<clever>
noonien: build-vm will overwrite the rootfs config, and then use 9plan to mount the host /nix/store to the guest
<clever>
noonien: correct, and build-vm disables most of that
<clever>
noonien: boots just fine
<clever>
noonien: if you run nix-collect-garbage with no args, then no garbage will remain, but there can be things that random result links hold onto, that is technically "not garbage"
<clever>
betawaffle: https://github.com/cleverca22/not-os is based on nixos, but it strips out all the garbage like systemd, the entire rootfs is 47mb
<clever>
betawaffle: not-os, haskell-init
<clever>
betawaffle: the nix expressions have already turned the config into a full system, which is living in /nix/store/
<clever>
betawaffle: the switch-to-configuration script deals with updating symlinks in /etc/ and restarting systemd services, and updating the main /run/current-system symlink
<clever>
betawaffle: basically, nixos-rebuild is just `nix-build '<nixos/nixos>' -A system && ./result/bin/switch-to-configuration switch`
<clever>
and you would likely want -I nixos-config=something.nix, or it will wind up being a clone of the local machine
<clever>
using the local cfg
<clever>
i think --target-host builds it locally, then copies it to the target host
<clever>
you still need to get that cfg right, when using --target-host
<clever>
so you have to get fileSystems."/" and boot.loader all set right
<clever>
therealwaphire[m: the biggest issue, is that the cfg you deploy with nixops, must know how to make the machine boot
<clever>
therealwaphire[m: yep, both my nas and router started as normal nixos
<clever>
therealwaphire[m: on my local network, i use nixops to manage both the router and nas, and it lets me update both with just `nixops deploy`, rather then having to ssh into each, git pull the cfg, and nixos-rebuild
<clever>
therealwaphire[m: yeah, it depends a lot on what your actually doing with the servers
<clever>
i dont autoUpgrade anything
<clever>
therealwaphire[m: when you need to spin up 100 identical servers, and they all need to know eachothers IP's
<clever>
he means the difference between using nixops, or using autoUpgrade
<clever>
therealwaphire[m: and you can have the IP's of other machines in the nixops file, baked into eachothers config files
<clever>
therealwaphire[m: it only happens when you want to upgrade
<clever>
therealwaphire[m: updates are done by just re-running `nixops deploy`
<clever>
and optionally, it lets the remote end use the nixos cache
<clever>
nixops just uses `nix copy` to push a locally built copy to the remote machine
<clever>
and it almost replaces `nixos-install`
<clever>
therealwaphire[m: thats basically 80% of `nixops deploy`, but with a remote chroot
<clever>
therealwaphire[m: this will copy a given storepath, from the local machine, to /mnt/nix/store on a remote machine
<clever>
Android: (haskell.lib.doJailbreak haskellPackages.adb) will just ignore all version constraints
<clever>
therealwaphire[m: its forking out a lot of children, so -f has to be added to strace
<clever>
Android: ghc 8.4.4 has base 4.11.1.0, and adb requires a base <4.11!
<clever>
samueldr: policykit?
<clever>
therealwaphire[m: the rules dont matter as much as the actual permissions under /dev/
<clever>
Android: ah dang, 844 doesnt work, it just took longer to fail!
<clever>
therealwaphire[m: what about `strace -e open solaar` on arch? what devices does it open?
<clever>
therealwaphire[m: yeah, not setuid root, what about /dev/hidraw0 ?
<clever>
Android: haskell.packages.ghc844.adb works
<clever>
so just blindly +s'ing something that isnt meant to be, wont actually give it full root
<clever>
therealwaphire[m: it might be that solaar doesnt like being setuid root, setuid binaries are a bit weird, and have 2 uid's attached to them, and the app has to select which one to use at any given moment
<clever>
Android: checking the haskell one...
<clever>
Android: androidenv.androidPkgs_9_0.platform-tools has the CLI adb tool
<clever>
Android: do you want the CLI adb tool, or the haskell library called adb?
<clever>
Android: but not the CLI adb tool
<clever>
Android: ah, thats a haskell library, for speaking adb
<clever>
Android: thats not the android adb
<clever>
therealwaphire[m: what happens when you run `/run/wrappers/bin/solaar` ?
<clever>
therealwaphire[m: and are you in the plugdev group? (run `id`)
<clever>
therealwaphire[m: what does ls say about solaar?
<clever>
therealwaphire[m: does solaar exist in `ls -lh /run/wrappers/bin/` ?
<clever>
therealwaphire[m: you might need to uninstall the solaar in home-manager
<clever>
the ? is a glob character, and nullglob causes foo? to vanish
<clever>
samueldr: and of note, the stdenv enables nullglob, which can cause weird bugs if somebody just does "echo do you want to install foo?"
<clever>
samueldr: the globbing is handled by bash, so it turns into cp a b dest/
<clever>
samueldr: added another comment
<clever>
Android: android-ndk failed to build, because 1 dep (likely htmlunit-driver-standalone) failed to build
<clever>
cannot build derivation '/nix/store/xjfakgdssdws7w16yl2dc81343hx5dls-android-ndk-r17c.drv': 1 dependencies couldn't be built
<clever>
samueldr: dropped a review comment on the PR
<clever>
Android: ah, that would make sense
<clever>
Android: can you pastebin the entire error?
<clever>
Android: that should be visible in the errors nix prints after X fails to download
<clever>
therealwaphire[m: shouldnt be
<clever>
therealwaphire[m: that then enables wireshark to capture packets, without being ran as root
<clever>
therealwaphire[m: this allows dumpcap to be ran setuid root, but only by users in the wireshark group