<aleph->
Hmm, how would I set up a virtual eth in nixOS? Curious if anyone has done this. Trying to emulate a second NIC via a virtual eth and a bridge.
<{^_^}>
[nixpkgs] @marsam opened pull request #86276 → buildDunePackage: add support for parallel build → https://git.io/Jfm5k
xkapastel has quit [Quit: Connection closed for inactivity]
<qy[m]>
Come to think of it, with my desktop nixos being so light, maybe I could experiment with replacing systemd with s6 in nixpkgs
chip[m] has joined #nixos
<qy[m]>
At least on the level of everything I use. Then at least there's some data for how to make a supervisor interface
<{^_^}>
[nixpkgs] @adisbladis opened pull request #86278 → nixos.users-groups: Set up subuid/subgid mappings for all normal users → https://git.io/Jfm58
bhipple has joined #nixos
<Jonathan69>
I am trying figure out how to control QT themeing. I had something which was working somehow before I upgraded to NixOS 20.03.
<Jonathan69>
I am using qt5ct. The problem I am trying to solve now is how to install a theme for it.
<Jonathan69>
I guess themes are supposed to be installed into /share/themes? How does that work in NixOS? I tryied installing a QT theme from nixpkgs but qt5ct does not see it.
felixfoertsch has quit [Ping timeout: 244 seconds]
felixfoertsch23 is now known as felixfoertsch
vykook has joined #nixos
fresheyeball has quit [Quit: WeeChat 2.7.1]
user_0x58 has quit [Quit: Leaving]
ddellacosta has quit [Ping timeout: 260 seconds]
<qy[m]>
If I got a penny for every time that question got asked…
<Jonathan69>
lol
<Jonathan69>
I wish the NixOS wiki was as extensive as the Arch Wiki.
<qy[m]>
<Jonathan69 "I guess themes are supposed to b"> Short answer is, it doesn't (work), and the pr to make it work has been relegated to purgatory for whatever reason
<Jonathan69>
Ah, so is there no way to use a theme?
<Jonathan69>
energizer: I installed `libsForQt5.qtstyleplugins` for some reason when trying to figure this out, but I do not see what it is actually supposed to do.
<energizer>
Jonathan69: i believe that just downloads the theme files
<mog>
when im in my nix-shell i want to have a folder called /build exposed to it. how do i do this? it seems like it should be possible with fhsuserenv
<Jonathan69>
energizer: `libsForQt5.qtstyleplugins` is a theme downloader?
<qy[m]>
I wonder if I could abuse flakes to unconditionally patch nixpkgs
vykook has joined #nixos
tno has joined #nixos
<drakonis>
qy[m], you can, yes.
<qy[m]>
So I can still keep up with the official stuff, but also have some changes applied
<qy[m]>
Seems plausible
<drakonis>
very doable, yes.
<energizer>
what's the difference between doing it with flakes and just using a regular overlay?
<qy[m]>
@freenode_drakonis:matrix.org: have you done so?
<drakonis>
its the ~future~
<drakonis>
not yet no
<drakonis>
but it should be doable
<qy[m]>
Overlays don't change modules.
<{^_^}>
[nixpkgs] @Ericson2314 opened pull request #86283 → meson: Fix my mistakes → https://git.io/JfmdN
<qy[m]>
> pkgs.nheho.version
<{^_^}>
attribute 'nheho' missing, at (string):307:1
<energizer>
do you mean that overlays don't affect the `pkgs` that modules receive, or just that overlays are only about changing packages, not modules
organixpear has joined #nixos
trubi has quit [Read error: Connection reset by peer]
<infinisil>
mamo: No idea what you mean, but the answer is probably No. Consider giving more information of the problems you're having
vykook has quit [Ping timeout: 240 seconds]
<mamo>
so firefox need codecs to view some videos, i was wondering if ffmpeg is installed inside a container lix nix will it still be able to deliver the codecs to firefox or not?
<ornxka>
firefox wont know to look in the nix store for your codecs
<mamo>
and if not how nixos is solving this
<infinisil>
What kind of codecs are we talking?
<qy[m]>
Hey kid, wanna buy some codecs?
<qy[m]>
I got the best deals
<ornxka>
my mom always told me not to use codecs of dubious provenance
<qy[m]>
Lix nix is my favourite operating system now though
vykook has joined #nixos
<simpson>
I almost wish that we lived in a world where Firefox needed codecs to play videos, in the same way that a pylon requires minerals to warp in.
<infinisil>
mamo: It looks like the Firefox built by nixpkgs has enableFffmpeg enabled by default
<simpson>
mamo: Would you be able to use Firefox from nixpkgs? That might work.
<ornxka>
to be frank i have not even thought of the word "codec" in the past five years of linux usage
<mamo>
like H.264
<qy[m]>
<ornxka "to be frank i have not even thou"> apt-get install divXplayer
<ornxka>
ahaha oh god no
<infinisil>
mamo: What distro are you using that gives you a firefox that can't even play H.264?
<infinisil>
That's like one of the most common formats!
<mamo>
clear linux it has nothing at all
<mamo>
made by intel
<mamo>
i am using ubuntu too , but i don't have any problems in ubuntu for this matter
<ornxka>
ive never even heard of clear linux...
<Yaniel>
it's almost as if clear linux was made purely for benchmarking
<ornxka>
lol
<Yaniel>
and not for normal use
<ornxka>
anyway try installing firefox inside of nix
waleee-cl has quit [Quit: Connection closed for inactivity]
jbrock has quit [Quit: jbrock]
jbrock has joined #nixos
mamo has quit [Remote host closed the connection]
jbrock has quit [Client Quit]
jbrock has joined #nixos
xkey has joined #nixos
vykook has quit [Ping timeout: 265 seconds]
<bdju>
nearly filed a package request for something that appears to be packaged because it didn't come up in my search. I wonder why the search fails me like this
<bdju>
I just used "nix search". Is it normal that it won't find any results for some terms?
<cole-h>
worldofpeace: ^ Would you mind merging this as soon as borg is happy? It's possible to make fish hang indefinitely (at least, until interrupted a few times) when `eval`'d in conjunction with e.g. fzf
<bdju>
I was gonna request Taisei be packaged and found this so thought it was already, but looks like this never got merged
<bdju>
I thought I had another search problem recently and so I was starting to lose faith in the nix search, but I can't recall what the other thing was
<srk>
iqubic: correct. it's nix repl now (nix-repl is deprecated)
<iqubic>
Cool.
<DigitalKiwi>
someone shared this a long time ago it might be useful; nix run nixpkgs.jq nixpkgs.fzf -c bash -c "nix-instantiate --eval --json -E 'builtins.attrNames (import <nixpkgs> {}).vimPlugins' | jq '.[]' -r | fzf"
<sphalerite>
jakobrs: I'm not sure there's a specific setting for it, but you could set it to a big number e.g. more than the age of nix itself
<iqubic>
,fancy-uninstall
<{^_^}>
Fancy way to uninstall packages, needs fzf installed: nix-env -q | fzf | xargs -I{} nix-env -e {}
<iqubic>
that's what I was looking for.
<srk>
nice ;)
<iqubic>
If I install a package with nix-env, then I can use that to purge the package from my system
mallox has joined #nixos
opthomasprime has joined #nixos
ChengCat has joined #nixos
<iqubic>
I rarely ever install things with nix-env, and when I do it's usually a temporary thing I'm using for testing.
opthomasprime has quit [Remote host closed the connection]
<srk>
,imperative
<{^_^}>
nix-env has multiple drawbacks as an imperative package manager. nix-env -u will sometimes upgrade to the wrong thing; the outputs to install are very finicky to override; and packages that have been removed or are otherwise unavailable will remain in your profile without any warnings. Consider using a ,declarative setup instead.
<srk>
lol, it even links to another one <3
<srk>
,declarative
<{^_^}>
There are multiple ways of managing declarative profiles. 1) Attrset, compatible with imperative use of nix-env https://git.io/fAQHW ; 2) buildEnv, providing more control over the paths that are linked into the profile https://git.io/fp0aU ; 3) home-manager, providing nixos-like config for your ~ https://github.com/rycee/home-manager
<iqubic>
srk: It is precisely for those reasons that I only use nix-env for testing.
jbrock has quit [Quit: jbrock]
vykook has joined #nixos
jbrock has joined #nixos
<srk>
yep :) I've stopped using it and only use nix-shell(s) and home-manager
<sphalerite>
srk: maybe →#bottest if you're going to be looking through many more factoids :)
<ChengCat>
I am trying to setup an alternative binary cache, but it seems that `nix.binaryCache` doesn't work with `nixos-rebuild switch`?
<srk>
sphalerite: yup, I know :)
<iqubic>
Like just the other day I needed to use curl to test some things, and I found out that I don't actually have curl installed globally.
<sphalerite>
srk: or message {^_^} directly
opthomasprime has joined #nixos
<sphalerite>
ChengCat: it doesn't apply until after the new configuration has been activated
<LnL>
I still use it for things that become a bit annoying to need a shell for each time
<ChengCat>
sphalerite: Oh, I get it. Thank you!
<sphalerite>
ChengCat: you can make it effective for the nixos-rebuild call by also passing `--option substituters https://foo`
<{^_^}>
[nixpkgs] @DamienCassou opened pull request #86294 → Fix man pages in i3-gaps → https://git.io/Jfmjx
zebrag has joined #nixos
alp has joined #nixos
knupfer has quit [Read error: Connection reset by peer]
nschoe has joined #nixos
nschoe has quit [Client Quit]
zebrag has quit [Quit: Konversation terminated!]
proofofkeags has joined #nixos
<iqubic>
Compiling ghc 8.10.1 has taken my computer over an hour.
<bqv>
an hour? that's nothing. compile chromium next
tobeportable has joined #nixos
iceypoi has joined #nixos
<bqv>
you should try gentoo someday, i come from there. several packages require you to leave your computer running overnight in the hope that they're done when you wake up
<bqv>
(some were not!)
<iqubic>
I have used Gentoo in the past. It's an interesting distro.
<bqv>
portage is wonderful, but nixo managed to pry me from it
icey_ has quit [Ping timeout: 244 seconds]
proofofkeags has quit [Ping timeout: 246 seconds]
<iqubic>
Yeah. I went from Gentoo to Arch then to NixOS.
<bqv>
how do you go from gentoo to arch...
<energizer>
iqubic: what's next on the list?
<bqv>
qubes ;)
<iqubic>
bqv: the compile times on gentoo were too long for me, but I wanted bleeding edge software.
<bqv>
to be fair, i am very excited to see what comes after nixos. i still consider this distro an experiment, something way better thought out and polished will come later, and learn from all the mistakes of nixos
<energizer>
has someone written down all the mistakes of nixos?
<bqv>
and it'll win, because it doesn't have to deal with maintaining compatibility with all people's legacy configurations
<iqubic>
NixOS has mistakes??!?!??
<energizer>
iqubic: you can tell it does because it's pretty annoying to use
<bqv>
not even the sky has a ceiling, my dude :)
<iqubic>
energizer: That's a fair point.
<iqubic>
Even doing simple stuff in Nix is a pain.
<energizer>
does qubes have a working system that people are using for their daily driver?
<bqv>
i don't see that as being an improvement over nix
gxt has joined #nixos
cr4y1 has quit [Remote host closed the connection]
<bqv>
it's not the technology that's the problem
tsrt^ has joined #nixos
gxt has quit [Remote host closed the connection]
<bqv>
nix itself is fine, nix*os* is the thing that probably needs another step of evolution
<energizer>
nix aint fine
gxt has joined #nixos
<bqv>
what isn't fine about nix?
hlisp has quit [Remote host closed the connection]
braunse has joined #nixos
<energizer>
for starters, it's untyped, the store is world-readable, nixpkgs relies heavily on bash (bash! in 2020!), ...
<srk>
fixable :)
seku has joined #nixos
<bqv>
yeah, i don't see any of those as explicitly requiring a second generation of nix-like tools
<manveru>
at least it's not python...
<makefu>
bash holds the world together
<energizer>
oh come on
* srk
off to hack on hnix :D
<manveru>
:D
<bqv>
i'm not saying those aren't issues, they're the difference between "fine" and "perfect"
<bqv>
but they're not things that mean we should drop nix and build again from scratch
<bqv>
and yeah i thank the good lord every damn day that it's bash and not python
<bqv>
execline would be cool though...
<energizer>
the store should be an object-capability system that passes you build artifacts if you pass it a derivation, not a world-readable collection
<bqv>
you mentioned :p that can be done with full backwards compatibility
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):308:10
hlisp has joined #nixos
<bqv>
mm, i disagree with him. it's pretty damn shortsighted to think that that scale of treewide manipulation can't be done. i mean the content-addressible RFCs plan on literally rewriting the entire nix store
<bqv>
there's plenty of scope, it *can* be done
<energizer>
well i'll defer to the experts :)
<bqv>
appeal to authority is a fallacy my dude :p but up to you
user_0x58 has quit [Quit: Leaving]
hlisp has quit [Remote host closed the connection]
<energizer>
i wasnt trying to exclude you from that group!
hlisp has joined #nixos
<bqv>
haha, i guess i auto-excluded myself then. :D
turlando has quit [Read error: Connection reset by peer]
thc202 has joined #nixos
knupfer has quit [Read error: Connection reset by peer]
knupfer has joined #nixos
Synthetica has joined #nixos
ris has joined #nixos
ris has quit [Ping timeout: 246 seconds]
orivej has joined #nixos
<sauyon>
so I'm using home-manager and I'm getting "No such file" errors from tar when doing a nix-channel --update
<sauyon>
I tried going to the link it claimed to be downloading from, and that seems to be live.
