<alienpirate5>
which is a build dependency of cifs-utils
<growpotkin>
alienpirate5: Maybe it's using a subset of Qemu in a library or something?
<alienpirate5>
qhy am i even building cifs-utils?
<alienpirate5>
ok, i removed cifs from the supported filesystems and it is now no longer pulling in qemu
evax has quit [Ping timeout: 245 seconds]
growpotk- has joined #nixos
<alienpirate5>
how do I disable lvm2?
fusion809 has quit [Remote host closed the connection]
tilpner_ has joined #nixos
Twey has quit [Ping timeout: 268 seconds]
tilpner has quit [Ping timeout: 244 seconds]
Twey has joined #nixos
brycec-M has quit [Ping timeout: 264 seconds]
thonkpod has quit [Ping timeout: 264 seconds]
brycec-M has joined #nixos
noudle has quit []
thonkpod has joined #nixos
ryantrinkle has quit [Ping timeout: 272 seconds]
dansho has quit [Ping timeout: 246 seconds]
thc202 has quit [Ping timeout: 250 seconds]
___laika has quit [Ping timeout: 245 seconds]
evax has joined #nixos
ottidmes has quit [Ping timeout: 268 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjQzR
mexisme has joined #nixos
<alienpirate5>
i finally managed to successfully build an image with a functioning X server
<alienpirate5>
well
<alienpirate5>
i think it's functioning
<alienpirate5>
haven't tested it yet
<simpson>
Nice!
<qyliss>
infinisil: have you heard of guix? :P
<infinisil>
Yes of course!
<infinisil>
Ahh regarding lisp
<qyliss>
yes
<alienpirate5>
wait no, I haven't enabled the X server yet
<alienpirate5>
but polkit works at least
<qyliss>
oh gods... I just looked at your README again. I didn't realise the first time that it isn't actually parsing anything
<alienpirate5>
why does everything want to pull in gobject-introspection?
<qyliss>
that's cool, but also that's horrifying!
mexisme has quit [Ping timeout: 264 seconds]
<simpson>
alienpirate5: The cost of using a desktop environment is being beholden to the desktop environment's developer's choices.
<alienpirate5>
i'm not using a desktop environment
<alienpirate5>
i just want auto login to X
<alienpirate5>
this is for an embedded device
mog has quit [Ping timeout: 276 seconds]
<infinisil>
qyliss: Well it kinda is
<alienpirate5>
why does i3wm depend on a perl module for pkg-config?!
<simpson>
alienpirate5: Sure. Embedded devices are often big enough now for GTK+ or Qt, though, and so those libraries aren't as off-limits as they used to be. You can ask Nix why something depends on something else with $(nix why-depends).
<infinisil>
qyliss: It parses the file to extract all variable names
<alienpirate5>
thanks for the `nix why-depends` simpson
<alienpirate5>
the problem with `gobject-introspection` is that it refuses to cross compile properly
<growpotkin>
Is there any particular reason that overlays in `configuration.nix` are not applied to `nix` tools? Like was the decision intentional or is just a lapse in support/development?
<alienpirate5>
i just don't want gtk+3 to be built
liberiga has quit [Ping timeout: 260 seconds]
<growpotkin>
I use that hackish overlay folder thing to make my overlays global but I never knew if there was a real reason that configuration overlays aren't applied to "nix"
<infinisil>
growpotkin: You mean like nix-build & co.?
<pie_>
aszlig: is there any other way to access pkgs.lib in imports other than import <nixpkgs> ... ? ^
<pie_>
hmph....
* pie_
scratches head
<pie_>
infinisil: in think one reason i didnt get it the first time around is i didnt realize pkgs is just another moduel variable thing
ndi^ has quit []
hc^ has joined #nixos
<hr[m]>
From my experience there is currently an xcbuild build bug on MacOS that has appeared over the last few days. I'm not sure what changed on MacOS but it causes xcbuild to fail to build which means that dependent programs cannot be built. [PR: #66154](https://github.com/NixOS/nixpkgs/pull/66154) has solved the issue for me. It may be useful to merge this soon so that the affected programs will build again on Darwin during the next
<{^_^}>
[nixpkgs] @HugoReeves opened pull request #66244 → gopass: fix build on darwin → https://git.io/fjQgX
tewlz has joined #nixos
<pie_>
anyone know how to fix "The option `config' defined in `/home/paprika/nixos2/common-modules/default.nix' does not exist." when said file does not mention "config" anywhere
<tewlz>
new to nix in general, are there any tools for server orchestration e.g. I'd like to deploy a bunch of clustered services and ideally I'd like to scale up/down based on monitoring data - reading docs nixops seems to be fairly static, would I need to build some tooling around nixops or is anyone else building something like that?
<pie_>
ok i think i figured it out https://github.com/NixOS/nixpkgs/blob/master/lib/modules.nix#L82 , i have no idea what this code does but im guessing the most top level import that causes an error causes the message - at least that is what seems to happened in my case, and the actual problem was in one of the nested imports
<samueldr>
pie_: ^ bleh, can't find the right sentence in the chapter, but when options and config aren't present, it hoists the attrset into config, so I guess it's related to the problem you had
<samueldr>
at least, that's how it works under the hood
<pie_>
hm that kind of makes sense
<pie_>
samueldr: if i make a nested attrset of constants do i have to define a bunch of options?
<samueldr>
not sure I follow
<samueldr>
but you can't have "floating" attributes in the config; everything will need to be an option somehow
<pie_>
i want to set something like mystuff = {b = 1; c = { d = "a" ; b = 3; }; };
<{^_^}>
[nixpkgs] @corngood opened pull request #66245 → chicken: fixes for chicken 5.1.0 → https://git.io/fjQgy
<pie_>
samueldr: ^
phreedom has joined #nixos
<pie_>
basically i want to create a database of "private" constants (like hashed passwords, whatever) i can refer to elsewhere
<samueldr>
yeah, still the same answer, I guess, you can't have "floating" attributes on the config; you'd need at least a config option to set it, or set it somehow else that's available to the module system
<samueldr>
I'm not that knowledgeable on the internals of it, though, so I'm getting into uncomfortable territories :)
<chloekek>
When using fetchgit and downloading submodules, how can I specify the hash for each submodule? I see hash options for the outermost clone, but the only option for submodules is fetchSubmodules Boolean.
<ryantm>
chloekek: Doesn't git already do this?
Rusty1 has quit [Quit: Konversation terminated!]
<chloekek>
ryantm: .gitmodules doesn't contain hashes, where would it get them from?
<joepie91>
so I'm currently trying to write a morph configuration, moving some 'preset' bits of config out into their own files... but I'm running into an issue: https://gist.github.com/joepie91/4e43480995edfec720a56f6543b09656 -- that includes both the root config and the presets/nginx/php.nix, and Nix yells at me with the following: "error: attribute 'services' missing, at
<joepie91>
I *suspect* that the issue here is my usage of lib.mkMerge in the nginx virtualhosts config, as it will be trying to evaluate that php preset before the top-level config has been evaluated, and therefore `config` is empty
<joepie91>
how do I resolve this?
<joepie91>
(it worked fine when the PHP stuff was defined inline in `default.nix`)
schjetne has joined #nixos
<{^_^}>
[nixpkgs] @Lassulus pushed commit from @Moredread to master « vcv-rack: 0.6.2b -> 1.1.3 »: https://git.io/fjQwo
<jgt>
I'm running nix-collect-garbage -d, and it's mostly Haskell packages
ThatDocsLady has joined #nixos
rndd has joined #nixos
<rndd>
hi everyone
<rndd>
i need to get sha256 to build go package. but dont now how to ddo it
<manveru>
,tofu rndd
<{^_^}>
rndd: To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<{^_^}>
[nixpkgs] @basvandijk merged pull request #66257 → Make hostname in tests overridable → https://git.io/fjQrv
<sphalerite>
emilsp: yeah, iktf. Also good job on that pun :p
<sphalerite>
emilsp: anyway, to actually answer your question: I think I did at one point
MmeQuignon has joined #nixos
<emilsp>
sphalerite: do you recall any special hoops you had to jump through?
<sphalerite>
no
<emilsp>
:/
<emilsp>
ah well, I'll go and have a look at obsidian systems
iyzsong has joined #nixos
<sphalerite>
emilsp: well, have you _tried_ building with gradle? If so, how has it gone wrong?
psyanticy has joined #nixos
<emilsp>
It fails to use aapt2 with a very descriptive java.util.concurrent.ExecutionException: com.android.builder.internal.aapt.v2.Aapt2InternalException: AAPT2 aapt2-3.3.2-5309881-linux Daemon #0: Daemon startup failed
<emilsp>
Putting aapt2 in my path doesn't help, I've set `ANDROID_HOME` env var and all.
<emilsp>
The same thing builds just fine with android-studio
<sphalerite>
Is this aapt2 from nixpkgs?
<emilsp>
it's an aapt2 binary that's distributed as part of androidenv's androidsdk
<emilsp>
so a part of nixpkgs
<sphalerite>
and running it yourself works?
<emilsp>
to be fair, I think that gradle should find the aapt2 through ANDROID_HOME env var which is set correctly afaict. aapt2 does not fail horribly when ran manually, no.
veske has quit [Quit: This computer has gone to sleep]
Palpares has quit [Remote host closed the connection]
Palpares has joined #nixos
d1rewolf has quit [Quit: Connection closed for inactivity]
<symphorien>
<jgt> one of these nodes is coloured in red, but it's only 5.3GB << the graph will tell you which roots (triple octogons) you need to remove to free these 5.3 GB
owickstrom has quit [Quit: Connection closed for inactivity]
<Gopal[m]>
hello!
<Gopal[m]>
I'm somehow locked myself out of my server. I made the mistake of deleting `/etc/ssh/ssh_known_hosts` and `~root/.ssh` and `~user/.ssh`
rsoeldner has quit [Remote host closed the connection]
rsoeldner has joined #nixos
<emilsp>
gah, can I force a deriviation to be rebuilt?
<Gopal[m]>
I tried `nixos-enter` and then `nixos-rebuild switch` but it doesn't seem to have worked
<johanot>
emilsp: try adding --check to nix-build
domogled has quit [Ping timeout: 248 seconds]
linarcx has quit [Quit: WeeChat 2.5]
<Gopal[m]>
any help?
adamt has joined #nixos
linarcx has joined #nixos
<emilsp>
heh, passing the parameters isn't actually the issue, it seems like the gradle build does not respect that the license is accepted. This seems to be so because there is no license folder in $ANDROID_HOME, which is what one would expect when they've accepted the license.
justanotheruser has joined #nixos
<symphorien>
Gopal[m]: you can recreate these files within nixos-enter "by hand"
grw has joined #nixos
<johanot>
emilsp: ah.. sounds.. annoying. Haven't played with Android on Nix for a long time though, so I'm perhaps not the right person to help here :) It isn't just about you refreshing your environment? Are you on NixOS even?
<emilsp>
I am on NixOS, yes.
<Gopal[m]>
symphorien: sorry, haha,
<emilsp>
I did try and re-enter that nix-shell multiple times, the androidsdk deriviation isn't being rebuilt. And if I do not actually pass that parameter, then the deriviation actually fails to build.
<hyper_ch2>
emilsp: you need adb?
domogled has joined #nixos
<emilsp>
hyper_ch2: I want to be able to `./gradlew assembleDebug` :/
<hyper_ch2>
no idea what that is but good luck
<emilsp>
hyper_ch2: I'm trying to build an android app with gradle, but the issue is that the gradle build tools do not respect my $ANDROID_HOME, since it doesn't look like any licenses have been accepted.
