<elvishjerricco>
clever: Hm. I thought the authorized key syntax just refused connections attempting a different command. Does it actually just force the specified command to be run instead of whatever the client wanted?
<clever>
elvishjerricco: it forces it to run the specified command, and ignores the command the client requested
<clever>
so the user can wind up with a serve protocol on their shell
jasongrossman has joined #nixos
<elvishjerricco>
clever: Ah. And both Hydra and vanilla Nix expect essentially nix-store --serve --write?
<elvishjerricco>
What about with --store ssh(-ng)://... ?
<elvishjerricco>
clever: Hm. The legacy one appears to use nix-store --serve though, at least. So I guess you can't support both Hydra and --store ssh-ng://
<clever>
ah, line 54 makes more ssh sessions
<clever>
oh, ssh.cc is the backend of ssh-store.cc, lol
<oldandwise>
i cloned nixpkgs. What's the right step to have my 'master' and 'release-18.09' branch in sync to upstream? I tried rebase/fetch/etc, and am getting conflicts.
o1lo01ol1o has joined #nixos
<clever>
oldandwise: the trick is to never make commits on master or release, only ever make commits on your own branches
<clever>
oldandwise: you can use `git reset --hard remotes/origin/master` to forcibly set the current branch to the upstream master, and skip the merge mess (and drop any changes you have locally)
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fxiEq
<suzu>
hey all. is there an idiom for running a script upon exit from a nix-shell?
<suzu>
i wish to do a setup/teardown when entering/exiting a nix-shell
<clever>
suzu: you could maybe use `trap EXIT` in bash, from the shellHook
<suzu>
is that a robust method of doing this?
<clever>
i think it is
<elvishjerricco>
suzu: I would almost always recommend against practice like that though
<elvishjerricco>
The environment should not be an imperative machine
<clever>
it makes it very difficult to open 2 shells to the same package
Rusty1 has joined #nixos
<suzu>
ah yeah that is true
<suzu>
so what i'm really trying to do here is: start postgres and create a database that the app under development would like to use
<clever>
the QT stuff in nixpkgs for example, creates state in the current dir, that breaks a 2nd nix-shell run
<suzu>
and i don't know how to do this elegantly
<elvishjerricco>
suzu: Yea I'd just write a script
<elvishjerricco>
nix-shell doesn't have to be the magic tool that solves all the problems. You can just do `nix-shell --run ./my-env`
<suzu>
so this behaviour doesn't belong in the nix, but rather as a script to be invoked manually during dev?
<ivegotasthma>
any clue why I cannot move my mouse cursor in a qemu virtualized nix? I installed xinit, xauth and i3, started X and the mouse is unresponsive.
<suzu>
i suppose that is fine
<elvishjerricco>
Generally that's my attitude
jperras has quit [Ping timeout: 252 seconds]
Lisanna has quit [Quit: Lisanna]
<suzu>
ok. ill do that then
jperras has joined #nixos
aleph- has joined #nixos
Lisanna has joined #nixos
Lisanna has quit [Client Quit]
<pbogdan>
what's the correct usage of haskell's infra linkWithGold? do I need to somehow pass it some additional deps as I seem to be getting link time errors?
Lisanna has joined #nixos
mayhewluke has quit [Ping timeout: 252 seconds]
mayhewluke has joined #nixos
oldandwise has quit [Quit: leaving]
silver has quit [Read error: Connection reset by peer]
sigmundv__ has quit [Ping timeout: 244 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
<Ralith>
I'm not sure it's a good idea to rely on carnix at the moment
<drakonis>
ah okay
<drakonis>
so cargo run functions correctly?
<elvishjerricco>
pbogdan: Sorry, no idea. Could you pastebin some code so I can determine whether this should be an open issue on nixpkgs?
zolk3ri has quit [Quit: Lost terminal]
<Ralith>
drakonis: cargo is designed to work in $HOME so it's pretty indifferent; you will need to write a shell expression if you want to build packages with foreign deps, of course
<drakonis>
fair
<{^_^}>
[nixpkgs] @eadwu opened pull request #48851 → networkmanager: include option for iwd backend → https://git.io/fxi2V
<drakonis>
what is foreign deps in this case?
<pbogdan>
elvishjerricco: thank you, it's probably a user error :), I'm trying to build nix-build -I nixpkgs=. -E "with (import <nixpkgs> {}); haskell.lib.linkWithGold haskellPackages.servant"
<clever>
pbogdan: you can also `with import ./. {};` and ignore `-I nixpkgs=.`
<elvishjerricco>
pbogdan: Hm. I *think* linkWithGold is only supposed to be used on executable packages, not libs. Not sure on that. Regardless, I'd definitely expect that not to crash, so it's worth opening an issue (cc me so I can take a deeper look in the morning)
<ekleog>
drakonis: only issue with cargo is foreign deps indeed
<clever>
elvishjerricco: thats how the cardano stuff is using gold
<clever>
i think its in the cabal file, so it can apply to executables but not libs
<elvishjerricco>
clever: Ah. Hm, yea I guess the linker is used to relocate objects in GHC. Still any issue with that and linkWithGold sounds like a bug to me
o1lo01ol1o has joined #nixos
nckx has quit [Remote host closed the connection]
nckx has joined #nixos
astronavt has joined #nixos
astronavt has quit [Client Quit]
o1lo01ol1o has quit [Ping timeout: 252 seconds]
slack1256 has quit [Remote host closed the connection]
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
alhariel has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
<drakonis>
folks, etc.environment.<filename>.source allows me to pick where a file goes, right?
sir_guy_carleton has quit [Quit: WeeChat 2.2]
<clever>
drakonis: it will create /etc/<filename> as a symlink to a /nix/store/ entry, which may be a copy of the file pointed to by source
dbmikus has joined #nixos
<clever>
you can do etc.environment."nix/foo.conf".source to do subdirs
<drakonis>
right, good to know
<clever>
and .text if you just want the value in nix
o1lo01ol1o has quit [Ping timeout: 250 seconds]
* clever
heads off to bed
<ekleog>
'night :)
<{^_^}>
Night!
