<simpson>
That link is quite good. The short version is that it computes some attributes based on the package environment that `mkDerivation` belongs to, typically `stdenv`, and puts that together with your original attributes to form a new attrset.
<{^_^}>
[nixpkgs] @jtojnar pushed 158 commits to gnome-3.30: https://git.io/fxau0
<rprije>
There's a haskell package I want to get a newer version of off github (https://github.com/haskell-servant/servant-auth/tree/servant-auth-server-0.4.1.0). I used fetchFromGit but I'm getting cabal2nix error "Failed to fetch source" even though the location it says it downloaded to has a complete git clone. I think the error might be because there's no .cabal file at the top, but instead a cabal.project. How can I get this to
<rprije>
work?
midchildan has joined #nixos
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @jtojnar merged pull request #46613 → xpra: port to gtk3 → https://git.io/fAiso
<rprije>
Not that nixpkgs issue. Thanks for trying, {^_^}
<elvishjerricco>
rprije: Yea, but I'd say that's supplemental. What does your expression look like now?
<rprije>
It's a straight up pkgs.fetchFromGitHub with attributes owner, repo, rev and sha256.
<elvishjerricco>
rprije: So you're not using cabal2nix manually?
<rprije>
It's an obelisk project. I think, with low confidence, that it's calling out to cabal2nix under tho hood.
<elvishjerricco>
Ahhh
<elvishjerricco>
rprije: Just do `"${fetchFromGitHub { ... }}/SUBDIRNAME"`
<rprije>
"unexpected DOLLAR_CURLY". I'll paste up my default.nix.
<elvishjerricco>
rprije: You need the double quotes. The dollar thing interpolates the fetchFromGitHub result into a string literal, so we're basically just going from `/nix/store/...-source` to `/nix/store/...-source/SUBDIRNAME`
<rprije>
(Updated that paste. Accidental double paste due to janky mouse)
<rprije>
Ah, quotation error probably...
pie_ has quit [Ping timeout: 246 seconds]
<rprije>
I'm guessing it's nested quotation. I need to run and pick my kid up from school. Thanks for your help, elvishjerricco. If you have no further suggestions, I'll see if fixing the nested quotation works later.
<elvishjerricco>
rprije: I would expect what you have there to work
drakonis_ has quit [Read error: Connection reset by peer]
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
smolboye has joined #nixos
<rprije>
elvishjerricco, that was the lead I needed, thanks a bunch for helping me get past that blocker. I lifted out the fetchFromGitHub into a let expression for re-use and that also solved the nested quotation. On to other errors now.
<Church->
Hey stupid question, no way to pass arguments to a package when doing a install right? A la "nix-env -i PKG arg1 arg2" and have the args pushed onto buildInputs?
jasongrossman has joined #nixos
nschoe has joined #nixos
<infinisil>
Church-: nah, you need to override it like normal in Nix
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<jluttine>
I'm on nixos-unstable and haven't updated in a while. I now tried to update but "nixos-rebuild boot" raises error that "nix-repl has been removed". Yeah, I know it's removed but I would still like to be able to update my system.. Any help?
<jluttine>
(I did "nix-channel --update" before that)
<etu>
jluttine: nix-repl has been replaced by "repl" in nix aka "nix repl"
<etu>
So it's built in
<manveru>
jluttine: remove it from your systemPackages
<jluttine>
manveru: oh! :D i didn't realise it was there, thanks!
<jluttine>
I thought nixos-rebuild was broken
kittyAlana has joined #nixos
<kittyAlana>
Hi people
thc202 has joined #nixos
<kittyAlana>
So quick question, I want to install NixOS but I can't seem to find GPG-signed hashes of the releases; how should I go about verifying the authenticity of the offered iso files?
ThatDocsLady has joined #nixos
<etu>
kittyAlana: There's a sha256 served over https, people in general are happy with that
<kittyAlana>
etu: I did notice that, however most OSes also sign the hashes so that I can verify them without trusting infrastructure, is that not available on NixOS?
<jasongrossman>
kittyAlana: No.
<kittyAlana>
:( ouchie... ok well thanks for helping and I'll uhh figure out what I'm gonna do thanks
<symphorien>
kittyAlana: if you have nix installed you can build the iso yourself rather easily
<symphorien>
It might even build reproducibly (no idea)
<kittyAlana>
symphorien: Fair enough, but if Git commits aren't signed wouldn't I be back at the same problem? I mean theoretically I could just read the src but that's a lot of work and I have... work to do :(
orivej has quit [Ping timeout: 246 seconds]
<symphorien>
Well you have the same problem with gpg signatures of releases
<etu>
kittyAlana: We all have things that we would like to improve in this project. But many things really lacks man-hours
<symphorien>
You can't realistically expect the signer to read the whole source code
ckauhaus has joined #nixos
<sphalerite>
kittyAlana: yeah we had some discussions about commit signing recently
<kittyAlana>
I see...
<kittyAlana>
Sorry for the ellipsis I'm just tired it's not meant to be rude
<etu>
kittyAlana: It's all fine :-)
v0|d has joined #nixos
<kittyAlana>
I guess I'll just keep NixOS to my not-super-critical computers its fine I have like 50 thousand computers
<kittyAlana>
;3
Itkovian has joined #nixos
<sphalerite>
kittyAlana: :) I wouldn't be surprised if guix were a bit more disciplined about that sort of stuff, so that might be an option if you don't need any proprietary software
<kittyAlana>
Proprietary software = bad :3
<jasongrossman>
sphalerite and kittyAlana: I don't like proprietary software, but guix seems to me to be much less mature.
<kittyAlana>
but I rly like the aesthetic of NixOS
<kittyAlana>
Guix seems like a... how should I put this
<sphalerite>
kittyAlana: also, re signing CD images, it can't even really happen, or at least it wouldn't be a person signing it, since the ISOs are updated frequently to match the current state of the relevant channel
<kittyAlana>
Stereotypical GNU project
<sphalerite>
haha
<jasongrossman>
kittyAlana: I agree, and for small projects I think that's a good thing, but not for an OS.
<etu>
jasongrossman: What about Hurd?
<etu>
</joke>
<kittyAlana>
I haven't read the channel rules abt political discussions, but I don't like GNU. GNU software seem to universally be bad...
mayhewluke has quit [Ping timeout: 272 seconds]
<jasongrossman>
kittyAlana: I don't think we have any rules about politics, but we have #nixos-chat for off-topic things. I think most of us are in both rooms.
<kittyAlana>
ok I see!
<etu>
jasongrossman: 498 compared to 66 clients though ;)
<sphalerite>
GNU GuixSD/Hurd go go go
<jasongrossman>
Well, most of us who count. :-)
fragamus has quit [Ping timeout: 260 seconds]
mayhewluke has joined #nixos
<{^_^}>
[nixpkgs] @Mic92 merged pull request #48649 → jdk10: remove special handling for arm → https://git.io/fxa8a
<joko>
clever: hello, I noticed in your hydra-configs repository, you have both nix and json files for each project. I thought that only a json file was necessary. Are you using the nix one just to generate the latter?
TweyII has joined #nixos
<TweyII>
Why does nix-prefetch-git &c. result in JSON syntax instead of Nix?
<{^_^}>
[nixpkgs] @volth opened pull request #48658 → nixos/sshd: restart on "sshd_config" change → https://git.io/fxVfr
kimat has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
kimat has quit [Client Quit]
kimat has joined #nixos
kimat has quit [Client Quit]
kimat has joined #nixos
nbardiuk has joined #nixos
nbardiuk has quit [Client Quit]
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
Izorkin has quit [Client Quit]
bandali has quit [Changing host]
bandali has joined #nixos
<jonge>
hey there. i have a nix expression that _needs_ the certificate bundle because it operates a python app that uses liburl2. so i added SSL_CERT_FILE = "/etc/ssl/cert.pem"; to the derivation which makes it work on my mac. but this is of course not portable. what would be the portable way?
