<hoplaahei>
nfinisil: ah right. Thanks. Is this the new way of doing things Xorg is trying to enforce?
Darkmatter66_ has joined #nixos
<Guest83>
howdy, would anybody be able to help me with setting up mpd and ncmpcpp? my old config has stopped working and now I cant start the mpd service
<hugbubby>
is nixos stabler than other linux distros
<hugbubby>
for a desktop user
morgrimm has joined #nixos
Maxdamantus has quit [Ping timeout: 240 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/JfGuW
Maxdamantus has joined #nixos
<gchristensen>
hugbubby: I think so
<reanimus>
glittershark: i don't think you're supposed to have the same package present in multiple dependency lists
griff__ has quit [Ping timeout: 272 seconds]
acowley has quit [Ping timeout: 256 seconds]
griff__ has joined #nixos
<Guest83>
update: journalctl isnt showing me anything interesting as to why mpd wou/ld be failing to start, and if I set it to only startWhenNeeded then the conection is refused
<infinisil>
carfax: Did you run nixos-generate-config to get a new hardware-configuration.nix?
<carfax>
yup
<infinisil>
Hm, my only idea is to try a different kernel version
selfsymmetric-mu has left #nixos ["gone to the land of dead hiccups and extinguished light bulbs"]
<carfax>
tried with 20.09pre too. I'm guessing that has the latest version right?
<carfax>
unstable
<carfax>
same
<infinisil>
carfax: Nah, for the kernel you need `boot.kernelPackages = pkgs.linuxPackages_latest`
griff__ has quit [Quit: griff__]
<Elorm[m]>
<carfax "I tried switching usb sticks. Sa"> A few people claim using a different usb sticks doe it. See this issue for reference https://github.com/NixOS/nixpkgs/issues/6265
<{^_^}>
#6265 (by lethalman, 5 years ago, closed): Cannot boot live cd
<carfax>
I saw it too during a search. Tried all the suggestions but they didn't work for me
Maxdamantus has quit [Ping timeout: 260 seconds]
fusion809 has joined #nixos
Maxdamantus has joined #nixos
smatting has joined #nixos
jumper149 has quit [Quit: WeeChat 2.8]
Fare has quit [Ping timeout: 246 seconds]
smatting_ has quit [Ping timeout: 240 seconds]
sigmundv__ has joined #nixos
morgrimm has joined #nixos
mammothbane has quit [Remote host closed the connection]
vika_nezrimaya has quit [Ping timeout: 246 seconds]
gustavderdrache has left #nixos [#nixos]
Henson has joined #nixos
<Henson>
is it possible to include multiple scopes using a "with" statement, like "with lib pkgs;"?
leotaku has joined #nixos
leotaku_ has quit [Ping timeout: 256 seconds]
<Henson>
also, I know with nixops it's possible to overlay the nixpkgs that you're using to define your network, but say I wanted to define a machine that had nixos containers inside it. I'm having trouble getting the overlaid nixos options that appear in the network definition scope to appear in the configuration scope of the container that's being defined.
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #nixos
h0m1 has quit [Ping timeout: 272 seconds]
h0m1 has joined #nixos
hoplaahei has joined #nixos
<hoplaahei>
I have the config option to start an emacs daemon user service, but it doesn't survive a logout. I thought the default behaviour for NixOS was not to kill user processes on logout?
<hoplaahei>
Or when I logout and log back in emacsclient is connecting to a fresh instance.
<unclechu>
hey, what `services.xserver.videoDrivers` are used by default?
<unclechu>
i have amd/ati radeon r7 videocard (also embedded intel videochip into the motherboard), i tried to set it to `["amdgpu"]` and `["radeon"]` but `lightdm` isn't starting
<unclechu>
i think even x-server isn't starting
<unclechu>
not just lightdm
<waleee-cl>
what happens if you add "intel" in addition to "amdgpu" ( = ["amdgpu" "intel"])
<unclechu>
adisbladis: thanks. can i somehow check which driver is currently used?
<unclechu>
`glxinfo | grep -i opengl` shows `vendor string: VMware, Inc.` which confuses me
<unclechu>
it shows nothing about radeon, amd or whatever specific to my videocard
fling has joined #nixos
<hoplaahei>
aleee-cl: yea I enabled it. The daemon starts and I can connect with emacsclient -c, close the window, and re-open it and the state is saved. Logging out, however, causes all the state to be lost.
<unclechu>
waleee-cl: when i use `["amdgpu" "intel"]` it stops at `[ OK ] Reached target Graphical Interface.`, after this line in the log it does nothing
<waleee-cl>
oh, sorry, you mentioned the "not kill user processes on logout"
<hoplaahei>
waleee-cl: OK I'll try to find a way to make system service. Ty for help.
felixfoertsch has quit [Ping timeout: 244 seconds]
felixfoertsch has joined #nixos
<hoplaahei>
waleee-cl: I maybe misunderstood, but I thought KillUserProcesses=no (which nixos seems to default to), would prevent killing user services.
<waleee-cl>
if I'm reading that correctly you'd need to be logged in to multiple sessions for the emacs service to not be killed
<waleee-cl>
or enable lingering
<hoplaahei>
waleee-cl: yes I'm reading something about a "linger" setting that may allow the process to carry on, but it looks like a nix config option never got added for it.
kwannoel has joined #nixos
hoplaahei has quit [Remote host closed the connection]
kwannoel_ has joined #nixos
kwannoel has quit [Read error: Connection reset by peer]
<unclechu>
waleee-cl: this works: `["radeon" "intel" "modesetting"]` but `glxinfo` still shows the same
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #nixos
steshaw has joined #nixos
<Raito_Bezarius>
is there any way to compute decode of baseXX in nix?
