<elux>
im installing nixos fresh on a new system and when i wrote nixos-install, i get the error: `fileSystems` option does not specify your root file system
<elux>
i thought the nixos-generate-config would do this for me in hardware-configuration
<sindrip>
What does your hardware-configuration look like?
<elux>
seems tho the filesystems werent detected
Numin0us has joined #nixos
<elux>
looks good, except no `fileSystems."/" = ..` or `fileSystems."/boot" = ` .....
<sindrip>
And you've mounted your partitions?
<elux>
true. i have not
<sindrip>
Once you mount them it should work, just delete the config and run it again
<elux>
thats fixed it, thanks
goibhniu1 has quit [Ping timeout: 268 seconds]
Numin0us has left #nixos ["User left"]
<elux>
btw, my PC has an nvidia geforce 1070 card, any suggestions on how to install a driver for it?
hio has quit [Quit: Connection closed for inactivity]
<sindrip>
I unfortunately haven't done that myself, check out nixos options and search for nvidia
<{^_^}>
[nixpkgs] @matthewbauer pushed to master « nixos: add hardware/network/intel-2200bg.nix to module-list »: https://git.io/fjw9P
Henson has joined #nixos
zfnmxt- has quit [Quit: Bye!]
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
selfsymmetric-mu has left #nixos ["gone to the land of dead hiccups and extinguished light bulbs"]
<Henson>
has anybody here used NixOS to provide secure services to the internet? I usually use apparmor, but it looks like NixOS's support for apparmor isn't quite there yet. I'm wondering if there are other mechanisms similar to AppArmor or containerization or something that provides similar security but works well in NixOS.
<Henson>
I read in the NixOS manual that you can create containerized NixOS environment, but I think it also said they're not high-security containers.
<simpson>
Henson: What's your threat model? Security is ultimately relative to what you want to be secure against.
psy3497 has joined #nixos
alex``` has joined #nixos
zfnmxt_ has joined #nixos
<{^_^}>
[nixpkgs] @matthewbauer pushed to release-19.03 « nixos: add hardware/network/intel-2200bg.nix to module-list »: https://git.io/fjw9X
<Henson>
simpson: people from the internet exploiting vulnerabilities in the services and infiltrating my computers and networks.
<simpson>
Do you have a preferred distro, perhaps, with an existing configuration that you like? We could talk about NixOS's security relative to other distros.
clacke_movim has joined #nixos
<Henson>
simpson: well I usually use Ubuntu or Debian, for which apparmor works well. But I'm getting into NixOS and really like the fact that I don't have to go through the pain of distribution upgrades.
mexisme_ has joined #nixos
<simpson>
Henson: Hm. That's a tough problem. You could avoid the Internet (sounds unlikely, given the problem statement), make your services unhackable (precludes most code in nixpkgs), or separate privileges according to the Principle of Least Authority.
<{^_^}>
[nixpkgs] @matthewbauer pushed 5 commits to master: https://git.io/fjw91
alex`` has quit [Ping timeout: 245 seconds]
<Henson>
simpson: I like apparmor because it supplements Linux's access control mechanisms something more fine-grained, and Apache's mod_apparmor allows them to be applied on a virtualhost basis.
<Henson>
drakonis: I've heard SELinux is horrible to learn, so I've never touched it. I've used GRsecurity before, and liked it better than apparmor, but it's not as well-supported or widespread as apparmor
<Henson>
simpson: I've got apparmor enabled, but it looks like Apache's mod_apparmor module is missing, and it doesn't look like the apparmor profiles have been adjusted to work with NixOS. They're just the vanilla Ubuntu apparmor profiles, but apparmor depends on the absolute path of the executables, and all of the Nix executables are /nix/store paths and don't get loaded by apparmor.
<Henson>
simpson: I added my own directory to the apparmor profiles paths and created a copy of the apache2 module, but with the httpd path in the Nix store, and it works.
<simpson>
Hm. Wonder how that could be improved.
<Henson>
simpson: but without mod_apparmor it doesn't work with per-virtualhost security profiles
<drakonis>
ah, grsec.
<drakonis>
that one's a big no no
<Henson>
simpson: I think a series of automatically-generated patches need to be applied to all of the vanilla Ubuntu apparmor profiles to adjust their paths to match those used by NixOS.
<Henson>
simpson: they could just becomes part of the apparmor-profiles package's build script. I was just wondering if there was a more NixOS-ish solution that I was unaware of.
<simpson>
Henson: Sure. NixOS paths are probably generated by Nix, though, so we might have to generate the AppArmor profiles with Nix too.
<drakonis>
there's also landlock, but its far away
<drakonis>
some other fresh new lsm
<aanderse>
hmm... looks like we should be dropping mysql 5.5 support from nix and adding 8.0
<aanderse>
seems like 5.5 support is post end of last year
<aanderse>
s/post/past
<Henson>
simpson: yes. But the apparmor-profiles package downloads the profiles from Ubuntu, and the proper Nix paths could be generated by referring to the various executables in nixpkgs, and patching the Ubuntu profiles with these different executable locations.
