<ajs124>
Maybe there's some documentation in commit messages. That's where I found the most useful documentation relating to some specific hydra features.
<pie_>
ajs124, ugh. so it wasnt just a hunch that i added that to my documentation sources list... :P
duckonomy has joined #nixos
<ajs124>
pie_, it's right up there with "just look at the source code" and "track down the author to ~harass~ politely ask them about it"
hio has quit [Quit: Connection closed for inactivity]
<{^_^}>
[nixpkgs] @thoughtpolice pushed 2 commits to master: https://git.io/fj3dE
<gchristensen>
those two don't matter
<gchristensen>
(they are in addition to, not supplementing, the private key)
<infinisil>
A third option generatePrivateKey of type bool sounds good, with an assertion that you can't set this to true and specify a private key too
buffet has quit [Ping timeout: 268 seconds]
<gchristensen>
true
<gchristensen>
I have the codewritten already, it is just a matter of integrating it :)
mexisme has joined #nixos
appleclusters has quit [Quit: Connection closed for inactivity]
tboston_ has joined #nixos
<infinisil>
worldofpeace++ for generally testing/merging PRs :)
<{^_^}>
worldofpeace's karma got increased to 19
<gchristensen>
worldofpeace++
<{^_^}>
worldofpeace's karma got increased to 20
tboston_ has quit [Ping timeout: 250 seconds]
o1lo01ol1o has joined #nixos
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.2)]
<coconnor>
I'll second them getting karma points haha. always nice contributions
<infinisil>
gchristensen: Want some quick feedback here?
<gchristensen>
sure
lovesegfault has joined #nixos
<infinisil>
gchristensen: Can use <command></command> for the `wg genkey` in the option description. By assertions I meant the `assertion` NixOS option, which provides much better error messages than Nix's builtin `assert`. I *think* requiredBy implies wantedBy, but not sure. The directory creation can probably be done using systemd.tmpfiles
<gchristensen>
not sure we want to use tmpfiles to manage long-term identities
<gchristensen>
command is a great tip
<infinisil>
tmpfiles is a bit misleading, it doesn't only manage temporary files
<gchristensen>
I don't feel comfortable using it for this purpose
<infinisil>
It's used for this purpose all throughout NixOS already (creating directories with permissions)
<infinisil>
gchristensen: Yeah that looks better :)
<drakonis>
hmm, could nix take on flatpak with a decent extra repository?
<clever>
,nix-shell yuken
* clever
pokes infinisil
<infinisil>
Aw jeez
<infinisil>
Huh no it should be running
<infinisil>
clever: Pretty sure ,nix-shell isn't defined
<clever>
ah, might have been ,libraries
<clever>
,libraries yuken
<{^_^}>
yuken: Don't install libraries through nix-env or systemPackages, use nix-shell instead. See https://nixos.wiki/wiki/FAQ/Libraries for details.
<yuken>
clever, that's not what I'm talking about. I just can't build some applications (such as Blender) because it can not find certain libs that it depends on.
<gchristensen>
function calls are reduced by ~1 million, 83 mb cut off the heap, 4.5 million fewer lookups
<gchristensen>
samueldr: ^
<clever>
yuken: did you open a nix-shell with the right libraries in its arguments?
<yuken>
Nope.
<clever>
yuken: thats why it cant find them
<infinisil>
Oof, my vim has a closure size of 664MB :/
orivej has quit [Ping timeout: 245 seconds]
<clever>
infinisil: mine depends on clang via youcompleteme
<infinisil>
Yeah same..
<infinisil>
Eh no, gcc
<infinisil>
and go, and rust and ...
<infinisil>
Ah yeah and clang
<infinisil>
Oh and actually `nix-store path-info -S` says it's almost 1.5GB..
<infinisil>
This only says 664MB: du $(nix-store -qR /nix/store/vqbm9m0d094whlxlb1w1fqvp2gmiprz2-vim) -hsc | sort -h
<infinisil>
How do those differ?
<clever>
zfs compression?
<infinisil>
Ohh
<infinisil>
Yeah maybe
<clever>
du has a --aparrent-size
<clever>
which should align to path-info
<infinisil>
1.3GB with that one, close
<infinisil>
Alright but how the hell do I get rid of this crap
<infinisil>
It all comes from ycmd btw
<infinisil>
Let's see if i could override it a bit..
tboston_ has joined #nixos
<infinisil>
Can get rid of go and rust easily at least
<Orbstheorem>
Hello, I'm writing a package that requires binaries from another package on runtime. If I put that dependency in propagatedBuildInputs and I launch said program in nix-shell, it works as expected, but if I then put it in the user packages in my configuration.nix, it does not install said dependency. Why is this? and what is the correct way to declare it so it will be shipped in runtine?
<infinisil>
,runtimeDeps Orbstheorem
<{^_^}>
Orbstheorem: In order of preference: Patch source OR ((if it uses PATH -> wrap with new $PATH) AND (if it uses dlopen, (patchelf --set-rpath in postFixup OR wrap with new LD_LIBRARY_PATH)))
<Orbstheorem>
Meh, I guess I'll do the extra mile and patch the source ^^
<infinisil>
Orbstheorem: If patching the source is too annoying, just using wrapProgram is probably a better idea
<infinisil>
If it looks at PATH
<infinisil>
Sometimes patching the source is just a simple `substituteInPlace .. --replace /usr/bin/foo ${foo}/bin/foo` though
<Orbstheorem>
Found it, it's a single line ^^ (looked from $PATH)
<Orbstheorem>
Oh, btw, how do you usually include “wip” packages in your derivations after you make a PR on nixpkgs, but it's still not merged? and even then, it usually takes a bit before it hits the channels.
Rusty1 has quit [Quit: Konversation terminated!]
<Orbstheorem>
I add a callPackage to a path inside my local copy of nixpkgs in `nixpkgs.config.packageOverrides`, but not sure it's the best idea
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #60143 → [19.03] wpa_supplicant: fix SAE and EAP_PWD vulnerabilities → https://git.io/fj3bs
<infinisil>
Orbstheorem: Overlays should be preferred nowadays, but if a simple callPackage works, then that's a good way
<infinisil>
Sometimes it doesn't work though, because of the dependencies coming from a different nixpkgs version
mckeanalicej has joined #nixos
<infinisil>
Then you need to import the other nixpkgs fully, and use the package from there
<mckeanalicej>
"hardware.pulseaudio.package = pkgs.pulseaudio.override { jackaudioSupport = true; };" this line errors with attribute pulseaudio not found
<infinisil>
Shados: Yeah that's what I've found out too after reading the man pages
<mckeanalicej>
did the name of the pulseaudio package change?
<worldofpeace>
mckeanalicej: pulseaudioFull has jackaudioSupport
<Orbstheorem>
(Yay)
<mckeanalicej>
thanks!
<Orbstheorem>
How should I package applications that (also) provide nautilus extensions?
<worldofpeace>
Orbstheorem: I don't think we do currently #32817
<scott>
i was looking at https://howoldis.herokuapp.com/ and i guess one detail is confused me - it was last updated 2 days ago, but it's at a commit from 7 days ago?
<scott>
so i guess it hasn't caught up to the steam fixes from 5 days ago
o1lo01ol1o has quit [Ping timeout: 276 seconds]
mexisme has quit [Ping timeout: 246 seconds]
<infinisil>
scott: Yeah, this means it took the channel 5 days to do all checks and build everything
Myhlamaeus has quit [Quit: WeeChat 2.2]
<scott>
is that amount of delay normal or atypical these days?
<worldofpeace>
Orbstheorem: Bus activated as in a DBus service? Don't know why you'd need to patch that.
<infinisil>
scott: Pretty normal I'd say
stepcut_ has quit [Remote host closed the connection]
<worldofpeace>
I think the graphical, ova, and plasma5 tests should all be working again (kio-extras fixed)
<scott>
good to know, thanks!
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
tboston_ has joined #nixos
stepcut has joined #nixos
<{^_^}>
[nixpkgs] @thomasjm opened pull request #60145 → Patch Julia to not recompile packages when mtime is 1 → https://git.io/fj3b5
cdepillabout has quit [Quit: Leaving]
palo1 has joined #nixos
<Orbstheorem>
worldofpeace: Because if I put the package providing the service in propagatedBuildInputs, when I add it to my user packages in my configuration.nix, it fails to find the service on runtime
reinhardt has joined #nixos
domogled has joined #nixos
stepcut has quit [Ping timeout: 245 seconds]
tboston_ has quit [Ping timeout: 245 seconds]
palo has quit [Ping timeout: 246 seconds]
palo1 is now known as palo
kleisli has quit [Ping timeout: 258 seconds]
jtojnar has quit [Remote host closed the connection]
<worldofpeace>
Orbstheorem: Packages that provide DBus services in nixos probably need to be put in `services.dbus.packages` https://nixos.org/nixos/options.html#services.dbus.packages
day|flip has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #60146 → packagekit (nixos): make it not error out → https://git.io/fj3NU
<sb0>
is there a nix function that executes a command and captures the output? or do I have to create a derivation and then use builtins.readFile on the output?
