samueldr changed the topic of #nixos to: NixCon 2018 - 25-27 Oct In London https://nixcon2018.org/ || NixOS 18.09 released https://discourse.nixos.org/t/1076 || https://nixos.org || Latest NixOS: https://nixos.org/nixos/download.html || Latest Nix: https://nixos.org/nix/download.html || Logs: https://logs.nix.samueldr.com/nixos/ || #nixos-dev, #nix-darwin, #nixos-aarch64, #nixos-chat, #nixcon
<nekroze> is there a prefered pastbin for this room? I can provide full output
<rawtaz> i dont remember, but pastebin.com works
<{^_^}> Channel nixpkgs-18.09-darwin advanced to https://github.com/NixOS/nixpkgs/commit/f4bb9c421f6 (from 8 hours ago, history: https://channels.nix.gsc.io/nixpkgs-18.09-darwin)
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
aanderse has joined #nixos
jasongrossman has joined #nixos
<nekroze> rawtaz: I have tried switching from en_AU to en_US to no effect
<samueldr> nekroze: could you run `nix-shell -p nix-info --run nix-info`, wondering if you're on an older 18.03 release
<samueldr> my locale is en_CA and I had no trouble updating
<samueldr> so I would guess that en_AU shouldn't be an issue
iyzsong has joined #nixos
<nekroze> samueldr: system: "x86_64-linux", multi-user?: yes, version: nix-env (Nix) 2.0.4, channels(root): "nixos-18.09", channels(nekroze): "", nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs
<samueldr> hmmm, sorry nixos-version :)
<samueldr> I thought the info was in nix-info too, but looks like it isn't
<nekroze> samueldr: 18.03.133245.d16a7abceb7 (Impala)
<nekroze> all good
<nekroze> should I try update 18.03 first?
<samueldr> hmm, 17 days ago, so you're up-to-date enough that I wouldn't think it would matter :/
<samueldr> (and in reality I wouldn't think at any version of 18.03 there would be issues :/)
<nekroze> tried it anyways, no effect
LysergicDreams has quit [Ping timeout: 252 seconds]
<samueldr> did it actuallly fail?
<samueldr> the last line pastebinned is "updating GRUB 2 menu..."
<nekroze> actually the exit code was 0...
<samueldr> haha it probably worked fine
<nekroze> facepalm... mea culpa
<samueldr> no worries!
<nekroze> will report back after reboot
<samueldr> there's a known issue that 18.03-era glibc has trouble loading the more recently updated locales from the more recent glibc
<samueldr> but most everything works anyways, things just are noisily unhappy
<nekroze> yeah I had recent issues like that on arch linux so I think I just saw it and alarm bells went off
<samueldr> don't forget to put back 18.09 as your channel
<samueldr> or else the next update may look wrong!
nekroze has quit [Quit: Lost terminal]
jperras has joined #nixos
simukis has quit [Quit: simukis]
nekroze has joined #nixos
<nekroze> reporting back from 18.09, I like the new grub theme
<nekroze> thanks for the assist all!
<samueldr> :)
JonReed has quit [Ping timeout: 256 seconds]
<samueldr> I don't even see it, having customized by grub theme
<samueldr> I probably should remove my customization
<nekroze> samueldr: its one of the few things I havent yet reskined with a solarized theme :D
nekroze has quit [Client Quit]
<{^_^}> [nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fxs34
goibhniu has quit [Ping timeout: 260 seconds]
<Edes> any commands I should run after nix-rebuild switch --update?
mayhewluke has quit [Ping timeout: 268 seconds]
mayhewluke has joined #nixos
fragamus has joined #nixos
thc202 has quit [Ping timeout: 252 seconds]
Dedalo has joined #nixos
<jasongrossman> Edes: No.
Edes has quit [Quit: Lost terminal]
Mateon2 has joined #nixos
<Acou_Bass> 'reboot' probably :D
Mateon1 has quit [Ping timeout: 252 seconds]
Mateon2 is now known as Mateon1
<clever> if your planning on rebooting, then `nixos-rebuild boot` would be better then switch
LysergicDreams has joined #nixos
sir_guy_carleton has joined #nixos
sigmundv has joined #nixos
smolboye_ has joined #nixos
smolboye has quit [Ping timeout: 252 seconds]
stanibanani has joined #nixos
stanibanani has left #nixos [#nixos]
sigmundv has quit [Ping timeout: 244 seconds]
<Ashy> hmm, upgrading to 18.09 doesn't seem to be working
<Ashy> `sudo nixos-rebuild switch --upgrade` succeeds but then `cat /etc/*release` still shows 18.03
<Ashy> do i need an explicit reboot?
<clever> Ashy: did you change your channel first?
<Ashy> i changed system.stateVersion in my config repo
<clever> Ashy: stateVersion has no impact on what channel your using, and changing it breaks the very thing its meant to fix
<Ashy> Oh
<jasongrossman> Sorry to repeat myself, but the name "system.stateVersion" is not working. It's misleading huge proportions of people.
sb0 has quit [Quit: Leaving]
<clever> jasongrossman: thats why nixos-generate-config puts a giant-ass warning on it now, in the comments
<Ashy> so how do i declaritively set my channel?
<jasongrossman> clever: That is very good, and totally in the right direction, IMO, but apparently it's not enough.
lassulus_ has joined #nixos
<Ashy> yeah, that warning is still in my config heh, reading comprehension fail
<clever> Ashy: thats one of the few things that cant be done declaratively, you need to use `nix-channel` to change the channel, check its man page
<jasongrossman> Ashy: Setting channels is one of the ...
<Ashy> but yeah, if it's not where you set the "major version", maybe it needs a better name?
<jasongrossman> Overlapped, including even the same wording.
<jasongrossman> Ashy: You're not alone. It's one of the commonest issues here, to say nothing of all the people who give up on NixOS before finding out the answer.
<Ashy> PRs welcome? or is this one that hasn't got consensus?
<jasongrossman> It hasn't. :-(
<jasongrossman> I don't know whether a PR would help get consensus. Maybe.
<Ashy> system.stateVersionCompatabilityThisIsNotWhereYouSetTheChannel = "18.09"
<jasongrossman> I recommend changing it to "system.snthsnthsnthsnthsnthsnththdnthdcgdstnhth".
<clever> Ashy: stateVersion did recently get moved, but that broke nixops and a few other things
<clever> so it was put back at the old location
<samueldr> anything in the config having "18.03" in the name would be a target for a blind change :/
<samueldr> maybe the solution would be an unlinked incrementing number
<samueldr> stateEpoch = 1
<jasongrossman> samueldr: Ooh, good point. Should change the name AND the number then. IMO.
LysergicDreams has quit [Ping timeout: 252 seconds]
Supersonic has quit [Ping timeout: 240 seconds]
<jasongrossman> I like stateEpoch = 1 very much.
<jasongrossman> That would make a good PR IMO.
<samueldr> (haven't put much thought in this though)
lassulus has quit [Ping timeout: 272 seconds]
lassulus_ is now known as lassulus
<samueldr> the stateVersion gives the fuzzy feeling of knowing that it relates to a nixos release
<clever> samueldr: that would allow for multiple breaking changes within a 6 month period, and still be compatible with things
<samueldr> clever: right, was about to say
jperras has quit [Ping timeout: 252 seconds]
<samueldr> though unlinking it from the release version could allow finer grained control
LysergicDreams has joined #nixos
<jasongrossman> I'm having what someone described the other day as a "Dental Plan" moment. I'm now pretty sure samueldr's suggestion is the best solution.
<samueldr> though it may need to start at 20, so it could reuse the stateVersion numbers wholesale
<jasongrossman> Good thought.
<jasongrossman> ,dentalplan
Mr_Keyser_Soze has joined #nixos
<samueldr> (or even 100 so it's clear it's not related to a quickly coming 20.xx release)
<jasongrossman> ,dentalplan = "https://hooktube.com/watch?v=BgqtBm_oUpc"
<{^_^}> dentalplan defined
Supersonic has joined #nixos
sigmundv has joined #nixos
sigmundv has quit [Remote host closed the connection]
arahael1 is now known as Arahael
hamishmack has quit [Ping timeout: 246 seconds]
sigmundv has joined #nixos
sigmundv has quit [Remote host closed the connection]
Mr_Keyser_Soze has quit [Quit: Leaving]
kyren has quit [Remote host closed the connection]
magnetophon has quit [Remote host closed the connection]
d-fish has quit [Killed (barjavel.freenode.net (Nickname regained by services))]
kyren has joined #nixos
sigmundv has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
sigmundv has quit [Ping timeout: 252 seconds]
fragamus has joined #nixos
sigmundv has joined #nixos
<sir_guy_carleton> hmm, the sha256 checksums for the arm images do not match
<samueldr> sir_guy_carleton: from dezgeg's site?
<sir_guy_carleton> samueldr: yeah
<samueldr> sir_guy_carleton: which one in particular?
<sir_guy_carleton> sha256sum sd-image-aarch64-linux.img > 9f96a8541c5a21e80ff6ef4f640627068d17a23bd6cf1ecc6ed92ed634ed733e sd-image-aarch64-linux.img
<samueldr> (I'll check both origin and my mirror)
<sir_guy_carleton> maybe it's just me
<samueldr> possible, I'll check to figure out things :)
oldandwise has joined #nixos
sigmundv__ has joined #nixos
<{^_^}> [nixpkgs] @AndersonTorres opened pull request #47989 → Small fixes → https://git.io/fxsZu
<{^_^}> [nixpkgs] @thefloweringash opened pull request #47990 → nixos/prometheus-snmp-exporter: fix command line argument format → https://git.io/fxsZK
<samueldr> sir_guy_carleton: got the same hash than you :/
Ericson2314 has joined #nixos
nD5Xjz has quit [Ping timeout: 252 seconds]
<{^_^}> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/839b76ae216 (from 3 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
oldandwise has quit [Quit: leaving]
orivej has quit [Ping timeout: 252 seconds]
slyfox_ has joined #nixos
slyfox has quit [Ping timeout: 272 seconds]
slack1256 has joined #nixos
nD5Xjz has joined #nixos
slack1256 has quit [Remote host closed the connection]
slack1256 has joined #nixos
ggp0647 has quit [Quit: ZNC - https://znc.in]
<{^_^}> [nixos-artwork] @Ericson2314 opened pull request #37 → Remove some inkscape-isms from the SVGS → https://git.io/fxsnM
<{^_^}> [nixpkgs] @samueldr opened pull request #47991 → nano: 3.0 -> 3.1 → https://git.io/fxsnD
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
fragamus has joined #nixos
<{^_^}> [nixpkgs] @waynr opened pull request #47992 → Upgrade FreeCAD to qt5, maybe fix seg fault → https://git.io/fxscW
mayhewluke has quit [Ping timeout: 252 seconds]
mayhewluke has joined #nixos
sigmundv__ has quit [Ping timeout: 245 seconds]
<gspia> hi, just upgraded nixos to 18.09 and my locales got broken. Release-notes don't mention it but it was yesterday or two days ago when somebody mentioned about an unsolved issue here related to locales and (maybe) glibc.
<gspia> Do you know how to fix the issue?
<gspia> or bypass?
<samueldr> did you rebuild switch or rebuild boot?
sigmundv has quit [Ping timeout: 244 seconds]
<gspia> first rebuild switch and then booted the machine
<samueldr> do you have software installed via nix-env or pinned to the older channels?
<samueldr> meanwhile, I'm searching for the relevant issue
<gspia> yeah, the editor is probably such, maybe recompiling will help (I'll try to recompile)
<{^_^}> #38991 (by peti, 24 weeks ago, open): glibc 2.27 breaks locale support
<samueldr> that's the tracking issue if relevant
ROKO__ has joined #nixos
<gspia> long conversation there, takes time to read, it possibly gives ways to fix this (rebuild/fix locale settings)
<gspia> samueldr: the kakoune-editor is in stable channel and it seems to work correctly, no need to compile it. Thanks for the help!
<gspia> (I had locale issues on 18.03 as well and used own-compiled version of the editor.)
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ROKO__ has quit [Quit: WeeChat 2.2]
worldofpeace has quit [Ping timeout: 268 seconds]
<samueldr> :)
<{^_^}> [nixos-artwork] @Ericson2314 opened pull request #38 → Slim down the main snowflake SVG → https://git.io/fxsCR
<{^_^}> [nixpkgs] @matthewbauer merged pull request #47989 → Small fixes → https://git.io/fxsZu
<{^_^}> [nixpkgs] @matthewbauer pushed 6 commits to master: https://git.io/fxsCu
EarlDeLaWarr has joined #nixos
endformationage has quit [Quit: WeeChat 1.9.1]
voice_ftp has quit [Read error: Connection reset by peer]
worldofpeace has joined #nixos
<sphalerite> worldofpeace: hydra doesn't build much for i686 anymore
<sphalerite> it's not a fully supported platform anymore
<worldofpeace> sphalerite: ahh, in this case that should be fine since there's no actual 'building'
<sphalerite> perfect!
<hyper_ch> so, we have now 18.09 as stable?
<worldofpeace> yeah :)
<hyper_ch> hmmm, I still ponder, how to best setup mailsending for cron jobs on my notebook
<sphalerite> hyper_ch: what's the goal?
<sphalerite> or what are the requirements
<sphalerite> oh right you want the cron jobs to send emails
<hyper_ch> on my notebook I do run some crons... if they encounter error, they output text. I want to send that output to my email
<sphalerite> are you using anacron or systemd timers?
<hyper_ch> probably systemd timers: services.cron = { }
revtintin has joined #nixos
<hyper_ch> sphalerite: ok, that was easier to setup than I thought
<sphalerite> \o/
<vandenoever> hyper_ch: how did you do it?
<hyper_ch> mail.domain.tld:587 is one of my mailservers
<hyper_ch> and authUser / authPass is for valid login at that server
<hyper_ch> so i authenticate against that mail server and send the mail to my email (on that mailserver)
<sphalerite> ooh neat
<hyper_ch> well, I just try with sendmail from the cli.... next is setting up a cron that will output something :)
sir_guy_carleton has quit [Quit: WeeChat 2.0]
<vandenoever> nice, i did not know about defaultMailServer, i guess i should set up a local one too, what's your config for setting up a mail server?
<hyper_ch> sendmail user@domain.tld [enter] text, text,text [ctrl-d,ctrl-d]
<hyper_ch> vandenoever: still using postfix
<hyper_ch> on a debian system
<vandenoever> ah, not nixos yet
<hyper_ch> oh wait, there's something else
Xiro` has quit [Remote host closed the connection]
<sphalerite> vandenoever: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver is nice for that
<vandenoever> sphalerite: thanks!
<hyper_ch> using r-raymond's nixos-mailserver and also added roundcube to it
<hyper_ch> for let's encrypt I still use acme.sh though
jD91mZM2 has joined #nixos
<hyper_ch> but on the notebook I don't need a full-fledge mailserver.. I just need a way to send cron failures
<Myrl-saki> Holy crap, there's a nixos-mailserver? What doesn't it havE?
<jD91mZM2> I just recompiled xmonad, and now it won't start any programs! This was just after updating to 18.09beta, xmonad is currently at 0.14.2. Currently in a TTY, help!
<hyper_ch> Myrl-saki: i use it on my home server for fetching rss feeds with rss2email and then read them on my cell phone or roundcube
voiceftp has joined #nixos
<[Leary]> jD91mZM2: will they actually not start, or can you just not see them? There was a bug in 0.14 with fullscreenSupport with that effect if you're using it.
