2018-05-24

<clever> infinisil: though thats the only config i cared about at the time
<clever> infinisil: line 26
<clever> NIX_PATH does support url's
<clever> krey: nix-prefetch-url is probably faster then -git
<clever> ,pinning
<clever> 2 finger swipe does "mouse wheel" scrolling
<clever> tilpner: absolutely nothing happens on my laptop when i swipe with 3 fingers in any direction, any number of times
<clever> > haskell.lib.overrideCabal
<clever> fresheyeball: i think it was: overrideCabal (callCabal2nix "name" ./. {}) (drv: { .... })
<clever> fresheyeball: run overrideCabal on the derivation
<clever> fresheyeball: the derivation it makes will build the project
<clever> ah, srv is whats failing, not /var/lib/jupyter
<clever> oh, the PR already has that
<clever> ixxie: a second option, set home="/var/jupyter"; createHome = true; on the user in question
<clever> ixxie: this causes the User= to only affect ExecStart, so preStart gets ran as root
<clever> ixxie: serviceConfig.PermissionsStartOnly = true;
<clever> ixxie: one min
<clever> ixxie: in that same preStart string, run `id` and `ls -ld /var/`
<clever> ixxie: systemd.services.jupyter.preStart = ''mkdir /foo/bar'';
<clever> thats less the job of nix, and more the job of systemd/bash, which are configured by nix
<clever> ixxie: at runtime, in places like the pre-start script of a service
<clever> ixxie: where and when should the path be created?
<clever> tazjin: you want the function
<clever> tazjin: there is both a $patchPhase, and a patchPhase function
<clever> oops, patchPhase, yeah
<clever> tazjin: you need to manually run unpackPhase somewhere inside buildCommand
<clever> tazjin: buildCommand stops all phases from being ran
<clever> tazjin: can you gist the original expression and your override?
<clever> --add wont do anything until you --update
<clever> and you did nix-channel --update?
<clever> ldlework: which user did you add that channel to?

2018-05-23

<clever> drakonis: if you add to the imports of the system, then nixos-rebuild will run the module, as long as it doesnt conflict with existing ones
<clever> the above config, tells it to use the same one as nix (which came from nix.buildMachines), and a second one that is inlined right there
<clever> ocharles: hydra supports a list of files, that have the /etc/nix/machines format
<clever> ocharles: yeah
<clever> drakonis: relative paths are evaled relative to the file that contains the path
<clever> drakonis: it can also be relative
<clever> ocharles: this may help, and also fix the missing /, and remove localhost from the main machines file (via its config)
<clever> ocharles: services.hydra.buildMachinesFiles = [ "etc/nix/machines" (builtins.toFile "machines2" "ocalhost x86_64-linux - 2 1") ];
<clever> ocharles: one min
<clever> drakonis: add its path to the imports list on your configuration.nix
<clever> just use a non-local 64bit build slave
<clever> it may be that hydra treats localhost specially, but nix does not
<clever> using localhost as a slave also causes many problems with IFD
<clever> unable to open SSH connection to 'localhost': don't know how to open Nix store 'localhost'; trying other available machines...
<clever> yes
<clever> so hydra isnt capable of doing any 64bit builds
<clever> ocharles: the 64bit slave in /etc/nix/machines is invalid
<clever> ocharles: can you add both those spec.json.drv files to the gist, along with your /etc/nix/machines ?
<clever> the key, is to look at what the first thing it builds is, and then figure out why hydra wont build that
<clever> yeah
<clever> ocharles: find the .drv file that is listed on the build in the queue (in the UI) then run `nix-store -r` on it on the hydra machine, what is the very first thing it builds (you can also ctrl+c once it starts)
<clever> cocreature: currently, it only works on runtime stuff, youll need to manually search `nix-store --query --tree /nix/store/foo.drv`
<clever> that wont un-stick your queue, that will just add more to the queue!
<clever> ocharles: it needed a --add-fixed at EVAL time, so it wont show in latest-steps failures
<clever> ocharles: oh, import from derivation
<clever> ocharles: those would show under status->latest steps, as derivations that keep failing
<clever> ocharles: is the hydra publicly visible?
<clever> johanot: yeah
<clever> johanot: nix-daemon will pick a semi-random user of the nixbld group, then `kill -9` every process in the user, and start a build under it
<clever> johanot: never add yourself to the nixbld group
<clever> and limiting its usage to only the users that should have access limits the attack surface area
<clever> by launching the right type of vm, and changing stack segment registers during an irq, you can gain ring0
<clever> sphalerite: maybe something to do with this
<clever> so the nixbld group must own /dev/kvm, or you give it the other bits
<clever> johanot: it sounds like nix-daemon isnt obeying the groups you added the user to
<clever> qemu never gets root, so -runas wont matter
<clever> johanot: what user/groups does this output?
<clever> johanot: nix-build -E 'with import <nixpkgs> {}; runCommand "test" {} "id"'
<clever> johanot: on my nixos machine, its crw-rw-rw- 1 root root 10, 232 May 22 21:42 /dev/kvm
<clever> yep
<clever> acowley: stdenv.cc.cc