<Raito_Bezarius>
i want a stupid way to obfuscate emails to prevent bot scraping
<Raito_Bezarius>
so I was planning to store sensible emails in base16 encoded format
proofofkeags has quit [Ping timeout: 260 seconds]
<energizer>
how do i list the packages i've installed with `nix-env -i` so i can remove them?
<hoplaahei>
ls /var/lib/systemd/linger shows my user has it enabled
<waleee-cl>
hoplaahei: is there an option? I got the impression you'd need to manually invoke loginctl -enable-lingering
<waleee-cl>
ah, sorry, my connection is acting up (didn't receive your last comment)
<hoplaahei>
I did manually enable it with the command and it seems persistent across reboot
<hoplaahei>
Unless it was already set.
morgrimm has joined #nixos
<hoplaahei>
So I'm not sure if there is something specific in the emacs service that makes it exit with the session.
<quinn>
will journalctl -xe tell you?
EdLin_ has joined #nixos
<hoplaahei>
quinn: there are some "crashed and dumped core" in the logs.
<hoplaahei>
I'm not sure if I'm just misunderstanding, but I don't think the user service should be getting killed. And it's a pain because e.g., this irc window within emacs will die if I want to logout and test it.
<{^_^}>
[nixpkgs] @jonringer pushed commit from @r-ryantm to master « bzflag: 2.4.18 -> 2.4.20 »: https://git.io/JfGVM
morgrimm has quit [Ping timeout: 240 seconds]
<unclechu>
i tried many ways to force x-server to use either "radeon" or "amdgpu" driver but all of the failed
<EdLin_>
unclechu: do it on the kernel command line
<unclechu>
<EdLin_ "unclechu: do it on the kernel co"> sorry, do what?
<bpye>
Any thoughts about how I can debug an icon issue? I've installed redshift-wlr with home-manager and I'm running redshift-gtk, either from a service or just from a terminal. The tray icon shows but I see no icons :( Checking the nix store path for the package the icons are present, but all I see is the missing icon icon
<unclechu>
EdLin_: i set `boot.kernelParams = ["radeon.si_support=0" "amdgpu.si_support=1" "amdgpu.dc=1"]`, it stops at `[OK] Reached target Graphical Interface`, it seems x server doesn't start
gxt has quit [Ping timeout: 240 seconds]
Maxdamantus has quit [Ping timeout: 246 seconds]
zebrag has joined #nixos
inkbottle has quit [Ping timeout: 272 seconds]
<EdLin_>
unclechu: try amdgpu.dc=0 alternatively
Maxdamantus has joined #nixos
<EdLin_>
also the amdgpu.dpm paramter might need changing
<EdLin_>
weird, maybe someone else here can help... it's all I can think of...
<EdLin_>
I'm a nixos noob myself, was using an amd 390x (which uses those kernel parameters) with another distro, but am using an rx 5700 XT now...
<EdLin_>
ah, found the answer to my question, nix.maxjobs...
<EdLin_>
(not your question sadly, mine)
kwannoel has quit [Read error: Connection reset by peer]
<unclechu>
it seems i managed to use "radeon" driver at least
<EdLin_>
the radeon driver performs very poorly, turns any card into a 7850
<EdLin_>
that's good enough for desktop compositing at 1080p, but no good for games and the like
<unclechu>
but i had to turn on `hardware.enableRedistributableFirmware = true;`
horek has joined #nixos
<unclechu>
it seems "radeon" requires some non-free firmware?
<EdLin_>
so does amdgpu
<EdLin_>
they both use microcode
<EdLin_>
just like your CPU does (or should)
hlisp has joined #nixos
morgrimm has joined #nixos
kwannoel has joined #nixos
<EdLin_>
if you want totally free firmware, x86_64 is really the wrong platform for that, though if you can get coreboot running, you can approach that nirvana.
Vikingman has quit [Read error: Connection reset by peer]
EdLin has joined #nixos
hlisp has joined #nixos
EdLin_ has quit [Ping timeout: 260 seconds]
Vikingman has joined #nixos
<unclechu>
EdLin_: i don't get it, i have `kernelParams = ["radeon.si_support=1" "amdgpu.si_support=1"]` but `lspci --nnk` tells me that "kernel driver in use: radeon"
kwannoel has quit [Read error: No route to host]
<unclechu>
shoudn't radeon driver be turned off
<unclechu>
?
kwannoel has joined #nixos
hlisp has quit [Ping timeout: 246 seconds]
<unclechu>
ah, sorry, i mean `["radeon.si_support=0" "amdgpu.si_support=1"]`, just a typo (in my config there is no such typo)
_viz_ has joined #nixos
hugbubby has quit [Ping timeout: 264 seconds]
kwannoel has quit [Read error: Connection reset by peer]
horek has quit [Quit: Leaving]
oborot has quit [Ping timeout: 272 seconds]
hlisp has joined #nixos
kwannoel_ has joined #nixos
<{^_^}>
[nixpkgs] @peterhoeg merged pull request #86842 → superTuxKart: use assets directly from download → https://git.io/JfGWZ
<unclechu>
i've never managed to use this card with `amdgpu` before
kwannoel_ has quit [Ping timeout: 272 seconds]
cybrian has joined #nixos
<unclechu>
and the problem was that i needed `cik` instead of `si`, so this works for me: `kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1" "amdgpu.dc=1"]`
kwannoel has joined #nixos
<unclechu>
EdLin_: thanks again for your hints, it did help a lot!
zupo has joined #nixos
<craige>
I'm trying to understand why a package one machine provides a symlink a file to /run/current-system/... but on another machine does not.
