<clever>
pie_: haskellPackages does self.callPackage ./foo { bar = pkgs.bar; };
<pie_>
makes sense i guess
ddellacosta has joined #nixos
mexisme has joined #nixos
v88m has quit [Ping timeout: 268 seconds]
<jackdk>
super.bar, I think, if you want whatever's come out from the previous overlay. pkgs.bar will reach outside the overlay completely?
<clever>
jackdk: but super.bar is the haskell package bar, while pkgs.bar is the nixpkgs bar
<clever>
nixpkgs and hackage have name collisions
<jackdk>
oh yeah that's a bit annoying. The codex repo has that, and stood up one giant nixpkgs overlay with self: super: and then a few haskellPackages overlays inside it with hself: hsuper:
vikanezrimaya has quit [Ping timeout: 252 seconds]
ris has quit [Ping timeout: 260 seconds]
<clacke_movim>
clever: Oh good, that's what I did in racket2nix as well. Glad to see I'm following some mnner of practice.
v88m has joined #nixos
adamantium has joined #nixos
<clacke_movim>
racket packages are a scope where pkgs refers to nixpkgs
kvda has joined #nixos
o1lo01ol1o has joined #nixos
hio has quit [Quit: Connection closed for inactivity]
o1lo01ol1o has quit [Ping timeout: 258 seconds]
akapav has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjoCY
freeman42x has quit [Quit: Leaving]
jluttine has quit [Ping timeout: 252 seconds]
<pie_>
clever,in hindsight i didnt actually think about what you said. i should get some sleep. so thats just the pkgs passed around from nixpkgs? as long as you dont have your own pkgs its fine right? :P
<pie_>
so, yeah, makes sense.
v88m has quit [Ping timeout: 245 seconds]
<pie_>
actually, i suppose that makes my .nixpkgs attribute redundant even now, as long as im using callpackage
dansho has quit [Remote host closed the connection]
jluttine has joined #nixos
<pie_>
Ericson2314, not sure who it would be appropriate to ask but is there any chance we could get some more extended explanation on makeScope and company? or do i just need to look at it harder
<pie_>
clever, uhh well anyway, i think switching to makescope would still leave a lot of my code here as it is
<pie_>
still dont know what to call a (self: {...}) :p
mexisme has joined #nixos
xkapastel has joined #nixos
hlolli_ has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
adamantium has quit [Remote host closed the connection]
hlolli has quit [Ping timeout: 252 seconds]
rprije has quit [Remote host closed the connection]
sb0 has joined #nixos
rprije has joined #nixos
adamantium has joined #nixos
psy3497 has joined #nixos
Rusty1 has joined #nixos
<adamantium>
Hey-- anyone know how to get surf browser to play youtube videos on nixos?
<adamantium>
I tried adding gstreamer and all the gst-good/bad/base/ugly/libav/vaapi plugins and ffmpeg to global installed packages, but surf isn't using them.
dustinm` has joined #nixos
kvda has joined #nixos
ivan has quit [Ping timeout: 245 seconds]
dustinm has quit [Ping timeout: 272 seconds]
ivan has joined #nixos
kvda has quit [Client Quit]
mexisme has quit [Quit: WeeChat 2.5]
Miyu-chan has joined #nixos
Miyu-chan is now known as Guest34382
Miyu-chan has joined #nixos
Guest34382 is now known as Miyu-chan
mexisme has joined #nixos
<PyroLagus>
you might have to override and add them to buildInputs
mthst has quit [Quit: the bouncer died]
<PyroLagus>
but i'm not sure
o1lo01ol1o has joined #nixos
mthst has joined #nixos
kvda has joined #nixos
<day|flip>
webkitgtk should be able to watch video. mmm i wonder how that getting built
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
markus1189 has quit [Ping timeout: 245 seconds]
o1lo01ol1o has quit [Ping timeout: 258 seconds]
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<day|flip>
for me. i used qutebrowser. but i have mpv set to watch video from
<day|flip>
then agian. it able to play video as will. mostly cuz it qt webengine is built off of chromium
tolt has quit [Quit: tolt]
<pie_>
just noticed i might have redundantly reimplemented lib.extends
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<pie_>
i feel like im having haskell moments of "oh..so now that i accidentally reimplemented this myself i know what that does..."
kvda has joined #nixos
kvda has quit [Client Quit]
<pie_>
i do like fixed-points.nix is pretty decent
adamantium has quit [Remote host closed the connection]
<pie_>
or maybe i should say quite good
adamantium has joined #nixos
<pie_>
i just totally failed to project the existing functionality on to what i was trying to do
Lears has joined #nixos
[Leary] has quit [Ping timeout: 245 seconds]
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
ym555 has quit [Read error: Connection reset by peer]
ym555 has joined #nixos
Drakonis has joined #nixos
Havvy has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @worldofpeace pushed 3 commits to master: https://git.io/fjoWJ
o1lo01ol1o has quit [Ping timeout: 252 seconds]
<lordcirth_>
I'm looking at https://nixos.wiki/wiki/NixOS_on_ARM and I'm confused. The armv6 and v7 builds have a broken Nix, the v7 has a replacement image, and v6 doesn't? Do I need to build my own v6 image?
<lordcirth_>
I have a raspi B+
<{^_^}>
[nixpkgs] @kalbasit pushed 2 commits to nixpkgs_bazel_protobuf_darwin: https://git.io/fjoWI
<{^_^}>
[nixpkgs] @kalbasit pushed 0 commits to nixpkgs_bazel_protobuf_darwin: https://git.io/fjoWt
kvda has joined #nixos
adamantium has quit [Remote host closed the connection]
adamantium has joined #nixos
<{^_^}>
[nixpkgs] @kalbasit opened pull request #63879 → Nixpkgs bazel protobuf darwin → https://git.io/fjoWm
adamantium has quit [Remote host closed the connection]
<fasd>
I just ran nixos-rebuild --upgrade and everything is being redownloaded and rebuilt. Any ideas what would cause this?
<clever>
fasd: thats what --upgrade does
<fasd>
it's never done this before. it usually just rebuilds packages that changed
cjpbirkbeck has joined #nixos
npmccallum has quit [Quit: npmccallum]
<samueldr>
lordcirth_: the page should probably be amended to say that those images are way outdated, and haven't been maintained since last year :/
<lordcirth_>
fasd, maybe libc got bumped and everything changed slightly?
<lordcirth_>
samueldr, ok. If I try building my own, would you expect it to work?
<samueldr>
your own what? :)
<samueldr>
images, yes
<samueldr>
you can even bootstrap yourself using cross-compilation these days
<{^_^}>
#56285 (by cleverca22, 17 weeks ago, open): python ctypes extension fails to build due to purity issues
<clever>
there is also a different ASM problem here
<samueldr>
the build system uses a gcc that outputs armv6, that's fine, but some speed optimization detects the cpu as armv7, that enables some options, uses ASM inline and outputs a non-working binary
<clever>
libffi detects a 64bit cpu, generates 64bit ASM, then the v6/v7 gcc goes "wut" and errors out
<samueldr>
and only non-working when execing on armv6!
