<clever>
cbarrett: you basically build a special tarball, upload it to any linux machine, unpack it, execute 1 file, and the machine is now running nixos from a ramdisk
<clever>
then just ssh back in, execute a second command, and it now has nixos instaled
<cbarrett>
That sounds awesome. But that's not what I want
<clever>
i do have plans to add it to nixops in the future
<clever>
cbarrett: what is your goal?
<cbarrett>
I stated it plainly. never mind. I'm going to work alone
<clever>
kk
<disasm>
lol, I just added nginx-vts exporter for prometheus, was getting ready to push and was going through docs for the vts module and it has a prometheus formatter already!!!
o1lo01ol1o has joined #nixos
DrLambda has joined #nixos
<colemickens>
Is libva/vaapi working for y'all on nixos-unstable? Something broke recently for me, can't tell if it's my error or upstream nixpkgs
<colemickens>
`vainfo` from `libva-utils` will tell you if it's working
<{^_^}>
[nixpkgs] @andir opened pull request #55972 → WIP: buildRustCrate support editions → https://git.io/fh5HL
LnL has quit [Ping timeout: 244 seconds]
jluttine has joined #nixos
fendor has quit [Read error: Connection reset by peer]
dermetfan has quit [Ping timeout: 272 seconds]
LnL has joined #nixos
<ottidmes>
what would be the easiest way to overwrite a single binary of another package? I want to wrap it with a script and change its argument list before passing it to the wrapped binary. I am thinking maybe buildEnv with a higher prio of my wrapper, not sure if that is otherwise the same as the original package
LnL is now known as Guest29992
schneid3306 has joined #nixos
o1lo01ol1o has joined #nixos
jluttine has quit [Ping timeout: 246 seconds]
<schneid3306>
I am interested in trying nixos and have been doing some research. I may be missing something obvious, but how do I go about executing existing scripts that i use on other operating systems? for example, I have a python script i use to take notes. If my understanding is correct, the shebang will not be able to be interpreted on nixos. Can anyone elaborate or point me in the right direction here?
<jackdk>
I think you may have some luck with a /usr/bin/env python shebang. software in nixpkgs gets its shebangs patched with exact interpreter paths in the nix store
<slabity>
schneid3306: If the script properly uses `#!/usr/bin/env`, it should work fine
<clever>
schneid3306: if you use `#!/usr/bin/env python` and happen to have python already installed, it can work, but its often better to package the script properly
<slabity>
I believe POSIX only defines `#!/bin/sh` and `#!/usr/bin/env` anyways
o1lo01ol1o has quit [Ping timeout: 255 seconds]
<schneid3306>
thanks, all. that gives me some comfort. appreciate it.
<disasm>
ottidmes: does that auto-reply when they come on?
Ariakenom has quit [Quit: Leaving]
<ottidmes>
disasm: no, but I saw "--> | reallymemorable (~reallymem@cpe-66-108-137-140.nyc.res.rr.com) has joined #nixos"
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fh5H1
<rcshm>
hi, i am struggling with installing nixos on raspberry pi. i keep trying to install the gui and only desktopManager.xfce and displayManager.auto would work. but then it is pretty slow. and it keeps getting alloc_contig_range: [34e00, 35e00) PFNs busy from i try to update configuration and nixos-rebuild.
<{^_^}>
[nixpkgs] @illegalprime opened pull request #55973 → build-fhs-userenv: change to using bubblewrap over chrootenv → https://git.io/fh5Hy
<rcshm>
does anyone has a working nix-raspberry pi image with gui that really works?
slack1256 has quit [Remote host closed the connection]
<disasm>
oh, reallymemorable showed up, I filter joins/parts :)
<disasm>
reallymemorable: my apologies
jluttine has quit [Ping timeout: 258 seconds]
monokrome has quit [Quit: WeeChat 1.9.1]
<teto>
I have a module whose default refers to `pkgs`. I am afraid when generating the doc, it will print the full path, how can I replace the default displayed in the doc ?
slack1256 has joined #nixos
reallymemorable has quit [Ping timeout: 246 seconds]
<slack1256>
On iptable -L I got the chain nixos-fw-accept the following
<slack1256>
1 nixos-fw-accept all -- anywhere anywhere
<slack1256>
But you're right the out of iptables-save is less confusing
<dramforever>
But that sounds like 'If from interface lo, or already established connection, or going to tcp port 22, or icmp 8 (ping), then accept, else drop with logging in some cases'
<slack1256>
The line I got problems before, the one I said should accept everything, now it's clarified to be only for the loopback device
justanotheruser has joined #nixos
thc202 has quit [Ping timeout: 250 seconds]
o1lo01ol1o has joined #nixos
<{^_^}>
[nixpkgs] @Infinisil merged pull request #55766 → nixos/quassel: Add support for certificate file → https://git.io/fh7rJ
<nisstyre>
So I accidentally typed "deployment.ec2.instanceTypes", rather than "deployment.ec2.isntanceType" in my nixops config, and it threw this error "error: I don't know an AMI for virtualisation type pv-ebs with instance type m1.small"
<nisstyre>
took me like 15 minutes to figure out I had a typo
<nisstyre>
is it worth reporting that as an issue?
<nisstyre>
that is a confusing af error message
<nisstyre>
I guess it defaults to m1.small and can't find an AMI for NixOS?
<yl[m]>
is there a way to invoke the nix installed in daemon mode i.e `sh <(curl https://nixos.org/nix/install) --daemon` without interactive mode? Since the install script is invoked by sh (as opposed to be piped to sh) it asks confirmation for everything it's doing :(
<infinisil>
nisstyre: Huh weird, I'd think it should have given a `unknown option isntanceType` error
<gchristensen>
I type dvorak. If I use this: `echo -n 'hi' | xdotool type --file -` it is sending the keycodes for h and i, resulting in jg being typed. any way to fix xdotool?
rcshm_ has joined #nixos
rcshm_ has quit [Remote host closed the connection]
ottidmes has quit [Ping timeout: 250 seconds]
wedens has joined #nixos
<hodapp>
huh, not sure how I didn't run into this myself as a fellow dvorak typist
<gchristensen>
right, using Windows 10 in a virtual machine, talking to my host to "type"
<Myrl-saki>
gchristensen: Ah. Cool.
o1lo01ol1o has joined #nixos
<Myrl-saki>
gchristensen: I was thinking of doing something similar for non-code stuff(IRC, maybe?) -- Espeak + speech recognition. How is speech recognition working for you?
<gchristensen>
well, and only about thirty seconds into it. conversationally, it seems to work pretty nicely. Dragon on Windows directly works very very well, it is very impressive the number of editing interactions and supports
<gchristensen>
the linux integration is nonexistent, and requires third party hacks to make it work. there is seems to be a fairly sizable community of people doing it, though.
<gchristensen>
a major downside to the current way I have the set up is the current contextual text around what I am saying is absent. this means that the language model is not able to actually work at its full capacity. this is of course not a problem on Windows, what is a problem on Linux because of the way the forwarding works. to be honest I imagine no CLI program will ever really be great, unless it integrated with
<gchristensen>
readline or something
teej has joined #nixos
schjetne has quit [Ping timeout: 255 seconds]
<Church->
Man I'd love to use nix on this somehow.
<Church->
gchristensen: Porting 10-15k+ lines of puppet to salt stack. Kill me please.
<gchristensen>
ouch
<gchristensen>
okay, bedtime
sondr3 has quit [Quit: WeeChat 2.2]
<Church->
Night
pie__ has joined #nixos
iqubic has left #nixos ["ERC (IRC client for Emacs 26.1)"]
endformationage has quit [Ping timeout: 272 seconds]
pie___ has quit [Ping timeout: 250 seconds]
<jackdk>
I don't know salt, but can't you make it call nix-copy-closure or something ;-)
<colemickens>
Church-: that sounds like the wrong direction
<colemickens>
oh never mind, I was thinking ansible instead of puppet
<colemickens>
either way, I'm sorry
<Church->
Thankfully a lot of it is repeating.
<Church->
And I can just module it away I think
DrLambda has quit [Ping timeout: 255 seconds]
doyougnu has joined #nixos
o1lo01ol1o has joined #nixos
vk3wtf has quit [Ping timeout: 252 seconds]
ddellacosta has quit [Ping timeout: 268 seconds]
ddellacosta has joined #nixos
iqubic has joined #nixos
illegalprime has joined #nixos
o1lo01ol1o has quit [Ping timeout: 250 seconds]
rcshm has quit []
justanotheruser has quit [Ping timeout: 246 seconds]
justanotheruser has joined #nixos
fusion809 has quit [Read error: Connection reset by peer]
<etu>
abbafei[m]: Feel free to open a PR and cc me in it
<PeterHK>
how to deal with ld errors on OSX?
<PeterHK>
usually getting it from ruby stuff that also uses xcode
<PeterHK>
example: ld: unknown option: -isysroot
vk3wtf has quit [Ping timeout: 258 seconds]
drakonis has quit [Quit: WeeChat 2.3]
ddellacosta has quit [Ping timeout: 272 seconds]
o1lo01ol1o has joined #nixos
<rydnr>
Hi! I've used nix-diff to compare two derivations (one that gets built with nix-build, another that doesn't get built with nixos-rebuild), and found that the platforms don't match (the working one is x86_64-linux, the non-working is i686-linux).
lawlesseel has quit [Remote host closed the connection]
<clever>
rydnr: which one is i686-linux? and what is the host cpu?
<clever>
rydnr: and what does `which nix-build` return?
<rydnr>
clever: which nix-build returns /run/current-system/sw/bin/nix-build for both my user and root, pointing to /nix/store/rffcxk0l94lc96yl07r26sdnfql6x0h4-nix-2.1.3/bin/nix-build
<clever>
rydnr: and `file /nix/store/rffcxk0l94lc96yl07r26sdnfql6x0h4-nix-2.1.3/bin/nix-build` ?
fusion809 has quit [Remote host closed the connection]
nD5Xjz has joined #nixos
<rydnr>
clever: i686-linux is nixos-rebuild. x86_
<rydnr>
clever: /nix/store/rffcxk0l94lc96yl07r26sdnfql6x0h4-nix-2.1.3/bin/nix-build: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /nix/store/7gx4kiv5m0i7d7qkixq2cwzbr10lvxwc-glibc-2.27/lib/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=6e0fa07dbb8b8aa2ea49ffff324542ba8121e2a7, not stripped
<clever>
rydnr: are you setting the system param anywhere in configuration.nix?
<rydnr>
clever: I don't think so. I grep 'system' in my /etc/nixos/*, and only got "system.stateVersion", "system.autoUpgrade.enable" and "system.autoUpgrade.channel"
<rydnr>
clever: could be in root's profile?
o1lo01ol1o has joined #nixos
<clever>
rydnr: not really
<clever>
rydnr: what about `which nixos-rebuild` ?
<rydnr>
clever: I'm reading in nixos-rebuild source code the following: "# Make sure that we use the Nix package we depend on, not something # else from the PATH for nix-{env,instantiate,build}. This is # important, because NixOS defaults the architecture of the rebuilt # system to the architecture of the nix-* binaries used. So if on an # amd64 system the user has an i686 Nix package in her PATH, then we # would silently downgrade the whole s
Mr_Keyser_Soze has joined #nixos
<nisstyre>
basically I think NixOps is not creating the security group before trying to create the instance
<nisstyre>
How do I say "this resource must be created first" ?
<clever>
rydnr: yeah, it will default to the arch of the nix-build binary, which we already confirmed is 64bit
<clever>
nisstyre: are you using --include any?
schjetne has joined #nixos
<nisstyre>
clever: no
<clever>
nisstyre: do the names of the machine and security group overlap?