<srhb>
jonge: Probably if system == .. then ... else ...
<srhb>
I don't know of an attribute that captures this.
strobelight has quit [Ping timeout: 276 seconds]
<srhb>
And I don't know of a portable way to detect it. Quite ugly...
<{^_^}>
#8247 (by vcunat, 3 years ago, open): SSL certificates: figure out how libs/apps find them by default
<jonge>
on nixos it's /etc/ssl/certs/ca-bundle.crt, but that is composed from the system's config's bundle composition, and i guess that is not available from a nix expression that is run e.g. on my hydra instance, right?
<srhb>
jonge: Depends, but usually you're correct.
<srhb>
azazel: There are multiple callPackages around the tree. The general paradigm is that they autofill arguments in the argset from the surrounding scope
<srhb>
azazel: That is, pkgs.callPackage will autosupply any argument in an argset that is contained in pkgs
<srhb>
azazel: haskellPackages.callPackage will autofill any argument that is in haskellPackages, etc.
<srhb>
azazel: Perhaps I should say "containing attrset" rather than "scope"
<azazel>
yes, i did a git grep "callPackage =" and I saw that there are a fair number of implementations....
<srhb>
azazel: But basically, they ask for the name of every attribute in the function passed to them, and then they pass every attribute that is required by that function and is also in callPackage's attrset (pkgs, haskellPackages, ...)
<srhb>
azazel: Essentially the intersection of the called function's arguments and the "sibling" attrs to callPackage :)
ent has quit [Ping timeout: 252 seconds]
ent has joined #nixos
revtintin has joined #nixos
<azazel>
srhb: thanks... will the specialized versions fallback to a filling in like pkgs.callPackage does if nothing from their "scope" matches? will functions that take "simple args" like "stdenv: lib:" (instead of "{stdenv, lib}") will be filled in as well?
<joko>
I am trying to use nix repl with a file and I get: error: cannot auto-call a function that has an argument without a default value, even if I use the --argstr flag, any idea what's wrong?
<srhb>
azazel: I don't know whether any of them do that. it's easy to implement though.
<makefu>
robstr: isnt vmdk for vmware? you've imported virtualbox
<makefu>
ah, you are converting
<sir_guy_carleton>
so i want to change my current 18.03 install to 18.09 in place. is that recommended? also, are they any more steps beyond changing the channel and system.stateVersion?
<makefu>
mhh, the vbox works?
<robstr>
makefu: at least I'm able to boot this machone with virtualbox, but loggin in (ssh or direct) doesnt work
Izorkin has quit [Client Quit]
<makefu>
sir_guy_carleton: you probably should not change stateVersion unless you do not care about migration issues
<makefu>
robstr: ssh is running, right?
alex`` has quit [Ping timeout: 252 seconds]
alex`` has joined #nixos
<makefu>
can you check with nmap?
patrl has quit [Ping timeout: 268 seconds]
<robstr>
makefu: yes, and while this was not possible, i added `initialPassword = "bla"` and tried tirectly
<clever>
joko: hydra needs a path to the json, to describe what nix file powers the jobset, and then that nix file generates more json (dynamically), to describe the jobset
<sir_guy_carleton>
makefu: okay, thanks. i do plan on reinstalling the whole system, since i would like to get rid of windows from this machine
<{^_^}>
[nixpkgs] @peti pushed 3 commits to haskell-updates: https://git.io/fxVY3
<joko>
clever: got it, thanks ;)
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
<joko>
Is it possible that hydra evaluates stuff in another way than the one of nix repl?
<effsquared>
Hi, I am currently trying to package the lenovo-throttling-fix, which comes with its own systemd service file. I installed it to $out/etc/systemd/system, but it is not available to me via systemctl. What is the right way to package a systemd service?
<srhb>
EffSquared: It's not something we do much, instead relying on autogenerating them via the NixOS systemd module
<joko>
EffSquared: try to add your packages to systemd.packages
<effsquared>
azazel: It is howeve the first time I have heard of the nixos-hardware channel
<teto>
the doc of lib/fixed-points.nix:extends says "Modify the contents of an explicitly recursive attribute set in a way that"m how do I make the set "explicitly recursive" ? I do like recurseIntoAttrs ?
<joko>
EffSquared: derivatives in general do not install systemd services globally, you have to expose them somehow
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
<joko>
EffSquared: srhb mentioned autogeneration
Izorkin has quit [Client Quit]
<srhb>
EffSquared: Here's a tiny module you can look at: nixpkgs/nixos/modules/services/ttys/gpm.nix -- scroll to the bottom (the config = ... bit) to see how a simple systemd service might be created using the systemd module. :)
<srhb>
(Completely arbitrary example with not too many lines)
<Taneb>
How likely is GHC 8.4.4 to be backported to nixpkgs 18.09?
<srhb>
Taneb: Quite.
jtojnar has joined #nixos
patrl has joined #nixos
<__monty__>
Would be pretty shocking if a month old distro wasn't updating a compiler with a major bug.
<srhb>
__monty__: Are you talking about the enum bug? Is that not 8.6.x?
Izorkin has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
hyper_ch2 has quit [Ping timeout: 256 seconds]
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
<__monty__>
Ah, I was. Thought this release was prompted by that. Looking at the release notes though, several serious bugs in `text` were fixed and a serious bug regarding LLVM code generation related to floating point expressions.
<__monty__>
So I should have said s/a major bug/some serious bugs
<ivan>
where does nixpkgs enable hash-based pycs for python?
<leotaku>
Can anyone here tell me what the difference is between emacsPackagesGen/Ng/NgFor/NgGen?
<rawtaz>
spelling, for sure
<rawtaz>
but i have a tingling suspicion there's more to it
<leotaku>
Most tutorials online seem to recommend using Melpa, should I just go with emacsMelpa then?
<infinisil>
> viewSource emacsPackagesGen
<{^_^}>
value is a function while a set was expected, at (string):182:32
<sphalerite>
leotaku: emacsPackagesFor (emacsPackagesGen is an alias for it) is the function which, given an emacs, generates the legacy package set for it
<sphalerite>
leotaku: emacsPackagesNg is probably what you want
Izorkin has joined #nixos
<sphalerite>
leotaku: it includes all of melpa AFAIU
camsbury has joined #nixos
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
haitlah has joined #nixos
haitlah has left #nixos [#nixos]
Izorkin has quit [Client Quit]
Izorkin has joined #nixos
haitlah has joined #nixos
<haitlah>
Heyaaa guys
sir_guy_carleton has joined #nixos
<haitlah>
Trying to mess with NixOS again
<srhb>
Careful, or NixOS will mess with you!
<haitlah>
Any help would be appreciated. I would like to have a derivation which would be a postgresql database frozen
<haitlah>
I mean having the DB right in the store
<haitlah>
I managed to have my derivation working (having my postgres running inside my installPhase)
<haitlah>
But my binary that populate the db needs access to internet
<haitlah>
And fail miserably
<srhb>
haitlah: Is the source file stable?
<srhb>
As in, whatever it fetches from the internet.
<haitlah>
srhb: What do you mean by stable
<srhb>
haitlah: Whether you can fetch it in a way so that it's always bit-for-bit identical.
<srhb>
haitlah: If so, you can just use the regular fetchers to get it.
