rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
iqubic has left #nixos ["ERC (IRC client for Emacs 26.1)"]
n0qqe has joined #nixos
jluttine has joined #nixos
noqqe has quit [Ping timeout: 240 seconds]
n0qqe is now known as noqqe
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
<Church->
So question on building a python package via buildPythonPackage. It runs all tests on auto right?
<Church->
Anyway to disable that?
<simpson>
Church-: `doCheck = false;`
Ariakenom has quit [Read error: Connection reset by peer]
<Church->
Sweet, thanks. I assume that won't fly when upstreaming however? Seems the package maintainer screwed up a test somewhere somehow and that blocks the build without disabling. Works fine otherwise as I've extensively tested it while in a nix she'll Dev environment.
<samueldr>
Church-: check into disabling the specific tests that are failing, if only a few fail
<samueldr>
I know there are examples of that in the python packages in nixpkgs
<Church->
Gotcha, guess I'll take a look. Only a single test so far.
<simpson>
Church-: There are a large number of Python packages with poor/broken/flaky/non-hermetic tests, so it's actually quite acceptable, especially for packages used by multiple folks or available on PyPI.
<simpson>
I have been told before to `doCheck = false;` rather than, say, fixing CPython.
<simpson>
(Rebuilds aren't free.)
<Church->
Ah gotcha gotcha. Cool
<Church->
Good to know.
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
silver has quit [Read error: Connection reset by peer]
freeman42x has quit [Ping timeout: 252 seconds]
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
rcshm has quit [Remote host closed the connection]
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
pie_ has quit [Ping timeout: 240 seconds]
endformationage has quit [Ping timeout: 246 seconds]
nikola_i has quit [Quit: Connection closed for inactivity]
kvda has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
palo1 has joined #nixos
palo has quit [Ping timeout: 268 seconds]
palo1 is now known as palo
pointfourone has joined #nixos
benny has joined #nixos
pointfourone has quit [Client Quit]
duckonomy has quit [Quit: ZNC 1.6.6+deb1ubuntu0.1 - http://znc.in]
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #54614 → libstdcxx: don’t set stdlib automatically → https://git.io/fhKwl
random_yanek has quit [Ping timeout: 272 seconds]
<sphalerite>
Church-: Yeah I was previously using a C201, but switched to the C101 because as gchristensen mentioned building everything locally isn't much fun
<Church->
Gotcha gotcha
<sphalerite>
Church-: but sound was working, and thefloweringash wrote a nice little module for depthcharge support
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
duckonomy has joined #nixos
ixxie has joined #nixos
random_yanek has joined #nixos
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
duckonomy has quit [Quit: ZNC 1.6.6+deb1ubuntu0.1 - http://znc.in]
duckonomy has joined #nixos
rcshm has quit [Remote host closed the connection]
rcshm has joined #nixos
ixxie has quit [Ping timeout: 244 seconds]
perique has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
_kwstas has joined #nixos
_kwstas has quit [Remote host closed the connection]
Myrl-saki is now known as Meow-saki
jtojnar has joined #nixos
<wedens>
If I have `hardware.pulseaudio.enable = true;`, do I need to set `nixpkgs.config.pulseaudio = true;`? looking at sources, they seem to be unrelated
goibhniu has joined #nixos
<sphalerite>
wedens: no, you don't
<wedens>
how does it work then? I don't see `config.pulseaudio` being assigned anywhere
<wedens>
or does it rely on pulseaudio being enabled by default in derivations?
ottidmes has quit [Ping timeout: 245 seconds]
andersk_ has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @Mic92 pushed commit from @kristoff3r to release-18.09 « buildFHSUserEnv: use runScript in env (#49077) »: https://git.io/fhKK2
jomik has joined #nixos
<jomik>
Can I get NixOS to run setxkbmap using the settings from configuration.nix? I need this to be able to use rofi-pass... For some reason it doesn't work unless you run setxkbmap.
<{^_^}>
[nixpkgs] @Mic92 merged pull request #54565 → [18.09] buildFHSUserEnv: use runScript in env → https://git.io/fhrxU
<{^_^}>
[nixpkgs] @Mic92 pushed 2 commits to release-18.09: https://git.io/fhKKw
<nefix>
nvm, solved it
init_6 has quit []
pointfourone has quit [Quit: Leaving]
pointfourone has joined #nixos
_kwstas has joined #nixos
_kwstas has quit [Remote host closed the connection]
<nefix>
Mic92: when I try to start the Language server, it throws 'no such file or directory'
<Mic92>
nefix: can you call pyls ?
<Mic92>
from command line
pointfourone has quit [Remote host closed the connection]
pointfourone has joined #nixos
<nefix>
Mic92: no, I can't
<Mic92>
nefix: then you have not installed it yet
jomik has quit [Quit: WeeChat 2.2]
<nefix>
I have this in my home-manager configuration: extraPython3Packages = (ps: with ps; [ # Python python-language-server pyls-isort pyls-black jedi ]);
<{^_^}>
[nixpkgs] @Mic92 opened pull request #54619 → treewide: remove wkennington as maintainer → https://git.io/fhKKj
<jtojnar>
teto: if I remove the preConfigure from GTK3, it will install the demos
<jtojnar>
teto: but I do not think, wrapping is possible
<teto>
jtojnar: so debian wrote their own... I had thought about that and tried to inspect the .deb, but not being familiar with the .deb, I could not find it
<teto>
would that be ok to fetch a manpage from debian to install in nixpkgs ? I miss it
<jtojnar>
teto: they usually put it into debian directory
<jtojnar>
teto: it would be best to add it upstream
_kwstas has quit [Remote host closed the connection]
ixxie has joined #nixos
Ariakenom has joined #nixos
gagbo has joined #nixos
nefix has quit [Quit: Page closed]
tg has quit [Ping timeout: 240 seconds]
tg has joined #nixos
janneke has quit [Quit: janneke quits Mes'sing]
equivrel has joined #nixos
danbst has joined #nixos
<danbst>
\o {`-`}
<tA->
is there an option to mount one filesystem during the preLVM phase? i have two encrypted drives and the key for one is on the other, and im having trouble getting the first mounted before trying to do the second
<das_j>
Hm, when using fetchRepoProject, I sometimes get the error "error: RPC failed; curl 92 HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)". Does the builder retry that particular clone or is my repo now corrupted? Because the build will just go on
silver has joined #nixos
<tA->
Myrl-saki: ahh damn
<tA->
do you know any workaround for my case at the moment?
erictapen has joined #nixos
__monty__ has joined #nixos
<gagbo>
I have a fork of dmenu I'd like to add in my system declaration. Would you fork nixpkgs to add this, or is it possible to just create a folder with a default.nix file and use 'callPackage' on it in my configuration ?