<clever>
so, the build should have failed! (and does for pkgs.libffi)
<clever>
but, the python build scripts treat a failure to build libffi as soft, and just disable ffi support for you
<samueldr>
that's why I tend to err to the side of caution and say "building for a previous ARM on a latter ARM is scary"
<samueldr>
even cortex-Axx seems to be an isssue :(
<clever>
kexec-tools also has the same issue, but correctly fails, rather then producing poisoned builds
<samueldr>
preperly failing is good
<samueldr>
properly*
<clever>
openssl (at least years ago) produced a poisoned build, like python does now
<samueldr>
yes
acarrico has quit [Ping timeout: 258 seconds]
<samueldr>
and, to a lesser extent, we have the same family of issues in x86_64 where some optimizations might be built into a library, surreptitiously, not good for reproducible builds
<samueldr>
depending on whether ot built on new or old, it will produce different binaries
<clever>
yeah
<samueldr>
and dependents on it might not execute on older machines when the library is built on newer
<samueldr>
and apparently it's not yet a concern to the reproducible builds org :/
<clever>
ive discovered sse4 features in some stuff iohk ships
<samueldr>
and, unverified, kvm is not enough to test those AFAICT
<samueldr>
you would need full blown proper emulation, or good ol' hardware
<clever>
i was initially using qemu-system to debug the sse4 problem
stepcut has quit [Ping timeout: 252 seconds]
<clever>
because qemu by default emulates the oldest 64bit capable cpu (which lacks sse4)
<clever>
but, i then switched to using qemu-user-x86_64, to emulate 64bit (in userland) on 64bit, lol
<samueldr>
:)
<clever>
which simulated the lack of sse4
<samueldr>
qemu-user without hw accel I figure
<clever>
yeah, qemu-user always lacks hw accel
<clever>
because its meant to be used for foreign arches
<clever>
but it happens to support emulating the host arch with zero trouble, lol
<clever>
ive also done silly things like emulate x86 on an rpi
<lordcirth_>
clever, how fast did that run? XD
<samueldr>
not that silly
<clever>
lordcirth_: i was trying to run teamspeak, but it segfaulted within pulseaudio
<clever>
and gdb was heavily confused by the arch mix
<clever>
so it was imposible to debug
<clever>
it was an emulated segfault, within the x86 side, but i think it produced an arm core file
<clever>
and then i need to convince the x86 gdb to open a core dump from arm
<lordcirth_>
samueldr, so I need to change branches in the nixpkgs repo to unstable?
<romildo>
It seems that $out (describing the destination dir for a package in a derivation) does not work inside `substituteAll`. Instead it seems to denote the file generated by substituteAll. Is that expected?
<samueldr>
I *think* the manual partitioning step is now unneeded with the recent changes
<clever>
the rpi has usb 3.0, proper gigabit ethernet, usb-c power/gadget, and with some uber-hacking, you could maybe get pci-e out of it
<samueldr>
though yeah, maybe the kernel is an issue :/
<clever>
the new 4 model
<samueldr>
clever: not usb PD, just standard 3A usb dumb power
<lordcirth_>
The RockPro64 + NAS case can handle 2 SATA 2.5 or 3.5 drives.
<clever>
samueldr: i was told that the PD_SENSE pin is wired up, to signal to the charger what its demands are
<samueldr>
wired for the dumb 3A
<day|flip>
can pinebook pro work on nixos arm?
romildo has quit [Quit: Leaving]
<samueldr>
day|flip: when the thing will be released, it's plausible
<day|flip>
ahh
<day|flip>
still not out?
<samueldr>
last I heard end of september start of october or something around there
<samueldr>
I may try to get in the first batch, will see how it goes
<day|flip>
i thought about getting a snapdragon 8xc laptop. when ever they come out.
<{^_^}>
[nixpkgs] @orivej-nixos pushed 2 commits to master: https://git.io/fjoW5
<samueldr>
not sure about the 8xc ones, but the other ones form lenovo and asus are... apparently painful
<samueldr>
(been keeping an eye on progress0
<samueldr>
hopefully the 8xc ones are more open, but the current ones have no hw virtualisation enabled :/
<day|flip>
so snapdragon arm cpu are hard to port to arm64? sorry i don't know these thing
<samueldr>
it's likely more the integrated machine, and not the SoC itself
<samueldr>
after all, they are meant for windows
<samueldr>
and they cut a bunch of corners
<samueldr>
x86_64 has standardisation that makes the corner cutting harder to pull off
<clever>
in the rpi4 announcement, they mentioned they are sticking to videocore4 (the 3d core) because its the "most open" in the arm market
<samueldr>
it's... likely true, because they paid an engineer to document it and all that
<clever>
and yeah, i have read a lot of the docs on the 3d side of things, but the firmware is still closed on the rpi, and the hw video decode stuff is fully closed, so i wonder what else there is, that could possibly compete
<samueldr>
but a bit misleading :/
<samueldr>
my thoughts: some AMD embedded gpu in an ARM SoC
<clever>
ive even been crazy enough to write my own opengl driver, from scratch, right down to probing the IO ports in the 3d core :P
<lordcirth_>
o_O
<clever>
samueldr: one min...
<samueldr>
which... some people think might happen (AMD arm chips) again
o1lo01ol1o has joined #nixos
<samueldr>
their latest presentation IIRC had some weird phrasing around x86 cpu
<Miyu-chan>
RPi4 on the road to being a general purpose computer IMO
<clever>
`program the Base Address Registers (commonly called BARs) to inform`
<clever>
looks like your right
<Miyu-chan>
Oh cool, I was a bit close.
<Miyu-chan>
This is blowing my mind TBH.
<clever>
[root@amd-nixos:~]# lspci -vv
wfranzini has quit [Remote host closed the connection]
<clever>
look for the `Region 0: ` parts
<clever>
i believe those are the BAR's
<Miyu-chan>
Wait. The conventional way to talk with PCI-e devices is MMIO, right?
wfranzini has joined #nixos
<Miyu-chan>
Or am I mixing things up?
<clever>
depends on the device
<clever>
my 1st sata controller has 6 regions, 5 of them are IO (of varying sizes) and one is 1024 bytes of "ram"
<clever>
the IO use the special in/out opcodes in the cpu, while the "ram" is just a normal physical address you can read/write from
Wharncliffe has quit [Ping timeout: 245 seconds]
<clever>
the 1st usb controller i see, only has 4kb of "ram" and no "io" at all (likely all memory mapped io)
<clever>
next usb device only has 256 bytes of "ram"
<Miyu-chan>
Wait. Port I/O is still a thing!?
