2018-10-01

<clever> nixos complicates things by putting the xkb files in a non-standard place
<clever> Judson1: try with a different window manager temporarily?
<clever> jonge: the order and numbering doesnt really matter, you just need to use the right ones in the config
<clever> LnL: with `nix copy`, you can specify that in the protocol, and it will silently ignore the flag if you are not trusted
<clever> LnL: with the old nix-copy-closure api, it defaults to not checking signatures for trusted users (including root)
<clever> d1rewolf: sounds like it should have no trouble running nixos
<clever> d1rewolf: how much ram does the machine have? what cpu?
<clever> all command line here
<clever> d1rewolf: i have a nixos box with zfs as my nas, it currently has 3 4tb drives
<clever> gchristensen: and now i'm fighting ghc once more, too many Crypto.Random in scope!
<clever> i was literally editing code, running the new version, and beating the old version, with several hours of late start!
<clever> Taneb: and it was so slow, that it was faster to profile it, and patch nix, then it was to wait for it to finish, lol
<clever> yeah
<clever> which results in 108 million calls to elemAt
<clever> internally, snack is using lib.unique a lot, and lib.unique is implemented with lib.head, lib.drop, and lib.drop heavily abuses builtins.elemAt
<clever> memoize stuff, rather then calling a function repeatedly, store its result in a set
<clever> gchristensen: with both changes to the snack nix expressions, and adding sublist to nix itself, it went from over 38 hours, to just 14 seconds
<clever> gchristensen: and prior to any refactorying, snack took over 38 hours to eval, and had yet to finish
<clever> and similar high gains on others that are down as far as 15 sec
<clever> gchristensen: https://github.com/NixOS/nix/pull/2459 i was able to make an expression that took over 147mins eval in just 19mins

2018-09-30

<clever> and those ints are sorted by when the given string was first used as a key in any set
<clever> in the nix side, an attrset is sorted by the int behind each key
<clever> or enable a verbose mode in it
<clever> Zajcev: check with `netstat -anp` to see what connections the ftp client is making
<clever> Mic92: those are the highest legit times i can find
<clever> 07:14am up 565 days 7:29, 1 user, load average: 0.05, 0.05, 0.02
<clever> 08:13:41 up 837 days, 13 min, 12 users, load average: 3.86, 3.50, 3.63
<clever> your evil!
<clever> ive disassembled a laptop down to its motherboard before, just to avoid a reboot!
<clever> Mic92: i can see the conntrack plugin loaded in my laptop&desktop, neither of which have nat setup
<clever> and that controls which end you have to open the port on
<clever> the direction depends on if you are using active or passive ftp
<clever> Zajcev: ftp opens another connection on a somewhat random port, in a somewhat random direction, for the ls traffic
<clever> the laptop has luks active, so part of the pause is just it waiting for a password
<clever> graphical.target reached after 20.117s in userspace
<clever> Startup finished in 459us (firmware) + 32us (loader) + 6.082s (kernel) + 20.118s (userspace) = 26.200s
<clever> and desktop:
<clever> graphical.target reached after 31.852s in userspace
<clever> sir_guy_carleton: and check what systemd-analyze reports
<clever> Startup finished in 3.762s (firmware) + 5.318s (loader) + 30.203s (kernel) + 31.852s (userspace) = 1min 11.137s
<clever> for my laptop:
<clever> try turning the option back on and see if it makes it slow again
<clever> it should have no effect on or off
<clever> sir_guy_carleton: the only thing that does is add a single entry to the grub menu, and copy a single file to /boot/
<clever> sir_guy_carleton: how did you disable it?
<clever> ldlework: yeah, i remember somebody in #nixos having this same issue before
<clever> the mkRenameModule stuff breaks this error detection
<clever> ldlework: you spelled virtualisation wrong
<clever> 2018-09-29 23:49:24 < ldlework> I have virtualization.docker.enable = true; in my config
<clever> virtualisation.docker.enable
<clever> ldlework: have any reboots occured?
<clever> ,locate json-diff
<clever> did you nixos-rebuild?
<clever> then the docker group doesnt exist, relogging wont do anything
<clever> ldlework: what does `grep docker /etc/group` report?

