<clever>
nh2: i have a pr to nix to improve its speed
<clever>
even the bootstrap tools
<clever>
gc-keep-outputs would probably recursively root every input
<clever>
gchristensen: one of these in nix.conf
<clever>
gc-keep-outputs = true
<clever>
gc-keep-derivations = true
<clever>
gchristensen: outputs or other drv's?
<clever>
probably
<clever>
ilya-fedin: second, changes like that only take effect after nixos-rebuild finishes
<clever>
ilya-fedin: first, maxJobs is nix level jobs
<clever>
tilpner: nice, ive been using 2 pushes for an old repo, for ages
<clever>
ilya-fedin: you want rec then, pkgs: rec {
<clever>
packageOverrides adds things to pkgs
<clever>
on line 77 of configuration.nix
<clever>
i believe
<clever>
ilya-fedin: you want to stick a pkgs. before that
<clever>
the pkgs set is defined in all-packages.nix
<clever>
> pkgs.linuxPackagesFor
<clever>
my general idea when modifying something ive found online, i just put my changes onto a public github repo, and say 'thats enough'
<clever>
and then there are funny licenses like zfs, where you can build it yourself, but you cant ship built binaries, i think
<clever>
synergy is the only exception ive seen so far, you have to pay (once) for the windows version, yet the source is on github, and nixpkgs can build it just fine
<clever>
most of the time, if you can see the source, its "free"
<clever>
dcol: you usually get much better results with patchelf
<clever>
dcol: 90% of the time buildFHSEnv is the wrong tool for the job
<clever>
tobiasBora: yes, let me type up a longer example
<clever>
tobiasBora: you can still do it in one file
<clever>
gchristensen: mkAfter
<clever>
moving it to a let section would solve the first problem
<clever>
your defining the same key multiple times
<clever>
second, an attribute set, is a set from key->value, and each key must only appear once
<clever>
it must not be in the config area of the file
<clever>
so nixos will complain loudly and refuse to build at all
<clever>
first, you are defining a nixos option called UDPPorts, which doesnt exist
<clever>
2 main problems with the example you linked
<clever>
netstat -anp | grep 631
<clever>
you can check netstat to confirm what protocols something is listening on
<clever>
or range based partial downloads
<clever>
streaming is typically done by downloading many small files in sequence
<clever>
websocket is done over the existing tcp socket
<clever>
tobiasBora: also, there is no point in opening udp 80 or 443, http(s) is tcp only
<clever>
and then just add as many things as you need to imports, it can also form a tree
<clever>
tobiasBora: you could also just use full nixos modules, imports = [ ./foo.nix ]; and then foo.nix contains, { networking.firewall.allowedTCPPorts = [ 80 443 ]; }
<clever>
betaboon: its clearly critbit thats failing, double-check the cabal file in this tar, unpacking source archive /nix/store/p4797yi3qwwzy7pkmqggzjm26lh4xsf9-critbit-0.2.0.0.tar.gz
<clever>
betaboon: double-check which derivation is actually failing, a few lines down from that error
<clever>
tobiasBora: journalctl -u sshd
<clever>
jabranham: nix-env, takes a channel name, so `nix-env -iA nixpkgs.foo` uses the channel called nixpkgs
<clever>
jabranham: nixos-rebuild always uses the channel called nixos, so it wont use the channel called unstable
<clever>
about the only time to use non-root channels is when your on a shared machine and lack root
<clever>
then all users can freely access it
<clever>
jabranham: you can just add the unstable channel to root as well, and call it unstable
<clever>
jabranham: all of roots channels are available to other users, which is why AK_ got a collision when both users have a channel with the same name
<clever>
jabranham: they should be inheriting the nixos channel, from the root user
<clever>
AK_: you added a channel called nixos to a non-root user, the nixos channel should only exist on root
<clever>
AK_: in general, if the xserver is enabled, i never touch the console, so console fonts dont matter
<clever>
your config builds if i remove that font from it
<clever>
AK_: or the font was removed from a vital package
<clever>
AK_: that font doesnt exist anymore
<clever>
AK_: i think consoleFont = "ter-v32n"; is to blame
<clever>
AK_: and if you switch to `nix-store --query --binding buildCommand /nix/store/q0jn27nlk11y85qmwzxkjdh7567gljrl-extra-utils.drv` instead?