2018-05-22

<clever> you want to run hself.callCabal2nix "streamly" streamly {};
<clever> fresheyeball: so the nix-shell gives you a shell that is suitable for downloading the src
<clever> fresheyeball: the override puts the source in the streamly attr
<clever> fresheyeball: what nix-build args are you using to test that?
<clever> time to document it!
<clever> bobvanderlinden: try switching to import <nix/fetchurl.nix>, i think that one obeys netrc securely, and can be done in parallel
<clever> bobvanderlinden: this is import <nix/fetchurl.nix>, the 3rd fetchurl
<clever> it ultimately calls this, and blocks the eval until it has finished
<clever> Path res = getDownloader()->downloadCached(state.store, url, unpack, name, expectedHash);
<clever> bobvanderlinden: https://github.com/NixOS/nix/blob/master/src/libexpr/primops.cc#L2057-L2060 this is the implementation of builtins.fetchurl
<clever> bobvanderlinden: there is a 3rd fetchurl, let me find it
<clever> bobvanderlinden: but pkgs.fetchurl can be
<clever> bobvanderlinden: ah yeah, builtins.fetchurl cant be done in parallel
<clever> bobvanderlinden: everything i work with is open on github, so its less of an issue here
<clever> bobvanderlinden: ah, id just use builtins.fetchurl for the select places where you need secrets, and pkgs.fetchurl for others
<clever> bobvanderlinden: what do you need secrets for with https?
<clever> bobvanderlinden: for example: builtins.fetchGit { url = "git@github.com:cleverca22/nixos-configs"; }
<clever> bobvanderlinden: fetchGit supports using your ssh-agent, and the secrets wont be sent to the remote machine
<clever> ,tofu
<clever> bobvanderlinden: then it will just run `git clone` outside of the sandbox
<clever> bobvanderlinden: i would use builtins.fetchGit for that, with an ssh based url
<clever> desttinghim[m]: nix-env -iA nixos.haxe uses the nixos entry in ~/.nix-defexpr/
<clever> bobvanderlinden: is the source on some git server?
<clever> bobvanderlinden: what are you trying to do?
<clever> bobvanderlinden: but it has to be set in the context of nix-daemon
<clever> bobvanderlinden: NIX_CURL_FLAGS should still work with pkgs.fetchurl
<clever> bobvanderlinden: that function doesnt exist
<clever> > lib.fetchurl
<clever> bobvanderlinden: when sandboxing is enabled, nix can block the network access for non-fixedoutput derivations
<clever> bobvanderlinden: pkgs.fetchurl runs curl inside a nix derivation, and only by declaring the hash of the output, will nix allow network access
<clever> pkgs.fetchurl supports a list of mirrors, and downloading the first url from a list that works
<clever> and if ~/.config/nixpkgs/config.nix exists, it will silently ignore ~/.nixpkgs/config.nix
<clever> and if the file at $NIXPKGS_CONFIG exists, it will cause nixpkgs to silently ignore ~/.config/nixpkgs/config.nix
<clever> but the configuration argument to <nixpkgs/nixos> has the highest priority
<clever> for example, $NIXOS_CONFIG has priority over <nixos-config>
<clever> if you know what to set
<clever> there are a couple env vars that nixos checks, that cause some slight impurities
<clever> i get obessed with finding out how things work, so ive read all of the eval-config.nix source, and the related modules
<clever> and if you reboot, the changes are reverted
<clever> that will load both the normal configuration.nix, and custom.nix, then activate
<clever> done!
<clever> NIXOS_EXTRA_MODULE_PATH=/path/to/custom.nix nixos-rebuild test
<clever> oh, one min