<haitlah>
Yup I could but the binary is defined by the parameters I give to the binary
<srhb>
haitlah: Otherwise, you're not allowed to use the network (with sandboxing on, which I really caution against disabling)
<srhb>
haitlah: Can't you use the regular fetchers and point your binary at the local artifact?
<haitlah>
srhb: So the best practive would be to have a derivation of my zip and using it directly with the binary
<srhb>
Yes.
<haitlah>
srhb: the binary is locally saved yes
<haitlah>
So I run my binary first and nix build after
<haitlah>
Giving it the path
<haitlah>
That is better ?
<haitlah>
Btw why don't we have access to internet if the fetchers have
<adisbladis>
haitlah: Because networking is an impurity, it would make every build possibly non-reproducible.
<haitlah>
adisbladis: okay, so the fetchers have a restricted acces which is considered as deterministic thanks to the sha256 etc ?
<gchristensen>
exactly. anything can have network access as long as it can tell Nix exactly what it will produce (by sha256 etc)
<adisbladis>
haitlah: Yes. It's called a fixed-output derivation. The sha256 in the case of sources is the exact expected sha of the output
<haitlah>
ok guys thanks again for your precious help like always
patrl has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @alyssais opened pull request #48664 → postgresql11: init at 11.0 → https://git.io/fxVWR
<sphalerite>
haitlah: on-disk representation of the database is very likely to be non-deterministic, which isn't disallowed, but is undesirable
<sphalerite>
haitlah: generating SQL deterministically as your output might be better
<sphalerite>
up to you of course though :)
<{^_^}>
[nixpkgs] @zimbatm pushed to release-18.09 « Merge pull request #48650 from marsam/feature/update-ruby »: https://git.io/fxVW9
<leotaku>
sphalerite: What does "legacy package set" mean?
<sphalerite>
leotaku: what we had before the auto-generated MELPA package set
<haitlah>
sphalerite: the on-disk won't interfer with the store hash no ?
jperras has joined #nixos
<haitlah>
sphalerite: I don't mind having some differents bits, the database is static and take some 30 mints to build, i'd like to have it stored for cross projects build in the CI
<gchristensen>
haitlah: it won't, but it can be nice to be able to know your build is deterministic :)
<sphalerite>
^
<sphalerite>
yeah it won't break anything, just that it's nice to be able to build the same thing in two places and get the same result
<haitlah>
Well, then nixos is not deterministic at all since you don't write a same store twice in the same place in the disk
<sphalerite>
since they're (hopefully) still semantically equivalent I suppose it's not that much of a worry with your thing
<haitlah>
:trololol:
<sphalerite>
haitlah: the files are the same though ;)(
<sphalerite>
which is what matters
<sphalerite>
well, actually not all of nixos is deterministic
<haitlah>
Yeah I know you're right
<sphalerite>
but we try :D
<haitlah>
nixos is awesome
<haitlah>
I believe in it
<haitlah>
i will be helping when comfortable enough
<gchristensen>
wonderful :D
jabranham has joined #nixos
iyzsong has quit [Ping timeout: 252 seconds]
<sir_guy_carleton>
hmm, upgrading to jellyfish seems to have broken steam-run, saying it cannot find drivers, although steam itself runs fine
<tilpner>
The search never really worked for me, I prefer whitequarks version
sir_guy_carleton has quit [Quit: WeeChat 2.2]
<tilpner>
(The one hosted at the location mentioned in the topic)
<rawtaz>
"we have come to realize that publishing peoples conversations in rooms they explicitly chose to join is not the right thing to do, so we have decided to shut down the service." - nice!
<Cheery>
also, I get that the /nix/store contains scripts, and you got commands and things there.. for different builds
<Cheery>
yet you don't have docs for those?
<Cheery>
for ex. the autotools have been generalized.. I guesss. Also makefile builds
<gchristensen>
those are part of Nixpkgs, not Nix
Acou_Bass has quit [Ping timeout: 268 seconds]
jabranham has joined #nixos
o1lo01ol1o has joined #nixos
<o1lo01ol1o>
is there a canonical way / path for a "shared" folder? Ie, someplace to which I could point NIX_PATH in order to impurely provide some credentials to various users?
<Cheery>
gchristensen: all right.. they seem to be there
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fxV0q
erasmas has joined #nixos
mayhewluke has quit [Ping timeout: 252 seconds]
mayhewluke has joined #nixos
justbeingglad has joined #nixos
justbeingglad has left #nixos [#nixos]
<catern>
is it still possible to use a shell script to describe how to do remote builds?
<catern>
Requiring that the build be orchestrated by ssh is... highly limiting
<o1lo01ol1o>
can someone remind me of the syntax to run something as a user?
tilpner has quit [Remote host closed the connection]
endformationage has joined #nixos
<brodul>
Hi, I am debugging something
<sphalerite>
catern: I don't think it is. You'd probably have to do a remote store implementation as a nix plugin. Or maaaaaybe you can do some trickery to make it talk to a "fake" daemon
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-texmath: drop obsolete override »: https://git.io/fxVzt
<sphalerite>
catern: usually just nix-instantiate shell.nix is enough, but some stuff nastily uses IN_NIX_SHELL (often through lib.inNixShell)
<catern>
sphalerite: I think you misunderstand what I'm asking
amfl has quit [Ping timeout: 246 seconds]
<catern>
when I run "nix-shell" on a normal derivation, I get output which is different from running "nix-build"
TweyII has quit [Ping timeout: 272 seconds]
<catern>
specifically I get put into a shell is the most obvious different, but also the build isn't actually run :)
<catern>
I assume that shell's environment is built up through a Nix expression right?
sir_guy_carleton has joined #nixos
<catern>
in which case, how do I run nix-instantiate on the Nix expression that builds up the environment for the shell which is run by nix-shell?
<sphalerite>
catern: yes, but that expression isn't any different from the one that gets built
<sphalerite>
catern: i.e. if you do nix-shell '<nixpkgs>' -A hello it's literlaly just the env vars from the hello derivation that get used
<catern>
sphalerite: yes, but nix-shell must be doing something additional to the expression
<catern>
i.e. nix-shell can't just be running nix-instantiate or nix-build on that expression
<catern>
ok let me be more concrete
<sphalerite>
it realises all the drv's dependencies and spawns a shell whose environment contains all the variables defined by the drv
<catern>
a file called "with import <nixpkgs> {}; stdenv.mkDerivation { name = "foo"; buildInputs = [ patchelf ];"
<sphalerite>
s/called/with the contents/ I presume
<catern>
urgh: with import <nixpkgs> {}; stdenv.mkDerivation { name = "foo"; buildInputs = [ patchelf ]; }
<catern>
in package.nix
<catern>
I run "IN_NIX_SHELL=1 nix-instantiate package.nix", then nix-build on the output
TweyII has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<catern>
I get a build failure because I didn't specify src
<catern>
I run nix-shell package.nix
<catern>
I successfully enter a shell containing the variables for that drv
<catern>
1: Is it true that this shell is built using a Nix expression? 2: How do I get the Nix expression describing that shell?
<catern>
The Nix expression describing that shell can't be exactly the same as what's in package.nix, because package.nix fails to build - it must be some additional processing over package.nix
<sphalerite>
no it literally just looks at the drv, realises all the dependencies, and spawns bash with some extra rc stuff
<catern>
Oh :(
<sphalerite>
the drv never gets built for nix-shell
<catern>
I know that this stuff is package-dependent because, for example, Python packages run python setup.py develop
cmacrae has quit [Remote host closed the connection]
<catern>
So it must be doing more than just "nix-instantiate package.nix; look at the low level derivation and iterate over all the inputs and realise them all; put them all in the environment"
<sphalerite>
in this case it'll be the shellHook defined by the python stuff
<sphalerite>
oh yeah and the hardcoded stdenv setup
<sphalerite>
🙈
<catern>
wow it is actually just doing that :(
<catern>
Disappointing :)
<catern>
Wouldn't it be more principled to build a derivation on the fly describing the shell?
