<rawtaz>
im reading https://nixos.org/nixpkgs/manual/#idm140737315728352 and am wondering if there's a more temporary way to enable sandboxing for a `nixos-rebuild test -I nixpks=foo` run? some env var perhaps?
rprije has quit [Remote host closed the connection]
rprije has joined #nixos
sir_guy_carleton has joined #nixos
nD5Xjz has quit [Ping timeout: 252 seconds]
rprije has quit [Remote host closed the connection]
rprije has joined #nixos
LogicAside is now known as ThatOtherGuy
Cale has quit [Remote host closed the connection]
Cale has joined #nixos
orivej has quit [Ping timeout: 260 seconds]
nD5Xjz has joined #nixos
<colemickens>
how do I find out why a package is being included/built?
<colemickens>
the cheatsheet doesn't have an equivalent for apt-cache rdepends
nuncanada2 has quit [Ping timeout: 252 seconds]
<adisbladis>
colemickens: `nix why-depends`
<adisbladis>
colemickens: I have also found `nix-store -q --graph` very helpful
jperras has joined #nixos
jperras has quit [Ping timeout: 252 seconds]
dmc has quit [Quit: WeeChat 2.2]
dmc has joined #nixos
countingsort has quit [Ping timeout: 240 seconds]
Kelppo has quit []
endformationage has quit [Quit: WeeChat 1.9.1]
hakujin has quit [Ping timeout: 272 seconds]
Ridout has quit [Quit: Lost terminal]
nekroze has joined #nixos
<nekroze>
There is a rust app I need to use, first time doing anything rust related, for buildRustPackage in nix I need a cargoSha256 but cannot find one. Where do I get that value from?
rprije has quit [Ping timeout: 252 seconds]
<nekroze>
looks like if I put the wrong hash in there it gets a different app all together
rprije has joined #nixos
<Ralith>
change a letter
rprije has quit [Ping timeout: 260 seconds]
rprije has joined #nixos
<nekroze>
Ralith: I have tried that like I would normally do with the git repo's but it just gives me the hash of the other app that I copied from originally...
<nekroze>
I copied the current exa package definition and changed exa to i3wsr and mangled the hash and it tells me to put the hash back to what it was for exa and then there is no mention of exa in the package file but exa is in the bin dir
<Ralith>
you do have to actually tell it where to find the source for the package you want it to build
<{^_^}>
[nixpkgs] @colemickens opened pull request #46924 → azcopy: init at 10.0.1 → https://git.io/fAHDq
sir_guy_carleton has quit [Quit: WeeChat 2.0]
<nekroze>
Ralith: yeah i changed the src fetchFromGithub section too
<nekroze>
I am wondering if it cached a build where I did not mangle the hash so it was still pointing at exa or something
<Zer000>
please help! If I try to use nix-env (with -qa or -i for example) I get this message: error: cannot auto-call a function that has an argument without a default value ('config')
<Zer000>
I am using nix 2.0.4 and this has never happened before. I did a rebuild test just in case and I still can't use the command
jperras has joined #nixos
kiloreux has quit [Ping timeout: 252 seconds]
jperras has quit [Ping timeout: 272 seconds]
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
rprije has quit [Ping timeout: 260 seconds]
rprije has joined #nixos
trcc has joined #nixos
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<CMCDragonkai>
Is nscd even doing anything? I tried running `sudo nscd --statistics` and it gives me `nscd: cannot read statistics data: Invalid argument`
kiloreux has quit [Ping timeout: 260 seconds]
revtintin has joined #nixos
kiloreux has joined #nixos
<{^_^}>
[nixpkgs] @vbgl opened pull request #46934 → ocamlPackages.elpi: init at 1.0.5 → https://git.io/fAH9l
alex`` has quit [Quit: WeeChat 2.0]
kisik21 has joined #nixos
jluttine has quit [Ping timeout: 252 seconds]
<Ralith>
CMCDragonkai: works here? though apparently hostnames have a 0% hit rate...
Ericson2314 has quit [Ping timeout: 245 seconds]
<CMCDragonkai>
Really it works there? I'm using Network Manager with dnsmasq switched on. But that shouldn't affect whether stats are getting created right?
* Ralith
shrug
<Ralith>
I'm using Network Manager too, though I haven't touched anything related to dnsmasq
<vandenoever>
in configuration.nix, would I say: powerManagement.powerUpCommands = $(cat /etc/nixos/powerUpCommands.sh);
<sphalerite>
vandenoever: there's a variety of ways you could do it, but that's not one of them ;) powerManagement.powerUpCommands = ./powerUpCommands.sh should work I think
<vandenoever>
sphalerite: let's try
<sphalerite>
that means that powerUpCommands.sh gets imported into the store as is, and what goes into the "real" value of powerUpCommands is the resulting store path
* vandenoever
is saving powertop --auto-tune commands to a script
lassulus_ has joined #nixos
<sphalerite>
which happens to be a valid way of running the script in bash :D
<vandenoever>
powertop --csv && sed -n '/Description;Script/,/^__/p' powertop.csv | head -n -1 | tail -n +2 | sort | sed 's/\([^;]*\);/# \1\n/' > powerUpCommands.sh
<sphalerite>
oh, you do need to make sure the executable bit is set on it
lassulus has quit [Ping timeout: 252 seconds]
lassulus_ is now known as lassulus
<sphalerite>
Or you can do powerManagement.powerUpCommands = builtins.readFile ./powerUpCommands.sh which will not import it into the store, instead just "pasting" the contents of the file into the setting
<symphorien>
vandenoever: there is an option to enable powertop autotune
<vandenoever>
symphorien: i know, but i need to not set some of those settings
<symphorien>
Ah ok :)
<vandenoever>
symphorien: i puts my external keyboard with trackpoint to sleep
<vandenoever>
powertop --csv prints the commands to a file
<vandenoever>
then i disable what i do not like
<vandenoever>
i suppos powerUpCommands is the best place to put the settings
<vandenoever>
sphalerite: thanks the builtins.readFile works
Ariakenom has joined #nixos
kisik21 has quit [Ping timeout: 252 seconds]
hakujin has joined #nixos
jasongrossman has quit [Ping timeout: 240 seconds]
periklis has joined #nixos
xok has quit [Read error: Connection reset by peer]
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<Mic92>
Can we have a /etc/static that allows to inject secrets?
rprije has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @xeji merged pull request #46685 → compton{,-git}: bump to v2, set COMPTON_VERSION so '--version' has sane output → https://git.io/fAX9g
<{^_^}>
[nixpkgs] @xeji pushed commit from @dtzWill to master « compton{,-git}: bump to v2, set COMPTON_VERSION so '--version' has sane output (#46685) »: https://git.io/fAHdr
<jackdk>
I have a "distributed" build that is failing to ship any jobs to the build machine. How can I check if the things I'm trying to build have requiredSystemFeatures?
<sphalerite>
jackdk: I think passing a number of -v flags to the build command might help clarify
<sphalerite>
look for build-remote in the output
<symphorien>
jackdk: use nix show-derivation on the drv you build
<jackdk>
so the top-level derivation doesn't seem to want it, but I'm trying to build a small galaxy of haskell dependencies
<jackdk>
oh that's interesting: after "starting build hook [...]/build-remote" I get 0 remote builders. except my nix ping-store command succeeded with no output
<jackdk>
how do I debug further?
oldandwise has quit [Remote host closed the connection]
oldandwise has joined #nixos
<sphalerite>
jackdk: is your builder in /etc/nix/machines? Does sudo ssh user@host work?
<jackdk>
this is on a nixos machine, so it seems like I ran over nix#2254: my user can ssh, but the daemon? cannot
noam__ has quit [Read error: Connection reset by peer]
kai_w has quit [Quit: Konversation terminated!]
xok has joined #nixos
jasongrossman has joined #nixos
<jackdk>
I don't know how I never found that. Okay, I've added my user to the trusted list. Now it's considering building on the remote machine, but fails to open the ssh connection (broken pipe)
<jackdk>
(thanks for your help thus far, btw)
<sphalerite>
oh you're passing --builders on the command line?
<srhb>
jackdk: Does the daemon user trust the remote key?
<srhb>
jackdk: Again, -vvv might help..
<symphorien>
sudo nix ping-store ssh://blah is a nice way to debug
<jackdk>
the ping-store command emits with no output and $?=0
<jackdk>
right. I hit nixpkgs#46038, because I didn't have distributedBuilds in nixos/configuration.nix , even though I was using --builders from a command-line build
<jackdk>
and now I'm building a lot of things in parallel and copying lots of things to my other machine. looks good
<symphorien>
could you mention this on the wiki page ?
