<clever>
some of the magic like the systemd units wont work as well in a systemd unit
<clever>
but containers handle that better
<Mic92>
lxc and systemd-nspawn are wide spread
freeman42x]NixOS has quit [Quit: Leaving]
sanscoeur has quit [Ping timeout: 240 seconds]
hamishmack has quit [Quit: hamishmack]
mounty has quit [Read error: Connection reset by peer]
sanscoeu_ has quit [Ping timeout: 256 seconds]
<Mic92>
containerImage looks good to me, but I should test it a bit again in some container engines
<srk>
mm, looks like exactly what I need
<srk>
need to build bunch of nixos containers for testing vpsadminos
<Mic92>
srk: how do you use CRIU?
<srk>
planning to, for migration
<Mic92>
CRIU sounds still a bit like a hack to me, to be honest.
<srk>
just sits there for now until we get to that, recent work was about importing/creating zfs pool, actual hardware support, iso images and support infra
<Mic92>
zfslower is one thing, but pagetop is pretty unique
<srk>
Mic92: most of the machines are 8 hardrives + two ssds for cache, 256Gb ram
<Mic92>
srk: do you use apparmor as well?
<srk>
yeah, it's enabled in vpsadminos and doesn't seem to cause issues so far
<srk>
btw gcc7 branch contains spectre fixes?
<Mic92>
it is in master already
mizu_no_oto has joined #nixos
<srk>
really? nice
<srk>
need to update! not much time last few weeks due to OS.. even nix2 \o/
<Mic92>
too bad there is now way to share .zfs with containers
<Mic92>
*there is no easy way
<srk>
how come?
muzzy has quit [Ping timeout: 260 seconds]
<srk>
aaa, you mean like export it to CT so you can manage subsets?
<Mic92>
Access snapshots from containers. It is horrible, snapshots in .zfs are mounted via the mount command (the one running in userspace). That's why they cannot handle mount namespaces properly
<Mic92>
it is a licensing issue
<srk>
btw vpsadminos carries one patch on top of zfs due to uid/gid offsets and unprivileged CTs (we can mount dataset with any offset)
<Mic92>
oh, like shiftfs
<srk>
in our case you can mount snapshots via nfs (or fuse?)
<Mic92>
if you would have use fuse, you would had to build your own
<srk>
firtst time I hear about shiftfs :D
<Mic92>
it was proposed for the linux kernel but not yet mainlined
<srk>
cool
<clever>
srk: ever hear about disorderfs?
<srk>
:D
<srk>
fun :D
<Mic92>
srk: have published this zfs patch?
<srk>
btw I'm about to start (re)writing a test harness which could possibly replace nixoses one
<Mic92>
I mean it would not be hard to patch it on my own
<clever>
srk: the c/c++ end handled loading the test driver, the protocol decoding/encoding, and converting protobuf to/from lua tables
<clever>
then the lua script contained the actual testcase
<Mic92>
srk: I wonder if that could be a mount option instead.
<Mic92>
to mount the same datasets into two container
<srk>
clever: I want/need to run on actual hardware, probably want to use haskell, not sure about the user-facing language for tests but I'm thinking of just interpreting bunch of haskell in ghci
<clever>
Mic92: i *think* that the readdir/open syscalls on the root directory can know that, but they would then have to propagate it via special handles to the subdirectories?
<Mic92>
but since has a readonly context it should be doable
<srk>
which can autogenerate tags, (de)serialization, server, client ..
<srk>
for haskell, ivory and elm :D
<endformationage>
I'm trying to set the rpath of a library in need of libxml2.so.2, though the libmxl2 package only offers binaries. Any ideas?
muzzy has quit [Ping timeout: 260 seconds]
<srk>
endformationage: I do see references to libxml2.out, libxml2.dev or libxml2.bin in nixpkgs, not sure which one is correct tho
<srk>
endformationage: looks like .out
<dgpratt>
I'm obviously doing something stupid in regards to allowing "unfree" packages to be installed through nix-env, maybe someone has a clue what that is? I created a ~/.config/nixpkgs/config.nix file containing "{ allowUnfree = true; }" and I made a similar addition to /etc/nixos/configuration.nix and did "nixos-rebuild switch"; nevertheless, "nix-env -qaP vscode" shows no packages unless I "export NIXPKGS_ALLOW_UNFREE=1";
<dgpratt>
what am I doing wrong?
<srk>
isn't it just filtered?
<srk>
from the query
<dgpratt>
srk: if that were the case, why would exporting that env. var make a difference? and besides, I know I've had this working before
ottidmes has quit [Ping timeout: 265 seconds]
<dgpratt>
may have just figured it out...
<srk>
nixos.vscode vscode-1.9.1
<srk>
no export
<srk>
same stuff in configs pretty much (also allowBroken for user)
<dgpratt>
yeah, I knew I was doing something stupid, my path to the config.nix file was wrong ("nix-pkgs" vs "nixpkgs")
<srk>
:)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] DarkScythe97 opened pull request #36197: libretro: specify license per core (master...libretro) https://git.io/vADpc
NixOS_GitHub has left #nixos [#nixos]
hamishmack has joined #nixos
chisui has quit [Ping timeout: 260 seconds]
thc202 has quit [Ping timeout: 240 seconds]
mizu_no_oto has joined #nixos
TonyTheLion has quit [Ping timeout: 260 seconds]
<gchristensen>
anyone like computers and care about history? https://www.crowdfunder.co.uk/new-display/ The National Museum of Computing needs £50,000 to keep the Bombe on the Bletchley Park Estate.The Bombe is a working reconstruction of the Turing-Welchman machine that helped break enemy Enigma messages in the Second World War.
muzzy has joined #nixos
ryantm_ has joined #nixos
muzzy_ has joined #nixos
<endformationage>
srk: Thanks. Looks like the lib is in 'out'
<endformationage>
srk: I need to read up on outputs again :/
<gchristensen>
ryantm: no, just the standard sha256 encoding format
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<ryantm>
so base 16 instead of base 32?
ryantm__ has joined #nixos
<gchristensen>
I think so? like it is using thee output of sha256sum on the cli instead of nix's custom encoding
ryantm_ has quit [Ping timeout: 265 seconds]
silver has quit [Read error: Connection reset by peer]
ryantm__ has quit [Ping timeout: 245 seconds]
mbrgm has quit [Ping timeout: 240 seconds]
<ryantm>
Yeah, that's it. If I do `nix-prefetch-url -A harfbuzz.src | xargs nix-hash --type sha256 --to-base16` it gets the same hash
<adisbladis[m]>
ryantm: Looks like hex to me :)
<gchristensen>
cool
<ryantm>
hex = base16 :)
mbrgm has joined #nixos
<adisbladis[m]>
I'm aware :)
<adisbladis[m]>
ryantm: Nix 2.0 even supports base64
<ryantm>
Cool!
<mfiano>
adisbladis[m]: do you know why unstable stopped updating?
<mfiano>
saw your name as last commit message over a week ago
<ryantm>
That means his thing got through :)
orivej has joined #nixos
<gchristensen>
adisbladis[m]: busted :P
<ryantm>
I think mfiano is talking about the last commit on the nixpkgs-unstable channel.
<adisbladis[m]>
Ouch :P
<adisbladis[m]>
mfiano: The postgres on hydra went down a few days ago and things hasn't really caught on since
<adisbladis[m]>
caught up*
<mfiano>
adisbladis[m]: Ah. I've been trying to switch to unstable as a newbie and wasn't going so well until I noticed that
<mfiano>
Any eta?
<gchristensen>
well it is unstable :)
<gchristensen>
this isn't _exactly_ out of the normal behavior
<adisbladis[m]>
gchristensen: Stuck for a week is pretty unusual though
<mfiano>
Yeah but the breaking drv for me was fixed soon after the last commit :)
<adisbladis[m]>
mfiano: If you are feeling a bit adventurous you could try the `unstable-small` channel
<mfiano>
adisbladis[m]: This hardware isn't that capable to really be compiling a bunch
fragamus has joined #nixos
<ryantm>
mfiano: What architecture is your hardware?
<mfiano>
ryantm: x86_64
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy opened pull request #36198: initrd-ssh: Fix for new dropbear version. (master...dropbear-2018-76-fix) https://git.io/vAyeN
NixOS_GitHub has left #nixos [#nixos]
<shlevy>
TFW you have to drive out to where your server is physically hosted because the initrd ssh client bizarrely dropped the "no MOTD" flag ^
Supersonic has quit [Ping timeout: 260 seconds]
<gchristensen>
really?
<shlevy>
Yep
<shlevy>
See that PR I just opened
<shlevy>
Looking in the commit history now
<gchristensen>
that is very unpleasant
<gchristensen>
how far is the DC? :)
<ryantm>
shlevy: ipmi?
<samueldr>
oh, so dropping as in, it doesn't want to use it and it barfs?
<shlevy>
Yep
<shlevy>
So the server doesn't start
<samueldr>
ouch
<shlevy>
ryantm: :) Not quite. Drive out to the coworking space, connect a monitor and keyboard
<shlevy>
Boot the old config
Supersonic112 has joined #nixos
<gchristensen>
auto-rollback-upon-boot-failure would be neat
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] adisbladis pushed 1 new commit to master: https://git.io/vAyvt
<ryantm>
mfiano: If you have some other better x86_64 machine, you could build on that and copy the closure to the slower machine.
<clever>
shlevy: ive had an idea ive been wanting to write for a while, a dropbear based bootloader
d4g has joined #nixos
<clever>
shlevy: the bootloader, is a linux kernel+initrd, that runs something like dropbear, and waits 30-60 seconds, then it will kexec the default option
<clever>
shlevy: but if you ssh in, it stops the count-down, and you can pick which generation to kexec into, or just get a shell
<samueldr>
clever: :)
<samueldr>
if/when you try that idea, extlinux.conf is probably a good format to use for the generations as it's already availabie in nixos
<clever>
yeah
<samueldr>
I have notes for something similar, with ssh in mind as a secondary goal, but with main goal to be used as a secondary bootloader
<samueldr>
e.g., depthcharge (chromebooks) → that bootloader → nixos generation
<clever>
ive used it with both u-boot and pxelinux
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
samueldr: when the drive is encrypted, all you can see is a special shadow partition, which will boot using this image, if you then run a special sedutil, the drive unlocks, and then you can only see the protected content, and the shadow is missing
<clever>
so it has to boot linux, unlock, then kexec linux (or soft reboot)
<ryantm>
adisbladis[m]: Any suggestions for what to do to help get my remaining semi-auto PRs merged? Have OfBorg build all the packages that depend on those?
<ryantm>
(or get them closed if they are unmergeable)
<shlevy>
niksnut: Is there/should there be a --option trusted-builders?
<gchristensen>
all builders are trusted by definition, no?
<mfiano>
ryantm: I just tried that but it's telling me that the option `networking.hosts` is not defined in unstable-small
<shlevy>
gchristensen: trusted-substitutes are substitutes that aren't available by default but can be turned on by a user through the daemon
<shlevy>
gchristensen: I want a similar thing for builders
mbrgm has quit [Ping timeout: 240 seconds]
<gchristensen>
hmm cool
mbrgm has joined #nixos
<mfiano>
Which is strange, because I see it defined right there in master
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nixpkgs/master b92174e Ryan Mulligan: openfortivpn: 1.5.0 -> 1.6.0...
<NixOS_GitHub>
nixpkgs/master 5166d96 adisbladis: Merge pull request #35936 from ryantm/auto-update/openfortivpn-1.5.0-to-1.6.0...
<NixOS_GitHub>
[nixpkgs] adisbladis pushed 2 new commits to master: https://git.io/vAyJ1
NixOS_GitHub has left #nixos [#nixos]
<mfiano>
Does anyone know what would be causing this? error: The option `networking.hosts' defined in `/home/mfiano/projects/nix/cfg/network.nix' does not exist.
<gchristensen>
I think you want extraHosts
<mfiano>
Why is that? It works on master and I don't see any deprecation notice even.
<mfiano>
s/master/stable/
<shlevy>
I guess I'll have to use --no-build-hook for now
<mfiano>
Something is not right. `programs.gnupg` is not defined in unstable-small either
<elvishjerricco>
Going to try and switch my hydra instance to push the cache to S3 for educational purposes. Just to sanity check... Create the S3 bucket, point CloudFront at it, tell users to point at CloudFront as the cache, then use `store-uri = s3://...?secret-key=...` right?
abathur has quit [Quit: abathur]
abathur has joined #nixos
<elvishjerricco>
How do you give Hydra aws credentials to do the upload to S3?
<mfiano>
I really don't know how any of you use the unstable channels lol. I can't even start a build process on small, and unstable is older than some build failure fixes for a minimal desktop
thoughtpolice has quit [Ping timeout: 240 seconds]
gleber_ has quit [Ping timeout: 240 seconds]
gridaphobe has quit [Ping timeout: 240 seconds]
oscarduignan has quit [Ping timeout: 240 seconds]
scode has quit [Read error: Connection reset by peer]
dgpratt has quit [Ping timeout: 245 seconds]
eacameron has quit [Ping timeout: 245 seconds]
hoverbear has quit [Read error: Connection reset by peer]
themistocle has quit [Read error: Connection reset by peer]
scott has quit [Read error: Connection reset by peer]
zimbatm has quit [Read error: Connection reset by peer]
yurrriq has quit [Read error: Connection reset by peer]
cbarrett has quit [Ping timeout: 240 seconds]
sjanssen has quit [Read error: Connection reset by peer]
dgonyeo has quit [Read error: Connection reset by peer]
taktoa[c] has quit [Read error: Connection reset by peer]
ancarda has quit [Write error: Connection reset by peer]
typetetris has quit [Read error: Connection reset by peer]
ericbmerritt_ has quit [Read error: Connection reset by peer]
mpickering has quit [Read error: Connection reset by peer]
edofic has quit [Read error: Connection reset by peer]
houli has quit [Read error: Connection reset by peer]
feepo has quit [Read error: Connection reset by peer]
ghuntley has quit [Read error: Connection reset by peer]
mudphone has quit [Read error: Network is unreachable]
luto has quit [Read error: Connection reset by peer]
schaary has quit [Read error: Connection reset by peer]
lesce has quit [Ping timeout: 260 seconds]
teozkr has quit [Ping timeout: 260 seconds]
georgew has quit [Read error: Connection reset by peer]
gaqzi has quit [Ping timeout: 265 seconds]
posco has quit [Ping timeout: 248 seconds]
eddyb has quit [Read error: Connection reset by peer]
xplat|work has quit [Read error: Connection reset by peer]
christiaanb has quit [Ping timeout: 255 seconds]
philipcristiano has quit [Ping timeout: 255 seconds]
savanni has quit [Read error: Connection reset by peer]
zielmicha_ has quit [Read error: Connection reset by peer]
ajmccluskey has quit [Read error: Connection reset by peer]
Guest37084 has quit [Read error: Connection reset by peer]
sorear has quit [Read error: Connection reset by peer]
nkaretnikov has quit [Read error: Connection reset by peer]
manveru has quit [Write error: Connection reset by peer]
akl has quit [Read error: Connection reset by peer]
elvishjerricco has quit [Ping timeout: 256 seconds]
ocharles has quit [Ping timeout: 256 seconds]
mbrock has quit [Ping timeout: 256 seconds]
nand0p has quit [Ping timeout: 256 seconds]
pchiusano has quit [Ping timeout: 256 seconds]
mjvoge02 has quit [Ping timeout: 256 seconds]
mgdelacroix has quit [Read error: Connection reset by peer]
bitonic has quit [Read error: Connection reset by peer]
pingveno has quit [Read error: Connection reset by peer]
babyflakes has quit [Read error: Connection reset by peer]
kiliankoe has quit [Read error: Connection reset by peer]
codedmart has quit [Read error: Connection reset by peer]
rizary has quit [Write error: Connection reset by peer]
Wizek has quit [Read error: Connection reset by peer]
yrashk has quit [Read error: Connection reset by peer]
nz has quit [Write error: Connection reset by peer]
tazjin has quit [Read error: Connection reset by peer]
terrorjack has quit [Read error: Connection reset by peer]
pcarrier has quit [Read error: Connection reset by peer]
wavewave has quit [Ping timeout: 240 seconds]
Georgyo has quit [Ping timeout: 240 seconds]
smola has quit [Ping timeout: 240 seconds]
maingo has quit [Ping timeout: 240 seconds]
bitnotri has quit [Ping timeout: 252 seconds]
harms has quit [Ping timeout: 240 seconds]
dmj` has quit [Ping timeout: 240 seconds]
jmeredith has quit [Ping timeout: 240 seconds]
dvim has quit [Ping timeout: 256 seconds]
angerman has quit [Ping timeout: 256 seconds]
p_l has quit [Ping timeout: 256 seconds]
adelbertc has quit [Ping timeout: 256 seconds]
philips has quit [Ping timeout: 256 seconds]
johs has quit [Ping timeout: 256 seconds]
carter has quit [Ping timeout: 256 seconds]
srid has quit [Ping timeout: 256 seconds]
jmeredith has joined #nixos
scode has joined #nixos
tertle||eltret has quit [Ping timeout: 252 seconds]
pauldub has quit [Ping timeout: 240 seconds]
jml has quit [Ping timeout: 256 seconds]
taktoa[c] has joined #nixos
wavewave has joined #nixos
typetetris has joined #nixos
tertle||eltret has joined #nixos
sjanssen has joined #nixos
yurrriq has joined #nixos
thoughtpolice has joined #nixos
feepo has joined #nixos
posco has joined #nixos
rodarmor has quit [Ping timeout: 256 seconds]
bmpvieira has quit [Ping timeout: 256 seconds]
indika has quit [Ping timeout: 256 seconds]
fingerzam has quit [Ping timeout: 256 seconds]
monad_cat has quit [Ping timeout: 256 seconds]
eacameron has joined #nixos
pchiusano has joined #nixos
mgttlinger has quit [Ping timeout: 240 seconds]
raynold has quit [Ping timeout: 252 seconds]
r0bby has quit [Ping timeout: 255 seconds]
ghuntley has joined #nixos
ericbmerritt_ has joined #nixos
Georgyo has joined #nixos
ancarda has joined #nixos
mgttlinger has joined #nixos
zielmicha_ has joined #nixos
teozkr has joined #nixos
r0bby_ has joined #nixos
themistocle has joined #nixos
Jackneill has quit [Remote host closed the connection]
r0bby_ is now known as r0bby
smola has joined #nixos
dhess has quit [Ping timeout: 240 seconds]
christiaanb has joined #nixos
hoverbear has joined #nixos
philips has joined #nixos
r0bby is now known as r0bby_
mjvoge02 has joined #nixos
mudphone has joined #nixos
edofic has joined #nixos
carter has joined #nixos
jml has joined #nixos
Jackneill has joined #nixos
dgpratt has joined #nixos
eddyb has joined #nixos
scott has joined #nixos
Guest37084 has joined #nixos
luto has joined #nixos
savanni has joined #nixos
bitnotri has joined #nixos
r0bby_ is now known as r0bby
rogue_koder has quit [Quit: Konversation terminated!]
pxc2 has quit [Ping timeout: 256 seconds]
bmpvieira has joined #nixos
babyflakes has joined #nixos
teej has quit [Ping timeout: 240 seconds]
pauldub has joined #nixos
dmj` has joined #nixos
schaary has joined #nixos
tazjin has joined #nixos
philipcristiano has joined #nixos
dhess has joined #nixos
pcarrier has joined #nixos
p_l has joined #nixos
rodarmor has joined #nixos
pingveno has joined #nixos
ryantm_ has joined #nixos
zimbatm has joined #nixos
gleber_ has joined #nixos
srid has joined #nixos
gridaphobe has joined #nixos
xplat|work has joined #nixos
cbarrett has joined #nixos
nkaretnikov has joined #nixos
bitonic has joined #nixos
Wizek has joined #nixos
rizary has joined #nixos
schoppenhauer has quit [Ping timeout: 255 seconds]
fingerzam has joined #nixos
angerman has joined #nixos
houli has joined #nixos
indika has joined #nixos
dgonyeo has joined #nixos
mpickering has joined #nixos
nand0p has joined #nixos
oscarduignan has joined #nixos
ajmccluskey has joined #nixos
georgew has joined #nixos
gaqzi has joined #nixos
kiliankoe has joined #nixos
yrashk has joined #nixos
raynold has joined #nixos
schoppenhauer has joined #nixos
rogue_koder has joined #nixos
justan0theruser has joined #nixos
justanotheruser has quit [Ping timeout: 260 seconds]
<mfiano>
Can anyone explain?
adisbladis has joined #nixos
<mfiano>
Why does unstable-small have only a subset of options defined as that of stable and unstable?