<craige>
The configurations as best as I can tell are identical.
<{^_^}>
[nixpkgs] @zhenyavinogradov opened pull request #86882 → python3Packages.pyln-client: init at 0.8.0 → https://git.io/JfGwy
<craige>
Has anyone encountered that situation before?
<srhb>
craige: Sorry, I did not understand the question. Are you saying a certain file is missing from /run/current-system on one system, but is present on another, with the same config?
<ldlework>
But I'm getting the following error: anonymous function at /nixcfg/modules/home/linux/workstation/sabaki/node-env.nix:3:1 called with unexpected argument 'lib'
hlisp has joined #nixos
<ldlework>
I don't understand why it thinks node-env.nix is being called with a "lib" parameter???
<ldlework>
pls help :)
<craige>
The package in question is python36Packages.powerline and the missing symlink is /run/current-system/sw/share/tmux/powerline.conf
<craige>
Present on one, not on the other. Got my head scratching :-)
<ldlework>
argh
<srhb>
craige: Can you confirm that this is powerline 2.6?
palo1 has joined #nixos
fabianhjr has quit [Quit: Leaving.]
<srhb>
craige: Oh, nevermind, I'm reading the diff wrong. It was sent before that too.
<srhb>
s/sent/present. I swear my keyboard is eating some of my keypresses.
waleee-cl has quit [Quit: Connection closed for inactivity]
<srhb>
craige: The only thing I can think of is a path conflict, but if it's entirely absent that doesn't really make sense.. It feels like they can't be the same nixpkgs rev with that behaviour. I don't know. We're missing something :)
<craige>
We are, hence my call out - I'm missing *something* but the what is proving elusive :-)
<srhb>
Yeah, for sure.
<ldlework>
srhb: if you get a moment think you can take a look at my gist? I bet my problem is super dumb.
<srhb>
craige: Is there evidence of the rest of that module having effect?
<srhb>
craige: Any overlays that might affect pythonPackages?
<srhb>
ldlework: Gist with --show-trace perhaps
<{^_^}>
[nixpkgs] @cdepillabout closed pull request #46482 → WIP: haskell: Make linkWithGold use gold also for compiling Setup.hs → https://git.io/fAVUO
<Guest84>
Hello, can I combine `override` and `overrideattrs`?
swapgs has joined #nixos
swapgs has joined #nixos
swapgs has quit [Changing host]
<Guest84>
I have a param, say, `hasEyes`. Now the animal derivation inside changes drastically on the basis of that. I also want to change the inside derivation a bit, so I'm using `overrideattrs` there. But I also don't want it to have eyes, (and don't want to repeat the long logic)
morgrimm has joined #nixos
hlisp has quit [Ping timeout: 256 seconds]
<srhb>
Guest84: (foo.override { ... }).overrideAttrs (old: { ... }) -- but it sounds like you're already doing that?
<Taneb>
I want to set up a systemd.mount service, but using a non-standard mount plugin (in this case, gcsfuse) do I need to have the latter installed system-wide?
<marek>
hrm, what could cause hydra not picking up new PR jobs? the PR is listed in github-pulls-sorted.json, but hydra is ignoring it, I'm having a hard time to debug it
vidbina has joined #nixos
o1lo01ol1o has joined #nixos
morgrimm has joined #nixos
hmpffff_ has joined #nixos
morgrimm has quit [Ping timeout: 246 seconds]
hmpffff has quit [Ping timeout: 244 seconds]
pjt_014 has quit [Ping timeout: 260 seconds]
hmpffff has joined #nixos
splintah has joined #nixos
hmpffff_ has quit [Ping timeout: 260 seconds]
<{^_^}>
[nixpkgs] @vcunat pushed 14 commits to release-20.03: https://git.io/JfGMR
<gchristensen>
adisbladis: =) I never got to the nixops testing part, but figured it cruel to make you wait :P
<gchristensen>
and manual testing lgtm. way to go!
<CRTified[m]>
Hi, I wanted to test something with gnuradio, but running it fails with `no module named gtk`, although pygtk is in its propagatedBuildInputs. I already found an issue ( https://github.com/NixOS/nixpkgs/issues/82263 ) but that only covers the upgrade to 3.8. Any pointers on how to get it running (easily) to play around with it?
<{^_^}>
#82263 (by doronbehar, 7 weeks ago, open): GNU radio 3.8 update meta issue
<evax>
ma27[m]: hi, I stumbled across your comments in this PR https://github.com/NixOS/nixpkgs/pull/69202, I'm experiencing something similar, could you please expand on the configuration issue you're referring to?
<SplitFire>
Hello to all! Pretty much new to NixOS, so apologise for any newb questions. The problem: I want to use another locale (LANG) under user account. Ex: system - en_US.UTF-8, user - ru_RU.UTF-8. How to do that?
<maralorn>
SplitFire: I can‘t find an option to configure user environment variables right now. In general nixos is not well equiped to track the /home configuration of single users. I guess you have two options: 1. Set the variables manually in the correct ~/.<something>profile of your user. 2. If you dislike 1. because of its statefulness, you can have a look into home-manager to configure your user environment declaratively.
<maralorn>
I‘ll just guess possible problems: 1. the locale you configured there is not installed, 2. you didn‘t logout and in again, 3. you have an error in that file, 4. nixos ignores that file. My best guess is 1.
<maralorn>
SplitFire: Have you tried adding the locale that you wanna use to i18n.supportedLocales
<omid>
Hey everyone. I'm new to NixOS, and I'm trying to add an auxilary .desktop file to a package (to Emacs, specifically). But I don't know where I should look for a guide.
