<o1lo01ol1o>
I have a derivation that, on build, creates a bunch of stuff in `root/foo`. It expects to find those things in `root/foo` but I'd like run another binary on some of those things after they're build. What's the correct way to do this? Can I just `runCommand` cd ${root}/foo doTheNastyEffs?
cab404[m] has joined #nixos
phreedom has joined #nixos
shibboleth has joined #nixos
jluttine has quit [Ping timeout: 265 seconds]
dansho has joined #nixos
Henson has quit [Ping timeout: 258 seconds]
phreedom_ has quit [Ping timeout: 240 seconds]
lovesegfault has quit [Quit: WeeChat 2.7]
h0m1 has quit [Quit: WeeChat 2.7]
h0m1 has joined #nixos
wildtrees has quit [Quit: Leaving]
mexisme has joined #nixos
noogie has joined #nixos
eraserhd has quit [Ping timeout: 260 seconds]
<pikajude>
is there a sensible way to set up a "failable" mount in nixos configuration?
<pikajude>
i don't want to have to drag this thing over to my monitor and plug it in to fix the boot process if one of the external drives fails
<pikajude>
even with "noauto" it blocks booting if i put it in my configuration
<pikajude>
nvm, i'm an idiot. with noauto *and requiredForBoot = false it's fine
eraserhd has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/JeNON
o1lo01ol1o has quit [Ping timeout: 240 seconds]
rashad3030 has joined #nixos
Heirlung has quit [Ping timeout: 260 seconds]
selfsymmetric-mu has joined #nixos
<rashad3030>
Hello, I was wondering if anyone here could help me install nix. I've also asked on the nixos Slack channel.
<rashad3030>
I'm following the instructions on the NixOS website. When I run the command: curl https://nixos.org/nix/install | sh
<rashad3030>
I get the following error:
<rashad3030>
error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': No such file or directory
<rashad3030>
Any help is appreciated. Thank you for reading!
Heirlung has joined #nixos
Heirlung has quit [Ping timeout: 258 seconds]
acarrico has quit [Ping timeout: 258 seconds]
Kritnich has quit [Quit: Bye bye.]
Kritnich has joined #nixos
<infinisil>
rashad3030: macOS?
jlslnx has quit [Quit: leaving]
<infinisil>
rashad3030: Try running `unset NIX_DAEMON`, then the install script again
<rashad3030>
I will try running `unset NIX_DAEMON` though. Thank you!
<rashad3030>
Hmmm...Yeah I still get the same error.
<rashad3030>
error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': No such file or directory
ixxie has quit [Ping timeout: 240 seconds]
bhipple has quit [Ping timeout: 268 seconds]
ayerhart has joined #nixos
<ornxka>
is there an easy way to run a program with python libs in its environment somewhere
<ornxka>
like if i have program x which runs some python code somewhere along the line, which imports eg numpy, is there an easy way to do nix-shell blah blah x blah blah --with-python-modules numpy or something, without having to modify the nix expression for x?
h0m1 has quit [Ping timeout: 248 seconds]
<lovesegfault>
ornxka: Yeah, something like this, maybe?
<jbetz>
cabal2nix question: if there are multiple executables in the package definition, how do I tell nix to build only one of them?
<lovesegfault>
jbetz: Probably `-A`?
rashad3030 has quit [Ping timeout: 260 seconds]
<infinisil>
lovesegfault: Nope
<jbetz>
my attribute is just: `backend = pkgs.haskell.lib.justStaticExecutables (pkgs.haskellPackages.callCabal2nix "backend" ./backend { });`
<jbetz>
lovesegfault: adding the executable name to the attribute path doesn't work
shibboleth has quit [Quit: shibboleth]
acarrico has joined #nixos
<lovesegfault>
jbetz: I've never used cabal2nix, -A is just usually my first try when the problem is "select something from a nix thing" :P
jluttine has joined #nixos
<infinisil>
jbetz: After looking into it, you can adjust what gets built by wrapping it with `pkgs.haskell.lib.overrideCabal (..) { buildTarget = "exe:foo test:bar"; }`
<infinisil>
However this won't actually work entirely, because it still tries to call `cabal install`, which will try to install everything I believe still
klntsky has quit [Ping timeout: 240 seconds]
<infinisil>
jbetz: Why do you need this? If you just want to get rid of a binary you can remove it after it's build by setting `postInstall`
kleisli has quit [Ping timeout: 268 seconds]
klntsky has joined #nixos
qubasa has joined #nixos
<jbetz>
infinisil: I just don't want to build something I don't need. removing the binary is probably good enough, but it seems weird that this isn't configurable.