<Henson>
simpson: assuming, that's the only difference.
<simpson>
Henson: As a general rule of thumb, LSB and FHS aren't available. If the application doesn't care about them, then it will work fine; otherwise, it may require adjustments.
<Henson>
simpson: sorry, can you elaborate on LSB and FHS?
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
dongcarl has quit [Ping timeout: 258 seconds]
englishm has quit [Ping timeout: 258 seconds]
hoek has quit [Ping timeout: 258 seconds]
<simpson>
Henson: Linux Standard Base and Filesystem Hierarchy Standard are standards for how Linux distros ought to lay out the filesystem. NixOS does not especially follow them, aside from a few very important paths like /bin/sh and /usr/bin/env.
infinisil has joined #nixos
calbrecht[mb] has joined #nixos
<Henson>
simpson: ahh, ok. That might make proper Apparmor integration difficult. Perhaps sticking to Ubuntu is better for an outward-facing service, and accepting the pain of distribution upgrades.
CMCDragonkai has joined #nixos
peel has joined #nixos
ProofTechnique has joined #nixos
eacameron has joined #nixos
rodarmor has joined #nixos
Wizek has joined #nixos
dongcarl has joined #nixos
englishm has joined #nixos
hoek has joined #nixos
zfnmxt has quit [Ping timeout: 268 seconds]
<simpson>
Henson: Whatever works for you. I've not had security problems with NixOS in production, but I've got a very specific threat model that can survive partial compromise of those particular NixOS frontends.
<simpson>
(Which is not to say that any of my NixOS machines have been compromised, to my knowledge!)
sindrip has quit [Ping timeout: 260 seconds]
<elux>
on my new system, home-manager switch --upgrade is telling me nodejs-12_x does not exist, yet on my laptop with the identical setup (so I think), i have nodejs-12_x with home manager installing fine
sheeldotme has joined #nixos
<clever>
elux: what does `nix-channel --list` and `sudo nix-channel --list` report?
<aanderse>
clever: so do i just copy/paste yarn2nix from the moretea/yarn2nix repo into my folder?
<clever>
aanderse: youll want to import it, via fetchFromGithub, or use the copy nixpkgs provides
<clever>
elux: definitely looks like you have a _latest version on one machine
<CloudNinja>
Hey, I'm wanting to try out nixos yet again, but am in a slight predicament: I don't have an extra flash drive to use. The only guide i found thats's semi-official is out of date, so i'm wondering what my best option is. I have an arch install
<aanderse>
clever: but nixpkgs doesn't include the mkYarnPackage function
<clever>
CloudNinja: if you run kexec_nixos like in this example, it will immediatelly boot into nixos, without any changes to the hdd
<clever>
CloudNinja: you can then continue with the installation as normal
<aanderse>
clever: that sounds much better than the 1 example in nixpkgs which just manually pasted the file in, presumably...
<CloudNinja>
clever: this sounds not only like a good idea but also really neat
<CloudNinja>
thanks
<aanderse>
clever: any thoughts on using yarn2nix if the application uses cmake to build? :\
<clever>
aanderse: that gets more messy, i would patch the cmake layer to just take a pre-built copy of the npm stuff in an env var
CloudNinja has quit [Quit: WeeChat 2.5]
<aanderse>
clever: thanks for advice
<sonercirit[m]>
is there any way to get the whole kde suite? ( image viewer, archive, screenshot tool etc.)
<sonercirit[m]>
if I onl do `plasma5.enable` I'm missing those
<Henson>
simpson: have you used SELinux? What do you use for securing your computers?
<simpson>
Henson: I've used SELinux. I don't really think of hardening as providing security properties, but as defense in depth and an apology for insufficiently-fine-grained kernel APIs.
utdemir has joined #nixos
<Henson>
simpson: what path would you take if you wanted to expose Apache or Postfix or something like that to the Internet?
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fjwHf
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #63595 → wxGTK31: 3.1.0 -> 3.1.2; use a real derivation → https://git.io/fjVAb
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fjwHJ
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #63609 → udev: change error message if RUN entry is not executable → https://git.io/fjwf2
<{^_^}>
[nixpkgs] @matthewbauer pushed 3 commits to master: https://git.io/fjwHU
<utdemir>
If I have built a system configuration using 'import ./nixpkgs/nixos {configuration=./configuration.nix}', what's the easiest way to activate that function? Currently I have to do 'export NIXOS_INSTALL_BOOTLOADER=1; nix-env -p /nix/var/nix/profiles/system --set $store_url; $store_url/bin/switch-to-configuration switch' which feels like the wrong thing.
<simpson>
Henson: In any case, I'd follow the Principle of Least Authority, but specific daemons require specific considerations. I don't know whether I'd run a hardened profile.