<jackdk>
symphorien++
<{^_^}>
symphorien's karma got increased to 6
<jackdk>
srhb++
<{^_^}>
srhb's karma got increased to 18
<jackdk>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 20
<jackdk>
thanks all.
<srhb>
/oprah-gif-points-to-everyone
<srhb>
:)
<sphalerite>
karma partyyyyyy
<jackdk>
and yeah I'll update the wiki
<srhb>
jackdk++
<{^_^}>
jackdk's karma got increased to 1
<srhb>
The circle is closed.
kai_w has joined #nixos
<sphalerite>
why does mesa's demos repo https://cgit.freedesktop.org/mesa/demos/tree/ include CMakeLists.txt but the dist tarball ftp://ftp.freedesktop.org/pub/mesa/demos/mesa-demos-8.4.0.tar.bz2 not >_>
Gohla has quit [Quit: Bye.]
carlosdagos has quit [Quit: Connection closed for inactivity]
oldandwise has quit [Remote host closed the connection]
oldandwise has joined #nixos
xok has quit [Quit: Leaving.]
kai_w has quit [Quit: Konversation terminated!]
kai_w has joined #nixos
<Taneb>
I'd like to add a patch to a Haskell library (sbv) replacing a call to an executable it expects to be on $PATH with a hard-coded path to the nix store, but I'm not sure which file that change should go
<Taneb>
Which file in nixpkgs, that is
<srhb>
Taneb: one of the configuration- files in pkgs/development/haskell-modules :)
<srhb>
Probably either configuration-nix or configuration-common
<srhb>
They have comments in the top that should clear up which one is right.
<sphalerite>
betaboon: by setting the BROWSER env var, by the looks of it (`vim $(which xdg-open)`)
sigmundv__ has joined #nixos
<sphalerite>
betaboon: alternatively, installing a trivial derivation that just contains a symlink to your preferred browser like runCommand "x-www-browser" {} '' mkdir -p $out/bin ; ln -s ${firefox}/bin/firefox $out/bin/x-www-browser ''
<sphalerite>
the latter is nicer to manage with nix of course
jperras has quit [Ping timeout: 244 seconds]
<betaboon>
sphalerite: i have that set, but slack doesn't respect it. when i run "xdg-open https://nixos.org" it still opens it with chrome :(
<viric>
so nix 2.1.1 on cygwin fails straight away on "copying path" (last line written) and it does not emit any error
<sphalerite>
betaboon: hm maybe try the x-www-browser thing then
<cryptix>
is someone here who uses leveldb/leveldown or sodium bindings in a npm project? i'd like to know if I can use it from nixpkgs so that it doesn't have to get compiled each time
<Myrl-saki>
sphalerite: Glad to know that I'm not the only one who does that. I no longer write my shell scripts directly to ~/.local/share/bin lol
<viric>
niksnut: nix 2.1.1 and 2.1.2 crash for me, just after "copying path from cache.nixos.org" line. The backtrace in gdb even with debug info is quite useless.
<Taneb>
Is there a way to specify a revision with callHackage?
<{^_^}>
[nix] @srhb opened pull request #2436 → multi-user installer: Add /etc/zsh/zshrc to PROFILE_TARGETS → https://git.io/fAQvz
<rawtaz>
i truly fancy being able to build my entire system out of local custom/modified sources so easily (using -I nixpks= to nixos-rebuild), and of course with the ability to rollback
<niksnut>
don't know if that includes cygwin though
<etu>
jtojnar: I've read the emails and it looks really promising :)
<srhb>
Oh, are you talking about the "cake" ? :P
<srhb>
alex``: It was excellent ;)
<sphalerite>
siers: the only relevant thing I can find is https://nixos.org/nixos/options.html#key+repe which only seems to affect the args that the X server is started with
<siers>
sphalerite, Ah, that must be it. I forgot to check whether there's an option for that at all. I always just ran the command. :) Thanks.
<viric>
niksnut: I bet cygwin and windows are quite different platforms, wrt coroutines
<sphalerite>
siers: but this shouldn't affect a running X server
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #46959 → nixos/emby: ensure plugins are writeable → https://git.io/fAQIB
<betaboon>
sometimes when building a python-package with dependencies i get a conflict with 'tests' (eg. packageA has 'tests', packageA depends on packageB, packageB has 'tests') any hints ?
nckx has joined #nixos
<LnL>
some python packages have a weird setup.py and install their tests
<srhb>
It's really unfortunate that the spam protection hits legitimate users like that. It's hard to prevent though.
<Myrl-saki>
srhb: I wanna try trigerring the spam protection, but I'm scared of being IP banned.
<rawtaz>
Myrl-saki: we should probably have asked some staff to remove the k-line (if there was one)
<srhb>
Myrl-saki: Yeah, don't. You'll just make extra work for our ops. :)
<rawtaz>
Myrl-saki: if you do, we can talk to staff to have you unbanned again, if you want to try it
* srhb
thinks we shouldn't waste the staff's time. :)
<rawtaz>
fair enough
* Myrl-saki
seconds it. :P
trcc has quit [Remote host closed the connection]
trcc has joined #nixos
solususer has quit [Quit: Leaving]
<sphalerite>
rawtaz: yes, MichaelRaskin is often here. I haven't seen him for a couple days
solususer5 has joined #nixos
solususer5 has quit [Remote host closed the connection]
trcc has quit [Ping timeout: 260 seconds]
<srhb>
I want an easy remote build option that does the evaluation remotely as well. q_q
trcc has joined #nixos
<srhb>
inb4 import the whole thing to store and IFD the hell out of it.
<srhb>
Even better, a nice api for spinning up ad-hoc jobs on Hydra... Though with the warnings attached to deleting projects and jobsets, that sounds scary in the long term..
<sphalerite>
srhb: What would the benefit in that be?
<{^_^}>
import-from-derivation (IFD) is when you evaluate nix from a derivation result, for example `import (pkgs.writeText "n" "1 + 1")` will evaluate to 2
<gchristensen>
I wonder if we should move `python = python2` to aliases and forbid `python` and `pythonPackages` references internally to nixpkgs
<sphalerite>
How do I set the flags passed to gcc when building nix in a nix-shell? I've tried passing CFLAGS and CXXFLAGS, both as arguments and as env vars, to ./configure, but it seems to be ignoring them completely (counter to the expectations set by its help message)
<Dezgeg>
that's an automake-ism and nix build system doesn't use automake
<sphalerite>
ok ended up setting GLOBAL_CFLAGS and GLOBAL_CXXFLAGS on the make invocation…
<sphalerite>
Dezgeg: then why does the configure script's help message say that they influence it >_>
<LnL>
gchristensen: I think FRidh gave up on python -> python3, but since 2 is basically dying now deprecating the alias would make sense as a first step
<Dezgeg>
maybe autoconf always assumes automake is being used
<Dezgeg>
switching 'python' from python2 to python3 sounds horrible
<symphorien>
I think there is a PEP asking distros not to do that
<gchristensen>
symphorien: link?
<sphalerite>
yeah I think we can all agree that changing python to point to python3 is a bad idea
<dtz[m]>
lol
<sphalerite>
I'm in favour of removing (or what gchristensen said) "python" though
<Dezgeg>
I hated when arch linux made /usr/bin/python python3... every single python shebang in the universe required patching
<LnL>
Dezgeg: yeah, that's hard at the moment but discouraging using python directly seems feasible
<LnL>
also that's something very different
<LnL>
what /usr/bin/env python points to depends on priority not the attribute name
<gchristensen>
symphorien: a link would be really really helpful. I can't find it after cursory search.
<Twey>
alex``: Find a simple package and cargo-cult it ;)
<sphalerite>
alex``: although compton has a tool called compton-trans which can set transparency too
<sphalerite>
yep that works
<Twey>
sphalerite: TIL
<sphalerite>
Twey: same :p
<Twey>
sphalerite: But I've been using compton for years :þ
<sphalerite>
I just saw compton-trans in dmeny while I was starting compton, so I looked at its manpage and lo and behold, it was what we were looking for ;)
<alex``>
If I make a package, but don’t want to submit to nixpkgs, how to get it integrated to the base (when I do nixos-rebuild with said, pkgs.transset added)
cryptix has quit [Ping timeout: 252 seconds]
<sphalerite>
if you don't need to replace anything else with it, you can just put (pkgs.callPackage ./transset.nix {}) in your systemPackages
<sphalerite>
but compton-trans can do the same thing as transset so you probably don't even need to package it?
