<clever>
and its already 1.7.1 on master and unstable
hakujin has joined #nixos
<tobiasBora>
Hello,
<jasongrossman>
clever: Thank you, but I was wondering rawtaz's question, not bb010g's.
<clever>
oops, didnt read it that closely
<jasongrossman>
clever: Questions in IRC need identifiers! I've been thinking of starting each new question with some sort of unique tag!
<jasongrossman>
(I'm not serious, if only because questions often overlap.)
<tobiasBora>
I'd like to know, I just configured ssmtp to fake sendmail using the following simple code: http://paste.debian.net/1043205
<clever>
jasongrossman: i have sometimes answered a question with a pastebin of a convo from 2 hours prior :P
<jasongrossman>
clever: Awesome!
hakujin has quit [Ping timeout: 246 seconds]
<tobiasBora>
for now, it works great, except that the mails are send from root@mydomain.com instead of tobias@mydomain.com
<tobiasBora>
I would expect the line "root = "tobias@mydomain.one";" to solve this issue, but obviously, it's not
<clever>
tobiasBora: i think thats only for incoming mail
<clever>
tobiasBora: is a from: header being set when talking to ssmtp?
<tobiasBora>
clever: no I just use the default from that ssmtp may add
<clever>
tobiasBora: are you connecting to port 25 on localhost or piping it into the sendmail binary?
<tobiasBora>
clever: I don't get what's the point of incoming mails. Isn't ssmtp supposed to deal only with outcoming mails?
<tobiasBora>
clever: I'm using: echo -e "Subject: First mail ssmtp\n\nthis is the first email sent using ssmtp on my rasp\n" | ssmtp -vv myemail@gmail.com
<jasongrossman>
tobiasBora: On consumer equipment, which isn't switched on all the time, smtp is for outgoing mails, but on servers it's used in both directions.
<clever>
tobiasBora: and which user is ssmtp being ran as?
<tobiasBora>
jasongrossman: oh yes I see, thanks
<tobiasBora>
clever: root
<tobiasBora>
so I guess that's why it's using root@mydomain.com
<clever>
yeah
<tobiasBora>
but the thing is that I've only one available email adress
<tobiasBora>
so if people answer back to root@mydomain.com, the mail will just vanish
<tobiasBora>
I saw some people talking about the file /etc/ssmtp/revaliases
<jasongrossman>
tobiasBora: By the way, in the past I've had gandi reject email from IP addresses it didn't like. At the moment gandi SMTP is working fine for me, but I recommend not relying on it too much.
<jasongrossman>
tobiasBora: I wish I knew ANY free server that would accept SMTP from my machine reliably, but I don't. Maybe not surprisingly - they're all worried about relaying spam.
<tobiasBora>
jasongrossman: you mean to receive mail right? It's good to know. I'm curious to know if you have some nice providers. And also, if you have your own server that deals with incoming emails, it shouldn't be a problem right?
<jasongrossman>
tobiasBora: I mean to send mail from my machine to the rest of the world.
<tobiasBora>
jasongrossman: oh I see
<tobiasBora>
yes, spam seems to be quite a big issue
<jasongrossman>
tobiasBora: For incoming mail, I very much like dismail.de, but dismail won't let me use my own domain name on outgoing mail.
<jasongrossman>
tobiasBora: I run that (Simple Nixos Mailserver) on a server, and it's fine, but I still have a problem ...
<jasongrossman>
tobiasBora: ... which is that I'm not confident that I can keep ahead of the arms race in which the mail servers that I need to talk to refuse mail from addresses they don't trust, and that's why I send my mail via gandi. Which is also working fine at the moment but has failed sometimes in the past.
<tobiasBora>
jasongrossman: wooo, this script basically configures all the tools to have a full working server right?
<jasongrossman>
tobiasBora: Exactly. It's the Holy Grail.
<tobiasBora>
amazing ^^
<jasongrossman>
tobiasBora: Except for that one remaining problem of other servers not trusting your address. It attempts to solve that with DKIM etc., but I'm not confident it has a long-term solution.
<jasongrossman>
tobiasBora: Yes, it is amazing!
<jasongrossman>
tobiasBora: Gandi solves the trust problem by having a team of people paid to do whatever they have to to keep their servers on everyone's trust lists.
<tobiasBora>
jasongrossman: can this script rely on an external smtp server to send mail? The issue is that I don't have access to port 25 where my server stands
<{^_^}>
[nixpkgs] @xeji merged pull request #46870 → musl: apply upstream fix for locking race, minor cleanup → https://git.io/fAS6J
<jasongrossman>
tobiasBora: I'm not sure - sorry - but it has fairly good documentation and it has an email list you can ask.
<tobiasBora>
ok, I'll definitely give it a look
<jasongrossman>
tobiasBora: In any case, it doesn't really want to use port 25. It really wants to use a higher port, with encryption, which is how I have it set up. (IIRC it's even the default.)
<tobiasBora>
oh ok... But if you use higher ports, you need to autenticate then, and after a quick look into the documentation, I can't find any reference to password connection
<jasongrossman>
tobiasBora: Just looking at my own config.
<jasongrossman>
tobiasBora: You're right. Damn. I'm sure it's possible, in several ways, but I don't see any way in which this setup makes it easy.
<tobiasBora>
clever: any idea why ssmtp can't deal with revaliases? Is it deliberate for some reasons, or is it just that nobody cares?
<clever>
tobiasBora: no idea, ive only used exim and postfix
Lisanna has quit [Remote host closed the connection]
<tobiasBora>
clever: ok thanks. And if I want to manually add the support to this other configuration file, any idea how I could do that? If I modify the current derivation, I'll run into recompilation and I don't want that as it's only a matter of configuration files...
<clever>
tobiasBora: can it accept the path to that config at runtime? via /etc or a cli arg to the daemon?
<tobiasBora>
clever: I think you are right. So you mean I should add a derivation that just create the good file in /etc/smtp/... ?
<clever>
tobiasBora: that would be handled in the nixos module
tzemanovic has quit [Remote host closed the connection]
<tobiasBora>
clever: not sure to follow you
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fASyt
<clever>
tobiasBora: nixos modules are responsible for creating /etc files
<jasongrossman>
tobiasBora: clever means that /etc is meant to be immutable. You can in fact put things there, but you shouldn't. It's not the NixOS Way.
ym555_ has quit [Quit: WeeChat 2.2]
<tobiasBora>
But if I add something like environment.etc."ssmtp/revaliases".text = "..." then I'm good right?
<clever>
yep
<jasongrossman>
tobiasBora: Then you are virtuous and will go to heaven (which is also immutable).
tzemanovic has joined #nixos
<Ralith>
jasongrossman: in that case, surely you mean that a new heaven will be constructed that happens to contain him
tzemanovic has quit [Ping timeout: 272 seconds]
<jasongrossman>
Ralith: Theology is so complicated. In some versions, at least, heaven contained him all along only he doesn't know it until he gets there.
<jasongrossman>
Ralith: So it's more like prolog than Nix.
Henson has joined #nixos
<Ralith>
^^
Rusty1_ has quit [Quit: Konversation terminated!]
tzemanovic has joined #nixos
<tobiasBora>
clever: jasongrossman ok great thank you. I'm in heaven now, it works great :-D I may try to add this to the smtp package at some point then, it shouldn't be hard ;-)
clefru has quit [Ping timeout: 252 seconds]
<Henson>
why does python27Packages and all of the derivations inside it show up with a "nix-env -qa" but the derivations in haskellPackages don't? I'm trying to make an overlay on nixpkgs with an attribute containing several items, and this attribute and the derivations inside it aren't showing up when I do "nix-env -qa"
<Henson>
but if I take them outside of the attribute they do show up. So there's some kind of visibility things I'm missing.
<Henson>
take them outside -> move them outside
<jasongrossman>
tobiasBora: I'd love it if you did that. Thank you.
<elvishjerricco>
I've only got like 2 builds running, but Nix is erroring out because all my build users are in use even though I have 8 such build users
<elvishjerricco>
This is on macOS
<elvishjerricco>
I'm assuming there's an outdated lock or something?
lopsided98_ has joined #nixos
<jasongrossman>
Henson: I believe that's a policy decision based on the sheer number of Haskell packages. I'm not sure what the mechanism is though.
<jasongrossman>
Henson: So I could be wrong (but nobody more expert than me seems to be answering yet).
<tobiasBora>
jasongrossman: that will be my tomorrow exercice ;)
<jasongrossman>
tobiasBora: \o/
<Henson>
perhaps I should change my question slightly: if I'm writing an overlay on nixpkgs and I want to put a bunch of derivations inside a category like python27Packages, do I just create an attribute with the name of the category I want, with entries that are the derivations I want in that category?
haslersn has joined #nixos
lopsided98 has quit [Ping timeout: 252 seconds]
Rusty1_ has joined #nixos
Henson has quit [Remote host closed the connection]
<zduch4c>
I have been trying to make wacom work in my HP EliteBook 2730p for the last few hours
johnw_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<zduch4c>
I have enabled services.xserver.wacom, added xf86_input_wacom to the xserver packages, enabled acpi, enabled acpid
<zduch4c>
but there is nothing in /dev/input, nor does xinput list my digitizer
mayhewluke has quit [Ping timeout: 252 seconds]
<zduch4c>
am I supposed to add some kernel module for wacom?
jackdk has joined #nixos
<zduch4c>
/proc/bus/input/devices lists nothing about a digitizer
<zduch4c>
xsetwacom also doesn't list anything
mayhewluke has joined #nixos
<jasongrossman>
infinisil++
<{^_^}>
infinisil's karma got increased to 25
<zduch4c>
halp!
<jasongrossman>
infinisil: I'm surprised ,tofu is so low in the list.
<jasongrossman>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<infinisil>
Usages haven't been tracked til now
<jasongrossman>
Oh ha ha ha @myself. It's alphabetical. But it says "sorted by use count".
<zduch4c>
maybe input-wacom is a kernel module?
<AndreasK14>
suᥒ is not ⅾoing Αllah ⅰs ԁοіnɡ
<AndreasK14>
Αlⅼaһ iѕ dഠⅰng
AndreasK14 has joined #nixos
<AndreasK14>
ⅿοഠn is not ԁoiᥒg Ꭺlⅼаһ ⅰѕ ԁοⅰng
AndreasK14 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
<zduch4c>
lol
<zduch4c>
is this jihad
<infinisil>
jasongrossman: yeah, that should wear off over time
<jasongrossman>
zduch4c: It's spam that freenode is working on but hasn't managed to fix yet.
<jasongrossman>
infinisil: My stupidity should wear off over time? That's great news.
<infinisil>
Haha, i meant the alphabetical sorting xD
<jackdk>
as someone said a couple of days ago, it helps if you read "doing" as the sound of someone being launched from a spring (rhymes with boing), and the sound of a bot being ejected from the channel
<jasongrossman>
infinisil: Great news that you've made it track usages.
<jasongrossman>
jackdk: LLLOL
<clever>
zduch4c: this finds 4 modules on my machine, wacom, wacom_i2c, wacom_w8001, and wacom_serial4
<jasongrossman>
infinisil: How do I add to the bot's list? It needs ,allah
<jackdk>
I don't have the originator of the idea in my scrollback so I can't give credit
<jasongrossman>
jackdk: Improving the world is more important than getting credit. You can quote me on that.
sigmundv__ has quit [Ping timeout: 252 seconds]
<clever>
zduch4c: the wacom one has aliases on hid devices
<clever>
zduch4c: so wacom would auto-load if a compatible hid device is present
spear2 has quit [Remote host closed the connection]
<infinisil>
,help jasongrossman
<{^_^}>
jasongrossman: Use `,` to list all commands, `,foo = Foo!` to define foo as "Foo!", `,foo =` to undefine it, `,foo` to output "Foo!", `,foo somebody` to send "Foo!" to the nick somebody
spear2 has joined #nixos
<jasongrossman>
infinisil: Thanks.
<zduch4c>
I got those too clever
<jasongrossman>
,allah = "All public channels of freenode are receiving spam about Allah doing things. Freenode is working on the problem. It helps if you read 'doing' as the sound of someone being launched from a spring (rhymes with 'boing')."
<{^_^}>
allah defined
<jasongrossman>
,allah
<{^_^}>
"All public channels of freenode are receiving spam about Allah doing things. Freenode is working on the problem. It helps if you read 'doing' as the sound of someone being launched from a spring (rhymes with 'boing')."
JonReed has quit [Ping timeout: 252 seconds]
<zduch4c>
I wonder what the cause is then clever
<zduch4c>
the modules are definitely there
<infinisil>
jasongrossman: (i usually try not to litter this channel too much with bot stuff, there's #nixos-chat more fit for that)
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil>
Unless it's actually useful to the conversation of course
<clever>
zduch4c: check lsmod to see if any wacom things are loaded, and try manually loading things with modprobe
<jasongrossman>
infinisil: Good, thanks. I will go there next time.
<clever>
zduch4c: and check dmesg for anything wacom related
<clever>
zduch4c: also try running evtest and see if the wacom device is visible
<jackdk>
jasongrossman the bot snarfed the quotes
<{^_^}>
[nixpkgs] @marsam opened pull request #46877 → noti: fix darwin build → https://git.io/fASSz
<zduch4c>
brb
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
<{^_^}>
Undefined allah, was defined as: "All public channels of freenode are receiving spam about Allah doing things. Freenode is working on the problem. It helps if you read 'doing' as the sound of someone being launched from a spring (rhymes with 'boing')."
<jackdk>
,allah = All public channels of freenode are receiving spam about Allah doing things. Freenode is working on the problem. It helps if you read 'doing' as the sound of someone being launched from a spring (rhymes with 'boing')
<{^_^}>
allah defined
jperras has quit [Quit: WeeChat 2.2]
<jackdk>
,allah
<{^_^}>
All public channels of freenode are receiving spam about Allah doing things. Freenode is working on the problem. It helps if you read 'doing' as the sound of someone being launched from a spring (rhymes with 'boing')
<jackdk>
Doing! fixed.
zduch4c has quit [Remote host closed the connection]
<infinisil>
,help = Use `,` to list all commands, `,foo = Foo!` to [re]define foo as "Foo!", `,foo =` to undefine it, `,foo` to output "Foo!", `,foo somebody` to send "Foo!" to the nick somebody
<{^_^}>
help redefined, was defined as: Use `,` to list all commands, `,foo = Foo!` to define foo as "Foo!", `,foo =` to undefine it, `,foo` to output "Foo!", `,foo somebody` to send "Foo!" to the nick somebody
tzemanovic has quit [Remote host closed the connection]
zduch4c has joined #nixos
<zduch4c>
clever: I loaded the module, but X still doesn't detect it
<zduch4c>
dmesg has nothing about wacom
<clever>
zduch4c: anything listed by evtest?
nckx has quit [Ping timeout: 240 seconds]
<zduch4c>
nope clever
<zduch4c>
although I learned my laptop has an accelometer, nice
<Henson>
clever: (late reply) I did use "extensions" on python27Packages to define some of my own python27 packages, but I want to create a completely new category with things inside. I'm reading through the definition of python27Packages in the hopes of finding something useful.
