<lesh>
hey anyone has a recomendation for a web gui for iptables that's packaged for nixos?
Ariakenom has quit [Read error: Connection reset by peer]
<jluttine>
Is nixos/nixpkgs using any trello-like tool to manage the work? I would suggest waffle.io, I found it yesterday and it seems great. It integrates to github so basically no need to do much (almost anything) but still able to take nice benefits from it.
<srhb>
jluttine: Occasionally various breakout stuff is handled on trello. I believe nixcon 2018 prep work was organized there.
<srhb>
jluttine: But in general, no.
<srhb>
There is no manage, only happy chaos. :-)
<srhb>
jluttine: waffle.io looks.. Wrong :P
<jluttine>
srhb: i think it would help handling issues and pull requests
<jluttine>
srhb: oh, why? :)
<srhb>
Looks like a french phishing site?
<jluttine>
Oh.. wait..
<jluttine>
I guess they have some technical issue at the moment :o
<srhb>
For technical issues of the scale "will steal your monies" :P
<jluttine>
That's the site name anyway..
<jluttine>
It's free for open source :)
thc202 has joined #nixos
<cocreature>
github also has its own trello-like tool these days in the form of github projects
<jluttine>
But that is somehow wrong at the moment :o
<jluttine>
cocreature: yep, waffle.io is very similar but just much better
<srhb>
Yeah, stay clear of waffle.io for the moment. Looks compromised.
<jluttine>
Yep
<jluttine>
Sorry..
<srhb>
(Probably) not your fault :-P
<jluttine>
Didn't check the site before mentioning :/
<cocreature>
I’ll take slightly worse but not compromised over compromised but slightly better :)
<jluttine>
:D
orivej has quit [Quit: No Ping reply in 180 seconds.]
graphene has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @alexeymuranov opened pull request #47515 → [18.09] flatpak: 0.99.3 -> 1.0.2 (cherry-picked from master) → https://git.io/fxfkT
<thblt>
tilpner: you contacted me privately yesterday, feel free to retry 'cause I have no idea how to initiate a private conversation on my side with ERC (Yeah, I know, Emacs rocks)
<adisbladis>
thblt: /query tilpner
jasongrossman has quit [Ping timeout: 252 seconds]
b has joined #nixos
<{^_^}>
[nixpkgs] @manveru opened pull request #47516 → dbmate: init at 1.4.1 → https://git.io/fxfkC
<manveru>
let's see if i can keep this a-package-a-day streak up :)
<sphalerit>
manveru: no, that post describes how to build armv7 stuff natively on a machine whose primary instruction set isn't armv7. Cross is completely different >.<
<manveru>
yeah... as i said, i know nothing about this :P
<sphalerit>
Cross-compiling for nixpkgs's example systems is as simple as `nix build nixpkgs.pkgsCross.raspberryPi.hello` for example with recent nixpkgs (not sure if this made it to 18.09?)
<sphalerit>
But many many packages fail to cross-compile
sir_guy_carleton has joined #nixos
georges-duperon has quit [Ping timeout: 252 seconds]
__monty__ has joined #nixos
camsbury has joined #nixos
sir_guy_carleton has quit [Disconnected by services]
<{^_^}>
[nixpkgs] @rnhmjoj opened pull request #47526 → nixos/syncthing: move configuration to condigDir → https://git.io/fxfY7
Kelppo has joined #nixos
gmarmstrong has quit [Quit: Quit]
mayhewluke has quit [Ping timeout: 240 seconds]
mayhewluke has joined #nixos
<buckley310>
I am currently testing gnome on 10.09. since i updated, accesing sftp resources no longer maps them to /run/user/1000/gvs/. I think this is unintentional? Or am i just missing some configuration?
<buckley310>
gvfs*
alex`` has joined #nixos
lo_mlatu has quit [Quit: Connection closed for inactivity]
<hyper_ch>
do you have to be a registered user to enter this channeL?
<sphalerite>
hyper_ch: currently yes, because of spam issues
<hyper_ch>
why not just set it so that only registered users can write?
<hyper_ch>
much better than being diverted to another channel
<sphalerite>
gchristensen: ^?
