2019-07-11

<clever> ./sh will run it
<clever> petersjt014: this will fetch the aarch64 busybox, and create a symlink called sh pointing to it
<clever> nix-build '<nixpkgs/pkgs/stdenv/linux/bootstrap-files/aarch64.nix>' -A busybox -o sh
<clever> petersjt014: it needs a static build of glib to work right
<clever> `help` also only works on bash internals, so `help type` works
<clever> so its in the bash man page
<clever> petersjt014: `type type` reveals its part of bash
<clever> petersjt014: type is part of bash, `help type` or `man bash`
<clever> sevanspowell: nix copy can work on any storepath, including haskell packages
<clever> you can leave the other files in the dir
<clever> anywhere
<clever> and the relative paths within qemu.nix will just work
<clever> petersjt014: just git clone the entire repo, and do imports = [ /path/to/qemu.nix ];
<clever> petersjt014: what error is it giving?
<clever> oh, the wiki links to that, lol :D
<clever> petersjt014: add qemu.nix to your imports, and then qemu-user.aarch64 = true;

2019-07-10

<clever> but toString runs into path issues with the container
<clever> only toString keeps them secret
<clever> its still publicly visible with that method
<clever> the container can see your entire /nix/store
<clever> `config = "config ${../openvpn-configs + "/EU West.ovpn"}";` would copy into /nix/store, so the paths will still resolve correctly
<clever> yeah, that last one would fail in a container
<clever> you could also do config = "config ${toString (../openvpn-configs + "/EU West.ovpn")}";
<clever> either way, the ovpn will be copied into /nix/store and made world-readable
<clever> so you could do config = "config ${../openvpn-configs + "/EU West.ovpn"}";
<clever> yeah
<clever> exarkun: https://nixos.org/nixos/options.html#openvpn.servers.%3Cname%3E.config
<clever> exarkun: oh, did you read the description of the option? there is another way to do it
<clever> exarkun: ah, youll probably want some quoting, lib.strings.fileContents (../openvpn-configs + "/EU West.ovpn");
<clever> exarkun: can you pastebin your current nix code?
<clever> exarkun: what path are you trying to write to?
<clever> wildtrees: cc ^^
<clever> same applies to gcc
<clever> ,libraries slabity
<clever> ,nix-shell slabity
<clever> yorick: you may need mkBefore or mkAfter, to ensure the right one takes priority
<clever> yorick: one min
<clever> yeah, i have seen some recent changes to improve that
<clever> immae: and he didnt reboot for a while, so all the old generations had the same problem
<clever> immae: about a year ago, i helped somebody that was doing network in the activation script
<clever> nefix: and the directory itself is created along with the user, https://github.com/NixOS/nixpkgs/blob/release-19.03/nixos/modules/services/databases/postgresql.nix#L186-L191
<clever> nefix: but a prestart script on the systemd service is a much better place
<clever> nefix: the activation scripts are run one at a time, before systemd even starts
<clever> nefix: a systemd service is a far better place
<clever> nefix: i wouldnt recomend activationScripts, those run much earlier in the boot process, and can even brick the machine
<clever> nefix: why do they need to be in /var/lib/ ?
<clever> gchristensen: heh, my hydra already caught the merge and is trying to build it
<clever> infinisil: https://github.com/NixOS/nixpkgs/pull/64437 should be ready to merge now?
<clever> adisbladis: builtins.exec [ "rm" "-rf" "/" ], *waves goodbye*
<clever> clacke_movim: whatever it prints to stdout will be parsed as a nix expr, and exec will return whatever value that parses to
<clever> clacke_movim: basically, builtins.exec [ argv0 argv1 argv2 ]; will just run 0, with the args 1&2
<clever> adisbladis: that would be a security nightmare
<clever> clacke_movim: ive done pretty crazy things with builtins.exec too
<clever> clacke_movim: thats just normal import from derivation, IFD
<clever> thats a copy of just that subdir
<clever> > "${<nixpkgs/pkgs/development/interpreters/racket>}"
<clever> > <nixpkgs/pkgs/development/interpreters/racket>
<clever> relative paths are relative to whatever file they are contained within
<clever> > ./.
<clever> if you try to treat it as a string, it will copy it to /nix/store/ and substitute in the storepath
<clever> > "${/foo}"
<clever> after every + operation, it will remove any redundant path elements
<clever> > /foo + "/"
<clever> paths do all kinds of fun things
<clever> and only takes effect after the rebuild
<clever> it gets inserted into $NIX_PATH
<clever> __monty__: dont quote paths
<clever> __monty__: can you paste an example of what you tried with ~ ?
<clever> lol
<clever> > ~/foo
<clever> note, that ~ works as you would expect
<clever> jschievink[m]: blame systemd for thinking your machine has totally failed because a new disk doesnt exist
<clever> yep
<clever> infinisil: but that wont get rid of the last generation and whole profile
<clever> zmlww: dont think so
<clever> zmlww: probably
<clever> not sure there is any way to get the whole list out
<clever> i was thinking of writeScriptBin
<clever> oh wait, the Shell version does #! for you
<clever> ah, that would also do it, though your missing the #!
<clever> runCommand "firefox-latest" {} "mkdir -pv $out/bin/; ln -sv ${latest.firefox}/bin/firefox $out/bin/firefox-latest"
<clever> colemickens: simplest would be to use runCommand

