<ixxie>
I built it locally like the session clever ran
<leotaku>
If I run a webserver in a nixos-container, should I expect to just be able to connect to it from the host machine via the containers ip? Or do I need some special kind of setup?
<dhess>
I haven't seen that behavior.
<dhess>
I'm fairly certain I've run it from non-NixOS hosts and I've never even installed Nix on another distro before.
<dhess>
ixxie: what is the exact error you're getting? Can you pastebin or gist it?
<tertle||eltret>
i finally ordered a small KVM so i can use nix without having to use an awkwardly place kb
neeasade has joined #nixos
<gchristensen>
next step: install nix on your daily driver! ;)
<{^_^}>
[nixpkgs] @yegortimoshenko opened pull request #44852 → libinotify-kqueue: init at 20180201 → https://git.io/fNQ4M
<ixxie>
gchristensen has refined his evanglism pipeline xD
<ixxie>
there is a tarball and it has a symlink in it, not a binary
<ixxie>
which is odd
<ixxie>
maybe I built it wrong
_cyril_ has joined #nixos
<dhess>
nah, you just need to untar the tarball from /
<dhess>
the tarball has a `nix` subdir, so as long as you untar it from /, kexec_nixos will find /nix/store/....kexec-nixos
jperras has quit [Quit: WeeChat 2.2]
<ixxie>
oh
<ixxie>
thanks!
<dhess>
np
<leotaku>
I can ping the ip of the container, hovewer I can't connect to the http server.
<gchristensen>
have you opened its firewall?
Ericson2314 has quit [Ping timeout: 256 seconds]
Orbstheorem has quit [Ping timeout: 255 seconds]
<samueldr>
hmm, slightly annoyed at how a bunch of package updates are regressions of darwin builds... mostly because of how darwin isn't easily available to anyone wanting to fix
<growpotkin>
What is the preferred way to locate a store path for a package? I have been using "nix repl" to track down this kind of thing usually, but I feel like there is probably a better way.
<gchristensen>
w00t I got a service working for ACME-DNS-01
andreabe_ has joined #nixos
<fresheyeball>
samueldr: actually, I think this is due to me importing the derivation
<samueldr>
fresheyeball: possibly, IFD is Import From Derivation
<fresheyeball>
IFD?
<fresheyeball>
I am just saying can I get the haskell version somehow?
<samueldr>
Quoting » Recently Nix has added a feature called IFD which stands for Import From Derivation. It allows us to use generated Nix expressions within another Nix expression. That way we can derive hello.nix from a Nix expression and then derive hello.nix, avoiding org‑babel‑tangle‑file completely.
<{^_^}>
[nixos-artwork] @samueldr pushed 8 commits to master: https://git.io/fNQgd
<{^_^}>
[nixos-artwork] @samueldr pushed 0 commits to refs/tags/bootloader-18.09-pre: https://git.io/fNQgh
endformationage has joined #nixos
<Lisanna>
what's the nix-locate command available here?
<clever>
,locate firefox
<{^_^}>
Found in packages: msf, warmux, firefox-esr, firefox-unwrapped, firefox-esr-60-unwrapped, python27Packages.selenium, python36Packages.selenium, and 1 more
<Lisanna>
,locate man2html
<{^_^}>
Found in packages: cgit, man-old
<Lisanna>
huh, ok
<Lisanna>
is there a package of this available?
<clever>
its called nix-index
<Lisanna>
,locate nix-locate
<{^_^}>
Found in packages: nix-index
<Lisanna>
oh ok
johnw has quit [Ping timeout: 256 seconds]
Drakonis has quit [Remote host closed the connection]
mayhewluke has quit [Ping timeout: 256 seconds]
mayhewluke has joined #nixos
<Xal_>
I'm unable to use clang with recent nixpkgs
Xal_ is now known as Xal
<joepie91>
gchristensen: you needed me for something, or?
<Xal>
It has something to do with not including gcc's libstdc++ libraries
<Xal>
from `clang++ -v` I can tell that only glibc's headers are being included, and not libstdc++'s
<hyper_ch>
hmmmm, compiling chromium from nixos-unstable-small :(
<Xal>
Strangely, clang works fine if it's in a shell
<Xal>
After messing around with the envrionment variables for a while, I found that I can get clang to work outside of a shell if I set these two environment variables:
<Xal>
NIX_CC_WRAPPER_x86_64_unknown_linux_gnu_TARGET_TARGET and NIX_TARGET_CXXSTDLIB_COMPILE
<Xal>
I thought that clang-wrapper was supposed to set those for me?
worldofpeace_ has joined #nixos
<Dezgeg>
compiling chromium sounds expected if you're using nixos-unstable-small
zopsi has quit [Ping timeout: 268 seconds]
<dhess>
Lots of things are not cached for nixos-unstable-small at the moment.
<dhess>
Like, lots.
<hyper_ch>
dhess: how so? and how do you know?
<dhess>
I know because I waited around for hours today waiting for my projects to build against it. Usually they build in just a short time.
<hyper_ch>
ah
<dhess>
I'm not sure why, though. It was even building llvm.
<dhess>
that and atlas == "let's just cancel this build and wait for the next rev."
<hyper_ch>
well, I need to test my new notebook... so I'lljust let it run... maybe it'll be done when I return back home from work tonight :)
<dhess>
Haskell is pretty broken at the moment as well because of a new cabal2nix update.
<hyper_ch>
but who uses haskell anyway :)
<dhess>
:)
<dhess>
Turns out nixos-unstable-small is quite a bit smaller than I thought!
<hyper_ch>
currently compiling chromium obj/v8/v8_....... I guess that's the JS enginge of it
worldofpeace_ has quit [Ping timeout: 256 seconds]
<mightybyte>
elvishjerricco: Aha! I think I'm getting close. It looks like it's expecting something to be in the environment that's not there because nix-build does a pure build.
<elvishjerricco>
Oh. That makes a lot of sense
<mightybyte>
Discovered this line in the logs
<elvishjerricco>
I always forget environment variables :P
<mightybyte>
ps: readCreateProcess: runInteractiveProcess: exec: does not exist (No such file or directory)
<elvishjerricco>
Ah. Ok so some program that's not on the path then
<mightybyte>
Yeah.
<mightybyte>
I'm actually not sure what that is
<mightybyte>
ps maybe?
<mightybyte>
or exec?
<clever>
strace it!
<mightybyte>
Ooh, that might help
<mightybyte>
Oh, this is macOS
<clever>
mightybyte: execsnoop, ran as root
abueide has joined #nixos
<mightybyte>
I guess whatever it is about the thing that is failing seemed to make it look like a big slowdown instead of failing fast.
MP2E has joined #nixos
reinzelmann has joined #nixos
tertle||eltret has joined #nixos
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
m0rphism has quit [Ping timeout: 240 seconds]
worldofpeace_ has joined #nixos
<sophiag>
this isn't nixos specific, but has anyone encountered issues with weird aspect ratios? asking here because i only got muxless graphics working less than a month ago (acpi was the issue) and don't want to have to repeat similar pain :/
<Enzime>
sophiag: what do you mean by muxless
Mr_Keyser_Soze has joined #nixos
<sophiag>
Enzime: no hardware mux. effectively the issue is you can't disable integrated or discrete in bios so you have no choice but to make switching work
<Enzime>
sophiag: ah
<Enzime>
so like optirun?
<Enzime>
optimus *
<sophiag>
yup
<Enzime>
sophiag: do you have a NVidia or AMD in your laptop(?)
<sophiag>
although in my case i don't think that was actually the problem. acpi is how intel motherboards handle routing power dynamically
<sophiag>
nvidia
<Enzime>
ah
<sophiag>
but again, in this case appears to have been a motherboard issue
<tertle||eltret>
anyone here run gns3 on nix?
appleclusters has quit [Quit: Connection closed for inactivity]
m0rphism has joined #nixos
rauno has joined #nixos
marusich has joined #nixos
vmandela has joined #nixos
MP2E has quit [Remote host closed the connection]
Ericson2314 has quit [Ping timeout: 240 seconds]
Mr_Keyser_Soze has quit [Remote host closed the connection]
Mr_Keyser_Soze has joined #nixos
Ariakenom has joined #nixos
Mr_Keyser_Soze has quit [Ping timeout: 260 seconds]
worldofpeace_ has quit [Ping timeout: 256 seconds]
abueide has quit [Ping timeout: 260 seconds]
Ericson2314 has joined #nixos
lord| has quit [Read error: Connection reset by peer]
worldofpeace_ has joined #nixos
lord| has joined #nixos
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
carlosdagos has quit [Quit: Connection closed for inactivity]
endformationage has quit [Quit: WeeChat 1.9.1]
abueide has joined #nixos
jtojnar has quit [Quit: jtojnar]
worldofpeace_ has quit [Ping timeout: 256 seconds]
Ericson2314 has quit [Ping timeout: 265 seconds]
hyper_ch2 has joined #nixos
<hyper_ch2>
so, chromium is still compiling :)
<hyper_ch2>
also, I just learnt something new... I can ping the broadcast address ping -b 10.0.0.255 and then do arp -a to find all networked devices :)
<hyper_ch2>
(new mac address on new notebook, so IP got dhcp-assigned)
FRidh has joined #nixos
hakujin2 has joined #nixos
vidbina has joined #nixos
hakujin2 has quit [Ping timeout: 276 seconds]
MichaelRaskin has joined #nixos
Ariakenom has quit [Read error: Connection reset by peer]
<tobiasBora>
I'd like to configure an http front-end to add client keys to the configuration file of the vpn-like tool wireguard. However, as far as I can say, wireguard cannot deal with sql databases, so I was wondering how I could deal with a configuration file that could be changed by an http server… The only solution I see for now would be to ask to the server to modify on the go the nix configuration file and run
<tobiasBora>
nixos-rebuild, but it looks terribly ugly to me.
atrx has quit [Quit: Leaving]
<dhess>
tobiasBora: something like that sounds well outside the scope of what nixpkgs or NixOS provides. You're basically building an app. There's no built-in mechanism for something like that.
<dhess>
also, running something as powerful as nixos-rebuild using input from a web page that generates a configuration file sounds really, really dangerous.
phreedom_ has quit [Ping timeout: 250 seconds]
phreedom has joined #nixos
mayhewluke has quit [Ping timeout: 260 seconds]
abueide has quit [Remote host closed the connection]
<tobiasBora>
dhess: ok, so we agree on that point.
<growpotkin>
clear
<tobiasBora>
dhess: and I've no way to say to nix "allow this configuration file to be modified by an external program"? Because for now I've no idea how I could do that...
<dhess>
tobiasBora: I'm not sure what you mean by "by an external program."
<growpotkin>
Hey could anyone fill me in on the preferred way to modify the "config" portion of a module? I have been looking into overlays and packageOverrides, buuut I'm still feeling a little lost.
<growpotkin>
Do I basically need to disable an entire module, and then import a slighly modified version of it?
<tobiasBora>
dhess: here the external program would be the http server. Instead of a configuration file writable only by nix, I'm wondering if it's possible to say "don't overwrite this file anymore, and use instead this file that anyone (like the http server) could modify"
<dhess>
growpotkin: I do that sometimes. Other times you might be able to just override/merge the stuff that the module's config generates.
