<pie_>
err..or toDebug, but whatever, it doesnt matter for the question
<pie_>
hmm maybe .drvPath will work
<wolfman154>
um, I set my home-manager as a sub module to configuration.nix so I can’t use home-manager commands anymore, is there a link to home-manager news?
<pie_>
ok that doesnt work because it needs to get evaluated already to get drvpath
<clever>
pie_: if you run `nix-store -r ${hello.drvPath}` it will build hello
<clever>
(or fetch it from a cache)
<pie_>
right but i want to avoid building it
<clever>
pie_: you could then make an alias of that using shellHook
<clever>
pie_: then why do ou want to run nix-build on it?
<pie_>
ok maybe i misunderstood you
<wolfman154>
18:02 wolfman154: um, I set my home-manager as a sub module to configuration.nix so I can’t use home-manager commands anymore, is there a link to home-manager news?
<pie_>
i want to build it only when i run that nix-build
<pie_>
because i want to fail the build and then do some stuff in the shell
<clever>
pie_: yeah, use an alias in shellHook, to put that command into the bash aliases
<aminechikhaoui>
tomberek cool, as I said I would like if more people agreed with having nixops adding yet another eval, for the executable stuff, I'll play around with it and see if it's feasible, might be harder than expected
vidbina has joined #nixos
<clever>
then you can run it when you choose to
<pie_>
clever, yeah ok i did something like that, i guess im causing the build to trigger accidentally some other way
<aminechikhaoui>
nixops has a bit of a weird evaluations compared to regular nixos modules
<simpson>
wolfman154: What did you try in order to discover packages? I didn't really put any effort in; I went over to a Nix REPL and asked if there were packages with those particular names.
<wolfman154>
simpson: I’m still new to nixos, so there’s a lot that I haven’t explored yet
<{^_^}>
[nixops] @AmineChikhaoui merged pull request #1057 → deployment keys: disable service if no key destinations are in /run/ → https://git.io/fpgBm
<{^_^}>
[nixops] @AmineChikhaoui pushed 2 commits to master: https://git.io/fjOwo
<{^_^}>
[nixops] @AmineChikhaoui pushed 2 commits to master: https://git.io/fjOwM
<Jonathan_>
Is there a help page on setting up Haskell somewhere? I seem to remember someone sharing me one that was in the manual but I cannot find it again.
<clever>
though now that i look at it, i feel the urge to rewrite half of it, lol
<{^_^}>
[nixops] @AmineChikhaoui merged pull request #974 → libvirtd build: drop support for `tmpfs` during image build → https://git.io/f4AsY
<{^_^}>
[nixops] @AmineChikhaoui pushed 2 commits to master: https://git.io/fjOw9
<nh2>
I have the fealing that the `generate-config.pl` script is pretty bugged, it keeps failing with `repeated question` and spews out tons of `Error in reading or end of file.` afterwards when trying to use `boot.kernelPatches.extraConfig`
dycan has joined #nixos
<dycan>
hi
<clever>
nh2: ive noticed purity problems with it before, if any mass-storage is plugged in, it bakes mass-storage support into the initrd
<{^_^}>
#59914 (by nh2, 15 seconds ago, open): generate-config.pl does not work well with boot.kernelPatches.extraConfig
<nh2>
clever: wait with what "it"?
<clever>
oh, i was thinking of nixos-generate-config, not the kernel config
<dycan>
cool. I am in. Hello all! my nixos in virtual box now can't open. It always boot into black screen. Before that I was compiling a lot of packages. Running out of space may be relevant. Now I can boot by installation iso. But I don't know how to look what's wrong. Anyone know where to look at?
<clever>
dycan: have you tried booting an older generation at the grub menu?
<dycan>
clever: yah, I just have two configuraition file and i tried. Still back screen.
<dycan>
black screen.
<clever>
dycan: try finding a copy of gcc-5-base_5.4.0-7.really.6+steamrt1.1+srt2_amd64.deb on another mirror
<ddellacosta>
clever: I think that was for me. Thanks!
<clever>
dycan: and then run (i think) nix-store --add-fixed sha256 ./gcc-5-base_5.4.0-7.really.6+steamrt1.1+srt2_amd64.deb
<clever>
dang, tab-complete keeps messing up! lol
<ddellacosta>
haha
<clever>
dycan: what if you edit the cmdline in grub, and add `single` to the end of it? or `init=/bin/sh` ?
<dycan>
clever: does the place that I choose configuration file is called grub? I have limited knowledge about os..
<{^_^}>
[nixpkgs] @lightbulbjim opened pull request #59915 → crawl: add .desktop file and use high-res app icon → https://git.io/fjOwF
<ddellacosta>
dycan: it's when you first boot and you choose which OS to boot. When I had similar problems that's exactly what I did, then you can look at /var/log/X.0.log. I also recommend toggling on services.xserver.exportConfiguration if you can, it's just nice to have that easily accessible
<ddellacosta>
I think if you hit e it'll let you do what clever is talking about
<dycan>
clever: I add single to the end of it. Black screen. I strart from cmd and systemctl start display-manager, black screen. I set virtualisation.virtualbox.guest.enable = true (try to bring gcc...file in virtual box) and rebuild it. But it seems lost when I reboot.
<dycan>
clever: ooh! I can systemctl start display-manager now! in installation mode.
<clever>
nice!
drakonis_ has quit [Read error: Connection reset by peer]
<clever>
pie_: next, try comparing the src of both, nix-build -A cntr.src on the old, then check your src in /nix/store/syppz54ksr35kjy62362jw5m1mv86cs7-source or /nix/store/0bph7415azz4asa9v4bsyj7jscrb8idb-cntr-1.2.0-vendor ...