Supersonic112 has joined #nixos
Supersonic has quit [Disconnected by services]
Supersonic112 is now known as Supersonic
zfnmxt_ is now known as znfmxt
freeman42x has quit [Ping timeout: 252 seconds]
<sonercirit[m]>
so can we do wildcards in `configuration.nix` ? like `jetbrains.*`
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #63695 → pythonPackages.hidapi: enable on darwin → https://git.io/fjw1k
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fjwHT
Henson has quit [Read error: Connection reset by peer]
utdemir has quit [Quit: WeeChat 2.4]
<elux>
clever: yea i have kernalPackages = pkgs.linuxPackages_latest set on both desktop and laptop.. and desktop is stable, laptop is unstable .. but 5.1.14 and 5.1.11 versions respectively
<Henson>
simpson: sorry, my computer crashed. What was your answer to my question about the path you would take if you were exposing apache, postfix, or some other service to the internet? The principle of least authority?
<drakonis>
we got logs
<{^_^}>
[nixpkgs] @teto merged pull request #63566 → luaPackages.luaexpat: Downgrade to fix prosody issue and match typical distros → https://git.io/fjVDy
<{^_^}>
[nixpkgs] @teto pushed commit from @Shados to master « luaPackages.luaexpat: Downgrade to fix issue and match typical distros »: https://git.io/fjwHC
<drakonis>
simpson | Henson: In any case, I'd follow the Principle of Least Authority, but specific daemons require specific considerations. I don't know whether I'd run a hardened profile.
<Henson>
drakonis: awesome, thank you!
<sonercirit[m]>
reasking this: so can we do wildcards in `configuration.nix` ? like `jetbrains.*`
<drakonis>
the logs are in the channel topic
<Henson>
drakonis: thanks for pointing that out!
<clever>
sonercirit[m]: what do you want the * to do?
<sonercirit[m]>
clever: I want it to install all the jetbrains apps for that category
<sonercirit[m]>
like `environment.systemPackages = [ pkgs.jetbrains.* ] `
<clever>
sonercirit[m]: that returns a list, containing every value in the jetbrains set
<clever>
sonercirit[m]: so you would do: environment.systemPackages = builtins.attrValues pkgs.jetbrains;
<sonercirit[m]>
clever: would this work `environment.systemPackages = with.pkgs; [ wget ] ++ builtins.attrValues jetbrains `
<clever>
sonercirit[m]: probably
<clever>
sonercirit[m]: may need some () to scope things right, environment.systemPackages = with pkgs; ([ wget ] ++ builtins.attrValues jetbrains);
elux has quit [Read error: Connection reset by peer]
sheeldotme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<sonercirit[m]>
clever: `error: The option value `environment.systemPackages.[definition 3-entry 36]' in `/etc/nixos/configuration.nix' is not of type `package'.` tried scoping as well
<sonercirit[m]>
same results
<clever>
> jetbrains.recurseForDerivations
<{^_^}>
true
<clever>
sonercirit[m]: one of the entries in that set, is not a package
<sonercirit[m]>
clever: I see, rider IDE seems like broken then, I'll look into it, thanks a lot!
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kvda has joined #nixos
slack1256 has quit [Remote host closed the connection]
<danderson>
Hi! New to NixOS and going through the manual, and 6.2 (Ad-hoc package management) has me a little confused about the interaction of nix-env and nixos-rebuild.
<danderson>
Specifically, the manual says that nix-env packages installed by root become part of the systemwide default profile... Which is apparently not the same thing as environment.systemPackage in configuration.nix?
ee1943 has joined #nixos
<danderson>
I assumed they were the same, and `nixos-rebuild switch` would revert to only what's specified in the config. What am I missing?
xkapastel has quit [Quit: Connection closed for inactivity]
<danderson>
or put another way: is there a way to easily empty out the default profile, so that I can get the system back to the declarative spec only?
MinceR_ has joined #nixos
MinceR has quit [Ping timeout: 248 seconds]
<DigitalKiwi>
nix-env -e '.*'
<DigitalKiwi>
I think that's what you want? it'll remove anything you nix-env -i
<DigitalKiwi>
and by systemwide default it means available to 'all users' as dual to 'only the user that installed it'
freeman42x has quit [Ping timeout: 258 seconds]
<day|flip>
connman need wpa_supplicant to start for it to work with wifi. but for some reason wpa_supplicant does not start on boot. i have to manual start it. for connman wifi to work
<leira>
I have a question regarding `nix-env`. I don't understand what exactly `nix-env` does. I end up not using it at all. I'm afraid of my environment diverging from my `configuration.nix`. What does `nix-env` do exactly? If I install a new package `foo` with `nix-env`, then add another package `bar` into configuration.nix, what will happen after I run
<leira>
`nixos-rebuild switch`? Is `foo` still in the environment or not?
