<gchristensen>
I think nixops' SSH key handling should be ... extensible
<clever>
gchristensen: ive noticed the none and ec2 backends handle it very differently
halfbit has quit [Ping timeout: 252 seconds]
<clever>
gchristensen: and ec2 can easily "forget" keys
<gchristensen>
specifically not just SSH keys, but the ability to generate arbitrary pub/priv keys and sync them back to nixops' controller for distribution
<clever>
the none backend gets into the machine "somehow" (password usually), then generates its own key and lets itself in via the deployed config
<gchristensen>
hmm
<clever>
but the ec2 backend relies ENTIRELY on the /root/.ssh/authorized_keys that was made on first-boot
<clever>
also, the ec2 backend remembers the name of the keypair you used, and if you rename it, nixops will notice the name is "wrong" and choose to use no keys!
ee1943 has quit [Read error: Connection reset by peer]
<gchristensen>
yikes
<clever>
and then lock itself out
<clever>
but it wont delete the private, so if you undo the rename, it can regain access
<clever>
the other problem there, is that if you disable ~/.ssh/authorized_keys, you lock nixops out!
Guanin has quit [Remote host closed the connection]
jluttine has quit [Ping timeout: 268 seconds]
selfsymmetric-mu has joined #nixos
nekroze has joined #nixos
i1nfusion has quit [Remote host closed the connection]
i1nfusion has joined #nixos
esmerelda has joined #nixos
<nekroze>
I am unable to get nixops to deploy to aws any resources/machines at all due to an AuthFailure which google suggests is a clock sync issue but my clock is perfectly fine. Has anyone recently used nixops to deploy to aws?
<nekroze>
only other suggestion I see that even vaguely makes sense in my case is that it should use boto3 instead of boto, I see nixops has both as deps though so not sure what is happening there
kvda has joined #nixos
_ris has quit [Ping timeout: 260 seconds]
___quietlaika has quit [Ping timeout: 248 seconds]
selfsymmetric-mu has left #nixos ["gone to the land of dead hiccups and extinguished light bulbs"]
jluttine has joined #nixos
nD5Xjz_ has quit [Ping timeout: 268 seconds]
nD5Xjz has joined #nixos
<{^_^}>
[nixpkgs] @samueldr opened pull request #61847 → Fixes meson for systemd-boot AArch64 cross-build → https://git.io/fj4Kc
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kvda has joined #nixos
<v0id72[m]>
clever: Wow that shit still didn't work :(. However I found that creating an i3status folder under .config then saving the default of the i3status.conf file as config was the fix infinisil
<v0id72[m]>
copied it and pasted into the config file that is.
moet has joined #nixos
Synthetica has quit [Quit: Connection closed for inactivity]
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
drakonis_ has joined #nixos
kvda has joined #nixos
drakonis has quit [Ping timeout: 258 seconds]
acarrico has joined #nixos
nekroze has quit [Quit: Lost terminal]
orivej has quit [Remote host closed the connection]
<markasoftware>
why do they use pkgs.writeFile for pre-configFile, when the only thing they essentially just use it for string substitutions? Why not just assign it to a variable?
___quietlaika has quit [Ping timeout: 244 seconds]
o1lo01ol1o has joined #nixos
___quietlaika has joined #nixos
rpg has joined #nixos
<markasoftware>
i see that they're using awk to fiddle with the whitespace; is that the only reason?
o1lo01ol1o has quit [Ping timeout: 248 seconds]
wfranzini has quit [Remote host closed the connection]
Rusty1 has quit [Quit: Konversation terminated!]
buckley310 has quit [Ping timeout: 268 seconds]
buckley310 has joined #nixos
drakonis has quit [Quit: WeeChat 2.4]
knupfer has joined #nixos
Myhlamaeus has joined #nixos
<Mateon1>
Hi, I wanted to ask, how do I change the hard ulimit for the number of open files in nixos? /etc/security does not exist on nixos, and searching through nix config options only gives the (soft) max fds setting for the ipfs service.
<Mateon1>
Well, there are a lot more service-specific settings for the soft ulimit here, I can't find a way to change the hard ulimit
<Mateon1>
The `ulimit -H -n` is 4096 for me right now, I'd like to change it to something like 32k or more
<pmiddend>
I'm curious: when I run nix-shell in a directory containing a shell.nix, is this directory automatically copied to the nix store?
fusion809 has joined #nixos
nschoe has quit [Ping timeout: 272 seconds]
<v0id72[m]>
wondering if I need to make a vmware.nix file with the driver info like vmmouse and the video card etc? Or does virtualisation.vmware.guest take care of everything?
<sphalerite>
pmiddend: no, unless the contents of shell.nix cause it to be copied
<sphalerite>
pmiddend: e.g. if you have src = ./.; in it
knupfer has joined #nixos
<pmiddend>
sphalerite: Ah, damn. That's the case with me. I'd be fine even, if it wouldn't copy the huge .git directory, too.
<sphalerite>
pmiddend: potentially just remove the src line?
___quietlaika has quit [Ping timeout: 258 seconds]
alter-schjetne has joined #nixos
<pmiddend>
Hmmm, it's a buildPythonApplication derivation, not sure if it depends on it.
<sphalerite>
ah, I'm not sure
<sphalerite>
well you can try without :)
<pmiddend>
I thought about nix-gitignore, but that gives me a weird error message.
Syndra has joined #nixos
mexisme_ has joined #nixos
goibhniu1 has joined #nixos
<sphalerite>
you can also use filterSource or the various things built on top of it like cleanSource from nixpkgs, but it'll still copy stuff every time you've changed it and run nix-shell
<pmiddend>
sphalerite: Ah, removing "src" seems to have worked!
