables _FORTIFY_SOURCE as part of it's hardening stuff, and this messes up building glibc. is there any way around this?
<hyper_ch>
you could then directly install it into your user env
<v0lZy>
that indeed is the equivalent I was going for
<hyper_ch>
but I put everything into the configuration.nix... but it's nice for lookup IMHO
ShalokShalom has joined #nixos
peacememories has joined #nixos
peacememories has quit [(Client Quit)]
<whald_>
clever, that seems to do the trick. the failing gcc invocation explicitly had an "-U_FORTIFY_SOuRCE" argument -- do you think this is worth filing an issue that the hardening wrapper should detect this and no put _FORTIFY_SOURCE back in?
proteusguy has joined #nixos
voiceftp has quit [(Remote host closed the connection)]
<clever>
whald_: its also already disabled in the glibc expressions
<v0lZy>
now reading about the nix language and how to do things
<whald_>
clever, so having a "better" gcc wrapper would make this workaround obsolete as well, i'll file an issue. my bash-foo is very weak, so i really shouldn't do this myself. :-)
civodul has joined #nixos
fendor has joined #nixos
v0lZy1 has joined #nixos
v0lZy has quit [(Ping timeout: 248 seconds)]
v0lZy1 is now known as v0lZy
<whald_>
clever, maybe it would be as easy as putting the command line arguments after the arguments injected by the wrapper so they can be overridden? that might be a very general solution and saves a poor soul from parsing gcc arguments?
<v0lZy>
but perhaps someone can cut this short for me
<v0lZy>
suppose I came up with my own package
<whald_>
clever, that way the argument's "-U" would win over the wrapper's "-D", which seems like "the right thing to do", doesn't it?
<v0lZy>
how can i then configure it with configuration.nix file... I imagine i have to somewhere define that something = enable is a boolean, and that it means to write 'something something = true' or whatever in some config file somewhere?
<v0lZy>
where does one do that?
leat has joined #nixos
<clever>
v0lZy: is it just a package, or a whole service that runs on boot?
<v0lZy>
could be either
<hyper_ch>
wohoo, finally could update again
<v0lZy>
I mean, I have a bash script that is executed daily... and that bash script has its own config file...
<clever>
v0lZy: for simple packages, you would set nixpkgs.packageOverrides and use callPackage to load the nix expression in
<v0lZy>
now ok, I imagine i can add stuff to cron etc
<v0lZy>
but how do i add stuff from my own config file into the .nix file?
<v0lZy>
or if its not a package, just a shell script I wrote, thats actually not a package
<v0lZy>
how do I for example make nix create a flatfile with the text I want in it?
<v0lZy>
sphalerite: I imagine writeTextFile can create a file anywhere?
<v0lZy>
but I dont see a path for that file..
Isorkin has joined #nixos
<sphalerite>
v0lZy: no, it creates it in a nix store path
<v0lZy>
...erm
<v0lZy>
and you then symlink it somewhere or ?
mudri has joined #nixos
<sphalerite>
no, you refer to it in a setting directly
<sphalerite>
hang on
<hyper_ch>
v0lZy: each packages gets a /nix/store/[some hash thingy]/ path automagically... if in that path you create then a $out/bin path and put something in there there, it will the be symlinked from /run/current-system/sw/bin/
<v0lZy>
I see ... so it needs to be a unique name then at least?
<makefu>
v0lZy: for stuff which has to reside in /etc there is `environment.etc` but normally you just take the path to the config directly. when a derivation gets type-casted into a string it will expand to the path in the nix store
<sphalerite>
v0lZy: no, it chooses a unique name for you
<sphalerite>
based on the contents
<v0lZy>
I see
<v0lZy>
something I'll need to get my head around... I like the nix abstraction but I also like to know where things are under the hood
<ij>
In https://nixos.org/nixos/packages.html it shows «nix-env -iA nixos.vagrant», but I've only nixpkgs in my nix-channel --list. Should it not be that way?
<ij>
-iA nixpkgs.vagrant works
<fearlessKim[m]>
I am using wireshark installed through nixos-rebuild. Yet I have to sudo to capture from Ethernet. Is that normal ?
infinisil has quit [(Ping timeout: 246 seconds)]
<ij>
I don't know much about nixos, but are you in the wireshark group? "$ groups" will show you what groups you're in.
bkchr has quit [(Ping timeout: 248 seconds)]
whald has quit [(Remote host closed the connection)]
<fearlessKim[m]>
I might need to reboot true thanks
mudri has quit [(Ping timeout: 240 seconds)]
infinisil has joined #nixos
<ij>
"$ newgrp wireshark" might also work, if you've added yourself in /etc/group.
<ij>
Then start wireshark from that shell.
sivteck has quit [(Quit: user missing.)]
sivteck has joined #nixos
infinisil has quit [(Ping timeout: 264 seconds)]
nh2 has joined #nixos
whald has joined #nixos
<sphalerite>
ij: for nixos, nix-env -iA nixos.vagrant should work
<sphalerite>
unless you've deviated from the standard setup
<sphalerite>
if you're not on nixos, it won't work
sirkha has joined #nixos
<LnL>
nix-env -f '<nixpkgs>' -iA vagrant works everywhere
<ij>
Yeah, it works.
<sirkha>
hi, I am trying to get user installed gtk themes to work. I have created a .xprofi
<sirkha>
le that exports GTK_DATA_PREFIX="~/.nix-profile"
<sirkha>
but lxappearance does not list the theme I have installed
sigmundv__ has joined #nixos
thc202 has quit [(Ping timeout: 255 seconds)]
sivteck has quit [(Quit: user missing.)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Mic92 pushed 2 new commits to master: https://git.io/vdnhc
<hyper_ch>
which netcat should I install? netcat or netcat-gnu?
Wizek_ has quit [(Ping timeout: 258 seconds)]
simukis has joined #nixos
<ocharles>
Can someone do me a favor and see what `xprop -root _NET_ACTIVE_WINDOW` returns?
<ocharles>
I don't need to know exactly what, just if it's not "not found"
<ocharles>
Mine only ever returns not found, which I think is why Rescue Time isn't reporting anything (it just spams a complaint about _NET_ACTIVE_WINDOW)
<goibhniu>
ocharles: I get: _NET_ACTIVE_WINDOW(WINDOW): window id # 0x2e00006
<ocharles>
grr, that's the kind of thing I'm expecting
<ocharles>
wtf has my xprop stopped doing anything useful
<ocharles>
goibhniu: which NixOS?