<makefu>
> runCommand
<{^_^}>
<LAMBDA>
<makefu>
you have to write the output of your command into $out
endformationage has quit [Ping timeout: 258 seconds]
<sb0>
yeah, but that's creating a derivation ad then using readFile
<sb0>
*and
tboston_ has joined #nixos
<makefu>
yes, there is no other way i am afraid (citation needed)
<drager>
Hi, how can install a specific version of package? I want an old version, since the latest (current) might be buggy
<teto>
drager: you need to find a version of nixpkgs that packages that old version, like a blame on the line with "version" should give u the last update
<drager>
teto: Will that only give me an old version of that package?
<drager>
Or all packages?
infty has quit [Ping timeout: 255 seconds]
infty has joined #nixos
<teto>
drager: depends how you do it but I believe you want only this package and its dependencies so you follow the "pinning" instructions just on top and instead of referring to pkgs.vscode you refer to it via "(import (builtins.fetchTarball { ...}).pkgs.vscode"
<LnL>
yeah you can use multiple nixpkgs versions at the same time, in which case you'd only pick a specific package (and it's runtime dependencies) from the pinned version
<drager>
So, it should look like this? https://gist.github.com/drager/7c9868f865f2250b6c3c9097510c157a and then in my configuration.nix I just include this vscode.nix file? And in systemPackages I refer to (import (builtins.fetchTarball { ...}).pkgs.vscode instead?
<{^_^}>
opengaming/osgameclones#715 (by SimonAlling, 5 days ago, open): Add shell.nix
ferriswheel has quit [Quit: Leaving]
<teto>
drager sthg like that. You can name the nixpkgs to "nixpkgs_old" and then refer to it in systemPackages via "nixpkgs_old.vscode" or sthg along those lines
kreisys has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @dotlambda pushed commit from @r-ryantm to master « jenkins-job-builder: 2.9.1 -> 2.10.0 (#59659) »: https://git.io/fj3pU
jasongrossman has joined #nixos
<meck>
Hi, I'm looking for a list with documenation/typeinfo for basic functions in nix (like map, concat), i've found the lib functions but I cant find any for the builtin functions?
domogled has quit [Read error: Connection reset by peer]
domogled has joined #nixos
rauno has joined #nixos
<mniip>
so I'm trying to run `nix-channel --update` and it tells me: error: while setting up the build environment: getting attributes of path '': No such file or directory error: program '/usr/bin/nix-env' failed with exit code 1
<{^_^}>
[nixpkgs] @veprbl pushed commit from @lopsided98 to staging-18.09 « gettext: fix cross build (#60123) »: https://git.io/fj3px
silver has joined #nixos
<__monty__>
Having some trouble with cabal-plan, trying to install from master: http://ix.io/1H3L
<__monty__>
Jailbreaking doesn't help because this is in a conditional stanza.
<{^_^}>
[nixpkgs] @Lucus16 opened pull request #60152 → Revert "ibus-packages.mozc: pin to protobuf 3.6" → https://git.io/fj3ph
hio has joined #nixos
<hio>
I would like to know if nix is a turing complete language or more like TOML or yaml or json
<Taneb>
hio: it is a turing complete language
<Taneb>
It contains the complete (untyped) lambda calculus
harkenedraven has joined #nixos
<hio>
so is there a debugger? IDE with intellisense?
tboston_ has joined #nixos
<Taneb>
I haven't seen either of those for nix, I'm afraid
<Taneb>
If you're writing enough nix in one go that you need those, you're probably over-using it
<hio>
okay, can you please explain the advantages of the language over javascript/c
<Taneb>
It's designed for configuration of packages. While it's Turing complete, it's really not for general purpose programming, but in its niche, which is specifying packages, it can do things that can't be done with JavaScript or C
<xorAxAx>
mniip, whats in your ~/.nix-channels file?
<hio>
okay, so lets say that I want to use the nix language for all my configuration needs, even replacing XML and JSON and YAML. Would you recommend that?
<Taneb>
Probably not
<hio>
May I ask why?
<hio>
Nix was specifically created for configuration needs, right? It should be a perfect fit
<Taneb>
It's for configuring packages, not general configuration
petrkr has joined #nixos
mankyKitty has quit [Ping timeout: 264 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
vaninwagen has quit [Ping timeout: 252 seconds]
hoek has quit [Ping timeout: 252 seconds]
<tilpner>
hio: You may be interested in Dhall
tboston_ has quit [Ping timeout: 258 seconds]
<fendor_>
hi, i am trying to use nvim on nixos, but for some reason, when i start nvim with any file, it shows errors regarding floobits not being found. this is correct, since it is not installed, by does nvim even look for it? IS there some config file I may have changed and forgotten about?
pasukon has quit [Ping timeout: 252 seconds]
<fendor_>
same happens if I install nvim via nix-shell instead of overlays
eddyb has quit [Ping timeout: 264 seconds]
<Taneb>
fendor_: is there anything in ~/.config/nvim ?
<hio>
I'm not tilpner, I am exploring Nix for this usecase now. Please explain why Nix is not a good fit for listing a bunch of values in a typesafe way
cfricke has joined #nixos
v0d1ch has quit [Ping timeout: 252 seconds]
uranther has quit [Ping timeout: 252 seconds]
<Taneb>
hio: well, nix isn't typesafe
<fendor_>
Taneb, no, that dir does not exist
uranther_ has joined #nixos
<hio>
it's like python?
<Taneb>
Loosely, yes
lovesegfault has quit [Ping timeout: 252 seconds]
vaninwagen has joined #nixos
<Taneb>
It does really sound like Dhall is somethihng you want to look into, though
<hio>
ok still, how would I go about integrating nix into my java/c application so I can read the values from a nix file?
Alling has quit [Ping timeout: 256 seconds]
<Taneb>
Why do you want to do this with nix?
v0d1ch has joined #nixos
<Synthetica>
hio: You could eval it to json, and read that with a library of your choice
hoek has joined #nixos
lovesegfault has joined #nixos
eddyb has joined #nixos
pasukon has joined #nixos
<teto>
fendor_: you can look at :scriptnames to see where it was loaded from
<tilpner>
hio: But it's probably not going to be worth the trouble for a single-file application config file
<teto>
fendor_: you might have last time you ran :UpdateRemotePlugins, you should rerun it when a remote plugin gets updated, nix does it or vim-plug can in my case
<mniip>
xorAxAx, no, in fact I've never used nix before
<xorAxAx>
mniip, good to know
<xorAxAx>
mniip, hmm, then i dont know. you could strace nix
<hio>
I dont see why packages are somehow special in regards to their configuration needs. Explain to me how Nix is especially useful for describing packages?
<xorAxAx>
was it ever working, mniip?
<fendor_>
teto, makes sense! thank you very much! so, i have to remember these very helpful nvim commands :D
<mniip>
no
<mniip>
literally installed it and trying to start doing stuff
<Synthetica>
hio: That's what you want right?
<hio>
58 is not valid json
<teto>
fendor_: normally :checkhealth should warn you about this. If it doens't maybe it can be improved to do it
<teto>
ideally that's the unique command you should remember :D
<Synthetica>
hio: To my knowledge it is
<tilpner>
hio: Derivations are built into the language, and the builtins are influenced by nixpkgs
<__monty__>
mniip: Do you have a single-user or multi-user install?
<tilpner>
hio: 58 seems correct
<mniip>
multi-user I think
<hio>
no it's not correct, all valid json starts with either [] or {}
<__monty__>
mniip: Does sudo nix-channel --update work?
<fendor_>
teto, thank you a lot! now i can finally use it again :)
<__monty__>
hio: Well, json doesn't have function values. So you'll have to serialize them first.
mankyKitty has joined #nixos
<__monty__>
mniip: Are you on linux or mac os? On a mac the installer messed up for me. Some of the more knowledgeable folks here helped me set it straight.
<mniip>
linux
<hio>
I thought that the nix parameter would do it for me, how am I supposed to serialize a nix function?
<tilpner>
You probably don't even want that
zupo has joined #nixos
<hio>
I want to use Nix instead of JSON for configuration, so I think I do
<mniip>
__monty__, xorAxAx, I think it's related to sandboxing? somehow?
<tilpner>
... alright
<xorAxAx>
mniip, did you try stracing it?
* tilpner
does other things
vid has joined #nixos
ThatDocsLady has joined #nixos
<__monty__>
hio: If you're certain you want functions being read from your configurations (getting the semantics identical will be really hard) then you'll have to come up with your very own serialization format for functions.
<hio>
__monty__: I figured it out I think, I just have to pass --strict
<hio>
then it evaluates it
<hio>
looks like Nix has a dictionary syntax that's practically the same as JSON anyway, why didnt you guys tell me that?
<__monty__>
Because minor similarities are irrelevant in the face of major dissimilarities?
ee1943 has quit [Read error: Connection reset by peer]
<hio>
ok but if JSON is a subset of Nix then how can it not be better?
<mniip>
1556100240 [13:04:00] <hio> no it's not correct, all valid json starts with either [] or {}
<mniip>
that's not correct
<hio>
yeah I am surprised mniip
<mniip>
a value is among other possibilities a number
<Synthetica>
hio: More features does not automatically make something better suited for all usecases
ee1943 has joined #nixos
<hio>
so should I stop using yum/dnf/apt and only use Nix from now on?
