<feep>
how do I set that user account up so that it uses the system channel list but can install its own user packages?
<colemickens>
unfortunately all that I've found so far are overlays themselves, rather than consuming the overlay.
<clever>
feep: ~/.nix-defexpr/ is to blame
<colemickens>
I think I'm doing something else wrong anyway, it's not working when I symlink the overlay into an overlays/ directory, so something else must be afoot
<feep>
clever: sounds right, it symlinks to /nix/var/nix/profiles/per-user/feep/channels
<clever>
feep: re-running nix-channel --update or sourcing nix.sh may fix it
<clever>
feep: a subdir of it should symlink there
<clever>
feep: and that must have channels within it
<hyperfekt>
colemickens: oooh, i missed the s, sorry about that.
<feep>
clever: (how) can I make it use the system's channels?
<colemickens>
hyperfekt: well, I was originally looking for overlay.nix, as in ~/.config/nixpkgs/overlays.nix, but I've decided ~/.config/nixpkgs/overlays/<symlinks> is better anyway. But both should work as I understand the docs and wiki.
<clever>
feep: when on a multi-user install, it will also have a channels_root pointing to roots channels
<feep>
aah
<feep>
well, it doesn't, so lemme add that
<colemickens>
I prefer to not add it to the PATH for this example usage I'm putting together. According to the wiki it's not necessary.
<colemickens>
(In this case, I'm tryin to test my overlay on Nix on Ubuntu)
<hyperfekt>
oh, okay then. :)
<feep>
clever: NOW it works!
sigmundv has joined #nixos
dbmikus__ has joined #nixos
drakonis_ has quit [Ping timeout: 252 seconds]
coconnor has joined #nixos
<{^_^}>
[nixpkgs] @samueldr merged pull request #49328 → [18.09] installation-device: set GC initial heap size to 1MB → https://git.io/fxHQa
<{^_^}>
[nixpkgs] @samueldr pushed 2 commits to release-18.09: https://git.io/fpv3I
Rusty1 has joined #nixos
sigmundv__ has joined #nixos
oldandwise has quit [Quit: leaving]
Peetz0r has quit [Ping timeout: 252 seconds]
stepcut has joined #nixos
Peetz0r has joined #nixos
Peetz0r has quit [Client Quit]
<stepcut>
I am trying to use the --substituters ssh-ng://user@host option with nix-build but it fails with error: cannot open connection to remote store 'ssh-ng://user@host': unexpected end-of-file. ssh:// is no better. If I try a normal 'ssh user@host' I can connect fine without a password. Any idea how to get more info about why it is failing?
carlosdagos has joined #nixos
Peetz0r has joined #nixos
judson has quit [Ping timeout: 252 seconds]
<clever>
stepcut: what happens if you run `ssh user@host nix-store --version` ?
jasongrossman has quit [Ping timeout: 244 seconds]
<stepcut>
ah.. I get, bash: nix-store: command not found, probably because the nix installer puts the stuff where it is only read real login session but not an ssh connection :-/
<clever>
stepcut: .bashrc vs .bash_profile, its not adding .nix-profile/bin to PATH for non-interactive sessions, a common issue
<clever>
stepcut: try playing with those files until it works
ddellacosta has quit [Ping timeout: 268 seconds]
Rusty1 has quit [Quit: Konversation terminated!]
<stepcut>
clever: I remember this now -- there is a line at the top of the .bashrc that immediately exits for non-interactive shells
sb0 has quit [Ping timeout: 252 seconds]
<stepcut>
so now, ssh user@host 'nix-store --version', works, but the substituter still fails. The ssh-ng:// says error: cannot open connection to remote store 'ssh-ng://user@host': unexpected end-of-file and ssh:// says error: cannot connect to user@host
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fpvsx
<{^_^}>
[nixpkgs] @braydenjw opened pull request #49813 → gucci: init at 0.1.0 → https://git.io/fpvGe
buckley310 has quit [Quit: Bye]
<stepcut>
clever: alas, I am not seeing anything of use in the output. :-/
<clever>
stepcut: and then read the logfiles for where it makes the ssh session
aleph- has joined #nixos
sanscoeur has quit [Remote host closed the connection]
pareidolia has quit [Ping timeout: 240 seconds]
sb0 has joined #nixos
<stepcut>
clever: yeah -- I don't actually see it trying to invoke ssh. Perhaps because this is a multi-user install and so the nix-daemon would actually be making the call? nix-build is able to use my ssh-agent for the connection -- but perhaps this is not using the same mechanisms to find my ssh-agent information..
<stepcut>
specifically, fetchgitPrivate works even though this is not
<clever>
stepcut: strace needs -f to detect the ssh attempts
<stepcut>
even with -f I don't see the ssh attempts. But I do see, "20073 read(3, "POTS\0\0\0\0\0\0\0\0g\30\0\0ptxc\0\0\0\0_\0\0\0\0\0\0\0cannot open connection to remote store 'ssh-ng://user@host': unexpected end-of-file\0\1\0\0\0\0\0\0\0", 32768) = 136" and then a few lines later, 20073 write(2, "\33[31;1merror:\33[0m cannot open connection to remote store 'ssh-ng://user@host': unexpected end-of-file\n", 114) = 114
<stepcut>
which is why I am thinking the actual ssh attempt is made by nix-daemon and not the nix-build command itself
<clever>
stepcut: yep, now `strace -ff -o logfiles -p <pid>` with the pid of the current nix-daemon, and then run a single build, and ctrl+c the strace
lassulus_ has joined #nixos
<stepcut>
clever: ok. So it seems to be trying to use the /root/.ssh directory instead of the stuff set in NIX_PATH
<clever>
stepcut: ssh-ng:// just runs ssh directly, and doesnt care about NIX_PATH
<clever>
fetchGitPrivate is the only thing that uses NIX_PATH like that
sigmundv__ has quit [Ping timeout: 252 seconds]
<stepcut>
clever: so for a multi-user system, nix-daemon needs to be able to use the sshkeys from the root user for authentication? makes using ssh-agent tricky I think
sigmundv has quit [Ping timeout: 268 seconds]
lassulus has quit [Ping timeout: 245 seconds]
lassulus_ is now known as lassulus
<clever>
stepcut: you might get away with setting SSH_AUTH_SOCK correctly for the nix-daemon service
<clever>
stepcut: oh, there is also `nix ping-store --store ssh-ng://...` to test any given store uri
<stepcut>
hmm. The ?ssh-key option doesn't help because I don't actually have my keys on the machine. They only exist on my laptop and are used on the build machine via ssh-agent
<thomasjm>
clever: follow-up question from before, about initializing Nix after building from source. after doing "nix-env -f ~/tools/nixpkgs -i [something]" I have a working nix profile, but I'm still having trouble with channels. if I do "nix-channel --update" I get "error: path '/nix/store/p9b...-nixpkgs-unstable' is not in the Nix store". It seems to expect a specific nixpkgs-unstable to exist in the store. How do I bootstrap this--am I meant
<thomasjm>
to use nix-env to install nixpkgs into the new system?
steshaw has joined #nixos
<clever>
thomasjm: behind the scenes, nix-channel will use nix-env for you, to manage the channels
<stepcut>
I think, though, that I just need to break down and add some keys for the root user -- because I am going to run into the same problems when I try to enable distributed builds via /etc/nix/machines
<clever>
thomasjm: can you pastebin the whole output from `nix-channel --list ; nix-channel --update` ?
<thomasjm>
error: path '/nix/store/p9bczv4dp4yk8qp9pq5sdvh56pl3hxyd-nixpkgs-unstable' is not in the Nix store"
<clever>
thomasjm: did you modify what path /nix is at?
<thomasjm>
i should mention that I configured this with "./configure --with-store-dir=/nix_frozen/store --localstatedir=/nix_frozen/var"
<thomasjm>
yes
<clever>
thomasjm: nix-channel likely hasnt been tested with that, let me see
romanofskiWork has quit [Ping timeout: 245 seconds]
<ottidmes>
I see a few IP addresses attempt to connect to SSH quite often, they keep failing on preauth though, I probably should install something like fail2ban, is that the best or do people recommend other software for this (banning bot/hacker IPs)?
<clever>
ottidmes: i just configure ssh to never accept passwords
<clever>
good luck guessing a 2048bit keypair!
