fendor has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Remote host closed the connection]
cosimone has quit [Ping timeout: 260 seconds]
drakonis has joined #nixos
Havvy has quit [Quit: Computer Restarted or Restarting IRC]
klntsky_ has quit [Remote host closed the connection]
Havvy has joined #nixos
klntsky_ has joined #nixos
<evanjs>
Welp. Looks like my touchpad problem was a gdm thing in the end. lightdm works, at least
mbrgm_ has joined #nixos
mbrgm has quit [Ping timeout: 272 seconds]
mbrgm_ is now known as mbrgm
<evanjs>
I wonder how I could determine if this is a NixOS thing or GDM thing. Not seeing anything under issues for e.g. "GDM input"
<evanjs>
jtojnar: worldofpeace any ideas as to why gdm might not initialize mtrack/touchpad, but lightdm works fine? (Hopefully the right people to ping x_x)
<ajs124>
evanjs: maybe the GDM module sets some input driver stuff? I think the plasma5 module "recently" (read in 19.09) started enabling the libinput driver by default, when I very much want to use the legacy synaptics driver.
<worldofpeace>
gnome3 module enables libinput because the touchpad settings in gnome-control-center uses libinput
<evanjs>
hrm. I tried enabling both, either way (separately, that is)
UndefinedIsNotAF has quit [Ping timeout: 264 seconds]
<worldofpeace>
I believe similar for plasma5, which I had default enabled in 19.09 because of the installer iso
UndefinedIsNotAF has joined #nixos
<worldofpeace>
evanjs: I've actually never heard of mtrack?
<{^_^}>
[nixpkgs] @marsam opened pull request #78002 → podman: enable on darwin → https://git.io/Jvk2T
<worldofpeace>
evanjs: I'm confused, "any ideas as to why gdm might not initialize mtrack/touchpad", is mtrack something else?
<evanjs>
worldofpeace: sorry, that was another thing in the logs from earlier and I'm not sure if mtrack is related. My core issue is that: evtest reveals that my touchpad provides input, and e.g. gpm works, but my cursor cannot be moved in Xorg
<{^_^}>
[nixpkgs] @marsam opened pull request #78003 → mrsh: enable on darwin → https://git.io/Jvk2t
<evanjs>
looking back, I see messages like "mtrack: cannot configure device" and "Couldn't init device "ETPS/2 Elantech Touchpad"" - but in short, touchpad input is not getting through to Xorg, as far as i can tell
<evanjs>
note that I am using xmonad, though I don't think that matters in this case, as the mouse doesn't work on even the GDM locker/login page, where it will for lightdm's
dongcarl has joined #nixos
<hpfr[m]>
Is there a latex environment that is cached? texlive combined medium never is for some reason
<evanjs>
hpfr[m]: what channel are you on?
<hpfr[m]>
Unstable
<hpfr[m]>
Nixos-unstable
wildtrees has quit [Quit: Leaving]
<evanjs>
not sure how to check but unsure I'd assume that might not be part of the packages for nixos-unstable. When I switched to 20.03 I just locked texlive to stable :P
<evanjs>
oh. or not. I guess it didn't take that long
<evanjs>
which is surprising, since I have scheme-full...
<worldofpeace>
evanjs: You still didn't make it clear if, you're using mtrack (the driver) or if it's with libinput. Mtrack in nixpkgs (services.xserver.multitouch) hasn't been touched in in 8 years
<evanjs>
worldofpeace: sorry, thanks for helping me clarify! I take it "services.xserver.multitouch.enable" would be what you're asking about?
<evanjs>
because that seems to be enabled... hrm
<worldofpeace>
Yes, and it's soo untouched and unmaintained that it's probably a waste of time
<evanjs>
Oh man. It's weird that it only happened on gdm though. Wonder why it came out of nowhere like that
<worldofpeace>
I've actually seen people enable that accidentally (thinking it's libinput) several times no
<evanjs>
Even moreso if that
dongcarl has joined #nixos
<evanjs>
is the only multitouch option available atm
<evanjs>
worldofpeace: wait is disabling multitouch really all I need to do? Because that's been enabled on here... let me try leaving libinput on and disabling multitouch
<worldofpeace>
evanjs: I'm currently opening writing the PR to remove mtrack and xf86-input-multitouch to avoid this in the future
felixfoertsch23 has quit [Ping timeout: 272 seconds]
UndefinedIsNotAF has quit [Ping timeout: 252 seconds]
UndefinedIsNotAF has joined #nixos
felixfoertsch has joined #nixos
takeda has joined #nixos
zeta_0 has quit [Quit: rcirc on GNU Emacs 26.3]
acarrico has quit [Ping timeout: 260 seconds]
Supersonic112 has joined #nixos
Supersonic has quit [Disconnected by services]
Supersonic112 is now known as Supersonic
fusion809_ has quit [Read error: Connection reset by peer]
fusion809__ has joined #nixos
init_6 has joined #nixos
<clever>
noonien: $CC, $LD, and $OBJCOPY always point to the target tools
<danderson>
is there a good documentation source for using patchelf? I'm contributing a non-free Go package to nix, which is dynamically linking to the basic libc libraries (libc, libpthread, ld-linux). I added autoPatchelfHook, but `ldd` shows the libraries are still resolving to non-nix paths.
