2018-10-26

<clever> i was mounting fuse fs's inside a nix-build, and if i didnt umount at the end, nix would fail to remove the /tmp/nix-build-foo-0/
<clever> but the rm -rf at the end, cant deal with mountpoins
<clever> if the sandbox is off, i can run fusermount to use fuse inside a normal build
<clever> ive also found that nix doesnt understand mount points when cleaning up $NIX_BUILD_TOP
<clever> it can probablyy leak procs when they double-fork
<clever> Lisanna: nope, in a single-user i'm not sure how the cleanup is handled
<clever> Lisanna: yeah
<clever> killUser from https://github.com/NixOS/nix/blob/master/src/libstore/build.cc is what handles that
<clever> i believe it will do such cleanup both at the start (before the build begins) and at the end (after the initial proc returns)
<clever> because nix picked their uid, and then killed the entire session
<clever> upon starting any nix command, they where dropped to a login screen
<clever> in the past, i have seen users add themselves to the nixbld group
<clever> under normal conditions, that would be when genericBuild from setup.sh returns
<clever> Lisanna: when the main proc nix started returns, i believe nix will murderize everything else in the uid
<clever> pie_: yeah, systemctl wont work at all in the chroot
<clever> sphalerite: oh, that may work as well!
<clever> symphorien: sudo and su will work if the sandbox is off
<clever> Lisanna: nix cleans up all children by uid, so it kills everything in the nixbld1 user
<clever> diff*
<clever> typetetris: the iff and comments in here document how to make a hydra push to S3: https://github.com/input-output-hk/iohk-ops/pull/352
<clever> pie_: that can also work
<clever> pie_: that has been replaced by nixos-enter
<clever> cinimod: you want, packages = haskellPackages: with haskellPackages; [ lens ];
<clever> then it should just work
<clever> pie_: is it being ran as root?
<clever> cinimod: line 3, the with statemement is missing a ;
<clever> unset all of them!
<clever> pie_: TMP is likely the only one you need to unset
<clever> pie_: unset both and it should fall back to normal /tmp
<clever> pie_: `env | grep run/user` and unser any vars pointing there
<clever> pie_: try just nixos-enter and nixos-rebuild boot
<clever> kreetx: unstable is always master, and master is now using 19.03 internally, so its clearly not 18.09
<clever> kreetx: it also goes into the channels nixos-unstable, nixpkgs-unstable, and the -small variants of both
<clever> kreetx: thats based on master

