<tomberek>
lambda-11235: in binaries it's tougher, is there a way to specify it via an env variable or a command-line flag?
<rmcgibbo[m]>
In general, I don't believe it's possible to replace strings in binaries like that. patchelf can do it for a few parts of the binary, but I think those parts are the exception. In general binaries contain a lot of relative offsets, and so you in principle can only swap to shorter strings by leaving things null-terminated with extra null bytes.
g-w1 has joined #nixos
ddellacosta has quit [Remote host closed the connection]
<lambda-11235>
Yeah, it's a closed source program (pulse secure), so not much luck in any of those departments. I guess I'll go with my original plan of a Debian VM, I don't want to have to reverse engineer the whole program.
<tomberek>
lambda-11235: does it have FHS dynamic library requirements as well?
<tomberek>
lambda-11235: all else fails you can use a container... or just directly place your config file in /usr/share/.../config.ini and accept the hack (it can be a symlink to store if needed)
<kini>
Is it possible/advisable to run nvidia drivers from nixos unstable on nixos 20.09? I'm getting frequent kernel BUGs with the current version (455.x)
bitmapper has joined #nixos
<tejing>
kini: I think you'd have to use the whole kernel from nixos unstable
<kini>
hmm... well, there is also a small one-line patch an nvidia engineer posted on the nvidia forums which should apply to 455.x... maybe I can try to apply that somehow
<crok>
is delta or express updates similar to android and windows available for updating or upgrading ?
<aleph->
Oh nifty someone packaged the latest version of Teleport finally. Had given up on getting that working. Motivation to finish the module is increased!
<aleph->
infinisil: For settings config option. I can declare some settings that must exist and leave the others as fill in/optional ya? Also don't suppose you have an example for settings with optional submodules/sub-services?
ddellacosta has joined #nixos
lsyoyom has joined #nixos
waleee-cl has quit [Quit: Connection closed for inactivity]
ahmedelgabri has joined #nixos
crok has joined #nixos
ddellacosta has quit [Remote host closed the connection]
grobi1 has quit [Read error: Connection reset by peer]
grobi1 has joined #nixos
sbock has joined #nixos
crok has quit [Quit: Ping timeout (120 seconds)]
crok has joined #nixos
n-osborne has joined #nixos
crok has quit [Client Quit]
n-osborn_ has joined #nixos
n-osborne has quit [Read error: Connection reset by peer]
stree has quit [Ping timeout: 240 seconds]
Darkmatter66 has quit [Ping timeout: 256 seconds]
ahmedelgabri has quit [Ping timeout: 272 seconds]
tomchab[m] has joined #nixos
n-osborn_ has quit [Read error: Connection reset by peer]
bitmapper has quit [Quit: Connection closed for inactivity]
grobi1 has quit [Quit: WeeChat 2.3]
m0rphism1 has joined #nixos
<cole-h>
zeta_0: FWIW, NixOS != Nix. Nix on Ubuntu is basically the same as Nix on WSL, from what I know.
<cole-h>
You wouldn't be able to enable services (like a ZFS snapshot daemon) (at least, not easily), but you would be able to build packages with e.g. `nix-build`
civodul has joined #nixos
<zeta_0>
cole-h: thank you for your response, I guess that I'm misunderstanding the systemd support section, is systemd not supported, or did this trundle person use a work-around on nixos-wsl so that systemd works? https://github.com/Trundle/NixOS-WSL#systemd-support
sbock has quit [Ping timeout: 240 seconds]
<zeta_0>
cole-h: also, I depend heavily on home-manager for user packages and (direnv+nix-direnv+emacs-direnv) to work in isolated environments, if I can't get emacs working in wsl, then I'll switch to codium instead.
<cole-h>
Nix does not deal with systemd at all. NixOS does.
<zeta_0>
cole-h: so will all the nix-tooling that I just mentioned above work in the nixos-wsl installation?
<cole-h>
Short answer is: I don't know. I don't know why you'd want to use NixOS-WSL over just installing Nix inside the default Ubuntu WSL
abathur has joined #nixos
<zeta_0>
cole-h: ya, I that's a good option, also, my windows 10 os is taking forever to upgrade to the latest windows build.
<zeta_0>
cole-h: my boss is allowing me to enable wsl in my windows 10 machine so that I can use my linux tooling for python development, so I'm looking for the simplest solution to setup my nix tooling, so that I can start coding right away.
