2020-02-12

<clever> gchristensen: that works
<clever> (i think)
<clever> gchristensen: as long as its under 65k, and it should append anyways
<clever> gchristensen: which makes it slightly confusing, when pid namespacing comes into play
<clever> gchristensen: strace uses host pid's for everything
<clever> kk
<clever> lol
<clever> gchristensen: can you do `strace -ff -o logfiles -s 3000 nixos-install ...` and then tar up the logfiles?
<clever> xavierzwirtz[m]: config files, cmdline args, or libredirect
<clever> pie_[bnc]: he had 4 or 5 up his nose, then sneezed and most went flying, including out his ears
<clever> remember how homer accidently left one crayon up his nose? :P
<clever> ,exec
<clever> WinchellsM: if you want nix code to actually generate the script and run it, builtins.exec
<clever> which mine is as well
<clever> stderr is also opened for reading
<clever> gchristensen: yeah, pretty much identical to my end, its just null for stdin, and 2 sockets of a socket for stdout/stderr
<clever> one that doesnt install
<clever> gchristensen: start a service on your local machine, with the same options
<clever> gchristensen: check the /proc/pid/fd/ for the service, once its running
<clever> lovesegfault: by default, it doesnt auto-start, its up to each module to set wantedBy = [ "multi-user.target" ]; to make it auto-start
<clever> lovesegfault: systemd.services.docker.wantedBy = lib.mkForce [];
<clever> gchristensen: socket activation, would want the same socket as stdin and stdout
<clever> gchristensen: that sounds like it might break things
<clever> i can diff the config nix generates, and the known-good one
<clever> i do have a .config that works, but i want to keep the overrides minimal
<clever> i still need to figure out whats wrong with my config, the one i linked hangs on boot
<clever> evanjs: try extraConfig instead?
<clever> evanjs: if you try to change the arch, it will likely fail due to using the wrong compiler
<clever> gchristensen: this is the info that lsof reads, but lsof doesnt understand namespaces, so it can be tricky to read the sockets inside a container
<clever> [root@nas:~]# grep 262342793 /proc/net/unix
<clever> ffff8d024cc7b800: 00000003 00000000 00000000 0001 03 262342793
<clever> and its the exact same socket for both handles
<clever> lrwx------ 1 cachecache nogroup 64 Feb 11 16:10 /proc/32435/fd/2 -> 'socket:[262342793]'
<clever> lrwx------ 1 cachecache nogroup 64 Feb 11 16:10 /proc/32435/fd/1 -> 'socket:[262342793]'
<clever> but then, how are you even seeing the logs?
<clever> and if the main pid for the service exits, it might close the sockets
<clever> unix socket (via socketpair()?), and ties it to stdout/stderr of the service
<clever> i think systemd generates a ...
<clever> and is that error, caused by bash turning 2>&1 into /dev/stderr? heh
<clever> 72 LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" >>$PIPE_TARGET 2>&1 || true
<clever> ah yeah, thats not you choosing to run nixos-enter, thats nixos-install using it as a helper
<clever> if you didnt `--mount-proc`, you would be in a pid namespace, but `ps aux` wouldnt agree with the actual pid's
<clever> actually, now that i think of it, `ps aux` reads /proc, so only if /proc is mounted, will it respect the sandbox
<clever> so that new /proc will respect the new pid namespace
<clever> Just before running the program, mount the proc filesystem at mountpoint (default is /proc). This is useful when creating a new PID namespace. It also implies creating a new mount namespace since the /proc mount would otherwise mess up existing programs on
<clever> that creates a pid namespace (and others), and mounts a new /proc for you
<clever> 12 exec unshare --fork --mount --uts --mount-proc --pid $extraFlags -- "$0" "$@"
<clever> src
<clever> does nixos-enter use pid namespacing? try running it manually and see what `ps aux` leaks
<clever> gchristensen: each pid opening /dev/stderr will see a different /proc/self
<clever> cole-h: i think its polkit actually
<clever> cole-h: i typed reboot into the wrong window, and discovered that you dont need sudo anymore :P
<clever> cole-h: jan 14th, 2020
<clever> so it will heavily depend on what pid is opening that link, and what stderr already is
<clever> its usually a symlink to fd 2 on the current pid
<clever> lrwxrwxrwx 1 root root 15 Jan 14 11:59 /dev/stderr -> /proc/self/fd/2
<clever> the error itself is also weird, that doesnt feel systemd related
<clever> gchristensen: not sure, try adding an `ls -l /dev/stderr` to the preScript ?
<clever> pie_[bnc]: github randomly does that
<clever> pie_[bnc]: i always switch to insert mode, and zero out a few digits, so its obviously wrong
<clever> pie_[bnc]: 52i0<escape> in vim
<clever> pie_[bnc]: how big is the repo? how slow is your network?
<clever> pie_[bnc]: what error does it fail with?
<clever> m15k: you want: nix-shell -p '(openjdk8.override{enableInfinality = false;}).jre'
<clever> m15k: the jre8 alias breaks .override on you