<goibhniu>
18.03pre116054 (unstable)
<goibhniu>
with KDE/plasma and all that shenanigans
<ocharles>
ok
<ocharles>
I'm on 17.09 with just xmonad, but this is meant to just be X stuff
orivej has quit [(Ping timeout: 246 seconds)]
sivteck has quit [(Quit: user missing.)]
sivteck has joined #nixos
erictapen has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] gebner pushed 2 new commits to master: https://git.io/vdcvd
<NixOS_GitHub>
nixpkgs/master 7049172 Gabriel Ebner: ocamlPackages.stdint: init at 0.3.0
<NixOS_GitHub>
nixpkgs/master e10bb69 Gabriel Ebner: fstar: 0.9.4.0 -> 0.9.5.0...
NixOS_GitHub has left #nixos []
ThatDocsLady has joined #nixos
hc has joined #nixos
Supersonic112 has quit [(Ping timeout: 264 seconds)]
<manveru>
for example `sudo chkrootkit -d env` fails at this check
<manveru>
strings -a /run/current-system/sw/bin/env | egrep '^/bin/.*sh$|bash|elite$|vejeta|\.ark|iroffer'
fendor has quit [(Ping timeout: 240 seconds)]
<manveru>
/bin/sh matches, which is actually a string in the env docs
<manveru>
because for me /nix/store/vp8y0rh8rq7vikbbrpf28jfym79xq9z8-coreutils-8.28/bin/env is a symlink to /nix/store/vp8y0rh8rq7vikbbrpf28jfym79xq9z8-coreutils-8.28/bin/coreutils which contains a bunch of different commands, depending on how you invoke it
<nico202>
gchristensen: ok thanks, just discovered chkrootkit and since it's in the repo I thought it was patched to work on nixos
freusque has quit [(Quit: WeeChat 1.7.1)]
chreekat has joined #nixos
<nico202>
manveru: thanks :)
freusque has joined #nixos
<dieggsy>
To enable optional inputs in certain packages, (specifically, i3GapsSupport in polybar), i'm trying to use the following:
<dieggsy>
polybar = {i3Support = true; i3GapsSupport = true;}; in config.nix. That doesn't seem to be changing anything, however. What am i doing wrong?
emanuelez has joined #nixos
sivteck has quit [(Quit: user missing.)]
<emanuelez>
hello... is it ok to ask nix (not nixos) questions in here?
<fearlessKim[m]>
trying to upgrade astroid but it crashes. How can I get symbols ? if I put environment.separateDebugInfo = true that won't rebuild everything ?
<disasm>
emanuelez: sudo nix-channel --update
<LnL>
emanuelez: I don't see a nixos channel in that list, by default nixos-rebuild / nix-shell will only look at the root channels
Guest171 has joined #nixos
<LnL>
have a feeling you're looking at your local user channels
peacememories has joined #nixos
<emanuelez>
LnL, disasm: btw.. I'm running this from within the nixos/nix docker image... maybe that has something to do with it
<emanuelez>
LnL: that worked. so.. does the name assigned to the channel influence the result?
peacememories has joined #nixos
<LnL>
yeah I think the docker image only looks for 'nixpkgs'
<lejonet>
How would I go about optionally concatenating a string? With a list I can do ++ stdenv.lib.optional var [ list ], can I do the same with strings? Like + stdenv.lib.optional var '' string ''?
freusque has quit [(Quit: WeeChat 1.7.1)]
joko has quit [(Quit: Lost terminal)]
erictapen has quit [(Ping timeout: 258 seconds)]
<emanuelez>
LnL: interesting. Thanks for your help! I will abuse your kindness and knowledge with another question :) so... now clang_5 was installed, but in order to run it it has to be done from within a nix-shell. Can it also be run from outside such shell? what if I have to combine several packages (cmake, valgrind, etc etc)
<LnL>
you can install it into the user profile with nix-env -iA nixpkgs.clang_5
freusque has joined #nixos
<LnL>
but not that doing that unlike a nix-shell you can only do that with 1 version of clang, etc.
<emanuelez>
I see. Thanks!
<disasm>
emanuelez: your best bet is create a default.nix with all the deps you need if you have a lot
eacameron has joined #nixos
<disasm>
emanuelez: or nix-shell -p packages1 package2 package3 etc...
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
jellowj has quit [(Ping timeout: 258 seconds)]
sivteck has joined #nixos
cement has joined #nixos
<fearlessKim[m]>
I managed to compile astroidwith debug symbols but how can I propagate hte parameter to its buildInputs without recompiling the whole world ? the stacktrace shows libglib/libgobject but I miss the info for these
<LnL>
lejonet: stdenv.lib.optionalString
guillaum1 has joined #nixos
<lejonet>
LnL: ah sweet, thanks :)
<lejonet>
LnL: and I guess, in the list case, optional parts of a list can be chained? I.e. stdenv.lib.option var1 [ list 1 ] ++ stdenv.lib.option var2 [ list2 ] etc etc?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] The-M1k3y opened pull request #30020: nixos/gogs: fixed user creation if non-default user (master...master) https://git.io/vdc4u
NixOS_GitHub has left #nixos []
<LnL>
yeah
<lejonet>
Sweet, big thanks :)
peacememories has joined #nixos
<LnL>
but there's a difference between optional and optionals for lists, optional true [ foo ] would result in [ [foo] ]
erictapen has joined #nixos
reinzelmann has quit [(Quit: Leaving)]
<lejonet>
LnL: basically, I'm trying to incorporate the package overrides I've done to sssd and sudo (to enable sudo support for sssd and sssd support for sudo) and like sudo has stdenv.lib.optional withInsults [ "stuff" ] so I was thinking of just chaining ++ stdenv.lib.optional withSssd [ "stuff" ]
bfrog_ has joined #nixos
<lejonet>
which brings another question, how do I do a optional dependency to be inputted? like a default variable I understand I can just add withSssd ? false to the input (just like withInsults ? false in sudo's case) but how would I add the package sssd as an optional dep, depending on if withSssd is true?
fendor has quit [(Ping timeout: 240 seconds)]
<lejonet>
(its needed to get the store path to sssd's lib directory)
Arcaelyx_ has joined #nixos
iyzsong has quit [(Ping timeout: 246 seconds)]
<LnL>
if it's not used by the drv it won't be a dependency
emanuelez has quit [(Ping timeout: 260 seconds)]
<lejonet>
ah, so I can call pkgs.sssd to get the store path anyway?
<lejonet>
or is there a stdenv function for that?