<infinisil>
You could probably do it by patching the .cabal file
<jbetz>
the second executable is just for profiling, so maybe what I really should do is just convert it to a benchmark target
[Leary] has quit [Remote host closed the connection]
<samueldr>
github pushes events to a webhook address, this goes in a rabbitmq queue, and a script scrapes those events for the few ones to print here
<lovesegfault>
samueldr: Still pretty awesome how fast it is
<samueldr>
meh, I'd like it if it could tell me what I'm going to do next
<lovesegfault>
lol
<lovesegfault>
Notice({^_^}): [nixpkgs] @samueldr is about to fix nvidia support in pull request #76597
kleisli has joined #nixos
<jbetz>
infinisil: okay, so switching the second executable to benchmark removes it from the build output, and that seems like the correct solution. and overriding `buildTarget`doesn't seem to work, because even if I exclude it from the list, it still tries to install it.
xelxebar has quit [Quit: ZNC 1.7.2+deb2~bpo9+1 - https://znc.in]
_ri_ has joined #nixos
drakonis has quit [Quit: Leaving]
<jbetz>
don't actually need it anymore, but yeah, still seems weird
smatting has quit [Ping timeout: 252 seconds]
<infinisil>
Nothing weird, just functionality nobody needed before
<infinisil>
And yeah that's what I meant by how buildTarget won't work entirely
<lovesegfault>
Is there a wayland DM apart from GDM?
<jbetz>
infinisil: a more general nix question: how do you go about discovering properties like `buildTarget`? I tried loading the attrset into a repl and using `attrNames` to explore the specific target, but it's pretty clunky. are there better ways?
iyzsong has joined #nixos
erictapen has joined #nixos
thc202 has quit [Ping timeout: 248 seconds]
<lovesegfault>
Can fetchFromGitHub fetch submodules?
<lovesegfault>
Oh
<lovesegfault>
eh
<ornxka>
how do i get nix-shell to look at my ~/.config/nixpkgs/config.nix
<ornxka>
i do nix-shell blah blah -A blah but inside of there it doesnt seem to know about my packageoverrides in config.nix
Heirlung has quit [Ping timeout: 268 seconds]
_ri_ has quit [Quit: leaving]
lovesegfault has quit [Quit: WeeChat 2.7]
pie_ has quit [Ping timeout: 268 seconds]
lovesegfault has joined #nixos
bhipple has joined #nixos
felixfoertsch23 has joined #nixos
felixfoertsch has quit [Ping timeout: 260 seconds]
<day|flip>
lovesegfault, I notice ly have package binary already. but no options for it. like : servies.xserver.displayManager.ly
<lovesegfault>
day|flip: I just looked at the source and now I don't want to touch it
<lovesegfault>
I'll just write my own since it's winter break
scasc has quit [Remote host closed the connection]
siiky has joined #nixos
endformationage has quit [Ping timeout: 258 seconds]
Heirlung has joined #nixos
ddellacosta has quit [Ping timeout: 240 seconds]
felixfoertsch23 has quit [Quit: ZNC 1.7.3 - https://znc.in]
felixfoertsch has joined #nixos
<jbetz>
infinisil: okay, thanks
zarel_ has joined #nixos
<jbetz>
is it possible to tell `nix-copy-closure` to copy only the runtime dependencies of a derivation? or do I need to do some sort of package filter on the derivation itself? e.g., when deploying, I don't care about building anything on the target, just running the executable
<drozdziak1>
I'm trying to use Ardour on NixOS, how can I let Ardour see plugins? Should I run it using nix-shell?
<drozdziak1>
nix-shell -p ardour calf doesn't cut it unfortunately
<{^_^}>
[nixos-homepage] @raboof opened pull request #324 → Show how to get the interpreter from the gcc wrapper for patchelf → https://git.io/JeNC0
<__monty__>
drozdziak1: Usually such derivations have a `.withPlugins/.withExtensions` or the like but ardour doesn't. I suspect you'd have to implement a similar mechanism if ardour doesn't simply pick up dependencies from the environment.
pie_ has quit [Ping timeout: 258 seconds]
ebzzry has joined #nixos
<{^_^}>
[nixpkgs] @ghuntley opened pull request #76599 → radarr: bump to v0.2.0.1450 → https://git.io/JeNCz
<{^_^}>
[nixos-homepage] @zimbatm merged pull request #324 → Show how to get the interpreter from the gcc wrapper for patchelf → https://git.io/JeNC0
<{^_^}>
[nixos-homepage] @zimbatm pushed commit from @raboof to master « Show how to get the interpreter from the gcc wrapper for patchelf (#324) »: https://git.io/JeNWT
alex`` has joined #nixos
alex`` has quit [Client Quit]
alex`` has joined #nixos
ixxie has joined #nixos
<aanderse>
Izorkin: quite the commit. i think @peti or @alyssais do some work with that module perhaps... but i can't recall for sure
<{^_^}>
[nixpkgs] @Ma27 pushed to master « taizen: fix darwin build »: https://git.io/JeNWh
Rusty1 has joined #nixos
genesis has quit [Remote host closed the connection]
genesis has joined #nixos
ranguli has joined #nixos
<ranguli>
Hey all, any idea on how to enable sandboxing for builds on some kind of a per-case basis? I'm creating a package and want to sandbox build it, but not set it systemwide.