<kvda>
Is there a way of symlinking files/dirs temporarily for the duration of the nix-shell session?
schjetne has quit [Ping timeout: 245 seconds]
<Syndra>
Hi guys, I'm new to nixos. Mostly I get that all configuration and customigation should be done through configuration.nix. But I can't get how do you guys understand which option in config is really exist and which one isn't. Like... I do want to make my sddm create wayland (sway) session option in drop-down menu in login screen. But I can't undertarnd how... Can you help me with it?
<Syndra>
Like. I found out that in /nix/store/blablabal_sddm.conf there is a section, that pointed to wayland-session file somwhere in /nix/store/blablabla-descktops/share/
<Syndra>
but those directory contains only xsessions dir and no wayland-sessions as it mentioned in sddm.config...
__monty__ has joined #nixos
toppler`` has quit [Ping timeout: 258 seconds]
<goibhniu1>
Sorry, I can't help, but hopefully someone else can point you in the right direction. You could also try asking on https://discourse.nixos.org/
schjetne has joined #nixos
toppler`` has joined #nixos
m0rphism has joined #nixos
klaas_ has joined #nixos
<klaas_>
I'm having a setup of NixOS with all channels removed, and various versions of nixpkgs checked out (via git) at specific locations. One of these I symlinked at /home/me/nixpkgs/system to denote it's a link to the "main system". Now, for some commands (e.g. nix-shell) I need to add "-I nixpkgs=/home/me/nixpkgs/system" (or add it to a NIX_SHELL variable); for others (e.g. nix-env) I need to do "-f /home/me/nixpkgs/system". I'm trying to u
<klaas_>
erally, I'm not really grokking what the meaning of the "nixpkgs=" prefix is in the "-I nixpkgs=/home/me/nixpkgs/system". In short: stuff works for me, but I'd like to get a better understanding of why it works.
<klaas_>
I'm suspecting the answer is fairly simple, but I'm having a hard time deducing it from the manuals
<etu>
klaas_: nix.nixPath may help you, it's used to specify $NIX_PATH which contains nixpkgs=/path/to/nixpkgs/channel and config location etc
<lostman>
I've made myself a VM using build-vm but that mounts my system's /nix. How can I stop it from doing that? I'd like a lightweight QEMU-based VM for development
<lostman>
I also need a custom kernel. I've built that and it works but I need the sources too. Does that mean I have to re-build the stdenv?
<lostman>
adisbladis: because it mounts it read-only and it includes my systems whole /nix which also includes previous configurations. I'd like a fresh VM with only those bits that are in the configuration for that VM
<lostman>
adisbladis: so the VM is usable as "preview" but I'd like it to be a lightweight development environment for some stuff
sigmundv has quit [Quit: Leaving]
klaas_ has quit [Quit: Page closed]
<lostman>
maybe build-vm is not the way to do it? but if not, how can I achieve similar thing (ready made qemu vm, easy to start)
<manveru>
lostman: maybe you could give arion a try?
<adisbladis>
lostman: That would mean either a union-fs and bind-mount that OR maybe add the nix-daemon sockets to your vm?
pie_ has joined #nixos
Makaveli7 has quit [Quit: WeeChat 2.4]
<manveru>
but i thought /nix is only mounted in qemu, not part of the image...
<adisbladis>
manveru: It is
<adisbladis>
But by mounting your nix-daemon sockets you could mutate the store by using the host daemon
cfricke has joined #nixos
<manveru>
ah, yeah
<manveru>
there was also an option to not mount it, if i recall right?
<adisbladis>
Though at that point a vm may be useless :D
<pie_>
why are dock drivers still so garbage
<pie_>
its a roulette of hanging my machine or crashing x11
sigmundv has quit [Client Quit]
<roberth>
lostman: arion supports sharing the host store and daemon. Do you really need a separate nix store for some reason?
Makaveli7 has joined #nixos
<lostman>
roberth: I want a clean VM. If I share my nix store then I can't be 100% sure what I'm building in the VM is clean
viric has quit [Ping timeout: 268 seconds]
<simpson>
lostman: Hm, an interesting proposition. What's the TCB for build tools in the VM, then? How does one obtain a trusted toolchain in the first place?
bennofs has quit [Ping timeout: 252 seconds]
<lostman>
simpson: I'm not worried about trusted in that sense. For example my host's /nix store has all kinds of libraries. Just want to make sure that what I build in VM doesn't have access to any of that. So it'd be best to have a clean minimal environment. Mounting my host's store breaks that, right?
<roberth>
lostman: here's an arion module to run nix-daemon fully inside the container. I will probably bundle it with arion at some point
<simpson>
lostman: Sure, although in practice it's rare for folks to forge references into the store. I normally think of the store as content-addressed, so that it's not a problem to have packages *available* if they can't actually be reached in practice.
<lostman>
roberth: but I don't want to run nix-daemon in a container. I want to build a clean VM! I know there are some modules to produce VirtualBox images (or Docker images). Just want same thing using the mechanism for build-vm since I find it nice and lightweight
<simpson>
lostman: More practically, AIUI any attempts for a package to try to forge references at build time will be detected if they're not encoded in some original manner. One has to put in some sincere effort in order to break the encapsulation; one has to do something like blindly pattern-matching throughout the /nix/store file tree.
<simpson>
So this really does come down to threat model: Are you trying to protect against your developers accidentally linking against a stray library, or are you trying to prevent malicious code from calling any gadgets it can possibly find?
<lostman>
simpson: Yeah but the VM I'm building has custom kernel (added a patch with boot.kernelPatches) and I want the VM to also use the headers from that kernel. That seems a bit harder to do. And it is hard to investigate why if there's all kind of stuff in /nix store
<roberth>
lostman: it's a solution for achieving a 99% fresh Nix store. It only has what is in the container image. Wasn't that the goal of the VM?
