<mdash>
ivan: did you use "nix-build" or "nix build"? :)
<mdash>
the latter has progress indicators
<aleph->
That's... odd
<jasongrossman>
aleph: It is odd. It's in flux. The plan is to replay nix- things with arguments to the nix command. Could do with more documentation though.
<ivan>
nixos-rebuild switch --upgrade
<aleph->
Yeahhh, lack of documentation is one of my big gripes
<aleph->
Among others
jperras has quit [Ping timeout: 252 seconds]
<mdash>
ivan: ah. yeah no progress indicators there
<Arahael>
travankor: I'm just a bystander here, but I'd like to point out that vscode likes to have LOTS of memory - 700 or 900 MB to run an empty editor window.
Dedalo has joined #nixos
<elvishjerricco>
Arahael: That wouldn't cause `error: unexpected-end-of-file`, would it? Plus, in my experience it's far lower than that. Atom was definitely that bad though.
<Arahael>
elvishjerricco: Who knows... It's an electron app.
sir_guy_carleton has quit [Quit: WeeChat 2.2]
<elvishjerricco>
I mean being an electron app doesn't come with an inherent 500M penalty. I think an empty Electron app uses like 10M? That's bad, but not *so* bad.
<Arahael>
elvishjerricco: About a year ago I setup an Ubuntu VM with some 700MB of memory (total). vscode would launch, but couldn't display anything beyond a black window until I bumped up the RAM a bit more.
<Arahael>
(Could've been 800-something MB actually, but regardless)
<elvishjerricco>
I wonder how much RAM ubuntu consumes idly. Actually it'd be kinda interesting to compare all the major distro's idle memory usage.
<elvishjerricco>
ignoring FS caching, if possible
<Arahael>
Right, but those could be paged out.
<Arahael>
Ubuntu sets up swap by default, and I had an SSD and all that.
<elvishjerricco>
Yea, hence the desire to ignore memory used by FS caching
<Arahael>
Host system had 16 GB of memory, btw, I'm not sure if the drives are cached by the host.
oldandwise has joined #nixos
<{^_^}>
[nixpkgs] @Ericson2314 opened pull request #49129 → Linux headers: Cleanup → https://git.io/fxyFn
<elvishjerricco>
I stand corrected. An empty VSCode window used 500M on my machine. Used to be like 100M :/
<Arahael>
elvishjerricco: Now, add langauge servers to that. :)
Supersonic has quit [Disconnected by services]
Supersonic112 has joined #nixos
Supersonic112 is now known as Supersonic
EarlDeLaWarr has quit [Ping timeout: 264 seconds]
<Travankor>
I went with vscode just as a test since electron is known not to work on musl natively.
<elvishjerricco>
travankor: I the glibc in nixpkgs looks for locales in a LOCALE_ARCHIVE environment variable. Maybe the equivalent in musl is differently formatted?
<elvishjerricco>
I think*
<elvishjerricco>
maurer: Lol they fixed it by just disabling those args when running as root. That's pretty bad...
<elvishjerricco>
maurer: Do we use root to start X in NixOS? I thought we let the display-manager do that as your user.
<maurer>
I am under the impression that we still have root X for easier Gnome support, but I am not 100% on that
<Arahael>
It feels like we've only now started, as an industry, to care about security.
<mdash>
Arahael: or at least, to notice security
<simpson>
Arahael, mdash: Or at least, to feel the impact of not caring about security
<Arahael>
Yeah. I think it's fantastic to start seeing these exploits, actually.
<Arahael>
simpson: I think we've always had that impact, but people didn't really care? (Just install an antivirus product already, you silly goose!)
<mdash>
when people get motivated to not uses unix and friends i'll believe they're serious about security
<simpson>
Arahael: Where were the big data breaches of the 90s? It took a long time for the stakes to be high enough and for the technology to become non-optional.
<elvishjerricco>
mdash: Is unix inherently insecure in your view?
<Arahael>
simpson: The 90's saw a move towards ACL's and multi-user systems, that was a *massive* step up from single-user systems.
<Arahael>
elvishjerricco: Architectually the unix root account is a huge grap.
<Arahael>
*gap
<Arahael>
(And most people fail to realise just how privilaged root is)
<drakonis>
who grants those privileges anyways?
<Arahael>
drakonis: The kernel - if it's UID 0, then security checks are bypassed.
<drakonis>
the applications are the ones that grant the privileges?
<drakonis>
ah well
<drakonis>
that's awful?
<drakonis>
i thought we had gotten well past the point that root is necessary
<ottidmes>
Arahael: but cannot the same be said about using the Administrator account on Windows, you ought to use a normal account, but most people just use the Administrator account
<ottidmes>
Arahael: (about the not realizing the danger part)
<Arahael>
ottidmes: Nope, Administrator on windows is still subject to ACL. Higher than Adminstrator, is SYSTEM, but even that still has ACL's if I recall correctly.
<mdash>
elvishjerricco: yes, it can't really be salvagef
<mdash>
salvaged
<mdash>
elvishjerricco: permission/acl based systems aren't expressive enough
<elvishjerricco>
I kinda like BSD's new `unveil` syscall. Kinda like a simplified filesystem container system. I kinda think permissions should be at a process level, not a user level. Then for escalation, a parent should be capable of permitting a child to escalate if it can authenticate itself.
<Arahael>
I mean, look at Android and the mess they have.
<Arahael>
simpson: No, but capabilities have problems too. And even if it was perfect, you still ahve the social burden of actually ensuring you have correct capabilities.
<mdash>
Arahael: nothing's perfect, but the capability model can actually do the job when used well, unlike acl/static-configuration systems
<Arahael>
mdash: Meh, in the enterprise ACL is hardly static.
<Arahael>
I actually *like* the iOS model, to a degree.
<Arahael>
(As a practical, pragmatic system)
<simpson>
Arahael: I'm not sure I understand; doesn't that entire argument still hold if "capabilities" are replaced with "roles" or "rows" or "permissions"?
<Arahael>
simpson: It becomes a question of who designs, selects, and enforces those capabilities.
<Arahael>
simpson: Today, when you install an application, is it the developer who picks them, the administrator, or the user?
<simpson>
Arahael: Well, I'm stuck on Linux, so it's the kernel who assigns permissions and manages them, right?
<Arahael>
simpson: No. THe kernel enforces them, but doesn't assign or manage them.
<simpson>
I mean, *today*, we're all on NixOS, right?
<mdash>
ios model has a lot of benefits to it
<mdash>
it's not obvious that it can scale to multiuser/multivendor environments though
<ekleog>
NixOS has like zero support for SELinux anyway
<ekleog>
would be nice, but…
<simpson>
Arahael: I guess I just don't understand the direction of your criticism. In the concrete, capabilities are usually pretty hard to tamper with. They're cryptographic tokens, or unforgeable object references.
<simpson>
And the entire goal is to be *structural*. Like how Nix is kind of a package-capability system. (Kind of.)
<Arahael>
simpson: That's not the problem.
<Arahael>
simpson: The problem is WHO selects them.
<mdash>
Arahael: what do you mean?
<Arahael>
simpson: Say, you have an application developer, he's just left uni, and wants to make RealCoolCSVViewer. He's never made an application before, and is still figuring out stuff.
<simpson>
Arahael: Okay. So, let's say that we're using Nix. Who selects the packages? The user calling Nix, right?
<Arahael>
simpson: Now, you, the nixos user, sees RealCoolCSVViewer. What you then do is nix-env -i realcoolcsvviewer, right?
<simpson>
Sure.
<Arahael>
simpson: How do you know it doesn't read .ssh/id_rsa, and emails it off?
<simpson>
Arahael: I don't, because Linux isn't that kind of kernel.
<Arahael>
selinux can do that, but still, this gets back to the root problem.
<Arahael>
The user is rarely the right person to assign capabilities.
<simpson>
Yes. Capability-safety, like memory-safety before it, requires rewriting a lot of stuff.
oldandwise has quit [Quit: leaving]
<Arahael>
simpson: No it doesn't.
<simpson>
Well, the user is the *only* person who has some key capabilities regarding physical access.
<mdash>
Arahael: it does, sorry
<Arahael>
mdash: I disagree.
<Arahael>
mdash: In concept, anyway.
<simpson>
Arahael: How do you approach the problem of *taming*?
<simpson>
Of interfacing capability-aware systems with I/O and effects?
<Arahael>
simpson: that's a separate issue.
<Arahael>
First, you have the problem of *identifying* features that it needs.
<Arahael>
A separate problem is determining that a feature can't be supported.
<Arahael>
Take a look at Android, for instance, particularly older releases.
<simpson>
So, powerboxes?
<Arahael>
Developers would request Contacts access. And the user was powerless to avoid it. That's essentially the situation we have today.
<Arahael>
Allowing the application to handle the refusal of a capability/feature, does require rewriting that feature.
<Arahael>
But merely enforcing an agreed contract, doesn't require rewriting or changing anything.
<simpson>
Maybe. Linux sure has a hard time enforcing its contracts on userspace.
<mdash>
unix style filesystem APIs just don't make sense in the context of a capability system
<Arahael>
Another example from legal is the GDPR, this isn't software, it's legal, but it's still a good example.
<mdash>
haha
<Arahael>
You use a service, that service is required to clearly acknowledge what it does.
<Arahael>
If it uses something outside of that contract, all hell breaks loose.
<simpson>
Why not: You use a service, you provide the service with specific abilities to do things, and the service *cannot* do anything outside of those abilities.
<simpson>
Arahael: That's a way of thinking about it, but as we come to have more non-GNU toolchains, I think it's worth narrowing down what's different. Nix doesn't say "no standard tools", it says "no ambient tools in /usr".
<simpson>
I got the impression that, on fully-pure platforms like NixOS, stdenvs have glibc as just another plain derivation.
<Arahael>
simpson: Right, that interface here, is effectively *libc. :) For languages that don't use a libc, well, I should say *lib*. I suppose the interface could very well be the kernel itself, but I dunno, that seems too high?
<simpson>
Nix definitely doesn't try to tame the kernel; you can use e.g. Go to write raw syscalls with a nice interface and you won't get attenuated or limited at all compared to a traditional Linux process.
