<{^_^}>
[nixpkgs] @thoughtpolice pushed 2 commits to master: https://git.io/fhnYW
<lopsided98>
I'm not sure that's the problem though - did that fix it?
<h91wka_>
Well, as an software designer I would argue with decision to mess with the upstream. lock files _are_ part of the code. they should be respected.
knupfer has quit [Ping timeout: 250 seconds]
<justanotheruser>
lopsided98: using " src = python.pkgs.fetchPypi {", unfortunately it did not
<simpson>
h91wka_: Presumably this is good advice for distros which follow LSB and FHS. NixOS isn't one of them though.
callahad28 has joined #nixos
<simpson>
h91wka_: Adding to the problem is that you likely don't *actually* have the exact gripe that you've chosen, but something on a parallel path. Perhaps you were hoping to use rebar3 yourself, you have configuration for it or an existing project, and it doesn't Just Work on Nix.
callahad has quit [Ping timeout: 258 seconds]
<justanotheruser>
lopsided98: you were able to import it with your derivation, correct?
<simpson>
(As a language designer, I insist that languages should stop trying to have their own package managers. I've never used a language-specific package manager in happiness.)
<gchristensen>
h91wka_: you can get rebar without that patch of course
<lopsided98>
Yes, I just tested my derivation (not your modified one) in nix-shell
<gchristensen>
h91wka_: install rebar3-open instead of rebar3
<lopsided98>
justanotheruser: If you want to try using my derivation directly, you can try "pyalsaaudio = pkgs.python3.pkgs.callPackage /etc/nixos/pyalsaaudio.nix {};"
<lopsided98>
justanotheruser: Are you importing the correct package ("alsaaudio" not "pyalsaaudio")?
<justanotheruser>
I just did that to no avail
<h91wka_>
So, what is the benefit of manually reimplementing the lock files via nix expressions?
<justanotheruser>
I am running python3 -c "import alsasound"
<symphorien>
maybe the patch could mention that casual users should use rebar3-open in the error message
<h91wka_>
(Honest question, maybe I miss something)
<justanotheruser>
environment.systemPackages = with pkgs; [ pyalsaaudio ]
<gchristensen>
h91wka_: you won't be able to use rebar3 within a nix build, unless you have already fetched the dependencies beforehand
Dedalo has quit [Ping timeout: 250 seconds]
<gchristensen>
but if you just want to use rebar3, its fine. but if you want to nix-build something, it won't work
dsiypl4_ has quit [Ping timeout: 252 seconds]
<simpson>
h91wka_: The biggest benefit is that Erlang applications could be fully packaged with Nix and then used as dependencies in multi-language-laden systems.
<symphorien>
h91wka_: I don't know about rebar, but the parallel in rust is that you have two options to build a rust package: either you use cargo to fetch dependencies and you have to rebuild every dependencies every time, or you convert cargo.lock in nix file and only rebuild the end package when you modify it.
<simpson>
Since Nix doesn't tilt towards any particular language, this ends up being symmetrically disrespectful towards all of the various package managers.
<symphorien>
the second option is of course better, but implies letting nix manage dependencies
<lopsided98>
justanotheruser: I'm pretty sure Python libraries don't work in systemPackages
<justanotheruser>
hmm, I have python36Packages.jedi in systemPackages. I must have to put it in python36Packages then import it from there?
sanscoeu_ has joined #nixos
<lopsided98>
"alsasound" is not found for me, are you sure that is the right package?
<justanotheruser>
sorry, I meant alsaaudio, and it has the same result
<h91wka_>
Well, yes. The build environment is sandboxed so network indeed doesn't work. But if nix had a little more hope in the language-specific package menagers, what could go wrong? It's fetches same tarballs with same hashes after all
<justanotheruser>
lopsided98: sorry, I'm not familiar with that syntax. You want "environment.systemPackages = with pkgs; [ (python.withPackages(ps: [ pyalsaaudio ]) ]"?
thc202 has quit [Ping timeout: 240 seconds]
<lopsided98>
justanotheruser: Yes, I think that should work, except you are using Python 2 in that example
<justanotheruser>
tysm! not only did you write the expression for me, but you helped debug my integration of it!
<justanotheruser>
out of curiousity, did you need it for i3pystatus like I do?
<jasongrossman>
lopsided98++
<{^_^}>
lopsided98's karma got increased to 1
<justanotheruser>
lopsided98++
<{^_^}>
lopsided98's karma got increased to 2
eadwu has joined #nixos
<disasm>
clever: something weird happened with my terminal and my screen went black when I ssh'd into my tmux session. Was trying to make it work
<lopsided98>
justanotheruser: I'm not sure what you're asking about i3pystatus, and I've never used it. If a Python package is just a script (and will not be used as a library), it can go directly into systemPackages, otherwise it needs withPackages
<justanotheruser>
that is the dependency I'm using it for (i3pystatus). I can take care of it, but that is where I was getting the import error :)
<disasm>
interestingly a reboot into an older generation (I hadn't ran out of battery in a few months forcing me to reboot) and it works fine again.
justanotheruser has quit [Quit: WeeChat 2.2]
erictapen has joined #nixos
justanotheruser has joined #nixos
pie_ has joined #nixos
doyougnu has joined #nixos
<sphalerit>
Any special things that might be worth doing for ext4 filesystems that will have nix stores on them? Something to get more inodes or something maybe?
<gchristensen>
sure, extra inodes are good
<gchristensen>
but otherwise no
kisonecat has joined #nixos
<gchristensen>
anyone know what man page defines the format of /etc/NetworkManager/system-connections/«networkname» ?
steve-chavez has joined #nixos
<steve-chavez>
Hello, when upgrading to nixos 18.03 or 18.09, from 17.09 nixos-rebuild switch --upgrade hangs
<steve-chavez>
At evaluating file '/nix/store/kvvfzq4733g3anhrsmljaw88279whxal-nixos-18.03.133389.b551f89e256/nixos/pkgs/tools/X11/xkbvalidate/default.nix'
erictape1 has joined #nixos
<steve-chavez>
How can I solve that?
<tilpner>
gchristensen: nm-settings-keyfile
<gchristensen>
tilpner: nice, thank you!
<steve-chavez>
Is there a higher verbosity level so I can see what's happening? Doing `nixos-rebuild -v switch --upgrade` only shows "evaluating file..."
<ottidmes>
wait, that cannot be right, I am even using a lower version
<steve-chavez>
pkgs.nixStable works for me, pkgs.nixStable2 doesn't
<ottidmes>
steve-chavez: is that after setting nix.package or before? the 2.2 version?
<steve-chavez>
Actually not working because when doing `nixos-rebuild test` it hangs with "download thread waiting for 10000 ms" again..
<steve-chavez>
I upgraded nix with `nix-env -iA unstable.nix`
<ottidmes>
steve-chavez: ah... not sure if that is going to work, that is just changing your Nix binary as reported on your path, not what is being used by nix-daemon
<ottidmes>
steve-chavez: you might need to run: systemctl restart nix-daemon even after changing the Nix package, I at least remember needing to do that at the time
<ottidmes>
steve-chavez: I believe you are now trying to update to a new version when doing the rebuild after changing nix.package, did you try keeping your old nixpkgs version like it was, and then changing your config nix.package setting so it at least rebuilds succesfully for that? otherwise I would go with nixos-install fix
ivegotasthma has quit [Ping timeout: 246 seconds]
<steve-chavez>
Good idea, I'm going to go back to 17.09
ng0 has quit [Remote host closed the connection]
<steve-chavez>
Also I keep getting "warning: unknown setting 'signed-binary-caches'" if that helps in something..
<ottidmes>
steve-chavez: that one I remember, you can safely ignore it
Lisanna has quit [Ping timeout: 240 seconds]
ng0 has joined #nixos
<ottidmes>
steve-chavez: it is just your outdated nix.conf file that has an option that is no longer valid, but the defaults that replaced it are the same and so it is safe to ignore for now
<nh2>
is it possible to nix-build a string (which is a path to a file in a derivation)?
ivegotasthma has joined #nixos
<steve-chavez>
ottidmes: Oh.. I see. Now, I went back to 17.09, nixos-rebuild test works without `nix.package = pkgs.nixStable`, when I include it, it shows an error:
<ottidmes>
nh2: you mean "which is a path to a file with a derivation" then yes
<steve-chavez>
ottidmes: sorry, scratch that, no error
<nh2>
ottidmes: no, I have e.g. `{ nodeModules = "${node2nixPackage}/lib/node_modules/mydir"; }` and want to have an equivalent to `nix-build -A nodeModules` that will build `node2nixPackage` and print the full path on stdout
<{^_^}>
[nixpkgs] @veprbl opened pull request #53825 → root, root5: fix on darwin → https://git.io/fhnYN
h91wka__ has joined #nixos
chessai has quit [Ping timeout: 258 seconds]
luigy has left #nixos [#nixos]
<justanotheruser>
ok figured it out "i3pystatus = pkgs.i3pystatus.override { extraLibs = [pyalsaaudio]; };"
<steve-chavez>
ottidmes: Thanks a lot! My main issue was that I couldn't use the unstable channel anymore, but after `nix.package = pkgs.nixStable2;` I can. I'm going to stay in 17.09 for now. Thanks again.