<{^_^}>
[nixpkgs] @roberth opened pull request #76605 → swapDevices.<name>.device can be a swap file. → https://git.io/JeNlm
<notgne2>
that should work and have no dependence on mutable file stuff (so you don't have to worry about pulling that repo for your Nix config to work)
<tilpner>
notgne2: That will fail to build on the next update
<{^_^}>
[nixpkgs] @tazjin opened pull request #76608 → age: init at v1.0.0-beta2 → https://git.io/JeNlb
<notgne2>
tilpner: yep I was about to point that out (plus managing rev much easier than managing hash), I'm gonna go write up a config that actually pulls it on a timer and puts it in /var, since I might use this myself
<notgne2>
for securities sake though honestly one of the previous methods might be best, since it stops the guy who maintains this hostfile from publishing a list which sets up a bunch of MiTM routes
<notgne2>
well, doesn't stop him, but gives you a chance to check if he did or not rather than having systemd blindly pull it
tsrt^ has joined #nixos
tarnacious has quit [Quit: Lost terminal]
<Thra11>
corsair: It does appear to allocate massive amounts of memory, which might cause some systems to lock up.
<Thra11>
I assume it's trying to evaluate the entirety of nixpkgs or something like that
<Thra11>
And if nobody sees it, then after a week or two, you could link it in the discourse thread for PRs needing review
<ranguli>
Okay, I'll do that if nothing comes of it. Thanks folks!
<tilpner>
notgne2: Use startAt = "daily";;
<notgne2>
I've honestly never touched systemd timers before lol, not quite sure how any of it should be done
cinimod`` has joined #nixos
<tilpner>
notgne2: You can drop the whole timer block with startAt
chloekek has joined #nixos
<avocadoom>
Is there anyone attending the 36c3 who has knowledge on how to maintain GitLab on nixos? I have some questions.
shibboleth has joined #nixos
erictapen has joined #nixos
<BugeyeD>
hi all. wanting to replicate my automated installs of ubuntu/centos via ipxe, with local (netboot) script acting on params passed in on kernel line.
ng0_ is now known as ng0
<BugeyeD>
anyone doing anything similar for nixos? my initial target is vsphere vms, but hope to also use with bare metal and rpi once i figure out the automated deploy piece
<BugeyeD>
currently just booting from a custom ipxe iso/usb that includes a script which gathers then passes the arguments to the kernel
<simpson>
BugeyeD: clever has such a home setup, IIRC.
<BugeyeD>
simpson: thanks, will reach out ...
<BugeyeD>
clever: any pointers would be gratefully accepted
stramble-M has quit [Quit: User has been idle for 30+ days.]
<{^_^}>
[nixpkgs] @veprbl pushed commit from @r-ryantm to master « offlineimap: 7.3.0 -> 7.3.2 (#76353) »: https://git.io/JeN47
Thra11 has quit [Client Quit]
Thra11 has joined #nixos
<itsu[m]>
hmm, not sure postgresqlXX.lib is what I'm looking for. I'm trying to build a haskell package with stack and it fails while building postgresql-libpq-0.9.4.2. Installing postgresql_11.lib doesnt fix the pb
gyroninja_ has joined #nixos
gyroninja has quit [Ping timeout: 258 seconds]
<infinisil>
Well if you just used nix-env to "install" it, this won't work because Nix doesn't work that way
<infinisil>
Well it might if it's not a nix-build actually, but it's never a good idea to nix-env libraries
<itsu[m]>
I installed it with my configuration.nix file. I'm using nixos
<infinisil>
Do you have more info on the problem?
<infinisil>
,dnw
<{^_^}>
Provide as much info as possible on problems. What specifically doesn't work? What command did you run? What's the error? This makes debugging easier and helps getting faster responses
<infinisil>
Using configuration.nix to install libraries is equally not a good idea
<DigitalKiwi>
on nixos-unstable xmonad isn't working with plasma5 :(
<DigitalKiwi>
is still kwin?
shibboleth has quit [Quit: shibboleth]
<itsu[m]>
{^_^}: so I'm building a personnal haskell app. when I try to compile it with "stack build" it fails with this error https://pastebin.com/CaFpqt07
b has joined #nixos
<itsu[m]>
I think (not 100% sure though) it is usually fixed with a sudo apt-get install libpq-dev on traditional linux platform
<DigitalKiwi>
most recently it told me a bunch of things were deprecated and now i'm wondering if that broke it or if i didn't set something else up right...
rootatarch has quit [Quit: WeeChat 2.7]
<DigitalKiwi>
xserver settings
<itsu[m]>
thanks infinisil. I'm looking at it and can't make it work for now but hopefuly I'll find the solution :-)
<bgamari>
gchristensen, do you know whether the Packet bonding issues are resolved on 19.09?
zeta_0 has joined #nixos
[Leary] has joined #nixos
<DigitalKiwi>
ok so I rebooted to a previous generation now how do I figure out what changed that it doesn't work now
Lears has quit [Remote host closed the connection]
<DigitalKiwi>
20.03pre205780.d942688fc13
<evanjs>
if itsu[m] just needs libpq then I would assume postgres, and maybe haskellPackages.libpq might be enough?
<evanjs>
tested with a bare c file and 'libpq-fe.h' is simply provided by postgres
cinimod`` has quit [Ping timeout: 258 seconds]
<itsu[m]>
👍️
jmeredith has joined #nixos
<infinisil>
DigitalKiwi: Bisect on nixpkgs
tomberek has joined #nixos
<DigitalKiwi>
can i list generations or should i write it down from the grub
<DigitalKiwi>
all i can remember is that the one i'm on is 5.3.16 and the next one I have is 5.13.18 and that and the one after that are both broken
<tomberek>
When dealing with large files (nix-copying, building, fetching, transferring), there seems to be a single CPU bottleneck of moving that data through the daemon.
chloekek has quit [Ping timeout: 260 seconds]
UndefinedIsNotAF has joined #nixos
<tomberek>
Is this something that can by bypassed? Talk to Nix store directly? or sandbox=false? Anyone else run into this bottleneck with files of a few GiB?
cantstanya has quit [Remote host closed the connection]
<MichaelRaskin>
BTW, did you try switching without reboot?
