<rotaerk>
Ralith, hmm, I just manually exported the result of XDG_DATA_DIRS="$XDG_DATA_DIRS:${vulkan-validation-layers}", particularly XDG_DATA_DIRS="$XDG_DATA_DIRS:/nix/store/5qvswpi28x8ipwzmbzd6nbpdh00dig0j-vulkan-validation-layers-1.1.77.0"
graphene has quit [Remote host closed the connection]
<rotaerk>
and then I ran my program: /nix/store/jzwr760zj74ln6ig8bi5v8d9iwramh6v-vulkanTest-main-0.1.0.0/bin/vulkanTest --shaderspath='/nix/store/msr9vb2x9iqfmas4gzdvmpqb6z0i4rya-vulkanTest-shaders'
<rotaerk>
and it still gave the error: Expected validation layers are not available: ["VK_LAYER_LUNARG_standard_validation"]
graphene has joined #nixos
<rotaerk>
I figured that while it's not the way I'd do itt going forward, it should at least work this way...
broccoli has quit [Ping timeout: 240 seconds]
<rotaerk>
(I'm *not* running under nix-shell, because I don't want my program to depend on that)
<Ralith>
try vulkaninfo
worldofpeace has quit [Quit: worldofpeace]
<infinisil>
,locate bin/vulkaninfo
<Ralith>
it's probably failing to dlopen the actual layers
<{^_^}>
Found in packages: vulkan-tools
<Ralith>
add the validation layers to LD_LIBRARY_PATH
<Ralith>
(the lib subdir, obv)
tzemanovic has quit [Remote host closed the connection]
tzemanovic has joined #nixos
<rotaerk>
oh, nevermind, the path that has to be in XDG_DATA_DIRS is the share folder itself, not the root of vulkan-validation-layers
<rotaerk>
changed it to that and it worked
<rotaerk>
I realized that when I noticed all the OTHER paths in there ended in share
<Ralith>
rotaerk: whoops, sorry for misleading you there
<Ralith>
that'll teach me to retype instead of copypaste
<rotaerk>
:P
<rotaerk>
now that I know that works, time to modify my nix...
<rotaerk>
I'm not sure how people normally setup their shell.nix files
<rotaerk>
where "main" is just the derivation for building my haskell project
<Ralith>
there's a bunch of different approaches depending on your exact requirements
<Ralith>
mine tend to be very simple because I'm building rust projects that aren't intended to become nix packages [any time soon]
<rotaerk>
ah
<Ralith>
so it's just `with import <nixpkgs> {}; let ... in stdenv.mkDerivation rec { ... }`
<Ralith>
otoh, at work I have a whole fancy environment thing with a specialized callPackages
andymandias has quit [Ping timeout: 264 seconds]
<rotaerk>
well, my approach to building, which I think clever came up with, is to have a derivation for my haskell project ("main"), a derivation for compiling my GLSL shaders into SPIR-V ("shaders"), and then something that writes a shell script that executions the haskell binary and passes in the path to the compiled shaders: https://github.com/Rotaerk/vulkanTest/blob/master/vulkanTest.nix#L61-L64
broccoli has joined #nixos
RealUnix28200 has quit []
<rotaerk>
so to get the fullBuild to work, so I can just do result/bin/vulkanTest to run it, I just added the XDG_DATA_DIRS=... line within that shell script, just before the exec
<Ralith>
are you trying to build a NixOS test that validates the usability of vulkan, or something?
<Ralith>
this seems weirdly complicated
<Ralith>
I don't know why you'd want the shader compilation to be a separate derivation
<rotaerk>
this is me implementing the stuff from vulkan-tutorial.com, in order to teach myself vulkan
<Ralith>
unless modern haskell has no way to cue external build steps?
<rotaerk>
I wanted to be able to rebuild haskell without rebuilding the shaders, and vice versa
<Ralith>
personally I just put together a nix-shell that has everything I need in it, and leave the rest up to my language tooling to drive, in the same manner as a developer on any other linux
<rotaerk>
the approach I had used initially was to have the haskell compiler itself call that glslangValidator and injecting the result right into the haskell binaries
<rotaerk>
but that had a few problems, so I dropped that approach
<rotaerk>
oh, I don't just use nix to setup a shell and then use the language tooling; I mean, I do that, but I also want to be able to build with nix-build
andymandias has joined #nixos
<Ralith>
I don't bother with that unless I plan on automated builds or using Nix for distribution
<rotaerk>
I see
<Ralith>
with the way you have this setup, you have to either compile your shaders totally by hand or re-enter nix-shell every time you tweak them
<Ralith>
what was wrong with having ghc invoke glslang directly?
tzemanovic has quit [Remote host closed the connection]
<rotaerk>
Ralith, because it wouldn't notice that the shader files had changed. also, it requires rebuilding the haskell when you change the shaders; which doesn't mesh well with the idea of modding shaders (not that that really applies to my particular program)
<rotaerk>
basically, if my shader files changed, I would have to touch the haskell file that they'd get injected into in order for that to get recompiled, and for them to get re-injected
<Ralith>
ah, that's unfortunate
<Ralith>
rust's tooling has specific support for adding arbitrary paths as build deps, and has adequate incremental compilation
<rotaerk>
it might be possible to do that with cabal, but this approach seemed better to me for other reasons as well
<rotaerk>
when I'm working within nix-shell, I made a sh script called "run" which does: exec <cabal buildoutput>/vulkanTest --shaderspath=$(nix-build --no-out-link ../vulkanTest.nix -A shaders)
<rotaerk>
so I don't have to build them by hand
<Ralith>
as far as game design goes I'm not big on overridable shaders, because running untrusted shaders is unsafe, and I like the idea of automatically downloading custom content, and automatically doing unsafe things is a no-go.
<rotaerk>
interesting
<srk>
last time I've managed to write my shaders in andromeda (https://github.com/jaredloomis/andromeda) cause I didn't want to distribute them separately and handle paths
<Ralith>
most of the time you need paths for assets anyway
<Ralith>
building small stuff into the binary is awfully nice though
<srk>
yeah, this was for a simple plotting library with only two shaders
<srk>
guess something similar could be done with vulcan shaders
<rotaerk>
I could probably find a way to get the build process to work properly, and inject it into the binary
<Ralith>
for an educational project, whatever works, works
<rotaerk>
I should learn the approach you take with nix-shell
<rotaerk>
minimal nix work, to get a dev environment up and running
<Ralith>
"learn" is a bit generous since it's literally just doing the bare minimum you can get away with :D
<rotaerk>
lol
<Ralith>
btw, I double-checked and I am pretty sure you will need LD_LIBRARY_PATH in addition to XDG_DATA_DIRS if you want the layers to actually work
<rotaerk>
I didn't have to specify that, for it to work when I ran my nix-build output
<rotaerk>
well, wait, lemme add a bug to my vulkan code, which would trigger the layers, and see if that changes anything
<rotaerk>
I get a triangle, at least
<Ralith>
do you have the debug callback wired up
<rotaerk>
yep
<Ralith>
if you aren't getting any output, it's not working
<Ralith>
the layers are pretty chatty
<rotaerk>
oh wait... I didn't notice my output
<rotaerk>
Validation Layer: libVkLayer_unique_objects.so: cannot open shared object file: No such file or directory
<rotaerk>
hehe; k, I'll try adding the other path...
<Ralith>
failure to load a layer is not a fatal error
<Ralith>
(at least, an implicit layer)
<Ralith>
I'm less sure if there's an elegant solution to having to specify LD_LIBRARY_PATH; having the loader try to guess absolute paths is dubious
<Ralith>
patchelf is an option too but not really any prettier
<rotaerk>
outside of nix, is that something that's generally automatically setup for you?
<rotaerk>
or is the need to have these variables set common knowledge amongst those experienced with vulkan
<rotaerk>
if the need to manually set them is peculiar to nix, it might be worth documenting somewhere
<rotaerk>
okay, those errors went away, but still no debug callback being called, because I don't have a bug
<rotaerk>
will add a bug to test
dbmikus has joined #nixos
<rotaerk>
I'm probably just not using enough of the layers to make it chatty
<Ralith>
rotaerk: if the layers aren't being very chatty, you may be initializing the debug callback too late or shutting it down too early (or discarding some messages)
<rotaerk>
you sure you're not overestimating what my program actually does?
<rotaerk>
it's just a triangle
<Ralith>
it works best if it's the first thing you do after creating an instance/the last thing before destroying one
<rotaerk>
yep, that's what I'm doing
<Ralith>
if you've got a triangle in vulkan, you know as well as I do that it's difficult to overestimate how much work's involved :P
<rotaerk>
haha
<Ralith>
e.g. the object tracker should be noting every single create/destroy operation
<rotaerk>
thing is, you control *which* layers you're using when you create the instance
<rotaerk>
only one I have on is VK_LAYER_LUNARG_standard_validation
<Ralith>
that's a meta-layer which grabs all of them
<rotaerk>
oh
<rotaerk>
oh right, you also control uh...
