2019-01-11

<clever> nh2: look at the nix source for lib.sublist, its horid!
<clever> moving sublist to native massively improves the speed
<clever> nh2: lib.sublist is a major bottleneck in the lib.unique implementation
<clever> nh2: i have a pr to nix to improve its speed
<clever> even the bootstrap tools
<clever> gc-keep-outputs would probably recursively root every input
<clever> gchristensen: one of these in nix.conf
<clever> gc-keep-outputs = true
<clever> gc-keep-derivations = true
<clever> gchristensen: outputs or other drv's?
<clever> probably
<clever> ilya-fedin: second, changes like that only take effect after nixos-rebuild finishes
<clever> ilya-fedin: first, maxJobs is nix level jobs
<clever> tilpner: nice, ive been using 2 pushes for an old repo, for ages
<clever> ilya-fedin: you want rec then, pkgs: rec {
<clever> packageOverrides adds things to pkgs
<clever> on line 77 of configuration.nix
<clever> i believe
<clever> ilya-fedin: you want to stick a pkgs. before that
<clever> the pkgs set is defined in all-packages.nix
<clever> > pkgs.linuxPackagesFor
<clever> my general idea when modifying something ive found online, i just put my changes onto a public github repo, and say 'thats enough'
<clever> and then there are funny licenses like zfs, where you can build it yourself, but you cant ship built binaries, i think
<clever> synergy is the only exception ive seen so far, you have to pay (once) for the windows version, yet the source is on github, and nixpkgs can build it just fine
<clever> most of the time, if you can see the source, its "free"
<clever> dcol: you usually get much better results with patchelf
<clever> dcol: 90% of the time buildFHSEnv is the wrong tool for the job
<clever> disasm: this isnt vim!
<clever> nixpkgs.config.packageOverrides = pkgs: { ncmpcpp = pkgs.ncmpcpp.override = { outputsSupport = true; }; };
<clever> thats not how overrides work
<clever> that is not an exact error
<clever> what was the exact error?
<clever> nope
<clever> { pkgs, config, ... }:
<clever> yes
<clever> alex_giusi_tiri: you could add glib.dev to your systemPackages
<clever> alex_giusi_tiri: only for that shell
<clever> alex_giusi_tiri: probably glib.dev, and glib installs only non-dev by default, you probably want `nix-shell -p glib`
<clever> blame the bot for scrambling the syntax :P
<clever> from the nix-index package
<clever> alex_giusi_tiri: at the shell, its `nix-locate bin/gsettings`
<clever> yeah, that should also work
<clever> alex_giusi_tiri: its in the glib package
<clever> ,locate bin gsettings
<clever> double-check the contents of that config file, and see what happens if you manually run `mpd --no-daemon --verbose` on the config file
<clever> AK_: is the x in /nix/store missing?
<clever> AK_: does mpd have a way to test a file to see if its valid?
<clever> AK_: and if you read that config file, does it look valid?
<clever> AK_: cat /etc/systemd/system/mpd.service, and check to see if its ExecStart is passing valid arguments
<clever> neminis: home-manager is the usual way of doing that
<clever> neminis: what file do you want to copy where? and why?
<clever> iqubic: extra-statsd is just a custom program i wrote, that reports a bunch of random things to statsd
<clever> so those machines have it listed in imports
<clever> its just a random service i enable on some machines
<clever> and the many other files in that repo