<mniip>
refer to rfc7159: JSON-text = ws value ws, value = false / null / true / object / array / number / string
<__monty__>
hio: Only if you feel the boons outweight the detractors.
<mniip>
xorAxAx, so what part of strace are we looking at
<__monty__>
hio: Also, you could look into Guix, they use a GP language for their package descriptions.
rtjure has joined #nixos
<hio>
I did __monty__, it's a trainwreck
<xorAxAx>
mniip, the end
<xorAxAx>
before it assembles the error message
<xorAxAx>
dont forget to call strace with -ff
<dminuoso>
12:07:31 hio | I thought that the nix parameter would do it for me, how am I supposed to serialize a nix function?
<dminuoso>
hio: Help me understand why you want to do this.
<hio>
dminuoso: I need a JSON output so I can read it into my application
Xiro` has joined #nixos
<dminuoso>
hio: Your nix expression can output whatever you want it to..
<mniip>
[pid 25531] read(3, "ptxc\0\0\0\0`\0\0\0\0\0\0\0while setting up the build environment: getting attributes of path '': No such file or directory\1\0\0\0\0\0\0\0", 32768) = 120
<dminuoso>
hio: What would "convert nix into json" mean for you?
<xorAxAx>
mniip, then the daemon is generating the error, time to strace the daemon :)
vid has quit [Ping timeout: 276 seconds]
<mniip>
are you serious
<dminuoso>
hio: What exactly are you trying to accomplish?
<hio>
..getting a JSON value as output? what else would it mean?
<xorAxAx>
mniip, yes. strace -p `pidof ...`
<dminuoso>
hio: To what end?
<hio>
I already told you, so I can read in JSON into my application
<dminuoso>
hio: Oh in the sense of /etc/ssh/sshd.nix producing some kind of configuration for your program?
ayerhart_ has joined #nixos
<__monty__>
That doesn't explain why you need to put functions in those configurations.
ayerhart has quit [Ping timeout: 255 seconds]
<dminuoso>
hio: What you see there is not exactly a program configuration. It's a parameterized build specification.
ayerhart_ is now known as ayerhart
<mniip>
[pid 25668] stat("", 0x7f9ce38b7700) = -1 ENOENT (No such file or directory)
<mniip>
[pid 25668] write(2, "\1while setting up the build envi"..., 98) = 98
<hio>
ok I see, so it's more like a Makefile which can be read and then execute all its embedded commands.
<Synthetica>
hio: Yes, sort of
<dminuoso>
hio: But you could use a nix expression for anything really.
<hio>
like what?
<dminuoso>
hio: What you see is a nix-language expression that produces output to be used by the nix package manager.
<dminuoso>
hio: Well anything, nix-lang is turing complete.
<hio>
every nix file is only one expression?
grischeg has quit [Remote host closed the connection]
domogled has quit [Quit: domogled]
<xorAxAx>
mniip, hmm, can you see where the empty string comes from in the strace?
zupo_ has joined #nixos
<dminuoso>
hio: Yes.
<hio>
what if I write a nix expression that deletes /usr, will anybody stop me?
<dminuoso>
hio: For one, the language.
Xiro` has quit [Quit: ERC (IRC client for Emacs 26.1)]
<hio>
you mean the interpretor?
<dminuoso>
hio: No the language itself. It's pure by design.
<hio>
surely I can have strings called "/usr" and a function that deletes files and folders right
ThatDocsLady_ has joined #nixos
<dminuoso>
hio: Its not meant to *do things*. Its meant to calculate things.
<dminuoso>
It's kind of the point really.
ThatDocsLady has quit [Remote host closed the connection]
<hio>
ok but that is semantics, so I write a nix expression that says "rm -rf /usr/*"
<mniip>
xorAxAx, not really no
<dminuoso>
hio: Now you have a string containing "rm -rf /usr/*"
zupo has quit [Ping timeout: 276 seconds]
<dminuoso>
hio: The language will not give you any execCommand utility.
<hio>
right and nix-evaluate executes it faithfully right
<mniip>
would you perhaps like me to attach gdb and catch syscall?
<dminuoso>
hio: Yup, and it produces a string "rm -rf /usr/*" as a result.
Xiroh has joined #nixos
<hio>
that doesnt make any sense, then who is actually writing and deleting files in /nix/store?
<dminuoso>
hio: the nix package manager.
<dminuoso>
hio: which takes a nix expression and expects some set of meta data
<dminuoso>
when it evaluates that expression
<xorAxAx>
mniip, hmm, not sure that helps
<dminuoso>
it then uses the metadata to run the effectful stuff
<hio>
ok so the nix package manager, (nix-env) will somehow evaluate file paths and stop evil commands? how does it do that?
<dminuoso>
hio: It doesnt really do it. The point is rather that evaluating the same nix-expression with the same input is guaranteed to produce the exact same set of meta data.
Xiroh has quit [Remote host closed the connection]
mthst has quit [Quit: the bouncer died]
<dminuoso>
If that meta data contains an evil set of actions to rampage through the filesystem, then nix the package manager wont do to keep you safe, but thats not its purpose
Xiroh has joined #nixos
<hio>
you are calling the nix-evaluate output the metadata?
<hio>
I would just say nix output but maybe that's how it's called
<dminuoso>
hio: usually we call these things derivations
mthst has joined #nixos
<dminuoso>
At least in the context of nixos/nix package manager
<mniip>
indeed I think gdb doesn't wanna follow through setsid
<hio>
seems like derivation is just the filepath to /nix/store/[guid] right
Xiroh has quit [Remote host closed the connection]
<cosmo_>
On the error: "No matching distribution found for jupyterlab-server<0.3.0,>=0.2.0 (from jupyterlab==0.35.4)"
KaitoDaumoto has quit [Remote host closed the connection]
<cosmo_>
To reproduce, simply "nix-env -iA nixos.python37Packages.jupyterlab" or "nix-shell -p nixos.python37Packages.jupyterlab"
Xiroh has quit [Client Quit]
<cosmo_>
Any ideas ?
<hio>
I think Nix must be using some kind of virtual filesystem maybe or cgroups so that nothing will write outside of the /nix/store folder that each derivation is allowed to write into
Xiroh has joined #nixos
Xiroh has quit [Client Quit]
Xiroh has joined #nixos
<hio>
Nix cant possibly know that I put "rm -rf /usr" into my shell script that I am executing during installation
<Taneb>
hio: it's fairly thoroughly sandboxed
<hio>
sandboxed how?
<mniip>
hmm
<LnL>
yeah, builds can only write to tmp and it's output
phreedom_ has quit [Ping timeout: 256 seconds]
Xiroh has quit [Remote host closed the connection]
<mniip>
xorAxAx, the crucial realization was that nix-daemon exists and needs to be reloaded after editing nix.conf
<LnL>
and they run as unprivileged users
<mniip>
after disabling sandboxing in nix.conf it worked
Xiroc has joined #nixos
<xorAxAx>
mniip, ah, yes
<xorAxAx>
nixos would do that automatically for you
<mniip>
well why doesn't it work
Xiroc has quit [Client Quit]
<mniip>
I mean sandboxing
tboston_ has joined #nixos
<mniip>
idk if I have the time to figure that out though
<xorAxAx>
what was the earliest sandbox error you got?
Xiroc has joined #nixos
alexherbo22 has joined #nixos
<xorAxAx>
i had to allow sysctl kernel.unprivileged_userns_clone=1
<dminuoso>
hio: I should mention that there's some small aspects where nix can cause side effects. mkDerivation actually creates a file in you store for example (rather than outputting the metadata directly).
<LnL>
mniip: if you havw a multi user install, what's the output of nix doctor?
<mniip>
Store uri: daemon
kaliumxyz has joined #nixos
<LnL>
yeah you have a daemon then, maybe your distro has another flag that's needed disabled
<mniip>
that tells me nothing
<LnL>
maybe check the nix-daemon log
<hio>
dminuoso: I just tried to evaluate a mkDerivation but it still only gave as output <LAMBDA>
<grischeg>
I locked myself out of my NixOS system, but I have physical access to the machine. How would I reset the password? Boot a live CD and run nixos-install? Or chroot into the /mnt and run nixos-rebuild?
Zer000 has joined #nixos
<{^_^}>
[nixpkgs] @etu opened pull request #60155 → phpPackages: Wrap mkDerivation to prepend package names → https://git.io/fj3jh
zarel has joined #nixos
<infinisil>
grischeg: Both would work, the patter is probably the easiest with nixos-enter though
bigvalen has quit [Ping timeout: 244 seconds]
lovesegfault has quit [Quit: WeeChat 2.4]
bigvalen has joined #nixos
<mniip>
does nix-daemon have verbosity options?
<mniip>
doesn't seem to have any options at all...
dycan has joined #nixos
[Leary] has joined #nixos
<grischeg>
infinisil: nixos-enter sounds even easier, thanks.
drager has joined #nixos
Lears has quit [Read error: No route to host]
<drager>
Hi, I discussed nixpkgs pinning but getting an error: error: Module `/etc/nixos/vscode.nix' has an unsupported attribute `AAAAAASomeThingsFailToEvaluate'. This is caused by assignments to the top-level attributes `config' or `options'.