<ottidmes>
clever: I do too
<clever>
thomasjm: what about `type nix-channel ; nix-channel -vvvvvvv --update` ?
<ottidmes>
clever: I even use 4096bit keypairs
hyperfekt has quit [Ping timeout: 256 seconds]
<ottidmes>
clever: for RSA at least
<clever>
ottidmes: the universe will die before your key is cracked, it will be faster if we get a rubber hose :P
<clever>
ottidmes: your even using the same keysize and type as the comic! :D
<ottidmes>
clever: but still, I see the same IPs trying every so often, should I not ban them from even trying (and filling up my logs with a bunch of attempts every so often)
<thomasjm>
clever: "nix-channel is /home/tom/tools/nix_build/bin/nix-channel
<clever>
thomasjm: definitely looks like nix-channel is broken when using non-standard storepaths, youll need to file a bug on nix itself
<clever>
thomasjm: oh wait, was nix previously used on this, without that change?
<thomasjm>
clever: yes, i had a normal install using the install script before (although i thought i removed it totally)
<ottidmes>
clever: but I take from this that you do not use something like fail2ban?
<clever>
thomasjm: i think the cache is to blame here, different bug, what is the contents of ls -lh home/tom/.cache/nix/tarballs/071qfgdy82dkn58wqsv1ri3zlch4amvvfgn5vmwh9fvb4spcv18y-file
<clever>
ottidmes: i sometimes do, but it has been broken on nixos at times
<clever>
thomasjm: you missed ~/.cache/nix/ which is pointing into /nix/store/
<clever>
thomasjm: and nix then complains that those /nix/store/ paths dont exist
<thomasjm>
got it -- yes it's a broken symlink pointing at the nixpkgs-unstable path in question
romanofskiWork has joined #nixos
<clever>
thomasjm: so thats a different bug, but should still be filed to nix
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
<{^_^}>
[nixpkgs] @aanderse opened pull request #49814 → gitea: fix mysql issue, add mysql socket auth, and add a nixos test → https://git.io/fpvnL
<thomasjm>
clever: okay, i'll file it if you like -- what is the desired behavior exactly? seems like my fault for having a half-removed installation
<clever>
thomasjm: it should detect that some "invalid" storepaths are in the cache, and just ignore the cache
<stepcut>
clever: I think I need to start nix-daemon using ssh-agent -- and then someone with root access can call ssh-add to add the keys :-/
<thomasjm>
okay, i'll file -- thanks again for your help!
dtz has quit [Ping timeout: 250 seconds]
WilliamHamilton[ has quit [Ping timeout: 252 seconds]
slabity has quit [Ping timeout: 264 seconds]
leons has quit [Ping timeout: 264 seconds]
yangm97 has quit [Ping timeout: 264 seconds]
Ericson2314 has quit [Ping timeout: 264 seconds]
rycee has quit [Ping timeout: 252 seconds]
tokudan[m] has quit [Ping timeout: 252 seconds]
nyanloutre[m] has quit [Ping timeout: 252 seconds]
timclassic has quit [Ping timeout: 250 seconds]
roberth has quit [Ping timeout: 250 seconds]
sphalerit has quit [Ping timeout: 250 seconds]
Mikaela- has quit [Ping timeout: 250 seconds]
thefloweringash has quit [Ping timeout: 250 seconds]
cornu has quit [Ping timeout: 250 seconds]
MarkOtaris has quit [Ping timeout: 276 seconds]
<clever>
stepcut: in my case, i'm using gpg-agent for my ssh agent, and its socket is at a predictable place, so its a bit simpler if i wanted to do that
clacke[m] has quit [Ping timeout: 252 seconds]
yegortimoshenko has quit [Ping timeout: 260 seconds]
billsun has quit [Ping timeout: 260 seconds]
exarkun2 has quit [Ping timeout: 260 seconds]
bennofs[m] has quit [Ping timeout: 260 seconds]
<clever>
stepcut: but i already have unencrypted keys for build slaves
stammon has quit [Ping timeout: 264 seconds]
thc202 has quit [Ping timeout: 250 seconds]
schmittlauch[m] has quit [Ping timeout: 250 seconds]
ejpcmac has quit [Ping timeout: 250 seconds]
Ralith has quit [Ping timeout: 252 seconds]
florianjacob has quit [Ping timeout: 264 seconds]
bachp has quit [Ping timeout: 264 seconds]
rnhmjoj[m] has quit [Ping timeout: 276 seconds]
ysndr_ has quit [Ping timeout: 276 seconds]
koschei[m] has quit [Ping timeout: 276 seconds]
simbergm has quit [Ping timeout: 252 seconds]
ptotter[m] has quit [Ping timeout: 252 seconds]
Purple-mx has quit [Ping timeout: 264 seconds]
fgaz has quit [Ping timeout: 264 seconds]
<stepcut>
clever: I am not wild about unencrypted keys :-/
vasiliy_san has joined #nixos
nikivi has quit [Quit: ZNC is awesome]
emerson has quit [Remote host closed the connection]
maximiliantagher has quit [Ping timeout: 252 seconds]
Supersonic has quit [Disconnected by services]
Supersonic112 has joined #nixos
Supersonic112 is now known as Supersonic
emerson has joined #nixos
<colemickens>
I have a package that I want to run on nixpkgs on Ubuntu, but it needs to be suid. It doesn't need to be on NixOS though, due to logind.
<colemickens>
Is there an easy way to accomplish this without needing to patch the package to toggle setting suid in certain cases?
nikivi has joined #nixos
<clever>
colemickens: nix doesnt allow setuid files in /nix/store/
<colemickens>
are there wrappers that work in nixpkgs on non-nixos, like there are for nixos?
<clever>
all setuid stuff is handled by wrappers made in /run/wrappers/bin/ when nixos boots
<colemickens>
or do you have other suggestions/workarounds?
<clever>
but there is nothing setup to run something from nix, as root, when the machine boots
<clever>
so setuid just doesnt work outside of nixos
<colemickens>
I guess I can make my own suid wrapper
<clever>
yeah
<clever>
you could look at how the nixos ones work, and maybe reuse them
<colemickens>
Hm. I mean, there's logind in ubuntu, maybe this should be working a different way
<colemickens>
whoa, it works. nixGL + sway under X11 in ubuntu.
<colemickens>
:O
vasiliy_san has quit [Read error: Connection timed out]
vasiliy_san has joined #nixos
<colemickens>
whoa, and working natively too
<clever>
nice
thomasjm has left #nixos ["ERC (IRC client for Emacs 25.2.2)"]
romanofskiWork has quit [Ping timeout: 268 seconds]
o1lo01ol1o has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
maximiliantagher has quit [Ping timeout: 244 seconds]
badmutex has quit [Read error: Connection reset by peer]
badmutex has joined #nixos
badmutex has quit [Ping timeout: 268 seconds]
peterHK has joined #nixos
o1lo01ol1o has quit [Read error: Connection timed out]
badmutex has joined #nixos
lionello has joined #nixos
o1lo01ol1o has joined #nixos
sanscoeur has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
sanscoeur has joined #nixos
badmutex has quit [Ping timeout: 272 seconds]
WizBright has joined #nixos
vk3wtf has quit [Ping timeout: 252 seconds]
badmutex has joined #nixos
Lisanna has joined #nixos
o1lo01ol1o has quit [Ping timeout: 260 seconds]
<peterHK>
I had this awesome colleague, i enjoyed working with him and he helped a lot introducing nix into the company. We also setup a nice gitlab-runner, but because of reasons we had to move it to AWS - he was using nixops for that. He recently left and i can not find the nixops code and the old machine with the initial nixos setup got purged :( I know he is active here, so please contact me (email?) :) PS: We miss you! :heart:
maximiliantagher has quit [Remote host closed the connection]
sushi_ has joined #nixos
maximiliantagher has joined #nixos
maximiliantagher has quit [Ping timeout: 246 seconds]
crmlt has joined #nixos
peterHK has quit [Ping timeout: 256 seconds]
hyper_ch2 has joined #nixos
o1lo01ol1o has quit [Ping timeout: 276 seconds]
maximiliantagher has joined #nixos
jbgi has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
Ariakenom has quit [Quit: Leaving]
peterHK has joined #nixos
crmlt has quit [Ping timeout: 268 seconds]
jbgi has quit [Ping timeout: 252 seconds]
<dmj`>
Can anyone recommend an nvidia desktop graphics card that is known to work with the latest nixos?
dmc has quit [Ping timeout: 240 seconds]
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
<etu>
dmj`: Should be pretty much most of them?
