<Cadey>
is there a way to push a partial nixos config to a machine?
<danderson>
Not afaik. The entire config gets evaluated as one block. I guess technically if your config is spread across multiple files you could push just one file
<danderson>
Cadey: what's the problem you're having?
dingenskirchen has quit [Remote host closed the connection]
reallymemorable has quit [Quit: reallymemorable]
<Cadey>
danderson: i want to bundle service configs with their respective apps and push that module to a server
<danderson>
ah, I see. So, I don't have advice based on experience, _but_ in my own "stuff to check out re: NixOS", I have written down to check out "Hail", which is some kind of continuous deployment thing
<danderson>
again no promises, it's just a thing I randomly came across and thought I should look at someday
<_d0t>
hey! I wrote a default.nix for an electron app and it uses autoPatchelfHook. The problem is that the patched app crashes with SIGILL. The unpatched version of the same binary works fine under steam-run. What do?
<colemickens>
I still don't like the cute nix 2 cli output, just show me the log
<cole-h>
I like `nix build` for when I /know/ something will succeed. But if I'm testing, I always go back to ole faithful `nix-build` for that same reason
reallymemorable has quit [Quit: reallymemorable]
ArchFeh has joined #nixos
ArchFeh has quit [Remote host closed the connection]
<jared-w>
I like the potential of the nix 2 cli output. It's much closer to what I'd expect from a modern package manager. Although, honestly, many of the node project bootstrapping CLIs out there have super highly polished outputs. It's definitely a thing I notice lacking in other ecosystems
<colemickens>
I like things that are useful when they break.
<clever>
jared-w: one improvement i can think of over the current nix 2, which ive seen from yarn, is to output 1 line per building package
<clever>
jared-w: and use ansii control codes to scroll up a few lines, and keep updating the N lines being displayed
<colemickens>
I can't figure out how to "man nix build" it just gives nix-build help, the "nix build --help" doesn't mention "-L" so I wind up losing 5 minutes trying to remember -L for logs.
<jared-w>
clever: yeah, exactly :)
<colemickens>
Or I wind up converting back to nix-build again. And I'm mostly annoyed because I've done this exact dance multiple times
<clever>
colemickens: `nix log /nix/store/foo.drv` will show the logs for a given drv, after the build has ended (pass or fail)
<colemickens>
I mean, I don't even get to see the build tree, which I don't know, I gleaned a lot of insight from that.
<jared-w>
what would be really neat is to combine ansi control codes to keep updating the n lines and then allow people to query the logs for each program being installed and replay them back after-the-fact (or tail them)
<colemickens>
yes, I saw that in the comments too, doesn't address the seeing the initial list of derivations (from which I can kinda guess at how ibg a rebuild is, or why its happening), doesn't give you streaming logs for when you build is going to take 3 hours, etc.
<clever>
colemickens: a bit hacky, you can use `nix-build --dry-run` to see that tree, and the root drv file, then `nix build /nix/store/foo.drv` to actually build it
<colemickens>
Even just ./result/log (or some other special name/link) that I could tail would be fine, if mentioned in `nix build --help`.
<jared-w>
bonus shiny swag points to the person that figures out the evil escape code magic required to make a live updating nix tree if you run `nix build --tree`
xelxebar has quit [Remote host closed the connection]
<clever>
jared-w: you could use something like brick to make a whole UI, sort of like travis/buildkite, which will also use the nix api, to initiate and monitor builds
<colemickens>
clever: I appreciate the tip, but I have no idea why I'd bother rather than just convert flags back.
<mlatus_>
Has anyone faced gdm-x-session terminated after resume from long time suspend?
<colemickens>
Though, I'd really like to go all-in on one or the other, and I don't know how to replicate certain `nix copy` functionality with nix-copy-closure.
<jared-w>
clever: Can brick do a UI that isn't interactive? And do travis/buildkite have TUIs like what you're talking about?
<mlatus_>
Maybe related error message: "EnterVT failed for gpu screen 0". Googled it, didn't find any solution though
<colemickens>
If the daemon does the build orchestration, couldn't we have multiple different UIs for the daemon's progress?
<clever>
jared-w: more, along the style of the UI travis/buildkite would have in the browser
* colemickens
knows nothing about how the nix daemon works
xelxebar has joined #nixos
<clever>
jared-w: you have N jobs running in parallel, you can scroll thru the logs for any of them, or tail one
<jared-w>
colemickens: magic goes in, magic goes out, can't explain that
<clever>
jared-w: and see which jobs are done
<jared-w>
colemickens: unless you run `nix build` instead of `nix-build`, then magic comes in but no magic comes out :p
<colemickens>
one line of magic at a time comes out :P
<clever>
jared-w: brick has an event loop, that will receive user input, but can also receive internal events on an STM channel
<clever>
jared-w: that event loop can mutate the state, and the render function then just draws a state object
<jared-w>
clever: gotcha. So it'd have to be basically a TUI then
<jared-w>
would be a one sweet TUI tho
<clever>
jared-w: so you can then have a second haskell thread, that watches the nix protocol, and fires changes over the STM channel
* jared-w
is glad he's deaf cause running folding@home is loud
<jared-w>
clever: hmm... So you might be able to get the whole thing to work correctly then. Nice. Might have to play around with that just as an excuse to learn Brick
<clever>
jared-w: and the event handler is just `s -> BrickEvent n e -> EventM n (Next s)`
<clever>
stat + event -> new-state
<jared-w>
colemickens in theory you could have the daemon work very similarly to how journalctl works for systemd. I believe hydra already takes advantage of a lot of that daemon infrastructure to get remote logs n such
ehmry has joined #nixos
<colemickens>
Hm. I wonder how much of a new CLI could be done in Rust then, if it doesn't actually need to do Nix stuff itself.
<colemickens>
Hmmm.
<jared-w>
clever: I've always been very fond of the (s,e) -> s' state machine approach to UI
<clever>
jared-w: for normal nix builds on the local machine, (and any time you lack write to /nix/store), you just phone out to nix-daemon, and have nix-daemon do the real work
<clever>
jared-w: normally, nix-daemon handles the remote build machines
<clever>
jared-w: hydra is a bit special, where hydra-queue-runner directly phones to the remote build machine, and initiates the build there, bypassing the local nix-daemon
<clever>
jared-w: and only when the build is done, will hydra copy the closure between the remote nix and the local nix, if its configured to self-host
<jared-w>
clever: yeah that's what I was thinking. Oh, okay. I was wondering if hydra did something special
<clever>
jared-w: hydra may directly copy from remote -> s3://
<clever>
and never store locally
<bqv[m]>
oh hey, speaking of rust
<bqv[m]>
is anyone working on fixing the clusterfuck that is current rust packaging?
<bqv[m]>
i've been hitting this issue periodically and if nobody else is doing anything, i might have a stab at rewriting the rust builder https://github.com/NixOS/nixpkgs/issues/30742
<{^_^}>
#30742 (by ljli, 2 years ago, open): buildRustPackage: found duplicate version of package
<jared-w>
bqv[m]: you mean you don't like buildRustPackage, buildRustCrate, buildRustBrokenThing, and buildRustNevermindThisMethodNow?
<clever>
jared-w: brick also has 3 ways for you to return in an EventM, continue, halt, and suspendAndResume
<clever>
jared-w: continue changes the state, halt lets you halt and return one final state, suspendAndResume will disable the curses UI and run an IO monad
<clever>
jared-w: so you could run a shell, and brick will know to redraw when it exits
<jared-w>
nice
<clever>
jared-w: if alternate screen is enabled in your terminal emulator, suspendAndResume will also use it then
<clever>
jared-w: vim/less use alternate screens to not overwrite your shell (and anoyingly, erase the whole editor session upon exit)
<bqv[m]>
jared-w: i mean i just want something that goddamn works
<bqv[m]>
i don't actually even care how pure it is at this point
<bqv[m]>
i'd just like it to be able to package things, and not take half an hour
<clever>
screen itself (the program) uses alternate screens, but doesnt allow them internally by default, ctrl+a :altscreen toggles emulating them
<jared-w>
bqv[m]: do you wanna package things in nixpkgs or build stuff using rust?
<jared-w>
clever: there's actually a setting you can set in vim to turn off the second screen so it won't clear on exit
<jared-w>
Or you can do it the way I usually do it and break your terminfo somewhere :p
<clever>
jared-w: i tend to always use screen, which doesnt allow it by default
<bqv[m]>
jared-w: both, ideally.
<bqv[m]>
i can build stuff manually using cargo build, but on nix that's just not fair
<clever>
jared-w: i'm not sure how, but :altscreen can toggle it, without changing $TERM, so brick/vim/less must be able to query if its supported
<bqv[m]>
packaging stuff with nix, or even just trying to come up with a derivation that builds, is suffering
<bqv[m]>
i'm just wondering if someone's actively working on this
<bqv[m]>
because it's been a clusterfuck for a while now
<jared-w>
clever: yeah it's in the terminfo `man tc` has a bunch of incomprehensible stuff about it
<bqv[m]>
so if nobody else is doing anything i will
<jared-w>
bqv[m]: it's been in various states of fixing and migration. I believe nmattia has written most of the buildRustX style nixpkgs support at this point(?)
<clever>
jared-w: something that ive been stuck on for months, is simply setting the window title in both screen and xterm, via terminfo stuff
<clever>
jared-w: 90% of my windows are just "screen", so its a bit difficult to find things in alt+tab
mikky has joined #nixos
<jared-w>
hmm... yeah. I have a set title precmd for zsh
<jared-w>
printf "\e]2;%s\a" "${PWD/#$HOME/~}"
<jared-w>
it's pretty unintelligent, though. It won't do nested commands so screen/tmux and then subsequently a thing won't do anything
<clever>
jared-w: possibly because i'm using this to connect to the remote systems
<jared-w>
clever: darn. Probably because you run screen and then immediately. Ah yeh, $1 is 'ssh' I think
GrimSleepless has left #nixos ["WeeChat 2.7.1"]
<clever>
jared-w: screen will remember the title of each window, and when i switch windows, it correctly updates xterm to whatever that window's title is
<clever>
but its not (yet) updating the titles within screen's UI
<clever>
its just correctly matching xterm's title to what the screen window last asked for
logand` has joined #nixos
<jared-w>
ahh, so it's "working" just not in screen
<jared-w>
seems like it just needs some obscure setting in your screen rc file?
