<{^_^}>
[nixpkgs] @teto pushed commit from @shreyanshk to master « neovim: fix icon not displaying »: https://git.io/Je4EF
toppler has joined #nixos
<gyroninja>
I'm using netcat to connect to a service which is bound to 0.0.0.0 on the vm
<clever>
gyroninja: by default, `-net user` only allows outgoing traffic
<clever>
gyroninja: but the example in `simple-test.nix` above will forward port 2200 to 22 in the guest
<gyroninja>
I would like incoming traffic, outgoing traffic has been working by default for me
<clever>
then look at the simple-test.nix above
<gyroninja>
ideally I would be able to forward all ports, but I'll take a look at that
<clever>
if you want to forward everything, then you need tun/tap or a bridge, which will require root when launching qemu
<gyroninja>
I tried -net tap earlier, but it did not work.
<gyroninja>
>No protocol specified
<gyroninja>
>qemu-system-x86_64: network script /etc/qemu-ifup failed with status 256
<clever>
gyroninja: i believe `-net tap` will create a tap device, and then you need to supply bash scripts that will bring the interface up and make it actually work
Soo_Slow has quit [Remote host closed the connection]
<clever>
gyroninja: `-netdev bridge,br=br0` is the simplest, it will generate a tap interface, then enslave it to br0, but you must first configure the host to create br0, and to enslave your real NIC to br0
<clever>
when using bridging, the guest will basically be another machine on the LAN, it will get an ip from the router via dhcp, and all ports will be open to anyone on the LAN
<clever>
you could even port-forward it at the router, if you wanted to
<red[m]>
damn, changing it so nixos-rebuild switch runs 1 job at a time of course slows things down a lot
<red[m]>
but I fear that if it works when running as a single job but fails when it runs with multiple jobs I'm going to end up in a world of hurt
<clever>
red[m]: i tend to first do `-j 8 --keep-going`, so it builds anything that it can build, then repeat with `-j 1`, and the only things it can pick from, are those that have failed before
<clever>
that will force it to build that drv again
<clever>
so you can skip directly to trying to reproduce!
<red[m]>
oh cool -- thank you
<clever>
red[m]: you can also run `nix-shell /nix/store/whatever.drv` to get a shell inside that drv, then do the usual `unpackPhase ; cd $sourceRoot ; configurePhase ; buildPhase` to reproduce
<clever>
wedens[m]: basically, just `nixops create -d house house.nix` and then `nixops deploy -d house`
<clever>
wedens[m]: line 10-13 defines the nas, 14-18 the router, 12/16, what IP nixops should ssh into
<wedens[m]>
clever: can you do that from any machine?
<clever>
wedens[m]: nas.nix and router.nix (lines 11/15) are then normal nixos configs
<clever>
wedens[m]: as long as you can ssh to the targets, you can deploy nixops from any machine
<clever>
wedens[m]: just be aware that nixops will (by default) obey the <nixpkgs> and $NIX_PATH on the host, so you may cause wonky upgrades and downgrades as you roam about
<clever>
wedens[m]: `nixops create -d house house.nix -I nixpkgs=https://github.com/nixos/nixpkgs/archive/dae9cf6106d.tar.gz` (which can be modified with `nixops modify`, see line 2), lets you override that
<wedens[m]>
I'd prefer not to have some kind of "deployment master" machine. will nixops state make it more difficult?
<clever>
but that url itself is held in the state file, so you still need to keep that in sync
<clever>
wedens[m]: oh, and the only other issue is the auto-generated keys, you should at least copy the state (or export | import) to sync those keys up
<clever>
wedens[m]: but once copied, its fairly safe to run independant copies of the state, with the none backend
toppler has joined #nixos
<wedens[m]>
can I use some pre-generated key instead of auto-generated?
<clever>
if you have keys loaded into your ssh-agent (via ssh-add) that can access root on the machines, those will also work
mexisme has quit [Ping timeout: 276 seconds]
<wedens[m]>
nixops builds on the host, right?
<Flambe>
Can someone lend me a hand with getting cmake working?
<clever>
wedens[m]: nixops will try to just build it on the machine running nixops, but it will obey any build machines configured in /etc/nix/machines
<clever>
wedens[m]: so it can offload work to other machines, if configured to
<clever>
Flambe: do you have cmake in the nativeBuildInputs ?
<wedens[m]>
understood. thanks, clever . I'll consider using nixops.
o1lo01ol1o has quit []
toppler has quit [Ping timeout: 265 seconds]
<Flambe>
clever: I do not, but I thought nativeBuildInputs was specific to Nix packages?
<clever>
Flambe: what exactly is the error you are having?
justanotheruser has quit [Ping timeout: 250 seconds]
<Flambe>
It was that CMake not being able to find a build program for makefiles, but some more digging found that I just didn't have gnumake installed
<clever>
,nix-shell Flambe
<clever>
,
<{^_^}>
Special commands: find tell locate expand - Commands sorted by use count, page 0 (use ,<n> to view page <n>): help libraries unstable escape'' library unfree declarative howoldis ping escape" callpackage paste overlay -a ask pinning profiling pr nixlang++ which-channel imperative xy cache fancy-uninstall pills stateversion wololo xml botsnack exec invite channels loot haskell home-manager stuck ifd pointers tias escape-special timer dontask nur
<clever>
Flambe: you must use nix-shell when compiling anything, installing make and gcc wont work
wfranzini has quit [Remote host closed the connection]
<hpfr[m]>
I’m on a very space limited laptop and just accidentally filled my drive while rebuilding the system (has to compile qtbase for some reason, and a custom kernel), what can I do from here?
