<danderson>
the only thing it doesn't do is machine provisioning, but I guess I can do terraform + nixos-infect for that
<bhipple>
If you are looking at a serious enterprise-grade deployment, I would definitely use terraform + nixos
<bhipple>
you don't need nixos-infect; you can have nix-build create the NixOS AMIs for you as part of your terraform/packer build pipeline, just as you would for any other OS
<bhipple>
In fact building the Nix images is really easy by comparison
<danderson>
well, one problem is we use DigitalOcean for some stuff, and custom images (their AMI equivalent) can't use IPv6, because of broken infrastructure legacy stuff
<danderson>
so for DO we have to provision ubuntu and nixos-infect
jgeerds has quit [Ping timeout: 265 seconds]
<danderson>
(which is what NixOps does also)
<danderson>
Thanks for the thoughts. I'd forgotten about morph, I'll take another look at that, and think about a full on terraform approach as well
<bhipple>
IIRC morph is very limited/opinionated/simple, but robust if you can handle its limitations. Haven't used it personally tho
<bhipple>
It's *also* possible, depending on the company politics and scale of the deployment, that you might have a better time skipping the OS layer entirely and just deploying application binaries in well-specified Docker containers built by nix and run on something like managed K8s
<bhipple>
It sounds like you're pretty far along and that doesn't describe your situation, but it's worth a watch since it's tangentially related
<danderson>
nah, I spent 3 years operating a huge k8s fleet, never again :)
<danderson>
waaaay too much complexity if you're not a F500. Give me a bunch of NixOS boxes any day
<bhipple>
Do you think it's matured enough in the last year or two?
<danderson>
we're a small company with a pretty small machine footprint, so it's tractable to manage VMs still, and we want to stick with that as long as we can
<danderson>
Kubernetes? Sure, I guess. But the fundamental problem is that everyone in the k8s ecosystem is getting paid to add more features, layers, APIs, abstractions.
<danderson>
Nobody is getting paid to make it more robust, reliable, simpler, ...
<bhipple>
I'm working with a handful of people who have been bitten by the K8 hype bug, wondering if we're signing up for hell. It looks like it's hell to me but curious on your experience :)
<danderson>
As soon as you start using k8s, frankly you need at least 1 person fulltime just to operate your k8s cluster
<danderson>
and that's if you use a managed solution. If you try to run your own k8s, you need a whole team.
<bhipple>
Pretty wild ...
<danderson>
k8s is a great generator of revenue for consulting companies. Very rich companies are desperate to have k8s, even though they don't understand why
<danderson>
very easy to take a bunch of money to say basic things like "maybe have some security" :)
<bhipple>
Microservices for all!
<Cadey>
when is nixos 20.03 slated to be released?
<bhipple>
Presumably something like the (now defunct) CoreOS and the RedHat initiatives for K8s are getting paid to make it robust/reliable?
<rooke>
I feel like I watch so many people chasing what the googles of the world are doing without realizing that google has very unique problems
<danderson>
bhipple: btw, the source of my experience: I was on the SRE team for Google Kubernetes Engine for a couple of years
<Cadey>
danderson: i'm working at a SRE job and i'm basically getting paid to put layers on top of layers on top of layers on top of kubernetes
<danderson>
For approx. the last year on the team, I tried to tell the k8s and GKE devs that the pace of features vs. stability was unsustainable, and it was becoming impossible to operate sanely
<danderson>
they basically agreed with me, and then said they're going to keep doing it anyway. So I left :)
claudiii has quit [Quit: Connection closed for inactivity]
<danderson>
at my current job, we will deploy k8s over my dead body.
<bhipple>
I'd imagine a lot of that stuff is hard/slow/flaky to properly test automatically too, so the complexity really bites hard
vika_nezrimaya has quit [Ping timeout: 265 seconds]
<danderson>
although maybe someone will pay us a ton of money to make our product work with/on k8s, then maybe I'll touch it again...
<bhipple>
As a consumer of something like GKE or the Amazon Kubernetes, though, do you think it's OK?
<danderson>
it's okay, but I think it's still way overkill for a lot of people
<bhipple>
Cadey: the internal demos I'm seeing basically mirror this, where it seems there are a gazillion tools and layers on top of building and deploying versioned containers and clusters sensibly
<danderson>
Personally my rule of thumb is that it starts to make sense when you have >50 different services (== different binaries)
<bhipple>
all bespoke tooling that seems more complicated than the salt/ansible code K8s was supposed to replace
<Cadey>
bhipple: the whole thing is making me look into nix/nixos a lot more
<Cadey>
it seems it could allow the same kind of stuff without as much brain-melt
<danderson>
oh, and also: the hosted services do a lot of work for you, but there's still a _lot_ missing from those platforms to be complete
<bhipple>
Such as?
<Cadey>
i'm also learning to hate yaml
<danderson>
lots of security, deployment, monitoring needs to be added on top of the base k8s layer
<rooke>
Whats wrong with yaml?
<bhipple>
So far the biggest cluster of "missing" functionality seems to be in management versioned cluster deployment manafests and permissioning/entitlements/rollout workflows
<danderson>
so you end up with a giant stack of software, before you've even deployed your own app
<bhipple>
but I'm not sure if that's something that K8s should really be doing
<{^_^}>
[mobile-nixos] @samueldr opened pull request #95 → stage-1: Remove dependency on ply-image + better error reporting → https://git.io/Jvodl
<danderson>
My favorite example is the OpenPolicyAgent and Falco spaces
<danderson>
they're trying to fix the problem that containers have reintroduced all the problems around access control and auditability of software images that existed in old school OSes, but multiplied 10x
<danderson>
on average, nobody has any idea what software is running in a k8s cluster. If you get a CVE announcement, how do you know if anything you run is affected?
abrar has joined #nixos
zakkor has quit [Quit: Connection closed for inactivity]
<Cadey>
danderson: you know the saying: to err is human, to do it on hundreds of servers at once is devops
<danderson>
answer with containers: mostly you don't, because they're built from random base images and updated whenever someone feels like it.
<bhipple>
Cadey: haha, that's great
<danderson>
the solutions to that involve "install even more software on the cluster" (and pray it doesn't have the same problem - spoiler, it does)
<Cadey>
but who audits the auditor?
<danderson>
or standardize ruthlessly - mandate company controlled base images, mandate full control over every container, ...
<danderson>
but if you do that, k8s becomes exponentially harder to operate, because you can't reuse anything that other people are doing
<danderson>
you effectively have to construct all your container images and configurations yourself. It's like if I told you you're not allowed to use distros, you have to assemble a linux system by hand from source
mbrgm has quit [Ping timeout: 256 seconds]
<danderson>
suddenly that's all your company is doing. 5% doing actual work, 95% rituals to appease the Kubernetes gods
<bhipple>
The F500 executive dream seems like it's an Outsourcing 2.0, in the way that your hardware/datacenter guys were outsourced to AWS/Google/DO (more or less successfully) in the last decade, but it doesn't seem to be working very well from what I see
<danderson>
it's weird. There are a lot of different stories and reasons people quote for using k8s, and almost all of them are rubbish
<Cadey>
danderson: it's always fun to randomly pick a docker image out of production and find a CVE within 10 minutes
<bhipple>
danderson: you should give a watch on GrahamC's talk linked above; he talks a lot about "assembling a system by hand ... deterministically with nix" vs. Dockerfiles specifically
<danderson>
"I want to be cloud agnostic" - good luck, either you have to run everything yourself on cloud VMs, or you use a hosted k8s service and you get 100% locked in with their "value add" features
<bhipple>
Yeah, the amount of FOMO on K8s is wild. A lot of it coming from people who really should know better, and not just brainless suits.