<simpson>
lostman: Ah, so it's for debugging purposes. Makes sense, sort of, but not really, I guess. Anyway, I need to get sleep. Best of luck.
<lostman>
simpson: no worries
civodul has joined #nixos
mexisme_ has joined #nixos
<roberth>
lostman: the nix store is not meant to be scanned through. If you want to find out why you have a runtime reference, there's nix why-depends. If you want to find out what your package uses in the build process, nix-store -qR $(nix-instantiate foo.nix). If you also want to change the build dependency, you may be better of reading the Nix expression sources.
<roberth>
also, I don't think you need a separate Nix store unless you're hacking on Nix itself (maybe) or if you can't trust the users of your system
<{^_^}>
[nixpkgs] @yegortimoshenko pushed 5 commits to master: https://git.io/fj4M1
<{^_^}>
[nixpkgs] @vbgl opened pull request #61871 → coqPackages.ltac2: init at 0.1 → https://git.io/fj4MM
<lostman>
roberth: this is all well and good just not what I want :) for example there's a nix expression that builds a docker image. what that does is it copies the minimal /nix/store into the image. I'd like exactly that but for a VM not docker image
domogled has joined #nixos
wucke13_ has joined #nixos
ng0 has joined #nixos
<roberth>
lostman: you can do something like this (import <nixpkgs/nixos> { configuration = {imports = [<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>]; }; }).config.system.build.vm
wucke13_ has left #nixos [#nixos]
<roberth>
lostman: probably that module does to much and/or in the wrong way for your specific case, but it's probably a good starting point
<adisbladis>
Given how nix deals with purity I don't see the point of copying store data into a vm image other than for the purpose of distributing a monolith
<lostman>
roberth: thanks! that does what build-vm does. i.e. mounts my host's /nix/store. maybe there are some options there. will look at the files
johanot has joined #nixos
<roberth>
adisbladis: I agree. I'm assuming he really does need a patched kernel for his purposes, which makes the VM useful. I'm not convinced that he needs a separate nix store, but that's up to him I guess
<lostman>
adisbladis: I'd like a self contained VM image that isn't tied to the host. I'd like to package it up so others who may not be using NixOS would be able to run it
<johanot>
anyone know where can I increase the initial size of this: "tmpfs 3.2G 148K 3.2G 1% /run/user/1000" ?
<roberth>
lostman: with the NixOS tests, you have the option to use an in-vm store, which is probably available in that module too
<lostman>
roberth: sweet!
<lostman>
how does one override stdenv? I need to override pkgs.stdenv.glibc.linuxHeaders
buffet_ is now known as buffet
<adisbladis>
lostman: glibc.linuxHeaders is inherited from top-level linuxHeaders. You can do this easily with an overlay
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #61876 → gdk-pixbuf: rename from gdk_pixbuf → https://git.io/fj4yv
Zer0xp has joined #nixos
Shoubit has joined #nixos
<buffet>
hey, short question: if i want to auto poweroff, is it enough to enable the upower service?
adamantium has quit [Quit: Konversation terminated!]
<Zer0xp>
Hey, so recently I was trying to shutdown my system and for some reason my screen keeps getting frozen whenever I try to turn off the system. Does anyone else face the same issue ?
<Shoubit>
I'm trying to change my ulimit no. of file descriptors allowed to be open, setting `security.pam.loginLimits = [ { domain = "*"; type = "hard"; item = "nofile"; value = "16384"; } ];` doesn't seem to have an effect -- I've tried rebooting but `ulimit -Hn` still reports 4096
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
<{^_^}>
[nix] @edolstra pushed 4 commits to improve-flake-command: https://git.io/fj4SR
<pie_>
im not _sure_ :p , or example i think firefox doesnt even have a dark mode <gchristensen> tazjin: I figured they'd probably spent a whole lot more money working on reader comfort than I have, so...
<cbarrett>
Having some trouble fetching python packages
<cbarrett>
Download error on https://pypi.org/simple/Genshi/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
<cbarrett>
Download error on https://pypi.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) -- Some packages may not be found!
<cbarrett>
Couldn't find index page for 'Genshi' (maybe misspelled?)
<cbarrett>
using the nix-linuxkit-builder
<dminuoso>
I have a wifi network attached to a network with a delegated prefix, RA is configured. My mobile device is configured correctly, but my laptop running nixos is not self configuring with IPv6 addresses. Why might that be?
<dminuoso>
(Im using networkmanager, if that is of any use)
<{^_^}>
[nix] @edolstra merged pull request #2880 → doc: clarify that optional attrs in a function argument will be ignored unless specified → https://git.io/fj4So
<{^_^}>
[nixpkgs] @yegortimoshenko merged pull request #60207 → nixos-generate-config: do not build btrfs-tools when btrfs is not used → https://git.io/fjs8D
<{^_^}>
[nixpkgs] @yegortimoshenko pushed 2 commits to master: https://git.io/fj4SN
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jmeredith has quit [Quit: Connection closed for inactivity]
zupo has joined #nixos
<yurb>
So I have this package that constantly fails to update (due to #60845). Can I somehow pin it so that nix-env automatically skips it when I run --upgrade?