<infinisil>
danderson: Did you add the necessary libraries to buildInputs?
<danderson>
... that would help, wouldn't it...
<infinisil>
Hehe yes probably
fusion809__ has quit [Remote host closed the connection]
fusion809__ has joined #nixos
<scheming_around>
What's the difference between "gawk", "gawk-interactive" and "gawk-with-extensions"?
<init_6>
What's the difference between "some", "some interactive" and "some with extensions"?
takeda has quit [Ping timeout: 265 seconds]
<danderson>
hmm, doesn't help. I'm suspecting the autopatching hook only works for stuff built by the derivation, not a binary downloaded from somewhere else.
<scheming_around>
init_6: I wouldn't be asking if I knew...
spacefrogg has quit [Quit: Gone.]
aw has quit [Quit: Quitting.]
aw has joined #nixos
spacefrogg has joined #nixos
hoobershaggus has joined #nixos
hoobershaggus is now known as noob
<xa0[m]>
init_6: tho number of words?
rleppink` has quit [Ping timeout: 258 seconds]
<evils>
scheming_around: gawk is GNU's version of the awk tool; gawkInteractive is that plus readline and the manual, not sure what it's used for, maybe for the debug mode going by the manual; gawk-with-extensions adds a bunch of extensions, like csv and json, presumably to make it easier to work with those formats for example
iqubic has joined #nixos
<iqubic>
Alright... I have a question.
<iqubic>
Why is it that when ever I click on a link in the GUI chat program Discord, it doesn't actually open any link at all.
<iqubic>
Like, I want it to open the link in the already open instance of Firefox, but it doesn't do that. It doesn't do anything at all.
<clever>
iqubic: check what discord prints to stdout when you click the link
<clever>
iqubic: if its an fhs wrapper, then that will break it entirely
<danderson>
okay so... does `ldd` not resolve rpath correctly or something?
Guest92090 has quit [Ping timeout: 240 seconds]
<danderson>
`ldd` on my built binary says stuff resolves to the system's libraries, but `patchelf --print-rpath` shows the correct rpath on the binary, and the rpath is a directory with libc.so.6 in it
<danderson>
so... confused.
<hpfr[m]>
Difference between nix.optimise.automatic and nix.autoOptimiseStore?
judson__ has joined #nixos
drakonis has quit [Ping timeout: 260 seconds]
<init_6>
store for storage?
judson_ has quit [Ping timeout: 260 seconds]
<hpfr[m]>
init_6: what? Sorry I’m not sure what you mean if you’re responding to me
<hpfr[m]>
Oh wait I think nix.optimise.automatic has a corresponding nix.optimise.dates so you can set times. When would nix.autoOptimiseStore do it then?
<danderson>
It builds fine, but libc.so.6 isn't resolving to the nix glibc.
<danderson>
autoPatchelfHook isn't inserting the rpath for glibc. When I `patchelf` manually in the install phase, the rpath gets set, and the provided rpath contains a `libc.so.6`, but `ldd` still doesn't see it.
<danderson>
I'm sure I'm missing something obvious... I just don't know what :(
buckley310 has joined #nixos
<hpfr[m]>
clever: iqubic: are you using the flatpak? I think this is a thing with flatpaks and sandboxing, I don’t know how to fix it on NixOS yet. You also can’t find files with the OS file chooser cuz there’s perms for that that have to be set too
<danderson>
the fact that autoPatchelfHook isn't inserting the glibc rpath suggests to me I'm doing something wrong and using the wrong libc package as input or something, but looking at other unfree packages, they seem to do fine without further tweaking...
dongcarl has joined #nixos
dongcarl has quit [Client Quit]
horner has quit [Quit: zzZzZzZzZZZzzz…]
* colemickens
dang, tailscale looks cool
<colemickens>
wow, that's a team too
<danderson>
I'm joining them next week!
<danderson>
meantime, need to get tailscale on my own machines, which means nixos support :P
<colemickens>
I was going to ask :) I recognize your name from a nat punching lib I used ages ago.
<danderson>
hah, yeah. Formerly code.google.com/p/nat I think
<danderson>
worked okay, but was missing a couple tricks I learned since then
<colemickens>
Sounds cool! (Another small world thing feeling of seeing certain NixOS users in other circles/lives too.)
<danderson>
heh, indeed. small world.
<colemickens>
I wish I had something more useful to suggest. Most of my attempts to package non-source builds have ended in failure
<hpfr[m]>
danderson: what’s the difference from nebula (open) or ZeroTier (also closed)?
<danderson>
okay, I think I've figured out my linking woes. Looks like the tailscale binary was linked against glibc 2.4, and when I pull glibc in nix, I get 2.7
<danderson>
I'm betting symbol mismatches
<danderson>
hpfr[m]: nebula lacks a management plane or NAT traversal. It's great for server<>server meshing, but lacks some stuff for other cases (IMO, of course)
<danderson>
zerotier focuses a lot on the tech layer, and less on "making it pleasant to use" (again, in my very biased opinion :) )
<hpfr[m]>
danderson: I know nebula can connect machines on different networks separated by NAT, so what does NAT traversal mean
mexisme_ has quit [Ping timeout: 260 seconds]
<danderson>
this could be a whole conference talk, but basically, the way nebula connects peers works okay with "well behaved" NATs. Think two linux NAT boxes.
