2020-06-14

<clever> {^_^}: no
<clever> ,status
<clever> the aws plugin already does extra things that cloud-init may not, like iam instance profiles and security groups
<clever> the benefit i can see of installing fresh on aws, is that you wont have an extra generating eating up disk space, that doesnt match your nixpkgs
<clever> aws, you could generate an AMI that boots the kernel/initrd with grub, and runs from ram
<clever> packet can natively ipxe boot, so you just have to provide a url to an https source you trust
<clever> for backends like packet and aws, you can also skip that kexec step
<clever> and that rescue console function, is part of the plugin that deals with provisioning new hw over the api
<clever> eyJhb: the basic idea in the above ticket, is that you create a function to boot the machine into a rescue console with ssh, then some reusable code can do the kexec and install steps
<clever> eyJhb: it did have a script to install nixos over the rescue console at one point

2020-06-13

<clever> but knowing the cmd, you can at least force it on
<clever> i'm not sure why it works half the time and doesnt the other half
<clever> also, `:set syntax=strace` in vim!
<clever> srk: -ff says to append the pid to the filename, so you dont get 4 different procs interleaved in one big mess
<clever> srk: it also helps to use `-ff -o trace.txt`
<clever> wedens[m]: yeah, that should work
<clever> if you keep the nixpkgs rev the same
<clever> wedens[m]: you cant really, but if you copy the pre-built nixos to /mnt/, it will have a lot less to rebuild when it builds from the new configuration.nix
<clever> tobiasBora: yeah, you need to switch over to nixos
<clever> tobiasBora: `nix repl '<nixpkgs>'` then `postgresql_11.outPath`
<clever> then it can reuse any other .o files your project isnt changing
<clever> stteevveen: for fast interation, you usually want to run make in nix-shell
<clever> stteevveen: add dontStrip = true; to the derivation
<clever> ldlework: you usually want something more like: phases="configurePhase buildPhase" genericBuild
<clever> Ashy: genericBuild would also copy $src to ., and then cd into whatever dir that created
<clever> it does when you dont tell it what else to do
<clever> ldlework: you usually have a shell.nix or default.nix in the current dir?
<clever> ldlework: so its looking for either shell.nix or default.nix in the current dir
<clever> ldlework: you told it what <nixpkgs> maps to, but not what file to actually open a shell for
<clever> kandinski: AB?
<clever> dkjii: nix-env -iA nixpkgs.haskellPackages.nix-diff
<clever> dkjii: oh, its also in nixpkgs already
<clever> dkjii: run `nix-diff` on the 2 .drv files its showing at the end
<clever> works on both outputs and .drv files
<clever> dkjii: nix-store --query --tree /nix/store/foo
<clever> dkjii: it will use the bootstrap glibc, so nothing depends on outside sources
<clever> dkjii: nix allows you to have many glibc's, based on what nixpkgs is saying to build
<clever> dkjii: it may not be the version that nixpkgs wants though
<clever> dkjii: what directory is gcc-9.3.0/ at?
<clever> dkjii: 185-216 will then begin building things from that, but force glibc, binutils to stay behind
<clever> dkjii: line 144 will override binutils, coreutils, grep, and gcc, and point all of them towards the bootstrap tools from the tar, thats enough to give a stdenv that can build some things
<clever> dkjii: each stage will apply some overrides, to change a few packages, which will dynamically impact everything that depends on those packages
<clever> dkjii: nixpkgs/pkgs/stdenv/linux/default.nix
<clever> dkjii: the bootstrap may build 2 gcc's, and unpack a 3rd from a tar
<clever> it will then use that bootstrap gcc to build the bash everything else uses
<clever> thats probably the bootstrap phase, where its building gcc from a gcc in a tarball
<clever> depending on whats happening, you can just grep for one of those strings in nixpkgs to find the expr
<clever> dkjii: that is the final output, after all of the functional expressions have been ran
<clever> dkjii: run `nix show-derivation` on that path
<clever> dkjii: and `nix-env -f expression.nix -i`
<clever> dkjii: that would be the same as `nix-shell expression.nix` or `nix-shell -E 'import ./expression.nix'`