Kelppo has quit [Ping timeout: 272 seconds]
<gchristensen>
one reason: it is easier to give unregistered people targeted instructions by shunting them to a different channel
vandenoever has joined #nixos
<gchristensen>
I'm not 100% on my channel modes, but certain channel modes allow unregistered people to speak but only ops can see the messages, which would definitely be a disaster
<gchristensen>
that said, the messages to #nixos-unregistered has been quite low for the past few days, so
<hyper_ch>
gchristensen: it's annoying because it keeps opening those channels you've joined ones
<hyper_ch>
anway, channel mode would be +q $~a
<gchristensen>
I completely agree it is annoying, and I don't like +rf
kingkong|Q has joined #nixos
<kingkong|Q>
ppf: I'm not sure I got that. If I have my interface template functions in the header, how do I dereference the pImpl pointer?
<kingkong|Q>
i refuse to use anything other than firefox
kingkong|Q has quit [Killed (Sigyn (Spam is off topic on freenode.))]
<gchristensen>
welp.
<hyper_ch>
gchristensen: /quote help extban
<hyper_ch>
giving a user voice, overrides +q $~a
<sphalerite>
hyper_ch: authenticate using SASL, that way you're authed before joining any channels
<gchristensen>
wow! cool! I had no idea Freenode had a custom "help" command
<hyper_ch>
gchristensen: a buddy who used to be freenode staff told me :)
<samueldr>
though, the issue with that: the unregistered users will think their question was asked
<samueldr>
right?
<gchristensen>
we'd have to test, but some combination of modes results in that
<hyper_ch>
no, they will get a message that they need to register
<hyper_ch>
ah no...
<hyper_ch>
they just get a message Cannot send to nick/channel: #...
<samueldr>
:/
<gchristensen>
if you require +v to speak, people without +v can still message iirc, and +o's can see their messages. an idea was to have {^_^} (or something) be +o to hand out +v to registered people, and reply to people who tried to speak without being registered
<samueldr>
gchristensen: I am unsure with freenode, but from the help pages, it looks like there is no extban that stops the user from speaking AND relays to +o
<gchristensen>
no extban involved
endformationage has joined #nixos
<samueldr>
ah, it's [+b, +m, +q] and +z
<samueldr>
The effects of +b, +q, and +m are relaxed. For each message, if that message would normally be blocked by one of these modes, it is instead sent to channel operators (+o).
<{^_^}>
#47435 (by jpotier, 1 day ago, open): renoise: add mpg123 to runtime deps
<Acou_Bass>
hey everyone, im thinking about switching my mini server to NixOS when 18.09 rolls round (dont really see the point in switching now and upgrading soon!) but curious about using a letsencrypt cert for ZNC (which is how i currently have it)... right now there is services.znc.confOptions.useSSL but that generates a self-signed cert rather than an LE one
<Acou_Bass>
anyone had this working?
<Acou_Bass>
im thinking it maybe better to just make the znc conf directory mutable, and run certbot manually and just concat it all into a file and drop it into the folder myself
avn has joined #nixos
alex`` has quit [Ping timeout: 268 seconds]
<buckley310>
you can run nginx with enableACME=true, which dumps valid certs in /var/lib/acme/. better than manual :)
MinceR_ is now known as MinceR
<Acou_Bass>
ahhh handy
<Acou_Bass>
i was wondering if theres a certbot module as well (i dont use nginx so not really much point in running it if i can avoid it!)
<Myrl-saki>
FWIW, a certbot module would be hell to maintain.
<Myrl-saki>
Since you have to take a lot of assumptions on people's setups, and god knows how many certbot integrations there are for different we bservers.
<Acou_Bass>
yeah
<Acou_Bass>
i pretty much only use certbot for my ZNC server these days, but i can see how that could be a problem :P
<buckley310>
it seems like the main options are to either use nginx, or set it up yourself and use "security.acme.certs.*"
<buckley310>
so it seems like my gvfs issue is resolved until the next reboot if i run the command "systemctl --user stop gvfs-daemon" and let the service restart itself... strange. is anyone else using gnome on 18.09? so i can compare notes
vcunat has quit [Ping timeout: 252 seconds]
<Ralith>
some hours after updating my server to 18.09, it lost all IPv6 connectivity; can anyone help me diagnose?
