<kandinski>
I'm stuck on 18.09 because I depend on synergy/barrier for workflows, and they didn't work with 19.04 because of Wayland. It's an ignorant question, but is there a simple way to run 19.04+ without wayland (xorg?)?
<day|flip>
gnome?
rsoeldner has joined #nixos
stepcut has quit [Remote host closed the connection]
<day|flip>
kandinski: if this is gnome. on gdm. click on your name. you see * right below. click on that. can pick gnome xorg
<{^_^}>
[nixpkgs] @worldofpeace merged pull request #64936 → git-crypt: include man pages in output → https://git.io/fj1kj
<{^_^}>
[nixpkgs] @worldofpeace pushed 3 commits to master: https://git.io/fj1Yc
<teto>
I am modifying the nixos test infrastructure a bit to reuse parts of it in nixos=shell but I get "Module `:anon-937' has an unsupported attribute `pkgs'. This is caused by assignments to the top-level attributes `config' or `options'." : How can I name my module to get sthg else than "anon-937". I am not sure how to debug this. I don't think I have an option or config item named "pkgs"
<clever>
teto: _file = ./myself.nix;
<clever>
teto: that is a special internal option that can be set on any nixos module, imports sets it for you, which is why you normally get useful errors
<clever>
but imports = [ { foo } ]; doesnt know where the attrset came from
<{^_^}>
#64965 (by grahamc, 7 seconds ago, open): NetworkManager with L2TP and IPSec VPN is tricky to configure under sway, and sometimes doesn't work
zaeph has quit [Ping timeout: 252 seconds]
<kerffufel[m]>
I just learned about NixOs today
<ldlework>
kerffufel[m]: welcome to the future
<kerffufel[m]>
I know right, its finally the holy grail ive been looking for
<teto>
gchristensen: I've been wanting to write a nixos test for that but as there was no tests for networkmanager, I had to spend some time tweaking the testing infra (which motivated me to write https://nixos.wiki/wiki/NixOS_Testing_library).
<gchristensen>
oh cool!
stepcut has quit [Remote host closed the connection]
<teto>
gchristensen: weird that /etc/ipsec.secrets is not created. I thought I had fixed this. Maybe I've done something silly like adding strongswan as a module and that creates the file
<gchristensen>
somehow it would get created sometimes, sometimesit wouldn't
<gchristensen>
anyway. bed :)
<gchristensen>
time to turn in to a pumpkin.
___laika has joined #nixos
rsoeldner has joined #nixos
janneke has quit [Ping timeout: 250 seconds]
kerffufel[m] has left #nixos ["User left"]
orivej has quit [Ping timeout: 246 seconds]
janneke has joined #nixos
ddellacosta has quit [Ping timeout: 268 seconds]
MrCCoffee has quit [Quit: Lost terminal]
rsoeldner has quit [Ping timeout: 268 seconds]
<teto>
clever I've tried adding _file to some of the modules to no avail (adding _file="toto"; for instance). Any tip to debug this ? -vvvvv is not helpful and I confess I am a bit lost.
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
teto: can you link a branch on github with your changes?
<teto>
I am not sure exaclty, I think I was importing stuff incorrectly between import <nixpkgs/nixos/lib/build-vms.nix> and <nixos/default.nix>. This fixed it https://paste.ubuntu.com/p/4TngtBycr2/
<teto>
I wonder if there is an up to date rationale about nix as a programming language. I think nixos is awesome and on the same level as git in terms of disruption but I have yet to be convinced by nix as a language.
<teto>
everytime I need to change sthg slightly more involving than modifying a package, it turns into a mudfight, between the "with" calls that mess up the scope, the callPackage that autoamtically imports stuff, no tooling (no viable LSP backend), it's not fun
<clever>
teto: i try to avoid with for that reason
<etu>
thedavidmeister: And replace the commit id as you want
<etu>
What it does is that it overrides the channel named nixos and points it to wherever you want for that rebuild :)
<kiloreux>
etu, why is it that when I do what you just suggested. It tried to rebuild everything (and runs out of my space in my disk)?
<kiloreux>
Is it expected to have that behavior?
<kiloreux>
(I know I am hijacking, but was just curious)
mexisme has joined #nixos
thedavidmeister has quit [Ping timeout: 245 seconds]
rsoeldner has quit [Remote host closed the connection]
rsoeldner has joined #nixos
mexisme_ has quit [Ping timeout: 245 seconds]
<etu>
kiloreux: Probably because it's many differences from what you had on your system before so it basically puts new store paths for everything in your config. And as you may now, nix doesn't replace things. It puts in new things. So if you're low on space you may need to garbage collect your store or have a bigger disk :)
thedavidmeister has joined #nixos
<kiloreux>
etu, Thank you. I wander, why wouldn't it use the binary cache to pull what it already knows?
<etu>
kiloreux: It should, but for some reason that commit may not be cached etc. I don't think they build the full archive for each commit. They do it for each channel update.
<kiloreux>
I actually tried to use 19.03 channel as a tar.gz and it still tried to build everything. Puzzling
day|flip has quit [Remote host closed the connection]
<etu>
kiloreux: If you have overlays overriding stuff you can get many rebuilds...
<clever>
kiloreux: what is line 4 of ~/.nix-profile/bin/aws ?
<kiloreux>
clever, `export LANG="en_US.UTF-8"`
<clever>
kiloreux: what about `strace -o logfile aws` and then pastebin the whole logfile, after confirming it doesnt contain your access-key-secret from aws
mexisme has quit [Ping timeout: 245 seconds]
thedavidmeister has quit [Ping timeout: 245 seconds]
<clever>
kiloreux: yep, it is opening the locale archive
<kiloreux>
I am not sure I fully understand what that mean :/
<clever>
kiloreux: i cant see anything obviously wrong
hyper_ch2 has joined #nixos
<kiloreux>
Ahh :(. Okay
mexisme has joined #nixos
mexisme has quit [Ping timeout: 264 seconds]
<kiloreux>
clever, There's something weird. If I use <nixpkgs> that error goes. However if I use the pinned version it's still there. Even if I use the same commit from the current <nixpkgs> it stays.
<linarcx>
Hello. i want to develop qt applications on nixos. but in qt-creator i can't access "Help" and "Examples". Anybody here had same problem before?
<teto>
writing a nixos test, I need to compare the output of a shell command that returns a number (as a string I guess) to a number. any idea ?
<inquisitiv3>
simpson: I read the articles you linked yesterday, but I can't find the explaination for "isolation at compilation"? Or did I maybe missunderstand something_
<{^_^}>
[nixpkgs] @FRidh pushed commit from @r-ryantm to master « josm: 15155 -> 15238 »: https://git.io/fj1GK
m0rphism has joined #nixos
<bahamas>
is there a way to manage services with nix in development? I'm thinking of stuff like postgres, redis, etc.
<sphalerite>
infinisil: du measures space usage according to the filesystem. So it's probably affected by compression and stuff in your case. du --apparent-size is likely to get closer, but won't include filenames and such (which the nar serialisation does)
<sphalerite>
bahamas: other than that, not that I know of. It certainly would be nice to have something like nix-shell that can also start up services
<literon>
I would need some hints on allowing some impurity (accessing a cache dir) in nix-build. First, is my assumption correct, that build is chrooted to the worker dir?
<bahamas>
dminuoso: ah, ok. I thought it was general advice to use withPackages. I see that the ghc package has a similar function.
<Taneb>
Miyu-chan: if you need one there's lib.reverseList in nixpkgs
<Miyu-chan>
I'd argue yes, considering that lists are arrays instead of linked lists.
<Taneb>
Given there's a genList function you can still define reverse efficiently yourself
<Miyu-chan>
Oh, I was thinking of using fold functions.
<Miyu-chan>
Checking genList tho
<bahamas>
dminuoso: do you use docker for deployment? I remember you said that you use cabal to build your project. but if you use Docker, you still need to create a nix file with your Haskell dependencies
<Miyu-chan>
That's, uh, kinda weird, but that does work.
<Miyu-chan>
Taneb: Thanks!
