2017-08-02

<clever> even though its identical (via that symlink)
<clever> so i often say <nixos/nixpkgs> to make it clear i mean nixpkgs
<clever> not the nixos subdir
<clever> <nixos> resolves to the root of a nix PACKAGES checkout
<clever> that symlink is for NIX_PATH reasons
<clever> correct
<clever> and the -q variant, lists all channels in the current generation
<clever> and lets you delete generations (--delete-generations)
<clever> the 1st of the 2 above commands list every generation you have made from nix-channel --update
<clever> that manage a different profile
<clever> nix-channel and nixos-rebuild are just wrappers around nix-env
<clever> Infinisil: try running these 2 commands, do you see how they work a bit more?
<clever> [root@amd-nixos:~]# nix-env --profile /nix/var/nix/profiles/per-user/root/channels -q
<clever> [root@amd-nixos:~]# nix-env --profile /nix/var/nix/profiles/per-user/root/channels --list-generations
<clever> that searches in roots channel profile, which wouldnt be covered
<clever> oh yeah, and you would want to also override NIX_PATH
<clever> then remove all channels!
<clever> and call it nixos
<clever> but now that we know how this works, you can just make a dummy default.nix like i did above
<clever> yeah
<clever> and you would have to nix-channel --update twice (as you and root) to ensure both are updated
<clever> so it doesnt know which one to use
<clever> you have a nixos channel on both your user and root
<clever> i think the only priority, is what order readdir() returns the contents of .nix-defexpr
<clever> and warn you
<clever> so they will just randomly overwrite eachother
<clever> i dont think there is any formaly defined priority
<clever> printError(format("warning: name collision in input Nix expressions, skipping '%1%'") % path2);
<clever> so channels, channels_root, and test, get merged into a single set
<clever> and that default.nix must return a set like nixpkgs (i imported a random clone of master)
<clever> Infinisil: and with this, you can create your own custom set of channels (the set is called test), which contains 1 channel (called foo)
<clever> installing ‘hello-2.10’
<clever> [clever@amd-nixos:~]$ nix-env --dry-run -iA foo.hello
<clever> import /home/clever/apps/nixpkgs
<clever> [clever@amd-nixos:~]$ cat .nix-defexpr/test/foo/default.nix
<clever> the names of those children are then made available to nix-env
<clever> until it finds children containing default.nix's
<clever> any directory lacking a default.nix is recursed into
<clever> Infinisil: line 142, it seems to be able to recursively call itself
<clever> Infinisil: and line 100 has more code
<clever> or rather, it merges channels/* and channels_root/* into a single set
<clever> thats what i think this does
<clever> if you give it a directory containing foo/default.nix and bar/default.nix, it turns it into { foo = import ./foo; bar = import ./bar; }
<clever> Infinisil: aha!!
<clever> return getHome() + "/.nix-defexpr";
<clever> globals.instSource.nixExprPath = getDefNixExprPath();
<clever> Infinisil: there it is, i believe this is the -iA nixos.hello path: https://github.com/NixOS/nix/blob/master/src/nix-env/nix-env.cc#L417-L426
<clever> for example, i can just tell it, copy the closure of nix from /nix/store to /mnt/nix/store
<clever> which can manipulate stores not yet at the right mount point
<clever> ive only played with the nix copy command
<clever> havent looked into it much yet
<clever> to tell it to obey the path
<clever> or switch to nix-env -f '<nixpkgs>'
<clever> Infinisil: i think newElemsTmp is an output from this function, of what you want to install
<clever> so nix-env will obey the search path, but by default, nothing in nix-env or nixpkgs will actualy make it use it
<clever> yeah
<clever> Infinisil: if you put import <unstable> into the config.nix
<clever> lol
<clever> and if your config.nix happens to use the search path, it will work
<clever> this forces it to use the search path
<clever> nix-env -f '<nixpkgs>' -A hello
<clever> nix-env can obey the search path, but at no point tries to actually use it
<clever> yeah
<clever> def
<clever> it goes directly to the .dev-expr dir
<clever> nix-env -iA nixos.foo ignores the path entirely
<clever> i think you had to add both
<clever> also, in the old days, nixos and nixpkgs where seperate repo's on github
<clever> other then that, i think its mostly about doing "nix-env -iA nixos.foo" when your not on nixos being "weird"
<clever> nixos-unstable lacks darwin builds
<clever> and also has darwin cache support
<clever> nixpkgs-unstable lacks testing to ensure it cant brick nixos systems
<clever> copumpkin: a more confusing thing, look at the args that --add needs, now look at the output of --list
<clever> then if its not found, it checks root for a channel by that name
<clever> Infinisil: when you do nix-env -iA nixos.foo, it will first search your users channels for a channel called "nixos"
<clever> even if you mess up nix-env, it can still boot, and you can fix it
<clever> nix-env is much less likely to break the entire system
<clever> but you will want to always checkout a revision that is on the nixos channel, or you can run into the same issue
<clever> then its less major
<clever> ah
<clever> which left the system unable to boot, and all rollback options unable to boot
<clever> about 3 or 4 months ago, there was a wave of people breaking grub.conf because they did that
<clever> you must never run nixos on a nixpkgs channel
<clever> generally, i try to put all channels on root, and not run nix-channel as a user
<clever> and thats why it cant find nixos/nixpkgs
<clever> that will update a gist, and allow easy diff'ing
<clever> Infinisil: also, gist -u <url> foo.txt
<clever> there should be another symlink, called nixos
<clever> ls -lh /nix/var/nix/profiles/per-user/root/channels/
<clever> ah, i forgot the / in my example above as well
<clever> yes, ls is wonky
<clever> -l causes it to shwo the channels link itself, rather then its contents
<clever> you need an extra / at the end of channels
<clever> can you paste the full output of the shell, commands you ran, and how the files changed?
