justanotheruser has quit [Ping timeout: 265 seconds]
vandenoever has quit [Ping timeout: 260 seconds]
rprije has joined #nixos
pushqrdx has quit [Remote host closed the connection]
<srid>
Screen brightness adjustment doesn't work on my X1 carbon (I use i3; it used to work in GNOME). `/sys/class/brightness` is missing; does anyone know what I can do to fix this?
<lejonet>
srid: you sure it ain't supposed to be in /sys/class/backlight/brightness?
<srid>
Oh damn, I'm growing old
<srid>
I see backliht/intel_backlight.
<lejonet>
it was a while since I had to dig around that on my laptop (I also use i3) but I have a vague recollection of it being /sys/class/backlight that the brightness control is in
<srid>
Okay, writing to the brightness file works. Now to figure out why user-space programs (such as `programs.light` or xbacklight) don't work
bbarker has quit [Remote host closed the connection]
bbarker has joined #nixos
<{^_^}>
[nixpkgs] @chkno opened pull request #104543 → nixos/sshd: Option to set the sftp server executable → https://git.io/Jkw30
<lejonet>
srid: from the arch linux wiki it would seem like at least xbacklight only works for Intel GPUs, because it uses randr to fiddle with the backlight, might be related? (Tho I assume most X1 Carbons uses Intel iGPU)
<srid>
Carbon only uses intel igpu, yes.
<infinisil>
shapr: This one is good :)
werner291 has quit [Remote host closed the connection]
<infinisil>
Oh, sorry, I was scrolled way up in the backlog, ignore this
<lejonet>
ivan: whelp, --disable-jit gives same behaviour... sigh
bbarker has quit [Ping timeout: 240 seconds]
redmp has quit [Ping timeout: 240 seconds]
<ivan>
lejonet: might be your graphics
<srid>
`thinkpad_acpi` is enabled, fwiw
<ivan>
lejonet: do you use a laptop with an intel gpu
<lejonet>
ivan: nope, this is a desktop with an AMD card
justanotheruser has joined #nixos
<ivan>
horrible experiment is to start xorg with modesetting driver and see if it crashes
<lejonet>
Honestly, atm it seems like spinning up a small VM just for a webbrowser might seem like a good idea lol
<lejonet>
I think I'm gonna do that just to verify that its nothing with my profile (sure, it crashes even if I nuke .mozilla and it create a new profile, but eh, who knows)
<{^_^}>
[nixpkgs] @mweinelt pushed 4 commits to release-20.09: https://git.io/JkwG3
zuh0 has joined #nixos
<leo60228>
is there a reason that the dhclient module was removed? there's an odd interaction between dhcpcd, spectrum, and delegating a /56 prefix that causes issues for me
vidbina has quit [Ping timeout: 265 seconds]
rogerr has left #nixos [#nixos]
mbrgm_ has joined #nixos
mbrgm has quit [Ping timeout: 260 seconds]
mbrgm_ is now known as mbrgm
cmcaine has quit [Remote host closed the connection]
bbarker has joined #nixos
growpotk- has joined #nixos
<{^_^}>
[nixpkgs] @zowoq opened pull request #104545 → runc: add wrapper for systemd → https://git.io/JkwZS
<nasirhm>
I wrote a default.nix for a small project, how to build it ?
supersandro2000 has quit [Disconnected by services]
<dxb[m]>
<nasirhm "I wrote a default.nix for a smal"> nix-build
<nasirhm>
with `nix-build` in the same directory as `default.nix`, it results in: `error: cannot auto-call a function that has an argument without a default valye`
<leo60228>
note that it's generally expected that packages outside nixpkgs will `import <nixpkgs> {}` instead of being passed packages
<colemickens>
here's my problem, I've never had that nix-store query command work, even if I let it run a long time: `cannot delete path '/nix/store/1w79h42pflpklibadfiwcrg1fhakqksd-bundle' since it is still alive. To find out why use: nix-store --query --roots`
<colemickens>
in fact, I can't pkill it or Ctrl+c it.
bbarker has quit [Remote host closed the connection]
<rogerr>
how can i set XDG_RUNTIME_DIR in my env on a per user basis? im using home manager fwiw
mupf has joined #nixos
<{^_^}>
[nixpkgs] @marsam pushed 3 commits to release-20.09: https://git.io/JkwEw
ris has quit [Ping timeout: 256 seconds]
<supersandro2000>
rogerr: set home.sessionVariables
<porphyrogenetos>
Is it possible to create a derivation that is a union of two other derivations? For example installing package 3 creates a /nix/store entry that contains a simlinked union of package 1 and 2 that are buildInputs to it?
<dxb[m]>
<porphyrogenetos "Is it possible to create a deriv"> isn't that exactly how it works?
<porphyrogenetos>
I recall something like that when I was playing around with steam, not sure how to go about it, I guess you would make a default.nix that has the core one by default and can be passed the optional one to create the union?
<dxb[m]>
if you have a derivation-a with build inputs derivation-b and derivation-c then b and c will be linked in a
<porphyrogenetos>
and another for the external stuff. The solution i'm mulling over is if I can make a 3rd package that takes the two as build inputs, and outputs a packagenameFull nix store entry where every file from both a and b are present
<porphyrogenetos>
@dxb A library package I maintain has an optional secondary repo for additional drivers, on a normal linux system the drivers are picked up dynamically via an XML directory in /usr/share. On nix for the core library thats fine (/nix/store/hash-packagename/share), but the optional secondary package cant add its entries to another nix derivations output so theres two different XML directories, one for the core library
shibboleth has joined #nixos
tbech has quit [Ping timeout: 272 seconds]
<bqv>
uh
<bqv>
SysError: opening file '//builtin/derivation.nix': No such file or directory
<bqv>
this don't seem good
justanotheruser has quit [Ping timeout: 272 seconds]
<clever>
bqv: you can use -I nix=... to remap that to the right dir
<clever>
bqv: fetchzip will unpack for you, fetchurl never unpacks
<bqv>
cool
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos
<rogerr>
i set my XDG_RUNTIME_DIR to ~/.runtime with home.sessionVariables and now when i RDP into the machine i just get black screen for a long time then connection log or xterm pops up. (i use alacritty) i made sure to home.file.'.runtime/.keep'. what i'm doing wrong pls?