<gchristensen>
I have a PR here which optionally (default-off) improves developer UX at the cost of binary reproducibility in dockerTools.buildImage: https://github.com/NixOS/nixpkgs/pull/47005 I'd love to get some feedback from people who have feelingls about this :)
<manveru>
so the tarball won't be reproducible, but the other contents should be
<manveru>
i'm more in favor of making the created attribute mandatory and showing the "now" option in the error message :)
sanscoeur has joined #nixos
<gchristensen>
sphalerite: yes they are bit-for-bit reproducible based on --checking 8 times
<manveru>
but that breaks backwards compatiblity :(
periklis has quit [Remote host closed the connection]
<ben>
I did `nix-env -iA nixpkgs.jq`, but `man` didn't work. Then I did `nix-env -iA nixpkgs.jq.man` and `man jq` still didn't work (and I don't have ~/.nix-profile/share/man/man1/jq.1.gz). /nix/store/w8895snkv25s12cff2qss56czv1v6frf-jq-1.5-man exists, how do I make `man` look there?
<manveru>
gchristensen: but only if it's already in store?
<ben>
(sorry, that shoulda been `man jq` didn't work)
<sphalerite>
manveru: that's what we have biannual releases for!
<sphalerite>
ben: it's a bug IMO
<ben>
Which part :)
lawlesseel has joined #nixos
<ben>
a) should it have installed manpages by default? b) should i be able to install outputs individually like that?
<sphalerite>
that there's no simple way to install the man output
<sphalerite>
of course, nix-env -u will undo the hard work behind either of those. So the best option really is to put one of those things in a declarative environment.
<{^_^}>
[nixpkgs] @globin pushed commit from @graham-at-target to master « dockerTools.buildImage: support impure dates »: https://git.io/fAQ9H
<ben>
Thanks for the help, everybody :)
<gchristensen>
yay thanks globin!
<sphalerite>
,imperative = nix-env has multiple drawbacks as an imperative package manager. nix-env -u will sometimes upgrade to the wrong thing; the outputs to install are very finicky to override; and packages that have been removed or are otherwise unavailable will remain in your profile without any warnings. Consider using a ,declarative setup instead.
<{^_^}>
imperative defined
Thra11 has joined #nixos
<sphalerite>
,declarative
<{^_^}>
sphalerite: Did you mean todeclarative?
<{^_^}>
echo $'{ pkgs ? import <nixpkgs> {} }:\npkgs.buildEnv {\n name = "'"$USER"'-env";\n paths = with pkgs; ['; nix-env -f '<nixpkgs>' -qaP > /tmp/pkgs ; nix-env -q | while read name ; do grep -F " ${name%%-[0-9]*}" /tmp/pkgs | awk '{ print $1 }' | head -n1 | sed 's/^/ /'; done ; echo $' ];\n}'
<globin>
gchristensen: sure :)
<sphalerite>
ahahaha I forgot that I wrote that mess
<ben>
;_;
<ben>
i feel like being able to install manpages is fundamental enough that the imperative mode should probably support it
<ben>
I'm gonna need to reread what I said the last time I complained about declarative envs because I don't quite remember what my arguments were :<
<sphalerite>
,declarative = There are multiple ways of managing declarative profiles. 1) Attrset, compatible with imperative use of nix-env https://git.io/fAQHW ; 2) buildEnv, providing more control over the paths that are linked into the profile <link to do, sphalerite!>; 3) home-manager, providing nixos-like config for your ~ https://github.com/rycee/home-manager
<{^_^}>
declarative defined
<rawtaz>
ben: karma++ for being humble :)
<infinisil>
sphalerite: Are these git.io links persistent? They never seem to grow in length..
<sphalerite>
infinisil: 62^5 possibilities at the current length I believe
<sphalerite>
that's about 9.1e8
<das_j>
Which package is gulp in?
<sphalerite>
,locate bin gulp
<{^_^}>
Couldn't find any packages
<das_j>
what
<sphalerite>
not packaged apparently
Ariakenom has joined #nixos
<infinisil>
(probably, the bot sometimes makes mistakes)
<sphalerite>
nix search gulp also yields nothing
<infinisil>
(ANd nix-index at that)
<das_j>
Probably I can install it locally with npm
<sphalerite>
aah, no actually it should be in nodePackages.gulp or something
<{^_^}>
[nixpkgs] @xeji pushed commit from @romildo to master « tint2: 16.4 -> 16.6.1 (#46994) »: https://git.io/fAQQY
<{^_^}>
[nixpkgs] @fpletz pushed commit from @r-ryantm to master « smcroute: 2.4.1 -> 2.4.2 »: https://git.io/fAQ7Y
<philipp[m]>
Do I have to bridge them? What's the mode that would be nat for ipv4, since there is no equivalent in v6?
<philipp[m]>
I tried bridging my eth0 to a bridge interface and putting bridging that in my container, but I can't reach the container from the outside.
<sphalerite>
philipp[m]: you shouldn't need NAT. What you do need is to set the right addresses on all the interfaces
<sphalerite>
and particularly the right netmasks
Kelppo has quit []
<sphalerite>
(or prefix lengths)
<philipp[m]>
sphalerite: I've got a public /64, so I just used /128s for the interfaces and do it point to point?
<sphalerite>
on the outward-facing interface, you'll want /128 usually
<sphalerite>
hm I'm not sure about point-to-point routing or whatever it is. The setup I have is that I have a bridge which the containers are connected to, and the host and the containers have the same prefix and the same length configured for that, so it behaves like a LAN
<cransom>
if you have a bridge, they will still be /64s.
<worldofpeace>
If I do `nix-env -q` I always see `libstdc++5`. nix-env -e has no effect.
<sphalerite>
oooh yeah if you connect the public interface to the bridge I think that makes sense
<worldofpeace>
sphalerite: thx `nix-env -e 'libstdc\+\+5'` worked
<worldofpeace>
also `packages that have been removed or are otherwise unavailable will remain in your profile without any warnings`. How can I check this?
<philipp[m]>
Thanks for all the feedback! Now I've got a curious situation: I can connect outside from the inside but not the other way around... I think it's something in iptables.
<gchristensen>
probably need to turn on packet forwarding
<philipp[m]>
net.ipv6.conf.all.forwarding and ipv6.conf.default.forwarding are both enabled.
<philipp[m]>
Also: How could a machine answer to my icmp ping, if it wasn't enabled?
notlar has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @grahamc closed pull request #47017 → dockerTools.buildImage: test that created=now makes an unstable date → https://git.io/fAQd6
<{^_^}>
[nixpkgs] @grahamc reopened pull request #47017 → dockerTools.buildImage: test that created=now makes an unstable date → https://git.io/fAQd6
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
philipp[m]: I don't think forwarding should be necessary if you're bridging. I think a more likely candidate is that an input firewall rule is blocking it
<worldofpeace>
I don't get why having a sub config for not having X startable as needed.
foldingcookie has quit [Remote host closed the connection]
<worldofpeace>
* is needed
<LnL>
sphalerit: no, unless you override it out of order
<samueldr>
worldofpeace: one could have a machine with some issues with X, but the VTs can work, the current graphical iso still works for them, without the option it could lead to them having an annoyance and require to get another iso
<infinisil>
Or just, it's a server you run at your home and you usually don't need X, but occasionally want it to fix problems
<samueldr>
and it also depends on the other reasons X isn't started by default
<sphalerite>
LnL: well that's the thing, shouldn't it use self so that the order of overlays matters as little as possible and you don't get confusion à la "why is this not installing my overridden hello"?
<samueldr>
infinisil: the installer image
<sphalerite>
LnL: iirc the general rule was "packages from self, functions from super", no?
<nbp>
sphalerite: and we want to reduce the number of hop through self to 1, such that we can easily implement the security branch with an automated patching mechanism.
<elvishjerricco>
nb
<elvishjerricco>
nbp:
<elvishjerricco>
crap, sorry
<nbp>
sphalerite: going twice through `self` would miss the edge and cause a security issue as dependencies would not be patched accordingly.
ggp0647 has quit [Ping timeout: 252 seconds]
<sphalerite>
security branch..?
<elvishjerricco>
I don't understand that point
<infinisil>
LnL: I feel like that should be self.hello as well
<nbp>
elvishjerricco: as the function captures the `self` of the previous iteration, and not the one which is being monitored.
ggp0647 has joined #nixos
<elvishjerricco>
nbp: Why can we only do a single iteration though?
<nbp>
elvishjerricco: the formula is in the PR: h = patch (g (fix f)) (g h)
<elvishjerricco>
I'll read through it
<nbp>
elvishjerricco: because `self` is in the first place `g` argument, and then it is `fix f` argument, which is the result of `f (f (f (f (f … ))))`
<elvishjerricco>
oh
<elvishjerricco>
Why not `fix (self: g (f self))`?
philippD has joined #nixos
<nbp>
because we do not want to recompile.
