<clever>
celph: yep, that should work, you could also make a grub = { ... }; block inside there, to remove a grub. from everything
<clever>
i also cant even get battle.net into a usable state
<clever>
Infinisil: last i looked, it uses a version of directx that wine hasnt even started work on
<clever>
celph: you also need to set boot.loader.grub.efiSupport = true;
<clever>
celph: line 197 is due to the same thing, i'm guessing the rest is btrfs related
<clever>
celph: line 4 says you have grub setup for legacy booting, not efi, you want to set boot.loader.grub.device = "nodev";
<clever>
Infinisil: overwatch doesnt work under wine, on any distro
<clever>
celph: i dont think systemd-boot supports encrypted /boot, so you need to set boot.loader.grub.enable = true, and remove the systemd-boot.enable
<clever>
celph: so turning on the cryptodisk in grub wont do anything
<clever>
celph: oh, that error in your pastebin is from systemd-boot, not grub
<clever>
let me check some sources
<clever>
ive also had it working in chromium at one point
<clever>
netflix also works on nixos
<clever>
what does fdisk -l /dev/sdX say about the whole drive, and what is mounted to /mnt/boot/efi/ ?
<clever>
the new install
<clever>
has it given any errors?
<clever>
might*
<clever>
i can see how that much work
<clever>
celph: when i did my luks install, i left /boot as a cleartext ext4
<clever>
which means it cant be encrypted
<clever>
celph: efi requires that the UEFI firmware be able to read the fat32 partition
<clever>
for efi systems, ive heard you can just make all of /boot fat32
<clever>
long-term, on nixos, you can set networking.nameservers = [ "8.8.8.8" ]; to make that change stick, or services.bind.enable = true; to do the same thing Elementary does
<clever>
that will temporarily fix it
<clever>
celph: for now, manualy edit /etc/resolv.conf to set the dns to 8.8.8.8
<clever>
celph: it sounds like your ISP or router dns is dead, and only machines that do their own dns work
<clever>
celph: yep, that machine is using dnsmasq as a local dns server/cache
<clever>
celph: on that box, run "ps aux | grep bind"
<clever>
celph: are other machines on the same lan working, and also set to use 192.168.100.254?
<clever>
the live-iso should have working nix-env and nixos-rebuild
<clever>
sphalerite: ive been in this house for 15+ years
<clever>
i also need to get a new laptop, the old one took 5 minutes just to load an appveyor log
<clever>
sphalerite: i move around so little that my computer chair has worn a hole thru the floor, lol
<clever>
so i keep hearing seeking noises from a system that is now primarily SSD based
<clever>
sphalerite: and also anoyingly, the fans rattling, sounds just like a magnetic hdd seeking, lol
<clever>
ive got a giant beast of a desktop
<clever>
ah
<clever>
sphalerite: i never took the sata's out of my machine, so i still have sda and a bunch more
<clever>
sphalerite: ahhh, i see
<clever>
sphalerite: ah, yeah
<clever>
sphalerite: /dev/vda should also work inside the vm
<clever>
Infinisil: systemd-boot/gummiboot is efi only
<clever>
Sonarpulse: i'm not sure you can safely rename those variables, i just considered them a feature and used them any time i had to override flags
<clever>
grub supports both legacy and efi, and can even install as both at once
<clever>
so secureboot is only of use if you can lock down the firmware (to stop people from turning it off), and you also load your own keys and sign your OS yourself
<clever>
and revoking the MS key would invalidate every install dvd that has been printed
<clever>
so even with secureboot on, its trivial to run unsigned code on bootup
<clever>
yes
<clever>
and also, MS left a debug feature in their signed bootloader, that allows it to run unsigned code
<clever>
you could even use a patched tianocore or duet, to boot an EFI OS with "secure boot" on a legacy machine
<clever>
a malicious bootloader can just modify the table, and pass a fake function in that slot
<clever>
one of those functions returns a bool, saying if secureboot is on or not
<clever>
when the EFI runs an OS, it passes it a table of function pointers
<clever>
first, there is absolutely no way for the OS to properly verify if secureboot is on or not
<clever>
ive also found things like secureboot to be a bit of a joke
<clever>
Sonarpulse: i also find myself doing that as well
<clever>
Infinisil: yeah
<clever>
grub will write raw x86 assembly to that partition, and the stub in the MBR will load&run it
<clever>
so grub needs a dedicated "bios boot partition" for the stage1.5 data
<clever>
but with gpt, the table no longer fits in 1 sector, and its just wrong to use "unused" space like that
<clever>
with legacy on mbr, grub just jams the stage1.5 file between sector 0 and partition 1, in "free space"
<clever>
Infinisil: yeah, legacy booting on gpt partitions
<clever>
with efi, the firmware will load a PE file (same format as .exe files), link it to services provided by the firmware (proper sata drivers, and filesystem support), and execute it
<clever>
with the legacy method, the firmware loads a 512 byte blob from the disk, and executes it, and all IO has to be done with software interupts (the same api dos used!!)