<{^_^}>
[nixpkgs] @7c6f434c merged pull request #60682 → [RFC] manual: rename to users and contributors manual, add some user notes … → https://git.io/fjZK4
<{^_^}>
[nixpkgs] @7c6f434c pushed to master « [RFC] manual: rename to users and contributors manual, add some user notes … (#60682) »: https://git.io/fj4Hj
<logand>
tilpner: thanks, but you just wrote whole new module, i was hoping that there would be an easier fix
<heartman>
Hey! I repartitioned my drive and thus had to wipe and reinstall the os. I did, however, keep a copy of /etc/nixos and my /home partition. After completing the installation, I reboot as per the manual, but my system freezes during the systemd init messages (I'd say it's quite close to the end, based on previous boot times). Is there any way I can check what is causing the problem? I don't know if I can access to journalctl etc in this
<heartman>
Hm? Not sure what that means, to be honest. Can you change channels when working from the boot loader? As for a picture, I could get one with a phone, I suppose? Though, first, let me try with a default generated config. That might be easier.
<heartman>
Or ... maybe not. I can't remember aall the things I had to configure last time, but it was a bit of a pain.
<heartman>
Also, there are no error messages or warnings in the output, it just freezes after a while.
<manveru>
Heartman: maybe graphics issue?
<heartman>
Yeah, seems likely. I've got an nVidia GPU, so I've had my fair share of messing with that. I'll try and see what I can disable.
<turion>
Heartman: I mean that every time you do something like nixos-update switch, it will download the latest nixpkgs and install from there. So if there was a bug introduced recently, that could be it
<tilpner>
nixos-rebuild will not always download the newest nixpkgs
<manveru>
Heartman: does switching to other ttys work?
<turion>
tilpner: But when reinstalling from scratch?
amfl has joined #nixos
<heartman>
Ah, yeah, that might be relevant. I was on the 19.03 packages before wiping, but had an 18.09 installer lying around, so I just used that. Might be some issues there? Is there a way to change that?
<turion>
Ah right, that's nixos --upgrade I meant.
Myhlamaeus has joined #nixos
<heartman>
manveru: no, switching to other ttys doesn't work. When it locks up it locks up.
alexherbo207 has joined #nixos
<manveru>
optimus?
<turion>
Well, during the installation process you have a full nixos install at hand, so you can add any channel with nix-channel --add. There should be a way to add 19.03 again.
drakonis has joined #nixos
waleee has quit [Quit: WeeChat 2.4]
<heartman>
Ah, sweet. Yeah, that's cool. Thanks! Not sure the problem is solved yet, but we'll see.
jmeredith has joined #nixos
<pbb>
Hi, how can I prevent mkDerivation from escaping a "$" in configureFlags?
drakonis1 has quit [Ping timeout: 264 seconds]
<dminuoso>
Mmm, why is the environment containing wrapProgram not available in installPhase scripts?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil>
And add whatever commands you need to modify $out
<pie_>
mightybyte, i highly recommend as you get more familiar with the nix language to start reading the source code in nixpkgs for functions you dont understand
<mightybyte>
pie_: I'm doing that.
<mightybyte>
What I don't understand is how to connect that with an existing derivation.
<pie_>
the things in trivial-builders are at least generally understandable without too much digging \o/
<mightybyte>
All these things seem to be given as standalone examples.
<mightybyte>
I'm not seeing how to compose them with other things.
<pie_>
mightybyte, sure. the bottom line is since nix is pure, youre making a completely new derivation
<pie_>
so that implies you have to copy the contents of the old derivation into the new place
<pie_>
and make your modifications
<pie_>
alternatively, you can try to use symlinks
<mightybyte>
Ahhh
<pie_>
i.e. mutability is generally a no-no
<mightybyte>
Hmmm....in this case, I have a bunch of existing infrastructure that uses the existing derivation. I was looking for a way to modify it to include this new file.
<pie_>
a common problem
<mightybyte>
So changing the name of the derivation seems like it's not a good idea.
<simpson>
mightybyte: FWIW this particular sort of composition is pretty uncommon to desire; if one desires a change to an $out, then one usually changes the relevant builder!
<pie_>
it might be helpful/necessary to elaborate on how said infrastructure refers to the file
<pie_>
simpson, i dont follow
<tilpner>
simpson: It can be useful if the original derivation is cached, but the modified one would not be
<mightybyte>
I'm trying to include the git hash
<gchristensen>
typically if you want a different result, the way it is usually done is changing what produced the result
<mightybyte>
er, git commit
<pie_>
ah, well sure i guess
jb55 has joined #nixos
<simpson>
pie_, tilpner: Sure, but I'm guessing (mind-reading) that what is desired here is a relatively impure patch, or else mightybyte could just rerun the original generating Nix expression after patching it.
<mightybyte>
I guess maybe the most straightforward way to accomplish that would be to fork that and make the appropriate changes?
emacsomancer has joined #nixos
<simpson>
Or compose your application's store path with the extra files you want in a user environment. Might sound like overkill, but it's done regularly in e.g. the Python subsystem.
drakonis_ has quit [Read error: Connection reset by peer]
max4 has joined #nixos
drakonis has quit [Ping timeout: 248 seconds]
<mightybyte>
simpson: Cool, thanks!
ambro718 has joined #nixos
Ariakenom has quit [Remote host closed the connection]
<ambro718>
What is the simplest way to run docker in nixos and a nixos docker container? For testing purposes.
<gchristensen>
the Nixpkgs manual has some info on building docker images with Nix,is that what you want?
Ariakenom has joined #nixos
<simpson>
ambro718: In your container, are you hoping for NixOS entire, or just Nix? `FROM nixos/nix` is a thing you can do in Dockerfiles if you're okay with the latter.
<ambro718>
I want to test the nvidia-docket package, what would that require?
<ambro718>
and some commands to initialize and start the container
<simpson>
systemd in containers is, AIUI, not really a thing. So you can't have full NixOS.
<ambro718>
I didn't mention systemd.
