<catern>
Henson: one is to build the configuration for the remote computer locally, and copy all of it over
<catern>
er, that is to say, build the configuration for the remote computer on the machine that currently has the package + definition; then copy the closure of that configuration to the remote computer
schjetne has joined #nixos
jluttine has quit [Ping timeout: 244 seconds]
<catern>
(you might be able to optimize the copying in various ways)
Rusty1 has joined #nixos
<catern>
Henson: another approach, which is your only option if you want to be able to build new configurations on that offline computer, is to copy the package definition to the offline computer
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjzZo
<catern>
then you can build the configuration directly on that offline computer
<catern>
Henson: does one or both of those work? probably the latter is the easier one
toppler`` has joined #nixos
schjetne has quit [Ping timeout: 245 seconds]
Henson has quit [Ping timeout: 272 seconds]
zik[m] has left #nixos ["User left"]
Ariakenom has quit [Quit: Leaving]
simon_weber has quit [Quit: Connection closed for inactivity]
Henson has joined #nixos
<Henson>
catern: by package definition, do you mean the source for the package? Including the package in environment.systemPackages works just fine, but not in services.udev.packages
shosti has joined #nixos
<Henson>
catern: by "including the package" I mean including it by specifying its /nix/store path
m0rphism has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixpkgs] @jonringer opened pull request #62789 → vimPlugins.vim-csharp: init at 2017-03-29 → https://git.io/fjzZ9
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjzZQ
<tarruda1>
Just tried a fresh install of nixos in my machine and it is not possible to resolve names. I can ping any IP, resolv.conf also looks good, but when I invoke `ping www.google.com` it outputs: "name or service not known". This also results in a bunch of services not working (such as time sync)
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<tarruda1>
The same install config (which is basically the default config) works on a virtual machine
<tarruda1>
but on my desktop I get this strange error, which makes nix unusable. Anyone ever experience this?
<aanderse>
Henson: nixops might be a good fit for you
mighty_vee has quit [Read error: Connection reset by peer]
mighty_vee has joined #nixos
freeman42x has quit [Ping timeout: 252 seconds]
<colemickens>
Anyone have a preferred way of diffing two expressions that should be the same output but aren't?
<colemickens>
I suspect it's nixpkgs config like nonfree tripping me up even though I'd tried to fix it in the past
mmlb1 has joined #nixos
mmlb has quit [Ping timeout: 248 seconds]
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
silver_ has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @jonringer opened pull request #62791 → vimPlugins.SpaceCamp: init at 2019-06-05 → https://git.io/fjzZh
psy3497 has joined #nixos
<Henson>
aanderse: thanks, I'll look into it.
<aanderse>
Henson: i mention nixops because we have some machines behind a dmz
<aanderse>
so thoses machines can't connect to the internet
<aanderse>
but
<aanderse>
the nixops machine can
<clever>
colemickens: nix-diff
<aanderse>
in your scenario you could run nixops deploy --build-only on the nixops machine when it has internet
<Henson>
aanderse: right. The machines I'm working with are not interactively connected to another Linux machine. They can only have files downloaded to them and run scripts.
<aanderse>
and then nixops deploy when the nixops machine doesn't have internet but is connected to the target machine
<aanderse>
ah no ssh then, even on an internal network?
<clever>
Henson: ive looked into that before
* Henson
holds his breath
<clever>
Henson: step 1, nix-build '<nixpkgs/nixos>' -A system -I nixos-config=./host1.nix -o host1.root
<clever>
that will build the given config and make a result root
<Henson>
aanderse: correct. These remote computers will be connected to an Android tablet that is periodically connected to the internet
<aanderse>
in that case what clever is saying is good... and much cooler anyways ^_^
<aanderse>
clever++
<{^_^}>
clever's karma got increased to 135
<clever>
that will copy the closure of it into /mnt/nix/store, which can just be a USB stick
<Henson>
aanderse: yeah, being connected to the internet or another linux machine would make this a no-brainer, but it's this unusual deployment that's causing the problem
<clever>
1/2 are done on a "deployer" type machine
<clever>
3/4 are done on the "target"
emptyflask has joined #nixos
<clever>
how you get the /mnt/ dir over is up to you, usb, nfs, ssh, carrier pigeon
<Henson>
clever: awesome
<Henson>
clever: so I should use "nix copy" instead of "nix-store --export" and "nix-store --import"?
<clever>
yeah
<clever>
it has the benefit of reusing objects already in /mnt/
<clever>
so less data has to copy if the /mnt device already has it
jb55 has joined #nixos
<Henson>
clever: but say I know the paths the remote device already has, can I just do "nix-store -qR system.output.path" to get a list of the store paths needed for the closure, take the difference of the two to see what needs to be copied, then use "nix-store --export" and "--import" to do it?
clacke_movim has left #nixos [#nixos]
<Henson>
clever: or does it have to be the "nix copy" command?
kvda has joined #nixos
<clever>
Henson: its much simpler when using nix copy
<Henson>
clever: I think the thing that will work with your solution is that the system building is done on the development machine (which is not running NixOS) and bypasses the "nixos-rebuild" command needing to be run on a NixOS machine. Then copying the entire system closure over and instantiating it on the deployment machine.
<tobiasBora>
How can you create a new systemd.user.services? I don't understand how it works... I'd like to be able to put it in a standard derivation, build with `nix-build`, and then be able to start/stop/run the service as a non-root user. Is it possible?
<clever>
tobiasBora: systemd.user.service only works in configuration.nix
<tobiasBora>
clever: oh, so not usable on non-nixos devices I guess. It's a limitation of systemd, or of nix?
<clever>
tobiasBora: mostly a limitation of the nix expressions in nixpkgs
<clever>
tobiasBora: it can be done with some effort
<tobiasBora>
clever: that effort is made by project like home manager?
stepcut has quit [Remote host closed the connection]
<clever>
tobiasBora: if you eval a configuration.nix via <nixpkgs/nixos> you can then pull out the .unit files like this
<o1lo01ol1o>
I'm a bit mystified, my hydra-build-runner can finally ssh to my build machines, but the nix build job reports: Aborted: cannot connect to ‘nixSlave’: sh: nix-store: command not found
<clever>
and then drop them somewhere
stepcut has joined #nixos
<clever>
o1lo01ol1o: what happens when you `ssh user@host nix-store --version` ?
<o1lo01ol1o>
I get the version!
<clever>
o1lo01ol1o: with the exact command i gave?
<clever>
that is one command, not 2
sir_guy_carleton has joined #nixos
<o1lo01ol1o>
let me check
<clever>
tobiasBora: home-manager is a bit different, its re-implementing (or copying) nixos modules, to get the same effect
<o1lo01ol1o>
ah
<o1lo01ol1o>
clever: sh: nix-store: command not found
<clever>
o1lo01ol1o: thats the difference between interactive and non-interactive shells
<clever>
o1lo01ol1o: you need to mess with .bashrc and/or .bash_profile, to get nix-store in PATH for non-interactive shells
<o1lo01ol1o>
on the build machines, you mean
<clever>
o1lo01ol1o: yeah
<o1lo01ol1o>
hm. There's no way to handle this declaratively?
<clever>
o1lo01ol1o: what OS is the remote machine?
<o1lo01ol1o>
nixos
<clever>
o1lo01ol1o: it should be in PATH by default
<o1lo01ol1o>
(linux x86_64)
<tobiasBora>
clever: non-interactive shells can call .bashrc?? You may want to use the .ssh/environment file no?
<clever>
o1lo01ol1o: you can also force it with ssh command
<clever>
o1lo01ol1o: this forces the connection to run a given command, if using a given key
<o1lo01ol1o>
aha, that's what that line does
<clever>
so you can force it to always run /run/current-system/sw/bin/nix-store
<o1lo01ol1o>
ok, I'll add that, thanks!
<colemickens>
okay, and if I have a nix store path that I know was pushed to cachix is there an easy way I can pull it locally for use with nix-diff?
<clever>
tobiasBora: it can help to sprinkle echo's in all of the files, and see which ones trigger when
<tobiasBora>
clever: concerning the modules... I think I still don't get why they are "special"...
<clever>
colemickens: nix-diff only works on drv files, not outputs
<clever>
tobiasBora: the modules is basically a framework to create a single derivation, that has all of your config embeded into it
<colemickens>
so I have to recursively copy just the derivations from my remote machine I guess. I can figure it out probably
<clever>
colemickens: you can just download it from cachix using `nix-store -r /nix/store/foo`
<clever>
but nix-diff cant diff that for you
<colemickens>
okay, thank you, that's good to know, I should probably know that nix-store command :|
stepcut has joined #nixos
<tobiasBora>
clever: and if you want to compile a module, you need to run something like "nix-build <nixpkgs/nixos> myconfiguration.nix"? That is supposed to create a new unique derivation that contains the unit files?
<clever>
o1lo01ol1o: i also suspect your build user has been created with the wrong flags, does isNormalUser = true; fix it?