<Miyu-chan>
I'm sorry lmao. I'm relearning a lot of things
<clever>
yeah, io ports still exist, lol
<clever>
my sound card has 16kb of "ram" and no "io"
<Shados>
clever: PCI lanes being split between sockets in dual-socket server boards is pretty common. In cases where you really need to eke out every last drop of network performance, it means you need to bind both your NIC IRQ kthreads and your userspace network code to the same socket as the NIC(s) they're working with, or you get hit by what are basically NUMA latencies :P
<clever>
Shados: yeah, thats what i was guessing
<clever>
Region 0: Memory at c0000000 (64-bit, prefetchable) [size=256M]
day|flip has quit [Remote host closed the connection]
<clever>
Miyu-chan: my GPU, has a whole 256mb chunk of the address space (but i think it has 16g of gpu ram)
<Shados>
Usually doesn't matter, but once you start working with 10G+ of throughput (or you have 10G cards and want to minimise latency) it is an issue
<clever>
i highly suspect there is memory mapping going on, so you can configure the gpu to map portions of that 256mb window, to portions of the gpu ram
<Miyu-chan>
clever: I guess that's for CPU/GPU communication.
<clever>
and then just use a dumb memcpy to upload textures
<Miyu-chan>
On that topic. There's this idea of using your GPU as a swap drive.xdd
<clever>
and it has such a large chunk of the address space, so you can copy a large chunk at once
<Miyu-chan>
I should try it out sometime, since I have a GPU now.
<clever>
ive done exactly that, back when my entire gpu ram fit within a single BAR
<Miyu-chan>
Warning: This will not work with binary drivers. :(
<clever>
i used lspci to find the phys addr, and then configured MTD to just treat that region as a block device
<clever>
i also had fun just dd'ing to different offsets, and watching the screen to see what corrupted what
<clever>
to learn which regions i shouldnt touch :P
<clever>
but when you have 16g of video ram, and only a 256mb window into it, there must be some mapping going on, and you must understand that, or it will screw you over
<clever>
Miyu-chan: and i havent even touched on DMA yet :P
<clever>
Miyu-chan: in the legacy pci days, bus master means the pci device could drive the addr lines on its own, and directly read ram without having to involve the cpu
<Miyu-chan>
On another topic. DMA still exists!?
<clever>
reversing the master/slave setup
<Miyu-chan>
Less jokingly though.
<Miyu-chan>
Is DMA still used between system memory?
<clever>
but in modern pcie, all pcie devices are wired directly to the cpu
<Miyu-chan>
I know that DMA is used between system memory and PCI-e devices
<clever>
so the pcie device must ask the cpu to fetch something from ram (but it still bypasses the opcode execution system)
<Miyu-chan>
Hm.
<Miyu-chan>
Wait. So from what I understand, can't you do an attack with that?
<clever>
Miyu-chan: the typical CPU will just blindly obey the attack
<clever>
but there is iommu, where you can configure a memory mapping on a per-slot basis
<Miyu-chan>
Flash a vBIOS from http://totallylegitwebsite.tk to your GPU, and your CPU will brick until you remove the GPU?
<clever>
so the cpu will enforce what each card can do
<clever>
Miyu-chan: thats something entirely different, and not really in the scope of iommu
<clever>
in this gist, youll notice my nvme device, has 8 IRQ's, and is firing requests off to all my cores!
<clever>
and never has a given irq hit more then 1 core
<clever>
this is because pcie supports multiple command queues
<clever>
each core, has its own fifo to issue read/write requests
<clever>
and each fifo has its own IRQ to signal when its finished
<clever>
which goes back to the core that initiated the request
<clever>
so you dont get any weird numa problems, like core1 asked for data, then core2 got the reply, and they have to sync their L1 caches up via ram
<clever>
Miyu-chan: and on the subject of vBIOS stuff you mentioned, pcie devices can include a firmware blob, and the specs from legacy bios will just blindly run that firmware on bootup
tmaekawa has quit [Quit: tmaekawa]
<clever>
video cards use that to initialized themselves
<Miyu-chan>
Wait what.
<clever>
raid controllers often use that to show a "press f7 to configure raid" menu
<Miyu-chan>
You're telling me, that a PCI-e device can control your bootup?
<clever>
yes
<clever>
the bios will just blindly run a blob it finds in a pci-e device, if the fields are set right
<clever>
Devices may have an on-board ROM containing executable code for x86 or PA-RISC processors, an Open Firmware driver, or an EFI driver. These are typically necessary for devices used during system startup, before device drivers are loaded by the operating system.
ajirx has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
Miyu-chan: this will read the entire bios, and dump it to a file
<clever>
-rw-r--r-- 1 root root 1.0M Jun 28 04:55 router.bios
<clever>
in the case of my router, its only 1mb
cjpbirkbeck has quit [Quit: Quitting now.]
<clever>
sadly, ive only found 1 machine where flashrom has write support, and 2 or 3 with read-only support
<clever>
Miyu-chan: but if you get root on a machine that supports flashrom, you could malware the bios itself
domogled has quit [Quit: domogled]
<clever>
Miyu-chan: and thats part of what secureboot wants to stop you from doing (which also blocks your ability to just run your own firmware)
knupfer has joined #nixos
<clever>
the whole point of secureboot, is to ensure only signed blobs of code are loaded while booting, so you can trust the login prompt when it asks for a pw
<clever>
but if you can reflash the bios, its game over
knupfer has quit [Client Quit]
knupfer has joined #nixos
kandinski has quit [Remote host closed the connection]
kim0 has quit [Quit: Connection closed for inactivity]
xacktm has quit [Ping timeout: 252 seconds]
mexisme has quit [Ping timeout: 246 seconds]
<levdub>
clever: with Packet and other bare metal clouds, wouldn't you expect that the provider re-flashes all the firmwares when a customer releases a machine?
<clever>
levdub: the problem, is that if the reflashing happens by just booting the machine into a special os, it could be booting that inside a hypervisor
<clever>
levdub: which then lies about having reflashed the hardware
<clever>
the only way to be 100% sure, is to either prevent reflashing entirely, or to flash it externally, so the untrusted code is never ran
mkoenig has quit [Remote host closed the connection]
<Miyu-chan>
Back. Was procuring coffee.
<clever>
Miyu-chan: you may now read the horror stories above :P
knupfer has quit [Ping timeout: 264 seconds]
mkoenig has joined #nixos
<Miyu-chan>
clever: I think there's also the problem of people just forgetting that certain attacks can be done.
<Miyu-chan>
I'm not representative of on-site sysadmins, but only today did I know that PCI-e devices can inject their own executables on boot.
<levdub>
clever: Thanks for the insight and thought experiment.