<clever>
yeah, screen is emulating it fully, tracking what the title should be on a per-window basis, and showing the right one
<clever>
jared-w: when i first moved to nixos, i had utf8 problems in the above cmd, because it bypassed .bashrc, and wasnt setting $LANG right
<clever>
the -U to screen forced utf8 support, fixing things
<jared-w>
bqv[m]: so in nixpkgs, tooling for Rust is based around codegen so that you don't have IFD in hydra. If that sounds confusing, it's because it is
avn has quit [Read error: Connection reset by peer]
<jared-w>
clever: huh, interesting. One thing that bugs me with tmux is if I enter vim in tmux and then leave, I keep my block cursor and it dosen't go back to the beam cursor correctly
<clever>
jared-w: yarn2nix offers both codegen and ifd routes, if the yarn.lock file is right, you can do all of the codegen within a derivation, so you dont have to update the codegen constantly
<jared-w>
clever: yeah I like that. Although there's two different yarn2nix programs which never fails to annoy me
logand has quit [Ping timeout: 250 seconds]
<clever>
jared-w: i just always have a block cursor at all times
<clever>
jared-w: i use the moretea yarn2nix
<jared-w>
Rust has naersk, crate2nix, cargo2nix, carnix, and like 5 deprecated ones
<jared-w>
clever: yeah that's the one I use too. It's the "correct" one imo
<cole-h>
Would naersk ever be accepted into nixpkgs as the official way to build packages? I don't know how it actually works on the inside, but I know it works fairly well
<jared-w>
although it's still annoying the hoops I have to jump through to build something with yarn2nix that isn't a binary
<cole-h>
build Rust packages*
<jared-w>
cole-h: that's where it gets fun
<clever>
jared-w: my latest problem with yarn2nix, is @types/ junk
<clever>
jared-w: there are now 5 different pairs of packages, that have different hashes/content, for the same tar filename
<jared-w>
cole-h: so crate2nix and carnix are both integrated into nixpkgs. Both are "semi outdated" and/or variously un-maintained. That's where buildRustCrate comes from
<clever>
jared-w: basically, foo-1.2.3 and @types/foo-1.2.3 are both foo-1.2.3.tar.gz, yet not the same foo-1.2.3.tar.gz
<_d0t>
it's interesting that I'm not the first one to encounter this issue with electron apps
<jared-w>
cole-h: naersk is 100% nix, needs no IFD, and generally works a lot better
<clever>
jared-w: yarn (even with --verbose) wont tell you whats going on, and just try to delete stuff from your offline cache, and re-download it
<clever>
defdynamictitle on|off
<clever>
Set default behaviour for new windows regarding if screen should change window title when seeing proper escape sequence. See also "TITLES (naming windows)" section.
<clever>
jared-w: one of the options within screen
<cole-h>
jared-w: That's my experience as well. What's the catch, then? From what you've described, it sounds like a perfect replacement for the meh stuff we have now.
<{^_^}>
#24991 (by P-E-Meunier, 2 years ago, closed): Introducing mkRustCrate
<jared-w>
cole-h: the catch is someone needs to spend a bunch of calories hunting down every usage of rust in all of nixpkgs and aggressively ripping it all out and rewriting it with naersk
<jared-w>
nmattia is then doomed to maintain naersk to the end of time along with his millions of other increasingly essential tooling infrastructure pieces of software :p
<cole-h>
Just like the authors of crate2nix and carnix were doomed to maintain their impls? :P
<jared-w>
The bigger biiiiiiger catch is a ton of the engineering effort that goes into software like snack, naersk, and napalm, goes out the window entirely if nix ever switches to a content addressable store. (Well, not entirely, but it's significantly less redundant)
<jared-w>
cole-h: of course :p
<jared-w>
They're well maintained, what are ya talking about. Nobody else ever steps up and does any work /s
<cole-h>
What is "content addressed"? Is there an RFC I can try to read through?
felixfoertsch23 has joined #nixos
<energizer>
cole-h: the intensional store rfc
<cole-h>
RFC#17 then
<jared-w>
yeh
<jared-w>
all roads lead to 17
* jared-w
looks at the wheel of ka
<jared-w>
clever: @types nonsense bugs me as well. But it's absolutely essential for typescript since so many people refuse to use typescript or put types in their package, so...
<cole-h>
jared-w: But I'm assuming the "ton of engineering effort" would also be required for the current solutions, am I wrong?
felixfoertsch has quit [Ping timeout: 250 seconds]
<clever>
jared-w: ive found that things can still build if i manually delete all of the @types/ from yarn.lock, but yarn keeps re-adding them
<clever>
jared-w: the true fix, is to figure out how to put both of them into a yarn offline cache
<jared-w>
cole-h: with an extensional store (our current design) the only way to get incremental rebuilding is to re-implement the entire build system in nix. Which is what naersk does. It parses the cargo file, downloads things, and runs rustc on every single crate one by one and then links it all together
<jared-w>
and by linking them all together I mean each individual crate becomes a derivation in nix. Hence, incremental bulids.
<jared-w>
Intensional (content addressed) store can have a higher build granularity than a derivation, even if the derivation stays the smallest unique "atomic unit" of the store
<clever>
yarn2nix is the former, all sources go into one derivation, then everything gets compiled at once into a node_modules
<clever>
change any part, and you have to spend 5 minutes rebuilding libsass
<jared-w>
Right. Which is why any sane person writes a minimal shell.nix that sets up dependencies and then uses node tooling for development, and writes a default.nix that builds stuff
<clever>
jared-w: there was a bug at one point in the daedalus stuff, i was using filterSource to clean up the src passed to yarn2nix
<clever>
jared-w: yarn2nix then did `src + "/yarn.lock"` to get the lock file, which was always /nix/store/hash-source/yarn.lock
<clever>
jared-w: so now the node_modules gets rebuilt if ANYTHING changed
<jared-w>
That route is also essentially required for any sort of developer ergonomics whatsoever because of all the tooling, linters, editor integration, wazoo n what not that's required to get semi sane editor experience
<jared-w>
clever: o gawd. I can't imagine
<clever>
120 yarnLock = ./yarn.lock;
<clever>
121 packageJSON = ./package.json;
<clever>
but, you can just give it the paths like this, and bypass getting them from $src
<clever>
and then it regains its sanity
* jared-w
has lightbulb moment
<jared-w>
I played around with yarn2nix for something a few months ago. It got suuuuper slow at one point after I did some innocent change. I bet that was it. I read that yarnLock and packageJSON were optional and dropped those two lines.
* jared-w
flips table
<clever>
jared-w: the issue, is that `src = ./.;` and then `src + "/yarn.lock` is identical to just `./yarn.lock`
aw has quit [Quit: Quitting.]
spacefrogg has quit [Quit: Gone.]
<cole-h>
jared-w: Would it be accurate to say that with an intensional store, build systems won't need to be in 100% Nix, e.g. naersk, for a Good Experience™?
<clever>
jared-w: but add in `src = lib.cleanSourceWith { inherit filter; src = ./.; };` and now src is definitely copied to the store
<clever>
jared-w: and `/nix/store/hash/yarn.lock` doesnt get re-copied, because its already immutable
aw has joined #nixos
<clever>
jared-w: and now it depends on its siblings, not itself!
<clever>
jared-w: snack defeated this problem, by running filterSource on storepaths, to extract a single file out
spacefrogg has joined #nixos
<jared-w>
cole-h: that's my thinking. Don't know enough to say for sure, but I think it would be sufficient to teach nix how to "track" the results rather than how to reproduce them. (eg "oh hey here's all the files cargo downloaded. Keep those around in case I need 'em again, thx")
<jared-w>
clever: the amount of subtle intricate details in all of that is amazing, tbh. How long did it take you to trace all that down? lol
Scriptkiddi has quit [Quit: killed]
mrpi has quit [Quit: killed]
das_j has quit [Quit: killed]
ajs124 has quit [Quit: killed]
<clever>
jared-w: mostly, just using nix-diff on 2 drv files, once it had done it twice
<clever>
jared-w: and then reading source to see why
<jared-w>
ahh nice
<jared-w>
I really need to use nix-diff more often
<cole-h>
jared-w: Interesting. I still think it would be nice to switch to naersk, if only to be able to avoid things like #82342 being necessary
<clever>
jared-w: any time you get 2 drv files and expected only 1, nix-diff!
ajs124 has joined #nixos
mrpi has joined #nixos
Scriptkiddi has joined #nixos
das_j has joined #nixos
hexo_ has joined #nixos
<jared-w>
cole-h: absolutely. But we'd have to implement those types of solutions for every language ecosystem you "embed" into nixpkgs. And then nixpkgs's stability is locked to a highly complicated piece of code that's extraordinarily difficult to backport
<jared-w>
So... tradeoffs :p
Adluc has joined #nixos
<jared-w>
clever: Blindingly obvious in retrospect...
<bqv[m]>
<jared-w "Rust has naersk, crate2nix, carg"> ok, nobody told me about naersk
<bqv[m]>
that's totally what i was looking to make
<cole-h>
naersk is beautiful lol
<bqv[m]>
and it looks like it might actually build the things buildRustPackage is failing to!
<clever>
jared-w: when i was looking into snack, i started an eval for cardano-sl, 48 hours later, that one eval was still running
<clever>
jared-w: while waiting for that, i also re-wrote half of snack, and got the eval down to 15mins, lol
<clever>
jared-w: it was faster to dive face-first into the source, and rewrite half of it, then to wait for it to finish running
<jared-w>
bqv[m]: both links are in various states of documentation. Believe nothing until you see it in a github issue, as per standard FOSS behavior ;)
<cole-h>
jared-w: The thing I like the most about the way naersk does what it does, is that it does not have the problem that that PR does as noted in my `EDIT3` -- it does not install the hash-appended executables, somehow
<clever>
jared-w: documentation can lie, luke, use the source
<cole-h>
clever++ LOL
<{^_^}>
clever's karma got increased to 359
<cole-h>
jared-w++ Either way, thanks for the enlightening conversation.
<{^_^}>
jared-w's karma got increased to 4
<jared-w>
clever: If people cared as much about documentation as they did about how many newlines one should separate attrs with, nixpkgs would have the best documentation ever :p
<bqv[m]>
yeah i just found that
<bqv[m]>
noticed that all these good ones are made by nmattia
<bqv[m]>
what a lad
<jared-w>
He kinda pioneered the strategy of "hey let's just read these lock files with some crazy ass jank code in nix and then, idk, just rewrite half the compiler logic in nix. What could go wrong ehhhhh?"
hmpffff has joined #nixos
<clever>
jared-w: now that ive looked more closely at yarn2nix, its basically just translating yarn.lock into an array of pkgs.fetchurl calls, and nothing more
plutes has quit [Quit: See ya around!]
<clever>
jared-w: the rest is just symlinking things together, and running `yarn install`
<jared-w>
haskell.nix took that strategy and kinda ran with it. Unfortunately in doing so they messed with the design of how haskell.nix is structured so it's *ridiculously* sensitive to what version of nixpkgs you use. Just breathing on the thing wrong triggers like 5 full compiles of GHC just to hello world ;-;
hmpffff_ has quit [Ping timeout: 246 seconds]
<jared-w>
clever: If it's stupid, but it works, then it's not stupid :p
<jared-w>
clever: do you guys still use snack for cardano?
<clever>
jared-w: i got snack working in one branch, but it never became the official tool
<jared-w>
Gotcha. I played around with it just today actually
<clever>
jared-w: also, snack only works within a single cabal file, and cardano is split over something like 20 cabal files
<clever>
jared-w: so i had to first write a cabal merger, that joins all the cabal files into one
<jared-w>
I really like it, but it also is really frustrating to use because it's so close to being really usable and just so far, too
<clever>
jared-w: the biggest performance cost in snack, is lib.uniq, which heavily abuses lib.subList, which is a performance nightmare
<jared-w>
ouch
<clever>
jared-w: implementing builtins.subList gave a major performance boost, but i never finished that PR
<jared-w>
clever: is it lying around somewhere in a mostly done state?
<clever>
jared-w: lib.subList and lib.uniq, are implemented by concat'ing lists, one element at a time
* jared-w
wishes nix had actual performance sometimes
<clever>
jared-w: and list concat in nix, involves copying an array of Value*'s
<clever>
jared-w: so the more elements you subList, the slower it gets
<clever>
exponentially
<jared-w>
clever: yeah I've read some of the code for how nix is written. It's very understandable for being in C++
<clever>
builtins.subList is a single copy, of the lenght of the new list
<jared-w>
which of course means it's slow AF, naturally
<clever>
in this case, the problem is mostly about how subList was implemented
<clever>
look at lib.uniq and lib.subList in nixpkgs
<jared-w>
oh! I think I saw that PR then. I ran into this problem when I was trying to do AoC in nix
<clever>
and remember, list1 + list2 has a cost of lenght(list1) + length(list2)
<jared-w>
I had to give up because nix just consistently fell over when doing *anything* on lists past 20-70k in length
<jared-w>
I could detect exactly whenever I used a function that was written with builtins vs one that wasn't by whether or not I used 12GB of ram and segfaulted in 3 minutes of fan-whine or whether it finished in 8 seconds lol
<clever>
lol
<jared-w>
and I definitely wanted uniq at one point. That was one of the segfaulters for sure, heh. I even tried passing all kinds of weird flags to nix to get it to use more ram but it had some sort of internal limit I couldn't get past
<clever>
jared-w: if you disable the GC library at compile time, it has no ram limit at all
<clever>
jared-w: but it also can never regain spent ram
<jared-w>
If it's purely lazy, is it even allowed to regain spent ram anyway?
