Synthetica has quit [Quit: Connection closed for inactivity]
jasongrossman has quit [Remote host closed the connection]
frem has quit [Quit: Connection closed for inactivity]
zeta has joined #nixos
<zeta>
i have the git gpg signing key setup in home.nix, but it is in plain sight, is there a way to hide it, for example with asterisks "*****************"
<gchristensen>
your private key?
<zeta>
yes
<gchristensen>
you should not manage your private keys (or other secret data) with Nix
hamishmack has quit [Read error: Connection reset by peer]
<gchristensen>
because they will go in to the Nix store and become world readable
<zeta>
am i supposed to sign with my public key instead in the git options in home.nix
<gchristensen>
are you trying to set your user.signingkey?
<zeta>
programs.git.signing.key
goibhniu has quit [Ping timeout: 248 seconds]
<gchristensen>
that is almost certainly asking for the public key *id*
<gchristensen>
for example, mine is set to "FE918C3A98C1030F"
ris has quit [Ping timeout: 246 seconds]
kreisys has joined #nixos
<zeta>
thank goodness you told me this, i have not rebooted nixos, so it should be fine right ?
<gchristensen>
I don't know how home-manager works, so I'm not entirely certain -- but if you've run any home-manager related commands you probably haven't put the private key in the Nix store
<infinisil>
s/haven't/have?
<gchristensen>
right
<gchristensen>
thanks, infinisil
<zeta>
wheew
<zeta>
good thing i double checked, what could a hacker do if he had my private key ?
<gchristensen>
impersonate you when signing files
<zeta>
that's it ?
<gchristensen>
well ... depending upon who you are, that can be pretty sever
<gchristensen>
well ... depending upon who you are, that can be pretty severe
<gchristensen>
they could also decrypt things which were encrypted for you
judson has quit [Ping timeout: 248 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjcxx
<gchristensen>
for example, I use a password manager (`pass`) which uses GPG to encrypt my passwords. if someone had my private gpg key, they could read all my passwords
ddellacosta has joined #nixos
buffet_ has joined #nixos
<zeta>
damn, that's why i always double check to make sure with things like this
buffet has quit [Ping timeout: 255 seconds]
<zeta>
is the `home.options` file useful ?
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
hio has quit [Quit: Connection closed for inactivity]
<simpson>
zeta: In general, software is not useful.
<gchristensen>
lol simpson
<simpson>
Life sucks, and that's why I have to run `keychain` every time I login~ But it's a small price to pay.
<zeta>
infinisil: have a little more patience, i can't be a master in nixos 1 month in, it's going to take me at least 6 months to get comfortable.
<gchristensen>
that is true
<gchristensen>
however this is a two-party bargain: we offer to help, while we expect you to try and answer your question as best as possible on your own through your own research
<infinisil>
^^
<gchristensen>
and, when you can't answer it on your own -- that is okay! we definitely do want to help. to help us help you, it is very helpful to explain what you don't understand and what you've done to try and answer your question
<aanderse>
anyone with at least 3 computers they use regularly + mobile device have an awesome irc setup for nixos where they can "attach" to their irc session whenever/wherever they want? bonus points if i can continue to use my own irc client on desktop, more bonus points if it comes with a nixos module
<gchristensen>
android?
<aanderse>
i'm looking at "bip" as an irc proxy currently
<aanderse>
no nixos module
<aanderse>
but the config seems pretty flexible
<gchristensen>
are you an android user?
<aanderse>
gchristensen: yessir
mexisme has joined #nixos
<gchristensen>
weechat has a cool android program
<infinisil>
aanderse: znc!
<aanderse>
what protocol do i use to connect to (my) weechat server?
<gchristensen>
I don't know! good question :)
<parsnip>
aanderse: weechat has a weechat relay and an irc relay
<aanderse>
parsnip: ah, ok, thanks
<aanderse>
infinisil: ahh... thats what znc is
<infinisil>
aanderse: I run a znc instance on my server, which I can connect to with any irc client on all my devices. I have past history and everything from that, effectively attaching it
<parsnip>
use the weechat relay to connect with a weechat client
<aanderse>
i'm sure i've looked over the module you wrote 2 times when you linked me to it... i never once even bothered to guess what "znc" actually was
<aanderse>
lol
kreisys has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil>
(And znc has a NixOS module, newly revised by me :))
<parsnip>
irc relay won't relay _all_ weechat buffers, only the irc ones
<infinisil>
Hehe
<aanderse>
<3 infinisil
<{^_^}>
infinisil's karma got increased to 100
<aanderse>
<3 gchristensen
<{^_^}>
gchristensen's karma got increased to 116
<aanderse>
<3 parsnip
<{^_^}>
parsnip's karma got increased to 2
<parsnip>
aanderse: weechat-android is pretty smooth
<xorAxAx>
i have been debugging a "value is a function while a set was expected" problem - any insights on what the problem could be?
<xorAxAx>
the trace shows a map statement
<xorAxAx>
i have no clue why there are uncalled functions around
<zeta>
i am actually very happy with nixos, it was a brutal learning curve for me, but now that i am comfortable with it, the benefits nix package management are great, i like debian and apt package manager, but i had to much dependency hell with it, so i am glad i found an alternative.
<gchristensen>
sounds like you have a function expecting a parameter, and you're trying to treat it like a set
<gchristensen>
for example:
<gchristensen>
> (import <nixpkgs>).hello
<{^_^}>
value is a function while a set was expected, at (string):253:1
<zeta>
gchristensen: the infamous `cabal hell` is real
<xorAxAx>
ah, so some function is missing an argument
<gchristensen>
xorAxAx: no, not necessarily
<gchristensen>
as I said, <CODE> means it hasn't been evaluated:
<gchristensen>
> let x = a: a; in [ (x "hi") ]
<{^_^}>
[ <CODE> ]
mexisme has joined #nixos
<xorAxAx>
ah
<zeta>
ivan: thanks, i just haven't gotten around to reading it
<xorAxAx>
> let x = a: a; in [ traceVal (x "hi") ]
<{^_^}>
[ <CODE> <CODE> ]
<xorAxAx>
> let x = a: a; in [ (traceVal (x "hi")) ]
<{^_^}>
[ <CODE> ]
<gchristensen>
xorAxAx: you can also PM with {^_^} :)
<xorAxAx>
ok :)
<infinisil>
(or use nix repl locally for that matter, which is faster and has more features :))
<zeta>
i am currently learning haskell and lisp, and i plan to start looking for freelance work next week, how is the job market for these languages ?
teoma has quit [Remote host closed the connection]
Supersonic has quit [Ping timeout: 258 seconds]
<zeta>
i plan on sticking on these two languages and maybe learnig rust down the road
<aanderse>
infinisil: regarding this znc module... whatever happened to services.foo.enable = true; being enough? T_T
<infinisil>
aanderse: Yeah it's a bit unfortunate with the legacy cruft..
