2017-11-10

<clever> Lisanna: --option binary-caches "" should have turned off all network IO
<clever> Lisanna: just leave it to wait, it should time out and rebuild
<clever> Lisanna: and add --fast ?
<clever> Lisanna: try with --option binary-caches ""
<clever> Lisanna: export NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
<clever> Lisanna: you need to export NIX_PATH to that whole thing
<clever> ghostyy: its been moved to ~/.config/nixpkgs/config.nix
<clever> Lisanna: and either you censored the proxy info, or those proxy variables arent set right
<clever> Lisanna: it should be set to this
<clever> nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
<clever> Lisanna: yeah, your NIX_PATH is completely wrong
<clever> NIX_PATH=ssh-config-file=/nix/store/lgfk3gnxkfswbljkh80sp83l752qggfs-ssh_config
<clever> Lisanna: can you gist the full output of nixos-rebuild and "env" ?
<clever> Lisanna: those should already be in $NIX_PATH by default, did you get that shell via strange means?
<clever> Lisanna: if you unset NIX_REMOTE, then commands running as root will just bypass the nix-daemon, and obey the normal env

2017-11-09

<clever> at that point, your better off writing a nix expression for it
<clever> and you need to escape the $( so it runs inside the shell, not outside
<clever> yeah
<clever> pkgconfig will also need to be added to the -p list
<clever> it only works when loaded properly by nix-shell or nix-build
<clever> slack1256: the gcc you installed with nix-env/systemPackages is broken and wont be able to find any libraries
<clever> slack1256: you may also need "-p gmp gcc"
<clever> i had to "type qmake" inside the nix-shell, then point creator to that binary
<clever> strange, mine wasnt able to find any library when i did that
<clever> that would probably do CPU rendering
<clever> yeah
<clever> WilliamHamilton: `nix-store -qR /run/current-system` will return all of the storepaths involved in the current nixos, which should help reduce the search space
<clever> WilliamHamilton: and thats also going to find a lot of old versions that may cause more problems
<clever> WilliamHamilton: some of those are buildEnv's merging many together
<clever> dlopen() isnt tested by ldd
<clever> does it say its looking for libEGL?
<clever> you should be able to
<clever> what does ldd say?
<clever> does it keep trying that filename in other locations?
<clever> once it fails, it will print an error and stop
<clever> usually the last page or 2
<clever> then the threads wont interleave in the logs
<clever> it also helps to use "-ff -o logfile"
<clever> WilliamHamilton: and what directory are you pointing LD_LIBRARY_PATH at?
<clever> WilliamHamilton: 32bit or 64bit?
<clever> you can boot back into an installer like env, and do whatever repair you want
<clever> the rescue method in grub is more for repairing nixos later on
<clever> and there is also this rescue option
<clever> ive used this when i lacked a usb stick: https://github.com/cleverca22/nixos-configs/blob/master/netboot_server.nix
<clever> there is also my kexec tricks
<clever> ldlework: the default unpack phase copies $src to . and unpacks it
<clever> ldlework: it is
<clever> bbl
<clever> iqubic: restore from backup?
<clever> michaelpj: i think steam-run is involved in that
<clever> .4
<clever> check the configuration.nix man page
<clever> in configuration.nix
<clever> iqubic: only way to answer that is to try to boot
<clever> ldlework: this allows certain variables to leak from the nix-build env down to the sandbox, without including them in the store or hashing
<clever> ldlework: maybe you want to use impureEnvVariables
<clever> iqubic: yeah, i dont know whats up with that
<clever> iqubic: id say it looks good like that, and just keep going
<clever> ldlework: your telling nix what the hash of the output is ahead of time, and nix enforces that you always produce that value
<clever> ldlework: fetchgitprivate is special, because its a fixed-output derivation
<clever> whole*
<clever> ldlework: the would point of nix and nix-build, is that every env variable gets hashed, and any changes to them re-start the build
<clever> iqubic: what if you instead try "blkid /dev/sda /dev/sda*" ?