<simpson>
(And "tame the kernel" really means "tame the syscall barrier")
<Arahael>
Go is an example environment that doesn't use the libc at all, but seems to directly use the kernel. :)
<mdash>
Arahael: which is why libc isn't a useful place to do taming
<hyper_ch>
aanderse: still need help with zfs?
<simpson>
Right. And on non-NixOS the barrier's in different spots. One of the "best", most "fun" parts of Nix on Darwin is that sometimes system libraries show up when you didn't want or know about them.
<Arahael>
mdash: Indeed. It was a poor example on my part.
<Arahael>
I like the macos "sandbox" concept too, incidentially, though I understand that it's perhaps not technically sound.
<{^_^}>
[nixpkgs] @veprbl opened pull request #49130 → pythonPackages.pyarrow: fix running tests on hydra → https://git.io/fxyN7
ottidmes has quit [Ping timeout: 252 seconds]
<simpson>
Sandboxes are alluring. I think maybe we should call them "raptor pens" though, given how they work in practice.
<mdash>
Arahael: so, building a taming layer on top of glibc for a language runtime that uses glibc features is reasonable
<simpson>
`jurrassic-wolrd`
<mdash>
(and that's what simpson and I did)
<Arahael>
mdash: Still, you can't do that securely without kernel + hardware support.
mayhewluke has joined #nixos
<puffnfresh>
gchristensen: we're using your layered Docker images for work
<mdash>
Arahael: Sure you can.
<puffnfresh>
gchristensen: an extraCommands attribute would be useful
<mdash>
Arahael: (So long as you're willing to restrict yourself to stuff inside that runtime on top of that taming layer.)
<Arahael>
mdash: With or without meltdown mitigations?
<mdash>
Arahael: oh, well, go buy a good CPU first before you even start _thinking_ about software
<Arahael>
mdash: I mean, in theory, we could just dockerize all the apps, right? Heh, sure. So hardware support is really important.
<puffnfresh>
gchristensen: we're trying to populate /nix/ with registration and store-paths
<Arahael>
And kernel as well.
<mdash>
docker doesn't provide any security benefits
<mdash>
i don't recall them even trying
<Arahael>
mdash: Because it shares the kernel, or because of other reasons?
<mdash>
Arahael: it's not intended to provide security benefits, and historically I haven't seen them show up by accident either
<Arahael>
mdash: Yeah, most of the security issues I've seen involve either networking things, or accessing memory or other resources shared by the host. (Eg, video graphics in the case of vmware)
<mdash>
yeah
<mdash>
docker is a garbage bag, not a metal safe
<Arahael>
Yep, curious choice of words, though. ;)
<Arahael>
It's going to be interesting to see how much we use docker in 10 years.
<Arahael>
And when systemd and docker will play nicely together...
<mdash>
my choice was deliberate, it's a container designed to be thrown away along with its contents
<Yaniel>
that ought to work fine as soon as systemd absorbs dockerd
jperras has quit [Quit: WeeChat 2.2]
<mdash>
Arahael: hoping seL4 will make more headway in 10 years :)
<Arahael>
mdash: It has multiple connotations though. :)
<Arahael>
mdash: Yep!
<Arahael>
A part of me dislikes the new direction we're making with capabilities, but it seems that we either need to embrace it... Or move back to single-user systems. This half way point is rather... useless.
<simpson>
Arahael: A related analogy is that of a water balloon vs a sponge. Both can be stabbed with a blade, but one will leak more water than the other, being a thin barrier around unprotected contents rather than a dense structure.
<Arahael>
We do rather like our thin barriers.
<Arahael>
People still regard chroot as a *sandbox*.
<simpson>
Capability theory mostly works because its models fit two very common setups: Computers in a network, and humans in a social network.
<simpson>
Fitting the setup of (human?) agents trying to share a computational resource is really a bonus IMO.
* emily
thinks this is starting to sound pretty -chat?
<Arahael>
In this day and age, we've moved away from sharing computational resources, IMHO.
<mdash>
emily: you got a nix question? :)
<mdash>
Arahael: we haven't, just how it's done
<Arahael>
mdash: I think we have. As a *user*. We tend to have one computer per person. Each have their own phone, each have their own tablet, etc.
<mdash>
Arahael: that all run code on behalf of _tons_ of other people/organizations
<Arahael>
Arguably webservers are a shared resource, but those technically run as a single user account as well.
<simpson>
The cloud~
* simpson
respects emily's suggestion
<mdash>
emily: this is topical though, because what should come next after nixos? ;-)
<mdash>
i certainly don't want to crowd out more on-topic stuff.
<Arahael>
I have to get back to work anyway. :)
astronavt has quit [Read error: Connection reset by peer]
Wharncliffe has quit [Quit: Lost terminal]
astronavt has joined #nixos
sb0 has quit [Quit: Leaving]
jasongrossman has joined #nixos
rprije has quit [Ping timeout: 240 seconds]
bsd4me has joined #nixos
jtojnar has joined #nixos
Peetz0r has joined #nixos
rprije has joined #nixos
endformationage has quit [Quit: WeeChat 1.9.1]
worldofpeace has quit [Ping timeout: 250 seconds]
worldofpeace has joined #nixos
worldofpeace has quit [Ping timeout: 264 seconds]
jtojnar has quit [Remote host closed the connection]
<pie__>
what ackage is the "gsettings" command in? :/
<simpson>
,locate gsettings
<jackdk>
,locate gsettings
* simpson
learning
<{^_^}>
Found in packages: ibus, gvfs, evince, liferea, empathy, brasero, deja-dup, glib.dev, gnome3.gcr, gnome3.eog, notify-osd, gnome3.ghex, virtmanager, gnome3.gedit, gnome3.folks, gnome3.totem, gnome3.mutter, gnome3.vinagre, gnome3.seahorse, gnome3.evolution, ibus-with-plugins, gnome3.libgnomekbd, gnome3.gnome-shell, gnome3.gnome-keyring, gnome3.gnome-session, evolution-data-server, gnome3.gnome-packagekit, gnome3.gnome-screenshot, and 5 more
<{^_^}>
Found in packages: ibus, gvfs, evince, liferea, empathy, brasero, deja-dup, glib.dev, gnome3.gcr, gnome3.eog, notify-osd, gnome3.ghex, virtmanager, gnome3.gedit, gnome3.folks, gnome3.totem, gnome3.mutter, gnome3.vinagre, gnome3.seahorse, gnome3.evolution, ibus-with-plugins, gnome3.libgnomekbd, gnome3.gnome-shell, gnome3.gnome-keyring, gnome3.gnome-session, evolution-data-server, gnome3.gnome-packagekit, gnome3.gnome-screenshot, and 5 more
<jackdk>
,locate bin gsettings
<{^_^}>
Found in packages: glib.dev
Rusty1 has quit [Quit: Konversation terminated!]
Mateon1 has quit [Ping timeout: 245 seconds]
Mateon1 has joined #nixos
drakonis has quit [Quit: WeeChat 2.2]
Dedalo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
aw has joined #nixos
spacefrogg has joined #nixos
bsd4me has quit [Remote host closed the connection]
reinzelmann has joined #nixos
adamantium has joined #nixos
<adamantium>
Hi, anyone know, how to make a cursor theme apply to x-toolkit applications such as urxvt?
<adamantium>
My cursor theme applies to gtk apps no problem, but xtoolkit apps like urxvt it does not work, even with .Xresources or .Xdefaults containing a like such as: Xcursor.theme: Numix-Light
<adamantium>
a line*
<Ralith>
that `.Xresources` line works fine for me
<Ralith>
did you reload it?
pie__ has quit [Ping timeout: 245 seconds]
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<hyper_ch2>
"We have been running an IRC channel on the Freenode network, #letsencrypt, in addition to the community forums. After careful thought we have decided we can only support one of these platforms. We feel that the community forum offers a better experience for users looking for help and for discussion of the Let’s Encrypt platform. We’re closing the #letsencrypt IRC channel and focusing our efforts on the community forum.
<hyper_ch2>
We believe Discourse offers a better user experience, has more powerful moderation tools, and is less of a time burden for staff than a real-time medium like IRC. We look forward to welcoming IRC users to the Discourse forum."
EarlDeLaWarr has joined #nixos
ZaraChimera has left #nixos ["No boundaries on the net!"]
EarlDeLaWarr has quit [Ping timeout: 276 seconds]
layus[m] has left #nixos ["User left"]
rprije has joined #nixos
mbrock has joined #nixos
<jeaye>
Thanks.
<gchristensen>
puffnfresh: instead of an extraCommands attribute, I think a separate build function would be better
thc202 has joined #nixos
ThatDocsLady has joined #nixos
astronavt has quit [Ping timeout: 252 seconds]
jmeredith has quit [Quit: Connection closed for inactivity]
<Izorkin>
srhb: Need move ${toString config.uid-gid.group-custom1} from script to group let in. Example { config, pkgs, lib, ... }: let CustomID = ${toString config.uid-gid.group-custom1} in { others config
<srhb>
Well that'll work too.
najibpuchong has joined #nixos
ThatDocsLady has joined #nixos
patrl has quit [Ping timeout: 260 seconds]
cinimod has joined #nixos
<najibpuchong>
Hi all. In nixos 18.09, how can I have selectable keyboard layout option at login?
<srhb>
Izorkin: ${} is syntax for string interpolation, it must be inside a string.
<srhb>
Izorkin: If youj just nee dCustomID to be that string, then CustomID = toString ...
<srhb>
Without the dollar curly.
<srhb>
najibpuchong: I'm not sure whether lightdm supports this at all? You might want a different display manager (perhaps someone can confirm/deny this)
<srhb>
najibpuchong: Is lightdm the dm you're using?
<Izorkin>
srhb: let cfgID = import /etc/nixos/misc/ids.nix; CustomID = toString cfgID.config.uid-gid.custom-group1; error - value is a function while a set was expected
<najibpuchong>
srhb: Currently I'am using sddm. I had use lightdm before. Any suggession on what display manager have this feature?
lonokhov has joined #nixos
<hyper_ch2>
what's the best way to create with the configuration.nix a file with given content in /etc/xxx/xxx.conf ?