<clever> what is inside that link?
<clever> there should be one directory per channel
<clever> ls -lh /nix/var/nix/profiles/per-user/root/channels
<clever> --add doesnt take effect until --update
<clever> did you also nix-channel --update?
<clever> Infinisil: what did you change?
<clever> the error says that root's "nixos" channel is missing
<clever> Infinisil: sudo nix-channel --list
<clever> Infinisil: and what is the weird problem?
<clever> ah
<clever> Infinisil: which one?
<clever> and tell the build to look there when it needs to read things
<clever> then just mkdir $out, and copy the source there before the build
<clever> nixer: does the source need to be available after compile time?
<clever> everything after that is within nixpkgs and the stdenv, and can do things in pretty much any order, as long as $out is valid at the end
<clever> basicaly, all nix does is run your builder, with given args, and sets the $out variable
<clever> and nix doesnt care when in the derivation you make it
<clever> its the derivations job to create it
<clever> and once the derivation has started building, $out is known
<clever> and copy at the start of one, then use it later
<clever> ditch one derivation entirely
<clever> like preConfigure
<clever> nixer: copy the src to $out/src before you build
<clever> nixer: why is line 44 refering to the self derivation?
<clever> yeah
<clever> nixer: that just copied the propagatedNativeBuildInputs to the propagatedUserEnv, which i avoid using at all costs
<clever> it appears to connect and "run"
<clever> at line 760, i can see it connecting to X
<clever> mpcsh: if you run "strace -ff -o logfile compton" it should produce a bunch of logs, can you run "gist -p logfiles*" to upload them all?
<clever> turning gpu accel off made it faster
<clever> that is the exact cause of my horid fps in xterm
<clever> but nixpkgs isnt aware of that, and keeps building the out-dated foo, and the new bar without --enable-foo
<clever> gchristensen: foo got merged into bar, and is now just --enable foo
<clever> gchristensen: a secondary issue, is that the auto-generated thing pulled in deprecated packages
<clever> i tried running the update script, and it just broke everything
<clever> FRidh: there are also horid messes like the xorg packages, which have been heavily modified after the last auto-update
<clever> both so people can reproduce the changes and confirm its not been tampered with, and so anybody can generate the next version
<clever> something i have thought of, is to always include the commands you ran to generate in the commit message, along with any inputs needed to ensure its 100% reproducible
<clever> and i havent gone back
<clever> but when they updated, i ditched gnome and went all xfce
<clever> i had been using gnome-panel since 2004, and was always graphing the cpu/memory usage
<clever> i jumped ship when gnome turned into windows 10, lol
<clever> past 7 9's, its hard to tell an outage apart from just pure latency
<clever> but past 5, things get tricky
<clever> seequ: i could measure a difference between 4 and 5 9's
<clever> if i wanted to host something better then 2 9's, id need a beefy UPS or generator
<clever> even my power company gets between 2 and 3 9's
<clever> 31.5 milisec of downtime per year!!!
