2019-09-14

<clever> the ssh://user@host based cache, should be able to read signatures from the nix database
<clever> li_matrix: a second problem, is that if you want to build most things, you need internet to download the source to build it
<clever> it could also be an nfs mount
<clever> li_matrix: that lets you put a closure onto a usb stick, and then use it as a cache, or `nix copy` out of it again
<clever> li_matrix: sounds like you just want `nix copy --to local?root=/foo`
<clever> li_matrix: is all internet access thru a gateway? or is it 100% cut off?
<clever> li_matrix: do you want to only serve things from cache.nixos.org, or also things that you built in your own /nix/store/ ?
<clever> li_matrix: what is your end goal?
<clever> li_matrix: nix copy can create a directory that contains signatures and can be served with any dumb http server
<clever> li_matrix: it will always re-sign things, as it serves them
<clever> li_matrix: correct, nix-serve pre-dates nix-daemon being able to store signatures
<clever> li_matrix: it downloads the sigs for everything currently in $UNPACK/nix/store, from cache.nixos.org
<clever> li_matrix: this is something ive done in the past
<clever> NIX_REMOTE=local?root=$UNPACK nix copy-sigs --all -s http://cache.nixos.org/
<clever> li_matrix: ive had it working
<clever> or do nix-build /path/to/nixpkgs -A foo
<clever> and then ./result/bin/foo
<clever> kleisli: then you want -p, which needs -I nixpkgs=/path to change it
<clever> kleisli: do you want a shell suitable for using X or building X?