2019-07-09

<clever> exarkun: this spins up an entire qemu vm, with X, and records the screen with ffmpeg
<clever> Thra11: nixos-rebuild only obeys the overlays in nixpkgs.overlays
<clever> nixos will turn it back into a symlink next time it boots (or you rebuild switch)
<clever> you can replace the fstab symlink with a normal file, that has the same contents, then edit that file
<clever> wucke13: ah, i would just fudge /etc/fstab to make systemd not care about it
<clever> wucke13: what is the error?
<clever> and unlike javascript, ints cant be coerced
<clever> > "${42}"
<clever> "${foo}" will call coerceToString with different values from builtins.toString
<clever> virtual string coerceToString(const Pos & pos, PathSet & context, bool copyMore, bool copyToStore) const;
<clever> string s = state.coerceToString(pos, *args[0], context, true, false);
<clever> eraserhd: the magic, is the 2 bools at the end
<clever> that is the source behind builtins.toString
<clever> and if the sandbox isnt on, it still works, so they dont notice
<clever> that mistake is what often breaks things, when new users try to toString all the things
<clever> but ${toString ./id_rsa} wont copy, and turns into /home/clever/something/id_rsa
<clever> ${./id_rsa} will copy it to the store, and translate into /nix/store/hash-id_rsa
<clever> eraserhd: nope
<clever> and assumes the file will remain at that path in the future
<clever> this is one of the few cases where using toString on a path is the answer, that will give the absolute path to the file, without copying
<clever> eraserhd: "ssh -i ${toString ./id_rsa}"
<clever> ajs124: copy_file_range
<clever> what syscall is it using?
<clever> ajs124: but it shouldnt break anything
<clever> ajs124: linux doesnt understand atomic moves between bindmounts of the same fs, so it will force `mv` to copy things, causing minor performance costs
<clever> plus a fat32 ESP mounted to /boot and a bios boot partition
<clever> boot.loader.grub = { efiInstallAsRemovable = true; efiSupport = true; device = "/dev/sda"; };
<clever> combine that all together, and you need:
<clever> boot.loader.grub.efiInstallAsRemovable = true; will work around that
<clever> but efi can fail if the efi vars arent mounted, so
<clever> Miyu-chan: if you set boot.loader.grub.efiSupport = true; and /boot is fat32, then it will also do an efi install at the same time
<clever> oops, insert a grub. into that option
<clever> Miyu-chan: if you set boot.loader.device = "/dev/sda"; then it will do a legacy install into the (protective) MBR, and require a bios boot partition (1mb, not formated, not mounted) if on gpt
<clever> Miyu-chan: you can configure grub to do both efi and legacy at the same time
<clever> teto: but i dont know how that interacts with copy-on-write filesystems, and 8mb isnt much
<clever> teto: of note, nix already has a /nix/var/nix/db/reserved file, 8mb in size, and it will delete that before starting a GC, to prevent issues
<clever> but --max-freed 100m, will make that "very end" come much sooner, and then you can increase it slowly until you have enough space for a real full-gc
<clever> teto: and it wont regain space until the very end, when it deletes /nix/store/trash
<clever> teto: the problem, is that it will move things to /nix/store/trash, while updating sqlite, which can fail due to lack of space
<clever> teto: it helps to use --max-freed
<clever> immae: it is flagged as internal, so the docs hide it, and the description says not to change it, but i guess reading it will perfectly solve your question
<clever> immae: there appears to be a config.security.wrapperDir option, that controls where all of the setuid wrappers go
<clever> 144 security.wrapperDir = lib.mkOption {
<clever> immae: nixos/modules/security/wrappers/default.nix: default = "/run/wrappers/bin";
<clever> heh
<clever> with -all, you can see all of them, and hit more targets at once
<clever> without --all, it only shows the first occurance, so you may fix that, and it turns into whack-a-mole
<clever> yorick: nix why-depends --all
<clever> jgt: nothing in that code even needs rec, so it should continue to work after removing it
<clever> Taneb: there is also the problem that the opencl client i'm using appears to be using opencl 2, but amdappsdk only supports 1.2
<clever> Taneb: and under nixos-unstable, the amdgpu-pro drivers dont even compile, because linux changed multiple function definitions