<zduch4c>
apprently Linux does support my laptops digitizer, according to linlap
<Henson>
clever: "extensions" -> "extends"
<clever>
zduch4c: see if you can find directions on how to enable it, or find evidence of it in lspci or lsusb
<clever>
zduch4c: then it could be translated to nixos
alpha_sh has quit [Remote host closed the connection]
lassulus_ has joined #nixos
<zduch4c>
nothign in lspci, nothing in lsusb; the linlap page says "Requires acpi for /dev/input/wacom device (pressure sensitivity works)". I have enabled acip via "kernelParams = [ "acpi=on" ];" and "services.acpid.enable = true;", but still no luck with that
tzemanovic has quit [Remote host closed the connection]
tzemanovic has joined #nixos
Supersonic has quit [Ping timeout: 252 seconds]
<zduch4c>
maybe i should try testing with ubuntu like in that page
<clever>
yeah, try just booting the ubuntu livecd and see what happens, and inspect how its workng
yqrashawn has joined #nixos
yqrashawn has left #nixos [#nixos]
kisik21 has quit [Ping timeout: 252 seconds]
Supersonic has joined #nixos
<Henson>
AH HA! I figured it out. I need to pass my sub-category attribute to the "recurseIntoAttrs" function for its definition. This is how the gnome3 package category is defined, and it worked for me!
* Henson
high-fives himself
<infinisil>
Henson: Ahh, well that's not a "category" as you called it, but rather just an attrset that gets recursed into with nix-env
<{^_^}>
[nixpkgs] @bhipple opened pull request #46878 → pythonPackages.python-binance: init at 0.7.0 → https://git.io/fAS9D
<Henson>
anybody who saw the Canadian gameshow "Kidstreet" back in the 80s knows what it looks like to high-five oneself.
rprije has joined #nixos
<Henson>
infinisil: and the presence of "recurseForDerivations = true" in the attribute set causes nix-env to recurse into it?
<infinisil>
Yeah
<Henson>
infinisil: also, I finally got my Haskell Stack program to compile as a Nix derivation. I was almost ready to give up, but after sleeping on it for a night I figured it out. I just came down to stack2nix generating an inconsistent package list. In my case the "semigroupoids" package dependend on the "tagged" package, but revision 1 of the package, and stack2nix was generating a derivation for revision 2, which was causing the problem.
<Henson>
infinisil: is that recurseForDerivations thing explained anywhere? It would be great if it was mentioned in the nixpkgs manual in the overlays section.
<infinisil>
Nice
<infinisil>
No idea
<infinisil>
Gonna sleep now though
<infinisil>
Night :)
<{^_^}>
Night!
<Henson>
infinisil: good night
<zduch4c>
I'll do that tomorrow and report back in clever
zduch4c has quit [Remote host closed the connection]
<haslersn>
Is there a way to specify which package should installed if only a part of the attribute path is specified?
<haslersn>
(When developing in nixpkgs)
Kelppo has joined #nixos
hakujin has joined #nixos
<Henson>
haslersn: can you elaborate or give an example of what you mean?
hakujin has quit [Ping timeout: 246 seconds]
Henson is now known as Henson_Away
<haslersn>
Henson: If I do: top = recurseIntoAttrs (callPackage sub {}); I can install top.sub1, top.sub2 and I can also install top, which defaults to one of them. How can I set that default?
<clever>
haslersn: if you run `nix-env -iA` on a set, it will install every attr of the set
rprije has quit [Ping timeout: 272 seconds]
rprije has joined #nixos
nDuff has quit [Quit: zzz]
sbeller has joined #nixos
<sbeller>
Allɑһ iѕ dοing
sbeller has quit [Killed (Sigyn (Spam is off topic on freenode.))]
jasongrossman has joined #nixos
rprije has quit [Ping timeout: 240 seconds]
rprije has joined #nixos
<haslersn>
clever: Ah ok, thanks
fragamus has joined #nixos
Henson_Away is now known as Henson
<Henson>
haslersn: sorry, I don't know the answer to your question.
Growpotkin has joined #nixos
<Growpotkin>
hey is there a shebang script header that is compatible with both nix and linux?
<Growpotkin>
or rather "/bin/bash" and "/run/current-system/sw/bin/bash"
<clever>
growpotkin: #!/usr/bin/env bash
<Growpotkin>
genius
<Growpotkin>
tybg
<haslersn>
Henson: Well, there seemed to be an error in my question :)
<clever>
growpotkin: nix's stdenv will even patch that to the absolute path of bash when installing scripts
slack1256 has joined #nixos
<haslersn>
clever: isn't #!/bin/bash sufficient?
<Growpotkin>
nah that was blowing up for me
<Growpotkin>
#! /usr/bin/env bash worked though
<Growpotkin>
it was just for a little bash script I had written for work, it wasn't for packaging
<haslersn>
growptokin: Did you just call your script, or did you package it? The shebang should get fixed in fixupPhase if I remember correctly
<clever>
haslersn: /bin/bash doesnt exist on nixos
<clever>
haslersn: only /bin/sh and /usr/bin/env exist, all else is in /run or /nix
<haslersn>
clever: yes, but I thought it's automatically fixed in fixupPhase
<clever>
haslersn: it is, but you cant run the script without that fixing
<clever>
so you cant test the pre-compiled version
rprije has quit [Ping timeout: 272 seconds]
<haslersn>
Well, you can place a default.nix in your directory and then do 'nix run -c ./scriptname'
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
rprije has joined #nixos
<haslersn>
^
<Growpotkin>
thanks for the help y'all
<haslersn>
clever: ok you're right ^^
Growpotkin has quit [Remote host closed the connection]
sir_guy_carleton has joined #nixos
fragamus has joined #nixos
Kelppo has quit [Ping timeout: 252 seconds]
blankhart has quit [Ping timeout: 246 seconds]
Kelppo has joined #nixos
lassulus has quit [Ping timeout: 252 seconds]
<Henson>
what's the proper way to delete a nix profile. I created a new one using "nix-env -p /nix/var/nix/profiles/blahblah -i blah2" and want to get rid of it. Do I just delete the symbolic links, or will that screw things up?
rprije has quit [Ping timeout: 246 seconds]
rprije has joined #nixos
astronavt has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
aither has quit [Ping timeout: 252 seconds]
aither has joined #nixos
genesis has quit [Ping timeout: 252 seconds]
kandinski has quit [Ping timeout: 252 seconds]
genesis has joined #nixos
<clever>
Henson: you can just delete all of its symlink
<clever>
s
kandinski has joined #nixos
amfl has quit [Read error: Connection reset by peer]
drakonis has joined #nixos
rprije has quit [Ping timeout: 244 seconds]
rprije has joined #nixos
amfl has joined #nixos
rprije has quit [Ping timeout: 252 seconds]
mog has quit [Ping timeout: 252 seconds]
rprije has joined #nixos
mog has joined #nixos
genesis has quit [Excess Flood]
genesis has joined #nixos
lassulus has joined #nixos
<Henson>
clever: ok
<{^_^}>
[nixpkgs] @kalbasit closed pull request #46864 → terraform: update all providers and move terraform-provider-nixos to the list of providers → https://git.io/fAS0F
<{^_^}>
[nixpkgs] @kalbasit reopened pull request #46864 → terraform: update all providers and move terraform-provider-nixos to the list of providers → https://git.io/fAS0F
<Henson>
goodnight, everyone.
* Henson
figures out how to quit f-irc
<clever>
Henson: /exit
<Henson>
clever: usually I use kvirc, and I can leave a nice parting message when I /quit. But I don't know if f-irc does that.
<clever>
/quit is part of the irc protocol, it should work the same way in every client
<clever>
just /quit your msg
<Henson>
clever: yeah, f-irc wants a server name. Oh well, here goes
Henson has quit [Quit: Henson]
<astronavt>
do nixos users typically try to package everything as a nix package? or would you still want to use stuff like pip to install python packages
<ldlework>
well if you want users other than nixos users to use your stuff, there's not much choice
<ldlework>
s/nixos/nix
<astronavt>
so is there a reasonably straightforward procedure for repackaging stuff like pypi packages, ruby gems, and node modules as nix packages?
<cbarrett>
"stuff like" no, those three yes
blankhart has joined #nixos
<ldlework>
hehe
<astronavt>
hey thats a good start
<cbarrett>
:)
<astronavt>
is there one for CRAN (R) packages? i assume Julia is too new to be considered
<astronavt>
(use case: replace the godforsaken Conda ecosystem)
<cbarrett>
the workflow people seem to like is -- write some code to generate, from whatever your language's file for dependency information is, a pure nix expression that is a snapshot
<cbarrett>
of the dependencies i mean not your project
<cbarrett>
i'm not sure about R or Julia
<Ralith>
go look around in nixpkgs and see
<cbarrett>
those are probably on nixos though, I'd be surprised if not
<cbarrett>
exactly Ralith
<cbarrett>
couldnt have said it better :)
trevthedev has joined #nixos
trevthedev has quit [Changing host]
trevthedev has joined #nixos
<adisbladis>
Most of us use pip/npm/whatever and then use tools to nixify our builds
<adisbladis>
Similar things for most language specific package managers
mayhewluke has quit [Ping timeout: 240 seconds]
sb0 has quit [Ping timeout: 246 seconds]
mayhewluke has joined #nixos
countingsort has joined #nixos
<astronavt>
adisbladis very nice, thank you
counting1ort has quit [Ping timeout: 244 seconds]
<CMCDragonkai>
I have a script that isn't executable in the source directory.
<CMCDragonkai>
I wanted to use makeWrapper to create a bin executable
<CMCDragonkai>
However I realised that it requries that the script be executable
<CMCDragonkai>
Also I need to set the interpreter
<CMCDragonkai>
Because the script doesn't have an interpreter
<CMCDragonkai>
What's the solution to this? A variation of makeWrapper or something that creates the executable script itself?
<astronavt>
CMCDragonkai how can a script not have an interpreter?
<CMCDragonkai>
No interpreter specified in the #!
<astronavt>
i dont know about the nix stuff but i know about scripts and stuff
<CMCDragonkai>
Right I'm writing a derivation for this.
<CMCDragonkai>
And intend to push it to Nixpkgs
nuncanada has quit [Ping timeout: 252 seconds]
<astronavt>
i would *assume* that makeWrapper creates a shell script that calls ${interpreter} ${script}
<astronavt>
otherwise it wouldn't need to know
<astronavt>
if it was relying on the shebang
<CMCDragonkai>
No I tried it, it creates a shell script, but there's no option to set the interpreter.
<CMCDragonkai>
The --run flag doesn't do what I thought it would do.
<astronavt>
CMCDragonkai oh, so it's looking for the shebang to determine the interpreter?
<CMCDragonkai>
No, the script has no shebang whatsoever. And the makeWrapper result doesn't actually have a setting to set the interpreter before running the wrapped program.
<CMCDragonkai>
Yea... so this requires me to either modify the source to add the hashbang, or use pkgs.writeScriptBin which creates a separate derivation
rprije has quit [Remote host closed the connection]
abueide has quit [Ping timeout: 245 seconds]
rprije has joined #nixos
worldofpeace has quit [Remote host closed the connection]
mayhewluke has quit [Ping timeout: 244 seconds]
mayhewluke has joined #nixos
reinzelmann has quit [Quit: Leaving]
hakujin has joined #nixos
rauno has joined #nixos
lostman has joined #nixos
<lostman>
I have an annoying issue with nix on Jenkins. Jenkins likes to create paths with `@` symbol in them and nix doesn't seem to like it. So sometimes I end up with errors like this: error: `invalid character '@' in name '_docker-image-fix-timestamp-KN5P7SHLFD35WGHRIEEGBQGPNLAU57QOO3SNGNCOEXDDFL3UPKSA@2`. Is there anything I can do about it?
lassulus has quit [Ping timeout: 246 seconds]
abueide has joined #nixos
lassulus has joined #nixos
Rusty1_ has quit [Quit: Konversation terminated!]
blankhart has quit [Quit: WeeChat 1.9.1]
hakujin has quit [Ping timeout: 245 seconds]
nliadm has quit [Ping timeout: 252 seconds]
kyren has joined #nixos
<adamantium>
hi, anyone using sway for a nixos window manager?
nliadm has joined #nixos
<adamantium>
I'm having trouble making sway not autostart slim, (and it doesn't work with a login manager), i need to just start from tty
hakujin has joined #nixos
sb0 has joined #nixos
kyren has quit [Remote host closed the connection]
kyren has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<eeva>
I have 2 drives, I think I'll use the backing method
<{^_^}>
[nixpkgs] @xeji closed pull request #46682 → sudo: 1.8.25 -> 1.8.25p1 (bugfix for systems w/o ppoll) → https://git.io/fAXSz
camsbury has joined #nixos
wpcarro has joined #nixos
<clever>
eeva: first disk has format=qcow2, second is format=row, that looks good
<clever>
both have if=none, so the -drive wont create an interface
<clever>
and then there are matching -device entries to create pci nodes for each disk
<clever>
eeva: oh, drivers
<clever>
eeva: add virtio and virtio_blk to boot.initrd.availableKernelModules
<eeva>
oh :D
<clever>
your initrd likely lacks virtio support
<clever>
so it cant find any disk
<eeva>
didn't think about that
<clever>
my simple test probably did sata
<eeva>
looks like a very good lead
<clever>
oh, and virtio_pci
<clever>
virtio itself doesnt have to be listed
<clever>
virtio_pci and virtio_blk depend on it, and nixos will figure it out
hakujin has joined #nixos
<eeva>
rebuilding…
fragamus has joined #nixos
<realrokka>
does rebuild compile virtualbox every 1.5 days on your machines too? Could there be something wrong with my .config? Or just a lot of small updates the last weeks? It's a little bit annoying ... Im on 19.03pre
<eeva>
realrokka: you may have some customisation on the virtualbox package?
<realrokka>
eeva: virtualbox.enableExtensionPack = true; that's all ... so I guess no unfree stuff contaminating the bincache ( ͝סּ ͜ʖ͡סּ) hahaha
Izorkin has joined #nixos
rprije has quit [Read error: Connection reset by peer]
<eeva>
then no real idea :D
rprije has joined #nixos
klntsky has quit [Ping timeout: 256 seconds]
<realrokka>
btw. I wanted to thank all people that work on nixos, I'am enjoying it on my server for the last 6 month and since 2 weeks on my laptop. really great work, thank you people (¬‿¬)
fragamus has quit [Ping timeout: 246 seconds]
<worldofpeace>
realrokka: That's wonderful :)
klntsky has joined #nixos
hakujin has quit [Ping timeout: 272 seconds]
wpcarro has quit [Ping timeout: 272 seconds]
<jasongrossman>
realrokka: They are amazing, aren't they?
camsbury has quit [Ping timeout: 246 seconds]
<eeva>
clever: yeah! that was it
<eeva>
thanks! Was stuck there for a few days
<worldofpeace>
jasongrossman: hah it bears repeating
<jasongrossman>
worldofpeace: Yes.
