<{^_^}>
[nixpkgs] @worldofpeace pushed 4 commits to release-20.03: https://git.io/JfL5x
fusion809 has joined #nixos
<abathur>
virus_dave: I haven't touched bazel; someone who has may be of more utility; it just sounds a lot like you're already doing something that sounds like a build; if you don't really need it to be interactive (which is hinted at by the fact that you're just using --command with nix-shell anyways), it might make more sense to just make it a build.
<abathur>
virus_dave: do the source files change often, or just the invocations?
<peelz>
infinisil: not sure if you're involved in the development of nixos/nix but I'd like to know what you think of this: https://github.com/NixOS/nix/issues/3535
<virus_dave>
i think i'm apparently doing a poor job of explaining this. We've got a large monorepo used by many developers, and generally build with bazel. The monorepo contains many different things; projects, deployable artifacts, binaries, scripts, tests, etc. There are a large number of them, and all of them are generally built or executed etc via bazel.
<abathur>
virus_dave: and, do different invocations affect what software should be on the path?
<{^_^}>
[nixpkgs] @bhipple opened pull request #85977 → aspell, tla: use pname → https://git.io/JfLdB
<virus_dave>
so sources are changing often. The things being built are changing often, and person to person.
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @xfix to release-20.03 « slimrat: remove »: https://git.io/JfLdE
<peelz>
infinisil: I meant nixos/nix as in the repo name btw
<virus_dave>
^^ as of now no, all software for the union of all possible executions needs to live on the path
<virus_dave>
for every invocation
<infinisil>
peelz: Not really involved in that, but that thing is a bit different for lazily evaluated languages
<infinisil>
Or functional languages really
<infinisil>
Not sure if you could call that stepping in/out
<{^_^}>
[nixpkgs] @jonringer pushed commit from @misuzu to master « nix-simple-deploy: init at 0.1.1 »: https://git.io/JfLda
<virus_dave>
but bazel's efficiency depends upon caching, and caching in turn depends on having a stable environment, which in turn depends (among other things) on making the PATH deterministic and identical across machines and developers, and removing other sources of variation from the environment in which bazel executes
<peelz>
infinisil: that's true, but I imagine there must be a way to make the debugging process easier
<peelz>
infinisil: otherwise I have to resort to printf-style debugging
<infinisil>
Yeah, I think there could be a manual step-through debugging thing for Nix in general
<peelz>
that could be neat
<infinisil>
Stepping through would do one evaluation step at a time
<infinisil>
And you could have breakpoints when certain things are evaluated
<infinisil>
That would be really nice, but I have no idea how tough it would be to add
<infinisil>
(possible plenty tough)
<infinisil>
possibly*
<peelz>
yeah I think step through would make more sense than "step into"
<virus_dave>
abathur: I still don't really understand what you meant by having a "nix file and use nix-build". My best guess so far would be that you mean "one of those for the thing being built by bazel"? which also looks initially to be what buildBazelPackage is doing
slack1256 has joined #nixos
<virus_dave>
but we have many thousands of those
<peelz>
infinisil: hopefully the nix error message changes will alleviate some of the pain points of nix debugging
<{^_^}>
[nixpkgs] @jonringer pushed 2 commits to release-19.09: https://git.io/JfLdD
<sophiag>
trying again, any idea what's depending on an old version of openssl when building 20.03? https://pastebin.com/NHdNTU7d
<abathur>
not sure, out in this territory; it may help to post on discourse for someone with more specific experience, here; the sub-nix-shell invocations you're talking about from bazel--do they use the same packages as the outer nix-shell environment?
<infinisil>
peelz: Yeah that'll probably help a bunch :)
jkachmar has joined #nixos
<samueldr>
while evaluating the attribute 'buildInputs' of the derivation 'dmg2img-1.6.7' at /nix/store/jj1qwmsil5dj4m3kc95jp5ljyvf86cac-nixos-20.03.1445.95b9c99f6d0/nixos/pkgs/tools/misc/dmg2img/default.nix:4:3: # sophiag
<samueldr>
looks like it's dmg2img
<virus_dave>
abathur: good question; no. For those invocations which launch inner shells, they'll pull in whatever they need to the inner shell and generally only require nix. On the other hand, not everything is that nice. Some tests just outright have binary dependencies on stuff that the outer shell actually must supply :(
<sophiag>
samueldr: thanks. not sure how i missed that :p
<samueldr>
sophiag: trivially, there's so much text to look at!
iyzsong has joined #nixos
<samueldr>
sometimes it takes someone else looking at it, that's all
philr_ has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/JfLdb
<abathur>
virus_dave: the --keep option for nix-shell may help get you on track
felixfoertsch23 has joined #nixos
<virus_dave>
yup, it has indeed :)
<virus_dave>
thanks for all the help so far!
<abathur>
np
<abathur>
I guess there are some places where the shell falls flat
felixfoertsch has quit [Ping timeout: 250 seconds]
felixfoertsch23 is now known as felixfoertsch
<abathur>
a big one is in-tree builds that leave dirty state that affect future builds
<abathur>
and which requires *correct* management to avoid bad builds
<abathur>
while nix is generally expecting more nix-build-typical out-of-tree builds that usually skirt the problem
HeN has joined #nixos
<abathur>
you can try to clean that stuff up with shell hooks, but it may get skipped sometimes or not behave as expected
zakkor has quit [Quit: Connection closed for inactivity]
smatting has quit [Ping timeout: 265 seconds]
detran has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @worldofpeace pushed 101 commits to staging-20.03: https://git.io/JfLFi
<peelz>
colemickens: I've purged all obs-v4l2sink-related stuff from my store and rebuilt it (including the drv) from scratch. Seems to work just fine.
markus1189 has quit [Ping timeout: 250 seconds]
<peelz>
every time I take a look at it I catch something else that could be improved /shrug
jonod has quit [Client Quit]
tmp has quit [Ping timeout: 240 seconds]
proofofkeags has quit [Remote host closed the connection]
<jared-w>
MichaelRaskin: I'm aware that the AAA thing has a legitimate use. But, should you ever mistakenly trigger it, the name looks very odd the first time you encounter it :p
h0m1 has joined #nixos
sophiag has joined #nixos
<MichaelRaskin>
Well, it is near the top and has this AAA name to increase the chance it will keep being hit early even with slight evaluation changes…
teto has quit [Quit: WeeChat 2.8]
slack1256 has quit [Remote host closed the connection]
<sophiag>
having what looks like some weird integrated graphics problem with google-chrome on both 20.03 and unstable
<sophiag>
[9493:9493:0424/221609.248160:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process. / MESA-LOADER: failed to open iris (search paths /run/opengl-driver/lib/dri) / failed to load driver: iris
<colemickens>
on the hydra release job, the git repo is passed in in a way that the revision info is available and ends up in the label. how do I emulate that without hydra?
waleee-cl has quit [Quit: Connection closed for inactivity]
kaliumxyz has quit [Remote host closed the connection]
<infinisil>
You can get started with something like `with import <nixpkgs> {}; stdenv.mkDerivation { name = "..."; src = fetchurl { ... }; dontBuild = true; nativeBuildInputs = [ autoPatchelfHook ]; installPhase = "mkdir -p $out/bin; cp $src $out/bin"; }`
<infinisil>
(Insert the url where you downloaded it plus sha256)
<jonathan84>
Oh, that is right, I can let NixOS do the downloading for me. I love Nix (:
<jonathan84>
Was there an approved Nix way to get a sha sum or just google a generic Linux way?
<clever>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected. See: tofu-vim
<clever>
is the simplest nix way
<clever>
jonathan84: for fetchurl, you can just use the standard sha256sum prog, nix accepts the hash in both base16 and base32
<infinisil>
jonathan84: Though keep in mind, there's different fetchers for different purposes. If the url you get is a zip/tar file, you can use fetchzip instead
<jonathan84>
Oh, right, I knew there was were some special ones, I missed the one for zips.
<jonathan84>
tofu-vim
<jonathan84>
,tofu-vim
<{^_^}>
<esc>52i0<esc>
<jonathan84>
hehe, that did not work.
sigmundv__ has joined #nixos
<jonathan84>
Okay, I am a little baffled? `autoPatchelfHook` is required as a buildInput but it never seems to be used. The installPhase only copies files around?
<{^_^}>
[nixpkgs] @lilyball opened pull request #85982 → bat-extras: init at 20200408 → https://git.io/JfLxl
sigmundv_ has quit [Ping timeout: 258 seconds]
<infinisil>
jonathan84: A hook is a thing that automatically does stuff based on certain phases
Supersonic112 has joined #nixos
Supersonic has quit [Disconnected by services]
Supersonic112 is now known as Supersonic
<infinisil>
The default phases include a patchup phase, which autoPatchelfHook hooks into to patch the binaries
<jonathan84>
Okay, I guess if I look in the output of nix-build it prints "patching sources"
<jonathan84>
Okay.
ebzzry has joined #nixos
codygman has joined #nixos
<ebzzry>
Is there a way to manually enter that chroot that Steam creates.
<jonathan84>
Whoow! I am getting the hang of Nix! One problem, it built but it did not make the link to the executable?
<drakonis>
ebzzry: yeah?
<jonathan84>
Doesn't nix-build create a link the current directory?
<ebzzry>
drakonis: how does one do it?
<drakonis>
result is a symlink to it
<drakonis>
what are you trying to do here?
<drakonis>
anyways, from what i recall, you can create a chroot with the same packages
beep1560 has joined #nixos
beep1560 has quit [Max SendQ exceeded]
beep1560 has joined #nixos
beep1560 has quit [Max SendQ exceeded]
<ebzzry>
drakonis: I’m trying to debug a game that was installed by Steam.
<drakonis>
have you tried running steam on the command line?
<drakonis>
they still output text into it
<ebzzry>
Let me try to do that.
<ebzzry>
using 'steam -applaunch ...'
<drakonis>
no
<drakonis>
but sure, try that
<drakonis>
it should be able to output
rogue_koder has joined #nixos
rogue_koder_ has quit [Remote host closed the connection]
<ebzzry>
'LD_DEBUG=libs steam -applaunch 245170' is able to emit output.
reallymemorable has quit [Quit: reallymemorable]
reallymemorable has joined #nixos
<jonathan84>
Um, I am lost, I could use some more help. What is it that nix-build expects? My best guess is that something about my default.nix does not setup the `$out` in the proper way.
ebzzry has quit [Read error: Connection reset by peer]
<jonathan84>
I added a `-r` to the `cp` command in the `installPhase` because it was complaining. I am guessing that that may have not been the right fix.
<jonathan84>
My nix-build looks like it is working perfectly but it is not creating the link to the resulting executable.
<jonathan84>
Okay, I feel like I am right back to the beginning then. I am still getting my "No such file or directory" when I run `./result/bin/keymouse`.
<peelz>
jonathan84: this is probably a linking issue, check with `ldd`
<peelz>
you'll get ENOENT if the interpreter isn't linked correctly
<jonathan84>
Oi! It just ran!
<peelz>
wdym?
<jonathan84>
ldd did not work on `.../keymouse` because it is actually an sh file, but the `.../keymouse-linux` which is the actual executable worked.