<nisstyre>
clever: oh, maybe
<nisstyre>
let me share my whole config
<rydnr>
clever: I have " hardware.opengl.driSupport32Bit = true;". The derivation fails when building gpu_*.c
<clever>
nisstyre: thats a bug in nixops, it doesnt warn you when the names collide like that
<MichaelRaskin>
ottidmes: mtn and svnssh definitely use different protocols where checking SSL certificate doesn't apply. fetchs3 should be something via https.
<sevanspowell>
clever: So if, on NixOS, I change my configuration.nix to `useSandbox = false;` it should work?
<clever>
sevanspowell: its still running as the nixbld1 user, which lacks access to the socket, its better to rewrite such tests to not depend on docker
<sevanspowell>
clever: Alright, thanks for the help. I had already tried `useSandbox = false;` to no avail.
<sevanspowell>
clever: :)
<clever>
rydnr: can you pastebin the output of `nix-diff` and also `nix show-derivation`?
<{^_^}>
[nixpkgs] @freezeboy opened pull request #55988 → first batch of compatible applications → https://git.io/fh5dY
Serus has joined #nixos
ninjin has joined #nixos
PeterHK has quit [Ping timeout: 256 seconds]
reallymemorable has quit [Ping timeout: 246 seconds]
gagbo has quit [Quit: I'm out !]
palo1 has joined #nixos
palo has quit [Ping timeout: 258 seconds]
palo1 is now known as palo
PeterHK has joined #nixos
ninjin has quit [Ping timeout: 256 seconds]
<PeterHK>
OSX: can i tell nix-shell to just use the system ld?
hyper_ch2 has joined #nixos
reinhardt has joined #nixos
growpotkin has quit [Quit: WeeChat 2.3]
Makaveli7 has joined #nixos
joehh has quit [Ping timeout: 250 seconds]
makaveli[m] has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed 10 commits to staging-18.09: https://git.io/fh5da
schjetne has joined #nixos
Guest29992 has quit [Changing host]
Guest29992 has joined #nixos
Guest29992 is now known as LnL
schjetne has quit [Ping timeout: 240 seconds]
<cyris212>
How do I install OpenJDK 11 from the unstable channel?
<cyris212>
Nvm, got it.
rauno has joined #nixos
<disasm>
globin: I see you've update the prometheus statsd bridge exporter, but there isn't a nixos module for it. Is that for a reason, or should I PR to add one?
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-pandoc-citeproc: update override for the latest version »: https://git.io/fh5dp
<{^_^}>
[cabal2nix] @peti pushed to revert-405-internal-haddock-revert « Revert "Revert "Disable Haddock phase for packages with internal libraries."" »: https://git.io/fh5dj
<{^_^}>
[nixpkgs] @thomasjm opened pull request #55989 → Add optional Jupyter kernelspec options from the spec → https://git.io/fh5Fe
<{^_^}>
[cabal2nix] @peti opened pull request #406 → Revert "Revert "Disable Haddock phase for packages with internal libraries."" → https://git.io/fh5Fv
<{^_^}>
[cabal2nix] @peti merged pull request #406 → Revert "Revert "Disable Haddock phase for packages with internal libraries."" → https://git.io/fh5Fv
<{^_^}>
[nixpkgs] @vbgl pushed to master « coqPackages.mathcomp-analysis: enable for Coq 8.9 »: https://git.io/fh5FY
<cyris212>
Does someone have IntelliJ working with OpenJDK 11?
orivej has joined #nixos
<cyris212>
Looks like with every Java release the path to the java home changes with Nix.
<srhb>
cyris212: Well, yes, if you're using the store path.
<srhb>
cyris212: That's By Design.
nD5Xjz has joined #nixos
schjetne has joined #nixos
<srhb>
cyris212: (You're probably better off depending on a path in a profile, if you can't make IntelliJ depend on the correct path)
<ivan>
did OpenJDK 11 fix the font rendering?
<ivan>
(or do you not mind the crazybad rendering?)
Tucky has joined #nixos
Ariakenom has joined #nixos
Ariakenom has quit [Remote host closed the connection]
Ariakenom has joined #nixos
menace has joined #nixos
<cyris212>
srhb: This makes total sense. Thank you very much!
ng0_ has quit [Ping timeout: 256 seconds]
menace has quit [Client Quit]
johanot has joined #nixos
ng0_ has joined #nixos
<averell>
they recommend running it with their own jdk, no? that also enables some special features afair.
ij has joined #nixos
<ij>
Hi. I'm on nixos-18.09 on mac, but I'm trying to use a local checkout on release-18.09. With the system's channels, git is cached, with the local checkout it tries to build git. I've removed any changes and pulled the latest release.
<clefru>
Is there a good nix-ish way to disable the gdm auto-suspend feature? Because whenever I issue a reboot command remotely, I obviously can't login and then my box goes dead after 30 minutes
malice` has joined #nixos
<malice`>
Hey all! Trying to install Nix and failing. I can't get both networking and GUI to be working, but I'd like to start with GUI... The problem is simple - I can't start the display manager.
<malice`>
So I've looked online and found that nvidia driver is not loaded. (otherwise, running display manager tries to run X 3 times (and I see a black screen blinking 3 times in the process, after which it fails)
<malice`>
Unfortunately this makes things even worse. After running nouveau and starting a display manager my whole PC freezes after 20 seconds or so
<malice`>
It looks like nouveau crashes (I can see some backtrace in `journalctl -f` in other tty), I also get message about CPU stalls and I've seen kernel panic as well
<malice`>
My GPU is Nvidia GP106
PeterHK has quit [Ping timeout: 256 seconds]
<malice`>
Is this a known problem with nouveau?
zupo has joined #nixos
<clefru>
malice`: I'd try to blacklist/disable X and then try new kernels/configurations with "nixos-rebuild test" so that when your machine freezes you get back to a good state
<clefru>
malice`: I'd probably try upgrading to nixos-unstable, which is out in a few weeks anyway
<malice`>
clefru: hey, thanks for responding!
<malice`>
No idea what you're saying though. How do I do that during installation?
<malice`>
And why disabling X would help?
<clefru>
malice`: Just don't enable an xserver when installing, that is don't have "services.xserver.enable = true" in your config
<clefru>
malice`: you want a stable system first before playing around with it
<clefru>
the installer is usually too limited for good experimentation. you might also try the vesa driver btw
thc202 has joined #nixos
<malice`>
clefru: I see. I understand that the installation media boots itself into nix OS, so I will just ask to make things crystal clear... we're talking about switching the installation media OS into unstable, right?
<malice`>
and not the OS that is installed using this installation media?
<clefru>
malice`: no don't do that. just do a regular installation with what you have and disable the xserver (as there is no guarantee that in nixos-unstable you won't have the same problem)
<clefru>
malice`: to disable the xserver you need to edit /mnt/etc/nixos/configuration.nix and find and change the xserver line here
<malice`>
Okay... So I guess that I will have no GUI during installation.
<clefru>
malice`: that's during installation. if you have it already up and running then your config is at /etc/nixos/configuration.nix
<malice`>
I never succeeded to install Nix.
<clefru>
oh hold on, the installer has a GUI? I am sorry. I didn't know that. I thought that you talked about having a broken installation
<malice`>
I started an hour ago but I run into this problem when trying to start
<clefru>
malice`: ah sorry my bad.
<malice`>
Yeah, I thought we might had a misunderstanding there :)
<clefru>
malice`: I haven't installed nixos in a long while it seems :)
<malice`>
:)
<clefru>
malice`: ok maybe try the nixos-unstable ISOs then.. should there be anyu
<malice`>
I couldn't run wpa_supplicant. I guessed (correctly) that it was due to the network-manager running, so I stopped it. I succeeded, but I don't have dhcp server running anymore. How do I start one? dhcpcd wasn't working.
<malice`>
Sorry if I'm asking stupid or wrong questions but I'm coming from Gentoo and am used to a bit different set of things I guess
<Shados>
Is it possible to override buildFHSUserEnv derivations...? I'd like to put an LD_PRELOAD shim in dropbox's runScript, to remove the arbitrary restriction of only working on ext4
<pie___>
wedens: argh, so it wasnt just my imagination that it existed!
<pie___>
i couldnt find it off the github page?
<wedens>
pie___: at the bottom of "Usage" section of the readme ;)
ij has quit [Ping timeout: 240 seconds]
<gregoire>
Hi! I've been searching for some kind of templating system for files in NixOS but couldn't find anything. I'm looking to write a configuration file in $XDG_CONFIG_HOME which would take an existing file in my config and copy paste it while replace nix expression, allowing me to use things like ${pkgs.foo} in my config file. Is there any (hacky) way to do this?
<pie___>
wedens: my bad! >.< I swear I even tried searching the readme for "manual"
<wedens>
gregoire: substituteAll
<pie___>
also googles home-manager manual, among other thigns
<andi->
gregoire: usually subsituteAll is uses, it allows you to use placeholders like @foo@ while `foo` must be an attribute in the arguments to it IIRC.
<{^_^}>
[nixpkgs] @Profpatsch pushed commit from @CarlosMChica to master « bazel: fix bash completion »: https://git.io/fh5xG
<wedens>
also replaceStrings for simple string replacement
daniele- has quit [Quit: daniele-]
<gregoire>
Thanks a lot wedens and andi-, seems like it's what's I've been looking for
<gregoire>
Similar question even though I don't think it's possible: Anyway to use nix-expression in a bash script? Something like echo ${pkgs.foo}
<gregoire>
I've been looking at nix-shell as interpreter but doesn't work that way I believe
<ottidmes>
gregoire: `nix-instantiate --eval --expr` and `nix eval` can do that
<andi->
gregoire: would pkgs.runCommand be of any help within a derivation?
<andi->
or pkgs.writeScript{,Bin}
<gregoire>
andi-: I'm not sure what you mean
init_6 has joined #nixos
<gregoire>
ottidmes: I'll take a look, thanks :)
ThatDocsLady has joined #nixos
<ottidmes>
gregoire: if you just need to reference some other package's output path, you can just do something like this: rbash = super.runCommand "rbash" { } '' mkdir -p $out/bin ln -s ${super.bash}/bin/bash $out/bin/rbash '';
agander has joined #nixos
<ottidmes>
(super being pkgs, copied it from one of my overlays)
<gregoire>
The idea is using some of my nix config variables directly in a bash script, I'm not within a derivation
<andi->
ahh, well then make them an output of a derivation? :)
<ottidmes>
gregoire: ah, then either generate the script as a product of a derivation like andi- suggests, or if you want it to update the moment you change your config, you could with the eval route I gave above
<gregoire>
Oh, indeed, I could write my script using placeholders and use substituteAll in a derivation to generate the real script then right?
<ottidmes>
yep
<gregoire>
Awesome
<gregoire>
Thank you for your help!
rycwo has quit [Ping timeout: 245 seconds]
rycwo has joined #nixos
periklis has joined #nixos
sdier has joined #nixos
gregoire has quit [Quit: Leaving]
ben_ is now known as ben
agander has quit [Ping timeout: 246 seconds]
<Taneb>
How does Hydra's RunCommand plugin see an aggregate job, I wonder
mbrock has quit [Ping timeout: 258 seconds]
<srhb>
Taneb: Like any other job I think.
<srhb>
Taneb: Something specific you're wondering?
