<clever>
thats because they havent documented how to configure things right
<clever>
disasm: also, if you take a look at the graph, my nixos router is running a pppoe daemon on vlan 35, back-feeding into vlan 35 of the isp router
<clever>
and it updates the image you see in the gist! (just f5)
<clever>
should be trivial, just copy the nix-daemon.socket unit and nix-daemon.service
<clever>
yeah, systemd would keep the socket open and queue them up, then relaunch the daemon
<clever>
yeah, no new connections can be formed during that time
<clever>
so you can track down who is using that slave
<clever>
the slaves also put the pid of their client into argv[1]
<clever>
as an example, check "ps -eH x" while a build is running
<clever>
yep
<clever>
so you may not need to do anything
<clever>
and the parent can die without impacting an in-progress build
<clever>
catern: oh, and also, whenever you do connect to nix-daemon, it forks off a worker slave for that connection
<clever>
catern: under nixos, there is systemd socket activation, where systemd handles listening and creation of /nix/var/nix/daemon-socket/socket and it will launch nix-daemon upon the first connection
<clever>
the wan side could be the original router, for double nat
<clever>
manually plug 1 machine directly into the new router
<clever>
and iptables mutates the from ip along the way
<clever>
the forwarding option in the kernel then tries to blindly obey the routing table
<clever>
so packets arrive at the gateway, with the gateway mac, but 8.8.8.8 as the ip
<clever>
yeah, when using a gateway, you set the destination to the mac of the gateway, but leave the ip as-is
<clever>
disasm: also, are you aware of how gateways work at the mac/ip layer?
<clever>
disasm: to confirm, use a filter of 'arp or icmp' on tcpdump
<clever>
disasm: using ping like that forces it to not use a gateway
<clever>
and nobody owns it, so it fails at the arp level
<clever>
it has to use ARP to ask the local network who owns 8.8.8.8
<clever>
disasm: pings to which machine?
<clever>
and have you restarted nix-daemon after adding the cache to nix.conf?
<clever>
catern: do you know how to query the narinfo files?
<clever>
catern: what path is it not finding, on which cache?
<clever>
disasm: another thing that helps, start pinging 8.8.8.8 from a machine on vlan 33, then `tcpdump -v -i lan_port -n -p`, and see what shows up
<clever>
disasm: can you also gist the ip addr of the nixos machine?
<clever>
adding that to the buildInputs should fix it
<clever>
pie_: anything above that, like an error from gcc itself?
<clever>
i'm using a tunnel, no native support from the ISP
<clever>
which reminds me, i never fixed it after that power outage
<clever>
disasm: yeah, but thats handled in a half manual way
<clever>
so enp4s2f0 is the result of all vlan's merged and tag-less, and wan is just vlan 35, filtered and tagless
<clever>
that caught me off guard when debuging
<clever>
i think wireshark can see the tags though, it uses different flags for capture
<clever>
oh, and normal tcpdump gets the packets after they passed thru the networking stack, and the enp4s2f0 interface gets all packets, tagged or not, and the networking stack strips the tags
<clever>
yeah
<clever>
in the example you typed, i believe it will create an interface called "lan"
<clever>
bgamari: if you just want a kernel + initrd, and dont care about them being managed by nix, you can copy them from a derivation to /boot in the image
<clever>
bgamari: you would need to setup a /nix in the image and copy things into it with nix copy
<clever>
sphalerite: there are ways to generate a fake backup from a closure
<clever>
sphalerite: you need to import a backup of the db.sqlite, one min
<clever>
toogley: try incrementing one of the digits in the hash
2017-12-08
<clever>
and then throw some malloc in that
<clever>
it would probably be simpler to make a special purpose cpu that runs a custom assembly
<clever>
:D
<clever>
no dedup within the heap/thunks
<clever>
but bumping it up like that is more of a stop-gap, ive seen it consume as much as 20gig of ram, just to eval a nixops deployment
<clever>
gchristensen: i just set it to insanely large numbers, lol
<clever>
that should easily handle 10 instances
<clever>
lol
<clever>
gchristensen: how much ram on the machine?
<clever>
gchristensen: at around 40-50 instances, it can easily OOM a system
<clever>
gchristensen: how many?
<clever>
gchristensen: ah
<clever>
where did that overlays variable come from?
<clever>
but if there is an infinite loop
<clever>
yeah
<clever>
so it prints something every time you fetch the overlays
<clever>
oh, try adding a builtins.trace in that area
<clever>
i think that one uses nixpkgs.overlays, not the global ones
<clever>
and if the values of the overlays depend on nixpkgs
<clever>
gchristensen: are you importing nixpkgs anywhere?