<johanot>
what does gradle actually say to you?
rsoeldner has quit [Read error: Connection reset by peer]
rsoeldner has joined #nixos
<emilsp>
johanot: Failed to install the following Android SDK packages as some licences have not been accepted. To build this project, accept the SDK license agreements and install the missing components using the Android Studio SDK Manager.
ryantrinkle has joined #nixos
<manveru>
hmm
domogled has quit [Ping timeout: 258 seconds]
<johanot>
emilsp: can you open the sdk-manager and accept the licenses interactively?
<manveru>
so if you put a fixed version in arion-pkgs.nix, you can rely it always gives you the same images as result
<Gopal[m]>
adamt: yes
<Gopal[m]>
I am
<__monty__>
Is there a way to make the binary cache usable on a very slow connection? Kbps rather than Mbps?
<manveru>
rolling back with :latest is... tricky :P
<Gopal[m]>
yeah, it probably is
<Gopal[m]>
which is why things like kubernetes exist :P
hyper_ch2 has joined #nixos
<manveru>
:)
<Gopal[m]>
no problem though
<manveru>
i build kubernetes config with nix, so the image is fixed that way
<Gopal[m]>
I see
<adamt>
Gopal[m]: How does k8s save you with regard to rollbacks when you're deploying :latest?
<Gopal[m]>
k8s has rolling updates
WhittlesJr has joined #nixos
<Gopal[m]>
it updates as soon as there is a newer image available and if it doesn't work, it rolls back
<manveru>
__monty__: not really... i suffer this every day :P
<adamt>
Gopal[m]: And if the job is started on a host that didn't have the old version?
<manveru>
__monty__: just have a lot of patience, i guess
<Gopal[m]>
adamt can there be a situation like that though?
<__monty__>
manveru: It goes a bit like this, try copying some paths, timeout, abort, restart, try copying the same paths... : (
rsoeldner has quit [Read error: Connection reset by peer]
<johanot>
"latest" really only works as expected, if you remember to set "ImagePullPolicy: Always"
<manveru>
__monty__: jup
rsoeldner has joined #nixos
<__monty__>
I'd rather it fall back to a slow but steady sequential mode than just keep failing to get things in parallel.
<Gopal[m]>
If I am at some older version, I'm going to retain that image until that's deleted, right? That image will be only deleted when the newer image is confirmed to be working.
<adamt>
Gopal[m]: It honestly sounds like you'll be hosed if the server running the last good version crashes in the middle of it, since you're not doing rollbacks, just failing a new update.
<Gopal[m]>
manveru: how many nodes to you use with k8s?
<manveru>
Gopal[m]: uh, hard to tell, i don't maintain k8s
<Gopal[m]>
adamt: I think you can also set an interval for image deletion
<Gopal[m]>
if that does happen, I can rollback manually regardless
<manveru>
but given that you push images to your registry and specify the exact tag on deploy, it works nicely
<Gopal[m]>
manveru: I see. Well, it's just that the last time I tried k8s w/ 2 nodes with nix. I failed miserably.
<adamt>
manveru: Gopal[m] said he is deploying the tag "latest", not a specific tag.
<manveru>
adamt: yeah
<adamt>
I'm basically just trying to say "don't do that, it's a really really really bad idea".
<manveru>
exactly :)
<Gopal[m]>
I've been doing this for 2 years and I haven't run into a problem with stability, tbh
<Gopal[m]>
for projects like invidious or searx, I'd prefer to stay on the latest commit
abbiya has quit [Quit: abbiya]
<manveru>
then i'm not sure i understand the issue
<Gopal[m]>
for databases, obviously I'm using a specific tag
<Gopal[m]>
manveru: the issue is that I'm trying to cover for _that one day_ when the newer image fails :P
<manveru>
i'm talking about deploys of apps i write, not random images from the interwebs :)
<Gopal[m]>
I see
veske has joined #nixos
<manveru>
so i decide on the tag and can insert that into the k8s config for that service
<manveru>
so we're talking two different things?
<Gopal[m]>
alright, just one more thing
<Gopal[m]>
(manveru do you manually update images then?)
<Gopal[m]>
I think so
noudle has joined #nixos
<manveru>
CI builds the image
<manveru>
tag is taken from github sha
<manveru>
s/github/git/
fendor has quit [Read error: Connection reset by peer]
<adamt>
We integrated the process of building images with the process of creating k8s deployments, and always refer to docker images using a tag that is really a checksum of the image derivation. It's neat, and predictable.
<johanot>
manveru: have you considered pulling by digest instead of tag (now that you are tagging with a digest anyway) ? :)
<johanot>
I guess traceability to git is a good thing.
mexisme has quit [Ping timeout: 276 seconds]
fendor has joined #nixos
seanparsons has quit [Ping timeout: 244 seconds]
<manveru>
johanot: yeah, it's just company policy mostly
<Gopal[m]>
adamt: I think that applies only when you are the builder of the images that you use
<manveru>
we got a nice UI that shows every version of every container with the corresponding commit
<manveru>
you could do it with labels too... i guess
<adamt>
Gopal[m]: Well, we also support downloading images by tag (and with an expected hash), and use the same pipeline for those.
<johanot>
Right. Worst drawback with your approach I guess, is that you can easily end up with multiple identical images - with different tags, since every git commit doesn't necessary change the image content.
<Gopal[m]>
I'm not sure I understand how you manage updates for images built by other than yourself
<manveru>
well, we don't allow those...
<Gopal[m]>
<Gopal[m] "alright, just one more thing"> and yeah, are we getting any closer to live patching kernels?
<adamt>
Gopal[m]: We manually bump the version of external images, just like you would with normal packages
<johanot>
My experience is that you reeeally want to pull by Digest when using "upstream-images". Because... People tend to re-push tags :(
<Gopal[m]>
<manveru "well, we don't allow those..."> were you talking about kernel updates?
<Gopal[m]>
<adamt "Gopal: We manually bump the vers"> I see
<manveru>
Gopal[m]: i meant images not built by ourselves
fendor_ has joined #nixos
<Gopal[m]>
well, your approach is definitely great for production
<manveru>
it's not super pragmatic, but otherwise you just ask for exploits
<manveru>
anw, gotta go, cu :)
<johanot>
if you examine the content of an external image and pin that to something static and verifyable (not a tag), it can be safe enough.
<Gopal[m]>
manveru: doesn't ubuntu do live patching?
<Gopal[m]>
thanks for your help, buddy!
<johanot>
sidenote: there is #nixos-kubernetes on Freenode if you want to discuss this topic in more detail some time.
<Gopal[m]>
johanot: I think I have bothered you a lot already on that channel :P
fendor has quit [Ping timeout: 268 seconds]
<adisbladis>
Ohh #nixos-kubernetes <3
<Gopal[m]>
I remember asking and checking your setup out a lot of times but I couldn't wrap my mind around it
mexisme has joined #nixos
<adisbladis>
(we need an index of all #nixos-$blah irc channels)
seanparsons has joined #nixos
<johanot>
adisbladis: is there a #nixos-blah though? :P there should be
<adisbladis>
johanot: #nixos-chat is close enough ;)
<johanot>
true :P logs.nix.samueldr.com is the best index I can think of... thanks samueldr again for that, btw
<{^_^}>
[nixpkgs] @prusnak opened pull request #66272 → pythonPackages.wget: init at 3.2 → https://git.io/fjQij
<{^_^}>
[nixpkgs] @danbst pushed 0 commits to pacien-postgresql-wal-receiver: https://git.io/fjQPZ
orivej has quit [Ping timeout: 244 seconds]
<dminuoso>
Ive enabled docker in configuration.nix and tried to add "docker" to my extraGroups, but its not working. If I check ⌜groups⌝ its not listing the docker group. What's going on here?
<gchristensen>
did you log out and log in?
<yorick>
sudo as yourself for a quick workaround
<yorick>
sudo -su $(whoami)
<dminuoso>
Ah interesting. I take it that my shell reuses the user information from its parent process, inheriting it from the long living X process - which still doesnt have the group?
<yorick>
basically, yes
<gchristensen>
exactly
<adamt>
It's also not a NixOS thing, it's an annoyance everywhere =/
drakonis has joined #nixos
<dminuoso>
How does that work exactly? I mean I'd expect ⌜groups⌝ to call into some system library (?) - so I naively expected ⌜groups⌝ to always tell me the truth.
<dminuoso>
Is there some generic "uid/groups" struct provided by the kernel?
<etu>
dminuoso: I don't know the inner workings, but it's assigned to your session somehow on login
<dminuoso>
Okay I think I just worked it out then.
<dminuoso>
It must be glued into task_struct
<dminuoso>
My reasoning is this: In order for the security model to work, this information has to live in the kernel. And the only reasonable structure for this has to be the the process/task struct.
<dminuoso>
(Which presumably gets inherited if you fork/exec)
<johanot>
dminuoso: yeah, see: man 7 user_namespaces :)
<worldofpeace>
why can't we change the target the buildPhase does?
<adisbladis>
exarkun: Yep, though you don't really have to write much perl to write a nixos test
<thoughtpolice>
exarkun: I mean, if you are literally, physically unable to write it or something because it's using Perl, then yes, you are basically screwed. But you normally do not need to write much perl at all
<adisbladis>
In fact I mostly tend to forget I'm writing perl when hacking on nixos tests
<exarkun>
thoughtpolice: I might be physically unable to write something in Perl, yes.
<thoughtpolice>
Then you are screwed.
<adisbladis>
You can basically consider the test suite a tiny subset of perl
___laika has quit [Remote host closed the connection]
___laika has joined #nixos
<adamt>
It doesn't sound like the size of the subset matters much in this case :P
Lukas4452 has quit [Ping timeout: 245 seconds]
<exarkun>
Give me a couple hours to stare at some terrible file of ansible and terraform, maybe I can get over it
<adisbladis>
Gopal[m]: Imho terraform (the language) is terrible
<Gopal[m]>
Any of you guys manage emacs packages with nix?
<adisbladis>
Gopal[m]: Yes
<exarkun>
adisbladis: It's all very simplistic testing. That's great. I love simple. I'm used to using very expressive test frameworks though. It's an adjustment.
<Gopal[m]>
<adisbladis "Gopal: Imho terraform (the langu"> Really? I've had a senior who immensely praises terraform and all of hashicorp
<{^_^}>
[nixpkgs] @NeQuissimus pushed 4 commits to release-19.03: https://git.io/fjQP7
<{^_^}>
[nixpkgs] @FRidh pushed commit from Averell Dalton to master « calibre: fix build »: https://git.io/fjQPd
<adisbladis>
Gopal[m]: Terraform, the tool, is great
<exarkun>
adisbladis: My first impression is "this is way too simplistic, I can't express anything I want to express with this".
<adisbladis>
Gopal[m]: I just find the language terrible
<Gopal[m]>
<adisbladis "Gopal: Yes"> How do you stay updated with packages?
<adisbladis>
Try to write a loop, I dare ya
rsoeldner has quit [Remote host closed the connection]
<exarkun>
Gopal[m]: "a senior who immensely praises ..." is kind of meaningless
rsoeldner has joined #nixos
<exarkun>
Gopal[m]: "senior" doesn't mean much
<Gopal[m]>
<exarkun "Gopal: "a senior who immensely p"> Wdym?
joshuagl has joined #nixos
<exarkun>
Gopal[m]: and non-technical praise is usually more about culture and fads than actual software quality
<adisbladis>
Gopal[m]: We're recently done some changes to our melpa infra. Expect much more up to date packages in the future.
<adisbladis>
Gopal[m]: Or is that not what you meant?