<Taneb>
I'd like to be able to find constituents with a certain name
bwe has joined #nixos
<Taneb>
I guess I can read the hydra-ggregate-constituents file and do it myself
Makaveli7 has quit [Quit: Leaving]
periklis has quit [Ping timeout: 246 seconds]
lawlesseel has joined #nixos
ij has joined #nixos
Makaveli7 has joined #nixos
infinee has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ij has quit [Ping timeout: 246 seconds]
fendor has joined #nixos
<tom39291>
I have 5 NixOS machines, managed via Nixops. They each have a bunch of nginx vhosts. On one machine I'd like to collect all five machines's vhosts (to know which domains to monitor). Is there a NixOps network equivalent to NixOS modules mkOption that would allow me to combine options from multiple machines?
<tom39291>
Or must I define my own merging of nodes.*.services.nginx.vhost ?
jasongro` has joined #nixos
jasongrossman has quit [Ping timeout: 246 seconds]
schjetne has quit [Ping timeout: 245 seconds]
ij has joined #nixos
<tom39291>
Doesn't look implausible to just use mkOption at the Nixops network layer (in addition its usual role at the NixOS machine layer)
joehh has joined #nixos
<bwe>
Does systemd.services.<name>.environment map to systemd's WorkingDirectory specifier?
<Alling>
Installing 110.79 works like a charm, but since I need 110.81, I copied the expression from that file and changed version to "110.81".
<symphorien>
you must also change the hash
<Alling>
So I did let smlnj_110_81 = ... in ... in a shell.nix. However, it ways that "smlnj-110.81 is not supported on ‘x86_64-unknown-linux-gnu’, refusing to evaluate".
<Alling>
says*
<Alling>
It also suggests some workarounds, but I'm just wondering why I'm getting the message. How does it know?
<andi->
Alling: meta.platforms is only darwin + i686 on that package
<andi->
you might want to give it a try building it on x86_64-linux (by adding that to the list)
<Alling>
andi-: How come I didn't get that error (or did I?) when I installed 110.79?
<andi->
Alling: well you didnt since it transparently switched to the i686 compiler chain (stdenv etc..)
<andi->
in pkgs/top-level.nix there is a `pkgsi686Linux.callPackage` being used instead of the "standard" `callPackage`. Since amd64 is usually able to execute i686 code that was used (transparently?) there.
<Alling>
How come the same mechanism doesn't kick in when I'm defining an almost identical package in a shell.nix?
<andi->
because you are using the normal stdenv (which is the native/amd64 one)?
ThatDocsLady has quit [Remote host closed the connection]
ThatDocsLady has joined #nixos
ninjin has joined #nixos
<Alling>
andi-: Here you go! This is with x64 manually added to meta.platforms. (Without it Nix complains. With it I get an error with suggestions to install 32-bit libraries.) https://pastebin.com/4puaF8Qj
o1lo01ol1o has joined #nixos
<Alling>
I didn't quite understand how to use pkgsi686Linux.callPackage in my context from your linked example.
<andi->
substitude `stdenv` with `pkgsi686Linux.stdenv` in line 36 and it might work :)
<Alling>
andi-: Woah! It's building now. :D Let's see if it works.
<andi->
Alling: you can also try to add `x86_64-linux` to meta.platforms and using the "normal" `stdenv` again. Maybe upstream is now compatible with that.. (personally never used/heard of that package before)
<Alling>
andi-: I did that first; the build failed with an error about 32-bit libraries etc.
<Alling>
It actually built now!
<therealwaphire[m>
Guys, is it possible to use refind as the default bootloader instead of grub or systemd - boot? Last I checked there weren't any derivations for refind
<Alling>
However, when I run sml, I still have version 110.79, so I guess this is where I should listen to symphorien :)
o1lo01ol1o has quit [Ping timeout: 250 seconds]
<infinisil>
therealwaphire[m: i don't know of a way, do you have trouble with grub?
<therealwaphire[m>
Nah
<therealwaphire[m>
It's just that rEFInd has been my goto. So I wondered if there was a way to use it.
<Alling>
andi-: symphorien At this point I know what to do, but it's quite laborious: Manually change the hashes of every single one of the ~25 sources so as to provoke an error, then copy the correct hash into my Nix expression. Is there a quicker way?
<andi->
nah
<andi->
that sounds about right
<symphorien>
look in the same folder if there is a script to generate these
<andi->
unless you want to nix-prefix-url them
<andi->
s/prefix/prefetch/
reallymemorable has joined #nixos
<Alling>
andi-: "prefix" does not occur anywhere in this expression.
<andi->
Alling: I meant you can also use the tool `nix-prefetch-url` to obtain the hash for the url without attempting a build.
<Alling>
andi-: Aha, of course, ye olde s/a/b in IRC. :D
<andi->
;)
<Alling>
andi-: symphorien Then I can probably script it! :)
<andi->
good luck!
ng0 has quit [Quit: Alexa, when is the end of world?]
reallymemorable has quit [Ping timeout: 255 seconds]
hyper_ch2_ has joined #nixos
o1lo01ol1o has joined #nixos
hyper_ch2 has quit [Ping timeout: 256 seconds]
<Taneb>
Hmm, haskell.compiler.ghcjs doesn't build in master
rauno has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @aanderse opened pull request #55997 → WIP: php: add pdo odbc support → https://git.io/fh5j2
ost_ has joined #nixos
ost has quit [Ping timeout: 272 seconds]
<Alling>
andi-: symphorien Wohoo! SML 110.81 works now. I wrote a quick Haskell program to print all the hashes so I could paste them into shell.nix. Now I can try to get Manticore to work.
<Alling>
By the way, since Manticore has a few scripts with #!/bin/bash, can I, like, symlink /bin/bash to /usr/bin/env bash or something in shell.nix?
<ottidmes>
if I want to keep one package as it was before applying my overlay (otherwise I would get infinite recursion), what are my options? The most obvious solution is to just import pkg.path again without the overlay, but I was thinking, would it not be better to use something like callPackageWith (tried that just now, but still get infinite recursion).
<viric>
I'm surprised - aren't people using compressed nar all the time?
Olivier[m]1 has joined #nixos
silver has joined #nixos
Makaveli7 has quit [Quit: Leaving]
<gchristensen>
yes, I use them quite a while, but I don't actually have to examine them very often. what are you examining them for?
Makaveli7 has joined #nixos
init_6 has quit [Remote host closed the connection]
sphalerite has joined #nixos
superherointj has joined #nixos
<ottidmes>
gchristensen: do you know if fetchdocker (I thought you were involved in its development, considering your blogposts) use secure connections with HTTPS (verify TLS / certificate checking)?
<Alling>
Hm. What would be the most NixOS way to make #!/bin/bash scripts run without having to edit them?
<ottidmes>
Alling: calling them explicitly with #{pkgs.bash}/bin/bash, so the shebang does not matter
eadwu has joined #nixos
<woffs>
#!${pkgs.bash}/bin/bash
<Alling>
ottidmes: I don't understand what you mean by that.
o1lo01ol1o has joined #nixos
<ottidmes>
Alling: you are saying, you cannot touch the script at all, right? so patching the shebang or something similar is not an option? then rather than executing the script, you can execute bash, by passing it the script as the first argument
<ottidmes>
Alling: or you could wrap your script in yet another script that does this for you
<Alling>
Well, I can edit the scripts in this case, but it would be convenient to just have all such scripts work on my system, since people tend to use #!/bin/bash because they don't use NixOS.
<Alling>
ottidmes: Thing is, in this case I don't run the scripts manually; I run make etc which in turn call the scripts in question.
<ottidmes>
Alling: I just use patchShebangs to fix the shebangs before running them
<Alling>
I'm actually quite surprised at the fact that NixOS doesn't symlink /bin/bash.
<Alling>
ottidmes: OK; would that be "the" way to do it?
o1lo01ol1o has quit [Ping timeout: 255 seconds]
reallymemorable has quit [Ping timeout: 255 seconds]
<ottidmes>
Alling: its what is already done for scripts in /bin by the default fixupPhase I believe, so yeah
<Alling>
ottidmes: Let's say you download some repo or w/e with 20 bash scripts in different subdirectories and they call each other and whatnot. Would you do something like patchShebangs **/*?
<ottidmes>
Alling: probably something like that, yes
rycwo has quit [Remote host closed the connection]
<ottidmes>
you have to fix them somehow
<ottidmes>
patchShebangs can handle directories already, I believe
<symphorien>
You need the scripts to be executable and the intepreter must be in buildInputs
ThatDocsLady has quit [Remote host closed the connection]
DrLambda has joined #nixos
<Alling>
OK, I must say using patchShebangs like that is fairly simple after all.
<goibhniu>
Alling: you can also add a symlink for /bin/bash
<Alling>
goibhniu: Yeah, do you know why that's not the default, or even a NixOS option?
<goibhniu>
Hrm, I can't remember why /bin has `sh` in it at all
<symphorien>
It is required by POSIX
<ottidmes>
anybody have any better ideas to fix the following: I have a custom fetchurl that uses cacert, but cacert uses fetchurl (and other dependencies that use fetchurl), so I cannot use cacert to customize fetchurl, since that loops. What I really want is to take cacert as it was before customizing fetchurl, and use that cacert to customize fetchurl. I tried `cacert = callPackageWith super (super.path +
<ottidmes>
/pkgs/data/misc/cacert) { };` and `cacert = super.cacert.override { inherit (super) stdenv fetchurl nss python; };`, but only `cacert = (import super.path { overlays = []; }).cacert;` worked so far
<goibhniu>
ah, thanks
<symphorien>
system() invokes /bin/sh
<ottidmes>
/bin/sh and /usr/bin/env are the only ones required by POSIX AFAIK
<symphorien>
ottidmes: there is fetchurlBoot iirc
<ottidmes>
symphorien: how does that help me here? if cacert was just a single call to fetchurl, then I could have rewritten it to use fetchurlBoot, but its not, it uses python and and others, that in turn would also need to be rewritten which is not really going to work
<symphorien>
Ah I see
<symphorien>
Alling: in any case, /bin/bash would not be available in the sandbox
eadwu_ has joined #nixos
<ottidmes>
unless you add it to sandbox paths, but that would limit it too your system, so not really useful
woffs has joined #nixos
eadwu_ has quit [Client Quit]
dermetfan has quit [Ping timeout: 272 seconds]
o1lo01ol1o has joined #nixos
aanderse_ has joined #nixos
aanderse has quit [Ping timeout: 250 seconds]
<gchristensen>
ottidmes: I think so?
dermetfan has joined #nixos
<ottidmes>
gchristensen: I dont see anything special on the Nix side disabling it, and I doubt they would disable it within their own tool if it was not safe to do so, so will just mark it as secure then, thanks!
o1lo01ol1o has quit [Ping timeout: 255 seconds]
superherointj has quit [Quit: Leaving]
<Alling>
symphorien: ottidmes What do you mean by "sandbox"? The shell I get when I run nix-shell?
<symphorien>
no with nix-build
<Alling>
symphorien: Hm, I have never used nix-build.
<ottidmes>
Alling: you do when you use nixos-rebuild though (assuming you are on NixOS)
<Alling>
I don't think I get the implication of /bin/bash not being "available in the sandbox" though. I was just looking for "the" way to run #!/bin/bash scripts painlessly on NixOS. From what I've heard here, the answer seems to be patchShebangs.
<Alling>
Maybe I could symlink /bin/bash, but it doesn't feel very "nixy" since it's not a NixOS option.
o1lo01ol1o has joined #nixos
camsbury has joined #nixos
<ottidmes>
Alling: it was just meant as a warning in case you wanted to just have /bin/bash available and have it work on NixOS (some people really want that), its possible, but its definitely not idiomatic NixOS usage
<ottidmes>
gchristensen: yeah, checked that file a few times, I don't see what described in the comment either
<gchristensen>
dunno
<gchristensen>
SSH servers don't have certificates
<gchristensen>
maybe it was copypasta from an HTTPS one
<ottidmes>
yeah, probably something like that, I will put it on the safe list then too
<ottidmes>
fetchcvs, fetchegg (uses cvs too), and fetchfossil don't even support HTTPS from what it seems (fetchfossil at least doesn't), so they will be unsafe regardless
<Alling>
ottidmes: So if I'm following you, even if I symlink /bin/bash, #!/bin/bash wouldn't work in nix(os-re|-)build?