2019-09-13

<clever> m15k: its in release.nix i believe
<clever> m15k: yes
<clever> infinisil: yeah
<clever> and it will cache the entire nar.xz file
<clever> fresheyeball: currently, it only supports http caches, so you would have to switch over to nix-serve
<clever> fresheyeball: cachecache
<clever> 2019-09-13 19:02:45 < clever> fresheyeball: try adding systemd.services.nix-daemon.path = [ pkgs.ssh ]; to configuration.nix
<clever> elvishjerricco: and then there is issues like how to you configure which user owns the ssh priv key
<clever> fresheyeball: nix-daemon
<clever> elvishjerricco: if you are not listed as a trusted-user, then nix-daemon has to do things, to enforce the rules
<clever> elvishjerricco: when using a binary cache, it has to be a trusted process, because the path your downloading could be a trojaned copy of sudo
<clever> fresheyeball: try adding systemd.services.nix-daemon.path = [ pkgs.ssh ]; to configuration.nix
<clever> fresheyeball: you pasted the same link twice, of course they look identical!
<clever> fresheyeball: you can use this to add ssh to the PATH of nix-daemon
<clever> systemd.services.<name>.path
<clever> Packages added to the service's PATH environment variable. Both the bin and sbin subdirectories of each package are added.
<clever> until one works
<clever> yeah, lines 11-16, its just testing for ssh in every entry of $PATH
<clever> fresheyeball: you should see multiple execve's for ssh, until it finds the binary
<clever> if nix-build can write to /nix/store, it wont contact nix-daemon
<clever> fresheyeball: and for root, you need to strace the nix-build process itself
<clever> fresheyeball: is it trying to execute ssh multiple times?
<clever> yeah
<clever> fresheyeball: its waiting for a nix level protocol msg
<clever> fresheyeball: now run that ssh yourself, as root
<clever> fresheyeball: the ssh wont be running nix-build on the remote end, we need the exact args nix-daemon used
<clever> fresheyeball: what args does it run ssh with?
<clever> fresheyeball: run `strace -f -e execve -p <PID>` on the pid of nix-daemon, then do another build under jenkins
<clever> elvishjerricco: yeah
<clever> elvishjerricco: but builtins.fetchurl downloads it at eval time, in a single-threaded way
<clever> elvishjerricco: nix/fetchurl.nix will create a derivation, that can then download things in parallel
<clever> fresheyeball: ah, if your not setting one, then disable the ssh agent, `unset SSH_AUTH_SOCK` i think
<clever> fresheyeball: add -i and the private key, to the command i last gave
<clever> what does that do?
<clever> fresheyeball: `ssh nix-serve@fresheyeball.com nix-store --version`
<clever> fresheyeball: nix-store is not in the PATH on the remote machine your ssh'ing into
<clever> fresheyeball: check the journal for nix-daemon?
<clever> fresheyeball: allowed-users also
<clever> fresheyeball: also, is trusted-users or other users flags set in nix.conf? can it build anything at all?
<clever> fresheyeball: sudo -u jenkins -i
<clever> benley: also, on ext4 there is a max of 65535 hardlinks for a single file, ive seen 2 instances of a file failing to hardlink
<clever> benley: and checking for a single hardlink in a dir with millions of files can suffer on some filesystems
<clever> benley: it requires reading and hashing the entire $out twice, once for the narhash, then again for the links
<clever> benley: ah, maybe some verbosity with it has changed, and nobody else has noticed, because they have it off
<clever> benley: or auto-optimize?
<clever> benley: did you use -v?
<clever> fresheyeball: it should be going thru nix-daemon, and using root to do the ssh
<clever> eraserhd: since patches is empty, you can also just use patchPhase directly
<clever> eraserhd: i would expect that to work then, what is it doing when building?
<clever> eraserhd: phases? buildCommand?
<clever> eraserhd: run `nix show-derivation` on the drv file, does it have a patchPhase?
<clever> maralorn: write a derivation that will map over every one of them, and create a text file with every url, then nix-build it and keep the symlink it makes
<clever> some of the browser flags are setup to not cause a rebuild, that may be a bug in the pepper flash option
<clever> that would reduce the spamage
<clever> ah
<clever> i just run irssi under screen on my own hardware
<clever> zfnmxt: ah, you can self-host to avoid that spam?
<clever> so every single user that relays thru matrix disconnects at once
<clever> matrix went down
<clever> batzy: what was the solution?
<clever> batzy: what was the solution?
<clever> batzy: not sure what else to check
<clever> batzy: further down, this stack overflow mentions b43, what does `modprobe b43` say?
<clever> batzy: its not clear which package the driver is in, if any
<clever> batzy: `modprobe wl` ?
<clever> batzy: 30 seconds on google says you want the wl driver, not the ath10k driver
<clever> batzy: nix-env -iA nixos.pciutils
<clever> batzy: what does lspci say the card is?
<clever> batzy: try a full reboot?
<clever> batzy: that wont reload things the same as a reboot
<clever> cant think of what else to check then, maybe try a reboot anyways?
<clever> batzy: did you enable wireless in configuration.nix?
<clever> batzy: then we need to figure out what package provides that file, and install it, google may know what its typically inside
<clever> batzy: did the error repeat, or not show up again?
<clever> batzy: you can also boot the installer, mount the existing fs back under /mnt (along with any partitions it needs), then re-run nixos-install to apply changes to configuration.nix
<clever> batzy: plug in an ethernet cable?
<clever> batzy: nope, just re-run the modprobe from before
<clever> batzy: try adding `hardware.enableAllFirmware = true;` to configuration.nix and rebuild
<clever> batzy: you are still connected
<clever> any other errors in dmesg?
<clever> batzy: or the firmware isnt installed
<clever> batzy: dmesg?
<clever> batzy: any change in ifconfig? dmesg?
<clever> hpfr[m]: that should ignore the overlay then, if you comment the overlay out, do you get a different kernel?
<clever> 15934 linuxPackages_latest = linuxPackages_5_2;
<clever> 15935 linux_latest = linuxPackages_latest.kernel;
<clever> batzy: modprobe ath10k_pci
<clever> try loading ath10k_pci
<clever> batzy: a quick scan with `nix-locate` says that only ath10k_core and ath10k_pci exist, there is no ath10k
<clever> batzy: what happens if you just `modprobe ath10k` ?
<clever> batzy: do you know which kernel module is used by the card?
<clever> hpfr[m]: any override against 4_19 will change the default linux
<clever> 15929 # The current default kernel / kernel modules.
<clever> 15930 linuxPackages = linuxPackages_4_19;
<clever> 15931 linux = linuxPackages.kernel;
<clever> hpfr[m]: which channel are you on?
<clever> hpfr[m]: what is the attr you are setting, within the self: super: { set
<clever> hpfr[m]: within the pkgs tree
<clever> hpfr[m]: what attr are you overlaying?
<clever> samueldr: but a GC can usually fix that
<clever> samueldr: main problem i see, is things like .drv files getting truncated, and then nixos-rebuild refuses to do anything
<clever> samueldr: files that where being edited shortly before the improper shutdown
<clever> batzy: search the output for anything mentioning firmware or ath
<clever> samueldr: it has a bad habbit of truncating files at improper shutdown
<clever> samueldr: ext4?
<clever> batzy: is there any firmware error in `dmesg` ?
<clever> samueldr: i suspect something in /nix/store/ was modified outside of nix's control, so the hash is now wrong
<clever> yep
<clever> samueldr: on the source machine, do `nix-store --verify --check-contents`
<clever> samueldr: build slave or just copying the nix expr?
<clever> yep
<clever> provessor[m]: so you want (super.emacs.override { srcRepo = true; }).overrideAttrs (old: rec {
<clever> provessor[m]: srcRepo is a .override flag
<clever> or rec{ in your case
<clever> its usually in the form of emacs.overrideAttrs (old: {
<clever> provessor[m]: overrideAttrs takes a function
<clever> provessor[m]: self.fetchgit
<clever> provessor[m]: rec {
<clever> like: nixpkgs.overlays = [ (import ./overlay.nix) ];
<clever> provessor[m]: you must set nixpkgs.overlays to a list of overlays
<clever> provessor[m]: ah, you never told nixos to load the overlay
<clever> provessor[m]: change systemPackages to install emacsHead, not emacs
<clever> you use .overrideAttrs to change anything inside the mkDerivation
<clever> provessor[m]: .override cant change the name, it can only change the params on the 1st line of the default.nix
<clever> provessor[m]: and in configuration.nix, your installing emacs, but the overlay only applies to emacsHead
<clever> provessor[m]: you want .overrideAttrs, not .override, and `rec {` rather then just {
<clever> provessor[m]: can you pastebin your nix files?
<clever> provessor[m]: src = self.fetchurl { something }
<clever> provessor[m]: just set src to the source, using the new fetch function
<clever> Netsu: looks like you need to copy the code on lines 50-54
<clever> gnidorah: fix is currently waiting in staging