<hpfr[m]>
What does the max freed do? Stop it after 1g?
<clever>
yeah
<clever>
when low on space, you can sometimes run out of space while deleting things
<clever>
so you need to delete a small amount first
<hpfr[m]>
Oh, thanks
<clever>
also, if you dont restrict the deletions, it will delete everything you jsut downloaded and compiled
<clever>
so you have to start over with the downloads
tdeo_ is now known as tdeo
tdeo has quit [Changing host]
tdeo has joined #nixos
<hpfr[m]>
Well what else can I do other than not restricting deletions? I can’t uninstall software without rebuilding either, so I’m just going to fill up again when it tries to build
<clever>
hpfr[m]: you may have had enough garbage laying around, when you started, that you could delete enough to make things fit, how big is the disk and how much is free?
<hpfr[m]>
55G and it’s full, but I’m collecting garbage right now
<notgne2>
had this problem yesterday on my laptop tbh
<hpfr[m]>
I’m pretty sure I was at like 65% before the rebuild though which seems like a lot of space for a build
<hpfr[m]>
Thanks for being honest lmao
<notgne2>
took me like 5 tries of thinking I cleared enough space before it managed to avoid filling it leaving about 1gb free (until it was done and I could free all the old packages)
toppler has quit [Ping timeout: 265 seconds]
<hpfr[m]>
Garbage collecting cleared 10GB and optimizing the store cleared nothing since I just did it. I have 41G used and 12G available
<hpfr[m]>
That’s 78% I swear I was at 65%
<hpfr[m]>
notgne2: how did you clear up space without rebuilding
<notgne2>
just going after other files, `ncdu` is a nice tool for finding what is using your space and freeing it up, I had a lot of cached things in dotfiles and dev directories, then a few gb of journald logs stacking up
<notgne2>
also you could try minimizing the differences besides removals and do it in 2 rebuilds, I did this last time (tho not sure how much it helped)
tghume has quit [Ping timeout: 250 seconds]
<clever>
i once ran into a problem on my netbook, where i just plain didnt have enough room to hold 2 generations of nixos
<notgne2>
it was mostly updating, so I removed a bunch of things, rebuilt, ran the GC, then added them back
<clever>
so i had to keep removing software, until the new build fit
<clever>
if it fails, gc a bit, remove something else, try again
<hpfr[m]>
How do you remove software without rebuilding
<clever>
remove it from configuration.nix, and rebuild
<clever>
the NEW build will be smaller
<clever>
and maybe it will fit in the space thats left
<clever>
repeat until it does fit!
<hpfr[m]>
But it’s going to try to build qtbase and the kernel along side it and that’s how I run out of space I think
<notgne2>
you will be rebuilding, but if it is an update you will have the current copy plus the new one being downloaded, but if you remove a lot of packages, rebuild, then gc, when you add them back it will pull them, but since they were previously removed it will only be on your HDD once, so not twice the size
<clever>
hpfr[m]: a: comment out everything that depends on QT, so it wont build QT
<clever>
hpfr[m]: b: why is it building a kernel? temporarily switch to a kernel in the cache?
<clever>
hpfr[m]: c: why is it building both a kernel and qt? is the cache setup broken?
<clever>
hpfr[m]: would you run pfsense on this beast? :P
<hpfr[m]>
Why not I’d imagine it has more features than what you can accomplish with a nixos router at this point
<hpfr[m]>
Yup, doing a rebuild and takes me from 75% to full just copying paths. Gonna have to rebuild daily in the future or something so this doesn’t happen
<clever>
hpfr[m]: it runs nginx, proxies a dozen subdomains and directories out to the various machines in the house, tftp for network booting, including netbooting rpi's, it runs a teamspeak server, a full hydra server
<clever>
hpfr[m]: oh, and you should also look into deleting old generations, one min
<hpfr[m]>
You run a teamspeak server on your router
<hpfr[m]>
I thought nix-collect-garbage -d handled this
<clever>
that lets you delete a given generation
<clever>
`nix-collect-garbage -d` will just delete every old generation, for profiles it can write to
<clever>
if ran without root, it cant delete generations for system
toppler has joined #nixos
<hpfr[m]>
Oh so sudo nix-collect-garbage -d is what I want
<hpfr[m]>
That’s more general version of the nix-env command you gave correct
<clever>
`nix-collect-garbage -d` is a bit of a nuclear option
<clever>
it just deletes all generations
<clever>
while reading the output from ls, and manually doing --delete-generations, lets you get rid of things that use a different nixpkgs (wont share much, and will gain more space)
<clever>
while keeping the ones that do share a nixpkgs (the last 8 that are on f0fec244ca3)
vonfry has joined #nixos
<hpfr[m]>
Lmao I’m ready for the nuclear option at this point, but with the nix-enc command, can I just do that for like 1-40?