<srhb>
najibpuchong: Sorry, I don't know. I think you'll have to research the various available DMs if SDDM doesn't do it :)
<srhb>
Izorkin: Don't import ids.nix. use the value from config
<cinimod>
I have nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.09.tar.gz release-8.4.nix --arg packages "haskellPackages: [ haskellPackages.lens haskellPackages.random-fu]
<hyper_ch2>
srhb: nice... I was gravitating towards system.activationScripts.media
<srhb>
hyper_ch2: Eek. :)
<cinimod>
Is there way of putting --arg packages "haskellPackages: [ haskellPackages.lens haskellPackages.random-fu] into a nix file using overrides so I don't have to type it all the time?
<hyper_ch2>
srhb: system.activationScripts.media is nice to create some folders by deafult
<srhb>
hyper_ch2: I prefer never to touch th activation scripts if I can get away with it
<srhb>
cinimod: What's release-8.4.nix?
<kreetx>
a noob question: I have some state x with my nix packages and my application works. I would like to use the temporary fix for mojave from here https://github.com/NixOS/nixpkgs/pull/47676. Can I somehow save the state I have now so I could revert to it, if the changes I now start to make wont work?
<srhb>
cinimod: (You probably want to pin to a specific commit, hence the added sha256 hash. Make sure to point the url at some static commit ref tarball
pie__ has quit [Ping timeout: 246 seconds]
<kreetx>
symphorien: but that I should do on the nixpkgs repo? I understand the cherry-picking, it's the 'where' that I don't yet get
<kreetx>
and also, how to I remember the working nixpkgs state
<kreetx>
I guess I could just remember the commit I'm on right now
<srhb>
kreetx: Build your system from a nixpkgs checkout instead of some channel. In that checkout, from whatever branch you care about, cherry-pick on top of it (or create a new branch with the cherry-pick)
<srhb>
"reverting" is simply git revert
<symphorien>
yes it should be enough
<symphorien>
nix-info will tell you which commit you are on
<kreetx>
srhb: symphorien: thanks, now it clicked!
<symphorien>
to build with the checkout, use -I nixpkgs=/path/to/checkout
<kreetx>
symphorien: yes. I remember that I could use env variables for that too, if I want to use the checkout globally
<srhb>
kreetx: (more advanced methods involves specifying the source declaratively and applying a patch on top of it before importing nixpkgs itself. This is, in my experience, easier to maintain in the long run, but a bit more involved to set up if you're not used to nixpkgs "pinning")
<kreetx>
since I need the mojave fix pretty much globally
<{^_^}>
[nixpkgs] @teto opened pull request #49141 → zathura: symlinkJoin all of plugins → https://git.io/fxS36
<srhb>
gchristensen: If I use your multilayerthingabob, am I right to assume that I can make nix-env functional more or less by just adding nix, if I'm willing to accept that nix doesn't know about existing paths and garbage collection doesn't work without generating the db?
<srhb>
(Wondering if you've tried this)
<srhb>
I'm willing to make this tradeoff if it means I don't have to bother with the reference graph :-P
mbrock has quit [Remote host closed the connection]
mmercier has quit [Ping timeout: 276 seconds]
najibpuchong has quit [Remote host closed the connection]
orivej has joined #nixos
<srhb>
Though I suppose I could actually generate it at startup without too high a cost..
<hyper_ch2>
srhb: environment.env = { "xxx/xxx.conf".text = '' ..... ''; }; worked fine
<srhb>
If I just dump the reference graph and join it together.
<pie_>
to clarift: i dd /dev/sda1 to /dev/sdb1, and i want to change the uuid of /dev/sdb1, and then make the nixos on /dev/sdb1 reference the new uuid
ThatDocsLady has quit [Ping timeout: 260 seconds]
<symphorien>
pie_: you can use nixos-generate-config to regenerate hardware-configuration.nix
<pie_>
symphorien, ok but will that work without doing a rebuild switch on the offline system?
<kreetx>
clever: ah, I see now, it's in the code as well. thank you!
<symphorien>
ah you need to rebuild the offline system; nixos-install should do the trick
johanot has joined #nixos
<pie_>
symphorien, how should i use nixos-install for this? its not immediately obvious on a first readthrough? i mean, how do i make it not copy anything, just change the config
<symphorien>
nixos-install is more or less chroot + nixos-rebuild
eskytthe has joined #nixos
<pie_>
this is the step i want to avoid i think (from the man page) "· It copies Nix and its dependencies to /mnt/nix/store. "
<clever>
pie_: try just nixos-enter and nixos-rebuild boot
<pie_>
there is a --system flag to install..?
<pie_>
clever, ok i will look at that thanks
<pie_>
clever, ah that looks nice
<pie_>
i noticed theres some symlinks that end up pointing to places in the live enviroment, that should be fixed when it gets in a chroot yes?
<Lisanna>
I need to convince Nix that the build has completed before all the children have actually exited
<Lisanna>
I can modify that code in Nix if I need to
<Lisanna>
wondering if I can do something like artificially send an EOF or something
sir_guy_carleton has joined #nixos
<sphalerite>
Lisanna: how is it that you always end up doing the craziest stuff? :p
<Lisanna>
sphalerite :U
<symphorien>
Lisanna: does killing the children count ?
<Lisanna>
symphorien can't kill the children
mayhewluke has quit [Ping timeout: 252 seconds]
<Lisanna>
the environment is not sane... killing the children is not always possible
<pie_>
i wonder if fdpeek lets you write to stuff not just read them
<pie_>
wrong tool name..
<Lisanna>
kernel/hardware shenanigans
<symphorien>
can you run gdb on them and call close(fd) ?
<Lisanna>
symphorien no, trust me, killing the children is unsafe in my environment :p
<pie_>
peekfd
<Lisanna>
ohh
reinzelmann has quit [Quit: Leaving]
mayhewluke has joined #nixos
<Lisanna>
I don't.... think so? maybe?
<pie_>
symphorien, :D
ivan_ is now known as ivan
<Lisanna>
I would rather just modify Nix to listen for a secret code or something from any of the children that forces a cleanup
<typetetris>
how does hydra.nixos.org serve its store?
<sphalerite>
Lisanna: why do you need this?
<gchristensen>
typetetris: it doesn't, it pushes NAR files to S3
<Lisanna>
sphalerite because I want to use Nix in an environment where I want builds to complete but without having to have the child processes spawned by the build exit
<typetetris>
gchristensen: and cache.nixos.org ? does it serve its store somehow or does it redirect to s3 somehow?
<{^_^}>
input-output-hk/iohk-ops#352 (by cleverca22, 20 weeks ago, merged): [DEVOPS-836] configure hydra to upload everything to S3
<clever>
diff*
<Lisanna>
gchristensen run tests against an impure resource
<gchristensen>
typetetris: it is serving S3
<Lisanna>
killing them is dangerous and can bring down the whole environment, breaking the SSH connection
<Lisanna>
(killing them is dangerous if something has gone wrong in the test, specifically)
<sphalerite>
Lisanna: I'm not sure exaclty how it works but I think nix SIGKILLs stuff when it closes stdout
<Lisanna>
so I just need a way to wrap up the Nix build safely and then nuke the system from orbit afterwards (I already have the latter part)
<sphalerite>
maybe you could disable that behaviour
<typetetris>
nix-serve doesn't serve signatures and sharing the store via ssh seems to be very version dependent. nix 2.0.4 couldn't talk to nix-store from nix-2.1.3 :(
<gchristensen>
sphalerite: builder could be without the sandbox, and have the chidlern start outside the builder?
<Lisanna>
sphalerite Nix is waiting on a select of all the child fds
<gchristensen>
Lisanna: ^
<Lisanna>
yeah, definitely not using the sandbox here
<gchristensen>
:D
<sphalerite>
so you can just do the double-fork daemonise thing?
<Lisanna>
sphalerite nix will still pick them up
<pie_>
clever, any hints on what to look into for why this wont work? well i mean i guess it has something to do with being in a chroot, but this is supposed to work in a chroot...
<Lisanna>
and consider them children
<sphalerite>
huh
<symphorien>
iirc it kills everything from the nixbuildXXX user
<clever>
Lisanna: nix cleans up all children by uid, so it kills everything in the nixbld1 user
<gchristensen>
Lisanna: could your builder send a message to a networked daemon which starts the process?
haslersn has joined #nixos
<symphorien>
so use sudo to change their uid :)
<sphalerite>
use systemd-run for it :D
<clever>
symphorien: sudo and su will work if the sandbox is off
<clever>
sphalerite: oh, that may work as well!
<Lisanna>
this is a single user install, if that makes a difference
<haslersn>
Hi, does anybody know how I can share a folder to a NixOS container running locally?
<haslersn>
*NixOPS-Container
<srhb>
haslersn: Which backend?
<pie_>
clever, actually i didnt notice it start with this: "System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down"
<Lisanna>
symphorien but Nix is getting stuck waiting on a select... how will changing their UID help?
<haslersn>
srhb: Doe you mean the `deployment.targetEnv = "container"`?
<clever>
pie_: yeah, systemctl wont work at all in the chroot
<symphorien>
also run them with >/dev/null 2>/dev/null
<Lisanna>
symphorien ...wait, drat, but I am still interested in their stdout/stderr ):
<symphorien>
redirect to a file
<symphorien>
in /tmp, to make it clean
<haslersn>
I also tried using virtualbox, which for some reason didn't work if installed in the user environment
<haslersn>
srhb: ^
<symphorien>
you can't have both nix reap their stdout and not wait on completion :þ
<pie_>
clever, nevermind nothing about dealing with the chroot issue...
<srhb>
haslersn: Hmm, I haven't used the container backend yet, sorry
xeji has joined #nixos
<symphorien>
haslersn: installing in user environment can't have global side effect like "starting a daemon" or "installing a kernel module"
<symphorien>
so virtualbox not working from user environment is expected
<Lisanna>
symphorien so, if I start them with their stdout/stderr redirected to a file (so Nix can't select() on them), and selectively read from that file in the main build process, if the main build process decides "time to exit!", Nix won't care that those processes are still running?
<symphorien>
it seems reasonable
<Lisanna>
since they're not connected to the tty or whatever
<symphorien>
but if they still have the same uid, they will be killed
<Lisanna>
symphorien will Nix wait around for them to finish terminating?
<Lisanna>
or will it send a signal and bail?