<clever>
why does it have 2 srcs?
hellrazo1 has quit [Ping timeout: 268 seconds]
<clever>
pie_: ah, buildRustPackage has to process the src, and create a cargo cache
<clever>
pie_: and overrideAttrs cant update the cargo cache or cargosha256
<clever>
you need either a rust specific override function, or to just modify the file and callPackage your new one
init_6 has joined #nixos
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos
endformationage has quit [Quit: WeeChat 2.4]
init_6 has quit [Read error: Connection reset by peer]
kvda has joined #nixos
drakonis_ has quit [Read error: Connection reset by peer]
drakonis has joined #nixos
fractal has quit [Ping timeout: 246 seconds]
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kisik21 has joined #nixos
ddellacosta has quit [Ping timeout: 255 seconds]
palo1 has joined #nixos
palo has quit [Ping timeout: 245 seconds]
palo1 is now known as palo
drakonis has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos
kleisli has quit [Remote host closed the connection]
everybodyHertz has quit [Ping timeout: 246 seconds]
Akii has joined #nixos
linarcx has joined #nixos
nD5Xjz has quit [Ping timeout: 255 seconds]
nD5Xjz has joined #nixos
<linarcx>
Guys, How to install npm packages in nixos?
<dycan>
clever: I can boot from installer CD. Still black screen in hard drive boot. Nothing readable in var/log/ after mount dev/disk/nixos /mnt. Anyway to boot from disk and enter comand line mode before it went black screen?
jerrytgarcia has joined #nixos
<clever>
dycan: you can use `nixos-enter` to chroot into it, the man page for `journalctl` also says how to open the logs of another fs mounted at not /
<dycan>
clever: thank you for the direction!
m0rphism has joined #nixos
nadley has quit [Ping timeout: 264 seconds]
thePirateKing has quit [Ping timeout: 245 seconds]
slack1256 has quit [Remote host closed the connection]
mounty has joined #nixos
Shouou has joined #nixos
magnetophon has quit [Read error: Connection reset by peer]
magnetophon has joined #nixos
arjen-jonathan has quit [Ping timeout: 244 seconds]
orivej has quit [Ping timeout: 246 seconds]
<{^_^}>
[cabal2nix] @peti pushed to master « hackage2nix: ignore the Haskell package "with" for the time being »: https://git.io/fjO6f
<{^_^}>
[nixpkgs] @peti pushed 0 commits to haskell-updates: https://git.io/fjO6U
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjO6T
<{^_^}>
[nixpkgs] @peti pushed 3 commits to haskell-updates: https://git.io/fjO6k
linarcx has quit [Ping timeout: 244 seconds]
linarcx has joined #nixos
mounty has quit [Ping timeout: 255 seconds]
lielazivee has joined #nixos
page has quit [Quit: leaving]
page has joined #nixos
<{^_^}>
[cabal2nix] @peti pushed to master « hackage2nix: ignore the Haskell package "with" for the time being »: https://git.io/fjO6t
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
orivej has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed 0 commits to haskell-updates: https://git.io/fjO6q
<lielazivee>
I'm trying to create a Systemd service, which runs a webserver in /var/www/, but I'm getting permission errors as everything in /var/ is owned by root. How should I go about solving this?
mounty has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjO6Y
<{^_^}>
[cabal2nix] @peti pushed to master « hackage2nix: ignore the Haskell package "with" for the time being »: https://git.io/fjO6G
<{^_^}>
[nixpkgs] @peti pushed 0 commits to haskell-updates: https://git.io/fjO6Z
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjO6n
<Shouou>
/nix/store/63karsgdg7fm3q0if4zfd7apbd8ac1ci-stdenv-linux/setup: eval: line 101: unexpected EOF while looking for matching `"' -- any obvious reason this error would appear?
orivej has quit [Ping timeout: 246 seconds]
<symphorien>
maybe a phase you define is not valid bash ?
fenedor has quit [Quit: Leaving]
orivej has joined #nixos
<Akii>
hi I need to include some migration files in my haskell package -- anyone has an idea?
<Akii>
I tried setting `data-files` but couldn't find the files
srid has joined #nixos
blackriversoftwa has joined #nixos
orivej has quit [Ping timeout: 250 seconds]
aramiscd has quit [Ping timeout: 240 seconds]
<blackriversoftwa>
infinisil: for the digital ocean image, I added something that would write the user data to /etc/nixos/configuration.nix, like the Amazon image does. The only issue is (there and with the amazon image), if the user wants the digital ocean configuration options, they'd have to know to explicitly include (modulePath + "/virtualisation/digital-ocean-config.nix) in their configuration. So there's a small comment thread in the PR on
<blackriversoftwa>
infinisil: since you are the code owner, I wanted to get your take
ajs124 has quit [Quit: Gateway shutdown]
ajs124 has joined #nixos
<blackriversoftwa>
(going to be afk but will check when I get back)
<dycan>
clever: after finding out no space left on disk and clean up tmp/ , I can enter kde in my nixos again, Thank you!
<pie_>
clever, i crashed part way through your answer
linarcx has joined #nixos
<{^_^}>
[nixpkgs] @NeQuissimus pushed 4 commits to release-19.03: https://git.io/fjOiQ
<pie_>
and by crashed i mean sleep
<{^_^}>
[nixpkgs] @NeQuissimus pushed 3 commits to release-18.09: https://git.io/fjOi7
dycan has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @rycee pushed commit from @aanderse to master « cleanup redundant text in modules utilizing mkEnableOption »: https://git.io/fjOib
<{^_^}>
[nixpkgs] @rycee closed pull request #59911 → cleanup redundant text in modules utilizing mkEnableOption → https://git.io/fjOwt
Ariakenom has quit [Ping timeout: 268 seconds]
kisonecat has joined #nixos
linarcx has quit [Ping timeout: 268 seconds]
<infinisil>
blackriversoftwa: i haven't look much into it but that sounds alright
das_j has joined #nixos
linarcx has joined #nixos
aramiscd has joined #nixos
lukego has joined #nixos
<lukego>
I'm having trouble enabling Xorg on a GTX980 GPU. Is it supposed to be enough to set 'services.xserver.videoDrivers = [ "nvidia" ]"? Or do I need one of the legacy packages and/or additional config?