<sauyon>
`nix doctor` says I have two versions of `nix` on my path, not sure how that's happened or how to fix it.
niksnut has joined #nixos
<bqv>
"hiya everybody" "hiya doctor nix"
<bqv>
there's multiple in my path too
<bqv>
i reckon it's fine
stree has quit [Read error: Connection reset by peer]
stree has joined #nixos
stree has quit [Read error: Connection reset by peer]
stree has joined #nixos
avn has quit [Ping timeout: 246 seconds]
avn has joined #nixos
ramses_ has joined #nixos
<ramses_>
Hey guys, when I run "nix-env -iA nixos.python3Packages.docker" and then do "import docker" in a python REPL, it says module not found. Did I miss something? Am I not supposed to install python packages like this?
vika_nezrimaya has joined #nixos
<vika_nezrimaya>
Oh noes looks like something's wrong with cache.nixos.org keys!
<vika_nezrimaya>
Nix gives me "error: public key is not valid" when I try to use nix run nixpkgs#<anything> -c <anything>
<makefu>
ramses_: you need to use python.withPackages
<makefu>
nix-shell -p '(python3.withPackages (pkgs: with pkgs;[docker]))'
<bqv>
vika_nezrimaya: works for me
<niksnut>
vika_nezrimaya: what does trusted-public-keys in /etc/nix/nix.conf say?
<vika_nezrimaya>
I assume the last one is the default NixOS cache key
<niksnut>
yes
<ramses_>
makefu: but, for unfortunate reasons, I need to do this from ansible... Is there anyway to install the module so that it's accessible by default?
<vika_nezrimaya>
I'll try to remove the first one, it's obsolete anyway
<bqv>
`nix run nixpkgs#cmatrix -c cmatrix` ran fine for me with cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
<vika_nezrimaya>
does this mean that I'm... under attack?!
<makefu>
ramses_: on a system which is not running nixos?
<ramses_>
makefu: yes, I am targetting nixos systems
<makefu>
ramses_: add python.withPackages to your environment.systemPackages
<vika_nezrimaya>
ok I'll try to set defaults for both substituters and public keys
<vika_nezrimaya>
build from a dirty flake, check if it works, then commit
<vika_nezrimaya>
yay, works
<ramses_>
makefu: yeah... I was trying to avoid this and I would prefer to just install this module at the start of the playbook and remove it after, not to clutter the system profile with packages that are only needed because a vendor insists on using ansible
<ramses_>
makefu: but I cannot specify something like nix run for ansible's python interpreter, I tried that, it only accepts an executable but no parameters
<ramses_>
I cannot find a way to setup the env so that ansible finds the required python modules without having to install them in the system profile
<ikwildrpepper>
ramses_: did you use -c ?
<ikwildrpepper>
ramses_: do you have an example?
<ikwildrpepper>
(not familiar with ansible)
vika_nezrimaya has quit [Ping timeout: 256 seconds]
<makefu>
ramses_: why does ansible need the docker module anyway?
<makefu>
if you have the chance, then i highly recommend that you use nixos config instead of ansible :)
<ramses_>
ikwildrpepper: what would the nix run command look like? I can't seem to be able to give it any expression with withPackages that it accepts
<ramses_>
But I tried setting the ansible interpreter to nix-shell and it complained about the arguments, it seems to only accept a path to the python executable
<ramses_>
makefu: I would if I could ;)
pjt_014 has quit [Ping timeout: 240 seconds]
<bqy>
@freenode_makefu:matrix.org: I know make-fu
<ramses_>
makefu: because it sets up a docker swarm cluster running on nixos servers. Is this something that's supported by nixos config anyway? I don't see how to configure swarm, define services, etc
hlisp has quit [Remote host closed the connection]
CcxWrk has joined #nixos
<ramses_>
makefu: is there any way to *add* a python package to a config that already has python in system packages? As in, if I install plain python in configuration.nix and then add python.withPackages in a host-specific module, it seems like the python that ends up in my PATH still does not have the module available, but if I remove the entry from
<ramses_>
systemPackage in configuration.nix, it works
Fare has quit [Quit: Leaving]
hlisp has joined #nixos
statusfailed has quit [Remote host closed the connection]
statusfailed has joined #nixos
<{^_^}>
[nixpkgs] @flokli merged pull request #86208 → linux: do not depend on systemd indirectly → https://git.io/JfmWv
<pingiun>
you can do more zfs tricks with more ram of course
<pingiun>
but I also want my script to work on a 1GB linode (nanode)
<hyper_ch>
zfs does like ram
<hyper_ch>
1gb is low IMHO for zfs
alp_ is now known as alp
<pingiun>
hyper_ch: I use a 1GB nanode with NixOS just to run bind
<pingiun>
the zfs part is just for the "opt in to state" part
<pingiun>
and it works fine
<ramses_>
pingiun: I use only zramswap on most of our servers, no physical swap partition
magnetophon has joined #nixos
<ramses_>
makefu: agreed, but it seems like ansible only offers very limited functionality in this regard and only accepts simple paths to an executable
<ramses_>
I will modify my config so that I can specify additional python packages on a per-host basis
<pingiun>
ramses_: what is the benefit of zramswap?
<ramses_>
pingiun: doesn't take up disk space and it's faster
<ramses_>
But clearly it still uses RAM, so less efficient in creating more space in memory
stree has quit [Read error: Connection reset by peer]
stree has joined #nixos
<Philonous>
If a package has been updated on github, how long does it usually take for it to land in the respective channel? E.g. xfce.xfce4_genmon_plugin was updated to 4.0.2 14 days ago in the nixos-unstable branch, but I'm still getting the old version when I'm trying to evaluate the derivation from the nixos-unstable channel
morgrimm has quit [Ping timeout: 246 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
grumble has quit [Quit: Well, would you look at the time. I've almost missed my ambiguous, non-existent appointment that I have scheduled just when I start to lose interest in my current conversation.]
<{^_^}>
[nixpkgs] @hyperfekt opened pull request #86316 → fish: make python an optional dependency → https://git.io/JfYmk
grumble has joined #nixos
teto has joined #nixos
jb55 has quit [Remote host closed the connection]
<gchristensen>
whats wrong with the data, LnL?
zupo has joined #nixos
jb55 has joined #nixos
knupfer has quit [Read error: Connection reset by peer]
<makefu>
ramses_: you could point to an absolute path in your system config, say /run/current-system/sw/bin/imapfilter , you could check the path of python when you install it via nix-env
<LnL>
gchristensen: the channel dashboard also looks suspicious
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<gchristensen>
hm
Alexey44 has quit [Ping timeout: 240 seconds]
magnetophon has quit [Ping timeout: 244 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
#86168 (by lblasc, 1 day ago, merged): Sound Open Firmware support, sof-firmware: init at 1.4.2, update kernel config
<{^_^}>
[nixpkgs] @xbreak opened pull request #86317 → qt5: Add missing include path to pkg-config files → https://git.io/JfYYi
<{^_^}>
[nixos-homepage] @garbas pushed 14 commits to update-nixpkgs-on-cron: https://git.io/JfYYN
<hauleth>
LnL: my point is that I try to use Zig via nix-shell and on macOS it says that there is no futimens function which is present since 10.13. But as Nixpkgs links against 10.12 then this makes that this package is impossible to build
<{^_^}>
[nixpkgs] @vbgl merged pull request #86276 → buildDunePackage: add support for parallel build → https://git.io/Jfm5k
<{^_^}>
[nixpkgs] @vbgl pushed commit from @marsam to master « buildDunePackage: add support for parallel build »: https://git.io/JfYc1
<Alexey56>
infinisil: Thank you, I was not precise. I mean, that when I change code in my package and run nixos-rebuild, than all haskell dependencies are rebuilt from scratch, not only my package with a small executable.
<infinisil>
Yeah that's what buildStackProject does, I wouldn't recommend using it because of that
<clever>
jakobrs: so when the rpi tries to netboot, it follows that symlink, and loads whatever is in the custom profile
<clever>
if i break things, and it stops booting, i can just do a rollback of the profile
<emily>
me: sure I'll try running the fancy GUI integration tests in checkPhase, what could go wrong
<numkem>
is there a special trick to make the plasma-browser-integration package working with firefox?
<emily>
the fancy GUI integration tests: /nix/store/shr8mc5hx0vasv92b307mzymj2b5fxxl-stdenv-linux/setup: line 1301: 182 Trace/breakpoint trap (core dumped) python tests/integration/run_app.py nicotine
knupfer1 has joined #nixos
knupfer has quit [Ping timeout: 240 seconds]
knupfer1 is now known as knupfer
<jakobrs>
I _really_ have to actually try to install nixos on the rpi4
hlisp has joined #nixos
<numkem>
gchristensen: I saw your video from the new york linux meeting last night and you mentionned you are booting bare metal hardware over pxe to make it do things, do you have something written on how you did it?
<{^_^}>
[nixpkgs] @flokli opened pull request #86324 → staging: revert the binutils bump → https://git.io/JfYWe
sigmundv_ has quit [Read error: Connection reset by peer]
sigmundv_ has joined #nixos
cantstanya has quit [Remote host closed the connection]
cantstanya has joined #nixos
<betawaffle>
what does an empty ({...}: {}) configuration.nix produce?
<jakobrs>
How can I run nixos-rebuild switch _without_ restarting networkmanager if it's changed?
CRTified has quit [Quit: Gateway shutdown]
alexherbo2 has joined #nixos
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « debuging github action: more debug output »: https://git.io/JfYW4
<jakobrs>
ok so I've been wondering why NAT wasn't working for quite a while now, and just now do I realise that I'd written wlan0 instead of wlp2s0 as externalInterface
ramses_ has quit [Quit: Connection closed]
<gchristensen>
numkem: pretty swamped, but I'd love to help you later?
shibboleth has joined #nixos
<numkem>
gchristensen: no worries, whenever you can. Thanks!
linarcx has quit [Quit: WeeChat 2.8]
Kyndig has quit [Remote host closed the connection]
cosimone has quit [Remote host closed the connection]
<hyper_ch>
jakobrs: that changed a little while ago
cosimone has joined #nixos
<jakobrs>
The stuff about NAT?
proofofkeags has joined #nixos
<jakobrs>
I have no idea why I had it set to wlan0, considering I normally only use systems where it's called wlpwhatever
<tomberek>
Anyone familiar with growpart/cloud-init? A recent AMI I built cannot resize it's partition in the normal way using growpart. I had to resort to fdisk. Not sure what has changed, AMI is build similarily to previous ones I've built.
<pingiun>
clever: thanks, btw are you cleverca22 on github? in that case: thanks for the kexec stuff!
<clever>
pingiun: yep
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « debuging github action: more debug output »: https://git.io/JfYlW
<tomberek>
It's on nixos-unstable. Imports amazon-image.nix.
<emily>
jtojnar: worldofpeace: do either of you have any idea what would be required to run gtk stuff in a checkPhase? I'm trying to get some dogtail-based integration tests working and just getting "No GSettings schemas are installed on the system" -> core dump, and I'm not sure whether that's the Nix sandbox or failing to have all the necessary environment hooks etc. to get gtk working. (dogtail depends on xvfb itself so at least in theory I don't think I should be
<emily>
having to do anything special to get it to run its own isolated xserver)
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « debuging github action: more debug output »: https://git.io/JfYlu
<emily>
(not that I'm exactly surprised that an elaborate run-our-own-xvfb-and-use-accessibility-APIs-to-test-stuff thing doesn't work out of the box in nix derivations, but there are some patches in the dogtail derivation that makes it look like someone's used it on nixos at least)
<kayg04>
hello, while trying to upgrade to 20.03, I get the following error: cp: cannot create regular file '/nix/store/zzs815acxyi9afb2xjyqjlpkbsnp02nj-udev-rules/75-net-description.rules': Permission denied
<evanjs>
Finally have some time to really look at it, but not sure where to start, save, maybe checking that all the rev deps are locked to python 3+? (since pillow now requires it)
<kayg04>
the upgrade went fine on another server
<kayg04>
channel is set to the right URL
<kayg04>
any help?
<evanjs>
Ohhh good call, I need to update my stateVersions... I think?
<Mic92>
How can I find release blocker in a pariticular channel?
magnetophon has quit [Ping timeout: 246 seconds]
<arianvp>
updating to nixos 20.03 didnt work out :(
<Mic92>
nixpkgs-unstable
<arianvp>
darnit
<arianvp>
after succesfully modesetting; screen goes black
<LnL>
evanjs: careful, stateVersion is for compatibility has nothing to do with your channel
<emily>
evanjs: I'd like to say "let's just kill Python 2 in the next release" but somehow I doubt that would fly...
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « debuging github action: more debug output »: https://git.io/JfY8X
<emily>
evanjs: tbh I'd suggest you pick a broken package at random, investigate it in depth, fix whatever's wrong, and repeat
justanotheruser has quit [Ping timeout: 265 seconds]
<emily>
they discuss Nix as one of the examples in the paper
<simpson>
jakobrs: p22, it looks like.
<jakobrs>
Should I ... try to read it?
|_ has left #nixos ["Konversation terminated!"]
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « prepend ~/.nix-profile/bin to the $PATH »: https://git.io/JfY4g
growpotkin has joined #nixos
<emily>
jakobrs: it's a great paper!
<emily>
if you don't know any haskell it might be a little inaccessible in parts
kayg04 has quit [Ping timeout: 264 seconds]
<jakobrs>
I do know haskell
<jakobrs>
It's just that it's a paper, and papers have a tendency of being ...
<jakobrs>
somewhat hard to read
<Mic92>
LnL thanks!