<tobiasBora>
clever: too many brackets for me ^^ <nixpkgs/nixos> is a shortcut for /path/of/nixpkgs/channel/nixos right? Does that mean that when I write <X/Y>, it checks "key" X in NIX_PATH, and then outputs "value_of_X/Y"?
<clever>
tobiasBora: yeah, and it will also ensure the Y exists under X first
<tobiasBora>
clever: I think it's the first time I actually understand these brackets^^ Thanks! What's the name of them?
<o1lo01ol1o>
clever: I removed "nice -n20" from the command field and now sh: nix-store: command not found
<tobiasBora>
everything makes much more sense now^^
* colemickens
side-eyes channels and NIX_PATH
<clever>
o1lo01ol1o: did you try adding isNormalUser = true; ?
<o1lo01ol1o>
will do
<o1lo01ol1o>
clever: sh: nix-store: command not found
<clever>
o1lo01ol1o: something feels wrong for nixos to have this issue
<clever>
o1lo01ol1o: what is in the $HOME of this remote user?
<o1lo01ol1o>
clever: home = "/home/hydra-queue-runner"
<clever>
o1lo01ol1o: try removing the shell= on the remote build user, also it shouldnt have any extra groups
<tobiasBora>
clever: I tried to write a super simple systemd.user http://paste.debian.net/1086683. But when I run nix-build '<nixpkgs/nixos>' -I nixos-config=myconfiguration.nix, it tells me "The ‘fileSystems’ option does not specify your root file system, You must set the option ‘boot.loader.grub.devices’ or 'boot.loader.grub.mirroredBoots' to make the system bootable"
<clever>
tobiasBora: you left out the -A i gave above
<clever>
tobiasBora: so its trying to build a fully working nixos, and the assertions found mistakes
<o1lo01ol1o>
clever: he option `deployment.keys.root-secret.source'
<colemickens>
On my deathbed someone is going to calculate that I lost a year of my life to waiting NM to rescan for networks.
<tobiasBora>
Hum... I'm super close, but not finished yet: ls ~/.config/systemd/user/
<tobiasBora>
bin etc include lib libexec manifest.nix mytestservice.service share
<tobiasBora>
systemctl --user start mytestservice: Failed to start mytestservice.service: Unit mytestservice.service not found
<clever>
tobiasBora: you need to reload the user daemon
<clever>
thats the semi-auto part i mentioned
* Henson
chuckles
<Henson>
NM hates it when I rescan for networks too quickly
Matthieu_ has quit [Ping timeout: 244 seconds]
<clever>
tobiasBora: and you only need the .service file, and nothing else
<tobiasBora>
clever: hum indeed (I've another error, but it's for another reason)
<tobiasBora>
clever: but when I ln -s all the ~/.nix, I can't really link one service right?
<tobiasBora>
Or you meant a link by file
<clever>
tobiasBora: link each file, or use the anything.nix example above, which only has 1 file
<tobiasBora>
and out of curiosity, why do you need to reload, is it because of the symlink, or we always need to reload?
<clever>
tobiasBora: i think you need to daemon-reload any time the unit files are modified
<clever>
tobiasBora: nixos and home-manager automate that step for you
<tobiasBora>
and this is specific to nix related stuff this reload?
<clever>
more that nix reloads it for you, after modifying the files
<clever>
and other distros expect you to do it yourself
stepcut has joined #nixos
<tobiasBora>
ok cool
<tobiasBora>
hum...
<tobiasBora>
Loaded: bad-setting (Reason: Unit mytestservice.service has a bad unit file setting.)
<tobiasBora>
Failed to start mytestservice.service: Unit mytestservice.service has a bad unit file setting.
<Henson>
clever: when you're finished your conversation with tobiasBora, could you answer another question for me, please, on the topic of remote deployment. Is it easy to upgrade to a new version of NixOS on the remote system simply by using the package list of a new NixOS version and setting that as the system profile? Or is it more complicated than that? The NixOS manual makes it seem like it could..
<clever>
tobiasBora: can you pastebin the contents of that file?
<Henson>
clever: be that simple with the caveat that certain Nix package manager upgrades change the store database in a way that cannot be rolled back.
<clever>
o1lo01ol1o: your in for a world of pain :P
<adamantium>
Anyone know how to build Emacs 27 from the latest?
<tobiasBora>
clever: great, I think I understood the anything.nix :D I even managed to install it with "nix-env -f anything.nix -i" (works also with appending things)
<o1lo01ol1o>
clever: really? still?
<clever>
o1lo01ol1o: yeah, submodules only work nicely on public git repos
<tobiasBora>
clever: I think I don't have anymore question, the remaining part is for systemd :P Thanks a looooot!
<o1lo01ol1o>
clever: if the hydra-queue-runner user has a github / lab ssh key that authenticates them as a user does that help?
<clever>
o1lo01ol1o: only builtins.fetchGit can use that private key, and that doesnt support submodules
<clever>
o1lo01ol1o: pkgs.fetchgit supports submodules, but not private repos
<o1lo01ol1o>
clever: so, basically, have hydra git checkout the top-level project and then make sure that all nix expressions below use runCommand to make the submodule directory and then use builtins.fetchGit to clone into that directory
<o1lo01ol1o>
(recursively, for each submodule)
<clever>
o1lo01ol1o: builtins.fetchgit will always clone into a random directory in /nix/store/
<clever>
tobiasBora: that will chunk it into a bash script for you, then put that in ExecStart
<clever>
chuck*
drakonis has quit [Ping timeout: 258 seconds]
<tobiasBora>
clever: oh, that's great, thanks
clacke_movim has joined #nixos
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #62801 → python3Packages.pywebpush: init at 1.9.4 → https://git.io/fjzce
ericsagnes has joined #nixos
<tobiasBora>
clever: any idea why when I use "ExecStart = "${pkgs.bash} -c \"while true; do echo 'YES';" it fails?
<clever>
tobiasBora: you didnt terminate the escaped "
<clever>
tobiasBora: also
<clever>
> "${pkgs.bash} -c \"while true; do echo 'YES';"
<{^_^}>
"/nix/store/x0mlaj4z4ciycaycfwc36l1932mwywfj-bash-4.4-p23 -c \"while true; do echo 'YES';"
<clever>
tobiasBora: that is a directory, not an executable
<tobiasBora>
oh, again the same error
<tobiasBora>
thanks a lot
buffet has joined #nixos
buffet_ has quit [Ping timeout: 252 seconds]
Henson has quit [Quit: goodnight!]
<o1lo01ol1o>
clever: Output limit exceeded; I saw an issue that said this is ram related. The buildm machine has 16gb and is choking on the ghc 8.2 build, do you know what the issue might be?
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<o1lo01ol1o>
clever: the queue runner can only handle a maximum of 2gb in a derivation? That seems small. . .
<clever>
thats just the default limit
<clever>
you should be able to change it easily
<clever>
try restarting the hydra-queue-runner process?
<o1lo01ol1o>
isn't that what max_output_size = 4294967296 does?
<clever>
it may be using the old cfg
<o1lo01ol1o>
ah, right
<o1lo01ol1o>
so far, everything's churning along; is it fair to say that there's no danger to set the machine's ram to slightly larger than max_output_size?
<clever>
it will need up to max_output_size ram, for every job its running
<clever>
so if its doing 10 jobs in parallel, thats 10x as much ram
<clever>
worst case
<o1lo01ol1o>
right, ok.
<o1lo01ol1o>
clever: ok, that's enough for tonight. Thanks again for the help, if you're in NYC, I'll buy you a beer.
<clever>
usually only passing thru on connecting flights
<o1lo01ol1o>
fair; offer stands.
clacke_movim has left #nixos [#nixos]
prometheus_falli has joined #nixos
lightbulbjim[m] has left #nixos ["User left"]
rauno has quit [Ping timeout: 248 seconds]
lambda-11235 has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
wfranzini has quit [Remote host closed the connection]
<gyroninja>
Can someone help me understand how gc roots work? I don't understand why for example libogg is a root. I would figure libraries would have been pulled in by another package which would mean that package instead should be a root
<clever>
gyroninja: `nix-store --query --roots /nix/store/something` to see what roots are pointing to it
o1lo01ol1o has joined #nixos
<clever>
gyroninja: `nix why-depends otherthing /nix/store/something` to see how a given root points to it
mighty_vee has quit [Ping timeout: 246 seconds]
mighty_vee has joined #nixos
<gyroninja>
So I use that first command on the libogg root and it shows many other roots
<gyroninja>
Shouldn't GC roots have no roots?
