<bqv>
i know some people don't like the idea, but i am quite happy that flakes might end up federating out some of the management of nixos architecture, so it's actually fully configurable and not just configurable within the bounds of what can actually be agreed by committee
<infinisil>
notgne2: A good reason to not merge something like this is that it adds a bunch of complicated code that is probably tested by only very few people, and that in a core part of NixOS
smatting has quit [Ping timeout: 240 seconds]
<infinisil>
notgne2: I think this wouldn't be a problem if the whole functionality can be put into a separate module file though
<{^_^}>
[nixpkgs] @bhipple merged pull request #86023 → ncview: Unmark as broken on 20.03 → https://git.io/Jft0P
<{^_^}>
[nixpkgs] @bhipple pushed 2 commits to release-20.03: https://git.io/Jft0X
<notgne2>
if nothing else happens, I'm (soon) going to be working on maintaining a derivative of #64594 anyway (and would happily continue to do so if it were merged), so I'm not the most concerned with it being merged, but an abstract service manager interface is something only really useful if upstreamed
<notgne2>
I'm not implying this is a servicemanager wars scenario, but just for your assurance, I wouldn't be building it so I can run a SystemD-less system (until my friend's init is finished at least), but just to clean things up and make some alternative usages (NixOS as.... not an OS, etc) easier
<emily>
infinisil: I think it would be more of a maintenance burden and more likely to break if it was in a separate module away from the code it uses/depends on
<infinisil>
emily: Hm I guess it's not too much yeah, I think a bunch of the changes are just clean ups/fixes too
<notgne2>
infinisil: is there anything I can do to propose the idea of a more abstract systemd interface, to gauge if it's worth it before writing all the code
<infinisil>
emily: Probably better to have a nixos test if the functionality should prevail though
<emily>
infinisil: we could even out the maintenance burden by dropping support for the legacy mutableUsers feature >:3
<niso>
notgne2: maybe write an rfc?
<infinisil>
emily: Is it legacy?
<emily>
infinisil: it is in my eyes!
<infinisil>
notgne2: Yeah an rfc sounds like a decent idea, or even just an rfc draft
<notgne2>
I think that would involve a fair amount of design to begin with, idealy I'd get to propose the general idea, and then an RFC, and then the implementation
<notgne2>
or would a relatively vapid RFC just generally describing it without any API also be acceptable, I'm not familiar with the process
<emily>
infinisil: I could only imagine using mutableUsers if I was using some cursed software that used Unix accounts for end-user registration or something personally
<emily>
and then my first priority would be to stop using that cursed software
<infinisil>
emily: I think there's a bigger scheme here though, namely that sometimes you want to be able to quickly configure things at runtime
<infinisil>
Because rebuilding for tiny changes gets old quick
<notgne2>
infinisil: well I can't edit other files in /etc without summoning some evil forces anyway.....
<infinisil>
Really slow dev cycle
<emily>
it really doesn't
<infinisil>
emily: It does for me, my rebuilds take like 30 seconds!
<emily>
i do it for everything and it's fine. i mean, it sucks a bit, but i'd rather optimize that than break the whole model
<emily>
infinisil: how often do you add new users exactly? :p
<infinisil>
Well maybe not with users
<infinisil>
But e.g. a systemd script
<emily>
I already bit the bullet for packages and it's way worse there
<infinisil>
Tiny bash error? Wait for another rebuild
<infinisil>
Repeat for every bash error
<emily>
shrug. it's a personal decision but I feel like NixOS is all about doing the weird inconvenient things because they're actually more convenient in the end
<infinisil>
Could probably use shell check yeah, but this is just an example
<notgne2>
infinisil: hey, an abstract inteface could lead to some easier testing ;))
<emily>
infinisil: more reasons to optimize rebuilds :p
<MichaelRaskin>
Dunno, cutting package sets into separately-rebuildable envs is pretty nice
<emily>
doing less in the activation script would also help here >.>
<MichaelRaskin>
emily: read-only /etc?
<infinisil>
emily: Other example: You want to configure the color scheme of your editor. You change a color, rebuild, see if you like it, repeat
<MichaelRaskin>
(I do have it already, but it is not literally on NixOS)
<emily>
MichaelRaskin: I'd like that!
<infinisil>
emily: Commonly you'd just move some sliders around, which is *much* quicker
<emily>
we were just talking about generating /etc/passwd at build time, which is like 0.1% of that :p
cosimone has quit [Remote host closed the connection]
<MichaelRaskin>
Not really
<notgne2>
infinisil: I already solved my editor color editing problem much more smugly, I have a module that configures all my applications to any given base16 colors
<infinisil>
notgne2: Ah nice, I want something like this too :o
<MichaelRaskin>
That's enough to run a few NixOS VM tests
<emily>
infinisil: move some sliders around? I have a Python script that uses a colour theory library to programmatically generate colour scheme palettes.
<emily>
infinisil: it's only a matter of time before I plug that directly into the terminal configuration via NixOS builds.
<MichaelRaskin>
emily: really, having only one huge thing to rebuild is not mandatory.
<infinisil>
emily: Hehe yes, but I hope you get what I'm saying
<energizer>
i've seen a system for running Nix on Sun Grid Engine, but I can't find it now. Anybody know what I'm thinking of?
<emily>
infinisil: every problem can be solved by making the next layer up declarative, including your life!!
<MichaelRaskin>
And having separable services also means a better migration trajectory for people currently on legacy distributions
<emily>
infinisil: I do agree, but I lean towards having as much tracked as possible. You tweak some sliders and then you lose the values and you curse yourself for never being able to reproduce your favourite colour scheme
<infinisil>
emily: Soon you'll be replacing your database update operations with a nixos-rebuild!
<emily>
infinisil: we should make it more convenient to track everything in NixOS and keep your system as a coherent built entity, rather than resigning ourselves to its inconvenience and breaking the model all over the place. imo.
<notgne2>
infinisil: where is the general place to start for making an rfc draft
<MichaelRaskin>
emily: the correct way is constructing a _small_ environment, rebuild only that, then decide into which rebuild unit (and the deployment still has multiple) to integrate
<emily>
MichaelRaskin: surprisingly little
<MichaelRaskin>
Well, it is intended for a kind of cop-out use
<infinisil>
emily: What I'm thinking is that it might be possible to have a generic way to allow an option to be dynamically adjustable. E.g. you could do `nixos-change-option foo.bar new-value`, and it would change the runtime files immediately with the adjustments, in a way that doesn't persist across reboots
<MichaelRaskin>
You _need_ something writeable that is expected to be an /etc subdir? Put a symlink
<infinisil>
emily: And this would only work for options that declared support for this
<emily>
infinisil: I appreciate that your goals are real, but I think you need to be very careful to not just reinvent Puppet/Chef/Ansible/Salt/..., because people come to NixOS from those tools to a reason, and I think it's really important not to compromise the guarantees and model NixOS gives you just to close the convenience gap
<MichaelRaskin>
infinisil: allow cutting into smaller pieces, and this would not need to complicate the entire model
proofofkeags has quit [Remote host closed the connection]
<infinisil>
emily: Hmm that is a point..
<{^_^}>
[nixpkgs] @khumba opened pull request #86030 → claws-mail: add the litehtml_viewer plugin → https://git.io/Jft0h
<MichaelRaskin>
NixOS model of options is too complicated already, I even gave up on it in favour of self:super: idiom
<bqv>
<infinisil> It does for me, my rebuilds take like 30 seconds!
<bqv>
i am envy
<bqv>
mine take up to 5 minutes on my desktop and i still can't figure out why
<MichaelRaskin>
On the other hand, having nix-darwin only on Linux…
<emily>
infinisil: a lot of the change ought to come from downstream software
<emily>
infinisil: a lot of what we do to make stuff isolated and declarative on nixos would be unneeded if software more cleanly handled that stuff by default, but there's also stuff like "offering a live reconfiguration API/unix socket/..."
<infinisil>
I am a bit conflicted
<emily>
of course, it would be nice to then have a nix-y interface to these live configuration APIs, but I think trying to basically implement our own dynamic configuration stuff for convenience would just be a messy layering violation
<infinisil>
emily: What if we had an interface to change NixOS options live
<infinisil>
Change one, and it would immediately rebuild and do everything to apply the change
<emily>
basically, "have a config backend that isn't just nix code"?
<emily>
I think that would be a good thing overall but there's a large number of architectural questions you end up with
<infinisil>
Well it could be Nix code, or json or so, to save the customizations done in that UI
<bqv>
yikes
<infinisil>
emacs does something like that with its customizations
<emily>
I think you need to start with a very clear goal you're trying to achieve and why your design helps achieve it
<emily>
there's lots of use-cases where this kind of thing is actively harmful and you want everything as static as possible
<emily>
e.g., immutable infrastructure servers
<emily>
"just patch this config live" is a security and ops risk from that perspective
<emily>
and nixos is way more dynamic than it should be for that usecase
<infinisil>
energizer: Ah yeah, that's close!
<emily>
obviously that's not the 90% case, but it's also notably the case that is in many ways most in line with nix(os)'s philosophy
<energizer>
emily: what is dynamic about nixos?
<emily>
desktops are always going to compromise the model more
<MichaelRaskin>
«every computer is either for serving web pages or for displaying web pages~»
<emily>
energizer: everything that happens in activation scripts -- we were just talking about update-{users-groups,etc}.pl for instance
<energizer>
emily: oh yeah i had a very puzzling experience with activation scripts recently
<energizer>
do we really need those?
<infinisil>
energizer: Yup!
<emily>
energizer: no :P
<emily>
(actually yes, but not as much as we have, but then that's what we were all just squabbling about)
<infinisil>
The activation script does the actual work of activating NixOS
ajs124 has quit [Quit: killed]
das_j has quit [Quit: killed]
Scriptkiddi has quit [Quit: killed]
mrpi has quit [Quit: killed]
<infinisil>
E.g. nixos-rebuild is pretty much a wrapper around `$(nix-build <the system>)/activate`
<infinisil>
Without calling activate, nothing would happen
<energizer>
what if i dont want anything to *happen* :)
<bqv>
really activation is just setting up the filesystem/mounts, and starting/stopping some processes. latter is mostly the job of init, former could be done with a virtual filesystem
<emily>
MichaelRaskin: fwiw I do think that crusty systems with mutable state and uptime guarantees and the like are important to support!
<emily>
MichaelRaskin: I just also think that it helps to start with the most crystalline version of the model so that you can figure out the most principled ways to depart from it to accomplish your practical goals
<infinisil>
energizer: Unfortunately we live in a stateful world!
<energizer>
infinisil: bqv's story seems fairly pure, no?
<emily>
bqv: yeah, if you squint at /run/current-system/activate enough it looks like 1% of a container management system
<infinisil>
Unless the universe somehow happened to create a usb stick with exactly the nixos config you need, you'll have to create it yourself :P
<emily>
bqv: having a more first-class namespaces story would be good for both service and generation management in nixos imo
<energizer>
infinisil: but i dont need to change one system into a different system. i can create the system i want, and then just start using it instead of the old one
<bqv>
yeah
<emily>
bqv: it'd also let you do more home-manager type stuff... i've imagined "what if every user has their own system config (to some extent, not all options, ofc) and PAM magic on login gets you your own container"
<emily>
(this also would let you do things like the systemd-homed-style home directory encryption nicely)
<energizer>
emily: yaaaassss
<energizer>
my own personal nix store plz
<infinisil>
That would be pretty nice, especially for secret management too
<bqv>
ha! yeah, true
<infinisil>
I think that's probably the most realistic idea for having secret support
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/JftE8
<infinisil>
bqv: I'd love to see the activation script get smaller though
<energizer>
my favorite idea is the one where you only get access to a build artifact if you have a derivation that builds it, but i believe the people who say that's too hard
das_j has joined #nixos
Scriptkiddi has joined #nixos
mrpi has joined #nixos
ajs124 has joined #nixos
<infinisil>
I'll head off now though, was nice discussing with everybody :D
<bqv>
:)
<emily>
energizer: I'd love an objcap store, yeah
glittershark has quit [Quit: ZNC 1.7.5 - https://znc.in]
glittershark has joined #nixos
<energizer>
makes me think of stupid ideas like nixos on the blockchain
<bqv>
oh god
<MichaelRaskin>
blockchain is the opposite of objcap
<energizer>
i can't wrap my head around that sentence MichaelRaskin
<bqv>
i don't see how blockchain is remotely useful to any part of nixos
<bqv>
but as ever, that won't stop people trying to apply it
<ashkitten>
just remembered hiveway
<est31>
git is a blockchain
<ashkitten>
git is not a blockchain
<est31>
nixos uses git
<est31>
so nixos is built on blockchain
<colemickens>
more like nix store in ipfs or something
<bqv>
git is based on something similar to merkel trees, git is not a blockchain
<est31>
ashkitten: git is a chain of hashed blocks
<ashkitten>
i don't remember the specific distinctions but it was very clearly explained why git is not a blockchain
chagra has quit [Ping timeout: 244 seconds]
<energizer>
MichaelRaskin: but i am interested if you want to explain :)
<est31>
and decentralized
<colemickens>
I wonder if a nix channel could be published as a dat archive. hm
<est31>
and where are merkle trees in git
<est31>
blockchains have them yes
<est31>
but git doesn't
<est31>
at least not pure merkle trees
<bqv>
a sequence of commits are a chain of hashes that can be read off to verify integrity in the same way blockchain does, besides that there are no similarities between git and blockchain. even the "distributed" aspect is entirely different
<est31>
there's no proof of work
<est31>
but that's no requirement for a blockchain
<MichaelRaskin>
objcap assumes single source of authority for each thing then authority to perform some operations — possibly destructive — can be delegated
<hexa->
git is mutable, blockchains aren't
<est31>
blockchains are very mutable
<bqv>
square peg, round hole...
<est31>
if I had infinite compute capacity, I could disown satoshi
<est31>
because I could start from the genesis block of btc
das_j has quit [Quit: killed]
mrpi has quit [Quit: killed]
Scriptkiddi has quit [Quit: killed]
ajs124 has quit [Quit: killed]
<MichaelRaskin>
Blockhains are for picking a coherent version of history without giving any side complete authority
<est31>
and mine a longer chain than the current one
<hexa->
but you haven't, so you can't, so satoshi is safe
<est31>
MichaelRaskin: those are low level differences
<bqv>
est31: so ok, blockchains involve consensus negotiation, git never does
<est31>
hexa-: double spend attacks for minor chains are quite cheap
<bqv>
and if you say consensus algorithms aren't a requirement for blockchain you definitely need to lay off the pipe
<energizer>
MichaelRaskin: i'll have to meditate on that
<est31>
bqv: git is a basic consensus algorithm
<evelyn>
colemickens: for later pressing onto 1987's finest advance in storage technology, the digital audio cassette? :)
<est31>
bqv: there are humans in the loop though
<est31>
bqv: git makes consensus establishment easy for humans
<est31>
bqv: as in someone sends a PR
<ashkitten>
why are we even arguing about this
<bqv>
est31: why are you like this
<multun>
wtf are you talking about
<est31>
it's basically equivalent to requesting your payment to be included into the official blockchain
<est31>
bqv: like what?
<est31>
defending an opinion?
<notgne2>
I take back my previous opinion that a service manager war is the worst thing that could happen in this channel
smatting has joined #nixos
<bqv>
lmao
<MichaelRaskin>
notgne2++
<{^_^}>
notgne2's karma got increased to 4
<multun>
notgne2++
<{^_^}>
notgne2's karma got increased to 5
<est31>
all I'm saying is that blockchains existed before satoshi created bitcoin
<est31>
but maybe it's a question of definition
<est31>
idk
<multun>
please stop
<est31>
anyway, offtopic discussion
<ashkitten>
i'd say we should move this to -chat but we should really just stop
<colemickens>
evelyn: oh no, I think I'm missing your reference; just in case this is what I meant: https://docs.dat.foundation/
<notgne2>
actually somewhat ontopic, whatever happened to some form of NixOS IPFS integration
<notgne2>
or just Nix rather
<bqv>
i think it's still going, last i recall
<bqv>
definitely a cool idea
<colemickens>
I thought somehow CAS store tied into nix/ipfs and it seems like I saw something about someone working on that in graham's last twig dev update?