<cole-h>
IMO, simplest would be to just install Nix in Ubuntu, however you'd go about doing that.
<cole-h>
But, up to you. If you want to experiment, go for it :)
abathur has quit [Ping timeout: 240 seconds]
<zeta_0>
cole-h: ok, i'll ubuntu in wsl and install nix in ubuntu, but will the nix tooling that I just mentioned above work with this setup?
jonringer has quit [Ping timeout: 264 seconds]
kini has quit [Remote host closed the connection]
<zeta_0>
cole-h: I'm just making sure, before I start installing things.
<whald>
hi! i have a bugfix PR against nixpkgs sitting idle for a month. it has been reviewed and everything, so who do i have to poke to get it merged soon? ;-)
<{^_^}>
[nixpkgs] @roberth pushed 108 commits to staging-20.09: https://git.io/JtHVX
<jdelStrother>
"${<nixpkgs>}/pkgs/development/ruby-modules/bundler-env" { bundler = foo }`), but I think I must be missing something. The default pkgs.bundlerEnv is invoked with an empty set, so where do the default values for everything in @defs come from?
hiro98 has quit [Ping timeout: 260 seconds]
<jdelStrother>
Oh, callPackage just implicitly adds all arguments from the `pkgs` set?
<srk>
ones required by the function. you can also override one of them using callPackage ... { bundler = ...; };
<attila_lendvai>
can a nixos module generate something (maybe a wrapper script with makeWrapper?) that will be available in the path when the service is enabled?
jdelStrother has quit [Quit: Ping timeout (120 seconds)]
<chisui>
I remember that there was a way to run commands in an environment where certain files are overlayed like in an overlay filesystem but I can't remember the nix expression. Is there something like this or was I only imagining that?
<chisui>
__monty__: well I'm on nixos and want to use intellij so I have to deal with this somehow. My current plan is to create a FHSEnv with some jdks linked in and start Intellij inside it.
FRidh has joined #nixos
sangoma has quit [Ping timeout: 240 seconds]
lsix has quit [Ping timeout: 272 seconds]
g-w1 has left #nixos ["bye"]
avaq has joined #nixos
sangoma has joined #nixos
avaq has quit [Ping timeout: 260 seconds]
berberman_ has quit [Ping timeout: 258 seconds]
berberman has joined #nixos
greenbottle has joined #nixos
avaq has joined #nixos
Darkmatter66 has quit [Ping timeout: 260 seconds]
<Unode>
hi all. Is there any tool in nixpkgs that can create rar files? I see unrar that I have used often but no "create" counterpart.
<dminuoso>
Unode: RAR is a supreme example of toxic software. It's license forbids reverse engineering, you need explicit permission if you want to provide a tool to create rar files yourself.
Qwerky has quit [Remote host closed the connection]
strobelight has joined #nixos
<attila_lendvai>
i don't seem to find any examples or docs where the handling of secrets are discussed. i want to put my config under git, but i have some secrets in them... can someone point me to some docs or some example configs that use external secrets?
<__monty__>
attila_lendvai: Keep in mind that secrets you put in your configuration probably end up world-readable in the store.
<cransom>
there are many approaches you can take. there isn't a single 'this is how you do secrets in nixos'
Qwerky has joined #nixos
dev_mohe has joined #nixos
<attila_lendvai>
oh my, i've skimmed that blog post before. it's too much complexity for me at this moment to open one more layer in my stack of TODO's... i'll just delay recording that diff. thanks though!
ddellacosta has quit [Ping timeout: 264 seconds]
acarrico has joined #nixos
<hexa->
,locate tracker-needle
<{^_^}>
Couldn't find in any packages
Qwerky has quit [Ping timeout: 264 seconds]
awmv has quit [Quit: Connection closed for inactivity]
strobelight has quit [Remote host closed the connection]
c4droid has left #nixos [#nixos]
<berber>
hey, i have a minimal nginx config, here https://termbin.com/wmzp i get the error "failed to start Renew ACME certificate for subdomain.example.com." when i do "sudo nixos-rebuild switch --upgrade". what could be my problem?
<berber>
obv subdomain.example.com points to my server
<berber>
it points to the machine of my nixos computer
<nf>
so why couldn't builtins.toFile "name" "${pkgs.hello}" build hello and then write the output path to /nix/store/hash-name ?