<danderson>
but it won't work in more adversarial networks, such as horizontal traffic through a CGNAT ISP (between 2 customers of that ISP), or through some silly "security gateways" that do their best to scramble the outbound connections
<hpfr[m]>
So not across the wider internet in general? They talk about working with cloud instances and stuff which would be non simple NAT right?
<danderson>
that's what I mean when I say Nebula works well for server<>server: in environments where you control the NAT devices on either end of the network, you can adjust them and make them friendly enough for basic traversal to work
<danderson>
but if you don't control the NAT devices, you need to apply more traversal techniques to break through
<hpfr[m]>
Oh, ok
<hpfr[m]>
Thanks
<danderson>
I would *love* to gather some telemetry on the state of NAT across the internet, but my rule of thumb: the kind of traversal nebula is doing (basically, use lighthouse as an intermediary to discover + propagate your public ip:port) works for 90% of NATs out there
<danderson>
but "works 90% of the time" isn't great for a VPN product :)
<danderson>
Nebula "gets around" this because it's designed for server<>server, cloud<>cloud. Those environments are (a) pretty well behaved compared to consumer and corporate networks, and (b) the endpoint owners also own/control the NATs
<danderson>
so if the connection doesn't work, they can manually punch holes in the NAT, or tweak its behavior.
<danderson>
and a server<>server network is pretty stable too. It's pretty much always "AWS<>Azure", the network conditions don't change much.
takeda has quit [Ping timeout: 268 seconds]
<hpfr[m]>
Oh yeah probably more static IP’s and stuff
<danderson>
for tailscale, our goal is connecting "my personal laptop" and "my phone". The phone could be on a horrible cellular network with v6-only and NAT64, the laptop could be on a corporate network with a really intolerant "security device"
<danderson>
we want the connection to work even in those terrible conditions.
<hpfr[m]>
Oh cool
<danderson>
For the more extreme cases, we'll have to proxy throuh relay nodes (traffic encrypted e2e, so it's less efficient on the network, but just as secure)
<hpfr[m]>
Makes sense now thanks for the explanation
<danderson>
but I think we can probably get up to 99% direct connections, or more... It'll just take a bunch of work :)
<hpfr[m]>
Well as long as you’re here I’ve got a dumb networking question. I’m behind CGNAT at home and I want to be able to access my home network while away. I can’t just set up a VPN because of CGNAT and also because my ISP doesn’t support IPv6 >:(. Do I get a small VPS and do site to site and connect to the VPS? Or something else?
<colemickens>
The static ip and hostname was sort of appealing to me. I prefer self-hosting WG for when I need such scenarios but I actually almost like just using HiddenServices more because they have really stable, reliable, no-work identifiers.
<danderson>
well, I hate to advertise, but tailscale is designed for exactly that, punching through silly things like cgnat :D
<danderson>
if you want to use OSS only, hmm, let me think
gpsych has quit [Ping timeout: 260 seconds]
<danderson>
okay the simplest in terms of setup is: get a VPS, run a wireguard tunnel from your home to the VPS, and connect your laptop/etc to the VPS as well over wg
<danderson>
and route via the VPS.
<hpfr[m]>
danderson: yeah, preferably FOSS haha. Nebula actually seemed cool, but I think a VPS with WireGuard might be easier and from what you just explained more reliable
<hpfr[m]>
Ok sweet that’s what I was planning
<danderson>
in general, the simplest solution to NAT traversal is "don't do it", i.e. use a server on the public internet as a relay
<hpfr[m]>
Right
<danderson>
it's less efficient in terms of network path (e.g. if your phone and laptop are both on LAN, you can't use the same IP to talk to them unless you hairpin through the internet
UndefinedIsNotAF has quit [Ping timeout: 252 seconds]
<xa0[m]>
What about dynamic dns and port forwarding
<danderson>
but it's simple and foolproof
<hpfr[m]>
I gathered as much from searching CGNAT on r/homenetworking haha
UndefinedIsNotAF has joined #nixos
<danderson>
xa0[m]: CGNAT (carrier-grade NAT) breaks this
<xa0[m]>
Oh
<xa0[m]>
Oof
<danderson>
with CGNAT, your home router is 1 layer of NAT, but the ISP adds a second layer before the internet
<xa0[m]>
Yikes
<danderson>
so you have no way to forward ports on the "real" NAT gateway in the ISP network
<danderson>
in *theory*, RFCs say that carrier grade NATs should implement PCP (Port Control Protocol), which lets clients request port forwards
<hpfr[m]>
If I had IPv6 would you suggest different? Or do my road devices need to have that all the time too
<danderson>
I'll give you 1 guess how many ISPs implement it...