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
cjpbirkbeck has quit [Quit: Quitting now.]
vmandela has joined #nixos
knupfer has joined #nixos
ddellacosta has quit [Ping timeout: 272 seconds]
MinceR_ is now known as MinceR
ajirx has joined #nixos
wfranzini has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
zacts has joined #nixos
orivej has quit [Ping timeout: 246 seconds]
zacts has quit [Client Quit]
zacts has joined #nixos
o1lo01ol1o has quit [Ping timeout: 272 seconds]
<DigitalKiwi>
it is there until you nix-env -e foo
dansho has quit [Remote host closed the connection]
dansho has joined #nixos
<DigitalKiwi>
i generally only use nix-env for temporary stuff i'm evaluating. others prefer to use nix-shell and avoid using nix-env altogether. *shrug*
<DigitalKiwi>
(if i decide i like it i move it to permanent configuration, if i don't i -e stuff i don't want periodically)
knupfer has quit [Ping timeout: 264 seconds]
gerschtli has joined #nixos
<danderson>
DigitalKiwi: thanks. The part that confused me is that nix-env run as root seems to also make things available to all users, so there's both a declarative and an imperative way to install packages, and they don't talk to each other.
<danderson>
Makes sense I suppose, I was just a bit lost. nix-env -e is great, thanks for the pointers!
<{^_^}>
[nixpkgs] @vcunat pushed 3 commits to release-19.03: https://git.io/fjwQN
<DigitalKiwi>
danderson: you're welcome
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
palo1 has joined #nixos
kvda has joined #nixos
<leira>
DigitalKiwi: Thanks~ for temprary evaluation, nix-shell seems to be the better choice to me, I'm apparently one of who "avoid using nix-env altogether".
palo has quit [Ping timeout: 258 seconds]
palo1 is now known as palo
<DigitalKiwi>
usually my temporary evaluations are for more than just one use things so the nix-shell is too annoying to type each time
reinhardt has joined #nixos
<DigitalKiwi>
also it helps me remember it's even a thing if i can nix-env -q and see the list of things
<{^_^}>
[nixpkgs] @danbst pushed 2 commits to release-19.03: https://git.io/fjw7U
mexisme_ has quit [Ping timeout: 272 seconds]
reinhardt has quit [Quit: Leaving]
<pbb>
Is there a way to get the text of an expression? Like, I have some configuration that I want to include in an installation image I am building, and I want to include dynamic contents
<dminuoso>
pbb: Mmm, wouldn't such a feature break referential transparency?
<dminuoso>
otoh we dont have ref transparency in nix to begin with...
anon has joined #nixos
<dminuoso>
pbb: What do you mean by "dynamic contents" exactly?
anon is now known as Guest80637
<pbb>
In this case ssh keys
<pbb>
I mean it's possible to write the nix expression I want to ship as a text inside the nix expression for the iso and just join the ssh keys together, but it would be nicer to have another way
<dminuoso>
pbb: Why not simply produce attribute sets?
ZombieByte has joined #nixos
<pbb>
how do I get those attribute sets inside the iso?
<ldlework>
you can also read file, or just load any other expression you want
<ldlework>
using an import statement
<dminuoso>
pbb: By writing a nix expression for it?
<pbb>
Ok so I can just copy the .nix file to the iso as a file
<pbb>
but that way the contents are static
mexisme_ has joined #nixos
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #63716 → nixos/mosquitto: make the tests run → https://git.io/fjw7t
<pbb>
currently I have a service that's included in the live system, that includes some echo > /etc/nixos/configuration.nix << EOF ... EOF, where some options are inserted, like ip address, users and so on
ericsagnes has quit [Ping timeout: 258 seconds]
<pbb>
I guess I have to copy all the source files to the iso as files and have a configuration.nix that imports from there
<{^_^}>
[nixpkgs] @j-piecuch opened pull request #63719 → lib: add applyOptional field to options, use it in mkAliasOptionModule (fixes #63693) → https://git.io/fjw5c
<DigitalKiwi>
it's actually useful for ssh even if you don't use gpg though
Jackneill has joined #nixos
Jackneill has quit [Ping timeout: 272 seconds]
Jackneill has joined #nixos
Jackneill has quit [Remote host closed the connection]
Jackneill has joined #nixos
<siraben>
DigitalKiwi: Thanks, will check out
<{^_^}>
[nixpkgs] @basvandijk merged pull request #63718 → Backport "Improve composability of mkShell" to release-19.03 → https://git.io/fjw5k
<{^_^}>
[nixpkgs] @basvandijk pushed 3 commits to release-19.03: https://git.io/fjw5g
ajirx has joined #nixos
thc202 has joined #nixos
sg2002 has joined #nixos
alp has joined #nixos
<sg2002>
Hello. Have a rather simple question - how do I disable KDE in configuration.nix? I have a 32bit machine that got stuck on nixos 17 due to QT being broken. Since I generally sue it as a server I had the idea of removing the desktop altogether.
knupfer has joined #nixos
<sg2002>
Afaik the only KDE mention I have in my config is "services.xserver.desktopManager.plasma5.enable = true;", which I've just set to false.
sg2002 has quit [Read error: Connection reset by peer]
sg2002 has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mexisme_ has joined #nixos
<jasongrossman>
sg2002: Didn't that work? It should!
reinhardt has joined #nixos
<jasongrossman>
sg2002: You may also want to set xserver.enable to false.