<gyroninja>
other than manually installing a program and it's dependency
<clever>
gyroninja: it likely read the symlink, and showed the roots for its target instead
st4ll1_ has joined #nixos
<gyroninja>
btw I'm viewing the roots with `nix-store --gc --print-roots`
st4ll1 has quit [Ping timeout: 248 seconds]
toppler`` has quit [Ping timeout: 246 seconds]
o1lo01ol1o has quit [Ping timeout: 248 seconds]
<gyroninja>
It just seems like I have a crazy amount of gc roots (256) as I just installed the system yesterday and only have a few programs installed
toppler`` has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<gyroninja>
I realized my mistake
<gyroninja>
I was thinking GC roots would be similar to the contents of the world file from the Gentoo operating system
<clever>
gyroninja: generations are basically nix keeping every version of the world file, so you can undo changes
<gyroninja>
In NixOS GC roots seems to be any accessable contents from a package
<clever>
gyroninja: the dependencies of a package cant be deleted until the package refering to it is deleted
kvda has joined #nixos
<gyroninja>
The difference is that the world file includes roots from a package manager sense, where these GC roots is a super set of the roots which also include other packages which currently need to be installed on the system
<clever>
also, nix gc roots refer to a specific build
<clever>
while the world file is just a package name and maybe a verison
<zfnmxt>
gyroninja: Not really sure how to go about fixing/confirming that. I uninstalled the man page packages and tried again and got this: http://ix.io/1L7h
<zfnmxt>
Sounds like the man page config is messed up. I didn't even realize such a configuration existed.
<zfnmxt>
gyroninja: I'm not sure which to give you. The config file is in the man-db packages, and nix-store -q --references `which man` doesn't yield `man-db` as a dependency, so I don't know which hash to look at.
<zfnmxt>
(I was looking at a random hash before.... >.< )
schjetne has joined #nixos
<gyroninja>
My man command is a symlink into man-db
<gyroninja>
well `which man` is /run/current-system/sw/bin/man which goes to man-db
kvda has joined #nixos
<zfnmxt>
That fixed the problem :P
<zfnmxt>
Well, indirectly.
<gyroninja>
Did you not install man-db?
wfranzini has joined #nixos
<zfnmxt>
`which man` gave `/home/zfnmxt/.nix-profile/bin/man`, so it was in my..uh, not sure what the terminology is. User nix environment?
<zfnmxt>
So I just did `nix-env -e man` and it fixed it and now man points to /run/current-system/sw/bin/man
schjetne has quit [Ping timeout: 244 seconds]
hyper_ch2 has joined #nixos
<zfnmxt>
Anyway, man was symlinked to /nix/store/0n4i2742jcp3dw32pk62c45z6yikzjfy-man-1.6g/bin/man
orivej has quit [Ping timeout: 248 seconds]
clacke_movim has joined #nixos
<zfnmxt>
Now the symlink is correct. I don't know what happened. I screwed something up in my user env, obviously. =/
<zfnmxt>
Thanks for the help, though, gyroninja !
jbgi has joined #nixos
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #62813 → nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions → https://git.io/fjzC7
adamantium has joined #nixos
<adamantium>
Hey -- anyone out there manage to get slock-or-similar screenlocker to work on lidclose?
thc202 has joined #nixos
<ar>
adamantium: xss-lock
<etu>
adamantium: I use i3lock-pixelated with xautolock that locks on suspend and lidclose
<zfnmxt>
adamantium: I use physlock and it works well. `services.physlock.enable = true` was it all it took.
<rajivr___>
I am new to NixOS. When I do `nix-store --query --deriver /nix/store/....-hello-2.10` where is the reverse mapping to the derivation store?
<zfnmxt>
Also one of the only lockers that doesn't let you access another tty :)
<rajivr___>
I meant to ask "where is the reverse mapping to the derivation" that is the `.drv` file stored?
<etu>
zfnmxt: I don't see how that matters though, I don't have things running on a tty (such as startx) because I have a loginmanager, and both the locker and the tty would require the same password to access my account :p
adamantium has quit [Read error: Connection reset by peer]
<zfnmxt>
For most people it probably doesn't, but might as well lock it out as well
adamantium has joined #nixos
<adamantium>
ar: please expand
emily has quit [Remote host closed the connection]
emily has joined #nixos
emily has quit [Remote host closed the connection]
jackdk has quit [Ping timeout: 248 seconds]
mexisme_ has joined #nixos
<adamantium>
Does setting programs.xss-lock.enable = true; and programs.xss-lock.lockerCommand = "slock"; do what i want or ?
<ar>
adamantium: except i had to specify full path for some reason, don't remember now why
<ar>
adamantium: as in, programs.xss-lock = { enable = true; lockerCommand = "/run/current-system/sw/bin/i3lock"; };
<etu>
you can probably do: "${pkgs.i3lock}/bin/i3lock" as well as lockerCommand
<adamantium>
so is xss-lock strictly for lidclose, or is it going to do when idle, too you think?
<adamantium>
thanks btw
<ar>
adamantium: it binds to the APIs systemd-logind uses for issuing locks
jeschli has joined #nixos
<ar>
adamantium: dbus apis
mexisme_ has quit [Ping timeout: 248 seconds]
<sphalerite>
eyjhb: what does your generated bootloader config look like?
<adamantium>
ar: ah, lol. I've been doing it like this: http://ix.io/1L7o ... simple, but xss is probably better
<eyJhb>
sphalerite that really depends what you mean by saying that. The ones in /boot/loader/entries?
jluttine has joined #nixos
<eyJhb>
It really seems like there are varoius files on /boot, that might be outdated or old. I see some grub entries that specifies builds from 2018-12-31. Which, I have deleted a couple of times by now
<eyJhb>
But in loader/entries/nixos-generation-x.conf, it looks for the fiels in /nix/stire/xxxx, and /efi/nixos
<eyJhb>
So it might not need to regenerate those in /boot/kernels?
<sphalerite>
eyjhb: yeah if they exist in /boot/nixos or /boot/efi/nixos
<eyJhb>
It does
<eyJhb>
So /boot/kernels seems like some legacy
<eyJhb>
Lets try to reboot, and see if I will ever come back...
<etu>
eyjhb: I was very confused by your /boot/kernels
<etu>
eyjhb: Never seen that :)
<eyJhb>
Well, I could reboot! But I almost died a little, because the generation I rebuild, my encrypted drives didn'' want to unlock...
<eyJhb>
etu: guess they are just space wasters
ambro718 has joined #nixos
<etu>
yeah, probably
<etu>
Good that you could reboot at least! :)
<etu>
Then you're in a good state
wfranzini has quit [Ping timeout: 246 seconds]
<eyJhb>
Yeah, that is the best part :D - Now to get another 30 error messages about not being able to compile bash or something because `prove command not found`..
<eyJhb>
hyper_ch2: LUKS Encryption, but not to worry.. I am currently building various verions of nixpkgs, to see when DisplayLink started to fail..
<eyJhb>
Currently on day two of the endeavour, and hating it
<hyper_ch2>
ah, ok... used to use luks encryption :9
adamantium has quit [Remote host closed the connection]
fasd` has joined #nixos
<eyJhb>
Hoping I can say the same thing about DisplayLink at some point :( What havey ou switched to now?
linarcx has joined #nixos
schjetne has quit [Ping timeout: 268 seconds]
<Mateon1>
Okay, so after a recent (within the last month) full-system update, I seem keep hitting some sort of bug in libpng (png_combine_row NULL dereference), triggered by gdk_pixbuf, triggered by lots of other things, like the GTK Save As... dialog, and a large amount of icons on my system
<Mateon1>
One of the most annoying versions of this bug is the chromium Save As... dialog causing a segfault, every time I try to save anything, the entire browser crashes (I assume GUI is handled on the main browser process, so a segfault there crashes everything, instead of a handful of tabs)
<Mateon1>
Another example is that I cannot start zenmap at all, I get a segfault before any window even shows up
<Mateon1>
I want to know, how can I debug this and possibly fix this?
hmpffff has joined #nixos
emily has joined #nixos
<hyper_ch2>
eyjhb: I use now native encrypted root zfs
<hyper_ch2>
what's DisplayLink?
katyucha has joined #nixos
<eyJhb>
proprietary software/hardware, which functions as a USB 3.0 Docking station (for my use case at least), so I can have a third monitor to my x230 connected.. But everything is.. Unstable and reallyb badly made
ambro718 has quit [Quit: Konversation terminated!]
<eyJhb>
And even the logs for DisplayLink are encrypted, so you have NO clue why it doesn't work...
wfranzini has joined #nixos
<eyJhb>
And some place between 18.09 and 19.03, it stopped working.. WHich can be because of a thousand reasons :(
hmpffff has quit [Quit: nchrrrr…]
<mjrosenb>
is anyone familiar with building ghcjs?
<eyJhb>
Does the remote build machines repsect -I nixpkgs=<something> btw.?
<inquisitiv3>
nornagon: You wrote the instructions for how to partition ZFS for NixOS on the wiki. Do the ZFS volume need to to partition no. 1, or can I have it after the EFI boot partition?