<danderson>
"uniform deployment and management" - you could do that before, if you failed it's a problem with your organization, not with your technology
<Cadey>
lol management wants us to get the GKE setup we've spent 2 years working on also working on amazon kubernetes
<Cadey>
spoiler alert: it's very GKE specific
{^_^} has quit [Remote host closed the connection]
<danderson>
there is 1 good reason for using docker-style linux containers: you can ship your dev environment to production, saves a bunch of configuration headaches (but lol CVEs)
{^_^} has joined #nixos
<danderson>
and 1 good reason to run Kubernetes: you need to bin-pack a lot of small services onto few large machines
gila has joined #nixos
yuken has quit [Remote host closed the connection]
judson has quit [Quit: Leaving]
<danderson>
everything else is a vendor fever dream of startups and F500s selling stuff to each other
<danderson>
(also note that the reason to run k8s mostly goes away in clouds where you can provision standalone containers or VMs easily... aka all of them)
<Cadey>
did you hear about the GKE master fee?
<cransom>
and you don't need to load up your big instances with all of the services. just deploy smaller vms.
<danderson>
exactly. Mostly it makes sense in a world of physical machines
kvda has joined #nixos
cartwright has joined #nixos
Church- has quit [Ping timeout: 255 seconds]
thc202 has quit [Ping timeout: 256 seconds]
<danderson>
it's much more efficient to buy 48-core mega-boxes, and share them across lots of services
growpotkin has joined #nixos
<danderson>
that's where Borg (Kubernetes's ancestor at google) was amazing. Take 15k machines in a datacenter, and turn them into one big black box of compute.
<danderson>
working at google, I never had to care about machines, ever. Just deploy containers to a _massive_ cluster, there's always capacity, it always just works, and I can get as much or as few resources as I need
<danderson>
but (a) most k8s usage is in the cloud, where this makes no sense, and (b) k8s struggles to scale to more than a few hundred machines
gila has quit [Ping timeout: 240 seconds]
<danderson>
(also Borg was amazing and just worked because it was the fulltime job of hundreds of people to make it work, so...)
<danderson>
Cadey: yes, I saw the fee. I have some private theories about why that happened, but bottom line: lol, GKE gave everyone permission to go look at the competition and see how it's doing these days
<danderson>
anyway, back to: we're definitely not going to use k8s. I would like to use NixOS, because every other configuration management system is pure pain.
<cransom>
i did some work for a startup where the devs were convinced docker swarm was how to go, but they somehow thought that each tenant they had should have their own cluster.
<danderson>
heh
<danderson>
that's another common problem of k8s: it's only efficient if you run a small number of big clusters
<cransom>
and all the app had was rails, load balancer, postgresl
<danderson>
but there's zero serious security isolation inside a cluster
<danderson>
so for multi-tenant systems, you kinda have to run 1 cluster per tenant
<danderson>
which destroys your efficiency, because k8s has massive static overhead
<cransom>
but amazon had gave them credits to run for free for a year, so they had no problems with managing docker + loads of machines until they started getting bills.
<danderson>
it's not fundamentally impossible to run multitenant k8s clusters... But k8s didn't invest in that early on, so now it's basically impossible to retrofit
<danderson>
I'm looking forward to when k8s reaches the breaking point, and some company goes off and makes a 2nd-generation system that fixes a bunch of these
<danderson>
in my mind, k8s is a v1 "explore the problem space" product. It doesn't solve anything very well, because nobody knows how to solve it yet.
<Cadey>
i made a nixos vm and whenever i try to install something as a user or update the nix channels, the session gets instantly killed
<Cadey>
even if i do it as root
<Cadey>
what am I doing wrong?
<danderson>
I kinda hit that problem with nix-env on a very small machine, because it kept running out of memory
<danderson>
does `dmesg` show oom_killer messages?
<wiml>
Cadey: Is anything written to the console or dmesg? Maybe you have too little RAM/swap on the vm?
<Cadey>
it has 2 GB of ram and 8 GB of swap, nothing gets written to the console, the SSH session or tty just exits suddenly
<{^_^}>
nix#2191 (by andreas-roehler, 1 year ago, closed): Unusable with 2GB RAM, out of memory
<bhipple>
2GB definitely isn't enough, but Im personally using a 4GB host on Amazon and it works
<bhipple>
Actually, it's a 1GB host. Guess I just haven't installed a huge package yet :/
<Cadey>
apparently things like neofetch and git are "big"
<Cadey>
even with the "tiny" version of git
<Cadey>
yeah 8 GB isn't enough to _uninstall_ a package
<gchristensen>
tha tproblem isn't `nix copy` probably, but evaluation
<gchristensen>
(which doesn't help you, Cadey, just informational)
Rusty1 has quit [Remote host closed the connection]
<bhipple>
Cadey: try running `nix copy --to ssh://the-small-host` from your big host. I'm deploying to my 1GB RAM AWS machine with NixOps, which generally works that way
konobi has quit [Remote host closed the connection]
<Cadey>
bhipple: i'm trying to mess with things like home-manager at this point while i wait for my 64 GB of ram monster build to come in, i don't really have a "big host" atm. 8 gigabytes of ram should be more than enough to _uninstall_ git.
<Cadey>
and it looks like the ssh daemon or sessions are being killed
<gchristensen>
you did `nix-env -iA git` to install?
<Cadey>
yeah
<simpson>
Yeah, guessing nix-env.
<gchristensen>
have you installed anything else since?
<Cadey>
neofetch
* gchristensen
looks up how to use nix-env
<drakonis>
nix-env -iA?
CMCDragonkai1 has joined #nixos
<Cadey>
actually
<Cadey>
nix-env -i git
<drakonis>
that's a booboo
<gchristensen>
are you running, like, `nix-env --uninstall git-2.25.0` to uninstall it?
<Cadey>
`nix-env -e git`
<DigitalKiwi>
total used free shared buff/cache available
<Cadey>
it causes the session to be instantly killed
<DigitalKiwi>
Mem: 1993 701 604 4 687 1140
<DigitalKiwi>
Swap: 3071 0 3071
<drakonis>
nixpkgs is so supermassivee that if you don't specify which exact package you want, it'll eat up a ton of ram
werner291 has quit [Quit: werner291]
<gchristensen>
Cadey: try `nix-env -q` to get the exact name, then use that exact name as the argument?
<Cadey>
still causes the thing to be killed, want me to get a video of it?
<gchristensen>
no, I believe you
<gchristensen>
anything in dmesg?