2018-10-25

<clever> exarkun1: part of the reason is that its slow, and it has to hash that whole dir tree every time you run the nix code
<clever> haslersn: i use gpg-agent, and it remembers what you `ssh-add` across sessions
<clever> exarkun1: that happens any time something like src = ./.; imports 256mb
<clever> haitlah: lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
<clever> lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
<clever> haitlah: you may want to re-aim .nix-profile to the version for your user, like my above ls output
<clever> haitlah: ~/.nix-profile points to the default profile, so you would need root to install things to that profile
<clever> lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
<clever> as long as .nix-profile is a symlink pointing to the right area
<clever> if it doesnt exist, it will be auto-created
<clever> haitlah: thats usually handled by something like nix.sh
<clever> haitlah: yeah
<clever> jophish: it doesnt clearly say that, but i think it can be infered by the lack of .interp
<clever> not sure then
<clever> jophish: what about readelf?
<clever> jophish: sounds more like they are static ELF's and dont need patchelf
<clever> jophish: ah
<clever> ,locate libjvm.so
<clever> jophish: and you cant just use a libjvm thats in nixpkgs?
<clever> jophish: what does file report about the binary?
<clever> jophish: should be just a matter of patchelf --set-rpath
<clever> dtz: it looks like builtin:fetchurl is unxz'ing when it shouldnt!
<clever> and all processes from the previous ones are gone
<clever> haitlah: i think docker is spinning up a new container for each RUN in your docker file
<clever> dtz: https://gist.github.com/cleverca22/524f8c66824159547e340448124bac0d ran into a really weird problem downloading the bootstrap utils from your machine
<clever> haitlah: are you able to check the pstree and confirm/deny if nix-daemon is actually running?
<clever> haitlah: what happens if you did `RUN nix-daemon &` ?
<clever> without nix-daemon, only users that have +w to /nix can use nix commands
<clever> haitlah: nix-daemon has to be ran in the background, since its a service
<clever> haitlah: is nix-daemon setup and running in the docker image, as "root" ?
<clever> haitlah: is this nixos or another distro?
<clever> bbl
<clever> i do agree that both python and haskell accepting a self: super: function is sorta useless when you can only give one
<clever> betaboon: you would need to compose the overlays together yourself, into a single self: super: function
<clever> and i dont think python is using newScope, so overrideScope/extends arent available
<clever> betaboon: the problem currently is more that .override makes it such that only one packageOverrides param works
<clever> betaboon: when you call .override on python3, it overwrites any previous args you set with .override
<clever> i think you can
<clever> and see if that effects it
<clever> ocharles: try adjusting `--option evaluator_max_heap_size $((1024*1024*1024))` maybe, when you run hydra-eval-jobs locally
<clever> yeah, thats a lot of things
<clever> ok, so that will have a ghc, and all kinds of tools
<clever> yeah
<clever> ocharles: looks like your just making an aggregate over every buildInput in shell.nix, can that be added to the gist?
<clever> back
<clever> brb
<clever> ah, and shell is another aggragate
<clever> but for even shell to cause it to trigger again, and to be so slow
<clever> but that means it has to re-run the nix gitHubStatus just ran, because it covers everything
<clever> it throws out the nix heap to make things run "faster"
<clever> the restarting on line 50 could be part of whats making it slower
<clever> to speeding up shell will also speed up gitHubStatus
<clever> ocharles: ocharles oh, i notice shell is part of gitHubStatus
<clever> ocharles: can you reproduce the issue with nix-instantiate?
<clever> ocharles: is the nix code public?
<clever> ocharles: oh, githubstatus is a constituents job, that would explain some of it
<clever> ocharles: after you confirm the issue with nix-instantiate, you can use the above to profile it
<clever> ,profiling
<clever> ocharles: yep
<clever> ocharles: line 50 is also interesting, gitHubStatus blew the heap up, and it restarted itself to shrink things
<clever> ocharles: and can you confirm that with `nix-instantiate release.nix -A gitHubStatus` ?
<clever> srhb: if localhost is setup as a build slave, it can sometimes cause such lockups
<clever> Lisanna: builtins.fetchTarball is probably better
<clever> locally
<clever> ocharles: if you manually run this on your release.nix, can you reproduce the slowness?
<clever> yep
<clever> grub and linux will search all drives, and ignore the order
<clever> then you can scramble the uuid of the old disk
<clever> pie_: there should also be utils to regenerate the uuid on ext4, google around for that
<clever> pie_: i dont think the recovery has grub configured, so it shouldnt write to any MBR's
<clever> so you start at a root specific to that machine, and it works its way up the tree to core.nix
<clever> and then core.nix is the common things
<clever> Lears: so machine1.nix defines stuff unique to that machine, and has imports = [ ./core.nix ];