<clever>
Miyu-chan: network cards are also special
<clever>
Miyu-chan: in the old days, you could program a rom, shove it into a socket on your NIC, and then configure the bios to network boot, and it will just run whatever is on the rom
<clever>
Miyu-chan: but modern systems, have pxe booting built into the bios, and the NIC's that do have "roms" tend to have flash memory, which is where https://ipxe.org/howto/romburning comes in
wfranzini has quit [Ping timeout: 258 seconds]
asheshambasta has joined #nixos
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mexisme has joined #nixos
ym555 has quit [Read error: Connection reset by peer]
palo1 has joined #nixos
asheshambasta has quit [Ping timeout: 252 seconds]
vmandela has joined #nixos
<Miyu-chan>
clever: I was going to say that I could see that being used instead of flash drives back then, but then I remembered CDs existed.
<clever>
one site lists it as 0x55 0xaa, which i assumed was 55aa
<clever>
but the other lists it as a 16 bit field, of aa55
<clever>
Miyu-chan: offset 03h is the main one, `Entry point for INIT function. Power-On Self-Test (POST)does a FAR CALL to this location`
<clever>
the bios will just call whatever function happens to be there, on bootup
<clever>
and expects the function to return control back to the bios, eventually
<clever>
and further down, you have the code type, x86, open firmware, efi, ...
<clever>
i'm guessing if you want to support 2 options, you need 2 roms, and spend 2 BAR's on it?
<clever>
ah, 2 systems, the old one with just a raw x86 entrypoint, and then a new one with a table that describes all the capabilties and entry point type
<clever>
ahhhh, and you can have multiple "pci data structures" in a single rom, each with its own "code type"!
mexisme has quit [Ping timeout: 252 seconds]
xacktm has joined #nixos
<makefu>
,locate dhcpd
<{^_^}>
Found in packages: dhcp, plan9port, vimPlugins.caw
<clever>
bind creates a user called `named` and thats the only real problem i can forsee
mexisme has joined #nixos
<clever>
line 187 and 195 will tell bind to lookup `named` in `/etc/passwd` at runtime, and drop-root at the right times
<clever>
shouldnt care what the uid is
<clever>
191 will also ensure `named` owns the state dir
<clever>
and 28/29 tells it to use that dir
<clever>
makefu: only thing missing, is to add named-checkconf into the mix, replace the ${cfg.configFile} on 195, with the result of `runCommand "named.conf-checked" { buildInputs = [ bind ]; } ''cp ${cfg.configFile} $out ; named-checkconf $out''`
<clever>
makefu: which will just copy the cfg, and assert that its valid
sb0 has quit [Quit: Leaving]
<makefu>
i will have to figure out what to do with all the hardcoded paths in the current config ... but besides that it looks fine
oxa has quit [Quit: Leaving]
o1lo01ol1o has joined #nixos
<clever>
makefu: if you use nix-copy-closure (and have nix on the legacy machine), those hard-coded paths will exist
<makefu>
ah sure
<Shados>
clever: Your convo reminded me that the rasbpi actually does boot from its GPU, which then initialises the CPU. Nothing to do with UEFI or PCI, though.
<clever>
or just `nix-store -r /nix/store/foo` to download it from a configured binary cache
ajirx has quit [Remote host closed the connection]
<clever>
Shados: yep
<{^_^}>
[nixpkgs] @marsam opened pull request #63881 → protobuf3_8: init at 3.8.0 → https://git.io/fjo82
adamantium has quit [Remote host closed the connection]
zupo has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
Tucky has joined #nixos
<kvaster>
Hello. I'm using gentoo as a host system and want to use nixops to deploy to remote nixos hosts. The problem is that I'm using custom kernel settings and it always try to build it on my local host. Is there any way to force remote builder ? (building kernel fails using nix-shell)
zupo has quit [Remote host closed the connection]
sigmundv has joined #nixos
zupo has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
hoijui has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
ThatDocsLady has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
<teto>
kvaster: builds must respect some constraints/features. If you disable these features on your host, you could force building the kernel remotely https://nixos.wiki/wiki/Distributed_build
<teto>
kernel asks for "big-parallel" for instance
kvaster has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
sigmundv has joined #nixos
kvaster has joined #nixos
<aanderse>
Izokin: why is it a problem if all users can see that directory?
<aanderse>
** Izorkin
sb0 has quit [Quit: Leaving]
xkapastel has joined #nixos
hlolli__ has quit [Ping timeout: 272 seconds]
rauno has joined #nixos
rauno has quit [Ping timeout: 250 seconds]
<Izorkin>
aanderse: assumed it would be safer. Or I'm wrong?
zupo has joined #nixos
snow has joined #nixos
zupo has quit [Remote host closed the connection]
zupo has joined #nixos
veske2 has joined #nixos
veske has quit [Ping timeout: 268 seconds]
<snow>
Hi. This may be a bit of a noob question but I want to get it right. https://nixos.wiki/wiki/Full_Disk_Encryption tells you to add the key to sda1 which in this case seems to be the boot/efi partition. But inother guides the boot/efi partition is not encrypted. Also luksAddKey will not work unless i format it with luksFormat first. Anyone know what
<snow>
I am missing here?
orivej has joined #nixos
cfricke has joined #nixos
zupo has quit [Ping timeout: 244 seconds]
<aanderse>
Izorkin: prior to your change the directory was accessible to everyone. I'm pretty sure ownership+permissions on the file take care of it, the way it was
o1lo01ol1o has quit [Remote host closed the connection]
<emilsp>
has anyone tried to compile rust things for android on NixOS? Seems like when I'm using rust-overlay, when constructing a rust derivation that has the appropriate target, the compiler is still using the host's linker.
<nh2>
aminechikhaoui: thanks for fixing the manual (I assume it was you).
<nh2>
and thus aren't clickable -- should that work?
<nh2>
> To never use the local machine set the `max-jobs` nix option to 0
<{^_^}>
error: syntax error, unexpected $undefined, expecting ')', at (string):255:40
o1lo01ol1o has quit [Remote host closed the connection]
simukis_ has joined #nixos
<Izorkin>
aanderse: It is possible to leave the current version? Or change to RuntimeDirectory = "phpfpm";
qubasa has joined #nixos
simukis__ has quit [Ping timeout: 246 seconds]
<nh2>
aminechikhaoui: I spoke too early, there is still some red XML in there, I had just scrolled too far
turion has joined #nixos
<turion>
While I'm working on some custom derivation I forked off github, I'm running into "hash mismatch in fixed-output derivation". But I've grepped through the whole project for the hashes it complains about, and can't find them. `--show-trace` isn't very helpful either. Any hints how I'd go about debugging this?