<catern>
I think that would be more flexible...
<sphalerite>
yeah. You could even implement it on top of nix
<catern>
like, maybe nix-shell could then just build "(expression).shell"
<sphalerite>
nix-shell-ng
<catern>
and then source the contents
<catern>
(or execute the contents I guess)
<catern>
I guess at some point of genericness it becomes "nix run, but it also knows how to run what you built"
<Cheery>
mm.. I was thinking about one thing. If I need to get custom builds or custom config for the system, and it happens to fit into the /nix/store -thing.. I can?
<Cheery>
it felt like packaging of stuff didn't need to be shared, when I tried this.
haitlah has quit [Remote host closed the connection]
<bpye>
I would like to use NixOps but I think I'll settle for just getting NixOS installed first as my first target is just my home server
<sphalerite>
bpye: it generally has the ability to build disk images, and by the looks of it there are specific modules for buildign images suitable for deployment to azure, brightbox, ec2, GCE, parallels, qemu (this one definitely works well), virtualbox, vmware and xen
jabranham has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
<bpye>
sphalerite: Are there docs for that? I would be interested to try and build a suitable image for the DigitalOcean custom images feature...
Itkovian has quit [Read error: Connection reset by peer]
<Cheery>
actually.. I think I say that I like this.
<bpye>
Although with DigitalOcean it is possible to avoid cloud-init and just pull from their metadata service, it's straight forward enough and has endpoints that will provide you hostname and ssh public keys and such seperately
<Cheery>
it's not entirely like it should be, but it's toward a better direction
<Cheery>
and it's clear when I tried it. The thing just pumped itself up. inflated up like a balloon
<Cheery>
instead of inflating up like a corpse and then deflating.
<Cheery>
which means that it probably takes less effort to maintain this system.
Ariakenom has joined #nixos
orivej has quit [Ping timeout: 272 seconds]
<Cheery>
there was a guy badmouthing nix, but he proposed funtoo as a substitute, then I checked what funtoo is
<catern>
sphalerite: btw about build hooks, so you said the build hook mechanism is removed, should this be closed then? https://github.com/NixOS/nix/issues/1221
<{^_^}>
nix#1221 (by edolstra, 1 year ago, open): Remove the build hook mechanism
mmercier has quit [Quit: mmercier]
TweyIII has joined #nixos
<sphalerite>
catern: actually no, the build hook mechanism is still there
<sphalerite>
it's just not necessary for plain distributed builds anymore, because of the ssh-ng store
<catern>
huh, but then how does one actually hook into it?
<catern>
NIX_BUILD_HOOK has been removed from the nix source
<sphalerite>
using the build-hook setting
<sphalerite>
in nix.conf or on the command line
<sphalerite>
by the looks of it.
<catern>
aha, I see, thank you
* sphalerite
needs to reduce the frequency of punctuation newlines
<sphalerite>
don't want to get Sigyn'd!
<hyper_ch>
I didn't know there was a shortage of newlines
<o1lo01ol1o>
okay: nix-build (...): Can't open user config file /root/.ssh/config: No such file or directory. however, /root/.ssh/* is -rw-r--r-- and StrictHostKeyChecking=no in the config. Why can't that directory be found by whatever is running the build?
<cransom>
sandbox.
<o1lo01ol1o>
am I in sandbox? nix-info: system: "x86_64-linux", multi-user?: yes, version: nix-env (Nix) 2.1.3, channels(root): "nixos-18.09-18.09.892.c06f5302f63, nixpkgs-19.03pre155263.20c4986c4dd", nixpkgs: /root/.nix-defexpr/channels/nixpkgs
<o1lo01ol1o>
and NIX_PATH includes ssh-config-file=/root/.ssh/config
<cransom>
`nix show-config | grep sandbox`
<o1lo01ol1o>
ahhh, yes, i am in sandbox!
<o1lo01ol1o>
so how can I get that ssh config to whatever needs it?
<o1lo01ol1o>
cransom: is that possible?
<cransom>
you'll have to turn it off. especially if your derivation is trying to ssh somewhere.
<o1lo01ol1o>
are there major effects of that? like will hydra become super complex?
Acou_Bass has joined #nixos
<cransom>
you technically lose purity enforcement since jobs can get to pays outside of the store
<o1lo01ol1o>
right, ok.
<cransom>
s/pays/paths/
<o1lo01ol1o>
so if I pass --no-sandbox to build I get : Can't open user config file /root/.ssh/config: Permission denied
<o1lo01ol1o>
and if I chmod 777 on that directory it's still denied.
<o1lo01ol1o>
cransom: should I symlink those keys somewhere? I thought they could be world readable (644)?
<o1lo01ol1o>
or can they not be owned by root slash in /root ?
elgoosy has joined #nixos
effsquared has joined #nixos
<cransom>
can non root users even look at files in ~root?
<o1lo01ol1o>
well, is there a good "shared" - ish place to put them?
<cransom>
the store.
Thra11 has joined #nixos
<o1lo01ol1o>
lol, i guess that should be obvious, how would one do taht?
effsquared has quit [Remote host closed the connection]
effsquared has joined #nixos
lostman has quit [Quit: Connection closed for inactivity]
<eacameron>
Does --builders not work for configuring remote builders on macOS anymore?
<eacameron>
It used to work but after using newer install of nix on macos it's like nix-build completely ignores it.
<catern>
are there any standard techniques for speeding up nix-instantiate? I have a large number of nix files which I want to run instantiate on
<catern>
they all should use the same copy of Nixpkgs
<catern>
do I have to just, generate a file importing them all into a set and then instantiate that?
<catern>
or importing them all into a list I guess is neater
<catern>
also, is there a way to do nix-instantiate specifying a store URL?
TweyIV has joined #nixos
sigmundv__ has quit [Ping timeout: 272 seconds]
<sphalerite>
catern: nix-instantiate --store foo
<sphalerite>
catern: note that instantiating with remote stores is horrendously slow, since it goes through the connection's latency for each individual drv
<sphalerite>
if you're instantiating the whole of nixos for example, it's no fun at all
TweyIII has quit [Ping timeout: 272 seconds]
<sphalerite>
catern: but yes, putting everything in one file ought to improve evaluation performance by making use of the import cache
<catern>
hmm I see, I don't know if I can avoid instantiating with a remote store here
<catern>
I don't see why nix-instantiate needs to go to the remote store for every single drv - you mean every single drv in the expression tree right?
<catern>
like, if the top-level high-level-derivation evalutes to low level derivation X, and derivation X is in the remote store, shouldn't there be only a single round trip to check that X is in the remote store?
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fxVyh
grokkingStuff has joined #nixos
reinzelmann has joined #nixos
<grokkingStuff>
So I'm trying to install NixOS on my surface pro using the livecd. Keep getting issues regarding the creation of symlinks and chmodding it isn't a permitted operation
<grokkingStuff>
Which channel do I go to?
