2018-09-05

<clever> dhess: already done that, in my 3rd pxe example
<clever> dhess: this creates a qemu VM that has nvme drives
<clever> dhess: and then there is testing nvme under justdoit, i cant be wiping my laptop hourly :P
<clever> dhess: and PXE is legacy boot, but NVME is uefi only, so i had to mess with the removable flag to get the machine to boot
<clever> so i have to conditionally insert a p everywhere
<clever> dhess: the problem, is that justdoit assumes ${drive}1 is partition 1, but nvme uses ${drive}p1
<clever> dhess: but nvme and uefi had other things to say about those plans, lol
<clever> dhess: my original use-case for netboot_server.nix, was to netboot my new laptop, from the old laptop, and install nixos with a simple `justdoit` at the shell and be done instantly
<clever> dhess: the second one is in https://github.com/cleverca22/nixos-configs/blob/master/router.nat.nix#L141 and its more partial, because half of the service is on a gentoo box, lol
<clever> ah
<clever> this one is a complete router, with dhcp, bind, tftp, nginx, and netboot
<clever> ah, that one isnt as complete
<clever> ah, netboot_server.nix ?
<clever> dhess: which one? i have 2 or 3 pxe configs, lol
<clever> dhess: nice
<clever> and if you `journalctl -f -u hydra-check-space.service`, you will see when disk space has gotten low, and it stopped things
<clever> so if you want to delete things, you need to maybe reduce the keep number, `systemctl start hydra-update-gc-roots.service`, wait for it to finish, then nix-collect-garbage
<clever> which then allows nix-collect-garbage to GC the actual builds
<clever> hydra-update-gc-roots.service is responsible for GC'ing the GC roots
<clever> but, the evaluator creates the roots at eval time, and hydra only cleans up roots once a day
<clever> this jobset is setup to keep the entire closure for the last 5 evals GC rooted
<clever> srk: first, is the keep number on each jobset
<clever> srk: but hydra is lazy about updating its gc roots
<clever> srk: yep
<clever> dhess: mainline
<clever> nothing exists to start them again, so you have to manually do that with systemctl
<clever> and if it goes under 1gig, the evaluator is also stopped
<clever> when the nix store goes under 2gig free, the queue-runner will automatically be stopped
<clever> half of my job is managing this hydra
<clever> i'm on the devops team
<clever> iohk-ops
<clever> dhess: check the PR that introduced those changes
<clever> device(s) is only for legacy boot
<clever> tobiasBora: when using efi, device should be "nodev"
<clever> and then either create the pool on it, or use lvm to splut the luks up
<clever> yeah, the encryption has to be done at the block-device level, with luks
<clever> tobiasBora: native zfs encryption isnt considered production ready
<clever> tobiasBora: yeah
<clever> with zfs
<clever> i use luks on my laptop
<clever> and it will dynamically adjust itself based on how much is used
<clever> by default, the max is 50% of your ram
<clever> Denommus: thats how i was last doing it
<clever> philippD: nix-shell -p 'haskellPackages.ghcWithPackages (ps: [ ps.lens ])'
<clever> philippD: you must call ghcWithPackages
<clever> tobiasBora: what device is the PV on?, is there any luks at play?
<clever> Baughn: bind mounts, you can re-mount a subdir of any fs as read-only
<clever> Baughn: nix will just put full storepaths relative to the rootfs dataset, when things are on the same FS
<clever> Baughn: symlinks would still fail
<clever> and then grub has to deal with the giant directory that is /nix/store, which can break grub
<clever> of note, if /boot and /nix/store are on the same zfs dataset, nix wont copy the kernels to /boot
<clever> tobiasBora: or you can use ext4 for /boot (or even use the /boot dir on the / partition), and put the vfat on /boot/EFI, which requires boot.loader.efi.efiSysMountPoint = "/boot/EFI";
<clever> tobiasBora: you can either put the EFI system partition (the vfat) at /boot
<clever> tobiasBora: and also: boot.loader.grub.efiSupport = true; boot.loader.grub.device = "nodev";
<clever> tobiasBora: systemd-boot
<clever> tobiasBora: try switching to grub?
<clever> brb
<clever> tobiasBora: and if you do nixos-install now?
<clever> tobiasBora: i dont see a boot volume mounted to /mnt/boot/
<clever> tobiasBora: what does `mount` output?
<clever> tobiasBora: what is preventing you from installing it on either?