<ottidmes>
nh2: I can only think of this right now: nix-build-expr() { nix-build --no-out-link --expr "$1" && nix-instantiate --eval --expr "$@"; }; nix-build-expr 'with import <nixpkgs> { }; { hello = "${hello}/bin/hello"; }' --attr hello
<h91wka__>
Oh, Erlang question. I just noticed that nix-packaged erlang libraries are scattered across /nix/store in a common for nix os way. However, Erlang has a unique live upgrade feature which allows to patch bytecode without stopping the VM. Without going deep into the VM primitives, this feature is handled by something that is called the OTP release [1]. OTP releases mandate a certain directory structure for all beam files. How does NixOS
<ottidmes>
steve-chavez: I cannot recommend staying on 17.09, security and all that, but you probably have your reasons, I am happy you have managed to get it working again!
<gchristensen>
h91wka__: it is common to merge many builds in to a single directory structure, as needed
<{^_^}>
[nixpkgs] @delroth opened pull request #53826 → nixos: allow customizing the kernel RANDSTRUCT seed → https://git.io/fhnOk
rprije has joined #nixos
alp has left #nixos ["Leaving"]
alp has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fhnOt
steve-chavez has quit [Quit: Page closed]
<gchristensen>
anyone done anything with secureboot + nixos?
<h91wka__>
Is there a success story of Erlang live updates using these merged builds? The only candidate I could find is ejabberd, and it has no upgrade paths.
<gchristensen>
h91wka__: I suspect not a lot of people have put effort in to the seamless deploys Erlang supports on NixOS
<gchristensen>
samueldr: oh!
<gchristensen>
samueldr: I'll be pinging a\ndi- in the morning I guess =)
<samueldr>
it's possible the user in the line before in the chat also did something, I seem to remember, but not sure
cyounkins has joined #nixos
griff_ has joined #nixos
jluttine has joined #nixos
<nh2>
ottidmes: I found that `nix eval` can do it
<nh2>
(with `--raw` so that it doesn't print the quotes)
pie_ has quit [Ping timeout: 258 seconds]
<{^_^}>
[nixpkgs] @veprbl merged pull request #53825 → root, root5: fix on darwin → https://git.io/fhnYN
<h91wka__>
Well, I would be interested in implementing something like this, because I think there's a lot of potential in NixOS, but the current state of the Erlang packaging, though... Let me go back to the package management a little bit. So there is a git `fetchurl' function, curl `fetchurl' and so on. rebar3 has a `get-deps' command that simply downloads the deps from the lock file. From any point of view it's the same as downloading a
<h91wka__>
tarball. Will it be idiomatic to implement `rebar3 get-deps' extension to fetchurl?
<ottidmes>
nh2: ow? so `nix eval` also can deal with things like IFD, i.e. build things necessary to evaluate the expressions?
ivegotasthma has joined #nixos
freeman42y has joined #nixos
justanotheruser has quit [Read error: Connection reset by peer]
georges_ has quit [Ping timeout: 244 seconds]
<nh2>
ottidmes: hmm, looks like it cannot: `nix eval '("${(import <nixpkgs> {}).pandoc}/bin")'` prints out the path but doesn't build pandoc :/
doyougnu has quit [Quit: WeeChat 2.2]
q6AA4FD has joined #nixos
<ottidmes>
nh2: I cannot get it to work either, but what I suggested still works, just export it to json and add jq --raw-output and you get the same as nix eval --raw
<nh2>
ottidmes: I will do it the way you proposed, but using `nix eval --raw` instead of the `nix-instantiate` to save the jq; that should also do, right?
<gchristensen>
what is the point of secureboot if you can turn it off? ...hmm
<nh2>
gchristensen: that software cannot turn it off, only you yourself in the bios
<ottidmes>
nh2: I tried, but then you run into issues with nix-build only accepting derivations or lists/attrsets, so you cannot do like: nix eval --raw '(...).hello', because that would return a string which nix-build cannot deal with. It should be possible, but that would complicate the shell function a lot, probably ending up slowing it down in the process :P
ris has quit [Ping timeout: 260 seconds]
<gchristensen>
nh2: ah, so a physical attack
<nh2>
you mean "a physical attack is not what it protects against"? yes
<gchristensen>
right
<nh2>
yes, it's for protecting against user-installed malware corrupting your kernel or similar
<clever>
ottidmes: ive found that very anoying, because i cant GC root the result of builtins.fetchTarball
<clever>
ottidmes: i have to create a useless derivation, that just symlinks $out
h91wka__ has left #nixos ["ERC (IRC client for Emacs 26.1)"]
<ottidmes>
clever: I should probably do something simliar, some things have to be rebuild every time I GC, but they are not like builtins.fetch*, so it is not that bad
gagbo has quit [Ping timeout: 260 seconds]
iqubic has quit [Ping timeout: 268 seconds]
shibboleth has quit [Ping timeout: 256 seconds]
Ariakenom_ has quit [Quit: Leaving]
init_6 has joined #nixos
erictape1 has quit [Ping timeout: 244 seconds]
ng0_ has joined #nixos
mcnesium has quit [Ping timeout: 250 seconds]
ng0 has quit [Ping timeout: 256 seconds]
Supersonic has quit [Ping timeout: 252 seconds]
Supersonic has joined #nixos
<gchristensen>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<ottidmes>
awk 'BEGIN { while (i++ < 52) printf "0"; print }', or printf '%.s0' {1..52}; echo, are a few other shell variants, but I like the python variant the most
freeman42y has quit [Quit: Leaving]
kisonecat has quit [Quit: leaving]
kisonecat has joined #nixos
<ottidmes>
wedens: is that common lisp? a lisp for sure, but I am not quite sure which one, I only programmed in Clojure, and toyed a bit with a simple Scheme implementation
<samueldr>
printf "%052d"
<Ralith>
ottidmes: looks like elisp to me
<Ralith>
the idea being you put it in your editor, and don't have to muck around with copypaste
<ottidmes>
samueldr: nice, I would make it: printf '%052d\n', but that one is much nicer than the {1..52} thing
<ottidmes>
Ralith: knowing myself I would on the other hand be mucking around with the editor instead :P so maybe it is for the best that I do not Emacs
<{^_^}>
[nixpkgs] @samueldr opened pull request #53827 → tests: Logs timing in tests → https://git.io/fhnOx
<gchristensen>
hrm. I sbsigned /boot/EFI/BOOT/BOOTX64.EFI and loaded my keys. I wonder why it doesn't work.
lassulus_ has joined #nixos
freeman42x has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @samueldr opened pull request #53828 → tests: Wait for shell for twice as long (10m) → https://git.io/fhnOh
lassulus has quit [Ping timeout: 246 seconds]
lassulus_ is now known as lassulus
griff_ has quit [Quit: griff_]
eadwu has quit [Ping timeout: 250 seconds]
<gchristensen>
[grahamc@Morbo:~]$ bootctl status | grep Secure
<gchristensen>
Secure Boot: enabled
<samueldr>
all parts in the chain are verifying the signature of the next?
<samueldr>
(or at least until decryption)
<ottidmes>
,declarative fusion809
<{^_^}>
fusion809: There are multiple ways of managing declarative profiles. 1) Attrset, compatible with imperative use of nix-env https://git.io/fAQHW ; 2) buildEnv, providing more control over the paths that are linked into the profile https://git.io/fp0aU ; 3) home-manager, providing nixos-like config for your ~ https://github.com/rycee/home-manager
ilya-fedin has joined #nixos
<gchristensen>
samueldr: I have custom keys loaded in to the bios, a signed /boot/EFI/BOOT/BOOTX64.EFI, /boot/EFI/systemd/systemd-bootx64.efi, and bzImage. how'd I do?
<ilya-fedin>
Well, since the kittens woke me up ...
<samueldr>
gchristensen: not sure since I have no experience with that, but I guess that if you had to sign all those bits it sounds alright
<ilya-fedin>
And dropped a flower in a pot
<samueldr>
maybe the initrd can still be modified?
<gchristensen>
samueldr: me either... maybe it can
<Church->
Sup folks
<Church->
What's going on?
<samueldr>
ilya-fedin: how kind kittens, dropping a flower into a pot :)
<ilya-fedin>
This time zfs compiled after the kernel. But after a reboot, now the errors that the main modules were not found (sd_mod, ahci ...)
