<Henson>
ErrorOpeningLock: looks like you might have a filesystem problem. Your filesystem was probably remounted ro after the IO error and the nixos installation error resulted.
<ErrorOpeningLock>
ok, how do I fix?
AlpineLlama has joined #nixos
<{^_^}>
[nixpkgs] @marsam opened pull request #101225 → nodejs-15_x: init at 15.0.0 → https://git.io/JT09b
ErrorOpeningLock has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @jonringer opened pull request #101226 → libtapi: mark as darwin only → https://git.io/JT0Hk
shibboleth has quit [Quit: shibboleth]
<pumpy>
anyone use ansible to work with nixos? im trying to run `home-manager switch` as a user (using become: yes and become_user: targetuser) and on the ansible task i specify environment: NIX_PATH: '~/.nix-defexpr/channels:$NIX_PATH' but it errors that home-manager command not found
<Henson>
what did you like about Arch? I tried using it because of the continuous release model: never having to do distribution upgrades. But after using it for a few weeks I found it was a great deal of manual configuration and reading through tons of Wiki pages about how to configure things from scratch. But I know there are many people who like it.
andymandias has joined #nixos
<Henson>
I do, however, think their Wiki is very detailed and I often find helpful answers to Linux problems in the Arch Wiki.
<Rusty1>
^
<DigitalKiwi>
a few reasons personally: i've found it a lot easier to contribute to the projects, i have a lot of the features i liked about arch (i use nixos-unstable or a git checkout which is arguably a rolling release (i'd say it is but i'm sure someone would argue it's not but i don't know why lol)), a lot of customizations that are not really easy/possible on arch are fairly easy, it's source based but there's a huge cache so you don't really notice unle
<DigitalKiwi>
ss you want to, and in that case it's pretty easy, i love distributed builds and cross compilation...
<DigitalKiwi>
yeah i wish nixos wiki was arch wiki quality :(
<DigitalKiwi>
oh and I CAN ROLLBACK :P
<DigitalKiwi>
and it's a first class feature
Maxdamantus has quit [Ping timeout: 240 seconds]
<Henson>
DigitalKiwi: yes, given the number of complexities about NixOS I wish the Wiki was more comprehensive.
<{^_^}>
[nixpkgs] @blaggacao opened pull request #101228 → r-ryantm: first aid kit → https://git.io/JT0bD
<Henson>
rolling back is an awesome feature. I really love "nixos-rebuild test" as well.
<DigitalKiwi>
yesss that's a good one
ericsagnes has joined #nixos
Maxdamantus has joined #nixos
<bqv>
interesting
<DigitalKiwi>
Caleb: so like if i want to do a pacman -Syu and it breaks something i'm basically sol right? on nixos i can do that -Syu but without actually committing to it (i can just use test which only changes the running system) when i reboot everything is fine. or say i did switch (which updates the bootloader menu) i can still (unless i've done a garbage collection) reboot into a previous "generation"
<DigitalKiwi>
so like i had a ton of issues with wifi on certain kernels...i can freely go back and forth
<DigitalKiwi>
and it's just change one line in my configuration and nixos-rebuild
utsl has quit [Ping timeout: 240 seconds]
<clever>
the biggest problem i see, is that new users think `nix-collect-garbage -d` and rebuild will fix their problem
<clever>
then they come here, and cant rollback, ebcause they GC'd
rajivr has joined #nixos
<DigitalKiwi>
my laptop overheats so i have other computers i can use to do distributed builds of nixpkgs (that haven't been cached on cache.nixos.org)/my projects and it's really easy to setup. i can even build packages for aarch64! ...or try and cross compile packages for x86_64 on a huge aarch64 build server >.>
<Henson>
clever: when I first started using NixOS I didn't realize that all interactions with the store had to be done via the nix tools, and tried customizing things by remounting the store rw and editing them. Then I tried deleting some things from the store manually. Bad bad bad.
h0m2 has quit [Ping timeout: 244 seconds]
Ashy has quit [Ping timeout: 244 seconds]
jabster28 has quit [Ping timeout: 260 seconds]
<clever>
Henson: same, lol
h0m2 has joined #nixos
Ashy has joined #nixos
<DigitalKiwi>
Caleb: so nixos has like 2 major releases (channels) a year i think but there's also the nixos-unstable channel which is similar to the arch rolling release model. and it's (in a lot of cases) trivial to go between them (in both directions, some things might not quite like it...like matomo updates a database so you can't use an older version after you upgrade) but it's easy to use a specific package from an older/newer channel
<DigitalKiwi>
like right now i have glirc from 20.03 because i've been too lazy to make the PR that fixes it ;_;
<DigitalKiwi>
$ nixos-version
<DigitalKiwi>
21.03pre246543.24c9b05ac53 (Okapi)
<DigitalKiwi>
20.09 is still in beta lol
<alienpirate5>
hello! i'm writing a ruby-based app that I am having a lot of trouble packaging
<alienpirate5>
so I run `nix-build` and it produces a result folder
<alienpirate5>
then when I run the executable, I get the following error:
<DigitalKiwi>
Caleb: oooh and git bisecting nixpkgs! so just a few days ago someone found a bug that happened in an update that broke lxqt on nixos-unstable. but the change wasn't in lxqt! but i was able to git bisect between a known time that it worked and a known time that it didn't and find the exact commit that caused it
<alienpirate5>
> /nix/store/rcj5c5dr68c72r9qdsf9l0khf05l62cj-qbot/share/qbot/qbot:4:in `<main>': private method `require' called for Bundler:Module (NoMethodError)
<{^_^}>
error: syntax error, unexpected ':', expecting ')', at (string):345:65
<alienpirate5>
oh oops, didn't expect the bot to trigger on that
spacetato has quit [Remote host closed the connection]
<pickfire>
How come there is no /usr in nixos?
<pickfire>
I mean as in /run/current-system/usr
<pickfire>
Is /usr/etc/xdg prohibited?
marc2 has quit [Ping timeout: 246 seconds]
jdnixx has joined #nixos
<simpson>
We are freed from that obligation.
<pickfire>
simpson: As in?
<pickfire>
I packaged an application with the default /usr/etc for sysconfdir.
<pickfire>
But it isn't added to /run/current-system/usr/etc
alp has quit [Ping timeout: 272 seconds]
<pickfire>
It just disappeared like black hole, no warnings nor errors, so mysterious.
<simpson>
Aha. Put them in $out/etc/xdg, not $out/usr/etc/xdg.
<pickfire>
simpson: How do I know without asking?
<pickfire>
But the weird thing is there is no error.
<simpson>
That's fair. I suppose that we don't ever explicitly say that /usr isn't a thing in NixOS.
<pickfire>
I think we should.
<clever>
both usr and sbin basically dont exist
<pickfire>
It won't be good to keep surprising users in these sort of way I think.
<pickfire>
clever: Don't exist but at least we should tell the user that it does not exist.
<pickfire>
Otherwise the stuff in /usr will suddenly vanished.
<pickfire>
simpson, clever: Is there any other stuff like these?
<pickfire>
As in no /etc?
<pickfire>
Or no /run?
<pickfire>
Or no /usr/bin?
<simpson>
pickfire: Oh, since you're packaging a desktop environment, there's piles of stuff like this that you'll get to run into.
<pickfire>
But yeah, so I need to know what are those.
<simpson>
You can `find /usr` if you want to know the truth.
<pickfire>
No wonder the installation feels weird, stuff are broken.
<pickfire>
If I remove change from /usr/etc, it doesn't even work.
<pickfire>
simpson: Yeah, I saw that.
czer00 has quit [Ping timeout: 265 seconds]
<pickfire>
But some parts like lxpanel just mysteriously not work, like the menu.
<pickfire>
It used to work not sure why it suddenly didn't work.
<pickfire>
By the way, how do I know which package is occupying the most space?
<pickfire>
simpson: Are we handling all other /usr/share/man and friends?
<simpson>
I use `nix-du` for that. You can use standard UNIX utilities if you only care about single packages, since they're composed of ordinary files.
<simpson>
pickfire: Just put things in $out/ when they would go in /usr/ for the most part. manpages go to $out/share/man/ for instance. https://nixos.org/manual/nixpkgs/stable/#chap-multiple-output has more details on outputs, but you can stick with $out for now.
never_released has quit [Ping timeout: 272 seconds]
never_released has joined #nixos
<pickfire>
simpson++ ah thanks a lot
<{^_^}>
simpson's karma got increased to 39
<pickfire>
simpson: But do you think it would be good to add a check if /usr exists in the result/?
joebobjoe has joined #nixos
<joebobjoe>
hi does anybody knw where to find the actual text the installer adds to my /etc/zshrc on github?