<hpfr[m]>
My ISP has v6*
<hpfr[m]>
yeah, 0 haha
<danderson>
if you have v6... it depends :)
noob has quit [Remote host closed the connection]
<danderson>
in general, if you have v6, then your home devices are globally reachable
<danderson>
you can just connect to their global IPv6 address. You might have to use dynamic DNS to find them, if your ISP doesn't route a static prefix to you
<danderson>
(some jerk ISPs do this, to make it harder to run servers and force you to buy "business" service, which has static prefixes...
* colemickens
has symmetric gigabit but no ipv6 :(
<danderson>
the problem with IPv6 is adoption. If you only ever travel to places that have ipv6 as well, then it's great
<hpfr[m]>
Wouldn’t my home devices v6 addresses still change with DHCP?
<danderson>
but, depending on your country, your probability of v6 is 30-50%
<danderson>
so to be really robust, you still need a fallback option
<danderson>
*usually*, with IPv6, your ISP routes a static /64 or /56 of IP space to your router
<danderson>
and then your router announces that prefix to the LAN, and clients autoconfigure with a public IP
<danderson>
but, some ISPs dynamically assign the /64, so if your router reboots, all your public IPs change
<danderson>
also some clients use IPv6 privacy extensions, and automatically rotate their IPv6 address every N minutes
<danderson>
for servers you need to disable that, obviously :)
<hpfr[m]>
Which is kind of stupid right? (Dynamically assigning v6) there’s so many!
<hpfr[m]>
Oh for privacy, ok
<danderson>
(or use tailscale, which will just propagate the new IPv6 to your other devices, and the VPN mesh will self-heal!)
<danderson>
yeah, for privacy
<danderson>
dynamic prefix assignment from ISPs is dumb, yes
<danderson>
it's usually because they just duct-tape IPv6 onto their existing infrastructure, which is all dynamic assignment
<danderson>
or like I said, because they want to force you to buy $$$ business service
<danderson>
"oh, you want servers with a stable IP? +$100/mo, thanks!"
<danderson>
but I think for most of them, it's just "legacy reasons"
<danderson>
for example, my ISP assigns the IPv6 prefix based on your IPv4 address
<danderson>
so if you have a dynamic IPv4 addr...
<hpfr[m]>
> $100/mo, “legacy reasons”
<hpfr[m]>
Decentralized internet alternative when haha
<{^_^}>
error: syntax error, unexpected $undefined, at (string):274:1
<danderson>
anyway. For maximum robustness in the world today, and without some fancy software like tailscale, the most robust+simple option is a VPS and use that as your VPN endpoint
<hpfr[m]>
Sounds good, thanks again
<danderson>
hpfr[m]: I have a whole rant (that will maybe someday be a talk) about how NATs basically broke the decentralized internet
<Dagger>
if you have v6, then you can avoid the VPN part. just reverse proxy onto your v6 addresses
<hpfr[m]>
I would read that blog post
<danderson>
everyone who starts writing decentralized software gets to "oh crap, I have to solve NAT traversal to connect A to B"
<danderson>
and they give up and make client/server software in the cloud
<Dagger>
and even then, you only need to do it for v4. v6 can go directly to your home servers, skipping the extra hops
<hpfr[m]>
But like danderson said doesn’t it depend on if my clients have v6 where I’m traveling
<danderson>
so NATs, which are mostly a cost-saving measure (save on IPv4 addrs), forces the internet to be 1-direction
drakonis has joined #nixos
<danderson>
you are the client, you consume information from The Internet, the services in the cloud who can afford to be on the public internet
<danderson>
it forces the entire internet to be producer (the cloud) -> consumer (home users)
<Dagger>
if they have v6 then they can connect directly to your home server. if they don't, then the connection would go via the VPS reverse proxy
<danderson>
if you can "remove" NATs from the world, suddenly the "consumers" can easily become producers again!
<danderson>
you don't need an expensive cloud if everyone can just talk to each other.
<hpfr[m]>
Yeah I’d still need the VPS
<Dagger>
and you don't really need to bother with a VPN between the VPS and your home network, that's just extra admin overhead
<danderson>
anyway. That's why I care about this problem personally. NATs broke everyone's brain and convinced them that clouds are necessary.
<danderson>
I want to fix that :P
<hpfr[m]>
danderson: yeah while I was reading up on CGNAT I found a lot of people coming to the same conclusion, it’s bogus
<colemickens>
Dagger: unless the goal is to make many devices visible to each other rather than just exposing a single local port outward. I think the multi-device VPN warrants something likeWG
<danderson>
or maybe IPv6 will reach 100% adoption, and people will stop doing dumb things like NAT66 and extremist stateful firewalls... But IMO it'll take another 20+ years :(
<danderson>
and I don't want to wait :D
<hpfr[m]>
That long? Adoption graphs look more promising than that but I guess 100% is a lot different than 90
<colemickens>
I'd love to see a technical comparison of tailscale/argo/hiddenservices. Particularly the first two, if there's a huge fundamental difference or if they're pretty similar.
<danderson>
yeah, exactly. Networking is weird, because it *cannot* break
<Dagger>
there are uses for VPNs, I'm just pointing out that making a v6-only service accessible from random v4-only clients does not need to be one of them
<hpfr[m]>
colemickens: by hiddenservices do you mean .onion?