<rotaerk>
yeah, the flags passed to the debug report callback
<Ralith>
re: lib search: on non-NixOS everything gets dumped in /usr/lib or w/e so no manual config is needed; a setup hook might be defensible here on that basis
<infinisil>
I see, just can't feel the vibe with those kind of libs...
<infinisil>
That's most certainly autogenerated via the C api
<infinisil>
IO and pointers everywhere
<gchristensen>
sounds like high performance graphics programming
<rotaerk>
oh, yeah, that's deliberate, because without going to that level, you can't get the full performance you might need
<infinisil>
High performance doesn't disallow good compile time checking, which this library can't do
<rotaerk>
can always build abstractions on top of that
<gchristensen>
ahh
<rotaerk>
but the bindings themselves should be low level
<infinisil>
Yeah
<infinisil>
I want that abstraction layer! It's horrible to code C in Haskell
<rotaerk>
it does *some* type checking; for instance it has something that statically makes sure you fill out all the required fields of the CreateInfo structures
<rotaerk>
but yeah, you're still dealing with pointers for stuff
<rotaerk>
I want to build a higher level thing, but I don't know vulkan well enough to know what would be appropriate
<joepie91>
unless the channel did update but there were just no changes to it to warrant a rebuild? I have no idea :D
<fragamus>
something is stuck with channel updates
asuryawanshi has joined #nixos
lassulus_ has joined #nixos
<rotaerk>
Ralith, happen to have seen this? symbol lookup error: /nix/store/11asls7i6l1qz9cm08is75xhgdc1b212-libGL-1.0.0/lib/libGL.so.1: undefined symbol: __GLXGL_CORE_FUNCTIONS
<rotaerk>
when I nix-build my thing, it runs fine. when I nix-shell, build using my haskell tools directly, and run the result, I get that error
mizu_no_oto has joined #nixos
<rotaerk>
I made sure LD_LIBRARY_PATH and XDG_DATA_DIRS are set within shell.nix, and I've added vulkan-loader and vulkan-tools to my nativeBuildInputs
<rotaerk>
I don't think it *doesn't see* libGL, it just fails to lookup something from it
lassulus has quit [Ping timeout: 256 seconds]
lassulus_ is now known as lassulus
igo95862 has joined #nixos
Ridout has quit [Quit: Lost terminal]
<fragamus>
Can anyone give me a link to the status display for nixpkgs hydra build
<Ralith>
rotaerk: what exactly did you set LD_LIBRARY_PATH to?
zearen has quit [Ping timeout: 256 seconds]
<rotaerk>
it's set to: /run/opengl-driver/lib:/run/opengl-driver-32/lib:/nix/store/5qvswpi28x8ipwzmbzd6nbpdh00dig0j-vulkan-validation-layers-1.1.77.0/lib
zearen has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nix] @volth opened pull request #2273 → lib.concatMap and lib.mapAttrs to be builtins → https://git.io/fbprI
<rotaerk>
Ralith, though based on the strace, I don't see it failing to find a file or anything like that
<{^_^}>
[nixpkgs] @volth opened pull request #43064 → lib: concatMap and mapAttrs to be builtins → https://git.io/fbprq
<rotaerk>
though I just searched libGL.so.1 and found __GLXGL_CORE_FUNCTIONS in it >_>
fragamus has joined #nixos
<joepie91>
clever: nh2[m]: either of you around at the moment? having trouble with overlays, despite following the suggestions in https://github.com/NixOS/nixops/issues/893 it doesn't seem like my overlay actually works
<rotaerk>
it may be some weird thing specific to my setup though
dbmikus has quit [Ping timeout: 265 seconds]
<joepie91>
pkgs.morepkgs still does not exist even though it should be set by my overlay (and works on my local machine), even after setting nixpkgs.overlays in the default machine
nD5Xjz has quit [Ping timeout: 260 seconds]
<Ralith>
rotaerk: that seems in order, and I haven't encounterd a similar error myself in the past
<Ralith>
my best hypothesis would be that something's getting the wrong libGL somehow
<Ralith>
I'd see if you can find one that *does* define that symbol and work out where it might fit in
<rotaerk>
vulkaninfo works fine
jperras has quit [Quit: WeeChat 2.1]
<rotaerk>
hmm k
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dbmikus has joined #nixos
drakonis has quit [Remote host closed the connection]
mkoenig has quit [Remote host closed the connection]
<rotaerk>
ah, interesting. I straced my nix-build-built program, and did the same for the one built and run within nix-shell, and they ARE using different libGLs
<rotaerk>
the nix-build one (the one that works) is using /run/opengl-driver/lib/libGL.so.1
<rotaerk>
the one in nix-shell is using /nix/store/11asls7i6l1qz9cm08is75xhgdc1b212-libGL-1.0.0/lib/libGL.so.1
blankhart has quit [Ping timeout: 256 seconds]
mkoenig has joined #nixos
hexa is now known as hexa-
asuryawanshi has quit [Ping timeout: 256 seconds]
nD5Xjz has joined #nixos
oahong has quit [Quit: 暂离]
sbdchd has quit [Remote host closed the connection]
igo95862 has quit [Quit: igo95862]
<elvishjerricco>
rotaerk: You should do `readlink -f /run/opengl-driver/lib/libGL.so.1` to see where that one's actually coming from.
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #43057 → dwarf-fortress: Run legends-browser with a suitable working directory → https://git.io/fbpz3
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fbpoL
justan0theruser is now known as justanotheruser
reinzelmann has joined #nixos
dbmikus has quit [Quit: WeeChat 2.1]
andymandias has quit [Ping timeout: 248 seconds]
andymandias has joined #nixos
<joepie91>
!tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<vaibhavsagar>
!ifd
<vaibhavsagar>
!IFD
<samueldr>
,IFD
<{^_^}>
import-from-derivation (IFD) is when you evaluate nix from a derivation result, for example `import (pkgs.writeText "n" "1 + 1")` will evaluate to 2
<joepie91>
nice and consistent
<joepie91>
lol
<samueldr>
confusingly, all new commands are prefixed with a comma
<joepie91>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<joepie91>
ah
<samueldr>
the bot is implemented in a distributed manner
<samueldr>
there are two components which implement commands right now
jasom has quit [Quit: WeeChat 1.9.1]
<joepie91>
lol
<vaibhavsagar>
why would I expect anything else from #nixos
<samueldr>
but! the way it's implemented is awesome for making small programs that compose into the bot
<samueldr>
e.g. the channels releases are a simple bash script, the PRs are another small program which listens to the github events
mizu_no_oto has quit [Quit: Computer has gone to sleep.]
simukis has quit [Ping timeout: 264 seconds]
<rotaerk>
hmm I wonder if haskell builds in nixpkgs would be sped up if, for trivial Setup.hs files, it would just runghc Setup.hs, rather than compiling it first
<rotaerk>
because I think one of the main reasons nix-build is slower than a cabal build is because it first compiles that Setup.hs
shachaf has quit [Ping timeout: 256 seconds]
oahong has quit [Quit: 暂离]
phdoerfler has quit [Quit: Leaving.]
shachaf has joined #nixos
<cocreature>
rotaerk: cabal isn’t faster because it uses runghc afaik. it’s faster because for build-type: Simple it doesn’t use the Setup.hs at all and instead relies on the Cabal library that it was linked against
asuryawanshi has joined #nixos
oahong has joined #nixos
knupfer has joined #nixos
<rotaerk>
ah
<rotaerk>
so I wonder if there's any reason that couldn't be done in nixpkgs
<{^_^}>
[nixpkgs] @gnidorah opened pull request #43065 → wine: build wineWow packages on hydra → https://git.io/fbpod
<rotaerk>
also, screw it. done trying to figure this libGL thing out for tonight
<rotaerk>
it's definitely the case that cabal build, from within my nix-shell, is producing a different output compared to the nix-build output
<rotaerk>
and figuring out what that crucial difference is ... is a needle in a haystack as far as I can tell
oahong has quit [Quit: 暂离]
<rotaerk>
think tomorrow I'll stash my changes and strace which libGL it used to use
<cocreature>
rotaerk: I’m not sure how you would use that approach in nixpkgs short of switching to building packages using cabal-install
M-giodamelio has joined #nixos
Guanin has quit [Ping timeout: 240 seconds]
knupfer has quit [Ping timeout: 276 seconds]
Ariakenom has joined #nixos
andreabedini has joined #nixos
<rotaerk>
actually, I just stashed my changes, and straced. looks like the nix-shell-cabal-built one from before my changes was *also* using /run/opengl-driver/lib/libGL.so.1
lopsided98 has quit [Ping timeout: 276 seconds]
<rotaerk>
so that's how it worked
<rotaerk>
so something about my upgrade to the latest nixpkgs changed that
Guanin has joined #nixos
lopsided98 has joined #nixos
reinzelmann has quit [Quit: Leaving]
<wilornel>
I just resized my ec2 instance's storage. I need to extend the fs to that new size. I think nixos has a unique way of doing it. Should I just restart the instance?