<joebobjoe>
I looked through the installer scripts but obviously I'm not good at reading sh because I cannot find it
<pickfire>
I wonder why are we changing all user packages rather than patching glibc to automatically points to /run/current-system?
czer00 has joined #nixos
<pickfire>
Weird, why is openresolv taking up 1.16 GiB?
<simpson>
pickfire: `mkdir -p` is a typical friend in installPhase.
<pickfire>
Huh? So you mean mkdir -p is taking up all the space?
stephank has quit [Quit: stephank]
stephank has joined #nixos
<simpson>
Sorry, you asked like three things rapidly. I mean that no, you don't need to check if stuff exists in $out. $out is empty at the start of installPhase and you get to make everything in there.
aw has quit [Quit: Quitting.]
spacefrogg has quit [Quit: Gone.]
aw has joined #nixos
spacefrogg has joined #nixos
<simpson>
To your third question, openresolv here takes only a few KiB and its closure is only a few MiB; are you maybe looking at your entire system?
<{^_^}>
[nixpkgs] @mcwitt opened pull request #101230 → vscode-extensions.dhall.dhall-lang: init at 0.0.4 → https://git.io/JTEeh
ddellacosta has quit [Ping timeout: 256 seconds]
<pickfire>
simpson: Not sure, but here openresolv is red and is taking up 1.16 GiB for nix-du.
<{^_^}>
[nixpkgs] @djanatyn opened pull request #101231 → peaclock: init at 0.4.3 → https://git.io/JTEvH
<clever>
joebobjoe: you can read the release.nix to see how nix is doing it
<jbal[m]>
Is it possible to check if a build for a specific revision of a package exists in the cache?
justanotheruser has quit [Ping timeout: 246 seconds]
<jbal[m]>
Had nixos-rebuild try to build Chromium today, which turned my old lappy into a space heater until I killed it.
<clever>
jbal[m]: that only happens if either, a: you have overlays that make it never match the cache, b: your not on a full channel, c: it failed to build on hydra, and will fail for you as well
<jbal[m]>
I'm using flakes + nixpkgs 20.09, so I don't know if that counts as not using a full channel (only overlay is enableVaapi, which doesn't usually trigger a recompilation)
andymandias has joined #nixos
<joebobjoe>
clever: my git grep shows that line in flake.nix there is no release.nix
<clever>
joebobjoe: i'm on an older branch of nix
<joebobjoe>
think to build nixos/nix you need to run ./bootstrap.sh first, right?
<clever>
joebobjoe: only if your not building with nix
<ldlework>
NixOps is hung at "starting the following units:" even though it seems like everything has started ok
<ldlework>
is it fine to kill nixops?
<ldlework>
oh i see
zecnate has joined #nixos
<ldlework>
syncthing service hangs
aasg has quit [Quit: killed]
<zecnate>
How can I set `LC_ALL=en.utf8` in my builder script?
<{^_^}>
[nixpkgs] @jonringer merged pull request #101213 → [20.09] python3Package.python-markdown-math: remove support for python 2.7 → https://git.io/JT0a0
<{^_^}>
[nixpkgs] @jonringer pushed commit from @jfroche to release-20.09 « python3Package.python-markdown-math: remove support for python 2.7 »: https://git.io/JTEIp
<musteresel-nolog>
dminuoso: FYI, I found out what the issue is/was: VirtualBox in that version didn't go well with Hyper-V; which caused corrupt network communication, corrupt VM memory and corrupt filesystem. (https://www.virtualbox.org/ticket/19695) Updating virtualbox fixed this; now trying to fix all potentially corrupted files
ericsagnes has joined #nixos
whald has joined #nixos
aswanson_ has quit [Quit: WeeChat 2.7.1]
joebobjoe has joined #nixos
<whald>
given i'm in a directory containing a default.nix file where I can execute "nix-build -A foo && result/bin/foo", is there a nix-shell equivalent of doing this which does not modify an possibly existing "result" symlink? it seems i'm unable to figure it out. :-/
hnOsmium0001 has quit [Quit: Connection closed for inactivity]
<regnat>
whald: You can specify the name of the out link with -o or --out-link
<regnat>
whald: Or you can bypass it altogether with $(nix-build -A foo --no-out-link)/bin/foo, but be careful that this might cause a race-condition if you garbage-collect your store at the same time
<supersandro2000>
musteresel-nolog: any recent version of virtualbox does not work well with hyperv
<supersandro2000>
you just end up in slow green turtle mode
<whald>
regnat, i'm aware of this but wanted to create a few shim scripts for the not so nix-savy devs on the project. and i'd like to keep those scripts oneliners
<whald>
regnat, my last comment was regarding the "-o" suggestion, but i think the --no-out-link thing will do the trick for now. ;-)
<supersandro2000>
typetetris: just install it like on any other platform which is not nixos. It will guide you trough the important steps
<regnat>
whald: Ah I see. Or you can indeed do that with nix-shell but that's a bit more involved because you need to write a derivation that depends on foo and then nix-shell -A bar --run foo
<dminuoso>
musteresel-nolog: Im somewhat confident that network communication is not directly affected. Otherwise you'd get TLS errors.
<dminuoso>
musteresel-nolog: But thanks for letting me know. That seems like quite a nasty bug.
<musteresel-nolog>
supersandro2000: The new version (yesterday) seems to work good so far :)
<dminuoso>
Thinking rather, that this is memory corruption.
<dminuoso>
(And everything else stems from that)
andymandias_ has joined #nixos
<typetetris>
supersandro2000: Thanks. Did that and it worked. I just expected it be a different download or something.
<musteresel-nolog>
dminuoso: Yes also; as far as I inderstood its memory corruption which (among others) affects the virtual network "subsystem"
andymandias has quit [Ping timeout: 260 seconds]
<supersandro2000>
musteresel-nolog: didn't try that one. if so I can finally use wsl 2.0
<whald>
regnat, i was starting to write "mkShell" helpers doing exactly this, but i'd need a dozen of those and thought this boilerplate is maybe built into nix-shell in some way i can't figure out.
<musteresel-nolog>
Now I'm going through the system and try to remove all corrupt data which was stored somewhere and is still affecting the system
<dminuoso>
musteresel-nolog: Im honestly surprised the system worked that well at all
<musteresel-nolog>
supersandro2000: I'm currently running it, so far good :)
<dminuoso>
Ring 0 memory corruption can easily panic your kernel left and right
<dminuoso>
But perhaps it only affected certain memory pages
<supersandro2000>
musteresel-nolog: What are your host and guest OS?
<musteresel-nolog>
Host: Win 10, guest Nixos
<musteresel-nolog>
both 64bit
<pinpox>
Anyone here running sourcehut (https://sr.ht)? It's in nixpkgs, but I'm not really sure how to use those package or start the applications
<musteresel-nolog>
Ok .. its the narinfo cache, I was able to disable that cache with `--option narinfo-cache-positive-ttl 0`
<musteresel-nolog>
Now just need to find out how to clear that path
werner292 has joined #nixos
alp has quit [Ping timeout: 272 seconds]
<musteresel-nolog>
Any idea where that is stored?
werner291 has quit [Ping timeout: 272 seconds]
werner292 is now known as werner291
<rnhmjoj>
pinpox: the software has been packaged but there is not a nixos module. i suppose you'll have to follow the normal guide/instructions. otherwise, take a look at PR 65109
bad_sloth has joined #nixos
<pinpox>
rnhmjoj: Just looking at that PR, but I don't see much activity lately.
<pinpox>
So if it's packaged but no module, that means I would have to write a systemd service to start it?
<rnhmjoj>
you should be able to use the modules in that PR. it's not 100% finished but should work
<spacekookie>
Does the default nixos initramfs not have support for nvme disks? I was able to install my system on it via the live usb, but now that I'm trying to boot /dev/nvmen1 never shows up in stage1
<pinpox>
rnhmjoj: I'll drop a comment and see if I can help to get it finished
zupo has joined #nixos
__monty__ has joined #nixos
eoli3n_ has joined #nixos
astylian has quit [Remote host closed the connection]
<noonien>
hello folks
<noonien>
has anyone managed to get vaapi working with an nvidia without an X server?