<Gopal[m]>
Hmm, I think I said senior because he has used Hashicorp's products in production for several startups
<{^_^}>
[nixpkgs] @basvandijk opened pull request #66273 → Backport "Remove default value for nixpkgs.system" to release-19.03 → https://git.io/fjQPN
<exarkun>
Gopal[m]: So he's, like, at least 25? :)
<Gopal[m]>
And has had great experience with those
<adisbladis>
^_^
<adisbladis>
Gopal[m]: I have nothing against Terraform as a deployment tool, it's just a damn shame the language is not expressive enough
<thoughtpolice>
Gonna go ahead and throw this out there: this is not the channel to really be hashing out popularity/design of something like Terraform or whatever hearsay you want to discuss. As noted, NixOS test scripts are currently written in Perl, and that's currently the way life is.
<adisbladis>
thoughtpolice: <3
<thoughtpolice>
I think that's basically all that needs to be said.
<johanot>
thoughtpolice++
<{^_^}>
thoughtpolice's karma got increased to 14
<Gopal[m]>
<adisbladis "Gopal: We're recently done some "> I'm just afraid of converting packages again to nix. As it is, I've had a terrible experience with nix on the desktop. :P
<{^_^}>
[nixpkgs] @timokau pushed commit from @BenSchZA to master « spotifyd: update cargoSha256 hash (#66233) »: https://git.io/fjQPp
linarcx has joined #nixos
<exarkun>
is this how a nixos test should complete? "vde_switch: EOF on stdin, cleaning up and exiting", "vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty"
<adisbladis>
Gopal[m]: Ok? Using nix for your emacs packages shouldn't really affect your emacs config so I don't know what you have to lose.
<Gopal[m]>
<adisbladis "Gopal: I have nothing against Te"> I see
hyper_ch2 has quit [Remote host closed the connection]
<Gopal[m]>
<adisbladis "Gopal: Ok? Using nix for your em"> I always forget
<Gopal[m]>
<exarkun "Gopal: So he's, like, at least 2"> What does age have to do with it?
_kwstas has joined #nixos
_kwstas has quit [Remote host closed the connection]
<adisbladis>
Gopal[m]: It was a jab at "senior" not really meaning anything
<Gopal[m]>
Btw how does Terraform compare against nixops?
<exarkun>
Gopal[m]: I don't think this conversation is welcome here.
o1lo01ol1o has joined #nixos
<Gopal[m]>
<adisbladis "yozu: It was a jab at "senior" n"> oh, haha, I just said senior because he's a year ahead of me at uni
Lukas4452 has joined #nixos
_kwstas has joined #nixos
<__monty__>
Gopal[m]: Could you stop quoting previous messages rather than just mentioning people? I'm sure it's a nice feature on matrix but on the other side of the bridge it's pretty confusing.
_kwstas has quit [Remote host closed the connection]
<Gopal[m]>
<exarkun "yozu: I don't think this convers"> huh?
<Gopal[m]>
I'm sorry
jgt has quit [Ping timeout: 264 seconds]
<Gopal[m]>
on android, it's a pita to copy paste
<exarkun>
we can probably follow your meaning if you just write your message, you don't have to quote or copy/paste anyone else's messages
<exarkun>
it's how irc works, everyone on irc has lots of practice doing it :)
<adamt>
Gopal[m]: I'm pretty sure it's ok to ask how terraform compares to nixops here, but that people (other than you) should keep the debate more civil than before.
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<Gopal[m]>
I see
mexisme has quit [Ping timeout: 252 seconds]
<Gopal[m]>
Is there a reason plasma is still 5.15 in the repos?
<manveru>
Gopal[m]: terraform and nixops have a bit of overlap, but terraform has a much larger feature set, like setting up dns, cdn, heroku, mailgun, newrelic, etc...
rsoeldner has joined #nixos
<manveru>
nixops (as i used it), is mostly about "deploy this nixos config to this box"
<manveru>
though nixops does have configs for AWS/GCE/Azure, i just never used them myself since i don't use those services
<manveru>
and both can be pretty nerve-wrecking at times :)
<Gopal[m]>
can NixOps be used to do that after deployment? For example, I have a central repo which has configs for all my machines. The problem now is that I have to keep a copy at each of the machines. I was wondering if I could use my laptop to deploy some particular config to a box?
<Gopal[m]>
nix is already nerve-wrecking for me lol
<Gopal[m]>
I think I have failed to use nix on the desktop 7+ times for now
{`-`} has joined #nixos
<manveru>
Gopal[m]: now i'd love to hear that story :D
<adisbladis>
johanot: Wasn't there a nice comparison matrix somewhere between nixops/morph/krops?
<Gopal[m]>
johanot: somebody should make one of those _awesome_ lists for nixos for projects like these
<kandinski>
Gopal[m]: my experience is the reverse. I installed it once and it worked so well that my frustration is not progressing in learning. I don't have the incentive I once had to learn to fix stuff that broke.
<exarkun>
and if lib.tests.runTests is how you do it, where do you put your tests and how do you convince something to evaluate them?
<Gopal[m]>
manveru: it involves me beating my head against the wall for some package that does not yet exist or work well on nix :P
dontobey has quit [Ping timeout: 246 seconds]
<Gopal[m]>
kandinski: I think the problem comes from my imperative background
vmandela has quit [Quit: Leaving]
xkapastel has joined #nixos
<Gopal[m]>
and also that package installation is so easy and painless in arch linux that having to open up `home.nix` to add a package and then do `home-manager switch` feels annoying almost always
<adamt>
Gopal[m]: I had similar issues running maple on nixos, but ended up running it inside a FHS userenv. Maybe that's worth looking into, but it obviously depend on the exact problem faced. :P
<adamt>
Gopal[m]: You could always just nix-env -iA nixos.foopkg (not ideal, but about as easy as pacman)
<Gopal[m]>
adamt: I tried looking into packaing ungoogled-chromium for nixos... but oh boy
rsoeldner has quit [Remote host closed the connection]
<adamt>
Gopal[m]: Or, if you need a tool but only once, just make a new shell with it (nix-shell -p foopkg)
rsoeldner has joined #nixos
<adisbladis>
johanot: That's the one I was thinking of. Thanks.
<adamt>
johanot: I know nothing of nixops or krops
<adamt>
I'm pretty familiar with morph features, though
<adisbladis>
johanot: Could I persuade you to make a wiki article on the subject? ;)
<Gopal[m]>
adamt: the "not ideal" part is where the transition becomes a pain. it's like trying something new but unable to because I'm too used to the older way
<adisbladis>
Or adamt
<Gopal[m]>
also one of my major complaints is that plasma simply sucks on nixos
<Yaniel>
sucks?
<Yaniel>
it must be absolutely stellar on other distros then
<adisbladis>
Hm? I never had much Nixos-specfic Plasma issues.
<Gopal[m]>
yeah, I've had terrible experience with Plasma on NixOS. mutliple times, that tooo
<Gopal[m]>
Yaniel: plasma on arch is amazing, even more so on OpenSUSE tumbleweed
<adisbladis>
Gopal[m]: Instead of generally complaining could you make it into something constructive?
<adisbladis>
What's your problems you're experiencing?
<Yaniel>
haven't had much to complain about on nixos so...
<Gopal[m]>
sure thing
<adisbladis>
Saying that something just sucks is not nice to all the peeps working hard to maintain the packages
<exarkun>
if I put a call to runTests into a .nix file and nix-build it, it seems to be a no-op
<Gopal[m]>
the animations lagged way too much
<exarkun>
adisbladis: saying some_one_ sucks isn't nice. things are just things.
<johanot>
adisbladis: yeah we should do that. and btw.. we'll probably do a talk about morph on NixCon in Brno.
__monty__ has quit [Remote host closed the connection]
<adamt>
Gopal[m]: So probably a driver issue, and not plasma specific
<Gopal[m]>
adisbladis: I'm sorry about that
<Gopal[m]>
I'm really thankful to all the people putting work into NixOS. I should word my statements better.
<drakonis>
adisbladis: no issues with baloo's indexing?
<adamt>
exarkun: And things are made by people that probably have feelings for the things they made.
<Gopal[m]>
adamt: umm, it happened with both my laptops. intel and nvidia
<Yaniel>
oh, I just assumed it's supposed to be janky like that, like on a certain other OS xD
<adisbladis>
drakonis: Tbh I've always turned off baloo
<Gopal[m]>
I think there were problems with sddm too but I can't remember
<exarkun>
adamt: It's sad that people develop emotional attachments to technology. It gets in the way of making things better.
<drakonis>
fedora goes nuclear and just rips out the majority of indexing features
<Yaniel>
what bothers me more is that kwin_x11 loves crashing a lot
<Gopal[m]>
it's been over three months since I tried plasma on nixos
<drakonis>
so the daemon is there but it doesnt do anything useful
<Yaniel>
i.e. basically every time I press alt+tab
<Gopal[m]>
baloo is really useful for finding files tho
<exarkun>
adamt: You are not the C you got on the math test. You are not the buggy software you write.
veske has quit [Ping timeout: 272 seconds]
<drakonis>
adisbladis: nothing regarding updating the desktop file index for the start menu either?
<Gopal[m]>
Yaniel: I really haven't seen kwin_x11 crash, bar very rarely with the nvidia laptop I have
<Yaniel>
and it seems that there are like two people other than me with that problem
veske has joined #nixos
<exarkun>
Failure is a normal, healthy part of life. Learn from it and move on and do better.
<Gopal[m]>
on my thinkpad, it's flawless
<drakonis>
not as egregious but its something the other distributions do whenever installing new software
<adisbladis>
drakonis: I've manually run `kbuildsycoca5` to rebuild that
<Gopal[m]>
im using plasma right now, on arch
jgt has joined #nixos
<adisbladis>
Anyway, for the last year or so I've been on exwm and not much plasma anymore. I only use Plasma on my tablet now.
<drakonis>
that's what i do myself
<drakonis>
whenever i actually change my system instead of running shells
<Gopal[m]>
also, back to my original question, why is plasma on nixos still 5.15? didn't 5.16 come out two months back?
<drakonis>
not one bit different from my experience
<Yaniel>
which nixos channel are you on
<Gopal[m]>
unstable
<Gopal[m]>
I use unstable everywhere, haha
<Gopal[m]>
haven't had problems except for libreoffice and python packages
<adisbladis>
Gopal[m]: I guess it's just that no one bothered to update it.
<adisbladis>
adamt: There is an update script for kde/qt
<drakonis>
its the easiest thing about nix my dude
<drakonis>
pushing updates is the easiest
<Gopal[m]>
all this talk is convincing me to try nixos yet again :P
jgt has quit [Ping timeout: 252 seconds]
<adamt>
adisbladis: Yeah, I just saw the first line of the file. My bad.
<exarkun>
Can anyone give me any tips on using lib.runTests?
* adisbladis
runs the updater
<adisbladis>
Let's see what happens
<Gopal[m]>
where is the update script?
<Gopal[m]>
oh fetch.sh
<Gopal[m]>
my bad
<adisbladis>
Gopal[m]: It's more complicated ;)
<Gopal[m]>
I really should make an effort with nixos again
<joepie91>
Gopal[m]: come to the dark side, we (still) have cookies!
<Gopal[m]>
we also have infinite path resolution problems :P
<joepie91>
we now also have morph, which has significantly improved my ops experience with Nix...
<Gopal[m]>
oh yeah, I meant to ask
<adisbladis>
Gopal[m]: cd pkgs/desktops && ../../../maintainers/scripts/fetch-kde-qt.sh plasma-5
<Gopal[m]>
I'm confused. nixops and morph?