<symphorien>
no idea
<symphorien>
you read the code, not me
<clever>
Lisanna: when the main proc nix started returns, i believe nix will murderize everything else in the uid
<clever>
under normal conditions, that would be when genericBuild from setup.sh returns
<Lisanna>
OK, so I'll need to change their UID so Nix doesn't try to kill them
<clever>
in the past, i have seen users add themselves to the nixbld group
<clever>
upon starting any nix command, they where dropped to a login screen
<clever>
because nix picked their uid, and then killed the entire session
<gchristensen>
hahaha ouch
<clever>
i believe it will do such cleanup both at the start (before the build begins) and at the end (after the initial proc returns)
<ekleog>
Lisanna: I'd think these comments don't apply to a single-user nix install as you have
<Lisanna>
clever killUser kills all processes owned by some uid?
<clever>
Lisanna: yeah
<Lisanna>
clever would that be used in a single-user install? I wouldn't think it would...
<clever>
Lisanna: nope, in a single-user i'm not sure how the cleanup is handled
<Lisanna>
it probably just depends on that select
<clever>
it can probablyy leak procs when they double-fork
<Lisanna>
and defers all cleanup responsibility to the build itself
<Lisanna>
if sandbox is off, yeah
<Lisanna>
OK, cool. That's what I need
<clever>
ive also found that nix doesnt understand mount points when cleaning up $NIX_BUILD_TOP
<clever>
if the sandbox is off, i can run fusermount to use fuse inside a normal build
haslersn has quit [Ping timeout: 256 seconds]
<Lisanna>
so I myself might in the build select on the stdout/stderr of the children (so I get all their updates), but also on another input that signals when it's time to get the heck out of there and abandon ship
<clever>
but the rm -rf at the end, cant deal with mountpoins
siraben has joined #nixos
<Lisanna>
huh
<clever>
i was mounting fuse fs's inside a nix-build, and if i didnt umount at the end, nix would fail to remove the /tmp/nix-build-foo-0/
<clever>
and then i wind up with 20 in /tmp/
<siraben>
Is there a sample NixOS configuration for MacBook computers?
<gleber_>
Is there a way to create a derivation which has no `system` or is system-agnostic?
<gleber_>
In my case the derivation has nothing which is arch- or system-specific
<clever>
gleber_: there is a font derivation in nixpkgs that does that
<clever>
gleber_: all it really does is define the output hash, the same as fetchurl
<clever>
gleber_: and system is just set to whatever pkgs its currently in
<clever>
gleber_: so the derivation still has a system set on it, but its declaring that the linux and darwin builds have identical output, and it can mix&match them via the binary cache
<gleber_>
clever: that's my goal: to have the same nix store path for it both on Linux and Darwin
<clever>
gleber_: fixed-output derivations can do that
<gleber_>
clever: what is the derivation is doing `src = ./.` and has a custom builder script which copies subset of what `src` has captured?
<clever>
gleber_: define a derivation with an, outputHashAlgo, outputHash, and outputHashMode ("flat" or "recursive")
<gleber_>
*what if
<clever>
gleber_: if you define the 3 above attrs, any derivation can become fixed-output
arianvp_ is now known as arianvp
<clever>
gleber_: then the $out will depend entirely on those 3 attrs, and the name attr
<clever>
if outputHashMode="flat"; then $out must be a single file, and outputHash is its hash
mayhewluke has quit [Ping timeout: 276 seconds]
<clever>
if outputHashMode="recursive" then $out can be a dir, and its a hash over the NAR of that dir
<gleber_>
This will make it brittle under changes... I.e. I will have to update `outputHash` whenever I change anything which has been shoved into `$out`
<clever>
yeah
reinzelmann has joined #nixos
johann__ has quit [Quit: Leaving.]
obadz has quit [Ping timeout: 240 seconds]
xeji has quit [Ping timeout: 246 seconds]
<arianvp>
hey clever are you around?
<arianvp>
Can I borrow your help again a bit with yarn?
<cinimod>
If I do nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.09.tar.gz release-8.4.nix --arg packages "haskellPackages: [ haskellPackages.lens-diagrams ]" then all is well
<arianvp>
but im not sure why.. because I have provided the nix lock file manually. in that case it shouldn't do import-from-drv right?
<pie_>
is it possible to rebuild a nix config without chrooting?
<pie_>
man that doesnt seem right though. nixos-enter is supposed to work right? ...the whole point of that would be able to do config in the chroot
zarel has joined #nixos
eskytthe has joined #nixos
jasongrossman has quit [Ping timeout: 252 seconds]
<{^_^}>
[nix] @edolstra pushed to master « Merge all nix-* binaries into nix »: https://git.io/fxSB0
<pie_>
^ yay
<clever>
arianvp: *looks*
<pie_>
ok so if i need to change the root uuid i need to deal with grub, ok thats fine, but i also need to change which root partition gets mounted, and that means i probably need to poke at the initrd or osmething?
<clever>
arianvp: yarn2nix still needs IFD, even with a yarn.lock
<clever>
arianvp: you would need to run that part manually, and add its result to nixpkgs
Synthetica has quit [Quit: Connection closed for inactivity]
MoreTea has joined #nixos
acarrico has joined #nixos
obadz has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Itkovian has joined #nixos
cinimod has quit [Ping timeout: 260 seconds]
<Lisanna>
the nixos module system is pretty awesome. it would seriously be amazing to have that stuff get built in to the nix language itself so it could be applied to more domains other than just configuration nixos
<clever>
Lisanna: you are able to just run the module framework against non-nixos things
Itkovian has quit [Quit: Textual IRC Client signing off]
vk3wtf has joined #nixos
cinimod has joined #nixos
schopp0r has left #nixos [#nixos]
schopp0r has joined #nixos
<{^_^}>
[nixpkgs] @re4per1337 opened pull request #49148 → looks cleaner now → https://git.io/fxSgO
<schopp0r>
Hi. I am trying to compile Nix with another store-dir, so I can use it on another computer where I have no root access. Yesterday, symphorien suggested to use my NixOS installation and compile it there and then copy it to the other computer. I set the environment variables similar to the description in https://github.com/NixOS/nix/blob/master/tests/common.sh.in#L4
<schopp0r>
except for "unset NIX_PATH", because then it won't start nix-env
<schopp0r>
symphorien: ok, so I use a nix-shell now. it will compile a new nix with another store-dir. and then I will probably have to compile yet another nix inside this nix, to be in this new store-dir right?
<schopp0r>
symphorien: ok, sorry, I need assistance :\ I now built a shell with nix with another store-dir. but now when running nix-build, it just points me to the default /nix/store directory for nix, instead of building it in the new storeDir.
<schopp0r>
error: creating log file '/nix/var/log/nix/drvs/hr//hri5jc0bwy18yxkpddcp1gi9sna3x5-bash-4.4.tar.gz.drv.bz2': Permission denied ← why does it try to access that even though I set NIX_LOG_DIR?
<schopp0r>
symphorien: I cannot find where/how to set the log directory
<LnL>
rycee: are you at nixcon?
reinzelmann has quit [Quit: Leaving]
strobelight_ has joined #nixos
strobelight is now known as Guest85353
jmeredith has joined #nixos
strobelight_ is now known as strobelight
vk3wtf has quit [Ping timeout: 250 seconds]
Guest85353 has quit [Ping timeout: 245 seconds]
eskytthe has joined #nixos
<schopp0r>
why is it so hard to do such a simple thing as "compiling" /o\
<schopp0r>
like, for every software project that is sufficiently large
<schopp0r>
ok, some docs say there should be a flag --localstatedir. but … neither nix-build nor nix-shell support it.
<{^_^}>
[nixpkgs] @andir opened pull request #49150 → Various security issues → https://git.io/fxSKL
<haitlah>
Hey hey again me trying to run my CI in nix :P
orivej has quit [Ping timeout: 272 seconds]
<haitlah>
I have a VM running nixos with gitlab-runner installed
<haitlah>
I have tried to configure with shell as executor, but failed miserably to build my project
astronavt_ has joined #nixos
<haitlah>
It seems that the user can't find 'su' in the $PATH
<haitlah>
Running with gitlab-runner 11.2.0 (v11.2.0)
<haitlah>
on nixos dff1ae9e
<haitlah>
Using Shell executor...
<haitlah>
ERROR: Job failed (system failure): Failed to start process: exec: "su": executable file not found in $PATH
<haitlah>
Anyone already tried to have a local gitlabrunner ?
iyzsong has quit [Ping timeout: 252 seconds]
jperras has joined #nixos
iyzsong has joined #nixos
astronavt has quit [Ping timeout: 245 seconds]
<symphorien>
schopp0r: I don't understand. On which machine are you ? on the target machine ?
cinimod has joined #nixos
<Dezgeg>
--localstatedir is an option for ./configure
xeji has quit [Quit: WeeChat 2.2]
<symphorien>
either you must use the env vars again or compile nix with what Dezgeg mentions to have the right defaults compiled in
tv has joined #nixos
<symphorien>
those are mostly "standard" autotools flags, like sysconfdir and so on
<{^_^}>
[nixpkgs] @dpaetzel opened pull request #49151 → tabula: init at 1.2.1 → https://git.io/fxS6t
eskytthe has joined #nixos
drakonis has joined #nixos
<genesis>
there is a platforms.mesaPlatforms , i'd like a platforms.isMesaPlatforms
<genesis>
how could i do that ?
jabranham has joined #nixos
mayhewluke has quit [Ping timeout: 260 seconds]
<ivan>
anyone running 4.19? does execsnoop (from perf-tools) show any processes for you?
<cransom>
fpletz: is there a useful story around ipv6 prefix delegation ? For the networkd switch, that is.
mayhewluke has joined #nixos
<fpletz>
cransom: that should work with networkd but I haven't tried it yet
<fpletz>
cransom: man systemd.network, the option is called IPv6PrefixDelegation
<cransom>
gotcha. Thanks.
aleph- has quit [Ping timeout: 252 seconds]
<andi->
It works flokli tested/was involved there IIRC.
ryantrinkle has joined #nixos
jasongrossman has joined #nixos
cinimod has quit [Remote host closed the connection]
cinimod has joined #nixos
<{^_^}>
[nixpkgs] @1000101 opened pull request #49152 → nixos/trezord: revised and updated udev rules → https://git.io/fxSPm
Dedalo has joined #nixos
<flokli>
cransom: I use it to configure downstream network interfaces from a larger allocation and route.
xeji has joined #nixos
aleph- has joined #nixos
<pie__>
rycee, is there something somewhere that explains how home-manager works
<schopp0r>
symphorien: no, I am in the nix-shell on my nixos machine now. I got it compiling now, so far. I'll be back as soon as that fails again ^^
<symphorien>
then don't use nix-shell
<schopp0r>
symphorien: why not?
