2018-03-17

<clever> fendor: thats your problem
<clever> fendor: oops, without the strailing /
<clever> fendor: and what does ls -l ~/.nix-profile/ say?
<clever> output*
<clever> fendor: can you run `tree /nix/var/nix/gcroots/` and gist the outout?
<clever> fendor: nix-env cant control /etc
<clever> fendor: nix-env -q to see everything youve installed
<clever> so the URL to the file was simply different
<clever> i had the repo cloned on 2 machines, with ssh open to both, on different branches
<clever> and managed to get a different hash the 2nd time thru
<clever> octe: i did the same thing lastnight while trying to figure out why a file hash was wrong
<clever> thblt: ^^
<clever> fendor: nix-env completely ignores the nix-shell and the packages persist after leaving it

2018-03-16

<clever> ah
<clever> why are the store files 10gig in size?
<clever> swap helps
<clever> Lisanna: it will use less ram once its done transfering the file
<clever> Lisanna: nix has to convert the entire storepath into a single std::string and copy it once or twice
<clever> probably
<clever> ottidmes: yep
<clever> tilpner: the ABI would also have to be compatible
<clever> ottidmes: the public and private should be in there
<clever> ottidmes: you can also view them with `nixops export | jq something`
<clever> and overriding openssl = pkgs.libressl causes infinite recursion in curl (can be fixed) and rebuilds half the world
<clever> ThatPako: boot.kernelPackages = pkgs.linuxPackages_4_15;
<clever> ThatPako: or xkbOptions
<clever> and it will handle the load balancer and cluster size
<clever> ottidmes: you can just give aws an AMI id, and a port, and just say go!
<clever> ottidmes: yeah, if i wanted it more dynamic, i would use nix to generate an AMI, then setup aws auto-scaling
<clever> so i could just crank the size up&down all i need
<clever> and with `nixops deploy --allow-destroy` i think, it will automatically terminate any extras
<clever> i can just `nixops modify --arg nodes 20` to bump it up to 20 machines
<clever> ottidmes: this auto-generates `nodes` machines in aws
<clever> ottidmes: i have written nixops deployments that just accept a number of nodes, and dynamically generate that many
<clever> Slabity: you may also need to patch the build scripts to not do that
<clever> ottidmes: even for the none backend
<clever> ottidmes: yeah, it starts to have trouble when you get to 100 machines in a single deployment
<clever> Slabity: you may need to chmod -R +w the src after you copy it in
<clever> i just say "give me 10 machines, now!" and it does it, lol
<clever> so i dont even have to deal with generating more machines and copying ip's around
<clever> ottidmes: the biggest benefit i can see with ec2 vs none, is that nixops manages the creation of the entire vm
<clever> ec2 has its own fun corner cases to be aware of
<clever> and each backend handles the keypairs differently
<clever> ottidmes: you will need to dig the nixops key out of /etc/sshd/authorized_keys.d/root and then manualy give it access
<clever> so even if the state is lost, i can just create a new deployment with the same .nix files, and it will connect to the same machines
<clever> all of my personal nixops stuff is with the none backend
<clever> maurer: currently none
<clever> any time you do that, nixops will loose access
<clever> that replaces configuration.nix with a file that throws an error, so you cant nixos-rebuild
<clever> ottidmes: also, consider adding this file to the nixops config: https://github.com/cleverca22/nixos-configs/blob/master/nixops-managed.nix
<clever> run an ssh-agent like i said, and add a key that has access, and the deploy will be able to fix it
<clever> that deleted the nixops key
<clever> ah
<clever> has the version of nixos on the remote machine changed?
<clever> so as long as the machine is running the nixos that nixops made, it will have access
<clever> ottidmes: it will then inject that key into the nixos config it generates and deploys
<clever> ottidmes: when you first create the machine, nixops generates a keypair on line 59
<clever> ottidmes: this is the code that sets the -i: https://github.com/NixOS/nixops/blob/master/nixops/backends/none.py#L74-L84
<clever> ottidmes: ah, the none target
<clever> ottidmes: what is the targetEnv for this machine?