<adisbladis>
mfiano: It does not.
<mfiano>
adisbladis: Well I can get to the building phase with unstable, but the same config on unstable-small errors during the config assertion tests
<mfiano>
Can you explain then?
<adisbladis>
mfiano: Maybe if you would point us to whats going wrong
<mfiano>
I did above
<adisbladis>
Can you paste your config and the error message?
<mfiano>
Sure one moment
thebardian has joined #nixos
monad_cat has joined #nixos
sorear has joined #nixos
adelbertc has joined #nixos
johs has joined #nixos
nz has joined #nixos
manveru has joined #nixos
dvim has joined #nixos
codedmart has joined #nixos
<thebardian>
Hello, I am trying to install nixos using zfs in kvm/qemu. When I run nixos-install, (thinking I'm all set), it says Failed Assertions: ZFS requires networking.hostId to be set
teej has joined #nixos
ryanartecona has joined #nixos
<srk>
thebardian: yes, you need to set the hostId
<srk>
eg networking.hostId = "4800EE99";
<thebardian>
srk: right, where can I read about where/ how to do this?
<srk>
same as the rest of the configuration - (/mnt)/etc/nios/configuration.nix
<srk>
mnt if you're installing
<disasm>
thebardian: thebardian `cksum /etc/machine-id | while read c rest; do printf "%x" $c; done` to get a unique hostId
<srk>
there's an entry on the wiki iirc
<thebardian>
the only setting todo with host is hostname
<disasm>
it's mentioned in nixos/modules/tasks/network-interfaces.nix
<disasm>
thebardian: you need to add networking.hostId to your configuration.nix
<thebardian>
okay, i've got the file open..
<thebardian>
I dont see anything to do with hostid init
<srk>
no mentions of hostId on the wiki, heh
<mfiano>
adisbladis: My config: https://github.com/mfiano/nixos-config/blob/master/machines/basilisk.nix Error is: The option `networking.hosts' defined in `/home/mfiano/projects/nix/cfg/network.nix' does not exist. Replacing that with networking.extraHosts passes, but then it has another undefined error for `programs.gnupg`. All this works on both stable and unstable
<mfiano>
It's only unstable-small that has this issue
<thebardian>
disasm: I want to add it, what do I set it to
<disasm>
thebardian: run that command I pasted above
<thebardian>
Thanks i missed that.
<disasm>
gotta reboot this laptop and reinstall, changing filesystems. be back in a few hopefully
elvishjerricco has joined #nixos
ryanartecona has quit [Ping timeout: 256 seconds]
<thebardian>
disasm: it returns fc925633: command not found
<thebardian>
ocharles has joined #nixos
<thebardian>
disasm: that did the trick, thankyou.
<thebardian>
Can anyone point me in the direction to learn what networking.hostId in configuration.nix actually does, and why it wasn't in the wiki? THX
<mfiano>
thebardian: certain services depend on your host having a unique id.
<elvishjerricco>
thebardian: The wiki isn't generally the right place to look. All configuration.nix options are documented at https://nixos.org/nixos/options.html
<ryantm>
`nox-review pr N` doesn't work for my on NixOS; it tries to clone nixpkgs into .nox/nixpkgs and it fails with fatal: unable to access 'https://github.com/NixOS/nixpkgs.git/': SSL certificate problem: unable to get local issuer certificate
<thebardian>
thank you.
harms has joined #nixos
mgdelacroix has joined #nixos
lesce has joined #nixos
mbrock has joined #nixos
<mfiano>
what does the type `list of submodules` look like?
<mfiano>
something got changed from a list of attrsets to a list of submodules, and i can't figure out what needs to change
Myrl-saki has joined #nixos
Myrl-saki has quit [Client Quit]
Myrl-saki has joined #nixos
akl has joined #nixos
maingo has joined #nixos
terrorjack has joined #nixos
hamishmack has quit [Quit: hamishmack]
ryantm_ has quit [Ping timeout: 252 seconds]
<thebardian>
Hello all, looking at nixos zfs installation section it says "As of 2014-03-04, you should set the mountpoint property of your ZFS filesystems to be legacy and let NixOS mount them like any other filesystem (such as ext4 or btrfs), otherwise some filesystems may fail to mount due to ordering issues"
<thebardian>
I am wondering, is this still "a thing" or not, 4 years later?
<mfiano>
No idea but the answer your previous question about hostId, zfs is one such service that requires it
robstr has joined #nixos
<abathur>
if I am trying to set up an environment to work on a project that is nix-packaged (but *not* work on anything to do with the nix package/derivation), where I'll need to be able to build/install/iterate, should I be writing my own default/shell.nix from scratch, or writing an overlay (?) for the derivation already in nixpkgs?
Rusty1_ has quit [Quit: Konversation terminated!]
scribbler has joined #nixos
SuprDewd has quit [Read error: Connection reset by peer]
alex`` has joined #nixos
spludge has joined #nixos
<spludge>
I've been trying to get Gnome Tracker to recognise my FLAC files, and I think it can't because to wasn't built with FLAC support. Can someone link me to a guide on how to build it and get it to work with nix?
<muzzy_>
can anyone think of a clever way to reconnect openvpn after I open my laptop lid (suspend)?
Guanin has joined #nixos
<wilornel>
I'm hitting another obstacle when trying to start a rails project. Last time it was when starting a python project. I love how I use python with nixos today. :)
<wilornel>
I need to install the webpacker gem. However, it tries to install a binstub:
<wilornel>
Which I think makes sense. However, I don't know how to work with this. All other gems installed just fine, but not this one. I'll ping the ruby channel
<clacke[m]>
make sure you use udp and just use a substantial timeout?
<wilornel>
There is a an issue with the bundler versions
<wilornel>
weird, bundix -l will create a gemfile.lock which claims to have been generated by a bundler version that is different that the currently installed one
<simpson>
Bundix has its own Bundler version, I think.
<simpson>
Not sure on the details. Ruby dev environments are terrible.
<clacke[m]>
was going to say: the version of bundler that your bundix derivation depends on?
<chrisburr>
Is it possible to run hydra-server, hydra-evaluator and hydra-queue-runner on different machines?
pxc2 has joined #nixos
<clacke[m]>
butnif it even vendors its own bundler that's even more straightforward
<tomatensuppe>
Hi, I'm having a hard time starting multiple instanced systemd services. Does anyone know how to start x instances on boot of a single service?
<tomatensuppe>
(using instance templates)
<tomatensuppe>
tried wantedBy = [ "multi-user.target" ]; so far...which gets me one instance :)
<tomatensuppe>
-> fooService@multi-user
marek has quit [Ping timeout: 256 seconds]
marek has joined #nixos
<makefu>
tomatensuppe: with nixos it should be easy enough to define a number of similar services without the need to use systemd's instance system
<tomatensuppe>
@makefu a just generate them in the config?
<tomatensuppe>
k ... that would be an option...thanks :)
NixOS_GitHub has joined #nixos
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 1 new commit to master: https://git.io/vAysk
<NixOS_GitHub>
nixpkgs/master ab91a07 Michael Raskin: libreoffice-fresh: 6.0.1.1 -> 6.0.2.1
<tomatensuppe>
(works btw...but i guess your solution is more elegant)
reinzelmann has quit [Ping timeout: 260 seconds]
LysergicDreams has quit [Ping timeout: 260 seconds]
reinzelmann has joined #nixos
LysergicDreams has joined #nixos
cinimod` has joined #nixos
knupfer has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
freusque has joined #nixos
<freusque>
Hello. As part of a reproducible experimental environment for scientific use, I'd like to get the commit ID of the sources used for a build.
<freusque>
I use commit_id = pkgs.lib.commitIdFromGitRepo "${toString ./.}/.git";
<freusque>
but this fails on "not a .git directory : "/home/..../.git"
<freusque>
Is there a more standard way to do this?
<freusque>
this is in the case where I build from a checked out source.
<sphalerite>
freusque: it needs to use a derivation to get the commit, and the derivation builds as the build user and usually in the sandbox as well so it doesn't have access
<sphalerite>
freusque: use ${./.} instead of ${toString ./.} so it will import it into the nix store and the builder iwll have access to it
<freusque>
this fails too
<freusque>
string ‘/nix/store/h698b5w3r5pfmvbjqsh00hw3r885dbgp-obandit/.git/HEAD’ cannot refer to
<freusque>
other paths, at /nix/store/w8bcrzgp4hb1m02iac12cdh7lzm28yl8-17.09.tar.gz/lib/sources.nix:55:15
<sphalerite>
actually maybe just pkgs.lib.commitIdFromGitRepo ./.git
<freusque>
Illegal name: '.git'
<sphalerite>
>.>
<freusque>
;-)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] bjornfor pushed 1 new commit to master: https://git.io/vAyZe
<sphalerite>
in that case your best bet is probably to use a wrapper script for nix and have that pass in the commit hash :/
<sphalerite>
or maybe you can use this weird builtins.exec thing I've heard of. It's scary though.
<sphalerite>
and undocumented, AFAIK
<freusque>
you mean the --argstr hash <hash> way?
<sphalerite>
yeah
<sphalerite>
oh boy
<sphalerite>
so the name is actually __exec and it's guarded behind the "enable-unsafe-native-code-during-evaluation" setting
<freusque>
but but
<freusque>
:_)
<sphalerite>
0bb8db257d98a32abde759f4d07d28b5178bd3bf is the commit that introduces it and lists one of the use cases as…
<sphalerite>
* Automatic git fetching to get a sha256 from a git revision
<sphalerite>
* git rev-parse HEAD
ottidmes has joined #nixos
<freusque>
ah but
Itkovian has joined #nixos
thebardian has quit [Remote host closed the connection]
dj_goku has quit [Remote host closed the connection]
<ij>
Does "ssh nixos ls" work for you? Do you have bash or zsh? If zsh, does the remote(or local if ssh localhost) machine also have /etc/zshenv?
<freusque>
ij: I use zsh and do have a zshenv on my nixos machine.
<ij>
So do I, but I don't have it, so it can't source it and $PATH's not set. How did you get it, I wonder? I've just set users.extraUsers.ij.shell = pkgs.zsh; Do *you* have something more?
<sphalerite>
there is a programs.zsh.enable option
<sphalerite>
that might do it
<ij>
let's give it a spin
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vAyn6
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master 03eb06a Vladimír Čunát: mysql55: fixup build with gcc7
rindvieh has joined #nixos
<ij>
yay, that worked \o/
leat has joined #nixos
pkill9 has joined #nixos
tertle||eltret has quit [Quit: Connection closed for inactivity]
<sphalerite>
when using nix-build --check and finding nondeterminism, is there a way to keep the mismatched output so I can actually compare them? Or do I have to guess what the difference is? :p
<hyper_ch2>
sphalerite: did you try to send now to an encrypted dataset?
<sphalerite>
no, I haven't tried it yet
davidlt_ has joined #nixos
alex`` has joined #nixos
<LnL>
I'm not sure, but I think --keep-failed with keep a /nix/store/<hash>-foo-0 version next to the original store path
ThatDocsLady has joined #nixos
davidlt has quit [Ping timeout: 245 seconds]
<ma27>
hyper_ch2: currently yes
ertes has quit [Ping timeout: 265 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
LnL: I'll try that, thanks
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti opened pull request #36204: release-17.09: update haskell package set to lts-9.21 plus latest versions of stack, cabal2nix, and git-annex (release-17.09...haskell-updates) https://git.io/vAyWL
NixOS_GitHub has left #nixos [#nixos]
<fearlessKim[m]>
When I try to use lkl (linux Kernel library): `sudo lkl-hijack.sh ls` works fine (it intercepts syscalls and send them to the kernel library while running program `ls`) but when running `sudo lkl-hijack.sh ping 127.0.0.1`, the userspace kernel boots twice. LKL folks have never seen this on other distribs. Also it runs fine in gdb (kernel is run only once). I have put some info http://nixpaste.lbr.uno/0ptW8r8V?nix .
<fearlessKim[m]>
Could it be linked towards a specific ld.so nix behavior ?
<mfiano>
If I switch from stable to unstable-small on a desktop with lots of packages, shouldn't I expect some things to be compiled from source? It just downloaded a bunch of cached binaries and not one compile
<sphalerite>
fearlessKim[m]: it's probably because of ping's suid wrapper
* mfiano
wonders if he is really on unstable-small despite what `nix-channel --list` says
<fearlessKim[m]>
sphalerite: arf it hadn't occured to me that ping was wrapped thanks
<sphalerite>
mfiano: that would only occur right after nixos-unstable-small has advanced
<fearlessKim[m]>
sphalerite: yep it fixes it !
<mfiano>
sphalerite: so if i switch from 17.09 to unstable-small there would be binaries built for everything? because that is what i experienced and did not expect it :)
knupfer has quit [Remote host closed the connection]
<sphalerite>
mfiano: since, roughly, master advancing causes hydra to build nixos-unstable-small and nixos-unstable. As soon as all the things in nixos-unstable-small have passed it advances nixos-unstable-small, but the rest of nixos-unstable continues building and getting put in the binary cache
Lisanna has joined #nixos
<mfiano>
ah
<sphalerite>
mfiano: so most of the time you'll have the same binary coverage on unstable-small as on unstable, it's just not guaranteed and it will advance even if some of the tests for nixos-unstable break
<sphalerite>
LnL: yep that did it, thanks!
<mfiano>
sphalerite: btw, adisbladis said that there was an sql db failure and unstable just hasn't caught up yet, since you were wondering too yesterday
<fearlessKim[m]>
sphalerite: any doc on the suid thing ? If I install ping in my profile, it should be ok right ?
<sphalerite>
fearlessKim[m]: yes, although you won't be able to run it as a non-root user
<sphalerite>
since it needs to open a raw socket, which is why it needs setuid
MP2E has quit [Remote host closed the connection]
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<fearlessKim[m]>
ho didn't know it needed raw-socket, so the binary crafts the ICMP packets instead of the kernel
<sphalerite>
yep
Lisanna has quit [Client Quit]
MP2E has joined #nixos
<sphalerite>
huh, I was sure it was mentioned in the nixos manual but I can't find it...
Itkovian has joined #nixos
<sphalerite>
fearlessKim[m]: well apaprently the only documentation is the description for security.wrappers, check man configuration.nix or the options search
<fearlessKim[m]>
still I am not sure why the output appeared twice (the output being generated by the library)
thc202 has joined #nixos
<sphalerite>
I'm guessing it uses LD_PRELOAD, which took effect once when the wrapper was exec'd and again when the wrapper exec'd the actual ping binary
<sphalerite>
why does our perl derivation still capture information about build date and build machine kernel and stuff? D:
<sphalerite>
also, am I right in seeming to remember that nix 2.0 signs everything built locally by default?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vAy4q
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master 213c216 Vladimír Čunát: msitools: remove myself from maintainers...
sigmundv__ has joined #nixos
oahong has quit [Ping timeout: 256 seconds]
<the-kenny>
Sometimes I just love globs: nix-shell -p python pythonPackages.{requests,futures,protobuf} expands correctly :)
<the-kenny>
hmm that actually isn't a glob. It's nice anyway
oahong has joined #nixos
<clacke[m]>
bracket expansion is the proper term
davidlt has joined #nixos
hamishmack has quit [Remote host closed the connection]
<the-kenny>
thanks!
<xnaveira[m]>
hi! I need to run some old ansible playbooks that only work with ansible 1.9.4 or lower, i see the oldest version in packages is 2.1 What's the easiest way to get ansible 1.9.4 in nixos?
hamishmack has joined #nixos
hamishmack has quit [Client Quit]
<BlessJah>
use git checkout of nixpkgs
<sphalerite>
xnaveira[m]: use an old nixpkgs
<BlessJah>
sphalerite: is it possible to have channel pinned to older version?
<sphalerite>
BlessJah: yes, just never nix-channel --update it :)
<xnaveira[m]>
ok, i am kind of newbie, how do I do that?
<xnaveira[m]>
i mean i know how to use git :)
<xnaveira[m]>
but how do i use old nixpkgs?
<sphalerite>
xnaveira[m]: find the commit that updated ansible psat 1.9.4, check out one of its parents, and nix-shell -I nixpkgs=. -p ansible
<BlessJah>
note that next time you run `nix-env --upgrade` it will install newest version available in channels
<mfiano>
mkaito: Can you point me to your borg/tarsnap config?
<fearlessKim[m]>
In my folder /nix/store/r8zhwq9xylxw8a823kpvqy0kfqq4g52f-nix-2.0pre5968_a6c0b773/ there is no man :'(
<BlessJah>
an idea: what if we'd had pkgs.ansible.1_9 for packages (libraries) that might need multiple versions?
<sphalerite>
fearlessKim[m]: it's in a separate output
marusich has quit [Ping timeout: 240 seconds]
<sphalerite>
BlessJah: not if they use nix-shell to access it
<sphalerite>
:)
<sphalerite>
BlessJah: we have that sort of thing, but the less the better
<BlessJah>
sphalerite: ++ for nix-shell, that'd work
<fearlessKim[m]>
sphalerite: Yet I have environment.extraOutputsToInstall = [ "man" ]; but can't do man nix
<sphalerite>
fearlessKim[m]: because there's no manpage for nix
<sphalerite>
yet
marusich has joined #nixos
<sphalerite>
there's only the help, and the manpages for nix-env etc
<fearlessKim[m]>
nix help says For full documentation, run 'man nix'
<sphalerite>
>.> lies
<fearlessKim[m]>
come on I was telling people that soon they could enjoy a nice UI for nix but... xD
<sphalerite>
BlessJah: the issue with keeping stuff like that is that it's a maintenance burden
<sphalerite>
fearlessKim[m]: yeah not sure how soon it is. Especially as far as managing user envs is concerned
<fearlessKim[m]>
sphalerite: yep home-manager goes only so far, at some point we need deeper integration
<sphalerite>
I mean, the progress bars and stuff are already a great improvement and I love using nix rather than nix-*. But it's far from having all the functionality it needs to replace nix-*, and you still need to know how to use nix-* to get anywhere with using nix unfrotunately
scribbler1 has joined #nixos
<sphalerite>
wahey, sourceforge is down again!