<symphorien>
only nix-build "<nixpkgs>" -A nix
<schopp0r>
symphorien: ...
<manveru>
pie__: what do you want to know?
<schopp0r>
symphorien: this doesn't work
<symphorien>
well you *can* use nix-shell
<symphorien>
just a recipe already exists to do it automatically
<schopp0r>
symphorien: aha?
<pie__>
manveru, i havent poked around much yet, mainly just wondering about making my home directory immutable, and perhaps using something like overlayfs to gather changes
<pie__>
manveru, and/or git
<schopp0r>
symphorien: where? the thing you linked to does not work without modification
<schopp0r>
symphorien: that was why I use a shell now
lunik1 has joined #nixos
<manveru>
pie__: well, it definitely doesn't support that
<pie__>
manveru, what is "that"
<symphorien>
sorry I don't have time to help you further now
<manveru>
home-manager makes symlinks, not much else
<pie__>
manveru, ok i think that was approximately what i was wondering about
<pie__>
manveru, the symlinked files cannot be written to yes?
<manveru>
Yes
<manveru>
They look to the nix store
<schopp0r>
symphorien: yeah ... the thing *is* that these do not work. even in the shell, nix will use the default locations from the parent NixOS, when I do not set them manually.
<manveru>
*link
<symphorien>
export NIX_REMOTE=
<symphorien>
otherwise it may use the daemon
cinimod has quit [Remote host closed the connection]
cinimod has joined #nixos
xeji has quit [Ping timeout: 264 seconds]
aanderse has quit [Remote host closed the connection]
<pie__>
manveru, so i did this by accident and didnt get any errors home.file."".text = , whats that going to do? :P
ramses_ has joined #nixos
<avn_>
maurer: so when "system" would be finally built? ty
<maurer>
avn_: Sorry if it's a bit of a heavy hammer, but it might figure things out. My best guess is that it's a separate git-with-tools for user usage (e.g. what you use on the command line) and a minimal git that is in use by e.g. fetchGit inside nix
b1000101 has joined #nixos
<avn_>
maurer: that would be most correct answer. Probably we can turn off docs building on first one, and may be testsuite on seconds (git itself built in 15sec, but docs/tests consume ~5-10 min each)
<maurer>
avn_: If for some reason you're going for net build speed, you could probably rejigger fetchgit to use git-and-tools or whatever it's called instead
<maurer>
(assuming that _is_ the problem, which you shouldn't assume til you look at a depgraph)
<{^_^}>
[nixpkgs] @1000101 opened pull request #49157 → nixos/trezord: revised and updated udev rules → https://git.io/fxSDV
<avn_>
maurer: anyway LO and chromium my weekly killers ;)
avn_ is now known as avn
<maurer>
LO=?
<maurer>
Oh, libre office
<avn>
I have another hypotesis, that pkgs686.wine can refer to pkgs686.fetchgit, and capture 32bit git as well
<avn>
yep
emily has quit [Ping timeout: 276 seconds]
<maurer>
sorry, once I became a latex addict I stopped using it :P
<maurer>
avn: That's not impossible, but it seems really unlikely, because fetchgit should come from lib, not pkgs
<maurer>
err, nvm, evidently it is pkgs
<avn>
maurer: I personally is lyx/pandoc user ;) But I build all stuff for my household (include pre-building stuff for wife/kid machines)
Ariakenom has quit [Ping timeout: 246 seconds]
<avn>
Btw I feel, that I need to try switch home machines to nixops.
<maurer>
avn: Is there a reason you're using pkgs686.wine instead of setting your wine config to wine32 instead?
<avn>
maurer: some legacy reasons. But I have load-evn-game-xxx scripts, each with own wine settings (currently all scripts is same, but I like to keep this scheme, because scripts can bring some GL tweaks)
<pie__>
either that or im blind
<pie__>
given that "users.users.<name?>.packages" exists, is there some user level nix stuff that I can user so that I dont have to sudo nixos rebuild to change user level packages/
eskytthe has joined #nixos
aleph- has quit [Ping timeout: 240 seconds]
<avn>
probably I should change my env definition with wine.override { wineBuild="wine32"; wineRelease="staging"; };
<mdash>
pie__: home-manager may interest you
zarel has quit [Ping timeout: 252 seconds]
<drakonis>
avn: wine staging is available normally now
catern has joined #nixos
<drakonis>
no need to override anything
<pie__>
mdash, im poking at it right now :)
<pie__>
mdash, but i thought there might be something in base nixos
<catern>
is there a way to build a VM and QEMU script with Nix that allows specifying the kernel with -kernel? and which displays a console over serial directly in the current terminal instead of doing graphical stuff?
<avn>
git builds third time, so I propapby suspect something wrong
<catern>
I'm just doing kernel hacking - usually I write my own QEMU script and build my own VM disk image, but maybe I can do it with Nix
iyzsong has quit [Ping timeout: 240 seconds]
<clever>
catern: have you seen nixos-rebuild build-vm?
<avn>
drakonis: I know, because I still be a co-maintainer. ALthough all my wineprefixes 32bit, I keep my settings match each wineprefix
<drakonis>
ah right
<drakonis>
okay
<jabranham>
it looks like mono is broken on aarch64. Anyone know if someone is working on fixing that?
<mdash>
pie__: just nix-env I think
<catern>
clever: yes, but I want something a little more pure-Nix
<catern>
since I'm not on NixOS
<pie__>
mdash, which is what i dont want to use :/
<clever>
catern: build-vm just tells nixos-rebuild to build a certain attr of <nixpkgs/nixos>
<catern>
clever: I assume you can answer this question very adroitly :)
<jophish>
I think that nix has put the wrong hash into the database
<catern>
yes but to have the nixos-rebuild command, I need to build another Nix expression
<clever>
catern: if your configuration.nix has virtualisation.graphics = false; then it will link stdio to the serial port
<clever>
catern: for for the kernel, youll have to mess with line 109 in that file
drakonis has quit [Quit: WeeChat 2.2]
<catern>
hmm, that's pretty interesting
<adisbladis>
jabranham: Probably not. Have you tried building it yourself?
cinimod has quit [Ping timeout: 246 seconds]
<catern>
so I just want to go to a shell inside the VM that has a few derivations available (so I can test the custom kernel with my custom code), can I specify something like that in configuration.nix?
<clever>
catern: one tricky part though, is that nixos needs a decent number of modules to boot (in qemu-vm.nix for example, it needs 9plan to mount the store)
<clever>
catern: and those modules are baked into the initrd it builds
<jabranham>
adisbladis: nope. It's on a pi so I assumed the build would take ages. Right now I'm trying to convince the pi it doesn't need to build a kernel. It keeps insisting for some reason though.
<clever>
then you change the kernel, and they cant load...
colabeer has joined #nixos
<catern>
clever: that's fine, I'll just set them as builtins in the kernel config, that's standard
<clever>
that can work, as long as you know what all is needed
<catern>
I'm used to figuring that out by trial and error - is there some other way? can Nix itself tell me?
<clever>
catern: eval the config.boot.initrd.availableKernelModules attr
<clever>
that is what tells nixos what to include in the initrd
<catern>
hmm I see
<catern>
that's pretty neat
Peetz0r has quit [Quit: te hard yolo geroepen]
cinimod has joined #nixos
<adisbladis>
jabranham: I'll give it a go on the nix community builder and see what fails
<catern>
is the format of that, something which I can easily translate back into kernel configuration options?
Peetz0r has joined #nixos
<clever>
catern: the kernel doesnt make that so easy
xeji has quit [Ping timeout: 246 seconds]
<clever>
there is no clear pattern between module name and CONFIG_ param
erasmas has joined #nixos
xeji has joined #nixos
<catern>
clever: well, ultimately Nix needs to know that mapping to build each of those modules
<catern>
and figure out their name
<clever>
catern: nix just builds ALL the modules!
<clever>
this config controls what subset of .ko files get copied to the initrd
<catern>
ah, I see, and selects them by name? awkward
hax404 has quit [Quit: WeeChat 2.0.1]
<catern>
so what kind of ./hardware-configuration.nix should I have, for a minimal VM config?
<clever>
you likely dont need any
<clever>
just {} would be a valid configuration.nix
<clever>
qemu-vm.nix overwrites the config for things like the rootfs
<haitlah>
Anyone already used an S3 as distributed binary cache
<{^_^}>
[nixpkgs] @alyssais opened pull request #49158 → doh-proxy: init at 0.0.8 → https://git.io/fxS9Y
<catern>
Ideally, in addition to passing a specific kernel image into the VM, I'd be able to pass an additional directory to mount into the VM using 9P, is there an easy way to do that?
<haitlah>
?
<catern>
clever: wow you're right, {} is valid
<clever>
catern: line 501-506 is an example of how 9plan stuff is done from the nixos side
<catern>
it's very amazing that I can just do nix eval -f '<nixpkgs/nixos>' -I nixos-config=./configuration.nix config.boot.initrd.availableKernelModules
<catern>
and it just works
<clever>
catern: and line 98 is the other end for 501-506
<clever>
catern: qemu-vm.nix is covering everything that nixos usually asserts on, which is why {} is "valid"
schopp0r has quit [Ping timeout: 256 seconds]
<catern>
what is the /tmp/xchg directory? and /tmp/share?
<catern>
are those some directories I can use myself? and point them at some local path?