<clever>
so you still have some undo choices, if you notice things went horribly wrong
<hpfr[m]>
nix-env
<clever>
$ nix-env --delete-generations 3 4 8
<hpfr[m]>
Why does sharing a nixpkgs revision matter here
<clever>
thats one of the examples from the man page
<clever>
if they all share the same nixpkgs rev, then 99% of the software in those generations is shared, so you wont gain much from deleting one
<hpfr[m]>
Well 1 2 3 4 ... 40 will take a while
<clever>
they only differ in config files (and any changes you did to overlays)
<clever>
and yes, it will need root to modify the system profile
<clever>
and then a `nix-collect-garbage` (with optional --max-freed) must follow, to actually delete the things that have recently become garbage
<clever>
[root@amd-nixos:~]# ls -l /run/booted-system /run/current-system
<clever>
hpfr[m]: also, if either of these symlinks point to the old nixpkgs rev, you cant fully GC that old version, and may need a reboot before you can GC more
<hpfr[m]>
Damn I’ve been running nix-collect-garbage -d without root perms since I started using NixOS and just been wondering why all the generations still show up in grub, this explains a lot
rauno has joined #nixos
<hpfr[m]>
Down to 58% now, hopefully this works
<clever>
also, grub wont update until you next do `nixos-rebuild`
<hpfr[m]>
Right
<clever>
`nixos-rebuild` is what updates the grub menu, and it looks at the `--list-generations` to see what should be in the menu
<hpfr[m]>
That makes sense
Acou_Bass has joined #nixos
<hpfr[m]>
The symlinks point to the 20.03 version I mentioned so I don’t think rebooting will save more then
toppler has quit [Ping timeout: 250 seconds]
palo1 has joined #nixos
lord| has quit [Ping timeout: 265 seconds]
<vonfry>
I try to use appimage, but the app complains " No GSettings schemas are installed on the system". Is there some way to fix that?
<clever>
hpfr[m]: another trick, use `ndcu` on `/nix/store` to find the fattest thing, then `nix-store --query --roots /nix/store/fat-boy` to find out why it cant be GC'd, deal with those roots (depends on what they are), and `nix-store --delete /nix/store/fat-boy`
<clever>
hpfr[m]: that lets you exclusively target the things that will give you the most space
<hpfr[m]>
Awesome, thanks. Gotta make note of these commands somewhere
gila has joined #nixos
palo has quit [Ping timeout: 276 seconds]
palo1 is now known as palo
<clever>
hpfr[m]: --query --roots will point to eithe result symlinks from nix-build (decide if you want to keep it, and rm the symlink), or generations in a profile (--delete-generations from before)
lord| has joined #nixos
drakonis1 has quit [Quit: WeeChat 2.6]
<hpfr[m]>
The result symlinks from nix-build would be due to failed nixos-rebuilds?
<clever>
a failed build wont create a result link
toppler has joined #nixos
<hpfr[m]>
Not successful builds of packages for the failed nixos build though?
<clever>
only the main thing you pointed nix-build to will get a result link
<{^_^}>
[nixpkgs] @vbgl pushed to master « ocamlPackages.spelll: init at 0.3 »: https://git.io/Je4zr
<clever>
any dependencies built along the way are un-rooted
<hpfr[m]>
Oh that makes sense I guess
Cale has quit [Ping timeout: 264 seconds]
mexisme has joined #nixos
<hpfr[m]>
How can I figure out why it’s building qtbase
<clever>
hpfr[m]: bit tricky to see that, but if the build fails (kill a pid within that build), it will say what else is failing due to deps not building
<hpfr[m]>
I just got gcc: internal compiler error: Segmentation fault signal terminated program cc1
<clever>
and what is nix printing after that?
<hpfr[m]>
Builder for /nix/store/hash-linux-4.19.78.drv failed with exit code 2
<clever>
and after that
<clever>
directly after, by 1 line
<hpfr[m]>
Cannot build nixos system 1 dependencies couldn’t be built
<clever>
then nixos-system depends on linux
<hpfr[m]>
Naturally
<clever>
if you force the same failure for QT, you can see what dependended on qt
<hpfr[m]>
But just above it were the g++ commands with paths like /build/qtbase-everywhere-src-5.12.3/qmake
<clever>
it was building 2 things in parallel
<hpfr[m]>
Oh shit so basically trying to read the logs is barely useful
<clever>
thats why i tend to start with `-Q -j8 --keep-going` (assuming 8 cores)
<clever>
that hides all logs, builds 8 at once, and keeps going when things fail (build whatever it can build without the failures)
<hpfr[m]>
What do the Q and keep going do
<hpfr[m]>
Oh
<clever>
then do it again with -j1, to see the errors, without it being in parallel
<hpfr[m]>
Makes sense
<clever>
also, if you do a GC while the build is running, it cant delete anything the build needs, or will need in the future
<clever>
so you can do an un-restricted gc, of everything the build doesnt need
sellout- has quit [Quit: Leaving.]
<hpfr[m]>
If I kill a random build process will it still show me the qt failure and its dependent even though I killed a different job
toppler has quit [Ping timeout: 265 seconds]
<clever>
it can be tricky to tell which thing is in which build
<clever>
`ls -ltrh /tmp/`
<clever>
the derivation name is in the temp dir name
<clever>
the uid that owns that dir, is the uid that also owns the build processes
Cale has joined #nixos
<hpfr[m]>
Hmm guess I’ll try j1 so I can get it to print for sure
<clever>
yeah, the -j8 part is just to speed things up a bit, since -j1 will be slower
<hpfr[m]>
Right I understand parallel jobs
<clever>
nix also complicates things, by having parallel in parallel
<clever>
nix level -j, will build that many derivations
<clever>
and then each of those derivations, will do a make level -j, which runs that many gcc's
<hpfr[m]>
Yeah I just saw a j4 line while it’s building the kernel even though I did j1
<hpfr[m]>
Unfortunately j1 started with the kernel which I assume will fail with the segfault
bahamas has joined #nixos
toppler has joined #nixos
<{^_^}>
[nixpkgs] @vbgl opened pull request #71277 → coqPackages_8_10.ltac2: init at 0.3 → https://git.io/Je4zX
<{^_^}>
[nixpkgs] @nrdxp closed pull request #67227 → alsa: allow 'sound.mediaKeys.enable' to work even when 'hardware.pulseaudio.enable' is used → https://git.io/fjbpm
CGevo has joined #nixos
<CGevo>
All, I want to create an installation tarball for my applicarion, that will be used for -I nixpkgs=blabla.tar.gz
<CGevo>
for nix-env -f installation
<CGevo>
but Iwant just one derivaion of a package in it
<CGevo>
not the whole fork of nixpkgs, how to do that?