2019-09-12

<clever> infinisil: ahh
<clever> selfsymmetric-pa: then click the tested jobset link on howoldis, for that channel, and wait for the eval to be all green
<clever> selfsymmetric-pa: just spam f5 until it shows another branch!
<clever> selfsymmetric-pa: if you look at the page for https://github.com/NixOS/nixpkgs/commit/b0b3b29e20dd41cd4d7d5af6072f2424f1b11026, it lists what branches its on
<clever> selfsymmetric-pa: staging-19.09 gets merged into release-19.09
<clever> selfsymmetric-pa: staging gets merged into master
<clever> selfsymmetric-pa: after staging is manually merged into master, youll want to wait for the jobset for nixos-unstable
<clever> selfsymmetric-pa: https://howoldis.herokuapp.com/
<clever> infinisil: ?
<clever> ,howoldis selfsymmetric-pa
<clever> selfsymmetric-pa: hydra has to rebuild most of nixpkgs before the fix gets into a channel
<clever> yeah
<clever> so it depends a lot on how complex the pr is, and how many things depend on it
<clever> breakage that may happen after your PR gets merged, due to things being missed
<clever> craige: staging is mostly for when you think it has a chance to break a lot of things, and you want to give hydra time to test things, so you dont break master and hold nixos-unstable back
<clever> oldandwise: these 2 commands print out a list of -I flags
<clever> [nix-shell:~]$ pkg-config --cflags gstreamer-1.0
<clever> [clever@amd-nixos:~]$ nix-shell -p pkgconfig gst_all_1.gstreamer
<clever> oldandwise: hmmm, it works for me
<clever> oldandwise: sounds like an anoying bug in pkgconfig, if the dependencies listed in the .pc file are absent, it will silently ignore the .pc file
<clever> oldandwise: is pkgconfig in the buildInputs?
<clever> luckily, the pkgconfig files are still in the standard lib/pkgconfig/foo-1.pc, so pkgconfig can be modified to find them
<clever> but it cant deal with non-standard things like include/foo-1
<clever> nix will iterate over everything in buildInputs, and put the include/ dir into -I for you
<clever> and now you have no way to predict what the hash is
<clever> but then nix comes along, and puts the headers in /nix/store/hash-foo/include/foo-1/
<clever> and they expect users to be able to just blindly gcc -I/usr/include/foo-1/
<clever> iqubic: cairo and a lot of gtk based things, typically install headers to /usr/include/foo-1, so it wont conflict with foo-2
<clever> iqubic: pkgconfig is more to auto-detect the -I and -l flags you need to build, to deal with things being in non-standard places
<clever> oldandwise: https://gist.github.com/cleverca22/9d60fe304a07a29648a3d8970e6d1336 like in this example with cairo
<clever> oldandwise: you must use pkgconfig to lookup the cflags for gstreamer-1.0
<clever> and that breaks nix, which also solves exactly the same problem
<clever> gstreamer puts the headers into a non-standard subdir, to avoid conflicting versions running into eachother
<clever> but it doesnt add include/gstreamer-1.0
<clever> oldandwise: nix automatically adds the include dir to the -I path
<clever> /nix/store/1fghxrm9xbzial8rkg4mhhfmz11srfvl-gstreamer-1.14.4-dev/include/gstreamer-1.0/gst/gst.h