<jD91mZM2> [Leary]: Good point, I should've clarified. The panel indicates a workspace shift when I start one that's pinned on a specific workspace, so I just can't see them I think
<sphalerite> hyper_ch: nixos-mailserver moved to gitlab, it's the link that I wrote
<jD91mZM2> I'm using fullscreenSupport
<hyper_ch> sphalerite: yeah, I noticed :)
<[Leary]> I suggest overriding your contrib with 0.15.
<jD91mZM2> [Leary]: Thank you so much! I'll probably just comment it out right now, I'm having some issues with my video drivers which force me to reboot with nomodeset (to prevent X11 from starting) every goddamned time I want to access a TTY :P
jD91mZM2 has quit [Quit: WeeChat 2.2]
fragamus has joined #nixos
Xiro` has joined #nixos
<hyper_ch> sphalerite: gitlab doesn't offer something like master.tar.gz for download or latest release?
<sphalerite> hyper_ch: it does
<sphalerite> yep looks like it
<hyper_ch> thx
jD91mZM2 has joined #nixos
<hyper_ch> just made an awesome super bash script that just printf '%s\n' "Cron Test Mail" does :) let's see if I get email
<jD91mZM2> [Leary]: It worked, hallelujah! Thank you <3
jedahan has joined #nixos
<hyper_ch> hmmm, cron doesn't send anything :(
jedahan has quit [Client Quit]
<[Leary]> np jD91mZM2
<hyper_ch> ok, problem was me :)
<hyper_ch> find the error: "*/3 * * * * * root /test"
<hyper_ch> it works :)
FRidh has joined #nixos
Ariakenom has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<hyper_ch> vandenoever: setting up the mailserver?
boothead has quit [Ping timeout: 256 seconds]
redj has quit [Disconnected by services]
redj has joined #nixos
Anton-Latukha has joined #nixos
Ericson2314 has quit [Ping timeout: 252 seconds]
sphalerite has quit [Quit: WeeChat 2.0]
sphalerite has joined #nixos
<sphalerite> Does anyone have a working way to set up debian/ubuntu chroots on nixos? Debootstrap still seems to be quite broken on nixos
slack1256 has quit [Remote host closed the connection]
<{^_^}> [nixpkgs] @gebner merged pull request #47958 → abcde: 2.8.1 -> 2.9.2 → https://git.io/fx3PY
<{^_^}> [nixpkgs] @gebner pushed 2 commits to master: https://git.io/fxslH
sphalerite has quit [Quit: WeeChat 2.0]
iyzsong has quit [Ping timeout: 268 seconds]
sphalerite has joined #nixos
mayhewluke has quit [Ping timeout: 268 seconds]
mayhewluke has joined #nixos
alex`` has joined #nixos
<{^_^}> [nixpkgs] @srhb merged pull request #47991 → nano: 3.0 -> 3.1 → https://git.io/fxsnD
<{^_^}> [nixpkgs] @srhb pushed 2 commits to master: https://git.io/fxs8r
<{^_^}> [nixpkgs] @srhb pushed commit from @samueldr to release-18.09 « nano: 3.0 -> 3.1 »: https://git.io/fxs8K
<{^_^}> [nixpkgs] @srhb merged pull request #47972 → gdal: add libxml2 to build → https://git.io/fx3bM
<{^_^}> [nixpkgs] @srhb pushed 2 commits to master: https://git.io/fxs81
<{^_^}> [nixpkgs] @srhb pushed commit from @Hodapp87 to release-18.09 « gdal: Add libxml2 to build »: https://git.io/fxs8D
<{^_^}> [nixpkgs] @srhb merged pull request #47969 → sewer: init at 0.6.0 → https://git.io/fx3Hi
<{^_^}> [nixpkgs] @srhb pushed 2 commits to master: https://git.io/fxs8y
Aerobit has joined #nixos
tertl3 has quit [Quit: Connection closed for inactivity]
simukis has joined #nixos
sphalerite has quit [Quit: WeeChat 2.0]
sphalerite has joined #nixos
Itkovian has joined #nixos
init_6 has joined #nixos
Aerobit has quit [Quit: WeeChat 2.2]
iyzsong has joined #nixos
LysergicDreams has quit [Ping timeout: 244 seconds]
LysergicDreams has joined #nixos
slyfox_ is now known as slyfox
<{^_^}> [nixpkgs] @alexherbo2 opened pull request #47994 → cool-retro-term: Fix link to home page → https://git.io/fxsB1
<Ashy> sphalerite: I've been failing to get syzkaller going on nixos all weekend because debootstrap is broken
<Ashy> Just spun up an Ubuntu dedi on packet.net in the end
thc202 has joined #nixos
revtintin has quit [Quit: WeeChat 1.9.1]
sb0 has joined #nixos
sb0 has quit [Quit: Leaving]
orivej has joined #nixos
sb0 has joined #nixos
<{^_^}> [nixpkgs] @peti pushed 4 commits to haskell-updates: https://git.io/fxsRS
smolboye has joined #nixos
smolboye_ has quit [Ping timeout: 252 seconds]
silver has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
oldandwise has joined #nixos
<vandenoever> hyper_ch: no, but i have some knowledge for the future now
<vandenoever> hyper_ch: i could save some money on a mail account though
<hyper_ch> vandenoever: well, you hve a static ip address? If you wanna send mails to other MTAs they very likely will not accept mails from a mta without static ip
oldandwise has quit [Quit: leaving]
oldandwise has joined #nixos
<kandinski> so I switched over from 18.03 to 18.09, and I'm having an issue with encrypted boot. Did the configuration change?
admiral0 has joined #nixos
kiloreux has quit [Ping timeout: 252 seconds]
<{^_^}> [nixpkgs] @Mic92 merged pull request #47990 → nixos/prometheus-snmp-exporter: fix command line argument format → https://git.io/fxsZK
<{^_^}> [nixpkgs] @Mic92 pushed 2 commits to master: https://git.io/fxs01
<{^_^}> [nixpkgs] @Mic92 pushed commit from @thefloweringash to release-18.09 « nixos/prometheus-snmp-exporter: fix command line argument format »: https://git.io/fxs0y
<symphorien> kandinski: I have an encrypted boot and I have not needed any change
smolboye_ has joined #nixos
<symphorien> (On last week's beta)
echo-area has joined #nixos
<vandenoever> hyper_ch: not at home
<{^_^}> [nixpkgs] @Mic92 merged pull request #47986 → borgbackup: patch bug that allowed for exceeding quotas → https://git.io/fxstL
<{^_^}> [nixpkgs] @Mic92 pushed 2 commits to master: https://git.io/fxs0H
smolboye has quit [Ping timeout: 246 seconds]
fpob has joined #nixos
__monty__ has joined #nixos
<{^_^}> [nixpkgs] @Mic92 pushed commit from @erictapen to release-18.09 « borgbackup: patch bug that allowed for exceeding quotas »: https://git.io/fxs05
<{^_^}> [nixpkgs] @Mic92 merged pull request #47994 → cool-retro-term: Fix link to home page → https://git.io/fxsB1
<{^_^}> [nixpkgs] @Mic92 pushed 2 commits to master: https://git.io/fxs0d
<{^_^}> [nixpkgs] @erictapen opened pull request #47995 → fix broken packages from #47709 → https://git.io/fxs0F
<kandinski> Symphorien: I did it yesterday before the change. I think it's because I have grub on a different disk. I'll explore again.
v0|d has quit [Remote host closed the connection]
<{^_^}> [nixpkgs] @Mic92 pushed commit from @alexherbo2 to release-18.09 « cool-retro-term: Fix link to home page »: https://git.io/fxs0x
v0|d has joined #nixos
revtintin has joined #nixos
kiloreux has joined #nixos
Ariakenom has quit [Quit: Leaving]
<{^_^}> Channel nixpkgs-18.09-darwin advanced to https://github.com/NixOS/nixpkgs/commit/090f5e09553 (from 3 hours ago, history: https://channels.nix.gsc.io/nixpkgs-18.09-darwin)
<{^_^}> [nixpkgs] @jtojnar pushed 155 commits to gnome-3.30: https://git.io/fxsE3
arianvp has joined #nixos
<kandinski> So something I've noticed and I'll make an issue out of if you tell me I should is the following: I get an error regarding vboxnet0 if the network doesn't exist. That means I have to start any VirtualBox container before running a nixos-rebuild --switch.
<arianvp> I'm trying to update, but my boot partition is full (https://github.com/NixOS/nixpkgs/issues/23926)
<{^_^}> #23926 (by joepie91, 1 year ago, open): When /boot is full, system rebuilds fail
<arianvp> can I safely remove old entries manually?
<{^_^}> [nixpkgs] @Lassulus opened pull request #47996 → charybdis service: bin/charybdis-ircd -> bin/charybdis → https://git.io/fxsEE
<kandinski> Here's the error for vboxnet when rebuild-switching without a running VirtualBox VM: http://paste.debian.net/1046232/
<kandinski> (rebooting, back soon)
mayhewluke has quit [Ping timeout: 260 seconds]
mayhewluke has joined #nixos
arianvp_ has joined #nixos
<arianvp_> damnit
<arianvp_> upgrade failed, it can't find my disk anymore
<arianvp_> and I deleted all the old generaitons, so can't rollback. This full boot partition stuff is annoying
<arianvp_> kernel panic :(
<rawtaz> kernel panic? so it loads the kernel somehow?
<arianvp_> yes, the kernel is loaded, but it can't find the rootfs
<arianvp_> then if I typE "boot anyway" it kernel panics
<rawtaz> oh
<arianvp_> ok time for the recovery disk.. see what's up
<rawtaz> can you mount the root partition manually?
arianvp has quit [Ping timeout: 256 seconds]
<arianvp_> i'll try with recovery disk. For some reason, there is no recovery shell
<arianvp_> is there supposed to be a recovery shell I can enter?
* rawtaz dont know :<
<arianvp_> after nixos-stage1?
<arianvp_> :(
<symphorien> arianvp_: it is disable by default because it is an unauthenticated root shell, so security-wise...
<symphorien> disabled*
<arianvp_> aaah :D
<arianvp_> okay time to bring out the usb stick
<sphalerite> arianvp_: enable it by passing boot.debug1devices on the kernel command line
<arianvp_> aah thanks
<sphalerite> or boot.shell_on_fail to make it try to mount stuff and then offer you a shell
<worldofpeace> ^
<arianvp_> none of those options worked
<{^_^}> [nixpkgs] @dingxiangfei2009 opened pull request #47998 → NDISWrapper → https://git.io/fxsEo
<sphalerite> huh..?
<arianvp_> stage-1 doesnt find rootfs, and if I say "continue boot anyway" i get a kernel panic
<sphalerite> oh maybe it's boot.shell_on_fail=1
<arianvp_> I did that
<sphalerite> with the =1 or without?
<arianvp_> with =1
<sphalerite> try without
FRidh has quit [Quit: Konversation terminated!]
<sphalerite> yeah it's not supposed to have =1
<arianvp_> ... weird
<sphalerite> why?
<arianvp_> okay it works. but something phishy is going on /dev/sda and /dev/sdb exist
<arianvp_> but some of their corresponding /dev/disk/by-uuid entries are missin
<arianvp_> :/
<arianvp_> they're just absent
<sphalerite> huh.
<sphalerite> and the partitions?
<arianvp_> yeh.. some partitions are missing from /dev/disk/by-uuid was my point
<arianvp_> ah they're not missing. nvm
<arianvp_> however.... the UUID did change
<arianvp_> that's .. odd
<arianvp_> OOOH WAIT. lol I think I provisioned the wrong configuration.nix
<arianvp_> Yep... I installed my laptop config on my desktop
iyzsong has quit [Read error: Connection reset by peer]
<arianvp_> :')
<hyper_ch> kandinski: encrypted boot?
<arianvp_> false alarm
<sphalerite> :D
<worldofpeace> though that usb stick will be needed for sure now :P
<sphalerite> no, you could still boot the normal system ;)
<rawtaz> nixos cant handle this situation without extra tools? what crao dist is it anyway then
<sphalerite> can't you boot an older generation that still worked?
<sphalerite> rawtaz: lol
<rawtaz> oh i know. ITS THE BEST! :)
<rawtaz> i think (s)he removed all old generations, for some reason :>
<arianvp_> my boot partition was fulll.. which is non-recoverable on nixos it seems
<arianvp_> I ran nixos-collect-garbage, which removed all the old boot entries
<arianvp_> :/
<arianvp_> issue has been open since 2016
<sphalerite> use --delete-older-than rather than -d, and rerun nixos-rebuild boot
<arianvp_> and I always run into it when I need to upgrade xD
<sphalerite> it certainly shouldn't have removed the system that you were booted into at the time
<arianvp_> well, it did
<sphalerite> oh wait it will delete the generation
<sphalerite> just not gc it, but that doesn't help in this scenario
oldandwise has quit [Quit: leaving]
<arianvp_> but... this is still recoverable. I just boot nixos from usb, do nixos-enter, and then nixos-rebuild with the right config
<sphalerite> yes
<sphalerite> you should also be bale to recover it without the USB, though just USBing it is simple r:p
<arianvp_> how then? I dont have nix tools in the recovery shell, do I?
<kandinski> hyper_ch: yes, encrypted boot. This is what I see: https://imgur.com/a/w9yvk8n
<hyper_ch> luks/dm-crypt?
<sphalerite> arianvp_: but you can mount the root filesystem yourself and exec the init from the old system generation which even though it doesn't have any remaining gc roots should still be in your store :D
<sphalerite> the initramfs should still have everything it needs to boot the old system, even though it can't do it by itself
arianvp has joined #nixos
<kandinski> hypr_ch, yes, luks. Relevant bit of /etc/nixos/configuration.nix: http://paste.debian.net/1046236/
admiral0 has quit [Ping timeout: 256 seconds]
<hyper_ch> I used to use luks before, now I use native zfs encryption
<rawtaz> wait wat
<hyper_ch> and I never bothered to use luks with lvm.... never liked lvm
<rawtaz> hyper_ch: whats your partitions like, you have one ext4 boot and then a zfs root?
<hyper_ch> rawtaz: yes
<rawtaz> hyper_ch: or, even better, do you have/know a guide that shows how you set this up?
* sphalerite has EFI boot + luks(zfs)
<hyper_ch> and on home / office server, I have 1 ssd as /boot :)
* rawtaz like zfs <3
<hyper_ch> including remote unlocking via SSH
<rawtaz> sphalerite: any special reason you chose luks over zfs encryption?
arianvp has quit [Ping timeout: 256 seconds]
arianvp_ has quit [Ping timeout: 256 seconds]
<sphalerite> rawtaz: zfs encryption isn't in a stable release yet
<hyper_ch> rawtaz: my reason is one tool to replace 4 other tools
<sphalerite> I don't want to take that sort of risk with something as fundamental as the filesystem
<rawtaz> nice. one thing that always bothered me with zfs for root is that pesky ext4 boot partition. if i go zfs of course i want it to cover ALL my disk, i dont want a breakable old ext4 thing in the mix, kinda defeats the philosophy
<hyper_ch> luks/dm-crypt, mdadm, ext4 and rsync - they got basically replaced by just zfs
<sphalerite> well… ext4 is still better than FAT32 >_<
<rawtaz> sphalerite: nice. is that because it's not stable in openzfs or just not reached the stable branch in nixos?
<rawtaz> sphalerite: hehe sure :)
* rawtaz sheds a tear over windows xp
<hyper_ch> encryption on zfs is in master, and will be included in 0.8
<sphalerite> not sure about openzfs but zfsonlinux doesn't have it in a release yet
<rawtaz> hyper_ch: in master of openzfs you mean?
<hyper_ch> I mean ZoL
<sphalerite> rawtaz: windows xp used ntfs
<sphalerite> rawtaz: it's just that EFI requires fat32 :|
<hyper_ch> there was also a format change in the spring .... no format change pending
<rawtaz> hyper_ch: are you pulling in e.g. master of ZoL in your nixos then, to have encryption available?