<rnhmjoj>
pinpox: that would be great. i have been looking forward to try sourcehut in nixos but didn't have time to work on it
<pinpox>
rnhmjoj: Just realized you are the same person that requested changes in the PR. Is that description in your last comment the only thing missing?
astylian has joined #nixos
jD91mZM2 has joined #nixos
andymandias has quit [Client Quit]
<rnhmjoj>
pinpox: no, i haven't been actively reviewing the PR. that's just an observation
andymandias has joined #nixos
<rnhmjoj>
IIRC the main blocker was secret keys ending up in the nix store
<pinpox>
I see. There is a description in that file though, I'm not sure what exactly is missing
<pinpox>
rnhmjoj: oh I see.
<rnhmjoj>
pinpox: you have probably figured it out, but you have to add a description manually to the type: like type = myType // { description = "..."; };
justanotheruser has quit [Ping timeout: 260 seconds]
<bad_sloth>
hello! I have a neophyte question. Is this the right pleace to aks?
<pinpox>
Hm, I'm thinking about the secrets problem... Not sure what has to be done, this might be over my paygrade
montmorency has joined #nixos
andymandias has quit [Read error: Connection reset by peer]
andymandias has joined #nixos
<pinpox>
I've come across that problem of not wanting sensitive data to land in the store a few times now. Why is there no 'native' way of handling secrets in nix? Would it be not possible to have some kind of permissions or encrytion on certail store files?
andymandias has quit [Client Quit]
<colemickens>
huh. xdg-desktop-portal is crashing for me. semi breaking some things
andymandias has joined #nixos
<rnhmjoj>
pinpox: people are working on it but it's a hard problem. there is a proposal for a way to make certain store path encrypted or access-controlled
<pinpox>
rnhmjoj: I feel like this is definetely needed
<pinpox>
I'll give #sr.ht a try, maybe there is a way to include the secrets from a different file, something like a passCmd option
<{^_^}>
[nixpkgs] @andir pushed 5 commits to release-20.09: https://git.io/JTE6j
rprije has quit [Ping timeout: 256 seconds]
<rnhmjoj>
pinpox: cannot agree more. it's badly needed. currently there a few solutions (like secrets management in NixOps) or using options like passwordFiles but i think these are merely workarounds
<pinpox>
yeah, for something this important "workarounds" are just not good enough.
musteresel-nolog has quit [Ping timeout: 245 seconds]
<pinpox>
rnhmjoj: could you give me the link to that propasal? I'd like to track the progress on this
<rnhmjoj>
note the unresolved questions at the end
<montmorency>
Speaking of workaround has any body got an idea for a workaround of rustc-1.46.0 build fail on darwin? Seems to be holding up the hydra build tests? I'm getting the same issue locally.
<pinpox>
rnhmjoj: Thanks, I'll give it a read
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
endocrimes_ has quit [Quit: No Ping reply in 180 seconds.]
endocrimes_ has joined #nixos
MtotheM has joined #nixos
<MtotheM>
I just built a new system that will be purely for hosting containers. must i manually open the ports for my services with `allowedTCPPorts`?
<Yaniel>
if you are setting up services with nixos modules then those modules should take care of that
<LnL>
no, ports are not opened up by default
<rnhmjoj>
Yaniel: are you sure? i only know of a couple service that have an "openPorts" option but it's not on by default
<Yaniel>
ah okay
<LnL>
the only special case is ssh
<Yaniel>
I don't have my config at hand right now so can't check
<Yaniel>
ohh okay
<Yaniel>
I do remember having to open ports for syncthing
<{^_^}>
[nixpkgs] @zowoq pushed to master « rustPlatform: fix darwin build failure »: https://git.io/JTEPr
<{^_^}>
[nix] @edolstra pushed commit from @maljub01 to 2.3-maintenance « Fix the nix-daemon Mac OS SSL CA cert »: https://git.io/JTEPo
<Yaniel>
but I'm not sure if I used the module for it
<pinpox>
rnhmjoj: Hm, yeah, those are tough questions in the RFC. I'm surprised how little talk there is around secrets in the nix store in the community. This is a major drawback that could keep a lot of people away from nix
hanetzer has joined #nixos
werner292 has joined #nixos
<Reventlov>
(that already keeps)
<Reventlov>
I mean I know at least *one* person in this case
HackerFoo has joined #nixos
<{^_^}>
[nixpkgs] @zowoq pushed to master « .github/CODEOWNERS: add myself to rust »: https://git.io/JTEPF
<jmercouris>
what is the best way to install something that has not yet been packaged for NixOS without packaging it?
<Reventlov>
packaging it
<jmercouris>
should I make a new profile, install the dependencies, and then use that profile just for that program?
<Reventlov>
I mean most of the time it's pretty easy
<Reventlov>
and if you're goal is not officially packaging it, you can just take shortcuts
<jmercouris>
can you please help me packaging then?
dsg has quit [Ping timeout: 265 seconds]
<Yaniel>
step 1: make a clone of nixpkgs
werner291 has quit [Ping timeout: 272 seconds]
werner292 is now known as werner291
<jmercouris>
where should I place this?
<jmercouris>
on disk
<Reventlov>
your home directory is fine
<jmercouris>
OK
<jmercouris>
one moment please
<rnhmjoj>
pinpox: in nixpkgs we are trying to not put secrets or moving things out the store, and that works most of the time. if a software is well-designed, secrets are separeted from configuration so we put things in an external file
<Yaniel>
wherever you like keeping your code projects
<{^_^}>
#24288 (by basvandijk, 3 years ago, open): Provide options for storing secrets outside the Nix store
<Reventlov>
rnhmjoj: is there some official FAQ regarding all of theses ? Password management, secrets, and so on.
<rnhmjoj>
but yes, you're right: it's a major problem
<Reventlov>
for example, I wanted to put my password in my nix files, but this means I cannot share them on github easily
<Reventlov>
now I use a setup with a git submodule to store secrets, but, I mean, there might be a better solution out there
ky0ko has quit [Remote host closed the connection]
cristi_ has quit [Quit: cristi_]
<rnhmjoj>
Reventlov: I don't think so. there's the option of using NixOps to manage secrets but i rather configure my machine with nixos-rebuild directly. in my configuration i do something similar to your setup but instead of a submodule a use a script to encrypt the secrets
cfinch__ has joined #nixos
ky0ko has joined #nixos
<rnhmjoj>
the main NixOps drawback for me is having to resend the keys every time the machine is rebooted
dsg has joined #nixos
jabster28 has joined #nixos
m0rphism has joined #nixos
<pinpox>
Reventlov: I'm using a /secrets directory that has to be placed manually on the system and read from there. But even though that works fine, it feels like a workaround aswell.
<pinpox>
rnhmjoj: So the nixops option can't be used for something like a desktop/notebook that isn't online 24/7?
jol has joined #nixos
cfinch__ has quit [Ping timeout: 272 seconds]
jabster28 has quit [Ping timeout: 260 seconds]
ManiacOfMadness has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixpkgs] @zimbatm pushed commit from @iAmMrinal0 to master « google-cloud-sdk: 314.0.0 -> 315.0.0 (#101236) »: https://git.io/JTEDu
alp has joined #nixos
<DigitalKiwi>
deployment.storeKeysOnMachine
<DigitalKiwi>
If true, secret information such as LUKS encryption keys or SSL private keys is stored on the root disk of the machine, allowing the machine to do unattended reboots. If false, secrets are not stored; NixOps supplies them to the machine at mount time. This means that a reboot will not complete entirely until you run nixops deploy or nixops send-keys.
astylian has quit [Ping timeout: 258 seconds]
<siraben>
What do you check if a package is in the cache?
<whald>
when using "legacy" hydra, i could have separate inputs for say nixpkgs and "my" code, which allows to have a pinned default version of nixpkgs in my code and on hydra provide a nixpkgs input which would follow nixpkgs/master so i catch early when things start fall apart. is there a way to do this when using flakes w/ hydra?
<{^_^}>
[nixpkgs] @rnhmjoj opened pull request #101246 → nixos: fix qemu_test being used in normal VMs → https://git.io/JTEy5
Maxdamantus has quit [Ping timeout: 256 seconds]
<whald>
basically having hydra doing the equivalent of "nix flake update --update-input nixpkgs" every now and then
<{^_^}>
#65109 (by eadwu, 1 year ago, open): sourcehut: include module
<typetetris>
puffnfresh: It would be like: `nix-store -r $(nix-instantiate ./shell.nix) --add-root ./mygcroots --indirect` ?
werner291 has joined #nixos
<infinisil>
pinpox: Yeah that's a problem with the module itself. Neither nixops, nixus or anything else could prevent the secret from ending in the store
<pinpox>
infinisil: so there is no way to install it in a way that doesnt leak the secrets to everyone?