<omid>
I want to keep the default emacs.desktop, but add another org-protocol.desktop to the package.
<marek>
lewo: so it should work right? when creating it as new project, it fetches the PRs and builds them, but not any new open PRs
<typetetris>
Hi there. Using neovm.override with customRC and packages.myVimPackages it looks like the packages aren't loaded for the init file. How can I change that?
<lewo>
marek: no, it fetches new PRs. Actually, it creates a jobset which is in charge of creating jobsets for all PRs found on the project.
<marek>
lewo: /nix/store/faiixxjk03wgdnw2d9bmv7p95jkm5x57-hydra-2019-08-30/bin/.hydra-eval-jobset-wrapped: specified jobset "holo-nixpkgs:456" does not exist
<marek>
lewo: but when I create a new project, it imports all open PRs and the jobset is there, but yet again any newly open PR is ignored
<manveru>
romildo: you can try `sudo nix-store --verify --check-contents --repair`
<manveru>
but i don't think interrupting would cause this...
oborot has joined #nixos
cr4y1_ has joined #nixos
cr4y1 has quit [Ping timeout: 264 seconds]
fusion809 has quit [Remote host closed the connection]
xbreak has joined #nixos
<evax>
ma27[m]: that would be great, thanks!
<{^_^}>
[nixpkgs] @misuzu opened pull request #86946 → nixos/gitlab-runner: add more global options → https://git.io/JfGbC
<romildo>
manveru, the nix-store command you suggested is still running. It already reported that some paths cannot be repaired: /nix/store/*-env-manifest.nix /nix/store/x*-nixexprs.tar.xz /nix/store/*-user-environment.drv
zupo has joined #nixos
marsh has quit [Remote host closed the connection]
<dxtr>
So, let's say I want to move over to zfs. What would be the best course of action? Just reinstall? Or can I move everything over to a new disk, reformat the old disk and move it back?
xbreak has quit [Remote host closed the connection]
hlisp has joined #nixos
<hyper_ch>
dxtr: just reinstall.. keep your nixos configuration.nix and hardware-configuration.nix
<dxtr>
that's what I figured
<{^_^}>
[nixpkgs] @peti opened pull request #86948 → ghcWithPackages: add ghcOptions argument to pass extra options to the compiler → https://git.io/JfGNa
Darkmatter66_ has quit [Ping timeout: 246 seconds]
cole-h has joined #nixos
gentauro has quit [Ping timeout: 246 seconds]
ddellacosta has joined #nixos
b9u0s has joined #nixos
srid has joined #nixos
growpotkin has joined #nixos
gentauro has joined #nixos
nschoe has quit [Quit: No Ping reply in 180 seconds.]
<b9u0s>
hello everyone. I'm trying to use `boot.zfs.extraPools`, but it does not work. I want to be able to debug this by myself, but have absolutely no idea how. I can not find a file `zfs-import-*` on my system, but it should be created here: https://github.com/NixOS/nixpkgs/blob/19.09/nixos/modules/tasks/filesystems/zfs.nix#L474 is there some way to find out what the variables evaluate to? I don't need a whole troubleshooting session, some
<b9u0s>
keywords I can search for are enough :-) thanks a lot!
nschoe has joined #nixos
torporish has joined #nixos
spacekookie has quit [Quit: **agressive swooshing**]
<torporish>
hey all, can someone suggest a best practise for overlaying a specific package on a pinned shell.nix e.g. pulling in openjdk from e.g. https://github.com/NixOS/nixpkgs/pull/83116
<torporish>
or pretty much a good intro to how i'd write an overlay for openjdk as above?
<cole-h>
torporish: I think you can `fetchTarball` nixpkgs from that PR and use openjdk from it. e.g. `jdkpkgs = fetchTarball https://github.com/NixOS/nixpkgs/tarball/<insert commit from PR here>;` and `buildInputs = [ jdkpkgs.openjdk14 ];` or whatever
<torporish>
cole-h Cheers, just thinking that, makes good sense :)
<morgrimm>
Is pointing a package src directly at an archive valid?
<morgrimm>
Will Nix recognize it and unpack it correctly?
<morgrimm>
(an archive in the derivation directory, I should specify, not fetched)
justanotheruser has quit [Ping timeout: 260 seconds]
erasmas has joined #nixos
user_0x58 has joined #nixos
<{^_^}>
[cabal2nix] @hyperfekt opened pull request #455 → fix fetching from remote archives → https://git.io/JfGp3
<srhb>
asheshambasta: If you provide a nix file that immediately nix-buildable with -A haskellPackages.amazonka it'll be easier to debug. At first glance, it looks like you're using overlays in a weird way, and ignoring the hself and hsuper-like arguments, and using a callPackage-analog that doesn't include your changes (super)
nschoe has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @1000101 opened pull request #86957 → Use go version to 1.13 as Number behavior in 1.14 has changed → https://git.io/JfGjn
nschoe has joined #nixos
<srhb>
asheshambasta: Or the shorter version, you probably* want something like this, where the key point is that callWhatever is from hself... self: super: { haskellPackages = with self.haskell.lib; super.haskellPackages.override (old: { overrides = self.lib.composeExtensions (old.overrides or (_: _: {})) (hself: hsuper: { foo = something; bar = hself.callWhatever barsrc {}}); }); }
<srhb>
But oh god do I remember having to jump through hoops with amazonka :-)
noudle has joined #nixos
Fare has joined #nixos
KindOne has quit [Quit: K-Lined]
morgrimm has quit [Ping timeout: 246 seconds]
<whatisRT>
I want to write a derivation for a project that uses non-portable shebang lines. Is there a way to get them to work without telling the author to change them?
zupo has joined #nixos
<srhb>
asheshambasta: Or, one more way: In general `super.fooPackages.callWhatever bar { ... }` in general means: Build foo, using the arguments provided from the _unmodified_ (supers) fooPackages.