Arcaelyx has quit [(Ping timeout: 258 seconds)]
sivteck has quit [(Quit: user missing.)]
fendor has joined #nixos
jellowj has joined #nixos
Guest171 has quit [(Ping timeout: 248 seconds)]
Guest171 has joined #nixos
sivteck has joined #nixos
<clever>
lejonet: if lib.optional doesnt return the path, it wont be downloaded at build time
<clever>
lejonet: and if the build doesnt put a copy of that path somewhere under $out, it wont be required at runtime
<lejonet>
clever: huh? What I'm trying to do is give the flag --with-sssd-lib= the right path to look for the SSSD libs when building sudo
<clever>
then if you pass true to the lib.optional, it will include the sssd path at build time, and download sssd
<clever>
and the configure script/gcc will persist that path within the elf files, so it will automatically be required at runtime
<lejonet>
Hmm, I guess I could try a build without --with-sssd-lib and see if that works
<clever>
that also works sometimes
<clever>
just pop it into buildInputs and see what happens
zzamboni has quit [(Quit: Leaving.)]
<lejonet>
as I thought, it needs the sssd libs path for proper function
<lejonet>
but seemingl only at runtime
<lejonet>
(it now tries to open libsss_sudo.so from its own lib dir...)
fritz09 has quit [(Quit: fritz09)]
<lejonet>
so it would seem that it doesn't need the path for anything but at runtime know where to look for the libs to dlopen, should I still put it into buildInputs? I want to code it in such a way to avoid most people from pulling down sssd too, because its needed when actually using the SSSD binding
<lejonet>
s/needed/only needed/
erictapen has quit [(Ping timeout: 240 seconds)]
jacob has joined #nixos
jacob is now known as Guest55216
v0lZy has left #nixos []
<clever>
lejonet: we will need to refer to the sudo source (or docs if we are lucky)
<lejonet>
I know the flag that makes it work and seemingly is needed, in my packageOverride I have --with-sssd-lib=${super.sssd}/lib and that makes it find the sssd sudo lib
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
JagaJaga has joined #nixos
<clever>
#define _PATH_SSSD_LIB "$sssd_lib"
<lejonet>
so what I'm wondering is how I can get the path that ${super.sssd} gives me in my override, in the actual sudo derivation, without a hard dep on sssd
<clever>
lejonet: that causes this to get set
<clever>
lejonet: can you pastebin the current override?
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<lejonet>
disasm: do you have tls_cacert variable set in the ldap.conf?
globin has joined #nixos
sivteck has quit [(Quit: user missing.)]
<lejonet>
ldapsearch and friends are stupid when it comes to SSL and CA certs, and thus don't search for certs themselves unless you give em either tls_cacert or tls_cacertdir (latter doesn't work with gnutls)
<grw>
hi, anyone else got gcc-6.4.0 failing on armv7?
<lejonet>
disasm: don't know how many times I've been bitten by that :P
<disasm>
lejonet: ah, maybe I should setup ldap (since I have to do that anyways) For now I was just testing with openldap package installed in a pure env
<lejonet>
disasm: well, you need it client-side, so in either /etc/ldap.conf or whatever ldap.conf the client uses (iirc openldap uses /etc/openldap/ldap.conf) you need to set tls_cacert
<lejonet>
However you'll need to set it in the ldap directory you want to use SSL with
Arcaelyx has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej closed pull request #30020: nixos/gogs: fixed user creation if non-default user (master...master) https://git.io/vdc4u
NixOS_GitHub has left #nixos []
Arcaelyx_ has quit [(Ping timeout: 264 seconds)]
freusque has quit [(Ping timeout: 246 seconds)]
Wizek__ has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 3 new commits to master: https://git.io/vdcaC
<NixOS_GitHub>
nixpkgs/master 7ec039b Franz Pletz: libubox: init at 2017-09-29
<NixOS_GitHub>
nixpkgs/master b2a5c40 Franz Pletz: uqmi: init at 2016-12-19
<NixOS_GitHub>
nixpkgs/master 2f188ff Franz Pletz: dnsmasq: 2.77 -> 2.78 for multiple CVEs...
<NixOS_GitHub>
[nixpkgs] fpletz pushed 3 new commits to release-17.09: https://git.io/vdcaB
<NixOS_GitHub>
nixpkgs/release-17.09 03add3c Franz Pletz: libubox: init at 2017-09-29...
<NixOS_GitHub>
nixpkgs/release-17.09 74676fc Franz Pletz: uqmi: init at 2016-12-19...
<NixOS_GitHub>
nixpkgs/release-17.09 b74d171 Franz Pletz: dnsmasq: 2.77 -> 2.78 for multiple CVEs...
NixOS_GitHub has left #nixos []
Wizek_ has quit [(Ping timeout: 246 seconds)]
leat has quit [(Quit: WeeChat 1.9)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 2 new commits to release-17.03: https://git.io/vdca2
<NixOS_GitHub>
nixpkgs/release-17.03 e57b61f Franz Pletz: dnsmasq: 2.76 -> 2.77...
<NixOS_GitHub>
nixpkgs/release-17.03 e43c79b Franz Pletz: dnsmasq: 2.77 -> 2.78 for multiple CVEs...
NixOS_GitHub has left #nixos []
<Mic92>
fpletz: ^ ah you about to rebuild openwrt with nixpkgs :)
<fpletz>
Mic92: no, I'm just using uqmi in a script because qmictl sucks so hard :)
<fpletz>
it even has json output! :>
whald has quit [(Remote host closed the connection)]
<lejonet>
clever: what is the easiest way to test the package with my modifications without having to go through the hassle of setting up my own local nixkpgs and such? nix-build?
<clever>
lejonet: nix-build -A sudo --arg config 'import ./config.nix' is one option
<clever>
then ensure the packageOverride is present in that config.nix
jmeredith has joined #nixos
<lejonet>
clever: well I want to test what I'm later going to submit as PRs (i've made a fork of nixpkgs and such)
<clever>
the hard part, is that this sudo isnt setuid root
afics has quit [(Quit: afics)]
<lejonet>
it isn't supposed to be :P
<gchristensen>
sudo is usually setuid
<LnL>
don't think you can just use the sudo from the store
<lejonet>
gchristensen: still isn't supposed to be, can't see that it has setuid on the VM I have as a host for nixops
<lejonet>
:)
<gchristensen>
I don't understand
sivteck has quit [(Quit: user missing.)]
