<boomshroom>
Just playing Splatoon while waiting for GCC
<{^_^}>
[nixpkgs] @LnL7 pushed commit from @NeQuissimus to release-18.03 « vault: Fix test »: https://git.io/vxRZ0
maximiliantagher has joined #nixos
<ertes>
the LUKS support in NixOS' initrd isn't quite flexible enough for my use case… can i use boot.initrd.postDeviceCommands to do my own LUKS setup?
<ertes>
in fact it would be ideal if i could take complete control over the process of mounting the root filesystem
<ottidmes>
ertes: not sure about the second question, but you can use preLVMCommands to do the LUKS unlocking yourself (its what I have been doing for quite some time, its very flexible)
<ertes>
thanks
<ertes>
it would be nice if it was clearer in which order the boot.initrd.*Commands values are used, and what happens between them
<ertes>
well, i guess i can use fileSystems for the root filesystem with the proper options
ashgillman has quit [Ping timeout: 268 seconds]
<ertes>
background: i'm currently using MD → LUKS → btrfs, and i want to get rid of the MD component in favour of btrfs' own RAID support, but i have a somewhat strange setup: the second disk will be missing some of the time
<ottidmes>
ertes: I figured they would still be valid in 2.0, sorry
<Baughn>
--option buildCores seems to work.
<Baughn>
It's not unstable anymore. :)
<ertes>
actually 2.0
<ertes>
Baughn: note that there are two values that are relevant here: max-jobs and cores
<Baughn>
I had it set to 0, aka. auto. Unfortunately that produces -j32.
<Baughn>
Right. I had max-jobs set to 16.
<Baughn>
You can probably imagine what happened.
<ertes>
a nix fork bomb =)
<boomshroom>
GCC failed to build. after entering source/x86_64-unknown-redox/libgcc, it complained about `Makefile:179: ../.././gcc/libgcc.mvars: No such file or directory`. Any idea why?
<Baughn>
For starters, why are you building GCC?
<boomshroom>
Baughn: Redox OS.
<boomshroom>
I can't use the prebuilt images, because I want to build Nix for it. :P
<benley>
huh, I came here with LUKS questions too.
<benley>
I'm trying to find a way to avoid having to type my luks passphrase twice on boot (once before grub, once when the kernel starts), without keeping the keyfile on external storage or on an un-encrpyted volume itself
<benley>
_and_ without having the keyfile end up world-readable in /nix/store
<lopsided98>
I think there is a hash problem with "gwgdvvkha1rhbd7ca6rlw43g9ml3ls00-linux-headers-4.15" in dezgeg's ARM binary cache. Has anyone else noticed this?
<benley>
so ... is there any way to get the keyfile added to the initramfs without also putting it in /nix/store in the process? I think that would make it possible
<ottidmes>
benley: you can do that, yes, let me check
ndrei has joined #nixos
<ottidmes>
benley: Here is a snippet of my config, it basically allows you to use boot.initrd.secrets with grub: https://pastebin.com/0qvsviMA
<ertes>
benley: that's exactly the reason for my question, but i have an additional requirement: there are two devices, but one of them may be missing on boot
<boomshroom>
Any ideas? The lines before the error don't seem to suggest anything out of the ordinary.
<ottidmes>
ertes: you should be able to script that easily enough in that preLVMCommands, I also did similar checks, in my case whether a USB stick was present or not, then I would first decrypt that with a simpler key, to get a keyfile to the disk, or if no such USB, unlock with the long password
chisui has quit [Ping timeout: 260 seconds]
thc202 has quit [Ping timeout: 256 seconds]
<leotaku>
Is there an easy way to make a laptop not suspend when its lid is closed in configuration.nix?
<ertes>
ottidmes: yeah, i'll definitely try that
<ertes>
not immediately, i'm just gathering information right now
tertle||eltret has quit [Quit: Connection closed for inactivity]
<Lears>
Setting services.logind.lidSwitch = "ignore" works too.
ndrei has quit [Remote host closed the connection]
<ottidmes>
leotaku: ^ Lears suggestion is better
ndrei has joined #nixos
<leotaku>
Lears, ottidmes: Ok, thank you very much. Another Question: How would I do this ad-hoc/on the fly?
xeji has quit [Ping timeout: 265 seconds]
<ottidmes>
leotaku: I guess you would keep it on ignore and listen for the event that is created when the lid is being closed (not sure about the actual event, but the should be something like that)
<leotaku>
ottidmes: Maybe I was unclear about what I want to do: I want to run a command to specify if the laptop should suspend when the lid is closed. This should certainly be possible using a custom script, however I feel like there has to be something more straightforward.
<ottidmes>
leotaku: I don't know what you expect, but this should be trivial: if condition; then systemctl suspend; fi
<kerrhau>
boomshroom: well, I understood that much, but what exactly is the error
<boomshroom>
kerrhau: import is a function that returns a value, not a statement.
<kerrhau>
so just assign it to a variable?
<boomshroom>
Also, packageOverrides takes a function that takes the existing package set.
<boomshroom>
Part of the problem is you seem to be doing strange things in the overlays directory. It's meant for files that take 2 parameters and return a set of new packages. They're implicitly imported by nixpkgs.
<d-fish>
I've got a recent installation of nixos using kde, but there are some weird visual bugs in dolphin: https://i.imgur.com/4b9nJAJ.png
<d-fish>
plasma instead of kde. Anyone know what might be happening?
<boomshroom>
d-fish: I'm not too familiar with KDE or Dolphin, but it looks like the only problem is the icons are missing. Do you have an icon set set in KDE's or Dolphin's settings?
justanotheruser has joined #nixos
<d-fish>
I don't know where an icon set would come from
<{^_^}>
[nixpkgs] @grahamc pushed to master « xmloscopy: init at 0.1.1 »: https://git.io/vxRlJ
maximiliantagher has quit [Ping timeout: 264 seconds]
<boomshroom>
d-fish: There are several in the repository. Do a google search for "linux icon pack" and find one you like.
justanotherus3r has quit [Ping timeout: 256 seconds]
<d-fish>
When should I put packages in systemPackages vs nix-env?
maximiliantagher has joined #nixos
<boomshroom>
d-fish: Usually it's based on whether or not you want to use them as root or other users.