Shoubit has joined #nixos
<sg2002>
jasongrossman: No, it didn't QT still tries to compile and when it fails I see that is'a dependency of all those KDE things. Haven't tried turning off the xserver altogether yet, but had the idea too. Probably that's what I'd do next.
<flokli>
hmm… do we already pull in the client binaries when enablign the server?
arjen-jonathan has joined #nixos
__monty__ has joined #nixos
<flokli>
if so, mariadb.server could also pull in mariadb.client by referring mysqlcheck with an absolute path to ${pkgs.mariadb.client}/bin/mysqlcheck
<flokli>
I'm unsure what binary should be in which server, but guess it makes sense to do it similar to other distros
<Izorkin>
flokli: In other OS, when the server is installed, the client is automatically installed
MmeQuignon has quit [Read error: Connection reset by peer]
<flokli>
Izorkin: currently, mariabdb.server doesn't depend on mariadb.client
linarcx has quit [Quit: WeeChat 2.5]
<Izorkin>
flokli: how to fix?
<flokli>
I guess mysql_upgrade is useful to have on a server, even if we don't automatically call it. If that requires the mysqlcheck command, we should make sure it's there too
linarcx has joined #nixos
<flokli>
we should probably take a look again about what lands in the client and what in the server packages in other distros
<flokli>
My gut feeling says having the server depend on the client package is okay, the other way around not
<flokli>
I'm not sure how common it is to run mysqlcheck / mysql_upgrade on a remote machine that is not a mysql server.
<flokli>
this only adds the client package as a buildInput - it doesn't necessarily affect the runtime closure
<flokli>
please open an issue about github.com/NixOS/nixpkgs/commit/1db3a91bab24e2e6ec3fa78de5be8b6c938cb0c0#commitcomment-34044268, so people can discuss there. there's no silver bullet
<pbb>
clever: in your kexec test you do append a gzipped cpio archive to the initrd. is anything else needed to access those files or will they just be available automatically?
<pbb>
because I tried putting stuff in there and could not access it in initramfs
hyper_ch2 has quit [Remote host closed the connection]
sigmundv has joined #nixos
tilpner has joined #nixos
MmeQuignon has quit [Read error: Connection reset by peer]
<toppler>
Have I got it right that the firefox in nixos-stable is broken because of mozilla's certificate expiry issue?
<noudle>
okay i have an idea where its comming from now.. gotta fix it later.
Tucky has quit [Quit: WeeChat 2.5]
judson__ has quit [Remote host closed the connection]
<andi->
toppler: what is broken there for you? The certificate issue was resolved many channel versions ago
judson__ has joined #nixos
<andi->
Just ugpraded my work laptop this morning and I am writing this through firefox..
cfricke has quit [Quit: WeeChat 2.5]
noudle has quit [Ping timeout: 258 seconds]
judson__ has quit [Remote host closed the connection]
judson__ has joined #nixos
domogled has joined #nixos
<toppler>
andi-: I only noticed on a fresh firefox profile. I've tried on two different machines. I'm not sure if it's the exact same issue. I can install some addons fine, but not multiaccount containers (for e.g)
jackdk has quit [Quit: Connection closed for inactivity]
<toppler>
The error is "Download failed. Please check your connection."
<andi->
toppler: whats your firefox version?
<andi->
and what do you see on `about:studies`
<toppler>
andi-: 66.0.3. "You have not participated in any studies."
<andi->
you probably want to update to 67.0.4 (which is on 19.03) ASAP
ee1943 has quit [Read error: Connection reset by peer]
ee1943 has joined #nixos
v88m has quit [Ping timeout: 246 seconds]
psy3497 has quit [Ping timeout: 258 seconds]
knupfer has quit [Remote host closed the connection]
knupfer has joined #nixos
<andi->
^ toppler (just making sure you saw the line)
sg2002 has quit [Read error: Connection reset by peer]
jeaye has joined #nixos
pmiddend has joined #nixos
sg2002 has joined #nixos
phdoerfler has quit [Quit: Leaving.]
jeaye has quit [Ping timeout: 246 seconds]
jeaye has joined #nixos
<manveru>
guess there's still no declarative config for printers/scanners? finally got one today but had to do config in cups and passing an URL to `simple-scan`... not too hard but i'd like to replicate it easily on other machines :)
ThatDocsLady has joined #nixos
<Yaniel>
most things have extraConfig that gets appended to the respective config file
<{^_^}>
#17411 (by michalrus, 2 years ago, open): SANE module should allow editing backend configs
cantstanya has quit [Ping timeout: 260 seconds]
cantstanya has joined #nixos
alex``` has quit [Ping timeout: 246 seconds]
jeaye has quit [Ping timeout: 248 seconds]
<manveru>
well, in this case i could probably do it via `environment.etc."cups/printers.conf".text` for all of the files after generating it with cups once?
<manveru>
i'll try that and add the info to the wiki :)
phdoerfler has joined #nixos
phdoerfler has quit [Client Quit]
alex``` has joined #nixos
phreedom_ has joined #nixos
asheshambasta_m has joined #nixos
phreedom has quit [Quit: No Ping reply in 180 seconds.]