<peelz>
oh
<peelz>
yeah then you need to do some wrapping/patching on that shell file for it to work :P
<jonathan84>
All it does it set "LD_LIBRARY_PATH" and run as root, I can do that myself.
<jonathan84>
(the Nix Derivation handled the linking thing...)
<jonathan84>
Thank you guys so much for your help!
reallymemorable has quit [Quit: reallymemorable]
<peelz>
no problem
<jonathan84>
I do have what should be a quick question, if you can. The resulting executable of my default.nix is $out/bin/keymouse. How can I make that in the path of a `nix-shell` usage?
<peelz>
jonathan84: I usually do this: `nix-shell -E 'with import <nixpkgs> {}; callPackage ./default.nix {}'`, not sure if there's a better way
drakonis1 has joined #nixos
gustavderdrache has quit [Quit: Leaving.]
drakonis has quit [Ping timeout: 272 seconds]
<infinisil>
peelz: That makes a nix-shell for *building* the package, but I think jonathan84 asks for how to have the result of building the package in the PATH
<peelz>
oh right :P
jkachmar has quit [Quit: Connection closed for inactivity]
<jonathan84>
Right.
<jonathan84>
That is crashing anyway (:
<jonathan84>
I figured I just had the file in the wrong place or something.
<jonathan84>
I'll figure it out later, then (:
<peelz>
infinisil: what would you suggest then? I've never had to do that so I don't actually know
<infinisil>
jonathan84: I think this should work: `nix-shell -p 'import ./keymouse.nix'`
<infinisil>
Or even just `export PATH=$(nix-build --no-out-link keymouse.nix)/bin:$PATH`
<jonathan84>
Um, yeah, that worked, not sure all about why, but okay.
ebzzry has joined #nixos
<infinisil>
Short explanation is that the -p flag makes an environment with the given nix expressions (evaluating to derivations) available
<peelz>
infinisil++
<{^_^}>
infinisil's karma got increased to 266
<jonathan84>
Okay, I see how that works, didn't know that syntax existed, but welcome to Nix...
<jonathan84>
I figured `nix-shell keymouse.nix` would do that, but I guess that does something different.
<infinisil>
Yeah, that enters an environment to build the derivation keymouse.nix describes (so you'll have all the build tools for it in PATH)
<infinisil>
Though generally I think it's good practice to only use such argument lists at the top if you're mapping the file to a callPackage'd attribute in another Nix file
<infinisil>
Especially since it then allows you to e.g. easily pin nixpkgs for the project
<bqv>
heyo
<bqv>
any mechanism to get the current date in nix
CMCDragonkai1 has joined #nixos
Wulfsta has joined #nixos
<clever>
> builtins.currentTime
<{^_^}>
1587790380
<peelz>
bqv: I know there's `builtins.currentTime` but not sure about how to format it
<Wulfsta>
The check times out for some reason, and I don't know what to do in this situation
chagra has joined #nixos
<Wulfsta>
Do I need to do something like `@ofborg check` to try to run checks again?
chagra_ has quit [Ping timeout: 250 seconds]
xO1 has joined #nixos
<cole-h>
It's probably fine, because it's on aarch64. Most of those time out...
<Wulfsta>
cole-h: ah, I had just called another build - oops. How do I request review?
<cole-h>
Hope somebody shows an interest and reviews it :P
<bqv>
while setting up the build environment: executing '/nix/store/ffli6m23501dkiznwlkf6n4xvrj02snr-bash-4.4-p23/bin/bash': Argument list too long
<bqv>
ahaha oh god
<bqv>
how when what why
<Wulfsta>
cole-h: well in that case, I guess I'll cross my fingers
<cole-h>
You can advertise it here in IRC, but I don't think there are many adventurous folks around right now for you to be too successful
<Wulfsta>
I'm in no rush, hopefully it gets picked up
<bqv>
famous last words
<bqv>
could i be getting that error if the derivation is ..too big
Wulfsta has quit [Remote host closed the connection]
<bqv>
i mean, the mkderivation block is about 1700 lines long
<bqv>
depending on how nix sets up the environment, i could see that being the issue
<bqv>
but that would be mighty frustrating
<dmj`>
does anybody know how to build purescript code with nix
<bqv>
with a purescript compiler, presumably
<bqv>
(there's definitely one around in nixpkgs)
Guest74 has joined #nixos
<dmj`>
bqv: you make it sound so easy
pancake has joined #nixos
<bqv>
:D
<dmj`>
bqv: is there a cabal2nix equivalent in purescript
<dmj`>
purescript2nix
<bqv>
as far as i'm aware, no
<Guest74>
howdy, Im trying to set up an nginx server following the page on the docs, but its failing to build saying that the ACME client is out of date and needs to support ACME v2, am I doing somethig wrong?
<bqv>
pretty sure i've looked for tooling like that before
<pancake>
hello
ebzzry has quit [Quit: WeeChat 2.3]
pancake has left #nixos [#nixos]
Vikingman has quit [Remote host closed the connection]
<Nazral>
rotaerk: oh thanks for the website, I'll bookmark it
<rotaerk>
I'm sure nix-env functionality makes it unnecessary, but I haven't figured out how to, say, search for substrings
<rotaerk>
now that I mention it, I should figure that out...
corpix has quit [Remote host closed the connection]
corpix_ has joined #nixos
<rotaerk>
Nazral, oh... you can just `nix-env -qa` to get a list of all available package names. -q means query for information, -a means available (as opposed to installed)
<rotaerk>
but you don't want to actually see that full list, so: nix-env -qa | grep texlive
<rotaerk>
but if you want to see the attribute path, add -P: nix-env -qaP | grep texlive
palo1 has joined #nixos
<Nazral>
I think qa works with regexps, but I didn't know about P
<Nazral>
nix-env -qa "texlive.*"
<dmj`>
is it possible to add multiple src paths to a single derivation
<{^_^}>
[nixpkgs] @FRidh pushed 258 commits to staging-next: https://git.io/JfLhz
<Nazral>
and I confirm, installing the full texlive package is taking forever
FRidh has joined #nixos
palo has quit [Ping timeout: 240 seconds]
palo1 is now known as palo
<rotaerk>
is there a simpler way to find the files in a nix-env-installed package besides:
<Nazral>
I see many 404 errors during the install
<rotaerk>
ls $(nix-env -q --out-path --no-name packagename)
<rotaerk>
although that didn't work for godot ... the godot's out-path is screwed up somehow
<Guest74>
howdy, updated simp_le and fixed the acme issue, but now timesyncd is failing to restart its service, its saying it cant find /var/lib, I saw an issue about it on the git but the fix there didnt work for me, any ideas?
<rotaerk>
out-path is: man=/nix/store/2wbz2vr8hsm5k9hgj6q53c1zrn7diw4w-godot-3.2.1-man;/nix/store/yndr52sdj4n9dpvl0kvbd590fjg14vds-godot-3.2.1
<clever>
rotaerk: find its binary in ~/.nix-profile/bin/ and then just run ls the dir
<clever>
rotaerk: follow the symlink
<rotaerk>
that's the thing I don't know in a lot of cases: what its binaries are
<rotaerk>
and thus the reason I'm looking for the path in the first place
<clever>
rotaerk: run `nix-build '<nixpkgs>' -A godot && ls -l result/bin` to build a package and look at it
never_released has quit [Ping timeout: 256 seconds]
<hyper_ch>
mchasard: also, you can switch between stable and unstable quite easily
<mchasard>
its also with configuration.nix file ?
<hyper_ch>
to switch to unstable, just run: nix-channel --add https://nixos.org/channels/nixos-unstable nixos and then nixos-rebuild boot [or switch] --upgrade ..... and if you want to go back again, just run: nix-channel --add https://nixos.org/channels/nixos-20.03 nixos again, followed by nixos-rebuild boot [or swithc] --upgrade
<mchasard>
what brings the instable version ?
<hyper_ch>
mchasard: no, you just set the desired channel and rebuild with --upgrade
slack1256 has joined #nixos
<hyper_ch>
mchasard: it's usually newer software but also sometimes breaks things...
<mchasard>
ok cool
<hyper_ch>
but then, nixos releases every 6 months a new version for stable... so stick to stable for the time being
<hyper_ch>
switching between those things, the generations created etc. are really some of the strong poitns from nixos
<hyper_ch>
once you have a configuration file you can easily switch around things... because all gets added to /nix/store and upon boot all ENV variables are set properly... so switching is really easy
<hyper_ch>
but right now, just stick to stable until you're a bit more comfortable with it.. but as said, switching to unstable is simple and if you don't like it, switching back to stable is equally simple :)
Fare has quit [Quit: Leaving]
<mchasard>
good to know that and vivaldi browser could be find in stable or unstable version ?
<hyper_ch>
there might be some issues that can't easily be reverted... e.g. firefox did on a new release also change some of its configuration stuff... they only provided upgrade form old -> new..... so if you switched to unstable when there was alraedy the new firefox and then you wanted to revert back, firefox couldn't "downgrade" your user profile anymore... but in general, switching between stable/unstable is no problem
<hyper_ch>
I think vivaldi is also in sable
<hyper_ch>
stable
<mchasard>
ok thanks for all this information i suppose wiki could give me informations
<mchasard>
i don't find it or my command is bad
<hyper_ch>
just add "vivaldi" to your einvironment.systemPackages = with pkgs; [ ....... vivaldi ] list
<hyper_ch>
and rebuild
<mchasard>
its also in the same file ?
<hyper_ch>
since I'm the only user on my system, I install stuff only system-wide
<hyper_ch>
mchasard: in the /etc/nixos/configuration.nix
<mchasard>
ok
<hyper_ch>
pretty much on the bottom you have environment.systemPackages .........
<hyper_ch>
packages listed inside the [ ] will be installed system-wide (for all users)
<hyper_ch>
GiGa: and you should use cifs... smbfs is old and deprecated IIRC
<GiGa>
hyper_ch: You're correct, I was refreshing my memory via a very old article
noudle has quit []
GiGa has quit [Quit: Leaving]
emilis has joined #nixos
fusion809_ has joined #nixos
<hyper_ch>
mchasard: also good thing: only do one change at a time - rebuild and fix if there's an error :)
<mchasard>
ah just finished rebuil now reboot to see if kde could boot included vivaldi browser
stree has quit [Read error: Connection reset by peer]
<mchasard>
i come back
<benny>
hyper_ch: that's a useful setup you have there with automount. is the secrets part just some lets outside of version control or some other special sauce?
<hyper_ch>
mchasard: why vivaldi browser?
mchasard has quit [Quit: Leaving]
<hyper_ch>
benny: ah... well, not having them in the configuration.nix allows me to share the configuration.nix without editing first
stree has joined #nixos
chloekek has joined #nixos
stree has quit [Read error: Connection reset by peer]
<hyper_ch>
basically I have the file in /root/.nixos/mySecrets.nix
stree has joined #nixos
<benny>
I'll try to set that up at some point, I saved it for later, so thanks :-)
<benny>
hyper_ch: your whole config is seemingly gold!
<hyper_ch>
benny: not really... I'm far from perfect
<mchasard>
i don't have text editor cause i did't add in config.nix
<hyper_ch>
mchasard: I like "kate"
<maddo>
hyper_ch since you were on topic: is autoupdate considered safe (on stable channel) for a NAS/server? Also does autoreboot have a timer where you can say it's safe to reboot in case of a kernel upgrade?