<pinpox>
Don't a lot of apps have similar problems? how is this worked around?
<infinisil>
pinpox: With that module no, unless you override the config file to some stateful location
<puffnfresh>
typetetris: something like that
<pinpox>
infinisil: How would you install sourcehut if you had to do it?
<typetetris>
puffnfresh: very cool!
Spiney has quit [Ping timeout: 246 seconds]
itronik has joined #nixos
<pinpox>
I'm not sure what the best practice is or how someone with a better understanding of nix would approach/solve this
<infinisil>
pinpox: I'd probably rewrite the module for it to support secrets well :P
itronik has quit [Client Quit]
<pinpox>
infinisil: But the problem is, that sourcehut's config has the secret in it.
<pinpox>
Where where would that config be stored?
<duairc>
nix-prefetch-url on a large file eats up all my RAM and then crashes - is there another way to calculate the Nix sha256 of a large file?
<pinpox>
infinisil: I'd love to write my own module for it, but I'm not even sure where or how to start
<infinisil>
pinpox: I mean, is your /nix/store accessible to other users?
<infinisil>
I guess other services could access secrets in there
<pinpox>
infinisil: isn't the store world-readable always?
<DigitalKiwi>
"world"
<infinisil>
"world-readable" just means that all users on the system can read it
<DigitalKiwi>
it's a small world
<pinpox>
Yeah, I don't want that. What is the point of having multiple users then?
<infinisil>
And if you're the only user, and you trust all the services to not read it, then it's not really a problem for secrets to be there
<DigitalKiwi>
you should see how the php scripts i have to deal with store their passwords ;_;
<pinpox>
I might have users that are not root and which should not be able to read secret keys
<MtotheM>
Are there any place i can find the NixCon talks in a structured manner? instead of just the whole livestream.
<DigitalKiwi>
<rant> one of them makes you enter it in through an installation script in the browser and it doesn't quote it so if you have a space in the password it just goes to a white page and completely breaks and doesn't have a log about why it's broken ;_;
<pinpox>
That seems dangerous
<DigitalKiwi>
wait until you find out the file permissions they demand
<{^_^}>
[nixpkgs] @zowoq pushed to master « lsd: skip failing check on darwin »: https://git.io/JTEQh
<{^_^}>
[nixpkgs] @AndersonTorres pushed 2 commits to release-20.09: https://git.io/JTE7S
cristi_ has joined #nixos
nixuser_ has joined #nixos
cristi_ has quit [Remote host closed the connection]
whatisRT has quit [Ping timeout: 246 seconds]
<pickfire>
Ah, I just got my laptop today.
<pickfire>
Looks like the wifi card could no be found with the standard nix iso what should I do?
<pickfire>
There is only wifi but no ethernet cable for the laptop, Realtek RTL8822CE wireless adapter.
<pinpox>
rnhmjoj: infinisil I tried my best to convice the people at #sr.ht that having the keys in a separate file instaed of the main config in /etc/ would be a good idea, but they don't seem to concerned about secrets in /etc files
nixuser_ has quit [Read error: Connection reset by peer]
<infinisil>
Hm yeah. So it is still possible to not have secrets in the store, but still in the config file
<infinisil>
To do this, you can have an option `keyFile`, which at runtime gets read and interpolated into the config file
andymandias has quit [Client Quit]
<pinpox>
infinisil: does that require nixops?
<infinisil>
E.g. by first writing `privateKey=NIXOS_OPTION_KEY_FILE` into the config file in the store, and when the service starts, do a `sed "s/NIXOS_OPTION_KEY_FILE/$(cat ${keyFile})/"`
sefu[m] has joined #nixos
andymandias has joined #nixos
<infinisil>
And store the result of that sed call into only a temporary location, and pass that to the program
<pinpox>
hm ok
eoli3n_ has joined #nixos
<pinpox>
seems rather hackhish though
srhm has quit [Read error: Connection reset by peer]
<rnhmjoj>
infinisil pinpox: or maybe concatenate the config generated by nix with an external file that only contains the keys. so there's no need to interpolate
<infinisil>
rnhmjoj: Yeah, but concatenation doesn't work for most formats
<DigitalKiwi>
what's sr.ht have that gitea doesn't
<infinisil>
And `settings.privateKey = mkDefault "NIXOS_OPTION_KEY_FILE"` makes it relatively clear what it does
<rnhmjoj>
DigitalKiwi: well, the frontend is very lightweight for one thing and works without javascript. but the real difference is in the philosophy: sourcehut has modules that can be loaded for things you need (ci, issues, mailing lists, etc.), while gitea is quite monolithic
<rnhmjoj>
also gitea tries to copy the github ui, while sourcehut is trying something new
<pinpox>
DigitalKiwi: what rnhmjoj said. But also I don't think this is a question of "there is already another tool", there are various tools for a lot of things and I find it a good thing that users can choose what they prefer
<pinpox>
I personally like the sourcehut UI
<DigitalKiwi>
i was mostly curious not saying you shouldn't use it
<{^_^}>
[nixpkgs] @vbgl pushed commit from @bcc32 to master « ocamlPackages.shexp: init at 0.13 »: https://git.io/JTEbo
Chiliparrot has joined #nixos
<aanderse>
secrets... the Achilles heel of nixos :S
astylian has quit [Ping timeout: 256 seconds]
joebobjoe has quit [Ping timeout: 264 seconds]
<pinpox>
aanderse: I couldn't agree more. I really don't understand why this is not tackeled more
jabster28 has joined #nixos
<DigitalKiwi>
how much of that is nixos fault and how much is software being dumb
<infinisil>
I'm wondering if NixOS should have some standard modules for substituting secrets in config files at runtime
adisbladis has joined #nixos
<infinisil>
Haven't thought much about how that would look though
<aanderse>
pinpox: the "best" solution is to just work with upstream to allow password file options in config files
<pinpox>
infinisil: yep, somthing like encrypted gpg files that get decrypted and linked at boot would be enough i guess
<pinpox>
aanderse: not always possible, e.g. the sr.ht thing here: just asked in the irc, devs don't seem to have any interest of supporting keyfiles
<aanderse>
when infinisil mentions a standard way to substitute secrets that is definitely a practical thing to talk about, but ultimately if a sysadmin looks at a config file and that isn't actually the config file being used... super confusing
das_j has quit [Quit: killed]
cheriimoya has quit [Quit: killed]
<pinpox>
There *will* be cases where working with upstream is not an option
astylian has joined #nixos
<pinpox>
and nixOS should have a way to handle/workaround this
<infinisil>
aanderse: I mean during service run time, the config will be correct
<infinisil>
E.g. there would be /var/lib/foo/config.json
<infinisil>
Which is the substituted version of /nix/store/...-config.json
<utsl>
dumbass question: does an impure nix-shell build dependencies impurely? (stuff referenced in shell.nix) or is it just what you build once you're in the shell?
andymandias has joined #nixos
<infinisil>
utsl: The latter, dependency builds are still pure :)
<rnhmjoj>
pinpox: btw, if you have some question when working on the sourcehut module, ping me in the PR. i'm not a guru like infinisil but i'll try to help
orivej has joined #nixos
<pinpox>
rnhmjoj: nice, much appreciated.
<pinpox>
I'm currently still trying to convice the folks at #sr.ht to add service-key-file= options instead of having the string in the confi
<pinpox>
*config
<utsl>
hmm. I've got something I can't figure out. I managed, somehow, to build pkgsMusl.llvmPackages_9 on a nix/nixos docker image, but I can't get it to build on an actual Nixos system.
andymandias has quit [Client Quit]
<utsl>
I remembered that docker image is built over Alpine, so thinking now that somewhere it's leaking Alpine's Musl in.
andymandias has joined #nixos
andymandias has quit [Client Quit]
ericsagnes has joined #nixos
andymandias has joined #nixos
<aanderse>
pinpox++ (for fighting the good fight of trying to convince upstream to add *-file options)
<{^_^}>
pinpox's karma got increased to 1
<pumpy>
for anyone that uses ansible with nix https://termbin.com/81hy is the ansible side of the problem im having getting home manager set up ty
<pinpox>
:D
<pinpox>
thanks aanderse
<pinpox>
you can follow along in their channel (#sr.ht) in case you have more good arguments
sss2 has joined #nixos
<pinpox>
They are not willing though for now. And I got to go. I'll be back later
elux has joined #nixos
<elux>
hi there
jakobrs has joined #nixos
<elux>
i recently upgraded my nix pkgs, and seems kitty is broken? unable to open a terminal: "[glfw error 65543]: GLX: Failed to create context: GLXBadFBConfig", "Failed to create GLFW temp window! This usually happens because of old/broken OpenGL drivers. kitty requires working OpenGL 3.3 drivers."