<catern>
I see there's the SHARED_DIR environment variable being used
<clever>
catern: yeah
<catern>
very neat
<clever>
catern: if SHARED_DIR isnt set, it will use $TMPDIR/xchg
<clever>
and TMPDIR is the result of mktemp -d
<catern>
ah, slick
<clever>
xchg is also in that tmpdir, but not configurable
<clever>
so you can use SHARED_DIR to configure where /tmp/share goes on the host
<clever>
shared*
<catern>
yeah I see how it works now, that's very slick
<clever>
the nixos test framework also uses this to get things like profiling data out of the guest
<ocharles>
Is it a bug that plasma5 sets services.xserver.desktopManager.session, but gnome3 doesn't? Since updating to 18.09, our lightdm auto login ends up logging in to xterm, not gnome3. If I set desktopManager.default = "gnome3"; I get a trace:
<clever>
catern: within that {} you could also override the kernel, but you would have to do a full kernel build for each run
<ocharles>
Default desktop manager (gnome3) not found at evaluation time.
<ocharles>
and it mentions that only "xterm" and "none" are known
<haitlah>
clever: I am running nix inside docker and would like to have a distributed cache, added the S3 to the substitues
<ocharles>
That trace seems to search services.xserver.desktopManager.session, but gnome3 doesn't touch that so it does seem to make sense why it wouldn't be allowed
colabeer has quit [Ping timeout: 264 seconds]
<clever>
haitlah: ah, then you just want to `aws configure` and then `nix copy --to 's3://bucket?secret-key=...®ion=...' /nix/store/foo`
<catern>
clever: ok, building now. this is supremely cool... hopefully I can just pass an additional -kernel argument to qemu and it will override the earlier passed one
<catern>
like with GCC
<clever>
catern: maybe, not entirely sure
redj has joined #nixos
<haitlah>
clever: do you mean I have to manually copy the local store to s3 ?
<haitlah>
clever: or is it uploading missing binaries when building derivation ?
<clever>
haitlah: you need t know what derivations you want in the cache, and upload them there, and its tricky to know what was compile-time only, which is where hydra helps out
cinimod has quit [Ping timeout: 252 seconds]
<catern>
clever: sure, but it's much cooler if I can just use the stock thing that comes wiht Nixpkgs
johann__ has joined #nixos
<clever>
haitlah: you could also just `nix copy --all` to upload the entire store
<catern>
I'm not messing with nvme or uefi as it looks like you're doing so I hopefully don't need anything custom
<catern>
also - Nix is all about variability so I'd hope that I'd be able to use the stock thing and just make a few variability-tweaks :)
<catern>
overrides or whatever
<clever>
catern: that script was to make qemu emulate a system with or without nvme, and/or uefi
sb0 has joined #nixos
ryanofsky has left #nixos [#nixos]
cinimod has joined #nixos
<haitlah>
clever: Oh, okay, I am running the CI with a container running nix, should I copy everything after having built the project ?
<catern>
btw what's the default login and password? or could I customize things so that I just get dropped into a root shell directly? that would be nice, that's what I did before on Debian
<haitlah>
I mean is there any good practice about that
<haitlah>
Or should I just push the project and its dependencies
<clever>
catern: it has no default login password
<clever>
catern: youll need to set users.users.root.initialPassword
<arianvp>
the build of those assets require network access (needs to fetch node-modules and such), so there's no way nix-build could've even provided a binary with the assets inside
<arianvp>
:O
<clever>
arianvp: using src = ./. at any point? does it have a node_modules left-over from testing?
ryantrinkle has joined #nixos
<nh2>
arianvp: I did a non-sandbox build accidentally (on my Ubuntu with nixops), running with sandbox now to recheck
<arianvp>
if it works i'm gonna lose my mind
<arianvp>
but also am not gonna complain
<arianvp>
xD
<avn>
Looks like rustc build bundled llvm anyway
<nh2>
arianvp: yeah it just ran through on a NixOS machine
<arianvp>
but if you visit the UI, does it actually show up?
<arianvp>
:P
<nh2>
let's see
<arianvp>
'consul agent -dev' by the way
<nh2>
arianvp: I'm always testing it on my staging nixops deployment
<arianvp>
and then localhost:8500/ui
<nh2>
arianvp: yeah seems to work fine, both using local `consul agent -dev` and on my staging deployment
ramses_ has quit [Ping timeout: 256 seconds]
<arianvp>
can you send a screenshot of the ui? I've got a warm fuzzy feeling it's just the old one
<arianvp>
ass we have { passthru.ui = consul-ui } in the package
<arianvp>
(It being the old one is not a bad thing per se)
<arianvp>
that's great news. but also scares me :D
<nh2>
arianvp: can you try build it from that PR?
<arianvp>
I have a new theory now. I think the legacy UI and the new UI use the same css in 1.3.0
patrl has joined #nixos
<arianvp>
yeh im gonna build it myself as well
<nh2>
arianvp: I'm not convinced of the css theory, because if I use `ui_dir` I get the UI looks
<nh2>
arianvp: maybe they have it pre-built somewhere in the repo? Couldn't find that so far though
orivej has quit [Ping timeout: 246 seconds]
Neo-- has joined #nixos
drakonis has quit [Remote host closed the connection]
<catern>
clever: you don't happen to know how I'd get qemu to have the QEMU monitor console in my current terminal and create some other pty to serve the VM serial console over?
<vdemeester>
oh waw, tried my nixpkgs/home-manager setup on a fedora 28 VW, it blows up hard :|
<astronavt>
lets say i have 2 python packages with conflicting dependencies. does nixos handle that situation? eg using pip or conda you'd be kind of in trouble, and python itself is limited because it has a global package search path
<arianvp>
mystery solved :)
<arianvp>
well that is great news, as it saves us A LOT of headaches :)
<nh2>
arianvp: lol `\x15\x40\x25\x39\x69\x81\xcd` that's how you do it
<ldlework>
astronavt: no it doesn't
<arianvp>
I'm gonna open an issue on the vault repo if they can vendor it too for vault
<ldlework>
astronavt: you can have different Python distributions with different package sets, but you can't have a single python distribution with conflicting packages
<nh2>
arianvp: I even tried `grep 'Node Health' /nix/store/740yjwx8qdkmcqwx465cbj67j489ccg7-consul-1.3.0-bin/bin/consul` and it failed, looks like it has everything hex-encoded even in the binary
<arianvp>
because then I can throw away my hacker nixpkgs build script and just use goBuildPackage :P
<simpson>
astronavt: Two packages in the same interpreter? Nope, that's something that Python itself can't deal with. The bug is in Python's module design.
<arianvp>
lmao
<nh2>
arianvp: and we can throw away my README and all the rubygems stuff in for consul
<arianvp>
yes, the consul-ui package we can just throw away now
<arianvp>
yes can all go
amir has quit [Read error: Connection reset by peer]
amir has joined #nixos
<nh2>
vdemeester:
<nh2>
sorry
<nh2>
vdemeester: I'll expand on your PR a bit to implement the above, OK?
<vdemeester>
nh2: for consul ?
<nh2>
vdemeester: yest
<nh2>
yes
<tokudan[m]>
I'm trying to figure out how to marry node2nix and bower2nix. in the nixpkgs manual i can see { myWebApp ? { outPath = ./.; name = "myWebApp"; }. (https://nixos.org/nixpkgs/manual/#ex-buildBowerComponentsDefaultNix) what's the intention of the outPath there?
<vdemeester>
yeah go ahead :)
<vdemeester>
sorry I'm a bit out of time today (and this week-end :D)
<catern>
clever: nvm I just have to pass -serial pty, so easy
<arianvp>
no problems
qyliss has quit [Quit: bye]
qyliss^work has quit [Quit: bye]
<astronavt>
simpson ldlework thats what i figured. thanks
xeji has joined #nixos
<adisbladis>
jabranham: Seems to just compile and work
<clever>
catern: if you instead do `-serial mon:stdio` then it will multiplx you into both stdio and the qemu monitor
<adisbladis>
Took a while, no magic smoke
<gchristensen>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 30
<gchristensen>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 31
<gchristensen>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 32
<jabranham>
adisbladis: well that's good, thanks for checking :-). Can it get unbroken on hydra so I don't have to compile it myself?
<catern>
clever: yes, but that's precisely what I don't want to do
<cransom>
lets hope the new king doesn't go made with power.
<clever>
catern: then using either ^a or ^[ (i forget) you can toggle between qemu and the serialport
<clever>
catern: ah
<catern>
I think that's the default
<cransom>
*mad
<catern>
clever: it's C-a c
<clever>
ah
<LnL>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 33
<catern>
I want the serial terminal to be separate so I can connect to it from Emacs
<adisbladis>
sphalerite++
<{^_^}>
sphalerite's karma got increased to 34
<clever>
catern: ahh
<adisbladis>
jabranham: If you make a PR I could merge it
<catern>
which I have now done, leaving me with a really slick overall setup - a VM build and started with Nix, and two buffers in Emacs, one pointing to the monitor and one pointing to the serial terminal
vidbina has joined #nixos
<clever>
catern: the nixos test framework adds a 2nd serial port, that goes directly to a root shell
<catern>
clever: that's what I've done too with services.mingetty.autologinUser = "root"; is there a way I can skip specifying that argument and just use the Nixos test framework's configuration
<arianvp>
nh2: I've asked hashicorp if they can do the same for the vault package. that'd make my life 1000x easier
<catern>
hmm, nah, that connects via a port, distasteful - I'm connecting via /dev/pts/nn
<arianvp>
but I understand they might be reluctant to do so
<arianvp>
:)
<catern>
seems cool though!
xeji has quit [Ping timeout: 246 seconds]
<clever>
catern: add the 1st file above to imports, and then use the 2nd one to create the hvc device
<nh2>
arianvp: they should just write that info into the ui-v2's README file really
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
<clever>
catern: -chardev should support both pty's and unix sockets
<clever>
so you can do it either way
<arianvp>
it might have 'evolved' this way. perhaps they just accidentally commited the file and that's why it 'works'
<arianvp>
:P
infinisil has joined #nixos
<nh2>
arianvp: `git log agent/bindata_assetfs.go` -- that looks very on purpose
infinisil has quit [Client Quit]
<nh2>
there's one commit for each release
<arianvp>
OH yeh I see
<{^_^}>
[nixpkgs] @jfroche opened pull request #49163 → Add pre-commit and its dependencies → https://git.io/fxSNi
infinisil has joined #nixos
<arianvp>
by the way " ui = true" is the default. So the nixos modules should be something like ui = ${cfg.enableUi}
<arianvp>
instead of ${optional enableUI "ui = true"}
<nh2>
arianvp: ah OK, I'll do that now
<jabranham>
adisbladis: I'm really only getting started with nix/nixos. Would I just remove the "broken = stdenv.isAarch64 && (versionAtLeast version "5");" from generic-cmake.nix?