<mchasard>
vivaldi just to change lol
<mchasard>
kate ok i'll add it after
<hyper_ch>
maddo: on unstable options etc. sometimes change... this shouldn't happen on stable.. so I think auto-update on stable is fine
<hyper_ch>
and probably also -rebuild switch instead of -rebuild boot....
<hyper_ch>
never used autoreboot
<hyper_ch>
it's little use of me because everything is root encrypted... meaning during initrd I need to ssh into the server and provide encryption passsword
zupo has joined #nixos
mallox has quit [Quit: WeeChat 2.8]
mallox has joined #nixos
o1lo01ol1o has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<freeman42x[m]>
I added in configuration.nix: `services.teamviewer.enable = true;` but that did not fix it
Reisen has quit [Quit: Ping timeout (120 seconds)]
daGrevis has quit [Quit: Ping timeout (120 seconds)]
daGrevis has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
Reisen has joined #nixos
Cheery has joined #nixos
kwannoel has joined #nixos
o1lo01ol1o has joined #nixos
mchasard has quit [Remote host closed the connection]
__monty__ has joined #nixos
kwannoel has quit [Read error: No route to host]
chloekek has quit [Ping timeout: 240 seconds]
<freeman42x[m]>
the problem was happening on unstable but not on stable
<freeman42x[m]>
the teamviewer issue I mean
zupo has joined #nixos
zupo has quit [Client Quit]
slack1256 has quit [Remote host closed the connection]
cr4y1_ has joined #nixos
kwannoel has joined #nixos
<{^_^}>
[nixpkgs] @Ma27 opened pull request #85990 → [20.03] linux_5_5: throw a meaningful error instead of just removing the attribute → https://git.io/JftJC
<{^_^}>
[nixpkgs] @lheckemann opened pull request #85991 → bluez-alsa: fix installation of D-Bus policy and alsa config → https://git.io/JftJW
seanparsons has joined #nixos
domogled has joined #nixos
domogled has quit [Remote host closed the connection]
maddo has quit [Quit: See ya]
thc202 has joined #nixos
vika_nezrimaya has joined #nixos
<Nazral>
I had problem building texlive full
<Nazral>
error: build of '/nix/store/cfqiyj3q5wjl4v36mrplsxsd8wz33qj6-user-environment.drv' failed
<Nazral>
nix-env -iA nixos.texlive.combined.scheme-full 4.66s user 1.18s system 0% cpu 2:28:43.51 total
<Nazral>
Is there a prepackaged version ?
alexherbo2 has joined #nixos
<clever>
Nazral: what was the actual build error?
o1lo01ol1o has quit [Remote host closed the connection]
<Nazral>
error: packages '/nix/store/dn98mm18j32jn0fn94dyclcdplwc10nr-texlive-combined-full-2019/share/texmf/bibtex/bib/base/xampl.bib' and '/nix/store/vk433zqyqkww0ql40wi474kdl5rq7f3r-texlive-bibtex-0.99d/bibtex/bib/base/xampl.bib' have the same priority 5; use 'nix-env --set-flag priority NUMBER INSTALLED_PKGNAME' to change the priority of one of the conflicting packages (0 being the highest priority)
<clever>
Nazral: you installed 2 conflicting packages, that both provide tex related files
<Nazral>
is it because I have texlive-small installed already ?
<Nazral>
ok
<clever>
Nazral: you must first remove one of them with nix-env -e
bigvalen has joined #nixos
<vika_nezrimaya>
Hi there! Got a problem, latest unstable's linuxPackages.r8168 doesn't want to build, it tries to modify the Linux kernel sources which are OBVIOUSLY read-only for the builder since they're the dependency... and I need the driver so my mom's computer would get the network
<Nazral>
thank you!
bigvalen has quit [Client Quit]
maddo has joined #nixos
<vika_nezrimaya>
any users of that driver here, what's the latest Nixpkgs revision that works with it?
bigvalen has joined #nixos
iyzsong- has joined #nixos
jakobrs has joined #nixos
<jakobrs>
Is it just me, or is ghcjs broken?
<clever>
vika_nezrimaya: if you go to hydra.nixos.org and run a search for that driver...
<bigvalen>
Hey...anyone setup a Nixos box as a Samba Domain Controller ? There is a nice ... interactive tool. But I've no idea if it'll work for NixOS, or try and write files into various read-only directories.
iyzsong has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
<vika_nezrimaya>
clever: oh yea thanks for the hint, constantly forgetting about Hydra's superpowers
<vika_nezrimaya>
it takes around 500-600M to a desktop, so I'd say 1G to boot and do at least something
<vika_nezrimaya>
that's a lot less than Windows uses tho :3
<xfix>
KDE isn't particularly demanding, yeah, 500MB sounds about right
<xfix>
less demanding than Windows for sure
<vika_nezrimaya>
and that's with the fact that it's sometimes even more beautiful than Windows
<mchasard>
so 1Go is ok or more cause with a browser it coule ask more ram
<vika_nezrimaya>
yea browsers are main memory hogs of 21st century
<xfix>
yeah, you definitely want more than 1GB of RAM if you want to use a web browser
<xfix>
the web is... bloated so to speak
<vika_nezrimaya>
I have 6G of RAM in my fairly cheap laptop and it's more than enough for web browsing, also kinda keeps my discipline with the tabs :3
<vika_nezrimaya>
can't open a thousand tabs
<mchasard>
but i'm under vbox and i have to attribuate so more than 1GO ?
<clever>
vika_nezrimaya: i have 32gig of ram, and 28 gig of swap used, with 1800 tabs open.....
<mchasard>
or use another desktop environnement
<vika_nezrimaya>
why do you need 1800 tabs?
<clever>
i have no idea!
alp has quit [Ping timeout: 272 seconds]
kwannoel has quit [Read error: No route to host]
<vika_nezrimaya>
mchasard: if you're under VBox, I don't think you'll do a lot of web browsing in your VM, so... I suppose 1G may or may not be enough
kwannoel has joined #nixos
<vika_nezrimaya>
how much do you have on your host and what kind of tasks the VM would be performing?
<xfix>
these days it's pretty much impossible to find a laptop with less than 4GB of RAM
<xfix>
even cheap Chromebooks have at least that much
<vika_nezrimaya>
I have one right beside me, it's broken tho and it's 10 yo
<xfix>
web browsers use a lot of RAM
stigo has joined #nixos
<xfix>
and unfortunately, Opera Presto is gone, so there aren't really web browsers that can deal with low amount of RAM anymore
<vika_nezrimaya>
i'm not sure people are gonna trust Opera after these scandals with... predatory loans and stuff
<clever>
xfix: ive been trying midori for low-ram stuff
chagra has joined #nixos
mchasard has quit [Remote host closed the connection]
<bqv>
can i read a symlink during eval?
<bqv>
ohh hang on, nevermind
<bqv>
i was missing a slash
<jakobrs>
How does pkgsCross.ghcjs work?
<jakobrs>
I couldn't really get it to do anything ("No C compiler provided for this platform")
Thra11 has joined #nixos
lopsided98 has quit [Remote host closed the connection]
lopsided98 has joined #nixos
dingenskirchen has quit [Remote host closed the connection]
<bigvalen>
Playing with Samba Domain Controller setup, it seems it won't work without a /lib/samba/vfs/zfsacl.so - I assume it's rarely used, so not compiled in by default. For someone newish to NixOS, how much of a pain is it to use my own version of a package like Samba ?
<edcragg>
hi, i'm having a bit of trouble installing home assistant on unstable (in this case on a raspberry pi), falls down on a pip install looking for "cryptography", wondered if anyone's seen anything similar to this... https://pastebin.com/raw/Lfbuf4rh
<{^_^}>
[nixpkgs] @misuzu opened pull request #85996 → nixos/nixos-installer: use temporary directory on target filesystem → https://git.io/JftTI
o1lo01ol1o has joined #nixos
palo has quit [Ping timeout: 256 seconds]
cosimone has quit [Quit: Quit.]
mchasard has joined #nixos
o1lo01ol1o has quit [Ping timeout: 260 seconds]
Darkmatter66_ has quit [Ping timeout: 260 seconds]
_mlen is now known as mlen
Darkmatter66 has joined #nixos
Yaniel has joined #nixos
fredefox has joined #nixos
<fredefox>
Hi, I'm trying to install NixOS for the first time. I'm following the manual and have gotten as far as the invocation of `nixos-install`. It fails with the message "File system "/dev/block/8:2" is not on a GPT partition table.". Yet my system certainly is using UEFI. Both the boot medium I'm using, and the boot loader on my PCs drive.
<hyper_ch>
bigvalen: I don't think that will easily work if it's not packaged for nixos. But in general you just write the samba config into configuration.nix. Never used samba as domain controller though.
<{^_^}>
[nixpkgs] @Ma27 pushed commit from @Mic92 to release-20.03 « zfs: fix build against 5.6 »: https://git.io/JftTg
WhatisRT has joined #nixos
<hyper_ch>
fredefox: since I like to give full disks to a zfs pool I ended up using a usb thumb drive for /boot and /boot/esp if that is an option for you
<fredefox>
Yeah I have the "GUI installer" on a USB thumb drive plugged into my machine. I'm not sure what a zfs pool is...
<fredefox>
I have a partition with Arch and Windows already on the system.
<hyper_ch>
zfs is my preferred filesystem.. well, I meant having a second usb thumb drive that you leave in the machine :) but can you show use what your partitions look like
<hyper_ch>
oh.... multi-systems... I don't know... don't listen to me regarding that
<fredefox>
hehe, ok
<fredefox>
thanks anyways
<hyper_ch>
(but zfs is really awesome....)
<fredefox>
:)
<hyper_ch>
if you value your data, you should have a look at it ;)
fusion809_ has quit [Read error: Connection reset by peer]
<fredefox>
If only Linux had as good support for video games as MSWin...
<mchasard>
oui donc je disais que j'ai installé une nixos
<hyper_ch>
je pense que personne ne parle pas français dedans
<symphorien>
question about lorri: when my shell.nix does not evaluate, how can I see the error message ?
o1lo01ol1o has joined #nixos
<{^_^}>
[nixpkgs] @dasJ opened pull request #85998 → nixos/nsswitch: Make databases more configurable → https://git.io/JftkV
pingiun has joined #nixos
<manveru>
symphorien: `nix-shell`
<manveru>
or `lorri watch --once`, but that's usually harder to read
<symphorien>
right, and how can I know that lorri evaluation failed rather than is just taking a long time ?
<pingiun>
if I add a lvm command in my boot.initrd.postDeviceCommands, e.g. ''${pkgs.lvm2}/bin/lvremove -f vg/tmp'', will this work? like will the command be available in initrd?
<symphorien>
because if I'm supposed to run nix-shell systematically, there is not so much gain over the non lorri workflow
<hyper_ch>
if you add lvm also to the initrd it should work
<hyper_ch>
as kernel module in the hardware configuration nix
<{^_^}>
[nixpkgs] @veprbl pushed commit from @renatoGarcia to master « snakemake: 5.13.0 -> 5.15.0 (#85913) »: https://git.io/JftIM
eof has quit [Quit: eof]
horek has joined #nixos
eof has joined #nixos
<negaduck>
I've just read the 17th nixos pill about packageOverrides and fixed point. Is this pattern deprecated in favor of overlays?