<clever>
instead, its just a single path
dev_mohe has quit [Ping timeout: 260 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<clever>
nf: because its reusing the same internal api as ${./foo.txt}, where $out is based on a hash of the contents, not a hash of how those contents got built
nixuser has quit [Remote host closed the connection]
sigmundv_ has quit [Read error: Connection reset by peer]
superherointj has joined #nixos
sigmundv_ has joined #nixos
<scoates>
any of you happen to be using IntelliJ Idea with Rust + a nix shell and have any idea what I need to put here? https://files.scoat.es/BDcEO4if.png (I had to hack up .rustbin with a couple symlinks because it wants rustc + cargo in the same place)
<RowanG>
Hello everyone. I'm have been trying for a week now to install nixos on a Dell xps 13 9310 without success. I have tried both the graphical ISO boot images on the website but both don't boot to a gui. I also tried the nomodeset boot option with the same result. I can open a terminal. How can I debug this?
<hazel[m]>
how do I renew my LetsEncrypt certificates managed by NixOS?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<bqv>
lordcirth_: I just have quite an extensive firewall and noisy network... :/
fendor_ is now known as fendor
<lordcirth_>
hazel[m], there should be a service & timer to do it automatically?
<hazel[m]>
namely I have the issue with this error in journalctl: `Feb 22 09:58:59 kerria acme-blog.knightsofthelambdacalcul.us-start[1444]: 2021/02/22 09:58:59 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-v02.api.letsencrypt.org: device or resource busy`
<hazel[m]>
which is. I have no idea how to fix this
tomberek has joined #nixos
sangoma has joined #nixos
ericsagn1 has joined #nixos
malook has joined #nixos
zupo has joined #nixos
<cransom>
it does some namespacing and remounting things, i had that error once and i think i "fixed" it by making sure the services were stopped, then purging /var/lib/acme, and restarting them. ymmv.
avaq has quit [Ping timeout: 256 seconds]
<gchristensen>
I've had a ton of problems with acme lately :/
<tomberek>
sterni: "Can request certificate with HTTPS-01 challenge"
erasmas has joined #nixos
<sterni>
See, I gave up at Exception: command `/run/current-system/specialisation/httpd-aliases/bin/switch-to-configuration test` failed (exit code 4)
civodul has joined #nixos
<tomberek>
"webserver # [ 183.208378] acme-c.example.test-start[3411]: [d.example.test] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Get "https://d.example.test:80/error/HTTP_FORBIDDEN.html.var": http: server gave HTTP response to HTTPS client" It seems it's on the apache test.
zupo has joined #nixos
dev_mohe has quit [Quit: dev_mohe]
ahmedelgabri has quit [Ping timeout: 264 seconds]
cole-h has joined #nixos
kaliumxyz has quit [Remote host closed the connection]
stree has joined #nixos
cfricke has quit [Ping timeout: 258 seconds]
zupo_ has joined #nixos
<awmv>
May I ask questions related to tcpdump as well? I don't know in which channel to ask. #linux is invite only
ahmedelgabri has joined #nixos
ManiacOfMadness` has quit [Ping timeout: 272 seconds]
jakobrs has joined #nixos
<lordcirth_>
awmv, not invite, you just need to be registered with freenode, afaik
<awmv>
#linux: Cannot join channel (+i) - you must be invited
zupo has quit [Ping timeout: 256 seconds]
<lassulus>
I can join without invitation
<tomberek>
it's the last three tests, starts to go bad with apache
<lassulus>
oh wait I got redirected to ##linux
<awmv>
##linux: Cannot join channel (+b) - you are banned
<awmv>
:D
<clever>
awmv: /mode ##linux +b
<clever>
to list the bans
<clever>
then look thru it for something that matches you
<awmv>
Well... Someone gave me 4 Raspberry Pi 4B's with one respective SSD saying they need them to track network traffic in pcapng files on the SSD. My current idea is to run a tcpdump command on the startup with tons of flags that I still need to figure out. My idea was to ask in the linux channel for that. I'm gonna need a circular output as well
<shapr>
single # means "irc channel owned by the actual organization"
<shapr>
double ## means "not 100% official"
Nezha[m] has joined #nixos
<supersandro2000>
but I can just open any channel I want, right?