<lejonet>
gagbo: take a look at overlays, this seems to be a prime target for that
<lejonet>
That way you can make your own packages that you can include, without needing to have them included into nixpkgs or to clone your own fork of nixpkgs and use that
<lejonet>
(that doesn't stop you from opening a PR, to later have your package included in nixpkg tho :) )
<gagbo>
I'll check that lejonet, but I suppose I must create a release in my fork to be able to overwrite the fetching done in the original package
<gagbo>
I don't think this is a good PR target, suckless utilies are very much about patching what you like/want in the sources and compile that
regulus_ has joined #nixos
<lejonet>
gagbo: nah, if you don't want it to overwrite the nixpkg dmenu, just call the package something else, like dmenu-patched or so
<lejonet>
gagbo: thats what I've done to get the latest discord without having to fiddle with nixpkgs or so
<Myrl-saki>
tA-: You'd probably have to do some preDeviceCommands fuckery
<gagbo>
I'll try that then, thanks !
<lejonet>
gagbo: I've found the documentation around overlays to be a bit tricky to understand at times, so feel free to ping me if you run into a snag :)
<gagbo>
yeah, for the time being I'm trying to create a proper tag in my repo for easier pulling
dermetfan has joined #nixos
<tA->
Myrl-saki: alright, chur for the advice, ill have a play around with it
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @Vskilet to master « jackett: 0.10.622 -> 0.10.660 »: https://git.io/fhKHq
obadz has joined #nixos
<lejonet>
Have sandboxing been changed in 18.09 and later to use user namespaces if configured, hence why nix.useSandbox conflicts with !security.allowUserNamespaces?
<gagbo>
I'm trying to get the trace of an error when running home-manager. 'home-manager switch --show-trace' does not show the trace, 'home-manager --show-trace switch' errors out because it's not where this option goes. How can I get the call trace ?
acarrico has quit [Ping timeout: 240 seconds]
fendor has joined #nixos
Dagger has quit [Excess Flood]
tomwadeson has joined #nixos
Dagger2 has joined #nixos
<tomwadeson>
I've just started playing with nix on Mac. I need to install a specific version of Java (JDK8), but note that `nix-env -qa | grep jdk` only yields version 11. What should I do?
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #54622 → nixos/pulseaudio: disable flat-volumes by default → https://git.io/fhKQa
<tomwadeson>
Thanks for the link.
max3raza_ has quit [Quit: ZNC 1.6.3+deb1ubuntu0.1 - http://znc.in]
<NinjaTrappeur>
Hey folks! Is there a function to ln -s a deritation output to a particular path? I'm trying to move my dotfiles to my nixos config. I'd like to witetext my config files to the store and create a link at the appropriate .config path.
<NinjaTrappeur>
/function/builtin function
Dagger2 has quit [Excess Flood]
jomik has joined #nixos
<andi->
NinjaTrappeur: activation script is what you are looking for
<tomwadeson>
gchristensen, {^_^}: Actually, this is a version question, not a free/unfree question. I need to install a specific version of the Java JDK (8), and only 11 is available.
<jomik>
Uh, I am confused - shouldn't `nix-shell -p networkmanagerapplet` start a nix shell with networkmanagerapplet installed?
<symphorien>
> jdk8.name
<{^_^}>
"openjdk-8u202bga"
<symphorien>
^ tomwadeson
<tomwadeson>
Hmm. And how might I discover that? It doesn't show up for me with `nix-env -qa | grep jdk`
<tA->
gchristensen: that worked really well, going all good now, thanks heaps :)
<gchristensen>
jomik works for me: `nm-applet` is available
<gchristensen>
great to hear it, tA-!
<gchristensen>
tA-: did you see my note about re-locking the key?
<symphorien>
tomwadeson: it can be that on macos jdk8 is oracle jdk, and this unfree, and thus unlisted, hence the reaction of gchristensen
<jomik>
gchristensen: Huh. Maybe fish is doing something odd then. My .bashrc has `exec fish` in it.
Dagger2 has joined #nixos
<gchristensen>
jomik: dunno, when I run it, I get /nix/store/4vjd87qjfrvfb3sra9dkhy9w8iy8k3ac-network-manager-applet-1.8.18/bin/ added to my PATH and then I can call nm-applt.
ThatDocsLady has joined #nixos
<tA->
gchristensen: yup got that all set up, thanks for the tip
<tomwadeson>
symphorien: Right. I updated my config according to the info in the unfree docs. And updated my channel (I don't think I expected this to actually change anything). I still don't see *any* (free or unfree) Java 8 versions. All 11.
ThatDocsLady has quit [Client Quit]
<symphorien>
what does nix eval nixpkgs.jdk8.name say ?
<tomwadeson>
zulu1.8.0_121-8.20.0.5
<symphorien>
here it is
<NinjaTrappeur>
andi-, indeed, that was exactly what I was looking for. Thanks!
<symphorien>
the name does not contain jdk
<tomwadeson>
symphorien: Thanks for that. I guess I'm just wondering how I might discover that myself.
<symphorien>
so your grepping would fail
<symphorien>
so use nix-env -qaP instead
freeman42x has joined #nixos
<symphorien>
or nix search
<symphorien>
nix-env is treacherous and unintuitive
<tomwadeson>
Wonderful, thanks!
<emily>
or grep in a checkout of nixpkgs
<symphorien>
^
agander has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @sephalon opened pull request #54623 → pythonPackages.limitlessled: init at 1.1.3 → https://git.io/fhKQh
shpx has quit [Quit: shpx]
<gchristensen>
NinjaTrappeur: careful
<gchristensen>
NinjaTrappeur: activation scripts *must not fail*
<sphalerite>
symphorien: I like that way of phrasing it. I might save that quote.
<gchristensen>
nix-env -i anyone?
<NinjaTrappeur>
gchristensen, right. Is there a better place to ln -s the config files contained in my store?
<gchristensen>
not sure :/ I do the same thing -- in an activation script -- but it breaks on a new install, since /home/grahamc/.config/foo/... doesn't exist yet
<nikivi>
seems a shame to duplicate the efforts in making nixOS and than this
<gchristensen>
it happens
<Myrl-saki>
Just my personal opinion, but nixpkgs wasn't as extensible+user-friendly back when Triton was forked.
dermetfan has quit [Ping timeout: 240 seconds]
<NinjaTrappeur>
gchristensen, hmm right, did not think about that, thanks. **adding some extra folder tests in his script**
<jomik>
Hmm, is there a neat way for me to wrap `emacs`? I.e. I want to set `SHELL = bash` before running emacs and emacsclient. So I did emacs.overrideAttrs and used wrapProgram. But that triggers a rebuild and complete compilation or emacs..
fendor has quit [Read error: Connection reset by peer]
fendor has joined #nixos
<gchristensen>
NinjaTrappeur: also, mkdir isn't sufficient out of the box since it'll make thing owned by root
<Myrl-saki>
jomik: Just make a Bash script.
<Myrl-saki>
There's also wrapProgram, IIRC.
tomwadeson has quit [Ping timeout: 256 seconds]
<MichaelRaskin>
Some of the changes in Triton seem to be about things that are still facepalm-worthy in Nixpkgs…
<jomik>
Well, as I said, I am using wrapProgram, but that causes emacs to be recompiled.
