2019-01-31

<clever> nope, still nada
<clever> oh, maybe my chrome addons...
<clever> samueldr: thats the websocket upgrading from http to packet based streams
<clever> it doesn open a websocket
<clever> nothing happens when i type in it
<clever> gchristensen: is the terminal supposed to work?
<clever> gchristensen: lol
<clever> hodapp: not sure exactly, been a few years
<clever> but he had uid 0, and we tried to swapon, but that failed!
<clever> joepie91: ive helped a friend on something close to opencv before, and he didnt have enough ram to do basic operations
<clever> that post explains how to actually use kvm itself
<clever> "Most introduction of KVM I found are actually introducing either libvirt or qemu, lack of how to utilize KVM by hand, that's why I have this post."
<clever> praetorg: the auto-upgrade creates a systemd unit, so you can `systemctl list-timers` and `journalctl -f -u nixos-upgrade.service`
<clever> sondr3: i also have my entire filesystem on zfs, which is on an NVME device
<clever> sondr3: the rest is standard nixos stuff for any gpu, like 32bit dri, 32bit pulse libs
<clever> sondr3: the desktop config isnt on github, but the only special line is the one i gave above
<clever> sondr3: on the nixos-unstable channel, default kernel for that channel
<clever> Linux amd-nixos 4.19.15 #1-NixOS SMP Sun Jan 13 08:51:11 UTC 2019 x86_64 GNU/Linux
<clever> sondr3: with that card, and that nixos config, i have 3 monitors running, 3d accel, no 2d issues anymore, and a number of "windows only" games work in steam
<clever> services.xserver.videoDrivers = [ "amdgpu" ];
<clever> 01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Bonaire XTX [Radeon R7 260X/360]
<clever> jevonearth: then you can nix-env -iA uniquename.postman
<clever> jevonearth: since nixpkgs-unstable is being held behind by darwin, you may want to add nixos-unstable as another channel, giving it a unique name
<clever> ah
<clever> jevonearth: does it have to be postman? or will any sendmail work? https://nixos.org/nixos/options.html#defaultmail
<clever> dang, no postman module!
<clever> jevonearth: i usually start at https://nixos.org/nixos/options.html#
<clever> jevonearth: what was the actual problem? ive only seen half the convo
<clever> jevonearth: so you can just install nixpkgs.hello to get unstable, or nixos.hello to get stable
<clever> jevonearth: and nix-env follows different rules, nix-env -iA channel.hello will use the channel with the given name
<clever> jevonearth: but <nixpkgs> is specially mapped to the nixos channel
<clever> jevonearth: for most channels, you can use <channelname> to refer to it in nix, like <nixos> and <nixos-hardware>
<clever> jevonearth: only nix-env can use nixpkgs-unstable, in your setup
<clever> jevonearth: ah, thats safer, nixos itself is using the nixos-18.09 channel
<clever> jevonearth: nixpkgs-unstable doesnt test boot related tasks, and that has corrupted grub config in the past
<clever> jevonearth: you must never use nixpkgs-unstable on nixos
<clever> jevonearth: are you on nixos?
<clever> gchristensen: its a timeout, so it may just need a restart?
<clever> on darwin
<clever> jevonearth: nixpkgs-unstable isnt updating, because nix-info-tested is failing
<clever> jevonearth: nixpkgs-unstable last updated 7 days ago
<clever> jevonearth: http://howoldis.herokuapp.com/
<clever> jevonearth: when a rev of release-18.09 passes testing, the nixos-18.09 branch in nixpkgs-channels is updated
<clever> jevonearth: release-18.09 is the source for nixos-18.09, before testing occurs
<clever> jevonearth: branch names in nixpkgs-channels, match channel names, and always match what the channel currently is
<clever> jevonearth: the channels are on the nixpkgs-channels repo
<clever> infinisil: yeah, the secrets are in .gitignore
<clever> infinisil: that contains the nixos config for my router and nas, along with random modules i share to others
<clever> this is how i deal with secrets
<clever> infinisil: i used to do that, but have since trasitioned to a public github repo
<clever> iddt: packet.net also has nixos as an install option, and it will auto-generate a configuration.nix file at install time, then just ssh in, edit as needed, and nixos-rebuild
<clever> iddt: aws has AMI images with nixos pre-installed, and nixops can fully automate creating machines and deploying changes
<clever> iddt: and the FHS sandbox nix provides, allows that to just work
<clever> iddt: when you try to install a windows game, steam will also download the pre-built ELF files for proton
<clever> sphalerite: have i really been using nixos that long? lol
<clever> iddt: but some still fail
<clever> iddt: steam now has proton support (a fork of wine) and a number of "windows only" games just work on nixos now
<clever> sphalerite: it may have changed since i last looked
<clever> iddt: my main nixos desktop is still dual-boot, because a few steam games are windows-only
<clever> ingenieroariel_: nixos disables ping by default, you have to allow that with an option
<clever> if no users exist in the db, it may just reject you immediately
<clever> so you have to run the samba commands to add/edit users within it
<clever> ldlework: line 29, it will use a password database specific to samba
<clever> ldlework: line 32 may be partially to blame?