<BlessJah>
sphalerite: pkgs.foo.X_Y will see less and less development, and pkgs.bar (with foo as an input) can move to next X_Y when upgraded
<BlessJah>
sphalerite: it will be burden to support multiple foo.X_Ys, but when X_Z changes there is no need to check if bar {foo.X_Y} still works
<sphalerite>
BlessJah: it's still a maintenance burden — since dependencies get upgraded as well which may introduce incompatibliites. Plus with nixpkgs you can just check out an older version of nixpkgs to get something that's known to work
<sphalerite>
it's not just about bar depending on foo, it's about foo depending on gtk :)
<BlessJah>
btw, lot of packages seem not to be updated in a long time
<rauno>
hey, is it possible to add static routes with nixos configuration?
winem_ has joined #nixos
scribbler has quit [Ping timeout: 276 seconds]
scribbler1 is now known as scribbler
<sphalerite>
BlessJah: contributions welcome!
<BlessJah>
I thought about adding "Flag package out of date" to packages list - like what archlinux has. That should lower the bar for user to contribute (by marking as out-of-date) and save actual contributor going through packages and checking if new version of package was released in the meantime
<BlessJah>
or, when it's possible, automatically check if packages are up to date (e.g. query pypi or github)
<sphalerite>
ryantm did a huge amount of semi-automated updates the other day
<sphalerite>
goibhniu1: aaaah I was trying to remember the name of that
goibhniu1 is now known as goibhniu
<goibhniu>
BlessJah: there used to be a cool service which found updates, updated the expression, built it and generated patches.
<shlevy>
niksnut: When using ssh-ng as a remote builder, I'm getting "error: hash mismatch importing path '/nix/store/scag7k5f2p6a5sy7gbsqc8h05vsqfgpp-system-path-riscv64-unknown-linux-gnu'; expected hash 'sha256:0ixdq4v6749p21d1indxb0pfhcz420qz6lz082ibwg48kpli3y9l', got 'sha256:1n6wk32c70fsfzlk0ckrhmi3qx4hz6r0k43n31x7qwkcxyywwp17'"
<shlevy>
niksnut: How is that possible? The path doesn't exist on the remote at all, where would it be getting a different expectation about hash from?
<rauno>
or are the ipv4.routes options only available in master/18.03 ?
<goibhniu>
BlessJah: unfortunately, the maintainer didn't have time to keep it going
<BlessJah>
does it pull all the repos and declares newest found as newest?
<BlessJah>
then first distro to package new version does everyone a favour by letting them know
<BlessJah>
nice
__Sander__ has joined #nixos
<shlevy>
niksnut: And if I nix-copy the path manually it's fine... :|
<sphalerite>
really maintainers should subscribe to RSS feeds or mailing lists or whatever for the packages they maintain. ALthough I'm not one to talk since I haven't actually done so >_>
Arcaelyx_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
rauno: yeah they're not in stable yet
<BlessJah>
there is also pkgs.org, I use that to check package in major distros
<shlevy>
sphalerite: Realistically I think we need different levels of maintainership
<shlevy>
(and a way to filter out packages that aren't maintained at a certain level)
<rauno>
sphalerite, any other way to define them?
<sphalerite>
rauno: idk really, all I can think of is something hacky like adding a oneshot systemd service for setting them
<fearlessKim[m]>
we need per-file (package) commit access.
<fearlessKim[m]>
giving commit access to all of nixpkgs restricts too much the pool of maintainers
<BlessJah>
fearlessKim[m]: bot that'd automerge based on approvals from per-package maintainer
<fearlessKim[m]>
BlessJah: yep that would be cool, do you know any such bot ?
<BlessJah>
nope
hask_bee_3 has joined #nixos
<hask_bee_3>
clever hey
scribbler has quit [Ping timeout: 256 seconds]
cinimod` has quit [Remote host closed the connection]
silver_hook has quit [Quit: ZNC 1.6.5+deb1 - http://znc.in]
<fschulze>
hi! I'm trying to install nixOS 17.09 (64-bit) on a 2008 MacBook Pro, but it looks like I get no WiFi and the Ethernet port doesn't automatically configure using DHCP. I looked for some guides and they all assume this just works
<fschulze>
setting an IP address manually doesn't seem to work either
<fschulze>
the hardware is fine, it all still works with OS X
nixer101 has joined #nixos
<nixer101>
Hai! The "teamviewer" stable package returns 404 for archive when building its derivation.
<sphalerite>
fschulze: iirc that machine has a bcm4331 WiFi chip which is a special kind of hell to get working on linux
<sphalerite>
fschulze: I'm not sure about the ethernet. Maybe run lspci to identify what the hardware is, then check the journal to see if the driver is complaining about anything
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] bignaux opened pull request #36206: [WIP] Mame: init at 0.195 (master...mame) https://git.io/vAyzK
NixOS_GitHub has left #nixos [#nixos]
<genesis>
erf i still have issue with squashing :3
marusich has quit [Ping timeout: 240 seconds]
nixer101 has quit [Quit: Konversation terminated!]
nixer101 has joined #nixos
<sphalerite>
fschulze: if I'm right and it is a 4331 you may want to give up on that bit. You have 3 options as far as I remember: 1) Broadcom proprietary driver (wl) which crashes the kernel on a semi-regular basis; 2) Free b43 driver with free firmware, which gives you spectacular 43kbps speeds; and 3) Free b43 driver with proprietary firmware, which drops the connection frequently
<sphalerite>
it's very unfortunate :(
<goibhniu>
hi nixer101, do you already know how to fix it?
<shlevy>
niksnut: Hmm any idea why nix copy is refusing to copy a drv file?
<fschulze>
sphalerite: yeah, just found a message that I need to download firmware
<fschulze>
sphalerite: not sure about ethernet yet
<shlevy>
It just exits with code 0 but the drv isn't on the remote store
<goibhniu>
nixer101: I guess they remove old releases when the upload a new version
<nixer101>
goibhniu: yes, the package is gone on their site.
<fschulze>
sphalerite: it says NVIDIA MCP79 chipset
<fschulze>
sphalerite: couldn't find anything in dmesg yet
marusich has joined #nixos
<nixer101>
goibhniu: I am absolute newbie with nixos ( I am typing from it though ) who has lots of stuff to learn, move and fix :)
<etu>
nixer101: You can overideAttrs in your config to specify the newer version, and then you can submit a PR to update it :)
infinisil has quit [Quit: Configuring ZNC, sorry for the join/quits!]
<fschulze>
sphalerite: ah, "no link during initialization" even though I had it plugged in during boot
<goibhniu>
nixer101: this would probably be an easy fix ... and a nice first PR :D
infinisil has joined #nixos
<sphalerite>
fschulze: yeah… apple hardware is all kinds of obnoxious
<goibhniu>
nixer101: you may just need to change the URL and the hash for it
periklis has quit [Ping timeout: 265 seconds]
<fschulze>
sphalerite: I read some success stories before, so it seemed like an easy try
NixOS_GitHub has joined #nixos
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master 0e050da Robin Gloster: torchat: not broken
<NixOS_GitHub>
nixpkgs/master e616cd8 Robin Gloster: tex4ht: obsoleted by tex4ht in texlive
<NixOS_GitHub>
[nixpkgs] globin pushed 3 new commits to master: https://git.io/vAygU
<NixOS_GitHub>
nixpkgs/master e43dd6f Robin Gloster: gnome2.gnome-session: remove
<nixer101>
goibhniu: I am still figuring out my data partition, notes (zim), how to make phonon have gstreamer backend (no sound here) and how to make quake3-based games not to disable my monitor (they set weird resolution+block kde session resolution, have to reset kdisplay). I am not sure I can take it at this moment. :(
<goibhniu>
nixer101: ah sure :D
<goibhniu>
no sound? have you enabled pulseaudio?
<nixer101>
I would like to kick palemoon version in stable as first step. The 27.4.2 in stable is segfaulting on stable x64/intel, the unstable version runs fine.
<nixer101>
goibhniu: yes, pulseaudio is enabled, but has no backends. I have no idea how to pull the gstreamer. A lot of packages and "gst_all" / "gst_1_all", which I think mean gstreamer_0.10-* and gstreamer-1.0-*, cause configuration.nix to fail.
<nixer101>
if someone plays openarena on nixos and is willing to share his configuration.nix, I would be really thankful!
<goibhniu>
does sound work for other applications?
<nixer101>
goibhniu: no, pulseaudio has no backends currently. I am trying to figure out how to add gstreamer backend. :)
scribbler has joined #nixos
<goibhniu>
I don't think you should need to do anything there
<fschulze>
sphalerite: found the issue, the network cable has loose contact m)
<sphalerite>
ekleog: any chance you could fix your HTTPS on git.ekleog.org? :D
<sphalerite>
fschulze: that'll do it xD
<nixer101>
goibhniu, etu: I took the notes of how to fix teamviewer though, if I get first at doing it, I will try it!
<nixer101>
goibhniu: no, I haven't. I thought that pulse should pull alsa automatically? I've never seen any other configuration.nix specifically pulling alsa.
<sphalerite>
Is there a way to see the log of an ongoing build?
<goibhniu>
nixer101: I would first try to get also working on its own ... yeah, you have alsa already
<infinisil>
sphalerite: you mean stdout?
<viric>
shlevy: great! thank you
<goibhniu>
nixer101: what does `aplay -l` say?
<sphalerite>
infinisil: and stderr. Like when I'm using nix-build, but when I'm using nix build.
<nixer101>
goibhniu: alsactl is here and bunch of other binaries, if I autocomplete "alsa" in konsole
<sphalerite>
or like nix log, but before it's completed the build.
<mfiano>
does anyone have an example of setting up borgbackup The Nix Way™ ?
vandenoever has joined #nixos
<infinisil>
sphalerite: i have no idea, but i suspect that's not possible
<nixer101>
goibhniu: it lists all three of audio devices: internal ac97, hdmi on r9 VGA, and sblive card - which is all correct.
<mfiano>
sphalerite: I would need to use writeScriptBin. It's actually several commands to run
<goibhniu>
nixer101: can you also share `nix-info`, thanks
<mfiano>
with logic between
<nixer101>
goibhniu: I need to add gstreamer, but I dont know how to add it. I have used KDE Neon and there are two backends if I remember: VLC and gstreamer. I would really want to use gstreamer, because I ditch VLC with Smplayer as the later is much more stable when playing video over network (watching youtube in the window)
<sphalerite>
mfiano: you can just put the script straight in the config and it will use writeScriptBin for you
<goibhniu>
nixer101: I'm just amazed that it isn't all hooked up for you. I don't have anything phonon or gstreamer related installed. But I can see e.g. /nix/store/lrpdb4fadmyffgs1j389ajrwyzh0vdfi-phonon-backend-gstreamer-qt5-4.9.0/lib/qt-5.9/plugins/phonon4qt5_backend/phonon_gstreamer.so is in use.
<goibhniu>
and gstreamer is also listed as the backend
<sphalerite>
mfiano: oh and you'll need wantedBy = ["multi-user.target"]; on systemd.timers.backend
<sphalerite>
note to self: don't write stuff while reading other stuff
<nixer101>
goibhniu: this is stock x64/intel system, that I installed from scratch on new hdd about 3 days ago and has been tuning it daily.
Tucky has joined #nixos
<mfiano>
sphalerite: Ok, I'm so lost when it comes to systemd. I'll read a bit
scribbler has quit [Ping timeout: 260 seconds]
<goibhniu>
nixer101: silly question ... have you rebooted lately?
<nixer101>
goibhniu: if you are using nixos for desktop too and have phonon with gstreamer backend, I would be thankfull, if you share the relevant parts of configuration.nix. Probably packages, services, hardware and programs - could affect it.
<goibhniu>
the thing is, I don't see anything related in my config ... but it's pretty convoluted
<nixer101>
goibhniu: yes.. :) I have booted this system a hour ago and upgraded yesterday (with nix-collect-garbage -d and nix-store --optimize)
<nixer101>
goibhniu: ofc as root
asymmetric has joined #nixos
<nixer101>
goibhniu: I must leave for about 30 minutes, letting you know just in case
Neo-- has joined #nixos
testuser has joined #nixos
<testuser>
hi guys, I'm looking for a small device like raspberry pi on which nixos can run without any problems, preferably using intel process, since I'm not sure whether ARM will cause any issues. Does somebody know such a small hardware device, which works well with nixos ... ?
<testuser>
A hardware device should have at least USB and giga ETH.
<testuser>
sphalerite, has anybody tested running nixos on intel NUC - does it work well. I'm interested in using this for penetration tests, so having an intel processor should ensure certain packets, like airodump-ng to compile without issues. I also need to verify the network card inside to see whether it supports packet injection, monitoring mode, etc.
<testuser>
sphalerite, I know, but does it compile airodump-ng and all the other penetration test tools without issues, are those tools are to run on it. I would like to avoid any problems that ARM processor can bring.
<nixer101>
testuser: I have built a retroconsole using cheapest Intel NUC recently and put Lakka on it. Lakka is basically x64 Archlinux, so yes, NUC will work on Nixos.
<sphalerite>
testuser: there shouldn't realy be any nixos-specific gotchas on intel stuff. Just research how linux generally runs on it
<etu>
The NUC's aren't special hardware wise in any way afaik. It's just plain intel hardware.
<nixer101>
testuser: however it is really selective to memory. The best is to use NUC-compatible memory, or look up memory properties of the chips that have this labels.
<nixer101>
testuser: I cant remember the specifics... Its ddr3L, but it must have proper voltage and proper density I think.
kitemikaze has quit [Remote host closed the connection]
<nixer101>
testuser: I am using KVR16LS11/4 module
<viric>
I'm trying to run a "nix-shell" in nix 2.0. It tells me only one line:
<viric>
build input /nix/store/3a0pdxnadgslzvjr5h3q1m44mj27kkyb-cmake-3.8.2 does not exist
<nixer101>
testuser: in fact, I initally wanted to use raspberry pi for retroconsole. But NUC is much more powerful and is x86, so I went for it instead.
<viric>
What does it mean, that a build input does not exist?
<sphalerite>
viric: how are you invoking it?
<viric>
(--store $HOME)
nixer101 has quit [Quit: Konversation terminated!]
<viric>
nix-shell --option store $HOME --option sandbox-paths "$HOME/tmp /bin/sh=/nix/store/abqplkiy4mm70kg92wn97dgayj99a8m8-busybox-1.27.2/bin/busybox"
<viric>
(I have shell.nix)
<sphalerite>
aah, not sure if nix-shell supports chroot stores yet
<viric>
sphalerite: what if not?
<viric>
AH you mean that maybe it builds all properly, but the last stage of running bash is wrong?
<viric>
How can I translate my shell.nix for use with nix run?
<sphalerite>
exactly
<sphalerite>
not sure that's currently properly possible :/
raynold has quit [Quit: Connection closed for inactivity]
<sphalerite>
you can probably do something like nix run --store ~/nix '((import ./shell.nix).buildInputs)'
<sphalerite>
but I'm not sure how good a build environment that will give you
<viric>
Why did nix-shell disappear?
kitemikaze has joined #nixos
<viric>
Wasn't it the bee's knees? niksnut, shlevy? Where is the nix-shell development environment pattern in nix 2.0?
<shlevy>
It's still there...
<shlevy>
Why do you think it disappeared? :)
<viric>
shlevy: fails for me with "--store $HOME"
<TonyTheLion>
any of you hydra experts know what this error means "Jobset contains a job with an empty name. Make sure the jobset evaluates to an attrset of jobs."?
<viric>
shlevy: I wondered if it can be achieved with nix run?
<shlevy>
viric: I think the option flags don't work for legacy commands. So you need --option store $HOME
<viric>
shlevy: right, I use --option store $HOME in fact. The build works, but the execution fails
<sphalerite>
viric: it's not *disappeared* as such, it's just not implemented for the new UI yet
<shlevy>
viric: So it's buggy, not disappeared :D
<viric>
:)
<viric>
ok
<shlevy>
It's intended to work
<viric>
can you think of any workaround? :)
<shlevy>
I don't know what the issue is :)
<sphalerite>
shlevy: the option flags do work for legacy commands though
<viric>
sphalerite: I run nix-shell with "--option store $HOME", and after all is built, I get:
<viric>
build input /nix/store/0ln1qqfv5f93lbhzysy752ydj8kfl3ls-cinder-023c591-cognex does not exist
atu1 has joined #nixos
<viric>
which is correct for the system /nix/store, but not $HOME/nix/store
<viric>
^ shlevy
<sphalerite>
right yeah, buggy is a more accurate description indeed :D
<shlevy>
viric: Sorry, can't take a look right now :(
<viric>
shlevy: don't worry
<viric>
I just wanted to know if there is something just on top of your head
<sphalerite>
mfiano: partOf shouldn't be necessary AFAIK
<sphalerite>
infinisil: ?
<sphalerite>
but I'm not sure
<infinisil>
sphalerite: I'm 80% sure it is
<infinisil>
something with systemd handling timers
<mfiano>
Oh I think that it should be the service
marusich has joined #nixos
<matt_r_>
Mic92: we could build all the dependencies, but it just would require cooperation and people making available resources. I'd say it's mostly a software problem right now.
<mfiano>
so that if the service is stopped the timer sotps too?
<Mic92>
matt_r_: the url in /etc/nix/nix.conf will change after the update.
<Mic92>
the old one is probably still there
<matt_r_>
Mic92: I also set one via extra-binary caches on the CLI now.
<Mic92>
matt_r_: it would require also to kick out application like seth, because we could not support it in nixpkgs
<matt_r_>
Mic92: but that also has no effect, so it seems that I am now completely stuck.
<infinisil>
mfiano: sphalerite: Ohh I get it, the partOf would be needed in the [Install] section, but that is unnecessary on NixOS, so no need for partOf
<Mic92>
matt_r_: extra-binary cache might be only allowed by trusted nix user
<sphalerite>
infinisil: well by that logic wantedBy also wouldn't be necessary ;)
<Mic92>
matt_r_: you can copy symlink for nix.conf and create a new file with the correct url
<sphalerite>
infinisil: I don't know what PartOf actually does, but if it's necessary on non-nixos systems it's probably necessary on nixos too
<mfiano>
partOf is needed
<mfiano>
it tells systemd to stop the timer if the service is stopped :)
<matt_r_>
Mic92: I'd expect a specified flag for which no trust is there to output a warning.
<matt_r_>
Mic92: silently ignoring user input is not cool.
<asymmetric>
how can i know which version of rustc is in nixpkgs-unstable? the expression has "inherit version", not sure where to look for that
<sphalerite>
matt_r_: yes, it's a known issue.
<sphalerite>
asymmetric: nix-instantiate --eval '<nixpkgs>' -A rustc.version
<asymmetric>
mind: blown
<infinisil>
mfiano: I see, alright
<infinisil>
I'll keep partOf in my timer example then :)
<mfiano>
infinisil: Thanks a lot. my backup script is firing off at the time i tell it to
<mfiano>
What does everyone prefer for remote backup solution? I'm considering ditching my VPS and going for B2
<Mic92>
mfiano: borgbackup
<sphalerite>
zfs!
<mfiano>
Mic92: Well yeah, that's what i'm using
<mt_caret_>
What's the idiomatic way to discover libraries for a language in Nix?