<MichaelRaskin>
Then there is just some aggressive trimming down on exotic corner cases
<jomik>
Ah - gotta run
jomik has quit [Quit: WeeChat 2.2]
delan has joined #nixos
<gchristensen>
MichaelRaskin: yeah, like the directory structure
<{^_^}>
[nixpkgs] @worldofpeace merged pull request #54531 → elvish: a small fixup → https://git.io/fhwlb
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @AndersonTorres to master « elvish: a small fixup (#54531) »: https://git.io/fhK76
<MichaelRaskin>
Or parallel building
<delan>
anyone use virtualisation.libvirtd.qemuOvmf? I can’t seem to get UEFI guests to boot from CD on 18.09 nor unstable, they always drop into the UEFI shell
xkapastel has joined #nixos
orivej has joined #nixos
<Myrl-saki>
MichaelRaskin: What do you mean?
<MichaelRaskin>
The configuration for parallel builds in Nixpkgs is double-opt-in
<MichaelRaskin>
The package has to opt in, and the system has to opt in
<MichaelRaskin>
It should be tristate on the package level (known-good, known-bad, no idea)
orivej has quit [Ping timeout: 240 seconds]
<Myrl-saki>
MichaelRaskin: How about the directory structure one?
<gchristensen>
where is bash in nixpkgs?
<gchristensen>
dunno, in triton, its in pkgs/b/bash (or so)
<Myrl-saki>
Ah.
<MichaelRaskin>
I made no claims about directory structure, but some of the distrinctions baked in are not consistently reproduceable with humans
<gchristensen>
that structure and the sort-of attempted sorting of all-packages.nix are two annoyances of mine (but not big ones ... I don't work on packages often.)
<MichaelRaskin>
application vs tool, with applications/science/maths grabbing things that are tools by the last attempt to define the difference
<Myrl-saki>
What's the best way to do this? Auto-generation with readDir or something?
<gchristensen>
no, that would not be good -- it'd be very slow
<gchristensen>
but all-pacakges is roughly sorted by topic then name, making it just by-name would be a start
<MichaelRaskin>
With «by topic» in all-packages not being exactly the same notion as in directory structure!
<gchristensen>
haha, yeah
<MichaelRaskin>
Then there are a lot of exceptions because things should go together
<MichaelRaskin>
To be honest, the only case when this is actually is a problem is when someone tries to understand wht and why is going on; in that case they might spend a day feeling existential dread
<MichaelRaskin>
I mean, some extra existential dread.
<MichaelRaskin>
On top of the normal one
acarrico has joined #nixos
<gchristensen>
haha. right. exactly. trying to find the right place for a new font took about 15 minutes of looking at different "b"-starting sections
<MichaelRaskin>
Then you learn to stopcaring
<Myrl-saki>
I'm glad I no longer work with new packages.
<MichaelRaskin>
Parallel build story has probably cost us actual reasonable annotations, because «just build everything not known-bad at -j8 and check for consistency» is not a trivial task
<MichaelRaskin>
So nobody has committed the result of such an experiment.
<nefix>
Hey *again*. I want to automatize Nix builds. Is there any kind of CI or something like that? I basically want to be able to run a nix-build once per day (or per week) and also have the ability to force the build with some parameters
Synthetica has quit [Quit: Connection closed for inactivity]
<nefix>
Mic92: pyls-black was working correctly, the thing is that the file was already formatted so I didn't see any changes! :)
<simpson>
nefix: There's Hydra, but it depends on what you want to do with the package after it's built. What are you working on?
endformationage has joined #nixos
<nefix>
simpson: I want to build iPXE binaries and NixOS netboots
<nefix>
For multiple platforms (64, 32 bits and ARM)
<gchristensen>
neat, what for?
<nefix>
I basically want to publish them after the build is complete. And access them through HTTP
<Izorkin>
Please check this PR #51902 #53245 #54475 #54478
<nefix>
gchristensen: So you can open a VM running in a remote hypervisor through iPXE without any software requirements or something like that
<gchristensen>
neat
<nefix>
the build process is the final part, everything else is already working :D
boogiewoogie has joined #nixos
ottidmes has joined #nixos
boogle has joined #nixos
boogle has quit [Client Quit]
boogle has joined #nixos
boogle has quit [Remote host closed the connection]
chrisaw_ has joined #nixos
chrisaw has quit [Disconnected by services]
chrisaw_ is now known as chrisaw
boogiewoogie has quit [Ping timeout: 244 seconds]
chrisaw_ has joined #nixos
<nefix>
simpson: so is Hydra the best approach? My idea is create a client that automatically downloads the latest build (not sure if that's possible with it)
chrisaw has quit [Disconnected by services]
chrisaw_ is now known as chrisaw
<fendor>
what is the best way to fix .desktop entries? On kde, i can see the application, but the path seems to be wrong
boogiewoogie has joined #nixos
<nefix>
fendor: not sure if it's the best, but you can use makeDesktopItem
<simpson>
nefix: I am reluctant to recommend that folks run their own Hydra. I've done it, and it's not enjoyable.
<pbb>
fendor: which application is it? It would be good to fix the .desktop file in nixpkgs.
goibhniu has quit [Ping timeout: 244 seconds]
<nefix>
simpson: then what should I try?
<pbb>
simpson: why not? what made it so unenjoyable? I planned to try it soon.
Streetwalrus has left #nixos ["WeeChat 2.3"]
<simpson>
pbb: Lots of moving parts, little documentation, extensibility is hard.
<pbb>
I see. I think I'll try it anyways, just for the fun
<fendor>
pbb, it is a bunch of software, like thunderbird, rstudio, steam, libre office, clion, intellij... i think I screwed something up, not nix
<simpson>
nefix: I'm not sure TBH. ofborg is extremely specific to the community's needs at large, and Cachix isn't full automation on its own, not to mention that not all the source is available.
<jophish>
Hei all
<nefix>
simpson: should I try building my own solution then? (I really wanted to avoid this since I'm in kinda in a hurry)
<jophish>
I'm setting up a 2 disk (perhaps more later) server with nixos. I'd like to use btrfs, with raid1 (perhaps raid5 later), and encrypt either the whole disk, or at least one directory
<gchristensen>
cool
<jophish>
if anyone has any suggestions before I struggle my way through this that would be great :)
<simpson>
nefix: Ah yes, 'in a hurry', one of those ancient enemies of good design. What are the bare-bones pieces of your system? It sounds like you want nix-build on a cron TBH.
<nefix>
simpson: what do you mean with bare-bone pieces?
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fhKdQ
Dagger2 has quit [Excess Flood]
<simpson>
nefix: Ignoring the stuff which does the doing, what do you want done? What are the minimal doings which will get it done?