jperras has quit [Quit: WeeChat 2.2]
<hyper_ch>
ha, I know how to make iotop crash
dbmikus has quit [Quit: WeeChat 2.3]
dbmikus has joined #nixos
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
o1lo01ol1o has joined #nixos
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
dbmikus has quit [Quit: WeeChat 2.3]
dbmikus has joined #nixos
dbmikus has quit [Client Quit]
dbmikus has joined #nixos
astronavt has joined #nixos
ryantm_ has quit [Ping timeout: 246 seconds]
<kalbasit[m]>
anyone knows if it's possible to switch user through GDM from the command line? I'm on i3 not gnome
graphene has quit [Remote host closed the connection]
<jonreeve>
Why does nix-shell -p '(python36.withPackages (ps: with ps; [pandas spacy]))' not work, but nix-shell -p python36Packages.spacy python36Packages.pandas does?
<jonreeve>
(They seem like equivalents to me)
o1lo01ol1o has joined #nixos
jmeredith has quit [Quit: Connection closed for inactivity]
<aleph->
kalbasit[m]: Just switch to lightdm
<aleph->
There's an option for it
<kalbasit[m]>
aleph-: yep, I'm doing that now
mayhewluke has quit [Ping timeout: 264 seconds]
mayhewluke has joined #nixos
o1lo01ol1o has quit [Ping timeout: 264 seconds]
hamishmack has quit [Ping timeout: 264 seconds]
jonreeve has quit [Ping timeout: 252 seconds]
drakonis has quit [Quit: WeeChat 2.2]
Rusty1 has quit [Quit: Konversation terminated!]
jackdk has quit [Ping timeout: 244 seconds]
jasongrossman has quit [Ping timeout: 240 seconds]
<adamantium>
Yo-- is there any advantage to using flatpak? noticed we have it now. Seems like, something nixos doesn't need though, likely?
<adamantium>
Just wondering, maybe what the use case is
<srhb>
adamantium: I know little about it, but I assume it's useful if you're distributing to non-Nix-systems.
<adamantium>
Ah, that's true.
<adamantium>
Cool
* adamantium
isn't sure why one would want to use a non nix system ;)
<jasongrossman>
adamantium: It's useful for running one or two things that have been ported to flatpak but haven't been ported to Nix ... actually I can't think of any examples now, but Skype used to be an example.
<adamantium>
k
<adamantium>
I think they sandbox apps in flatpak
<adamantium>
We have firejail now though, so, meh?
<mbrock>
hmm, the Hydra job for release-18.09-aarch64 shows that the Linux kernel was successfully compiled on aarch64, but my Raspberry Pi still wants to build it from scratch...
<CapsLock>
srhb: I'm using intel integrated gpu
sigmundv__ has joined #nixos
<srhb>
CapsLock: Hum, okay.
<srhb>
mbrock: Are you getting the same output hash?
<mbrock>
srhb: ah, no, eh, not even the same kernel version :)
<srhb>
mbrock: Presumably you're not on the same nixpkgs commit then.
<srhb>
Or you have overlays overriding the kernel version. Or (...) :)
catch22 has quit [Ping timeout: 252 seconds]
o1lo01ol1o has joined #nixos
jasongrossman has quit [Ping timeout: 245 seconds]
<{^_^}>
[nixpkgs] @7c6f434c pushed to master « visidata: init at 1.3.1 »: https://git.io/fxiNd
<mbrock>
I'll just rollback. Xorg was acting really strangely on my RPi3B+, like I could only see the cursor and no text, xsetroot couldn't set colors, and if I started Xclock then the only effect was to turn the screen white
<srhb>
That sounds like fun -- and also a thing that deserves a bug report?
<mg->
So, no that lightdm is the default, how do I configure light-locker to run?
TweyIV has joined #nixos
<mbrock>
srhb: for posterity, I saw some journalctl logs about "failed to allocate from CMA", added boot.kernelParams = ["cma=256M"]; to my configuration.nix and now it works
<mbrock>
some site on the internet had tricked me into believing I only needed 32M there, which I took on faith
<mbrock>
maybe it depends on the display resolution
<srhb>
mbrock: Cursed be those random internet sites and their poor advice. :-)
<aiowej>
Hi everyone. I'm sorry for asking such a basic question - am having a hard time ddg-ing for this one, and also am finding nothing in the manual. I'm setting up our home desktop computers to use Nixos (using it on servers), and I am struggling to figure out how to create per-user configurations. When I log in on one account, I want Emacs and Qutebrowser available, but on another account I want LibreOffice, Firefox, and whatnot. So how
<aiowej>
can you in Nixos set up per-user configurations.nix files? Or create a package somewhere? If so, is there anywhere an example of such a file to read for a lost soul like yours truly? Something like a per profile nix-shell.
<srhb>
aiowej: There is not configuration.nix for anything but the system, however home-manager gets sort of close.
<srhb>
aiowej: You can make as many packages and profiles as you like, however.
<srhb>
aiowej: A simple way to approach this is to create a metapackage consisting of multiple packages that each user then installs into their respective user profiles.
<srhb>
aiowej: Keeping nix-env usage to a minimum using eg. this method is a great way of keeping things declarative. Ie. have only that package installed for the respective user, modify it whenever you want to change the package set.
<Taneb>
There's also "users.users.<name?>.packages"
<Taneb>
If you want something more centeralized
<Taneb>
(this goes in the configuration.nix but describes installed packages on a per-user level)
<{^_^}>
[nixpkgs] @xeji pushed commit from @veprbl to release-18.09 « mu: fix build for `withMug = true` (#48830) »: https://git.io/fxPew
<ben>
Does it arrange for packages to be eg. in the PATH for some users but not others?
<srhb>
ben: Yes.
<srhb>
ben: iirc it creates /etc/profiles/per-user/$user -- similar to your ~/.nix-profile
<aiowej>
srhb: Aresome! github.com/rycee/home-manager I assume. Yes, keeping things declarative is the goal. I just don't have enough days on this earth to deal with systems amassing cruft. Thank you for replying, gonna get right on to it now!