<adisbladis>
(though I've already run it, running plasma tests now)
endformationage has joined #nixos
<adisbladis>
Gah, some build failure
<adisbladis>
I don't have time to look into this too much now
<adamt>
Maybe that's why nobody bumped it :P
<joepie91>
Gopal[m]: morph is basically the simple stateless alternative to nixops
<Gopal[m]>
oh?
<adisbladis>
joepie91: Does it do local building and copies the closure?
<joepie91>
Gopal[m]: morph == config file goes in, morph builds and deploys (using SSH keys from your environment) on the stated hostnames, working systems come out
<adamt>
joepie91: Do you know whether things changed in nixops related to state?
<johanot>
adisbladis: :D personally I was preparing popcorn when you said "runs the updater". I like the "updates are easy" part of this conversation.
<Gopal[m]>
nixops keeps track of states? how is that good / bad?
<joepie91>
Gopal[m]: nixops is a lot more complex, supports complex cloudycloud resource management and whatnot but is also highly stateful
<adisbladis>
johanot: I've updated plasma a few times, usually it's just some small change in dependencies or some patch that needs removal
<adisbladis>
It's usually quite easy
<joepie91>
well, the main benefit of morph over nixops imo is that you can reason about morph pretty easily with only very little experience with it; very few moving parts, very straightforward process, easy to follow, easy to find issues with
__monty__ has joined #nixos
<joepie91>
nixops has a lot of internal state (autocreated SSH keys, other resources, etc.) that is difficult to inspect and it's difficult to understand how it relates to other settings that it has
<johanot>
adisbladis: just kidding :) it's just.. you know.. when people say "it's easy".
<adisbladis>
Yeah :)
___laika has quit [Ping timeout: 268 seconds]
<joepie91>
nixops is really a capital-S deployment System
<joepie91>
whereas morph is more like a deployment tool, a minimal extension to what you already do with Nix to make it apply to other machines
<adamt>
I just got the impression some time back that it you could now use nixops without state, of course without the provisioning bits
<adisbladis>
My dad always says "Chinese is easy, even the kids in China knows how to speak it."
<joepie91>
adisbladis: all builds are local in morph afaik, I don't think it has a "download stuff directly to target system" switch yet
<johanot>
:D human language don't compute.. <- that's all I have to say to that
<manveru>
exarkun: it'll return a list of failed tests
<Gopal[m]>
I see
<Gopal[m]>
thank you
<exarkun>
manveru: Then you nix-build it?
<adamt>
joepie91: Correct, we haven't implemented remote download/build yet, and not sure we will any time soon, since we don't really need it at work
<Gopal[m]>
i see
<johanot>
adamt forgot to say: "PR's are welcome" :)
<manveru>
exarkun: you could, if you put it in a derivation, but `nix eval` or `nix repl` is probably easier
<Gopal[m]>
I use servers from hetzner and I see that nixops docs have means to completely automate the process. right now I run their rescue system, transfer a kexec_bundle from another server, do the kexec, ssh back in and run my deploy script
<joepie91>
adamt: oh, you work on morph? :P
<Gopal[m]>
joepie91: oh?
<Gopal[m]>
I was looking for remote builds
<__monty__>
Hmm, does krops have remote build?
<Gopal[m]>
I don't want to do anything on my pc
<adamt>
joepie91: I wrote the original go implementation, yes
<Gopal[m]>
or laptop as upload speeds suck :P
<adamt>
__monty__: Looking at the nixops/krops comparison, i think the answer is "yes"
<adisbladis>
__monty__ I think Krops always copies the expressions to the remote and does all building on the target?
<johanot>
Gopal[m]: I use nixops/terraform only for provisioning my hetzner servers. after that I switch to morph.. But I'm (like adamt) probably a bit biased :)
rsoeldner has quit [Remote host closed the connection]
<joepie91>
adamt: ah, right :) for me the 'build/DL locally and upload' thing isn't an issue personally since I'm on fast internet, but I suspect it'll be a blocker for many
rsoeldner has joined #nixos
<adamt>
joepie91 / Gopal[m]: Yeah, I never even considered how that must be annoying in a cloud environment
<joepie91>
don't really have any other criticisms about morph other than the slightly sparse docs (and I will probably make a PR for that)
<joepie91>
so far it's done quite well at Just Working
<johanot>
joepie91: great!
<adamt>
Many of the design decisions in morph are a result of how we deploy actual hardware hosted 20 meters from our office
<adisbladis>
Sparse docs? In a Nix project?! I'd never...
<Gopal[m]>
yeah, transferring stuff from local to anywhere else is out of the equation.
lunik18 has quit [Read error: Connection reset by peer]
<joepie91>
adamt: oh, one small suggestion for improvement: a flag to make a healthcheck fail after N attempts and return a non-zero exit code
<joepie91>
for better deployment automation
<__monty__>
adamt, adisbladis: Ah thanks, that difference didn't come out of a recent morph v. krops discussion I had.
<adamt>
joepie91: YOu want morph to continue deploying the remaining hosts, or just fail?
<Gopal[m]>
can nixops do remote builds?
<adisbladis>
__monty__: Don't take my word for it. I'm only using Nixops.
<exarkun>
manveru: oh. that I didn't give the attribute a "test" prefix...
lunik18 has joined #nixos
<exarkun>
manveru: Thanks!
<joepie91>
adamt: I don't actually know what the current behaviour is (does it continue deploying other hosts while one healthcheck is failing?) but I have no specific expectation that that behaviour changes, the only problem I'm running into is that I need to manually ctrl+C when a healthcheck keeps failing
<joepie91>
and it can be especially annoying when it causes logspam due to an application error :p
<adamt>
joepie91: As a work-around you could use --timeout with some high-ish number for now
<johanot>
if the result of a healthcheck is "unknown", it should be considered "failed", imho :)
<joepie91>
right, it's not a blocker for me, to be clear
<Gopal[m]>
I guess I should just make a script to ssh in, git pull and run `nixos-rebuild` :P
<joepie91>
but as I integrate the deployment command into other scripts in the future I expect this to become more annoying :)
<joepie91>
so I figured I'd at least mention the usecase
<adamt>
joepie91: Morph can't progress to a new host before the current one is considered healthy, but I don't think we would be opposed to a flag specifying the max number of tries before failing
<manveru>
exarkun: and yeah, i really wish all lib docs had at least one example of usage :)
<adamt>
Also, we could start considering rollbacks if the user could specify conditions for when a rollback should happend (e.g. after n failures, or n seconds of failing checks, &c)
<joepie91>
adamt: right. I would find "stops trying after N attempts, then aborts deployment entirely with non-zero exit code" to be completely acceptable behaviour
<joepie91>
in that context
<johanot>
python question: "does python3Packages.python.withPackages" honor an overlay of "python3Packages" ?
<adisbladis>
manveru: Hmm, I love Elixir's doctest
<joepie91>
rollbacks would be nice, but - at least right now - for me they aren't a hard requirement
<adisbladis>
Imho we should have something similar
shibboleth has joined #nixos
<manveru>
adisbladis: that'd be awesome, yeah :)
<manveru>
if nix didn't suck so much at printing nix expressions...
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjQ1s
<{^_^}>
[nixpkgs] @talyz opened pull request #66274 → nixos/gitlab nixos/systemd: Add support for fully priviliged scripts in systemd services, secure secrets in gitlab, and … → https://git.io/fjQ1G
johann__ has quit [Quit: WeeChat 2.4]
___laika has quit [Ping timeout: 246 seconds]
<ajs124>
so. gchristensen: The commit that introduced the wireguard restart semantics is 1bff53cb8408f583f4f9a02e487dbe2fa4110271, the motivation seems to be DNS problems. A few commits later (1de35c7f5ecbfe3c5bae252f660068669eb62b7a) we're setting WG_ENDPOINT_RESOLUTION_RETRIES to infinity, which the wg(8) manpage documents as something that should solve the same DNS problems.
<gchristensen>
yep
<gchristensen>
exactly
<ajs124>
If I were to open a PR that reverts the first commit, giving my reasoning about "broken configs should lead to systemd services breaking", would that be merged?
<gchristensen>
I think so, yeah
<hyper_ch2>
wireguard? dns problems? /me is all ears
<ajs124>
Cool, I'll do that soon(ish), then.
<gchristensen>
sounds great, thanks ajs124
<hyper_ch2>
ajs124: I missed the first part of the conversation. What are you intending to do?
drakonis has quit [Read error: Connection reset by peer]
<ajs124>
hyper_ch2: it's in #nixos-chat. I can @ you on the PR, I'll write it up there.
<{^_^}>
[nixpkgs] @mgttlinger opened pull request #66275 → ocaml-sat-solvers: init at 0.4 → https://git.io/fjQ1l
drakonis has joined #nixos
<hyper_ch2>
ajs124: use @sjau
<hyper_ch2>
ajs124: thx
___laika has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<joepie91>
probably hopeless without an FHS chroot
<joepie91>
(buildFHSUserEnv is the name of the nixpkgs utility for those)
<joepie91>
looked at this a while ago and gave up back then :P
<ajs124>
hyper_ch2, gchristensen: so. turns out, wireguard works different on master, than it does on stable and it's actually oneshot again, already
<gchristensen>
yep
<gchristensen>
on master it is much more robust to individual peer failures
<ajs124>
oneshot units can't be auto-restarted, therefore (probably?) fixing my issue
<sakalli>
joepie91: oh, dear... a pity. its a great nle
<gchristensen>
right, master already fixes your problem. the problem I'm hoping to get either a bug report or a PR fixing is that 19.03 regressed
<joepie91>
sakalli: to be clear, it's probably possible in an FHS
<joepie91>
but resolve is full of hard-coded paths
<joepie91>
so I would expect to run into some snags while packaging it
<sakalli>
joepie91: gotcha. thanks
<laas>
does anyone here know how to get the wayland plugin for QT?
<ajs124>
gchristensen: ahaha, you actually reverted this on 2019-06-01, so it should be fine on stable, as well. Seems like I was mainly doing wireguard stuff back then and I haven't paid attention to what's happening to the module.
<laas>
I looked in the derivation and I see there's an optional module for it which seems to be activated when you use Linux?
<laas>
but I don't have it on my system
<gchristensen>
ajs124: so what is the current status?
iyzsong has quit [Remote host closed the connection]
rsoeldner has quit [Remote host closed the connection]
<gchristensen>
hyper_ch2: I know
rsoeldner has joined #nixos
<gchristensen>
there is no good solution
<gchristensen>
that I know of
<hyper_ch2>
IMHO changing peer unit files back to retry would solve the problem
<gchristensen>
it doesn't, see ajs124's note about the regression on 19.03
<hyper_ch2>
it would only restart those and not bring down the while interface
<hyper_ch2>
gchristensen: I don't know what ajs124 note is
<gchristensen>
okay
<gchristensen>
the thing to do is fixing our nsswitch config
<ajs124>
gchristensen: the service *does* fail. As luck would have it, we redesigned and redeployed our wireguard infrastracture in exactly that week, that it was on stable.
<gchristensen>
oh good
<gchristensen>
ajs124: so, all good?
<ajs124>
gchristensen: yes. Thanks for your support.