<boomshroom>
I'm currently downloading kde just to test out dolphin.
<boomshroom>
d-fish: I should mention that the default set for KDE is called "breeze".
<boomshroom>
Interesting, simply loading dolphin and breeze-icons in a shell still causes them not to be found and dolphin segfaults.
<d-fish>
What desktopManager do you use?
<boomshroom>
I may have to install KDE fully and log out and back in in order to get this to work.
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
<boomshroom>
d-fish: I use i3: no full environment, just the window manager.
<d-fish>
I'm not going to dive into tiling window managers yet. I installed breeze-qt5 which fixed an issue with my launcher icons. I fixed my original issue by installing dolphin-plugins
vidbina has joined #nixos
<boomshroom>
I should mention that I haven't had any problems with icons because I don't have any applications that use them. (Or I haven't noticed if they do.)
<d-fish>
I've been using ubuntu for a while and very recently switched to nixos
<justanotheruser>
hey, my build is failing. I'm trying to move to 18.03. Any advice? Here is the end of my build, I can post the full build if it's necessary. https://hastebin.com/raw/bemasodisu
<boomshroom>
I was on Arch before switching. I actually started using a tiling WM when I was running an Arch instalation off a tiny USB stick, so I didn't have space for a full desktop environment. Funilly enough, I basically used Windows the same way I use i3 as I always had all my aplications maximised.
mmlb has quit [Ping timeout: 240 seconds]
<boomshroom>
justanotheruser: `virtual memory exhausted: Cannot allocate memory` Are you on 32bit?
srjek|home has quit [Ping timeout: 276 seconds]
<justanotheruser>
amd64
hotfuzz_ has quit [Ping timeout: 240 seconds]
hotfuzz_ has joined #nixos
<boomshroom>
justanotheruser: what prints when you evaluate "builtins.currentSystem" in the nix repl?
hamishmack has quit [Quit: hamishmack]
<justanotheruser>
nix-repl is actually broken too apparentl...error: current Nix store schema is version 10, but I only support 7
<boomshroom>
justanotheruser: and `nixos-version`?
<justanotheruser>
nix-store (Nix) 2.0
<justanotheruser>
I moved to unstable to try something
<justanotheruser>
but am trying to move to 18.03
blonkhart has joined #nixos
infinisil has quit [Quit: Configuring ZNC, sorry for the join/quits!]
<boomshroom>
justanotheruser: The `virtual memory exhausted` error suggests you may actually be running 32 bit, since it's practically impossible to use up all 256 TiB of the 64bit (actually 48bit) address space.
d-fish has quit [Quit: Konversation terminated!]
infinisil has joined #nixos
<drakonis>
actually not
d-fish has joined #nixos
<drakonis>
that's ext4
<boomshroom>
drakonis: Huh, interesting.
<drakonis>
technically
<drakonis>
it is possible to use the entire range lol
<drakonis>
also ext4 has a 48bit size limit
<ertes>
btrbk is installing its binary into sbin… is that a bug in the package or in nix/nixpkgs?
<drakonis>
the thing i'm talking about here is that current cpus can achieve 64 bit but its not like we'll get there yet
<drakonis>
it is achievable through the use of nvram
aarvar has quit [Ping timeout: 240 seconds]
nuncanada has quit [Ping timeout: 260 seconds]
hamishmack has joined #nixos
<johnw>
is there a way to use a different root namespace with nix-shell -p besides <nixpkgs>?
<johnw>
even https://nixos.org/nix/ shows "nix-shell '<nixpkgs>' -A firefox", but this doesn't seem to work with -p
<johnw>
ah, the man page mentions -I
<boomshroom>
johnw: It doesn't provide all the facilities of nix-shell, but nix run works with alternate namespaces and even lets you get an entire expression.
<johnw>
so, my problem is that I have a Haskell project, but it's shell.nix (generated by cabal2nix) doesn't include non-Haskell dependencies, so I've been using nix-shell -p ... to first enter a shell that has those dependencies before using cabal sandbox, so that I can do iterative builds. However, nix-shell is a very quirky thing, and doesn't reproduce the same environment that nix-build, so I'm trying to find some combination of invocations
<johnw>
that will let me just build and test my Haskell changes while having all the right dependencies visible.
<boomshroom>
johnw: The nice thing about the stack aproach is that you don't even need nix-shell or even your own nix file. You can specify nix dependencies with the stack file.
vidbina has quit [Ping timeout: 240 seconds]
<johnw>
not interested in stack
<johnw>
boomshroom: how would you "enter" the buildEnv?
<johnw>
nix-shell -A buildEnv doesn't have the dependencies in scope
<johnw>
sorry, nix-shell -A <my build env attr>
srjek|home has joined #nixos
<boomshroom>
The fun of multiple conflicting build systems, some of which wrap others. I've had Nix wrapping rust's cargo, wrapping a configure/make library.
<boomshroom>
johnw: when in doubt: with import <nixpkgs> {};
<johnw>
boomshroom: not sure how to apply that last suggestion...
<johnw>
I have a buildEnv defined, I'd like to start a shell with that environment's dependencies in scope
<boomshroom>
If the buildEnv is in shell.nix, just running nix-shell will give you a shell with all the dependencies in your PATH. WARNING: this does NOT work with library paths!
<boomshroom>
:facepalm:
<johnw>
the buildEnv is a global attr
<johnw>
oh, it doesn't work with library paths?
<boomshroom>
buildEnv resolves to a binary set. What you really want is a mkDerivation with buildInputs set.
<johnw>
ah, I see
mounty has joined #nixos
<boomshroom>
A good rule of thumb is to write a default.nix file as though you're building the whole project with nix. Then running nix-shell puts you in a position to build it manually.
<boomshroom>
Of course, when I was playing with Haskell, I just let stack handle all my dependencies.