<Synthetica>
But people here would probably yell at me for not using overrides
tboston_ has quit [Ping timeout: 276 seconds]
<pie___>
is there an easy solution to fetchurl-ing a zip that dumps all its contents in the current directory, as opposed to a subdirectory?
Shouou has joined #nixos
<Alling>
Just got back from lunch; saw parts of an interesting discussion about the Nix language, feat. hio and Taneb etc, that was going on when I closed my laptop lid and got disconnected.
zupo_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<Alling>
Synthetica: Nice, thank's a lot! I think I've had it with the web chat. I guess many of you guys connect in another way; what would you recommend? I have a server with NixOS at home if that matters.
sb0 has quit [Quit: Leaving]
<Synthetica>
drager: You can then add that one package to your systemPackages as `vsCodeRemote.vscode`
<pie___>
i dont suppose there's a pre- pose- fetch phase...
<Synthetica>
(Or however you call the remote)
zupo has joined #nixos
<Synthetica>
Alling: I use irccloud, the free version has some limititations, namely only staying connected for 2 hours after your last client exits and only supporting one server at once, but it's good enough for my use case
fendor_ has quit [Ping timeout: 276 seconds]
zupo has quit [Client Quit]
knupfer has quit [Ping timeout: 264 seconds]
<pie___>
hm im passing fetchurl a "name" argument but it looks like its ignoring it...
Anton-Latukha has quit [Ping timeout: 258 seconds]
<dfordivam>
Hi .. I have a nixos VM with virtualbox.guest = enable, most of the stuff works fine for me, but I cannot connect a USB device. Does anyone has an experience with this? or how to debug?
<pie___>
dfordivam, do you have any errors? dmesg maybe?
<pie___>
dfordivam, is it usb2? do you have the oracle host extensions installed?
<exarkun>
Alling:I use a free-tier GCE instance running znc (all managed with nixops, of course) and connect w/ weechat (I'm thinking about switching znc to weechat and trying out weechat's custom bouncer protocol, instead).
kreisys has joined #nixos
<dfordivam>
pie___: nevermind it worked this time when I plugged the device again
<exarkun>
seems kind of weird that there wouldn't be a weechat plugin that implements the client for that protocol
<exarkun>
otoh if weechat is a gross pile of C maybe you want to write as little code as you can that runs in the same process
<tilpner>
exarkun: It's possible it was implemented since I checked. Just make sure to check if this is possible before you get stuck doing other aspects of that transition
<exarkun>
yes indeed.
<exarkun>
thanks for the warning
<tilpner>
exarkun: Everything I said was only about the "weechat" relay mode, not the IRC mode, which probably just acts like a normal bouncer. Also https://weechat.org/about/interfaces/
<pie___>
yorick, im in a different headspace. not really sure how youd do that.
<pie___>
yorick, maybe add something to bashrc?
<tilpner>
So you can probably do weechat-(IRC-relay)->weechat, but you'd still have to define every network twice
<pie___>
dunno how youd check if its not interactice
<pie___>
run a nix query on the bash path?
carlosdagos has quit [Quit: WeeChat 2.4]
<pie___>
sounds hacky
<pie___>
yorick, but i think that sounds like it could be helpful, to have a check i mean
<flokli>
das_j: define "there"?
<das_j>
flokli: Available on IRC
<das_j>
Like not super busy
<Ashy>
anyone using sway and redshift on nixos1903?
<Ashy>
i havent got redshift working yet
<Synthetica>
Ashy: On unstable
<exarkun>
tilpner:oh cool emacs, I can finally stop running two programs on my computer and just run one!
<Ashy>
Synthetica: ah ok, can i override just redshift from unstable?
<exarkun>
imagine all the overhead I'll save by switching to a non-task-switching kernel
<Synthetica>
Ashy: I override it to use github.com/breznak/redshift instead of the regular repo
<Ashy>
Synthetica: got an example of your config?
<pie___>
sidenote; githubs relatively new "related issues" feature is pretty nice
<exarkun>
tilpner: I wonder if weechat-based IRC relay works any better than ZNC-based IRC relay. The appeal of weechat was to fix some of the weirdness that seems kind of inherent to using IRC as the relay protocol (shortcomings in the protocol that mean you can't really express everything you need to)
<mwilsoncoding>
I can pretty much logic out _what_ it's doing, my trouble is more with the _why_ =/
<simpson>
mwilsoncoding: `azure` is a so-called "namespace package"; many different Python source packages are located within that namespace.
<simpson>
This declaration permits those other packages to be installed and loaded correctly.
<mwilsoncoding>
simpson: so what's the rhyme/reason for that line's appearance in servicemanagement-legacy, storage, mgmt-storage, etc (essentially, should I be concerned with this if I'm trying to add in more azure modules?)
detran has quit [Ping timeout: 258 seconds]
<simpson>
mwilsoncoding: Probably that things break without it. Try it and see, maybe?
<mwilsoncoding>
lol- I'm in that cycle right now, looking for as many shortcuts as I can. I'll definitely get there =]
<mwilsoncoding>
I keep getting a collision error if I try to build azure-{keyvault,loganalytics,eventgrid,cosmosdb-table}
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to staging: https://git.io/fjsJT
<gchristensen>
specifically, I think, we need to do SWAYSOCK and WAYLAND_DISPLAY
ixxie has joined #nixos
<mwilsoncoding>
the 'collision' seems to be with that particular path but respective to the $out directories of azure-common and azure-<colliding-package>
<simpson>
mwilsoncoding: Hm, interesting. I don't understand this part of Python packaging (and, after a decade, I'm starting to suspect that nobody does) but I am wondering if, like with other packaging concepts, only the top-level namespace "host" package has to declare the namespace.
srid0 has quit [Ping timeout: 255 seconds]
stepcut has quit [Remote host closed the connection]
pie___ has quit [Remote host closed the connection]
stepcut has joined #nixos
pie___ has joined #nixos
zarel has quit [Ping timeout: 244 seconds]
Neo-- has joined #nixos
stepcut has quit [Ping timeout: 246 seconds]
camsbury has quit [Remote host closed the connection]
srid0 has joined #nixos
stepcut has joined #nixos
drakonis has joined #nixos
iyzsong has quit [Ping timeout: 276 seconds]
nakkle has joined #nixos
<mwilsoncoding>
simpson: I'm venturing deeper down the rabbit-hole...
kleisli has joined #nixos
<mwilsoncoding>
I put a call to remove the __init__.py file because blanking it made no difference...
<mwilsoncoding>
once I did that, I'm now getting "collision between `/nix/store/...azure-common-1.1.19/lib/${python.libPrefix}/site-packages/azure/__pycache__/__init__.cpython-37.pyc"
pie___ has quit [Ping timeout: 250 seconds]
npmccallum has quit [Ping timeout: 245 seconds]
domogled has joined #nixos
drakonis has quit [Quit: WeeChat 2.4]
<mwilsoncoding>
W00+
Makaveli7 has quit [Quit: WeeChat 2.4]
mariel__ has quit [Remote host closed the connection]
mariel__ has joined #nixos
<mwilsoncoding>
removal of __init__.cpython-*.pyc in addition to removing the original __init__.py results in the package succeeding the build and me getting my python environment as specified
<mwilsoncoding>
note: I'm only doing the removal in the azure-<conflicting-package>
<simpson>
Netsu: Doesn't look like it. FWIW these look like single-file libraries with public domain license, so it could be the case that the typical consumer of this library vendors/bundles it. What are you working on?
<tilpner>
I'd expect most C* projects to copy those headers instead of relying on packages
<samrose>
does node2nix support the node `--experimental-modules` flag?
o1lo01ol1o has joined #nixos
knupfer has quit [Ping timeout: 264 seconds]
<Netsu>
simpson: just need a library with stable aes+cbc implementation (cross-platform desirable)
<srhb>
Netsu: It looks like it'd be fairly trivial to package. Maybe consider trying your hand at it?
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fjsU3
Ralith_ has quit [Remote host closed the connection]
v88m has quit [Remote host closed the connection]
npmccallum has joined #nixos
v88m has joined #nixos
petrkr has quit [Remote host closed the connection]
v88m has quit [Client Quit]
v88m has joined #nixos
ixxie_ has joined #nixos
v88m has quit [Client Quit]
v88m has joined #nixos
<exarkun>
nixos automounts my removable luks device when it is sdb but not when it is sdc
<exarkun>
what part of the system is in charge of this?
<li_matrix>
The complaint that nix is complicated mostly seems to blame Unix, which is all it is trying to abstract.
<musicmatze>
exarkun: I'd say that's udev..
domogled has quit [Quit: domogled]
<mwilsoncoding>
so I'm trying to build https://pypi.org/project/uamqp/ but it keeps failing stating it can't find cmake. Problem is, it keeps doing that even if I include cmake as a buildInput or even a propagatedBuildInput (which I don't think should be necessary)
<mwilsoncoding>
any pointers for making cmake available to the buildPythonPackage function?
<musicmatze>
mwilsoncoding: did you try nativeBuildInputs ?
<musicmatze>
not sure whether this would be the right thing to do, though
<mwilsoncoding>
ooh
<mwilsoncoding>
I'm a bit of a newb, so no. =] trying it now
<musicmatze>
I don't even know what the difference is ... I try until it builds when I package something, then I try to run it and go from there... :-)
<exarkun>
musicmatze: so ... I should play with services.udev.extraRules I guess?