<ambro718>
I said nixos inside docker container, with docker running in nixos.
magnetophon has joined #nixos
Matthieu_ has quit [Ping timeout: 272 seconds]
<ambro718>
simpson: I need whatever virtualisation.docker.enable is for
<simpson>
ambro718: I don't think that that stuff fits inside containers, although I haven't really tried. Best of luck.
<ambro718>
ah never mind, it seems like I misunderstood
<ambro718>
yeah that stuff seems to go on the host, which makes it much simpler for me to test
<tazjin>
gchristensen: nixery is now backed by GCS
<gchristensen>
nice!
<tazjin>
though without any kind of FUSE-magic, it just puts the individual layers in there with a public ACL and redirects to them
domogled has joined #nixos
rfold has joined #nixos
<tilpner>
tazjin: FYI, your nixery thing might be linked in the nixos-weekly newsletter
<tazjin>
oh dear :) it has a billing cap at which it'll just shut itself off, but it should take a while to reach that
esmerelda has quit [Ping timeout: 257 seconds]
<astal>
anyone tried to install confluence as service?
<tilpner>
tazjin: You can still stop that by telling domenkozar[m], if you want
<tazjin>
no, it's fine! exposure to ideas is good, as long as there's a disclaimer that this is an experiment and not a production service that people should rely on :)
rajivr___ has quit [Quit: Connection closed for inactivity]
<dminuoso>
So I have a `foo.nix` with some build and install phase. How do I install that into my nix store?
<lordcirth_>
simpson, you can run systemd in containers fine, I run full Ubuntu LXC containers in production.
<lordcirth_>
Or did you mean only docker?
<simpson>
lordcirth_: I mean NixOS in Docker-compatible tools, specifically; AFAICT we aren't really aiming towards being able to do that.
<tazjin>
dminuoso: you can probably just `nix-build foo.nix` if it evaluates straight to a derivation. If you want it in your environment and not just in the store, you could `nix-env -i -f foo.nix`
<dminuoso>
tazjin: Ah so `nix-build` just throws it into my store, but that's different from having it in my environment?
<dminuoso>
Alright. :)
max4 has quit [Ping timeout: 258 seconds]
<srhb>
dminuoso: Each "environment" (profile) is essentially a symlink farm of some collection of store paths
<{^_^}>
Found in packages: linuxPackages.wireguard, linuxPackages_4_4.wireguard, linuxPackages_4_9.wireguard, linuxPackages_5_0.wireguard, linuxPackages_4_14.wireguard, linuxPackages_4_20.wireguard, linuxPackages_xen_dom0.wireguard, linuxPackages_latest_hardened.wireguard, linuxPackages_latest_xen_dom0.wireguard, linuxPackages_testing_bcachefs.wireguard, linuxPackages_xen_dom0_hardened.wireguard
Matthieu_ has joined #nixos
<xorAxAx>
,ifd
<{^_^}>
import-from-derivation (IFD) is when you evaluate nix from a derivation result, for example `import (pkgs.writeText "n" "1 + 1")` will evaluate to 2. This is sometimes problematic because it requires evaluating some, building some, and then evaluating the build result.
nahamu has joined #nixos
<immae>
xorAxAx: Thanks, I didn’t know the term for that! Do you have ways to avoid it, for instance when the derivation you want to build is a default.nix in a github repository? (so you need to pkgs.fetchFromGitHub and import from there)
Neo-- has quit [Ping timeout: 252 seconds]
<tazjin>
gchristensen: I'm observing a peculiar effect, but got no time to debug right now - maybe you have an idea:
<tazjin>
building an image that contains `bashInteractive` and `go` results in an image with no `bash` on the path
<tazjin>
any other combination of things does not seem to suffer from this problem
<gchristensen>
....huh
<tazjin>
yeah, that was my reaction, too
Ariakenom has quit [Remote host closed the connection]
<xorAxAx>
immae, i dont think so
psyanticy has quit [Quit: Connection closed for inactivity]
<immae>
ok, thanks xorAxAx :) I’m interested in workarounds since the NUR ci doesn’t allow these ifd, which prevents me from publishing my repo there
<tazjin>
gchristensen: you can get an example one from `docker pull nixery.appspot.com/shell/go` - I'm gonna be gone for a few hours now, but will take another look at this tomorrow
<ambro718>
i.e. not the lib directory, the paths themselves.
<gchristensen>
thanks, tazjin :) I'll try and get a look at it
magnetophon has quit [Remote host closed the connection]
<infinisil>
immae: If you use `fetchTarball` (a builtin function in the global scope) to fetch it from github, no IFD is required
hexa- has joined #nixos
<infinisil>
Same with fetchGit and builtins.fetchurl
<hyper_ch>
gchristensen: still online?
<immae>
Oh interesting
<gchristensen>
hyper_ch: yep
pie_ has joined #nixos
<hyper_ch>
gchristensen: I could test now your proposed fix for wg.... you'd just need to tell me what to do/edit
<pie_>
Ericson2314, ok i stared at it a bit and figured it out. I was only returning the result of applyLayer, but not merging the super and the new result
<immae>
infinisil: so builtins.fetchFoo is evaluated and "downloaded" at build time?
<gchristensen>
oh, awesome, hyper_ch!
<gchristensen>
one sec ...
<{^_^}>
[nixpkgs] @flokli pushed commit from @maralorn to master « nixos/nextcloud: Improve autoUpdateApps description string »: https://git.io/fj4bp
<{^_^}>
[nixpkgs] @flokli pushed commit from @maralorn to release-19.03 « nixos/nextcloud: Improve autoUpdateApps description string »: https://git.io/fj4bj
asheshambasta_m has quit [Quit: Leaving.]