<clever>
CGevo: the tar needs a default.nix in the root of it, that should return an attribute set
<CGevo>
so I will do default.nix and do import mypackage.nix?
<CGevo>
or probably will have to import <nixpkgs>?
<{^_^}>
[nixpkgs] @jonringer pushed commit from @r-ryantm to master « syslogng: 3.22.1 -> 3.23.1 »: https://git.io/Je4zh
wedens has quit [Quit: Connection closed for inactivity]
<hpfr[m]>
I’m rebuilding my system and when “unpacking source archive /nix/store/i917n20r...-linux-4.19.78.tar.xz” I get xz: (stdin): Compressed data is corrupt
<jophish>
What's the idiomatic way of setting a configuration value depending on whether a particular module is loaded?
<jophish>
Without putting that configuration option in that module!
schjetne has joined #nixos
<tdeo>
default = config.<module>.enable?
<jophish>
Hypothetically: I have ports (a b and c) open in networking firewall, but I want to *not* have port b open if I've loaded a particular module
Tucky has joined #nixos
<jophish>
Tdeo, that works some of the time, but what if there isn't an enable option on that module
<tdeo>
how do you judge if it's "loaded" or not then?
<jophish>
Yeah, that's the thing :)
<tdeo>
because all modules are included in the configuration by default
<jophish>
Ah, sorry perhaps I meant "import" rather than module!
<jophish>
I want to remove this port iff I have ./foo.nix in imports
CGevo has quit [Remote host closed the connection]
<jophish>
Well, in this particular case I'd like to remove some lines from an extraConfig, but I guess the principle is the same
Ariakenom has quit [Ping timeout: 265 seconds]
toppler has quit [Ping timeout: 268 seconds]
Ariakenom has joined #nixos
<jophish>
Perhaps what I'm trying to do is difficult because it's a bad idea
<jophish>
It certainly makes this import feel a bit leaky
toppler has joined #nixos
zupo has joined #nixos
<{^_^}>
[nixpkgs] @FRidh pushed 7 commits to python-unstable: https://git.io/Je4g1
<marioron>
Dear channel, which phases has the $out/bin open for read-write?
<marioron>
trying to do fixupPhase = ''
toppler has joined #nixos
<{^_^}>
[nixpkgs] @FRidh pushed 2 commits to python-unstable: https://git.io/Je4gA
dm9 has joined #nixos
<marioron>
but the binary in $out if read only
<marioron>
so patchelf doesn't up
<edef>
all phases
<edef>
consider chmod +w, i guess?
Makaveli7 has joined #nixos
<edef>
it only gets made read-only after the derivation completes
<marioron>
oh so it's that way from upstream
<marioron>
not nix build doing it read only
bahamas has quit [Ping timeout: 240 seconds]
bahamas has joined #nixos
bahamas has joined #nixos
bahamas has quit [Changing host]
philr has quit [Quit: WeeChat 2.6]
marek_ has quit [Changing host]
marek_ has joined #nixos
marek_ is now known as marek
toppler has quit [Ping timeout: 268 seconds]
marioron has quit [Remote host closed the connection]
cosimone has quit [Quit: Terminated!]
nhey_ has quit [Quit: Leaving]
<{^_^}>
[nixpkgs] @FRidh pushed 3 commits to python-unstable: https://git.io/Je42t
toppler has joined #nixos
asymptotically has joined #nixos
iqubic` has joined #nixos
iqubic has quit [Ping timeout: 245 seconds]
thc202 has joined #nixos
viric_ is now known as viric
toppler has quit [Ping timeout: 268 seconds]
ThatDocsLady has joined #nixos
ottidmes has joined #nixos
toppler has joined #nixos
<Squarism>
I have this default.nix file that works great for building. I wonder if theres some way I could 1. be able to compile "server" (excluding client) from nix-shell. 2. reach a repl/ghci from nix shell for "server" build. Here is the default.nix https://paste.ofcode.org/4p66CsZ8tWbJkehVQcCmnK
<Squarism>
Ie to speed up my workflow. My problem now is that my work iterations (just compiling the changes Ive made) takes quite a long time.
<philipp[m]>
Anybody else got problems with murmur seemingly running but not binding to any interfaces after the upgrade to 19.09?
gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]
gila has joined #nixos
wfranzini has quit [Read error: Connection reset by peer]
wfranzini has joined #nixos
Okinan has quit [Quit: Konversation terminated!]
ottidmes has quit [Quit: Leaving]
toppler has quit [Ping timeout: 268 seconds]
Okinan has joined #nixos
Zer0xp is now known as Guest42396
lord| has joined #nixos
Zer0xp has joined #nixos
Ariakenom has joined #nixos
<Zer0xp>
Hey so I've updated to NixOS 19.09, I'm using KDE Plasma but for some reason now I can't see my battery status any more ever since I've updated.
toppler has joined #nixos
Heirlung has quit [Ping timeout: 250 seconds]
<Zer0xp>
When I try to open Power Management in settings, it says that the Power Management configuration module could not be loaded.