<clever> Lears: i make a reverse tree out of my configs
<clever> Lears: not sure what the cause is, i would just break both the hostname and the xorg settings into their own file, and add them to imports
<clever> and includes the install-disk profile
<clever> its essentially just another way to boot the install ISO
<clever> and the rescue system runs entirely from ram, so all changes to it are lost at shutdown
<clever> it has its own nix store
<clever> probably a quirk of how install-grub.pl works
<clever> did you add the extra ( and ) around @bootRoot@ ?
<clever> to load the stdout into the local clipbpard
<clever> or, `ssh box1 'cat /boot/grub.cfg' | xclip -something`
<clever> you probably want screen, ctrl+[, ctrl+] and then paste it into ssh
<clever> pie_: the x in xclip stands for x11 :P
<clever> pie_: ssh box1 'DISPLAY=:0 xclip -something'
<clever> pie_: the xclip util can print the clipboard to stdout
<clever> hyper_ch2: pkgs.substituteAll
<clever> pie_: can you pastebin the entire grub.cfg ?
<clever> pie_: thats msdos partition type, partition 1
<clever> Lears: skipping thru that, i can see the following nixos options, system.build, boot.loader.systemd-boot.enable, networking.hostName, nixpkgs.config, services.xserver.videoDrivers,
<clever> @bootRoot@ actually, try fixing my nix file and doing another rebuild
<clever> i believe nixos will replace that with the right grub variable, for your setup
<clever> pie_: i recently discovered @bootroot@, and have been meaning to test it on the rescue ssytem
<clever> one sec
<clever> is /boot on its own partition?
<clever> oh, it also depends on how your /boot is setup
<clever> it will be set by grub.cfg
<clever> its a grub variable
<clever> yeah
<clever> oh, and rescue_boot needs a decent chunk of your /boot
<clever> so you can do module = { pkgs, config, ... }: { ... };
<clever> pie_: yeah, module is just the contents of configuration.nix
<clever> nix somehow disables the progress meter
<clever> yeah, that step is always slow
<clever> Lears: can you pastebin the backtrace when its ran with --show-trace ?
<clever> pie_: i was expecting systemd to resist more :P
<clever> i dont think systemd actually has any such files
<clever> pie_: just systemctl stop every service that has files open write
<clever> pie_: surprisingly few things, chrome, docker, nscd, it might still be possible
<clever> pie_: this lists most of the things keeping files open for writing
<clever> [root@system76:~]# ls -l /proc/*/fd/* | grep lrw | egrep -v 'shm|socket|inode|dev'
<clever> *looks*
<clever> it likely helped that this was in the rc.d days
<clever> under a day :P
<clever> repeat
<clever> its fairly simple, just check `lsof -a` to see what has files open read/write, and stop it
<clever> then i just booted every service back up when i was done
<clever> i just did 99% of a shutdown, by hand
<clever> and then remounted root read-only
<clever> correct
<clever> so you just have to prevent any shutdown type scripts from trying to shutdown NAT
<clever> but thats a purely in-kernel job
<clever> so it still had to perform NAT
<clever> pie_: in my case, it was on a router
<clever> yep, lol
<clever> without causing any outage of its services, lol
<clever> also, in the pre-systemd days, on linuxfromscratch, i have forced a machine back into single-user mode, and mounted the rootfs read-only, and imaged it
<clever> just add ./rescue_boot.nix to your imports section, rebuild switch, and your done
<clever> pie_: this is the exact kind of situation that led to me writing rescue_boot.nix above :P
<clever> by reading the fsinfo file
<clever> line 450 of stage-1 is where it mounts all boot filesystems
<clever> systemd gets upset if / isnt in the fstab :P
<clever> how can it read fstab?
<clever> stage-1 is responsible for mounting the rootfs
<clever> fstab is on the rootfs
<clever> that script is responsible for mounting / and running stage-2, in the same dir
<clever> pie_: for nixos, this script is baked into the initrd at /init, and the kernel will run that as pid 1 at bootup
<clever> nixos overwrites fstab on bootup, and fstab doesnt effect stage-1
<clever> debuging boot problems
<clever> causing stage-1 to ask you if you want a shell
<clever> it allows getting a shell in the initrd, and then triggers a false error just before mounting things
<clever> it will "fail" fairly early in the initrd, and just not mount the rootfs
<clever> pie_: just shove boot.debug1devices into the kernel cmdline
<clever> pie_: oh, i just read what you wanted in that other channel, one sec
<clever> since booting is what creates /bin/sh
<clever> that assumes you have booted at least once
<clever> when stage-1 claims it doesnt exist, just tell it to continue anyways
<clever> pie_: if you boot with init=/bin/sh in grub, you can get a "rescue" mode
<clever> aleph-: then it might not be a firewall issue
<clever> pie_: i dont know of any distro that lets you umount / entirely, and it would have to be a pivot_root, not umount
<clever> aleph-: you could also turn the firewall off for a moment, fire it up, then open the ports it was using
<clever> aleph-: i just open up netstat and tcpdump to see what ports its using, and then open those
<clever> pie_: it sounds like you want my rescue boot