<clever> ottidmes: run an ssh agent
<clever> ottidmes: that keypair is stored inside the nixops state file, and it deletes the tempfile after the ssh fails
<clever> Slabity: check to see if it can auto-detect the dep already being at the right path
<clever> ottidmes: the -v gets passed to ssh, and then you can get ssh debug
<clever> ottidmes: you can also try `nixops ssh -d foo bar -v`
<clever> ottidmes: you need to fire up an ssh agent, which leaks in and makes it work
<clever> ottidmes: nixops sets a -i flag that changes the private key in use
<clever> ottidmes: when you ssh, is that with or without nixops?, and is it using ~/.ssh/id_rsa ?
<clever> coconnor: and then file a PR against nix-serve
<clever> coconnor: if you modify nix-serve to remove a decode, it should be fixed
<clever> coconnor: so the api of the perl helpers was likely changed in a way that breaks nix-serve
<clever> coconnor: this is a 2 year old change, but that would explain the problem
<clever> and then after you base64_decode, you feed it binary, which breaks
<clever> maybe the perl code for signing was updated to expect base64?
<clever> something is obviously broken
<clever> wtf
<clever> infinisil: in shiftlock mode, it even effects anything that shift effects
<clever> infinisil: i was playing with xkb a week ago, and found that i could turn capslock into shiftlock
<clever> in the 701 case, you can turn it on/off from software under /sys
<clever> gchristensen: ive noticed the same with the asus eeepc 701, when i repurposed the usb for the camera as a serial port
<clever> gchristensen: the webcam one appears to entirely unplug the usb camera, udev and lsusb claim it was unplugged
<clever> gchristensen: everything else is obvious from the graphics
<clever> infinisil: perhaps your missing the thawte ca?
<clever> gchristensen: fn+1 is the fan, fn+f1 is the touchpad
<clever> gchristensen: oh, those, yeah, no list yet
<clever> gchristensen: it just works
<clever> gchristensen: which ones?
<clever> infinisil: its a thawte cert on my end
<clever> so this motherboard&case may also be used in models other then the "kudu" that have a gpu option
<clever> infinisil: but there is no gpu choice on the site
<clever> infinisil: oddly, there is a noticable void where a gpu would fit: https://imgur.com/a/hMY9A
<clever> infinisil: the intel ME is disabled on my processor, and there is no GPU option for this model
<clever> infinisil: ive got a https://system76.com/laptops/kudu
<clever> https://github.com/sindresorhus/touch-bar-simulator there is also a simulator for it
<clever> thats an example of how to use the touchbar from inside electron
<clever> Yaniel: it would also rely on the touchbar being able to access the wifi hardware directly, i dont know how the motherboard is wired up
<clever> yeah, i need to feel the shape of keys to push them
<clever> boomshroom: also, in theory, the touchbar can run even with the main cpu shutdown, so you could potentially get things like email notifications
<clever> boomshroom: i recently discovered that electron has support for it, but i suspect it doesnt carry over to linux on a macbook
<clever> i think its basically an ipod touch that has stolen the place of the F1-F12 keys
<clever> infinisil: he has the model with the touchbar, which is basically a whole ipod touch, lol
<clever> infinisil: https://gist.github.com/roadrunner2/1289542a748d9a104e7baec6a92f9cd7 claims to fix it, but i havent gotten around to translating it into nix
<clever> infinisil: ive also recently helped somebody install nixos onto a newer macbook, and anoyingly, nixos lacks drivers for both the mouse and keyboard
<clever> so the laptop either has ipv6 via the router, or nothing
<clever> so i cant run 2 gateway sessions from home
<clever> one thing ive been anoyed by, is that my isp has no v6 support, and the v6 gateway i'm using cant share an ip
<clever> try default and see what happens
<clever> hmmm, yeah, i'm not sure
<clever> maybe not default
<clever> sphalerite: also, mess with ping6 on every possible route, while tcpdumping each IF, to see if the reply is taking the correct path
<clever> sphalerite: i think you need to check `ip -6 route` and confirm a src is on each route
<clever> xterm hasnt had any of these issues
<clever> sphalerite: for others, it wraps the paste in unprintable characters
<clever> sphalerite: for some programs (i think readline interactions) it pasts fine
<clever> sphalerite: i recently discovered that xfce terminal behaves very weirdly with middle click
<clever> id say nix-serve needs to be updated
<clever> yep
<clever> the daemon key isnt trusted, only the serve key
<clever> that would likely also explain why nix-serve works perfectly, but `nix copy` didnt
<clever> so nix daemon and nix-serve are using different keys
<clever> i forgot i had a keypair, and made a 2nd keypair
<clever> different secrets and names
<clever> for me
<clever> coconnor: everything works perfectly, and the keys are owned by different users
<clever> coconnor: though while checking the key format, i discovered that i have 2 keys for this machine, i need to fix that
<clever> coconnor: yes, it works fine on my machine
<clever> MagnificentPako: try something simple, just enable xfce and see what happens
<clever> MagnificentPako: ah, then vsync is working, and you likely have the gpu drivers working properly
<clever> MagnificentPako: what kind of fps does it report?