<notgne2>
I don't think I really caught up to much of the discussion about it, will it ever be possible to have something like the derivation outputs being available and addressed by hash from other machines? so for instance all the devices on my network will be able to read at least certain derivations from machiens that already have them?
<nisstyre>
MichaelRaskin: multiple capabilities can reference the same resources, so there's no "single source of authority" in an ocap system
<nisstyre>
and multiple people can hold those capabilities too
<nisstyre>
they're decentralized by design
<nisstyre>
of course you can have modulators (i.e. a proxy you have to go through to access it)
<bqv>
i know i should read the rfc, but i don't understand how that can even begin to work theoretically - how can you hash something that might include said hash
<MichaelRaskin>
nisstyre: I meant the source of issuing these capabilities in the first place
<nisstyre>
MichaelRaskin: you mean the ambient authority of whatever system created them in the first place?
<emily>
bqv: replace with placeholder
<emily>
bqv: nix already deals with that kind of thing
<MichaelRaskin>
bqv: Nix already has that for derivations, basically, you stub out stuff
<emily>
bqv: (consider that derivation text can reference $out which depends on derivation hash)
<nisstyre>
I guess that is sort of true, yeah, someone has to hand out a capability in the first place and then either derive new ones, or limit it somehow
<colemickens>
"At Alibaba, every month Dragonfly is invoked two billion times and distributes 3.4PB of data. Dragonfly has become one of the most important pieces of infrastructure at Alibaba."
lunaa has joined #nixos
alexherbo2 has quit [Ping timeout: 265 seconds]
markus1189 has joined #nixos
markus1199 has quit [Ping timeout: 240 seconds]
fusion809 has joined #nixos
CrazyMind102 has joined #nixos
codygman has quit [Read error: Connection reset by peer]
zeta_0 has joined #nixos
codygman has joined #nixos
reallymemorable has quit [Quit: reallymemorable]
<zeta_0>
is it ok if i set the PATH environment variable of shellHook in shell.nix to `export PATH=/usr/local/bin:/usr/bin:/bin` ? i'm not sure if mkShell needs to be set differently than the bash shell installed in home.nix ?
<zeta_0>
that's why i have that question about the PATH env var
<bqv>
colemickens: i think since ipfs devs have expressed interest in cooperating, best go that road
<colemickens>
hm, I have thoughts that I won't share here, but I don't disagree.
<colemickens>
that having been said, I think someone with a spare couple hours could hack something together that works with dragonfly now
<colemickens>
however, I can't even figure out how to join their real-time chat community so :S
sigmundv_ has joined #nixos
<cole-h>
zeta_0: What are you trying to accomplish by setting PATH?
<colemickens>
(I have had big hopes for ipfs and feel like much has been hyped for many years. I've started relocating some of that hope elsewhere recently.)
<bqv>
heh
<bqv>
i mean i currently use it as a pastebin :p
das_j has joined #nixos
Scriptkiddi has joined #nixos
mrpi has joined #nixos
ajs124 has joined #nixos
iyzsong has joined #nixos
sigmundv__ has quit [Ping timeout: 240 seconds]
<emily>
afaik ipfs is non-workable for hydra
<emily>
it can't sustain anything like the write load hydra pushes to S3
<emily>
so it certainly can't be a one-size-fits-all option for binary caches
<zeta_0>
cole-h: my setup for nix-shell is: (lorri+direnv+emacs-direnv) which works great, but the only issue that i'm having so far is ghcide is not recognizing the haskell modules that i try to import, like the Yesod module from the yesod package, so i'm guessing that emacs is not detecting the environment variables set in my shell.nix file
<bqv>
hydra might not need to exist if ipfs worked for nix
<emily>
bqv: I mean... the same packages are going to have to be built, whether it's hydra or a bunch of other nodes
<emily>
the total sustained write bandwidth would increase with a more distributed system if anything
<colemickens>
zeta_0: wrong cole btw
* colemickens
has no idea what the binary cache size is even like
<colemickens>
there's probably a prom graph for cache.nixos.org stats :P
<emily>
i forget what the figure was given here for how fast hydra writes to s3 but it's pretty fast
<zeta_0>
colemickens: sorry about that
<emily>
i think it was like xx MiB/s or something
<emily>
dunno whether that's continuous, averaged out, peak, or what, but in any case it seemed to be well beyond ipfs's capabilities
<zeta_0>
cole-h: i accidentally messaged colemickens instead of you, so read that stuff
<bqv>
i was envisioning that rather than have a centralized cache we use ipfs as a distributed cache, and yeah that will increase load on the entire network, but surely less than having one ipfs node writing petabytes
<cole-h>
haha
<bqv>
so users build and upload, rather than the hydra servers. hydra only serves to evaluate and check
<emily>
you two coles should just coordinate and swap info, it would be more efficient
<bqv>
that said, ipfs is definitely slow, but is that due to lack of users/critical mass or just innate to the protocol?
Scriptkiddi has quit [Quit: killed]
ajs124 has quit [Quit: killed]
mrpi has quit [Quit: killed]
das_j has quit [Quit: killed]
<bqv>
because latency aside it seems reasonably snappy
<emily>
bqv: my cynical take is "who knows, but the fact that they pivoted to making a cryptocurrency out of it suggests that practical scaling concerns may not be forefront on their mind"
<emily>
I'd love to be proven wrong though
<bqv>
mm
<zeta_0>
cole-h: so what would recommend that i do to make sure ghcide recognizes the haskell modules of a project initialized by lorri in emacs?
<colemickens>
in lieu of perf improvements, I've been disappointed that certain applications haven't really come to light
<cole-h>
zeta_0: Sorry, I can't really help; I don't use Haskell, and all my shell.nix's have Just Worked™
<colemickens>
or they keep iterating on the unix fs representation stuff and who knows what's going on
WhatisRT has quit [Ping timeout: 260 seconds]
<zeta_0>
colemickens: it's ok i'll try that emacs tool to see if it fixes this ghcide issue
<{^_^}>
[nixpkgs] @TimPut opened pull request #86032 → kstars: init at 2.9.8 → https://git.io/JftzW
<colemickens>
I just wish there was more content, or I was exposed to it more? Their lightening talks on youtube, some at least, are super interesting.
<zeta_0>
colemickens: sorry again
<colemickens>
and I guess netflix is experimenting with ipfs/ipld for container image distribution?
<colemickens>
idk, still think dat is giving them a run for their money on useful user-facing applications
<colemickens>
zeta_0: no problem, more worried about making sure the right person sees your message ;)
<bqv>
i wish people could just develop and appreciate cool tech for just being cool, rather than for solving a specific problem, though
<cole-h>
Why not both?
<bqv>
sure
<bqv>
just, specifically requiring the latter ends up being the downfall of so many otherwise awesome things
<bqv>
be more like mathematics, innovate now, find applications later :)
<bqv>
it's been decades, i'm still waiting for a useful application for fractional calculus...
cantstanya has quit [Remote host closed the connection]
cosimone has quit [Quit: Quit.]
thePiGrepper has joined #nixos
cantstanya has joined #nixos
<thePiGrepper>
hi, quick question .I'm trying to install a C toolchain, I tried installing gcc and binutils, but apparently they conflict on ld. what can I do?
<Wulfsta>
The config is TOML, which begs the question: can I import a TOML file from another TOML?
proofofkeags has joined #nixos
<Wulfsta>
I want to point to the user's .config directory, and it seems like something that should be explicitly doable rather than hoping that it falls back by default.
<energizer>
a toml file cannot import anything
<Wulfsta>
energizer: I believe you, but I can't find the syntax for it
<Wulfsta>
Oh you said cannot
<Wulfsta>
Oops
gentauro has quit [Read error: Connection reset by peer]
<Wulfsta>
So then can I override the ExecStart?
gentauro has joined #nixos
aw has quit [Quit: Quitting.]
spacefrogg has quit [Quit: Gone.]
aw has joined #nixos
spacefrogg has joined #nixos
<{^_^}>
[cabal2nix] @nh2 opened pull request #453 → Improve READMEs, reproducibility, and make contributing easier → https://git.io/Jftg7
orivej has quit [Ping timeout: 256 seconds]
felixfoertsch23 has joined #nixos
sigmundv_ has quit [Read error: Connection reset by peer]
turona has quit [Ping timeout: 272 seconds]
sigmundv_ has joined #nixos
felixfoertsch has quit [Ping timeout: 265 seconds]
felixfoertsch23 is now known as felixfoertsch
bqv has quit [Read error: Connection reset by peer]
bqv has joined #nixos
khumba has quit [Quit: Leaving]
zupo has quit [Ping timeout: 246 seconds]
bkv has joined #nixos
bqv has quit [Ping timeout: 240 seconds]
luigy has left #nixos [#nixos]
<qy[m]>
i really wanna know which *****y piece of software it is that keeps creating ~/Desktop
<qy[m]>
can anyone think of the best way to do that
<Wulfsta>
I think I'll just alias `spt` to start spotifyd and then stop it upon exit
noonien has quit [Quit: Connection closed for inactivity]
<nh2>
qy[m]: you could use https://github.com/jeffwalter/fsnoop to list all file operations happening on the disk, then you will surely find the process that creates ~/Desktop
Kyndig has joined #nixos
<qy[m]>
nh2 (IRC): wonderful! thank you
<Kyndig>
shouldn't the following put me in a shell ready to build glibc, but not having started the build yet? nix-shell --pure -A glibc '<nixpkgs>'
<nh2>
qy[m]: it's not packaged in nixpkgs yet but I just tried it and `make` compiles it just fine from git
<Kyndig>
trying to troubleshoot glibc build, but that nix-shell command is building not only glibc dependencies, but it's trying to build glibc itself..
<nh2>
qy[m]: it seems to not run for me on NixOS though, seems to not be able to use fanotify functions even though `CONFIG_FANOTIFY=y` is set in the kernel config
<Kyndig>
without me having run any of the phases yet
zupo has joined #nixos
<qy[m]>
oh :(
<nh2>
Kyndig: I also haven't _really_ figured out how to get dev shells for non-Haskell-packages yet, but try running `nix-instantiate` on the thing and then `nix-shell` on the `.drv` that it outputs
<nh2>
qy[m]: seems to be some compile-time problem
waleee-cl has quit [Quit: Connection closed for inactivity]
<qy[m]>
yeah the compile looks odd
<nh2>
qy[m]: ah no, I see what the problem is. In my environment if I just compile with `make`, there is `linux-headers-4.19` (even though I run 5.4). And `FAN_CREATE` is only in Linux >= 5.1
zeta_0 has quit [Quit: rcirc on GNU Emacs 26.3]
<emily>
qy: I have considered using AppArmor to stop things writing to dotfiles :P
<nh2>
qy[m]: so if we package `fsnoop` properly, it should work.
<emily>
qy: if everything else fails then a mandatory access control security module should let you track it down or at least block it
<nh2>
qy[m]: also when you've figured out what writes it, you can use `strace` to get the full details of how it does it and some hints on how it decides it
<qy[m]>
ah ok
<emily>
you can't actually rely on fanotify/inotify iirc, they can drop events (though it's purely academic in this case)
<qy[m]>
emily: ha, clever.
<qy[m]>
i do have it enabled
<qy[m]>
i did the readonly /home thing for a while until it actually broke my system
<qy[m]>
hmm
<emily>
qy: you should try setting $XDG_CONFIG_HOME. then you can get mad at stuff that hardcodes ~/.config
<emily>
"you were so close"
<emily>
looks like right now I have ~/.cache and ~/.local but no ~/.config, 1/3 isn't bad :')
<nh2>
qy[m]: do you know how to package stuff? If yes, please give it a shot and let me know, as I have to go to bed, it's' 05:30 here :)
<qy[m]>
emily: lmao
<qy[m]>
nh2 (IRC): yeah i'll sort it don't worry
reallymemorable has quit [Quit: reallymemorable]
<qy[m]>
i have other priorities at the moment anyway, but at least i know i can use that now
<nh2>
or should it be the oldest one we have or something?
<qy[m]>
20.03 is just way behind
<nh2>
qy[m]: no, the default kernel on 20.03 is `5.4.33`, I run it right now
<nh2>
so that's much newer than 4.19
<qy[m]>
oh huh
<qy[m]>
doesn't linuxPackages.kernel have a dev output?
<qy[m]>
can just use that instead
reallymemorable has quit [Quit: reallymemorable]
<nh2>
qy[m]: something is fishy in my setup, I don't have `linuxPackages_5_4` will check tomorrow
proofofkeags has quit [Remote host closed the connection]
<qy[m]>
heh, ok
<nh2>
aha, I have 19.09 still in my non-root-user's `nix-channel --list`
rogue_koder has quit [Ping timeout: 260 seconds]
<nh2>
qy[m]: `nix-shell -p linuxPackages_5_4.kernel.dev` doesn't help though, still takes it from the 4.19 headers via `/nix/store/c9l946swbx2v67mwamd3vrypha4l9nz0-glibc-2.30-dev/include/linux/fanotify.h`
<qy[m]>
¯\_(ツ)_/¯ not sure then
<clever>
nh2: there is a guide on building kernel modules in the nixpkgs manual
<clever>
nh2: you need to shell int the wrong thing initially, and use some env vars
<qy[m]>
it's not actually a kernel module, i thought, it just uses fanotify
Kyndig has left #nixos [#nixos]
<clever>
if your doing userland stuff, you probably want to stick to the one glibc provides
<{^_^}>
[nixpkgs] @zowoq opened pull request #86035 → buildGopackage: use installShellFiles, update completions/manpages → https://git.io/Jft2h
chagra_ has joined #nixos
<qy[m]>
that's an overcomplication, is there seriously no way i can just get nix to not delete the object?
proofofkeags has joined #nixos
<clever>
qy[m]: add a `set -x` to one of your build phases, and then look at the logs to see which phase/hook is doing it, then change the settings so it doesnt
<cole-h>
Could also try `phases = [ "buildPhase" "installPhase" ];` -- I imagine that stuff might be cleaned in fixup or something
<qy[m]>
might be a pain, since it's a runCommandCC...
<qy[m]>
but i'll have a fiddle
<clever>
qy[m]: runCommandCC doesnt run the fixupphase
<clever>
qy[m]: what exactly are you trying to do?
<qy[m]>
all i'm trying to do is run g++ to turn a .c file into an object, and have the object be the derivation result
<qy[m]>
sure i'm using libtool, and sure it actually generates two files theoretically, not one, but that's all
<clever>
qy[m]: can you pastebin the nix expr you have? and the result of building it?
<qy[m]>
the .o is not coming through though, and i don't think that's libtool's or g++'s issue
<clever>
qy[m]: did you copy it to $out ?
<qy[m]>
i could, but it's nested in a nix file that's nearly a thousand lines long, so you really don't want me to
<qy[m]>
i built it straight to $out
<qy[m]>
(or specifically $out/.libs/blah.o and $out/blah.lo)
<clever>
qy[m]: what was the full output when building?
proofofkeags has quit [Ping timeout: 260 seconds]
<qy[m]>
for those runCommandCCs, looks like it just outputs a normal libtool output, and a warning about unused input due to the fact that i'm not linking (which is irrelevant)
<clever>
qy[m]: immediately after you build, run ls on the dir where you put the .o file, is it there?
<clever>
within the same derivation
endformationage has quit [Ping timeout: 246 seconds]
<qy[m]>
huh, no it's not. the .lo file is there, the .o file is not....
<clever>
qy[m]: then nix didnt remove it, you never created it to begin with
<qy[m]>
i'll try doing it in the build dir first
<cole-h>
How are you "buil[ding] it straight to $out"?