<{^_^}>
[nix] @luke-clifton opened pull request #2432 → SSL certificate search failed to find user profile certificates. → https://git.io/fAShw
dozn has joined #nixos
camsbury has joined #nixos
rauno has quit [Ping timeout: 244 seconds]
worldofpeace has quit [Remote host closed the connection]
theodoor has quit [Remote host closed the connection]
baimafeima has joined #nixos
civodul has joined #nixos
besbin has joined #nixos
<besbin>
Alⅼah is doing
besbin has quit [Killed (Sigyn (Spam is off topic on freenode.))]
hyper_ch2 has quit [Ping timeout: 252 seconds]
goibhniu has joined #nixos
goibhniu has quit [Quit: Leaving.]
goibhniu has joined #nixos
jackdk has quit [Ping timeout: 244 seconds]
<{^_^}>
[nixpkgs] @xeji opened pull request #46882 → nixos/tests/hibernate: prevent non-deterministic failure on i686 → https://git.io/fA9Ji
<rauno>
i question about nixos defaultGateway config, how can i configure default gateway for a specific interface, for example "route add default gw 100.100.100.1 vlan100"
<sphalerite>
rauno: there is no such thing as a per-interface default gateway
hakujin has joined #nixos
<sphalerite>
rauno: the kernel will just use the default gateway (with the lowest metric) via whichever interface it's reachable on
<sphalerite>
rauno: you might want to set static routes though, networking.interfaces.vlan100.ipv4.routes = [{address = "0.0.0.0"; prefixLength = 0; via = "100.100.100.1"; options.metric = "600";}];
<sphalerite>
something like that should work I think
sir_guy_carleton has joined #nixos
hakujin has quit [Ping timeout: 252 seconds]
<sphalerite>
but it won't actually use more than one of the available default routes
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « git-annex: update sha256 hash for new version 6.20180913 »: https://git.io/fA9Tv
sigmundv has quit [Ping timeout: 244 seconds]
baimafeima has quit [Quit: Leaving]
orivej has quit [Ping timeout: 272 seconds]
orivej has joined #nixos
sigmundv has joined #nixos
shabo1 has joined #nixos
<shabo1>
Aⅼlah ⅰs ԁoіng
shabo1 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
astronavt_ has joined #nixos
<rauno>
sphalerite, ah okay
IRCsum has joined #nixos
astronavt has quit [Ping timeout: 272 seconds]
<adamantium>
hey, anyone know how to autologin to tty, no display manager.
<Dezgeg>
e.g. services.mingetty.autologinUser = "root";
<adamantium>
yeah
<adamantium>
thanks!
<adamantium>
does that just do tty 1 ?
Twey has joined #nixos
<Dezgeg>
all of them
astronavt_ has quit [Read error: Connection reset by peer]
astronavt_ has joined #nixos
<betaboon>
hello #nixos does anyone have an opinion about nixops+kubernetes? (I'm currently thinking about the way i want my microservice-architecture to go. thinking about nixops+kubernetes+istio+envoy)
<{^_^}>
[nixpkgs] @xeji merged pull request #46871 → musl: apply other selected upstream fixes while rebuilding → https://git.io/fASiu
<rawtaz>
just dont get caught up in the "finding fancy tech services to build our project on" circus - sometimes you just need to get started writing some code
lassulus has joined #nixos
<betaboon>
rawtaz: we did write some code :P just hit 30+ services ;)
<rawtaz>
ok :)
<betaboon>
the system is up-and-running in production. but as the tendency of service-count and developer-count to increase, the system getting more and more complex i realy have to look into future-paths of increasing observability, better fault-tolerance etc as i don't want to end up being occupied 110% with just chasing rabbits
<betaboon>
(in the mid-to-long-term)
hyper_ch2 has quit [Ping timeout: 252 seconds]
<rawtaz>
indeed
<rawtaz>
perhaps hashicorp has something that's usable for you?
Ridout has joined #nixos
<betaboon>
so this is just planning ahead in order to influence development gradually to go into a specific direction, so that future-migration wont be unviable
<betaboon>
rawtaz: I'm using consul from hashicorp
n9nes27 has joined #nixos
<n9nes27>
Ꭺlⅼah iѕ ԁoiᥒɡ
<n9nes27>
ѕun is not doing Aⅼⅼah is ԁⲟіng
<n9nes27>
mഠഠn ⅰs nοt doing Alⅼah iѕ dοiᥒɡ
n9nes27 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
hakujin has joined #nixos
<{^_^}>
[nixpkgs] @romildo opened pull request #46885 → go-x11-client: init at 0.0.4.1 → https://git.io/fA9qm
kim0 has joined #nixos
trcc has quit [Remote host closed the connection]
trcc has joined #nixos
astronavt_ is now known as astronavt
hakujin has quit [Ping timeout: 252 seconds]
Dedalo has joined #nixos
trcc has quit [Ping timeout: 240 seconds]
julm has joined #nixos
<Taneb>
What's the criteria for packporting a change to nixpkgs?
tzemanovic has joined #nixos
carlosdagos has quit [Quit: Connection closed for inactivity]
rprije has quit [Remote host closed the connection]
rprije has joined #nixos
silver has joined #nixos
rauno has quit [Ping timeout: 240 seconds]
nD5Xjz has joined #nixos
wpcarro has quit [Remote host closed the connection]
<rawtaz>
kai_w: i have nooo idea, but could it be that something is asking for paramiko 2.4.0 or higher, and the highest in stable is 2.1.1, so the solution would be to import/define paramiko 2.4.0+ yourself (i mean make an override for paramiko)?
wpcarro has joined #nixos
wpcarro has quit [Remote host closed the connection]
johanot has quit [Quit: leaving]
wpcarro has joined #nixos
<kai_w>
huh, I swear it was falling over on urllib earlier
derped has quit [Remote host closed the connection]
phreedom has quit [Quit: No Ping reply in 180 seconds.]
phreedom has joined #nixos
rprije has quit [Ping timeout: 252 seconds]
klntsky has quit [Ping timeout: 256 seconds]
rprije has joined #nixos
oida has quit [Ping timeout: 256 seconds]
klntsky has joined #nixos
abueide has quit [Ping timeout: 244 seconds]
oida has joined #nixos
sb0 has joined #nixos
<srhb>
kai_w: In your gist, you're passing the unmodified urllib3 on, if you didn't notice
<waynr>
so i'm having trouble getting a package to build that has some transitive dependency on gnum4, yet i can build and install gnum4 using `nix-env -i gnum4`
<waynr>
one thing i would like to do is determine exactly how the package i'm having trouble building depends on gnum4 but i can't seem to find a way to view the dependency tree for this package
<waynr>
I tried `nix-store --query --tree $(nix-instantiate '<nixpkgs>' -A minikube)` but it doesn't seem to work
<waynr>
i guess maybe that only works for installed paths?
<srhb>
waynr: The problem is probably the bin output
<srhb>
waynr: Try removing that from the path emitted by nix-instantiate
<srhb>
go things usually have bin as their output, which is a bit confusing.
<srhb>
or instantiate .out instead.
tjf17 has joined #nixos
<tjf17>
suᥒ is not ԁoing Αlⅼah is ԁⲟing
<tjf17>
Allаһ іѕ doⅰng
<tjf17>
mоon is nоt doiᥒg Alⅼɑh is ԁoiᥒg
tjf17 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
kim0 has quit [Quit: Connection closed for inactivity]
<waynr>
srhb: thanks!
<waynr>
using .out worked
hamishmack has quit [Ping timeout: 252 seconds]
tertl3 has quit [Quit: Connection closed for inactivity]
<sphalerite>
eeva: so that if an /etc/nix/builders file happens to be lying around, it won't use it
<sphalerite>
eeva: you can still use distributed building as a trusted user (only root by default) by passing --builders on the command line or by putting it in ~/.config/nix/nix.conf
<Guillaum>
Is there a way to use a FHS environment during a derivation build (during the 'buildPhase'). I have a build script from a proprietary software which is really hard to patch to work with nix (hard coded /bin/bash in binaries), however once built, the patching is easy.
jperras has joined #nixos
<kandinski>
I don't know how to work with a fixed-output derivation error. To begin with, I just grepped the hash value in the error but it doesn't appear in my nixpkgs branch.
<sphalerite>
kandinski: you grepped the expected hash?
<kandinski>
This is the error: http://paste.debian.net/1043269/ Was I wrong to expect either the filename or the expected sha256 hash to be in the repo?
hakujin has quit [Ping timeout: 244 seconds]
<kandinski>
sphalerite: yes
<sphalerite>
kandinski: I grepped 0a3755c1799d3a4dc1875d4c59c7c568a64c8456 and found pkgs/tools/networking/network-manager/default.nix
<kandinski>
oh
<kandinski>
yes, I'm backporting certain packages, and network-manager is one of them.
<sphalerite>
but yeah it's the patch file in there that's failing to be found
<sphalerite>
did you grep the whole filename?
<kandinski>
sphalerite: thanks, I thought I was supposed to grep the "expected hash" part. I didn't recognise that bit of the filename, not expecting the upstream patch to have a hash for a name. Yes, I had grepped the whole filename.
<eeva>
sphalerite: trusted user hmmm, that's what I might be after
<sphalerite>
kandinski: yeah when grepping for the filename you need to take out the first bit, which is the hash of the path or (roughly) of the derivation that produced it
<waynr>
hmm this is weird; it looks like both neovim and minikube have a build dependency on gnum4-1.4.18 via bison-3.0.5; yet i can build and use neovim, but minikube builds fail with `checking for GNU M4 that supports accurate traces... configure: error: no acceptable m4 could be found in $PATH.`
hakujin has joined #nixos
<sphalerite>
waynr: if it needs m4 to build, you should add it to the nativeBuildInputs. buildInputs don't work transitively
<sphalerite>
(or nativeBuildInputs*)
<waynr>
oh wait the minikube dependency tree includes gnum4 through multiple paths
<sphalerite>
propagatedNativeBuildInputs and propagatedBuildInputs do, but it's not usually what you want
<waynr>
i don't think minikube itself needs m4, but some of minikube's transitive dependencies
<kandinski>
sphalerite: thanks! But how why do you think the patch fails to download? I think it downloads, but then I get the wrong hash of the output because I'm compiling it on top of a 18.03 tree where I've added the network-manager derivations naively.
<srhb>
waynr: Which, specifically? They are the ones that need fixing.
<sphalerite>
kandinski: the hash shouldn't change just because of a backport. Maybe the contents of the URL have changed? Although that would be strange too…
<srhb>
waynr: Where are you seeing minikube failures by the way?
<waynr>
that's what i'm trying to figure out at the moment; gonna try building each of gnum4's dependent paths one at a time
<sphalerite>
srhb: you run it iwhout -m to get it to fit in irc
<srhb>
oh..
<sphalerite>
waynr: don't use -m for irc xD
<waynr>
okay, good to know ;)
<sphalerite>
at least Sigyn didn't kick in :D
<sphalerite>
(or kick out? lol)
<srhb>
waynr: 9fa6a261fb2 has an okay minikube
<srhb>
waynr: So something else is going on.
<waynr>
yeah
<sphalerite>
waynr: do you have overlays that might be affecting it maybe?
Anton-Latukha has quit [Ping timeout: 252 seconds]
<eeva>
So I've defined my remote nixos builder, set both nix.buildMachines and nix.distributedBuilds, set my user to be trusted. My nix build -f default.nix is still run locally.
<waynr>
i've been wondering if it could be something about my multi-user setup
<eeva>
What else can I check?
<srhb>
overlays is the most reasonable suspect to start out with.
<waynr>
sphalerite: wouldn't that also affect the neovim build?
<waynr>
also i'm not sure what you mean by overlays
<srhb>
waynr: Depends on the failure..
<sphalerite>
eeva: does it say it couldn't connect to any of the machines?
<eeva>
nope
<srhb>
waynr: Usually a specific type of package override
<waynr>
i've been using nix for a few months but i'm still very much a n00b
<srhb>
They are described in the nixpkgs manual
<eeva>
sphalerite: it just plainly builds locally, no error.
<eeva>
I'd like an error :D
<sphalerite>
eeva: did you nixos-rebuild switch? (just to be sure…)
<eeva>
I did run nixos-rebuild test
<srhb>
waynr: If you don't know that you've installed any overlays or package overrides, that makes it a less likely suspect.
<sphalerite>
eeva: right that should do it. Also you shouldn't need to be a trusted user to use distributed builds, only to override the builders specified in nixos config
<waynr>
okay i'll continue trying to build the direct dependents i found in the minikube dependency tree
<sphalerite>
eeva: does /etc/nix/machines exist?
nuncanada has joined #nixos
<srhb>
waynr: what does this output? nix eval nixpkgs.lib.version
<eeva>
sphalerite: yes, and it is populated
<srhb>
waynr: You can also pastebin the whole error message, it should be clear from that what dependency is failing, and we can help point it out.
<waynr>
srhb: 'error: attribute 'nixpkgs' in selection path 'nixpkgs.lib.version' not found'
<sphalerite>
eeva: did nixos-rebuild test restart (or stop) the nix daemon?
<srhb>
waynr: OK, so no channel by that name. That's fine then.
<eeva>
sphalerite: don't think so
<eeva>
maybe I should force it?
<waynr>
srhb: you mean the entire build output for minikube?
<srhb>
waynr: Yup.
<sphalerite>
eeva: ps -f $(pgrep nix-daemon) and see how long it's been running maybe?
<waynr>
okay i'll rerun it real quick
<sphalerite>
eeva: that's odd though if so, because it should restart it whenever the config changes I think
<sphalerite>
or rather stop it, then it gets started again by socket activation
<eeva>
6 minutes :D
hakujin has quit [Ping timeout: 246 seconds]
<eeva>
stopped it and tried again… No change
<eeva>
I'm running htop on my builder to check whether it's using it.
<sphalerite>
eeva: does sudo ssh <builder> work?
<eeva>
yeah
wpcarro has quit [Remote host closed the connection]
<sphalerite>
eeva: ooooh what are you building?
<eeva>
I ran a remote build by forcing it with NIX_REMOTE=…
<vandenoever>
is there a channel for nixos 18.09 yet?
<sphalerite>
vandenoever: yes. It's still beta though
<eeva>
sphalerite: local project with `nix build -f default.nix`
<vandenoever>
sphalerite: what's the status of it for desktop kde? still open bugs?
<sphalerite>
eeva: it wouldn't happen to have any requiredSystemFeatures or whatever it was, would it?
<vandenoever>
sphalerite: ok thanks i'll switch and see how it works
<srhb>
waynr: You're rebuilding everyting, so something far down the chain is altered compared to upstream :P
<sphalerite>
gchristensen: btw could we have a topic update since the nixcon cfp is no longer open? Maybe change it to "everybody try out the 18.09 beta!" :D
<Myrl-saki>
Any idea of an environment.systemPackages, but only to add it to the gcroot, no environment effects at all?
<waynr>
srhb: i thought it was strange that trying to build minikube would include all those other paths
<srhb>
waynr: Yeah. probably time to share your configuration :)
<eeva>
sphalerite: do you know if having a private ssh key on disc is mandatory? Mine is on a smartcard
<srhb>
waynr: That output looks like it would if you had no binary cache at all, I think.
<eeva>
so I did not provide the sshKey field for /etc/nix/machines
<sphalerite>
eeva: yes, that would probably do it! Hang on
<eeva>
:'(
<sphalerite>
eeva: try adding IdentityAgent to root's .ssh/config
<srhb>
waynr: Just checking, do you have a non-standard nix install? Like, nix' prefix isn't /nix ?
<waynr>
srhb: yeah that's one of the things that appeals to me about nix; i can build my own binary cache to share between my computers
<sphalerite>
with the value of $SSH_AUTH_SOCK
<eeva>
Oh I see, ok I'll try that
Ariakenom has quit [Ping timeout: 245 seconds]
<waynr>
srhb: no, but i do have an ansible-driven multi-user setup based on my reading of the nix manual a couple months ago
<sphalerite>
eeva: the issue being essentially that the nix daemon doesn't have SSH_AUTH_SOCK set :)
<sphalerite>
AFAIU
<sphalerite>
I think there might also be some explicit unsetting, I can't remember
<eeva>
That'd make sense
<waynr>
i did try using the new --daemon flag with the bash pipe install method but i need a non-interactive install
<sphalerite>
waynr: was it you asking about that yesterday too?
<waynr>
asking me about what? my current installation?