<jakobrs>
Is it "bad" to replace `sha256 =` with `hash =` when updating a package?
<elux>
what is the difference even..? wish they both didnt exist
<jakobrs>
otherwise they're both on the same branch of nixpkgs, so they should be mostly "compatible"
<elux>
ill switch to nixos-unstable i guess.. weird
<jakobrs>
The difference is that they have to pass different sets of tests to be updates
<elux>
im switching to nixos-unstable
<jakobrs>
nixos-unstable might not update if an update breaks `grub` for example, while nixpkgs-unstable might not update if inkscape doesn't build (which is the issue currently)
eyJhb has joined #nixos
eyJhb has joined #nixos
eyJhb has quit [Changing host]
Rusty1 has joined #nixos
<elux>
gotcha. ill switch to nixos-unstable for now, and maybe one day back to nixpkgs-unstable.. they work almost identically so just a nix-channel swap and reinstalling pkgs
<clever>
jakobrs: i have seen an incident about 2 or 3 years back, when grub did break, nixos-unstable didnt change as it should have, nixpkgs-unstable did change
<gchristensen>
nixpkgs- checks darwin too
<clever>
jakobrs: what followed, was about 2 weeks of nixos users on nixpkgs-unstable,streaming into the channel because it wasnt booting anymore
shabius has quit [Remote host closed the connection]
<clever>
and rollbacks didnt help, because it was the generation of the rollback menu that broke
<pickfire>
How should I put kernel module into nix iso for wifi support?
<jakobrs>
If I'm updating a dependency of alsa-lib, the PR should presumably target upstream/staging, right?
<pumpy>
i use ansible's shell task with become_user to run a command as that user but dumping echo $PATH i see it's showing the ansible user not the target user. can nixos sudo be changed?
marcy_ has quit []
lorimer has joined #nixos
<dutchie>
^ would also appreciate a fast review/merge on my (ie jshholland) PR
<MtotheM>
For docker containers. can you set it up so it opens ports automatically in the firewall?
jabster28 has quit [Ping timeout: 240 seconds]
<simonpe^^>
I quite often find myself in a situation where I have a derivation that I want to amend with some file depending on the result of said derivation, for example a deploy script. I can merge those together with buildEnv but that makes the shellHook of the original derivation unavailable, and using overrideAttrs for the installPhase makes development of the deploy script slow since it has to rebuild every
<simonpe^^>
time i make a change to it. What is the best option to get no rebuilds but still keep the shell hook?
<dutchie>
it's probably not something you should do without carefully considering the security implications
timjrd has joined #nixos
werner292 has joined #nixos
werner291 has quit [Ping timeout: 246 seconds]
werner292 is now known as werner291
<pumpy>
ya
<pumpy>
well basically what i need to do is make the -i of sudo -i -u foo echo \$PATH be configured in the sudoers config but i don't know what -i translates to
knupfer1 has joined #nixos
cfricke has quit [Quit: WeeChat 2.9]
knupfer1 is now known as knupfer
<timjrd>
Hi :) , I recently learned that channels are being phased out in favor of Flakes (which is very nice by the way). By using channels, I can ensure I'm using the binary cache to its full extent because the nixpkgs-channels repo is (was?) not updated unless most of the packages are pre-built and ready to be served. How will it works with flakes?
<timjrd>
Separate branches on nixpkgs? Thanks!
cfinch__ has joined #nixos
<infinisil>
timjrd: I'd expect that only nix-channel and chanels.nixos.org will be replaced by flakes. The concept of hydra channels for having caches of most things should still exist
xacktm has quit [Ping timeout: 244 seconds]
knupfer1 has joined #nixos
<timjrd>
infinisil: thanks. I was mostly asking because the nixpkgs-channels repo is flagged as "deprecated" on GitHub
<infinisil>
Ah yeah, the main nixpkgs repo now has the channel branches
<infinisil>
(and has had for some time now)
<infinisil>
So you can just replace nixpkgs-channels by nixpkgs wherever you use it
knupfer has quit [Ping timeout: 260 seconds]
knupfer1 is now known as knupfer
costrouc has quit [Quit: costrouc]
<timjrd>
oh ok, so the "old" nixos-* branches moved to release-* and nixos-* is now the cached branch/channel?
costrouc has joined #nixos
deadk has joined #nixos
<Reiser>
Has anyone had success running podman inside a nixos-container? Running into errors regarding not finding a fuse device
<simonpe^^>
Imma try my question again: how would I achieve similar results to using buildEnv but I can keep the shellHook of one of the derivations?
<{^_^}>
[nix] @mkenigs opened pull request #4176 → nix develop --phase: chdir to flake directory → https://git.io/JTuLW
<lassulus>
Reiser: only works in declarative containers though
<Reiser>
lassulus, luckily I'm using declarative containers! Let me see if I can decipher this
<lassulus>
just lune 58 - 60
<lassulus>
line*
<Reiser>
Ah I see, I don't need the mknod line above in the activationScript?
<lassulus>
ah maybe also that one :D
<Reiser>
:), thank you, I'll give it a try now
<pumpy>
if you want any user to be able to use home manager is it good to install it as a systempackage or leave each user to run nix-shell and install it?
Whaze has joined #nixos
Whaze has quit [Client Quit]
<infinisil>
timjrd: Nope, the nixos-* branches have the same functionality on nixpkgs-channels and nixpkgs, nothing changed there
<infinisil>
And the release-* branches always existed on nixpkgs, they're the ones people push to when they want to backport a commit to a release
<infinisil>
Hydra regularly takes the latest release-* branches, builds them, and if everything is fine publishes a channel update, which then makes the nixos-* branches update
berberman_ has joined #nixos
berberman has quit [Ping timeout: 272 seconds]
berberman_ has quit [Max SendQ exceeded]
berberman has joined #nixos
anderslundstedt has quit [Ping timeout: 240 seconds]
<timjrd>
infinisil: thanks. Do you know if this is documented somewhere?
berberman has quit [Max SendQ exceeded]
berberman has joined #nixos
<infinisil>
Hehe, that's the question all nixers are afraid of
<timjrd>
xD
<pickfire>
clever: I wonder if iso_minimal_new_kernel works or if I really need a add the kernel module, let me check and see.
<infinisil>
Currently on my phone, but if at all it would be in the nixpkgs or nixos manual
<infinisil>
I'd try grepping for release-* in them
berberman has quit [Max SendQ exceeded]
berberman has joined #nixos
dingenskirchen has joined #nixos
<{^_^}>
[nixpkgs] @expipiplus1 opened pull request #101257 → haskell-generic-builder: Add missing preHaddock and postHaddock arguments → https://git.io/JTuqD
ddellacosta has joined #nixos
eoli3n_ has quit [Ping timeout: 265 seconds]
saschagrunert has quit [Remote host closed the connection]
saschagrunert has joined #nixos
jabster28 has joined #nixos
<{^_^}>
[nix] @knedlsepp opened pull request #4177 → Fix the docs about the new NIX_CONFIG env var → https://git.io/JTum5
saschagrunert has quit [Client Quit]
mananamenos_ has joined #nixos
detran has joined #nixos
pn has joined #nixos
<pn>
Hi y'all
<pn>
I've installed NixOS on my asus t100ha tablet but wifi is not working, anyone have idea what might help with this?