<hyper_ch> rawtaz: just nixos unstable
<rawtaz> ok :)
<sphalerite> nixpkgs has a zfsUnstable package
<rawtaz> hyper_ch: yeah saw it, thanks :))
<rawtaz> great, will check that config when i get to install nixos on a physical machine some day
<kandinski> Trying again: without making any change in my /etc/nixos.configuration.nix, 18.03 updates and boots after a switch, but when I upgrade and rebuild-switch to 18.09, I get this on boot: https://imgur.com/a/w9yvk8n and here is the relevant configuration: http://paste.debian.net/1046236/ any help appreciated.
<sphalerite> kandinski: oooh that's not nice. Could you boot into the working system and run `nix eval -f '<nixpkgs/nixos>' config.boot.initrd.preLVMCommands --json | jq -r` and paste the output?
Hotkeys has quit [Quit: Connection closed for inactivity]
<kandinski> sphalerite: now back at the working system.
<rawtaz> so its the command that's run when the passphrase has been read, thats seemingly not getting the proper arguments. what command is that anyway?
* rawtaz just trying to understand
<clever> sphalerite: oh, interesting, i see stage-1 now remembers the passphrase, and can reuse it on several devices
<clever> sphalerite: that pretty much makes my lvm on luks thing pointless
sigmundv has joined #nixos
<kandinski> sphalerite: output here: http://paste.debian.net/1046237/
<kandinski> clever: that will be useful, because I do have two disks with the same password: / and data
justanotheruser has quit [Ping timeout: 246 seconds]
<kandinski> clever: and currenty I have to input the password twice
<{^_^}> Channel nixpkgs-18.09-darwin advanced to https://github.com/NixOS/nixpkgs/commit/5cc757117d6 (from 79 minutes ago, history: https://channels.nix.gsc.io/nixpkgs-18.09-darwin)
worldofpeace has quit [Quit: worldofpeace]
<{^_^}> [nixpkgs] @erictapen opened pull request #48000 → haskellPackages.arbtt: jailbreak → https://git.io/fxsuA
<kandinski> sphalerite: also, I just realised the uuid on the screen is for the data disk, not for the root disk.
<kandinski> the root disk ends in ...cecd
<sphalerite> kandinski: it seems to be missing a mapped name in the cryptsetup command
<sphalerite> kandinski: how is the data disk's encryption thing defined?
<sphalerite> in the nixos config
<sphalerite> echo -n "$passphrase" | cryptsetup luksOpen /dev/disk/by-uuid/6a6057a8-d639-43b0-b7af-d125bbba0a9b --key-file=-
<sphalerite> ^ looks definitely wrong
<sphalerite> I mean the ocmmand, not your paste ;)
<kandinski> heh, I got that
<sphalerite> and the root one is fine
<sphalerite> kandinski: I don't see the data device defined in that paste
<kandinski> sphalerite: sorry, true
<kandinski> [pasting...
<kandinski> sphalerite: http://paste.debian.net/1046238/
<clever> line 34
init_6 has quit []
<sphalerite> yep you need the label
<kandinski> what does the label need to be?
<sphalerite> anything you want
<clever> and 30 is wrong
<sphalerite> just not empty
<clever> 30 tells it to mount the luks device without opening the luks
<clever> actually, different uuid, so it will probably search for the real device
<kandinski> it's worked so far on 18.03
<clever> but label handles that for you
<clever> try with label = "data";
<kandinski> do you mind explaining that so I don't just fix it by fiat?
<clever> it inserts that label into the cryptsetup luksOpen command
<sphalerite> I do wonder why it broke on 18.03 -> 18.09 though
<clever> and will create a /dev/mapper/data that has the plaintext version of the block device
<kandinski> right, thanks
goibhniu has joined #nixos
<{^_^}> Channel nixpkgs-unstable advanced to https://github.com/NixOS/nixpkgs/commit/d29947c36a7 (from 7 hours ago, history: https://channels.nix.gsc.io/nixpkgs-unstable)
<kandinski> Awright, rebooting. See you at the other end, folks!
<rawtaz> bye..
<kandinski> back! Thanks everyone who worked on 18.09. Now the second disk gets decrypted withotut a second password prompt. Nice!
<sphalerite> \o/
<rawtaz> what was the key solution?
<kandinski> just add a missing disk label to the configuration.
<kandinski> sphalerite: do you reckon I should post this as an issue? http://paste.debian.net/1046232/ It didn't let me switch unless I had a running VirtualBox VM, which would activate vboxnet-0
Rusty1 has joined #nixos
<sphalerite> kandinski: I'd say yes probably
<kandinski> particularly since it didn't happen when just rebuilding 18.03, only when upgrading to 18.09.
<sphalerite> oh you used a switch to upgrade?
<sphalerite> Yeah that generally doesn't work. You need to reboot for major upgrades.
<kandinski> well, I use switch then reboot
<kandinski> Should it have been --boot then reboot?
<clever> `nixos-rebuild boot`
<sphalerite> yeah, I mean you probably won't break anything horribly by using nixos-rebuild switch then rebooting. But it's unlikely to go smoothly
<clever> there is a certain upgrade path that tends to break sudo, and that then makes it difficult to actually shutdown/reboot
<kandinski> Thanks, folks.
<sphalerite> anybody know how to ask fontconfig to tell you which font it'll use for a given character?
kyren has quit [Remote host closed the connection]
<{^_^}> [nixpkgs] @obadz opened pull request #48002 → cups-googlecloudprint: init at 20160502 → https://git.io/fxsgC
<obadz> samueldr: as discussed I packaged google cloud print in case you want to give that a try ^
<clever> neat, but chrome supports it without even running cups, so ive never had to really deal with it directly
<obadz> clever: indeed it does, but printing from like a PDF viewer or what not wouldn't work..
iyzsong has joined #nixos
<clever> obadz: open the pdf in chrome!
<obadz> clever: I've got Chrome configured to hit evince.
<clever> ah
<sphalerite> I wonder, how much of a nightmare would it be to try and get secure boot working with nixos/
<elvishjerricco> sphalerite: I've been looking into that passively lately
<clever> for my laptop, i can register any .efi binary, and i believe it whitelists the hash
<elvishjerricco> sphalerite: If you get an encrypted /boot, you only have to sign the boot loader, which is way easier.
<rawtaz> sphalerite: you mean like TPM stuff?
<clever> so you can just skip the entire mess that is keypair management
<clever> rawtaz: thats seperate, measured boot stuff
<rawtaz> hm ok
<elvishjerricco> clever: Oh, that's interesting
<sphalerite> I mean UEFI secure boot
<sphalerite> clever: but you need secure boot to use a TPM right?
<clever> sphalerite: nope
<sphalerite> oh neat
<clever> entirely seperate things
<clever> measured boot is reporting the hash of the next binary to the TPM, before you execute it
<sphalerite> yes, but I thought the TPM will lock itself unless you use measured boot
<elvishjerricco> I'm guessing you could put whatever process (be it signing or registering a hash) into the activation script
<clever> and if you replay the same sequence of hashes, the TPM unlocks, and you can use it to do things like decrypt the hdd
<sphalerite> elvishjerricco: noooo not the activation script!
<sphalerite> elvishjerricco: the boot loader installation
<clever> sphalerite: so if somebody boots an unauthorized os, the tpm just doenst unlock
<elvishjerricco> sphalerite: Yea that's better
<clever> secure boot is different, in that the bios will refuse to even run an unauthorized os
<clever> (which includes a maliciously modified bootloader/kernel)
<sphalerite> right so you need measured boot for the TPM to be usable but you don't need secure boot for measured boot?
<clever> yeah, they can both be used seperately
<clever> i think the tpm can also work without measured boot
<clever> but then anybody can just shove in a bootable usb, and use it
<elvishjerricco> clever: The problem I had with TPM (other than it not working on my hardware for some reason) was that you can't reproduce the hashes / encryption yourself, so you can't automatically switch to a new boot loader
<clever> elvishjerricco: yeah, you need to go into some kind of special configure mode, and then play a sequence of hashes to it, by actually booting
<elvishjerricco> Yea. So signing felt like a way better method to me
<elvishjerricco> Plus, PCR 7 is supposed to just measure the secure boot aspects; i.e. a change in boot loader shouldn't change PCR 7 unless the signature used changes
<clever> but also, if i have physical access, i could do a bios reset to disable secureboot, and then mess with your /boot to save the luks password to the disk in plaintext
<clever> and next time you login, your screwed
<elvishjerricco> clever: encrypted boot :)
<elvishjerricco> encrypted /boot*
<clever> there must be a plaintext binary somewhere on the hdd, to decrypt /boot
<clever> and i can modify that
<elvishjerricco> oh right
<elvishjerricco> yea
<sphalerite> either that or you need to be able to fiddle with your firmware.
<clever> but, if you had used TPM and measured boot, i would need to crack the TPM itself, which is designed to be resistant to such things
<elvishjerricco> Wait so secure boot can just be disabled with physical access?
<clever> elvishjerricco: if you can wipe the bios config by force, yes
<elvishjerricco> That seems dumb
<clever> you may need to desolder the chip that the config is stored on
<clever> depends on the motherboard
magnetophon has joined #nixos
<clever> secureboot is more to protect against malware that replaces your bootloader with a hypervisor
<clever> and then your in a vm and dont even know it
hiroshi- has joined #nixos
<clever> as for secureboot and nixos, my laptop allows me to whitelist a binary by its hash
<magnetophon> I'm trying to update clthreads, but I get: "ldconfig: Can't create temporary cache file /nix/store/fg4yq8i8wd08xg3fy58l6q73cjy8hjr2-glibc-2.27/etc/ld.so.cache~: Permission denied".
<clever> the desktop only has an on/off switch, and i cant even load custom public keys
<clever> magnetophon: ldconfig doesnt work on nixos
<magnetophon> clever: so how do I work around it?
<clever> but the major problem right now with secureboot in my laptop, is that grub doesnt verify the next stage (linux)
<clever> so you can just hit E at the grub screen, and boot a malicious linux, or edit grub.cfg
<elvishjerricco> clever: Isn't there a way to disable that stuff in grub?
<clever> magnetophon: just dont run ldconfig
<elvishjerricco> i.e. only allow booting from specific hardware
<clever> elvishjerricco: secureboot has to be enabled within grub, to verify the hashes of the next binary with the uefi firmware
<magnetophon> clever: that simple, huh? lemme try
hiroshi has quit [Ping timeout: 244 seconds]
hiroshi- is now known as hiroshi
<elvishjerricco> clever: Hm. It ought to be possible without verifying the binary with firmware. Grub could just have its own verification, since grub itself is already verified
<clever> elvishjerricco: it looks like grub doesnt support secureboot, and needs a shim to help out
GiGa has joined #nixos
<GiGa> Afternoon all
<clever> elvishjerricco: you could, but then its not really secureboot anymore, and something custom
<elvishjerricco> clever: So?
<clever> elvishjerricco: and how do you verify that your grub.cfg hasnt been tampered with?
<elvishjerricco> clever: encrypted /boot :P
<elvishjerricco> or something
<clever> elvishjerricco: efi requires a plaintext fat32
<GiGa> I'm about to do a fresh NixOS install onto my new SSD. Can I boot from an old live CD to do that, or do I need to download the latest disk? I'm assuming everything just gets pulled out of the repo?
<elvishjerricco> clever: /boot doesn't have to be on the same partition as grub
<elvishjerricco> My laptop actually has /boot in the same ZFS pool as /
<clever> elvishjerricco: yeah, that could work, as long as you ensure the verified grub.efi loads from the luks device
lingeeal has joined #nixos
<clever> elvishjerricco: oh, but what if an attacker just wipes /boot and makes their own custom /boot with luks, and they know the pw?
<lingeeal> hi, I can do nix-env -iA nixos.haskellPackages.yesod-bin, but nix-env -qa nixos.haskellPackages.yesod-bin says no packages was found. WhY/
<elvishjerricco> clever: Yea. Grub decrypts my LUKS device, loads ZFS, find /boot, and launches the kernel. Since the initrd is on an encrypted drive, I don't feel bad having a secret key for LUKS to let the kernel auto-decrypt the LUKS volume
<clever> elvishjerricco: then they can give grub the pw they just set
<elvishjerricco> clever: Yea you'd have to make grub somehow able to verify the key your LUKS volume is encrypted with
<lingeeal> pf, sorry a has to be in caps lock
<clever> lingeeal: the attrpath is probably yesod.bin
<elvishjerricco> clever: But just encrypting /boot, and verifying the decryption key somehow, sounds like all that should be necessary to trust the entire drive
<clever> elvishjerricco: did you hear about the supermicro stuff going around?
smolboye has joined #nixos
<elvishjerricco> clever: Yea. Apple vehemently denies it, and bloomberg didn't exactly post a ton of proof or named sources. So I'm pretty curious
<clever> from what i can gather, that chip sits between the motherboard and the bios flash
<magnetophon> GiGa: You could use an old CD, but I'd say downloading a new one is safer, plus you don't ed up with a generation of old sw on your pc
<clever> so the firmware it loads from the flash chip is modified slightly
<elvishjerricco> Yea. That could do the hypervisor kind of attack you mentioned, right?
<clever> GiGa, magnetophon: though you can also just nix-channel --add + --update before you nixos-install
<clever> elvishjerricco: yeah
smolboye_ has quit [Ping timeout: 260 seconds]
<elvishjerricco> (should we go to #nixos-chat)?
<GiGa> clever: I tend to run the testing channel anyway, so I'd have to do that I guess
<__red__> is there any nixos dev / committer that would be open to a few questions over /msg?
<__red__> I'm looking for more human than technical advice.
<GiGa> __red__: I commit to Nixpkgs. I'm still fairly new to it but I'll have a go at helping you?
<GiGa> I commit as joncojonathan
<__red__> thanks
jmeredith has joined #nixos
<mpickering> Can I pass a link to a github repo to node2nix like I can for cabal2nix?
<clever> magnetophon: you may need to pass it thru fetchFromGithub first
<magnetophon> clever: that wasn't for me was it?
<clever> oops
Ariakenom has joined #nixos
<sphalerite> Is there some way to reset a USB device? Like unplugging and replugging it, except something that works for a device that's built in to the machine…
<sphalerite> ideally while keeping the system running. I could of course reboot te whole machine, but…
<sphalerite> blargh it seems to be dropping keypresses occasionally as well
barrucadu has quit [Quit: Rebooting for kernel upgrade]
barrucadu has joined #nixos
<{^_^}> [nixpkgs] @c0bw3b opened pull request #48003 → pwsafe: 0.99BETA -> 1.06BETA → https://git.io/fxsaC
<typetetris> How can I determine what I can safely delete in /boot? (safely = without damaging my actual running system configuration)
iyzsong-x has joined #nixos
<clever> the last-mod times as a decent hint
<sphalerite> typetetris: you can delete all of it as long as you're not dual booting and run nixos-rebuild boot afterwareds
<typetetris> sphalerite: Hmm I will give that a try :)
<sphalerite> and haven't deleted your current system generation I suppose, if you want to be able to boot that but have changed it since
<clever> typetetris: if you re-run `nixos-rebuild boot`, it will create any files it needs to boot
<sphalerite> clever: not for the current generation if it's been deleted though
iyzsong has quit [Ping timeout: 264 seconds]
ZeDestructor has quit [Ping timeout: 252 seconds]
<GiGa> OK, booted from the old NixOS disk, added the unstable NixOS channel, updated it, but can't install as nix 2 is needed
<sphalerit> GiGa: either go through all the intermediate versions, or boot into a recent installer then mount everything and run nixos-install
<GiGa> sphalerit: I think I'll have to get the latest disk and burn that
<GiGa> I need to rebuild this laptop too, as my nix environment seems totally broken. Can't even build in an older version of the system
<siers> Is there a script that hydra runs to run the nixos tests? Is it public?