<sphalerite>
no, non-interactive multi-user installatin
<srhb>
waynr: But it's still in /nix ?
hakujin has joined #nixos
<waynr>
srhb: yeah, still in /nix
<vandenoever>
how hard would it be to run nixos-18.09 and overlay it with an up-to-date KDE?
<{^_^}>
[nixpkgs] @costrouc opened pull request #46893 → haskellPackages.pandoc-crossref: refactor disable tests for 0.3.2.1 → https://git.io/fA9V8
<eeva>
better, I have an error now
<vandenoever>
i guess it's a matter of keeping a nixpkgs branch
<srhb>
waynr: OK. What does this do? nix-store --realise /nix/store/j1mpsks2a3k6bi9i7309hjc4pgh46ssn-minikube-0.28.1-bin ?
wpcarro has joined #nixos
<waynr>
sphalerite: i'm not sure what you are asking, sorry
<sphalerite>
vandenoever: you might as well run nixos-unstable
tzemanovic has quit [Remote host closed the connection]
<sphalerite>
waynr: someone was asking about how to install nix on other distros in multi-user mode non-interactively yesterday, I was wondering if that was you
<waynr>
oh, maybe it was me.
<sphalerite>
waynr: the conclusion we reached, iirc, was that it's not really pretty but the only way with the standard installer script is to set up passwordless sudo
wpcarro has quit [Read error: Connection reset by peer]
<sphalerite>
with a dedicated account if necessary
wpcarro has joined #nixos
<vandenoever>
sphalerite: that feels scary for a machine for day to day production
<eeva>
yes, errors! give me more errors! sphalerite I think I'm in the right direction, thanks!
<waynr>
oh i do have a passwordless sudo account that i use for ansible playbooks
<waynr>
maybe i'll give that a try after work today
<sphalerite>
vandenoever: I don't see why, especially if the only way to log into that account is using sudo
<waynr>
srhb: i get "don't know how to build these paths"
<sphalerite>
vandenoever: no different from having a root account really?
<srhb>
waynr: is cache.nixos.org even in your /etc/nix/nix.conf ?
<vandenoever>
sphalerite: i think you mean to reply to someone else
<sphalerite>
srhb: or do you have *other* substitutors defined in nix.conf?
<srhb>
Though thinking about it, it should fall back to it...
<sphalerite>
vandenoever: no, it was meant in reply to your "scary" comment
<sphalerite>
eeva: yaaaaay
<srhb>
sphalerite: Ah, right.
<sphalerite>
oops wrong highlight
<waynr>
srhb: it's not
<srhb>
waynr: Intentionally?
<sphalerite>
waynr: do you have any other substituters defined?
<vandenoever>
sphalerite: well unstable is for all packages including fundamental ones like the kernel
<sphalerite>
srhb: cache.nixos.org is the default, so unless it's explicitly set in nix.conf it'll use it
hakujin has quit [Ping timeout: 272 seconds]
<srhb>
Yeah, I thought so.
<waynr>
srhb sphalerite, i have 'substitute = false' and 'max-jobs = auto' in my nix.conf
<srhb>
waynr: Why do you have substitute = false?
<sphalerite>
vandenoever: it's still safe to use, there's a lot of tests that it goes through to avoid damaging stuff
<waynr>
because when i have a build machine that i use to build software and a bunch of other machines that i want to use to consume the artifacts of that build machine's builds
<sphalerite>
vandenoever: a lot of people here, myself included, run their system on nixos-unstable — and if something breaks you can always roll back, even at boot time :)
<waynr>
s/to use to consume/to consume/
<srhb>
waynr: So... This is the build machine, and you don't want it to use cache.nixos.org as a binary cache?
<{^_^}>
[nixpkgs] @xeji pushed commit from @romildo to master « plano-theme: 3.28-2 -> 3.28-3 (#46892) »: https://git.io/fA9wD
<srhb>
waynr: Right, you can do that, but it's a silly thing to do and a waste of electricity. But OK, that mystery is solved then. Back to minikube...
<sphalerite>
disk space too! :p
trcc has quit []
<sphalerite>
IMO: run BOINC if you have that much power to waste :p
<srhb>
waynr: can you gist your minikube drv file?
<waynr>
i guess i should spend all my electricity and disk space watching porn or GoT or whatever the latest television craze is
<sphalerite>
that also takes up *your* time though
<srhb>
Wait, that already had the same has as upstream, nevermind.
<srhb>
HMM.
<sphalerite>
waynr: do you have sandboxing on?
<waynr>
would that be set in the nix.conf?
<betaboon>
i guess i will ask again: does anyone have experience (or an opinion) running nixops+kubernetes ?
iyzsong-x has quit [Read error: Connection reset by peer]
<Myrl-saki>
waynr: Are you using NixOS?
drakonis has joined #nixos
<srhb>
betaboon: Yes. also a couple of people in #nixos-k8s
<sphalerite>
waynr: aaaah yes you have sandboxing off! Try putting sandbox = true in your nix.conf
<srhb>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 18
<sphalerite>
waynr: it might well be that this is a build impurity coming in from the "host" OS
<waynr>
Myrl-saki: no, debian with nix on top
<sphalerite>
which breaks stuff.
<srhb>
Sounds very likely.
<waynr>
okay i'll give that a shot!
<betaboon>
srhb: so i guess asking in that channel would be more appropriate ? XD
<srhb>
betaboon: Nah here is fine too
<Myrl-saki>
I think Debian + Nix is the most common.
<srhb>
betaboon: But you'll be able to find people to poke directly from the (small) user list :P
<sphalerite>
(this wouldn't be a problem if you used cache.nixos.org, at least not for stdenv ;) )
<Myrl-saki>
Anyone else think so?
<srhb>
Myrl-saki: The most common platform for Nix? I think it's NixOS.
<srhb>
Myrl-saki: But I don't know of a census.
<Myrl-saki>
srhb: I mean, second to that, of course. :P
<srhb>
Ah, okay.
<srhb>
That wasn't obvious :P
<Myrl-saki>
FWIW, I was an Arch user, yet I went with Debian on Nix.
<sphalerite>
I think nixos then debian then maybe arch
knupfer has joined #nixos
<sphalerite>
although I think a lot of arch users are just on their way to nixos :p
<Myrl-saki>
I think another reason is that Debian's very common to run on VPSes.
<srhb>
"The larval stage"
<sphalerite>
(even if they don't know it themselves yet)
<sphalerite>
haha yes srhb
<Myrl-saki>
sphalerite: Same, am an Arch convert, as previously said.
<Myrl-saki>
Idk why Gentoo users are staying strong with Gentoo though.
<betaboon>
srhb: I'm not very familiar with k8s yet. I'm currently thinking about switching to envoyproxy, then now there is istio (which uses envoyproxy as dataplane). istio is most commonly run with k8s (as far as i can tell atm) that brings me to thinking about running nixops+k8s (as I'm currently running everything with nixops). what does nixops+k8s bring to the table as compared with plain-nixops? what can i look at
<betaboon>
to get started with playing around with nixops+k8s? (sorry for so many questions)
<sphalerite>
Myrl-saki: because gentoo is for ricers
<Myrl-saki>
Nixpkgs doesn't have a standardized way to pass flags, but you could hack around on nixpkgs if you really want to.
<Myrl-saki>
sphalerite: Right, but Nix is as versatile, and Nixpkgs is almost as versatile.
<srhb>
betaboon: I would never go for k8s unless I desperately needed a large-scale container orchestrator
<Myrl-saki>
Okay, maybe almost as versatile is an overstatement.
<sphalerite>
Myrl-saki: well you can modify stdenv for it actually
<Myrl-saki>
sphalerite: Yeah, hence why I went with almost as versatile if you're patching nixpkgs directly.
<garbas>
hey! anybody has problems (on 18.09) of using openvpn with networkmanager?
<Dietr1ch>
nvm it was sha256
<mpickering>
sphalerite: I think the problem is that the disk is getting full
<mpickering>
because it uses /run/user rather than /tmp
<garbas>
it looks like it is not even installed -> nmcli connection import type openvpn file /dev/null
<kreisys>
I don't understand why filterSource is any different from creating a derivation and copying only select files from it before using that as the src of another derivation
<garbas>
Error: failed to load VPN plugin: cannot load VPN plugin "openvpn" due to missing "libnm-vpn-plugin-openvpn.so". Missing client plugin?.
<kreisys>
Is filterSource executed during eval or something like that which makes it different?
<sphalerite>
mpickering: ooooh. try running it with TMPDIR=/tmp then :)
<sphalerite>
kreisys: yes
<sphalerite>
kreisys: exactly that
<kreisys>
ah
FRidh has quit [Quit: Konversation terminated!]
nuncanada2 has joined #nixos
<sphalerite>
kreisys: and the reason it's different is that it has stuff coming in from outside the nix store
<sphalerite>
you could make a derivation that copies only select files, but not from outside the store
<kreisys>
ok i c that makes sense
hyper_ch2 has quit [Quit: Page closed]
nuncanada has quit [Ping timeout: 240 seconds]
<kreisys>
ok thanks that gives me some hope of getting this working before the end of the day lol
<sphalerite>
that's also why it's in builtins and not in nixpkgs :)
<alexherbo2>
What should I do to update these two packages?
<alexherbo2>
To get the sha256 when bumping the version
<alexherbo2>
Can I modify the states of the packages from my nixos/configuration.nix?
tzemanovic has quit [Ping timeout: 252 seconds]
<cransom>
in your checkout, nix-prefetch-url -A packagenamehere.src
mayhewluke has quit [Ping timeout: 252 seconds]
<srhb>
alexherbo2: The safest way to do that is to insert a fake hash
<srhb>
alexherbo2: And watch the build error
<srhb>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<alexherbo2>
Where to insert the fake hash
jperras has joined #nixos
<srhb>
alexherbo2: In the src definition.
jgeerds has quit [Quit: Leaving]
mayhewluke has joined #nixos
<alexherbo2>
Can you give me the snippet to put in my Nix config?
<alexherbo2>
I don’t know where / how to make the changes
<alexherbo2>
btw, If I want to add my own nix packages, which are not from upstream NixOs/nixpkgs, how do I do that?
<srhb>
alexherbo2: Ah, sorry, I didn't realize that was the question. Perhaps someone else can assist with either overrideAttrs or how to fork and clone nixpkgs and use the changes there
<srhb>
You want the latter if you want to contribute your changes, but I don't have time to go into details right now.
<alexherbo2>
I would like to fork to make a PR
<alexherbo2>
but I don’t understand how to get the sha256
<d1rewolf>
is there a published security policy/process for nixos one can show to pointy haired bosses?
<dhess>
Anyone using cross-compilation in NixOps deployments?
<kai_w>
dhess: I am trying, haven't got a successful deployment to my raspberry pi yet
<kai_w>
A fair few packages build though, so maybe I can help?
<{^_^}>
[nixpkgs] @Assassinkin opened pull request #46898 → pythonPackages.osmnx: init at 0.8.2 → https://git.io/fA9D6
<dhess>
srhb: thanks for pushing on that cabal2nix PR btw
<srhb>
dhess: I forgot I did anything, but you're welcome, I'm sure. :D
<dhess>
it was just languishing and I was just like, shrug, I'll do this in my overlay
orivej has joined #nixos
<srhb>
(And thanks!)
camsbury has quit [Ping timeout: 252 seconds]
<dhess>
kai_w: sure, can you point me to what your deployment .nix looks like?
<dhess>
It's not clear to me how I specify that a host is arch X but should be cross-built on arch Y
<dhess>
in a NixOps deployment that is
camsbury has joined #nixos
<sphalerite>
alexherbo2: clone it, then in the clone run nix edit -f . kakoune
<sphalerite>
alexherbo2: then to build it, nix build -f . kakoune
<kai_w>
dhess: don't have it to hand (work), but the key part was `nixpkgs.crossSystem.system = "aarch64"` (for unstable, I think this changed recently)
<kai_w>
unfortunately this doesn't use hydra caches, haven't figured out why yet
jasom has quit [Ping timeout: 264 seconds]
<sphalerite>
kai_w: because cross-compiling derivations are completely differnet from native ones
hyp3rbor3ax[m] has joined #nixos
<kai_w>
makes sense. is there a way to use the native ones with nixops?
knupfer has quit [Ping timeout: 240 seconds]
<eeva>
sphalerite: my bob-the-(nixos)-builder is alive, thank you :D
<sphalerite>
if you have an aarch64 builder you can use, I think so
<sphalerite>
kai_w: if you have an aarch64 builder set up, you hsould be able to do it using nixpkgs.system = "aarch64-linux"
<sphalerite>
eeva: I was very confused for a second there, because the codename for the chromebook I've been setting up the past 2 days is bob xD
<dhess>
kai_w: sphalerite is right, you just specify the system type as aarch64-linux and it all works... if you have an aarch64-linux builder
<kai_w>
can I set the builder to not be the machine I'm running nixops on?
* vandenoever
is still puzzled why firefox wants to load i965 (and fails) whereas the kernel loads i915
<sphalerite>
yes
<dhess>
However, unless you have a very fast aarch64-linux builder (say, like one of the packet.net ones) then it's probably faster to do cross-compiles, even if it doesn't hit the cache
<viric>
compiling nix in cygwin is getting harder. 1) brotli 2) boost headers not present
<dhess>
kai_w: yes, look at the Nixpkgs manual for Remote builds
spear2 has joined #nixos
Dietr1ch has quit [Ping timeout: 252 seconds]
<sphalerite>
dhess: are you sure? I'd expect that most of the stuff that needs to be built for nixos is trivial stuff, while all the things that need to be compiled are in the cache
jasom has joined #nixos
<dhess>
sphalerite: I'm not sure, no. It obviously depends a lot on what you're building.
EarlDeLaWarr has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<dhess>
For example, there are no Haskell packages at all for aarch64-linux; the only way to build them is to run GHC with one thread; and building GHC with one thread takes about 24 hours on my reasonably fast Nvidia TX-1
<dhess>
so like, I'm pretty sure that cross-compiling that will be faster.
EarlDeLaWarr has joined #nixos
<dhess>
(assuming it works. Template Haskell makes this not a sure thing)
Neo-- has quit [Ping timeout: 245 seconds]
<sphalerite>
oh really? I didn't realise there was no haskell stuff
<sphalerite>
fair enough thenn!
<dhess>
kai_w: at one point, at least, gchristensen was giving people access to the NixOS community aarch64 builder, which is a very fast Packet.net machine, so you could ask him about that
<gchristensen>
only for well known people, unfortunately
<dhess>
sphalerite: yeah, it sucks :( There's a long-standing GHC bug that causes it to crash fairly reliably on aarch64 if you build with more than one thread
<sphalerite>
dhess: wow. I wouldn't expect that sort of thing from GHC of all things
<dhess>
gchristensen: oh sorry, I shouldn't have mentioned that and put you on the spot.
<dhess>
sphalerite: It looks like a memory ordering bug, and these things are insidious.
<dhess>
and I don't think aarch64 gets a ton of testing on GHC
<sphalerite>
the community box is also not to be considered as trusted
<dhess>
that is certainly true. I haven't brought myself to trust it yet. I need to vet all of my packages and make sure I'm not leaking anything into the store
<hodapp>
dhess: is that a Jetson you are building on?
<Taneb>
I'm patching a Haskell library to provide a path to an executable, by setting patchPhase with overrideAttrs. This works fine if I do nix-build to build the thing I'm working on, but not if I'm using a nix shell
<dhess>
(and I am in need of an aarch64 builder as all of my equipment is on a boat)
<Taneb>
This confuses me
<dhess>
hodapp: yes that's right, a Jetson TX1
<hodapp>
dhess: ah, I've one of those just collecting dust now
<kai_w>
neat, thanks guys. I expect I'll be happy with what's cached
<hodapp>
haven't tried NixOS on it
<gchristensen>
when I use the community box, I build to verify that it _will_ build and then build slowly at home.