<dmj`>
etu: Are you using nixos and nvidia ?
<etu>
Are you planning on using the free or non-free driver?
<dmj`>
etu: proprietary if it works
<etu>
Well, yeah. I do on one system. But the nvidia-drivers are sometimes quite buggy etc. But that's nvidia-drivers overall on Linux not so much nixos fault.
<dmj`>
yea, I just need something that works reliably, and is nvidia
<MasseR>
Or rather '{haskellPackages}: haskellPackages.callCabal2nix "asd" ./. {}' which is then imported from another file with pinned haskellPackages
<srhb>
Right right.. One moment.
erictapen has quit [Ping timeout: 268 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « git-annex: update sha256 hash for new version 7.20181105 »: https://git.io/fpvwY
<{^_^}>
[nixpkgs] @Mic92 pushed commit from @arromer to master « nodePackages.ttf2eot: init at 2.0.0 »: https://git.io/fpvws
<Lisanna>
,locate bin readelf
<{^_^}>
Found in packages: binutils-unwrapped
sushi_ has joined #nixos
<srhb>
MasseR: Looks like it might just go in the .data output
<MasseR>
Hmm?
<srhb>
MasseR: I create the obvious callCabal2nix wrapper in my project and nix-build . -A data
<MasseR>
By ".data" you mean the data section in the binary?
<MasseR>
As in the full data of the file is included there or the path to the file?
<srhb>
MasseR: I mean it contains all the entries in data-files: ... :)
<MasseR>
Right, I originally had the data-files section in the wrong place, the app erroring out because the data file didn't exist. I moved the section to the correct location, but didn't try *running* the app, only checked that the file didn't exist in the same closure as the binary
<srhb>
MasseR: same output* -- yeah :)
<srhb>
(I suppose both are true though)
<srhb>
The _closure_ is exactly what you get from nix-store -qR on the binary. So the entire data output should be present there iff the app references the path
<srhb>
ie. with getDataFileName
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<Guillaum>
I'm surprised to observe that `haskellPackage.developPackage` need to fetch something everytime I'm changing the `.cabal` file inside my directory, even to change a comment. Is that normal?
<Guillaum>
srhb: I wonder, because the job done by this call is really small and is done every time you build / nix-shell a project using this function. Most of the time that's a cache miss and a lot of time that's a "broken" nix-shell when you are working without network.
<Guanin>
Hi, I'm trying to install/package Xilinx Vivado, and stumbled across https://github.com/lukaslaobeyer/nix-fpgapkgs (which I changed to the newest version). Sadly, the tarball is ~18GB, so when I want to install the package, I get "nix daemon out of memory". I then found https://github.com/NixOS/nix/issues/1969#issuecomment-377465503 but using nix-prefetch-url freezes my system (probably swapping/out of memory? My system has 24GB RAM
<Guanin>
and 24GB swap)
<{^_^}>
[nixpkgs] @Mic92 merged pull request #49354 → filesystems: escape spaces in fstab with \040 → https://git.io/fxQY4
<elvishjerricco>
srhb: TIL about nix-fallback-paths. What is that?
<srhb>
elvishjerricco: I believe it's used by nixos-rebuild switch among others to get a known-working nix
<symphorien>
if for some reason nixos-rebuild switch can't build nix, it will use this nix
<elvishjerricco>
Interesting.
<elvishjerricco>
Kinda surprised it doesn't just fallback to the local install instead of what's in nixpkgs.
<srhb>
It does, first.
<elvishjerricco>
oh
<elvishjerricco>
heh
<srhb>
It's something like.. Put nix from the version of which nixos-rebuild was installed on path.. Use that to build nixos-rebuild (and thus nix) from nixpkgs.. If that fails(?) fallback. Not quite sure on the last step
<joko>
NixOps is cool, but I still struggle using it
<srhb>
I think there's an obvious TODO:... in the source code that you can easily cargo cult an rm into :D
<joko>
NixOS has channels and machines could get updated automatically, even rebooted
<srhb>
joko: I seldom want that.
<joko>
I have yet to "automate" NixOps deployments
lionello has joined #nixos
crmlt has quit [Ping timeout: 252 seconds]
vidbina_ has quit [Ping timeout: 252 seconds]
<elvishjerricco>
srhb: I don't think so. Any given deployment doesn't know what keys the last deployment made.
<elvishjerricco>
You can infer if they're all in /run/keys, but that's risky and doesn't include keys with different destDirs
<srhb>
elvishjerricco: Why not just nuke them all?
<elvishjerricco>
I want something like the /etc/static solution
<srhb>
Right.
<elvishjerricco>
srhb: Well again, doesn't cover the keys in other destDirs. But also there's no reason to believe that /run/keys is used for nothing else
sushi_ has quit [Ping timeout: 272 seconds]
<srhb>
Ah, true enough. I've never used it for anything else though..
Guanin has quit [Remote host closed the connection]
<elvishjerricco>
Me either :P But I do use alternative destDirs quite often
Guanin has joined #nixos
<srhb>
I prefer patching things ad-hoc to look in /run/keys for exactly this reason.. But it is a bit brittle, admittedly.
<TweyII>
Oh no, I'm just an idiot
<elvishjerricco>
srhb: What I'd really like is some kind of deployable key-store and services for reading from it.
<srhb>
elvishjerricco: Yeah. What I did at $oldjob was essentially delegate all this to vault and friends
o1lo01ol1o has quit [Ping timeout: 250 seconds]
lionello has quit [Ping timeout: 252 seconds]
<srhb>
Tell it declaratively which keys it needs to get, and leave it up to the daemon to actually get them
<elvishjerricco>
Yea vault is a good answer. Maybe I'll move toward stuff like that
<srhb>
elvishjerricco: None of the solutions are really awesome (envconsul and friends...) but it should be pretty easy to make a better one.
<srhb>
When basically, you just want to tell it "watch this secret, restart this service on change"
<elvishjerricco>
srhb: The fact that we often have to use environment variables for secrets is distressing to me :P
joehh has quit [Ping timeout: 252 seconds]
locallycompact has quit [Remote host closed the connection]
sushi_ has joined #nixos
<srhb>
elvishjerricco: Right, but for many (but not all) systemd jobs, it's a really nice way of injecting in the secrets and sidestepping the store/template config problem
erictapen has joined #nixos
erictapen has quit [Ping timeout: 240 seconds]
<azazel>
hi all there's no way to customize where the keys specified with NixOps' deployment.keys are saved?
blackpant has joined #nixos
Guanin has quit [Ping timeout: 252 seconds]
Guanin has joined #nixos
sushi_ has quit [Ping timeout: 240 seconds]
Niall_ has quit [Quit: leaving]
blackpant has quit [Quit: WeeChat 1.4]
vk3wtf has joined #nixos
<azazel>
the fact that they aren't permanently saved surely increases their security, but having a server that needs human intervention to reboot properly is a no-go either
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
fendor has quit [Read error: Connection reset by peer]
Itkovian has joined #nixos
<Guanin>
joko, I tried your approach and so far I made progress :) It is unpacking right now and I was able to add the .tar.gz to the store with nix-store :)
fendor has joined #nixos
<joko>
Guanin: cool!
ThatDocsLady has quit [Quit: Leaving]
o1lo01ol1o has joined #nixos
erictapen has joined #nixos
civodul has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fpv7n
EarlDeLaWarr has quit [Ping timeout: 250 seconds]
iyzsong has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Itkovian has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed 3 commits to haskell-updates: https://git.io/fpv7j
orivej has quit [Remote host closed the connection]
orivej has joined #nixos
Guanin has quit [Ping timeout: 260 seconds]
erictapen has quit [Ping timeout: 252 seconds]
hyper_ch2 has joined #nixos
o1lo01ol1o has quit [Ping timeout: 276 seconds]
magnetop` has joined #nixos
steshaw has quit [Quit: Connection closed for inactivity]
<magnetop`>
I'm trying to package a script that transpiles some code to rust, and then builds it with cargo. It needs an external dependency, which I have given, but ld doesn't find it. I have set LD_LIBRARY_PATH in a wrapper. What else can I try?