<bqv>
clever: interesting, fetchzip fails because lzip cannot be found
<bqv>
"lzip: cannot exec: no such file"
bqv has quit [Quit: WeeChat 2.9]
<clever>
bqv: try just fetchurl then, and add lzip to nativeBuildInputs
bqv has joined #nixos
<matthewcroughan_>
clever: where's your nix config?
<clever>
2020-11-22 00:14:53 < clever> bqv: try just fetchurl then, and add lzip to nativeBuildInputs
<bqv>
gotcha
Fare has joined #nixos
Supersonic112 has joined #nixos
Supersonic has quit [Ping timeout: 260 seconds]
Supersonic112 is now known as Supersonic
<matthewcroughan_>
bqv: would your home-manager work on macos/ubuntu ?
<matthewcroughan_>
If not, how would you ensure that it did?
<matthewcroughan_>
This is something I've failed to wrap my head around, it's not magically portable, you have to make sure you don't import stuff that wouldn't work
<matthewcroughan_>
there is no magical way to make sure that it will indeed be portable either
<lovesegfault>
well, I think know they have added configs for stuff I don't use like emacs, but still
<matthewcroughan_>
yeah but you use niv instead of flakes
<lovesegfault>
s/know/now/
<lovesegfault>
Yes, that's an easy change though
<lovesegfault>
I just haven't bothered learning flakes yet
<matthewcroughan_>
based on your structure heading, it looks like a similar thing
<lovesegfault>
with niv I have a GH action that bumps all my sources :D
<matthewcroughan_>
`flake show` would show the same kind of tree
palo1 has joined #nixos
<matthewcroughan_>
I imagine flakes would mean that you could just use the `nix` cmd to do the same thing, soon.
<lovesegfault>
Yeah, that's correct
<lovesegfault>
But someone would have to go write the GH action to do it
<matthewcroughan_>
btw, doing `nix-env --help` on my user under home-manager results in "nroff not found"
<matthewcroughan_>
so something's definitely screwed with my setup
<lovesegfault>
I guess what I'm saying is: flakes require me to spend time learning and modifying my repo, but don't really give me much in return that I don't already have
<matthewcroughan_>
lovesegfault: gh actions are more or less just docker, maybe I'll do that soon
<matthewcroughan_>
they just have access to your GH accounts secrets like api key by default, and the yml format for configuring the secret itself is BS on top of Docker.
<matthewcroughan_>
configuring the action*
* lovesegfault
nods
<lovesegfault>
You do have to write the action "library" in javascript though
palo has quit [Ping timeout: 240 seconds]
palo1 is now known as palo
<matthewcroughan_>
? why
<matthewcroughan_>
All you have to do for actions is make a Dockerfile
<lovesegfault>
There are two things I'm talking about here:
<lovesegfault>
1. GitHub actions, which run on your repo on every $event (PR, commit, whatever you configure). These are written as YAML
<lovesegfault>
2. GitHub action "libraries". They have a real name that I can't recall, and they're the things you "use:" in order to do fancier thing in your repo's GH action.
<matthewcroughan_>
strace man home-configuration.nix provides something like: access("/usr/man/cat0p/home-configuration.nix.0p.lzma", R_OK) = -1 ENOENT (No such file or directory)
Morfio has quit [Quit: This computer has gone to sleep]
Morfio has joined #nixos
<lovesegfault>
I've really never seen this before
<lovesegfault>
like not even heard of a user having this error
<lovesegfault>
have man pages _ever_ worked for you?
<lovesegfault>
I'd recommend the usual approach of "comment stuff off until it works"
<patagonicus>
I'm currently extracting some settings from my configuration.nix into a separate file to share that with other machines - is there a good way of see the diff between two configs/system generations?
<{^_^}>
[nixpkgs] @r-burns opened pull request #104572 → yed: fix eval on darwin → https://git.io/JkrIr
<matthewcroughan_>
lovesegfault: the issue turned out to be that I had somehow installed busybox via `nix-env -i` in my user's nix-env, and not my root's
<lovesegfault>
Oh god
<lovesegfault>
DO NOT USE NIX-ENV
<lovesegfault>
EVER EVER
<lovesegfault>
That's my only advice
<lovesegfault>
that tool shouldn't exist
<matthewcroughan_>
So the root user could access manpages just fine, whereas the regular user could not, since it was using busybox's man lmfao
<matthewcroughan_>
haha
zupo has quit [Ping timeout: 246 seconds]
<lovesegfault>
I really do mean it, don't ever use it
<matthewcroughan_>
That's what I said
<lovesegfault>
unless you're trying to fiddle with the profile symlinks
<lovesegfault>
won't give you a very clear view of what's going on
<siraben>
matthewcroughan_: are you on NixOS?
<matthewcroughan_>
siraben: yeah
<lovesegfault>
you'll just have to nix-diff the drvs
<matthewcroughan_>
lovesegfault: but rycee said that home-manager uses `nix-env -i`
<MichaelRaskin>
Yeah, I would say never never never use -i, never use -iA, use -e to clean up after past uses of -i then stop, and the rest is fine once you know why would you want it at all
<matthewcroughan_>
on non-nixos, apparently, to do its stuff
<lovesegfault>
Not if you use it as NixOS module
<patagonicus>
lovesegfault: Thanks, I'm not super worried, just want to double check I'm not doing something really stupid. So nix-diff might work.
<matthewcroughan_>
right, but I want to use my home-manager on macos, etc
<lovesegfault>
MichaelRaskin++
<{^_^}>
MichaelRaskin's karma got increased to 51, that's Numberwang!
<matthewcroughan_>
eventually
<siraben>
matthewcroughan_: yeah for the initial install on non-NixOS, home-manager uses `nix-env -i`
<lovesegfault>
matthewcroughan_: you can use hm as a nixos module and use the same files to use it in MacOS
<lovesegfault>
I used to do that
<siraben>
matthewcroughan_: cool, i'm using the same home-manager config on macOS and NixOS
<lovesegfault>
PSA: DO NOT TOUCH NIX-ENV
<lovesegfault>
this should be at the top here
<matthewcroughan_>
motd
<lovesegfault>
yup
<lovesegfault>
lol
<MichaelRaskin>
The problem is that Eelco Dolstra disagrees with that
<Havvy>
When I was using nix, nix-env was what I used to install local programs though, and it worked just fine.