<dhess>
tobiasBora: Nix doesn't overwrite any files at all, it just reads the ones you provide it. It doesn't care how that file is generated. This is outside the scope of Nix.
<growpotkin>
Actually merging might be the perfect solution to my current application. I wouldn't mind knowing in general how to come at it though.
<dhess>
growpotkin: there's no override mechanism for NixOS modules like there is for nixpkgs, unfortunately. Most of the time I end up rewriting the module, disabling the original, and importing my version.
<growpotkin>
OKay thank you
<growpotkin>
that is what I was very very slowly starting to realize lol
<dhess>
Other times I just write an additional module that takes the parameters I want to provide, and it generates the original module's config for me in some way.
<growpotkin>
No matter how much I read the manuals, nixpkgs and nixos modules always get me mixed up.
<dhess>
Basically, it's all bespoke.
freeman42x]NixOS has quit [Ping timeout: 265 seconds]
<zgrep>
Out of curiosity, what is considered the "correct" way to add a channel to $NIX_PATH throughout a NixOS system? (And it'd be neat to know for a non-NixOS system too.)
<growpotkin>
nix.nixPath=
<tobiasBora>
dhess: Well, my point is that nix changes the configuration only when I run nixos-rebuild. And in my case I'd like to update the configuration everytime a user require a change on the http server. For example, can I modify from the http server the configuration file of a software "on the go"? I'm afraid that at the next nixos-rebuild, this configuration will be removed by nix... A way to avoid this would be to
<tobiasBora>
say something like "this configuration file must be a link to this other configuration file in /home/root/myconf". Maybe nix can handle that?
<zgrep>
growpotkin: Aah. Thanks. :)
<growpotkin>
speaking of which I just ran into a piece of the manual about that which had me a bit mixed up. In the manual they suggest that you can append additional values to the end of the default options with: `...configuration.nix...; nix.nixPath = options.nix.nixPath.default ++ [ "foo=/bar" ]; ...`
<growpotkin>
which would be awesome; if it actually worked
<dhess>
tobiasBora: nix changes the *configuration* but it doesn't change the *configuration file*. i.e., what you are talking about is having the web app create a configuration.nix file and then pointing nixos-rebuild to that configuration.nix file.
<growpotkin>
I'm sure it's "close" to something which does actually work though. DOes that look farmiliar to anyone?
<dhess>
I would *never ever* do that myself because it's insane from a security standpoint.
<growpotkin>
dhess were referring to my "appending the default" bit?
mayhewluke has joined #nixos
<dhess>
tobiasBora: if you're super careful, you could do something like this: in your /etc/nixos/configuration.nix file, add an "import" statement that reads a list of Wireguard public keys from a file that is generated by your web app, and then use the result of that import as the list of client public keys in the configuration.nix file
<dhess>
Nix's type system should complain if the user tries to do something like adding other nix configuration to that list of public keys; but it would probably be really easy to create buffer overflows or things like that.
<dhess>
Nix probably isn't tested thoroughly for scenarios like that because it's not assumed that an attacker will be able to write parts of your config
<Izorkin>
How to need add flag to apply pathc only NixOS?
<tobiasBora>
dhess: and then I can't avoid to run nixos-rebuild that will restart all the services I guess?
<growpotkin>
nixos-rebuild does not necessarily restart all services
marusich has quit [Quit: Leaving]
<growpotkin>
and if you want you can build only a specific part of your system
<dhess>
tobiasBora: I don't see any way around that, no.
<tobiasBora>
growpotkin: really? How can you build only a specifc part??
<growpotkin>
just a sec let me dig it up
<growpotkin>
i had to figure that out for my nginx server
<{^_^}>
[nixpkgs] @xeji pushed commit from @mrVanDalo to master « memo : 0.5 -> 0.6 (#44853) »: https://git.io/fNQPf
<{^_^}>
[nixpkgs] @vaibhavsagar opened pull request #44859 → mosml: init at 2.10.1 → https://git.io/fNQPk
<tobiasBora>
dhess: ok thank you! I'm not sure to understand why I need to the import statement though... the web app will never change any nix file then, so I don't see how it could raise a type error in case of a malicious attacker that tries to trick the generated file. What you mean is to write in nix a code that parse the file and generate a well-typed list right to provide the the wireguard configuration right?
<tobiasBora>
dhess: and also, in the doc I can read "A tree of symlinks that form the static parts of /etc.". Does that mean that nix can handle non-static /etc?
<rauno>
About nixoos/hydra, is it possible to use two instances on hydra? For common stuff nixos' own hydra and for custom/modified packaes my own?
ixxie has joined #nixos
<tobiasBora>
growpotkin: thanks for the link, very interesting. To make sure I follow, when I write "nix-build -A 'config.systemd.units."httpd.service".unit'", it will look into my configuration everything linked with httpd.service, then it will rebuild the configuration, but then it won't restart the service and I need to use this trick using cp and restarting tmp-httpd.service to test it?
ng0 has joined #nixos
<typetetris>
I wonder why install-multi-user contained in the nix tarball isn't mentioned in the nix manual. It worked well so far and is a lot less of a hassle then doing things manually.
semilattice has joined #nixos
<growpotkin>
tobias: let me double check everything before I advise.
jasongrossman has joined #nixos
<growpotkin>
my understading is that when I just rebuild sections of my system my nginx server remains running, but I want to confirm before I give you bad advice.
<{^_^}>
[nixpkgs] @jfrankenau opened pull request #44861 → polybar: update and add libnl support → https://git.io/fNQPP
Fare has quit [Ping timeout: 260 seconds]
semilattice has quit [Ping timeout: 240 seconds]
<dhess>
tobiasBora: I had assumed all you wanted to do from the web app was add Wireguard public (client) keys to a list of all client keys. If you want to generate more complicated config, then that gets way more dangerous.
<dhess>
tobiasBora: again, Nix doesn't care what you put in /etc, and /etc is a writable filesystem. Many modules in NixOS write configuration there.
<growpotkin>
Ok yeah it should only restart if you changed the config for that service. BASED ON MY UNDERSTANDING.
<growpotkin>
ya know... grains of salt all around and test it first
<srhb>
Who do I talk to about the pros/cons of unvendoring smallish goPackages? When should I be ignoring the vendored libs and generating the goDeps by themselves? Always?
<growpotkin>
restartTriggers, stopIfChanged, and restartIfChanged are options that might be relevant for you tobias.
<tobiasBora>
dhess: yes that's what I want to do, nothing more ;-) Thank you very much!
ma27 has joined #nixos
<tobiasBora>
growpotkin: ok thank you!
alex`` has joined #nixos
MuffinPimp has quit [Quit: Goodbye.]
thc202 has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed 6 commits to staging-next: https://git.io/fNQ1f
<ixxie>
dhess: where can I find docs for doing the nixos-install from the kexec?
<dhess>
ixxie: from that point it's the same as any other nixos-install
<dhess>
so just the standard docs will do
johanot has joined #nixos
<ixxie>
dhess: its missing a config file; it seems to look for it in /mnt/etc/nixos/configuration.nix
__Sander__ has joined #nixos
<ixxie>
there is one in /etc/nixos/configuration.nix
<{^_^}>
[nixpkgs] @xeji merged pull request #44850 → lcalc: Add darwin support → https://git.io/fNQCp
<{^_^}>
[nixpkgs] @xeji pushed commit from @jbaum98 to master « lcalc: Add darwin support (#44850) »: https://git.io/fNQ1u
<jasongrossman>
ixxie: You can use nixos-install --root / (I guess - untested).
<jasongrossman>
(It seems to me a funny inconsistency that nixos-generate-config expects an explicit root but nixos-install doesn't ... but they can both use an explicit root if given one.)
<clever>
jasongrossman: nixos-install defaults to /mnt/
<clever>
and i would expect `nixos-install --root /` to break
<jasongrossman>
Oh. :-(
<clever>
its just a wrapper that runs `nixos-rebuild` under a chroot for you
<jasongrossman>
My question was: why does one require an explicit root but the other one not?
<ixxie>
clever: I am actually trying to install using your kexec method
<clever>
jasongrossman: nixos-generate-config defaults to /, and its designed so you can re-run it from a normal install, to update /etc/nixos/hardware-configuration.nix
<jasongrossman>
I see, yes.
<clever>
ixxie: once your booted into it, you can just mount the hdd to /mnt and install as normal, just like you had used the ISO
<ixxie>
its odd that afterwards the base system was locked out
<clever>
if the original OS hasnt been modified, then that will boot back up, and you can kexec again
<clever>
but if you began to repartition, then it wont be able to boot
<dhess>
oh I did not know that about the kexec stuff.
<ixxie>
not sure what I did
<clever>
dhess: i added that because its sometimes easy to get the network config wrong, and then you cant control the machine
<clever>
and i originally used this on a datacenter that lacked remote reboot
<clever>
so you had to file a ticket just to reboot the machine
<dhess>
clever: sure. Ideally it would be an option, or at least some ability to set the timeout
<clever>
yeah, it needs better warning
<clever>
you can also `systemctl stop autoreboot.timer` once you get in, and then it just never triggers
<clever>
dhess: oh, line 5 of the above file, it is an option, lol
<dhess>
oh good :)
<manveru>
anyone getting `fixed-output derivation produced path '/nix/store/yy6rl4ac5b48a1fpbl2app0vbc38ys5a-CVE-2016-9296.patch' with sha256 hash '1i7099h27gmb9dv0lb7jnqfm504gs1c3129r6kvi94yb2gzrzk41' instead of the expected hash '09wbkzai46bwm8zmplsz0m4jck3qn7snr68i9p1gsih300zidj0m'`?
<clever>
manveru: run file on that storepath
<manveru>
well, it's a diff
<tobiasBora>
In nixos, when I boot in curse display a qemu nixos, it boots fine but at the end it starts a kind of video mode (while it's only a terminal displayed), maybe framebuffer enabled, but not sure, and because of that the curse display fails to display the console. Any idea what I should do against that?
<clever>
manveru: is it really a diff?, read it
<manveru>
it is
<clever>
manveru: then the upstream is being naughty and has modified the patch
<clever>
tobiasBora: i believe the default args in the iso already do that part
<{^_^}>
[nixpkgs] @vcunat pushed to staging-next « libtiff: add a comment about the patches »: https://git.io/fNQyr
<srhb>
manveru: I think I saw your name on a go commit at some point; do you know what the story is on forcibly unvendoring before committing to nixpkgs? What's preferred? In my case specifically, there's code checked directly into vendor/*
<clever>
ixxie: you may also want to repartition the drive
<manveru>
srhb: i think vendoring is fine
<srhb>
OK :)
<manveru>
:)
<{^_^}>
[nixpkgs] @srhb opened pull request #44863 → aws-iam-authenticator: init at 2018-07-29 → https://git.io/fNQyH
emacsomancer has quit [Ping timeout: 244 seconds]
<colemickens>
does VAAPI just work out of the box with the intel driver?
<clever>
ixxie: its the same as if you had booted the ISO on a machine that already had ubuntu
<colemickens>
oh
<colemickens>
maybe vaapi doesn't work with 'modesetting', even though that's recommended over 'intel' ?