2018-09-28

<clever> when using nix-daemon. the host nix.conf (including defaults for entries not in the conf) have priority over what hydra tries to use
<clever> hydra has its own options to control that, but when using nix-daemon on the build slave, that hydra feature is broken
<clever> dhess: that causes nix to terminate any derivation that runs for over 2h
<clever> dhess: some of the tests in haskell deadlock and just run for over 2 days
<clever> dhess: yes
<clever> gchristensen: though when using the nix sandbox, that "real location" is actually a temp dir i believe, and mount namespaces remap it
<clever> check the other dirs default.nix refers to for examples of what it should look like
<clever> srcs.nix is an input for the default.nix
<clever> colemickens: Konqueror appears to be missing from pkgs/applications/kde/default.nix
<clever> ,locate onqueror
<clever> ,locate Konqueror
<clever> adamantium: but hardware.cpu.intel.updateMicrocode will prepend a blob onto the initrd, which the kernel will probably run, before linux even does any real bootup logic
<clever> adamantium: `boot.kernelModules = [ "microcode" ]` will just `modprobe microcode` after mounting the rootfs
<clever> adamantium: entirely different effects
<clever> it works on any backend where nixops can provision things in the cloud
<clever> and it makes use of the previous config, to register them into hydra
<clever> https://github.com/NixOS/hydra-provisioner is also a seperate daemon, that will dynamically create and destroy nixops machines, based on the load in hydra
<clever> so you can just services.hydra.buildMachinesFiles = [ "/etc/nix/machines" "/etc/nix/machines.custom" ];
<clever> and hydra will poll everything in the list every min, and auto-configure itself based on any changes
<clever> Lisanna: services.hydra.buildMachinesFiles is a list of files that all have the /etc/nix/machines format
<clever> Lisanna: one min
<clever> you didnt pass a list
<clever> it is a list of libraries
<clever> camsbury_: overrideCabal (nixpkgs.pkgs.haskellPackages.callCabal2nix "caskell" ./. {}) (oldAttrs: {
<clever> camsbury_: you want overrideCabal, not overrideDerivation

2018-09-27

<clever> camsbury_: non-haskell packages go into librarySystemDepends
<clever> baum__: like so
<clever> > pkgs.ansible.override { windowsSupport = true; }
<clever> lostman: is nix-daemon running in the vm?
<clever> lostman: if we can get more details on what is happening, yeah
<clever> YaZko: you may need to reboot after removing nix
<clever> thats either nix-copy-closure or `nix copy`, neither one supports uid's
<clever> lostman: how is nixops doing the copy? nix-copy-closure doesnt support uid's
<clever> yeah, because its acting on the hash of the tarball, and doesnt care how it was downloaded
<clever> you can just run nix-prefetch-url to download it
<clever> the problem is with downloading a fixed-output derivation
<clever> to use a modern nix to download the file
<clever> kiloreux_: run it manually, outside the derivation
<clever> kiloreux_: nix-prefetch-url should solve your issues
<clever> kiloreux_: use nix-prefetch-url
<clever> thats a fetchurl to a diff package
<clever> and the new nixos.org forces redirects to https
<clever> kiloreux_: the old curl lacks https support
<clever> what about overrideDerivation?
<clever> yeah, this is before the days of callPackage!
<clever> oh god, thats ancient times! :D
<clever> symphorien: oldnixpkgs.imagemagick.override { fetchurl = foo; }
<clever> symphorien: you probably just want oldnixpkgs.imagemagick
<clever> jit10: nix-env acts on ~/.nix-profile/, nixos-rebuild acts on /run/current-system
<clever> boot.supportedFilesystems = [ "zfs" ];
<clever> jit10: same as anywhere else, edit /etc/nixos/configuration.nix and nixos-rebuild switch
<clever> ah
<clever> adisbladis: why does a patch need to be executable?
<clever> adisbladis: it may or may not work, but try setting executable = true; as an arg to fetchpatch
<clever> and fetchurl obeys executable just before it runs postfetch
<clever> fetchurl has an executable flag
<clever> fetchpatch uses postFetch to normalize the patch
<clever> adisbladis: fetchpatch forwards all args it doesnt support to fetchurl...