<clever> ldlework: line 39, its not allowing guests, so you must authenticate somehow
<clever> ldlework: thats why all of my samba shares are world readable
<clever> ldlework: auth issues
<clever> ldlework: then you lack permissions at the server end
<clever> ingenieroariel: you need to setup networking.nat in the nixos config
<clever> ldlework: ive found its a lot more reliable to use IP, \\192.168.0.61\
<clever> ingenieroariel: is NAT enabled?
<clever> for irc, i just run irssi
<clever> judson: i have 5 slacks and 1 discord tab...
<clever> it will even configure nix to believe that, and allow "native" arm builds locally
<clever> and now your machine can magically run armv6l and armv7l binaries
<clever> judson: and then you can set qemu-user.arm = true;
<clever> judson: just clone my repo, add imports = [ /path/to/nixos-configs/qemu.nix ];
<clever> judson: i have several modules on my nixos configs repo that i share with others
<clever> fresheyeball: ignoring the DP, i can run up to 3 monitors digitally
<clever> fresheyeball: my desktop GPU has 4 outputs, dvi-d, hdmi, dvi-a, and displayport
<clever> xok: and you may want to configure the other options under that node as well
<clever> xok: https://nixos.org/nixos/options.html#networking.defaultmailserver.sets
<clever> xok: ah, sendmail wants to be setuid root, one sec
<clever> xok: depends on what else you have installed
<clever> xok: if you add ssmtp to systemPackages, then sendmail will be in PATH
<clever> ldlework: looks like the example value (line 171) and the wiki, are now invalid
<clever> ,locate bin sendmail
<clever> ldlework: my guess is that the samba user may lack access to the path on line 26, see if you can find a samba log file
<clever> ldlework: what options did you set?
<clever> dmj`: /home/clever/apps/nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh:wrapProgram() {
<clever> dmj`: yes
<clever> wedens: what is the contents of x/default.nix ?
<clever> lux1: from what ive heard, yeah, you could try asking #zfsonlinux to confirm things
<clever> since it may want to change a header to say it has resumed
<clever> lux1: you could maybe import it read-only, but i dont think linux would allow restoring from a read-only swap?
<clever> lux1: more that importing the pool, to then do anything, requires making some changes
<clever> lux1: and then the 2nd one, is that to read the swap device, you must import the pool
<clever> lux1: so, that first problem is definitely going to lead to some corruption
<clever> similarly to when you import the same blockdev on 2 systems at once (shared blockdev)
<clever> and now the disk has been messed with, and the "new" kernel state isnt aware of that
<clever> lux1: but, when you resume a suspend-to-disk, you restore the kernel state
<clever> lux1: the first problem, is that importing the pool, will trigger improper-shutdown type recovery
<clever> lux1: i think swap on zfs, with suspend to disk, will be even worse
<clever> gchristensen: which is rather difficult with rootfs on zfs
<clever> gchristensen: correct, you must export the pool before you hibernate
<clever> lux1: zfs has no support for hibernation
<clever> if you do, nix-build '<nixos/nixpkgs>' -A julia, what does it do?
<clever> so your machine tries to just build it again
<clever> and the cache cant record failures
<clever> so no cached copy is available
<clever> jabranham: it might have failed in hydra, for one of your channels
<clever> you can find your channels in ~/.nix-defexpr/
<clever> if you want to change the channel its using
<clever> for nix-shell -p, you want -I nixpkgs=/path/to/nixpkgs
<clever> nix-env -iA nixos.julia, forces the channel julia, or in your case, unstable.julia forces the unstable channel
<clever> nix-env -i julia, picks a somewhat random channel
<clever> nix-shell uses <nixpkgs>, which wont be unstable
<clever> jabranham: ah, yeah, you have 2 channels, likely nixos and unstable
<clever> jabranham: what does `nix-instantiate --find-file nixpkgs` say?