<clever> MagnificentPako: it has to be ran as the user that is currently logged in
<clever> MagnificentPako: it has to be ran from a terminal inside the xorg to inherit $DISPLAY
<clever> MagnificentPako: how did you run it?
<clever> coconnor: yep, line 39 split the string at the :
<clever> coconnor: and where did $secretKey come from?
<clever> coconnor: mine is in the form of name:base64, with the usual trailing == on the base64
<clever> MagnificentPako: nix-shell -p glxinfo
<clever> kini, MagnificentPako: also of note, with glxgears, a lower fps is actually better, 300fps means its just going nuts with cpu rendering, but 60 fps means its doing proper vsync and gpu rendering
<clever> MagnificentPako: the above cmd gives you the full logs
<clever> MagnificentPako: journalctl -u display-manager
<clever> foldingcookie: id say get rid of all of the nixpkgs channels, they are only going to cause confusion
<clever> foldingcookie: nixos requires a channel called nixos
<clever> check `nix-channel --list` both with and without root
<clever> one called nixos and one called nixpkgs
<clever> foldingcookie: you have 2 channels
<clever> foldingcookie: the attribute is zathura but the name is zathura-with-plugins
<clever> nixos.zathura zathura-with-plugins-0.3.8
<clever> foldingcookie: this finds it
<clever> foldingcookie: nix-env -qaP '.*zathura.*'
<clever> GuillaumeBuisson: what command appears to use a lot of resources?
<clever> foldingcookie: without the --description flag
<clever> "A highly customizable and functional PDF viewer"
<clever> nix-repl> zathura.meta.description
<clever> foldingcookie: try nix-env -iA nixos.zathura
<clever> foldingcookie: the package name shouldnt be in the description
<clever> i forget the exact params it uses
<clever> after you enable unfree, the nix-env -q tool can search for unfree things
<clever> ah, it doesnt mention
<clever> MagnificentPako: did you check the wiki page sphalerite linked?
<clever> MagnificentPako: also, the discord app is just electron, which is just chromium :P
<clever> MagnificentPako: nix-env -iA nixos.discord
<clever> audio capture also stops working if you leave it open for 2 days
<clever> it is
<clever> ottidmes: lol
<clever> ottidmes: same
<clever> disasm: that has always driven me nuts with xfce-term, i keep doing ctrl+alt+c in chrome, lol
<clever> to manually run the old chromes without changing the OS at all
<clever> you can just go thru every X in /nix/var/nix/profiles/system-X-link/sw/bin/chromium
<clever> mojjo: in your case, nixos rollbacks where not needed at all
<clever> all updates will cease, but it will keep working
<clever> mojjo: so now my user ignores the chrome installed in the system, and always uses that version 1.2.3
<clever> mojjo: what ive done, is find the path to chrome (type chromium) then just nix-env -i /nix/store/<hash>-chromium-1.2.3
<clever> mojjo: yeah, work you way from 50 to the latest and see what the newest one that works is
<clever> try /nix/var/nix/profiles/system-30-link/bin/switch-to-configuration test
<clever> it shouldnt be building anything when doing a rollback
<clever> mojjo: what output did nixos-rebuild give when you ran that command?
<clever> mojjo: such as?