<simpson>
jakobrs: Yeah, but what are the alternatives?
o1lo01ol1o has quit [Remote host closed the connection]
<jakobrs>
Not reading it, I suppose
<emily>
jakobrs: I think it's well-written and there's lots of prose and no Greek-variable-filled natural deduction, so you'll probably be fine, but I'm maybe not the most objective judge there
<emily>
it offers a very crisp characterisation and overview of the build system space and has a lot of lessons Nix could learn from, imo
<evanjs>
emily: and thank you for that. the initial advice I got was "generally try to mitigate breakages as much as possible -- some breakages will be unrelated to your changes, and they can be left broken" -- but sometimes I need instructinos that are a bit more explicit, even if it's something dead simple :D
<jakobrs>
Apparently it's been revised
<emily>
evanjs: yeah, I get it :) hopefully most of the breakages will just be exposing problems in the package rather than needing you to patch or mark broken downstream dependencies, but if there's breaking API changes it's true that there might be a lot of just "this doesn't work any more"
<emily>
jakobrs: that repo looks like just the code without the text
<jakobrs>
... Now it's just the ... reading part
<jakobrs>
emily: See the releases tab
<emily>
oh, okay, the papers are in there too
<emily>
oh cool the new paper has even more pages
lewo` has quit [Read error: Connection reset by peer]
<emily>
wish there was a diff
<emily>
I hate reading the same paper 3 times to get all the content
<jakobrs>
"The new paper has more pages" is one way to put it
<jakobrs>
If only pandoc could read pdfs ...
lewo has joined #nixos
<jakobrs>
Then you could try `diff <(pandoc a.pdf) <(pandoc b.pdf)`
<emily>
it also seems to have less comparison to other build systems
<emily>
I guess this paper focuses more on the Haskell/FP aspects of it, given the journal, so you might be better served with the other one
<jakobrs>
simpson: the language barrier thing, were you replying to me?
<emily>
seems like probably wholly obsoleted by the à la carte paper
hax404 has joined #nixos
<Avaq>
Thanks, emily :)
<simpson>
jakobrs: Yes. I'm trying to understand your aversion to reading. If your aversion is to reading *English*, then I totally understand! English is one of the worst languages on the planet.
<evanjs>
emily: yeah I'm starting to see that, already. problems with unrelated sdks, etc. This should be a good experience for me, tediousness aside :P
<Taneb>
Oh, I was missing services.zfs.zed.settings
sarcasticadmin has joined #nixos
<{^_^}>
[nixpkgs] @thefloweringash opened pull request #86333 → bash-completion: ignore failing gcc tests on Aarch32 → https://git.io/JfYRG
<pingiun>
can I have remote building machines with alternate ssh ports?
<pingiun>
and how would I configure that?
<garbas>
cole-h: actually head_commit.message contains the whole commit message :( no idea where i'm getting it wrong
evanjs has joined #nixos
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « another try ci skip »: https://git.io/JfYR2
o1lo01ol1o has quit [Remote host closed the connection]
ixxie has quit [Quit: leaving]
ixxie has joined #nixos
rauno has quit [Remote host closed the connection]
<emily>
evanjs: let me know if there's anything concrete that stumps you and I can take a look, though the finer details of the python packaging stuff are arcane to me still
cole-h has quit [Quit: Goodbye]
<emily>
evanjs: btw, if there's legitimate pillow 7 incompat issues, worth checking if there's a simple upstream version bump that might fix compat
<Mic92>
pingiun: ssh/config maybe?
kayg04 has joined #nixos
<jakobrs>
But yeah, I should find more stuff to read and _actually_ read it
<Mic92>
pingiun: nix just uses openssh internally
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « does it take first commit in this PR »: https://git.io/JfYRM
smeag0l has joined #nixos
<pingiun>
Mic92: ah I see, and I also need to setup known hosts
<smeag0l>
how do I install protobuf version 3.0.0 in nix-shell?
<Mic92>
pingiun: yes
<simpson>
Nomenclature: I'm updating `libcello`. It is not currently used anywhere. It installs a "Cello.h" and a "libCello.so". Would we ever capitalize it as `libCello` in pkgs?
<Mic92>
simpson: I would say no.
kapil_ has quit [Ping timeout: 256 seconds]
o1lo01ol1o has joined #nixos
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « add some debug »: https://git.io/JfYRD
<jakobrs>
Mic92: Sorry to bother you but / Am I supposed to re-request review from you on #84476?
<emily>
yeah the latest generation is last in the list I think
<emily>
but it's also the default for me
<evanjs>
emily: I shall do that if anything major comes up. And yeah thanks for the reminder, gotta bump it again lol. Did so a few weeks ago but that WIP branch got lost amidst finals and etc
<{^_^}>
systemd/systemd#15577 (by danielfullmer, 5 days ago, open): sd-boot: fix menu ordering with boot counting
<danielrf[m]>
ok, just making sure I"m not going crazy. haha
<emily>
danielrf: haha
jco has joined #nixos
<emily>
danielrf: I don't know if upstream changed this, or nixos does something weird to change the ordering, or (my guess, ngl) poettering just didn't check and is full of shit
<cole-h>
RIP garbas losing his sanity
<hyperfekt>
i would presume nixos changes this, because it makes sense that way for us?
gustavderdrache has joined #nixos
<danielrf[m]>
It might be that most people don't notice this because they only have 1 boot entry, and the "reboot into firmware" and related options are always at the end
<danielrf[m]>
so it looks like it selects the top entry
<emily>
does it make that much sense? I guess it depends on how the ordering is actually decided
<emily>
there's no reason nixos couldn't just list most recent generations first if it was the other way around, is there?
<danielrf[m]>
I'll double check that there's no nixos-specific change
<emily>
presumably the ordering is keyed on something fairly reasonable (like, if it was just "lexicographic ordering first", then people would be booting ubuntu 19.xx after installing 20.xx, which doesn't sound right)
<danielrf[m]>
its sorted based on the "version" in the loader entry in e.g. /boot/loader/entries/nixos-generation-*.conf
<danielrf[m]>
(initially sorted, modulo stuff with boot counting that I'm working on)
<emily>
danielrf: boot counting looks fancy, thanks for the indirect pointer
<emily>
can that work with the signed kernel+initrd+cmdline uefi blobs or is it tied to the .conf files?
q6AA4FD has quit [Client Quit]
q6AA4FD has joined #nixos
<danielrf[m]>
I think it should work with uefi blobs but I haven't tried that combination yet
<emily>
looks like the latter, bleh... why would they force you to choose between secure boot and other features :(
<emily>
danielrf: the spec at least doesn't cover it: "If a boot loader entry file name contains + followed by one or two numbers (if two numbers, then those need to be separated by -) right before the .conf suffix, then boot counting is enabled for it"
<emily>
since there's no .conf in those cases
<emily>
just binaries in /boot/efi/linux
<garbas>
cole-h: i think i found the problem. there is no head_commit in pull request event
<danielrf[m]>
hmm, I thought I remember it being based on just the filename (whether it was a loader entry or not) but I'd have to check again
<cole-h>
garbas: That could do it too, lol
<emily>
hopefully it's implemented that way
q6AA4FD has quit [Client Quit]
<danielrf[m]>
I've been working on testing secure boot with systemd-boot as well, so I'll put it on my TODO list to make a combined test
<emily>
would be nice if we could move to emitting those blobs unconditionally, but I guess grub probably doesn't support booting them :(
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « will this work [ci skip] »: https://git.io/JfY0R
<emily>
(there's nothing that inherently ties them to uefi beyond, like, needing to do some PE parsing I guess)
<hauleth>
Is there a way to make llvm 10 the default for building macOS packages?
<danielrf[m]>
You like those combined blobs? I thought the issue is that they take a lot of size
<emily>
that's great, would love to see this work upstream!
<danielrf[m]>
since you need to make a new one even if you just change the cmdline
<emily>
kinda resigned to nixos /boot being huge, honestly
xkey has quit [Ping timeout: 240 seconds]
<garbas>
cole-h: that was it. that was a rollecoaster :)
<danielrf[m]>
:)
<emily>
it's not ideal but it's hard to see how you'd be able to sign the whole boot chain in any simpler way
<cole-h>
garbas: Now you can enjoy your sanity again ;)
<emily>
like a .conf file is vulnerable to just a random write adding init=/bin/sh or whatever else you're specifically trying to guard against with a verified boot chain
<cole-h>
garbas: Up is indeed up, once more!
<emily>
ideally there'd be some fancy thing where you can just sign the hashes of kernel, initrd, and cmdline and they're stored separately, but well... nobody's implementing that
<emily>
tbh I get kernel upgrades and initrd changes far more often than I change my kernel cmdline
<danielrf[m]>
yup, and seems like a lot of work... :(
<danielrf[m]>
well your init= is in the cmdline
<danielrf[m]>
which refers to your specific nixos generation
<emily>
I guess it's true that I have meaningfully fewer kernel+initrds in /boot than generations currently
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « one again avoided losing my sanity »: https://git.io/JfY0o
smeag0l has quit [Quit: leaving]
<emily>
danielrf: we could compile our own uefi binaries that load the kernel and initrd externally and verify them and pass in a cmdline :')
<emily>
we could... patch system firmware implementations to support ZFS-style hash-based eduplication in FAT32...
<danielrf[m]>
you are volunteering to do this? :D
<gustavderdrache>
tired: regex2fat
<gustavderdrache>
wired: sha512tofat
<hyper_ch>
emily: you don't want to run dedup on zfs
q6AA4FD has joined #nixos
<cole-h>
Unless you have 10TiB of memory to spare ;^)
<emily>
hyper_ch: what about on fat32 though? :p
<hyper_ch>
emily: I don't have an opinion on that :)
buckley3100 has joined #nixos
<emily>
danielrf: more seriously, possibly the easiest thing would just be to have initrd mount /boot and fish a signed generation path out of it?
<emily>
would require implementing the pe secure boot verification stuff in userspace though probably if we wanted to use the same signing keys, which... egh
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « run ./update.sh and commit changed files back to master »: https://git.io/JfY0Q
zupo has joined #nixos
buckley3100 is now known as buckley310
buckley310 has quit [Client Quit]
buckley3100 has joined #nixos
buckley3100 has quit [Client Quit]
<cole-h>
garbas: Sorry to ping again: is that "::add-path::..." stuff special GitHub Actions syntax for adding to PATH? Or is it just logging stuff
buckley310 has joined #nixos
<garbas>
cole-h: github specific
<garbas>
you can not use export PATH=...:$PATH
<cole-h>
Got it. Thanks for the explanation :) garbas++
<emily>
that's so weird
<{^_^}>
garbas's karma got increased to 14
vandenoever has quit [Read error: Connection reset by peer]
Setzer22 has quit [Remote host closed the connection]
<qyliss>
I believe Go 1.x is always supposed to be backwards compatible
<lordcirth>
go-ipfs had to use 1.13 because of a bug in 1.14, IIRC
<lordcirth>
Probably .1 fixed it
Setzer22__2 has joined #nixos
nschoe has joined #nixos
<Setzer22__2>
Hi all! I'm starting my journey into the world of nix/nixOS, is this a good place to ask quick questions?
<cole-h>
Of course!
<cole-h>
You might have to wait a while for a response, depending on the time of day, but ask away.
<Setzer22__2>
all right then! :D
<cole-h>
And don't feel bad about reposting your question at different times, if you don't get a satisfactory answer -- as long as you don't spam, it should be fine :)
zebrag has joined #nixos
buckley310 has joined #nixos
<Setzer22__2>
So by now I've been able to configure a basic KDE system with most of my day-to-day software working fine (very satisfiedat how smooth that was, btw!).
stree has quit [Read error: Connection reset by peer]
<lordcirth>
Nice! I still need to fix LXQT
<Setzer22__2>
But there are a couple of packages that I haven't been able to install. Those are two cli tools for the Clojure langauge that are packaged in nixpkgs: clj-kondo and babashka
stree has joined #nixos
<Setzer22__2>
the actual dependencies are not really that important, the thing is that the packages do not seem to be cached, so they're getting built on my machine
<Setzer22__2>
but they depend on GraalVM, an experimental java technology that can compile Java software to native programs. Ideally, I'd like to install the packaged software, but my machine, with 8GB of RAM simply can't handle a GraalVM build
dckc has quit [Ping timeout: 260 seconds]
dckc has joined #nixos
<Setzer22__2>
So I've chosen a different route, instead of trying to build from the official package, I'd like to just make a "package" that downloads and installs the binary. I've tested this with this very simple nix file:
<lordcirth>
I think it's the same, except that you'd import the package, rather than all of nixos
<Setzer22__2>
I see, so it would be like having some sort of local channel with my custom nix pkgs?
* hodapp
twiddles thumbs for an hour while Blender rebuilds all of its CUDA stuff...
q6AA4FD has joined #nixos
<lordcirth>
Setzer22__2, or you can just import the file, I think
<Setzer22__2>
ok.. that's probably just my lack of knowledge of the nix language ^^ now: so the file I've created is just code I can import into my main configuration?
chloekek has joined #nixos
ris has joined #nixos
<lordcirth>
Yes. It's a Nix expression.
hax404 has quit [Ping timeout: 240 seconds]
jakobrs has left #nixos ["WeeChat 2.8"]
<srk>
lordcirth: yup the PR looks good now :)
<lordcirth>
Look at pkgs/top-level/all-packages.nix
<lordcirth>
srk, great!