<gchristensen>
sudo doesn't work without setuid
<lejonet>
it should use caps, not setuid imo :)
<clever>
lejonet: nix doesnt allow either one in the store
<gchristensen>
it isn't an imo it is a truth
orivej has quit [(Ping timeout: 255 seconds)]
<LnL>
the security wrappers also support setcap
<lejonet>
Yeah, but setuid can be replaced my caps, which is easier to police, thus if something can use both, I prefer them using caps to cover the area they needed the setuid for
<lejonet>
and iirc sudo can use caps instead
<bennofs>
what would that cap be? CAP ALLOW BECOME ROOT?
<bennofs>
:D
<bennofs>
that would be equavilent to setuid, no?
<lejonet>
I think so, either that or CAP_SYS_ADMIN, but the main point is that the caps system isn't whimy, when symlink, to race conditions in the same way
<gchristensen>
IIRC our wrapper solution is immune to symlink attacks
<lejonet>
oh? I didn't know
<lejonet>
I recall a bug with this specific thing a few years back, a race condition in the symlink code in the kernel could be abused to execute an arbitrary binary with the perms of what the symlink pointed to, like a setuid binary
Guest171 has quit [(Ping timeout: 258 seconds)]
<lejonet>
or maybe it was just ubuntu that was vulnerable to that one? I know they had a symlink vuln similar to that a while ago too
<gchristensen>
ok well if you do have a concern, please do investigate it and report it privately to https://nixos.org/nixos/security.html :) AFAIK we're doing things correctly and not subject to such trivial attacks
<lejonet>
But the main reason why I prefer that binaries use caps instead of setuid is that you can setup logging of used caps (and force caps off at runtime etc etc) unlike setuid
<gchristensen>
yeah, caps are good
<lejonet>
Just so that you didn't think I was trying to imply that this was an issue with nixos or their handling :)
<bennofs>
gchristensen: i think that vuln was not something special to NixOS or something that applies now, but an example of the kind of other vulnerabilities that can become exploitable only in the presence of SETUID binaries
<gchristensen>
aye
<bennofs>
so this would make sense if it allows us to avoid all SETUID binaries
<lejonet>
The biggest problem with setuid is the fact that uid 0 is in many systems (luckily have changed to the favour of caps the past years) is treated special, usually with completely different code paths, by passing most of not all security checks and such, thus any vuln in a binary that is setuid to root, automatically becomes a priv-escalation and usually ultimately code execution
<lejonet>
Hence why I try to ensure to avoid any such deps on setuid where its possible (nice part about setuid is that the binary itself doesn't have to be aware of it, unlike caps)
<lejonet>
or well, I guess you can use caps as setuid, with +p flag, but then the question is what have you gained? :P
<Eisfreak7>
In my configuration.nix, I have something like `let unstable = import <unstable> {}; in { nixpkgs.config.allowUnfree = true; environment.systemPackages = (with unstable; [ spotify ]);`. However, nix still won't install spotify because of its unfree license. Why does the setting not apply for the unstable channel?
<clever>
Eisfreak7: that 2nd copy of nixpkgs is loading ~/.nixpkgs/config.nix
<clever>
Eisfreak7: you have to pass a config attr to it when importing
<tilpner>
Use let unstable = import <unstable> { config = { allowUnfree = true; useSandbox = true; }; }; in { environment ... }
<clever>
let unstable = import <unstable> { config = { allowUnfree = true; }; in
erictapen has quit [(Ping timeout: 240 seconds)]
<lejonet>
clever: neat, iirc you were also a gentoo user before, so the reason I was confused was that I had assumed the function arguments (line 1) functiond as RDEPEND or DEPEND, which is why I thought it would be a hard dep if I put it there without any type of exclusion :P
<Eisfreak7>
clever, tilpner: Thanks! That works. Why is it different for nixpkgs, is it just syntactic sugar?
<clever>
Eisfreak7: when nixos loads nixpkgs for the pkgs argument, it passes in nixpkgs.config
<clever>
Eisfreak7: but when you just import it directly, it loads the config from $HOME
periklis has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] edolstra closed pull request #29568: cc-wrapper: Clean up dynamic linking with x86 multilib (staging...cc-wrapper-32) https://git.io/v5Ajj
NixOS_GitHub has left #nixos []
<sphalerite>
Random thought: expressions importing a new copy of nixpkgs should usually pass the config of any previous one in, right?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] edolstra pushed 2 new commits to staging: https://git.io/vdc6Z
<NixOS_GitHub>
nixpkgs/staging fdbda21 John Ericson: cc-wrapper: Clean up dynamic linking with x86 multilib...
<lejonet>
Hmm, yeah, that sudo doesn't have the setuid bit is now a problem, how the hell do I test it xD
<vegai>
are package settings queryable via cli tools somehow?
leat has joined #nixos
<Eisfreak7>
clever: Okay that makes sense (although it may not be the most clear solution for beginners; I'd like some option to add multiple channels without having to import them myself)
proteusguy has quit [(Ping timeout: 246 seconds)]
<tilpner>
Eisfreak7 - I have something like that, implemented with an overlay
<Eisfreak7>
The reason I switched spotify to unstable is that I couldn't update it on stable. However, it doesn't work on stable either (couldn't fetch the deb from any mirror). Is this a problem with my config or with the package?
<Eisfreak7>
tilpner: Thanks I'll check it out later
<sphalerite>
vegai: does head count? :p
jcarr has quit [(Ping timeout: 248 seconds)]
<sphalerite>
Eisfreak7: sounds like a package issue, maybe the version referenced in the expression has been superseded and removed
periklis has quit [(Ping timeout: 248 seconds)]
__Sander__ has quit [(Quit: Konversation terminated!)]
<taaperotassu>
Normally I use dotfiles+stow to manage my setups on new computers. But are there better ways to manage it with somehow using configuration.nix? Would be cool if there are good ways to build nixos once with all configurations set.
Neo-- has joined #nixos
MichaelRaskin has joined #nixos
<tilpner>
taaperotassu - Are you familiar with activation scripts?