<clever> m15k: .override is an attribute added by callPackage, so it only exists at openjdk8.override
<clever> 8399 callPackage ../development/compilers/openjdk/8.nix {
<clever> 8395 openjdk8 =
<clever> 8451 jre8 = openjdk8.jre;
<clever> 8461 jre = jre8;
<clever> m15k: and what (didnt) happen?
<clever> m15k: `nix-shell -p 'pkg.override....'`
<clever> butterthebuddha: also, you will want to use `visudo` to edit it
<clever> yeah, thats the one
<clever> butterthebuddha: its a config option, in /etc/sudoers i think, `man sudoers`
<clever> butterthebuddha: darwin sets the wrong $HOME with the 2nd form, and the commands act on the wrong user
<clever> butterthebuddha: on darwin, you should always use `sudo -i` then `cmd`, not `sudo cmd`
<clever> butterthebuddha: and `sudo nix-channel --remove` removed all channels from your user, not root
<clever> butterthebuddha: `sudo nix-channel --list` shows the channels for your user, not root
<clever> butterthebuddha: then root never had channels, and sudo has been lying to you the entire time
<clever> butterthebuddha: what are the contents of ~/.nix-channels (a text file) on both users?
<clever> butterthebuddha: what about under `sudo -i` ?
<clever> butterthebuddha: what about as root?
<clever> LnL: on nixos, roots profile comes before current-system, so you can override things without a rebuild
<clever> and now your wanting to use the version in current-system
<clever> butterthebuddha: then when you switched to nix-darwin, a second copy was added in current-system
<clever> butterthebuddha: when you first install nix, its in roots profile
<clever> butterthebuddha: no point in that, just `nix-env -e nix` as root and you should be fixed
<clever> you need to `nix-env -e nix` as root, to uninstall the duplicate
<clever> then its installed with both nix-env (as root) and nix-darwin
<clever> butterthebuddha: manually check each entry in $PATH for a nix-env, are there duplicates?
<clever> butterthebuddha: the darwin copy of which is old and doesnt support --all
<clever> butterthebuddha: `which --all nix-env` ?
<clever> butterthebuddha: its in roots profile, so root must be the one to run `nix-env -u`, or it might be part of darwin-rebuild
<clever> mudri: no real difference really, mostly user preference
<clever> butterthebuddha: what does `which nix-env` return?
<clever> butterthebuddha: then nix-env -u will never update nix, its not in that users profile
<clever> mudri: both should work
<clever> butterthebuddha: does `nix-env -q` list nix?
<clever> ornxka: note, that `-u '*'` wont look in a specific channel, but just look in all channels
<clever> ornxka: this lets you do `nix-env -iA foo.hello`
<clever> [clever@amd-nixos:~]$ cat ~/.nix-defexpr/test/foo/default.nix
<clever> import /home/clever/apps/nixpkgs
<clever> butterthebuddha: you want `sudo -i` then use `nix-channel`
<clever> butterthebuddha: also, darwin is "broken" and `sudo nix-channel` wont act on roots channels
<clever> butterthebuddha: if you are the only user of the machine, its simplest to only put channels on root, and nowhere else
<clever> butterthebuddha: each user has their own channel list, and nix-env will look in the current users channels, plus root
<clever> ornxka: nix-env -f ~/nixpkgs -iA hello
<clever> ornxka: does it need to be a channel or just something you build from?
<clever> butterthebuddha: that means that you added the same channels to both root and your user, so its ignoring root's copies
<clever> LnL: nix eval nixpkgs.lib.version
<clever> pie_[bnc]: if you do "${./foo}", and then the module runs toString on the value, the "${ already copied to the store
<clever> evanjs: modulesClosure should be given the same kernelPackages the kernel came from, to ensure the symbols line up
<clever> pie_[bnc]: it will be copied automatically, yep
<clever> pie_[bnc]: if you want it copied to the store, dont use toString
<clever> evanjs: 2nd, the kernel nix builds doesnt actually boot, so i must use the impure kernel, havent narrowed down which .config is to blame
<clever> evanjs: 2 main reasons for that, 1st: i'm impurely building a kernel in nix-shell for speed, and getting those modules back into the pure nixos is difficult
<clever> evanjs: the open firmware is currently cheating the whole module problem, by just never using modules, everything is baked into the kernel
<clever> that shell script must then do something with it
<clever> evanjs: this will replace the @modulesClosure@ in stage-1-init.sh with the path
<clever> evanjs: try running makeModulesClosure in your default.nix, and nix-build that first
<clever> hyper_ch2: heard of ratpoison?
<clever> then it already worked, and something in your shell should be sourcing everything in /etc/profile.d/
<clever> sarna: did it make something in /etc/profile.d ?
<clever> can you pastebin the output?
<clever> sarna: what is the last thing the install script printed?
<clever> sarna: what does `ls -ltrha` in your home folder end with?