<turion>
Should I grep through all of my /nix/store for this hash?
snow has joined #nixos
<teto>
what's the equivalent to boot.initrd.network.postCommands but that runs last ? I would like to run "ip link add nlmon0 type nlmon " automatically on each boot
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
palo has quit [Quit: WeeChat 2.4]
palo has joined #nixos
<turion>
I have a dynamically linked executable. When I do `ldd my-executable`, I get a lot of `libfoo.so.1 => not found`. Can I start a nix-shell with the libraries in path and somehow start the executable?
veske2 has quit [Quit: This computer has gone to sleep]
<{^_^}>
[nixpkgs] @NeQuissimus pushed 3 commits to release-19.03: https://git.io/fjoEB
tommyangelo_ has joined #nixos
tommyangelo has quit [Ping timeout: 245 seconds]
fendor has joined #nixos
<aanderse>
Izorkin: i think we should change the directory structure back. das_j has a runtimedirectory PR i believe
<aanderse>
Izorkin: there are also some other issues with the module now
<aanderse>
i haven't had time to extensively test
<Izorkin>
You can write current problems, I'll try to check later
veske2 has joined #nixos
Makaveli7 has quit [Quit: WeeChat 2.5]
o1lo01ol1o has quit [Remote host closed the connection]
<infinisil>
turion: You need to either build it with the correct libraries if you have built it from source, or patch the binary with patchelf if you don't have the source
o1lo01ol1o has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
xkapastel has quit [Quit: Connection closed for inactivity]
hyper_ch2 has quit [Remote host closed the connection]
veske2 has quit [Quit: This computer has gone to sleep]
<aminechikhaoui>
nh2 yes I haven't updated nixos.org with the latest fix, I'll do that in few minutes
hyper_ch2 has joined #nixos
<{^_^}>
[nixpkgs] @vcunat pushed 2 commits to release-19.03: https://git.io/fjozt
ddellacosta has joined #nixos
<infinisil>
turion: it's a hack really
<infinisil>
It gets rid of Nix's reproducibility
hmpffff has joined #nixos
<infinisil>
And it might not always work
<etu>
turion: One should not install libs with nix-env
hyper_ch2 has quit [Remote host closed the connection]
<turion>
Yes, it's just to get started. I wouldn't do this in a PR to nixpkgs.
<manveru>
even then :)
<turion>
infinisil, etu: I basically want to test some program on my machine before I make the effort to integrate it nicely into nixpkgs
<etu>
turion: What's the first line in that file?
<turion>
It's binary
<infinisil>
turion: Check out the flags of patchelf, there are a couple of them that will show you information on the binary, the interpreter one is the one you need
<etu>
turion: ah, makes sense. Got thrown off by it saying bash
<turion>
etu, you're saying it's looking for /bin/bash maybe?
<turion>
Might be
<etu>
nah
<etu>
I don't think it does
<infinisil>
It looks for an interpreter that doesn't exist..
<infinisil>
Just check out what patchelf has to say
<turion>
manveru: Even getting started to write a proper derivation for something like this is still so hard
snow has joined #nixos
<manveru>
turion: sorry, it's just that i usually wish nix-env didn't exist ;)
<gchristensen>
+1
<turion>
manveru: sorry, it's just that I wish how not to use it
<manveru>
for your use-case, nix-shell is the cleanest way i think
simukis__ has joined #nixos
simukis_ has quit [Ping timeout: 244 seconds]
<turion>
manveru, tried it, but where do the libs end up?
<manveru>
in buildInputs
<turion>
I mean, can I repeat the hack I did with nix-env also with nix-shell?
<snow>
Hmm. For Luks if I specify mounting in the normal config, do I have to remove the auto/generated hw-config settings? It seems t otry to mount my root drive twice
<slabity>
Anyone with access think they could take a look at #63339 - It's a pretty simple change that fixes a configuration option: https://github.com/NixOS/nixpkgs/pull/63339
<turion>
infinisil: patchelf --print-interpreter luna-manager says "/lib64/ld-linux-x86-64.so.2". Sounds like a culprit
<betaboon>
i have never ever used nix-env
<aminechikhaoui>
nh2 ok I think the nixops manual should be fixed correctly now
ddellacosta has quit [Ping timeout: 245 seconds]
<manveru>
turion: well, at least it can be made reproducible
<infinisil>
turion: exactly, what other patchefl flag sounds like it could fix this?
<manveru>
turion: because i have no clue what your hack actually does without knowing what's installed on your whole system
<{^_^}>
[nixpkgs] @wmertens pushed to noxlibs-nognome « environment.noXlibs: disable gnome3 for pinentry »: https://git.io/fjozB
<turion>
manveru: For me, without more helpful docs I have to stop after "at least it can be made". I mean, I use nixos for two years now and still can't get a simple installer to run that runs on other linuxes
<{^_^}>
[nixpkgs] @wmertens opened pull request #63896 → environment.noXlibs: disable gnome3 for pinentry → https://git.io/fjozR
<turion>
infinisil: Yeah, --set-interpreter. Do I have to look that up from the store somehow?
<infinisil>
That will never work however long you use nixos, it's just not something you can expect on nixos
<infinisil>
turion: Take a look at examples in nixpkgs that use --set-interpreter
<turion>
So many amazing things work in nixos. Can't I write a script like "run this executable in a chroot and whenever it uses a library in a location that is standard in other distros, add this to the list of dependencies"
<turion>
"...and make a nix derivation out of the whole thing
<turion>
infinisil: Those examples use NIX_CC or something like ${pkgsi686Linux.glibc}, which I suppose is replaced by the store path by nix
<turion>
So how come that when I run ldd luna-manager, it finds some of the libraries and not others?
<Shoubit>
srhb, as in boot with the live cd and do that again?
<turion>
infinisil: Ok :) here my knowledge about dynamic linking ends. Which dynamic linker to use? If I do nix-shell -p foo, what should I write for foo?
<Shoubit>
(as in compile stuff that I know I can get from a binary cache)
leotaku has joined #nixos
<gchristensen>
oh dear, unfortunate to see --ignore-liveness from vcunat there
<turion>
I guess stdenv...
lopsided98_ has quit [Remote host closed the connection]
<betaboon>
turion: have you tried stack2nix ?
lopsided98 has joined #nixos
<turion>
betaboon: No. But to be fair, if I could build the project with stack, I wouldn't bother about nix until I submit a PR
<turion>
Lol. The docs for patchelf say to do "sudo make install" to install it.
<clacke_movim>
turion: Sounds pretty common?
<clacke_movim>
A normal configure make make install package will default to installing in /usr/local
<turion>
clacke_movim: I just find it funny that a tool coming out of the Nix world asks you to do that
hlolli_ has joined #nixos
<turion>
It's as if your vegan friend recommends you a steak house
<clacke_movim>
Hehe
Ariakenom_ has quit [Quit: Leaving]
<clacke_movim>
Still, if non-Nix consumers are supposed to be able to use it, just produce it as a normal meat dish, and then filter the meat when importing to Nix, just like with every other package :-)
<clacke_movim>
But yeah, I do see the humor, just didn't realize patchelf originated with Nix
acarrico has quit [Ping timeout: 258 seconds]
hlolli__ has quit [Ping timeout: 252 seconds]
hoijui has joined #nixos
<clacke_movim>
I always assumed it was preexisting and happened to suit Nix's purposes
<wucke13>
How comes that there is no sdformat that is not broken both in unstable and 19.03?