<ben>
interesting
<srhb>
aiowej: That's the one. I definitely recommend home-manager.
<srhb>
aiowej: Basic usage is trivial, and advanced usage means that you can manage eg. your dotfiles too, and cross reference values across them.
<srhb>
aiowej: I'm sure you can imagine the benefits of that.
<{^_^}>
[nixpkgs] @Mic92 pushed 5 commits to release-18.09: https://git.io/fxPvY
<ekleog>
srhb: I ask every user of home-mangaer I meet (hopefully not you yet?), but… how do you handle machines that don't and can't have nix installed? (eg. debian without root, userns disabled and a kernel too recent for proot to work correctly)
Mateon1 has quit [Ping timeout: 245 seconds]
<ekleog>
is there a way to like build your dotfiles locally and then generate a script that deploys them on any machine?
<infinisil>
This is kinda odd, 2 PR's have been opened in the past week with super simple changes to the Readme.md: #48669 and #48854. Both users have a very inactive profile, one of them only being created a couple days ago. Both of them have forked freeCodeCamp
<infinisil>
sphalerite: is the invalid label a standard github one then?
aiowej has joined #nixos
<sphalerite>
infinisil: I don't think so but the hacktoberfest says to label it as invalid and we do *have* the label so I guess it probably will do?
<infinisil>
Yeah, doesn't seem automated reading the site
<infinisil>
That just gave me the idea
astronavt has joined #nixos
<infinisil>
To some OS project I should make a commit "Add infinisil to contributors", but only do that, but because my commit will be in the project, I will be a contributor once it's merged
<srhb>
I think we should be careful when trying to distinguish bad-intention stuff with low-skill good-intention though. The above seem less useful though.
astronavt_ has joined #nixos
<sphalerite>
srhb: if they'd made the effort to read the contribution guidelines and fill in the PR template I'd be more lenient about it
* srhb
nods
<sphalerite>
but these people clearly just clicked on edit, pressed two keys, and sent the PR
<srhb>
Nothing _inherently_ wrong with that though. Hence my comment about intention. :)
vk3wtf has joined #nixos
mayhewluke has quit [Ping timeout: 268 seconds]
aiowej has quit [Ping timeout: 264 seconds]
astronavt has quit [Ping timeout: 272 seconds]
mayhewluke has joined #nixos
ThatDocsLady_ has joined #nixos
ThatDocsLady has quit [Read error: Connection reset by peer]
o1lo01ol1o has joined #nixos
<jophish>
What's the equivalent of '--max-jobs' for the new nix command?
<jophish>
nix --help or nix build --help don't show this :/
EarlDeLaWarr has quit [Ping timeout: 264 seconds]
<sphalerite>
jophish: --max-jobs works
<sphalerite>
jophish: all options in nix.conf can be passed like that on the command line since 2.0
<jophish>
oh great!
<sphalerite>
although some will be ignored (silently, which is a bug IMO!) depending on whether you're trusted
<jophish>
arm box is busy bootstrapping armv7 binaries now :)
<jophish>
interestingly, last time I did this I replaced the bootstrap tools
hiroshi has joined #nixos
<jophish>
but I can't remember why
<jophish>
well, I guess that something was using the `uname` program in the bootstrap tools
<sphalerite>
jophish: spoiler alert: the bootstrap works :p
<jophish>
yeah, that's why I'm puzzled :)
<jophish>
perhaps it causes problems later down the line
<jophish>
certainly it's no good thing to have uname in the bootstrap tools declaring that this is an aarch64 system
<jophish>
I wonder why linux doesn't have the arm32 namespace thing, like it does for x86 on x86_64 platforms
<jophish>
I can't remember the word for it, namespace isn't right I think
strobelight has joined #nixos
<sphalerite>
jophish: personality
<sphalerite>
probably just nobody thought it necessary yet.
<sphalerite>
Or it turned out to be a bad idea that's now a legacy burden but nobody wants to make it bigger than it already is
<srhb>
hyper_ch2: Presumably you built your config from 45a, but your channel has since updated to 16ac
<srhb>
(iow if you rebuild now, they'll both be 16ac...)
o1lo01ol1o has joined #nixos
aiowej has joined #nixos
o1lo01ol1o has quit [Ping timeout: 264 seconds]
aiowej has quit [Ping timeout: 264 seconds]
capisce has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @Ekleog closed pull request #48810 → wasm: remove alias to unbreak the channel → https://git.io/fx6LS
Mateon1 has joined #nixos
johnnyfive has quit [Ping timeout: 245 seconds]
ramses_ has joined #nixos
EarlDeLaWarr has joined #nixos
iyzsong has joined #nixos
<ramses_>
Hi all, I get this error when trying to upgrade to 18.09: /nix/store/0q0xx96z8ll2kxzpzbg0cpv1v3h66ig2-make-initrd.sh: line 42: /nix/store/g5dlpwd44kd75i71nwzii8w4bp4inxwk-findutils-4.6.0/bin/find: cannot execute binary file: Exec format error
<ramses_>
Anyone knows how to troubleshoot this?
<das_j>
nix jobs is the number of concurrent builds and cores is the number of cores used in a build, is that correct?
<sphalerite>
ramses_: what does `file /nix/store/g5dl*/bin/find` say?
<ramses_>
sphalerite: file says just "data" but I now figured out that readelf says "Error: Not an ELF file - it has the wrong magic bytes at the start", so I'm starting to think that the file got corrupted
<ramses_>
Is there a way to force a re-derivation of findutils?
<adisbladis>
ramses_: nix-store has --repair and --repair-path
<ramses_>
adisbladis: I tried those but they didn't seem to do anything
o1lo01ol1o has joined #nixos
astronavt__ has joined #nixos
astronavt_ has quit [Read error: Connection reset by peer]
<ramses_>
adisbladis: Ah, I saw the check-contents option now, that seems to do something
realrokka has joined #nixos
<sphalerite>
ramses_: try repair-path as root?
o1lo01ol1o has quit [Ping timeout: 252 seconds]
<TweyIV>
When I build something with stdenv.mkDerivaton, where does the patchelf happen to set the intepreter of the resulting binaries?