<GiGa> Is there an ISO burning tool in nixos that's there by default?
<GiGa> given I can't add anything to this laptop?
<sphalerite> GiGa: not that I know of
<GiGa> Ah poo
<sphalerite> but if you have a USB stick and can boot from that you can just use curl -Lo /dev/sdX (make sure to use the right device!)
<sphalerite> :D
<GiGa> weirdly I just managed to use nix-env
<GiGa> that didn't work the other day...
<sphalerite> how did it fail the other day?
<GiGa> let me see if I can get the error back again. It fails on nixos-rebuild the same. One moment please
<GiGa> From memory it says it can't build a derivation
<GiGa> Nix-build does this:
<GiGa> error: error parsing derivation '/nix/store/0621850mygqy4dqgiga9s34fiiq77q58-libXrender-0.9.10.drv': expected string 'Derive(['
<GiGa> And nixos-rebulid was erroring with the same "expected string 'Derive(['"
<sphalerite> that sounds like the drv might be corrupted
<sphalerite> you might be using a different nixpkgs version now where libXrender evaluates to a different drv which means the broken one doesn't get loaded
<clever> GiGa: try running `nix-store --delete` on that path, then try again
<GiGa> clever: error: cannot delete path '/nix/store/0621850mygqy4dqgiga9s34fiiq77q58-libXrender-0.9.10.drv' since it is still alive
<clever> GiGa: nix-store --query --roots <thatpath>
iyzsong-x has quit [Ping timeout: 272 seconds]
<schmittlauch[m]> Hi, I want to update my system from 18.03 to 18.09. Do I need to change `system.stateVersion` (currently set to 18.03)? Because the release notes don't mention it.
<lassulus> no
<schmittlauch[m]> thx
Berra has joined #nixos
kyren has joined #nixos
<GiGa> clever: 34fiiq77q58-libXrender-0.9.10.drv {memory:1}
ZeDestructor has joined #nixos
<clever> GiGa: did you use sudo?
<symphorien> GiGa: some process is using this library
<lingeeal> there is no stack-1.7.1, which is needed to init the yesod-postgres template. How do I install it?
<lingeeal> ,
<{^_^}> Special commands: find locate tell - Commands sorted by use count, page 0 (use ,<n> to view page <n>): library dnw pr tofu unstable -A ask ping pinning IFD NUR allah cloudfront info nixcon overlay paste profiling stateVersion unfree whomademe wololo arm bootfull callPackage channels context declarative dentalplan error escape" escape'' escape-special exec fancy-uninstall github hardware haskell help home-manager howoldis imperative logs loot nix-env-r
<Berra> Using 18.09 I'm getting that nodePackages_10_x.semver "semver is missing" - but looking at node-packages-v10.nix I can't comprehend why. What could be the cause?
<magnetophon> I updated a bunch of related packages: http://kokkinizita.linuxaudio.org/linuxaudio/downloads/ Can I do a PR with one commit, or should I split them up?
<GiGa> clever: I did
<clever> GiGa: try again without sudo
<GiGa> clever: for the delete?
<clever> nix thinks sudo is using that path, so it cant be deleted
<clever> yes
<GiGa> ah, ok
<GiGa> 220 store paths deleted
<GiGa> try nix-build again yeah?
<clever> yep
<clever> that deleted all paths refering to the corrupt Xrender.drv
<clever> and it obeys GC roots, so nothing important can be lost
<GiGa> GC roots?
<clever> things like your nix-env and nixos-rebuild profiles
<GiGa> ah, ok
<GiGa> Another corrupted drv
<GiGa> and another
<GiGa> I don't understand how this happened :(
mayhewluke has quit [Ping timeout: 252 seconds]
<clever> GiGa: did you improperly shutdown?
<GiGa> clever: not that I recall
<GiGa> I'm on the 5th one now....
<clever> next time, run `ls -lh` on a corrupt one before you delete it
<clever> how big is the file?
<GiGa> 0
<clever> sounds like it was truncated by an improper shutdown
<clever> ext4 tends to do that
<GiGa> that's a bit poo
<GiGa> Any suggestions?
<clever> you can also just `nix-collect-garbage` to delete anything that can be safely deleted
mayhewluke has joined #nixos
<clever> which will also include most of the corrupt paths
<GiGa> with or without sudo?
<clever> without
<GiGa> OK, that's done, trying my nix-build again
<GiGa> Looking better already
<GiGa> when's the correct time to sudo nix-collect-garbage?
pointfourone has joined #nixos
<clever> when your low on disk space or want to mass-delete all garbage
<__red__> Which environmental variable does nix set to the wanted install directory when the build does a 'make install' ?
<hyper_ch> clever: can I pick your brain?
<__red__> PREFIX?
<sphalerite> __red__: $out
<sphalerite> ,pills __red__
<clever> hyper_ch: sure
<__red__> looking
<sphalerite> ^ thorough introduction to how nix works
<sphalerite> if you have the time :)
<hyper_ch> clever: since you just mentioned mass-delete all garbage... any optmization recommendations here https://github.com/sjau/nixos/blob/master/clean.sh ?
<clever> hyper_ch: lines 4 and 5 together are pointless
<clever> it will do a normal gc after -d has ran
<hyper_ch> so cut line 4?
<__red__> sphalerite: I'll certainly have time, I just need to tell a "make install" where to put the files - so what $ENV do I put in the Makefile
<clever> hyper_ch: and cut line 3, it also does the same thing as 5
<GiGa> clever: Looking good, thanks for your help
<sphalerite> __red__: $out :)
<hyper_ch> clever: it does? I thought 3 deletes old generations while optimise hardlinks files
<__red__> sphalerite: is that nix specific?
<clever> hyper_ch: 5 is `nix-collect-garbage -d`
<clever> hyper_ch: which deletes all old generations
<hyper_ch> clever: d'oh :)
<hyper_ch> so, cut 3 and 4
<clever> yep
<lassulus> why is binutils so big?
<hyper_ch> thank you
<clever> hyper_ch: 5 may also benefit from sudo, it cant delete nixos generations without root
<__red__> I'm supposed to be pushing a requirement on a non-nix application which doesn't have an install file, so trying to make it as non-nix as possible
<hyper_ch> clever: good to know
<__red__> install *target*
<__red__> sorry
<__red__> going to read pill#8 ;-)
<__red__> okay, so configure --prefix=$out makes sense
<__red__> but my target app doens't use a makefile
<__red__> so - I guess there isn't a 'standard' environmental variable for passing directly to a Makefile
<__red__> because "sensible people"[tm] would have used configure which would have put it in the Makefile alreadt
<GiGa> Gramps needs language-pack-gnome-xx (where xx is language code) but we don't seem to have a package like that?
<__red__> this nix-pills thing is freaking awesome btw sphalerite, wish I'd seen it months ago ! :-D
<sphalerit> __red__: it's often called PREFIX I think for plain makefiles, but yeah the world of plain makefiles is not a very uniform one :p
<__red__> I'm guesing nix-build doesn't set that though... it relies on --prefix=$out
<sphalerit> And yeah the pills are great
<hyper_ch> they are too complicated for me
<__red__> well, one way to test it. Write a test install section and dump env ;-)
<sphalerit> nix-build only sets the $out env var
<sphalerit> The rest, like calling the configure script and make, is stdenv's job
<sphalerit> i.e. nixpkgs, not nix itself
<__red__> okay, so there's no way of generating an install target which isn't nix specific because they're not using configure to generate the makefile
endformationage has joined #nixos
<sphalerit> Why would you need something nix-specific?
<sphalerit> You can just do something like `installPhase = ''make install PREFIX=$out'';` in the nix expression
<symphorien> or even makeFlags = [ "PREFIX=$(out)" ]; https://nixos.org/nixpkgs/manual/#build-phase
<cocreature> I’ve upgraded using "nixos-rebuild switch --upgrade", found a problem and rolled back. now I want to change by configuration and rebuild but from the channel state at the time before I upgraded (i.e. the one used for the configuration that I’m currently in). how do I achieve that?
<clever> symphorien: there is also installFlags
<__red__> In a PR I've been asked during a code review to remove my installPhase in my default.nix (mkdir $out ; cp build/openspin $out/bin/)
<__red__> and instead push an install target in the upstream application
<clever> depends on if the compile depends on the prefix or not
<symphorien> cocreature: to rollback the channel upgrade nix-channel --rollback
<__red__> and since the upstream application didn't use configure to generate the makefile, I'm at a loss as to how to do that witjout introducing $out
<__red__> which is nix specific
<symphorien> __red__: makeFlags = [ "PREFIX=$(out)" ]; see https://nixos.org/nixpkgs/manual/#build-phase
<__red__> ... and then remember to check for a not-null PREFIX else start writing to other OSes root directories ;-)
<symphorien> you can use ?= iirc
<sphalerit> Yeah just do PREFIX = /usr/local
<sphalerit> That will be overridden by a prefix passed on the command line
<GiGa> How do you tell a derivation to have multiple optional switches?
<cocreature> symphorien: thanks! is there a convenient way to figure out to what exactly I need to rollback to get to the thing used as the basis for my current generation?
<symphorien> I don't really understand
pointfourone has quit [Remote host closed the connection]
<GiGa> I'm trying like this : https://pastebin.com/79CngZPb
pointfourone has joined #nixos
pointfourone has quit [Remote host closed the connection]
<symphorien> GiGa: https://nixos.org/nixos/packages.html#gtkspell the name is gtkspell3
<GiGa> Ah, so when I "nix search" I want the attribute name, not the package name?
justanotheruser has joined #nixos
pointfourone has joined #nixos
<cocreature> ah found it using readlink + nixos-version
kyren has quit [Quit: ZNC 1.7.1 - https://znc.in]
kyren has joined #nixos
<symphorien> GiGa: yes. The package name is only needed with nix-env -e.
kyren has quit [Client Quit]
kyren has joined #nixos
<lingeeal> I create a yesod project using stack, but then do 'cabal2nix . > default.nix'. However then, running 'cabal configure' in shell I get: could not resolve dependecies.
<GiGa> I'm trying to add support for more optional packages in GRAMPS, but build is having issues during tests.
<GiGa> Details: Could not make database directory:
<GiGa> [Errno 13] Permission denied: '/homeless-shelter'
<symphorien> they try to write to $HOME
<symphorien> add export HOME=$(mktemp -d) somewhere
<GiGa> I haven't changed anything like that
<bgamari> Does nixos provide any way to restart a service after an ACME certificate is renewe
<gchristensen> security.acme.certs.<name>.postRun
<bgamari> ahh, great
<bgamari> thanks!
Supersonic112 has joined #nixos
Supersonic has quit [Disconnected by services]
Supersonic112 is now known as Supersonic
<rawtaz> hm, there seems to be a problem with that. there's no preRun
<rawtaz> how are you supposed to be able to stop a service before the renewal?
<hyper_ch> rawtaz: not upgrading to native zfs encryption yet? :)
<bgamari> rawtaz, do you typically want to?
<bgamari> rawtaz, I would think you rather want to renew and then only restart once you have a new cert
silver has quit [Read error: Connection reset by peer]
<rawtaz> bgamari: yes, when using HTTP challenge, you might need the renewal http server to bind to the same port you have your regular HTTP service on
<Acou_Bass> presumably he wants to go 'stop service, renew cert, start service' (so that theres no weirdness with the service trying to use the old cert when its been overwritten
<rawtaz> i have that now on another server. i run lego for the LE cert management and the cert is for a service listening on HTTPS. so i shut that service down, fire up lego renew which binds to HTTPS for the challenge duration, then start the service again
<rawtaz> this is way simpler than having to interact with the firewall top open up another port temporarily
<bgamari> rawtaz, why not just expose the challenge directory via your usual HTTP service
<clever> rawtaz: the nginx stuff in nixos automatically handles LE for you, and you dont have to stop the daemon
<bgamari> hmm
<clever> rawtaz: it handles the challenge/response stuff thru nginx
<rawtaz> clever: i dont run nginx
<rawtaz> this is a custom HTTP service
<clever> ah
<rawtaz> bgamari: i started looking into doing that but for some reason ended up not going that route, i dont remember specifics though, hm
<{^_^}> [nixpkgs] @NickHu opened pull request #48006 → profile-sync-daemon: add missing path to systemd service → https://git.io/fxsrA
<rawtaz> bgamari: to be fair it might still be an option. then again, a simple preRun to complement postRun would be equally nice :)
<gchristensen> you don't need prerun / postrun anyway, you can do it all with systemd unit configurations
<rawtaz> it makes sense IMO to have it
<rawtaz> gchristensen: thats probably true yeah..
<bgamari> gchristensen, can you?
<{^_^}> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/938a0ddf4a0 (from 5 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
<rawtaz> gchristensen: but wouldnt that have to be configured in the ACME service? how do you config that through nixos config?
<gchristensen> I can't say much, I'm on poor internet, but it is possible with attrset merging the module system provide + symmetric config options in systemd anyay
<rawtaz> it's a carefully guarded secret, them specifics :-)
<schmittlauch[m]> How is the process of getting commits from master back to the stable branch? commit 248ed3575c41866c657d0aa2f4a70ebb7a2c079a needs to find its way to the 18.09 channel, as the distfile is gone from the server.
<rawtaz> schmittlauch[m]: you ask someone to backport it :)
<schmittlauch[m]> Or will that happen automatically when certain hydra checks pass?
<rawtaz> just gotta find that someone :D
<schmittlauch[m]> Well… Does someone want to backport that xD?
<schmittlauch[m]> In cas I contribute to nixpkgs at some point: I guess PRs can be marked to be backported as well?
pointfourone has quit [Remote host closed the connection]
pointfourone has joined #nixos
<schmittlauch[m]> rawtaz: If I want to open a PR, should I do it to release-18.09 branch or to the staging one?
bhipple has joined #nixos
<bhipple> Hi, would anyone be able to review https://github.com/NixOS/nixpkgs/pull/47408 ? I think this should be ready to go
<{^_^}> #47408 (by bhipple, 1 week ago, open): abi-compliance-checker: init at 2.3
<{^_^}> [nixpkgs] @magnetophon opened pull request #48007 → update Kokkinizita packages → https://git.io/fxsot
<rawtaz> clever: do you know the answer to schmittlauch[m]'s question ^?
<GiGa> Is this the correct way to specify optional packages https://pastebin.com/79CngZPb
<GiGa> (lines 1-6, 4 and 5 specifically)
<magnetophon> schmittlauch[m]: PR's are done on master.
Ariakenom has quit [Read error: Connection reset by peer]
<GiGa> I'm actually trying to do this: https://pastebin.com/2E1G5wTm
<GiGa> But building like "nix-build -A gramps" gives me the same output as nix-build --arg enableGraphviz true -A gramps
<GiGa> and I don't understand why
<symphorien> --args changes the args to nixpkgs, not your file
<GiGa> so how do I test my optional build arguments then?
<symphorien> by building gramps.override { foo = bar; }
<GiGa> OK, how do I do that with nix-build?
alex`` has quit [Ping timeout: 272 seconds]
<symphorien> either a complicated command, or write a nix file
<GiGa> Right, I have no idea what I'm doing then :(
alex`` has joined #nixos
<GiGa> I'm trying to add to Gramps' default.nix to add support for optional packages
<symphorien> with import /path/to/nixpkgs {}; gramps.override { foo = bar; }
<symphorien> then nix-build the-file.nix
astronavt has joined #nixos
bhipple has quit [Ping timeout: 268 seconds]
Anton-Latukha has quit [Remote host closed the connection]
<GiGa> So I make a file that says this: https://pastebin.com/9XKU80en
<GiGa> ?