<nefix>
I want to have nightly builds of a customized nixos netboot and be able to ask the service to compile ipxe giving some parameters
alex_giusi_tiri has joined #nixos
<nefix>
simpson: ^
<lejonet>
jophish: what is the purpose of the encryption? (aka what is your use-case, which decides if you want to go for full disk encryption or just encrypting a directory with like ecryptfs/veracrypt)
Dagger2 has joined #nixos
acarrico has quit [Ping timeout: 245 seconds]
<nefix>
simpson: and then be able to download the compiled things through ipxe
<simpson>
nefix: Sounds like a cronjob and a few lines of shell IMO, if you're in a hurry. You can definitely experiment with Hydra if you like.
<gchristensen>
hydra won't allow re-running with arbitrary params though
<jophish>
lejonet: this server is a backup server for personal files, I could certainly cope with something like ecryptfs
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #54624 → cc-wrapper: add libcxx for libcxxClang → https://git.io/fhKdh
shpx has joined #nixos
<nefix>
simpson: that's what I thought first, but I'm not sure how could I access to the build results afterwards
<jophish>
although I'm not sure how well that meshes with btrfs's deduplication
<simpson>
nefix: Copy them to a webroot somewhere?
<nefix>
gchristensen: I see. What I want to do is build the same nix expression over and over but changing some parameters (strings)
<gchristensen>
jophish: does btrfs's dedupe not have horrible behavior like ZFS's?
<nefix>
simpson: makes sense xD
<jophish>
no idea to be honest, gchristensen
<jophish>
I hope not :)
<lejonet>
jophish: I would go for the luks approach then, and making your btrfs ontop of the luks device then
<lejonet>
that way, the encryption won't interfer with the fs
<lejonet>
gchristensen: horrible behaviour as in om-nom-nom give me all the RAM or something more, data-disastrous?
<simpson>
This is how I build a derivation repeatedly with slightly different params.
<gchristensen>
lejonet: ZFS's dedup will eventually, unless you're VERY careful, eat all your RAM.
<gchristensen>
lejonet: and, the moment the dedup table doesn't fit in your RAM, your only options are to (a) restore from backup, (b) buy more RAM.
shpx has quit [Client Quit]
boogiewoogie has quit [Remote host closed the connection]
<jophish>
lejonet: I suppose I could even keep the root on the sd card it boots from
<lejonet>
jophish: are you sure you're not mixing up the COW (Copy-On-Write) with dedup? Dedup is a completely different beast wheras cow is quite nice and useful :)
<jophish>
that'd be easy, albeit poorly performing
<nefix>
simpson: what I've encountered is that the build uses the cache even if I change the arg
<simpson>
nefix: Then your argument isn't actually materially affecting the build.
<simpson>
You want to force builds even though things are cached, or you want your build to be parameterized?
<lejonet>
gchristensen: like I thought then, I haven't been following ZFS for a while and thought that they maybe had introduced something directly dangerous with dedup as a tool, not the "be careful when using it or it will wreck stuff HARD"
<jophish>
lejonet: I'd quite like dedup I'm pretty sure. I'm certain that among various collections of files I'm planning on putting on there unsorted there are duplicates
<jophish>
certainly not essential
<gchristensen>
if you don't have a backup, it will wreck stuff hard ;)
<lejonet>
gchristensen: aka "don't use dedup if you really, Really, REALLY, know what you're doing AND know that you will benefit from it"
<lejonet>
gchristensen: that can be said about any fs or fs feature, honestly ;)
<gchristensen>
lejonet: yeah. and, shortened to "don't use dedup"
<simpson>
jophish: How much disk space do you expect to save, and have you traded that off against the possibility of data loss?
<lejonet>
gchristensen: indeed
<lejonet>
jophish: regular cow semantics will help you somewhat with that, as will the built-in compression you can get from both ZFS and btrfs, but dedup is a completely different beast :)
<gchristensen>
I don't think btrfs supports dedup -- serching around I'm seeingl only 3rd party tools
<jophish>
simpson: not at all I'm afraid, it it was risk free then "why not"
<lejonet>
gchristensen: I can't say I've seen a dedup for btrfs built-in either
<lejonet>
jophish: compression and cow is risk-free and built-in into both btrfs and zfs, and it will help a little bit with reducing space usage, tho not in the same way as you can get with dedup, but without any of the large amount of problems you run into with dedup
<simpson>
jophish: It could still be resource-hungry even if risk-free. Also, in general, deduplication is data-aware/data-dependent, which is not how filesystem operations usually are; as a result, on Tahoe-LAFS, dedup led to weakening of essential security guarantees: https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
<jophish>
perhaps I've become overly enamored with it since it's doing so well for me in the nix store
<gchristensen>
you are using dedup?
<jophish>
well, the hard linking
<jophish>
nothing more fancy than --optimise
<simpson>
nefix: I would hope, actually, that that expression doesn't rebuild very often; presumably the fastest-changing thing is `pkgs`, followed by `caCert`.
<jophish>
so I've never experimented with this properly in a btrfs system
<nefix>
simpson: why not?
<lejonet>
jophish: that isn't really dedup in the way that dedup for ZFS means
<simpson>
nefix: Why rebuild if nothing changed?
<jophish>
yeah, I know :)
<lejonet>
Good :)
<nefix>
simpson: the thing is that I want to allow the users to compile on my server their binary
<lejonet>
jophish: the biggest problem with dedup, is that it usually requires like 4-8GB RAM per TB of data you want to dedup... :P
<lejonet>
(and with requires it isn't like "oh, it will perform best if it gets that" but actually like gchristensen said before, it'll wreck your data if it doesn't get that)
<simpson>
nefix: So they give you a Nix expression, and then you evaluate it? If the expression happens to not need any build phases, that's not a bad thing, and I'm not sure how you could control it.
<jophish>
lejonet: ah, in that case I'll forget about it :)
shpx has joined #nixos
<lejonet>
jophish: cow + builtin compression will get you a few extra % usually tho :)
<nefix>
simpson: they give me a string (that is domain) and a file (caCert) and then I build iPXE for them
<{^_^}>
[nixpkgs] @kalbasit pushed commit from @groodt to master « Version 0.3.0 »: https://git.io/fhKF2
drakonis has joined #nixos
<simpson>
nefix: Then yeah, I'm not sure what the problem is. When Nix builds stuff, it might not necessarily run the build phase.
shpx has quit [Client Quit]
<nefix>
well, it happened more than once that I changed, for example, the domain and Nix didn't rebuild it
<nefix>
simpson: ^
<simpson>
nefix: Can you reproduce this? Big deal if true. I suspect, though, that you were reusing a domain/cert combination that you'd already built.
<simpson>
Or maybe GC or something else.