<hyper_ch>
gchristensen: just fetched latest upstream from nixpkgs
<gchristensen>
:/ not sure, that makes it much more challenging
<hyper_ch>
the unit file has at the end now: ExecStart=/nix/store/k10nf19q4giz8fdax178gn8g3gwssp00-unit-script-wireguard-wg_jl-start \nExecStopPost=/nix/store/vmyj19736p3114lkr0i1w343k1qmkydy-unit-script-wireguard-wg_jl-post-stop\nRemainAfterExit=true\nRestart=on-failure\nRestartSec=5s\nType=oneshot\n\n")])
<jakub>
hi, i am getting 'Unable to open input' in cups log for every job (using samsung unified linux driver, user has lp group), what would you suggest I did?
<jakub>
files in /var/spool/cups have root:lp rw-r----- which to me is a bit suspicious
<hhefesto>
I am having trouble coercing a set to a string (the string is something like "${laurus-nobilis}/bla"). At least that's what the error says to my deployment-try.
<hhefesto>
<hhefesto>
I know that a set may be coerced to a string if it has an `outPath` string member. Does `callPackage` create that `outPath` member? Basically `laurus-nobilis` imports default.nix which is a function wrapped around `callPackage` which calls the genereted stack2nix.nix file. But the generated stack2nix.nix file doesn't seem to have any `outPath` assignment (or it might be hidden inside a funcition there somewhere?)
<drakonis>
as you can see ${version} is replaced with the contents of the variable version
<hyper_ch>
gchristensen: I'll let it finish compile and go to bed now
<drakonis>
perhaps you should use {$networking.hostName} if your intention is to point to the the hostname's path
<drakonis>
it would put laurus-nobilis in there
<hhefesto>
when the proyect is built, it's built and put on the nix store with a hash prepended. right?
<hhefesto>
somehow when a proyect is built (in this case the proyect is named `laurus-nobilis`), shouldn't "${laurus-nobilis}" give the path to where it was built?
<hhefesto>
stack2nix generated a file that compiles my proyect using nix-build
<hhefesto>
laurus-nobilis-configuration.nix is the logical configuration that points to the magical stack2nix.nix file for it to be able to build, but how can I know where it built it?
<hhefesto>
when I build it locally with nix-build it is built at /nix/store/5zmh6qr612wy6sx8s9n49f8lj3ra04hs-laurus-nobilis-0.2.0
<hhefesto>
will it be built there too on the remote server?
<{^_^}>
[flake-registry] @edolstra pushed to master « Import registry from NixOS/nix »: https://git.io/fj4pw
<logand>
,locate sbcl
<{^_^}>
Found in packages: sbcl, sbclBootstrap, bash-completion, lispPackages.cl-store, lispPackages.ironclad
<simpson>
hhefesto: Yes, assuming that you use the same Nix expressions on the same architecture. Normally knowing the precise path of something in the Nix store is only necessary when interfacing with legacy software.
<hhefesto>
My proyect builds with nix-build, and I am already able to deploy a trivial valgrind documentation to Google Compute Engine. Would anyone here be interested on helping me deploy my proyect for 100 dls through PayPal?
alexherbo20783 has quit [Ping timeout: 268 seconds]
Matthieu_ has joined #nixos
__monty__ has quit [Quit: leaving]
<arianvp>
`heya
<arianvp>
since I updated to nixos 19.03, webGL Stopped working on firefox on intel.
<arianvp>
wondering if anybody else has similar issue?
<arianvp>
I get: * Exhausted GL driver options.
cyraxjoe has joined #nixos
silver_ has joined #nixos
<NemesisD>
hi all, looking for some advice on haskell projects in nix. i need to depend on a submoduled project with its own default.nix. i'm doing hpkgs = pkgs.haskell.packages.ghc864.extend(self: super: otherproject1.hpkgs // otherproject2.hpkgs // { thisproject = self.callCabal2Nix ...}), but it doesn't seem to work. is there a better way?
<Ralith>
arianvp: works fine here
<NemesisD>
i'm merging package sets rather than just calling cabal2nix on the submoduled project because that project's default.nix might introduce some other packages that wouldn't be picked up by just treating it like a regular package
<arianvp>
hmm :/
<arianvp>
I did install firefox thorugh nix-env -iA
erasmas has quit [Quit: leaving]
<arianvp>
I remember openGL and nixos being finicky, wondering if that has to do with it>
<flokli>
arianvp: why did you run nix-env -iA, instead of adding it to your system configuration (given you're on nixos anyway)
<Ralith>
arianvp: OpenGL and nix *not* on NixOS can be finnicky, NixOS should be fine
<philipp[m]>
There is currently a PR going (for quite a while now) to upgrade mesa to an alternate buid system (meson).
<Ralith>
flokli: installing/updating user-level applications without root is nice
silver has quit [Ping timeout: 258 seconds]
<flokli>
Ralith: true. I use home-manager for that :-)
Lisanna has quit [Quit: Lisanna]
<flokli>
but it shouldn't matter. on nixos, we currently set LD_PRELOAD to include /run/opengl-driver(-32) in LD_LIBRARY_PATH
<flokli>
and drop drivers there, which get picked up by mesa
<philipp[m]>
This seems to block mesa upgrades, but the current version of mesa has a serious bug that leads to GPU crashes during shader compilation on some hardware (mine...).