<crazazy[m]>
its tursn strings into paths before it concatenates the other strings
sangoma has joined #nixos
<LnL>
crazazy[m]: probably something to do with slash deduplication
<LnL>
> ./. + "foo//" + "/" + "/bar"
<{^_^}>
/var/lib/nixbot/state/nixpkgsfoo/bar
<siraben>
Why does setting NNN_PLUG="p:-_less -iR $nnn*;l:-_git log"; in sessionVariables seem to bash expand nnn?
itc-ger has joined #nixos
<siraben>
I need it to be equivalent to `NNN_PLUG='p:-_less -iR $nnn*;l:-_git log'` in bash
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<siraben>
i.e. `echo $NNN_PLUG` → `p:-_less -iR $nnn*;l:-_git log`
erasmas has joined #nixos
maxdevjs has joined #nixos
<pickfire>
systemd not found kernel panic
<pickfire>
Is it possible that nixpkgs master image have issue for iso?
<pn>
lassulus: still doesn't work, ifconfig -a doesn't even show any other interface than lo
<siraben>
Can anyone help me escape that string properly?
<lassulus>
pn: hmm, sad. do you have networking.wireless.enable or networking.networkmanager.enable ?
<lassulus>
maybe you can paste your config somewhere (I guess that could be difficult without network) did you apply the configuration after enabling hardware.enableRedistributableFirmware ?
<pn>
lassulus: networkmanager
<{^_^}>
[nixpkgs] @B4dM4n opened pull request #101260 → nixosTests.certmgr: fix systemd test → https://git.io/JTuGX
<pickfire>
Oh wait, looks like it is bios ordering issue?
<pickfire>
When I use the one without "1" at the end, it does not boot?
<pickfire>
Ah, using the newer kernel module worked.
<pickfire>
Nice.
lunik1 has quit [Quit: :x]
xacktm has joined #nixos
<pn>
pickfire: 🥳
<pickfire>
Wait, or maybe because I packaged the module?
<pickfire>
I built a module in nixpkgs but I don't know if I am really using the one I built, I don't even know if it worked.
hnOsmium0001 has joined #nixos
<{^_^}>
[nix] @edolstra pushed to master « nix develop: Handle 'declare -ax' in bash output »: https://git.io/JTuZE
kaivai has joined #nixos
<pickfire>
Oh, the example in nixos for wpa_supplicant does not work.
<pickfire>
Failed to open config file '/dev/fd/63', error: No such file or directory
<tpw_rules>
so i have a shell.nix in the current directory which defines an overlay. how do i use nix-shell to start a shell with a package in that overlay? if i just do nix-shell -A pkgs.blahcoolpackage then pkgs isn't found
mrueg has joined #nixos
sangoma has quit [Ping timeout: 246 seconds]
joebobjoe has quit [Ping timeout: 264 seconds]
<pickfire>
Is it good for swap partition to not be aligned?
<pickfire>
Following the default method makes the swap partition not aligned.
<gchristensen>
really?
daGrevis has joined #nixos
werner293 has joined #nixos
lunik1 has quit [Quit: :x]
werner291 has quit [Ping timeout: 272 seconds]
werner293 is now known as werner291
<tpw_rules>
is there a way to directly specify the overlay to nix-shell?
<roberth>
tpw_rules: you could add the package to the shell.nix's buildInputs argument. nix-shell doesn't have an option for adding packages unless you're using plain <nixpkgs> with -p, so no overlay
<tpw_rules>
the package is broken and i want to start a shell so i can run through the build steps manually
<pickfire>
clever: The package that I just added, how do I keep it in the installed nixos?
<tpw_rules>
but i have an overlay specific to this project because it needs several custom package derivations
lunik1 has joined #nixos
<{^_^}>
[nixos-homepage] @github-actions[bot] pushed commit from GitHub Actions to master « Update flake.lock and blogs.xml [ci skip] »: https://git.io/JTuC5
<tpw_rules>
i guess then i need to put my overlay in .config/nixpkgs? that's a bit silly
<clever>
pickfire: normally, the nix files are not copied into the build product, so you would have to add a `cp ${./foo.nix} somewhere/foo.nix` to some expression
<clever>
or manually copy it into the machine with git/scp after booting
<pickfire>
But I thought nixos-install needs it?
<pickfire>
If not the wifi won't work right? Then scp won't work too.
<clever>
you need it twice
<clever>
once on the machine building the iso, which will let wifi work when you boot the iso
<clever>
then a second time, when nixos-install builds the final install, youll put it in /mnt/etc/nixos then
<clever>
but on that 2nd round, the wifi is up, so scp will be up too
<pickfire>
I thought I need to do it before I run nixos-install?
sangoma has joined #nixos
<clever>
the 1st round, is needed when building the iso, before you even boot
<pickfire>
Yeah, I did that already.
<pickfire>
I got it booting and the module worked.
<clever>
the 2nd round, it needs to be in /mnt/etc/nixos, when you run nixos-install
<Racketer>
ffi-lib: couldn't open "libglib-2.0.so.0" (libglib-2.0.so.0: cannot open shared #lang racket/base
<Racketer>
ffi-lib: couldn't open "libglib-2.0.so.0" (libglib-2.0.so.0: cannot open shared object file: No such file or directory) context...: /nix/store/9hvbvwqzi8zc7i1hnvhi1fw4r5ag2906-racket-7.5/share/racket/collects/ffi/unsafe.rkt:131:0: get-ffi-lib11 '#%embedded:racket/draw/unsafe/glib:: [running body]
<Racketer>
I tried to put glib as a buildInput and export the LD_LIBRARY_PATH
<pickfire>
Took me one hour, I didn't figure out anything yet, looks like the original nix file needs some modification but I don't know how, both nix file seemed that it needs to be different.
<Racketer>
evanjs: Sorry, am new to Nix. Just adding that to nativeBuildInputs, right? I did it but still get the same message
<DigitalKiwi>
be the change you want to see in nixpkgs
<pickfire>
I don't understand that line.
<pickfire>
Wait
<pickfire>
I is different.
<pickfire>
clever: But where do I put that?
<selfsymmetric-mu>
I WANT to be the change I want to see, but I want to see and want to be more than I can see and be. Hey, there's always Nix on Mac, I guess.
<pickfire>
That is really confusing, I wish it talked about "nixpkgs.overlays = [..."
<clever>
that would be in the nixos manual
<clever>
nixpkgs.overlays is a nixos option, to accept a list of nixpkgs overlays
<pickfire>
I spent one and a half hour figuring out overlays.
<clever>
nixos manual for the option, nixpkgs manual for what an overlay is
<pickfire>
It is there but I didn't know it is related.
<selfsymmetric-mu>
pickfire: Don't feel bad, it was hard for me to figure out too.
<clever>
yes, splitting things over 4 manuals is confusing
<pickfire>
clever: It's not about that.
<selfsymmetric-mu>
I'll note that for single personal configuration overrides cover all overlay usecases. Overlays are useful if you have mix-and-match configurations, either for multiple machines or multiple people.
<pickfire>
It's that there is no example of an overlay, I mean a full one.
<pickfire>
Not a broken one hanging in the middle.
<pickfire>
It doesn't contain "nixpkgs.overlays =", it mentioned the head and the body, but no how it is connected.
<clever>
thats where it can be handy to just read other peoples nixos config
<pickfire>
I am reading other people configs.
<pickfire>
I read a few, none of them do it the way you mentioned.
<pinpox>
Ox4A6F: I'm not that exeprienced with nix, just want to help out and get this merged. If you are working on it and have some specific tasks I could help out with, let me know
<{^_^}>
[nixpkgs] @aquarial opened pull request #101271 → redshift-plasma-applet: update patchPhase to fix manual updates → https://git.io/JTuVi
<jasom>
hmm, it ends up in a different path in /nix/store too; I'll have to investigate more
hplar has joined #nixos
<pinpox>
Ox4A6F: I was talkin earlier today to the devs on #sr.ht but they didn't want to include something like a separate keyfile or passwordCmd command that could help out
astylian has quit [Ping timeout: 240 seconds]
MmeQuignon has quit [Ping timeout: 246 seconds]
MmeQuignon has joined #nixos
fendor_ is now known as fendor
ambroisie has joined #nixos
<jasom>
I'm confused. I did a 'nix-env -u'; readlink -f $(which cmus); nix-env -e cmus; nix-env -iA nixos.cmus; readlink -f $(which cmus) and ended up with a different cmus linked in my environment at the end.
<pinpox>
rnhmjoj: You here? We were talking earlier, have you seen Ox4A6F 's work on the PR and the pad?
<jasom>
/nix/store/50q9nglyzs2abvqdjl2qlh14bfclqvi9-cmus-2.8.0 vs /nix/store/7dkhx0h0cl87avr8bc70qrjicidm9k9z-cmus-2.8.0
<pinpox>
there are a few options, most commonly cryptpads and codiMD/hackMD, for these kind of collaboration. (just in case you want to check them out)
<Ox4A6F>
I'm hosting my own cryptpad on NixOS, works wonderful.
