<ottidmes>
ldlework: your use case is different than mine, you probably want to get to the private keys
freeman42]NixOS has joined #nixos
<ottidmes>
ldlework: but thats in the export as well
erasmas has quit [Quit: leaving]
<gchristensen>
is `nixops scp`not good enough?
goibhniu has quit [Ping timeout: 272 seconds]
<ottidmes>
ldlework: in my case I extract the public keys and write them to files that I include in my config such the public key is persistently added to the authorized keys (otherwise a nixos-rebuild would regenerate the authorized keys, removing the one added by nixops)
abathur has quit [Ping timeout: 268 seconds]
shabius_ has joined #nixos
<gchristensen>
I wonder if rsync 's -e coulduse `nixops ssh`
freeman42x]NixOS has quit [Ping timeout: 268 seconds]
freeman]NixOS has joined #nixos
shabius has quit [Ping timeout: 252 seconds]
lnikkila has quit [Ping timeout: 250 seconds]
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
fusion809 has quit [Ping timeout: 268 seconds]
<infinisil>
jackdk: You can link to single messages directly by clicking on the timestamp
<infinisil>
(and shift clicking another to select a range)
freeman42]NixOS has quit [Ping timeout: 268 seconds]
<jackdk>
here is a build log: https://github.com/NixOS/nixpkgs/files/2617687/build.log but I'm not sure how to narrow it further. My spidey-senses suggest a parallelism problem, but how do I make nix build a package with `make -j1`?
<v0|d>
jackdk: nix-build has --cores and --max-jobs switchs.
Radivarig has quit [Ping timeout: 268 seconds]
freeman]NixOS has quit [Ping timeout: 246 seconds]
aw has quit [Read error: Connection reset by peer]
aw has joined #nixos
otti0815 has quit [Ping timeout: 250 seconds]
spacefrogg_ has joined #nixos
spacefrogg has quit [Read error: Connection reset by peer]
SyrupThinker has quit [Ping timeout: 252 seconds]
nwspk has quit [Ping timeout: 264 seconds]
nwspk has joined #nixos
SyrupThinker has joined #nixos
sigmundv has quit [Ping timeout: 246 seconds]
sigmundv__ has quit [Ping timeout: 268 seconds]
rpg has joined #nixos
lnikkila has joined #nixos
epicmetal has joined #nixos
rpg has quit [Client Quit]
alex`` has quit [Ping timeout: 268 seconds]
lnikkila has quit [Ping timeout: 268 seconds]
emily has quit [Quit: Reconnecting]
emily has joined #nixos
graphene has quit [Remote host closed the connection]
jmeredith has quit [Quit: Connection closed for inactivity]
graphene has joined #nixos
xelxebar has quit [Quit: WeeChat 2.3]
rprije has joined #nixos
<gchristensen>
jackdk: how did you upload that build.log?
jperras has quit [Quit: WeeChat 2.2]
<jackdk>
gchristensen: dragged and dropped it into another github issue. I've been trying to fix #50902 which is how I tripped over the postgres build issue
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jasongrossman has joined #nixos
<{^_^}>
[nixpkgs] @bcdarwin opened pull request #51094 → minc2-simple: init at 2.1 → https://git.io/fpzON
orivej has joined #nixos
<{^_^}>
[nixpkgs] @bhipple opened pull request #51095 → emacsPackagesNg.trivialBuild: cleanup and standardize function → https://git.io/fpz3I
nikka has joined #nixos
nika has quit [Ping timeout: 250 seconds]
nikka has quit [Ping timeout: 246 seconds]
Rusty1 has quit [Quit: Konversation terminated!]
nikka has joined #nixos
nikos has joined #nixos
nikos is now known as Guest58038
nikka has quit [Ping timeout: 268 seconds]
mayhewluke has quit [Ping timeout: 268 seconds]
mayhewluke has joined #nixos
lo_mlatu has joined #nixos
<lo_mlatu>
what happened on nixos-unstable channel? I just noticed the last update was 10d ago
<jackdk>
re: #51096: is it correct to turn off tests for this package on darwin? I assume we don't propagate env vars into the build environment, so the "standard" fixes won't work
<lovek323>
I'm having trouble with nix-shell - sometimes it goes into the shell, sometimes it just exits silently with exit code 1
<lovek323>
I've compared the output with maximum verbosity for a successful run and a failed run and there is no difference
<lovek323>
the env itself is very simple - simply provides python37
<lovek323>
any ideas?
<lovek323>
(sorry for waiting time... looks like it doesn't play well with liquidprompt)
ma27 has quit [Ping timeout: 240 seconds]
palo4 has joined #nixos
ma27 has joined #nixos
<jasongrossman>
lo_mlatu: nixos-unstable often takes a while to be stable enough. Ironic, but normal. You might be thinking of the master channel? That updates continuously.
palo3 has quit [Ping timeout: 250 seconds]
<jasongrossman>
lo_mlatu: Master is more like what some distros call unstable (or testing). Unstable is actually quite stable.
<mgttlinger>
is there a nice way to get some sort of dependency tree of the nix store to analyze why it has grown so large?
<mgttlinger>
that is after hardlinking and regular garbage collection
<mgttlinger>
the store has continually grown larger over the years without mew installing significantly more software
<mgttlinger>
the store has continually grown larger over the years without me installing significantly more software
<{^_^}>
[nixpkgs] @Mic92 pushed to master « python37.pkgs.netaddr: skip failing test »: https://git.io/fpzGh
<jackdk>
my understanding is that enableParallelBuilding defaults to false, so why would postgresql non-deterministically fail to build on darwin unless I passed --max-jobs 1 --cores 1?
reinhardt has joined #nixos
graphene has quit [Remote host closed the connection]
graphene has joined #nixos
ma27 has quit [Ping timeout: 250 seconds]
domenkozar has quit [Ping timeout: 252 seconds]
ma27 has joined #nixos
iMatejC has quit [Ping timeout: 268 seconds]
iMatejC has joined #nixos
dmc has quit [Quit: WeeChat 2.3]
oldandwise has joined #nixos
<oldandwise>
need help: <stdout>: commitBuffer: invalid argument (invalid character)
dmc has joined #nixos
<oldandwise>
already tried LC_ALL,LANG, etc.... still problem exists
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
epicmetal has quit [Ping timeout: 250 seconds]
oldandwise has quit [Quit: leaving]
wchresta has joined #nixos
Mateon3 has joined #nixos
Mateon1 has quit [Ping timeout: 272 seconds]
Mateon3 is now known as Mateon1
wchresta has quit [Remote host closed the connection]
<elvishjerricco>
pi3r: I don't have time to do this tonight, but you can probably backport the change from master that changed the default GHC version from 8.4.3 to 8.4.4. Just rebase whatever change it was on the release-18.09 branch. I can do it tomorrow if you'd rather and if you remind me :P
<lovek323>
it's when installing the `grunt-contrib-imagemin` node package, so I don't want to have to rewrite some other package
<lovek323>
thanks. I'll give it a crack!