<MichaelRaskin>
To separate Xorg version and kernel version
<DigitalKiwi>
well
<DigitalKiwi>
the last time i restarted display-manager it rebooted
<DigitalKiwi>
so uh
<MichaelRaskin>
Oops
<tomberek>
i'm aware of the "Add large files to nix store" hack. It's okay for occasional needs to do a nix-store --add, but other operations seem to have the problem too. Like nix copy.
reallymemorable has quit [Quit: reallymemorable]
reallymemorable has joined #nixos
shibboleth has joined #nixos
mac10688 has joined #nixos
mmlb has quit [Ping timeout: 268 seconds]
philr has quit [Ping timeout: 260 seconds]
chloekek has joined #nixos
<DigitalKiwi>
<option>services.xserver.desktopManager.default</option> and <option>services.xserver.windowManager.default</option> options were replaced by a single <xref linkend="opt-services.xserver.displayManager.defaultSession"/> option to improve support for upstream session files. If you used something like:
<DigitalKiwi>
that's the one i mentioned
cmacrae has joined #nixos
wildtrees has joined #nixos
<o1lo01ol1o>
I have a derivation that, on build, creates a bunch of stuff in `root/foo`. It expects to find those things in `root/foo` but I'd like run another binary on some of those things after they're build. What's the correct way to do this? Can I just `runCommand` cd ${root}/foo doTheNastyEffs?
cinimod`` has quit [Ping timeout: 260 seconds]
reallymemorable has quit [Quit: reallymemorable]
xelxebar has quit [Remote host closed the connection]
xelxebar has joined #nixos
corsair has joined #nixos
tsrt^ has quit []
fenedor has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @veprbl pushed commit from @tesq0 to master « unityhub: init at 2.2.2 (#65391) »: https://git.io/JeN0W
<samueldr>
if it needs to write, you could cp -r ${root} ./; I think chmod +w to all that, then run, then copy to $out as expected
kleisli has joined #nixos
<o1lo01ol1o>
samueldr: but where is $out in this case? the binaries in `root/bin` need to read the (altered) files in `root/foo`
Palpares has joined #nixos
<samueldr>
each derivation has its own $out
<samueldr>
so you'd treat one of the derivation as a step, where an incomplete "whatever-you're-building" step is
<Palpares>
hi. what is the official way of declarative packaging management for users ? The home-manager project provides something, but is it a lack of the basic nixos ?
<MichaelRaskin>
Well, for a minimal use case, buildEnv + nix-build are enough, for some other cases nix shell is a reasonable choice…
<simpson>
Palpares: There isn't one. Many folks have tried to establish one, but it turns out that people are fickle and want many different things.
<Palpares>
simpson: is it then good practice to install everithing from the /etc/nixos/configuration.conf ?
<MichaelRaskin>
It is a completely fine approach
<tomberek>
nix copy --to s3://bucket path of a 3.6GiB file takes a ridiculous amount of time and just spins 100% CPU, is there a bypass?
<evils>
doesn't users.users.<name?>.packages count as official per-user package management?
<samueldr>
might not be user-controlled enough in a shared computer scenario
<evils>
then, nix-env?
risson has quit [Quit: Pouet. WeeChat 2.6]
<o1lo01ol1o>
samueldr: ah right, i'd just copy the whole thing and process whatever is needed in the process. thanks!
<samueldr>
all solutions end-up somehow using nix-env in the background evils :)
<MichaelRaskin>
nix-env --set is fine!
kleisli has quit [Ping timeout: 260 seconds]
<MichaelRaskin>
(But I actually use nix-build)
<Palpares>
what about the .config/nixpkgs/config.nix for a per user configuration ?
<Palpares>
if one puts its own programs within myPackages that makes the things no ?
risson has quit [Client Quit]
<pie_>
so I have a bunch of running bash processes on nix that I want to attach a debugger to
<pie_>
how can I acquire exeternalized debug info for those derivations?
<pie_>
environment.enableDebugInfo doesnt seem to have done much
<pie_>
oh hm `If you need debug symbols for a package that doesn't provide them by default, you can enable them as follows: nixpkgs.config.packageOverrides = pkgs: { hello = pkgs.hello.overrideAttrs (oldAttrs: { separateDebugInfo = true; }); }; `
<DigitalKiwi>
error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': Connection refused
<DigitalKiwi>
i get that a lot lately is that normal
<pie_>
hm that doesnt help because it still changed the derivation and causes a massive system rebuild
sigmundv__ has quit [Ping timeout: 265 seconds]
<pie_>
genesis: thats what im looking at but maybe I missed something
<pie_>
by which i mean the separatedebuginfo @hm that doesnt help because it still changed the derivation and causes a massive system rebuild
<pie_>
hm but maybe I can just install it and hope that gdb can reach the result nevertheless
fusion809 has quit [Remote host closed the connection]
<Palpares>
I am wondering: is nixos a good choice for a server os (security, performances, stability...)?