<nbp>
elvishjerricco: We want to only compile packages which got changes, not recompile every package which depends on these changes.
<elvishjerricco>
why would we not want that?
lord| has quit [Quit: WeeChat 2.2]
<nbp>
elvishjerricco: also fix (self: g (f self)) would not give you a result which correspond to any packages which is already installed on your system.
<nbp>
elvishjerricco: as your system is assumed to be taken from (fix f)
<nbp>
elvishjerricco: The point of grafting is to reduce the amount of work before shipping security updates.
<nbp>
elvishjerricco: the minimal amount of work is the recompilation of each package individually, and the replacements of the dependencies with the newly compiled versions.
<nbp>
elvishjerricco: if you change the Xlib packages, you do not want to recompile every X packages.
<elvishjerricco>
nbp: Still not sure how this relates to `super.writeScriptBin` vs `self.writeScriptBin`, but I'll read that PR :)
<nbp>
elvishjerricco: Think about super.callPackage.
<elvishjerricco>
I never understood why super is preferred for that either
<nbp>
elvishjerricco: callPackage takes all its input from `self`.
Twey has quit [Quit: WeeChat 2.1]
<nbp>
elvishjerricco: super.callPackage, in the above formula `h = patch (g (fix f)) (g h)`, will get packages from `fix f` and `h` and would be able to patch them.
<nbp>
elvishjerricco: self.callPackage, in the above formula `h = patch (g (fix f)) (g h)`, will get packages strictly from `fix f`.
<nbp>
elvishjerricco: because self.callPackage is taken from `fix f`, and the `self` of `callPackage` if `fix f`.
<nbp>
elvishjerricco: However, `super.callPackage` is taken from `g`.
<elvishjerricco>
wait what
patrl has joined #nixos
<nbp>
elvishjerricco: which still gives us the ability to compare the inputs of both `g`.
<nbp>
elvishjerricco: `patch` is a function which do the grafting on packages, and exposes functions.
* nbp
wonder …
lord| has joined #nixos
lord| has quit [Client Quit]
<Unode>
hi all, I just updated to 18.09 and am experiencing some issues. Is 18.09 still not completely stable?
hakujin has quit [Ping timeout: 260 seconds]
<gchristensen>
it is not released yet. what are you seeing?
<nbp>
elvishjerricco: At least this was a limitation I had when I tested it, and now that I explain it, I guess I could take functions from (g h) instead of taking functions from (g (fix f)), as opposed of packages.
<Unode>
the package zathura is also failing to compile locally
<kini>
How are people setting up printers in nixos? Is there a declarative method, or should I just be adding them to CUPS via the KDE printer settings widget or whatever?
<nbp>
elvishjerricco: `g` is like `f`, except that `g` is the security branch which contains the updated version of each individual packages.
lord| has joined #nixos
<nbp>
elvishjerricco: `patch` compares the recipe of (g (fix f)) with the recipe of (g h) to know if some works needs to be done.
<sphalerite>
Unode: good opportunity to fix it — if nobody does, it'll simply be marked as broken for the release
<elvishjerricco>
nbp: So, just so I understand, the only reason we want to patch a package without recompiling its dependents is because of those packages such as the X server which don't need applications to be changed, just the server?
<nbp>
s/X server/X libraries/, yes
<symphorien>
Unode: this looks like a version mismatch betwee the nix daemon and the version of nix you have in your PATH
<elvishjerricco>
nbp: So we even rewrite dependents' binaries to depend on the new shared library instead of the old?
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
Unode: oh yeah what symphorien said. Try uninstalling nix from your user profile. You may need to use /run/current-system/sw/bin/nix-env to do so
<countingsort>
hey, quick question: is sh bash or dash and how to change it?
<elvishjerricco>
Still not quite seeing the super thing, but reading that PR will probablby make it apparent to me
<sphalerite>
countingsort: it's bash
<Unode>
symphorien: yeah you are right
<Unode>
that one is fixed. Now as for zathura, checking
<countingsort>
sphalerite: thanks
<nbp>
elvishjerricco: `super` is asking the parent attribute set, not the argument given to f or g.
<sphalerite>
countingsort: it's set by environment.bin
<{^_^}>
"The shell executable that is linked system-wide to\n<literal>/bin/sh</literal>. Please note that NixOS assumes all\nover the place that shell to be Bash, so override the default\nsetting only if you ...
<nbp>
elvishjerricco: as functions are aliasing `self`, we want to have a single step in the argument.
<nbp>
elvishjerricco: not 2.
<Dezgeg>
sounds like the option should be removed then...
<sphalerite>
doesn't bash behave like POSIX sh when called as sh?
trcc has joined #nixos
<nDuff>
sphalerite, in some respects but not entirely.
<sphalerite>
oh ok
<nbp>
elvishjerricco: it is hard to understand, without going through the process of fixing these issues, and noticing that functions are aliasing self and therefore adding hops.
<Unode>
sphalerite: so in the case of zathura, setting synctexSupport to false is enough to make it pass.
<Unode>
would that qualify as a fix?
<sphalerite>
Unode: ah, good to know. Then I'd suggest opening a PR making it default to false and adding a comment mentioning that it's broken
<sphalerite>
make sure to make the PR against master and request a backport, or to make a backport PR yourself but still make sure to use git cherry-pick -x to backport it to 18.09
<azazel>
I've recently updated the configuration for my home server and I have published on github https://github.com/azazel75/giskard-configuration . Before it was using NixOps but no more ... if someone wants to take a look ;-)
kiloreux has quit [Ping timeout: 260 seconds]
astrofog has quit [Remote host closed the connection]
<benley>
soooo anyone know of a way to use go2nix on a local repository without having to set up a git remote and publish the code to some remote location? because WTF
<LnL>
uh oh, it doesn't work without that?
<benley>
so it seems.
<benley>
the readme for go2nix is like "just publish your repo to github" and I'm like come on, I just want a fucking helloworld repo here
<gchristensen>
I have applied the glibc LOCALE_ARCHIVE_2_11 / LOCALE_ARCHIVE_2_27 patch, 2_11 pointing to an 18.03 glibc and 2_27 pointing to an 18.09 glibc. My terminal is messed up now: I can't backspace -- it adds forward spaces instead. any tips?
<worldofpeace>
samueldr: I could add an option but I haven't the slightest what to call it
ixxie has joined #nixos
ravloony has joined #nixos
<ravloony>
Hi, does anyone have a link to an explanation of how to use nixops with a specific nixpkgs version?
<samueldr>
worldofpeace: it would be something along the lines to additional boot parameters; though I'm thinking this could be delayed for an eventual rewrite of the bootloader options for the installer images... but when is this going to happen? (something I want to do eventually)
<infinisil>
ravloony: Just set nixpkgs in NIX_PATH
<symphorien>
gchristensen: export TERM=linux or even export TERM=vt100
<symphorien>
it does not solve the root of the problem, but makes the terminal usable
<infinisil>
ravloony: E.g. `-I nixpkgs=/path/to/nixpkgs` as an argument (/path/to/nixpkgs could also be a channel path, or a "channels:nixos-unstable" should work too)
<rycee[m]>
And people complain about my warning in the Home Manager README…
<rycee[m]>
:-D
<gchristensen>
rycee[m]: how and why did you find that
jedahan has joined #nixos
<worldofpeace>
samueldr: hmm we have similar interests, I'm fine if that delays this since installer changes are only really fruitful for releases.
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<worldofpeace>
gchristensen: now that twitter post you made makes sense :P
<rycee[m]>
gchristensen: I was curious whether there were any descriptions for having two git repos in one directory since I was thinking to finally start putting dotfiles in a public repo.
<gchristensen>
worldofpeace: which one?
<rycee[m]>
But I still have quite a few things that are not suitable for public consumption in my configs…
<worldofpeace>
For example, being in your home directory and running git clean -f -x might delete all your files.
<rycee[m]>
gchristensen: and duckduckgo had your repo as the third hit.
<gchristensen>
oh, believe it or not that was a _different_ accident worldofpeace :)
<gchristensen>
but yes, git clean -dfx is very dangerous if your ~ has a .git
<worldofpeace>
hah so you knew from experience
<rawtaz>
this is so fricken weird. ive been fiddling with open-vm-tools all day, as usual, and yesterday, and ive always gotten stuff logged by the vmware service into /var/log/vmware-vmsvc.log . but now, regardless if i use the same config as before, im not getting anything in that log. not even its startup messages. suuuuuuper weird.