<lovek323>
just read through the readme - maybe I'm just missing something obvious, but for stuff to work, I'll need a `node_modules` directory, things can be symlinked to the correct derivations, etc., but I need that - am I making sense?
goibhniu has joined #nixos
<joko>
lovek323: no, node2nix replaces npm with nix, it reads package.json etc. and generates a nix file
<lovek323>
yeah, so that's not what I want, right?
sigmundv_ has joined #nixos
<joko>
Well, I believe that would be the optimal way to do it
<joko>
If you choose to use npm
<lovek323>
how can that work when it doesn't put the files where they need to be?
<lovek323>
for a local dev environment (I can understand how this can be used to package and distribute)
<joko>
Hmm, maybe you could patch the files then directly in node_modules
<lovek323>
yeah
Thra11 has quit [Ping timeout: 250 seconds]
<lovek323>
looks like node2nix fails to understand `git+ssh://git@github.com:user/repo.git` -- looks like we've written it strangely, but it works with `npm`
<lovek323>
yep, it also struggles on private repos due to ssh issues... I'll leave this one for now
ThatDocsLady has joined #nixos
<joko>
lovek323: this one is a bit more complicated, you have to give access to nix builders
<lovek323>
how do I do that?
<joko>
Unfortunately it's a manual process
<lovek323>
that's okay
<lovek323>
I did play around with that a little earlier today, but couldn't get anything working
<lovek323>
so anyway... the original question, can I symlink /usr/bin/file?
xelxebar has joined #nixos
lo_mlatu has quit [Quit: Connection closed for inactivity]
thc202 has joined #nixos
cyounkins has joined #nixos
<bennofs[m]>
lovek323: you could add ln -s ${file}/bin/file /usr/bin to system.activationScripts (see man configuration.nix)
<joko>
lovek323: yup, find someone who could review it and ping her
<bennofs[m]>
lovek323: imo it's okay to merge yourself if it has small scope like this / is your own package. though I don't know if we have an official stance on this?
<Taneb>
Continuing from yesterday, if I want a hydra jobset that won't automatically be scheduled, is it enough to set checkinterval to 0?
<bennofs[m]>
iirc there was a way to set trigger to manual/oneshot?
mayhewluke has joined #nixos
<lovek323>
bennofs[m]: I'll give it some time (it's been a while since I contributed anything, don't want to make a bad name for myself :))
<lovek323>
thanks both for all your help
<Taneb>
bennofs[m]: one shot seems to disable it when it completes
alex`` has joined #nixos
fendor has joined #nixos
betaboon has joined #nixos
<{^_^}>
[nixpkgs] @periklis opened pull request #51104 → openjpeg: fix for CVE-2018-18088 → https://git.io/fpzEx
ThatDocsLady_ has joined #nixos
ThatDocsLady has quit [Ping timeout: 252 seconds]
ThatDocsLady_ has quit [Read error: Connection reset by peer]
<Twey>
nix-copy-closure used to have a --gzip flag. Does `nix copy` just use gzip by default?
<{^_^}>
[nixpkgs] @vcunat pushed to master « sssd: fix build with updated curl-7.62 »: https://git.io/fpz6I
<{^_^}>
[nixpkgs] @Mic92 pushed to master « python37.pkgs.rope: ignore broken type hinting tests »: https://git.io/fpz6q
<{^_^}>
[nixpkgs] @vcunat pushed to release-18.09 « sssd: fix build with updated curl-7.62 »: https://git.io/fpz60
erictapen has quit [Ping timeout: 268 seconds]
<srhb>
Twey: I believe the store abstraction has a "compression" flag
mkoenig has quit [Ping timeout: 252 seconds]
mkoenig has joined #nixos
<srhb>
Twey: And I believe the default is xz
<srhb>
(Not sure what happens with ssh stores over the wire though...)
<bennofs[m]>
are nix-copy-closure and nix copy streaming? since I had a case where both failed with out-of-memory (but a nix-store --export closure > closure.dump, then scp and then nix-store --import < closure.dump worked)
<srhb>
I guess you can manipulate the actual ssh command line in that case though..
<Mic92>
bennofs[m]: take a look at the installer. There we use streaming
phreedom_ has quit [Ping timeout: 256 seconds]
<Taneb>
So I'm trying to use hydra's API with "curl -k https://localhost/api/..."; and everything gives me a 403 error, even though it works as "curl -k https://hydra/api/..."; from a different computer
<Taneb>
(trying to access https://hydra from hydra gets 403 errors too)
<Taneb>
...I think this is because of the nginx config
steshaw has quit [Quit: Connection closed for inactivity]
<Taneb>
Yeah, "curl localhost:3000" worked fine :)
graphene has quit [Remote host closed the connection]
<tilpner>
In there, you'll find pathsToLink, which should answer your question
<roberth>
gchristensen: seems like you need --style=\| to stop it from introducing extra newlines :/
justanotheruser has quit [Ping timeout: 268 seconds]
<roberth>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 46
graphene has joined #nixos
Rusty1 has joined #nixos
<das_j>
Hm. So pathsToLink seems to limit what is linked
<das_j>
My problem is that I need a well-known location for my android sdk so android studio can find it
<das_j>
However, the sdk is located in $out/libexec
<srhb>
das_j: Why does your android studio need that?
<srhb>
(Are you solving the wrong problem?)
<das_j>
srhb: Well, if I start studio, it greets me with "Please provide the path to the Android SDK. If you do not have the ANdroid SDK, you can obtain it from URL"
mayhewluke has quit [Ping timeout: 268 seconds]
<srhb>
das_j: Looking at the package, it looks like it expects to manage the SDK itself.
erictapen has joined #nixos
<bennofs[m]>
i used to have a ~/software.nix that simply build a derivation that symlinked a few things into $out (like jdk and android sdk)
mayhewluke has joined #nixos
<srhb>
bennofs[m]: Doesn't it barf if it can't write to the sdk path?