<catern>
sphalerite: oh argh I see now, from reading the thesis it's clear that given the evaluation model of Nix, instantiate's side effect of putting things in the store, happens from the "bottom up", not from the top-level expression down
<sphalerit>
catern: yep because everything about the inputs needs to be known to compute the drv hash
<catern>
sphalerit: yes, but the side effect of checking the Nix store could be done lazily
<catern>
er, the side effect of putting the low level derivation in the Nix store, I mean
<jluttine>
anyone using zsh-prezto in nixos? i'm wondering how to install it.. i did "nix-shell -p zsh-prezto" but there's no zsh available.. how to start using it?
<catern>
i.e. it could be delayed until the actual Nix evaluation (which is cheap) was completely finished
<catern>
then you'd save a bunch of time because you wouldn't have to put things in the store if they were already there
<{^_^}>
[nixpkgs] @Mic92 pushed 4 commits to release-18.09: https://git.io/fxV9m
<catern>
hmm, which raises the question: is there a way to do a "pure" nix-instantiate which does not actually touch the store?
<catern>
but *does* "instantiate" low level derivations into their true form - just doesn't put them into the store
<sphalerit>
catern: oh yeah true
sir_guy_carleton has joined #nixos
<sphalerit>
catern: ought to be possible! Though I don't think there's any existing code for it
<catern>
I wonder how much of a speedup for general evaluation speed that would give?
<grokkingStuff>
hey guys, is there a channel to help noobs install nixos?
<catern>
hm actually, here's an even more direct concept
<catern>
instead of using a remote store, just run nix-instantiate with a store in ~/mynix or whatever - a local filesystem store owned by you - and then as a followup do a nix-copy to the remote store
<{^_^}>
[nixpkgs] @veprbl opened pull request #48674 → MCFM: init at 8.2 → https://git.io/fxV9S
<catern>
and then that suggests a further optimization: an "in-memory store" which is only dumped to disk as a single-file at the end of evaluation
<sir_guy_carleton>
grokkingStuff: i think this is it, unless i'm mistaken
<grokkingStuff>
awesome, so i'm in the right place
<catern>
if you did nix-instantiate with an in-memory store which was dumped to disk at the ened (or probably to stdout or whatever), and then nix copy'd that to your real store, I think that might have a speedup
TweyIV has quit [Ping timeout: 252 seconds]
<bgamari_>
gchristensen, does Nix use Packet.net iSCSI block storage service?
<gchristensen>
bgamari_: I don't know if anyone has used iSCSI block storage on Packet with NixOS... are you in need? if yes, we could PM.
<bgamari_>
gchristensen, indeed I am
<clever>
ive also done iscsi locally
<gchristensen>
clever: can you send me info about that?
<clever>
i believe that daemon is responsible for handling reconnects
<hodapp>
initrd? there's a term I rarely see anymore
<betaboon>
infinisil: remember my question yesterday about automatically assigning ports to services within a range?i tried to adopt your suggestions. which somewhat works. but ofc i cant access those assigned ports from anywhere else. any suggestions ?
pie_ has quit [Read error: Connection reset by peer]
<clever>
gchristensen: i was also using sanboot in ipxe, to perform a legacy boot against the MBR of an iscsi device
pie__ has joined #nixos
<clever>
gchristensen: and ipxe rewrites the legacy bios api, so when grub tries to read the "local" hdd, iscsi is used instead
<clever>
so grub doesnt even know its a network boot situation
<gchristensen>
this is great, thank you
<clever>
iscsistart is a special staticly linked binary, that deals with connecting the kernel module, without a long-term daemon
<clever>
i initially wrote that for my rpi's because of nfs trouble, and /boot was on the SD card
<clever>
and i later ported it to my laptop, which had grub in the MBR of the iscsi device, and nixos made it trivial to apply the same module to an entirely different arch
<infinisil>
betaboon: If you have this port option declared as a nixos option it should be accessible from elsewhere via the `config` argument
patrl has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
trevorriles has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
vaibhavsagar has quit [Read error: Connection reset by peer]
vaibhavsagar has joined #nixos
<drakonis1>
okay so, i need to upgrade the system packages
<drakonis1>
i can only do that with a rebuild right?
<o1lo01ol1o>
what's the system default NIX_PATH value?
<drakonis1>
gotta enable the nvidia beta drivers
<aleph->
So was just curious is there any way to run bundix in a derivation and then import it? So I can import my gems, run bundix and create my gemdir and then set my gemdir in the next step when actually packaging my ruby app?
<sir_guy_carleton>
in the steam-run fhs, where are dri libraries?
<bgamari_>
it would be nice if there were a convenient way to temporarily disable ACME
<bgamari_>
and rather just use a self-signed certificate in its place
<betaboon>
kalbasit[m]: are you refering to the possibility of defining modules yourself?
<kalbasit[m]>
betaboon: yes
<kalbasit[m]>
if you look under modules in my repo. Both nixos and home are defined as modules controlled by the config.mine options
<betaboon>
kalbasit[m]: I'm talking about the following scenario: i have a module which allows enabling N services. i want those N services to have unique ports assigned.
amfl_ has quit [Quit: WeeChat 1.6]
<infinisil>
Actually this port assigning might be a bit more trouble
<infinisil>
I'm thinking of infinite recursion
amfl has joined #nixos
<betaboon>
infinisil: yeah that's somewhat my feeling as well
<kalbasit[m]>
betaboon: oh. something like automatic ports assignment?
<betaboon>
kalbasit[m]: correct
<kalbasit[m]>
betaboon: not sure if that's doable or even good to do. I would just write an assertion on the config to make sure the ports are unique so the build would fail if the ports conflict
<betaboon>
infinisil: as long as i don't have to access those assigned port from outside my module your proposed solution works fine
<infinisil>
So the real problem here is: Assigning different port for each service is a stateful action, but the NixOS module system doesn't have anything to handle state
<infinisil>
And everything that tries to work around this might give infinite recursion
<sphalerite>
infinisil: what about a system like the uid/gid mapping?
<infinisil>
sphalerite: Yeah that would work, but then it's not automatic anymore
<clever>
systemd is already able to auto-generate a uid for services, which it will destroy at service shutdown
<sphalerite>
infinisil: I bet systemd has a feature for it! :p
<infinisil>
Oh, the ports need to be static though
<infinisil>
not at runtime
<infinisil>
at NixOS eval time
<betaboon>
yep. they need to be static at eval-time
<infinisil>
Something that would work is
<clever>
you could have a list like config.portmappings = [ foo ];
<infinisil>
Declare your services outside the module system and import them all at once while assigning ports to them
<clever>
and then at some point in the eval, you iterate over the list, and give each a unique number, based on what else is in the config
<clever>
and let lazyness figure it out
<betaboon>
clever sphalerite you could take a look at the gist i posted. that demonstrates what i am trying to achieve
elgoosy has quit [Remote host closed the connection]
rmra has joined #nixos
<infinisil>
betaboon: My suggestion is: Go for the out-of-module-system thing. Has a bit less flexibility, but it might be the only way
<betaboon>
infinisil: i guess that will not work in my situation as i am actually in the following situation: i have N services and M hosts, each of those host might run any combination of services.
patrl has quit [Ping timeout: 252 seconds]
<betaboon>
infinisil: and yeah currently N <= 50 M<=100. so it might work. but there is a point where it doesnt
<infinisil>
Ohh I might have the solution
<sir_guy_carleton>
hmm, it looks like my copy of steam-run isn't properly linking to the libraries, even though it is in steam-run-fhs in the nix store, any ideas on what is happening?