* jared-w
remembers that dead objects are a thing
<jared-w>
nvm
<clever>
if you compute `foo + bar`, then you can GC both foo and bar
<clever>
but you have to scan the heap, to see if pointers to those remain
<jared-w>
and if you use foo elsewhere then you have to keep it alive right?
<clever>
yeah
<clever>
but the current gc library isnt aware of the internal structure of the c++ types
<clever>
so it just blindly searches each object for pointers to other objects
<clever>
and if one happens to appear inside an int or a string, it keeps the thing alive
<jared-w>
ouch
<clever>
also, i have no idea how, but haskell.nix can change the types of already eval'd things
<bqv[m]>
<jared-w "He kinda pioneered the strategy "> what's wrong with that idea though?
<clever>
a set often turns into a string if you eval it again
<bqv[m]>
i mean, realistically, any alternative is gonna be poorer
<jared-w>
I remember reading some slides from eelco about that. He was lamenting on how the design of nixpkgs made it impossible to GC in practice because of how .override worked
cartwright has quit [Remote host closed the connection]
<clever>
jared-w: .override will keep the pre-called function around, hydra has special logic to help there
<jared-w>
bqv[m]: It essentially re-implements dependency resolution entirely in nix, compilation order in nix, and then linking in nix
<clever>
jared-w: this function will strip .override and many other things off, making GC simpler
<jared-w>
(which are most of the hard parts of designing a build tool :p)
<bqv[m]>
ah, right.
<clever>
jared-w: release-lib.nix maps that over nixpkgs, to aid in gc'ing a release.nix
<bqv[m]>
is that necessary though, i was thinking just implement the dependency fetching entirely in nix, create a local mirror and then use the native tools to build without any connection
<clever>
jared-w: but, the current aggregate job, must eval everything it depends on, causing performance problems
<bqv[m]>
which somehow buildRustPackage doesn't do
<jared-w>
bqv[m]: It's particularly difficult for nixpkgs because nixpkgs is both a rolling release *and* a stable release. Code is frequently backported across channels, so if you're re-implementing a build tool's logic inside nix, now you need to make sure that if you backport a regression fix you're not causing a regression
<jared-w>
clever: yeah, that doesn't sound great
<bqv[m]>
yet another problem that will just be solved with flakes
<jared-w>
clever: doesn't that also mean you can't really use override inside nixpkgs lest you break building with hydra?
<jared-w>
bqv[m]: Solve one problem by introducing a new method. Now you have two problems and four solutions :p
<clever>
jared-w: hydraJob gets ran on the result of the .override
<bqv[m]>
that sounds oddly familiar >__>
cartwright has joined #nixos
<clever>
jared-w: so after the override is applied, as it creates the set within release.nix
reallymemorable has joined #nixos
<jared-w>
ooh gotcha, so after it's already hit the fixpoint then, that makes sense
<clever>
jared-w: part of the problem, is that release.nix contains a set of 1000's of packages, and as you eval each value in the set, you increase the heap usage
<clever>
jared-w: but that set is rooting each thing you eval, so it cant clean up after you
<clever>
jared-w: one of my forks of nix, was to allow a sort of un-eval
<jared-w>
ahh, right. Even though in hydra's particular case, it stops caring the second it eval'd something.
<clever>
it would do the evals for a given attr in a child proc
<clever>
and keep the thunk in the parent
<clever>
and it could just discard the child at any time, to reset the heap
<clever>
jared-w: currently, hydra will keep that entire set in the parent, and then the child begins to eval attrs at a given point
<jared-w>
huh... That's both glorious and terrible. Nice
<clever>
jared-w: when the child gets too fat, its killed, and a new child is spawned, which resumes where the last one stopped
<clever>
jared-w: this code will write an attr to the child, the child then evals things and emits json, and then when the child gets too fat, it writes its attr out a pipe
<clever>
jared-w: the parent will re-spawn the child, and forward that attr to the new child, which repeats
<clever>
jared-w: the current api, is that you give it a set, and it will eval each attr in a different child
<clever>
and proxy the value back out
mint has quit [Remote host closed the connection]
<colemickens>
any tips on debugging initrd.network.sshd stuff? I don't get any log lines about network or sshd, even though I've enabled the related options and the source seems to back that up
<clever>
as seen from the nix language, it should just be identity
<clever>
colemickens: ive noticed that if it cant enable an interface, it will silently do nothing special
<clever>
colemickens: you need to enable the interface somehow, and review the generated shell script in the initrd (watch the build logs)
<clever>
colemickens: read the "compiled" stage-1-init.sh
<colemickens>
I read the uncompiled one so I know where it should be popping in. I'm pretty sure you're right.
<colemickens>
I thought I could eyeball lsmod and see what the rpi needs for the nic but I'm not seeing it.
<clever>
colemickens: there is also a debug flag you can add to the kernel cmdline, which will trigger a `set -x`
<colemickens>
I'm going to review dmesg on a normally booted one for hints, and then I guess I can try from recovery to enable it on the busted one
<clever>
colemickens: then you can see everything its thinking
<colemickens>
okay, I saw the cmdline parse, I'll look and see which one does that
<jared-w>
clever: I'd imagine you might eventually want some slightly fun way to "guess" the cost of an attr so that I can't do some dumb thing like call importNative on `{a = 1; b = 2; ...}`
<jared-w>
?
<clever>
jared-w: my original plan, was to use it in nixops
<clever>
jared-w: eval each machine in its own child proc, and proxy between children when they cross-reference
<clever>
jared-w: without that, a deployment with 100 machines needs over 20gig of ram to eval
<jared-w>
ah, so then every attr is a giant configuration.nix and you're not gonna do any tiny thing in there.
<jared-w>
ouch, yeah that's definitely wasteful
<clever>
yeah, they will all be equal in cost
<jared-w>
well technically 1 and 2 are equal in cost too :p
<clever>
jared-w: thats also where the maybeThunk function in nix comes in
<jared-w>
nix has a maybeThunk?
<clever>
jared-w: maybeThunk will decide if something is trivial (just `1`) or expensive
<bqv[m]>
<jared-w "Sounds like perfect working orde"> (!)
<jared-w>
clever: I can just imagine 5 years down the road and you've finally succeeded in your goal of re-implementing GHC-for-nix :p
<clever>
jared-w: for example, "foo" and 5, will use lines 714 and 720, which just directly return the value, and dont generate thunks
<jared-w>
ah nice
<clever>
jared-w: the `foo` in `let foo = 5; in foo` will also directly return 5, because its known immediately
<clever>
jared-w: but `with pkgs; foo` will return a thunk, because it doesnt know what pkgs is yet
<clever>
jared-w: that choice, is done by 704-711
<jared-w>
hmm... yet another wart of 'what'
<jared-w>
s/what/with
<clever>
,profiling
<{^_^}>
Use NIX_COUNT_CALLS=1 and/or NIX_SHOW_STATS=1 to profile Nix evaluation
<clever>
jared-w: nrAvoided is printed in the json when you use NIX_SHOW_STATS=1
<jared-w>
ooh nice
<clever>
so you can see how many thunks it avoided creating
<jared-w>
that would've helped during the AoC attempt for sure
<clever>
apps/nix/src/libexpr/eval.cc: auto outPath = getEnv("NIX_SHOW_STATS_PATH","-");
<iqubic>
What's AoC?
<clever>
jared-w: you can also point this env var to a file, and it will write all of the json to it, rather then stdout
<clever>
jared-w: then use jq to pretty-print the stats your interested in
<jared-w>
iqubic: advent of code
reallymemorable has quit [Quit: reallymemorable]
<iqubic>
Ah. Which puzzle are you working on? Also, why are you using Nix for it?
<jared-w>
iqubic: I made the silly mistake to try and write it all in pure nix code and subsequently immediately ran into some of its, ahem, "interesting" choices
<jared-w>
Well at the time I was using it to learn the nix language
dycan has quit [Remote host closed the connection]
<jared-w>
It's pretty messy because about halfway through I gave up and started train of thought debugging why TF nix kept constantly segfaulting and figuring out how to subvert nix to get the performance characteristics high enough to actually finish the puzzle
<jared-w>
clever: that jq trick is really sweet
<bqv[m]>
naersk does not support git dependencies
<bqv[m]>
screams
<iqubic>
What does the jq trick do?
<jared-w>
bqv[m]: it puts its dependencies in the Cargo.lock or else it gets the hose again
<clever>
jared-w: and how many times it was called
<clever>
iqubic: try the above shell command out
<bqv[m]>
i'm so sick of this though
<bqv[m]>
it's imporssible to get anything done on nixos
<clever>
342 listToAttrs (map (name: {
<bqv[m]>
because it's "bad form" to not do it through nix
<clever>
jared-w: 342:23 is the n in name:
<bqv[m]>
but also half the nix tooling doesn't work
<jared-w>
bqv[m]: I'd say less bad form and more that it's extremely difficult to get things done in nix in an ad-hoc fashion
<clever>
jared-w: so, the map within listToAttrs, ran its internal function, 2789 times, just to eval pkgs.hello
mexisme_ has quit [Ping timeout: 246 seconds]
<clever>
341 zipAttrsWithNames = names: f: sets:
<jared-w>
deliberate is the name of the game. But most programming is adhoc, off the cuff, and janked together. So there's tension
<clever>
342 listToAttrs (map (name: {
<clever>
jared-w: correction, zipAttrsWithNames ran listToAttrs, on map, on that function
<clever>
and the inner most function, was repeated 2789 times
<jared-w>
bqv[m]: it's also helpful to remember that nix was first and foremost a package manager and only coincidentially a "build tool" or "dependency (anything)"
<jared-w>
it's also some dude's thesis that a bunch of nerds decided they liked and 16 years later here we are :p
<mdash>
jared-w: is that really true
waleee-cl has quit [Quit: Connection closed for inactivity]
reallymemorable has joined #nixos
<jared-w>
mdash: which part?
konobi has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #83180 → bintools: only add macos flags when targeting macOS → https://git.io/JvDdN
<mdash>
I mean, the thesis mentions builds and dependencies as crucial issues in the introduction
<bqv[m]>
lol
<bqv[m]>
yeah i know
konobi has joined #nixos
<bqv[m]>
<jared-w "qy: I'd say less bad form and mo"> i suppose yes, it's more this. maybe i should just settle for setting up a shell.nix and doing it the old fashioned way
<jared-w>
mdash: yeah, that's true, but the thesis is about his work on functional software deployment
<jared-w>
And if you read the table of contents, it's all packaging, stores, deployment models, derivations, etc
Jank[m] has joined #nixos
<jared-w>
even the applications section starts with nixpkgs and nixos as the crown jewels, goes to hydra, and finally winds its way down to casually mentioning how you can use it as a low level build management tool
<jared-w>
Which, my personal hypothesis is, one of the main reasons the nixpkgs ecosystem and nix itself has such un-ergonomic and terrible support for versioning packages
<clever>
jared-w: have you seen what i did with the rpi stuff lately?
cjpbirkbeck has quit [Quit: cjpbirkbeck]
<jared-w>
For all its talk about how you can side-by-side install things, it's ridiculously hard to express "oh I wanna build this package like normal but downgrade llvm by one"
<jared-w>
Half the time I attempt something like that I end up going into nixpkgs, scrolling through the git history until I find out what the default.nix looked like when it was packaged for that version, and vendoring that into my project.