<lukego>
If I remove that line then Xorg displays on the built-in VGA port but I haven't found a way to output from the Nvidia card.
kvda has joined #nixos
kvda has quit [Client Quit]
drakonis has joined #nixos
lionello has joined #nixos
stepcut has joined #nixos
ng0 has quit [Ping timeout: 256 seconds]
<lionello>
Is there a way to install a package directly from Github, without adding it to a nixpkgs fork first?
orivej has joined #nixos
<pie_>
you can make an stdenv.mkDerivation expression and run it in any of various ways depending on what you want
<pie_>
lionello, ^
<lionello>
Thanks pie_
<pie_>
and do src = fetchFromGitHub ...
<lionello>
I'm looking for an alternative to curl | sh, like nix-env or nix-shell with a URL
drakonis_ has quit [Ping timeout: 257 seconds]
<lionello>
I can do nix-shell -E 'import ...' but can't get it to create the output
<symphorien>
you can point nix-env -i to the url of a tar archive containing a default.nix with the stdenv.mkDerivation file
<pie_>
to actually install something youre going to want nix-build or nix-env i think
<pie_>
symphorien, ah.
<pie_>
lionello, unless you just want a temporary shell
<Batzy>
How do NixOS's software repositories compare to other linux distros?
<Batzy>
Also, do many people use it for desktop usage?
<pie_>
not sure what you really want ot know but you can check repology i guess
<simpson>
Batzy: The main metric that pops for nixpkgs is the sheer number of available packages. What are you thinking of in particular?
<pie_>
its usually overall pretty recent and theres a lot of stuff but we always need more maintainers :p
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
<pie_>
yeah a lot of people use it for desktop usage, ive got no stats though
magnetophon has quit [Remote host closed the connection]
<Batzy>
is that the primary design philosophy?
<Batzy>
or not really
<Batzy>
and does it have bleeding edge software?
mthst has quit [Quit: the bouncer died]
<Batzy>
according to repology it is in 2nd place behind the AUR
<Batzy>
Which surprises me.
mthst has joined #nixos
zupo has joined #nixos
<pie_>
Batzy, try it and be amazed
<pie_>
also uhhh it can be a itme sink sometimes
<lielazivee>
Anyone ever received "npm ERR! cb() never called!" while running 'npm install' in a nix derivation build? I can't figure out what's wrong, 'npm install' works in my host machine and in a nix shell, but within a derivation build, there's always that error
<pie_>
but its pretty great usually
<symphorien>
Batzy: about the design philosophy: on nixos, you nearly can't use any "third party" prebuilt packages, you really need to package everything with nix to use it
<symphorien>
and contributing to nixpkgs is easy, so people contribute a lot of things to nixpkgs
<Batzy>
hm
<Batzy>
I suppose I could give it a try.
<pie_>
\o/ welcome
<Batzy>
I'm currently an archlinux user.
<pie_>
i should write Yet Another Intro To Nix article..
<Batzy>
are you a dev or something
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
<pie_>
no but its a slippery slope
<symphorien>
lielazivee: npm is likely to use the network, and nix-build will block access to the network
<Izorkin>
etu: need change /nix/store/hash-composer-1.8.5 to /nix/store/hash-php-composer-1.8.5, /nix/store/hash-php-phpcs-3.4.2 and etc?
<etu>
Izorkin: Nah, not really
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
das_j has joined #nixos
b has joined #nixos
<kisik21>
Qt on wayland natively - how to achieve on NixOS? `QT_QPA_PLATFORM=wayland telegram-desktop` throws an error that wayland plugin is not available.
stepcut_ has joined #nixos
<Izorkin>
etu: rename pname = "composer"; to pname = "php-composer";
romildo has joined #nixos
stepcut has quit [Ping timeout: 244 seconds]
romildo_ has joined #nixos
romildo_ has quit [Client Quit]
lionello has quit [Quit: leaving]
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
romildo has quit [Ping timeout: 246 seconds]
romildo has joined #nixos
romildo1 has joined #nixos
<clever>
pie_: same :P
romildo2 has joined #nixos
<pie_>
clever, o/
romildo2 has quit [Client Quit]
<pie_>
i guess i managed to compile the socket-proxy branch by just copying the default.nix file and changing the re
<pie_>
rev
<pie_>
now im stuck with some weird error i have no idea how to fix :)
<pie_>
* :(
<{^_^}>
[nixops] @asymmetric opened pull request #1134 → do: use region ams3 in example → https://git.io/fjOXR
<nh2>
clever samueldr: Can I incrementally compile the kernel on NixOS? If I follow the step `https://nixos.wiki/wiki/Linux_Kernel#make_menuconfig` making the config works but `make` fails with `"__LIBELF_INTERNAL__" is not defined`
vid has joined #nixos
<lielazivee>
What is the convention for finding
<lielazivee>
^ Fat fingers, ignore
ris has quit [Ping timeout: 258 seconds]
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
<lielazivee>
How can I get the hash of a derivation in Nix?