<betaboon>
↓can i use node2nix to build angular-application dist-packages ?
<realrokka>
I am trying to build a project with OpenGL, I have libGL and libGLU in my SystemPackages, I installed it in my user-env, I can build the project from nix-shell -p libGL libGLU ... but it when I trie to build it (not from nix-shell) it complains about not finding OpenGL. wtf?
<TweyIV>
realrokka: It's probably using pkgconfig, which doesn't work well with user envs
<realrokka>
TweyIV: I am building a project from source, not a nix-package
<TweyIV>
realrokka: Yes
<TweyIV>
realrokka: If you include pkgconfig in an environment it will register a hook that causes packages to make their pkgconfig configuration available to pkgconfig, so packages built in that environment will be able to use pkgconfig to find dependencies that support it
<ramses_>
sphalerite: I ran "sudo nix-store --verify --check-contents --repair" which says that it fixes several parts, amongst which the one causing the error I mentioned, but it doesn't seem to actually fix the path
<ramses_>
When I reran the command immediately after, it "fixes" the exact same paths
<sphalerite>
that's… weird
<TweyIV>
realrokka: If you use nix-env that hook will not be run and pkgconfig won't make the libraries available
<TweyIV>
realrokka: It's generally unwise to install libraries in your user-env for this reason — better to build the things that need them from a nix-shell, or write a little derivation for whatever you're trying to build
<TweyIV>
realrokka: (actually, not just pkgconfig, I think the compiler wrapper scripts will also not pick up dependencies installed in your user-env)
<realrokka>
TweyIV: its is an tutorial on OpenGL demo coding, I have to build stuff like every 30s ... is the only way to do this to stay in nix-shell all the time?
<aither>
hi all, I'm making a package and I'd like to add script for bash completion, where should I put it? $out/share/bash-completion/completions or $out/etc/bash_completion.d?
erasmas has joined #nixos
<Guanin>
Hi, I made a mistake and deleted ~/.nix-defexpr. Is there a way to restore it?
<aither>
I'm confused because I see share/bash-completion used a lot in nixpkgs, yet they seem to work only when put into etc/bash_completion.d
<symphorien>
Guanin: logout and login. iirc it is created in /etc/profile
shmish111_ has joined #nixos
<das_j>
Is there a quick way to build a package statically? I need a static binary to copy to my android phone (already using --option system)
<Guanin>
symphorien, did not change anything - but I can see in /etc/profile how the folder is generated :)
<jophish>
sphalerite: with uname changed in the bootstrap tools things are progressing much better
<{^_^}>
[nixpkgs] @joachifm pushed commit from @iblech to master « nixpkgs docs: Fix tiny typo (#48477) »: https://git.io/fxP2x
<infinisil>
regina_: You here?
<Laalf>
where would i ask about nix on other distributions?
iyzsong has quit [Ping timeout: 252 seconds]
<gchristensen>
here :)
<{^_^}>
[nixpkgs] @mguentner opened pull request #48884 → gem-config: set libmagic for magic → https://git.io/fxPaV
<{^_^}>
[nixpkgs] @NickHu opened pull request #48885 → tikzit: init at 2.0 → https://git.io/fxPaw
o1lo01ol1o has quit [Ping timeout: 264 seconds]
<Laalf>
ok... for example if i execute a package from nix (nix run nixpkgs.teamspeak_client -c ts3client) some packages need opengl and exit with "Could not initialize GLX". is there anything i could do to fix this?
<Taneb>
clever: ah, that's a little confusing
<jophish>
What are you trying to configure, Taneb ?
<Baughn>
sphalerite: Because nix-shell incorrectly unquotes the arguments I pass it.
<Baughn>
I'd give you an example, but the machine I was doing this on has died. :/
<TweyIV>
Baughn: This handles arguments correctly
<TweyIV>
I had to ask #bash for help writing it, long ago, and they had some colourful things to say about people who take single-string command arguments
<Baughn>
I've been using "${(q)0}" instead. Should work.
<qyliss^work>
wow Mic92 that was quick on my capybara-webkit PR :D
ThatDocsLady_ has quit [Ping timeout: 240 seconds]
<rgrau>
hello nixers, I've just installed postgresql-10.5 and I need to access "libqp.so.5". this file lives under postgresql-10.5-lib/lib directory which was installed along with postgresql package, but the directory is not linked to my profile/lib . Is this the expected behavior?
Ariakenom has joined #nixos
<qyliss^work>
rgrau: how did you install it?
<rgrau>
qyliss^work: nix-env -i postgresql-10.5
regina_ has quit [Ping timeout: 240 seconds]
<qyliss^work>
It might not be in the default output
<qyliss^work>
Try `nix-env -iA postgresql100.dev`
<rgrau>
mmm... "error: attribute 'postgresql100' in selection path 'postgresql100.dev' not found". I'm using plain nix, not nixos. (not sure if relevant)
<qyliss^work>
.dev is more common but apparently postgres uses lib
semihonest has quit [Ping timeout: 272 seconds]
jabranham has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
Guanin has quit [Ping timeout: 252 seconds]
semihonest has joined #nixos
justan0theruser has quit [Ping timeout: 252 seconds]
<rgrau>
qyliss^work: aha, thanks for the pointers! yes, this installed something... but apparently libqp.so.5 is not anywhere inside ~/.nix-profile :(
<qyliss^work>
bah :(
<typetetris>
Could someone help me? I installed nix in multi user mode on two machines and tried nix-copy-closure between the machines and it fails due to nix-store not being in PATH. Caused by ssh not running /etc/profile as it isn't a interactive shell. How should I cope with that?
genesis has quit [Quit: Leaving]
genesis has joined #nixos
<qyliss^work>
rgrau: you sure you don't want libpq dot something?