<dhess>
hodapp: it's a really nice build server for aarch64
<gchristensen>
dhess: _hem_ on a boat? :)
<dhess>
gchristensen: yes, I'm moving to London!
<sphalerite>
gchristensen: same!
<hodapp>
dhess: good to know... not sure I have anything else aarch64 on hand though :P
<gchristensen>
dhess: :o!!! can I come? :)
<dhess>
why not? :)
<dhess>
oh yeah, you need a visa
<dhess>
unless you're EU- or UK-passported
<dhess>
(and EU will only work for who knows how much longer)
<gchristensen>
alas I am not
<dhess>
:(
<hodapp>
:[
<samueldr>
hm, I should check again, just in case, but I checked twice already: canada to uk doesn't need a visa?
<dhess>
gchristensen: I assume you're going to Nixconf anyway? (I was going to, but won't be there in time)
<gchristensen>
you won't? oh no
<dhess>
samueldr: I think there are provisions for commonwealth countries but I'm not sure how liberal they are.
<samueldr>
gov.uk confirms again: no need to
<samueldr>
yeah
<samueldr>
at least sharing a single queen has some advantages :)
<dhess>
gchristensen: yeah plans changed, won't be there until mid-November now
melleb has quit [Ping timeout: 272 seconds]
<dhess>
next year though for sure
<hodapp>
samueldr: the US has a drama queen, does that count?
* hodapp
hides
<viric>
I'm testing nix 2.1.1
<viric>
nix-build -A xz '<nixpkgs>' <- This builds the .drv for xz, not xz
lektrik has quit [Quit: Leaving the chat for a while!]
<srhb>
viric: Cannot reproduce.
<sphalerite>
viric: I also can't
<viric>
it's cygwin
erasmas has joined #nixos
<viric>
I guess something crashes, but retvalue is 0
<sphalerite>
wpcarro: it's the hash of the nar dump of the contents
<wpcarro>
sphalerite: ah ... how can I get that value?
<sphalerite>
wpcarro: you can obtain it with nix-prefetch-url --unpack
<wpcarro>
is it mandatory?
<sphalerite>
no it's not
<wpcarro>
feels useful to me
<rawtaz>
gchristensen: yeah i use those all the time, but as a true multitasker i often find myself wondering if option X or package Y exists, would be nice to just fire a query to a bot where i already am here on the irc :)
<gchristensen>
`nix search` and `man configuration.nix` are probably your best options
<sphalerite>
wpcarro: but if you don't provide the hash it will redownload it every now and again since the contents of the url might change
<rawtaz>
sphalerite: no, nothing wrong with it, just looking for a quick way to search, not having to go to the browser and the proper tab, or go to my nix VM
<alexherbo2>
sphalerite: I’m under 30/ks :|
<alexherbo2>
I re-ping you after I’m done with the cloning
<wpcarro>
sphalerite: thank you!
<rawtaz>
gchristensen: well sure, but a `/np foo` or `/no bar` here in the irc window would be quick :)
<rawtaz>
gchristensen: i know and am using the other ways
<rawtaz>
just wanted to know if there was one here
<gchristensen>
nah, sorry :)
<gchristensen>
but maybe there will be if infinisil is watching.
<rawtaz>
is there an API for those options and packages pages? or if you wanted to program something to search on them, would you have to do it using regular "scraping"?
fragamus has quit [Client Quit]
<rawtaz>
hm i guess a more proper way would be to have a local copy of the options and packages, so not to disturb the website
<gchristensen>
you can download the .json.gz they reference
<rawtaz>
infinisil: i hear you're into bots that you can ask for options and packages here on the irc!
<infinisil>
Yeah, a nix search for {^_^} might be nice :o
<DigitalKiwi>
gchristensen I recognized your name and mark karpov, is there anyone else I might know around here but not know I know?
<rawtaz>
infinisil: i imagine at least wildcard searching working, even fuzzy if possibly, but anything is great of course :)
<{^_^}>
[nixpkgs] @garbas opened pull request #46901 → NetworkManager VPN plugins are broken on master (and 18.09) → https://git.io/fA97l
<gchristensen>
DigitalKiwi: probably yes, but I don't know all their nicknames ;)
<infinisil>
rawtaz: I'll make a note for it ;)
<infinisil>
thanks for the suggestion
<rawtaz>
infinisil: thank you :)
<{^_^}>
[nixpkgs] @garbas opened pull request #46902 → force to turn off services.timesyncd.enable → https://git.io/fA970
<infinisil>
rawtaz: Regarding a way to scrape options: `nix-build '<nixpkgs/nixos/release.nix>' -A options`
<DigitalKiwi>
so many phds on that page I wouldn't be surprised if I've read their papers lol
<infinisil>
Builds a json document of all options
<rawtaz>
infinisil: cool, is there one for packages too?
<infinisil>
Nope, but it shouldn't be too hard to make it up by mapping each package to its meta recursively
Cale_ has joined #nixos
<infinisil>
Shouldn't be too hard in nix itself, once you have a nix value it's possible to convert it to json
Cale_ has quit [Remote host closed the connection]
<infinisil>
Or just the less powerful nix-env -q
<rawtaz>
i see
<rawtaz>
well, let's think about it for a bit :)
Fare has joined #nixos
<sphalerite>
rawtaz: set up a window manager binding that gives you dmenu(or dmenu2 or rofi or whatever)-based search? That way you don't have to use a context-specific command
* sphalerite
needs to do this
jperras has quit [Quit: WeeChat 2.2]
<infinisil>
sphalerite: Something like `nix-env -qa | rofi -dmenu`?
<infinisil>
Although, not sure what it should do with the result
<infinisil>
Maybe instantiate the derivation and copy the path into the clipboard
<sphalerite>
infinisil: I was thinking probably something using the same cache nix search uses (json)
<infinisil>
Ah right, good point
<sphalerite>
and for nixos options probably use the options.json database
<infinisil>
sphalerite: is there a nix-instantiate equivalent with the new nix commands?
<sphalerite>
only nix eval AFAIK
<infinisil>
Meh
<infinisil>
Because the output of nix search --json has these `nixpkgs...` prefix
<infinisil>
And nix-instantiate can't handle those easily
<sphalerite>
what's wrong with nix eval?
<infinisil>
Oh, does it instantiate too?
<sphalerite>
nix eval does seem to actually instantiate packages if you do for example nix eval nixpkgs.hello.drvPath
<vandenoever>
on 18.09 firefox cannot determine the opengl status, about:support has no info on the graphics card, on 18.03 this does work, the graphics card is very common Intel HD Graphics 620
<vandenoever>
chromium does detect the card and uses it e.g. for webgl
<alexherbo2>
What is the output of your `ls /boot/`?
<vandenoever>
EFI loader
<alexherbo2>
I have /boot/EFI, I wonder if it’s because I labelled my /dev/sda1 as 'EFI' or not
<{^_^}>
[nixpkgs] @xeji pushed commit from @tilpner to master « appimage-run: Support type-1 Appimages (#45973) »: https://git.io/fA9FN
<tilpner>
:/
<sphalerite>
who is xeji actually? They merge lots of pull requests but I don't think I've seen them here before or otherwise interacted, other than having my PRs merged
<tilpner>
Not on IRC, IINM
<gchristensen>
nix-shell is incredible. it is ridiculously cool that I can open a nix shell with software from 4 yrs ago and have it still work.
<tilpner>
infinisil - Dead link in ,whomademe
Thra11 has joined #nixos
<catern>
so what should I do to install the manpages package, given that nix-env -iA nixpkgs.utillinux.man doesn't do it?
<clever>
catern: it will need an override that can change outputsToInstall, or just buildEnv 2 things together
<catern>
(they will be terrified and correctly perceive that Nix is complicated :) )
<sphalerite>
clever: iirc nix-env's -E is weird
<clever>
sphalerite: its passing you a set, containing every channel
<sphalerite>
clever: ooooooh ok
<clever>
the same set -iA acts on
<clever>
but its paths, not pkgs trees
<sphalerite>
nix-env is weird.
<clever>
yes
worldofpeace has joined #nixos
<sphalerite>
catern: there is no trivial solution unfortunately… beyond maybe nix-shell -p utillinux --run 'man foo'
<sphalerite>
goibhniu: this is another reason I think nix-env isn't so great as an imperative package manager ;)
<gchristensen>
so it seems like outputsToInstall should always contain "man" if "man" exists
<sphalerite>
goibhniu: if you use it declaratively with --set and a buildEnv this is no problem, but at that point, well, it's not really imperative anymore
<gchristensen>
is that silly?
polman has quit [Excess Flood]
<sphalerite>
gchristensen: I'd say nix-env should just support multiple outputs better so you can choose which outputs to install :x
<lejonet>
Anyone here that has been mean to a system and done a nixos-infect on a armv7 system successfully? :P
polman has joined #nixos
<sphalerite>
lejonet: not nixos-infect specifically but I have got nixos running on scaleway C1 servers
<lejonet>
sphalerite: with an armv7 nix? I'm attempting to do an install on a odroid-hc2, and the "official" armv7 image doesn't boot (probably due to kernel shenaningans)
<lejonet>
so going to try and do a transplantation somehow
<sphalerite>
lejonet: yes scaleway C1 is an armv7 platform
<sphalerite>
I was using the stock kernel there as well
<lejonet>
odroid-hc2 uses a exynos5422... so BIG.little, which is what I think trips the kernel up
<sphalerite>
well the nixos kernel is running fine on the rk3399 chromebook (also big.LITTLE) which I got a couple of days ago so…
<sphalerite>
although that's the testing kernel
<lejonet>
:/ I've tried with the 4.18.6 kernel (that is whats in the latest armv7 image from Dezgeg)
<lejonet>
and that trips up, it seemingly manages to start up the kernel, but it doesn't continue onto stage1
<sphalerite>
do you get any output on serial or anything?
Anton-Latukha has joined #nixos
<lejonet>
Yeah, let me get the output, it whines about thinking the CPU was setup improperly and gets some exceptions on irq
peayogurt has quit [Remote host closed the connection]
<sphalerite>
oh ok. I don't know anything about that sort of stuff :p
<sphalerite>
but if you just use the kernel of a distro which does work on it it should probably be fine
<lejonet>
yeah, the thought crossed me that I could maybe do a frankenimage with taking the kernel + modules from the ubuntu one, and just transplant to the nixos image
alexherbo2 has quit [Quit: WeeChat 2.0]
<sphalerite>
you can set system.modulesTree = lib.mkForce [ /path/to/dir/ ]; where dir contains lib/modules/…
alex`` has joined #nixos
<clever>
sphalerite: error, trailing slash on path
<sphalerite>
clever: really? that breaks? damn
<sphalerite>
I didn't know that. But whatever you get the idea :p
<sphalerite>
> /tmp/
<lejonet>
:P
<{^_^}>
error: path '/tmp/' has a trailing slash
<sphalerite>
wow, so specific even
<clever>
sphalerite: it also sometimes treats the trailing / as a division operator
<sphalerite>
aaaah I just realised a way to stop unpackPhase and similar exiting a nix-shell on failure — subshells!
peayogurt has quit [Ping timeout: 252 seconds]
<lejonet>
Now the interesting part, once I've gotten the image up and running and all, how much of a pain is it to add to my nixops that is run from a amd64 machine? :P I know that cross-compiling is fairly simple thanks to nix-shell, but is it integratable with nixops? :P
<lejonet>
I guess I could utilize the "compile on the target, not the machine nixops ran from" option?
<sphalerite>
I don't think cross-compiling nixos works very well yet. iirc stuff like python doesn't cross-compile yet
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
so yeah, I'd recommend distributed builds (you can use the target machine as a builder!) or that option
<lejonet>
Figures, cross-compilation isn't really intended to be for entire systems I guess :P
shabius has quit [Read error: Connection reset by peer]
<sphalerite>
sure it is, look at buildroot
shabius has joined #nixos
<sphalerite>
nixpkgs's just hasn't got all the software in it to behave yet :p
<lejonet>
seems like this will be a very interesting project where I'll have to learn a lot more nixos :P (because as I'll have several systems with same hardware, making one of em the builder and distributing those builds would be ideal)
<sphalerite>
that should work :)
<lejonet>
Cuz if I can get all that working, I can reduce the price per TB in my ceph cluster by like 70% :D
<sphalerite>
nice
<lejonet>
Assuming that this solution scales with performance in the same way or better like "traditional" nodes
<grp>
and they are concerned about security... *sigh* They should start by ditching systemd to begin with, going with devuan for example
<fpletz>
d1rewolf: no, unfortunately… the current process is more of a best effort approach. it's also not easily trackable which packages have vulnerabilities that are fixed in which release.
<rawtaz>
it's by our own mr gchristensen
<rawtaz>
it was a very thorough video
<gchristensen>
security work is hard, hehe
<rawtaz>
yeah and in the end it's all just an illusion :P
<rawtaz>
all these hardware hacks.. :<
<cransom>
security focus from just one person is also really hard.
<lejonet>
hey, the cake is a lie and people still believe in that :P
<gchristensen>
cransom: totally
<d1rewolf>
fpletz: that's interesting. I remember being told by someone here there were commercial users of nixos in the finance/banking industry. Surprised that industry would use nix withouth a real security policy/process
<gchristensen>
massive risk of burn-out
<grp>
lejonet: well, _there was_ a cake
<gchristensen>
d1rewolf: there are indeed
wangoe has joined #nixos
<lejonet>
grp: says who?! ;)
<grp>
lejonet: at the very end, in the machine room
<lejonet>
d1rewolf: well, those industries usually have plenty of resources to vet and test stuff themselves, so the process of the OS they use matters a little less there :P
<fpletz>
d1rewolf: there are tools like vulnix so you can check yourself for vulnerabilities, but the results can be misleading
tzemanovic has quit [Ping timeout: 250 seconds]
<lejonet>
grp: blasphemy!
<d1rewolf>
gchristensen: how do they get around the lack of that? at least in the US, banks are heavily regulated and security policies are paramount
<gchristensen>
well because we do a very good job
<gchristensen>
despite the lack of specific process, we often release patches than well funded commercial distros
<cransom>
at a very high level, the system is extremely auditable. you know every chunk of software that gets built/installed and you can review those packages in your own environment.
<infinisil>
Would be cool if vulnix supported automatically searching for patches and applying them
<sphalerite>
hm, in a cross build, how do I get hold of the output path for some build-platform package? i.e. like nativeBuildInputs but I want the path of the package, not the magic
Anton-Latukha has quit [Ping timeout: 252 seconds]
<lejonet>
gchristensen: exactly, and knowing exactly what you have in your env is usually a lot more important for actual security than a proper policy
<grp>
sounds like aaaaaaaaaaaaaaaaaaaa1-plumbing
<gchristensen>
lejonet: +1
<infinisil>
> pkgs.AAAAAASomeThingsFailToEvaluate
<infinisil>
Oh, it doesn't output that with the bot
<gchristensen>
grp: before AAAAASom.... if you tried to install all of nixpkgs by mistake, you'd get a weird warning about Agda being broken. Now, it gives you a reasonable warning.