<awmv>
Using NixOS might be overkill, but I wanted to get to know it 🥰
<clever>
supersandro2000: yeah, but if you want chanserv, you have to register it with freenode, and play by the rules freenode has set
<a12l>
I get SSL cert errors in Firefox and in Chromium installed from Nixpkgs on my Fedora system when I try to visit any website. The error I get is `Error code: SEC_ERROR_UNKNOWN_ISSUER`. No problems with Firefox from Fedora's repos.
<tomberek>
cole-h: looks fine, i don't have a zfs machine to test on ATM.
jimmiehansson has quit [Remote host closed the connection]
shibboleth has joined #nixos
<zn40>
In nixos, I'm able to conveniently configure a login to a herbstluftwm session (via the default display manager). How can I configure nixos so that I can log into a tty as a user then run `startx`? I've tried adding `(import <nixos> {}).xorg.xinit)` to `environment.systemPackages`, but `startx` fails to successfully start an X11 session.
ardumont has joined #nixos
<zn40>
My end goal: I want to be able to simultaneously log in multiple user accounts to different ttys.
<__monty__>
Is there any evaluation penalty due to listing many optional dependencies as arguments to be filled by callPackage?
<thibm>
zn40: there is displayManager.startx.enable option
<cole-h>
tomberek: An approval review (even just "diff LGTM") would go a long way... <3
<thibm>
then use a .xinitrc to start the wm, and yes you need xorg.xinit
<thibm>
zn40: your system configuration can have a `pkgs` formal argument, use it instead of (import <nixos> {})
<zn40>
@thibm: thx!
<thibm>
zn40: in fact displayManager.startx.enable will also have the effect to add xorg.xinit to installed packages, so you don't need to add it yourself.
<zn40>
How does `<nixos>` relate to `<nixpkgs>` or the `pkgs` arg in `configuration.nix`?
<fast1[m]>
A NixOS machine on my local network has really irregular, often high, latency from other computers on the network
<fast1[m]>
When I ping the NixOS machine the time taken fluctuates between 10ms and 300ms. Pinging the other machine from NixOS doesn't have the same issue so it can't be a problem with the routing
<fast1[m]>
Any idea how I can debug/fix this? (NixOS is using iwd for wireless connection)
dev_mohe has quit [Remote host closed the connection]
meursault has quit [Quit: Leaving]
<zn40>
Does the `nixos` channel typically include a superset of `nixpkgs`? I put `pkgs.vim` in `systemPackages` just assuming it was `nixpkgs`, and that worked.
<__monty__>
For optional dependencies should I add sanity-check asserts so people don't enable two dependencies that would do the same thing?
<__monty__>
E.g., it's useless to enable both highlight and pygments because only one of them will ever be used at runtime.
malook has joined #nixos
malook has quit [Client Quit]
malook has joined #nixos
malook has quit [Client Quit]
<ekleog>
Is there any way to lie about the feature set? I'm trying to build a googleComputeImage on a GCE machine itself without having nested KVM (not caring if it takes a bit more time), but nix (correctly) auto-detects that the machine doesn't have KVM enabled and refuses to build… so can I lie about having feature “kvm”?
stree has quit [Ping timeout: 256 seconds]
<__monty__>
Can't you just put the feature in the remote-systems.conf?
<ekleog>
answering myself, as usual just after asking: looks like yes with system-features = [ kvm [the default features] ] — also, I'm not using remote systems, here it's all local builds, it's just that for some unclear-to-me reason nix refuses to build googleComputeImage images if the kvm feature isn't enabled, even locally (building locally on a GCE VM)
<ekleog>
__monty__: for your question, I'd vote for having an assertion if having both highlight and pygments enabled still leads to only one being used
<DigitalKiwi>
do you think it's safe to buy a used yubikey
Darkmatter66_ has joined #nixos
<V>
I would recommend against doing that
sangoma has quit [Quit: WeeChat 3.0]
Darkmatter66 has quit [Ping timeout: 240 seconds]
<demize>
Like, Yubico has a thing where you can verify the authenticity of one, but it still seems like an unnecessarily high risk that they found some way to tamper with it anyway.
<bqv>
er, what's the right order again? .override then .overrideAttrs? or am i mistaken?
stree has quit [Ping timeout: 240 seconds]
<bqv>
really need that overrides RFC...
<zn20>
Does nixos store the source of nixpkgs used for the current system config somewhere in the nix store (or another spot) that I can browse?