<Zer0xp>
And that the Power Management Service appears to not be running
<{^_^}>
[nixpkgs] @FRidh pushed 4 commits to python-unstable: https://git.io/Je4VX
<FRidh>
Zer0xp: maybe powerManagement.enable needs to be enabled? Not sure.
<duairc>
I know you can use -K with nix-shell/nix-build to inspect a failing build, but is there a way you can "retry" or "continue" the build after making a quick modification to one of the files therein? Obviously you can apply a patch in the derivation but I'd like a process with a faster feedback cycle
toppler has quit [Ping timeout: 240 seconds]
hilo_ has quit [Remote host closed the connection]
ryantm has quit [Remote host closed the connection]
LysergicDreams has quit [Ping timeout: 268 seconds]
Zer0xp has joined #nixos
Zer0xp is now known as Guest77347
Zer0xp has joined #nixos
LysergicDreams has joined #nixos
ebzzry has joined #nixos
orivej has joined #nixos
<Zer0xp>
So I've tried enabling the powerManagement.enable service but I am still unable to see my battery status and this is after updating to NixOS 19.09. I'm using KDE Plasma.
<Zer0xp>
I think I should just reinstall the entire OS from scratch
<{^_^}>
[nixpkgs] @FRidh pushed to master « nixos/pppd: add description for peers, unbreaks metrics job and channel »: https://git.io/Je4rq
<FRidh>
gchristensen: ^^ can ofborg check for missing descriptions?
<{^_^}>
[nix-pills] @ryantm pushed commit from @tssm to fix-pill-7-inherit-url « Update manuals' links »: https://git.io/Je4rC
rembo10 has joined #nixos
<samrose>
If I want to get the git revision of a nix channel latest release, and compare it to what is installed on an instance of nixos, is there an existing way to do this in nixos?
Heirlung has joined #nixos
<FRidh>
question is whether we want to require a description it in the first place, but I think we do
darkf has quit [Quit: Connection closed for inactivity]
<gchristensen>
yeah I think we do :)
<pbb>
samrose: you can do that manually
<pbb>
samrose: check howoldis.herokuapp.com
<pbb>
samrose: there you can see the revision of each channel
<pbb>
samrose: then, do 'ls -l /run/current-system' and take the characters after the last dot
andreas31 has joined #nixos
<pbb>
samrose: then you can do a comparison between these two nixpkgs revisions as you like, with 'git diff {rev1} {rev2}' or by looking at the git log
<pbb>
for example, my nixos system derivation ends with ...-nixos-system-amalthea-20.03pre197168.ac1aeb4fbbe, so my installed revision is ac1aeb4fbbe
<pbb>
the latest version of the unstable channel is 1c40ee6fc44 according to howoldis.herokuapp.com
<bahamas>
hello. can I create a symlink in a easy to remember location like /var/file that points to a file in my nix store?
cosimone has quit [Quit: Terminated!]
<tilpner>
Yes, use systemd.services or systemd.tmpfiles.rules
toppler has quit [Ping timeout: 265 seconds]
<bahamas>
tilpner: what exactly in systemd.services?
<tilpner>
bahamas: You would probably create a oneshot service that creates the link
<tilpner>
But try tmpfiles first
<tilpner>
Despite the name, they can be used for non-temporary files too
<bahamas>
tilpner: cool. I'll look into it. thank you!
<lassulus>
what about environment.etc ?
<tilpner>
lassulus: Doesn't work for /var
<lassulus>
ah, yes, but maybe /var isn't a hard requirement
<tilpner>
Though you could maybe get away with a link from /var/** to /etc/**
<tilpner>
And then you manage a link in /etc/** with environment.etc
<lassulus>
something like environment.etc for the whole FS would be handy
<tilpner>
You would have to create the /var link manually, and it's a weird contraption
erasmas has joined #nixos
<tilpner>
lassulus: I use a module like that for my system
<bahamas>
\/var isn't a hard requirement. I just need to create a file with env vars and place it somewhere where I can easily use it with a development server
<sphalerite>
I'm trying to build some stuff natively on armv7, and a lot of things are failing because of the shebang #!/bin/sh in their configure scripts. What causes this stuff not to fail on x86_64 and aarch64?
<ornx>
is your /bin/sh the right architecture
<ornx>
if it fails on the hashbang, and the path exists, then there must be something wrong with the file at that path
<risson>
ls
gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]
ixxie has joined #nixos
<sphalerite>
ornx: well, there shouldn't be a /bin/sh at all
<ornx>
i have a /bin/sh on my nixos system
<sphalerite>
and indeed there isn't
alexherbo24 has joined #nixos
<ornx>
uh
<sphalerite>
yes, but not in the build sandbox
<ornx>
ah
<sphalerite>
wait, there is on my x86_64 laptop o.O
<gchristensen>
the build sandbox definitely does have a /bin/sh :)
selfsymmetric-pa has joined #nixos
alexherbo2 has quit [Ping timeout: 276 seconds]
<sphalerite>
aah, there's a build-time nix option called SANDBOX_SHELL…
<selfsymmetric-pa>
I have a `csx` file I need to run. Anyone know how to install `dotnet-script`?
ddellacosta has joined #nixos
toppler has joined #nixos
tertl3_ has quit [Quit: Connection closed for inactivity]
wfranzini has quit [Remote host closed the connection]
<gchristensen>
I'm a bit skeptical on the protected branches, but probably fine :P
<{^_^}>
[nixos-channel-scripts] @edolstra pushed to master « Push to the nixpkgs repo »: https://git.io/Je4MJ
<niksnut>
gchristensen: hm, skeptical about what?