<ottidmes>
still have question marks at fetchmtn (no clue) and fetchs3 (probably safe, just not sure)
o1lo01ol1o has quit [Ping timeout: 272 seconds]
<gchristensen>
ottidmes: it is *not* safe, it is a very dangerous one
<ottidmes>
Alling: yep, due to sandboxing being enabled by default (good thing)
<gchristensen>
the SSH user / password gets in the store
<ottidmes>
gchristensen: with fetchs3?
<gchristensen>
fetchsvnssh
<Alling>
ottidmes: Seems reasonable to me!
<gchristensen>
in fact it should be deleted, not considered safe
<ottidmes>
gchristensen: ah ok, I will add a big warning then, thanks :)
<ottidmes>
or better yet, just error on it
danielrf has quit [Ping timeout: 258 seconds]
shibboleth has joined #nixos
o1lo01ol1o has joined #nixos
WhittlesJr has joined #nixos
<laas>
is there any way to have buildInputs depend on the source of a packge?
skaapgif has joined #nixos
<ottidmes>
laas: can't you just use pkg.src ?
waleee has quit [Ping timeout: 240 seconds]
samrose has joined #nixos
o1lo01ol1o has quit [Ping timeout: 246 seconds]
<skaapgif>
Hi, I'm trying to use nixpkg on mac as a replacement for NVM (nodejs version manager). Switching between major versions is great, but for development I often need a very specific patch or minor version of Node. What's the best way to do this, publish several new nix packages? Or is there a way to host my own Nodejs channel that has all the versions available?
<ij>
Why could using a local checkout of the same branch ruin caching?
<gchristensen>
the current built release-18.09 is 9bd45dddf8171e2fd4288d684f4f70a2025ded19
<ij>
ah, I guess I'd always been lucky
<ij>
cause it worked other times
<ij>
makes sense though… in hindsight
<ij>
so nixpkgs-channels is just another remote for nixpkgs, whose branches are the build versions?
<ottidmes>
ij: they are the commits that passed the checks
<gchristensen>
commits go in to nixos/nixpkgs, every so often hydra builds everything at the tip of each branch. when checks pass, the channel is released
<samrose>
If I am building a custom version of nixos with my own overlay, and I want to use a "package set" are there some examples of doing this?
<ij>
gchristensen, ottidmes: thnaks
<ij>
for enlighting me
<ij>
gchristensen: do you keep nixpkgs-channels as a remote?
<gchristensen>
not really
simukis has quit [Remote host closed the connection]
<ij>
ok, but it looks like that'd work :P
<ottidmes>
ij: I do, and then I just use: git remote update channels && git rebase channels/nixos-18.09
<ij>
nice!
xkapastel has quit [Quit: Connection closed for inactivity]
<ij>
I feel way beyond cool now :D
<ottidmes>
samrose: "package set" is not really saying much, an overlay that defines a set of packages, acts already like a package set, if you mean that, any example of an overlay will do, if you mean adding an actual set of packages via some attrset as part of an overlay, then you can just use super.callPackage to a file that produces an attrset rather than a derivation, since that file could just have at least {
<ottidmes>
callPackage }: as a dependency and then define its attrset
DrLambda has quit [Ping timeout: 250 seconds]
<ottidmes>
samrose: just remember to call recurseIntoAttrs (defined in pkgs) on your attrset, so it is marked as an attrset containing packages (so nix-env / `nix search` can safely recurse into it to check for other packages)
<gchristensen>
is there a way to do "cat foo | ssh -t remote "sudo do-something-with-foo" and still get the sudo prompt, despite stdin being taken by `cat foo`?
<ij>
manveru: do you use direnv to load nix shell?
<manveru>
`env = if builtins.pathExists ./gemset.nix then [ gems.wrappedRuby (lowPrio gems) ] else builtins.trace "to get your gems, please run bundix -l" [];`
<ij>
because sometimes the gems didn't build or something, so I needed to remoev them
<manveru>
i have this sometimes too
<manveru>
so i just rm gemset.nix and it works
<elvishjerricco>
gchristensen: The man page for sudo describes a `--stdin` flag which tells it to use stdin instead of the terminal device, implying there's a way to get the prompt on the terminal device built in
<ij>
manveru: hm! also nice
<sb0>
how do fetchgit/fetchurl/etc. disable the sandbox to get network access?
<sb0>
it's not obvious from reading their code. they just look like usual derivations.
<gchristensen>
they declare their outputs
<gchristensen>
by specifying the hash
<sb0>
gchristensen: so if you specify a output hash, then you get access to the network?
<ivegotasthma>
gchristensen: any idea how I can find the name of the executable?
<ivegotasthma>
ah, acroread
o1lo01ol_ has joined #nixos
o1lo01ol1o has quit [Read error: Connection reset by peer]
ij has quit [Ping timeout: 246 seconds]
o1lo01ol_ has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
<illegalprime>
if i have stdenv.cc how to i get the c compiler bin name of that package?
trevorriles has joined #nixos
<illegalprime>
"${stdenv.cc}/bin/gcc" would not work since the C compiler might not be the GNU cc
<{^_^}>
[nixpkgs] @etu opened pull request #56002 → dump1090: Move to radio → https://git.io/fhdTn
<clever>
illegalprime: $CC will be set at build time
Ariakenom has joined #nixos
<clever>
> stdenv.cc.isGNU
<{^_^}>
true
<clever>
you could also just fire if statements at it
<Alling>
andi-: ottidmes Hm, "./script.sh: line 22: patchShebangs: command not found" when I try to run patchShebangs from a bash script (within a nix-shell). patchShebangs works if I type it directly into the terminal.
<cbarrett>
greetings. i have a clearer idea of what i'm trying to do now. i'm trying to create a vm image (in vdi format) to upload to my cloud provider in a pre-configured state. I'm on macos so i have the minimal installer running in a vm. here are my hypotheses: i'm going to installing onto another vdi image, and the only services I need to enable are sshd and cloud-init (required). reading the manual about how to partition a disk now.
<illegalprime>
clever: oh right! so I'm actually trying to cross compile cmake and it needs an x86 gcc during it's configure phase. I can pass CC=$BUILD_CC to fix it but the $ gets escaped in configureFlags
dbmikus_ has joined #nixos
<ottidmes>
Alling: AFAIK its part of the standard shell hook, so just like any bash function, it will not be magically become available in script run within a shell where it is defined (i.e. it does not inherit the shell functions)
<clever>
illegalprime: the above files generate a linux ELF makensis binary, and some exe stubs, and makensis will then join the stubs with compressed blobs, to create working windows installers
<Alling>
ottidmes: So it shouldn't work (neither inside nor outside a nix-shell)?
rcshm has joined #nixos
<Alling>
ottidmes: git works in scripts though. Is it different?
<clever>
Alling: its a bash function, not a binary in PATH
<illegalprime>
clever: dang that's weird but cool. I feel like it may be possible to set configureFlags in the preConfigure phase, letting me do shell substitutions
<clever>
illegalprime: yep, thats also a common thing
hellrazor has joined #nixos
<illegalprime>
i'm trying to cross compile some rust and i'm trying to fix every cross compilation issue that gets in the way, so far i think I have a fix for https://github.com/NixOS/nixpkgs/issues/54510 and hopefully soon for cmake
<{^_^}>
#54510 (by illegalprime, 3 weeks ago, open): perl's TermReadKey fails to cross compile to armv7
alex`` has quit [Ping timeout: 246 seconds]
<clever>
illegalprime: i dont think you need to cross-compile cmake, since rust doesnt need cmake at runtime
<clever>
illegalprime: i think?....
<reallymemorable>
gchristensen: are you still able to create the iso or should I search for another solution?
<reallymemorable>
no worries if not
<gchristensen>
oh sure
<illegalprime>
clever: aparently cargo wants cmake during runtime? or maybe it's just a poorly written derivation
<clever>
illegalprime: its more likely that somebody put cmake into the buildInputs, rather then nativeBuildInputs
<clever>
illegalprime: so it wants the cross-compiled cmake, when it shouldnt
<illegalprime>
clever: you're probably right, to check should i just grep cmake's hash inside the cargo output path?
<clever>
illegalprime: yeah
<disasm>
gchristensen: yeah, was done a few minutes after I said I was done uploading a few mins after I said I was going to and failed to give the link, then pasted it yesterday twice :)
<gchristensen>
disasm: <3 thank you!
<reallymemorable>
disasm: lol i figured you got distracted and didnt want to bother you
<reallymemorable>
thank you
Ariakenom has quit [Ping timeout: 272 seconds]
<reallymemorable>
putting it on a USB and trying it now
dermetfan has quit [Ping timeout: 272 seconds]
<Alling>
clever: I see! I would never have guessed that about patchShebangs tbh. :)
<clever>
Alling: you can also run `type patchShebangs` inside nix-shell to see tht
anderslundstedt has joined #nixos
<betawaffle>
hey folks, is there something special i need to do with the nixos minimal iso to get it to use a serial console? i'm trying to install nixos on an apu2d4, and i've got the iso flashed to a usb stick. i see isolinux stuff on serial, but then it just stops at some point
<betawaffle>
cc: gchristensen, since i know you have an apu2c4
<reallymemorable>
so are you saying this iso isnt going to work?
<disasm>
one sec
johanot has quit [Quit: WeeChat 2.2]
<disasm>
lsmod|grep wl
blumenkranz has joined #nixos
camsbury has joined #nixos
<reallymemorable>
i got 2 lines back
<reallymemorable>
one starts with wl, the other with cfg80211
<disasm>
dmesg|grep wl
<reallymemorable>
ok
<reallymemorable>
no output back but appeared to run
<blumenkranz>
Hello. I am trying to modify a module to be able to pull some config files from a user-specified path, and move them into the Nix store. Do you happen to know some module in which this is done, in order to keep things consistent?
<disasm>
reallymemorable: ok... looks like different wifi
<disasm>
reallymemorable: do you have another linux distro on this laptop?
<disasm>
or a different usb stick?
<reallymemorable>
so it boots into ubuntu currently
<disasm>
reallymemorable: boot into there and run lspci|gist
<disasm>
reallymemorable: send me the link to the gist
<reallymemorable>
ok 1 min
gagbo has joined #nixos
juliendehos has quit [Quit: Leaving]
<reallymemorable>
so i ran it in ubuntu terminal
ryanartecona has joined #nixos
<reallymemorable>
and it just produced several lines that start gist> gist: unknown command
<reallymemorable>
and it opened something that is called CGM Viewer
<samueldr>
literally announced a year ago, what are the chances?
<disasm>
so probably they took it down today, lol :)
<samueldr>
nah, march 19th last year (according to the article)
<pie___>
wedens: is there anything that describes whether user.user.<username>.packages conflicts with homemanagers packages?