<clever> tobiasBora: one option i sometimes do, just format a partition on the USB, and do normal nixos-install against it, and treat it like a normal dual-boot setup
<clever> rather then using self.callPackage ({ writeScriptBin }: ... ) {};
<clever> tilpner: i think line 14 is cheating more, it just outright does pkgs.writeScriptBin
<clever> tilpner: that only gets lib functions, but not pkgs
<clever> and callPackage still falls back to nixpkgs
<clever> only the things within the original packages function (and the overlays added) are in the final result, but no nixpkgs
<clever> and line 50 uses overrideScope to inject overlays
<clever> 48 auto-creates a self.callPackage, that will search self first, then pkgs
<clever> line 48 then makes a new scope around that
<clever> line 3 defines a `packages = self: { ... }` function, and it must refer to its own members via self
<clever> srhb: have you seen newScope and makeExtensible?
<clever> lets head over to #nixos-chat
<clever> infinisil: previously, a&b from my example above, are just the same Value, *checks*
<clever> infinisil: also, i can see this potentially harming memory usage
<clever> essentially, `let foo = { ... }; a = foo; b = foo;` results in `a != b`
<clever> and now the 2 different ways to access the same set, are not equal to eachother
<clever> oh, and they wont have the same __path anyways!
<clever> are you mutating both targetPlatform and hostPlatform the same way?
<clever> 206 has moved to 237
<clever> 206 is the nearest
<clever> infinisil: no assertion there
<clever> yeah
<clever> > "${hello}"
<clever> uhhh?
<clever> > hello.outPath
<clever> and every single derivation
<clever> so even your strings can have paths :P
<clever> this is a set, but nix treats it as a string!
<clever> > "${ { outPath = "foo"; } }"
<clever> > "${ { outPath = "foo" } }"
<clever> it can also be done on strings, let me see
<clever> so you could do `let foo = x: x*5; in x.__path;`
<clever> this would let you turn a function into a "set" that still behaves like a function
<clever> infinisil: have you seen the functor thing?
<clever> infinisil: ah, so you just map over every attr, and // a __path to every key
<clever> infinisil: how is __path done?
<clever> elvishjerricco: try copying result/bin/run-nixos-vm, then add a `set -x` to the start
<clever> it will add the , in if the var is set
<clever> oh wait, i just looked closer at the bash
<clever> elvishjerricco: the , is missing from your var
<clever> elvishjerricco: i think https://github.com/NixOS/nixpkgs/pull/37216 is your issue
<clever> elvishjerricco: if you read the generated at result/bin/run-nixos-vm, what does ti do with the var?
<clever> it lets you overwrite the -net flags, and it can accidentally remove support for QEMU_NET_OPTS
<clever> oops, without the '
<clever> elvishjerricco: was networkingOptions in the configuration.nix file?
<clever> ah, then you could maybe try the s3 api
<clever> colemickens: one option is to add an azure backend, nix copy already supports s3://
<clever> so they dont try to load the same overlay again
<clever> joehh: at least use import <nixpkgs> { config = {}; overlays = []; } for the inner ones
<clever> joehh: your inner nixpkgs fetch is trying to load the overlay

2018-09-04

<clever> kiloreux: it would be faster to have a single central place, that imports 2 or 3 nixpkgs, then does unstable.callPackage vs pkgs.callPackage
<clever> once it starts copying deps, yeah
<clever> and nix-prefetch-url --unpack https://github.com/nixos/nixpkgs/archive/GITREV.tar.gz
<clever> i believe
<clever> builtins.fetchTarball { url = "https://github.com/nixos/nixpkgs/archive/GITREV.tar.gz}; sha256 = "hash"; }
<clever> it needs a URL
<clever> techieAgnostic: you want builtins.fetchTarball not fetchFromGitHub
<clever> yep
<clever> try only chrome
<clever> did you reboot the entire machine or only chrome?
<clever> rain1: is the mic listed on the input devices tab?
<clever> rain1: you must fully restart chrome to restore capture
<clever> rain1: chromium entirely looses the ability to capture audio if you restart the pulseaudio daemon
<clever> i remember there being something more specific, but dont see it
<clever> yeah
<clever> tnks: i think the defaults have changed recently
<clever> some people abuse lib.isNixShell to automatically return .env, and nix-build being ran under nix-shell will falsely register as nix-shell, causing nix-build to break
<clever> i try to avoid nesting them
<clever> doesnt really matter that much
<clever> its a bit tricky to inject things into the haskell packages
<clever> so you cant pass it with callPackage
<clever> it doesnt accept imagemagick
<clever> { mkDerivation, base, filepath, hakyll, hakyll-favicon, stdenv }:
<clever> techieAgnostic: can you gist your files?