<mmercier>
Hi! Does anyone knows what the {memory:0} means in the `nix-store --gc --print-roots` output?
sb0 has quit [Ping timeout: 240 seconds]
<mmercier>
I'm trying to clean a docker image based on nix and a lot of garbage are not collected because of these {memory} pointers
rodgort has quit [Quit: Leaving]
ivan has quit [Quit: lp0 on fire]
<symphorien>
mmercier: some process has opened the corresponding store path with mmap for example
<TweyIII>
mmercier: The number is meaningless
<mmercier>
thx symphorien and TweyIII :)
<mmercier>
is there a way to clean this?
lukego has joined #nixos
<lukego>
Is there an easy way to build a musl-static executable using upstream nixpkgs? How would it look? (Seems like just switching to muslCross.stdenv.mkDerivation doesn't work?)
badmutex has quit [Remote host closed the connection]
badmutex has joined #nixos
<samueldr>
rebooting might be the easier way, mmercier, it could be stuff from the system initially present at boot if you rebuilt.
<mmercier>
the problem is: it's a docker image so it's not bootable
<{^_^}>
[nixpkgs] @shlevy pushed commit from Shea Levy to master « linux-riscv: Remove. »: https://git.io/fpfJ9
reinzelmann has quit [Quit: Leaving]
<betaboon>
symphorien: how would that work ?
<symphorien>
can you expand on what you want ?
<lukego>
(Reading the cross-compiling docs rather than nixpkgs sources now, making it a bit clearer)
fendor_ has quit [Ping timeout: 240 seconds]
<sphalerite>
~Is there a way to enter a shell for a systemd service? i.e. apply all the env vars, ideally also the privilege and namespacing stuff, but drop into a shell rather than running the service's ExecStart?
<sphalerite>
betaboon: foldl recursiveUpdate {} ?
<sphalerite>
(although I always forget the order of the args for a fold)
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
lostman has quit [Quit: Connection closed for inactivity]
maximiliantagher has quit [Ping timeout: 252 seconds]
<tathougies>
So my laptop cracked in half (don't ask). Luckily hard drive is all good and my nixos partition is there.
badmutex has joined #nixos
<tathougies>
I'm getting a new one. I believe I should be able to copy the contents of the hard disk over fully to the new computer and run the activation script to boot into my old system on a new machine. Is that right?
<tathougies>
Second question. Suppose I don't want to do that, and just want to copy over /etc/nixos/configuration.nix. I have a lot of custom set up that involves custom compiling, which I *really* don't want to sit through again. Can I get nix to use the old nix store, to copy what it needs. Is that better than copying the entire old drive?
<tathougies>
clever: :(
<clever>
tathougies: if you just clone the entire thing with dd or ddrescue, then it should just boot
<tathougies>
hmm… would I need to make sure partition sizes are the same? I guess yeah, right?
<tathougies>
that may be the best solution
<tathougies>
also the easiest
<sphalerite>
tathougies: you can use `nix copy` to copy store paths from one to the other
<clever>
tathougies: if you just dd the entire disk (sda -> sdb for ex), it will also clone the partition tables for you
mrArkwright has quit [Ping timeout: 264 seconds]
<clever>
nix copy can also be used, but then all non-nix data (including configuration.nix and $HOME) wont be copied
<tathougies>
i'm not getting the exact same machine though
<tathougies>
is there any way to use the disk as a binary cache?
<clever>
as long as the drive is equal or bigger, you can just clone the disk, thats the simplest one
<tathougies>
I have several custom cross compiling tool chains that I really don't want to have to sit through, but I also have a lot of old cruft in my nix store that isn't worth copying
<sphalerite>
I have a thinkpad dock, and when I dock my laptop the extra outputs don't show up in xrandr. The odd thing is, they did until today. I've returned a previous dock because of this issue, but am starting to think it might be a software problem after all. Any suggestions for what I could try?
<sphalerite>
I had the problem yesterday, and changing to a tty and back to X made the outputs show up, but that's not doing the trick today.
drakonis_ has quit [Read error: Connection reset by peer]
<joko>
sphalerite: have you updated any firmware, the Linux kernel?
<Rusty1>
firmware up to date?
<hodapp>
huh, I use xrandr with a Thinkpad dock but not sure if I have any ideas
<hodapp>
but this dock is flaky. sometimes I have to un-dock the laptop, power-cycle the dock, and dock the laptop again in order for USB devices to appear
<{^_^}>
[nixpkgs] @Mic92 merged pull request #49780 → coqPackages.ssreflect: refactor choice of source version → https://git.io/fxjjl
<sphalerite>
joko: Rusty1: I'll try a firmware update, thanks for the suggestion
waleee has joined #nixos
<wirew0rm>
sphalerite: I have an Nvidia optimus dual graphics Thinkpad, i sometimes have to fiddle with xrandr's --*providers settings to get all outputs working...
maximiliantagher has joined #nixos
endformationage has joined #nixos
jperras_ has joined #nixos
<ottidmes>
azazel: thanks for the info, I will look into it, but I am using a very popular SSD and its mostly so that if it gets stolen, they wont have easy access, and for that I hope it is enough, keyword being easy, I have no reason to believe I would ever be targeted by some thief that is tech savy enough to workaround a sloppy SSD hardware encryption implementation
jperras has quit [Ping timeout: 264 seconds]
sg2002 has joined #nixos
Synthetica has joined #nixos
<Synthetica>
Is there documentation on the difference between staging and staging-next?
maximiliantagher has quit [Ping timeout: 252 seconds]
tathougies has quit [Quit: Leaving.]
mrArkwright has quit [Quit: mrArkwright]
kai_w has joined #nixos
kai_w has quit [Client Quit]
kai_w has joined #nixos
kai_w has quit [Client Quit]
kai_w has joined #nixos
jperras_ is now known as jperras
sigmundv has quit [Ping timeout: 252 seconds]
kai_w has quit [Client Quit]
erictapen has quit [Ping timeout: 268 seconds]
kai_w has joined #nixos
badmutex has quit [Remote host closed the connection]
badmutex has joined #nixos
<{^_^}>
[nixpkgs] @Mic92 merged pull request #49815 → vimPlugins: vim-go: make gocode, gocode-mod and keyify available to it → https://git.io/fpvBl
<sg2002>
Hello. I've been trying to update nixos from 17.09 to 18.09 for like a week. It's an old 32 bit machine and it seems like there's quite some stuff that's missing in the binary cache. So, one of the errors I get is that it fails to download some archive from cache.nixos.org. I've tried downloading it manually it seems to be ok. Would it work if I download it manually and store as it is done with jdk?
<{^_^}>
[nixpkgs] @FRidh closed pull request #49810 → pelican: markdown is needed at runtime → https://git.io/fpvmW
<jgt>
if I build a nix package with `nix-build`, how do I "install" the result in my environment?
zolk3ri has joined #nixos
Church- has joined #nixos
<LnL>
you can install the resulting store path directly with eg. nix-env -i /nix/store/....