<{^_^}>
[nixpkgs] @xeji pushed commit from @bkchr to master « plasma5: 5.13.2 -> 5.13.4 (#44643) »: https://git.io/fNQSq
<colemickens>
oh god and the intel driver hasn't been updated for nearly a year
<ixxie>
clever: never messed with an existing fs while booting from an ISO so I don;t have much of a feel for that
<ixxie>
but thanks I will follow the instructions ^^
<{^_^}>
[nixpkgs] @xeji pushed to master « Revert "scallion: use mono4 (#44744)" »: https://git.io/fNQSW
<tobiasBora>
clever: the thing is that I've already installed nix. If I add in my .nix "boot.extraKernelParams = ["console=ttyS0"]", should it do the job?
<ixxie>
clever: what are the benefits for partitioning a VM?
__Sander__ has quit [Ping timeout: 248 seconds]
__Sander__ has joined #nixos
<clever>
tobiasBora: ah, yeah, you will need that then
<colemickens>
srhb: why is that a goal? How can you safely unvendor without breaking things? are you parsing all of the various lock/manifests?
<clever>
ixxie: if your using ext4 for /, then you could just have a single partition for the ext4 and thats it
<ixxie>
yeah that is what I went for
<ixxie>
seemed simples
<ixxie>
t
<clever>
ixxie: but that wont support gpt or uefi, so it will need to be MBR and legacy booting
<srhb>
colemickens: About k8s, please talk to johanot about a rewrite :)
<clever>
LnL: /etc/NIXOS_LUSTRATE is based on how i had mutated one of my gentoo installs into nixos a year or 2 ago
<srhb>
colemickens: Oh and I didn't see the comment about unvendoring. Maybe it was completely misguided, but I thought in order to increase reuse we'd have to fetch the packages individually via Nix. I don't *think* there's any sharing mechanism in place though
<colemickens>
@srhb I'm going to prototype a bit, scrape k8s issues for people who might be interested and will open an issue. I'll make sure to include that person.
<srhb>
colemickens: Ideally I'm vaguely thinking something like (hand-waving) automatically joining all goDeps into a go tree
<Taneb>
I'd like to go to nixcon but I don't really know how much I'd get out of it
<johanot>
colemickens: I'm not rewriting the kubernetes module from scratch - but it's pretty close. :) Working on it as we speak.
<colemickens>
I uh, have opinions about k8s though, that might not be totally conventional in NixOS land :)
<srhb>
colemickens: Such that incidental overlap will reduce N packages to 1
<ixxie>
dhess: how do I find the ipv6 gateway?
<srhb>
colemickens: I'm sure johanot does too, I think he's aiming for the rewritten module to land in 18.09
<colemickens>
@johanot oh cool, wasn't aware you were in progress on something.
<dhess>
ixxie: they should tell you somewhere in Robot or whatever your Hetzner GUI is
<johanot>
colemickens: i'd like to hear those opinions actually.
<colemickens>
johanot: you don't have it on a public branch do you? just curious, or I'll go look for an Issue too.
* srhb
has been reduced to herding the k8s people into the same room :-P
<colemickens>
@johanot: my thoughts were to only run `kubelet` as a service, run the control plane as static pods under kubelet, using containers that I'd build with Nix, the way that 'pause' is built now.
<johanot>
srhb: :D
<colemickens>
I _did_ make #nixos-kubernetes after all :P
<clever>
tobiasBora: main issue ive seen with both curses and serial console, is that its not properly aware of the screen width/height, and things get a little wonky
<srhb>
colemickens: I was unaware of that!
<clever>
tobiasBora: but its usually enough to get ssh fixed, and then you can just switch to ssh
<johanot>
colemickens: I've had exactly the same thoughts.
<colemickens>
And was planning to embrace CRI. There's a PR open for a containerd module.
<LnL>
clever: whoa what's all that stuff :D I know almost nothing about the boot process
<johanot>
Especially the service-account signing in multi-master setups would benefit from running master components in-cluster, instead of as separate systemd-services.
<johanot>
master-component redundancy in general, actually
<clever>
LnL: basically, you can install nix on any linux distro, then just `nix-build '<nixpkgs/nixos>' -A system -I nixos-config=/etc/nixos/configuration.nix` to build a copy of nixos within /nix (on debian!)
<colemickens>
johanot: were you thinking full on "self-hosting" ala bootkube, or static pods?
<clever>
LnL: then `touch /etc/NIXOS` to bypass some safeties, and `./result/bin/switch-to-configuration boot` to install the nixos bootloader
<clever>
LnL: but the debian junk in /bin and /lib and /etc will break nixos, so a `touch /etc/NIXOS_LUSTRATE` will tell the nixos initrd to rename eveyrthing in / on bootup
<johanot>
colemickens: Static pods.. But it is not part of what I'm doing now. I've been taking the pragmatic approach so far, in hopes of getting something done for 18.09.
<clever>
LnL: and that automation was based on when i manually converted gentoo to nixos, and debugged the problems it had
<LnL>
clever: that's really cool, I used kexec + reformat last time I replaced a machine
<colemickens>
Makes sense. I assume you're just trying to get kubelet config fixed up and maybe e2e tests working ?
<clever>
LnL: the main limitation of NIXOS_LUSTRATE is that you must reuse the existing partition layout of the install
<clever>
LnL: but kexec lets you repartition and reformat it however you want
<clever>
the FS choice as well
<johanot>
colemickens: Biggest job for this change is actually PKI, since insecure ports are removed from 1.11. A lot of the existing module depends on insecure traffic.
<ixxie>
thanks dhess I will give it a shot
Aexoden has quit [Ping timeout: 260 seconds]
<srhb>
johanot: colemickens: Should we set up a long term k8s project?
<ixxie>
srhb: if you do, you could call it kubernixos xD
<srhb>
hah
<clever>
LnL: also of note, prior to discovering nixos, i was writing my own initrd's for gentoo, and even had wifi drivers and firmware loading in one initrd, to netboot over wifi
<johanot>
colemickens: My branch is: https://git.io/fNQHu .. forgive that things are still messy.
<johanot>
srhb: Yes I think we should.. And I agree with ixxie here :D
<srhb>
johanot: OK, I'll check later if it's okay that I set up one under nixpkgs, I think that would be the best thing. :)
<srhb>
My main motivation is to keep the interested parties connected.
<colemickens>
small world, I totally saw you open the certmgr PR the other day and it piqued my interest...
<ixxie>
is there any kind of documentation for deploying kubernixos stacks?
<colemickens>
srhb: I'm happy to part #nixos-kubernetes too if there's some ceremony around official irc channels or anything :)
<srhb>
colemickens: Not that I know of. :)
<srhb>
colemickens: I've joined it so hopefully my sidebar reminds me to tell interested parties to go join it :P
<{^_^}>
#43395 (by kalbasit, 4 weeks ago, open): Kubernetes 1.10.5 is unusable, auth is not working
<srhb>
Oh, right...
<johanot>
this issue kind of triggered me to get going with the PKI-stuff.. along with the changes in k8s v1.11 of course
<srhb>
Maybe I should do a stopgap fix for that
<ixxie>
srhb, johanot - I am experimenting for fun, not work so production isn't in the horizon
<ixxie>
maybe a quick-start guide for setting up a minimal cluster with a basic pod would be awesome
<ixxie>
especially if it assumes no knowledge of Kube
<ixxie>
even just the configuration for a minimal cluster would be amazing to have
xeji has joined #nixos
<johanot>
ixxie: definitely! I really hope we can get there, including basic docs, before 18.09
<ixxie>
johanot: I can beta test the docs for ya xD
<colemickens>
ixxie: added the workgroup, I'll add IRC details and flesh out the page a bit more after we land. johanot, I took the liberty of volunteering your name on the page. https://nixos.wiki/wiki/Workgroup:Kubernetes
<johanot>
colemickens: I might consider forgiving you :)
<clever>
ixxie: umount, partition it with 1 partition, then format sda1 and start over
<ixxie>
cheers
<ixxie>
clever++
<{^_^}>
clever's karma got increased to 16
<ixxie>
clever: any recommended partitioning method?
<clever>
when using MBR, grub puts stage1 in the "unused" space between sector 1 and partition 1, which is usually about 2048 sectors long due to alignment requirements
<clever>
ixxie: it has to be MBR/dos, or the requirements get a bit more complex
<ixxie>
alrighty
<clever>
the GPT tables take up more then 1 sector, and dont allow using "unused" space
<clever>
so GPT needs a dedicated bios boot partition do handle the same task
<{^_^}>
[nix] @edolstra pushed to master « Slightly questionable workaround for #2342 »: https://git.io/fNQQ5
<clever>
if its under 2tb, you dont really need to bother with GPT
<ixxie>
if only we could configure partitions with Nix :P
<clever>
tobiasBora: what are you thinking of doing?
msgctl is now known as loonquawl
<tobiasBora>
clever: storing a list of client/key in a sql database populated by a web app, and I'd like to use this database to re-generate the configuration of wireguard.
<clever>
tobiasBora: you would want to export things as json, and then use builtins.readFile + builtins.fromJSON
loonquawl is now known as msgctl
<ixxie>
clever: the partition can just run from 0% to 100% and grub will still fit between the cracks?
<ixxie>
or do I need to start at 2MiB or so
<clever>
ixxie: yeah, fdisk will force the start to be aligned to ~2mb automatically
<ixxie>
using parted now
<tobiasBora>
clever: can I at least use a web query to get the file when needed? via a rest api for example?
<tobiasBora>
clever: sounds strange, but if it's the only way to proceed... But it also mean that I cannot use LDAP to configure nix? Do you think that at some point it would be usable, or it's a choice to force pure behaviour?
<clever>
tobiasBora: its mostly to force things to be pure, but builtins.exec or a custom plugin can inject less pure data
<tobiasBora>
clever: if builtins.exec can return any command, could I imagine to run "curl http://myrestapi-to-sqldatabase.json" in it, and feed fromJSON with this?
<clever>
tobiasBora: yeah, but nix wants the command to print a nix expression to stdout
<tobiasBora>
clever: really? What expression? And I can't find doc for builtins.exec, is it in nix or do I need to use some plugins in https://github.com/shlevy/nix-plugins?
<clever>
tobiasBora: i'm not sure where its documented, but it can return any expression you want
<clever>
it could just be a string or a path
<clever>
in this case, i use nix to create a script, then builtins.exec to run that script impurely, and whatever the script printed, is then parsed as nix, and returned by builtins.exec
<clever>
tobiasBora: the script on lines 5&6, could then download the json to a temp file, then just echo the path to stdout
<clever>
and it will behave as if you had originally written foo = /tmp/whatever.json;
<{^_^}>
[nixpkgs] @michaelpj opened pull request #44866 → plasma/xfce/enlightenment: improve detection of application mime types for apps that use GIO (firefox) → https://git.io/fNQdZ
<tobiasBora>
clever: oh I see. In your example, the script ./secret-download.nix outputs on stdout the real string { downloader = "..." } ?
<tobiasBora>
and do I need --allow-unsafe-native-code-during-evaluation in "nixos-rebuild switch" ?
<clever>
tobiasBora: it outputs { val1 = 5*5; ... }
<{^_^}>
[nixpkgs] @xeji pushed commit from @kquick to master « python: thespian: 3.9.2 -> 3.9.4 (#44857) »: https://git.io/fNQFZ
thekolb has joined #nixos
NightTrain has joined #nixos
<thekolb>
Hey there. So I have a Makefile that depends on the C compiler to be found as cc, what do I do? Change the Makefile?