<qy[m]>
oh, nevermind, this is me being an imbecile. that warning was actually quite relevant, i was using $ccFile instead of ${ccFile} so libtool was trying to compile empty space
<cole-h>
;^)
alex_andert has quit [Remote host closed the connection]
xO1 has joined #nixos
fusion809_ has joined #nixos
<qy[m]>
hooray, it works much better now. onto the next stage of this heresy
lunaa has quit [Ping timeout: 240 seconds]
<colemickens>
is there a tofu helper for cargoSha256?
<colemickens>
a nix-prefetch-cargo-sha256 perhaps
<qy[m]>
do tofu
<qy[m]>
then do `nix to-base32`
<qy[m]>
oh, sorry, i misread
<qy[m]>
that solves a completely different issue
<cole-h>
colemickens: 95% positive the answer is no
<Wulfsta>
So I want to only run spotifyd when running spt (spotify-tui), but I cannot figure out how to approach this from a nixos standpoint. I was thinking that creating a user service and aliasing the spt command would work, but `enabled=false` even masks user services.
<Wulfsta>
Does anyone have advice?
<clever>
Wulfsta: you want enabled = true; and then change wantedBy to control if it auto-starts or not
<vanillaicecream>
Hi all! I'm trying to build a package using Crystal, and I'm running into very peculiar errors. Specifically, I'm trying to use `openssl` for a Crystal program, but I'm constantly getting linker errors. It seems like the packages require an old version of openssl (1.0.2), which I pass in as `buildInput`; despite this, the `gcc` command seems to use
<vanillaicecream>
`-L...openssl-1.1.0...`. Any advice?
<Wulfsta>
clever: What would the target for that look like?
rogue_koder has joined #nixos
<Wulfsta>
clever: does this just entail removing `after=...` and putting those targets in wantedby?
<Wulfsta>
oops, wantedby -> wants
<clever>
Wulfsta: after and wantedby are seperate things
<clever>
Wulfsta: after just controls the order of starting things, and forces something else to start first
<clever>
Wulfsta: wantedby makes your thing start before something else
<freeman42x[m]>
hmmm, getting this on rebuild for 19.03: `warning: unknown setting 'sandbox-fallback'`
<Wulfsta>
Oh, so emptying wantedby does this?
<clever>
Wulfsta: yeah
<clever>
freeman42x[m]: that can happen when mixing nix versions with your nix.conf version
<freeman42x[m]>
clever: what does that mean? I have never used any nix.conf as far as I recall
<clever>
freeman42x[m]: it usually solves itself after the build is done
<Wulfsta>
clever: thanks!
<freeman42x[m]>
clever: ah ok, cool
chagra_ has joined #nixos
ivegotasthma has quit [Quit: ZNC 1.7.2+deb3 - https://znc.in]
<HedgeMage>
Does anyone have advice on managing xdg-open issues in NixOS without a desktop environment (I'm running i3)? I have oauth2 login workflows breaking where an application is either unknown to my browser or the applicaiton is differently named on NixOS (case in point: zoommtg:// URIs need to go to zoom-us not zoom)
Wulfsta has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixpkgs] @c00w opened pull request #86036 → Get rid of go 1.13 → https://git.io/Jftay
<hyper_ch>
nh2: :) that would also solve the problem I had with qemu/kvm :)
<rsaarelm>
I'm thinking of jumping from GNU stow to home-manager to manage my dotfiles, but I also want the dotfiles on a machine that doesn't have nix. Is there any established routine for handling this (eg. home-manager generates set of dotfiles for non-nix machine in an empty directory, then you rsync that to the home directory on the non-nix machine)?
emptyflask has quit [Ping timeout: 260 seconds]
<freeman42x[m]>
which IRC clients from nixpkgs besides IRSSI, HexChat, Quassel, KVIRC, Pidgin I could try and are good?
<bkv>
weechat
virus_dave has joined #nixos
<freeman42x[m]>
bkv: I heard it requires a plugin for IRC. Is it good?
maddo has joined #nixos
<bkv>
the plugin is builtin and the entire point of it
Heirlung has quit [Ping timeout: 260 seconds]
<bkv>
it's better than every other one you listed, but that's my opinion
<Mic92>
infinisil: do you know a way to capture all arguments passed by nix-build --arg foo 1 and pass them on to another function ?
felixfoertsch has quit [Ping timeout: 265 seconds]
felixfoertsch23 is now known as felixfoertsch
<evils>
lucus16: are you around? i'm running into a gnat issue when trying to build coreboot's toolchain
vanillaicecream has quit [Remote host closed the connection]
<infinisil>
Mic92: Nope, don't think that's possible
das_j has quit [Ping timeout: 240 seconds]
ajs124 has quit [Ping timeout: 240 seconds]
<Mic92>
infinisil: Ok, what I was trying to do is writing a nix expression file that imports a user defined one and pass all arguments to it for https://github.com/Mic92/nix-build-uncached
mrpi has quit [Ping timeout: 246 seconds]
noudle has quit []
Scriptkiddi has quit [Ping timeout: 260 seconds]
orivej has joined #nixos
<infinisil>
Oh neat project
FRidh has quit [Quit: Konversation terminated!]
<infinisil>
Mic92: You can use -E and then something like callPackage
emilsp has joined #nixos
<Mic92>
infinisil: yeah, this would require me to parse --arg and --argstr invocations, I think.
waleee-cl has joined #nixos
domogled has joined #nixos
<infinisil>
Mic92: Would it be possible to just forward all args for the whole command to Nix directly?
<infinisil>
nix-instantiate "$@", then read outPath of all the resulting drvs
ajs124 has joined #nixos
Scriptkiddi has joined #nixos
das_j has joined #nixos
mrpi has joined #nixos
<Mic92>
infinisil: can you than built all at once?
brent__ has joined #nixos
<Mic92>
Ah.
<Mic92>
I think I see what you mean.
<{^_^}>
[nixpkgs] @samhug opened pull request #86044 → vimPlugins.coc-rust-analyzer: init at 2020-04-24 → https://git.io/JftrN
asheshambasta has joined #nixos
inkbottle has quit [Ping timeout: 244 seconds]
mchasard has joined #nixos
zebrag has joined #nixos
<infinisil>
(not sure if this is what you're asking, but to build .drv files returned from nix-instantiate you can nix-store -r them)
<infinisil>
Or get outPath (and other ouputs) through nix show-derivation and try to cache query that then
fusion809_ has quit [Ping timeout: 240 seconds]
<infinisil>
(But maybe a more stable interface than nix show-derivation)
<Mic92>
infinisil: I already the all derivation paths when using `nix-build --dry-run`.
<{^_^}>
[nixpkgs] @zimbatm merged pull request #86036 → treewide: Get rid of go 1.13 → https://git.io/Jftay
<{^_^}>
[nixpkgs] @zimbatm pushed commit from @c00w to master « Get rid of go 1.13 (#86036) »: https://git.io/Jftrx
chloekek has joined #nixos
<Mic92>
infinisil: the problem is that the new `nix build` crashes if I pass many attributes as seperate arguments.
<Mic92>
i.e. nix build -f file attr1 attr2 attr3
<Mic92>
It works fine if I write a file: 'with import file; attr1 attr2 attr3'
<Mic92>
I only loos the ability to allow the user to pass arguments to import file
<infinisil>
And you're calling nix-build-uncached with all those arguments?
buckley310 has joined #nixos
<infinisil>
Mic92: This might not solve the problem, but I'd try using nix-build instead of nix build, since the latter is still experimental (and soon the nix command is disabled by default I think)
<Mic92>
infinisil: no. nix-build-uncached introspect the user's default.nix and filter out toplevel arguments that are not in any binary cache.
<Mic92>
infinisil: Well. It will also break nixpkgs-review.
<{^_^}>
[nixpkgs] @zowoq opened pull request #86045 → restic: use subPackages, installShellFiles → https://git.io/Jftot
<Mic92>
infinisil: is it not compiled in then or just not accessible without additional flags?
codygman has quit [Ping timeout: 240 seconds]
<Mic92>
nix-build produces unreadable long logs.
ok2` has quit [Ping timeout: 264 seconds]
<Mic92>
Not ideal as a CI when using many packages.
<infinisil>
Needs `--experimental-features nix-command` then I think
<infinisil>
Maybe it's possible to access logs independently of the nix-build, i think they're stored somewhere (like what `nix log` does, but hopefully without the nix command)
<hyper_ch>
freeman42x[m]: I use Konvesation
<Mic92>
They are indeed stored. I do this for nixpkgs-review. However I also want the progressbar.
<infinisil>
That sounds tricky then, not sure how to do it
virus_dave has joined #nixos
__monty__ has joined #nixos
<infinisil>
Maybe you could figure out how to fix the crashing for too many attrs
virus_dave has quit [Client Quit]
brent__ is now known as fusion809_
ok2`- has joined #nixos
ok2`- is now known as ok2`
slack1256 has joined #nixos
stree has quit [Read error: Connection reset by peer]
stree has joined #nixos
<freeman42x[m]>
does anyone know where I could find insructions for setting up Nextcloud on NixOS?
<freeman42x[m]>
I just need to figure out this part now: `adminpassFile = "/path/to/admin-pass-file";`
<craige>
Anyone seen an issue with Hydra when upgrading to 20.03 where it blasts away the postgres user "hydra" despite ensureDatabases containing the hydra database?
<freeman42x[m]>
like, I do not know what that file would need to contain, it's format
<craige>
I think I've sorted it :-)
<immae>
It’s the admin user and password of the nextcloud instance for maintenance tasks (via nextcloud-cmd)
<immae>
Might not be needed for every task, but some maybe
<{^_^}>
#85955 (by luc65r, 1 day ago, open): mate-tweak: init at 20.04.0
<immae>
freeman42x[m]: ah no sorry it’s only used during the first setup
<immae>
(to set the first username and password of the instance)
<Ashy>
hmm, seeing something weird with fetchFromGitHub, when adding new packages to a nix derivation (in a let block) i'm copying blocks and modifying everything except the sha256, but when i build with nix-shell i get a permission error instead of a wrong hash error, what's going on here?
<Ashy>
modifying the sha256 to a random string of the correct length works and throws the expected hash mismatch
<Ashy>
but using a valid hash from a different package has that other strange behaviour
o1lo01ol1o has joined #nixos
<freeman42x[m]>
immae: how did you determine that? I am still trying to find how it works and its format
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @jluttine opened pull request #86052 → rofi-file-browser: init at 1.1.1 → https://git.io/Jft14
gxt has quit [Quit: WeeChat 2.8]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zupo has joined #nixos
zupo has quit [Ping timeout: 260 seconds]
zupo has joined #nixos
<rsaarelm>
Can I read a non-nix external file to nix string? import seems to want files that are valid nix. I want some thing like "programs.neovim.extraConfig = readFileToString ./vimrc"
eyenx has quit [Ping timeout: 260 seconds]
dermetfan has quit [Ping timeout: 240 seconds]
<rsaarelm>
builtins.readFile?
<arianvp[m]>
builtins.readFile
pingiun has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<arianvp[m]>
Will copy the file to the nix store though
<arianvp[m]>
File literals implicitly copy things to nix store
<siers>
should people put default.nix in their project's sources?
o1lo01ol1o has quit [Remote host closed the connection]
<rsaarelm>
Yeah, copying the file to nix store is fine. I just want to use proper syntax highlighting for the vimrc since it's pretty big.
delan has joined #nixos
delan has joined #nixos
delan has quit [Changing host]
o1lo01ol1o has joined #nixos
Darkmatter66_ has joined #nixos
alp has joined #nixos
<{^_^}>
[nixpkgs] @zimbatm opened pull request #86053 → terraform-providers: updates and cleanups → https://git.io/JftMY
proofofkeags has joined #nixos
Darkmatter66 has quit [Ping timeout: 260 seconds]
andymandias_ has quit [Quit: ZNC 1.7.4 - https://znc.in]
andymandias has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @zimbatm merged pull request #86051 → docs/python: document builders using doInstallCheck and not doCheck → https://git.io/JftX6
<{^_^}>
[nixpkgs] @zimbatm pushed commit from @doronbehar to master « docs/python: document builders using doInstallCheck and not doCheck (#86051) »: https://git.io/JftMo
<{^_^}>
[nixpkgs] @zimbatm pushed commit from @alevy to release-20.03 « zulip: 4.0.0 -> 5.0.0 (#85770) »: https://git.io/JftDB
pingiun has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
pingiun has joined #nixos
jmeredith has joined #nixos
<Thra11>
Is it possible to have buildGoModule to only build a specific subdirectory? I'm trying to build a module which has a setup command in a subdirectory which needs to be built and installed first (so that it can be run as part of the configuration for the other subdirectories).
johnjay has joined #nixos
knupfer has quit [Remote host closed the connection]
knupfer has joined #nixos
dozn has quit [Quit: I'm probably just changing some settings or have had an outage, I'll be back soon.]
chagra_ has quit [Ping timeout: 244 seconds]
dozn has joined #nixos
dermetfan has joined #nixos
chagra_ has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<Philonous>
systemd-cryptsetup-generator doesn't seem to pick up devices listed in /etc/crypttab any more, I'm pretty sure that used to work. How do I get auto-decryption to work again?
pingiun has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
shreyansh_k has joined #nixos
pingiun has joined #nixos
<Thra11>
And if I do have to write a separate derivation with manual steps to build a certain go module, can I somehow use the result with buildGoModule to build a package which depends on it?
knupfer has quit [Quit: knupfer]
knupfer has joined #nixos
dingo has quit [Quit: Lost terminal]
knupfer has quit [Client Quit]
knupfer has joined #nixos
<Thra11>
(I'm trying to build github.com/ProtonMail/proton-bridge, but one of its dependencies, github.com/therecipe/qt, needs extra manual build steps)
alp has quit [Quit: Leaving]
<shreyansh_k>
Hello, how do I use 'nix build' to build a nix-expression (for a package) but with a specific channel (whose name is passed via the command line)?
<symphorien>
{ channel }: let pkgs = import channel {}; in ...
rawr has quit [Quit: They're putting dbus in the kernel. For fairness, I want a Java RMI registry in the linux kernel too. dont @ me]
<craige>
Has anyone seen an upgrade issue with 20.03 where all your postgrs databases COLLATE and CTYPE become the locale rather than "C"?
<shreyansh_k>
Hello clever and symphorien, thank you for getting back.
<shreyansh_k>
clever: I'm trying to build an expression from a file present on the local disk, so -A wouldn't work, right?
<shreyansh_k>
symphorien: I've had better success with your method but with one caveat.
<shreyansh_k>
I can build the expression in the file with your method but I can only use the channel previously added to the system via nix-channel.
<shreyansh_k>
Is it possible to do the same without having to add the channel in the first place?
tobeportable has joined #nixos
rawr has joined #nixos
<shreyansh_k>
In other words, with `--arg channel "<some-channel>"` should automatically download the latest `some-channel` and build the expression with it.
<symphorien>
and channel should be a string of the form "channel:nixos-unstable"
<shreyansh_k>
I tried but I'm getting this error: "error: string 'channel:nixos-unstable' doesn't represent an absolute path, at /home/shreyansh/sdf.nix:3:6"
<shreyansh_k>
The command: `nix-build --no-link ~/sdf.nix --arg channel "channel:nixos-unstable"`
<tobeportable>
Hi, I'd like to have some clarification from the doc : in https://nixos.org/nixpkgs/manual/#reviewing-contributions-new-packages , it says : "A maintainer must be set. This can be the package submitter or a community member that accepts to take maintainership of the package." should I add myself to maintainers/maintainer-list.nix with the new package MR or should I ask here for someone to volunteer or something else ?
<shreyansh_k>
symphorien: as shared with error, any ideas on how the command can be modified to do that?
<symphorien>
mmh maybe it must be a path and not a string
<symphorien>
tobeportable: you can add yourself in the same PR but a separate commit
<Orbstheorem>
How can I write a nix string whose source is formatted to 80 chars, but it evaluates to a single line without newlines?