<mt_caret_>
Someone I know is designing a language, and it currently has no package
<mt_caret_>
manager (like npm, pip, gem, etc.), so I wondered if I could create it with
<infinisil>
mfiano: zfs!
<mt_caret_>
Nix. Any ideas?
<matt_r_>
mfiano: depends on data volume.
<Mic92>
zfs is horrible backup tool
<Mic92>
maybe with rsync on top
<infinisil>
Well not zfs directly, but software around zfs
<sphalerite>
mt_caret_: excellent choice! ;)
<matt_r_>
Mic92: To backup ZFS, ZFS tooling is hard to beat (not counting completely distributed proprietary systems).
<Mic92>
mt_caret_: nix-locate or nix search (the latter is part of nix 2.0)
<mt_caret_>
Mic92: can you elaborate?
<mfiano>
I'm not interested in backups at the filesystem level. I use btrfs for a just-in-case scenario. The only data I backup lives in my homedir subvolume, and it can span hundreds of gigs at times
<matt_r_>
Mic92: I added my user to the trusted list, but I still get the same message.
<sphalerite>
mt_caret_: I think simpson is working on a language called monte, which uses nix as a package manager
<sphalerite>
matt_r_: you may need to restart the daemon
<matt_r_>
sphalerite: just to clear, are you talking about the daemon on my local (deploying machine), or some remote one?
<sphalerite>
matt_r_: the one where you added yourself as a trusted user
<matt_r_>
sphalerite: I have the impression that download-from-binary-cache.pl: still waiting for ‘https://cache.nixos.org/nix-cache-info’ after 5 seconds.. runs on the remote machine.
<matt_r_>
sphalerite: I restarted the local daemon and no change.
knupfer has joined #nixos
<matt_r_>
sphalerite: on the remote machine deployment already runs as root, which is a trusted user.
rindvieh has quit [Remote host closed the connection]
<sphalerite>
ok idk in that case
<mt_caret_>
sphalerite: Thanks! I'll take a look. Well, I'm not sure how exactly how for example python.withPackages works (as in how Nix wires python so it knows where each package is), so I peeked in the source to find something that looks like a terrible hack; I'm sure a language designed to be Nix-friendly will be much easier to integrate.
<mt_caret_>
Mic92: Thanks!
darlan has joined #nixos
<sphalerite>
mt_caret_: right :) well the essence of how information gets from nix evaluation to instantiation is through environment variables
<sphalerite>
http://monte.readthedocs.io/en/latest/packaging.html this looks like it explaisn how monte works with nix. I don't actually know much about it though, so simpson would be the one to ask if you want to know more about that
<sphalerite>
I think there's one or two other languages which use nix as their package manager from the ground up, but I don't know which ones off the top of my head
<matt_r_>
Mic92: if I understand you correctly, there is no way to use a different cache during the first deployment?
knupfer has quit [Ping timeout: 240 seconds]
<matt_r_>
Mic92: unless, I patch nixops myself that is.
iyzsong has joined #nixos
<matt_r_>
Now I have yet another issue (old one might still exist): it says remotemachine.....................> copying 44 missing paths (1.61MiB) to root@<ip> and it just hangs there forever.
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tertle||eltret has joined #nixos
xcmw has joined #nixos
kitemikaze has quit [Read error: Connection reset by peer]
kitemikaze has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] xnaveira opened pull request #36212: ansible: init at 1.9.4 (master...ansible19) https://git.io/vAyiX
MercurialAlchemi has quit [Ping timeout: 265 seconds]
matt_r_ has joined #nixos
<sphalerite>
nice error message :D
<matt_r_>
Anyone still an idea regarding this ...........> download-from-binary-cache.pl: still waiting for ‘https://cache.nixos.org/nix-cache-info’ after 5 seconds...
MercurialAlchemi has joined #nixos
<sphalerite>
matt_r_: is the device runnign nixos?
oahong has quit [Ping timeout: 256 seconds]
<matt_r_>
sphalerite: yes, deploying laptop and all target AWS systems.
<matt_r_>
sphalerite: I can ssh into the servers.
oahong has joined #nixos
<sphalerite>
probably not incredibly helpful but maybe stracing the download-from-binary-cache.pl process could enlighten us
<matt_r_>
sphalerite: on the machine where this perl thing doesn't work.
<matt_r_>
sphalerite: the process download-from-binary-cache.pl doesn't exist.
<matt_r_>
sphalerite: at least, not on the server.
<clever>
matt_r_: can you pastebin the whole `ps -eH x`
<matt_r_>
clever: on the server?
<clever>
yeah
xcmw has quit [Ping timeout: 260 seconds]
<disasm>
anyone else getting hash mismatches when installing corefonts on a new system? I just removed it, don't really need them, but was interesting error when I ran `nixos-rebuild switch` after a wipe of the system that worked fine yesterday :)
<sphalerite>
disasm: probably an upstream URL changing its contents under our noses?
rindvieh has joined #nixos
<sphalerite>
step 1. blame microsoft
<matt_r_>
disasm: if you change your configuration and your cache isn't there anymore, this can happen.
<clever>
matt_r_: yeah, nothing is running at all
<disasm>
that's what I was thinking :) but didn't see any open issues. I think I'm going to just leave them out, don't really need them anymore.
<clever>
disasm: double-check that nixos is still in /etc/nix/nix.conf
<sphalerite>
they're nonfree as well aren't they
<disasm>
sphalerite: yeah, so binary caches won't have them.
<matt_r_>
clever: weird thing is that this configuration worked fine yesterday.
<clever>
matt_r_: try ctrl+c and re-deploy?
<sphalerite>
infinisil: yo we need your url checker ;)
<matt_r_>
clever: have done that 5 times already.
<disasm>
I might make a PR though to help other people out :)
<clever>
matt_r_: and if you do the same ps at the laptop?
<infinisil>
sphalerite: You're so right..
<infinisil>
sphalerite: oh but the thing i did doesn't check for changed contents
<infinisil>
And I don't think that's feasible, since it would require downloading every single url of nixpkgs..
<sphalerite>
oh, just for 404s?
<sphalerite>
fair enough
<infinisil>
It checks for https versions first, then follows redirects, and spews errors when there's a 404
rindvieh has quit [Ping timeout: 240 seconds]
<infinisil>
or some other error
coot has joined #nixos
kelleyNif has joined #nixos
<etu>
infinisil: HTTP HEAD might help? But I guess it's third party endpoints. Many places doesn't respond very well to that :/
<sphalerite>
etu: AFAIU that's what it does
<matt_r_>
clever: I see some ssh lines connecting with those control socket settings.
<sphalerite>
etu: but that doesn't help with checking the contents
<matt_r_>
clever: getting control sockets right is not that easy, and perhaps it doesn't work in nixops?
<etu>
sphalerite: :/
<viric>
how did brotli come into nix?
<adisbladis>
matt_r_: I'll push a fix for your seth issue in a minute
<gchristensen>
viric: what do you mean?
Ross has quit [Ping timeout: 240 seconds]
<matt_r_>
adisbladis: wrong person.
<sphalerite>
infinisil: actually not sure everything would need to be redownloaded each time, if we trust servers to respond to Cache-Control/If-Modified-Since correctly
<viric>
gchristensen: why brotli and not something else?
<viric>
brotli is good for english text iirc
<adisbladis>
matt_r_: Sorry :/
<viric>
basically.
<adisbladis>
asymmetric:: I'll push a fix for your seth issue in a minute
<infinisil>
sphalerite: Ah right, a possible feature for the future
Ross has joined #nixos
<sphalerite>
viric: designed for webfonts AFAIK
<infinisil>
I'll try to finish the url verifier this weekend
<sphalerite>
I don't think those are english text :D
<matt_r_>
adisbladis: (well, it' s better than not telling you, right? I.e., no need for the emoticon)
<viric>
sphalerite: maybe they have some english-like tag language?
<electrocat>
nix always insists that i need channels_root in my .nix-defexpr, why is that? i remove it because it gives warnings but it always comes back
<gchristensen>
viric: looks like brotli is used for logs primarily, which is english-esque
<sphalerite>
electrocat: probably because your NIX_PATH refers to it
<clever>
matt_r_: ive never had issues with the master socket nixops uses in ssh
<clever>
electrocat: why does it give you warnings?
<gchristensen>
matt_r_: same, the socket work nixops does has worked nicely for me on small and large deploymenets
<electrocat>
clever: something with name collisions
astrofog has joined #nixos
<clever>
electrocat: thats because you have channnels with colliding names on your user and root, check nix-channel --list with and without root
<viric>
gchristensen: yes, I know, only logs.
<matt_r_>
gchristensen: I found the problem. The security groups allowing ssh access are not applied as they should.
<gchristensen>
classic AWS problem :P
<electrocat>
clever: it's the same
<matt_r_>
I don't know why this happens, however.
<viric>
gchristensen: I also remember it being very slow. Maybe that changed
<clever>
electrocat: it shouldnt be
lord| has quit [Quit: WeeChat 2.0.1]
<clever>
electrocat: remove the channel from the non-root user
<viric>
gchristensen, sphalerite: basically, I really like zstd.
<matt_r_>
gchristensen: it worked 50 times, but stopped working when I added an elasticIP.
<viric>
which is more general purpose than the brotli tuning for English
<gchristensen>
viric: is it magically compatible like brotli?
<viric>
gchristensen: with what?
<electrocat>
clever: root doesn't really need access to nix, so i should instead remove the channel from root?
<clever>
electrocat: what OS is this?
<electrocat>
gentoo
<electrocat>
not using nixos
fxr has joined #nixos
<viric>
brotli is good for small files english-like: "e8186085e07104d4b844208613c2d704b5b57dec,
<viric>
sorry
<viric>
I meant to link: "Unlike most general purpose compression algorithms, Brotli uses a pre-defined 120 kilobyte dictionary, in addition to the dynamically populated ("sliding window") dictionary. The pre-defined dictionary contains over 13000 common words, phrases and other substrings derived from a large corpus of text and HTML documents"
<clever>
electrocat: multi-user install?
<gchristensen>
viric: isn't brotli just a different implementation of the gzip format?
<electrocat>
clever: yep
<viric>
gchristensen: no no!
<clever>
electrocat: ah, then the root channels are also the default for all other users
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra pushed 1 new commit to master: https://git.io/vAy1Y
<gchristensen>
oh, I must have misunderstood "which is a zlib-compatible implementation of the standard gzip and deflate specifications"
<clever>
electrocat: so id still remove it from the non-root user
<electrocat>
clever: but then i would have to do nix-channel --update with root?
<electrocat>
which i don't want
<viric>
gchristensen: that's ZOPFLI. not Brotli.
<gchristensen>
ahhhh
<clever>
electrocat: ah, then just remove it from root
<electrocat>
ok :)
<electrocat>
tnx
<gchristensen>
viric: can firefox / chrome automatically inflate zstd?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] shlevy opened pull request #1938: keep-paths: keep store paths alive without touching the filesystem. (master...keep-paths) https://git.io/vAy1n
NixOS_GitHub has left #nixos [#nixos]
Rusty1_ has joined #nixos
<viric>
gchristensen: the same as xz
<viric>
:)
<viric>
gchristensen: zstd is general purpose, brotli is tuned for things like html, js, ... for the web.
<gchristensen>
ah cool
<viric>
"the same as xz" means "no"
<viric>
brotli is really bad with big files.
<matt_r_>
gchristensen: shouldn't the deployment.ec2.securityGroupIds setting be applied as one of the first things in the configuration? I am not seeing any output from nixops saying that it is applying those security groups.
<viric>
(slow for little or no win, specifically
<viric>
Of course, it is the best thing available in browsers, though.
<viric>
Because google.
<gchristensen>
love me a monopoly
rauno has quit [Remote host closed the connection]
<matt_r_>
Are the securityGroupIds actual "ids" like in Terraform and the AWS-API? How do I compute an "id" from a resources.ec2SecurityGroups.mygroup ?
<viric>
zstd is always very fast decompressing, but you can tune compression with a big span of fast/slow, from lz4-like speed to better than xz compression
<viric>
gchristensen: btrfs included zstd recently. :)
<viric>
I don't think btrfs would include brotli.
<clever>
matt_r_: i believe its a name from when you created it
<matt_r_>
clever: so, what do I need to pass as a concrete value to something which expects a list of those "ids"?
<clever>
matt_r_: so you have to set resources.ec2SecurityGroups.mygroup at another point, and specify what is in the security group
<clever>
and then you can refer to it
<matt_r_>
clever: the question is "how to refer to it"?
<clever>
the deployment accepts a resources parameter
<clever>
{ resources, ... }:
<matt_r_>
clever: OK, so the "id" is internal to nixops.
<the_real_plumps>
Hi there, I am trying to pinpoint a nix expression to a specific nixpkgs checkout, and no matter I do, I always end with a blabla lacks signature
<matt_r_>
clever: I though that was how it was supposed to work, but it actually doesn't.
<clever>
you installed the unstable one with nix-env, and now its having a small conflict
nschoe has joined #nixos
<clever>
nix-env -e nix
alexteves has joined #nixos
<nschoe>
Hi everyone.
<matt_r_>
What do I need to do to get ssh to come up?
<clever>
matt_r_: ssh should just come up on its own
<nschoe>
Just a quick question: is it normal that my `nix-env -u` takes forever, quite often. I see a few package downloads (fairly quick) and then I have literally *hours* of compilation. I was wondering if this was normal to have so much compilation.
<matt_r_>
clever: I have security groups to allow ssh-access and I use the ids, i.e. " sg-<hex>" to set it via securityIds as before.
<matt_r_>
clever: I really have no clue what else I am supposed to do, since this stuff worked yesterday just fine.
<the_real_plumps>
clever: okay this seems to be the right move, I thought nix would be globaly on 2.0 on 18.93
<the_real_plumps>
clever: okay this seems to be the right move, I thought nix would be globaly on 2.0 on 18.03
<clever>
the_real_plumps: yeah, that "release" is a bit confusing
<the_real_plumps>
clever: how to enforce it system-wide
<clever>
the_real_plumps: set nix.package = pkgs.nixUnstable; in configuration.nix
<nschoe>
sphalerite, I don't understand, I was tlaking about updating the installed packages with -u
<nschoe>
sphalerite, I do use -iA when _installing_ new package
<sphalerite>
nschoe: like nix-env -i without -A, nix-env -u will evaluate all of nixpkgs looking for derivations with names mathcing those you already have in your profile
drakonis_ has joined #nixos
<nschoe>
sphalerite, okay, so I should use -A with -u too? Like `nix-env -uA`? This will update all packages I have?
<sphalerite>
nschoe: one solution would be using an overlay like LnL's (linked in the wiki page) to declare your packages so make evaluation faster
<sphalerite>
nschoe: no, that's not a thing unforutnately
<nschoe>
sphalerite, hum well actually I don't think that's my problem. The real time consuming tasks for me is compiling. It's not findinf the installed packages.
<LnL>
the -u flag only works on installed stuff
<sphalerite>
nschoe: ah yes, that will do it also. Which channel are you on?
<nschoe>
sphalerite, I have 2: 'nixos' pointing to 17.09 and 'unstable' pointing to, well 'nixpkgs-unstable'.
rindvieh has joined #nixos
<Mic92>
matt_r_: I don't know
<sphalerite>
nschoe: are they up to date? And which packages are getting compiled?
<matt_r_>
clever: the example in the repository uses .name.
<matt_r_>
clever: anyway, I will refactor it a bit and perhaps that might help.
<elvishjerricco>
The docs for nix.useSandbox say that it's not enabled by default for performance reasons. How much slower is it? Is it just some added setup time (if so, how much?), or does it actually slow builds down?
<matt_r_>
The documentation also says that I can refer to ' .groupId' of a security group in aws, but when I actually try to use it, it says that it doesn't exist.
<sphalerite>
elvishjerricco: it's enabled by default on non-nixos linux systems now iirc
<sphalerite>
elvishjerricco: apparently the overhead is enough to make a noticeable difference for the many trivial derivations built as part of a nixos system
coot has quit [Ping timeout: 256 seconds]
<ottidmes>
clever: For sedutil to do its thing I cannot have access to the SSD, so far I have been rebooting into a LiveCD everytime I wanted to configure the SSD with sedutil (other than unlocking), but I was thinking, shouldn't I be able to use your rescue netboot example so that I can boot into that, do the configuration, and kexec back into the kernel on the SSD after I am done?
<Mic92>
matt_r_: maybe your can use a different bootstrap image?
<Mic92>
*you
reinzelmann has quit [Quit: Leaving]
the_real_plumps has quit [Quit: No Ping reply in 180 seconds.]
Ross has quit [Remote host closed the connection]
<srhb>
I think I got an explanation for this at one point, but forgot. Why is it that I can't refer to pkgs.path in imports? Consider if NIX_PATH is blank
the_real_plumps has joined #nixos
<infinisil>
overlays
<srhb>
What, it was possible before overlays? o_o
<infinisil>
Similarly packageOverrides, so prob no
<srhb>
Ah.
<sphalerite>
srhb: config modules can set nixpkgs.foo options which affect pkgs
<srhb>
Right.
freusque has quit [Quit: WeeChat 2.0]
<srhb>
Not being dependent on NIX_PATH is hard.
xcmw has quit [Ping timeout: 240 seconds]
<infinisil>
I think nix now has a pure mode, in which all impure things such as NIX_PATH and currentTime are disallowed
<srhb>
infinisil: Yeah, pure-eval
<srhb>
Which is awesome, but surprisingly difficult to use when <nixpkgs/nixos> is scattered around the place :-)
<srhb>
Actually... How does that even work. Doesn't restricted-eval (which I assume is part-way to pure-eval) work by restricting you from importing anything that's _not_ in NIX_PATH?
<mfiano>
i just discovered a nightmare of a problem with borgbackup
<gchristensen>
not backing up?
<infinisil>
__monty__: I estimate the chances of clever having an almost complete script for this at 70%
chrios has joined #nixos
<mfiano>
i was hoping that i could have a single backup repository for multiple hosts, with different archive prefixes, so that the deduplication could be shared for a huge win. this is not feasible though, because when one client is writing it obtains a lock, and other clients are blocked. i have no sane way to deploy my backup script to multiple hosts and ensuring that the hourly jobs don't conflict with each other
<gchristensen>
are clients blocked-and-waitingh?
<mfiano>
no they are disconnected
<gchristensen>
ouch
<BlessJah>
by default they fail, you can setup timeout though
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy opened pull request #36216: haskellPackages.callCabal2nix: Depend on the expression. (master...callCabal2nix-retain-ifd) https://git.io/vAyQS
<BlessJah>
that's quite an old feature, should be there
<mfiano>
grepping returns nothing
<BlessJah>
borg help create | grep lock-wait?
halfbit has quit [Ping timeout: 276 seconds]
<BlessJah>
mfiano: I had to back up 10 nodes with 10 VMs each, decided to go with per-VM repository.
<mfiano>
my fault. i have 6 machines open in front of me and ran it on an Arch Linux box...the manpage is considerably different
<BlessJah>
you may win some space with FS that'd support dedup and compression but you'd disable borg compression and encryption
ploud777[m] has joined #nixos
<infinisil>
Zfs compression makes it so my /nix/store is less than half the size of it's actual content :)
vandenoever has quit [Ping timeout: 252 seconds]
chpatrick has joined #nixos
yegortim1 has quit [Ping timeout: 255 seconds]
kelleyNif has quit [Quit: Leaving.]
