<aveltras>
clever: i was more interested in "cheap" vps like the cheapest from vultr, hetzner, etc
<clever>
ah
<aveltras>
clever: im only doing tests for the moment
<clever>
ive not experimented with the cheaper options much
<aveltras>
i've been infuriated all day by the "web console" of those providers
oborot has quit [Ping timeout: 245 seconds]
<aveltras>
cause you need it to reinstall a custom iso (if not using kexec then) and you can t input basic characters like " or |
oborot has joined #nixos
m0rphism has quit [Ping timeout: 268 seconds]
slack1256 has quit [Read error: Connection reset by peer]
<aveltras>
clever: anyway, your solution seems like the best fit, did you ever have problems with the unstable branch for your servers ?
<clever>
aveltras: nope
virus_dave has quit [Quit: virus_dave]
thc202 has quit [Ping timeout: 245 seconds]
mexisme has joined #nixos
<aveltras>
clever: would the generation of the tarball work with nix installed on a random linux and nixos/unstable added manually ? cause right now i have really bad connection and can t really afford to upload those 500M
<clever>
aveltras: yeah, it can be done on any machine with nix installed
<clever>
aveltras: you could even do it from the rescue environment
<aveltras>
clever: ok nice
Ridout has joined #nixos
<aveltras>
clever: do you know of any automation of nixos install (except nixops) ? i've been trying to recreate the steps from the nixos manual with the least possible input required from the user (WIP), but there might already by something existing somewhere (https://github.com/aveltras/nixos-install-script/blob/master/install.sh)
b has quit [Ping timeout: 248 seconds]
<clever>
aveltras: justdoit, in the kexec directory
<clever>
aveltras: it defines some options, which you can set in kexec/configuration.nix
<clever>
and it will bake those options into a shell script called justdoit
<clever>
so once you can ssh into the machine, simply run justdoit, and it does it
<adamantium>
clever: while I got you here. Tell me this. Is the bootloader stanza going to work for both my sda and sdb disks? (it's a zfs mirror with the ROOT dataset in a mirror pool)
<adamantium>
Say /dev/sda fails, is that "linux boot manager" entry going to find the system on /dev/sdb ?
<clever>
the efi vars contain the gpt partition uuid for the efi system partition
<clever>
so if that partition is lost, efi cant find the bootloader
<adamantium>
i have efi system partition on both /dev/sda and /dev/sdb
<adamantium>
So I was kind of hoping it would be smart enough to find the system on either disk, and update my ESP files on both disks
<clever>
boot.loader.grub.efiInstallAsRemovable is what i would use in that situation
<clever>
it names the files specially, so it works without efi vars
<clever>
but only grub supports it
<adamantium>
I understand that
<adamantium>
So, you're saying "no" then, systemd-boot doesn't do what i'm asking
<clever>
correct
<adamantium>
thx
<adamantium>
I don't understand why not though, GRUB is more robust in this regard
<clever>
systemd-boot doesnt have very many options
<adamantium>
clever: e.g. a person only needs to set boot.loader.grub.devices for /dev/sda, /dev/sdb, etc and can have the bootloader synced up for every disk in case of failure!
<adamantium>
I can't believe systemd and uefi does not really do this!
<adamantium>
systemd-boot*
<clever>
boot.loader.grub.devices is legacy boot only
<clever>
systemd-boot is efi only
<adamantium>
I understand that.
<adamantium>
I'm just complaining here, that the newer uefi / systemd-boot fails on this point badly
Supersonic has quit [Ping timeout: 252 seconds]
<clever>
efi fails at a lot of things
<adamantium>
Now if GRUB supported zfs better and zfs-encryption, i'd not be stuck with less robust systemd-boot
<clever>
systemd-boot doesnt support zfs
<adamantium>
it's all trade offs
<clever>
any time your doing efi, you must have a vfat ESP, that is in cleartext
<clever>
and then you can put kernels there, and the bootloader wont need to know zfs
<adamantium>
right. well that's what im doing, but with systemd boot
<clever>
grub can do the same thing, with both efi and legacy
<adamantium>
i tried zfs-encryption with grub and broke a system once, but now that I think about it, I did not have /boot on fat32 or other, it was zfs dataset, so of course it failed after i upgraded the FS with properties grub couldn't understand
iyzsong has quit [Ping timeout: 252 seconds]
<clever>
i dont really trust grub's zfs support, so i always make /boot either fat32 or ext4
<adamantium>
Now you got me thinking again
<adamantium>
So i'm doing fat32 /boot and systemd-boot / UEFI
<adamantium>
(with native encryption)
<adamantium>
Would fat32 or ext2 /boot be better with GRUB and zfs-encryption
<clever>
both will work the same
<adamantium>
and legacy boot, installing grub to bios boot partition
<adamantium>
it would allow me to use boot.loader.grub.devices
<clever>
for extra redundancy, you can do both efi and legacy
<adamantium>
LOL
<clever>
if you set both boot.loader.grub.devices and enable efi support, then grub installs both at once
<clever>
so the legacy MBR works, and the efi binaries in the ESP work
Supersonic has joined #nixos
<clever>
then you just need to tell the bios what to boot
<adamantium>
i'd rather legacy with a gpt bios boot partition
<adamantium>
This is all getting too confusing.
<adamantium>
Thanks for giving me something to try and a new idea, though
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjXWM
<oborot>
Ah, looks like something in grub-install failed
<oborot>
Oddly, I can't seem to pipe the output to a txt file for uploading
<clever>
device = "/dev/sda";
<oborot>
But the first thing I can see is a bunch of internal errors
<clever>
oborot: does sda have a bios boot partition?
gagbo has quit [Ping timeout: 245 seconds]
<oborot>
"Internel error: Unreleased memory pool(s) found. You have a memory leak (not released memory pool):"
<oborot>
clever: Yes, /dev/sda1 is the boot partion, /dev/sda2 is the root partiton
gagbo has joined #nixos
<oborot>
The grub install errors are: "Warning: this GPT partition label contains no BIOS Boot Partion; embedding won't be possible".
<oborot>
And:
<clever>
oborot: then you want device = "nodev";
<oborot>
"error: embedding is not possible, but this is required for RAID and LVM install".