<GiGa> As there's nothing in there to say "go and build this package"
<GiGa> Sorry, trying to learn and contribute at the same time
wykurz has joined #nixos
<symphorien> yes but update the path to nixpkgs to your clone
<symphorien> you can use nix-build -E but I find it confusing and prefer writing a file
<GiGa> oh yes, sorry, meant to do that before hitting go
<GiGa> so the file would build gramps but set those override options?
pointfourone has quit [Remote host closed the connection]
<symphorien> yes
pointfourone has joined #nixos
<GiGa> nix-build doesn't like the semicolon at the end of the first line, it's expecting $end
Anton-Latukha has joined #nixos
jmeredith has quit [Quit: Connection closed for inactivity]
<symphorien> you miss the "with"
<symphorien> with import path {}; gramps
<wykurz> hi! I have a question regarding nixos AWS AMIs - how can I verify them?
<__red__> Giga: my mentor (who has decades of Makefile experience) just recommended writing a second Makefile because they don't see how to integrate the changes we need without blowing up their existing stuff.
<GiGa> __red__: seems good advice
<__red__> as you can't do conditionals outside of the declaration section
<GiGa> symphorien: same output file
<GiGa> like it's built graphviz in already?
<__red__> GiGa: except I'd be committing a 60 line Makefile to an upstream project to replace a 2 line expression in default.nix
<__red__> I'm just going to document this and move on.
<symphorien> GiGa: you put the default to true
ZeDestructor has quit [Ping timeout: 252 seconds]
<GiGa> symphorien: Ah yes, I'm a wombat! So I want "enableGraphviz ? false, graphviz" in the derivation?
<symphorien> well depends on what seems a sane default
<GiGa> It's a highly recommended package by Gramps
<astronavt> is there any hyperpolygplot-style comparison of nixos and guix functionality?
arianvp has joined #nixos
<wykurz> I just found this: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/ec2-amis.nix, which seems like what I was looking for. although any other recommendations welcome :)
<gchristensen> aaaa
<arianvp> I wish we documented the existence of all those image builders...
<arianvp> like netboot, gce, amazon
<arianvp> I'm working on one for digitalocean by the way
<wykurz> arianvp: yeah, it'd be nice. there's a bunch of images on aws that are not on that list, and idk if they are safe. maybe? it's hard to distinguish them from the "official" ones
Anton-Latukha has quit [Read error: Connection reset by peer]
astronavt has quit [Ping timeout: 252 seconds]
Anton-Latukha has joined #nixos
pareidolia has joined #nixos
<pareidolia> Can someone help me install NixOS on my raspberry pi2? I can't rebuild, I get fixed-output derivation checksumer errors whatever I do
astronavt has joined #nixos
ZeDestructor has joined #nixos
<GiGa> sphalerit: does that mean that my "++ stdenv.lib.optional enableOSM osm-gps-map" lines are redundant then, given they're set to true by default?
<GiGa> symphorien: meant to direct that to you, rather than sphalerit
<symphorien> if someone overrides them to false, they will have an effect
JonReed has joined #nixos
<GiGa> OK, so leave them in, got it
Dedalo has quit [Quit: Textual IRC Client: www.textualapp.com]
<pareidolia> Here's one on nixos-unstable: fixed-output derivation produced path '/nix/store/b532v0f48jbhw151h7v8v6ab8vshlj4z-autoconf-2.69.tar.xz' with sha256 hash '05s19ghbic9whsqsgja87qfjibm0i350daz8i2dawd2xymyc6yjg' instead of the expected hash '113nlmidxy9kjr45kg9x3ngar4951mvag1js2a3j8nxcz34wxsv4'
<pareidolia> This error is reliable, the incorrect hash is produced every time, so that rules out cpu/mem errors
sigmundv__ has joined #nixos
<pareidolia> Changing over to channel nixos-18.09
<pareidolia> I get fixed-output derivation produced path '/nix/store/bmh2s8hlc3jmllajarl1f9f3y38mvc9x-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch' with sha256 hash '1flnxgjjrrlzdk5klx47l8y8rg1vmzdd9vhzxxq6wiwyvd4bd92r' instead of the expected hash '0bizaf2yf93hwkrrjcl3fhawyhmw9dzq9pc283dxmmpxqvvif5xg'
<pareidolia> Am I the only one getting this?
sigmundv has quit [Ping timeout: 246 seconds]
sir_guy_carleton has joined #nixos
<typetetris> Puh, that was a journe
<{^_^}> [nixpkgs] @joncojonathan opened pull request #48008 → gramps: added support for recommended packages. → https://git.io/fxs66
<typetetris> Puh, that was a journey
<pareidolia> Changing over to channel nixos-18.03
<pareidolia> fixed-output derivation produced path '/nix/store/lh5y5fj790q2qvspgw7l58jcgz8csi39-coreutils-8.29.tar.xz' with sha256 hash '0pbwl23gwlaj6psy3sg4ak10asrpn50k2sb11ff9x18jl23549r0' instead of the expected hash '0plm1zs9il6bb5mk881qvbghq4glc8ybbgakk2lfzb0w64fgml4j'
<pareidolia> Why am I getting this?
<typetetris> nixos-rebuild boot didn't call `bootctl --path=/boot install` for me, which I didn't know about. So reboot didn't work. Needed to get a bootable usb device, chroot into the old system and call `bootctl --path=/boot install` clear my tpm state and add systemd-boot as well as the kernel-efi-file as trusted efi images.
revtintin has quit [Quit: WeeChat 1.9.1]
<{^_^}> [nixpkgs] @matthiasbeyer opened pull request #48009 → simutrans: Fix hash of pak128 → https://git.io/fxs6p
<{^_^}> [nixpkgs] @joncojonathan opened pull request #48010 → Gramps add to maintainers → https://git.io/fxs6h
<GiGa> I don't understand why pull request #48010 also includes my earlier commit - sorry about that!
<{^_^}> https://github.com/NixOS/nixpkgs/pull/48010 (by joncojonathan, 38 seconds ago, open): Gramps add to maintainers
<pareidolia> Can someone please help me?
<symphorien> pareidolia: are you on a case insensitive fs on linux ?
Neo-- has quit [Ping timeout: 260 seconds]
<Berra> Using 18.09 I'm getting that nodePackages_10_x.semver "semver is missing" - but looking at node-packages-v10.nix I can't comprehend why. What could be the cause?
<pareidolia> symphorien: I'm on ext4
silver has joined #nixos
<symphorien> then could it be that some man in the middle (corporate firewall ?) is messing with the downloads ?
<pareidolia> symphorien: No, I'm at home with a direct connection
<symphorien> no idea, then, sorry
<sphalerite> pareidolia: not sure about the coreutils tarball. The patch issue is link rot, I think, but it probably shouldn't even be trying to download the patch. Have you disabled the official binary cache by accident maybe?
<pareidolia> sphalerite: I'm follwing the Raspberry pi guide. I'll paste my .conf
<pareidolia> sphalerite: Here it is https://pastebin.com/wS5UVWu7
<sphalerite> oooh 32-bit ARM? Yeah then it would make sense that it tries to download sources
<pareidolia> Ok
<sphalerite> or are you on a pi 3?
Rusty1 has quit [Quit: Konversation terminated!]
<pareidolia> sphalerite: A Pi 2B
<sphalerite> yeah ok
wykurz has quit [Quit: meh]
<{^_^}> [nixpkgs] @ju1m opened pull request #48012 → redmine: add selectable plugin support at the cost of reproducibility. (FYI only, NOT for merging) → https://git.io/fxsiF
fragamus has joined #nixos
<sphalerite> pareidolia: simplest "solution" is probably just adding the official binary cache back anyway.
<sphalerite> pareidolia: but you'll probably also want to go to 18.09 rather than just 18.03
<pareidolia> sphalerite: How do I add them back?
phreedom has quit [Quit: No Ping reply in 180 seconds.]
b has quit [Quit: Lost terminal]
<sphalerite> pareidolia: remove "lib.mkForce" from the binary caches line
<sphalerite> oh wait no that won't be enough probably
<sphalerite> you'll need to add https://cache.nixos.org to the list
phreedom has joined #nixos
<sphalerite> I think that might be enough
<{^_^}> [nixpkgs] @schneefux opened pull request #48013 → Add licenses → https://git.io/fxsPf
<pareidolia> I'll give it a try
<Acou_Bass> cool to see cache.nixos.org has aarch64 binaries for stable channels now, used to just be unstable
* Acou_Bass wants to putit on his pi3 now
<pareidolia> I can't use them on my Pi2 though
<samueldr> Acou_Bass: still not up to parity with the stable channels, so hard-to-build things aren't yet availble, but personally running it on a couple boards and it works fine for what I use
* sphalerite is running aarch64 nixos on his chromebook without a hitch
<sphalerite> well except maybe not having haskell
<Acou_Bass> cool
<Acou_Bass> i ran aarch64 nixos on my pi3 when 17.09 was the latest (though i was on unstable) and it was pretty sweet, just a couple things missing that made me go back to the other distro
<Acou_Bass> buuuuut... i reckon looking at it i could probably use 18.09 fully now, and if anything needs building i can just cross-compile with my two other computers running nixos hehe
obadz has quit [Ping timeout: 252 seconds]
<sphalerite> cross-compiled stuff is more problematic than native stuff
<Acou_Bass> huh
<Acou_Bass> fair enough
<sphalerite> especially in terms of "it actually builds"
<Acou_Bass> BUT i will say... back then, i dont think i had to build anything (and if i did, it was something small that built fast on the pi3 anyway), my usage isnt ridiculously complex, just standard home server stuff
<Acou_Bass> soo... i probably wont even need to cross-compile
<sphalerite> yeah that should be fine
astronavt has quit [Ping timeout: 260 seconds]
<Acou_Bass> i think back then i had trouble with the znc configuration because i was doing it in configuration.nix (rather than making it mutable + configurable via admin interface)
<Acou_Bass> and for some reason that just messed everything up :P
GiGa has quit [Quit: Leaving]
Rusty1 has joined #nixos
<{^_^}> [nixpkgs] @schmittlauch opened pull request #48014 → backport tor-browser-bundle-bin minor update → https://git.io/fxsXT
leothrix has quit [Ping timeout: 252 seconds]
<schmittlauch[m]> ^ Can someone review the backport of tor-browser-bundle-bin update?
leothrix has joined #nixos
Ariakenom has joined #nixos
magnetophon has quit [Remote host closed the connection]
lesh has quit [Quit: WeeChat 2.1]
<makefu> schmittlauch[m]: i used all my non-maintainer powers
<andi-> schmittlauch[m]: on it, actually have it locally just not pushed /o\
<{^_^}> [nixpkgs] @andir merged pull request #48014 → backport tor-browser-bundle-bin minor update → https://git.io/fxsXT
<{^_^}> [nixpkgs] @andir pushed 2 commits to release-18.09: https://git.io/fxs1p
<{^_^}> [nixpkgs] @rnhmjoj opened pull request #48015 → haskellPackages.shell-conduit: fix build → https://git.io/fxs1h
<makefu> just under 30 minutes!
<andi-> I spent a few hours looking into how and why we build the non-bin tor-browser-bundle how we do it.. Decided to not touch it until tomorrow :-)
<samueldr> andi-: if it helps, IIRC oxij knows that bit
<andi-> samueldr: I know and that part of the mistery for for me.. we use a fork of tor for that where it is super critical not to make things go wrong.. That fork that oxij uses isn't really being updated as frequently as we should
<samueldr> good, just sharing the bit I knew
<andi-> I am very close to marking the non-bin tor-browser(-bundle) as insecure with a mark to just use the binary releases..
<andi-> somehwere I have a draft issue for that but I need to clear my brain :-)
<schmittlauch[m]> andi- If you're at it anyways, you could try to figure out whether https://github.com/TheTorProject/gettorbrowser/ is deprecated, as it's still the first download source to be tried but doesn't have any v8.x builds so far
<andi-> schmittlauch[m]: did that, doesn't look deprecated or at least didn't find such a notice
<schmittlauch[m]> k
<dhess> sphalerite: if you want Haskell for aarch64 please kick the reviewers for this: https://github.com/NixOS/nixpkgs/pull/47901
<{^_^}> #47901 (by dhess, 2 days ago, open): haskell: re-enable aarch64, but disable parallel builds on that arch.
mayhewluke has quit [Ping timeout: 245 seconds]
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mayhewluke has joined #nixos
<{^_^}> [nixpkgs] @nh2 opened pull request #48017 → `nload` output corrupts a few seconds after starting. → https://git.io/fxsDJ
<trebuh> Anyone has got a working example of configuration file using BTRFS over LUKS ?
kp__ has joined #nixos
<Acou_Bass> i thought i did but for some rason its missing hardware-configuration.nix (and so ive no way of telling you if it is actually btrfs or not) XD sorry
<Acou_Bass> might still be vaguely helpful? https://gist.github.com/AcouBass/4f5bcb3410f14bd5063a718b1d53bc4c
<Acou_Bass> its got a keyfile on a separate (usb) drive to unlock the LUKS drive
kyren has quit [Remote host closed the connection]
<lingeeal> I've created a project with 'cabal init', added
<lingeeal> yesod lib and ran cabal2nix. When in shell I get
<lingeeal> ideas?
<lingeeal> libHSmtl-2.2.2-8XubxMJDT8QLsstvlNotkc.so'. Any
<lingeeal> 'can't load .so/.DLL for:
<Acou_Bass> wow... just realized how old that configuration is, but i dont think the luks part has changed any
<hodapp> okay, that's weird... "nix-env -i -A draftsight" just returns immediately with no error, "nix-env -i draftsight" just says that doesn't match anything
Diagon has quit [Read error: Connection reset by peer]
<Acou_Bass> add the channel name too
<Acou_Bass> eg nix-env -iA nixos.draftsight
<hodapp> but why would the former just fail silently?
<hodapp> it's failing silently with nixos.draftsight too
<Acou_Bass> hmm
<Acou_Bass> you already got it installed in configuration.nix?
<hodapp> it's seemingly not installed anywhere
<Acou_Bass> huh
<Acou_Bass> weird
<hodapp> oh, I needed allowUnfree
<Acou_Bass> ahhhh right :D
<Acou_Bass> i always forget to do that
<hodapp> failing silently isn't the way to convey it needs done
trevorriles has joined #nixos
Berra has quit [Remote host closed the connection]
edef has quit [Remote host closed the connection]
edef has joined #nixos
alex`` has quit [Ping timeout: 252 seconds]
<{^_^}> [nixpkgs] @samueldr merged pull request #47901 → haskell: re-enable aarch64, but disable parallel builds on that arch. → https://git.io/fxYy2
<{^_^}> [nixpkgs] @samueldr pushed 2 commits to master: https://git.io/fxsSn
<bgamari> How does one force a build *without* nix-daemon under NixOS?
jasongrossman has quit [Remote host closed the connection]
<symphorien> sudo ?
<bgamari> that will certainly avoid nix-daemon?
<symphorien> I think so
<bgamari> hmm, indeed it seems it does
<bgamari> then I'm terribly confused
<symphorien> iirc the logic is: if write permission, build directly, else, try with the daemon
<bgamari> it seems that none of the nix tools can resolve domain names
<bgamari> name resolution works fine otherwise
alex`` has joined #nixos
<gchristensen> hmm maybe pkill nscd and nix-daemon
<bgamari> already tried this
<bgamari> and confirmed just now that it makes no difference
<symphorien> what is nscd for, actually ?
