<Shados>
samueldr: If the ? was for me, at one point the grub module's set of checks/assertions required you to specify 'boot.loader.devices' even if you had both 'boot.loader.efi.efiSysMountPoint' and 'boot.loader.grub.efiSupport', meaning you'd get a dual (MBR+EFI) installation of it. Which was kind of akward with a GPT disk, because then you'd need to add a BIOS boot partition... Anyway, I fixed it ages back, but then I think it got re-broken when mirrored boots were
<Shados>
added, and I don't know if it was fixed since.
<samueldr>
sorry Shados, yes it was about what you said
<samueldr>
Shados: currently, it needs to be set to the special value "nodev" in that situation
<Shados>
Well, that's something... although not documented it looks like?
<samueldr>
Description:
<samueldr>
The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.
<samueldr>
Shados: though, is there anywhere else it could be found you think?
<samueldr>
or, let me rephrase; were would you have expected to see it documented?
<Shados>
Ah, I see, my search was just bad
blankhart has joined #nixos
<Shados>
The documentation there is actually pretty confusing "a GRUB boot menu will be generated, but GRUB itself will not actually be installed" sounds like setting it to nodev would literally just create the grub.cfg, regardless of the values for efiSupport and efiSysMountPoint.
<samueldr>
you're right, it's confusing
<samueldr>
it's unclear that it means *installed to the partition*
<samueldr>
and that `efiSupport` will make it install to the ESP + efivars
Fare has quit [Ping timeout: 252 seconds]
hellrazor has quit [Ping timeout: 264 seconds]
<Shados>
(Unless you have efiInstallAsRemovable set, in which case of course it goes to the default-boot-file location on the ESP and doesn't set efivars...)
<samueldr>
the rabbit hole is deep :)
<Shados>
Honestly the whole `boot` section of the options feels like a bit of a clusterfuck
<samueldr>
it's probably due to how booting is a clusterfuck itself?
ericsagnes has joined #nixos
<{^_^}>
[nixpkgs] @AndersonTorres pushed 2 commits to master: https://git.io/fAOxz
<fzer0>
any gotchas when setting up fingerprint authentication. I installed libfprint and set security.pam.services.<my user name>.fprintAuth =true; ?
jonreeve has joined #nixos
<jtojnar>
fzer0: you might need dm to be built with support for it?
<jonreeve>
Stupid question, but how can I install a Haskell package in configuration.nix?
<jonreeve>
(The manual has a guide for how to install them using nix-env, but I just don't know the syntax for putting them in environment.systemPackages)
<fzer0>
jtojnar: hm, i don't have a desktop manager, i am using i3
<Myrl-saki>
jonreeve: Same thing.
<Myrl-saki>
jonreeve: Oh wait.
<Myrl-saki>
jonreeve: By a haskell package, you mean a library?
<jonreeve>
Yep
<Myrl-saki>
jonreeve: environment.systemPackages only modifies PATH, I believe.
<jonreeve>
I don't think I understand
<Myrl-saki>
jonreeve: You use `ghcWithPackages (hpkgs: with foo; [ ... ])`
<jonreeve>
Ok awesome, thanks
<Myrl-saki>
jonreeve: Basically, you can't install a library through environment.systemPackages, because it only adds executable files to the search path.
<Myrl-saki>
(Correct me if I'm wrong anyone)
<Myrl-saki>
jonreeve: Oh yeah, don't forget to add parentheses! `[ foo bar ] and `[ (foo bar) ]` are different.
<kalbasit[m]>
so I have a derivation to make which downloads a bash script from online, make it executable and under bin/. The file itself is the script in clear text so nothing to unpack, how to disable the unpack phase?
fzer0 has quit [Quit: Leaving]
jperras has quit [Ping timeout: 244 seconds]
blankhart has quit [Quit: WeeChat 1.9.1]
<kalbasit[m]>
nvm, it's `unpackPhase="true"`, it makes sense now that I think about it and why empty did not work
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
endformationage has quit [Quit: WeeChat 1.9.1]
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mayhewluke has quit [Ping timeout: 252 seconds]
mayhewluke has joined #nixos
liori has quit [Remote host closed the connection]
DigitalKiwi has quit [Quit: DigitalKiwi]
phreedom_ has joined #nixos
phreedom has quit [Remote host closed the connection]
kendrick_ has joined #nixos
<kendrick_>
Hi all, I'm trying to build pytorch using Nix on a ubuntu instance (with CUDA support). However at the end of the build it fails with the following error code: `impure path `/usr/local/cuda/lib64/libcudart.so' used in link`
<kendrick_>
Any ideas? I did a quick googs and found one relevant link that points it to OpenCV, however I'm not familiar enough to get it working
<ldlework>
Aug 28 00:46:03 logos twmnd-start[22786]: /nix/store/9whnd269xj34wqv14kjaq47v1yywgn3d-unit-script/bin/twmnd-start: line 2: 22788 Aborted /nix/store/5ggw8>
<ldlework>
Aug 28 00:46:03 logos systemd[1]: twmnd.service: Main process exited, code=exited, status=134/n/a
<ldlework>
Aug 28 00:46:03 logos systemd[1]: twmnd.service: Failed with result 'exit-code'.
<clever>
ldlework: line 16 only enables the service if the service is already enabled
orivej has quit [Ping timeout: 252 seconds]
<ldlework>
clever: what's the right way to do it
<clever>
ldlework: it sounds like the binary is crashing, try turning on systemd-coredump to get a coredump
<clever>
ldlework: the if statement on 8 checks to see if enable is set, so you dont have to set it again
<ldlework>
clever: if I just run the script directly it works as expected
rct has joined #nixos
<ldlework>
clever, line 8 is my own guard
<clever>
which is why we need a coredump
<ldlework>
config.MINE.workstation.twmnd.enable
<ldlework>
sure ok
<srk>
also check out journalctl -n 100 -u twmnd.service
<Enzime>
clever: do you know what the difference between using meta.broken and disabled in a derivation is?
