2018-05-05

<clever> yep
<clever> then i can refer to the values in configuration.nix, and keep them in one file that is in .gitignore
<clever> and then in my configuration.nix i have let secrets = import ./secrets.nix; in { ...
<clever> i also use a secrets.nix containing { name = "hunter2"; }
<clever> nixos just lacks one on initial bootup, and i scp it from another laptop
<clever> oh_lawd: i manage /etc/wpa_supplicant.conf manually
<clever> ixxie: yeah
<clever> srk: pkgs.path + "/nixos/lib/make-squashfs.nix"
<clever> srk: i try to avoid using <nixpkgs> in expressions now, so you dont need that hack
<clever> srk: nice
<clever> srk: normally, nix files are pure, and cant access the locals in another file
<clever> srk: yep, that lets you mutate the "global" scope for future files you import
<clever> codygman: 2018-05-05 16:34:13 < mightybyte> unordered-containers = pkgs.haskellPackages.callHackage "unordered-containers" "0.2.9.0" {};
<clever> srk: and using scopedImport, you can mutate what __findFile or __nixPath eval to
<clever> ixxie: manually edit the file that the overlay was patching
<clever> srk: if you type <nixpkgs> into a nix file, it will parse as-if you had typed (__findFile __nixPath "nixpkgs")
<clever> so the overlay wont come into play
<clever> ixxie: release.nix doesnt touch the nixops in nixpkgs, it forces it to build from ./.
<clever> oh_lawd: nixpkgs.overlays = [ (import /path/to/firefox-overlay.nix) ];
<clever> oh_lawd: nixos only obeys nixpkgs.overlays
<clever> oh_lawd: oh, and nixos doesnt obey ~/.config/nixpkgs/overlays
<clever> oh_lawd: probably
<clever> srk: `nixops modify -I nixpkgs=URL` can be used to pin the nixpkgs nixops uses
<clever> ixxie: it would help if i knew the error msg the build fails with
<clever> ixxie: can you gist your overlay file?
<clever> so any attempt to install/upgrade from nixpkgs will apply whatever the overlays said to change
<clever> that will then affect most nix tools (nix-env, nix-build, nix-shell)
<clever> when nixpkgs is loaded, it will auto-load all overlays, so the package set you get from nixpkgs is pre-modified
<clever> ixxie: so you can just nix-env -iA nixos.nixops, if you used nixops= in the overlay
<clever> ixxie: i believe nix-env will load that overlay by default
<clever> ixxie: where did you create the file?
<clever> ixxie: i installed it from nixops master back in march and it works fine now
<clever> yeah, that one
<clever> ixxie: thats a bug in nixops
<clever> mightybyte: can you gist more of the expresion?
<clever> mightybyte: that works when i build it
<clever> oh_lawd: nixpkgs.overlays is a config flag in configuration.nix
<clever> mightybyte: looks just fine
<clever> oh_lawd: an overlay is a function that takes the current and future versions of nixpkgs, and returns a set of changes to apply
<clever> mightybyte: link?
<clever> mightybyte: does the github repo for it contain zero or more then one cabal file?
<clever> ixxie: 2018-03-03 12:00:22< clever> mkaito: ive also done nix-env -f release.nix -iA build.x86_64-linux
<clever> you should find one for each arch
<clever> ixxie: now look inside the build attribute
<clever> both nix and nixops have the same pattern
<clever> ixxie: oh, didnt read the tarball name that closely
<clever> ixxie: also, why are you trying to nix-env the master of nix?
<clever> drakonis: 18.03 defaults to nix 2
<clever> `nix repl` is linked against nix2, and auto-detects the daemon
<clever> nix-repl is linked against nix1 and requires `export NIX_REMOTE=daemon`
<clever> ixxie: use `nix repl` not `nix-repl`
<clever> ixxie: try doing `foo = import ./release.nix {}` and then `foo` in `nix repl` to see what attributes it has
<clever> ixxie: you need to add -A something, and point it to a derivation that contains the binary
<clever> ixxie: you installs the tarball containing the source, not nix itself
<clever> infinisil: ah, yeah, id expect that to work then, maybe config.nix and overrides?