<das_j>
bennofs[m]: Sounds good, but what I was looking to write was a module so I can do something like programs.androidsdk = [ { apilevel = 15; packages = [ "system-image" "whatever" ]; }; ]
<yorick>
aminechikhaoui: do you need maintainers for nixops, maybe?
alex`` has joined #nixos
<Streetwalrus>
hi, I want to set onFailure for all systemd services to send me notifications when something breaks, I've tried this but it's infinitely recursive:
<Streetwalrus>
error: Module `/etc/nixos/configuration.nix' has an unsupported attribute `boot'. This is caused by assignments to the top-level attributes `config' or `options'.
<yorick>
Streetwalrus: do { options.systemd.services = ...; config = { your system config; }; } in configuration.nix
WilliamHamilton[ has joined #nixos
<das_j>
yorick: wow
<Streetwalrus>
is the "do" part of it?
<Streetwalrus>
probably not
<gchristensen>
no
<das_j>
no
<srhb>
Suddenly monads.
drakonis has quit [Quit: WeeChat 2.2]
<Streetwalrus>
https://wank.party/aX6H.txt => value is a function while a set was expected, at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:220:18
erictapen has quit [Ping timeout: 246 seconds]
<das_j>
Streetwalrus: Best domain ever
<Streetwalrus>
thanks
<yorick>
Streetwalrus: put parentheses around service // { onFailure }
metastance has joined #nixos
<waleee>
anyone got a clue to why a nix-shell with gfortran added doesn't have gfortran in it's environment?
metastance has quit [Client Quit]
metastance has joined #nixos
astronavt has joined #nixos
<waleee>
the only warning is collisions for libgcc_s.so (gcc vs. glibc-multi)
<srhb>
waleee: Are you opening a shell that has just the dependencies for building gfortran? Can you elaborate?
<Streetwalrus>
yorick: nah that wasn't it, instead of putting those imports in the middle there I had to set the imports array above
<srhb>
Hmm, do you really need that FHSUserEnv? Not sure how well that interacts with nix-shell, if at all.
aleph- has joined #nixos
<waleee>
srhb: julias packagemanager will fail to build some packages otherwise
arjen-jonathan has joined #nixos
<Streetwalrus>
yorick: it "works", as in the attribute is set, but it looks like it's being applied after everything else, so it doesn't actually pick it up or even error on invalid keys
arjen-jonathan has quit [Ping timeout: 246 seconds]
vidbina has quit [Ping timeout: 268 seconds]
<aleph->
Huh and chromium and google chrome seem to be borked as well...
<aleph->
Maybe I'll do a liveusb for this video call.
jperras has joined #nixos
sierraDelta has joined #nixos
<sierraDelta>
noob question: can I `nix-channel --add` both the stable and unstable channels? If not, is there a way to cherry pick stuff from the unstable channel while keeping the stable channel added?
<bbarker_home>
but the short story is that the resolv.conf in the container does not mirror that in the host, and does not have any nameserver listed
reinhardt has quit [Quit: Leaving]
endformationage has joined #nixos
init_6 has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-chell: pin build to patience-0.1.x »: https://git.io/fpzNq
aleph- has joined #nixos
<yorick>
bbarker_home: bind-mount /etc/resolv.conf from the host
<tilpner>
Wow, enabling networkmanager adds 436MB to the image
johanot has joined #nixos
<bbarker_home>
yorick, thanks, sounds promising, found the nix expression - will give it a try
nika has joined #nixos
nikos_ has quit [Ping timeout: 250 seconds]
arjen-jonathan has joined #nixos
<{^_^}>
[nixpkgs] @zimbatm opened pull request #51113 → doc: tweag the coding conventions → https://git.io/fpzxt
aleph- has quit [Ping timeout: 244 seconds]
<sierraDelta>
If I have multiple channels added, how can I tell which channel things are in when doing a `nix-env --query --available --attr-path`
<gchristensen>
the attr path will be prefixed by the channel name, so if you have a nixpkgs channel and a foobar channel, you'll see nixpkgs.hello and foobar.hello
<sierraDelta>
weird, it seems that I'm only seeing one of the channels then. I get this message at the top of the results: warning: name collision in input Nix expressions, skipping '/Users/dansan/.nix-defexpr/channels_root/nixpkgs'
<sierraDelta>
and all the results are prefixed with only one of the channel names
<jasongrossman>
c
<Twey>
sierraDelta: Do you also have /Users/dansan/.nix-defexpr/channels/nixpkgs ?
<gchristensen>
have you run nix-channel --update?
<sierraDelta>
.nix-defexpr/channels has these 4 entries: binary-caches darwin manifest.nix nixpkgs
<sierraDelta>
I did do a nix-channel update. The packages that are showing up in nix-env --query are the ones for the channel I just added.
lewo has joined #nixos
dbmikus_ has joined #nixos
waleee has quit [Quit: WeeChat 2.3]
vidbina has joined #nixos
<bbarker_home>
has anyone had an issue where mutableUsers=false seems to work for a while, but then, miraculously stops working shortly after (i.e. one's passwords no longer work)?
Ariakenom has quit [Quit: Leaving]
<bbarker_home>
I'll try to do some diagnostics by adding a public key to the root user when I do the rebuild of the VM I guess
<disasm>
bbarker_home: is the hash correct for the passwords in the nix configs?
<{^_^}>
[nixpkgs] @ttuegel merged pull request #51095 → emacsPackagesNg.trivialBuild: cleanup and standardize function → https://git.io/fpz3I
<bbarker_home>
disasm, this is very odd ... I had two passwords. running the same command as before on the same passwords, I'm getting different results
<bbarker_home>
command is mkpasswd -m sha-512
<avn>
Folks, anyone understand logic, how session (dbus + all other crap) starts up? I upgrade one setup from 17.09 to 18.09, and lot of stuff changed :/
<bbarker_home>
and i'm very sure at least one of them was working before, 99% sure both were working before
<bbarker_home>
It doesn't look like I did an upgrade afterwards, although even if mkpasswd was upgraded I would hope it would be stable
<hyper_ch2>
bbarker_home: it's normal as it uses a random salt
<hyper_ch2>
so everytime you run it, the hashed password will be different
<bbarker_home>
ah
<{^_^}>
[nixpkgs] @peti pushed 7 commits to haskell-updates: https://git.io/fpzh3
<bbarker_home>
anyone know off hand how to check if the hash is correct then?