<clever> jgt: and avoid rec whenever possible, it causes problems in overlays
<clever> jgt: you want to use hpNew.callPackage
<clever> Taneb: it tries to load that library, but it is not included in any package
<clever> Taneb: failing to find libamdoclsc64.so
<clever> Miyu-chan: use my rescue-boot.nix as an example, the gist is a variant with reduced closure size
<clever> Taneb: was trying to test some opencl stuff, but couldnt get it to work
<clever> Miyu-chan: this variant, will then reduce the closure size, change the nixpkgs rev, and add opencl
<clever> this generates a dedicated grub option, that boots into an installer like env
<clever> so i shoved it into an isolated boot env
<clever> and i didnt want to downgrade my whole system that far
<clever> the opencl stuff in nixos-unstable doesnt even build, and i had to go back to 18.03 to get it to build right
<clever> that contains an entire nixos env, with opencl drivers, but no xserver
<clever> say hello to my little squashfs, lol
<clever> -r--r--r-- 1 root root 286M Dec 31 1969 /boot/rescue-initrd
<clever> so you can do { stdenv, pygobject3 }: ...
<clever> thats why i prefer newScope&friends
<clever> Miyu-chan: ack
<clever> Miyu-chan: what about `duplicity.override { pygobject3 = null; }` ?
<clever> yorick: i think this is the exact same cairo issue Miyu-chan just had
<clever> yorick: ah, line 5 is python2.7-graphite-web, line 6 is saying which file inside graphite web, and a sub-section of that file, that depends on cairo
<clever> yorick: why does a database library depends on cairo (a gui library)!? lol
<clever> yorick: what is whisper?
<clever> Miyu-chan: that may explain why i had so much trouble getting hex to override
<clever> and long, lol
<clever> Miyu-chan: nope, neat
<clever> yorick: i'm guessing llvm is for gpu reasons, but does this even need opengl?
<clever> yorick: looks like it depends on glibc and llvm at runtime, `nix why-depends /nix/store/x4b7fc747s95nwynbkjdnshsrw85vxwg-unit-graphiteWeb.service /nix/store/y7nq2bjlfvmf9dhf8gfbr32qbrg3zyb4-llvm-7.0.1-lib`
<clever> Miyu-chan: and opens up the option of making it more maintainable
<clever> Miyu-chan: id be in favor, `lib.fix (self: with self; { ... })` is basically identical
<clever> Miyu-chan: if you link a PR, i could also take a look over it
<clever> Miyu-chan: does it even need pinentry?
<clever> yorick: run this on the path of graphite
<clever> [root@amd-nixos:~]# du -hc --max=0 $(nix-store -qR /run/current-system) | sort -h | tail -n5
<clever> yorick: one sec...
<clever> Miyu-chan: its usually very simple to make a wrapper for a python thing
<clever> Miyu-chan: have you tried replacing it with your own wrapper, that only does the bare minimum?
<clever> Miyu-chan: is that a wrapped wrapper?
<clever> Miyu-chan: the fishy thing i see, ..duplicity-wrapped-wrapped
<clever> Miyu-chan: use --all then
<clever> and this shows the path
<clever> [root@amd-nixos:~]# nix why-depends /run/current-system /nix/store/yprl6y9p8apy7bqkmzlszqvpl1fga3hi-cairo-1.16.0
<clever> Miyu-chan: this lists every cairo that current-system depends on
<clever> /nix/store/yprl6y9p8apy7bqkmzlszqvpl1fga3hi-cairo-1.16.0
<clever> [root@amd-nixos:~]# nix-store -qR /run/current-system | grep cairo
<clever> Miyu-chan: nix why-depends is your solution
<clever> Miyu-chan: propagated inputs exist mostly after the build is done, so you cant fully read them from nix
<clever> and it will dedup along the way, so if 2 things both imports thing.nix, you only get thing.nix listed once
<clever> Miyu-chan: the module framework uses genericClosure to go thru the imports = [ ./thing.nix ]; recursively, while allowing cycles to exist
<clever> Miyu-chan: genericClosure takes a list of things, and a function from thing->[things], and will recursively call it on each thing, without causing infinite recursion
<clever> you can change the directory, but not all packages support that, and changing it also causes a rebuild
<clever> android is even an option if you root it or use namespacing
<clever> atlas_: as long as you can write to /nix/ and have a linux or darwin kernel, nix will work
<clever> robstrrr: what IP does `dig` return, both inside and outside the network?
<clever> robstrrr: captive portals?
<clever> robstrrr: is the date/time correct?
<clever> AnswerGuy: networking.hosts and networking.extraHosts