<clever> ingenieroariel: `rfkill --help` shows an unblock command
<clever> ingenieroariel: is the rf kill switch on the laptop set?
<clever> jomik: the haskell.packages set, contains variants of haskellPackages, for every single ghc version in nixpkgs
<clever> jomik: you can also use :b in the repl to build an attr, to see if that one works or not
<clever> jomik: tab completion inside `nix repl '<nixpkgs>'`
<clever> jomik: you need to use a different ghc version, haskell.packages.ghcxxx.purescript
<clever> wedens: i typically just do something like `nix eval nixpkgs.lib.version` to get the current rev my channel is at, and then use that to pin whatever project i'm starting
<clever> wedens: only revs that are in a channel will be garanteed to have good coverage in the cache

2019-01-30

<clever> so you can still fix it by setting sendmail_path in php.ini
<clever> that default then acts as the fallback, for when you dont set it in php.ini
<clever> PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL)
<clever> also, this is merely the default path, DEFAULT_SENDMAIL_PATH
<clever> infinisil: the fact that we are not seeing /usr/sbin in the error, means that PHP_PROG_SENDMAIL is defined, yet empty
<clever> infinisil: if PHP_PROG_SENDMAIL is defined, it will use that, if its not defined, it will be hard-coded to # define DEFAULT_SENDMAIL_PATH "/usr/sbin/sendmail -t -i"
<clever> it sounds like somebody defined it to "" ?
<clever> ah, thats inside a #ifdef PHP_PROG_SENDMAIL
<clever> infinisil: so it relies on PHP_PROG_SENDMAIL being set right at compile time? feels like a nixpkgs bug
<clever> infinisil: main/main.c:# define DEFAULT_SENDMAIL_PATH PHP_PROG_SENDMAIL " -t -i "
<clever> infinisil: simplest thing is to just jump to the extreme, [root@system76:~]# nix-shell '<nixpkgs>' -A php --run unpackPhase
<clever> "A program that produces a familiar, friendly greeting"
<clever> $ nix eval nixpkgs.hello.meta.description
<clever> xok: youll want to dig around in the php config to tell it where to find the sendmail binary
<clever> xok: but the sendmail variable was "", so it turned into just " -t -i "
<clever> xok: sounds like php was running sendmail + " -t -i "
<clever> xok: run it under `strace -f -e execve -s 200 php foo.php`
<clever> kenogo: libredirect
<clever> you might even have an agent running already, what happens when you run `ssh-add -l` ?
<clever> the $SSH_AUTH_SOCK var will carry over, and give it access
<clever> teto: an ssh agent will keep things working
<clever> that just runs the git clone outside of the sandbox
<clever> teto: builtins.fetchGit is the simplest solution
<clever> nix-channel is just a helper that wraps that nix-env profile
<clever> that will show everything installed into it, then you can change `-q` to `-e <name>` to uninstall things like normal
<clever> typetetris: nix-env --profile /nix/var/nix/profiles/per-user/<username>/channels -q
<clever> typetetris: where does the ~/.nix-defexpr/channels symlink point?
<clever> so there is no "right" way to remove the last channel
<clever> there is a bug, where --update does nothing if you have zero channels
<clever> does --list show a channel?
<clever> typetetris: you need to --update to apply the changes
<clever> ah, exact other end of the country
<clever> bpye: where in canada? i'm on the east coast, tons of snow here
<clever> bpye: ah
<clever> everything else, just has to finish (pass or fail)
<clever> typetetris: the hydra links here, point to the subset that must pass, for the channel to update
<clever> typetetris: but things can fail, and the channel will still update
<clever> typetetris: for all channels not ending in -small, the channel only updates when hydra has tried to build everything
<clever> nixpkgs-unstable didnt test that, updated, and then at least 20 people discovered boot problems
<clever> nixos-unstable correctly refused to update
<clever> typetetris: about a 2 years ago, a bug was introduced, that corrupted the grub cfg file
<clever> typetetris: nixos-unstable waits for nixos testscases to pass before updating
<clever> and you want `nixos-rebuild boot` since its not able to switch
<clever> bpye: the nixos ones are not likely an issue
<clever> bpye: are they configured with zfs settings, or nixos settings?