<MichaelRaskin>
So MOTD/chan-topic doesn't get set
<siraben>
I used to use `nix-env` imperatively when I was getting started (though would move the changes to configuration.nix and `nix-env -e '*'` from time to time)
<lovesegfault>
Havvy: it just comes back to ruin your life though
<lovesegfault>
I mean, not on NixOS it's not as bad
<lovesegfault>
but in NixOS it really does ruin everything
<siraben>
lovesegfault: ruin how? curious
<lovesegfault>
There are only two ways to get a package: nix-shell and adding to your config
<lovesegfault>
any other way will make you miserable
<lovesegfault>
siraben: see the above story of matthewcroughan_'s man not working
<lovesegfault>
it breaks stuff in incredibly surprising ways
<siraben>
oh jeez
<siraben>
yeah don't use nix-env!
<lovesegfault>
lol
<siraben>
I didn't know installing busybox imperatively would do that
<MichaelRaskin>
I would say eventually even on non-NixOS it is nicer to have buildEnv/myEnvFun declaratively defined profiles than nix-env -iA
<siraben>
for me it was like the staging area in Git
<lovesegfault>
MichaelRaskin: 1000%
<lovesegfault>
Even before I moved to NixOS I had nix-env ruind my shit
<MichaelRaskin>
You might want to nix-env --set them, maybe. Or maybe not, matter of taste
xenophile has quit [Ping timeout: 240 seconds]
<siraben>
MichaelRaskin: what's buildenv?
<lovesegfault>
I use nix-env --set to change my system profile manually
<MichaelRaskin>
Nixpkgs has two nice functions, buildEnv and myEnvFun
<lovesegfault>
but I know what I'm doing
<matthewcroughan_>
lovesegfault: I stated this in home-manager's room lol
<MichaelRaskin>
The idea being that nix-env profile building does some amount of extra stuff beyond symlinking things together
<matthewcroughan_>
I said: "nix-env should not exist, instead only nix-build and nix-shell should exist :D"
<MichaelRaskin>
and buildEnv/myEnvFun give you ability to ask for the extra steps compared to symlinkJoin
<MichaelRaskin>
Reality: in the new «nix» interface there is «nix profile» to replace nix-env, but «nix build» does not print the output path unlike nix-build
<MichaelRaskin>
Yeah, not getting any better
<lovesegfault>
MichaelRaskin: indeed, not getting any better
<lovesegfault>
that nix build doesn't spit out the build path drives me CRAZY
<siraben>
lovesegfault++
<{^_^}>
lovesegfault's karma got increased to 39
<siraben>
It was very annoyed
<siraben>
s/It/I
<lovesegfault>
MichaelRaskin: is nix profile a thing? or do I need nixUnstable?
<lovesegfault>
siraben: :D
red[evilred] has joined #nixos
<red[evilred]>
I still need to invest time in flakes
<red[evilred]>
everyone seems gaga at the concept - but for me thus far... woosh over my head it goez
<red[evilred]>
err, goes
<lovesegfault>
flakes are meh
<siraben>
Same here, it seems like I have to relearn quite a bit of the CLI
<red[evilred]>
(the nix build comment made me think about it)
<lovesegfault>
that they had an RFC, the RFC was rejected, and then the BDFL implemented it anyway is ridiculous
<red[evilred]>
since nix build doesn't seem to exist in my cli
<red[evilred]>
even though I am running unstable
<siraben>
Hm? `nix build` exists for me
<lovesegfault>
red[evilred]: get a newer Nix :P
<siraben>
nix (Nix) 2.3.8 here
<red[evilred]>
same
<red[evilred]>
oh funny
<red[evilred]>
I test it now and NOW it works
<siraben>
interesting
<red[evilred]>
nix flake doesn't however
<siraben>
Right, you'll need unstable for that
<MichaelRaskin>
lovesegfault: probably the latter, and maybe to enable experimental features or something
<red[evilred]>
I'm on unstable - and yes... experimental features I think
<red[evilred]>
I guess now I'
<red[evilred]>
ve gotten better with my understanding of nixexpr, now would probably be a good time to re-watch the flake vids
<siraben>
red[evilred]: which flake vids?
<lovesegfault>
There's a nixcon presentation on it
<FRidh>
really not much different. For NixOS, you point to a flake using `system.autoUpgrade`. Instead of using CI to update the flake, I let this service integrate the latest nixpkgs into it by passing `--update-input nixpkgs` to `nixos-rebuild switch`
revtintin has joined #nixos
<lovesegfault>
channels are 💩
<siraben>
What's nixus?
<FRidh>
and for other users, they can do something like nix shell nixpkgs/nixos-20.09#hello which is quite similar to using channels
<lovesegfault>
FRidh: can you elaborate? That sentence isn't super parsable for me
<lovesegfault>
siraben: a deployment tool. Like NixOps but without all the features
<lovesegfault>
(i.e. simple to use)
<FRidh>
lovesegfault: Sure. You want to have your NixOS configuration, but you also want nixpkgs to update to get security updates. Flakes are hermetic, so how do you get security updates? Well, you need to update your flake then.
<lovesegfault>
Sure, that makes sense
<FRidh>
I let system.autoUpgrade not just fetch the flake of my system, but also update the `nixpkgs` input to it
<lovesegfault>
How does that "make it's way" back into git/hg/whatever you use to track your config?
<red[evilred]>
I'll need some time to parse the example
<red[evilred]>
brb
<FRidh>
I notice this is hardly being done. E.g., the nixos infrastructure doesn't do any such updates
<FRidh>
Right. So from a security point of view, we are going to need some kind of service in case CI is not used to integrate the latest nixpkgs
* lovesegfault
nods
<FRidh>
Yes, I suppose someone will make that for flakes as well at some point
<lovesegfault>
Right, I hope so!
<lovesegfault>
That's the only thing missing for me to move to flakes
<FRidh>
still, many people, and especially new users, will not be aware that this is needed
<lovesegfault>
Right
<red[evilred]>
I guess I'm not new. I'm also not old. I'm not understanding 90% of this shift.
turbo_MaCk has joined #nixos
<red[evilred]>
I guess since everything is in flight that doesn't hugely matter
<red[evilred]>
I swear every single day I learn about some other NixOS tooling or CI process
<red[evilred]>
is there a list of these things? :-P
<matthewcroughan_>
I made the right choice to not force myself to use channels at all, since flakes are clearly becoming important
<matthewcroughan_>
force myself to not use channels*
<matthewcroughan_>
man I can't type today, logic
<red[evilred]>
is there a document that shows how to use flakes to specify a whole system?