genesis has quit [Remote host closed the connection]
<rgrau>
qyliss^work: yes, libqp.so.5
<rgrau>
but I can't see any libqp.so* there
<qyliss^work>
Why do you need that? I've never heard of it and it's not part of postgres AFAICT
lonokhov has quit [Quit: WeeChat 2.2]
<rgrau>
python's sqlalchemy (psycopg2) needs to have it during runtime. But it's the first time I'm using this, and not a regular python user, so there are so many unknowns... :p
<tilpner>
NickHu - Shouldn't you be using fetchFromGitHub instead of fetchurl?
obtoris has quit [Quit: leaving]
<tilpner>
NickHu - meta.description should not end in a period
Czen has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @rbvermaa pushed to release-18.09 « nginx-opentracing: init at 0.7.0 »: https://git.io/fxPMX
<{^_^}>
[nixpkgs] @rbvermaa pushed to master « nginx-opentracing: init at 0.7.0 »: https://git.io/fxPMD
Czen has joined #nixos
dbmikus__ has joined #nixos
sir_guy_carleton has quit [Quit: WeeChat 2.2]
justan0theruser has joined #nixos
MarcWago has joined #nixos
steell has joined #nixos
<{^_^}>
[nixpkgs] @rbvermaa pushed to release-18.09 « opentracing-cpp: fix version in derivation »: https://git.io/fxPDZ
<{^_^}>
[nixpkgs] @rbvermaa pushed to master « opentracing-cpp: fix version in derivation »: https://git.io/fxPDC
<steell>
what is the nix-env equivalent of `nix-shell -p androidenv.platformTools`?
<steell>
i.e. i want to install that package in my environment, but i don't know how to express it as a nix-env command
<__monty__>
steell: Try nix-env -iA nixpkgs.androidenv.platformTools (I'm assuming androidenv is something in nixpkgs).
<steell>
__monty__: worked like a charm :-) thanks!
orivej has quit [Ping timeout: 240 seconds]
<steell>
is there a good reference / cheatsheet for nix-env (and other nix-* commands)?
<{^_^}>
[nixpkgs] @magnetophon opened pull request #48896 → avldrums.lv2: init at 0.3.0 → https://git.io/fxPyv
<__monty__>
steell: Only the nix manual afaik. And the man page of course.
<sphalerite>
nix-env isn't nice to use anyway
<sphalerite>
,imperative
<{^_^}>
nix-env has multiple drawbacks as an imperative package manager. nix-env -u will sometimes upgrade to the wrong thing; the outputs to install are very finicky to override; and packages that have been removed or are otherwise unavailable will remain in your profile without any warnings. Consider using a ,declarative setup instead.
<{^_^}>
There are multiple ways of managing declarative profiles. 1) Attrset, compatible with imperative use of nix-env https://git.io/fAQHW ; 2) buildEnv, providing more control over the paths that are linked into the profile <link to do, sphalerite!>; 3) home-manager, providing nixos-like config for your ~ https://github.com/rycee/home-manager
alex`` has quit [Quit: WeeChat 2.2]
<rawtaz>
sphalerite: ^ ;D
o1lo01ol1o has joined #nixos
<sphalerite>
._.
<rawtaz>
:*
<ashkitten>
what can i put in a shell.nix to set environment variables?
<clever>
ashkitten: every attribute in the derivation becomes an env var
<ashkitten>
huh
<clever>
so when you set something like buildInputs = [ foo bar ];, you can just `echo $buildInputs` in the shell to see it
<bpye>
I have used onedrive for a long time since it was once unlimited, but the open source Linux client isn't great, Dropbox is okay but their new restrictions about filesystems sucks...
<tilpner>
bpye - If you have a server, look at unison and seafile. Otherwise, rclone works well-ish
<bpye>
I've seen seafile, I don't love it's freeware style licensing, having GC be a non-open feature is a bit of a deal breaker personally, unison is a new name though
<rawtaz>
i would use rclone for that. however the business onedrive isnt entirely supported
<rawtaz>
bpye: what are your needs anyway?
<bpye>
rawtaz: Syncing a password database, primarily
<bpye>
I have some media stored there but I only use that on Windows currently, Lightroom catalog for example
<rawtaz>
bpye: what password software is it? what does it support?
<rawtaz>
i mean, some have support for e.g. dropbox or whatever
<bpye>
I'm using Keepass, so it just operates on a file, it doesn't support anything itself
<rawtaz>
if it's just one file you can just sync it over whatever with rclone :)
<rawtaz>
aha
<bpye>
Don't like the idea of using Lastpass or whatever :)
<rawtaz>
same
<bpye>
rawtaz: I'm curious, have you ever tried pass ( https://www.passwordstore.org/ ), it's always been the other one I've been tempted to try
<drakonis>
keepass?
<tilpner>
bpye - I am using passwordstore, and it's working very well
<{^_^}>
[nixpkgs] @primeos opened pull request #48905 → nixos/rootston: Remove the module and the package → https://git.io/fxPxJ
<tilpner>
bpye - It pairs nicely with git, solving the synchronisation problem
<rawtaz>
bpye: i really want to use pass, but i hate the fact that it uses gpg which means i have to set up and secure a private key instead of just memorizing a password. for that reason i unfortunately dont use it :/
<rawtaz>
i know others who do and love it, though
<rawtaz>
so i wouldnt hesitate to use it, if only i could get pas the gpg/pgp thing
<bpye>
rawtaz: I already have a GPG setup that works for me you see, I use a Yubikey, I have a raspberry pi to keep my master key offline
<rawtaz>
i see
<rawtaz>
what a messy thing to have to manage compared to memorizing a password :)
<bpye>
Heh, yes
<rawtaz>
a key, a pi, keeping it offline
<tilpner>
You don't need a device to keep an offline backup of a key
<tilpner>
A piece of paper or a CD will do
<bpye>
I have no issue with the Yubikey, and honestly having my master key offline is pure paranoia
<bpye>
tilpner: Huh, using paperkey for master keys?