* bgamari wonders what curl is being used here
sigmundv__ has quit [Ping timeout: 268 seconds]
<nh2> bgamari: strace all the things?
<bgamari> yeah, I tried that last night; needless to say it produced quite a torrent
<nh2> even with filters for your curl question, e.g. `strace -fyp YOURPID -e execve 2>&1 | grep -v ENOENT | grep curl`?
<bgamari> hmm, alright, found the curl being used and it seems to work fine
<nh2> you might also try to look directly who it asks for the DNS, I'd suspect it to be an `-e sendto` via UDP
fendor has joined #nixos
<dhess> samueldr: whoa you merged that Haskell aarch64 change without reviews from the Haskell reviewers? :)
<samueldr> as I described, self-contained enough to I think not cause issues
<dhess> well everyone, get ready for some GHC aarch64 hotness!
<samueldr> worst case scenario: builds fail on aarch64 for other reasons, nothing else changes :)
<dhess> it does build a ton of important packages.
<bgamari> hmm, I see a connect to 127.0.0.1:53
<dhess> tls, however, dies on a couple of tests, so it can't get *too* far. I'm not sure whether those are legit aarch64 issues or if it's just a CI server timeout thing
<bgamari> but indeed no one is listening on that address
<dhess> peti logged an issue on the tls GitHub about CI failures in 1.4.1, though those were for x86-64 and slightly different failures.
* bgamari strongly suspects that GHC is a bit broken on AArch64 still
<bgamari> I've seen segfaults on my local AArch64 box while running haddock
<{^_^}> [nixpkgs] @eadwu opened pull request #48019 → linux_testing: 4.19-rc6 -> 4.19-rc7 → https://git.io/fxsSS
<samueldr> symphorien: can't find recent notes, but nscd is required for hostname resolutions for some reason (that I can't remember) on NixOS
<symphorien> I have disabled it for a few week as a test and haven't experienced any downside
* bgamari has no idea why curl is trying to use localhost as a DNS resolver
<samueldr> I think it's related to nss modules
fendor has quit [Client Quit]
<bgamari> especially only when run under nix
<samueldr> so symphorien, if you were to add avahi mdns it wouldn't resolve, IIUC
worldofpeace has joined #nixos
<symphorien> hum. ok. Any reason it is enabled by default, and not enabled by the corresponding options like services.avahi.nssmdns ?
<samueldr> no idea
<bgamari> what precisely does nix-build do to the environment that it runs a builder in?
<trebuh> Acou_Bass: Thanks for your file, I can try to work with that.
* bgamari has attached gdb to the curl in question and the environment variables look unsurprising
<Acou_Bass> trebuh: im glad you asked because im looking at a similar nixos install soon :P
<trebuh> It's for my server so, BTRFS over LUKS for / /boot not encrypted. I also will be working with BTRFS Raid feature
<trebuh> no worries, glad I got you thinking about it
<Acou_Bass> yeah ive got a laptop and a Pi 3 that need the nixos treatment both of which im going for btrfs/luks on i think
<Acou_Bass> though none have raid
<trebuh> I could be able to adapt
<trebuh> I think I'm going to stick to Archlinux for my laptop though
Ericson2314 has joined #nixos
<bgamari> huh, so nix-build itself has no trouble resolving names
<bgamari> it seems only the curl sessions of the builder are affected
<bgamari> Does nix try to sandbox the builder in any way?
<bgamari> ahh
<bgamari> indeed it does
<bgamari> the issue appears to be due to sandboxing, in fact
<bgamari> passing `--option sandbox false` allows the build to proceed
<hyper_ch> on low memory systems - how to not make Nix daemon out of memory when trying to upgrade?
<bgamari> hyper_ch, add swap?
jD91mZM2 has quit [Quit: WeeChat 2.2]
* bgamari hopes that the memory consumption story is better in 18.09
<hyper_ch> and if you don't have space for adding swap?
<{^_^}> [nixpkgs] @Mic92 merged pull request #47996 → charybdis service: bin/charybdis-ircd -> bin/charybdis → https://git.io/fxsEE
<{^_^}> [nixpkgs] @Mic92 pushed 2 commits to master: https://git.io/fxs9r
<{^_^}> [nixpkgs] @Mic92 pushed commit from lassulus to release-18.09 « charybdis service: bin/charybdis-ircd -> bin/charybdis »: https://git.io/fxs9i
Diagon has joined #nixos
lassulus has quit [Ping timeout: 272 seconds]
<{^_^}> [nixpkgs] @Vskilet closed pull request #47910 → nixos/emby : use the dataDir option → https://git.io/fxOYH
Diagon has quit [Read error: Connection reset by peer]
tg has quit [Excess Flood]
<Acou_Bass> hyper_ch: comment out packages a block at a time, then do a final rebuild with them all activated (once youve got them all downloaded/stored in your nix store)?
<bgamari> hyper_ch, right
<Acou_Bass> orrrr store your nix store remotely
<{^_^}> [nixos-artwork] @Ericson2314 opened pull request #39 → Rename some SVG identifers for clarity → https://git.io/fxsHT
fendor has joined #nixos
<bgamari> I would try to pare down my installation as much as possible
Piece_Maker has joined #nixos
<bgamari> hyper_ch, actually, perhaps you can just upgrade nix?
<bgamari> hyper_ch, the version in 18.09 should hopefully better from the space usage perspective
<bgamari> hyper_ch, so if you `nix build nixpkgs.nix` and then use result/bin/nixos-rebuild to build your new system things might work out
Acou_Bass has quit [Ping timeout: 252 seconds]
Piece_Maker is now known as Acou_Bass
tg has joined #nixos
<sphalerite> dhess: how to get your PR merged. 1. Complain on IRC
<dhess> sphalerite: hehehe
<hodapp> if complaining on IRC got PRs merged, I'd have millions
<sphalerite> hodapp: it might take several attempts ;)
<dhess> Hey I've got a question about a feature mentioned in the 18.09 release notes. Specifically, it's this bit: "A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs."
<dhess> and then there's the example that starts "inherit (pkgs.nixos) .."
<{^_^}> Channel nixpkgs-18.09-darwin advanced to https://github.com/NixOS/nixpkgs/commit/617607e0437 (from 21 minutes ago, history: https://channels.nix.gsc.io/nixpkgs-18.09-darwin)
<dhess> I don't really follow. Anyone got an example of that?
kreisys has quit [Ping timeout: 268 seconds]
trevorriles has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Diagon has joined #nixos
<hyper_ch> on low memory systems - how to not make Nix daemon out of memory when trying to upgrade?
<hyper_ch> it aborts at busybox
<Acou_Bass> is it RAM youre running out of, or HDD space...? and if its HDD space, how small of a HDD are you trying this on?
<Acou_Bass> and if it is HDD... you could probably run a really aggressive garbage collect command first, then it shouldnt take up any more space than a standard upgrade
lassulus has joined #nixos
patrl has joined #nixos
<hyper_ch> it's ram - no swap
<hyper_ch> 4gb ram
<Acou_Bass> and why cant you add swap again? this should use HDD space
<bgamari> hyper_ch, I would try using a newer nix
<bgamari> there have been some recent fixes in this area
random_yanek has joined #nixos
<hyper_ch> bgamari: I'm trying to upgrade and it just keeps running out of memory
<hyper_ch> Acou_Bass: how would I add swap?
orivej has quit [Ping timeout: 272 seconds]
<clever> hyper_ch: fallocate /swap -l 3g ; mkswap /swap ; swapon /swap
<Acou_Bass> ^ clever beat me :D
<hyper_ch> clever: swap on zfs?
<clever> zfs and swap dont play nicely
<clever> you need a real partition if you have zfs
<hyper_ch> see the problem :)
<clever> and you cant resize a zfs device either, so you need a new disk
<clever> cant shrink zfs*
<gchristensen> seems smart to reserve a gb or two for the unpredictable
<{^_^}> [nixos-weekly] @domenkozar merged pull request #68 → 11: add Fastly → https://git.io/fxmPE
<{^_^}> [nixos-weekly] @domenkozar pushed 2 commits to master: https://git.io/fxsHj
<clever> ive ran nixos on a machine with 4gig of SSD, and thats it
<Mic92> hyper_ch: if the problem is evaluation you can use nixops to deploy from a stronger machine.
<clever> it barely had room for 2 nixos generations
orivej has joined #nixos
<gchristensen> heh I know that feeling
BlessJah has left #nixos [#nixos]
<Acou_Bass> i wasnt even aware that using nix on a (running) system used so much RAM... i know the liveCD installer does because the entire system runs in RAM, but an installed system?
<typetetris> is there any advantage to booting in uefi+secure boot to booting with legacy mode?
<clever> Acou_Bass: when downloading a .nar and unpacking it, the entire nar was held in a std::string
<hyper_ch> so, finally was able to upgrade... dropping arc cache helped
<clever> typetetris: when booting in legacy, a virus can in theory replace your bootloader, and then boot your OS inside a VM
<clever> typetetris: and then its basically imposible to detect what its doing
<clever> uefi also suffers from that, if secureboot is off
<typetetris> clever: ok, so there at least is a reason to torturing myself with that :)
<typetetris> So every time systemd-boot or the kernel gets updated, i will need to add a new trusted efi file via my bios.
lopsided98 has quit [Quit: Disconnected]
<clever> typetetris: if using public/private keys, then you just need to add the public to the bios once, and then sign everything with the private
<clever> and ensure systemd-boot validates the kernel before booting it
lopsided98 has joined #nixos
lopsided98 has quit [Client Quit]
<typetetris> clever: Hmm, having the private key around on the same machine opens up that attack vector again. Even if it was encrypted, the virus infecting my system could keylog the password or something. Maybe its better to live with the inconvenience.
<clever> typetetris: yeah, M$ gets away with it being easy, because the kernels are compiled and signed in a secure place, and the end-user never has the keys
lopsided98 has joined #nixos
<clever> apple too
<{^_^}> [nixpkgs] @erictapen opened pull request #48020 → buildRustPackage: fix regex for separating lib and bin → https://git.io/fxsQu
<typetetris> clever: "secure" translates to "single point of failure" in this case, so tinfoil hat much, we are screwed either way.
<clever> you can still use uefi without secureboot
<clever> typetetris: oh, the bootloader M$ signed with those keys, they forgot to disable a debug option that leads to executing unsigned code
<clever> so the M$ keys are basically useless now
<clever> and if they revoked those keys, every single install disk would become invalid
<typetetris> clever: didn't work for me, without secureboot, I only got the "no operating system found error" or similar.
<clever> you need to boot with efi to config the efivars, to be able to boot with efi
<clever> chicken in the egg problem
<clever> boot.loader.grub.efiInstallAsRemovable = true; gets around it, by claiming your on a removable disk
<clever> and /boot needs to be a fat32 partition, flagged as the efi system partition, in the gpt tables
<pareidolia> Where does Nix unpack sources to build? I'm getting no space left errors so I'd need to mount an external drive on there
<clever> pareidolia: usually /tmp
<typetetris> clever: I am booted with uefi + secure boot now, why do I need this efiInstallAsRemovable thing (which I don't understand) then?
endformationage has quit [Ping timeout: 246 seconds]
<clever> typetetris: oh, your in nixos, with secureboot and systemd-boot?
<typetetris> yes.
<pareidolia> clever: Thanks!
<clever> typetetris: wasnt aware that actually worked
<typetetris> It wasn't pleasent.
<clever> typetetris: many bios also horribly mislabel things in the options
<clever> my desktop doesnt even give me the option to whitelist a file
<clever> secureboot is either microsoft, or custom
<clever> and custom has zero options
<typetetris> clever: the bios gives me the option to whitelist a file.
<clever> yeah, my laptop gives me that
<typetetris> clever: not some tool in nixos.
<typetetris> acer travelmate x here.
<clever> in my case, i was able to whitelist only grub, and then it booted
<clever> which means grub is not verifying the next stage (linux) and is running unsigned code
<{^_^}> [nixpkgs] @timokau merged pull request #48013 → Add licenses → https://git.io/fxsPf
<{^_^}> [nixpkgs] @timokau pushed 7 commits to master: https://git.io/fxsQ7
<clever> a quick google implies that systemd-boot also doesnt support secureboot by itelf
<clever> so systemd-boot is probably running unsigned code
Lears has joined #nixos
[Leary] has quit [Read error: No route to host]
<typetetris> For me it went like this: 1) Configure the systemd-boot stuff in nixos 2) delete /boot/* 3) nixos-rebuild boot 4) bootctl --path=/boot install (nixos-rebuild boot didn't do it and I had to boot from an usb stick with a minimal installer and run a chroot to do it) 5) reboot and add /boot/EFI/systemd/*.efi and /boot/EFI/nixos/vmlinuz.*efi (so the systemd-boot efi file and the kernel efistub file). I needed to select reset TPM
<typetetris> stuff midway through, dunno why, maybe the bios is buggy.
<pareidolia> Grrrrrr, I still can't rebuild because of https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commit/0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch getting the wrong hash
<clever> typetetris: step 4 sounds like the chicken in the egg problem i mentioned
<typetetris> I first had a configuration, there only the systemd-boot efi file was trusted, my computer didn't boot because systemd-boot tried to load the kernel efistub file, which my computer noticed wasn't trusted.
<pareidolia> Can someone send me a NAR of /nix/store/bmh2s8hlc3jmllajarl1f9f3y38mvc9x-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch ?
<clever> typetetris: ah, that implies systemd-boot does support secureboot
<typetetris> or maybe the bios is super smart? (ok ok, probably not)
<elvishjerricco> clever: I think systemd-boot just asks efi to load the kernel as an application, which I thought secure boot checked for a signature
<pareidolia> Anyone?
<elvishjerricco> But that won't secure the command line for the kernel
<clever> elvishjerricco: ah, that might be it, i was expecting it to just load it as a file, and then pass control over without using the efi specs
<{^_^}> [nixpkgs] @timokau closed pull request #48008 → gramps: added support for recommended packages. → https://git.io/fxs66
<elvishjerricco> Not sure about the initrd....
<typetetris> elvishjerricco: hmm, but if systemd-boot doesn't let you edit the kernel boot commad line, you should be golden, or not?
<clever> typetetris: edit the config on /boot
orivej has quit [Ping timeout: 246 seconds]
<elvishjerricco> pareidolia: I'd just fix the broken hash. If it uses fetchurl, it should use fetchpatch instead since that does some normalization on the patch in case the remote changes its format
<clever> elvishjerricco: another factor of secureboot, is that the kernel should probably confirm signatures on all loadable modules
<pareidolia> elvishjerricco: How do I do that? I'm on 18.09
<typetetris> good night!
<{^_^}> Night!
<pareidolia> How do I fix a broken hash? I just point to channel 18.09
<elvishjerricco> clever: At this point I'm convinced the right way is to encrypt /boot and have grub decrypt it.
astronavt has joined #nixos
<clever> elvishjerricco: but grub itself wont be encrypted, and is still a weak point
<elvishjerricco> pareidolia: You just have to track down the Nix expression that's wrong in nixpkgs
<elvishjerricco> clever: But it'll be signed for secureboot
<pareidolia> elvishjerricco: But I can't edit /nix/... files right?
<clever> pareidolia: edit it in a `git clone` of nixpkgs
<pareidolia> clever: How do I point my system channel to that?
<clever> pareidolia: `nixos-rebuild -I nixpkgs=/path/to/nixpkgs test` i believe
<elvishjerricco> Is there a section in the manual about making changes to nixpkgs on NixOS?
<pareidolia> I can't rebuild! I don't have Git, I don't have SSH
<clever> pareidolia: nix-env -iA nixos.git ?