<shreyansh_k>
symphorien: I hope it will be possible to specify the name of the channel. The idea is to automatically build the expression with the latest version of a channel.
<tobeportable>
is it correct that the doc is contradicting itself here then : https://nixos.org/nixpkgs/manual/#chap-quick-start by saying : "All meta attributes are optional, but it’s still a good idea to provide at least the description, homepage and license." ?
<simpson>
tobeportable: Nix itself doesn't care, but nixpkgs maintainers will care during code review.
<shreyansh_k>
symphorien: I've been trying to understand the example you've shared but I don't know how to use this in this case. If it help you help me better, note that all I'm trying to do is to build a buildEnv expression inside a file, against the latest version of a channel to test if it builds successfully.
<symphorien>
do you need the channel to be configurable then ?
<symphorien>
hardcode it to nixos-unstable, no ?
<shreyansh_k>
symphorien: What I hope to achieve is to check if the buildEnv expression builds with latest version of a channel before I update the system's channel to the latest version.
<symphorien>
let pkgs = import (builtins.fetchTarball channel:nixos-unstable) {}; in ...
<shreyansh_k>
symphorien: In other words, there is a system channel and this expression is expected to be build against it. But, I'd like to not update the system's channel if this expression fails with this version of channel.
o1lo01ol1o has joined #nixos
<shreyansh_k>
And, if build is successful, I'd like to only work with the working copy of the said channel.
<shreyansh_k>
symphorien: Would "let pkgs = import (builtins.fetchTarball channel:nixos-unstable) {}; in ...
<shreyansh_k>
symphorien: Would "let pkgs = import (builtins.fetchTarball channel:nixos-unstable) {}; in ..." fetch the latest channel at every build?
<symphorien>
yes, with a cache of about 15 minutes iirc
mchasard has quit [Quit: Leaving]
<shreyansh_k>
symphorien: could fetching the latest channel at every build be avoided? In other words, try to build with the latest channel, if success, then update channel, if failure, then don't do anything (like update channel or the buildEnv result).
<symphorien>
anything more involved would involve dowloading manually and then let pkgs = import /path/to/channel/content {}; in
asbachb has joined #nixos
<asbachb>
Hej. Do I get it right that `system.stateVersion` should stay at `19.09` after migration to `20.03`?
<manveru>
asbachb: yes
<manveru>
do not touch it, ever :)
<asbachb>
manveru: Thanks for clearification.
<{^_^}>
[nixpkgs] @Ma27 opened pull request #86055 → nixos/wireguard: test against multiple kernel versions → https://git.io/JftSW
<{^_^}>
Changing stateVersion doesn't upgrade anything and can only break your setup at best. To actually upgrade NixOS see https://nixos.org/nixos/manual/#sec-upgrading. If you need to change stateVersion for some odd reason regardless, Ctrl-F for "stateVersion" in https://nixos.org/nixos/manual/release-notes.html to see things that need to be manually migrated with the new value
<Robertof>
Hi! I'm trying to understand if I can override a call to `callPackage` which has an absolute path. Specifically, I'm importing the defexpr `sd-image-aarch64` which in turn imports `sd-image` which has this:
<Robertof>
Is there a way for me to use my own `make-ext4-fs` without copying the whole thing and just changing the path? I was looking at overlays, but I don't think I can use them
cole-h has joined #nixos
<tobeportable>
"Changing stateVersion doesn't upgrade anything and can only break your setup at best" -> should I revert back to 19.09 if modified it already ?
<tobeportable>
should the ouput of `nixos-version` change after a successful update?
<fusion809>
Is there something else one has to get virtualbox guest additions to work in a VM? Naturally, the guest OS is NixOS (so is the host, but I don't think that part is as relevant)
<fusion809>
Beyond just adding virtualisation.virtualbox.guest.enable = true;?
<gchristensen>
you might need virtualisation.virtualbox.host.enable orvirtualisation.virtualbox.host.enableExtensionPack enabled on the host, not sure what exactly those two enable
<fusion809>
Both are alreaday enabled.
<fusion809>
already^
<fusion809>
AFAIK they're required just to get VirtualBox installed on NixOS.
<fusion809>
Oh and yes virtualisation.virtualbox.guest.enable = true; is added to the guest's /etc/nixos/configuration.nix file, in case you're wondering whether I've put that in my host's config by accident.
<fusion809>
Aside from the checkJournaling option that's what I've got in my configuration.nix file. Yet oddly under i3 the guest screen is not autoscaling to window size.
civodul has joined #nixos
asheshambasta has quit [Ping timeout: 265 seconds]
<edcragg>
is there some magic for getting lua 5.3 (not 5.2) as a build dependency?
<tobeportable>
lua5_3 ?
alexherbo2 has joined #nixos
tobeportable has quit [Remote host closed the connection]
ebopp has joined #nixos
<{^_^}>
[nixpkgs] @FRidh pushed to master « Revert "docs/python: document builders using doInstallCheck and not doCheck (#86051)" »: https://git.io/Jft9D
fenedor has joined #nixos
shibboleth has joined #nixos
fendor has quit [Ping timeout: 244 seconds]
<nh2>
clever: I think it's legitimate to build something like fsnoop against newer kernel headers; it needs to know what the constants are for various functionaliy (like `FAN_CREATE`), and then they it still gracefully detect at runtime whether the running kernel does not suppor them
vesper11 has quit [Read error: Connection reset by peer]
knupfer has quit [Remote host closed the connection]
knupfer has joined #nixos
<tobeportable>
answering my own question: nixos-version should display 20.03 after a successfull upgrade, I managed to overlook the blue note at the end of https://nixos.org/nixos/manual/index.html#sec-upgrading that more or less say these command won't actually upgrade your system if you don't prefix them with sudo ...
<CrazyMind102>
It is easy to miss something small like that.
reallymemorable has quit [Quit: reallymemorable]
<edcragg>
tobeportable: that's the one, thanks!
waleee-cl has joined #nixos
<negaduck>
could anyone point out how to use niv for having one package from nixpkgs of one commit and another package from another commit?
pingiun has quit [Ping timeout: 260 seconds]
rardiol has joined #nixos
<tobeportable>
~2 years I was thinking I was doing upgrades, didn't really notice as I was reinstalling from a fresh iso most of the time
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #nixos
inkbottle has joined #nixos
zebrag has quit [Ping timeout: 260 seconds]
sigmundv_ has joined #nixos
<negaduck>
edcragg: cool, that's a clear explanation, thanks
<Mic92>
colemickens: you are welcome.
zupo has quit [Ping timeout: 244 seconds]
<{^_^}>
[nixpkgs] @bennofs opened pull request #86062 → ghostscript: disable parallel building → https://git.io/JftQJ
zupo has joined #nixos
<{^_^}>
[nixpkgs] @bennofs opened pull request #86063 → Llvm big parallel → https://git.io/JftQY
maddo has quit [Ping timeout: 246 seconds]
zupo has quit [Ping timeout: 240 seconds]
maddo has joined #nixos
<tobeportable>
is email mandatory in maintainers/maintainer-list.nix or is github handle enough to get notified ?
<qyliss>
email is at least strongly preferred
<qyliss>
(not over github, but like, it's strongly preferred that you have one)
<Orbstheorem>
Hello o/ I configured hie with ghc865 (from infinisil's all-hies repo). When my language client calls hie-wrapper I get the following error: `[coc.nvim] "can't load .so/.DLL for: /nix/store/lz67bgzcwjf8wf23j2cb69g01pa7x4sf-ghc-8.6.5/lib/ghc-8.6.5/ghc-prim-0.5.3/libHSghc-prim-0.5.3-ghc8.6.5.so (/nix/store/c745s6cnnxy6c98bvhi0qsijrh3ikag1-glibc-2.27/lib/libm.so.6: version `GLIBC_2.29' not found (required by
<Unode>
hi all, I'm trying to setup a bluetooth audio device on NixOS. I don't have pulseaudio on the system (using ALSA only) and would like to avoid pulseaudio unless necessary. Following bluetooth instructions on the wiki I managed to pair the device but then run into https://nixos.wiki/wiki/Bluetooth#When_connecting_to_an_audio_device:_Failed_to_connect:_org.bluez.Error.Failed
<Unode>
the solution seems to be to install pulseaudio... Does anyone know if this is a dependency from blueman?
zupo has joined #nixos
<Unode>
I see also some online articles mentioning ALSA and bluez, including bluez-alsa but everyting I tried so far didn't really connect
jumper149 has joined #nixos
reallymemorable has quit [Quit: reallymemorable]
Cale has quit [Ping timeout: 252 seconds]
<Unode>
"Bluez5 has dropped direct integration for ALSA and supports PulseAudio only" I guess I have my answer.
<cole-h>
:( Why were you trying to avoid pulse?
<numkem>
I'm trying to package a KDE app. It builds just fine but when I launch it I get this error message: `KHTML default stylesheet version mismatch. Aborting. Check your installation. File used was: . Expected STYLE_VERSION 1`. There is an issue on nixpkgs with that message but there isn't more details
tobeportable has quit [Quit: Leaving]
<{^_^}>
[nixpkgs] @georgewhewell opened pull request #86064 → pythonPackages.bluepy: init at 1.3.0 → https://git.io/Jft7J
thibm has joined #nixos
c382feb92 has quit [Ping timeout: 260 seconds]
pingiun has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mchasard has quit [Remote host closed the connection]
<thibm>
I'm trying to setup autologin on only 1 TTY. So I'm trying to override getty@tty1 systemd service. Are /etc/systemd/system/getty@tty1.service and /etc/systemd/system/getty@tty1.service.d/override.conf equivalent for systemd?
pingiun has quit [Read error: Connection reset by peer]
<symphorien>
you can use systemctl cat getty@tty1.service to check the result
<thibm>
Documentation I found and `systemd edit getty@tty1` want the latter, but this one is generated by Nix only if the main service already exists
<thibm>
Setting the main service does not seem to work
qurxo_ has joined #nixos
<thibm>
symphorien: nixos uses upstream getty.service, and an override at /etc/systemd/system/getty@.service.d/overrides.conf
<thibm>
I looked at the Nix files, the generated files and your command confirms it
user_0x58 has joined #nixos
<symphorien>
to override things in configuration.nix: systemd.services."getty@tty".serviceConfig = ...
<thibm>
Yes, but this generates /etc/systemd/system/getty@tty1.service
<thibm>
While it seems that the approach only works with /etc/systemd/system/getty@tty1.service.d/override.conf
<thibm>
But the module will generate the latter only if the former already exists
<cole-h>
That doesn't sound right.
mchasard has joined #nixos
<symphorien>
no it will create an override
<symphorien>
if the file comes from upstream
<thibm>
yes
<symphorien>
ah maybe not because of the @...
<thibm>
but there's no getty@tty1 upstream
<thibm>
only a getty@
<symphorien>
I see
<thibm>
So I'm wondering if there is a difference from systemd. If not, then I did something wrong :>
Fare has quit [Ping timeout: 260 seconds]
<symphorien>
the quick and dirty way is to use environment.etc
Robertof has quit [Ping timeout: 240 seconds]
<thibm>
yup, does not work
qurxo_ is now known as Robertof
jaray[m] has joined #nixos
<thibm>
wait
tobeportable has joined #nixos
<thibm>
Is environment.etc."systemd/system/getty@tty1.service.d/overrides.conf".text = "..." OK? That what I did (to debug) and I got:
<symphorien>
hum the /etc/systemd directory may be created in a different derivation
<thibm>
The error is in the builder for etc.drv
<symphorien>
I guess the best way forward is to find the code which detects that we use an upstream unit file, and which creates an override instead, and adapt it to also do this when the upsteam unit is a template
<cole-h>
thibm: I misunderstood; ignore me.
<thibm>
cole-h: OK
<thibm>
symphorien: yes I found the code, that's why I said it generates the .d/overrides.conf iff the service file already exists
<thibm>
It sounds like a strong assumption that both files are the same from systemd point of view
knupfer has quit [Quit: knupfer]
<symphorien>
yes systemd merges them
knupfer has joined #nixos
knupfer has quit [Client Quit]
<symphorien>
with strange semantics like: lists are appended unless you affect them an empty list
o1lo01ol1o has quit [Remote host closed the connection]
knupfer has joined #nixos
<numkem>
cole-h: Is there a priority system regarding PRs? It would be nice to have the PR merged that contains adding me as a contributor.
<thibm>
symphorien: Yes a saw this
knupfer has quit [Client Quit]
knupfer has joined #nixos
o1lo01ol1o has joined #nixos
<thibm>
The services.mingetty.autologinUser thing works like a charm. But if I copy the generated service only for getty@tty1 is does not work anymore
<thibm>
I'll keep searching
<virtusviri7321[m>
Hey guys, does the new release 20.03 provide better amd driver ?
<thibm>
symphorien: OK, actually defining /etc/systemd/system/getty@tty1.service does not extends getty@. That's why the tty did not work, the service configuration is almost empty (just the overrides)
shibboleth has joined #nixos
o1lo01ol1o has quit [Ping timeout: 260 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<thibm>
It may be different by setting getty@tty1.service.d/overrides.conf, because that's what I found in some documentation.
johnw_ has joined #nixos
johnw has quit [Ping timeout: 272 seconds]
gerschtli has quit [Quit: WeeChat 2.7.1]
gerschtli has joined #nixos
<thibm>
symphorien: BTW, the code that put stuff into $x.service.d/overrides.conf if $x.service exists is in switch-to-configuration.pl
Fare has joined #nixos
<symphorien>
that's surprising...
<armin>
anyone a clue how to add an "Xsession" entry to the dropdown menu list in lightdm's sessions?
<Robertof>
Worth another shot: does anybody know if I can specify a custom, overridden `make-ext4-fs` in `sd-image.nix` (https://github.com/NixOS/nixpkgs/blob/8a530a0b/nixos/modules/installer/cd-dvd/sd-image.nix#L18-L26) in a better way than just duplicating the import chain and changing them? I think overlays are only applicable for exported packages, and I don't think they would work for a relative `callPackage`
<gchristensen>
wucke13: nix-build '<nixpkgs>' -A pkgsCross.mingwW64.hello
<numkem>
cole-h: I did, I'm doing the exact same thing as far as I can tell. It actually showed me a way to not have to do the whole cmake build by hand, it's all automated.
<numkem>
cole-h: It builds just fine but when I launch it I get this error message: `KHTML default stylesheet version mismatch. Aborting. Check your installation. File used was: . Expected STYLE_VERSION 1`. There is an issue on nixpkgs with that message but there isn't more details
<wucke13>
gchristensen: How would I utilize that to build something with cargo for windows?
<qyliss>
zeta_0: there are 41 nicks in #nixos-emacs
<cole-h>
numkem: You should try `libsForQt5.callPackage` and use that mkDerivation instead of stdenv's
<wucke13>
gchristensen: Anyways, thank you for the hint so far. On ubuntu it is sufficient to just install the mingw64 package, hence my original question.
user_0x58 has quit [Ping timeout: 244 seconds]
user_0x58 has joined #nixos
<aleph->
Hmm, is there a package with the virt-install util?
<numkem>
cole-h: trying to find a use of it in nixpkgs
ddellacosta has joined #nixos
<thibm>
aleph-: yes, virtinst, virtmanager. Found with the command-not-found util
<aleph->
Oh huh, did not know about the command not found util. That's nifty
<numkem>
and I'm not sure i understand why the arguments passed don't match the package names? example for kfilemetadata, in the package list it's shown as kdeFramework.kfilemetadata
<cole-h>
Because libsForQt5 passes kdeFramework implicitly, I'd guess
<numkem>
cole-h: how is hydra supposed to know about how to call it too? Do I have to add that package in the kde folder or as a seperate app?
<numkem>
cole-h: wow, well thank you, figured it was something 'simple'
<noonien>
hello folks!
<noonien>
i'm thinking about installing mobile-nixos on a CT100PA. i've not got one yet, planning on buying. is the installation difficult?