<hyper_ch2>
hmmmm, I have a "mySecrets.nix" file that I do include into the configuration.nix file. So far I only set variables and assigned values in the mySecrets.nix file. However I want to tighter control the samba shares. So I wanted to create groups for hosts allowed in the mySecrets.nix file as well, but it doesn't like to just use the variables. Where did I go wrong? https://paste.simplylinux.ch/view/raw/0ab51a61
<hyper_ch2>
eyjhb: thx for the explanation
<hyper_ch2>
inquisitiv3: it does not matter
<tilpner>
hyper_ch2: Change ^{ to ^rec {
<inquisitiv3>
hyper_ch2: Thanks!
<hyper_ch2>
tilpner: that's all? oO :) thx
* hyper_ch2
gives tilpner a cookie
<marek>
any idea why nixpkgs is 9 days old?
fasd` has joined #nixos
<{^_^}>
[nixpkgs] @bjornfor merged pull request #62782 → sigrok suite: enable for darwin → https://git.io/fjz3G
<marek>
for some reason I thought nixpkgs is updated right away and nixos is the one that needs passing tests?
<hyper_ch2>
inquisitiv3: you've used zfs before?
<tilpner>
marek: IINM nixpkgs-unstable uses different tests than nixos-unstable, not a subset
<tilpner>
marek: E.g. Darwin specific tests, which would not block the nixos-* channels
<marek>
hmm I see, I'm still little bit confused about these
schjetne has joined #nixos
<tilpner>
marek: This confuses me too, it says log limit exceeded, and the log seems to be random binary data
<{^_^}>
[nixpkgs] @wfranzini opened pull request #62817 → WIP: improve support for crosscompiling to musl32 → https://git.io/fjzWb
<tilpner>
Even though the web UI can display something
Matthieu_ has joined #nixos
fasd` has quit [Ping timeout: 248 seconds]
<marek>
yeah, interesting
jasongro` has joined #nixos
jasongrossman has quit [Ping timeout: 246 seconds]
<Mateon1>
Okay, so I narrowed down my GDK crashing issue to https://github.com/NixOS/nixpkgs/issues/54278 - @fare suggests a workaround by unsetting GDK_PIXBUF_MODULE_FILE among other env vars, but none of the vars mentioned in his comment exist in my environment, and I still get those crashes.
<{^_^}>
#54278 (by minijackson, 19 weeks ago, open): Programs using gdk_pixbuf 2.38 crash with 2.36 loaders from system
<{^_^}>
[nixpkgs] @andir pushed 2 commits to release-19.03: https://git.io/fjzlY
winem_ has joined #nixos
adamantium has joined #nixos
<adamantium>
ar: xss is great. thankyou
<juhoh>
Hi, I just started using NixOS. Usually on my Linux distros I use dwm as the WM. I've had a lot of difficulties in learning how to set it up on Nix, though. I've got it working with the `windowManager.session` and setting it to dwm but I have yet no idea how to configure it myself. Do I have to use overlays or something else? Any blog posts or tutorials are gladly welcome, didn't find too much info on that
<juhoh>
Yup, that's how I got it running for now. But how can I configure the config.h?
<andi->
juhoh: I guess overlays are the way to go. `nixpkgs.overlays = [ (self: super: { dwm = super.dwm.override { patches = [ ./my-custom-config-patch ]; } })];` the package
<andi->
juhoh: or you use `overrideAttrs` and execute a bit of code before the build starts. Most likely copying your config.h into the build root
<juhoh>
Great, thanks andi- I'll try the overlays approach.
schjetne has quit [Ping timeout: 268 seconds]
<inquisitiv3>
hyper_ch2: Nope, I'm looking into it
<hyper_ch2>
inquisitiv3: it's awesome :)
<jasongrossman>
,quotes
Avaq has joined #nixos
johanot has quit [Ping timeout: 258 seconds]
Avaq has quit [Read error: Connection reset by peer]
v88m has quit [Ping timeout: 248 seconds]
adamantium has quit [Remote host closed the connection]
johanot has joined #nixos
<dminuoso>
Interesting. autoPatchElf doing *something*.. and quite a lot of it..
<dminuoso>
But no idea what.
dejanr has joined #nixos
katyucha has quit [Quit: Lost terminal]
<tilpner>
juhoh: Note that you don't have to use the patches argument if you find passing the entire file more convenient
<juhoh>
tilpner: Yeah, I was trying setting the `conf` but get an unexpected argument error: `nixpkgs.overlays = [ (self: super: { dwm = super.dwm.override { conf = builtins.readFile ./config.h; }; }) ];`
<eyJhb>
Anybody running the newest stable NixOS with x11 that might be so kind to grab the versionnumber/xorg version? - xdpyinfo | grep -i version
Matthieu_ has quit [Read error: Connection reset by peer]
hmpffff has quit [Quit: Bye…]
<tilpner>
juhoh: It doesn't expect a conf argument
<tilpner>
juhoh: But you can do something like dwm.overrideAttrs (old: { prePatch = (old.prePatch or "") + "cp ${./config.h} config.def.h"; })
<juhoh>
tilpner: Exactly, but trying to read the package nix file that's defined in the repo I'm not quite sure how dwm gets built.
<juhoh>
Ah, so I've to use the `overrideAttrs` like andi- already pointed out.
adamantium has joined #nixos
rauno has quit [Ping timeout: 248 seconds]
<tilpner>
juhoh: In this case yes. The arguments available for .override are determined by the package author, and thus are of varying flexibility and not always consistent
<andi->
juhoh: I think our st is more streamlined for customization. Might want to open a PR adjusting the dwm package :)
<dminuoso>
Is there a way to direct autoPatchelfHook not to try and fix some needed dependency?
<dminuoso>
Or do I have to manually patchelf instead?
vidbina has joined #nixos
__monty__ has joined #nixos
vidbina has quit [Client Quit]
Avaq has joined #nixos
silver has joined #nixos
<inquisitiv3>
hyper_ch2: You seem to know how to use ZFS. Should I use partition type `bf00` or `bf01`? The NixOS wiki recommend the later, but Arch wiki recommends the former.
<riottest000[m]>
<dminuoso "Mmm. Is it possible to strip a N"> I don't think so, since you need that thing to actually run the .so
<dminuoso>
riottest000[m]: Do I?
init_6 has joined #nixos
toppler`` is now known as toppler
cyphase has joined #nixos
toppler has quit [Ping timeout: 268 seconds]
<cmacrae>
I asked over in #nixos-aarch64, but I figure it can't hurt to ask here too! Does anyone have a link/info to the public hydra build for the aarch64 images? I have some stuff I need to tweak in the build for my personal use :)
<dminuoso>
marek: but that's essentially just a declarative way of doing `nix-env -iA nixos.nginx`
<dminuoso>
marek: what you refer to services is actually just systemd configuration.
<jluttine>
What is the correct way to pin system nixpkgs in configuration.nix? I pin nixpkgs in nix.nixPath but i have to run `nixos-rebuild switch` twice for upgrade to happen. i guess the first one upgrades the system nixpkgs and then the second call uses that nixpkgs and actually upgrades the system..
o1lo01ol1o has quit [Ping timeout: 272 seconds]
<dminuoso>
marek: and systemd is configured via `systemd`, e.g. `systemd.services`
<dminuoso>
marek: so where in a manual system you'd go creating unit files under /etc/systemd/... etc, you'd now just have some nixos module add `systemd.services.foo = { ... }`, then `nixos-rebuild` lets you build the configuration and test/switch to it (activating the systemd unit)
<dhess>
jluttine: yeah, it reads configuration.nix and then builds, creating a new configuration.nix with the new path, so the first build will use the old configuration.nix. What I did (for nix-darwin, which has the same issue) is just write a wrapper around rebuild, which uses the -I flag to set nixpkgs to the new path, so that rebuild uses it.
<marek>
dminuoso: but how does that installs python37Packages.trezord?
<marek>
I mean, how does that service knows which dependency to install in order for it to work?
<hyper_ch2>
inquisitiv3_: not really sure.... I just made a general linux partition because when you create the zfs pool, it will repartition the partition again anyway
<marek>
sphalerite: so it just finds what package provides trezord-g?
<dhess>
jluttine: sorry, I set NIX_PATH in the wrapper. I confused it with other tools I'm writing :)
jasongrossman has quit [Ping timeout: 272 seconds]
<dminuoso>
marek: no it doesnt find.
<dminuoso>
marek: pkgs is an attribute set.
<sphalerite>
marek: it uses the trezord package
<dminuoso>
marek: pkgs.trezord is an attribute inside that attribute set.
Anton-Latukha has joined #nixos
<dminuoso>
marek: Remember, this is just nix-lang.
<dminuoso>
marek: Have you ever done something like `pkgs = import <nixpkgs> {};`?
<marek>
yeah hmm
<dminuoso>
that's, semantically at least, the same set (whether it actually ends up the same set depends on some details)
<jluttine>
dhess: ok, thanks!