2018-10-24

<clever> i just use lastpass
<clever> pie_: nix-env -q does exactly what you want
<clever> Arahael: the above, would set the option when the module is loaded via modprobe
<clever> Arahael: boot.extraModprobeConfig = "option i915 alpha_support=1";
<clever> you can also use modprobe.d.conf
<clever> that just puts it right into grub.cfg, so its identical to editing grub, but automated
<clever> Arahael: that will put the same thing into grub.cfg for you
<clever> Arahael: boot.kernelParams = [ "i915.alpha_support=1" ];
<clever> Arahael: what did you change in grub to change the driver?
<clever> ah
<clever> what does hashicorp do?
<clever> i made the same mistake and missed that commit when taking over this yarn2nix code
<clever> try the fork in the above file, to see if that is the issue
<clever> arianvp: are you using the fork of yarn2nix from the above nix file?
<clever> arianvp: is it the same version as in the daedalus yarn.lock file?
<clever> then your in luck, the above has a lot of sass!
<clever> arianvp: ive got a yarn based project that includes some native css thing
<clever> Arahael: boot.kernelParams ?

2018-10-23

<clever> same :P
<clever> so when you set something like buildInputs = [ foo bar ];, you can just `echo $buildInputs` in the shell to see it
<clever> ashkitten: every attribute in the derivation becomes an env var
<clever> Taneb: i dont think that page has ever allowed you to edit the slaves
<clever> thats what i try to do as well
<clever> yeah
<clever> so you need to use the right -A for the current dir, and default.nix
<clever> but the default.nix and using -A pkg.env gives you the nix built deps, and lets you build just 1 package
<clever> the shell.nix sets things up to do the entire build with stack
<clever> TweyIV: also, one of the main projects i work on has a "broken" shell.nix so it wouldnt really work
<clever> could even be pushd . i think
<clever> TweyIV: a single pushd at the start to save the current one
<clever> TweyIV: you probably want pushd and popd, rather then cd $start
<clever> ramses_: nix-store --query --roots /nix/store/g5dlpwd44kd75i71nwzii8w4bp4inxwk-findutils-4.6.0/bin/find
<clever> and .text if you just want the value in nix
<clever> you can do etc.environment."nix/foo.conf".source to do subdirs
<clever> drakonis: it will create /etc/<filename> as a symlink to a /nix/store/ entry, which may be a copy of the file pointed to by source
<clever> i think its in the cabal file, so it can apply to executables but not libs
<clever> elvishjerricco: thats how the cardano stuff is using gold
<clever> but yeah, they do need better documentation
<clever> once you read the source for nix-env and nix-channel, channels are a lot more understandable
<clever> pbogdan: you can also `with import ./. {};` and ignore `-I nixpkgs=.`
<clever> the QT stuff in nixpkgs for example, creates state in the current dir, that breaks a 2nd nix-shell run
<clever> it makes it very difficult to open 2 shells to the same package
<clever> i think it is
<clever> suzu: you could maybe use `trap EXIT` in bash, from the shellHook
<clever> thats where you can find the gitk binary
<clever> > pkgs.gitAndTools.gitFull
<clever> oldandwise: gitk can also help to visualize what is happening
<clever> oldandwise: you can use `git reset --hard remotes/origin/master` to forcibly set the current branch to the upstream master, and skip the merge mess (and drop any changes you have locally)
<clever> oldandwise: the trick is to never make commits on master or release, only ever make commits on your own branches
<clever> this one uses --serve
<clever> oh, ssh.cc is the backend of ssh-store.cc, lol
<clever> ah, line 54 makes more ssh sessions
<clever> line 101 of https://github.com/NixOS/nix/blob/master/src/libstore/ssh.cc is where it forms the connection, but its not clear
<clever> which i'm guessing is just the unix socket it used locally, but over ssh
<clever> ssh-ng appears to use nix-daemon --stdio
<clever> so the user can wind up with a serve protocol on their shell
<clever> elvishjerricco: it forces it to run the specified command, and ignores the command the client requested
<clever> elvishjerricco: one sec

2018-10-22

<clever> pbogdan: nix-instantiate and nix-store --query --tree
<clever> infinisil: that will also hep
<clever> to the source!
<clever> thats an odd one
<clever> infinisil: can you gist the whole grub.cfg?
<clever> infinisil: what was the error?
<clever> infinisil: shouldnt need anything special if you have a normal /boot partition, just add the path to that to your imports and rebuild switch
<clever> ,locate json-diff
<clever> ocharles: when hydra internally runs nix-prefetch-git, it doesnt really escape anything, so you can directly put --fetch-submodules into the URL field of a build input, and it will fetch them
<clever> ocharles: *looks*
<clever> i had to duplicate a lot of it to make a zfs based ami
<clever> ah yeah, it does a lot, may be simpler to keep that small override, then to copy what you need
<clever> dhess: just read amazon-image.nix and decide what you want to keep from it?
<clever> dhess: and the testnet deployer you linked above, is being created with terraform, and then nixops manages it via none
<clever> ah
<clever> s/nixos-rebuild/nixops deploy/
<clever> and then it just booted the previous generation
<clever> dhess: so the nixos-rebuild failed to update the boot config
<clever> dhess: that sounds much more like you didnt mount /boot correctly
<clever> dhess: yes

2018-10-21

<clever> in the case of sshd, its to prevent the hostkey changing and causing unexpected mitm warnings
<clever> samueldr: it can also impact the postgresql version, and some ssh hostkey types
<clever> in this case, nix mounts /nix/store to /nix/store, with an extra read-only mount
<clever> pie___: you can mount a subdir of anything to another dir
<clever> pie___: bind mounts
<clever> not sure then
<clever> dmj`: was DO done from a mac?
<clever> dmj`: i was just testing it out, it had the same issues hangouts was having in that situation
<clever> dmj`: the default vpc still has internet access, this should work fine for you
<clever> dmj`: one sec
<clever> why do you need start and stop?
<clever> dmj`: it can create and destroy, but not stop/start

2018-10-20

<clever> that will probably be acceptable
<clever> you could also just have a string explaining what the default is doing
<clever> but adding in defaultText, makes the docs claim "default is pkgs.ferm" which means a lot more
<clever> with the example i just linked, the documentation would just say "default is "/nix/store/29vz9534lcvj8hw0qycf4pm9sz89zac6-ferm-2.4.1"" which doesnt mean much
<clever> yes
<clever> so you also need a defaultText, that contains the same nix code as default, but quoted