<clever> it will activate it, but not make it permanent, check the nixos-rebuild page under test
<clever> that will do the exact same thing
<clever> nixos-rebuild test -I nixos-config=/path/to/custom.nix
<clever> also, you dont even need nix-build
<clever> if you reboot, all changes are gone
<clever> this will build, and activate it, but not touch any profiles, and not touch any bootloader config
<clever> nix-build '<nixpkgs/nixos>' --arg configuration '{...}: { imports = [ /etc/nixos/configuration.nix ]; options = {}; config = {}; }' -A system --show-trace && ./result/bin/switch-to-configuration test
<clever> if you only want to test, dont use nix-env, and dont use switch
<clever> if its not under profiles, then garbage-collection may eat it
<clever> it can be any path under profiles
<clever> nix-env -p /nix/var/nix/profiles/system --set /nix/store/foo && /nix/store/foo/bin/switch-to-configuration switch
<clever> that is why a system-profiles has come out of nowhere
<clever> that is what nixos-rebuild does with the name you give it
<clever> mkdir -p -m 0755 "$(dirname "$profile")"
<clever> profile="/nix/var/nix/profiles/system-profiles/$1"
<clever> giving -p a storepath just breaks everything
<clever> -p takes the path to a profile, and will build <nixos-config> and place it into that profile
<clever> -p doesnt work like that
<clever> that doesnt look like nixos-rebuild
<clever> what is even calling nix-env there?
<clever> why do you have a system-profiles link?
<clever> what state changes?
<clever> how exactly is it breaking the system?
<clever> depending on if its the root module, or in imports of the root module
<clever> which makes your configuration.nix come either before or after most of nixos
<clever> the problem, is the order of all modules, as it recursively traverses your imports statements
<clever> the whitespace in /etc/hosts moved, but not the value itself
<clever> oh wait, i think i see what the differences are now
<clever> and which method did the .drv in red come from?
<clever> Myrl-saki: what file is that .2.101 entry in /etc/hosts defined in?
<clever> can you screenshot the first page of output from nix-diff? the colors are missing
<clever> minus the (
<clever> Myrl-saki: try also: nix-instantiate '<nixpkgs/nixos>' --arg configuration '(/etc/nixos/configuration.nix' -A system --show-trace
<clever> Myrl-saki: what is the exact 2 commands you ran to produce those .drv files?
<clever> Myrl-saki: ok, so your hosts file differs, your fonts differ, your xsession differs
<clever> it calls nix-instantiate
<clever> Myrl-saki: dry-run doesnt build
<clever> Myrl-saki: try nixos-rebuild dry-run on each, then use nix-diff
<clever> Myrl-saki: how exactly are you measuring a difference?
<clever> fetchTarball unpacks, and hashes the NAR of the output, but nix-prefetch-url hashes the .tar.gz
<clever> k0001: you need to hash it with `nix-prefetch-url --unpack`
<clever> nix2 also has `nix edit nixpkgs.hello`
<clever> > pkgs.hello.meta.position
<clever> > eval.config.system.build.example
<clever> > eval = import <nixpkgs/nixos> { configuration = { imports = []; system.build.example = "foobar"; }; }
<clever> boothead: one min
<clever> andreabedini: the first loads the nixpkgs entry from $NIX_PATH, the 2nd loads the nixpkgs entry from ~/.nix-defexpr/
<clever> some firmware lets you manually pick a .efi file from the drive
<clever> Ralith: the UUID is part of the filesystem and partition table
<clever> s
<clever> Ralith: i would just move the drive, boot it, and see what happens