<ilya-fedin>
samueldr: They are playing. It seems, moreover, one of them also vomited while I was sleeping ...
<ilya-fedin>
So, the output of nixos-rebuild is not accidentally stored in journalctl? I want to review the output and look for errors. It seems there were errors that the modules were not found, but I did not look hard.
<samueldr>
gchristensen: but that's kinda doing it the other way around, only signing an efi program :/
<gchristensen>
samueldr: that is all secureboot verifies
<samueldr>
exactly
<ilya-fedin>
Cruch-: :D
<samueldr>
AFAIUI grub handles the bzImage, right gchristensen?
<samueldr>
or uh, systemd-boot for you
<gchristensen>
samueldr: yeah, though I'm using systemd-boot. I'm reading elsewhere some people use a gpg signature on the initrd, verified in the stage1
<samueldr>
because as far as secure boot is concerned, I could very well make a minimal .EFI program that loads anything insecurely and sign it :/ the secure boot flag would still be up
<gchristensen>
of course
<gchristensen>
is the bentley strategy flawed? seems fine, no? the .efi program is signed and contains the initrd and kernel
<ilya-fedin>
Interestingly, in `journalctl -b 1 -e` the last lines end on January 8th. Where have 3 days gone?
<gchristensen>
-b1 means the previous boot
<ilya-fedin>
Yes
<ilya-fedin>
I need log of previous boot
<samueldr>
gchristensen: not flawed, AFAIK, but it probably means you need to boot the kernel program itself, so no systemd-boot, no grub, no generations menu?
<gchristensen>
oh, ack
<gchristensen>
at any rate, it is past my bed time
<samueldr>
I mean, that's the main downside imho of nixos: can't boot the kernel directly :)
<gchristensen>
:D
<samueldr>
(you can, but it's not the best idea)
<gchristensen>
I can't wait for when I do a nixos-rebuild boot, reboot, and can't boot b/c I have secureboot on but not automated by nixos
<samueldr>
lol
<gchristensen>
ok, good night. I'll play some more tomorrow maybe.
<elvishjerricco>
samueldr: I thought there was a way to have grub check for gpg sigs on the grub config, the initrd, and the kernel? Presuming your grub config disallows modifying the boot params in the menu, wouldn't this be sufficient?
<samueldr>
elvishjerricco: possibly, I though you would know :)
<samueldr>
the only thing I know for sure is that once one stage doesn't check the next, all bets are off
<elvishjerricco>
elvishjerricco: I've only heard tell; never actually looked into it.
<elvishjerricco>
But yea I've heard grub can check all the things before loading the next stage
<samueldr>
then it must have been an\di- I guess who had more in depth knowledge
<cheshircat>
hey, I'm having a weird issue to do with patches
<cheshircat>
when I add a patch for st using st.override { patches = [ builtins.readFile "..."]; }, I get an error message when I build: /nix/store/phl3z5qk8s4xnf74824navw5d0lsfka5-stdenv-linux/setup: line 954: diff: No such file or directory
<cheshircat>
I've tried manually patching and it works fine
xkapastel has quit [Quit: Connection closed for inactivity]
orivej has quit [Ping timeout: 268 seconds]
worldofpeace has quit [Quit: worldofpeace]
slack1256 has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
o1lo01ol1o has quit [Ping timeout: 258 seconds]
init_6 has quit [Ping timeout: 245 seconds]
<wedens>
there is hardware.bluetooth.powerOnBoot option, but when it's set to false, bluetooth.service is still running. does it mean that bluetooth adapter is on?
mjdtdw has joined #nixos
hedning has joined #nixos
marcus_ has joined #nixos
marcus_ is now known as Guest60258
ddellacosta has quit [Remote host closed the connection]
Guest60258 has quit [Client Quit]
mjdtdw has quit [Ping timeout: 256 seconds]
fusion809 has quit [Remote host closed the connection]
init_6 has joined #nixos
Sigma has joined #nixos
<elvishjerricco>
cheshircat: You don't want to use readFile. The patches field is supposed to be a list of patch *files* not a list of patch texts
<wedens>
`bluetooth` command reports that bluetooth is on, when powerOnBoot = false
cyounkins has quit [Remote host closed the connection]
cyounkins has joined #nixos
palo1 has joined #nixos
cyounkins has quit [Remote host closed the connection]
<fusion809>
Hi folks, I'm just wondering if there's a program I can use to automate the process of turning a Debian package into a nixpkg? I do not know the Nix language awfully well, and I have a Debian package that I'd love to be able to use on Nix.
<{^_^}>
[nixpkgs] @jethrokuan opened pull request #53830 → pythonPackages.pyment: init at 0.3.3 → https://git.io/fhnG4
<symphorien>
fusion809: is the package built from source ?
mcnesium has joined #nixos
<symphorien>
if so, it is probable that you will have less trouble packaging it "normally" in nix than patching binaries
<fusion809>
Nope, it's a proprietary application written in Java that is only distributed for Linux as a deb package and an rpm package.
<Yaniel>
there is a bunch of packages on nixpkgs that just download a .deb and run dpkg-deb on it
<symphorien>
if it is in java, unpack the .deb with dpkg -x and then extract the jar and wrap it with jre
<MichaelRaskin>
h91wka_: re: Erlang support: I think running rebar in nix-shell (in case some native dependencies are needed) is a normal solution, that allows you to use Nix for the well-supported things and use language-native approaches for the Erlang tooling per se.
<{^_^}>
[nixpkgs] @vcunat pushed 240 commits to staging-18.09: https://git.io/fhnGb
<MichaelRaskin>
As for directory structure: how symlink-friendly is this approach? Normal Nix way of doing things is symlinking the scattered files into a proper layout, symlink to the result and atomically replace the symlink on upgrade
<{^_^}>
[nixpkgs] @dotlambda pushed commit from @timokau to master « python3.pkgs.tinycss: fix build (#53831) »: https://git.io/fhnZk
<fusion809>
Well, I'll be ...ed I actually managed to write a working nix file. I could have sworn I'd need more help than that.
<MichaelRaskin>
Well, with Nix/Nixpkgs simple things are simple enough to be done by stumbling and imitating existing simple packages!
<MichaelRaskin>
(complicated things are often too complicated, though)
<fusion809>
Although, the desktop config files (in $out/share/applications) are oddly named ldkzs842xx0vkn52lhk8qwx9z8m29am2-MarvinView.desktop and zac6c2vkhyhp44dixg97ljprbp7gxq84-MarvinSketch.desktop, when they were just copied from files named MarvinView.desktop and MarvinSketch.desktop in the directory of the nix file.
<MichaelRaskin>
Well, when things are copied into the store's top-level (and referencing out-of-store files does that), they follow the Nix store collision-avoiding convention of hash-name
<fusion809>
OK, well I suppose they aren't appearing in my application menus, even though they are in ~/.nix-profile/share/applications (I installed my package with nix-env -f /path/to/nixpkgsfork -iA marvin).
<fusion809>
I'm running KDE and I do not see 'em
<fusion809>
I've tried restarting plasmashell with killall plasmahell ; plasmashell, yet it is still not in the menu.
Makaveli7 has joined #nixos
cyounkin_ has quit [Remote host closed the connection]
<Phillemann>
A friend of mine is trying Nix out (not NixOS) and is wondering which kernel flags he needs for certain packages (such as steam).
<Phillemann>
I don't see any mention of that in the Nix manual.
<Phillemann>
Am I missing something?
<MichaelRaskin>
User namespaces, probably
shpx has joined #nixos
silver has joined #nixos
esmerelda has joined #nixos
fusion809 has quit [Quit: Leaving]
fusion809 has joined #nixos
<esmerelda>
hey! what do y'all use for python packages that aren't in nixpkgs? I'm thinking about using pypi2nix for overlays, but not totally sure it's the best plan
<makefu>
Phillemann: afair we do not (yet) have that kind of granularity. essentially kernel flags are set globally. however that also means that you do not need to enably certain flags by hand to get stuff working
<esmerelda>
and what are the changes in python packaging that are alluded to in the pypi2nix readme?
orivej has quit [Ping timeout: 245 seconds]
fusion809 has quit [Remote host closed the connection]
fusion809 has joined #nixos
orivej has joined #nixos
gagbo has joined #nixos
adamantium has joined #nixos
<makefu>
esmerelda: there are two things you can do, 1. manually package the python package with the upstream libraries available, 2. use pypi2nix
<esmerelda>
unfortunately, the pip I'm trying to package (prospector) has many dependencies which themselves aren't upstream
Ariakenom has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed to staging-next « libnice: avoid one test for now »: https://git.io/fhnZi
rprije has quit [Ping timeout: 246 seconds]
<{^_^}>
[nixpkgs] @peti pushed 7 commits to haskell-updates: https://git.io/fhnZX
<makefu>
then you will probably use pypi2nix
orivej has quit [Ping timeout: 250 seconds]
dahuoji[m] has joined #nixos
<MichaelRaskin>
makefu: well, when Steam is mentioned, it is _extremely_ likely that the question is about non-root user creating namespaces. They are often not allowed for security surface reasons, and we do use them a lot…
<MichaelRaskin>
Phillemann: what is the distribution in question?