<pie_>
ilmu, joepie91 is into ux stuff you should talk to him about your WM ideas
isHavvy has joined #nixos
Havvy has quit [Ping timeout: 246 seconds]
jackdk has joined #nixos
polman has quit [Ping timeout: 244 seconds]
ajirx has quit [Remote host closed the connection]
srhb has quit [Client Quit]
xkapastel has quit [Quit: Connection closed for inactivity]
srhb has joined #nixos
polman has joined #nixos
clacke_movim has left #nixos [#nixos]
__monty__ has quit [Quit: leaving]
srhb has quit [Client Quit]
asheshambasta_m has quit [Quit: Leaving.]
srhb has joined #nixos
aswanson has joined #nixos
asheshambasta_m has joined #nixos
asheshambasta_m has quit [Client Quit]
polman has quit [Ping timeout: 244 seconds]
arjen-jonathan has joined #nixos
hoijui has joined #nixos
srhb has quit [Client Quit]
srhb has joined #nixos
fendor_ has joined #nixos
asheshambasta_m has joined #nixos
srhb has quit [Client Quit]
kisik21 has joined #nixos
polman has joined #nixos
srhb has joined #nixos
gonz_ has left #nixos [#nixos]
<kisik21>
So. Let's say I have some containers. What is the Right Way (TM) to give them access to host data? Bind mounts in host's config.fileSystems (optionally read-only)?
<kisik21>
can a single bind-mounted folder be shared safely between several containers?
<{^_^}>
[nixpkgs] @abbradar opened pull request #63731 → LP and optimization packages → https://git.io/fjwpx
MmeQuignon has joined #nixos
samrose has joined #nixos
xelxebar has joined #nixos
cfricke has joined #nixos
ddellacosta has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed commit from @alyssais to release-19.03 « Merge #63484: linux_5_0: remove »: https://git.io/fjwhC
trevorriles has joined #nixos
ericsagnes has quit [Ping timeout: 246 seconds]
kisik21 has quit [Quit: ERC (IRC client for Emacs 26.2)]
<yorick>
gchristensen: how does nixos deal with the dynamic configuration? seems like I have to do rabbitmq-plugins enable rabbitmq_mqtt && rabbitmqctl add_user
<sternenseemann>
what is the usual time it takes for nixpkgs to update hackage-packages.nix?
shabius has joined #nixos
ericsagnes has joined #nixos
MmeQuignon has quit [Read error: Connection reset by peer]
clacke_movim has joined #nixos
<yorick>
sternenseemann: twice a month?
is_null has quit [Ping timeout: 248 seconds]
Okinan has joined #nixos
<clever>
pbb: they should just be available in the initrd, do you have an example of what your doing?
<infinisil>
sternenseemann: @peti has automatic updates running once a day on the haskell-updates branch, which gets merged into master maybe weekly
Okinan_ has joined #nixos
Okinan has quit [Ping timeout: 276 seconds]
Okinan_ has quit [Client Quit]
Okinan has joined #nixos
abathur has joined #nixos
<ddellacosta>
is there a way to install nginx on the system level (so e.g. I can continue to use systemctl to control it) while using my own configuration file? I don't see any options to specify a file in any of the services.nginx.* directives
<clever>
ddellacosta: why do you need your own config file?
<ddellacosta>
infinisil: thanks, I'll give that a shot
<infinisil>
manveru: With .config it just inserts that part in the other-wise hardcoded config file
<infinisil>
With what I showed you can override the whole config file
<manveru>
there are only 3 lines hardcoded... not sure that would cause much headache :)
<manveru>
but yeahh
<ddellacosta>
clever: I just find it to be a major pain in the butt to use the directives...it's not clear how to do stuff sometimes, and it's an additional translation layer past configuring nginx which I don't need
<infinisil>
manveru: Ah true
<manveru>
either way it will break nginx usage from any other nixos module
<ddellacosta>
clever: and I'm trying to update stuff iteratively right now, it's just slow for me
<infinisil>
ddellacosta: Yeah so you probably want to use .config instead
<ddellacosta>
infinisil: I tried that initially, I couldn't figure out how to use that without re-running `nixos-rebuild switch` every time I changed it
ym555 has joined #nixos
<dminuoso>
How does one clean up after files? Shouldn't there be a sort of deactivationScripts option for modules?
<infinisil>
ddellacosta: Ah yeah, if nginx doesn't have any `include` like statement, then that's indeed not possible with .config
<Yaniel>
clean up after what files?
<Yaniel>
generally speaking you don't need to clean up, since things that are not referenced anymore are simply not linked anywhere from the nix store, and removed next time you do garbage collection
<dminuoso>
Yaniel: Would garbage collection clean up after files in /etc ?
<dminuoso>
Yaniel: In my case I have a mutable state directory in /var/run
<Yaniel>
no, files in /etc are linked from the nix store AFAIK
<zacts>
I have been able to upgrade via git before, until the upstream builds are updated
<eraserhd>
If I have a PR languishing, and the maintainer of the package isn't reviewing it, can I take on maintaining the package? Is there something else I should do?