<worldofpeace>
gchristensen: Ever forgot you were ssh'd in a terminal and be like 'wtf' when you did something
Dedalo has joined #nixos
<rawtaz>
although, the file has been *changed* jsut now. but im not seeing any lines from "just now"
alex`` has joined #nixos
<sphalerite>
rawtaz: I suppose it just doesn't have anything interesting to say?
<rawtaz>
sphalerite: i found "it".. i moved the file, restarted vmware, so it got recreated. it DOES add lines to it, but with a time that's two hours behind $now. thats odd, cuz `date` reports the right time.
<gchristensen>
worldofpeace: stooop you're giving me nightmares :)
<rawtaz>
sphalerite: nah, it always produce output when you start it, a number of lines
<elvishjerricco>
nbp: So, in `g (fix f)`, the `super` that `g` sees is *not* `fix f`. `super` is entirely internal to the function `g` or `f`, so it still doesn't seem relevant to me.
<elvishjerricco>
Denommus: That said, they *are* already given virtual interfaces that are only accessible on your machine. If your machine is running NAT, you might be able to just refer to them by their nixops-assigned IPs, which are available in the `nodes` argument to a machine's config.
jeschli has joined #nixos
<jackjennings>
If I set `deployment.keys.{name}.text`, can I interpolate `deployment.keys.{name}` elsewhere to get the path to the written file like other derivations?
<jackjennings>
(in nixops-land)
<elvishjerricco>
jackjennings: I think it might be at `deployment.keys.{name}.path`
samrose has joined #nixos
<Denommus>
elvishjerricco: can I at least set fixed IPs for them?
<jackjennings>
elvishjerricco: there’s `keyFile` — the documentation just doesn’t note if it is set by nixops if unset. I’ll give it a shot…
<elvishjerricco>
Denommus: I don't think so, not with NixOps.
<Denommus>
elvishjerricco: is it a nixops or a nixos option?
<ixxie>
anybody know in some detail the status of the NixUP situation?
<elvishjerricco>
Denommus: It's not an option, it's an argument to the NixOS config for the machine, added by NixOps. `{ pkgs, lib, config, nodes, ... }: { }`
<ixxie>
I wouldn't mind getting involved if I can help somehow... really wanna see that happen
<infinisil>
ixxie: I think I've told you before, but I think NixUP is dead, and we should rock with home-manage
<infinisil>
r
<ixxie>
infinisil: yeah but I was hoping to hear *why*... and what direction would an alternative best go
<ixxie>
because while the implementation may have been flawed the idea is good
<infinisil>
There is an implementation of something like this, it's called home-manager
<infinisil>
And why it's dead? Just seems like from the activity, there hasn't been any testing afaik, and very rare updates
hakujin has joined #nixos
<ixxie>
infinisil: I use HM... I guess I was just hoping for something better integrated with NixOS in general
nD5Xjz has quit [Ping timeout: 246 seconds]
<ixxie>
and there is a PR that is still open
<ixxie>
for NixUP
<ixxie>
Rycee collaborated on it
<ixxie>
so they were taking some concepts of HM too
<ixxie>
afaik
<infinisil>
I never heard about any collaboration happening
<infinisil>
only about the announcement of collaboration
<ixxie>
ah so there was intent but it never happened
<infinisil>
I think I asked rycee before and he said that not much was ever done together
<ixxie>
sad
hakujin has quit [Ping timeout: 244 seconds]
<Denommus>
elvishjerricco: ah, got it. But getting documentation for it seems hard, is there a way to figure that out in the repl?
hakujin has joined #nixos
<elvishjerricco>
Denommus: Don't think so, unfortunately :/
<Denommus>
not actually hard, but not very descriptive
<infinisil>
ixxie: Well, rycee's doing a great job maintaining home-manager :)
<infinisil>
PR's welcome as well
<ixxie>
Aye aye
lawlesseel has quit [Remote host closed the connection]
__lawlesseel__ has joined #nixos
<ixxie>
infinisil: will try and contribute when I learn more
<samrose>
is there a supported way to build an isolated env with buildFHSUserEnv such that when a user is in that env, they cannot read/see/access files outside of that env?
<Denommus>
elvishjerricco: is there a way to "echo" the contents of a variable during build?
<elvishjerricco>
infinisil: I wonder if we might ever get a `nix install` that resembles home-manager
<elvishjerricco>
Denommus: `builtins.trace`?
<infinisil>
elvishjerricco: I'd hope so, but I somehow doubt it, at least in the near future
<elvishjerricco>
infinisil: I envision "imperative"-style package management with Nix as just modifying a JSON file which is read by a declarative system like home-manager
<infinisil>
elvishjerricco: Yeah, thought of this too
<Denommus>
thanks, that helps
<infinisil>
elvishjerricco: I just hope we won't be using the nix-env interface
<infinisil>
Really not a fan of the CLI
<elvishjerricco>
infinisil: Yea. I wouldn't be *too* upset by that, but it'd be a big missed opportunity
<elvishjerricco>
Oh
<elvishjerricco>
Yea the CLI is garbage and NEEDS to go
<elvishjerricco>
I just meant the ABI, so to speak
<infinisil>
I wouldn't mind an additional curses interface :O
<elvishjerricco>
The way a nix-env profile is formatted as a derivation
<rawtaz>
there's a file /run/wrappers/wrappers.IJQJEDrKi5/fusermount , i presume from having installd fuse3 - what the heck is a wrapper, and how can i make this binary available in <prefix>/bin or <prefix>/sbin in the open-vm-tools package?
<rawtaz>
i could just copy it to /bin. thought it was ro
<rawtaz>
HOLY CRAP
jackjennings has quit [Quit: jackjennings]
<tilpner>
samrose - To use it with e.g. steam, I have: steam-chrootenv.override { buildFHSUserEnv = bubblewrapFHSEnv.override { bwrapArgs = ''...''; }; };
<{^_^}>
[nixpkgs] @LnL7 opened pull request #47051 → broken darwin packages (d) → https://git.io/fA7Y4
<tilpner>
Here's my definition of bwrapSteam: tx0.co/29
zduch4c has joined #nixos
<zduch4c>
hello
acarrico has joined #nixos
<samrose>
tilpner: looks pretty awesome
MasseR has joined #nixos
<elvishjerricco>
rawtaz: I wouldn't rely on anything outside `/nix/store` in a Nix build... Anything that requires that should be patched
Fare has joined #nixos
<elvishjerricco>
rawtaz: Also, nothing should ever be run as root in a Nix build, so invoking setuid executables in a Nix build is a bad idea.
<rawtaz>
elvishjerricco: yes. but im desperately trying to get this shyte to work and part of that is just making it work :D once i know what fixes the problems, i can patch cleanly :)
<zduch4c>
so… I loaded the wacom_w8001 module, and the tablet on my HP EliteBook still doesn't work under NixOS. It works under Lubuntu with that same driver. Any ideas?
<rawtaz>
im onto something now at least.
<infinisil>
zduch4c: Have you got the right udev rules?
<infinisil>
This adds udev rules fit for wacom to your system, these are needed to detect the device and assign it the correct drivers i think
<zduch4c>
I have services.xserver.wacom.enable = true in my configuration.nix
<infinisil>
Maybe those udev rules there don't work for your tablet
<zduch4c>
hmmm... so what can I do?
<infinisil>
zduch4c: Maybe check out `cd $(nix-build --no-out-link '<nixpkgs>' -A xf86_input_wacom)/lib/udev/rules.d`
<infinisil>
and have a look at the file in there
<infinisil>
(those are the udev rules)
<clever>
zduch4c: what module did ubuntu show in lsmod?
<infinisil>
There's some way to check whether the rules worked too. udevadm is the tool to use, run `udevadm monitor` and plug in/out your devices maybe
<zduch4c>
wacom_w8001 clever
<clever>
zduch4c: and does nixos also show it in lsmod?
<zduch4c>
after I explicitly specify it in availableKernelModules, yes, but otherwise, no
<clever>
zduch4c: does it work once loaded like that?
<clever>
zduch4c: what does dmesg say involving wacom?
<zduch4c>
nothing in dmesg about wacom, evtest does not list it
<infinisil>
It's the udev rules i tell ya
<clever>
zduch4c: next thing i would do then is compare `modinfo wacom_w8001` on both ubuntu and nixos
<clever>
ubuntu doesnt have to actually be booted on the tablet
<rycee[m]>
ixxie, infinisil: Yeah, unfortunately I haven't had a look at nixup or talked with the author for a long time. My intent is still to have a look at it in more detail once my current freelance assignment ends and I get some free time. Then I was also planning to try nixup for the first time :-)
<clever>
so oyu could use a vm or 2nd machine to speed up comparison
<zduch4c>
I'll have to boot it unfortunately, too slow of a computer for that
<rycee[m]>
ixxie, infinisil: But I'm not wanting to be the person it all hangs on so anybody with interest in nixup should have a look at it and perhaps even try it. It's a bit old by now but I guess should work in a virtual machine or something.