* pie_
nudges clever @ above?
ddellacosta has joined #nixos
jb55 has quit [Ping timeout: 240 seconds]
<simpson>
Palpares: Sure. What would make a distro a bad choice for a server OS? (Does it seem like NixOS sacrifices security, performance, or stability?)
<Palpares>
well about security, is the nixos builtin firewall as strong as iptable for eg. About stability, rollback looks a great gain over other distro. About performances, the nix package looks to use high memory sometimes - wonder if nixos would run over a rasberry server
<MichaelRaskin>
It _is_ iptables
<MichaelRaskin>
NixOS uses existing tools, and the patches are mainly about search paths
janneke has joined #nixos
<MichaelRaskin>
About performance: Nix evaluations are expensive, so for a weak deployment target it makes sense to build on a powerful machine then push the built system to the target
<simpson>
nix-env does chew memory, but it's not mandatory and probably the only offender.
<simpson>
On an RPi, the main problem is that, y'know, it's an RPi; it doesn't have much horsepower even with Raspbian.
<MichaelRaskin>
Well, NixOS full evaluations to consume more memory than they would in an ideal world
<MichaelRaskin>
But you can run them on a laptop, pull stuff from binary cache and push the result to the RPi
erictapen has joined #nixos
<Palpares>
Is haskell mandatory to be learn in order to progress with nixos ?
Tracer41[m] has joined #nixos
<Tracer41[m]>
hello folks
<MichaelRaskin>
Nope
<MichaelRaskin>
I write no Haskell
<MichaelRaskin>
I have > 10 years Nix experience
<Palpares>
Is there some basics of haskell like syntax or keywords to be confortable with - in some place in the documentation ? Or a good tutorial to fast understand how this works
jb55 has joined #nixos
<Palpares>
as a programer, I admit with zero knowlegde of haskell, I fell like copying things from the web and not understanding or improving
<MichaelRaskin>
Nix is much simpler than Haskell
<{^_^}>
[nixpkgs] @bjornfor merged pull request #76605 → swapDevices.*.device can be a swap file. → https://git.io/JeNlm
<{^_^}>
[nixpkgs] @bjornfor pushed commit from @roberth to master « swapDevices.<name>.device can be a swap file. »: https://git.io/JeNER
<MichaelRaskin>
There is Nix language manual (separate from NixOS manual!)
<MichaelRaskin>
There are Nix Pills
<Palpares>
got it - nix is a subset of haskell. I will look for this manual then. thanks
<MichaelRaskin>
Nope, it is not even a subset of Haskell
<{^_^}>
[nixpkgs] @bjornfor pushed commit from @doronbehar to master « newsboat: 2.17.1 -> 2.18 »: https://git.io/JeNEo
<Palpares>
THANKS all
<mupf>
Can anyone help me out with this? I'm trying to get pip running but all I get is: https://paste.ubuntu.com/p/mvwzVxr3hy/ My nix knowledge is quite rudimentary at this point and the wiki isn't helping either.
<kamadorueda>
yup, should we go in a one-by-one package-PR basis ?
<mupf>
__monty__ creating a venv using python -m venv doesn't seem to work and tobim[m] the explanation in the manual seems kinda outdated because it's based on python2. Sometimes I miss my old distribution where life seemed a bit easier or at least more straight-forward.
b has joined #nixos
<mupf>
why is this so complicated anyway? I just wanna install pip and install python packages as a local user.
<multun>
mupf: it's that complicated because many python packages require patching to work. that's why people use packages from the repositories
<multun>
mupf: actually, many python packages are bindings to C stuff which looks for global things that aren't there with nixos
jmeredith has joined #nixos
teej has joined #nixos
<mupf>
this makes sense
<tomberek>
kamadorueda: usually package version bumps are one-by-one.
<mupf>
the only package I need for my daily work is actually available as a standalone package. unfortunately it's a bit outdated and I can't upgrade it because of the lack of pip
<multun>
myme: pip actually works
<multun>
using venvs
<tomberek>
there is a resonable hack at https://nixos.wiki/wiki/Python that let's you pip install things if all you are doing is trying to testing things out in an adhoc manner
<multun>
mupf: If you try running which python3, you'll notice you're not using the system's python interpreter
<multun>
(I might be wrong, try running `which python3`)
<mupf>
/home/micha/.nix-profile/bin/python3
<mupf>
interesting
<multun>
oops my bad
<multun>
that's super weird then
<o1lo01ol1o>
How can I figure out the location of a cabal file's `data-dir` path?
<clever>
o1lo01ol1o: cabal will generate a <name>_Paths module, which contains that path
<clever>
o1lo01ol1o: you then import that and refer to the strings it exports
<mupf>
multun: I might found the problem
<multun>
mupf: :o ?
<o1lo01ol1o>
clever: import that? I know how cabal uses the data dir, I'm trying to get to some of the files put there during a haskell derivation; it's at /nix/store/___foo-ver-data according to the logs but I'm not sure how to refer to that path given my derivaiton's expression
<mupf>
I kinda … inherited my nix configuration and worked on it ever since I installed NixOS. I believe I misconfigured.