2018-09-03

<clever> for example, `nixos-enter --root /mnt`
<clever> v0|d: you want nixos-enter
<clever> elvishjerricco: Sep 03 17:50:04 system76 tcsd[31570]: TCSD TCS ERROR: TCS GetCapability failed with result = 0x1e
<clever> ah
<clever> elvishjerricco: looks like the tcsd service installs something, but not tpm-tools
<clever> elvishjerricco: any fun commands i can run to query mine?
<clever> elvishjerricco: interesting, i have a TPM visible on my laptop
<clever> crw------- 1 root root 10, 224 Aug 23 15:37 /dev/tpm0
<clever> i had the exact same problem
<clever> try V instead of v
<clever> Neo--: how are you checking to see if you have virtualbox?
<clever> Neo--: the only thing you need to do is set virtualisation.virtualbox.host.enable = true and then nixos-rebuild switch
<clever> Myrl-saki: what about -v ?
<clever> lorilan: just run `ulimit -s newlimit`
<clever> not sure what else to check then without seeing the nix code
<clever> lorilan: next thing to check is to see if there is any repeating pattern, and if it is actually infinite recursion
<clever> lorilan: stats might be at the bottom, but probably not
<clever> try adding -vvvvv
<clever> errors probably hide it
<clever> lorilan: `ulimit -a` shows all limits
<clever> lorilan: what about adding NIX_SHOW_STATS=1 to things?
<clever> ,profile
<clever> yeah, it feels like that part of the time cmd is just broken
<clever> yep
<clever> that feels abnormally low, but what does it report for your expressions?
<clever> Average stack size (kbytes): 0
<clever> [clever@amd-nixos:~/hie-slow-start]$ command time -v nix-instantiate default.nix -A hie
<clever> lorilan: default is 8mb for me
<clever> lorilan: i believe ulimit controls the stack size
<clever> lorilan: can you gist the files involved?
<clever> lorilan: did the problem recently start when you changed something?
<clever> infinisil: result: aeson amqp text stm containers strict github http-conduit:323 Mon Sep 3 04:40:03 ADT 2018
<clever> lorilan: does --show-trace show any details?
<clever> write a custom client that runs hie and gives it a simple cmd?
<clever> ah
<clever> does it happen if you just run hie directly, without emacs?
<clever> 474
<clever> its also using 428mb of ram
<clever> hie --lsp -d -l /tmp/hie.log
<clever> i see the hie process consuming 93% cpu
<clever> sleep raised to 30
<clever> and it quit
<clever> infinisil: emacs is open once more
<clever> oh, i should gc that copy of 17.09, lol
<clever> lrwxrwxrwx 1 root root 84 Jul 21 17:38 system-419-link -> /nix/store/kgkjqgpajqyswas2ygyd2fpr70knsf6d-nixos-system-amd-nixos-17.09.git.9e1d8b7
<clever> only to discover, amazon.ca doesnt let you filter drives by size...
<clever> this is why i was looking for some 4tb drives on amazon
<clever> by alternating between the laptop and desktop :P
<clever> auto-gc strikes again
<clever> its downloading more deps
<clever> result: aeson:31 Mon Sep 3 04:27:17 ADT 2018
<clever> result: aeson:30 Mon Sep 3 04:24:02 ADT 2018
<clever> oh, main turned green, and it exited
<clever> sleep was increased to 10, emacs is open, its not closing on its own
<clever> still 0 for aeson
<clever> result: aeson:0 Mon Sep 3 04:22:50 ADT 2018
<clever> hie found: 566 Mon Sep 3 04:22:49 ADT 2018
<clever> and that then broke everything
<clever> and then it failed to rebuild cabal-helper
<clever> i think you murderized emacs before it could finish building cabal-helper
<clever> infinisil: i now get the red thingy
<clever> infinisil: file 4 in the gist, after a minute, the path turned into an 8mb elf file
<clever> wait
<clever> after blowing the dir away, it remade the same 0 byte file
<clever> [clever@amd-nixos:~/hie-slow-start]$ rm -rf ~/.cache/cabal-helper/
<clever> its a 0 byte non-executable file
<clever> -rw-r--r-- 1 clever users 0 Sep 3 04:11 /home/clever/.cache/cabal-helper/cabal-helper0.8.1.0-Cabal2.2.0.1
<clever> infinisil: gist updated
<clever> i see an error this time
<clever> i had bumped the sleep up to 45, but i can do that too
<clever> something flashed red in the status bar momentarily, but it vanished and wont recreate
<clever> infinisil: nope
<clever> infinisil: i also added $(date) to both echo's
<clever> result: aeson:0 Mon Sep 3 04:11:26 ADT 2018
<clever> hie found: 3013 Mon Sep 3 04:11:18 ADT 2018
<clever> yeah, about 4-ish
<clever> infinisil: this log contains the emacs error
<clever> nix-store -l /nix/store/jxflbmrsnvfflhq6xxykk7rjgmcqn8fc-emacs-lsp-haskell-20180131.459
<clever> i believe the emacs error was inside a nix-build
<clever> updated
<clever> much shorter output, and no emacs error
<clever> so my $HOME cant have any effect
<clever> infinisil: oh, i think that warning was inside a nix-build
<clever> try changing $HOME to another dir in the script
<clever> ah
<clever> i have a ~/.emacs.d/
<clever> i didnt measure it
<clever> yeah
<clever> infinisil: i saw an emacs!