<bbarker_home>
other than trying to login
<{^_^}>
[nixpkgs] @peti pushed 0 commits to haskell-updates: https://git.io/fpzhn
<tobiasBora>
I'm trying to install sage after the new push in master, so I tried to update the repo... but I don't why it fails during the kernel built with the error depmod: WARNING: could not open /nix/store/9sg8j2lq8nq7k47ncl3yvxnjfbbvb9yp-kernel-modules-shrunk/lib/modules/4.14.81/modules.order: No such file or directory
<tobiasBora>
(actually I don't even understand why it tries to install the kernel...)
<hyper_ch2>
bbarker_home: you know what a salt is right?
<bbarker_home>
hyper_ch2, yes
<bbarker_home>
looks like there is also a prefix before the salt
<bbarker_home>
$n$salt$hash
<hyper_ch2>
right
<hyper_ch2>
forgot about that, no idea what the first one is for
<gchristensen>
I think it is a bcrypt "rounds" number
<gchristensen>
cost*
<bbarker_home>
well, it is indeed wrong, good to know about the salt. not sure how it is wrong, but at least now I can keep track of what is going on better
<tobiasBora>
I don't know what happened, but one more nix-channel --update and it worked
<tobiasBora>
well
<tobiasBora>
the kernel compiled
<tobiasBora>
but sagemath is now compiling
<tobiasBora>
any idea why hydra did not built it before? (it's 2 day long, and I can find on github some logs about it: https://logs.nix.ci/?key=nixos/nixpkgs.51030&attempt_id=a5b344f9-fae7-4871-a6bf-d776cd4c9d84)
<Lisanna>
hey, are there any utilities in nixpkgs that given a derivation simply produces a tarball that unpacks the derivation's outputs and requisites to /nix/store (e.g., for distributing software to platforms that don't have nix installed)
alex`` has quit [Quit: WeeChat 2.3]
<Lisanna>
(or outside of nixpkgs, I guess)
<gchristensen>
you can use nix-store -qR /nix/store/the-thing | xargs tar ... or something?
<ottidmes>
Lisanna: you probably want: pkgs.callPackage <nixpkgs/nixos/lib/make-system-tarball.nix> { ... }
<Lisanna>
ottidmes do you know if it works well if some /nix/store files already exist (e.g., from an unpack of a prior tarball)?
<Lisanna>
but yeah, that looks like exactly what I want
klntsky has joined #nixos
<tobiasBora>
Also, any idea how I could disable the tests of sage?
<tobiasBora>
(it takes ~1h, which is really long for a simple install)
<ottidmes>
Lisanna: would that not just depend on how you unpack it?
<clever>
Lisanna: if you want to merge it into an existing store, you need to use nix copy
<Lisanna>
clever not existing real nix store, just a previously unpacked tar, e.g. produced by the same thing
erasmas has joined #nixos
<ottidmes>
Lisanna: just check the tar man page, its there
<Lisanna>
ottidmes yeah you're right
Tucky has quit [Quit: WeeChat 2.2]
<Lisanna>
ok that's perfect, thanks
<clever>
Lisanna: nix copy would allow you to have GC when doing thins kind of thing
<Lisanna>
clever yeah, application for this is environments that don't have nix and users that don't know what nix is
<clever>
Lisanna: `nix copy --to local?root=/tmp/totar /nix/store/foo`, tar up /tmp/tofar, move it, untar, `nix copy --from local?root=/tmp/totar /nix/store/foo` to get it back out
<clever>
Lisanna: ive done all of the above, in exactly that situation
<clever>
Lisanna: this manages a ~/.daedalus/nix/store/, along with nix-user-chroot, and similiar nix copy's, to apply updates to it when installers are ran
<Lisanna>
cool!
<clever>
and i tried to keep the nix-installer.nix part modular and generic, so you can just grab it, and call it with different args
ng0 has quit [Quit: Alexa, when is the end of world?]
oida has quit [Remote host closed the connection]
<nisstyre>
hypothetically, if I wanted to programmatically generate nix expressions, what's the best way to do that? Is there a library for outputting expressions from an AST?
<nisstyre>
this is for a potential use of NixOPs
<gchristensen>
do you want to emit code, or pure data?
<nisstyre>
gchristensen: just regular NixOPs deployments and such, I'm thinking of making an experimental system to automate deployments with a frontend
<nisstyre>
it would integrate another tool I've been working on for devops as well (that is in Racket though)
sierraDelta has quit [Ping timeout: 246 seconds]
<nisstyre>
I thought about using Guix for this but Guix doesn't have anything like NixOPs
thc202 has joined #nixos
<gchristensen>
neat
<tilpner>
nisstyre - Oh, Racket! What's it do?
oida has joined #nixos
<nisstyre>
tilpner: it's still early stages, but it's basically like a DSL that lets you automate system administration tasks and stuff. Like Ansible or Fabric, but the idea is to make things inherently asynchronous
<nisstyre>
so each deployment "task" is a thread that uses mailboxes (actor model)
<{^_^}>
[nixpkgs] @worldofpeace pushed 4 commits to master: https://git.io/fpgqO
dbmikus__ has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fpgqW
<yl[m]>
is `nixops deploy --copy-only` equivalent to `nixos-rebuild boot`?
Ariakenom has joined #nixos
mayhewluke has joined #nixos
Ariakenom has quit [Read error: Connection reset by peer]
<ryantm>
Can someone recommend a tool for seeing how the memory usage of nix-build breaks down? I currently have a bunch of single-machine NixOps deployments that take 500 MB to build, and I am hoping to see if I can figure out why it is that much.
fendor has joined #nixos
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<Lisanna>
yl[m] that sounds right. I don't see anything in the manual for it
dbmikus__ has joined #nixos
<bbarker_home>
in other news, none of the passwords I used to build NixOS VMs are working, not just this one. I saved them in a vault and history doesn't report changes. I think I may be going insane
<Lisanna>
yl[m] closest thing would be --force-reboot
sigmundv_ has quit [Ping timeout: 246 seconds]
<aminechikhaoui>
dtz do you remember how the issue that led to https://github.com/NixOS/nixpkgs/commit/42c33ce12f59d36d11d3d5cb74aca460168fc737 got manifested, was the error message explicit about the undefined reference for 32bit architecture or was it just "undefined reference to `__divmoddi4'" , I'm seeing a similar problem while updating a codebase to 18.03/gcc
<aminechikhaoui>
-7 but with __divmodti4 and it's driving me crazy so I thought maybe somehow related :D
<yl[m]>
Lisanna: the problem is the configuration I applied last night restarted my network interface which broken ssh and had to login via serial console. I was hoping I can create the boot entry and just manually reboot
<bbarker_home>
these passwords were all sha256sums generated from random data, so I can't really memorize them to verify ... one NixOS VM I had with a short password I memorized is working
<yl[m]>
Lisanna: will --force-reboot restart the server instead of services?