<cole-h>
numkem: Hydra knows to call it, because when you add the package to all-packages, you'll write `tellico = libsForQt5.callPackage ..../tellico {};`
<numkem>
cole-h: got it, make sense, there isn't any magic there
<cole-h>
And, `propagatedUserEnvPkgs` probably isn't what you want
<numkem>
cole-h: that was just trial and error, not sure yet what it does
<cole-h>
You probably want modify the path inside `qtWrapperArgs`
<cole-h>
s/path/PATH/
<cole-h>
Alternatively, patch the reference to kdeinit5 in source
<numkem>
cole-h: I'll try without and see if it has any impacts
<noonien>
or, alternatively, a better tablet to run nixos/mobile-nixos on :D
<numkem>
I'll make sure to read the manual regarding language specific things. It's something I don't think about
<cole-h>
samueldr: ^ One of your people
<cole-h>
(well, the one above numkem...)
<noonien>
hehe, i'm actually watching samueldr's 2019 nixcon mobile-nixos talk right now
cosimone has quit [Remote host closed the connection]
cosimone has joined #nixos
<{^_^}>
[nixpkgs] @mkg20001 opened pull request #86069 → cinnamon.cinnamon-screensaver: init at 4.4.0 → https://git.io/JftFg
<numkem>
cole-h: doesn't look like anything fancy was required, just that! Thanks!
<numkem>
cole-h++
<{^_^}>
cole-h's karma got increased to 32
eyenx has quit [Quit: bye]
eyenx has joined #nixos
<thibm>
symphorien: for your information I dirty hacked systemd unit generation to put move the getty@tty1.service into getty@tty1.service.d/overrides.conf and it works :)
proofofkeags has quit [Remote host closed the connection]
<thibm>
I guess this use case has not been anticipated by the module authors
eyenx has quit [Changing host]
eyenx has joined #nixos
<thibm>
use case = overriding a specific instance of an existing service
chagra_ has quit [Ping timeout: 260 seconds]
knupfer has quit [Read error: Connection reset by peer]
knupfer1 has joined #nixos
<thibm>
I'll open on issue on GH
sgo_ is now known as stigo
knupfer1 is now known as knupfer
<emily>
does anyone know why nixos-unstable is stuck right now? is it just that hydra jobs issue, or problems with gnome packages, or something?
<{^_^}>
[nixpkgs] @kimat opened pull request #86070 → gitin: init at 0.27.8 → https://git.io/JftFM
<qy[m]>
> 1
<{^_^}>
1
<emily>
jst thinkg
<emily>
er
<cole-h>
emily: Should be unblocked soon, since the inkscape fix was merged to master recently
<emily>
just things I idly wonder about while Nix builds mutter and also inkscape so it can compile a font package my system uses >_>
<cgi>
bkv, on ubuntu, what is the usecase for nix package manager?
<cole-h>
That sounds like something you should figure out for yourself.
sogatori has quit [Read error: Connection reset by peer]
<cole-h>
It varies from person to person.
<cgi>
cole-h, what do you use it for on ubuntu?
<pingiun>
I managed to get a vga console working by adding --reset-vga and --vga-console, and now I can see a message about the sha256 digest not mathcing
<pingiun>
although I'm not sure wether it's an error with the kernel or init
<pingiun>
hyper_ch: do you have experience with the kexec install method?
<cole-h>
cgi: I use Arch, not Ubuntu. But I use it to build and install packages I use daily.
<pikajude>
how do I add a GC root pointing to a derivation?
<cole-h>
Sure.
<emily>
cgi: you can use it to make isolated development and testing environments for software projects you use or work on
<cgi>
cole-h, I guess one use case for me would be to install and uninstall packages cleanly?
<emily>
cgi: arch has no concept of an individual set of reproducibly-built tools exposed to a shell like that. the closest you could get would be hacking up something with docker, which nix is far nicer than
<cgi>
emily, do you have a small example of that usecase somewhere?
<cole-h>
pikajude: Maybe you're looking for `--add-root`? I don't know if that works on raw .drvs, though
Robertof has quit [Read error: Connection reset by peer]
<pikajude>
i know about that flag, but i don't know how to make it respect a derivation
Robertof has joined #nixos
<emily>
(I guess snaps come closer, from ubuntu, but still pretty far off)
<emily>
er, ubuntu rather
<pikajude>
also i don't even know if what i would want to do with this even works
<pikajude>
i just want to make sure that all the build inputs to a derivation used with nix-shell aren't GC'd
<emily>
cgi: e.g. you don't want to have to manually install a bunch of library dependencies, postgres, devtools, ..., on every system you clone your software project's repo from and do development on it
<pikajude>
the buildCommand itself is just `touch $out` so it has no references
<pikajude>
but i need to keep the buildInputs and so on
<emily>
cgi: instead you can write a shell.nix specifying it all and use that reproducibly across any linux distro or macos
<cole-h>
pikajude: You probably already know about this, but maybe take a look at lorri and see how they achieve that. I believe they add gcroots and things and stuff..
<zeta_0>
cgi: i'd highly recommend replacing apt with nix, i used to use apt on debian/ubuntu, and apt is horrible
<pikajude>
oh, i've never heard of lorri
<pikajude>
looks neat
<energizer>
bkv: yes. on ubuntu, nix is a replacement for apt
<cgi>
emily, thanks - is there a sample tutorial of this config somewhere i can start with ?
<cgi>
energizer, so use apt to install nix, then keep using nix?
<energizer>
er
<quiet_laika[m]>
how are nix-y haskellers deciding between using the stock haskell infrastructure in nixpkgs and haskell.nix? ive used haskell.nix in the past but it generally seems to require pulling in a lot more dependencies from scratch unless im EXTREMELY careful about setting version pins to match whats in haskell.nix
<{^_^}>
[nixpkgs] @DamienCassou pushed 2 commits to master: https://git.io/Jftb5
<bkv>
energizer: no, it isn't really. you can't actually even have ubuntu without apt
<bkv>
you can use apt AND nix, but it can't function as a total replacement
<bkv>
when i say apt, i'm mostly meaning dpkg
<cgi>
bkv, does nix internally use apt on ubuntu?
<cole-h>
No
<bkv>
no, it doesn't
<bkv>
they're completely orthogonal
<cole-h>
Nix is its own thing. You should read that page you linked before.
<bkv>
which is the point
<energizer>
cgi: all the things you do with apt, you can do with nix instead
Kyndig has quit [Remote host closed the connection]
<energizer>
you can't remove apt tho
Kyndig has joined #nixos
<bkv>
actually good luck updating system-critical packages with nix
<energizer>
yeah maybe not everything
<energizer>
but mostly, anyway
<energizer>
if you want to use nix for everything, that's what NixOS is about
<cgi>
k - question- if i install cgal_5 on ubuntu using nix, how do i get the python bindings?
<bkv>
the definition of "install" in nix is different. you won't be able to globally have the python bindings in your normal python
<bkv>
you'll have to either install a python with the bindings through nix, or run a nix-shell with said python
<bkv>
but that python will be different and always separate to your normal python
<cgi>
bkv, typically its pain to compile those bindings with cgal_5 - so i ask.
<cgi>
bkv, so this is like a separate set of paths - than the system paths - so even as a user i can install everything i need?
<bkv>
yes (theoretically)
Kyndig has quit [Ping timeout: 246 seconds]
<cgi>
bkv, how do i get a modification of something that is already compiled and easy to install? like python-bindings for cgal_5?
<bkv>
doesn't look like nix has them by default, you'll probably have to override/write a derivation
<cgi>
bkv, how bad is that? how do i get started?
<bkv>
but as i said, even if you did, it would be separate from /usr/bin/python
<cgi>
I currently use pyenv - so i never touch /usr/bin/python3
Kyndig has joined #nixos
<bkv>
ok, pyenv wouldn't work either
<bkv>
unless through nix
<cgi>
it lives in ~/.pyenv/shims/python3
<bkv>
yes but it uses system libraries
<bkv>
nix cannot do that
<bkv>
that's the idea i'm trying to get across, everything in nix is fully self-contained, so it's entirely orthogonal to everything currently on your system
<cgi>
bkv, sooner or later won't that get it in trouble with system libraries - unless its tested well on ubuntu already?
reallymemorable has joined #nixos
<{^_^}>
[nixpkgs] @yipengsun opened pull request #86073 → Bump jedi versions (and its dependency parso) → https://git.io/JftNY
<bkv>
it runs on linux, that's all that matters :)
<{^_^}>
[nixpkgs] @worldofpeace pushed 2 commits to master: https://git.io/JftAi
<cole-h>
energizer: You should read the manpage. You probably want `systemd-analyze calendar "*-*-* 02:*:* UTC"`
luc65r has quit [Quit: Quit]
<energizer>
cole-h: i did read the man page and the arch wiki, both of which does suggest a syntax like the one i gave. but yes, your answer works, thank you.
<cole-h>
Mine suggested syntax like the one I gave.
<energizer>
nice
woffs has joined #nixos
fenedor is now known as fendor
<edcragg>
qlyiss: the cmake not finding openssl issue is the same when building on actual nixos, too...
<djanatyn>
i'm setting up systemd units for nomad on NixOS, but it looks like the service unit doesn't have access to the `ip` command it expects: "Error while detecting network interface during fingerprinting: fork/exec /sbin/ip: no such file or directory"
<edcragg>
qyliss*
<djanatyn>
this doesn't occur when i run the same command locally: /nix/store/w26xy4vvak7myw5jzha21cwr85f41z18-nomad-0.11.0-bin/bin/nomad agent -config /etc/nomad-client.hcl
sophiag has left #nixos ["ERC (IRC client for Emacs 26.3)"]
<djanatyn>
how can i ensure that's in the PATH of the systemd unit when i'm defining it via the `systemd.services` option?
<cole-h>
I think there's a `path` option you can set. Is this unit custom-defined, or is there one in nixpkgs?
<colemickens>
cole-h: were you the one asking about getting an icon for the matrix room?
<cole-h>
Nope, I don't use matrix x)
<djanatyn>
it's custom defined - i'll just add to the path in the unit definition
<qyliss>
edcragg: yeah, builds run in a sandbox so they shouldn't ever be any differet on NixOS
<djanatyn>
oh cool - i can just refer to "${pkgs.iproute}" in the unit definition, i think
h0m1 has quit [Quit: WeeChat 2.8]
h0m1 has joined #nixos
<djanatyn>
even better: path = [ pkgs.iproute ];
<djanatyn>
now everything works :)
<cgi>
I just installed nix on my machine. It says I have to ". /home/.../nix.sh" - is this something i should be sourcing from ~/.bashrc?
<worldofpeace>
wait, if you don't use channels you don't have a command-not-found database?
rardiol has quit [Quit: No Ping reply in 180 seconds.]
rardiol has joined #nixos
xO1 has quit [Ping timeout: 260 seconds]
bqv[m] has left #nixos ["User left"]
nihilazo has joined #nixos
knupfer has quit [Quit: knupfer]
gustavderdrache has joined #nixos
knupfer has joined #nixos
cosimone has quit [Remote host closed the connection]
cosimone has joined #nixos
<cgi>
k - so nix-env really needs a logout - a new shell does not work
<nihilazo>
hello! I'm a newbie and I have some questions. I know that in nix it's common to use the nix management tools for everything rather than language and tool-specific package managers, but what do I do if (say) I want a python library that's in pip and too small to be in nix? Are user-level configuration files still managed in the conventional dotfiles way or is it different for nix? Basically, what do I need to know to get a
<nihilazo>
system over from arch to nix fairly smoothly?
<energizer>
nihilazo: which python package is it?
<nihilazo>
there's no specific one, I'm just uncertain about that kind of case becuase I find it happens to me a lot in arch
<energizer>
give an example
<cole-h>
cgi: It shouldn't.
<energizer>
nihilazo: i'm asking because there's a different answer for *libraries* vs *applications*
<nihilazo>
ah ok
<emily>
nihilazo: you can write your own derivations
<emily>
and import them in your system config (or install them user-level with the nix-env tooling, but I don't use that stuff)
proofofkeags has joined #nixos
faya[m] has joined #nixos
<emily>
nixpkgs supports third-party "overlays" with custom packages
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<emily>
yeah, home-manager is cool, though you don't have to use it; you can perfectly well just put your own packaged python application in environment.systemPackages or whatever and use it from your local dotfiles too
<emily>
nihilazo: for a library, in general it would depend what scope you're using it in
<emily>
if it's for one specific software project, you'd include it alongside your default.nix/shell.nix that define all the dependencies and development tools used by those projects
<infinisil>
nihilazo: I think both pipenv and poetry can still be used like normal in NixOS
<emily>
if it's an application used in your system config, it'd go with your nixos config
<emily>
etc.
<nihilazo>
ok. I also use a lot of handwritten scripts that hang around in ~/.local/bin, does that interfere with nix in any way?
<energizer>
nihilazo: that works fine
<energizer>
some people like to install those scripts with nix instead, but just putting a dir on your path works too
<emily>
nihilazo: you can use fancy #! nix-shell shebangs to include the dependencies you want only in specific scripts :)
<emily>
(optionally, ofc)
<emily>
nihilazo: in general the "nix way" is leaning towards localizing dependencies where possible, not including things in your system environment just because something else needs them
<energizer>
infinisil: those tools work ok for pure-python packages, but not everything does, like naively installing pandas into a virtualenv won't work
<CRTified[m]>
To be honest, these nix-shell shebangs are generally a great idea, as it makes dependencies and used tools way more obvious
<energizer>
need poetry2nix for pandas
mallox has quit [Quit: WeeChat 2.8]
zupo has joined #nixos
<emily>
but it's up to you how much you want to opt in ultimately
<emily>
you can just use pip and install things in your homedir if you want, but buying into the nix approach gets you a lot
<energizer>
i like to keep my dotfiles bin dir outside of nix because then i can use it on non-nix machines
<cole-h>
numkem: LGTM. My review approval stands. Just waiting on somebody else to take a look and merge or request more changes.
<numkem>
cole-h: thank you!
proofofkeags has quit [Remote host closed the connection]
<cole-h>
numkem: That said, I personally would spend time looking into how to build from source (e.g. deal with the missing yarn packages, patching the Makefile if need be)
reallymemorable has quit [Quit: reallymemorable]
rfglinux[m] has joined #nixos
<numkem>
cole-h: I agree, I'd like to revisit
proofofkeags has joined #nixos
<{^_^}>
[nixpkgs] @veprbl pushed commit from @cole-h to release-19.09 « ninja: fix 404'ing patch »: https://git.io/Jftp5
<cgi>
energizer, when you work with new projects, do you use nix-shell?
<energizer>
cgi: no, i use lorri
<energizer>
which is similar to nix-shell but fancier
<energizer>
the mkShell invocation is the same though
<cgi>
energizer, looks a bit painful for a newbie
<{^_^}>
[nixpkgs] @veprbl pushed commit from @cole-h to release-19.03 « ninja: fix 404'ing patch »: https://git.io/Jfthv
proofofkeags has quit [Ping timeout: 260 seconds]
justanotheruser has quit [Ping timeout: 244 seconds]
<energizer>
cgi: you can get set up with nix-shell first, switching from there to lorri is quite a minor transition
<cgi>
energizer, so if i want to do a project - which needs C++/python - I first try to write a config that i can give nix-shell?
<energizer>
cgi: normally when doing a project, you want to make a default.nix that calls mkDerivation (directly or via a wrapper around that, like buildPythonPackage). then make a shell.nix that imports default.nix
codygman has quit [Read error: Connection reset by peer]
<Robertof>
what's the right channel(s) to use if I want to make a custom 20.03 build? I have `nixos-20.03` and `nixpkgs-unstable`, but the build comes out as `nixos-sd-image-20.09pre...`
<rotaerk>
if you're using something that interacts with, say, graphics drivers, then upgrade nixos to the latest version ... your nix shell will use the pinned version, sure, but that version may end up incompatible with your nixos environment, and not work
<rotaerk>
so I abandoned pinning, and I just fix my nix-shell as needed when I upgrade nixos
<peelz_>
is there a way to eval a string as a nix expr?