<matthewcroughan_>
That's not remotely how it works, I do not think
<matthewcroughan_>
All flakes are, in my understanding, are a way to make channels declarative.
<lovesegfault>
No document, I think cole-h's config is entirely flake-based for it's inputs
<red[evilred]>
so how are you maintaining your systems without channels?
<matthewcroughan_>
So instead of `nix-channel add`, you just declare it in the flake, which means that you didn't have to do that imperative thing at the start of your system.
<red[evilred]>
so I guess the syntax in eelco's talk has changed. having to do nix run nixpkgs#rustc -- --version instead ( it doesn't recognize -c ) - it's enough to get me looking around though
<red[evilred]>
now to pull up that flake tutorial mentioned earlier...
<red[evilred]>
it's 04:34 - what else am I going to do at this time of nigfht ;-)
<{^_^}>
[nixpkgs] @raboof opened pull request #104578 → enamlx: fix use of function that was removed upstream → https://git.io/Jkrsk
m0rphism has joined #nixos
<siraben>
heh
<siraben>
All this activity makes me wonder if nixpkgs is the most active repo on GitHub
alp has joined #nixos
<MichaelRaskin>
I know Github functionality incrementally breaks down for Nixpkgs repo. I mean, more than the normal MS Github habit of just breaking things
<raboof>
yeah, some issue/pr search terms pretty consistently produce a unicorn
<raboof>
though overall I'm super impressed how well nixpkgs handles the volume of changes (both on the technical github side and on the 'human' side)
<siraben>
Interesting, I don't think I've had a unicorn when using searches except when github itself is down
<siraben>
of course the automation plays a huge role
<raboof>
definitely
<siraben>
I haven't contributed to other package repositories like AUR, debian, etc. anyone know how contributing to nixpkgs is different from contributing to them?
<raboof>
I'll admit when I first learned about nixpkgs keeping all package metadata in a 'monorepo' seemed like a pretty crazy idea
<raboof>
but just half a minute ago I tracked down a problem to the commit that caused it with 'git bisect' - that is *such* a superpower
<siraben>
had no idea something like infixSalt was renamed to suffixSalt and causing the issue
<red[evilred]>
hmm, I keep getting a warning about "unknown setting 'extra-sandbox-paths'"
<red[evilred]>
it's in /etc/nix/nix.conf which is autogenerated
<red[evilred]>
I'd love to know the source of it since it keeps getting written somehow
turbo_Ma1 has joined #nixos
revtintin has quit [Quit: WeeChat 1.9.1]
turbo_MaCk has quit [Ping timeout: 240 seconds]
<JaakkoLuttinen[m>
Will `sudo nix-collect-garbage -d` delete also such store paths that are symlinked by `result` dirs created by `nix-build`? I suppose it has to because it cannot know about all symlinks in the entire system. Is there any way to keep the result of `nix-build` even when `nix-collect-garbage -d` is run?
<siraben>
Jaakko Luttinen: nope, it will not delete those paths
domogled has quit [Ping timeout: 256 seconds]
<siraben>
` ls -l /nix/var/nix/gcroots/auto`
<red[evilred]>
siraben (IRC): how does it know about them?
<JaakkoLuttinen[m>
siraben: oh, indeed, the man page says: "The result of the build is automatically registered as a root of the Nix garbage collector." But how is that possible, I don't quite understand..
<siraben>
I was wondering that as well
<JaakkoLuttinen[m>
And how can it know when the symlink is removed...
<JaakkoLuttinen[m>
"This root disappears automatically when the result symlink is deleted or renamed. So don’t rename the symlink." <-- Sounds like magic, I don't understand
<raboof>
JaakkoLuttinen[m: I think they're the links in /nix/var/nix/gcroots and you can just 'rm' them, but I'm not *completely* sure :D
<siraben>
I think it might not be that magical, it's because you can add roots manually as well
<siraben>
So nix-build might run the add root as a final step
<raboof>
\ /nix/var/nix/gcroots/auto
<siraben>
"If you use nix-build, but not --no-build-output, your FS will be filled with result symlinks to various derivations. In the example above, note the following symlinks: "
<red[evilred]>
Well, managed to break nix profile already
* red[evilred]
is on a roll
sangoma has joined #nixos
<siraben>
Uh oh, what did you do?
knupfer1 has joined #nixos
<red[evilred]>
on nix profile upgrade"
<red[evilred]>
opening directory '/nix/store/swzfgj9558wk9zah6447sdf3x8l4d0fy-cachix-0.3.2': No such file or directory
<red[evilred]>
I have a different hash in use
<red[evilred]>
probably because the version in my local profiule was built from a different nixpkgs version I'm guessing
<JaakkoLuttinen[m>
Ah, so when running `nix-collect-garbage`, it'll check if the roots still exist on FS and if not, then it'll delete the store paths? So, garbage collector must have read access to the entire FS.
<red[evilred]>
and nix profile probably makes the assumption that it put it there
<JaakkoLuttinen[m>
`sudo nix-collect-garbage`, I mean..
<siraben>
I don't think it checks the entire FS for the symlinks, one experiment could be to build GNU Hello and write a symlink that points to it, see if it's in gcroots/auto
<siraben>
Yep, doesn't appear in gcroots
<red[evilred]>
I've never sudo for nix-collect-garbage -d
<red[evilred]>
it's a client for nix-daemon I thought so there's no need?
<red[evilred]>
am I wrong?
<JaakkoLuttinen[m>
siraben: But somehow it needs to know if the symlink defined in gcroots still exists. So it needs to be able to read those paths and as those symlinks can exist anywhere, it needs to be able to read the entire FS
sangoma has quit [Read error: Connection reset by peer]
<siraben>
Jaakko Luttinen: that sounds right
<patagonicus>
JaakkoLuttinen[m: nix:daemon runs as root
<patagonicus>
*nix-daemon
<JaakkoLuttinen[m>
patagonicus: When I've run first `nix-collect-garbage -d` and then `sudo nix-collect-garbage -d`, the latter will remove a lot more stuff that the first run didn't remove..
hnOsmium0001 has quit [Quit: Connection closed for inactivity]
<JaakkoLuttinen[m>
Heh, my system is full of those `result` gc-roots.. 😆 I now manually removed those symlinks and ran the garbage collector: 80GB freed 😆 😆 😆
<patagonicus>
JaakkoLuttinen[m: That is a wrapper around nix-store --gc. My guess is that the -d bit is what changes behavior, because that deletes old profiles and non-root is (hopefully?) not allowed to delete system profiles. So when you run it with sudo, it deletes more profiles, which invalidates more GC roots. But if the roots are already invalid, it
<alunduil>
I've got a recovery situation where I need to use a bootable disk to build my NixOS system again. If I do nixos-install will it use the nix store from the disk or the recovery media? If the recovery media can I point it a particular release since my recovery media is quite old?
jollyjester has joined #nixos
jollyjester has quit [Client Quit]
jollyjester has joined #nixos
jollyjester has quit [Client Quit]
jollyjester has joined #nixos
sangoma has joined #nixos
thomassgn has joined #nixos
<s1341>
hey guys. I am having trouble building manual-combined from home-manager.