<clever> 9 9's is insane, lol
<clever> yeah, depends a lot on how many 9's you want
<clever> yeah, aws shield, came out in december
<clever> i was thinking in terms of using ELB to filterer a ddos
<clever> copumpkin: ELB has a thruput limit and can be maxed out, and it takes time to spin up more ELB's
<clever> now you can easily update 1 ip, without having to know the old IP your trying to overwrite
<clever> and the RR is a single entity, that only changes when the list of targets changes, but not what IP they have
<clever> then the EIP will always update 1 subdomain A
<clever> domenkozar: you make the RR a list of aliases, pointing to subdomains with A records
<clever> domenkozar: i also had an idea a while back on how to manage round-robin via nixops, rather then try to update the A records within the RR when an EIP changes
<clever> latency based routing sounds more tricky
<clever> geolocation based routing could be done entirely within bind, just define what subnets get what subset of the results, but yeah, that could be messy without a subnet to location db
<clever> can bind even do those?
<clever> but i havent messed with latency or geolocation based routing
<clever> i usually manage the zone file directly, and then rebuild-switch
<clever> copumpkin: and its not on https://github.com/issues ?
<clever> copumpkin: and you could put a pre-start on ntp, to query and self-configure
<clever> copumpkin: you can also query the dhcp lease like this
<clever> domain_name_servers='192.168.2.1 8.8.8.8 8.8.4.4'
<clever> $ dhcpcd -U enp3s0
<clever> and when the network comes back up, dhcp has to kick it in the ass
<clever> ntp can easily get hung, and just gives up retrying
<clever> thats just to restart them
<clever> copumpkin: i think this hook gets ran when you receive a lease, and it may have access to that data: https://github.com/NixOS/nixpkgs/blob/release-17.03/nixos/modules/services/networking/dhcpcd.nix#L140-L148
<clever> though if its a nixos problem, nix-env -iA nixos.gist
<clever> ryannix2: nix-instantiate '<nixpkgs/nixos>' -A system -v 2>&1 | gist -p -
<clever> ryannix2: does configuration.nix refer to hardware-configuration.nix
<clever> and i should probably get some sleep, its nearly 4am now
<clever> simpson: and using this, you can generate a disk image with nix-build: https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/make-disk-image.nix
<clever> simpson: the bigger problem i can forsee, is how do you give the user ssh access automatically, there needs to be a metadata service so you can auto-config on first boot
<clever> that makes it imposible to run something like a full bitcoin node, without getting root and messing around with things
<clever> and a 1.8 tb / partition
<clever> simpson: and as an example of poor choices, one of my servers is now stuck with a 20gig /home partition that sits at 56% used
<clever> simpson: my kexec trick lets you wipe the machine and do whatever you want
<clever> simpson: so you have to start with an image that has an FS and layout you can accept
<clever> simpson: as for the major differences between nixos-in-place and my kexec trick, nixos-in-place leaves you stuck with whatever partition layout the machine had to begin with
<clever> dhess: that gist also includes bits of dhcp config, and a way to give every machine its own default
<clever> dhess: i also have this, which splits it out of release and makes it possible to customize: https://gist.github.com/cleverca22/75e3db4dabeff05b743e9be77a2341b9#file-netboot-nix
<clever> simpson: what if you could just give them a nixos image and ask them to bless it?
<clever> dhess: my kexec trick above uses a modified form of it, i run the kernel+initd from ipxe via kexec
<clever> dhess: there is
<clever> simpson: also, does this hoster provide imaging services?, can they just flash an image to the hdd with the click of a button?
<clever> { name = "python2.7-deluge"; version = "1.3.13"; }
<clever> nix-repl> builtins.parseDrvName pythonPackages.deluge.name
<clever> simpson: the DO module will do an http query to http://169.254.169.254 and can query its own IP
<clever> simpson: ask them if they have an auto-config thing similiar to digital ocean, like https://github.com/NixOS/nixops/issues/605
<clever> simpson: with my kexec code, you can just put static network config into it, but you need a new tar for every machine
<clever> Infinisil: and state.symbols.create("version") will either return the int for version, or create&return one
<clever> Infinisil: state.sName is a variable holding the int that means "name", because thats searched for a lot from the code
<clever> Infinisil: the source i linked is also an example of the attr name stuff i mentioned before
<clever> spacefrogg: nix-repl> builtins.parseDrvName "foo-1.2.3"
<clever> { name = "foo"; version = "1.2.3"; }
<clever> Infinisil: also, all attribute names get turned into ints for faster compares
<clever> neat
<clever> nix-repl> "\${foo}"
<clever> "${foo}"
<clever> the '' doesnt appear in the final string
<clever> "${foo}"
<clever> nix-repl> ''''${foo}''
<clever> hyper_ch: yeah
<clever> 17.09pre110213.01c3847b9c (Hummingbird)
<clever> vboxdrv 380928 2 vboxnetadp,vboxnetflt
<clever> $ lsmod | grep -i vbox
<clever> root 3747 0.0 0.0 0 0 ? S< Jul13 0:00 [iprt-VBoxWQueue]
<clever> $ ps aux | grep vbox -i
<clever> hyper_ch: its enabled on my end and i havent seen any problems
<clever> hyper_ch: broken in what area?