<srhb>
Er, build bar*
<simpson>
whatisRT: How non-portable are they? Replacing shebangs is a pretty common task.
<srhb>
asheshambasta: Wheras `self.fooPackages.callWhatever bar {}` -- in general means build bar with the _modified_ (selfs) fooPackages as arguments.
<srhb>
asheshambasta: Of course, the semantics vary and haskellPackage overrides are particularly unergonomic.
<simpson>
whatisRT: Try calling patchShebangs on the offenders, I suppose?
gilligan has quit [Ping timeout: 240 seconds]
cjpbirkbeck has joined #nixos
<unclechu>
hey, is there any way to search for a package by its name using shell command? like on this page https://nixos.org/nixos/packages.html but from a terminal?
<ldlework>
Sabaki is literally the only SGF editor that supports the whole of SGF so I would gladly pay 10 or 20 bucks for someone to make it happen. I think for now I will be more productive writing the SGF by hand.
<ldlework>
quinn: I am trying to build Sabaki. I haven't opened an issue because it's not really anyone else's problem. Should I?
<quinn>
there is a 'package request' feature in the issue tracker. if you want help you could open one but i don't think a lot of people scan through that tag
<MichaelRaskin>
ldlework: also, you remember about buildFHSenv, right?
<quinn>
ldlework: kind of busy right now but if you link me a gist i will look at it in a while
codygman has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @andir pushed 6 commits to release-20.03: https://git.io/JfZJT
b9u0s has quit [Ping timeout: 256 seconds]
codygman has joined #nixos
<MichaelRaskin>
There is function buildFHSenv in Nixpkgs
<jkachmar>
https://github.com/NixOS/nixpkgs/issues/86968 <-- opened an issue for the darwin + tensorflow stuff I'm running into with logs and the context from what I've investigated so far
<MichaelRaskin>
it creates a script that uses user namespaces to provide /usr and /bin and /lib based on the declaratively specified env contents
codygman has quit [Read error: Connection reset by peer]
knupfer has quit [Remote host closed the connection]
codygman has joined #nixos
knupfer has joined #nixos
jakobrs has joined #nixos
<MichaelRaskin>
Ideally we try to patch out /bin/bash references etc., but if you are not going to do that, you need /bin/bash to exist, and that's possible with FHS envs
<jakobrs>
How do I nixos-enter a specific generation?
<tokudan>
jakobrs, I'm not sure I understand your question. what are you trying to accomplish with "entering" a specific generation? are you trying to get a shell from a specific generation?
<jakobrs>
yes
<jakobrs>
I'd messed up my /etc/passwd file, and needed to re-activate the system
<tokudan>
re-activating a generation is easiest by rebooting into it, i think, but just using /nix/var/nix/profiles/[system-generation]/bin/switch-to-configuration should probably do it
vimusr has quit [Remote host closed the connection]
<jakobrs>
I tried that but it didn't seem to work? idk but I think it might be because /etc was mounted differently in the two configurations
<{^_^}>
[nixpkgs] @FRidh pushed 509 commits to staging-next: https://git.io/JfZJH
<jakobrs>
Also, is it possible to use nixos-enter on non-nixos distros? Can I just nix-env -iA nixpkgs.nixos-enter?
<tokudan>
mounted differently? that sounds like you broke your system pretty decently :)
<jakobrs>
I was nixos-rebuild switch-ing into a configuration with root on tmpfs
<jakobrs>
And forgot to add my user to users.users
<jakobrs>
So the system removed my user from /etc/passwd
<azazel>
jakobrs: I think that nixos containers are just a thin layer over systemd containers
<azazel>
oh, nixos-enter is not about containers...it seems
<tokudan>
jakobrs, so the old generation does not have your user configured in users.users?
<jakobrs>
The new one doesn't
<jakobrs>
it locked me out of my computer
<jakobrs>
... fwiw I just decided to check the man page and
<azazel>
neat!
<tokudan>
and rebooting into the old generation doesn't work?
<ldlework>
quinn: I pm'd you some information, thanks if you get around to it.
<azazel>
I never use swich only `boot`
<jakobrs>
tokudan: Yes, because, I presume, init doesn't setup /etc/passwd on boot
<jakobrs>
... fwiw I just decided to check the man page and it's just nixos-enter --system /nix/var/nix/profiles/system-113-link
<jakobrs>
Should probably have checked there
<tokudan>
oh, ok
<jakobrs>
As in, _I_ should have checked there before asking
<tokudan>
i read that manpage and missed it as well...
<tokudan>
well... i skimmed it
<jakobrs>
How do I start plasma5 from the command line?
<stepcut>
I ran `nix-shell` for a package with a `shell.nix` on one machine and now I want to run `nix-shell` for that same package on a different machine. But there are a lot of build dependencies, so I want to use `nix-copy-closure` to copy over all the pre-built stuff from the first machine. However.. I can not seem to get an accurate picture of what `nix-shell` actually wants
liff has quit [Quit: leaving]
<sphalerite>
azazel: well, nixos-enter is about containers in the sense that it enters a nixos installation as a container :)
jakobrs has left #nixos ["moving to tmux"]
jakobrs has joined #nixos
liff has joined #nixos
<ldlework>
oh I didn't know about this
<ldlework>
could nixos-enter be used to test your system config
<ldlework>
oh I suppose it doesn't have a desktop environment
<ldlework>
or you wouldn't be able to see it or whatever, no display
<jakobrs>
You can use nixos-rebuild build-vm to test a config
<jakobrs>
Neither plasmashell nor xinit seem to start plasma correctly
<ldlework>
I really wish there was a nice guide about that.