stepcut has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @orivej-nixos merged pull request #42383 → rstudio: fix build to use compatible boost version → https://git.io/f4yUf
<{^_^}>
[nixpkgs] @orivej-nixos pushed commit from @averelld to master « rstudio: fix build by using compatible boost version (#42383) »: https://git.io/fbpKX
<wilornel>
I just did `growpart` on the partition and then `resize2fs` on the partition
<wilornel>
I think it worked!
asuryawanshi has quit [Ping timeout: 260 seconds]
mariatsji has joined #nixos
mariatsji has quit [Remote host closed the connection]
mariatsji has joined #nixos
mariatsji has quit [Read error: Connection reset by peer]
mariatsji has joined #nixos
endformationage has quit [Ping timeout: 268 seconds]
wchresta has joined #nixos
sbdchd has joined #nixos
<kalbasit>
my venture to move to NixOS got blocked by Bazel, so now I'm moving back to Arch, but I want to manage packages by Nix as much as I can through user `nix-env`. Chrome is crashing on latest unstable (as of few minutes ago), Is this a bug or something wrong on my system? https://gist.github.com/kalbasit/24b23c466022f61b1bab1ebc474b650c
sbdchd has quit [Ping timeout: 255 seconds]
<maurer>
kalbasit: If you have installed nix single-user, you do not have permissions to set the root suid bit on applications
<maurer>
kalbasit: Chrome/chromium uses a helper binary to do that
<maurer>
err, which requires those permissions set
<maurer>
So, your options are either to perform store surgery (to set the permisisons as described in the log)
<kalbasit>
maurer: I see, so I installed this AUR package https://aur.archlinux.org/packages/nix which sets env var `NIX_REMOTE=daemon` and I have enabled the socket
<kalbasit>
so the package itself is installed in the system, not through curl command
<kalbasit>
not sure if that's what it means 'single mode'
<maurer>
kalbasit: OK, that should be multi-user. My next guess is that your AUR package made e.g. a nix user or something
<maurer>
can you check what user owns /nix/store, and one concrete file in a package?
<kalbasit>
it created nixbld group and `nixbld{1..10}` users
<kalbasit>
sure
<maurer>
(/nix/store should be owned by root, group nixbld, a concrete file should be root root)
<maurer>
(it making nixbld1..10 is appropriate, I'm trying to figure out if the store is correctly root owned)
<kalbasit>
```$ ls -la /nix/store/1ixgd05w85v443w4nn4p4lyhzrcsqb1s-python2.7-setuptools-39.0.1/lib/python2.7/site-packages/easy-install.pth
<kalbasit>
-r--r--r-- 1 root root 30 Dec 31 1969 /nix/store/1ixgd05w85v443w4nn4p4lyhzrcsqb1s-python2.7-setuptools-39.0.1/lib/python2.7/site-packages/easy-install.pth
<kalbasit>
oops, sorry about that, muscle malfunction
periklis has joined #nixos
<kalbasit>
maurer: so it's not the issue and yea the security one is nixos only.
<maurer>
Well, then I don't know. CONFIG_USER_NS should mean you don't need the suid binary, and the security thing is how you get the suid binary on nixos
<maurer>
you could just use magic root powers to go set suid (that 4755 mode)
<kalbasit>
maurer: and error prone. It's fine, I have a lot of work to do to move my dotfiles over with all the dependencies. I'll get to it last. Thx anyway.
funfun has joined #nixos
reinzelmann has joined #nixos
funfun has quit [Client Quit]
wchresta has quit [Ping timeout: 268 seconds]
cfricke has joined #nixos
<cfricke>
Ahoy. Quick question: I have 2 Intel systems with besides the boot and user configuration identical configurations, both listening to the same unstable channel. However, on one, when installing a python package via nix, it attempts to build it, while on the other it simply fetches the package from the channel. Where would I start looking?
freeman42]NixOS has quit [Ping timeout: 256 seconds]
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
<averell>
Did you check that they point to the same revision? /nix/var/nix/profiles/per-user/root/channels/ ?
wgas has left #nixos ["Leaving"]
azarel has joined #nixos
<azarel>
Hello everyone. I'm having trouble installing realtek wifi driver and i'm new to linux. The driver I require is rtl8723de. It's available in the extended branch of iwlfinger/rtlwifi_new github repo. So i used the following in my configuration.nix,
<vasiliy_san>
Hi all. I am *learning about GADTs* and I will be very pleased to receive a few insights. Below is a small example. AFAIU I associated a "Phantom" type with a result of each data constructor and later I am able to use that "Phantom type" to declare a function `test` (which is capable of returning different results):
<vasiliy_san>
```
<vasiliy_san>
AsInt :: Int -> I Int
<vasiliy_san>
AsString :: Int -> I String
<vasiliy_san>
data I a where
<vasiliy_san>
test :: I a -> a
<vasiliy_san>
test (AsInt x) = x
<vasiliy_san>
test (AsString x) = show x
<vasiliy_san>
```
<vasiliy_san>
I am wondering if it's possible to implement that mapping from a concrete constructor to a type without GADTs? Below is code which *doesn't compile* but I think it demonstrates my desire to create a type-level function which maps a Concrete constructor to some type
<vasiliy_san>
```
<vasiliy_san>
data AB = A Int | B Int
simukis has joined #nixos
<vasiliy_san>
Oh, wrong channel, sorry :(
<manveru>
:D
crmlt has quit [Ping timeout: 255 seconds]
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
knupfer has quit [Remote host closed the connection]
ericsagnes has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixpkgs] @orivej-nixos pushed commit from @orivej to master « sqlitebrowser: list ma27 as the maintainer (from #43047) »: https://git.io/fbpxy
<ajs124>
manveru, I noticed problems with that as well. My workaround was overriding postgresql to postgresql10. At least that solved my problem with an old libpq being used.
<manveru>
i just moved postgresql100 before pgcli in the buildInputs
<manveru>
luckily i don't need libpg for this
xy2_ has joined #nixos
knupfer has joined #nixos
<{^_^}>
[nixpkgs] @xeji merged pull request #43051 → patchwork-classic: fix typo in package name → https://git.io/fbpuZ
<{^_^}>
[nixpkgs] @xeji pushed commit from @keks to master « fix package name (#43051) »: https://git.io/fbpp8
<Shoadi>
Hello functional party people. I am trying to install NixOS minimal from the ISO in a VirtualBox. I followed the instruction - but when trying <nixos-install> it tells me that: "building the configuration in /mnt/etc/nixos/configuration.nix... error: setting journal mode: database or disk is full (in '/mnt/nix/var/nix/db/db.sqlite'). Disk space is 8G so I don't really understand what it wants to tell me. Can anyone help me out?
astrofog has joined #nixos
freusque[m] has joined #nixos
<infinisil>
Shoadi: can you gist the output of running df?
adamt has joined #nixos
<adamt>
During installation of NixOS on an EFI system, is it somehow possible to avoid setting the new installation as first boot device, but just add it to the end of the list?
<adamt>
(I'm doing unintended installations with PXE, and right now the boot order gets messed up after installation, that is, the PXE device isn't top priority any more)
<{^_^}>
[nixpkgs] @dotlambda pushed commit from @r-ryantm to master « conan: 1.4.5 -> 1.5.1 (#43032) »: https://git.io/fbhqE
<infinisil>
ma27: I think an autorandr-unwrapped isn't needed really, you could just put it next to the autorandr derivation. There -unwrapped things are always a bit confusing imo
<ma27>
infinisil: I added the `unwrapped` derivation to make overrides to the autorandr package itself easier
<ma27>
just modify `autorandr-unwrapped` in an overlay and you don't have to care about the wrapper
<infinisil>
Ah I see
<gchristensen>
yikes
<gchristensen>
IMO if we're modifying the service we should just express it in the Nix module instead
<ma27>
gchristensen: am I wrong?
<gchristensen>
instead of doing string substitution
astrofog has quit [Quit: Quite]
<infinisil>
And where even does the derivations .service file even get included?
<infinisil>
I just wondered about this before
<ma27>
infinisil: systemd.packages can be used for this
<infinisil>
Ohh I see
rain1 has quit [Ping timeout: 260 seconds]
<infinisil>
And it correctly merges with the systemd.services.autorandr.wantedBy ?
<ma27>
and the udev stuff is currently set up with services.udev.packages
<ma27>
infinisil: from my understanding yes, but I'll recheck (sorry, it's a while ago that I filed this, so I'm not sure :D)
<ma27>
gchristensen: so, patcihng .services files is a deal-breaker for you in this case, correct?
<ma27>
I'm not sure about this, I thought that it might be easier to just modify the existing service files rather than maintaining our own unit
<infinisil>
Hmmm... He has a point, patching a systemd service file isn't really a good long-term solution
<ma27>
optionally we could simply apply a patch with `substituteAll`, then it might be more obvious
<gchristensen>
ma27: yeah I think it is a deal-breaker
<ma27>
ack, then I'll fix this part of my change
<infinisil>
On the other hand, I would like systemd service definitions to be nearer at the packages
<infinisil>
Porting the .service file to nixos systemd.services.* might be cleaner, and makes it easy to override stuff
<ma27>
I'm not a long-term nix(os) user, so I was simply not sure which of these options is the better choice in the long-term :D
<ma27>
infinisil: ack
<infinisil>
Should be fairly easy tbh, the file almost maps 1-1 to systemd.services.* :P
<infinisil>
Sorry for the many critiques heh
<infinisil>
I personally never dealt with these package-defined .service definitions
nD5Xjz has quit [Ping timeout: 260 seconds]
<ma27>
infinisil: that's perfectly fine, I guess that whenever code in a distro is changed, any kind of nit-picking is legit %)
<infinisil>
I should build a .service file to systemd.service.* option converter :O
<infinisil>
Eh, probably not worth it
<ma27>
infinisil: shouldn't be too hard, most of the unit values can be directly applied to systemd.services.*.serviceConfig, right?