<mfiano>
as does btrfs :)
mizu_no__ has joined #nixos
mizu_no__ has quit [Client Quit]
<mfiano>
2.5x last time i checked, using zstd compression
<BlessJah>
infinisil: do you do the hardlinking trick as well?
mizu_no__ has joined #nixos
mizu_no__ has quit [Client Quit]
<infinisil>
BlessJah: yeah, (it's called optimize store)
kelleyNif has joined #nixos
<infinisil>
mfiano: do you have auto optimize store enabled?
<BlessJah>
yeah, tried to remember and figured out I forgot to add it to my upgrade scripts
<mfiano>
infinisil: no i choose to do that manually
yegortim1 has joined #nixos
<infinisil>
mfiano: hmm, maybe that's part of the reason of the difference between my 2.1x and your 2.5x compression ratio
<mfiano>
i see similar results in non-store data
<mfiano>
i don't think that has anything to do with it
<__monty__>
Do btrfs/zfs compress by default?
<infinisil>
Heh, so you're saying zstd can compress better than the default zfs encryption?
rindvieh has quit [Ping timeout: 240 seconds]
<infinisil>
__monty__: zfs does not by default, but it's super easy to enable
<adisbladis>
__monty__: Not by default no.
<xnaveira[m]>
hi i'm packaging this python module and i got it working with all its dependencies in buildInputs, now if i want to use it i have to separatedly install those dependencies in the environment. My question is, is that how is supposed to work or is there a way to handle dependencies at run time, ie if i run "nix-env -p thePackage" all the dependencies will be installed without me needing to add all the "-p dependecy1 -p
<xnaveira[m]>
dependency2" etc ?
rindvieh has joined #nixos
<mfiano>
No, I've never tried zfs, but I would ssume it depends on the dataset
<infinisil>
xnaveira[m]: you should use buildPythonPackage and propagatedBuildInputs, see for examples in nixpkgs
knupfer has quit [Remote host closed the connection]
knupfer has joined #nixos
astrofog has quit [Quit: Quite]
<infinisil>
mfiano: Yeah, but it could very well be that zstd compresses stuff better than lz4 (the default zfs compression i think)
acarrico has joined #nixos
<michiel_l_>
xnaveira[m]: You need propagatedBuildInputs
<michiel_l_>
These are build inputs that are available during runtime as well
<mfiano>
infinisil: bear in mind that on average lz4, which btrfs doesn't support, compresses a little bit worse than lzo on that chart
<infinisil>
mfiano: ah right, it's a tradeoff
<infinisil>
I'm rather short on the speed side though, so lzo is prob the better choice for me
simukis has joined #nixos
<infinisil>
(Bit offtopic for #nixos though :))
<mfiano>
Fair enough :)
ThatDocsLady has quit [Remote host closed the connection]
ThatDocsLady has joined #nixos
<ryantm>
Mic92: How about lib.semver.major, lib.semver.minor, and lib.semver.majorMinor
attila` has joined #nixos
acarrico has quit [Ping timeout: 256 seconds]
<Mic92>
ryantm: would also work I guess.
MercurialAlchemi has quit [Ping timeout: 276 seconds]
acarrico has joined #nixos
erasmas has joined #nixos
<shlevy>
Created #nix-core
<Mic92>
#nixos -> #nixos-dev -> #nix-core :)
<deanman>
Hi, I've installed a fresh copy of Nix and I'm trying to follow the pills and install my first derivation but i get an error message saying "nix-repl matches no derivations"
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] 7c6f434c pushed 3 new commits to release-17.09: https://git.io/vAybJ
<NixOS_GitHub>
nixpkgs/release-17.09 036bcb7 Michael Raskin: xscreensaver: 5.36 -> 5.37...
<NixOS_GitHub>
nixpkgs/release-17.09 7ac8557 Matthew O'Gorman: xscreensaver: 5.37 -> 5.38...
<NixOS_GitHub>
nixpkgs/release-17.09 f36b701 Michael Raskin: Merge pull request #36208 from tokudan/1709_xscreensaver...
NixOS_GitHub has left #nixos [#nixos]
<goibhniu>
hi deanman, what command are you running?
<deanman>
goibhniu, `nix-env -i nix-repl`
<deanman>
Please note that I'm behind a corporate proxy so it could be network related
<disasm>
ah, looks like more sourceforge problems with the corefonts issue. HTTP/1.1 302 Moved Temporarily from any of the font urls causing infinite loop.
<disasm>
I realized it when I started changing the hashes and all of the hashes were the same :)
<chpatrick>
in a nixos module, is it possible to copy an option declaration from another module?
<chpatrick>
because I want to make some options that are just passed through to another module
<goibhniu>
deanman: what does `nix-channel --list` say?
<chpatrick>
and ideally I would just copy their schema
detran` has quit [Remote host closed the connection]
<chpatrick>
like options = { myOpt = options.otherModule.myOpt; }
<sphalerite>
disasm: I wonder if sf will ever get their stuff together again…
<the_real_plumps>
clever: thx for helping me with the nix cli option, it works now
<deanman>
goibhniu, I just followed the pill and used "curl https://nixos.org/nix/install | sh" to install. Is it by default pointing to unstable/latest builds?
halfbit has joined #nixos
<goibhniu>
deanman can you run `nix-info`?
pie_ has joined #nixos
<deanman>
goibhniu, not available as a command, can see build, channel, collect-garbage, etc.
<goibhniu>
deanman: how about `nix-env --version`
<deanman>
goibhniu, 2.0
<disasm>
chpatrick: have you tried just using otherModule.myOpt in your module?
amf has quit [Quit: WeeChat 2.0.1]
<chpatrick>
disasm: where can I get otherModule?
<goibhniu>
ah, I'm still on 1.11 ... does `nix repl` work?
cement has joined #nixos
<goibhniu>
deanman: ^^
<deanman>
goibhniu, Yes it does
<disasm>
chpatrick: err wait, I think it should be config.otherModule.myOpt
<chpatrick>
disasm: but the config is like the output of the module right?
<chpatrick>
I want the schema
<goibhniu>
deanman: hopefully the pills still work well enough with 2.0
<deanman>
goibhniu, probably pills documentation not updated to latest
fragamus has joined #nixos
<deanman>
goibhniu, how could i go and point channel to a stable release or even install a stable one from scratch ?
<goibhniu>
deanman: if you like, you can change to nix 1 for going through the pills
<goibhniu>
deanman: you can use the release channel
<joko>
Is it possible to get the packages of a system derivation retrieved by eval-config.nix?
attila` has quit [Ping timeout: 240 seconds]
<sphalerit>
chpatrick: yeah. I'm not sure if the schema definitions allow recursion like that though
matt_r_ has quit [Ping timeout: 260 seconds]
<goibhniu>
deanman: nixos-17.09
<disasm>
chpatrick: an example would be something like nixos/modules/services/audio/ympd.nix. services.ympd.port defaults to the port set for services.mpd.network.port: default = config.services.mpd.network.port;
<chpatrick>
disasm: right, but the problem isn't copying the value, it's copying the declaration of the options
<clever>
the_real_plumps: your welcome :)
<goibhniu>
deanman: I think that's still configured in ~/.nix-channels
<abathur>
looking to get myself set up to hack on a project (Doxygen--the actual software, not the nixpkg), but I'm a little unsure whether I should be writing my own derivation in shell/default.nix, or piggybacking on the existing derivation in nixpkgs?
<clever>
TonyTheLion: i always put /nix on its own zfs dataset
ericbmerritt_ has quit [Ping timeout: 240 seconds]
georgew has quit [Read error: Connection reset by peer]
dvim has quit [Read error: Connection reset by peer]
ghuntley has quit [Read error: Connection reset by peer]
harms has quit [Read error: Connection reset by peer]
<TonyTheLion>
clever: but is that some kind of a config option to tell it where to put /nix?
<deanman>
goibhniu, I see that 17.09 is the stable one but when i installed nix by default it setup an unstable channel. Is that OK ?
<goibhniu>
deanman: well, you can change the channel and then replace nix 2.0 with nix 1
<clever>
TonyTheLion: if your using nixos, you have to set fileSystems."/nix" = { ... to configure it to mount on bootup
harms has joined #nixos
ghuntley has joined #nixos
<TonyTheLion>
clever: I am using nixos
<deanman>
goibhniu, I think I'm testing your patience, is there some documentation on how to install nix 1 ?
<clever>
TonyTheLion: thats also something you usually can only change at install time
<TonyTheLion>
clever: oh
fxr has quit [Ping timeout: 276 seconds]
monad_cat has joined #nixos
dvim has joined #nixos
<goibhniu>
deanman: not at all. So you change that URL in ~/.nix-channels, run `nix-channel --upgrade` and then `nix-env -i nix-env` (I think)
<clever>
TonyTheLion: i have changed it after install, but you need enough free space to make the partition, and you have to move the data over while booted into a recovery mode
rindvieh has quit [Remote host closed the connection]
{`-`} has joined #nixos
<mfiano>
How do I use nix-repl to query my config values again?
ericbmerritt_ has joined #nixos
<deanman>
goibhniu, maybe i forgot to mention that I'm install nix on my Ubuntu and that i do not run a full NixOS
jmeredith has joined #nixos
<goibhniu>
deanman: yeah, that's fine
<clever>
mfiano: nix-repl '<nixpkgs/nixos>'
<mfiano>
Sigh, I did '<nixos/nixpkgs>' and was wondering why so many variables were imported
knupfer has quit [Ping timeout: 256 seconds]
<clever>
TonyTheLion: while booted into a recovery environment, you need to move the contents of /nix to the new partition, while preserving all ownership bits, then mount the original rootfs to /mnt and the store to /mnt/nix, then `nixos-install --chroot`, fix configuration.nix, and `nixos-rebuild boot`
<clever>
TonyTheLion: and if you have a boot partition, that should be at /mnt/boot/
<clever>
mfiano: <nixos> gives the channel named nixos, and nixpkgs is a symlink to . within that
phdoerfler_ has joined #nixos
<clever>
mfiano: so <nixos/nixpkgs/nixpkgs/nixpkgs> is the same as <nixos>
<goibhniu>
deanman: what I was describing was how to change from the unstable channel to the release (which has nix 1), and then install nix-env, to downgrade your version
<deanman>
goibhniu, decided to uninstall and follow again instruction on how to install it, if i end up in the same situation i will use your tips
<goibhniu>
kk
<phdoerfler_>
let me ask differently. How do I just execute a nix expression for its side effect?
<deanman>
goibhniu, ideally the install script should have installed the latest stable release, no?
<sphalerite>
phdoerfler_: they shouldn't have side effects!
<sphalerite>
besides creating a store path
<goibhniu>
deanman: well, yeah, 2.0 is the latest release of nix, but there's an older version in the nixos release channel
<phdoerfler_>
sphalerite: borgbackup wants me to execute `borg init ...` once before I can execute `borg create ...` later. The init part creates a directory and puts some files in it. Is doing this not a side effect?
<sphalerite>
phdoerfler_: sure, but it's not a side effect of the nix expression
<sphalerite>
phdoerfler_: since stuff like a backup repository is inherently stateful, I'd recommend just doing it manually
<phdoerfler_>
sphalerite: but I am so close to having it fully automated by nix
<phdoerfler_>
I can't give up now :p
<abathur>
to hack on a local copy of Doxygen I had before moving to nixos--since Doxygen happens to already be in nixpkgs--I guess I should be writing a shell/default.nix in the directory that overrides the doxygen derivation in nixpkgs? probably to override the src attribute and add an env?
<deanman>
goibhniu, your last message confused me a wee bit but hey thanks for the help so far
<BlessJah>
I have borg init || true in my backup scripts
<phdoerfler_>
BlessJah: that's basically what I got so far, too. I was hoping for something less hacky
<phdoerfler_>
only I just use ; instead of ||
<BlessJah>
set -e :>
<goibhniu>
deanman: ah sorry. It will be much clearer when you work through the pills
<BlessJah>
a habit
<joko>
clever: system.extraDependencies requires packages, so I cannot use it for a toplevel system attribute, do you have any idea how to use it?
<phdoerfler_>
BlessJah: I want this to be a one liner cron job
<NixOS_GitHub>
nixpkgs/master 004a59f Jon Banafato: corebird: 1.7.3 -> 1.7.4
<NixOS_GitHub>
[nixpkgs] jtojnar pushed 1 new commit to master: https://git.io/vAyx8
<clever>
phdoerfler_: one-shot systemd units that check for the existance of the resource they create
<deanman>
goibhniu, ok doing a fresh install i can see it downloading the nix-2.0-x86_64 tarball
rindvieh has joined #nixos
<goibhniu>
deanman: yeah
<phdoerfler_>
clever: I see, thanks!
hyper_ch2 has quit [Quit: Page closed]
<deanman>
goibhniu, is that supposed to set unstable channel by default or did i mess up somehow my previous installation by trying something that i don't recall ?
<NixOS_GitHub>
[nix] edolstra pushed 2 new commits to master: https://git.io/vAypG
<NixOS_GitHub>
nix/master ad97d1a Michael Fiano: nix-channel grammar and punctuation...
NixOS_GitHub has left #nixos [#nixos]
petar has joined #nixos
<sebboh>
I'm setting up my first nixos machine. I'm being prompted for a root password by `nixos-install`. On my linux machines, I like to leave the root password disabled (Debian style). Then I just use my user account and sudo when I need it. I know how to set that up post-install by simply disabling root's password, etc.. but can I set it up like that via configuration.nix?
<deanman>
goibhniu, would you know how proxy is configured in nix-* ? Are proxy env. vars honored ?
<clever>
deanman: for channels, it should honor them
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nix/master aa8bbbf Shea Levy: Merge branch 'write-failure-fixes' of git://github.com/lheckemann/nix
<NixOS_GitHub>
[nix] shlevy pushed 2 new commits to master: https://git.io/vAypr
<sphalerite>
sebboh: users.users.root.hashedPassword = "x" should do it as well I think
<sebboh>
ah now we're talking!
ertes-w has quit [Remote host closed the connection]
<mfiano>
How would I define a config for a laptop with wifi roaming?
<sphalerite>
sebboh: actually I think "!" is a better value than "x", since that's the value it seems to use in /etc/shadow for other users with no password
LysergicDreams has quit [Ping timeout: 265 seconds]
<sphalerite>
mfiano: you have quite a few options
<mfiano>
Suppose I had 2 networks, and I want it to poll and connect to whichever one is available. In this case, one of them would be a home network with a static ip. The other would be my phone's hotspot with dhcp.
<jonge>
does anybody know of blog articles or similar that explain how to compile a c/c++ project under linux cross for windows targets? i hope that there is the possibility to inject mingw stuff into stdenv somehow?
asymmetric has quit [Quit: Leaving]
<sebboh>
sphalerite: my memory is murky on this topic, but I think there may be more than one specially interpreted character for that field. Like, what's the different between "no password" "empty password" and "invalid password"? ...I could be wrong here, I'll have to check the manual.
<sphalerite>
mfiano: 1) wpa_supplicant configured statically through networking.wireless.networks; 2) wpa_supplicant configured statefully by manually editing /etc/wpa_supplicant.conf (I use this one for my laptop where I don't really want my uni login, used for eduroam, exposed in the nix store); 3) network-manager
halfbit has quit [Ping timeout: 260 seconds]
<mfiano>
I was spoiled by netctl on Arch that did all that and more, but it's not available here
<sphalerite>
sebboh: man 5 shadow says " the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).
<sphalerite>
mfiano: there's also connman but I don't like that because bleh intel NIH crap
<sebboh>
jonge: it is possible to use unix et al to build .exe files that successfully run on windows, yes. Sorry, I don't have a link. But I've heard of that being a thing. :)
<sphalerite>
sebboh: IOHK have just got haskell cross-compiled for windows using nix!
<sphalerite>
jonge: I got an application building with mingw through nixpkgs a while back as well, but it was very fiddly
<jonge>
sphalerite: fiddly in which sense?
<deanman>
sphalerite, ok thanks
<sphalerite>
jonge: lots of adjusting libraries to link statically mostly
hiroshi has quit [Ping timeout: 240 seconds]
Itkovian_ has joined #nixos
<deanman>
goibhniu, clever sphalerite thanks for kind help guys, was able to install it, switch to 17.09 stable channel and install my first package behind proxy
<deanman>
Cheers!
<jonge>
sphalerite: ok, but that does generally sound like "it's possible to make a parametrizable nix file"
<jonge>
right?
Itkovian has quit [Ping timeout: 265 seconds]
pxc2 has joined #nixos
<sphalerite>
jonge: do you have a nix expression for building it for linux?
<sebboh>
sphalerite: what is IOHK? And, neat. FYI I am building this nixos box specifically to get into Haskell. Since my usual Debian machines don't seem designed for it...
leothrix has quit [Ping timeout: 268 seconds]
<goibhniu>
deanman: yay!
<sphalerite>
sebboh: input-output-hk, the company that made that nix-hs-hello-windows thing :)
<sebboh>
Oh! That came up in my web search but I assumed it was unrelated, hah.
Itkovian has joined #nixos
<sphalerite>
sebboh: FWIW you can just as well use nix on ubuntu without nixos for haskell development. Although nixos is definitely worth using for other reasons :D
<pmade>
I'm using nix as a build tool with `src = ./.` but if I have a dirty working tree nix-build will copy it into the store. Is there something like fetchGit that works from ./git and doesn't require a SHA?
<jonge>
sphalerite: i have a nix expression that creates the right environment for then running nix-shell and "make" inside. i guess it would not be hard to make a full nix-build expression
<sebboh>
sphalerite: unfortunately I cannot do any such thing because I do not have an Ubuntu box. ;)
<NixOS_GitHub>
[nixpkgs] leenaars opened pull request #36225: stubby: init at 0.2.2 (master...stubby) https://git.io/vAyjU
NixOS_GitHub has left #nixos [#nixos]
pxc2 has quit [Ping timeout: 240 seconds]
<mfiano>
sphalerite: Are there even any good options on NixOS that don't require plaintext wpa keys in the store?
<pmade>
clever: Ah man! I'm on NixOS 17.09 so I don't have Nix 2 yet :(
<sebboh>
Can I query my running system to get a list of all configuration.nix variables that it knows of/checks for/
<sphalerite>
jonge: yeah if you just make one that builds it for linux, which should indeed be easy if you have a working shell drv, you should be able to make it build for windows by replacing the nixpkgs as appropriate
<sphalerite>
mfiano: yes, both 2 and 3 do that
<clever>
mfiano: leave /etc/wpa_supplicant.conf unmanaged by nix, and just manualy copy the file in after the install
<clever>
pmade: nix.package = pkgs.nixUnstable; to upgrade it
leothrix has joined #nixos
<clever>
sebboh: nix-repl '<nixpkgs/nixos>'
ryantm_ has quit [Ping timeout: 268 seconds]
<mfiano>
I haven't had to resort to using network-manager or manually editing wpa_supplicant.conf in over a decade. i wish arch's wifi tools were portable
<sphalerite>
sebboh: man configuration.nix
<clever>
mfiano: wpa_gui works on nixos and i think it can write to wpa_supplicant.conf for you
<sphalerite>
mfiano: editing wpa_supplicant.conf is pretty fire-and-forget for me
<mfiano>
clever: as long as it's cli
<sebboh>
sphalerite: thanks. What if a new variable is added and the manual isn't updated yet?