<samueldr>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<lielazivee>
Ah, that
<lielazivee>
That explains that I didn't need to manually curl sources and run sha256sum, but I'm wondering for example for a local derivation from ./default.nix. How could I find it's hash from nix repl?
drakonis_ has joined #nixos
freeman42x has joined #nixos
drakonis1 has joined #nixos
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
drakonis has quit [Ping timeout: 255 seconds]
drakonis_ has quit [Ping timeout: 240 seconds]
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
<{^_^}>
[nix] @LnL7 closed pull request #2575 → binary-cache-store: add setting to disable local narinfo caching → https://git.io/fpdsp
<nh2>
lielazivee: usually we talk about hashes of some source code. You'd have to explain a bit more what you mean by "hash of a derivation". Perhaps you mean the "abc123...-mypackage-1.2.3.drv"? That would be `nix-instantiate`
<lielazivee>
nh2: I have a derivation in the REPL and I see it has outPath abcd1234..-mypackage-1.2.3.drv, how would I go about fetching the "abcd1234" hash? Are there some builtin functions?
orivej has joined #nixos
boogiewoogie has quit [Remote host closed the connection]
<ddellacosta>
folks I thought there was a basic utility for installing a "vanilla" tarball with nix, so you don't even have to write a derivation, but I'm spacing out on where I saw that now. Am I imagining this?
<infinisil>
Just use hello.drvPath instead then
acarrico has quit [Ping timeout: 268 seconds]
<pie_>
doh
* pie_
checks his source
<pie_>
also you can use head instead of elemAt
<clever>
nh2: i'm able to build a kernel under nix-shell
<nh2>
lielazivee: well, there you go, what infinisil said :D
mabel has joined #nixos
<pie_>
the problem i ran into yesterday was that i used drvPath in a string but that still ended up building the package
<nh2>
clever: with the approach I linked?
<pie_>
i couldnt figure out how to get drvpath without somehow building it
<nh2>
unpacker appears to have produced no directories
<nh2>
exit
<clever>
nh2: you must run it in a directory that doesnt contain a linux-4.19.36 dir
romildo4 has joined #nixos
<nh2>
clever: ah right, I should just delete the one I had from before
drakonis1 has quit [Ping timeout: 240 seconds]
<clever>
nh2: unpackPhase looks at the difference in `ls` before and after the unpack
romildo has joined #nixos
<infinisil>
clever: Why couldn't it just use a tmpdir
romildo1 has joined #nixos
<infinisil>
That should work and at least solve this problem
<clever>
infinisil: unpackPhase expects nix to have already dropped things into the temp dir /build/
<clever>
that expectation breaks when using nix-shell
romildo3 has quit [Ping timeout: 255 seconds]
<infinisil>
Ah right
<infinisil>
This should be redesigned tbh
<pie_>
make a note
<infinisil>
Probably should yeah, it's in my head for now
random_yanek has joined #nixos
random_yanek has quit [Max SendQ exceeded]
romildo4 has quit [Ping timeout: 245 seconds]
romildo2 has joined #nixos
<pie_>
0xabad1d3a for me to do that
romildo has quit [Ping timeout: 246 seconds]
romildo3 has joined #nixos
<nh2>
clever: it aperas that it's the `nix-shell -E 'with import <nixpkgs> {}; linux.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})'` from the NixOS wiki that makes the build break. If I use `nix-shell '<nixpkgs>' -A linux` instead, then it works
alexherbo2043 has joined #nixos
romildo4 has joined #nixos
romildo4 has left #nixos [#nixos]
<clever>
nh2: the override is only needed to make menuconfig work
romildo1 has quit [Ping timeout: 246 seconds]
<nh2>
clever: right but should it make the normal build *not* work?
<clever>
i would expect a normal build to still work
<nh2>
clever: removing the override, switching to `nix-shell -E 'with import <nixpkgs> {}; linux'`, makes it work
<kisik21>
Any people who tried to create their own home-manager modules? I'm trying to create one for sway. I imported it, trying to use it in the same file (let's call it xsession.nix - it's imported from my home.nix) and it fails, like it isn't there.
blackriversoftwa has quit [Ping timeout: 256 seconds]
<worldofpeace_>
romildo: For that, approach two is really worth the effort if you see packages with plugins for them existing
f0i has joined #nixos
<worldofpeace>
romildo: hey, tried PM'ing you (matrix messed that up). Today turned out real weird, so maybe tomorrow evening would work out? (your time)
<worldofpeace_>
romildo: So I'd say for deepin-wm and deepin-mutter that you could do the first approach just fine
ris has joined #nixos
<worldofpeace_>
Lol, love how matrix now decided to send that message
<ddellacosta>
how do I debug the issue where nix-build seems to be calculating a different sha256 hash than nix-prefetch-url --unpack for a URL?
<worldofpeace_>
romildo: For dde-polkit-agent I haven't a clue what would be going on there so I'd have to read the source to give a good opinion (my C skills aren't great)
<romildo>
worldofpeace_: should I make a new PR from my fix.deepin branch for you to review?
<romildo>
worldofpeace_: I am afraid tomorrow evening I will be doing other things.
<worldofpeace_>
romildo: hmm, probably. It would also be a good idea to split out the patching to deepin-wm etc. so we can get the service modules in (I think)
<worldofpeace_>
romildo: Then opening a pr would be a good idea since I'll be doing reviews at that time
leotaku has quit [Ping timeout: 268 seconds]
ddellacosta has joined #nixos
genesis has quit [Ping timeout: 258 seconds]
<romildo>
worldofpeace_: I will do that then.
<siers>
If I use nix.nixPath = "nixpkgs=${fetchTarball "http string for 19.03"}"; will it download it every time?
<infinisil>
siers: It gets cached for 1 hour by default
<siers>
hm
<siers>
so I'd be screwed if I tried to update without internet?