<pareidolia> Ah, thank goodness that works
<clever> pareidolia: you may also want to `git checkout` the rev shown by `nixos-version`
<pareidolia> clever: That one says 19.03.git.ca2ba44cab4
<pareidolia> Th
<pareidolia> There's no channel named 19.03 though
<clever> git checkout ca2ba44cab4
<clever> 19.03 is the name of nixos-unstable, which will eventually become 19.03 next march
<elvishjerricco> pareidolia: FYI, you can use `nix edit -f . PKGNAME` to quickly find the source of the broken package in your local checkout of nixpkgs
<elvishjerricco> Doesn't always work, but usually does
<pareidolia> elvishjerricco: From within a checkout?
<clever> yeah
<elvishjerricco> pareidolia: Yea
<pareidolia> I'm still stumped why I'm the only one having difficulty building NetworkManager from 18.09 though
<elvishjerricco> pareidolia: Maybe others just already have that patch file on their system. I'll give it a shot real quick
<pareidolia> elvishjerricco: That's why I thought a NAR from the store would be useful
<elvishjerricco> pareidolia: What command do I need to try to reproduce this?
<pareidolia> I'm not sure, I'm just trying nixos-rebuild switch
<elvishjerricco> pareidolia: What settings are enabled in your configuration that might be causing the requirement on that file?
<elvishjerricco> (does nix why-depends work on drvs yet?)
<pareidolia> Here it is: https://pastebin.com/wS5UVWu7 Maybe networking.hostname? Of the avahi stuff?
Diagon has quit [Ping timeout: 268 seconds]
<elvishjerricco> It does work on drvs! That'll make this easier.
<clever> elvishjerricco: nice
fragamus has joined #nixos
<pareidolia> Ok, but maybe we should be doing this with fixed-output derivation produced path '/nix/store/b532v0f48jbhw151h7v8v6ab8vshlj4z-autoconf-2.69.tar.xz' with sha256 hash '05s19ghbic9whsqsgja87qfjibm0i350daz8i2dawd2xymyc6yjg' instead of the expected hash '113nlmidxy9kjr45kg9x3ngar4951mvag1js2a3j8nxcz34wxsv4'
magnetophon has joined #nixos
<pareidolia> Because the SD card image is based on the unstable channel
<pareidolia> And this is the error I get with the unstable channel
<elvishjerricco> pareidolia: Wait are you installing 18.09 or unstable?
infty has left #nixos ["WeeChat 1.4"]
<pareidolia> The SD card images for Raspberry are based on unstable
<clever> pareidolia: what does `file /nix/store/b532v0f48jbhw151h7v8v6ab8vshlj4z-autoconf-2.69.tar.xz` output?
<pareidolia> I don't have file
<elvishjerricco> pareidolia: Ok, but which version are you installing? You can install 18.09 from an unstable SD disk
<pareidolia> That's a relief
<clever> pareidolia: try just less then, is it binary?
<pareidolia> clever: Yes, it is
<clever> then its not a 404 page
<pareidolia> But I'm going to change back to 18.09 since I prefer a stable channel, and we're back at the NetworkManager thing
<pareidolia> clever: I find it puzzling that it's even in the store
<pareidolia> Why would Nix keep it in the store if the hash doesn't check out?
<elvishjerricco> pareidolia: Maybe let's try installing 18.09 directly rather than downgrading after unstable
<clever> pareidolia: it leaves it in the store, but doesnt register it as valid
<elvishjerricco> pareidolia: Nix keeps failed builds in the store for some reason
<clever> pareidolia: that allows you to inspect it and see why its wrong
<elvishjerricco> I don't like that about it
<elvishjerricco> Wish it only did that with --keep-failed
<pareidolia> elvishjerricco: But there is no 18.09 SD image AFAIK
<elvishjerricco> pareidolia: You can install 18.09 from the unstable SD image
<pareidolia> Then I run into the Networkmanager thing
patrl has quit [Ping timeout: 264 seconds]
infty has joined #nixos
<elvishjerricco> pareidolia: I'm confused... I thought that was just when you tried installing normally, i.e. unstable
<pareidolia> When I'm on the 18.09 channel, and I try rebuild, then I get the Networkmanager patch thing
<elvishjerricco> pareidolia: rebuild? Like this is post-installation?
<pareidolia> Well, there's this image you dump on the SD card, then you boot from it, edit the configuration.nix and rebuild
<elvishjerricco> ooohhh
<elvishjerricco> Right, i forgot aarch64 is weird
<pareidolia> I'm on armv7
<pareidolia> Not aarch64
<elvishjerricco> Sure, same weirdness
lostman has joined #nixos
<pareidolia> The documentation makes it seem very simple
<elvishjerricco> I'm used to the x86(_64) stuff where you have a separate install CD and run nixos-install to install the thing
<elvishjerricco> pareidolia: Ok, I understand now. We need to track down which option is actually causing the patch to be required so we can fix it. Let me try to conjure the proper why-depends command
<dhess> You can do that with the ARMs as well (/install CD/SD card/)
<pareidolia> dhess: Raspberry Pi can boot from CD?
<elvishjerricco> nix why-depends $(nix-instantiate "<nixpkgs/nixos>" -A system) /nix/store/bmh2s8hlc3jmllajarl1f9f3y38mvc9x-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch
<dhess> pareidolia: maybe. But what I meant is, you can boot off and SD card and then install to a fresh medium
<elvishjerricco> pareidolia: What does that do?
<dhess> if you have some other form of storage available like an eMMC or a SATA disk (or even an nVMe card if you have a PCIe slot)
<pareidolia> I have an USB disk attached for swap
<clever> the rpi doesnt have pci or sata
<pareidolia> elvishjerricco: It's rumbling now. What does "nix-instantiate "<nixpkgs/nixos>" -A system" do?
<dhess> clever: no, but other aarch64's do
<dhess> like the Jetson sseries
<pareidolia> elvishjerricco: Does it make all the DRV files for the entire system?
<elvishjerricco> pareidolia: rumbling? nix-instantiate gives you the drv file of a derivation. In this case the nixos system config
<pareidolia> elvishjerricco: Rumbling = progress output
<pareidolia> Right now it's stuck at [0.0 MiB DL] querying dbus-1 on http://nixos-arm.dezgeg.me/channel
<elvishjerricco> Huh...
<elvishjerricco> what's your `nix --version`?
<elvishjerricco> Should be 2.1 right?
<pareidolia> nix (Nix) 2.1
<elvishjerricco> Yea that shouldn't go to download anything I thought...
<pareidolia> Can I just remove the cache from configuration.nix
<elvishjerricco> pareidolia: Oh, I think we need the drv of the patch, not the patch itself. What happens if you run `nix-store -qd /nix/store/bmh2s8hlc3jmllajarl1f9f3y38mvc9x-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch`?
<elvishjerricco> pareidolia: Removing the cache would be a bad idea :P
<dhess> elvishjerricco: I think I saw a GitHub issue somewhere that you've been cross-compiling Haskell for android or something like that?
slack1256 has joined #nixos
<elvishjerricco> dhess: Yea a bit.
<dhess> elvishjerricco: how does that work with TH?
<pareidolia> elvishjerricco: It says /nix/store/kqm33bcikjn3g9p9axfysiy7qiy48kdj-0a3755c1799d3a4dc1875d4c59c7c568a64
<elvishjerricco> The guys at obsidian systems have been doing it a lot. I just helped out getting it started, and have since cross compiled NixOS itself to aarch64
<elvishjerricco> dhess: TH does not work yet, but they're working on a hack
<elvishjerricco> pareidolia: Whaa... It should have given a .drv file
<pareidolia> elvishjerricco: I'm sorry
<clever> elvishjerricco: only for valid outputs
<pareidolia> elvishjerricco: Forgive my swearing but I'm on fucking SERIAL TTY
<dhess> elvishjerricco: you can't get very far in the ecosystem without TH, can you?
<clever> pareidolia: can you pastebin the whole output of nixos-rebuild when it fails?
<pareidolia> elvishjerricco: It cut off the output because nix uses less
<elvishjerricco> dhess: Surprisingly, you can
<clever> dhess: iserv-proxy can help with TH
<dhess> elvishjerricco: huh, interesting! I'll have to give it a try then
<dhess> elvishjerricco: have you done any ios cross-compiling with aarch64, or only android?
<clever> dhess: running iserv-proxy under nodejs solves it for ghcjs, and under wine solves it for linux->windows
<pareidolia> /nix/store/kqm33bcikjn3g9p9axfysiy7qiy48kdj-0a3755c1799d3a4dc1875d4c59c7c568a64kdj-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch.drv
<elvishjerricco> dhess: Yea reflex gets by without it entirely OK. But they're working on splicing TH splices from native builds into cross builds
<elvishjerricco> pareidolia: Ah, great
<pareidolia> I pasted it wrong
<pareidolia> Damn!
<clever> dhess: i think angerman has done x86->ios cross-compiles with TH
<elvishjerricco> pareidolia: Ok, now try the `nix why-depends` command but replace the .patch path with that path
<dhess> clever: yeah but not with Nixpkgs as far as I know
<elvishjerricco> clever: Yea, but I can't imagine being able to automated that with nix
<pareidolia> I think it's still wrong since it doesn't exist
<pareidolia> I'm going crazy in this fucking picocom shit
simukis has quit [Quit: simukis]
<elvishjerricco> Since it requires an iphone to be connected and to dish out builds to the phone
<clever> elvishjerricco: yeah, you would need to use qemu-user-arm, and not a real ios device
<elvishjerricco> pareidolia: Oh the .drv path doesn't exist?
astronavt has quit [Read error: Connection reset by peer]
<dhess> I actually don't care *that* much about TH at this point, I just want to start putting a toe in the water to test Nixpkgs-based GHC cross builds to iOS
<elvishjerricco> clever: Couldn't really run ios-bound objects there, could you?
<dhess> I'd settle for a little "hello world" at this stage.
<pareidolia> elvishjerricco: It does
<elvishjerricco> dhess: reflex-platform can do that out of the box
<pareidolia> elvishjerricco: Now that I pasted it correctly
<dhess> elvishjerricco: to iOS?
<elvishjerricco> dhess: Yea
<clever> elvishjerricco: if your TH is touching ios objects, your probably doing something wrong
<elvishjerricco> clever: No, the actual machine object files that iserv has to load and execute
<dhess> elvishjerricco: cool! Does this work with mainline Nixpkgs or do you have a fork of some kind?
<elvishjerricco> clever: Like, they're going to be apple/ios formatted and depend on apple/ios libs
<pareidolia> elvishjerricco: Ok, it's running
<clever> elvishjerricco: yeah, you would need a non-ios arm os, to run iserv under
<elvishjerricco> dhess: The effort to bring reflex-platform to mainline nixpkgs is... ongoing.
<clever> hmmm, but ghc may still have trouble targeting 2 arm at once
<dhess> ok
<elvishjerricco> clever: Can a different OS load object files compiled for iOS?
<elvishjerricco> clever: Right, the whole reason we need an iOS device is because GHC can only target one triple
<elvishjerricco> Otherwise we'd just run the TH on the build platform
<clever> elvishjerricco: another solution is to compile the TH with a different ghc
<dhess> I can't imagine that TH is actually platform-dependent in like 99% of the use cases
<elvishjerricco> dhess: The amount of time and work that's been required to get reflex-platform on a newer nixpkgs has been a serious deterrent for me. And I say that as someone who's been a strong proponent for it. But if it takes a year of work to update it every time... no thanks.
<elvishjerricco> clever: Yea that's the splicing trick obsidian is trying to do now
<dhess> elvishjerricco: yeah I know. That makes me sad.
<elvishjerricco> They patched GHC to be able to serialize TH splices so that they can be loaded by a cross compiler
<dhess> I totally understand, it just sucks that it's the reality of developing with nixpkgs sometimes.
<elvishjerricco> dhess: Honestly I think it's just the absurd weight of the excessive number of things reflex-platform does
<dhess> elvishjerricco: yes, if I'm honest, I'm a bit reluctant to try it out as a fast path to getting iOS GHC binaries :)
<pareidolia> elvishjerricco: Still [0.0 MiB DL] querying dbus-1 on http://nixos-arm.dezgeg.me/channel
<dhess> I don't need the reflex bits at this point (though I might in the future)
<elvishjerricco> Like, ideally reflex-platform would hardly exist. We'd just have reflex-dom on Hackage, so it'd be in nixpkgs, and it'd build automatically on GHC and GHCJS, and we'd just use the mobile cross support in nixpkgs to get cross builds for free
<elvishjerricco> pareidolia: That's really weird...
<pareidolia> elvishjerricco: Can't I just import a NAR from somewhere?
<dhess> elvishjerricco: are you not able to get to that point because there is functionality missing in Nixpkgs, or is it because you were doing all this cross stuff before it was mainstreamed and now there are just so many differences?
<elvishjerricco> pareidolia: Someone's going to have to show up with one. But you're not the only one who will have this issue, so I'd rather fix it
<elvishjerricco> dhess: The latter. The reunification branch of reflex-platform is the attempt to switch to the upstream stuff
<elvishjerricco> And it's just a lot of work
<dhess> right
<dhess> technical debt :(
<elvishjerricco> Plus there's a ton of other things that it does that also need updating
<elvishjerricco> pareidolia: Is it the why-depends command or the nix-instantiate command that's hanging?
<dhess> elvishjerricco: are you using reflex-platform commercially?
<elvishjerricco> dhess: My company is, yea
<elvishjerricco> er
<dhess> interesting.
<elvishjerricco> the company i work for
<elvishjerricco> Formation AI
<elvishjerricco> (I do not own Formation AI :P)
<srhb> elvishjerricco: ;P
<elvishjerricco> dhess: But even the team using it isn't using it wholesale. Just pulling bits and pieces, since they only care about the GHCJS build
orivej has joined #nixos
<elvishjerricco> pareidolia: Oh
<elvishjerricco> I just had a silly simple idea
<elvishjerricco> What's the error message about the wrong hash? We can use the expected hash to grep the source code of nixpkgs for the package definition
<pareidolia> Let's try it
<pareidolia> elvishjerricco: Whoa, it's unstuck
<elvishjerricco> ?
<pareidolia> elvishjerricco: See https://pastebin.com/1xz745Pg
<pareidolia> elvishjerricco: Anyway the expected hash is 0bizaf2yf93hwkrrjcl3fhawyhmw9dzq9pc283dxmmpxqvvif5xg
<elvishjerricco> Yea just find what file in nixpkgs has that string
<pareidolia> So I do git checkout 18.09
<pareidolia> Since I'm on the 18.09 channe right?
<elvishjerricco> pareidolia: git checkout release-18.09
<pareidolia> Ooooh
<pareidolia> grep 0bizaf2yf93hwkrrjcl3fhawyhmw9dzq9pc283dxmmpxqvvif5xg * -R
<pareidolia> Returns nothing!
<elvishjerricco> pareidolia: Oh that's weird. Maybe grep your actual nixpkgs channel instead of the git checkout just to see?
<pareidolia> elvishjerricco: How do I find it?
<elvishjerricco> Maybe this has been fixed in between the version of your channel and the latest release commit
<{^_^}> [nixpkgs] @makefu opened pull request #48021 → uhub: re-enable sqlite plugin → https://git.io/fxsdD
<elvishjerricco> pareidolia: I'm... not actually sure. Heh I don't actually use channels
<elvishjerricco> pareidolia: nix eval -f "<nixpkgs>" path
<elvishjerricco> ?
<pareidolia> Genius!
<pareidolia> /nix/store/mrnc0fns7xm9f125jy1qkizws15g1vi6-nixos-18.09.776.6a3f5bcb061/nixos
<elvishjerricco> pareidolia: Does grepping there return anything?