<danderson>
if it works 90% of the time, it's fine for personal users like me, but it's not acceptable as a general solution
<colemickens>
hpfr
<colemickens>
yes
<danderson>
colemickens: argo as in the cloudflare product?
<colemickens>
argo tunnel to be specific
<hpfr[m]>
You find that user friendly enough for regular (non privacy conscious) use? Genuine question I’ve never really used tor
horner has joined #nixos
<hpfr[m]>
Oof, cloudflare
<colemickens>
hpfr: It was easy to configure in nixos (2 lines?) and a single nix-env to get tor browser.
<danderson>
right. I view argo as similar to other beyondcorp systems: it's a huge improvement compared to "VPN into a concentrator and then you have total access to everything behind it"
<hpfr[m]>
Yeah I guess if you bookmark them
<colemickens>
The onion urls are completely opaque blobs that get copied around and are only really practical for me. :) But I still get a huge kick out of it.
<danderson>
but (again IMO), it's solving the problem at the wrong layer. This should be a layer3 problem, not a "connect sockets and proxy through someone else's network" problem
<danderson>
and also, I have an objection personally to giving cloudflare more power over my traffic
* colemickens
nods at the last bit
<hpfr[m]>
^ this
<danderson>
and in general to solutions that are "just connect to us and we'll take care of it"
<colemickens>
That's why I like the onion approach. I pay and trust no one. It can work from a headless RPI with an image I can burn and boot and have accessible almost no matter what.
<danderson>
I want a system where (a) my traffic isn't at the mercy of cloudflare, and (b) where I control the management plane
<hpfr[m]>
Now they’ve got all the medium tech savvy people into 1.1.1.1, not realizing it’s just more centralization
<danderson>
I have plans for all this with tailscale, but obviously it's all just ideas for now :)
<colemickens>
danderson: Hm. I assumed at some level tailscale was operating a per-VPN large WG instance too, but maybe thats the wrong assumption
<hpfr[m]>
danderson: hard to do when it’s closed source ;)
<danderson>
colemickens: tailscale has a centralized (but not unique) control plane: all devices dial into a "coordinator" that handles auth, key propagation and helps with NAT
<danderson>
but then all the connections are p2p wg tunnels
<danderson>
hpfr[m]: I have... plans about that, stay tuned ;)
<colemickens>
All?
<danderson>
(no promises, etc.)
<danderson>
yes, all. Your phone has direct tunnels to all your other devices
<hpfr[m]>
danderson: doesn’t even work there yet, plans to overhaul the licensing
mexisme_ has joined #nixos
<hpfr[m]>
Mad respect
<danderson>
well, one exception: if the NAT situation is _so_ terrible that we can't punch through, the traffic gets routed through relay nodes. But the relay nodes are dumb UDP relays, no visibility into the traffic
<danderson>
and it's a last resort "okay NAT punching failed, here's your connectivity anyway"
<colemickens>
Yeah, but you're sitll there to try to get the cases where you can punch but need temporary coordination
<colemickens>
I think I get it enough now :)
<danderson>
so, yeah: centralized control plane (everyone talks to the coordinator), but it's only coordination traffic. The data plane where devices talk to each other is distributed
<danderson>
I'd be interested to experiment with a decentralized control plane, but that adds a huge amount of complexity, and it's not clear who wants to buy a product that does that
<danderson>
(on the contrary, enterprises want a centralized management point :) )
<danderson>
ANYWAY, back to nix packaging. I need to figure out how to give this derivation glibc 2.24, it seems.
<danderson>
... there has to be multiple glibc versions in nix, right? I think I've seen older versions pulled in sometimes before
lovesegfault has quit [Quit: WeeChat 2.7]
<danderson>
hmm. I guess not, I only see one version :/
UndefinedIsNotAF has quit [Ping timeout: 264 seconds]
<danderson>
hrm. Even more puzzling, looking at symbol versions, the nix glibc should work...
domogled has joined #nixos
UndefinedIsNotAF has joined #nixos
dongcarl has joined #nixos
<danderson>
... okay, more confused now. One binary resolves paths correctly, the other wrong. They have the same deps, and I handle them the same...
<danderson>
colemickens: hmm, maybe?... I'd have to binary diff the ELF to find mutations, if any...
<{^_^}>
[nixpkgs] @jonringer merged pull request #74094 → nixos/kubernetes: allow configuring cfssl API server SANs → https://git.io/JeP30
<{^_^}>
[nixpkgs] @jonringer pushed commit from @anmonteiro to master « nixos/kubernetes: allow configuring cfssl API server SANs »: https://git.io/Jvkyg
dongcarl has joined #nixos
mac10688 has quit [Ping timeout: 272 seconds]
dongcarl has quit [Client Quit]
hoobershaggus has joined #nixos
gpsych has joined #nixos
<{^_^}>
[nixpkgs] @danderson opened pull request #78008 → tailscale: init at 0.94-236. → https://git.io/JvkyM
<danderson>
\o/
<danderson>
now for the nixos module...
<danderson>
... after sleep. 2am.