<Taneb>
:)
<Miyu-chan>
Also, lib.reverseList does use genList!
<Miyu-chan>
And so does zipListWith. I guess it kinda makes sense, because the way linked lists work is that they have amazing cons semantics.
<{^_^}>
[nixpkgs] @FRidh merged pull request #64900 → python2: backport fix for pyc race condition, part 2 → https://git.io/fjXj3
<{^_^}>
[nixpkgs] @FRidh pushed commit from @abbradar to staging « python2: backport fix for pyc race condition, part 2 »: https://git.io/fj1ZK
<Miyu-chan>
But arrays are probably have the worst cons semantics.
<literon>
Is there an option to nix-build to allow impurity? Such as accessing a given global directory, or accessing network.
<dminuoso>
bahamas: Honestly, if you use nix the reasons for docker kind of disappear.
<{^_^}>
[nixpkgs] @FRidh pushed commit from @risicle to staging « zeromq: 4.3.1 -> 4.3.2 »: https://git.io/fj1Z1
o1lo01ol1o has joined #nixos
<teto>
literon: you may be able to work with --option sandbox false
<bahamas>
dminuoso: I see. do you use nixops then?
<tilpner>
literon: Network is allowed for fixed-output derivations
<tilpner>
literon: extra-sandbox-paths in nix.conf can be used to include additional paths in the sandbox environment
<dminuoso>
bahamas: No.
<dminuoso>
bahamas: My nix is limited to nixos for my development machine, but I dont build my packages with nix (yet?).
<literon>
tilpner: than you, let me have a look.
<bahamas>
dminuoso: how do you deploy then?
<dminuoso>
For development, I just use nix-shell to set up environments with cabal, ghc, native libraries - the actual build happens using ⌜cabal v2-*⌝
<bahamas>
yes, I also use cabal to build stuff
<dminuoso>
bahamas: gitlab-ci with a shell executor that just grabs build artifacts from gitlab.
veske has quit [Quit: This computer has gone to sleep]
<bahamas>
I see
<dminuoso>
It's basically just a few lines of bash.
<dminuoso>
It's tons easier to debug if something goes wrong than if docker networking somehow doesnt work.
<dminuoso>
You're left with just "randomly trying things", hoping you have a docker developer team inhouse you can ask...
xantoz has quit [Remote host closed the connection]
<eyJhb>
Mic92: you don't seem like a fan of FlexGet :p
kiloreux has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @FRidh pushed commit from @dtzWill to staging « iputils: 20190515 -> 20190709 »: https://git.io/fj1Z5
<dminuoso>
bahamas: That's not because I dont have any confidence in nixops, but we are sort of relying on ansible for ops. So trying to push for nixops at the same time might not be the best of all moves.
veske has joined #nixos
<arianvp>
Any agda users here that can tell me how to get an emacs with AGda-mode working?
<{^_^}>
[nixpkgs] @FRidh merged pull request #64395 → git: fix bad patch and fix run-time dependency on gcc → https://git.io/fjiTN
<{^_^}>
[nixpkgs] @FRidh pushed commit from @demin-dmitriy to staging « git: remove runtime dependency on gcc »: https://git.io/fj1Zb
<bahamas>
dminuoso: I understand
<bahamas>
in my particular case, I just one to create a setup for my projects, so I have the freedom to choose
<bahamas>
s/one/want/
<{^_^}>
[nixpkgs] @FRidh merged pull request #64391 → pythonPackages.jpylyzer: init at 1.18.0, use to enable openjpeg tests → https://git.io/fjiUh
<dminuoso>
It's really easy if you dont have "painless scalability" to consider.
<dminuoso>
I could trivially still build the project with nix, mind you.
<dminuoso>
That's unrelated.
mexisme has joined #nixos
<bahamas>
dminuoso: I'm learning towards providing all the dependencies, including the compiler and the build tool with nix, and then use the language's build tool for the actual build (cabal, cargo, etc). it's also because I've had situations where a project that built with cabal didn't build with nix
<Mic92>
Looks pretty similar to rsnapshot on the first glance.
<eyJhb>
Well, it is more for cleanup of previous backup files. My servers backup a couple of kb, so just having a tar.gz that is encrypted then uploaded to my server seems nice :p
Mrmaxmeier has joined #nixos
bahamas has quit [Ping timeout: 268 seconds]
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.2)]
<eyJhb>
Well, it would more be cleanup of rsnapshot files, all rotate-backups does, is just.. Delete them
shandogs has quit [Remote host closed the connection]
<Grauwolf>
jasongrossman: thanks! will look into that
<jasongrossman>
Grauwolf (and everyone): There's a proposal to build it in to the nix command, which I think would be good.
<jasongrossman>
I haven't actually tried it, but it looks very versatile - e.g. it can make appimage bundles.
<Grauwolf>
yes, i'm currently experimenting with different software-deployment strategies on non-nix/guix machines, and this seemed interesting to my use-case
<Ashy>
nice, `nix-store --optimise` freed up 15gb
<Mic92>
eyJhb: you can try to remove both astroid and python-lint from the requirements.txt. To me it seems that the tests should still work.
<jasongrossman>
Grauwolf: Some other formats are also possible using Nix but I'm not sure they're fully documented. They're mentioned here: https://github.com/NixOS/nix/issues/2993
seqizz has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
jackdk has quit [Quit: Connection closed for inactivity]
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
oborot has quit [Ping timeout: 244 seconds]
<Ashy>
heh, `nix-store --optimise` is much slower on my thinkpad sata ssd than the nvme in the desktop
oborot has joined #nixos
___laika has quit [Ping timeout: 244 seconds]
__monty__ has joined #nixos
___laika has joined #nixos
<sphalerite>
Ashy: "slower" measured how?
<Ashy>
started them both at the same time and the desktop finished a good 30 mins ago
<Ashy>
59gb nixstore on the desktop, 55gb on the thinkpad
<xorAxAx>
Ashy, encryption involved somewhere?
<Ashy>
yeap, both on encrypted zfs
<xorAxAx>
ah, ok
<xorAxAx>
same amount of ram?
<xorAxAx>
zfs loves RAM when you write things to it
<Ashy>
desktop has a 500gb samsung 960 evo, thinkpad has a 250gb samsung 860 sata ssd
<Ashy>
oh 8gb on the thinkpad vs 16gb on the desktop
<sphalerite>
oh wait, the sata is slower than the nvme
<sphalerite>
yeah that's normal
tsrt^ has joined #nixos
<atlas_>
am I supposed to have ~/.nix-defexpr/channels and ~/.nix-defexpr/channels_root? I get a name collision when I add the default channel to my per-user config and had to revert
<Ashy>
yeah i was just giggling at actually noticing a difference for once
orivej has joined #nixos
<Ashy>
most of the time i never really notice
vmandela has joined #nixos
oborot has quit [Ping timeout: 245 seconds]
<__monty__>
30mins is much bigger than the difference I'd expect between SATA and NVMe though.
<__monty__>
Unless these machines were doing something other than booting?
<pie_>
so uhh
<pie_>
i need a snippet for makeWrapper that can let me set an environment variable only if its not set already
<WilliButz>
just to check: yesterday i was unable to boot the various versions of the minimal iso on an odroid-h2, is there a known issue? i don't get to the bootloader instead I got stuck on a black screen with a single white underscore %)
Soo_Slow has quit [Remote host closed the connection]
<Ashy>
i didnt time the desktop unfortunately
<Miyu-chan>
My 16 GB device keeps OoMEing because of ZFS.
<Miyu-chan>
:(
<Miyu-chan>
Firefox takes like ~8 GB, and ZFS ~4 GB
<__monty__>
Ashy: Just booting? Or nixos-rebuild switch?
<WilliButz>
i didn't find anything that looks exactly like my issue on github and worked around it with an ubuntu live image and a kexec-bundle from nixos-generators. just wanted to check back if there is something that might need fixing
<Ashy>
__monty__: `nix-store --optimise`
<__monty__>
Oh, that's a different matter.