<clever> infinisil: GC are the nix files
<clever> error: getting status of '/nix/store/0carxx7bfxrs68jbzc9mqj8vr7g0bcng-source/pkgs/top-level/haskell-packages.nix': No such file or directory
<clever> its running, but another gc ran
<clever> for best performance, the gap between 3&6 should be large enough to not trigger often
<clever> and then waste time deleting and redownloading things
<clever> and if IFD tries to build anything under 3gig, it will gc things it needs later in the eval
<clever> infinisil: if the store gets below 3gig free, it will auto-gc, aiming to get 6gig free
<clever> add ` --add-root hie --indirect`
<clever> infinisil: the nix-shell started a GC, and thats going to eat hie, lol
<clever> waiting for the big garbage collector lock...
<clever> running auto-GC to free 3398696960 bytes
<clever> run is running
<clever> oh, i just noticed, your already using cachix to host it, lol
<clever> though your previous method saves time by reusing anything the user has in /nix/store, and cache.nixos.org helps out
<clever> after they unpack, change --to into --from, to cpy it back out into /nix/store/
<clever> then tar example up and ship it to somebody
<clever> nix copy --to local?root=/home/clever/example /nix/store/fwjqsdg2xljh78qg67pypnxarsq0r72m-haskell-ide-engine-0.2.2.0
<clever> nix copy can also be used then
<clever> so its for a bug, not production use
<clever> ah
<clever> file a PR to nixpkgs and get hydra to build it?
<clever> infinisil: you can also just use a nixos module to append
<clever> infinisil: i think cachix automates most of that fun for you
<clever> maybe --option vs --option-append
<clever> we need monads in our config overrides :P
<clever> but the keys still have to be handled seperately i think...
<clever> yeah, substituters and extra-substituters get added together by nix
<clever> oh wait no, but trusted-public-keys un-trusted the nixos keys
<clever> though i suspect you had to build your own ghc
<clever> then i get what i can from upstream
<clever> infinisil: also, performance can be better with `--option substituters 'https://cache.nixos.org https://infinisil.cachix.org'`
<clever> these paths will be fetched (145.79 MiB download, 1940.35 MiB unpacked):
<clever> [root@amd-nixos:~]# nix-store -r /nix/store/fwjqsdg2xljh78qg67pypnxarsq0r72m-haskell-ide-engine-0.2.2.0 --option substituters https://infinisil.cachix.org --option trusted-public-keys infinisil.cachix.org-1:AL3v/0xIYDyK+DCafL02HoeoHjprJiHE97ZVK3m8jdg=
<clever> thats a nix.conf field that allows non-trusted users to do `--option substituters https://infinisil.cachix.org`
<clever> trusted-substituters has no effect on actual downloads
<clever> infinisil: if you are root (or a trusted user), you can use the proper fields with --option, the names match up with nix.conf
<clever> once you understand what is unique to a machine and what is common, you can split things up like this and adopt the machines into nixops
<clever> but all of the common things has been put into eeepc.nix and core.nix
<clever> and they need a unique IP on the VPN
<clever> each netboot has a unique partition layout, because of the haphazard ways i was installing things back then
<clever> you will need to properly keep that unique, when defining each machine in nixops
<clever> the configuration.nix on the remote machine will just be ignored entirely
<clever> colemickens: as long as you can reproduce the filesystem and boot config locally (just copy in over), nixops can adopt anything it can ssh into
<clever> have you looked into nixops?
<clever> after the first boot, it will read your user-data, change the channels and config, and run nixos-rebuild switch
<clever> yeah, thats in the amazon-init.service within systemd
<clever> a custom channel you control the updating of would effectively be pinned
<clever> which could deal with what you want
<clever> and optionally change your channels