<zacts>
well you may not want to use the --upgrade there though. I haven't done it in a while
<Schnee>
Hello. I am trying to figure out how to setup LUKS with yubikey and am a bit unsure where to start. Is there an updated tutorial regardig this that people are aware of? Should I encrypt all drives including root? I was thinking of just encrypting one drive but not sure how decryption will be handled.
<clever>
zacts: yeah, the --upgrade is useless
<hyper_ch>
I just encrypt everything - that way I won't accidentally forget to encrypt something important
<clever>
zacts: it just tells nix-channel to --update, so mixing with -I nixpkgs= is pointless
<nilsirl[m]>
How can I have a workspace for contributing/modifying a software that is already packaged in nixos?
<eddyb>
which is, like, the only thing that propagates to the testsuite
kvaster_ has joined #nixos
alpounet has joined #nixos
alp has quit [Ping timeout: 257 seconds]
Lisanna has joined #nixos
dbmikus has joined #nixos
<exarkun>
tilpner:thanks
sigmundv has quit [Ping timeout: 245 seconds]
judson_ has joined #nixos
<exarkun>
I can't seem to get myself an environment with both an upgraded openssl and a python interpreter with some modules built against that openssl.
phdoerfler has quit [Quit: Leaving.]
judson__ has quit [Remote host closed the connection]
arjen-jonathan has quit [Ping timeout: 264 seconds]
<zfnmxt>
Is it possible to configure the `Restart=` systemd option using `systemd.service.<name>`? I don't see anything related to it for the configuration.nix options.
<zfnmxt>
Oh wait, I just found `serviceConfig`. I think that'll do it. :)
<Guanin>
I'm currently trying to write a test and have a problem: when using virtualisation.vlans, the udhcpc in the initramfs won't pick up an IP via DHCP
<Guanin>
I'm just wondering if I should set the IP manually or try to fix that problem
<Guanin>
Might be not exactly what I am looking for. To elaborate: I'm the author of PR #63165 and want to write a more sophisticated test than the one I've submitted already. So currently, my draft looks like this https://gist.github.com/Amarandus/161d2541d4dcab988e1d614cf25d5097 and the main problem here is that ovpnclient runs udhcpc but fails to get an IP for vlan 1
<gchristensen>
I don't know what it means or how to fix it, but I think it can be
<slabity>
Yea, GPU issue
<simpson>
monokrome: Is your GPU ancient? Have you seen it do wider modes than 4096px?
<monokrome>
simpson: No and yes
<gchristensen>
hot plugging idsplays and errors like that took me to sway / wayland. wayland is objectively worse in many ways and applications are much worse, but it gets hot plug right
<simpson>
Well, it's not the obvious problem, then. Wonder what's wrong.
<slabity>
CRTC is the scanout controller responsible for timing and resolution
<monokrome>
It's not a hot plug issue, it happens even if I reboot?
<gchristensen>
yeah unrelated to hotplugging I'd see it
<monokrome>
Maybe X is using the wrong driver?
<monokrome>
,locate lspci
<{^_^}>
Found in packages: toybox, busybox, pciutils
<monokrome>
thnx bot
<samueldr>
in my experience, with nvidia drivers, it was because I was asking of a too large area
is_null has joined #nixos
<monokrome>
I want to avoid Wayland beacuse I don't think I can easily run dwm in it
<gchristensen>
worth trying to fix without wayland for sure
<monokrome>
I just have an intel GPU, not nVidia though
<slabity>
It's possible that you don't have enough CRTCs to run the configuration you want
<samueldr>
oh, slabity, you just made me realise that was it, using too many outputs, not a too large area; I have this card with 4 outputs, but it can only drive 2 at once :/
<monokrome>
eDP1 is off, so only trying to drive 2 here
<monokrome>
DP1-1 and DP1-2
<slabity>
samueldr: Yea, that's actually a common issue because GPU manufacturers don't specify the type of setup to provide 'N-monitor' support
<samueldr>
in my case the card can handle any two pairs, but that's it, only two at once (though at least it was documented)
mexisme_ has joined #nixos
ddellacosta has joined #nixos
is_null has quit [Ping timeout: 245 seconds]
<slabity>
monokrome: Do you still get the issue if you leave out the `--right-of DP1-1`?
<slabity>
Maybe see what happens if you leave out `--rotate left` as well
simbergm has quit [*.net *.split]
xenofungus[m] has quit [*.net *.split]
AntonSchirg[m] has quit [*.net *.split]
frederic_chopwn4 has quit [*.net *.split]
jonreeve[m] has quit [*.net *.split]
<aveltras>
anyone having an error when using stack (haskell build tool) ? it spits this error "Cannot determine project root directory for Docker sandbox." when trying to create a new project
frederic_chopwn4 has joined #nixos
jonreeve[m] has joined #nixos
simbergm has joined #nixos
<monokrome>
hmm
xenofungus[m] has joined #nixos
AntonSchirg[m] has joined #nixos
<monokrome>
so I put them both at 640x480 and that worked
<monokrome>
but if I turn off DP1-2 and try to put DP1-1 back to where it was
<monokrome>
same issue on DP1-1 now
<monokrome>
(which would be the only device)
ddellacosta has quit [Ping timeout: 246 seconds]
lovesegfault has quit [Quit: WeeChat 2.5]
<slabity>
So turning everything off except DP1-1 still results in the CRTC issue?