<gchristensen>
znc ... I never did manage to figure out how to use znc
<infinisil>
aanderse: Oh yeah, but also if you disable useLegacyOptions, you actually need to define everything yourself xD
<infinisil>
But you need to anyways for the networks and such, so ehh
<infinisil>
And nick
<zeta>
no response :(
<infinisil>
aanderse: mutable = false and useLegacyOptions = false; would be nice defaults eventually. But all other things are really nothing that could be set with a simple enable = true
Supersonic has joined #nixos
Maerman has joined #nixos
<aanderse>
infinisil: ok
<aanderse>
thanks
<infinisil>
Oh actually, we could change the default if we condition it on system.stateVersion
zeta has quit [Quit: WeeChat 2.4]
<infinisil>
And then it technically doesn't even need a release note because it's not a breaking change
horner has joined #nixos
<gchristensen>
I think, typically, each use of stateVersion gets a release note
<gchristensen>
not sure though
Maerman has quit [Quit: Konversation terminated!]
<samueldr>
yes, release note as someone might remember it working one way, and now it doesn't?
<xorAxAx>
"'name' attribute missing in a call to 'listToAttrs'" - for map (mi: ({ name = mi.name; } // (lib.mapAttrs' (key: value: (lib.nameValuePair key machine_addrs."${mi.${key}}".value)) mi))) l1;
silver has quit [Read error: Connection reset by peer]
arguser has joined #nixos
lovesegfault has joined #nixos
<infinisil>
samueldr: People aren't supposed to change stateVersion, so their existing set up will still work
<samueldr>
I meant about someone that knows how it's supposed to work, and observes on a new system it doesn't
<infinisil>
Although I guess it would be a bit confusing to see `default = false`, but it's enabled for them, even though they didn't do `value = true`
<infinisil>
(which is the result of the docs when conditioning the default on stateVersion)
<infinisil>
samueldr: Ah yeah good point
Rusty1 has joined #nixos
<xorAxAx>
gchristensen, i pasted the problematic piece of my code, i dont know where 'name' is coming from
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #61169 → static: set default_library flag for meson in makeStaticLibrary → https://git.io/fjcpd
<xorAxAx>
found the problem :-)
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #61170 → perl-libwww: don’t check on darwin → https://git.io/fjcpx
<mog>
what am i doing wrong here networkmanager = unstable.networkmanager.override (o: { propagatedBuildInputs = [pkgs.python3Packages.pygobject3] ++ o.propagatedBuildInputs; } );
<gchristensen>
I think you might want .overrideAttrs?
drakonis has joined #nixos
mexisme has joined #nixos
<mog>
i think you are right its compiling at least
thomashoneyman has joined #nixos
<thomashoneyman>
i've just discovered that a NixOS installation + i3 provides no way to open an "upload file" dialog when using apps like Firefox
<thomashoneyman>
anyone have advice on a package that will enable this?
<thomashoneyman>
for example, i get a blank white screen when going to a site which has a 'file upload' button and pressing it
<gchristensen>
like your whole screen is white?
<thomashoneyman>
yes.
<thomashoneyman>
i can click and it disappears
acarrico has quit [Ping timeout: 248 seconds]
<thomashoneyman>
but i'm assuming it's attempting to open a file navigator but failing to do so
<thomashoneyman>
i have Ranger installed but that's the only file manager
o1lo01ol1o has quit [Remote host closed the connection]
<thomashoneyman>
(i'm not sure of the correct terminology for these things. file uploader? file manager? file navigator?)
<gchristensen>
if you press, uh, mod? (the windows key) and click on the white screen, can you move it (while the button is pressed and the mouse is clicked) around?
<thomashoneyman>
for example: if I go to (https://send.firefox.com/) and press the "Select files to upload button" I get the white screen.
<gchristensen>
I believe this always goes is I can't possibly remember what it is, and then you come in saying dconf, and then we grep our logs as fast as we can
<samueldr>
not enough of a shared issue to be at hands reach, but always at the tip of the tongu
<wucke13>
Hi, is there an idiomatic way of running a php-fpm along nginx in a way, that php scripts may create folders and files in their www root?
lambda-11235 has joined #nixos
<{^_^}>
[nixpkgs] @jraygauthier opened pull request #61177 → nixos/jupiter: add a kernel jsFile option → https://git.io/fjCeG
knupfer has joined #nixos
init_6 has joined #nixos
mexisme has quit [Ping timeout: 268 seconds]
<lopsided98>
jackdk: I left a comment on the PR
<risson>
Hi! Is there a way to get the first element in a list in Nix?
<teto>
> builtins.head [ 3 ]
<{^_^}>
3
<teto>
risson: ^
<risson>
Thanks :D
nschoe has joined #nixos
mexisme has joined #nixos
nschoe has quit [Remote host closed the connection]
gm_ has joined #nixos
civodul has joined #nixos
gm_ has quit [Client Quit]
gm_ has joined #nixos
<gm_>
Hello, I'm trying to create a service/module and when systemd tries to run it the application startup errors with "fork/exec /sbin/ip: no such file or directory", however running it directly as my user works. I'd have thought ip should be available?
wfranzini has joined #nixos
<gm_>
I've verified that the application in question, looks at PATH first before failing back to /sbin/ip
reinhardt has joined #nixos
m0rphism has joined #nixos
Myhlamaeus has quit [Ping timeout: 252 seconds]
rauno has joined #nixos
knupfer has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @vcunat opened pull request #61179 → stdenv, cacert: consider $NIX_SSL_CERT_FILE in hooks → https://git.io/fjCei
reinhardt has quit [Remote host closed the connection]
init_6 has quit [Ping timeout: 246 seconds]
reinhardt has joined #nixos
fusion809 has quit [Remote host closed the connection]
<gm_>
@lopsided98: That sorted it, thanks!
mexisme has joined #nixos
johanot has joined #nixos
mexisme has quit [Ping timeout: 252 seconds]
bahamas has joined #nixos
<bahamas>
I notice that there are some channels named nixos and others nixpkgs. what's the difference?
