<clever>
ris: which version of nixpkgs are you on?
<clever>
ris: does --show-trace give more details?
<clever>
davidak: try starting it again and see if it makes it further
<clever>
since i only had 10 per machine, i didnt run into davidak 's 2nd issue, with 100 on a single machine
<clever>
aanderse: nixops creating 10 machines in aws, that each run 10 declarative containers
<clever>
davidak: glancing at your issue, it seems to be more with starting the contains, then building things
<clever>
davidak: and yes, it needed to eval nixos 110 times, which was murder on the ram :P
<clever>
davidak: ive started 100 nixos containers, at 10 each, over 10 nixops deployments
<clever>
dsx: `module =` is a full nixos config, which gets baked into a pxe image, and then the rest of this configures the machine to perform nat and router duties, and share that pxe image
<clever>
kiloreux: what about `strace -o logfile aws` and then pastebin the whole logfile, after confirming it doesnt contain your access-key-secret from aws
<clever>
kiloreux: what is line 4 of ~/.nix-profile/bin/aws ?
<clever>
kiloreux: and what does `locale` print out?
<clever>
kiloreux: and it should be a subdir like this
<clever>
kiloreux: if installing it with nix-env, you would point LOCALE_ARCHIVE to somewhere under ~/.nix-profile i think
<clever>
kiloreux: how did you install it? nix-env? systemPackages?
<clever>
kiloreux: what is the error your getting?
<clever>
teto: i try to avoid with for that reason
<clever>
teto: what was it?
<clever>
not the chain of imports that created the thunk
<clever>
teto: one problem, is that the --show-trace, is the call-stack of how a thunk got forced
<clever>
teto: check over all of your files to see where you do pkgs =
<clever>
teto: i think you have a pkgs =, in a nixos module
<clever>
teto: including the _file additions
<clever>
teto: can you link a branch on github with your changes?
<clever>
but imports = [ { foo } ]; doesnt know where the attrset came from
<clever>
teto: that is a special internal option that can be set on any nixos module, imports sets it for you, which is why you normally get useful errors
<clever>
teto: _file = ./myself.nix;
2019-07-16
<clever>
ah
<clever>
hydra will also fail to eval the expr, because nixos lacks /usr/bin/xar
<clever>
so you cant use the binary cache to help you if xar has a different hash
<clever>
but "${/usr/bin/xar} -foo -bar" will hash the xar binary, copy it to /nix/store/, and your $out is based on the hash of xar
<clever>
infinisil: so the closure is heavily stripped down
<clever>
infinisil: when nixos is generating an initrd, it will copy just the bin/plymouth file, and then run ldd to find the .so's it needs, then copy just those, and re-patchelf things
<clever>
infinisil: the initrd stuff excludes a lot of that
<clever>
infinisil: commented on the issue
<clever>
infinisil: what part of the closure is so big?
<clever>
elvishjerricco: yeah, it also has a prompt thingy
<clever>
infinisil: and zfs should wrap its prompt with that
<clever>
infinisil: i believe there is a special plymouth command you have to run, to expose the text console
<clever>
sphalerite: i had plymouth working in not-os at one point, lol
<clever>
andi-: you dont want to make a nix expr to allow you to nix-build your videos? lol
<clever>
and you can also just generate those xml yourself to declaratively edit things
<clever>
i think behind the scenes, it generates xml files, and there is a CLI util to do the actual editing
<clever>
jD91mZM2: for my main desktop, i had to entirely disable efi before it would obey the CSM and boot legacy
<clever>
jD91mZM2: compatability module? csm?
<clever>
jD91mZM2: you will also need a bios boot partition, 1mb, not formated, not mounted
<clever>
jD91mZM2: yeah, for nixos, you just need to set boot.loader.grub.device = "/dev/sda"; and then it will do both legacy and efi at the same time
<clever>
jD91mZM2: i'm not sure its supported under efi, you may need to temporarily switch to legacy booting
<clever>
for floppies, the reverse, the hole means its writeable
<clever>
yeah, for tapes, the hole means its read-only
<clever>
and you could just cut a notch into the floppy to make it writable
<clever>
samueldr: "read-only" floppies just didnt have the write-enable nogth
<clever>
samueldr: and now your back to how actually floppy floppies worked, lol
2019-07-15
<clever>
andi-: in theory, you could then have a gdb plugin, that will use `nix-store --query --deriver` to find the drv behind a path, then `nix-store --query --binding debug` to find its .debug, and dynamically load that
<clever>
andi-: there an idea i had before, if you build a package with splitDebug = true;, then you get a .debug output on it
<clever>
__monty__: maybe open the pr, and mark it as being 90% done, so people can begin to comment on it
<clever>
you must fix it for every single user, one by one
<clever>
so you cant just fix it system wide
<clever>
one problem i did run into, is that darwin's bash, will only source ~/.bashrc, and nothing from /etc/
<clever>
symphorien: just confirmed, ~/.bashrc is ran, on the gentoo machine, with non-interactive shells
<clever>
symphorien: it does still source one of them, i cant remember which
<clever>
you can test it with `ssh user@host nix-store --version`
<clever>
ensure both update PATH
<clever>
ashkitten: .bash_profile vs .bashrc
<clever>
,libraries wildtrees
<clever>
wildtrees: how did you wind up with that ssl in your profile?