<jared-w>
clever: I saw that gchristensen had done a bunch of stuff recently with arm but must've missed your rpi activity
chagra_ has joined #nixos
<clever>
jared-w: the vc4 derivations depend on some of the arm derivations, and the entire `overlay = self: super: {` defines libraries that can be compiled for both vc4 and arm
<{^_^}>
[nixpkgs] @orivej-nixos pushed 8 commits to master: https://git.io/JvDFU
<clever>
so arm blobs get baked into vc4 blobs
<clever>
and nix just magically builds it all and the puzzle comes together
<clever>
jared-w: and if you want to see more rpi stuff, you can watch #raspberrypi-internals
<jared-w>
Are you doing all of that to try and get every ounce of closed source code out of the rpi?
nixy37179 has joined #nixos
<clever>
jared-w: yeah
<clever>
jared-w: for the rpi2 and rpi3, i can boot nixos with every blob that is removable, removed
<clever>
jared-w: the only blob that remains, is the mask rom, which is a rom, so i cant do much
<jared-w>
cause I read on Christina's #37 issue that you had basically everything but the little non removable blob. Or you had a plan to do that, at least
<{^_^}>
https://github.com/NixOS/nixpkgs/pull/37 (by cillianderoiste, 7 years ago, closed): Add lv2 audio plugin, the Calf audio plugin pack and also add lv2 support to Ardour 3
<jared-w>
thx bot, you tried
orivej has quit [Ping timeout: 240 seconds]
<clever>
jared-w: the readme claimed it was able to boot linux, but it took a month of work to even get linux to boot on rpi-open-firmware
<clever>
jared-w: lack of documentation on linux flags, and exactly which models they used
bhipple has quit [Remote host closed the connection]
<jared-w>
eh, sounds about right for a gentoo-like distro /s
<clever>
jared-w: rpi2 failed hard, because i didnt tell the arm core to enable SMP, so linux then faulted hard when it tried to use mutex stuff
<clever>
jared-w: and if i disabled SMP support in linux, the rpi2 lagged horribly, because with SMP disabled entirely, the L1/L2 cache didnt work, so every ram access was a cache-miss
<clever>
jared-w: rpi3 had random segfaulting, because i didnt give linux permission to flush the L2 cache
<jared-w>
*ouch*
astrofog has joined #nixos
<clever>
jared-w: rpi3 also failed hard, because i didnt grant linux permission to use the FPU
<jared-w>
any particular plan with the rpi's with all this? Or are you just tinkeirng to scratch an itch?
<clever>
jared-w: the instant printf was ran, it would bork, because it had FPU opcodes
<jared-w>
clever: meh, who needs FPUs anyway?
<clever>
jared-w: i had to cross-compile an FPU-less glibc, to even get debug info out of it
<clever>
because every print routine eventually touched printf
<jared-w>
nice
<jared-w>
there's a reason it's called printf debugging, after all :p
<clever>
jared-w: i also want to get rpi4 support, but they changed so much, that i'll need to reverse engineer a lot more to make it work
<clever>
jared-w: i was also surprised to find, the rpi4 requires the 1st-stage file to be correctly signed
<jared-w>
oh really?
<clever>
yeah
<clever>
for the rpi 1-3, the 1st stage is bootcode.bin on the SD card
<jared-w>
Don't they usually skip that for embedded devices?
<clever>
for later models, network boot was added to the mask rom, to allow fetching bootcode.bin over tftp
<clever>
or usb mass-storage
<jared-w>
ah ok
<clever>
but, the early revisioins of the mask rom, had bugs, causing netboot and usb-boot to fail in weird ways
lord| has quit [Read error: Connection reset by peer]
<jared-w>
I can see how "fetch random boot code on the internet" might want some signing :p
<clever>
with the rpi4, they completely redid both ethernet and usb-host
Supersonic has quit [Disconnected by services]
Supersonic112 has joined #nixos
Supersonic112 is now known as Supersonic
<clever>
and they knew such bugs would happen again
<clever>
so, they moved the 1st-stage file to an SPI eeprom on the rpi itself
<clever>
the 1st-stage is never loaded over the network
<clever>
but it can be upgraded, to add netboot support for the 2nd stage
<clever>
jared-w: and the 2nd stage isnt signed, so its still a security nightmare :P
<jared-w>
ah ok. My ignorance with embedded is showing a bit here
<jared-w>
clever: wouldn't be an rpi if it wasn't a security nightmare right? :p
<clever>
its more that the rpi foundation isnt obeying common sense
<clever>
for the rpi4, the 1st-stage can be loaded from 3 locations, in the following order
lord| has joined #nixos
<jared-w>
It's a shame they're so overwhelmingly popular
<clever>
recovery.bin on an SD card
<clever>
a tagged blob in the SPI eeprom
<clever>
usb-device boot over the dwc2 controller (the usb-c port), same as the compute modules
<clever>
if any location is missing or not signed, it silently moves to the next
<jared-w>
doesn't seem too crazy so far
<clever>
the official recovery.bin will re-flash the SPI chip, then delete itself
<jared-w>
ah yup, there it is
<clever>
so you can un-brick things
<clever>
the official SPI image, will initialize the ddr4 controller, then load start4.elf from either SD or tftp
<clever>
bootconf.txt exists within the SPI flash, and controls the boot order and tftp ip
<clever>
so you can do any order you want, and skip any mode you want
<jared-w>
seems sketch, but i'ight
<clever>
by default, it will only load start4.elf from the SD card
<clever>
and start4.elf is never signature-checked
<jared-w>
lol
<clever>
yep
<clever>
start4.elf then loads kernel.img and the right dtb file for this model, and boots linux up on the arm side
<clever>
and then linux mounts the rootfs, as directed by the root= in its cmdline
<clever>
then things continue as you would expect
<jared-w>
ah good you had me worried for a second that things were gonna get nuts post linux :p
<jared-w>
but yeah I definitely see what you mean by no common sense whatsoever
<clever>
jared-w: i have had the fun of single-stepping thru linux, with gdb+jtag, to figure out why it was hanging on boot with zero printf's
<clever>
jared-w: so i could go nuts if you want.....
<jared-w>
hahaha
<clever>
jared-w: i have also reverse engineered the mask rom, and extracted the hmac-sha1 keys used to validate the 1st-stage files
<clever>
jared-w: if you link with this linker script, and then objcopy it to a .bin file, the mask rom will load it to 0x80000000 (and the origin must be set to that, or the linker gets everything wrong)
<clever>
jared-w: and then it can boot as the 1st-stage, bootcode.bin or recovery.bin
<jared-w>
The more I'm hearing about rpi's design, the more it feels like a bunch of undergrads read a few textbooks, took an intro class, and hackathon'd their way through the first thing that came to mind
<clever>
jared-w: and of course, i had to nixify everything i touched :P
<jared-w>
of course :p
<clever>
jared-w: i lost the link, but one of the broadcom devs asked to just "throw an arm in there" for future use
<jared-w>
Is that just kinda how it goes for embedded stuff or is rpi particularly egregious about doing unusual things?
<clever>
jared-w: the VPU used to be the only cpu in the chip
<jared-w>
"thrown an arm in there" lol
<clever>
jared-w: and it has since evolved into a sort of management engine type setup
<clever>
jared-w: the VPU is basically the management engine, and the arm is the slave being put into a cage
<jared-w>
what's next? Maybe someone'll try to throw a leg in it next
<clever>
jared-w: there is a second MMU between "arm physical" and "real ram", so you can block the arm from ever accessing certain pages of ram
<jared-w>
clever: That doesn't sound particularly performant...
<clever>
jared-w: the gpu firmware on the VPU, can then deal with DRM decryption, hw video accel, and even turning that video stream into a texture for use by opengl
<jared-w>
(or well thought out (but what else is new))
<clever>
jared-w: while the arm deals with all of the UI and fetching the encrypted content stream over the network
abathur has quit [Ping timeout: 250 seconds]
<clever>
jared-w: the roku2 even uses the exact same bcm2835 as the rpi1
<clever>
jared-w: in here is a shell script for defeating the secureboot on a roku2
<clever>
in that setup, each box has its own unique key for signing the 1st-stage file
<clever>
which will then validate signatures on each stage after it
<clever>
but, because there is per-device keys, you must have a way to get the key from linux, to be able to sign your own updates
<clever>
one code-execution exploit, and your in
magnetophon has joined #nixos
<clever>
but, given what i have seen, it should have been possible to block all of that, so somebody must have gotten lazy...
<clever>
36 info "Extracting per box bootkey."
<clever>
37 if [ ! -e /bin/bootkey ]; then
<jared-w>
maybe they're going for the adobe approach
<clever>
41 bootkey > /tmp/bootkey.bin
<jared-w>
"if we let them break it, they'll wanna buy _two_ rokus"
<clever>
jared-w: this appears to be a binary that already exists on the linux end of the roku2, that just prints the per-device keys
<clever>
jared-w: what i would have done, is have a mailbox function on the secure firmware, to both sign and flash an update
<clever>
so the linux NEVER knows the key
<jared-w>
naaah, that makes way too much sense
<clever>
according to the blog i linked, they patch the 1st-stage to disable sig-checks on uboot, and re-sign it
<clever>
then patch uboot to add `dev=1` to the kernel cmdline
<jared-w>
lol, nice
<clever>
which disables sig-checks within the linux boot process, allowing furthr patching
arturo[m] has joined #nixos
<clever>
but, given what ive learned in rpi-open-firmware, i can just replace the 1st-stage entirely
<jared-w>
probably would simplify a lot of work too
<clever>
however, rpi-open-firmware cant bring the graphics pipeline online yet
<clever>
so no hdmi or composite video, at all
<jared-w>
can you at least full boot and printf? :p
<clever>
you get uart, usb host, i2c, gpio, and mmc/sd
<clever>
thats it
<clever>
for an rpi2/3, usb-host then leads to the ethernet chip and usb-hub
<jared-w>
so still a fair amount of work
<clever>
jared-w: on a roku2, i can see that being relatively useless, since its only IO is hdmi
<jared-w>
buuuut, it's something, so there's that :p
<clever>
for an rpi, its fine to be a headless server controlling some device
<jared-w>
clever: yeah. Kinda the whole point of a roku really
<clever>
,locate bin/hmac
<{^_^}>
Found in packages: libgcrypt.dev, libgcrypt_1_5
<clever>
jared-w: and its now 2:30 am, i should get to bed, come visit #raspberrypi-internals if you want to see more progress
abathur has joined #nixos
<jared-w>
clever: yeah it's pretty late for me too. Have a good night
<{^_^}>
[nixpkgs] @bbigras opened pull request #83183 → zenith: init at 0.7.5 → https://git.io/JvDFP
<jared-w>
clever: will do! Might point my friend there too. He's been trying to get a dev environment for the esp32 setup and it's been so difficult for him he's nearly sworn off nixos and nix over it lol
<simpson>
> let x = "test"; in { ${x} = 42; } # energizer
<{^_^}>
{ test = 42; }
<energizer>
simpson: thanks
<hyper_ch>
clever: online?
<locallycompact>
if I have a haskell.nix project where I can do `nix-shell -A shellFor nix`, but then I also want to layer a shell.nix on top of that with extra packages, how do I do that?