2019-09-11

<clever> ive done that before, and it works nicely
<clever> tobiasBora: no idea, i dont really use home-manager, nor kde
<clever> tobiasBora: which will do the same job as .xprofile (it just gets inserted on line 100)
<clever> tobiasBora: nixos also has a services.xserver.displayManager.sessionCommands
<clever> tobiasBora: or launch certain things like an ssh agent
<clever> tobiasBora: nixos will also source ~/.xprofile, so you can inject env vars before letting the normal flow resume
<clever> tobiasBora: i think most of them do similar
<clever> tobiasBora: but, line 112 will just execute ~/.xsession if it exists, so ~/.xsession can hijack the whole process, and bypass whatever nixos had configured
<clever> tobiasBora: line 120 is what is responsible for running the DE you select at the login screen
<clever> cransom: but currently, halvm only works under xen, one of my pipe dreams is to make a variant that works on bare metal
<clever> cransom: another choice is halvm, that runs haskell code as the kernel, so you can just drop linux entirely!
<clever> cransom: but then your letting the impure languages win!
<clever> cransom: you could also give up, and just bring in the dhcpcd binary :P
<clever> cransom: then you only need to deal with configuring an ethernet interface via ffi, and bake the ethernet driver into the kernel
<clever> how can haskell do raw gfx on the hardware, without xorg!!
<clever> cransom: and then gpu drivers and xorg....., do you want to implement xorg (or similar) in haskell? :D
<clever> cransom: the hard part, is that modprobe has to be an external binary, so you either need to bake modules into the kernel, or let dirty c code into your initrd :P
<clever> cransom: due to forkIO, you could potentially turn haskell-init into a full os, that doesnt even have processes, lol
<clever> cransom: and not-os is a nix based os, that is not nixos, but does borrow a number of modules, it compiles down to a 47mb squashfs
<clever> what you do from there, is up to you
<clever> it will boot directly to a haskell binary, and there is only ONE FILE in the entire initrd!!
<clever> cransom: haskell-init is a full linux "distro", with just a kernel and 2mb initrd, it doesnt even need a rootfs
<clever> cransom: but you may also be interested in things like haskell-init and not-os, which just make smaller rootfs's
<clever> cransom: ahhh, yeah, this wont really solve that situation, and a full AMI is best for auto-scaler
<clever> and generation 1, will be your nixops config, rather then a template from the AMI
<clever> so you can replace nixos-install with nixops
<clever> that will let you deploy to /mnt on a remote machine
<clever> the magic part, that nixops can take advantage of, is phase 3: nix copy --to ssh://root@target?remote-store=local?root=/mnt /nix/store/hash-nixos
<clever> colemickens: phase 1 of this ticket, is just a way to boot the nixos installer on a remote machine, so you could ssh in, fdisk, mkfs, nixos-install, as normal
<clever> infinisil: yeah, nixpart could be used for phase 2
<clever> if you can get root and the kernel supports kexec, the above can be done
<clever> and it will support any cloud provider, with most of the above features
<clever> it makes the ami smaller, and pushes the big copy time until the deploy phase, which can take advantage of binary caches
<clever> it will deal with problems like wireguard never working on the first deploy, because you changed the kernel version
<clever> cransom: this will allow custom FS's for the rootfs, custom partition layouts, including fun things like a zfs stripe across many high io/sec ELB's if you wanted
<clever> cransom: have you seen my recent nixops issue about custom fs's and such?
<clever> infinisil: and there is an auto-optimize, what will hardlink things after the build has finished, every time
<clever> while squashfs's dedup only has that cost once, when making the squashfs
<clever> cransom: zfs's dedup is expensive, because it has to store the hash table, to be able to find dups when writing
<clever> since it lacks write support, the files are just made in one piece, and left that way
<clever> squashfs will also also never suffer from fragmentation
<clever> some of this isnt documented, and ive just memorized chunks of the source
<clever> but once it deploys successfully once, it will remember that it has installed the key
<clever> nixops will only record that its own key is working, if the switch-to-configuration passes with no errors, so issues in your systemd services can force you to keep relying on the ssh agent
<clever> then nixops can get in, and install its own key
<clever> so install a temporary key on the remote machine thru any means you like, and add the matching private to your agent with ssh-add
<clever> the keys in your agent will leak into nixops, and still work
<clever> angersock: if you are using the none backend, an ssh agent is the simplest option