<Synthetica>
bahamas: All tests get run on the nixos channels, so they are a bit slower to update, but they try to ensure you can't accidentally update into a borked system
<Synthetica>
nixpkgs are a bit less strict
<Synthetica>
But faster to update
schjetne has joined #nixos
<bahamas>
Synthetica: ok. I need to use an older channel and was trying to decide which one of the two to use.
<Synthetica>
If you only need to install a package nixpkgs is probably fine, but nixos can't hurt
wucke13 has quit [Quit: WeeChat 2.4]
Glider_IRC__ has quit [Ping timeout: 248 seconds]
<bahamas>
Synthetica: thanks. actually, I think this particular commit is only available in nixos. but it's good to know there isn't a major difference between the two
mexisme has joined #nixos
hoijui has quit [Ping timeout: 252 seconds]
vidbina has joined #nixos
<teto>
bahamas: it should be the opposite as nixos channels are slower to update. eventually nixos catches up to nixpkgs so it's more likely that a commit is available in nixpkgs but not in nixos than the opposite (they should converge eventually)
sam_d has quit [Ping timeout: 246 seconds]
hio has joined #nixos
sam_d has joined #nixos
<bahamas>
teto: do you know how I can find the channel that contains a specific commit?
lambda-11235 has quit [Quit: Bye]
Makaveli7 has joined #nixos
mexisme has quit [Ping timeout: 246 seconds]
ottidmes has joined #nixos
<{^_^}>
[nixpkgs] @rnhmjoj opened pull request #61180 → [19.03] Avoid collisions between essential packages → https://git.io/fjCv8
<makefu>
BuGless:i have it disabled on all my machines because for me hostname caching produced some weird issues
<linarcx>
Guys, i want to create package for lantern. But i don't know where to put it in nixpkgs tree.
<BuGless>
edolstra said in that git pull: No, nscd should not be disabled. It's essential on NixOS to ensure that NSS modules work properly (including for 32-bit programs on 64-bit NixOS).
<BuGless>
But that does not properly explain why
jb55 has joined #nixos
<BuGless>
edolstra: That only works for NSS modules built into Glibc. It won't be able to find e.g. libnss_myhostname or libnss_mymachines from systemd because they are not in the library search path.
<makefu>
linarcx:what is lantern?
<BuGless>
So what happens if a program that does not find those libraries tries to use gethostbyname() ?
<linarcx>
Put it into `tools/networking` or in `applications/networking` ?
<BuGless>
In order for it to query nscd it still needs to construct an UDP packet and send it to nscd locally, so why not send it across the network?
<makefu>
linarcx: propably applications, tools may only be supportive. but i guess it would be fine in both paths
noam has joined #nixos
<BuGless>
Or, in other words, does someone have an example program that fails if nscd is not running?
<linarcx>
makefu: Thank you.
fishi0x01 has joined #nixos
ubert has joined #nixos
<BuGless>
After reading https://github.com/NixOS/nixpkgs/pull/50316 I conclude that killing nscd does not break anything *unless* you want to use funky dns query resolutions that go to other places than an regular dns server (like an LDAP server).
<clever>
or avahi
<makefu>
i packaged an optional dependency for home-assistant (gtts-token), but adding it to extraPackages results in conflicts as it seems home-assistant module overrides specific dependencies. is there a way to get the package into my module anyway?
<srk>
is there a way to run a single test from e.g. installer.nix tests?
<BuGless>
Ok, nscd disabled. One down, seven to go. Anyone know how I can disable dhcpd? I tried: services.dhcpd4.enable = false; But that does not seem to have any effect.
toppler` has quit [Ping timeout: 245 seconds]
<BuGless>
Ok, found it, I think: networking.useDHCP = false; seems to work
<manveru>
at least it should give you some ideas of how to replace init, because that's not that simple on nixos
<BuGless>
manveru: Looks interesting. Maybe exactly what the doctor ordered. The only remaining question then becomes if I can then install back node and headless chrome on it. I basically want three processes running: init (my custom shell script), node and a chrome binary (without X-display).
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.2)]
<manveru>
i think that should work
<manveru>
but clever will know :)
<rauno>
hey gchristensen, wanted to ask that should this generated netboot image selfinstall nixos also? currently doesnt happen much after booting up :)
<BuGless>
Even though not-os might be the correct starting point for my minimal node/browser solution; I still have nixos running inside an lxc for normal development work, and the agettys are still unnecessary (as well as dbus, I guess). Googling does not reveal much clues on how to disable them though.
jasongrossman has joined #nixos
<sphalerite>
BuGless: have you set boot.isContainer = true; yet? :)
<BuGless>
Nope. Doing so now.
<BuGless>
When I set that, can I then get rid of the nix.useSandbox = false hack?
<sphalerite>
BuGless: but I suspect you don't really need to use nixos in the container at all…
<BuGless>
Actually, I do. I need a nixos development environment
<BuGless>
Or can I have that without installing nixos?
cfricke has joined #nixos
<sphalerite>
I thought you only want your init script + node + headless chromium?
bgamari has quit [Ping timeout: 258 seconds]
<BuGless>
Yes, I do. But I want to generate that using nix
bgamari has joined #nixos
<BuGless>
I want nix to handle the node and headless chromium dependencies.
<qyliss^work>
BuGless: I think you'd find #56411 interesting
<qyliss^work>
It's not in Nixpkgs yet, but should be shortly. It has a function for building an OCI container image from a Nix package.