2018-09-26

<clever> so now root owns your cache!
<clever> it sounds like you ran something with sudo, and darwin was nice enough to leave $HOME unchanged
<clever> clang should still be in the cache
<clever> should be good
<clever> hakujin: what does `nix-instantiate --find-file nixpkgs` return?
<clever> lines 57 and 62 show that the nixos cache is configured correctly
<clever> hakujin: nix show-config | egrep 'substituters|trusted-public-keys'
<clever> Jmabsd: 32bit x86 is also prebuilt
<clever> earldouglas: is aws and a vpc involved?
<clever> op[s
<clever> elvishjerricco: is aws involved?

2018-09-25

<clever> elvishjerricco: try reading that row out of db.sqlite, sign it, then read again, and see if anything changes
<clever> the option is defined, and used, but has no default and no value assigned, is a better way to put it
<clever> elvishjerricco: just make sure to backup the file first, because if you corrupt the db, your entire /nix/ has to be reset
<clever> elvishjerricco: i think the only way to remove signatures is to run sqlite3 against /nix/var/nix/db/db.sqlite and update the column to remove them
<clever> elvishjerricco: what about just removing the entire path? `nix-store --delete`, and dont use force
<clever> so you only need to do that once
<clever> nixops will also allow its own key in the nixos it deploys
<clever> yeah
<clever> but the agent lets other keys leak into the nixops ssh
<clever> sphalerite: but when nixops runs, it changes the default search path, to use the key nixops generated
<clever> sphalerite: `ssh root@ditto.strathtech.co.uk` will default to ~/.ssh/id_rsa
<clever> sphalerite: do you have an ssh agent running?
<clever> zduch4c: that deals with hydra-server and getting catalyst up, https://github.com/NixOS/hydra/blob/master/src/script/hydra-server
<clever> zduch4c: the perl code in https://github.com/NixOS/hydra/blob/master/release.nix may be of use
<clever> you need to override everything in the stack to be static
<clever> check the build log and confirm what its doing
<clever> but you need to also make sure postgresql builds them in the first place
<clever> jonge: reading the source, setting `dontDisableStatic = true` will prevent nix from deleting the .a files at https://github.com/NixOS/nixpkgs/blob/d16a7abceb72aac85e0deb8c45fbcb7127baf628/pkgs/servers/sql/postgresql/default.nix#L61-L69
<clever> jonge: does it gain a .static output?
<clever> hyper_ch2: the stdenv in nix already sets all of those
<clever> enless you specially modify NIX_PATH via nix.nixPath
<clever> if root has no channels, then nixos-rebuild will fail
<clever> nix-env basically ignores NIX_PATH, and will recursively search ~/.nix-defexpr/ for directories containing a default.nix, and then use the dir names
<clever> but nix-env -iA CHANNEL.package, follows entirely different rules
<clever> so a channel named nixpkgs, only works on non-root users, when accessed via <nixpkgs>
<clever> `/home/clever/.nix-defexpr/channels` is also at the very start, so my personal channels have top priority
<clever> so you will have trouble using a channel named nixpkgs
<clever> but, `nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos` is near the start, so <nixpkgs> is forcibly mapped to the nixos channel on root
<clever> `/nix/var/nix/profiles/per-user/root/channels` is at the end for me, so every channel on root is in the path, and <unstable> would find what the above command created
<clever> chpatrick: first, `echo $NIX_PATH`
<clever> chpatrick: also, for extra confusion points, --add takes url&name, but --list gives name&url!
<clever> chpatrick: sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable unstable
<clever> if you do want to use nixpkgs-unstable, you can add it to root, but name it something other then nixpkgs, since that name is a bit special
<clever> and having the nixpkgs-unstable on your user also leads to confusion, because you have to run --update twice, as each user
<clever> chpatrick: and having a nixos channel on both root and your user just leads to confusion, because now you have 2 different versions of what "nixos" means
<clever> chpatrick: root's channels are the default for when your user lacks channels
<clever> chpatrick: you simply havent ran `nix-channel --update` as root in a year
<clever> chpatrick: what is the last-mod on the most recent channel in `ls -l /nix/var/nix/profiles/per-user/root` ?
<clever> chpatrick: no, one min
<clever> chpatrick: and now everything should be using the same nixpkgs version, no more confusion
<clever> chpatrick: and now `ls -l ~/.nix-defexpr/channels` should only have a manifest.nix
<clever> chpatrick: do `nix-channel --remove nixos ; nix-channel --remove nixpkgs ; nix-channel --update` all without root
<clever> chpatrick: ah, you have 2 nixos channels, and a nixpkgs channel, thats going to cause all kinds of weird things
<clever> chpatrick: what does nix-channel --list report, both with and without root?
<clever> its using the channel called nixos, that is managed by root
<clever> thats normal
<clever> nix-instantiate --find-file nixpkgs
<clever> if you know what path it will be at
<clever> markus1189: libredirect, to point it into running a pre-patched copy when it tries to run the other?
<clever> i dont believe it can be used on derivations
<clever> and it will filter the contents and then return another path
<clever> cleanSource needs a path to a directory
<clever> adetokunbo: src = lib.cleanSource ./.; is a simple example