Makaveli7 has quit [Quit: WeeChat 2.5]
<Ashy>
yeah im not shocked or anything, just thought it was interesting
<Ashy>
it really is the future already, nvme is crazy fast
<__monty__>
I think this is more about ram and cpu speed though.
<Ashy>
ah true, the desktop is drastically higher powered than this thinkpad t450
<Ashy>
ryzen 1600 vs i5-5300U
FRidh has quit [Quit: Konversation terminated!]
shomodj has joined #nixos
<tilpner>
Miyu-chan: I've found kernel.sysctl."vm.overcommit_memory" = "1"; to be required to allow the ARC to shrink
<chaker>
Hey, where I can find libcrypto++? It seems it's not included in openssl.dev
<tilpner>
chaker: Try cryptopp
<Miyu-chan>
tilpner: I'm okay with rebooting every onecin a while TBH.
<Miyu-chan>
Too lazy to deal with this problem. :P
<tilpner>
._.
<Miyu-chan>
I have much more important things to do, like, play Steam games.
<Miyu-chan>
jk
<tilpner>
It was important enough for you to complain about here :c
<Miyu-chan>
Ohh. It was an off-hand comment w.r.t. ZFS a conversation about ZFS a while ago. Sorry. ; ;
<Miyu-chan>
s/w.r.t. ZFS/w.r.t./
<tilpner>
Well, just put that in your config and rebuild/reboot later
<tilpner>
Already took more time discussing not doing that
<{^_^}>
error: syntax error, unexpected '}', at (string):255:8
inquisitiv3 has joined #nixos
<Miyu-chan>
Eh!?
<pie_>
im not sure what *thats* for
<pie_>
maybe "" strings
<Miyu-chan>
> '''''\${} ''
<{^_^}>
error: syntax error, unexpected '}', at (string):255:9
<Miyu-chan>
lol
<pie_>
the manual says you get ${} via ''${}, and ' via ''' :I
<Taneb>
,escape''
<{^_^}>
'' two single quotes: ''' bash curly bois: ''${} newline: ''\n tab: ''\t any character x: ''\x ''
<pie_>
hm " ''\ escapes any other character"
<Miyu-chan>
What's wrong with "" though?
<Miyu-chan>
You can do this by inserting an empty string, but why
<pie_>
'' '' work a bit different
<Miyu-chan>
Can I suggest
<Miyu-chan>
> '' ${"'\${}"} ''
Thra11 has joined #nixos
<{^_^}>
"'${} "
<pie_>
and that was just an example, i need this in a bigger string
<pie_>
Miyu-chan, oh...lol
<Miyu-chan>
I have a feeling that it's actually impossible to write '${} under '' ''
<pie_>
ok i misread " '' can be escaped by prefixing it with ' "
<Miyu-chan>
Witout using ${} hacks.
<Miyu-chan>
> '' '${""}''${} ''
<{^_^}>
"'${} "
<pie_>
well Taneb just had the bot say something and the manual also says it, i vaguely rememebred something about ''\ but havent used it so i forgot
<Miyu-chan>
That's another way of doing it.
<pie_>
> '' ''\'''${} ''
<{^_^}>
"'${} "
<Miyu-chan>
Oh.
<Miyu-chan>
Cool.
<pie_>
kind of cursed syntax but hey :D
<Miyu-chan>
I just realized something though.
<Miyu-chan>
Seems like the ,escape'' is "literate programming".
<Miyu-chan>
> '' two single quotes: ''' bash curly bois: ''${} newline: ''\n tab: ''\t any character x: ''\x ''
<{^_^}>
"two single quotes: '' bash curly bois: ${} newline: \n tab: \t any character x: x "
<Miyu-chan>
Whoever added that entry, just wanna say that that's cool. Same thing with ,escape"
rndd has joined #nixos
Neo-- has quit [Ping timeout: 245 seconds]
seqizz has joined #nixos
<sphalerite>
Miyu-chan: infinisil++ :)
<{^_^}>
infinisil's karma got increased to 108
<rndd>
hi everyone! onether dumn question - which nixos package contains dkms?
<etu>
,locate dkms
<sphalerite>
rndd: it's not packagedAFAIK
<{^_^}>
Found in packages: sysdig, linuxPackages.sysdig, linuxPackages_4_14.sysdig, linuxPackages_4_20.sysdig, linuxPackages_xen_dom0.sysdig, linuxPackages_testing_bcachefs.sysdig, linuxPackages_xen_dom0_hardened.sysdig
<sphalerite>
rndd: largely because it won't really work on nixos
<etu>
ah, oh, yeah right. It's the kernel module thingy.
<etu>
It doesn't make sense on NixOS
igorzash has joined #nixos
<rndd>
well, so I will explain problem
igorzash has quit [Quit: ERC (IRC client for Emacs 26.1)]
<rndd>
I wanna install open source kernel module for my RTL wifi card, but don't know how to write a default.nix ... I saw some examples on github in nixpkgs but I firstly want to write default.nix for nix-shell install inside and test 0_o
<Miyu-chan>
sphalerite: Ah, cool. :)
<sphalerite>
rndd: which rtl? It may already be in nixpkgs
<Miyu-chan>
infinisil++
<{^_^}>
infinisil's karma got increased to 109
<Miyu-chan>
Also, would have been nice if `systmd.unit.startAt` allowed timer options.
tilpner has quit [Quit: WeeChat 2.4]
Ariakenom has joined #nixos
Thra11 has quit [Ping timeout: 248 seconds]
<rndd>
sphalerite: rtl8723de
<sphalerite>
rndd: you can probably copy the one from pkgs/os-specific/linux/rtl8723bs/default.nix and adjust the source
___laika has joined #nixos
<chaker>
tilpner Thanks, but it didn't work
<chaker>
I still have "Package requirements (libcrypto++) were not met" even though I specified cryptopp in buildInputs
<rndd>
ye, but I don't understand should I use it how nixpkg or I may just write nix-shell
zupo has joined #nixos
is_null has joined #nixos
<Miyu-chan>
Err
<Miyu-chan>
> Moreover for units names containing dashes ("-"), the set of directories generated by truncating the unit name after all dashes is searched too. Specifically, for a unit name foo-bar-baz.service not only the regular drop-in directory foo-bar-baz.service.d/ is searched but also both foo-bar-.service.d/ and foo-.service.d/.
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):255:49
<Miyu-chan>
Whoops.
<Miyu-chan>
Anyways, TL;DR, is there any systemd service that uses dashes in NixOS?
<Miyu-chan>
Because turns out that dashes is a hierarchy separator in systemd units...
<chaker>
,locate libcrypto++.so
<{^_^}>
Couldn't find in any packages
<sphalerite>
chaker: maybe you need pkgconfig in nativeBuildInputs for your package to be able to find libcrypto
<exarkun>
,locate cryptopp
<{^_^}>
Found in packages: cryptopp
<Zer0xp>
Does anyone know how to set up msmtp in nix ?
<chaker>
sphalerite: Should it be in nativeBuildInputs? I have it in buildInputs ( changing and testing ).
<sphalerite>
chaker: it should, but if it's in buildInputs and you're compiling natively (not cross) it won't make a difference.
<sphalerite>
Zer0xp: I just installed it in my profile and use a traditional .msmtprc
<sphalerite>
chaker: what's the software you're packaging?
<sphalerite>
chaker: you also shouldn't need to include gcc, or specify the outputs for libcap and ncurses
<sphalerite>
chaker: and there's a fancy autoreconfHook thing which you can put in your nativeBuildInputs instead of specifying that preConfigure and adding automake/autoconf/libtool(?) to your buildInputs :)
<Zer0xp>
sphalerite: I am getting an issue when trying to send an email. Could you send me the template of the ~/.msmtprc file in a pastebin link ? And explain what values I should use where ? I'm using a Gmail account btw.
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<Zer0xp>
sphalerite: I think I had gotten the setup all wrong. I will redo it from scratch. For now I have the msmtp package installed and the defaultMailServer.directDelivery = true, hostName = "smtp.gmail.com" and usestartTLS = true in the configuration.nix file
<Zer0xp>
sphalerite: Is that fine or do I tweak those too ?