<rycee[m]>
infinisil: Btw, you are using Emacs, right? In a sudden fit of insanity I did some form of HM module for producing an init.el file. That's why I wanted to put some dotfiles publically, since I finally felt I had something suitably interesting :-)
sir_guy_carleton has quit [Quit: WeeChat 2.0]
<{^_^}>
[nixpkgs] @vanzef opened pull request #47056 → pass-git-helper: init at 0.4 → https://git.io/fA73a
<infinisil>
rycee[m]: Will be interested in seeing it once you do put it online
<rycee[m]>
infinisil: Btw, for your module try including the generated init.el as an extraPackage to emacs.
zduch4c has joined #nixos
<samrose>
tilpner: actually yes for what you are doing with steam I see what you mean. I was just thinking more in the realm of simple isolation of env
<infinisil>
rycee[m]: Ah yeah, that would be nicer
<samrose>
tilpner: in my case, I am trying to run multiple applications on one nixos machine, and figure out how to contain the application in a way that the running applications cannot know about each other's data
<tilpner>
samrose - You don't need an FHS env if the application is Nix-packaged
<ixxie>
rycee[m]: so I guess the answer to my question (why the PR didn't go through) is that not enought people actually tested it and looked at it to see if its good enough to be merged....
<zduch4c>
clever: infinisil: anything else to check on Lubuntu?
<zduch4c>
lubuntu@lubuntu:~$ dmesg | grep wacom
<zduch4c>
this also doesn't output anything
<zduch4c>
infinisil must be right, it's something in the udev rules
<samrose>
tilpner: understood. It will likely be that the specific apps I am working with will not be nix-packaged
<infinisil>
ixxie: I have a feeling also because the changes are so big, it's hard to review them
<samrose>
tlpner: this says https://nixos.org/nixos/manual/#ch-containers "Warning: Currently, NixOS containers are not perfectly isolated from the host system. This means that a user with root access to the container can do things that affect the host. So you should not give container root access to untrusted users."
<zduch4c>
so, you guys have any idea how to fix it under NixOS?
<rycee[m]>
ixxie: I think that is a fair assessment. There was a lot of excitement but there wasn't much help given to ts468 for pushing it forward to a mergable state.
<tilpner>
samrose - I'm aware of that. There are multiple degrees of "contain the application in a way that the running applications cannot know about each other's data". To best answer question, what applications will you be running?
<infinisil>
zduch4c: If you don't know how to use udevadm, you should find information in the man pages and/or online
<rycee[m]>
ixxie: I also agree with infinisil, it is a huge PR that touches quite a few core parts of Nixpkgs.
<tilpner>
*your question
<zduch4c>
should I try it under Lubuntu or NixOS infinisil?
<ixxie>
rycee[m]: I guess the latter explains the former
<infinisil>
zduch4c: Both
<clever>
zduch4c: dont see the link for the ubuntu modinfo
<samrose>
tilpner: these applications will be a combo of rust and javascript, with a hash table db per app
<tilpner>
samrose - That's not what I meant. Why do you want/need to separate their data?
<rycee[m]>
Which pretty much guarantees it to take a long time to discuss and work through to a mergable state. While at the same time the code will keep changing underneath it, requiring constant rebasing.
<rycee[m]>
ixxie: Aye.
<clever>
zduch4c: what happens if you try to `rmmod wacom_w8001` on ubuntu?
<clever>
zduch4c: does the touchscreen stop working?
<clever>
zduch4c: if you reload it, does it work again?, does evtest list it?
<samrose>
tilpner: each app will have a "source chain" and it is important that one running application cannot read the data of the other application's source chain
<ixxie>
rycee[m]: I wish I could help but I doubt I am qualified
<ixxie>
rycee[m]: I was wondering... while I have you here, I was wondering if there are neat ways to deploy HM configs using NixOps to
ravloony has quit [Ping timeout: 252 seconds]
<zduch4c>
clever: after removing, the touchscreen stops working, and evtest doesn't list it; after reloading it, it starts working again, and evtest starts listing it
<rycee[m]>
ixxie: Just use HM as a Nixos module. I do it all the time.
<clever>
zduch4c: and evtest shows xy coords when you touch the screen?
<tilpner>
samrose - Depending on how important that is, you should consider VMs over systemd-nspawn/bubblewrap
<zduch4c>
yes clever
<clever>
zduch4c: next thing id check is what dmesg says on nixos, when you rmmod and modprobe again
<rycee[m]>
ixxie: I use nixops for a few computers and have my user configured on them with home manager.
<ixxie>
rycee[m]: oh neat, didn't think that was a thing to do :P I guess that answers my other question too, about how to overlay system settings with user-specific settings in HM
<infinisil>
rycee[m]: user systemd units don't get restarted for me though, which is a bit annoying
zduch4c has quit [Remote host closed the connection]
<tilpner>
samrose - People are still sceptical wrt. the security of user namespaces. The container warning from the manual roughly applies to bubblewrap too, to some extent
<rycee[m]>
ixxie: Basically I have a common.nix that I import into each host-specific nixops configuration and in this common.nix I just have `home-manager.users.rycee = import ../user/common.nix;`
<rycee[m]>
Where ../user/common.nix is a basic Home Manager configuration.
<ixxie>
and that includes your user specific stuff presumably
<rycee[m]>
infinisil: Yeah, that's a bit unfortunate. Home Manager has a very basic understanding of whether there is a running systemd user session and will sometimes miss it :-/
<infinisil>
rycee[m]: NixOS just recently added support for restarting user units actually
<samrose>
tilpner: thanks for the advice
<rycee[m]>
infinisil: I'll try revisiting that some time. I don't have any HM managed user services on my nixops hosts though so I haven't had such strong motivation to fix the situation ;-)
<infinisil>
rycee[m]: Ah actually only reload, not restart: #44990
<ma27>
infinisil: unfortunately restarting user units is way harder than I thought. I have it on my todo list, but it might take some time until I can implement this %)
<infinisil>
ma27: Not sure if that's even advisable though
<ixxie>
rycee[m]: I guess the home-manager.users option is added when installing HM?
<clever>
zduch4c: ah, serio sounds like the ps2 family of protocols
<infinisil>
ma27: I have emacs, my user session, my music, my status bar, and some more things running under user units
<infinisil>
I guess if you have some exceptions it should be fine
<tilpner>
samrose - While a useful tool for interactive usage, I don't think it's a valuable abstraction for your usecase (or what I understood of it)
grp has quit [Quit: box shutting down...]
<clever>
zduch4c: my only other idea is to try the same kernel version as ubuntu
<ma27>
infinisil: I'm not sure yet how to do it (if I'll even implement it), I think that we could skip the restart of *some* units (such as display-manager.service ATM)
<rycee[m]>
infinisil: As a work-around for now you could try putting the necessary systemctl --user commands as an activation script? You could even do something like `home.activation.reloadSystemD = mkForce (dag.entryAfter ["linkGeneration"] "my custom commands") :-)
<samrose>
tilpner: you are probably right
<clever>
zduch4c: dang, 4.10 isnt an option on nixos-unstable
<ma27>
but that's a good point, when I know more I'd open an issue to discuss this first
<infinisil>
rycee[m]: Ah yeah good point, might do that at some point
Ariakenom has quit [Quit: Leaving]
<rawtaz>
can someone verify that in order to have a change to a package merged to master AND also backported to 18.09, i should create two PRs - one with just a regular commit, and the backport one having done `cherry-pick -x` into the 18.09 branch?
<infinisil>
rycee[m]: Ah, you mean from HM -> NUR, yeah
<rawtaz>
aanderse: i guess you're on a deadline ;) thanks for the help
<rycee[m]>
infinisil: Yeah, I was thinking of having the module set up the right imports instead of having to do it manually. Not sure if it's worth it but maybe.
<etu>
jtojnar: So I've got started with gsconnect at least. But it's quite far from working yet. But I made a WIP PR #47059 and tagged you in it if you have suggestions or so :)
<etu>
jtojnar: Note, it doesn't do the install just yet :D
<jackjennings>
Is there a bare-bones example — or is it possible — of how to write a machine definition that runs on ec2, where the nix store and everything else (application data, etc) are on separate volumes (EBS, or otherwise)? I have a working deployment with everything stored together, but would like to separate them for safety. I’ve seen some references to setting this up in GitHub issues, but not a full/working example…
sanscoeu_ has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @xeji opened pull request #47066 → pythonPackages.circus: fix build, add meta → https://git.io/fA7WI
<colemickens>
I'm sorta hacking together my own nix cache thing and just hit something weird.