<Ralith>
tcpdump shows pings to e.g. google going out but never coming back
patrl has joined #nixos
<symphorien>
do you block icmpv6 ? some types of icmpv6 packets are required for ipv6
<symphorien>
(mtu negociation)
<Ralith>
not to my knowledge
<Ralith>
looks like dhcpcd is giving me lots of "DHCPv6 REPLY: No prefixes available for this interface.", that looks relevant
<Ralith>
the host only provides documentation for dhclient, which doesn't seem to exist on NixOS? but I had everything working fine before upgrading...
<hyper_ch>
it would then add the required dns TXT entry to my ispconfig installation
<hyper_ch>
and issue a EEC
<hyper_ch>
as said, I just love dns-01
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
georges-duperon has quit [Ping timeout: 252 seconds]
Thra11 has joined #nixos
<Acou_Bass>
ive never used it to be honest, my usage of such tools is very minimal, i dont run websites or anything fancy hehe, just self-host my own services like znc :D
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « nwjs: 0.32.2 -> 0.32.4 (#46231) »: https://git.io/fxfcN
<{^_^}>
[nixpkgs] @dtzWill opened pull request #47531 → vim-plugins: update and add few I use or have used → https://git.io/fxfcA
<wirew0rm>
is this a nix problem or some quirk on my system? the progress command (pkgs.cv) can not find the cp command, I can use it by either passing "-p PID" or "-c coreutils". It also shows "coreutils" where you qould expect "cp" in the output...
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « gzdoom: 3.5.0 -> 3.5.1 (#46276) »: https://git.io/fxfC5
<mekeor>
my microphone (external) is very quiet. i already turned "mic boost" options in alsamixer all the way up. is there anything else i can do about this?
<hyper_ch>
Acou_Bass: with DNS-01 you can get a cert without having to run a http server and point domain entry to it
<Acou_Bass>
ah right hmm
<hyper_ch>
which is nice for machines that can't be reached from the internet :)
<hyper_ch>
but if you have no need for it, then do not fret about it
<{^_^}>
[nixpkgs] @Mic92 merged pull request #47531 → vim-plugins: update and add few I use or have used → https://git.io/fxfcA
<{^_^}>
[nixpkgs] @matthewbauer pushed 5 commits to master: https://git.io/fxfl2
<Unode>
Hi all, I'm trying to find programmatic ways of doing certain nix metadata actions. For instance, is there any way to list all the attributes that can be overriden in a derivation? For instance when querying for zathura, I'd like to see 'useMupdf ? true' and 'synctexSupport ? true' in the output (see https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/misc/zathura/default.nix).
<Unode>
camsbury: using attrNames lists a bunch of things. But for instance in the case of zathura, the two attributes I mentinoed aren't present in the output.
<samueldr>
hm! seems there is no mention of the unabbreviated name of "primop" in the nix source
<Unode>
samueldr: I couldn't find it in google either.
<samueldr>
(grepped using prim.+op)
<Unode>
there's a primops.cc file
<Unode>
nix's manual also mentions the term without prior definition.
<samueldr>
it might be sane to assume it's the same meaning
camsbury has quit [Quit: Leaving...]
jD91mZM2 has quit [Ping timeout: 268 seconds]
<Unode>
hum... so... if I encounter this in nix's context, is the interpretation that I got some primitive function and the resolution that I need to pass an additional argument?
<Unode>
as in, a partially applied function?
<samueldr>
pretty much
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « libburn: 1.4.8 -> 1.5.0 (#47034) »: https://git.io/fxf83
<{^_^}>
[nixpkgs] @xeji pushed commit from @r-ryantm to master « chromedriver: 2.41 -> 2.42 (#47329) »: https://git.io/fxfBC
<Unode>
coming from gentoo (and derivates) I still miss some of it's high-level querying toolkits (e.g. q {qlist, qfile, ...}, equery {uses, depends, which, size, ...}).
<Unode>
infinisil's issue above covers most of the requirement for a 'equery uses' equivalent.
<infinisil>
I'm not entirely sure what each of those do, but I think Nix has all of those
<Unode>
infinisil: I've been looking around for those without much luck. Maybe they are hidden in some interface I haven't yet found.