2019-09-10

<clever> Zer000: callHackage or callHackageDirect
<clever> nhill: those let you modify the pulse config files, and follow the other guides online
<clever> nhill: specifically, look at configFile, extraConfig, and extraClientConf
<clever> nhill: i see more then 3 things
<clever> nhill: did you look at the nixos options for pulseaudio?
<clever> nhill: the only other fix is to learn more about how mpd and pulseaudio interact, and fix it better
<clever> nhill: id say give up and just manually run mpd in a shell :P
<clever> nhill: if you keep pavucontrol open, it will force the proper pulseaudio daemon to keep working, and give you better feedback when things are working
<clever> nhill: did you get pavucontrol to open?
<clever> nhill: lowercase e, oops
<clever> systemd.services.<name>.environment
<clever> nhill: hmmm, try adding systemd.services.mpd.Environment.DISPLAY = ":0"; ?
<clever> nhill: the unix socket stuff should still work, i'm just not sure how to setup the discovery
<clever> > pkgs.fetchgitLocal
<clever> qubasa: thats not under builtins, that under pkgs
<clever> qubasa: are you sure thats a thing?
<clever> > builtins.fetchGitLocal
<clever> nhill: the pulseaudio server, not the mpd server
<clever> nhill: sounds like its not getting the right env vars to connect to the daemon
<clever> nhill: try installing and running pacucontrol
<clever> monokrome: any overlays setup?
<clever> monokrome: what error does it give?
<clever> ah, thats what it was
<clever> ,paste ?
<clever> ,pastebin nhill
<clever> nhill: any errors on stdout?
<clever> nhill: are you running pulsemixer in a terminal?
<clever> nhill: stop it with systemd, dont kill it, systemd will restart it automatically
<clever> nhill: try stopping mpd, open pavucontrol, then start mpd
<clever> nhill: check ps aux | grep pulse, is there a daemon running?
<clever> nhill: does pavucontrol, is mpd connecting to it?
<clever> systemd.services.mpd.serviceConfig.Group
<clever> it must start with systemd
<clever> oops, its mpd.serviceConfig.Group
<clever> to force systemd to set the gid also
<clever> nhill: try adding a systemd.services.mpd.Group = "something"; to configuration.nix
<clever> nhill: what is the group setting in mpd.conf?
<clever> there will be a path to mpd.conf, in the .service file
<clever> it will be in the ExecStart
<clever> ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
<clever> nhill: read the .service file, look at the arguments to mpd
<clever> nhill: i already told you how to find it
<clever> nhill: have you read the generated mpd.conf yet?
<clever> that might be a bug
<clever> it will also be written to the systemd .service file!?
<clever> nhill: services.mpd.user will be written to the user field in mpd.conf
<clever> nhill: where do you see that config option? what exactly did you put into your configuration.nix?
<clever> but you didnt give it root, so it cant
<clever> mpd is responsible for changing its own uid, after startup
<clever> and its trying to setup its own permissions
<clever> nhill: that implies that it must be ran as root
<clever> nhill: what is the config file for it saying to do?
<clever> nhill: what exactly is mpd doing when it fails?
<clever> nhill: just set the .User of a systemd service
<clever> asymmetric: most display managers also give you a choice when you login, to pick which one you want
<clever> so the "default" varies from machine to machine, when you have multiple enabled