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #37752 → treewide: use more HTTPS URLs → https://git.io/vxRRn
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/vxRRA
<{^_^}>
→ b189247b by @ryantm: treewide: use more HTTPS URLs
<{^_^}>
→ 8f309193 by @matthewbauer: Merge pull request #37752 from ryantm/fix-urls
ilyaigpetrov has joined #nixos
_null_ has joined #nixos
<_null_>
stupid question how do I determine what path a remote package goes to?
<_null_>
nix-instantiate only seems to work on things that I have the nix file sitting arround for
<_null_>
and nix-shell supports -p
<_null_>
because I'd like to use things like nix-store with them, but 'which'/'type' is useless half the time since I'd have to manually ls -l the actual symlink it points to
<nD5Xjz>
@typetetris I get no such file or directory: nixpkgs, nix does not exist but nix-env --version is 1.11.16
<typetetris>
sorry missed some quotes
<typetetris>
nD5Xjz: After doing `nix-channel --update` try `nix-env -f '<nixpkgs>' -iA nix` first, after that report what `nix --version` tells you.
<typetetris>
note the quotes around `<nixpkgs>`.
<nD5Xjz>
Right, adding the quotes is installing nix 2.0
<typetetris>
after that, you should be fine. Try to read up on the new `nix` command. (I still have to do that, too).
simukis has joined #nixos
<typetetris>
Probably we should tag the commit in master, after which one needs nix 2.
<elvishjerricco>
typetetris: Wait nixpkgs unstable requires 2.0? That seems bad
Xal has quit [Ping timeout: 240 seconds]
<typetetris>
elvishjerricco: There are those placeholder thingies all over the place. Was told it needs nix 2 and the error messages went away with nix 2 for me. So, seems like it.
<typetetris>
You probably only notice it, if you need one of those packages, which use that placeholder thing in their nix expression.
<typetetris>
Dunno, where are decisions like that discussed?
<elvishjerricco>
why is placeholder even necessary when we already had output paths as environment variables?
<nD5Xjz>
I get a warning now with `nix-env`. Unkown setting `signed-binary-caches`. Guessing that safe to delete from nix.conf and is a depricated value
<typetetris>
You can ignore that.
<typetetris>
It will go away some time in the future I was told.
<elvishjerricco>
nD5Xjz: Some of the nix.conf options got renamed
<nD5Xjz>
ok, thanks
<typetetris>
elvishjerricco: I get that warning too, but never used that setting in my configs. So it somehow pops up from a different place, not under my control.
orivej has joined #nixos
Xal has joined #nixos
<{^_^}>
[nixpkgs] @ElvishJerricco opened pull request #37754 → callHackage: Keep deriver, like callCabal2nix → https://git.io/vxRua
<{^_^}>
→ 404c8079 by @KaiHa: debian-devscripts: add dpkg in PATH
<{^_^}>
→ 29bef71f by @Mic92: Merge pull request #37755 from KaiHa/pr/devscripts_dpkg-path
<{^_^}>
[nixpkgs] @Mic92 pushed commit from @KaiHa to release-18.03 « debian-devscripts: add dpkg in PATH »: https://git.io/vxR29
mariel__ has joined #nixos
MP2E has quit [Remote host closed the connection]
mariel__ has quit [Client Quit]
coot has joined #nixos
davidlt has quit [Ping timeout: 240 seconds]
jrolfs has joined #nixos
<phry>
Can someone tell me how to use optionalAttrs in an overlay? I'm trying self.lib.optionalAttrs and super.lib.optionalAttrs and getting an infinite recursion both ways
<phry>
(and can't think of any other way)
<phry>
nevermind, actually the recursion seems to be caused by the check I am performing, not optionalAttrs -.-
17WAA169F has joined #nixos
jrolfs has quit [Ping timeout: 240 seconds]
coot has quit [Quit: coot]
Lears has quit [Remote host closed the connection]
<psychic1>
What is the difference between nativeBuildInputs and buildInputs?
thc202 has joined #nixos
<psychic1>
I am reading the nixpkgs manual but the difference seems overly subtle for me as it says:
<psychic1>
A list of dependencies used by the new derivation at build-time. I.e. these dependencies should not make it into the package's runtime-closure, though this is currently not checked.
<psychic1>
So practically speaking, there's currently no difference between the 2 attributes?
<infinisil>
psychic1: There is a difference when crosscompiling
<psychic1>
Yes I read that part as well. But asides the cross-compiling part there is no difference?
magnetophon has quit [Remote host closed the connection]
magnetophon has joined #nixos
<magnetophon>
There's a pkg that has "cp $(NAME).pd_linux ../$(NAME).pd_linux" in the makefile. It used to compile just fine, but after a distro upgrade it complains about permission. Why is that?
dbe has joined #nixos
qknight has joined #nixos
dbe has quit [Ping timeout: 240 seconds]
Lears has quit [Remote host closed the connection]
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ashgillman has quit [Ping timeout: 240 seconds]
davidlt has joined #nixos
<unlmtd>
if a service has an option to put secrets in `/run/keys` but doesnt have an option to be in the `keys` group, I fail to see how to let it access the secret. am I missing somthing?
<ixxie>
is there a guide somewhere to creating and applying a patch when packaging in Nix?
<srhb>
ixxie: The nixpkgs manual mentions using git --diff
<ixxie>
srhb: so I fork the target package code, commit the change I wanna make, do git --diff > name-of-my-change.patch, and then set patches = [ ./name-of-my-change.patch ]; ?
<unlmtd>
ixxie: git --diff wont output anything if youv commited the changes
<srhb>
You explicitly don't commit them
<ixxie>
oh right
<srhb>
ixxie: Otherwise yes :)
<ixxie>
cool
<unlmtd>
or you can use the commit hashes
zybell has joined #nixos
<ottidmes>
I have never actually used git submodules before, but I now have like a 16 mini git projects for my nixos config that I would like to keep separate, but also make it possible to manage them as a whole. Could I use git submodules for this, or are there other tools out there that might help?