<emily>
Setzer22__2: you can do (import ./pkg.nix), though it'd be best to rewrite it to take stdenv, boost, etc. as arguments (like nixpkgs packages do) and do (pkgs.callPackage ./pkg.nix {}) instead
<srk>
lordcirth: even ofborg picked it up correctly
<emily>
Setzer22__2: so that you don't reimport nixpkgs a bunch of times
<Setzer22__2>
things are starting to make more sense now... hahaha
<{^_^}>
[nixos-homepage] @davidak pushed to landing-page « Add example asciicinema to landingpage »: https://git.io/JfYuL
<Setzer22__2>
ok, so I had a related question. The package I build did not actually depend on the boost libs, it just needed libstdc++, but I couldn't figure out which package had that, so I assumed boost should do the trick.. Do you know what would be the proper way to do it?
<emily>
Setzer22__2: using callPackage also lets you override dependencies, etc., which is handy :)
<{^_^}>
[nixpkgs] @7c6f434c merged pull request #86320 → monotone: openssl in botan is not needed, so drop to avoid old openssl → https://git.io/JfYsh
lordcirth has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @7c6f434c opened pull request #86339 → monotone: openssl in botan is not needed, so drop to avoid old openssl → https://git.io/JfYu1
<jakobrs>
emily: You were the one who asked for a diff, right
<jakobrs>
The old version of the paper is also in the same snowleopard/build repo
<jakobrs>
So you can just do git diff there
<Setzer22__2>
@clever Sorry, I'm a bit confused, by that you mean that the stdenv is already included in the build?
<emily>
Setzer22__2: hm, I'm not sure then. embedding libstdc++ itself feels ugly since i think macos would use libc++
proofofkeags has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @7c6f434c opened pull request #86340 → monotone: openssl in botan is not needed, so drop to avoid old openssl → https://git.io/JfYud
<evanjs>
icetan: hey, do I need to do anything extra for using patches in mavenix, or should the usual "patches = []" in the default.nix work? mvnix-update doesn't seem to be applying them.
jakobrs has left #nixos ["WeeChat 2.8"]
lordcirth has joined #nixos
Neo--- has joined #nixos
mcwitt has joined #nixos
nschoe has quit [Remote host closed the connection]
<mcwitt>
How can I override a derivation created with runCommand to run a command post-install? (runCommand doesn't seem to create a postInstallHook)
<clever>
mcwitt: runCommand uses buildCommand, so it just doesnt run any phase
<clever>
mcwitt: you would need to override the buildCommand and append to it
<evanjs>
e.g. "The answer is that this is being run in a nix shell and it's just getting the appropriate environment. I should probably be patching the src derivation."
<evanjs>
now, how to patch _that_...
<mcwitt>
clever: That makes sense, thank you!
<evanjs>
wait, this _is_ the source derivation in my case >_>
proofofkeags has joined #nixos
knupfer has quit [Ping timeout: 258 seconds]
britt has joined #nixos
<Setzer22__2>
Hmm.. I thought I had managed to create my custom package, but when running nixos-rebuild switch it's not building it. What I did was:
o1lo01ol1o has quit [Remote host closed the connection]
pingiun has quit [Read error: Connection reset by peer]
<britt>
Hello. New nixos user with a question about emacs overlay. I had a little trouble matching the github readme with the online info about overlays. Is anyone able to point me to their configuration.nix showing how to use the emacs overlay?
<Setzer22__2>
nevermind my last message, I had just messed up with the config ^^'
<wedens[m]>
when nix is trying to fetch nvidia driver, I always get `curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104` error. what's the problem?
<{^_^}>
[nixpkgs] @etu pushed 0 commits to revert-85575-php-maintainer-team: https://git.io/JfYzx
<wedens[m]>
clever: it's too specific for a network error. I don't have any other (obvious) network-related issues and the same file downloads fine even if I invoke curl manually
wozeparrot has joined #nixos
lordcirth has quit [Read error: Connection reset by peer]
<clever>
56 Failure in receiving network data.
<clever>
wedens[m]: both the 104 and the 56 say network problems
britt has left #nixos [#nixos]
sigmundv_ has quit [Read error: Connection reset by peer]
<Setzer22__2>
I have another newb question, if you don't mind me asking! Currently I'm doing all my "user" configuration (e.g. installing browser extensions, setting keyboard shortcuts) through the usual means. I'd like to manage more of my config in a declarative way. I'm aware home-manager exists, but I'm not sure if that's what I'm looking for. Does anybody
<Setzer22__2>
have some pointers or a could link me to a good source explaining this? I'm still a bit confused about how people manage their user config (if they do at all?).
<Setzer22__2>
More specifically, I'd like to know what something like home-manager could do that I can't do by putting most of my /home under version control with e.g. git
<{^_^}>
[nixpkgs] @7c6f434c merged pull request #86339 → monotone: openssl in botan is not needed, so drop to avoid old openssl → https://git.io/JfYu1
<{^_^}>
[nixpkgs] @7c6f434c pushed 2 commits to release-20.03: https://git.io/JfYgC
<cole-h>
With home-manager, you can manage your user profile in the same way you manage your system profile.
<{^_^}>
[nixpkgs] @7c6f434c merged pull request #86340 → monotone: openssl in botan is not needed, so drop to avoid old openssl → https://git.io/JfYud
<{^_^}>
[nixpkgs] @7c6f434c pushed 2 commits to release-19.09: https://git.io/JfYgl
<srk>
or even include your home-manager configuration from systems configuration.nix
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
domogled has joined #nixos
sigmundv_ has quit [Read error: Connection reset by peer]
<Setzer22__2>
@srk I'm not sure I know what you mean: Why would I include my home manager config into the system-wide config?
sigmundv_ has joined #nixos
<{^_^}>
[nixpkgs] @ehmry pushed commit from @hyperfekt to master « nym: init at 0.6.0 »: https://git.io/JfYgo
<Setzer22__2>
I think I may be missing the point here... home-manager is used to manage my "user" profile, but if I'm the only user, does it make sense to split things into user and system config?
<srk>
Setzer22__2: to manage users the same way you manage your system :)
<srk>
Setzer22__2: and to be able to use same git repo for both
<srk>
you can even configure root account home like this
chagra has quit [Ping timeout: 246 seconds]
Desetude has quit [Ping timeout: 240 seconds]
HeN has joined #nixos
eoli3n__ has joined #nixos
<Setzer22__2>
I think I'm going to need to read a bit more on nix and home-manager to understand the bigger picture ^^'.. Anyway, just so I know I'm on the right track: Does it make sense to use home-manager to manage configuration files that would typically go under ~/.config?
<etu>
Izorkin: Is there any new additions in it since Monday?
<Setzer22__2>
Or is it more focused on installing packages in the user profile (i.e. to avoid doing it on the system profile)
<Izorkin>
etu: no
<Setzer22__2>
(By the way, many thanks to all of you for your answers!)
<etu>
Izorkin: So why would I look at the same thing again?
<Alexey56>
I am trying to install NixOS 20.03 on ramnode.com VM. In the end of running nixos-install, I see after `updating grub 2 menu` messages `You have a memory leak (not released memory pool)`, but in the end it writes `Installation finished. No error reported.\nInstallation finished!`. However, after reboot I see again only installer menu. I can mount
<Alexey56>
my hard, rerun nixos-install, which repeats the same messages from grub. Am I missing something simple?
CMCDragonkai1 has quit [Ping timeout: 260 seconds]
<Izorkin>
etu: how to need to merge?
<MichaelRaskin>
Alexey56: have you disconnected the boot medium?
<{^_^}>
[nixpkgs] @etu opened pull request #86342 → PHP maintainer team → https://git.io/JfY2m
mcwitt has quit [Remote host closed the connection]
phreedom has quit [Remote host closed the connection]
<Alexey56>
MichaelRaskin: no, that was missed (I didn't find this option in interface and decided, that it does not exists). I've found how to disonnect, and it seems to work now. Thank you!
<energizer>
Setzer22__2: home-manager lets you manage your user packages from ~/.config/nixpkgs/home.nix which is nice if you dont have root. if you do have root, it's nice to be able to just run `nixos-rebuild switch` instead of having to coordinate between that and `home-manager switch`
<srk>
Setzer22__2: yes even configuration files, not limited to .config, there are modules for e.g. .ssh/config
<srk>
Setzer22__2: modules! so you don't have to write the config but nix instead :D
<energizer>
the latter uses the home-manager nixos module
<prusnak>
srk: <3 i was just wondering why it is not packaged yet :D
CMCDragonkai has quit [Ping timeout: 260 seconds]
CMCDragonkai1 is now known as CMCDragonkai
<niksnut>
it's hosted
<srk>
oh, ok
<cole-h>
btw srk re the ofborg cachix PR: still need to add cachix to the default.nix (or shell.nix, or release.nix, I forget) for it to be usable
<srk>
prusnak: mini_racer, v8 issues
<srk>
cole-h: yeah no prob
Alexey56 has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixos-homepage] @garbas pushed to update-nixpkgs-on-cron « run ./update.sh and commit changed files back to master »: https://git.io/JfYa1
mallox has quit [Quit: WeeChat 2.8]
o1lo01ol1o has quit [Ping timeout: 260 seconds]
infandum has joined #nixos
<peelz>
infinisil: have you tried flakes yet?
organixpear has quit [Quit: leaving]
<infandum>
reshape2 in rPackages in rWrapper needs "libicui18n.so.63" for stringi but my derivation can't find it. ldd shows that it has libicui18n.so.64 instead. Adding pkgs.icu63.dev or .out to buildInputs and nativeBuildInputs does not work. Any ideas?
o1lo01ol1o has joined #nixos
ixxie has quit [Ping timeout: 244 seconds]
organixpear has joined #nixos
shibboleth has quit [Remote host closed the connection]
ixxie has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
ATuin has joined #nixos
<peelz>
emily: ping
<emily>
peelz: hm?
<cole-h>
emily: You're supposed to say pong :(
<peelz>
haha
<peelz>
emily: I'm messing around with flakes and I'm running into some issues. Do you have a few moments? :D
o1lo01ol1o has joined #nixos
<emily>
I can take a look at least, what's the problem?
<peelz>
I'm not sure if I'm using the flakes wrong. I don't really know what ends up getting passed in `inputs`. Why am I able to access `inputs.nixpkgs.lib` but also import nixpkgs like this: `import inputs.nixpkgs { }`?
Vikingman has joined #nixos
<peelz>
fyi the issue in the commit I linked has to do with making different nixpkgs available to home-manager user submodules through the top-level argset.
o1lo01ol1o has quit [Ping timeout: 246 seconds]
<peelz>
I tried to implement that using `_module.args` but I hit an infinite recursion issue
<infinisil>
peelz: Nope, haven't used flakes (yet)
o1lo01ol1o has joined #nixos
<peelz>
infinisil: do you have some understanding of it though? :D
organixpear has quit [Quit: leaving]
<peelz>
infinisil: I'm asking because I think you could possibly shine some light on the issue I'm having (see the messages above)
* infinisil
takes a look
<peelz>
yay
<energizer>
is there an "i dont know anything about haskell packaging" way to install a cabal package that's not in nixpkgs? e.g. for python and rust it's poetry2nix and naersk, respectively
<cole-h>
cabal2nix?
jumper149 has joined #nixos
<Raito_Bezarius>
adisbladis: just got on #pypa@freenode and apparently, the way fetchFromPyPI works in poetry2nix is wrong because URL scheme is not this one for wheels, it uses some hashes
<energizer>
cole-h: i dont think that includes getting the dependencies
<energizer>
maybe wrong
<jumper149>
When I use nix-env --upgrade, is that like pinning nixpkgs to a specific commit? So if I install something new with 'nix-env -iA nixpkgs.randomPackage' afterwards, is that from the same commit as the upgrade or maybe an even newer one?
pjt_014 has joined #nixos
<infandum>
Nevermind, it's set by an environmental variable R_LIBS_USER
<peelz>
emily infinisil: btw the shell.nix will let you test the config (with flake features enabled); just run `rebuild` in the shell
<emily>
19:58 <peelz> I'm not sure if I'm using the flakes wrong. I don't really know what ends up getting passed in inputs. Why am I able to access inputs.nixpkgs.lib but also import nixpkgs like this: import inputs.nixpkgs { }?
<emily>
the answer to this is __toString magic
<emily>
peelz: what's the point of this config._module.args stuff?
<peelz>
emily: _module.args somehow makes args available to the top-level argset wrapping the module (the same module that provides that attr -- no idea how that works)
Ilya_G has joined #nixos
<peelz>
emily: at least that's what I understood when reading the code in lib/modules.nix
seku has quit [Quit: Connection closed]
<peelz>
I think infinisil would probably know more about that stuff though
<emily>
peelz: you already pass stuff via specialArgs which should plumb it down to the modules of your nixos configuration, but maybe i'm missing something additional you're trying to doh ere
<energizer>
srk: what i'm looking for is a tool that generates a lockfile and then uses the lockfile to make fixed-output derivations without having to use IFD or save any generated nix code to disk
thorsten1 has quit [Ping timeout: 244 seconds]
<energizer>
i dont think that's what i'm seeing here
<peelz>
emily: it seems like those specialArgs aren't making it to the home-manager module (unless I screwed up in my testing), perhaps due to home-manager using submodule types?
<Ilya_G>
Why would -lsystemd not work for gcc when building a python library from source?
<emily>
I don't really get what this (setFunctionArgs userFn) stuff is doing at all though, so maybe you're just doing something too fancy for me to understand :p
<peelz>
emily: it's all very convoluted haha
<cole-h>
Ilya_G: Say more.
thorsten1 has joined #nixos
<peelz>
emily: getFunctionArgs returns the list of args in an argset function, e.g. `{ a, b, c }: ...` will return a b c (set or list, don't remember exactly)
<emily>
peelz: ah, I haven't set home-manager up so maybe this is something I'll run into later
<infinisil>
peelz: That code sure is a bit hard to read..