<infinisil>
The Unit ones can't, only the Service ones belong in serviceConfig
xy2_ has quit [Quit: WeeChat 2.0]
<infinisil>
There's stuff like systemd.services.{after,description,wantedBy}
<{^_^}>
#41651 (by magnetophon, open): error: while setting up the build environment: getting attributes of path '/etc/hosts': Permission denied
cfricke has joined #nixos
kisik21 has quit [Quit: Leaving.]
thetet has joined #nixos
andymandias has quit [Ping timeout: 256 seconds]
<cfricke>
Ahoy, quick question from earlier, under what circumstances would nix build a package rather than fetch the drv from the channel directly? I have two identical systems (configurations) and one fetches scikitlearn, whereas the other tries (and fails) to build it.
phdoerfler has joined #nixos
<goibhniu>
hi cfricke, what does `nix-info` say on both machines?
<cfricke>
goibhniu: hm, I was so certain that the channels were the same. But apparently they are not. However, nix-channel list both point to unstable. And when I run an update at the same time, the version numbers remain.
logzet has joined #nixos
<cfricke>
goibhniu: One is pre142796, where as the other is pre14495.
<goibhniu>
cfricke: are you updating the root channel too?
<cfricke>
goibhniu: I have a package override for a list of python packages.
tzemanovic has joined #nixos
<infinisil>
pie__: qpixmap doesn't seem to be in nixpkgs, so maybe you need to package it, or something, I don't have much qt experience
<goibhniu>
I'm wondering if you have another channel which is used by a user profile
<goibhniu>
cfricke: maybe give the output of nix-ino
andymandias has joined #nixos
<cfricke>
goibhniu: Yup, one moment. And thanks for your help!
<pie__>
infinisil, its a class in qt. but i just realized i havent googled this issue much and qt does a lot of plugin-y stuff with shared objects, so maybe im missing a path variable somewhere
<goibhniu>
sure, np!
* pie__
pokes around
<{^_^}>
[nixpkgs] @adisbladis pushed to master « nodePackages_10_x.pnpm: init at 2.9.0 »: https://git.io/fbhR4
<cfricke>
goibhniu: Ah, I think I found something. One of the system seems to have a user channel. I fiddled with that to get rid of the nix search path entry warning at some point.
<nlytend>
o/
<goibhniu>
cool, I thought it might be something like that
<cfricke>
I assume the pre###### numbers are increasing with release. So it must fall back to an earlier channel where scikitlearn was building. That would explain the currently lack of a derivative in the unstable channel.
boothead has joined #nixos
<nlytend>
How do i mount an encrypted external hdd to my system declaratively? So that my system boots and mounts it when it's connected and skips it when disconnected.
<infinisil>
pie__: Probably best to just write a shell.nix and add this env var as an attribute
griff_ has joined #nixos
<magnetophon>
goibhniu: hi! long time no see! How are you?
<boothead>
Hi all, I'm still having major problems with my laptop and I want to try downgrading to 17.09. Is it just a case of chaning the nix-channel back?
<nlytend>
Using nixos-generate-config handles everything except, 'nofail' in fstab
<goibhniu>
cfricke: it's also easy to install the working version into your user profile on the other box, if you like
xy2_ has joined #nixos
<pie__>
infinisil, ugh. i always forget how to write shell.nix :P
<infinisil>
boothead: What are those problems?
<cfricke>
goibhniu: You mean add the release channel?
<cfricke>
Or move the drv?
<goibhniu>
hiya magnetophon! I'm doing well cheers. Enjoying rural life in Ireland :D
<gchristensen>
you can declare it in your filesystems and add the option "nofail" nlytend
<goibhniu>
cfricke: nah, you do `nix-store -r /nix/store/somestuff-blah`
<boothead>
I can't get X to work. If I enable X it doesn't start properly and I get lots of messages abou8t rcu_shed something or other
<gchristensen>
boothead: (did you try dropping the CPU microcode update config option?)
<boothead>
yup
<gchristensen>
( :( )
<infinisil>
pie__: Just stick a `with import <nixpkgs> {};` at the top, `stdenv.mkDerivation { name = "foo"; }` follows, and that's all you need for a basic shell.nix :)
jensens has quit [Ping timeout: 260 seconds]
<cfricke>
goibhniu: reading the manual. thanks a lot!
<goibhniu>
cfricke: glad to help!
<pie__>
infinisil, ok thanks. where do i put what i have in the -p ?
griff__ has joined #nixos
<infinisil>
pie__: attributes in mkDerivation will be set as env vars
<nlytend>
Bear with me here, i declared the filesystem."".options = ["nofail"], tht is correct usage?
<pie__>
infinisil, yeah ive got that, but the ghcWithHoogle
<pie__>
i never know if i put that into buildinputs or what
griff_ has quit [Ping timeout: 260 seconds]
griff__ is now known as griff_
<nlytend>
hardware-config.nix has duplicate filesystem."".xyz in that case
<boothead>
gchristensen: Is if possible to just change the channel and rebuild?
<Taneb>
infinisil: I'll have to experiment with agda.mkDerivation
<goibhniu>
hrm
endformationage has joined #nixos
<pie__>
infinisil, yea thats what i did, it seems to work, thanks
knupfer has joined #nixos
<infinisil>
gchristensen: I mean that happens right when you're trying to use the value somewhere, but there isn't a trace back to "the point where the user touched the expression"
<gchristensen>
infinisil: yeah, but Nix could probably do a smarter thing and provide a good error
<infinisil>
Hold on I'll make this work
<gchristensen>
is what we were talking about
Orbstheorem has joined #nixos
<infinisil>
Hmm.. not sure how that would work still, but better error messages would always be nice
__Sander__ has quit [Ping timeout: 255 seconds]
__Sander__ has joined #nixos
kini has joined #nixos
<magnetophon>
goibhniu: so you're out of ideas too, huh?
<goibhniu>
yeah, I only had one idea ^_^
<{^_^}>
[nixpkgs] @TomSmeets opened pull request #43072 → sixpair: init at 2007-04-18 → https://git.io/fbhu9
<magnetophon>
goibhniu: thanks for trying though!
<goibhniu>
np, that's an annoying issue :/
xy3_ has joined #nixos
xy2_ has quit [Ping timeout: 264 seconds]
<infinisil>
gchristensen: Oh you know what, if Nix were to provide a `builtins.ast` expression that returns the ast of the argument (with file, line, column information) in a nix attribute, this could be used to have useful errors, without any nix syntax change
<infinisil>
E.g. if buildInputs detects a function in its input, it could take values until it's not a function anymore, get the source code information and return an error "Did you mean to put brackets around `fun val val` in buildInputs?"
<infinisil>
And efficiency doesn't matter in that case, because it errors anyways
ryanartecona has quit [Quit: ryanartecona]
thetet has quit [Quit: Leaving.]
thetet1 has joined #nixos
__Sander__ has quit [Quit: Konversation terminated!]
wchresta has joined #nixos
dmc is now known as Admiral_Fukiyama
dbmikus has joined #nixos
<pie__>
infinisil, works great though, thanks
xy3_ has quit [Quit: WeeChat 2.0]
lhart has left #nixos ["Good Bye"]
periklis` has quit [Ping timeout: 276 seconds]
griff_ has quit [Ping timeout: 264 seconds]
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
erasmas has joined #nixos
winem_ has quit [Ping timeout: 276 seconds]
<{^_^}>
[nix] @volth opened pull request #2275 → [bugfix] lib.concatMap and lib.mapAttrs to be builtins → https://git.io/fbhau
thetet1 has quit [Ping timeout: 265 seconds]
drakonis has joined #nixos
<keks>
hey, I need `ld` for development work but can't find out which package i need to pull into my shell. {^_^} hints me to some mentorToolchain for arm, but I doubt that's what I need
<srk>
keks: nix-shell -p stdenv ?
<srk>
or binutils
<adisbladis[m]>
keks: `ld` is in gcc
thetet has joined #nixos
<adisbladis[m]>
Which is included in `stdenv`
crmlt has quit [Ping timeout: 264 seconds]
<keks>
Ah, I though stdenv.cc.cc would be enough, thanks!
<goibhniu>
mupf: `nix-build /path/to/your/clone/of/nixpkgs -A emacsripten`
<goibhniu>
if you change a letter in the sha256, if will throw an error and tell you the correct hash
<mupf>
thanks
Thra11 has joined #nixos
<mupf>
If everything works out, I can send a pull request?