<rawtaz>
its mostly that i have to protect that key that annoys me
<bpye>
rawtaz: I figure I already have to protect my passport, SSN, birth certificate etc, a key isn't much more work
<sphalerite>
rawtaz: you could use gpg without publishing your key and just keep it on your disk encrypted with a passphrase
<sphalerite>
which you remember
<rawtaz>
if your key is stolen, can they access your passwords?
<sphalerite>
yes
<sphalerite>
well if your key *and* your pass db is stolen
<rawtaz>
right, cuz the key is just some thing that defines how the encryption should be done, it just complements the password you need to enter anyway
<sphalerite>
bpye: I use syncthing for desktop sync, including my keepassx database (planning to move to pass eventually…)
<maurer>
Out of curiosity, has anyone set up anything for doing a measured-boot-handoff for fresh nixos builds?
<maurer>
Or is that me still wanting random future tech?
<sphalerite>
bpye: some people claim it has lots of conflict problems. I haven't experienced this myself, and it's nice that it syncs P2P. Although that disqualifies it from your "cloud" criterion I guess
<rawtaz>
but if you need the password to the key for the key to be usable, could you not consider the key to be compromised from scratch and just not care about keeping it safe (falling back to keeping just your password safe)?
<bpye>
sphalerite P2P is okay, cloud is just what I'm used to, I can always stick it on my VPS
<sphalerite>
maurer: I've been playing with the idea of getting secure boot working
<bpye>
rawtaz If you were happy with that, sure
<bpye>
You don't have to have a password on your key though
<maurer>
sphalerite: So, I'm not just talking about secure boot, which is the signed version - measured boot is an alternate TPM mode which doesn't depend on signed stuff in the same way
<sphalerite>
bpye: yeah I can recommend syncthing. Main disadvantage is that its only proper UI is the graphical one (accessed via a browser)
<maurer>
secure boot I've already done in a non-automated fashion with nixos, but it's a bit less optimal than measured boot imo
semihonest has quit [Quit: WeeChat 2.2]
<rawtaz>
bpye: right, but i can. so instead of being anal about not having to mess around with installing gpg and keeping track of a key file (compared to just my password store) i could consider those two things just extra work but go ahead and do it. the downside being that i have to make sure i dont loose two things, instead of one.
<rawtaz>
perhaps i should give it a shot then. i'd really like to use an open source thing, even though im very happy with CodeBook
<sphalerite>
maurer: is measured boot completely independent of secure boot then?
<maurer>
It's the same concept of "you must boot like this to access some TPM keys"
<rawtaz>
bpye: hm what about rsync? unison should be fine too though
<maurer>
but instead it measures PCRs from the the boot process
<maurer>
rather than a signature on the image
<rawtaz>
bpye: if it's just a file you can just sync over ssh
<maurer>
the reason this is interesting is that if odne right, you can prevent th ekey material from ever leaving the tpm
<maurer>
but it's a massive pain
<bpye>
I like OneDrive etc as I don't have to remember to sync the file when I add a password
<sphalerite>
maurer: do you need measured boot for that bit?
<bpye>
It is just "magically" available everywhere
<maurer>
(and also not have an external-to-the-tpm key you're using to sign your new boot processes)
<sphalerite>
bpye: syncthing has that too
<maurer>
Well, you can do that with secure boot, but then you need to manage your signing key
<tilpner>
bpye - unison can be configured to watch a directory and sync when something changes
<maurer>
the way you'd do it with measured boot is basically that you'd boot into a trusted generation, tell it to unseal access to the key, boot into your new generation, and reseal it, or so
<maurer>
Don't quote me on this thoug, I've never actually performed this operation myself
<maurer>
this is just how I have been told it works
<sphalerite>
I imagined the TPM behaving like a yubikey with gpg
<bpye>
sphalerite Does the Android syncthing client work... well?
<maurer>
sphalerite: So, the TPM has other modes, one for secure boot, and one for measured boot, where in addition to being "like a yubikey"
<maurer>
you must also be booted into an OS that it recognizes or it will tell you to fuck right off
<maurer>
which is great for storing hard drive encryption keys
<sphalerite>
bpye: I mean it's not 100% reliable, but almost always when I take a picture on my phone and want it on my laptop, it's there within 2 minutes
<sphalerite>
bpye: I also use it to sync music to my phone, just drop stuff in ~/music/sync on my laptop and it ends up on my phone without any further fuss
<maurer>
You _can_ just use it as a fancy GPG key, but it can do more, it's just trickier to manage
<sphalerite>
maurer: right, that's the impression I had
<sphalerite>
maurer: have you documented your secure boot setup stuff anywhere? Would be interesting to me :)
<maurer>
Uh, no, sorry
<sphalerite>
or even just the scripts dumped somewhere? :D
<maurer>
I can find the instructions I followed, basically you just need to sign your kernels every time
<maurer>
I didn't use a script, I used the tools directly, like some kind of farmer
<{^_^}>
Overlays look like `self: super: { foo = ...; }`. Use the self argument to get dependencies, super for overriding things and library functions (including callPackage). More info: https://nixos.org/nixpkgs/manual/#sec-overlays-install
<infinisil>
das_j: ^
<das_j>
infinisil: Thank you :)
Guanin_ has joined #nixos
Guanin has quit [Ping timeout: 264 seconds]
Guanin__ has joined #nixos
<das_j>
Hmm, may be a silly question but how do I build a packge? nix-build on the nix file (which returns a derivation) just tells me I need to specify stdenv as parameter. Is there a way for nix-build to callPackage the file?
Guanin_ has quit [Ping timeout: 264 seconds]
<infinisil>
,callPackage
<{^_^}>
If a Nix file foo.nix starts with something like `{ stdenv, cmake }:`, you can build it with `nix-build -E '(import <nixpkgs> {}).callPackage ./foo.nix {}'`
<Lisanna>
0_0 one of my nix builds (initiated from hydra) just timed out with "...timed out after 7200 seconds of silence". I thought the default universally was for nix to not have a build progress timeout?
jabranham has joined #nixos
<Lisanna>
I'm definitely not explicitly setting one anywhere
<das_j>
while setting up the build environment: executing '/nix/store/fqm2x6kiay1q4vg7pqp4wp17bdijlyc3-bash-4.4-p23/bin/bash': No such file or directory
<das_j>
But how? Shouldn't it use my normal native bash?