<nefix>
simpson: what is GC? I'm going to reproduce it now, let's see if I can do it
<jophish>
so in that case, ecryptfs starts to look good
<gchristensen>
jophish: my personal preference is full disk encryption + CoW and call it good
<lejonet>
mine too
<jophish>
well, if gchristensen and lejonet are doing it then that sounds great :)
<gchristensen>
a single dir encrypted risks leaking info, like if you copy data to the unencrypted part and then copy it in, or type in a password to your shell history by mistake
<lejonet>
but if you want to use encryption more for like "separation" between users or so than confidentiality, ecryptfs makes sense :)
<simpson>
nefix: The Nix store is garbage-collected. GC in this case, now that I think about it more, is likely not responsible.
<lejonet>
gchristensen: exact reason why I just do FDE and be done with it, no need to worry :P
<jophish>
How do you bring up the disk when the server reboots
<jophish>
(this is exactly what I have on my laptop btw, that's easy as I just type my password in when it boots)
o1lo01ol1o has joined #nixos
<lejonet>
on a server, it becomes a bit more tedious, as I mainly just use FDE on laptops/desktops
<gchristensen>
I think some peolpe do openssh or dropbear in the initrd... but I dunno :|
<lejonet>
There are several ways to solve it for a server, but most of the automated ways just move the risk somewhere else (like storing the keys in the initramfs of the kernel, then having the kernel on an unencrypted partition)
<lejonet>
I think a ssh server in the initrd and give the passphrase remotely is the "only" secure way of doing it without requiring physical presence at the server during reboots
<jophish>
certainly not the end of the world
<lejonet>
An idea I've tinkered with doing is ssh client in the initrd, connecting and mutually auth to a keyserver over SSH/TLS/other similar channel and getting the encryption passphrase from the keyserver -> server unlocks FDE and continues
<jophish>
perhaps I'll just leave it all unencrypted and leave then security up to whatever backup tool I use
<lejonet>
That works too
<lejonet>
A solution for that, that I've implemented before, is that you use pgp/gnupg for the encryption, for ease of use
<nefix>
simpson: it seems that are right, I can't reproduce it now
<{^_^}>
[nixpkgs] @FlorianFranzen opened pull request #54625 → grub: Support 32bit EFI on 64bit platforms → https://git.io/fhKFx
<lejonet>
so backup tool -> some type of backup archive (tar, binary thing ala ZFS or other) -> pgp/gnupg encryption -> backup storage location
_kwstas has joined #nixos
_kwstas has quit [Remote host closed the connection]
<jophish>
lejonet: It would be nice to run a http server in initrf and have the user supply the password over tls
<lejonet>
jophish: that works too
<jophish>
more user friendly for the less tech savvy members of the family
<lejonet>
Yeah, the main reason why I'd opt for SSH is due to the fact that i've most of that setup anyway
<lejonet>
But if its for some generic solution where myself isn't the only user, HTTP + TLS isn't a bad choice to solve it
mizu_no_oto has joined #nixos
<simpson>
nefix: No worries.
<{^_^}>
[nixpkgs] @FlorianFranzen opened pull request #54626 → buid-support: Add Ubuntu bionic base images → https://git.io/fhKbf
<lejonet>
(however, do note that the initrd will be significantly larger than just having a ssh client/server then :P )
<jophish>
that would be easier to do from an already running system and not initrd :)
<lejonet>
Indeed, but to have that from a already running system, the actual system must be on an unencrypted partition :)
<jophish>
exactly, back to the start
<lejonet>
:P
<gchristensen>
runnning nix-collect-garbage every 10min reaaaaally shows you all the places you're not making a gc root :|
<lejonet>
So I guess what you should figure out first is what is the encryption going to be used for :)
<gchristensen>
and no, this is my local machine :)
<jophish>
yikes, #9
<lejonet>
jophish: to put it in context, I run FDE on my laptop and desktop because those don't have administrative protections and are significantly easier to run away with than my servers, I don't have FDE on my servers because they are in a access-controlled datacenter :)
<gchristensen>
I don't have FDE on my servers, but wish I did... they're in my basement.
<lejonet>
sure, I'd love to put FDE on my servers too, but the added burden on reboots atm isn't worth it
* lejonet
silently breaks into gchristensen's place and steals all his dataz!
<gchristensen>
please don't (✿´‿`)
<lejonet>
Haha :P
<jophish>
I'll give ecryptfs a go on my "dump directory" and let the backup tool on family's computers handle whatever encryption they want I think
<lejonet>
I'll do my best to not to ;) I promise *crosses fingers behind his back*
<lejonet>
jophish: sounds like a good middleground
<jophish>
if it's not encrypted you could sneak into gchristensen's basement and put your own dataz in there
<lejonet>
jophish: mhm, RAT anyone?
<jophish>
if you want to administrate my server you're welcome
<lejonet>
xD
ym555 has joined #nixos
<lejonet>
Sure, nixops + nixos makes it a lot less painful to sysadmin, but I'm "mistreating" my own servers more than I wish I would already
<lejonet>
I've still got my epyc server sitting on my desk at home, since like 7 months, because I haven't taken the time to fiddle with the last thing with openvswitch to be able to put it in my rack
<nefix>
Can you manage routers with NixOps?
<nefix>
(Mikrotik)
<jophish>
woo, just got the helios 4 booting to nix:)
<gchristensen>
don't think so, nefix
<lejonet>
nefix: not to my knowledge
<qyliss>
#nixos-on-your-router might be of interest, fwiw
<gchristensen>
I do manage my own router with nixops, but it is a standard system with 2 nics
* lejonet
still haven't converted his routers from gentoo
<{^_^}>
[nixpkgs] @matthewbauer reopened pull request #49552 → setup.sh: avoid running the same hook twice → https://git.io/fxbbp
<jophish>
anyway, I've got to sleep now, thanks for the counsel guys!
<lejonet>
But I'm most likely going to be putting openbsd on them anyway
<lejonet>
jophish: np! Have a good rest!
<gchristensen>
good luck!
<jophish>
good advice, thanks!
<nefix>
and could I write a expression that calls the Mikrotik API?\
<lejonet>
In theory, yeah probably
<lejonet>
But that would probably be better to be done with ssh+bash or similar shell
<gchristensen>
expressions don't *do* anything, and when they're built, they have no network access
<gchristensen>
you'd have towrite an extension to Nixops to take an expression and have it do the thing
<nefix>
Then I might try that after FOSDEM, seems nice to have the servers, computers + routers + everything managed with Nix and centralized in a repo
<nefix>
gchristensen: I see
<lejonet>
Yeah, nixops is really nice, sure, I was using ansible before when I had gentoo on my servers, but it was most importantly not declarative, so creating playbooks and tasks was usually blargh
<lejonet>
and it was not atomic
<nefix>
lejonet: why would that be better that calling a simple API?
<lejonet>
nefix: I meant using ssh+bash/shell instead of nixops + some expression
<lejonet>
if there is an api that does so that you don't have to setup SSH access and such, that is even easier
<{^_^}>
[nixpkgs] @FlorianFranzen opened pull request #54628 → virt-viewer: Fix USB redirection → https://git.io/fhKb7
<{^_^}>
[nixpkgs] @ecoughlan opened pull request #54629 → openfortivpn: fix pppd location after 0.8.0 upgrade → https://git.io/fhKbN
ym555 has quit [Quit: WeeChat 2.3]
rain1 has joined #nixos
<rain1>
is anyone able to use PCSX2 on nixos?