<ldlework>
clever: ok i enabled it and rebuilt and restarted the service - it crashed the same way
lostman has joined #nixos
<clever>
Enzime: nope
<clever>
ldlework: now run coredumpctl as root
<clever>
it should list the coredumps and pid's
<clever>
then run coredumpctl gdb <pid>
<clever>
and bt
rfold has joined #nixos
<ldlework>
no coredumps found
<lostman>
hey folks. I'm setting up ccache in one of my derivations and need to find a cache directory. can I use nix for that somehow? to create a persistent directory that ccache can write to somewhere in /nix? otherwise it is a bit hard to do in platform/system agnostic manner
<clever>
ldlework: you may need to add a `ulimit -c unlimited` to the script
<ldlework>
to what script
<ldlework>
twmnd's systemd script= ?
<clever>
yeah
<ldlework>
oh I got a coredump
<ldlework>
clever: your command just spits out some information
<clever>
pastebin the output of bt
<ldlework>
bt?
<srk>
lostman: there's also programs.ccache.enable and programs.ccache.packageNames
<ldlework>
clever: am I supposed to drop into a debugger or something?
<lostman>
srk: I'm just working with nix, not full nixos, so those won't work. I already have the wrapper for my project but the issue is that people using different distros might not have the same directory structure that I chose to follow for location of cache files (/var/cache/ccache)
<lostman>
I'd like nix to create that directory for me somwhere
<srk>
I see
<clever>
ldlework: is this a GUI app?
<ldlework>
clever: yeah, it is a notification daemon
<clever>
ldlework: $DISPLAY isnt set, so the service cant connect to xorg
<ldlework>
clever: is that just set somewhere in the systemd expression
<clever>
ldlework: you probably want a systemd user service, not a system service
<ldlework>
i'll try it
<ldlework>
why's that
<clever>
system services run even if xorg isnt open, and your not logged in
<clever>
user services run per user, as the right user, wtih things like your DISPLAY set right
<ldlework>
i see
<ldlework>
is that as easy as systemd.services.twmnd = { -> systemd.user.services.twmnd = {
<clever>
i think so
<clever>
but i dont use them much
<{^_^}>
[nixpkgs] @aneeshusa opened pull request #45693 → vagrant: mark bundler as system plugin → https://git.io/fA3tK
<emily>
user services don't necessarily get your $DISPLAY. they often run outside of the logind session
<clever>
something in nixos modifies the logind env vars to set that up
lawlesseel has quit [Ping timeout: 250 seconds]
<emily>
hmm, there's "systemctl --user import-environment"... well, I wish it just worked for me at least :p
kendrick_ has quit [Ping timeout: 252 seconds]
<ldlework>
how do I journalctl a user service?
<ldlework>
oh nm
<ldlework>
hmm
<ldlework>
well it didn't core dump this time it just died
<clever>
there is a special reload that is needed to make it re-read service files
<ldlework>
jesus
<ekleog>
hmm, maybe nixos forgets to daemon-reload upon switch the systemd --user? I know it does it for the global systemd, but…
<ekleog>
can try systemctl --user daemon-reload, if that works it's a bug in nixpkgs, I guess
<clever>
ekleog: pretty sure the problem is that nixos-rebuild doesnt want to iterate over every single user
<ekleog>
clever: iterating over running systemd instances could make sense, though?
<clever>
yeah, but it just never got implemented
<ldlework>
it still says the same thing
<ekleog>
ldlework: after sudo systemctl daemon-reload, or after systemctl --user daemon-reload?
<ldlework>
the former - the latter doesn't work
<ldlework>
says failed to connect to bus: No such file or directory
<ldlework>
this is madness
<clever>
thats why i avoid dbus :P
<ldlework>
huh this is nixos saying
<ekleog>
does cat /etc/systemd/user/twnmd.service give the old or the new thing?
<ldlework>
no such file or directory
<ekleog>
clever: that's why I avoided systemd… until I switched to nixos and was forced into it if I didn't want to rewrite all the modules :°
<ekleog>
ldlework: twmnd.service* (made a typo)
trcc has joined #nixos
<ldlework>
ekleog: the new thing
<ldlework>
thank god
<ldlework>
the unit file has not sign of DISPLAY being set btw
<ekleog>
ldlework: ok, so that's just systemd being broken, business as usual. Logging out/in should hopefully refresh the daemon, if systemctl --user daemon-reload doesn't do it :)
* ldlework
groans
<ekleog>
the error in systemctl --user daemon-reload is quite weird, though (did you check you didn't sudo it?)
<clever>
ekleog: yeah, i also tried to avoid systemd
<ekleog>
so if you don't want that happening to other people, it's likely possible to add an activation script that daemon-reload's the user systemd's at the same time as the master systemd is daemon-reload'd :)
<ldlework>
sure but the service still doesn't even work
<ldlework>
/nix/store/cab6j5v049rh7pnc3v6k96h7hv8cw2a6-twmnd-runner/bin/twmnd-runner works if I just run it directly
<ekleog>
can you paste it and check it's chmod a+x?