mayhewluke has quit [Ping timeout: 245 seconds]
<infinisil>
betaboon: `mkOption { ...; apply = merged: <transformation that assigns ports for services whose port is null>; }`
<gchristensen>
clever: multipathd is segfaulting :(
<gchristensen>
but it doens't even realize it until I ctrl-c it
<infinisil>
betaboon: `apply` is a function that gets applied to the result after merging, but before it appears in the final `config`
mayhewluke has joined #nixos
<aminechikhaoui>
Hi, I was trying to use a 32 bit javaws from the pkgsi686Linux.ipmiview pkg but not sure why ldd shows a missing libX11 lib eventhough I can see it's in the RPATH
<gchristensen>
[1302470.199503] multipathd[3280]: segfault at 1c00001 ip 00007f1ae01b7476 sp 00007ffcceb3b870 error 4 in libmultipath.so.0[7f1ae01a2000+43000]
endformationage has quit [Ping timeout: 268 seconds]
<betaboon>
infinisil: lemme try
<drakonis1>
i set my video driver to nvidiaBeta then tried a rebuild but then it didn't work
<betaboon>
TIL: about the apply-function of mkOption :D thanks infinisil
<{^_^}>
[cabal2nix] @peti pushed to master « stack: choose production build flags for this package »: https://git.io/fxVAv
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fxVAs
chreekat has joined #nixos
kiloreux__ has joined #nixos
<infinisil>
Glad I could help :)
<infinisil>
That's probably the most legitimate usage for apply I've ever seen
<betaboon>
infinisil: knowing about that makes alot of things way nices. eg assigning a stateDir based on the service within a defined directory
plakband has joined #nixos
<infinisil>
That however is probably better solved without apply
<betaboon>
infinisil: how come ?
<infinisil>
But rather with a `config` section (in the submodule) where you set an option based on another one
kiloreux_ has quit [Ping timeout: 252 seconds]
<infinisil>
The reason we needed apply is because it needs to get the view of all the submodule attrs at once and the decision for each of them could depend on each other.
<plakband>
My spotify has been broken since 18.09, giving a missing "swrast_dri.so" error. Has anybody else run into this and solved it? It doesn't appear to be fixed by enabling opengl.driSupport32bit or adding a mesa package.
<infinisil>
But just a single option in a submodule that depends on another option in the submodule doesn't need that
<infinisil>
The disadvantage of using apply is that you have no idea what the defaults are (and it indeed doesn't make any sense to have a default in your case)
<infinisil>
You don't have that disadvantage if you use a config section with mkDefault
elgoosy has quit [Read error: Connection reset by peer]
<infinisil>
So I encourage to use that wherever possible
JosW has joined #nixos
<infinisil>
And only use apply where you have a scenario such as the port one
<betaboon>
infinisil: I'm thinking about this case: define a base directory on the module-level (eg /var/lib/mymodule) which gets extended based on the service-name (eg /var/lib/mymodule/service1) while keeping the possibility of the directory being explicitly assigned for specific services (eg mymodule.datawhore.stateDir = /mnt/verybigdisk) !?
<infinisil>
Yeah that's totally possible without apply
elgoosy has joined #nixos
<infinisil>
betaboon: `types.submodule ({ name, ... }: { ... })` will result in name being the name of the attribute of the service
<betaboon>
infinisil: was just about to ask exactly that :D
robstr has joined #nixos
<betaboon>
infinisil: what would be your opinion on the following case: have an option `openFirewall` on the module and the service-level, where the service-level takes precedency?
<infinisil>
betaboon: Can be implemented either by having a default value `null` on the service-level signify an unset value, or some fancy module level things
<infinisil>
(no need to use apply for that though, if you're asking because of that)
<betaboon>
yeah that was the intention of the question
<infinisil>
firewall.allowedTCPPorts = map (s: if isNull s.openFirewall then cfg.openFirewall else s.openFirewall) config.mymodule.services;
<betaboon>
but yeah. no need for apply as there would be no need to get the effective value of that option somewhere else, other from the implementation of the module itsel, right ?
<infinisil>
firewall.allowedTCPPorts = map (s: if isNull s.openFirewall then cfg.openFirewall else s.openFirewall) (attrValues config.mymodule.services);
<plakband>
infinisil: thanks, I'll open an issue
<infinisil>
betaboon: Yeah something like that
goibhniu has quit [Ping timeout: 272 seconds]
<betaboon>
infinisil: thank you very much for the insight :)
<infinisil>
:)
sauyon has joined #nixos
Thra11 has quit [Ping timeout: 250 seconds]
<robstr>
Hey, I'm using `builtins.fetchGit`, is there a common way to add `callPackage` to a specific file inside the result ? I'm building a vm and want to add the derivation of a repository, not the content
<gchristensen>
let mything = builtins.fetchGit; in pkgs.callPackage "${mything}/foo.nix" {}...sure
<sauyon>
would it be possible to somehow prevent applications compiled with fdr as a dependency from using the library shipped with fdr? Its libstdc++ doesn't have CXXABI_1.3.9.
<{^_^}>
[nixpkgs] @Infinisil pushed 3 commits to release-18.09: https://git.io/fxVpH
<clever>
robstr: fairly common
plakband has quit [Quit: WeeChat 2.2]
<gchristensen>
it would be strange to embed the fetchGit directly in the string
<infinisil>
sauyon: Overlays can override something for everything else
<robstr>
gchristensen: you mean like it is done in the example from clever ?
grumble has quit [Quit: Didn't like XP. Going back to Win 2k for my IRC VM. It's bigger, it's bolder, it's rougher, it's tougher. In other words, sucker, there is no other!]
<gchristensen>
yeah, but see my message before
<infinisil>
sauyon: So e.g. if you set `fdr = null;` everything using fdr would fail to build, transitively
<robstr>
gchristensen: whup haven't seen it thanks
boogiewoogie has joined #nixos
<sauyon>
I'm actually trying to use the fdr library, and kind of hoping that the new libstdc++ is ABI-compatible
<infinisil>
sauyon: I'm not sure I understand the library problem, what exactly is the problem?
<sauyon>
./blah ... /nix/store/...fdr-4.2.3/lib/libstdc++...: version: 'CXXABI_1.3.9' not found
<sauyon>
linker is linking against the libstdc++ included with the fdr package
grumble has joined #nixos
grokkingStuff has quit [Quit: grokkingStuff]
<sauyon>
I could probably go into the gcc wrapper and manually move around linker flags but that seems like a poor way to do it
<Izorkin>
How to replace variant - ++ optional disableIPv6 [ --disable-ipv6 ]; to new variant with stdenv.lib.enableFeature
Aerobit has joined #nixos
<Aerobit>
hey all! i'm having a hard time writing a derivation for an open-source package. it has an AUR PKGBUILD, which I'm trying to use for reference, but I'm not quite sure where files should go with nix - binaries go in $out/bin, but what about .desktop files and things in /share?
<infinisil>
sauyon: Hmm not sure, but if you know how to override it to fix it, then an overlay will work
<infinisil>
Izorkin: Read the docs to enableFeature
<{^_^}>
[nixpkgs] @Izorkin opened pull request #48678 → znc: add option to enable unicode support → https://git.io/fxVjV
<clever>
Aerobit: also, if you documentation.info.enable = false; then systemPackages may omit the $out/share/doc paths
<infinisil>
Izorkin: Try the function out in nix repl
<infinisil>
Should give you an understanding of how it works
<clever>
the same for documentation.man.enable, which also requests $out/share/doc, lol
<clever>
so you would have to disable several options to get rid of doc!
<infinisil>
Izorkin: nix repl '<nixpkgs/lib>'
<Izorkin>
ok
justan0theruser has quit [Ping timeout: 244 seconds]
Aerobit has quit [Quit: WeeChat 2.2]
<drakonis1>
i'm starting to think that i'm building the entire linux kernel atm just for webkit
<sauyon>
sounds about right
effsquared has quit [Ping timeout: 245 seconds]
<robstr>
Whats the way to pass a file to `nix-build` and copy it to a specific point (I'm building a vm and want to copy a config file to the users home directory)? Do I need to create a new derivation ?