<Zer0xp>
mkaito: Alright then, where is the message typed and file attached when using the msmtp command that you sent ?
<Miyu-chan>
Err, wait, destination is not inherited, soo
stepcut has quit [Ping timeout: 245 seconds]
<mkaito>
Zer0xp: msmtp is just an smtp proxy. it doesn't compose messages or attach files, it just sends stuff. you'll need to format an email with something else and then hand it to msmtp for delivery.
<Miyu-chan>
mkaito: Yes, but writeScriptBin wraps it in /bin to make it easier to place into environment.systemPackages.
<mkaito>
Miyu-chan: yes, so? have you tried writeScript instead?
<adisbladis>
Miyu-chan: At that point I'd use runCommand with a `cat > $out <<EOF` inside
<adisbladis>
And use bash as a "templating language" :)
<Zer0xp>
mkaito: Okay so where do I format the email ? Is there a link to a tutorial for setting that up ?
<mkaito>
Zer0xp: it's just a plaintext file in a certain format. google for it, it's a fairly simple thing.
<Miyu-chan>
mkaito: Yes, I've considered that too, but writeScriptBin is much better for its felxiblity IM.
<mkaito>
Miyu-chan: I mean, what's your use case here?
<mkaito>
freddie_freeload: I don't mean to be rude or anything, but I won't click a link just to read your message. Doubt I'm the only one who thinks that way. Matrix is annoying.
<rsoeldner>
How to specify user credentials if deploying mongodb service on aws using nixops ? Has someone an example at hand ?
<Miyu-chan>
rsoeldner: Nixops should be checking your $HOME/.aws/credentials
<mkaito>
I think he means mongo credentials
<Miyu-chan>
Oh.
<rsoeldner>
yes :)
<mkaito>
and no, I haven't used mongo in a very very long time, and I don't recommend anyone use it for anything ever
<Miyu-chan>
There's a keys attr somewhere in Nixops, which is not uploaded by Nix itself, but the Python script.
<Miyu-chan>
I'm off for dinner though. I'll ping back later in case you haven't found it.
<mkaito>
Miyu-chan: I'll have a look at what you linked me and ping you later, enjoy dinner
freddie-freeload has joined #nixos
stepcut has quit [Ping timeout: 245 seconds]
<freddie-freeload>
Now again without Matrix:
<freddie-freeload>
Hey there!I am using this approach here to get a custom keyboard layout with NixOS: http://stesie.github.io/2018/09/nixos-custom-keyboard-layout-revisitedUnfortunately, this leads to recompilation of xserver which is quite some work. This seems rather disproportionate regarding a simple keyboard layout change.Is there a better way to do this?
<freddie-freeload>
(The linked article basically recommends patching a file from /etc/X11/...)
<mkaito>
freddie-freeload: you *could* just use what he says he doesn't like: xmodmap. the whole reason he's patching things is that he doesn't want to re-run xmodmap after rebuilding or replugging.
<{^_^}>
[nixpkgs] @domenkozar opened pull request #64986 → FUNDING: introduce open collective page → https://git.io/fj1WS
<Miyu-chan>
rsoeldner: I think it's deployment.keys
<Zer0xp>
mkaito: What command do you use for sending the mails ? senmail ? mail ? mutt ?
<Miyu-chan>
rsoeldner: Just search "nixops deployment.keys", since I don't have a readily avialable snippet.
<mkaito>
Miyu-chan: I see what you're trying to do. I had to look up indirect expansion, I wasn't even aware of it, so thanks for teaching me something. This looks like it should work, at first glance.
<{^_^}>
[nixpkgs] @domenkozar pushed to domenkozar-patch-1 « README: add open collective badge »: https://git.io/fj1W7
laerling has left #nixos ["Leaving"]
<mkaito>
Zer0xp: in your case, probably none of those. compose the mailfile "by hand" and then pass it to msmtp.
o1lo01ol1o has joined #nixos
<rsoeldner>
Miyu-chan, thank you but aren't they linked to ssh credentials ? I want to add other db users
<sphalerite>
freddie-freeload: it's also not ideal, but you could patch it to use /etc and place your custom stuff there using environment.etc
<Zer0xp>
mkaito: Okay and how would I pass it to the msmtp ?
<sphalerite>
freddie-freeload: that way, you'll still need to rebuild xorg, but at least you won't need to rebuild it every time you change your keyboard stuff
<mkaito>
Zer0xp: have you tried reading the manpage? :P
<mkaito>
it reads it from stdin
<Zer0xp>
mkaito: I've read the help for msmtp
<mkaito>
man pages are usually more extensive
<mkaito>
and if they exist, info pages are even longer
<Zer0xp>
mkaito: Cool, I will check it out
rprije has quit [Ping timeout: 246 seconds]
<mkaito>
you could just cat a heredoc into msmtp, I presume.
<mkaito>
and use bash as a templating language
o1lo01ol1o has quit [Ping timeout: 245 seconds]
freddie-freeload has quit [Remote host closed the connection]
freddie-freeload has joined #nixos
<mkaito>
Miyu-chan: I'm not sure if the foo@.service approach here is the right one. why don't you just generate a (disabled) service for each configured archive? since the archives are set at rebuild time anyway, using a @-service doesn't actually give you anything. Then you can remove some of this indirection here.
<Miyu-chan>
That's actually what I did before.
<kiloreux>
How can I query a specific package for its path in nix?
dansho has quit [Ping timeout: 248 seconds]
<mkaito>
Miyu-chan: and that didn't work? why?
<mkaito>
kiloreux: with nix-instantiate
<srhb>
kiloreux: nix eval nixpkgs.hello.outPath
<Miyu-chan>
It worked, but it resulted in me generating 4 system files per entry.
<mkaito>
system files?
is_null has quit [Remote host closed the connection]
<mkaito>
you mean the systemd units?
aswanson has joined #nixos
<Miyu-chan>
Yeah.
<mkaito>
shouldn't there only be 2 per entry?
<Miyu-chan>
ALso, s/system/service/ whoops
<mkaito>
either way, why is that a problem?
<kiloreux>
srhb, I am referring to a package already installed in my system.
<Miyu-chan>
Nah, I did things with `duplicity-foo-{start,destroy,bla}`
<freddie-freeload>
sphalerite: Thanks for the idea! My biggest problem atm is really the compiling itself and it is quite unfortunate, that this can't be done in a "cleaner way". But, yeah, probably an issue for xserver...
<srhb>
kiloreux: Just follow the symlink of one of its files then.
<srhb>
kiloreux: eg readlink -e $(which bash)
<mkaito>
Miyu-chan: I see, but that seems like it would be ok to me.
<Miyu-chan>
I wonder how `conflicts` works with systemd units.
freddie-freeload has quit [Remote host closed the connection]
<kiloreux>
srhb, I have version-1.0 and version-2.0. Version 1.0 is available at ~/nix-profile however you can find the second version only by grepping nix store.
kiloreux_ has quit [Remote host closed the connection]
ericsagnes has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixos-homepage] @grahamc pushed 2 commits to master: https://git.io/fj185
<{^_^}>
[nixos-homepage] @grahamc merged pull request #289 → Add Open Collective to improve transparency → https://git.io/fj1lW
<{^_^}>
[nixos-homepage] @grahamc pushed 0 commits to opencollective: https://git.io/fj18d
inquisitiv3 has joined #nixos
fendor has joined #nixos
dwdr has quit [Ping timeout: 245 seconds]
tmaekawa has joined #nixos
moet has joined #nixos
<simpson>
inquisitiv3: Morning. I can't find any dedicated documentation on this fact, but Nix on Linux can (optionally, enabled by default) set up a sandbox for every build.
<exarkun>
is there an option to specify the prometheus node_exporter package used on the system or do I have to do it with an overlay?
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #64901 → emacs: Also allow imagemagick dependency when using withNS → https://git.io/fjXjW
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/fj14T
<srhb>
exarkun: There is no .package option, if that's what you're asking.