<disasm>
i guess they only gave a month notice
<reallymemorable>
lscpi appears to be doing something but is taking a while
<disasm>
odd, lspci is usually instantaneous
<reallymemorable>
oh shit i ran it in the gist prompt
<pie___>
wedens: or rather, i also have some packages set in systempacakges, so it would be nice if i could tell homemanager to only handle the dotfiles for the package
<Taneb>
I can't figure out how to fix ghcjs in nixpkgs :(
<samueldr>
>> GIST - A Scientific Graphics Package For UNIX Workstations
<reallymemorable>
what partition scheme should i use for MBA
<reallymemorable>
legacy boot or UEFI
<disasm>
just make sure ens9 got an IP and you can ping 8.8.8.8
<disasm>
legacy
<disasm>
with grub2
<disasm>
err
<disasm>
efi
fendor has quit [Quit: Leaving]
<disasm>
you can use grub or systemd-nspawn
<disasm>
nspawn is much simpler
<disasm>
err systemd-boot
<disasm>
too many systemd pieces, lol
<reallymemorable>
ok so UEFI
<disasm>
sorry, helping two people install nixos and the other person is using a small router device that doesn't support EFI :)
<elvishjerricco>
What do `allow-interfaces` and `deny-interfaces` actually do with avahi? I thought I'd be able to prevent a service from being visible to other computers on the same network as my enp6s0, but everything can still see my samba share.
<reallymemorable>
how do i get this to stop pinging 8.8.8.8
<reallymemorable>
its doing it forever
<elvishjerricco>
ctrl+c
<reallymemorable>
ah thanks lol
<gchristensen>
disasm++
<{^_^}>
disasm's karma got increased to 1
<disasm>
oh, my I got karma!
<ottidmes>
elvishjerricco: I don't know it from avahi, but I think it was with Samba, I believe it configured to what interfaces it binds to, by default it will bind to 0.0.0.0 (all interfaces), but that can be problematic (was for me), so I had to limit to what interfaces it could bind, but not 100% sure if the same applies here
<elvishjerricco>
ottidmes: Yea I don't mind if it's *accessible* to the network. I just don't want it published by avahi.
<reallymemorable>
Add the root partition. This will fill the disk except for the end part, where the swap will live, and the space left in front (512MiB) which will be used by the boot partition.
<elvishjerricco>
But I do want it published on a different interface.
rcshm_ has quit [Read error: Connection reset by peer]
rcshm_ has joined #nixos
<disasm>
I guess keep running with it
<disasm>
and hold option when you boot
<disasm>
if it shows the EFI volume, you might be okay
<ottidmes>
laas: I have trouble understanding what you want, "I have a list of dependencies in the source" I interpret this as having a src = ... buildInputs = [ ... ]; ...; "I'd like to somehow read the file with the dependencies in the source" do you mean you want to read the file containing the package with the src I just mentioned and want to reuse them? If so can't you just do like I said <pkg-attr>.src.buildInputs?
<reallymemorable>
ok
<disasm>
if not, you'll need to find someone with an osx installer
<reallymemorable>
but i wouldnt want to choose EFI
<disasm>
or if your firmware is new enough, boot a recovery over the network
<reallymemorable>
i just want to know if i can see it
<disasm>
you won't know until you reboot
<reallymemorable>
yes i understand
<{^_^}>
[nixpkgs] @matix2267 opened pull request #56012 → nixos/logind: Add defaultText to config option since it's not static value. → https://git.io/fhdtE
rcshm_ has quit [Read error: Connection reset by peer]
rcshm__ has joined #nixos
drakonis has joined #nixos
drakonis_ has joined #nixos
Guest79752 has quit []
rauno has joined #nixos
hph^ has joined #nixos
drakonis has quit [Ping timeout: 258 seconds]
rcshm__ has quit [Remote host closed the connection]
rcshm_ has joined #nixos
trevorriles has joined #nixos
rauno has quit [Ping timeout: 258 seconds]
andnowforsomethi has quit [Ping timeout: 256 seconds]
<blumenkranz>
Does anybodyu happen to know if there is any way to access the $out variable from Nix itself, rather than bash?
<srhb>
blumenkranz: placeholder "out", depending on what you need
<blumenkranz>
srhb; I'm trying to call a function from inside the buildCommand bash string, using the ${} syntax, but it says the variable is undefined.
<blumenkranz>
Weird thing is, it just says that on the second line it is being used. The first one doesn't raise any alarms.
drakonis has joined #nixos
<blumenkranz>
Said function accepts out as a parameter.
joehh has joined #nixos
W1lkins has quit [Read error: Connection reset by peer]
drakonis_ has quit [Ping timeout: 252 seconds]
W1lkins has joined #nixos
reinhardt has quit [Quit: Leaving]
rcshm_ has quit [Remote host closed the connection]
rcshm_ has joined #nixos
joehh has quit [Ping timeout: 255 seconds]
<blumenkranz>
Alternatively, is there any way to throw meaningful messages from bash?
trevorriles has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<blumenkranz>
I am performing some error checking in these out-dependant functions. If I can't pass them out, I guess I could do it all from bash if I can throw errors from there.
<ddellacosta>
I'm a relative newbie to NixOS so not sure what I may be doing wrong here
<colemickens>
Who understands how Chromium source is cloned/extracted in nixpkgs?
rcshm_ has quit [Read error: Connection reset by peer]
<colemickens>
I've got some changes in flight for Chromium, but I need to build against Igalia's fork. It should be easy enough, but it looks like Chromium uses something other than git submodules for dependency management.
rcshm_ has joined #nixos
<colemickens>
However, this uh, some fancy stuff going on in the nixpkgs chromium infra such that I'm not sure how to clone from a different repo.
xkapastel has joined #nixos
JosW has joined #nixos
wedens has quit [Quit: Connection closed for inactivity]
<disasm>
reallymemorable: yeah, you didn't mount anything to /mnt
<disasm>
mkdir /mnt2
<disasm>
mount /dev/<root fs> /mnt2
<reallymemorable>
i type exactly that ?
<disasm>
mv /mnt/* /mnt2
<disasm>
well swap out root fs for whatever you created your root fs
<{^_^}>
[nixpkgs] @amazari opened pull request #56015 → zoneminder: Fix locally created database → https://git.io/fhdqE
<disasm>
like /dev/sda2 or what not
grumble has quit [Quit: fire's]
<disasm>
you
<reallymemorable>
so if i did the instructions exactly
<reallymemorable>
it would be sda?
<disasm>
sda#
<reallymemorable>
# = variable?
<disasm>
where # is the thing you created as ext4 or something
<disasm>
probably sda2 or sda1 I would think
<reallymemorable>
this is the UEFI partition table part?
<reallymemorable>
im so confused
<reallymemorable>
i entered a million commands
<reallymemorable>
exactly as listed in the instructions
<disasm>
you're scaring me :)
<reallymemorable>
NixOS is scaring me
rcshm_ has quit [Read error: Connection reset by peer]
rcshm_ has joined #nixos
<disasm>
sda1
<disasm>
I hope you backed up anything you needed before running parted :)
<reallymemorable>
i dont have anything i need on this machine
trevorriles has joined #nixos
<disasm>
good :)
<disasm>
can always fix it then :)
<disasm>
I just hope the thing boots
<disasm>
I'm not sure how osx will handle your EFI part, we'll see
<reallymemorable>
i think what might have gone wrong is in 2.2.3 Formatting
<reallymemorable>
I saw three bullet points
<reallymemorable>
and only did the 3rd one
<reallymemorable>
because it said UEFI systems
<reallymemorable>
but I'm guessing I should have done the first two as well
<disasm>
yeah, what I would have done was just mkfs the ubuntu partition (with force) mount to /mnt and mount sda1 to /mnt/boot then generate and nixos-install
<reallymemorable>
so i just ran
<reallymemorable>
# mkfs.ext4 -L nixos /dev/sda1
<reallymemorable>
# mkswap -L swap /dev/sda2
<disasm>
nixos and by extension any other command line linux install requires some knowledge of filesystems :)
<disasm>
ok, so mount /dev/sda1 /mnt2
<reallymemorable>
yeah i am super bad at this stuff
<disasm>
mkdir /mnt2/etc/nixos
<disasm>
mv /mnt/etc/nixos/* /mnt2/etc/nixos
grumble has joined #nixos
<disasm>
umount /mnt/boot /mnt2
<reallymemorable>
i just did
<reallymemorable>
mkdir /mnt2/etc/nixos
<disasm>
mount /dev/sda1 /mnt && mkdir /mnt/boot && mount /dev/sda3 /mnt/boot
<reallymemorable>
and it says cannot create directory
<disasm>
oh, mkdir -p
MarvMarvinsson[m has quit [Quit: removing from IRC because user idle on matrix for 30+ days]
<reallymemorable>
ok i just did all that
<disasm>
and swapon /dev/sda2
<disasm>
and now nixos-generate-config --root /mnt
<reallymemorable>
ok done
<disasm>
then paste /mnt/etc/nixos/hardware-configuration.nix again so I can review
<reallymemorable>
it says not overwriting existing configuration.nix again
<disasm>
and while you're at it add networkmaanger line above
octalsrc[m] has quit [Quit: removing from IRC because user idle on matrix for 30+ days]
<disasm>
and like I said before you can nixos-install repeatedly with no ill side affects other than it asking for your root pass (but there's a flag to disable it changing that as well)
<reallymemorable>
just did `nano /etc/nixos/configuration.nix` and it looks completely different than before
<reallymemorable>
its basically empty now
<disasm>
/mnt/etc/nixos/configuration.nix
<reallymemorable>
ah
<reallymemorable>
yes
<disasm>
you haven't booted into your system yet :)
<acowley>
Actually I'm probably confused about the problem I have. Some of AMD's newer code wants to query the current system hardware at build time. In particular, there is /dev/kfd that is in the video group. When I nix-build something that uses a helper tool that interacts with the GPU, it fails when trying to open /dev/kfd according to strace.
<acowley>
Can I disable the sandbox for one build?
<elvishjerricco>
acowley: If you're user is trusted (`nix show-config | grep trusted-users`), then you can pass the `--no-sandbox` flag to any nix command
<acowley>
elvishjerricco: !! Thank you!
<disasm>
reallymemorable: you need to uncomment the x11 stuff as well
<acowley>
Is there a way to grant sandbox access to /dev/kfd?
<acowley>
Declaratively I mean
<disasm>
reallymemorable: lines 64 and 65
<reallymemorable>
the 3 X11 lines
<elvishjerricco>
acowley: I think so... I think you can add files to the sandbox in nix.conf. There's also relaxed sandbox mode but I don't know how that works
<ottidmes>
acowley: maybe sandbox paths?
<disasm>
reallymemorable: just the 2 eurosign xkb option :)
<acowley>
I can't believe the sandbox didn't occur to me until typing my question here just now
<disasm>
*unless*
<acowley>
I spent over an hour fiddling with groups
<acowley>
ottidmes: Thank you, that looks perfect
<disasm>
yeah, I use extra-sandbox-paths = /etc/nsswitch.conf /etc/protocols acowley
<disasm>
you can set that to whatever you need
<reallymemorable>
disasm: are you talking to me
<reallymemorable>
with the euro sign stuff?
<disasm>
reallymemorable: yeah, you probably don't need that option uncommented
<disasm>
just enable and layout x11 options
<reallymemorable>
ok so i leave that third one commented
<reallymemorable>
ok
<disasm>
nixos-install again :)
<reallymemorable>
ok its doing stuff
<reallymemorable>
fingers crossed
<reallymemorable>
do you guys mostly use PC hardware?
<JosW>
How can i get subsonic to its latest version?
<slack1256>
JosW: probably changing the version field on $nixpkgs/servers/misc/subsonic/default.nix is enough.
<disasm>
reallymemorable: this my first PC laptop I'm using (xps13 developer) that I've purchased in a decade... osx pissed me off the last 3 years, so I'm back to linux :) And no reason to by osx hardware if you're going to run linux.
<JosW>
ah, that's why there is an seperati default.nix?