<clever> mojjo: i believe test alone is enough for the chrome problem
<clever> kitemikaze: that would allow you to perform rollbacks and undo what nixops did
<clever> kitemikaze: i havent tested it recently, but that should enable serial in grub
<clever> boot.loader.grub.extraConfig = "serial --speed=9600 --unit=0 --word=8 --parity=no --stop=1"
<clever> kitemikaze: does scaleway offer a serial console?
<clever> kitemikaze: you need to look at the hardware-configuration.nix that nixos-generate-config made, and add the right entries to nixops, or nixops wont know how to boot the machine
<clever> kitemikaze: something has to be added to the boot.initrd.availableKernelModules to give it access to the rootfs
<clever> kitemikaze: and if it fails, just wait for the hour to end
<clever> kitemikaze: first thing, is that the kexec image will reboot itself at the top of the hour, so you can just run it, and see what happens
<clever> kitemikaze: nope

2018-03-15

<clever> boomshroom: it could also be your ram
<clever> boomshroom: it sounds like your hdd is failing, and linux switched to read-only to prevent corruption
<clever> boomshroom: check near the top of dmesg, if its not lost already
<clever> nix-build always makes a result symlink pointing to the result
<clever> tobiasBora: which output file?
<clever> tobiasBora: you can tell tar to skip writing that, or just unpack it to a tempdir and move what you wanted
<clever> boomshroom: what does dmesg say?
<clever> storeContents = [ { object = nix; symlink = "/nix_link"; }];
<clever> so you need to name it something else
<clever> the intention was to have a /nix symlink to tell you what path nix is at, but it conflicts with the /nix/store directory
<clever> that will probably break hard
<clever> yeah
<clever> so you dont have to stare into a pile of 200 storepaths, and guess which one you want
<clever> tobiasBora: but it also has a symlink (/kexec_nixos in the above example), that points into the store
<clever> tobiasBora: it still has a normal /nix/store directory
<clever> so scripts that consume the tar know what the storepath is
<clever> tobiasBora: it creates a symlink at the root of the tar, pointing to the storepath you configured
<clever> shlevy: dang!, a rebuild-switch temporarily disables binfmt-misc, causing builds to break
<clever> alhariel: try a / instead of a .
<clever> Myrl-saki: so the variable doesnt really have a purpose
<clever> Myrl-saki: line 179, its hard-coded to ./Setup
<clever> Myrl-saki: ahh right
<clever> foldingcookie: thats what $PATH points to
<clever> Myrl-saki: haskell.mkDerivation runs Setup.hs automatically
<clever> foldingcookie: i'm not sure, id consider its existance a bug
<clever> i dont think /run/current-system/sw/lib should even exist
<clever> you need to know what packages it depends on, so its simpler to just write the nix expressions
<clever> ld.so isnt even at the normal path
<clever> foldingcookie: /run/current-system/sw/lib isnt in the default search path
<clever> foldingcookie: they need to be patchelf'd
<clever> foldingcookie: why do you want libraries in that directory?
<clever> boomshroom: try test instead of switch
<clever> boomshroom: did you go back to an old enough generation?
<clever> boomshroom: as root
<clever> that would perform a rollback to version 359
<clever> for example
<clever> /nix/var/nix/profiles/system-359-link/bin/switch-to-configuration switch
<clever> boomshroom: you may need to dig into /nix/var/nix/profiles/system, find the previous generation, and run its bin/switch-to-configuration switch
<clever> Myrl-saki: runhaskell Setup.hs
<clever> boomshroom: you can use the x86 nix to build arm packages
<clever> tobiasBora: the override in the 2nd last comment effects nix, so you would need to nix-env -iA nixpkgs.nix to install it with those changes
<clever> foldingcookie: the packages put in systemPackages
<clever> shlevy: ive also found riscv64.busyboxMinimal in the stdenv area, but now i'm out of disk space
<clever> ah, and the nixos module doesnt have that wrapper built into it
<clever> and the nixos module for binfmtMiscRegistrations doesnt support that?
<clever> ah
<clever> shlevy: what does the wrapper do that matchCredentials doesnt?