<ekleog>
let pseudoTemplate = file: writeFile "''${builtins.readFile file}''"; in import (pseudoTemplate ./my/file.notnix)
<ekleog>
(missing the in)
thc202 has quit [Ping timeout: 244 seconds]
<ekleog>
cc ldlework (but please don't really use that, that sounds gross, at the very least)
<ldlework>
lol
thc202 has joined #nixos
orivej has joined #nixos
<ekleog>
you can pass arguments with let pseudoTemplate = file: args: writeFile "${args}:''${builtins.readFile file}''"; in import (pseudoTemplate ./my/file.nix "{arg1, arg2}") { inherit arg1 arg2; }
<ekleog>
but that's just going down the stream of madness
<ekleog>
actually it's even possible to remove that second argument \o/
Xal has joined #nixos
<ekleog>
let pseudoTemplate = file: writeFile "args: with args; ''${builtins.readFile file}''"; in import (pseudoTemplate ./my/file.nix) { inherit arg1 arg2; }
* ekleog
currently hesitating to use this for real…
logzet has joined #nixos
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
<{^_^}>
[nixpkgs] @Mic92 merged pull request #45693 → vagrant: mark bundler as system plugin → https://git.io/fA3tK
<Turion>
srhb: Maybe I've missed something there. What's the proposed solution? Execute as root? (That's what I'm doing now anyways, fingers crossed)
<srhb>
Turion: Following along with this seems like it might work for either case. It looks like you can then override cdrtools with null and then make a security wrapper for it: https://github.com/NixOS/nixpkgs/pull/44268
<{^_^}>
#44268 (by Yarny0, 3 weeks ago, open): k3b: separate wrapper derivation to easily override cdrtools (e.g. with cdrkit)
<srhb>
Turion: I meant the PR in the bottom, linked above. :)
<Turion>
Oh yes, that
<Turion>
Maybe I'm too lazy or understand too little, but it feels like an enormous effort to me to build k3b from that PR
<srhb>
It's certainly not cost-free compared to it just being in a channel. :)
<Turion>
Ah well, I burn a CD every other month... and that one is burned now. Bless su. Maybe the next time I'm burning one the PR is already merged :P
<srhb>
Turion: Feel free to push for its inclusion. 18.09 freeze is coming up very soon.
__Sander__ has quit [Ping timeout: 272 seconds]
__Sander__ has joined #nixos
asymmetric_ has quit [Ping timeout: 244 seconds]
<kisik21>
What is a good example of Qt5 derivation in Nixpkgs that uses QtWebEngine and QtQuickControls2?
<alezost>
hello, I have written an Emacs interface for Hydra <https://github.com/alezost/build-farm.el>. Is there any mailing list where I can send announcement for it?
<kisik21>
By the way, does our QtWebEngine in nixpkgs have proprietary codecs enabled?
<pie_>
alezost, im pretty sure there is
<alezost>
pie_: thanks, I would like to know what it is :-)
<{^_^}>
[nixpkgs] @kamilchm opened pull request #45698 → Show the filename on unsupported shebang error. → https://git.io/fA38e
<pie_>
alezost, i dont use them so i dont know xD
eren has quit [Ping timeout: 272 seconds]
<pie_>
hm weird, its not listed on the community page
<ldlework>
how do I fully print a structure in nixrepl?
<hyper_ch2>
is there somehow an easy howto on (a) forking a repo (b) cloning down the forked repo (c) creating branch in cloned down forked repo (d) push commits in branch to forked repo (e) pull updates on original repo to forked repo?
<srhb>
hyper_ch2: Everything from a-d is just business as usual, exactly as you described
<srhb>
hyper_ch2: e) just requires adding a remote to the original
<srhb>
hyper_ch2: Using nixpkgs as an example, git remote add upstream git@github.com:NixOS/nixpkgs.git
<ldlework>
srk: what does :p do
<hyper_ch2>
srhb: and then suddenly when I want to push stuff it tries to add them to nixos/nixpkgs instead of my fork
<srhb>
hyper_ch2: Only if you set the remote tracking branch to upstream instead of origin (if that's the name of your fork)
<hyper_ch2>
srhb: I didn't set anything
<hyper_ch2>
srhb: this seems to cause a lot of issues: git remote add upstream git@github.com:NixOS/nixpkgs.git
<srhb>
hyper_ch2: I don't know exactly what you did, but _somehow_ you got the branch to track upstream instead of origin by default, for instance by checking out a branch that doesn't exist in origin.
<srhb>
hyper_ch2: You can just push to origin explicitly to avoid it.
<srhb>
hyper_ch2: eg. git push --set-upstream origin HEAD
<hyper_ch2>
srhb: I need step by step commands
<srk>
ldlework: :help
asymmetric has quit [Ping timeout: 252 seconds]
<srhb>
hyper_ch2: I'm sure there's a git guide out there somewhere that describes the method in steps, but I don't have a link handy.
<srhb>
The steps you described seem right to me.
<hyper_ch2>
srhb: well, starting fresh now, forked nixpgks to my github account... cloning it down again now
<srhb>
Sounds good.
carlosdagos has quit [Quit: Connection closed for inactivity]
<hyper_ch2>
well, still deleting the borked local copy before cloning down
trcc has joined #nixos
trcc has quit [Read error: Connection reset by peer]
trcc has joined #nixos
<hyper_ch2>
poor disks on home server are moving 200GB data around currently
<ldlework>
how do you get a specific element of a list?
<ldlework>
by index?
<srhb>
ldlework: I don't think there's a helper for that. Remember that lists are immutable, so the basic method is to cut up the list and make a new one with that element replaced.
<Twey>
Lots of posts, e.g. https://ariya.io/2016/06/isolated-development-environment-using-nix , suggest using `env = buildEnv …` to mkDerivation when building a development environment for use with nix-shell. Why is that? As far as I can tell `env` has no special meaning to mkDerivation, right?
<Profpatsch>
Do we have a standard way of sourcing bash/fish… completions inside a nix shell?
<{^_^}>
[nixpkgs] @Mic92 pushed 2 commits to master:
<Profpatsch>
If not, would it make sense to automatically source them by default when entering a nix shell?