<Eisfreak7>
sphaleri: Yes it seems like the spotify repo only ever keeps the most up to date version online :/
<NixOS_GitHub>
[nixpkgs] LnL7 closed pull request #29938: universal-ctags: include libiconv on darwin (master...universal-ctags-darwin) https://git.io/vdGcF
<NixOS_GitHub>
[nixpkgs] lejonet opened pull request #30025: sudo and sssd: Enable sssd support in sudo and building of sudo library in sssd (master...master) https://git.io/vdc19
NixOS_GitHub has left #nixos []
<lejonet>
:D
hellrazor has joined #nixos
<lejonet>
Is it frown upon on doing a PR with 2 packages involved btw? Probably should've asked that before submitting one but they encapsulate one logical change imo
fendor has quit [(Ping timeout: 240 seconds)]
<clever>
lejonet: if they depend on eachother, id open one pr for both
civodul has quit [(Quit: ERC (IRC client for Emacs 25.3.1))]
jcarr has quit [(Ping timeout: 248 seconds)]
<LnL>
that's ok, but putting too much stuff together makes it harder to review
<bennofs>
i would only split it if you expect one to be more controversial or if it does not depend on each other
<lejonet>
clever: They do, and the changes in sssd is directly related to the changes in sudo, hence why I thought it was okay with both in one
<NixOS_GitHub>
[nixpkgs] fpletz pushed 3 new commits to release-17.09: https://git.io/vdcSj
<NixOS_GitHub>
nixpkgs/release-17.09 dfcdd89 Franz Pletz: vlc: add patch to fix CVE-2017-9300...
<NixOS_GitHub>
nixpkgs/release-17.09 d865778 Franz Pletz: chrony: 3.1 -> 3.2...
<NixOS_GitHub>
nixpkgs/release-17.09 b592012 Franz Pletz: libidn2: 2.0.3 -> 2.0.4 for multiple CVEs...
NixOS_GitHub has left #nixos []
dbmikus has joined #nixos
JagaJaga has quit [(Ping timeout: 258 seconds)]
jb55 has joined #nixos
lambdamu_ is now known as lambdamu
orivej has joined #nixos
bennofs has quit [(Ping timeout: 240 seconds)]
<taaperotassu>
tilpner: Activation scripts? Never heard about them..or u mean a bash script to automate steps? and rycee it looks good but I dont see how it helps on managing huge config files.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 8 new commits to release-17.03: https://git.io/vdcH2
<NixOS_GitHub>
nixpkgs/release-17.03 fb2948c Franz Pletz: vlc: add patch to fix CVE-2017-9300...
<NixOS_GitHub>
nixpkgs/release-17.03 6a6f112 Franz Pletz: chrony: 3.0 -> 3.1...
<NixOS_GitHub>
nixpkgs/release-17.03 a4f22f5 Franz Pletz: chrony: 3.1 -> 3.2...
NixOS_GitHub has left #nixos []
fendor has quit [(Remote host closed the connection)]
fendor has joined #nixos
<tilpner>
taaperotassu - Activation scripts run whenever you change to a new configuration. Both NixOS and home-manager use them. They are first generated from the configuration, then run by nixos-rebuild or the home-manager tool, to apply the changes
<Mic92>
Activation scripts are the /etc/rc.local of nixos :)
<tilpner>
taaperotassu - My own crude solution to this adds a dotfiles module to NixOS that generates scripts which link/copy files into the appropriate places in my home directory. These scripts are then called by the activation script, so all my dotfiles are re-linked every time I switch to a new generation
hellrazor has quit [(Ping timeout: 240 seconds)]
jcarr has joined #nixos
mudri has joined #nixos
<tilpner>
taaperotassu - I made no attempt to proof my module against dangerous inputs, so it's fairly easy to do damage with it, if you're not careful (but all your dotfiles should be backed-up anyway). Using home-manager would be safer, but you can't use it from nixos-config/configuration.nix yet [ https://github.com/rycee/home-manager/issues/18 ]
<gchristensen>
Mic92: you take that back! :)
<tilpner>
taaperotassu - I guess the question here is, if you absolutely need to managed it from configuration.nix, or if using another tool would be okay too (home-manager, which I have no experience with)
<tilpner>
(Sorry for that comma)
<pmade>
When using NixOps to create a libvirt VM, during initial deploy it can't SSH into the new machine. It looks like it needs to SSH into a base image using a generated key pair. How can I debug this?
goibhniu has quit [(Ping timeout: 260 seconds)]
sivteck has joined #nixos
anton_ has quit [(Remote host closed the connection)]
anton_ has joined #nixos
<rycee>
taaperotassu: Home Manager will typically not work very well if you want to manage large files (>100's of MiB) that change often since they will be copied to the Nix store. But typical configuration files shouldn't be a problem.
<tilpner>
rycee - Do you get highlighted every time I paste a link to home-manager?
<rycee>
I manage my Emacs dot files in Home Manager and they are sizable ;-)
<rycee>
tilpner: Yeah, if the link contains "rycee" I'll get notified :-)
<tilpner>
I assumed you made an exception for that link... it might be annoying
pie_ has joined #nixos
<rycee>
Nah, it doesn't show up terribly often and sometimes I can help out.
<Eisfreak7>
rycee: Can I set up home-manager in such a way, that `nixos-rebuild build-vm` also sets up the user environment?
<rycee>
Eisfreak7: Unfortunately not really at the moment. I'm hoping for the NixUP work to resume soon for Home Manager to hook into.
jcarr has quit [(Ping timeout: 246 seconds)]
<tilpner>
rycee - Do you have modules that are disabled/not listed in the imports of modules/default.nix?
<Eisfreak7>
rycee: That PR seems somehow cursed, every few weeks there is some spike in activity to get my hopes up just to immediately die down again
bennofs has joined #nixos
mortum5 has joined #nixos
<rycee>
Eisfreak7: In principle it shouldn't be too much work to get something minimal up and running though. Mainly to create a NixOS module that can use the Home Manager modules as a submodule within the `users.users.<name?>` namespace, tweak nixos-rebuild to also build the Home Manager generations, and add the HM generation switchs to the NixOS activation script.
<rycee>
tilpner: Not to my knowledge, the modules should all be listed there.
<tilpner>
rycee - Then wouldn't it be better to automatically pick the list up from the directories?
nwspk has quit [(Quit: Quit: *.banana *.split)]
jellowj has quit [(Ping timeout: 248 seconds)]
nwspk has joined #nixos
<rycee>
tilpner: Well, in the future there might be more library code or modules may be split up a bit so I'm reluctant to do it completely manually. Besides we don't exactly have so many modules to make it a big maintenance burden ;-)
<tilpner>
*"reluctant to do it completely automatically"?
erictapen has quit [(Ping timeout: 240 seconds)]
<tilpner>
Yeah, it's not much of a problem, I just like having new files automatically picked up :)
<Eisfreak7>
rycee: Okay thank you, maybe that'll be a good opportunity to look into the module system
<Eisfreak7>
Does anybody know what the eta for 17.09 is?