<clever>
your trying to configure it to both legacy and efi at the same time
<oborot>
Ohh
<oborot>
Looks like it built this time, but I'm still seeing the memory leak errors
<oborot>
I also see the message "EFI variables are not supported on this system".
<oborot>
Not sure if that's important.
<oborot>
But gonna try a reboot now.
<oborot>
Gah, boot errors...
<clever>
you must boot via efi to configure efi vars
<oborot>
"error: disk `lvm/matrix-rootvol` not found.
<clever>
efiInstallAsRemovable = true; is required if efi vars are not available
<oborot>
"error: disk `lvm/matrix-boot` not found.
<oborot>
I'll try that
* clever
heads off to bed
Rusty1 has quit [Quit: Konversation terminated!]
<oborot>
Thanks for the help
<clever>
yep
rsoeldner has joined #nixos
tmaekawa has joined #nixos
tmaekawa has quit [Client Quit]
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
b has joined #nixos
Ridout has quit [Ping timeout: 245 seconds]
Diagon has joined #nixos
Diagon has quit [Remote host closed the connection]
adamantium has joined #nixos
schneid3306 has quit [Quit: ZZZzzz…]
<adamantium>
new install ... systemd-timesyncd.service loaded failed failed Network Time Synchronization every time on unstable. Anything I can try to fix this?
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjX89
rauno has joined #nixos
gagbo has joined #nixos
_ris has joined #nixos
Thra11 has joined #nixos
lejonet has joined #nixos
rauno has quit [Ping timeout: 252 seconds]
fendor has joined #nixos
NfixEstrada[m] has joined #nixos
<aveltras>
i'm currently logged in as root on a debian install, "nix-channel --list" returns "nixos https://nixos.org/channels/nixos-unstable". What's the correct syntax to use this channel for a command like "nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4" ? Right now, this errors with "error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH
<aveltras>
or -I)"
orivej has quit [Ping timeout: 244 seconds]
rauno has joined #nixos
<NfixEstrada[m]>
Hello! I'm trying to package https://github.com/LINBIT/linstor-server/, but there's an issue. The building phase needs to modify the source. How should I handle this? (It generates some files)
fendor has quit [Ping timeout: 268 seconds]
<sphalerite>
My laptop doesn't seem to want to output 4K via HDMI to my external monitor, but displayport works fine. A different laptop, running windows, has no problem outputting 4k to it through HDMI. Is this a hardware limitation, or driver/config issue?
<yorick>
sphalerite: you need hdmi 2.0 to output 4K via HDMI on 60fps
<yorick>
sphalerite: it's possible/likely that this is a hardware limitation, yes
<yorick>
(especially since it works with DP)
<alexarice[m]>
is there a way to take the expression that builds a package and get a nix-shell which I can use to build it in
<yorick>
alexarice[m]: nix-shell does that, yes
<sphalerite>
yorick: I don't even mind if it's not 60Hz, is there a way to make it work at less if it's not HDMI 2.0?
<yorick>
alexarice[m]: if you have the derivation, do nix-shell /nix/store/arstdhneio.drv
<alexarice[m]>
yorick: I tried though it doesn't seem to pass through the qtbase dependency
<yorick>
sphalerite: if that's supported then it should be in your output options
<ar>
Miyu-chan: more neutral: wps works by making your wpa2 psk wifi crackable in, at most, 11000 attempts
<Miyu-chan>
Also, that should be handled by wpa_supplicant, but I don't know how to test it.
<aanderse>
scenario: at your in-laws house. they are in their 70s. you ask for the Wi-Fi password. your father in law gives you a confused look. you realize how screwed you are because you're in a country where you don't speak the language so calling the ISP is out of the question.
<ar>
(the code is 8 digits, but the first 4 are checked separately from the second 4, and the last digit is actually a checksum → 11000 possible combinations)
<aanderse>
then you realize: the router has WPS! you're saved.
<yorick>
ar: how about the variant with the button
<yorick>
ar: I agree that the code is dumb
<yorick>
ar: but the one where you pair by pressing the button
rfold has joined #nixos
<Miyu-chan>
Is the variant with a button just basically proof of physical access of device?
<__monty__>
aanderse: OR, since you have physical access, you just plug in an ethernet cable?
<Miyu-chan>
s/of /to /
<yorick>
__monty__: oh yes, let me grab my trusty ethernet dongle
<Miyu-chan>
Who brings ethernet cables around lmao
<__monty__>
It's already dongle-city anyway.
<aanderse>
__monty__: not a viable 7 week solution
<Miyu-chan>
OTOH, I actually used to, because my university has unprotected scattered ethernet jacks around.
<yorick>
ar: having the button means you can make the key more complicated since you won't have to be able to explain it to people
<yorick>
"okay so it's backtick, balloon emoji, A a a, lowercase 3"
<__monty__>
aanderse: Non ISP-managed routers usually let you into the setup when you're connected over ethernet.
<Miyu-chan>
Also, "7 week solution"?
<yorick>
"now a sanskrit phrase:"
<aanderse>
__monty__: my in-laws are 72 and know almost nothing about computers. everything about their internet is managed by ISP
<Miyu-chan>
Anyways, I see the use-case.
<yorick>
__monty__: usually the wifi key is printed on the thing, so that'd be equivalent security to the button pairing
<aanderse>
Miyu-chan: my in-laws live in Tokyo which is quite the trek... so when we go we make it count :-)
<yorick>
Miyu-chan: I usually use wpa_gui but it keeps disabling all my networks
<Miyu-chan>
OTOH, based on what I understand, I won't be supporting it, but patches are welcome! :P
<Miyu-chan>
Anyways. The WPS with the code makes me just feel weird. Because from what I understand, that's not changeable?
<Miyu-chan>
So once you have physical access *just once* you're forever connected to it.
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<yorick>
yes please stop thinking about the code
<Miyu-chan>
Unless (a) you disable WPS, or (b) you generate a new code. But from what I understand, that will reset itself on factory reset.
<__monty__>
yorick: No? You can and should change the passphrase.
<Miyu-chan>
Anyways, I can see it being useful though. Its security model is basically "as if you have an ethernet cable to it"
<Miyu-chan>
So useful for things like setting it up without an ethernet cable ready, I guess.