Morfio has quit [Quit: This computer has gone to sleep]
<lejonet>
siigh, I've stumbled upon the "failed to create initrd secrets: No such file or directory" again with nixos-20.09, I have both boot.initrd.secrets and boot.loader.supportsInitrdSecrets set to lib.mkForce {} and lib.mkForce false respectively, how do I make it not attempt to make secrets into the initrd? I don't use that function at all
<MichaelRaskin>
I think at some moment «build» either automaticaly set --keep-going or at least accepted and passed through; but I have not used NixOS for quite some time now so I might be wrong
<lejonet>
MichaelRaskin: What I mean is that nixos-rebuild build works just as expected, but once I want to switch to the newly built generation, append-initrd-secrets segfaults, and none of the new services get started, but the rest of the base system gets "migrated"
<MichaelRaskin>
Oh I see
<MichaelRaskin>
Hmm, what happens if you switch again?
<lejonet>
so now I'm in some type of limbo land where somethings want to use ld-2.30.so and somethings want to use ld-2.31.so and I cannot upgrade services at all
<lejonet>
Exact same thing, append-initrd-secret segfaults, but apparently the switch "goes through" but there was "warnings" switching to the new generation :P
<Yaniel>
oh yea I had that but with glibc a while back
<MichaelRaskin>
Or maybe just «boot»
<lejonet>
MichaelRaskin: I should try that and see what happens
<MichaelRaskin>
Mabye even run manually the switch-to-configuration boot (from the new generation)
<lejonet>
Its in /run/system somewhere right?
<MichaelRaskin>
(the point being that NixOS logic of boot generation is a bit of too much of a mess)
<lejonet>
Agreed
<MichaelRaskin>
I would use the freshest profile
iH8c0ff33 has quit [Ping timeout: 246 seconds]
<MichaelRaskin>
I.e. /nix/var/nix/profiles/system-…-link/bin/switch-to-configuration boot
<MichaelRaskin>
The problem is that in NixOS one generation is responsible for generatingthe entries for the others, not just concatenating pregenerated known-good entries together
<lejonet>
Mhm
<lejonet>
ah, its that script that is calling append-initrd-secrets, so maybe if I just comment out that part, I can get it to work
<MichaelRaskin>
The script is of courser inside store…
<lejonet>
ofc it is, everything is in stock :)
<MichaelRaskin>
Sure, you can just comment a part out inside a checkout…
SanchayanMaity has joined #nixos
<lejonet>
The alternative is rebooting into a nixos-20.09 livecd and doing a nixos-install to fix it
<MichaelRaskin>
You might need to wipe old configurations I guess
jonatanb has joined #nixos
SanchayanMaity has quit [Client Quit]
<MichaelRaskin>
Or you might try preparing boot medium, wiping old configurations, and doing a rebuild boot again
<lejonet>
ooh, the perl script responsible for grub actually does a -e -x check if the append-initrd-secrets script exists and is executable, so if I just move it out of the way :P
<MichaelRaskin>
Or not have any generations where it exists
<lejonet>
MichaelRaskin: there you did indeed mention something, but iirc it was added in 20.09, but yeah I could always see about going back to 20.03
<lejonet>
crap, the earliest one has it too :(
<MichaelRaskin>
I think if you suppress this option, your newest generation should not have this executable, no?
jonatanb has quit [Ping timeout: 260 seconds]
<lejonet>
That is not really how it works sadly, if you don't have anything in boot.initrd.secrets, its the append-initrd-secrets scripts job to exit early without doing any work...
<lejonet>
so its always called, but should exit early if it has nothíng to do, instead of the perl script checking if it should be called or not
bbarker has quit [Remote host closed the connection]
astylian has quit [Remote host closed the connection]
bbarker has joined #nixos
astylian has joined #nixos
ehmry has quit [Read error: Connection reset by peer]
roconnor has joined #nixos
<kgriffin>
I'm seeing something where where the systemd units that are in my profile aren't correctly linked in /etc at boot in nixOS. Activating the same profile (like with a rebuild) fixes the link and causes the units to start.
<hexagoxel>
is there a way to --show-trace every derivation that gets built? I am trying to properly gcroot an IFD, but would like to do better than hardcoding store paths. So I need to know which expression path to create a gcroot for.
bbarker has quit [Ping timeout: 264 seconds]
ehmry has joined #nixos
<{^_^}>
[nixpkgs] @zupo opened pull request #104597 → Add pgweb, a light and fast web-based PostgreSQL database browser → https://git.io/JkrXS
<inquisitiv3>
I'm looking into creating a FHS environment for Intellij IDEA, OpenJDK, and libraries based on the __monty__ 's recommendation some weeks back. But I can't figure out when to declare packages in the `targetPkgs` or `multiPkgs`.
berberman has joined #nixos
alp has quit [Ping timeout: 264 seconds]
<inquisitiv3>
The Nixpkgs manual has an example there both `udev` and `alsaLib` is in both sets, but there's some additional packages listed in the `targetPkgs` set.
<__monty__>
inquisitiv3: Looks like multiPkgs is mostly useful if you intend to cross-compile at all.