<sphalerite>
BuGless: you don't need nix in the container for that
<Taneb>
Is there a lib function for "do these nested attrsets overlap"? Which would be true for { a = 1; } { a = 2; } but false for { a = { b = 1; }; } { a = { c = 2; }; }
<BuGless>
sphalerite: You're saying I could install nix under e.g. Debian and then go from there?
<sphalerite>
BuGless: if you make your init script using nix, you can make a filesystem containing only that using nix copy
<sphalerite>
BuGless: then add the other little bits and bobs like /etc/passwd on top
<sphalerite>
BuGless: you could also use something like make-system-tarball to generate the whole thing using nix
work_ has joined #nixos
<sphalerite>
BuGless: going "down" from a full nixos or debian will probably be more complicated/unclean than going "up" from just your script
<BuGless>
sphalerite: To make things clear: my direct need is a nix-constructed image that I can run on Google-Compute-Engine; so it must contain grub, preferably a custom kernel without modules where I determine the kernel config, my init shell script, node, headless chromium, and all the cursed libraries that that means.
<sb0>
what do the links point to in the hydra "build dependencies" tab?
gm_ has quit [Quit: Connection closed for inactivity]
<sphalerite>
BuGless: I thought you wanted a container
<sb0>
if you click on the first "bootstrap-tools" it sends you to a build for "nixpkgs:staging:qwt6_qt4.aarch64-linux"
<sb0>
why?
<sphalerite>
BuGless: but that sounds even more like not-os is right for you
<sb0>
is this normal or is there a bug?
<sphalerite>
BuGless: specifically grub? Or just "be able to boot"?
<BuGless>
sphalerite: but in order to construct such a thing using nix, I need some kind of development environment where I can run nix-build; which would mean that I need nixos, which I now installed inside lxc, which I'm trying to optimise to get a lean development environment.
Ariakenom has joined #nixos
<BuGless>
sphalerite: grub is spec'd by Google compute engine, they do not want to boot from anything else.
sondr3 has joined #nixos
<tilpner>
BuGless: You can run nix-build on other Linux distributions just fine
<sphalerite>
oooooh. Anything wrong with just using nix on your host system?
<BuGless>
sphalerite: My host system consists of a company wide system of several servers that all provide lxc containers to do actual work in. The host system is off limits and is not used to do development work, it is only there to start and juggle all lxc's (they are migrated from server to server sometimes).
<BuGless>
tilpner: How do I get a nix-build running on debian?
<BuGless>
tilpner: Thanks. Though this means that I have to recompile my kernel (which I will do shortly), I never had a use for user namespaces, so I stripped it out (I've been running custom kernels since 1992).
<rauno>
gchristensen, from where does it look for the userdata file ?
<rauno>
I can see readme refers to it, can it be included in built image or msth?
linarcx has quit [Ping timeout: 246 seconds]
<rauno>
oh right, metadata!=userdata
linarcx has joined #nixos
<tilpner>
BuGless: User namespaces aren't strictly required. You can disable build sandboxing, and then Nix won't insist on user namespaces
<tilpner>
BuGless: But build sandboxing is a great feature and you should keep it enabled if possible
<BuGless>
tilpner: What do I lose when I don't have build-sandboxing?
<tilpner>
BuGless: A ton of guarantees that your build will also build on other machines
<tilpner>
BuGless: E.g. a sandboxed build has no filesystem access to anything no declared, and no network access unless it promises that it will always produce the same thing
<BuGless>
Ah
<BuGless>
Sounds useful indeed.
aanderse-znc has joined #nixos
<BuGless>
As it turns out, it was the last of the namespace options I had disabled, the others were already on. This is first application I ever use that uses them.
<sphalerite>
lxc and docker can also use them I believe
<BuGless>
lxc can use them, but I never asked it too, probably.
<BuGless>
docker I run without it, it never asked for it.
<sphalerite>
it's useful in that it allows root within the contianer to correspond to a different UID outside the container
<BuGless>
Mostly for root inside the container exploiting a kernel bug, I presume.
rauno has quit [Ping timeout: 255 seconds]
silver has joined #nixos
<xorAxAx>
BuGless, do you know nixos-generate?
<linarcx>
Guys, i want to create a pckage that need gulp and npm as dependencies. but when i add theme to list of dependencies, i've got this error:
<linarcx>
error: anonymous function at /home/linarcx/Development/nixpkgs/pkgs/applications/networking/lantern/default.nix:1:1 called without required argument 'gulp', at /home/linarcx/Development/nixpkgs/lib/customisation.nix:69:12
<BuGless>
xorAxAx: No, didn'
<BuGless>
xorAxAx: No, didn't know that yet. I've been using nixos/nix since yesterday morning, basically. Trying to learn as fast as I can.
gm_ has joined #nixos
<xorAxAx>
BuGless, no problem, it can be used to bake gce images
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @Mic92 pushed 3 commits to release-19.03: https://git.io/fjCTw
<gchristensen>
"Without this patch for example throughput on aencrypted zfs dataset drops to 200 MB/s from 1.2 GB/s" wow
ilikeheaps has quit [Ping timeout: 268 seconds]
kreisys has joined #nixos
acarrico has joined #nixos
<BuGless>
tilpner: Just rebooted into my usernamespace-enhanced kernel 5.1.0 et voila! installation of nix under debian finishes without hitches. Thanks.
linarcx has quit [Ping timeout: 255 seconds]
<clefru>
I am all in favor of making ZFS run well. Gregk's opinion here is pretty stubborn
linarcx has joined #nixos
Tucky has quit [Quit: WeeChat 2.4]
<jasongrossman>
Mic92++
<{^_^}>
Mic92's karma got increased to 10
alexherbo2007 has joined #nixos
Synthetica has quit [Quit: Connection closed for inactivity]
<BuGless>
When I input that as configuration.nix and run nixos-generate -f gce, I get back:
<BuGless>
- Mountpoint '/': 'autoResize = true' is not supported for 'fsType = "auto"': fsType has to be explicitly set and only the ext filesystems and f2fs support it.