<infinisil>
You can supply a sha256 to have it be a constant version, so it doesn't need to download every time
jmgai_ has quit [Ping timeout: 255 seconds]
<infinisil>
But you can't *update* anything anyways without internet, where would you get the update from if not the internet
_ris has joined #nixos
ris has quit [Read error: Connection reset by peer]
<siers>
rebuild, I mean
<Ralith>
yeah, changing your config without internet would be hazardous
jmgai has joined #nixos
<worldofpeace_>
romildo: great, got to go
<siers>
Ralith, I mean, it just wouldn't build
<Ralith>
siers: rather, structuring your config that way would be hazardous, because it would put you at risk of being unable to change your config without internet
<Ralith>
even for the most trivial things
worldofpeace_ has quit [Quit: worldofpeace_]
<siers>
Ralith, without the hashing, yes, it would be quite annoying
knupfer has joined #nixos
<siers>
hazard implies possible harm, but nothing would break
pie_ has quit [Remote host closed the connection]
<Ralith>
I've been in situations where not being able to change my config is harmful 🤷
pie_ has joined #nixos
<siers>
fair enough
drakonis has quit [Ping timeout: 246 seconds]
<Ralith>
relatedly, I need to find a new direnv nix impl that has working caching and persistence; the good one broke and got replaced with a bad one :/
<siers>
the "use nix" in .envrc?
<Ralith>
yeah
<Ralith>
the default one doesn't cache evaluation results so it's suuuuper obnoxiously slow, and also doesn't add a gc root so it's easy to lose by accident
<siers>
yeah, that's how it works :D
<siers>
was there ever a better versoin?
pie_ has quit [Ping timeout: 252 seconds]
<siers>
the current one is in place for at least a year already
drakonis has joined #nixos
<Ralith>
https://github.com/direnv/direnv/wiki/Nix has a number of alternatives; the "Speeding things up" one works pretty well (though it doesn't catch changes to imported nix files), but the "Persistent cached shell" one (which used to be good) now makes a bunch of idiosyncratic assumptions about your project structure
<Ralith>
lorri requires you to manually launch a daemon in a separate terminal for every project, which is wildly divergent from my accustomed workflow
<siers>
"divergent" interesting choice of words
<gchristensen>
we're working on alternatives fwiw
<gchristensen>
consider that separate manual step to be temporary
<ddellacosta>
why would fetchurl in a derivation be calculating a different sha256 hash than nix-prefetch-url? I must be confused about something because I've now tried two different github tarballs and nix-build is complaining about mismatching hashes for both
<jomik>
Heey guys. Can someone pass give me a checklist on what I need to get a proper lockscreen going? I want to try light-locker... There is no NixOS or home-manager module for it though... - I currently use i3lock with a the home-manager screen-locker module, but sometimes it doesn't actually lock the screen if it goes idle. And well, sometimes it never actually idles.
orivej has joined #nixos
knupfer has quit [Ping timeout: 255 seconds]
freeman42x has quit [Ping timeout: 259 seconds]
day|flip has joined #nixos
shibboleth has joined #nixos
<rycee>
jomik: I use xscreensaver and it works pretty well.
<rycee>
Although I've noticed that dunst notifications sometimes show up 😕
<jomik>
Ah, that's not too good imo :P
<jomik>
Oh, since you are here! rycee , mind explaining your gitlab bot setup? I have some things I'd like to auto update as well, similar to your firefox addons.
<jomik>
But it looks like you log in to a`nur-updates` account with rybot's token? O.o Do you have 3 accounts?
mabel has quit [Ping timeout: 250 seconds]
<rycee>
jomik: Hmm, not much to explain. I just created a gitlab account and allowed it access to the nur-expressions repository, then I created an access token called "nur-updates" for the bot account, which I use in the CI-file. That's the "account" you see.
<jomik>
Ooooh. That's what confused me I guess xD Because when I read, the foo in `foo:token`, does not matter. You could write whatever there?
<jomik>
Thanks.
<jomik>
I was just confused - and damn having to use a unique email for a bot... Tho I get why :P
<xantoz>
I use physlock, can recommend that as one of few lockers that block VT switching
mabel has joined #nixos
gagbo has joined #nixos
<jomik>
Well, I don't have my harddrive encrypted anyway, so not really like I can actually prevent access to my files. I liked that light-locker takes the look of my DM :)
Notkea has quit [Read error: Connection reset by peer]
<jomik>
I did actually just open up physlock to check tho
Notkea has joined #nixos
zupo has joined #nixos
<xantoz>
it switches away from X to another VT, so no risk of leaking anything such as notifications either
<jomik>
light-locker switches to a VT8 too
lielazivee has quit [Ping timeout: 255 seconds]
shibboleth has quit [Ping timeout: 256 seconds]
<rycee>
jomik: Yeah, when you create an access token you can choose the name of the token and that will act as the username in the repository URL.
<jomik>
Ahh. I see.
<jomik>
Thanks :)
<jomik>
I stole most of your setup for my nur-expressions :D
<jomik>
I still need to make those tests for fish, lol. I am just putting it off, cuz it does work XD
<sheeldotme>
wolfman154 depending on your current workflow I don't see why not. You can install your python packages through nix.
wolfman154 has joined #nixos
mexisme has quit [Ping timeout: 246 seconds]
<sheeldotme>
wolfman154 depending on your current workflow I don't see why not. You can install your python packages through nix.
blackriversoftwa has joined #nixos
<wolfman154>
sheeldotme: I would like to use nix as a universal package manager for everything, so far I really enjoy using nix, (I hear guile from guixsd is really good too)
stepcut_ has quit [Remote host closed the connection]
<sheeldotme>
I don't have much experience with nix as I'm relatively new, but I feel exactly as you do.
stepcut has joined #nixos
<wolfman154>
sheeldotme: I’ve been using nixos for a month, and I’m finally starting to get a little comfortable with it
<sheeldotme>
If you don't mind me asking, what were you using beforehand?
<wolfman154>
sheeldotme: well, I used Ubuntu and Debian for three years, looking back using aptitude was a nightmare (dependency hell,crashing, etc!!!)