<__monty__>
aanderse: Then there's always factory reset + google. I'm just saying you don't *need* WPS. You pay for convenience with insecurity. I'm not saying you're not allowed to make that trade-off.
<Miyu-chan>
I personally won't be using this, but thanks for informing me about this.
<Miyu-chan>
I was always curious what that was lol. My parents' Windows machines as for WPS first, and I just skip that lol
<aanderse>
__monty__: understood. just playing devils advocate mentioning that sometimes people aregenerally in a bind and need it
<yorick>
__monty__: can you please confirm that you understand that I am not talking about code-based wps, but about button-based wps
<yorick>
__monty__: where the WPA key is transfered *once* based on pressing a button on the AP
<__monty__>
Miyu-chan: One difference is that "Hey, I'm your ISP, gonna need you to push the big button on your router. Okay, thanks. Your internet should be fully functioning again." Is a much easier social engineering scenario than. "I'm gonna need you to factory reset your router and tell me the brand."
<__monty__>
yorick: I do, code-based WPS isn't even worth talking about.
<Miyu-chan>
lol, that actually sounds funny.
knupfer has quit [Ping timeout: 252 seconds]
<yorick>
__monty__: thanks! but why is everyone talking about the security of the code then?
<Miyu-chan>
I guess a buildingmate could do that
MmeQuignon has quit [Ping timeout: 245 seconds]
lejonet has joined #nixos
<__monty__>
yorick: From my perspective the insecurity of the code was fairly quickly dealt with.
shomodj has joined #nixos
MmeQuignon has joined #nixos
<yorick>
__monty__: the security properties of the button are way different, since it's not bruteforcable
<__monty__>
Yep, still don't like it.
<Miyu-chan>
Yeah, I can see why.
<Miyu-chan>
A more Nix topic.
<Miyu-chan>
`with types; fooOf bar` or `types.fooOf types.bar`
is_null has joined #nixos
_ris has quit []
_ris has joined #nixos
shomodj has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<__monty__>
I'm thinking of packaging an electron app. They provide a linux deb and mac os .pkg, should I fetch and install these or translate the build process from yarn to nix?
<clever>
__monty__: i generally prefer building from src
<aveltras>
am i supposed to put the whole hardware configuration in the nixops file ?
<clever>
aveltras: yes
<clever>
aveltras: and anything needed to make it boot and get network
npmccallum has joined #nixos
<aveltras>
clever: ok, i see, i'll then loose the whole configuration being on the server right now, right ?
<aveltras>
clever: will this reset root password ?
<clever>
aveltras: depends on if you have mutable users enabled or not in the config nixops deploys
<clever>
its on by default, so passwords will persist
<clever>
but any non-default users will be removed automatically
fendor has quit [Ping timeout: 245 seconds]
<aveltras>
clever: is nixops supposed to always use root ssh login to deploy ? right now i have set up my public ssh key on the server on purpose, but it doesn't use that
gagbo has quit [Ping timeout: 258 seconds]
<clever>
nixops will generate its own keypair for root ssh, but it will need a password or ssh-agent to get in the first time
<aveltras>
clever: ok, is it a problem if, say, my laptop crash, all nixops local config is lost
gagbo has joined #nixos
<aveltras>
clever: will i still be able to deploy again by reconfiguring nixops as if it was first deploy ?
<clever>
for the none backend, yep
<clever>
just re-run nixops create on the same nix files, and you can deploy
<aveltras>
i saw on a github repo that some people put nixops config files directly in the project (by changing an env variable), is it something you'd advice for ?
<aveltras>
and all that in version control
<clever>
i would just keep a single copy of the nixops state file on a central-ish machine
<clever>
note that the state file contains an ssh private key with root access
<aveltras>
ye ok, i guess i'll keep nixops running the conventional way then :p
<aveltras>
thanks again for your input
<aveltras>
your kexec method from yesterday ran nicely on hetzner from debian to nixos :)
<clever>
:D
<aveltras>
just wondering
<aveltras>
do you store those generated images somewhere ?
<aveltras>
on the internet i mean
<clever>
not currently
<clever>
but that should be possible
<clever>
its already setup to get an ssh key at start time
<aveltras>
cause i didn't follow your whole method "justdoit executable", so the generated image wasn't really server specific, then it seems to be wasteful to generate it each time for different servers
<clever>
if you create /ssh_pubkey before you /kexec_nixos, it will be copied into the image, and added to /root/.ssh/authorized_keys
<clever>
that saves each user from having to generate a unique image for their keypair
init_6 has quit [Read error: Connection reset by peer]
max__ has joined #nixos
max__ is now known as blablablablamax
<blablablablamax>
ciao
<blablablablamax>
I have a Nix module that depends on environment.sessionVariables.SSL_CERT_FILE being set to something reasonable. What’s the correct way to do that?
<blablablablamax>
I now have environment.sessionVariables.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; but that seems... hardcoded.
<infinisil>
blablablablamax: Why don't you just use "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" in your module directly?
samrose has joined #nixos
<blablablablamax>
infinisil: because the path /etc/ssl/certs tends to change?
<Miyu-chan>
infinisil: How do I show the definition of random?
<Miyu-chan>
On the IRC bot.
<infinisil>
blablablablamax: Packages don't really change their contents, so you can really rely on that file existing in the future as well
<infinisil>
> :v random
<{^_^}>
random = fnv1a32 builtins.currentTime
<infinisil>
Miyu-chan: ^
<Miyu-chan>
Thanks!
init_6 has joined #nixos
<blablablablamax>
infinisil: I just had to change it from /etc/ca-bundle.crt to the new path to make things work...
init_6 has quit [Client Quit]
<infinisil>
Ah darn, that's not very good
<Miyu-chan>
Eep. What would cause <unknown-file> in options._definedNames?
<Miyu-chan>
I basically did `toString (lib.filter f options._definedNames)`
<clever>
Miyu-chan: things like imports = [ { module } ];
<infinisil>
blablablablamax: When did the path to that change?
