2017-12-11

<clever> thats because they havent documented how to configure things right
<clever> disasm: also, if you take a look at the graph, my nixos router is running a pppoe daemon on vlan 35, back-feeding into vlan 35 of the isp router
<clever> and it updates the image you see in the gist! (just f5)
<clever> that also means i can fix a small detail, and `gist -p disasm.dot network.dot network.svg compile -u https://gist.github.com/84e8794d3b050f61bd865ca2aa8d8752`
<clever> that saves a lot of time
<clever> also wow, i didnt know gist could render svg files
<clever> disasm: what have you done to me? lol, i was going to head to bed, now i need to render a graph of my entire network setup....
<clever> so the daemon doesnt run on boot, only te socket
<clever> and i notice that the .service isnt directly tied to multi-user.target
<clever> just read the 2 files on nixos, and set them up such that they can run nix-daemon with the right env
<clever> [clever@amd-nixos:~]$ cat /etc/systemd/system/nix-daemon.socket
<clever> should be trivial, just copy the nix-daemon.socket unit and nix-daemon.service
<clever> yeah, systemd would keep the socket open and queue them up, then relaunch the daemon
<clever> yeah, no new connections can be formed during that time
<clever> so you can track down who is using that slave
<clever> the slaves also put the pid of their client into argv[1]
<clever> as an example, check "ps -eH x" while a build is running
<clever> yep
<clever> so you may not need to do anything
<clever> and the parent can die without impacting an in-progress build
<clever> catern: oh, and also, whenever you do connect to nix-daemon, it forks off a worker slave for that connection
<clever> catern: under nixos, there is systemd socket activation, where systemd handles listening and creation of /nix/var/nix/daemon-socket/socket and it will launch nix-daemon upon the first connection
<clever> the wan side could be the original router, for double nat
<clever> manually plug 1 machine directly into the new router
<clever> and iptables mutates the from ip along the way
<clever> the forwarding option in the kernel then tries to blindly obey the routing table
<clever> so packets arrive at the gateway, with the gateway mac, but 8.8.8.8 as the ip
<clever> yeah, when using a gateway, you set the destination to the mac of the gateway, but leave the ip as-is
<clever> disasm: also, are you aware of how gateways work at the mac/ip layer?
<clever> disasm: to confirm, use a filter of 'arp or icmp' on tcpdump
<clever> disasm: using ping like that forces it to not use a gateway
<clever> and nobody owns it, so it fails at the arp level
<clever> it has to use ARP to ask the local network who owns 8.8.8.8
<clever> disasm: pings to which machine?
<clever> and have you restarted nix-daemon after adding the cache to nix.conf?
<clever> catern: do you know how to query the narinfo files?
<clever> catern: what path is it not finding, on which cache?
<clever> disasm: another thing that helps, start pinging 8.8.8.8 from a machine on vlan 33, then `tcpdump -v -i lan_port -n -p`, and see what shows up
<clever> disasm: can you also gist the ip addr of the nixos machine?
<clever> disasm: https://imgur.com/a/bebAZ version 2
<clever> disasm: ive recently been messing with graphviz and dot, and now every problem looks like a use for dot, lol
<clever> disasm: https://imgur.com/a/aTpL3
<clever> disasm: let me grab dot, lol
<clever> oh wait, no, there is a 3rd IF in play...
<clever> disasm: oh, wait, i see an issue, your using br0 to link the 2 vlans, of the same port, so they basically ceased to be seperate vlans...
<clever> disasm: so enp3s0 has 2 isolated lans on seperate vlans?, and enp1s0 is your wan port?
<clever> i had tested it on non-uefi hardware with sata drives
<clever> but uefi and nvme gave trouble
<clever> that was the plan
<clever> and the netboot server (the old laptop) shares its wifi over the same ethernet port with NAT
<clever> so i literally type "justdoit" into the console, and it formats the drive with nixos
<clever> and it has justdoit on that ramdisk
<clever> the original use, was to plug ANY machine into the ethernet jack of my old laptop, and instantly netboot nixos
<clever> pie_: that one file, fully configures network booting of nixos, including setting up NAT
<clever> disasm: line 27-28 shouldnt be needed, the networking.nat handles it for you
<clever> pie_: this is one of the more crazy things ive done, this boots nixos, under xen, under qemu
<clever> try doing that on ubuntu, lol
<clever> and it was able to boot on both
<clever> ive made a disk image before, that had both arm and x86-64 binaries in the same rootfs
<clever> yeah
<clever> pie_: have you tried nix-repl yet?
<clever> you just describe the deps for everything, and it works
<clever> the great thing about using nix, is that it doesnt care what language a package is in
<clever> pypi2nnix probably only knows about the python side of the deps, and breaks as soon as it relies on a system lib
<clever> the error is caused by cffi trying to include normal ffi.h
<clever> try libffi instead
<clever> libffi should do
<clever> libffi.dev 13,338 r /nix/store/h0qamldzfs1prm6pi6nrr109sd2016m4-libffi-3.2.1-dev/include/ffi.h
<clever> [clever@amd-nixos:~/Downloads]$ nix-locate include/ffi.h
<clever> adding that to the buildInputs should fix it
<clever> pie_: anything above that, like an error from gcc itself?
<clever> i'm using a tunnel, no native support from the ISP
<clever> which reminds me, i never fixed it after that power outage
<clever> disasm: yeah, but thats handled in a half manual way
<clever> so enp4s2f0 is the result of all vlan's merged and tag-less, and wan is just vlan 35, filtered and tagless
<clever> that caught me off guard when debuging
<clever> i think wireshark can see the tags though, it uses different flags for capture
<clever> oh, and normal tcpdump gets the packets after they passed thru the networking stack, and the enp4s2f0 interface gets all packets, tagged or not, and the networking stack strips the tags
<clever> yeah
<clever> in the example you typed, i believe it will create an interface called "lan"
<clever> yep
<clever> the config i typed above, creates a new wan interface
<clever> and i also did networking.interfaces.enp4s2f0.useDHCP = false; so no un-tagged dhcp queries leak out
<clever> networking.vlans.wan = { interface = "enp4s2f0"; id = 35; };
<clever> most tools can accept just 'wan' as the name, but 'ip link' shows the master IF it came from
<clever> disasm: after configuring the vlan on my router, this wan interface showed up
<clever> 6: wan@enp4s2f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
<clever> disasm: i think you would need to bridge them
<clever> yep
<clever> ah
<clever> git?, or did it just depend on normal git
<clever> grantwu: something to do with git clone i think, the whole "rewrite it in rust" thing went a bit far :P
<clever> yep
<clever> and you can add a swap file on anything to handle that new size
<clever> it will easily handle the tmpfs changing size