<clever>
o1lo01ol1o: if you define the data-files: in the .cabal file, `cabal install` will put the files there for you
<mupf>
Need to double check though
<clever>
o1lo01ol1o: ekg-wai and that silly jquery package are examples of how its done
<kamadorueda>
it have a lot of dependencies, many of which are not present on nixpkgs, and many that are outdated
<mupf>
multun: ERROR: Could not install packages due to an EnvironmentError: [Errno 30] Read-only file system: '/nix/store/zqr5sy6dxnas41s0axyhhvlqnhwj0ywk-python3-3.7.5/lib/python3.7/site-packages/easy_install.py'
<multun>
mupf: I actually don't have the same python version as you, maybe something broke recently
<multun>
(your's is more recent)
<kamadorueda>
We currently have that 'fluidasserts' package running on production in our company, we have it in cachix too speedup things, but it was built with 'restrict-eval false' and 'sandbox false' in order to access the Internet and make the dependencies managing via python's pip easier, the downside is that it's not pure and I don't feel good with that.
<kamadorueda>
The motivation behind that big PR was to prove myself I could do it pure (sandbox true, restrict-eval true)
<kamadorueda>
We currently have that 'fluidasserts' package running on production in our company, we have it in cachix to speedup things, but it was built with 'restrict-eval false' and 'sandbox false' in order to access the Internet and make the dependencies managing via python's pip easier, the downside is that it's not pure and I don't feel good with that.
<kamadorueda>
The motivation behind that big PR was to prove myself I could do it pure (sandbox true, restrict-eval true)
<tomberek>
kamadorueda: okay, what i do in this case is build an overlay or local definition that works. Seems like you have a nixpkgs branch where it works. Then I'll send PR's for python packages focusing on the ones completely missing. Core packges like pyyaml will probably catch up soon anyway due to ryan-tm. Finally, you'll have a set of packages
<tomberek>
included (good!), a set not included or out of date (can use overrides in your derivation).
<tomberek>
are you familiar with overlays?
cosimone has joined #nixos
reallymemorable has quit [Quit: reallymemorable]
<kamadorueda>
I just got to know NIX one month ago, I see a pretty high potential on it (using Docker as dependency management system has caused us a lot of trouble along the road), nix is just awesome
<multun>
I've never tried creating a venv from such a python environment
NoctisLabs has joined #nixos
<multun>
when you're running "python3", you're running that special shell with only these two packages available
cmacrae has quit [Ping timeout: 268 seconds]
<mupf>
thanks, so now I just comment these lines out and it should work again?
o1lo01ol1o has quit [Remote host closed the connection]
<BugeyeD>
clever: yes ... just want to start with basic layout and single user with ssh key like i have for centos/ubuntu/openbsd. everything else can happen with ansible or nixops or whatever. or maybe i'll figure out how to manage everything during installation.
gyroninja__ has joined #nixos
karetsu has joined #nixos
<multun>
mupf: I think so
gyroninja_ has quit [Ping timeout: 260 seconds]
<clever>
BugeyeD: the current netboot_server.nix doesnt involve any partitioning, the client downloads the entire rootfs at bootup, and runs from ram
<mupf>
multun: how to apply these changes?
<clever>
BugeyeD: but, it does also include the justdoit shell script, which will format /dev/sda, and install nixos normally
<multun>
mupf: "home-manager switch" if you're using home-manager
cmacrae has joined #nixos
<mupf>
I don't even know what home-manager ist :D
<BugeyeD>
clever: ahh. no wonder i wasn't finding it. now to look for justdoit to see if i can leverage that to get what i am after.
<clever>
BugeyeD: its over in the nix-tests repo i think
orivej has quit [Ping timeout: 260 seconds]
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos
o1lo01ol1o has joined #nixos
cosimone has quit [Quit: Quit.]
<kamadorueda>
@tomberek Docker alone is good (alone in the sense of one-laptop, one-dev, one-app),the problem appears when many docker containers are run in the same host,with access to the same Docker daemon.Our first problem was security,we had a big machine in charge of running our CI builds.In this architecture, many devs run many CI buildswhich build,
<kamadorueda>
consume and create many Docker images and containers.Those builds end up being processed by the same Docker-daemon.Which means that different devs in different teams get access to the daemonthat is being used by another devs on another teams.This means they one dev can see the docker images, running and stopped containers,secrets, and environments
<kamadorueda>
of another projects, which is a total leak!Also, you cannot build something inside a docker container unless that docker containeris privileged, which in this architecture is just a bigger leak.Of course there are workarounds,(like this https://github.com/GoogleContainerTools/kaniko), but they come withits cost (more problems than solutions, and
<kamadorueda>
less flexibility from the developing point of view).Sooner or later in the Docker road you'll meet this:https://github.com/docker-library/docker/issues/116And that just makes the security point of view worst.The last problem, when many devs run many docker commands on the same docker daemon, the machineends up with the disk filled, stopping
<kamadorueda>
literally a big portion of the company,(we make PR and integrations to the master branch many times a day per every dev,the CI system is the heart of the company)Finally we solved those problems by changing the architecture:fire up a new machine in AWS, run the build, destroy the machine.(one docker daemon per build)However, when I met nix,
<kamadorueda>
nix-shells, nix-store, reproducible-builds, and same-inputs/same-outputs derivations. Man, we just though:Why do we keep creating solutions in top of the problem (Docker)?, let's just not use the problem and try something else! (Nix)So we are rewriting everything on nix now
<{^_^}>
docker-library/docker#116 (by norpol, 1 year ago, closed): What are the security implications of using Docker in Docker (dind)
<infinisil>
Question: If you'd design a new deployment tool for NixOS systems, what are some things you'd do differently than others?