<rain1>
I found it does not work for me - can't load plugins even though I pointed them to it
<rain1>
and although installing it from source works, I couldn't built it from source by git cloning it
<danbst>
*by "is built" I mean derivation attrset is constructed, not derivation built
<nefix>
I see
<nefix>
thanks!
asymmetric_ has joined #nixos
<alex_giusi_tiri>
Hi! In the meantime since my last time here, I have been working on writing a nix expression for ceph. I am trying with version 13.2.4. I managed, via multiple iterations, to advance a bit; but now, I am a bit stuck: when building, cmake cannot find boost python. I tried with boost 1.69 and 1.67.
<alex_giusi_tiri>
rain1: is it for sure that you are using the same sources when using git as when you say that you are compiling it from source (same commitment)?
ixxie has joined #nixos
ixxie has quit [Remote host closed the connection]
jomik has joined #nixos
<jomik>
Anyone know how I can fix this, it is taffybar giving me an error: `Gtk-WARNING **: 17:40:26.887: Could not find the icon 'battery-full-symbolic'. The 'hicolor' theme was not found either, perhaps you need to install it.`
<tilpner>
Did you try installing it?
hellrazo1 has joined #nixos
<alex_giusi_tiri>
what desktop environment? i would think that there could be a '-theme' package separate from the main DE package, perhaps
<gagbo>
I'm trying to use overrideAttrs to change the url in src for a package, and I get a 'attribute fetchurl missing' error when I try to build this. Is there something I'm missing ?
<gchristensen>
you have to overrideAttrs the whole src
<tuelz>
how does nix handles daemons? Do people generally set it up so that dropping into a subshell env starts the necessary daemons or do you just leave them all running and have certain subshell envs make sure the necessary daemons are running?
<tuelz>
I've never used nix, but have some familiarity with linux so I'm just curious what using nix for my personal package manager would look/behave like
simukis has quit [Quit: simukis]
<__monty__>
tuelz: I'm not on nixos, just using nix but I'd say it depends on what the daemons are for.
s2mitrov has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<__monty__>
I could imagine an emacs daemon would be fairly useless if it had to be started for every nix-shell.
s2mitrov has joined #nixos
<__monty__>
But for example I start a local hoogle instance in the background whenever I open my haskell dev environment.
mmlb08 has quit [Ping timeout: 246 seconds]
nikola_i has joined #nixos
<tuelz>
gotcha, and does closing a subshell do cleanup? Like if I wanted to stop some deamon could I specify that in some nix cleanup function that autoruns on subshell exit?
<bgamari>
or rather, a paywalled tarball from a vendor
<apajx>
Does syncthing in a user environment (installed via nix-env -iA syncthing) not work how one would desire? (meaning it would start up when the user logs in), should it always be added as a service to the system configuration.nix instead?
<bgamari>
fetchurl { name=file:///home/ben/...; sha256 = ... } fails with curl complaining that it couldn't open the file
<symphorien>
apajx: nix-env will never start services
<bgamari>
gchristensen, is fetchurl expected to work for local paths?
<gchristensen>
bgamari: I think there is a way to do it, yeah
<ben>
pls dont open my files
<gchristensen>
hrm?
<ben>
nvm :)
<bgamari>
gchristensen, any hints?
<apajx>
symphorien: is there a wiki for nix kind of like the arch linux wiki? It'd be cool to go to the Syncthing page and be told the proper way to do things (or help contribute to the proper way if such a wiki is in the works)
<gchristensen>
bgamari: fetchurl URLs are basically passed verbatim to curl, and you'd need to trick fetchurl to do it, and have the file readable by the nixbld group
<symphorien>
apajx: but a good approximation is: nix-env only modifies your $PATH. It does not install services, install fonts, c/c++ libraries, python modules....
<clever>
if you are in relaxed sandbox mode, you can use file:///foo/bar i think
<bgamari>
gchristensen, clever, I suspect the sandbox is indeed the issue
<bgamari>
how does one enter relaxed sandbox mode?
aleph- has joined #nixos
<clever>
bgamari: useSandbox = "relaxed";
<clever>
at the right level in configuration.nix
<bgamari>
this is system-global?
<clever>
yes
<bgamari>
oh dear
<clever>
when in relaxed mode, all fixed-output derivations are un-sandboxes
<clever>
and you can add an attribute to any derivation, to bypass the sandbox
rauno has joined #nixos
<clever>
normal derivations (without that flag) are still sandboxed as usual
<gchristensen>
clever: what does it do in ... not relaxed ... mode?
<gchristensen>
does it not have any fs access?
<clever>
gchristensen: i believe fixed-output derivations have a chroot namespace, but not a network namespace
<gchristensen>
gotcha
<bgamari>
passing `--option sandbox false` to the `nix build`invocation seems to work
<clever>
bgamari: you can also --option sandbox relaxed, to still use the sandbox for the rest of the derivations
<bgamari>
fair
<clever>
bgamari: only a trusted user can change options like that, root is trusted by default
<bgamari>
hmm
lawlesseel has quit [Remote host closed the connection]
<bgamari>
gchristensen, would a patch for nix#2019 be accepted do you suppose?
<mpickering>
_deepfire: I'm not sure if IFD prevents caching?
<clever>
bgamari: it should be trivial to do it in constant memory
lawlesseel has joined #nixos
<gchristensen>
I doubt it, bgamari, since nix would still need to verify it
<gchristensen>
but yes... it should be trivial to do it in constant memory
<clever>
bgamari: turn the input file into a nar stream, feed it to a stream tee (already exists in nix), feed one duplicate to a hash algo, the other to a nar unpacker
<bgamari>
clever, there is a patch floating around somewhere that does this but it was rejected by Eelco
<clever>
bgamari: and unpack it to a temp dir, and then rename, based on the final hash
<bgamari>
oh, perhaps not that though
<infinisil>
"trivial" is a deceitful word
crmlt has joined #nixos
<fresheyeball>
can I make a derivation with no source, but have the source just be based on interploation in the installPhase script?
<clever>
fresheyeball: runCommand is simpler for that kind of thing
<fresheyeball>
clever: will that make a derivation?
<clever>
fresheyeball: in this example, it copies some config, then runs a haskell binary to generate more config
<clever>
fresheyeball: the attribute set on line 8 can accept normal derivation things like buildInputs
nikola_i has quit [Ping timeout: 264 seconds]
<fresheyeball>
clever:++
<fresheyeball>
clever++
<{^_^}>
clever's karma got increased to 84
<fresheyeball>
clever: stop kicking so much ass. you are making me all insecure over here haha
<bgamari>
gchristensen, so the question is one I have built the derivation that requires this large tarball how do I use it in the rest of my build system?