<clever>
gchristensen: any chance it might be an infinite loop?
<clever>
LnL: oh, but that may not get the dep graphsd
<clever>
LnL: havent used it before, but i remember seeing it somewhere, the source should say more
<clever>
something like --register-validity
<clever>
LnL: i think there is a nix command to force a path to be considered valid
<clever>
gchristensen: sure
<clever>
i have been considering making something with haskell and curses
<clever>
error: Package ‘storebrowse-20130318212204’ in /nix/store/q71jxrnm2a49s8hzfirm4ssri1x0lqqg-nixos-18.03pre118328.6d86fcb86d/nixos/pkgs/tools/system/storebrowse/default.nix:6 is marked as broken, refusing to evaluate.
<clever>
vcunat: and this sorts everything by size
<clever>
[clever@amd-nixos:~]$ du -hc --max=1 /nix/store/ | sort -h
<clever>
vcunat: there is also "nix-store -q --roots /nix/store/foo" to find out what is keeping something
<clever>
berce: nix-store --delete will obey roots and only allow deleting garbage
<clever>
Lisanna: it used to be simpler, but has grown over time
<clever>
the sandbox is optional, but controlled by a different flag
<clever>
nix-build always wipes the environment
2017-12-07
<clever>
ive even seen @users turn into "null" the first time they get referenced, when viewed from the irc gateway
<clever>
ive seen signs that the usernames are loaded in an async manner
<clever>
i would have expected it to handle things better
<clever>
ouch
<clever>
gchristensen: whats bad about it?
<clever>
sphalerite: and line 21 will map makeRow over every row in a list
<clever>
sphalerite: line 39 is a list of tuples, of string, and function from row -> string, and line 46 will map over that list of tuples to make each row in a latex table
<clever>
infinisil: let me grab 2 examples ive done
<clever>
infinisil: ffmpeg can accept a list of images directly, rather then recording from something
<clever>
hyper_ch: boot.loader.grub.devices accepts a list
<clever>
infinisil: ive done some crazy things with latex and pdf stuff in nix, a dozen derivations (generated with a loop) to extract sections of a pdf file into xml, then another dozen to turn the xml into sqlite, and then another to merge it all into one ...
<clever>
infinisil: what about just having a second derivation that does the math?
<clever>
petersjt014[m]: you can check /etc/group to see all groups that are currently valid
<clever>
jasom: its a problem with nix unstable, in the propagated inputs
2017-12-05
<clever>
ah
<clever>
but if you keep the signatures, you can verify those hashes at a later date, and detect that
<clever>
given root, i could trojan every binary in your store, then fix db.sqlite to claim they are perfectly fine
<clever>
if you store the signatures after downloading, you can verify that a given storepath hasnt been tamperd with
<clever>
ive also had another idea on improving it further
<clever>
and once verified, they go into the trash
<clever>
and are only checked in one or 2 spots
<clever>
the signatures look like a tacked-on extra
<clever>
and all hydra's re-sign everything they share
<clever>
all signatures are lost after download
<clever>
sphalerite: --restore is like `tar -xf` and lacks the <hash>-<name> part of the paths
<clever>
sphalerite: you will need to know the original name, and have root
<clever>
akfp: depends on which fetch function nix is using
<clever>
:D
<clever>
"D
<clever>
and that only works for fixed-output things, not nar's
<clever>
akfp: not on its own, youll have to manually download it with something else, then nix-store --add-fixed sha256 ./foo.tar.gz
<clever>
its nix-store that hashes it, then tells nix-daemon the hash, and streams it over
<clever>
nix-daemon isnt usually involved
<clever>
it might be fixed in master, not sure
<clever>
sphalerite: and the old code just did that via a char[]
<clever>
sphalerite: you need to hash the NAR form of the entire thing before you know where to put it in the store
<clever>
but not how
<clever>
nix says dontDistribute was applied to wineUnstable
<clever>
thats puzzling
<clever>
joepie91: why are you on wineFull rather then wine?
<clever>
joepie91: aha, this package is specially flag for hydra to ignore
<clever>
nix-repl> wineFull.meta.hydraPlatforms
<clever>
[ ]
<clever>
absent
<clever>
joepie91: what is the value of the hydraPlatforms option on it?
<clever>
it may also leave it in the current state at rmmod, and fbcon makes rmmod difficult
<clever>
joepie91: a quick skim thru the source confirms, the option is only read in several init functions