<{^_^}>
[nixpkgs] @jtojnar pushed to master « gnome3.updateScript: fix tarball eval on nonexisting attrpaths »: https://git.io/JftId
<cyris212>
What is the prefered way to get CUDA working on NixOS?
<cyris212>
(I would like to use CUDA from within docker containers)
<eeva>
negaduck there's a mention of packageOverrides compared to overlays in the nixpkgs manual: “Overlays are similar to other methods for customizing Nixpkgs, in particular the packageOverrides attribute described in Section 2.5, “Modify packages via packageOverrides”. Indeed, packageOverrides acts as an overlay with only the super argument. It is therefore appropriate for basic use, but overlays are more powerful and easier to distribute.”
<eeva>
cyris212: the nixos.wiki has a small section on CUDA https://www.nixos.wiki/wiki/Nvidia#CUDA. If you make a container out of this, and make sure you pass the necessary devices to the container, then I suppose it should work
<{^_^}>
[nixpkgs] @jtojnar pushed 3 commits to release-20.03: https://git.io/JftLJ
<eeva>
Can't test though as I don't have NVidia hardware, and it's been since I've done CUDA in containers (around 5 years) so things may have changed a bit.
<eeva>
It actually look more simple than I remebre
<eeva>
s/bre/ber/
<negaduck>
btw, can the nvidia driver installed in the nix store be used in ubuntu?
<hyper_ch>
pingiun: zfs replaced for me: ext4, luks/dmcrypt, rsync, mdadm :) zfs is so much easier
<pingiun>
hyper_ch: can you explain how it replaced rsync?
<pingiun>
zfs is pretty cool, I have wanted to try it for a while
<hyper_ch>
pingiun: because of snapshots you just send them for backup :) before I used rsync and hardlinks
<pingiun>
how can you send a zfs snapshot to a backup service?
<hyper_ch>
you can a zfs snapshot to a file
<hyper_ch>
you can send it to another system and load it there as dataset
<hyper_ch>
you can send it to the same system, same pool or different pool and add it
<negaduck>
I'm going to install the nvidia-driver system-wide using the usual install method in ubuntu and it will be the only thing in common between nix environments, but I wonder if one installed in the nix store can be used as well
phreedom has quit [Remote host closed the connection]
<pingiun>
hyper_ch: yeah that's pretty cool, but should be possible with lvm too :p
<hyper_ch>
e.g. zfs send tank/path/to/ds@snapshot | ssh root@remote backuptank/xxx/backups/ds
<pingiun>
hmm that is nice
phreedom has joined #nixos
<hyper_ch>
or even better if the backup system initiates the pull
<hyper_ch>
you don't want your life system to push data to a backup system
<hyper_ch>
but the backsup system to pull the data
<hyper_ch>
I forgot to add ssh root@remote "zfs receive backup....."
<pingiun>
do you have your nix configuration files online?
<pingiun>
I just love the erase-your-darlings setup
<pingiun>
but it's so much work to reinstall my hetzner dedicated server
<hyper_ch>
I managed to not having a root password at all there... I pestered gchristensen so much about it, but it's probably my zfs mount tweaks that prevent it somehow
<hyper_ch>
otoh, when I can login through ssh key or can login through another system user and use sudo, I don't really need a root password be set...
<pingiun>
ya my root password doesn't work with my test setup with lvm either
<pingiun>
but the proper way is to setup a wheel user anyway
<pingiun>
but I managed to get the setup working with lvm
<hyper_ch>
also, you can see in the server config how remote unlocking of encrypted root zfs works :)
<pingiun>
it's all thin volumes, on boot the root snapshot gets deleted, and a new one is created from an empty root_new thin lv
<pingiun>
hyper_ch: why not force the load-key command?
<hyper_ch>
why force?
zupo has joined #nixos
<aveltras>
how can i disable lightdm display manager ? i'd like the basic command line prompt to login, im only using a window manager (exwm)
<nixosuser6587>
Does anyone have problems with realtek drivers installation on latest nixos 20.03? My try to install and build r8168 for 5.4.33 kernel fails https://pastebin.com/J9ym1q85
<kenran>
I'm trying to create a nix derivation for an old typing game/software written in python. Here's what I have so far (I couldn't us cx_Freeze to build an executable, so I'm aiming to provide a script that starts the application): https://pastebin.com/55Wrt6ap
<kenran>
I know that I need python27Packages.pyqt4 to run the game (I tried in a pure nix-shell with python2 and pyqt4) but I don't know how to pass this to `mkDerivation`.
<kenran>
(I guess the package is available at build time, but since I don't really build anything and only want to run `python2 Amphetype.py`, the package is not available anymore at runtime?)
<kenran>
Thanks for any hints :)
pingiun has quit [Read error: Connection reset by peer]
<pbogdan>
kenran: not knowing much about python I would imagine you want `python.withPackages(ps: with ps; [ pyqt4 ])` somewhere and use that as the interpreter for the script
<pingiun>
how large should a boot partition be on nixos (if you're going to use zfs for everything else)?
drewr has joined #nixos
<kenran>
pbogdan: yeah, I don't know much about python either, but that looks very promising. I'll try it when I get back, thank you!
<hyper_ch>
pingiun: I usually give 1G... but that's probably too much
<pingiun>
hyper_ch: it depends on the number of generations you want to store right?
mallox has quit [Quit: WeeChat 2.8]
mallox has joined #nixos
<{^_^}>
[nixpkgs] @prusnak opened pull request #86007 → linux-rock64: kernel for Rock64 and RockPro64 systems → https://git.io/Jftt4
fenedor is now known as fendor
numkem has joined #nixos
dermetfan has joined #nixos
mchasard has quit [Quit: Leaving]
<yorick>
am I supposed to use networking.interfaces.br0 and networking.bridges.br0 together?
nixosuser6587 has quit [Remote host closed the connection]
<hyper_ch>
pingiun: yes, but 1GB should be sufficient by far
<pingiun>
okay
Nazral has quit [*.net *.split]
luigy has quit [*.net *.split]
eon` has quit [*.net *.split]
benny has quit [*.net *.split]
electrocat has quit [*.net *.split]
hl has quit [*.net *.split]
stolyaroleh has quit [*.net *.split]
Swant has quit [*.net *.split]
fionera has quit [*.net *.split]
woffs has quit [*.net *.split]
infty has quit [*.net *.split]
commander has quit [*.net *.split]
davidcl has quit [*.net *.split]
thommey has quit [*.net *.split]
lux1 has quit [*.net *.split]
mkaito_ has quit [*.net *.split]
luigy has joined #nixos
electrocat has joined #nixos
Nazral has joined #nixos
commander has joined #nixos
eon` has joined #nixos
infty has joined #nixos
stolyaroleh has joined #nixos
davidcl has joined #nixos
lux1 has joined #nixos
Swant has joined #nixos
thommey has joined #nixos
mkaito_ has joined #nixos
benny has joined #nixos
mallox has quit [Quit: WeeChat 2.8]
benny is now known as Guest80763
fionera has joined #nixos
vesper11 has quit [Ping timeout: 264 seconds]
vesper11 has joined #nixos
hl has joined #nixos
hl has joined #nixos
hl has quit [Changing host]
mallox has joined #nixos
<{^_^}>
[nixpkgs] @thoughtpolice merged pull request #85520 → afl: fix afl-clang-fast++ by making it a copy of afl-clang-fast, not a symlink → https://git.io/JfUI4
<{^_^}>
[nixpkgs] @thoughtpolice pushed commit from @risicle to master « afl: fix afl-clang-fast++ by making it a copy of afl-clang-fast, not a symlink »: https://git.io/Jftty
otti0815 has quit [Ping timeout: 264 seconds]
CptCaptain has quit [Quit: WeeChat 2.8]
otti0815 has joined #nixos
srhb has quit [*.net *.split]
NekomimiScience has quit [*.net *.split]
Hedgework has quit [*.net *.split]
meatcar has quit [*.net *.split]
victorbjelkholm_ has quit [*.net *.split]
shlevy has quit [*.net *.split]
etu has quit [*.net *.split]
ldlework has quit [*.net *.split]
Hedgework has joined #nixos
meatcar has joined #nixos
srhb has joined #nixos
meatcar has quit [Changing host]
meatcar has joined #nixos
NekomimiScience has joined #nixos
shlevy has joined #nixos
etu has joined #nixos
reallymemorable has quit [Quit: reallymemorable]
ldlework has joined #nixos
victorbjelkholm_ has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
reallymemorable has joined #nixos
WhatisRT has joined #nixos
<{^_^}>
[nixpkgs] @worldofpeace merged pull request #85990 → [20.03] linux_5_5: throw a meaningful error instead of just removing the attribute → https://git.io/JftJC
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to release-20.03: https://git.io/JftqL
emilsp has quit [Read error: Connection reset by peer]
<pingiun>
okay hyper_ch, you've convinced me to use zfs
daGrevis has quit [Remote host closed the connection]
<numkem>
I've got a chiken and egg problem regarding a PR I did (#84286) it contains adding myself to contributors. What should I do for getting it merged so my next new packages wouldn't break because of the missing contributor?
glasserc has quit [Read error: Connection reset by peer]
<abathur>
numkem: I'm in the same boat. I haven't asked anyone what's "right" here, but I just included the maintainers addition in both PRs to make sure they're both mergeable, and figure I'll be able to force-push any other PR(s) to remove it once one is merged
andi- has joined #nixos
andi- has joined #nixos
andi- has quit [Changing host]
<numkem>
abathur: bummer you couldn't find a solution either. I'm also shot myself in the foot by commit to my fork's master branch
<stevenroose>
Hi all. I'm setting up a service that is to be configured with an option configFile of type `type = types.nullOr types.path;`.