<goibhniu>
that will create a ./result with the build output
<goibhniu>
yeah, that would be great!
gadrabha has joined #nixos
<gadrabha>
Hello! Shouldn't `nix-env -q | grep xmonad` display xmonad-contrib? How can I install it? I have only nixos-unstable as channel; should I have another one with extra packages, such as this one?
<mupf>
goibhniu: what exactly are these result symlinks anyway? I find them quite annoying when they appear wherever I run nix-build
<goibhniu>
that's how you can examine a build
hakujin has joined #nixos
<mupf>
ah
<goibhniu>
you should delete them when you're done, so they can be garbage collected
<mupf>
It's a bit sad. For a moment I believed I'm some kind of crazy genious who can guess sha256 hashes
<goibhniu>
lol
<goibhniu>
what a superpower to have!
<mupf>
Indeed
<mupf>
For some reason the movie Cube crossed my mind
<mupf>
:D
<mupf>
Better not.
zearen has joined #nixos
sbdchd has joined #nixos
graphene has quit [Remote host closed the connection]
SagnikS has joined #nixos
roconnor has joined #nixos
graphene has joined #nixos
sbdchd has quit [Ping timeout: 245 seconds]
<SagnikS>
So, I'm having this issue. When I add a software to my config.nix and rebuild and then reboot, the program can be launched through Konsole, but doesn't come up in the Application Menu (Start Menu)
<hyper_ch>
orivej: ah, ok... already sovled.. I thought another package broke with that missing qt5_use_modules but upon closer inspection it was still sqlitebrowser
rardiol1 has quit [Remote host closed the connection]
<orivej>
hyper_ch: afaik, sqlitebrowser builds now
<hyper_ch>
orivej: yeah I know... it just looked for a moment that error now appears with system-config-printer package but I looked wrong
<orivej>
ok
jgt has joined #nixos
SagnikS has quit [Ping timeout: 252 seconds]
<jgt>
I know how to use a specific nixpkgs with fetchFromGitHub in a file, but how do I do the same thing on the command line? I want to do something like `nix-env -i` to install something, but with a specific nixpkgs commit
<hyper_ch>
orivej: if multiple packages build at the same time and produce output it's very confusing for average computer users like me :)
<infinisil>
jgt: -I nixpkgs=https://github.com/nixos/nixpkgs/archive/<commit or ref>.tar.gz
<infinisil>
Is one way
<orivej>
hyper_ch: i rarely use this feature, but with nix 2 you can run "nix log some.pkg" to get its log
<jgt>
infinisil: do I still need to do the sha256 dance this way?
<infinisil>
jgt: Nope
<jgt>
infinisil: Nice. Thanks!
aarvar has joined #nixos
<infinisil>
It is similar to builtins.fetchTarball "https://..." which also doesn't require a sha256
<hyper_ch>
orivej: do I have nix 2? :)
<infinisil>
jgt: The disadvantage is that it only keeps it cached for 1 hour, after which it will redownload it
<mupf>
goibhniu: everything worked out, the build inside ./result is fine. How can I install it now?
<orivej>
hyper_ch: "nix" command only exists in nix 2
<jgt>
infinisil: in my case, that's fine
<clever>
infinisil: fetchTarball will use the last-modified and etag headers the remote server advertises to cache the reply
SeinfeldS07E22 has joined #nixos
<clever>
infinisil: and nginx etag's are generated based on the filesize and last-mod timestamp, so nix's timestamp fudging can massively break it
<goibhniu>
mupf: I'm not sure if nix-env -i ./result works ... otherwise get the store path of result (e.g. with ls -l) and `nix-env -i` that
<LnL>
goibhniu: mupf: pretty sure nix-env -i ./result will resolve it for you
<goibhniu>
cool!
<hyper_ch>
clever did something clever again?
<orivej>
hyper_ch: it's a bit confusing, try "nix log -f '<nixpkgs>' sqlitebrowser" or "nix log nixpkgs.sqlitebrowser"
<clever>
hyper_ch: i helped somebody debug something a few days ago, where his channel was configured with nginx+nixos, and was hosting a tar directly from the store
<hyper_ch>
orivej: nice, thx
<hyper_ch>
clever: your nickname still suits you :)
<mupf>
It worked. thanks
nD5Xjz has joined #nixos
<jgt>
Damn :-/ My install is failing with the "Argument list too long" error
zearen has joined #nixos
<jgt>
I tried doing: nix-env -i -I nixpkgs=https://github.com/nixos/nixpkgs/archive/7283740218a5178185a8c1bf0ecfa861f5f9f0f7.tar.gz stack2nix
graphene has quit [Remote host closed the connection]
mariatsji has quit [Remote host closed the connection]
zearen has joined #nixos
johnw has quit [Ping timeout: 240 seconds]
mariatsji has joined #nixos
<hakujin>
hi folks. what's the correct way to get my hands on `uuidgen` on darwin? `utillinux` looks to be the canonical source and, obviously, won't work on darwin.
periklis` has joined #nixos
johnw_ is now known as johnw
<hakujin>
maybe cc LnL ^
<clever>
hakujin: oddly, utillinux can build on darwin
<clever>
nix-build '<nixpkgs>' -A utillinux --argstr system x86_64-darwin
<hakujin>
hmmmmm
johnw has quit [Changing host]
johnw has joined #nixos
<clever>
hakujin: but that variant doesnt contain uuidgen
<clever>
lrwxrwxrwx 1 root root 67 Dec 31 1969 col -> /nix/store/ngw4nhjjwmg516h2v6anhk2012s90jwd-col-1003.1-2008/bin/col
<clever>
and it appears to be a buildenv called utillinux-compat-1003.1-2008, that collects other darwin packages together
<LnL>
we have a shim that tries to throw together most binaries that are in utillinux
zearen has quit [Quit: WeeChat 1.9.1]
<hakujin>
clever: LnL: how do I go about using that? `utillinux-compat` doesn't seem to load here (or maybe I'm not sure how to use it?)
<clever>
hakujin: its under the utillinux attribute
<hakujin>
clever: like this? `nix-shell -p utillinux.compat`?
<clever>
nix-shell -p utillinux
goibhniu has joined #nixos
<hakujin>
ah, right, but like you mentioned that doesn't seem to contain the uuidgen binary
<LnL>
it's not in there, seems like we don't have a package for it (yet)
<hakujin>
ack. thanks for the info.
sbdchd has joined #nixos
<LnL>
there is one on my system, so it's probably in one of the projects on opensource.apple.com
periklis` has quit [Remote host closed the connection]
moet has quit [Ping timeout: 276 seconds]
waynr has joined #nixos
<waynr>
howdy folks
periklis has joined #nixos
sbdchd has quit [Ping timeout: 248 seconds]
<waynr>
i'm having difficulty understanding how to install nix in single-user mode as anything other than root user or in multi-user mode as root, but maybe my problem is that it's just not possible to do this on a debian based system
<waynr>
ah i found the problem, i was creating the profiles directory as root after creating /nix as nix-daemon
periklis has quit [Ping timeout: 240 seconds]
moet has joined #nixos
<goibhniu>
mupf: it looks like you were on a different branch/revision ... you could reset the master branch to the same as upstream master and then add your changes again ... can I give you a hand with that?
<mupf>
goibhniu: I would appreciate that but for now I better close the pull request, right?
<goibhniu>
cool, yeah!
<{^_^}>
[nixpkgs] @mupfelofen-de closed pull request #43078 → emscripten: 1.37.16 -> 1.38.6, Add mupf to maintainer list → https://git.io/fbh7k
<goibhniu>
have you got any other changes locally that you'd like to keep?
<phry>
hi. has 18.09pre accidentally been pushed to the 18.03 channel? nixos-rebuild switch puts me on 18.09 o_O
<mupf>
I accidently dropped my changes a few seconds ago. So no, I only changed this
<mupf>
Damn, I'm tired.
<clever>
phry: what does nix-channel --list print?
<mupf>
nothing
<phry>
clever: forget it, I just noticed I messed with my NIX_PATH :/
<phry>
although that was months ago, no idea why it just happened now o_O
<goibhniu>
mupf: run `git fetch` to get all the lastest stuff, then `git reset --hard a04c9e2` to undo any local changes ... then edit the file again, commit etc.
<goibhniu>
mupf: I'm assuming that your remote is nixos/nixpkgs and your branch is "master"
<samueldr>
there were .deb/.rpm packages before, but IIRC they were dropped since they weren't dogfooded, neither tested properly
<mupf>
i must have accidently changed my local branch
<goibhniu>
mupf: sweet, you know what to do from here, right?
<mupf>
I guess I need to switch branches? probably release-18.03?
<goibhniu>
a package upgrade would go on master
<waynr>
samueldr: it looks like there .deb's being built: https://hydra.nixos.org/build/75164722, but they don't seem to be deposited in a release directory
<goibhniu>
so you should be good. You can make your changes, push to your fork and then open a PR.
<mupf>
to my own master branch too?
<goibhniu>
yeah
<samueldr>
oh, last time I checked, waynr, I couldn't find the .deb builds on hydra
<mupf>
well, that was what I did in the first place.