<clever>
sebboh: the man page is auto-generated from the nix expressions
<sphalerite>
mfiano: for PSK networks, just `wpa_passphrase $ssid $passphrase >> /etc/wpa_supplicant.conf` is enough
<mfiano>
sphalerite: does this support roaming with prioritized networks?
<clever>
mfiano: you can edit the wpa_supplicant.conf after the above cmd, to set a priority
<sphalerite>
mfiano: I think they're prioritised by order of appearance in the config file. Not sure though
<clever>
priority=10
<mfiano>
and if i lose connection will it auto-retry from the top?
<sebboh>
clever: ok, I tried nix-env -i nix-repl and that worked. Then nix-repl '<nixpkgs/nixos>' as you said. It gave me a repl and said "Added 6 variables." ...Then I hit C-d 'cause I don't know any commands for this repl.
<sphalerite>
ugh of course that's not mentioned in man wpa_supplicant.conf. Probably the worst manpage I've ever read
<sebboh>
clever: now we're talking. Thanks!
<sphalerite>
mfiano: it will automatically roam and retry. I don't know detilas of prioritisation though
<mfiano>
hmm ok thanks
<sphalerite>
I haven't had to prioritise networks so I don't know about that stuff, but I've never needed to touch the supplicant except to add new networks in the past 6 months or so
<sphalerite>
I consider it a "Just Works" thing
<mfiano>
is there a way to determine what my network interface name will be? enp4s0...how evil
<clever>
sebboh: the repl says :? for help, and you can just eval config.boot to see the config
<sphalerite>
mfiano: it's a lot more deterministic than eth0-style names actually :p
<sphalerite>
mfiano: but check out networking.usePredictableInterfaceNames
<simpson>
mfiano: What's evil about that? Blame your motherboard manufacturer for not laying out your board in a sane way~
<mfiano>
Because, I can see why that would be useful for a router, but it's not useful when you don't know the bus id or slot number when you have 1 interface
<sphalerite>
mfiano: then set networking.usePredictableInterfaceNames = false;
<clever>
mfiano: lspci tells you that info
<sphalerite>
:)
<mfiano>
assuming i wasnt configuring in a vm that lies
<simpson>
mfiano: IYSS, but IMO tools which assume that there's only one interface should have died in the 90s.
chreekat has joined #nixos
<deanman>
goibhniu, damn, apparently vim got installed (cached?) but `man` wouldn't cause it tries to download from http://cache and it fails probably due to proxy
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nix/nix-lang-experiments 64ea7cc Eelco Dolstra: Add an 'include' keyword...
<NixOS_GitHub>
[nix] edolstra created nix-lang-experiments (+1 new commit): https://git.io/vASvq
NixOS_GitHub has left #nixos [#nixos]
phdoerfler_ has quit [Quit: Page closed]
<goibhniu>
deanman: do you have the environment variables set up for the proxy?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra pushed 1 new commit to nix-lang-experiments: https://git.io/vASv0
<ottidmes>
Is it possible to build boot.loader.grub.extraInitrd as part of my config? I tried boot.loader.grub.extraPrepareConfig, but this is called after extraInitrd is used
Mateon1 has quit [Ping timeout: 268 seconds]
Mateon3 is now known as Mateon1
<deanman>
goibhniu, yes, a quick google search hinted that i might have to setup also CURL_NIX_FLAGS ?
<symphorien>
ottidmes: I am curious, what is your use case ?
<ottidmes>
One important note, it should not become available in the nix store
<tnks>
when doing a 'nix copy' to a caching server, it seems without GC roots, GC is kind of all-or-nothing.
<symphorien>
ah ok
<clever>
tnks: there is also nix-collect-garbage --max-freed 1G, which stops after 1gig, but its random which paths it deletes
<symphorien>
I guess nix cannot call any command outside of building a derivation, and from this build you can only keep what goes to $out
<ottidmes>
symphorien: I want boot.initrd.secrets for Grub, and hoped I could just leverage what already exists, because you extraInitrd also gives you this feature, so I planned to generate a initrd with my secrets and pass it as extraInitrd
<tnks>
clever: yeah, not exactly what we'd want.
<tnks>
but maybe? I suppose it's better than wiping out the whole cache and having to rebuild what we still want.
<ottidmes>
symphorien: Yeah, so you have to somehow find the right hook inside nixos's build process, to allow this kind of impurity
<deanman>
goibhniu, just my env. vars messed on a different terminal. Works just fine :-)
<tnks>
We're not using Hydra, but would that do a better job of this? allowing us to stop caching old builds?
<clever>
tnks: hydra automatically roots the entire build-time closure of every active job, and also acts as a nix cache
ThatDocsLady has quit [Quit: Leaving]
<tnks>
clever: and it's straight-forward to unroot active jobs?
<symphorien>
ottidmes: in my use case, my initrd is constant so... what do you want to include which is variable in your initrd ?
<tnks>
sorry, unroot inactive jobs, I mean.
<goibhniu>
deanman: cool!
<clever>
tnks: just remove the job from the release.nix file, and it will expire naturally
<tnks>
oh, I just realized I might not be speaking Hydra parlance.
<tnks>
job means "all the builds for a repository in source control?"
phdoerfler_ has joined #nixos
<symphorien>
btw, you mentionned extraPrepareConfig: if extraPrepareConfig create for example /boot/foo and you set extraInitrd to "/boot/foo" then everything is fine
<tnks>
or does "job" mean each individual build?
<clever>
tnks: with hydra, you give it a release.nix file, which returns an attr set of derivations to build
<phdoerfler_>
can I write this more concise? lib.optional (something != null) bla;
<symphorien>
/boot/foo does not need to exist when grub.conf is written but when you boot :)
<clever>
tnks: hydra then builds every derivation, and keeps the build-time closure rooted, so it can re-build new versions with minimal downloads
<ottidmes>
symphorien: Well what goes in the initrd will depend on what secrets my config sets. Right now they are not variable so I could do things manually, or I could alias my nixos-rebuild to first run some setup script of my configuration, but I would prefer if it was just part of my config
halfbit has quit [Ping timeout: 240 seconds]
<clever>
tnks: and in the hydra config, you can set it to root everything for the last X builds
<ottidmes>
symphorien: Hmm, of course! It is just a warning after all, thanks!
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nix/master 0413aeb Maximilian Bosch: search.cc: sort attribute names with `std::map`
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nix/master 3748a0c Shea Levy: Merge branch 'improve-search-algorithm' of git://github.com/Ma27/nix
<NixOS_GitHub>
[nix] shlevy pushed 2 new commits to master: https://git.io/vASfS
<symphorien>
I mean these secrets you cannot create them with nix, so when you update theses secrets, update the initrd
<tnks>
clever: okay, so it's doing more or less what I'd want.
<symphorien>
I have a Makefile for that
LysergicDreams has joined #nixos
<clever>
symphorien: there is something in nixos to handle that, at nixos-rebuild, it will generate a secondary initrd, and cat the 2 together
leat has joined #nixos
<tnks>
clever: the reason I stayed with Jenkins was because our build for the company does a company-standardized Docker push, and my guess was that Hydra wouldn't help much with that (a side-effect to an external system).
drakonis_ has quit [Remote host closed the connection]
szicari has joined #nixos
drakonis_ has joined #nixos
<clever>
tnks: but hydra can build docker images, so you just need an external script that does curl ... | docker load ; docker push
<ottidmes>
symphorien: I will just use: append-initrd-secrets /boot/grub/secrets-initrd.gz at boot.loader.grub.extraPrepareConfig and ignore the warning the first time around, so it will just build the secrets file as part of my nixos-rebuild :)
<tnks>
clever: I forget how the docker image building is done. Does the image get put in /nix/store?
<tnks>
for a while, people were saying to be wary of the Nix expression that created those images... but I don't know if that's still the case.
<ottidmes>
symphorien: boot.loader.grub.extraPrepareConfig = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets /boot/grub/secrets-initrd.gz"; seems to work :) I will just get a warning initially, that I can safely ignore
<tnks>
clever: is it easy to write meta-information into /nix/store adjacent to the docker image, so my scripts would now what tag to use when pushing the Docker image to Docker Hub?
<clever>
tnks: you would want to use pkgs.runCommand to create a directory containing that info, and a symlink to the image
coot has quit [Read error: Connection reset by peer]
<sphalerite>
phdoerfler_: not really. It's just a thin wrapper around mkDerivation
<clever>
phdoerfler_: basically, you can just runCommand "name" { buildInputs = [ foo ]; }; ''some bash code'';
<phdoerfler_>
ok but how do I put that into a nix expression?
<phdoerfler_>
and where do I get this stdEnv from and all that?
<clever>
phdoerfler_: both runCommand and stdenv are part of pkgs
rogue_koder has quit [Quit: Konversation terminated!]
<phdoerfler_>
clever: ok. How does `env` work? What are buildInputs?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] dtzWill opened pull request #1940: Move large buffer allocations to heap instead of stack (master...fix/avoid-large-stack-buffers) https://git.io/vASU8
NixOS_GitHub has left #nixos [#nixos]
<phdoerfler_>
I feel like I am missing some basic .nix knowledge
<clever>
phdoerfler_: buildInputs are the packages your bash code needs to run
<tnks>
clever: okay, this is all good to know. I'm kind of torn, because right now, Jenkins gives me plugins like GitHub OAuth, and Slack integration.
<tnks>
and I'm guessing those things aren't really there with Hydra.
<clever>
tnks: what does it need github oauth for?
<tnks>
not to mention Jenkins needing to build non-Nix stuff.
<tnks>
clever: well, Jenkins is much more mutable state than Hydra.
<clever>
yeah
<tnks>
so good point.
<mfiano>
if i enable acpid, do i have to write handlers for everything, or is there a script installed?
robstr has quit [Remote host closed the connection]
<phdoerfler_>
clever: ok. So as an example, say I want to call `rsnapshot configtest` to check if the config my nix file just made is syntactically valid. I'd do `something = pkgs.runCommand "configtest" { buildInputs = [rsnapshot]; }; ''rsnapshot configtest'';` ?
<tnks>
clever: does Hydra allow configuration through a web GUI? Or is it really all done via CLI config?
<clever>
mfiano: it already has power/lid/ac_adapter handlers
<mfiano>
thanks
<clever>
tnks: the hydra config is either thru the web gui, or json&nix files
<clever>
phdoerfler_: that will run the command in an empty directory, so it wont be able to read anything
<sphalerite>
mfiano: note that systemd-logind handles some of that stuff as well so you may get conflicts, I remember someone having issues with that recently
<clever>
phdoerfler_: you may need to copy the thing your wanting to read ingo . first
<mfiano>
sphalerite: Yup I know
<sphalerite>
oh yeah, is there a public archive of the mailing list that doesn't require javascript?
<sphalerite>
(-_- google groups)
<Guanin>
Can someone recommend me a good way to allow users to set their own password? On ssh I'm using ForceCommand to give the users only chrooted SFTP access, so I guess defining a subsystem won't work here
Tucky has quit [Quit: WeeChat 2.0.1]
<tnks>
clever: I don't know. there's some benefit to admin control with OAuth, but I can imagine not overthinking it too.
<tnks>
we just get super fatigued of every new system that needs it's own user registration.
<clever>
tnks: i think hydra can use github auth, but i havent looked at how its configured
<tnks>
and anonymous admin control can have issues with too many employees.
the_real_plumps has quit [Remote host closed the connection]
<tnks>
okay, I'll look later.
<phdoerfler_>
clever: ok. How do I get nix to run that command after it finished creating the thing I want to check?
<phdoerfler_>
clever: do I create a systemd unit or is there some other way?
<clever>
phdoerfler_: refer to the other nix expression in the bash code passed to runCommand
<clever>
phdoerfler_: and nix will always build that first, then the runCommand
<phdoerfler_>
clever: aaaah that's clever
civodul has quit [Quit: ERC (IRC client for Emacs 25.3.1)]
<phdoerfler_>
(sorry couldn't resist)
<clever>
phdoerfler_: the thing to keep in mind, is that it doesnt run the command outside of nix
<clever>
phdoerfler_: it is using that command to build a mini nix package
the_real_plumps has joined #nixos
drdaeman has joined #nixos
<phdoerfler_>
clever: yeah that's why I need to copy the file I want to check into there somehow first, right?
<tnks>
is it possible to make a Nix expression that reflects over the subdirectories of a path to help auto-generate key names of an attset?
<clever>
phdoerfler_: yeah
<phdoerfler_>
clever: ok thank you very much, I think I got it now! :)
<tnks>
My best answer right now is a non-Nix script that autogenerates the Nix expression.
<clever>
tnks: buildins.readDir i think can help
<tnks>
clever: nice!
raynold has joined #nixos
vaninwagen has joined #nixos
hiroshi has joined #nixos
coot has joined #nixos
halfbit has joined #nixos
humanoyd has joined #nixos
<phdoerfler_>
I'm writing my first systemd timer but systemd just ignores it. What's missing? http://dpaste.com/2GF45ZS.txt
<clever>
phdoerfler_: the startAt on a service auto-generates a timer, let me grab a full example
<sphalerite>
phdoerfler_: wantedBy = [ "multi-user.target" ]; on the timer
<clever>
phdoerfler_: when using startAt, the type and timers can be omited entirely
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] dtzWill opened pull request #1941: anchor vtables of exceptions, helps throwing across DSO boundaries (master...fix/anchor-vtables-exceptions) https://git.io/vASIT
NixOS_GitHub has left #nixos [#nixos]
<sphalerite>
phdoerfler_: also the enable = true; shouldn't be necessary, the enable option defaults to true and is only really there so you can remove existing units
timon37 has joined #nixos
<phdoerfler_>
sphalerite, clever: alright, thank you :)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nixpkgs/master 51857be Sander van der Burg: s3fs: 1.82 -> 1.83
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
[nixpkgs] svanderburg pushed 1 new commit to master: https://git.io/vASIK
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peti closed pull request #36204: release-17.09: update haskell package set to lts-9.21 plus latest versions of stack, cabal2nix, and git-annex (release-17.09...haskell-updates) https://git.io/vAyWL
NixOS_GitHub has left #nixos [#nixos]
rindvieh has quit []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nixpkgs/release-17.09 285c8ce Sander van der Burg: s3fs: 1.82 -> 1.83...
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
[nixpkgs] svanderburg pushed 1 new commit to release-17.09: https://git.io/vASI5
TonyTheLion has quit [Quit: Page closed]
sanscoeur has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ElGoreLoco has joined #nixos
kelleyNif has quit [Quit: Leaving.]
xcmw has joined #nixos
alunduil has joined #nixos
ElGoreLoco has quit [Client Quit]
<phdoerfler_>
do systemd timers send mail to MAILTO like cron does? The arch wiki says no but what does NixOS do?
ElGoreLoco has joined #nixos
<Dezgeg>
it should go to journald as usual
<drdaeman>
Excuse me. Anyone had a problem with `service.kubernetes` when everything works right after `nixos-rebuild switch` but after a reboot kube-dns fails to start because of what I believe are auth token issues, and you become system:anonymous?
ElGoreLoco is now known as jorge-jbs
xcmw has quit [Ping timeout: 256 seconds]
__monty__ has left #nixos [#nixos]
__Sander__ has quit [Quit: Konversation terminated!]
<srhb>
drdaeman: Which version is this?
<srhb>
drdaeman: And how did you "reboot" kube-dns?
<srhb>
You might have to just nuke the deployment/secrets and let the addon-manager recreate it.
<srhb>
Oh, a reboot of the nodes themselves? That's not good...
dnovosel has joined #nixos
<drdaeman>
I'm trying to set up K8s on my local desktop. Single-node setup, for development purposes only.
<srhb>
drdaeman: Which version of nixpkgs?
<drdaeman>
Currently I'm on release-17.09 + cherry-picked PR 33954 with kubernetes: 1.7.9 -> 1.9.1
<srhb>
drdaeman: Hum. I haven't experienced that myself. Might have to test further.
coot has quit [Ping timeout: 260 seconds]
<srhb>
That said I don't think I've actually had the entire cluster offline at the same time.
<drdaeman>
After nixpkgs-rebuild switch, everything boots perfectly. After a reboot (not doing anything else with k8s) I get kube-dns pods at 2/3 with CrashLoopBackOff
<drdaeman>
kube-apiserver mentions something about "Unable to authenticate the request due to an error: [invalid bearer token, [invalid bearer token, crypto/rsa: verification error]]"
<drdaeman>
And I can't access kubectl logs anymore, as I get "Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log kube-dns-5d585466b5-jtq99)"
<srhb>
drdaeman: What kind of auth did you set up?
rogue_koder has joined #nixos
<srhb>
drdaeman: Can you maybe share your kubernetes config? This seems like a pretty bad issue.
<drdaeman>
Sorry, I don't know. I haven't had any explicit setup, used the defaults. The whole by config is just `services.kubernetes = { roles = ["master" "node"]; kubelet.extraOpts = "--fail-swap-on=false --eviction-hard=memory.available<128Mi,nodefs.available<512Mi"; };`
<srhb>
Ah.. I've never tried the automagic roles things.
<drdaeman>
I'm newbie to k8s. Wish I knew more so I could diagnose this further :(
<srhb>
I'll see if my poor laptop can handle that.
<drdaeman>
If you have any snippet with explicit configuration I can try (I really don't care about auth for a dev machine - anything would work for me), I would like to.
* BlessJah
spends way too long on partitioning drives
<BlessJah>
again
<srhb>
drdaeman: Nothing really snippetable at the moment. Let me just try and enable that configuration in a container...
<drdaeman>
I was on release-17.09 (actually, a little bit different - I have a fork with a pair of custom packages, but I really believe I haven't changed anything significant) + `git cherry-pick a8f2ad6 bd0d934 f63604a bf58890 f44a81e`
<drdaeman>
I should really learn to use packageOverrides someday and get rid of my "local" branch...
<sebboh>
clever: thanks for the tip about the repl.
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<drdaeman>
clever: thanks a lot for the example. I haven't used overlays before (cloned nixpkgs worked well enough for me), but I feel that should certainly learn and use them.
halfbit has joined #nixos
<srhb>
drdaeman: disconnected for a while there. I'm wondering if the changes I made to the module are the problem. I think I enabled NodeAuthorizer by default without taking into account the automagic of the roles thing
<srhb>
Still building on my end though, didn't have anything resembling release-17.09 available...
reinzelmann has joined #nixos
pxc has joined #nixos
silver_hook has joined #nixos
silver_hook has quit [Changing host]
silver_hook has joined #nixos
xcmw has quit [Ping timeout: 240 seconds]
kelleyNif has joined #nixos
iyzsong has quit [Ping timeout: 248 seconds]
acertain has joined #nixos
<drdaeman>
srhb: thank you for your help! Maybe I should try to switch to something else than 17.09 on my side (master or some other tag) and try with that?
<srhb>
drdaeman: I don't think there's any sense in that currently. iptables 1.6.2 breaks kube in unstable, and I know of no other relevant changes anyway that you didn't get in that PR.
<srhb>
Not that I know the commit log by heart :-P
<drdaeman>
ok, thanks! :)
<srhb>
That e2e test is soooo long...
freeman42x]NixOS has joined #nixos
jorge-jbs has quit [Quit: jorge-jbs]
ElGoreLoco has joined #nixos
ElGoreLoco is now known as jorge-jbs
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy pushed 2 new commits to master: https://git.io/vASs4
<NixOS_GitHub>
nixpkgs/master 62a1abe Shea Levy: haskellPackages.callCabal2nix: Depend on the expression....