<hyper_ch>
< 5y
<gchristensen>
Eisfreak7: within the next couple days :)
erictapen has joined #nixos
fendor has quit [(Ping timeout: 248 seconds)]
myguidingstar has joined #nixos
<Eisfreak7>
gchristensen: Nice, thanks
infinisil has joined #nixos
<myguidingstar>
hi all, how do I use nix channel with NixOps?
<pmade>
Can you run xorg in a NixOS container?
jcarr has quit [(Ping timeout: 248 seconds)]
josePhoenix has joined #nixos
<sphalerite>
So I've finally got OSX running on my old mac again... But it's High Sierra. I seem to recall there being some issues with nix on high Sierra?
<gchristensen>
it causes crashes yeah due to an macos bug
<taaperotassu>
tilpner: your solution sounds like the right one to use. Only if I could find good examples to learn from. The question was not that I absolutely need to use configuration.nix for it after all. I just wanted a simple way to handle my whole system. Change a bit once a while and easy to rebuild it all.
<infinisil>
myguidingstar: What problem are you having with it?
<sphalerite>
gchristensen: anywhere I can subscribe to updates on the issue?
aloiscochard has quit [(Quit: Connection closed for inactivity)]
<gchristensen>
there is an issue in the nix tracker
MP2E has joined #nixos
<tilpner>
taaperotassu - I will not share this version of my module, it has a really ugly hack to set permissions. Give me some time, this needed an overhaul anyway
<sphalerite>
Between that and the bug I had to fight while trying to install it, I'm not entirely convinced macOS is a quality piece (collection?) of software…
<infinisil>
launchd (macos' systemd) is horrible
<infinisil>
while i probably have had a lot more issues with linux / week, at least i have the chance to fix them myself. No chance on macos
ThatDocsLady has quit [(Ping timeout: 255 seconds)]
jb55 has quit [(Quit: WeeChat 1.9)]
zarel has joined #nixos
hc_ has quit [(Ping timeout: 248 seconds)]
hc has joined #nixos
<toogley>
when will the manual on the website be updated to 17.09 ?
<sphalerite>
toogley: along with the official release I believe
<bennofs>
is there some guide to building a raspberry pi sdcard image from a configuration.nix ?
<sphalerite>
bennofs: not sure there is, but I believe the basic idea is add <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix> to the imports, then build <nixpkgs/nixos> -A config.system.build.sdImage
<toogley>
bennofs: i think the wiki has a page for that
tmaekawa has quit [(Quit: tmaekawa)]
<toogley>
sphalerite: do you know when that will be?
sivteck has quit [(Quit: user missing.)]
<sphalerite>
toogley: in the next few days according to gchristensen
<sphalerite>
elvishjerricco: if they're supported by nixos they'll be existing options. If they're not, you'll need to package them and stuff, and that's not simple
<elvishjerricco>
Right. It’s the latter that I’m asking about
<makefu>
elvishjerricco: as long there is no space for this in upstream you can add this guide to https://nixos.wiki
<sphalerite>
oh, this isn't nonfree software. That should make things easier
Itkovian_ has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<elvishjerricco>
Right. Was hoping to just build some C code and move some binaries into place =P But I have no idea how to do that with NixOS
<elvishjerricco>
Well, the moving binaries part
<elvishjerricco>
Building C stuff is easy
<sphalerite>
I don't know much about how modules are built, but you'll want to take the kernel as a parameter for your package function and get the includes from there
jophish_ has joined #nixos
<sphalerite>
elasticdog: pkgs/os-specific/linux/e1000e/default.nix looks like a good starting point
<sphalerite>
sorry wrong highlight
<sphalerite>
elvishjerricco: ^
<sphalerite>
If you alter that to get the source right and add that to linuxPackagesFor in pkgs/top-level/all-packages.nix, you sohuld be able to build it
<sphalerite>
if you use a nixpkgs version for your system then you should be able to add the module by putting it in boot.extraModulePackages
<elvishjerricco>
Oh cool. I think that should be a good start. I don’t think you *have* to use a custom nixpkgs. I think I see a way to do this in an overlay
<sphalerite>
yeah that should be possible, but I think it might be more complicated because it's using nesting and stuff
Itkovian has joined #nixos
civodul has joined #nixos
<elvishjerricco>
sphalerite: thanks for your help!
<sphalerite>
np
<elvishjerricco>
I will try to document the process and contribute it to the manual.
<sphalerite>
awesome!
<makefu>
for hardware quirks there is also https://github.com/NixOS/nixos-hardware/ tbh i am not sure if the manuals is the correct place for documenting hardware quirks
civodul has quit [(Ping timeout: 246 seconds)]
<elvishjerricco>
I would not document specific hardware quirks. Merely the process for adding custom drivers
Guest55216 has quit [(Quit: Lost terminal)]
<makefu>
something like this is definitly missing right now :)
<makefu>
but also documentation of quirks have their place (like the wiki or nixos-hardware)
<sphalerite>
elvishjerricco: oh and the other reason to do it in a nixpkgs checkout rather than an overlay is it's easier to make a PR from that ;)
koserge has quit [(Ping timeout: 248 seconds)]
deepfire has quit [(Ping timeout: 248 seconds)]
<elvishjerricco>
sphalerite: haha while true, I don’t think anyone wants any of this gross, unstable random Gist code anywhere near upstream =P
<sphalerite>
idk, it seems like useful stuff to have
<sphalerite>
even if it's buggy, it saves duplication of effort
infinisil has quit [(Quit: WeeChat 1.9)]
<sphalerite>
vaguely related, is broken a purely boolean attribute of a package or does it allow a string description of how it's broken as well? Because that would be nice
<sphalerite>
also vaguely related, anyone know why hnix isn't building on 17.09? ghc's type checker doesn't seem to like it
<NixOS_GitHub>
[nixpkgs] bobvanderlinden opened pull request #30030: gogs: avoid creating symlinks each run (master...pr-gogs-static-root-path) https://git.io/vdCkH
NixOS_GitHub has left #nixos []
<sphalerite>
pbogdan: I see, thanks
jophish_ has quit [(Ping timeout: 248 seconds)]
<sphalerite>
I see it's fixed in unstable
<pbogdan>
I think so - so should hopefully work with next haskell package set update (not sure how frequently those happen)
jtojnar has joined #nixos
chris| has quit [(Quit: Quit)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] dtzWill opened pull request #30031: leo-editor: 5.5 -> 5.6, add docutils and use pyqt56 (master...update/leo-5.6) https://git.io/vdCI5
NixOS_GitHub has left #nixos []
jophish_ has joined #nixos
chris| has joined #nixos
jtojnar has quit [(Read error: Connection reset by peer)]
<sphalerite>
(constructive) comments on the awfulness of my haskell welcome!
sivteck has quit [(Quit: user missing.)]
takle has quit [(Remote host closed the connection)]
sirkha has joined #nixos
ertes has joined #nixos
<sirkha>
hi, all, i have been having some issues with icons and I noticed that the hicolor-icon-theme folder in the nix store is completely empty, this doesn't seem normal, did i do something wrong?