<clever>
grp: some people will just `nix-build` in the root of nixpkgs, or `nix-env -i` and then nix tries to install literally every single package
<clever>
grp: AAAAAASomeThingsFailToEvaluate sorts first, and gives a saner error
<grp>
I see
<rawtaz>
d1rewolf: if you youtube nixos security youll find job related talks like "Sneaking Nix at $work and become a hero, hopefully by zimbatm"
<d1rewolf>
rawtaz: cool...thx very much
<rawtaz>
yw :)
<DigitalKiwi>
I always figured half the reason to use centos was because the packages were old so you knew what bugs were there
<rawtaz>
i did a ton of searching and watching videos about nix on youtube the other week, there's quite a bunch from NixCon and theyre all great
<infinisil>
DigitalKiwi: Lol, how is that a reason
<sphalerite>
infinisil: shouldn't there be something inside the attrset though, since the stdenv somehow knows how to get the native version even though you passed in the apparently cross version
<gchristensen>
DigitalKiwi: that is part of the reason, yes
<lejonet>
infinisil: known badness can be prevented, unknown, is very hard :P
<sphalerite>
infinisil: higher confidence that there aren't bugs you don't know about
<gchristensen>
bug-for-bug stability is important
<gchristensen>
* to some use cases
<infinisil>
Ah alright
<gchristensen>
this is the reason we can be faster than redhat: we don't need to backport patches to ancient software
<sphalerite>
aaaaaah why do we have this weird nativeBuildInputs magic :'(
<lejonet>
infinisil: when confronted with the choice between 2 choices, where one is proven bad, but in known ways and the other being unknown in what other badness it contains, I would go with the first, any day :P
reinzelmann has joined #nixos
emacsomancer has quit [Ping timeout: 272 seconds]
<infinisil>
Wouldn't always staying up-to-date provide the best security guarantees?
<gchristensen>
not if v1 doesn't have bug A and v2 does
<d1rewolf>
gchristensen: is there a mailing list that advisories or updates are published to?
Anton-Latukha has joined #nixos
<gchristensen>
d1rewolf: there is yes but it has not been active in some time now, due to how much work it was to keep up to date
<lejonet>
infinisil: that highly depends on how viable staying up to date is, in many systems, that is an even more arderous task than just using old, known-broken, software, ironically
<infinisil>
Yeah, and still, not all CVE's are automatically fixed in the latest version
<lejonet>
Indeed
<lejonet>
so I'm not saying that using old, broken software is better, but in some cases it actually is the "smarter" route than trying to keep up
<gchristensen>
especially if you have a company willing to apply all security patches to the old stuff
<lejonet>
Mhm
<sphalerite>
infinisil: staying up-to-date with security patches on a really old version provides better security guarantees I'd say, since you don't get any new bugs introduced :)
<andi->
For companies new packages usually also means investing your own time vs just paying someone so they are repsonsible for the security... My experience is that it is mostly about "safe my own ass" and thats why people stick with RedHat.. Also also them to be lazy on change / learning newer things.
<lejonet>
Because ultimately, security comes from knowing whats in your environment and having traceability of what happens in it, so that when stuff does break, its an easy fix
[Leary] has joined #nixos
<gchristensen>
andi-++
<{^_^}>
andi-'s karma got increased to 3
<lejonet>
andi-++
<gchristensen>
lejonet++
<{^_^}>
andi-'s karma got increased to 4
<{^_^}>
lejonet's karma got increased to 1
<DigitalKiwi>
if the bug is bad enough they'll probably have patched it, so by staying on the old (patched) version you'll "know" that no new bugs have been introduced by new versions that you don't know about, and less chance you'll introduce bugs by say misconfiguring something or w/e
<lejonet>
Heck, that if anything has been proven the latest years with the large leaks, which has proven that a lot of security teams have known diddly-squat about their envs :P
<lejonet>
Annoyingly enough, this is also a main driver behind why we still can find stuff like old XP and NT systems here and there :/
nDuff has joined #nixos
<gchristensen>
knowing what you have is surprisingly hard and critically imporant
Lears has quit [Ping timeout: 240 seconds]
<lejonet>
Yep
<sphalerite>
does anyone here understand generic/make-derivation.nix? I really don't see how I can get at the nativeDrv mentioned in the line that puts nativeBuildInputs in dependencies
<sphalerite>
Maybe Sonarpulse was just playing a practical joke on us?
<DigitalKiwi>
XP or older still runs on lots of industrial process equipment and I don't know how it'll ever go away
<andi->
I am also facing the challenges of "selling" (as in trying to convince) people to run NixOS.. One of the things people want are security advisories.. even thought they could just run a daily/hourly/quarter-hourly update and would receive updates in the same speed/faster then only reacting on advisories... But maybe it helps with the warm fuzzy feeling if you know someone did something to make it "better"...
<lejonet>
gchristensen: because if you know that and a CVE comes out targeting version X.Y.Z, you can 1. easily check where you have that software, 2. remedy it and 3. verify it got remedied :)
<gchristensen>
andi-: it sort of answers the question "Is anyone paying attention?"
<lejonet>
DigitalKiwi: yeah...
<andi->
gchristensen: yes it does.. and thats also my main point AGAINST automated package updates.. nobody will pay attention..
<lejonet>
andi-: automated package updates makes sense in one area, your testing env for devs :P
<lejonet>
(if you're lucky enough to have one AND it being used AND it being functional)
<d1rewolf>
andi-: regarding hourly/scheduled updates, I've found updates to break things like 'nix repl' if I don't reboot
<andi->
d1rewolf: haven't had that and I've had nixos systems running for >30d with automated updates
<selfsymmetric-pa>
Hi! I'm trying to install kubernetes helm 2.10.0 and I'm having a bit of trouble with days and arithmetic. Apparently the package was updated 12 days ago, the nixos-unstable branch was updated 5 days ago, and if I check `nixos-unstable` on master it's got the package I want. And yet if I install `kubernetes-helm` I have the wrong version.
<selfsymmetric-pa>
Do I still need to wait for something?
<catern>
so why doesn't outputsToInstall contain man anyway?
<gchristensen>
catern: maybe a good question for Discourse
<selfsymmetric-pa>
I've checked that my executable is on the right path and everything, so I don't have a bad helm lying around.
<catern>
that seems silly, because it's only used for imperative package management/systemPckages
<sphalerite>
catern: yep
<clever>
selfsymmetric-pa: check the nixos-unstable branch of the nixpkgs-channels repo
<sphalerite>
catern: not sure if it's even the case with systemPackages?
<selfsymmetric-pa>
So I'm on 18.03 but I'm doing `import <unstable>` for that one package.
<clever>
selfsymmetric-pa: when did you last `nix-channel --update` ?
wpcarro has joined #nixos
<selfsymmetric-pa>
Oh, not for a while. I did a `nixos-rebuild switch --upgrade` though, does that not update channels?
<selfsymmetric-pa>
In any case I'll update them now.
<clever>
selfsymmetric-pa: `nixos-rebuild --upgrade` only updates the nixos channel, and ignores the others
<selfsymmetric-pa>
Ohhhhhhhhhhhhhhh. That would explain it! I'll try a rebuild now.
wpcarro has quit [Remote host closed the connection]
dozn has joined #nixos
wpcarro has joined #nixos
<sphalerite>
catern: not sure it's possible with an override (might require modifying nixpkgs) but I think it should at least work without rebuilding anything since outputsToInstall is in meta
<selfsymmetric-pa>
Hmm, and yet. No new helm version.
<clever>
selfsymmetric-pa: did you also enable kurbernetes-helm with a services. option?
<selfsymmetric-pa>
I don't think so. I've been using the old version successfully. I'll enable the service now.
<clever>
selfsymmetric-pa: you usually want to use an override, using systemPackages may lead to 2 versions being in systemPackages, and then you dont always get the right one
<selfsymmetric-pa>
But an override prevents that?
<clever>
selfsymmetric-pa: an override would change the package the nixos module is already installing
<clever>
and then the old version just wont exist
<selfsymmetric-pa>
I see.
<sphalerite>
catern: this seems like a sensible candidate for nixpkgs config, since nix itself doesn't provide it…
<selfsymmetric-pa>
Odd though, if I remove that line the executable disappears.
<selfsymmetric-pa>
So it doesn't seem like I'm installing it twice.
<clever>
ah
Dedalo has joined #nixos
<clever>
selfsymmetric-pa: what if you just `nix-build '<unstable>' -A kubernetes-helm`
HoloIRCUser1 has joined #nixos
<{^_^}>
[nix] @edolstra merged pull request #2433 → Document that nix-shell's shebang requires double quotes for expressions → https://git.io/fA9xz
<catern>
sphalerite: well, I'd argue that whether or not it's nixpkgs config, that nix-env -iA nixpkgs.utillinux.man should definitely work
<catern>
I don't really understand why it doesn't work? know
Dedalo has quit [Client Quit]
<sphalerite>
catern: agreed. It's because nix-env looks at utillinux.man's meta.outputsToInstall, which points to out. So it actually installs utillinux.man.out which is utillinux.out >_>
<sphalerite>
catern: you can do nix-env -i $(nix-build '<nixpkgs>' -A utillinux.man --no-out-link) BUT that prevents utillinux itself from being installed.
<sphalerite>
and on nix-env -u it'll replace it with the out output, iirc.
<clever>
sphalerite: which is why i mentioned a buildEnv a few hours ago
<sphalerite>
clever: I know.
<catern>
hmm I see I see
<sphalerite>
clever: but that's a *complicated* thing which is not what catern's after
<catern>
clever: yes, that works fine, but I'm just wondering if there's any way to salvage imperative package management
<clever>
add the buildEnv to config.nix as an override
<sphalerite>
we're trying to solve the problem of "how do we get manpages for a user without scaring them away from nix"
<catern>
and yes, simple is best :)
<sphalerite>
not "how do we get manpages"
<clever>
or fix nixpkgs to include man in the right field
wpcarro has joined #nixos
<sphalerite>
yep just doing that
<selfsymmetric-pa>
clever: If I run `nix-build '<unstable>' -A kubernetes-helm`, I get back `/nix/store/y79anr3ikb6fcla9yf90wm1gadb9qqja-helm-2.9.1`.
<catern>
putting "man" in the default outputsToInstall would be a decent fix, I think, but is it viable?
<clever>
selfsymmetric-pa: and which version are you expecting to get?
<catern>
updating each individual package in nixpkgs to have "man" in that package's outputsToInstall seems a bit silly :)
<selfsymmetric-pa>
clever: I'm expecting to get 2.10.0, which is the version I can see in the GitHub repo.
<clever>
catern: the stdenv can be modified to add it automatically
<clever>
selfsymmetric-pa: what does `nix-instantiate --find-file unstable` report?
<catern>
clever: yes, that's what I meant about putting it in the default
<selfsymmetric-pa>
clever: For that I get `/nix/var/nix/profiles/per-user/root/channels/unstable`
<clever>
selfsymmetric-pa: and you ran `nix-channel --update` as root?
<selfsymmetric-pa>
clever: Oh that's probably it. I ran it as user. Whoops. I keep making that mistake!
<catern>
sphalerite: so making the default outputsToInstall configurable would solve this issue, but it seems like it doesn't really solve the general issue: whenever I want to install an unusual output, I have to go tweak my configuration to either install that output for every package or do an override for just that package
<clever>
selfsymmetric-pa: `ls -ltrh /nix/var/nix/profiles/per-user/root` will confirm when you last ran it as root
<catern>
though I wonder if in the long run it's better to just forget about the imperative package management interface - I think people really like having declarative package management
<{^_^}>
[nix] @grahamc opened pull request #2434 → Upgrade docs: improve the upgrade command → https://git.io/fAHJB
<selfsymmetric-pa>
I just ran it as root and triggered a rebuild, and now I see things happening. That's bound to be it. Thank you!!
<sphalerite>
catern: yep. Nix is just a terrible imperative package manager.
<selfsymmetric-pa>
I should make myself a nixos-debugging checklist or something.
<sphalerite>
catern: yep. Or at least have a sort-of-imperative thing that just modifies a declarative expression
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<catern>
sphalerite: heh that would be a nice hack, reminds me of Emacs which does that (modifies a specially-marked customization section of the user's configuration file when a user uses the interactive customization interface, including by installing packages)
sanscoeur has joined #nixos
wpcarro has quit [Remote host closed the connection]
wpcarro has joined #nixos
wpcarro has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @lheckemann opened pull request #46908 → Install man by default → https://git.io/fAHUY
Twey has joined #nixos
<sphalerite>
PR ^ :)
<catern>
nice :)
<catern>
I'll send that to my user as excuse :)
<catern>
(if I eventually have to tell them something complicated)
<HoloIRCUser1>
Not sure if anyone cares (I don't see Sander here atm), but the 'Download page' link on nixos.org/disnix/download.html is currently broken. I plan on getting it via NixOS, but broken links are never fun =P
<catern>
btw is there a good step-by-step overview of declarative package management for the user .nix-profile? (I might resort to just telling people to use that)
peayogurt has joined #nixos
<clever>
catern: i just create a packageOverride in config.nix, that contains a set, like mystuff = { inherit (pkgs) hello firefox; };
<clever>
catern: if you nix-env -iA nixpkgs.mystuff, it will install everything in the set
Dedalo has joined #nixos
<sphalerite>
yeah LnL 's gist
<catern>
ah? where is this gist?
<lejonet>
awh, even with stealing the kernel from the working official image the stage1 doesn't wanna start :(
<clever>
catern: and there is a different flag (i forget which one), which will uninstall everything you previously had, so its an atomic swap to the new version of mystuff, and no old stuff left
<catern>
and I didn't know about the section in the manual, that looks pretty good
<sphalerite>
then edit ~/.config/nixpkgs/overlays/userenv.nix to change stuff
wpcarro has quit [Ping timeout: 244 seconds]
peayogur_ has joined #nixos
<catern>
ah so this is doing it overlay style instead of in config.nix
wpcarro has joined #nixos
<clever>
catern: yeah, LnL's gist uses an overlay instead, and includes a bash script to run nix-env for you
<clever>
so you dont have to remember the incatation to update it
peayogu__ has joined #nixos
peayogu__ has quit [Remote host closed the connection]
peayogu__ has joined #nixos
peayogurt has quit [Ping timeout: 252 seconds]
<LnL>
main difference userPackages and the buildEnv approach is that the first allows partial upgrades
<LnL>
in case eg. something is broken
<clever>
yeah
<catern>
partial upgrades? how's that?
<clever>
when you nix-env -iA a set, it will install each attribute of the set, as a seperate entry
<LnL>
nix-env -q will list all the packages, and you can upgrade a single one
<clever>
the same as if you had just ran nix-env -iA nixpkgs.hello against each one
<LnL>
with buildEnv you get a single "user-environment" package
<clever>
and you can remove any single package as normal, or nix-env -iA one to just upgrade it
peayogur_ has quit [Ping timeout: 240 seconds]
<catern>
hmmm
trcc has joined #nixos
<catern>
but you can't override outputsToInstall for everything at once, right?