<clever>
thekolb: yeah, change the makefile to use $CC
rauno has quit [Ping timeout: 240 seconds]
<Dezgeg>
I thought there is a 'cc' ?
<clever>
Dezgeg: when using gcc, cc exists, but when using clang, cc doesnt exist
<Dezgeg>
huh
<Dezgeg>
sounds like a bug to me
<clever>
but $CC is set to the right thing on darwin and clangStdenv.mkDerivation
<thekolb>
clever: oh really, I did nix-env -i gcc and I have no cc
<clever>
thekolb: gcc wont work right if you install it with nix-env
<thekolb>
huh...
<clever>
thekolb: it only works under nix-shell and nix-build
<clever>
,libraries thekolb
<{^_^}>
clever: Did you mean library?
<{^_^}>
thekolb: Don't install libraries through nix-env or systemPackages, use nix-shell instead. See https://nixos.wiki/wiki/FAQ/Libraries for details.
silver has joined #nixos
IRCsum has quit [Remote host closed the connection]
IRCsum has joined #nixos
Dedalo has joined #nixos
simukis has joined #nixos
lassulus has quit [Ping timeout: 256 seconds]
ixxie has quit [Ping timeout: 276 seconds]
xorkle_ has quit [Ping timeout: 268 seconds]
init_6 has joined #nixos
posco has quit [Quit: Connection closed for inactivity]
lassulus has joined #nixos
<Taneb>
How can I check the progress of my hydra server evaluating a declarative project's .jobsets
<clever>
Taneb: there should be a jobset called .jobsets, which will show the normal status page, including when it last did an eval and how often it evals
<Taneb>
clever: I've got that, it says "Evaluation running since: 1h ago" and I'm worried it's got stuck
<clever>
Taneb: can you pastebin the output of `ps -eH x` ran on the hydra machine?
<Taneb>
clever: any idea what could have got it stuck in the first place?
<clever>
nothing obvious from the ps tree
__monty__ has joined #nixos
<Taneb>
Hmm, I guess that'll have to remain a mystery for now
johanot has quit [Quit: leaving]
<Taneb>
Any idea what «Caught exception in Hydra::Controller::API->push "invalid jobset specifier ‘myrepo:1957’"» when I try to force evaluation of a regular job could mean?
adamt has joined #nixos
<clever>
Taneb: it may not allow numbers as a job name?
<srhb>
Fun trivial, nix 1.11.8 is no longer able to evaluate nixos-18.03
<srhb>
s/trivial/trivia
<srhb>
... actually, it's no longer able to PARSE nixos-18.03 o_o
<clever>
srhb: you can still run `nix-store -r /nix/store/hash-nix-2.0/ to download a new nix, without having to parse nixpkgs
<srhb>
clever: Yeah, I was just surprised :D
<clever>
and then just jam it into PATH temporarily
<clever>
ive done the above before, when upgrading a nix 1.9 on gentoo, without /usr/bin, lol
<srhb>
I didn't recall any syntax changes to the language. Go figure.
<srhb>
Ouch! :D
<clever>
i was in the middle of moving the gentoo data off to wipe the system and had to leave the huse
<Dezgeg>
yeah, it's kind of annoying, there is some extremely minor change in $'' quoting or something like that
<clever>
house*
<clever>
so i had a very broken gentoo install, and a very very old nix
<srhb>
Dezgeg: That explains it perfectly :)
<srhb>
clever: That sounds fun :-P
<clever>
i used lynx from text mode to open hydra and find the path to nix
<clever>
but by accident, i used nix master, which was too new, and then the nix within nixpkgs couldnt read db.sqlite
alex`` has quit [Ping timeout: 256 seconds]
<maerwald>
I installed gvim, but my filemanager doesn't show any options to open file in gvim. I suspect desktop and mime files are not installed properly?
<clever>
maerwald: you sometimes have to logout and back in to get that kind of thing detected
<maerwald>
I did that
<clever>
did you install it with nix-env or systemPackages?
<maerwald>
maybe it doesn't run update-desktop-mime...
<maerwald>
nix-env
<clever>
try moving it to systemPackages
<maerwald>
why would that be a thing, that sounds odd
<maerwald>
that would mean nix-env installed packages are half-broken?
<{^_^}>
#31328 (by maralorn, 39 weeks ago, closed): .xoj mime-type does not get installed, when installing xournal via nix-env.
<maerwald>
so it seems this is indeed a nixpkg issue
thibm has joined #nixos
<hlolli>
@layus yes you'd need to boot your ide in a nix-shell if you want the app to run in the desired environment.
<{^_^}>
[nixpkgs] @Mic92 opened pull request #44869 → python.pkgs.pyls-black: init at 0.2.1 → https://git.io/fN7Uj
<layus>
hlolli, How are you supposed to handle different projects with different nix-shells ? Start a different IDE window ?
<hlolli>
well, it sounds as if you're not reaching for the best way to develop. Many ways to approach it, either start the ide with all the dependencies you need for all that you're developing. Or if your idea has a way to script the "debug" and "compile" methods, (or call Makefile) then start nix-shell before running make/gcc/g++ and exit it afterwards.
<symphorien>
maerwald: my point is: if you want to add things there, just add another dir you control in XDG_DATA_DIRS
eqyiel has joined #nixos
<maerwald>
then I could just manually copy to ~/.local/share/applications
<maerwald>
that doesn't help
<symphorien>
maerwald: iirc you can put several dirs in XDG_DATA_DIRS, like in PATH, no need to copy
<eqyiel>
Ralith: ping from matrix-appservice-irc-nixos!
<srhb>
eqyiel: pong
<srhb>
Oh, that was a specific target :P
<srhb>
Nevermind me.
<eqyiel>
srhb: thanks anyway!
<maerwald>
symphorien: again: the directory is already in XDG_DATA_DIRS
<maerwald>
and not mutable
<maerwald>
so there is no way to update the database without copying the files to a mutable location
<maerwald>
which defeats the purpose
<symphorien>
if you install all theses things systemwide, an activationscript does this for you at each rebuild
<maerwald>
I know
Lisanna has quit [Ping timeout: 260 seconds]
<Dedalo>
Hi guys, I'm in the process to install NixOS and I would like to use ZFS, but the instructions are for EXT4. Do I need to install on EXT4 and then change the file system or I can install directly with ZFS? I have a single disk.
<maerwald>
not sure why nix bothers installing those desktop files at all, they are practically useless
<srhb>
maerwald: I didn't know they were useless, but the profile is essentially just joined together from the files in the packages nix-env installed into it. So it would be special handling to exclude them.
<Dedalo>
I have seen that I have a configuration.nix under /etc/nixos. Am I suppose to add `boot.supportedFilesystems = [ "zfs" ];` to the file, but where? Inside the () brackets?
<clever>
Dedalo: inside the main { and } that surround the bulk of the file
<Dedalo>
clever I'm on a new Lenovo X1 Carbon, is it using UEFI? I'm installing from a USB stick and I have disable secure boot.
<clever>
Dedalo: does `mount | grep efi` show efivarfs being mounted?
<symphorien>
Dedalo: the manual should have told you to run nixos-generate-config and it will make a helpful template
<clever>
symphorien: though you also have to edit the USB's configuration.nix if you want to enable ZFS support
<symphorien>
ah sorry
<clever>
due to pesky licenses, we cant ship an image with zfs enabled
<maerwald>
srhb: the only way you could make use of ~/.nix-profile/share/applications/ is to copy the files to another mutable location
<Dedalo>
clever yes is mounted
<clever>
Dedalo: then your booting the USB in EFI mode, and will probably also want efi for the nixos install
<clever>
Dedalo: so you need an efi system partition, which will be formated as fat32, and mounted to /mnt/boot/, and then a partition for zfs, with the root mounted to /mnt/
<clever>
Dedalo: make sure to mount boot after the rootfs
<Dedalo>
OK, let me recap Clever, let's see if I have understood. I need to modify the nix file to add the kernel support for ZFS. And I need also to edit the USB's configuration.nix. Then I will reboot. I should then be able to create the partitions: the boot partition fat32 and the ZFS partition that I will mount on /mnt/. How do I boot in EFI mode?
<clever>
Dedalo: if your using the ISO image on the USB stick, then all changes are reverted upon reboot
<Dedalo>
I guess that is related to the creation of a RAID-10 which requires a minimum of 4 disks. I mean, in my case I guess the command will be different, right?
<clever>
do you plan to have any raid?
<clever>
the ashift is seperate from the raid level
<Dedalo>
No, I will not have any ride, it's a laptop with a single SSD
<clever>
ashift=12 says to use 2^12 bytes per sector, which is 4096 bytes
<kreisys>
I'm trying to build a go package and it's failing to find a go built-in package (encoding/gob). for some reason it ignores the 'encoding/' part and looks for it in /nix/store/xvdravv7zph20bs64ly0lq27m3vnfqwc-go-1.9.5/share/go/src/gob (instead of /nix/store/xvdravv7zph20bs64ly0lq27m3vnfqwc-go-1.9.5/share/go/src/encoding/gob where it actually is...) does this ring a bell with anyone?
<clever>
Dedalo: then you want something like `zpool create -o ashift=12 -o altroot=/mnt rpool /dev/sda2`
<Dedalo>
I just want to be able to make snapshos and save them on another external disk
<clever>
Dedalo: id also give each machine a unique pool name
<hyper_ch2>
still compiling chromium.... hmmmmmmm does this really take so long?
orivej has quit [Ping timeout: 256 seconds]
smolboye has joined #nixos
globin has joined #nixos
<gchristensen>
yes
jD91mZM2 has joined #nixos
<clever>
hyper_ch2: i think it took me something like 6 hours?
<hyper_ch2>
it's been running for like 12h now
<srk>
haha, about ~6h here last week
<srk>
feel you
<srk>
like 20k or 40k C++ files?
<srk>
+v8
<srk>
(just to be able to run betaflight configurator chrome app)
hyper_ch2 has quit [Quit: Page closed]
jperras has joined #nixos
<jD91mZM2>
And I thought compiling Redox OS took a long time... Barely takes half of that. Oof.
<ocharles>
Is there a way to force nix-build to check for binary substitutes? I ran nix-build once and my Hydra instance hadn't built it, but Nix has now (locally) cached that the output is unavailable, even though it is now available
<symphorien>
or package you script properly so that it does not depend on PATH
jdnavarro has joined #nixos
<thekolb>
I am somewhat aiming for a system where users can do whatever in their $HOME and are able to run services without me interventing.
orivej has joined #nixos
thibm has quit [Quit: WeeChat 2.0]
<thekolb>
The attr name for nix-shell is nixbang?
<sevanspowell[m]>
Hey, is there anyway I can verify that my binary caches are working for a particular build on NixOS?
<symphorien>
just nix
init_6 has quit [Ping timeout: 244 seconds]
init_6 has joined #nixos
fendor has joined #nixos
fendor has quit [Remote host closed the connection]
fendor has joined #nixos
<thekolb>
symphorien: so it would be systemd.user.services.<servicename>.path = [ pkgs.nix }; ? But what if two users have a service with the same name?