<clever> samueldr: oh, and #osdev knows more about low level stuff in the efi area
<clever> if you get the `.drv` file from 2 different builds, you can use `nix-diff` to compare them, and see why its different and rebuilding
<clever> yeah
<clever> if you want to use it in another expression, you just import or callPackage the nix file that made it
<clever> nope
<clever> i just nix-build and ./result/bin/foo to test things
<clever> i also try to avoid using nix-env when testing things
<clever> i just use nix-build for building things in the store, and nix-env -f foo.nix -iA bar, if i want it installed into my profile
<clever> ive never used nix-install
<clever> lib.cleanSource can clean that up
<clever> adetokunbo: if your leaving a result symlink in its source dir, then the source is going to change every time you build it, and nix will always have to rebuild it
<clever> adetokunbo: you need to refer to the nix expression that built it using import or callPackage
<clever> perrier-jouet: dont know
<clever> perrier-jouet: i think its bootstrap+docbook, from the Makefile in the repo i linked
<clever> same for any other binary in the chain
<clever> but if your grub is maliciously altered, the hash wont match, and the TPM wont unlock
<clever> and if you play the same sequence of hashes to the TPM, it will unlock the secrets
<clever> and this option, i believe grub will report the hash of the linux kernel (and other things?) to the TPM as it boots
<clever> https://nixos.org/nixos/options.html#boot.loader.grub.trustedboot
<clever> for example, so grub can ask the firmware, is linux.xz correctly signed?
<clever> i think the only point of that function, is to decide if you should verify other binaries, before you execute them
<clever> but as you have seen, a machine without secureboot can just run something like uboot, and then uboot is free to lie and claim secureboot is "on"
<clever> also of note, there is a function in the efi tables, that just returns a boolean, saying if secureboot is on or not
<clever> and then linux has permission to manage the previously mentioned devices
<clever> samueldr: but when linux boots, it runs ExitBootServices() which shuts down most of that, and limits you to just the efi vars, and some very basic stuff
<clever> samueldr: early in the boot, the firmware is doing a lot of things, has exclusive control over drives, gpu, and usb, and provides a lot of features
<clever> performance reasons
<clever> those are only for the bootloader level stuff
<clever> linux doesnt really use much of the efi services
<clever> yeah
<clever> dang
<clever> so i can just select it from the main grub menu
<clever> i have a boot.loader.grub.extraEntries that adds the correct chainload (legacy only) to the grub.cfg
<clever> lol
<clever> so i have to tweak bios settings, or return to pure legacy, every time i want windows
<clever> i switched my dual-boot desktop to boot nixos in efi, but then discovered win7 still used legacy and lacks a boot.efi
<clever> likely, because the CSM is potentially missing
<clever> oh, anoyingly, grub-efi cant chainload any legacy os
<clever> so u-boot would have to be configured to have a dedicated partition for its vars
<clever> uboot cant safely write to the /boot partition when linux mounts it
<clever> for it to work right, part of u-boot has to remain running, forever, and have the ability to write to SD
<clever> [root@amd-nixos:~]# efibootmgr -v
<clever> samueldr: check `mount`
<clever> efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
<clever> efi reports how much time was spent in each stage of booting
<clever> Startup finished in 577us (firmware) + 95us (loader) + 6.112s (kernel) + 20.083s (userspace) = 26.197s
<clever> samueldr: run systemd-analyze
<clever> samueldr: oh, one min
<clever> samueldr: having a proper list in installBootLoader would allow you to setup a uboot+efi module, and enable both uboot+efi and grub+efi
<clever> and yeah, you sort of need a list for installBootloader, to be able to install both u-boot and grub2
<clever> :D
<clever> document things!
<clever> how is efi even working???
<clever> :O!!
<clever> so it masically acts as both a list, and a fully merged set of modules
<clever> and aggregateModules will do a buildEnv over all packages, then run depmod to update caches within the result
<clever> but if you try to read the value elsewhere, it runs it thru the apply function
<clever> samueldr: system.modulesTree internally, is a list of packages that contain kernel modules
<clever> samueldr: this is an example of how apply works
<clever> you could also try types.listOf types.str and add an apply function, one min
<clever> then it will hard fail if you set it twice
<clever> if your feeling bored, i would move ot to system.installBootLoader and give it a type of types.str i think
<clever> samueldr: system.build is just a dumb attrset, with no typechecking and no error support
<clever> 148 type = types.attrs;
<clever> 146 internal = true;
<clever> 145 system.build = mkOption {
<clever> samueldr: oh, i know why
<clever> same in extlinux generic
<clever> 41 system.build.installBootLoader = "${builder} -g ${toString cfg.configurationLimit} -t ${timeoutStr} -c";
<clever> grub just sets installBootLoader normally
<clever> ah, that should be a fatal error
<clever> what was it?
<clever> efiSupport = true i mean
<clever> samueldr: is boot.loader.grub.efi.enable set?
<clever> does it initially work but stop working after a reboot?