<monokrome>
day|flip: Yeah, I think you're right >.<
lordcirth has joined #nixos
is_null has quit [Ping timeout: 246 seconds]
psyanticy has quit [Quit: Connection closed for inactivity]
<ivegotasthma>
hello, what's the preferred way of developing haskell on nixos?
<Ankhers>
,locate pdflatex
<{^_^}>
Found in packages: tetex, texlive.combined.scheme-basic, texlive.combined.scheme-small, texlive.combined.scheme-medium, texlive.combined.scheme-minimal
<{^_^}>
[nixpkgs] @arcnmx opened pull request #63746 → cargo-expand: fix darwin build → https://git.io/fjrta
knupfer has quit [Read error: Connection reset by peer]
<simpson>
I'm looking to update Helm (the Kubernetes one). It's a Go package, using glide for package management. Is there a glide2nix?
abathur has quit [Ping timeout: 248 seconds]
myskran has joined #nixos
<etu>
,locate svgo
<{^_^}>
Found in packages: kibana5, kibana-oss, nodePackages.svgo
mexisme_ has quit [Ping timeout: 245 seconds]
ym555 has quit [Ping timeout: 246 seconds]
mexisme_ has joined #nixos
<noudle>
okay samueldr gchristensen my problem is the following: booting from usb is no problem, but i dont want to have my os on a usb stick. booting from sd works too but my sd cards do not live long so thats also not an option. i have a sata to usb adaptor so i flashed the same image as i put on the usb (which worked) on the hdd, but its not booting from there
equivrel` has joined #nixos
<noudle>
any ideas?
<samueldr>
which image are you flashing?
<noudle>
the raspbian one which worked from usb boot
<samueldr>
sorry, which nixos image :)
<noudle>
uhm sec
<samueldr>
sd_image or iso-image?
sindrip has joined #nixos
equivrel has quit [Ping timeout: 258 seconds]
<noudle>
its a .img file, need to look from where i got it
<noudle>
i did not test that one over usb, just from the hdd
<noudle>
where it did not boot
<noudle>
just like the rasbian did not boot from hdd
<noudle>
what is the difference between an usb stick and a hdd connected over an usb adaptor
<samueldr>
it's possible that the disk spins up too slowly for the raspberry pi firmware
<noudle>
on the other side i would be happy to put the boot partition on the usb stick and the os on the hdd, guess that would work
<samueldr>
in my experience, with a spinning hard drive, it was the case
<noudle>
hmm
<samueldr>
that would work too, I used a similar setup
kvaster_ has quit [Ping timeout: 246 seconds]
<samueldr>
I had the read-only expendable firmwarey bits on an SD card, and that part booted the same usb hard drive that the raspberry pi firmware wouldn't
<samueldr>
only by the fact that it took longer, so the disk would be ready
<noudle>
thats kinda meh
<samueldr>
(though it wasn't using sd_image, neither by using u-boot, but by using tianocore)
<samueldr>
(it made the raspberry pi act like a standard uefi system)(
<noudle>
hmm i gotta try all of that tomorrow
<samueldr>
it worked well enough that that's my preferred way to boot a raspberry pi
<samueldr>
grub shows up with graphical UI for selecting generations
<samueldr>
it's basically a standard UEFI system
<gchristensen>
nice
<samueldr>
* but will add some headaches for device trees and device tree overlays as it is right now
Guest80637 has quit [Quit: WeeChat 2.4]
nurelin_ has quit [Ping timeout: 250 seconds]
<noudle>
good night :)
noudle has quit []
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
Soo_Slow has quit [Remote host closed the connection]
jluttine has quit [Ping timeout: 244 seconds]
ericsagnes has joined #nixos
jluttine has joined #nixos
o1lo01ol1o has joined #nixos
m0rphism has quit [Ping timeout: 246 seconds]
Miyu-saki has joined #nixos
jeregrine has joined #nixos
<nh2>
when on recent nixpkgs master (42602804) I run `gst-launch-1.0`, I get `printf: usage: printf [-v var] format [arguments]`
o1lo01ol1o has quit [Ping timeout: 245 seconds]
<nh2>
It looks like the executable wrapper is wrong, it contains:
<nh2>
export GST_PLUGIN_SYSTEM_PATH=$GST_PLUGIN_SYSTEM_PATH${GST_PLUGIN_SYSTEM_PATH:+:}$(unset _tmp; for profile in $NIX_PROFILES; do _tmp=$profile/lib/gstreamer-1.0${_tmp:+:}$_tmp; done; printf $_tmp)