<symphorien>
this systemwide configuration creates a service with this name for all users
<symphorien>
if you want a user wide declarative configuration look at home-manager for example
<thekolb>
I want nix-shell in the path of --user systemd units
<thekolb>
I want users to be able to run their own services, like say a http server or an irc bouncer
<symphorien>
they can do so as on a "regular" distro by dropping unit files in the right folder in their home direcotry
<symphorien>
and nix-shell will be at /run/current-system/sw/bin/nix-shell
<thekolb>
symphorien: so I tell them to put #! /usr/bin/env /run/current-system/sw/bin/nix-shell in their shebang?
<symphorien>
just #!/run/current-system/sw/bin/nix-shell yes
fendor has quit [Quit: Leaving]
<symphorien>
or set PATH=/run/current-system/sw/bin
fendor has joined #nixos
<thekolb>
symphorien: is there a way to do that in the unit?
halfbit has joined #nixos
ma27 has joined #nixos
<symphorien>
yes. man systemd.exec, look for Environment=
akavel has joined #nixos
<akavel>
Hi! I have a question:
<akavel>
the typical preamble for a Nix expression is:
<akavel>
for inclusion in nixpkgs; or, alternatively:
<akavel>
with import <nixpkgs> {}; stdenv.mkDerivation {
<akavel>
for a standalone `file.nix`.
<akavel>
Now, I vaguely recall I've seen some kind of a "unified" preamble, mixing those two
<akavel>
which works in both cases.
<symphorien>
,callPackage
<{^_^}>
If a Nix file foo.nix starts with something like `{ stdenv, cmake }:`, you can build it with `nix-build -E '(import <nixpkgs> {}).callPackage ./foo.nix {}'`
<akavel>
Hmm; ok, that's an option... but I'm kinda feeling there was some kind of magic incantation
<akavel>
one can put in file.nix
<akavel>
and have it work in both cases without need for callPackage in command line
<akavel>
Something with "@" I think, but not 100% sure
witchof0x20 has quit [Remote host closed the connection]
<akavel>
or with 'let' or 'with'
<tilpner>
Theoretically you could do { pkgs ? import <nixpkgs> {}; }: with pkgs; stdenv.mkDerivation
witchof0x20 has joined #nixos
<akavel>
aaaaah yes yes
<tilpner>
(Without first semicolon)
orivej has quit [Remote host closed the connection]
<akavel>
something like this
<tilpner>
But that's still not good enough for nixpkgs
justanotheruser has quit [Ping timeout: 240 seconds]
<akavel>
no?
<tilpner>
No, I don't think so. nixpkgs should use individual dependencies, not pass the whole thing, and especially not use with pkgs;
orivej has joined #nixos
<tilpner>
That makes overriding individual components easier
<tilpner>
And there's not much point in having a nixpkgs package be callable without callPackage
<akavel>
Hm, would something like this work: `let pkgs = import <nixpkgs> {}; in { stdenv ? pkgs.stdenv, cmake ? pkgs.cmake }: stdenv.mkDerivation ...` ?
<tilpner>
Oh, and nixpkgs packages should absolutely not use <nixpkgs>
<symphorien>
you would have to write { stdenv ? (import <nixpkgs> {}).stdenv }:...
<symphorien>
but still, it will probably not be accepted
<akavel>
My use case is rather for initial hacking
<akavel>
and private use
<akavel>
For upstream nixpkgs I'd sure "promote" it to "classical" function,
<tilpner>
An overlay can make usage of callPackage-style packages very convenient
<akavel>
but for example for nix-shell, IIUC I need the 'import <nixpkgs>' version, or the long ugly commandline
init_6 has quit [Ping timeout: 244 seconds]
<tilpner>
Huh, why?
ma27 has quit [Remote host closed the connection]
<srhb>
akavel: Or make a reusable wrapper, { hackingDefaultNix }: (import <nixpkgs> {}).callPackage hackingDefaultNix {}
<tilpner>
Are you talking about using packages with nix-shell, or dev environments?
<symphorien>
write the nixpkgs style file in your clone of nixpkgs, add it to pkgs/top-level/all-packages.nix and then to test, at the root of your clone: nix-build -A foo OR nix-shell -A foo
<symphorien>
this will use you file, no callpackage needed
<akavel>
but I want to have the file standalone and easily shareable
<tilpner>
jgt - You can try expanding postgis platform support to darwin, it's currently marked as linux-only
<akavel>
eh; I know I can make it two files; the whole point is, is it possible to make it just one file, but still working in both cases
<symphorien>
well the signature of the two files are different so no, I'd say
<akavel>
but the `{ pkgs ? import <nixpkgs> {}; }: ...` would work, no?
<tilpner>
It would
<tilpner>
But it wouldn't be merged into nixpkgs as-is
<akavel>
Right, that's totally ok for me.
vidbina has quit [Ping timeout: 276 seconds]
<akavel>
I see it as a pre-nixpkgs "staging" solution
jdnavarro has quit [Read error: Connection reset by peer]
<fresheyeball>
hey out there
jperras has quit [Ping timeout: 248 seconds]
<fresheyeball>
I am deploying mattermost with nixops
<akavel>
purely for convenience/ease of use and versatility out of nixpkgs
<jgt>
tilpner: how do I go about doing this? I'm guessing part of it is changing `platforms = platforms.linux;` to `platforms = platforms.unix;`. Is that right?
<fresheyeball>
and would like to upgrade which package it is using
<fresheyeball>
how can I control the nixpkgs set used in services?
<thekolb>
Are there nixos options that control loginctl linger for users?
<akavel>
tilpner: ok, thanks; I'll try this then, and try check if maybe the 'with' won't work for me too (?)
halfbit has quit [Ping timeout: 255 seconds]
<tilpner>
akavel - My first line had a "with", which should work
<jgt>
tilpner: ah ok. Looks like I can do `platforms = platforms.linux ++ platforms.darwin;`
<fresheyeball>
clever: as in { nixpkgs.overlays = [ .. ]; services.mattermost.enable = true; }
<fresheyeball>
??
<clever>
fresheyeball: yeah
<symphorien>
yes
<fresheyeball>
thanks folks. I would never have known!
rouma has joined #nixos
Ericson2314 has joined #nixos
<sigtrm>
Is networking.enableIPv6 = true; still needed to enable IPv6 support?
endformationage has joined #nixos
<clever>
sigtrm: the default is true
<sigtrm>
Okay, then I won't need to add that
hiroshi- has joined #nixos
hiroshi has quit [Ping timeout: 268 seconds]
hiroshi- is now known as hiroshi
erasmas has joined #nixos
<infinisil>
I've been wanting to make something that reduces your configuration.nix by removing all values you set as defaults
<sigtrm>
That would be nice, that way you could minimize the configuration
<clever>
infinisil: one option is to just use nix-diff, and brute-force delete tokens and see if the diff changes or not
<clever>
infinisil: that could also find duplicates between multiple files in your imports
<sigtrm>
I would like to ask another questions, I keep struggeling using both IPv4 and IPv6 adresses and I can't seem to figure out what I am doing wrong, for the configuration I have tried both ips = [ "10.100.0.1/24" "fd86:ea04:1115::1/64" ]; and ips = [ "10.100.0.1/24, fd86:ea04:1115::1/64" ]; and both fail, any advice?
<infinisil>
clever: I started with it by filtering the nixos options by values which have a highestPrio < option default or are the same as the default. This could then generate a new minimalized configuration.nix
rouma has quit [Remote host closed the connection]
Fare has joined #nixos
<infinisil>
But submodule handling will get a bit hairy
<sigtrm>
I shall clever, thank you
rouma has joined #nixos
jperras has quit [Read error: Connection reset by peer]
jperras_ has joined #nixos
<sigtrm>
Okay, now I am not getting back into NixOS...
<clever>
sigtrm: and you really want to have physical access when messing with IP config, so you can undo things
<sigtrm>
Yeah... I just wasn't messing with something I thought would ruin anything, I guess up I go
smolboye has quit [Quit: WeeChat 2.2]
grp has joined #nixos
smolboye has joined #nixos
<thoughtpolice>
jgt: Ehhh, it's unfortunately a bit more involved than that if you want PostGIS to be detectable by Postgres, because they won't have their libdirs "tied together", so postgres won't know where to find postgis.so
<jgt>
thoughtpolice: Oh wow, yes this does look like what I want
smolboye has joined #nixos
davenpcm has quit [Read error: Connection reset by peer]
<thoughtpolice>
jgt: I'm hoping to merge that this weekend after a few tests
<thoughtpolice>
Well, few more.
<jgt>
thoughtpolice: I made some progress with getting postgis on darwin (I think?), but I'm not quite there yet. Here's my diff: http://ix.io/1jPc
<jgt>
basically I'd just like to test postgis locally, before trying to run it on my server
ryanartecona has joined #nixos
<jgt>
I'm trying to run it with `nix-shell -I nixpkgs=/Users/jgt/nixpkgs -p postgis`, but this fails with `ld: file not found: /nix/store/9bdidf7jji4zlcywgyiq584vpkbxqn8j-postgis-2.4.4/bin/postgres`
adamt has quit [Ping timeout: 240 seconds]
<clever>
jgt: it will likely also fail with `nix-build /Users/jgt/nixpkgs -A postgis` ?
Ariakenom has quit [Ping timeout: 265 seconds]
<akavel>
tilpner, symphorien: the following seemed to work for me in a `foo.nix`: `{ pkgs ? (import <nixpkgs> {}), stdenv ? pkgs.stdenv, fetchFromGitHub ? pkgs.fetchFromGitHub }: stdenv.mkDerivation ...`
<jgt>
clever: I am trying this now
<sigtrm>
error: The option value `networking.wireguard.interfaces.wg0.ips.[definition 1-entry 1]' in `/etc/nixos/configuration.nix' is not of type `string'.
<sigtrm>
So I can't use it like it's used in router.nat.nix
<akavel>
It should still work in an overlay with callPackage, right?
<tilpner>
akavel - Yes
<jgt>
clever: Yes, it failed in the same way
<sigtrm>
Also I don't understand how come openssh isn't working anymore
<akavel>
tilpner: thanks! And IIUC, the `pkgs` there will probably not be evaluated anyway if called via callPackage, because lazy evaluation & not used?
ericsagnes has joined #nixos
<thoughtpolice>
jgt: There's probably something in the build system specific to Darwin that wants to look for Postgres-related stuff in the "same" directory PostGIS thinks it will be installed to. This is a big assumption by the entire Postgres/PGXS infrastructure -- that everything will be 'colocated' together, by installing all 3rd party things right next to Postgres
<thoughtpolice>
We have a few patches to fix that behavior *in Postgres*, but for downstream/3rd party things, it's more of a case-by-case basis making that work. I recently (in my branch) made PGXS work quite well, but it's not bulletproof.
<thoughtpolice>
(Also, when I say "Postgres/PGXS infrastructure", I mean the upstream infrastructure, obviously. They always assume they're on some system like Debian)
<thoughtpolice>
jgt: That's also the same reason why 'nix-shell -p postgis postgres' doesn't work as you expect -- because we actually take postgis + postgres + whatever else you want, we symlink-merge the filesystem trees (to make a unified one), and we have a small patch to Postgres that lets us override the LIBDIR it uses, so we p oint it at the merged tree, so it can 'see everything'
<thoughtpolice>
jgt: Hence, you need that stupid '.withPackages' thing -- so it can create the environment, and wrap postgresql for you.