<clever> but it will only work under nix-shell
<clever> ldlework: if its just an env variable, it should be safe
<clever> that says sda2 is now formated with zfs
<clever> iqubic: imgur.com
<clever> then anybody that can access /tmp/hax (its best to chmod it right) can use the agent
<clever> ldlework: so now ssh-agent can only detect socat, running as root, and it trusts root
<clever> ldlework: so socat has to enter the mix and act as a proxy running as root
<clever> ldlework: the real hack, is that ssh-agent detects the "wrong" user (nixbld1) is connecting to your agent, and kicks them out for security reasons
<clever> one sec
<clever> ldlework: and when the include path points at a unix socket, that path is just directly given to the builder
<clever> ldlework: fetchgitprivate will tell the ssh behind git to use <ssh-auth-sock> as the agent
<clever> actualy, its nixos.xfce.xfce4-screenshooter
<clever> iqubic: nix-env -iA nixos.xfce4-screenshooter
<clever> iqubic: run xfce4-screenshooter
<clever> iqubic: can you screenshot gparted?
<clever> iqubic: and how did you start gparted?
<clever> iqubic: what command did you run to create the pool?
<clever> ldlework: but each private repo would need to be a seperate build input for hydra
<clever> ldlework: for hydra, you would just run "ssh-keygen" within "sudo -u hydra -i", then give hydra some ssh based URL's as build inputs
<clever> ldlework: and rather then turn off hostkey checking, i use https://nixos.org/nixos/options.html#knownhosts
<clever> ldlework: this allows the fetchgit to access the ssh-agent, without ever making the secrets public on the machine
<clever> ldlework: and they deal with it in a more secure manner
<clever> ldlework: i already wrote expressions to deal with that
<clever> ldlework: and every time you change the token, the build will have to be redone
<clever> ldlework: also, that token on line 8 will become world-readable in /nix/store/
<clever> ldlework: the quotations can get messy in nix-shell
<clever> and the bios had no notion of how to understand partitions, it just blindly loaded that 512 bytes into ram, and executed it
<clever> so it just always had 4 slots
<clever> and the entire table was assigned bytes staticly
<clever> originally, the bootloader, and partition table, had to live inside a 512 byte sector
<clever> BlessJah: moving all QT based apps to systemPackages would prevent the issue, nix-env -e them everywhere else
<clever> BlessJah: possibly, using strace should help find where the other versions come from
<clever> which is why i always go GPT on new installs
<clever> hyper_ch: depends on if he has MBR or GPT
<clever> you can tell gparted to just not format it
<clever> iqubic: make a partition in that empty space
<clever> BlessJah: id say its a bug in how nixpkgs configures QT
<clever> ldlework: line 1034 handles the magic of deciding between $buildPhase and buildPhase()
<clever> ldlework: you want to do: phases="buildPhase" genericBuild
<clever> BlessJah: QT breaks that, ive opened an issue for just this problem
<clever> ldlework: your running the buildPhase function, which is the default, but there is also $buildPhase, with your override
<clever> ldlework: ah, thats a odd quirk in bash
<clever> BlessJah: i think so
<clever> BlessJah: try upgrading both wireshark and virtualbox, and look for any other QT programs in nix-env
<clever> BlessJah: you have different QT programs in nix-env, of different versions, all of them have to be installed at once
<clever> ldlework: setup is what ran buildPhase, and now buildPhase is recursviely running setup, which runs buildPhase, which runs setup
<clever> ldlework: line 8 is the problem
<clever> ldlework: can you gist the shell.nix?
<clever> 2017-11-09 14:06:24 < iqubic> Currently the way I have it set up is /dev/sda1 is /boot. /dev/sda2 is Windows FS. /dev/sda3 is a 20GB partition that I can Read and Write to from both OSes and /dev/sda4 is going
<clever> 2017-11-09 14:07:21 < iqubic> So I only need to take /dev/sda4 and partition that.