<{^_^}>
[nixpkgs] @adisbladis opened pull request #49164 → mono: Unbreak on aarch64 → https://git.io/fxSNA
haitlah has quit [Remote host closed the connection]
<jabranham>
adisbladis: great, thanks. I'm trying to set up a little raspberry pi home server and something I want depends on mono.
<avn>
adisbladis: actually all mono-related (as well as .net) stuff require a big cleanup.
<arianvp>
great stuff
johann__ has quit [Quit: Leaving.]
<nh2>
where should it be recorded that this change goes into the NixOS 19.03 changelog?
<nh2>
or should that be part of the PR?
<adisbladis>
nh2: Document it as a part of the pr
<catern>
clever: also is there a good way to get a nix-shell suitable for building the kernel? I just found that the Linux build requires bc which I don't have installed, so might as well go all the way to Nix :)
<tokudan[m]>
i'm struggling with node2nix. I'm trying to use the output of the default.nix generated by node2nix as the src attribute for another derivation, but nix keeps telling me cannot coerce a set to a string
<tokudan[m]>
i'm struggling with node2nix. I'm trying to use the output of the default.nix generated by node2nix as the src attribute for another derivation, but nix keeps telling me cannot coerce a set to a string
<arianvp>
nh2: I'll review after this talk :)
<catern>
oh, everyone's at Nixcon, I see :)
<arianvp>
no i'm watching the live stream!
<arianvp>
virtual nixcon for me this year
<arianvp>
is cheaper
<vdemeester>
nh2: nice !
<b1000101>
too bad you're not here, the cookies are awesome :P
<__red__>
Greetings - I'm guessing this is possible but not sure where to find it - but I want to do an install of nixos onto a second drive such that when I put that drive into a second machine it will boot as the primary drive
<__red__>
in other words, I wnat to use my existing machine as a "nixos boot disk"
<__red__>
will that just "work" if I mkfs and mount on /mnt?
<__red__>
or do I have to do something else more specific ?
<clever>
__red__: as long as your not doing an efi install, you can just do a normal fdisk, mkfs, mount, nixos-generate-config, and nixos-install
<__red__>
thanks, appreciat eit
astronavt__ is now known as astronavt
drakonis has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @qolii opened pull request #49167 → eternal-terminal: enable darwin build. → https://git.io/fx9eB
xeji has quit [Ping timeout: 252 seconds]
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
#49168 (by nkaretnikov, 1 minute ago, open): Black window with gloss (a Haskell library) on Darwin, OpenGL not linked?
astronavt has quit [Quit: Leaving]
<jabranham>
adisbladis: oh. Well I guess there goes my plans of getting it setup over the weekend :-(
xeji has quit [Ping timeout: 245 seconds]
<catern>
jabranham: you could just check out the PR locally
<jabranham>
catern: true, but I'm trying to avoid compiling it myself. I imagine it'll take forever on a little raspberry pi.
goibhniu has quit [Ping timeout: 246 seconds]
<rycee>
LnL (IRC): Unfortunately I'm not at nixcon. I've been listening in on and off while working though. Very nice talks and I'm impressed by the stream production quality, really nicely made.
<jabranham>
adisbladis: thanks again for unbreaking it BTW :-)
<rycee>
Otherwise the readme. Not much more than that I'm afraid.
<pie__>
rycee, basically im wondering if there would be a point to trying to make something with git or overlayfs or somesuch to have a generated but mutable config that can be diffed and maybe merged later
<rycee>
pie__ (IRC): Seems to me the former would be very hard to accomplish, the second would be doable without too much trouble but I don't see the benefit over just changing the source file and doing a generation switch.
<pie__>
rycee, the former, i think xD
<pie__>
or, well, at the start probably the latter
<pie__>
i didnt think very hard about this
<{^_^}>
[nixpkgs] @uskudnik opened pull request #49170 → pythonPackages.aioprocessing: init at 1.0.1 → https://git.io/fx9Jr
<rycee>
But then you would have to parse the file, determine which parts where changed and connect these to changes to options within the HM module, figure out where the options actually were set taking into account the module merges and Nix expressions that produced the value, and finally figure out how to change the HM configuration so that evaluating it will produce an equivalent file in the end.
<rycee>
pie__ (IRC): Or maybe I'm misunderstanding the idea. The above sounds like an interesting PhD topic, though ;-)
nikivi has quit [Quit: ZNC is awesome]
<{^_^}>
[nixpkgs] @qolii opened pull request #49171 → RFC: hostapd: extend module to allow multiple APs. → https://git.io/fx9Uv
<rycee>
pie__ (IRC): I think in general something like that would be nice. Like for programs that you can configure through a GUI.
<lunik1>
Hi, what's the best way of moving a currently running nixos system to another hard drive? Can I do something like copy the config and basic tools across, chroot, build the system, and reboot?
patrl has joined #nixos
<pie__>
lunik1, you probably definitely need to have root remounted read only
<pie__>
which means youll probably have to close stuff and stop services
<catern>
clever: do you think it would make sense for there to be, somewhere in nixpkgs, a minimal kernel configuration which has everything needed compiled as a built-in? for kernel hacking
obadz has quit [Ping timeout: 246 seconds]
<pie__>
lunik1, well, idk if you can work around that somehow.
<{^_^}>
[nix] @dtzWill opened pull request #2487 → src/nix/local.mk: fix typos in names of symlinks → https://git.io/fx9Lp
<{^_^}>
[nix] @dtzWill opened pull request #2488 → remote-store.hh: ConnectionHandle is struct, minor fix warning → https://git.io/fx9tI
drakonis has joined #nixos
<capisce>
google chrome looks for some plugins in the /etc folder, what'd be the right way to provide such a plugin as a separate nix package? seeing as you can't put thing in etc unless it's a nixos module
drakonis1 has quit [Ping timeout: 245 seconds]
reinzelmann has quit [Quit: Leaving]
emily has joined #nixos
<{^_^}>
[nixops] @AmineChikhaoui merged pull request #1022 → Trap boto exception InvalidSpotInstanceRequestID.NotFound when allow_missing is True → https://git.io/fx8J7
<{^_^}>
[nixops] @AmineChikhaoui pushed 2 commits to master: https://git.io/fx9q4
<{^_^}>
[nixops] @AmineChikhaoui merged pull request #1002 → Make sure that the machine is UP before trying to destroy it in GCP → https://git.io/fAoHd
<{^_^}>
[nixops] @AmineChikhaoui pushed 2 commits to master: https://git.io/fx9qN
<{^_^}>
[nixpkgs] @dtzWill opened pull request #49177 → libgcrypt: 1.8.3 -> 1.8.4, drop included patch \o/ → https://git.io/fx9mY
<ottidmes>
after updating to 18.09 I saw perl and man giving me this warning: bin/man: can't set the locale; make sure $LC_* and $LANG are correct, i18n.defaultLocale is properly set and I indeed see this value back in $LANG, what do I need to add to my nixos config to fix these warnings?
<avn>
feep: not bad option. Most users anyway will have own settings in dotfiles
drakonis_ has joined #nixos
drakonis has quit [Read error: Connection reset by peer]
elgoosy has quit [Remote host closed the connection]
elgoosy has joined #nixos
romildo has joined #nixos
<romildo>
I am packaging a software which uses directories like /usr/bin/something extensively. Is it better to fix those paths with 1) substituteInPlace in nix derivation, 2) sed in nix derivation, 3) a patch file ?
<simpson>
substituteInPlace is pretty good if you need to change hardcoded paths to point to stuff in the Nix store.
xourt has joined #nixos
<simpson>
A patch file could be good if there's more generic changes that might be good to go upstream.
<symphorien>
a patch file has the advantage that when in the future the software changes where those paths appear in the source code, the patch will fail to apply whereas sed will just silently do nothing
<emily>
colemickens: trying out your sway-beta overlay, seems to be working okay so far, modulo expected levels of beta software bugginess ^_^
b1000101 has joined #nixos
vk3wtf has joined #nixos
drakonis has joined #nixos
<xourt>
symphorien: maybe. I didn't think as far yet ...
<xourt>
I just thought that it is a nice database
<xourt>
*dataset
<symphorien>
my system has 1752 nodes, 11658 edges, even without labels there is not much to "see"
<xourt>
how did you get this info?
<emily>
colemickens: although my scrolling in chrome is now crappy -- back to discrete increments rather than pixel-perfect scrolling :( I guess this is an xwayland issue
<symphorien>
xourt: https://github.com/symphorien/nix-du << this is a tool I develop which simplifes your store to make some information visible
<ottidmes>
akavel: I would go with (b) given those two, since `env bash` might point to a different bash version than $SHELL does
<akavel>
ottidmes: hmmm, makes sense, thanks! <3
cinimod has joined #nixos
kenshinCH has joined #nixos
<lassulus>
adamantium: slim is unmaintained, but apart from that there is no real issue with it. The question is, if security-issues are found, who is gonna fix them? I guess there needs to be fork of some kind, but afaik there is no known vulnerability to slim.
<akavel>
and actually now I see another advantage of using straight $SHELL: it's easy to change it to something different if someone would want so, by just temporarily redefining the variable. Cool!