<hyper_ch2>
srhb: still here?
<Mic92>
completion is only loaded as part of nixos modules
<cmcdragonkai>
Will we ever have go libraries brought into Nixpkgs similar to python packages, hackage... etc?
<Mic92>
I would not try to load them by default, but when a special hook package is added.
thibm has joined #nixos
<Mic92>
cmcdragonkai: I think we stepped back from that.
<srhb>
hyper_ch2: On and off. Working now. :)
<cmcdragonkai>
Mic92: Why was that?
<hyper_ch2>
srhb: so, I did now create the branch and made changes to it... how do I push the branch to my fork now?
m0rphism has quit [Quit: WeeChat 2.0]
<srhb>
hyper_ch2: git push --set-upstream remote-name-of-your-fork HEAD(/remote name of your branch)
<Mic92>
cmcdragonkai: there is no libary sharing between go programs and go compiles fast. So the only advantage would be some override mechanism.
<etu>
Is there any good way to show the options from home-manager in a man-page like "man configuration.nix"?
mayhewluke has quit [Ping timeout: 252 seconds]
<Mic92>
nix2go also is less hassel then maintaining python packages.
<srhb>
hyper_ch2: If you cloned your fork, the remote name is probably origin
<cmcdragonkai>
Mic92: What do you mean by library sharing? And wouldn't there also be the advantage of having more deterministic builds, since right now it requires creating a custom fixed output derivation list that may fail due to upstream changing things.
<cmcdragonkai>
Mic92: I guess upstream changing things would still be a problem right now, since upstream can still be flaky in the current nixpkgs.
mayhewluke has joined #nixos
<srhb>
hyper_ch2: -u is just shorthand.
<Mic92>
cmcdragonkai: buildGoPackage is already deterministic as far as I know.
<Mic92>
and sources are cached.
<Mic92>
shared libaries instead of static libraries
<Mic92>
cmcdragonkai: you mean applying patches?
<hyper_ch2>
srhb: ok, that works.... so in a few days (well, less than that), there will be more commits to Nixos/nixpkgs. How do I get those now into my fork on github and my clone on the home server?
philippD has joined #nixos
<cmcdragonkai>
Mic92: They are static only in the sense that all of their source code is composed together to be compiled.
<cmcdragonkai>
Mic92: I mean that derivations that rely on upstream addresses like https://github.com is itself assuming the internet is reliable, which it isn't
<srhb>
hyper_ch2: In short, it prevents accidental merge commits.. But you shouldn't make changes to master anyway, probably.
iyzsong has joined #nixos
<Mic92>
go also tries to rebuild packages, so pre-compiling and storing those in the nix store can also break things.
<cmcdragonkai>
Mic92: Hydra caches upstream sources? I suppose it can, but if I try to evaluate the expression directly on my computer, it can still fail because the upstream source is gone.
<Mic92>
cmcdragonkai: but this also happens, if your packages are not in nixpkgs.
<hyper_ch2>
srhb: thx
orivej has quit [Ping timeout: 276 seconds]
<srhb>
hyper_ch2: And remember, any changes you push to feature branches on your fork that has a PR already will be reflected on that PR. (Meaning, use one branch per PR)
<hyper_ch2>
srhb: after merging I can just remove my custom branch, right?
<srhb>
hyper_ch2: Yes, and github will give you a button to do just that.
<{^_^}>
[nixpkgs] @Profpatsch opened pull request #45702 → bazel: add upstream patch of perl replacement → https://git.io/fA3Kf
alexteves has joined #nixos
rprije has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixpkgs] @dtzWill opened pull request #45703 → e2fsprogs: fix w/musl, __GNUC_PREREQ is glibc-ism → https://git.io/fA3iU
<srhb>
hyper_ch2: I think it's confusing to call it nixos-master. The repository is called nixpkgs. I could not recommend using git add -A or commit -a. Recommend actually adding the modified files explicitly. Explain <branchname>. No read opinion on deletion (I would skip those instructions). Remember --rebase in pull
<{^_^}>
[nixpkgs] @manveru opened pull request #45705 → ruby: default to version 2.5 → https://git.io/fA3P1
<srhb>
If this is a nixpkgs specific guide I would also recommend information on how to add a channels remote, like in our guide, since it's easier to build from nixos-unstable rather than master.
iyzsong has joined #nixos
johanot has quit [Quit: leaving]
liori has joined #nixos
<hyper_ch2>
srhb: no, that's right for me
<hyper_ch2>
srhb: it's for me in the future
<srhb>
Okay. :)
<hyper_ch2>
need to add the rebase
<hyper_ch2>
srhb: ok, assume I run git pull --rebasse upstream master .... how would I now push it to my fork on github? git push origin?
<srhb>
hyper_ch2: Out of curiosity, why do you want to do that?
<hyper_ch2>
srhb: why do I want what?
<srhb>
To push the changes from upstream master to your fork
<srhb>
(But same method, use -u if it's not tracking that branch by default)
<hyper_ch2>
srhb: why wouldn't I want to push changes from upstream master to my fork? Isn't that the sensible thing to do?
<srhb>
Personally I have my local master branch tracking upstream rather than origin, because I don't care what's on my fork's master branch.
<srhb>
I never use that branch
alex`` has joined #nixos
<hyper_ch2>
srhb: but I do :(
silver has joined #nixos
<srhb>
Yeah, hence my curiosity: What do you use it for? :)
<nefix>
The thing is that I'm creating a home-manager module, so I have no clue how to do that
alex`` has quit [Ping timeout: 244 seconds]
<nefix>
Oh wait a sec
<ZoomZoomZoom>
Hi everyone. Is bcachefs kernel broken for anyone? I think there was a bug that Kent seems to have fixed a few days ago, which prevents me from booting.
alex`` has joined #nixos
orivej has joined #nixos
<hyper_ch2>
srhb: thx for the help
<philippD>
Is there a way to detect the current verbosity level inside a buildPhase script?