2018-05-21

<clever> then give it a dir that has xkb config files
<clever> iqubic: i think you need to use the xkbDir option
<clever> i made my capslock affect numbers as well
<clever> xkbOptions = "caps:shiftlock";
<clever> close that nix repl
<clever> that would be your problem
<clever> symphorien: and what is pid 31174 ?
<clever> symphorien: what does `ps aux` say about that pid, the full line
<clever> symphorien: i think pid 31182 is using that path
<clever> muzzy: ive even done network in the initrd, several times
<clever> muzzy: and i know enough CLI wizardry that i can force the network to come online without using the proper services
<clever> muzzy: you still have rollback options in the grub menu of the router
<clever> you have to practically strip the OS naked to even deploy a 2nd version
<clever> but the drive in those is also soo small you can barely fit 2 generations of nixos
<clever> there is an example deployment with 2 netbooks in the same repo, they have a similar problem
<clever> muzzy: but i plan to move more things to nixops when i have time
<clever> muzzy: currently, it only configures the router (because it was too slow to build itself), and everything else is nixos-rebuild
<clever> bennofs[m]: there is no real state in such a system
<clever> bennofs[m]: if every host is using the "none" targetEnv, you can technically just `nixops create` the same deployment on several machines, and deploy from any
<clever> yeah
<clever> muzzy: you edit the config on the machine thats running nixops
<clever> worldofpeace: pkgsi686Linux or pkgs.callPackage_i686 may be of use
<clever> cant think of anything that would do that
<clever> ah
<clever> s
<clever> the path given to --query --root
<clever> what was $path?
<clever> doesnt mean anything really
<clever> srhb: i think its an index into an array in nix's ram
<clever> your welcome :)
<clever> we forgot to fully test it before mergint eh RP
<clever> ocharles: one sec
<clever> ocharles: yep
<clever> ocharles: this PR includes a patch for hydra to fix it
<clever> ocharles: nix-prefetch-git was already fixed in nixpkgs, but hydra has its own copy of the fix
<clever> one sec
<clever> ocharles: are there git submodules at play?
<clever> it will show in both
<clever> id just unconditionally remove it, maybe add a withSSE2 ? false override
<clever> sphalerite: there is also the issue of building on an sse2 cpu, then nix-copy-closuring to a non-sse2 cpu
<clever> nschoe: correct
<clever> it must be in the buildInputs to be able to find other buildInputs
<clever> nschoe: pkgconfig breaks if you manually install it
<clever> nschoe: try adding pkgconfig to the buildInputs
<clever> you probably want pkgs.haskell.lib.overrideCabal
<clever> the postInstall has to go inside the derivation, not after it
<clever> woodson: you created pkgs.postInstall