<clever>
fresheyeball: the file i linked, is involved in creating a self-extracting tarball, that can install nix to ~/.daedalus/nix/store on any machine, without nix being present, without needing root, and fully automate the chroot'ing (without root!) to run unmodified nix binaries
<bgamari>
s/one/once/
<bgamari>
gchristensen, after all, now some ad-hoc file:/// path will be one of the inputs to my derivation
<gchristensen>
what is the problem with that?
<clever>
"file://${toString ./foo}"
<clever>
normally, toString is the wrong thing here, because it removes the magic of paths, but thats actually perfect this time
o1lo01ol1o has joined #nixos
<bgamari>
hmm
<bgamari>
alright, I suppose this will work
<bgamari>
I was thinking of having the user pass the path to the tarball as an argument
<clever>
toString removes the magic, and just gives you a regular absolute path outside the store
<bgamari>
oh, right, the fetchurl has a fixed output hash
<bgamari>
so the url I pass it shouldn't matter
<bgamari>
lovely
<clever>
yeah
acarrico has joined #nixos
<clever>
bgamari: one thing i found weird a while back, is that fixed-output deirvations, are only fixed on the output tree, the $out path for it
<clever>
the drv tree (the tree of .drv files) isnt fixed
<clever>
so there can be 10 different .drv files, that produce the same $out
<clever>
due to different ways to fetch the same (name,sha256) pair
<ottidmes>
ran into that too, so you cannot know which .drv build the actual $out, this isnt stored in the DB either
o1lo01ol1o has quit [Ping timeout: 268 seconds]
<clever>
ottidmes: it could even be none of them, due to --delete and copy-closure
dustinm has quit [Quit: Leaving]
ivan has quit [Write error: Connection reset by peer]
<ottidmes>
clever: strangely enough you can remove the derivation that is marked as the derivation of another, nix-store --query --deriver can easily point to an non-existant and invalid derivation
<{^_^}>
[nixpkgs] @svanderburg pushed to master « androidsdk: fix missing fontconfig library reference when tools version 26.1.x is used »: https://git.io/fh6UI
abrar has joined #nixos
abrar has quit [Client Quit]
o1lo01ol1o has joined #nixos
<infinisil>
ottidmes: Yeah, have you filed an issue for that yet?
<MichaelRaskin>
There are config options around that
<infinisil>
I think we talked about this at some point
<MichaelRaskin>
Search these in Nix manual
<{^_^}>
[nix] @Evils-Devils opened pull request #2656 → No longer output to $PAGER → https://git.io/fh6Uc
<ottidmes>
infinisil: I did
<aleph->
Hmm, so I have a package built and it seems to write it's logs directly to nix store package path. What should I do, just do a symlink to /tmp? Error is here: https://paste.rs/pYT
<MichaelRaskin>
Depends on the reference class of we! That definitely comes up in #nixos from time to time, no idea if ottidmes was ever a participant
teehemkay[away] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
orivej has joined #nixos
<MichaelRaskin>
aleph-: I think one approach is just to pass the log location via the command line
<infinisil>
ottidmes: Ah, I assume it's this one then nix#2631
<{^_^}>
[nix] @Evils-Devils opened pull request #2657 → remove no output error on json → https://git.io/fh6Uz
<aleph->
MichaelRaskin: So actually nevermind, seems the problem was from testing it by directly cd'ing into the result/
<MichaelRaskin>
In a way this could be considered as passing a log location via CWD, just maybe not the one you would like.
<{^_^}>
[nix] @Evils-Devils opened pull request #2658 → Make the verbose flag output the version of packages → https://git.io/fh6UM
<aleph->
Aye
_kwstas has quit [Quit: _kwstas]
<ottidmes>
infinisil: having that info would have made the question whether is already correct much easier, now I base it on whether there is a root to a derivation to test if its valid, since it is very unlikely that you install a package with an outdated hash for the source but the rest being new
<ottidmes>
infinisil: gchristensen: thanks I will check that out!
endformationage has quit [Ping timeout: 250 seconds]
<clever>
infinisil: and ive now discovered a "bug" in the steam sandbox stuff!
<clever>
it cant see /steam-nas/ from the host
ddellacosta has joined #nixos
o1lo01ol1o has quit [Ping timeout: 245 seconds]
ddellaco_ has quit [Ping timeout: 240 seconds]
simukis has joined #nixos
worldofpeace has quit [Quit: worldofpeace]
<ottidmes>
gchristensen: infinisil: I did not use the overlay thinking I want to add it to Nixpkgs at some point, but for development it should not be a problem, I just tried the example and it worked out of the box, I now have clippy working :)
<infinisil>
Nice
<infinisil>
nixpkgs-mozilla is especially useful if you want up-to-date packages, nixpkgs can't provide that
<infinisil>
There is a PR to add rls to nixpkgs though: #53151
<ottidmes>
infinisil: the danger being that you might not publish it to Nixpkgs, "RUSTC_BOOTSTRAP = 1;" on master is the best you can do, so I test my package with that version
<Goldsum>
I did try to make the user on the computer I was transfering to package to a trusted user, but alas, it didn't seem to be working, and I am not sure if it works outside of NixOS....
<clever>
Goldsum: does the remote machine run nix as root, or not?
<alex_giusi_tiri>
I don't know if it applies to nix-copy-closure
<Goldsum>
It runs the nix daemon as root
<Goldsum>
The specific user I am trying to transfer the data to is not the root user, however
<clever>
Goldsum: then the nix.conf on the receiving machine, needs to trust whatever user your ssh'ing into (which could be root, which is trusted by default)
<{^_^}>
nix#2127 (by antifob, 38 weeks ago, open): Failure to copy closures: ... lacks a valid signature.
<Goldsum>
Hmmmm, right right, I suppose I could give the root user a try, lucky this isn't exposed to the outside world, so I spose I can turn root login on, then back off again
o1lo01ol1o has joined #nixos
<clever>
Goldsum: the other simple option, is to reverse the data flow
<clever>
Goldsum: as root (on the remote machine) run nix-copy-closure --from anybody@source
<bgamari>
When building a FHS user env with buildFHSUserEnv, are targetPkgs not available when extraBuildCommands are executed?
<bgamari>
It seems to me the answer is "no"
<Goldsum>
Hmmm.... that could be viable
<bgamari>
which raises the question of how one is supposed to run an installer
<clever>
bgamari: what type of installer?
<bgamari>
clever, a terrible combination of bash and java
<clever>
bgamari: fun
<bgamari>
it's awful
<bgamari>
moreover, it's from a 16 GB tarball
<clever>
was thinking it might be something simple that can just extract itself
<clever>
ah, that explains the previous questions
<bgamari>
so I can iterate at ~1 attempt / 5 minutes
* bgamari
positively hates FPGA vendors
tilpner has quit [Ping timeout: 246 seconds]
* bgamari
is beginning to think that this build may just need to happen on Debian
ambro718 has quit [Quit: Konversation terminated!]