<pickfire>
Maybe it wuold be better to share my config, ix.io/2Bxl configuration.nix and ix.io/2Bxm hardware-configuration.nix
<pinpox>
Ox4A6F: I'm checking out your tests, my internet is taking for ever to clone the repo..
<pickfire>
It is building and at the end, it showed module not found for rtw88_8822ce
<aterius>
Has anyone had issues with nix being excrutiatingly slow on powerful aws instances? I'm running a p2x.large instance, and starting neovim takes almost 30 seconds when installed via nix (but not via package manager)
<pickfire>
aterius: Is it because you have too many plugins?
<aterius>
No
hart111 has joined #nixos
<euank>
aterius: neovim, by default, uses a wrapper to do some _stuff_ in nix.
<aterius>
it's not neovim specific
<aterius>
starting zsh takes 30 seconds too
<euank>
Ah, huh. Okay, that's weird. If you use strace or something, can you figure out where it's spending all the time?
<hart111>
Heya everyone, question about referencing something. I want to reference something in "/nix/store/ilqq11yv3bcj5y7rr4vyngp8nbzb2b71-clang-11.0.0-lib", but I can't figure out what the name I should reference that store path by is. I can of course do ${pkgs.clang_11}/lib ... but that points to the output "out", not the output "lib"
<aterius>
Resource temporarily unavailable continues almost indefinitely
<clever>
pickfire: you still need a boot.extraModulePackages = [ config.boot.kernelPackages.rtl8822ce ]; as before
<aterius>
Whoops
<aterius>
that was inaccurate
<euank>
that probably means you're hitting a ulimit, like nproc
<clever>
pickfire: you also need the extraModulePackages to actually include it in the OS
<euank>
from what you pasted, aterius, there's not enough for me to see what fd it's reading from (i.e. fd 10 being /nix/store/something/etc), but I assume it's that reading from the nix store is super slow
<pickfire>
So the initrd is not related?
<aterius>
euank: That's what I assumed too, but I have no idea why that would be
<clever>
pickfire: boot.initrd.kernelModules just says to copy the module into the initrd, if it can be found
<euank>
do you have the nix store mounted on a different disk, like a really slow ebs volume or something?
<aterius>
It's just a standard EBS
<clever>
pickfire: but boot.extraModulePackages is needed to let it even be found
<euank>
is it different from the rootfs in some way
<aterius>
No, it's a standard AMI configuration
<aterius>
Nope
<euank>
as in a different filesystem, different ebs volume, etc
<pinpox>
Ox4A6F: I'll try adding the remote instead of the command in the pad
<euank>
... huh, that's quite strange
<aterius>
No, it's literally the standard ubuntu 18 AMI + nix daemon install
<pickfire>
clever: But it cannot be string?
<gustavderdrache>
what's the EBS volume type?
<clever>
pickfire: extraModulePackages must be a derivation, as in the example i gave above
simonpe^^ has quit [Remote host closed the connection]
<aterius>
gustavderdrache: How do I check the volume type?
<gustavderdrache>
i'm not sure if you can tell from inside the instance... lemme check real quick
<aterius>
gp2
<aterius>
300 iops
<gustavderdrache>
okay, so it's not that
<pickfire>
o
<euank>
I'm also curious if you observed this across multiple instances
<gustavderdrache>
is there anything in top/iotop indicating that some other process(es) are eating up CPU/disk time?
<pickfire>
Oh, now I see errors in rtl8822ce.nix, no wonder it wasn't evaluated.
<aterius>
I can spin up another one, and no the instance is completely free
<clever>
pickfire: nix is lazy, until you depend on config.boot.kernelPackages.rtl8822ce somewhere, it wont even bother reading rtl8822ce.nix
zupo has quit [Ping timeout: 260 seconds]
<euank>
It's super unlikely that it's a bad ebs volume, but it's something that can happen.
<aterius>
It's not like it's a slow node, 8 vcpu/60 gb vram
<clever>
pickfire: the fact that the errors went un-noticed until now, prooves that it was never even trying to install the package
<pickfire>
clever: But is there an easy to figure out whether a package is evaluated?
<euank>
Yeah, it seems really weird that reading /usr/bin/zsh would take more or less time than /nix/store/..../zsh; they should both just be in the page cache tbh
<pickfire>
assert false
<pickfire>
?
<Ox4A6F>
pinpox: I think it is using the old pkgs.sourcehut in nixpkgs, try setting nixpkgs to the current checkout with nix-build -I nixpkgs=path/to/checkout ...
<clever>
pickfire: or add a call to builtins.trace to it
<pickfire>
Thanks for the trick.
<pickfire>
Wow, finally it builds the kernel modules.
<pickfire>
clever: Thanks for the help.
<euank>
and it sounds like it's stuck on disk io from the strace output
<Ox4A6F>
pinpox: sorry, forgot to push my changes.
<clever>
pickfire: yep
<pickfire>
I wonder how many days I need to figure out this on my own.
<pickfire>
Luckily it takes 3 hours only.
<pickfire>
Or 4
<pickfire>
clever++
<{^_^}>
clever's karma got increased to 529
zupo has joined #nixos
<pinpox>
Ox4A6F: I'm cloning the NixOS/nixpkgs repo and will add your remote after that, let me know when your changes are pushed
exco has joined #nixos
<pickfire>
Oh lol, no graphics I just realized.
<Ox4A6F>
pinpox: Already pushed. My highlighting is broken, so better query me. Otherwise it might slip through.
<pinpox>
ok/
codygman has quit [Read error: Connection reset by peer]
codygman has joined #nixos
<exco>
I need a reference on how to adjust the deprecated config.services.phpfpm.pools.<domain>.listen parameter
meh` has joined #nixos
tv has joined #nixos
srhm has quit [Quit: srhm]
<theuni>
Is anyone around who was involved with packaging Ceph? I'm trying to get an older version (Jewel) running and am stumbling over weird cmake errors. I'm not that knowledgeable about cmake and it ends upwith ... https://dpaste.com/ACTZEVS9B
<theuni>
hmm. so AsyncOptracker.cc really lives in src/common/ and not src/journal ... so I guess it's registering 'common' incorrectly somehow ...
werner292 has joined #nixos
<theuni>
hmm. but the cmakelist does include an explicit reference to src/journal ... so I guess again that this went wrong during the configure phase ...
* theuni
takes a look at the raw source
werner291 has quit [Ping timeout: 272 seconds]
werner292 is now known as werner291
Baughn has quit [Ping timeout: 264 seconds]
<theuni>
ugh. that's already broken there ... i wonder what i'm missing.
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos
<theuni>
great. that was actually a broken refactoring upstream.
<theuni>
thanks for listening ... :)
<theuni>
so this only took 4 hours to figure out /o\
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #101274 → nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS → https://git.io/JTu6O
<Ankhers>
What is the process to getting write access to the nixpkgs repo? I can't seem to find anything within the projects readme.
<{^_^}>
[nixpkgs] @Ekleog merged pull request #101087 → nixos/sslh: fix usage of the now removed ssl probe → https://git.io/JTBTB
<{^_^}>
[nixpkgs] @Ekleog pushed commit from @symphorien to master « nixos/sslh: fix usage of the now removed ssl probe (#101087) »: https://git.io/JTu6b
meh` has quit [Ping timeout: 246 seconds]
<{^_^}>
[nixpkgs] @Ekleog pushed commit from @symphorien to release-20.09 « nixos/sslh: fix usage of the now removed ssl probe (#101087) »: https://git.io/JTuiT
<exco>
lassulus: makefu meinte ich soll dich mal anhauen, bezüglich Ethereum staking config für nixos... hast du da schon was gebaut?
knupfer1 has joined #nixos
<lassulus>
uhm, nich sicher was ethereum stacking ist
<lassulus>
aber nixos config bin ich der richtige :D
<lassulus>
oh shit, klingt ja spannend :D
<Ericson2314>
anyone know about buildRustPackage failing because cargo isn't properly working offline with [patch] ?