<clever> ldlework: its best to instead set the right phases
<clever> ldlework: i dont think nix-shell supports builder
<clever> iqubic: i think so
<clever> ah, then its not configured well
<clever> iqubic: you may want to run wipefs on /dev/sda4 to remove traces of the old FS
<clever> ldlework: yeah
<clever> adelbertc: yeah, you can probably replace it with an override over nix
<clever> iqubic: yeah
<clever> ldlework: none of the steps run, it just drops you into a shell with the build deps, and a genericBuild bash function
<clever> adelbertc: editing anything in /nix will break things
<clever> adelbertc: is it a symlink?
<clever> -o for pool wide properties, -O for properties on the root dataset
<clever> -O atime=off
<clever> this one is mostly video files
<clever> naspool/nas 1.07x 1.20T 1.27T lz4
<clever> NAME RATIO USED LUSED COMPRESS
<clever> iqubic: this dataset is a mix of lz4 and gzip, and also takes up less then half the space
<clever> amd/nix 2.16x 69.0G 135G gzip-9
<clever> NAME RATIO USED LUSED COMPRESS
<clever> just /nix alone is compressed to half its size
<clever> tank/nix 2.04x 10.8G 20.2G lz4
<clever> NAME RATIO USED LUSED COMPRESS
<clever> iqubic: its nothing like the c64 days where they messed with bit-rate of the drive to squeeze in more bits
<clever> iqubic: nope
<clever> then every time chrome had a segfault, it would lockup for nearly a minute, while the 2gig coredump was written to disk
<clever> one day, i set my desktop to use gzip-9, while systemd-coredump was enabled
<clever> gzip-9 saves more, and has a noticable hit on performance
<clever> iqubic: lz4 uses less cpu
<clever> adelbertc: it probably wont
<clever> iqubic: i name mine after the hostname
<clever> adelbertc: but you can just try setting up /etc/nix/machines first, and see if it works, it may already be configured
<clever> adelbertc: not sure if darwin has an easy way to read the env
<clever> hyper_ch: i'm getting a 4x ratio on docker
<clever> i also made a dedicated /var/lib/docker pool, with dedup enabled
<clever> dedup is for heavy VM use, it will merge identical blocks
<clever> it can almost double your usable space, depending on data
<clever> so anything you write before turnign on compression, remain uncompressed
<clever> but some like compression only take effect for writes happening after its set
<clever> iqubic: most of the options can also be changed at a later time
<clever> adelbertc: and it may already be fully configured to use /etc/nix/machines
<clever> adelbertc: for darwin, those have to be set in the environment of the nix-daemon process
<clever> iqubic: you also need to add /dev/sda4 at the end
<clever> hyper_ch: afternoon
<clever> iqubic: its all inside an if statement on line 45
<clever> iqubic: encrypted root filesystem, its optional
<clever> yeah
<clever> then just nixos-generate-config and nixos-install
<clever> then 84 to mount the rootfs, and 87-88 to mount everything else (change the type on 88)
<clever> line 78-81 of justdoit will format $ROOT_DEVICE with zfs, you can skip 76
<clever> UEFI?
<clever> kk
<clever> and then adjust what partition names you pass to the rest of the commands
<clever> youll want to partition it differently then, either using gparted or normal fdisk
<clever> iqubic: that bash script will try to wipe the entire disk, so your dual-boot would go away
<clever> iqubic: you can use it more as a guide
<clever> iqubic: and a bash script i made to automate it: https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix#L40
<clever> iqubic: https://nixos.wiki/wiki/NixOS_on_ZFS is the wiki page
<clever> as long as the file was made over 15 minutes ago
<clever> iqubic: step 1, "zfs set com.sun:auto-snapshot=true <poolname>", step 2, services.zfs.autoSnapshot.enable = true;
<clever> iqubic: its 2 commands!