<V>
nope
<V>
you can do that manually by adding your own code that pins a copy
lsix has quit [Ping timeout: 240 seconds]
<tomberek>
zn20: no, because technically you can create the same system by having different nixpkgs (as long as the changes don't impact the system.... but you CAN do the copy... or store it somewhere if you want
<tomberek>
there is also system.copySystemConfiguration and system.configurationRevision
<zn20>
I think I know how to rewrite `configuration.nix` to pin a specific tarball + hash, but then I have to manually manage upgrades. What I was hoping for is something that still plays well with channels (or flakes which I haven't yet learned about) but also ensures I save a copy of the source.
<zn20>
Oh, thanks, I'll look into those.
<tomberek>
zn20: also, try nixos-version, the git hash of the nixpkgs is inserted into that name (i'm using flakes, so it works pretty well)
meh` has joined #nixos
eta has quit [Quit: we're here, we're queer, connection reset by peer]
vidbina_ has joined #nixos
eeeeeta has joined #nixos
stree has joined #nixos
<avaq>
Hi. Someone asked me to provide an Iso image for a VM. I already have the machine's full Nix configuration. Is there an easy way to generate an iso from my existing nix config?
<zn20>
I have only barely scratched the surface of flakes. Since I'm new to nixos, should I dive in right away to flakes so that I don't have to unlearn the old way, or is flakes support still too wobbly to recommend for new users?
<zn20>
Waaaait a minute. How can `nixos-version` know the git hash of nixpkgs given your previous statement that different `nixpkgs` revisions could theoretically generate the same system state?
<zn20>
tomberek, ↑
fuiltilt has joined #nixos
<installnixos[m]>
<zn20 "I have only barely scratched the"> Flakes aren't too tricky. You basically have a little bit of boilerplate that calls your configuration.nix
<installnixos[m]>
They're stable enough. Haven't had any issues with them. Been switched for 3 months
<zn20>
Maybe I should pop up a level and describe what I want to do (which is probably unusual) then someone might have better advice on how to approach it: rather than use home-manager, I want to create a "user config derivation" and make that the single item that I install with `nix-env`. So far it's working great for things like wrapping vim or tmux
<zn20>
with little wrapper derivations that include my own config files. Where it's not working is the interface to the system configuration. For example, I've enabled `services.xserver.displayManager.startx.enable = true`, but when I run `startx` as my user, I want it to be running a wrapper script in my own home directory derivation that tweaks its
<zn20>
arguments/config. I know how to wrap the `startx` derivation, but that version doesn't succeed at starting an xsession, whereas whatever the system service does works at starting an xsession, but it does not use my own derivation's config.
<zn20>
installnixos[m] Thanks for the report. What's the best starting point for migrating my nixos install to a flakes approach?
<zn20>
-as in documentation on how to do it...
<avaq>
Regarding my question about iso images: I figured it out.
<raboof>
if `nix-store --gc` no longer deletes anything, and `nix-store -q --referrers /nix/store/foo` returns only itself, does that mean it's a gc root itself? how do I find out what's still holding on to it?
<tomberek>
avaq: this may be late, but are you looking for `nix-build '<nixpkgs/nixos>' -A system.build.isoImage --arg configuration ./configuration.nix` or similar?
vidbina_ has quit [Ping timeout: 260 seconds]
<avaq>
tomberek, yes, I figured it out after, see my later messages. :)
<sterni>
zn86: documentation.man.enable = true; does what you want for environment.systemPackages etc.
<sterni>
zn86: nix-env -i should always install all man pages but I don't know where they are symlinked and if man(1) finds them there
<chisui>
Is there an elegant way to provide credentials to fetchUrl?
<avaq>
I have a question. I have created a bootable live cd for the provisioning of a headless system. I included a user with my ssh key and some other stuff I like into it so I can comfortably install the system over ssh.
<avaq>
I just finished partitionining the drives. Now I want to run nixos-install, but I'd like to preserve my existing configs (whilst also providing a new hardware config). Is there a way to do this?
<avaq>
Could I deploy my existing config straight to the running system using nixops somehow?
<avaq>
I would have to tell NixOps to use target:/mnt instead of / as a root.
ahmedelgabri has quit [Ping timeout: 264 seconds]
<avaq>
I want to avoid having to copy-paste a lot of pieces from an ever growing personal nix config repository into a configuration.nix, only to immediately deploy something else to the system with nixops afterwards.