Heirlung has quit [Read error: Connection reset by peer]
Heirlung has joined #nixos
<{^_^}>
[nixpkgs] @colemickens opened pull request #78009 → nixos: home-assistant: can dial out → https://git.io/JvkyQ
<{^_^}>
[nixpkgs] @colemickens opened pull request #78015 → pythonPackages.getmac: init at 0.8.2 → https://git.io/JvkSU
<xa0[m]>
why do these paths keep happening
<xa0[m]>
the long eeeee paths
<xa0[m]>
just curious
<danderson>
colemickens: having fun I see :D
<colemickens>
I was a bit too greedy in a single PR so a lot of git commands later, more PRs to review, hurray!
opthomasprime has joined #nixos
<colemickens>
Several times a year I look at how far my nixpkgs is away from nixos-unstable and try to minimize that diff.
<{^_^}>
[nixpkgs] @colemickens closed pull request #77883 → home-assistant: upgrade to 0.104.1, add support for zwave/zha adapters, add various python modules for components → https://git.io/JvTE7
<ivan>
what is the incantation that gets vmware workstation mouse working properly in a nixos master guest? virtualisation.vmware.guest.enable = true; is not it
<ivan>
guest manages to resize its display but the mouse does not move at all
<ivan>
this could be the problem but the suid wrapper should be making Xorg run as root
<ivan>
[ 17.638] (EE) PreInit returned 2 for "ImPS/2 Generic Wheel Mouse"
<ivan>
[ 17.638] xf86EnableIOPorts: failed to set IOPL for I/O (Operation not permitted)
<ivan>
and X is running as root
<ivan>
oh I have to look at a new xorg log path now that it's running as root instead of my user
<ivan>
ah, enabled the ImPS/2 mouse in xfce4 and all is good now
<ivan>
thank you IRC rubber duck
<ar>
ivan: wouldn't that be journalctl --full --unit display-manager?
<ar>
or do you not use a DM at all?
<ivan>
I just found it in /var/log
<ivan>
I had lightdm
<ivan>
well, it was failing hard earlier because I did not have lightdm
<ivan>
so the vmware nix thing had nothing to wrap when I did startx, I think
cosimone has joined #nixos
acarrico has joined #nixos
<juhe>
I'm in a situation I want to remove some stuff from /nix/store, but don't want to delete dependencies already downloaded by most recently failed "nix build ..." (due to insufficient disk space). I removed some stuff from /nix/var/nix/gcroots/auto and then did nix-store --delete /nix/store/ms59... (the directory deleted link pointed to), but I still get that path is still alive...
<symphorien>
if /run/current-system depends on what you remove, it will *uninstall you whole system*
<juhe>
I know, did that twice :-D in the past and won't do that anymore as long as my memory will serve me.
<DigitalKiwi>
that's me!
<__monty__>
I blame both rm and git for teaching people --force is fine.
<juhe>
lol, yes
<juhe>
I've run nix-collect-garbage -d to get rid of the situation, nix verify --all didn't report anything (except some missing singatures), but that's maybe because previous command fixed the problem the brute force way. If I get this kind of problem again, I'll run it in reverse sequence.
kraem has joined #nixos
Mrmaxmeier has joined #nixos
cosimone has quit [Quit: Terminated!]
orivej has joined #nixos
Kritnich has quit [Quit: Bye bye.]
<{^_^}>
[nixpkgs] @wamserma opened pull request #78024 → minidlna: provide configuration option for announce interval → https://git.io/Jvk5Y
init_6 has quit []
<{^_^}>
[nixpkgs] @flokli merged pull request #78019 → captive-browser: runs on all platforms → https://git.io/Jvk9U
<jollyjester>
hello this package request has been sitting alone and untouched for quite a while, qt and c++ are hard to work with but it'd be great if someone can get this package in the repos https://github.com/NixOS/nixpkgs/issues/67632
<{^_^}>
[nixpkgs] @mawis opened pull request #78026 → rosegarden: add alsaLib as a dependency → https://git.io/Jvkds
<aanderse>
not sure if you recall back to our conversation a while back about attrsOf not having context in the key or not...
<infinisil>
Can't remember anything just from that description
drakonis has joined #nixos
Chiliparrot has joined #nixos
<aanderse>
attrsOf keys don't have context so you can't put "${pkg.blah}" as an attr key
dongcarl has joined #nixos
<aanderse>
do you have any concept if it would be possible to extend the type system to make a type like attrsOf that keeps context in the keys? i see attrsOf is defined in types.nix, but something tells me that might need tob be changed in the c++ code... no idea
o1lo01ol1o has joined #nixos
<infinisil>
Ahh yes
m1cr0man has quit [Quit: G'luck]
<infinisil>
Yeah I don't think that's possible
* infinisil
goes to eat for a bit now
<aanderse>
yeah... figured. thought i'd ask, though
<aanderse>
thanks
<arcnmx>
iirc yeah it's not just nixpkgs, but nix itself won't let you put context in attrset keys?