<philipp[m]>
I locally upgraded to mesa 19 and this fixed everything nicely. Should I PR this change and just ignore the build system change PR?
mexisme_ has joined #nixos
<Ralith>
flokli: we set LD_LIBRARY_PATH, not LD_PRELOAD
<flokli>
Ralith: yeah, I'm tired. Sorry
<flokli>
I should know better, given I spent some time on #60985 :-)
<Ralith>
ooh, nice, the LD_LIBRARY_PATH thing always struck me as a hack
zeta_wolf has joined #nixos
<flokli>
it is
<flokli>
it still doesn't solve the problem with running nix-built gl programs from non-nixos. relying on something in /run/opengl is an impurity nevertheless
<arianvp>
flokli: i have user environment and system environment separate
<arianvp>
Because I share my tools between NixOS and non-nixos machines
<Ralith>
for vulkan we fall back on the FHS paths, at least
<flokli>
and we can't guarantee to be compatible with whatever mesa driver the non-nixos system provides
<arianvp>
But this goes wrong on a _nixos_ machine
<{^_^}>
[nix] @edolstra pushed 4 commits to fetch-registry: https://git.io/fj4jB
<zeta_wolf>
when i do the command to list my gpg keys, which is the public key and which is the private? i want to place the public one in home.nix(programs.git): https://hastebin.com/eqefivosok.makefile
<arianvp>
Eelco working on flakes? Cool
<arianvp>
zeta_wolf: list keys will only show public keys. A main key + its subkeys
<arianvp>
The main key is the one you want to add
<arianvp>
I think
mexisme_ has quit [Ping timeout: 248 seconds]
<{^_^}>
[nix] @edolstra opened pull request #2886 → Use online global registry → https://git.io/fj4j0
<zeta_wolf>
well to show you a made up one it looks somethin like this: rsa1056/1E29FE8AE1D1C1D1
selfsymmetric-mu has joined #nixos
drakonis has quit [Quit: Leaving]
<zeta_wolf>
so the 1st part is the public key and the 2nd part is the private(secret) key?
Matthieu_ has quit [Ping timeout: 245 seconds]
<zeta_wolf>
i just want to make sure i don't accidentily make a private key visible
<zeta_wolf>
setting up ssh was very clear but this gpg is confusing
mexisme_ has joined #nixos
<alexarice[m]>
is there a way to prefer a local build with nix-env
<infinisil>
zeta_wolf: It doesn't matter, what you put in your config isn't the actual key, it's just a key fingerprint
<infinisil>
zeta_wolf: And that fingerprint is always derived from the private part of the key anyways, there's no public fingerprint, because that's not needed
Matthieu_ has joined #nixos
<infinisil>
Here is my fingerprint for example: 5B2CFBD8E6AD7FC113D675A89424360B4B85C9E7
<infinisil>
Very much public information :)
<zeta_wolf>
infinisil: so when i run: gpg2 --list-secret-keys --keyid-format LONG `myEmail` what part is the fingerprint that i need to paste in programs.git(home.nix)? https://hastebin.com/eqefivosok.makefile
<infinisil>
zeta_wolf: I think you can answer that yourself
<zeta_wolf>
infinisil: i think i am way too paranoid about security
<infinisil>
That's not a bad thing per-se :)
<infinisil>
zeta_wolf: In any case, I can assure you that you haven't leaked anything with that paste, and that that is indeed your keys fingerprint which you need
<infinisil>
riot-web might be the files to self-host a web server?
<infinisil>
And riot-desktop is a prepackaged thing
<greenerworld[m]>
but why would riot-desktop would need them
<infinisil>
Just a guess, but that seems likel
srid6 has quit [Read error: Connection reset by peer]
srid63 has joined #nixos
<infinisil>
Well in that case riot-desktop would be a wrapper that adds the webserver stuff (via electron probably)
<infinisil>
Which just serves riot-web
<greenerworld[m]>
that makes sense
<greenerworld[m]>
since it builds electron with yarn
<zeta_wolf>
infinisil: i don't know if you remember helping me setup and install: `all-hies.latest` in home.nix, but anyways i integrated it with emacs and it seems to be working correctly the only problem i am having is: i always have to manually do: `lsp-workspace-folder-add` and `C-u M-x lsp`, i wish it would do this automatically when i open a haskell(.hs) file?
tkral has quit [Ping timeout: 264 seconds]
lovesegfault has quit [Ping timeout: 252 seconds]
<infinisil>
zeta_wolf: That has nothing to do with NixOS. Ask in #haskell-ide-engine or #emacs instead
<greenerworld[m]>
inifinisil what is the average time for my pr to be reviewed by a member?
<zeta_wolf>
infinisil: and hovering over text to show haddock(hoogle) documentation is very convienient, instead of having to look it up on the web
<greenerworld[m]>
this is my first pr so I don't know the avg time span, not trying to rush
<infinisil>
greenerworld[m]: Hmm, maybe a couple days? Not sure, but if you mention the PR here somebody might take a look :)
<greenerworld[m]>
well here goes my shameless plug
<greenerworld[m]>
also how often do the channels update?
ddellacosta has quit [Ping timeout: 245 seconds]
Yakulu has left #nixos ["Error from remote client"]
<zeta_wolf>
i overheard you guys talking about riot, is the `riot-desktop` package almost stable? that would be very useful(i am getting into freelancing)
<greenerworld[m]>
well it looks stable, using it ATM
<zeta_wolf>
should i do the workaround to get `riot-desktop` unstable(19.09) to work in my stable nixos(19.03) or should i just wait until it comes onto the stable channel? i don't want it to break my system, or have some sort or security problem
jackdk has joined #nixos
stranger___ has quit [Quit: Connection closed for inactivity]
<infinisil>
greenerworld[m]: The stable channel might update after a day, but unstable might take a couple days or even longer than a week
Soo_Slow has joined #nixos
selfsymmetric-mu has left #nixos ["gone to the land of dead hiccups and extinguished light bulbs"]
<greenerworld[m]>
yeah just changed to nixpkgs-unstable :D
<infinisil>
mekeor: How is it outdated or bloated?
dansho has quit [Ping timeout: 272 seconds]
<greenerworld[m]>
zeta I would just use something like rambox
<greenerworld[m]>
it's an electron app after all
<infinisil>
zeta_wolf: Yeah there's no problem with using a package from unstable, it can't break anything
tkral has joined #nixos
selfsymmetric-mu has joined #nixos
<mekeor>
infinisil: the gist is 3 years old; nginx is configured manually via services.nginx.config; also i wondered whether the tt-rss service was enhanced in such a way that there's less needed beside `tt-rss.enable = true` :D
<zeta_wolf>
ok, i have never heard of rambox and that riot-desktop looks nice
<infinisil>
I remember somebody posting a search engine for NixOS configurations here recently, but I can't remember the url of it anymore..