2017-12-10

<clever> it could be the apps inside getting desynced with the size
<clever> while screen lets you forcibly resize it
<clever> sphalerite: one anoying issue ive noticed with tmux, is that it always matches the size of the smallest client
<clever> on the build host you specified
<clever> so hydra stores the logs in a different place
<clever> samueldr: but nix doesnt allow importing the logs
<clever> samueldr: and hydra then imports the resulting .nar into /nix/store when its done
<clever> samueldr: when hydra is involved, hydra initiates the ssh links for build slaves
<clever> samueldr: i just look at /tmp/
<clever> bgamari: this one generates a full nixos disk image, with xen, and then boots that xen under qemu
<clever> bgamari: nixos also has expressions to auto-generate an entire disk image with nixos already on it
<clever> bgamari: an example of how to make your own initrd: https://github.com/cleverca22/not-os/blob/master/stage-1.nix#L175
<clever> bgamari: also, the nixos initrd likely wont be happy with an ubuntu root, so youll want to use a different initrd
<clever> but at this point, nix can leave the picture and you could just throw them into a tar
<clever> that takes the kernel, initrd, and kernel params, from a nixos build, and copies them to a new storepath
<clever> bgamari: if you just want a kernel + initrd, and dont care about them being managed by nix, you can copy them from a derivation to /boot in the image
<clever> bgamari: you would need to setup a /nix in the image and copy things into it with nix copy
<clever> bgamari: not sure
<clever> bgamari: nix packages?
<clever> nix-repl> vmTools.diskImages.debian8x86_64
<clever> bgamari: nixpkgs also already has expressions to generate a debian image from .deb files
<clever> bgamari: this function can be applied to any derivation, and it will run that builder as root inside a qemu sandbox
<clever> «derivation /nix/store/wflfll34ycw8hbhj4cn79czd12dsj1ph-hello-2.10.drv»
<clever> nix-repl> vmTools.runInLinuxVM pkgs.hello
<clever> bgamari: vmTools.runInLinuxVM
<clever> bgamari: then you need to use a vm, one min
<clever> bgamari: why does it need to run as root?
<clever> correct
<clever> nix-shell will create a build-time env, and obey propogatedBuildInputs
<clever> yep*
<clever> tep
<clever> grw: and thats not always easy
<clever> grw: in the case of python libraries, the problem is that you need to wrap the final executable that winds up using your library
<clever> grw: nothing will persist at runtime
<clever> grw: propogatedBuildInputs only makes it available at build time, for things down the line
<clever> ive been busy dealing with ddos and monero today
<clever> ah
<clever> sphalerite: there was a network config change that renamed some interfaces i believe