<clever> tobiasBora: make a second file, that configures only wireguard, and add it to the imports section
<clever> tobiasBora: at that point, your better off just using modules properly
<clever> tobiasBora: oh, i didnt even notice that part
<clever> gchristensen: neat
<clever> AK_: try doing another nixos-rebuild, and then systemctl start mpd.service
<clever> changes to configuration.nix dont take effect until you nixos-rebuild
<clever> did you nixos-rebuild ?
<clever> AK_: systemctl start mpd.service
<clever> AK_: journalctl -f -u mpd.service
<clever> AK_: how did you configure that?
<clever> tobiasBora: then the above code can convert it over the same as before
<clever> tobiasBora: you could define your own nixos option, of type attr, and then set it from many files, and nixos will // them together for you
<clever> AK_: how did you configure it to run?
<clever> AK_: is it running?
<clever> AK_: what error is it giving?
<clever> AK_: the firewall allows all 127.0.0.1 traffic automatically
<clever> AK_: are you trying to access it from outside the machine?
<clever> then it uses a few basic functions to extract only the tcp, and only the udp
<clever> it can contain many services, and tcp/udp can be present/missing for each
<clever> tobiasBora: you give it a set, in the form of service.tcp = [ 80 ];
<clever> { networking = { firewall = { allowedTcpPorts = [ 80 443 ]; allowedUdpPorts = [ 80 443 ]; }; }; }
<clever> nix-repl> :p let rules = { http = { udp=[80]; tcp=[80]; }; https={udp=[443];tcp=[443];}; }; thing = f: builtins.concatLists (map f (builtins.attrValues rules)); in { networking.firewall.allowedTcpPorts = thing (x: x.tcp or []); networking.firewall.allowedUdpPorts = thing (x: x.udp or []); }
<clever> tobiasBora: yes, let me type up a longer example
<clever> tobiasBora: you can still do it in one file
<clever> gchristensen: mkAfter
<clever> moving it to a let section would solve the first problem
<clever> your defining the same key multiple times
<clever> second, an attribute set, is a set from key->value, and each key must only appear once
<clever> it must not be in the config area of the file
<clever> so nixos will complain loudly and refuse to build at all
<clever> first, you are defining a nixos option called UDPPorts, which doesnt exist
<clever> 2 main problems with the example you linked
<clever> netstat -anp | grep 631
<clever> you can check netstat to confirm what protocols something is listening on
<clever> or range based partial downloads
<clever> streaming is typically done by downloading many small files in sequence
<clever> websocket is done over the existing tcp socket
<clever> tobiasBora: also, there is no point in opening udp 80 or 443, http(s) is tcp only
<clever> and then just add as many things as you need to imports, it can also form a tree
<clever> tobiasBora: you could also just use full nixos modules, imports = [ ./foo.nix ]; and then foo.nix contains, { networking.firewall.allowedTCPPorts = [ 80 443 ]; }
<clever> > builtins.concatLists (lib.attrValues { http = [ 80 ]; https = [ 443 ]; })
<clever> tobiasBora: or this, which just returns every value in an attr set
<clever> > lib.attrValues { http = [ 80 ]; https = [ 443 ]; }
<clever> tobiasBora: all variables are immutable, so you need to either do: let http = 80; https = 443; tcpPorts = [ htth https ];
<clever> the nix-hash can also convert and hash things
<clever> nix supports both base16 and base32 in the sha256 field