<clever> tnks: example?
<clever> bash: command-not-found: command not found
<clever> yeah, those can be usefull
<clever> he has since added some command-not-found logic to it
<clever> command-not-found is hard-coded to look in the channel directory, which is read-only due to nix
<clever> which can index every file in every derivation
<clever> there is also the github.com/bennofs/nix-index project
<clever> the generation keeps being turned off because it slows down channel updates
<clever> Infinisil: the nix channel must also include a sqlite database
<clever> lol
<clever> what do you want from the shell hooks?
<clever> but find another solution
<clever> and you usualy shouldnt nest them
<clever> yeah
<clever> and propagatedBuildInputs forcibly adds things to the input list
<clever> throw an echo into it to help debug
<clever> any time a package is in the inputs list, that gets sourced
<clever> $out/nix-support/setup-hook is for setup-hooks
<clever> tnks: i wouldnt
<clever> tnks: the setup hooks are, not the shellHooks
<clever> (intentionaly confusing statement)
<clever> and time, not time
<clever> you have which, not which
<clever> that also explains why it didnt accept --all
<clever> bash has that cache disabled on nixos
<clever> you have the shell builtin which, which searches the shells PATH cache
<clever> which can search the PATH every time its ran
<clever> i assumed you had the which from the which package
<clever> aha!!!
<clever> "type which"
<clever> ?
<clever> cat ~/.nix-profile/bin/wget
<clever> and is the right one +x'd?
<clever> ls -lh ~/.nix-profile/bin/wget
<clever> or by "which wget" ?
<clever> when you just run "wget" in a shell?
<clever> which --all wget
<clever> did you install it in nix-env or systemPackages?
<clever> symlink share to ${wget}/share/
<clever> ln might be faster
<clever> so your only going to copy the man pages and such
<clever> and your basicaly doing that already
<clever> oh
<clever> i can never keep them right
<clever> ehh, backwards again, lol
<clever> wrapProgram just assumes its out of the way already
<clever> makeWrapper renames the target out of the way, then makes a wrapper
<clever> i mean, wrapProgram
<clever> Infinisil: also, dont copy wget, use makeWrapper instead
<clever> you need to chmod +w
<clever> Infinisil: cp preserves the read-only bin dir
<clever> tnks: so if your line-editing is borked, nix-shell will get upset
<clever> tnks: i think it expects an interactive bash
<clever> mpcsh: i think its already been fixed in master
<clever> tnks: i think the bash in a shells PATH has less features, which breaks the next nix-shell invocation
<clever> mpcsh: the package appears to be broken, it contains zero files
<clever> total 0
<clever> [clever@amd-nixos:/tmp]$ ls -lh /nix/store/1d9qwcfyk3cxck8lqyannxlqc1fbx3nj-bspwm-0.9.3
<clever> but if source is available, just patch it at build time
<clever> linux returns a proper error, libredirect segfaulted (i sent a PR to fix that)
<clever> though one program passed null pointers to stat()!!
<clever> i havent noticed problems with other things
<clever> the nixpkgs chromium has since been wrapped with a script to undo redirects
<clever> and if teamspeak launches chromium, it inherits the vars, and the browser locks up
<clever> i found that it makes chromium deadlock on startup
<clever> Infinisil: any attempt to open a file in /usr/share/X11/xkb gets redirected to the storepath of xkeyboard_config
<clever> libredirect could do it better
<clever> Infinisil: there is also libredirect in nixpkgs
<clever> Infinisil: just beware of when programs fork out children
<clever> Infinisil: yeah
<clever> gchristensen: this boot info script has crazy details like: Boot sector info: Syslinux looks at sector 23436688 of /dev/sdd1 for
<clever> though i think luks spreads the key material over many sectors
<clever> gchristensen: so now a wipefs pass wont erase the disk fully if his password has been leaked
<clever> gchristensen: line 578, i think it posted the encrypted form of his luks header
<clever> yeah
<clever> gchristensen: aha, https://paste2.org/XcGYK8BB
<clever> gchristensen: https://help.ubuntu.com/community/Boot-Repair the boot debug tool i previously mentioned
<clever> ah, thats how bad my memory can be :P