<clever>
you could use mapAttrs to run a function over every package in a set, before putting it into LnL's userPackages
<catern>
it seems like nix should maybe come with a tool like nix-rebuild
<LnL>
I've thought about adding it
winem_ has quit [Ping timeout: 252 seconds]
<sphalerite>
it does really, nix-env -ir is pretty much that, just that it doesn't look in a fixed location
<sphalerite>
which I think is fairly sensible
<catern>
oh so I guess lnl-overlay.nix has two differences really from the typical config.nix style: it uses a set instead of a buildEnv and it uses an overlay instead of config.nix
<catern>
is there a benefit of using an overlay in particular?
wpcarro has quit [Remote host closed the connection]
<LnL>
that's a detail
<clever>
catern: its easier to use many overlays at once
<clever>
catern: but with config.nix, you need to manually merge them into a single file
wpcarro has joined #nixos
Twey has quit [Ping timeout: 240 seconds]
<catern>
clever: yeah but that's less relevant if you're listing packages you want to install
<LnL>
but this is an example where overlays are nicer, since this is something separate that doesn't care about any existing overrides
knupfer has joined #nixos
<LnL>
that curl command would remove your overrides if it used config.nix
<catern>
sure, fair
<LnL>
but you could put this in config.nix, nothing particularly special about overlays
<catern>
i of course agree that overlays are better than config.nix, just making sure I understand it fully :)
<catern>
(since they're nice and composable)
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<catern>
though... is config.nix applied last? maybe it's useful as a way to know that you've got the final say on any overrides...
<catern>
since overlays in the overlays directory are applied in order of name right?
johnw_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
humanoyd has joined #nixos
<nineteeneightd>
I'm curious if there is a way to configure the logger during a run of `nix copy` and if there's a way to turn off the final status message that appears to be written directly to the TTY because IO redirection doesn't seem to affect whether it shows on my screen. Does anyone have any insight into any of this?
<sphalerite>
nineteeneightd: even if you redirect stderr?
mayhewluke has quit [Ping timeout: 244 seconds]
<clever>
sphalerite: ssh for example, will open /dev/tty, which can bypass all redirection and get the controlling tty of the process
<clever>
nix might be doing the same?
<sphalerite>
clever: yes I know
<sphalerite>
clever: I don't think it woudl though.
abueide has joined #nixos
mayhewluke has joined #nixos
johnw_ has joined #nixos
<nineteeneightd>
Ahh. when I `2>&1 > output.log` I was till getting the final message. `2> stderr.log` directly and I get nothing.
<sphalerite>
nineteeneightd: yeah if you switch the redirections aorund it should also work
<nineteeneightd>
I just wondered that as I was typing...haha.
<sphalerite>
2>&1 means "redirect stderr to what stdout is pointing to at this point", which is still the tty before > output.log has taken effect
<nineteeneightd>
Makes sense.
<nineteeneightd>
Do you know if it's possible to configure the logger any further. Digging into the source, it appears all the messaging is sent through the logging libraries.
<nineteeneightd>
Long story short, I'm trying to parallelize a bunch of `nix copy` calls for a deployment script and wanted to play around with how progress was reported.
<nineteeneightd>
Maybe the answer is NixOps?!
<sphalerite>
or hacking something together using nix-store --export and nix-store --import and pv? :p
wpcarro has quit [Remote host closed the connection]
<sphalerite>
nixops is specifically for deploying nixos systems, so I'm not sure it'll be helpful if that's not what you want to do
wpcarro has joined #nixos
<nineteeneightd>
Ahh. Yes, baby steps. Currently deploying nix to Ubuntu hosts.
<lejonet>
infect aaaaalll the things ;)
jackjennings has joined #nixos
<hodapp>
huh, somebody from Functional Works just email to tell me about a job opportunity in New York for Haskell + Nix
<sphalerite>
hodapp: I got something similar recently
wpcarro has quit [Ping timeout: 252 seconds]
nineteeneightd has quit [Ping timeout: 252 seconds]
wpcarro has joined #nixos
hakujin has quit [Ping timeout: 240 seconds]
<HoloIRCUser1>
hodapp: I've oddly gotten recruiters looking for the same, but for Singapore
<jackjennings>
I’m having an issue with an error message after upgrading from nix 2.0pre to nix 2.0. Can I post what I’m seeing here to get help, or is there a better place to so?
<samueldr>
here is fine!
<LnL>
sure, just put it in a gist or paste somehwere if it's long
<adamantium>
Hi, i use emacs compiled without gtk, like this: myEmacs = (pkgs.emacs.override {withGTK3=false; withGTK2=false; withX=true;}); This doesn't create a wrapper, though, e.g. .emacs-wrapped , it works, but i'm left wondering to myself if I am missing anything important?
<sphalerite>
xok: you're probably just hiding the problem and there probably still is one
<sphalerite>
adamantium: if it runs you're not. I'd guess that a wrapper isn't necessary if it's not using any of the libs
<HoloIRCUser1>
xok: s/fixed/hid/
<adamantium>
sphalerite: that's a little helpful, which libs exactly do you mean?
<xok>
no, I didn't hide the problem...
<sphalerite>
adamantium: yep it's because wrapGappsHook isn't included when it builds without gtk3
<sphalerite>
adamantium: so all good :)
<{^_^}>
[nixpkgs] @MelleB opened pull request #46909 → Doc: Minor fix for python virtualenv example in nix-shell → https://git.io/fAHq8
<xok>
the problem arises only on second run...
<xok>
the first deployment creates some users ( in a website ) and the second one has already got them...
<adamantium>
sphalerite: okay, i just worry i don't want to run into some stupid thing later that i won't figure out what is wrong
<xok>
I've just added exit 0 at the end...
<sphalerite>
xok: then you'll probably want to modify the script to be idempotent
<samrose>
what are the recommended approaches to *dynamic* creation of users in nixos (either declarative or imperative)
<adamantium>
sphalerite: no there is not.
<samrose>
for example, on a nixos server, as I add and remove apps over time, I want to add and remove a user/group and special permissions for each app
<sphalerite>
jackjennings: oops. Forgot the nixos at the end of the nix-channel --add command — sudo nix-channel --add https://nixos.org/channels/nixos-18.03 nixos
<sphalerite>
jackjennings: then rerun the --update, then nixos-rebuild should work
<jackjennings>
sphalerite: so far so good!
<jackjennings>
sphalerite: 🙏
<sphalerite>
samrose: I'd just use users.users, nixos will ensure that uids aren't reused unless you reuse the same name as well
orivej has quit [Ping timeout: 240 seconds]
<sphalerite>
samrose: something like users.users.roundcube.isSystemUser = true; should be enough to set up the user
<sphalerite>
tldr: declarative user management should work well for your use case :)
<samrose>
sphalerite: so on a given instance of nixos, you would just append these lines to a .nix file and rebuild?
<{^_^}>
[nixpkgs] @dtzWill opened pull request #46910 → i7z: 0.27.2 -> 0.27.3, cleanup, various fixes, maintained fork, qt5 → https://git.io/fAHmH
<sphalerite>
samrose: to configuration.nix or a nixos module imported by it, yes
fragamus has joined #nixos
<lejonet>
:( My attempt of doing a frankenimage is failing, stage1 doesn't want to start, at all :(
<samrose>
sphalerite: do you know if nix expressions support wildcard name importing into configuration.nix?
<{^_^}>
[nixpkgs] @xeji pushed commit from @worldofpeace to master « lightdm: ensure run-directory is /run/lightdm (#46907) »: https://git.io/fAHYn
<sphalerite>
samrose: I suspect you're after writing a nixos module, hang on
<jackjennings>
sphalerite: everything back to normal. Thanks! Last question — is the channel something that I should be declaring in configuration.nix, or are they supposed to operate independently?
<sphalerite>
jackjennings: they're usually independent. There are various ways to have the nixpkgs version pinned together with the config too though
<sphalerite>
it's up to you really
<jackjennings>
Got it — thanks again. Never would have figured this out
<sphalerite>
clever: well that's the problem, if we just delete it part of the introdcution to nix will be missing
<sphalerite>
I'll probably replace it with hello
<clever>
ah right, an example of how to install things
<astronavt>
might as well throw in a "how to uninstall something"
<sphalerite>
yes but at the same time introducing the fact that nix is a language and not just a package manager :/
jasom has joined #nixos
gartral21 has joined #nixos
gartral21 has quit [Remote host closed the connection]
Henson has joined #nixos
<Henson>
how can I hope a profile from one machine to another? I've figured out how to copy the closure of the profile from one computer to another, but now how to use nix-env to install it in a particular location. Do I need to use the profile's derivation file and somehow install that on the other machine?
<selfsymmetric-pa>
I'm trying to make a package for the Signal CLI, but it breaks with `Failed to load native library 'libnative-platform.so' for Linux amd64.`.
wpcarro has quit [Remote host closed the connection]
<nDuff>
I'm finding documentation that points to libexec/nix/build-remote.pl, but that file (for that matter, ~/.nix-profile/libexec/nix as a whole) doesn't exist for me with a nix 2.0.4 on MacOS -- where should I be looking for a replacement, and/or more up-to-date documentation re: setting up a remote to be able to compile for a different platform?
<clever>
nDuff: the remote building is now built into nix, and doesnt need that external hook
<nDuff>
Ahh. Any pointers into where I should look for up-to-date documentation on its use?
<clever>
nDuff: its still configured with the same format, via the same env var
<clever>
nDuff: default location for the file is still /etc/nix/machines
wpcarro has joined #nixos
sanscoeur has joined #nixos
<nDuff>
Hmm. ping-store does work; passing --builders explicitly may be all I needed...
wpcarro has quit [Remote host closed the connection]
wpcarro has joined #nixos
<astronavt>
nix-store -q --references `which python3` -> error: path '/home/astronavt/.nix-profile/bin/python3.6' is not in the Nix store
<endformationage>
How can I create a nixos-container which runs nixos-unstable atop a stable host? I know I can update the container from within, but is there a way to configure for unstable from a config passed to `nixos-container create`?
<rawtaz>
hm, how can i check which version of a package (open-vm-tools) is installed according to my configuration.nix?
<srhb>
rawtaz: (That will show you _every_ open-vm-tools your system depends on)
<srhb>
rawtaz: If it's a systemPackage you can also just readlink -e the symlink in /run/current-system to one of its files
<srhb>
rawtaz: The store path will have its version
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<rawtaz>
that was helpful, thanks
wpcarro has quit [Remote host closed the connection]
<elvishjerricco>
srhb: nix-store -qR /run/current-system is my favorite command :P
<nDuff>
Hmm. Seems I'm running into https://github.com/NixOS/nix/issues/1994; NIX_SSHOPTS doesn't work for remote builders, and it seems that neither does /etc/ssh/ssh_config (on non-NixOS hosts), though I haven't yet figured out why.
<{^_^}>
nix#1994 (by volth, 26 weeks ago, open): support for custom ssh port in ssh:// urls
<samrose>
what is the best way to start apps in buildFHSUserEnv
<samrose>
?
<srhb>
elvishjerricco: Definitely ranks high with me too!
<catern>
remind me, how do I get a subdirectory out of a derivation?
<{^_^}>
[nixpkgs] @xeji opened pull request #46918 → pythonPackages.nilearn: disable still failing tests → https://git.io/fAHRt
<catern>
(from Nix code, not in a shell script)
<srhb>
catern: What do you mean "get" ?
<srhb>
catern: "${pkg}/bin/foo" ?
Xal has quit [Ping timeout: 246 seconds]
<catern>
srhb: produce another derivation that is just that subdirectory
<catern>
is string formatting really the only way?
melleb has quit [Ping timeout: 240 seconds]
kisik21 has quit [Ping timeout: 272 seconds]
<srhb>
catern: More or less.
<catern>
urgh
<srhb>
catern: pkg + "/subpath" works too, but really, same thing
<srhb>
I think it's the best thing since sliced bread. :-P
<catern>
let me describe my real problem and maybe there's another recommendation: there's a source tarball which contains packages for multiple languages; the actual build files are in a subdirectory of the main directory
<clever>
append to the sourceRoot in postUnpack
Xal has joined #nixos
<catern>
is there an example of this in some package?
<clever>
catern: sourceRoot is the path relative to $NIX_BUILD_TOP
<catern>
hmm argh
<clever>
and unpackPhase creates a dir named after the tar, and auto-sets sourceRoot to that dir
<clever>
postUnpack can then append to that var
<catern>
well, maybe I can be even more concrete, I'm actually using fetchgit, not a source tarball, does that make it any easier for me?
<Mic92>
rawtaz: first increment the version number, then build with `nix-build -A open-vm-tools` in the nixpkgs directory. This will complain about the incorrect checksum. After fixing that in the best case it will build without any further changes.
<clever>
catern: fetchgit returns a path, so you could just src = (fetchgit { ... }) + "/foo";
<catern>
so the src derivation is genuinely unpacked in a separate derivation
<catern>
clever: yes but won't that make two derivations?
<catern>
I guess it won't
<rawtaz>
Mic92: yeah. but even if it does, i might have left things in there that should no longer be around, and might have missed something that should be there too, for that matter. just doesnt feel right. but perhaps this is pretty common?
<catern>
neat
<catern>
so it turns out I should have just done the stupid thing all along :)
<rawtaz>
Mic92: in the nixpkgs directory == i must first clone the repo, or can i do this locally on a NixOS install without cloning the nixpkgs repo?
<Mic92>
rawtaz: most of the fixes are see are build system related, if they fail to execute you can adapt. You need to clone the repository
<rawtaz>
Mic92: ok. ill look into the docs as well.
<rawtaz>
cheers
patrl has joined #nixos
<gchristensen>
can the NixOS buildkite module support multiple buildkite agents clever?
<gchristensen>
iirc nixos-container containers don't really work nicely with nixops, not being properly upgraded. is that a figment of my imagination?
<andi->
same here :/ Have been procrastinating looking into that
<nDuff>
...okay, did get things working; the big missing piece in terms of successful debugging was testing nix ping-store outside my regular user account. Going to work on some extensions to https://github.com/holidaycheck/nix-remote-builder to cover the extra work to support systems using nixbld accounts correctly.
EarlDeLaWarr has joined #nixos
acarrico has quit [Ping timeout: 244 seconds]
<clever>
gchristensen: with declarative containers, systemd/nixos-rebuild wont restart them on activation
<clever>
gchristensen: so if you have a declarative container in a nixops machine, it wont update
<gchristensen>
does that make sense?
<andi->
I have seen updates being triggered but the machine would then have not network :/
<rawtaz>
i wish github had a fast-forward button you could click to make your master up to date with upstream master (assuming it's possible to ff)
<rawtaz>
use case; good when you're doing quick fixes/edits online in the github web gui instead of cloning and editing locally
<rawtaz>
hm, interesting. cloned nixpkgs, eedited pkgs/applications/virtualization/open-vm-tools/default.nix to have version number 10.3.0 instead of 10.1.10, then ran `nix-build -A open-vm-tools`, but it 1) didnt complain about the hash i never changed, and 2) appears to be building 10.1.10 instead of 10.3.0. is that because i did `-A open-vm-tools`?
<Mic92>
rawtaz: change the has by one character and try again.
<{^_^}>
[nix] @edolstra pushed 0 commits to refs/tags/2.1.2: https://git.io/fAHzI
<gchristensen>
yay!
<clever>
rawtaz: if the hash is identical, nix will use the old download
<clever>
rawtaz: you claimed the file hasnt changed, so its not bothering to re-download
<Mic92>
andi-: it is interesting that bazel suffers from the same bugs that nix has regarding fixed input derivations
<{^_^}>
[nixos-homepage] @edolstra pushed to master « Nix 2.1.2 released »: https://git.io/fAHzO
<Mic92>
is there already bazelos?
<rawtaz>
CcxWrk: right, beccause the download it grabs from github is stored in a file that is nnamed like the hash, i take it?
<rawtaz>
err, clever *
<clever>
rawtaz: a fairly complex algo, where the inputs are the hash and derivation name
<clever>
hashing a string that contains the hash, name, and other params
<rawtaz>
yeah. but that means the hash that i see in the store shoould have changed for this derivation, because i changed the version number in the derivation, so its contents changed, which should affect the final hash. with that in mind, should it not be looking for a new hash than what has previously been cached?