<rotaerk>
peelz_, isn't that what nix-instantiate does
<peelz_>
rotaerk: within nix :P
<nh2>
qy[m]: Second, fanotify does not work with ZFS, which is why I saw no output at all (https://github.com/openzfs/zfs/issues/6079) but I've checked with an ext4 mount and that works
<{^_^}>
openzfs/zfs#6079 (by necouchman, 3 years ago, closed): Support for fanotify
<nh2>
qy[m]: Third, you can also just use `sudo fatrace`, which is already packaged in nixpkgs
<peelz_>
infinisil: uhh currently fiddling around with niv, trying to see if it would be possible to do something like `niv add expr gcc-unstable -E 'sources.nixpkgs-unstable.gcc`
justanotheruser has quit [Client Quit]
justanotheruser has joined #nixos
<peelz_>
infinisil: (trying to contribute to niv, so I'm doing a PoC first)
<cole-h>
Why not just use `sources.nixpkgs-unstable-gcc`
nihilazo has left #nixos ["User left"]
<cgi>
energizer, https://paste.ubuntu.com/p/rB2kmFStsK/- when i do nix-shell in this directory with this file as default.nix - I don't get python3 from nix - it still has /usr/bin/python3
<peelz_>
cole-h: ?
<energizer>
cgi: oh that's something i forgot to mention. if you want to grab version-pinned deps from github instead of from nixpkgs, you can use `niv`
<cgi>
what am i doing wrong?
<energizer>
cgi: nix-shell wants a shell.nix
<cole-h>
lovesegfault: You forgot to drop the binutils build-components-separately patch
shabius_ has joined #nixos
<energizer>
cgi: oh apparently it falls back to default.nix, forgot about that
<cole-h>
lovesegfault: Rather, other things rely on the build-components-separately patch
<cole-h>
lovesegfault: libbfd and libopcodes, specifically.
chagra_ has joined #nixos
<energizer>
cgi: anyway, try a shell.nix that imports your default.nix and calls mkShell
<cole-h>
(So probably need to add that back)
<cgi>
energizer, if I change python3 to python38Full - it picks python38
<peelz_>
cole-h: that command I sent is made up. It's just to give an idea of what it would look like. The idea would be to enable niv to add pkg sources that point to a derivation in a "nixpkgs" listed in sources.json
<energizer>
cgi: you can try nix-shell --pure
<cgi>
now how do i install pandas ?
<cgi>
nix-shell --pure -> no python3 inside
shabius has quit [Ping timeout: 265 seconds]
<{^_^}>
[nixpkgs] @bjornfor merged pull request #85761 → unison: fix unison-fsmonitor wrapper in an empty PATH → https://git.io/JfkMW
<{^_^}>
[nixpkgs] @bjornfor pushed commit from @symphorien to master « unison: fix unison-fsmonitor wrapper in an empty PATH »: https://git.io/Jfthy
<cgi>
I was wrong - even when I do nix-shell (with default.nix in the directory) it always picks /usr/bin/python3
<energizer>
cgi: do you have a shell.nix?
civodul has quit [Quit: ERC (IRC client for Emacs 26.3)]
<cgi>
energizer, no
<cole-h>
peelz_: I'm just having a hard time coming up with a use case for that.
<pingiun>
hyper_ch: if you're curious, I managed to make kexec work, I wasn't using an up to date nixpkgs but my system one. using nixpkgs master made it work
<energizer>
cgi: something like `{pkgs ? import <nixpkgs> {}}: let mything = pkgs.callPackage ./default.nix {}; in pkgs.mkShell {buildInputs = [mything];}`
<peelz_>
cole-h: well, that way you can maintain different channels (and pin them) in niv and have packages imported from there rather than from a git/github/local source
<cole-h>
And also lovesegfault I would remove the "@fl*kli and @L*L7 ... @pb*gdan" from the commit body (or just the @) so that they don't get a notification every time somebody adds that commit to their local fork
<cole-h>
I guess I just don't see the difference between adding an expression for `sources.nixpkgs-21.09.gcc` and just using `sources.nixpkgs-21.09.gcc` in an expression
<cole-h>
Adding an expression as a source*
oida has joined #nixos
<peelz_>
cole-h: but can you do something like this: `getPkg = pkg: sources.${pkg} or nixpkgs.pkgs.${pkg}`, where `sources.${pkg}` is the maybe-overridden derivation from the niv sources ?
<cole-h>
What do you mean by "maybe-overridden derivation"?
<qy[m]>
nh2 (IRC): do you have a pr number for that? my nix config works best with pr numbers :p
<peelz_>
cole-h: what I would like to do is to tell niv to use `sources.nixpkgs-unstable.gcc` when you access `sources.gcc`, if that makes sense?
<nh2>
qy[m]: no, I haven't PR'd it, whether I will depends on whether fsnoop is actually still useful given that fatrace already exists
<cgi>
peelz_, nix-env -qaP gcc - does not show unstable.gcc - any reason?
<peelz_>
cgi: are we talking about the same thing?
<cole-h>
peelz_: But the real question is: *why*? What problem does that solve? Why not just do `sources = sources.nixpkgs-unstable;` and then `sources.gcc` will indeed work?
<cgi>
peelz_, no - you were using unstable - so i thought i would ask why that query does not show unstable - perhaps you know?
proofofk_ has joined #nixos
<peelz_>
cole-h: well, that is one way to do it, but it gets complicated when you have a bunch of `sources.nixpkgs-unstable.` references across all your nix modules
<cole-h>
nh2: Slightly related, but the fact that linuxHeaders diverges from linuxLatest seems weird to me. Maybe file an issue?
<peelz_>
cole-h: it would be nice to put all of that under a single function that checks if niv's sources has an override, if not it defaults to `sources.nixpkgs.<package>`, otherwise `sources.<expression>'
chloekek has quit [Ping timeout: 260 seconds]
<cole-h>
peelz_: But then you'll still have a bunch of `sources.gcc`. You save 16 characters.
<cole-h>
I don't mean to dissuade you, but I personally cannot see the benefit.
proofofkeags has quit [Ping timeout: 260 seconds]
<peelz_>
cole-h: well it's much more helpful if you use this pattern for all system/user packages in your config
<cgi>
energizer, any thoughts on that code/trace?
<cole-h>
How would that differ from something like `packages = with sources.nixpkgs-unstable; [ gcc a b c d e ];`?
<cole-h>
cc worldofpeace ^ Maybe you have an idea?
<peelz_>
cole-h: well in that case, all of those packages are taken from nixpkgs-unstable. You can't override that on a per-package basis through niv
<cole-h>
peelz_: That's what overlays are for.
<cgi>
energizer, is that the new default.nix?
<peelz_>
cole-h: but overlays makes those changes across all of nixpkgs
<peelz_>
(including dependencies)
<peelz_>
cole-h: I just want to be able to pull individual derivations from separate nixpkgs channels
<peelz_>
cole-h: while still being managed in niv
<energizer>
cgi: yeah. i gotta do some other stuff now. fwiw other people here are much more experienced nixers than i am, so you'll probably be better off in the channel's hands anyway :)
<cgi>
energizer, thanks
<ldlework>
energizer: oh i didn't realize you were using nix
<energizer>
ldlework: yep, you guys thinkfluenced me
<qy[m]>
cgi: yaml isn't very turing complete now is it :p
<cole-h>
peelz_: You seem to have dug your feet in, so I won't argue anymore. Good luck on your endeavor :)
<cgi>
qy[m], it does not have a steep learning curve - does it? :)
<qy[m]>
<peelz_ "cole-h: I just want to be able t"> i was about to say that i can do this really easily, but then you started on about niv and it became a PITA
<cgi>
all i want to do is , put python38 + gcc93 into nix-shell - and it seems that is non-trivial - with default.nix and shell.nix
<qy[m]>
cgi: eh, somewhat steep, but you'll make it
<peelz_>
qy[m]: perhaps I'd be better off writing a separate script and not go through niv?
<qy[m]>
actually it is relatively trivial, i gave you a command to earlier
<qy[m]>
the only issue is the packaging of that library you wanted
<cgi>
qy[m], do you know why that trace is going bad? how to fix this?
<peelz_>
qy[m]: did you? I didn't see it
<qy[m]>
peelz_: probably, yes
Desetude has quit [Ping timeout: 244 seconds]
<peelz_>
cole-h: I'm still toying with the idea. Our conversation has helped me a lot regardless. Thanks
<cole-h>
Happy to help :) Sorry if I came off as combative or generally rude.
<cole-h>
It wasn't my intention.
<bqv>
cgi: fwiw, that shell.nix and default.nix is mostly boilerplate :p not sure what's wrong with it though
<peelz_>
all good! it helps to flesh out an idea :P
<peelz_>
cole-h++
<{^_^}>
cole-h's karma got increased to 33
<cgi>
I think if nix has to be successful - it has to make itself easy to use - python/docker/ansible/... - not {};{[]}{} - perhaps its already too late to make those changes though.
reallymemorable has joined #nixos
<bqv>
cgi: so, at a base level, if you wanted to get into a shell with gcc and python, you would do `nix-shell -p gcc python38`
<cole-h>
Depending on who you ask, it already is successful.
<bqv>
the reason i said it was more complicated than that is that that python will not have the libraries you want
<bqv>
so instead you would go something closer to `nix-shell -p gcc 'pkgs.python38.withPackages (ps: [ (ps.toPythonModule (cgal_5.overrideAttrs (super: { cmakeFlags = [ "-DBUILD_PYTHON=ON" ]; buildInputs = super.buildInputs ++ [ pkgs.swig ]; }))) ])'`
<energizer>
cgi: what's going wrong with your setup is that default.nix should be a function but yours isnt
<cgi>
bqv, that looks easy enough
<bqv>
the problem with *that* is that the python module isn't being built properly
<cole-h>
cgi: And considering the language has looked ~like this for over a decade, I don't think things will change as drastically as you envision.
<bqv>
so like i said, your first problem to fix is getting that python module working
Thra11 has quit [Quit: WeeChat 2.8]
<bqv>
once that's done, that nix-shell line is ALL you need
<bqv>
default.nix and shell.nix are just convenience fluff
<bqv>
(feel free to copy the stuff in quotes into a file to edit and manipulate, i'm just not bothered by doing it all in one line but i understand how inconvenient it looks)
numkem has quit [Ping timeout: 260 seconds]
<bqv>
cgi: obviously, this wouldn't be an issue if someone had done what you're trying to do before and properly packaged python-cgal_5 in nixpkgs
<bqv>
but because nobody has, it's on you
<cgi>
cole-h, perhaps then thereis a way to do a wrapper for beginners - that takes a yml and does things on top of that internally?
<bqv>
if someone already had, you would be able to get away with something as simple as `nix-shell -p gcc 'pkgs.python38.withPackages (ps: [ ps.python-cgal_5 ])'`
<cgi>
bqv, that -p works nicely! why doesnt "which" work in nix-shell --pure? how do i get "which"?
<peelz_>
infinisil: any idea if it's possible to do something like this? `let name = "a.b"; in { a.b = 5; }.${name}`
<bqv>
cgi: you should probably avoid --pure for now, --pure means nix will *only* use nix packages in the scope
<infinisil>
Nasty stuff, you'd have to parse the string..
<peelz_>
infinisil: for real?
<peelz_>
there's no lib fn for that?
<cole-h>
cgi: That sounds like a whole lot of complexity for relatively little value. It makes it easier "now", but then if you want to contribute, you'll still have to learn its insides. If you want to write a little script on your own for some business-critical software, you wouldn't be able to because you never learned Nix.
<bqv>
which means all your system programs/libraries (including, y'know, coreutils) are no longer available
<cgi>
bqv, that is nice to have , isn't it? how do i find out which package has - > "which"
<cole-h>
cgi: It's worth it to learn Nix, if you plan on taking advantage of its ecosystem.
<bqv>
cgi: iirc which is part of coreutils, if not, it's in which. add which to the nix-shell package list and see
<infinisil>
peelz_: I guess there's builtins.split you could use to parse it
<cole-h>
,locate bin which
<cgi>
cole-h, you are right
<{^_^}>
Found in packages: which, toybox, busybox, debianutils
<peelz_>
infinisil: ruh roh!
<bqv>
but like i said, i would just avoid --pure for now
<bqv>
it's only going to cause you trouble
<cole-h>
cgi: There's also nix-index, which has a nix-locate tool that you can use -- e.g. `nix-locate 'bin/which'` would show you similar results
<bqv>
(also what's people's fetish with yaml these days..)
<cole-h>
YAML is so grody
<cgi>
bqv, anything human readable without a manual will work :)
<virus_dave>
yaml--
<bqv>
cgi: have you seen all the versions i've sent
<cgi>
bqv, no
<cole-h>
I can read Nix just fine.
<cgi>
cole-h, I can't
<bqv>
take a look at the various nix-shell lines i sent, see if you can tell the difference/what's going on with them
<cole-h>
cgi: Because you just started, what, a few hours ago? ;)
dermetfan has quit [Quit: WeeChat 2.7.1]
<bqv>
once you can, this becomes a little easier
<cole-h>
"Nothing worth doing is easy, and nothing easy is worth doing," or however the saying goes
<bqv>
feel free to ask about parts
<cgi>
cole-h, that was the fate of ruby
c382feb92 has joined #nixos
<cgi>
I will have to learn nix :) Need a break - will be back :)
<energizer>
imo nix syntax is pretty quick to learn, it's the all the packaging stuff that's complicated
<peelz_>
infinisil: I thought there were lib function that deal with attribute paths or something like that?
<peelz_>
s/function/functions/
<bqv>
nix syntax is just a weird subset of haskell with quirks, mainly. the hard part is the crazy conventions nixpkgs has going on, yeah
rsa_ has quit [Ping timeout: 256 seconds]
<infinisil>
Parsing strings is almost always a bad sign for Nix
<infinisil>
Often there is a better way to do things
<infinisil>
So I'm not surprised there aren't any functions for it
<peelz_>
infinisil: load up hnix in niv? D:
fendor has quit [Read error: Connection reset by peer]
shabius has joined #nixos
zarel has quit [Ping timeout: 240 seconds]
<bqv>
peelz_: you and/or emily may be able to answer this; am i actually missing out on anything by not having tried and not caring about niv? i feel like everything it tries to do i can do with shell.nix or flakes, i don't understand the fuss
<bqv>
especially since it sounds relatively imperative, the way most people use it
<cole-h>
I don't think it does anything flakes doesn't
zarel has joined #nixos
<bqv>
sweet
<cole-h>
If you wanted to add an arbitrary GH repo to your flake, how would you do that?
shabius_ has quit [Ping timeout: 272 seconds]
<peelz_>
bqv: just trying it out atm. Still not sure on whether I can/want to use it for my use case. Flakes are probably what I want but I don't wanna touch it until it's stable enough
<bqv>
usually, add it as a flake input
<energizer>
does flakes have an update command?
<niso>
energizer: yes
<bqv>
could pin it manually with some builtins.fetchTarball dance but that's effort
<energizer>
nice
<cole-h>
bqv: In niv, you do `$ niv add nix-community/NUR` and then `sources = import ./nix/sources.nix; nur = sources.nur;`
<bqv>
peelz_: i see
<cole-h>
(So yeah, it's somewhat imperative)
<bqv>
right...
<bqv>
yeah that's superceded by flakes then
<manveru>
niv is just something you can use already instead of waiting another half year or so :)
<cole-h>
bqv: Seeing as you're the resident flakes expert, could you paste an example of how that would look in flakes?