2020-06-12

<clever> asheshambasta: more output may wind up in the journal for the service running pulseaudio
<clever> selfsymmetric-mu: that tells gcc to search for either libpq.so or libpq.a, and link to it
<clever> selfsymmetric-mu: and then link with -lpq
<clever> selfsymmetric-mu: what happens if you just put postgresql in buildInputs?
<clever> evanjs: you could also use cptofs with a smaller image, then manually expand it in a second derivation
<clever> evanjs: maybe, i forget how trivial it is to use outside of nixos
<clever> evanjs: yeah
<clever> evanjs: and then use something like qemu-img to just change the length of the disk image, without touching the contents any
<clever> evanjs: you can look at how the aws images resize themselves on boot
<clever> evanjs: does the image need to be that big initially? why not resizefs after deploying?
<clever> ramses_: its an attribute of the python package
<clever> > python3.sitePackages
<clever> does it really need a version field?
<clever> name is auto-generated from the url, but you can still set your own name
<clever> CMCDragonkai: just plain fetchzip { version=; meta=; ... }
<clever> yeah
<clever> CMCDragonkai: fetchzip is a derivation
<clever> just use it naked
<clever> fetchzip already produces the dir you want
<clever> CMCDragonkai: fetchurl produces a single file, not a dir of many files
<clever> CMCDragonkai: buildEnv requires the input dir to already have the right name, which is what cole-h's thing does
<clever> CMCDragonkai: that would be much better
<clever> CMCDragonkai: what does `top` say is actually running?
<clever> CMCDragonkai: pkgs.fetchurl is using curl, does that behave the same way?
<clever> noobly: not sure then, i dont know much about guix
<clever> noobly: do you have the nix-store command?

2020-06-11

<clever> dminuoso: ^
<clever> > lib.optionalString false "foo"
<clever> and a variant: nix edit -f . xorg.libX11, if your in a nixpkgs checkout
<clever> inf: you can also do `nix edit nixpkgs.xorg.libX11`
<clever> > xorg.libX11.meta.position

2020-06-10

<clever> Ericson2314: the tool to generate the keypair, creates a file with the public key in the right format, and you just copy/paste
<clever> the imports list cant depend on anything that comes from config, including extra arguments added via another module
<clever> dminuoso: use the module framework more?
<clever> dminuoso: but you can also mapAttrs over nodes
<clever> dminuoso: nixops puts all nodes into /etc/hosts automatically
<clever> dminuoso: { config, nodes, ... }: at the top of a module, then nodes.machine1.config.anything
<clever> Ericson2314: `nix sign-paths` will put the signatures into db.sqlite
<clever> dminuoso: or just assert on any env var, and have shell.nix set it
<clever> doomlist3: builtins.getEnv, assert
<clever> and modify it to use that from an env var
<clever> urkk: you can just take the revision you gave to fetchGit, and feed that into the derivation
<clever> urkk: why do you need .git?
<clever> urkk: i dont think you can both keep .git and fetch a private repo
<clever> cryptix: ah, thats a diff bug
<clever> cryptix: you want nixos-rebuild boot when in a chroot
<clever> then you can use step 4 from the nixops issue, to install that storepath
<clever> then boot that usb stick, format the target disk, and mount to /mnt, and use the same nix copy, to copy it to that final disk
<clever> wedens[m]: first, install nixos to a usb stick mounted at /mnt like normal, then build a 2nd nixos (the final one) and use nix copy to add it to the usb stick
<clever> wedens[m]: yeah
<clever> wedens[m]: then you can use `--to local?root=/mnt` again when booted into that stick, to copy it to whatever drive is mounted to /mnt
<clever> wedens[m]: if you do a normal nixos-install against the usb stick, then you can use `--to local?root=/mnt/` to add more store paths to the usb, like a 2nd build of nixos
<clever> wedens[m]: youll have 2 options then, either use 2 usb sticks, or 1 stick that isnt based on the iso
<clever> wedens[m]: the example i linked goes over ssh, to copy from one machine into /mnt of a remote machine, and skip the tmpfs and usb entirely
<clever> wedens[m]: that would put it into the nix store in /, which might be tmpfs based, and run out of ram
<clever> wedens[m]: if you boot the normal nixos usb image, you can then use steps 3&4 to copy a pre-built nixos to /mnt/nix/store and then install the bootloader