<stevenroose>
(Instead of a string option which I'm more accustomed to.)
stevenxl has joined #nixos
<stevenroose>
How do those work? Can I write the raw file from configuration.nix?
dnlkrgr has joined #nixos
<gchristensen>
you might do like configFile = pkgs.writeText "myconfig" ''some config stuff here'';
<stevenroose>
gchristensen: oh that happens in the let part above, right?
teto has joined #nixos
<stevenroose>
(I'm a bit new to this.) Is it possible to specify that in a separate file? Like a file that is just {myprogramConfig = pkgs.writeText <xx> '' xxxx '';}
shabius_ has quit [Quit: Leaving]
MarcWebe3 has quit [Remote host closed the connection]
MarcWeber has quit [Remote host closed the connection]
MarcWebe2 has quit [Remote host closed the connection]
shabius has joined #nixos
shabius has quit [Remote host closed the connection]
<kraem>
just switched over to niv for my nixconfig repo. i get this error when i have `dconf.enable = true` and am trying to rebuild: https://bpaste.net/36PA - if i comment comment the dconf enabling out it can rebuild (so i'm figuring nixos modules are accessible when importing nixpkgs through niv). any pointers?
knupfer has quit [Quit: knupfer]
knupfer has joined #nixos
<kraem>
(oh line 12 says `inherit (sources) nixpkgs;`)
o1lo01ol1o has quit [Ping timeout: 244 seconds]
dnlkrgr has quit [Quit: WeeChat 2.6]
ddellaco1 has joined #nixos
<{^_^}>
[nixpkgs] @flokli opened pull request #86010 → nixos/nscd: be more specific in the nscd.enable description on what breaks → https://git.io/Jftmp
ddellacosta has quit [Ping timeout: 260 seconds]
<{^_^}>
[nixpkgs] @peti pushed to master « haskell-cabal-plan: apply patch to fix the build with ghc-8.10.1 »: https://git.io/JftYe
<kraem>
oh i realised that error might be something else. i tried `sudo nix-channel --remove nixos` just to be sure it was using the nixpkgs defined by `sources.nix` but i ended up with `error: file 'nixpkgs/nixos' was not found in the Nix search path`. guess i'm misunderstanding how NIX_PATH is used with niv and a configuration.nix :/
<{^_^}>
[nixpkgs] @peti pushed to master « haskell-cabal-install-parsers: re-factor overrides to fix build with ghc-8.10.1 »: https://git.io/JftYO
<dsal>
Ugh, I have another project that won't build from what seems like nix-store corruption or something. How do I deal with this kind of problem? `Expected: name == pushover-hs, version == 0.1.0.0, tree == e4b768f60a0c7788608f093f661a1f22422a6656c80d4c46bd552bcc9665c9da,469, cabal file == 0dae0da4298b2eea7b3fcf25d00f514dde865bb07f9213b5795d34268bd65d12,1977`
<hyper_ch>
and if you have more spare time also part 2
ebopp has joined #nixos
<pingiun>
ya seems useful to know a bit more about zfs
<pingiun>
I will also need to have some backup system
<hyper_ch>
one should always have backups
<pingiun>
this linode VM will be mostly stateless, but it's still nice to practise backups just for my ssh keys and such
<hyper_ch>
zfs makes it just very simple
<hyper_ch>
you can setup a really basic system
<hyper_ch>
only ssh and zfs is needed
<hyper_ch>
and then it can just pull in the zfs snapshots :)
<pingiun>
:D
<pingiun>
I'm still wondering where I should save my nixos configurations
<hyper_ch>
having less stuff to install on the backup server means less things to attack
<hyper_ch>
you can create a persist for it
<pingiun>
that's what I have now
<hyper_ch>
I did use tank/encZFS/persist/etc.nixos
<pingiun>
but it's not really needed to save them on the server
<hyper_ch>
and then legacy mount it
<sphalerite>
yorick: yes, both
<nh2>
I've encountered one big problem with ZFS so far: Its cache seems to count as userspace RAM usage (green in htop) instead of the usual buffer cache (yellow in htop), and thus programs like `earlyoom`, that prevent the computer from hanging for 20 minuts on OOM, trigger way too early.
<hyper_ch>
nh2: you can adjust ARC if you need to
<hyper_ch>
having had that issue with qemu that qemu wanted ram faster than zfs freed
<hyper_ch>
but usually zfs should free if need arises
jakobrs has joined #nixos
<pingiun>
I don't really like the model of nixops, I'd rather just have a git repository and have my hosts pull from that
<pingiun>
but that requires some setup
<jakobrs>
When installing NixOS on a raspberry pi, why can't I just install it via a live usb?
<hyper_ch>
pingiun: nixos allows you to easily create a custom install cd
<hyper_ch>
s/cd/iso/
<nh2>
hyper_ch: Do you know if I can adjust it so that it gets accounted the same way as the Linux buffer cache on other file systems? Because I believe otherwise it will be impossible for programs like earlyoom to observe it. I'm happy with the amount of caching that ZFS does, the problem is that programs don't seem to be able to distinguish its memory usage from "real" program memory usage.
<hyper_ch>
so with some nix hack you could easily add custom installation script ;)
zupo has joined #nixos
<pingiun>
hyper_ch: that is genius
<pingiun>
I could make something specifically for Linode just does everything without user interaction
<sphalerite>
if no log is available, it's different. If it fails to build, you should hopefully be able to tell from the log :)
<cole-h>
lovesegfault: Sounds like it's time for you to overlay rhash and see if it's one of the install targets or the check target... ;)
<jakobrs>
Sure, that works in this case, but in general a way to do this from the web interface would be nice
<jakobrs>
also
<DamienCassou>
I'm using nixos but I can't list my manpages: `man -k bash` says there is nothing appropriate but the same command prints many things in debian. Yes, bash is installed. Printings debug information shows a proper manpath and there is a file `/run/current-system/sw/share/man/man1/bash.1.gz`
<jakobrs>
Theoretically speaking, the cache could not only provide cached builds, the cache could also cache failures
<DamienCassou>
`man bash` works but I'm interested in listing the man pages I have, not about viewing a particular one
<jakobrs>
So if you try to build a package and its hydra build failed, Nix would tell you that it's not going to work
<lovesegfault>
cole-h: the weird thing is it explodes while decompressing the src
<lovesegfault>
like wth is that even
<lovesegfault>
or, not decompressing, but cp'ing
<lovesegfault>
I think
<lovesegfault>
and AFAICT it's only rhash, haven't been able to repro with other pkgs
<cole-h>
I wonder if there's a way to `set +x` that stuff
<cole-h>
So you can see what it's `cp`ing and why
<jakobrs>
The relevant qemu build was just the one you get from `(lib.systems.elaborate "aarch64-linux").emulator pkgs`
<jakobrs>
... oh it's modified by lib/systems/default.nix
<{^_^}>
[nixpkgs] @Ma27 opened pull request #86013 → nixos/printing: make access to web-interface configurable → https://git.io/JftGU
<energizer>
When I try to start Zoom it says "INTERPRETER PANIC - Unable to find game directory '/nix/store/y85r193qbfiajdw19zsqfrznwikccy0x-zoom-1.1.5/share/zoom/games' (PC = #0)" and doesn't open.
<energizer>
What can I do?
<lovesegfault>
energizer: You mean the conferencing sw?
<lovesegfault>
you want the `zoom-us` pkg
<LnL>
lovesegfault: right, but seccomp doesn't fail like that chmod: changing permissions of 'foo': Operation not permitted
<lovesegfault>
:O
remirol is now known as lorimer
reallymemorable has joined #nixos
julm has quit [Quit: reload]
<LnL>
is it only rhash?
<lovesegfault>
That I've encountered so far, yes
julm has joined #nixos
<LnL>
so other things like hello which are definitively not part of the bootstrapping process work
<lovesegfault>
I built all of busybox and it was fine
glittershark has quit [Ping timeout: 265 seconds]
<lovesegfault>
I can try hello
<LnL>
cause building eg. coreutils will not give the right picture since it itself isn't built using the final coreutils
<viric>
Hello nixos. Is there any chance to get chrome with vaapi prebuilt?
<lovesegfault>
viric: IIRC that's already happened, it's just disabled in the wrapper
<viric>
I know
<viric>
I know the expression is ready but it takes 24h to compile it here
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<viric>
ah wait now I understand your sentence. Changing the enableVaapi doesn't make it rebuild
<{^_^}>
[cabal2nix] @peti pushed to master « Homepage URLs in Cabal 3.2.x may contain trailing white-space. »: https://git.io/JftZS
<lovesegfault>
building rhash with breakpointhook
<{^_^}>
[cabal2nix] @peti pushed 0 commits to refs/tags/v2.15.2: https://git.io/JftZQ
<Null_A[m]>
Is latest macbook pro supported by NixOS/linux kernel ? Google 'says' may be some issues with Wifi but that was corrected in kernel 3.2+ (?)
<lovesegfault>
alright, it failed, now attaching
o1lo01ol1o has quit [Ping timeout: 246 seconds]
<lovesegfault>
alright, attaches
<lovesegfault>
LnL: eh, stripHash isn't available in the build env
<lovesegfault>
do I just want `cp -pr --reflink=auto -- /nix/store/ljybrllcm43yyabb7dqb768y92zknsmx-source source`
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to staging: https://git.io/JftZA
plp_ has joined #nixos
<viric>
lovesegfault: the chromium prebuilt with vaapi is master, not release-20.03
<lovesegfault>
LnL: trying...
<lovesegfault>
LnL: Eh, I can't do that source hack
<lovesegfault>
bash: /build/env-vars: No such file or directory
<lovesegfault>
but that file _is_ there
<lovesegfault>
oh
<lovesegfault>
build/env-vars is, not /build/env-vars
<LnL>
ah yeah need to load env-vars first
<lovesegfault>
do I just . build/env-vars?
knupfer has quit [Ping timeout: 244 seconds]
<amanjeev>
Trying to add a package to nixpkgs but facing issue `/path/to/app does not exist or could not be executed.`. Googling tells me that the binary has to be stripped and shrunk which I see in the output being run.
<LnL>
that's written in the build root of the drv, something like /tmp/nix-build-foo.drv-0
ddellaco1 has joined #nixos
<amanjeev>
Is opening a PR with [WIP] prefix allows to discuss?
<LnL>
inside the sandbox that is mapped to /build on linux
<cole-h>
amanjeev: Sure, WIP PRs are allowed.
ddellacosta has joined #nixos
<lovesegfault>
I tried source build/env-vars; source $stdenv/setup
<lovesegfault>
but it complais /build/env-vars doesn't exist anyway
<LnL>
cntr attach only attaches and mounts the filesystem of the namesace in /var/lib/cntr
<cole-h>
LnL++ Extremely useful information
<{^_^}>
LnL's karma got increased to 38
<LnL>
once attached cntr exec executres a command in the namespace
<jluttine>
in a multiline string (quoted with ''), how can i write '${foo}' literally like that? those single quotes are also part of what i want. ${foo} is escaped as ''${foo} but that breaks when i add the surrounding single quotes like '''${foo}'
<LnL>
the very nice thing here is that you can inspect the filesystem with your regular tools
<lovesegfault>
wait, do I run cntr exec bash _inside_ of the shell cntr attach dropped me in?
<cole-h>
jluttine: Why do you need to surround with single quotes? Would double quotes not work?
nkh^ has joined #nixos
LisaMarie has joined #nixos
<jluttine>
cole-h: because i don't want bash then to do anything with that
<jluttine>
cole-h: so i need to have it inside single quotes
<jluttine>
otherwise bash will replace it with an environment variable value..
<LnL>
lovesegfault: oh indeed, didn't notice
<cole-h>
What are the contents of `${foo}`?
<lovesegfault>
the issue is that inside that shell there is no cntr available :/
<lovesegfault>
so I can't cntr exec
<cole-h>
Oh, wait I understand now; sorry.
<cole-h>
jluttine: Why do you have to use `${foo}`, rather than `$foo`?
LisaMarie has quit [Client Quit]
zupo has joined #nixos
<cole-h>
lovesegfault: Maybe `cntr exec bash cntr-/nix/store/.......` would work?
<lovesegfault>
cole-h: failed to open /.cntr/pid: No such file or directory (os error 2)
<cole-h>
:D Sweet
<cole-h>
attach -> pwd -> cd there -> cntr exec, maybe?