<morgrimm>
What's the easiest way to list the NixOS generations available? I'm successfully rebuilding and activating a new gen, but it's not creating a new one to boot from
griff__ has quit [Quit: griff__]
<morgrimm>
And it's not reflecting stuff like user/pass changes, etc.
<keithy[m]>
I forgot to add the --upgrade flag
johnmantwenty has joined #nixos
<vandenoever>
morgrimm: 'nixos-rebuild build' does not install the newly built version
<johnmantwenty>
Tried to install nix on my purism laptop, hanging at grub
<vandenoever>
morgrimm: you'd need to use 'nixos-rebuild switch' to get it available for next boot
<johnmantwenty>
Doesn't prompt me for a luks password, either
gulplante has quit [Quit: WeeChat 2.7.1]
<johnmantwenty>
I just select a config and it goes into existential crisis mode
<djanatyn>
vandenoever: this worked for me: pkgs.nginx.overrideAttrs(attrs: { buildInputs = [ hello ]; })
<djanatyn>
oh. well, it worked until i realized i needed to append to buildInputs instead of setting it to a singleton list
<morgrimm>
vandenoever: Yes, I'm using switch - sorry, activate is the switch wrapper in my shell
<betaboon>
primeos: i was hoping #86960 would fix my issue with gtk-font behaviour (eg in waybar or wofi). but it seems unrelated or i am realy doing something wrong. do fonts (I'm using mononoki Nerd Fonts) look good for you in gtk3 applications ?
<{^_^}>
[nixpkgs] @rardiol opened pull request #86982 → tome4: fix typo in .desktop file → https://git.io/JfZLV
<quinn>
betaboon: fwiw gtk3 fonts look fine for me ootb in swayland
<quinn>
at least, i haven't noticed any problems
<johnmantwenty>
Well, turns out that wasn't the problem because I added the parameter at boot and I'm still presented with the same hanging grub background. My computer beeps when this happens
<johnmantwenty>
Come to think of it the installer doesn't boot with nomodeset and I'm running pretty linux compatible hardware so I doubt it's that
lorimer has quit [Read error: Connection reset by peer]
lorimer has joined #nixos
pingiun has joined #nixos
<pingiun>
I'm trying out nix on powerpc, but I'm getting a segmentation fault
<pingiun>
builder for '/nix/store/myfzvw3m2fzg7r3xkzr15c0flbc9mxiq-bash-4.4.tar.gz.drv' failed due to signal 11 (Segmentation fault)
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @cptMikky to release-20.03 « nixos/pantheon: mkDefault value for defaultSession »: https://git.io/JfZtf
<clever>
pingiun: run `nix show-derivation` on that drv to get its builder, then try just running that builder directly
<clever>
pingiun: and if its linux+systemd based, try turning on coredumpctl
<vandenoever>
djanatyn: your help worked for getting a custom version of nginx compiled, but service.nginx uses a different one
<betaboon>
quinn: to me it seems like the antialiasing doesnt work or something.
b9u0s has quit [Ping timeout: 260 seconds]
<pingiun>
clever: the builder is builtin:fetchurl...
<morgrimm>
symphorien: Do you know the option to force nixos to reinstall the bootloader off the top of your head?
<betaboon>
quinn: same font problems in wdisplays which uses gtk3
smatting has quit [Ping timeout: 272 seconds]
<quinn>
oh, it's an overlay. right. if you can control the overlay you can do a waybar-prime = super.waybar to surface a nixpkgs-unstable waybar. anyways my guess is the gtk derivation is the problem. try either the nixpkgs-unstable version or evaluating the expression against a stable version of nixpkgs
<betaboon>
quinn: thats available on 20.03
<clever>
pingiun: the corefile is only of use with the binary that made it, run gdb against them (systemctl gdb <pid>) and then `bt`
<quinn>
betaboon: even if it's available on 20.03, if you're evaluating it against nixpkgs-unstable, you are probably relying on the same gtk3 derivation. what i'm suggesting is that it's a gtk3 problem not problem with the invidual packages
<cole-h>
`types.string` is deprecated in favor of `types.str`, right?
<johnmantwenty>
I have a luks over lvm thing going on but so far I've been trying to boot and I just get to look at the background image for all time when I pick a config
<betaboon>
quinn: seems like everything that uses gtk3 shows the same problem
<{^_^}>
[nixpkgs] @toonn opened pull request #86991 → wire-desktop: linux 3.16.2923 -> 3.17.2924 → https://git.io/JfZmW
<morgrimm>
symphorien: I reinstalled the bootloader, looks like it... partially worked? the root user is now set up as expect, but the other user imported in the same way isn't :/
<energizer>
adisbladis: thanks
<johnmantwenty>
It turns out I may have just had to wait for a few seconds....
<{^_^}>
[nixpkgs] @toonn opened pull request #86992 → wire-desktop: linux 3.16.2923 -> 3.17.2924 → https://git.io/JfZm4
<morgrimm>
When I log in as root, and rebuild and switch, it says Nix is reviving those users - and then everything is as expected until the next boot
<johnmantwenty>
Ok, so what happened is it timed out "waiting" for a disk.