2019-01-10

<clever> growpotkin: chromium-browser is just a symlink to chromium
<clever> https://html5gamepad.com/ seamlessly detects when i connect a usb gamepad, and just starts working
<clever> growpotkin: yep
<clever> evtest is much lower level and gives all the dirty details
<clever> growpotkin: https://html5gamepad.com/ tests things from the same general end that steam expects it to work on
<clever> or doJailBreak to ignore the version limits
<clever> just use cabal2nix or callHackage then
<clever> oh, but override attrs has trouble removing
<clever> betaboon: just remove the revision entirely
<clever> ah
<clever> tobiasBora: scrolling?
<clever> tobiasBora: nope
<clever> $ curl http://hackage.haskell.org/package/critbit-0.2.0.0/revision/1.cabal -s | grep base base >= 4 && < 4.11,
<clever> blame hackage for changing the cabal file without telling anyone :P
<clever> betaboon: oh wait, its using cabal revisions, do you have to read this cabal file
<clever> Replace Cabal file with edited version from http://hackage.haskell.org/package/critbit-0.2.0.0/revision/1.cabal.
<clever> betaboon: its clearly critbit thats failing, double-check the cabal file in this tar, unpacking source archive /nix/store/p4797yi3qwwzy7pkmqggzjm26lh4xsf9-critbit-0.2.0.0.tar.gz
<clever> betaboon: double-check which derivation is actually failing, a few lines down from that error
<clever> tobiasBora: journalctl -u sshd
<clever> jabranham: nix-env, takes a channel name, so `nix-env -iA nixpkgs.foo` uses the channel called nixpkgs
<clever> jabranham: nixos-rebuild always uses the channel called nixos, so it wont use the channel called unstable
<clever> about the only time to use non-root channels is when your on a shared machine and lack root
<clever> then all users can freely access it
<clever> jabranham: you can just add the unstable channel to root as well, and call it unstable
<clever> jabranham: all of roots channels are available to other users, which is why AK_ got a collision when both users have a channel with the same name
<clever> jabranham: they should be inheriting the nixos channel, from the root user
<clever> AK_: you added a channel called nixos to a non-root user, the nixos channel should only exist on root
<clever> AK_: in general, if the xserver is enabled, i never touch the console, so console fonts dont matter
<clever> your config builds if i remove that font from it
<clever> AK_: or the font was removed from a vital package
<clever> AK_: that font doesnt exist anymore
<clever> AK_: i think consoleFont = "ter-v32n"; is to blame
<clever> AK_: and if you switch to `nix-store --query --binding buildCommand /nix/store/q0jn27nlk11y85qmwzxkjdh7567gljrl-extra-utils.drv` instead?
<clever> AK_: something in your extra-utils derivation is broken, check `nix show-derivation /nix/store/q0jn27nlk11y85qmwzxkjdh7567gljrl-extra-utils.drv`
<clever> AK_: you likely tried to copy doesntexist.* to $out/foo and with nullglob on, it turns into just `cp $out/foo`
<clever> danbst: oh, and check the `-e` flag in `man killall`
<clever> so there is a cost to getting the full name
<clever> klntsky: i believe the reason, is that the truncated name is a fixed-width char[] in the kernel, but the full name is argv[0], in the procs ram, which may be in swap
<clever> klntsky: i recently noticed, that killall only accepts the truncated name, as seen by `ps`, but not the full name from `ps aux`
<clever> or, it used to
<clever> i think it also counts twice if you talk about c++ and c++ in the same msg
<clever> but it relies on IFD, and {^_^} has IFD disabled for security
<clever> betaboon: you can also use this to load any version that happens to be in all-cabal-hashes
<clever> > haskellPackages.callHackage "postgrest" "5.1.0" {}
<clever> teehemkay: you want `sudo -i`
<clever> teehemkay: root is the default user, so `-u root` isnt needed