<Miyu-chan>
FWIW, it doesn't appear on 'nix repl <nixpkgs/nixos>'
<infinisil>
blablablablamax: In nixpkgs a lot of things are referencing the /etc/ssl/certs/ca-bundle.crt path, so that should really stay like that
Soo_Slow has joined #nixos
<infinisil>
Otherwise a lot of things would break
<chreekat>
I'm extending haskellPackages and overriding some attrs with callHackageDirect. After doing that once, I changed the sha256 and reran nix-shell, and nothing changed. Shouldn't I have gotten some sort of error? (I used the sha256 from a different package, so it's a valid sha - just the wrong one.)
<das_j>
Is it possible that the reproduce script produces different outputs than the hydra itself? One build failed for me, so I reproduced it locally (which worked), but the path that failed on the Hydra doesn't exist on my machine
<clever>
,tofu chreekat
<{^_^}>
chreekat: To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<clever>
chreekat: if you use the hash of a random thing, it will give you that random thing, not an error about an incorrect hash
o1lo01ol1o has quit [Remote host closed the connection]
<chreekat>
clever: is there an issue about that? Or an explanation of why it might be considered a "feature"? It is rather surprising
o1lo01ol1o has joined #nixos
<infinisil>
blablablablamax: Well, I checked back to the 15.09 release, it's always been ${cacert}/etc/ssl/certs/ca-bundle.crt back to then
<blablablablamax>
hmm weird, maybe a fluke on my side
<clever>
chreekat: it will compute the /nix/store/foo of a fixed-output drv, based on the sha256 and name
<blablablablamax>
but I guess that answers my original question whether its a good idea to use that path hardcoded. Thanks!
<clever>
chreekat: often the name is just "source", so if you give it a sha256 that exists in /nix/store, it just uses that path, and doesnt download it
<Miyu-chan>
I guess I'll just filter out "<unknown-file>" quick fix
<chreekat>
clever: could these higher-level functions somehow inspect some intermediate result and provide friendlier errors (i.e., any error whatsoever?
<clever>
chreekat: fairly difficult to do that
<__monty__>
> platforms.all
<{^_^}>
attribute 'all' missing, at (string):255:1
<aveltras>
does anyone have a weechat configuration example ? with whole weechat config defined in the nix configuration ?
<chreekat>
The sha256 passed to callHackageDirect doesn't show up in /nix/store/* anywhere
<chreekat>
at least, nowhere that also has the haskell package's name in the filename
<chreekat>
and not as /nix/store/<sha>...
<infinisil>
The sha256 isn't the same as the store path
<infinisil>
chreekat: What's the problem right now?
gagbo has quit [Ping timeout: 245 seconds]
<chreekat>
infinisil: I'm trying to find out if there's a way we can make callHackage{,Direct} give an error if you specify the wrong sha256. It will silently do nothing if you give it the sha for some other package (presumably any package at all? I don't know)
elux has joined #nixos
<elux>
hi there
alex`` has quit [Ping timeout: 272 seconds]
<infinisil>
chreekat: Hm, you mean that it should detect when it's not a haskell package?
gagbo has joined #nixos
<elux>
im trying to remap some of my keys on my keyboard, speciically: 1.) swap left alt/win keys 2.) then remap the win key to ctrl 3.) map printscreen to super --- I've accomplished this with xmodmap just fine, which works on my laptop, but when using an external usb keyboard it doesn't translate.
alp has quit [Ping timeout: 252 seconds]
<chreekat>
infinisil: It seems it should detect when you've gotten the wrong sha256 for the given pkg/ver. My original problem was that I tried to do tofu by copy/pasting the sha256 line from another package, which silently did nothing at all.
<elux>
so I then tried setxkbmap -option, but, it was limited to what seemed like pre-enumerated options, and i couldn't remap anything custom, like setxkbmap -option "prtsc:hyper" for example...
<chreekat>
Or perhaps silently used some other package, according to what clever said
alex`` has joined #nixos
<simpson>
elux: Your external keyboard may have different keycodes; you will need to use xev or similar to rediscover the correct codes.
<infinisil>
chreekat: Ah, so it could perhaps check the .cabal file to see if the pkg and ver matches what you specified
<infinisil>
That might be possible yeah
<elux>
simpson: i see, thats helpful, ill check. but i think xmodmap won't apply the mod to newly plugged in keyboards
<elux>
what about using `setkeycodes` + udev..? which is at kernel level..? i figure this would be even more reliable
<simpson>
elux: xmodmap WFM on an external USB keyboard right now.
<chreekat>
ah, neat. Although parsing cabal files from Nix sounds treacherous. I assume the package source gets downloaded into the store somewhere, right? Can we do anything with the path it gets downloaded to?
<simpson>
I would *not* endorse altering your mapping at the kernel level merely to rearrange your modifier keys.
<elux>
what is "WFM"
<{^_^}>
[nixpkgs] @orivej-nixos pushed commit from @orivej to release-19.03 « dmenu: fix crash with XMODIFIERS »: https://git.io/fjX06
<simpson>
elux: "Works For Me". I'm on a USB Bluetooth keyboard right now, with my modifiers remapped so that I can have a Compose key.
<elux>
nice. thanks. i think one nuance is that im on a laptop, and adding usb keyboard it detects too, so didnt seem to apply the mod when i plugged it in after..?
fusion809 has quit [Remote host closed the connection]
<simpson>
Correct, you must re-xmodmap every time you plug in the keyboard.
<elux>
wouldnt that screen things up tho? is is there a xmodmap reset command, since i'd be mapping over a mapping?
<simpson>
Is that how xmodmap works? I'm not sure.
stepcut has joined #nixos
turion has quit [Ping timeout: 264 seconds]
stepcut_ has quit [Ping timeout: 244 seconds]
stepcut_ has joined #nixos
<infinisil>
chreekat: You could append to callHackageDirect's postFetch
<infinisil>
chreekat: And do some cabal parsing with some tool there
stepcut has quit [Ping timeout: 268 seconds]
<chreekat>
infinisil: I forgot to ping you on my previous message, I had a concern about cabal parsing
<infinisil>
chreekat: Yeah I saw that, but you don't need to use Nix for that
<infinisil>
You can use any tool you like in postFetch
nschoe has quit [Quit: Program. Terminated.]
gagbo has quit [Ping timeout: 245 seconds]
<chreekat>
elux: it'll probably work. I re-load my config every time i re-plug-in my usb keyboard. I mean, maybe the moon has always just been in the right phase, hard to tell with xkeyboard
<chreekat>
elux: dbus could probably be used to reload it automatically, but i haven't gotten there yet
<chreekat>
infinisil: i'm not sure what tool if any *would* work. ^^' So is it not possible to figure it out from a store path, though?
gagbo has joined #nixos
<Miyu-chan>
Is nixos-generate-config not luks aware?