<exarkun>
Yea, more or less. I saw there was no such option, I wasn't sure if there was some other convention I'm not aware of.
<srhb>
exarkun: overlays is usually the easiest way when that's the case. :)
<exarkun>
and is the best way to upgrade it in an overlay to do `prometheus-node-exporter.overrideAttrs (old: { src = fetchFromGitHub { ... }; })`?
<exarkun>
specifically curious if there's a way to avoid any of the nesting and avoid re-specifying the github owner/repo
<inquisitiv3>
simpson: Isn't Nix sandboxing while building used to prevent accidential dependencies? Or do I confuse it with something else...?
<srhb>
exarkun: Yes, that's usually easiest (though with name overridden too usually, for clarity)
<inquisitiv3>
Or does Nix setup a sandbox for every applicatoin?
<exarkun>
oh yea name, I always forget that
<exarkun>
and then get an upgraded package with the wrong name
dftxbs3e has quit [Ping timeout: 250 seconds]
<inquisitiv3>
It's primarly protection during runtime that I'm intrested in. to protect rest of the system if an application is exploited.
<srhb>
exarkun: Indeed.
___laika has joined #nixos
vmandela has quit [Quit: Leaving]
<srhb>
inquisitiv3: nixos containers might be relevant for that purpose.
<srhb>
inquisitiv3: While not perfect it's very convenient.
shandogs has quit [Remote host closed the connection]
<srhb>
inquisitiv3: but yes, nix sandboxing is about build-time isolation.
<srhb>
There's some run-time protection, in a sense, in that you can't have SUID stuff in the store.
<simpson>
inquisitiv3: Okay, but again, we usually intend for Nix-built tools to be usable on the rest of the system, which implies that they *shouldn't* be sandboxed away at runtime. Further, we intend for the system's existing security policies (seccomp, user NS, chroot, etc.) to interoperate with Nix-built binaries.
<simpson>
inquisitiv3: What threats are you worried about?
ericsagnes has joined #nixos
<adisbladis>
You can use nix/nixos to compose your own sandbox setup (see the firejail module for example)
<adisbladis>
Or, like srhb pointed out, NixOS containers
risson has quit [Quit: Pouet. WeeChat 2.4]
<inquisitiv3>
simpson: The first thing that comes to mind is to restrict what an hacker get access to if he/she successfully exploit Firefox.
<exarkun>
maybe it would be nice if fetchFromGitHub returned an attrset with override or overrideAttrs
<lordcirth>
Hmm, someone should make a NixOS template for Qubes OS.
<srhb>
exarkun: But having src be a regular store path is also nice :)
<srhb>
exarkun: srcArg and srcFetcher might be something interesting.
<simpson>
inquisitiv3: Firefox has direct rendering access, usually, so it can send any command it likes to your GPU. In today's Linux security model, it's not really possible to sandbox this too much. Like lordcirth says, Qubes or something else quite heavy is required to properly isolate such hardware-accelerated apps.
<qyliss>
lordcirth: there is one IIRC but it's not well maintained
<exarkun>
srhb: do those exist or are those suggestions for something?
risson has joined #nixos
<srhb>
Completely vague musings that don't exist.
<exarkun>
:)
<exarkun>
srhb: the idea would be `x == (x.srcFetcher x.srcArgs)` I guess?
<qyliss>
anyway, re isolation, watch this space. I'll have something cool to share soon.
<srhb>
exarkun: Right
<exarkun>
and so `x.srcFetcher (x.srcArgs // { rev = "..."; sha256 = "..."; })` would be a nicer shorthand
<simpson>
exarkun: I think that there might be a bit of a philosophical difference here. IIRC I'm the person that wrote the code that is currently frustrating you, and my strategy was to set versions in a fork of nixpkgs. Clearly these days, with overlays here and flakes on the way, I should have written something more extensible.
<exarkun>
simpson: I'm not educated enough to have an explicit philosophy yet. :)
hmpffff has quit [Ping timeout: 246 seconds]
<srhb>
exarkun: I was actually thinkign that src would be (srcFetcher srcArgs) in a very lazy fashion, so you could somehow override just the srcArg and src would update accordingly.
<simpson>
inquisitiv3, qyliss: FWIW I just want to point out that there's a deeper pattern here of sandboxing vs. rewriting. Nix is a transitional system that requires a bit of both, but many security folks are comfortable saying that nothing short of a rewrite will establish the desired security property.
<exarkun>
srhb: aha!
literon has quit [Remote host closed the connection]
<exarkun>
fwiw all I'm doing write now is writing an example of configuring a system with a newer version of node_exporter in a review comment on a PR w/ 500 lines of ansible and I want the example to be as succinct as possible to make the point as forcefully as possible that ansible is trash and we should be using nix
<exarkun>
s/write now/right now/
tmaekawa has quit [Quit: tmaekawa]
<srhb>
exarkun: oh do I ever know that exact case...
cransom has joined #nixos
bakakuna has quit [Ping timeout: 250 seconds]
<srhb>
exarkun: imo the overrides are still pretty, but if you want to do it nicely, make a little versionOverride helper? :)
<srhb>
exarkun: as in, something that requires the things you should remember for overrideAttrs, src name and version.
<exarkun>
yea, thought about that, but for a one-off example in a review comment, defining an extra function doesn't make anything shorter
<srhb>
Indeed. I was thinking if they can follow along they might see the power of package overrides instead.
<inquisitiv3>
simpson: Rewrite of what?
<simpson>
inquisitiv3: In this case, of Firefox and Linux, or at least Firefox and the Linux DRM subsystem.
<exarkun>
srhb: yea, good point. I think that might be pursuasive in some cases but I'm guessing not in this one (based on my experience with this specific audience).
* srhb
nods
hyper_ch2 has quit [Remote host closed the connection]
<inquisitiv3>
simpson: So you mean that sandboxning can't really isolate Firefox because it got direct access to the GPU, and the only way to solve that is to rewrite Firefox?
<inquisitiv3>
^ Or the relevant parts of Firefox
<{^_^}>
[nixops] @AmineChikhaoui merged pull request #824 → libvirtd: Add support for remote libvirt URIs → https://git.io/vbFSl
<{^_^}>
[nixops] @AmineChikhaoui pushed 9 commits to master: https://git.io/fj14i
<eyJhb>
Currently trying to add coloredlogs (python package), which depends on some others (humandfriendly and capture), but I keep getting this error - https://termbin.com/dbqp
<eyJhb>
WHich package needs `script`? I can see that coloredlogs uses it itself, but I cannot seem to figure out, how to give it access to script....
<srhb>
eyJhb: checkInputs?
risson has quit [Ping timeout: 250 seconds]
<simpson>
inquisitiv3: Yes. Indeed, imagine securing a basic primitive building block for this sort of thing; imagine if Firefox were memory-safe. This would require not just rewriting Firefox, but changing how Linux allocates memory for processes. Check out seL4 for an example of how this might be done practically.
<eyJhb>
Seems to do the trick, checkInput with utillinux
risson has joined #nixos
<eyJhb>
Still getting some other.. Weird.. Errors..
<lordcirth>
simpson, well, Rust was actually developed for the task of making Firefox memory-safe.
<eyJhb>
But it seems more like the package is failing its own builds
<simpson>
lordcirth: Sure, but (a) Rust *isn't* memory-safe, even though it's a big improvement on C++; (b) the way that JITs interoperate with OSs is inherently memory-unsafe and something like seccomp is required; (c) the linkage of Firefox with things like libpng or libjpeg means that the entire process needs a rewrite for the safety property to hold.
<srhb>
eyJhb: Its own tests, yeah. Or one of them.
<eyJhb>
I am not quite sure how to handle it, as on its own page, it says it passes all tests... :/
<srhb>
eyJhb: Read the failing test? :)
<lordcirth>
simpson, what is still unsafe about properly written Rust? overflows/
<srhb>
eyJhb: From the html output I suspect it's trying to do interwebs stuff?
<inquisitiv3>
simpson: Thanks! But what about other applications? Firefox isn't the only one that can be exploited over the network.