hyper_ch2 has quit [Ping timeout: 256 seconds]
<jgt>
LnL: Ah, thanks. Right when you said it I realised I can do nix-env -i ./result
<LnL>
yep that also works
jgt has quit [Quit: WeeChat 2.3]
erasmas has joined #nixos
das_j has quit [Remote host closed the connection]
oida has joined #nixos
das_j has joined #nixos
sg2002 has joined #nixos
crmlt has joined #nixos
joncfoo has quit [Ping timeout: 260 seconds]
badmutex has quit [Read error: Connection reset by peer]
badmutex has joined #nixos
cinimod has quit [Ping timeout: 245 seconds]
Izorkin has quit [Ping timeout: 268 seconds]
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
maximiliantagher has joined #nixos
joncfoo has joined #nixos
Tucky has quit [Quit: WeeChat 2.2]
slabity has joined #nixos
maximiliantagher has quit [Ping timeout: 272 seconds]
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos
drakonis has quit [Read error: Connection reset by peer]
maximiliantagher has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
drakonis has joined #nixos
Ariakenom has quit [Ping timeout: 268 seconds]
maximiliantagher has joined #nixos
norfumpit has quit [Ping timeout: 252 seconds]
pikajude has quit [Ping timeout: 252 seconds]
Izorkin has joined #nixos
badmutex has quit [Ping timeout: 268 seconds]
badmutex has joined #nixos
badmutex has quit [Read error: Connection reset by peer]
maximiliantagher has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixpkgs] @Synthetica9 opened pull request #49835 → nixos-generate-config: fix for swapless kernels → https://git.io/fpfWC
badmutex has joined #nixos
dbmikus has joined #nixos
<sphalerite>
wirew0rm: just the integrated graphics in this one…
<sphalerite>
after an adventure with a CD drive wihich
<sphalerite>
temporarily fried the laptop (had to disconnect both batteries before it would turn on again), I'm not sure how to do the firmware update :|
badmutex has quit [Ping timeout: 240 seconds]
<clever>
sphalerite: sounds like the embeded controller locked up
<sphalerite>
both sad and good to know that plugging in a USB device can do that
<sphalerite>
a probably not intentionally malicious device that is
<clever>
ive managed to BSOD my win7 machine with a teensy microcontroller
<clever>
i tracked it down to a motherboard driver for cellphone charging
crmlt has quit [Ping timeout: 264 seconds]
<sphalerite>
there's also that USB zapper thing that charges a capacitor with the USB power supply, then fries the motherboard with high voltage
cinimod has joined #nixos
<sphalerite>
I've not run into one of those myself, and hope that I never do :')
<clever>
yeah, ive seen that
badmutex has joined #nixos
<clever>
real nasty thing
<clever>
it even looks identical to several USB sticks i have
drakonis has quit [Read error: Connection reset by peer]
Itkovian has joined #nixos
crmlt has joined #nixos
drakonis has joined #nixos
badmutex has quit [Read error: Connection reset by peer]
__Sander__ has quit [Quit: Konversation terminated!]
cinimod has quit [Ping timeout: 244 seconds]
badmutex has joined #nixos
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
badmutex has quit [Ping timeout: 272 seconds]
cinimod has joined #nixos
nDuff has joined #nixos
jperras has quit [Quit: WeeChat 2.2]
badmutex has joined #nixos
<nDuff>
Is there a way to stop an attrset from being evaluated during "nix-env -qa"? I have a case where even without setting recurseForDerivations=true, a derivation that needs to download content before it can be evaluated is triggered (and fails).
cinimod has quit [Remote host closed the connection]
cinimod has joined #nixos
<clever>
nDuff: all keys in a set must be known before you can do anything in that set
<clever>
nDuff: so if the keys on that set depend on a download, it must download to read .recurseForDerivations
mayhewluke has quit [Ping timeout: 252 seconds]
kim0 has joined #nixos
<clever>
nDuff: are you able to read recurseForDerivations from nix repl?
<nDuff>
let's see...
fendor has quit [Ping timeout: 252 seconds]
<TweyIII>
What's that Heroku app that tells you when all the channels were last updated?
<nDuff>
...yes, I can.
dbmikus has quit [Read error: Connection reset by peer]
<nDuff>
Hmm. Actually, I can't reproduce the failure from the repl at all; maybe it's happening from a different part of the tree than I thought...
<sphalerite>
TweyIII: ^
<clever>
nDuff: nix-env -qavvvvvv
<nDuff>
oh, that's not it -- rather, when I invoked it from the repl, it downloaded the bits it needed.
<nDuff>
so now it can't be reproduced with -qa either.
* nDuff
goes about trying to clear out the relevant bits from the store to make the issue reproducible again.
<clever>
nDuff: nix-store --delete the path it had downloaded
<TweyIII>
sphalerite, clever: Ah, thanks ^_^
hotfuzz_ has quit [Ping timeout: 245 seconds]
badmutex has quit [Ping timeout: 240 seconds]
sigmundv has quit [Ping timeout: 264 seconds]
badmutex has joined #nixos
dbmikus_ has quit [Ping timeout: 252 seconds]
<nDuff>
Huh, that's odd. So the file it's trying to read is actually included in the source tree; with -vvvvv, there's a "copied source '...' -> '/nix/store/...' just before the "error: cannot read '/nix/store/...', since path '/nix/store/...' is not valid".
<clever>
nDuff: anything like chroots going on?
<nDuff>
Nope. And the file *isn't* in the store, despite the "copied source..." message. Hmm.
<nDuff>
I might want to repro this on Linux so I can get a sysdig trace (currently on MacOS).
drakonis has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @knl opened pull request #49837 → grpcurl: init at 1.0.0 → https://git.io/fpfRX
maximiliantagher has quit [Ping timeout: 252 seconds]
<clever>
Taneb: oops, ^^^
crmlt has quit [Ping timeout: 268 seconds]
<nDuff>
...well, I haven't run down why the "copied source" wasn't, but the -vvvv log was good enough to figure out *why* that code was being evaluated during a -qa and take it out of that path.
<Taneb>
clever: ah, I'd set that to ten :D
<Taneb>
clever: thank you
<clever>
nDuff: i suspect nix-env is operating in a read-only manner
<clever>
nDuff: so it doesnt flood /nix/store with 10,000 .drv files
<nDuff>
Makes sense.
<clever>
nDuff: i have actually crashed my machine when i did that with a hydra internal tool
<clever>
which happens to be the exact tool that creates Taneb's gc roots!
<Taneb>
Everything is connected!
<Taneb>
Speaking of gc roots, why does nix-collect-garbage take so long "deleting '/nix/store/trash'"?
exarkun22 has joined #nixos
<exarkun22>
I'm trying to build a stack-based project with Nix and failing to get one of its dependencies resolved. I have a github entry in `extra-deps` of the project's `stack.yaml`. And I have an overlay that adds that dependency to `testHaskellDepends` (test dependency). The build fails with "Setup: Encountered missing dependencies:" and then mentions that dependency. What else do I need so the package can be found?
<clever>
Taneb: to make deletion of /nix/store/a_directory/ atomic, it doesnt actually delete it, it just moves it into trash
<clever>
directory moves are atomic
<clever>
and when its done collecting garbage, all the garbage is in the trash folder, literally
<avn>
exarkun22: with stack2nix? or cabal2nix with manual helps?
<clever>
exarkun22: is doCheck = true; also set?
<exarkun22>
avn (IRC): with cabal2nix... I tried to do all the manual helps in the overlay (and they consisted of adding that one package to testHaskellDepends ... or at least my attempt to add it)
<exarkun22>
clever (IRC): Huh ... no.
<clever>
exarkun22: if doCheck is false, it will filter all test deps out automatically
<Taneb>
clever: ah, I see, and then it does all the slow stuff under one message?
<betaboon>
does anyone have a suggestion how to maintain the nixops-statefiles? we currently have a repo with all the nixops expressions that makeup our deployment. in that repo we do have feature-branches. now we're discussing if we should keep the statefiles within that repo or move them to a seperate repo, that lives only from master. any suggestions ?
<clever>
Taneb: yeah
<clever>
Taneb: you can also make it somewhat faster via `nix-collect-garbage --max-freed 2g`
<exarkun22>
clever (IRC): But it seems like it is still trying to build the test target after doing that filtering? Let me look at the build results again with this in mind...
<clever>
Taneb: then it just stops after finding 2g worth of garbage
<clever>
exarkun22: oh, how are you doing an override to add it to testHaskellDepends ?
<Taneb>
clever: unfortunately I want it to find a lot more garbage than that
<clever>
Taneb: you can re-run it several times, or just give it a bigger number
<Taneb>
clever: it's less the speed I'm worried about, but the lack of indication of how long it's taking
<clever>
Taneb: ah, about all you can do there is to `watch du -h --max=0 /nix/store/trash` or fix nix to give more progress
<clever>
exarkun22: yeah, that should be working
<clever>
exarkun22: if you also change the name in there, does the error show the new name?
<Taneb>
I'm doing 'watch "ls /nix/store/trash | wc -l"', but fixing nix would be something I might do some other time
Ariakenom has joined #nixos
<clever>
Taneb: you might even get away with `ls -lhd /nix/store/trash`
<clever>
Taneb: the hardlink count for trash, is based on the number of subdirs it has
<clever>
since the .. entries are technically hardlinks
<Taneb>
:)
badmutex has quit [Ping timeout: 244 seconds]
<Taneb>
I'm setting this up to gc automatically weekly, it's not a machine with much disk space but we're using it as our CI and build cache
Thra11 has quit [Quit: WeeChat 1.4]
<clever>
Taneb: nix already has 2 forms of automatic gc
fendor has joined #nixos
<exarkun22>
clever (IRC): if I set `pname` (hspec-jenkins-lae) in the set returned by the override function then the new name is used in the output of `nix-build` when building _that_ package (hspec-jenkins-lae). Is that what you were asking?