<clever>
morgrimm: sounds like /boot wasnt mounted when you added the users
<clever>
morgrimm: so the config in there said to delete them
<{^_^}>
[nixpkgs] @toonn opened pull request #86994 → wire-desktop: linux 3.16.2923 -> 3.17.2924 → https://git.io/JfZmu
<morgrimm>
But I ran a switch and reinstalled the bootloader, wouldn't boot have to have been mounted
<clever>
morgrimm: depends on which bootloader and what config it has
bastion-tester has quit [Quit: ZNC 1.7.4 - https://znc.in]
<johnmantwenty>
lol ok. So I think it just failed to show me the prompt for my encryption password on boot. My disk is already decrypted
<{^_^}>
[nixpkgs] @Lassulus pushed commit from @r-ryantm to master « leo-editor: 6.2 -> 6.2.1 »: https://git.io/JfZOS
<azazel>
morgrimm: it's the drive that encrypts the data, without having the kernel to have a say into that... but you must inherently trust the proprietary piece of code loaded into the disk
<clever>
yeah, that too
<azazel>
clever: It's not something for the ordinary thief
<clever>
azazel: yeah, it would have to be done by somebody that knows its drive-managed, and they would have to get their hands on a pc after it booted
<clever>
while still on
<etu>
azazel: I watched a talk on that on 35c3. They are basically worthless.
<clever>
etu: i think the root problem, is that the api meant to be just a on/off switch, not proper crypto
fresheyeball has quit [Quit: WeeChat 2.7.1]
<clever>
etu: and you now have no way of knowing how secure the disk actually is
<etu>
azazel: Because the firmware has a master key as well. The guy had a live demo breaking a drive on stage.
<clever>
etu: theres also the apple T2 based disk encryption
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
etu: full disk encryption, seamless, no pw prompt, key is tied to the motherboard
<azazel>
anyway... the private stuff is encrypted again using gpg. I really need to be sure that when I go around with my laptop my client's data is protected, at least for some time
<clever>
if your motherboard dies, your data is RIP :P
<etu>
clever: they are different, because it's not built into the drive
<clever>
etu: yeah, its a middle-man between the cpu and disk
mikky is now known as cptMikky
<azazel>
etu: thanks
cptMikky is now known as mikky_
mikky_ is now known as cptMikky
<etu>
azazel: the funniest thing is that disk encryption on Windows can be software based, unless you have a drive like that, then it will trust the drive. And the drive has garbage security in comparison :p
codygman has quit [Ping timeout: 256 seconds]
<clever>
etu: lol
codygman has joined #nixos
endformationage has joined #nixos
<morgrimm>
I guess I can just try reinstalling NixOS from my config lol
<morgrimm>
and just wipe the disk and repartition
codygman has quit [Read error: Connection reset by peer]
<pjt_014>
I know that sounds dumb but ssh key passwords are not intended to do anything but buy time--same thing
fenedor has joined #nixos
fendor__ has joined #nixos
<adisbladis>
Hm
<adisbladis>
I have a really bad idea for that
<adisbladis>
Let's see if it's the same solution infinisil has in mind
<energizer>
pjt_014: some people put their unix password hash in their public repo, i'm not sure how i feel about that atm
EdLin has joined #nixos
<adisbladis>
infinisil: Inject a failing derivation in the string context?
m0rphism has quit [Quit: WeeChat 2.7.1]
<pjt_014>
energizer: yeah, that's nasty. At least toss a few tons of salt at it or bcrypt it or something
m0rphism has joined #nixos
fendor has quit [Ping timeout: 258 seconds]
<hr[m]>
If there a PR in nixpkgs that you would like to see merged, but the author of the PR hasn't implemented the suggested changes to the PR after a few days of waiting, is it justified to resubmit the PR yourself, with the required changes. I'm talking about https://github.com/NixOS/nixpkgs/pull/86242 specifically. I don't want to steal anyones work and would prefer not to duplicate the PR but it doesn't seem like the author is
<adisbladis>
infinisil: It would be pretty nice to be able to add some context to a string saying "this should never ever under any circumstances be in the store, even as a drv"
<infinisil>
Hm that might be nice yeah
<{^_^}>
[nixpkgs] @mweinelt opened pull request #87015 → [20.03] graphicsmagick: apply patch for CVE-2020-10938 → https://git.io/JfZs0
<adisbladis>
Actually I've recently learnt that --xml and --json differs greatly in this regard
<{^_^}>
nixops#1275 (by adisbladis, 4 weeks ago, merged): Move from xml intermediate Nix representation to JSON
<infinisil>
Neat
<adisbladis>
We ended up calling toString on paths
natrys has quit [Quit: natrys]
fenedor has quit [Read error: Connection reset by peer]
<infinisil>
Hmm..
<cole-h>
That's definitely not what I do in my h-m activation scripts to symlink secrets into place 👀
<infinisil>
Paths vs strings sure is a bit messy in nix
fendor__ has quit [Ping timeout: 246 seconds]
<adisbladis>
Most languages get this wrong tbh
<adisbladis>
It's almost as if strings were never the appropriate representation of a path 🤔
<infinisil>
Nix paths are kind of like quantum physics
<adisbladis>
I really like Python's pathlib
endformationage has quit [Ping timeout: 264 seconds]
o1lo01ol1o has joined #nixos
<azazel>
etu: I watched the video and really the samsung (internal) drives don't perfom so bad at all
<infinisil>
Quantum paths because it's either a path to something inside or outside the store, but you won't know until you either use toString or "${}"
<simpson>
pathlib is a great step forward, but it doesn't address TOCTTOU problems. Something more transactional is needed.