2020-06-09

<clever> that would do it!
<clever> selfsymmetric-mu: its all in the `man nix-env` docs
<clever> selfsymmetric-mu: you can also: nix-env --profile /nix/var/nix/profiles/system --delete-generation 846
<clever> selfsymmetric-mu: it will go over every profile automatically
<clever> selfsymmetric-mu: can you pastebin the output of running it again, with root?
<clever> if you want to delete system generations
<clever> selfsymmetric-mu: that one needs root
<clever> selfsymmetric-mu: did you use `--delete-older-than 2d` with or without root?
<clever> sshow: you want builtins.fetchGit
<clever> selfsymmetric-mu: what date is on 846? --list-generations should show it
<clever> `nix-store --delete /nix/store/xw9w7l93ksdbcjb9jgpsarya3x9vq5ns-ghc-8.8.3`
<clever> thats enough to make nix think its using ghc
<clever> its in sudo's argv and env
<clever> and if you use plain sudo, they wont work right, because sudo is also using the thing your trying to delete
<clever> --query and --delete dont need root
<clever> yeah
<clever> you want to use --query and --delete without root
<clever> selfsymmetric-mu: the system profile is where nixos generations live
<clever> so sudo is "using" whatever $FOO is
<clever> selfsymmetric-mu: when you `sudo nix-store --query --roots $FOO` then sudo has that $FOO in its env
<clever> selfsymmetric-mu: `nix-env --profile /nix/var/nix/profiles/system --list-generations`
<clever> selfsymmetric-mu: are you using sudo with any of the recent nix commands?
<clever> i forget why i had disabled them
<clever> aanderse: line 9 makes the overlay impact the build being deployed, line 17+13 makes the overlays get copied, and impact the remote machine's builds
<clever> cransom: `ls -ltrh /nix/var/nix/gcroots/auto` will also sort things, so you can see the order you made the result's in
<clever> DigitalKiwi: just check /dev/zfs like you have OCD, and wait until it breaks again, lol
<clever> not sure then, maybe it is a bug?
<clever> jakobrs: what about `--option require-sigs false` ?
<clever> jakobrs: and `id` ?
<clever> jakobrs: what does `nix show-config | grep trusted-users` report?
<clever> jakobrs: it sounds like the normal security mechanisms in nix
<clever> jakobrs: yeah
<clever> jakobrs: the cache needs to be added in configuration.nix for it to get into nix.conf
<clever> DigitalKiwi: something must be breaking the permissions, youll need to figure out what you did to break it, and check /dev/zfs before and after running that cmd
<clever> jakobrs: when nix-daemon is at play, only a trusted user can bypass signature checks
<clever> DigitalKiwi: what permissions does /dev/zfs have?
<clever> Athestus: fonts = [ "a" "b" "c" ]; to select 3 fonts
<clever> srhb: the new version also fixes the download problems
<clever> Athestus: oh, it was changed from withFont to fonts a few months ago
<clever> instead of plain nerdfonts
<clever> Athestus: just stick (nerdfonts.override { withFont = "something"; }) into that list of fonts
<clever> irc doesnt support any formatting
<clever> Athestus: how are you putting nerdfonts into configuration.nix?
<clever> it will download every single font, then copy just the one you asked for, and let garbage collection clean up the rest
<clever> Athestus: yeah
<clever> git blame says that line was last modified in 2016
<clever> 60c3f3f2b946 (mimadrid 2016-08-12 14:21:27 +0200 20) ./install.sh ${withFont}
<clever> it will run the install.sh of nerdfonts, with whatever arg you give it
<clever> 20 ./install.sh ${withFont}
<clever> Athestus: pkgs.nerdfonts.override { withFont = "something"; }
<clever> Ben49: does `date` report the right date/time?
<clever> last time i checked, @foo doesnt use /etc/resolv.conf, so the local cache cant get involved
<clever> same answer if i +trace
<clever> ;; SERVER: 9.9.9.9#53(9.9.9.9)
<clever> ;; Query time: 209 msec
<clever> nixos.org. 20 IN A 162.243.166.170
<clever> $ dig nixos.org @9.9.9.9
<clever> brainopia: you just need to `nix-channel --update` as root, and it should resume working normally
<clever> brainopia: what does `nix-channel --list` say?
<clever> i also use this for similar things
<clever> [root@amd-nixos:~]# du -hc --max=0 $(nix-store -qR /run/current-system) | sort -h | tail
<clever> `nix path-info` can sort of do it
<clever> Ashy: yeah, that looks weird
<clever> yep
<clever> ah
<clever> Ashy: what does `efibootmgr -v` report?
<clever> it uses partition uuid's
<clever> Ashy: run `efibootmgr -v`