<clever>
Miyu-chan: i think that depends on if your mixing luks and lvm
<yorick>
Miyu-chan: it is
<Miyu-chan>
Hm.
<elux>
chreekat: thanks i got it to work :) and ive i need to reset, i figured i can run setxkbmap -option "" and it'll reset xmodmap changes
<infinisil>
chreekat: Well, the store path is derived from the name you give in callHackageDirect
<infinisil>
chreekat: So checking it won't give you any more info than you already gave in the function call, it won't actually check the hashes contents
<clever>
Miyu-chan: nixos-generate-config doesnt understand zfs either
<infinisil>
Hm
<infinisil>
I think
<clever>
Miyu-chan: ah, i think i see part of the problem, and its not needed anymore
<Miyu-chan>
Even the classic mounting?
<clever>
Miyu-chan: that guide is saying to create a luks volume, and then put lvm inside of luks, and then put swap+root on lvm
<clever>
Miyu-chan: that was to avoid having 2 passphrase prompts on bootup
<clever>
Miyu-chan: but nixos now remembers the passphrase, so you can just make 2 luks devices, on 2 partitions
<clever>
and skip the lvm
<Miyu-chan>
Right. Is the proper 1<->1 luks<->filesystem?
<Miyu-chan>
Err
<clever>
thats what i prefer
<Miyu-chan>
Yeah, glad that I got my point across lmao.
<infinisil>
chreekat: Ah I'm wrong, the name of the fixed-output derivation is always /nix/store/<some-hash>-source, which comes from pkgs.fetchzip
<Miyu-chan>
I've been at this for the past 3 days, so my brain's a bit mush rn
<Miyu-chan>
clever: That means that my luks patches is actually relevant!
<infinisil>
chreekat: You really would have to check the contents cabal file to have any good error
<Miyu-chan>
I originally created the patches for this project, but I didn't understand the attack vector that well.
<{^_^}>
#53600 (by adrianparvino, 26 weeks ago, open): nixos/modules/system/boot/stage-1.nix: Add support for mounting files encrypted with luks
<Miyu-chan>
clever: Can you give this a quick check? Basically, if we're moving to 1<->1 luks and file systems, then this seems to be the ergonomic way to do it.
iyzsong-x has quit [Ping timeout: 252 seconds]
deech has joined #nixos
<Miyu-chan>
TL;DR: It will check the fstab, and if it has luksTarget as an option, it luksOpens it, then treat it like a normal device.
<clever>
Miyu-chan: bit distracted right now, but remind me to check it in a few hours
<Miyu-chan>
Sure thing. I'm also working right now.
elux has quit [Quit: leaving]
<chreekat>
infinisil: Well, parsing the cabal file either means writing a haskell utility that uses the Cabal library, or hoping to get lucky with some string parsing (which I guess would work 99% of the time). I want to make sure there isn't something easier..
<infinisil>
There really isn't afaik
<infinisil>
Ah
<chreekat>
fetchzip takes a name argument, that the hackage machinery isn't using
<infinisil>
Something that might work is to fetch the hackage url again in the non-fixed-output derivation, and only use that to verify that they're the same
<infinisil>
That would actually be a neat solution in general
<infinisil>
You would have to download the thing twice though, which isn't optimal
gagbo has quit [Ping timeout: 248 seconds]
<infinisil>
chreekat: Yeah but really that name doesn't help anything. The thing it fetches can't have any influence on the name
<chreekat>
Hm? Not sure I follow. If "<pkg>-<ver>" was passed in as name, wouldn't it have made Nix realize the thing I want didn't exist yet? That would have solved at least one variant of this
o1lo01ol1o has quit [Remote host closed the connection]
gagbo has joined #nixos
o1lo01ol1o has joined #nixos
<infinisil>
Hm I see, I haven't thought of that
ris has quit [Ping timeout: 260 seconds]
Makaveli7 has joined #nixos
<infinisil>
Would be a good thing to test
stanibanani has quit [Ping timeout: 248 seconds]
ris has joined #nixos
<Miyu-chan>
yorick: clever: Thanks!
<infinisil>
Although, it might not work if Nix only takes the sha256 into account
<lassulus>
how can I emtpy the cache of builtins.fetchGit?
o1lo01ol1o has quit [Ping timeout: 258 seconds]
<chreekat>
infinisil: is there any way to test it that does not involve rebuilding all of haskell? :)
<infinisil>
chreekat: Just use pkgs.fetchzip with some existing hash of something different, and change the name or so
<lassulus>
ok got it, it's in .cache/nix/gitv2
<chreekat>
oh, of course, haha
<Miyu-chan>
sphalerite: Ping!
Makaveli7 has quit [Quit: WeeChat 2.5]
schneid3306 has joined #nixos
jgt has quit [Ping timeout: 276 seconds]
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<chreekat>
infinisil: hm, I tried to repro the original problem, using a call to fetchzip for the src with stdenv.mkDerivation, but in that case the zip was redownloaded when I changed the sha256, and an error about a mismatch was given
<chreekat>
oh, duh, because i didn't re-use a real sha256 from an existing pkg
<infinisil>
Yep :)
<chreekat>
I'm just bad at choosing the "wrong" sha :D
endformationage has joined #nixos
<aveltras>
do people usually handle the redirection of a www.domain.com to domain.com on nginx config or is it supposed to be configured on the domain name server ?
<Yaniel>
whatever is more convenient
<Yaniel>
probably nginx since you don't have propagation delays etc
<aveltras>
does anyone have an example nix config that does that ? (nginx redirect www to naked domain)
<sphalerite>
Miyu-chan: pong?