<emily>
peelz: bqv might have insights
<peelz>
emily: setFunctionArgs allows you to "override" that builtin "getFunctionArgs" behavior, so you can pretend to have args that you don't actually "have"
proofofkeags has quit [Remote host closed the connection]
<peelz>
infinisil: yeah sorry about that haha
<infinisil>
peelz: But I'd recommend you to not use module arguments unless it's a very special thing
<infinisil>
Generally defining options is a much better way to pass information around
<Ilya_G>
cole-h: So I am building a NixOS image in a docker and I am using pypi2nix to create me a list of nix installable requirements for my python package.
<emily>
peelz: I know that I had to move from _module.args stuff to using specialArgs with nixos upstream a while back, so maybe this is something home-manager hasn't migrated yet, idk
<emily>
peelz: generally speaking recursiveUpdate on top-level config rarely goes well because it interferes with the module system implementation
<Ilya_G>
cole-h: one of those packages is pystemd
<Ilya_G>
cole-h: it requires for libsystemd-dev to be installed
<emily>
peelz: so I would suggest reworking it to not have that structure, your keys need to be more "transparent" than that for module config
<emily>
infinisil: impossible to plumb flake inputs like that, you can't import depending on a module value iirc, you run right into infinite recursion
<emily>
er depending on a config value
<Ilya_G>
cole-h: I am able to install that package to underlying Debian docker sustem
<peelz>
emily: yeah I'm not sure exactly how to handle this. If I understand you correctly, submodules should be able to receive the "specialArgs" defined by the nixos host config?
<infinisil>
emily: Oh yeah, then probably it shouldn't be passed around at all
<emily>
peelz: nixos submodules yes, random home-manager stuff you import no
<cole-h>
Ilya_G: Sorry, I was unclear. I meant "say more" about your problem. How is the `-lsystemd` issue manifesting, what do you already have, what have you tried?
<emily>
infinisil: I mean you need to plumb dependencies into your config somehow...
<infinisil>
Hmmm
<cole-h>
It just sounds like you need to add `systemd` to the build inputs for whatever is building pystemd
<emily>
peelz: I think the problem is that you are doing (mkUser (recursiveUpdate ...))
<infinisil>
I feel like NixOS needs some flakes integration
<Ilya_G>
cole-h: so I was able to put together a Debian based docker image instead of default Alpine Linux one (Alpine does not support systemd in any form)
<emily>
peelz: like does making userFn look like { _module.args = whatever; inherit (userConfig) foo bar baz; } work?
<emily>
infinisi1: specialArgs works fine for plumbing inputs for NixOS configs for me so far /shrug
<emily>
infinisil: providing the dependencies as an argument to config modules seems like the most reasonable way to do i
<emily>
peelz: you are using bqv's flakes branch of home-manager right?
noudle has joined #nixos
<Ilya_G>
cole-h: I installed `apt-get install -y libsystemd-dev` to the system and a soft linked the include folder to python which resulted in gcc being able to compile the package
<Ilya_G>
cole-h: now it is failing on linking this thing.
<peelz>
emily: no I used another PR which seemed simpler. I'm not sure why bqv has so many nixpkgs args being passed around (or if it's necessary).
<peelz>
emily: "providing the dependencies as an argument to config modules [...]" -- but the `config` param passed to hm.nix ends up being different than the nixos config
<Ilya_G>
cole-h: This is the package -> https://pypi.org/project/pystemd/ and I ran `pkg-config --cflags --libs libsystemd` and i get `-lsystemd` back as I was supposed to
<peelz>
emily: right but I think `home-manager.useGlobalPkgs = true` avoids most of those impurities. Tbh the plumbing between submodules and flakes is really lost on me. That's what I was hoping infinisil could help clear up
<peelz>
(hold up, I still have a bunch of messages to catch up on above)
<emily>
peelz: so, I'm not sure this really has anything to do with either flakes or NixOS submodules, since the home-manager stuff is separate (even if it reuses the module system)
<emily>
like I don't think stuff you plug into the nixos module system will necessarily show up for h-m modules, but I might be wrong, since I haven't added hm to my config yet
<peelz>
right, but I think the reason it doesn't is because user configs are submodules. There's probably other areas in NixOS that make use of that... so I wonder how flakes work in those situations?
<peelz>
* it doesn't (show up)
thorsten1 has quit [Ping timeout: 260 seconds]
<peelz>
* that makes use of that (that = submodules)
<aanderse>
anyone use cifs-utils package from nixpkgs? getting a "This program is not installed setuid root" and feeling like i'm missing something obvious (like a security wrappers bit)
<ornxka>
did you install it from nix-env or configuration.nix?
lunik1 has quit [Ping timeout: 240 seconds]
<ornxka>
the former does not allow suid programs to be run
mallox has joined #nixos
<ornxka>
since you can install packages from basically anywhere
<ornxka>
you can only enable them in configuration.nix
<aanderse>
ornxka: nix-shell, but i don't see a module which sets up suid
lunik1 has joined #nixos
lsix has quit [Ping timeout: 272 seconds]
<ornxka>
hm
<aanderse>
yeah, same if i place in environment.systemPackages, as expected
<aanderse>
so most people likely aren't using cifs-utils straight up, they will use it as part of fileSystems or something
<aanderse>
but i'm trying to figure out how to get autofs module working
<aanderse>
i'm guessing it should have an "enableCifs" option...
<ornxka>
in particular the security.setuidPrograms option
<ornxka>
but i have never used them, i cant vouch for their usefulness
Henson has joined #nixos
<Ilya_G>
cole-h: any ideas or do you need any more info?
<peelz>
emily: let me know if you get around to trying home-manager with a nixos flakes setup
<peelz>
emily++ infinisil++
<{^_^}>
emily's karma got increased to 16, infinisil's karma got increased to 272
<ornxka>
hm that module hasnt been updated since 2013 lol
<ornxka>
yeah i have no idea
<emily>
peelz: I guess I just don't really understand how submodules relate, unless we mean different things by "submodules". submodules are just nested configuration options, whereas the reason you're not getting plumbing here is just because you're doing manual import rather than going through the nixos imports?
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
lorimer has quit [Read error: Connection reset by peer]
<peelz>
emily: my intention is to customize the overlays on a per-user basis, which has to be done through the nixpkgs import that comes from the flake inputs. Unless there's a way to add new overlays on top of an existing nixpkgs?
<peelz>
user-defined overlays being separate from host overlays ofc
user_0x58 has quit [Ping timeout: 240 seconds]
infinisil has joined #nixos
virus_dave_ has joined #nixos
virus_dave has quit [Ping timeout: 256 seconds]
virus_dave_ is now known as virus_dave
thorsten1 has quit [Ping timeout: 260 seconds]
<Henson>
is there a more secure way to run NixOS containers? I see in the NixOS manual that the containers aren't perfectly isolated from the host system. Is there a way to use qemu or kvm or something instead of systemd nspawn containers?
<peelz>
emily: also I'm not quite sure what you mean by "manual import" vs "nixos import". Could you give an example?
<adisbladis>
NixOS containers is very tied to systemd-nspawn
<adisbladis>
Henson: What concerns do you have?
<mallox>
my only nixos channel is unstable, but every once in a while, "nixos-rebuild switch --upgrade" updates a huge amount of packages... how is that? Isn't that rolling release?
<Henson>
adisbladis: well, I'm mostly concerned about services exposed to the internet. On my servers I use Debian with apparmor, but last I checked despite apparmor being present in NixOS, it doesn't seem as though it's actually configured to work properly. I would like to replace my Debian systems with NixOS, but sufficiently isolating external services from the host computer is my concern.
<Henson>
adisbladis: I could just run a VM with a NixOS computer for a particular service, but there isn't a nice declarative way to do that with NixOS. It would be nice to have a system that handles all of the external services with the services containerized..
Lumpio- has joined #nixos
smatting_ has quit [Ping timeout: 264 seconds]
<clever>
Henson: systemd itself does have some isolation options, that can basically just dockerize each service
<adisbladis>
I wonder how valid that disclaimer still is
user_0x58 has joined #nixos
azazel has quit [Remote host closed the connection]
lelit has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Remote host closed the connection]
<Lumpio->
Hi! First time user here. Installing premade packages and such seems to work great. Surprised to see stuff work on the first try.
o1lo01ol1o has joined #nixos
<Lumpio->
However I'm trying to get a stupid little node.js application to run and I just can't figure out how to make it work. The problem seems to be that it depends on something that includes native code.
<ajs124>
how are you trying to run it? node2nix?
<Lumpio->
mkYarnPackage
<Lumpio->
From what I can tell it's not even trying to build the native code
<Lumpio->
So I get something that installs correctly but fails at runtime because, well, the .so files it expects to exist don't.
lunik1 has quit [Quit: :x]
<clever>
Lumpio-: some packages try to make the install faster, by just shipping pre-compiled binaries to you
<Lumpio->
I can see a "warning Ignored scripts due to flag."
<ajs124>
Can you paste the code you have so far and the error message(s) you're getting somewhere?
<clever>
Lumpio-: does the file actualy not exist? check the nod_modules dir
<Lumpio->
So from what I've understand I should be able to get a shell with this thing installed with just "nix-shell default.nix" and then be able to run the "binary" (which is really a .js file but yeah)
<adisbladis>
It would be interesting to try and reinvent NixOS containers by generating OCI bundles
<Lumpio->
Because not running that would make it not work. It also seemed to install almost instantaneously even though the compilation should take a few seconds.
<clever>
Lumpio-: `nix-shell default.nix` would give you a shell suitable for building nixcanvas, not for running nixcanvas
o1lo01ol1o has quit [Ping timeout: 246 seconds]
<clever>
Lumpio-: you must point nix-shell to another derivation, that has nixcanvas in the buildInputs
<clever>
Lumpio-: in this case, `nix-shell -p '(import ./.)'` would be enough to do that
<Henson>
adisbladis: do you know what kinds of security mechanisms people use with NixOS on production servers to external-facing services? Perhaps containerization or apparmor really isn't necessary.
<clever>
Lumpio-: but its often simpler to test if you just nix-build, and then ls result/ and confirm if the contents are right
<Lumpio->
I tried that too
<Ilya_G>
clever: could I bother you with a python/systemd library and gcc compile issues once you are done?
<clever>
Lumpio-: what do you ee if you actually build it?
<clever>
Ilya_G: did you try adding systemd to the buildInputs ?
<emily>
Henson: as with most distros I think people just wing it in practice or run elaborate custom VM/container setups
<Ilya_G>
clever let me see if I can
<emily>
Henson: I think nixos declarative containers + systemd hardening options are the best bang for the buck options here, though "writing your own AppArmor profiles" is likely also good if you have the skills for that (I don't)
<Lumpio->
There's no "*.so" or "*.node" files in the result directory after a nix-build
<emily>
Henson: service hardening options can run things in their own user/filesystem/network namespace with only certain holes poked, etc., so they offer a comparable isolation story to docker (albeit not quite as flexible)
<clever>
Lumpio-: but what about the node_modules it showed while the build was running?
<Lumpio->
Hm the docs for this package do suggest that it should come with binaries though which might be the problem
<Henson>
emily: on Debian I modified some of the stock apparmor profiles a while ago, but with NixOS it's very difficult since apparmor is path-based, and all of NixOS's paths are screwed up compared to regular systems.
<Lumpio->
That would be /nix/store/m5alf3ln0wcpjlmvzv9xqqr09c3h8y68-nixcanvas-modules-1.0.0/node_modules/ I presume
<adisbladis>
Sadly we don't have any equivalent to apparmor or selinux that works nicely on nixos :/
<emily>
Henson: that said, real VMs or something like gVisor do offer a lot more isolation than kernel namespaces in practice, and I don't think there's anything particularly great you can do there other than having pet NixOS VMs
<Lumpio->
No such files there either
<clever>
Lumpio-: yeah, look in there for some binary files
alexherbo2 has joined #nixos
<clever>
Lumpio-: what is in the canvas sub-dir?
<emily>
adisbladis: I would love a repo with proper apparmor modules for nixos or something
<emily>
big investment obviously
<emily>
not sure putting "learn apparmor" on my todo list would actually make it happen any time in the next 10 years
<adisbladis>
emily: Same =)
<Lumpio->
clever: Looks like source for that canvas package. Including all the C++ etc code. But no binaries.
<clever>
emily: you would need to use export reference graph and auto-generate a profile, that includes the closure of a binary, to let it access its own libs
<clever>
Lumpio-: ahh, one min
<Ilya_G>
clever: so I am using pypi2nix to add my package to the mix and there is no way to pass that in there
<Lumpio->
Normally there should be a "build/Release" directory or something under it I suppose
proofofkeags has quit [Quit: Leaving...]
<emily>
clever: I mean we already have a janky version of that for initrd
<clever>
emily: that one is ldd based, not getting the full graph
<Henson>
emily, adisbladis: it's just unusual that nixtest allows you to spin up virtual NixOS systems in qemu for testing purposes, but that hasn't been moved over to NixOS containers to let them run in a virtual computer environment.