<{^_^}>
[nixpkgs] @ttuegel opened pull request #37763 → emacsPackagesNg: lower priority of elpaPackages → https://git.io/vxRir
<{^_^}>
[nixpkgs] @LnL7 pushed to master « runit: mark linux only »: https://git.io/vxRiK
<ij>
How do people use i3 with xfce? Do you kill the icon/desktop application with .xsession?
<{^_^}>
[nixpkgs] @LnL7 pushed to release-18.03 « runit: mark linux only »: https://git.io/vxRiX
<{^_^}>
[nixpkgs] @knedlsepp opened pull request #37764 → mp3blaster: fix darwin build → https://git.io/vxRip
<netixx>
hello, I am trying to get/build a nixos sdcard image for odroid-c2 but I cannot find images or instructions. Can someone give me pointers ? Thank you
<{^_^}>
[nixpkgs] @bachp opened pull request #37765 → opencv3: don't download ippicv if not enabled → https://git.io/vxRPl
<{^_^}>
→ 6e863d15 by @bachp: gitlab-runner: 10.5.0 -> 10.6.0
<{^_^}>
→ 82b41525 by @7c6f434c: Merge pull request #37761 from bachp/gitlab-runner-10.6.0
<{^_^}>
[nixpkgs] @LnL7 pushed to release-18.03 « scowl: fix darwin build »: https://git.io/vxRPP
jophish_ has joined #nixos
jophish_ is now known as Guest41699
<infinisil>
netixx: The errors are kinda important when trying to debug something.. So we can't help much if you don't tell us what they are
<netixx>
I am getting error: Package ‘linux-4.13.16’ in /var/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix:220 is marked as insecure, refusing to evaluate.
<netixx>
while performing nix-build
<netixx>
and the output of the command suggests to add settings to ~/.config/nixpkgs/config.nix
ThatPako has joined #nixos
<ThatPako>
What's the "Nix way" of writing programs in Haskell?
<ThatPako>
Should I just globally install GHC and Cabal and call it a day?
<ThatPako>
or do some other Nix magic?
<{^_^}>
[nixpkgs] @LnL7 pushed to master « shairplay: fix darwin build »: https://git.io/vxRXq
<{^_^}>
[nixpkgs] @LnL7 pushed to release-18.03 « shairplay: fix darwin build »: https://git.io/vxRXY
daGrevis has joined #nixos
<infinisil>
netixx: what command are you running to build it?
<netixx>
infinisil nix-build release.nix -A odroid-c2.aarch64-linux.sd-image
<zybell>
netixx: which means exactly what it reads: You wont want to run an insecure kernel, unless you know *exactly* how to configure it secure in which case you wouldnt ask here. Try another kernel.
Arcaelyx has joined #nixos
<{^_^}>
[nixpkgs] @dezgeg pushed to master « llvm_34, llvm_35: Disable on aarch64 »: https://git.io/vxRXc
<infinisil>
Agreeing with zybell, but sometimes you just need a start to something, you probably don't want to use insecure stuff for your actual system
<infinisil>
netixx: What you need to do is use the nixos option nixpkgs.config.permittedInsecurePackages instead of the one in ~/.config/nixpkgs/config.nix
<infinisil>
netixx: But you need to put this in the nix files of your nixos build or something, your own nixos system won't work
<infinisil>
netixx: E.g. adding it to the file you linked would work
Rusty1_ has joined #nixos
rardiol1 has joined #nixos
<joepie91>
FYI: unstable channel is totally broken on Nix 1.11 (ie. stable NixOS 17.09)
<joepie91>
undefined variable: 'placeholder'
<joepie91>
in gvfs
<joepie91>
which I suspect is a dep shared by many things
<joepie91>
(this was a Nix 2.0 thing I believe?)
<domenkozar>
sounds like Nix 2.0 feature is used
<domenkozar>
placeholder instead of $out
noam has quit [Read error: Connection reset by peer]
<joepie91>
right, but it's blocking my rebuild right now :P
<infinisil>
Yeah a nix 2.0 only PR got merged
noam has joined #nixos
<joepie91>
how should I resolve this?
<gchristensen>
:( :( :(
<joepie91>
(also, shouldn't this have been caught by a test?)
<simukis>
hey, I’m trying to do something like `systemd-run --user --scope screen`, but I get "Failed to add PIDs to scope's control group: Permission denied"
<{^_^}>
→ 65b1c735 by @basvandijk: pgmanage: 10.1.0 -> 10.1.1
<{^_^}>
→ 8c2c82bf by @7c6f434c: Merge pull request #36452 from LumiGuide/pgmanage-10.1.1
aarvar has joined #nixos
<simukis>
okay, I worked around this by making a user service instead.
<chisui>
When running "nix-shell -p haskell.packages.ghc841.either" get the error "error: attribute 'either_5' missing, at /nix/store/iz5znibqjvvzplsdg6fcyivcjcw9z5hn-nixos/nixos/pkgs/development/haskell-modules/configuration-ghc-8.4.x.nix:72:12" am I doing something wrong?
<ottidmes>
how does one deal with umasks? I am running into permissions problems because I expected the group to be writable as well, but it seems umask is set to 022 by default on NixOS, is it unsafe to change this to 002 and where should I change this in NixOS?
xeji has joined #nixos
<infinisil>
ottidmes: what directory are you talking about? And nixos doesn't mess with stateful stuff in general
<ottidmes>
infinisil: I have a wheel directory containing config about a server and a share where a friend should also have access
<GiGa>
clever: ta, I'll give that a go
<GiGa>
there's some other options I want to add to the derivation at some point
<infinisil>
ottidmes: Yeah nixos shouldn't mess with that, you can just change it
<ottidmes>
infinisil: So I should put it in profile or some such, right?
<MichaelRaskin>
I guess NixOS defaults to put all human users in the same group.
<infinisil>
ottidmes: Ah, you want to have nixos set the group permissions with a service or activationSCript or such?