<clever> bpye: all i can think of is to try to disable them and reboot, then maybe look into why its having issues
<clever> bpye: do you have any special zfs shares setup?
<clever> sphalerite: it may not sync on the way down? :D
<clever> then you can use /nix/var/nix/profiles/system/sw/bin/passwd to fix the pw
<clever> that will drop you into a root shell without asking for a pw
<clever> bpye: you can also change it to init=/bin/sh (and tell it to continue when it claims it doesnt exist)
<clever> bpye: anything interesting in `journalctl -b -1` ?
<clever> bpye: try adding the word `single` to the kernel params in grub?
<clever> bpye: is the ethernet cord maybe damaged?
<clever> bpye: and if you try to do rollbacks via grub?
<clever> Edes: you want to use yarn2nix
<clever> teto: i would just use an http url, nix-build https://github.com/nixos/nixpkgs-channels/archive/nixos-unstable.tar.gz -A hello
<clever> petersjt014: so you could simply do imports = [ ./netboot_server.nix ]; and then set netboot_server.network = { wan = "wlpsomething"; lan = "eth0"; };
<clever> petersjt014: in this module, i define my own options for the wan card (your wifi) and lan card (your ethernet)
<clever> petersjt014: the nat does the bulk of the work, and the dhcp/bind config automate configuring the devices on the ethernet side
<clever> petersjt014: yes
<clever> yl[m]: its about 4am where domen is, so it will probably come back in a few hours
<clever> yl[m]: unknown, looks like the server may just be offline
<clever> ditadi: so you could --option substituters htts://cache.nixos.org
<clever> ditadi: you can use --option to override any nix.conf field
<clever> tab-complete in nix repl to find them, and experiment with them
<clever> lib.mapAttrs and friends
<clever> noonien: manually, or from nix?
<clever> noonien: nix repl `<nixpkgs>` and tab-completion
<clever> noonien: no real way to directly tell which nix files it came from, just guess, nix-instantiate, and compare
<clever> nope
<clever> noonien: you want config.nixpkgs.config
<clever> nDuff: behind the scenes, it uses ~/.cache/nix/tarballs/ for the cache
<clever> and optionally, follow up by searching for those keys on the docs
<clever> that command will parse nix.conf, and show the result of merging defaults with config
<clever> nDuff: nix show-config | grep ttl
<clever> you can also remove the ... to discover what other things are being given to you
<clever> the ... lets it ignore args it doesnt want
<clever> _module.args.unstable = ...; allows you to { pkgs, unstable, ... }:
<clever> noonien: another is to look at why you have pkgs on line 1 to begin with, https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/nixpkgs.nix#L222-L224
<clever> noonien: one option is to just make a package override, to create pkgs.unstable
<clever> noonien: the nixpkgs-channels repo on github

2019-01-29

<clever> dmj`: so your program winds up being an x86-64 macos binary
<clever> dmj`: the simulator is just an x86 library that opens a normal desktop gui, and implements the same API as the mobile system libraries
<clever> dmj`: ios-simulator64 will never run on a phone
<clever> when unset, it will obey what dhcp tells it to use
<clever> networking.nameservers
<clever> yeah
<clever> aleph-: what does /etc/resolv.conf say the dns server is?
<clever> aleph-: try again
<clever> aleph-: your dns is offline
<clever> rl: (6) Could not resolve host: abbradar.net
<clever> yeah, master is the simplest way to confirm if nixpkgs has fixed it
<clever> aleph-: 404, upstream has deleted the tar, you will need to try a newer nixpkgs, if nixpkgs has already been fixed
<clever> aleph-: dns failure? hash failure? connection timeout?
<clever> aleph-: what does `nix-build '<nixpkgs>' -A steam` say?