<bbarker_home>
so at least i can mostly recover to these thanks to configuration.nix backups
<bbarker_home>
I'll give it a day to see if the insanity clears
<Lisanna>
yl[m] --force-reboot will use nixos-rebuild boot, and then reboot the machine
<yl[m]>
awesome, that's probably what I need
<yl[m]>
thx
<woffs>
aminechikhaoui, divmoddi on i686 is always #36947
<Lisanna>
yl[m] that's safer for larger updates since you won't have only half of your services restarting and the other half not being restarted since they can't be without a reboot - I experience stuff getting mucked up that way if I do a major system config change and don't reboot on the deploy
fendor has quit [Remote host closed the connection]
<yl[m]>
Lisanna: thanks for the tip
fendor has joined #nixos
<aminechikhaoui>
woffs: actually in my case it's not i686, it's a regular x86_64 and I see clearly -lgcc_s in the linker arguments and gcc-lib in the linker search path, running nm -C <path/to/libgcc_s.so> | grep __divmodti4 shows that the symbol is there
<gchristensen>
Lisanna, yl[m]: it is good practice, too, seeing what fails when your service is rebooting :)
<aminechikhaoui>
but donnow how it's complaining about it being not defined
<yl[m]>
I have a custom built switch controlled via USB. I forgot the USB sequence for it though :( I'll have to find the arduino code and put it back to use
<makefu>
i am having some issues with installing nix via intercepting proxy and the curl |sh method. i have set NIX_SSL_CERT_FILE and SSL_CERT_FILE , curl is working and i have in mind that at some point it worked before. anybody can check this in their "enterprise" environment? (ping gchristensen :)
<gchristensen>
host os?
<c0bw3b_>
(oooh just noticed coretemp got ban today! good! I won't have to read unconstructive obnoxious comments anymore \o/ )
ThatDocsLady has quit [Remote host closed the connection]
Thra11 has joined #nixos
<makefu>
centos7
<gchristensen>
can you sare logs?
<makefu>
sure, what do you want to look at? nix-channel --update is the thing failing with error 60 (Peer certificate cannot be authenticated with given CA certificates)
<hodapp>
coretemp whaa?
<makefu>
gchristensen: probably means that if i can get nix-channel running the installation should be completed.
<gchristensen>
yikes :?
<gchristensen>
nix-channel is a bit frustrating to debug iirc
<makefu>
nope, nothing. for some reason it opens /nix/store/openssl/etc/ssl/openssl.cnf
<gchristensen>
hmm
<makefu>
also it opens nix.conf, but this does not seem to be having any options to configure the cert path
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
<makefu>
strace -f helped
markus1189 has joined #nixos
cyounkins has joined #nixos
<makefu>
oh oh, i think i remember, there was something about the curl version of nix and the one installed ...
cyounkin_ has joined #nixos
<c0bw3b_>
Oh and GitHub _finally_ added an option to watch a repo only for new release! glorious day
<gchristensen>
it sounds like for some reason, NIX_SSL_CERT_FILE isn't propagated to the nix-channel step? not sure :/?
renais has quit [Remote host closed the connection]
* makefu
is crossing fingers
<makefu>
damn, that was not it :\
cyounkins has quit [Ping timeout: 250 seconds]
<makefu>
HA! managed to get nix-channel working with my certificate, now lets see why it does not get propagated
<gchristensen>
nice!
astronavt has quit [Ping timeout: 246 seconds]
graphene has quit [Remote host closed the connection]
mmlb has joined #nixos
jperras has joined #nixos
graphene has joined #nixos
<makefu>
gchristensen: sheesh, i actually found it. the installer sources $nix/etc/profile.d/nix.sh which has its very own "what will be the correct NIX_SSL_CERT_FILE" logic which then in turn defaults to the system default
<gchristensen>
:/ I thought it handled the case ok?
<makefu>
if your system default ssl file contains the correct certs (which will be the intercepting proxy certificate instead of the root cert of the intercepting proxy) then it will work
<makefu>
however it seems like the new curl version is more picky about the certificates
mmlb has quit [Ping timeout: 246 seconds]
<makefu>
which results in libcurl does not work in the nix-channel but when i run curl locally it does
shoogz has quit [Ping timeout: 264 seconds]
<makefu>
if you want to set your own NIX_SSL_CERT_FILE for the installer, then the variable will always be overwritten by the profile source
<Izorkin>
рщц ещ туув ещ цщкл jemalloc?
<Izorkin>
*how to need to work jemalloc?
cyounkin_ has quit [Remote host closed the connection]
cyounkins has joined #nixos
sigmundv_ has joined #nixos
cosarara has joined #nixos
metastance has quit [Quit: WeeChat 2.3]
Myrl-saki has quit [Quit: WeeChat 1.6]
metastance has joined #nixos
<cosarara>
hi there, I tried installing nix on a proot on arch linux and I got this error https://ptpb.pw/fGO7 (is this the right channel for this kind of problems?)
<Mic92>
matrix bridge to irc was actually kind of cool featurewise, but had too many bugs unfortunally.
noffle has left #nixos ["WeeChat 1.9-dev"]
irdr has joined #nixos
<gchristensen>
gotta make that persistence layer as thin, resilient, and stupid as possible
<clever>
gchristensen: like {^_^} ?
<mconstant>
how do I know if I can use wpa_supplicant?
<mconstant>
and is there a way to do it in configuration.nix
<clever>
mconstant: have you set wireless.enable in configuration.nix?
simendsjo has joined #nixos
<gchristensen>
clever: yeah ;)
[Leary] has joined #nixos
<gchristensen>
though probably better to use erlang
<mconstant>
clever: i suspect it is enabled... I'll check the imported file
Lears has quit [Ping timeout: 246 seconds]
<Mic92>
Has someone else on unstable + kde experienced plasmashell + kwin_x11 running at 100% CPU after connecting/disconnecting from the external display?