<BlessJah>
is it possible to find out which tty does ipmi SOL correspond to?
mizu_no__ has joined #nixos
PMS has quit [Ping timeout: 256 seconds]
<drdaeman>
BlessJah: I suppose you need to check BIOS/IPMI card settings. IIRC, e.g. on some Dells it was configurable (there was "COM1"/"COM2" option), so ttyS0 or ttyS1 respectively. If there are no settings for this, I guess I'd just run a bunch of gettys and figure out by hand.
<srhb>
drdaeman: Were you able to get logs before the restart? I can't seem to.
<BlessJah>
ttyS1, trick was to run agetty ttyS1, not /dev/ttyS1
<BlessJah>
drdaeman: thanks
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy closed pull request #36216: haskellPackages.callCabal2nix: Depend on the expression. (master...callCabal2nix-retain-ifd) https://git.io/vAyQS
NixOS_GitHub has left #nixos [#nixos]
<gchristensen>
some ARM hw runs it on ttyAMA0
<BlessJah>
and ftdi seems to be ttyACM0
<Dezgeg>
there is no real standard at all
<drdaeman>
srhb: which logs exactly? I don't think I have them but I can just try again.
<srhb>
drdaeman: You said you couldn't get logs from pods (system:anonymous error) -- was that only after a reboot or initially too?
<drdaeman>
Hm. I don't remember if I had tried to get logs before rebooting. Let me try...
drakonis_ has quit [Ping timeout: 256 seconds]
<maurer>
drdaeman: Unless you've told it not to, journalctl can access logs from previous boots
ryanartecona has quit [Quit: ryanartecona]
<drdaeman>
maurer: I got it this was about `kubectl logs`, not service log outputs. I think I haven't ran that before rebooting.
<srhb>
Because it looks to me like RBAC auth is on by default.
<drdaeman>
Hm. No. Even when k8s starts OK I still get system:anonymous.
<srhb>
Ah, good.
<drdaeman>
My bad, I guess it's just kubectl not configured at all. Wrong pointer.
<srhb>
drdaeman: I can reproduce the auth error from kubedns as well.
halfbit has quit [Ping timeout: 252 seconds]
chpatrick has quit [Quit: Connection closed for inactivity]
<drdaeman>
Awesome, I'll try now. (Have to reboot...)
hask_bee_3 has joined #nixos
<srhb>
drdaeman: It doesn't fix kubedns though, just the logs so far
<srhb>
Still investigating.
<drdaeman>
Ah
<hask_bee_3>
What are some great VPSs with baked-in NixOS support?
<hask_bee_3>
VPS providers
jensens has joined #nixos
<BlessJah>
AWS
<simpson>
hask_bee_3: There aren't any, really. nixops supports several public clouds, but no vendors explicitly give us support in return that I know of.
<hask_bee_3>
okay
PMS has joined #nixos
<simpson>
There's AWS, but friends don't let friends AWS. There's GCE, and it's alright, I guess. Azure is supported but I haven't tried it.
<gchristensen>
Hetzner Cloud makes it easy-ish I think to get NixOS?
<gchristensen>
Packet.net makes it trivial to get a super awesome dedicated NixOS box =) but $$
<BlessJah>
simpson: what's wrong with aws?
pxc2 has joined #nixos
<hask_bee_3>
BlessJah are their cheapest options as cheap as $5/month options of linode.com and digitalocean.com? they weren't last time i checked..
<simpson>
BlessJah: Prices are unfun, support is hilarious, machines are old, the lock-in is real, and I don't like buying services from unethical employers.
<gchristensen>
I think the cheapest is pretty low, like $7/mo
vandenoever has joined #nixos
<simpson>
Not that GCE or Azure are better here, but GCE's prices *are*
<simpson>
much better than AWS IMO.
timon37 has quit [Ping timeout: 256 seconds]
timon37 has joined #nixos
ryanartecona has joined #nixos
<BlessJah>
cheapest are comparable to $5-$10 range of DO
<BlessJah>
weaker or more expensive, but comparable
jensens has quit [Ping timeout: 256 seconds]
<gchristensen>
HetznerCloud has boxes for like 2.50 eu/mo
<BlessJah>
I'm comparing ondemand prices, GCE has nice auto-discount features
<simpson>
Yeah, I'm assuming that they're using nixops and they'll keep machines running for a while.
<srhb>
drdaeman: I think some weird default behaviour is happening. I *think* the service account key is regenerated (since it's not specified) at startup. However, since the secret for kubedns is persisted in etcd, it survives the reboot. So now it has a token (ie. it is not regenerated) but it's wrong from the apiservers perspective.
<srhb>
Why even generating service account tokens is sensible when no key file is provided is beyond me.
<drdaeman>
Ah, so the key is essentially ephemeral?
Judson1 has joined #nixos
<srhb>
Yeah exactly
<drdaeman>
That explains it!
<srhb>
So if you specify your own it will survive the reboot.
michas_ has joined #nixos
<srhb>
Otherwise just nuke the secret and then nuke the pod
<srhb>
It'll regenerate.
<srhb>
k8s is one gory certificate hell. :-)
<drdaeman>
Awesome, thanks a lot! I'll try generating PKI manually and provide it explicitly. I've previously only ran k8s with kubeadm, which managed everything on their own...
<srhb>
drdaeman: You're welcome. There's quite a lot of options to set but it can be done.
<srhb>
Actually, I ripped out some cert stuff from the test which might be handy.. Sec
<srhb>
ugh, guess not. Anyway, check out nixos/tests/kubernetes/certs.nix -- you can essentally get all the necessary cfssl stuff from there
<drdaeman>
I think as a first attempt, I'll just take files from /var/run/kubernetes while they still exist, put them somewhere durable and try setting apiserver.tls{Cert,Key}File %)
<srhb>
Makes sense.
<srhb>
Does the controller-manager default to the same ones?
<srhb>
I think that's the component that does the signing
<drdaeman>
Yes, ps says it also has --service-account-private-key-file=/var/run/kubernetes/apiserver.key on its command line
<srhb>
Righto. :)
ThatOtherGuy has joined #nixos
<drdaeman>
I need to check how this maps in the service definition, though. But I think it all defaulted to common cfg.keyFile or something like that...
mizu_no__ has quit [Quit: Computer has gone to sleep.]
<srhb>
I think kube itself does the defaulting to the tls keys if no serviceAccountKeyFile is given
<srhb>
So that'll be cfg.apiserver.tlsCertFile, tlsKeyFile, I think
coot has joined #nixos
<srhb>
Hm, no, looks like we;re defaulting that too
<srhb>
Along with the ca as well...
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 1 new commit to master: https://git.io/vASc6
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master d78739c Robert Helgesson: svtplay-dl: 1.9.7 -> 1.9.9
stphrolland has joined #nixos
kelleyNif has quit [Quit: Leaving.]
cacatoes has joined #nixos
grrrr_ has joined #nixos
<stphrolland>
Hi, I'm curious about the services.nix-serve.enable option which by default is false. Why is it not enabled by default ? Do you use it ?
<sebboh>
I just want to confirm that if I perform `nix-env -i emacs` as a user, and then perform the same command as root or another user afterwards, the system won't have to re-download anything. (Is caching of "packages" (is that the right term?) global?)
<ottidmes>
stphrolland: For privacy and security reasons you might not just want to open up your nix store by default
<MichaelRaskin>
Well, security reasons are somewhat overstated — one needs to guess the hash
<gchristensen>
stphrolland: because almost nothing is enabled by default
<Guanin>
sebboh, both users will be given that emacs package from /nix/store if it exists there (with the correct hash), so yes, it is global
<stphrolland>
ottidmes: ok, so I probably did not understood that. It means, if I compile the binary, they become available to the community ?
<MichaelRaskin>
But nix-serve is not the most CPU-efficient service to provide. It fits some situations and really really doesn't fit some others
<ottidmes>
stphrolland: No, you just open a local port on your machine
<MichaelRaskin>
stphrolland: nix-serve is a service that allows to download store paths by hash to everyone who can send you an http request
<ottidmes>
stphrolland: Without networking.firewall.allowedTCPPorts = [ 5000 ]; it will just be local to your machine
dgonyeo has quit [Ping timeout: 240 seconds]
<wilornel>
How do I update my version of nix-env?
<stphrolland>
ottidmes: and what would be the interest in having it only local to my machine ? a use case ?
<MichaelRaskin>
ssh port forwarding
dgonyeo has joined #nixos
<MichaelRaskin>
VMs
<ottidmes>
stphrolland: What MichaelRaskin suggests, I have used it like that
<MichaelRaskin>
I also have!
<tnks>
`nix build` is fine... maybe cleaner output and all, but nix-build conveniently outputs the store path, which is useful for scripting.
grrrr_ has quit [Quit: Page closed]
<tnks>
is the story that nix-build will stick around? Or will `nix build` just get more features over time?
<ottidmes>
stphrolland: But if you just want to share your cache between machines that can access each other via SSH, the ssh-substituter-hosts option of nix might be easier
<sebboh>
Guanin: and it appears that users can write to /nix/store via some mechanism, because I see a file in there matching a package I installed as a user. Great, thanks!
<MichaelRaskin>
tnks: in medium term, both
<drdaeman>
sebboh: as I understand it, nix daemon is running privileged, and serves user requests related to package management
<MichaelRaskin>
There is also nix eval that you could use after nix-build
<ottidmes>
stphrolland: I am trying everything out, I have tried nix-serve, ssh-substituter-hosts, and nixops most recently. And am now thinking about experimenting with nix.buildMachines
<Guanin>
Are there any guidelines to harden sshd on nixOS? I'd prefer to remove the PubkeyAcceptedKeyTypes +ssh-dss from sshd_config, but there is no option for it
<drdaeman>
when user wants a package that's not in the nix store, daemon handles that and then user can have it. this way, users can't pollute the store but share packages
Itkovian has joined #nixos
Itkovian has quit [Client Quit]
<tnks>
MichaelRaskin: if I still have to use "nix-build" then I'm not sure "nix eval" is that interesting.
<tnks>
I'll just have to keep an eye on these features as they emerge.
<MichaelRaskin>
nix eval allows you to print the path
<MichaelRaskin>
But right now I would recommend just using nix-build
knupfer has joined #nixos
<tnks>
MichaelRaskin: yeah, but also, one of my expressions throws an exception with "nix eval" but seems to build fine with "nix-build".
<tnks>
MichaelRaskin: "error: enum-0.4.4 not supported for interpreter python3.6m"
<tnks>
so I'm thinking it might have to do with some strict evaluation happening with "nix eval" that doesn't happen with nix-build.
<stphrolland>
ottidmes: I think it's bit too advanced for me. From what you explain, isn't it related to what nix-hydra does ? I simplified nix-hydra in my mind as a derivation building mechanism.
<MichaelRaskin>
tnks: funny enough, right now path-info does what you want…
pxc2 has quit [Ping timeout: 276 seconds]
drdaeman has quit [Remote host closed the connection]
<sebboh>
How can I view a detailed package description? How can I view the list of files in a package? I tried `nix-env -qa --description xmonad-with-packages`, but it would appear that the one-line description for that one is either empty or simply the name of the package.
taktoa has joined #nixos
<MichaelRaskin>
xmonad-with-packages just doesn't have a long description
<srhb>
sebboh: It has no description.
<sebboh>
I'm willing to view a list of files in it.
<tnks>
MichaelRaskin: okay then, good to know.
PMS has quit [Ping timeout: 268 seconds]
<ottidmes>
stphrolland: Hydra is a continuous build system, nix-serve just makes your nix store available as a binary cache, which is only a part of what Hydra does as well
reinzelmann has quit [Quit: Leaving]
<srhb>
sebboh: I think there's some indexing tools that know of some packages, but be aware that this is a function (taking the argument packages, among others) so there is really an answer for each possible packages.
<stphrolland>
ottidmes: thanks for the clarification. it helps my building of understanding nixos.
<srhb>
sebboh: Your best bet is to "install" the package into your store and use find, really.
<srhb>
sebboh: Like so: find $(nix-build '<nixpkgs>' --no-out-link -A xmonad-with-packages)
<sebboh>
I see.
drdaeman has joined #nixos
spear2 has quit [Remote host closed the connection]
phdoerfler_ has quit [Quit: Page closed]
boegel has joined #nixos
<tnks>
`nix verify` is telling me that everything is untrusted. Is there a key I need to set up?
<sphalerite>
tnks: you might need to use `nix copy-sigs` to get the signatures from the binary cache. The default binary cache key should be trusted by default
<Guanin>
Thanks ottidmes, I think I avoid that problem right now by enforcing other ciphers and algorithms that should not be available in clients that allow the usage of ssh-dss keys
<tnks>
sphalerite: yeah, I was expected reasonable defaults.
halfbit has joined #nixos
<niksnut>
tnks: did you upgrade from nix 1.11? then it's to be expected that most of your store has no signatures
<sphalerite>
tnks: I think the legacy tools don't copy signatures (although they do verify them!) when copying stuff from the cache
<sphalerite>
ah, niksnut has answered. He'll know best :D
<niksnut>
also, you can do 'nix verify -s https://cache.nixos.org' to fetch signatures from the binary cache
<tnks>
niksnut: I did, running that now.
disasm has joined #nixos
<ekleog>
<sphalerite> ekleog: any chance you could fix your HTTPS on git.ekleog.org? :D <-- wow. uh, care to tell me what that's for? I wasn't even thinking it was up, given how little interest there seemed to be in dtext :°
<sphalerite>
yeah I found it from suckless.org linking to dtext
<ekleog>
oh I didn't notice someone pointed a link to it :)
<sphalerite>
and was curious
<tnks>
also, I suprisingly had corruptions... not sure what the story is with that.
<sphalerite>
tnks: which paths? And which OS?
<sphalerite>
tnks: python likes to break itself on nixos, and other stuff is also less protected on non-nixos
<tnks>
sphalerite: Linux, and I already repaired them. I should have kept a better record.
<tnks>
it's non-nixos, but I am running it in multi-user mode to avoid that kind of thing.
<sphalerite>
mumble mumble linux isn't an OS
<sphalerite>
:p
<tnks>
Debian+Nix.
<sphalerite>
right, but the nix store is still on a read-write filesystem
<sphalerite>
on nixos it's actually bind-mounted to be read-only so even root can't modify stuff in it
<tnks>
oh, I see.
<tnks>
yeah, not that fancy.
<tnks>
I'm just not running anything as root.
<sphalerite>
:)
<tnks>
well, except for nix-daemon!
<sphalerite>
That's odd, because running stuff other than nix-daemon as root should be the only way to corrupt your store
<sphalerite>
besides filesystem failure of course
<tnks>
niksnut: is 'nix verify -s' supposed to fetch the signatures. I'm not sure I'm seeing it do that.
<tnks>
actually, maybe it is... it's all drv's that are untrustd.
<sphalerite>
that would make sense :D
<sphalerite>
Hm, is there a way to copy drvs between stores yet?
<sphalerite>
nix-copy-closure isn't very helpful for local stores
Guest42148 has quit [Ping timeout: 260 seconds]
chreekat has quit [Quit: quitting]
<sphalerite>
and nix copy doesn't seem to copy drvs
scribbler has joined #nixos
<ekleog>
sphalerite: hmm, I don't really get why my LE cron broke, but apparently running it by hand refreshed the certificate
<sphalerite>
:D
JosW has quit [Quit: Konversation terminated!]
<ekleog>
so it's good again, and hopefully next time the cron will be ok :) (until I finally migrate this cgit to nixos where I'll be able to use security.acme :°)
<ekleog>
thanks for the report! :)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nixpkgs/staging c0466ef Robert Schütz: pythonPackages.csvkit: fix build
<NixOS_GitHub>
[nixpkgs] dotlambda pushed 13 new commits to staging: https://git.io/vASB6
<NixOS_GitHub>
nixpkgs/staging 3680fc9 Robert Schütz: pythonPackages.ldappool: 1.0 -> 2.2.0
<NixOS_GitHub>
nixpkgs/staging f14c9ae Robert Schütz: pythonPackages.ldappool: move expression
NixOS_GitHub has left #nixos [#nixos]
shapr has left #nixos ["ERC (IRC client for Emacs 25.3.1)"]
<Guanin>
How do I unset a default configuration? To be specific, I want to overwrite services.fail2ban.jails.DEFAULT and services.fail2ban.jails.ssh-iptables
<Guanin>
When I try to just set them, the strings get concatted, breaking the syntax
<tnks>
is there a new "nix 2.0" way to do a "nix-store --realise /nix/store/..." to get a substitute from a caches?
<sphalerite>
Guanin: mkForce
<sphalerite>
tnks: nix build /nix/store/...
<sphalerite>
actually not sure if that works on store paths or only drvs
<Guanin>
sphalerite, thank you :)
drdaeman has quit [Remote host closed the connection]
<drdaeman>
"almost" because for some odd reason iptables nat doesn't work on my laptop
<drdaeman>
but works on desktop
kelleyNif has joined #nixos
fresheyeball has quit [Quit: WeeChat 1.9.1]
drakonis_ has joined #nixos
phdoerfler_ has joined #nixos
jsgrant has joined #nixos
<srhb>
drdaeman: Great! You're not on iptables 1.6.2 right?
<jsgrant>
Wowzah, compiling gtkwebkit on this mid-to-lower-tier laptop has taken over an hour.
<drdaeman>
No, 1.6.1. I'm aware about 1.6.2 problem with `-w5`, saw that issues
<drdaeman>
*issue
<srhb>
Hm..
<drdaeman>
For some reason DNAT 10.0.0.1->host IP is not working. I'll figure this out.
* jsgrant
wishes build-systems had some standardized way to display estimated completion %.
Itkovian has joined #nixos
<clever>
jsgrant: cmake sort of has one
<clever>
jsgrant: ghc as well
<jsgrant>
clever: Well, yeah, I've seen that; But I mean like fully standardized.
jensens has joined #nixos
<ottidmes>
Anyone using SyncThing on NixOS? I have working between two machines, but I was suprised to see serveral HTTP requests to subdomains of syncthing.net, I would just want to keep things local, I find it scary that it does this by default
<BlessJah>
ninja
<clever>
ottidmes: http or https?
<jsgrant>
ottidmes: I once-again moved NixOS (I'm a toe-dipping coward) off onto a testing box, but yeah, have.
<clever>
ottidmes: ah, that will be tricky to inspect then
<ottidmes>
I thought the point was to host your own dropbox thing, they should not phone home if you asked me. I can see how it could be useful, but make it optional, I am now looking into what can be done about it
<drdaeman>
No, I'm wrong. Outgoing requests (from kube-dns) are NATted properly. But for some odd reason outgoing responses are on some veth interface instead of cbr0...
<jsgrant>
ottidmes: Afaik, it's opt-out so you can do local-discovery, but pretty sure it's not phone-ing phone -- just using it as a redirect, if on different networks.