<BuGless>
I'm trying to override that setting in google-compute-image.nix
Guestss1 has quit [Excess Flood]
Guestss1 has joined #nixos
Guestss1 has quit [Max SendQ exceeded]
Guestss1 has joined #nixos
Guestss1 has quit [Max SendQ exceeded]
Tucky has joined #nixos
Guestss1 has joined #nixos
Guestss1 has quit [Max SendQ exceeded]
Guestss1 has joined #nixos
Guestss1 has quit [Max SendQ exceeded]
<BuGless>
Yesterday that seemed to work, on my running gce instance. But trying it now in this standalone setting with nixos-generate seems to be problematic. The mkForce does not seem to be consistent.
<gchristensen>
anyone have a handy nginx configuration to make a caching reverse proxy for cache.nixos.org?
anon has joined #nixos
<andi->
sure, 1 sec
<Ashy>
gchristensen: is this something recent? i have noticed my ryzen machine acting noticably slower the last week or two and it's an encrypted zfs root partition
<talqu>
sondr3: What this would mean, that I system will try to build this package?
<BuGless>
gchristensen: What kind of webserver/scripting is it running to need a caching reverse proxy?
<gchristensen>
nice, thanks andi-
<gchristensen>
BuGless: I want to serve a proxying local cache inside a network which does a lot of fetching from the cache
cfricke has quit [Quit: WeeChat 2.4]
<Ashy>
gchristensen: that's around the time i upgrade to kernel 5, so this patch is included in 5 and slows things down or the opposite?
<Ashy>
s/upgrade/upgraded/
<talqu>
I don't get it. If the package is marked as broken, doesn't it mean it breaks while building? If my try to build it with my system, it will not build, right? I have tried it and the build failed
<gchristensen>
Ashy: the linux kernel included patches which make it harder for ZFS to do certain operations quickly, the patch from Mic92 reverts that change
<sondr3>
talqu: oh, I thought you hadn't tried building it yet
<gchristensen>
talqu: no, it means the package doesn't work
<sondr3>
no, it just overrides the broken marker
<gchristensen>
it may not build, or it may not function
<gchristensen>
andi-: I like that this is in a container, very elegant
<andi->
gchristensen: containerize everything!
<talqu>
thanks
acarrico has quit [Ping timeout: 246 seconds]
ckoparkar has joined #nixos
justanotheruser has joined #nixos
ckoparkar has quit [Remote host closed the connection]
acarrico has joined #nixos
<Ashy>
gchristensen: wow indeed, i hadn't read into it in that much detail yet
<xorAxAx>
what does IFD mean?
<andi->
,ifd
<{^_^}>
import-from-derivation (IFD) is when you evaluate nix from a derivation result, for example `import (pkgs.writeText "n" "1 + 1")` will evaluate to 2. This is sometimes problematic because it requires evaluating some, building some, and then evaluating the build result.
<BuGless>
.mkForce
<xorAxAx>
andi-++
<{^_^}>
andi-'s karma got increased to 12
<BuGless>
Which goes to say, can someone give me a hint how to properly override a setting obtained from an import?
<andi->
BuGless: it depends on the priority of the setting from the import. mkForce should usually be enough (`some.var = mkForce "my-value"`)
srid has quit [Ping timeout: 246 seconds]
linarcx has quit [Quit: WeeChat 2.4]
<BuGless>
andi-: fileSystems."/".fsType = mkForce "ext4"; does not seem to work
<andi->
BuGless: that sounds odd. how does the import set the value?
acarrico has quit [Ping timeout: 255 seconds]
zupo_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
srid has joined #nixos
sigmundv__ has quit [Ping timeout: 255 seconds]
<xorAxAx>
BuGless, sounds like a bug in the code of nixos-generators
work_ has quit [Quit: Connection closed for inactivity]
<BuGless>
xorAxAx: Maybe a wrong assumption on my part. Running nixos-generate without -c argument, I assumed it would pick up the configuration.nix in the current directory. It seems like it does not.
<xorAxAx>
ah
<BuGless>
It seems to work now, and it is pulling in everything and the kitchen sink. So now I "just" have to figure out how to replace the full nixos contents in that gce-image with just the parts I need.
<sondr3>
dang, I still cannot update my system because I get `Failed to connect to codeload.github.com port 443: Connection refused` when updating
<sondr3>
It looks like it is my Emacs configuration that is hammering GH
<guest__>
Hello. Is there an equivalent of "nix-shell" in the "nix" command? Or is there a static equivalent of https://matthewbauer.us/blog/static-nix.html for nix-shell command?
<BuGless>
I'm impressed, nixos-generate temporarily boots and shuts down a linux image as part of the build process.
iyzsong has joined #nixos
<adisbladis>
guest__: You may want `nix run`, though it's not the same as nix-shell
<manveru>
i thought maybe `:u` in `nix repl`, but that probably just uses nix-shell as well
<guest__>
adisbladis: thanks, but I want to setup a dev environment, without installing nix in the machine. that's why a static setup would be perfect
<manveru>
guest__: silly idea, install `nix` via `static-nix`, that includes nix-shell :)
<adisbladis>
Another silly idea: nix run nix -c nix-shell
<sphalerite>
guest__: do you need nix-shell specifically, or just to get a tool on $PATH? If the latter, you can use `nix run`
ng0 has joined #nixos
<guest__>
I need to have some tools in the path (git, cmake, ...) + some overlays for some nix packages (mostly a custom gcc)
<ottidmes>
I am writing a script to improve some automation on my NixOS machines, for it I need to know whether a device is mounted or not, say if I pass the script /dev/sda then I want to know whether any partition of /dev/sda might be mounted, whats the best way to do it? I could hack something together, but that would be using output meant for human comsumption (i.e. error prone for scripts), I tried looking at
<ottidmes>
findmnt, but that seems to only work to check this for a partition rather than the complete device.