<Cadey>
nope
lopsided98 has joined #nixos
<gchristensen>
...really? then not an OOM
<gchristensen>
how about journalctl --since "5 minutes ago"
<Cadey>
> Mar 10 01:03:46 aruk nix-daemon[576]: unexpected Nix daemon error: writing to file: Broken pipe
<gchristensen>
literally no idea
<{^_^}>
error: syntax error, unexpected ':', expecting ')', at (string):288:10
<Cadey>
interesting
<gchristensen>
Mar 10 01:02:21 aruk systemd[1]: home-manager-cadey.service: Main process exited, code=killed, status=9/KILL is interesting too
<Cadey>
that seems to be home-manager fighting the nix-env'd packages
<gchristensen>
hey wait ...
rogue_koder has joined #nixos
<drakonis>
home-manager...
<gchristensen>
Cadey: `groups`
<drakonis>
why not just add them to your environment through home-manager
<gchristensen>
yep found it, Cadey
<gchristensen>
Cadey: take yourself out of the nixbld group
<drakonis>
is it because nix is trying to invoke the builds with your user?
<gchristensen>
users in nixbld are used for ... builds. and each time Nix builds, kills everything in every user which shouldn't exist
<Cadey>
oh
<Cadey>
...
<Cadey>
well
<DigitalKiwi>
that's amazing, i'm not even mad
<Cadey>
that explains a lot
<gchristensen>
Nix requires no permission to use, so no need to be in a group to use it :)
bvdw has quit [Read error: Connection reset by peer]
<bhipple>
Cadey: while Nix does require no permission to use, there are a couple flags that DO require a "trusted" user (e.g., telling the builder to DL from an untrusted binary cache). These are rare if you're just getting started and can be safely ignored for now
<bhipple>
but if you do need them, put this in your nixos config: nix.trustedUsers = [ "Cadey" ];
<samueldr>
gchristensen: can we make it a warning on nixos to add a non-nixbld user to the nixbld group?
bvdw has joined #nixos
<gchristensen>
samueldr: I think we probably could!
<gchristensen>
a nice idea
<samueldr>
I would even go as far as to make it an error, considering the grief it can cause
AFKRozy has joined #nixos
<gchristensen>
+1
sigmundv has joined #nixos
<bhipple>
Yes!
<Cadey>
well, it would certainly stop me from doing that idiotic thing i just did lol
<Cadey>
okay, _now_ it works like i expect
<Cadey>
how do i set my default shell to fish?
<drakonis>
gotta set that one on your user config?
rogue_koder has quit [Ping timeout: 260 seconds]
<drakonis>
set `shell = pkgs.fish;`
<drakonis>
on your user
<Cadey>
yeah, but the nixos manual doesn't have that information
<Cadey>
ah
rogue_koder has joined #nixos
<scoates>
I'd like to use nginx in a nix shell, but it keeps complaining about how it can't write to the package directory's error.log. Any tips?
<drakonis>
yup not a thing on the manual
<drakonis>
but then, there's always the ability to query options
<samueldr>
man configuration.nix # is often overlooked :)
<drakonis>
i agree
<scoates>
ah; that wasn't to me (-:
<drakonis>
i didnt even know it existed
<drakonis>
rather, i had seen it a couple times but never used it
<samueldr>
that manpage will have the options the current <nixpkgs> knows about, while the options.html page only has options for whatever current stable is
<cole-h>
Only reason I know about it is because I use `man home-configuration.nix` a lot :)
<johnw>
clever: I'm using local?root=PATH in my substituters, but I'm noticing that everything is being *to* that store; it doesn't appear to be using it solely as a fallback cache
growpotk- has joined #nixos
<scoates>
(I wanted `nginx -p . …` if anyone else was curious. Thanks for rubber ducking. (-: )
<clever>
johnw: do you have several things in the substituters list?
<{^_^}>
[nixpkgs] @cdepillabout pushed 2 commits to haskell-updates: https://git.io/Jvoxr
blaggacao has joined #nixos
ddellacosta has quit [Ping timeout: 260 seconds]
blaggacao has quit [Read error: Connection reset by peer]
blaggacao has joined #nixos
blaggacao has quit [Read error: Connection reset by peer]
blaggacao has joined #nixos
<ashkitten>
i've got a declarative container and when i make changes to a systemd unit inside that container and `nixos-rebuild switch`, it says `stopping the following units: container@mastodon.service`. how can i make it only restart the changed parts of the container rather than the entire container?
<clever>
ashkitten: currently, the nixos containers dont support that
<ashkitten>
clever: is there an issue i can track?
Henson has joined #nixos
<clever>
ashkitten: none that i know of, but you could search github
<clever>
ashkitten: systemd also has its own isolation that can do similar, without needing full containers
<ashkitten>
the main reason i'm using a container is so i can potentially run multiple mastodon instances on the same machine
spacefrogg has quit [Quit: Gone.]
aw has quit [Quit: Quitting.]
<ashkitten>
(using the unmerged mastodon nixos module)
<Henson>
Hi everyone, I'm trying to get wireguard working with NixOS. I'm defining the peers of an interface exactly as it's described in the NixOS wiki, and that wireguard.nix file itself, and a site a found online. But when I try to build it, I get the error: error: The option value `networking.wireguard.interfaces.wg0.peers' in `/var/lib/containers/foo1/etc/nixos/configuration.nix' is not of type `lis
blaggacao has joined #nixos
<Henson>
It's just supposed to be a list of sets, right?
<clever>
Henson: yeah, what are you setting it to exactly?
waleee-cl has quit [Quit: Connection closed for inactivity]
<clever>
Henson: what value did you assign to it?
felixfoertsch has joined #nixos
<Henson>
oh dear lord
* Henson
smacks himself on the head
<clever>
Henson: ?
bukkitgerman8 has quit [Quit: Ping timeout (120 seconds)]
felixfoertsch23 has quit [Ping timeout: 240 seconds]
<Henson>
I was prototyping in the configuration.nix file before moving things into a separate wireguard.nix file which the configuration.nix imported. The error was coming from the old stuff I forgot to remove from configuration.nix :-(
<clever>
ah
Henson is now known as HensonDerp
clodeindustrie has joined #nixos
<clodeindustrie>
hi there
<clodeindustrie>
trying to get a dev env going with lorri, niv an direnv
<clodeindustrie>
it all seems to set up properly however I still get the system php version running when trying it out
<clodeindustrie>
any idea what newbie mistake I am commiting?
<clodeindustrie>
it's on MacOs
<{^_^}>
[nix-pills] @sarcasticadmin opened pull request #129 → Grammar suggestions for pills 6-12 → https://git.io/JvopO
kvda has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<quirks>
does it ever happen to you on nixos to get multiple mini-full-system freezes when copying a <lot> of small files?
kvda has joined #nixos
hmpffff has joined #nixos
kvda has quit [Client Quit]
<petersjt014[m]>
Not sure that's an OS problem. What filesystem are you using?
gila has joined #nixos
<petersjt014[m]>
quirks: Also what kind of storage? HDDs teams to handle that kind of workload worse than SSDs.
maddo has joined #nixos
M-Gregoire495 has joined #nixos
<quirks>
ssd under luks
oida has quit [Ping timeout: 240 seconds]
<petersjt014[m]>
But what fs underneath?
oida has joined #nixos
<petersjt014[m]>
Like what do you get by running lsblk -f?