<samueldr>
hm?
turion has quit [Ping timeout: 258 seconds]
<samueldr>
the most likely answer is "because there is no active maintainer for the package / no one using it"
snow has joined #nixos
<wucke13>
Thats sad. Shall I open a github issue?
<gchristensen>
would you like to maintain it? :)
Tucky has quit [Quit: WeeChat 2.5]
rauno has joined #nixos
erik-4levels has quit [Remote host closed the connection]
<snow>
Wow I am really confused by the boot process. Mdadm seems to have lower prcedence than Luks so it will not mount that. Also, it tries to mount the root partition twice, where once of the times it does not read the key from usb. Any idea what how to deal with these two issues?
<snow>
will not mount a raid-partition *
<wucke13>
gchristensen: Yes and No :D
<snow>
I am able to mount it manually but I see have to do luksOpen first
rauno has quit [Ping timeout: 252 seconds]
<ivan>
snow: doesn't it make sense to have luks on top of mdadm to avoid encrypting twice
hmpffff has quit [Quit: nchrrrr…]
amz3 has joined #nixos
<amz3>
hello nixos community, I would like to know if it is (still?) possible to install and run nix package manager without any superuser rights.
Soo_Slow has joined #nixos
snow has quit [Remote host closed the connection]
snow has joined #nixos
<snow>
I have luks on top of mdadm
<snow>
ivan
<ivan>
amz3: this works on nixos, and on other linuxes if root creates /nix (or you want to compile everything to some other path)
iyzsong has quit [Ping timeout: 276 seconds]
anon has joined #nixos
<{^_^}>
[nixpkgs] @mmahut opened pull request #63898 → guardian-agent: init at 0.7.2-beta → https://git.io/fjo2Q
anon is now known as Guest18984
<amz3>
ivan: yes, I would like to be able to never use root to install and use nix the package manager, on top of another distro. Much like python's pip but that would support the installation of shared libraries .so built from c, c++, prolly others. Everything should happen in user's home directory.
<ivan>
snow: mdadm should assemble the md volumes before the nixos cryptsetup prompt shows up
justbeingglad has quit [Quit: Leaving.]
<ivan>
It works here anyway and I can ssh into dropbear and provide a password
<snow>
ivan: Then I am not sure where the problem lies. Its added under initrd.luksDevices... should the crypto part be configured in fileSystems perhaps?
<ivan>
snow: if you have luks on top of mdadm, the mdadm is autodetected and you just need boot.initrd.luks.devices and then fileSystems using a /dev/mapper/NAME
<ivan>
use /dev/disk/by-uuid/UUID in luks.devices
<snow>
Ivan: Ok, that is pretty much what I am doing. Except I am not doing it by UUID
<ivan>
snow: did you write md0?
orivej has joined #nixos
<snow>
Ivan: I wrote device = "/dev/md0" yeah
<ivan>
snow: yeah, surprise, it's probably md127 after reboot
<snow>
If I ls dev I do see md0
<ivan>
ah maybe something else went wrong then
<snow>
but it may be due to mdadmConf config
<snow>
Ivan: I have this ARRAY string which specifies dev/md0. However, I can mount the drive if I do luksOpen then mount
<snow>
lets try by UUID anyway
<amz3>
ivan: tx!
snow has quit [Remote host closed the connection]
snow has joined #nixos
m0rphism has quit [Ping timeout: 258 seconds]
<{^_^}>
[nix] @aniketd opened pull request #2977 → Fix `http2 = false` having no effect. → https://git.io/fjoa3
selfsymmetric-mu has quit [Remote host closed the connection]
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
v88m has quit [Ping timeout: 245 seconds]
jabranham has joined #nixos
<snow>
Where does nixos keep the startup log btw? I cannot read the error fast enough. :x
<snow>
strange. Says VFS cannot find ext4 filesystem. So I am guessing it is unable to decrypt. When doing cryptsetup -dl="/dev/sde" -l 4096 luksOpen /dev/md0 crypted-raid it says "Failed to open keyfile""
<clever>
snow: what does `blkid /dev/sde` and `blkid /dev/md0` say?
ThatDocsLady_ has quit [Remote host closed the connection]
<snow>
clever: sde does not show up in blkid after dding the key to it
ThatDocsLady_ has joined #nixos
<snow>
While md0 shows the drive and type= crypto_LUKS
<clever>
snow: and what path did you try to mount ext4 from?
m0rphism has quit [Ping timeout: 244 seconds]
<clever>
snow: ah wait, yeah, it looks like its failing to decrypt due to failing to find the key file
<snow>
For the raid /dev/mapper/crypted-raid
<clever>
snow: and that likely doesnt exist yet
<snow>
Well if it fails to decrypt then yeah
<snow>
key is written as raw bytes to the start of the usb memory device
o1lo01ol1o has joined #nixos
<clever>
snow: i'm paranoid and feel it would be more secure to use a keyfile on a normal fs
m0rphism has joined #nixos
<snow>
but then I have to mount it first not? Well there is a vfat tutorial. I could probably use that.
<snow>
Thanks for the directions so far :)
dansho has joined #nixos
m0rphism has quit [Ping timeout: 258 seconds]
ThatDocsLady_ has quit [Quit: Leaving]
wfranzini has quit [Remote host closed the connection]
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
<Dandellion[m]>
so what happens when hydra finishes building all the staging jobs ?
<Dandellion[m]>
there's only one package left ^^
leotaku has quit [Ping timeout: 245 seconds]
Drakonis has joined #nixos
Ariakenom has joined #nixos
alex`` has quit [Ping timeout: 245 seconds]
o1lo01ol1o has quit [Ping timeout: 244 seconds]
fendor has quit [Ping timeout: 268 seconds]
Drakonis has quit [Quit: WeeChat 2.4]
jophish has joined #nixos
o1lo01ol1o has joined #nixos
Jackneill has quit [Remote host closed the connection]
leotaku has joined #nixos
<elvishjerricco>
How do you fix `nix-store: command not found` in an uninteractive shell again?
<elvishjerricco>
Single user install on ubuntu
erasmas has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<elvishjerricco>
Er, rather with `ssh host nix-store --help`
o1lo01ol1o has joined #nixos
rfold has joined #nixos
hoijui has quit [Ping timeout: 245 seconds]
o1lo01ol1o has quit [Ping timeout: 246 seconds]
o1lo01ol1o has joined #nixos
<gentauro>
I'm been using for years a script to update `/etc/hosts` with a list of "know ads services" where each of the know IP addresses is pointed to `0.0.0.0`. It's a very effective (combined with Ad-blockers) to remove a lot of shit on websites ... but how do I do it on NixOS? https://unix.stackexchange.com/a/489511
<gentauro>
it seem a bit "overkill" that I have to update my `/etc/nixos/configuarion.nix` and `nixos-rebuild switch` for that ...