<jgt>
thoughtpolice: will I be abe to test out postgis locally on darwin if I work off your PR?
<thoughtpolice>
jgt: I have made zero infrastructural changes for Darwin, so if it's broken, it's almost certainly broken in the exact same way. Most of my work has been rewriting Nix expressions.
seanparsons has joined #nixos
<thoughtpolice>
Note that that branch is going to imply a bunch of rebuilding due to all my tweaks.
<thoughtpolice>
jgt: So, it may be a better place if you want some of the features. But if you can get postgis building on master -- it will almost certainly apply directly to my branch as well
<thoughtpolice>
jgt: And I'm more than happy to merge any changes/put patches on my branch for that, if you can cook them up. So feel free to use whatever feels less complex -- if you can get it building, I can take the patch (I'm afraid I do not have a macOS machine)
<jgt>
thoughtpolice: well I fixed the libiconv problem (which was trivial), but I'm not sure how to fix the next problem
akavel has quit [Quit: Page closed]
<thoughtpolice>
You'll probably have to just start looking at the build system directly I'm afraid. This is the painful part :(
<thoughtpolice>
The easiest way to start is just to make sure you can see every command the build system works, and work backwards from there.
<jgt>
when you say "the build system", do you mean hydra?
<thoughtpolice>
I mean the actual PostGIS makefiles
<fresheyeball>
so I need to override that line somehow
<thoughtpolice>
(I misread your question, sorry)
<fresheyeball>
since the binary now has a different name
<fresheyeball>
it was `mattermost-platform` but now its just `platform`
<thoughtpolice>
jgt: Like I said, there's probably something in their Makefile code that assumes they can use `pg_config --bindir` or something. So looking around for uses of pg_config might also be a good start.
<thoughtpolice>
At least, that's how 90% of all extensions "find out" where their Postgres installation lives
<jgt>
thoughtpolice: ok, that's a good clue
<thoughtpolice>
(And normally how they find out where to copy files _to_)
justanotheruser has joined #nixos
<clever>
jgt: what revision of nixpkgs do you have checked out?
<grp>
I've run into a dead end. I have a bunch of servers and containers so I want to keep my users pool in one place and reuse it everywhere (so I don't have to copypaste stuff and update it in multiple confs). So I structured a directory like this: /etc/nixos/users/${user}/{default.nix,*.key} with the intention of adding ./users/grp to the imports list and have it load everything including openssh keys. The idea
<grp>
is to auto-import the ssh keys, so I also wrote a /etc/nixos/modules/ssh-keys.nix that creates the allowedkeys sections. I managed to get the ssh key sourcing right, but here's the catch: since the import in configuration.nix happens first, I can't mapAttrs config.users (it's empty). If I grab all ssh-keys per user-folder and source them, the user set structure gets populated and I end up with all the users I
<clever>
jgt: postgis compiles for me on linux
<grp>
have in my pool. So I'm currently in the process of writing a lib to loadUsers [...] from configuration.nix and be done with it, but I wanted to know if there's a way I could somehow do plan A
hakujin2 has joined #nixos
<fresheyeball>
clever: can I overlay the service definition as well?
<jgt>
clever: I'm on 7283740218a
<jgt>
clever: but linux is not the issue; I'm on darwin
<clever>
fresheyeball: not easily, but it can be done
hakujin3 has joined #nixos
<fresheyeball>
clever: well, just upgradeing the pkg fails, since the service definition is out of step
<elvishjerricco>
clever: Can't he just mkForce the ExecStart?
<clever>
elvishjerricco: ExecStart is not a nixos option, you have to mkForce the entire serviceConfig
hakujin4 has joined #nixos
<fresheyeball>
elvishjerricco: I just did that
<fresheyeball>
haha
<elvishjerricco>
Huh... I swear I've done that before...
<fresheyeball>
elvishjerricco: it appears to have worked, will now after build
hakujin2 has quit [Ping timeout: 265 seconds]
<fresheyeball>
elvishjerricco: still, it feels like the wrong way
<elvishjerricco>
fresheyeball: Also, I just looked at nixpkgs master. I think your problem may be fixed on master?
<Dedalo>
clever I'm back, so I have tried to create the boot partition with fdisk /dev/sda, but it says: No medium found. Why? There is Windows installed on this machine, but I want to ripp off.
<clever>
Dedalo: what does lsblk say?
hotfuzz has quit [Ping timeout: 245 seconds]
<Ralith>
eqyiel: \o/
<fresheyeball>
clever: thank you, I will be moving to the replace-modules pattern soon
hakujin3 has quit [Ping timeout: 240 seconds]
<fresheyeball>
that looks much cleaner than peicmeal overriding
<Dedalo>
there is a loop0, then sdb with two leaves sdb1 sdb2 and then the nvm0n1
<clever>
fresheyeball: you can also just copy the whole module to the current dir and imports = [ ./copy.nix ];
<fresheyeball>
clever: that is what I do not want to do
<clever>
Dedalo: so you have 2 drives plugged in, sdb, and nvme0n1, by the sizes, can you tell what physical device each is?
<Dedalo>
So I guess is the one then I need to partition
<fresheyeball>
can I buy you a beer?
<clever>
Dedalo: then you want to aim fdisk at the nvme drive
<fresheyeball>
clever++
<{^_^}>
clever's karma got increased to 17
<fresheyeball>
clever++
<{^_^}>
clever's karma got increased to 18
<clever>
fresheyeball: i dont drink beer, lol
<Dedalo>
clever we are gonna pay you a coffee
<clever>
Dedalo: also of note, nvme only boots with uefi, so your /boot partition has to be an efi system partition, with GPT tables, and formated as fat32
<clever>
Dedalo: i also dont drink coffee, lol
hakujin4 has quit [Ping timeout: 240 seconds]
<Dedalo>
so I need to check how to create an efi partition with GPT tables with fdisk I guess
<clever>
elvishjerricco: if you try to GC a store without chroot'ing into it, then all indirect roots will be shreded
<{^_^}>
[nixpkgs] @vcunat opened pull request #44875 → gdbm: avoid a warning on Darwin → https://git.io/fN7EP
<Dedalo>
The poor Windows is Gone, deleted, forever!
hakujin3 has joined #nixos
hakujin1 has quit [Ping timeout: 240 seconds]
<Dedalo>
but Microsoft I'm sure that got its 60 bucks
<elvishjerricco>
clever: Aww... I was thinking about replacing parts of my secret key management with a secret chroot store so I could get a GC for secrets.
<clever>
elvishjerricco: normal roots within /nix/var/nix/profiles/ and friends will survive, if you GC with the right command
<clever>
only indirect roots are broken
hakujin4 has joined #nixos
<elvishjerricco>
Yea but indirect roots are how I would even access the keys.
hakujin2 has quit [Ping timeout: 265 seconds]
jperras_ is now known as jperras
hakujin has joined #nixos
hakujin3 has quit [Ping timeout: 240 seconds]
<Dedalo>
clever OK, now I have a 1 GB partition EFI System
<clever>
Dedalo: that drops a ~300mb initrd into /boot, that contains the entire nixos installer
<clever>
and it adds an option for it to grub
hakujin4 has quit [Ping timeout: 240 seconds]
<clever>
jdnavarro: error: Package ‘postgis-2.4.4’ in /home/clever/apps/nixpkgs/pkgs/development/libraries/postgis/default.nix:101 is not supported on ‘x86_64-apple-darwin’, refusing to evaluate.
<clever>
jgt: ah, so your probably hitting the original problem that made it linux-only
<Dedalo>
clever I have forgot to I think I have forgotten to crate a new empty GPT partition table
<clever>
Dedalo: p will tell you if its dos or gpt
<Dedalo>
it's gpt
<Dedalo>
I was lucky :-D
hakujin1 has joined #nixos
<clever>
windows probably already had gpt tables there
<jgt>
clever: can I use nix-shell with a remote builder?
<Dedalo>
the script that you linked is useful in case I fuck up the boot partition?
<clever>
jgt: it will obey /etc/nix/machines when building the inputs to the expression, but the shell itself will be ran locally
<clever>
Dedalo: the rescue script only works if /boot is intact
<clever>
Dedalo: its more for if you mess up the root partition, or want to make drastic changes to root
Ariakenom has joined #nixos
<Dedalo>
OK, I cross my finger, I don't wanna fuck up anything :-)
<Dedalo>
now I'm ready to mount, it's always a pleasure to mount
<clever>
rescue_boot.nix mainly saves you from having to dig out the USB you installed from
hakujin has quit [Ping timeout: 265 seconds]
<Dedalo>
you will teach me later how to use it
ramses_ has joined #nixos
hakujin2 has joined #nixos
<ramses_>
Hi guys, anyone know how to run garbage-collect in the standard nixos docker-registry? I just enabled the option in configuration.nix but the registry uses *a lot* of disk space
<srhb>
ramses_: Uhhh, standard nixos docker-registry?
iyzsong has quit [Read error: Connection reset by peer]
<ramses_>
srhb: I mean, the one you get by enabling the option in configuration.nix
hakujin1 has quit [Ping timeout: 265 seconds]
<Dedalo>
I also need to create the swap partition
<ramses_>
services.dockerRegistry.enabled = true;
hakujin3 has joined #nixos
hakujin2 has quit [Ping timeout: 240 seconds]
<Dedalo>
Should I go with 4 GB or 8? This laptop has 16 GB of RAM.
<clever>
Dedalo: if you want hibernation, then the swap has to be bigger then the ram, beyond that, it depends purely on what you run and how bad your tab addition is
<Yaniel>
IIRC the rule of thumb was to make swap 2x the size of RAM
<clever>
Dedalo: i have over 1000 tabs in chrome, and it uses 32gig of ram and sometimes another 32gig of swap
<Dedalo>
my tab addition is really bad, I confess
<Dedalo>
I usually use two windows of Chrome full of tabs
<Dedalo>
so I will go with 32 GB, just to be sure
<clever>
Dedalo: 35 windows, with a total of 1399 tabs, for the first chrome profile
<clever>
Dedalo: 22 windows with a total of 436 tabs for the second profile
<Dedalo>
do you keep every tab open? how can you find them?
<clever>
Dedalo: the vimium extension lets you search for tabs by title with T
<sigtrm>
OKay so I don't understand why ssh isn't working anymore, I even tried to run an earlier configuration from when it was working, but still nothing, I can access the system only through serial. Any advice?
<clever>
infinisil: already tried it, but it just makes the problem worse :P
<gchristensen>
nfs mount AWS's EFS and and mkswap on it
<clever>
sigtrm: check the ip's shown by `ip addr`
<sigtrm>
They are correct
<sigtrm>
Already checked that
<clever>
sigtrm: is sshd running?
<Dedalo>
I think I will go now, need to go back in London
<Dedalo>
I will see you later guys. Thank you for your help clever, I'm going to ping you a lot in the next days, be ready! :-P
<sigtrm>
I am struggling finding it because of the shitty serial connection
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
sigtrm: ps aux | grep sshd
<sigtrm>
I already ran that, but it just messed up here, let me kill and retry
__Sander__ has quit [Quit: Konversation terminated!]
<sigtrm>
OKay a reconnect cleared the terminal and fixed it
<sigtrm>
Yes sshd is running
<clever>
sigtrm: you can also run reset to reset the terminal
<sigtrm>
Thank you
<clever>
sigtrm: is the machine acting as a router?