<jluttine>
cole-h: the upstream file has ${foo} in one file and i need to replace with just something else. so in patch phase i'm using: substituteInPlace --substitute '''${foo}' "bar"
jgeerds_ has quit [Ping timeout: 256 seconds]
<LnL>
lovesegfault: might be your setup that it starts another shell
<lovesegfault>
Is the issue that I don't have cntr system-wide, it's just in a nix-shell?
<LnL>
as in not your default user shell
<LnL>
so yeah installing it should help
<lovesegfault>
let's see
<cole-h>
jluttine: And it doesn't work if you don't single quote it, yes? e.g. `''${foo} "bar"`?
<LnL>
the attach shell is still on your hosts so you should still be able to use nix-shell, etc.
<jluttine>
cole-h: doesn't work, i suppose because bash replaces ${foo} with the value of foo environment variable
<jluttine>
so i need to avoid first nix doing anything, then bash doing anything
<cole-h>
Then I don't have a real suggestion other than make a patch that replaces `${foo}` with `@foo@` and use `substituteInPlace --subst-var-by foo bar`
<jluttine>
these nix string escaping things are weird because it's not straightforward how you can write arbitrary string. it seems that there are strings that are impossible to write. to me it seems like the escaping thing is just broken.
<cole-h>
,escape''
<{^_^}>
'' two single quotes: ''' bash curly bois: ''${} newline: ''\n tab: ''\t any character x: ''\x ''
<lovesegfault>
deploying the cfg with cntr in syspkgs
<cole-h>
Maybe that will help
<LnL>
lovesegfault: I see so /var/lib/cntr is only visible to that attached shell
<lovesegfault>
Yeah
dadada__ has quit [Remote host closed the connection]
<LnL>
makes sense all this is bound to processes, so first step is to peek inside second to fully enter
<jluttine>
unless `'${foo}'` can be written in two single quoted strings, i consider the escaping of '' strings broken
<jluttine>
cole-h: my workaround was to add extra leading space which i know exists in the file. that is: `substituteInPlace --substitute ' ''${foo}' " bar"`
linarcx has quit [Quit: WeeChat 2.8]
<{^_^}>
[nixos-homepage] @aepsil0n opened pull request #415 → Improve readability of text on site → https://git.io/Jftcf
<{^_^}>
openzfs/zfs#10255 (by nh2, 10 seconds ago, open): ARC not accounted as MemAvailable in /proc/meminfo
<cole-h>
Maybe an issue should be filed, if you consider it broken :)
<amanjeev>
oh wow 1900+ Pull Requests! :(
<jluttine>
cole-h: yeah, maybe. but i think it's more probable that i just don't understand something :)
<cole-h>
Well, if you don't understand something, there are many others who also don't understand something
<LnL>
lovesegfault: yeah, the fact that you lost before cntr is probably a side effect of all this namespace shenanigans :)
<cole-h>
Filing an issue means you either can an answer as to why it's not possible, an example of what would work, or a commitment to it getting fixed.
<cole-h>
s/can/get/
<cole-h>
And it will exist for posterity, so when somebody else runs into the same issue, we can point them to the issue you filed ;)
<LnL>
lovesegfault: anyway, this is probably about as close as you can get to reproduce a build issue
<{^_^}>
#86021 (by jluttine, 10 seconds ago, open): two single quoted string escaping not comprehensive
<lovesegfault>
I think I'm setting that fn var wrong
<LnL>
btw you might want to add set +e after sourcing
<lovesegfault>
Yeah :D
<LnL>
and source env-vars, but doesn't really seem relevant here
<lovesegfault>
I don't know what this `--` syntax does
<cole-h>
Prevents path from being treated as an option, if it has a possibility to
<LnL>
nothing say you have a file --help, cp -- --help foo will copy it instead of showing help :)
<lovesegfault>
Oh, I see
<lovesegfault>
why is it appending the name of the source dir to the output :(
<mdtis>
I'm trying to get jupytext to load successfully using jupterlabWith, but not having much luck. Hoping I've made a simple mistake. I've posted a gist of my `shell.nix` and the output of `jupyter lab` in this gist https://gist.github.com/mdtisdall/3446714f86373697609961b8b5d593bb
vika_nezrimaya has quit [Ping timeout: 265 seconds]
<lovesegfault>
Why on earth can't I just cp stuff into build/source?
<lovesegfault>
I'm going to go super saiyan trying to debug this :P
<LnL>
try removing the flags, or which cp and do the same outside of the sandbox
srid has quit [Quit: Connection closed for inactivity]
<LnL>
depending on that you might be able to strace
adamtkh6 has joined #nixos
dermetfan has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @FRidh pushed 45 commits to staging-next: https://git.io/JftCU
<manveru>
lovesegfault: you can also try the breakpointHook
<manveru>
in case you're getting desparate :)
<numkem>
I'm trying to package a KDE app, it builds just fine but when I launch it I get this error message: `KHTML default stylesheet version mismatch. Aborting. Check your installation. File used was: . Expected STYLE_VERSION 1`. There is an issue on nixpkgs with that message but there isn't more details
o1lo01ol1o has joined #nixos
FRidh has quit [Quit: Konversation terminated!]
<cole-h>
manveru: We're already at that point :P
<manveru>
:D
o1lo01ol1o has quit [Ping timeout: 260 seconds]
shafox has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @worldofpeace pushed 3 commits to staging-19.09: https://git.io/Jft8a
<oborot>
I have a custom ACPID handler configured, when I trigger it just throws a crappy exist status of 1 without an error. If I manually run the script it's trying to run it works. Anybody have any ideas?
<oborot>
acpid*
fendor has quit [Read error: Connection reset by peer]
<oborot>
Is it something related to systemd maybe? I'm running "amixer" in the script, and figured it couldn't find the binary.
<oborot>
Initially it was throwing a 127 error when this was the case, but after I included the correct PATH the 127 error changed to just 1.
dadada_ has quit [Remote host closed the connection]
<oborot>
Huh, I think it's just not running as root for some reason...
<oborot>
Funny that a regular user can run it, but not root
dermetfan has joined #nixos
<kraem>
i'm having trouble accessing nixos modules from sources defined by niv. anyone else had this issue?
<infinisil>
kraem: Nobody's gonna help if you don't provide any information on the problem..
<{^_^}>
[nixpkgs] @flokli merged pull request #86010 → nixos/nscd: be more specific in the nscd.enable description on what breaks → https://git.io/Jftmp
<kraem>
infinisil: i'm trying to use niv and import the sources + nixpkgs from the sources.nix but i'm getting an error on rebuild where it can't find nixpkgs/nixos/modules/.. (https://bpaste.net/5JZA)
alp has quit [Remote host closed the connection]
teto has quit [Quit: WeeChat 2.8]
alp has joined #nixos
hio has quit [Quit: Connection closed for inactivity]
<cole-h>
That log isn't helpful without seeing the file it originates from.
<infinisil>
It is a bit helpful, but yeah, more context would be nice, including the sources you're using
<exarkun>
jtojnar, oborot: thanks
<kraem>
i just saw while pasting them (https://bpaste.net/V4BQ) that they're referencing <nixpkgs> which read NIX_PATH, right?
benmachine has quit [Read error: Connection reset by peer]
<infinisil>
kraem: Wait what's that second file got to do with this?
alp has quit [Ping timeout: 265 seconds]
dermetfan has quit [Ping timeout: 240 seconds]
<kraem>
infinisil: it's what the first log is saying it can't reach (broadcom-43xx.nix) and that is where it's imported
<infinisil>
Oh I see
<infinisil>
You sure that's related to niv at all? Because you only have nixpkgs in the sources, nothing else, and that file probably doesn't come from niv
<{^_^}>
[nixpkgs] @Infinisil pushed commit from @bb010g to release-20.03 « nixos/documentation: Allow specifying extraSources »: https://git.io/Jft4o
<kraem>
infinisil: i'm not 100% sure on how to use the imported nixpkgs and sources from niv. i tried removing all channels because i wanted to verify it was reading nixpkgs from the ones imported from niv
<{^_^}>
[nixpkgs] @davidak opened pull request #86026 → Update commit policy for stable release branches → https://git.io/Jft4M
<kraem>
infinisil: tried an ugly hack and commented out the imports depending on <nixpkgs> and it is building now :) now i just need to figure out how to import the modules from the niv sources instead
<infinisil>
kraem: You can replace `<nixpkgs/nixos/modules/hardware/network/broadcom-43xx.nix>` with `(modulesPath + "/hardware/network/broadcom-43xx.nix")` to not have to comment them out
<infinisil>
kraem: And add `modulesPath` at the top of the file
<kraem>
infinisil++ thanks!
<{^_^}>
infinisil's karma got increased to 268
<infinisil>
:)
__monty__ has quit [Quit: leaving]
maddo has quit [Quit: See ya]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
knupfer has quit [Ping timeout: 246 seconds]
zupo has joined #nixos
civodul has quit [Quit: ERC (IRC client for Emacs 26.3)]
<genevino>
is there a special channel to discuss nix syntax or is it appropriate to ask questions in here?
<simpson>
This is a good channel.
o1lo01ol1o has quit [Remote host closed the connection]
<infinisil>
genevino: There is #nix-lang too
<genevino>
infinisil: cool to know :)
<genevino>
simpson: also good to know and thanks for your friendly feedback.
<genevino>
was more of a general question because i'm lying in bed with my nixos laptop and this question was circulating in my head...
<infinisil>
Hehe I see
<infinisil>
I originally made #nix-lang because discussions about the language were often interfering with packaging help here, which was kind of distracting
<infinisil>
And Nix as a language is a sufficiently different topic to facilitate its own channel imo
<genevino>
one general thing i don't understand is: how do people put a custom dotfile in place with a nixos configuration.nix stanza? it must be a totally common problem but anything i google for ends up in infinite recursion of yak shaving.
<{^_^}>
[nixpkgs] @Ma27 closed pull request #84608 → nixos/systemd-nspawn: reload or restart machines on config change → https://git.io/JvAPm
<genevino>
what i'm after is really just some kind of "nix good practices.pdf" or something? i don't know...
<simpson>
genevino: There's a variety of tools which manage homedirs; it's explicitly not in NixOS scope yet. home-manager is very popular, and I can attest that it works although I don't trust it yet for daily use (mostly because I'm too lazy to finish migrating).
<genevino>
simpson: i've read about home-manager and got lost reading really, the documentation is quite large and it's easy to end up in a completely different world of solving other problems real quick.
<genevino>
simpson: so if it's home-manager, do you have that in some configuration.nix because you're not happy with some defaults on some of your machines or how do you do it?
<simpson>
genevino: Well, "custom dotfile" is quite a large concept; home-manager and NixOS both break those up into finer pieces.
o1lo01ol1o has joined #nixos
<notgne2>
genevino: think of it just as a small NixOS which is for your own user rather than for your system, NixOS manages stuff like /etc, home-manager manages your dotfiles
<simpson>
genevino: I am slow to refactor my daily-driver configuration because, well, I cannot tolerate it breaking for long periods of time. I've got home-manager on my current away-from-home traveling setup, and it works fine there.