<Lumpio->
I read the source code for mkYarnPackage and it seems to use --ignore-scripts, so I don't see how it should know how to build the native code anyways
<Lumpio->
Because the command that does it is in the install script
<emily>
Henson: I think it'd be nice to be able to seamlessly VM-ify containers. just nobody has done the work
<clever>
Lumpio-: you need to add a pkgConfig for canvas, similar to this one, which will tell yarn to actually compile canvas
<Lumpio->
I already tried something very similar to this
<emily>
Henson: there are definitely people interested in making this stuff happen though
<Lumpio->
After finding out about the pkgConfig thing in the mkYarnPackage source code
<Ilya_G>
clever: gcc is expecting for systemd dependency to resolve into `-lsystemd` parameter and my system is indicating that it should
<adisbladis>
Henson: Those test VMs have pretty terrible file system performance iirc
<emily>
Henson: and the architecture is a lot more conducive to this kind of seamless isolation than traditional distros in general (but it's true that they're ahead of us in some embarrassing ways on the concrete hardening fronts)
<adisbladis>
Totally fine for testing, not something you'd want to use in production.
<Lumpio->
And yarn run is like: error Command "build" not found.
<Henson>
emily, adisbladis: unfortunately a repo of apparmor profiles isn't really possible, because the paths are unique for each different piece of software. You'd have to auto-generate the paths based on the derivations you want to protect.
<Lumpio->
I added: pkgConfig.canvas.postInstall = "yarn --offline run build";
<clever>
Ilya_G: and libsystemd.so is in systemd.lib, so it should just work when in buildInputs
proofofkeags has joined #nixos
<Lumpio->
waaaait
<emily>
Henson: sure, but autogenerating stuff based on packages is the forte of NixOS, we do that all the time
<adisbladis>
I did start looking at making OCI bundles with Nix the other day. That would be a really nice foundation for declarative containers/vms.
<Lumpio->
That's supposed to be "run install"
<clever>
Lumpio-: `yarn run build` says to lookup the build action in the package.json file
<emily>
Henson: it'd be a repo of nixos modules rather than apparmor profile files directly -- everything in nixos goes through the module system, pretty much
<clever>
Lumpio-: so it may be different for canvas
<Lumpio->
Which then fibes me: $ node-pre-gyp install --fallback-to-build; /bin/sh: node-pre-gyp: not found
<Ilya_G>
clever: so full disclosure, I am building in Debian 10 docker that I had modified to carry Nix. I did that instead of default Alpine linux that does not support systemd at all as it is built for docker support
<Lumpio->
Maybe the "install" script should be run in some other part hmm
<clever>
Lumpio-: not sure what thats doing
<Ilya_G>
clever: that being said, my libsystemd-dev package was installed via apt-get
<Raito_Bezarius>
adisbladis: do you know if it's easy to bake support for https://pypi.org/simple/ in poetry2nix?
<clever>
Ilya_G: nix will never find libraries installed by other package managers
<Raito_Bezarius>
as fetchFromPyPI is not always returning correct URLs for wheels :/
<cransom>
Henson: the pet nixos machines isn't optimal, but nixops could be an option to manage vms if you really wanted it.
ixxie has quit [Quit: Lost terminal]
<adisbladis>
Raito_Bezarius: Not possible.
<Ilya_G>
clever: I see that now :D. How do I go about installing it via nix?
<adisbladis>
Could you send me some example of when things go wrong?
wozeparrot has quit [Quit: Connection closed for inactivity]
<Raito_Bezarius>
adisbladis: the example I gave you with tensorflow for example
<Ilya_G>
I can not find anything like that systemd related in nixpkgs
<clever>
Ilya_G: its just plain systemd in nixpkgs
<emily>
Henson: yeah I was wondering if nixops could help automate this stuff
<Raito_Bezarius>
adisbladis: I have gone to #pypa on freenode but they told me basically "just use pip" and I'm not sure they understood how Nix worked
<emily>
Henson: I haven't used nixops personally so I don't feel qualified to advise
<simukis_>
(can it be done as an assert in nix itself?)
<clever>
Ilya_G: can you pastebin the nix file that your building?
<adisbladis>
Raito_Bezarius: We (well, mostly FR*dh) have brought up these issues with the pypa ppl before
<Henson>
emily: I've used it a bit, so I'll investigate that avenue.
<Henson>
cransom: thanks for the suggestion.
<Raito_Bezarius>
adisbladis: I have the feeling they're not *that* interested into fixing those, am I right?
<adisbladis>
Raito_Bezarius: Your feeling seems correct
<Raito_Bezarius>
:/
<emily>
Henson: in my ideal world every service would be containerized and you could turn that into a VM with a single per-service switch
<Henson>
emily: oh, do you have any suggestions or resources for service hardening using systemd?
<emily>
nixos is nowhere near there yet and probably never will entirely be, but it's at least a lot easier to implement this kind of stuff yourself in it
<morgrimm>
that it's missing a `lastModified` attribute Nix is expecting
<emily>
Henson: you can monkeypatch support for this stuff even when nixos modules don't support it by just poking at systemd.services.<whatever>.serviceConfig.*
<emily>
adisbladis: also wait, can you really put non-paths in NIX_PATH
<emily>
this is blowing my mind, can it be a real expression
<adisbladis>
emily: Ah, I think not.
<clever>
Ilya_G: it looks like pypi2nix is skipping some steps and not generating any nix, its just going right to building stuff
<clever>
Ilya_G: so you have no way to patch it
<cole-h>
Yeah, you can't put non-paths there :P
<emily>
emily@renko ~> NIX_PATH=foo=1 nix eval --expr '<foo> + 1' / error: file 'foo' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:1
<emily>
that's good because otherwise I'd be forced to do some extremely cursed things
<Ilya_G>
clever: it attempts to build package first and the if it is successful it includes that package into a nix file
<adisbladis>
Raito_Bezarius: Custom fixed-output-derivation fetcher that round trips to the pypi api :P
<Lumpio->
ooh
<Lumpio->
I know after that it'll start asking for pkg-config and such
<Lumpio->
I guess I'll need to add the relevant packages as buildInputs or something
<Raito_Bezarius>
adisbladis: :'D, but that'd break Nix purity, you need to have the hash of those somewhere, right? :D
<jumper149>
Is it possible to show all attribute attrset has? for debugging purposes
<adisbladis>
Raito_Bezarius: Do you know how fixed outputs work in Nix? ;)
<clever>
jumper149: builtins.attrNames
<Raito_Bezarius>
adisbladis: fixed output require hash to be known in advance, right?
<Ilya_G>
clever: I could potentially create a derivation manually but what should I include in buildInputs
<clever>
Raito_Bezarius: a fixed-output derivation must declare upfront what the hash of the result is, and if it fails to meet that claim, the build fails
<adisbladis>
Raito_Bezarius: Yes, but apart from that they have full access to the network to do all sorts of shenanigans
<Raito_Bezarius>
clever: yes, this is what I thought it was
<clever>
Ilya_G: you need to include systemd in the buildInputs
<Raito_Bezarius>
adisbladis: yes, but that will break the fact that poetry2nix works w/o any form of preprocessing
<jumper149>
clever: Where would I be using that for debugging? Let's say I wanna see all attributes of (import <nixpkgs>)
<adisbladis>
Raito_Bezarius: No it won't :)
<Raito_Bezarius>
IFD?
<Raito_Bezarius>
I don't see how you get the hash w/o fetching once the URL inside of a derivation
<adisbladis>
No, we know the file you're trying to fetch, the package name, probably the URL
<jumper149>
Is there a good explanation why some variables are toplevel and other are in 'builtins'?
<Raito_Bezarius>
Thank you a lot for those points adisbladis anyway, it's super helpful
<Raito_Bezarius>
Thank you too clever
mallox has quit [Quit: WeeChat 2.8]
<cole-h>
adisbladis: Seeing as you're somewhat involved with fish stuff, got a question for you: Should the "required binaries during execution" indeed be propagatedBuildInputs as opposed to wrapping fish's PATH?
<emily>
the ideal would be patching the paths in fish at build-time if that's viable
<emily>
aiui
<emily>
though I guess it depends on which executables we're talking about
<edrex>
Are there any alternative binary caches available for i686? Maybe I should try to set my fast main laptop as a build cross compile build slave..
<edrex>
Or maybe I should put a binary only dist on this old thinkpad..
Darkmatter66_ has joined #nixos
<cole-h>
emily: Problem is the function files depending on these binaries are many, and the `sed`ing we do now gets stale quickly
<cole-h>
(Indeed, many of the current `sed`s are no longer necessary.)
<emily>
cole-h: mhm. I would be tempted to just make one big substituteInPlace that runs over the whole tree rather than laser-patching stuff, but I understand the fuss of it
<emily>
cole-h: I think wrapping PATH for fish would make things weird because it's a shell and expects PATH to be the user's actual PATH etc.
<emily>
so propagatedBuildInputs is likely better in this case?
Darkmatter66 has quit [Ping timeout: 256 seconds]
<cole-h>
I thought that propagatedBuildInputs wasn't for runtime dependencies, but I guess I was wrong: "if it is (also) a runtime dependency, then it should be added to propagatedBuildInputs"
<cole-h>
I thought it was more for "application A uses library B, but wants to make library B available to its consumers"
<adisbladis>
cole-h: Of course the ideal situation is that we find and replace all commands, though that's never gonna work 100% of the time
<adisbladis>
And wrapping the PATH of a shell propagates to the user
<adisbladis>
So that's also not gonna fly
<cole-h>
Yeah, OK, I understand now. This conversation stems from my incomplete understanding of `propagatedBuildInputs` -- thanks for enlightening me. adisbladis++ emily++
<{^_^}>
adisbladis's karma got increased to 56, emily's karma got increased to 17
<{^_^}>
[nix] @Ma27 opened pull request #3548 → Fix displaying error-position in `builtins.fetch{Tree,Tarball}` → https://git.io/JfYK5
<emily>
cole-h: I mean it's gross to infect people's environments like this, but since faking environment variables isn't viable because of how shells work, and sedding is apparently too much of a pain, it's what you gotta do :)
<emily>
I'd personally encourage trying to see if you can't make a big enough hammer to patch out all the binary references in the upstream code automatically, but it definitely gets gnarly once you start talking about third-party code
<emily>
you can even generate the s||| scripts from a nice nix record
<cole-h>
adisbladis: Not gonna lie, I was super excited when I was resholved, because I thought it might solve my problems
<cole-h>
But it uses oil's parser or whatever, which doesn't support fish's syntax :(
<emily>
hackerfoo: Error: unknown command "/plain" (this is with weechat-matrix)
<emily>
resholved is really cool
<emily>
it should be easier to implement a fish variant if anything
<emily>
since fish has a normal syntax and isn't from hell
<hackerfoo>
Ah, nevermind. That's just Riot.
<emily>
but it'd be a separate project yeah
fendor has quit [Read error: Connection reset by peer]
<armin>
ok so how do i add spaces to the beginning of each line (read: "indent") output of /etc/motd?
<adisbladis>
cole-h: I keep looking into every new shell I can find but nothing beats fish for interactivity
<armin>
but zsh does ;)
<adisbladis>
I disagree :)
<cole-h>
adisbladis: Same. I realllllyyy wanted to switch back to zsh because of the powerlevel10k prompt (that git status is so fast), but the autosuggestion plugin just isn't there
<cole-h>
adisbladis: It's like uncanny valley: the autosuggestions are ALMOST good enough, but there's too much weirdness for me to get over
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
<emily>
adisbladis: have you played with elvish and other similar "fish-alikes"?
<emily>
nothing as polished, but i like some of the ideas
<armin>
adisbladis: well zsh by default doesn't, but you can well configure it to do almost the same thing.
<emily>
armin: if you give gish a proper try you might find out how much work "almost" is doing there :)
needHelp has joined #nixos
<adisbladis>
emily: Mostly I just wanna invest enough time to use eshell effectively
<adisbladis>
I don't really like using shell :)
<energizer>
adisbladis: hey, i've been wondering what'd be involved in publishing a build cache of poetry2nix builds of recent versions of the top, say, 90% of packages. have you thought about that at all?
<emily>
cole-h: a thought about resholve-for-fish: fish can already write out functions to files, I wonder how hard it'd be to have it fix up binary paths to be absolute when doing so
<needHelp>
anyone do a side chat that would know how to confirm this
<energizer>
adisbladis: are you worried about the labor involved in writing the software, or the storage size?
<emily>
needHelp: no, even the tiniest nixos build is way bigger than the persistent storage on your ME or whatever. we suck at closure size.
<adisbladis>
More about how useful the cache would actually be
infinisil has quit [Client Quit]
<emily>
needHelp: also, you're more likely experiencing random hardware failure than anything worthy of linux-based-rootkit-in-your-microcode paranoia
<needHelp>
idk those memory blocks have gotten pretty big
<needHelp>
why would HDD report at scsi on systems even on windows on these lenovo systems after clean installs
<Ilya_G>
clever: it looks like installing nixpkgs.systemd and then running `pypi2nix -r requirements.txt -E systemd -V python3.7` solved the problem
<cole-h>
emily: I think it'd be hard. Not having looked at its AST, does it even carry something that would denote a binary vs a builtin vs an erroneous string?
<emily>
uh, have you checked your bios settings for hardware raid stuff or whatever? I feel like the bigger question is how NixOS would have anything to do with that :P
<clever>
emily: a few years ago, i got a random segfault out of nowhere, and knowing nix hadnt changed any binaries, i suspected bad ram, and memtest confirmed a problem ~256mb into the ram
<energizer>
adisbladis: i'd guess that a lot of people would benefit some amount from having nixpkgs=20.03 numpy=1.18.3 impl=cpython37
<clever>
emily: but after juggling between all the ram sticks, i couldnt confirm which was bad, so i did a whole motherboard swap
<clever>
emily: and it still failed the ram test...
infinisil has joined #nixos
<clever>
emily: and thats when the jokes about a bios malware began to come up (was talking to somebody else as i debugged it)
infandum has quit [Remote host closed the connection]
zebrag has quit [Quit: Konversation terminated!]