<dminuoso>
an attribute set in the nix language sense.
siel has joined #nixos
<dminuoso>
marek: Now that entire attribute set is lazy. If it werent, then importing <nixpkgs> would amount to installing *all* packages in nixpkgs to your store.
<marek>
ok, so if I use nix-env to install a newer version of the package from my private repo
<marek>
the service, which comes from nixos modules won't use it
<dhess>
np
<marek>
I install a new trezord with nix-env, I can run ti locally
<marek>
but systemctl won't run it on startup with services.trezord.enable?
<dminuoso>
marek: right
<dminuoso>
marek: because pkgs.trezord resolves to whatever attribute is inside pkgs.
<marek>
and is there a way to override this without too much hassle?
<marek>
with -E or something
lunik1 has joined #nixos
<marek>
like I have a remote private repo and I want to test my new trezord package
<marek>
but with using that enabled feature
<dminuoso>
Well yes
<dminuoso>
but not with nix-env
ThatDocsLady_ has joined #nixos
<marek>
I will have to create my own configuation to override the module right?
ThatDocsLady has quit [Read error: Connection reset by peer]
<jluttine>
i installed nixos ami to amazon ec2 in february (18.09 unstable). i now tried to upgrade that machine to recent unstable but i get: error: cannot find a GRUB drive for /dev/xvda. Check your device.map. Any ideas what could be wrong?? Previously running nixos-rebuild switch worked just fine..
<jluttine>
There's no /dev/xvda on that machine.
<jluttine>
I have no idea why it should now exist because previously it wasn't needed...
<jluttine>
I've been trying to read nixpkgs git history for relevant files but I haven't yet figured out anything useful
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
emily has quit [Quit: Updating details, brb]
emily has joined #nixos
alp has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Ping timeout: 258 seconds]
gagbo has quit [Ping timeout: 258 seconds]
alp has joined #nixos
ilmu has joined #nixos
<tokudan>
where do I set kernel module options in nixos?
Matthieu_ has quit [Read error: Connection reset by peer]
schjetne has joined #nixos
ebzzry has joined #nixos
rtjure has joined #nixos
<ebzzry>
Pardon me for my ignorance, but why is it that when I install openssl in my profile, I can't see the libraries in ~/.nix-profile/lib/ ?
<tokudan>
ebzzry, libraries are not intended to be installed
alex`` has quit [Ping timeout: 272 seconds]
afics has joined #nixos
<tokudan>
the binaries should be in your path, but libraries should be directly referenced with full path by the binaries that use them
schjetne has quit [Ping timeout: 244 seconds]
<andi->
I think it might just be the case that openssl does have a `bin` output and those are preferred. If you instead "install" `openssl.lib` they might appear there
<andi->
err it doesn't have .lib the "standard" (`out`) output is basically the lib output
alex`` has joined #nixos
<ebzzry>
OK. Thanks for the input.
o1lo01ol1o has joined #nixos
<ebzzry>
To provide context, the issue came up when loading the libs with https://bit.ly/2wDwJC0
<ebzzry>
I forced a path in /nix/store/... and it loaded fine.
<klntsky>
How to fix "The pkg-config package 'xft' is required but it could not be found." when building haskell projects using stack on NixOS? Dependency causing this is X11-xft
<eyJhb>
Ahh, so it is the current generation which has the problem
<eyJhb>
And not the one I am building
<tokudan>
yes
<eyJhb>
Thanks ;)
Denommus has quit [Quit: leaving]
<gentauro>
NixOS + Xen, does it give sense? I hear that most people on NixOS go with the Oracle VirtualBox ... But is it realistic to use Xen instead? :)
arianvp has joined #nixos
<hyper_ch2>
gentauro: why not kvm/qemu?
rtjure has joined #nixos
<gentauro>
hyper_ch2: what about the "old trick" with vmplayer? :D
<{^_^}>
[nixpkgs] @peti pushed to master « esniper: update to latest git revision "Version_2_35_0-15-g91d2665" »: https://git.io/fjzEp
<gentauro>
install that and just write manually the config files
<gentauro>
the thing is that I just don't want to use anything from Oracle :)
<gentauro>
(if I can avoid it)
<hyper_ch2>
gentauro: no idea what you mean by that
<DigitalKiwi>
can someone direct me to information (existing project, blog, wiki, manual,...) about including something from a foo2nix (in this case node2nix but any will do) in another project?
<manveru>
DigitalKiwi: i think the nixpkgs manual covers those mostly
<DigitalKiwi>
i've only seen it cover how to make and use them standalone (i might just not have seen it tho)
<manveru>
hmm, ok
<manveru>
i thought it had more info, but looks like not
<manveru>
and node2nix readme also doesn't really cover it
<DigitalKiwi>
the vim example might be helpful hmm
<DigitalKiwi>
I've seen a project that had a bunch of examples of it but I forget it :<
<manveru>
the problem is that all of those $foo2nix work differently had have different usage :|
Matthieu_ has quit [Read error: Connection reset by peer]
<DigitalKiwi>
I have a shell.nix I want to bring it into scope for
warbo has quit [Read error: No route to host]
peacememories has joined #nixos
<DigitalKiwi>
for a hakyll project I want to run purifycss on
<manveru>
yeah, you'll have to link the node_modules folder in that case
o1lo01ol_ has quit [Remote host closed the connection]
fendor_ has joined #nixos
hyper_ch2 has quit [Quit: Page closed]
fendor_ has quit [Client Quit]
sigmundv has quit [Ping timeout: 258 seconds]
veske has joined #nixos
is_null has quit [Ping timeout: 272 seconds]
turion has quit [Ping timeout: 248 seconds]
<veske>
Is it possible to somehow include a locally built Nix package inside of a mkShell's buildInputs when running nix-shell ?
Matthieu_ has quit [Read error: Connection reset by peer]
sigmundv has joined #nixos
Anton-Latukha has quit [Quit: Leaving.]
<{^_^}>
[nixpkgs] @tadeokondrak opened pull request #62830 → aerc: init at 0.1.0 → https://git.io/fjz2J
mexisme_ has joined #nixos
<ebzzry>
andi-: tokudan: It works now. I created an overlay that wraps the binary.
<aanderse>
i want to break compatibility on the httpd service. currently virtualHosts is a list but i want to make it match nginx which has virtualhosts being an attribute set
<aanderse>
anyone have any strong opinions on that?
arjen-jonathan has quit [Ping timeout: 248 seconds]
<aanderse>
it is a pretty big thing to break, but migration would be easy and provides huge benefits
v88m has quit [Read error: Connection reset by peer]
mexisme_ has quit [Ping timeout: 248 seconds]
v88m has joined #nixos
<NemesisD>
i'm trying to persist my project's shell derivation from GCs. i ran `mkdir gcroots && nix-shell --indirect --add-root gcroots/dep` which boots into my shell, but shouldn't i see a symlink in `gcroots`? it is empty
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
drakonis_ has quit [Ping timeout: 248 seconds]
winem_ has quit [Ping timeout: 248 seconds]
drakonis_ has joined #nixos
Henson has joined #nixos
Liddy has joined #nixos
<Henson>
clever: are you around?
ddellacosta has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
pheoxy has joined #nixos
erasmas has joined #nixos
Synthetica has quit [Quit: Connection closed for inactivity]
drakonis_ has quit [Ping timeout: 272 seconds]
drakonis_ has joined #nixos
drakonis has joined #nixos
drakonis has quit [Client Quit]
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
<Henson>
I'm trying to do a binary deployment to a remote NixOS machine that is not connected to the internet and add packages to the /etc/nixos/configuration.nix file in the environment.systemPackages and services.udev.packages lists. I can't specify the package name directly in nixpkgs, but have to refer to the nix store location for the file. I'm having the problem where specifying the store path....
veske has quit [Quit: This computer has gone to sleep]
<o1lo01ol1o>
Is there a declarative way to specify the amount of swap space a machine should have?
<Henson>
in services.udev.packages doesn't actually result in it being used in a nixos-rebuild call. Clever suggested yesterday using nix-build to build the system to an output and then copy that output over to the remote machine and use nix-env to set the system profile to that nix store output. The problem with this is that I need to know the contents of hardware-configuration.nix in order for that...
<ToxicFrog>
o1lo01ol1o: you can declare swap files, which will be created with the specified size if necessary. I don't believe you can declare size for swap partitions, it just uses the device size.
<Henson>
to work, as every machine could potentially have different filesystem UUIDs and network configuration options. Is there another way I could be doing this? It's frustrating that specifying the store path in services.udev.packages doesn't work. Perhaps I'm going about this the wrong way. Does anybody have any suggestions?
RRedcroft has quit [Ping timeout: 246 seconds]
<o1lo01ol1o>
ToxicFrog: Great, thanks
<ToxicFrog>
o1lo01ol1o: declaring swap partition size is a subproblem of declaring partitions more generally, which is not currently possible -- you're expected to partition by hand while installing the system.