<notgne2>
there's a few overlaps, but generally NixOS and home-manager will be for totally different things
<notgne2>
you can also use home-manager on systems without NixOS
glitters- has joined #nixos
<genevino>
ok thx for your answers. so if i understand it correctly, nobody of you is actually "used" to replacing a file on the resulting system in their initial deployment configurations or has a definitive and simple answer to the question "how do you do that directly from configuration.nix, without complexity, without blah, just replace this file in /etc with something i have here." which for my
<genevino>
understanding would be the MOST trivial and basic thing i could think of.
<bqv>
> "${null}"
<{^_^}>
cannot coerce null to a string, at (string):306:2
<genevino>
maybe my attempt is because i have a background in configuration management systems...
cosimone has quit [Remote host closed the connection]
<genevino>
i mean this is really over my head. what you write there in configuration.nix is for my understanding totally some kind of configuration management like thing...
cosimone has joined #nixos
<notgne2>
genevino: I'm not sure what you mean, but you can create files in `/etc` by putting something like `environment.etc.example.text = "hello"`, and home-manager has similar options for putting dotfiles or files in .config
<genevino>
notgne2: ah ok :)
<notgne2>
it's easier if you think of NixOS as declaring your system, not instructing it. you put your options in your configuration, and then when you either install or rebuild, NixOS will make your system reflect your config
glittershark has quit [Remote host closed the connection]
<genevino>
notgne2: yeah i have huge mental problems with accepting that i'm in a world where things i knew for decades are changed slightly. feels a bit like a glitch in the matrix.
<emily>
right. though nixos does have a framework for things like "actively change system state to match this thing I want", it's not the usual way you approach things -- you declare the system state upfront and it simply immutably is that
<notgne2>
under the hood lots of "easy" options in NixOS like services.blah.enable = true, they are using these same lower-level properties like environment.etc, and systemd.services
<emily>
and updating or switching between states is handled by the generation layer on top, not by explicit commands run within your system config
<emily>
you can set up pretty much whatever static file arrangement you need, but the important thing is that it's static (per configuration)
<simpson>
genevino: You're wrong on what I'm used to. For example, my vim configuration is generated from Nix. Just not yet via home-manager. The switchover on an established NixOS system is non-trivial, and I'm a lazy person.
<genevino>
emily: this is an *excellent* description. thank you.
<simpson>
Also, I've had too many bad experiences in my youth where I've accidentally hosed my daily driver. Seriously.
<genevino>
simpson: sounds excellent. do you have your configuration in pastebin'able form or on github or something like that?
<notgne2>
genevino: it's definitely weird to get used to, when I first got used to NixOS I would find myself thinking "wait but when does it set this, when will it run this", and the answer is confusingly "no", NixOS has all the magic for turning a running system into your declared configuration, or for writing it to your disk so it is the same after a reboot all under the hood, so that's not something you
glitters- is now known as glittershark
proofofkeags has joined #nixos
<notgne2>
have to worry about (unless you're making something new)
<emily>
genevino: traditional configuration management systems have to deal with "changing the existing system to look like the declared one", which is brittle and fragile (e.g. cleaning up unused packages as a trivial case, but you can end up with arbitrary synchronisation issues). with nixos, to the greatest extent possible, we "build" the whole system environment in one atomic step and then just switch to it
glittershark has quit [Quit: ZNC 1.7.5 - https://znc.in]
<emily>
rather than comparing the existing state to the declared one and making changes to match it
<emily>
(there's some of that -- e.g., services are intelligently reloaded/restarted rather than torn down and started from scratch on every generation change -- but the general model is one of isolated system builds)
<genevino>
:)
<emily>
the activation script that's run to switch to a new system configuration from an existing one is actually the same script that's run on every system boot
<infinisil>
Hmm
<genevino>
btw when i nixos-channel --update, should i do a nixos-rebuild switch or a nixos-rebuild boot?
thc202 has quit [Ping timeout: 240 seconds]
<infinisil>
emily: I guess NixOS still does the "change the existing system to look like this" through the activation script, but many steps of that script are just very atomic
<notgne2>
you can think of `nix-channel --update` as a bit like `apt update` on debian systems, it's just pulling the latest Nix expressions from nixpkgs
<genevino>
infinisil: well i think what emily means is that the whole steps to activate the new configuration are atomic, e.g. at every point in time you will have a symlink to a *working* state of what you want to use.
<genevino>
because symlinks are, by its very nature, atomic.
<notgne2>
persinally I wish there was less of the magic activation logic in some cases, for instance https://github.com/NixOS/nixpkgs/pull/64594 - imo should've been merged, it's something that makes more unconventional setups a lot more trivial
<simpson>
genevino: I don't do anything much interesting, TBH! https://nixos.wiki/wiki/Vim is far more interesting as far as vim setup.
<{^_^}>
#64594 (by jameysharp, 41 weeks ago, closed): Prebuild /etc/passwd and /etc/group if possible
shibboleth has joined #nixos
<infinisil>
genevino: Yeah, but like if the activation script is killed midway, you might already have the new system symlink, but its services aren't activated yet
<genevino>
wow it even has an example to disable mouse support (the very first thing i have to do on every new installation because the default is having that ENabled, argh)
proofofkeags has quit [Remote host closed the connection]
jmeredith has quit [Quit: Connection closed for inactivity]
proofofkeags has joined #nixos
<notgne2>
that PR seems to (surprisingly) be one of the few blockers preventing you from using a NixOS system without running the activation scripts
<genevino>
i don't know who came up with the idea of breaking X copy/paste in vim purposefully but it's a really terrible one, honestly.
<emily>
infinisil: right, hence the "(there's some of that ...)" line
oborot has quit [Ping timeout: 260 seconds]
<infinisil>
notgne2: Couldn't theoretically all activation scripts just be systemd services?
<emily>
infinisil: it's a far cry from, e.g., "loop over all the desired system packages and apt-get install them"
<emily>
(though I'd certainly like activation scripts to do less still)
<infinisil>
emily: Ah yeah :)
<infinisil>
Yeah, I'm always discouraging the use of activation scripts when I see a better way of doing stuff
<notgne2>
infinisil: my use case actually was with no service manager either, NixOS configs can be used to build Docker images with the logic from that PR (without any runtime bloat)
<emily>
https://distr1.org/ does a lot to do away with "package install hook"/"activation script" type stuff, nixos could probably import techniques and ideas from it
mdtis has quit [Remote host closed the connection]
<emily>
I wish NixOS didn't support multiple users so that awful Perl script could go away :p
<emily>
er, mutable users
proofofkeags has quit [Ping timeout: 260 seconds]
<notgne2>
emily: yep, ~98MB can be costly for small closures too
<emily>
unfortunately there'd still be some perl scripts even then (update-etc, I forget what else)
<cole-h>
emily: Having not looked at the perl script, why is it necessary for supporting mutable users?
<infinisil>
emily: The mutableUsers option isn't directly related to the perl script I'm pretty sure
<emily>
(I wonder what obstacles there are to having a fully statically built /etc these days?)
Vikingman has joined #nixos
<genevino>
infinisil: but it's pretty crazy, i got a full blown kde installation up in literally no time, with full disk encryption and whatnot.
<notgne2>
cole-h: because /etc/passwd cannot be declared using environment.etc if the system can update it, and nixos has to negociate uids and gids too iirc
<infinisil>
genevino: Nice, that's a good start for a NixOS config repo :D
<genevino>
btw is there ANY benefit in using the graphical iso? i always used the minimal ones.
<cole-h>
Oh. That makes sense.
<notgne2>
emily: for every module I've used at my work, that seems to be the only one I've ran into
<emily>
hm, if the script is still useful even with immutable users then i don't see why at least
<emily>
(as in, i don't see why it couldn't be done at system build time)
<infinisil>
emily: NixOS reads /var/lib/nixos/{g,u}id-map to keep old {g,u}ids the same
<notgne2>
emily: removing it not only means you must have mutableUsers off, but you also must have every user statically assigned uids
<emily>
mhm
cr4y1_ has quit [Ping timeout: 250 seconds]
<infinisil>
And it uses that map to automatically find a new unused ones when no static uid is declared
<emily>
well I already statically assign a uid for my user (seems like a bad idea not to) and don't really care about the uids system users, but I guess there's the problem that fs permissions could get desynced?
<infinisil>
Unfortunately I don't think there's a way to assign persistent static uid's to services in a pure way
<emily>
pervasive use of systemd's DynamicUser etc. rather than our own user management would solve this at least...
fresheyeball has joined #nixos
<notgne2>
I personally liked that PR's way of doing it, where it would only apply if there is no uids or gids not statically declared in your config
<fresheyeball>
Anyone have experience with nodejs projects in nix?
<infinisil>
s/to assign/to automatically assign/
* emily
. o O ( just make uids the hash of the username, clearly )
shafox has quit [Remote host closed the connection]
<genevino>
btw i was unable to get network-manager to work (not a joke) but setting up wpa_supplicant manually worked like a charm.
<bqv>
dynamicUser can cause issues
<infinisil>
emily: What if that uid is already used by a manually declared static user?
<bqv>
i had a huge problem getting it to play nice with my weechat daemon's runtimedirectory
nkh^ has quit []
<notgne2>
infinisil: technically that could be worked around at build time too
<bqv>
yeah, a hash base system would need a huge address space
<notgne2>
wait no, no it couldn't
<bqv>
`error: store path name contains forbidden character` hey, who do i have to poke to get this error to be more verbose
<emily>
infinisil: sucks to be them (though really system and non-system users should be kept in different ranges ideally)
<notgne2>
because then changing your static definitions could/would end up changing your generated uids too
<bqv>
cause i've just written about a hundred lines of nix and i have no idea which caused hthis
<emily>
it wasn't a super serious proposal though
<infinisil>
emily: Okay we have a separate range for them. But now what if there's a collision between multiple users
tsrt^ has joined #nixos
<infinisil>
The hash would assign them the same uid
<emily>
I mean yeah, the value are too small is the main reason it wasn't serious
<notgne2>
if it's ever an option, I'd be happy to implement whatever logic is neccesary to get NixOS to the point it can be (though not neccesarily always) used without the user-groups perl script
<emily>
if we had 256-bit uids there'd be no issue
<infinisil>
Ah yeah :)
<notgne2>
hell I'd pay like $10 to have that my logic upstreamed even
<infinisil>
I think the most reasonable solution would be to get rid of uids completely
<emily>
to be honest, I don't immediately see why "assign all users/groups in nixos static IDs upstream (but minimize their existence in favour of DynamicUser), expect end users to give their users and groups IDs" is the worst solution in the universe
<infinisil>
And have file permissions be based on usernames
<genevino>
256 bit user IDs? are you planning to make accounts for aliens, too?