<gchristensen>
the store path hash prefix is used to find the .narinfo file: curl https://cache.nixos.org/$(readlink $(which bash) | cut -d/ -f4 | cut -d- -f1).narinfo
byteflam1 has joined #nixos
johanot has quit [Quit: WeeChat 2.4]
<gchristensen>
that then points to a content-addressed .nar file, which is named based on the hash of the file
<mightybyte>
Then why does queryPathFromHashPart look it up with this query
pi3r has joined #nixos
<mightybyte>
"select path from ValidPaths where path >= ? limit 1;"
<gchristensen>
I don't know, do you seem to think there is still an inconsistency after this explanation?
veske has quit [Quit: This computer has gone to sleep]
<mightybyte>
I don't have your explanation 100% clear in my mind, but it seems like the same thing I was saying.
veske has joined #nixos
<gchristensen>
well, nix-serve is well within its right to do something different
<gchristensen>
there is no hard rule by how `.nar`s should be named
<gchristensen>
the `.narinfo` provides a pointer to where to find the actual .nar
<mightybyte>
Right
<pi3r>
I am trying to install 'pythonPackages.odo' in nixos 19.03. It is marked as broken in the stable channel so this is what I have tried: https://paste.ee/p/0Mqza
<mightybyte>
But nix-serve looks that up in the path column of the DB, which is what seems wrong to me.
<{^_^}>
[nixpkgs] @eraserhd opened pull request #66276 → xcbuild: fix darwin build → https://git.io/fjQMl
<gchristensen>
I'm not understanding what seems wrong :/
<gchristensen>
maybe you could put together a gist or something with actual example values and query results
<pi3r>
Does that mean that I am misunderstanding how to install a package from unstable or does it mean that it is still broken even if the 'broken' marker has been removed in unstable.
<mightybyte>
gchristensen: Ok. The above was my first stab at doing that. I'll give it another shot.
<infinisil>
Yeah, it's pretty much just `builder = "/path/to/executable/that/writes/to/$out"`
<adamt>
Ah, I've never seen what is apparently the most imported built-in function before. :-P
veske has quit [Quit: This computer has gone to sleep]
<adamt>
s/imported/important/
Okinan has joined #nixos
jgt has joined #nixos
rsoeldner has quit [Ping timeout: 252 seconds]
<thoughtpolice>
mightybyte: It doesn't really matter what particulars any cache server uses for the .nar names, tbh. The .narinfo file always points you in the right direction; in the case of nix-serve (and Eris), they treat the store path prefix as both the name of the .narinfo *and also* the .nar file itself, but this is just for simplicitly
<thoughtpolice>
The actual binary cache server, which is NOT an actual application, but just an S3 bucket, can use whatever layout it wants, similarly. Nix does not care what the .nar is actually named, it will just follow whatever is in the .narinfo
<{^_^}>
[nixpkgs] @vbgl opened pull request #66279 → smplayer, smtube: fix execution (“Could not find the Qt platform plugin "xcb"”) → https://git.io/fjQDf
rsoeldner has joined #nixos
<thoughtpolice>
mightybyte: So yes, nix-serve and nix copy may not have consistent conventions for the names of .nar files, this is possible. But it doesn't really matter since Nix doesn't care. You could also change nix-serve so that it was consistent with the names in cache.nixos.org, as well, e.g. based on the SHA256 of the .nar file rather than the store prefix
<mightybyte>
thoughtpolice: Ahh, ok.
<thoughtpolice>
But the specifics of how the .nar name itself is computed are irrelevant
<thoughtpolice>
The only thing that matters is that the .narinfo names are consistent
<mightybyte>
Got it
<mightybyte>
That answers my question. Thanks!
<{^_^}>
[nixpkgs] @mmlb opened pull request #66280 → pythonPackages.git-revise: init at 0.4.2 → https://git.io/fjQDU
<thoughtpolice>
👍
<gchristensen>
I thought I said that :p
<mightybyte>
gchristensen: Yeah, you probably did. I'm just slow. :P
<gchristensen>
no worries, glad its clear
<gchristensen>
thoughtpolice++
<{^_^}>
thoughtpolice's karma got increased to 15
<thoughtpolice>
(I think I also remember figuring this out when I wrote Eris, since I selfishly copied the rules from nix-store, and had to convince myself it didn't matter, either)
<mightybyte>
Ahhh, yep
_kwstas has joined #nixos
<adamt>
Regarding caches/substituters, is there any plans on making the negative cache duration configurable? It's hardcoded to 60s currently. Or should i just go PR it already?
<thoughtpolice>
I thought we only track TTLs for narinfo files?
<thoughtpolice>
Does `--option narinfo-cache-negative-ttl 30` not do the trick
<thoughtpolice>
Well, I guess if we don't upload the .nar's before the .narinfo's, then there's a race there where the .narinfo may exist and the .nar doesn't
<thoughtpolice>
And maybe Nix tracks that 404, as well. Not sure
Guest1 has joined #nixos
<adamt>
Uh, maybe? Our issues is that we have a private substituter, and it would make things easier to just add it to all our laptops, but then we would run into timeouts when not on the private network, so we considered just making the domain resolvable from the outside, but always return bogus
<thoughtpolice>
mightybyte: Also thinking about it more, I don't think it's reasonably possible for the nix copy filename layout to work easily with eris/nix-serve without keeping state around... Think about it: .narinfo and .nar are uploaded at once by Nix, so it can upload them both with the right names
<adamt>
But we also want to avoid long negative cache hits in case we just forgot to open the VPN tunnel
Guest1 is now known as fvh
<thoughtpolice>
But when you *fetch* the .nar -- let's say it was the SHA256 of the .narinfo or whatever -- then how does the handler for the .nar file know what path to fetch from the store?
<thoughtpolice>
It would have to keep some kind of reverse mapping
<gchristensen>
content addressability solves so many problems
jgt has joined #nixos
<thoughtpolice>
adamt: I think narinfo-cache-negative-ttl (which is currently 1 hour, IIRC) is basically what you want. Don't quote me on this but I think Nix only tracks the TTLs of the narinfo files, nothing else matters. So you can just configure a low TTL and be on your way.
<thoughtpolice>
One unfortunate thing is that the ttl setting is global, you can't have per cache settings. This means you will also hit cache.nixos.org more frequently, too.
<thoughtpolice>
(In the negative case, that is)
drakonis has quit [Quit: WeeChat 2.4]
drakonis_ has joined #nixos
<fvh>
hi guys, can you help me out. I installed recently nix system on Fedora and noticed that I'm not able to access `nix-env` after reboot and need I need to install it again. On second time it's very quick install but I want to know how to fix it and make persistent? Maybe there is some magic variable?
<adamt>
thoughtpolice: Annoying it's not per cache, but I'll try narinfo-cache-negative-ttl. Do you have any idea what is the best way to fail when hitting the (non-existing) cache from the outside? connection refused? 403? 404? 5xx?
<thoughtpolice>
adamt: I can tell you that the official cache and the third party cache servers do use 404. :) But I am not sure if Nix treats all non-200s etc, as equivalent.
<thoughtpolice>
I don't think it does.
<thoughtpolice>
Errr, I think *it does* treat all those as equivalent, I mean
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #66283 → ideogram: init at 1.2.2 → https://git.io/fjQDB
<thoughtpolice>
fvh: The installer will normally add something to your local .bashrc/profile or whatnot, perhaps that was not added?
<thoughtpolice>
(I cannot check at the moment since I'm not sitting at my desktop with my Ubuntu/Nix machine)
ubert has quit [Quit: Leaving]
<gchristensen>
fvh: which version of fedora?
emilsp has quit [Quit: bye]
emilsp has joined #nixos
<adamt>
thoughtpolice: I think there's an internal hardcoded negative TTL of 60s for one of the cases, but I can't remember which :-) Thanks for the help so far
<fvh>
@thoughtpolice after install it asks to source `. /home/fvh/.nix-profile/etc/profile.d/nix.sh` but I'm getting `.nix-profile/etc/profile.d/nix.sh:stat:15: %u: no such file or directory Nix: WARNING: bad ownership on /nix/var/nix/profiles/per-user/fvh, should be 1000` I checked and it equals to `1000` but nix script on if statement `%u` fails. Is t
<fvh>
hat possible it's a bug? Running Fedora 30 / 5.2.5-200
<fvh>
gchristensen v30
<thoughtpolice>
Hmmm. Maybe. gchristensen would certainly know more
<thoughtpolice>
adamt: Yeah if there's a fixed timeout IDK about that, would be interested in knowing. (Maybe like, nix-cache-info or something?)
<thoughtpolice>
Which you might want to always serve, even if all non-internal requests get sinkholed into a 404. (I do know nix does track binary cache endpoints in the .db based on nix-cache-info, but can't remember the specifics of what it tracks)
<gchristensen>
fvh: I'll check the install matrix here in about 30min.
<{^_^}>
[nixpkgs] @sam-willis opened pull request #66284 → added QT_PLUGIN_PATH env to mixxx package → https://git.io/fjQDV
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjQDw
<fvh>
gchristensen sorry not yet familiar with ecosystem, you have some kind of build matrix for different versions/platforms on CI?
<adamt>
Yeah, I figured the nix-cache-info would be required, but if things like the priority is added to a DB it might get messy, since the cache.example.com will sometimes be broken on purpose, and sometimes working as it should
<adamt>
Damn secrets, would be so easy to just make the cache public it if wasn't for them.
byteflam1 has quit [Ping timeout: 244 seconds]
<thoughtpolice>
adamt: An alternative is to use netrc to add authentication to your cache
<gchristensen>
fvh: right, I install Nix 3 ways on 24 distros
<thoughtpolice>
Though that requires a whole lot of extra shit to keep automated outside of a VPN
<fvh>
gchristensenals notice, after even command failed, I can start using nix-env and other commands until next reboot
<adamt>
thoughtpolice: Heh, it's not more difficult than all people having to add our cache as a trusted substituter :P
* thoughtpolice
quietly whispers: "Eris supports netrc natively out of the box if you're running your own server"
<adamt>
We have a local ceph setup, so we'll probably migrate to nix copy'ing into an S3 bucket for redundancy, instead of using nix-serve as we do now, sorry. ^^
<adamt>
Still, netrc might be a good solution. Oh man, so many things to fix that doesn't provide measurable business value.
<{^_^}>
,expand #<channel> <user>: Anonymously send "Please expand your question to include more information, this will help us help you :)" to a user in a specific channel (only works in PMs)
<{^_^}>
jslight90: Please expand your question to include more information, this will help us help you :)
___laika has joined #nixos
<ar>
i wonder how often after something like this people ask {^_^} their question on query
<fvh>
is there any guide on how to setup hydra to build binary for me not just using that I built locally?
psyanticy has quit [Quit: Connection closed for inactivity]
noogie has joined #nixos
___laika has quit [Ping timeout: 245 seconds]
linarcx has joined #nixos
byteflam1 has quit [Ping timeout: 245 seconds]
<jslight90>
exarkun: I have added @clevers repo (https://github.com/cleverca22/nixos-configs) as a git submodule to my nixops config. I then add `qemu-user.aarch64 = true;` to the building system to enable it, which has `nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ])
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjQy0
camal is now known as plain
plain has quit [Quit: leaving]
ryantrinkle has quit [Ping timeout: 258 seconds]
pi3r has quit [Quit: Leaving]
justanotheruser has quit [Ping timeout: 244 seconds]
linarcx has quit [Ping timeout: 246 seconds]
WhittlesJr has quit [Ping timeout: 260 seconds]
andymandias has joined #nixos
<joepie91>
!tofu
<joepie91>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<joepie91>
can never have enough tofu
<{^_^}>
[nixpkgs] @mgttlinger opened pull request #66287 → pgsolver: init at 4.1 → https://git.io/fjQyg
<Thra11>
yorick: cool. thanks
andymandias has quit [Client Quit]
<asymmetric>
is there a way to avoid rebuilding the xml manual when doing a nixos-rebuild?
<asymmetric>
i'm working on a module and i don't need the manual and it takes time
<jslight90>
exarkun: I may have figured it out. I changed `nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";` to `nixpkgs.localSystem...`. I'll let you know if it works.