<mconstant>
can I see from a nix repl
[Leary] has quit [Remote host closed the connection]
Lears has joined #nixos
<clever>
mconstant: there is the nixos-option command as well
<tilpner>
I have an instantiated nixpkgs, and I want to reimport it with modified arguments
freeman42x]NixOS has joined #nixos
<mconstant>
clever: is there a way to check if it is already enabled?
<tilpner>
This is useful to e.g. change the localSystem of pkgs. But if I do import pkgs.path { ... } I lose the previous arguments passed to pkgs, like e.g. overlays
<clever>
[root@system76:~]# ls -l /etc/systemd/system/wpa_supplicant.service
<clever>
mconstant: this file will exist if its enabled
simendsjo has quit [Quit: ERC (IRC client for Emacs 26.1)]
<mconstant>
clever: yes the file is there
<clever>
mconstant: then you want to move on to creating a /etc/wpa_supplicant.conf using wpa_passphrase
<clever>
and restart the systemd service when the file is updated
<mconstant>
yes
<mconstant>
looking through docs
<tilpner>
How do I cleanly change the localSystem of a nixpkgs set, while keeping overlays, without writing my own version of nixpkgsFun as a wrapper around <nixpkgs>?
<mconstant>
clever: that is great. is there a way to write current config to configuration.nix automatically?
florianjacob has joined #nixos
simendsjo has joined #nixos
<{^_^}>
[nixpkgs] @veprbl opened pull request #51135 → python37Packages.docutils: fix on darwin → https://git.io/fpglK
<clever>
mconstant: check networking.wireless.networks in the nixos docs (man configuration.nix, or https://nixos.org/nixos/options.html or some 3rd option)
<mconstant>
thx
<clever>
but then your password is world-readable in /nix/store/
<mconstant>
yeah will decide against that one
<mconstant>
thanks that is super memorable as a one liner
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fpg8o
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fpg8d
<{^_^}>
[nixpkgs] @domenkozar opened pull request #51137 → (18.09) postgresql: Enable systemd integration for 9.6+ → https://git.io/fpg4m
<{^_^}>
[nixpkgs] @veprbl closed pull request #51135 → python37Packages.docutils: fix on darwin → https://git.io/fpglK
<catern>
is there a way to nix-env --install an expression?
<clever>
catern: nix-env -E 'foo' -i
<v0|d>
systemctl add-wants kozard postgresql
nika has joined #nixos
<{^_^}>
[nixpkgs] @domenkozar pushed to master « postgresql: conditionalize systemd (on darwin) »: https://git.io/fpgBq
<{^_^}>
[nixops] @jslight90 opened pull request #1057 → deployment keys: disable service if no key destinations are in /run/ → https://git.io/fpgBm
bachp has joined #nixos
fgaz has joined #nixos
bennofs[m] has joined #nixos
cornu has joined #nixos
clacke[m] has joined #nixos
simbergm has joined #nixos
Purple-mx has joined #nixos
leons has joined #nixos
dtz has joined #nixos
Ericson2314 has joined #nixos
ejpcmac has joined #nixos
nyanloutre[m] has joined #nixos
koschei[m] has joined #nixos
MarkOtaris has joined #nixos
ptotter[m] has joined #nixos
schmittlauch[m] has joined #nixos
Ralith has joined #nixos
timclassic has joined #nixos
icetan has joined #nixos
thefloweringash has joined #nixos
kaychaks[m] has joined #nixos
stammon has joined #nixos
vaibhavsagar has joined #nixos
timokau[m] has joined #nixos
sphalerit has joined #nixos
tokudan[m] has joined #nixos
yangm97 has joined #nixos
roberth has joined #nixos
yegortimoshenko has joined #nixos
ysndr_ has joined #nixos
rycee has joined #nixos
rnhmjoj has joined #nixos
<{^_^}>
[cabal2nix] @peti pushed to master « pandoc-citeproc: update ticket URL for the test suite failure »: https://git.io/fpgBC
mconstant has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fpgBV
<{^_^}>
[nixpkgs] @c0bw3b pushed to master « renoise: needs only mpg123 library »: https://git.io/fpgBD
nika has quit [Ping timeout: 246 seconds]
nika has joined #nixos
<fusion809>
Is it possible to run a NixOS stable system (i.e. version 18.09 atm), but with the nixpkg-unstable channel used for user-installed packages?
<joehh>
I'm getting a sha256 of 9f96a8541c5a21e80ff6ef4f640627068d17a23bd6cf1ecc6ed92ed634ed733e instead of the expected 25492de7aaff2fd4f41670e19b3a99b600a5a197af50e0ff55f71fb561ce98ab
<joehh>
have donwloaded it twice and still the same result
orivej has quit [Ping timeout: 250 seconds]
dbmikus__ has quit [Ping timeout: 250 seconds]
perique has joined #nixos
dbmikus has joined #nixos
<qyliss^work>
I got 9f96a8541c5a21e80ff6ef4f640627068d17a23bd6cf1ecc6ed92ed634ed733e too
<joehh>
is this an oversight? or something else?
<qyliss^work>
It looks like that file has been updated since the checksums were published
<joehh>
true - same day, just later
<samueldr>
it could be corrupted, another user reported having issues with the FAT32 partition, and I, too, had issues with its FAT32 partition
<qyliss^work>
wouldn't explain the update without updating the checksums though
<samueldr>
(unless what caused the corruption caused that mtime update)
<qyliss^work>
oh true
<joehh>
hmm - it wouldn't boot for me last night - though I had other stuff to blame...
<samueldr>
joehh: which board?