<__monty__>
I'm not sure what the point is of including something in both targetPkgs and multiPkgs unless the packages have both libraries and binaries.
thblt has left #nixos ["ERC (IRC client for Emacs 27.1)"]
FRidh has joined #nixos
supermarin has joined #nixos
cole-h has joined #nixos
whatisRT has quit [Ping timeout: 260 seconds]
tom39291 has quit [Ping timeout: 272 seconds]
tom39291 has joined #nixos
<supermarin>
is there any tutorials on deploying a static site using nixos (and maybe git?) that aren't too outdated and not going too crazy into nix, haskell etc?
iH8c0ff33 has joined #nixos
philr has quit [Ping timeout: 246 seconds]
<supermarin>
I've gone as far as setting up a nixos server on digitalocean, that also hosts 2 bare repos and checks out the static files on a git push (post-receive) hook. I'm not sure i'm doing things properly 'the nix way'
<V>
supermarin: if you make your website into a nix package you can just write your server config such that it points the site root to that package
<V>
thus, modifying the site -> package rebuild -> site is atomically updated to the new version
<V>
I don't know which web server you use, but I use caddy, which makes configuration a simple matter of `example.com {\nroot ${site}\nfile_server\n}`
<supermarin>
V: thanks - in theory I get it. got a default.nix locally that builds the package, but in practice not sure what i'm supposed to do with the packae locally.
jonatanb has quit [Remote host closed the connection]
<supermarin>
nginx ATM, but not opinionated on it at all - open to use caddy
jonatanb has joined #nixos
<V>
the choice of server doesn't really matter
<V>
so, do you have a .nix file for your site that starts with { foo, bar, baz }:
iH8c0ff33 has quit [Ping timeout: 256 seconds]
<V>
(and then stdenv.mkDerivation { stuff goes here } or such)
<supermarin>
V: so i bulid just the package that the Nixos (server) depends on, locally on my laptop. Then - do i rsync it to the server, push somewhere else?
<V>
uh, no. you just reference it directly in your server configuration
<supermarin>
yep, let me double check the contents. i have a default.nix in the site root that takes the files, copies into ${out} ... and produces a `result`
<V>
unfortunately I don't have any examples online, still in the process of putting my config into git finally
<supermarin>
V: if I'm not mistaken, in this case you're building the whole nixos locally?
jonatanb has quit [Ping timeout: 256 seconds]
<V>
Yup. I have my server config on my laptop, and do nixos-rebuild with --target-host set to the remote machine
<V>
(and `--build-host localhost` if I want it to build on my laptop instead)
<supermarin>
ahh this might be one way of doing it i see :) not familiar with --target-host, let me quickly look
<supermarin>
kk that's why - i'm running macOS locally
<supermarin>
+ nix
<V>
You can make nixos-rebuild choose a different config to /etc/nixos/configuration.nix by setting the NIXOS_CONFIG environment variable to the server config, or -I nixos-config=/path/to/server/configuration.nix
<V>
ah, I see
iH8c0ff33 has joined #nixos
<V>
yeah in that case it'd probably make most sense to just keep the site git repo or whatever on the server; so you'd just push new changes and then run nixos-rebuild on the server
srxl has quit [Quit: Idle for 30+ days]
<supermarin>
The idea of the workflow is to write posts in markdown / html doesn't matter, and push text content into a repo. then the site gets built and published with no further actions from me (if the push was to master). on a standard linux distro, I'm hosting bare repos in `git` user's HOME, and pushing the markdown/html directly to that repo. Then a git hook in that repo makes a local checkout into /var/www
<supermarin>
or wherever the nginx serves from, and the site is updated as soon as `git push` is done
<V>
you can always still do things like that
<V>
in which case there's nothing special to do on the nix/nixos side
<tokudan>
got some issues with string escaping in nix. what's the correct way to escape '' something ${not_a_nix_expression} else '' in nix? example: http://paste.debian.net/plain/1173853
<V>
tokudan: yes, it is the default; '' is unusual in the snippets themselves
<V>
nf: that was my initial guess, but seeing lib pop up repeatedly made me unsure
<nf>
> Namely, to build the configuration we have to import the modules and to import the modules we have have to evaluate config._module.args.isVM, but to evaluate config._module.args.isVM we have to build the configuration…
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):406:7
<nf>
oops, sorry {^_^}
<V>
it would make sense that generating imports based on the module you are in the process of defining (i.e. that does not itself yet exist) would not work
<V>
it would probably work to split this into profiles.nix and profiles-impl.nix
<V>
orr just move the option declaration into a module within the imports
kreyren_ is now known as PROPRIETARY
mananamenos has joined #nixos
<nf>
my idea now is to replace imports with something like config = mkMerge (the profiles)
veleiro has quit [Ping timeout: 240 seconds]
<nf>
since those profiles only declare the config attribute
<mananamenos>
hi, i've just burnt a nixos on usb using rufus. Rebooted the pc, booted the usb, and after some seconds of booting it everything crashed with half of monitor showing unrendered letters (nixos booting messages)
<mananamenos>
any idea what is failing? Maybe i have to setup up something in bios?
<JeffU>
Can someone help me figure out how to override the postInstall for tmuxPlugins.sensible? tmuxPlugins doesn’t have overrideScope and tmuxPlugins.sensible doesn’t have override
JeffU has quit [Remote host closed the connection]
vidbina has quit [Quit: vidbina]
<{^_^}>
[nixos-org-configurations] @lukegb opened pull request #134 → delft/eris: include Prometheus port in nginx proxy_pass directive → https://git.io/JkoY9
<yetanotherserge>
Hi! Is running bazel within nix build a viable thing? Tried a naive "bazel build" in buildPhase - down trying to modify a /homeless-shelter which nix won't allow.
<V>
no there's no shared external cache you can use
bl1nk has joined #nixos
<V>
nix wants to manage its own collection of artifacts and sandboxes individual builds so this is basically impossible
sm_ has joined #nixos
<yetanotherserge>
Aye, I don't want to use external cache, I'm fine building from scratch
<V>
oh, in that case; I imagine there's stuff in nixpkgs already that uses it?
<V>
ah, yes
<yetanotherserge>
Hmm, indeed. I'll go check out
<V>
grep for buildBazelPackage
<{^_^}>
[nixos-org-configurations] @lukegb opened pull request #135 → delft/eris: remove trailing slash from Prometheus proxyPass → https://git.io/JkoZz
<JaakkoLuttinen[m>
When I run `sudo nixos-rebuild build`, there's no `result/etc/passwd` file. How could I check what users are defined in that system?