<kenshinCH>
I modified pkgs.wrapProgram to makeWrapper, but now I get
<kenshinCH>
mv: cannot move '/nix/store/ljsi8zf8wsnlnqmd3fskgzvg1hvq80fi-emacs-with-packages-26.1/bin/emacs' to '/nix/store/ljsi8zf8wsnlnqmd3fskgzvg1hvq80fi-emacs-with-packages-26.1/bin/.emacs-wrapped': Permission denied
<ottidmes>
akavel: personally I would never try to merge shell scripts like you seem to be doing, what if the user uses some more exotic shell that does not comply with the subset of shells you assumed in your own code
<{^_^}>
[nixpkgs] @offlinehacker opened pull request #49194 → kubicorn: init at 4c7f3623 → https://git.io/fx90K
<{^_^}>
#45830 (by AmandaCameron, 8 weeks ago, open): powershell: Unable to use as a login shell
<symphorien>
akavel: nix-shell -p powershell I guess
<akavel>
boxscapeR: you could probably try: `nix-shell -p YOUR_EXTRA_PROGRAM --run "YOUR_SCRIPT --SOME_SECRET_PARAM"` so that the secret param triggers running some specific logic you need
<boxscapeR>
where `YOUR_SCRIPT` is also the file that this is in? Yeah, that could work
<akavel>
symphorien: re the issue, I suppose that's just some missing config in nixpkgs, the issue discussion seems to say so
<akavel>
I'm curious if for powershell it's also `powershell -c "some command"` to run a custom command
<symphorien>
the issue was just to show that even on unix people (at least try to) use powershell as a login shell
<akavel>
symphorien: sure, thanks; I'd never have imagined :D
<boxscapeR>
I'll take a look
<infinisil>
kenshinCH: Update to at least 18.09 (current stable) where wrapProgram is available
<akavel>
symphorien: also this reminded me of e.g. "rc" which is IIRC some Plan9 shell or something, there may also be some worshippers of that
<akavel>
symphorien: and probably it has some nonstandard invocation patterns, as Plan9 stuff likes to do
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<kenshinCH>
infinisil: I am on 18.09
<akavel>
symphorien: so, powershell seems actually very civilised, it apparently accepts the typical `-c "some commands"` option :)
<ottidmes>
kenshinCH: I guess wrapProgram is meant to be used during packaging and cannot be used after the fact, since it tries to move stuff around when wrapping.
<symphorien>
then I second the comment that you could feed the command to stdin
<akavel>
but then I cannot feed *stdin* to stdin :D
<symphorien>
hum right
<akavel>
XD
<symphorien>
never mind
<akavel>
yes, it caught me too :D
<akavel>
I'm kinda considering using /dev/shm for writing a temporary script, instead of `-c`
<akavel>
but then it's probably not very portable :)
<symphorien>
rather some fd
<akavel>
huuuuuuuuuuuuuuh
<akavel>
maaaaaaaaaaaybe you're right???
<akavel>
I mean fd3 or something?
<kenshinCH>
ottismes: actually sorry, I'll need a bit more context ^_^
<symphorien>
/proc/self/fd/42
camsbury has quit [Remote host closed the connection]
Itkovian has joined #nixos
<akavel>
hmm but how do I open this....
camsbury has joined #nixos
<symphorien>
with the pipe() system call
<ottidmes>
kenshinCH: well the point is to set a different PATH env variable for your custom emacs build, so I just do what I assumed wrapProgram does for you. I did assume you would add it to your environment.systemPackages, maybe that was unclear?
<akavel>
It's probably POSIX, so probably portable to *BSDs, right?
<kenshinCH>
ottidmes: I see! thanks
<akavel>
I'm not sure if Go makes this syscall available on all OSes, but I will try to check, certainly super interesting idea
<symphorien>
This starts to seem rather involved. Unless you find it fun to search for such things it seems more reasonable to just say "only shells which support -c are supported"
<akavel>
yep, exactly what I wanted to write
<akavel>
now here
<akavel>
looked, and didn't have because you wrote it :)
<akavel>
can be cool Idea for Future(tm)
<akavel>
symphorien: thanks a lot for your fine company in this exploration! :)
<akavel>
interestingly, even rc seems to support -c :D
<ottidmes>
akavel: if you can easily set the shell in your prog, those that do not support -c, should easily be wrapped so that they do
<symphorien>
according to man 3 system, -c is mandated by POSIX, fwiw
<akavel>
for shells?
<symphorien>
yes
<akavel>
hm! didn't know about man 3 system, now that's something notable to remember / TIL
<symphorien>
/bin/sh must implement it at least
<akavel>
ah no
<symphorien>
so it's not "just a weird convention"
zolk3ri has joined #nixos
<akavel>
I thought it's something else
<akavel>
so man claims sh must support it, but does it mean other's too?
<{^_^}>
[nixpkgs] @Infinisil merged pull request #48467 → szip: fix url (previous ftp is now private) → https://git.io/fxEnn
<adisbladis>
worldofpeace: An overlay doesn't sound like the right place for that
<pie_>
LnL, hey, you're listed as a maintainer for znc, might you add chroot functionality to the znc service?
erasmas has quit [Quit: leaving]
<worldofpeace>
adisbladis: like in the context of the overlay I'd like it to use a 'stable' nixpkgs
justbeingglad has quit [Quit: Leaving.]
catid has joined #nixos
kenshinCH has quit [Quit: Page closed]
<catid>
Hello! I'd like to be able to share Internet access with a NixOS linux machine that is on a private network, accessed over SSH. It seems like sshuttle would be a simple solution, but it does not work - It's trying to run iptables -t nat -N, but then iptables --list does not show the chain
TallerGhostWalt has quit [Ping timeout: 245 seconds]
camsbury has joined #nixos
<catid>
Maybe openvpn will work better?
<symphorien>
you can try ssh -D or ssh -w
<adisbladis>
worldofpeace: You could do that easily by importing a stable channel, either by adding a separate channel and importing that in the overlay or a git checkout
jperras has joined #nixos
jtojnar has joined #nixos
<catid>
ssh -D has been working, will look into -w
<worldofpeace>
adisbladis: I think I figured it out since I found that the mozilla overlay does similar to what I need
<{^_^}>
[nix] @layus opened pull request #2489 → Fix typo in local.mk → https://git.io/fx9rJ
<ottidmes>
catid: In my case I had to do port forwarding as well, and some of the machines were using Windows, I ended up using zerotier, which also replaced openvpn for me (which is much slower in my experience)
jperras has quit [Ping timeout: 264 seconds]
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<boxscapeR>
hm, is there a straightforward way to make sudo work as a nix dependency? When I put it in a bash script with the nix-shell shebang I get "sudo must be owned by uid 0 and have the setuid bit set". Not that it's hugely important, since it's quite unlikely that sudo isn't installed anyway
<pie_>
LnL, i mean so that services.znc is run in a chroot
<LnL>
sudo isn't allowed inside builds
<LnL>
pie_: I should, but I actually don't use the nixos service
<boxscapeR>
It's not actually a build, just a bash script
jsgrant[m] has joined #nixos
<mdash>
boxscapeR: what's the situation where you're using it?
<boxscapeR>
overwriting the configuration.nix file to set up a new system
<pie_>
LnL, what do you fo
<pie_>
do
<LnL>
I have a pre nix setup that I'm afraid to touch? :p
<pie_>
eheheheee
<pie_>
LnL, well then ;P *nudges gently*
<jsgrant[m]>
Okay ... I give up; Going all-in to NixOS.
* jsgrant[m]
has had like a half-dozen half-attempts over the years but am at a point now where it's just gonna/gotta happen. :^)
<ottidmes>
jsgrant[m]: its not without its struggles, but if you get productive on NixOS, you will never want to go back (honestly, there might be moments you want to, but when you start to think about what you have to give up going back, convinced me to stay so far)
<pie_>
nevermind xD i got confused between my branches and had a rebase i forgot
<pie_>
aaaand i think i just killed the vpn again. sigh.
jperras has joined #nixos
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<bpye>
I've ended up with a couple more queries, is there any real support for net booting NixOS? I'd be tempted to try this with a Raspberry Pi 3 to avoid the unreliable and slow flash storage and secondly, when managing NixOS with NixOps is there any good way to setup auto updates, it'd be nice to at least have security critical patches applied even wit
<bpye>
hout deploying through NixOps again
<{^_^}>
[nixpkgs] @markuskowa opened pull request #49199 → scalapack: switch to openblas and add test → https://git.io/fx9oJ
<ottidmes>
bpye: I have a few machines I manage with nixops sometimes, and sometimes directly, that works fine, just make sure you get the generated public key (by nixops) persistent, otherwise it will be gone from the authorized keys after a local nixos-rebuild
<Arahael>
My first error in nixos: rm: cannot remove '/nix/store/5ly176zwljiqq589625lcr0k990bg26c-dwarf-fortress-env-0.44.12/data/init/init.txt': Permission denied
camsbury has quit [Quit: Leaving...]
<Arahael>
I'm trying to nix-env -i dwarf fortress as a user.
<Arahael>
That file - somehow - is indeed owned by root.root
<Arahael>
So what just happened there? (And how do I fix it?)
<Arahael>
Hmm, ok. So I guess it's closed, and thus, probably fixed? (But probably not in the stable channel I'm in?)
jluttine has quit [Ping timeout: 246 seconds]
<Arahael>
Simplest workaround I'm guessing is to add it to the system configuration file and let root do the nixos-rebuild?
<{^_^}>
[nix] @layus opened pull request #2491 → Simplify handling of extra '}' → https://git.io/fx9KY
b1000101 has quit [Ping timeout: 256 seconds]
<ottidmes>
Arahael: yeah, I have a pkgs folder in config folder with an overlay, and when I have such a situation, I just copy over the package file and reference it in the overlay
<adamantium>
Can someone tell me: easiest way to setup a stupid-simple haskell develop environment(for learning the language) using nixos?
<adamantium>
I google, and it seems like everyone is doing it differently. I just wanted to play with it, try and learn some things.
<ottidmes>
Arahael: if you want more details, just ask
<ottidmes>
adamantium: I can give you something that works well, but I am quite clear its not the "right way" to do it
<adamantium>
ottidmes: perhaps i want to do his so-called "workflow 1", and consider the second way later.
jsgrant has joined #nixos
<ottidmes>
adamantium: I haven't looked at them in depth myself, but assuming workflow 2 is more involved to setup properly, that seems like a good strategy :)
<adamantium>
ty
<Arahael>
ottidmes: That's a little byond me today, I've only just started using nixos!
<Arahael>
ottidmes: I'll ask another time :)
<ottidmes>
Arahael: its actually not that scary
pie__ has joined #nixos
<Arahael>
ottidmes: The issue is the time and energy, and I don't feel like dev this morning.
<Arahael>
ottidmes: I could bookmark a link if you already have instructions written down, though - I might do it this afternoon.
<ottidmes>
Arahael: /etc/nixos/configuration.nix is system wide and ~/.config/nixpkgs/config.nix is user specific, and nixpkgs.overlays is an option that overlays the nixpkgs given to the system wide configuration
<Arahael>
ottidmes: So overlays are a thing that user-specific configurations don't have?