2020-06-08

<clever> ninjin: nix-build '<nixpkgs/nixos>' -I nixos-config=host/$1/configuration.nix -A system
<clever> fragamus_: cachecache does that
<clever> mica[m]1: one of the release branches i believe
<clever> jlv[m]: probably just missing from the manual
<clever> and then the public has to go into the trusted-public-keys on the receiver (dont use extraOptions for that one)
<clever> yep
<clever> which wont interact with `nix copy` at all
<clever> thats only if your using nix-serve
<clever> `man nix-store` -> --generate-binary-cache-key
<clever> energizer: give it a secret key, and it will sign everything it builds
<clever> [root@amd-nixos:~]# grep secret /etc/nix/nix.conf
<clever> secret-key-files = /etc/nix/signing.sec
<clever> and signing isnt configured by default
<clever> if its something you built, then your own nix-daemon has to sign it
<clever> nix copy does
<clever> nix-copy-closure doesnt check signatures by default
<clever> the local machine was probably doing http, to see what it could get from cache.nixos.org
<clever> yep
<clever> so only if port 22 (ssh) is blocked, would it be a fw issue
<clever> the http stuff goes to cache.nixos.org, which you likely dont have blocked
<clever> energizer: the remote and local machines do http seperately from the ssh
<clever> energizer: it uses ssh to connect to the remote box
<clever> energizer: copy-closure will do some http requests before it copies