<gentauro>
any ideas on how to do it another way?
<c00w>
gentauro: why is that overkill? I have some custom host entries and I add them via configuration.nix
<c00w>
In general all of nixos is configured from configuration.nix
<gentauro>
c00w: we are talking about `13217` entries
<gentauro>
I mean, I like to maintain my configuration in a `readable` form ...
<c00w>
Ah - got it.
<c00w>
You could make another nixos file called hosts.nix, have your script generate that, then import it from configuration.nix and use it there
<c00w>
That would let you keep your configuration.nix readable
<c00w>
Another option may be to get systemd-resolved to read a second hosts file.
<c00w>
But eyeballing the docs I can't see an easy way to get systemd-resolved to read a second host file.
edwards has joined #nixos
<c00w>
You also could potentially disable nixos generating the hosts file.
<c00w>
enironment.etc."hosts".enable = false; might do the trick.
<gentauro>
How -> c00w> You also could potentially disable nixos generating the hosts file
o1lo01ol1o has quit [Remote host closed the connection]
ravloony has quit [Quit: Leaving]
Soo_Slow has quit [Remote host closed the connection]
<samueldr>
(the options menu option wasn't in the nixops section beforehand)
<gchristensen>
samueldr: I think maybe the website update was a good idea, but needs a bit more thinking
<samueldr>
the issue is with the top navigation, not the front page, so I think only those changes need to be reviewed
<gentauro>
c00w: that worked :)
<gentauro>
well the website almost lost it's purpouse if you can't search for `options` and `packages` ...
<snow>
So I tried making a key file and putting it on an fs instead... but luks still fails to open key file. Like, it WILL not read the file even if it exists it seems
<betaboon>
samueldr gchristensen: the nixops manual mentions installing nixops with nix-env :'(
<snow>
And now none of my other drives show up :x
<lordcirth>
snow, how are you passing LUKS the keyfile?
<samueldr>
gentauro: good think it is still there, looks like you might have gone to the wrong section of the site; and that the main page's menu should be reviewed
<tokudan>
generic question: has someone already written a module to reboot automatically after a kernel upgrade? is it possibly already included in nixpkgs?
<hyper_ch>
tokudan: why?
o1lo01ol1o has quit [Ping timeout: 268 seconds]
<tokudan>
hyper_ch, I'm wondering if it exists, before I write something like that myself
<hyper_ch>
don't know :)
<tokudan>
system.autoUpgrade.enable = true; is nice, but if there's a new kernel, I would expect the system to reboot :)
<Ralith>
why wouldn't you just produce a nix expression instead?
ym555 has joined #nixos
<tokudan>
Ralith, I don't understand your question
<samueldr>
(that was for pie_ I believe)
<tokudan>
ah, ok
snow has joined #nixos
<pie_>
Ralith, i dont actually have a use case yet but its separating data from code and json is more amenable to external tools?
<Ralith>
yep, bouncer lagged for a minute
<infinisil>
tokudan: I don't think such a thing exists yet, but you can probably implement it by comparing /run/current-system/kernel with /run/booted-system/kernel
<tokudan>
infinisil, I know, just wanted to know if someone has already written it
* infinisil
nods
<infinisil>
Well, yeah I don't know of anything like that
ris has joined #nixos
<pie_>
tokudan, while youre at it, please make a windows update style nag screen ;D (im actually serious)
<tokudan>
pie_, not going to happen, as I'm only talking about server here
<pie_>
:p
<Ralith>
pie_: nix expressions are data, though, that's rather the point
<Ralith>
I dunno what external tools you're having trouble with
snow has quit [Ping timeout: 260 seconds]
<pie_>
Ralith, can you parse nix with a given language X?
<cjpbirkbeck>
i'm trying to add a patching to the st, but when i build it nix says it cannot find the patch, i'm not why it cannot find the patch, it is the same directory and i provide the full path
<pie_>
Ralith, or external tooling being able to inspect the state of nixpkgs. of course this is sketchier but i think it might be interesting to think about.
<snow>
After fiddling with the luksDevice setup for some time I see that there is nothing wrong with the key. It just doesn't seem to work for RAID devices. Also, root device still requires passphrase, and all devices are mapped to /dev/mapper except for the raid drive. :/
hoijui has quit [Ping timeout: 245 seconds]
<snow>
I see there is a way to specify encryption in the fileSystems section but there does not seem to be a way to specify keyFileSize
levdub has joined #nixos
alp has quit [Ping timeout: 252 seconds]
domogled has quit [Ping timeout: 245 seconds]
astrofog has joined #nixos
domogled has joined #nixos
<lordcirth>
snow, perhaps it's trying to do the unlock before assembling md0?
levdub has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
<snow>
lordcirth yeah thats also what I was thinking
Guest18984 has quit [Ping timeout: 245 seconds]
<lordcirth>
I know most distros scan for LVM and LUKS multiple times, in order to correctly handle the various orders they can be in
<snow>
well its mdadm-based and I tried both the true and false for preLVM... hmmm
morr has quit [Quit: WeeChat 2.5]
<pie_>
infinisil, updated pr
jbaum98 has joined #nixos
<jbaum98>
Although clang comes with support for address sanitizer (-fsanitize=address), it seems like the gcc packaged in nixpkgs does not. It seems like other distributions package libasan separately, but I also can't find a libasan package on nixpkgs. Is there a way to get -fsanitizea=address working on gcc?
Guest18984 has joined #nixos
karetsu has quit [Quit: WeeChat 2.4]
MichaelRaskin has joined #nixos
<hyper_ch>
snow: what are you trying to accomplish?
<snow>
hyper_ch passwordless decrypt and mount of all the drives using a usb memory device as the key. This includes a Raid10 configured with mdadm. :)
v88m has joined #nixos
<hyper_ch>
why passwordless?
bennofs has joined #nixos
<snow>
Im trying to use a usb device as a TPM
<hyper_ch>
snow: ok
<snow>
pretty much
<lordcirth>
Note that the main point of a TPM is to verify the boot chain, which you're not doing.
<lordcirth>
It's more like a physical key in this case.
<snow>
yeah, youre right. bad analogy
<snow>
but the point being I can remove the key. And if someone gets the device they cannot boot it. And I want to avoid writing the passphrase on boot
<lordcirth>
hyper_ch, for one, you need a keyboard
<lordcirth>
insert usb to server, press power, wait 60s, pull it out. Pretty convenient.
<snow>
nothing really. But physical keys are easier. Especially if GF for some reason have to reboot the server. :x And yeah... I don't want to always have a keyboard hooked up.