<quirks>
ext4, hdparm reports 19055 MB/sec cached reads and 431.86 MB/sec buffered disk reads
<quirks>
that sounds a bit low, right?
<petersjt014[m]>
I wouldn't know, that's over 100x faster than anything I own.
<petersjt014[m]>
But that difference between the read and write speed is odd
<petersjt014[m]>
Is that normal for SSDs? Doesn't feel like it.
<quirks>
both are reads, I think the last one is the real one
<quirks>
no idea, don't know much about ssds
<petersjt014[m]>
Whoops nvm
<petersjt014[m]>
Oh wait
palo1 has joined #nixos
<petersjt014[m]>
ext4 may be at fault
<petersjt014[m]>
It's optimized for hdds
<petersjt014[m]>
Emphasis on 'could'
<petersjt014[m]>
I don't know if this is how that would manifest
<quirks>
ah, it used to be fine on arch, just started the nixos quest two days ago
<petersjt014[m]>
But for sure you'd get better performance work something else
<petersjt014[m]>
Hmm
<petersjt014[m]>
Lemme check if ext4 had tunables
palo has quit [Ping timeout: 260 seconds]
palo1 is now known as palo
bahamas has joined #nixos
bahamas has joined #nixos
bahamas has quit [Changing host]
<petersjt014[m]>
AhA: tune2fs
<quirks>
I'll try to add "aes_x86_64" "aesni_intel" "cryptd" to kernel modules, there's a not on the wiki that it improves performance
<quirks>
that's nice
<petersjt014[m]>
If you want any other filesystems to consider, xfs is apparently good (some ppl here use it), nilfs2 is very resilient, f2fs is less so but faster, and bcachefs is basically btrfs but stabler.
<petersjt014[m]>
Can't wait for bcachefs to be upstreamed
<quirks>
thanks a lot! I'll try them out in that order then
cole-h has quit [Ping timeout: 260 seconds]
<petersjt014[m]>
Look at what each one offers first though.
<petersjt014[m]>
And remember that you can split dirs across multiple ones.
<quirks>
yes, should I do that though?
<petersjt014[m]>
Maybe not for starters I guess
<petersjt014[m]>
But there are cool things you can eventually do with it
<petersjt014[m]>
For example, /tmp could be f2fs (fast but less stable), while /home could be nilfs2
<petersjt014[m]>
Actually it might not be that hard
<petersjt014[m]>
quirks You're used to partitioning manually before installing right?
<quirks>
yes
kleisli has quit [Ping timeout: 256 seconds]
<quirks>
that sounds nice
<bahamas>
I'm trying to install nixops with nix-shell on mac and the install fails. it tries to build py-jwt and it runs the tests which fail. anyone know how to go around this?
<quirks>
sorry, my screen is freezing as I'm copying files
<petersjt014[m]>
If you do so and them run nixos-generate-config I _think_ it'll just detect the disk layout.
<fooker>
lovesegfault: I am
linarcx has joined #nixos
<lovesegfault>
fooker: Hi!
<quirks>
i'll try that, thanks a lot for all the effort
<lovesegfault>
I was wondering whether you got morph working with machines of different arches?
<lovesegfault>
I saw your example config but it confused me a bit
<fooker>
lovesegfault: I have it running with that config, yes
<fooker>
Whats the point of confusion?
<petersjt014[m]>
Remember the wiki at NixOS.wiki too, think it has more on fs stuff
<lovesegfault>
fooker: Oh, now that I look at `master` it's been simplified
bvdw has quit [Read error: Connection reset by peer]
<lovesegfault>
Am I right in understanding that the salient points are:
lord| has quit [Read error: Connection reset by peer]
<{^_^}>
[nix] @edolstra pushed to master « nix-perl: Fix segfault in queryPathInfo) »: https://git.io/JvKtM
philr has quit [Ping timeout: 255 seconds]
lord| has joined #nixos
knupfer has joined #nixos
knupfer has quit [Remote host closed the connection]
<fionera>
timokau[m]: I currently try to use your bisect package but it doesnt get found as module and even then, do I have to run it from within a clone of nixpkgs? Because git bisect doesnt work for me there
<{^_^}>
[nixos-homepage] @garbas merged pull request #332 → only trigger website build on master and pull requests → https://git.io/JvKTH
<{^_^}>
[nixos-homepage] @garbas pushed to master « only trigger website build on master and pull requests (#332) »: https://git.io/JvKqt
<mananamenos>
hi, i'm running virtualbox 6.1.4 on windows. I cannot make find anything to make guest additions work in my nixos installation. I have boot.kernerPackages = pkgs.linuxPackages_latest; as well as virtualisation.virtualbox.guest.enable = true; in my configuration.nix.
<{^_^}>
[nixos-homepage] @edolstra pushed 2 commits to remove-latest: https://git.io/JvKqO
<{^_^}>
[nixpkgs] @primeos pushed to release-20.03 « chromium: Update the VA-API patch (fix #81909) »: https://git.io/JvKq6
hmpffff has joined #nixos
<{^_^}>
[nixpkgs] @primeos pushed to release-19.09 « chromium: Update the VA-API patch (fix #81909) »: https://git.io/JvKqX
njd has joined #nixos
<mlatus>
so how do I add extra pam configs?
raingloom has joined #nixos
<immae>
mlatus: I see `security.pam.services.<name?>.text`, does that correspond to what you’re looking for?
<mananamenos>
i've just tried the virtualbox image from nixos websites, and with that it seems to work the guest editions. I want to have a look at configuration.nix of that virtualbox, however, the /etc/nixos/configuration.nix is empty.
<immae>
(it’s not "extra" per se, it replaces the content completely)
<mlatus>
immae: not extra, and I can neither add config for all services nor add text before default content(possible to append at last using mkDefault though)
<immae>
mlatus: as far as I see the module doesn’t permit to do much more right
vk3wtf has quit [Ping timeout: 240 seconds]
<enteee>
on unstable (20.09pre215871.c667aba79ce); I currently get a "Error loading trust policy" when running: "nix run nixpkgs.nix-prefetch-docker -c nix-prefetch-docker --image-name fedora --image-tag 29" can somebody confirm this?
fendor has joined #nixos
<enteee>
I think this might be related to a skopeo version bump.
vk3wtf has joined #nixos
zupo_ has quit [Ping timeout: 256 seconds]
alexherbo2 has joined #nixos
Neo-- has joined #nixos
zupo has joined #nixos
psyanticy has joined #nixos
<{^_^}>
[nixos-homepage] @edolstra pushed to remove-latest « Include release number »: https://git.io/JvKmL
Communi4810 has joined #nixos
bahamas has joined #nixos
dansho has joined #nixos
jgeerds has quit [Ping timeout: 268 seconds]
<{^_^}>
[nixos-org-configurations] @edolstra pushed to master « channels.nixos.org: Add CORS rule »: https://git.io/JvKmn
<adisbladis>
The equivalent of `install -Dm555 ${pkgs.skopeo.src}/default-policy.json ~/.config/containers/policy.json` should fix it
martijn has joined #nixos
<adisbladis>
For reference this is my policy.json from skopeo http://ix.io/26kT/js
reactormonk has quit [Ping timeout: 256 seconds]
<enteee>
adisbladis: hmm, ok do you see a reason why the tool should not install a default policy which would make it run independent from any system configuration?