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<ottidmes>
MichaelRaskin: Yeah, and I explicitly do not, so I do not have username:users, but username:username in the home folders, so 002 in that regard should be safe
<ottidmes>
infinisil: That is part of my question, I never really messed with umask, so I am not sure what the best place is to put it, but I read elsewhere that most set it in the startup scripts from their shell, so I guess profile should be a good bet?
<MichaelRaskin>
Sounds good then
<infinisil>
huh, startup scripts to set file permissions :/
<MichaelRaskin>
infinisil: I think it is about shell umask
freeman42x]NixOS has joined #nixos
<MichaelRaskin>
So only to set _future_ file permissions
<infinisil>
shell umasks?
<ottidmes>
right, its about future file permissions, new files and directories should default to 666 - umask, and 777 - umask respectively if I remember correctly
<MichaelRaskin>
infinisil: man 2 umask
<infinisil>
No manual entry for umask
<infinisil>
But anyways, need to go
<infinisil>
Ah so every file this user would create with the shell would automatically be set to 002?
stanibanani has joined #nixos
<{^_^}>
[nixpkgs] @dezgeg pushed to master « nixos/tests/misc: Fix on aarch64 »: https://git.io/vxR9l
<ottidmes>
infinisil: no, the substraction value will be 002
<ottidmes>
infinisil: so 664
<ottidmes>
infinisil: (for files)
<ottidmes>
I think I need shellInit for umask, not extraInit (both from environment)
fendor has joined #nixos
aarvar has quit [Ping timeout: 264 seconds]
xcmw has joined #nixos
netixx has joined #nixos
<ottidmes>
nope, extraInit corresponds to /etc/profile, which is where I wanted it, but I guess both would have worked
<{^_^}>
[nixpkgs] @dezgeg pushed to release-18.03 « nixos/tests/misc: Fix on aarch64 »: https://git.io/vxR95
knupfer has quit [Remote host closed the connection]
srjek|home has joined #nixos
ma27 has quit [Ping timeout: 256 seconds]
ThatPako has joined #nixos
<ThatPako>
what's the fsType used for acessing another machine?
Ariakenom has joined #nixos
<ashkitten>
nixos isn't very good at low-memory environments is it...
<ashkitten>
nixos-rebuild runs out of memory very quickly
knupfer has joined #nixos
netixx has quit [Remote host closed the connection]
knupfer has quit [Remote host closed the connection]
GiGa has quit [Quit: Leaving]
random_auroras has joined #nixos
<ashkitten>
hm, i enabled zram swap so maybe that'll help
<random_auroras>
Reading in the intro about multiple-versionned dependencies I'm wondering, is there a dedup feature?
jrolfs has joined #nixos
<infinisil>
ThatPako: you need something to server files on the other machine, samba or nfs are common choices
<{^_^}>
[nixpkgs] @matthewbauer pushed commit from @ryantm to master « accounts-qt: 1.13 -> 1.15 »: https://git.io/vxRH0
jrolfs has quit [Ping timeout: 264 seconds]
Neo-- has joined #nixos
netixx has joined #nixos
jrolfs has joined #nixos
<chisui>
I can't get the haskell package "either" to build on the current unstable channel with ghc841. It says "attribute 'either_5' missing, at /nix/store/.../configuration-ghc-8.4.x.nix:72:12"
<chisui>
Do I have to specify "either_5" somewhere?
<{^_^}>
→ e124e203 by @7c6f434c: Merge pull request #37772 from xeji/p/ptlib
davidlt_ has joined #nixos
simukis has quit [Ping timeout: 240 seconds]
jrolfs has quit [Ping timeout: 260 seconds]
_null_ has joined #nixos
davidlt has quit [Ping timeout: 276 seconds]
<{^_^}>
[nixpkgs] @gebner pushed commit from @globin to release-17.09 « tt-rss: 17.4 -> 2018-01-05 (security) »: https://git.io/vxR54
<justanotheruser>
hey, my build is failing. I'm trying to move to 18.03. Any advice? Here is the end of my build, I can post the full build if it's necessary. https://hastebin.com/raw/bemasodisu
blankhart has quit [Ping timeout: 240 seconds]
jrolfs has joined #nixos
<{^_^}>
[nixpkgs] @vbgl opened pull request #37775 → gnome2.gtksourceview: fix build on Darwin → https://git.io/vxR5a
<infinisil>
Yay, finally was able to fix a hydra jobset for 18.03 ^^
ndrei has quit [Ping timeout: 260 seconds]
rardiol1 has quit [Read error: Connection reset by peer]
<infinisil>
justanotheruser: Hmm not sure, I can't quiet interpret free's numbers properly if I'm gonna be honest :P. Instinctively the "free" column being almost at 0 makes me think it's indeed a problem, but I don't think you can go for that on linux because of how free RAM works with buffers and stuff.
<justanotheruser>
maybe I should borrow some RAM and build :P
<{^_^}>
→ a31b2ca0 by @coreyoconnor: gnome2.zenity: Add docbook_xml_dtd_412 to prevent build from attempting to reference DTD from network and failing.
<{^_^}>
→ 4b625fd2 by @coreyoconnor: gnome2.gnome-control-center: Add docbook_xml_dtd_412 to prevent build from attempting to reference DTD from network and …
<{^_^}>
→ 2308f4eb by @7c6f434c: Merge pull request #37005 from coreyoconnor/zenity-docbook-dtd
<infinisil>
searching the options is always a good idea
xy2_ has quit [Quit: WeeChat 2.0]
<{^_^}>
[nixpkgs] @layus opened pull request #37789 → almir: cleanup the corresponding broken module. → https://git.io/vxRhx
<katona>
infinisil: As far as I know this is a pptp server, which is not what I want, but thanks
<infinisil>
ah right..
<infinisil>
katona: How about the pptp package then
chisui has quit [Ping timeout: 260 seconds]
<katona>
Tried, but doesn't seem to work :/ but fortunately there seems to be a non-pptp option for the VPN, so I think that will be the quickest solution to my problem
xy2_ has joined #nixos
<obadz>
katona: that is annoying indeed
<obadz>
katona: are you willing to work on a fix?