<ilikeheaps>
Oh right, makes sense. Although it would also make some sense to be able to `nixos-rebuild boot` for a different architecture but maybe it's too niche case
<Mic92>
philippD: probably because meta is defined in trivial-builders
Yaniel has quit [Ping timeout: 244 seconds]
Yaniel has joined #nixos
revtintin has joined #nixos
timj1 has quit [Ping timeout: 244 seconds]
<{^_^}>
[nixpkgs] @dezgeg pushed to master « nixos/zabbix-agent: Make the Zabbix package user-configurable »: https://git.io/fAsvv
<philippD>
I have written a `mkPandoc` nix function that creates pdfs using pandoc. Where should I put that on my nixpkgs? Should I just stick it on the top level pandoc package?
timj has joined #nixos
globin has joined #nixos
<nefix>
Where do you store your own nixpkgs tree? I'm trying to add a package, but I don't understand what's the point of having the whole custom tree if you want to be locked in a specific version of NixOS
graphene has quit [Remote host closed the connection]
<sphalerite>
nefix: not sure what you mean. You can use overlays to somewhat decouple your stuff from nixpkgs, or you can have a git checkout with your own commits on top and rebase that on your upstream branch of choice to update
<sphalerite>
(or merge the upstream branch in for better history preservation)
graphene has joined #nixos
graphene has quit [Remote host closed the connection]
MarkRBM has joined #nixos
graphene has joined #nixos
<nefix>
Hmm, that's a lot of work for having just a package
mayhewluke has quit [Ping timeout: 244 seconds]
mayhewluke has joined #nixos
nschoe has joined #nixos
hyper_ch2 has quit [Quit: Page closed]
<sphalerite>
nefix: an overlay isn't much work.
<nefix>
I mean. I want to add a package that it's not in the "repo"
<sphalerite>
yes
<nefix>
I was following the manual and I'm clonning the nixpkgs repo
<sphalerite>
make an overlay like self: super: {foo = super.stdenv.mkDerivation {…};}
<nefix>
The thing is that then I need to point the "nix repo" to my nixpkgs
<genesis>
why you don't let him contribute to nixpkgs ?
<sphalerite>
then you'll have foo in your nixpkgs scope without touching the upstream nixpkgs stuff
<sphalerite>
you only need to follow as it says in the manual if you want to contribute your package upstream, which is of course a good thing too
<nefix>
Could you elaborate that a bit more?
<nefix>
genesis: I want to contribute to nixpkgs too
<Lears>
I'm building a haskell executable that uses ghc-paths, but it's not getting a ghc that has the correct libraries, even when those libraries are explicitly added to both libraryHaskellDepends and executableHaskellDepends. Does anyone know how to make ghc-paths and nix play nicely?
<timokau[m]>
Is there something like NIX_BUILD_CORES for available memory?
<Lears>
Wait no, ghc-paths would be used indirectly through dyre, but looking at the patch for dyre on nixpkgs ghc-paths is replaced with $NIX_GHC...
<{^_^}>
[nixpkgs] @globin merged pull request #45451 → systemd: ensure fsck Requires/After links are created in mount units → https://git.io/fATuT
<{^_^}>
[nixpkgs] @globin pushed commit from @jerith666 to master « systemd: ensure fsck Requires/After links are created in mount units »: https://git.io/fAsTS
logzet has quit [Remote host closed the connection]
<sphalerite>
timokau[m]: That would be amazing, but no. Memory usage is nondeterministic and unpredictable
silver_ has joined #nixos
endformationage has joined #nixos
silver has quit [Ping timeout: 244 seconds]
abueide has quit [Remote host closed the connection]
abueide has joined #nixos
abueide has quit [Remote host closed the connection]
booglewoogle has joined #nixos
graphene has quit [Remote host closed the connection]
<booglewoogle>
hey, does anyone here use ghc-mod? I'm encountering errors trying to install it (https://pastebin.com/qzaCXYe4)
graphene has joined #nixos
xorkle has joined #nixos
jperras_ has joined #nixos
xorkle has quit [Client Quit]
jperras has quit [Ping timeout: 276 seconds]
xorkle has joined #nixos
jperras has joined #nixos
<timokau[m]>
sphalerite: Most of the time yes. But in the sage docbuild you can actually configure the amount of memory available, so I was wondering if I can make use of that
<sphalerite>
timokau[m]: do you have to? Arguably you could use free or something to determine the amount available, but that will vary depending on other stuff running as well. In any case, nix doesn't have a facility for it
lassulus has quit [Ping timeout: 244 seconds]
jperras_ has quit [Ping timeout: 252 seconds]
<timokau[m]>
sphalerite: No, just would be nice. Especially since it uses tons of memory. Yeah just determining global memory wouldn't be as nice as having a nix variable. Anyways, probably not worth adding one.
<booglewoogle>
okay, if nobody's using ghcmod: any haskellers here using vim and got some form of autocompletion engine working?
revtintin has quit [Quit: WeeChat 1.9.1]
<booglewoogle>
trying to set something up that i can use for a while and ghc-mod was mentioned a lot when i researched useful plugins
<viric_>
hm I'm having troubles with nixos-install
viric_ is now known as viric
<viric>
systemd.logind times out
<philippD>
Is there a way to get a derivations src attribute from the command line? I know you can call `nix repl file.nix` and then `src` inside the repl but I want a single command that does that
<viric>
and then I don't get any login
<viric>
I enabled the systemd log debug in console and that's how I knew about the timeout
<fresheyeball>
and I get warning: unable to download 'https://mycache.io/nix-cache-info': SSL peer certificate or SSH remote key was not OK (51); retrying in 2052 msn
<fresheyeball>
what could be wrong here?