<mananamenos>
tried every possible virtualbox.exe version, changed the nixos guest to use latest kernel, unstable nixos, but nothing works to make guest additions work.
xelxebar has quit [Remote host closed the connection]
xelxebar has joined #nixos
<clodeindustrie>
Mic92: it works if I do a "nix-shell -p php73" for example
<Desetude>
gchristensen: Ok cool, I am the only user too and so that was my plan. I just wanted to make sure this is a normal way to do it as it does feel a bit strange to just have a global vimrc for example
<infinisil>
slabity: You need to add pluggy to propagatedBuildInputs
<infinisil>
Having it specified in the argument list at the top doesn't do anything on its own
bvdw has quit [Read error: Connection reset by peer]
<timokau[m]>
@freenode_fionera:matrix.org: Still there / nix_bisect issues still relevant?
bvdw has joined #nixos
<slabity>
infinisil: Still does not work. Same result
<infinisil>
slabity: Then ckeck the pluggy version in the nixpkgs you're using, is it within the bounds
<infinisil>
?
<slabity>
Ah no. Looks like NixPkgs' is 0.13.1
<slabity>
I'm guessing I need to patch it out somehow
<infinisil>
Yeah you can patch it to remove the version bound
<immae>
It’s a file that you need to provide actually
<eoli3n_>
yep
<immae>
so you can put it wherever you like :)
<eoli3n_>
ah
raingloom has quit [Ping timeout: 272 seconds]
<eoli3n_>
you mean the cert file ?
<eoli3n_>
i'm not sure
<immae>
yes
<eoli3n_>
i think that's a default certificate
<immae>
Since it’s in italic I think not
<immae>
I think you need your eduroam certificate or so
<eoli3n_>
that's the strange part, why don't i need it on windows
<eoli3n_>
i will ask
timjrd has joined #nixos
<immae>
maybe you can just specify a generic CA file (${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt on nixos or /etc/ssl/certs/ca-certificates.crt on archlinux) and it will work
<{^_^}>
[nixos-homepage] @edolstra pushed 4 commits to master: https://git.io/JvKnb
<eoli3n_>
as it not a shell script, i think ${pkgs.cacert} will not be resolved
<{^_^}>
[nixos-homepage] @edolstra pushed 0 commits to remove-latest: https://git.io/JvKnN
<eoli3n_>
i will try without setting any cert line
<immae>
ok
<immae>
if you need to specify it you may indeed need to do a "template" file or alike
Makaveli7 has quit [Quit: WeeChat 2.4]
heatmiser has joined #nixos
justanotheruser has quit [Ping timeout: 265 seconds]
<timjrd>
Hi :) Is it possible to download/register a systemd service without enabling it in NixOS? I have a config for say tomcat and I would like to download/setup everything without automatically enabling it. I would like to start it manually with systemctl when needed. Thanks!
b42 has joined #nixos
<immae>
timjrd: if the service doesn’t have a wantedBy section it should not be enabled automatically
<immae>
s/section/value/
reactormonk has quit [Ping timeout: 255 seconds]
revtintin has quit [Quit: WeeChat 2.7.1]
<timjrd>
immae: ok but is there a way I can register a service without setting "enable" to true (like services.tomcat.enable)?
<timjrd>
(if I set it to false nothing happens obviously)
<immae>
Ah, you want to register a systemd service that is already defined in some module, but not start it?
<timjrd>
Exactly :)
<immae>
ok it was not clear, sorry. It will be more hackish than my former suggestion then
<immae>
you can do services.tomcat.enable = true and then systemd.services."the tomcat systemd service name".enabled = lib.mkForce false; could work
<immae>
(or systemd.services."the tomcat systemd service name".wantedBy = lib.mkForce [] depending on what it already contains)
<timjrd>
I will try that, thanks!
eoli3n_ has quit [Ping timeout: 268 seconds]
<{^_^}>
[nixos-channel-scripts] @edolstra pushed 8 commits to master: https://git.io/JvKcP
<immae>
Note: an empty wantedBy will make the service not "enableable" (that’s a systemd configuration), and enabled = false is more a nixos feature
<{^_^}>
[nixos-channel-scripts] @edolstra merged pull request #34 → adding more redirects for iso/ova images → https://git.io/JvKmb
RRedcroft has quit [Remote host closed the connection]
blaggacao has quit [Read error: Connection reset by peer]
blaggacao has joined #nixos
blaggacao has quit [Read error: Connection reset by peer]
<Ankhers>
If I am using nginx, and I enable acme, should that auto renew my certificates? Or am I supposed to add another option?
ddellacosta has joined #nixos
<ToxicFrog>
Ankhers: it should autorenew, based on `security.acme.renewInterval` and `security.acme.validMin`
<ToxicFrog>
(see also the other settings in that node)
<adisbladis>
Ankhers: That'll renew certs for you.
<ToxicFrog>
`systemctl list-timers` should show you an `acme-$domain.timer` for each ACME cert.
<Ankhers>
If that is the case, what should I be looking at if it is not renewing?
greghale has joined #nixos
<ToxicFrog>
`systemctl status acme-$domain.timer` to make sure the timer is firing, `systemctl status acme-$domain.service` to see if something is going wrong with the renew.
<ToxicFrog>
Note that if you're using an old-but-not-super-old nixos channel there was a bug for a while where the renewal timer would only fire once after each boot. It's fixed now.
<immae>
I think there is a bug in 19.09/unstable, because the timer will start a service that is already started (because of RemainAfterExit in the service), so if the machine is running for a long long time it will not restart it
<immae>
(about acme ^ )
<Ankhers>
That is probably what I am hitting. I will have to double check my channels.
<immae>
Ankhers: what says systemctl status acme-$domain.service?
<immae>
if it says it is already started ,then yes you have the issue :p
<immae>
(just do systemctl restart acme-$domain.service then and it will renew your cert)
Desetude has quit [Quit: WeeChat 2.7.1]
waleee-cl has joined #nixos
<immae>
(oups sorry ToxicFrog I just saw that you said the same thing as me...)
<Ankhers>
Okay, so I checked the service, it was running, but last ran December something. So I restarted it, checked the status again, it appears to have run, but I apparently still have the old cert. Should I just give this a few minutes, or should it have been fairly immediate?
<DigitalKiwi>
i'm not 100% sure but i think one time it failed to renew because i hit API limits doing nixos-rebuild and the service got into failed state and never started and i didn't reboot for so long
<immae>
Ankhers: can you check the logs with journalctl -u acme-$domain.service ?
<deni>
I'm experiencing a weird error with nix all of a sudden. While building a docker image after "Computing layer checksum..." it just errors with "internal error: stack underflow"
<deni>
anyone seen anything like this?