<locallycompact>
extra non haskell packages that is
magnetophon has quit [Remote host closed the connection]
turion has quit [Quit: Leaving.]
bvdw has quit [Quit: bvdw]
<{^_^}>
[nixpkgs] @Rakesh4G opened pull request #83197 → pyhtonPackages.varint: init at 1.0.2 → https://git.io/Jvyfv
bvdw has joined #nixos
<{^_^}>
[nixpkgs] @Izorkin opened pull request #83198 → nixos/netdata: fix permissions for plugins → https://git.io/Jvyff
astrofog has quit [Quit: Quite]
pbb has quit [Ping timeout: 246 seconds]
m0rphism has joined #nixos
chagra has joined #nixos
<{^_^}>
[nixpkgs] @edolstra opened pull request #83199 → Remove manual service → https://git.io/Jvyf4
<{^_^}>
[nixpkgs] @Rakesh4G opened pull request #83200 → python3Packages.variants: init at 0.2.0 → https://git.io/Jvyfw
<{^_^}>
[nixpkgs] @michaelpj opened pull request #83201 → cleanSourceWith: don't use baseNameOf → https://git.io/Jvyf6
<bqv[m]>
aw man, my config's gonna break when that PR gets merged, cause i use that service
<bqv[m]>
it makes sense though, i've never actually used it
fendor has joined #nixos
dingenskirchen has joined #nixos
alexherbo20 has joined #nixos
thc202 has joined #nixos
alexherbo2 has quit [Ping timeout: 250 seconds]
chloekek has joined #nixos
cinimod`` has joined #nixos
alexherbo2 has joined #nixos
<{^_^}>
[nixpkgs] @Rakesh4G opened pull request #83202 → pyhtonPackages.morphys: init at 1.0 → https://git.io/JvyJB
alexherbo20 has quit [Ping timeout: 250 seconds]
<sephii>
What's the recommended way to install a package from the unstable branch while your system is using a stable one? I did `nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz -iA elmPackages.elm-language-server` and it worked fine but I'm not sure it's the right way to do it.
<bqv[m]>
that's ..certainly one way
<bqv[m]>
if you're happy doing it imperatively like that, go for it
<bqv[m]>
doing it declaratively would require messing around with channels
<linarcx>
Guys, we dont' have this package: python-pygls?
<bqv[m]>
all the unholy things i've done in my configuration.nix are coming back to bite me in the ass now that i switch to flakes...
<bqv[m]>
$ nix search pygls
Neo-- has quit [Ping timeout: 260 seconds]
Ariakenom has joined #nixos
abathur has joined #nixos
knupfer has joined #nixos
knupfer has quit [Client Quit]
chagra_ has joined #nixos
zupo has joined #nixos
<{^_^}>
[nixpkgs] @markuskowa pushed 2 commits to release-20.03: https://git.io/JvyUH
zupo has quit [Client Quit]
zupo has joined #nixos
chagra has quit [Ping timeout: 240 seconds]
sayanarijit has joined #nixos
rgrau has joined #nixos
<sayanarijit>
Hi... Need a little help
abathur has quit [Ping timeout: 264 seconds]
<sayanarijit>
How to set locale via Nix? I'm trying to `LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";`
<sayanarijit>
But I get `cannot coerce a set to a string,`
cinimod`` has quit [Remote host closed the connection]
<manveru>
sayanarijit: some more context?
cinimod`` has joined #nixos
vandenoever has quit [Read error: Connection reset by peer]
vandenoever has joined #nixos
vandenoever has joined #nixos
vandenoever has quit [Changing host]
<sayanarijit>
I have a shell.nix to setup the dev environment which requires me to set `LC_ALL`, `LANGUAGE` etc locate variables. I tried to follow https://nixos.org/nixpkgs/manual/#locales
<{^_^}>
[nixpkgs] @hamishmack opened pull request #83204 → openssl: Fix openssl for musl [20.03 backport] → https://git.io/JvyUj
<sayanarijit>
But this is whst I get:
<sayanarijit>
direnv: loading .envrc
<sayanarijit>
direnv: using nix
<sayanarijit>
error: while evaluating the attribute 'environment' of the derivation 'dev-shell' at /Users/sayan/Documents/GitHub/ebn/shell.nix:76:3:
<sayanarijit>
direnv: ([/usr/local/bin/direnv apply_dump /dev/fd/63]) is taking a while to execute. Use CTRL-C to give up.
<sayanarijit>
direnv: ([/usr/local/bin/direnv export zsh]) is taking a while to execute. Use CTRL-C to give up.
<sayanarijit>
cannot coerce a set to a string, at /Users/sayan/Documents/GitHub/ebn/shell.nix:76:3
<manveru>
just set it at top-level in your `mkShell`
linarcx has quit [Ping timeout: 250 seconds]
veske2 has quit [Quit: This computer has gone to sleep]
veske has quit [Quit: This computer has gone to sleep]
veske has joined #nixos
veske2 has joined #nixos
veske2 has quit [Client Quit]
veske has quit [Client Quit]
veske has joined #nixos
veske2 has joined #nixos
<sayanarijit>
@manveru Same issue
<sayanarijit>
error: while evaluating the attribute 'LOCALE_ARCHIVE' of the derivation 'dev-shell' at /Users/sayan/Documents/GitHub/ebn/shell.nix:76:3:
<sayanarijit>
cannot coerce null to a string, at /Users/sayan/Documents/GitHub/ebn/shell.nix:82:21
<manveru>
this works, so i'm not sure where your error comes from
<ottidmes>
infinisil: I was curious, what would be the reason to ever use your snippet of fetching nixpkgs with <nix/fetchurl.nix>? Wouldn't fetchTarball { url = "https://github.com/NixOS/nixpkgs/tarball/e94a84a144b83eebfcfb33ac3315c01d0d4b3a0a"; sha256 = "0s94ygwgkzk1i4gafc51i10j99yc2qba98mg5lb89nsg24xm31lp"; } behave the same?
<Cadey>
is there any prior art for adding nixos containers to a wireguard subnet?
<ottidmes>
infinisil: nevermind, I get what you meant with eval time, I just thought it behaved differently when supplied the hash. It does, but other than then being checked for the hash and considered pure, I expected it then behave like pkgs.fetchurl, which it does not
owenowen has joined #nixos
<simpson>
Cadey: ivan ^^?
toppler has left #nixos ["ERC (IRC client for Emacs 26.1)"]
<bqv[m]>
`error: access to path '/nix/store/n9vqd6p3d1kkv58hk2xzymkgvj917x8q-nixpkgs-patched/nixos/modules/config/gtk/gtk.nix' is forbidden in restricted mode` hey since when is this a thing
o1lo01ol1o has quit [Remote host closed the connection]
<LnL>
what context?
<bqv[m]>
er, that's complicated
<sayanarijit>
@manveru Your snipped doesn't run on my machine. I have upgraded nix to latest version. yet:
<sayanarijit>
error: while evaluating the attribute 'LOCALE_ARCHIVE' of the derivation 'nix-shell' at /nix/store/wqhh8nzvpj0rbggixs9haj27dpjsqkzr-nixpkgs-20.03pre212770.cc1ae9f21b9/nixpkgs/pkgs/build-support/mkshell/default.nix:28:3:
<sayanarijit>
cannot coerce null to a string, at /Users/sayan/Documents/GitHub/test/shell.nix:3:21
<sayanarijit>
env | grep LOCALE_ARCHIVE doesn't produce anything (I'm on mac)
cosimone has joined #nixos
<LnL>
glibc(Locales) isn't a thing on darwin
<LnL>
should be conditional for linux only
cosimone_ has joined #nixos
<sayanarijit>
Oh got it.. Thanks
peanutbutter144_ has joined #nixos
cosimone has quit [Ping timeout: 240 seconds]
jakobrs has joined #nixos
peanutbutter144 has quit [Ping timeout: 256 seconds]
<jakobrs>
Is it possible to restrict the memory usage of the nix daemon?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<jakobrs>
I have relatively little RAM and even just downloading from substituters can render the desktop environment practically unusable for brief periods of time.
<{^_^}>
[nixpkgs] @peti pushed to master « obs-studio: update from version 25.0.0 to 25.0.2 »: https://git.io/JvykN
<sephii>
How come `nix search python35Packages.psycopg2 doesn't return any result, but I can install it with `nix-shell -p python35Packages.psycopg2`?
cinimod`` has quit [Ping timeout: 256 seconds]
<evils>
sephii: because search doesn't accept attributes, it accepts package names, which is `psycopg2` in this case
<tilpner>
jakobrs: Probably. The question is: what happens if it reaches that limit? Does it just do it slower, or does it crash?
<sephii>
evils: `nix search psycopg2` only shows `python37Packages.psycopg2` and `python27Packages.psycopg2`, but not `python35Packages.psycopg2`
<jakobrs>
tilpner: The desktop environment gets really laggy
sayanari1 has joined #nixos
<jakobrs>
By filling up ram I have been able to freeze the computer for twenty minutes before (althought that was not using Nix)
<tilpner>
jakobrs: No, that's not what I mean. What would nix-daemon do, if you restricted its max memory usage? (And that's not a question you're supposed to answer, just think about it while I find the right systemd manpage)
<jakobrs>
ah
<Valodim[m]>
nix-daemon (probably?) doesn't have internal memory management, so I would expect it die when it fails to allocate
<tilpner>
That might help, but I haven't tried it myself. The manpages says it will slow down the process and take away memory more aggressively, whatever that means in practice
sayan__ has left #nixos [#nixos]
<jakobrs>
I might try that
<tilpner>
And all this assumes you are going through the daemon, not nix-build as root
<jakobrs>
Yeah ofc
<aveltras>
anyone seeing flickering issues with firefox 74 ? using sway if that matters, doesn't seem to bug with chromium
<tilpner>
No flickering here, but I'm still in the stone ages
<tilpner>
jakobrs: I see no good reason to consume that much memory just for downloading things. Can you measure if this is instantiation memory use, or download memory use?
<tilpner>
jakobrs: Under the assumption that it is fixed overhead for a large number of concurrent downloads (and streaming decompression + extraction of NARs), you can try fewer of those concurrently
owenowen has quit [Ping timeout: 256 seconds]
<tilpner>
*doing fewer of those
<tilpner>
jakobrs: Use --option http-connections 2 or nix.extraOptions = "http-connections = 2"; to test that assumption
<jakobrs>
Actually, looking at htop, I'm not so sure that the memory usage is the problem
<jakobrs>
It goes up to 8.6%MEM
<jakobrs>
Although memory usage can still be a problem
<ottidmes>
EdLin: I believe the general rule is that is done when it is done, better to wait longer then people be confronted with still broken packages of packages that are uncached, although there might not be zero of such cases when released, they should be as low as possible
<clever>
hyper_ch: am now
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
iyzsong has quit [Ping timeout: 246 seconds]
zupo has joined #nixos
sogatori has joined #nixos
<EdLin>
ottidmes: ok
sigmundv__ has quit [Read error: Connection reset by peer]
sigmundv__ has joined #nixos
<ottidmes>
EdLin: I normally just check a month or a month and a half after the release month, then you can be pretty sure things are released and oversights are addressed
civodul has quit [Remote host closed the connection]
leotaku has joined #nixos
dckc has quit [Ping timeout: 246 seconds]
<hyper_ch>
clever: well, regarding networking during initrd... if I add kernel paramenter ip=dhcp then I have the issue that it just stopps if there's no network cable attached
<clever>
hyper_ch: ouch
<clever>
hyper_ch: what about a static ip?
nek0 has joined #nixos
<hyper_ch>
well, ip changes whether I'm at home or at the office
<hyper_ch>
so, I set router to dynamically assign ip based on the mac
<clever>
yeah, that wont really work
<hyper_ch>
so that I can reboot my notebook from afar and unlock root zfs encryption
<linarcx>
Guys, i get this run time erro when i want to run a qt application: `qt.qpa.plugin: Could not find the Qt platform plugin "xcb" in ""`
dckc has joined #nixos
<linarcx>
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.