<acowley>
Setting nix.sandboxPaths in configuration.nix and switching didn't immediately work. Perhaps I need a full reboot. Fingers crossed.
<reallymemorable>
disasm: yeah i already had these 2013 MBA and 2018 MBP
<disasm>
acowley: you may need to restart nix-daemon
<reallymemorable>
but im considering getting a thin PC laptop
<reallymemorable>
if im going to be doing a lot of nix stuff
<disasm>
yeah, xps 13 developer edition is pretty sweet
<reallymemorable>
originalyl i was just trying to use the package manager but it doesnt work with mojave
<disasm>
reallymemorable: it does with latest 18.09
<reallymemorable>
ah
<disasm>
but nixos is a much better experience than nix on darwin
<reallymemorable>
anyway installation complete
illegalprime has joined #nixos
Glider_IRC_ has joined #nixos
<disasm>
I run a bunch of OSX build machines for work to build binaries using nix from hydra. It's a pain keeping up with OSX breaking nix.
<acowley>
So much for crossed fingers :/
<acowley>
Didn't work
<disasm>
acowley: what's the error?
<acowley>
Ah, it just moved to another file. More sandbox entries neeeded.
<reallymemorable>
disasm: what do i do now that installation is complete?
<acowley>
The error is "No such file or directory"
<elvishjerricco>
disasm: Basically just installed them in a VM and rolls the hard disk back to a clean state whenever something breaks.
<disasm>
elvishjerricco: in the works soon I hope... :) We chatted at nixcon. We're currently using a 3rd party service so can't install nixos on them.
<elvishjerricco>
ah
<elvishjerricco>
disasm: NixOS in a VM with macOS in a nested VM :P
<disasm>
lol
<gchristensen>
oh dear
Glider_IRC__ has quit [Ping timeout: 255 seconds]
<disasm>
reallymemorable: reboot and hold option and pray that it's not bricked
<reallymemorable>
oh so i did reboot already
<reallymemorable>
and did not hold option
lordfluffywobble has left #nixos ["Kicked by @appservice-irc:matrix.org : removing from IRC because user idle on matrix for 30+ days"]
<disasm>
with no usb stick in
<reallymemorable>
and itt brought me tto a log in screen
<acowley>
I can only find something saying it can be renerD12x, but x usually starts at 8.
<srhb>
(Even if they think we're crazy (and we probably are, a bit))
<samueldr>
srhb: I'm thinking some attention should be given to run their "review notification" kernels through the nixos test suite, not saying "upstream nixos has to do it", but it's something to consider
<gchristensen>
many things are true, like: we are a bit crazy. the perl infra shouldn't make 30kb shebangs. the kernel shouldn't breake userspace :P
<samueldr>
and same for _testing
<samueldr>
we might have spotted the overlayfs regression sooner too
<samueldr>
though the issue here is humanpower I guess
<elvishjerricco>
samueldr: How hard would it be to add some kind of automation that runs all the NixOS tests for nixos-<stable> on every new kernel release (candidate)?
<srhb>
Yep :) All true. But I think this mainly puts us in a good light.
<samueldr>
elvishjerricco: "how hard would it be" are the words I didn't want to say :)
<elvishjerricco>
:P
<acowley>
Does anyone have any recommendations for a NixOS friendly laptop with a nvidia GPU? (or anti-recommendations)
<samueldr>
probably damn easy, but probably takes time
<srhb>
acowley: Thinkpads in general are usually good. I'm biased though.
<srhb>
(But I guess that's what recommendations are for...)
<acowley>
srhb: Yeah, that's the way I'm being swayed based on what I've heard from non-NixOS folks
<elvishjerricco>
acowley: Beware I've had endless problems with NVidia and NixOS
<srhb>
acowley: fwiw I think it's mostly the business lines that are really good.
<acowley>
:()
<reallymemorable>
disasm: awesome thanks
<srhb>
And they're expensive.
<acowley>
I unfortunately need a Nvidia GPU for a particular project
<reallymemorable>
so do i have to install it again
<srhb>
acowley: fwiw I've had zero problems with nVidia and NixOS.
<disasm>
reallymemorable: no :) edit /etc/nixos/configuration.nix and nixos-rebuild switch
<elvishjerricco>
acowley: I think it's mostly not specific to NixOS, but problems that other distros have solved with hacks
vidbina has joined #nixos
<elvishjerricco>
srhb: I still can't prevent screen tearing
<reallymemorable>
`nixos-rebuild switch`
<reallymemorable>
just like that?
<disasm>
reallymemorable: that's the whole power of nixos :) you can interatively make changes and if things break, just rollback :)
<srhb>
elvishjerricco: Oh, hm, is this running the nvidia driver directly? I only use optimus.
<disasm>
iteratively
<srhb>
(So, modesetting)
<disasm>
I gotta run, good luck reallymemorable! glad it boots. Do you have wifi working in the install?
<srhb>
I've heard the tearing issues from multiple people on the nvidia driver for sure (and regardless of distro)
<reallymemorable>
lol thanks so much
<reallymemorable>
haven't tried wifi yet
<acowley>
I have trouble keeping the various nvidia driver options straight in my head. I thought I'd read that running the nvidia driver directly was more reliable than optimus.
<reallymemorable>
holy shit my mouse works
<reallymemorable>
wow
<reallymemorable>
what a wild ride
<elvishjerricco>
srhb: All I've got relating to nvidia is `nixpkgs.config.allowUnfreePredicate = p: lib.hasPrefix "nvidia" p.name ...;` and `services.xserver.videoDrivers = ["nvidia"];`, plus a little script that improves *most* but not all of the screen tearing
drakonis1 is now known as drakonis
<elvishjerricco>
`nvidia-settings --assign CurrentMetaMode="nvidia-auto-select +0+0 { ForceFullCompositionPipeline = On }"`
<srhb>
elvishjerricco: Ah, okay. Yeah, that's very different from what I do..
<elvishjerricco>
srhb: What do you do?
<srhb>
elvishjerricco: I have drivers = ["modesetting"]; only and hardware.bumblebee.enable = true;
<elvishjerricco>
srhb: What do each of those do?
<srhb>
The first uses the native intel card by default, the second allows me to use optirun to offload to the GPU on a case-by-case basis
<srhb>
It's slower since I'm using the hybrid mode and have to transfer the data from the nvidia gpu to the intel one, but it's a nice user experience most of the time.
<reallymemorable>
how do i install a browser on nixos?
rcshm_ has quit [Read error: Connection reset by peer]
<elvishjerricco>
srhb: Ah. I don't have an integrated GPU. Just the nvidia one
<elvishjerricco>
(desktop)
<reallymemorable>
is it yum or apt or brew or something like that so i can pull down firefox?
<srhb>
reallymemorable: Basically the same way you install any software, add it to environment.systemPackages
<elvishjerricco>
always good to scan the table of contents :)
<reallymemorable>
thanks for the help
<reallymemorable>
im new to linux so looking under package management is non-obvious to me
CrazedProgrammer has joined #nixos
<srhb>
reallymemorable: How'd you end up picking NixOS, if I may ask?
<CrazedProgrammer>
Hi all, I think I'm encountering an issue with a package that I want to add to Nixpkgs: https://github.com/Electrux/ls_extended . This package uses a custom build system (not used by anyone else) or build script (doesn't support custom compiler flags). What would be the proper action to take? Build the package using another build system like CMake? Or add compiler flag support to the custom build script? I really like this
<CrazedProgrammer>
package but I don't think it would be up to the standards that nixpkgs would require.
<srhb>
(It's not a typical beginner's choice, not that I mean to discourage you)
<acowley>
Yeah, spec'ing out a T480s is not cheap
<reallymemorable>
so I have been doing bizops for my company and am on a long term trajectory to get into Haskell
<reallymemorable>
and we use nix
<reallymemorable>
so I figured the upfront pain of getting on NixOS
<reallymemorable>
will be worth it in the long run
<srhb>
reallymemorable: Ah, ok :)
jb55 has quit [Quit: WeeChat 2.3]
<CrazedProgrammer>
it took me a couple of weeks in order to be confident enough to switch, but now I'm a happy NixOS-only user for 1.5 years :)
<reallymemorable>
its really just my dependence on Excel and Keynote for business stuff
<reallymemorable>
that keeps me on OSX
<elvishjerricco>
CrazedProgrammer: It's on AUR. I'd look at the AUR package and see if you can't just write a Nix expression that does the same thing
<acowley>
I guess I just have to document this more carefully
<acowley>
I don't understand this part of the kernel at all
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @vcunat merged pull request #56014 → pandoc: Enable distribution to fix master eval → https://git.io/fhdqC
<CrazedProgrammer>
elvishjerrico: Thanks! that's a good place to start. However, looking at CCP4M's source code, I don't see CCP4M using any standard environment variables flags like CCFLAGS, CC and LDFLAGS. This might become an issue with hardening and cross-compiling, I would reckon (though I don't have any experience in that area)
skratl0x1C has joined #nixos
<skratl0x1C>
is there a way I can list, eg. programs.git options as I would do with nixos-option?
<CrazedProgrammer>
elvishjerricco: Oops, sorry, I spelled your name wrong
rcshm_ has quit [Read error: Connection reset by peer]
<elvishjerricco>
Er, hm... I can ping macbook.local, but macbook cannot ping nixos-desktop.local...
rcshm_ has quit [Remote host closed the connection]
<elvishjerricco>
This is despite journalctl -u avahi-daemon.service showing `Joining mDNS multicast group on interface ...`
<moredrea8>
@samueldr sorry, I tried the riot.im reply feature and thought it was irc aware...
dwdr has joined #nixos
<samueldr>
no need to apologize, just wanted you to be aware, especially the nickname thing :)
ixxie has quit [Ping timeout: 250 seconds]
<skratl0x1C>
I'm now to nixos, giving it a go, but this discoverability is a real show stopper, since it's entirely configuration based, using home-manager or not, but looking up those configuation options is really hard
<skratl0x1C>
moredrea8: right, but what about, eg. options for programs.git (home-manager)
<elvishjerricco>
skratl0x1C: home-manager is a different thing.
<reallymemorable>
do any of you guys use keybase with nixos? I installed it with pkgs.keybase but it wont start
<elvishjerricco>
skratl0x1C: But they do have some kind of auto-docs IIRC
<reallymemorable>
i got firefox and slack running with the same method
<reallymemorable>
so im confused why keybase doesnt work -- when keybase is listed as a package
<elvishjerricco>
skratl0x1C: man home-configuration.nix
<moredrea8>
skratl0x1C: Those are in `man home-configuration.nix`
<acowley>
That lwn article about shebangs is pretty interesting. I'm surprised folks are defending the patch's inclusion given the timeline as presented.
<elvishjerricco>
acowley: Yea... Sounds like they used some automated system for determining what patches to backport? Sounds like a horrible idea
<moredrea8>
acowley: Do you have a link?
<acowley>
The worse part is doubling down on defending it by blaming people for not catching the bug when in fact people did catch the bug.
<skratl0x1C>
moredrea8: oh right, thanks :) so, this man file contain all of it, or just all of what I have installed ?
<elvishjerricco>
reallymemorable: What do you mean it won't start?
<elvishjerricco>
acowley: Yea. Someone should point that out
<reallymemorable>
i can see it in the start menu and i click it and nothing happens
<reallymemorable>
when i installed firefox and slack and started them in exactly the same way
<moredrea8>
skratl0x1C: I think it should have everything
<acowley>
Automating things is great, but every automated system needs a prominent, tested, omnipotent Emergency Stop button.
<elvishjerricco>
reallymemorable: I know nothing about keybase, sorry. But FYI, this page is really useful for searching for services you might need to enable: https://nixos.org/nixos/options.html#
<elvishjerricco>
reallymemorable: Some software is more than just a program, but also a service that needs to be constantly running in the background. Looks like keybase might be on of them?