<clever> then the 21st piece assembles them all, and boom, bricks all the illegal CAM's
<clever> shipping out firmware updates in 20 pieces, that all look harmless on their own
<clever> elvishjerricco: ive even heard stories of hacker level tricks being pulled by sat companies
<clever> in the case of satelite systems, the CAM is on a smartcard
<clever> that bytesteam can then do anything, from just giving it the protected key, to giving the CAM firmware updates
<clever> mpegts crypto, involves the sending a black-box bytestream to the CAM, which will then spit out the current 16bit key
<clever> and the upstream source can be rotating the key as often as every 5 seconds if they wanted to
<clever> the problem, is that the lookup could take up to 3 minutes (with "modern" hardware at the time of the paper)
<clever> and because the key is only 16bits, you can then lookup the key, using a rainbow table
<clever> the paper i found, says that you can just search the mpegts stream, for 2 blocks with identical ciphertext
<clever> elvishjerricco: it doesnt use a nonce, and h264 has a lot of padding in the form of nulls
<clever> elvishjerricco: after a bit of research, i discovered a flaw in mpegts crypto
<clever> elvishjerricco: oh, that reminds me of the days when i was trying to get tv capture working on my hdtv setup
<clever> elvishjerricco: go over the libsodium docs and try playing with their functions
<clever> so you have no way to undo it, and no way to relate the keys from 2 blocks
<clever> concat, not add
<clever> one simple (but probably not the safest) way to do such a thing, is just sha256(realkey+block#)
<clever> elvishjerricco: so the real encryption key, is a combination of the masterkey, and the block#
<clever> elvishjerricco: i suspect it uses the block# as a nonce
<clever> Myrl-saki: yep
<clever> elvishjerricco: yeah, at that point, your better off just making a new luks device, and copying the contents over
<clever> the normal commands for changing a pw, just change the keyslot that protects the master key, to enrypt it with a new pw
<clever> and you can potentially have multiple copies of the same master key, encrypted by different passwords
<clever> that master key, is then encrypted with your password, to fill a keyslot
<clever> luks has a single master key, used for all disk encryption, that can never change (enless you want to re-encrypt the entire disk)
<clever> elvishjerricco: no
<clever> Myrl-saki: yes
<clever> Myrl-saki: there are backup and restore commands
<clever> Myrl-saki: yeah, if you have a copy of the old header, you can undo a password change
<clever> elvishjerricco: ive seen people quote old storepaths in nix expressions
<clever> and it wont be counted as an input, so anything down the road also wont get it at buildtime
<clever> but the sandbox will also not provide a copy at buildtime
<clever> nope
<clever> Myrl-saki: nix requires that it be part of your input closure
<clever> Myrl-saki: yeah, as the stdenv processes every buildInputs entry, it checks the nix-support on them, and can recursively follow the propagated ones
<clever> nix checks for deps, by serializing the entire $out (via nix-store --dump $out), and then just doing a dumb string search for the hash from every input
<clever> compression is the only thing that easily breaks the dep chain
<clever> Myrl-saki: thats common, not easy to disable
<clever> Myrl-saki: in the case of zfs, all blocks on disk are immutable, so pre-allocating null blocks with fallocate is pointless, since your doing to be getting even more blocks when you have real contents
<clever> on darwin, its identical to fallocate :P
<clever> so its basically instant, on FS's that support space files
<clever> truncate just sets the size, without allocating any blocks
<clever> fallocate doesnt mean much on zfs
<clever> try truncate, rather then fallocate
<clever> Myrl-saki: what about the preVM script?
<clever> Myrl-saki: cant you check the size at bash time, and adjust it there?
<clever> Myrl-saki: why do you need file length in nix?
<clever> Myrl-saki: du recurses for you, omit the * and change --max=
<clever> wedens: cant really thing of anything
<clever> wedens: i have switched my nas and router from nixos-rebuild to nixops
<clever> wedens: it will switch over to whatever nixops provides, and if you get some bits like fileSystems or boot.loader wrong, it may not boot right, but it should still work with the old generations in the bootloader
<clever> wedens: as long as you have ssh to root, yeah
<clever> so you can basically ignore nix-channel
<clever> it also changes the search path of <nixpkgs> to match whatever nixops used
<clever> so you cant break the machine by accident
<clever> it changes the search path for configuration.nix, to break nixos-rebuild
<clever> wedens: this is something i use in combination with my nixops machines
<clever> wedens: yep
<clever> wedens: but if your config is simple enough, you could copy it back into the configuration.nix and go backwards
<clever> wedens: you will always need to use nixops, nixos-rebuild ignores the nixops config
<clever> iqubic: ls sorts things by default, but `ls -U` forces it to not sort
<clever> now all files are in a random order, that changes on every read
<clever> so you can easily find them
<clever> _deepfire: https://packages.debian.org/sid/disorderfs is designed to make such bugs worse