<edef>
oh, exciting
<gchristensen>
well not so skeptical. it'd be good to make it very locked down, so even you can't do it without first disabling protected branches
<edef>
this'll save me a remote at least
toppler has quit [Ping timeout: 264 seconds]
mexisme has joined #nixos
<niksnut>
gchristensen: yes, but that wasn't the case for nixpkgs-channels either
<gchristensen>
oh :P
shibboleth has joined #nixos
mexisme has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @edolstra pushed to staging « Remove references to the nixpkgs-channels repo »: https://git.io/Je4MZ
toppler has joined #nixos
<aminechikhaoui>
niksnut would you keep nixpkgs-channels as a mirror to nixpkgs ?
<niksnut>
yes, the channel script still pushes there as well
<aminechikhaoui>
ok great
ddellacosta has quit [Ping timeout: 265 seconds]
<ajs124>
what's the reason it was set up that way, with a separate repo, in the first place, instead of branches?
ddellacosta has joined #nixos
<gchristensen>
at one point you couldn't prevent people from pushing to specific branches
sellout- has joined #nixos
toppler has quit [Ping timeout: 240 seconds]
Ariakenom_ has joined #nixos
sochran has left #nixos [#nixos]
Ariakenom has quit [Ping timeout: 240 seconds]
<niksnut>
turns out it's impossible to prevent push access by "Organization administrators, repository administrators, and users with the Maintain role."
<evelyn>
I'm having a funny time installing nix on this box. I'm attempting to follow the ZFS guide. I have a boot partition formatted as vfat. But, whenever I run nixos-install, it will corrupt the partition, and I get dropped in to a recovery shell.
<exarkun>
is there a simple way to override openssl_1_1 to roll it back to 1.1.1c? I don't see how to do it with override or overrideAttrs
<jnas>
Hey - so i'm attempting to migrate to the newest airflow version (1.10.5) as well as upgrade from python2.7 to 3.7 - after delving into the NixOS pkgs and not seeing a py3 version of airflow available (as well as many of the required packages), it was clear this would need a custom build. NixOS has been working well with packaging airflow 1.9.0 w/
<jnas>
py2.7, and I've been updating the deps to use the versions of the packages defined here: https://github.com/apache/airflow/blob/1.10.5/setup.py. Currently running into an issue where I've defined one package definition (for the package Six) and for some reason the build has found duplicate packages for this, and they're the same version but still
<exarkun>
mixing two different pythonPackages can lead to that failure
<exarkun>
share your expression
<roconnor>
exarkun: presumably you have to override the src attribute with your own fetch_url value?
<exarkun>
roconnor: I guess so. Looking at the expression in nixpkgs, I guess I have to duplicate anything that uses either `version` or `sha256` since there's nothing I can do to automatically propagate those changes?
<exarkun>
I kinda thought there was but ...
<clefru>
I am a bit puzzled by that my system wants to build "4j4arqq9mp9qj4znnjmnq5mir58jfz99-coreutils-8.31.drv". My git repo is at "
<clefru>
8bf142e001b" which is the current nixos-19.09 channel, so in theory the binary caches should have all the packages caches. I also don't override coreutils (or any of its dependencies)... so I am a bit puzzled. Are there some tools to debug this? Showing the query to the binary cache for instance?
<roconnor>
exarkun: inspecting the sources suggests to me that 'version' and 'src' are the only relevent fields
detran has quit [Ping timeout: 265 seconds]
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-18.09: https://git.io/Je4DU
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-18.09-small: https://git.io/Je4DT
ng0 has quit [Ping timeout: 260 seconds]
WilliButz has quit [Quit: WeeChat 2.6]
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-19.03: https://git.io/Je4DI
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-19.03-small: https://git.io/Je4DL
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-19.09: https://git.io/Je4Dt
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-unstable: https://git.io/Je4Dm
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixos-unstable-small: https://git.io/Je4DY
ris has joined #nixos
ng0 has joined #nixos
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixpkgs-18.09-darwin: https://git.io/Je4DO
<gchristensen>
woohoo
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixpkgs-19.03-darwin: https://git.io/Je4Ds
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixpkgs-19.09-darwin: https://git.io/Je4DG
WilliButz has joined #nixos
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 0 commits to nixpkgs-unstable: https://git.io/Je4DZ
<jnas>
or general advice on where to look for: Package duplicates found in closure, see above. Usually this happens if two packages depend on different version of the same dependency.
<Ericson2314>
niksnut: gchristensen imo if hydra always made a merge commit which it signed, that would be a pretty good solution
<Ericson2314>
when it just fast forwards, one doesn't really have a sense of which non-tip commits were the last ones to pass hydra without checking hydra itself
<gchristensen>
Ericson2314: how about if the data at https://channels.nix.gsc.io/ was made available at nixos.org?
<Ericson2314>
but if we had a merge commit every time hydra approved, we would have that information in the git repo itself
<meatcar>
anyone having issues with fish not autocompleting manpages when typing `man <tab>`? I've been chasing this but on and off for a while, looks like its related to apropos not returning any results, due to mandb not being run. I have to manually run `mandb` and `mandb -u` as root to get the completions to work.
jreed has joined #nixos
<niksnut>
I don't like having a merge commit, because it means that the channel branch will have different commit hashes than the corresponding release branch
<symphorien>
a tag then ?
<qyliss>
niksnut++
<{^_^}>
niksnut's karma got increased to 12
domogled has quit [Ping timeout: 246 seconds]
<symphorien>
jnas: nix-store --query --tree may show what pull the different versions
<Ericson2314>
gchristensen: niksnut it is a matter of personal taste, but I do actually like the separate commit history
toppler has joined #nixos
<gchristensen>
what are the properties you're looking for?