<deni>
I tried upgrading to the latest nix and not using remote builder but building locally...but to no avail
<immae>
Hint2: You may check the /var/lib/acme/$domain directory to see if it actually changed, if so then maybe your webserver didn’t restart/reload after the renew?
<Ankhers>
There is a warning about an email not being provided, but it looks like I received an HTTP 405.
<Ankhers>
Nevermind. I was looking at the top of the logs. One moment.
aveltras has joined #nixos
<Ankhers>
Okay, I guess nginx just didn't get reloaded. I did it manually and things appear to be good now.
<immae>
good :)
<Ankhers>
Thanks everyone for the help!
b42 has quit [Quit: WeeChat 2.7.1]
sogatori has joined #nixos
<OmnipotentEntity>
Hey there, how do I make nix-shell pull from a local directory as a source AND override a package. -p doesn't seem to like the local directory and -A doesn't seem to like the override. Is there a simplier way than using -E?
b42 has joined #nixos
<adisbladis>
omnipotententity: Either use -E or create a shell.nix.
<OmnipotentEntity>
roger, thanks.
<OmnipotentEntity>
Just making sure there isn't an easier way :)
<greghale>
o/ Hi all. I've run the nix darwin installer on two macs running Catalina (10.15). On one machine (a fresh one), the install worked fine. On the other (which had a previous nix install before _upgrading_ to Catalina), I believe there is a problem with my user profile. `nix-env -i cowsay` fails with a message about permissions on `/nix/var/nix/profiles/per-user`, and there is no user for me created in `per-user` by t
<greghale>
he installer. Installer ran with no errors.
<greghale>
Any tips on how to debug?
<immae>
Ankhers: for the long run I’d suggest that you both upgrade your channel (to avoid the issue of remainafterexit) and investigate why nginx doesn’t reload (you may want look for postRun in acme configuration to do specific actions after renewal)
<Taneb>
Hmm, does home-manager or something similar have stuff for systemd user services?
incognito9999 has joined #nixos
<OmnipotentEntity>
Same. I think it's because it forces you to justify every step. I recently figured out an issue that had been lowkey plaguing me for 6 weeks because I sat down to type it out as a bug report.
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
incognito9999 has joined #nixos
cosimone has joined #nixos
anderslundstedt has joined #nixos
mrCyborg has joined #nixos
<{^_^}>
[nixpkgs] @erikarvstedt opened pull request #82258 → fix inconsistent caching for VM xchg dirs → https://git.io/JvK8v
anderslu1dstedt has quit [Ping timeout: 268 seconds]
justanotheruser has quit [Ping timeout: 240 seconds]
justanotheruser has joined #nixos
bukkitgerman8 has quit [Quit: Ping timeout (120 seconds)]
bukkitgerman8 has joined #nixos
veske2 has joined #nixos
veske has joined #nixos
reactormonk has quit [Ping timeout: 255 seconds]
<johnw>
clever: I ran `nix-store --store 'local?root=/Volumes/Backup' --verify --check-contents --repair`, but Nix started thinking that everything had disappeared from /nix/store
<johnw>
how do I check _just_ the copy of the store in /Volumes/Backup
<infinisil>
hpfr[m]: If you mean which version is installed in environment.systemPackages, you should be able to `realpath $(which <binary-name>)` to see the store path, which normally contains the version
<Ankhers>
johnw: thanks!
<hpfr[m]>
nah I was trying to check p11-kit which is a flatpak dependency
magnetophon has quit [Remote host closed the connection]
veske2 has quit [Quit: This computer has gone to sleep]
veske has quit [Quit: This computer has gone to sleep]
Guest30 has joined #nixos
<Guest30>
Hi there. I used `echo "test" | gpg --clearsign` to test GPG and on unstable, it resists to work with the messagegpg: signing failed: No pinentrygpg: [stdin]: clear-sign failed: No pinentry
reactormonk has quit [Ping timeout: 258 seconds]
<Guest30>
Sorry for the poor formatting but it's really annoying and I have no idea why would it be like this. Any help?
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
<evils>
Guest30: what channel are you on?
<Guest30>
unstable
incognito9999 has joined #nixos
gila has joined #nixos
<Guest30>
I saw that I need to enable `programs.gnupg.agent.enable`
<mmercier>
Hi! I'm trying to sign my packages on an ubuntu machine where I've installed nix but the post-build-hook does not have access to the nix CLI, any idea why?
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
incognito9999 has joined #nixos
malSet has quit [Read error: Connection reset by peer]
kolbycrouch has joined #nixos
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<kolbycrouch>
when I have a derivation where I need to manually setup buildPhase, How do I ensure that nix.buildCores is respected? I've tried setting "make -jN" to "$NIX_BUILD_CORES" but sometimes it spins up way too many compiler processes ( fills the screen on htop ).
mmercier_ has joined #nixos
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
Guest30 has joined #nixos
<greghale>
I noticed that /nix/.../profiles/.../nix.sh sets NIX_PATH, but daemon-nix.sh does not. Why is that?
mmercier has quit [Ping timeout: 272 seconds]
mmercier_ is now known as mmercier
<Guest30>
Thanks, My GPG problem has been resolved
<evils>
Guest30: just by rebooting?
<{^_^}>
[nixpkgs] @lightdiscord opened pull request #82265 → bulk_extractor: init at 1.6.0 → https://git.io/JvKEI
<Guest30>
evils Yes.
wpcarro has joined #nixos
<Guest30>
And of course enable option first
<Cadey>
evanjs: did you get openRGB working in Nix?
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<wpcarro>
I'd like to symlink to a file in the Nix store. Can I include the symlinking as a part of mkDerivation? I'm thinking postInstall.
chagra has joined #nixos
<adisbladis>
wpcarro: Sure, that's fine (and _extremely_ common even).
<adisbladis>
It's symlinks all the way down
<evanjs>
Cadey: So I got everything packaged, but my last obstable was getting access to I2C devices and SMBus stuffs. Running as root seemed to show my Motherboard, though I'm not sure why my Razer devices aren't showing up
<evanjs>
*obstacle. bah
koleesch_ has quit [Read error: Connection reset by peer]
<{^_^}>
[nixos-homepage] @edolstra pushed 2 commits to master: https://git.io/JvKEc
koleesch_ has joined #nixos
<inf>
hey. is there any (easy) way of modifying/patching stage-1-init.sh? (system.build.bootStage1)
<adisbladis>
evanjs: How do you use openrazer-daemon?
<adisbladis>
It seems there is no ui or anything like that packaged, I just want to turn off the stupid LEDs.
iqubic` has joined #nixos
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
iqubic` has quit [Remote host closed the connection]
<evanjs>
adisbladis: ah yeah it doesn't have a UI packaged with it
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
heatmiser has quit [Remote host closed the connection]
<evanjs>
Polychromatic and OpenRGB are two options, the latter supporting more than just razer, which is why I'm trying to package it
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<evanjs>
adisbladis: I have instructions on how to get into a nix-shell with the right python libs here https://openrazer.github.io/#nixos
malSet has joined #nixos
<adisbladis>
Ah :) I didn't know what you were talking about was related to openrazer :D
iqubic has quit [Ping timeout: 260 seconds]
malSet has quit [Read error: Connection reset by peer]
chagra has quit [Ping timeout: 265 seconds]
Guest30 has quit [Ping timeout: 265 seconds]
<evanjs>
adisbladis: yup! part of the reason I'm trying to get it into nixpkgs, as managing the devices isn't too ergonomic atm
malSet has joined #nixos
<adisbladis>
evanjs: Did you push this stuff anywhere? I can take a look at it in a few hours.