2017-12-09

<clever> and an env flag has been set to make it print what it loads, and then abort right before it runs main()
<clever> its just running the standard ld.so, that normally handles loading of the dynamic libs
<clever> so you then have to re-run patchelf on each library it listed
<clever> patchelf only shows the first layer
<clever> oh, but ldd is recursive
<clever> probably
<clever> laggy_wifi_: patchelf just reads the elf headers, ldd runs the full ld.so on the binary, with a special env flag set to print things it finds
<clever> grub also supports efi
<clever> ive been using grub for over a decade..., so i just always go grub
<clever> LnL: i havent looked into how systemd-boot works yet
<clever> its just a nixos module on my github, add it to the imports list
<clever> not currently
<clever> LnL: then you can just mount /mnt and re-run nixos-install, to rebuild the entire store from configuration.nix
<clever> LnL: this puts an entire nixos installer into your grub menu
<clever> LnL: oh, something else that could save you
<clever> yeah
<clever> LnL: and how do you deal with the closure of both nix-env and nixos-rebuild?
<clever> LnL: i'm not sure if --load-db can merge
<clever> yep, it does contain a nix-path-registration file at the root
<clever> yeah, that should work perfectly
<clever> i need to finish that install script i partially made
<clever> sphalerite: this generates a fake backup, containing the closure of a given path
<clever> you can also just read the source, let me see...
<clever> sphalerite: and if https://nixos.org/install is modified slightly, it can accept the tar made by this hydra job
<clever> sphalerite: this nix expression generates a tar containing that backup, and the full closure
<clever> sphalerite: there are ways to generate a fake backup from a closure
<clever> sphalerite: you need to import a backup of the db.sqlite, one min
<clever> toogley: try incrementing one of the digits in the hash

2017-12-08

<clever> and then throw some malloc in that
<clever> it would probably be simpler to make a special purpose cpu that runs a custom assembly
<clever> :D
<clever> no dedup within the heap/thunks
<clever> but bumping it up like that is more of a stop-gap, ive seen it consume as much as 20gig of ram, just to eval a nixops deployment
<clever> gchristensen: i just set it to insanely large numbers, lol
<clever> that should easily handle 10 instances
<clever> lol
<clever> gchristensen: how much ram on the machine?
<clever> gchristensen: at around 40-50 instances, it can easily OOM a system
<clever> gchristensen: how many?
<clever> gchristensen: ah
<clever> where did that overlays variable come from?
<clever> but if there is an infinite loop
<clever> yeah
<clever> so it prints something every time you fetch the overlays
<clever> oh, try adding a builtins.trace in that area
<clever> i think that one uses nixpkgs.overlays, not the global ones
<clever> and if the values of the overlays depend on nixpkgs
<clever> gchristensen: are you importing nixpkgs anywhere?
<clever> gchristensen: any chance it might be an infinite loop?
<clever> LnL: oh, but that may not get the dep graphsd
<clever> LnL: havent used it before, but i remember seeing it somewhere, the source should say more
<clever> something like --register-validity
<clever> LnL: i think there is a nix command to force a path to be considered valid
<clever> gchristensen: sure
<clever> i have been considering making something with haskell and curses
<clever> error: Package ‘storebrowse-20130318212204’ in /nix/store/q71jxrnm2a49s8hzfirm4ssri1x0lqqg-nixos-18.03pre118328.6d86fcb86d/nixos/pkgs/tools/system/storebrowse/default.nix:6 is marked as broken, refusing to evaluate.
<clever> neat
<clever> 56G /nix/store/
<clever> 434M /nix/store/wpnjwdqbrgdj5xhwxc9vn2qmv34y1bx9-wine-2.0-rc3
<clever> 391M /nix/store/7hqbkw2nsh2nwnyy5107nnagbx6kffhv-clang-3.9.1
<clever> 365M /nix/store/2y805y8wq4pirqhmz20dcbsh33f3ycp5-initrd
<clever> 457M /nix/store/.links
<clever> vcunat: and this sorts everything by size
<clever> [clever@amd-nixos:~]$ du -hc --max=1 /nix/store/ | sort -h
<clever> vcunat: there is also "nix-store -q --roots /nix/store/foo" to find out what is keeping something
<clever> berce: nix-store --delete will obey roots and only allow deleting garbage
<clever> Lisanna: it used to be simpler, but has grown over time
<clever> the sandbox is optional, but controlled by a different flag
<clever> nix-build always wipes the environment