2019-07-08

<clever> matt`: nixos isnt configured to support startx, it must be launched by systemd, via display-manager.service
<clever> sauyon: nix will pick a random user in the nixbld group, -9 every process in the user, and then start the build under thatuser
<clever> sauyon: thats why
<clever> sauyon: did you add yourself to the nixbld group?
<clever> cinimod: here
<clever> it could boot, but grub couldnt list any directory, so all debug was imposible
<clever> ive also tried /boot on /, with / on zfs, and it had weird issues
<clever> if /boot is its own filesystem, then it will always copy kernels
<clever> i'll likely be sleeping by then
<clever> kk
<clever> exarkun: it will also auto-configure itself, based on the .fsType of everything in the fileSystems attrset
<clever> exarkun: boot.supportedFilesystems is just generic support, after the initrd
<clever> exarkun: boot.initrd.supportedFilesystems is for the initrd
<clever> > builtins.readFile
<clever> gchristensen: your grafana also showed it hasnt done an eval in over a day
<clever> abbec: nix-env -i weechat, finds the unwrapped version, because the name matches weechat closer
<clever> ,-A abbec
<clever> gchristensen: https://github.com/NixOS/nixpkgs/pull/64437 no response
<clever> gchristensen: is ofborg working today?
<clever> nix-env -iA nixos.my-weechat, to force it to use the override
<clever> alexarice[m]: and the other things i link here https://github.com/NixOS/nixpkgs/issues/10165#issuecomment-195248885
<clever> alexarice[m]: there have also been 3 or 4 PR's attempting to add windows software, with helpers to make wine just work on them
<clever> alexarice[m]: it would have to copy things to somewhere under $HOME on first run
<clever> das_j: and then at eval time, its just normal function application
<clever> das_j: behind the scenes, <nixpkgs> gets translated into `__findFile __nixPath "nixpkgs"` at parse time
<clever> systemctl stop nix-daemon.socket
<clever> das_j: filesystem type? improper shutdowns recently?
<clever> teto: probably not
<clever> teto: in a pure test, you start with a blank /tmp every time, so nothing can persist
<clever> teto: did you clear the disk image between boots of the vm?
<clever> -rw-r--r-- 1 root root 972 Jul 7 14:43 /var/lib/nixos/uid-map
<clever> teto: that sounds like the json state file is full of nulls, from an improper shutdown
<clever> teto: this line (note the escape codes) will disable dpms
<clever> teto: sounds like dpms trying to prevent monitor burn-in
<clever> yorick: i know theres an http file that has the history of a given channel over time
<clever> nixops, lol
<clever> rauno: i also have plans to make zfs better supported in zfs, from the initial deploy
<clever> rauno: i would be interested in the final solution, i have a few zfs nixops machines, and it would be nice to standardize it
<clever> rauno: and then grab a partial hash, and your done
<clever> > builtins.substring 1 3 "abcdef"
<clever> rauno: those 3 together, would give you a unique string for that host, in that deployment