<hyper_ch>
clever: one more thing: I have a usb-c docking station and it also has ethernet. But I am unable to use that ethernet port in the initrd? ethtool -i {usb dock ethernet} says driver: cdc_ncm and I did add cdc_ncm to the initrd. Any idea?
<clever>
hyper_ch: usb drivers tend to have hci in the module name
fresheyeball has joined #nixos
<fresheyeball>
hey there
<fresheyeball>
does stdenv.mkDerivation not come with overrides attribute?
<tilpner>
fresheyeball: Correct, that is added during callPackage
<clever>
fresheyeball: callPackage is what adds .override
<tilpner>
fresheyeball: You can add it yourself with makeOverridable
<fresheyeball>
what is the type of makeOverridable?
zupo has joined #nixos
mekeor has joined #nixos
<fresheyeball>
I think I am starting to understand programming patterns in nix
mekeor has quit [Disconnected by services]
<fresheyeball>
In retrospect that has been the hardest thing about learning nix. Its not the language, or the command line tools, or the error messages, it's patterns.
<clever>
fresheyeball: i believe makeOverridable takes a function and a set, and calls that function with the set
<clever>
fresheyeball: it then uses // to add an override attr onto the result
<clever>
and override lets you mutate the set, and call the function again with diff args
<fresheyeball>
I am reading about it
<fresheyeball>
I don't see how to use with with my drv yet, since it's not a set
<tilpner>
Derivations are sets
<fresheyeball>
sorry, it's not a function
<tilpner>
makeOverridable can't be used if your function returns e.g. an integer
<fresheyeball>
oic
<hyper_ch>
clever: I did add a bunch of kernel modules arlready but couldn't make it work. Thx for the help though
<clever>
fresheyeball: if its not a function, then you have nothing you can change with .override
<fresheyeball>
I pass mkDerivation as the function
<linarcx>
I don't know how use wrapQtAppsHook in shell.nix. Anyone knows?
<clever>
76 local targetDirs=( "$prefix/bin" "$prefix/sbin" "$prefix/libexec" )
<clever>
linarcx: but it only looks in $out/bin and friends
<clever>
90 wrapQtApp "$file"
<clever>
linarcx: so you may want to run this function yourself, on each binary
<linarcx>
can i put it inside shell.nix and it runs for me automatically?
<clever>
linarcx: the problem, is that it has to be ran after you run `make`
<linarcx>
hmm..
nerdmaxx has quit [Quit: WeeChat 2.7.1]
nikivi has joined #nixos
Makaveli7 has quit [Ping timeout: 264 seconds]
<clever>
linarcx: or you need to read the source for the hook, figure out whats special about it, and just set those env vars correctly
<linarcx>
lemme..
<linarcx>
clever: A question. How can i run this function?
<clever>
linarcx: like any other binary
<linarcx>
No this part: `so you may want to run this function yourself, on each binary `
<linarcx>
I have a binarry file called kindd. How call that function before run this binary?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
linarcx: `wrapQtApp kindd`
<linarcx>
zsh: command not found: wrapQtApp
<clever>
linarcx: nix-shell only works with bash, zsh breaks everything
<linarcx>
I'm using direnv
<linarcx>
it's ok with zsh
<clever>
direnv breaks all functions that nix-shell and hooks create
glittershark has quit [Ping timeout: 240 seconds]
<linarcx>
still get that erro in bash
<clever>
you cant just run bash, you must use the bash that nix-shell creates
glittershark has joined #nixos
philr has quit [Ping timeout: 250 seconds]
noonien has joined #nixos
<linarcx>
clever: So you say i should never use zsh and direnv?
<clever>
linarcx: if you want hooks and functions to work, yes
<noonien>
hello folks
<linarcx>
Hmm...
<noonien>
is it possible to create a user systemd service, but only for a specific user?
<linarcx>
clever: stil get error in bash: `bash: wrapQtApp: command not found`
<linarcx>
why?
<clever>
linarcx: can you screenshot the whole terminal?
<{^_^}>
[nixpkgs] @jtojnar pushed 139 commits to gnome-3.36: https://git.io/Jvy3R
<{^_^}>
[nixpkgs] @dredozubov opened pull request #83219 → kubernetes-helm: 3.1.1 -> 3.1.1 and 2.16.3 split to helm 2 and 3 → https://git.io/Jvy3E
cosimone has quit [Quit: Quit.]
agl has joined #nixos
ottidmes has joined #nixos
agl has quit [Remote host closed the connection]
<bqv[m]>
ok, so just to be clear, master is merged into nixos-unstable-small when commits are in unstable but not built on hydra, and those are then pushed to nixos-unstable when hydra builds are all finished, so if i check the nixos-unstable branch all possible hydra builds should be ready?
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to release-20.03: https://git.io/Jvy3X
<linarcx>
clever: Yeah, i'm using lorri
<clever>
linarcx: direnv and lorri break all bash functions
<linarcx>
Gooodd
<clever>
linarcx: thats just due to how they work, they copy env vars, not functions
<linarcx>
Is there any plan to support these things?(lorri, zsh, direnv,..)
<clever>
unknown, i dont keep a close eye on them
<linarcx>
Hmm...
<clever>
and there are syntax differences between bash and zsh
<clever>
so the functions may break when used in zsh
<linarcx>
I got it
<linarcx>
So i should change my workflwo.
<linarcx>
THanks.
<clever>
or figure out what env vars the hook is setting
<clever>
and set those in your shell.nix
<clever>
then you dont need to wrap things
<linarcx>
be reading the source of hook? Is it enough?
<clever>
probably
<linarcx>
ok. thanks.
<clever>
or reading something thats already wrapped in /nix/store/
fenedor has joined #nixos
<linarcx>
clever: I think it's better to use bash only. But i love a functionality in lorri. That whenever you try gc, it only delete dependencies that don't used by any derivation. How can i do that with nix-shell?
<linarcx>
If i figure out how do this thing, i'll remove lorri + direnv + zsh
zupo has joined #nixos
<ottidmes>
clever: I was thinking, if I were to patch Nix to have more detailed metadata about locations, I should probably also be able to work around limitations I encountered before: https://github.com/msteen/nix-upfetch#limitations
<clever>
linarcx: not sure if thats fully possible
rnhmjoj has joined #nixos
rnhmjoj has joined #nixos
rnhmjoj has quit [Changing host]
rnhmjoj has quit [Changing host]
fendor has quit [Ping timeout: 256 seconds]
teto has quit [Quit: WeeChat 2.7.1]
Jackneill has quit [Ping timeout: 240 seconds]
<linarcx>
clever: What's your workflow? When you use gc? And how prevent deleting dependencies of a project that still need a dependency but gc will delete it.
<clever>
linarcx: mostly, i have a local hydra that builds most of my projects, and roots the closure of them
owenowen has joined #nixos
<clever>
linarcx: and i also run cachecache, which is a cache over cache.nixos.org
<clever>
linarcx: so if i loose the deps for a project, my hydra has them pre-built and rooted for re-download
<clever>
linarcx: and if i loose anything in the official cache, i have them on a local machine, and can re-download at gigabit speeds
<clever>
all is seamless, and just treated as a normal binary cache
drewr has joined #nixos
Makaveli7 has joined #nixos
<linarcx>
Hmm.. impressing ideas
<linarcx>
thanks.
<fresheyeball>
is there a good way to interpolate nix variables into a markdown file?
<fresheyeball>
If I make it a nix file with a giant heredoc, it works, but is kinda ugly
<pistache>
Izorkin: you mean that the errors accumulate during the boot, or continuously ? if it is during the boot, maybe your power supper is too weak, and in that case staggered spin-up can help
chimay has quit [Quit: WeeChat 2.7.1]
<fresheyeball>
clever++
<{^_^}>
clever's karma got increased to 361
<fresheyeball>
love it
<clever>
linarcx: kindd is now a shell script, that sets the important env vars, run cat on that
<fresheyeball>
wait, subtituteAll just cped with no changes
<Izorkin>
pistache: me used 4 SAS hdd. On 2x300 gb no counter erros. On new SAS hdd - accumulate error.
<fresheyeball>
hmmm
<clever>
fresheyeball: it will replace @foo@ with the value of the $foo env var
<jluttine>
running "nix-collect-garbage --delete-older-than 30d" doesn't update grub menu so does it mean that if at boot time i choose an older configuration the boot just fails?
<clever>
jluttine: the grub menu only updates after another nixos-rebuild
<clever>
fresheyeball: you want .overrideAttrs not .override and makeOverridable
<{^_^}>
[nixpkgs] @orivej-nixos merged pull request #83042 → nixos/mysql: fix service so it works with mysql80 package → https://git.io/Jvynk
<{^_^}>
[nixpkgs] @orivej-nixos pushed 3 commits to master: https://git.io/JvynI
bennofs1 has joined #nixos
<linarcx>
clever: nixGL is awesome :))))
zupo has quit [Ping timeout: 258 seconds]
<clever>
linarcx: ive just abandoned all other distros :P
<linarcx>
Now my qt applicatino runs on void-machine :)))))
zupo has joined #nixos
<linarcx>
clever: I had nixos for about 1 year, but i can't develop flutter or qt applications on it(Becuse qtcraetor had some bugs related to nixos). Now with new workflow with vim, i dont depend even on qtcreator. So maybe i switch again. :)
<{^_^}>
[nixpkgs] @jonringer pushed commit from @r-ryantm to master « python27Packages.fiona: 1.8.13 -> 1.8.13.post1 »: https://git.io/JvynY
<boogiewoogie[m]>
mehlon: I'm personally testing it with `ngrep port 853` as DoT-encrypted queries are using this port. did you specify your upstream servers in the correct format and with `tls_auth_name`s?
<{^_^}>
#83096 (by mehlon, 1 day ago, open): Tor Browser: add-ons disabled on start
<mehlon>
well, I've reproduced it on two different computers, but who knows
<boogiewoogie[m]>
mehlon: you can test if stubby doesn't like your formatting with `systemctl cat stubby`, the config that's actually in use is shown there. but iirc then it just falls back to the default servers, using DoT. so in that case it should be working, even if with the wrong servers :x
<asbachb>
cole-h: Basically I'd expect an error message. But I cannot find any.
<cole-h>
asbachb: Sorry, I haven't forgotten about you. Currently drafting a rant :P
lovesegfault has joined #nixos
<energizer>
yesterday someone was saying they make a wrapper around their programs to read config from the nix store instead of from ~. how do i do that?
<gchristensen>
mutate isn't so special, it just like, substituting paths
<mojjo>
hi! a nixops deployment works fine from my local machine. when run on travis it fails with: `error: attribute 'flavors' missing, at /home/travis/.nix-defexpr/channels/nixpkgs/nixos/modules/programs/gnupg.nix:71:39`. For both, a virtualbox and a digital ocean deployment. any ideas?
<gchristensen>
in default.el, replacing @msmtp@ with the path to msmtp
<energizer>
gchristensen: substituting them where?
wavirc22 has joined #nixos
<energizer>
like, if i have an application that's hardcoded to read from ~/.foo, will mutate adjust that somehow?