<fresheyeball>
clever: at present I do not have those values in my configuration.nix
<fresheyeball>
I attempted to cat both files in the build
<fresheyeball>
and got "not found" errors for both
<steveeJ>
is there something in the Nix ecosystem to declare application-containers with e.g. docker or rkt? my question is a dupe of https://github.com/NixOS/nixpkgs/issues/37553 which is unanswered
<clever>
fresheyeball: yeah, you need to add that to your configuration.nix and rebuild
<fresheyeball>
clever: I can't have my build depend on that
<fresheyeball>
that would mean the whole team would need that
<nefix>
Hey again! Why when I'm developing inside a nix-shell the permissions are wrong? It keeps me throwing "permission denied" when trying to move inside a directory I just created from inside the nix-shell
Cale has joined #nixos
<steveeJ>
nefix: I've never encountered that issue. what's the umask inside the nix-shell?
<nefix>
0022
<nefix>
steveeJ: ^
<nefix>
I mean, those directories are created by a Golang program with the typical 0644 permissions set
<nefix>
That's probably the issue, but I'm not sure why is that happening
<fresheyeball>
Ok so we have potentially found a very bad nixops bug
<Xyliton>
Is the idris package broken or is my system just messed up?
<simpson>
Possibly both. What's up?
<fresheyeball>
Removing users from authorized_keys does not remove them
<`_>
We're deploying systems, and we have replaced SSH keys for users, and old SSH keys are showing up, and some ssh keys aren't even existent in the system
<`_>
To add on to what fresheyeball said
<simpson>
That does sound concerning.
uniporn has quit [Ping timeout: 246 seconds]
uniporn has joined #nixos
<gchristensen>
which user's authorized_keys?
cryptomonad has joined #nixos
<gchristensen>
and, which authorized_keys?
<`_>
so we have /etc/ssh/authorized_keys.d which does contain the user and their key
Havvy has joined #nixos
<`_>
however /etc/ssh/authorized_keys.d/root does not show their key, and does show outdated keys that do not exist within our nixops repository
cryptomonad is now known as crypto_monad
<gchristensen>
I suspected it might be root... what does nixops show-physical reveal?
drakonis has quit [Ping timeout: 264 seconds]
crypto_monad is now known as crypto_monad_
crypto_monad_ is now known as cryptomonad
<fresheyeball>
what is nixops show-physical ?
morgan has joined #nixos
morgan is now known as Guest22915
<gchristensen>
a cmommand
* aleph-
hits a snare drum
<{^_^}>
[nixpkgs] @orivej-nixos pushed commit from @orivej to master « bino3d: init at 1.6.7 »: https://git.io/fh6qE
<fresheyeball>
Can't locate strict.pm: /root/.nix-profile/lib/perl5/site_perl/strict.pm: Permission denied at /nix/store/myvfjvsrn6clcfr3v3r6f859ahgnl845-command-not-found/bin/command-not-found line 3.
<fresheyeball>
BEGIN failed--compilation aborted at /nix/store/myvfjvsrn6clcfr3v3r6f859ahgnl845-command-not-found/bin/command-not-found line 3.
<fresheyeball>
gchristensen: ^^
<gchristensen>
eh? what command did you run? run `nixops show-physical` at the same place you'd run `nixops deploy`
<fresheyeball>
ghostyy: yes
<fresheyeball>
sorry
<fresheyeball>
gchristensen: yes
<`_>
That is correct, and I believe as the same user that runs the deploy, however I will confirm that
<clever>
and is that user root?
<fresheyeball>
clever: jenkins is the usre
<`_>
No
<`_>
Correct
<clever>
then why is it looking in /root/.nix-profile/ ?
<clever>
what env vars have /root/ in them?
<fresheyeball>
clever: I logged in a root
<`_>
Sec
<fresheyeball>
and then ran su -- jenkins
ekleog has quit [Quit: WeeChat 2.2]
<fresheyeball>
maybe some things are not right
<clever>
fresheyeball: `sudo -u jenkins -i`
<clever>
fresheyeball: sudo is a thing, you should never use su again
<Xyliton>
Is the idris package broken or is my system just messed up?
<aleph->
Hmm, when installing fonts in nixpkgs, how do I make sure I can detect then? Installed siji but fc-list : family isn't giving it up,
<`_>
clever: can I ask for more information regarding that?
<clever>
`_: sudo can do everything su can do, so why use su?
<`_>
Fair
<clever>
`_: su also tends to not run the right bash profile files, leading to issues like what fresheyeball just had
<`_>
Ah ok that makes sense
<`_>
Give me a second and I will try that
<simpson>
Xyliton: Sorry, I forgot to tag you. What's broken? What have you tried and how are things not working?
<`_>
clever: right now it just says nixops: command not found
<clever>
`_: how did you install nixops?
<`_>
Nixops is made available to jenkins processes however not to the user
<`_>
clever: should i try it inside of nix-shell -p nioxps?
<clever>
`_: or `nix run nixpkgs.nixops`
<`_>
Ok
<clever>
nix-shell brings in things like gcc, nix run doesnt
<`_>
Ok
<clever>
another anoying thing, is that `nix-shell -p nixops` puts nixops into PYTHONPATH
<clever>
wait, no, its `nix-shell -A nixops` that does that
<clever>
i think
<clever>
and the problem, is that ./scripts/nixops (when developing nixops) obeys the PYTHONPATH, and uses the old code
<clever>
and then every single change you do has zero effect!
<clever>
Xyliton: parseErrorPretty' doesnt exist in that version of megaparsec
<simpson>
Xyliton: Mm, that's unfortunate. I'm not able to try to reproduce immediately (Idris needs me to download a 1.3GiB closure!) but it looks like megaparsec got updated to a version that Idris can't handle.
<`_>
clever: is there documentation for nix run?
<clever>
`_: just `nix run --help`
<`_>
Thanks
<Xyliton>
simpson: shouldn't building nix download the megaparsec version it was last built witch?
<Xyliton>
or will it try to use the newest version available?
<clever>
Xyliton: nixpkgs defines the versions for all packages, and it will always use the versions specified in the nixpkgs files
<Xyliton>
ah
<simpson>
Xyliton: I have done zero digging so far, but I'm guessing that Idris doesn't have a solid upper bound on this (transitive?) dependency.
<aleph->
Man dealing with fonts sucks
<clever>
aleph-: did you add anything to fonts.fonts ?
<Xyliton>
simpson: simpson: clever: so basically I either have to wait for someone else to fix the package (and get it merged) or I figure out how to build idris myself?
<aleph->
Basically, probably, maybe.
<clever>
Xyliton: is it broken in nixos-unstable?
<Xyliton>
I believe it is
<Xyliton>
I am on unstanble and am unable to install it
<clever>
Xyliton: have you tried an older channel?
<Xyliton>
clever: is it possible to use an older channel for a single package?