<averell>
There is a wine (defaults to 32bit) -> gstreamer (plugins-bad) -> opencv -> cudatoolkit (impossible to build on i686) dependency if cudaSupport=true. Where should that be addressed? opencv=opencvWithoutCuda in gstreamer seems a bit much.
<infinisil>
averell: I think cuda is nvidia specific
<infinisil>
So I'd do what you said there
<averell>
always build gstreamer without cuda support for opencv?
<averell>
I'll make a PR. I don't really understand how to query current platform build, otherwise opencv could just set the cudaSupportFlag &&= platform = x86_64
argarg has joined #nixos
kfound has quit [Ping timeout: 272 seconds]
<infinisil>
Maybe yeah
<infinisil>
And I guess nvidia could also be used on i686, soo
<infinisil>
Though I gotta admit, I don't have much of a clue what each of those packages does
byteflam1 has joined #nixos
<growpotkin>
Anybody 'round these parts know about plugging ZNC into a notification daemon like Dunst?
reanimus has joined #nixos
<ToxicFrog>
I've never used Dunst, but I did something similar with Munin by giving it an alerting path that wrote alerts to a "file" that was actually a fifo managed by ii, which then passed it on to IRC
<growpotkin>
That sounds like just the thing I need.
<ToxicFrog>
Or, wait. Is the goal Dunst generates notifications -> ZNC displays them, or vice versa?
<growpotkin>
Visa Versa
<ToxicFrog>
Oh
<ToxicFrog>
Then what I described is the opposite of what you need
<exarkun>
is there a coverage measurement tool for nix?
<growpotkin>
So when I get a DM or something with ZNC I'd like to pop up a notification (similar to those I get when WeeChat or some similar client is up)
<growpotkin>
exarkun: could you give a use case example?
<exarkun>
growpotkin: I wrote some nix code and then I wrote some tests for that nix code and now I want to know if I wrote tests for _all_ of that nix code.
<growpotkin>
exarkun: Code coverage is not something I conventionally consider in a package manager
<infinisil>
growpotkin: You run znc on your local machine and want to receive notifications from your local machine?
<exarkun>
maybe I mean "the nix expression language", not "nix".
<exarkun>
the language and the package manager kinda sorta seem to have the same name
<argarg>
Quick question, running RoonServer on a nixos server and it's unable to write to the backup directory (unless that directory is set to /tmp) and we can't figure out why. Permissions appear to be correctly set to the roon-server user, and when you su as the roon-server user you can touch files in the backup directory
<infinisil>
exarkun: I doubt there is something like that, but would be cool if there was
logand has joined #nixos
<growpotkin>
infinisil: yeah, I just run ZNC as a daemon and use WeeChat as a client on the same machine. It's just to keep logs and things like that even when I close my clients. But I'd like to get notifications for my channels straight from ZNC even if my client is closed.
<growpotkin>
exarkun: OH
<argarg>
if you're using WeeChat, why even bother with ZNC, the WeeChat Relay protocol is pretty nice
<growpotkin>
exarkun: I was imagining that you were trying to test a package-set or something
<exarkun>
growpotkin: understandable
<ToxicFrog>
argarg: weechat doesn't do weechat-to-weechat relays for some baffling reason, so if you want to use weechat as the frontend you have to use ZNC or weechat in its ZNC-alike rfc1459relay mode anyways.
<growpotkin>
argarg: I had no clue that WeeChat had a relay protocol. A buddy just suggested ZNC and I popped up the NixOS module for it last night.
<ToxicFrog>
If you're ok using one of the other frontends weechat is really good, though.
<argarg>
ToxicFrog: oh right I forget that it's weird like that
<ToxicFrog>
My setup is weechat-in-tmux on the server, with `ssh -t tmux attach` as the "frontend", and weechatdroid on my phone for notification relaying.
<growpotkin>
ToxicFrog: I tried the ol' "WeeChat in Screen" thing last night but I was not all that impressed :(
<ToxicFrog>
Wait, hang on, I missed the "use weechat as a client on the same machine" part
<growpotkin>
infinisil: thank you
<infinisil>
growpotkin: Make it do requests to localhost, where a systemd socket listens and executes a notify-send for every connection
<ToxicFrog>
That's really confusing, what's wrong with screen/tmux?
byteflam1 has quit [Ping timeout: 258 seconds]
<growpotkin>
I was using our NixOS module and couldn't decipher how to connect to it as a normal user. I gave up pretty quickly and dove into ZNC (honestly I didn't give it an extensive shot)
<growpotkin>
infinisil: Thank You!
<infinisil>
argarg: Regarding the roon server thing, you gotta give a bit more information, errors and configs and such, hard to help otherwise
<ToxicFrog>
growpotkin: so, it's been a while since I used screen, but I remember it working basically the same as tmux, i.e. you just run "screen" from your terminal and it gives you a shell inside screen, and then you do whatever.
<argarg>
infinisil: sure thing. For logs, we can't find anything solid. reanimus would have the configsm, it's their box. What else can I grab for you?
<ToxicFrog>
And then to reattach you "screen -dR" or "tmux attach".
<ToxicFrog>
There's no separate daemon you have to start up or anything.
<growpotkin>
On a somewhat related note: Does anybody use Nix to configure WeeChat? I have been using the `init` module option to do a startup script and launching with `weechat -t` to avoid using existing configs; but maybe there's another way.
<growpotkin>
ToxicFrog: I might give that another try, that's convenient because my notifications are already set up with WeeChat
<ToxicFrog>
growpotkin: there's even tmuxinator if you want a declarative tmux configuration
<infinisil>
argarg: How are you running roon-server? With the new NixOS module?
<reanimus>
infinisil: yes
<infinisil>
How did you configure the backup directory?
<argarg>
with the Roon GUI
<infinisil>
And the setting did apply? Is there some config file you can check to make sure?
<reanimus>
infinisil: the app's configuration is largely handled directly through its UI. we installed roon, connected to the core and pointed it to the backup using its internal backup mechanism
<growpotkin>
ToxicFrog: I might try that. Honestly I haven't used Tmux for a couple of years. I started using XMonad and I don't usually need to SSH that much so I didn't have a huge need for Tmux anymore.
<growpotkin>
ToxicFrog: I gotta shake the rust off a bit haha
<infinisil>
reanimus: argarg: Ah, the problem might be that roon-server is running with DynamicUser
<argarg>
infinisil: we were able to read from the configured path to restore a previous backup.
<reanimus>
oh?
tomas1 has joined #nixos
<reanimus>
infinisil: this error also occurred when we made the backup dir have 777 perms
<infinisil>
Which error?
<argarg>
"Backup Failed at <time> / Backup directory is not available"
<argarg>
it doesn't show in logs, just in the GUI when I try to force a backup
<reanimus>
infinisil: we also did an strace during this and saw a line where it attempts to unlink a file in there and gets EROFS as a result
<infinisil>
That makes me think that it's trying to back up to the /nix/store, which is a RO filesystem
<ToxicFrog>
growpotkin: fair enough, I practically live in the terminal so I'm tmuxing all the time
<infinisil>
Where did you configure the backup path to be?
<reanimus>
that was my guess
<reanimus>
/External/Backups/Roon
<argarg>
if we set it to /tmp/something it works fine
<fvh>
I'm trying to use nixops to deploy my package to vbox and ec2 and always get `SSHConnectionFailed: unable to start SSH master connection to root@<ip>` but I can connect easily from terminal, what could be the reason for this? I have `services.openssh.enable = true;` any hints?
<infinisil>
What if you made /External/Backups/Roon all have the same permissions as /tmp/something
<argarg>
oh, so the /tmp/something isn't in /tmp when I just ls it
<argarg>
so it's probably the /tmp inside the store?
<infinisil>
Huh
* infinisil
checks the roon-server nix build file
<argarg>
thanjs
<argarg>
k*
<infinisil>
argarg: The strace should show the full path though
Jackneill has quit [Remote host closed the connection]
<infinisil>
Because
<infinisil>
"If DynamicUser is enabled, PrivateTmp is implied"
<infinisil>
And `ProtectSystem=strict` and `ProtectHome=read-only` as well
<infinisil>
From `man systemd.exec`
<pie_>
qyliss: i might have given myself a weird problem. to fully evaluate my entire config i need python to run a python script i wrote that finds some stuff and passes it through getEnv, but on a fresh system presumably you might not be able to do that yet? any ideas?
<infinisil>
"Care should be taken that any processes running as part of a unit for which dynamic users/groups are enabled do not leave files or directories owned by these users/groups around, as a different unit might get the same UID/GID assigned later on, and thus gain access to these files or directories."
<reanimus>
:(
<infinisil>
Yeah so that ain't gonna work
byteflam1 has joined #nixos
<reanimus>
I may disable dynamicuser on the service then
<jslight90>
I only have that option enabled for NixOps systems that are running on aarch64 processors. I then have a separate builder system with the QEMU emulation enabled for building aarch64 packages.
<reanimus>
it may be worth making that change overall
<infinisil>
reanimus: Yeah might be best
<infinisil>
reanimus: Would be cool if you could write a short comment in #65698 for this, describing why DynamicUser doesn't work here
<jslight90>
exarkun: Interestingly, if I try to build as root, it doesn't use the nix-daemon and fails to utilize the emulation.
bakakuna has quit [Ping timeout: 248 seconds]
Neo-- has quit [Ping timeout: 250 seconds]
byteflam1 has quit [Ping timeout: 268 seconds]
<exarkun>
jslight90: Hm I can almost imagine why that might happen but I don't really know enough to say anything for sure. I bet there's some way to fix it, though.
<{^_^}>
[nix] @grahamc pushed to master « fixup: docs for post-build-hook »: https://git.io/fjQSV
<exarkun>
On a completely different topic, I wonder if anyone knows what tricks to use to get CircleCI caching to play nicely with /nix/store?
<exarkun>
I thought it was working fine for a while but suddenly today it is spewing errors about things in .links not existing and breaking nix-build.
<eraserhd>
I have symlinked ~/.nix-defexpr to a git checkout of nixpkgs, and _something_ keeps removing the symlink, making it a directory, and adding channels to it. Does anybody know what?
<eraserhd>
I'm using nix-darwin, though I'm not sure that matters.
growpotkin has joined #nixos
erk^ has joined #nixos
mexisme has quit [Ping timeout: 245 seconds]
<__monty__>
Where do options that would ordinarily go in mkinitcpio.conf go in nixos? I need keyboard, encrypt and lvm2 hooks because of dm-crypt.
<reanimus>
so i opened that PR for removing dynamicuser but other than removing the two fields in the systemd unit is there anything else i need to do? i think i may need to add the id to nixos/modules/misc/ids.nix as well, no?
<__monty__>
Also, where do fstab options go? hardware-configuration.nix says not to touch because it's generated.
_reanimus_ has joined #nixos
<jslight90>
exarkun: Setting NIX_REMOTE=daemon allows root to utilize the emulation.
reanimus has quit [Ping timeout: 276 seconds]
sakalli has quit [Ping timeout: 268 seconds]
tkral has joined #nixos
logzet_ has quit [Ping timeout: 264 seconds]
justanotheruser has joined #nixos
<__monty__>
I guess I *can* and *should* edit hardware-configuration.nix for these things?
<infinisil>
__monty__: There should be no problem with putting filesystem options in configuration.nix
<__monty__>
So I shouldn't touch hardware-configuration.nix?