<infinisil>
Can you explain what they do?
<Unode>
there's also a cheat sheet in the wiki but it doesn't cover all those. And for those that it does, the incantation is hard to memorize.
<Unode>
infinisil: sure, give me a moment and I can paste a sandbox example
<infinisil>
Nix has: closure size nix path-info -S, immediate dependencies nix-store -q --references, dependents nix-store -q --referrers, "which" could maybe be nix-index, no idea about the others
<Unode>
infinisil: your examples cover a few of the things I mentioned. nix-index covers something which gentoo doesn't (didn't?). You need to have it on the system to find what package owns it.
<Unode>
One minor peeve I have here is that nixos has too many interfaces. For instance in the examples you mentioned there's at least two. 'nix' and 'nix-store'. The cheat sheet also mentions nix-instantiate and nix-env at times.
kreisys has joined #nixos
<infinisil>
Neat
<infinisil>
The only thing I don't see Nix having is the options listing, but yeah, that's currently not possible, but while writing above PR I thought it might be possible
<infinisil>
Unode: Yeah, I mostly use the nix-* style commands still, the nix command isn't fully matured
<Unode>
I was keeping an eye on 'nix' as a unifying UI but its utilities are a bit all over the place. From high to low level and with many different roles under one single namespace (store actions {sysadmin}, hashing {dev}, build {dev/user}) but is lacking on 'user' roles.
<samueldr>
Acou_Bass: journalctl --user -b0 may show clues
<Acou_Bass>
yeah I'll boot into an older one and try :D i did also try journalctl -b display-manager but that didn't give me anything useful side from showing that plasma segfaulted
<samueldr>
ooh, informations, but still not great
<kreisys>
Is there any way to force an attrset of derivations to be built in its entirety before proceeding? Currently I do that by writing out a json file and then importing it but that has the undesirable side effect of losing the context (i.e., the store paths become just strings). Is there another more correct way of doing this?
<srid>
`nixos-install` doesn't prompt for root password. what gives? how do I forcefuly set a root password (before I reboot)?
Thra11 has quit [Ping timeout: 252 seconds]
<srid>
oh wait, it error'ed out.
<samueldr>
that ought to do it :)
<Acou_Bass>
the full journalctl didnt seem to give me much to go off either hmm
<Unode>
Acou_Bass: check also .xsession-errors I had a similar issue that turned out to be an overlay package with a bad env.d file causing bash to error early.
<Unode>
I found some hints on this file that lead me to find the culprit.
<Acou_Bass>
hmm
<Acou_Bass>
i dont have any overlays
<Acou_Bass>
but yeah ill see
<Unode>
In my case, I logged in, saw a black screen and then immediately back to the login screen.
<Unode>
try a different window manager then (for debugging). In my case even fluxbox and failsafe (which are supposed to be minimal/lightweight) failed.
<adamCS>
If this is an appropriate place for nix on macOs question: I upgraded to mojave (macOs 10.14) and I am using a nix setup (reflex-platform) with a pinned version of nixpkgs. I think I sorted that out--forked that version, made the mojave changes, and pointed my version of reflex-platform at that. So far so good. But then when I do nix-shell ..., it starts rebuilding a lot of stuff. It got some from cache.nixos.org but I'm
<adamCS>
not sure it's checking the reflex-frp cache. Is there any way to check that I have that configured correctly?
xeji has joined #nixos
<gchristensen>
run `nix show-config` and look for `substituters` or `extra-substituters`
<adamCS>
gchristensen: Thanks! It's there. Any way to check that things are set up correctly? Like if I had the key wrong or the url incorrect, would I know?
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fxfuu
<judson>
So, on the one hand, I'm wondering if I should submit a PR to nixos/nix, and on the other nix-build release.nix -A build.x86_64-linux on master fails for me.
<samueldr>
Qt in nixos has a weird wart where mixing and matching Qt versions may fail like that
<samueldr>
or alternatively, nix-env -u if they were installed in a way that would update them
<Acou_Bass>
hmmm
<Acou_Bass>
ill try uninstalling first
<Acou_Bass>
theres a chance some of them were installed from different channel (i run unstable as user)
<samueldr>
it could cause issues
<samueldr>
I'm not 100% sure but I think there was a change between 18.03 and 18.09 related
<samueldr>
the main gist of the wart is that the PATH is used to figure out location of Qt libraries; what could be happening is that a system Qt app checks in a PATH where your your user profile added a Qt component, and then it loads the wrong one and ...