<JaakkoLuttinen[m>
I don't want to switch to that system before making sure users are created correctly as I just heavily modified the user creation logic in my `configuration.nix`...
boxscape has joined #nixos
<{^_^}>
[nixpkgs] @sternenseemann opened pull request #104625 → pythonPackages.pypandoc: fix tests for pandoc >= 2.11.2 → https://git.io/Jko8q
<srhb>
JaakkoLuttinen[m: You can find the path named users-groups.json in that closure to find the spec
<srhb>
JaakkoLuttinen[m: Actual synchronization with /etc/passwd is done by some perl script.
vidbina has quit [Ping timeout: 256 seconds]
<srhb>
JaakkoLuttinen[m: You can also find that path from the activate script of that system. There will be a line that contains "users-groups.json"
<V>
it's in /var/lib/nixos IIRC
bbarker has quit [Remote host closed the connection]
bbarker has joined #nixos
<V>
or, no. that would be the state of the running system
<{^_^}>
[nixpkgs] @flokli pushed 4 commits to staging-20.09: https://git.io/Jko8b
thblt has joined #nixos
bbarker has quit [Ping timeout: 260 seconds]
jonatanb has joined #nixos
growpotkin has joined #nixos
<srhb>
V: Well, it's still true, or at least the other half of the system, since that information is indeed users by the perl script. :)
<srhb>
Depending on setup, of course...
jonatanb has quit [Ping timeout: 240 seconds]
ToxicFrog has joined #nixos
bbarker has joined #nixos
devmohe has joined #nixos
alp has quit [Ping timeout: 272 seconds]
<devmohe>
Hi, is it possible to get all used files from a NixOS build? So you could basically strip off all other files and get a minimal nixpkgs for this build. I would like to do this to minimize the security issues as I only would need to check these files for changes then. I already tried `inotifywait -m -r -e OPEN .` but this didn't seem to work.
pushqrdx has quit [Remote host closed the connection]
pushqrdx has joined #nixos
boxscape has quit [Ping timeout: 260 seconds]
bbarker has quit [Remote host closed the connection]
bbarker has joined #nixos
neiluj has joined #nixos
<thblt>
dulwich tests on Python 3.8 segfault on latest unstable for me, anyone else experience this? It's a dep of haskell-language-server and nix-prefetch-scripts.
<thblt>
(This makes nixos-rebuild fail obviously)
hyper_ch5 has joined #nixos
<srhb>
thblt: I think the most common dep is for the optparse completion wrapper, so you can strip that out for now
<srhb>
But yes, it's broken since the GHC/Stackage bump.
<srhb>
Or maybe unrelated due to the massive python changes
<srhb>
/shrug
bbarker has quit [Ping timeout: 240 seconds]
<andi->
devmohe: you can run nix-instantiate with -vvvvvvvvvvvvvv and look at all the files it opens
supermarin has quit [Ping timeout: 240 seconds]
<srhb>
thblt: Yeah, look like the tests for dulwich are just broken on their own.
<{^_^}>
[nixpkgs] @domenkozar pushed 3 commits to release-20.09: https://git.io/JkoE3
Kim has joined #nixos
supercoven has quit [Ping timeout: 260 seconds]
leotaku_ has joined #nixos
leotaku has quit [Ping timeout: 260 seconds]
<thblt>
srhb: thanks!
<shapr>
I'm attempting to upgrade my system from 20.03 to 20.09 and I get "error: The option `services.xserver.displayManager.enable' defined in `/etc/nixos/configuration.nix' does not exist."
<shapr>
My first guess is that I need to change my system.stateVersion from "19.09" to something newer?
<shapr>
oh, now that error is gone :-|
<shapr>
now I get "error: urwid-2.1.1 not supported for interpreter python2.7"
<{^_^}>
[nixos-search] @turboMaCk pushed to turboMaCk/fix-github-links « Fix links to github source. »: https://git.io/JkozY
<{^_^}>
[nixos-search] @turboMaCk opened pull request #232 → Fix links to github source. → https://git.io/Jkoz3
oida has quit [Remote host closed the connection]
<yetanotherserge>
buildBazelPackage worked, thanks all
<yetanotherserge>
@lukegb, it may be worth mentioning: I had some unintelligible problems with new_git_repository - switching to http_archive helped
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<lukegb>
ooh, interesting
fendor has joined #nixos
<yetanotherserge>
I'd provide some details, but much later, I'm afraid
<shapr>
searching for the error message above, I found some github issues about python2.7 being end of life now. Since I don't have urwid explicitly listed, how do I figure out which package is requiring the urwid dependency?
<srhb>
shapr: A trace would probably show it.
<shapr>
digging into the output of --show-trace, it seems to start at: while evaluating the attribute 'system.activationScripts.script' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/activation-script.nix:68:9:
<srhb>
shapr: Hm, that's not very helpful.
<shapr>
yeah
Boomerang has joined #nixos
Acou_Bass has joined #nixos
<shapr>
my first guess is it's something like byobu which does use a python wrapper around tmux
<shapr>
I'll try turning that off
<srhb>
shapr: Otherwise you can try nix-store -q --tree on the derivation for your system, but it might not be obvious even then.
<shapr>
How do I get the derivation for my system? I'm still a noob
<supersandro2000>
shapr: nix-tree $(nix-instantiate -A package)
<shapr>
ah, so I could use that to check each of my packages to see which one requires urwid?
<srhb>
shapr: Yeah it's a little unhandy getting the system drv from nixos-rebuild, but it'd give you a tree of all the dependencies.
<shapr>
do I need to install nix-tree?
<srhb>
I don't know nix-tree.
<shapr>
srhb: how do I hand the derivation for my system to nix-store ?
<srhb>
Working on remembering the exact invocation, hang on.. My system isn't set up for this :)
<srhb>
It should be something like... nix-instantiate -E 'with import <nixpkgs/nixos> {}; config.build.system'
<srhb>
Ah no, it's config.system.build
<shapr>
ah, ok
<srhb>
Anyway, that should yield a drv path, which you can then `nix-store -q --tree`
<srhb>
This may or may not give you a helpful tree wherein you can figure in the offending package.
iH8c0ff33 has joined #nixos
<evils>
isn't this closer? `nix why-depends -a $(readlink /run/current-system) nixpkgs.python27 | less`
<srhb>
evils: The system is unbuildable currently
<evils>
doh, ofc
<srhb>
But, ye, why-depends may be helpful even then, but still on the drv.
<shapr>
I could switch back to the 20.03 channel
<srhb>
And why-depends on a system path is often not really helpful, since you'll just get the activation script.