<fresheyeball>
I can ssh into the box with the cache no problem
<fresheyeball>
Oh yeah, I read this, but then forgot about it
kisik21 has joined #nixos
orivej has joined #nixos
exarkun_ has quit [Read error: Connection reset by peer]
ixxie has joined #nixos
<fresheyeball>
mightybyte: so your method is using substituters
<fresheyeball>
I want o use trustedBinaryCaches
<fresheyeball>
to*
nschoe has joined #nixos
<mightybyte>
I think everything I wrote there should still apply.
<ixxie>
gchristensen: was it you who praised the virtues of nixopsing the machine you deploy from?
<gchristensen>
I don't do that, no
<gchristensen>
seems weird to me :)
<fresheyeball>
I get `error: writing to file: Broken pipe`
<fresheyeball>
when using ssh://root@mycache.io
Twey has quit [Ping timeout: 268 seconds]
<mightybyte>
fresheyeball: Try using my method exactly as described, and then switch to trustedBinaryCaches after you get that working.
<elvishjerricco>
mightybyte: trustedBinaryCaches -> trusted-substituters. This is not the best way to establish trust on a cache.
exarkun_ has joined #nixos
<fresheyeball>
elvishjerricco: why? Its a private cache
<elvishjerricco>
It's better to use binaryCaches (-> substituters), sign the paths on the cache, and add the public key to binaryCachePublicKeys (-> trusted-public-keys)
exarkun_ has quit [Read error: Connection reset by peer]
<elvishjerricco>
If the server becomes corrupt, or worse, compromised, then the signature verification will catch it
<elvishjerricco>
s/will/can/
Twey has joined #nixos
<elvishjerricco>
fresheyeball: That said, I don't have any idea how to use nix.sshServe :P
ilikeheaps has quit [Ping timeout: 264 seconds]
baimafeima has joined #nixos
<elvishjerricco>
I would have guessed you'd need `ssh://` rather than `https://`, but I dunno
orivej has quit [Ping timeout: 245 seconds]
<fresheyeball>
elvishjerricco: yeah ssh://root@ is what mightybyte has in his tut
<fresheyeball>
but really I want to understand why you are opposed to the trustedBinaryCaches approach
<elvishjerricco>
fresheyeball: Because if a path is somehow corrupt, you won't know
<fresheyeball>
elvishjerricco: what do you mean by corrupt, and why would I not know?
exarkun__ has joined #nixos
ZoomZoomZoom has quit [Read error: Connection reset by peer]
orivej has joined #nixos
<elvishjerricco>
Say a bit flips on the disk on the server, changing the path without Nix's permission. When you download that path, you won't know that it's wrong and that the program you just downloaded has an invalid instruction (or worse, a wrong instruction)
<fresheyeball>
elvishjerricco: as the owner of the server, I am just not concerned about that
baimafeima has quit [Quit: Leaving]
jeschli has joined #nixos
<elvishjerricco>
fresheyeball: Ok. There's still some security concern, e.g. in the event that someone gains non-root access to the server. It doesn't really seem any harder to me and you get some nice guarantees as a result.
<fresheyeball>
elvishjerricco: ok then
<cocreature>
you’re not concerned about disk failures on your server?
<fresheyeball>
cocreature: how would that cause a wrong binary to download?
fzer0 has joined #nixos
<elvishjerricco>
by corrupting the file?
<cocreature>
exactly
<fresheyeball>
ok, I see
<fresheyeball>
signing prevents this
<elvishjerricco>
So what's the error you get when trying to use `ssh://root@...` again?
<jonreeve>
If I have a python package downloaded locally with git, and it has a setup.py file, can I try it out real quick using nix-shell?
<{^_^}>
[nixpkgs] @qolii opened pull request #45713 → nbd: 3.17 -> 3.18. Also, add which to buildInputs (needed by test pha… → https://git.io/fAsn0
<elvishjerricco>
fresheyeball: I think that means it's working?
<fresheyeball>
right I think so too
* gchristensen
isn't sure
<elvishjerricco>
I bet the problem is that the Nix daemon doesn't have SSH access to the machine. e.g. it either needs the private key, or it needs to add it as a known host
<mightybyte>
Yes
<mightybyte>
Read my tutorial
<mightybyte>
On mac you have to set up an SSH key for the root user.
<elvishjerricco>
Yea, because the daemon runs as root
<fresheyeball>
mightybyte: oic
<fresheyeball>
elvishjerricco: is there an "option" for adding known hosts to root?
<elvishjerricco>
probably...
<mightybyte>
I got around that be just sshing directly to the cache once.
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
<srhb>
gchristensen: fresheyeball: The argument to ping-store needs --store if not the local store (and no output with return value 0 is just "success")
jperras has quit [Quit: WeeChat 2.2]
<fresheyeball>
srhb: I used --store
Twey has quit [Ping timeout: 245 seconds]
<manveru>
great... the live disk gives a kernel panic :|
exarkun__ has quit [Ping timeout: 264 seconds]
exarkun__ has joined #nixos
<fresheyeball>
I can confirm the following does not error
<{^_^}>
[nixpkgs] @xeji opened pull request #45716 → dwm-git: init at 20180602 → https://git.io/fAsVy
timj has quit [Ping timeout: 264 seconds]
Drakonis has joined #nixos
seanparsons has quit [Quit: ZNC 1.6.5 - http://znc.in]
seanparsons has joined #nixos
ixxie has quit [Quit: Lost terminal]
booglewoogle has joined #nixos
mikky has quit [Quit: WeeChat 1.0.1]
hlolli has joined #nixos
nikivi has quit [Quit: ZNC is awesome]
nikivi has joined #nixos
<booglewoogle>
hey! i want to change my vconsole keyboard layout to a custom one. the old way of specifying it in vconsole.conf doesn't work obviously, and I didn't find a corresponding option.. someone know this offhand?