<jabranham>
hrm... ssh from a nixos machine to another nixos machine doesn't result in /run/current-system/sw/bin getting on PATH. Shouldn't that be on there automatically?
<hyper_ch>
?
<hyper_ch>
just tried it and got: /root/bin:/run/wrappers/bin:/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/etc/profiles/per-user/root/bin
<jabranham>
huh, I wonder why I don't. I'm ssh'ing as a user, not root, maybe that makes a difference?
drakonis has joined #nixos
<hyper_ch>
it doesn't: /root/bin:/run/wrappers/bin:/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/etc/profiles/per-user/root/bin
<illegalprime>
hi, I'd like to build a nixos ARM image for my rpi zero so I can preload it with WiFi creds. The wiki explains how to build uboot but not the entire image, is there another wiki I'm missing?
<jabranham>
and then in user.users.alex importing my public key with openssh.authorizedKeys.keys
<Baughn>
And the ssh command?
<jabranham>
ssh <ip-address>
<hyper_ch>
question: why would one use systemd timers over cronjob?
<jabranham>
hyper_ch: I don't have cron installed and I have systemd so I use its timers
<hyper_ch>
jabranham: ok, I see the point there :)
<illegalprime>
hyper_ch: I prefer the configuration syntax over cron's
nbardiuk has joined #nixos
<hyper_ch>
also good point
mupf has joined #nixos
<mupf>
Hello
<jabranham>
hyper_ch: how were you starting ssh that you got that path in there?
dbmikus__ has quit [Ping timeout: 264 seconds]
<hyper_ch>
ssh user@server
dbmikus__ has joined #nixos
<DerGuteMoritz>
Hi, I am trying to work around a regression in a quicklisp package (stumpwm) by downgrading one of its dependencies (clx, another quicklisp package) via packageOverrides. Here's what I have right now: https://pastebin.com/QDgY9TYw - unfortunately, it doesn't seem to be picked up by pkgs.quicklispPackagesSBCL.stumpwm (which is what I reference in my environment.systemPackages). Any clues?
<Taneb>
I'm trying to install NixOS on my new laptop
<Taneb>
I get as far as the NixOS GRUB menu
<Taneb>
But selecting any of the NixOS installer options just gives me a "_" for forever, it seems
<Taneb>
Any suggestions for things I could check?
<drakonis>
disable modesetting
<emily>
what kind of laptop is it?
<Taneb>
emily: ThinkPad E485
<Taneb>
drakonis: is that something I'd find in BIOS settings?
<qyliss^work>
Why GRUB? Did you change that from the default?
<emily>
so I'm guessing something something too new Radeon graphics for the kernel the live media ships with, maybe
<Taneb>
qyliss^work: not intentionally
<qyliss^work>
surprised you didn't get systemd-boot
<qyliss^work>
are you u
<qyliss^work>
Is it using UEFI?
<Taneb>
It should be
<drakonis>
Taneb: no its when you boot
<Taneb>
drakonis: ah, right, got it
<Taneb>
I'm giving that a go, so far it just seems the same
<Taneb>
MOre whirring than normal, maybe
<{^_^}>
[nixpkgs] @xeji pushed commit from @dywedir to master « mako: init at 1.1 (#46606) »: https://git.io/fxXIx
<Taneb>
emily: do you think using the non-graphical ISO might bypass that?
<emily>
Taneb: not sure. maybe edit the kernel command line and remove any "quiet" that's there
<emily>
I just always use the minimal ISO. although the lack of convenient wifi tools on it makes me sad.
<illegalprime>
I can 'reproduce locally' but I'd like to change the architecture
<jabranham>
I figured out my ssh problem. Following the advice here https://nixos.org/nixpkgs/manual/#sec-getting-documentation and putting that script into ~/.bash_profile results in PATH not getting set correctly when you ssh into that computer.
<Lisanna>
,locate bin rkill
<{^_^}>
Couldn't find in any packages
<Lisanna>
0.0
<Lisanna>
,locate rkill
<{^_^}>
Couldn't find in any packages
<Lisanna>
,locate pslist
<{^_^}>
Found in packages: volatility
<{^_^}>
[nixpkgs] @lsix opened pull request #48914 → pythonPackages.OWSLib: init at 0.17.0 → https://git.io/fxXLH
<{^_^}>
[nixpkgs] @thoughtpolice pushed to master « cloudflared: init at 2018.10.3 »: https://git.io/fxXtL
<Twey>
If I have a derivation with multiple outputs, e.g. outputs = ["out" "bin" "doc"], and I run nix-build on it, for some reason the "out" output seems to just get the nix-support directory with propagated inputs for the other outputs
cransom has quit [Quit: WeeChat 2.2]
<Twey>
Why is this?
Ariakenom has quit [Quit: Leaving]
catch22 has joined #nixos
cransom has joined #nixos
<{^_^}>
[nixpkgs] @thoughtpolice opened pull request #48919 → nixos: fix #48917 by setting SYSTEMD_TIMEDATED_NTP_SERVICES → https://git.io/fxXY1
_kwstas has joined #nixos
sigmundv has joined #nixos
<Taneb>
Good news! It's not a problem with the NixOS installer, Ubuntu is doing the same thing
<Taneb>
After googling a bit, I've got a but further but got stuck again, but this is now a tomorrow problem
<colemickens>
Anyone know what the latest state-of-the-art is for building automated installers? nixpart? etc?