<reallymemorable>
ok thank you
<reallymemorable>
is NixOS based on Debian
<elvishjerricco>
reallymemorable: Nope
<reallymemorable>
Arch Linux?
<elvishjerricco>
Nope
<elvishjerricco>
Though in my experience it is most similar to Arch
<elvishjerricco>
or Gentoo, depending on your perspective...
<reallymemorable>
was just asking bc Keybase lists some options
<elvishjerricco>
reallymemorable: That page looks weird to me
knupfer has quit [Ping timeout: 264 seconds]
<moredrea8>
skratl0x1C: Just FYI not every package option is configurable via the programs.* options. That was what I was thinking about. I hope that will improve in the futute. home-manager though doesn't provide actual packages and doesn't have that problem though afaik.
<moredrea8>
For that you need to read the package source at the moment :/
<elvishjerricco>
Like what is that run_keybase script? It might be doing crazy things that aren't applicable on NixOS
<elvishjerricco>
AFAIK, there's no other distro one would say NixOS is "based on," right?
<CrazedProgrammer>
you're right
vk3wtf has joined #nixos
zupo has joined #nixos
<reallymemorable>
cool thanks
trevorriles has joined #nixos
Moredread has joined #nixos
CrazedProgrammer has quit [Remote host closed the connection]
moredrea8 is now known as moredre10
moredre10 is now known as moredre12
Moredread is now known as NotMoredread
moredre12 is now known as Moredread
Moredread is now known as Moredread[m]
<elvishjerricco>
Anyone using `services.avahi.nssmdns = true;`? I can't seem to get it working
<acowley>
elvishjerricco: I have that setting but also can't get it working reliably. It occassionally works for me, but I haven't deeply debugged.
<elvishjerricco>
acowley: Hm... I wish I knew more about networking :P
<gchristensen>
TIL: Xserver detects monitors better if you use a cable which is capable of handling the resolutions you're asking of it
<acowley>
Irritating because avahi on a raspbian server in a closet works great, but NixOS is the weak networking link on my home LAN.
<elvishjerricco>
acowley: At least that almost confirms it's a NixOS thing, not an avahi thing. How is it set up on the raspbian server?
<acowley>
elvishjerricco: The fact that it works occassionally for me makes me think it's making a useful broadcast followed by a bad one.
<acowley>
elvishjerricco: I think I didn't touch the default config
<acowley>
elvishjerricco: But looking at it it's too long to paste here
<acowley>
One day I will debug it
<acowley>
(he says, sadly)
ost has joined #nixos
ddellacosta has quit [Quit: WeeChat 2.2]
rcshm_ has joined #nixos
dermetfan has quit [Ping timeout: 240 seconds]
xkapastel has quit [Quit: Connection closed for inactivity]
nDuff has joined #nixos
<blumenkranz>
Does anybody know how to use the $out and $src variables from within Nix itself, and not a bash script?
ddellacosta has joined #nixos
<cbarrett>
hi, it's me again. I'm having trouble getting stage 1 of NixOS to boot on my cloud provider. I tried both the generated hardware-configuration.nix which used UUIDs and my own by-label config. Is it worth it to give hardcoding /dev/sda1 + /dev/sda2 a try? Or is there something else I should be aware of.
trevorriles has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Nivpgir has joined #nixos
<cbarrett>
The specific error I'm seeing is a timeout waiting for the root device in stage 1
Nivpgir has quit [Client Quit]
<gchristensen>
blumenkranz: what do you want to do with them?
<immae>
blumenkranz: how would you like to use it?
Nivpgir has joined #nixos
<Nivpgir>
hi
<blumenkranz>
gchristensen: immae: Mostly error checking. I want to check the types of files and directories listed by the user.
<simpson>
blumenkranz: Note that most of what's set up in the build phases is inherently in bash. However, it's documented how to completely override the builder: https://nixos.org/nix/manual/#ssec-derivation
rcshm_ has quit [Ping timeout: 245 seconds]
<immae>
blumenkranz: would adding "ls $out" in your buildPhase (or wherever you like) be what you’d like to achieve? If not, at which time do you want to do error checking?
<Nivpgir>
I was here yesterday, situation is: new nixos install (first time), with networkmanager, butwifi not working, I was advised yesterday to use: hardware.enableAllFirmware = true, did that, still no wifi.
<tokudan[m]>
nivpgir: I'm using a local copy of nixpkgs with these changes reverted :/
<Nivpgir>
theres also a workaround there, but I'm not sure exactly how to use it, can someone here guide me?
ost has quit [Remote host closed the connection]
<blumenkranz>
immae: simpson: gchristensen: The idea is that I am trying to import a user-listed parameter into a package. This is to import some specific config files into the package's /etc/. Depending on what the user inputted, I have to be able to check whether some specific files exist, in order to modify the build.
<blumenkranz>
Basically, I am trying to add a custom profiles option to the Firejail module, but I tried doing all the checks in Nix, which doesn't have access to the original directories in build time.
<immae>
blumenkranz: if I understand correctly, you build a derivation, where some of the input is "user-given" and you don’t control it, and you want to check that the user didn’t try to do something bad?
<Nivpgir>
tokudan[m]: how do I use a local copy of nixpkgs, and where do I get it from? and how do I get the firmware from it?
<blumenkranz>
immae: Well, I can't check whether they did something bad, but I would like to check whether they did something wrong, like listing a non-directory as input. However, I want to be able to match a series of user-inputted commands to their hypothetical profile files.
<blumenkranz>
Which may or may not exist. I guess I could do this in bash, but I dunno.
<blumenkranz>
Should I just do it in bash?
<tokudan[m]>
nivpgir:
<Nivpgir>
sorry for asking like this, my plan was to start using nixos, and get fimiliar with the environment with time, but I can't really do that with no wifi...
<simpson>
blumenkranz: You can use any language you like in your builders. What did you want to use?
<elvishjerricco>
Didn't verify that addresses and domain were necessary, just did it to match the default debian config
<tokudan[m]>
nivpgir: then, when you rebuild your system (replace /your/path/to/nixpkgs/here with the correct path): NIX_PATH=/root/.nix-defexpr/channels:nixpkgs=/your/path/to/nixpkgs/here:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels nixos-rebuild boot
<blumenkranz>
simpson: Or rather, Nix inside a bash script, but I can't seem to access the $out and $src variables from within the ${} blocks
<immae>
blumenkranz: bad or wrong is not so different :) . Then, if you want to check "$out" after the build, it’s simply the /nix/store/hash-your-name path, you can check whatever you like in it, it’s the exact "$out" content.
<simpson>
blumenkranz: ${} antiquotes are in Nix, not bash.
<immae>
and $src is not very different from the src= of the derivation (there is an unpacking step, but that’s all)
<immae>
(blumenkranz: I’m sorry it’s still unclear to me what you’re trying to do exactly, if you have an example it would help)
<{^_^}>
[nixpkgs] @knedlsepp opened pull request #56018 → cudatoolkit: Fixup cuda-gdb ncurses version → https://git.io/fhdYh
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<blumenkranz>
immae: It's okay, I am finding it kinda difficult to explain haha
<blumenkranz>
immae: Then I set the firejail-wrapped-packages derivation's src to the customProfile parameter, and now I am in the process of modifying the buildCommand parameter.
<Nivpgir>
tokudan[m]: thats how I should set the variable before running `nixos-install --root /path/to/nixos/part/root` from my working linux, right?
<immae>
ok!
<immae>
(let me process that :p )
<tokudan[m]>
nivpgir: hmm... not sure if it works in the installer
<tokudan[m]>
nivpgir: it's probably worth a try though
johanot has quit [Quit: WeeChat 2.2]
<blumenkranz>
immae: The idea is that the user can set customProfile to a path of their liking, which will then be copied into the firejail-wrapped-packages' /etc. After that, the buildCommand will generate every wrapper's bash script, but there is a catch: all imported profile files that can match the given command name in wrappedBins will be passed to the script as firejail's --profile option.
<gchristensen>
hmm it seems to me that nobody actually uses the autorandr with predefined layouts
<immae>
ok
<immae>
So first, this alone will not put anything in /etc
<{^_^}>
[nixpkgs] @illegalprime opened pull request #56019 → perlPackages.TermReadKey: add workarounds for cross compilation → https://git.io/fhdOq
<Nivpgir>
tokudan[m]: I don't see any other options since I can't rebuild nixos form within nixos cause theres no wifi.
<blumenkranz>
immae: So basically, I have to check whether command.profile has been imported, and then generate the script accordingly.
<tokudan[m]>
nivpgir: no way to connect a cable?
<blumenkranz>
immae: I can copy and paste the horrible, horrible source of the WIP, if you wish
shibboleth has quit [Ping timeout: 256 seconds]
<immae>
It may put things in /nix/store/hash-path/etc, which you’ll have to move to /etc in another way after the build (for instance with activationScripts)
<tokudan[m]>
nivpgir: and no way to boot an older generation?
<Nivpgir>
I don't have a generation where it works, this is the first time I'm installing nixos, and that's how it booted
<immae>
blumenkranz: now that you have your src, you can add for instance a "mkdir $out/etc" and "cp $src" $out/etc/some-name.conf", this will put your custom file in the derivation
<reallymemorable>
disasm: awesome thank you
<{^_^}>
[nixpkgs] @oxij opened pull request #56020 → nixos: doc: include all modules in manual generation → https://git.io/fhdO3
<blumenkranz>
immae: Yes, I think that part is working.
<immae>
then, I guess you want to run something like `/run/wrappers/bin/firejail --config some-name.conf` ?
requisitebits has joined #nixos
<blumenkranz>
Exactly.
<tokudan[m]>
nivpgir: that sucks. sorry, don't have an idea on how to solve that. I'd suggest to make a notice in the issue and/or PR
<blumenkranz>
But I want to check whether some-name.conf exists first
<disasm>
reallymemorable: yeah, declarable configuration is what makes nix so powerful. If you need something that's not in nix, you don't want to try to install it the way their site says to, you want to build a derivation that does it the right way using nix.
<immae>
Sure
<immae>
So adding the config is alright, now you need to check it before validating
lopsided98 has quit [Remote host closed the connection]
_kwstas has quit [Quit: _kwstas]
<immae>
How do you "check" the file?
<disasm>
reallymemorable: I frequently git grep nixpkgs clone if I want to see if something is already supported in nixos :) You can also man configuration.nix and get all the options it supports (it's long)
<immae>
Do you have something like `/run/wrappers/bin/firejail --is-conf-valid some-name.conf` ?
<blumenkranz>
immae: I'm using pathExists right now.
<blumenkranz>
Yes, --is-conf-valid is a Nix function, though. Within ${}
lopsided98 has joined #nixos
<immae>
sorry, I wasn’t clear. How do you decide that your user configuration is valid or not?
<Nivpgir>
tokudan[m]: wait, actually, if I reinstall everything to use version 18.03, will it work?
<tokudan[m]>
nivpgir: that should work
<Nivpgir>
tokudan[m]: and then I can upgrade from there, if I want to
<tokudan[m]>
nivpgir: then you could update using a modified version of nixpkgs
<blumenkranz>
If it exists within $out/etc, and matches the given ${command} name as command.profile, then I generate the --profile=command.profile bit, otherwise, it is just "firejail ${binary}"
<Nivpgir>
yep
<tokudan[m]>
nivpgir: do you know git well enough to track a branch or rebase?
<blumenkranz>
The line is more or less "firejail ${--profile-if-config-file-exists} ${binary}"
<blumenkranz>
immae: Problem is, I can't refer to out from within that ${--profile-if-config-file-exists} function. Everything else seems to be working.