2018-05-20

<clever> its not documented, but if .enable is set to true, it adds `postgresqlAndPlugins cfg.package` to systemPackages (see also, line 25)
<clever> nixosnewbie: but since the service has a .package setting, you can skip that if you want to
<clever> nixosnewbie: the only thing special that an overlay gives you, is letting you inject your new versions into the main pkgs set
<clever> nixosnewbie: you can set .package to point to the postgress from unstable, and also use the unstable versions in the plugin list
<clever> yeah, thats it
<clever> maybe
<clever> ,unstable
<clever> which one was it, lol
<clever> ,
<clever> ah, that one wont really help
<clever> ,pinning nixosnewbie
<clever> nixosnewbie: you can also try turning plugins on one by one
<clever> nixosnewbie: i'm guessing they have to go into plugins, and the service will install the combined set
<clever> and the .enable installs the version you put in package
<clever> nixosnewbie: its the .enable that actually installs it
<clever> nixosnewbie: and your only going to break things if you try to manually delete files
<clever> nixosnewbie: line 34 installs one version, and line 62 installs a second version
<clever> nixosnewbie: dont add postgress to the systemPackages
<clever> nixosnewbie: can you pastebin your config?
<clever> nixosnewbie: your installing 2 versions of postgres, remove one of them from your config
<clever> nikivi: you added the channel nixpkgs twice
<clever> ah
<clever> nikivi: as root, do nix-channel --update
<clever> nikivi: and when did you last do an update (or install) ?
<clever> nikivi: and again as root, under "sudo -i"
<clever> nikivi: what does nix-channel --list report?
<clever> nikivi: that sets up channels automatically
<clever> nixosnewbie: what name does nix-channel --list say the channel is?
<clever> nixosnewbie: next thing id try is turning off some of the postgres plugins
<clever> nixosnewbie: yeah, it would be useful to see if thats the only issue
<clever> nixosnewbie: do you need postgres enabled?
<clever> nixosnewbie: pastebin more of the output around the error
<clever> nixosnewbie: need more context around the error
<clever> nixosnewbie: its not a previous package that its trying to remove
<clever> adamt: i once had trouble linking firefox on gentoo, ld alone needed > 3gig of ram, and it was a 32bit machine
<clever> and you should see its a set containing every arch
<clever> adamt: what helps to figure this out, run "nix repl release.nix" then eval netboot
<clever> i think that was the args
<clever> 2018-04-21 18:26:40< clever> sanboot --no-describe --drive 0x80
<clever> but you can skip step 1
<clever> adamt: internally, it will use sanhook to re-route the local hdd api, then just boot the "local" hdd
<clever> adamt: if you omit the args on what san disk to boot, it winds up booting a local disk
<clever> adamt: you just need the right args to the sanboot command
<clever> adamt: hadnt thought to try tht, lol
<clever> adamt: ipxe can also boot a local legacy hdd
<clever> adamt: of note, you can replace boot.php with any server-side scripting of your choice, lookup the mac addr in a database, then decide if it should boot the local hdd or boot nixos netboot
<clever> adamt: https://github.com/cleverca22/nixos-configs/blob/master/netboot_server.nix#L12 this includes the justdoit module inside the netboot'd image
<clever> adamt: you literally run "justdoit" as root, and your done
<clever> adamt: justdoit is a script i wrote for helping with installs, and with a slight tweak, can be an unattended installer
<clever> adamt: my netboot_server is probably the best example then, since it also shows how to configure it under nixos, and includes justdoit
<clever> Unode: yeah
<clever> or -I nixpkgs=https://github.com/nixos/nixpkgs/archive/8bce347f02f6bd606ec1822f0ba9b94d7f139071.tar.gz
<clever> Unode: but i couldnt get chrome to run in that situation
<clever> Unode: its only set when you drop root to your user, so you need to either logout and back in, or "exec sudo -i" then "exec sudo -u clever -i" which re-applies what your user should have
<clever> Unode: yeah, cache-miss combined with async loading of fonts, causing it to load the same font 2000 times
<clever> adamt: rescue_boot just sticks the "netboot" kernel+initrd into /boot and gives them a menu option
<clever> adamt: and if you already know how to setup netbooting, my rescue boot thing may be simpler: https://github.com/cleverca22/nixos-configs/blob/master/rescue_boot.nix
<clever> Unode: and a certain page i was loading was basically a fd-bomb, and it needed over 4000 open descriptors
<clever> Unode: in my case, chrome calls socketpair() when trying to load a font
<clever> adamt: the netboot attributes of release.nix contain the ipxe script, and all the files it needs, in a single dir
<clever> adamt: oh, and also...
<clever> rauno: every attribute you pass to mkDerivation becomes an env var during building
<clever> Unode: this is a chunk of my configuration.nix, i had to bump the open-file limits to fix chrome
<clever> Unode: on sec
<clever> adamt: thats a complete server, with nat, dhcp, and bind, that can netboot nixos
<clever> adamt: if you build this attribute, you will get an ipxe script that refers to the kernel and initrd for you
<clever> phry: after nixos-install it should update