<{^_^}>
[nix] @KaiHa closed pull request #2375 → Set NIX_REMOTE to unix-socket path; fixes #2372 → https://git.io/fAmSs
<robstr>
gchristensen: I have a build process creating a nixos vm and I want to copy a specific configuration file on this machine. Do I need to create a `stdenv.mkDerivation` or is there something like copyTo ?
<gchristensen>
hmm not sure what to say, builds can't do things like copy files to arbitrary places, just to one place.
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
robstr: the only thing a derivation can copy to is $out
<clever>
robstr: it will never be able to write to /home
<robstr>
ok, this works too, thank you
<auri_>
Hello! Can I ask questions about cabal2nix here, or should I go to #nixos-dev?
<sphalerite>
auri_: here is good
<auri_>
Oh, thanks. I can't figure this weird issue with hpack and cabal2nix
<auri_>
every time I run a build hpack complain about the cabal file being modified
<auri_>
so I have to modify the generated expression to contain --force in preConfigure
<auri_>
I tried outputting the cabal file by calling a script from preConfigure
<auri_>
no changes at all
judson has joined #nixos
robstr has quit [Ping timeout: 256 seconds]
<judson>
I'm trying to get a dnscrypt-proxy setup going that I'm happy with. My current frustration is that NetworkManager wants to run dnsmasq, but I want to run a dnsmasq that I can configure.
<judson>
I read that there's a way to configure NM's dnsmasq with a config dir. Maybe just splatting into environment.etc is enough?
<sphalerite>
judson: um. Never mind me, that was my sleep-deprived brain misreading dhclient as dnsmasq…
<sauyon>
so I solved my issue by just deleting the libstdc++ that's bundled with fdr4 - should a change like that be merged? I don't really like the way that FDR ships all of its shared libraries, but I'm not sure what a solution would be.
<sphalerite>
sauyon: yes that sounds sensible. I'd suggest ccing the maintainer if any
<sphalerite>
>fdr.meta.maintainers
<sphalerite>
> fdr.meta.maintainers
<{^_^}>
[ <CODE> ]
effsquared has joined #nixos
<sphalerite>
> lib.elemAt 1 fdr.meta.maintainers
<{^_^}>
value is a list while an integer was expected, at (string):202:1
nadley has quit [Remote host closed the connection]
<sphalerite>
> lib.elemAt fdr.meta.maintainers 1
<{^_^}>
list index 1 is out of bounds, at (string):202:1
<clever>
o1lo01ol1o: last time i looked into that kind of problem (before getting into nixos), i read that you must have a darwin machine signing the binary after it has been compiled
<infinisil>
Izorkin: Looks fine to me
<clever>
o1lo01ol1o: because apple has to be apple :P
<o1lo01ol1o>
gotcha, so basically need a build machine with osx running the nix shell
<clever>
o1lo01ol1o: yeah
<drakonis1>
you can also set up a osx vm to build it up
<drakonis1>
if you're into breaking the eula
<clever>
i was using macincloud.com at the time to get my ios app built
<o1lo01ol1o>
would an aws AMI break EUlA?
<drakonis1>
to be honest
<drakonis1>
who knows
<clever>
o1lo01ol1o: the only legal way to run macos, is on mac hardware
<o1lo01ol1o>
ah, ok then
<clever>
a vm on linux on mac hardware is "ok"
<clever>
run500: curretly building the above setuptools...
<run500>
clever: interesting, different error. i got it compiling by adding buildPackages.python to nativeBuildInputs and invoking ${buildPackages.python.interpreter} in installPhase
<run500>
it seems in general python packages do not support cross compile
judson has quit [Remote host closed the connection]
<jabranham>
Anyone run nixos on a raspberry pi 3? How's the experience? Thinking about converting my little pi server to nixos.
<clever>
run500: my cheat half works, https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix and qemu-user.aarch64 = true; allows me to run aarch64 binaries on my x86 machine, so when the cross-compile screws up and tries to run the arm python, it "works"
<clever>
run500: but that arm python cant `import io`, so the build fails
<{^_^}>
[nixpkgs] @xeji pushed commit from @dtzWill to master « radiotray-ng: 0.2.3 -> 0.2.4 (#48670) »: https://git.io/fxwOm
astronavt has quit [Quit: Leaving]
<grp>
I have a service I'm giving a .conf file that gets automatically copied to the store. However, I need that conf to reference pkgs.whatever/bin/somebinary for a hook. How should I do that? I thought of using substituteInPlace, but seems I need to define a derivation for the conf file, or is it another way to do it?
Growpotkin has joined #nixos
<Growpotkin>
Has anyone gotten hdevtools to play nicely with nix-shell?
<Growpotkin>
Mine is always trying to reference the system-wide cabal instead of whatever I have going on in my shell.
<o1lo01ol1o>
I have some ssh configuration files (keys, known_hosts, etc) in a non-root user's directory. They are set to 644, appended to the NIX_PATH, and owned by the non-root user. However, my build --no-sandbox fails to have permissions for the config: Can't open user config file /home/foo/bar/config: Permission denied. However, the root user, who's ssh config points to the same keys, can clone the repository without a problem. How can I make
<o1lo01ol1o>
the builders have access to these configs?
<clever>
o1lo01ol1o: you want to use builtins.fetchGit now, its a lot safer and simpler
<o1lo01ol1o>
clever: I can't, this is a complex nix deployment. It works on another nixmachine, just none of the one's I seem to setup.
<clever>
o1lo01ol1o: are you calling toString anywhere?
<o1lo01ol1o>
clever: I've done nothing to the (elsewhere working) default.nix. There may be some toString usages in there somewhere.
alex`` has quit [Ping timeout: 245 seconds]
<clever>
o1lo01ol1o: what exactly have you added to NIX_PATH?
<clever>
o1lo01ol1o: this is how i got fetchGitPrivate to work with ssh agents
<clever>
the trick is having a socket in /tmp that the nixbld user has permission to
<clever>
because the build runs as nixbld1, it lacks access to read /home/foo, even with sandboxing off
<clever>
but /tmp is a common shared space
<clever>
and i prefer agents, so your not sharing the key with every single build
<o1lo01ol1o>
I read that the AUTH_SOCKET requirement had been fixed and that SSH builders didn't need to declare sockets now . . ..
<clever>
that fix is via builtins.fetchGit, which runs the clone as your user, not in any sandbox or specialized user
<o1lo01ol1o>
clever: there are agents for some of these requirements (ie, ssh://git@) and fetchGitPrivate for others
<o1lo01ol1o>
Should I move the ssh files to /tmp?
<clever>
you could, but be aware that every single nix build will have permission to read those keys
<clever>
oh, and the machine where it works, is that nixos?
<o1lo01ol1o>
yes, nixos
<clever>
strange
<o1lo01ol1o>
if I have to put them where the builders can see them, they have to be world-readable, no?
chreekat has joined #nixos
<clever>
you could also make the directory owned by the nixbld group, and not be world-readable
<clever>
but basically any user on the machine can run nix-build, which then runs the user-provided commands as a member of nixbld, and they are still semi-world-readable
<o1lo01ol1o>
Yeah, I get that, but I'm not sure I can see a way around it at the moment.
<clever>
whats preventing you from using builtins.fetchGit instead?
<o1lo01ol1o>
several thousand lines of nix expressions and repositories I don't have access to beyond an ssh key.