<clever>
AK_: something in your extra-utils derivation is broken, check `nix show-derivation /nix/store/q0jn27nlk11y85qmwzxkjdh7567gljrl-extra-utils.drv`
<clever>
AK_: you likely tried to copy doesntexist.* to $out/foo and with nullglob on, it turns into just `cp $out/foo`
<clever>
danbst: oh, and check the `-e` flag in `man killall`
<clever>
so there is a cost to getting the full name
<clever>
klntsky: i believe the reason, is that the truncated name is a fixed-width char[] in the kernel, but the full name is argv[0], in the procs ram, which may be in swap
<clever>
klntsky: i recently noticed, that killall only accepts the truncated name, as seen by `ps`, but not the full name from `ps aux`
<clever>
or, it used to
<clever>
i think it also counts twice if you talk about c++ and c++ in the same msg
<clever>
but it relies on IFD, and {^_^} has IFD disabled for security
<clever>
betaboon: you can also use this to load any version that happens to be in all-cabal-hashes
<clever>
teehemkay: root is the default user, so `-u root` isnt needed
2019-01-09
<clever>
duairc: configuration.nix only effects nixos-rebuild and nothing else
<clever>
duairc: for `nix search` to find it, the overlay must be somewhere in $HOME, i forget the exact path
<clever>
duairc: that also works
<clever>
so the default is "right" out of the box, and it still respects changes to the config
<clever>
duairc: if you look into dconf more, you may be able to generate something that mutates the "default", and then install that file into systemPackages
<clever>
and then you never have to fix it again on a new install
<clever>
duairc: so you could do services.xserver.displayManager.sessionCommands = "dconf ....";
<clever>
duairc: services.xserver.displayManager.SessionCommands are ran shortly before the mate (which is on line 120), and its ran on every login
<clever>
dmj`: then you should be able to just make your own with echo
<clever>
dmj`: if the headers are in $out/include/ and the lib in $out/lib/libfoo.so, then the only thing you need is `-lfoo` at link time, and nothing else
<clever>
duairc: also check `systemctl --user` variants of those
<clever>
dmj`: some packages need special -D flags
<clever>
dmj`: some packages put include files in weird places, there is no way for nix to guess that
<clever>
which forces a doCheck=false;
<clever>
so when any package tries to do an mkDerivation, it winds up calling this variant
<clever>
psy3497: in my case, i was just doing a grep on my local ones, but a link to the full logs is in the /topic
<clever>
psy3497: searching the irc logs for every instance of `nix copy` and cateloging all examples i can find, lol
<clever>
psy3497: local?root is close to what you want, but there is a variant i'm forgetting
<clever>
psy3497: nix copy operates on store URI's, which are under-documented
<clever>
psy3497: i keep the irc logs on an old machine, and grep takes forever, lol
<clever>
psy3497: i have given an example on exactly that a few months ago, let me find it
<clever>
exarkun1: double-check dmesg
<clever>
psy3497: then you may just want something like `nix copy` or `nix-copy-closure`
<clever>
psy3497: let me double-check something
<clever>
and nix itself wont use them
<clever>
nix will also consider all of those files are not present
<clever>
just unpack it directly in /
<clever>
yep
<clever>
psy3497: the tar i gave, and symphorien's tar are only for when nix isnt present on the remote end
<clever>
psy3497: if there is a store on the remote machine already, any attempt to unpack into it will have problems, nix will try to delete it during GC
<clever>
this nix function also generates symlinks at the root of the tar, so you dont have to go fishing in the new /nix/store/ to find what you wanted
<clever>
this is a nix function, that will do what symphorien for you
<clever>
freedan42x: boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; i think
<clever>
ivegotasthma: so you will want to cd into nixpkgs before you run it
<clever>
ivegotasthma: the command infinisil gave doesnt list a file, so it will look for a default.nix in the current directory
<clever>
the cabal version is baked into the ghc, so you need to build a new ghc iwth the right cabal
<clever>
yorick: stack can change the Cabal version, but nix has trouble doing that
<clever>
but sharing a rootfs
<clever>
so, i had nearly the same nixos build, on 2 radically different platforms
<clever>
and i also made a mess of a configuration.nix file, that was able to build on both platforms
<clever>
but, i had to mess with gc roots, so it wouldnt eat its neighbor
<clever>
so it never had the wrong arch in scope
<clever>
gchristensen: and i was bind mounting the right thing to /nix/var/nix/profiles/
<clever>
gchristensen: this is one of the very first things i messed with in nix, because i made an SD card with armv6l and x86_64-linux builds of nixos
<clever>
gchristensen: correct
<clever>
yorick: looks like it wants a specific version of cabal
<clever>
yorick: yeah, the Setup.hs fails
<clever>
and its getting late here, i need to head off to bed
<clever>
and confirm that it still fails when you cabal2nix it
<clever>
jackdk: and is the cabal file available?