<clever> it then has hourly snapshots, and it keeps 24
<clever> it only keeps 4 of those
<clever> iqubic: for example, i have it making snapshots every 15mins, so i can undo changes to any file anywhere
<clever> iqubic: btrfs was crashy, and ext4 lacks all of the fancy features
<clever> iqubic: 3 of them on my desktop
<clever> so ive basically gotten 11gig out of thin air
<clever> iqubic: https://gist.github.com/cleverca22/6671e4ae5bd56b63473feca6db2e6fba i have 26gig of data on the machine, but its only using 14gig of disk space
<clever> -h gives the wrong number for totals, 1gig off
<clever> and -g doesnt work for free/shared/available, all 0
<clever> it rounds down, and 15.9gig turns into 15g
<clever> free -m
<clever> iqubic: i'm getting a compression ratio of 1.9x on my new laptop with zfs, so thats nearly doubling the disk space in the machine
<clever> sphalerite: try disablign avahi-daemon next
<clever> gz9 costs more cpu, but nix is written to less, so it may balance out
<clever> iqubic: and i could make /nix/ have more aggresssive compression (gzip-9) while / has just lz4
<clever> iqubic: as an example / has automatic snapshots but /nix/ doesnt have backups
<clever> iqubic: zfs allows compression, and different volumes that have different settings
<clever> iqubic: you can add zfs to /etc/nixos/configuration.nix and rebuild switch to get zfs
<clever> iqubic: i use zfs for all of my machines now
<clever> sphalerite: id try turning bluetooth off first, and see what happens
<clever> it can also help to look at the relation between things
<clever> sphalerite: and also http://svgur.com/
<clever> sphalerite: `systemd-analyze plot`
<clever> sphalerite: it can also help to look at the svg
<clever> michaelpj: yeah, so the name i just linked could also work
<clever> michaelpj: though in this example, its called default: https://github.com/cleverca22/nix-misc/blob/master/default.nix
<clever> michaelpj: i usually make something like a release.nix that handles that
<clever> srhb: no difference either way
<clever> [nix-shell:~]$ php -d pcre.jit=false srhb.php
<clever> and does phpinfo() show the same version?
<clever> ah
<clever> srhb: int(1) and int(0) when ran on the cmdline
<clever> srhb: nix-shell -p php71
<clever> ocharles: the config for every project on my private hydra
<clever> ocharles: i also have https://github.com/cleverca22/hydra-configs
<clever> kk
<clever> ocharles: can you put a censored copy of the default.nix up on gist?
<clever> ocharles: can you link your project on github?
<clever> ocharles: and then default.nix will return json with a list of objects like spec.json
<clever> ocharles: you point hydra to spec.json, and it will then run default.nix with the inputs defined on lines 12-17 of spec.json
<clever> ocharles: it also relies on spec.json in the same directory
<clever> ocharles: the one you linked has a dummy input defined on line 1, just run "nix-build jobsets/default.nix -A jobsets" and you can test it locally
<clever> ocharles: that file handles declarative jobset management, it must return a set with just .jobsets (line 86) which contains a json file describing all jobsets in the project
<clever> dhess: you need to override mkDerivation, and then // with { dontCheck = true; } i think
<clever> but it should fail in an obvious way
<clever> that part changed within a month of me starting that, so it may be broken in master
<clever> but you can then customize it for anything
<clever> and i wanted to avoid rebuilding the ghc for every single change
<clever> dhess: in this case, i was using the ghc from an old nixpkgs, as the base for a new haskellPackages that had a modified generic-builder.nix
<clever> dhess: line 9 creates the haskellPackages set, with a given ghc, compilerconfig, and haskellLib
<clever> dhess: ah, one min
<clever> bgamari: i have heard the same thing
<clever> bgamari: and i believe that will then add all other buildInputs to the PYTHONPATH
<clever> bgamari: if python is in the buildInputs, then the setup hook for python should be sourced

2017-11-08

<clever> ylwghst-nix: and what does "sudo -l" output as that user?
<clever> ylwghst-nix: and if you try giving it the same absolute path as in sudoers?
<clever> ylwghst-nix: what are the contents of /etc/sudoers?