<pareidolia> Why is this in there
<pareidolia> lrwxrwxrwx 1 root root 1 Jan 1 1970 nixpkgs -> .
<elvishjerricco> pareidolia: Hm. I dunno
<pareidolia> Nothing there :'(
[Leary] has joined #nixos
<pareidolia> Grep returns nothing
<elvishjerricco> Grep /nix/store/mrnc0fns7xm9f125jy1qkizws15g1vi6-nixos-18.09.776.6a3f5bcb061/, no trailing "nixos"
<elvishjerricco> and I guess make sure there aren't symlink indirections blocking grub
<elvishjerricco> grep*
<pareidolia> Still nothing
<elvishjerricco> pareidolia: Well that's extremely odd
<elvishjerricco> How could it be expecting that hash if no source code actually declares it?
<pareidolia> Ok. From the top
<clever> elvishjerricco: base16 vs base32 hash
<clever> use the nix-hash util to convert it
<pareidolia> Argh!
Lears has quit [Ping timeout: 252 seconds]
lingeeal has quit [Ping timeout: 252 seconds]
<clever> nix will normallize the hash when display, so it may not display what was in the nix file
<elvishjerricco> clever: Huh... Dunno if that's a good thing or not
<elvishjerricco> but TIL. Good to know :P
<pareidolia> What kind of hash is it
<pareidolia> error: hash '0bizaf2yf93hwkrrjcl3fhawyhmw9dzq9pc283dxmmpxqvvif5xg' has wrong length for hash type 'md5'
<clever> probably sha256 or 512
<clever> $ nix-hash --to-base16 --type sha256 0bizaf2yf93hwkrrjcl3fhawyhmw9dzq9pc283dxmmpxqvvif5xg
<clever> af1717f7c6fdd6dadb4082dd847f4bbc42cf1574833299f3e47024e785533f2e
<clever> pkgs/tools/networking/network-manager/default.nix: sha256 = "af1717f7c6fdd6dadb4082dd847f4bbc42cf1574833299f3e47024e785533f2e";
<elvishjerricco> clever: Nice
<clever> it should be using fetchpatch, not fetchurl
<elvishjerricco> clever: Yea, I guess gitlab changed their patch format/
<elvishjerricco> ?
<clever> yeah, thats likely it
<pareidolia> So I do git checkout 6a3f5bcb
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<pareidolia> I change fetchurl to fetchpath
astronavt has joined #nixos
<clever> the hash will also need to be updated, and then it should build
<clever> fetchpatch will normalize the patch to prevent this kind of issue from occuring again
astronavt has quit [Max SendQ exceeded]
<pareidolia> Can I just do a nix-prefetch-url ?
<elvishjerricco> Hm
<gchristensen> no
<elvishjerricco> That derivation builds fine for me though
<clever> nix-prefetch-url cant normalize the patch
<gchristensen> ,tofu pareidolia
<{^_^}> pareidolia: To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<elvishjerricco> No I think there might be something else at play here... I am able to build that derivation exactly...
astronavt has joined #nixos
<elvishjerricco> Ah
<elvishjerricco> It works for me because I'm getting it from https://cache.nixos.org
<elvishjerricco> carry on :P
<pareidolia> Ok, but can't you just make a NAR for me?
fragamus has joined #nixos
<pareidolia> Or can I download a nar from https://cache.nixos.org ?
<elvishjerricco> pareidolia: At this point I think it's easier (and more trustworthy than random ole elvishjerricco's binaries :P) to just change the hash and build off your checkout
<gchristensen> no, since it is rpi2
<pareidolia> But it's just a patch
<pareidolia> I can get just the patch right?
<elvishjerricco> gchristensen: Shouldn't they still be getting the binary from cache.nixos.org anyway, since it's a fixed output derivation?
<elvishjerricco> Or does the arm SD image not use that cache?
kp__ has quit [Quit: WeeChat 2.2]
<elvishjerricco> Also, how can I force Nix to try rebuilding this derivation not from the cache?
<elvishjerricco> --no-substitute, duh.
<gchristensen> (1) I don't know (2) I dn't think so because preferLocalBuild = true;
<elvishjerricco> gchristensen: Weird. It grabbed that derivation from the nixos cache for me... I had to do --no-substitute to get the same build failure
<gchristensen> so nix won't check but evidently hydra publishes it anyway
<gchristensen> so maybe pareidolia can nix-store -r it
mayhewluke has quit [Ping timeout: 246 seconds]
<clever> elvishjerricco: if you can get it from both the cache, and the failed path, try to diff them, confirm what has changed
<elvishjerricco> gchristensen: ... but it did check for me. That's where I got it from :P
<elvishjerricco> clever: Good call
mayhewluke has joined #nixos
<clever> that looks like some stray text at the end of the patch
<clever> why is it even there? lol
<elvishjerricco> It is
<pareidolia> So the patch actually changed? How did they do that with a commited file?
<clever> pareidolia: it looks like some stray text after the patch, and its not a commited file but rather a commit being rendered as a patch
<elvishjerricco> pareidolia: The patch didn't change, semantically. Gitlab is just formatting it slightly differently with different non-patch-text
<pareidolia> Ah ok
<elvishjerricco> But applying this patch will have the same effect as the other
<elvishjerricco> using fetchpatch ought to rid us of this problem entirely
pie_ has joined #nixos
<pareidolia> Can I just get nar of your correct patch please
<elvishjerricco> pareidolia: Why not just change the has in nixpkgs?
<elvishjerricco> hash*
<pareidolia> I have the checkout on another machine right now
<gchristensen> so re check it out
<pareidolia> I don't have git
<elvishjerricco> pareidolia: You can get it from https://cache.nixos.org regardless
<elvishjerricco> nix copy --from https://cache.nixos.org /nix/store/6s9iyi0rb9fdcif84dyq5fndy3kvwf35-0a3755c1799d3a4dc1875d4c59c7c568a64c8456.patch
<pareidolia> I'm trying to install it right now
<pareidolia> elvishjerricco: {unicode heart emoji}
<pareidolia> So if I'm understanding correctly
<pareidolia> I'm the only one getting this problem because the rpi cache lacking the file forces me to fetch it from the originating url instead of cache.nixos.org
<elvishjerricco> pareidolia: I guess. Does your system not use cache.nixos.org?
<clever> pareidolia: grep subs /etc/nix/nix.conf
<gchristensen> no, the derivation is marked as prefer local build so it doesn't look in caches for it
<elvishjerricco> gchristensen: But it actually did for me
<pareidolia> clever: substituters = http://nixos-arm.dezgeg.me/channel
<clever> pareidolia: adding cache.nixos.org to that may prevent the issue
<gchristensen> you didn't try to build it, you skipped the evaluation step
<elvishjerricco> gchristensen: Nope. I did `nix-build . -A networkmanager.patches`
<gchristensen> preferLocalBuild is eval-time, nix has no idea how you decided o look for that store pathjust that you want it.
<gchristensen> bizarre
<clever> yeah
<pareidolia> Maybe I should have just gotten a Rpi3 and have saved a lot of time on aarch64
<elvishjerricco> Is this a bug in Nix then?
<pareidolia> Because that one is compiled on Hydra right?
<pareidolia> I'm downloading a lot of patches right now doing the rebuild, and so far so good
<{^_^}> [nixpkgs] @catern opened pull request #48022 → pythonPackages.mypy_extensions: use typing from stdlib on >=3.5 → https://git.io/fxsFa
<gchristensen> hydra builds for aarch64
<dhess> pareidolia: I had a similar "come to Jesus" moment with my BeagleBone Black devices. They are so nice, but compiling for armv7l is sooo painful
<pareidolia> "come to Jesus" ?
<pareidolia> I'm going to save a log of this convo and keep a note of all these magical comands
siers has quit [Ping timeout: 252 seconds]
<elvishjerricco> I'm going to go fix that patch expression :P
<gchristensen> "4. Any moment or meeting in which a frank, often unpleasant, conversation is held so as to bring to light and/or resolve some issue at hand." https://idioms.thefreedictionary.com/come-to-Jesus+moment
<dhess> pareidolia: sorry, it's a common (American?) English expression, similar to, "saw the light."
<dhess> yeah that's a better definition :) I didn't include the "unpleasant" connotation in my definition.
<dhess> anyway, point is, I eventually just moved everything to aarch64, even though I like some of the armv7l hardware better.
<pareidolia> Ok, I'm compiling all sorts of stuff now
<gchristensen> it is much easier to get good (read: big) build hw for aarch64 anyway
<pareidolia> Is probably going to take a long time, but since I'm on 18.09 I probably should have better cache availability than unstable
<dhess> gchristensen: I wish it were cheaper! Sort of strange that it hasn't been commoditized yet. I suspect some of these OEMs thought there would be more interest from server/datacenter folks that hasn't materialized.
<gchristensen> is there any cache for rpi2 at all?
<dhess> gchristensen: Dezgeg's ?
<elvishjerricco> gchristensen: I think they're using Dezgeg's cache
<pareidolia> Seems so
<gchristensen> ah...
<elvishjerricco> Dunno how populated that is though
<dhess> hey speaking of caches, anyone here using Cachix?
jackdk has joined #nixos
<gchristensen> dhess: yeah big money there to get aarch64 hw. I think they are finding big users in DCs but you don't hear about them
Ericson2314 has quit [Ping timeout: 260 seconds]
<bgamari> oh dear
<bgamari> has anyone seen this before: sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set ?
<dhess> gchristensen: I would so so like one of my own, but damn it's hard to justify the cost.
<dhess> that community builder is great! But there are a few packages I don't want to be building on it.
Ariakenom has quit [Read error: Connection reset by peer]
<gchristensen> dhess: you can rent it for a couple hours?
<dhess> but it's so much faster than my Jetson TX1 was, even for a single thread
<bgamari> indeed somehow sudo doesn't have the setuid bit set
<dhess> gchristensen: I'm running a bunch of CIs. It's not really practical to spin it up and then spin it down on demand
<dhess> not with Hydra anyway
<clever> bgamari: you need the sudo in /run/wrappers/bin
<clever> bgamari: /nix/store doesnt allow setuid bits
<dhess> If it were possible to do that with Hydra I might look into it.
<pareidolia> Anyway, thanks people!
<srhb> bgamari: Only seen it with manual installs of sudo rather than security.sudo.enable, which would indeed break..
<dhess> (I think there is something to do that with EC2 instances)
alex`` has quit [Quit: WeeChat 2.2]
<gchristensen> dhess: yeah, and some work to mke hydra do it for Packet... but nothing done enough to share..
<dhess> gchristensen: sorry, couldn't parse that. You mean you've got something like that working for the Packet aarch64 boxes?
<dhess> behind closed doors?
<gchristensen> not working, no, but no reason Packet couldn't be spun up & down dynamically using the spot market + user data to have it apply the customization automatically on boot.
fendor has quit [Quit: Leaving]
<{^_^}> [nixpkgs] @ElvishJerricco opened pull request #48023 → Fix NetworkManager patches with fetchpatch and updated hashes → https://git.io/fxsbm
<dhess> right
<dhess> well maybe it'll come to that :)
<gchristensen> for example dhess http://gsc.io/config
<dhess> gchristensen: do they support the EC2-like cloud config thing?
<gchristensen> dump that text in to the user data and it'll do the thing
<gchristensen> ^ this repo is being updated to be more clearly user-facing and not hacker-facing
<dhess> that's a pretty good idea to put a configuration.nix on a public URI somewhere!
<gchristensen> note the intallation proces will not fetch the data from that URL, you have to copy-paste the contents in
<dhess> yeah, got it.
<bgamari> clever, srhb, strangely enough, it only appears broken in my X session
<dhess> thanks for the pointer to the repo. I'll take a look at it. I think I'll need something kind of aarch64 auto-provisioner in the next couple of months.
<dhess> /something/some/
<bgamari> running sudo from another session in a VT works fine
<elvishjerricco> bgamari: is `/run/wrappers/bin` on your path in the X session?
<gchristensen> dhess: you don't need that repo btw
<dhess> Ahh ok
<{^_^}> [nixpkgs] @c0bw3b opened pull request #48024 → nsjail: 2.2 -> 2.7 → https://git.io/fxsbo
<gchristensen> that repo is how I build the installers which Paceket.net then takes from me and deploys in their datacenter, to use when someone requests a nixos server
<jackdk> how do people store secrets in a hydra setup? I am trying to set up CI against a non-public repo
<dhess> gchristensen: right, got it
<dhess> jackdk: I deploy my Hydra servers with NixOps, and I use NixOps's deployment.keys support to deploy the secrets to it.
jb55 has joined #nixos
<jackdk> Interesting idea but I don't think I'll be able to do that - I don't have control over the hydra box, just an account
<gchristensen> with jst an accont you can't do anything
<dhess> I think in that case it won't be possible to do what you want, unless you can convince the Hydra owners to install the SSH key that Hydra needs to pull from your non-public repo.
<dhess> and personally, I wouldn't be comfortable with that for other reasons :)
<dhess> unless it's your company's Hydra or something and this is for company work
<jackdk> that's basically the scenario - company hydra, company work
<dhess> in that case, just ask the admins to install the private SSH key(s) you need for the repo(s) you need to pull
<dhess> you'll need to put it in ~hydra/.ssh/id_ed25519 or whatever. Probably a good idea to make a private key dedicated to the Hydra rather than using your personal one, since this will be visible to other folks
thc202 has quit [Ping timeout: 260 seconds]
<sevanspowell> Hey I'm following the Hydra tutorial here: https://github.com/peti/hydra-tutorial on my NixOS machine.
<sevanspowell> And I'm getting this error: state file contains multiple deployments with the same name, so you should specify one using its UUID
<sevanspowell> When running this command: nixops deploy -d hydra
obadz has joined #nixos
<jackdk> dyvm dhess. I'll see how that goes.
<jackdk> s/dyvm/tyvm/
Anton-Latukha has quit [Quit: Leaving.]
obadz has quit [Ping timeout: 244 seconds]
Ericson2314 has joined #nixos
astronavt has quit [Ping timeout: 268 seconds]
obadz has joined #nixos
<{^_^}> [nixpkgs] @eqyiel closed pull request #45302 → modules/alertmanager: add clusterAdvertiseAddress option → https://git.io/fAea3
Mateon2 has joined #nixos
Mateon1 has quit [Ping timeout: 252 seconds]
Mateon2 is now known as Mateon1
LysergicDreams has quit [Ping timeout: 272 seconds]
obadz has quit [Ping timeout: 252 seconds]
jb55 has quit [Quit: WeeChat 2.2]
obadz has joined #nixos
astronavt has joined #nixos
<sevanspowell> sevanspowell: Oh, I just had multiple hydra's listed under "nixops list", destroying the duplicates fixed that problem.
<{^_^}> Channel nixos-unstable-small advanced to https://github.com/NixOS/nixpkgs/commit/fc3120ce90f (from 3 hours ago, history: https://channels.nix.gsc.io/nixos-unstable-small)
obadz has quit [Quit: WeeChat 2.2]
marusich has joined #nixos
worldofpeace has quit [Remote host closed the connection]
__monty__ has quit [Quit: leaving]
Rusty1 has quit [Quit: Konversation terminated!]
LysergicDreams has joined #nixos
carlosdagos has joined #nixos
pie_ has quit [Ping timeout: 260 seconds]
goibhniu has quit [Ping timeout: 252 seconds]
astronavt_ has joined #nixos
Aerobit has joined #nixos
Aerobit has quit [Client Quit]
astronavt has quit [Ping timeout: 252 seconds]
Aerobit has joined #nixos