2019-01-09

<clever> duairc: configuration.nix only effects nixos-rebuild and nothing else
<clever> duairc: for `nix search` to find it, the overlay must be somewhere in $HOME, i forget the exact path
<clever> duairc: that also works
<clever> so the default is "right" out of the box, and it still respects changes to the config
<clever> duairc: if you look into dconf more, you may be able to generate something that mutates the "default", and then install that file into systemPackages
<clever> and then you never have to fix it again on a new install
<clever> duairc: so you could do services.xserver.displayManager.sessionCommands = "dconf ....";
<clever> duairc: services.xserver.displayManager.SessionCommands are ran shortly before the mate (which is on line 120), and its ran on every login
<clever> you can also bake that into your configuration.nix, one min
<clever> and you can just delete keyring from the array
<clever> duairc: i think this is an array of things to start
<clever> 45 #define GSM_GNOME_COMPAT_STARTUP_KEY "gnome-compat-startup"
<clever> 228 array = g_settings_get_strv (settings, GSM_GNOME_COMPAT_STARTUP_KEY);
<clever> duairc: check the if statement near the call-site of gnome_keyring_daemon_startup
<clever> and its in a function called gnome_keyring_daemon_startup!
<clever> definitely looks like its starting it
<clever> mate-session/msm-gnome.c: argv[0] = GNOME_KEYRING_DAEMON;
<clever> mate-session/msm-gnome.c:#define GNOME_KEYRING_DAEMON "gnome-keyring-daemon"
<clever> duairc: nix-build '<nixpkgs>' -A mate.mate-session-manager.src -o mate.tar.gz ; tar -xvf mate.tar.gz
<clever> duairc: one sec
<clever> then you dont have to follow symlinks, and you can get every single thing the current nixos could have referenced
<clever> ToxicFrog: i would want to `nix-store -qR /run/current-system | xargs grep ....`
<clever> dmj`: yes
<clever> > '' before ''${prefix} after ''
<clever> dmj`: echo "foo" >> $out/lib/pkgconfig/foo.pc
<clever> dmj`: then you should be able to just make your own with echo
<clever> dmj`: if the headers are in $out/include/ and the lib in $out/lib/libfoo.so, then the only thing you need is `-lfoo` at link time, and nothing else
<clever> duairc: also check `systemctl --user` variants of those
<clever> dmj`: some packages need special -D flags
<clever> dmj`: some packages put include files in weird places, there is no way for nix to guess that
<clever> which forces a doCheck=false;
<clever> so when any package tries to do an mkDerivation, it winds up calling this variant
<clever> WilliamHamilton[: you can use a normal haskell overlay, to overwrite the mkDerivation function
<clever> WilliamHamilton[: this is where it joins all the overlays together to make haskellPackages, https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/default.nix#L30
<clever> it should be enabled automatically
<clever> so the pure tests can still be ran
<clever> WilliamHamilton[: there is an overlay in nixpkgs, that disables IO based tests that are known
<clever> WilliamHamilton[: yeah
<clever> WilliamHamilton[: one haskell library ive seen tests fail for, wanted an api token, and internet access, to be able to run its tests
<clever> wedens: you could also `cat ${file1} ${file2} > $out/file3`
<clever> just `source ${foo}`
<clever> dont see any reason why you cant
<clever> wedens: you probably dont want to be using readFile
<clever> wedens: readFile happens at eval time, and just returns a string with no deps
<clever> romildo: that example is in the default configuration.nix file
<clever> travelion: other modules like spl may also have to be unloaded, before you load zfs
<clever> travelion: nixos doesnt reload kernel modules on switch
<clever> travelion: you also have to `rmmod zfs` and `modprobe zfs` to reload the new version
<clever> travelion: you can edit the configuration.nix on the livecd, after booting, and `nixos-rebuild test`
<clever> psy3497: after that, you just need to set the profile with nix-env, then chroot with nixos-enter, and run switch-to-configuration boot
<clever> on the remote machine, nix is then told to open the URI "local?root=/mnt"
<clever> psy3497: this tells nix copy, to open the URI "ssh://root@target?remote-store=local?root=/mnt" and copy a given thing into it
<clever> nix copy --to ssh://root@target?remote-store=local?root=/mnt /nix/store/hash-nixos
<clever> psy3497: found it!
<clever> psy3497: in my case, i was just doing a grep on my local ones, but a link to the full logs is in the /topic
<clever> psy3497: searching the irc logs for every instance of `nix copy` and cateloging all examples i can find, lol
<clever> psy3497: local?root is close to what you want, but there is a variant i'm forgetting
<clever> psy3497: nix copy operates on store URI's, which are under-documented
<clever> psy3497: i keep the irc logs on an old machine, and grep takes forever, lol
<clever> psy3497: i have given an example on exactly that a few months ago, let me find it
<clever> exarkun1: double-check dmesg
<clever> psy3497: then you may just want something like `nix copy` or `nix-copy-closure`
<clever> psy3497: let me double-check something
<clever> and nix itself wont use them
<clever> nix will also consider all of those files are not present
<clever> just unpack it directly in /
<clever> yep
<clever> psy3497: the tar i gave, and symphorien's tar are only for when nix isnt present on the remote end
<clever> psy3497: if there is a store on the remote machine already, any attempt to unpack into it will have problems, nix will try to delete it during GC
<clever> this nix function also generates symlinks at the root of the tar, so you dont have to go fishing in the new /nix/store/ to find what you wanted
<clever> this is a nix function, that will do what symphorien for you
<clever> psy3497: one sec