<emily>
bqv: I don't think it's very imperative though. you have a json file with locks and run commands to update it, same as flakes
<bqv>
> (const 1) 3
<{^_^}>
1
<niso>
so far flakes work with nixpkgs and hydra right? (but nixops is still pending)
<bqv>
emily: hm, fair enough
<emily>
bqv: I guess the "imperative" thing is that the CLI manages the source specifications for you, rather than you having to write them yourself as Nix
<cole-h>
bqv++ Thanks, I learned something new :)
<{^_^}>
bqv's karma got increased to 3
<emily>
bqv: but tbh you could argue that JSON is a more suitable format for that than Nix
<manveru>
flake lock files are json too...
<bqv>
mm, i guess. i think it makes more sense to have it all in one place, but by that logic you might want the lock file to be in nix too, which would be a potential pain
<emily>
bqv: well flakes already has the flake.{nix,lock} distinction
<emily>
same as niv except both are json in niv
<emily>
niv only handles the import part though, not the "export"
<emily>
one thing I would say is that niv felt pretty first-class for arbitrary non-nix dependencie
<emily>
whereas importing some random gnome extension as a github repo with flakes... works, but feels like the kind of thing that might break one day, I dunno
<emily>
I mean, I hope it won't, but the model seems pretty "everything is a specifically designed flake"-centric, whereas niv just deals with arbitrary fetchers
<manveru>
jup :)
<manveru>
dunno, until flakes is stable i won't touch it anymore...
<emily>
definitely don't expect great docs if you do this, the functionality is there but there's no good guides or anything beyond other people's repos
<peelz_>
emily: yeah, I assumed so :P
<emily>
another magic little line: nix.registry = lib.mapAttrs (_: flake: { inherit flake; }) inputs;
<emily>
pins all flake identifiers you depend on in your system config so that "nix run nixpkgs#..." always refers to the nixpkgs of the current system
<emily>
ymmv whether you want that or not, but I don't like randomly getting updated packages just because the channels moved even though I didn't update my system
<peelz_>
emily: what kind of black magic is that!?
<peelz_>
what exactly is nix.registry?
<genevino>
│00:25:26 <drakonis> wow, gitlab has nix icons for nix files
<freeman42x[m]>
does anyone have an online example of declaring system packages inside `configuration.nix` in a separate file that is used in `configuration.nix` ?
<emily>
freeman42x: no, but I have an inline one: environment.systemPackages = [ ... (pkgs.callPackage ./my-derivation.nix {}) ... ]
<peelz_>
emily: and what is this syntax? `nix run nixpkgs#...`
<emily>
my-derivation.nix looks like { dep1, dep2, dep3 }: mkDerivation ..., same as a standard nixpkgs package
<emily>
peelz_: terrible, is what it is :P
<emily>
it's flake#path
<peelz_>
lol
Robertof has quit [Ping timeout: 240 seconds]
<emily>
i think it's an awful character to use but i've resigned myself to the unlikelihood of it changing
zupo has joined #nixos
<peelz_>
emily: so the "flake" part is as defined in the "inputs" attrset of your system's flake.nix?
<energizer>
is @ taken?
<emily>
peelz_: it's the resolved version of the dependency, post-fetching, what you get as an input to the outputs function in your flake
<emily>
peelz_: the implementation turns it to { type = "path"; path = config.flake.outPath; }
<emily>
peelz_: my snippet means "for each resolved flake input, map [the name it already has] to [the resolved path of our version of it] in the system flake registry"
<peelz_>
emily: ngl I have no idea what's going on with nix.registry. What does mapping all inputs to `{ flake = <input>; }` do? What is `from` and `to`?
noonien has quit [Quit: Connection closed for inactivity]
Kyndig has quit [Remote host closed the connection]
sarcasticadmin has joined #nixos
<rotaerk>
anyone had issues with firefox rendering kind of being glitchy in nixos?
CMCDragonkai has quit [Ping timeout: 258 seconds]
Darkmatter66 has joined #nixos
<Yaniel>
I've had issues with it not rendering at all for a few seconds
<Yaniel>
as in just showing a transparent window
<rotaerk>
didn't used to, but it started after I switched to optimus prime and nvidia drivers
Darkmatter66_ has quit [Ping timeout: 244 seconds]
<rotaerk>
hmm, I wonder if this is my issue...
<notgne2>
emily: should be flake❄path
<rotaerk>
firefox blacklisting intel GPUs and not doing it in a way that accounts for dual GPUs
<peelz_>
emily: how do you rebuild your current nixos system with the gist you sent? `nixos-rebuild switch`? does nixos-config need to be set to something special?
<peelz_>
I will definitely be trying this out -- thanks a bunch! :)
<peelz_>
emily++ bqv++
<{^_^}>
bqv's karma got increased to 4, emily's karma got increased to 14
<notgne2>
rotaerk: I think I had something like that, but iirc it cleared up after setting `gfx.webrender.all` in about:config
<emily>
peelz_: the from is an identifier like "nixpkgs" and the to is an actual resolved source tree
<peelz_>
ohhh!
<emily>
stuff not in the local system registry is looked up from the global nixos.org registry and updated in realtime
pingiun has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<peelz_>
that's sweet
<peelz_>
and that registry enables the special "flake#..." syntax?
<emily>
no, the syntax works always, this is just for pinning the versions it uses to the ones your system does
<notgne2>
the webrender setting was also needed to make firefox go above 60fps, and to fix firefox's shitty scrolling
<emily>
so that "nixpkgs#..." is always the same package set as your local system configuration uses
<peelz_>
right, I meant pinning not necessarily enabling
<emily>
I personally prefer to keep my nixpkgs set consistent across nix run vs. system config vs. etc. rather than having one of them silently update and do network requests from under me
<emily>
so this lets me pin the identifiers to match my system configuration
<emily>
right
<peelz_>
yeah that makes sense
<drakonis>
this very clearly neds documentation
<drakonis>
needs
<drakonis>
oof typos
johnjay has quit [Ping timeout: 260 seconds]
<notgne2>
emily: I'm not really familiar with flakes or the state of them, but could they clear up an awkward issue I'm having with passing `unstable` and some other package sets into my modules (right now I've put all the configs inside yet another function that takes these package sets)
<emily>
to be fair, the RFC didn't even get merged yet :p
maddo has quit [Quit: See ya]
o1lo01ol1o has quit [Remote host closed the connection]
<peelz_>
thanks a lot emily++
<{^_^}>
emily's karma got increased to 15
<notgne2>
in my own config I'd just write like `<unstable>` but some of these are deployments where I want to pass down a pinned package set
<notgne2>
putting them in an overlay seems to create infinite recursion
<emily>
notgne2: possibly, yeah. you might also be able to get what you want just using the specialArgs functionality in general
<bqv>
notgne2: the way my flake is set up, i can use packages from four different channels in one config
<bqv>
(and i often do)
<emily>
yeah it's a pain
<notgne2>
it also becomes more awkward because sometimes I actually want the source (`<unstable>`) not the package set (`import <unstable> { etc }`) as I have replaced some modules
<bqv>
but really the only part of that made easy by flakes is that i can import nixpkgs four times rather than being stuck with once
<drakonis>
while the rfc hasnt been merged, there's nudging towards experimentation with it
<emily>
I'm gonna be honest: I don't understand why you'd use flakes but be averse to nixos-unstable
<bqv>
agreed
<emily>
one of those is a hell of a lot more reliable and polished than the other imo :P
<notgne2>
I use unstable on every machine in my house
<notgne2>
but I have a lot of machines outside my house I'm reluctant to upgrade
<drakonis>
to avoid dealing with merging too soon
<drakonis>
see nix cli 2.0
<notgne2>
there's rarely issues but I'm more comforted by "hey at least I can boot an old version if it dies", but I never want to touch IME bullshit to do so (and have a lot of running customer services)
<colemickens>
bqv: you're using HM + flakes right? can you point me at an example, or even better a "convert" commit that you might be rebasing?
cosimone has quit [Ping timeout: 240 seconds]
<colemickens>
bgv: there are some things about flakes that make me want to adopt, and I'm thinking about maintaining a flake and non-flake version for a while for comparison purposes
<colemickens>
I'm already about to start commiting on HM, so I don't mind doing branch maintenance on it. Just curious how much additional work you're having to do on-going.
<emily>
there's already a PR/branch upstream you can use
<bqv>
colemickens: yeah, me and vika_nezerimidontspeakrussian are maintaining rycee/home-manager/bqv-flakes
<bqv>
it's only four commits high, easy to rebase for now
o1lo01ol1o has joined #nixos
<colemickens>
bqv: how much work was it to move your personal nix config over to it though?
<colemickens>
(I already pin all of my imports, so it shouldn't be a huge conceptual shift for me, by any means)
<bqv>
over to flakes, or hm specifically?
<colemickens>
In fact, that's sort of why I want to be able to compare/constrast them. Manual pinning vs flakes. Plus I'm excited about this sub-second evaluation time.
<colemickens>
bqv: already did the HM move (finally, should've done long ago), so mostly just curious about your adoption of flakes.
<bqv>
it was a pain for me, for flakes, but bear in mind i was one of the first here to try and made a few dumb mistakes (Especially since nrdxp's repo was quite broken)
<rotaerk>
notgne2, thanks; didn't seem to fix my issue though
<bqv>
there's a good few examples around now, it should be a lot less painful, but ask emily for a more recent example
<rotaerk>
firefox just doesn't like
<rotaerk>
du
<rotaerk>
al
<rotaerk>
err sorry
<bqv>
or even drakonis
CMCDragonkai has joined #nixos
<rotaerk>
touched touchpad while typing
<emily>
colemickens: if you use niv already then it's basically the same model
<emily>
colemickens: you can probably do a basic conversion in an hour depending on how many external deps your config has
<emily>
if you use channels... dunno, I don't remember the last time I used channels :P
<colemickens>
okay. I sort of basically have my own manual niv that does some things I haven't managed to get it to do.
<notgne2>
rotaerk: MOZ_USE_XINPUT2=1 can fix some input weirdness in firefox
<colemickens>
yeah, no channels in side. nix.nixPath = []; :)
<manveru>
looks like nixFlakes just coredumps when trying to build my existing nixos config :P
<emily>
colemickens: my review is basically "all your problems will look like 'oh crap, I forgot to switch to nixFlakes on all my machines before making my configuration flakes-only', or 'why does nix build '(expr)' no longer work??', or whatever, rather than issues with the basic flakes stuff"
o1lo01ol1o has quit [Ping timeout: 240 seconds]
<colemickens>
emily: cool, that's a useful take. thanks
pjt_014 has joined #nixos
<craige>
Have you tried putting some milk and diced fruit in with your nixFlakes, manveru?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<manveru>
craige: i used rice-milk... i think it just can't digest that
<craige>
:-D
<pjt_014>
anyone here have merge permissions?
<pjt_014>
I'm looking thru the 20.03 milestone issues and trying to find ones that can be closed
<camlriot42>
hello, installed nixos on qemu-kvm but encountered a problem with video. I installed xf86videoqxl and spice-vdagentd. but after the startup logs, screen just blacks out.
<colemickens>
I just did the HM thing a week ago. I hate that some single concepts feel split across nixos/hm config, but otherwise I am happy I made the change.
<emily>
bqv: the knowledge of the flakes sages passed down through generation to generation... truly beautiful
<bqv>
:D
<pjt_014>
Wait: you just gave me an option setting. Did you some things with nix-env and some with the config file?
<emily>
colemickens: I mostly wish it set $XDG_CONFIG_DIRS to e.g. $HOME/something:...:/etc/xdg rather than writing to $XDG_CONFIG_HOME
<Valodim>
oh. are flakes viable for use these days?
<emily>
colemickens: so that "mutable user config" and "generated home-manager config" could be kept separate
<camlriot42>
I wrote the above in /etc/nixos/configuration.nix
<emily>
colemickens: (and you could switch them out with a single symlink twiddle)
<emily>
Valodim: works for me at least
<Valodim>
cool. I might give it a shot one of these days
<pjt_014>
camlriot42: okay, so did you do anything that started with "nix-env" on the command line? You seem to be confusing the two
<colemickens>
ah, I am trying to end up in an "erase my home darlings" situation with maybe only ~/code and ~/.mozilla persisted outside of HM, so I don't mind what happens in those regards.
<manveru>
craige: was actually daedalus that made it puke :P
<colemickens>
But I understand the desire. I feel like I've heard others discuss managing XDG config files with just nix and symlinkJoin.
fusion809 has joined #nixos
cr4y1 has quit [Ping timeout: 260 seconds]
<manveru>
not too surprised, with all that haskell.nix magic going on...
<camlriot42>
pjt_014: I first installed the packages using nix-env and then added made changes in the config file. is this not correct?
<emily>
colemickens: yeah, currently my approach is "git track all the things, no hidden files, make everything nicely organized in XDG_CONFIG_HOME=$HOME/etc", but it doesn't really gel with generating that stuff from home-manager. so maybe I should go back to ~/.config and generate it all
<colemickens>
I don't even generate all of mine. Some of it is more or less manual stow-ing, in a sense.
<bqv>
closest i got to that was running with a readonly $HOME/ for a while, but then that broke something and i couldn't track down what was breaking so i had to undo it
<camlriot42>
pjt_014: used the command nix-env -iA nixos.xorg.xf86videoqxl
<pjt_014>
camlriot42: no need to install them with nix-env first. 'If you run nixos-rebuild switch' you wil see that all the relevant files will be downloaded
reallymemorable has quit [Quit: reallymemorable]
<colemickens>
(but I will say that I converted things I didn't plan to because even nix is better than some other config langs :P)
<bqv>
i'm still in the process of migrating many of my dotfiles to HM though
<craige>
weird, manveru DEadalus has been building fine for me (see bog post). What caused the puke?
<bqv>
the only thing that makes me weep internally is emacs
<camlriot42>
ok. how to undo the install done with nix-env?
<bqv>
because there's no clean way to deal with emacs config, right now
<emily>
colemickens: I'm on the fence about whether I should convert, e.g. a simple YAML config with no external dependencies to a more Nix-y format, tbh. it's nicer for future templating at the expense of making it a pain to ever show upstream my config or whatever
<manveru>
craige: with flakes?
<emily>
(also there's no builtins.toYAML that actually indents things so it sucks a bit unless you go the work of manual conversion, but that can be worked around)
thc202 has quit [Ping timeout: 240 seconds]
<camlriot42>
pjt_014: any guides to setup video correctly for nixos on qemu-kvm?
<craige>
No. Straight up build from the source.
<pjt_014>
you technically don't need to because it's not interfereing with anything anyway, but if you want to be tidy that'd be 'nix-env -e xorg.xf86videogxl'
<manveru>
craige: yeah, that works for me as well, it just crashes with nixFlakes
<pjt_014>
camlriot42: I'll look
<camlriot42>
ok
<colemickens>
emily: yeah, agree. though `cat ~/.config/sway/config` still works for sharing
<energizer>
emily: since json is a subset of yaml you can use toJSON instead
<colemickens>
granted I do my variables in nix so it's a bit verbose, but that's tolerable
<emily>
colemickens: yeah but that gets worse the more awful and generated it is, for instance if your YAML is actually a single line of JSON
<craige>
I'm still too busy wrangling my databases over to 20.03. Migrated a dozen machines, no problems. The machine with my core services - brokem databases all the way dow, Rollback has been my saving grace as I iron the wrinkles at a glacial pace.
<emily>
energizer: yeah. in practice what I do is generate JSON then use runCommand + the remarshal package to convert it to nicely formatted yaml.
<colemickens>
haha yeah, good point
<gchristensen>
sometimes I'll builtins.toJSON and then pass it trhough a jq builder
sarcasticadmin has quit [Ping timeout: 260 seconds]
<cole-h>
^
<cole-h>
I was gonna suggest that
<emily>
craige: did you try to update system.stateVersion?
<emily>
craige: you don't have to do that and it'll usually just break things
<craige>
No.