<eyJhb>
It isn't really what you would assume
<eyJhb>
Might have found the issue!
<simpson>
lordcirth: `unsafe`, mostly. I'm generally suspicious of any language with a memory model.
<eyJhb>
I did not!
<eyJhb>
Damn it.
<gchristensen>
simpson: at least it is notated :P and can be forbidden
<srhb>
eyJhb: Try and patch the test to output the wrong thing, might make you wiser to what's going on.
<simpson>
inquisitiv3: Yes, in general, if we want a security property to be trivial to establish, then we need to write the application in a language which trivially grants that property to all programs. (The technical reason behind this is Rice's Theorem.)
<simpson>
gchristensen: Definitely. But, just like with Safe Haskell, Rust's inter-module safety features are still not quite up to snuff for the task of completely forbidding unsafe memory accesses. The safety is only defined within single expressions and whole programs, and IIUC inter-module safety is still an incomplete story.
<gchristensen>
it is true that you have to explicitly audit your dependencies, or patch them to forbid unsafe
<simpson>
inquisitiv3: There are lighterweight transitional sandbox technologies that you might want to look into. We don't have them available on NixOS, but that's largely due to lack of current interest and not innate obstructions. Capsicum and CloudABI are two that come to mind.
Soo_Slow has joined #nixos
<simpson>
There's also Linux's seccomp and ebf subsystems, which are primitive but can handle some simple security proofs.
___laika has quit [Ping timeout: 272 seconds]
<eyJhb>
srhb: I wish it actually printed something out to start with, instead of being a useless dumb machine saying something failed, and not the actual values
<srhb>
eyJhb: Patch it. :P
<srhb>
eyJhb: It's easy to sub in a local src dir while you're developing the package, then figure out what's wrong by altering the actual source
<srhb>
eyJhb: When you're done, swap in the real source again.
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fj14A
<inquisitiv3>
simpson: Thakns for the information! I'll do some more research into these techs. While I like Nix functional paradigm and solutions to problems, I haven't seen any real work (what I know of) to provide security outside of providing updates.
<simpson>
exarkun: xset, specifically screen-saver and DPMS controls. If they only sometimes work, then you'll have to go through the fun of dumping the monitor's EDID to figure out how it's lying.
<eyJhb>
srhb: `<code>bash: coloredlogs: command not found</code>`
<{^_^}>
#64785 (by Taneb, 2 days ago, open): q: init at 1.7.1
<simpson>
inquisitiv3: The biggest concrete security improvement in Nix is that users can install packages as an unprivileged operation without disturbing others on the system.
<srhb>
eyJhb: Is it expecting that it's already in PATH? Might just have to fix that.
<eyJhb>
So.. Does it build before testing, or test after?
<eyJhb>
Yeah I guess
<chaker>
Hey, I'm trying to build a c++ application, but go an issue with `ld: cannot find -lpthread`
<eyJhb>
How would I go about fixing that?
kiwi_32 has joined #nixos
<srhb>
eyJhb: You could add it in preCheck
<eyJhb>
preCheck = [ coloredlogs ]; ? But then it depends on it self, which is OK?
<srhb>
Or patch the test to use the local-to-build-dir path.
<srhb>
eyJhb: No, I mean literally modifying PATH to include its path in the build dir for the duration of the checkPhase
<inquisitiv3>
simpson: Yeah, but I'm primarly use single-user systems, so I don't feel I have any real security benefits of that.
<srhb>
eyJhb: The circular dependency would indeed break.
<kiwi_32>
Hi, 19.09.git.3674eefe0c0 here and installing zeroad always ends with error 9 while decompressing xz file. Is that a known issue?
<eyJhb>
Would a sed be okay in that case? Then I would have to sed something like.. `sed -i "s/main('coloredlogs'/PATH/g"`
<srhb>
kiwi_32: Can't seem to find that commit.
<sphalerite>
kiwi_32: that sounds like a download problem, could you give a full log including the command that you ran?
<inquisitiv3>
simpson: Do you see any positive features that Flatpak/Snappy have over Nix from a security perspective?
<simpson>
inquisitiv3: The biggest bang for your buck is likely NoScript, then. Run less untrusted code. Be patient with the ecosystem.
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fj1BU
<srhb>
eyJhb: Hack first, worry about pretty after ;)
<simpson>
inquisitiv3: Nope. Flatpak and Snappy both seem to have last decade's ideas about sandboxes, and don't have any mention of POLA or structural isolation. Security is a process, not a checklist, and I'm not sure that they've got good processes.
<eyJhb>
Ahh, but you see, the hack would normally indicate that I know how I would get the path! :p
<gchristensen>
snappy's run-time sandboxing is interesting
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fj1BG
<eyJhb>
Somehow `script` isn't needed anymore
<kiwi_32>
Is there a workaround for https://github.com/NixOS/nix/issues/2952 e.g. downloading a nar manually or do I need to wait for new Nix(Unstable) release?
<sphalerite>
kiwi_32: if that doesn't work, you can manually download the narinfo and the nar to /tmp/binary-cache as appropriate and then do the second command
<kiwi_32>
Thank you sphalerite and tilpner. I gonna try that.
<sphalerite>
kiwi_32: you may need to do the second command as root, because extra-substituters is a trusted-users-only option.
winem_ has quit [Ping timeout: 244 seconds]
v88m has quit [Remote host closed the connection]
<tilpner>
kiwi_32: nix-store --import might work
v88m has joined #nixos
<srhb>
eyJhb: There are no firm rules. I would say the right approach is to either disable checks completely or patch it out, but at the same time ask the authors to please provide an option to turn off the sudo stuff, if there's any relevant tests left at all.
<eyJhb>
srhb: apparantly the test requires the ability to switch user... :/
v88m has quit [Remote host closed the connection]
<eyJhb>
So I have disabled them, as they cannot be patched out, without just.. Removing them basically
<chreekat>
Zer0xp: by zsh package, do you mean zsh itself? Then configuration.nix. If you mean configuration packages for zsh, like the stuff oh-my-zsh deals with, then probably home-manager
<chreekat>
<-- not a home-manager expert
<Zer0xp>
chreekat: I'm talking about zsh itself. Cool, I'll do that. Thanks.
<{^_^}>
[nixpkgs] @globin pushed commit from @herrwiese to release-19.03 « nextcloud: 15.0.8 -> 16.0.3 [19.03] (#64841) »: https://git.io/fj1RA
<chreekat>
Zer0xp: cool. There's even configuration.nix config for specifying users' default shells you could use. https://nixos.org/nixos/options.html#users.users.%3Cname%3F%3E.shell
arjen-jonathan has quit [Ping timeout: 268 seconds]
sigmundv has quit [Ping timeout: 246 seconds]
vmandela has joined #nixos
ericsagnes has quit [Ping timeout: 248 seconds]
domogled has quit [Ping timeout: 245 seconds]
<judson_>
Is ocharles around? Wrong TZ for them?
<Zer0xp>
chreekat: Can I have both zsh and bash enabled ?
gagbo has quit [Ping timeout: 248 seconds]
<chreekat>
Zer0xp: you can have them both installed, certainly
<chreekat>
and then run one from inside the other :D
Ariakenom has joined #nixos
<Zer0xp>
chreekat: Sounds like a plan :D
<Zer0xp>
Does anyone here use NixOPS, Disnix or Hydra ?
<judson_>
I use NixOps a little
Denommus has quit [Remote host closed the connection]
erasmas has joined #nixos
___laika has quit [Ping timeout: 248 seconds]
gagbo has joined #nixos
Drakonis has quit [Quit: WeeChat 2.4]
nakkle has quit [Ping timeout: 276 seconds]
MmeQuignon has joined #nixos
<tilpner>
I used nixops for a short while, and have a Hydra
<tilpner>
But it's generally best if you just ask a question, instead of gathering people who might be able to answer it first
drakonis1 has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos
drakonis1 has joined #nixos
inquisitiv3 has quit [Ping timeout: 245 seconds]
Drakonis has quit [Read error: Connection reset by peer]
matt` has joined #nixos
Thra11 has joined #nixos
<matt`>
hello. how can i override a texlive package to use a different version of that package? is there any documentation on this? can i do this with overlays?
orivej has joined #nixos
drakonis_ has quit [Ping timeout: 246 seconds]
nakkle has joined #nixos
ddellacosta has joined #nixos
rfold has joined #nixos
<dsx>
Is there a way build current running configuration into an image suitable to for PXE boot?