2017-12-07

<clever> ive even seen @users turn into "null" the first time they get referenced, when viewed from the irc gateway
<clever> ive seen signs that the usernames are loaded in an async manner
<clever> i would have expected it to handle things better
<clever> ouch
<clever> gchristensen: whats bad about it?
<clever> sphalerite: and line 21 will map makeRow over every row in a list
<clever> sphalerite: line 39 is a list of tuples, of string, and function from row -> string, and line 46 will map over that list of tuples to make each row in a latex table
<clever> sphalerite: gist'ing an example
<clever> sphalerite: have you seen hatex?
<clever> samueldr: thats plenty for a grub stage 1 (what normally goes into the bios_boot partition)
<clever> and linux can chainload windows via legacy methods
<clever> samueldr: i later found, that turning uefi boot off also worked
<clever> samueldr: i had to physicaly unplug the windows drive to get linux to boot
<clever> samueldr: if the ESP partition can be found, the firmware 100% ignores the boot order, and refuses to boot legacy OS's
<clever> samueldr: that reminds me of a fun problem i had when installing linux on this machine
<clever> and be able to compile a replacement that can still boot the system
<clever> you would need to reflash the firmware in the motherboard
<clever> i still refer to the UEFI firmware as a bios
<clever> but you could make /boot/efi fat32, and leave /boot itself on something more complex
<clever> UEFI booting requires that the bootloader be on a filesystem the bios supports
<clever> bios_boot is to get legacy booting on GPT
<clever> apple added HFS+ support to theirs
<clever> more technically, the /boot must be supported by the uefi firmware
<clever> also, uefi needs a fat32 /boot
<clever> yeah
<clever> sphalerite: IDE was basicaly just an 8 bit register, that writes to 8 pins
<clever> sphalerite: very
<clever> sphalerite: so it would have to be usb
<clever> sphalerite: exactly
<clever> duncan^: but then you need a CF adapter
<clever> good luck finding anything that small today :P
<clever> i have an OLD 64mb usb stick i use for /boot on my nas
<clever> that might work
<clever> it will just blindly read it in whatever state it happens to be in
<clever> and grub doesnt handle journal playback to repair the FS after an improper shutdown
<clever> and then grub has to traverse /nix/store/
<clever> but if /boot is just a directory on the same dataset as /nix, nix will just refer to the kernels in /nix/store/
<clever> hyper_ch: grub does support zfs, but it doesnt handle recovery well, and it cant deal with directories containing many files
<clever> mbrock: thats my understanding as well
<clever> cant find the 2nd example i was thinking of
<clever> infinisil: this one records the screen inside a nixos test, and provides the video as an output on hydra
<clever> infinisil: let me grab 2 examples ive done
<clever> infinisil: ffmpeg can accept a list of images directly, rather then recording from something
<clever> hyper_ch: boot.loader.grub.devices accepts a list
<clever> infinisil: ive done some crazy things with latex and pdf stuff in nix, a dozen derivations (generated with a loop) to extract sections of a pdf file into xml, then another dozen to turn the xml into sqlite, and then another to merge it all into one ...
<clever> infinisil: what about just having a second derivation that does the math?
<clever> petersjt014[m]: you can check /etc/group to see all groups that are currently valid
<clever> jasom: its a problem with nix unstable, in the propagated inputs

2017-12-05

<clever> ah
<clever> but if you keep the signatures, you can verify those hashes at a later date, and detect that
<clever> given root, i could trojan every binary in your store, then fix db.sqlite to claim they are perfectly fine
<clever> if you store the signatures after downloading, you can verify that a given storepath hasnt been tamperd with
<clever> ive also had another idea on improving it further
<clever> and once verified, they go into the trash
<clever> and are only checked in one or 2 spots
<clever> the signatures look like a tacked-on extra
<clever> and all hydra's re-sign everything they share
<clever> all signatures are lost after download
<clever> sphalerite: --restore is like `tar -xf` and lacks the <hash>-<name> part of the paths
<clever> sphalerite: you will need to know the original name, and have root
<clever> akfp: depends on which fetch function nix is using
<clever> :D
<clever> "D
<clever> and that only works for fixed-output things, not nar's
<clever> akfp: not on its own, youll have to manually download it with something else, then nix-store --add-fixed sha256 ./foo.tar.gz
<clever> its nix-store that hashes it, then tells nix-daemon the hash, and streams it over
<clever> nix-daemon isnt usually involved
<clever> it might be fixed in master, not sure
<clever> sphalerite: and the old code just did that via a char[]
<clever> sphalerite: you need to hash the NAR form of the entire thing before you know where to put it in the store
<clever> but not how
<clever> nix says dontDistribute was applied to wineUnstable
<clever> thats puzzling
<clever> joepie91: why are you on wineFull rather then wine?
<clever> joepie91: aha, this package is specially flag for hydra to ignore
<clever> nix-repl> wineFull.meta.hydraPlatforms
<clever> [ ]
<clever> absent
<clever> joepie91: what is the value of the hydraPlatforms option on it?
<clever> it may also leave it in the current state at rmmod, and fbcon makes rmmod difficult
<clever> joepie91: a quick skim thru the source confirms, the option is only read in several init functions
<clever> so i would have to rmmod to change it
<clever> joepie91: and it lacks the write bit