<clever>
the new framework for motherboard firmware and os booting
<clever>
not once have i gotten anything efi based to boot on my own hardware
<clever>
also, i have had an abnormaly difficult time getting anything efi to work
<clever>
and i had the optional to persist the data at shutdown, or not
<clever>
so it ran 100% from ram
<clever>
but, while running, the usb stick was removable
<clever>
then at shutdown, i would tar the writable tmpfs overlay, and save it back to the usb stick
<clever>
i put the entire rootfs into a squashfs on a usb stick, and had the initrd copy the squashfs to ram on bootup
<clever>
sphalerite: that reminds me of a crazy thing i did with gentoo many many years ago
<clever>
:D
<clever>
but for every single default.nix in every package, just leave it to mentionbot, is that even around still?
<clever>
for the core things like the haskell framework and such, it could be done
<clever>
obviously, it doesnt know what to do with a nix output
<clever>
and cabal itself handles inserting the value of --prefix
<clever>
turns out, nix (and bash) are passing a raw "$prefix" to cabal, without doing the variable
<clever>
i also recently tried to figure out why "--libdir=\\$prefix/lib/\\$compiler" worked, but "--libdir=\\$lib/lib/\\$compiler" didnt
<clever>
ow
<clever>
sphalerite: and package.conf.d/js-jquery-3.1.1-DsXVNi5bGjYAL1XqAI9k8I.conf:haddock-html from the lib/ subdir depends on doc
<clever>
sphalerite: ghc has been striken from he closure, but not the ghc docs!
<clever>
sphalerite: it builds, but the html docs are in the same dir as the runtime data
<clever>
libs must go into $out
<clever>
sphalerite: because of bindir, libexecdir, and sysconfdir in the Paths_ module!
<clever>
sphalerite: ok, $out now contains ONLY nix-support/propagated-native-build-inputs and nothing else, cycles still exist! lol
<clever>
sphalerite: except, psql can occur in a hash from nix
<clever>
sphalerite: i also remember something else having a related bug, where if psql is found in a certain env variable, it wouldnt try to add psql config flags, because you already have them
<clever>
but, why is cabal being so unpredictable?
<clever>
sphalerite: so it must be under ghc-802/x86_64-linux-ghc-8.0.2
<clever>
sphalerite: and for extra mess, it always puts it into a x86_64-linux-ghc-8.0.2 subdir of the dir i specified
<clever>
if it doesnt detect ghc, it puts it into $prefix
<clever>
if it detects ghc in the datadir, it obeys it for the html docs
<clever>
sphalerite: found the cause, "--datadir=$data/share/fooghcbar" puts the docs in the datadir
<clever>
bdimcheff: yeah, trikl[m] was asking about riot
<clever>
yeah
<clever>
sphalerite: but "--datadir=$data/share/" puts the html docs into $out...
<clever>
sphalerite: fun..., "--datadir=$data/share/${ghc.name}/${pname}-${version}" puts the html docs into that dir
<clever>
2017-04-25 16:15:07< bdimcheff> this riot thing is interesting but yeah it won't be upstreamed
<clever>
sphalerite: it was also fun to even be able to test changes to generic-builder.nix, nixpkgs wanted to rebuild 2 GHC's for every change
<clever>
sphalerite: yeah, i'm splitting the data off now
<clever>
the package contains references to its datadir
<clever>
lib depends on out, and out depends on lib
<clever>
it might be simpler to move the datadir then then libdir
<clever>
sphalerite: the cycle detection and runtime build graph
<clever>
sphalerite: do you know if nix excludes that file at all?