<katona>
I may try, I've seen that bug that was "solved" by deleting the package
<katona>
obadz: and there was a patch, I might try that
<obadz>
katona: you should revert the deletion locally
<infinisil>
Trying to use the vpnc package, and it does indeed connecting fine and I can ping IP's, but DNS is bugged out because it's messing with the dns servers
goibhniu has joined #nixos
<infinisil>
(the dns servers resolve my universities domains to the VPN's ips)
pie_ has quit [Read error: Connection reset by peer]
<katona>
Bit offtopic but any idea what connectionTrackingModules should I enable for a l2tp VPN?
<Lears>
Anyone else using the kitty 0.8.0 package? I'm finding that opening a new window only succeeds as often as it kills all existing kitty instances. It was fine when I installed it from git on Debian.
michas_ has joined #nixos
Arcaelyx has joined #nixos
pie_ has joined #nixos
jrolfs has quit [Ping timeout: 240 seconds]
<obadz>
katona: I've set up l2tp clients & servers and don't know what you mean
<katona>
obadz: with pptp I had to add "pptp" as part of this NixOS option set as in an update their loading was disabled by default. And as I couldn't get l2tp/IPsec VPN to work at first try I though the firewall was at fault
<obadz>
i've not used ipsec
<katona>
(I don't know much about vpns, I'm using plasmas networkmanager gui for it)
<obadz>
but for the other type (ppp?) I've been able to just click my way through networkmanager
ilyaigpetrov has quit [Quit: Connection closed for inactivity]
<{^_^}>
[cabal2nix] @bgamari opened pull request #342 → Add support for more Cabal platforms → https://git.io/vx0vm
<katona>
obadz: reverted the changes and it works without any trouble... I have no idea why was it removed in the first place, it built without any error
raynold has joined #nixos
pie_ has quit [Ping timeout: 240 seconds]
aminechikhaoui has quit [Ping timeout: 263 seconds]
<{^_^}>
[nixpkgs] @domenkozar pushed commit from @layus to master « almir: also remove the corresponding module. »: https://git.io/vx0va
<ThatPako>
Is there any sane way I can use Emojicode and develop packages for it on NixOS? Usually one copies them to `/usr/local/EmojicodePackages` which sounds like something I won't be able to do with Nix(OS) :/
blankhart has joined #nixos
jb55 has joined #nixos
<infinisil>
ThatPako: Haha why is emojicode a thing even
aminechikhaoui has joined #nixos
<ThatPako>
infinisil: because it's fun :^)
<infinisil>
ThatPako: You'd have to create some nix functions to download and manage dependencies to have it work well on NixOS
<MichaelRaskin>
With Thunderbird it might be more complicated to say which part of the project makes decisions about such things…
<infinisil>
Yeah, and the 18.03 milestone there is way too ambitious
<ThatPako>
oof, the only way to change the location the compiler searches for packages is through a flag set when compiling the compiler
<ThatPako>
no env var possible
<MichaelRaskin>
Ouch
<infinisil>
ThatPako: Damn
<MichaelRaskin>
infinisil: if you _really_ want it, you can built Thunderbird yourself with an override for enableOfficialBranding
<infinisil>
ThatPako: Well the best thing would then be to patch the compiler (or look for a PR that makes it an env var)
stanibanani has joined #nixos
<ThatPako>
Actually...
<ThatPako>
one can set it as argument to the compiler. But that is limited to version 0.6, which is still in-dev and won't run
<infinisil>
MichaelRaskin: Yeah i know, don't really care about official branding, it's just something a lot of new users confuses because they didn't install nightly
<zybell_>
ThatPako: yes you can emulate folders everywhere.
<ThatPako>
zybell_: what about multiple expressions modifying the same folder?
ma27 has quit [Ping timeout: 276 seconds]
stanibanani has quit [Ping timeout: 240 seconds]
xeji has quit [Quit: WeeChat 2.0]
coot has joined #nixos
jb55 has quit [Ping timeout: 240 seconds]
lopsided98 has quit [Remote host closed the connection]
<zybell_>
Where you want to emulate Make a symlink to /proc/self/fd/3 (choose convenient nr here). and then run cmd 3</where/your/files/are/.
lopsided98 has joined #nixos
<ThatPako>
Now I feel a bit lost :/
<infinisil>
Ohh yeah that could work
kmicklas has quit [Ping timeout: 260 seconds]
<ThatPako>
What's /proc/self/fd/<number>?
<infinisil>
ThatPako: A path that refers to the current processes file descriptor number <number>
<infinisil>
And these file descriptors can be assigned easily with bash or so
<ThatPako>
Okay, I think I should stop with Nix and actually learn how *nix works. I feel completely dumb right now lol
<zybell_>
It even works with dirs!
<infinisil>
zybell_: Ah right, it probably doesn't
Lears has quit [Remote host closed the connection]
<zybell_>
Tested it.
<infinisil>
Ah, I read your "!" as a "?"
<infinisil>
Nice!
<ThatPako>
I don't quite see how /proc/self/fd/<> would help me. The standard packages are also in the search path so I need them to be somewhere persistent :/
<infinisil>
ThatPako: What do you mean by search path? As long as only compilation needs the libraries source code it should be fine
<infinisil>
I think
<ThatPako>
nah, the packages are loaded when executing the compiled code
<zybell_>
You can have as many special dirs as you want.
<ThatPako>
emojicode doesn't compile to normal binaries
<ThatPako>
it compiles to bytecode run by their own VM/engine right now
<infinisil>
Whew, well then maybe patch it to look at an env var, or wait for the new release, or make the unstable version work
sigmundv_ has joined #nixos
<ThatPako>
;-; I'll probably wait for 0.6 then
<ThatPako>
Thanks anyway!
<{^_^}>
[nixpkgs] @badi opened pull request #37799 → unifi, nixos/unifi: support LTS (5.6.36,) and release (5.7.20) → https://git.io/vx0Jj
<zybell_>
You can have as many special dirs as you want.!!