<niksnut>
git-notes might be useful for this, but I think github doesn't support them very well
<gchristensen>
git-notes are actually really awful. I used them for the security roundups for a while and it was a nightmare
<Ericson2314>
i like the signed history of CI'd commits
<Ericson2314>
hydra is saying both "this commit is good" and "this commit is the next one I deemed good after this previous one"
<exarkun>
roconnor: For now, right? I'll have to read all future changes to see if they introduce any other uses.
<gchristensen>
(nit: hydra actually doesn't do that, it is the channel updater which does that)
<exarkun>
jnas: What is `commonBuildInputs`?
<Ericson2314>
with both this, and the grand hypothetical ofborg hydra unification whree every commit is CI'd before merge, `git log --first-parent` gives a history of all known-good commits
cosimone has quit [Quit: Terminated!]
<exarkun>
jnas: Also, this looks like the expression for `six`, I guess. Is this what fails to build?
<gchristensen>
we could make a TLS certificate and submit it to certificate-transparency.org
<jnas>
yea exarkun actually 2 different versions apparently attempt to build
<Ericson2314>
would be useful if `git bisect` could take `--first-parent` like `git log` too
domogled has joined #nixos
<exarkun>
jnas: Are you building *this* expression when you get the error you pasted?
<gchristensen>
sounds like tags would be the closest thing you're hoping for
<roconnor>
exarkun: that is true, however that is essentially always the case for packages. There is no override mechanism for "rec" and, in this case, locally bound functions (i.e. 'common').
<exarkun>
roconnor: Okay. Thanks!
<niksnut>
gchristensen: is that the thing go uses?
<Ericson2314>
i dunno, it's not my top priority or anything, just an idea
* Ericson2314
goes back to work
<roconnor>
exarkun: I think it is also worth consdiering cutting and pasting essentially the entire expression.
ambro718 has joined #nixos
<roconnor>
rather than using a package override.
<roconnor>
rather than using a derivation override.
boxscape has joined #nixos
<ambro718>
Did anyone try nvidia+wayland+KDE using the new EGL-Streams support in Plasma 5.16?
<gchristensen>
Ericson2314: let's talk more :) (cc adisbladis )
<jnas>
yea presumably that expression exarkun is causing the failure judging by the stacktrace I sent
<niksnut>
I think it would be annoying if "nixos-version" prints a revision that doesn't actually exist on the release branch
<exarkun>
roconnor: Yea. I've done that before. All of the patch files and such will make it a little more annoying for openssl, I think. I'll try overrideAttrs for a while and see how it goes. And with luck somebody will fix the issues that require me to pin openssl to exactly 1.1.1c before too long...
<gchristensen>
niksnut: +1
<exarkun>
jnas: Actually the error you sent says you're building apache-airflow which depends on mock which depends on six
<exarkun>
jnas: My guess is that you have overridden one out of many python dependencies in a way that causes the conflict and you need to do more.
<niksnut>
adding a merge commit also invalidates the version string used in e.g. ISO names
<gchristensen>
heh
<niksnut>
though that might be an argument for not using revisions in version strings...
<gchristensen>
revisions are so good, though
<niksnut>
yes
<exarkun>
jnas: Perhaps you can assemble an SSCCE.
Zer0xp has joined #nixos
toppler has quit [Ping timeout: 246 seconds]
cosimone has joined #nixos
alexherbo24 has quit [Ping timeout: 276 seconds]
alexherbo245 has joined #nixos
<jnas>
it has been quite a process to fix the deps with the new versions and do custom builds exarkun but i'm not understanding where the multiple versions are coming from for this specific package
<exarkun>
I can't see your complete expression so I can't tell you where it's coming from. I can tell you that I have encountered this symptom before and the cause has been using Python packages from two different `pythonPackages` sets.
<exarkun>
If you have pythonXPackages.foo which depends on pythonXPackages.bar and you have pythonYPackages.baz which depends on pythonYPackages.bar and you try to put pythonXPackages.foo in an environment with pythonYPackages.baz then you'll have a conflict between pythonXPackages.bar and pythonYPackages.bar
<exarkun>
it doesn't matter if bar is the "same" in both, it can't really be the same because it belongs to a different package set
<exarkun>
This may have absolutely nothing at all to do with your problem. Without seeing a complete expression that reproduces the failure I'm just guessing.
<zeta_0>
hello guys, will the rasberry pi 4 work with the new nixos unstable version ?
toppler has joined #nixos
<samueldr>
there's a (temporary) device-specific image built by hydra currently, and there's a PR for u-boot that needs work (after nixcon) and it might work with the generic image at that point
* samueldr
searches for the device-specific image link
<aanderse>
say i have some certificate files from the active directory sysadmins and i want to deploy them on a bunch of my nixops servers
<zeta_0>
samueldr: cool, how long do you think i will have to wait until it is working and stable ?
<aanderse>
my current approach is to use openssl to take the certificate files, convert them into PEM format, then pass them into security.pki.certificateFiles
<samueldr>
the linked image should be stable, and it should be working, but doesn't work using u-boot, thus no generations selection at boot, among other differences
<samueldr>
as far as a u-boot image, no timeline, but during november I will take some time to validate the state of u-boot+mainline and then we'll know
<aanderse>
i wrote a real quick runCommand "outputfile.pem" { nativeBuildInputs = [ pkgs.openssl ]; } "openssl blah blah convert input to $out"
<aanderse>
and pass that instead
<aanderse>
where is the standard spot that i should declare functions that i want to use across a bunch of different servers in my nixops network?