<bitmapper>
i can't write any qtquick apps
<bitmapper>
because it seems like part of qtfull is missing
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fjCt6
Neo--- has quit [Ping timeout: 257 seconds]
drakonis_ has joined #nixos
Makaveli7 has quit [Quit: WeeChat 2.4]
acarrico has quit [Ping timeout: 246 seconds]
<ottidmes>
lsblk -no MOUNTPOINT <device>, seems to do the trick
<pie__>
bitmapper, are you using nix-env? idk if it ever got fixed but qt used to be very broken if you had multiple versions and were using stateful system config (i.e. imperative nix-env stufF)
<{^_^}>
[nixpkgs] @peti pushed 3 commits to haskell-updates: https://git.io/fjCtD
<bitmapper>
i can make qt projects but not qtquick ones
mexisme has joined #nixos
<bitmapper>
pie__: would that cause the same issue?
drakonis has quit [Ping timeout: 258 seconds]
mexisme has quit [Ping timeout: 245 seconds]
josiah_sama has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<elvishjerricco>
Can you set a priority for binary caches? I've got a slow one that serves a lot of the same paths as cache.nixos.org, and Nix is prioritizing the slow one
<Baughn>
Is `nixos-rebuild --build-host` expected to throw signature errors?
<gchristensen>
Baughn: that is expected if you're not connecting as a trusted user
<Baughn>
Ah. So I need to set that, or use sudo.
Ariakenom has quit [Ping timeout: 245 seconds]
<Baughn>
Better error messages would be nice. :)
<pie__>
bitmapper, the question is if you have any QT installations in your environment i think, but im really not sure. what do you mean by it looks like its missing stuff
<elvishjerricco>
gchristensen: A higher number for Priority indicates it should be more preferred, right?
<bitmapper>
the store path for qt-full is missing a bunch of files
<bitmapper>
like even qt-base has more files
drakonis has joined #nixos
<bitmapper>
in /lib
<gchristensen>
elvishjerricco: a lower value is a higher priority
<elvishjerricco>
gchristensen: Oh. Damn. Then this cache is using a lower number when I really want it to use a higher number, since it's slower
<elvishjerricco>
is there a way to override?
<gchristensen>
hmm
<gchristensen>
this is a *wild* guess
<pie__>
bitmapper, hm idk then
<gchristensen>
but try adding ?priority=xxx to the end of the cache URL?
Synthetica has joined #nixos
<bitmapper>
i'm rebuilding rn
<bitmapper>
to see if it helps
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-regex-tdfa: apply patches to fix the build with ghc-8.8.x »: https://git.io/fjCtb
josiah_sama has joined #nixos
<bitmapper>
i might have to edit the package
<Synthetica>
Is there some option for a delete-on-logout guest profile in NixOS?
sigmundv__ has quit [Ping timeout: 245 seconds]
<goibhniu>
bitmapper: could it be that you need to use a different output from qt-full?
<bitmapper>
?
<bitmapper>
no, i'm following the wiki
<bitmapper>
i've looked at all the outputs of qt5.full
pointfourone has quit [Remote host closed the connection]
waleee has quit [Quit: WeeChat 2.4]
drakonis_ has quit [Ping timeout: 248 seconds]
<bitmapper>
brb
<Taneb>
Is there a way I can instantiate (but not build) a derivation as part of (eg. as an input to) a nix build?
rauno has joined #nixos
<elvishjerricco>
gchristensen: No dice
Tucky has quit [Quit: WeeChat 2.4]
bitmapper has quit [Ping timeout: 245 seconds]
<Taneb>
I'd like to test on my local Hydra server that a collection of derivations instantiate, but building them takes far too long to have in our regular CI
asar has joined #nixos
andi- has quit [Ping timeout: 250 seconds]
schjetne has quit [Ping timeout: 245 seconds]
talqu has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed 12 commits to haskell-updates: https://git.io/fjCqL
<talqu>
services.postgresql.initialScript, if the change that string and rebuild the configuration.nix file, nothing changes in the postgres, only the first initial string was execute and database, role were created. I have a similar, basic configuration like in Deploying databases section from here https://nixos.wiki/wiki/PostgreSQL. Moreover, I can't init the connection with haskell's simple-postgresql lib getting this er
<talqu>
ror: Exception: libpq: failed (FATAL: no pg_hba.conf entry for host "127.0.0.1", user "talqu", database "talqudb", SSL off
vidbina has joined #nixos
sigmundv__ has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-lucid: jailbreak to fix the build with ghc-8.8.x »: https://git.io/fjCqY
<samrose>
anyone come across `libtool is required, but wasn't found on this system` in a context of npm build of deps ?
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-hashable-time: jailbreak to fix the build with ghc-8.8.x »: https://git.io/fjCqs
<samrose>
running `node-gyp-build "node preinstall.js" "node postinstall.js"` on sodium-native package
pointfourone has joined #nixos
pointfourone has quit [Client Quit]
andi- has joined #nixos
<chaker>
samrose: Are you trying to build a JS package with Nix?
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « all-cabal-hashes: update to Hackage at 2019-05-08T22:18:59 »: https://git.io/fjCmc
<{^_^}>
[nixpkgs] @peti pushed to master « all-cabal-hashes: update to Hackage at 2019-05-08T22:18:59 »: https://git.io/fjCmc
Shouou has joined #nixos
Plotinus has joined #nixos
ddellacosta has joined #nixos
<camsbury->
hi all - looking to setup a binary cache in a private network. Is the best way to just use the SSH option? I did `nix-serve`, but it doesn't allow for `nix copy`...
ee1943 has quit [Read error: Connection reset by peer]
rembo10 has joined #nixos
drakonis has joined #nixos
drakonis_ has quit [Ping timeout: 276 seconds]
zeta has joined #nixos
dbmikus_ has quit [Ping timeout: 244 seconds]
drakonis_ has joined #nixos
<zeta>
i am trying to install: lux brightness control but the manual installation is not working, how would i install and build this application with nix ?
ambro718 has quit [Quit: Konversation terminated!]
ixxie has quit [Ping timeout: 268 seconds]
<camsbury->
gchristensen: want it deployed to a kubernetes cluster, so no dice with s3
<camsbury->
trying to test it locally to begin with in a docker image
<camsbury->
`nix-serve` works nicely for reading, but want to push binaries too
<NemesisD>
i get the "cloning builder process: Operation not permitted" error all the time. I've run `sudo systctl -w kernel.unprivileged_users_clone=1` but it does not persist across reboots. why?