<goibhniu>
well, it doesn't matter what the branch in your fork is called
<samueldr>
though the dogfooding/testing argument still stands AFAIK
<waynr>
what kind of testing should be done?
<goibhniu>
mupf: you seemed to have differences in your branch compared to nixos/nixpkgs master
<samueldr>
it already was the case with the 1.11 series
<mupf>
goibhniu: this is what makes me feel a bit unsure
<samueldr>
and as for dogfooding, enough nix users which use the .deb/.rpm so it's known when things are going sour
<goibhniu>
mupf: when you open the PR, you should see only your changes
periklis has joined #nixos
<goibhniu>
mupf: what are you concerned about?
<waynr>
symphorien: thanks for the link!
<LnL>
waynr: those are the nix unittests
sigmundv has quit [Ping timeout: 255 seconds]
<{^_^}>
[nixos-foundation] @zimbatm pushed to minutes « first pass at documenting the foundation's goals »: https://git.io/fbh5N
<{^_^}>
[nixos-foundation] @zimbatm opened pull request #2 → first pass at documenting the foundation's goals → https://git.io/fbh5p
<mupf>
goibhniu: check my previous pull request. I only changed minor things from my branch, but the changes doesn't look so minor in comparison to nixpkgs's master branch
<goibhniu>
mupf: ah ok, but you've reset it now
<waynr>
LnL: oh i see, not running installed on a debian/ubuntu system
<waynr>
i wonder how difficult it would be to run the tests using a nix installation in a docker image
<goibhniu>
mupf: your fork is probably just out of date
<mupf>
goibhniu: Yes, but I can't pull my changed files from release-18.03 to nixpkg's master
gadrabha has quit [Ping timeout: 252 seconds]
<mupf>
I just wanted to update the package to the most current version.
<symphorien>
mupf: is your change only one commit ?
<goibhniu>
mupf: I don't understand, why would you want to pull your changed files from the release?
ThatDocsLady has quit [Ping timeout: 256 seconds]
<samueldr>
oh, the impression I got that they dropped all .deb/.rpm came from dropping debian8 (they still build for ubuntu)
<goibhniu>
mupf: do you have changes in your branch that you want to keep?
<mupf>
goibhniu: It wasn't my intention. It's the version I currently use on my system. I wasn't aware of the fact that the master branch is different.
<mupf>
no
<goibhniu>
ah! I see
mariatsji has quit [Remote host closed the connection]
<goibhniu>
mupf: anyway, that doesn't matter for the PR. You want to make changes on any branch and create the PR against master and then you should be good.
<gchristensen>
waynr: correct, releases are no longer put there
<waynr>
ah, i see those and additional releases on nixos.org/releases/nix
<mupf>
goibhniu: the emscripten package was only updated a month ago. I don't wanna screw with people's work
<goibhniu>
mupf: aha! so you probably really just want to install the latest version of emacscripten
<{^_^}>
[nixos-foundation] @zimbatm pushed to minutes « more »: https://git.io/fbhd1
<mupf>
goibhniu: indeed.
<mupf>
Guess I need to learn alot about NixOS.
<mupf>
before contributing.
<goibhniu>
well, you're learning ... and you almost opened a PR :D
<waynr>
but the problem seems to still be that nothing after 1.11.2 has debs even though they're being built and as far as i can tell it looks like at least unit tests are run against the installed package (after taking a closer look)
<LnL>
waynr: there are at least 3 different docker containers out there to run nix
<mupf>
goibhniu: I opened and closed one.
<goibhniu>
mupf: but for now, you have a few ways to install it. Do you use a user-profile?
<gchristensen>
waynr: the deb and rpm installations methods have been removed because they're not supported
<goibhniu>
(i.e. do you install things with nix-env)
<clever>
bpye: using disabledModules, you can stop nixos from using the zfs.nix in nixpkgs
<clever>
then you can add a copy of it via imports = [ ./zfs.nix ];
<clever>
and freely modify the copy
<clever>
and file a PR when its working good
lassulus has quit [Ping timeout: 256 seconds]
<bpye>
Got it
bennofs has joined #nixos
roconnor has quit [Ping timeout: 264 seconds]
<bpye>
Currently I'm just setting up what I intend to run in a VM as I can't really afford to have my backup share offline etc, then I'm planning to move from my Docker everything in containers approach to NixOS
thblt has left #nixos ["ERC (IRC client for Emacs 26.1)"]
worldofpeace has joined #nixos
wchresta has joined #nixos
xy2_ has joined #nixos
<bebarker>
I've been looking at https://github.com/NixOS/nix/issues/1559, as I need to install nix in a single user environment. Haven't tried. Is it possible? the possible need for the nixbuildx (x from 1 to 30) users is a concern
<{^_^}>
#1559 (by Anton-Latukha, open): Nix single user install on Linux wants 'nixbld' group and workers, else - it fails
<clever>
bebarker: if nix is ran without root, then it works without build users
<{^_^}>
[nix] @dtzWill opened pull request #2276 → add support for specifying 'compression-level' for NAR's → https://git.io/fbhhI
tghume has joined #nixos
<bpye>
Also, if I want to use nixops on a non NixOS OS I need to install Nix there first?
<bebarker>
clever, ok cool
<clever>
bpye: yeah
<bpye>
clever Okay, currently I'm just pushing over my configuration.nix and using ssh to switch state, with NixOps I should be able avoid that though right?
<clever>
bpye: yeah, nixops builds the config locally (ignoring the remote configuration.nix), then pushes the finished build over
<srk>
you can achieve similar thing with nixos-rebuild --build-host and --target-host
<bpye>
How does that work with hardware-configuration.nix or does NixOps just rely on the remote for that?
<srk>
you need to reflect that manually
<clever>
bpye: you have to specify all of that locally
<clever>
bpye: the aws backend handles the hardware stuff automatically, but none requires it to be manually done
<worldofpeace>
How am i supposed to debug a wrapped program in gdb?
<clever>
worldofpeace: read the wrapper script, manually run the export statements, then run gdb against the -wrapped binary
<worldofpeace>
clever: thanks :)
lassulus has joined #nixos
<bpye>
So just to double check, for nixops I need to config manually to get ssh working, then I can do the rest from nixops? And I guess just be careful that I don't screw up the SSH config else I'll need to rollback
<clever>
bpye: yeah
<tenten8401>
I screwed up SSH once with nixops
<tenten8401>
had to start another sshd on another port and deploy to that port
<clever>
bpye: and also make sure it can still boot
<bpye>
clever: Right, but so long as it boots and can start the ssh daemon I should be good?
<clever>
bpye: yep
manj-gnome has joined #nixos
humanoyd has quit [Quit: WeeChat 2.1]
manj-gnome is now known as jessechaos
sbdchd has joined #nixos
Thra11 has quit [Ping timeout: 256 seconds]
<worldofpeace>
,locate bin odjdump
<{^_^}>
Unknown locate type bin
hiroshi has quit [Ping timeout: 240 seconds]
<worldofpeace>
,locate bin/odjdump
<{^_^}>
Couldn't find any packages
<worldofpeace>
,locate bin/objdump
<{^_^}>
Found in packages: arduino, androidndk, gotools.bin, avrbinutils, arduino_core, gcc-arm-embedded, binutils-unwrapped, and 2 more
<infinisil>
(removed ,locate bin <name>, because it's pretty much the same as bin/<name>)
<joepie91>
,locate objdump
<{^_^}>
Found in packages: go, arduino, androidndk, gotools.bin, avrbinutils, arduino_core, gcc-arm-embedded, and 4 more
<infinisil>
Although, actually it's not.. I'll add it again
silver has joined #nixos
sbdchd has quit [Ping timeout: 256 seconds]
roconnor has joined #nixos
Thra11 has joined #nixos
Thra11 has quit [Client Quit]
jessechaos has quit [Quit: Leaving]
testuser has joined #nixos
<testuser>
Hi, my X crashed due to running some java program, is there a way to get the log of the crash or possibly set the X to store the logs in the future? Some linux distributions store those logs into /var/log/X.log.*, but I only see the /vag/log/X.0.log - where could I find the log of the X crashing?
<infinisil>
testuser: I think that's in `journalctl -u display-manager -e`
<cocreature>
am I supposed to be recompiling binutils when I’m on the nixos-unstable channel? I feel like if the channel is upgrade, that should be in cache
<cocreature>
*upgraded
<clever>
cocreature: it should be in the binary cache
<cocreature>
clever: huh weird, I haven’t overridden anything that should matter here
knupfer has joined #nixos
chessai has joined #nixos
nlytend has quit [Ping timeout: 240 seconds]
<bpye>
Hm, is there any plan to support something other than datadog so widely as NixOps/NixOS currently has datadog integrated? Seems nice but the free version offers no alerts which is a bit of a blocker
jessechaos has joined #nixos
<clever>
bpye: the free version also has a fairly low host count
<clever>
bpye: my main issues with cacti currently, is that you have to configure what to graph at a central point, while push-based things like DD have that configured on the remote machines
<clever>
bpye: and how cacti has been removing features i used to improve performance
<gchristensen>
obadz: ping
<bpye>
Silly question, where is nix.conf when installing as a regular user?