<{^_^}>
[nixpkgs] @vcunat pushed 179 commits to staging-next: https://git.io/fhnZd
<timokau[m]>
MichaelRaskin: what are the security reasons to disallow them?
o1lo01ol1o has joined #nixos
<MichaelRaskin>
timokau: Well, if you allow user-created namespaces, a lot of code paths in the kernel that could previously (10 years ago) only be activated as root are now accessible to fake root in a namespace/container
<timokau[m]>
Ah so "just" precaution/attack surface. Thanks
<MichaelRaskin>
Well, both insufficient access checks and insufficient validation with logic or memory corruptions get found
<MichaelRaskin>
These are treated as significant-impact bugs and patched quickly, but these are a non-negligible share of all Linux local escalation vulnerabilities
orivej has joined #nixos
<timokau[m]>
Thats why the just was in quotes, I'm aware that its a good reason.
<timokau[m]>
Although I'd hope that those aren't that common anymore, now that it has been around for a while
o1lo01ol1o has quit [Ping timeout: 268 seconds]
<timokau[m]>
Also realizing all the ways I'd be screwed if some process had user-level permissions, I'm less concerned about privilege escalation on my personal machine
<MichaelRaskin>
Well, Linux vulnerabilities — or data corruption risk bugs on popular hardware with mainstream options, if you buy Linus'es approach that security bugs are not that special — are rare, too!
<MichaelRaskin>
So these are a significant share.
<fusion809>
I have a PR I'm writing, but I need to add myself to the maintainers list, as otherwise the package this PR adds will have no maintainer. For the commit message should I mention I'm adding myself to the maintainers list, or just leave it, so as to ensure the commit message doesn't get too long?
<timokau[m]>
fusion809: I'd just mention it in the longer commit description
<fusion809>
Ah, OK, thanks!
estrom has joined #nixos
<timokau[m]>
Or make a separate commit
dahuoji[m] is now known as ShenTsing[m]
<MichaelRaskin>
Nobody cares much about commit message length beyon fthe first line, as long as information density is high enough
<MichaelRaskin>
Multiple commits also make sense
<estrom>
I'd like to save my nvidia-settings to the xorg.conf, but I cannot find one. How do I go about saving my nvidia-settings in nixos?
<ilya-fedin>
How can I remove the latest generation and make one of the previous boot?
<MichaelRaskin>
You did fix the hash-in-name issue with the desktop entry?
<MichaelRaskin>
ilya-fedin: do you have immediate access to the computeR?
<MichaelRaskin>
Then you can just select the previous configuration in GRUB on reboot
<{^_^}>
[nixpkgs] @peti pushed 0 commits to yegortimoshenko-patch-1: https://git.io/fhnZh
<equivrel>
Does anyone know if in Nixops it's possible to NOT generate an sshKeyPairs resource and instead just install users.extraUsers.root.openssh.authorizedKeys.keys normally? or does it depend on the backend? I would be much more comfortable not having a state file with unencrypted keys.
<MichaelRaskin>
When booted into the previous one, you can go to /nix/var/nix/profiles and kill the symlink system-…-link of the wrong configuration
<symphorien>
to make one generation the default, run /nix/var/nix/profiles/system...-link/bin/switch-to-configuration boot iirc
<MichaelRaskin>
Hm, I think it is "system-…-link/bin/switch-to-configuration switch" (or boot) that will make sure the boot menu is updated
<ilya-fedin>
It is I still tormented with the compilation of the kernel... It seems to have been broken because of a very large buildCores and I am trying to get Nix to recompile it again. I'm trying to somehow remove the last compiled kernel package for this.
<Phillemann>
makefu: I'm not sure what you mean. I think it'd be nice if the manual said: If you want to run steam on a distribution that's not NixOS, you need the following kernel flags.
<Phillemann>
MichaelRaskin: Gentoo
<MichaelRaskin>
It is a bit more complicated, there are different ways different features can be disabled
<MichaelRaskin>
(and steam is considered a hacky corner case)
<MichaelRaskin>
Phillemann: but probably CONFIG_USER_NS is the first thing to check
<Phillemann>
Okay
ferriswheel has quit [Ping timeout: 268 seconds]
<ekleog>
is it me or is the acme module on release-18.09 broken? (18.09.1834.9d608a6f592)
<ekleog>
I'm getting tracebacks when starting it manually, after having noticed my certificates expired, so it means it's been down for quite long :/
<tilpner>
I usually get a traceback the first time I start it for a new subdomain
<tilpner>
But then never again
<ekleog>
hmm it's for already-existing domains :/
<ekleog>
apparently my nginx is returning 404 not found
<tilpner>
What does systemctl list-timers say for it?
<ekleog>
(with, somehow, a 403 status)
<MichaelRaskin>
timokau: I hope userns bugs and Firefox bugs have disjoint exploitation windows, because I use userns to isolate my Firefox instances (with single-use profiles)
<ekleog>
it has them
<ekleog>
(the error I'm quoting is when I `systemctl restart acme-foo.example.org.service` manually)
<estrom>
Do I want to put my additional xorg configs in /etc/static/X11 and symlink, or in /etc/X11?
<tilpner>
ekleog: Does it mention AttributeError: 'NoneType' object has no attribute 'wrapped' ?
<ekleog>
tilpner: yup, at the end of the steram of errors
<tilpner>
ekleog: Did you recently fiddle with DNS?
<tilpner>
(Check with dig, and online propagation testing tools)
<duairc>
I don't know much about programming G* apps, I'm just trying to packages one. If it distributes gobject introspection files, should gobject-introspection go in buildInputs or nativeBuildInputs? Because I think they're generated in the build process, right?
<ekleog>
not in the past month, maybe since last restart
<tilpner>
If nginx was down for an unrelated reason, that would also fail validation
<ekleog>
it's up right now
<ekleog>
(when I do the `systemctl start`)
<timokau[m]>
MichaelRaskin: I guess at least the firefox-sandbox escapes should be disjoint
<timokau[m]>
Sandbox escapes are really the biggest issue imo
<tilpner>
Right now is irrelevant. Was it up when you ran the acme-foo service?
<ekleog>
it's up at the time I did systemctl start acme-foo.example.org.service
<ekleog>
hmm nah it looks like foo.example.org points to the right address
<fusion809>
The download URL for my package's source includes the package's version with the patch number removed (e.g. for version 19.1.0 of the package, 19.1 is the version of the package, with the patch number removed). Is there I way I can write this source URL, without having to manually update the 19.1, whenever a new version of the package is released? I've tried using the URL http://dl.chemaxon.com/marvin/${version}/marvin_linux_${
<fusion809>
version%.?}.deb, but that returns errors like error: syntax error, unexpected $undefined, expecting '}', whenever I try to build the package.
<fusion809>
As ${version%.?} returns the version of the package, with the patch number removed, i.e. 19.1
<tilpner>
ekleog: Does "grep well-known/acme-challenge /var/spool/nginx/logs/access.log" print a hit that matches the time of validation?
<ilya-fedin>
MichaelRaskin: There is no switch-to-configuration in my system
<sphalerite>
ilya-fedin: it should be in the bin directory of the system profile
<sphalerite>
ilya-fedin: e.g. /nix/var/nix/profiles/system/bin
<ilya-fedin>
Yes thank you. How to specify configuration to switch?
<MichaelRaskin>
timokau: hm, what is thre beyond the VM and process separation and maybe some namespacing? Seccomp?
<timokau[m]>
MichaelRaskin: I have no idea but I'd have guessed that firefox does some static validation or something
<timokau[m]>
MichaelRaskin: Worst case just compile firefox to webasm and run that in chrome within firejail
<ilya-fedin>
Got it. system-GENERATION_NUMBER-link
<ekleog>
tilpner: `sudo tail -f /var/spool/nginx/logs/access.log | grep well-known/acme-challenge` does add a new line like the following at every `systemctl start acme-foo.example.org.service`: `"GET /.well-known/acme-challenge/... HTTP/1.1" 404 ...`, so I guess it somehow does 404 :/
<symphorien>
ilya-fedin: readlink /run/booted-system I guess
<estrom>
An example for `services.xserver.monitorSection` is "HorizSync 28-49". If I have multiple options to supply, do I supply them via a list? Like: monitorSection = [ "HorizSync ...", "VertSync ...", ... ];
<MichaelRaskin>
I think you can manually symlink /run/booted-system as a system-(N+1)-link and do a switch-to-configuration and get what you want
Dedalo has quit [Ping timeout: 268 seconds]
estrom has quit [Remote host closed the connection]
<duairc>
Does anyone use i3? I've copied my config over from when I used debian, and I find that all the scripts are really slow to execute, like around ~1 second delay.