<musicmatze>
I'm a newb myself ... using nixos for ~4 years now but still am a newb
<musicmatze>
exarkun: I guess so.
<musicmatze>
How does your automount setup look right now?
varjag has quit [Quit: ERC (IRC client for Emacs 25.2.2)]
buffet_ is now known as buffet
<mwilsoncoding>
musicmatze: lol about 2 years myself so I don't think it'll be going away any time soon
<mwilsoncoding>
musicmatze: that did it!
Shouou has quit [Ping timeout: 250 seconds]
<mwilsoncoding>
still erroring out, but different error!
<exarkun>
or maybe this is just a bug in udisks2 :/
<musicmatze>
awesome
<exarkun>
musicmatze: I have no custom automount configuration on my system
<exarkun>
I have two usb flash devices of the same model
<exarkun>
when I plug them both in, udisks2 seems to coalesce them into a single entity that owns two device (sdb and sdc)
<cosmo_>
Hello I'm trying to use Nixpkgs "fetchpatch" routine but I can't import it correctly
<matthewbauer>
It's been sending inputs for 2+ days
<gchristensen>
nice
pie___ has quit [Ping timeout: 258 seconds]
<gchristensen>
but on the status page, those don't look so bad?
<worldofpeace>
gchristensen: Sounds like a pretty pure way to offer oneself. asynchronous communication can only get you so far
zarel has joined #nixos
<gchristensen>
yeah
<ggpeti>
gchristensen that POE build is on the status page as a running build
<gchristensen>
I'm struck by how incredibly productive a 30min-1hr call can be. I had this experience today (and several times in the past) and perhaps a more regular event like this could be great.
<ggpeti>
thet you click on it and it's cancelled
<gchristensen>
ggpeti:see that under "Running build steps" it is still trying to send
<{^_^}>
[nixpkgs] @winpat opened pull request #60167 → taskopen: init at 1.1.4 → https://git.io/fjsIq
mexisme has joined #nixos
mconstant has quit [Ping timeout: 245 seconds]
<gchristensen>
(fixed)
ggpeti has quit [Ping timeout: 256 seconds]
<worldofpeace>
gchristensen: Totally agree with you there. I've regained old/new parts of myself in an hour. I feel like the more commitment the more energy, stronger outcome.
fusion809 has quit [Remote host closed the connection]
uranther_ has joined #nixos
uranther_ has quit [Client Quit]
mconstant has joined #nixos
uranther has joined #nixos
Shouou has joined #nixos
kaliumxyz has quit [Quit: Lost terminal]
<{^_^}>
[nixpkgs] @FRidh pushed 0 commits to python-unstable: https://git.io/fjsIK
kleisli has joined #nixos
<{^_^}>
[nixpkgs] @volth opened pull request #60171 → perl-cross: update for perl 5.28.2 → https://git.io/fjsIP
thePirateKing has joined #nixos
<thePirateKing>
Hi everyone, I was just wondering, in nix-shell code, I see this line a lot `src = if pkgs.lib.inNixShell then null else nix;` or something similar
<thePirateKing>
what does it mean?
<gchristensen>
yuck
<gchristensen>
I don't know why somebody would do that
jasongrossman has quit [Ping timeout: 250 seconds]
<azazel>
hi guys, I' had installed some font packages some time ago and now I found out after one update that my Xorg apps don't see those fonts anymore... any idea how I can debug the situation?
Xiro` has joined #nixos
<clever>
azazel: did you use fonts.fonts ?
alexherbo22 has joined #nixos
Xiro` has quit [Client Quit]
<azazel>
clever: of course not, there's always a configuration option that I miss... :-D
<azazel>
seems like someone is always creating new unknown options :-)
<{^_^}>
[nixpkgs] @joachifm pushed 2 commits to release-19.03: https://git.io/fjstP
ardumont has quit [Ping timeout: 244 seconds]
<gchristensen>
hey everyone, I'm going to be hosting regular Nix ecosystem office hours starting next week. It'll be a video call where anyone can drop in and chat about the Nix ecosystem: cool PRs, problems, improvements, how to help each other to improve Nix. If you're interested, please tell me when you're available over at https://doodle.com/poll/aq9iytabi3k7z9da#calendar -- thank you!
<slabity>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 110
ATuin has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<iceypoi>
gchristensen++
<{^_^}>
gchristensen's karma got increased to 111
ggpeti_ has quit [Ping timeout: 245 seconds]
<__monty__>
gchristensen: Video logs? Ooh, or better yet do nix streams : )
<__monty__>
Oh, you're ignoring anything older than 30 days?
<gchristensen>
iceypoi: yeah, it is a bit misleading
Glider_IRC has quit [Ping timeout: 246 seconds]
PLPD-Bot has joined #nixos
<iceypoi>
well, I'm just trying to figure out, if the number is shrinking or not, lol
<iceypoi>
because 1000+ is not exactly super healthy
<gchristensen>
I don't think you can look at the raw number and determine health
<iceypoi>
gchristensen: not exactly, of course. But if you see e.g. tons of PRs being created and very few closed off, that's not great
<samueldr>
some projects cull open PRs without thought, ours doesn't really; PRs unresolved stay unresolved... a chunk of this number are WIP abandoned effort
asymmetric has joined #nixos
<gchristensen>
sure
<gchristensen>
but at hundreds of PRs merged a week, I'm not sure it is bad :)
<samueldr>
(speaking from having combed through open PRs for a previous release)
asymmetric has quit [Client Quit]
reinhardt has quit [Quit: Leaving]
<iceypoi>
gchristensen: no, definitely not. That's why I started looking into the data anyway. Because 1000+ is really not common
<samueldr>
while some think it looks bad that the open PRs number is big, in reality the sheer amount of new and closed PRs over a span of time should be looked at, to better understand the situation
<iceypoi>
gchristensen: but I also saw the velocity at which it gets closed, so it's just a very, very active project
<gchristensen>
cool
<iceypoi>
gchristensen: which is great
<gchristensen>
for sure :)
<iceypoi>
samueldr: which is what I did
asymmetric has joined #nixos
<iceypoi>
samueldr: what why I was trying to understand the merges vs proposed / month graph
<samueldr>
yeah, good :) I was also laying out just generic words about the issue, since it's sometimes pointed to as "THE PROJECT IS IN TROUBLE EVERYONE ABORT" (while in no way I think this is an indicator)
<gchristensen>
yeah
<iceypoi>
samueldr: if anything, I really liked I think code frequency or whatever graph it was
<gchristensen>
people seem to get spooked and upset when they see 1,000+ PRs, and it often takes a bit of a spiel to explain the context
<iceypoi>
samueldr: it basically showed nixos having massively gathered momentum over the last 5 years for instance
<gchristensen>
+1
<samueldr>
hmm, should really fixup the github fetching thing I did (well, is there anything to fix?) and do the thing to fix the jupyter notebook from globin so we have the graphs produced on an interval
<gchristensen>
yeah!
<{^_^}>
[nixpkgs] @c0bw3b merged pull request #59316 → torcs: anonscm.debian.org has moved → https://git.io/fjqPH
<iceypoi>
gchristensen: what doesn't make it exactly easier for nixos is the fact that the whole linux ecosystem lives in nixpkgs and that's just a lot of reason for change
<{^_^}>
[nixpkgs] @c0bw3b pushed commit from @eri451 to master « torcs: anonscm.debian.org has moved (#59316) »: https://git.io/fjsqf
<gchristensen>
sure
tboston_ has joined #nixos
kisonecat has quit [Ping timeout: 255 seconds]
linarcx has joined #nixos
<__monty__>
Hmm, homebrew-core has far fewer open PRs. I wonder why?
aanderse-work has quit []
<gchristensen>
they don't have an entire OS
<iceypoi>
gchristensen: wow... that's like 10 times fewer PRs / month o.o
<samueldr>
their github activity seems to have started in 2016, while nixpkgs is what, 2012?
<qyliss>
(Ex-Homebrew maintainer here) they also ruthlessly close stale PRs and issues
<__monty__>
Cool thing I learned about homebrew today. They have integrated `brew edit` and `brew bump-formula-pr --strict foo --url=newurl.tar.gz --sha256=tofu`
<qyliss>
They used to have one Homebrew repo, but then split it into brew and homebrew-core
<iceypoi>
I was more like like looking at velocity vs absolute number, tbh
<qyliss>
nix has nix edit
<iceypoi>
but in context, nixos is really active
lovesegfault has quit [Ping timeout: 258 seconds]
<gchristensen>
qyliss glad to have you on the dark side =)
<samueldr>
dark?
<gchristensen>
it felt rude to describe homebrew as the dark side
<iceypoi>
I really need to get nixos to run somehow on windows :P
<gchristensen>
so let me rephrase
<gchristensen>
qyliss: I'm glad to have you here :0
<qyliss>
<3
<gchristensen>
iceypoi: ghuntley has nixos nearly ready to go in to the windows app store
<iceypoi>
I've been championing nixos to guys at work
drakonis has quit [Ping timeout: 246 seconds]
<iceypoi>
gchristensen: oh ya, I know that pr
<__monty__>
Hmm, can't figure out nix edit and I'm still missing manpages for nix.