<clever> ixxie: then its not actually in nix-env, double-check nix-env -q to be sure
<clever> infinisil: even if you use the same nixpkgs, that doesnt mean the paths are downloaded on both boxes
<clever> ixxie: the packages in nix-env should appear first in $PATH, double-check that the binary even exists in ~/.nix-profile/bin/
<clever> infinisil: since the libraries in the .stack-work link against paths in /nix/store, which dont exist on the 2nd machine
<clever> infinisil: sharing the homes would actually make the GC issue i mentioned worse, and happen without a GC
<clever> if the state is corrupt, you can try just blowing away .stack-work and see if it repairs itself
<clever> as long as you can confine your changes to a single cabal project
<clever> you can also nix-shell into any derivation in the tree and iterate within it
<clever> infinisil: i prefer using tools like stack2nix to convert it into proper nix expressions, then using nix-build
<clever> infinisil: stack builds are impure, and often lack GC roots, so nix is free to garbage collect things its using
<clever> ixxie: correct, that comes from systemPackages
<clever> usually i put the program name into the example
<clever> type program too, people often just type program :P
<clever> and type can reveal aliases and functions
<clever> ixxie: run the type command on it
<clever> the system couldnt handle that many forks
<clever> another was the demo repo that is in the github tutorial, the one everybody is told to fork
<clever> jD91mZM2: github told them not to, they did it anyway, and the users basically DDoS's the system with pushes :P
<clever> jD91mZM2: i'll probably never find the link to that blog thing i saw, but it had stories about things like a lottery somebody held on github, the last person push a commit before time X wins
<clever> i always put a set in my release.nix, thats what hydra requires
<clever> id always use -A with it as well
<clever> jD91mZM2: i cant find the link yet, but it was probably in https://githubengineering.com/
<clever> samueldr: you have to know what branch a given rev is on to clone it
<clever> samueldr: and this actually causes problems with pkgs.fetchgit
<clever> samueldr: the git protocol only lets you reference things that are within a branch
<clever> infinisil: git also has pack files, where it compresses things using deltas
<clever> so my fork is not magically getting objects from upstream
<clever> ive found that any time i push a PR to my fork of nixpkgs, it has to upload the last 3 months of activity
<clever> but all forks of that repo stay within the machine
<clever> jD91mZM2: there may be several repos sharing a machine
<clever> and there are points where the repo gets too big and some features start to take too long to process
<clever> and probably backups as wel
<clever> and then they have an array of those
<clever> which may also have other repos
<clever> a single repo, and all of its forks, are held on one machine
<clever> jD91mZM2: i recently saw a talk about the servers falling over from abuse
<clever> jD91mZM2: this is whats wrong with unicode in software: https://www.youtube.com/watch?v=jC4NNUYIIdM
<clever> isHavvy: but it doesnt total with the other count
<clever> CLEVER++
<clever> lol
<clever> jD91mZM2: if you have root, you can use --option to set any flag in nix.conf
<clever> colemickens: all --upgrade does is run `nix-channel --update`
<clever> PolarIntersect: nixpkgs itself may need an update first
<clever> PolarIntersect: and nixos-rebuild switch, will update the system, but it wont restart the display-manager
<clever> PolarIntersect: the display manager will source .xprofile before launching the desktop manager
<clever> yeah
<clever> and once the files are in the right sub-dir, you add it to environment.systemPackages and nixos-rebuild
<clever> mattyu: if you just want to check a package, use nix-build
<clever> mattyu: sddm only looks in /run/current-system, so neither nix-shell nor nix-env will put the files there
<clever> mattyu: take any package that contains a $out/share/sddm/themes and put it into systemPackages, and it should work
<clever> and .so files shouldnt be +x
<clever> find -name '*.so' could be used, but if you know what directory its in, you can just lib/*.so