<aanderse>
arc: yeah, that was my guess too... but had non idea, so thought i'd ask
TwoNicToupper has quit [Remote host closed the connection]
TwoNicToupper has joined #nixos
Guest84 has joined #nixos
<Guest84>
```s = rec { a = 3; "2" =9; c = a;}``` allows me to assign c the value of a. How do I assign `c`, the value of `"2"`?
TwoNicToupper has quit [Remote host closed the connection]
<c382feb9>
Guest84: how about using double apostrophes instead of quotes?
<Guest84>
You mean double single quotes?
<c382feb9>
yes
<Guest84>
> a = 3
<{^_^}>
a defined
<Guest84>
> s = rec { a = 3; "2" =9; c = a;}
<{^_^}>
s defined
<Guest84>
s
<Guest84>
>
<Guest84>
> s
<{^_^}>
{ "2" = 9; a = 3; c = 3; }
<c382feb9>
> s = rec { a = 3; "2" = 9; c = ''2''; }
<{^_^}>
s defined
<c382feb9>
s
<c382feb9>
> s
<{^_^}>
{ "2" = 9; a = 3; c = "2"; }
<Guest84>
They all assign c to "2"
<c382feb9>
oh you expect it to be 9?
<Guest84>
I want c to be same as whatever s."2" is
<Guest84>
yeah
<c382feb9>
hm
<c382feb9>
> let two = 9 in s = rec { a = 3; "2" = two; c = two }
<{^_^}>
error: syntax error, unexpected IN, expecting ';', at (string):275:13
<c382feb9>
> let two = 9; in s = rec { a = 3; "2" = two; c = two }
<{^_^}>
error: syntax error, unexpected '=', expecting ')', at (string):275:19
<c382feb9>
> s = let two = 9; in rec { a = 3; "2" = two; c = two }
<{^_^}>
error: syntax error, unexpected '}', expecting ';', at (string):202:54
<c382feb9>
> s = let two = 9; in rec { a = 3; "2" = two; c = two; }
<{^_^}>
s defined
<c382feb9>
s
<c382feb9>
damn
<c382feb9>
> s
<{^_^}>
{ "2" = 9; a = 3; c = 9; }
<c382feb9>
Guest84: so how about with a let?
<arcnmx>
you can just use c = s."2", but I'm not sure if there's a way to otherwise
<Guest84>
arcnmx: Thanks, that's what I wanted
<Guest84>
c382feb9: Thanks for trying to help :)
<arcnmx>
the limitation there being that you do need to use let to assign a name to s, and can't just use it in any rec
<c382feb9>
> s = { "2" = 1; b = s."2"; }
<{^_^}>
s defined
<c382feb9>
> s
<{^_^}>
{ "2" = 1; b = <CODE>; }
<c382feb9>
what's this <CODE> thing?
<Guest84>
arcnmx: Good to know. Luckily in my current use case, I do have a let there.
horner has joined #nixos
<arcnmx>
mm just an annoyance really, you can throw the let self = { ... } anywhere you have a rec { ... }, it just makes things slightly more verbose/awkward.
<arcnmx>
er (let self = { ... }; self) and the brackets are ugly but eh :p
<{^_^}>
[nixpkgs] @veprbl merged pull request #78027 → Remove myself from maintainers on some packages → https://git.io/JvkdV
<{^_^}>
[nixpkgs] @veprbl pushed commit from @ivan to master « treewide: Remove myself from maintainers on some packages (#78027) »: https://git.io/Jvkx6
<infinisil>
Not often can 4 issues be closed from a single PR ^^! Admittedly they were 4 duplicates, but still
cosimone_ has quit [Client Quit]
cosimone has quit [Ping timeout: 252 seconds]
cosimone has joined #nixos
Kritnich has joined #nixos
cosimone has quit [Quit: Quit.]
v88m has joined #nixos
troydm has quit [Quit: What is Hope? That all of your wishes and all of your dreams come true? To turn back time because things were not supposed to happen like that (C) Rau Le Creuset]
troydm has joined #nixos
medvid_ has joined #nixos
medvid has quit [Ping timeout: 268 seconds]
test53453535[m] has joined #nixos
<test53453535[m]>
how to force nix to pull the latest grub source and build it instead of just installing grub-2.04 binary?
<infinisil>
test53453535[m]: You can do that by overriding grub's source, e.g. `grub2.overrideAttrs (drv: { src = fetchgit { ... }; })`
<eyJhb>
Anyone have experience with using `system.autoUpgrade.enable` when using iptables? As far as I remember NixOS isn't nice regarding iptables (readding things that is already added etc.)
<gchristensen>
it is fine as long as you correctly assign firewall rules to the nixos-fw chain
<eyJhb>
gchristensen: "correctly"?