<clever>
exarkun22: yeah, so that confirms the override is working
<clever>
but there is also a new min-free and max-free
<clever>
which does have hysteresis, based on the difference
<clever>
it will run a gc any time it goes under min-free, and aim to hit max-free free
<Taneb>
clever: thank you for your help
<{^_^}>
[nixpkgs] @dasJ opened pull request #49838 → nixos/mysql: Explicitly set datadir in my.cnf → https://git.io/fpfEQ
drakonis_ has quit [Ping timeout: 252 seconds]
<exarkun22>
Okay, trying to put together a minimal reproducing example... But creating a new stack project I got a "package.yaml" instead of a "stack.yaml". What's the difference between these things?>
<bsima>
'package.yaml' is an alternative to .cabal files
<exarkun22>
./s4/default.nix is kinda the top thing that fails to build
<exarkun22>
and is also where my package monkeying is going on
orivej has joined #nixos
c0bw3b_ has joined #nixos
drakonis_ has joined #nixos
<exarkun22>
oh, but that also interacts in an important way with how hspec-jenkins is defined in ops/nixpkgs-overlays.nix
maximiliantagher has quit [Ping timeout: 252 seconds]
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
dbmikus_ has joined #nixos
<bsima>
exarkun22: are you aware of the 'developPackage' function? I found it more useful for local haskell packages
<bsima>
(more useful than overlays, i mean)
<octe>
are packages submitted to nixpkgs required to build with sandboxing?
mmercier has quit [Ping timeout: 276 seconds]
drakonis_ has quit [Ping timeout: 250 seconds]
sanscoeur has joined #nixos
<avn>
exarkun22: builder for '/nix/store/2d0diycv80pfyl5pq6j4a4bdlzwckav3-hspec-jenkins-0.1.1.drv' failed with exit code 1
<avn>
so override definelly works ;)
<clever>
octe: yes
<exarkun22>
bsima: I haven't used that feature before, nope. I think I saw it but wasn't clear on how to build a workflow around it.
<octe>
i want to add a rust package that depends on another rust package that has a custom build process that clones something from github
<octe>
but there's no network access in the sandbox
<avn>
But I am on master, on stable situation can be different
<octe>
what are the options?
<exarkun22>
avn (IRC): Huh, yea, that's not the failure I get. But maybe it looks like it is still a failure due to not fixing the underlying problem successfully (which is that upstream hspec-jenkins is abandoned and doesn't build anymore; I have a fork that does build).
jabranham has quit [Read error: Connection reset by peer]
<clever>
octe: use fetchFromGitHub, copy it to the expected path, and disable the automatic download somehow
badmutex has quit [Read error: Connection reset by peer]
<octe>
i guess i could fetch the dependency and the dependency's dependency and patch it to use that
<exarkun22>
bsima: cool, thank you. it looks like this is an alternative to stack ... and cabal? or does it work with the config files for those systems?
<avn>
exarkun22: I personally pull overlay via host configuration. so my build goes via pinned nixpkgs -> host config -> overlay + custom packages
badmutex has joined #nixos
<exarkun22>
Possibly I'm making things difficult for myself by not actually using nixos... just using nix as the build toolchain for this project (+ nixops for ops), independent of host development environment
ubert has quit [Quit: Leaving]
<simpson>
Maybe, to a degree. As a regular NixOS user, I'd think of it as making things difficult by using any specific $DISTRO. NixOS isn't perfect, just less friction with Nix.
<peterHK_>
anyone made container of django app with nix? i do not have that much dev exp with django so not sure, but it hope i can escape js crap with collectstatic and only have to package python deps
<exarkun22>
gonna try to make a minimal example of this again
kai_w has quit [Quit: Konversation terminated!]
<nDuff>
peterHK_, ...you've looked at the pythonPackages hierarchy within nixpkgs, right? It's fairly extensive (and *does* include django).
<simpson>
peterHK_: Sure. I can't share specifics with you, but the general pattern of putting Python stuff into a container with Nix is there. `FROM nixos/nix` for starters and then nix-env to get everything lined up.
* nDuff
hasn't been part of a django shop in a lot of years (and wasn't using Nix at the time), but has build a few derivations with Python dependencies recently and found it to be pretty straightforward.
<peterHK_>
i am not worries about the pythongPackages, i am quite sure i can get that done relative easy.. i am just a bit worried about the js crap on top of it (which i hope i can just have on some S3/CF and do not need to have in container)
<nDuff>
...personally, I'm less in favor of the Dockerfile approach at all, and lean more towards using dockerTools to describe your containers directly in Nix.
drakonis_ has quit [Ping timeout: 252 seconds]
<peterHK_>
yeah i am talking about dockerTools
<nDuff>
ahh; I don't have useful experience to add wrt nix.
<exarkun22>
... huh. stumbled over something while minimizing. when I re-generated my s4.nix it included my hspec-jenkins (unlike previously)... interesting.
drakonis_ has quit [Ping timeout: 260 seconds]
<exarkun22>
so probably I changed stack.yaml or s4.cabal at some point and then forgot to re-run cabal2nix to reflect the new dependency and everything else is just because of that? ugh
<exarkun22>
let's see if I can actually make it build all the way to the end now
aitch_ has joined #nixos
<aitch_>
hi all, maybe I missed it in the manual but I'm trying to see how nix handles resolving package versions e.g. "A" being able to specify a dependency on "'B' >~ 1.2"
<symphorien>
There is no dependency solving in nix
<simpson>
aitch_: In general, or for some specific language subsystem? Usually we try to only carry multiple versions of a package if there's precedent for it in other distros.
<__monty__>
What can you do if cabal can't construct a build plan with the available versions?
<aitch_>
essentially our "build" for our OS package level software now hard codes SHAs from git repos into our tooling, and we then build the world from HARD coded version numbers... we've wanted a cross platform (all linux derivatives) solution for a while and nix keeps coming up, but allowing team C to dictate that they depend on B 1.x and have not yet adopted B 2.x would be a "requirement" for us
<aitch_>
we have a homebrewed pakcage manager, so you can imagine how well that's working out for us right now
<bsima>
__monty__: start overriding package versions until it works
<nDuff>
aitch_, in general, you just depend on exactly what you need. You need foo-1.2.3, you depend directly on it. There's no reason to perform any kind of conflict-resolution step because all the versions that are needed can be installed parallel to each other.
<simpson>
aitch_: Nix is a good fit for this. Don't let the policies of nixpkgs deter you, because if nothing else, you can write relatively raw Nix derivations which *also* hardcode version numbers and hashes.
jperras has quit [Read error: Connection reset by peer]
<aitch_>
the thing we're trying to get away from (aside from all the usual shortcomings of a homebrew package manager) is that one team can bump a sha hash, and break the world for everyone else, we wanted to get to a model where each team publishes their own build, and some solver picks the newest versions of everything known to work
drakonis_ has joined #nixos
<{^_^}>
[nixpkgs] @danieldk opened pull request #49839 → Disable Rust doctests on Darwin. → https://git.io/fpfwm
<nDuff>
aitch_, ...one of the Big Ideas behind nix is that having parallel installations means one doesn't *need* a solver at all; you have three components that were tested with different versions of libfoo? Then install all three libfoo releases.
jperras has joined #nixos
<exarkun22>
yes. cabal metadata inconsistency was the problem. ooof.
<simpson>
aitch_: Sounds like a job for CI, TBH, or reorganizing your development process so that distinct teams aren't so tightly-coupled.
<aitch_>
I guess the bigger issue is that our stuff is basically 30/30/30% split between systemd services, things that run on those then deployed services and a bunch of container images we then provision under docker
<nDuff>
(...and they just end up hash-addressed in the rpaths at link-time).
<aitch_>
so "just allow multiples to be installed" will bite us on port bindings and other "side effects" that I guess nix can't express
<aitch_>
I've a feeling that nix is the wrong solution for us
<aitch_>
(and that there are no good ones, as what we're doing is insane)
<simpson>
aitch_: Nix can do all of this, just not in a day. You're going to have to go incrementally.
orivej has quit [Ping timeout: 252 seconds]
TweyIII has quit [Ping timeout: 244 seconds]
<__monty__>
aitch_: It sounds like you want to do what cabal does. Basically run a constraint solver on version compatibility constraints.