<mightybyte>
I just updated nixos last night to the latest 18.03, and now I'm getting an enormous build with nothing cached. It built all night and still looks nowhere close to being done. Any idea what's up?
<clever>
mightybyte: what is taking that long to build?
<sigtrm>
Still getting the connection temrinated
Fare has quit [Ping timeout: 256 seconds]
<mightybyte>
clever: Everything?
hakujin has joined #nixos
<mightybyte>
It's giving me one of the most enormous lists of things to be built that I've seen since I've been using nix.
<mightybyte>
Shouldn't this stuff be cached?
<clever>
mightybyte: is cache.nixos.org listed in /etc/nix/nix.conf ?
<clever>
mightybyte: and how did you update to 18.03?
hakujin3 has quit [Ping timeout: 256 seconds]
<clever>
sigtrm: can you paste the exact error ssh gave?
<mightybyte>
clever: No. I thought it was included by default.
<mightybyte>
...also, I can't nixos-rebuild switch to fix that.
<clever>
there is nothing in the brightnessctl package that could possibly do what line 18 claims it does
hakujin1 has joined #nixos
hakujin4 has quit [Ping timeout: 240 seconds]
<clever>
the nix expression is patching the udev rules file, but that never actually gets installed
<lo_mlatu>
so that's a bug? oh something remains to be done?
<clever>
it looks like a bug in the package
hakujin2 has joined #nixos
hakujin has quit [Ping timeout: 256 seconds]
<grp>
I'm trying to nix repl somefile.nix. This file's format is {lib}: ... but nix repl doesn't let me do that...; How can I load such definition in the repl and have working references to anything other than builtins?
<Myrl-saki>
clever: And I gave up on vi implemented in Rust. :P
<lo_mlatu>
I see, thanks very much!
<clever>
grp: create another file, that does: let lib = (import <nixpkgs> {}).lib; in import ./somefile.nix { inherit lib; }
<clever>
grp: and then run nix repl on that
<clever>
grp: or change it to: { lib ? (import <nixpkgs> {}).lib }:
<grp>
3rd option
<grp>
err, 2nd
hakujin3 has joined #nixos
<grp>
I was trying something like that: lib ? import <nixpkgs> {lib}
<grp>
but obviously got it wrong
hakujin1 has quit [Ping timeout: 256 seconds]
Dedalo has joined #nixos
<clever>
grp: that tries to call nixpkgs, and pass it a lib argument, and that attr set isnt valid
<grp>
yeah, figured it didn't make sense, but I'm still kind of lost with nix
<grp>
pieces are starting to come together but I still have some dark corners
hakujin4 has joined #nixos
hakujin2 has quit [Ping timeout: 240 seconds]
jperras has joined #nixos
hakujin has joined #nixos
hakujin3 has quit [Ping timeout: 256 seconds]
hakujin1 has joined #nixos
hakujin4 has quit [Ping timeout: 256 seconds]
<grp>
clever: this is not working: {lib ? (import <nixpkgs> {}).lib): let inherit (lib) readDir in rec { ls = readDir "/example" }
<grp>
I was pulling my hairs... why the f* did I mistake readDir as being in lib...
<sigtrm>
Sorry if I am asking many questions lately, I am just at a bit of loss as to what is happening, I can't even get a normal configuration running anymore, I get RTNETLINK answers: File exist when rebuilding even after a reboot
<clever>
grp: a lot of things are in lib first, then get moved to builtins, and lib becomes an alias
Mateon3 has joined #nixos
hakujin2 has joined #nixos
<grp>
that must be it
<clever>
> lib.tail
<{^_^}>
<PRIMOP>
<clever>
primops are all written in c++
Mateon1 has quit [Ping timeout: 240 seconds]
Mateon3 is now known as Mateon1
hakujin3 has joined #nixos
<ivan>
sigtrm: checked journalctl? is there anything unusual with your networking?
<clever>
sigtrm: what is the exact error the ssh client gives?
hakujin1 has quit [Ping timeout: 256 seconds]
reinzelmann has joined #nixos
hakujin2 has quit [Ping timeout: 265 seconds]
Fare has quit [Ping timeout: 240 seconds]
hakujin4 has joined #nixos
fendor has quit [Ping timeout: 256 seconds]
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @xeji pushed commit from @rasendubi to master « alarm-clock-applet: fix build (#44872) »: https://git.io/fN76H
hakujin4 has quit [Ping timeout: 240 seconds]
stanibanani has joined #nixos
stanibanani has left #nixos [#nixos]
agjacome has joined #nixos
akavel has joined #nixos
<akavel>
I'm trying to build some Haskell project in Nix, which apparently uses some "Stack" helper. I'm trying to use the "haskell.lib.buildStackProject". I managed to force it to use Nix's ghc, but it still insists on downloading all dependencies from the internet
<infinisil>
akavel: Use stack2nix instead, it's much better fit for all things imo
<akavel>
infinisil: Where do I find it and how do I use it?
<infinisil>
akavel: google
<{^_^}>
[nixpkgs] @matthewbauer pushed to master « brightnessctl: also install udev rules »: https://git.io/fN7iB
<akavel>
infinisil: ok, found this announcemenet by Domen Kozar: https://nixos.org/nix-dev/2017-June/024011.html; seems it's in nixpkgs, and the mail has some usage info, so will try this. Thanks!
<infinisil>
akavel: Yeah, but the readme in the repo usually contains the best overview of how to use it
<jonreeve>
Hm, I think that's for -i, though, and I'm running -q
<jonreeve>
Like, for querying package names
hakujin has quit [Ping timeout: 256 seconds]
<symphorien>
is there a modulo operator in nix ?
<clever>
yeah, the -q will always be slower
<clever>
jonreeve: there is also a newer `nix search`
hakujin2 has joined #nixos
<elvishjerricco>
Can't wait till we get `nix install`...
hakujin1 has quit [Ping timeout: 265 seconds]
<infinisil>
> lib.mod 10 3 # symphorien
<{^_^}>
1
<symphorien>
thanks
hakujin3 has joined #nixos
jonreeve has quit [Ping timeout: 244 seconds]
hakujin2 has quit [Ping timeout: 256 seconds]
hakujin4 has joined #nixos
xeji_ has joined #nixos
xeji has quit [Ping timeout: 256 seconds]
hakujin3 has quit [Ping timeout: 256 seconds]
ryanartecona has quit [Quit: ryanartecona]
hakujin has joined #nixos
<ramses_>
Hi guys, anyone know how to run garbage-collect in the docker-registry that you enable with services.dockerRegistry.enabled in configuration.nix? I can't find how to run the command
hotfuzz has joined #nixos
hakujin1 has joined #nixos
dbmikus has joined #nixos
<ramses_>
I found the command with which the registry is started but using the same config file gives me an error about /docker/registry/v2/repositories not being found: https://pastebin.com/NxmspL2f
hakujin4 has quit [Ping timeout: 265 seconds]
jonreeve has joined #nixos
hakujin has quit [Ping timeout: 256 seconds]
<jonreeve>
`nix search` is exactly what I need. Thanks!
hakujin2 has joined #nixos
<jonreeve>
Does anyone know how to search packages for a particular binary or executable?
<clever>
neonfuz: it will just generate a docker image that contains the full closure of the given derivations, and you can then pipe it into `docker load`
<neonfuz>
yea
<{^_^}>
[nixpkgs] @jasoncarr0 opened pull request #44879 → nodePackages.jake init at → https://git.io/fN79g
hakujin1 has quit [Ping timeout: 265 seconds]
hakujin3 has joined #nixos
<dhess>
I love NixOS and NixOps so much. Needed to change a firewall whitelist. With Debian I'd need to update a package, build it by hand, install it everywhere... With NixOS+NixOps it's just a one-line change in a .nix file and a `nixops deploy`
<dhess>
edit to deployment time was about 1 minute
<gchristensen>
<3 <3 <3 <3 ME TOO.
hakujin2 has quit [Ping timeout: 260 seconds]
<clever>
a couple of months ago i needed to scale up some relay clusters, and it took only ~10-20 mins to make the changes, and then deploy another 80 machines
bennofs has joined #nixos
<elvishjerricco>
Is it still true that you cant use initrd networking and networkManager?
acarrico has joined #nixos
genesis has quit [Ping timeout: 245 seconds]
<selfsymmetric-mu>
What's a good network monitor for checking bandwidth statistics? I thought I'd try darkstat but I cant get it enabled.
<{^_^}>
[nixpkgs] @srghma opened pull request #44880 → fix: build-max-jobs supports auto → https://git.io/fN7Hy
<Mic92>
selfsymmetric-mu: bmon for shorterm stuff
<Mic92>
vnstat for long-term
<dhess>
clever: I may have asked you this recently but are you using Terraform for any of this stuff?
hakujin4 has joined #nixos
<gchristensen>
Dezgeg: you mentioned something about libvirt, is it faster than qemu or something?
<dhess>
gchristensen: unless something has changed recently, libvirt is just a generic API for dealing with various VM subsystems in a general way -- kvm, Xen, etc.
<Dezgeg>
wasn't me
<gchristensen>
oh ok
hakujin has joined #nixos
<dhess>
so for example, libvirt has one way to specify that you want to open a serial console and it knows how to do that for both Xen and kvm+qemu.
<grp>
is there a better way to debug a build than using --show-trace ? (I'm really frustrated with it)
benzrf has joined #nixos
hakujin3 has quit [Ping timeout: 256 seconds]
<gchristensen>
I don't like it as much as qemu's interface afaict, given qemu can "just run" a thing and libvirt looks like I "install" a thing first
<symphorien>
there are various utilities in lib.debug to print stuff but it is not life changing
<dhess>
gchristensen: I never liked libvirt, either.
hakujin4 has quit [Ping timeout: 240 seconds]
<dhess>
all this XML bullshit
<gchristensen>
I read on the fedora wiki that qemu is a slower option, and it seems like it might be FUD?
<benzrf>
but all too often when i try to do ghcWithPackages i get errors about version incompatabilities
lo_mlatu has quit [Quit: Connection closed for inactivity]
<dhess>
I dunno, like I said it's been awhile and maybe it does more than it used to. Hard to imagine they decided to turn it into a platform virtualization layer a la QEMU though
<Dezgeg>
it can't be right since libvirt will call into qemu eventually
<benzrf>
actually, what *is* the state of the art for hackage packages that depend on versions of other hackage packages that are older than the version in haskellPackages?
hakujin has quit [Ping timeout: 256 seconds]
hakujin2 has joined #nixos
<dhess>
benzrf: I put haskellPackages.extend in an overlay and then use callHackage/callCabal2nix to override the packages as needed.
<benzrf>
i'm not terribly competent with nix - by "overlay" do you mean like using .override?
<benzrf>
also, it seems like that should be possible to automate given that *the packages already have the dependencies in a machine readable format*
<dhess>
They're similar but composable
<dhess>
benzrf: if you're happy to stay in sync with Stackage LTS releases, there is also nixpkgs-stackage
<benzrf>
well, it's not so much stackage in particular i want
hakujin1 has quit [Ping timeout: 240 seconds]
hakujin3 has joined #nixos
<gchristensen>
do we have a fetchTorrent? I don't think we do, but I have a Unique use case :P
<dhess>
gchristensen: huh that might be interesting :)
hakujin2 has quit [Ping timeout: 265 seconds]
<dhess>
it could fire up an rtorrent instance. You could even specify how long you want to seed after finishing.