<sphalerite>
sirkha: not sure about this issue in particular, but you're a lot more likely to get help if you stick around for a few hours (or even days!) rather than a few minutes like the past few times you've asked questions
silver_hook has quit [(Quit: Konversation terminated!)]
silver_hook has joined #nixos
<sirkha>
last time i had a question i (finally figured it out myself, and then had to restart and didn't log right back in (deciding on and installing a real irc client is on my list of things to do))
<fpletz>
bennofs: unfortunately we don't have automation for security updates anymore
<fpletz>
bennofs: the security team is monitoring the all relevant channels and makes updates if needed
<bennofs>
fpletz: what happened to the announcements mailing list?
<fpletz>
there are some CVEs where even debian doesn't issue security updates, like simple DoS issues
<fpletz>
bennofs: same, no automation and I don't want to send out mails manually
eacameron has quit [(Read error: Connection reset by peer)]
eacameron has joined #nixos
<bennofs>
hmm ok. is it possible to build automation? what sources would that automation need to take into account?
<bennofs>
or are the sources too diverse for automation?
<fpletz>
it is possible but it is a complex task. also some manual work that can't really be automated is involved. all big distributions have their own systems for that
<fpletz>
I'm always looking at what other distributions are patching and check if we're vulnerable
Sonarpulse has quit [(Ping timeout: 255 seconds)]
<fpletz>
as I don't get paid for that work that's as much as I can currently accomplish \o/
<bennofs>
are the tools of the other distributions not open? perhaps we could reuse them
<fpletz>
and actually we're not that bad when it comes to timely patching of security issues :)
<fpletz>
they are, but all are tailored to the respective distribution
<fpletz>
most of them are very hacky :/
<fpletz>
or heavily integrated in other software like specific bugtrackers
<fpletz>
but gchristensen has probably more to tell about all that stuff because he developed our initial automation scripts :)
<bennofs>
hmm. i am planning to setup a raspberry pi with NixOS and I worry a little that I will forgot to apply updates regularly unless there is some sort of notification :)
<fpletz>
you should just automate updates :)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] alicebob opened pull request #30036: add qtbase's bin path to phatomjs2 (master...phantomjs2) https://git.io/vdCs2
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
isidore has quit [(Quit: WeeChat 1.9.1)]
_ris has joined #nixos
dieggsy has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] leenaars opened pull request #30037: poppler: add nss to allow for building pdfsig (master...pdfsig) https://git.io/vdCCn
NixOS_GitHub has left #nixos []
hiratara has quit [(Ping timeout: 246 seconds)]
dieggsy has joined #nixos
muffins_Madcat has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej closed pull request #30030: gogs: avoid creating symlinks each run (master...pr-gogs-static-root-path) https://git.io/vdCkH
NixOS_GitHub has left #nixos []
hiratara has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej closed pull request #30036: phantomjs2: add qtbase's bin to PATH (master...phantomjs2) https://git.io/vdCs2
NixOS_GitHub has left #nixos []
iqubic has joined #nixos
dieggsy` has joined #nixos
<iqubic>
So, I want to add a few packages from the unstable channel of Nixpkgs into my 17.03 version of NixOS
<iqubic>
How can I go about doing that?
dieggsy` has quit [(Remote host closed the connection)]
dieggsy has quit [(Ping timeout: 258 seconds)]
<tilpner>
Can submodules not have assertions?
<tilpner>
iqubic - Globally, or per-user?
<iqubic>
Globally.
<tilpner>
Do you already have an unstable channel setup via nix-channel?
<tilpner>
(nix-channel --list)
<iqubic>
Nope.
<iqubic>
In fact that command returns nothing for me.
<tilpner>
Run it with sudo?
<LnL>
tilpner: submodules have their own scope, so you would have to propagate it
<tilpner>
LnL - I don't understand why that means they can't have assertions :/
<iqubic>
tilpner: I only have the 17.03 channel set-up.
bennofs has joined #nixos
<LnL>
the assertions is just another option
<tilpner>
iqubic - Then you need to download the unstable channel before you can use it. Do you want it to automatically stay up-to-date at the cost of having to re-fetch every few users, or do you want to pin the exact revision?
<iqubic>
I'd like to stay up to date if possible. I am fine with the costs.
<tilpner>
LnL - Oh, I thought they were a module construct, at the same level as config/options, but that explains why the examples use config.assertions instead of a toplevel assertions. Thank you! :)
<tilpner>
iqubic - For that, you can use fetchTarball to fetch from GitHub, or nix-channel (which will then update on "nix-channel --update" and "nixos-rebuild --upgrade")
<iqubic>
tilpner: do you mean uses and not users?
<tilpner>
Yes
<iqubic>
tilpner: can you help me get that running?
<tilpner>
Which one?
<iqubic>
the fetchTarball method.
<iqubic>
I'd like to get that method working.
bennofs has quit [(Client Quit)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] jbaum98 opened pull request #30038: splint: Add darwin support (master...splint-darwin) https://git.io/vdClQ
<tilpner>
iqubic - Note that mixing channels work very well, so you can run your base system on 17.09, and pull your tools/applications from unstable easily
<iqubic>
tilpner: I want to just migrate to the unstable branch. I want all unstable packages.
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 2 new commits to master: https://git.io/vdC8W
<NixOS_GitHub>
nixpkgs/master 6c189c9 Daiderd Jordan: oniguruma: fix darwin install_name
<NixOS_GitHub>
nixpkgs/master 2066cb0 Daiderd Jordan: jq: don't add rpath on darwin
NixOS_GitHub has left #nixos []
Khetzal has quit [(Ping timeout: 240 seconds)]
<iqubic>
It can't be that bad to be bleeding edge, can it?