<aitch_>
I have to look into cabal
<nDuff>
aitch_, ...okay, it wasn't clear earlier that you were talking about running services, vs. library linking; that's a somewhat different problem.
<symphorien>
aitch_: for dependencies between distributed systems there is disnix
<aitch_>
but maybe coming from a world where bascially everything works that way, I'm missing a more elegant solution
<symphorien>
(Caveat: I have never used it)
<__monty__>
aitch_: I'm not sure cabal (the library, not cabal-install) can be decoupled from haskell but it does sound like what you're after.
maximiliantagher has quit [Remote host closed the connection]
<aitch_>
honestly, I think there's enough constraint solvers out there (I know the one in Ruby very well) so maybe it's plausible to build something that _emits_ a static .nix and allow nix to handle the build, distribution, etc
maximiliantagher has joined #nixos
<simpson>
aitch_: Okay, yeah, I think that you've been misled somewhat. Nix is a build system. You give it URLs and hashes, and it builds artifacts in a very pure and highly-reproducible way.
<simpson>
There's also NixOS, Nix plus systemd and some system-configuration modules. And Nix in containers. And building containers from Nix. These are all things which revolve around Nix.
<aitch_>
for sure it's not the docs that are misleading, literally every time pain with our build tooling comes up - there's a chorus of "we should just use nix"
<simpson>
If nothing else, it sounds like you could ditch some/all of your custom build system in favor of Nix.
<aitch_>
it kinda sounds like disnix would be what we'd need -- I envisaged the standard thing there you build packages, push them to a repository of some kind somewhere, and then you install a meta package, and watch the system pull in all the things it needs
<__monty__>
aitch_: That's what I was thinking. This only works if your version numbers are actually meaningful of course. Otherwise having CI build all-the-things, combining different versions, and running a test suite for each sounds like a reasonable solution, then you just use the most recent working build.
<simpson>
aitch_: Sure, disnix and nixops both can do this. However, they're both fairly opinionated and not easy to drop-in on an existing workflow.
<aitch_>
right
EarlDeLaWarr has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
<nDuff>
aitch_, ...incidentally, all the software/components/etc built by nix live in a single, shared store -- mounting that store on a VM (docker container, etc) means you don't need to install a copy of anything from the store into the VM, but can just mount it directly and link in -> not so much need for "installation" of "packages" on the guests at all. If you're going with the full model; one certainly can (and I do) build packages for legacy operating
<nDuff>
systems / distros driven from nix.
<aitch_>
yeah, the whole symlinking stuff seems really sane, i do a lot of CAS storage, and merkel tree based work in my side projects, so the principles are all super familiar for me
<aitch_>
the crux for us is that we have to support coreos - which by design refuses to have a package manager
<aitch_>
else we could for sure solve our immediate problems with debs and rpms
<simpson>
If they let you have a /nix though...
badmutex has quit [Remote host closed the connection]
<simpson>
Anyway, there's other ways to adopt Nix incrementally too, like generating Docker-compatible containers with Nix, or using `FROM nixos/nix` in Dockerfiles.
badmutex has joined #nixos
<aitch_>
that was our working assumption, and it seems like that would work fine - but I still can't get my head around how i'd allow one team to release on their own schedule without forcing other teams to adopt that new thing version (without allowing multiple versions of a thing to be installed, because they would conflict on assets like ports and cgroups, etc)
<aitch_>
barring "dependencies" (we don't have them) incremental adoption of nix to replace our build tooling seems doable, we have metadata manifests and build shell scripts
<simpson>
How do you do it now? Keep doing it that way. Conway's Law is a real thing, and neither Nix nor any other technical tool can fix that.
<aitch_>
so there's a buildinfo file which has git repos and shas in for the ~150 components that make up our offering
<aitch_>
teams "bump" their sha in that repo to pull in the work that lives in the component repositories into the build system
<nDuff>
Do y'all already use the Hashicorp stack? Consul Connect sounds like it might be of interest to you.
<nDuff>
in terms of being able to have a separate service for X-1.1 vs X-2.0, and just request that you get connected to whatever you want.
<aitch_>
we do have a service mesh
<aitch_>
the ususal case is that team releases from 1.1.1->1.2.0 and the .2 introduces a breaking change for other teams, and because we have no way to epxpress that other teams may depend on 1.1.x and don't want to pull in 1.2.x yet
zolk3ri has quit [Ping timeout: 256 seconds]
nDuff has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos
<aitch_>
probably I just have the wrong mindset
<simpson>
Try out Nix. Play around with it a bit. Don't feel like you have to commit yet.
<symphorien>
The nix mindset is: each component ships its own version (1.1 or 1.2 when it is read
<symphorien>
ready)*
zolk3ri has joined #nixos
<symphorien>
And for libs and c-style executables nix isolates what you build so that you can have incompatible versions of one lib across the system without interference
<symphorien>
For running services well it depends :)
<elgoosy>
i've just put `export GOPATH=$HOME/go` in my .bashrc. from the terminal i can know execute go binaries, however emacs does not see those executable
vaibhavsagar has joined #nixos
halfbit has joined #nixos
badmutex has quit [Remote host closed the connection]
badmutex has joined #nixos
<{^_^}>
[nixpkgs] @FRidh pushed commit from @sveitser to release-18.09 « nixos/jupyter: wait for network.target »: https://git.io/fpfPd
<bsima>
i never could figure out how emacs sources .bashrc, .bash_profile etc
<elgoosy>
at least in other linux systems it 'sees' the same path. here in nixos it does not
<elgoosy>
:/
badmutex has quit [Ping timeout: 240 seconds]
badmutex has joined #nixos
drakonis has joined #nixos
<bsima>
elgoosy: that's probably b/c it's wrapped by a script which links it to the right deps, most (all?) nixos programs are like this
Itkovian has joined #nixos
JosW has joined #nixos
elgoosy has quit [Remote host closed the connection]
<Growpotkin>
Hey does anybody have a nice solution to using vim + hdevtools (Haskell) in Nix Shell? mine always whines because it's ignorant of any haskell libs that were added by my shell.
cinimod has quit [Ping timeout: 246 seconds]
crmlt has joined #nixos
<hyper_ch>
and again, after 24h server loses DNS
<infinisil>
,error Growpotkin
<{^_^}>
Growpotkin: What exactly doesn't work? What commands did you run and what error did they produce?
<hyper_ch>
I can't resolve any domains anymore after 24h for some reason
civodul has joined #nixos
<Growpotkin>
@infinisil The issue is that hdevtools uses the system wide Haskell modules, so when I am in a shell and have added a module that isn't system wide, it complains that "module does not exist"
<Growpotkin>
I could just add a million haskell modules as dependencies to vim I think, but "Theres got to be a better way!" ;)
<infinisil>
Growpotkin: Well from hdevtools readme it seems that it uses stack to discover dependencies
hyper_ch has joined #nixos
erictapen has quit [Ping timeout: 260 seconds]
mayhewluke has quit [Ping timeout: 252 seconds]
<Growpotkin>
@infinisil: So the trick will be to direct hdevtools to the nix-shell's Stack Modules. Does nix-shell's "withHaskellPackages" populate stack?
<infinisil>
No, only stack can populate stack, I'd think it should just work if you have a stack project
maximiliantagher has quit [Remote host closed the connection]
<infinisil>
stack works well on NixOS
maximiliantagher has joined #nixos
<Growpotkin>
Oh okay got it. TBH I've never really taken the time to learn Stack haha
<vaibhavsagar>
what is the solution to `lacks a valid signature`?
<vaibhavsagar>
I feel like I've tried everything
cinimod has joined #nixos
<gchristensen>
arianvp: how did you disable edns?
<Unode>
is there any way to check if a path is the store is live without going for --delete and crossing fingers that it doesn't get removed?
hyper_ch has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
<aleph->
Is ffmpeg-full multicore/thread enabled?
maximiliantagher has joined #nixos
<aleph->
The version in nixpkgs at least.