<chreekat>
infinisil: yep, this does what I want, at least partially! (Given that teh use of revisions on Hackage means that name/version is not enough to specify something entirely. But that's a different problem, one I don't care about right now). If callHackageDirect passed in a name like "${pkg}-${ver}-source" to fetchzip, it wouldn't be possible to fool Nix by giving the sha256 of a different package.
<{^_^}>
If a Nix file foo.nix starts with something like `{ stdenv, cmake }:`, you can build it with `nix-build -E '(import <nixpkgs> {}).callPackage ./foo.nix {}'`
<infinisil>
Ah but if you're in nixpkgs you should just use the top-level attribute
<infinisil>
Like `nix-build -A hello` for the hello package
knupfer has joined #nixos
alp has joined #nixos
Drakonis has joined #nixos
<sicklorkin>
Miyu-chan: ping
<sicklorkin>
yikes.. that was an old msg.. ignore meh
<Miyu-chan>
Lmao
<Miyu-chan>
Was it related to the LUKS thingy?
<__monty__>
infinisil: And I have to run that from the nixpkgs top level?
<sicklorkin>
Miyu-chan: no, you were asking how to check if you have network connectivitiy
justanotheruser has quit [Quit: WeeChat 2.4]
<sphalerite>
Miyu-chan: well, LVM-on-LUKS can be useful too
<sphalerite>
but yeah you certainly can use LUKS without LVM
justanotheruser has joined #nixos
blablablablamax has quit [Quit: Connection closed for inactivity]
<aveltras>
could anyone explain me the relation between "security.acme.certs.<name>.webroot" and nginx for example ? as i understand it, acme will create a certificate under the given directory but how will it be made accessible from the web for the challenge ? is this automatic ?
sicklorkin has quit [Quit: Changing server]
<clever>
aveltras: when using virtualHosts.foo.enableACME, its fully automatic
<clever>
aveltras: ive not tried using security.acme yet
<aveltras>
clever: ye, but it seems "services.nginx.virtualHosts.<name>.useACMEHost" is there in the case (i guess) you don't want to create multiple certificates
<aveltras>
because i'd need a cert for naked domain + one for www.domain ° one for weechat.domain
<clever>
the automation is also cheap enough that i just make multiple certs
<aveltras>
i guess it's supposed to be made using the "extraDomains" attribute from security.acme.certs
<oborot>
error: disk \lvm/matrix-rootvol' not found
<oborot>
error: disk \lvm/matrix-boot' not found.
jmeredith has joined #nixos
<clever>
oborot: can you screenshot the error?
<oborot>
ummm, I'll see if I can take a picture
jgt has joined #nixos
alp has quit [Ping timeout: 252 seconds]
lambda-11235 has joined #nixos
v88m has quit [Ping timeout: 245 seconds]
<oborot>
clever: https://ibb.co/2N665zW (disregard the UUID there, I'm on a different install from the config shown in the Gist, but I'm certain it corresponds to my /dev/sda2 volume).
<oborot>
To workaround the issue, it was necessary to open the GRUB console and run: cryptomount -a and set root=(lvm/matrix-rootvolume)
<clever>
oborot: that error is coming from grub, not nixos, its possible that grub failed to install correctly, and thats your old grub config
<oborot>
Actually I had to run set root=(lvm/vg-root)
<clever>
and that output only happens if /boot is encrypted, which i generally avoid
<oborot>
Is nixos not responsbile for installing grub as well?
<clever>
nixos is responsible for it
<clever>
is /boot encrypted or cleartext?
<oborot>
Encrypted
<oborot>
I thought it would be a good idea
<clever>
it heavily complicates things, and doesnt add that much security, because the grub stage 1.5 is still in cleartext
o1lo01ol1o has quit [Remote host closed the connection]
jackdk has quit [Quit: Connection closed for inactivity]
<clever>
a motivated attacker can just modify the part of grub that is asking for a passphrase
o1lo01ol1o has joined #nixos
<oborot>
Well every little bit helps, and I feel like I'm really close. The one missing part of the puzzle here just seems to be that it's mounting the wrong root.
<oborot>
Is the grub config auto-generated?
<clever>
yes
<clever>
but the grub config file is on /boot/
<clever>
so it has to decrypt that before it can read it
<oborot>
Oooh
<oborot>
That sounds like a chicken and egg problem
<clever>
the config on how to find /boot, is baked into the 1.5 binary, in the bios boot partition
szicari has joined #nixos
o1lo01ol1o has quit [Ping timeout: 245 seconds]
<oborot>
So if my LVM config naming matched what the defaults it's expecting it might work?
<oborot>
I think I'm going to try to read up a bit more on whether or not this is even worthwhile to do
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to release-19.03: https://git.io/fjXzq
<rsoeldner>
Hey, running NixOS and want to enter common haskell dev env. When adding ~/.config/nixpkgs/config.nix as mentioned https://github.com/NixOS/nixpkgs/blob/master/doc/languages-frameworks/haskell.section.md I cant enter with `nix-env -iA myHaskellEnv` with error error: attribute 'myHaskellEnv' in selection path 'myHaskellEnv' not found. What am I doing wrong?
<clever>
rsoeldner: its best to enter haskell envs with nix-shell, not nix-env
<ldlework>
qutebrowser is the slowest member of my global theming because it has to re-evaluate it's entire python based config
<ldlework>
but it works
<oborot>
ldlework: :o
<oborot>
That's pretty neat
<day|flip>
I think ill switch back to awesome wm once I done messing around with AMD SME
<adisbladis>
oborot: My firefox goes one step further and disables tabs completely
<oborot>
I started using a tiling window manager on my mac, think I'll start using one on this new laptop I'm setting up
<adisbladis>
Also no address bar :)
<oborot>
adisbladis: Mad man!
<__monty__>
adisbladis: But the popup firefox uses if there's no location bar is hideous, no?
MmeQuignon has quit [Ping timeout: 245 seconds]
<day|flip>
adisbladis: xmonad verson for mac?
<adisbladis>
day|flip: Huh?
<adisbladis>
__monty__: Huh? I can press C-l to get the address bar.
<adisbladis>
It's just not there by default
<day|flip>
adisbladis: are you using amethyst?