<emily>
ok, just checking
<emily>
colemickens: tbh, in the long run I'll probably want to move in that direction even for things that currently have no templating -- like there's config files that have "derived output" right now
<emily>
colemickens: (stuff inlining values from my colour scheme rather than having them computed directly by the script that generates it)
<craige>
Most of the problems have been short coming inmy database setups. None have yet been something I that allows me t point the finger away from myself :-)
<emily>
so I should probably just put the bullet and make it all nix-y
<pjt_014>
camlriot42: what command are you trying to launch it with? qemu-something imgfile.img or such?
<camlriot42>
pjt_014: I'm using virt-manager
mbrgm_ has joined #nixos
<colemickens>
emily: those are definitely the kinds of things that are now lined up and make me feel happy about taking the (half, er, more maybe with distractions) day to do it.
<emily>
colemickens: it just feel a little sad to have a generation and symlinking step for every single thing when I'd rather move to a world where everything is more declarative and involves less pre-baking
mbrgm_ is now known as mbrgm
mbrgm has quit [Ping timeout: 240 seconds]
<craige>
The final hurdles is, hopefully just getting ri of my very bespoke, nay, artisanal deployment of Hydra and building it again from scratch.
<emily>
but the advantages are probably worth it, since after all nixos involves many of the same tradeoffs
<colemickens>
I mean, it's certainly a bit jarring when Sway resets itself when I randomly want to fire up docker or libvirt :P
<gchristensen>
eh?
<gchristensen>
colemickens: what kind of magic is that? :)
<pjt_014>
camlriot42: I haven't used virt-manager, but there do seem to be some config options under virtualisation.libvirtd that ought to be relevant
jbrock has joined #nixos
<colemickens>
With HM managing the Sway config, Sway gets poked to reload config whenever it rebuilds afaict.
<colemickens>
my mistake, it looks like that should only happen when I change my sway config. probably that I updated something and forgot until I rebuilt.
<gchristensen>
I should probably look at HM
<camlriot42>
pjt_014: could you point me to the relevant doc. virt-manager is gui like virtualbox for libvirtd
<emily>
colemickens: my favourite behaviour like that is how gdm kills itself whenever accounts-service changes
<genevino>
i'll probably be the last user of i3 on this planet before i switch to wayland
<emily>
(dunno if that's a nixos bug or something in my config, I worked around it locally but didn't see anyone else experiencing it)
<notgne2>
genevino: nvidia?
<colemickens>
I think I've been away from gnome long enough to have forgotten some quirks and missed out on a new generation of some :P
<genevino>
notgne2: depends, most of my computers have intel graphics.
<emily>
colemickens: it's nixos from deciding that the service has changed and urgently needs restarting
<emily>
and gdm, like, needing that service
<emily>
and restarting gdm killing all your open sessions
<energizer>
gchristensen: one especially slick thing HM does is cleaning up dotfiles that have been removed from the config in home.activation
<emily>
or something like that
<gchristensen>
nice
<notgne2>
genevino: in my nix config it's dynamic, so if I have nvidia graphics loaded it uses i3, otherwise sway (with the same equivilent config)
<genevino>
notgne2: well i wasn't aware that you couldn't use sway with nvidia.
johnjay has joined #nixos
<genevino>
notgne2: but that being said, my last nvidia gpu is more than 10 years ago and i'm not planning on buying something nvidia anytime soonish.
<craige>
and the last machine finally gives over to 20.03 and my configs should now be more upgrade resilient. (apart from having to rebuild hydra)
<notgne2>
i want off mr bones wild ride
<genevino>
i'm an old fashioned person, i won't switch to wayland unless i see that the majority of people around me ditches xorg.
<rotaerk>
my firefox context menu if I move the mouse cursor up and down over it
jbrock has quit [Client Quit]
<bqv>
pjt_014: oh, you use anbox?
<colemickens>
camlriot: what does "setup video right" mean? I use virt-manager and it mostly just works?
jbrock has joined #nixos
<colemickens>
camlriot: there is one nixos trick to fix spice usb forwarding though.
<bqv>
oh no, nevermind
<pjt_014>
no, I just know that it's an android tool and not what's beeing looked for here
<pjt_014>
I think
<rotaerk>
notgne2, that weird distortion also affects page content rendering, as well as video streaming
<colemickens>
notgne2: you mean nvidia promising stuff? they're one of those companies where I have a hard time understanding why people even report those rumors. why give them the curtosey. and they canceled the recent announcement that seemed like it might be related.
<energizer>
cole-h: if you want something cleaned up you have to put it under `lib.hm.dag.entryAfter ["writeBoundary"] ''` (see `home.activation` under `man home-configuration.nix`). the `xdg.configFile.<name>` options get cleaned up in that manner
<camlriot42>
Cole Mickens: scaled display. I went through the installation using the plasma live cd.
<genevino>
notgne2: i feel about the whole thing the same as i feel about stuttering animations in user interfaces. if you can't make it not suck, don't use animations. just make things pop up and accessible. it's that simple.
<colemickens>
notgne2: but yeah, I have sort of repeatedly heard them posturing like they have a better buffer management solution Coming Soon TM
<colemickens>
but I still think it requires convincing some more people for Sway to adopt that, if/when it does happen
<cole-h>
energizer: I put mine after linkGeneration, which is after writeBoundary
<colemickens>
sorry, way OT, I digress.
<camlriot42>
then made config changes to scale the video. but ultimately those changes have made the screen to crash
<energizer>
colemickens: that sounds like a malfunction. maybe check with rycee?
<genevino>
old habits die hard. i won't just switch to another major part of my setup just because people tell me to.
<camlriot42>
Cole Mickens: are you able to get the full screen display.
<colemickens>
I'm not really tracking, sorry. Your main NixOS display is scaled? And you don't want the guest to be?
<colemickens>
camlriot: that's dependent on a lot of things.
<energizer>
camlriot42: you can probably type colem and then Tab to autocomplete the nick
<notgne2>
rotaerk: is that only in firefox? I haven't seen anything like that before (though I don't have any dual-GPU laptops)
<colemickens>
camlriot: that depends on the guest, the current spice configuration, etc
<camlriot42>
my guest is nixos on debian host
<rotaerk>
notgne2, yeah, doesn't seem to happen with anything else. I even have the Discord desktop application installed, and it doesn't do that
<cole-h>
camlriot42: They did, but they're probably on matrix, which tab completes to their matrix name
<cole-h>
Err
<cole-h>
energizer: ^
<colemickens>
camlriot: oh, I see. if it's a new VM to play with, you could always just blow out your home directory and start from scratch?
<cole-h>
(sorry camlriot42 )
<pjt_014>
camlriot42: wait so all the config editing was on your guest?
<energizer>
cole-h: oh good call
<camlriot42>
yes
<camlriot42>
pjt_014: yes
<colemickens>
Is the "my full name as a Matrix nick" a complete PITA for IRC users? I'll change it back.
jbrock has quit [Remote host closed the connection]
jbrock has joined #nixos
<pjt_014>
It *might* be debian that is not configured right
<notgne2>
which is honestly confusing because the + could've easily been an s
<energizer>
colemickens: i dont think it affects us really, i just misunderstood what was happening with caml
<notgne2>
oh I guess weechat reserves that part of the line for + or empty
<energizer>
us (irc users)
<colemickens>
pjt_014: I assumed the UI was just breaking in the guest because plasma is trying to configure the display incorrectly now
<rotaerk>
I'll just put up with this firefox distortion for now; maybe it'll be fixed eventually >_>
<notgne2>
rotaerk: is it using NVidia drivers? if so, which ones
<rotaerk>
and I'm great at coping
Robertof_ has quit [Quit: Leaving]
<camlriot42>
Cole Mickens: I read about those configs on a reddit thread.
<colemickens>
camlriot: hm, I don't really know what those configs are, if you can show me I'll take a look.
<rotaerk>
notgne2, well, my configuration.nix just has services.xserver.videoDrivers set to [ "nvidia" ]
<colemickens>
camlriot: can you get to your display manager at least?
<rotaerk>
but I also have hardware.nvidia.prime.offload.enable set to true
* colemickens
tries to remember where KDE sticks the monitor config
<rotaerk>
which I believe means that programs will by default use my Intel GPU
<notgne2>
rotaerk: what kernel version are you on
<rotaerk>
and then if I prefix with `nvidia-offload` it will use my nvidia GPU
<rotaerk>
e.g. `nvidia-offload firefox`
<rotaerk>
but both with and without the offload, I get that weird distortion
<rotaerk>
using 5.6.4
<rotaerk>
think I saw the problem with 5.4 as well, but I'm not sure
orivej has quit [Ping timeout: 260 seconds]
<camlriot42>
Cole Mickens: installation finished successfully and I could login with sddm. but after I made added the qxl and spice-vdagentd config the screen just blacks out. no display-manager
<camlriot42>
* Cole Mickens: installation finished successfully and I could login with sddm. but after I added the qxl and spice-vdagentd config the screen just blacks out. no display-manager
<elvishjerricco>
niso: Unfortunately I don't think that was ever really "the" recommended way :P It's just the jank I put together. I don't actually think it's all that good.
<elvishjerricco>
Two reasons:
<elvishjerricco>
1) Requires nixops, which I don't like using for my desktop
<genevino>
i actually had major problems with using nixos with graphical desktops inside a qemu-kvm vm, but once i started to just use laptops (i have a bunch of old x220's lying around here) everything was fine.
<elvishjerricco>
2) Can't do binary keys
<colemickens>
camlriot: oh, did you chagne anything in KDE, or just in the host's virt-manager settings?
<elvishjerricco>
3) Obsolete keys aren't deleted
<niso>
elvishjerricco: kinda curious, why 1)
<cole-h>
colemickens: The only annoying part of matrix is when people edit their messages and/or post yuuuge messages. I think your name is fine as-is
<cole-h>
niso: Maybe because it's overkill? :P
<camlriot42>
I did not make any changed in either KDE or virt-manager. Just the change in configuration.nix
<elvishjerricco>
niso: It's very slow (evals your config like three times per command). And it doesn't offer anything for the desktop except keys, which it's bad at
<energizer>
cole-h: what happens when people edit messages?
<colemickens>
camlriot: this is hard to help with if I don't understand the changes made. can you link me to the reddit thread or a summary of the exact changes you made?
<niso>
cole-h: i'm currently in the middle of migration - and so far it was somewhat plesant (and hopefully cuts down on maintenence time)
<colemickens>
If you only made changes in NixOS, then your easiest option is to just boot an old generation, which should still be available to you, if I understand correctly now.
<cole-h>
energizer: It reposts the modified message in its entirety, prefixed by an asterisk
<niso>
elvishjerricco: hmm, i see thanks. means you switched back to configuration.nix based configs?
<energizer>
cole-h: i see
<elvishjerricco>
niso: I think the only way I could improve nixops' bad key management without making a bunch of changes to nixops would be to keep keys in tmpfs and run `nixops send-keys` on startup before any important services run.
<colemickens>
for example
<colemickens>
* for example, this is a test
<elvishjerricco>
niso: Nope :P Still use this jank
<cole-h>
^
<elvishjerricco>
Really want to swap out with something else though
<niso>
elvishjerricco: agree, i also considered patching nixops, however currenlty i'm kinda scared touching it since it seems to be under heavy development
<elvishjerricco>
niso: Yea. It'd also just be a little bit of a complicated change. You'd have to do for keys what nixos does for `/etc`
<elvishjerricco>
Which is exactly what it SHOULD do
<colemickens>
I uh, I'm still absolutely lost.
<colemickens>
I still don't understand what you were trying to do.
<colemickens>
Anyway, boot an older generation to get unblocked at least.
<camlriot42>
> If you only made changes in NixOS, then your easiest option is to just boot an old generation, which should still be available to you, if I understand correctly now.
<camlriot42>
Yes. but not much fun in using a tiny display :(
<{^_^}>
error: syntax error, unexpected IN, expecting ')', at (string):306:26
<niso>
elvishjerricco: well, actually it would be quite nice if standard nix(os) would support password-managers too
<elvishjerricco>
niso: But actually, I'd most prefer for key placement to be done at activation time somehow. No idea how to get keys from a password manager at activation time, but it'd solve a lot of problems
<colemickens>
I don't understand why it's tiny though camlriot :/
<elvishjerricco>
niso: Yea, one nice thing about activation time secret deployment is that it could be done with standard nixos
<emily>
elvishjerricco: hm, what would the obstacle be?
<emily>
activation scripts should be able to access password managers fine
<rotaerk>
notgne2, to give a bit more history: I upgrade nixos fairly infrequently. I was previously on kernel 5.3, and I had videoDrivers set to just [ "modesetting" ]. in that context, firefox was just fine
<elvishjerricco>
emily: Getting the password from the user
<emily>
elvishjerricco: for something like pass(1), you'd just need to ensure the gpg agent socket environment variable was set correctly
<rotaerk>
then I decided to upgrade nixos, 5.3 was no longer available, so I tried 5.4 and 5.6, and both of them suddenly had this issue
<rotaerk>
and switching from modesetting to nvidia (and also enabling optimus prime) didn't resolve it
<elvishjerricco>
emily: Activation is run at boot in pid 1 before systemd is started
<elvishjerricco>
So no gpg agent
<elvishjerricco>
And no... a lot of things
<emily>
elvishjerricco: oh, for initial boot, yeah. well, there's nothing actually stopping you running a gpg-agent though :P
<elvishjerricco>
emily: Gross :P
<emily>
elvishjerricco: in fact, I sort of plan to move in that direction so I can enter one PIN at startup and have the disk encryption key decrypted by my yubikey
<elvishjerricco>
emily: That's a really cool idea...
<emily>
gpg is gross, yeah. unfortunately there's no other option protocol-wise for ed25519 decryption with my yubikey
<emily>
it doesn't support ed25519 over pkcs#11
<emily>
also pkcs#11 isn't really that much less gross protocol-wise, though you can at least avoid gnupg
<notgne2>
rotaerk: I can't seem to figure out what's going on though, I have a slight feeling that it's still somehow using NVidia though, as artifacts like that happen a lot more on NVidia
<niso>
emily: why would you avoid gnupg?
<cole-h>
It's a pain, tbqh
<emily>
niso: it's a misdesigned legacy 90s mess that is insecure in almost any configuration and inconvenient in evrey configuration
<rotaerk>
notgne2, I do see errors in the graphics section if I go to about:support
<elvishjerricco>
emily: So keep the LUKS key in an encrypted file on /boot. Have initrd use gpg to decrypt it and copy the output to tmpfs. In the meantime, also use the spawned gpg agent to deploy passwords with pass... Cool
<emily>
happily my ssh keys no longer use gpg-agent, I have FIDO ones now with the OpenSSH 8.2 support
<emily>
but I also have to keep a gpg-agent around for a regular ssh-ed25519 for legacy servers like GitHub that don't support them :'(
<emily>
so I run both ssh-agent and gpg-agent in ssh agent mode...
<emily>
elvishjerricco: yep
<colemickens>
camlriot: I'd definitely recommend trying to remove the videoDrivers line and trying again
<niso>
hmm i see, thnaks
<colemickens>
I suspect you removed whatever driver was working.
<colemickens>
I don't really know what all hardware-configuration.nix pulls in when you do an install in a qemu/kvm guest though, maybe it already includes that?
<emily>
niso: for general signing/encryption there's nice alternatives like https://jedisct1.github.io/minisign/https://github.com/FiloSottile/age, for authentication FIDO2/WebAuthn have much better privacy and crypto than OpenPGP-based designs, for "existing cryptosystems that people can actually use to communicate e2e securely" Signal and Matrix and ... kinda blow PGP out of the water
<emily>
but unfortunately I'm limited by other tooling and my hardware token's protocol support
<elvishjerricco>
emily: Only issue is... currently my keys get backed up automatically with znapzend :P And they're on ZFS so I can't get a corrupt file (dunno if corruption prevents decryption outright).
gustavderdrache has joined #nixos
proofofk_ has quit [Remote host closed the connection]
jbrock has quit [Quit: jbrock]
<elvishjerricco>
Oh but /boot can just be an unencrypted zfs file system that also gets backed up with znapzend. Duh