<tilpner>
You can get all unstable packages like this too. By switching you *only* get unstable packages
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] LnL7 pushed 2 new commits to release-17.09: https://git.io/vdC80
<clever>
allow you to refer to a channel as nix-env -iA <name>.hello
<clever>
nixos-rebuild will use the channel called nixos
<mpickering>
I have had to package a few libraries to build something else, does everything get added into nixpkgs or is there some relevance criteria?
<iqubic>
So I should name this channel nixos to be consistent?
<clever>
iqubic: yeah
<iqubic>
Cool.
<iqubic>
And I can add the unstable channel under a different name?
<clever>
iqubic: yeah
oida has quit [(Ping timeout: 240 seconds)]
<iqubic>
And will I be able to reference the unstable channel from configuration.nix?
<clever>
as <unstable>
jcarr has quit [(Ping timeout: 258 seconds)]
<iqubic>
So I can write pkgs.<unstable>.<packageName>?
<iqubic>
And nix will understand that?
<clever>
no
<clever>
(import <unstable> {}).packageName
<clever>
or let unstable = import <unstable> {};
<iqubic>
Oh, that stinks.
<iqubic>
It's a bit more verbose than I like.
<tilpner>
But with an overlay you can easily get pkgs.unstable.<packageName>
<MP2E>
i tried overlays for like 5 mins and went back to just overriding things in my ~/.nixpkgs/config.nix. Not to say they were bad, just that I already have a system that works
<MP2E>
i'll look into them again heh
<tilpner>
No, they're great!
<iqubic>
Of the three manuals that exist, that is the only one I have not read.
<iqubic>
Should I read that manual?
<tilpner>
You don't have to read all of it, just that part. For now...
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 1 new commit to master: https://git.io/vdCBv
<NixOS_GitHub>
nixpkgs/master 796b3a2 Stuart Moss: eclipse-plugin-vrapper: init at 0.72.0
NixOS_GitHub has left #nixos []
<iqubic>
I passed up that manual because I don't develop Nix Pkgs
<tilpner>
If you only care for pkgs.unstable, you can use packageOverrides, which require even less setup
<tilpner>
(But try overlays, they're the newer and more extensible alternative to packageOverrides)
<iqubic>
The only overlay I think I'd need is unstable.
<tilpner>
No, I was referring to you only needing one, ever
<tilpner>
You might only ever need to define one yourself, but you can't use overlays provided by other people (like the Mozilla overlay) that way
<iqubic>
What are you suggesting that I do tilpner?
mortum5 has quit [(Ping timeout: 258 seconds)]
MP2E has quit [(Quit: be back in a bit)]
<iqubic>
tilpner: ^^^
<tilpner>
I already suggested you try using an overlay until you either get that working or become frustrated, at which point you go with the line clever provided
<iqubic>
Alright then, I will try that.
<tilpner>
The overlay could look like "_: _: { unstable = import <unstable> {}; }"
<tilpner>
Where each "_" is an ignored argument. The conventional names are self and super
Mateon2 has quit [(Ping timeout: 248 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] bricewge opened pull request #30041: git-crypt: patch don't hard code path to git-crypt (master...patch-2) https://git.io/vdCRZ
<iqubic>
If that's the solution, then I feel like an ass.
iqubic has left #nixos ["relogging BRB"]
iqubic has joined #nixos
<iqubic>
Well, I feel like an ass.
<tilpner>
iqubic - You were actually logging in as root, which is why root had the right shell. Yes, you generally need a fresh login for user/group changes to apply, but that's not specific to NixOS
<iqubic>
I know.
sigmundv__ has quit [(Ping timeout: 255 seconds)]
Wizek__ has quit [(Ping timeout: 264 seconds)]
<iqubic>
tilpner: When you log in through your display manager which DE/WM manager do you select?
<iqubic>
I have three options: "none + xmonad", "xterm", and "xterm + xmonad"
<tilpner>
I don't pay much attention to it, there's only one option. It's either i3+none or none+i3
<iqubic>
I guess I'll have to wait until infinisil is online to ask him my question then.
<tilpner>
xmonad related?
<iqubic>
I think so.
<tilpner>
You can get rid of those xterm options by disabling xterm
<iqubic>
I know.
<tilpner>
Why didn't you do it?
<tilpner>
services.xserver.desktopManager.xterm.enable = false;, that is
<iqubic>
I don't want to do that because selecting "none + xmonad" drops me into a state where the screen is black save for a small white rectangle in the upper left corner.
<iqubic>
I have no control over the mouse and none of the xmonad default bindings work at all.
<tilpner>
And the other options don't? O.o
<tilpner>
That's weird
<iqubic>
Well, the other options launch an xterm, and that seems to make everything magically work.
<iqubic>
Also, xdg-open is rather slow when it comes to opening a web browser.
<tilpner>
Try putting xterm into your systemPackages
<iqubic>
But that's a separate issue.
<iqubic>
tilpner: I'll try that.
<tilpner>
That's the only meaningful thing services.xserver.desktopManager.xterm.enable does
<tilpner>
(Although I don't know how those compose xterm+xmonad sessions are generated)
<iqubic>
Oh.
<tilpner>
*composite
<iqubic>
I'm not sure either.
erasmas has quit [(Quit: leaving)]
<iqubic>
But it seems kinda silly to have xterm in my systemPackages, and set services.xserver.desktopManager.xterm.enable to false.
<iqubic>
Also: services.xserver.desktopManager.xterm.enable = true is in my config already, so...
<tilpner>
I don't think it's silly
<iqubic>
Why not?
<tilpner>
Things aren't silly by default, and there's no other way to use xterm while removing those unneeded sessions
<iqubic>
I see.
cpennington has joined #nixos
silver_hook has quit [(Ping timeout: 260 seconds)]
<iqubic>
Now do you know why xdg-open be slow when opening a website in google-chrome-stable?
<tilpner>
No idea. It's sometimes fast with Firefox, and sometimes takes seconds
<gchristensen>
bennofs[m]: maybe you'd like my impending nixos firehose where you can subscribe to channel updates
<tilpner>
Your... what? O.o
<gchristensen>
a message bus you can subscribe to and receive realtime messages of nixos events
<gchristensen>
(programmatically)
<tilpner>
Oh, that would solve your polling issues
<gchristensen>
:)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] orivej pushed 3 new commits to master: https://git.io/vdCgY
<NixOS_GitHub>
nixpkgs/master 66a362d José Romildo Malaquias: tint2: 15.1 -> 15.2
<NixOS_GitHub>
nixpkgs/master 0a37d94 José Romildo Malaquias: tint2: limit platforms to Linux since macOS is not supported and fails the tests