<gchristensen>
`nix edit hello`
<gchristensen>
`nix edit --help`
<qyliss>
nix edit -f . hello for a local checkout
<iceypoi>
gchristensen: wonder what we have in store for WSL over the next few windows updates
<__monty__>
Ah, so you need a nixpkgs repo?
<iceypoi>
gchristensen: afaik the team is quite busy
kisonecat has joined #nixos
<gchristensen>
ah
<{^_^}>
[nixpkgs] @c0bw3b opened pull request #60179 → [19.03] torcs: fetch patch from stable source → https://git.io/fjsqm
<iceypoi>
gchristensen: but honestly, once we get nixos into WSL and the store, I bet the useage will go up quite a lot
<ambro718>
What are the option for running a different linux distro in a container (using the same kernel, not a VM)?
<iceypoi>
ambro718: docker does, right?
<ambro718>
in particular RPM-based one, is there a practical way to do that?
<monsieurp>
why not using a plain old chroot?
<slabity>
Yea, docker would likely be your best bet if there's already an image available
<monsieurp>
everything has to be stuffed into a container these days
<monsieurp>
weird
<ambro718>
I'm just looking for a solution that is more lightweight than a VM and better integrates with the existing system
<iceypoi>
pretty much every distro has a docker image these days
<slabity>
It's containers all the way down
<iceypoi>
i'm sure fedora will too
<ambro718>
is docker the only practical option?
<ambro718>
what about that systemd thing?
<monsieurp>
iceypoi: amazing selling point
<monsieurp>
I'm totally sold!!!
<ambro718>
I don't like docker, it's too much hype :)
<slabity>
ambro718: You mean LXC?
<iceypoi>
monsieurp: what selling point? Sorry, I'm confused
<ambro718>
no I mean some systemd container support thing
pie_ has joined #nixos
<tilpner>
__monty__: It works without a local checkout here: nix edit -f "<nixpkgs>" hello
<slabity>
There's lots of ways to do containers. Nixos-container, docker, lxc, etc.
<slabity>
Just pick one and go with it
<lordcirth_>
ambro718, you mean systemd-nspawn?
<ambro718>
lordcirth_: probably yes
<ambro718>
so, now I just need to figure out how to use rpm to install a centos rootfs
<slabity>
That's more of a container service provider
<lordcirth_>
ambro718, I would recommend using LXD.
<lordcirth_>
You can have LXD download premade images for centos
<ambro718>
I think it's quite the right thing. "systemd-nspawn may be used to run a command or OS in a light-weight namespace container. ... systemd-nspawn may be invoked on any directory tree containing an operating system tree ..."
<slabity>
LXD can be used with libvirtd too, so you can just use virt-manager
<clever>
nixos-container is just a wrapper arround systemd-nspawn
<ambro718>
do I need to be root to run ldx? If yes then ****.
<__monty__>
tilpner: It simply echos the file's contents here. With brew you get the file opened in your EDITOR and then like I said, after some fiddling you can submit a PR through the cli. That's just nice and convenient, would probably make submitting version bumps more of a crowdsourced thing.
<monsieurp>
is there a tool a la debootstrap to bootstrap nixos?
<gchristensen>
you essentially have root if you can use docker, too
<exarkun>
monsieurp: nixos-install?
<exarkun>
monsieurp: what are the essential features of debootstrap you're interested in?
<gchristensen>
every build of nixos is effectively bootstrapping itself
<ambro718>
systemd-nspawn and containers in general don't need root, right?
<slabity>
monsieurp: There's a nix expression that just builds a Nixos directory tree. I know another to build an ISO image
<ambro718>
kernel allows various isolation function to non-root by default, I think
<clever>
slabity: nix-copy-closure --to local?root=/mnt/ /nix/store/foo, lets you copy things to /mnt/nix/store/, including the entire closure
<monsieurp>
slabity: could you please tell me what's the expression to bootstrap a nix systemd in a directory you mentioned earlier?
<monsieurp>
s/systemd/system/
<slabity>
Yea, does anyone know how to search through the chat for my name? I can probably find it archived somewhere.
<__monty__>
Depends on how it's logged. In the current session something like /last or /lastlog may work. Otherwise something like `rg '<.slabity>' .irclogs` might work.
<gchristensen>
in the sense that it uses private PID, mount, network, IPC and UTS namespaces, and a chroot is a primitive attempt at donig that, sure
<simpson>
iceypoi: "basically" is a pretty bad word here, IMO; "builds run in private PID, mount, network, IPC and UTS namespaces to isolate them from other processes in the system"
<simpson>
The isolation is the point, not the mechanism.
<iceypoi>
I didn't mean to be disrespectful, just trying to express it in terms I'm used to. Also trying to figure out, if it's a really bad idea to turn it off on WSL
<gchristensen>
iceypoi:I didn't take it as disrespectful :)
<iceypoi>
it doesn't want to install with the default installer
o1lo01ol1o has quit [Remote host closed the connection]
<gchristensen>
chroots are just quite primitive, and the namespacing is much better
<simpson>
iceypoi: No worries. "basically" is one of those words that people use to paper over understanding and communication by instead replacing a personal analogy which is more comforting. It's a risky word for indicating that you grok something.
<slabity>
It's basically a super chroot
<iceypoi>
fair enough :D
_kwstas has joined #nixos
<gchristensen>
ugh that problem
<iceypoi>
it's "unpacking channels..."
<iceypoi>
so progress
<gchristensen>
I've been wanting to allocate time to improving the sandbox problems, but time is limited and it is not very easy to get work-time for things like that
<iceypoi>
now I've gotta see, if I can get home-manager working
<{^_^}>
[nixpkgs] @c0bw3b merged pull request #59232 → grpc: update version and build shared libs → https://git.io/fjtAf
<{^_^}>
#12347 (by jgillich, 3 years ago, open): machinectl does not work
<gchristensen>
1234....soclose,but...7
<ambro718>
how would one go about enabling systemd-importd?
civodul has quit [Remote host closed the connection]
civodul has joined #nixos
<pie_>
so the general narrative of nix seems to put a lot of emphasis on the reproducibility, but it sounds to me that the fact that you can develop a system more like a software project as opposed to a ball of mud sounds like a more immediate win for me
<pie_>
reproducibility could basically be a buzzword in this context?
<gchristensen>
pie_: I've done some cool TDD of firewall rules with nixos, and have some ideas on other testing mechanisms there
<pie_>
how much reproducibility and have and what does it get us? dont get me wrong im all in favor of it, im just not sure if we're emphasizing the wrong stuff
<pie_>
alternatively, maybe its just what *ive* been telling people and *I* was doing it wrong
<simpson>
pie_: I'm not sure I understand; my Nix files *are* balls of mud.
<pie_>
simpson, well, as opposed to the result of maybe some bash / ansible scripts?
kleisli has joined #nixos
<pie_>
i hope to think we're better but i have minimal experience with anything other than nix
<simpson>
pie_: Those are *just as* messy, to me. Not better, not worse. Nix's strengths lie in features like dry-running and reproducible builds, I think, not especially in readability.
<pie_>
maybe its just that "everything" is in one place
<pie_>
ive had this in the back of my mind for a few days but its meta and murky
<pie_>
which is to say id love it if someone can clear the waters a bit :p
kisonecat has quit [Ping timeout: 250 seconds]
<simpson>
I'm not sure if there's some specific property of Nix which, for example, causes Nix-based tools to be less buggy than Ansible, Saltstack, Terraform, etc. AFAICT it's quite possible to write buggy/crappy tools with Nix too.
<gchristensen>
the fact that almost all the interesting stuff happens at build time makes the stakes much lower
<clever>
ambro718: systemd provides udev, and a lot of graphical stuff ties into udev to detect what gpu you have
<andi->
ambro718: set systemd.package in you system config if you just want to replace the daemon that is used on your system without rebuilding everything
<ambro718>
andi-: yeah will do that, thanks
<parsnip>
clever: ah, i think i actually grok that, thank you!
<clever>
parsnip: that gets ran after creating /nix/store/hash-system-path/, and updates any indexes within it, which then lands at /run/current-system/sw/
<pie_>
im not set up for that but would be nice :D
<andi->
So the nix daemon seems to cache narinfo files across restarts of the daemon. It doesn't put it in the /nix/var/nix/db/db.sqlite (as far as I can tell). Any idea what I am missing? I am toying with some local network (mdns discovery...) binary caching..
<gchristensen>
I guess it is sort of cheating since I'm actually just fetching emacs from the cache
<clever>
andi-: ~/.cache/nix/binary-cache-v* as root
<pie_>
gchristensen, hm :p
<andi->
clever: aahhh.. I was looking at /nix/var/nix/binary-cache-v3... on one of my machines but that hasn't been written to in years.
<clever>
andi-: you can just blow the cache away with rm, nix will remake the DB's
<andi->
That is where it went..
realrokka has quit [Read error: Connection reset by peer]
<clever>
andi-: non-root users can now manage the same cache, in their own home
<{^_^}>
[nixpkgs] @c0bw3b merged pull request #58366 → commit for u-boot build of bananapim64 → https://git.io/fjU0w
<{^_^}>
[nixpkgs] @c0bw3b pushed commit from @samrose to master « uboot: add Banana Pi M64 (#58366) »: https://git.io/fjsmK
joebobjoe has joined #nixos
<worldofpeace>
is repositories.git a real meta attribute?