<clever> i think **/*.so is identical to ./**/*.so
<clever> Xal: and the input paths include things like ${libPath}
<clever> Xal: the runtime closure is basically the result of greping $out for every input path
<clever> Xal: yep
<clever> that only helps if your compiling against them
<clever> and the buildInputs on the final derivation are likely un-needed
<clever> i find that makes things more readable
<clever> you could also move the libPath from its current place, to the let block where idaInstaller is
<clever> all of those should be identical to what you currently have
<clever> idaInstaller = fetchurl { url=; sha256=; executable = true; };
<clever> and line 132 checks for executable
<clever> it has a flag for just this use, lol
<clever> idaInstaller = fetchurl { url=; sha256=; recursiveHash = true; executable = true; };
<clever> oh, just noticed
<clever> just note that the hash will be different, and nix can glitch if you try to use the old hash
<clever> this should be identical to your current idaInstaller, and can be used the same way in buildFHSUserEnv
<clever> idaInstaller = fetchurl { url=; sha256=; recursiveHash = true; postFetch = "chmod +x $out"; };
<clever> which gets rid of the entire mkDerivation wrapped around it
<clever> then you can chmod +x $out in there
<clever> if you pass a postFetch string to fetchurl, it gets ran after fetching
<clever> Xal: the idaInstaller could probably be improved by adding a postfetch
<clever> up next is a PR to nixpkgs
<clever> Xal: libredirect
<clever> -d just gets rid of all old ones, --older-than has a cut-off time
<clever> there is also `nix-collect-garbage -d` and `--delete-older-than`, which delete the generations for you, then GC
<clever> to delete the newly made garbage
<clever> yeah, you still need to do a nix-collect-garbage after that
<clever> GiGa|Laptop: how did you delete the generations?

2018-05-04

<clever> Myrl-saki: that would do it
<clever> stammon: so imports can never refer to pkgs
<clever> stammon: and nixos cant compute where _module.args comes from, until it has evaluated all of the imports
<clever> stammon: the value of pkgs passed to your module comes from config._module.args.pkgs
<clever> check the console output on the ec2 instance, nixops has a cmd for that
<clever> it should just work then
<clever> Myrl-saki: resources.ec2KeyPairs.edgekey = { inherit region accessKeyId; }; or similar
<clever> Myrl-saki: is the keypair setup in the deployment file?
<clever> Xal: probably, ive not done it though
<clever> or nixops just stops using it
<clever> and you must not change the keypair name in the deployment files
<clever> Myrl-saki: if nixops created the ec2 instance, it auto-configures a keypair
<clever> Xal: a few options i can see, libredirect, find out how it is packet, or buildFHSEnv
<clever> nixops blindly passes all params after the hostname to ssh, so you can feed ssh a -v
<clever> Myrl-saki: nixops -d deployment ssh host -v
<clever> Xal: check to see what happens if you run `upx -d` on the binary
<clever> Myrl-saki: are you able to ssh to it normally?
<clever> Xal: what exactly is the program? upx?
<clever> lol
<clever> exit*
<clever> radvendii: the cursor moves 1 to the left when i edit insert mode, and there is no way to get the cursor to the position at the end of a line
<clever> Dezgeg: how else would you move the cursor while in insert mode? lol
<clever> so i cant just 5ispace<down><escape>
<clever> doesnt seem to replicate things with arrow keys in it though
<clever> needed an escape after the 0, but that does work nicely
<clever> yeah
<clever> bitcoin would be broken if anybody ever found that hash :P
<clever> but that hash is safe to use
<clever> !tofu
<clever> i can see that happening for any hash in nixpkgs
<clever> and it may mess up
<clever> that mirror doesnt include the name in the hashing
<clever> but, if the old hash is mirrored on tarballs.nixos.org
<clever> i would expect it to have a different storepath and to correctly fail if you reuse an old hash
<clever> though the tarballs.nixos.org may get in the way
<clever> i would expect that to work
<clever> was it fetchurl or fetchzip?
<clever> that was calling fetchurl
<clever> can you gist the nix expression?