<clever>
jackdk: what revision of nixpkgs is it failing on? and what changes do you have locally?
<clever>
should be working...
<clever>
jackdk: -A haskell.packages.ghc844.contravariant
<clever>
jackdk: what is your default.nix and shell.nix file contents?
<clever>
jackdk: what happens when you run `nix-build '<nixpkgs>' -A haskellPackages.contravariant`
<clever>
> haskellPackages.contravariant
<clever>
appleclusters: with /boot/ mounted correctly, nixos-rebuild will change the default for you, and everything will just work
<clever>
appleclusters: its supposed to keep all old ones, thats how the rollback system works
<clever>
or the fix itself wont take any effect, and it will boot the old config again
<clever>
also, you must manually mount /boot before you nixos-rebuild
<clever>
thats completely normal for zfs
<clever>
nixos will scan all devices to find a pool called rpool
<clever>
appleclusters: read the generated hardware-configuration.nix, it should already have stuff on how to mount the current FS's
<clever>
when booting, it uses the boot filesystem, so it wont notice that
<clever>
it will fail in a more obvious way if its not mounted
<clever>
so not even root can touch the /boot/ on /
<clever>
i always `chmod 0 /boot/`
<clever>
also, to stop this kind of mistake in the future
<clever>
it could be the boot directory on /, not the boot filesystem
<clever>
appleclusters: but what does `df -h /boot/` say ?
<clever>
so you may need to manually mount /boot/, then fix your configuration.nix and nixos-rebuild
<clever>
if /boot is not mounted when you nixos-rebuild, then all changes are undone at every reboot
<clever>
appleclusters: is /boot/ correctly mounted?
<clever>
iqubic: can you just paste what free said about swap?
2019-01-07
<clever>
iqubic: 1: `free -m` and look at swap, 2: `zpool history | grep swap`
<clever>
appleclusters: i use zfs on luks for 2 of my machines
<clever>
iqubic: is it actually using the swap?, and how much swap did you have before?
<clever>
so whatever machine is handling those secrets, must not act as a binary cache
<clever>
including the secrets hydra uses to access the github api
<clever>
so, if i was to paste the output of `ls -l /run/current-system` to this channel, you could then download my entire machine, right of my hydra
<clever>
related, nix-serve, and the defaults in hydra, expose the entire host store to the world (but listing isnt enabled)
<clever>
if somebody can see the store the ISO was made from and read it, they can already see the inputs anyways
<clever>
Myrl-saki: and choose a password that only unlocks the luks and nothing else
<clever>
Myrl-saki: if you just want to set the luks password, given that the nix store has the original version of everything and no security really exists, just accept that the password is going to be semi visible
<clever>
and then it magically connects to iscsi at bootup
<clever>
Myrl-saki: this allows you to set fileSystems."/".iscsi = { enable = true; host = "..."; lun = "..."; };