<{^_^}>
[nixpkgs] @NeQuissimus pushed commit from @hlolli to master « graalvm: rc8->rc15 »: https://git.io/fjCOn
cfricke has joined #nixos
zupo has joined #nixos
zeta has joined #nixos
Myhlamaeus has joined #nixos
<NemesisD>
are there any phases of the nix build that are allowed to reach outside of the sandbox? i've got an installer with some prebuilt bins i need to patchelf, but the installer runs those bins which reference shared libraries in e.g. `/lib64`. the installer itself is very hard to patch as it is a shell script with embedded data, internal checksums, etc
<NemesisD>
it'd be much easier just to patch the $out after running the installer and directing its output there
<zeta>
in the `permissions` section i would like to do the `recommended` option, how would i do this in nixos ? attached is the instructions: https://github.com/giovanifss/xmonad-brightness
<gchristensen>
zeta: not sure why you're not wanting, say, `brightnessctl` or `light` which are already packaged in NixOS
hoijui has joined #nixos
ambro718 has quit [Client Quit]
hoijui has quit [Remote host closed the connection]
cfricke has quit [Quit: WeeChat 2.4]
asar has quit [Ping timeout: 256 seconds]
wfranzini has joined #nixos
ambro718 has joined #nixos
thomashoneyman has joined #nixos
ris has joined #nixos
<sphalerite>
zeta: the `programs.light` module does this for the `video` group — if you add yourself to that group (users.users.zeta.extraGroups = ["video"];) and enable light (programs.light.enable = true;) it should work.
<sphalerite>
zeta: if you don't want light to be pulled in, you can copy the udev rule from the light module yourself
<sphalerite>
,find light.nix
<{^_^}>
,find is temporarily unimplemented
<camsbury->
trying to serve a binary cache with SSH and getting `nix-store` not found
<sphalerite>
infinisil: will we get ,find back soon? :D
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sphalerite>
camsbury-: on a non-nixos distro?
<thomashoneyman>
clear
acarrico has quit [Ping timeout: 244 seconds]
<infinisil>
sphalerite: MMMMmaybe
<camsbury->
s
<camsbury->
yes
<camsbury->
it's alpine
fishi0x01 has quit [Ping timeout: 246 seconds]
<camsbury->
but I can `which nix-store` fine
<sphalerite>
camsbury-: simplest solution, if you have root access, is to create a symlink /usr/local/bin/nix-store -> /nix/var/nix/profiles/default/bin/nix-store
<camsbury->
nice
<camsbury->
I'll try that
<sphalerite>
camsbury-: because in a non-interactive SSH session, .bashrc or whichever flie it is isn't sourced so ~/.nix-profile doesn't end up on $PATH
<camsbury->
error: cloning builder process: Operation not permitted
<camsbury->
is what I'm seeing now
ambro718 has quit [Quit: Konversation terminated!]
<camsbury->
but it at least knows about `nix-store`
<zeta>
gchristensen: well i am using xmonad by itself(without a desktop environment) so the brightness function keys do not work, i am currently using brightness control, it is a hassle to always have to reset the brightness after i reboot and it's lowest brightness is still too bright so it hurts my eyes, i have not tried out bright, so i don't know if it will work for me or not, this `xmonad-brightness` seems like
<zeta>
it will work with my function keys but the only problem is it can only be used by root, so how would i chainge the permissions for this in nixos ?
<start2>
Hey there, where would you put a code snippet that should be executed on startup?
<gchristensen>
start2: what do you want to do? usually the best thing to do is make a systemd service for it
<start2>
the above command maps capslock to ctrl and escape at the same time
Denommus has joined #nixos
<lopsided98>
NemesisD: there is no way to escape the sandbox like you describe
<NemesisD>
lopsided98: damnit. the problem is that the thing i'm trying to write a derivation for (conda) only seems to support installation via their installer script. i don't know how other source-based distros handle this
acarrico has joined #nixos
adamt has joined #nixos
joko has quit [Quit: leaving]
<lopsided98>
NemesisD: Doesn't nixpkgs already have conda?
<adamt>
Hiya. What's the proper way of overriding a pkg when I also need to add an extra dependency that needs to be injected? (an extra argument to the list of arguments to the pkg definition). Sorry my terminology is pretty wonky. :P
<zeta>
gchristensen: how would i do this declaratively in nixos: Recomended: Create a group with your user and root and give permissions to this group to write the file;
<NemesisD>
lopsided98: yeah it sucks. all the derivation gives you is a script which, when run for the first time generates a command which which will have conda in an FHEnv. it's clearly meant for interactive use. i'm trying to write a derivation conda as a standalone tool suitable for deployment
<adamt>
(I just want to build nftables locally with json support, so I need to override the configureFlags (easy) but also make nix inject jansson as an extra library)
knupfer has joined #nixos
<zeta>
i think i figured it out, i hope it works
<lopsided98>
NemesisD: I don't know much about conda, so I can't help much, but it is usually possible to manually extract self extracting scripts
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<samrose>
when you are running a nix expression is there a way to see what "phase" you are in from the stdout output?
<infinisil>
taktoa_: How about adding it to checkInputs?
<taktoa_>
infinisil: it's not a package, it's supposed to be built into python
<taktoa_>
like there is no python3Packages.unittest
<infinisil>
Oh
<taktoa_>
and if I build python3Packages.python and then run `find` on the output dir, I see that $out/lib/python3.7/unittest/ exists and is full of files
<taktoa_>
sorry I meant (import overlay.nix) not (import ./nix/overlays/python.nix {})
josiah_sama has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<lopsided98>
Synthetica: Maybe you already know this, but you can use "pkgsCross.armv7l-hf-multiplatform" to get cross compiled packages which is a little easier than passing manually passing crossSystem
ddellacosta has joined #nixos
Plotinus_ has quit [Quit: night]
<lucus16>
There's a pkgsCross.raspberryPi too
<Synthetica>
lopsided98, lucus16: Thanks, I'll check that out
ng0 has quit [Quit: Alexa, when is the end of world?]