<gchristensen>
Henson: why must you use the path, instead of referring to the package via nixpkgs
<Henson>
somebody suggested that if I specified the exact mkDerivation I'm using for the package, that might work, as specifying the path in the /nix/store isn't equivalent to specifying the name of the package in nixpkgs (my package isn't in nixpkgs). Is there a way to generate the equivalent of the mkDerivation call by specifying the .drv file that results from the mkDerivation call?
<gchristensen>
you can import your custom package's .nix and refer to it as needed
<Henson>
gchristensen: because it's a custom package that isn't in nixpkgs. I could do an overlay on nixpkgs and have it work that way, but then I'd have to copy over the overlay I'm using on my development machine, which I would prefer not to do. I'm hoping for this just to be a binary-only deployment.
<o1lo01ol1o>
ToxicFrog: But for nixops, so long as the machine has a device partitioned I can just use that partition, then. Though I'm not sure the difference between using a dedicated partition and a file makes it worth it for a build slave
<Henson>
gchristensen: that's a good suggestion
<gchristensen>
Henson: can you copy the hardware config to deploy host? that is how nixops work
<gchristensen>
then it is truly a binary only deployment
<Henson>
gchristensen: oh is it? I guess that could be possible. I was hoping to avoid needing to do that.
<gchristensen>
is there a specific reason to avoid it?
<Henson>
gchristensen: the target machine isn't connected to the internet, and will only be connected to an Android tablet that is periodically connected to the Internet. We want the Android system to determine the nix paths currently installed, determine from our upgrade servers the paths needed for the latest software version, then copy those things to the remote machine next time it's connected to it..
<Henson>
gchristensen: then have the remote machine install the latest system version
schjetne has joined #nixos
<gchristensen>
neat
<Henson>
gchristensen: I guess the only thing that's required in this case is that the configuration.nix and hardware-configuration.nix also needs to come over.
<gchristensen>
right
<gchristensen>
is the hardware different per device?
<Henson>
gchristensen: and no modifications to the system can be made if one were to connect to it.
<gchristensen>
also, I'd love to hear more about what you're doing (in a DM if needed) it sounds pretty cool
arjen-jonathan has joined #nixos
<Henson>
gchristensen: it's just a couple of udev/rules.d files that need to be copied over.
Matthieu_ has joined #nixos
raid123 has joined #nixos
<Henson>
gchristensen: it seems that nixos-rebuild somehow determines the set of store paths that need to be copied when rebuilding the system. Specifying a package using its store path does not get it included in the set of files that appear in /nix/store for the rebuild. If I could only get it to include those nix store paths then that would solve the problem.
<gchristensen>
ah
<gchristensen>
what about builtins.storePath /nix/store/....
<Henson>
gchristensen: would that go in the configuration.nix file?
<gchristensen>
wherever you're using /nix/store/... yeah
<Henson>
gchristensen: also, what does DM mean?
<gchristensen>
though if you're doing it in a list, do (builtins.storePath /nix/store/...)
<gchristensen>
like a private message. I'm curious about your use case and more details about what you're doing, if you're able to share
ym555 has joined #nixos
Glider_IRC__ has joined #nixos
michaelpj_ has joined #nixos
<raid123>
Hi. Trying to setup RAID with mdadm and not sure what to do regarding initramfs on nixos. Tutorial tells me to update it (to save the array so that ks). Any idea?
<raid123>
so that it is available on early boot
ubert has quit [Remote host closed the connection]
<o1lo01ol1o>
How can I give a normal user the permissions to access a secret in /run/keys/alice-secret? using deployment.keys.alice-secret.user = "alice" and deployment.keys.alice-secret.permissions = "0640"; gives correct permissions on the secrete but the user can't access the the path to the secret itself
<Henson>
gchristensen: I'm a little unsure of how to use the builtins.storePath as you suggested. Say I've got services.udev.packages = [ "/nix/store/foo" ]; in my /etc/nixos/configuration.nix file. Where would the builtins.storePath be situated in configuration.nix?
<Henson>
gchristensen: well, I can tell you more about what I'm doing, but not the specific project I'm working on. It's for a computer vision system that runs Linux. These devices are not connected to the internet, but have a front-end tablet that interfaces with them over WiFi. Since the tablet is periodically connected to the internet, we want it to convey software upgrade information to the device.
<gchristensen>
are the devices' hardware and software configuration identical?
Glider_IRC_ has quit [Ping timeout: 258 seconds]
linarcx has joined #nixos
<Henson>
gchristensen: mostly. The motherboard we were using are no longer available, so we're switching to newer hardware. The OS they run is Debian jessie (old stable) which is quite old now and doesn't support ethernet devices of the new hardware, so we need to switch to a new OS. I've been working on Nixifying the software on and off for the past year, and this seems like a good reason to try to...
<gchristensen>
nice
<gchristensen>
so if they really are the same, there is no need to have different hardware-configuration.nix's
<gchristensen>
and then your update server send down a closure which is installed on the target and you're done
<gchristensen>
no update-time evaluation / .nix stuff needed at all
<raid123>
Never mind. Guessing fileSystems.<name?>.neededForBoot replaces the initramfs part
<Henson>
gchristensen: finish it off. NixOS is very compelling for me because I can ensure an identical software execution environment on all of the machines, as well as having that environment be the same on the development machines. Plus, it would seem, as though you can upgrade from one NixOS version to another simply by changing channels and doing an update. No release-upgrade hell to go through...
gratto has quit [Read error: Connection reset by peer]
gratto has joined #nixos
Jetien_ has joined #nixos
<Henson>
gchristensen: like with Debian or Ubuntu. I was also investigating ArchLinux for its rolling-release model, but I hate it. It requires an enormous amount of effort because none of the packages are integrated with each other. NixOS still requires a huge amount of effort (or just a huge learning curve and little documentation) but in exchange we get all of the nice things that the Nix package....
<Henson>
gchristensen: management system brings with it.
<Henson>
gchristensen: the only problem is our system are not connected to the internet and need a "sneaker-net" intermediary to do all software upgrades.
* Henson
breathes
<gchristensen>
cool :D
jonaswouters has quit [Quit: Connection closed for inactivity]
<Henson>
gchristensen: yeah, I could just make all of the filesystems have the same UUID and use a single closure for everything. But say a system needs a slightly different network configuration (we have a few custom systems like that), then everything goes out of the window. It would be much easier if I could just include the udev files by specifying the /nix/store path, because then all of the...
pheoxy has quit [Read error: Connection reset by peer]
<Henson>
gchristensen: devices would be able to run nixos-rebuild themselves, and only the configuration.nix file would need to be patched to include a custom-software.nix file that would add all of the extra bits our software requires.
ym555 has quit [Read error: Connection reset by peer]
Ariakenom has joined #nixos
init_6 has quit []
glenndavy has quit [Ping timeout: 248 seconds]
drakonis has joined #nixos
justbeingglad has joined #nixos
justbeingglad has left #nixos [#nixos]
stranger___ has joined #nixos
stranger___ has left #nixos [#nixos]
drakonis_ has quit [Ping timeout: 268 seconds]
toppler has quit [Ping timeout: 272 seconds]
schjetne has joined #nixos
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<linarcx>
Guys, i'm reading this guideline: https://gist.github.com/edolstra/efcadfd240c2d8906348. and i wana to use: `nix rebuild`, `nix upgrade` or `nix history`, but none of them aren't exists. Why? They don't impleneted yet?
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos
<LnL>
first time I've seen this one, they are not very discoverable
<gchristensen>
they are not
<linarcx>
gchristensen: So.. How we can see the progress of implementations?
ryantrinkle has quit [Ping timeout: 248 seconds]
ryantrinkle has joined #nixos
drakonis has quit [Ping timeout: 248 seconds]
Hazalo1122 has joined #nixos
<Henson>
is there a way I can override options in configuration.nix from another file? I see the imports at the top bringing in the hardware-configuration.nix options, but say I want to include another file that overrides or appends onto the environment.systemPackages list. Is there a proper way to do that?
Hazalo1122 has quit [Remote host closed the connection]
<Henson>
if I were to include my override file in the list of imports and specify a list for environment.systemPackages, would that get replaced by the environment.systemPackages definition in the configuration.nix file itself, or added onto it?
<tilpner>
Henson: Then just set systemPackages in that other file, and it will be merged
<Henson>
tilpner: ok, thank you
<lordcirth>
tilpner, what if you wanted to remove something from systemPackages in the merge? How would you do that?