<clever>
wildtrees: one is the bootstrap tools openssl, the other is the non-bootstrap openssl
<clever>
oborot: `lstopo --of ascii` gives the best ascii
<clever>
oborot: lstopo from hwloc
<clever>
rsoeldner: nix-shell -p myHaskellEnv
<clever>
rsoeldner: its best to enter haskell envs with nix-shell, not nix-env
<clever>
if the config is in git, you can just git clone, nixos-install, and 90% of your machine is back instantly
<clever>
oborot: yeah
<clever>
__monty__: if you run `nix repl ~/src/nixpkgs` and then eval `wire-desktop`, what does it return?
<clever>
__monty__: what is the exact command you ran?
<clever>
if that is missing, it loads default.nix in the current dir
<clever>
the raw path you give it, is the path to a nix file it loads
<clever>
nix-build ~/apps/nixpkgs -A foo, for example
<clever>
you need to give it the path without any args
<clever>
you need to be in the root of nixpkgs, or give it the path to the root default.nix
<clever>
thats your issue
<clever>
__monty__: are you in the root of the nixpkgs dir?
<clever>
the config on how to find /boot, is baked into the 1.5 binary, in the bios boot partition
<clever>
so it has to decrypt that before it can read it
<clever>
but the grub config file is on /boot/
<clever>
yes
<clever>
a motivated attacker can just modify the part of grub that is asking for a passphrase
<clever>
it heavily complicates things, and doesnt add that much security, because the grub stage 1.5 is still in cleartext
<clever>
is /boot encrypted or cleartext?
<clever>
nixos is responsible for it
<clever>
and that output only happens if /boot is encrypted, which i generally avoid
<clever>
oborot: that error is coming from grub, not nixos, its possible that grub failed to install correctly, and thats your old grub config
<clever>
oborot: can you screenshot the error?
<clever>
oborot: and what is the exact error?
<clever>
oborot: what does hardware-configuration.nix and configuration.nix say?
<clever>
the automation is also cheap enough that i just make multiple certs
<clever>
aveltras: ive not tried using security.acme yet
<clever>
aveltras: when using virtualHosts.foo.enableACME, its fully automatic
<clever>
26 people in there right now
<clever>
chreekat: there is #haskell.nix to discuss it
<clever>
Miyu-chan: bit distracted right now, but remind me to check it in a few hours
<clever>
thats what i prefer
<clever>
and skip the lvm
<clever>
Miyu-chan: but nixos now remembers the passphrase, so you can just make 2 luks devices, on 2 partitions
<clever>
Miyu-chan: that was to avoid having 2 passphrase prompts on bootup
<clever>
Miyu-chan: that guide is saying to create a luks volume, and then put lvm inside of luks, and then put swap+root on lvm
<clever>
Miyu-chan: ah, i think i see part of the problem, and its not needed anymore
<clever>
Miyu-chan: nixos-generate-config doesnt understand zfs either
<clever>
Miyu-chan: i think that depends on if your mixing luks and lvm
<clever>
chreekat: fairly difficult to do that
<clever>
chreekat: yeah, the point where the nix exprs turn into derivations
<clever>
chreekat: often the name is just "source", so if you give it a sha256 that exists in /nix/store, it just uses that path, and doesnt download it
<clever>
chreekat: it will compute the /nix/store/foo of a fixed-output drv, based on the sha256 and name
<clever>
chreekat: if you use the hash of a random thing, it will give you that random thing, not an error about an incorrect hash
<clever>
,tofu chreekat
<clever>
Miyu-chan: things like imports = [ { module } ];
<clever>
that saves each user from having to generate a unique image for their keypair
<clever>
if you create /ssh_pubkey before you /kexec_nixos, it will be copied into the image, and added to /root/.ssh/authorized_keys