<{^_^}>
#42761 (by grahamc, open): Require 2FA for all committers
<pikajude>
you're saying i have to check it *manually*?
<pikajude>
preposterous
<cocreature>
can I somehow search hydra for a specific derivation? e.g. nix-rebuild switch --upgrade tries to build "/nix/store/fn2w2psndgxplg9hh59k1s277ph9p36q-binutils-2.30.drv" and I’d like to check whether hydra has ever attempted to build that
<gchristensen>
well you don't have to, but I can't run the thing which tellsme who is left -- only a few people can, and I've bugged them a lot today :)
<clever>
cocreature: in your case, curl cache.nixos.org/8kp1k26il5n08bqm3f18nhxm0p8qimjc.narinfo
periklis has quit [Ping timeout: 245 seconds]
<civodul>
gchristensen: thanks for the heads-up! i guess i'll officially no longer be part of the game :-)
<bpye>
disasm: Awesome, thank yuo
<bpye>
civodul: Any reason why a 2FA app on a phone wouldn't work for you?
<bpye>
I'm just curious since I've been using 2FA everywhere I can for quite a while
<LnL>
infinisil: ^ the bot probably shouldn't react if it's already a full url
<infinisil>
I'm doing it for the meta info though
<civodul>
bpye: i don't have a phone, but i no longer contribute to Nixpkgs anyway
<clever>
cocreature: is the nixos cache in nix.conf?
<civodul>
bpye: apparently a phone is not strictly required though
<roconnor>
gchristensen: thanks for the heads up!
<gchristensen>
roconnor: thank you!
<infinisil>
LnL: Do you think the merge state, author and title isn't as useful? I quiet like it tbh
<samueldr>
using a phone is the most common setup for 2FA, but what's actually important is to have software implementing the scheme
andymandias has quit [Ping timeout: 256 seconds]
<samueldr>
(in this case)
<bpye>
I've moved to a U2F key anyway, just wish more things supported it
<gchristensen>
bpye: same :)
<cocreature>
clever: thanks! I just noticed myself that I accidentally removed the nixos cache when I added a cachix cache. now that I’ve added it back, things seems to work as I expect them to!
<aristid>
gchristensen: 2FA enabled
<gchristensen>
thanks!
jgt has joined #nixos
<jgt>
how do I install something into my profile, the same way `nix-env -i` would, when I build something with `nix-build`?
<gchristensen>
nix-env -i ./result
<jgt>
ah!
<jgt>
thanks
<LnL>
infinisil: hmm, well now I can't avoid it echoing me, with the previous format it's deliberate
andymandias has joined #nixos
<aristid>
gchristensen: thanks for the reminder here, i disabled e-mail notifications for nixpkgs a long time ago as it killed my email inbox speed :D
<infinisil>
LnL: I'll remember it, let's see if I get any more complains about it
<gchristensen>
aristid: haha understood
<{^_^}>
[nixos-foundation] @grahamc pushed 27 commits to sfc-app: https://git.io/fbjUE
freeman42x]NixOS has joined #nixos
rain1 has joined #nixos
<roconnor>
gchristensen: done. Should I reply to the thread?
<{^_^}>
[nixpkgs] @domenkozar pushed commit from @tadfisher to master « zoom-us: 2.2.128100.0627 -> 2.2.128200.0702 (#42922) »: https://git.io/fbjUH
jtojnar has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixos-foundation] @grahamc opened pull request #4 → Initial commit of the SFC application. → https://git.io/fbjUd
jtojnar_ is now known as jtojnar
camsbury has quit [Remote host closed the connection]
<bpye>
Can I tell nixops what key to use?
<bpye>
I would rather it used my SSH agent
<infinisil>
,locate bin objdump
<{^_^}>
Found in packages: gotools.bin, binutils-unwrapped
<infinisil>
There we go, much nicer than ,locate bin/objdump
<bpye>
Hm NixOps builds locally then pushes everything? Looks like I might have to do this under native Linux rather than WSL anyway as file IO perf kinda sucks on WSL
<gchristensen>
oofta yeah nixops is probably going to be pretty tough on wsl
<bpye>
Yeah just tried :)
<bpye>
I guess it makes sense, I've worked on machines without external network access and building on the dev machine makes a lot of sense then
<bpye>
Might actually try running NixOS on this laptop
rardiol1 has joined #nixos
sbdchd has joined #nixos
wgas has joined #nixos
sppky has joined #nixos
sbdchd has quit [Ping timeout: 256 seconds]
justbeingglad has joined #nixos
justbeingglad has left #nixos [#nixos]
blankhart has quit [Ping timeout: 245 seconds]
<gchristensen>
do it!
Ariakenom has quit [Quit: Leaving]
<bpye>
Should setting resources.sshKeyPairs.ssh-key.publicKey be enough to get it to use my existing SSH key pair?
<grp>
I'm trying to create an overlay, but even with an empty definition (self: super: {}), I get a lot of weird derivations when I do a dry-build. How can I inspect wtf is going on?
<grp>
LnL: I've been trying to follow https://nixos.wiki/wiki/Overlays but options.nix.nixPath.default triggers an error so I left it out. Must be the root of this issue
TrentP has joined #nixos
<grp>
trying to get it working, inspecting stuff with nix repl, still haven't found what's going on
Wharncliffe has joined #nixos
mmercier has quit [Quit: mmercier]
<grp>
What I'm trying to do is: create an overlay where I define some packages, modules and replace a module that's not working quite right (once I fix it I'll put a PR, but for now I need to hack around)
<grp>
(it'd be soooooooooo much easier if I could break the rules and edit the nix store directly to hack around the channel's definitions)
<LnL>
overlays only work for packages
<LnL>
why? use a checkout and -I nixpkgs=/foo
<grp>
ok, seems I was doing it the wrong way
<grp>
will try that
<LnL>
you're not forced to use channels, it's just the default
<grp>
still want my overlay/channel to pack internal stuff across machines
TrentP has quit [Client Quit]
TrentP has joined #nixos
<grp>
anyway, i've been getting X related derivations and I have no clue what's pulling them. Is there a way to inspect the dependencies solver?
<LnL>
and you can get the revision of your current channel with something like this
<LnL>
ls -la $(nix-instantiate --eval -E '<nixos>')
drakonis has quit [Remote host closed the connection]
<LnL>
(last part of the store path)
blankhart has joined #nixos
<LnL>
but there's probably a better way to get that :)
<LnL>
there's nix why-depends and nix-store -q --tree
<hakujin>
are patches listed in `patches` immutable? I'm trying to combine `prePatch` + some terrible `sed` to edit a patch.
jperras has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #43088 → Get rid of 2 unneeded packages → https://git.io/fbjmE
<grp>
LnL: why-depends seems nice, but it doesn't show what's pulling what from the current configuration.nix, or does it?
<grp>
seems I'll have to iterate on it
<LnL>
why-depends is only for runtime dependencies, I think you can make it resolve stuff for nixos given the right arguments
<LnL>
let me try
<grp>
just iterated over every package defined in the configuration.nix, and... none depends on xscreensaver. Guess I was right, the problem is I'm screwing up nixPath
<grp>
ouch, 400MiB and counting... nixpkgs repo is hefty, should have trimmed revisions
<phreedom>
grahamc: I've enabled 2fa. effectively I assume the only security implication of this is that you no longer can push using login/password and have to use the ssh key and you can't easily change the ssh key using just the login/password combo
<phreedom>
pikajude: I was using git+ssh, but the concern is that you can change the account ssh key using just the login/password combo, so 2fa plugs this hole as with 2fa the real password(2fa seed) is never transmitted, and in theory you could use an offline device to store that password(hw token, second high-security laptop)
<pikajude>
oh you can
<pikajude>
ok
<pikajude>
i didn't know that
grp has quit [Quit: box shutting down...]
viric has quit [Read error: Connection reset by peer]
<gchristensen>
you sure can! including U2F support which is a hardware token
viric has joined #nixos
<pikajude>
hm
phdoerfler has quit [Quit: Leaving.]
<pikajude>
i should get another hw token
<pikajude>
i have one for work already but i don't think those things can do double duty
<gchristensen>
if you have a u2f-capable token, it will work with many different things
<pikajude>
that's one of those questions where i type it out before thinking about it
<pikajude>
because i could just google that
<sir_guy_carleton>
gchristensen: is getting a yubico worth 'upgrading' over phone 2fa?
griff_ has quit [Quit: griff_]
<pikajude>
holy crepe
<pikajude>
i just enabled yubikey login to my github
<pikajude>
this changes everything
<gchristensen>
I use my yubikey for a bunch of stuff and find it valuable, but the jump from "no 2fa" to "literally any 2fa" is way bigger than "any 2fa" to "u2f"
<pikajude>
wait, so there's a u2f web api?