<duairc>
They're written in shell script... I guess on Debian they used dash, and on NixOS they use bash, which is a bit slower. But they shouldn't be that slow?
<{^_^}>
[nixpkgs] @ttuegel pushed 3 commits to release-18.09: https://git.io/fhnno
Dedalo has joined #nixos
<duairc>
timokau[m]: I don't think so? I just have a few bindings in my .i3/config file that do exec --no-startup-id scripts/somescript, and then the scripts are usually about 10 lines of shell
estrom has joined #nixos
uaquhuliuh has joined #nixos
<timokau[m]>
duairc: What if you execute an empty script? `touch /tmp/script.sh; time bash /tmp/script.sh`
<duairc>
In i3 or generally?
<duairc>
In a normal shell that takes 0.003 seconds
<estrom>
How do I solve something generating Screen/Monitor configuration over my configuration? E.g. `Section Monitor\n Identifier "Monitor[0]"\n Identifier "Monitor0"\n EndSection`. Where Monitor0 is my monitorSection configuration -- and the other is generated.
m4rv33n[m] has joined #nixos
<timokau[m]>
duairc: Shouldn't make a difference
<duairc>
There just seems to be something about how i3 is calling the scripts that makes it really slow
<timokau[m]>
duairc: But if it takes longer "in i3" (whatever that means) then at least the problem isn't with bash
<MichaelRaskin>
Maybe strace i3?
<timokau[m]>
duairc: Okay can't help you with that, maybe someone else can. I'm not currently using i3
<duairc>
MichaelRaskin: Yeah, maybe, might be worth a try
<duairc>
timokau[m]: That's okay, thanks anyway
Xal has quit [Ping timeout: 245 seconds]
<MichaelRaskin>
You might need to echo 0 > /proc/sys/kernel/yama/ptrace_scope
<philippD>
Are there any news on incremental builds during development in nix? Currently I create special attributes like "repl" that add a shellHook with a script that triggers the incremental build with an "exit" at the and and call it with "nix-shell -A repl". Is there a better way?
<Phillemann>
Is it possible to run OpenGL applications in Nix on distributions other than NixOS?
<ilya-fedin>
Why is the nvidia 390 only for 32-bit systems?
<tilpner>
,nixGL Phillemann
<{^_^}>
Phillemann: nixGL is a bunch of wrappers for getting OpenGL programs to work for your graphics card, https://github.com/guibou/nixGL
<ilya-fedin>
Support for my card ended after 390 version
fusion809 has quit [Remote host closed the connection]
<arianvp>
I have a nix expression that generates an invalid derivation file but I don't see what's invalid Bout it
estrom has quit [Remote host closed the connection]
<wedens>
must be something nix specific, but I dont see anything unusual either
<gchristensen>
in what json?
<sphalerite>
arianvp: no, store paths just can't have names containin @
<arianvp>
I don't see any store path with an @ here
<arianvp>
Oh
<sphalerite>
err
<sphalerite>
no yeah
jtojnar has joined #nixos
<arianvp>
Alright. That is a horrible constraint considering systemd uses them all over the place
eadwu has joined #nixos
<arianvp>
How can I even then reference to files inside systemd?
<arianvp>
I don't get it.
<gchristensen>
this is something we definitely do inside nixos, so not sure what you're doing which is different
<arianvp>
There's enough files in my store path with @ in it
<arianvp>
So something else is going on here...
<gchristensen>
it is this: "exportReferencesGraph": "closure-autovt@.service /nix/store/kinpd6wss80pf2d04jnvvmw25lzkrlbq-systemd-239/example/systemd/system/autovt@.service",
Lingjian has joined #nixos
<gchristensen>
creating a store path of the reference graphs, with the name closure-autovt@.service. the solution is changing that name somehow
<arianvp>
I'm not sure i understand. I didn't create exportReferencesGraph
<gchristensen>
one possible solution is change to symlink = "/etc/systemd/system"; object = "${pkgs.systemd}/example/systemd/system";
<arianvp>
I can't so that.
<gchristensen>
why not?
<arianvp>
Because I also need to put custom stuff in /etc/systemd/system
<arianvp>
I. Don't want everything from the package either
<arianvp>
(just like in NixOS/
<gchristensen>
sure. you could buildEnv first
<arianvp>
But what is export References Graph ?
dsiypl4_ has joined #nixos
<gchristensen>
so use another derivation to make the /etc/systemd/system symlink forest, and then put that in
<gchristensen>
it exports a list of the entire closure of a path
<arianvp>
Why is there an invalid name in there
<arianvp>
?
eadwu has quit [Ping timeout: 250 seconds]
<gchristensen>
because makeInitrd is probably asking for the closure of "${pkgs.systemd}/example/systemd/system/autovt@.service"
knupfer has quit [Remote host closed the connection]
tzemanovic has joined #nixos
<MichaelRaskin>
timokau: wait, you are a person who uses BtrFS but doesn't know that _only_ btrfs filesystem df reports anything remotely useful?
<gchristensen>
MichaelRaskin: like «btrfs filesystem df» ?
kragniz has joined #nixos
iyzsong has quit [Read error: Connection reset by peer]
knupfer has joined #nixos
<rnhmjoj>
if a variable (colon separated paths) is already defined in the option environment.variables, how do I append something to it? using mkForce will reset it.
estrom has joined #nixos
estrom has quit [Remote host closed the connection]
<wedens>
rnhmjoj: is the value a list of strings or a string?
<wedens>
lists from different modules will be merged
<rnhmjoj>
it's just a string
<rnhmjoj>
the manual says environment.variables is of type 'attribute set of string or list of stringss'. i'm not sure what that means
estrom has quit [Remote host closed the connection]
<rnhmjoj>
ah, cool: i tried using a list of strings and it's getting merged
<{^_^}>
[nixpkgs] @veprbl pushed to pr/qt5-darwin-fix « qt5: use 5.11 on darwin until it's fixed »: https://git.io/fhncK
<{^_^}>
[nixpkgs] @veprbl opened pull request #53846 → qt5: use 5.11 on darwin until it's fixed → https://git.io/fhnc6
erictapen has joined #nixos
estrom has joined #nixos
estrom has quit [Remote host closed the connection]
ottidmes has quit [Ping timeout: 244 seconds]
contrun[m] has joined #nixos
orivej has quit [Ping timeout: 245 seconds]
<contrun[m]>
anyone else have problem buiding haskell project with c dependencies? It seems stack build can not find the right header file on my machine.
<contrun[m]>
wedens: thank you very much. Will look at it presently
<gchristensen>
samueldr: I got secureboot from bios to initrd signed now, works great
<ekleog>
tilpner: (sorry for having been interrupted IRL… about that acme failure:) I do have `[error] 1399#1399: *326614 open() "/var/lib/acme/acme-challenge/.well-known/acme-challenge/..." failed (2: No such file or directory), ...`
Makaveli7 has joined #nixos
vyorkin has joined #nixos
tzemanovic has quit [Ping timeout: 250 seconds]
* ekleog
looking for what went wrong
<tilpner>
ekleog: Good, that means nginx is not at fault. It does indeed look like the acme module might be broken
vyorkin has left #nixos [#nixos]
bgamari has quit [Ping timeout: 252 seconds]
<tilpner>
Review recent changes to it or look at closed-in-master issues about it. It seems to be working here, so you could also try using a newer acme module
erictapen has quit [Ping timeout: 246 seconds]
<tilpner>
Actually... I still haven't seen your config
<arianvp>
gchristensen: with dmverity?
bgamari has joined #nixos
<gchristensen>
what is dmverity?
<ekleog>
yeah I'm looking at it myself, though I haven't changed it for like a year
vyorkin has joined #nixos
<gchristensen>
arianvp: I have keys loaded in to the firmware for secureboot, and have signed the systemd-boot .efi program and made a combined kernel-options-initrd efi program which is also signed.
<ekleog>
tilpner: ok I think somehow webroot is being ignored: I have webroot="/var/acme-challenge/foo.example.org" in `nixos-option security.acme.certs`
<ekleog>
and nginx is looking at the wrong place
<tilpner>
Why are you setting webroot?