<joehh>
pi3b
<joehh>
got stuck at rainbow screen, though whole process was managed by colleague with limited familiarity using windows, so repeating myself this morning
<samueldr>
right, unless the image was further corrupted or changed, that one has been booted by the other user, and myself, on the 3b
<samueldr>
joehh: I still had a copy around, I am getting the same hash as you are
<samueldr>
(in this thread: we discover I did not check the sha256sum of the image)
<joehh>
though I guess that image with that hash works for you on a pi3x
<gchristensen>
samueldr: you're trusting :)
<samueldr>
gchristensen: my only flaw
<samueldr>
not the one I used for the pi 3b, it has been downloaded on nov 17th here, so if there was further changes during the time, it was from before the 17th
<ldlework>
Is there a nice guide for using Steam on NixOS
<samueldr>
I mean, it was the same image, originally, from after the september 13th date, but I don't have the file around anymore, and it was installed before november 17th
<timclassic>
I built my own aarch64 image recently and also had problems with the FAT32 partition. I was able to reformat the partition and nixos-switch replaced all the files, and all was well.
endformationage has quit [Ping timeout: 250 seconds]
<makefu>
timclassic: the right channel for you ist most likely #nixos-aarch64
* timclassic
notes that it is likely he made a mistake though
<bennofs[m]>
Not by me. It appears that .. and . directory entries are missing for the -dtbs directory. Maybe something to do with using dots in file names (kernel version has dots, fsck.vfat -d didn't like that)
<{^_^}>
[nixpkgs] @markuskowa pushed commit from @pvgoran to release-18.09 « gitea: include "options" directory in "data" output »: https://git.io/fpgoZ
<__monty__>
Should I have a ~/.nix-channels with a multi-user nix? If not, do I need sudo to nix-channel --update?
fresheyeball has joined #nixos
<fresheyeball>
hey out there
<fresheyeball>
I am running a quick experiment and need npm2nix
<fresheyeball>
anyone having luck with this tool? I get info retry will retry, error on last attempt: Error: unable to get local issuer certificate
cyounkins has quit [Ping timeout: 250 seconds]
snajpa has joined #nixos
cyounkin_ has quit [Ping timeout: 250 seconds]
jbaum98 has joined #nixos
<jbaum98>
i'm having issues with nix running out of memory. when i execute nix-shell -p "with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.09.tar.gz) {}; pkgs.anki" I get GC warnings. this doesn't happen if I do the same thing for a package like hello. any thoughts?
<qyliss^work>
What version of Nix?
<jbaum98>
nix (Nix) 2.1.3
<jbaum98>
on linux
<qyliss^work>
hmm. I'm aware of pre-2.1 memory issues, but those were fixed
<jbaum98>
right, i saw those prs closed.
<qyliss^work>
How much memory do you have?
<infinisil>
jbaum98: What GC warnings?
<jbaum98>
8 gb, but this is running on linux within a vm on chrome os, so possible that it's more like 4gb
<jbaum98>
oh i figured it out, it has to do with an overlay i was using. what is the preferred way to use a specific package from an old version of nixpkgs?
<qyliss^work>
gchristensen: is the Darwin installer supposed to add a channel?
<qyliss^work>
looks like you wrote most of it...
<gchristensen>
yes, to the root profile
<gchristensen>
the multi-user one, anyway
<qyliss^work>
doesn't look like it's doing it?
mmlb has quit [Read error: Connection reset by peer]
<qyliss^work>
I've seen multiple instances now where it appears to have installed a copy of nixpkgs, but there's no channel, so it can't ever be updated.
<__monty__>
gchristensen: (sudo) nix-channel --list doesn't list anything.
* gchristensen
scrounges for a mac to borrow
<jbaum98>
how do you use a specific package from an old version of nixpkgs, but permanently ie in your config. do you use an overlay? if so how? even though nix-shell -p "with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.09.tar.gz) {}; pkgs.anki" works fine, adding an overlay with self: super: {}
<fusion809>
Hi, I installed sudo by specifying it as a system package in /etc/nixos/configuration.nix, but whenever I use it I get the error: "sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set". I haven't manually changed the perms there, is this meant to be the case or?
<jbaum98>
Mic92: that goes in ~/.config/nixpkgs/config.nix? i'm not on nixos
<gchristensen>
yeah so root does have a channel, but sudo doesn't list it because it doesn't update HOME
<nekroze>
can nixops using the libvirt backend change cpu architecture? I want to use nixops to develop and test an aarch64 machine before deploying to the hardware from my x86_64 machine.
<gchristensen>
try `HOME=~root sudo nix-channel --list` or ...something...
<gchristensen>
:/
<Mic92>
fusion809: you only need users.extraUsers.<yourusername>.extraGroups = ["wheel"];
<__monty__>
gchristensen: Nothing.
<Mic92>
fusion809: security.sudo.enable should be true by default
<__monty__>
This makes channel updating rather more complicated than I'd want tbh.
<gchristensen>
no kidding
<gchristensen>
what about sudo -i nix-chanell --list
<fusion809>
Mic92: thanks, although one other thing, when I press "su" and type in my root password it says Authentication failure. I know I'm using the password as I keep using it to login as root in TTY2, TTY3, TTY4, etc.
<pi3r>
elvishjerricco: not sure if it is the best time for a reminder but I have a try ;-) +1 for GHC 8.4.4 as the default compiler in nixos-18.09-stable. Thanks.
IRCsum has quit [Remote host closed the connection]
IRCsum has joined #nixos
endformationage has joined #nixos
<azazel>
hey guys, I have some java application (to do digital signature) that comes with it's own java vm executable, obviusly linked to stuff in /usr/lib/..., where can I find documentation on how to deal with apps like that?
<tathougies>
i would like to make it so not even root can execute outside /nix/store?
<gchristensen>
well root could remount the partition without noexec
<elvishjerricco>
tathougies: You'll have some problems with that and setuid wrappers like sudo
<tilpner>
tathougies - Say you have a script /home/foo/bar.sh
<gchristensen>
what is your goal, tathougies? this seems a bit wacky
<tilpner>
tathougies - You could no longer make that executable, so ~/bar.sh would not work. sh ~/bar.sh would though, if sh refers to a store executable
<mdash>
gchristensen: lookin' for security in all the wrong places
<mdash>
(like, a unix kernel)
<emily>
linux offers no strict guarantees or assurances, sorry.
<tilpner>
Actually, I might be wrong, check before you rely on that
<emily>
your best bet is probably SELinux or something
<azazel>
tathougies: you can probably create some kind of namespace where even root's processes running from it are not permitted to do mount actions
<tathougies>
goal here is i'm using nixos as the basis to build an embedded device. By default, I'd like the device to only run trusted code
<tilpner>
Yeah. AppArmor an early process would probably break everything, but that has a higher chance of covering everything too
<tathougies>
i would offer advanced users the ability to turn this off, but since this device is all about data protection, I want it to be 'secure by default'
<mdash>
tathougies: what hardware is this going to run on?