<armin>
adisbladis: nice prompt :D
<clever>
emily: but then things got more fishy, when other systems, with cpu's from a totally different era, had the same problem, at the same offset in ram
<needHelp>
@emily I checked BIOS settings everything is fine in there but idk if I get to full bios all the time and even reclear post to get back to initial UEFI or bootloader
casaca has quit [Quit: leaving]
<simpson>
Sure, flaky BIOS/EFI implementations are a thing. I've got a machine that works fine, *if* it boots, and about half the time it doesn't boot. Such is life.
<energizer>
adisbladis: iow, i'm sure it explodes, but i bet most users have at least some packages in their project that are using common-enough versions of everything
<adisbladis>
energizer:
<bqv>
> pkgs.rocksdb.version
<adisbladis>
I'm not saying no :) Just voicing concerns
<{^_^}>
error: syntax error, unexpected ':', expecting ')', at (string):308:54
<Raito_Bezarius>
during a nix derivation?
<Raito_Bezarius>
(fixed output… :-°)
<Raito_Bezarius>
it's saying: CAfile: /no-cert-file.crt also
<elvishjerricco>
Where does the working directory of a nix build (i.e. NIX_BUILD_TOP) actually reside with the sandbox enabled on linux (i.e. on nixos)? Is it in /tmp?
<Raito_Bezarius>
my buildInputs includes curl only, but maybe I need to add some certs?
<adisbladis>
Raito_Bezarius: Are you trying to do that fixed-output hack? :)
<Raito_Bezarius>
adisbladis: I think I have everything to make it work
<clever>
emily: its in $TMPDIR
<Raito_Bezarius>
adisbladis: I'll submit a PR if you want :)
<Lumpio->
I don't like the "if" and path trickery...
<clever>
Lumpio-: :D
<EdLin>
is it possible in the nix configuration or elsewhere to automatically patch the kernel with 2-3 patches?
<Lumpio->
But for some reason it seems to run that postInstall bit twice - in two different directories
<adisbladis>
So just do that for now and deal with certs later :)
<EdLin>
some of which are over git and some local?
<Raito_Bezarius>
adisbladis: oh okay
<Lumpio->
It runs it once inside /build/yarn_home/.cache/yarn/v6/npm-canvas-2.6.1-0d087dd4d60f5a5a9efa202757270abea8bef89e-integrity/node_modules/canvas
<emily>
adisbladis: what, it does? :(
<Lumpio->
And then in /build/node_modules/canvas
<armin>
adisbladis: that's the first fish config i find beautiful though, thx
<Lumpio->
Does it make any sense to run it inside yarn_home though
morgrimm has quit [Ping timeout: 240 seconds]
<emily>
I wonder if there's any fundamental reason for that, surely we could just pull in the usual cacerts
<EdLin>
I have to go in about 10 minutes, am trying to make up my mind between nixos and gentoo for this. (Although they're about 180 degrees different in philosophy)
<emily>
adisbladis: it's not very big since it only applies to large mirrors that serve a bunch of files, and the size of transmission is also a huge leak, but ignoring certificates makes it trivial to MITM and eliminates that one advantage
<clever>
Lumpio-: if you run `pwd` inside postInstall, what dirs is it ran from?
<adisbladis>
emily: I'm well aware
gustavderdrache has joined #nixos
proofofkeags has joined #nixos
EdLin has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<cole-h>
Nice, just as I pulled the link for them...
Ilya_G has quit [Remote host closed the connection]
<emily>
armin: the real benefit of fish is that I will one day forget what an esac is
<emily>
adisbladis: sorry ^^; just giving my reasoning for why allowing self-signed/expired certs seems harmful if we're going to use https urls at all
<armin>
emily: sure that's a good thing? ;)
<emily>
ofc, you can say "https vs. http just doesn't matter to us", but in practice we don't seem to act that way (see: merged PRs moving http to https downloads, which I think are a good thing to be clear)
<Raito_Bezarius>
When I'm trying to do a derivation where I just want to have files, what's the proper structure for $out/ ?
<Raito_Bezarius>
I have: output path XXX should be a non-executable regular file
<emily>
if you want just one file then you can just echo directly into $out
<Lumpio->
clever: It's ran in both /build/yarn_home/.cache/yarn/v6/npm-canvas-2.6.1-0d087dd4d60f5a5a9efa202757270abea8bef89e-integrity/node_modules/canvas and /build/node_modules/canvas
<Lumpio->
pwd is what I used to find out those directories earlier.
<Lumpio->
I added a slightly more palatable test to just block any postInstalls in "yarn_home/.cache"
<clever>
Lumpio-: ahh, yeah, that sounds like a bug
<Lumpio->
And I'm trying to get just "yarn --offline run node-pre-gyp" to work but nope
<Lumpio->
"yarn --offline run node-pre-gyp install --build-from-source --nodedir=${nodejs}" is being ran in /build/node_modules/canvas now
<Lumpio->
However I get /bin/sh: /build/node_modules/canvas/node_modules/.bin/node-pre-gyp: not found
<Lumpio->
Which is correct I suppose because the binary is in /build/node_modules/.bin/node-pre-gyp
<Lumpio->
Not inside "canvas"
<clever>
weird
<adisbladis>
energizer: Btw, talk to garbas about this.
proofofkeags has joined #nixos
proofofk_ has joined #nixos
<Lumpio->
I suppose I could at least report an issue about it trying to run postInstall stuff in the cache directory
<Raito_Bezarius>
adisbladis: got another workaround which is much better than fixed output derivation!
<Lumpio->
The "node ../.bin/node-pre-gyp" is just fugly
<Raito_Bezarius>
adisbladis: apparently, you can replace py3 by the pyversion with what it was submitted
<Lumpio->
I can't figure out how to get yarn to run the install script in the package directly. It keeps looking for the binary it wants to run for in the wrong directory and/or it's installed in the wrong directory.
<Raito_Bezarius>
i think poetry just gave us this as kind right?
<Raito_Bezarius>
it's exactly what you're doing :'D
<adisbladis>
Yeah :/
<Lumpio->
IMO it would be pretty cool is mkYarnPackage had flags like "yeah this one actually needs the install script that's normally disabled"
<adisbladis>
I went down this path a few times before :P
<Raito_Bezarius>
Sorry to bother you adisbladis :'D
<Raito_Bezarius>
I'll give up soon and just make this fixed output derivation stuff work
<adisbladis>
It's nice to see someone else struggle with this crap for a change ^_^
<energizer>
hey garbas, adisbladis suggested i check with you about a question i have. i've been using https://github.com/nix-community/poetry2nix/ lately, and i'm often having to build different versions of numpy/scipy/etc. i'm wondering if it'd be feasible to build poetry2nix versions of popular packages on https://hydra.nix-community.org/ so users won't have to build them individually
foineoi has joined #nixos
smatting_ has joined #nixos
<adisbladis>
energizer: Is this personal projects or a company?
<infinisil>
energizer: Oh btw, see above link I posted, finally figured out how I could create such a python env where binaries know about the app's modules
<infinisil>
(which we talked about yesterday/two days ago)
lunik1 has quit [Quit: :x]
<adisbladis>
infinisil: Cool :>
<energizer>
infinisil: nice
<energizer>
infinisil: fwiw `projectDir=./.;` is sufficient to get the paths to the files
<foineoi>
appimage-run seems to change the working directory to the location of appimage-run before running the appimage. Any way to change this?
<adisbladis>
Poetry2nix is a fun project.. I was just gonna package a stupid web application and things snowballed (:
<infinisil>
Hehe
<infinisil>
Btw would you appreciate a PR to poetry2nix that adds the code I showed as e.g. mkPoetryApplicationEnv?
<infinisil>
Or maybe it could be integrated into mkPoetryApplication somehow
<Raito_Bezarius>
adisbladis: I'm exactly packaging a stupid web app :'D
<Raito_Bezarius>
adisbladis: while I have you, it's complaining due to the fact that unpackPhase cannot unpack a .whl
<Raito_Bezarius>
should the .whl be tarball'd?
<energizer>
infinisil: does that add your [tool.poetry.scripts] binaries to path??
<energizer>
s/??/?/
<infinisil>
energizer: Hmmm probably not.. At least in my case I don't need that section anymore
<infinisil>
Well no, the answer is *certainly* not
<simpson>
I have a library with only a static .a object and no pkg-config. I want to link with it statically. I have a test module from the library's example programs. It fails to link with piles of "undefined reference". What should I read to figure out more about static linking in Nix?
<infinisil>
But I guess that's something that should be done too in such a mkPoetryApplicationEnv function
<Raito_Bezarius>
do not know how to unpack source archive /nix/store/cx4cmi8m0940vrdwvy7a0p0vp12kvihf-wheel-0.34.2-py2.py3-none-any.whl
stree has joined #nixos
<energizer>
infinisil: iiuc, mkPoetryEnv is like mkPoetryApplication, but also 1) adds the dependencies binaries to PATH 2) makes the dependencies available on sys.path 3) makes your package available on sys.path 4) makes your app available on PATH
<energizer>
or, that's what it ought to be, at least. is that right?
<infinisil>
And I think this should even add the binaries from the poetry scripts!
<adisbladis>
infinisil: Maybe changing nixpkgs to not set NIX_PYTHONPATH but only prefix?
maddo has quit [Quit: See ya]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<adisbladis>
infinisil: I'm not sure if mkPoetryEnv should build the application..
<energizer>
adisbladis: it should imo
<infinisil>
I think it shouldn't
<adisbladis>
The intent with that function was to make a development environment
<energizer>
ok so there's a tradeoff:
shibboleth has quit [Quit: shibboleth]
<adisbladis>
infinisil: Hmmmmmm
<infinisil>
I'm suggesting to have a different mkPoetryApplicationEnv which *does* build the application with the extraLibs thing in my paste
<adisbladis>
infinisil: What's your use case?
<infinisil>
Getting you an environment with all dependencies plus your own app
<energizer>
on the one hand, it's nice to have an immediately responsive "editable" environment, similar to pip install -e or PYTHONPATH=.
<adisbladis>
infinisil: "your own app" being editable ?
<jumper149>
adisbladis: I am really kind of confused. When I use `hello.overrideAttrs (oldAttrs: { buildInputs = []; })` it still builds!?
<infinisil>
adisbladis: Wanting to run binaries from dependencies with them knowing about the apps modules, like celery and gunicorn
<energizer>
on the other hand, that doesn't actually work if you're using dynamic metadata or have C-extensions
<adisbladis>
jumper149: There are multiple types of build inputs
morgrimm has quit [Ping timeout: 256 seconds]
<adisbladis>
infinisil: Why I'm asking is that I'm thinking that _maybe_ mkPoetryEnv could make a "fake" app that symlinks to a location outside of the store
<jumper149>
adisbladis: Ah I see. Most of the needed stuff was probably in nativeBuildInputs
<adisbladis>
Essentially being equivalent to editable installs
<infinisil>
Hm that's not needed in my case
<energizer>
the editable way is the traditional python approach, which is convenient but not very robust. the "actually build it way" is normally less convenient, but is robust, and is what most languages do. however: with lorri nowadays, we can do the robust thing and it's covenient!
<infinisil>
I pretty much exactly need the mkPoetryEnv plus the app
<adisbladis>
energizer: I will _not_ build the application in mkPoetryEnv
konobi has joined #nixos
azazel has joined #nixos
<adisbladis>
But a prospective mkPoetryApplicationEnv (or a flag to mkPoetryEnv?) sounds fine
<energizer>
adisbladis: ok. would you accept mkPoetryApplicationEnv? have another function that does?
<energizer>
adisbladis: ok. would you accept mkPoetryApplicationEnv?
<adisbladis>
Maybe? Probably?
<infinisil>
A flag to mkPoetryEnv probably not, since then mkPoetryEnv needs a `src` argument
<infinisil>
Having a separate one sounds fine to me, then there's mkPoetryEnv for an environment with the dependencies only, which you can use for development of the app
<infinisil>
mkPoetryApplication you can use to build the app for deployment (if you have a binary you have declared)
<infinisil>
And mkPoetryApplicationEnv for deployment if you don't have a binary declared and rely on python/celery/other dependency binaries that need to use your python modules
<adisbladis>
infinisil: Please make a PR :)
<energizer>
once lorri is ready for prime time i might want to use mkPoetryApplicationEnv for development :)
<Raito_Bezarius>
adisbladis: rebase done, you should see only one commit
<adisbladis>
Really, both Raito_Bezarius and infinisil. You don't know how well timed all this interest is <3
<adisbladis>
I feel about 300% better
<Raito_Bezarius>
Gotta solve the Python packaging landscape
<Raito_Bezarius>
:D
<infinisil>
<3 adisbladis
<{^_^}>
adisbladis's karma got increased to 58
<tikhon>
I have a Python package I'm building with buildPythonPackage. How can I build something like a wheel that people could install with pip, without needing Nix?
<Lumpio->
Doesn't look like the mkYarnPackage repo has had a maintainer reply to any issues for at least a year :/
<infinisil>
energizer: If you have a longer build that might involve some C compilation or so, this becomes annoying quickly
quinn has joined #nixos
<Raito_Bezarius>
tikhon: pip wheel?
<jumper149>
adisbladis: cole-h: thank you that works perfectly :)
<Raito_Bezarius>
tikhon: that's something you do outside of Nix, I guess you can do it in Nix as part of some CI/Hydra stuff
<energizer>
infinisil: it might be too slow, sure. on the other hand, it is also annoying to be wondering why my stuff doesn't behave like the source says it should
<tikhon>
Would it make sense to build a derivation whose build step is pip wheel?