__monty__ has quit [Quit: leaving]
sondr3 has quit [Quit: WeeChat 2.2]
<immae>
Hmm you mean you want something like ${if isNull $src then "" else "--profile $out/etc/your-name.con"} ?
<immae>
sorry
<immae>
${if isNull src then "" else "--profile $out/etc/your-name.con"} ?
<Nivpgir>
tokudan[m]: I know enough to rebase, yeah, track a branch...? you mean... find it and checkout?
<blumenkranz>
immae: Yes, more or less.
<immae>
But then you won’t check the file content here
<{^_^}>
[nixpkgs] @illegalprime opened pull request #56021 → cmake: add ability to cross-compile cmake → https://git.io/fhdOl
<LnL>
nivpgir: FYI it's pretty easy to build a custom iso with extra stuff like the wifi drivers you need
<blumenkranz>
Nah, I would go insane if I had to write a firejail config file parser in Nix hahaha.
<tokudan[m]>
nivpgir: that basically takes an old version of the firmware package and takes only the qca9377 firmware, it's probably preferable instead of keeping your own version of nixpkgs
<immae>
ok
<LnL>
nivpgir: if you already have nix (just the package manager) installed somewhere else
<tokudan[m]>
nivpgir: you should try to go with that instead of a local nixpkgs clone
<tokudan[m]>
nivpgir: if you already have wifi in the installer, you can ignore building your own installer
<immae>
if the path was provided, then you create etc and put the path there, and use --config. Otherwise, nothing changes from the "standard" one
<LnL>
nivpgir: sure, it uses the same config format so you can reuse that for the final system if necessary
<Nivpgir>
I don't know if I will have wifi in the installer, I installed nixos from a working arch linux, not from a bootable image.
<immae>
note that since $out is "specific" to your derivation, you don’t need to call your profile your-name.profile, you can just name it with a non-varying value like "profile.profile"
<immae>
(unless the name of the file is important to failjail)
<immae>
s/failjail/firejail/
<blumenkranz>
immae: Yes, that's more or less the thing, except every program in the wrappedBins set should have its own specific config file
<immae>
it will
<blumenkranz>
immae: Nah, it's failjail haha.
<immae>
each derivation will have his own $out folder
<immae>
they won’t be mixed
<immae>
so each $out will have his $out/bin/failjail and $out/etc/profile.profile specific to the user
DrLambda has joined #nixos
<immae>
but then you’ll have to duplicate the service for each user
rcshm has quit [Remote host closed the connection]
<blumenkranz>
immae: I'm not sure whether this makes sense to be user-specific. I think it should be system wide, security wise.
<blumenkranz>
But jumping over firejail's wrapping is trivial, so I guess it doesn't matter
<immae>
it’s possible, I’m not saying what you should do, only what the current process will lead to :)
<Nivpgir>
LnL: tokudan[m]: seriously though, why not use this? why is it not good as a patch? it looks like it's just something I should include somewhere and then do a nixos-install, no?
<immae>
blumenkranz: how will you pass the user values to the derivation? Will you merge them in a unique array of paths?
<LnL>
nivpgir: yeah that looks fine, assuming it fixes your problem
<tokudan[m]>
nivpgir: as I mentioned before, that's probably preferable to keeping your own copy of nixpkgs
<LnL>
not sure what that has to do with anything tho
<immae>
if you have user A that wants git as wrapped binary, and user B that wants neomutt as a wrapped binary, how will you "call" your failjail configuration?
<tokudan[m]>
LnL: it fixes firmware that got broken a couple of weeks ago in stable
<tokudan[m]>
LnL: my PR that reverts that breakage hasn't been merged yet
alex`` has quit [Ping timeout: 255 seconds]
<blumenkranz>
immae: I guess it depends on whether the current implementation can set different wrapped binaries on a per-user basis
<LnL>
ah ok, so an older channel/iso works?
<immae>
the current one cannot, but since you’re modifying it anything can happen
<Nivpgir>
tokudan[m]: oh, I thought you were referring to the cd image solution, good then, I'll try that first.
<blumenkranz>
immae: My fork isn't all that different, so I guess it can only be set on a system wide basis
<tokudan[m]>
LnL: nivpgir doesn't know, because there's no older version to go back to on his(?) system
alex`` has joined #nixos
<tokudan[m]>
LnL: it's a fresh install
<immae>
but then currently you can only pass one single path, and it will apply to all binaries that you wrap
<LnL>
nivpgir: if you add the firmware entry to the generated hardware-configuration.nix before the install your final system will also include it
<blumenkranz>
Ah, no, it applies a different config on a per-command basis. The "mapAttrsToList () cfg.wrappedBinaries" expression iterates the command.profile on each key-value pair.
<blumenkranz>
More specifically, it takes the key in order to form $out/etc/key.profile
<immae>
ok, so you modified that part too
<immae>
but it seems to me that you still lack information to correctly build the scenario I pointed above, and you’ll end up with collisions in names
<blumenkranz>
Yeah. To be honest, this is my first NixOS fork, and I am just doing it because I am fairly sure nobody else would want to do it, and since the last firejail update, it is a must.
<immae>
you’ll have one "git" wrapped for A, and one "git" wrapped for B, and one "neomutt" wrapped for A, and one "neomutt" wrapped for B, which will collide, unless you prefix the wrapped names
<blumenkranz>
immae: Well, to be fair, the original module does that as well.
<immae>
It may be easier for to modify wrappedBinaries and adjust accordingly its handling in buildCommand
<immae>
like passing something like { A = { binaries = [git], profile = ./some/path }, B = { binaries = [neomutt], profile = null }
ajs124 has quit [Quit: Gateway shutdown]
<blumenkranz>
immae: Modifying wrappedBinaries so they can handle { command = { path: "whatever", profile = "whatever" } } would actually solve a lot, but it would break the API
ajs124 has joined #nixos
pie__ has quit [Ping timeout: 250 seconds]
<immae>
is it a problem?
<immae>
if it is, just pass a altWrappedBinaries and ignore the wrappedBinaries when the first one is not empty
<blumenkranz>
Well, I would like to upload it to the nixpkgs git if all goes well. I am not sure they would enjoy having that broken.
<immae>
ha
ng0 has quit [Quit: Alexa, when is the end of world?]
<blumenkranz>
Then again, I think I may be one of the two users using NixOS and firejail, lmao.
<immae>
well, if you want to keep a coherent api you may have to think further I guess
<blumenkranz>
The way I am doing it right now is more or less the way firejail does it. Which isn't actually all that good.
<immae>
but passing a separate array will be problematic since you cannot know if user A wanted program foo or bar
_lawlesseel has joined #nixos
<blumenkranz>
I'm getting cp errors right now. Can it be the src parameter isn't able to access /etc/nixos?
<immae>
It’s not
<immae>
It’s sandboxed, it only has access to its build inputs
zupo has joined #nixos
<immae>
and /etc/nixos is not one that you can add
<blumenkranz>
Can I input any system path, or only nix store paths?
lawlesseel has quit [Ping timeout: 256 seconds]
<immae>
you can input any path, but it will be the local path (where you build), not the pathwhere you deploy
jabranham has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
<immae>
when you build, nix will create a sandboxed environment with all the inputs you give, then will run the build commands, and take the output as a new path to add to its store, that’s all
<tokudan[m]>
nivpgir: there's no need for the "let" block at the beginning if you don't intend to use the variable just once
<immae>
(I have to leave for tonight blumenkranz I hope you’ll find a satisfying solution to your issue)
<blumenkranz>
I will try to find a solution
reallymemorable has quit [Quit: Lost terminal]
<blumenkranz>
immae: Thanks for all the help
<bsima>
where does nix put /var/lib/dict? I need to generate a list of words
<spacekitteh[m]>
how can i see what Hydra has left to evaluate to update nixpkgs-unstable? i know of https://howoldis.herokuapp.com/, but i can't figure out what is actually holding up the update
<clever>
spacekitteh[m]: check the tested job it links to
<clever>
spacekitteh[m]: those jobs must pass, and every single thing in the eval must finish (pass or fail)
<LnL>
the darwin builds are a bit clogged at the moment
<spacekitteh[m]>
ah, hmm
<bsima>
oh nevermind, `dict -m` can generate lists of words, cool
<spacekitteh[m]>
oof what happened with darwin
<ottidmes>
LnL: BTW I implemented the TLS verifcation for the prefetcher, only fetchmtn (monotone) is unclear to me whether I need to do something to make it secure with regards to TLS verification
dwdr has quit [Remote host closed the connection]
eadwu has quit [Quit: WeeChat 2.3]
o1lo01ol1o has quit [Remote host closed the connection]
Nivpgir has quit [Ping timeout: 256 seconds]
Ralith_ has joined #nixos
fresheyeball has joined #nixos
<fresheyeball>
hey out there
<fresheyeball>
I am looking to convert a set to a string
<fresheyeball>
via something like haskells mapWithKey
<fresheyeball>
er
<fresheyeball>
foldlWithKey I mean
<fresheyeball>
I can't find such a function that gives me set labels as a string
ost has quit [Remote host closed the connection]
ost has joined #nixos
<blumenkranz>
Now I see, I am having trouble with the src parameter. It doesn't know how to fetch a path if it's not an inline literal.
<ottidmes>
fresheyeball: mapAttrsToList?
<blumenkranz>
Basically, src = some.path.var doesn't import the stuff at some.path.var to the Nix store.
ost has quit [Remote host closed the connection]
<blumenkranz>
Does anybody know if there is a fetchurl, but for paths?
ost has joined #nixos
<ottidmes>
fresheyeball: "I can't find such a function that gives me set labels as a string" from that description I would say, attrNames, but I doubt that you meant that
<blumenkranz>
I know the question sounds stupid, but I don't know how to import stuff "dynamically" into the Nix store.
<LnL>
ottidmes: not familiar with it, does it have a reference to cacert?
<fresheyeball>
ottidmes: mapAttrsToList works, I just got to concat
<fresheyeball>
thanks!
<fresheyeball>
ottidmes:++
<fresheyeball>
ottidmes++
<{^_^}>
ottidmes's karma got increased to 14
alex`` has quit [Ping timeout: 245 seconds]
<ottidmes>
LnL: nope, thats the first thing I checked, I also tried to search its manpage, it left it unclear whether it does any checking
<{^_^}>
[nixpkgs] @worldofpeace pushed to staging-next « pantheon.granite: fetch for DateTime GSettings patch »: https://git.io/fhd3i
leothrix has quit [Ping timeout: 255 seconds]
Nivpgir has joined #nixos
<Nivpgir>
tokudan[m]: LnL: OK thanks for the help, something weird happened to my ssd, files got corrupted ( it actually happened before, if you can get my messages from 24 hours ago it's the same thing), still smartctl reports no problems, so maybe it's just an issue of changing the fs from nixos itself and then from outside. anyways, I formatted everything again and reinstalling, I'll report again tomorrow, hopefully with better news
<Nivpgir>
Thanks alot!
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
thomasd has joined #nixos
<thomasd>
hi all, I am building a haskell project w/ nix & cabal
<thomasd>
I want to use ghc-8.4.4 version in my project
<thomasd>
how do I write this in my default.nix file?
<ottidmes>
LnL: it seems to use RSA certificates, so AFAIK that makes TLS verification a non-issue
<thomasd>
my `nix-build` command always seems use ghc-8.6.3 regardless of what I try
<clever>
thomasd: can you pastebin your current default.nix file?
<thomasd>
basically, I want to use the ghc844 haskellPackages but `nix-build` is only using ghc863