<sheeldotme>
Oh, I feel your pain. I've been there too. The new story around snaps / flatpak e.t.c. seems to be movement in the right direction, but the nix story is far superior especially when it comes to dev experience imo.
wolfman154 has joined #nixos
<sheeldotme>
[13:27:54] <sheeldotme>Oh, I feel your pain. I've been there too. The new story around snaps / flatpak e.t.c. seems to be movement in the right direction, but the nix story is far superior especially when it comes to dev experience imo.
<wolfman154>
sheeldotme: agreed
<sheeldotme>
Hi all, I'd like to implement incremental builds for my application that are triggered on source file changes, is nix-shell a good usecase here? I'm not sure how one would implement this via the nix-build flow with stdenv as one of the phases would have to be in an endless loop essentially. This doesn't seem ideal.
<sheeldotme>
I'd appreciate any thoughts / suggestions. Thanks!
wolfman154 has quit [Client Quit]
<MichaelRaskin>
I would try to use something like inotifywait for the infinite-loop part… Otherwise checking source changes can become expensive. (Alternatively, you can ask the VCS for the latest commit, of course)
<MichaelRaskin>
Dunno if using the directory as src, then creating a Nix output for each output file is a good idea in your situation
linarcx has joined #nixos
<MichaelRaskin>
Hm, I guess each source file would need to be a fixed-output derivation in that case.
<sheeldotme>
MichaelRaskin I'm not sure what "fixed-output" refers to, is that something that'll be in the manual?
<MichaelRaskin>
Then surely the patch is not to be included… Maybe ping the darwin-maintainers team in PR in case someone has any ideas (and maybe just a Darwin ofborg build will show there is no actual problem anymore)
<MichaelRaskin>
sheeldotme: I guess nix-shell for environment setup, the build system as-is and inotifywait to toggle the build is indeed a reasonable plan
<sheeldotme>
Right, currently in a sample project I have cmake / nix setup whereby nix tracks / installs the dependencies, then cmake finds them and configures the build. Now to make it feature equivalent to the main branch I'd need to find a method to incrementally build and update the running application.
<sheeldotme>
Ok, that makes sense. Thanks for your help MichaelRaskin, I really appreciate it.
<eri451>
MichaelRaskin: alright then I will do the pull request without the patch
_ris has quit [Ping timeout: 246 seconds]
<eri451>
MichaelRaskin: thx
_ris has joined #nixos
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
ris has joined #nixos
_ris has quit [Ping timeout: 246 seconds]
sheeldotme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<arianvp>
is there a way for a nixos module to have "outputs" ?
<arianvp>
I have a service that has a status page, but I want it to be up to the user how to serve that (either nginx or httpd)
<nand0p>
infinisil: apologies if i marked resolved prematurely. i just now pushed based on your comments, and hopefully the issues are resolved. thanks . https://github.com/NixOS/nixpkgs/pull/55422
carlosdagos has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @matthewbauer pushed 10 commits to master: https://git.io/fjOSt
freeman42y has joined #nixos
<xorAxAx>
hi, i am trying to boot the latest minimal cd image in vbox. it has been stuck at "Running udev" for ~ 1 min.
carlosdagos has joined #nixos
zupo has joined #nixos
f0i has quit [Ping timeout: 255 seconds]
<xorAxAx>
hmm, more like 10 minutes
<xorAxAx>
how long does that step usually take?
<lordcirth>
Is there a (good) way I can install the NixOS installer tools via Nix on my Ubuntu machine, then install NixOS to a chroot? Like debootstrap does for Debian.
<ottidmes>
any reason hnix is marked broken? I am in the process of updating to 19.03 and when I tried dry-build it failed on hnix being broken. I have commented it out for now, but would love to keep it around. Any idea what could be the cause? I had it pinned to ghc 8.4.4 but changing this to haskellPackages (ghc 8.6.3 on 19.03 I believe) still marks it as broken
<infinisil>
ottidmes: Just a guess, but maybe because the build is broken xD
<xorAxAx>
adisbladis, did you mean to hilight lordcirth?
<lysio>
hello, is there a known issue about installing NixOS 19.03 in VirtualBox ? I followed the manual and tried to just configure the needed options, but after the installation, boot hangs at "Found device /dev/vboxguest"
<xorAxAx>
lysio, similar problem here
mabel has quit [Ping timeout: 246 seconds]
<xorAxAx>
i cant get it into a usable state in vbox yet
<ottidmes>
infinisil: I will, once I manage to update the rest of my desktop first
shibboleth has joined #nixos
<lysio>
xorAxAx: great, thank you!
<lysio>
xorAxAx: how did you figure this out?
<lordcirth>
adisbladis, thanks!
<xorAxAx>
lysio, observing th behaviour and trying 1-2 options
zupo has joined #nixos
<ottidmes>
does anyone have a tip on how to rescue images from a SD card? I checked gdisk/fdisk and found that it indeed has a valid DOS paritition table with a FAT32 file system, but it does not mount (error: wrong fs type, bad option, bad superblock ...). I tried testdisk and it detected the FAT32 file system at the right place, so I guess its just some corruption in the file system
<laas>
webgl seems not to function in firefox for me, any ideas on how to fix this?
<adisbladis>
ottidmes: testdisk (photorec)
<laas>
ottidmes: you can probably just do a binary search for images
<laas>
binary as in searching for bits
<adisbladis>
ottidmes: Testdisk provides a binary called `photorec` that should work in your case
<ottidmes>
adisbladis: thanks! I will look into it :)
<colemickens>
I sweat to god, how is DNS still broken on my laptop after suspend, but only for Firefox.
<ottidmes>
laas: thats a worst case solution, but would work probably
<laas>
I think it's a pretty good solution TBH
<laas>
because you can do it in a way that does not exclude any valid images
<laas>
(of course, it might still include non-image data)
<ottidmes>
solution wise, yes, but effort wise, there are probably tools out there that do just what you suggest, which I think photorec probably is an example of this (looking into it now)
<ottidmes>
laas: after reading about it, it does what you suggested
drakonis has quit [Ping timeout: 268 seconds]
drakonis1 has quit [Ping timeout: 255 seconds]
<ottidmes>
adisbladis: thanks for the suggestion, its working!