<colemickens>
I'm getting "file missing from binary cache", but I don't know why it is even expecting to find it.
Anton-Latukha has quit [Quit: Leaving.]
<colemickens>
There's no corresponding narinfo file with the same hash... so how/why does Nix think it should expect to find this particular path in the cache, rather than just needing to build it?
shabius has quit [Quit: Leaving]
<clever>
colemickens: how did you make the binary cache?
<colemickens>
basically, I list all files in the cache, build a new cache, diff the file list, upload files that are missing.
<colemickens>
There's possibly an error in my logic, but I guess I still am missing a piece of the puzzle to troubleshoot why it expects this particular file to be in my binary cache...
<clever>
ah, so its `nix copy` with `file://` that actually makes the dir
<clever>
one min
Mic92 has quit [Quit: WeeChat 2.2]
<clever>
colemickens: for that protocol, the .nar.xz files are named after their hash
<clever>
colemickens: the narinfo will have a different hash in it
<clever>
in my case, 58r35bqb4f3lxbnbabq718svq9i2pda3.narinfo points to nar/15gabh5pdnr6afsp49vb0ym02r09p27b50pinn9phsy366cx2rgb.nar.xz
<clever>
and it declares the hash to be the same as the name of the .nar.xz
<colemickens>
Hm, okay, thanks.
<clever>
colemickens: oh, and if you delete anything from the cache, bad things happen
<colemickens>
So I must've uploaded a narinfo and failed to upload the corresponding nar.xz... I must have a bug.
<clever>
colemickens: nix will cache the existance of things locally, and try to download them later
<colemickens>
clever: I don't think that's my issue here since this is a new VM trying to bootstrap itself, so it wouldn't know any previous existence information.
gamble has joined #nixos
<clever>
ah
<colemickens>
I must just have a bug where I'm uploading narinfo without the corresponding nar.xz. Basically the only way I can think that I ended up in this situation.
<clever>
grep all of the narinfo files you have for the name of the missing file
<colemickens>
Yeah, I would, but it's just going to tell me the same thing probably - that my upload logic is faulty. Anyway, I've got some avenues to explore. :) Thank you.
<{^_^}>
[nixpkgs] @xeji pushed commit from @Synthetica9 to master « circleci-cli: 0.1.0 -> 0.1.2307 (#46983) »: https://git.io/fA7l4
<gamble>
hi, has anyone had success booting nixos on a carbon x1 (2018)? i've used rufus (3.3) to write nixos-graphic-18.03. in bios set OS Optimised Defaults [off], and selected USB as first device to boot from. but it is just ignored...
<cransom>
are there any levers that make hydra blow up in a more visible fashion if it encounters evaluation errors?
foldingcookie has joined #nixos
<clever>
gamble: the iso file is already a valid usb image, and tools like rufus tend to break it
<clever>
gamble: you need to just write the image directly to the usb in dd mode
<colemickens>
clever: so, say I had to purge my cache and start over, can I make Nix forget about all of that? (Hopefully without having to modify my list of cache servers :/ )
<gamble>
yep same result... i select "USB HDD: SanDisk Cruzer Edge" from the boot menu. and nothing happens (screen flashes, returns to boot menu).
<colemickens>
eh, I just left the binary cache out of the list, it'll be fine for now.
kiloreux has quit [Remote host closed the connection]
* colemickens
stares at linux and qemu building. again.
<clever>
colemickens: nuke ~/.cache/nix on root
jackjennings has quit [Quit: jackjennings]
<{^_^}>
[nixpkgs] @Mic92 opened pull request #47070 → Grafana: secrets outside of the nix store + smtp → https://git.io/fA78g
<gamble>
pretty sure i disabled "secure boot" as well. may need to double check that... frustrating. windows 10 is pre-installed on the machine.
<clever>
gamble: i found you have to disable uefi entirely to boot legacy, on some machines
<colemickens>
The ISO should boot in uefi mode too though, right?
<gamble>
^ yep, in my limited understanding that's what i thought too
echel0n_ has joined #nixos
<clever>
colemickens: some bios's are stupid
<clever>
colemickens: there is one that entirely ignores the efi vars, and only boots the path windows puts the binary at
<clever>
my laptop gives me full control over secure boot
Fare has joined #nixos
<clever>
my desktop only has the M$ key or off
<gamble>
hmm im sure i disabled secure boot, but it seems to be re-enabled now. I have just disabled. I can also change to "both" uefi and legacy boot. worth a try?
<clever>
Dezgeg: oh, you mean the bios is too smart, and refuses to run the MBR in the gpt disk?
echel0n_ has quit [Quit: WeeChat 2.0]
<Dezgeg>
not sure if recent machines are affected by that
<clever>
my desktop is also rather dumb, it ran a .efi file on a vfat, that i forgot to tag as the ESP
<Dezgeg>
I'm not sure what the actual problem is (besides "it doesn't work")
jackjennings has joined #nixos
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Cale has quit [Remote host closed the connection]
Cale has joined #nixos
jedahan has joined #nixos
jedahan has quit [Client Quit]
jedahan has joined #nixos
erasmas has quit [Quit: leaving]
jedahan has quit [Client Quit]
<LnL>
legacy boot can be a bit finicky about the partition layout IIRC
jedahan has joined #nixos
jedahan has quit [Client Quit]
<clever>
LnL: from my undestanding, with grub, it will just load and execute the blob in the first 512 bytes, which must then be able to read the stage 1.5 in the bios boot partition
<clever>
with older bios's, the bios boot partition has to be near the start of the disk
jedahan has joined #nixos
<LnL>
there's also something with disks that have 4k block size, but I don't remember if that was legacy or uefi
jedahan has quit [Client Quit]
<dtz[m]>
genesis: sorry, what's 2.7 and old? Is that the radare2 version you're seeing?? D:
<jackjennings>
Is there somewhere were all of the arguments for the machine definition are documented?
jedahan has joined #nixos
jedahan has quit [Client Quit]
<genesis>
dtz[m] : lag but not least :D
<jackjennings>
config, nodes, pkgs, etc…
<clever>
jackjennings: if you omit the ..., then it will fail for any args you didnt name
<clever>
and the error will then guide you towards finding at least the name of each
<jackjennings>
clever: if I wanted to contribute to the documentation so that other people could reference this, would there be a good place to do so?
<clever>
jackjennings: in the nixos docs i believe
<clever>
but some args like nodes are specific to nixops
<clever>
resources is also part of nixops
<genesis>
dtz[m] i'm on radare2 2.9.0-git 19251 , don't remember well and don't really care, this is enough to me, i play a lot with it last week, beautiful tool.
<dtz[m]>
:D
brejoc has quit [Ping timeout: 264 seconds]
<genesis>
(but i didn't success to hack the stuff yet)
<gamble>
any further advice on installation. i disabled secure boot, selected legacy boot as priority (so I assume that's what it has booted in!). can i still follow https://nixos.org/nixos/manual/index.html#sec-installation ? treat as a bios system or uefi?
<dtz[m]>
okay just making sure I was answering what you were talking about, still not sure but doesn't sound like there's a problem to be fixed ^_^
<{^_^}>
[nixpkgs] @xeji pushed commit from @roconnor to release-18.09 « bitcoin: 0.16.2 -> 0.16.3 (#46891) »: https://git.io/fA7BA
<dtz[m]>
o7
<genesis>
dtz[m] : in fact when i spoke about version long time ago, was because people said me i was using a very old version, when i was hacking on mbrola binarieS.
sanscoeur has joined #nixos
<dtz[m]>
oh! lmao someone pinged me earlier and this damn chat interface--well nvm my client problems, haha, now that you MENTION it LMAO today is not August 20-something or whatever hahahaha >>.<< no wonder you're calling me on the late reply :P
<rawtaz>
does anyone know if anyone is working on getting NixOps working with hetzner.de's cloud (afaik it only works with their dedicated servers)?
<genesis>
dtz[m] : yes, you're lagging my friend.
<dtz[m]>
maybe it's time to restore a proper setup, I've been limping on cloud services long enough. Miss me my irssi+screen haha
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « you-get: 0.4.1128 -> 0.4.1148 (#46928) »: https://git.io/fA70g
<rawtaz>
could it be that systemd.service.?.path does not apply/work when the service in question is a unit of "mount" type (one that has .mount appended to it)?