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<evanjs>
adisbladis: going to push my openrgb wip soon but I'll also post some gists I had for managing this stuff before (e.g. turn off all leds)
LysergicDreams has quit [Ping timeout: 265 seconds]
<adisbladis>
evanjs: <3
<evils>
evanjs: i'd love to try openrgb, i've got a corsair keyboard i can't turn the lights off for without also messing up my keyboard...
Jackneill has quit [Remote host closed the connection]
<evils>
s/keyboard.../layout.../
<wpcarro>
adisbladis: nice to see you here ;) - and thank you the help
raingloom has joined #nixos
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
ptrcmd has quit [Ping timeout: 240 seconds]
malSet has quit [Read error: Connection reset by peer]
<johnw>
clever: in fact ,this local store seems to be pretty useless
<johnw>
for tons and tons of paths it says "No such file or directory", as if it's consulting the wrong SQLite database
<evanjs>
Ughhh. wondering why my keyboard wouldn't change based on my scripts... then I realized the Turret (XB1) probably isn't supported by openrazer, yet :(
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
ptrcmd has joined #nixos
<evanjs>
seems to work on my Huntsman and Mamba, anyway, so I'll post that now
<adisbladis>
wpcarro: Nice to se you too :) And np
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
LysergicDreams has joined #nixos
never_released has quit [Quit: ZNC 1.7.5 - https://znc.in]
koleesch_ has quit [Ping timeout: 260 seconds]
never_released has joined #nixos
<{^_^}>
[mobile-nixos] @samueldr pushed to master « module-list: Remove now removed module »: https://git.io/JvKES
mrCyborg has joined #nixos
<adisbladis>
evanjs: Please CC my on your WIP pr
blaggacao has quit [Ping timeout: 255 seconds]
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
<evanjs>
Ohhh that sounds about right. Ran into somebody with the same issue before
<adisbladis>
evanjs: Ah, I shouldn't use the brightness API
<evanjs>
Wait why lol
<adisbladis>
Because it has separate dbus endpoints for the scroll wheel and the logo
<adisbladis>
evanjs: Btw, d-feet is indispensible for this kind of stuff (the nix attribute is dfeet)
<evanjs>
Well you should be fine doing that if you are okay with syncing effects.
<evanjs>
Oh I love dfeet. Don't know if I'd have any hair left without it :P
<adisbladis>
:D
<adisbladis>
Finally, no more christmas lights <3
<adisbladis>
Back in the day I used to desolder the LEDs
<{^_^}>
[nixpkgs] @vcunat pushed 5 commits to staging-next: https://git.io/JvKuY
<evanjs>
I can't stand doing (not easily) reversible things. Love being able to just turn stuff on and off whenever
<evanjs>
Now, if we had the fire FX available on Linux, I might use that :D Otherwise I just leave cycle on. Isn't annoying IMO
<adisbladis>
evanjs: It looks to me like the python api is not exposing logo/scroll
<adisbladis>
Need to hook this up to emacs to do something cool
<adisbladis>
Anyway, I'll take a look of your PR a bit later :)
<adisbladis>
Thanks :)
<evanjs>
Sounds good, thanks! And yeah might be openrazers fault. Hrm
fendor has joined #nixos
blaggacao has quit [Ping timeout: 258 seconds]
<{^_^}>
[nixpkgs] @caadar opened pull request #82270 → cups-pdf: init at 3.0.1 → https://git.io/JvKu2
blaggacao has joined #nixos
zdm has quit [Quit: WeeChat 2.7.1]
kahiru has quit [Ping timeout: 258 seconds]
rail has quit [Read error: Connection reset by peer]
kahiru has joined #nixos
<evils>
evanjs: got a few crashes on OpenRGB, i think mostly because i'm using sway and don't have a systray
<delroth>
hi there, is there somewhere a minimal-ish list of required kernel config options to boot a standard NixOS system? common-config.nix includes tons of things like drivers which don't make much sense for an embedded system
knupfer has quit [Remote host closed the connection]
<delroth>
(I'm looking to minimize the config to reduce rebuild times since I need some custom patches / config options anyway -- and my ARM NAS doesn't really need e.g. amdgpu support...)
<evils>
delroth: sounds like a question from the folks at #nixos-aarch64
<lovesegfault>
Is there a way to add a pkg to the PATH in a `writeScriptBin`?
<lovesegfault>
I'm calling `pkgs.frobnicate` which requires `pkgs.foobar` in path for a certain functionality
<evils>
s/from/for/
Naptra has joined #nixos
<srk>
delroth: systemds readme lists necessary kernel features
<delroth>
srk: that's where I was going to start, but I was wondering if there was anything else in "base nixos" (whatever that means) that could drive other kernel config requirements
<delroth>
e.g. nix-daemon
<delroth>
(which I'm guessing has some requirements around namespaces support in its default sandboxed configuration)
<eyJhb>
I keep getting `Transmissionrpc module version 0.11 or higher required.` on flexget, but I have updated and it is the newest version. I have no clue what to do atm.
<srk>
not that I'm aware of (except for namespaces)
<delroth>
ok, thanks
<srk>
but that's listed in systemds requirements as well iirc
<delroth>
worst case, shouldn't be too bad to iterate on
<evanjs>
evils: yeah I got the feeling there aren’t as many checks as there should be, though I’m using xmonad. I’ll see what happens when taffybar isn’t running
<srk>
delroth: yeah, exacly
<srk>
t
<samueldr>
delroth: I think the module system checks the options for those minimally required ones
<samueldr>
I'm not sure how, but there's something in there about that
* samueldr
checks
<delroth>
oh, good point
<delroth>
there are asserts in a few places in nixos/modules/
<delroth>
I forgot about that
<samueldr>
I know I got an error at one point when I was missing some
hmpffff has joined #nixos
<delroth>
not sure how exhaustive they would be, but that's probably a good place to look at to.
<samueldr>
though I'm not sure it's *all* the required options
<lovesegfault>
bumping my question on how to add pkgs to PATH in a writeScriptBin
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
LysergicDreams has quit [Ping timeout: 256 seconds]
<samueldr>
anyways, that's likely not arm/aarch64 specific for those that nix/nixos requires
<lovesegfault>
I mean, there's the obvious `PATH=${pkgs.foo}/bin:$PATH`
<lovesegfault>
but I'm sure there's a better way?