<clever>
pre-existing ones, or ones you can only fetch with git@host?
<o1lo01ol1o>
both
silver_ has joined #nixos
<grp>
clever: I need to insert the nix-store path of a package in a conf file I'm providing a service (this conf gets thrown into the nix-store). I thought of using substituteAll or something like that but seems they are only available at the shell level, so would need to make a derivation just to install the patched conf. What's the recommended way to do this?
<grp>
(I'm giving nix the path to the verbatim conf file, which is automatically copied to the store)
strobelight has quit [Ping timeout: 246 seconds]
<clever>
grp: pkgs.substituteAll can do things for you
jabranham has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
<grp>
clever: also, is there a builtin or lib function that handles text blocks interpolation indenting? I've implemented my own to get things running, but I plan to submit a pull request soon to add a couple of modules, and I'd like to stay orthodox
<o1lo01ol1o>
clever: I chgrp'd the directory to nixbld with permissions of -rw-r--r--. Still permission denied.
<clever>
o1lo01ol1o: you need execute on directories to access files within them
<clever>
o1lo01ol1o: read only allows you to ls the directory itself
chreekat has quit [Ping timeout: 245 seconds]
<clever>
o1lo01ol1o: you also need execute on every parent up to /
<o1lo01ol1o>
clever: do the directories need any user/group ownership?
<clever>
o1lo01ol1o: you just need execute on the directories, either via the user bits (if your the owner), the group bits (if your in the same group), or the other bits (for when your not an owner or group)
<clever>
how you get execute on each dir is up to you
<clever>
since the builds can run as any member of the nixbld group, the user bits wont really work
<clever>
so you need to either use the group bits and the nixbld group, or the other bits
<o1lo01ol1o>
clever: right, I don't love giving __7 on /home/ though
<clever>
you can mix them as well, so /home and /home/foo are o+x
<clever>
you dont have to give it o+rwx
<clever>
just o+x is enough
mayhewluke has quit [Ping timeout: 250 seconds]
<clever>
so the directories can be o+x, and then the file is g+r
<clever>
but if you have any o+r files in $HOME (the default is rwxr-xr-x for me), and an attacker knows the exact name, he can read them
sauyon has quit [Quit: WeeChat 2.2]
mayhewluke has joined #nixos
drakonis1 has quit [Quit: WeeChat 2.2]
<o1lo01ol1o>
clever: and /tmp get's garbage collected, right?
<clever>
depends on the config
<clever>
`boot.tmpOnTmpfs` tells nixos to mount a tmpfs to /tmp, so all files are held in ram and lost at shutdown
<clever>
in the past, i have seen my redhat9 machine just delete everything on bootup, which has resulted in the machine hanging for 2 hours, because i rebooted it so little :P
<clever>
nixos doesnt clean it up on boot
silver_ is now known as silver
drakonis_ has joined #nixos
<{^_^}>
[nixpkgs] @danielrutz opened pull request #48687 → Add port type → https://git.io/fxwZ2
<o1lo01ol1o>
right ok. So this is all toghether not a great way to deal with these keys. I have o+x on all directories up to /home/foo/sshstuff/ and -rw-r--r-- on all the files, owned by foo and member of nixbld but i'm still getting permission denied.
<o1lo01ol1o>
wait, no, now it's no such file or directory
<o1lo01ol1o>
ok, some progress
<clever>
if its in the nixbld group, then you dont need o+r on the keys
<o1lo01ol1o>
right, just hadn't gotten around to rmoving that yet
drakonis has quit [Ping timeout: 268 seconds]
astronavt has joined #nixos
mskalski has quit [Quit: bye]
mskalski has joined #nixos
ajs124 has quit [Quit: Gateway shutdown]
effsquared has quit [Ping timeout: 250 seconds]
jedahan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<dukedave>
I'm getting a `Missing dependency on a foreign library` error when trying to use stack's nix integration. I'm a nix newbie, could anyone suggest a way to identify where the problem is? https://gist.github.com/dukedave/ba9c2ae527fee048a24f6066d306ddac
<jackdk>
but in all honesty, I gave up keeping stack well-behaved on nixos, switched to managing all deps with nix, building with cabal new-build and am much happier
<jackdk>
also I gained access to ghcjs
worldofpeace has joined #nixos
<tbenst>
gchristensen, ah I see. Is there an equivalent to /mnt/etc/nixos/configuration.nix for nix-env?
<gchristensen>
the overlay from LnL linked in that link might helpful
<dukedave>
@jackdk ah good insight, thank you. So my next trick would be to find out what nix package provides GL (I guess that's why you asked 'locate'?)
<jackdk>
dukedave: exactly. If any of those are already in your store then that's also a good indicator
<tbenst>
thanks gchristensen, that looks like what I want. So if I understand right, I would create an overlay (my_overlay.nix file), then run `nix-build my_overlay.nix`?
<infinisil>
jackdk: libGL.so is in pkgs.libGL too, nix-index has a bug that prevents it from finding that
<dukedave>
jackdk: To be sure, nixpkgs should pull in dependencies though, right?
<jackdk>
infinisil: thank you. That seems to evaluate to mesa_noglu, which has a dev output also, so I think dukedave will want libGL and libGL.dev in the config.yaml
<jackdk>
dukedave: not sure. it will certainly install the deps to teh store but I don't know if it gives you the deps in the nix-shell that stack will use
<tbenst>
I
<dukedave>
Okay, let me try that (libGL package). Can disregard my dependencies question, I thought the missing GL error was coming from opencv3, but it is not.
<tbenst>
gchristensen, thanks so much! You inferred all my mistakes correctly and got it running. :D. Do you know if theres a way to save / dump things installed by nix-env -i to this file, or is there some other workflow you would recommend?
<tbenst>
a workflow equivalent of `npm install --save-prod mypackage` if that analogy makes sense?
<gchristensen>
tbenst: there is no way to saveto it, you'll have to recreate what you have
<gchristensen>
(nix-env -q)
<tbenst>
gchristensen, I'm now getting `command not found: nix-env` after running `nix-env -f '<nixpkgs>' -r -iA userPackages`
<clever>
tbenst: nix wasnt in your userPackages list, so the -r uninstalled nix
<gchristensen>
clever: can you continue helping? I'm half way through cooking something :)
__monty__ has quit [Quit: leaving]
<clever>
tbenst: if you look in /nix/var/nix/profiles/something/profiles-something-link/bin youll find a nix-env you can use to try again with a newer userPackages
<tbenst>
haha oops :O
<clever>
gchristensen: sure, what was the problem?
<clever>
tbenst: when using that outside of nixos, you will want to add nix = self.nix; to the userPackages
vk3wtf has joined #nixos
apaul1729 has quit [Ping timeout: 268 seconds]
<colemickens>
That's sort of in the FAQ too under "How can I manage software..." https://nixos.wiki/wiki/FAQ
<colemickens>
Just interesting, I found it when searching "userPackages" to see if it was a special convention.
<colemickens>
slightly different solution
<clever>
colemickens: in the case of that gist, you are telling nix-env to install an attrset, so it will just install every attr of the set, and all will appear in `nix-env -q`
<colemickens>
That's what the FAQ entry is doing too, unless I'm severely misunderstanding.
<colemickens>
It's neat, but I just load everything into my system anyway with my nixos-configuration.nix
<clever>
colemickens: the faq is using buildEnv to merge things into a single package, and then `nix-env -q` only shows "user-packages"
<colemickens>
Oh.
<clever>
the faq also lacks a script that saves you from having to remember the magic incantation of `nix-env -iA userPackages -f '<nixpkgs>'`