<adisbladis>
day|flip: No. I'm using EXWM on Nixos.
<oborot>
day|flip: I'm the mac tiling wm guy, and yeah, I'm using amethyst
<day|flip>
cool cool
MmeQuignon has joined #nixos
<oborot>
I wish I was as good with tiling wm as I am with tmux
<oborot>
It would be nice to be able to purge some hotkeys from my brain
<day|flip>
oborot: i suck at using tmux. i only using since alacritty show my terminal color better over kitty
<day|flip>
witch is weird to say
veske has joined #nixos
<oborot>
Do you like kitty?
<day|flip>
i do
<oborot>
It's kind of buggy on my Mac, but definietly seems to be more performant then some of the other terminal emulators I've used
<day|flip>
i cant say. since i been using it on linux
<oborot>
Do you do any image rendering in your terminal?
<day|flip>
it run good. and less bs on how it handles color schemes
<__monty__>
Buggy? Haven't run into any problems.
<__monty__>
oborot: Check out ranger : )
<{^_^}>
[nixpkgs] @rnhmjoj opened pull request #64738 → magnetico: init package and service → https://git.io/fjXz0
<oborot>
__monty__: I have problems when my Mac goes to sleep or sometimes when I switch displays. I have to unplug and plug the display adapater back in occosionally when characters stop rendering properly.
<__monty__>
day|flip: Have you tried customizing kitty's colors?
<oborot>
I use ranger, but images don't seem to render in kitty for some reason.
<day|flip>
ya. it not hard to figure out
<blablablablamax>
I think what I need to do is supply extra qemu options?
<mrottenkolber>
So it turns out you can: deployment.libvirtd.extraDomainXML = "<cpu mode='host-passthrough'/>"; and that makes libvirtd run qemu with -cpu host
<yorick>
what's the advantage of kitty over alacritty?
veske has joined #nixos
<day|flip>
kitty you don't really need thing like tmux. it kind built in
<yorick>
I don't really trust kovid goyal after all the calibre cve's
<yorick>
(and the "I will maintain python 2 myself" attitude)
<__monty__>
Tmux serves a very different purpose to tiling terminals.
<{^_^}>
kovidgoyal/kitty#391 (by mihaicristiantanase, 1 year ago, open): kitty tmux like daemon
<__monty__>
yorick: Ime experience with ranger bug reports alacritty's all around a worse terminal though.
<Yaniel>
TIL tmux is a hack
<__monty__>
day|flip: Ah, I know what you're seeing. Notice that the "light" characters are actually *bold*. Many terminal programs erroneously use "bold" when they really mean "light."
lkonya has quit [Ping timeout: 260 seconds]
<__monty__>
Bright, rather than "light."
<yorick>
__monty__: ah, in my experience with sway bug reports kitty seemed like an all around worse client
<yorick>
__monty__: I think currently kitty has a timer to see if it is getting frame events and then draws everything 60 times per second, instead of drawing on a frame event
<__monty__>
yorick: Do all systems support variable refresh rate?
ddellacosta has quit [Ping timeout: 248 seconds]
<yorick>
__monty__: wayland uses this to e.g. draw things at 5fps when windows are thumbnailed
<yorick>
or draw things at 0fps when they are offscreen
deech has quit [Ping timeout: 248 seconds]
<yorick>
I should try kitty, maybe it's good
Zhen has joined #nixos
<Yaniel>
looking at the comments in that issue it seems to be rather opinionated
<Yaniel>
and not exactly opinions I'd agree with
<yorick>
okay, kitty has better response time, but also more judder
<__monty__>
yorick: I never looked into the rendering tbh. I'm a bit particular about my terminals and didn't have issues with it.
<__monty__>
Note that another favorite of mine's Terminology. So you might want to apply copious amounts of salt to my opinions.
<yorick>
__monty__: oh, I've tried terminology, but it was way too unstable
<yorick>
watching video in your terminal was a fun feature that wasn't really good for anything
<Zhen>
hi guys, I am confused by the behavior of ddclient.service. because it doesn't start at boot, and when I try to start it manually by running `sudo systemctl start ddclient` I get "Failed to restart ddclient.service: Unit ddclient.service not found."
<Zhen>
but after running `sudo nixos-rebuild switch --upgrade` it will start
<Zhen>
I wonder why I need to run rebuild switch every time after boot up
jgt has quit [Ping timeout: 250 seconds]
<Zhen>
the rebuild will log "the following new units were started: ddclient.timer, firewall.service, network-pre.target"
<manveru>
Zhen: sounds like you're booting into the wrong system?
veske has quit [Quit: This computer has gone to sleep]
<Zhen>
but isn't the default the last build?
<Zhen>
aka the largest build number?
<Zhen>
suppose I never roll back
<manveru>
in theory, yes
<manveru>
so i guess there's some problem with your bootloader
<manveru>
any other messages on the rebuild?
<Zhen>
but I also checked, it is indeed the latest build
<Zhen>
```
<Zhen>
`activating the configuration...reviving user 'ds' with UID 1002removing user ‘cups’setting up /etc...removing obsolete symlink ‘/etc/cups’...reloading user units for sddm...reloading user units for zhen...setting up tmpfilesreloading the following units: dbus.servicerestarting the following units: polkit.servicestarting the following units: cpufre
<Zhen>
q.service, network-manager.service, network-setup.service, nscd.service, systemd-modules-load.service, systemd-sysctl.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket, udisks2.servicethe following new units were started: ddclient.timer, firewall.service, network-pre.target`
<manveru>
as gist or something or you'll flood the channel :)
<Zhen>
sorry, new to here
<manveru>
you use grub?
MmeQuignon has quit [Ping timeout: 246 seconds]
<Zhen>
yes
<gyroninja>
Is anyone else having trouble starting the latest version (8.5.4) of tor-browser (from tor-browser-bundle-in)? I'm having an issue similar to this closed issue https://github.com/NixOS/nixpkgs/issues/20157 and it can similarly be fixed by running it with running it by 'env XAUTHORITY="$HOME/.Xauthority" tor-browser'
<{^_^}>
#20157 (by bendlas, 2 years ago, closed): tor-browser: startup failure when running under KDM
<gyroninja>
*tor-browser-bundle-bin
MmeQuignon has joined #nixos
vmandela has joined #nixos
turion has joined #nixos
<oborot>
Any dwm users in here? Trying to setup a minimal x11 DE with dwm as the window manager.