<Ericson2314>
I had two patches it was fine, then add a third that doesn't work
<Ericson2314>
can't figure out what the difference is
knupfer1 is now known as knupfer
khar0n is now known as kharon
selfsymmetric-mu has quit [Remote host closed the connection]
<exco>
lassulus: grob - ETH geht vom POW auf POS, damit wieder die Option dezentraler zu werden und einfach selbst das Netzwerk mit zu betreiben. Coole Gelegenheit um hier Nixos per fertiger config im cryptocurrency space zu verbreiten
<lassulus>
exco: vl sollten wir in nen deutschsprachigen channel damit wie #nixos-de oder ne query
<exco>
klar
jjakob has joined #nixos
<exco>
sorry, I was not paying attention - otherwise we can also just switch to english
<myme>
I'm having some issues with setting up a shell.nix for a Python environment. I'm passing a derivation into mkShell's inputsFrom and end up with "Argument list too long" issues. strace tells me that PYTHONPATH is *huge* - I'm truncing vars at 50k chars currently.
gnidorah has quit [Quit: Connection closed for inactivity]
kharon has quit [Remote host closed the connection]
meh` has joined #nixos
Mic92 has joined #nixos
<pumpy>
would i do xsession.windowManager.i3.enable in home manager's home.nix or services.xserver.windowManager.i3.enable in configuration.nix? im new to nixos and need help understanding how to decide whether to choose a systemwide or user config option if i have the choice. ty!
<gianarb>
Hello! I am experimenting with nix for reproducible dev environment. I an newbie trying to install opencv, looking at the nix package https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/opencv/4.x.nix the module xfeatures2d looks part of the installation, but my program fails in a way that makes me to think about it not being installed
<gianarb>
the error is coming from the script I am experimenting, it is in go at it uses gocv, so I am not sure if it will help, but " error: no member named 'SIFT' in namespace 'cv'" googling around it looks like the missed xfeatures2d module
Izorkin has joined #nixos
<{^_^}>
[nixos-homepage] @samueldr pushed to redesign-donate « site-styles: Add assets used in governance page »: https://git.io/JTuHd
<pumpy>
when i run nixos-rebuild switch it fails error executing git no such file or dir. all i did was add it to configuration.nix's systemPackages and use the builtins.fetchGit for the neovim repo master. how can i fix pls?
<gianarb>
I think it is in some way related to what I am installing, or not installing with the nix shell script, because I used `brew install opencv` to set that and I get my go application running
<cole-h>
pumpy: Unfortunately, fetchGit is pretty impure because of that. You want to comment out that `builtins.fetchGit` until you can switch to a configuration with git in PATH, and then uncomment and switch again
<pumpy>
omg that's terrible!
<cole-h>
You could also use `pkgs.fetchFromGitHub`, which skips that problem (by using GitHub's API to get a tarball)
<pumpy>
oooo
<cole-h>
(I use API loosely, since it really just queries a well-known URL structure where the tarball is held)
<hart111>
yeah with nixos you *always* want to install git during your initial install, globally
<hart111>
Otherwise so much nastiness
<hart111>
(unless you can be sure no pkgs or pkg dependencies require git)
<cole-h>
gianarb: Maybe brew does something special? You could look at their recipe and see what's what
<pumpy>
do i change builtins.fetchGit to pkgs.fetchFromGitHub?
<cole-h>
It has a different structure, so just changing that line won't work.
<pumpy>
i only use the url key from fetchGit. what's that for fetchFromGitHub?
werner292 has joined #nixos
<cole-h>
fetchFromGitHub expects `repo`, `owner`, `rev`, and `sha256`.
<tpw_rules>
so i have a binary that needs to link with the qt5 libraries but i'm not sure how to get them? i tried pkgs.qt5.full but it's broken in nixpkgs unstable right now
<{^_^}>
[nixpkgs] @jonringer pushed commit from @das-g to release-20.09 « python3Packages.scrapy-fake-useragent: fix license »: https://git.io/JTu7Y
<tpw_rules>
what are the names of the individual components? i don't need qtwebkit, which is the broken bit
__monty__ has quit [Quit: leaving]
<pumpy>
using fetchFromGitHub, i can't use the nightly tag/rev right? because its sha256 would always change i assume
<viric>
oh. nix "make" attempts "make install"
<cole-h>
You can, but if you ever collect garbage and end up deleting the cached tarball, it will try to fetch it again and fail because of a wrong sha256
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000), then replace it with the correct hash Nix expected. For inserting 52 0's in vim: <esc>52i0<esc>
<pumpy>
"rev corresponds to the Git commit hash or tag (e.g v1.0) that will be downloaded from Git. Finally, sha256 corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but sha256 is currently preferred."
<cole-h>
`nix-prefetch-url --unpack <tarball url>` is a way you can calculate it from the command line
<pumpy>
hart111 "yeah with nixos you *always* want to install git during your initial install, globally" you sure? do other ppl agree? if it's that way why not bundle git with it?
<cole-h>
I always install git because I work with source a lot... I'm not sure why it's not installed by default considering how many people are the same, but it's not required (unless you use builtins.fetchGit)
<samueldr>
shouldn't be installed by default, since it's not a core component of a Linux system :)
<samueldr>
if it was a default package in NixOS, deploying to a server would add that useless git + deps!
<zecnate>
How can I ensure the locale is available for the builder?
<tpw_rules>
so i know $out has a bin/ folder in it and binaries there are automatically symlinked when the package is installed. but what if the program's installer puts stuff in $out/usr/bin? how do i get symlinks to be used there
<cole-h>
Make it not use /usr/bin
<tpw_rules>
it's a prepackaged binary
<zecnate>
tpw_rules: For standard unixy software there's an "installation prefix" and packages install into `$PREFIX/bin` and many packaging systems set that to `/usr`.
<zecnate>
So it's not standard to install into `$DEST/usr/bin`…
<cole-h>
If it's prepackaged, why not just `mv usr/bin/binary bin/binary`
<zecnate>
If you can't reconfigure the packages installation prefix, you can wrap it in another derivation that creates symlinks with the right structure.
<zecnate>
-or that.
<tpw_rules>
i'll see if that works. there's a bunch of binaries and scripts in /usr/bin and i'm not sure if they'll be able to find them
<tpw_rules>
themselves
<pumpy>
samueldr++
<{^_^}>
samueldr's karma got increased to 286
<pumpy>
i keep corrupting my nixos & home manager setup somehow. not sure if it's when i change configuration.nix or home.nix but it ends up that home-manager command is no longer found. how would you think to debug that pls?
<cole-h>
Why not just mv usr/bin/* bin?
__Sander__ has quit [Quit: Konversation terminated!]
<{^_^}>
[nixpkgs] @divanorama opened pull request #101292 → Add bazel_git and protobuf-java packages → https://git.io/JTuF3
werner292 has joined #nixos
<tpw_rules>
ok so one of these programs need to be run as sudo but i just do "sudo coolprogram" but now coolprogram isn't found because the environment is gone
werner291 has quit [Ping timeout: 272 seconds]
werner292 is now known as werner291
<tpw_rules>
i'm not sure how to get it to work. this is just nix installed on ubuntu. not nixos
<tpw_rules>
i have confirmed that the path does not contain anything nix related with that second command
<zecnate>
Hm, man page for sudo suggests that PATH is special in a few ways.
exco has quit [Ping timeout: 264 seconds]
ManiacOfMadness has quit [Ping timeout: 272 seconds]
<{^_^}>
[nixos-homepage] @samueldr pushed 2 commits to redesign-donate: https://git.io/JTubB
Rusty1 has joined #nixos
endformationage has joined #nixos
<pumpy>
i keep corrupting my nixos & home manager setup somehow. not sure if it's when i change configuration.nix or home.nix but it ends up that home-manager command is no longer found. how would you think to debug that pls?
erasmas has quit [Quit: leaving]
zecnate has quit [Remote host closed the connection]
MmeQuignon has quit [Ping timeout: 260 seconds]
<{^_^}>
[nixpkgs] @erictapen pushed commit from @TredwellGit to release-20.09 « freetype: 2.10.2 -> 2.10.4 »: https://git.io/JTubH
dansho has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
gianarb has quit [Ping timeout: 272 seconds]
cjpbirkbeck has joined #nixos
<{^_^}>
[nixpkgs] @erictapen pushed commit from @TredwellGit to release-20.03 « freetype: 2.10.2 -> 2.10.4 »: https://git.io/JTubj
aasg has quit [Quit: killed]
aasg has joined #nixos
<{^_^}>
[nixos-homepage] @samueldr pushed to redesign-donate « site-styles: Add wedges to governance »: https://git.io/JTuNW