<shapr>
this is surprising: '/nix/store/ml138j3cmkdv50zi7r8s3p75ffavp280-nixos-system-kali-20.03.3269.f05c380a51d' does not depend on 'nixpkgs.python27'
<shapr>
does that mean the 20.09 does depend on python27?
<srhb>
shapr: No, it means it doesn't depend on _that_ python27.
<shapr>
oh
<srhb>
(Which has an exact hash)
<srhb>
So the system and nixpkgs need to be in complete sync for that to be helpful
<srhb>
Try the tree first :)
<das_j>
I found out what depended on python 2.7 by adding `assert false` to the beginning of the package and evaluating my system with that modified nixpkgs with --show-trace
bbarker has quit [Remote host closed the connection]
Izorkin has quit [Ping timeout: 256 seconds]
bbarker has joined #nixos
<nf>
in applyIfFunction, why not apply the function to the entire _module.args set, instead of introspecting its formal arguments to know which ones to pass?
<nf>
(i'm trying to write a helper function that takes a function module and returns a function module, and this is slightly annoying because i have to use functionArgs and setFunctionArgs so that the correct arguments get passed)
<das_j>
cc infinisil
iH8c0ff33 has joined #nixos
bbarker has quit [Ping timeout: 240 seconds]
<infinisil>
nf: Probably to not get infinite recursion
<infinisil>
Yeah, because if it was `f (config._module.args // args // extraArgs)`, `config` would have to be evaluated, which can't be done at that point without getting inf rec
deadpixels has joined #nixos
szicari has quit [Ping timeout: 260 seconds]
<nf>
well, isn't config evaluated on line 303, if there's at least one required argument?
<DigitalKiwi>
ooh look at the haskell programmer throwing around fancy words like point free
<nf>
infinisil: aaah
hlolli__ has joined #nixos
<xenophile>
Hello. So I have nixOS on my laptop and I really want to install it on my main machine but the only thing stopping me is windscribe vpn cli client isn't availible as a nix package. Is it fairly difficult to package something from a .deb or .rpm?
<MichaelRaskin>
xenophile: do you know the link to Nixpkgs repository?
jonatanb has quit [Remote host closed the connection]
jonatanb has joined #nixos
<flokli>
genevino: there's systemd.tmpfiles.rules
<xenophile>
:MichaelRaskin Do you mean the site for saerching all of the availible nixOS packages?
<MichaelRaskin>
No, the actual package sources
<adisbladis>
leo60228: What do you mean by "while still running native code as much as possible"?
iH8c0ff33 has joined #nixos
brettgilio has joined #nixos
<MichaelRaskin>
I am afraid the easiest way is to write a Nix package for that
<xenophile>
No I don't. Ok I assume that's fairly difficult?
boxscape has joined #nixos
<{^_^}>
[nixpkgs] @marsam opened pull request #104635 → haskellPackages.ghc8102: add patch to allow Block.h compile with c++ compilers → https://git.io/JkoXt
<MichaelRaskin>
Nixpkgs has a reasonably credible claim to be one of the easiest general GNU/Linux (but not only) packages system to write leaf packages for
<DigitalKiwi>
nf: what would making them work with const look like?
<nf>
DigitalKiwi: DON'T DO IT, but drv: foo becomes lib.const foo if you're not using drv in foo
<xenophile>
MichaelRaskin: I can give it a shot. It would be a great skill to learn. Lack of certain packages has always been the main thing preventing me from trying new distros so it would be great for me to learn. Is there a particular place to go for documentation on this specifically?
<DigitalKiwi>
just some combination of the various overrides in the right order to make them all nice an flowy
<DigitalKiwi>
anyway it took me a long enough to get the let one and there are a ton more things to do so >.>
<MichaelRaskin>
xenophile: note that once you are comfortable with Nix you can even use it as a stop-gap solution on any distro. No package? Install Nix without touching the core system, use it from there
sangoma has quit [Quit: WeeChat 2.9]
<DigitalKiwi>
i have nix on my phone
<DigitalKiwi>
so of course i have ghc on my phone
<xenophile>
MichaelRaskin: Oh wow that is very cool. It's those kinds of things that drew me to this distro/package manager
<{^_^}>
[nixpkgs] @domenkozar merged pull request #104635 → haskellPackages.ghc8102: add patch to allow Block.h compile with c++ compilers → https://git.io/JkoXt
<MichaelRaskin>
At work I got some Ubuntu VMs that I cannot even reimage quickly. So the system definitely stays pristine, and the real stuff is getting deployed by Nix, because I want to be able to fix my mistakes!
<leo60228>
how should i handle secrets when using flakes?
<leo60228>
previously i had .gitignored files that i read using builtins.readFile
<leo60228>
but that doesn't work with flakes by design
fendor has quit [Ping timeout: 256 seconds]
<{^_^}>
[nixpkgs] @roberth opened pull request #104640 → haskellPackages.inline-c-cpp: Patch to build with llvm → https://git.io/JkoHA
<la-jesystani>
im not sure how secure it is, but you could make sure they arent entering the nix store, then use git-secret to blank them from the repo?
iH8c0ff33 has quit [Ping timeout: 240 seconds]
bbarker has quit [Remote host closed the connection]
bbarker has joined #nixos
<leo60228>
la-jesystani: my threat model is people having access to my git repository, not people having access to my nix store
<{^_^}>
[nixpkgs] @roberth closed pull request #104640 → haskellPackages.inline-c-cpp: Patch to build with llvm → https://git.io/JkoHA
bbarker has quit [Ping timeout: 260 seconds]
civodul has quit [Quit: ERC (IRC client for Emacs 27.1)]
Morfio has quit [Quit: This computer has gone to sleep]
Morfio has joined #nixos
bbarker has joined #nixos
<evanm>
trying to fix a broken haskell package in 20.09 pandoc....works in haskell-updates but it is a dependancy of a vm I am trying to build...how can I kink the version that installed.
bbarker has quit [Remote host closed the connection]
_bl1nk has joined #nixos
bbarker has joined #nixos
werner291 has quit [Quit: werner291]
<nh2[m]>
in ZFS, how can I prevent `device = "zroot/root/myencrypted";` from being auto-mounted at boot? I want to boot through without password prompt
<nh2[m]>
it asks for the pw in stage 1
<__red__>
moveToOutput
<nh2[m]>
I have already removed it from `hardware-configuration.nix` but it still asks