<NemesisD>
what's the equivalent of patchelf for darwin?
sondr3 has quit [Quit: WeeChat 2.4]
<immae>
Hello there, I did a lot of cleanup in my nix derivations recently, and I have packaged some applications that could maybe interest some more people: https://git.immae.eu/?p=perso/Immae/Config/Nix.git;a=tree;f=pkgs/webapps;h=58814610c9847861810c06c29c914a4215d65a51;hb=598aaa373c359046ee08ab5e7576ebaa4f0331e0 I’m in the process of adding them to NUR, but they could be added to nixpkgs if there is some
<immae>
interests in it (for the most known: diaspora, dokuwiki, etherpad-lite, mastodon, nextcloud-with-apps-support, peertube). Feel free to give feedback if you want to push for it or improve them
<matthewbauer>
NemesisD: install_name_tool
bgamari has quit [Ping timeout: 252 seconds]
bgamari has joined #nixos
srid9 has joined #nixos
<NemesisD>
matthewbauer: maybe i'm using too low level of a tool: i have a derivation which has some prebuilt binaries. right now i'm doing a complex find for ELFs then `patchelf --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2` and `patchelf --set-rpath ${stdenv.glibc}/lib`. is there a higher-level way to do this that'd work on macs and linux?
srid has quit [Ping timeout: 258 seconds]
esmerelda has quit [Ping timeout: 252 seconds]
<matthewbauer>
NemesisD: well we don't want to use glibc on macos
<matthewbauer>
NemesisD: but you can do `install_name_tool -add_rpath ... $exe`
fishi0x01 has joined #nixos
<NemesisD>
matthewbauer: is that a mac-only thing?
start2 has quit [Ping timeout: 256 seconds]
<NemesisD>
i'm kind of surprised there isn't a function for this or something in nix. it seems like this would come up a lot
Ariakenom has quit [Quit: Leaving]
fishi0x01 has quit [Ping timeout: 255 seconds]
<sheeldotme>
I've tried to implement custom build dependencies for my project and the way I've done it feels a little hacky. If someone wouldn't mind giving me feedback on how to improve my implementation I'd really appreciate it :). https://gist.github.com/sheeldotme/d65dacf03950a2f808c91d18b4cea85d
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<LnL>
NemesisD: rpath is almost never used on darwin so patching a binary is usually completely different
<NemesisD>
maybe this will just work on mac then...
<LnL>
depends on what it links against, but yeah often prebuild things won't have external (non system) dependencies
esmerelda has joined #nixos
<NemesisD>
LnL: this one links to things in /lib64 on linux and i'm just about a hair's breadth away from symlinking the libc lib dir into `/lib64` on my docker image and calling it a day
<zeta>
i made a mistake in xmonad.hs this morning which caused the volume to stop working, i want to switch back to what my the config i was using when i first woke up this morning, do the configs on bootup have a date ?
marcinkuzminski has quit [Ping timeout: 258 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
<zeta>
i checked in #haskell and we found out that it is pactl that is not working, but i have no idea how to fix it: https://hastebin.com/okucifobey.rb
<zeta>
:(
drakonis has joined #nixos
<zeta>
i was thinking of just reinstalling nixos with usb
<clever>
zeta: reinstalling wont fix anything
<clever>
you would need to either find or remake your configuration.nix, and thats also how you just fix it
<clever>
zeta: how exactly is pactl not working?
<jasongrossman>
I think the problem is in xmonad.hs not configuration.nix, right, zeta?
drakonis_ has quit [Ping timeout: 258 seconds]
<zeta>
clever: whenever i do a command with pactl it does nothing, i think xmonad.hs is fine, the problem is with nixos, i have xmonad.hs setup in home.nix
<simon_weber>
hi all! I'm looking into nixos (and possible nixops) as a potential replacement for ansible in a number of small web services I run. The config management involved is around things like nginx, python versions, pip packages, gunicorn, firewalls, log rotation, etc. Deploys are generally copying in new code, running migrations, and restarting.
<simon_weber>
Does anybody have recommended examples of these kinds of services I can look at?
judson has quit [Remote host closed the connection]
<jasongrossman>
simon_weber: You might find something useful at https://search.tx0.co.
judson has joined #nixos
<jasongrossman>
Which searches a few people's NixOS configurations.
<simon_weber>
useful, thanks
<jasongrossman>
simon_weber: Apart from that, if you're not in a hurry then hang out here for a while, and you'll get a good impression of the sorts of things that cause problems.
<selfsymmetric-mu>
Contributing to nixpkgs is impossible. I have had a simple PR up for almost 4 months now. All it does is add some dependencies to `nodePackages`.
<simpson>
selfsymmetric-mu: I agree that PRs to nodePackages can take a long time. We have some boilerplate for this.
<simpson>
,prs
<selfsymmetric-mu>
jackdk: Yes, that's the one. Is there anything I can do? I've been trying my best to follow instructions but I can't get enough purchase with the maintainers.
<simpson>
...Hm. Well, we *had* boilerplate for this. It started with something like "Sorry. Which PR?"
hio has quit [Quit: Connection closed for inactivity]
<selfsymmetric-mu>
simpson: Hahahaha. Good to know I'm in good company.
<selfsymmetric-mu>
I was fixing merge conflicts for the first couple of months. Then somebody mentioned that I should remove the generated JSON after all because there was some new system coming. And now silence.
<jackdk>
selfsymmetric-mu I wish I knew. most of my PR activity is either testing r-ryantm stuff (which I hope helps move things along) or is haskell-related (and has high maintainer activity)
<selfsymmetric-mu>
ryantm: Originally what I did was I used the node generation utility to generate these packages independently, but they would be better as dependencies of `textlint`. If built as individual packages, the attributes would look like `nodePackages.textlint-plugin-latex`; and likewise for the remainder in the diff: https://github.com/NixOS/nixpkgs/pull/54443/files
ym555 has joined #nixos
<selfsymmetric-mu>
`nodePackages.write-good` is the odd one out in terms of naming convention (it should probably be `textlint-write-good`), but it's not special otherwise.