<alexarice[m]>
is there any advantage to using the electron app for riot over just having a browser tab open
<greenerworld[m]>
well for me the advantage is I can close the browser after reaching 50th tab
hmpffff has quit [Quit: nchrrrr…]
<greenerworld[m]>
but for electron apps there's usually little to no advantage
<{^_^}>
configsearch redefined, was defined as To search public NixOS/Nixpkgs/NixOps configs, use https://search.tx0.co (Ping ${"til" + "pner"} if it acts up again)
<zeta_wolf>
please forgive me for being off topic, but if i understand correctly: the `riot-desktop` is an open source alternative to whatsapp, and skype, is that correct? (i may have to do video and text chatting and i don't want to pay for that)
v0|d has quit [Ping timeout: 252 seconds]
<infinisil>
zeta_wolf: You'll get much better responses if you ask question in their appropriate channels. For this that would be #matrix
fenedor has quit [Quit: Leaving]
mbrgm_ has joined #nixos
<infinisil>
,configsearch = To search public NixOS/Nixpkgs/NixOps configs, use https://search.tx0.co (Ping ${"til" + "pner"} if it acts up again)
<zeta_wolf>
i am in the process of joining the open source project to work on the ghc compiler, i would also like to join an open source project where i would learn nix really well, do you guys know of any nixos projects? i am learning haskell, so maybe something related to that?
o1lo01ol1o has quit [Remote host closed the connection]
<Ralith>
helping maintain packages is generally a good start
<zeta_wolf>
ok, i think i read a link somewhere that was asking for help in maintaining the haskell packages in nixos but i can't seem to find that link
<zeta_wolf>
or would it be best for me to stick with the: `nix pills` while i am learning?
<simpson>
zeta_wolf: I wouldn't worry about it; it seems to be the case that folks often learn Nix out of obligation to work on some specific Nix-related project, like nixpkgs. If you don't have such a desire/need, then it's probably not a big deal.
<simpson>
That is, people don't hack on nixpkgs to learn Nix, but learn Nix to hack on nixpkgs.
<greenerworld[m]>
also what is the difference between nixos-unstable and nixpkgs-unstable channels?
<zeta_wolf>
simpson: well, i am currently learning haskell so how similar is nix to haskell?
<infinisil>
greenerworld[m]: nixos-unstable only gets nixpkgs versions that passed the NixOS tests, so it's safe to use on NixOS, you don't have to worry about grub breaking your boot loader or so
<simpson>
zeta_wolf: They both have functions and a `let` keyword; other than that, I'd say that there's not much overlap.
mexisme_ has quit [Ping timeout: 248 seconds]
<infinisil>
And I guess they're both purely functional
<greenerworld[m]>
ah ok, better test assurance then
<simpson>
infinisil: Maybe; I'm not willing to define "purely functional" today. They do have similarities in execution, since GHC Haskell is quite lazy and Nix is fully (maximally?) lazy.
<nh2>
when I use `nix build`, and it hides the output, is there a way or hack I can see the output as it streams by?
<infinisil>
simpson: I mean, purely functional doesn't have anything to do with lazy vs strict though. Nix is purely functional because same inputs to a function means same output
<infinisil>
(ignoring escape hatches)
<infinisil>
nh2: Legend says running a separate `nix log` on the same derivation gives you logs, but I'm not 100% sure of that
<simpson>
infinisil: Monte would be more purely functional than either Nix or Haskell, then, since it has this basic functional property *and* no escape hatches. FWIW in PLT channels like #proglangdesign we've failed to come to any understanding about what it means, and I strongly suspect at this point that "purely functional" is mostly a Haskell meme.
<infinisil>
simpson: Hmm, I'll join there to discuss
Matthieu_ has quit [Ping timeout: 245 seconds]
<greenerworld[m]>
btw is there anything for nix that provides notification like `You have X updates`? I don't want to do autoUpgrad but want to know when it's available.
<simpson>
greenerworld[m]: Counting the updates sounds like an interesting challenge. In general, you can assume that if your channel has updated, then it contains something fresh for you.
nD5Xjz_ has quit [Ping timeout: 248 seconds]
nD5Xjz has joined #nixos
justanotheruser has quit [Ping timeout: 272 seconds]
Soo_Slow has quit [Remote host closed the connection]
gchristensen has quit [Quit: Connection closed for inactivity]
selfsymmetric-mu has left #nixos ["gone to the land of dead hiccups and extinguished light bulbs"]
bepvte has joined #nixos
sir_guy_carleton has joined #nixos
<zeta_wolf>
i've been using nixos for about 2 months now, i think i am finally getting the hang of it.
ryantm has quit [Remote host closed the connection]
Rusty1 has joined #nixos
acarrico has joined #nixos
<zeta_wolf>
i first started learning haskell in debian and the dependency hell was brutal, in nixos not having to deal with dependency hell and easy declarative package management is a breath of fresh air