<clever> and what was the old url?
<clever> what url did you give fetchurl?
<clever> if you fetchurl an http://example.com/foo-1.2.3.tar.gz, then the version is in the name
<clever> so if neither has changed, it reuses the old one
<clever> the storepath is based on the name and the sha256
<clever> yeah
<clever> thats how you escape the $
<clever> ''foo ''${bar} baz''
<clever> catern: i think you can nix-build release.nix -A build
<clever> thats what nixpkgs does with gcc
<clever> that will add every path from $buildInputs to the -rpath flags
<clever> idealy, there should be a setup hook in the cargo building stuff in nixpkgs
<clever> wrap the flags for wrapping the flags that wrap flags!
<clever> jD91mZM2: it just greps the output binaries for the input paths, and gcc does -rpath and winds up containing the pulse path
<clever> Dezgeg: yeah, that would be better, if we can pass custom flags to the rust linker
<clever> the gcc nixpkgs uses is a bash script, that sets a bunch of gcc flags to ensure the rpath is configured right
<clever> yeah
<clever> the same as if you where packaging unfree software
<clever> you probably want to use patchelf to add ${libpulseaudio}/lib to the rpath
<clever> its possible that the rust compiler lacks the rpath stuff gcc has
<clever> jD91mZM2: does ldd show it as depending on libpulse?
<clever> jD91mZM2: do you know if it uses dlopen?
<clever> let me check the rust source...
<clever> jD91mZM2: the wrapProgram call should be causing it to be a runtime dep
<clever> can you gist your code and nix expression? or post a github link
<clever> and then it becomes a runtime dependency
<clever> if you are linking to it, then gcc should put its path into the rpath field of the ELF file
<clever> but if you dont explicitely use the path of pulseaudio, and expect to find it in the env, nix wont know you depend on it
<clever> and any that are found in the output become a runtime dependency
<clever> jD91mZM2: when a build is done, nix will basically grep the output for the path of every build-time dependency
<clever> nick_l: export NIX_REMOTE=daemon i mean
<clever> nick_l: export NIX_REMOTE=local
<clever> `man configurations.nix` is auto-generated from every mkOption defined in the nixos modules
<clever> 3 actually, there is another redundant }\n\n\n{ at the top half
<clever> carl_: you have 2 attribute sets in the same file, the }\n\n{ has to be removed
<clever> infinisil: ah, that explains things
<clever> not sure then
<clever> ah
<clever> i try to only use nix-build when testing, nix-env can cause issues
<clever> if you check the build output, did it fetch the new version?
<clever> did you update the cargo.lock file?
<clever> yeah
<clever> heh, didnt know the bot did that
<clever> you need to increment a digit or 2, to make it invalid
<clever> if you use the exact hash you used before, nix will believe you and assume nothing has changed
<clever> jD91mZM2: i think your only option is to put in the wrong hash, then look at the error nix gives
<clever> bbarker: that is a dead symlink and its breaking nix
<clever> bbarker: then you want to make an override on scala-env that deletes lib/libunwind-generic.a
<clever> bbarker: uninstall scala-env using with "nix-env -e /nix/store/ykw67fndn30y4x8lqy0zqpirpg22g0sg-scala-env" and i think it will be fixed
<clever> bbarker: that is a nix 2.0 bug, you have a symlink pointing to nothing in one of your packages, and it breaks nix hard
<clever> Myrl-saki: lol
<clever> it must point to profile, not bin
<clever> bbarker: your symlink is pointing to the wrong path
<clever> bbarker: you may need to symlink .nix-profile to /nix/var/nix/profiles/per-user/brandon/profile
<clever> lrwxrwxrwx 1 clever users 45 Oct 11 2015 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
<clever> which is also not existing by default
<clever> .nix-profile is supposed to be a symlink to a profile
<clever> bbarker: nix-env will auto-create .nix-profile when you do the first nix-env -i command
<clever> bbarker: .nix-profile not existing is fairly common
<clever> bbarker: what error do you get when you try that cmd?