<tilpner>
Oh, /var/lib vs /var
<ekleog>
yup (plus /foo.example.org), though there likely isn't much actual interest in it
dsiypl4__ has joined #nixos
<ekleog>
ok so I do have `locations."/.well-known/acme-challenge".root = "/var/acme-challenge/${dns}";` in my config, but there are also blocks for /var/lib in my nginx.conf
agander has quit [Ping timeout: 272 seconds]
<tilpner>
With enableACME, I wouldn't expect you to need to set webroot and locations.acme-challenge.root
<ekleog>
wth if I grep for foo.example.org in my nginx.conf the only location is /var/acme-challenge
vyorkin has quit [Quit: Leaving.]
<ekleog>
I'm not actually using enableACME, there is no website on this domain, it's my IMAP server
<tilpner>
It doesn't really hurt. nginx will keep running and serving 404, but that's not terrible
acarrico has joined #nixos
<ekleog>
… ok so `git log -p` from release-18.09 and grepping for either acme or nginx shows basically no change in the last 3 months… or maybe I upgraded to 18.09 less than 3 months ago? let's try enableACME, then
<gchristensen>
reading systemd-boot-builder.py is no fun :|
<fusion809>
Where can I find some good documentation on makeWrapper? I'm meant to use it in my PR and I cannot figure out how to use it.
<ekleog>
tilpner: ok it looks like enableACME works, once I understood why I didn't use it in the first place :) (my server has 2 IP addresses, so just using enableACME tries to make nginx listen on 0.0.0.0:443, which it can't do because something else is already on the other IP address's :443)
<timokau[m]>
How do I get `gcc` in a nix-shell to disable its hardening (all except PIE)?
<timokau[m]>
I've tried setting `NIX_HARDENING_ENABLE=pie`, but that doesn't work (as shown by `NIX_DEBUG=1`)
<timokau[m]>
And reading the cc-wrapper source there is some talk about an "infix salt"
hedning has quit [Quit: hedning]
hedning has joined #nixos
Jackneilll has quit [Ping timeout: 246 seconds]
mizu_no_oto has joined #nixos
kisonecat has joined #nixos
<tokudan[m]>
I do have an issue using the php app postfixadmin on nixos. the issue seems to be an nginx configuration issue that I cannot figure out. phpfpm complains that it gets a directory, while nginx wants index.php, i would be grateful for any pointers or ideas on how to solve this. details here: https://gist.github.com/tokudan/a527d8b4c632bd4a17460b458a57c323
erictapen has joined #nixos
<gchristensen>
I guess I'm not sure what the point of secureboot is on a user-built system, if it is protecting against malware which can write to protected files it can presumably read protected files, and then access the signing key to sign its malware.
<gchristensen>
if the boot process were generated by a third party (microsoft, apple) that is a different thing
<gchristensen>
andi-: what do you think?
<tokudan[m]>
gchristensen: if it's a nitrokey or yubikey doing the signing, malware might not be able to sign it. also an evil maid attack is harder
<gchristensen>
not much harder, since they can turn off secureboot in the uefi firmware without me even knowing -- since it isn't clear if a boot is "secure" or not
xavierm02 has joined #nixos
<{^_^}>
[nixpkgs] @FRidh merged pull request #53788 → retdec: remove pycache from install dir → https://git.io/fhZ5c
<{^_^}>
[nixpkgs] @FRidh pushed commit from @dtzWill to master « retdec: remove pycache from install dir »: https://git.io/fhnWY
<tokudan[m]>
I'd assume that disabling secureboot should only be able in the firmware and not from a running system. if it's possible after firmware, then yes, that is definitely an issue
<andi->
gchristensen: I do think it is still of some value. It is basically the same as with every notebook. The hardware is just a bit easier accessible. For me the benefit is that I have a bit more assurance that a system wasn't tempered with. It is not perfect but provides me with some guarantees. It makes attacks that just plug in some kind of USB-Stick into your hardware at lot harder. Siging keys should not be
<andi->
readable by any (normal) user. They should be on a secure element or at least protected by file permissions.. I have a few systems where they keys reside within /root.
<andi->
You can just disaable it in the bios or reset it.. but that usually takes more time.
<andi->
On my notebook I am able to tell wether or not it boots with secureboot or not. Data should be encrypted anyway...
<gchristensen>
how are you able to see if it is secureboot or not?
<gchristensen>
andi-: and, did you integrate secureboot with the nixos bootloader script? :)
<andi->
gchristensen: I can tell due to uefi bugs ;)
<andi->
I did not integrate it since I like to control the keys more cloesly
<gchristensen>
haha
<xavierm02>
Hi. I'm searching for a description of how nixos works people-wise. For example, who has write access to the code, how many trusted eyes go through pull requests before they are merged etc.
<xavierm02>
Does such a description exists somewhere?
<xavierm02>
exist*
<andi->
gchristensen: Would there be a demand for a proper secureboot integration in NixOS? Very often I meet people that do not even know that they could do that.. I recently helped someone do it on their hardware so I doesn't just work for me :D
<rain1>
does anyone have a .desktop file or something for mpv which lets you double click to open videos? I can set video type associations one by one, i was wondering if anyone had a better solution
<rain1>
how do I list the files in a package? or go from package name to its path in the store?
<wedens>
hm. it exists in the store in /nix/store/*-mpv-*/share/applications/mpv.desktop but it doesn't seem to exist in /run/current/system/sw/share/applications
<wedens>
ignore me :) I have mpv installed in user profile
<rain1>
just checked the logs
<rain1>
I'm not sure what you mean about user profile
<rain1>
does it matter which user I run nix-env -i mpv as
<rain1>
and also what would it mean when I put the package in my configuration.nix
<wedens>
if you've installed it via nix-env, .desktop file will be in ~/.nix-profile/share/applications
<wedens>
which should be in XDG_DATA_DIRS
<rain1>
it is in ~/.nix-profile/share/applications, but that path is not in XDG_DATA_DIRS
dsiypl4__ has joined #nixos
<rain1>
I'll add it in my configuration
acarrico has quit [Ping timeout: 245 seconds]
polman has quit [Ping timeout: 246 seconds]
<wedens>
I've checked (via xdg-mime query default) and I have correct associations by default. no idea why you don't have user's profile in XDG_DATA_DIRS
adjofun has joined #nixos
<rain1>
it's strange! maybe something to do with xfce4
<adjofun>
Hi everyone! I have a question about tomcat configuration in NixOS, should I ask it here?
polman has joined #nixos
Dedalo_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mizu_no_oto has quit [Quit: Computer has gone to sleep.]
<mightybyte>
Anyone know why I get this error now:
<samueldr>
it's a surprising thing at first, a bit annoying for some, but it makes sense considering how nix works
<estrom>
Can I remove it from my nix-env?
<samueldr>
you probably should :)
<samueldr>
it probably doesn't provide anything useful that way
<dmj`>
how do I set an environment variable in a runCommand block
<sphalerite>
dmj`: put it in the set between the name and the commands
<samueldr>
also, it adds some isolation to builds, so your libraries and dependencies are not easily mixed from multiple (maybe incompatible) sources
<dmj`>
I did that
<dmj`>
it isn't getting picked up
<sphalerite>
dmj`: which environment variable? How are you determining that it isn't getting picked up?
fendor has joined #nixos
<dmj`>
sphalerite: I have some C++ code that needs this variable and haskell is calling into it
<dmj`>
sphalerite: calling env shows its getting set in there
<sphalerite>
dmj`: then what's the problem?
<dmj`>
sphalerite: the C++ code fg
<estrom>
samueldr: how can I verify that I have removed it? nix-env -e has no output
<dmj`>
sphalerite: omg think I got it
<samueldr>
estrom: nix-env -q will list what's installed
<sphalerite>
estrom: nix-env -e should tell you what it does. if it doesn't output anything it hasn't done anything
<samueldr>
you will have to use the name listed there as it doesn't know about the attribute name
<samueldr>
(ask if what I just said doesn't really make sense to you)
<estrom>
yeah, I made the mistake of trying to remove it with the nixpkgs
agander has joined #nixos
Guest21461 is now known as Artus
freeman42x has quit [Read error: Connection reset by peer]
freeman42x has joined #nixos
<estrom>
saumeldr: so, given that I know that nixos.xorg.utilmacros is required to build xserver. how do I specify this package in buildInputs in the default.nix I created in the build-folder of xserver?
<dmj`>
sphalerite: so the issue was that the haskell package builds and runs the test first, in that case the environment variable was not set
<estrom>
just trying to figure out the naming scheme mappings to my search results in nix search. but buildInputs = [ xorg.utilmacros ] seem to resolve correctly
ottidmes has joined #nixos
<estrom>
nix-shells are neat!
<infinisil>
,fancy-uninstall
<{^_^}>
Fancy way to uninstall packages, needs fzf installed: nix-env -q | fzf | xargs -I{} nix-env -e {}
tzemanovic has joined #nixos
<dmj`>
sphalerite: there's some colon thats getting prepended which is screwing everything up
Artus has left #nixos ["WeeChat 2.3"]
Makaveli has joined #nixos
Makaveli is now known as Guest68112
Makaveli7 has quit [Ping timeout: 252 seconds]
lopsided98 has quit [Ping timeout: 264 seconds]
<estrom>
Do people share `default.nix` configs for building different programs?