<gchristensen>
like allowedTCPPorts and stuff ? those are all just fine
<gchristensen>
if you have some custom firewall rules doing their own thing ,no guarantees
<eyJhb>
Yeah, I am using custom commands
<eyJhb>
Currently up/down for OpenVPN
<gchristensen>
if you add them to the nixos-fw chain, they're managed I think
<eyJhb>
Hmm.. I might try to enable it and see what happens... Not sure how well it works
<eyJhb>
Also becaues there is some hackery regarding the RP-Filter
drakonis has joined #nixos
<infinisil>
eyJhb: You could give networking.useNetworkd a try, networkd is based on a declarative config, none of that imperative ip command stuff
tjg1 has joined #nixos
<eyJhb>
infinisil: I can PM you config, you might be better at seeing if it would make sense
<bennofs>
eyJhb: you can also define down commands in addition to the up commands for your custom rules
<bennofs>
then if you delete your custom stuff again it should work
<infinisil>
eyJhb: I don't know much about ip tables stuff
<eyJhb>
bennofs: I am using up/down, but I just remember having SO much trouble with it in general
<eyJhb>
infinisil: this is generally hell
<bennofs>
i basically copied everything from extraCommands to extraStopCommands and replaced -A by -D and added || true after every command
<bennofs>
so yeah, I also find it quite hard to use
<eyJhb>
bennofs: that is what I did as well :p
<eyJhb>
Would be nice with something that could automatically generate them (if wanted)
<infinisil>
If I had to mess with such stuff I'd try to learn networkd
<infinisil>
Ideally nixos can switch to networkd by default eventually too
<eyJhb>
But, how would it differ?
<eyJhb>
Would it then be `systemd.network.units` instead?
<bennofs>
does networkd even do firewalling?
<eyJhb>
Maybe I should give nftables a go
fresheyeball has quit [Quit: WeeChat 2.6]
<infinisil>
bennofs: Yeah I'm pretty sure it does
<infinisil>
Many things are implemented both for the iptables stuff and networkd, and I think if you use `useNetworkd` with unsupported settings it will throw an assertion
<ToxicFrog`>
Is anyone else seeing an issue where your ACME cert timers aren't firing except on boot?
<ToxicFrog`>
It looks like what happens is that the timer fires, and since the renew service is set to RemainAfterExit, it runs, exits, and since it's still "there" the timer is suspended
<ToxicFrog`>
that's my best guess based on the behaviour, anyways; the timers show up as n/a and if I `systemctl stop` the corresponding service (which is "active (exited)") the timer shows up properly again.
ToxicFrog` is now known as ToxicFrog
<infinisil>
ToxicFrog: Maybe that was what I introduced in #72056, but this should be fixed with #76052
<ToxicFrog>
infinisil: my nixpkgs checkout is between those two, so that explains it
<ToxicFrog>
(I'm using a local checkout because I'm still waiting for a bunch of patches to get merged, and sometimes I forget to update it...)
<ToxicFrog>
Also, while I'm here, a question about nixpkgs conventions -- why are even trivial packages written as .../foo/default.nix rather than just .../foo.nix ?
<infinisil>
ToxicFrog: No idea, I guess it just caught on
<infinisil>
Though if you later need multiple files you don't need to update the expression in all-packages.nix with this
<{^_^}>
[nixpkgs] @paulreimer opened pull request #78048 → vimPlugins.deoplete-zsh: init at 2019-11-10 → https://git.io/JvIvP
<ToxicFrog>
Aah, true
<{^_^}>
[nixpkgs] @paulreimer opened pull request #78049 → vimPlugins.deoplete-emoji: init at 2019-01-20 → https://git.io/JvIvy
<ToxicFrog>
Oh ffs
<ToxicFrog>
I'm rebasing, and it's been so long since I originally submitted these patches that someone has "helpfully" deleted one of the broken packages I fixed
<noonien>
i have a bot that i want to implement an .eval comand for multiple languages
<johrmungand>
I'm kinda sick of having to sudo to edit and rebuke my configuration every 5 mins (still new so I'm editing my config a lot) what's the best solution to this problem?
<noonien>
i guess i could just load the evaluated string in a nix expression, and use that to evaluate the code, but perhaps there's a better solution?
<johrmungand>
Rebuild*
<noonien>
johrmungand: i have my configuration.nix editable by my user, so i don't have to sudo
<johrmungand>
How do I do that noonien
<infinisil>
noonien: You mean something like {^_^} does here?
<noonien>
what does `'` mean after it's appened to something, i don't know what to search in the manual for
<noonien>
or, is it just part of the name?
kenjis1 has quit [Ping timeout: 246 seconds]
<samueldr>
it's just a valid character in an identifier
<noonien>
ah, i see, cool
<samueldr>
though I believe "prime" may be the name, not sure
xO1 has quit [Ping timeout: 268 seconds]
erictapen has joined #nixos
erictapen has quit [Client Quit]
hoobershaggus has joined #nixos
fendor has quit [Read error: Connection reset by peer]
pbb has quit [Ping timeout: 240 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
selfsymmetric-pa has joined #nixos
<selfsymmetric-pa>
I've noticed that lately more of my NixOS rebuilds have been reporting that the daemon is busy. Running the job again seems to fix it. Has something changed with the behavior there?
o1lo01ol1o has joined #nixos
remirol has joined #nixos
lorimer has quit [Ping timeout: 240 seconds]
selfsymmetric-pa has quit [Remote host closed the connection]
hoobershaggus has quit [Remote host closed the connection]
<colemickens>
Is it possible to give the sandbox a temporary interface to make a test that relies on a MAC Address pass?