<infinisil>
zybell_: hmm i guess that could work, but certainly can't be called a nice solution :)
hiratara has quit [Ping timeout: 276 seconds]
<neonfuz>
Moving my nixos install to a new partition,
<neonfuz>
with other distros I'd rsync and then change configs
<neonfuz>
what about this? rsync and change configs, then rebuild somehow?
<neonfuz>
or no rsync?
<zybell_>
It is a very mighty tool. It should be used responsibly.
<neonfuz>
is it safe to rsync a nix store? is rsync -a good enough? anyone have any thoughts?
goibhniu has quit [Ping timeout: 264 seconds]
<neonfuz>
I just don't want to brick my pc lmao
<ThatPako>
neonfuz: can't you rebuild most of it thanks to your .nix config?
<ThatPako>
I would only backup /home on nixos
<MichaelRaskin>
Do you want to sync store or do you want to sync the DB too?
hiratara has joined #nixos
<infinisil>
ThatPako: And /var/lib! and maybe /root and maybe other stuff in /var
<ThatPako>
/var/lib is mutable? wew
<ThatPako>
what's stored in there?
<MichaelRaskin>
I think default PostgreSQL database path is in /var/lib …
<infinisil>
Pretty much all services store their data there
<neonfuz>
oh yeah lmao, I do have a postgres db but I don't need it
<{^_^}>
[nixpkgs] @shlevy opened pull request #37803 → Explicitly account for current limitations of RISC-V kernels → https://git.io/vx0Tq
<infinisil>
ThatPako: Data has to go somewhere, not everything can be immutable
<ThatPako>
true
<neonfuz>
also I have other things built in my home directory (with gcroots ofc), but I'd have to rebuild those too if I don't sync my store over
Neo-- has quit [Ping timeout: 240 seconds]
<neonfuz>
speaking of which, I was thinking about making a nix package to wrap windows programs in a wine env, has anyone thought about / done this?
<ottidmes>
MichaelRaskin: I heard you used some special program launcher, setting it up in such a way that e.g. firefox runs compartimentalized (not sure if that is the right word), could you give me some pointers? Or did I heard it wrong?
<MichaelRaskin>
We-ell
<MichaelRaskin>
I run a system which is not strictly speaking NixOS (but it uses Nix, Nixpkgs, Nixpkgs Linux kernel and some parts of NixOS code)
<infinisil>
neonfuz: Ah you mean to have a windows exe collection in nix being packaged with `wine foo.exe`?
<MichaelRaskin>
It currently powers my laptop and my build box
thc202 has quit [Ping timeout: 240 seconds]
<neonfuz>
maybe a wine prefix per program, and rely on nix-store --optimise to hardlink files to not take so much space with multiple programs
<neonfuz>
or a wine prefix that's clean, and link files from that
<neonfuz>
but idk how wine behaves with an immutable c-drive lol
<MichaelRaskin>
ottidmes: so my compartmentalisation is dependent on two pieces of Common Lisp code cooperating to decide a configuration for an nsjail sandbox
<neonfuz>
so idk, I haven't tried much at it yet, but it was just a thought
<infinisil>
MichaelRaskin: Ah you're the one who graciously merged my znapzend PR earlier :) ottidmes is actually the one who found that error in the first place
<ottidmes>
MichaelRaskin: Yeah, I saw your config, and what you could basically call a dialect of NixOS, like Guix, but then customized to your liking
<MichaelRaskin>
GuixSD uses Guix which is a different package manager (which recognises its Nix heritage)
<MichaelRaskin>
infinisil: FTR I care nothing about ZFS because I don't want a core part of infrastructure I care to depend on an outcome of a theoretically possible legal mess involving Oracle.
<infinisil>
zybell_: There needs to be mutable things, it can't work without them, otherwise nothing would ever change
<ottidmes>
MichaelRaskin: OK, so yours is closer to NixOS in that sense, a wrapper all Nix tools and eco system, but you do not use e.g. the nixos folder of nixpkgs
<MichaelRaskin>
I even use it, just in a very limited and isolated ways.
mounty has quit [Ping timeout: 240 seconds]
<ottidmes>
MichaelRaskin: So the isolation you implemented is based on nsjail?
<infinisil>
MichaelRaskin: Doesn't zfsonlinux have nothing to do with oracles zfs?
<MichaelRaskin>
I ask NixOS to generate me some /etc/ file given a _minimal_ configuration that sets it up correctly.
<neonfuz>
what do you do about a kernel?
<MichaelRaskin>
infinisil: I highly doubt any read-write ZFS implementation is free of large pieces of Sun code.
<neonfuz>
I hate how nixos answers M to every option... lol
stanibanani has joined #nixos
<neonfuz>
I used to manually config my kernel in gentoo
<zybell_>
infisil: I'm not that demented.;-) But you can rm an awful lot.
<MichaelRaskin>
I am OK with allmodconfig, to be honest.
<neonfuz>
yeah it's alright, just makes compiles long lol
<MichaelRaskin>
neonfuz: most of the time it is Hydra that compiles it.
<infinisil>
zybell_: I haven't read that paper, but does it suggest something like "adding all the time, never delete anything, changes are just a different object"?
<neonfuz>
I have to make changes to my drivers, and when you have to change even one kernel option you need to build it all yourself on every kernel update
<MichaelRaskin>
neonfuz: can't you build them as out-of-tree modules?
<neonfuz>
that's a sort of downfall to nixos imo, if packages aren't very modular and you need to make small changes
<neonfuz>
idk how that works, maybe I can
<zybell_>
s/infisil/infinisil/
blankhart has quit [Ping timeout: 264 seconds]
<MichaelRaskin>
The main reason not to talk SLNOS people into publishing their proper-ccache stdenv is that merging stdenv overhauls into NixOS is tricky in the organisational sense…
<infinisil>
neonfuz: That's the price for reproducability, but you can lose reproducability and get a fast development cycle with nix-shell
<maurer>
Not to mention, ccache doesn't usually buy that much ._.