<adamantium>
hi, im in the process of writing some install scripts to bootstrap my personal nixos workstations. It handles filesystems and partitioning and things, to prep for bootstrap of my configuration.nix. I also use a modular configuration.nix, and I cannot figure out how to execute my files using "nixos-install" it does not seem to import my imports.
<adamantium>
I guess I'm asking if anyone has run across this, this, nixos-install not importing your imports.
Mateon1 has quit [Remote host closed the connection]
<gchristensen>
how are you pointing nixos-install to your imports?
nikivi has joined #nixos
woffs has quit [Ping timeout: 264 seconds]
<joko>
adamantium: have you updated /mnt/etc/nixos/configuration.nix to import your files? Have you copied them to /mnt/etc/nixos?
<adamantium>
gchristensen: joko: I believe I did have things pointed corectly, But let me confirm with you guys that I understand the procedure corectly. You're saying that /mnt/etc/nixos/configuration.nix imports must point to imports that are within /mnt/ , and finally that nixos-install will be able to bootstrap it all in one-shot. correct?
<gchristensen>
right
<adamantium>
I will just have to keep trying then
<adamantium>
thanks
stanibanani has quit [Ping timeout: 244 seconds]
<adamantium>
do relative path imports matter?
Mateon1 has joined #nixos
<adamantium>
Well they work on my already installed machine, so that must not be it.
<{^_^}>
[nixpkgs] @Mic92 closed pull request #36156 → cpp_ethereum: mark as broken → https://git.io/vAMmp
<{^_^}>
[nixpkgs] @Ericson2314 opened pull request #45717 → treewide: Deprecate platform aliases for 18.09 → https://git.io/fAsP7
civodul has joined #nixos
<{^_^}>
[nixpkgs] @xeji merged pull request #45415 → virtualbox: Change the virtualbox tests to not build the unfree tests by default → https://git.io/fAJwu
<{^_^}>
[nixpkgs] @xeji pushed commit from @cdepillabout to master « virtualbox: Change the virtualbox tests to not build the unfree tests by default. (#45415) »: https://git.io/fAsX3
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « armadillo: 8.600.0 -> 9.100.5 (#45266) »: https://git.io/fAs9V
nbardiuk has joined #nixos
<leotaku>
When trying to deploy to my nixops-managed server I get an "unknown serve command 9" error, does anyone know how to fix something like that?
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Ariakenom has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @jtojnar pushed to master « deadbeefPlugins.headerbar-gtk3: init at 1.2 »: https://git.io/fAsHX
<johnny101>
Hi all. Simple question I'm probably overlooking the answer to or approaching wrong: for packages installed declaratively in a nixos user environment with config.nix and a buildEnv call, how can I check for available updates for the packages listed in that buildEnv similar to doing `nix-env -u --dry-run` to check for upgrades available for imperatively installed packages?
<nikivi>
npm config set prefix '~/.npm-global' worked
<nikivi>
I was thinking it would be nice to have a tool that you can install anything with nix
<kalbasit[m]>
personally, I use `npx` for temporary executions, and `shell.nix` combined with `direnv` for fixed project dependencies
<nikivi>
since there is automation converion of npm with node2nix and go2nix and so on
<nikivi>
its annoying to have to do it manually
<kalbasit[m]>
nikivi: true, sometimes packages are not as simple as buildGoPackage that's why it's not automated
<leotaku>
nikivi: yeah, the problem is that node packaging (python also) is somewhat nonstandard.
Drakonis has quit [Remote host closed the connection]
<leotaku>
Does anyone here know what I could do to fix my problem with nixops?
__monty__ has joined #nixos
mayhewluke has quit [Ping timeout: 252 seconds]
mayhewluke has joined #nixos
<johnny101>
clever: thank you! The output from that shows what derivs will be built and what paths will be fetched to replace outdated software, but it doesn't show a clear version comparison summary that `nix-env -u ...` does, such as "upgrading 'firefox-61.0.1 to firefox-61.0.2'. Any way to do that? Maybe not since it's rebuilding and not upgrading. That version summary info from the nix-env -u command is handy to
<johnny101>
have.
__monty__ has quit [Quit: Lost terminal]
<clever>
johnny101: there is no difference between installing and updating
ilikeheaps has joined #nixos
<clever>
johnny101: but there is a change you can do to get that data back, use a bare set instead of a buildEnv
<clever>
johnny101: just do mystuff = { inherit (pkgs) firefox chromium; }; in your override
<johnny101>
ok, thanks -- will try. appreciate the feedback!
<clever>
if you try to nix-env -iA a set, it will install every package in the set, and they are installed "normally" so they show up in nix-env -q and can be updated/removed seperately
<nikivi>
kalbasit[m] how did you get npx installed?
<kalbasit[m]>
nikivi: it's part of nodejs
<kalbasit[m]>
`nix-shell -p nodejs-8_x`
<johnny101>
clever: great, thanks. That should do it then.
<clever>
Thra11: yeah, id say thats wrong, the url doesnt match the version
<leotaku>
The problem I am having seems to be with nix-copy-closure, it copies some files fine, but after copying "(hash)-nixos-versoin" it fails with "error: unknown serve command 9"
v0|d has joined #nixos
<leotaku>
*version
<Thra11>
clever: indeed. I can only assume that the previous sha256 was wrong, as it seems to build with that url and the new sha256
<clever>
leotaku: your nix version is too new, you need to temporarily put the same nix version as the remote end in PATH
<clever>
Thra11: then why was the version= bumped?