<nh2>
dsx: to my knowledge, you cannot generally obtain the "currently running configuration" and transform it nicely, you would usually go from the configuration.nix that built it
Drakonis has joined #nixos
<dsx>
Let's assume it's a same thing more or less.
shomodj has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
dsx: `module =` is a full nixos config, which gets baked into a pxe image, and then the rest of this configures the machine to perform nat and router duties, and share that pxe image
<matt`>
nh2: thanks. does that src specify the entire texlive source? so I would have to clone the full source and manually adjust the packages specifications in there?
fusion809 has quit [Remote host closed the connection]
<nh2>
matt`: I'm no expert on the texlive package, but it already seems to have some functionality to combine sub-packages or something like that; check out:
<Zer0xp>
Also, random thing I've noticed after switching to the nix-unstable channel is that whenevr I hit Alt+Tab to switch between programs in Plasma, the top pane of the window just disappears for a few seconds and then comes back without allowing me to switch the window. I'm using KDE Plasma. Wondering if anyone else has faced this issue. I hope the solution isn't to switch to i3 or another Desktop Manager.
<Zer0xp>
I mentioned Plasma twice. How redundant of me !
<gchristensen>
nixpkgs-unstable or nixos-unstable
<gchristensen>
(nixpkgs-unstable should not be used for NixOS)
<kraem>
i'm trying to split up my nix config into modules so i can reuse them between my hosts + get some more structure. i'm wondering if i can define something like `environment.systemPackages = with pkgs; [ ]` in two different imports. `nixos-rebuild` does not complain but i've seen people do something with the `++` 'operator' between lists.
<exarkun>
ty
markus1189 has joined #nixos
<infinisil>
kraem: Yeah you can define options multiple times and they get merged properly
<sphalerite>
kraem: yes, you can. They'll be merged to include the ones from all the imports
<infinisil>
This is one of the main cool things about the module system
chreekat has quit [Ping timeout: 276 seconds]
ris has joined #nixos
chreekat has joined #nixos
<kraem>
infinisil, sphalerite thanks! why are people using the `++` list-operator then? (and i don't know if i'm using modules correctly, is it a module if i have some 'statements' in one file and the import that into my configuration.nix?)
bakakuna has joined #nixos
<sphalerite>
kraem: if you're using imports = […]; yes. If you're using import ./file.nix, no.
<sphalerite>
kraem: ++ is for concatenating lists generally, and is useful when you're not writing nixos config modules for instance
<sphalerite>
kraem: or if you want to generate a list with a function and concatenate it with another.
<kraem>
sphalerite: ok so ++ is more a general list operation - used for example where you have an if-statement to check if, for example, `services.xserver.enable = true`?
<chreekat>
kraem: Hm, where's the list in that statement?
<exarkun>
Or I could ask instead... How do I get a debug-mode Python that's actually used in my pyenv and by packages I install in it?
<kraem>
chreekat: i don't know the syntax yet but i meant something along the lines of `if x list = common ++ xorg`
<sphalerite>
kraem: more likely, you'd want a module that both enables the x server and adds your xorg applications to systemPackages
<yorick>
steam segfaults, sad
gratto has quit [Ping timeout: 248 seconds]
<exarkun>
kraem: `[ x ] ++ [ y ] == [ x y ]` though, yes, if that's what you're trying to figure out.
<exarkun>
kraem: `nix repl`, fwiw
o1lo01ol1o has joined #nixos
<kraem>
sphalerite: yeah my xorg.nix does both enable the xserver and defines a list of packages to be installed as well. I don't know what i'm trying to clarify for myself here - guess i just want to know different ways of doing the same thing :)
Neo-- has quit [Ping timeout: 244 seconds]
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<sphalerite>
kraem: of course, nothing wrong with that :)
lordcirth has quit [Remote host closed the connection]
lordcirth has joined #nixos
orivej has quit [Ping timeout: 248 seconds]
o1lo01ol1o has quit [Ping timeout: 246 seconds]
<Miyu-chan>
Any idea on how to make a systemd service run on rebuild, but not on boot?
<Miyu-chan>
I'm okay with early returning by detecting boot, if that's your idea.
qqlq has joined #nixos
o1lo01ol1o has joined #nixos
shibboleth has joined #nixos
FRidh has quit [Quit: Konversation terminated!]
ddellacosta has quit [Quit: WeeChat 2.2]
Soo_Slow has quit [Remote host closed the connection]
inquisitiv3 has joined #nixos
gagbo has quit [Ping timeout: 245 seconds]
mexisme has quit [Ping timeout: 250 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<mdash>
hmm. does hex2nix collect the _entire_ hex.pm repo? (as opposed to pypi2nix/node2nix fetching deps for a single project)
arianvp has quit [Quit: WeeChat 2.4]
arianvp has joined #nixos
shandogs has joined #nixos
psyanticy has quit [Quit: Connection closed for inactivity]
vmandela has quit [Quit: Leaving]
<arianvp>
with nixos nginx virtualHosts
<arianvp>
if I have multiple locations. in what order are they evaluated?
<arianvp>
as it really matters a lot for nginx's routing
shandogs has quit [Ping timeout: 258 seconds]
<arianvp>
are maps in nixos even ordered?
<Zer0xp>
Hey, can someone tell me how many users are there in this channel ?
<arianvp>
Ahh ther'es a "priority" attribute
ThatDocsLady_ has joined #nixos
<atlas_>
Zer0xp: 896, I believe
jasongrossman has quit [Ping timeout: 245 seconds]
gratto has joined #nixos
bakakuna has quit [Ping timeout: 245 seconds]
<aswanson>
is there a way to show a derivation for a package in the terminal, say using nix-env or another tool?
<exarkun>
nix show-derivation
<infinisil>
arianvp: Well they are ordered alphabetically actually
<aswanson>
exarkun: neat, thank you
<infinisil>
Oh or is there a priority option? /me checks
<infinisil>
Ahh there is, gotcha
srid6390803 has quit [Ping timeout: 268 seconds]
<Miyu-chan>
infinisil: Priority? In Nix itself, or the modules system?
<samueldr>
(otherwise it looks dumb since the login window is over the logo)
<DigitalKiwi>
i like that first one reminds me of one i used to have
inquisitiv3 has quit [Ping timeout: 258 seconds]
<DigitalKiwi>
anyway thanks again
simon_weber has joined #nixos
mexisme has joined #nixos
bakakuna has joined #nixos
inquisitiv3 has joined #nixos
leothrix has joined #nixos
matt` has quit [Remote host closed the connection]
karetsu has joined #nixos
gnidorah has quit [Quit: Connection closed for inactivity]
<Yaniel>
is it possible to override a package so as to change its version and url?
<Yaniel>
(in order to depend on a specific version)
<vaibhavsagar>
Yaniel: yes
<Yaniel>
how? I tried overrideDerivation but it seemed to keep the old version
<tilpner>
gchristensen: So now a credit card is required to donate, when it wasn't before :/
<vaibhavsagar>
Yaniel: try `override`
<tilpner>
gchristensen: Oh, it's just a UI thing
<gchristensen>
oh?
karetsu has quit [Quit: WeeChat 2.4]
<ajs124>
vaibhavsagar: wouldn't one use overrideAttrs for that?
<tilpner>
gchristensen: I can't figure out how to enter an IBAN, the input form seems restricted to numbers
<vaibhavsagar>
ajs124: oops, I think you're right
<gchristensen>
tilpner: I don't know that you can use an IBAN, but also I've never interacted with an IBAN
<tilpner>
gchristensen: And if an IBAN is entirely the wrong thing, I probably misunderstood what they mean by debit card. But in any case, this was possible before and now isn't
<tilpner>
Which might not affect too many people, so I don't know how bad that is
<gchristensen>
a debit card in the US is the exact same format as a credit card in the US, except it directly debits your checking account, instead of increasing your borrowing
<tilpner>
gchristensen: Will the old system continue to work?