2019-01-08

<clever> freedan42x: boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; i think
<clever> ivegotasthma: so you will want to cd into nixpkgs before you run it
<clever> ivegotasthma: the command infinisil gave doesnt list a file, so it will look for a default.nix in the current directory
<clever> the cabal version is baked into the ghc, so you need to build a new ghc iwth the right cabal
<clever> yorick: stack can change the Cabal version, but nix has trouble doing that
<clever> but sharing a rootfs
<clever> so, i had nearly the same nixos build, on 2 radically different platforms
<clever> and i also made a mess of a configuration.nix file, that was able to build on both platforms
<clever> but, i had to mess with gc roots, so it wouldnt eat its neighbor
<clever> so it never had the wrong arch in scope
<clever> gchristensen: and i was bind mounting the right thing to /nix/var/nix/profiles/
<clever> gchristensen: this is one of the very first things i messed with in nix, because i made an SD card with armv6l and x86_64-linux builds of nixos
<clever> gchristensen: correct
<clever> yorick: looks like it wants a specific version of cabal
<clever> yorick: yeah, the Setup.hs fails
<clever> and its getting late here, i need to head off to bed
<clever> and confirm that it still fails when you cabal2nix it
<clever> jackdk: and is the cabal file available?
<clever> jackdk: what revision of nixpkgs is it failing on? and what changes do you have locally?
<clever> should be working...
<clever> jackdk: -A haskell.packages.ghc844.contravariant
<clever> jackdk: what is your default.nix and shell.nix file contents?
<clever> jackdk: what happens when you run `nix-build '<nixpkgs>' -A haskellPackages.contravariant`
<clever> > haskellPackages.contravariant
<clever> appleclusters: with /boot/ mounted correctly, nixos-rebuild will change the default for you, and everything will just work
<clever> appleclusters: its supposed to keep all old ones, thats how the rollback system works
<clever> or the fix itself wont take any effect, and it will boot the old config again
<clever> also, you must manually mount /boot before you nixos-rebuild
<clever> thats completely normal for zfs
<clever> nixos will scan all devices to find a pool called rpool
<clever> and then you have https://xkcd.com/981/
<clever> so you can only see it if you umount /boot/
<clever> ive also heard people joke about hiding their porn under the /boot/ mount point :P
<clever> and nixos-rebuild puts all the files into that directory
<clever> but if you then dont mount anything, the empty directory is left visible
<clever> the /boot/ directory must exist (normally empty) to be able to mount anything to /boot/
<clever> something like that should do it
<clever> fileSystems."/boot" = { device = "/dev/sda1"; fsType = "vfat"; };
<clever> appleclusters: read the generated hardware-configuration.nix, it should already have stuff on how to mount the current FS's
<clever> when booting, it uses the boot filesystem, so it wont notice that
<clever> it will fail in a more obvious way if its not mounted
<clever> so not even root can touch the /boot/ on /
<clever> i always `chmod 0 /boot/`
<clever> also, to stop this kind of mistake in the future
<clever> it could be the boot directory on /, not the boot filesystem
<clever> appleclusters: but what does `df -h /boot/` say ?
<clever> so you may need to manually mount /boot/, then fix your configuration.nix and nixos-rebuild
<clever> if /boot is not mounted when you nixos-rebuild, then all changes are undone at every reboot
<clever> appleclusters: is /boot/ correctly mounted?
<clever> iqubic: can you just paste what free said about swap?

2019-01-07

<clever> iqubic: 1: `free -m` and look at swap, 2: `zpool history | grep swap`
<clever> appleclusters: i use zfs on luks for 2 of my machines
<clever> iqubic: is it actually using the swap?, and how much swap did you have before?
<clever> so whatever machine is handling those secrets, must not act as a binary cache
<clever> including the secrets hydra uses to access the github api
<clever> so, if i was to paste the output of `ls -l /run/current-system` to this channel, you could then download my entire machine, right of my hydra
<clever> related, nix-serve, and the defaults in hydra, expose the entire host store to the world (but listing isnt enabled)
<clever> if somebody can see the store the ISO was made from and read it, they can already see the inputs anyways
<clever> Myrl-saki: and choose a password that only unlocks the luks and nothing else
<clever> Myrl-saki: if you just want to set the luks password, given that the nix store has the original version of everything and no security really exists, just accept that the password is going to be semi visible
<clever> and then it magically connects to iscsi at bootup
<clever> Myrl-saki: this allows you to set fileSystems."/".iscsi = { enable = true; host = "..."; lun = "..."; };
<clever> Myrl-saki: ive done something sorta related in my iscsi rootfs stuff
<clever> Myrl-saki: ahh, adding another fstab field
<clever> gchristensen: thats the function that creates the root
<clever> drvPath = store2->addPermRoot(drvPath, rootName, indirectRoot);
<clever> to the source!
<clever> yeah, i'm not sure how to skip the eval and just root a drv itself
<clever> indirect roots only work if a magic symlink is setup in /nix/var/nix/gcroots/auto/, that points to the result link
<clever> yeah, the problem is making roots to .drv files, not sure on that