2018-09-24

<clever> other machines not covered by hydra also exist in that repo
<clever> kandinski: hydra is configured to build everything in release.nix
<clever> yeah
<clever> checking the logs, it looks more like a garbage collection ate the compiler (bugs in some auto-gc stuff), and the build failed when it shouldnt have
<clever> and then 1 day ago, it fixed itself
<clever> i can see that 3 days ago, something stopped building
<clever> and i can pick a rev it has pre-built, and update to it almost immediately
<clever> so i can both see if it will break without updating
<clever> i also have my local hydra pre-building my nixos configs against nixos-unstable
<clever> if you ensure every machine is on the same nixpkgs rev (update the channels at the same time, or other stuff), you can share build products between machines
<clever> and now the company is very anti-nix and doesnt like the other guy that is trying to promote nix
<clever> ive seen another company where the new guy tried to switch them to nixos before learning it fully himself
<clever> that would be a bit more complex, but still possible
<clever> and then people can just `nix-channel --update ; nix-env -iA company.all-tools` to both upgrade, and get any new tools added to the list
<clever> and a common set like newstuff above, could be inside that channel
<clever> you could make your own nix channel, for the company, which returns company specific tools in it
<clever> the company channel could then refer to an approved nixpkgs rev, that hydra has pre-built your tools for
<clever> it would get whatever packages the "all-tools" set in the "company" channel listed
<clever> just make a channel, with the default.nix returning tools, and a set called all-tools
<clever> and then anybody with the channel can just nix-env -iA company.all-tools
<clever> your custom channel could even have such sets, directly in it
<clever> but there are also things that break the build often, and then i move them to nix-env, because they get in the way of changing 1 line in a config file
<clever> i try to use nix-env for temporary things, and move them to configuration.nix later
<clever> you could also make 2 sets of packages, and choose to always install set1 from nixpkgs, and set2 from nixos
<clever> yep
<clever> `nix-env -iA nixos.newstuff -r` will atomicly install(or update) everything in the set, and remove anything not in the set
<clever> but it wont remove things you took out of the set
<clever> and if you nix-env -iA nixos.newstuff, it will install (or upgrade) everything to the versions listed there, from the nixos channel
<clever> the override in the gist, will create a set called newstuff
<clever> not sure if it is in the manual
<clever> nix-env -iA nixos.mystuff, will install all of my stuff, from the nixos channel
<clever> which also helps with channels
<clever> it helps to declaratively specify what packages you want, and which attr set to get them from
<clever> i once got stuck in a 12 hour build of python junk, installing the wrong variant of youtube-dl
<clever> kandinski: oh, and some of the pythonPackages sets arent build by hydra, ever
<clever> kandinski: but nix-env -u can sometimes pick the wrong one