<tokudan>
lordcirth, basically that's not possible
<symphorien>
You can override it to null in an overlay
<sphalerite>
lordcirth: there isn't a clean way to remove packages from systemPackages. You can use mkForce in your module, but that will remove _everything_ other than what's specified and will probably end in tears :p
gagbo has joined #nixos
Jackneill has quit [Remote host closed the connection]
linarcx has quit [Quit: WeeChat 2.4]
npmccallum has quit [Quit: npmccallum]
linarcx has joined #nixos
schjetne has joined #nixos
is_null has joined #nixos
endformationage has quit [Ping timeout: 248 seconds]
ris has joined #nixos
shosti has joined #nixos
amf has joined #nixos
avn_ has quit [Ping timeout: 258 seconds]
<amf>
1) is there a small example of overriding an upstream package with customizations? such as bumping a version 2) can 2 versions of a package be installed at the same time?
avn_ has joined #nixos
<srhb>
amf: overriding a version is often as simple as oldPackage.overrideAttrs (oa: { name = "newname"; src = newsource; }) -- the name override is not technically needed but it can be a bit confusing
<srhb>
amf: As for multiple versions, it depends what you mean by "installed" -- for instance, you'll have a conflict if you try to put the same, say, bin/foo in your system or user profile.
<srhb>
amf: But they can happily exist in the nix store at the same time, in different profiles, or be made available in your nix-shells. What's desirable is probably use-case specific.
Lids48 has joined #nixos
Lids48 is now known as Liddy
RRedcroft has joined #nixos
Liddy has quit [Remote host closed the connection]
gagbo has quit [Ping timeout: 245 seconds]
Shoubit has quit [Ping timeout: 248 seconds]
<amf>
srhb: awesome thanks!
wfranzini has quit [Remote host closed the connection]
<amf>
my use case is kinda lame, want to have multiple versions of gzdoom installed
wfranzini has joined #nixos
<amf>
the package file is simple enough i can probably learn from it
drakonis has joined #nixos
<srhb>
amf: I'd probably make a small package that contains named symlinks to the versions you care about.
<srhb>
amf: That is, $out/bin/gzdoom-1.0, $out/bin/gzdoom-1.1, etc. each pointing into the respective gzdoom version.
<srhb>
amf: Then you can just install that metapackage and the symlinks will ensure the dependencies are all in place.
<srhb>
amf: (Actually, I'd usually not bother installing to a profile, but... For the sake of argument)
<pie__>
elvishjerricco, " And encryption can prevent data from being stolen or tampered with by attackers with physical access (assuming the system is powered off, or you use multi-key encryption like APFS and the right keys are currently discarded)." from https://elvishjerricco.github.io/2018/12/06/encrypted-boot-on-zfs-with-nixos.html
<pie__>
elvishjerricco, apfs is... apple file system...?
<gchristensen>
yes
<elvishjerricco>
pie__: Yea. APFS is really impressive for such a young fs
<stepcut>
I am trying to put this in my `shell.nix`, haskell.packages.ghc861.developPackage { root = ./.; modifier = (drv: haskell.lib.enableCabalFlag drv "local-common"); };, but when I add the modifier it fails with,
<stepcut>
error: attribute 'override' missing, at nixpkgs-channels/pkgs/development/haskell-modules/lib.nix:37:28
<pie__>
elvishjerricco, never heard of it :v hence my confusion
<elvishjerricco>
it can even do per-extent encryption keys to allow ref-copying a file while it's encryption key isn't even loaded
<pie__>
extent?
schjetne has quit [Ping timeout: 248 seconds]
<pie__>
is that kind of like...individual encrypted files? or zfs datasets
<clever>
pie__: ext4, files are a list of extents
<clever>
i'm guessing different sub-sections of a file can be encrypted with different keys?
<pie__>
ok so you can encrypt a subset of a file
<pie__>
*subsection
<pie__>
huh thats weird
<clever>
and you can do copy-on-write clones of a file, that you cant actually decrypt, i'm guessing
<tokudan>
ah, so they're basically just added to the boot command line?
<exarkun>
Using buildPythonPackage and having some trouble with package data. `setup.py sdist` builds a .tar.gz that includes the package data but `nix build` does not include the package data.
<tokudan>
i thought I'd have to add them somewhere to /etc and was looking for the correct way, but if that works...
ThatDocsLady_ has quit [Quit: Leaving]
<hyper_ch>
and with recently oyu mean years ago=
<tokudan>
hyper_ch, haven't played with module parameters for 15 years... last one was trying to connect a commodore 1541 to my parallel port (?) and configuring a kernel module for that one...
<colemickens>
Can someone at least dismiss the outdated review on my libdrm PR? I worry people will ignore it because it says "changes requested" despite doing the changes.
gagbo has quit [Ping timeout: 272 seconds]
<hyper_ch>
colemickens: did you ping the maintainer(s) of the affected packages?
dansho has joined #nixos
<colemickens>
it appears there is a review requested from vcunat on both mesa PRs
<das_j>
is there a way to pass $out in configureFlags?
Matthieu` has quit [Read error: Connection reset by peer]
glasserc has joined #nixos
mexisme_ has joined #nixos
ardumont has joined #nixos
civodul has joined #nixos
<immae>
das_j: did you try to just pass '$out' as is? if I remember correctly it will expanded like the rest
<immae>
(without the quotes)
<LnL>
not sure if that supports some kind of interpolation like make
<das_j>
immae: [ "--prefix=$out" ] didn't work
<LnL>
but preConfigure = '' configureFlagsArray+=("foo") ''; should work
<tilpner>
Could try [ "--prefix=${builtins.placeholder "out"}" ]
<pie__>
so i cant actually tell is LUKS uses AEAD by default right ow
<pie__>
now
<immae>
oh nice tilpner
<o1lo01ol1o>
is it possible to replace the local "./reflex-platform" in the following function definition to instead import (nixpkgs.fetchFromGithub blh) {} ?
<o1lo01ol1o>
I can't figure out a syntax that works
wfranzini has quit [Remote host closed the connection]
Matthieu` has joined #nixos
<hyper_ch>
colemickens: if vcunat is on the list, just jump the PR IMHO
wfranzini has joined #nixos
<das_j>
LnL: Thanks, that works
<das_j>
LnL++
<{^_^}>
LnL's karma got increased to 11
<colemickens>
What does "jump" mean there?
<LnL>
using placeholders is ok now, slightly nicer
<o1lo01ol1o>
I want something like { reflex-platform ? import ((import <nixpkgs> {}).fetchFromGithub {repoinfo};) {} } but this doesn't seem import the default nix in the way I want
<tokudan>
how do i convert an integer to a string? something like "limit=${2*1024}"
<sphalerite>
> toString 2*1024
<{^_^}>
value is a string while an integer was expected, at (string):254:1
<sphalerite>
> toString (2*1024)
<{^_^}>
"2048"
<sphalerite>
tokudan: ^
<tokudan>
thanks, couldn't find it in the nix pills or google :)
<o1lo01ol1o>
tilpner: ok, if I factor out the fetchFromGithub into a let [...] in { reflex-platform ? import (reflex + /default.nix) {} }, I get expression does not evaluate to a derivation (or a set or list of those)
<tilpner>
o1lo01ol1o: Can you just paste the entire file?
<tilpner>
o1lo01ol1o: You shouldn't need the "+ /default.nix"
<tilpner>
o1lo01ol1o: Use 196m0r2hjafqp8m57cl5a17v1i5f8ky76b75gbvvrdqx3fh1rcq0
<o1lo01ol1o>
ugh, why didn't it say so?
<o1lo01ol1o>
every time i've used this before it would prompt with the expected hash
<srhb>
o1lo01ol1o: The hash was presumably already in your store.
<tilpner>
A path with that output hash was already present in your store
<o1lo01ol1o>
lol
<o1lo01ol1o>
oh well I guess.
<srhb>
o1lo01ol1o: If nix were to go check when that's the case, you would always have to download every source before even being able to get the cached version, if available, which is quiteinfeasible.
<tilpner>
And since you promised this new source would hash to the same as that existing path, Nix did not bother refetching something, because it already had the result available
<tobiasBora>
Hello,
<aristid>
anybody else got issues with pulseaudio recently?
<o1lo01ol1o>
well, lesson learned then
<o1lo01ol1o>
thanks for the help
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fjzwx
<tobiasBora>
Is it possible to "package" a package (and the closure) into a single executable? It would be super useful to compile stuff on a machine, and then copy it to other machines. Especially when it comes to cross compilation: ideally I'd like to use nix to compile a program for my android phone, so that I can just copy the file on android.
<o1lo01ol1o>
ok, new question. I'm looking a commit hash in a private git that I'm trying to fetch with builtins.fetchGit. However, it says that the hash is not a tree object. What gives?
<sphalerite>
o1lo01ol1o: how are you getting the commit hash?
<o1lo01ol1o>
from gitlab; or, git log -1 --format="%H" in a submodule
* tilpner
sets repos to public just to not have to worry about fetching them with Nix
tokudan has joined #nixos
<sphalerite>
eeh, I'm not sure I can help you without access to the repo
<manveru>
o1lo01ol1o: i think you have to specify both the ref and rev
<Henson>
I'm trying to use an old version of ghc Haskell compiler in a derivation for NixOS 19.03. It's not in the 19.03 channel, nor is it in the nixpkgs-unstable channel. But if I download an older version of nixpkgs-unstable then I can get it. Should I add this as a separate nix-channel and use that in my derivation to access the old compiler?