<joebobjoe>
hi, I switchede from brew to nix, and nix seems a lot more unstable for me (as far as the programs' installed ability to start). why is this? after os upgrades I always seem to get linker errors when starting programs installed with nix
<joebobjoe>
for example, when I run pwgen I get
<joebobjoe>
dyld: Library not loaded: /usr/lib/system/libsystem_network.dylib Referenced from: /nix/store/12yshvbpz9hjn7khzzf0ar67kaw6g7f7-Libsystem-osx-10.11.6/lib/libSystem.B.dylib Reason: image not found
<joebobjoe>
Abort trap: 6
<joebobjoe>
huh. I did a nix-env --install pwgen and now it works
<joebobjoe>
weird, I did an upgrade already. why was there anything to install. did it reinstall?
<clever>
joebobjoe: how did you previously upgrade?
<joebobjoe>
nix-env -u
<joebobjoe>
I haven't been using nix for very long
<joebobjoe>
it didn't change the pwgen version number
<joebobjoe>
but it did something along the lines of these paths will be fetched (0.01 MiB download, 0.03 MiB unpacked)
<joebobjoe>
maybe the pwgen package was updated to fix the linker error?
zupo has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<sphalerite>
,imperative joebobjoe
<{^_^}>
joebobjoe: nix-env has multiple drawbacks as an imperative package manager. nix-env -u will sometimes upgrade to the wrong thing; the outputs to install are very finicky to override; and packages that have been removed or are otherwise unavailable will remain in your profile without any warnings. Consider using a ,declarative setup instead.
<monsieurp>
uh.. the nixpkgs repository log is a bit of a mess :(
<ambro718>
I want to compile systemd with importd support (-Dimportd=true), but in that case systemd depends on dbus, and dbus depends on systemd -> infinite recursion, WTF do I do?
<gchristensen>
that is okay, you don't have to agree :)
<simpson>
monsieurp: No worries. Anyway, what did you *actually* want to look for?
<monsieurp>
sphalerite: Linus uses merge commits for a good reason
<gchristensen>
a lot of cool work done in the Nix ecosystem is because somebody didn't like it
thePirateKing has quit [Ping timeout: 255 seconds]
<sphalerite>
monsieurp: what problem is this causing for you?
nikivi has quit [Read error: Connection reset by peer]
<parsnip>
hmm, but that did make mu4e and git available to command line git "table of contents"
<etu>
monsieurp: So do we, not all changes are based on the current HEAD, so a merge is needed to put it there. Unless the person merging also happen to rebase everything every time something is put in. But someone else rebasing other people's commits will break things like gpg signatures of commits etc.
<monsieurp>
sphalerite: merge commits mean something particular
<parsnip>
*command line info
<ambro718>
I did this systemd package override, https://paste.ubuntu.com/p/v7pfNWh9Vt/, can someone see why it would be failing to find dbus via pkg-config?
<sphalerite>
monsieurp: the problem that the state of nixpkgs's history causes for you is that merge commits mean something particular? \:|
<sphalerite>
ambro718: I'm not sure that this would cause the problem, but overrideAttrs (used the same way as overrideDerivation) is preferred
<ambro718>
sphalerite: that actually fixed it, thanks
<gchristensen>
monsieurp: in what way is our merge commit not adequate, and what is the good reason for which Linus uses that?
apaul1729 has quit [Remote host closed the connection]
* sphalerite
is a bit confused by the mentions of Linus
<sphalerite>
:p
<gchristensen>
:D
<simpson>
sphalerite: Well, some of us have been yelled at by Linus before, and being yelled at by Linus automatically grants skill with git~
<monsieurp>
hold on a sec, I never said it's inadequate! you're putting words into my mouth
mexisme has joined #nixos
<gchristensen>
monsieurp: sorry, I don't mean to put words in your mouth. however, I understand that we use merge commits too, but my understanding from what you said is they're not the right merge commit
* sphalerite
has some sleep to deal with. sleep > dealing wiht trolls :D
<gchristensen>
g'night sphalerite
<pie_>
sphalerite is very troll-happy these days :p
<pie_>
sphalerite, good night anyway o/
<joebobjoe>
sphalerite: so don't use nix-env? is there any way to determine what nix-env --install pwgen just did?
<joebobjoe>
did it replace the version?
<joebobjoe>
how do I know?
<joebobjoe>
is there a log on macos?
<monsieurp>
I think that for one-off contributions that are meant to add/remove a package to a repo as large as nixpkgs, merge commits tend to pollute the history log, especially those quick merges offered through the Github merge button
<monsieurp>
the right question is: what is the rationale for not keeping a linear log?
tboston_ has quit [Ping timeout: 276 seconds]
mexisme has quit [Ping timeout: 255 seconds]
<simpson>
monsieurp: People are working concomitantly and an explicit linearization (above that created by git already) would slow down the process for no gain.
<simpson>
Additionally, git *supports* this model of development; the tool is being used as it ought.
<simpson>
You did, by using your words to start a conversation about the process.
alexherbo2 has joined #nixos
zupo has joined #nixos
<mdash_>
monsieurp: does there need to be a reason?-)
<monsieurp>
nobody should change a single thing if that process works well for developers
<monsieurp>
of course not
<simpson>
So what's the deeper desire? It's not a great resolution to say that we fail to draw pretty pictures because we are too busy getting stuff done...
<mdash_>
monsieurp: i guess all i'd say is that different projects assign different meanings to merge commits
ATuin has quit [Ping timeout: 250 seconds]
<monsieurp>
mdash_: indeed :)
jneto has joined #nixos
<monsieurp>
simpson: it's really about discussing git practices
<simpson>
monsieurp: Oh. So the entirety of what you wanted to communicate is that our git logs are messy to you because we don't have the same practices that you'd prefer we have?
romildo has joined #nixos
<romildo>
ryantm, hello.
ambro718 has quit [Quit: Konversation terminated!]
nD5Xjz_ has quit [Ping timeout: 246 seconds]
<monsieurp>
simpson: my apologies if my questions rubbed you the wrong way (it apparently did), I hope we can still debate though
nD5Xjz has joined #nixos
kleisli has quit [Ping timeout: 245 seconds]
<simpson>
monsieurp: Sorry, this channel isn't for that. If you really do want us to change how we use git, consider writing an RFC (https://github.com/NixOS/rfcs)
<parsnip>
is github to blame? i guess they have more just one option to merge a PR
<linarcx>
How to prevent package to be upgrade during nix-build --upgrade?
<parsnip>
*more than
<monsieurp>
simpson: which channel is more appropriate for such questions/debates?
<parsnip>
but doing it in the github webapp may not show if there is a cleaner way to merge before doing so
<iceypoi>
btw regarding merge commits. If I get it correctly, GitHub actually lets you configure the repo for auto-rebase upon accepting a pull request
<iceypoi>
and also squashing, in case that's something you want
<simpson>
monsieurp: There's #nixos-chat, where offtopic chat is allowed. There's also a NixOS dev channel but this is not really appropriate there without an RFC first, or at least a shred of evidence beyond artistic concerns.
<parsnip>
iceypoi: i'm not a fan of using github to "create/modify commits"
<monsieurp>
simpson: thank you, I will ask my questions in the #nixos-chat channel next time
<parsnip>
that includes merges, rebases, etc
<linarcx>
Guys..
ambro718 has joined #nixos
<linarcx>
How to ignore a package during system upgrade?
aanderse_ has joined #nixos
<iceypoi>
parsnip: just putting it out there, because with the volume of PRs going in, manual rebasing is just not possible, really.
<simpson>
linarcx: Doing something like nixos-rebuild? AFAIK one must rebuild the entire system profile at once; there's not really a way to mix and match nixpkgs.
aanderse has quit [Ping timeout: 276 seconds]
<immae>
Hello there! Say I have a sensible value, that I use during a derivation build, but that is not in the output (here, I use an encrypted file as a src, and I want to decrypt it during the build by providing the password). Can anyone else on the system have access to that password during the build, or is it correctly sandboxed to avoid that?
zarel has quit [Quit: Leaving]
joebobjoe has quit [Quit: Lost terminal]
<linarcx>
simpson: Yes, nixos-rebuild. i have some c++ packages and i use them in nix-shell. i don't know how to pin theme, without gc delete them every time. so i put them in configuration.nix, and evrey time a lot of packages ask to update. :(
<arianvp>
Well that was another fun debugging session
<jschievink[m]>
Fatal error: glibc detected an invalid stdio handle
<jschievink[m]>
/run/current-system/sw/bin/nixos-rebuild: line 208: 4159 Aborted nix-channel --update nixos
<jschievink[m]>
^ ouch
mmlb has quit [Ping timeout: 255 seconds]
<Lisanna>
WHen I am setting services.unbound.enable = true and trying (and failing) to configure it, suddenly the nixos machine that I'm running it on can't do DNS queries. I don't want my nixos machine to use the unbound service /as its own/ DNS resolver unless I explicitly set that. I'm not using any special networking settings otherwise - what's going on?