<gchristensen>
yep
<pikajude>
that's crazy
<pikajude>
when i visit the login page my yubikey lights up
<samueldr>
except the dubious SMS or phone call 2fa, while better than none, there is a major advantage to switching to other schemes
<pikajude>
ok, 2fa confirmed no longer obnoxious to deal with
tzemanovic has joined #nixos
<phreedom>
sir_guy_carleton: a phone is probably less secure than your main laptop, so even upgrading to generating 2fa codes from cli on the same laptop helps ;)
<phreedom>
sir_guy_carleton: if you are serious about your security, it makes sense to "invest" by keeping your old laptop around and turning it into an offline signing/2fa device
<pikajude>
but having a separate hardware token is even better
<phreedom>
samueldr: it's malice, since google does support the proper 2fa implementation, but to enable it you first have to attach a phone number
<phreedom>
samueldr: after you attach the phone number, you can see your 2fa seed
<joepie91>
[00:42] <phreedom> sir_guy_carleton: a phone is probably less secure than your main laptop, so even upgrading to generating 2fa codes from cli on the same laptop helps ;)
<joepie91>
I have to disagree with that
<joepie91>
if it's the *same* laptop as you're logging in from
<phreedom>
samueldr: and while I live in a country where you can buy phones that can easily change their imei and anonymous SIM cards I still refuse to sign up for this bullshit as I know what this eventually leads to
<joepie91>
the point of 2fa is primarily to require compromising two environments instead of one, to compromise an account; if you generate codes from the same system as the one you log in from, it doesn't do that
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<joepie91>
so even if SMS 2fa is pretty crappy, it's still better than not having a second environment at all :P
<phreedom>
joepie91: if your main laptop is compromised, the attacker has access to your current session, to your current one-time code etc
<joepie91>
of course, if you have a *separate* laptop for generating 2fa codes (separate from the one you log in on), this doesn't apply and it will be much better than SMS
<pie__>
infinisil, hm. thanks. people need to come up with a nicer shortcut for that :p
<joepie91>
phreedom: sessions have expiration; account credentials do not
<phreedom>
joepie91: and a phone typically has an assortment of key loggers and other crap installed at the factory :(
<samueldr>
joepie91: on the same laptop you're logging-in from still has security implications; a good chunk of attacks, especially automated attacks, can just not work if they somehow get your password
<pie__>
infinisil, ugh, so how does this line relate to ghcWithHoogle?
<infinisil>
Not sure, look up how ghcWithHoogle is defined
<joepie91>
phreedom: sure, but even *with* keyloggers, it is still more secure as 'the party compromising your laptop' and 'the party who owns the keylogger' are not very likely to be the same party (unless you're targeted by a nation state, in which case just get a dedicated 2fa device)
<joepie91>
in a 2fa scheme, two separate attackers having access to two different single factors is not a big deal so long as they don't collude
raynold has joined #nixos
jessechaos has quit [Ping timeout: 245 seconds]
<infinisil>
pie__: Oh, well you can just use myhaskellpackages.ghcWithHoogle
blankhart has quit [Ping timeout: 265 seconds]
<pie__>
infinisil, ah ok
<phreedom>
joepie91: "nation state"/organized crime-level is usually the attacker you are concerned about. also it's quite usual to have your laptop and your phone substantially interconnected
<joepie91>
phreedom: not really true; the most common attacker is 'partner'
<joepie91>
(yes, really)
knupfer has quit [Ping timeout: 240 seconds]
<joepie91>
or well, that's not strictly accurate
<joepie91>
the most common *targeted* attacker
<joepie91>
for automated attacks, sure, there's all the script kiddies
<gchristensen>
I mean
<phreedom>
joepie91: not sure what you mean by 'partner'. no people have easy physical access to my devices
<gchristensen>
the attack vector I'm worried most about is not nation states or partners
<gchristensen>
let's talk password reuse
<joepie91>
phreedom: as in, partners, spouses, {boy,girl,other}friends
<gchristensen>
let's talk "My password was pwned 10 yrs ago on myspace and I'm still using it"
<gchristensen>
https://wiki.gentoo.org/wiki/Github/2018-06-28#Root_cause "The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated webpages. "
<pikajude>
siiigh
<joepie91>
gchristensen: right; in those cases device correlation is almost entirely irrelevant and 2fa almost literally anywhere will solve that
<gchristensen>
yes
* infinisil
has been using a single password for all websites until like 3 years ago
<phreedom>
joepie91: I'm aware of that :) I guess my risk profile is skewed and atypical. regular people/cheap attacks pose little danger. one level above that phones become a security nightmare which is why I don't use them at all
<joepie91>
also, I wish people stopped recommending 'password schemes' for security, it's terrible advice :/
<gchristensen>
joepie91: that is why the github issue is "enable literally any 2fa" not "please use a TOTP app" or "we're buying everyone yubikeys"
<joepie91>
phreedom: if your risk profile actually _is_ targeted nation state attacks, then yes, that is quite atypical :) but then just get a dedicated 2fa advice of some sort, preferably auditable
<pikajude>
i use a password manager
jensens has quit [Read error: Connection reset by peer]
<joepie91>
it's a valid threat model but not the one that most people have to deal with
<phreedom>
joepie91: the biggest deal is that with TOTP 2fa the password is generated by the service, so it's always random and is never transmitted
<phreedom>
joepie91: and a second device(which HAS to be substantially more secure to make it worth it) can be used to store the password
<phreedom>
gchristensen: I've been using random passwords like for ever for all accounts I plan to keep
<gchristensen>
I believe you
<joepie91>
phreedom: are you talking nation-state-attacker threat model, or 2fa in general? because in the latter, it often doesn't matter (but sometimes does!) exactly how secure the 2fa device is, so long as it's a different environment from the first factor
<infinisil>
pie__: You sure the error is in that paste?
<infinisil>
Because I don't see anything totally wrong with that
<pie__>
infinisil, yeah but ill make sure
<gchristensen>
of the ~50 people who didn't already have 2fa enabled, I'd be surprised if many of them have considered a threat model
<joepie91>
'partner' threat model would be an exception for example, you'd want some minimal level of security on both environments to make it difficult for said partner to compromise both; after all, they have physical access
<LnL>
phreedom: many people hopefully do, but if even one maintainer doesn't that could be a major problem
<pie__>
infinisil, yes the error is in the paste
<gchristensen>
^
<LnL>
and it's not something we can verify or require
<gchristensen>
^ :)
<gchristensen>
<3
<samueldr>
hi friends! while 2fa talk is important, moving #nixos-chat would help those with issues about nix/nixos :) thanks!
<gchristensen>
samueldr++
<{^_^}>
samueldr's karma got increased to 1
<gchristensen>
:o that must be a bug
<phreedom>
joepie91: in theory yes, in practice the gain can be quite negligible. cracking your laptop open to the point of being able to read root-only files, is a sophisticated attack and adding a second insecure device, that's interconnected with your main one is not how you mitigate that
<samueldr>
and I dropped a `to`
erasmas has quit [Quit: leaving]
<infinisil>
pie__: What's myGitPath?
blankhart has joined #nixos
<pie__>
infinisil, its a string
jperras has joined #nixos
<joepie91>
phreedom: sure, but then we're talking locally hosted data and the whole idea of 2fa on services is no longer what we're talking about
<joepie91>
but yes
<gchristensen>
(please do, indeed, move to #nixos-chat joepie91 ^ phreedom)
<joepie91>
#nixos-chat :)
<infinisil>
pie__: Yeah that won't work, that way it will just be src = "foo/qtah"
<pie__>
infinisil, oh does that need to be a fetchgit or what
<infinisil>
Which won't get imported into the store
srl295 has joined #nixos
<infinisil>
Or just use /path/to/src instead of "/path/to/src"
<infinisil>
So the error is indeed not in your paste :)
<pie__>
infinisil, actually these are subdirectories of the git repo so fetchgit wouldnt really work...
<pie__>
infinisil, huh i thought paths were just strings too
<fresheyeball>
infinisil: monit.service: Start request repeated too quickly.
<fresheyeball>
its in there
jperras has quit [Ping timeout: 240 seconds]
<infinisil>
fresheyeball: That's just systemd trying to restart it and failing because it won't restart it too quickly
<infinisil>
fresheyeball: Use journalctl -u <name> -e to view the full errors
<infinisil>
scroll with vim bindings
<hakujin>
what is the correct way to set environment variables for things like a haskell package's `check` phase? (does not support `checkFlags` from what I can tell)
<infinisil>
pie__: myGitPath + "/qtah-cpp"
<hakujin>
`set FOO=bar`?
<fresheyeball>
infinisil: shnazzy, was working with journelctl -xe
<tenten8401>
Has unstable failed to build for like 5 datys in a row for anyone else?
<tenten8401>
I don't know if I'm just doing it wrong or if it's just refusing to build
tzemanovic has joined #nixos
<tenten8401>
I've just repeatedly been getting a "FileNotFoundError: [Errno 2] No such file or directory: 'setup.py'" error for quite some time, however I don't know if that's due to the package manager or what
sbdchd has quit [Remote host closed the connection]
<{^_^}>
[nix] @volth opened pull request #2278 → column internal representation of attrsets → https://git.io/fbjcW
jperras has joined #nixos
<dtz>
nh2: <3 submitted some nix PR's you may be interested in.... ^_^