<oborot>
It seems be be working, but how can I open programs?
ambro718 has joined #nixos
<day|flip>
does that need something like dmenu or rofi?
<oborot>
I installed dmenu as well, but I have not used that before
<ambro718>
How do I avoid making temporary variables global variables in various build functions in a package definition?
<oborot>
Is there a hotkey for that?
<day|flip>
oborot: you have to rebuild dmenu with that option to work. not sure if it come with that by default
<day|flip>
try MOD + p
<Zhen>
I noticed that my boot is /boot/efi instead of /boot. does it matter?
<oborot>
I got it, needed to run Shift+Alt+Enter
jmeredith has quit [Quit: Connection closed for inactivity]
<day|flip>
ill brb
day|flip has quit [Remote host closed the connection]
Zhen has quit [Remote host closed the connection]
FRidh has quit [Quit: Konversation terminated!]
<oborot>
What's that program people use to generate that system spec summary with the ASCII art?
<vmandela>
grahamc ping
<clever>
oborot: lstopo from hwloc
<clever>
oborot: `lstopo --of ascii` gives the best ascii
<ldlework>
oborot: ignore the second middle link there
<ldlework>
rofi/dmenu is great :)
<oborot>
Yeah, it looks really cool. I just wish my work didn't force me to use a mac.
<ldlework>
oborot: are you thinking of neofetch
<oborot>
Yup
leex has joined #nixos
<MmeQuignon>
Hi everyone. I have a question and I can't find the answer. Some options like "gtk.iconTheme" is typically a user specific configuration. How should I configure that option in ~/.config/nixpkgs/config.nix ?
Shouou has joined #nixos
<MmeQuignon>
I already have a lot of user specific configuration in /etc/nixos/configuration.nix, like zsh and I believe it's not the right place.
<MmeQuignon>
So, I would like to move all this configuration in a more appropriate place.
<spacekookie>
I'm trying to configure my libreoffice to pick up dictionaries properly. I have hunspell working (with hunspellWithDicts) but this doesn't seem to affect libreoffice in any way. Any advice?
andreas303 has quit [Quit: andreas303]
mmlb has quit [Ping timeout: 272 seconds]
andreas303 has joined #nixos
oida has joined #nixos
ambro718 has quit [Quit: Konversation terminated!]
mrottenkolber has quit [Quit: Connection closed for inactivity]
day|flip has joined #nixos
abathur has joined #nixos
fendor has quit [Ping timeout: 246 seconds]
myskran has joined #nixos
justanotheruser has quit [Ping timeout: 244 seconds]
wfranzini has quit [Remote host closed the connection]
shandogs has joined #nixos
wfranzini has joined #nixos
jgt has quit [Ping timeout: 252 seconds]
<shandogs>
Has anyone got slack up and running? I installed it successfully but can't figure out how to actually log in. It wants me to log in via a browser but I'm not sure how focus is supposed to return to the slack app. I'm using i3, not sure if that makes a difference.
<_d0t>
shandogs: it could. I have it running just fine in KDE.
<shandogs>
_dot: ok thanks, I'll look into what I'm missing
<_d0t>
shandogs: honestly, it could be just a slack thing. I seem to remember having issues logging in, but I can't recall what exactly it was.
_d0t has quit [Ping timeout: 248 seconds]
<{^_^}>
[nixpkgs] @georgewhewell opened pull request #64750 → firmware-linux-unfree: update to 2019-06-18 → https://git.io/fjX2L
<{^_^}>
[nixpkgs] @costrouc opened pull request #64751 → [WIP] Many packages from SciPy sprints important to numpy, scipy, numba, matplotlib → https://git.io/fjX2t
_d0t has joined #nixos
slack1256 has joined #nixos
aszlig has quit [Quit: Kerneling down for reboot NOW.]
<_d0t>
how do I disable running tests for a haskell package?
<slack1256>
Has any of you found a way to make compatible a local notmuch database with an imap server so I can have a consistent view of emails between my desktop and cellphone'
selfsymmetric-mu has joined #nixos
<slack1256>
_d0t: There is a function dontCheck what modifies a derivation to not run tests.
<_d0t>
slack1256: could you provide an example? I don't see it being used in haskell-packages.nix
<slack1256>
I got a example usage somewhere, let me find it
<slack1256>
you usually redefine haskellPackages with a modified package
aszlig has joined #nixos
<_d0t>
huh?
<_d0t>
This is my first time adding a haskell package to nixpkgs.
<slack1256>
You will be reading more than writing then :-)
<_d0t>
Still.
<infinisil>
_d0t: pkgs.haskell.lib.dontCheck for disabling tests of a haskell package
<{^_^}>
commercialhaskell/stack#4864 (by Kleidukos, 4 weeks ago, closed): "Cannot determine project root directory for Docker sandbox." error even when Docker support is disabled
<_d0t>
that's the bug
<_d0t>
I'm kinda surprised nobody has noticed yet
<slack1256>
Well people on nixos usually just use nix + cabal (at least I do)
<slack1256>
I don't have an idea for what is the correct course of action though
<_d0t>
I'm gonna submit the PR anyway and let things sort themselves out
<slack1256>
Just a question, where are you modifying the pantry definition?
<Church->
So question, on the nixos-unstable channel and the nixpkgs unstable channel. And when trying to install steam get the following error. https://bpaste.net/show/HdkA
<Church->
Assuming I should just try and install from master?
<selfsymmetric-mu>
The file NixOS is trying to download isn't there.
<Church->
Been like this for well months
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
<selfsymmetric-mu>
Weird, steam on 19.03 works fine for me.
<Church->
Grumble. I did upgrade from 18.09
<Church->
Working from master it looks like
<exarkun>
I had `virtualisation.docker.enable = true` and then I switched it to false and `nixos-rebuild switch`'d. To my chagrin, Docker iptables rules persist.
<exarkun>
Is this one of those things that doesn't work with `switch` and that I have to reboot for? :/