<dhess>
maybe that's too complicated for a fetch* primitive.
<benzrf>
dhess: thx
<gchristensen>
people have asked about fetching from the binary cache via torrent, which doesn't really work, but there is source here only available via torrent.
<clever>
dhess: note that if you try to seed, nix wont consider the download done until you return
<clever>
and when you return, nix kills all proccesses
hakujin4 has joined #nixos
<dhess>
clever: yeah once I considered that and how it would need to like fork off in the background or whatever, I realized this was not a job for fetchTorrent :)
<clever>
dhess: and it cant fork into the background, nix uses the uid to murder every single child you leave behind :P
<clever>
dhess: your entire bloodline must die!! :P
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<benzrf>
so what seems to me like an obvious idea is using something like all-cabal-hashes to create a tool (not necessarily written in nix lang itself, i mean) that you can feed a package + version and which does actual proper dependency resolution to generate a derivation DAG with proper versions
<benzrf>
is there a reason this doesnt exist? is it a bad idea/
<benzrf>
?
<clever>
benzrf: Cabal2nix might already do that (not to be confused with cabal2nix)
hakujin has joined #nixos
<benzrf>
there's a hackage package i just wanna play around with and i just resorted to making a cabal sandbox because it's less of a pain than setting up an overlay to fix version mismatches
<clever>
dhess: this is something i had tossed together a month ago
rouma7 has joined #nixos
<clever>
dhess: it disables version checks on tasty, then loads serokell-util.cabal from the current dir, and drops me into a shell containing a ghci + ghc, that have all that serokell-util wanted
<grp>
clever: I have a file test.nix with contents: {lib ? (import <nixpkgs> {}).lib, ...}: with lib; {testvar = id "teststring";} Then I used imports = [ path/to/test.nix]; but I get "undefined variable" whenever I try to use testvar. I managed doing with (import path/to/test.nix) {inherit lib;} but it bothers me that it's not working with imports. What am I missing?
hakujin3 has joined #nixos
<clever>
grp: imports will store all of the results into the config tree
<clever>
grp: and only if you are inside a nixos module
<clever>
if your in a normal nix file, then thats simply a list of paths called imports, and it does nothing special
<kalbasit[m]>
clever: I'm trying to write an overlay that reads `../pkgs` (a dir containing other dirs, each containing default.nix) and construct a set of `$(basename dir) = import dir`. I got this so far https://gist.github.com/kalbasit/f6de33d5b15b3109e9cff4418588cad6 but it's not working, it says value is a builtin
<kalbasit[m]>
clever: how to change it to work better?
<clever>
kalbasit[m]: line 6&7, you ran listToAttrs on map
rprije has quit [Remote host closed the connection]
rprije has joined #nixos
leotaku has quit [Remote host closed the connection]
leotaku has joined #nixos
hakujin3 has joined #nixos
hakujin2 has quit [Ping timeout: 256 seconds]
grp has quit [Quit: box shutting down...]
hakujin4 has joined #nixos
<bigvalen>
If you use ZFS with Nixos, how do you clean up old snapshots ?
hakujin3 has quit [Ping timeout: 240 seconds]
<clever>
bigvalen: when using the autosnapshot option, it cleans them up automatically
thekolb has left #nixos [#nixos]
saruspete has joined #nixos
<bigvalen>
Oh. Hmm. I've about 20 hanging around.
<bigvalen>
No. 55 of them.
<ldlework>
bigvalen: I've never even checked
symphorien has left #nixos ["WeeChat 2.1"]
hakujin has joined #nixos
xeji has quit [Quit: WeeChat 2.0]
alex`` has joined #nixos
hakujin4 has quit [Ping timeout: 256 seconds]
<bigvalen>
Only see them when snapshotting other things, and see the pollution.
<dhess>
clever: man this netboot_server.nix config is so cool. Now when I upgrade NixOS I automatically get upgraded PXEboot images as well.
dbmikus has quit [Ping timeout: 256 seconds]
<elvishjerricco>
> "ZFS requires networking.hostId to be set"
<{^_^}>
"ZFS requires networking.hostId to be set"
<elvishjerricco>
Why?
hakujin1 has joined #nixos
Fare has quit [Ping timeout: 256 seconds]
<bigvalen>
My team in work do net booting for servers. We are moving from Anaconda, Redhat's nonsense, to a home-brew system. It's only when you spend 3 weeks rebuilding a RAM disk that you appreciate beautiful software like nixos.
<clever>
elvishjerricco: ZFS uses the hostid to detect if the given block device is in-use by another host, over a shared block device
<elvishjerricco>
Huh. Alright.
<elvishjerricco>
thanks
hakujin has quit [Ping timeout: 240 seconds]
<yorick>
clever: is there anything that can actually make use of shared block devices?
<clever>
elvishjerricco: it will only import a pool that was last imported by the same hostid (an improper or clean shutdown, and not in use), or that has been cleanly `zpool export`ed (clearly not in use)
<clever>
yorick: a few filesystems support it, but need a seperate connection to a locking server to coordinate things
Fare has joined #nixos
<clever>
yorick: but it can also accidentally happen if your using something like iscsi to mount a drive, and you forget to umount it at another machine
<clever>
ext4 may treat it as an improper shutdown, and then 2 writers will start to shred your disk
<clever>
zfs will refuse to open it until you use force, and then its your own fault
Necronian[m] has left #nixos ["User left"]
<yorick>
clever: I was thinking of putting a nix store on a shared block device
Thra11 has joined #nixos
<clever>
yorick: the profiles will cause a lot of problems, since each system wants its own view of what /nix/var/nix/profiles/system points to
<yorick>
sounds like a job for overlayfs :P
<clever>
yorick: and the instant you start to shadow that with variants, garbage collection will become a pain in the ass
<clever>
"oh, nobody is using that, delete!"
<clever>
every other machine promptly falls over :P
<yorick>
yeah, but that can be fixed
<clever>
and nix expects certain global locks to work when dealing with db.sqlite and related things
<clever>
why not use a central binary cache instead? or nfs if you must share
<yorick>
I found some mail threads of people putting nix stores on nfs
<yorick>
central binary cache is probably what's gonna happen, yes
<clever>
yorick: using netboot_server.nix you can just PXE boot every machine with a minimal disposable nix store that it keeps in ram
CoopDot[m] is now known as CoopDot[m]1
<sigtrm>
So if I understood it correctly, each time I run rebuild the entire OS is being rebult and put back to the way the configuration.nix files tells it to, is this correct?
NightTrain has joined #nixos
<clever>
sigtrm: yeah
<sigtrm>
So if I were to take a configuration.nix file I saved eariler today when everything was working, it should be working even if the current one isn't
<clever>
sigtrm: correct
<clever>
sigtrm: thats why i try to keep it in a git repo, and also use zfs snapshots to archive it more often
sigmundv has joined #nixos
fresheyeball has joined #nixos
<sigtrm>
Okay, but doing that still doesn't fix my ssh connection issues, I even tried at boot up to start one of the NixOS os options from yesterday when it was working, but still nothing
<fresheyeball>
hey out there
<sigtrm>
I'll start looking at my local lan trying to figure this out
<clever>
sigtrm: nixos also keeps the fully build copies of nixos as GC roots, in /nix/var/nix/profiles/system-*
kiloreux has quit [Ping timeout: 240 seconds]
<fresheyeball>
how can I turnon wifi from the minimal installer?
<clever>
sigtrm: so you can just do a rollback to an exact build, without having to know how it was made
<sigtrm>
How do I do a roll back?
<fresheyeball>
I added it to the configuration.nix
<clever>
sigtrm: you have also not yet given the exact error the ssh client gives when failing
<clever>
sigtrm: having the error would help debug it a lot better
<sigtrm>
I am using putty on a windows box since that is what I have access to now
<clever>
sigtrm: is that over ipv4 or ipv6?
<sigtrm>
ipv4
hakujin2 has joined #nixos
<clever>
sigtrm: what is the IP on the problem nixos machine?
<sigtrm>
192.168.10.126
<clever>
sigtrm: and what is the name of the ethernet interface?
<sigtrm>
on the NixOS machine? eth0
<clever>
sigtrm: run this on the nixos machine: arping -D 192.168.10.126 -I eth0
<clever>
does it get any response back?
<{^_^}>
[nixpkgs] @aszlig pushed to master « nixos/tests/luksroot: Fix OCR of passphrase prompt »: https://git.io/fN5J4
hakujin1 has quit [Ping timeout: 240 seconds]
<sigtrm>
Doesn't seem like it
hakujin3 has joined #nixos
<clever>
sigtrm: from the nixos machine, run `tcpdump -i eth0 -p -n port 22`, it should have very little output, then try to ssh into it once, and pastebin the output tcpdump made
<sigtrm>
Need to install tcpdump
<clever>
sigtrm: does `ls -l /nix/store/*/bin/tcpdump` find any copies?
worldofpeace_ has joined #nixos
<sigtrm>
No such file or directory, is tcpdump supposed to come as standard?
hakujin2 has quit [Ping timeout: 256 seconds]
<clever>
nope, but there was a chance you already had it
gratin has joined #nixos
<clever>
sigtrm: fire up wireshark on the ssh client, set it to capture port 22, and then try a single ssh, then stop capture and screenshot the packet listing
hakujin4 has joined #nixos
Czen has quit [Remote host closed the connection]
abueide has quit [Ping timeout: 240 seconds]
<sigtrm>
Let me install wireshark
Czen has joined #nixos
Mr_Keyser_Soze has quit [Ping timeout: 244 seconds]
hakujin3 has quit [Ping timeout: 256 seconds]
alex`` has quit [Ping timeout: 244 seconds]
ryanartecona has quit [Quit: ryanartecona]
oida has joined #nixos
sir_guy_carleton has quit [Quit: WeeChat 2.0]
akavel has quit [Ping timeout: 252 seconds]
abueide has joined #nixos
Drakonis has quit [Read error: Connection reset by peer]
gratin has quit [Read error: Connection reset by peer]
oida has quit [Remote host closed the connection]
oida has joined #nixos
worldofpeace_ has quit [Ping timeout: 256 seconds]
gratin has joined #nixos
Lisanna has joined #nixos
abueide has quit [Ping timeout: 272 seconds]
<selfsymmetric-mu>
What does this warnings mean? `install-info: warning: no info dir entry in `/nix/store/cygksxa2f63blwa1c188djf9s3163nl9-system-path/share/info/automake-history.info'`
worldofpeace_ has joined #nixos
<clever>
selfsymmetric-mu: why do you have automake in systemPackages?
<selfsymmetric-mu>
clever: I need it to install pdf-tools.
<clever>
selfsymmetric-mu: why do you need automake installed to install pdf-tools?
<selfsymmetric-mu>
The NixOS way is too convoluted for me. Hold on, I'll find the bug report.
<dhess>
clever: it failed to boot the first time, then tried again and this time got the HTTP link and fetched the nixos image. Have you seen that before?
<clever>
dhess: the timeouts may sometimes be picky
erasmas has quit [Quit: leaving]
<sigtrm>
clever, would you mind if I sent you a link to the screenshot in pm?