<tomberek>
infinisil: is this a variant of nixops/morch/krops ?
alex`` has joined #nixos
<infinisil>
tomberek: Yeah pretty much
<infinisil>
(though s/morch/morph)
__monty__ has quit [Quit: leaving]
<infinisil>
So if anybody is using one of those tools, what would you change or do differently?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<tomberek>
perhaps focus on adoption
softinio has quit [Quit: WeeChat 2.6]
<infinisil>
How do you mean?
<tomberek>
infinisil: i like those tools, but the juggernaut of terraform has made it difficult to convince $WORK to adopt. Another aspect that would be nice is something along the lines of Disnix. Many people deploy services these days. So perhaps something that can leverage the large user base of things like terraform, k8s, cloud-hosted stuff like ECS,
<tomberek>
google apps.
<tomberek>
Make it easy to get to "hello world" and a few services up and running.
<tomberek>
many of those tools are push based... make a change, push the change to wherever it needs to be.
<tomberek>
i'd like to just declare my infrastructure and services that talk to each other. push to a git repo somewhere. And everything eventually updates and converges on that description.
<tomberek>
so.... "pull based" converging deployment of services?
<tomberek>
i'm trying to build something like this now, running into some low-level issues: large-file nix-copy support, speed of builds should rival docker pull, easy integration with docker-based orchestration frameworks
<infinisil>
Hmm very interesting
<infinisil>
I'll read a bit about disnix. I've heard of it before, but never really looked into it
<tomberek>
it applies Nix to services. Some of the more experimental extensions into service discovery, avahi, etc. are cool. But never got enough love to really mature.
<tomberek>
oh, sorry, you asked about moving around state? i'm not aware of anything that does that well
leotaku has joined #nixos
<tomberek>
even disnix is limited to small DBs, that's a fundamental limitation that we can't escape (state may be super large), but the idea of managing services can be much better
Bryophyllum has quit [Remote host closed the connection]
<tomberek>
infinisil: another thing that could be useful. Using Nix to manage a pipeline of work. Many of the AI/ML/bioinformatics/etc frameworks just apply functions to large sets of files to produce new sets of files. By considering those "functions" to be "compiling a package" and by Nix's good tracking of provenance, we can achieve good things. As soon as
<tomberek>
intensional store is ready, caching behavior will be even better.
<tomberek>
^^^ probably also needs some form of recursive nix to allow for functions with a dynamic number of outputs
<infinisil>
Hm that doesn't sound like something a deployment tool has something to do with
andymandias_ has quit [Ping timeout: 268 seconds]
<MichaelRaskin>
This is more about Nix as a build tool, I would say
<MichaelRaskin>
Actually, a lot of data pipelines, even mundane small-data statistical analyses would benefit from having a record what summary comes from what data
andymandias has joined #nixos
<tomberek>
infinisil: correct, that last paragraph was a whole different thing. But i'm just throwing ideas around to see what sticks. From a deployment standpoint, my current pain points have been moving around large files and docker-based compatibility. Ease of use. This PR is an attempt along those lines: https://github.com/NixOS/nixpkgs/pull/75810
<{^_^}>
#75810 (by tomberek, 1 week ago, open): dockerTools: split raw and cooked images
<infinisil>
tomberek: Hm I'm not a big fan of docker, seems like unnecessary overhead if you already use nixos
<infinisil>
Having special support for docker feels like supporting legacy
<zeta_0>
after running `jupyter lab` i clicked to open an ihaskell notebook and it threw a bunch of `nix store` errors, is this a nix problem, i don't know what is going on? https://hastebin.com/zejopepare.sql
<tomberek>
infinisil: i agree. In fact, but it has a lot of mindshare and other orchestration/deployment frameworks with lots of development work. I'd love an alternative.
<infinisil>
tomberek: Hm, though what's the problem with NixOS's docker support?
<infinisil>
If NixOS is used you get docker support already
<zeta_0>
i haven ihaskell installed in home.nix, so i don't know why it is not getting recognized?
<tomberek>
infinisil: what are you thinking?
<infinisil>
For how to install NixOS/
<infinisil>
?
<tomberek>
would a "pull-based" service deployment framework hosted on NixOS machines be the sort of thing you are looking for?