2020-02-11

<clever> bougyman: you may need to install tmate with systemPackages instead of nix-env
<clever> sondr3: in your case, its haskellPackages.ghcWithPackages so you want haskellPackages.callPackage
<clever> ,callPackage sondr3
<clever> DigitalKiwi: the rest is probably fine
<clever> DigitalKiwi: by including the version in the fetch's name, you force a re-fetch, which will cause the sha256 to fail, and then the problem is noticed
<clever> DigitalKiwi: by default, fetchFromGitHub uses name="source";, and if the name and sha256 match a previous copy, it wont re-fetch, causing you to build version 5, with version 4's source!!
<clever> DigitalKiwi: add a `name = "irc-core-${version}";` to the `fetchFromGitHub`
<clever> DigitalKiwi: can you gist your code?
<clever> DigitalKiwi: name is generated by pname + version, but thats not the fixed-output drv
<clever> DigitalKiwi: and you want to ensure that version is in the .name of the fixed-output derivation
<clever> DigitalKiwi: yeah, thats why i also showed how to get the version
<clever> eoli3n: you can also run patchShebangs on nix, to patch them at install time
<clever> eoli3n: you can also use #!/usr/bin/env bash, and they will work on nixos and others
<clever> eoli3n: you can still use a #!, just use an absolute path, #! ${bash}/bin/bash
<clever> there it is, lol
<clever> > haskellPackages.glirc.src
<clever> > haskellPackages.glirc.version
<clever> displaylink depends on evdi
<clever> cannot build derivation '/nix/store/lrv6ar06rnnsjikbcszcg8bp8rl21gma-displaylink-5.2.14.drv': 1 dependencies couldn't be built
<clever> builder for '/nix/store/1604afggw500by35jqzjjyyr36i3jr6z-evdi--unstable-20190116.drv' failed with exit code 2

2020-02-09

<clever> CRTified: by default, ues
<clever> CRTified: activation scripts are run in series, during very early boot, while systemd services can run in parallel
<clever> CRTified: i would do that from the prestart of whatever systemd service needs the secret
<clever> cole-h: try adding a syntax error like an extra ; to it, and see if it notices or not
<clever> Thra11: f gets ran on every key/value pair, and the return value becomes the new value at that pair
<clever> > :p lib.mapAttrs (key: v: v * 10) { a=1; b=2; c=3; }
<clever> > :p lib.mapAttrs (a: a * 10) { a=1; b=2; c=3; }
<clever> and then i can just set it to true/false in other places
<clever> so i define a custom vim.fat option
<clever> vim.nix is a special case, where every machine should have vim, but i want to customize it further
<clever> elux: each machine has a different starting file, that sets stuff for just that machine, and then puts more common stuff into imports
<clever> elux: its also much simpler if you use a laptop.nix, that sets that set of options
<clever> startup = [ { ..some stuff } ] ++ optional (machine == "laptop") { command = "blueman-applet"; notification = false; };
<clever> elux: the ++ is on the wrong side
<clever> elux: and then use ++ to append that to another list
<clever> > lib.optional false 42
<clever> > lib.optional true 42
<clever> elux: make a hostname.nix file, that sets all of the conditional stuff, and the hostname
<clever> elux: also, you dont want to make your config conditional on hostname, you want to do it the other way around
<clever> elux: this will return a special attrset, which gets translated into { system = mkIf condition ...; }, allowing nixos to figure out what config.boot is, while lazily ignoring config.system for the moment
<clever> elux: and its primarily to deal with infinite recursion
<clever> elux: `mkIf` is part of the module framework, it takes part of a nixos module
<clever> cole-h: nix-build '<nixpkgs>' -A package --arg overlays '[]'