<clever>
rawtaz: the storepath ignores the version entirely
<rawtaz>
that is, the hash in abcd-open-vm-tools-10.3.0 should have changed
<rawtaz>
ok
<Mic92>
rawtaz: the path where the source is downloaded does not have the version in it
<clever>
rawtaz: if its using fetchFromGitHub, then the name is just "source"
<rawtaz>
well, some day this will be clearer. for now ill fix the hash and be done :)
<{^_^}>
[nixpkgs] @xeji pushed commit from @dywedir to master « qbittorrent: 4.1.2 -> 4.1.3 (#46917) »: https://git.io/fAHzK
<endformationage>
elvishjerricco: A follow up question if I may re: nixos-unstable container on a stable host. Might you know the declarative equivelant? I looked to see if there was something like a 'channel' option for containers, but there's not.
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<tobiasBora>
Hello,
<clever>
Mic92: dont let NM in!
<tobiasBora>
any idea why when I try to install gitlab (based on ruby), it compiles stuff? building '/nix/store/yqyj1k7i7bhlilgxqmfnwrj2alwn8wjz-ruby2.5.1-gpgme-2.0.13.drv'...
<srhb>
tobiasBora: Usually because it's failing on HYdra.
<rawtaz>
apparently this package needs gtk 3.0+ - am i right that i would use the alias gnome3.gtk to satisfy that dependency?
<srhb>
tobiasBora: Alternatively because you've made an override that affects the dependencies :)
<clever>
gchristensen: maybe its been fixed since i saw the bug
<gchristensen>
trying a service this time
<Mic92>
clever: I already have openssl in my initrd because zfs's userspace tool need it for key derivation when importing encrypted zfs pools.
<elvishjerricco>
endformationage: I don't think there is an equivalent for declarative containers unfortunately. I'm sure you could hack one up, but it'd be nontrivial and I'm not sure where you'd start
slack1256 has joined #nixos
<Mic92>
I also have lua in my kernel, because someone at delphix thoughed it might be a neat feature to have it for skripting zfs transactions.
<srhb>
tobiasBora: Transitive dependencies need not have their own job.
<sphalerite>
rawtaz: yes
<tobiasBora>
srhb: and I don't think I override anything linked with gitlab, if you want I can try to give you my conf ^^'
<srhb>
tobiasBora: Let's start with the commit you're on, not sure I have time to look into your config itself. :)
<endformationage>
elvishjerricco: I see. Thanks.
<tobiasBora>
srhb: I'm on unstable, and I just ran "nix-channel --update", so I guess last commit. But not sure how I can precisely get the exact commit I'm using
<Mic92>
clever: if it is for debugging, I am totally fine with that.
<Ashy>
hmm, i'm trying to test out the basic examples from the nixops manual with libvirtd but getting this error: libvirt: Capabilities Utils error : invalid argument: could not find capabilities for arch=x86_64 domaintype=kvm
orivej has quit [Ping timeout: 240 seconds]
<tobiasBora>
and nix-info gives channels(root): "nixos-19.03pre152634.218ce4de508"
<Ashy>
when i open virtual machine manager it also gives a message: Could not detect a default hypervisor
<Ashy>
what am i missing in my configuration.nix?
<rawtaz>
so i know that open-vm-tools/default.nix essentially contains a function definition. one of the input parameters is currently gtk, but i want that to be gnome3.gtk. it doesnt accept that dot or "gnome3.gtk" though - am i misunderstanding that, should i not put the "wanted" package name (gnome3.gtk) in there?
<Mic92>
by import I mean, put it into the curly braces
<tobiasBora>
srhb: nix-channel --update should be enough to update right? (and also, I'm using aarch64, not sure if it makes any difference)
<srhb>
tobiasBora: ooooh
<sphalerite>
rawtaz: you either take in gnome3 and use gnome3.gtk
<srhb>
tobiasBora: It does
<srhb>
tobiasBora: And that's your answer.
<rawtaz>
Mic92: how can/could i know that there's a gtk3? searching at https://nixos.org/nixos/packages.html#gtk3 only yields a haskell-related gtk3, which is hardly what i want
<sphalerite>
rawtaz: or you take in gtk, and put it in the callPackage
<rawtaz>
sphalerite: right. taking in gtk as it is now makes the build fail cuz gtk+ 3.0 or higher is missing
<rawtaz>
i will take in gnome3 then, and use that
<sphalerite>
rawtaz: using nix search for instance
<tobiasBora>
srhb: well aarch64 is supposed to be supported officially by Hydra no?
<srhb>
tobiasBora: Hydra builds some aarch64 things.
<Mic92>
rawtaz: nix search or the tool nix-index that has a nix-locate command.
<sphalerite>
rawtaz: if you take in gtk you meed to change the call in all-packages.nix to look like callPackage (path) { gtk = gnome3.gtk; }
<srhb>
tobiasBora: Notably not gitlab.
<sphalerite>
or equivalently { inherit (gnome3) gtk; }
<srhb>
tobiasBora: It does build eg. gitlab-runner though!
<rawtaz>
sphalerite: right; and that's not something i should do, because that would affect a lot of things, right
<rawtaz>
Mic92: if those can find it, shouldnt gtk3 (non-haskell) show up in the online search too?
<rawtaz>
sphalerite: oh, wait, looking into that file..
nDuff has quit [Quit: zzz]
<Mic92>
rawtaz: ideally yes, I am not sure why it doesn't
<sphalerite>
rawtaz: no, it will only affect open-vm-tools itself — it's just the callPackage call for open-vm-tools
<rawtaz>
sphalerite: i see what you mean now that i opened that file
<sphalerite>
oh hm in unstable gtk3 seems to exist at the top level actually
<tobiasBora>
srhb: really? I thought it built everything :'(
<sphalerite>
so you can just take in gtk3 rather than do that fiddling with gnome3 if you're working off unstable
<Mic92>
rawtaz: ah, then it will be in the search in the next release
<sphalerite>
(or master)
<rawtaz>
Mic92: oh, right :)
<srhb>
tobiasBora: It does in a sense. It all comes down to whether it can, if the package is not specifically excluded (and it's not)
<srhb>
tobiasBora: So why it doesn't build gitlab specifically requires a bit of investigation :)
<tobiasBora>
srhb: where can I find this explicit list?
<srhb>
tobiasBora: What explicit list?
Fare has joined #nixos
<rawtaz>
sphalerite: heh this is messy. if i just take in gtk3, it doent work because just "gtk" is passed as parameter by the caller. so i guess the real place to change is in all-packages, just changing inherit (gnome2) gtk gtkmm; to inherit (gnome3) gtk gtkmm; - no touching this stuff in open-vm-tools/default.nix
<srhb>
tobiasBora: There's no explicit list. There's just pkgs, as evaluated for different systems.
<tobiasBora>
srhb: the list of package specifically expluded
<PolarIntersect>
Hmm... Does anyone know how to get Python C headers?
<sphalerite>
rawtaz: oooooh it already uses gtk stuff. Yeah definitely
<rawtaz>
sphalerite: yeah sorry wasnt clear on that :) compiling now
<PolarIntersect>
I thought they'd be part of python36Full, but nope
<Ashy>
OH, intel VT-d was disabled in the bios, haha
Ridout has joined #nixos
patrl has quit [Ping timeout: 245 seconds]
<srhb>
PolarIntersect: Yes they are.
<srhb>
(Among other places)
<PolarIntersect>
srhb: Oh, they are part of python36Full?
<srhb>
PolarIntersect: Yes. And python36.
<PolarIntersect>
Then pgenheaders.h must be something else... Sorry!
<srhb>
,locate pgenheaders.h
<{^_^}>
Found in packages: python3, androidndk, pythonFull
<PolarIntersect>
O_o
<PolarIntersect>
that's a nice tool
<srhb>
It is :)
<tobiasBora>
srhb: should I put somewhere an issue to report the fact that gitlab is not built?
<sphalerite>
PolarIntersect: it's based on nix-index, you might want to install it locally for more details and offline use
<rawtaz>
i take it it's quite common that when you upgrade a package just a little you commit a PR which changes the all-packages.nix file and the default.nix file in the package itself
<Ralith>
rawtaz: you don't usually need to change all-packages.nix
<sphalerite>
^
<sphalerite>
but yeah if you do, a single commit is generally appropriate
Tobba has quit [Read error: Connection reset by peer]
<srhb>
tobiasBora: Feel free :)
<rawtaz>
ok so now i have my newly updated open-vm-tools package built locally. im wondering how i can test this in my system, equally to having listed it in systemPackages. doing $ nix-env -f . -iA open-vm-tools doesn't *seem* relevant in my eyes because this is something that needs to run on a higher level than my unprivileged user. pointers?
<rawtaz>
i mean, would be kind of nice to test it before filing the PR :P
<Ralith>
file_listing.json contains binary data of unclear nature
<srhb>
Ralith: Looks like there are some very recent related commits
<srhb>
Might just need a bump
<sphalerite>
yeah it's been fixed
<Ralith>
cool
<sphalerite>
(said binary data is apparently the desired json but brotli-compressed)
jluttine has joined #nixos
hakujin has quit [Ping timeout: 260 seconds]
orivej has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
peayogu__ has quit [Remote host closed the connection]
abueide has quit [Ping timeout: 260 seconds]
<Ralith>
still getting those errors, but they're no longer killing the process
<sphalerite>
yep
<sphalerite>
it's a hydra problem or something, that the listings were being uploaded with the wrong metadata or something, and thus not served in their decompressed form
<sphalerite>
it's been fixed, just the old data's still there on AWS
<rawtaz>
hm. i ran `nixos-rebuild test -I /path/to/modified/nixpkgs`, also `systemctl restart vmware`, then checked logs. apparently its still using the old 10.1.10 version of open-vm-tools. im looking at nixpkgs/nixos/modules/virtualization/vmware-guest.nix and am thinking this is because it references the package open-vm-tools and this for some reason isnt taken from my local copy of nixpkgs?
<octe>
i'm trying to run "nixos-rebuild switch --upgrade" but it gives me an error: "Package ‘firefox-esr-unwrapped-52.9.0esr’ in /nix/store/g65yp62hv062ns3h04m61wzggljfijrl-nixos-18.03/nixos/pkgs/applications/networking/browsers/firefox/packages.nix:70 is marked as insecure, refusing to evaluate"
<octe>
i don't have any reference to firefox in my configuration.nix, why would it complain about that?
<rawtaz>
octe: something in it marked as insecure. if you think it's fine, try adding it to nixpkgs.config.permittedInsecurePackages = [ "thepackagenamehere" ]; in your config
<sphalerite>
you just read it wrong ;)
<octe>
rawtaz, but why would it even need to upgrade it if it's not installed?
<rawtaz>
octe: oh, you didnt ask for that package? i dunno then, maybe or presumably something else requires it?
<octe>
like what?
<rawtaz>
i have no idea, havent seen your config.
<sphalerite>
octe: that is weird. Maybe try running nix-store -q --graph $(nix-instantiate '<nixpkgs/nixos>' -A system) to see the dependency graph and hopefully trace what's pulling firefox in
<octe>
sphalerite, that refuses to run due to the same issue :) i guess i should whitelist it to find out
abueide has joined #nixos
<srhb>
nix_instantiate fails on that?
<sphalerite>
srhb: yes, refusing evaluation is a throw
<srhb>
bleh
<sphalerite>
(in the case of packages marked as insecure)
<sphalerite>
it makes sense, you don't want drvs for insecure stuff popping up in your store just waiting to be realised ;)
<srhb>
Still, hard to debug without actually allowing them :P
<srhb>
It ends up being one glorious invocation to instantiate :P
<rawtaz>
sphalerite: hmm, so usually when i have package foo listed in systemPackages it's grabbed from the stable channel since thats what im on. now that im pointing to a copy of the master branch locally, i presume this is in a way equal to having prefixed all packages in systemPackages with unstable. when using the normal channels?
<andi->
octe: any java web foo in your system config?
<sphalerite>
rawtaz: yes, it builds the entire system from it (including nixos modules and stuff)
<octe>
andi-, oraclejdk is there
<sphalerite>
brb (hopefully), testing new kernel
<sphalerite>
I am back! and it works!
<rawtaz>
sphalerite: yeah. in a way that's not great, because this means i am now not testing "my usual stable nixos, plus unstable master open-vm-tools" but instead "bleeding edge nixos, plus unstable master open-vm-tools". i presume that to do the former i'd just put in my configuration some fetchFromLocal(/path/to/open-vm-tools-derivation) or similar, and nixos-rebuild test as usual?
<octe>
hmm, i added permittedInsecurePackages to my configuration.nix it still won't allow me to run it
<sphalerite>
rawtaz: probably best to cherry-pick the change onto the nixos-18.03 branch and build your system from that. But for testing it makes sense to use all-unstable
<octe>
no i'm using nixos..
<sphalerite>
rawtaz: since (I'm guessing) you're planning to PR it upstream as well?
<rawtaz>
octe: ok. thought you werent cuz my config is heck of a lot bigger :)
<octe>
it is, but i just pasted the part that sets nixpkgs.config
<rawtaz>
sphalerite: yes, indeed. so i made a small update to this package, and just wanted to test that little part on my otherwise normal system
rprije has joined #nixos
<octe>
my whole config is a mess and includes things like wifi passwords so i'd rather not just paste it
<rawtaz>
no problem
<octe>
don't understand why that wouldn't work, the allowUnfree part works
<sphalerite>
rawtaz: for testing with the rest of your system on stable, git checkout nixos-18.03 then git cherry-pick <branch that you committed your change on>
<eacameron>
Where does nixpkgs put `data-files` from a cabal project?
<rawtaz>
sphalerite: ok, if that's the best/simplest way then thats fine
<octe>
can i force the nix-store command to run with the command line perhaps?
<rawtaz>
sphalerite: cant put into words how helpful you are in this channel
<rawtaz>
hopefully it pays off in the end :)
<sphalerite>
:) thanks!
<gchristensen>
sphalerite++
<rawtaz>
make that +++ for good measure :>
<sphalerite>
infinisil: where's my karma bump :o
<sphalerite>
:p
jackdk has joined #nixos
<sphalerite>
,locate bin sct
<{^_^}>
Found in packages: sct, go-sct.bin
jperras has joined #nixos
jackdk has quit [Remote host closed the connection]
<rawtaz>
sphalerite: it might have overflowed and crashed the bot :P
<eacameron>
by the looks of it, callCabal2nix ignores the data-files field
<sphalerite>
rawtaz: nope! there are multiple people with more than me in here
<rawtaz>
octe: same error or different with that?
<octe>
same
<rawtaz>
sphalerite: i thought you were all clones
<sphalerite>
rawtaz: nope, infinisil and clever and gchristensen and the other helpful people here are completely different people from myself :D
<rawtaz>
that could explain some things..
<sphalerite>
oh boy it's almost 1am again. I need to fix my sleep schedule… Gnight folks o/
<jasongrossman>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 19
<octe>
export NIXPKGS_ALLOW_INSECURE=1
<octe>
that allowed me to do it
<rawtaz>
Mic92: alright, open-vm-tools here is updated to 10.3.0, it compiled fine, it `nixos-rebuild test`s fine, and when the service now starts i no longer see the error message that i was previously seeing. given that i have not tried any of the other features (my goal was just to get rid of the error message, cuz this should mean the issue im attending was fixed), do you think it's fine to PR this? or do i need to test more?
<rawtaz>
if yes, i would effectively be testing "does open-vm-tools still work in version 10.3.0 on nixos", which is quite a differnet thing than what i started out with