<infinisil>
estrom: Like.. to nixpkgs with pull requests? yes :)
<estrom>
infinisil: I think xserver already is on nixpkgs. But it doesn't build xephyr?
knupfer has joined #nixos
<samueldr>
,locate bin Xephyr
<{^_^}>
Found in packages: xlibs.xorgserver
<estrom>
ah, the X is capitalized. how embarrasing (:
<samueldr>
no worries, I kinda knew every X servers have their X capitalized
<estrom>
well, at least I have learnt a lot about nix-shell!
evanm has joined #nixos
<djahandarie>
Is there some way to GC items in your store which match some glob?
<djahandarie>
(I have some massive things in my store that I know are going unused, but don't want to GC all the other stuff which I tend to use periodically for building software etc)
<djahandarie>
Though I don't want to delete them straight-up, in case they are somehow being used somewhere
kumikumi has joined #nixos
<sphalerite>
djahandarie: it's not beautiful but maybe nix-store --delete /nix/store/*foo*
<sphalerite>
djahandarie: it should refuse to delete anything that has roots
<sphalerite>
djahandarie: I'm not sure if it will also delete dependents in order to allow deletion of paths, or complain in those cases
o1lo01ol1o has joined #nixos
cyounkins has quit [Remote host closed the connection]
griff_ has joined #nixos
griff__ has joined #nixos
o1lo01ol1o has quit [Ping timeout: 244 seconds]
griff_ has quit [Ping timeout: 244 seconds]
griff__ is now known as griff_
cyounkins has joined #nixos
[Leary] has joined #nixos
Lears has quit [Ping timeout: 250 seconds]
reinhardt has quit [Quit: Leaving]
doyougnu has joined #nixos
<q6AA4FD>
do i need to note anything in meta if i'm packaging a program that uses a nonfree network service (i think) but is not nonfree itself
lejonet has joined #nixos
<{^_^}>
[nixpkgs] @evhan opened pull request #53854 → ugarit: fix build by using chicken-4.x → https://git.io/fhnEg
<MichaelRaskin>
We are currently not tracking this in Nixpkgs.
<MichaelRaskin>
In a sense, use of Nixpkgs requires using a non-free network service in most configurations…
<gchristensen>
heh, like the cache?
cyounkins has quit [Remote host closed the connection]
cyounkins has joined #nixos
ashkitten has quit [Ping timeout: 246 seconds]
Dedalo_ has joined #nixos
<Unode>
hi all. I have two nixos configurations. configuration.nix and custom.nix . The second is meant to acts as a sandbox for different options and is used for a different profile (to have another grub entry for it). Now when trying to override options in custom.nix that were set in configuration.nix I get "The option `...' has conflicting definitions, in ...". Is there any way to override options in custom.nix
<Unode>
without running into this error?
cyounkins has quit [Ping timeout: 246 seconds]
<q6AA4FD>
MichaelRaskin: alright, cool
agander has quit [Ping timeout: 250 seconds]
<infinisil>
Unode: You can use `mkForce` to assign options with a higher priority
<infinisil>
Or use `mkDefault` to assign with a lower priority
cyounkins has joined #nixos
<Unode>
infinisil: actually in this case, I would be happy with just setting the option to its default value, as if undefined in configuration.nix. Would mkDefault be the right direction then?
<MichaelRaskin>
gchristensen: choose your poison, github or S3!
<MichaelRaskin>
Even without cache, there is channel
<infinisil>
Unode: Nope, if you want to reset it to its default (if it even has one), then `foo = lib.mkForce options.foo.default` could work
<infinisil>
But it's a bit ugly, I recommend not setting it in the first place if possible
<infinisil>
Unode: Best imo is to use `mkDefault` in your configuration.nix
<Unode>
infinisil: I was trying to avoid having to split configuration.nix into a common.nix and then two entry-points: configuration.nix and custom.nix
Dedalo_ has quit [Ping timeout: 244 seconds]
<Unode>
infinisil: ah so mkDefault true?
<infinisil>
Yeah
<Unode>
I see
<Unode>
Will try that
<Unode>
thanks!
<gchristensen>
MichaelRaskin: :) at least both of them are free protocols ... but ... yes.
<Unode>
infinisil: so just to make sure I understand. if an option has a default and I use mkDefault, the value in mkDefault is still used correct?
automagisk has quit [Quit: WeeChat 2.0]
<q6AA4FD>
MichaelRaskin: there's always gitlab!
<Unode>
btw, unrelated question: I have mlocate in my config. Every time I build it I get "trace: warning: mlocate does not support searching as user other than root", but I seem to be able to use locate as regular user just fine. Is this a bug?
<infinisil>
Unode: Yeah, option defaults (the ones in mkOption) have an even lower priority
<MichaelRaskin>
q6AA4FD: there is no officially recognised gitlab mirror of Nixpkgs, though
MichaelRaskin has quit [Quit: gchristensen last call: if nobody is in the process of writing a good post about medium-term RFC SC selection rules, I will write a quick-hack «please state your opinions» one]
<Unode>
iqubic: enableFlashPlayer = true
<iqubic>
Where do I put that?
<Unode>
iqubic: enableAdobeFlash = true , sorry.
<Unode>
One sec
cyounkins has quit [Remote host closed the connection]
<ivan>
firefox.enableAdobeFlash = true; in your configuration
<iqubic>
configuration.nix in my /etc/nixos folder?
<ivan>
yes
<iqubic>
And is it an issue if I'm using firefox-bin, and not firefox?
<Unode>
ivan: you need a packageOverride for that no?
<Unode>
iqubic: firefox-bin ?
<iqubic>
In my system.evironmentPackages I put firefox-bin, as that works better for me.
<infinisil>
These options might not work with -bin versions of firefox btw
<Unode>
iqubic: firefox-bin is a gentoo thing.
<ivan>
Unode: it's in nixos
<Unode>
and TIL. was not aware of -bin being a thing in nixos as well.
<Unode>
interestingly doesn't show up on the search
<rain1>
I'm using nixos with xfce4 and I installed mpv and mupdf which both provide .desktop files but I can't click to open videos or pdfs in the filemanager (pcmanfm). I can see these .desktop files in ~/.nix-profile/share/applications/ and I have added this path to my XDG_DATA_DIRS variable using configuration.nix and rebooted. I also tried using update-desktop-database on it but I get this error: The databases in
<rain1>
[.nix-profile/share/applications/] could not be updated. How can I make double clicking work?
<iqubic>
Yeah, this isn't working.
<q6AA4FD>
nix-env -e does not appear to be working on things added to the profile with nix-env -f, does anyone know how to remove a package installed this way?
<iqubic>
first one is the configuration.nix, second is my attempt to build a system from that configuration.nix
<q6AA4FD>
ivan: is firefox-bin in nixpkgs, i can't find it with `nix search`
<Unode>
iqubic: any reason not to use firefox (instead of -bin)? You won't build from source if a binary exists in the cache (usually it does).
<iqubic>
No.
<infinisil>
[2018-11-27 00:30:07] <infinisil> Shortest tutorial for setting application defaults you'll ever see: Use `xdg-mime query filetype <file>` to figure out the mimetype of <file> and `xdg-mime default <programname>.desktop <mimetype>` to set the default application for this type, e.g. `xdg-mime default evince.desktop application/pdf`
<infinisil>
rain1: ^^
<iqubic>
No reason at all.
<iqubic>
I'm switching to firefox without "-bin"
<Unode>
q6AA4FD couldn't find it either but it is there.
<infinisil>
rain1: So try `xdg-mime default mupdf.desktop application/pdf`
<rain1>
infinisil: thanks! this seems like a pretty awkward workaround though. I would have to make up this command for each file type each program can open - I think this can be done automatically in linux but i haven't figured out how yet
<infinisil>
rain1: That's no workaround!
<sphalerite>
steveeJ: :D
<steveeJ>
infinisil: is that xdg-mime stuff somehow integrated with home-manager?
<infinisil>
steveeJ: I don't think so
<steveeJ>
rain1: indeed I also wonder how this works on mainstream distros
<infinisil>
Double-clicking will only open with apps that say they can open that file
<rain1>
infinisil: I think we have a different setup becaues this isn't happening automatically with mine, i'd like it to though
<q6AA4FD>
Unode: maybe it's in the package, but not the name of it. `which firefox-bin` would probably tell ya if you have it installed
<steveeJ>
infinisil: on my system nautilus doesn't know anything about default applications though. I have to select everything manually
<infinisil>
rain1: Check the desktop file of the app it opens pdfs with
<infinisil>
I bet it has application/pdf specified
<infinisil>
Because the same happens for me. Krita has pdf specified, but it's horrible at opening pdfs..