<neonfuz>
yea
stanibanani has quit [Ping timeout: 246 seconds]
<maurer>
Too many textual mangling phases in C++/C compilation
mounty has joined #nixos
<MichaelRaskin>
maurer: for Nixpkgs it actually can buy quite a bit
<zybell_>
no they make a lot of mems 10000+ started from scratch replicating, and when gone a new one replicates its way into the cloud. like this.
aarvar has left #nixos [#nixos]
<MichaelRaskin>
Because implementation-only changes cause many more rebuilds than for other setups
<Dezgeg>
does ccache even work very efficiently given that compiler command lines will change (due to -I pointing to a different store path and stuff)?
<MichaelRaskin>
I think this can be worked arounf
<maurer>
Dezgeg: Last time I used ccache, it would cache only the final transformation of AST into object file
<MichaelRaskin>
After all, -I is preprocessor flag
<maurer>
Dezgeg: If so, it should work fine even with different -I
<Dezgeg>
hmm, right
<maurer>
(this was years ago, so this may not be modern behavior)
<Dezgeg>
but if your the compiler needs to emit to the debug info say, the absolute path to some c++ header which contains inline functions
<zybell_>
then the compiler is patched to use relative path
<Dezgeg>
eh
<ottidmes>
MichaelRaskin: So you have added a bit of user management in your Common Lisp that assigns a unique user id for each sandbox?
<MichaelRaskin>
Well, it is just code that keeps track of assigned UIDs in an SQLite database, and runs a trivial C wrapper to su to a UID not in passwd
<MichaelRaskin>
netns is handled separately with some code to support running socat instances to pass specific ports to specific targets
<MichaelRaskin>
(So I can isolate a program from the network but let it talk to a proxy)
coot has quit [Quit: coot]
blankhart has joined #nixos
<ottidmes>
MichaelRaskin: I wonder how that approach compares to QubesOS
xcmw has joined #nixos
<MichaelRaskin>
QubesOS runs full VMs, and even Xen VMs not KVM, which is safer but heavier
coot has joined #nixos
<MichaelRaskin>
jails are cheap, so I can put most webpages into unique jails.
<{^_^}>
[nixpkgs] @ysndr opened pull request #37804 → (krunner-pass): init at 1.3.0 on 17.09 → https://git.io/vx0kU
<MichaelRaskin>
(and just saly by UID at some point)
<MichaelRaskin>
slay
<MichaelRaskin>
I should do more X filtering though, probably with Xpra
<clever>
android has something similar, no chroot, but there is one uid per application
<clever>
and you needed a certain gid to access the network originally
<MichaelRaskin>
See also nofear, which uses kvmtool to launch a truly minimal VM with a special built kernel with zero physical hardware support for a one more middle ground point
<MichaelRaskin>
I want many application instances, with different UIDs for instances of the same application
<clever>
MichaelRaskin: nofear sounds like pkgs.runInLinuxVm, which can run any nix derivation as root under qemu
kquick has joined #nixos
xy2_ has quit [Ping timeout: 263 seconds]
<MichaelRaskin>
Yes, ut actually optimised for startup speed
<zybell_>
MichaelRaskin: Do you want to isolate librarys in server procs accessed via unix-sockets too?
<ottidmes>
MichaelRaskin: So their solution with orchastrating a group of VMs is more secure (less that could wrong, due to stricter isolation, but comes at a cost of performance and integration), while your solution has a bigger attack surface, but because it is more lightweight it also allows you to be more granular in your isolation, right?
<MichaelRaskin>
Not really. The ideal end-game is to say that a complete takeover of Firefox requires a kernel exploit to do anything Javascript couldn't do anyway.
<MichaelRaskin>
(Then again, Javascript is disabled by default, which also makes exploiting Firefox bugs harder)
dbe has joined #nixos
<MichaelRaskin>
What I also get out of Firefox netns isolation is that I can start Marionette in every instance, and manage socket paths instead of port numbers
<ottidmes>
JavaScript disabled? So you only visit a few websites? I haven't tried recently but isn't the modern web just expecting JavaScript to be available? As in, most sites fail horribly?
<{^_^}>
[nixpkgs] @dtzWill opened pull request #37808 → wrapper.c: fixup includes to work w/musl → https://git.io/vx0IA
<neonfuz>
sort of both, IIRC I read that nixos-in-place (or one of the other ones) that they did this, but I just don't know if it's possible to bind mount over / and if that should be done with fstab, etc
<{^_^}>
[nixpkgs] @dtzWill opened pull request #37809 → tirpc, zfs: fixups, support using tirpc w/zfs → https://git.io/vx0Lv
<{^_^}>
[nixpkgs] @dtzWill opened pull request #37810 → udisks2: 2.1.6 -> 2.1.8, extend workaround to include musl → https://git.io/vx0LU
lukec has quit [Ping timeout: 265 seconds]
<zybell_>
If you pivot_root() in initrd the new root (/) doesn't have to be a mountpoint.
<zybell_>
switch_root seems to be a normal mount equivalent.
lukec has joined #nixos
henrytill_ has quit [Ping timeout: 264 seconds]
<MichaelRaskin>
Well, it is a --move mount, which sometimes make a difference
<elvishjerricco>
Hm. I'm a trusted user on both the local and remote machine, yet `nix copy --from ssh://...` is still erroring with "lacks a signature"
<elvishjerricco>
why would that be?
<MichaelRaskin>
--no-check-sigs has to be specified explicitly
<elvishjerricco>
Ah. I thought being trusted removed the need for that
<MichaelRaskin>
No, being trusted allows it to do anything
<elvishjerricco>
I guess that's the old behavior nix-copy-closure
<neonfuz>
the traceback shows it's in systemd-boot-builder
<neonfuz>
I don't need to bindmount in /sys or anything do I lol
<neonfuz>
the actual error line reads subprocess.CalledProcessError: Command '['/nix/store/7m31df5kk2s0s6b4j0whky06g03ayjns-systemd-237/bin/bootctl', '--path=/boot', 'install']' returned non-zero exit status 1.