<hyper_ch>
lordcirth: you need access to the phys server
<hyper_ch>
I rather prefer remote unlocking
<lordcirth>
Remote is also pretty cool
<snow>
So spin up on ssh thats available on boot?
o1lo01ol1o has quit [Ping timeout: 248 seconds]
<snow>
an
<hyper_ch>
yes
<hyper_ch>
usually dropbear is being used
<snow>
well this device is not available on the public net... but with vpn that would be nice
<hyper_ch>
I used to use it with luks/dm-crypt and now I use it on zfs
sg2002 has quit [Quit: ERC (IRC client for Emacs 26.2)]
o1lo01ol1o has joined #nixos
zupo has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
zupo has quit [Client Quit]
o1lo01ol1o has joined #nixos
karetsu has joined #nixos
Miyu-chan has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Ping timeout: 258 seconds]
ris has quit []
ris has joined #nixos
fragamus has joined #nixos
root2 has joined #nixos
root2 has joined #nixos
root2 has quit [Changing host]
root2 is now known as Miyu-chan
zupo has joined #nixos
astrofog has quit [Remote host closed the connection]
<leex>
Hi, does anyone know what I need to do to get sonic-pi to work? After starting sonic-pi it does nothing for a while and then tells me it cannot connect to the server: Critical error! - Could not boot Sonic Pi Server. Do I need to install the server separately? If yes, what's the server package name?
Edes has joined #nixos
<Edes>
is there any reason why virt-manager won't find my libvirtd hypervisor?
<leex>
bsima: I just read the install package from sonic-pi, tldr you need to install and start jack(d) for it to work :) just need to get it to play on my bluetooth headphones instead of my laptop speakers and I will be happy :D
<bsima>
leex: nice :)
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #63904 → cc-wrapper: use -iframework instead of -F → https://git.io/fjoKg
pheoxy has quit [Quit: Leaving]
qqii has joined #nixos
alp has joined #nixos
justanotheruser has quit [Ping timeout: 244 seconds]
psyanticy has quit [Quit: Connection closed for inactivity]
<aanderse>
Izorkin: can you link me to your phpfpm module too please?
<Izorkin>
I did not understand the question
<cjpbirkbeck>
for applying patches, are there any special rules in writing their paths?
<adisbladis>
cjpbirkbeck: You mean as in patch file names or?
<cjpbirkbeck>
adisbladis: yes, the patch file names
<adisbladis>
cjpbirkbeck: Be descriptive, and for CVEs patches should follow the CVE naming
<adisbladis>
So tools like Vulnix can pick it up
<qqii>
I was installing youtube-dl when I saw a package called youtube-dl-light. Was going to try to find the difference but I don't understand where it's created - the nix expression doesn't seem to have any reference of it?https://nixos.org/nixos/packages.html#youtube-dl
<cjpbirkbeck>
adisbladis:oh, i think you are not understanding me correctly, i just just patching a packing for myself, and i have the patch file read to go.
<clever>
qqii: nix-diff $(nix-instantiate '<nixpkgs>' -A youtube-dl-light) $(nix-instantiate '<nixpkgs>' -A youtube-dl)
<clever>
qqii: one depends on ffmpeg, the other doesnt
<cjpbirkbeck>
it is just that when i trying build, nix says it cannot find the file
shibboleth has joined #nixos
bennofs has quit [Quit: WeeChat 2.3]
<adisbladis>
cjpbirkbeck: What exactly are you trying to do? Can you gist your commands/derivations?
<clever>
qqii: if you search nixpkgs/pkgs/top-level/python-packages.nix for youtube-dl-light, youll see that both packages share the default.nix, but one has an override on 2 params
<qqii>
Is there a go-to-definition like debug environment for nix?
<cjpbirkbeck>
adisbladis: i'm trying to patch the st terminal.
<eacameron>
Where can I find some help getting noria built via nix? It's in Rust
<manveru>
eacameron: probably looking at existing packages in rust will help
o1lo01ol1o has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
snow has joined #nixos
<snow>
Well I got luks with usb to work in the end.... the fileSystem and swap config uses postMountCommands =concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label}. So all I had to do was write "/dev/sde -l 4096" as the keyFile for each of the drives
<snow>
bit of a hack but... maybe I should add the option to the source instead :p
<nh2>
aminechikhaoui or domenkozar[m]: In nixops each machine gets passed in `resources` and `nodes` to observe the entire network. But can `resources` also do this? E.g. is it possible to write a `vresources.ec2SecurityGroups` that collects all the `networking.firewall.allowedTCPPorts` from all machines?
stepcut_ has quit [Ping timeout: 248 seconds]
<adamantium>
Anyone have the nix code needed to specify which extensions to include with a firejail wrapped chromium?
leex has quit [Ping timeout: 248 seconds]
<nh2>
one example in the manual also has `resources.gceTargetPools.backends = { resources, nodes, ...}:`. I'm having trouble figuring out which things are allowed to be a function and which ones not.
wfranzini has quit [Remote host closed the connection]
<clever>
nh2: i think you can do resources.ec2SecurityGroups.foo = { nodes, ... }: ...
<clever>
jasom: this causes services.xserver.enable to spawn a vnc server, and then all of the normal login prompt and session stuff "just works" within that
<jasom>
clever: thanks; I'll play around with that
adamantium has left #nixos ["ERC (IRC client for Emacs 26.2)"]
<aminechikhaoui>
nh2 so there is currently 2 evaluations of the nixops network, the first just for the resources=/=machines then the second is for the machines configuration (basically the nixos config)
<aminechikhaoui>
So taking the output of something produced by an eval of a machine config and using that in a resource such as security groups won't work as far as I know
<aminechikhaoui>
As the eval of the machine isn't available at that point
<nh2>
aminechikhaoui: hmm indeed, I find that for a machine, I can do `= { nodes, ... }: nodes."mynode".config.networking`, but for a resource, `nodes."mynode".config` lacks the .config key. Is that what you're describing?
<{^_^}>
[nixpkgs] @risicle opened pull request #63909 → libvirt: add patches for CVE-2019-10132, CVE-2019-10161, CVE-2019-10166, CVE-2019-10167 & CVE-2019-10168 → https://git.io/fjoiR
<aminechikhaoui>
nh2 yes
<nh2>
aminechikhaoui: that is a shame, do you think it can be fixed? Deriving things like EC2 firewall rules from modules used in a machine would be very handy
levdub has joined #nixos
<clever>
nh2: note, that sshd opens itself in the firewall automatically, but some people want to restrict ssh to certain IP's, at the aws level
mbrgm_ has joined #nixos
mbrgm has quit [Ping timeout: 252 seconds]
mbrgm_ is now known as mbrgm
<nh2>
clever: that sure makes sense, I'm not asking that it'd happen by default, but that I can write an expression to do it
rprije has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<nh2>
also means I can't even inspect `nodes` to generate security groups for all the regions I use in the network with `map`, but instead have to declare them manually