<{^_^}>
nix#2431 (by sgraf812, 37 weeks ago, open): fetchGit fails with a not very helpful error message when fetching a revision not in the remote's HEAD
<o1lo01ol1o>
manveru: thanks, I'll try that
<Henson>
the reason for wanting to do this is I have Haskell software written with a particular version of stack-lts which requires a certain old Haskell compiler.
<manveru>
Henson: you can usually just use fetchTarball
<manveru>
btw, the benefit of not using a channel, is that it'll be reproducible by other people that don't have your channel config, so it's usually worth the effort :)
<{^_^}>
[nixpkgs] @fpletz opened pull request #62838 → cryptsetup: enable kernel crypto api support again → https://git.io/fjzrC
<tobiasBora>
sphalerite: great thank you very much! I'm not sure at all my android as CAP_SYS_USER_NS (that's one of the reason I don't have installed nixos on it yet)... Can you see other methods?
shosti has quit [Remote host closed the connection]
<sphalerite>
tobiasBora: you could run nix in one of the various apps that let you run some linux distro or something
<manveru>
or rather the nix-on-droid stuff from the same guy
<eyJhb>
Does nixos have a dependency tracker? E.g. seeing what relies on what?
<srhb>
eyjhb: nix-store -qR or --tree or things .
<srhb>
eyjhb: nix why-depends is also nice.
<manveru>
"This script installs Nix package manager on Android. It does not require root, user namespaces support or disabling SELinux, but it relies on proot and numerous other hacks instead"
<manveru>
sounds delicious :D
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<Henson>
manveru: I think your solution is working. Thank you very much. How did you learn how to do that? So much of how to do things Nix is undocumented and not searchable.
<tobiasBora>
sphalerite: where they are usually just chroot so the kernel does not change. Or maybe I can disable requirements to have usernamespace on nix?
<manveru>
Henson: osmosis
<sphalerite>
tobiasBora: you can disable the sanbox, yeah
* Henson
is osmosing
<manveru>
hehe
<gchristensen>
ehh do we need Go's setuphook?
<sphalerite>
tobiasBora: if you enable remote builds and disable local builds, disabling sandboxing won't even do any harm :)
<manveru>
that's why i'm still on IRC, it never ceases to teach me new stuff
<manveru>
gchristensen: for old-style packages, yeah
<eyJhb>
srhb Is it possible to just run e.g. nix-store --tree go, to see why go needs to be build for a rebuild?
<gchristensen>
ah
<gchristensen>
manveru: I wonder if we can make go's compiler's path no longer be in GOPATH
<manveru>
don't think it's needed for buildGoModule anymore
<tobiasBora>
manveru: indeed I should give it a try, once I free some space on my device ^^
<gchristensen>
seeing as: warning: GOPATH set to GOROOT (/nix/store/zmd03lv31gg4n92bwznkhsz9fy13xprs-go-1.12.1/share/go) has no effect
<manveru>
yeah, it's not harmful though
<gchristensen>
it is actually
pie__ has quit [Remote host closed the connection]
<gchristensen>
since it is set, Go no longer defaults to $HOME/go
<manveru>
ah, for nix-shell?
<gchristensen>
yea
pie__ has joined #nixos
cmacrae` has joined #nixos
<manveru>
sorry, my brain isn't fast anymore today
toppler has quit [Ping timeout: 248 seconds]
<manveru>
true, it's annoying
<gchristensen>
no worries :) I don't know what I'm talking about. just replaying what mmlb1 and I have been talking about elsewhere
<tobiasBora>
sphalerite: ok, thanks!
<manveru>
i haven't used old style in a long time, so i forgot :D
<tobiasBora>
requires more space my computer actually have... yes I need to sort it out at some points)
<srhb>
eyjhb: The short answer is that you'll want to query the reqs for your system derivation itself, then dig into that possibly with why-depends.
<tobiasBora>
can I simply download an epub version of the manual online? I couldn't find it on the manual page
<srhb>
eyjhb: But it's usually simpler with runtime deps to get a clear view than build time. That said, it's completely doable, just often more obscure (eg. in the case where everything is pulled in as a systemPackage)
<manveru>
mmlb: well, i think the use-case was that when you use nix-shell on a buildGoPackage and not mkShell, it works
toppler has joined #nixos
<manveru>
but i'm not sure how to accommodate both
<srhb>
eyjhb: You end up with answers to "why does my system depend on foo" like "because your system depends on foo" and then you're better off exploring the expression than the drv.
<mmlb>
yeah I haven't checked if its actually needed by that though
<tobiasBora>
"Sorry, it would not work on 32-bit ARM devices."
<manveru>
mmlb: just my theory, and even that would be obsolete with buildGoModule, right?
<tilpner>
tobiasBora: No idea how to view that file though, so it might not be what you want
<mmlb>
manveru: I would think so
<tilpner>
tobiasBora: Oh, nevermind, it looks wrong
<manveru>
so i'd favor deprecating it with go 1.13...
<tilpner>
(Nevermind the nevermind, that was vim being smart)
<o1lo01ol1o>
how can I create a hydra project that will only watch a single branch of a remote git?
<gchristensen>
after the git URL add a space, then the branch name
<o1lo01ol1o>
ill; thanks
<eyJhb>
srhb but having a fairly minimal build right now, I just really have no clue, what expressions to look at. Because I have like... basic i3, chromium, urxvt, weechat, networkmanager and that's about it. I just see nowhere, that it should depend on Go, Rust, etc. But yeah, will prop be some other day
<azazel>
we fancy near similar, near duplicated but different command leading to near similar, near duplicated but different results :-D
Henson has joined #nixos
justanotheruser has quit [Ping timeout: 252 seconds]
justanotheruser has joined #nixos
drakonis has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 258 seconds]
<manveru>
mmlb: like all the other packages?
<mmlb>
manveru: I guess? The way I use shell.nix is for go, dep, and other system packages and then my deps all vendored
<manveru>
yeah
<manveru>
that's mostly for debugging buildGoPackage, but i think that could have its own shellHook?
<manveru>
i never used it either
xavierm02 has joined #nixos
<not_a_robot>
azazel: thanks, that worked. For the name returned I got system-path (for nixos-rebuild) and i'm trying to get it's full path in my configuration.nix via ${pkgs.system-path} but that isn't quite working. Is there another way to grab that full path without hard coding it?
<mmlb>
how can I simulate a debugging of buildGoPackage? I'm not convince the current shellHook is ever necessary right? buildGoPackage _shouldn't_ mean a different go compiler right? So the compilers path shouldn't need to be saved anywhere.
zeta_0 has quit [Quit: rcirc on GNU Emacs 26.1]
<mmlb>
manveru: ^
zeta_0 has joined #nixos
<azazel>
not_a_robot: sorry, could you just explain what you are you trying to do?
<not_a_robot>
azazel: sure, I'm trying to add nixos-rebuild to the security.sudo.extraRules so I don't have to use a password with it
<{^_^}>
[nixpkgs] @risicle closed pull request #62055 → pythonPackages.bjoern: fix test result checking → https://git.io/fjBxO
<clever>
not_a_robot: you might as well just allow everything with sudo, because that allows an attacker to just change sudo.extraRules
<andi->
isn't that bsically like allowing passwordless roo?
<andi->
*root
<not_a_robot>
clever: what's the recommended way to handle updates remotely via ssh besides allow root login?
<clever>
not_a_robot: sudo -i
<clever>
not_a_robot: or put an ssh keypair on root
<not_a_robot>
clever: Ideally I wouldn't want to enter a password, or have root access allowed. But I noticed nixops only allows it via root login. Is that the recommended way?
<{^_^}>
[nixpkgs] @PyroLagus opened pull request #62841 → Change handle from c0dehero to pyrolagus → https://git.io/fjzoz
<clever>
if somebody can nixos-rebuild or nixops deploy, they basically have root
<clever>
there isnt much point in trying to stop them from having "root"
<ashkitten>
seems someone missed me while i was without irc for a month
<zeta_0>
clever: well it installed in home.nix and i am using it right now, i thought everything was working correctly but when i finally got all-hies working with haskell it is showing this error in xmonad.hs?
<clever>
zeta_0: ghc based libraries cant be found when installed, you must be using a variant of ghcWithPackages that includes the library in question
<ashkitten>
lol
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjzoa
<pie__>
colemickens, i dont know why thats an embarrassing question, sounds like it could easily be nontrivial xD have you tried to look at the implementation maybe?
<clever>
zeta_0: looks like that is going to fix things for the `xmonad --reload` thing, but it wont make xmonad available to the editor
ym555_ has joined #nixos
tokudan has joined #nixos
<zeta_0>
then why is haskell-ide-engine telling me: `could not find module XMonad` in xmonad.hs?
schjetne has quit [Ping timeout: 248 seconds]
<clever>
zeta_0: its not in scope for hie, only xmonad itself