<samueldr>
and the arm/aarch64 specific ones you'll need will be obvious, I think, in that the thing won't work :)
incognito9999 has joined #nixos
zdm has joined #nixos
<samueldr>
delroth: system.requiredKernelConfig
<delroth>
cool, and the systemd module does have a list, nice
abathur has quit [Quit: abathur]
kleisli has joined #nixos
hmpffff has quit [Ping timeout: 272 seconds]
LysergicDreams has joined #nixos
wiml has joined #nixos
bvdw has quit [Read error: Connection reset by peer]
ris has joined #nixos
koleesch has joined #nixos
bvdw has joined #nixos
kleisli has quit [Remote host closed the connection]
<froggiefrog>
I have a problem and don't know what the problem is and how to solve it, first I use the unstable nixOS version.My problem is that I can't rebuild nixOS because of the error message "attribute 'jirafeau' missing" as far as I understood it so far is it a package of nixOS?https://imgur.com/sPyBfky
koleesch has quit [Read error: Connection reset by peer]
koleesch has joined #nixos
zupo has joined #nixos
<exarkun>
in the future don't take screenshots of text in a terminal
LarryTheCow has joined #nixos
<exarkun>
just copy/paste the text to a text-based pastebin
<exarkun>
also, if you add more information to the question, it's more likely someone will be able to figure out how to help you
koleesch_ has joined #nixos
<exarkun>
your configuration.nix is probably one useful piece of information that's missing
<exarkun>
a more specific version than "unstable nixOS" might be helpful too
incognito9999 has quit [Quit: ZNC 1.7.2+deb3~bpo9+1 - https://znc.in]
incognito9999 has joined #nixos
<froggiefrog>
So, my version is 20.09pre215872.3d6cdfa24bd (Nightingale) regarding the configs it's a bit complicated, the actual configuration.nix is refering to another config-construct which consists of different modules and the home manager hmmmm, yeah that not useful I guess. Just wondering if anyone expierenced the same issue?
sogatori has quit [Remote host closed the connection]
ixxie has quit [Ping timeout: 256 seconds]
heatmiser has joined #nixos
lovesegfault has joined #nixos
gila has joined #nixos
<froggiefrog>
@Infin
kahiru has quit [Ping timeout: 268 seconds]
<froggiefrog>
Thanks you gave me the right direction, I messed the os up lol... Will fix it
froggiefrog has quit [Remote host closed the connection]
kahiru has joined #nixos
iqubic has joined #nixos
heatmiser has quit [Ping timeout: 265 seconds]
vidbina has quit [Ping timeout: 256 seconds]
cidkid has quit [Ping timeout: 256 seconds]
ixxie has joined #nixos
vandenoever has quit [Read error: Connection reset by peer]
vandenoever has joined #nixos
vandenoever has joined #nixos
vandenoever has quit [Changing host]
blaggacao has quit [Read error: Connection reset by peer]
blaggacao has joined #nixos
cosimone has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<infinisil>
Oh and there should've been an `--eval` in that command too
<{^_^}>
[nixpkgs] @lightdiscord opened pull request #82278 → pdf-parser: init at 0.7.4 → https://git.io/JvK22
troydm has quit [Quit: What is Hope? That all of your wishes and all of your dreams come true? To turn back time because things were not supposed to happen like that (C) Rau Le Creuset]
zupo has joined #nixos
<{^_^}>
[nixpkgs] @lheckemann pushed 0 commits to revert-82252-radius-http2: https://git.io/JvK2o
<cole-h>
By gaw, I love the ability to spawn a nix-shell with a package for temporary use
noudle has joined #nixos
drewr has quit [Ping timeout: 240 seconds]
reactormonk has quit [Ping timeout: 260 seconds]
absoluutely_ has joined #nixos
absoluutely_ has quit [Remote host closed the connection]
<clever>
,tell johnw that might be a bug with --verify not obeying ?root=/path
<bhipple>
I'm sweeping through a bunch of Rust upgrades in NixPkgs and cfdyndns is currently broken, would like to bump it to a v0.0.3 with a fixed cargo.lock
zupo has joined #nixos
domogled has quit [Quit: domogled]
kahiru has quit [Ping timeout: 240 seconds]
lord| has quit [Read error: Connection reset by peer]
<infinisil>
The intention of ZHF is to have as many packages working as possible
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<infinisil>
So even fixing already marked as broken packages would be great
<ajs124>
It's not currently a hydra failure, because it's been marked as broken since 2018-04-11, if the comment is to be believed.
<ajs124>
I fixed the build, but I can't test it, because I don't have any hardware that's new enough to be supported by a current version of the tool.
koleesch_ has quit [Ping timeout: 255 seconds]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<bhipple>
ajs124: packages already marked as broken are outside the scope of ZHF, tho (at any time of the year) fixing a broken package is already great :)
<{^_^}>
[nixpkgs] @Luflosi opened pull request #82288 → kitty: install man page on Darwin → https://git.io/JvKV7
<bhipple>
The primary goal of ZHF is to have it be the case that for every package in NixOS 20.03, it either builds successfully, or refuses to build because it claims it's broken, so there are no surprises
<bhipple>
ideally we want as much stuff to build as possible, of course
kvda has joined #nixos
<bhipple>
but marked-as-broken pkgs are not counted in the number, since they're not built
<{^_^}>
[nixpkgs] @lovesegfault opened pull request #82289 → passh: init at 2020-03-10 → https://git.io/JvKV5
<ajs124>
bhipple: that's what I was thinking. I guess nobody needs this package, if it's been marked a broken for that long.
fuwa has joined #nixos
<bhipple>
Yeah, I've been going through and deleting packages entirely when they've been marked as broken in Nix for years and upstream is dead
<bhipple>
E.g., if the upstream project is dead, and it currently doesn't build, and it's been marked as broken for a very long time, and nobody is willing to hard-fork and own it, then we should just delete it entirely from Nix
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<ajs124>
Upstream is sort of alive, for this one (mstflint). They were acquired recentlyish, but they still seem to be maintaining their stuff.
<bhipple>
If it's broken and upstream is still alive, then it's probably best to leave it in Nix as broken in case someone someday decides to fix it
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<ajs124>
I did fix it. Just can't test it, because I lack the appropriate hardware.
<ajs124>
(I fixed it, because I forgot that they only support recent hardware...)
<{^_^}>
#80936 (by shyim, 2 weeks ago, open): Kitty does not start more
work_ has quit [Quit: Connection closed for inactivity]
malSet has joined #nixos
malSet has quit [Read error: Connection reset by peer]
<simpson>
It sounds like the GL drivers aren't being found correctly, or that some environment variable configuring GL isn't properly set.
<rooke>
So I'm buildig on not nixos but using nix to try and manage dependencies. I'm guessing that there needs to be some agreement between nix and the hostos as to whats going on with GL?
<Yaniel>
look at the renderdoc PR from a moment ago
<Yaniel>
basically you need to do some runpath trickery and ensure libglvnd is in the library path
noudle has quit [Read error: Connection reset by peer]
lsix has quit [Quit: WeeChat 2.7.1]
noudle has joined #nixos
<ottidmes>
I vaguely remember running into this problem before, but when I try running nixos-install on one of my servers it hangs on fetching Git repository 'https://github.com/NixOS/nixpkgs.git'
<ottidmes>
Weird, seems I just had to be really patient, cause after minutes of waiting it finished (last time it then failed with an error, but that was due to a wrong ref/rev combo)