<infinisil>
Manually editing hardware-configuration.nix means that you either lose those edits when you regenerate it, or you can never regenerate it again (unless you somehow keep track of the changes you made and reapply them every time)
<infinisil>
Yeah I wouldn't touch it
zeta_0 has joined #nixos
<__monty__>
It seems LVM-on-LUKS is supported ootb but LVM-on-plain-dm-crypt is not? Anyone have an idea of how to do this?
selfsymmetric-mu has quit [Remote host closed the connection]
<petercommand>
why doesn't nix allow network access when building packages?
ambro718 has joined #nixos
amf has quit [Quit: WeeChat 2.5]
<petercommand>
or is it possible to enable network access
<__monty__>
petercommand: The sandbox doesn't allow it unless you use one of the function that allow specifying a hash I believe. It's to keep builds pure/reproducible.
vesper11 has quit [Ping timeout: 258 seconds]
glittershark has joined #nixos
<glittershark>
how do I take a directory returned by something like fetchFromGithub and get its subdirectory?
<petercommand>
__monty__: hmm..
<__monty__>
glittershark: Do you mean listing the directory?
<infinisil>
Well, not exactly no, but close enough :P
<glittershark>
haha sure
<glittershark>
dynamic types are dynamic
lambda-11235 has joined #nixos
<{^_^}>
[nixpkgs] @averelld opened pull request #66292 → opencv: dont try cuda on 32 bit → https://git.io/fjQ98
zeta_0 has quit [Remote host closed the connection]
selfsymmetric-mu has joined #nixos
<infinisil>
If anybody is interested: string interpolation works on not only strings, but also attribute sets. Namely it will take the `outPath` attribute as the string value
<selfsymmetric-mu>
How can I install the unstable version of `emacs-libvterm` in my Emacs? The one from 19.03 crashes me.
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @astro opened pull request #66294 → firestarter: init at 1.7.3 → https://git.io/fjQ9E
<petercommand>
__monty__: how are the fetch utilities allowed network access?
angristan has joined #nixos
mexisme has quit [Ping timeout: 276 seconds]
<simpson>
petercommand: They promise to fetch a specific object, and the object's hashes are fixed ahead of time. These are called "fixed-output derivations" in the manual, IIRC.
_kwstas has joined #nixos
_kwstas has quit [Remote host closed the connection]
<selfsymmetric-mu>
I overrode the source but then I got `error: could not find git for clone of libvterm`.
shibboleth has quit [Quit: shibboleth]
Lukas4452 has quit [Ping timeout: 244 seconds]
Lukas4452 has joined #nixos
zeta_0 has joined #nixos
<fvh>
@gchristensen any news on fedora 30 build?
<gchristensen>
d'oh
<gchristensen>
lost track of time
Lukas4452 has quit [Client Quit]
<gchristensen>
fvh: looks like I don't have fedora30 yet. just 25,26,17,28 :/
<gchristensen>
fvh: are you all set for now? ie: you have an okay workaround, while I put this on to my to-do list?
erasmas has joined #nixos
<vika_nezrimaya>
question about nixpkgs.uwsgi: do I need to provide custom python3 with own path to be able to launch sites with it like people usually do when installing a webapp into site_packages?
<{^_^}>
[nix] @edolstra merged pull request #3030 → pathlocks: add include to fcntl.h for O_CLOEXEC → https://git.io/fjQPq
<selfsymmetric-mu>
As you can see I have tried adding `git` and `curl` to the `buildInputs` in case they weren't already there for some reason, but no dice.
<symphorien>
selfsymmetric-mu: derivations are forbidden to access the network
<selfsymmetric-mu>
symphorien: I see. How then can I appropriately get a more recent version of `emacs-libvterm`?
<symphorien>
I expect that the build system tries to fetch this repo itself
<symphorien>
no idea
<selfsymmetric-mu>
The one from 19.03 crahes my Emacs.
<selfsymmetric-mu>
I am hoping to try a newer version without waiting until October.
<zeta_0>
__monty__: why?
o1lo01ol1o has joined #nixos
<symphorien>
you would have to understand how to coax the build system of this package into using a clone of libvterm that you obtained with fetchFromGitHub
<__monty__>
zeta_0: Because I assume ihaskell needs a ghc that can provide several packages.
<selfsymmetric-mu>
symphorien: Okay I'll take a look.
<averell>
> null.bla or "how?"
<{^_^}>
"how?"
<averell>
how come that works?
<zeta_0>
__monty__: i already tried that but it says packages are broken, when i pasted: `nixpkgs.config.allowBroken = true;` into configuration.nix it still did not work, maybe it has something to do with home.nix?
<__monty__>
zeta_0: No, the problem is some of the packages you need are broken. That's not just nix being silly, they're marked broken for a reason. Sadly it's a common occurence with the haskell infra lately : /
<__monty__>
zeta_0: You'll need to identify each broken package and overlay it with one that's not broken.
<infinisil>
averell: It's a builtin nix syntax
<averell>
on the or? cause i looked through the nix manual, and i can't find it
<infinisil>
Ah, although, I didn't know it worked with null
<zeta_0>
__monty__: i talked with the one of the main developers (vaibhavsagar) yesterday, and he says it's working fine, so i am not sure what i am doing wrong?
<infinisil>
"It is possible to provide a default value in an attribute selection using the or keyword. For example, "
<__monty__>
zeta_0: Does it work if you try it in a nix-shell?
dispanser has joined #nixos
<vaibhavsagar>
zeta_0: you are being a help vampire
dispanser has left #nixos [#nixos]
<vaibhavsagar>
please stop
zupo has joined #nixos
<zeta_0>
__monty__: i haven't tried that yet
<vaibhavsagar>
IHaskell itself works fine, the current version bundled in nixos-19.03 is broken
fendor has quit [Ping timeout: 245 seconds]
johanot has joined #nixos
<__monty__>
,overlay zeta_0
<{^_^}>
zeta_0: Overlays look like `self: super: { foo = ...; }`. Use the self argument to get dependencies, super for overriding things and library functions (including callPackage). More info: https://nixos.org/nixpkgs/manual/#sec-overlays-install
<vaibhavsagar>
I told you yesterday that I recommend using `master` from GitHub
<averell>
ok, and the null or "whatever".bla or x it will just take anything where i pretend attrib access i assume
dispanser has joined #nixos
<selfsymmetric-mu>
Okay, I reported a bug and I'll wait for October.
<__monty__>
zeta_0: You'll have to overlay IHaskell with a working version. If it's on hackage you can use callHackage, otherwise you could clone nixpkgs and fix it there.
wfranzini has joined #nixos
<vaibhavsagar>
zeta_0, add this line to your home-manager configuration as a separate package in `packages`: `(let ihaskell = builtins.fetchTarball { url = "https://github.com/gibiansky/IHaskell/tarball/bb2500c448c35ca79bddaac30b799d42947e8774"; sha256 = "1n4yqxaf2xcnjfq0r1v7mzjhrizx7z5b2n6gj1kdk2yi37z672py"; }; in import "${ihaskell}/release.nix" { compiler = "ghc865"; nixpkgs = pkgs; })`
<vaibhavsagar>
monty: that's not necessary or sufficient, IHaskell has Python dependencies that also need to be installed for it to work correctly
<averell>
btw that linked manual right there has a line "y = f { bla = 456; };" and i think that f is a typo?
<__monty__>
vaibhavsagar: Ah, didn't know it had a nix expression. Was just going off my generic haskell/nix experience.
<infinisil>
__monty__: I hope that flakes will encourage using upstream nix files more
<__monty__>
infinisil: Not in nixpkgs.
<vaibhavsagar>
__monty__: I went over all this yesterday on #haskell but zeta_0 ignored everything I said and is asking the same questions again today
<infinisil>
Hm I wonder, if a package is always broken beyond repair in nixpkgs, it might make sense to just point to upstream's nix files if they have them
<vaibhavsagar>
__monty__: a couple of years ago I pulled the existing nixpkgs support straight into the IHaskell repo and I've been using it that way ever since
o1lo01ol1o has quit [Remote host closed the connection]
byteflam1 has joined #nixos
<__monty__>
zeta_0: In this particular case the pill has been pretty well chewed for you though.
<infinisil>
__monty__: Well maybe not include the flake itself, but just point to it
<infinisil>
__monty__: As in `some-package = throw "Use this flake instead"`
jlv has joined #nixos
<__monty__>
infinisil: Like a stub expression? { broken = true; custom-broken-message = "Get it from upstream flake."; }
<__monty__>
... thinking alike
<infinisil>
Not even a derivation, just `some-package = throw` in all-packages.nix
<infinisil>
Although I guess the meta information could be useful
<infinisil>
For nix search or so
<infinisil>
__monty__: Oh, how about some flakes hook, where if you try to do `nix-env -iA some-package` and it evaluates to `{ upstream-flake = <flake uri>; }`, nix-env detects that and then says "This package is unavailable in nixpkgs, do you want to install it from the upstream flake instead (flake URI)?"
johanot has quit [Quit: WeeChat 2.4]
<zeta_0>
vaibhavsagar: thanks for clarifying things from yesterday, lets see if i can get this to work
<infinisil>
(I wish i read through the flakes proposal a bit better so I would know how it works a bit more precisely)
<__monty__>
infinisil: Sounds great. Though I think that blurs the line a lot about whether nixpkgs maintainers approve of the package.
<zeta_0>
__monty__: ya thanks for the nix pill
<infinisil>
__monty__: Hm true, it might give a false sense of security. The code in the flakes hasn't been reviewed in any way by the nixpkgs members
<infinisil>
One could add their flake reference to nixpkgs and later just straight up package malware in it
<infinisil>
So maybe an interactive hook isn't very good, an error message with just a link to the flake website might be better then
jtojnar has quit [Ping timeout: 272 seconds]
npmccallum has quit [Quit: npmccallum]
<__monty__>
infinisil: It'd be possible if you pinned the flake, which flakes make easy. But then the burden of updating the pin is on nixpkgs maintainer again. Maybe that's acceptable but people don't seem eager for this.
wfranzini has quit [Remote host closed the connection]
<infinisil>
Yeah and I think a big point of flakes is that you shouldn't have to update them manually
<{^_^}>
[nixpkgs] @timokau pushed commit from @JohnAZoidberg to master « codespell: init at 1.15.0 (#63673) »: https://git.io/fjQHz
<__monty__>
infinisil: I'm not sure where you're getting the "shouldn't have to update them manually?" Flakes make pinning really easy, and that's a good thing. The main thing flakes achieve is replacing channels and being more modular than channels at the same time.
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil>
Ah yeah, I just meant like, if we did `throw "Use flake foo at version cd438a2 for this package"` then it would have to be updated manually
mexisme has quit [Ping timeout: 244 seconds]
<alienpirate5>
what's causing my `system-path` to depend on gtk+3?
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/fjQH9
<infinisil>
alienpirate5: If you have some .drv file (which nix-build will output at the beginning), you can do `nix-store -q --tree /nix/store/....drv` to see its dependency tree
<alienpirate5>
thank you
hc^ has quit []
<infinisil>
There you can grep for gtk
<alienpirate5>
i'm using `nix build` though not `nix-build`
<alienpirate5>
actually it still outputs derivation names when it fails
vika_nezrimaya has quit [Ping timeout: 244 seconds]
<infinisil>
craige: Nice! I'm really looking forward to my Librem 5, having NixOS work well would be greate
<infinisil>
s/greate/great
growpotkin has joined #nixos
<craige>
I'm plugging away quietly infinisil - not getting as much done as I'd like though. There may have to be some custom binary caches or nix files to apply patches that are ot yet upstream.
<__monty__>
Librem 5's a phone, right? Does nixos do telephony?
<craige>
It will with the patches applied, __monty__
<damesca>
Hi. Looking for help. I'm trying to install a newer version of aws-vault by overriding src/version in the nixpkgs 19.03 version, but getting a ton of build failures (see build config/errors here: https://pastebin.com/Gkh7SVyx). Can anyone help? This is my first attempt at changing a package, and after reading the manual/googling around I've still n
<damesca>
ot found a good example that works for my slow brain. Would appreciate if anyone can lay it on me. :)
mexisme has joined #nixos
<craige>
The phone is running PureOS (Debian) and the code is all public.