2020-02-08

<clever> sondr3: ive also been getting that on my rpi!
<clever> Athas: and it wraps each -p in () to isolate it from the neighbors
<clever> > (libc++)
<clever> Athas: nix is parsing libc++ as a nix expression, and the ++ is an operator
<clever> silver_hook: ive not looked at the arduino package, so i dont know what its doing wrong
<clever> silver_hook: you can also use nix-shell on that, to get a shell with avr-g++ in $PATH
<clever> silver_hook: this has a default.nix that can compile the firmware for my thermostat, which is AVR based
<clever> silver_hook: the problem is that arduino is downloading pre-compiled binary, that will never work on nixos
<clever> silver_hook: you need to use the avr-g++ that nix provides, not the one arduino downloaded
<clever> silver_hook: and thats why it said `no such file or directory`
<clever> silver_hook: and does /lib64/ld-linux-x86-64.so.2 exist?
<clever> silver_hook: run `file` on it, what is the interperter?
<clever> cole-h: yeah, all derivations return a string that has the path of the result
<clever> nixpkgs
<clever> nix, nixos, nixops
<clever> pmyjavec: there are 3 or 4 different manuals
<clever> pmyjavec: yeah
<clever> pmyjavec: it should be in the nix docs
<clever> kraem: mkHiPrio might do it, but it would be better to just install one version and not have the conflict
<clever> kraem: so it might be conflicting with the original, which you would need to remove from systemPackages
<clever> kraem: line 10 of your pastebin is calling the wrapper unbound-control
<clever> /home/clever/apps/nixpkgs/doc/languages-frameworks/java.xml: --add-flags "-cp $out/share/java/foo.jar org.foo.Main"
<clever> /home/clever/apps/nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix: --add-flags "--cfgFile=${configClientFilename name}" \
<clever> kraem: you want --add-flags
<clever> Cadey: nix why-depends /nix/store/foo /nix/store/bar

2020-02-07

<clever> Twey: this can just run things under qemu, as root
<clever> 100% pure
<clever> Twey: this spins up 2 peers, and then forms a wireguard tunnel between them, and confirms you can ping over the tunnel
<clever> Twey: try the nixos test framework, it uses qemu
<clever> Twey: what exactly is it testing?
<clever> Twey: its also impure to be using setuid binaries during a nix build
<clever> fooooojasdflkj: what you want, is mkIf, config = lib.mkIf true { ... }; inside all modules, and then just change the condition
<clever> fooooojasdflkj: and mkMerge takes a list of sets, not 2 sets as seperate args
<clever> fooooojasdflkj: mkMerge returns an attribute set, which the module framework will then merge at a later time
<clever> fooooojasdflkj: if your passing it to a nixos option, you want mkMerge
<clever> evanjs: nice!
<clever> evanjs: `write error`
<clever> evanjs: how large is the initrd file, how much ram to the vm?
<clever> evanjs: out of ram?
<clever> evanjs: how does it die?
<clever> simukis_: ah oops, was just pulling that out of my sqlite history
<clever> eoli3n: you could try to just `nixos-rebuild build` to make it build again and show the output
<clever> eoli3n: nix doesnt record information about failed things, only successfull things
<clever> failed to build*
<clever> eoli3n: if it fails to boot, then it never applied, so there is nothing to rollback
<clever> yeah, thats also viable, but can be spammy if you have many such paths, or your machine is too fast and copies it quickly
<clever> simukis_: after that warning occurs, the problematic path will be at the bottom of the list from that query (if its >512mb)
<clever> simukis_: this shows all paths in /nix/store, sorted by when they got added, and filters to those >512mb
<clever> sqlite> .header on
<clever> sqlite> select path,narSize/1024/1024,datetime(registrationTime,'unixepoch') from ValidPaths where narSize > (1024*1024*512) order by registrationTime limit 15;
<clever> sqlite> .mode column
<clever> [root@amd-nixos:~]# sqlite3 /nix/var/nix/db/db.sqlite
<clever> simukis_: one second
<clever> gchristensen: i just run nixos-unstable, and only stop updating if things break hard, until its fixed again