Notkea has quit [Remote host closed the connection]
<rawtaz>
s/work/"have any effect"/
<sphalerite>
rawtaz: yes, that may well be
<rawtaz>
cuz i had to copy vmhgfs-fuse from the open-vm-tools store to /bin and then use fuse./bin/vmhgfs-fuse as the "type" for my fstab entry - that finally made nixos able to mount this shared folder automatically (as in, on boot)
<{^_^}>
[nixpkgs] @matthewbauer pushed 12 commits to staging-next: https://git.io/fA70j
<rawtaz>
so the problem with THAT part of the shared folders issues im trying to figure out seems to be that the unit does not have a path that includes that binary
<rawtaz>
im not sure how to fix that, when the systemd path option isnt working
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « libwebsockets: 3.0.0 -> 3.0.1 (#47020) »: https://git.io/fA7Ef
<sphalerite>
rawtaz: that's kind of nasty. An even uglier result, but arguably a nicer way, is to set the type to "fuse.${pkgs.open-vm-tools}/bin/vmhgfs-fuse"
<rawtaz>
i already tried systemd.services."mnt-hgfs.mount".path = [ pkgs.open-vm-tools "/bin" ]; but it doesnt make it work
<sphalerite>
that way you don't rely on the /bin link
<rawtaz>
sphalerite: right, that would be expanded as part of the derivation processing i take it
<rawtaz>
yeah thats more dynamic indeed
<nDuff>
I'm trying to follow example 15.2 from https://nixos.org/nix/manual/, invoking builtins.fetchGit with a url of the form "git@host:repo/path". However, that appears to be getting treated as a local path: I'm getting an error that /home/nDuff/pkgs/git@host:repo/path doesn't appear to be a git repository.
<rawtaz>
still a hack though :<
Fare has quit [Ping timeout: 252 seconds]
<nDuff>
How can I prevent that from being turned into a filesystem path?
<rawtaz>
(im not even sure that this format of type in fstab is even intentional or if it's just a lucky coincidence that it's working this way :D)
<rawtaz>
nDuff: im totally ignorant but shouldnt you have a git:// url in there or something? just guessing out loud here.
<gamble>
Following > a # (make the partition bootable)
<gamble>
I get "unknown command"
<nDuff>
I'm accustomed to git:// being used for the git protocol, vs git-over-ssh. But then, that's what git's command-line tools expect; not to say I know what nix's tooling expects.
<rawtaz>
gamble: i dont think you need to do that specific part. i didnt, it worked anyway. perhaps just lucky
<rawtaz>
nDuff: yeah, thought that was what you wanted. what protocol do you intend to use?
<nDuff>
SSH.
<gamble>
aha, thanks. will press on
<rawtaz>
gamble: worst case if it doesnt work you can always make it bootable later somehow :)
<rawtaz>
nDuff: try making it an ssh url then? :D
<nDuff>
...and example 15.2 is using url = "git@github.com:my-secret/repository.git" should work :)
<nDuff>
s/using/claiming/
<rawtaz>
yeqh youre probably right
<sphalerite>
nDuff: if you quote it, I think it should indeed work
<sphalerite>
nDuff: if you don't want to quote it, I think you need to add the ssh:// url scheme
jluttine has quit [Ping timeout: 264 seconds]
haslersn has joined #nixos
<colemickens>
is setting nix.maxJobs=48 sufficient for ensuring, say, I'm building the kernel using all available CPU? (assuming it's a 48 core machine)?
<haslersn>
Hi. If I set the buildFlags in a Nix package to [ '' CPPFLAGS="-flag1 -flag2" '' ]; somehow the quotation marks become escaped and make says that it doesnt know -flag2. why is that?
<colemickens>
What if there's only one job, but I want it to use all cores?
<rawtaz>
sphalerite: heh, doesnt work with the ${pkgs.open-vm-tools}, because that resulting path contains dots, not appreciated apparently. if one could make a symlink it might work referencing that instead of course.
<rawtaz>
yup. i will probably create an issue for this and see if we can get a discussion going, because as it is now one cannot add fstab entries for shared folders easily/without hackery. then again, perhaps this isnt something that's normally done, and instead the tools should handle it automatically (just having enabled shared folders in the VM settings i mean) - that is the next thing i was going to look into, because it doesnt work either
<nDuff>
Using ssh:// does indeed work, though my string is already quoted, so I'm unclear on why that was a necessary change.
<Enzime>
do you guys keep your /nix on HDD or SSD?
<rawtaz>
but first lets get the latest open-vm-tools into nixos, as soon as #46921 is merged so i can backport it to 18.09
<rawtaz>
sphalerite: just noticed/realized that /run/current-system/sw/bin/vmhgfs-fuse exists - shouldnt binaries in /run/current-system/sw/bin be linked to from /bin by default?
<genesis>
my conservatice choice : xfs.
haslersn has quit [Quit: Page closed]
<rawtaz>
sphalerite: if not, perhaps it's normal for packages to create such links for specific binaries when needed? in this case that might be justified, to be done by open-vm-tools that is
<samueldr>
rawtaz: that happens for what's in systemPackages, that's what's added to your PATH
<samueldr>
services can make use of things without putting them here (e.g. ${pkgs.hello}/bin/hello)
<samueldr>
it may be a better workaround to use that path, and always add it to systemPackages, but I'm not sure if that would be something mergeable as-is in nixpkgs
<samueldr>
(well, where better == working, since the full path with dots doesn't work)
<rawtaz>
samueldr: but this one cant, because it's a "mount" type of system unit, and apparently it doesnt care about the path setting
<samueldr>
maybe a shim script with a clean dotless name as a derivation in /nix/store/ could do it?
<rawtaz>
samueldr: let me also put it another way; open-vm-tools has a bunch of binaries, but these binaries are not linked to from /bin - shouldnt they be? i didnt put open-vm-tools in systemPackages, because vmwareGuest.enable does so.
<samueldr>
nothing should be in /bin except sh for POSIXLY compatible reasons
<rawtaz>
samueldr: such a shim seems like a hacky workaround, as it deviates from the normal naming style of things
<samueldr>
(with nixos)
<rawtaz>
right, makes sense. /bin is special, shouldnt be filled with stuff
<rawtaz>
i wonder if it works to put this binary in other places, ill try that. i guess something like /usr/local would be fine to populate?
<{^_^}>
[nixpkgs] @thoughtpolice pushed commit from @Taneb to release-18.09 « haskellPackages.sbv: fix location of z3 executable »: https://git.io/fA7ui
<joepie91>
,locate ab2
<{^_^}>
Couldn't find any packages
<joepie91>
oh
<joepie91>
,locate ab
<{^_^}>
Found in packages: dirt, atom, cheat, povray, granite, sequeler, sonic-pi, and 9 more
<samueldr>
systemPackages is that location, and if the vmware thing enables it, maybe it's the best location?
<{^_^}>
[nixpkgs] @thoughtpolice pushed commit from @Taneb to release-18.03 « haskellPackages.sbv: fix location of z3 executable »: https://git.io/fA7u1
<samueldr>
sorry, I was thinking two thoughts at the same time, can't do that, let me rephrase
Dedalo has quit [Ping timeout: 245 seconds]
<rawtaz>
thank you, was having a hard time parsing that
<samueldr>
I think /run/current-system/sw/bin is as best as a location than any for a safe well-known path; since the vmware option already adds open-vm-tools to systemPackages, it might be fine to rely on that, I'm just not 100% sure if this happens for other software (relying on current-system)
<samueldr>
hmm, only a few uses I can see
<samueldr>
possibly fine, with the proper explanation documented
<rawtaz>
right, i will use that instead for now, so in fstab i will make the type be fuse./run/current-system/sw/bin/vmhgfs-fuse
jluttine has quit [Ping timeout: 246 seconds]
<rawtaz>
it's still a hacky workaround to the fact that i cannot set the path for the systemd mount unit (assuming that is what's keeping it from executing the vmhgfs-fuse binary, which i can happily run manually, so it should be that)
jluttine has joined #nixos
jasongrossman has joined #nixos
<{^_^}>
[nixpkgs] @thoughtpolice pushed to release-18.09 « libiio: init at 0.15 »: https://git.io/fA7zU
<slabity>
Hey guys, working on a derivation. I'm using autopatchelf here. It's telling me some libraries like `libdbus-1.so.3` are missing. What's the standard way to fix that?
<samueldr>
if you were to set CPPFLAGS="my string with space" as an attribute in the derivation it would be exported right
<rawtaz>
hm did i just screw something up here.. is there normally a /sbin directory or link in nixos?