<clever> bbarker: nix is very likely to give you the exact same binaries and result in the same issue
<clever> bbarker: reinstall isnt likely to fix it
<clever> and then use nixos-rebuild build-vm -I nixos-config=vm.nix
<clever> you could create a new vm.nix that contains: { ... } { imports = [ /etc/nixos/configuration.nix ]; virtualisation.graphics = false; }
<clever> so you have to comment it out when not testing
<clever> but sadly, it only works under build-vm, and does not work for switch
<clever> this option sets -display for you
<clever> srl295: virtualisation.graphics = false;
<clever> but
<clever> srl295: even with xserver off, it wants to open an SDL window to render the text console
<clever> srl295: one sec
<clever> semantimancer: yep
<clever> ah
<clever> nixos-rebuild will give a clear error if it fails to apply the changes

2018-05-03

<clever> sublaunched vm ?
<clever> srl295: and youve done nixos-rebuild switch?
<clever> srl295: you need to set virtualisation.docker.enable = true; in configuration.nix
<clever> Myrl-saki: which i686 packages?
<clever> srl295: the attribute name appears to be emacs25-nox
<clever> yeah, thats a fairly common mistake, they run generate-config without /boot mounted, then mount /boot to fix other errors, but the config doesnt know of it
<clever> semantimancer: thats why it has a comment saying to avoid editing the file
<clever> semantimancer: in general, you can just run nixos-generate-config, and it will recreate hardware-configuration.nix, based on what is currently mounted
<clever> semantimancer: your /boot must be mounted when you run nixos-rebuild, and you need to add it to hardware-configuration.nix
<clever> jayq: which version of nixpkgs are you trying that on?
<clever> steveeJ: it becomes a runtime dependency, so it doesnt need a root
<clever> steveeJ: so the script that the string generates has to be deleted first
<clever> steveeJ: nix knows that the resulting derivation depends on that path and wont allow it to be deleted first
<clever> the path is based on the hash of the contents
<clever> a path to a copy of it in /nix/store/
<clever> then file1.sh is just read as-is, and the rest around the source cmd is parsed by nix
<clever> though you can also mix in ''stuff ; source ${./file1.sh} ; stuff''
<clever> steveeJ: using builtins.readFile is the simplest portable option, but then you have no substitution
<clever> steveeJ: "doublequote" strings dont treat '' specially
<clever> true
<clever> nix-repl> '' foo ''' bar'' == '' foo ${"''"} bar''
<clever> srhb: oh, nice, even simpler!
<clever> steveeJ: but maybe you just want builtins.readFile
<clever> steveeJ: but '' foo ${"''"} bar'' does
<clever> steveeJ: actually, that doesnt seem to work
<clever> steveeJ: '' foo \'\' bar''
<clever> jayq: nixos-enter will chroot and setup env vars for you
<clever> jayq: nixos-enter i think is the name
<clever> ixxie: yeah, anything using it should remake the contents
<clever> radvendii: if its running a binary cache (hydra, nix-serve), then it also shares /nix/store/ with the world
<clever> radvendii: or find an exploit in a program that allows executing commands
<clever> radvendii: yeah
<clever> radvendii: anybody with shell access can read all of /nix/store/
<clever> radvendii: you could also use a custom systemd service that reads passwords from outside the store, or generates one on the fly with pwgen and saves it to a known path
<clever> radvendii: not really
<clever> radvendii: then you want to use initialScript and normal create user with password statements
<clever> radvendii: yeah, unix sockets have a magic function where it can detect the uid of the remote end of the socket
<clever> radvendii: so those account names exist in both linux and mysql
<clever> radvendii: ahh, and it uses the unix username of the remote peer on the unix socket for auth
<clever> radvendii: and optionally grant commands as well
<clever> radvendii: it runs a bunch of `create user if not exists` queries on the daemon, for each user
<clever> jayq: nix-enter and nixos-rebuild boot
<clever> jD91mZM2: i just configure it with xfce after i login