<alienpirate5>
error: cannot auto-call a function that has an argument without a default value ('stdenv')
<infinisil>
craige: Yeah I mentioned that in my reply, I can assign the labels if you tell me which PR's
<infinisil>
/issues
<{^_^}>
[nixpkgs] @matthewbauer merged pull request #66154 → xcbuild: fix build on darwin → https://git.io/fjQts
<infinisil>
alienpirate5: Are you adding this to nixpkgs?
<alienpirate5>
not yet, but I plan to do this at some point
<alienpirate5>
but I just want to get it to build first
<infinisil>
,callPackage alienpirate5
<{^_^}>
alienpirate5: If a Nix file foo.nix starts with something like `{ stdenv, cmake }:`, you can build it with `nix-build -E '(import <nixpkgs> {}).callPackage ./foo.nix {}'`
<alienpirate5>
Ok, let me try this
<infinisil>
Alternatively (and probably preferably), you can replace the argument list with a `with import <nixpkgs> {};`
<alienpirate5>
is this something that would work in nixpkgs?
Jackneill has quit [Read error: Connection reset by peer]
<alienpirate5>
also ugh the build system installs directly to /usr/local/bin
<infinisil>
`with import <nixpkgs> {};` won't work in nixpkgs
<infinisil>
In nixpkgs you'll have to define a top level `my-package = callPackage ./path/to/the/file.nix {}`
<__monty__>
infinisil: Want to specify additional modules in boot.initrd.availableKernelModules. (for dm-crypt)
<craige>
Replied, infinisil :-)
<infinisil>
__monty__: Just assign this option again in your configuration.nix
<infinisil>
__monty__: The module system will make sure to merge them
<infinisil>
(in this case, concatenating the lists)
<__monty__>
Oh, great.
<fvh>
@gchristensen yes, I can work until next reboot
vika_nezrimaya has joined #nixos
noudle has quit []
vika_nezrimaya is now known as kisik21
kisik21 is now known as vika_nezrimaya
drakonis_ has joined #nixos
<craige>
Thanks infinisil! :-D
endformationage has quit [Quit: WeeChat 2.5]
selfsymmetric-mu has quit [Remote host closed the connection]
_kwstas has quit [Quit: _kwstas]
damesca has quit [Remote host closed the connection]
<infinisil>
:D
<fvh>
There is error exist when working with failed SSH with binary from Nix on Fedora, it's related to system wide configuration described here https://nixos.wiki/wiki/Nix_Cookbook#Bad_configuration_option:_gssapikexalgorithms solution proposes to comment out bad config options but I want a more stable solution. Any hints where package is build? nixpkgs
<{^_^}>
[nixpkgs] @Ma27 pushed commit from @WilliButz to release-19.03 « grafana: 6.3.0 -> 6.3.2 »: https://git.io/fjQQP
zeta_0 has quit [Remote host closed the connection]
<vika_nezrimaya>
I suppose that services.uwsgi.instance.pythonPackages thing never gets applied. I can't see a reference to my project (which works with Nix as its primary build system <3) in the uwsgi path, and it isn't getting imported! >.<
<vika_nezrimaya>
This looks like NixOS/nixpkgs#28429, but I'm not sure how to solve it
<vika_nezrimaya>
alienpirate5: trying it out right now... it seems like it will build it from source
<alienpirate5>
shouldn't take too long to error out
<vika_nezrimaya>
ok then
<vika_nezrimaya>
right now it's downloading source code
<samueldr>
it may take longer for you since it'll need to build a bunch of deps too unless you already had them built like alienpirate5 presumably has
<alienpirate5>
oh you're right it might take a long time to build all of the dependencies for armv7l
<alienpirate5>
hmm we said the same thing
<vika_nezrimaya>
ugh
<vika_nezrimaya>
sorry cancelling it, my battery won't last long enough to build EVERYTHING
<samueldr>
alienpirate5: why are you asking? if it doesn't build for you, chances are great it won't build for everyone else
<alienpirate5>
i don't actually know
Okinan has quit [Quit: Konversation terminated!]
<alienpirate5>
I can pastebin the build errors I get though
<vika_nezrimaya>
I tried building a whole armv7l system once. With --system armv7l-linux. It hanged on some sed invocation and never completed building.
<samueldr>
(not scoldin you, really want to know the failure method, or a reason for asking)
<vika_nezrimaya>
somewhere early
<vika_nezrimaya>
like, on the toolchain stage?
fvh has quit [Remote host closed the connection]
<alienpirate5>
oof
<vika_nezrimaya>
oh, i'm lying, i tried twice or thrice
drakonis_ has quit [Read error: Connection reset by peer]
<samueldr>
cross-compilation is still a big WIP for a system-wide use, though it's possible to build a limited sd image https://github.com/samueldr/cross-system
<alienpirate5>
Here's the build errors I'm getting
<alienpirate5>
for json-glib
<samueldr>
limited in that you should probably use it to then do a native build
<vika_nezrimaya>
samueldr: I'm compiling it pseudo-natively using QEMU
<vika_nezrimaya>
'cause I want it to be able to update itself
<samueldr>
yeah, I never had any luck with that working right for everything
Okinan has joined #nixos
<samueldr>
but using a cross-built nixos, it should be able to rebuild itself
johanot has quit [Quit: WeeChat 2.4]
<samueldr>
though it'll (obviously I think) need to rebuild the world
<vika_nezrimaya>
but first rebuild will be SLOW
<samueldr>
yes
<alienpirate5>
anyway samueldr I got polkit to build, now trying to build Xorg and all of its deps
<vika_nezrimaya>
Ugh
<vika_nezrimaya>
Will it burn out an old SD card completely? it served me for several years I think?
gentauro has quit [Read error: Connection reset by peer]
<alienpirate5>
i'm also trying to get distributed cross-builds going
<samueldr>
alternatively, if you have fast aarch64 with kvm, you could use a cross-built armv7 as a stepping stone, to get an armv7 VM, which is likely going to build quicker
<vika_nezrimaya>
samueldr: I still don't have the money for an aarch64 machine
<samueldr>
>> FileNotFoundError: [Errno 2] No such file or directory: 'ldd': 'ldd'
gentauro has joined #nixos
<vika_nezrimaya>
and community builder is said to not be trusted for anything mission-critical
<samueldr>
that's because ldd will be named something like armv7l-unknown-linux-gnueabihf-ldd
<samueldr>
or at least, prefixed
<alienpirate5>
so i should build minimal cross-images and then build images natively on the cross-built images?
<samueldr>
that's what I would do right now
<vika_nezrimaya>
I think so. alienpirate5, to not duplicate the work, could you upload the cross-built image and/or the minimal native system closure to cachix or some file hosting?
<samueldr>
though, actively improving the cross-compilation story of nixos is good too!
<samueldr>
I think the machine I tested on is equivalent to an i7-6770K or thereabout for that kind of workload
<vika_nezrimaya>
I don't know the intel equivalent 'cause I've never had an Intel machine in my life
<vika_nezrimaya>
The only Intel machine there is my mom's
__monty__ has quit [Ping timeout: 248 seconds]
<vika_nezrimaya>
samueldr, alienpirate5: ok I started building it, wish me luck
<clever>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<alienpirate5>
have fun
fragamus has joined #nixos
<vika_nezrimaya>
and while we're here... have anyone used uwsgi with python?
___laika has quit [Ping timeout: 245 seconds]
<alienpirate5>
clever: couldn't you use the nix-prefetch-* scripts?
<vika_nezrimaya>
can you drop me a snippet how you've configured it? I seem to be missing something VERY obvious
<clever>
alienpirate5: the target isnt supported by those scripts
<alienpirate5>
ah
<samueldr>
52i0 clever :)
<clever>
samueldr: the "editor" is slack :P
<samueldr>
ouch ;)
orivej has quit [Ping timeout: 245 seconds]
<samueldr>
alienpirate5: first of all, I was mistaken, mistook ldd for ld
<samueldr>
though even with ldd, it fails, I'm not sure what would be the better approach for an ldd that works there
mexisme_ has joined #nixos
jlv has quit [Remote host closed the connection]
<alienpirate5>
oof
mexisme has quit [Ping timeout: 248 seconds]
justanotheruser has quit [Ping timeout: 264 seconds]
<samueldr>
the issue might need to be fixed in gobject-introspection
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<zgrep>
How does soapysdr-with-plugins get made/created from the soapysdr package? I can't find where that derivation would be defined, it seems to just... magically exist.
adamt has joined #nixos
adamt is now known as Guest14863
erasmas has quit [Quit: leaving]
justanotheruser has joined #nixos
argarg has left #nixos ["goooooooooooooooooooooooooooooood bye"]
__monty__ has joined #nixos
<{^_^}>
[nixpkgs] @adisbladis opened pull request #66301 → Drop deprecated emacs package sets → https://git.io/fjQ7B
___laika has joined #nixos
Guest14863 has quit [Ping timeout: 268 seconds]
lambda-11235 has joined #nixos
Guest14863 has joined #nixos
<adisbladis>
zgrep: It's defined in pkgs/top-level/all-packages.nix
__monty__ has quit [Quit: leaving]
mbrgm_ has joined #nixos
mbrgm has quit [Ping timeout: 264 seconds]
mbrgm_ is now known as mbrgm
acarrico has quit [Ping timeout: 248 seconds]
<zgrep>
adisbladis: Ah, I see. Interesting. Thanks.
reanimus has quit [Ping timeout: 276 seconds]
ddellacosta has joined #nixos
ambro718 has quit [Quit: Konversation terminated!]
<clever>
exarkun: try using builtins.fetchTarball instead of pkgs.fetchFromGitHub
<exarkun>
ok
<clever>
exarkun: the module is setting some overlays, so you cant use pkgs when fetching it
<exarkun>
ah
yangm97 has left #nixos ["User left"]
Acou_Bass has quit [Ping timeout: 258 seconds]
<exarkun>
hm
<exarkun>
nix-prefetch-url gave me a sha256 that builtins.fetchTarball is unhappy with
<exarkun>
I think this is maybe the 2nd time I've experienced this
<clever>
exarkun: fetchTarball wants the unpacked sha256, so you need nix-prefetch-url --unpack
<exarkun>
oof. ok.
<exarkun>
stuff is happening.
emilsp has quit [Ping timeout: 615 seconds]
znewman01 has quit [Remote host closed the connection]
alex`` has quit [Ping timeout: 258 seconds]
<alienpirate5>
ugh why is it that when i enable the x server, it enables every xdg portal, dbus, gtk+3, and gibject-introspection
<alienpirate5>
* ugh why is it that when i enable the x server, it enables every xdg portal, dbus, gtk+3, and gobject-introspection
byteflam1 has joined #nixos
<alienpirate5>
how do i just enable the x server
<alienpirate5>
i don't even want xterm
emilsp has joined #nixos
reanimus has quit [Quit: Logging off...]
Acou_Bass has joined #nixos
reanimus has joined #nixos
ericsagnes has quit [Ping timeout: 264 seconds]
ddellacosta has quit [Quit: WeeChat 2.2]
acarrico has joined #nixos
thc202 has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixpkgs] @marsam opened pull request #66304 → pythonPackages.colorcet: fix build on darwin → https://git.io/fjQ5t
<ashkitten>
where should i put things like disk images in a derivation that'll provide a script to use the disk image in an emulator? should i put it in a directory of the output, or create a separate derivation to use it?