_kwstas has quit [Quit: _kwstas]
<adisbladis>
Great :) Happy to hear it
work_ has joined #nixos
cnidario has quit [Read error: Connection reset by peer]
sindrip has joined #nixos
AleXoundOS_ has quit [Quit: Leaving]
lielazivee has quit [Ping timeout: 268 seconds]
<{^_^}>
[nixpkgs] @tex opened pull request #59937 → Fix configure error - incorrectly detected fontforge version → https://git.io/fjOSo
<sindrip>
If I run 'nix-shell -p lxappearance' and open the program I see the names of the icons packages but not the icons. If however I run 'code .' from that nix-shell and run lxappearance from the integrated terminal in vscode I can see the icons
<sindrip>
Any ideas what could cause this behaviour?
<xorAxAx>
are nixos packages digitally signed?
<ottidmes>
sindrip: try diffing the output of env, its probably caused by some difference in environment variables between nix-shell's shell and code's shell
<adisbladis>
xorAxAx: Binaries are
<pie_>
adisbladis, oh, they are? i always thought its just the hash
<pie_>
cool
<xorAxAx>
adisbladis, using gpg?
<simpson>
xorAxAx: What's your threat model? You can rebuild every package yourself, I think.
<gchristensen>
xorAxAx: using a different signing mechanism
<xorAxAx>
hmm, i had to reboot my nixos 19.03 to run the mate desktop after enabling it in configuration.nix and doing a switch
<xorAxAx>
thats weird
<xorAxAx>
no error message in Xorg.0.log or xsession-errors
<xorAxAx>
gchristensen, which one?
<gchristensen>
Nix's binary cache files are signed with ED25519
<LnL>
signing is between those expressions and the corresponding binary archives
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
fendor has quit [Quit: Leaving]
<gchristensen>
it'd be good to write up a whole "Security module of nix + nixpkgs" thing
<gchristensen>
model*
ivan has quit [Quit: lp0 on fire]
dustinm- has quit [Quit: Leaving]
<LnL>
yeah, there's no signing for expressions
<xorAxAx>
neither for the files the expressions are crafted from?
<xorAxAx>
(or hashes for this matter)
dustinm has joined #nixos
<LnL>
external sources are hashed (which is verified at build time) but we don't do any signature checking for those if that's available AFAIK
<gchristensen>
right, I doubt the source of hello was verified against a GPG key at update time, however we do carefully watch that sources do match the hash
<LnL>
and expressions are in git, but eg. the channel distribution mechanism odesn't have any signing
<gchristensen>
in other words, we often follow the "tofu" model for hashes
dustinm has quit [Client Quit]
<xorAxAx>
so the trust for the nix file that mentions the hash of the external file is established how?
drakonis1 has joined #nixos
<xorAxAx>
yeah, but what if the channel files are replaced by a man-in-the-middle?
<gchristensen>
if you fetch nixpkgs from nixos.org, it is fetched through https
<LnL>
firstly by the contributor, which is generally tofu but secondly also through the nixpkgs infrastructure
<xorAxAx>
so https is the only safe guard?
<gchristensen>
right
<xorAxAx>
that doesnt sound too robust for real world scenarios
<gchristensen>
it has been robust enough for several security teams, but definitely a point we would like to improve
<xorAxAx>
there have been a lot of cases where companies own/owned wildcard certs or certs of third-party domains
dustinm has joined #nixos
<simpson>
xorAxAx: Then don't pull channel updates; pull git instead, and hand-examine every commit before applying it locally.
<simpson>
Similarly, you don't have to trust the binary cache; you can build everything yourself.
<xorAxAx>
i think the binary cache is more trustworthy than the scenario i was alluding to
sysreq has joined #nixos
<gchristensen>
do you trust github more?
<simpson>
Why is that? It, too, is served over HTTPS.
winem_ has joined #nixos
<xorAxAx>
simpson, because i hope that the hash is checked after downloading the cache file
<gchristensen>
also, sounds like your threat model needs fleshing out, as we've satisfied the generic "protects against MITM" case
<simpson>
The bigger picture is that, whether via channel or git or HTTPS, the goal is to get a Nix expression from the nixpkgs authors to your machine. Once it's there, then your trust is now in the built binaries to behave.
<LnL>
yeah for external sources the hash is verified multiple times in different network environments so I don't think that's a big problem
<simpson>
xorAxAx: Sure. To accept *any* binary cache's packages, your local Nix will need to be configured with each cache's keys, and signatures are checked by default in the typical NixOS installation.
<xorAxAx>
gchristensen, well, if i can present a channel file (or whatever it needs) under an ssl cert that is trusted by the imported certs on a pristine nixos install, i broke it. i am not saying i can, but i surely estimate enough people to be able to
<simpson>
xorAxAx: Uh, third-party channels are a feature, not a bug.
<xorAxAx>
simpson, i am talking about the main channel
<xorAxAx>
the same problem applies to any channel
<infinisil>
Hmm, it shouldn't be too hard to add signature checking to fetchurl. E.g. `fetchurl { url = "..."; sha256 = "..."; pubKey = "..."; }`, and it would gpg verify it after download
<gchristensen>
it is hard, infinisil
<gchristensen>
I thought so too
ivan has joined #nixos
<infinisil>
Where's the hard part?
<xorAxAx>
i am not sure how thats related to my scenario, infinisil
<gchristensen>
give it a go, infinisil :)
<xorAxAx>
is fetchurl used to fetch the channel files?
<gchristensen>
xorAxAx: at any rate, fetch the nix expressions however you choose
<gchristensen>
you don't need to use channels (https)
drakonis has joined #nixos
<xorAxAx>
gchristensen, is the wire format for them always a .nix text file or is there compiled wire formats as well?