<aleph->
Seems to only use a single core no matter what I set which is... odd
<tilpner>
ffmpeg-full is compiled with --enable-pthreads
<tilpner>
At least on 18.09
<aleph->
Yeah nevermind realized it's probably from libaom not supporting multi threads
cinimod has quit [Ping timeout: 252 seconds]
drakonis has quit [Quit: WeeChat 2.3]
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
m0rphism has joined #nixos
kim0 has quit [Quit: Connection closed for inactivity]
markuskowa has joined #nixos
maximiliantagher has quit [Ping timeout: 240 seconds]
nDuff has joined #nixos
<infinisil>
Unode: nix-store -q --roots
vk3wtf has quit [Ping timeout: 264 seconds]
<nDuff>
Is there a way to refer to a fixed-output derivation in nix in such a manner as to prevent its identity from depending on anything other than name+sha256? I'd assumed that was the case already, but when I have derivations that refer to the same file with two different URLs, it downloads it twice (and, much worse, recreates all the downstream build products).
<infinisil>
nDuff: I think you can give a name to builtins.fetchurl
<Unode>
infinisil: thanks, this works well.
drakonis1 has joined #nixos
<nDuff>
infinisil, ...so is that to say that the whole URL, not just the basename (after the last /) impacts the hash *unless* an explicit name is provided?
<nDuff>
(because the basenames already are identical)
drakonis_ has quit [Ping timeout: 250 seconds]
<infinisil>
Well I never looked it up exactly, but from your problem it seems that this is indeed the case
<nDuff>
*nod*.
<nDuff>
I'll give it a try, then; thank you.
<infinisil>
Let me know if it works, am curious
crmlt has quit [Ping timeout: 244 seconds]
<Unode>
Interesting that glibc is consistently reported as damaged when running nix on top of NFS on non-standard location. Wondering if this is due to .nfsXXX files confusing the hashing of the package.
<gchristensen>
fpletz: how do I get your networkd goodness? :) Failed assertions:
<gchristensen>
- networking.defaultGateway.interface is not supported by networkd.
<gchristensen>
- networking.defaultGateway6.interface is not supported by networkd.
<Unode>
Is there any garbage collection tooling that allows targetting different subsets of data stored in the store? i.e tarballs, patches and other source requirements but keep anything that looks like a package or dependency (active or compile-time)
tonic_ has joined #nixos
shabius_ has quit [Quit: Leaving]
drakonis1 has quit [Ping timeout: 252 seconds]
shabius has joined #nixos
vk3wtf has joined #nixos
<{^_^}>
[nixpkgs] @markuskowa opened pull request #49840 → nixos/postgresqlBackup: set to umask to 0077 → https://git.io/fpfFm
Growpotkin has quit [Remote host closed the connection]
<Unode>
is there any way to know 'why' nix thinks a package is broken, i.e. what file is missing/added or different from expected?
badmutex has joined #nixos
ajs124 has quit [Quit: Gateway shutdown]
<Unode>
:o I thought all entries in nix/store had an epoch+1 timestamp. Is this no longer the case?
SitiSchu has joined #nixos
<gchristensen>
what do you see?
ajs124 has joined #nixos
<Unode>
Some entries there have dates from different times in the past
SitiSchu has quit [Remote host closed the connection]
<clever>
Unode: the lock files are technically invalid, and nix-collect-garbage will clean them up first
<clever>
the folders are just $out's from failed builds, so you can debug it, also invalid
<clever>
if you try to build it again, it will be deleted before the build starts
<clever>
and anything depending on them will trigger a new build
<Unode>
clever: there's a build running now. I also usually build directly on /dev/shm for performance reasons and to avoid oddities with NFS timestamps
vk3wtf has quit [Ping timeout: 264 seconds]
<Unode>
I haven't --gc'ed in a couple of years . We had some problems in the past with packages breaking due to bad past experiences of --gc removing things that were actually in-use and leaving the store in half broken state. Since most is built from source we pretty much had to start from clean slate.
spacefrogg has quit [Ping timeout: 252 seconds]
<Unode>
I'm considering a --gc now but trying to inspect that nix thinks is 'safe' to remove before hitting the big red button
spacefrogg has joined #nixos
<Unode>
*what nix things
<Unode>
thinks
<Unode>
(I need to sleep :P)
tonic_ has quit [Ping timeout: 264 seconds]
<clever>
Unode: nix should never delete anything that is in use
<clever>
and if it does break something, you where using things the wrong way
<Unode>
clever: I know. We blamed the NFS setup for being leaky.
<clever>
ah
<clever>
are you sharing a single store but have multiple /nix/var/nix/profiles/ ?
<Unode>
we are sharing yes. But compilation happens in one node only.
<Unode>
compilation and installation that is
<clever>
ah, then it should have all gc roots
<Unode>
we also have a few outputs from nix-build on a different store but I saw that those are reported by nix as correctly in-use
<Unode>
a different folder I mean
jtojnar has quit [Quit: jtojnar]
<Unode>
but all should be visible to this one node.
<Unode>
but for instance we have quite a few /share/nix/store/pq2vnd40cj4hk7cwk7lsaj017fdnjmyf-glibc-2.25-49 was modified! expected hash 00d5124725ba098c957728efd02446cd0326b992ec1e3f35b8de885a174992f3, got b86cbed163a53aaa98693d59b1bab94de1cfc88b5184d68d7524ee2cce60a4de cases.
tonic_ has joined #nixos
<clever>
Unode: thats not in the binary cache!
<Unode>
On my screen right now I see 7 glibc (some different versions - 2.25, 2.25-49, 2.26-131, 2.27) and 2 python3-3.5.3
<Unode>
clever: it can't be notice /share
<clever>
wasnt sure if that was a local?root=/share/ or not
cinimod has joined #nixos
<Unode>
we can't use /nix due to reasons
<clever>
Unode: what about user namespacing?
<Unode>
so go go happy source go
<Unode>
clever: proot?
<clever>
user namespacing has better performance
<clever>
proot is just an LD_PRELOAD i believe
<Unode>
I tried proot a couple of years ago, performance was terrible. user namespacing is news to me. Haven't heard about it.
<clever>
but user namespacing is a kernel feature, to allow nonroot users to chroot
<clever>
Unode: the unshare (or clone) syscall is used to create a new set of namespaces, isolated from the parent ones
<clever>
Unode: and if you request both a user and mount namespace at once, you can do it without root, and then have the ability to mount --bind, and chroot
<clever>
nix-user-chroot from above automates it all
devx has quit [Quit: . .. ...]
<Unode>
clever: sweet. And just to know. Do I get to choose where to store things or is it all magic?
<clever>
Unode: its simply a bash script to make the sandbox more usable, after chrooting in
<jgt>
because this is all after downgrading from Mojave, so I had to wipe my machine
<clever>
jgt: thats under /nix/var/nix/profiles/per-user/clever/channels-1-link/ and friends
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<jgt>
ah so then I won't have anything to rollback to
<jgt>
I wonder if it's because this time I did a multi-user install…
vk3wtf has joined #nixos
<clever>
multiuser wont break like that
<jgt>
clever: could it be recent MacOS security patches?
<jgt>
notably, it fails on libsecurity_utilities-osx-10.7.5.drv
badmutex has quit [Read error: Connection reset by peer]
<clever>
maybe, i havent been keeping up to date with darwin
trevthedev has quit [Ping timeout: 240 seconds]
badmutex has joined #nixos
WilliamHamilton[ has joined #nixos
<jgt>
clever: do you know how I could test this? Short of wiping my entire machine again and trying to install Nix and all my packages without applying the security updates?
<Unode>
clever: hum having some issues getting nix-installer into the store. error: cannot auto-call a function that has an argument without a default value (‘installedPackages’) I guess I'm using it incorrectly
<clever>
Unode: it has to be loaded with callPackage
<{^_^}>
[nixpkgs] @timokau merged pull request #44439 → [RFC] Use `meta.tests` to link from packages to the tests that test them → https://git.io/fNP6Z
<infinisil>
Because I just spent some time figuring this out, here's how you can get every defined system.activationScripts attribute (for dependencies)
<ldlework>
azazel: no idea how i forgot about that
baconicsynergy has joined #nixos
<azazel>
ldlework: it happens ;-)
<azazel>
the equivalent in python 2 is "python -m SimpleHTTPServer" if I remember correctly
baconicsynergy has quit [Remote host closed the connection]
xorkle has quit [Ping timeout: 252 seconds]
<infinisil>
ldlework: I have a simple set of scripts for viewing pictures with your friends over the network. Master computer has control over when to go to the next one. It's based on this python http server for transferring the images
<azazel>
infinisil: ah, never watched pictures with friends over the net!