<infinisil>
And for some reason actually the xdg-mime command stopped working for me..
<q6AA4FD>
steveeJ: you could write an override of firefox that appends the xdg-mime command to postInstall or something hacky like that
cnidario has quit [Remote host closed the connection]
<q6AA4FD>
steveeJ: or write the mime db file, rather than using the command
<rain1>
oh damn, mupdf.desktop doesn't actually specify any mimetype
<rain1>
it's just mpv that does that
<infinisil>
Oh, and evince, my pdf viewer doesn't even specify a desktop file anymore.. That's why it doesn't work :/
vk3wtf has quit [Ping timeout: 252 seconds]
elibrokeit has quit [Quit: A random quit message]
elibrokeit has joined #nixos
<infinisil>
rain1: A home-manager module where you can specify `mime.application.pdf = pkgs.evince` would be pretty neat, should be doable with running xdg-mime in the activation phase
<infinisil>
And it could even throw a warning when it doesn't specify that mime type or doesn't have a desktop file
<jasongrossman>
infinisil: Yes!
<ldlework>
cool
<{^_^}>
[nixpkgs] @thoughtpolice pushed 2 commits to master: https://git.io/fhnuf
<rain1>
but I don't want to write these all manually
<Unode>
q6AA4FD: I don't have it installed but grepping nixpkgs gave a few hits for firefox-bin. Package name only it seems.
<rain1>
my aim is that the .desktop files would be scanned for mimetype assocations
<rain1>
I will have to write them manually for now though
<rain1>
I thought I just misconfigued my system, didn't expect this was just not a solved problem
<infinisil>
rain1: There is no way to have it work automatically
<infinisil>
Because there could be lots of applications specifying that they can read pdfs
<infinisil>
But that doesn't mean it's the app *you* want
<infinisil>
It could be different for everybody
<rain1>
earlier you said you had it working automatically though
<infinisil>
That's why doing this manually is needed where there's multiple programs (and it happens to not use the one you want by default)
<rain1>
I think I must have just described this badly
<infinisil>
I did?
<rain1>
but what you said was a big help to me
* Unode
find the whole xdg-open mimetype guessing system awfully and unnecessarily confusing.
<infinisil>
Ah yeah, it uses an application that has the mimetype specified automatically already
<infinisil>
But it can't choose the one you want from multiple ones
<q6AA4FD>
Unode: that's really strange
<Unode>
q6AA4FD: do you mean the firefox thing?
<q6AA4FD>
yeah.
<q6AA4FD>
is it good form to make myself maintainer of a package if i create it, or just if i plan on keeping it up to date/testing it
cyounkins has joined #nixos
<Unode>
q6AA4FD: if you want to be a maintainer add yourself, more maintainers can't be bad. But if in doubt, contact the other maintainers of said package.
<infinisil>
Oh, the evince desktop file is not named evince.desktop, but `org.gnome.Evince.desktop` instead.. `xdg-mime default org.gnome.Evince.desktop application/pdf` works as intended
toppler` has joined #nixos
vk3wtf has joined #nixos
<Ralith>
doesn't work here :(
<Ralith>
libreoffice, of all things, intercepts it
<infinisil>
Ralith: It was the same for me before running that command
<Ralith>
where is the desktop file showing up?
<infinisil>
Ralith: Do you have an org.gnome.Evince.desktop file in /run/current-system/sw/share/applications
<Ralith>
no, I don't install user-level applications system-wide
<Ralith>
I put them in my hm profile
<Ralith>
no sense requiring sudo to update evince
toppler has quit [Ping timeout: 268 seconds]
<infinisil>
Hmm, i think it might derive that path from $XDG_DATA_DIRS, what does that say for you?
<infinisil>
It has both ~/.nix-profile/share and /run/current-system/sw/share in it for me
<infinisil>
Ralith: AH so that's what I thought! The path must have changed on some update..
<infinisil>
Backwardscompatibility *cough*
<infinisil>
I remember running it with evince.desktop before
<q6AA4FD>
Unode: oh, i'm adding a new package not changing it. but i also don't really care about new versions, so i don't want to give the impression that i'm going to keep it up to date with releases
<Unode>
q6AA4FD: that's not great but usually ok. Do expect the package to get marked as broken if it fails to build/compile/install on a new nixos release.
<q6AA4FD>
oh, okay. i'm talking more about later releases from the upstream. it's like 10 lines so i doubt it'll break unless there are breaking changes to python stdenv
shabius has quit [Quit: Leaving]
<kumikumi>
Long time linux user but total nixOS newbie here, just getting started with my first installation and very impressed so far. But here's a question: Now that I have a basic xfce environment running, how might I declaratively customize my desktop experience? (e.g. icons, themes, panel settings, wallpaper etc.). Any pointers to the right direction are much appreciated
<ldlework>
kumikumi: how are those things usually customized?
<q6AA4FD>
oh, and GTK themes are probably going to be a setting for GTK, rather than xfce or what-have-you, so look there perhaps
sary has joined #nixos
<lassulus>
kumikumi: afair, most of of the desktop setting (the ones which are set through menus) don't have a good declarative way to specify them. So they reside statefully on your system. Sometimes you can do something with dconf.
endformationage has joined #nixos
<sphalerite>
kumikumi: there's also home-manager which does some of those things but probably not all
<ottidmes>
,home-manager
<{^_^}>
home-manager allows you to manage your per-user configuration similarly to NixOS' configuration.nix: https://nixos.wiki/wiki/Home_Manager
<kumikumi>
okay so it's going to be a little trickier than I initially thought, fine. but if any of you guys actually have done desktop customizations as a nix configuration I'd like to see your code to learn from it
cyounkins has quit [Remote host closed the connection]
<lassulus>
Take a look at homr-manager configs, I guess thats as far as it currently gets.
<jasongrossman>
kumikumi: I haven't heard of much declarative desktop configuration, unless you count window managers (xmonad, stumpwm etc.) - a lot of NixOS people use those.
<jasongrossman>
kumikumi: Just for example, I spent ages declaratively customising gnome3 keybindings, and then decided it was a stupid waste of time because gnome keeps changing its protocols.
<kumikumi>
I am also thinking about the same thing. xfce might be a bit more stable so I thought it could maybe be doable
<jasongrossman>
kumikumi: Right, very good point.
<jasongrossman>
kumikumi: I expect you'll be the first doing very much on it in Nix, that's all.
<kumikumi>
If I'm not mistaken, the xfce packages should come with some kind of default configuration files, so could it maybe be possible to override some of them?
<jasongrossman>
kumikumi: Sounds good.
o1lo01ol1o has joined #nixos
<jasongrossman>
There are one or two desktop managers that come with window managers that are designed to be entirely configured by text files. One of them is on the tip of my tongue. One of the open-somethings?
kisonecat has joined #nixos
<jasongrossman>
Or basically all of the window managers that are designed to be use stand-alone, but I guess you've decided you don't want any of those.
<jasongrossman>
* used
<ottidmes>
openbox?
<jasongrossman>
Maybe. The one I'm thinking of has XML configuration files.
<{^_^}>
[nixpkgs] @veprbl closed pull request #29977 → bitcoinarmory: build correctly from source, using *our* libs → https://git.io/vdZXj
<ottidmes>
"Openbox configuration is made essentially by modifying just one file called rc.xml."
<AK_>
I can't install anydesk using nix in other linux distros. I can install other packages.
<jasongrossman>
And there was something or other that made me think that openbox's design is very stable. Can't remember exactly what made me think that - sorry.
<AK_>
I tried nix-env anydesk nixos.anydesk
<kumikumi>
Actually I have used openbox in the past and it's not bad, just takes a lot of customization to get anywhere near a "full" desktop experience
<infinisil>
,dnw AK_
<{^_^}>
AK_: "Does not work" isn't very helpful: What doesn't work? What's the error?
<symphorien>
AK_: try nix-env -iA nixpkgs.anydask
<symphorien>
*anydesk sorry
<ldlework>
RoboDuels is starting in 30 minutes. If anyone would like to play for free, sign up here, https://roboduels.com/ and tell me your username.
<ldlework>
oops
<ldlework>
ffff
<infinisil>
:P
ashkitten has quit [Ping timeout: 240 seconds]
<AK_>
ldlework: what's tha?
<ldlework>
i didn't meant to past that here, i'll answer in offtopic
<ldlework>
#nixos-chat if you want to know
ashkitten has joined #nixos
tzemanovic has quit [Remote host closed the connection]
tzemanovic has joined #nixos
tzemanovic has quit [Remote host closed the connection]
tzemanovic has joined #nixos
tzemanovic has quit [Remote host closed the connection]