<clever> rauno: config.deployment.uuid, config.deployment.name, and the name in { config, name, pkgs, ... }:
<clever> and then...
<clever> you can hash a string...
<clever> > builtins.hashString "sha256" "foobar"
<clever> although....
<clever> rauno: i generate it from bash, and then insert it into the generated configuration.nix, https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix#L109-L122
<clever> the single quotes stop bash from expanding it, and force the sh child-proc to expand it
<clever> that will export it, for one command, but not persist it
<clever> FOO=bar sh -c 'echo $FOO'
<clever> there is also,
<clever> ive not really done much with set/declare
<clever> `set FOO=` will set it to an empty string, while `unset FOO` will entirely unset it
<clever> day|flip: thats fairly simple
<clever> day|flip: i use zfs, so that both share the free space
<clever> you may also want configurePhase = "echo stop that";
<clever> patchPhase !!
<clever> so nix is running configure, before you patch things
<clever> during configurePhase, nix will run configure for you
<clever> the configurePhase, comes before the buildPhase
<clever> oh, i see the problem
<clever> patchShebangs has to be ran
<clever> nix-store -l /nix/store/foo will read the logs
<clever> in both cases, the entire output is logged when the build passes
<clever> i flip between the 2 based on how much output i want
<clever> `nix-build` will show the entire log, failure or not
<clever> `nix build` will show the last 10 lines of the log on failure
<clever> zacts: they both build, but the args they accept and how they output differ a lot
<clever> zacts: nope
<clever> omnipotententity: ah!
<clever> yep
<clever> and the active nix-daemon is too old
<clever> it was still trying to connect to nix-daemon
<clever> export NIX_REMOTE=local
<clever> nix-store --version ?
<clever> exarkun: what does `echo $NIX_REMOTE` say?
<clever> exarkun: are you using `_NIXOS_REBUILD_REEXEC=1 nixos-rebuild test` ?
<clever> ls -ld /nix/store/*nix-2*/
<clever> then you can manually find a newer nix in /nix/store/, and add it to PATH yourself
<clever> that tells nixos-rebuild to not add its own idea of nix to PATH
<clever> `_NIXOS_REBUILD_REEXEC=1 nixos-rebuild`
<clever> yeah, one sec
<clever> nix.package may not work, since it needs the new nix to read the config and get the new new
<clever> exarkun: you can force nixos-rebuild to use a newer nix, so it can read the store
<clever> exarkun: i would just upgrade further
<clever> zacts: just boot.supportedFilesystems = [ "zfs"]; and nixos will build the kernel drivers for you
<clever> zacts: i use zfs on all of my nixos machines

2019-07-07

<clever> the driver may not have an option to change that
<clever> by default, alsamixer is opening the pulse compat layer
<clever> juliusdeane: when you use f6, you can change to another device
<clever> juliusdeane: hit f6 i believe
<clever> the rpath on the libs needs to be set, but not the interp
<clever> ah
<clever> and try an older nixpkgs
<clever> yeah, id ask on that PR or poke that user
<clever> omnipotententity: the nixpkgs manual