<samueldr>
> Could not load the Qt platform plugin "xcb" in "" even though it was found.
<joepie91>
how do I see the ID of the current system config generation?
<Acou_Bass>
soo... if i can boot into 18.09 properly, THEN install the qt apps to my user (from nixos channel) it should be OK? its basically because some of the applications are still sitting there from 18.03 chanel?a
<samueldr>
joepie91: maybe the symlinks in /run/, booted-system and current-system
<samueldr>
Acou_Bass: that's my assumptions
<joepie91>
samueldr: that doesn't include a generation ID though?
<joepie91>
just a hash
<samueldr>
oh, you want the number
<elvishjerricco>
joepie91: Look at the targets of the generations and see which one matches the target of /run/current-system
<joepie91>
samueldr: yeah
<joepie91>
elvishjerricco: okay, how? :P
<joepie91>
'look at the targets of the generations' specifically
<Acou_Bass>
samueldr: looks like your assumptions were correct
<joepie91>
don't think there should be two drives there, suggests that Nix is getting confused about this
<joepie91>
unfortunately my system booted right into generation 59
<joepie91>
ie. the last generation of the config on my boot partition, suggesting that it's still trying to boot from tehre
<joepie91>
there*
cnidario has quit [Remote host closed the connection]
<joepie91>
boot.loader.grub.device = "/dev/sda";
<joepie91>
any ideas on how to get it to boot from the rootfs, which is raid1 mdadm (unlike the separate boot partition which is plain ext4 on a single disk)?
<samueldr>
does the old boot partition still exist?
<joepie91>
samueldr: the partition, yes, I've left that intact
<joepie91>
but it was no longer mounted during rebuild
<samueldr>
uefi or legacy boot?
<joepie91>
legacy
<joepie91>
(not sure this box even *has* UEFI)
<samueldr>
which partitions have the boot flags?
<joepie91>
eh... good question :)
<samueldr>
grub might be tricked into loading the old file from the old boot partition
<samueldr>
IIRC, it just checks for the first with boot flag to *then* get a configuration fil
<joepie91>
hm.
<joepie91>
let me try and change that, and hope I don't brick it
<samueldr>
make sure you have a usb drive to fiddle around with bootable flags :)
<joepie91>
eh... none of the partitions have any flags
<samueldr>
(or iso, or floppy)
<joepie91>
samueldr: server in datacenter, can get KVM on request, no physical access
<samueldr>
oh, that's more of an issue :)
fendor has quit [Read error: Connection reset by peer]
* samueldr
can't find confirmation that the "bootable" flag would be used by grub2
smolboye has quit [Ping timeout: 252 seconds]
smolboye has joined #nixos
<samueldr>
if grub hardcodes which partition to load the grub.cfg file from, I think you might need to rebuild using "--install-bootloader" (see man nixos-rebuild)
<samueldr>
but uh, can't find hard evidence
<joepie91>
samueldr: how do I do that when using nixops? :P
* samueldr
has no knowledge about nixops
<joepie91>
hrm
<alex``>
What is the file explorer on ISO Plasma?
<alex``>
Dolphin?
<Acou_Bass>
yeah
justbeingglad has joined #nixos
justbeingglad has left #nixos [#nixos]
<joepie91>
samueldr: I think I'll just try rebuilding to a temp config...
<joepie91>
locally on the server
<joepie91>
and then deploy over it with nixops
<joepie91>
and hope nothing breaks
* joepie91
is probably going to regret this
georges-duperon has quit [Ping timeout: 252 seconds]
jluttine has quit [Ping timeout: 268 seconds]
<elvishjerricco>
joepie91: You can do --install-bootloader on a nixops machine by running switch-to-configuration manually
<elvishjerricco>
I think...
<joepie91>
lol whoops that local reinstall wiped out my nixops pubkey
<joepie91>
err...
