<clever>
ixxie: now look inside the build attribute
<clever>
both nix and nixops have the same pattern
<clever>
ixxie: oh, didnt read the tarball name that closely
<clever>
ixxie: also, why are you trying to nix-env the master of nix?
<clever>
drakonis: 18.03 defaults to nix 2
<clever>
`nix repl` is linked against nix2, and auto-detects the daemon
<clever>
nix-repl is linked against nix1 and requires `export NIX_REMOTE=daemon`
<clever>
ixxie: use `nix repl` not `nix-repl`
<clever>
ixxie: try doing `foo = import ./release.nix {}` and then `foo` in `nix repl` to see what attributes it has
<clever>
ixxie: you need to add -A something, and point it to a derivation that contains the binary
<clever>
ixxie: you installs the tarball containing the source, not nix itself
<clever>
infinisil: ah, yeah, id expect that to work then, maybe config.nix and overrides?
<clever>
ixxie: then its not actually in nix-env, double-check nix-env -q to be sure
<clever>
infinisil: even if you use the same nixpkgs, that doesnt mean the paths are downloaded on both boxes
<clever>
ixxie: the packages in nix-env should appear first in $PATH, double-check that the binary even exists in ~/.nix-profile/bin/
<clever>
infinisil: since the libraries in the .stack-work link against paths in /nix/store, which dont exist on the 2nd machine
<clever>
infinisil: sharing the homes would actually make the GC issue i mentioned worse, and happen without a GC
<clever>
if the state is corrupt, you can try just blowing away .stack-work and see if it repairs itself
<clever>
as long as you can confine your changes to a single cabal project
<clever>
you can also nix-shell into any derivation in the tree and iterate within it
<clever>
infinisil: i prefer using tools like stack2nix to convert it into proper nix expressions, then using nix-build
<clever>
infinisil: stack builds are impure, and often lack GC roots, so nix is free to garbage collect things its using
<clever>
ixxie: correct, that comes from systemPackages
<clever>
usually i put the program name into the example
<clever>
type program too, people often just type program :P
<clever>
and type can reveal aliases and functions
<clever>
ixxie: run the type command on it
<clever>
the system couldnt handle that many forks
<clever>
another was the demo repo that is in the github tutorial, the one everybody is told to fork
<clever>
jD91mZM2: github told them not to, they did it anyway, and the users basically DDoS's the system with pushes :P
<clever>
jD91mZM2: i'll probably never find the link to that blog thing i saw, but it had stories about things like a lottery somebody held on github, the last person push a commit before time X wins
<clever>
i always put a set in my release.nix, thats what hydra requires
<clever>
srl295: even with xserver off, it wants to open an SDL window to render the text console
<clever>
srl295: one sec
<clever>
semantimancer: yep
<clever>
ah
<clever>
nixos-rebuild will give a clear error if it fails to apply the changes
2018-05-03
<clever>
sublaunched vm ?
<clever>
srl295: and youve done nixos-rebuild switch?
<clever>
srl295: you need to set virtualisation.docker.enable = true; in configuration.nix
<clever>
Myrl-saki: which i686 packages?
<clever>
srl295: the attribute name appears to be emacs25-nox
<clever>
yeah, thats a fairly common mistake, they run generate-config without /boot mounted, then mount /boot to fix other errors, but the config doesnt know of it
<clever>
semantimancer: thats why it has a comment saying to avoid editing the file
<clever>
semantimancer: in general, you can just run nixos-generate-config, and it will recreate hardware-configuration.nix, based on what is currently mounted
<clever>
semantimancer: your /boot must be mounted when you run nixos-rebuild, and you need to add it to hardware-configuration.nix
<clever>
jayq: which version of nixpkgs are you trying that on?
<clever>
steveeJ: it becomes a runtime dependency, so it doesnt need a root
<clever>
steveeJ: so the script that the string generates has to be deleted first
<clever>
steveeJ: nix knows that the resulting derivation depends on that path and wont allow it to be deleted first
<clever>
the path is based on the hash of the contents
<clever>
a path to a copy of it in /nix/store/
<clever>
then file1.sh is just read as-is, and the rest around the source cmd is parsed by nix
<clever>
though you can also mix in ''stuff ; source ${./file1.sh} ; stuff''
<clever>
steveeJ: using builtins.readFile is the simplest portable option, but then you have no substitution
<clever>
steveeJ: "doublequote" strings dont treat '' specially
<clever>
steveeJ: but maybe you just want builtins.readFile
<clever>
steveeJ: but '' foo ${"''"} bar'' does
<clever>
steveeJ: actually, that doesnt seem to work
<clever>
steveeJ: '' foo \'\' bar''
<clever>
jayq: nixos-enter will chroot and setup env vars for you
<clever>
jayq: nixos-enter i think is the name
<clever>
ixxie: yeah, anything using it should remake the contents
<clever>
radvendii: if its running a binary cache (hydra, nix-serve), then it also shares /nix/store/ with the world
<clever>
radvendii: or find an exploit in a program that allows executing commands
<clever>
radvendii: yeah
<clever>
radvendii: anybody with shell access can read all of /nix/store/
<clever>
radvendii: you could also use a custom systemd service that reads passwords from outside the store, or generates one on the fly with pwgen and saves it to a known path
<clever>
radvendii: not really
<clever>
radvendii: then you want to use initialScript and normal create user with password statements
<clever>
radvendii: yeah, unix sockets have a magic function where it can detect the uid of the remote end of the socket
<clever>
radvendii: so those account names exist in both linux and mysql
<clever>
radvendii: ahh, and it uses the unix username of the remote peer on the unix socket for auth
<clever>
radvendii: and optionally grant commands as well
<clever>
radvendii: it runs a bunch of `create user if not exists` queries on the daemon, for each user