<gchristensen>
I don't believe there are plans to discontinue paypal
<gchristensen>
there is a strong preference to have people go through o.c., as it makes it much simpler to maintain the books
<tilpner>
If I'm reading their pricing page correctly, less money now reaches the foundation with OC, than it did with just Paypal. Is that correct?
rprije has joined #nixos
Drakonis has joined #nixos
<gchristensen>
I think it is roughly 10%, which is pretty good all things considered
davidak has joined #nixos
<DigitalKiwi>
wasn't that a show on NPR?
<gchristensen>
doo doo doo doo doo doo doop
<DigitalKiwi>
i haven't heard it in like 20 years
gratto has quit [Read error: Connection reset by peer]
gratto has joined #nixos
<tilpner>
It is? I'm not entirely sure if my bank charges a fee every time a recurring transaction executes, or just the first time, but even in the worst case it's just 4%
drakonis_ has joined #nixos
<tilpner>
Unless a direct bank transfer makes book-keeping too much effort?
<gchristensen>
it is worth it
<gchristensen>
not having to deal with the formalities is definitely worth it
<clever>
davidak: ive started 100 nixos containers, at 10 each, over 10 nixops deployments
<clever>
davidak: and yes, it needed to eval nixos 110 times, which was murder on the ram :P
<clever>
davidak: glancing at your issue, it seems to be more with starting the contains, then building things
Shouou has joined #nixos
Jackneill has joined #nixos
<aanderse>
clever: when you say nixops + containers do you mean nixops with container backend, or nixops which manages nixos machines which run containers?
<aanderse>
just curious, i don't really know much about nixops + containers
<aanderse>
kinda curious
<clever>
aanderse: nixops creating 10 machines in aws, that each run 10 declarative containers
<aanderse>
ah ok
<davidak>
clever, yes, building is fine with 20 GB SWAP and 8 GB RAM :D
ayerhart has joined #nixos
<clever>
since i only had 10 per machine, i didnt run into davidak 's 2nd issue, with 100 on a single machine
Drakonis has joined #nixos
arjen-jonathan has quit [Ping timeout: 250 seconds]
matt` has joined #nixos
<aanderse>
i feel like davidak is trying to do something pretty cool :)
<infinisil>
ris: You don't have an outdated Nix version?
<matt`>
what's the nix-recommended way to deal with custom files under the texmf tree? i normally put a custom file under texmf/tex/latex/commonstuff/default.cls, containing some `\RequirePackage` and macro definitions, which I can then include with `\documentclass{default}`. Should I create a dummy package that builds the output of the file under texmf-local, or should I just create the tree in the home directory and set the texmf environment
<matt`>
variables?
<gchristensen>
mkaito: boy this looks out of my league
<mkaito>
oh alright. I thought you were "into docker" :P
<gchristensen>
I don't actually do a lot with docker :x
<mkaito>
alright, no worries
<Shouou>
Is there a way to test a nixpkgs package in nix-shell, something like (the non-functional) 'nix-shell --pure -f . -p package`?
<ris>
clever: yeah this is - error: while querying the derivation named 'nix-2.3pre20190712_aa82f8b':
<gchristensen>
I've sent some PRs to help some clients, and sort of "adopted" a bit of code, but it really isn't my wheelhouse :x I'm sorry mkaito
<ris>
it's happening on both of my machines so assume it's not just me
<infinisil>
ris: Posting the full error would help..
<gchristensen>
mkaito: I just requested reviews from a couple relevant people
<mkaito>
gchristensen: I've spent the last week disassembling the entire thing, and I've come up with a couple patches here and there. That was the first one. I just keep fixing a hundred things as I work with it.
<gchristensen>
hah, yeah, I know that feeling :)
<ris>
ok but there's not a lot more...
<clever>
ris: which version of nixpkgs are you on?
<exarkun>
nixops wants to install a zillion new packages on a target that wasn't a nixops-managed host before and now I am trying to turn into a nixops-managed host w/ the same configuration as it had before :(
<clever>
exarkun: but is it the same nixpkgs version?
linarcx has quit [Ping timeout: 245 seconds]
<exarkun>
Hm
<clever>
exarkun: `nix eval nixpkgs.lib.version` on both machines
<exarkun>
I don't know :/
<gchristensen>
(or nixos-version)
<gchristensen>
nixos-version on the target, nixpkgs.lib.version on the host
<exarkun>
no, slightly different revs of 19.03
Neo-- has joined #nixos
<clever>
exarkun: so its behaving the same as if you had done nix-channel --update
<gchristensen>
but maybe set NIX_PATH on your deploy host to match the exact rev of the target's current version to be careful
<clever>
you can also `nixops modify -d name -I nixpkgs=https://github.com/nixos/nixpkgs/archive/GITREV.tar.gz deployment.nix`
<clever>
and it will bake that `-I nixpkgs=` into the state file, and impact all future deploys
<exarkun>
handy
___laika has joined #nixos
<gchristensen>
you *do* want to update it though
<exarkun>
I might have mixed feelings about that.
<exarkun>
if there were a security-only channel I could probably get behind using that and always updating
<gchristensen>
that is typically what stable is for
<exarkun>
of course since there isn't a security-only channel then to get security updates I have to update on some other channel ...
<exarkun>
but stable isn't a security-only channel
<gchristensen>
does it break you?
pamplemousse has joined #nixos
<exarkun>
I dunno, I haven't used nixos long enough yet. but updates on every other linux distro always breaks things, so I'm guessing so...
<exarkun>
I am aware that "never update" is not really a viable strategy either. thus, mixed feelings.
<gchristensen>
if it does you should be able to safely roll back.
<gchristensen>
staying on an old version is unsafe
<gchristensen>
if it breaks on stable, it is a bug
<Ashy>
nixos is one distro where upgrades are way safer almost all other distros
<exarkun>
I feel like there are still a few jagged edges.
<Ashy>
you can even upgrade and switch to that config to test it without marking that as the default boot config
<Ashy>
so if it breaks everything you just reboot and it'll fire up the previous config
<clever>
though nixops doesnt really give access to that feature
<Ashy>
although i don't think that would include testing kernel updates
<Ashy>
ah ok
<exarkun>
Also I've been warned that switch doesn't always work, either, and I experienced that last week w/ Docker leaking trash into iptables that remained until a reboot.
<clever>
exarkun: iptables is a bit of a mess, but restarting firewall.service should wipe that
<exarkun>
sure, just an example though. switch isn't 100% and presumably either is rollback (for the same reasons).
<exarkun>
s/either/neither/
<clever>
yeah, switch isnt perfect currently
Neo-- has quit [Ping timeout: 245 seconds]
fendor has quit [Ping timeout: 246 seconds]
<gchristensen>
pretty good thoug,h I haven't found reason to not use it
<gchristensen>
please don't avoid it out of paranoia, and please report bugs
<gchristensen>
and for goodness sake, upgrade. if you can't tolerate any sort of breakage, CentOS gets the same updates RHEL does and would be safer -- securit ywise.
<clever>
worldofpeace: found a bad rev!
<worldofpeace>
clever: !!!!
<clever>
but that only shaved 200 commits off, lol
<exarkun>
nextcloud major version bump "this might be nice"
<exarkun>
I'm trembling with confidence.
<exarkun>
it does look like _most_ of the changes are security or bugfix related but there's plenty of major version bumping
<pamplemousse>
Welp... I have a shell.nix with a `buildInputs = [ python3Packages.six ]`, but, when I `nix-shell`, the command `python -c "import six"` returns a `ModuleNotFoundError: No module named 'six'`
<{^_^}>
pamplemousse: 23 hours, 1 minute ago <infinisil> For the record, `nix path-info -S` gives the runtime closure, not the build-time one
<exarkun>
(very polite and apologetic major version bumping by Vladimír Čunát)