<v0|d>
hello, looking 4 a doc to encrypt swap, can't find it on wiki.
<Thra11>
clever: I assume they meant to bump the version and assumed the url contained ${version} or something
<clever>
Thra11: yeah
<v0|d>
clever: any ideas why serpent is the default cipher?
<v0|d>
4x4 sboxs:)
<clever>
v0|d: thats an example, not the default
<v0|d>
see.
<v0|d>
and I get a full list of ciphers from..
<v0|d>
luks?
<ashkitten>
uh, idk if there's a fontconfig channel or something but i figured i'd just ask here: `<edit name="pixelsize" mode="assign"><name>size</name></edit>` gives me `Fontconfig warning: ... saw range, expected number` but i can't figure out why? it works just fine so i guess it doesn't matter, but yeah.
<clever>
v0|d: `Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine`
<ashkitten>
oh wait
<ashkitten>
never mind
<ashkitten>
sorry
<ashkitten>
fml
aanderse has joined #nixos
* emily
suggests not running "cryptsetup benchmark" to see which one is fastest, because that's a terrible way to pick.
* emily
suggests keeping the default.
<samueldr>
emily: depending on the attack surface, let's say I'm working against opportunistic thieves looking at the disk, why wouldn't I choose the fastest?
<samueldr>
not knocking on the suggestion, genuinely curious as I chose it that way
<maurer>
samueldr: Are you considering only theft, or is surrepetitions modification in your threat model?
<v0|d>
um, how do I specify the keysize? with the -plainXXX suffix?
<emily>
samueldr: they're all more than fast enough; there's no reason to compromise on security by making arbitrary performance metrics your criteria.
<samueldr>
maurer, I'm stopping a opportunistic thieving
<emily>
Serpent is probably a fine cipher.
<v0|d>
lets say Im gonna use aes-xts with 256b keysize.
<emily>
if you really want to use it, you can pick it because you like it, but performance on a synthetic microbenchmark is not a good reason.
<emily>
and I wish such suggestions weren't included as part of documentation for security features :(
<v0|d>
emily: what makes you think serpent is better than aes?
<emily>
I don't.
<v0|d>
see.
HarpoRoeder has joined #nixos
<leotaku>
clever: thanks, that worked!
<maurer>
imo aes if you gotta go fast (cpu acceleration), twofish or serpent if you don't trust the gubberment and/or intel
<v0|d>
maurer: there was a serpent ext in cpu, am I wrong?
<maurer>
twofish has the advantage of being by bruce schneier if you're a fanboy, serpent has a bit simpler construction
<v0|d>
maurer: :) look for the author of serpent.
<emily>
if you don't trust AES-NI you have much bigger problems
<maurer>
v0|d: I am not aware of a serpent acceleration
<maurer>
emily: Yeah, I use aes-xts-512
<v0|d>
um how do I specify the keysize?
<v0|d>
like aes-xts-512? or aes-xts-plain512?
goibhniu has quit [Ping timeout: 244 seconds]
<maurer>
v0|d: Just use the default
<maurer>
which will be aes-xts-plain64, 256-bit key
<maurer>
Me using 512 was me being dumb, but it's a pain to change it
<maurer>
You won't have more than 256-bits of entropy in your passphrase, so a bigger key won't help you
<{^_^}>
[nixpkgs] @lopsided98 opened pull request #45722 → nixos/networkd: fix range assertions on 32 bit Nix → https://git.io/fAsNi
<seku>
i wonder, is there ever a reason against AES?
<maurer>
(unless you're intending to use a keyfile - I'm assuming you're going to use LUKS and a KDF
hamishmack has joined #nixos
<seku>
i mean, China seems to be implementing their own stuff into their AMD/Power9 stuff.
<v0|d>
maurer: I see. I am still not sure what plain64 means.
Thra11 has quit [Ping timeout: 240 seconds]
<emily>
seku: if you don't have AES acceleration on your CPU then you might prefer ChaCha20 or such.
<emily>
on non-Intel platforms, e.g.
<emily>
it's a commonly used TLS cipher for that reason.
<maurer>
v0|d: It refers to the IV generation mechanism
<seku>
ofc. just curious why wireguard went for ChaCha20 instead of AES
nbardiuk has quit [Ping timeout: 245 seconds]
<emily>
one is a block cipher and one is a stream cipher, so they're a bit different. but the nice thing about chacha20 is that it's fast without any CPU acceleration
<seku>
(genuine curiosity, i suppose so lesser, without-AES acceleration stuff can do throughput)
<emily>
and software implementations are less prone to side channels
<emily>
software implementation of AES is non-trivial
<v0|d>
maurer, emily wonderful help, I got it now.
<v0|d>
emily: um, implementing AES in asm is pretty straight-forward, no?
<infinisil>
There's #nixos-chat specifically for offtopic stuff btw :)
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<koselig>
I'm getting an error trying to run nixos-rebuild --upgrade boot but getting the error "cannot compare an integer with a string", anyone know if there's a known fix for this?
<koselig>
using the unstable branch
<clever>
koselig: what does it output if you use --show-trace and can you pastebin your configuration.nix?
<elvishjerricco>
Is there a way to provision swap space as a resource with nixops? I can't deploy my config to a new machine because it only has 1G of memory. It'd be nice if I didn't have to bootstrap it by adding a swapfile manually.
ericsagnes has quit [Ping timeout: 264 seconds]
<clever>
koselig: it looks like a bug within systemd.network, until its fixed you will want to set its enable to false
<koselig>
clever: sweet, let me try that quick
<{^_^}>
[nixpkgs] @xeji merged pull request #45722 → nixos/networkd: fix range assertions on 32 bit Nix → https://git.io/fAsNi