<clever> the module i linked uses that to configure everything
<clever> including nix
<clever> shlevy: did you make boot.binfmtMiscRegistrations ?, it has an option for that
<clever> shlevy: i want to test qemu-user for riscv32 and riscv64
<clever> ottidmes: i would just do mkdir -pv and then chown -R
<clever> it can detect when services are changed and restart them for you
<clever> nixos-rebuild did that automatically
<clever> i havent restarted once
<clever> disasm: i dont think there is an easy way to do that
<clever> thats the 2nd option
<clever> leotaku: one option, is to put that 2nd program into the buildInputs,and then do $(which foo) in the build scripts/hooks, and embed that path
<clever> qknight: also, `nix copy-sigs` can download signatures from cache.nixos.org, so you can copy things you didnt make, without having special trust setup
<clever> qknight: its named a little differently then the haskell variant
<clever> nix-repl> python3.withPackages (ps: with ps; [ websockets ])
<clever> qknight: pythonWithPackages
<clever> coconnor: you need to use `nix sign-paths` to sign things that came from before then
<clever> coconnor: and it only applies to things built after the setting it added
<clever> coconnor: i think root-only
<clever> qknight: why would you want to?
<clever> sphalerit: i already checked the bootstrap busybox's in nixpkgs
<clever> tilpner: ive already deleted that 2nd section, not yet pushed
<clever> sphalerit: do you happen to have some staticly linked riscv binaries?
<clever> tilpner: i deleted them from the main qemu-user package, the register script is no more
<clever> sphalerit: its now just a qemu-user.arm = true; and it works, even in nix
<clever> sphalerit: this configures everything
<clever> sphalerit: ive taken it to new extremes
<clever> tilpner: i think sphalerite was working on getting that nix patch upstreamed
<clever> paraseba: `nix copy --no-check-sigs` and the receiving user being trusted (root is trusted) lets you bypass
<clever> boomshroom: ok, i now have riscv qemu-user's, now i need a riscv binary
<clever> paraseba: nix-serve is due for a rewrite, it doesnt use the new signature stuff in nix 2.0
<clever> paraseba: can the nix-serve user read the private?
<clever> ive had no issues with nix-serve on this end
<clever> paraseba: if you generate a new set, and compare the keys visualy, do they appear to be similar in format?
<clever> the github url's are burned into my brain
<clever> boomshroom: that part was a paste, but the rest of the url was by hand :P
<clever> paraseba: was the key generated by nix-store?
<clever> boomshroom: also, what is wrong with me, i typed that whole thing by memory! :P
<clever> boomshroom: you need to use (import <nixpkgs>{}).fetchFromGitHub or builtins.fetchTarball (which supports a sha256 in nix2)
<clever> boomshroom: ahh yeah, that problem, nixos has to fully parse all imports, before it can do anything with pkgs
<clever> paraseba: i think you need to be a trusted user or root to use that kind of option
<clever> boomshroom: can you gist your configuration.nix file?
<clever> does --show-trace help?
<clever> riscv32-linux-user.mak
<clever> mak_wilds="${mak_wilds} $source_path/default-configs/*-linux-user.mak"
<clever> the import
<clever> boomshroom: i got that when i didnt use ()
<clever> now i just need to figure out what qemu calls it
<clever> ERROR: Unknown target name 'riscv-linux-user'
<clever> boomshroom: and with this, i can apply an overlay just for a single build
<clever> [clever@system76:~/nixos-configs]$ nix-build '<nixpkgs>' -A qemu-user-riscv --arg overlays '[ (import ./overlays/qemu-user.nix) ]'
<clever> [clever@system76:~/iohk/nix-hs-hello-windows]$ WINEARCH=win64 WINEPREFIX=/home/clever/prefix-2018-03-05 wine result/bin/hs-hello.exe
<clever> [clever@system76:~/iohk/nix-hs-hello-windows]$ nix-env -i -E '{ ... }: with import <nixpkgs> {}; wine.override { wineBuild = "wineWow"; }'
<clever> boomshroom: it needs a special flag
<clever> lets see what happens if i just throw nix at it
<clever> i see tests for TARGET_RISCV64 but nothing that sets it