<ottidmes>
gchristensen: you still run most of $HOME on a tmpfs? or was that just an experiment
vandenoever has quit [Read error: Connection reset by peer]
<gchristensen>
$HOME has never been a tmpfs, but / is erased on boot (but thaht doesn't include /home, /nix/, /boot). I think adisbladis is the one who has ~ be a tmpfs
<aanderse>
Izorkin: what happens when you run mysql test locally?
vandenoever has joined #nixos
o1lo01ol_ has joined #nixos
<ottidmes>
gchristensen: must have misremembered, both are interesting though, I am still not ready for the NixOS challenge I'm afraid
o1lo01ol1o has quit [Ping timeout: 240 seconds]
<energizer>
gchristensen: in other words, if you have an application that's hardcoded to read from ~/.foo, do you (1) somehow change it so that it doesn't do that, or (2) have nix create a file at ~/.foo ?
<gchristensen>
I usually try to fix it to read from /nix/store/...
<{^_^}>
[nixpkgs] @kwohlfahrt opened pull request #83234 → quartus: expose CLI executables + increase device support → https://git.io/JvyWm
<energizer>
ok
<MichaelRaskin>
I personally make a ton of stuff symlinks to wherever
<MichaelRaskin>
In my case, a Monotone checkout
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
wavirc22 has quit [Quit: ZNC 1.7.2+deb3 - https://znc.in]
cartwright has quit [Ping timeout: 240 seconds]
wavirc22 has joined #nixos
<samueldr>
ottidmes, gchristensen, isn't it sh*evy who has tmpfs for home? maybe adisbl*dis does too, though for home
<gchristensen>
I think shl*vy uses a read-only home
cartwright has joined #nixos
jfroche has quit [Ping timeout: 264 seconds]
tilpner_ has joined #nixos
<aanderse>
Izorkin: can you link the exact mysql package expressions? i'm not familiar with NUR so i can't navigate easily.
tilpner has quit [Ping timeout: 256 seconds]
tilpner_ is now known as tilpner
<cole-h>
asbachb: Sorry, just now getting around to reading your drv and logs
<Izorkin>
aanderse: i don't know how to
<aanderse>
Izorkin: ok, i found your expression. if i had to guess i would suggest you try changing your expression to pname instead of name
asbachb has quit [Ping timeout: 240 seconds]
<cole-h>
asbachb: I would run `nix why-depends /nix/store/dsjnw12pzj8l1fagmyci605b6pqasbca-netbeans-11.3.drv /nix/store/hz91695lbh560ds50pp2isrc7qbh2dlv-shell.drv` to see why it depends on shell. Haven't seen that before.
o1lo01ol_ has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
zeta_0 has joined #nixos
Ilya_G has joined #nixos
zeta_0 has left #nixos [#nixos]
<boogiewoogie[m]>
oh right, the emacs config thing. I was asking about absolute paths for configs in expressions yesterday and consequently also saw this example. what bugged me was that the emacs example seems to not be generalizable since AFIU it's using `emacsPackagesNg.trivialBuild` to feed emacs the config placed there? did I get that right and would there be a way to wrap any general derivation like this?
<gchristensen>
the way to wrap up software varies by the software
<Ilya_G>
While building a python package I see `evaluating file '/nix/store/dw4pq03ak9d4hc6jij2d36v351q6ri15-nixpkgs-20.09pre214374.1fe82110feb/nixpkgs/pkgs/development/python-modules/wheel/default.nix'` I end up running out of 15 GB of RAM in my docker end then build fails. What should I do
o1lo01ol1o has quit [Ping timeout: 240 seconds]
<boogiewoogie[m]>
I assume not as one would have to make it think, say, `/home/user123` would be somewhere relative, say, `.`, and there one would have to use absolute paths?
<Ilya_G>
Hello again. Any insight on a decent workaround for the problem of python wheel package installation
Izorkin has joined #nixos
o1lo01ol1o has quit [Ping timeout: 250 seconds]
h0m1 has quit [Quit: WeeChat 2.7.1]
fenedor is now known as fendor
<energizer>
Ilya_G: wheel is a pure python library, it shouldn't be using memory hevily
<energizer>
heavily
h0m1 has joined #nixos
<Ilya_G>
energizer, thank you for replying
Izorkin has quit [Client Quit]
domogled has joined #nixos
rafasc has joined #nixos
shibboleth has joined #nixos
<Ilya_G>
energizer: I am running nix-build on a python package and end up having all these packages evaluated
{`-`} has joined #nixos
<Ilya_G>
once it hits that line it starts pulling down a deep folder of some sort it warns me that it is over 256 MiB and then it keeps eating up all my RAM and eventually gails
<Ilya_G>
*fails
<noonien>
hello folks, i'm trying to package a python package in this derivation: http://ix.io/2f4r nixos-unstable is the latest nixos-unstable channel, mopidy-scrobbler is complaining with: ERROR: No matching distribution found for Mopidy>=3.0.0
<noonien>
however, `mopidy` is version 3.0.1
<noonien>
am i perhaps missing something?
<energizer>
Ilya_G: do you have a lot of data in your current working directory?
<Ilya_G>
energizer: Is it important if I run build from / folder?
hajen has joined #nixos
zupo has joined #nixos
<energizer>
Ilya_G: it will try to copy the whole working directory recursively into the nix store, by first reading it all into ram. you'll run out of memory that way
<T_S_>
Is there a way to inherit a list of expressions? I can write s = { inherit e1 e2;}, but I would like the equivalent of {inherit [ e1 e2]; } because irl I have a long list or one that is processed and not known in advance.
<pinkieval>
I saw there's an "allowUnfree" variable, so I wonder if there could be a "allowBlobs" or something of the sort
<tilpner>
Well, it's not conventionally a blob
<pinkieval>
just for lack of a better name
mehlon has joined #nixos
<tilpner>
I understand the desire, but I haven't noticed an effort like that
teto has joined #nixos
<danderson>
as a recent piece of case law: I sent a PR to package a proprietary binary that was open-sourced shortly after. Even though I had a PR out there, the strong preference was "please close this and submit a from-source derivation"
<danderson>
(which was the correct call, source builds ftw)
<tilpner>
pinkieval: Unless you want to start that effort, make any decisions under the assumption that nixpkgs doesn't distinguish wrapped binaries from source builds
<cole-h>
The closest we get to blobs is AppImages, I think
<tilpner>
Don't remind me, I feel responsible for that one :(
<pinkieval>
tilpner: that seems like a Big task for a newcomer
<pinkieval>
plus, it would need reviewing all existing packages somehow
<tilpner>
pinkieval: Implementation wouldn't be the big problem here, it's the social issues that I'd worry about
<pinkieval>
oh yeah, that too
Rusty1 has joined #nixos
<cole-h>
Well, they're both big problems, but the social issue has more of an impact
<tilpner>
Suggesting additional warnings about properties in meta opens up a bikeshed or ten
<pinkieval>
I noticed there were some disagreements about allowUnfree
<ottidmes>
I am missing something, it seems to evaluate too much of nixpkgs, but why is this not working: nix eval '(with import <nixpkgs> { }; let mapToAttrs = f: builtins.foldl'\'' (attrs: value: attrs // { ${f value} = value; }) {}; in mapToAttrs (pkg: pkg.pname) [ hello ])'
sigmundv_ has quit [Ping timeout: 256 seconds]
<tilpner>
FWIW, I would like having requireProperties = [ "free-software" "source-build" ];
<tilpner>
(Though without string typing)
<pinkieval>
open-source-software-as-per-osi
<pinkieval>
free-software-as-per-fsf
<pinkieval>
free-software-as-per-dfsg
<pinkieval>
^^
<tilpner>
Yeah, see how that's a giant bag of discussion?
<pinkieval>
(completely unrelated: I wonder if there's a software license that forbids sharing binaries, and who would consider it free or not)
<mehlon>
well maybe you can use the IPFS version of wikipedia
FRidh has quit [Quit: Konversation terminated!]
<mehlon>
but if you want FREEDOM! you might well be using Guix
<mehlon>
which I'd love to be using but alas, it's too damn slow
<danderson>
pinkieval: yes, there are such licenses. NixOS distributes a couple of firmware blobs like that :)
jjakob has quit [Quit: No Ping reply in 180 seconds.]
<pinkieval>
that's exactly what I was doing when I started asking myself that question
<danderson>
it's the diff between enableRedistributableFirmware and enableAllFirmware
<danderson>
(spoiler: the diff is entirely Broadcom firmware blobs, because Broadcom love restrictive licenses)
<mehlon>
that's why I run linuxPackages-libre
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/Jvy4C
jjakob has joined #nixos
<mehlon>
too bad there's no hardened+libre kernel for NixOS, I was thinking of using that for my TAILS-like live system
<drakonis>
the patches probably apply
<pinkieval>
oh, Linux upstream still isn't free of blobs?
<drakonis>
it is
<mehlon>
well I think it is but most distros include the separate linux-firmware repo
<Ilya_G>
energizer: thank you for the hint earlier. I apparently had massive vritual disk files in a hidden folder inside my source folder and that created builds my docker memory could not handle.
<drakonis>
they were moved to a separate repository but the blobs just dont load if not present
<cole-h>
worldofpeace: You have no idea how happy I'd be if you were to get fc 2.13 merged
<drakonis>
linux-libre straight up strips out the ability to load any blobs at all and its uh
vandenoever has quit [Read error: Connection reset by peer]
<drakonis>
from a security standpoint that is, as it doesnt allow loading cpu microcode at all
<Ilya_G>
Total folder size was 17 GB :facepalm:
<worldofpeace>
cole-h: maybe once we release 20.03 I can go crazy for 20.09 :D
vandenoever has joined #nixos
worldofpeace_ has quit [Quit: worldofpeace_]
<cole-h>
worldofpeace: :D Really it's just because I'm on an Arch host, which runs 2.13, which means I have to export FONTCONFIG_FILE for nixpkgs
<mehlon>
oh wait really? I guess I can sort of see why they'd do that.. but still
sigmundv__ has quit [Ping timeout: 250 seconds]
<pinkieval>
mehlon: what did you mean when you said Guix is too slow?
<MichaelRaskin>
drakonis: fortunately, CPU security is such a huge and unfixable mess…
<pinkieval>
the package manager itself?
<drakonis>
pinkieval: guile is slow
<drakonis>
still fairly slow
<worldofpeace>
cole-h: yeah, since people have 2.13 already it makes me want it more
<drakonis>
i wonder why guile 3.0 isnt available yet
<drakonis>
i guess all the guile users went to guix?
<pinkieval>
oh I didn't realize Guix itself was written in Guile
<cole-h>
worldofpeace: If it helps at all, I ran that PR for a few days until I got tired of rebuilding the world whenever I wanted to try out a new GUI package
<cole-h>
Worked perfectly
* cole-h
shudders, thinking about the QT and GTK rebuilds fc 2.13 triggered
<mehlon>
pinkieval: Guile is slow, Guix boots in over a minute (!) while NixOS only took 30 seconds. Guix pull is very slow, compiling is slow
<drakonis>
oh yes
mexisme_ has joined #nixos
<drakonis>
a minute?
<drakonis>
god no
<drakonis>
it takes longer than a minute before logging in becomes available
<mehlon>
NixOS now also takes a minute for me, but that's because I decided to encrypt my hard drive
<drakonis>
and then longer for xorg to actually launch gdm
<drakonis>
so i have to manually invoke the service to launch xorg
<pinkieval>
why would building a Guix package be slower than building a Nix package?
<drakonis>
because guile is still quite slow
<pinkieval>
it's just running Make (and friends) and letting them do their job, no?