<alex``>
How to show icons in Dolphin?, I’m using it from i3, I have no icons
<joepie91>
help? :D
<elvishjerricco>
joepie91: No more ssh access?
<joepie91>
elvishjerricco: manual access, just not through the key that nixops uses
jluttine has joined #nixos
<joepie91>
(nixops generates its own keypair on the first deployment)
<{^_^}>
#11556 (by flosse, 2 years ago, closed): kde5.dolphin: QPixmap problem
<joepie91>
there, fixed it
<joepie91>
opened the sqlite DB (~/.nixops/deployments.nixops), looked up the machine under Resources, remembered ID, looked up the SSH public key in ResourceAttrs with the right machine ID and the none.sshPublicKey option, added it to the system's local configuration.nix, did a rebuild
<joepie91>
and then NixOps could get in again
georges-duperon has joined #nixos
<joepie91>
samueldr: the --install-bootloader fixed it!
<joepie91>
thanks :)
<samueldr>
then I guess that grub embeds which partition to use into the bootloader on legacy systems
<samueldr>
also, good to see you haven't hosed your system :D
<joepie91>
so, tl;dr for future readers: if you want to move /boot off its own partition to your root FS (on non-UEFI or legacy), make sure to run nixos-rebuild with `--install-bootloader`; do that locally if you use NixOps then reinstall with NixOps afterwards, and fix the SSH key access as described above
<joepie91>
ta-da magic
<joepie91>
(also make sure to unmount /boot before your rebuild, and to remove it from your fs config)
<joepie91>
samueldr: I suppose
<joepie91>
I'm just surprised this isn't reinstalled on every rebuild
<joepie91>
I'm wondering if that is maybe a bug
<joepie91>
it does seem to break the concept of "nixos-rebuild will make your system like you asked"
<samueldr>
pretty sure it's not a bug since it's a behaviour behind a flag, but maybe to be reviewed
<devoid>
hi all, I'm trying to figure out how to bundle up github.com/thebigmunch/gmusicapi-scripts to run on my system and reading the python section of the manual. But I'm having trouble figuring out how to sink my teeth into building applications and packages...
<joepie91>
samueldr: UX bug, not technical bug
<joepie91>
:P
<samueldr>
there may be a reasoning, though I can't be sure what it is :/
<devoid>
I get to the section 9.11.1.2.1. Packaging a library but at that point I can't figure out how to call nix-shell or nix-build against a file outside the nixpkgs repository
<samueldr>
if you open an issue, ping me on it, and maybe ask for eelco, I think he's pretty much the owner of everything related to boot
Rusty1 has joined #nixos
<devoid>
so like, if you look at the first nix derivation in '9.11.1.2.2. Handling dependencies' what should I put in the # ... part to get nix-build or nix-shell to have the right context to invoke it?
<devoid>
I really want to avoid just editing a file in the nixpkgs repository and having to keep updating my branch against each release.
jmeredith has quit [Quit: Connection closed for inactivity]
<infinisil>
Aw yeah, I built a program that can come up with an importance ranking of nixpkgs attributes
<gchristensen>
ooo?
<infinisil>
Where an attribute is important if it's used by a lot of other attributes
<gchristensen>
sounds like a thing I've made recently too :)
<gchristensen>
that is great, can you share?
<infinisil>
Well it's not completely done, I just encountered some concurrency bug. Will share when shareable
Lears has quit [Ping timeout: 245 seconds]
simukis has quit [Ping timeout: 260 seconds]
alex`` has quit [Quit: WeeChat 2.2]
<infinisil>
gchristensen: I could also emit the full dependency graph of all attributes :D
jasongrossman has quit [Ping timeout: 240 seconds]
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
<devoid>
Or perhaps a more specific question: assuming I figure out how to have a standalone nix file that does the right things, how should I package something like https://github.com/thebigmunch/gmusicapi-scripts which contains multiple separate cli commands: gmupload gmdelete gmsearch, etc. ?
MrAngel has joined #nixos
<MrAngel>
Hello. I'm trying to install from the LiveCD and my monitor can't detect the input when I start the display manager - it flashes up a message saying it's receiving a resolution/frequency that aren't compatible. How do I go about specifying known-good values explicitly?
<ldlework>
Anyone here do Django development with Nix?