2020-06-07

<clever> that can be fixed with a highvoltage programmer (only 12v) but some programmers dont support it
<clever> there is a fuse to make reset be gpio instead of reset, but then you cant use reset to enter programming mode anymore
<clever> for most AVR chips, the programmer talks to it by just driving SPI into the chip, while the reset pin is held low
<clever> chloekek: if you use a programmer, you can bypass the bootloader, and just flash whatever you want
<clever> chloekek: ive also made a custom i2c based bootloader once before (long since lost it), which would allow reflashing over i2c
<clever> chloekek: https://www.sparkfun.com/products/10524 this chip has a bootloader pre-programmed onto it
<clever> chloekek: that allows the chip to reflash itself, and then you talk to it over plain serial
<clever> chloekek: the main difference with the arduino boards (and some pre-flashed chips), is that they have a bootloader on them
<clever> chloekek: https://www.sparkfun.com/products/8702 https://www.sparkfun.com/products/11801 i do see some usb ones, but ive not tried them personally
<clever> chloekek: and i was using https://www.sparkfun.com/products/retired/8508 to convert the 6pin to a wide 6x1, for breadboard usage
<clever> i had also made a parallel port one at one point
<clever> chloekek: https://www.sparkfun.com/products/retired/14 is the programmer i used
<clever> and the programmer i'm using....
<clever> chloekek: and this is how i used to program things, before nix got involved: https://github.com/cleverca22/thermostat_firmware/blob/master/Makefile#L35-L38
<clever> chloekek: this is enough to just nix-build the firmware
<clever> chloekek: avrdude
<clever> chloekek: yep, ive done that with my thermostat firmware
<clever> not sure then
<clever> gordon1: read the file its pointing to
<clever> gordon1: does `which zsh` point towards a shell script?
<clever> gordon1: do you have anything weird like python support enabled in zsh?
<clever> gordon1: and what does `ps` report? are there multiple bashes?
<clever> gordon1: what does `echo $PATH` say?
<clever> gordon1: sounds like your in a nix-shell that provides python3
<clever> and it runs massively slower with the wifi on
<clever> as an example, they made a shell script, that would dynamically create more shell scripts, run them, then delete
<clever> angerman: and how turning the wifi off makes programs run faster
<clever> angerman: i saw a blog post before, about how apple is doing network IO the first time you run a new binary
<clever> yeah, if you dont set that, youll upload everything to the builder, after downloading it
<clever> you might be able to use nix.conf to do @/foo @/bar, to load 2 files at once
<clever> angerman: `nix show-config | grep builders` says where it will look
<clever> still /etc/nix
<clever> while nix only accepts one by default, still at that path
<clever> the main difference, is that hydra accepts a list of files in the /etc/nix/machines format
<clever> you dont really have to deal with dns, you just need the ip and pubkey in /etc/nix/machines
<clever> and auto-register it for use by hydra
<clever> that will use nixops to dynamically create a machine, based on load and config, and destroy it afterwards
<clever> yeah
<clever> let me find it...
<clever> angerman: oh, have you seen the hydra provisioning scripts?
<clever> yeah, i see your PR
<clever> ah
<clever> heard of the aarch64 community box?
<clever> so it can setup a dns record for you
<clever> angerman: the aws backend can use route53 to update an entry in a hosted zone
<clever> angerman: and yeah, youll need to deal with the ip and dns yourself, enless your using something like the aws backend
<clever> angerman: on darwin, it used to add the remote machind as a builder, so you could build linux stuff, but multi-user nix (with a nix-daemon) breaks that
<clever> yep
<clever> Siyo: if your not going to use channels at all, you can instead use this to make <nixpkgs> still map to the right thing on the server
<clever> you could then use it with the above -i $[something}
<clever> so if you did something like `something = pkgs.runCommand "nixos-123" {} "mkdir $out; ln -sv ${pkgs.path} $out/nixos"`
<clever> it didnt have that option last i looked
<clever> that would also work
<clever> nix-env thinks the channel is just a package by the name of nixos
<clever> nixos-20.03pre202088.e89b21504f3
<clever> [root@amd-nixos:~]# nix-env -q --profile /nix/var/nix/profiles/per-user/root/channels/
<clever> and if you use pkgs.path, it will be the same nixpkgs your building with, which would be the above pin
<clever> that would emulate nix-channel --update
<clever> next, you need to use nix-env --profile /nix/var/nix/profiles/per-user/root/channels -i ${something}, against a derivation with the right name and with the right contents
<clever> and that tar contains a pre-made programs.sqlite
<clever> so you could pin nixops with `nixops modify -I nixpkgs=https://releases.nixos.org/nixos/unstable/nixos-20.09pre228204.467ce5a9f45/nixexprs.tar.xz`
<clever> Siyo: when you try to download a channel, you get a 301 redirect to a tar for that specific version
<clever> Siyo: you could set nixops to use a specific revision of a channel, and then deploy that to the /nix/var/nix/profiles/per-user/root/channels profile...
<clever> no need to swap SD cards to repair things
<clever> if i ever break something, i can just --rollback that profile, and it will boot once more
<clever> ninjin: and the rpi will use this prefix when it tries to fetch things at netboot, so it uses the profile
<clever> lrwxrwxrwx 1 root root 48 Apr 7 2019 /tftproot/55a4377c -> /nix/var/nix/profiles/per-user/root/rpi3-netboot
<clever> ninjin: this will load a release.nix, build a certain attr, and assign the result to a rpi3-netboot profile
<clever> nix-env -p /nix/var/nix/profiles/per-user/root/rpi3-netboot -f not-os/release.nix -A rpi_image -I nixpkgs=./nixpkgs/ --set
<clever> ninjin: ive also found new and fun uses for nix-env --set
<clever> ninjin: and nixops just tweaks the nix-build step to build multiple machines at once, and throws a copy-closure in the middle
<clever> ninjin: nixos-rebuild is a shell script that will nix-build, nix-env --set, and then run switch-to-configuration
<clever> yeah :D
<clever> ninjin: i started out by making a usb stick that booted on both x86 and rpi, with the same configuration.nix
<clever> ninjin: it might be a grub vs systemd-boot bug
<clever> ninjin: some bootloaders in nixos deal with the missing generation better then others
<clever> ninjin: systemd-boot generates a menu, based on the generations in system
<clever> ninjin: you want nix-env --profile /nix/var/nix/profiles/system --set ${something}
<clever> ninjin: that never updates the system profile
<clever> ninjin: what happens when you `nixops deploy` ?
<clever> ninjin: `nix-env --profile /nix/var/nix/profiles/system --list-generations`
<clever> ninjin: ah, thats the one, and you dont have it, so thats not it
<clever> 729 efivar_set(L"LoaderEntryDefault", config->entries[idx_highlight]->file, TRUE);
<clever> 728 /* store the selected entry in a persistent EFI variable */
<clever> ninjin: looks like line 48 is systemd related
<clever> boot.c: efivar_set(L"LoaderEntrySelected", entry->file, FALSE);
<clever> ninjin: cant remember the exact name systemd-boot used for its efi var, and nothing in the listing stands out
<clever> ninjin: uuid looks right
<clever> ninjin: and `blkid /dev/nvme0n1p1` as well
<clever> ninjin: can you pastebin `ls -l /sys/firmware/efi/efivars` ?
<clever> ninjin: let me see if i can dig it up...