2020-02-06

<clever> pbb_: thats what i was expecting to see in the gcc shell script
<clever> pbb_: try reading gcc (the shell script) and see what gives the error you get
<clever> pbb_: that sounds like something you just want to build normally in nix-shell
<clever> pbb_: nix can reuse the old build, if the inputs havent changed
<clever> pbb_: nix would do the caching for you
<clever> pbb_: could you pre-build it in another derivation, and then just put it in PATH?
<clever> pbb_: what is the command? and why are you building it in shellHook?
<clever> pbb_: what is the command and how does it fail?
<clever> hodapp: withPackages will generate a shell script named python, that adds foo to PYTHONPATH for you
<clever> evanjs: try with a simple #! script, that then runs ash?
<clever> evanjs: weird
<clever> evanjs: you can also use `rdinit=/bin/sh` on the kernel args, to override that
<clever> evanjs: a symlink from /init to the sh binary, should be enough to get you a usable shell
<clever> ma27[m]: https://gist.github.com/cleverca22/a7946666fe7fbf5ff7a4f46618a067f1 configures phpfpm, lighttpd, and mysql, and generates a public_html dir to host
<clever> evanjs: that was all to work around bugs in the rpi drivers
<clever> evanjs: also remove the kmsg stuff as well, and mknod
<clever> ma27[m]: hosts a normal php based site
<clever> evanjs: remove the ttyAMA0 stuff in https://github.com/evanjs/mini-system/blob/master/bench/nixos.nix#L27 and try again
<clever> evanjs: or it exits after running
<clever> evanjs: looks like your initrd doesnt contain a valid /init
<clever> ma27[m]: i have some php-fpm code somewhere
<clever> deni: correct
<clever> deni: yeah, you would need your own private ca for local domains
<clever> deni: but if plain http doesnt work (such as the dns being wrong), it will retry until you use up the ratelimit, and can ban you for 3 hours
<clever> deni: nixos will host a file over plain http, and then use that to validate
<clever> deni: it can help to ensure the dns is working before you do that
<clever> deni: yep
<clever> yeah
<clever> deni: and ive mostly just been porting it over without properly fixing it
<clever> deni: the stuff on my nas predates me learning nix, and is still a mess of files spread over 3 machines
<clever> deni: instead, you do `documentRoot = ./foo;` in the nix, and nix will copy foo for you, and put /nix/store/hash-foo into the nginx config file
<clever> deni: you dont
<clever> evanjs: so console=ttyS0 null-routed all output
<clever> evanjs: sounds like you just didnt have the qemu serial port wired up
<clever> evanjs: try removing the console=?
<clever> evanjs: try using an unmodified kernel?
<clever> nikola_i: you must use the name from `nix-env -q` when you `nix-env -e <name>`
<clever> see if its moving any
<clever> evanjs: you can also try checking the addr multiple times, and cont after each check
<clever> evanjs: try using continue in gdb, then ctrl+c it after a bit, once qemu's gfx show signs of linux booting
<clever> evanjs: is this after linux has started to boot, or was qemu told to halt very early on?
<clever> evanjs: what addresses are you seeing?
<clever> nikola_i: `nix-env -e youtube-dl` to remove that one
<clever> evanjs: now try `bt` in gdb
<clever> evanjs: you dont need debug symbols, just normal symbols
<clever> nikola_i: what does `type youtube-dl` report?
<clever> evanjs: jam it into system.build (a nixos option), and then reference it the same way i did
<clever> nikola_i: nix-env -iA nixos-unstable.youtube-dl
<clever> nikola_i: did you add unstable with nix-channel --add?
<clever> yeah
<clever> evanjs: and it does have a vmlinux!
<clever> evanjs: this seems to eval
<clever> [root@amd-nixos:~]# nix-build '<nixpkgs/nixos>' -A config.system.build.kernel.dev
<clever> the 1st part, is the name of a channel from nix-channel --list/--add
<clever> nikola_i: nix-env -iA unstable.hello
<clever> /nix/store/515rfjfhi0v5p99lcbl9bkca1k4600ij-linux-4.19.84.drv
<clever> $ nix-store -q --deriver /run/current-system/kernel
<clever> evanjs: ive been using a kernel i build in nix-shell, so i have more files to work on
<clever> evanjs: try using the System.map file? maybe?
<clever> nix*
<clever> evanjs: ack, linux might not export that!
<clever> evanjs: then, run `file /path/to/vmlinux` in gdb, to load the symbols, and you can get a backtrace out of things
<clever> evanjs: if you follow those directions, you can attach gdb to qemu, and debug whatever is running on the cpu
<clever> evanjs: and now we can throw my rpi debug knowledge into the mix!
<clever> noonien: you can find examples in nixpkgs
<clever> noonien: it does not
<clever> noonien: patch them first, with patchShebangs