<gchristensen>
the expressions?
<clever>
infinisil: my thought, is that if you know the sha256 is over something signed, the signature itself doesnt matter
<xorAxAx>
gchristensen, yes
<gchristensen>
the wire format is you download the repository in some fashion
<LnL>
nix-channel essentially just downloads a tarball with nix files
<xorAxAx>
LnL, without hash or sig verification
<clever>
infinisil: yeah, thats the only time you really need to validate
<xorAxAx>
thats as good as arch linux in the beginning, and worse than any debian for 20+ years ;-)
<infinisil>
gchristensen: No really, where's the hard part? I don't intend to spend an hour implementing this and then come across something stupid to realize it wouldn't work in any case
<xorAxAx>
(sorry if that sounds trolling, but i do think this is a valid attack vector)
<gchristensen>
infinisil: maintaining the "keychain" is tricky
<simpson>
xorAxAx: (It sounds like you don't grok how Nix works. This isn't a bad thing; it's a pretty regular conversation.)
<gchristensen>
xorAxAx: NixOS's model is much more resliant than Debian's, since users never execute anything NixOS maintainers build
<xorAxAx>
gchristensen, thats true, the binary trust model of debian is flawed a bit, with the holy ftpmaster etc.
<infinisil>
gchristensen: Hmm.. I think I know what you mean
<gchristensen>
xorAxAx: no, that is not the flawed part
<gchristensen>
xorAxAx: the flawed part is package maintainters uploading things they built on their computer , and users downloading and installing that file
<xorAxAx>
gchristensen, you mean the hydra part?
<xorAxAx>
gchristensen, i am pretty sure they dont
<gchristensen>
heh
<LnL>
I agree tho, channel trust only uses https
<gchristensen>
you might be surprised!
<clever>
gchristensen: and if random maintainer C has some malware on his box...
<xorAxAx>
they upload source packages
<xorAxAx>
and the ftpmaster makes sure the automatically built packages migrate onto the public space
<gchristensen>
not all of them. this is a pretty recent change
<xorAxAx>
ah
<xorAxAx>
scary
<xorAxAx>
any pointer?
<ivan>
anyone using prometheus2 on nixos? what does scrapeConfigs look like for node_exporter?
<infinisil>
(Btw, we'd have #nixos-security for security related discussions)
<immae>
Hello there! I’ve just thought of a "maybe way" to store passwords in the nix store: say I create a derivation that creates a /nix/store/abcd-foo/ with no rights (chmod a-rwx), and then via an activationScript I copy them securely to a final destination. What can anyone who is able to see /nix/store/abcd-foo/ (but not his content because of the chmod) do out of it?
<xorAxAx>
infinisil, i am not sure how that is related. i meant that nix should check for disk-full scenarios during e.g. a full switch
<xorAxAx>
sorry, before a full switch
stepcut has joined #nixos
<infinisil>
Oh i see
<infinisil>
Don't know of anything like that
<xorAxAx>
for that, fetchurls would also need a size argument i presume
<infinisil>
You can run automatic garbage collection though
<infinisil>
And tell it to free as much as it needs to have a certain amount of free space on the disk
<xorAxAx>
doesnt help if your install request needs more space than you have :-)
stepcut has quit [Remote host closed the connection]
<clever>
xorAxAx: the min-free based GC will pause downloading things and run a GC when space gets low
<simpson>
Then nix-garbage-collect to victory. It's not impossible or impractical, just a minor annoyance.
zupo_ has joined #nixos
<clever>
and it checks for more before after creating each file
<infinisil>
(Well, if you don't have enough space you don't have enough space, can't change that)
<pie_>
dumb idea, reserve partition space
<xorAxAx>
infinisil, no, but it can fail early, in a way that doesnt endanger system operation
<infinisil>
Ah yeah that would be neat
mmlb has joined #nixos
stepcut has quit [Ping timeout: 246 seconds]
<pie_>
nix is supposed to be safe right :P
<xorAxAx>
well, my tar had a ENOSPC problem
<xorAxAx>
that didnt look robust but given that the temporary files are cleaned fast, it only harms at most in a short period of time if some process would attempt a write to the system partition
<pie_>
DigitalKiwi, i dont quite understand what you think, but if a "fixed output derivation"'s hash isnt in the store it gets built
sindrip has quit [Ping timeout: 268 seconds]
<pie_>
if you choose some arbitrary hash its astronomically unlikely to create a collision, so it gets rebuilt
<pie_>
*so its gets built
<mwilsoncoding>
hey all- anyone know what tweaks I would have to make to get lighttpd working with ${pkgs.valgrind.doc}/share/doc/valgrind/html as the docroot?
<pie_>
if you dont change the hash after updating a package it wont get rebuilt because it thinks its still the same package
<pie_>
DigitalKiwi, does that help or did i go in completely the wrong direction there
<DigitalKiwi>
why are they different lengths and different
<pie_>
what do you mean by different
<pie_>
i think the shorter ones use some kind of denser encoding and the long ones are hex encoded
<pie_>
note the differences in the character sets
<mwilsoncoding>
currently getting 403 when I try to serve it
<DigitalKiwi>
that yeah so like is it the same number but what is the encoding how did they get the different one
<pie_>
no idea im just guessing, i also noticed this before but didnt think enough to pay attention to it
<pie_>
"nix-prefetch-url now by default computes the SHA-256 hash of the file instead of the MD5 hash. In calls to fetchurl you should pass the sha256 attribute instead of md5. You can pass either a hexadecimal or a base-32 encoding of the hash."
<DigitalKiwi>
it goes from 64 characters to 52
<DigitalKiwi>
which one is which
sigmundv has quit [Ping timeout: 246 seconds]
<pie_>
the shorter one is going to be the base32 one