<clever>
ottidmes: using security.pki.certificates you can get the system to globally trust a self-signed cert, which allows you to mitm anything https
<clever>
ive used it before to see what android apps are up to
<clever>
only tricky part is getting syncthing to use it as a proxy
<ottidmes>
clever: I could also just add syncthing.net to /etc/hosts :P
<ottidmes>
jsgrant: Hmm, I will check that out, ty
goibhniu1 has joined #nixos
<clever>
ottidmes: ah yeah, that works perfectly, and burp supports such modes
<clever>
ottidmes: but burp will need root to listen on 443
goibhniu has quit [Ping timeout: 245 seconds]
dkao has joined #nixos
timon37 has quit []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] nlewo pushed 2 new commits to master: https://git.io/vAS29
<NixOS_GitHub>
nixpkgs/master caa9a38 Ryan Mulligan: flyway: 4.2.0 -> 5.0.7...
<NixOS_GitHub>
nixpkgs/master 085321a lewo: Merge pull request #35648 from ryantm/auto-update/flyway-4.2.0-to-5.0.7...
NixOS_GitHub has left #nixos [#nixos]
<sphalerit>
ottidmes: you don't need to screw around with fooling syncthing, you can just tell it not to
<sphalerit>
You can also look at the source code to verify it isn't doing anything shady :)
<clever>
sphalerit: more thinking about how you would decrypt it, to confirm what its doing
<ottidmes>
sphalerit: Yeah I am seeing that now, global discovery and relays (not sure what it is, but it also sends a request out)
<sphalerit>
There's a setting for which discovery servers to use which you can set
<sphalerit>
clever: just reading the source is probably simpler... :p
<clever>
yeah, lol
<sphalerit>
Syncthing is free software
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
i'm used to forcing answers out of unfree software
<sphalerit>
You can run your own discovery server as well
<sphalerit>
I just use the global ones
<sphalerit>
Very convenient, syncthing
<sphalerit>
And using the global discovery and relay servers lets you sync regardless of the network you're connected to
<jsgrant>
sphalerit: I've got 7 boxes right now; Yeah, brilliant; Some of the best foss I've used in the past 5 or-so.
* jsgrant
still needs to setup automatic backups though on two-plus machines ... but first-phase I'm pretty happy with.
<clever>
i should look into that then, ive had trouble with dropbox breaking on nixos because it self-updates
<clever>
and also ive run out of space anyways
<ottidmes>
sphalerit: It is to easily share two folder between two servers, so I do not have the moving network effect, but still, something to keep in mind
Itkovian has joined #nixos
<gchristensen>
clever: would you be able to help a buddy out with getting their dropbox working?
<jsgrant>
clever: When you have a few machines in your house, it's very nice; I plan on actually gifting a home-server to my parents sometime this or next-year and doing off-site sync of family movies from there to here and my personal-stuff offsite to there..
Drakonis[m] has quit [Ping timeout: 256 seconds]
kelleyNif has quit [Quit: Leaving.]
Drakonis[m] has joined #nixos
kelleyNif has joined #nixos
nh2[m] has quit [Ping timeout: 256 seconds]
nh2[m] has joined #nixos
<clever>
gchristensen: last time i used it on nixos, it worked out of the box with a nix-env -iA nixos.dropbox, and as long as i dont let it update, it keeps working
<sphalerit>
ottidmes: yeah I use it for my laptop, phone, and server
<ottidmes>
jsgrant: I am doing that right now, working on a backup server with a friend, his server is my off-site location and mine is his
<clever>
gchristensen: i think it waits for a reply from an ELF binary in /tmp to shut itself down for updates, so it just semi-hangs when it tries to update itself
<gchristensen>
ah it seems to be busted
<jsgrant>
ottidmes: :^) Yeah, what a great arrangement.
<sphalerit>
So nice having pictures I take on my phone on my laptop right away
<sphalerit>
And being able to grab some chords, xsel them to a text file which is immediately on my phone for playing
<drdaeman>
srhb: I got it. There is also conflict with NixOS firewall's rejectPackets. My desktop had firewall disabled so it wasn't affected.
<clever>
sphalerit: ive been using pushbullet for that lately, does syncthing support similar?
<jsgrant>
sphalerit: Only annoying thing (and I don't blame them) is that on Android without Root, you can't Sync SDCard.
<sphalerit>
clever: I think pushbullet does more stuff, syncthing just syncs directory trees
<sphalerit>
But syncthing is free software :D
matt_r_ has joined #nixos
<drdaeman>
Ah, not even rejectPackets. With the firewall enabled NixOS adds a jump no nixos-fw chain. And it will contain either REJECT or DROP (depending on rejectPackets).
<clever>
sphalerit: yeah, pushbullet does full instant messaging, both between friends, and your own devices, so i can push a url to the desktop, and it can attach images to those IM's
goibhniu1 has quit [Ping timeout: 248 seconds]
<matt_r_>
How is it possible that NixOps tries to resources it hasn't even created yet?
<drdaeman>
So, with firewall enabled, K8s won't work, unless an explicit ACCEPT is provided for its connections.
<sphalerit>
And the only centralised bits are the discovery and relay servers, which you can also run your own of
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
peacememories has joined #nixos
<matt_r_>
access resources*
<ottidmes>
sphalerit: That is what we are using it for as well, syncthing for easy sharing stuff with each other and a few ZFS drives for long term backups
<clever>
matt_r_: the parallelism in nixops sometimes gets ahead of itself, and --include forces it to skip creating some times
aborsu has joined #nixos
<matt_r_>
clever: this happens in 100% of the cases.
<clever>
matt_r_: what params are you running it with?
<matt_r_>
clever: isn't it possible that it got confused between my VM deployments and my EC2 deployments?
goibhniu has joined #nixos
<matt_r_>
clever: I am just using -d and -s.
<clever>
matt_r_: that shouldnt happen
<matt_r_>
clever: I will probably resort to starting from scratch again and adding stuff as I go, because this complicated setup surely doesn't work.
<matt_r_>
I hate systems that fall apart when I add something.
<clever>
matt_r_: it helps if you keep the nix expressions in git, then you can just `git diff` to see what you did to break it
Elephant454[m] has quit [Ping timeout: 256 seconds]
Elephant454[m] has joined #nixos
<matt_r_>
clever: yes, but I thought I only needed to defend against myself.
<matt_r_>
clever: I wasn't thinking that such a basic program would be so full of holes.
<matt_r_>
clever: Nix has been thought through, but NixOps just seems a mess in comparison.
<clever>
this reports what i had changed when building 356
<clever>
yeah, its broken that --include can skip dependencies
<matt_r_>
clever: how can I tell it to actually build the EC2 machines?
<clever>
matt_r_: do you have deployment.type = "ec2"; ?
PMS has joined #nixos
<matt_r_>
clever: no, I have targetEnv = "ec2";
PMS has quit [Client Quit]
<clever>
ah, thats it
drakonis_ has quit [Read error: Connection reset by peer]
<clever>
another thing you can try, nixops deploy --check
<clever>
that should test everything, and re-create anything thats missing
<matt_r_>
clever: it doesn't.
alexteves has quit [Ping timeout: 240 seconds]
dnovosel has quit [Ping timeout: 240 seconds]
<matt_r_>
clever: it just tries to connect to some hostnames that don't even exist.
<clever>
matt_r_: i recently had to fix something with `nixops deploy --allow-recreate --include HOST -d cluster --check`
<clever>
what hostname is it trying to connect to?, can you gist the output and nix expressions?
<ottidmes>
clever: Do you use git worktree for those .git folders within nixcfg, or does it contain a whole copy of the .git folder at that point?
<clever>
ottidmes: nix just clones the whole thing, including all of the .git
<matt_r_>
clever: it just tries to connect to "webserver" essentially when you look at the documentation.
<clever>
ottidmes: but nix-store --optimize can dedup those copies together
<ottidmes>
clever: But couldn't you just as well keep a revision stored instead of the whole folder?
<clever>
ottidmes: i have recently considered switching to `builtins.fetchGit ./.` from nix 2.0, which cleans the directory, but .git is also lost, so no more diffs
<matt_r_>
clever: I can't really share it easily.
<clever>
ottidmes: the revision wont tell you the changes, and i use that trick to get the smaller iterative stuff i do between commits
<matt_r_>
clever: I am thinking it was just a mistake to ever touch nixops.
<gchristensen>
matt_r_: it does sound like you've had an unusually terrible time with it
<clever>
matt_r_: i recently converted my router from nixos to nixops, and it has made it much simpler to manage
jensens has quit [Ping timeout: 252 seconds]
<matt_r_>
gchristensen: the worst thing is that when I deploy it to libvirtd everything works unchanged.
scribbler has quit [Quit: scribbler]
<ottidmes>
clever: Am I missing something, you mean if you forgot to commit something? If you always committed everything before building wouldn't git diff <commit>...<commit> just work?
rardiol1 has quit [Remote host closed the connection]
<clever>
ottidmes: more, that i dont want to commit every single 2 line change
<clever>
ottidmes: so i let nix snapshot the entire config on every build
kelleyNif has quit [Quit: Leaving.]
<ottidmes>
clever: Right, that makes sense
<michas_>
Hi, my nix store contains the xwayland package. According to `nix-store -q --referrers` it is included in the system path. I removed all graphical packages from configuration.nix and used `nix-collect-garbage -d` to clean up. This removed some packages but xwayland is still present. - Any idea how it still ends up in the system-path?
<clever>
ottidmes: and then if i need to undo something, i have history in the store
<clever>
michas_: look at nix-store --query --tree /run/current-system, and see what the path is
<ottidmes>
clever: I could just use a btrfs subvolume with snapshotting if I want to optimize that approach
<ottidmes>
clever: Yeah it is a very nice idea, I am stealing it :P
<clever>
ottidmes: i also have zfs snapshoting, with snapshots being made monthly,weekly,daily, hourly, and every 15mins
<clever>
ottidmes: but with nix, it makes one on every build, and keeps them with the build
<ottidmes>
clever: I have that on my backup server for long term storage, but on the OS side I use btrfs (for now)
jorge-jbs has quit [Quit: jorge-jbs]
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<ottidmes>
clever: My biggest pain point with NixOS configs remains infinite recursion, which can be non-obvious at times and hard to pinpoint
peacememories has joined #nixos
<clever>
ottidmes: yeah, those can be tricky, mostly just takes experience to know the flow of things and how to avoid it
<michas_>
clever: thanks, I was not aware of the --tree, yet. The tree indeed does not include xwayland. - Shouldn't it be garbage-collected in that case?
ElGoreLoco has joined #nixos
ElGoreLoco is now known as jorge-jbs
<clever>
michas_: ok, then run nix-store --query --roots on the wayland path
<clever>
michas_: what is the root holding on to it?
<disasm>
clever: unless I'm mistaken, the other thing it buys you is your nixops config is copied to the host itself, so if you lose the machine you ran nixops with, you can look at the config right on the host and rebuild it. The one concern would be deployment keys, but if you have those secrets defined at a lower level in the directory tree, that would solve that.
<clever>
disasm: yeah, thats why i'm considering builtins.fetchGit ./. since it strips out all files git isnt managing
<clever>
disasm: some nixops images include a dummy configuration.nix, and nixos-rebuild would undo the entire deployment, reverting it back to a fresh state
<michas_>
clever: Oh, that gives "/run/booted-system". so it won't garbage collect the current switched configuration as well as the booted one, right?
<gchristensen>
^ I accidentallied my servers with what clever is describing right there... :)
kelleyNif has joined #nixos
<disasm>
clever: I'm stealing that :)
jorge-jbs has quit [Client Quit]
<clever>
michas_: yeah, it nees to root the booted version, for kernel modules
<clever>
michas_: if you nixos-rebuild switch too far into the future of nixpkgs, the kernel modules cease to be compatible
<clever>
michas_: nixos cheats, by keeping a copy of the generation you originally booted
<michas_>
clever: cool. makes much sense. thank a lot!
<clever>
gchristensen: ive also seen somebody in this channel set the auto-upgrade flag in nixos, on nixops managed machines
<gchristensen>
oh no
<clever>
gchristensen: and he claimed it has worked before (because they lacked a configuration.nix, and it did nothing)
<gchristensen>
oh no
<clever>
gchristensen: then one day, his new machine did have a configuration.nix
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
then it actually "worked", lol
<gchristensen>
oh dear
<michas_>
clever: is there any documentation I should read on that topic?
<clever>
michas_: i figured that out just by reading all of the nixos sources
<michas_>
clever: ok, guess that is the final documentation. :)
hiratara has quit [Ping timeout: 265 seconds]
<clever>
disasm: the nixops-managed.nix file also messes with $NIX_PATH, pointing it to whatever nixpkgs was used to build the machine
<clever>
disasm: so you never have to deal with channels on the servers, the nixpkgs just always matches the current build
<clever>
ive also seen somebody use that for their desktop, the nixpkgs would chain itself from the current generation to all future generations, so its managed in nix, but not nix-channel
<clever>
and if you nixos-rebuild -I nixpkgs=..., it will persist
<clever>
because it makes a snapshot of that, and sticks in the generation, as a default for the future
hiratara has joined #nixos
halfbit has quit [Ping timeout: 245 seconds]
<disasm>
gchristensen, clever: I'm praying we don't have any power outages in the next week... I made a number of commits to my home network repo that weren't pushed after my last rsync on my laptop before I took it in for repairs. Not the end of the world, but got to reconstruct in my head everything I did since then if I have to redeploy to copy the keys back up for wireguard.
<gchristensen>
ouch :|
<gchristensen>
repairs? on your new laptopP?
<disasm>
actually, clever, you had a diff command you were using for nixops I could use to get that info, right?
<clever>
disasm: let me find it...
<disasm>
gchristensen: didn't order one yet... probably this summer. Fixed the keyboard on the macbook pro for $500 #pricegouging but at least it's a tax write off now that I have an LLC :)
<clever>
original is a symlink pointing to a .drv the router made, when i did nix-instantiate '<nixpkgs/nixos>' -A system
<clever>
and i copied it between machines with copy-closure
marusich has quit [Ping timeout: 265 seconds]
<clever>
the 2nd nix-instantiate is against the new config
<clever>
and nix-diff then compares them to see if they match, to make sure the nixops deploy doesnt mutate the router too mcuh
<disasm>
jsgrant: yeah, `t` key was stuck in an always typing state! and apparently they have to remove everything but the screen, and have to replace the entire top cover to replace a single key. I thought about taking it apart and getting one off of eBay, but the disassembly just looks painful.
matt_r_ has quit [Ping timeout: 260 seconds]
digitalmentat has joined #nixos
Itkovian has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 1 new commit to master: https://git.io/vASKi
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master 87acdca Robert Helgesson: josm: 13367 -> 13478
marusich has joined #nixos
the_real_plumps has quit [Quit: No Ping reply in 180 seconds.]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] rycee pushed 1 new commit to master: https://git.io/vAS63
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master e232ebe Robert Helgesson: abcmidi: 2018.02.07 -> 2018.02.22
the_real_plumps has joined #nixos
marusich has quit [Ping timeout: 268 seconds]
MP2E has joined #nixos
<disasm>
clever: ah, but you'd have to have the nix store that `nixops` was ran from for that to work, right?
marusich has joined #nixos
<clever>
disasm: yeah, or nix-copy-closure the .drv off first
spear2 has joined #nixos
<adelbertc>
has anyone hit issues with `hostname(1)` or `getaddrinfo()` on Nix (-build Docker image) ?
<clever>
adelbertc: you need to add iana-etc to the docker image
<clever>
adelbertc: the cause is /etc/protocols being missing, so it doesnt even know what udp is
<adelbertc>
hm i do have that added already
<clever>
adelbertc: and is /etc/resolv.conf also setup?
<adelbertc>
in the sense it exists
jtojnar has quit [Ping timeout: 256 seconds]
<clever>
?
<adelbertc>
what does "also setup" mean
sonarpulse has quit [Quit: Leaving]
<adelbertc>
im in Kubernetes, it looks like Kubernetes has populated that fil
<adelbertc>
similar with /etc/hosts
jtojnar has joined #nixos
<clever>
adelbertc: what happens if you try to just `ping google.com` ?
kelleyNif has quit [Quit: Leaving.]
<adelbertc>
lol doesnt look like i have `ping` in my imag
<adelbertc>
image*
<adelbertc>
Nix image is too minimal
sonarpulse has joined #nixos
kelleyNif has joined #nixos
ryanartecona has joined #nixos
stphrolland has quit [Ping timeout: 265 seconds]
Ralith__ has joined #nixos
<adelbertc>
FWIW i dont have a `hostname` binary in the image
<adelbertc>
which seems suspicious
kelleyNif has quit [Quit: Leaving.]
kelleyNif has joined #nixos
szicari has quit [Quit: szicari]
stphrolland has joined #nixos
Ralith_ has quit [Ping timeout: 256 seconds]
digitalmentat has quit [Quit: Leaving]
kelleyNif has quit [Client Quit]
kelleyNif has joined #nixos
stphrolland has quit [Ping timeout: 276 seconds]
tput has joined #nixos
tput has left #nixos [#nixos]
tput has joined #nixos
NightTrain has joined #nixos
michas_ has quit [Remote host closed the connection]
orbekk has joined #nixos
<tput>
I'm preparing a pull request for a new package. The original package release doesn't have a version number. What's the best practice for assigning a version in nixpkgs? $version = 'git revision'?
sonarpulse has quit [Quit: Leaving]
<johnw>
I use the first 6 characters of the git revision
<johnw>
or sometimes that plus the date of that commit
<johnw>
or just the date
<MichaelRaskin>
Date first
<MichaelRaskin>
Lexicographic comparison should work
<johnw>
true
sonarpulse has joined #nixos
<johnw>
(and, oops)
<MichaelRaskin>
If a future release is likely, I put 0.0.pre.2018.03.01 or something
jensens has joined #nixos
<tput>
That last one sounds like a perfect fit. Thank you both!
tput has left #nixos ["ERC (IRC client for Emacs 25.3.1)"]
knupfer has quit [Ping timeout: 260 seconds]
sonarpulse has quit [Quit: Leaving]
sonarpulse has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
lord| has joined #nixos
kitemikaze has quit [Remote host closed the connection]
troydm has quit [Quit: What is Hope? That all of your wishes and all of your dreams come true? To turn back time because things were not supposed to happen like that (C) Rau Le Creuset]
<earldouglas>
Anyone know how to resolve `error: attribute ‘nixosVersion’ missing` during nixops deploy?
<wilornel>
I used to not have the `nix` command before I did this `nixos-rebuild switch`
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
nixpkgs/master f6af32c Jan Tojnar: cantarell_fonts: 0.0.25 → 0.100
NixOS_GitHub has left #nixos [#nixos]
<NixOS_GitHub>
nixpkgs/master 618ac29 Jan Tojnar: cantarell-fonts: rename from cantarell_fonts
<NixOS_GitHub>
[nixpkgs] jtojnar pushed 2 new commits to master: https://git.io/vAS92
<ottidmes>
wilornel: If you are on 17.09 or unstable and set that option as I suggested and call: nixos-rebuild switch, it should give you some pre 2.0 version
kelleyNif has quit [Quit: Leaving.]
kelleyNif has joined #nixos
<wilornel>
how can I get 2.0? I need to upgrade nixos? How would I do that? https://nixos.org/nixos/manual/ shows "Version 17.09"
<adelbertc>
clever: i finally got `ping` on my image, i can `ping www.google.com` if you have further advice
<clever>
adelbertc: can you modify it to run `strace -ff -o /tmp/logfiles -s 300 <yourapp>` inside docker, and then upload the logfiles and the stdout to gist?
<wilornel>
I think I get the difference between nix and nixos