<zeta_0>
samueldr: what is u-boot, i plan on installing nixos unstable on the rasberry pi 4 using a usb flash drive ?
<samueldr>
u-boot is a firmware and bootloader solution, it gives us a common platform for all ARM boards, so we don't have to support any specific board with a specific build
toppler has joined #nixos
Jackneill has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @nixos-channel-bot pushed 242 commits to nixpkgs-unstable: https://git.io/Je49r
<gchristensen>
(though it seems you had a good couple of keywords with "logical and"!)
<gchristensen>
ah right, mkIf is a construct unique to NixOS (not Nix)
<tokudan>
i still couldn't find it in the nixos manual
<gchristensen>
yeah, that does suck
<tokudan>
did a full text search right now and it's under option definitions -> delaying conditionals
<tokudan>
the first match is an example though
shibboleth has quit [Quit: shibboleth]
<gchristensen>
probably almost all of the nix manual should be included in the nixos manual
<gchristensen>
treat nixos modules as its own language
<tokudan>
not sure about that, the distinction makes sense, once you've understood the difference between nix, nixpkgs and nixos
<gchristensen>
yeah ...
<tokudan>
though i don't really have an idea about what to improve...
<{^_^}>
[nixpkgs] @nathyong opened pull request #71301 → p4v: explicitly depend on openssl 1.0 series → https://git.io/Je4QO
<zeta_0>
i just have to change: `stateVersion = "19.03"` to `stateVersion = "20.03"`in configuration.nix and home.nix before changing the channel and running an upgrade ?
<tokudan>
and still i tend to search through all of them if i'm looking for something
<tokudan>
zeta_0, no
<gchristensen>
zeta_0: as the comment (should) say: do _not_ change thaht.
alexherbo2 has quit [Ping timeout: 240 seconds]
toppler has joined #nixos
<zeta_0>
is there a link to the instructions on this ?
<tokudan>
zeta_0, keep stateVersion and just change the channel
<zeta_0>
ok, thanks i am going to give it a try now in a bit'
drakonis has joined #nixos
<tokudan>
so... i just changed rngd to start during early boot on my system to avoid entropy starvation due to my encrypted swap... seems to be working very well
<tokudan>
going to make PR about that
gxt has quit [Remote host closed the connection]
troydm has joined #nixos
erasmas has quit [Quit: leaving]
toppler has quit [Ping timeout: 240 seconds]
gxt has joined #nixos
freeman42x has quit [Ping timeout: 246 seconds]
zeta_0 has quit [Quit: rcirc on GNU Emacs 26.1]
Okinan has quit [Quit: Konversation terminated!]
<{^_^}>
[nixpkgs] @tokudan opened pull request #71302 → rngd: Start early during boot and encrypted swap entropy fix [WIP] → https://git.io/Je4Qo
toppler has joined #nixos
kraem has quit [Quit: outta here]
wfranzini has quit [Remote host closed the connection]
wfranzini has joined #nixos
<{^_^}>
[nixpkgs] @jonringer pushed 10 commits to python-unstable: https://git.io/Je4Q1
<gchristensen>
samueldr: is it okay to use a sloth emoji when talking about 19.09 Loris?
<samueldr>
I don't know :)
<samueldr>
I don't think they're related? and I'm not a zoologist
<samueldr>
(and it was sphalerite's choice of animal)
<gchristensen>
they're not but they sooorta look similar
<samueldr>
in my opinion emojis shouldn't be used in that way, only if it is *the* thing, so not even a snowflake in place of the lambdaflake
<gchristensen>
whoa
<gchristensen>
you're a purist!
gxt_ has joined #nixos
<drakonis>
a emoji purist, a rare sighting
gxt has quit [Ping timeout: 260 seconds]
<AmandaC>
quick, we have to coax it back into it's cage for it's own protection!
<AmandaC>
It'll never survive in the wild! :P
toppler has quit [Ping timeout: 265 seconds]
kraem has joined #nixos
<mrSpec>
Hi! I have nothing special in my current networking part of configuration.nix, my system is getting IP from DHCP. Now I'm trying to create bridge br0 to eth0, for my containers
<mrSpec>
I thought networking.bridges.br0.interfaces = [ "eth0" ]; networking.interfaces.br0.useDHCP = true; would be enough but I'm getting: sys-subsystem-net-devices-br0.device: Job sys-subsystem-net-devices-br0.device/start timed out.
<jlv>
Is it possible to disable sandboxing in a nixpkgs `config` option? (I'm trying to disable sandboxing for the `nix-build` of a particular project)
mbrgm_ has joined #nixos
mbrgm has quit [Ping timeout: 245 seconds]
mbrgm_ is now known as mbrgm
<kyren>
do any of the server management tools (nixops, morph, etc) support secrets management for declarative containers?
<kyren>
alternately, how does one do UID mapping to a declarative container, for example to set the proper UID for a secret to one for the container
toppler has joined #nixos
<infinisil>
jlv: Nope, but you can set `__noChroot = true` in the derivation to make it error if it's built with sandboxing
<jlv>
infinisil: Ok. Plan B then. `# nix-build --option sandbox false` and a note in the readme. I just prefer not requiring specific variations on commands. On a related note, is there a list of nixpkgs `config` options anywhere?
<infinisil>
jlv: man nix.conf
<infinisil>
And `nix show-config` lists all options and their values
<infinisil>
(perhaps a bit more than documented in `man nix.conf`)