<emily>
it's a little inconvenient but you already have to do this kind of thing for like, allocating IP addresses to machines and so on
<emily>
infinisil: I eagerly await your kernel patch
<bqv>
genevino: "space is cheap" is the new motto of modern times, i hear
<infinisil>
Then we could use 256 bits for 32-byte long Unicode usernames :)
<bqv>
so yeah, buying new hard drives over intelligent design, every time
<emily>
tbh in my ideal universe we would just do everything in a different user namespace and have no need for system users anyway
<bqv>
emily: you can somewhat achieve that with nixos-containers even
<emily>
bqv: dealing with differing UIDs across systems sucks a lot so it actually makes lots of sense to increase the range honestly
<infinisil>
emily: Oh, or something like a capability system
<bqv>
yeah, fair
<emily>
being able to use guids for UIDs/GIDs would simplify things a fair amount. it's an intractable change with posix of cousre
<notgne2>
I'm at least 1% serious, is there a NixOS black market for buying PR merges so I can make optional static /etc/passwd logic
<bqv>
in my dictionary, the entry for "what capabilities are" just says "painful"
<emily>
running everything in its own isolated userns would be a good step towards strengthening the objcap guarantees nixos can offer
<bqv>
but i like the idea
<emily>
DynamicUser already accomplishes that for the average service case ofc
mbrgm_ has joined #nixos
<infinisil>
Hm okay I have an idea for how to solve the static uid assignment problem
<infinisil>
Keep the uid map in a file at eval time
<infinisil>
And it gets auto-updated
<infinisil>
Like hardware-configuration.nix
<bqv>
notgne2: honestly at this point i just make changes i need to depend on locally, rather than spend weeks waiting for PRs to get merged (as long as it's a relatively trivial change)
<infinisil>
You'd keep /etc/nixos/uid-map.nix
<infinisil>
And whenever a new services needs a new uid but doesn't have one, it gets written to there
mbrgm has quit [Ping timeout: 265 seconds]
mbrgm_ is now known as mbrgm
<notgne2>
bqv: oh I already am, I'm using a slightly updated version of that PR for multiple projects of mine, it'd just be less work for me if it were upstreamed ;)
<emily>
notgne2: I'd be happy to see that kind of stuff upstreamed at least
<emily>
not that I have commit access but I can at least hit the approve button really hard and complain that it isn't working
virus_dave has joined #nixos
<bqv>
if anything, nixpkgs has made me understand why brexit happened, a little, but that's a leap of logic that i doubt most people will understand
<infinisil>
emily: What do you think of my suggestion?
<infinisil>
I'd be in favor of static uids if this could be implemented nicely
<emily>
infinisil: it seems reasonable but I worry about the proliferation of a bunch of special-case scripts / effectively human-unwritable nix files... I feel like it'd be more suited to a JSON file in /var than a Nix file in /etc/nixos, so to speak
<notgne2>
emily: but nix is..... powerful-er json ;))
<infinisil>
emily: I'm also in favor of a json file actually, just used nix for the explanation
<bqv>
well if there's already a default upstream mapping, why not just have a config.uidMap that you can override in your config
<notgne2>
infinisil: it seems a bit more extreme than some other approaches, but it's an extreme I'd like, I'd vote for it
<infinisil>
emily: But it would have to be in /etc/nixos (or wherever nixos is evaluated from), it can't be in a runtime path like /var
<emily>
infinisil: but like, there's already nixos/modules/misc/ids.nix assigning static IDs for stuff upstream in NixOS, user configs can set IDs manually... would it be so bad to just have a mode that requires all IDs statically assigned?
<bqv>
that way rather than a full spec that's machine-updated, it can be hand fiddled
<emily>
infinisil: statically maintaining a UID namespace upstream sucks, but that can be solved by moving services to DynamicUser etc. and increasing their security at the same time
<infinisil>
emily: The problem with having these manual static id maps is that: Who decides what ranges can be used for that? And: What prevents multiple modules from declaring the same id? Especially if there's third-party NixOS modules in play
<emily>
you can't do everything with it but I think you can do a lot than you might assume, especially if you factor stuff into multiple services and make judicious use of extra groups
<bqv>
one problem with moving directly to DynamicUser is it ties us forevermore to systemd
<emily>
systemd can even handle keeping fs perms up to date for you
<bqv>
which is a shame for darwin, or anyone that wants to implement another init
<emily>
bqv: that ship has sailed with the amount of use of systemd.services in nixos... I'm not a huge fan of systemd but it would be a huge amount of work to switch to another service system, implementing support for dynamically-assigned users in whatever fancy service manager replaced it would be one of the smaller parts of that
<bqv>
i mean, it's one thing for it to be unrealistic and a huge amount of effort, but maybe we shouldn't make it worse in case it can ever actually be undone
<emily>
I mean, there's already a bunch of stuff that uses DynamicUser in tree, so you'd really need to make a hard decision of "no depending on fancy systemd stuff" or "we should actually use the service manager we're pretty much inextricably tied to anyway"
<bqv>
yeah, not saying don't use dynamicUser, just maybe don't deprecate the use of UIDs entirely in favour of it
<emily>
relying on the status quo of "a bunch of stuff is more brittle and less secure/isolated than it could be because nobody's gotten around to it yet, but it's theoretically easier to port to other stuff" doesn't feel like a sustainable path
<bqv>
how e.g. would we even support darwin, or any potential BSD ports
<qyliss>
DynamicUser could be implemented as a program
<bqv>
that would be nicer.
<qyliss>
probably not a portable program, but I think you could at least implement it in a way that doesn't require systemd
<infinisil>
DynamicUser *is* implemented as a program, it's called systemd! :P
<notgne2>
I don't think as of now NixOS is very tied to systemd, I mean the options are named systemd, but 99% can pretty trivially be read and used by alternative service managers
<qyliss>
notgne2: most service managers do not have, e.g. DynamicUser
<qyliss>
there are SO MANY systemd service options
<qyliss>
no other service manager will implement those
<notgne2>
but I don't think it's smart to arbitrarily avoid parts of systemd, without having some particular document explaining where to draw the lines
zeta_0 has joined #nixos
<bqv>
most packages have non-systemd service files, it'll just be the core nixos stuff that'll be painful
<notgne2>
qyliss: iirc NixOS itself even has a systemd emulator for running tests
<infinisil>
I wouldn't mind somebody defining an abstract init system interface
<notgne2>
infinisil: I wouldn't mind working on that either
<bqv>
port nixos to runit and hoover up all the gentoo stragglers
<qyliss>
there is no reason for stuff like DynamicUser to be part of the service supervisor and it's a real shame that all that neat stuff was implemented that way
<notgne2>
I'm already..... way too familiar with the concept
<bqv>
or is it openrc... i forget
<notgne2>
bqv: a friend of mine is working on a service manager I'm pretty interested in, the creator of which has gone on a quest to learn about every OS's approach and what works best, rather than having some pre-defined ideological approach which often revolves around avoiding some systemd features
<bqv>
heh
<notgne2>
I would love to use it with NixOS in the future if it's possible to hack into place or more idealy use an abstract init system interface for
<infinisil>
notgne2: Oh nice
<infinisil>
I sure do wonder how hard it would be to have systemd-like features with an abstract init system interface
<bqv>
honestly i haven't used anything besides systemd for longer than i can remember, what's the closest alternative?
<rooke>
I don't understand the systemd hate tbh, it's pretty comfy
<qyliss>
bqv: launchd on macOS
<bqv>
i like it practically, i hate it theoretically. it's gone down the kitchen sink path while trying to violently eschew the unix principle
<qyliss>
nothing else is all that close to it
<bqv>
qyliss: right
zeta_0 has left #nixos ["rcirc on GNU Emacs 26.3"]
o1lo01ol1o has quit [Remote host closed the connection]
<notgne2>
rooke: in my opinion, it's the natural result of a bad service manager ecosystem, nobody has worked on their design at all, so systemd took up the job and implemented whatever they felt like, however the felt like, which lead to some bad implmentation, and questionable design choices, but overall most of systemd is an answer to very real problems
<notgne2>
I don't like it, but I don't hate it, I would loveto use a service manager competing with systemd, but currently as far as I am aware, none are
<infinisil>
notgne2: Got some examples of these negatives?
<infinisil>
Or a link to read about them?
<emily>
infinisil: notgne2: in any case, we can agree that having an optional static-passwd option upstream would be an improvement, right? just let people set ids.{uids,gids} in their config to fill in gaps for services that aren't present, they'll get an eval-time error
<emily>
like, I'm happy to fill in service UIDs manually in my config if it lets me disable that perl script, and it leads the door open to moving that stuff fully to eval-time in future
<bqv>
notgne2: qyliss: what's openrc lacking for it to not really be a competitor?
<bqv>
i'm sure i've heard people say it's a viable alternative
<emily>
users.mutableUsers = "hellno"
<notgne2>
infinisil: I don't really want to go down the service manager wars rabbit-hole, but situationally I find it annoying that systemd's solutions to problems are not common ones, they take their own approach, and emulating the behaviour less efficient, and very hard to find good ways to use it
<bqv>
(not to mention upstart)
<emily>
those people are drunk on ideology
<notgne2>
also to a lesser extend I'm not much of a fan of dbus and friends either
<emily>
or, more accurately, they just use only 1% of service manage features and think that's all that exists
<emily>
systemd is a messy monolithic blob but the "you don't need systemd, sysvinit/openrc/... did everything just fine" school of thought is kinda delusional imo
<emily>
for the daemontools/runit/s6 systems you can make a closer argument because they're actually modular enough that you can imagine implementing it all out
<emily>
(and for stuff like socket activation it already happened)
<notgne2>
there's also a lot more I've read about but never bookmarked because I don't want to accidentally become part of the systemd-hating thing, not that they aren't justified or it's not fun, it's just not my shtick to care about (except in the case of NixOS where for multiple projects I've had to pry Nix and SystemD in 2 to make things work)
<emily>
I don't think OpenRC even handles dependencies / parallel start very nicely
<{^_^}>
#64594 (by jameysharp, 41 weeks ago, closed): Prebuild /etc/passwd and /etc/group if possible
<bqv>
hmm, i see
<emily>
it's dependency-based but I think in a pretty coarse-grained way a la sysvinit LSB script type stuff
<infinisil>
Though I guess i did upvote edolstra's comment
<notgne2>
my main argument for making NixOS have an abstract service manager interface would be that competition is good, and it is extremely needed in the realm of service managers
<emily>
infinisil: the bdfl kiss of death, I see :/
<infinisil>
"Yeah, okay, apparently I can create an out-of-tree module that sets system.activationScripts.users = lib.mkForce "" and then does what this PR does in lieu of the default behavior."
<emily>
love too reimplement half of nixos out of tree and monkeypatch it in
<infinisil>
I wouldnt' mind seeing a third-party module that does this
<{^_^}>
[nixpkgs] @renatoGarcia opened pull request #86029 → pythonPackages.icecream: init at 2.0.0 → https://git.io/Jft0n
<notgne2>
also, I consider SystemD's solutions to be volatile, something which is either going to change or be replaced, and having the NixOS modules chase SystemD down their path of evolution seems like wasted effort in comparison to making an abstract interface, and having the implementation make the best use of the features at the time
<emily>
notgne2: honestly I mostly just feel like once you're ripping out all the systemd code why not just throw everything out and improve all the big language / build system warts holding things back too, and at that point you're just writing a pie-in-the-sky second system
<emily>
the advantage of nixos is actually existing and having a whole bunch of working existing code, so i'm naturally inclined to incrementalism where the "first system" is concerned and don't see that moving away from systemd ties would actually give much pragmatic benefit
reallymemorable has joined #nixos
<emily>
notgne2: sadly after doing 90% of a PR's work in code you have to do the other 90% in politics :)