<cole-h>
jumper149: Happy to help (though to be honest I don't even remember what I did to help in the first place... :P)
<infinisil>
energizer: Hm true
<tikhon>
That's one thing I've thought about, but I"m not sure if there's a more idiomatic approach.
<adisbladis>
Wheels and Nix don't exactly go hand in hand
<jumper149>
pattern matching {buildInputs ? [],...} on oldAttrs :p
<clever>
jumper149: neat idea!
<tikhon>
I'm already using Nix to produce some statically linked executables, and I figured this would be the Python equivalent (more or less).
<adisbladis>
I'd build/publish the wheel outside of Nix
<adisbladis>
Or just push the sdist and skip the wheel ;)
<energizer>
gah don't skip the wheel
justanotheruser has quit [Ping timeout: 264 seconds]
<Raito_Bezarius>
universal wheels should be more or less fine I suppose?
<Raito_Bezarius>
binary wheels might be tricky
<energizer>
infinisil: does your new mkPoetryEnv provide the [tool.poetry.scripts] now?
<cole-h>
jumper149: Oh yeah. qyliss introduced it to me the other day... It's really nifty.
<infinisil>
energizer: Nah, that's not needed anymore
<{^_^}>
[nix] @Ma27 opened pull request #3549 → Add support for `narHash` in `builtins.fetchGit` → https://git.io/JfYXP
cantstanya has quit [Remote host closed the connection]
<energizer>
infinisil: why not?
<tikhon>
okay, thanks for the advice, I'm going to go play around a bit
negaduck has joined #nixos
cantstanya has joined #nixos
<infinisil>
energizer: Since now the dependencies binaries can be called directly. With the paste I showed above they now know about the apps modules
<energizer>
infinisil: no i dont mean the deps binaries, what about *your* binaries?
<infinisil>
There are none :)
<energizer>
haha
<infinisil>
But if there were any, and they'd be declared with [tool.poetry.scripts], then the paste above should also install them
<energizer>
in the general case one might have some
drakonis has joined #nixos
<infinisil>
I'll test that before I make the PR for mkPoetryApplicationEnv
tikhon has quit [Quit: ERC (IRC client for Emacs 26.2)]
<aleph->
Qq, iso's I generate from nixos-generate -f iso? Can I dd/cp that directly onto a boot device? Or should I use nixos-generate -f install-iso for that?
<jumper149>
Is there something like postBuildInputs which exposes these inputs only when a program is run? Like a nix-shell wrapper around the executable
foineoi has quit [Quit: Lost terminal]
<infinisil>
jumper149: For binaries, you'll want to wrap the executable with a PATH wrapper
<infinisil>
jumper149: grep for `wrapProgram` in nixpkgs to find lots of examples
<simpson>
Do we have a way to synthesize pkg-config data for libraries which don't have it?
<bqv>
simpson: by the way, i took your wonderfully awful idea of using nix as a build tool and ran with it, currently building a single package where i've replaced autotools with nix, so rather than being one derivation it's actually around about 650
<bqv>
it works well apart from the part where it checks the caches for every single one of those
aveltras has quit [Quit: Connection closed for inactivity]
<simpson>
bqv: Exciting!
<adisbladis>
Sounds awfully hacky. I love it.
<bqv>
i can only imagine this was done for every package, rebuilds could require orders of magnitude more derivations than the currently do
<energizer>
really what i want is semantically aware one that operates value-by-value
<simpson>
(Nevermind on my static-linkage question; I figured it out finally. Turns out that GCC's linker behavior is affected by `-std=gnu99` or similar. Yay?)
<jumper149>
infinisil: I have to put it into postBuild thought right? So I override the package with different buildInputs and so it needs to rebuild the whole derivation. I was hoping I can avoid the rebuilding.
<Raito_Bezarius>
adisbladis: okay got where I have done a mistake, stdenv.mkDerivation seems to wrap the derivation while fetchurl seems to return something akin to the drv.outPath, what should I use to pass for src?
<samueldr>
anyone used adb on 20.03 successfully (using the option programs.adb.enable), here it seems as though the udev rules don't apply right anymore
<mwx>
Hey, can I have a quick question? Do systemd units as created by systemd.services.<service> live in some sort of isolation? And if so, how do I bring more programs into the scope of this isolation
morgrimm has joined #nixos
<mwx>
(one unit refuses to work properly because it's #!/usr/bin/env refuses to find bash)
erasmas has quit [Quit: leaving]
<clever>
mwx: i would run patchShebangs over that script, that will change the #! to a proper absolute path
Desetude has quit [Quit: WeeChat 2.7.1]
<mwx>
Oh wait, how would you actually do a shebang in a proper nixos way?
<adisbladis>
mwx: #!/usr/bin/env python
<clever>
mwx: the absolute path to bash
<adisbladis>
For example
<clever>
or python
<adisbladis>
And then some helpers in the build would patch that to an absolute store path
<Raito_Bezarius>
adisbladis: pushed, it seems to pass the old test for preferWheel now
<Raito_Bezarius>
I don't know how relevant would it be to add a full common-pkg test for wheels too
<adisbladis>
Raito_Bezarius: Thanks :)
<Raito_Bezarius>
adisbladis: feel free to edit or comment on anything :)
<adisbladis>
I don't have the brain capacity for reviewing right now :)
rimpossible[m] has joined #nixos
<mwx>
Yeah, but what if those scripts aren't part of the package? The package just calls them occasionally, I don't wanna make them part of the package because, in theory they don't even have to be there, and also they change very often
<mwx>
I can't do patchShebangs, because the build process will never get even close to them
<Raito_Bezarius>
adisbladis: No problem of course :D
rimpossible[m] has left #nixos ["User left"]
<mwx>
I think systemd.services.<name>.path is what I need. Does it take just package names as arguments?
<clever>
mwx: it takes derivations, like pkgs.bash
<adisbladis>
mwx: It's a list of paths (or derivations)
<mwx>
nice, pkgs.bash is literally the exact thing I need. Hopefully it will fix it
<adisbladis>
I'd still use patchShebangs though
<clever>
yeah
<mwx>
That would require adding all those scripts inside the package. That's not practical rn sadly
<mwx>
They are part of the config of the package, rather than the package itself. Like plugins
hlisp has joined #nixos
vandenoever has quit [Ping timeout: 265 seconds]
<mwx>
Also, this isn't really relevant but why "derivations"? I mean it sounds like they are just packages. What's the difference between any other distros' package and NixOS's derivation?
<clever>
mwx: so it directly uses that version of bash, and doesnt care what you have "installed" elsewhere
<mehlon>
I think it's because it's like a function. But I'm not sure where that terminology even comes from
<adisbladis>
"The result of the function in this case is aderivation. This is Nix-speak for a com-ponent build action, whichderivesthe component from its inputs"
<jumper149>
Where can I find the documentation for makeWrapperArgs?
<mehlon>
it's a bit weird though because there's no mathematical concept that derivation relates to
<mwx>
Also yay the bash part works now! Except I also use bunch of other things in the scripts so now I gotta add more dependencies to the pacakge because the plugins need them (‡ಠ╭╮ಠ)
<mehlon>
well yeah, but if it's just a function then there's no need to call it a separate thing like "derivation"
<mwx>
UUUHHH I just looked it up, I am actually versed in the general area, mathematical analysis, I just had in at college
<adisbladis>
You derive a package from it's input
<mehlon>
the result of a function is an image, yeah? then you could call it nix images
<mwx>
I think I can guess why. You "derive" the "derivation" from the original package. In NixOS's world, package is what other ppl call upstream, whereas the derivation is one "instance" and version of this package?
<Raito_Bezarius>
I have good news for you adisbladis
<adisbladis>
And a bit of Arch, but Arch was.... Not great
<mehlon>
thats pretty.............. smart
<clever>
energizer: basically, install single-user nix, use nix-build to build nixos, then tell nixos, "its a nixos machine, trust me, just fix the bootloader"
<adisbladis>
Exherbo was pretty fun
<mwx>
Also cool! I'm myself coming from Arch... was a bit tired with keeping the servers online on Arch, so now it has nixos. I use Arch on desktops tho
<clever>
but basically, if /etc/NIXOS_LUSTRATE exists on bootup nixos will move EVERYTHING in / to /old-root/
<clever>
so you basically just `nix-build '<nixpkgs/nixos>' -A system -I nixos-config=/etc/nixos/configuration.nix && touch /etc/NIXOS /etc/NIXOS_LUSTRATE && ./result/bin/switch-to-configuration boot`
<energizer>
i dont suppose that'll make it into nixpkgs?
<clever>
NIXOS_LUSTRATE is already in nixpkgs, it was written based on how i manually repaired a machine i had converted from gentoo :P
<mehlon>
"lustrate" lol
<clever>
but the kexec tools are a lot more flexible/simple
<clever>
energizer: that ticket is also about extending nixos, to support kexec'ing any target to nixos
alp has quit [Ping timeout: 265 seconds]
<clever>
so you could go to basically any cloud provider, provision a generic linux distro, then just give nixops the ip and root pw, and bam, its now nixos
<adisbladis>
clever: It would be pretty cool if kexec "provisioning" could be included in nixops somehow :)
<energizer>
yeah that's what i want
<clever>
adisbladis: yeah, thats what the ticket i linked is for
<adisbladis>
For some reason I read nixos instead of nixops :)
<clever>
adisbladis: it also includes directions on how to skip configuration.nix, and just use `nix copy` to copy to /mnt/nix/store on the remote machine
mwx has quit [Remote host closed the connection]
<clever>
adisbladis: so nixops can copy a pre-made closure to the target, and immediately activate the bootloader cfg
<armin>
i'm just curious if it's possible: can i change the colour of the green "<<< Stage 1 >>>" bootup messages?
<energizer>
does nixos require rebooting for kernel upgrades, or can it use ksplice/kgraft/etc?
<qyliss>
armin: only by editing the source
<clever>
adisbladis: one anoyance with image based stuff like the AMI's in aws, is that your rarely deploying the same nixpkgs revision
<clever>
energizer: it requires a reboot
<armin>
qyliss: and the message being shown?
<qyliss>
that too
<armin>
okeh
<clever>
adisbladis: so once nixops has deployed, you basically doubled your disk usage, due to a mass-rebuild
<Raito_Bezarius>
+1 @ kexec provisionning
<clever>
adisbladis: but kexec provisioning would make generation #1 be your exact config
user_0x58 has quit [Remote host closed the connection]
<clever>
adisbladis: and for aws, you could skip the kexec even, just put the same kernel/initrd into an AMI with grub, and boot it to ram always
user_0x58 has joined #nixos
o1lo01ol1o has joined #nixos
<adisbladis>
I'm super unclear on how things would look like
<clever>
adisbladis: for aws, you would have an AMI that contains the same kernel/initrd (plus changes to deal with aws ssh keys), and grub, and boots with root in ram
<Raito_Bezarius>
i'm just getting again this "don't know how to unpack wheels" but that most likely due to something I don't understand and it's bit late
<clever>
adisbladis: then nixops would use `nix copy` like in the above ticket, to copy to /mnt/nix/store on the aws machine
<clever>
adisbladis: and finally, run nixos-install with a storepath, to activate the bootloader
<adisbladis>
clever: I mean in terms of plugin hooks and how it would be integrated in nixops
<clever>
adisbladis: i was thinking of it being a plugin that offers 2 main functions, the 1st takes ssh credentials for "not nixos" and will kexec into nixos (which aws can skip, as above)
<clever>
adisbladis: the 2nd fucntion then takes ssh creds for a nixos running from ram (kexec, livecd, other similiar ones), and will `nix copy` to /mnt/nix/store, and activate
o1lo01ol1o has quit [Ping timeout: 264 seconds]
<clever>
adisbladis: then each provider like aws, will call the right ones, depending on what the provider can do
<clever>
for aws, skip the kexec stage, use an ami that boots the kernel/initrd directly
<clever>
for something like OVH, use the api to force it into the netboot rescue console, then use the 1st func to kexec, and the 2nd to deploy
noudle has quit [Ping timeout: 256 seconds]
<clever>
for packet.net, you can pxe boot the kernel+initrd, then use the 2nd func
<clever>
adisbladis: the "none" backend would also have livecd support, you boot the existing ISO on baremetal, point nixops to it, and just run the 2nd function
<clever>
so you can just boot the livecd, and let nixops install to disk
<adisbladis>
clever: It's way too late-o-clock to think about this for me
<adisbladis>
This sounds like really good input for nixops 2.0
<clever>
energizer: this will generate a kernel, initrd, and grub fragment, to boot nixos into ram
<energizer>
ooh nice
<clever>
energizer: you would then add that fragment of config to your grub file, and copy the other 2 to /boot, and then you can launch the installer from grub, like any other os in a multi-boot setup
<clever>
it will behave like a livecd, so all changes are lost at shutdown
<clever>
it was originally made to help a guy, that wanted to put a dozen distro installers onto 1 USB stick
<energizer>
haha whyyy
<clever>
but it can also be used as another option, when kexec isnt supported in your rescue kernel
<clever>
or to make a /boot only disk image, that boots directly from ram
<Raito_Bezarius>
:D
<Raito_Bezarius>
clever: have you seen that Scaleway allows to use iPXE apparently?
<clever>
Raito_Bezarius: this generates an ipxe script
<clever>
Raito_Bezarius: most of my code to boot nixos in ram (kexec, multi-boot-helper, and others) is just grabbing that netboot kernel/initrd, and then booting it via something else
<Raito_Bezarius>
Makes sense, iPXE is pretty neat
<clever>
because the netboot code puts the entire rootfs into the initrd