Thra11 has quit [Ping timeout: 264 seconds]
<{^_^}>
[nixpkgs] @timokau opened pull request #48921 → r8168: init at 8.046.00 → https://git.io/fxXs6
CapsLock has quit [Ping timeout: 240 seconds]
<_kwstas>
hello everyone! I have a noob question: I'm working on a haskell project, i have already configured project.nix and default.nix. I want to configure shell.nix as well, but I want shell.nix to have some extra dependencies (e.g. hlint), but I do not know how :(. I tried to do something like: devEnv = (import ./project.nix).project.overrideAttrs (oldAttrs: rec {
<_kwstas>
}); but it seems that this does not work
<_kwstas>
any help/hint?
ottidmes has joined #nixos
<ottidmes>
I have the following nix code in my config to generate a host id based on a host name: id = mkDefault (import (pkgs.runCommand "host-id.nix" { } ''... bash code ...'').outPath); however since updating to 18.09 (has been some time since last updating though), I now get: error: cannot import '/nix/store/sdn5blxjr6c660xfnwmdiv8rrfglxkfx-host-id.nix', since path
<ottidmes>
'/nix/store/2zci1mrg95rgzgi77mvibyxh724h5kqi-host-id.nix.drv' is not valid
tbenst has quit [Quit: Leaving]
<ottidmes>
is this trick of generating a nix config file on the fly no longer allowed?
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jabranham has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
<sphalerit>
ottidmes: I think it should be fine in principle, but you may need to remove the .outPath bit for it to get instantiated and realised... Not sure
<ottidmes>
my problem probably is under a nix-instantiate context it is not implicitly build but assumed to be already build, and before updating, they probably just happened to already exist at that point, hence no errors at that time
<mdash>
Anybody happen to know where the gdb scripts for cpython debugging are packaged? (if they're packaged?)
<sphalerit>
ottidmes: oh yeah it needs to build to finish the evaluation. So you can't eval it in situations where building is disabled, like nix-instantiate.
<sphalerit>
ottidmes: it should still build fine though.
dmc has joined #nixos
<ottidmes>
sphalerit: I tested it, it indeed works fine when building, now I just need to trigger a build for it, while all I am interested in is import <nixpkgs/nixos> {}).config.host converted to json (which I did by using nix-instantiate)
<ottidmes>
host contains the id that I am generated through import (runCommand ...)
<mdash>
ottidmes: thanks i'll give that a shot
drakonis has joined #nixos
drakonis_ has quit [Ping timeout: 246 seconds]
jperras has quit [Ping timeout: 268 seconds]
<ottidmes>
sphalerit: running: nix-build --no-out-link --expr '(import <nixpkgs/nixos> {}).config.host', prior to my nix-instantiate seems to work just fine, thanks for the help!
<tbenst>
Hi all, I’m attempting a fresh install of nixos 18.09 with graphical iso and UEFI boot, and sadly have an unbootable system
uri-canva has joined #nixos
<tbenst>
I followed the manual closely, although found that it loaded the wrong entries for the hardware nix file, so manually fixed
<srl295>
nix containers… "Warning: Currently, NixOS containers are not perfectly isolated from the host system." If I want to run a server in a container that doesn't have any root access, though, are there other issues to be concerned about?
<andi->
tbenst: how is it failing and what did you have to change in the hardware file? It usually is fine for me.
<uri-canva>
I'm waiting for https://hydra.nixos.org/job/nixpkgs/trunk/bazel.x86_64-darwin to be built, it was queued 5 days ago, and I noticed in https://hydra.nixos.org/queue-summary there's 38k jobs queued for darwin machines, and there were 39k two days ago, so the queue isn't getting processed very quickly, compared to the other machine types where the queue was thousands of jobs but now is almost empty
<uri-canva>
is something wrong with the darwin machines? Are there supposed to be more of them? or is it just a matter of waiting longer? I brought this up in #nix-darwin but I didn't get a response: https://logs.nix.samueldr.com/nix-darwin/2018-10-21
<tbenst>
andi- when I attempt to boot, there is no output and goes straight to UEFI bios
<andi->
tbenst: so it didn't add nixos to the efi vars?
<tbenst>
Not sure how to check that
<andi->
Usually calling `efibootmgr -v` should show that. IIRC the default bootloader is systemd-boot so it should show up there.
<ottidmes>
tbenst_: in your configuration.nix I see both grub and systemd-boot enabled, which are different boot loaders
<ottidmes>
tbenst_: If I compare your configuration.nix with what I have in my UEFI machine, I also have boot.loader.efi.canTouchEfiVariables = true; and I dont have boot.loader.systemd-boot.enable = true; and boot.loader.efi.efiSysMountPoint = "/boot"; so try commenting those
<{^_^}>
[nixpkgs] @rlupton20 opened pull request #48927 → signify: init at v24 → https://git.io/fxXRZ
<tbenst_>
ottidmes: thx for tip (noob here :). Just commented out all grub lines
<tbenst_>
ottidmes: "Failed assertions:- You must set the option ‘boot.loader.grub.devices’ or 'boot.loader.grub.mirroredBoots' to make the system bootable."
<{^_^}>
[nixpkgs] @veprbl opened pull request #48928 → arrow-cpp: fix for zstd 1.2.6+ → https://git.io/fxXRu
<ottidmes>
tbenst_: you should have at least one boot loader, and if you do not want to use grub (I use grub), then you have to set it to "nodev", like that line you already had
<tbenst_>
ottidmes: as long as I can boot, I'll do whatever ;)
<ottidmes>
ehm, sorry, that is wrong, you should have to set it to nodev either way for UEFI
<ottidmes>
tbenst_: then could you try what I suggested? so keep the grub lines and comment those 2 I mentioned and add the touch efi variables one
<dmj`>
ottidmes: I saw that, but it seems to be spawning a new OS (calling fork) — uses System.Process. This is actually what I’m currently doing, but would rather FFI into the C++ lib.
<dmj`>
OS process*
<Mic92>
There is no need for a c wrapper
<Mic92>
You can interface with python from c++
<ottidmes>
dmj`: I think they mention this in the hackage description, that they see it as the next phase
darthfork has quit [Remote host closed the connection]
<dmj`>
Mic92: nice, I see the extern “C”
<dmj`>
Mic92: I really just want the underlying calls to nix-instantiate and nix-store —realise. I thought that would be in eval.hh
<dmj`>
Mic92: I don’t see “realise” in store-api.h
<Mic92>
dmj`: it does not build or instantiate any builds at the moment