<drakonis>
ah building a package
<mehlon>
drakonis: guile 3 already is available for Guix after a guix pull I think
<drakonis>
on guix, not nix
abrar has quit [Ping timeout: 256 seconds]
alexherbo2 has quit [Ping timeout: 240 seconds]
<mehlon>
pinkieval: guix pull takes a long time simply to prepare stuff before starting to download, installing a package with binary substitutes is a *lot* slower than on Nix, building (i.e. compiling to bytecode) the package index takes a long time
<drakonis>
pinkieval: the package manager itself is slow due to guile, operations that use guile are slower
<pinkieval>
hmm
<drakonis>
when building packages and doing big tasks with guile it is slower
<drakonis>
unfortunately.
aveltras has quit [Quit: Connection closed for inactivity]
Ilya_G has quit [Remote host closed the connection]
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @grahamc pushed 4 commits to release-20.03: https://git.io/JvyBV
<atemu12[m]>
tokudan: If that doesn't work, just make it execute a custom shell script
<tilpner>
At that point, use preStart
<tokudan>
atemu12[m], that's what I try to avoid, as I need mkdir as root and then run the init-db as user...
<tilpner>
You can always sudo -u
<energizer>
i have a collision but i dont know where either of the packages mentioned is coming from, how do i find out?
<tilpner>
What path are they colliding on?
<tokudan>
tilpner, yeah, but why waste the shiny new systemd function that would take care of that? :)
<energizer>
tilpner: collision between `/nix/store/7w8s33ysha1ga8ri0hx5hzxh42c1aqp5-python3-3.7.6-env/bin/iptest3' and `/nix/store/sq2a7fynzl46vadyibpss71a8si9mkhk-python3-3.7.6-env/bin/iptest3'
<tilpner>
tokudan: Because it has terrible syntax
<atemu12[m]>
tokudan: Making it execute a shell script with multiple commands instead of a single command doesn't change the user who executes the commands.
<manveru>
,locate bin iptest3
<{^_^}>
Found in packages: python37Packages.ipython
noudle has joined #nixos
<tokudan>
tilpner, ExecStartPre=+init-as-root; ExecStartPre=init-as-user sounds pretty good to me.
<tilpner>
tokudan: I can never remember which prefix symbol does what
<manveru>
!
<energizer>
what's the non-ircbot way to ask that?
<manveru>
nix-locate
<tilpner>
I choose to believe manveru is making a joke about how systemd differentiates the ! and !! prefix
<tokudan>
atemu12[m], it does if I have two ExecStartPre lines, one with a prefix
<manveru>
tilpner: you can use !!, but on nixos it doesn't make a difference...
mehlon has quit [Quit: Leaving]
<tilpner>
I still need to look it up every time, I'm never sure I remember it correctly
<manveru>
but yeah, i just read the systemd manpages usually :)
<tilpner>
It's not like they needed to save characters, they could have given the different modes better names
GodZalo has joined #nixos
<tilpner>
Oh well... did the list work, tokudan?
<tokudan>
tilpner, still writing the module
cosimone has quit [Quit: Quit.]
<atemu12[m]>
tokudan: Ohh, so you want to make it do something based on the status of the service (basically an if clause)?
GodZalo has quit [Ping timeout: 240 seconds]
<tokudan>
atemu12[m], no, it's just ExecStartPre=+mkdir -p /datapath && chown -Rc... and then ExecStartPre=init-as-user
bvdw has quit [Read error: Connection reset by peer]
bvdw has joined #nixos
<atemu12[m]>
tokudan: You want to run mkdir ... based on the condition of whatever + means but always run init-as-user, correct?
<tokudan>
atemu12[m], + is not a condition but a "run this as root"
<energizer>
i have a collision on pydoc3.7. nix-locate shows that there's a lot of packages with that path https://bpaste.net/PUYQ . none of them have the same hash that's listed. what should i do?
wiml has quit [Quit: wiml]
o1lo01ol1o has joined #nixos
<tilpner>
The hash doesn't really matter. The collision might be occuring during a buildEnv, in which case only the /bin/pydoc3.7 part matters
<{^_^}>
[nixpkgs] @worldofpeace merged pull request #81159 → [go] Undo some 1.12 overrides that now build with 1.13 → https://git.io/JvzTU
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/JvyRY
deltaryz has joined #nixos
<deltaryz>
hey, i'm having trouble getting samba to work. i want to have my user folder (/home/delta) accessible, but i haven't been able to get any clients to successfully connect
<pistache>
does pkgs.buildFHSUserEnv provide a multi-arch (32+64 bit) environment by default (without 'multiPkgs = null') ?
delta has joined #nixos
<drakonis>
why not try?
<pistache>
I'm trying to debug BOINC jobs failing for every 32-bit task, with error "Exec format error"
delta has quit [Client Quit]
<drakonis>
its unlikely anything will explode on your face
<pistache>
drakonis: it seems to do so, but I cannot exec the 32-bit "ld-linux.so" from inside the FHS, it fails with "Exec format error"
<tokudan>
ok... I'm on NixOS since 14.x and just now I noticed that there's "import" and "imports". that will probably explain why I had so much issues and had to fiddle around so much...
<tilpner>
tokudan: import is part of the Nix language, imports (and require) are nixpkgs concepts
<ottidmes>
tokudan: import is a Nix builtin, imports is part of <nixpkgs/lib/modules.nix>
erasmas has quit [Quit: leaving]
<tokudan>
tilpner, yeah, I just learned that, as it's the first time I have both in the same file...
zaeph has joined #nixos
sigmundv_ has joined #nixos
<ottidmes>
tokudan: and there is also scopedImport, but you normally don't want or need to use it
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<deltaryz>
anyway as mentioned previously i have been unable to get any clients to connect to my samba share. they can see it on the network but they fail to connect.
<tokudan>
deltaryz, I'm not a samba expert, but could samba interpret 192.168.0.0 as "the host 192.168.0.0 is allowed to connect" instead of what you probably intended 192.168.0.0/16 or 192.168.0.0/24?
<tokudan>
deltaryz, that's probably the reason then. leaving out the last octet for samba probably means that 192.168.0.0/24 is allowed
anders^ has joined #nixos
<deltaryz>
it didn't work with the original "192.168.0" either fwiw
sigmundv_ has quit [Ping timeout: 264 seconds]
<deltaryz>
still not working
<tokudan>
deltaryz, anything useful in the logs?
<deltaryz>
the nixos-rebuild switch output gives no errors, what other logs should i check?
<deltaryz>
like i said it does broadcast itself over the network, i can see the share on vlc on my iphone, i just can't connect to it. i can connect to a share hosted from debian just fine.
sigmundv_ has joined #nixos
<tokudan>
deltaryz, I think you can configure logs for samba, not sure what the default settings for logs are
<energizer>
ok back to that collision problem again. collision between `/nix/store/sqfj2h18n1zvn3s3w2iw0m3ydycxk5n6-python3-3.7.6-env/bin/pydoc3.7' and `/nix/store/61rn6rvzms44jlgpdj95wckzl71ngs32-python3-3.7.6-env/bin/pydoc3.7'
<energizer>
how do i solve this?
philr has joined #nixos
captjakk has quit [Remote host closed the connection]
captjakk has joined #nixos
<ixxie>
heyo folks
<ixxie>
long time no see
<ottidmes>
energizer: give one higher priority than the other with hiPrio/lowPrio from lib
<ixxie>
Im trying to make a script to reproducible deploy nixos to VMs on Hetzner
<energizer>
ottidmes: ok
<ixxie>
I can generate a nixos image on the platform and reuse it on new machines, but the hardware-config would be wrong; can I just rerun nixos-generate-config to get the correct hardware-configuration.nix?
<deltaryz>
ixxie: yes
<deltaryz>
personally I have a git repo with all my config files in it, i symlink the configuration.nix from the repo to /etc/nixos/configuration.nix and copy the hardware-config into the git repo
<ottidmes>
I do the same, I have made a script for reproducible deploys on my servers/clients and also do the copy trick. Initially I have a hardware-generated.nix that contains {} and gets imported by my hardware.nix of the machine
<energizer>
how do i install a github repo that has a default.nix in it?
<deltaryz>
default.nix is usually going to be imported by configuration.nix
<NobbZ[m]>
energizer: then you need to use `fetchtarball`, `fetchFromGitHub` or similar to pull the repository, then you can `import` from it, this is called "Import from derivation"
<ottidmes>
With flakes, is it possible to change inputs of some of your inputs (e.g. I want to use my local fork one some config, one of my shared config repos depend on, on my desktop)
captjakk has quit [Remote host closed the connection]
<ottidmes>
Hmm, guess that is the wrong kind of thinking, you probably just handle that with the registry on the desktop
Arahael has quit [Ping timeout: 246 seconds]
<{^_^}>
[nixpkgs] @bennofs opened pull request #83249 → nixos/release-combined.nix: fix tested/supportedSystems (master version of #82886) → https://git.io/Jvy0L
Arahael has joined #nixos
<deltaryz>
new issue - trying to get Plex working. Set up my library and imported media from the web ui, and now I'm getting "There was an unexpected error loading this library".
<deltaryz>
google suggests that this problem has existed since 2018 or earlier and nobody has a clear or obvious solution
bennofs has joined #nixos
captjakk has joined #nixos
wiml has quit [Quit: wiml]
johrmungand has joined #nixos
<johrmungand>
Does any of you guys use "CWM" on nixos? I think something is wrong w/ the stable branch package because no matter what I do, the configuration would never work. I've already tried using `exec cwm -c configfile` incase .cwmrc is not being recognized for whatever reason.
<johrmungand>
CWM is honestly perfect for me, most of the defaults are quite sane. I only want to change the default META to META4 (the windows key) and enable tiling (you can have simple tiling to the left half or the right half of the screen etc)
johrmungand has quit [Remote host closed the connection]
mingc has quit [K-Lined]
mingc has joined #nixos
Arahael has joined #nixos
mehlon has quit [Remote host closed the connection]
mehlon has joined #nixos
<ottidmes>
I am trying to setup my local server as a build machine again. Does the order of substitutors matter? If I want it to first try cache.nixos.org and only then my local server, is that simply a matter of putting cache.nixos.org first?
<cole-h>
Don't quote me on this, but I believe so.
shibboleth has quit [Remote host closed the connection]
shibboleth has joined #nixos
ashkitten has quit [Quit: WeeChat 2.7.1]
<ottidmes>
cole-h: Thanks, I've added a mkAfter and I guess time will tell if it works
<cole-h>
ottidmes: No problem. Let me know if it works as expected, so I can say with certainty next time :P
LysergicDreams has quit [Ping timeout: 246 seconds]
ashkitten has joined #nixos
gustavderdrache has joined #nixos
justanotheruser has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @matthewbauer pushed 2 commits to master: https://git.io/JvyEJ
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<ottidmes>
deltaryz: Did you manage to resolve the winbindd issue? I am trying to figure out why my server is not having internet, turns out the DNS fails, due to Samba failing...
Acou_Bass has quit [Ping timeout: 265 seconds]
butterthebuddha has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
mehlon has quit [Quit: Leaving]
o1lo01ol1o has joined #nixos
Rusty1 has quit [Remote host closed the connection]
lsix has quit [Quit: WeeChat 2.7.1]
fendor has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Ping timeout: 256 seconds]
justanotheruser has joined #nixos
__monty__ has quit [Quit: leaving]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dingenskirchen has quit [Remote host closed the connection]
chloekek has quit [Ping timeout: 256 seconds]
dingenskirchen has joined #nixos
h0m1 has quit [Ping timeout: 246 seconds]
cap has quit [Remote host closed the connection]
cap has joined #nixos
h0m1 has joined #nixos
<rail>
how can I test my changes to nixpkgs/nixos (modules)? I tried to use `nixos-rebuild switch -I nixpkgs=/path/to/myclone`, but it doesn't look it picks up the options I added, while it works fine for the derivation update. it looks like it still tries to use the channels I configured globally