<infinisil>
I guess the problem it would solve (not knowing whether something is imported into the store) is rather low in benefit
<simpson>
adisbladis: The general solution is difficult. One needs to alternate between turns of I/O which scan the filesystem and turns of mutation which plan what to change next.
bgamari has quit [Ping timeout: 260 seconds]
<energizer>
also pathlib has `Path("foo").joinpath("/bar") == Path("/bar")`, pretty unexpected imo
<infinisil>
If Nix had native secret support, should it even support string secrets, or only paths?
<infinisil>
Because I think path-only secrets would be much more realistic to implement with a separate Nix store
<infinisil>
(referencing a secret path belonging to paul when referenced will link to /home/paul/nix/store/...-secret)
<infinisil>
s/when referenced//
<energizer>
could a process get its own store?
<adisbladis>
Now you're getting into mount namespaces territory
Maxdamantus has quit [Ping timeout: 272 seconds]
<adisbladis>
Sure, it's possible
<adisbladis>
But I don't know how portable it is
<gchristensen>
(but then again, nix probably shouldn't have secrets support. something something lifecycle, mixing levels of sensitivity, breaking of models, etc.)
user_0x58 has quit [Ping timeout: 260 seconds]
<adisbladis>
Like, MacOS has pretty abysmal access control and "containerisation" techniques
eoli3n_ has quit [Quit: WeeChat 2.8]
user_0x58 has joined #nixos
oborot has joined #nixos
<adisbladis>
gchristensen: When I was talking about "secrets support" before that meant a special string context that makes nix bail out in case something does end up in the store
Maxdamantus has joined #nixos
<adisbladis>
Useful for `deployment.keys.text` in nixops for example
<infinisil>
Yeah, so how would that work without storing it somewhere?
<adisbladis>
Keys should live in dedicated crypto hardware
<infinisil>
Oh
Maxdamantus has quit [Ping timeout: 260 seconds]
<infinisil>
It would still be on a disk then though
<adisbladis>
Well
<adisbladis>
I have a bunch of yubikeys
philr__ has joined #nixos
Maxdamantus has joined #nixos
<adisbladis>
If something is using a key type supported by those I should be able to use my hw token
<gchristensen>
secrets are often about trust and access, and those can be very political. the environment is about like how and where the stuff is deployed
<infinisil>
So ideally all applications that need secrets would be based on crypto hardware like yubikeys and such
whatisRT has quit [Ping timeout: 256 seconds]
<gchristensen>
trust, access, and authority*
<adisbladis>
infinisil: I think so, yes.
<infinisil>
gchristensen: Got it, makes sense
hlisp has joined #nixos
<infinisil>
Now the problem of course is that only a very small portion of people have crypto hardware :)
<gchristensen>
ideally at a minimum they use a hardware thing to bootstrap identity. like you trust okay this mac address with this yubikey and this on-board TPM -> this triple is allowed to do ......things.....
<gchristensen>
almost everybody actually! any recent laptop which is Windows certified has a TPM
<infinisil>
:o
<adisbladis>
Also phones
<adisbladis>
Every single phone has secure enclaves nowadays
<gchristensen>
we can thank Microsoft for that. they've put a big investment in requiring things Windows Certified to have decently capable security baseline
<infinisil>
Are you saying my iPhone 5 from 2012 has that?
<adisbladis>
infinisil: Yepers
<gchristensen>
it does
ozychhi has quit [Ping timeout: 265 seconds]
<infinisil>
Impressive
<qyliss>
My laptop has a built-in U2F device
<gchristensen>
nice, qyliss -- what laptop is that?
<qyliss>
(Well, it's just the TPM, but it's exposed as a U2F device)
<qyliss>
Google Pixelbook
<gchristensen>
cool :o
<qyliss>
The power button is like tapping the yubikey
<gchristensen>
so cool. is it a good machine otherwise too?
<qyliss>
I just got it, so don't know
<qyliss>
Think it'll need quite a bit of work to get NixOS happy on it
justanotheruser has quit [Ping timeout: 264 seconds]
<energizer>
if you have an application that wants to read secrets from a path, how can you make it use a yubikey instead?
<qyliss>
I bought it because it's a modern laptop without Intel Bootguard so I can install coreboot on it
<gchristensen>
let me know what happens of it? sounds cool :)
<qyliss>
Will do :)
<adisbladis>
infinisil: The algos on all things apple are pretty limited though
<energizer>
adisbladis: so the idea is some naive application wants to read from a file, and pass will query some service for secrets and write the file that the application wants and then delete the file soon afterwards?
<{^_^}>
[nixpkgs] @rnhmjoj pushed 2 commits to release-20.03: https://git.io/JfZZv
eoli3n_ has quit [Quit: WeeChat 2.8]
<Raito_Bezarius>
/proc, /dev are also special types of files
<Raito_Bezarius>
I suppose that must be feasible in userland without touching the kernel too much or writing a character device
<Raito_Bezarius>
Or you could do some hacky stuff and hook f(open|close|read) at the right level, so that you know exactl when the target application finished to read your file and then proceed to delete it
<cole-h>
tbh the display is what turned me off of the trezor (:
<kalbasit>
anyway to get `nix build --no-link` to print paths the same way `nix-build --no-out-link`?
<kalbasit>
for some reason nix-build fails with `error: path '!out' is not in the Nix store` whilst `nix build` works. I think it's erroring out trying to build a `pkgs.writeText`
<kalbasit>
Oh wait, this isn't true > I think it's erroring out trying to build a `pkgs.writeText`
morgrimm has quit [Ping timeout: 264 seconds]
<kalbasit>
instead it's failing when trying to `nix-build` an array containing `(builtins.fetchTarball { url = "..." })` without a sha256