<Lisanna>
I looked at the unbound module code and I don't see anything that would be implicitly changing settings like that, unless there's code in some other networking module that's responding to it
<arianvp>
jschievink[m]: oucj
Rusty1 has quit [Quit: Konversation terminated!]
oida has quit [Remote host closed the connection]
oida has joined #nixos
<ajs124>
Lisanna, are you using networkmanager? How about systemd-resolved or nscd?
<Lisanna>
ajs124: I haven't changed any of the default networking options
<ajs124>
Ah, no. Found it. nixos/modules/config/networking.nix checks for services.unbound.enable and adds 127.0.0.1 to the resolvconf.conf
<Lisanna>
UGH
<Lisanna>
that's so silly to do that automatically
<Lisanna>
because it's *so easy* misconfigure things like bind and unbound
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
mmlb has joined #nixos
<Lisanna>
omg I can't even turn that off
<ajs124>
You can add another working dns server through networking.nameservers
<ajs124>
Does your resolv.conf only include your local resolver? I don't know much about resolvconf.conf…
nD5Xjz has quit [Ping timeout: 245 seconds]
nD5Xjz has joined #nixos
tboston_ has joined #nixos
ambro718 has quit [Quit: Konversation terminated!]
<emilsp>
is modules.nix special in any way?
<infinisil>
emilsp: module-list.nix?
<infinisil>
Or lib/modules.nix?
<emilsp>
infinisil: I'm actually looking at your znc module :) I've got my own specific zncDeriviation that builds just fine on it's own, but when I'm trying to import it, it just won't
<emilsp>
But yes, lib/modules.nix
thc202 has quit [Ping timeout: 276 seconds]
<infinisil>
It's not special no, all of lib is defined similarly
<emilsp>
hmm, so I'm accessing pkgs.zncModules.$ but I've never seen pkgs.zncModules being defined as such.
<emilsp>
This is of course only tangential to my problem.
tboston_ has quit [Ping timeout: 245 seconds]
* infinisil
is not sure how he can help here
<infinisil>
Is there a specific problem?
mmlb has quit [Ping timeout: 276 seconds]
<emilsp>
erm, I'
aanderse_ has quit []
<emilsp>
would you be ok with a pm ?
<infinisil>
I don't mind
aanderse has joined #nixos
mconstant has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<anaothmane>
Hello! After the upgrade to 19.03 my keyboard is qwerty (using xfce4 keyboard settings does not change anything, my shortcut is not responsive) and my mouse is not working at all. What is happening? The mouse works with the previous build but the keyboard is qwerty there as well
<anaothmane>
I'm using i3 with xfce4 as a DE
<anaothmane>
My keyboard should be in azerty
ggpeti has quit [Ping timeout: 245 seconds]
xkapastel has quit [Quit: Connection closed for inactivity]
<Ashy>
as a temp workaround can you `xsetkbmap azerty`?
Lears has joined #nixos
[Leary] has quit [Read error: No route to host]
<anaothmane>
Ashy, is it through a command? I don't find it in my path. What is it in?
<NemesisD>
how would i append to a derivation's buildInputs? would it be like `foo = foo // {buildInputs = foo.buildInputs ++ [blah]};` ?
<Ashy>
anaothmane: oh, woops, setxkbmap is the command
mbrgm has quit [Ping timeout: 258 seconds]
mbrgm_ is now known as mbrgm
mexisme has joined #nixos
<anaothmane>
infinisil and Ashy, yeah it works thanks
<anaothmane>
Though the mouse is still unresponsive
<anaothmane>
xfce4-mouse-settings only sees the touchscreen and the synaptics touchpad, even though I activated libinput
<anaothmane>
That's weird
Glider_IRC_ has quit [Ping timeout: 255 seconds]
<anaothmane>
I didn't update the system.stateVersion, maybe that's why
<NemesisD>
gchristensen: thank you!
<gchristensen>
:)
<gchristensen>
,stateVersion
<{^_^}>
Setting stateVersion to the latest release doesn't upgrade anything and can only break your setup at best. To actually upgrade NixOS see https://nixos.org/nixos/manual/#sec-upgrading. If you want to update the stateVersion option regardless, Ctrl-F for "stateVersion" in https://nixos.org/nixos/manual/release-notes.html to see things that need to be manually migrated with the new value.
<anaothmane>
gchristensen, I followed the notes there
<anaothmane>
Broke my mouse support it seems :/
ggpeti_ has joined #nixos
<kandinski>
please bear with me a moment: in nix, we name packages by the hash of its inputs, not of its binary substitutions. Is this correct?
ggpeti_ has quit [Ping timeout: 245 seconds]
<gchristensen>
the binary substitution is considered a cache, and is more coincidental than anything else
<gchristensen>
so yes, its identity is based on its inputs
<emilsp>
infinisil or anyone with znc knowledge - on arm, it seems that LoadModule = [ "module-1" "module-2" ]; gets turned into invalid xml - LoadModule = module-1\nmodule-2 is this expected?
<infinisil>
Hmm!
<infinisil>
znc config isn't xml, but that does look invalid
<kandinski>
gchristensen: thanks. It's the same for docker image IDs. So there is no verification function to th hash in either case.
<gchristensen>
kandinski: what do you mean?
<emilsp>
right, it's not xml, but the generated config file seems to not be valid :/
<kandinski>
if I name a thing by its hash, like for instance in IPFS, I can verify the network gave me the thing I asked for by taking the hash of the object I receive.
<simpson>
kandinski: There's a technical notion in Nix, the *derivation*, that makes precise exactly what is being hashed, and thus what is being verified.
<gchristensen>
kandinski: we use public key signing to ensure the cache provided a binary from a trustworthy source
<kandinski>
simpson: that's what I meant above. The derivation is an input. We hash it, and with that hash we name the thing that comes out of the derivation.
<simpson>
But yeah, don't use Nix packages from folks who you don't trust.
<infinisil>
emilsp: Can't reproduce with a `config.LoadModule = [ "foo" "bar" ]`, resulting file is `LoadModule = foo\nLoadModule = bar` as it should
<emilsp>
infinisil: if it helps at all, if I add a typo to LoadModule, it generates almost valid config files :)
<kandinski>
I'm just trying to separate the systems that use naming based on hashes of inputs (nix, docker) versus systems that use naming based on hashes of the actual things they're naming (IPFS)
mconstant has quit [Ping timeout: 245 seconds]
<kandinski>
simpson, gchristensen: thanks for the info and advice
<infinisil>
emilsp: Ehh, that's a bit too vague, a reproducible minified example would be nice
mconstant has joined #nixos
<kandinski>
(and by "separate" above I meant "make a list with two columns", I'm trying to understand things)
<gchristensen>
kandinski: part of nix is based on the hash of the contents
<emilsp>
sure, I'll try to come up with one. But, erm, maybe tomorrow. It's a bit late here :)
<kandinski>
gchristensen: that's where I'm aiming for. Which part?
<infinisil>
emilsp: I used this file: https://paste.infinisil.com/-P4yT583-4.nix and built the configFile with `nix-build '<nixpkgs/nixos>' --arg configuration ./file.nix -A config.services.znc.configFile`
<kandinski>
gchristensen: thanks, I'll look for it in the documentation.
<gchristensen>
and the binary substitution uses narinfos to point to content addressed nar files
<NemesisD>
is `propagatedBuildInputs` appropriate for specifying runtime dependencies that aren't needed to actually build?
<infinisil>
,runtimeDeps NemesisD
<{^_^}>
NemesisD: In order of preference: Patch source OR ((if it uses PATH -> wrap with new $PATH) AND (if it uses dlopen, (patchelf --set-rpath in postFixup OR wrap with new LD_LIBRARY_PATH)))
LnL has quit [Ping timeout: 255 seconds]
<kandinski>
gchristensen: seems that fixed-output derivations are mostly for downloaded tarballs, is that correct?
<gchristensen>
right
<gchristensen>
also the "intensional store" model (nixos/rfcs) moves to CAS stores
<NemesisD>
i don't know what any of those words mean. i've got a haskell package that i'm using nix to reduce to static executables and load into a docker image. i'm trying to figure out where i should specify the runtime dependencies it needs on the system to function
<infinisil>
NemesisD: What a "runtime dependency" is depends entirely on the package
<anaothmane>
Ok so xinput gives me a "SynPS/2 Synaptics TouchPag" even though synaptics.enable is set to false in my configuration.nix (and libinput is configured and enabled). Where can I investigate this problem further?
<ajs124>
Some language tooling (e.g. erlang) also uses fixed-output as far as I remember
<simpson>
NemesisD: So, in order, consider: Patching the source of the package. Write some Haskell so that the dependency is either hard, or so that Haskell calls Nix at runtime (ugh!)
<simpson>
NemesisD: Then, next up is using $PATH at runtime. For this to work, you'll need to build an environment or a wrapper.
<NemesisD>
i fully control the source of the package, but i don't know how i'd specify that it needs, for instance, node.js installed
<simpson>
NemesisD: This option *might* require, depending on *what* you're depending on, that you also patchelf somewhat. The listed shorthand gives hints, but each package is different.