<infinisil>
I'm not looking for anything really, just collecting more ideas
<tomberek>
okay... another issue that comes up with all the deployment tools is secret management
<infinisil>
What I have in mind would be push-based I guess, with nodes being able to do deployments and nodes being able to be deployed to
<infinisil>
Yeah I haven't figured out how to do secret management the best way
zeta_0 has quit [Quit: rebuilding]
<tomberek>
i've just used the nixops key approach (/run/keys in tmpfs) or just accepting that the nix store is readable by any user.
karetsu has quit [Quit: WeeChat 2.6]
<infinisil>
Yeah something like the tmpfs approach would be needed imo
<infinisil>
I'm also aiming for it being as decentralized as possible
<infinisil>
But I'm not sure how that plays well with secrets
<infinisil>
tomberek: Also, doesn't nixops require manually loading the secrets every reboot?
<tomberek>
it does
<infinisil>
Hm I'm not sure I like that
<infinisil>
Maybe there should be an option for persistent secret management
<infinisil>
Or loading them automatically
<tomberek>
an option i've considered is to use a nix store located somewhere else. Like "--store local?root=/private_location/" as a means to manage that
<tomberek>
so you have the main /nix and another /private/nix accessible by only particular users
<infinisil>
Hm those then probably don't work well together then
<infinisil>
And I'm not sure having a nix store for secrets gets you much
<infinisil>
I guess you could build "secret" software then
<{^_^}>
#76625 (by Kiwi, 32 seconds ago, open): plasma5+xmonad no longer works after nixos/displayManager: introduce defaultSession #53843
<tomberek>
infinisil: Yeah, that idea isn't fully fleshed out. Are you specifically looking to work on a deployment tool? What about working on some current issues?
<infinisil>
tomberek: Definitely a deployment tool. What current issues? Of nixops?
<infinisil>
All of the currently known deployment tools aren't compatible with other ideas I have
<tomberek>
ah... can you elaborate on those other ideas?
<infinisil>
tomberek: Context: For the last ~year or so I've thought about what I want from a deployment tool and started working a little bit towards that. In recent times I've started helping out the company Niteo with Nix stuff, and they want to have a system for automatically rolling back machines in case of errors
<infinisil>
So I thought that it would make sense to work on a single deployment tool that can do all that's needed from my side and the company's side
cmacrae has quit [Quit: ERC (IRC client for Emacs 26.3)]
selfsymmetric-mu has quit [Remote host closed the connection]
<betaboon>
is anyone running lightlocker? i cant seem to figure out to run it properly :(
selfsymmetric-mu has joined #nixos
<zeta_0>
infinisil: could you help me out? i installed ihaskell separately but for some reason nix is looking in ghcWithPackages(where i have my ghc and the other packages installed), i also have lib.lowPrio setup so maybe that is causing the error? i did not have these problems with the previous stable version of nix?
<Ankhers>
Does anyone have an example of how to start postgres or development?
<selfsymmetric-mu>
Ankhers: Oh, it's so easy on NixOS. Just `services.postgresql.enable = true;`.
<Ankhers>
Is that the suggested way to do it? Not through shells?
<Henson>
I noticed that python27Packages.scikitimage for NixOS stable 19.09 isn't able to be installed using nix-shell or nix-env, giving this error: error: dask-2.2.0 not supported for interpreter python2.7. I looked in the NixOS Git issues and didn't come across this issue. Is this something that's known, or should I report it? Or perhaps I'm doing something wrong.
<zeta_0>
Ankhers: want me to pastebin my postgresql setup in configuration.nix?
<infinisil>
Henson: Can you not use the python3 version?
<Ankhers>
zeta_0: That would be great, thanks.
<Henson>
infinisil: I could for the script I'm trying to run, but there's other software written in python2.7 that I'd also like to use it with.
jmeredith has quit [Quit: Connection closed for inactivity]
<infinisil>
You should be able to mix and match python versions as long as you clearly separate them
<tomberek>
infinisil: i like the writeup. I'm currently writing a map-reduce tool that uses a cluster of NixOS machines and Nix package deployment to make it easier to create ad-hoc data pipelines. It's very much SSH based and pushes around packages with Nix. Has the ability for any of the machines to become the "orchestrator" or just a normal node. I'm not
<tomberek>
sure how your "git-based" management will work, but gitolite and upcoming flake support are good examples. I would be very interested in multi-host abstraction modules.
kahiru has quit [Remote host closed the connection]
<Henson>
infinisil: something like this fails: nix-shell -E "with import <nixpkgs> {}; (python27.withPackages (ps: with ps; [scikitimage])).env"
<Henson>
betaboon: shouldn't scikit-image be removed from the python27Packages then, or an old one that is still compatible with python27 be put in there?
kahiru has joined #nixos
<{^_^}>
[nixpkgs] @hedning opened pull request #76626 → nixos/displayManager: fix typo in legacy sessions → https://git.io/JeNVD
<infinisil>
tomberek: Cool, thanks for the feedback. I'm also not entirely sure how the git thing will work out
<Henson>
betaboon: thanks for pointing out the version incompatibility
<tomberek>
I've done a git based deployment before with bare repos. It was very powerful and allowed me to avoid merges.
<infinisil>
Henson: The error you got there is the python packaging way of saying it's not supported on 2.7, which seems a lot better than just an "attribute not found" error
<zeta_0>
infinisil: if you don't want to help me just tell me, its ok, it sucks being ignored
<infinisil>
tomberek: Yeah I'm also thinking bare repos perhaps, each machine can be a remote potentially. Slight problem is with changes that involved multiple machines