<clever> then maybe just have a shell.nix file, and run "nix-shell" before using the scripts
<clever> ah, yeah
<clever> i think
<clever> #!nix-shell -p pythonstuff
<clever> #!/usr/bin/env nix-shell
<clever> you can also create scripts like this
<clever> bgamari: then it should be used under nix-shell i think
<clever> bgamari: nix would generate it when installing the package with those scripts
<clever> ylwghst-nix: you also need to logout and back in for changes to the group to apply
<clever> bgamari: then maybe that script should have the wrapper?
<clever> ylwghst-nix: how have you added the user to the group?
<clever> bgamari: the program using those modules should have a wrapper script that sets PYTHONPATH correctly
<clever> Lisanna: its started by launchd by a plist file under /Library i think
<clever> ylwghst-nix: if you run "id", does the user appear in the pmutils group?
<clever> Lisanna: linux or darwin?
<clever> ylwghst-nix: that is a line from my /etc/sudoers, which allows the ds9 user, to run 2 scripts without a pass
<clever> ylwghst-nix: ds9 ALL=(root) NOPASSWD: /root/reload_lighty , /root/ubc
<clever> bgamari: and in general, python libraries shouldnt be in ~/.nix-profile/, they would collide with eachother
<clever> bgamari: nope, all nix-env does is manage ~/.nix-profile, it doesnt care what your shell does
<clever> :)
<clever> mekeor: a few too many m names active at once
<clever> ah
<clever> manveru: there is also a nixos-option command
<clever> mekeor: the QT program builds the json at runtime, so the effects of nix-channel --update effect the docs in the GUI
<clever> mekeor: ah, thats building the json that https://nixos.org/nixos/options.html uses
<clever> __monty__: you can either configure a static ip directly on the container, or disable the router dhcp, and run your own dhcp server
<clever> this is how i manage the bind zones and the static dhcp
<clever> but then you need access to the nscd unix socket
<clever> rycee: it would, but you will need to patch every fixed-output helper in nixpks
<clever> static dhcp
<clever> yeah
<clever> __monty__: i have a .localnet zone in my router's bind instance, which points to private IP's in my LAN
<clever> rycee: using a "real" domain in the dns is going to work better, something that dig can resolve
<clever> rycee: the env variables that allow .local to work with mdns are being cleared in the sandbox
<clever> for legacy boot, /boot can also be ext4
<clever> its simpler to have a cleartext /boot, then to try to even encrypt /boot
<clever> mekeor: that would give grub support to open an encrypted /boot, but i dont know if it can handle an ext4 on lvm on luks...
<clever> mekeor: did you set boot.loader.grub.enableCryptodisk ?
<clever> mekeor: what did you set boot.loader.grub.device to?
<clever> mekeor: i still prefer doing legacy booting on GPT
<clever> kuznero: can you do "nixos-rebuild --rollback" and then upload the configuration.nix to gist?
<clever> kuznero: how did the config get wifi then?
<clever> kuznero: then check the status of wpa_supplicant
<clever> mekeor: you will need a seperate cleartext /boot partition
<clever> manveru: this one did it all in QT and libparted
<clever> but in future, users may want to dual-boot with an existing OS
<clever> yeah, justdoit does that right now
<clever> you can also safely mix legacy + efi on gpt, but you obviously cant mix mbr and gpt on the same drive
<clever> and if your using efi on gpt, you need a fat32 efi system
<clever> but if you are using legacy on mbr, you dont
<clever> manveru: for example, if you are using legacy on gpt, you need a 2mb bios boot partition
<clever> manveru: and the templates should also control how the partitioning is done
<clever> manveru: i was thinking of having templates and GUI's that tie into that editor
<clever> bigvalen: you also need to configure the interface with a static ip, seperately from dhcpd
<clever> bigvalen: that should have the path to the dhcp config file
<clever> bigvalen: start by looking at the dhcp .service file in /etc/systemd/system/
<clever> bigvalen: did you also set enable for the dhcp server?