<gchristensen>
one thing is it is easy to make a nix expr to add an arbitrary file to the nix store to be able to execute it
<tathougies>
Currently an ODROID-XU4, an arm32 based computer
<mdash>
tathougies: you may be better served by something more security oriented
<mdash>
tathougies: mmm, ok
* mdash
looks that up
<tilpner>
gchristensen - Which would be fine if the daemon is off and /nix/store is root:root
<tilpner>
Or root:nixbld
<azazel>
tathougies: I'm thinking for example about how root in docker containers is limited
<azazel>
v0|d: Trusted Path Execution is a security feature that denies users from executing
<azazel>
programs that are not owned by root, or are writable
<azazel>
mmmm how that helps?
<v0|d>
elfs in store are ownd by root?
<tathougies>
I plan on turning off the nix-daemon, because there will be no execution of arbitrary nix expressions on the device. The entire update is given by a nix store path and updates are fetched from a binary cache directly. Users can modify which caches are trusted, but my hydra instance will be on by default
jackdk has joined #nixos
<tathougies>
TPE looks promising
<v0|d>
tathougies: would you mind fxng btrfs-progs when you've got free time?
Adluc has joined #nixos
<tathougies>
v0|d: yeah sure… i'll look into it tonight
<elvishjerricco>
tathougies: This still leaves the issue that they can run arbitrary scripts with sh, right?
<v0|d>
tathougies: thnx.
<gchristensen>
elvishjerricco: an arbitrary script is comprised of nothing but already existing programs
<tathougies>
elvishjerricco: yes, and with python, etc. One step at a time…
asymmetric has quit [Ping timeout: 268 seconds]
<elvishjerricco>
gchristensen: Yea but anything you could do with a custom executable can probably be done with a bash script
<gchristensen>
then no shell access should be granted
<jackdk>
is there a document that describes the differences between the staging and master branches of nixpkgs?
<tathougies>
gchristensen: My intutition says that's not possible with nix, given that many programs are wrapped
<gchristensen>
not no shell, no shell access -- ie: no ssh
<elvishjerricco>
tathougies: I think he just meant you shouldn't provide terminal / ssh access
<tathougies>
oh i see
<tathougies>
yeah, no terminal / ssh access unless explicitly enabled
<gchristensen>
if you don't want people running shell scripts, you shouldn't let them run shell at all, because there is no difference
pi3r has quit [Quit: Leaving]
__monty__ has quit [Quit: leaving]
<MasseR>
wise words
pie_ has joined #nixos
pie__ has quit [Remote host closed the connection]
rprije has joined #nixos
<tathougies>
there's no SSH / terminal access to the device (well, not in production at least). I mainly want a way of assuring that my updates to the kernel + system software are done in such a way that I can be somewhat sure that what's booted has been signed
rihardsk has quit [Quit: rihardsk]
c0bw3b_ has quit [Remote host closed the connection]
jackdk has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @Infinisil merged pull request #51065 → nixos/sway-beta: pass arguments from wrapper to sway → https://git.io/fpuR7
<infinisil>
ekleog: -1 on your way of merging. I'm very dependent on github knowing which PR the commit came from so I can get to it with a single click
<ekleog>
… wait, did they find a logical explanation for it?
<gchristensen>
I think if you you jst put "#nnnn" in the PR it'll satisfy infinisil
fusion809 has joined #nixos
<gchristensen>
in the merge commit* and no, they didn't
<infinisil>
Probably ^^ :3
dbmikus_ has joined #nixos
<gchristensen>
but to github's support staff, near as I can tell, any bug is user error, including the time I accidentally got Lyft's private ops secrets repository when fetching my repository.
<infinisil>
ekleog: Ah, the non-merge commits are still linked to the PR, so I'm taking back my complaint
<ekleog>
oh nice, github ui not being broken is a good surprise :)
<fusion809>
OK, I rebuilt, with this config: https://github.com/fusion809/NixOS-configs/blob/NixOS-18.09/configuration.nix I'm still getting that sudo/su issue (unable to sign in with su, despite having the root password; /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set). I rebuilt, I upgraded (nixos-rebuild switch --upgrade), tried adding and removing sudo from the systemPackages field, not sure what else
<fusion809>
I'm meant to do...
<ekleog>
gchristensen: \o/
<gchristensen>
fusion809: what is the output of `which sudo` and `groups`
<fusion809>
/run/current-system/sw/bin/sudo and users wheel audio networkmanager
<gchristensen>
ok, so you still have sudo installed in systemPackages and it should not be
<fusion809>
Tried removing that, still the same issue.
<gchristensen>
paste the output from when you ran nixos-rebuild switch
<fusion809>
I had to do that in a TTY terminal (to get root), plus I've rebooted since I last rebuilt, so I don't have that output.
<fusion809>
I can rebuild.
<tathougies>
elvishjerricco: what does that do?
<gchristensen>
sure
<gchristensen>
also run: nixos-option environment.systemPackages and paste the otput
<nekroze>
Can nixops using the libvirt backend change cpu architecture? I want to use nixops to develop and test an aarch64 machine before deploying to the hardware from my x86_64 machine.
<elvishjerricco>
tathougies: it checks that all the store paths match the expected hash in the Nix DB
<elvishjerricco>
nekroze: i don't know, but that's an awesome idea
<elvishjerricco>
tathougies: Yea. But verify just makes sure they haven't been corrupted by the disk or some attack of some kind
<elvishjerricco>
I.E. this is for later, not for download time
<fusion809>
(Without that sudo revert it's a very boring output)
<gchristensen>
"/nix/store/kqb1mmkmacysi9whzqjwqlmi3dqr5r5y-sudo-1.8.24" sudo is still clearly in there
<fusion809>
Could it be that I haven't rebooted since the revert?
erasmas has quit [Quit: leaving]
<gchristensen>
you don't need a reboot to install / uninstall software :/
<fusion809>
Well this is what I now have as /etc/nixos/configuration.nix (not much change from last link, just missing the sudo) https://pastebin.com/0w6ARjBt. Not sure why it still appears.
<tathougies>
The main boot volume is encrypted, but nix verify is not a bad idea i guess
<tathougies>
can you just have it verify the closure of a particular path?
<elvishjerricco>
tathougies: You can. By default it verifies the paths in the arguments. With -r it verifies their closures. --all verifies the whole store
lnikkila has joined #nixos
lnikkila has quit [Client Quit]
dbmikus_ has quit [Ping timeout: 268 seconds]
justanotheruser has joined #nixos
justan0theruser has joined #nixos
mayhewluke has quit [Ping timeout: 246 seconds]
<fusion809>
Well I did switch my Rawhide partition over to NixOS because I thought it might be interesting, and it has, not always in a pleasant way though, esp. with this su/sudo issue.