<clever>
sphalerite: the propagated-native-build-inputs look like it might cause a problem, $lib depends on $out, and due to propagated-native-build-inputs, $out also depends on $lib
<clever>
jophish: yeah, the rpi image stuff is a bit of a mess right now, it was a mix of stuff from outside of the repo and i just commited it to make a backup
<clever>
sphalerite: not yet, i'm currently trying to make ALL of haskellPackages obey $out and $lib!
<clever>
jophish: yeah, i'm here
2017-07-05
<clever>
Unode: does it have to be static?, dynamic builds just work better on nix
<clever>
Unode: you need to add glibc.static to the -p flag
<clever>
schoppenhauer: the mysql service already has something similiar, but its a lot more imperative
<clever>
schoppenhauer: you could also store the database schema version in that file, and upgrade/fail if the database isnt compatible with the software
<clever>
schoppenhauer: line 9, baseDir = "/var/lib/hydra";
<clever>
schoppenhauer: and then the first time the -init service is ran, it can create everything
<clever>
schoppenhauer: yeah
<clever>
schoppenhauer: and lines 305/306, the real service depends on the init service
<clever>
schoppenhauer: this creates a hydra-init service, and if the .db-created file doesnt exist, it will create the db and file
<clever>
Infinisil: this also makes sure the deps come from the same version as the ghc
<clever>
Guest398274: but you can also just luksFormat /dev/sda1 directly
<clever>
Guest398274: and one of them will point to the partition you made for the luks
<clever>
Guest398274: when you create a partition table with gpt, those symlinks will be made automaticaly
<clever>
Guest398274: that symlink points to a partition, not the root of a drive
<clever>
Guest398274: both of them can boot with legacy
<clever>
otherwise, they are pretty much the same
<clever>
Guest398274: with gpt, you need a bios boot partition, 1mb, no fs, never mounted
<clever>
Guest398274: yeah
<clever>
that probably wont work
<clever>
spinus: he doesnt have a partition table, at all
<clever>
Guest398274: but you have no partition table, period, so i dont expect that to work
<clever>
spinus: with MBR, grub will automaticaly insert itself into a gap between sector 0 and partition 1
<clever>
Guest398274: what does "blkid /dev/sda" say?
<clever>
Guest398274: oh, you need to set the device on the luksroot to a partition, not the root
<clever>
Guest398274: is sda mbr or gpt?
<clever>
it fills in a name automaticaly if you use an attribute, rather then a list
<clever>
yeah, thats the same as { name = "crypted", device = "/dev/disk/by-uuid/...."; }
<clever>
and if sda is gpt, you must create a bios boot partition, no fs, never mounted, ~1mb in size
<clever>
that cant be encrypted
<clever>
the grub.device is where grub has to install the MBR stub, which the bios will execute
<clever>
neat
<clever>
nh2: aha
<clever>
ah
<clever>
joepie91: oh, and it may need rec
<clever>
joepie91: this is something new users can get wrong easily
<clever>
joepie91: what about this: { f = x: x; a=1; b=2; list = [ a f b ]; }
<clever>
joepie91: neat
<clever>
bbl
<clever>
catern: they can obey nix.package in your config, to compile against a different version of nix
<clever>
and the github search is too broken to fnd the issue i saw the convo in before
<clever>
if nixos-install was extracted, it wouldnt need a dummy
<clever>
catern: its less that nixos-install needs a config, and more that nixos needs a config before it will let you access the nixos-install attribute
<clever>
catern: its less that nixos-install needs a config, and more that nixos needs a config before it will let you access the nixos-install attribute
<clever>
it needs certain kernel features like namespaces
<clever>
the problem, is that nixos doesnt want to officialy support this hack
<clever>
and it does that after chroot'ing into /mnt
<clever>
yeah, nixos-install will read from /mnt/etc/nixos/configuration.nix
<clever>
but it works if you do the right incantation
<clever>
and nixos wont let you access a lot of parts until the config is valid
<clever>
the nixos-install command is an internal part of nixos
<clever>
it just needs a dummy configuration.nix
<clever>
yeah
<clever>
thats for using the non-nixos rescue env from a datacenter, to install nixos
<clever>
catern: basicaly, you can use that whole guide
<clever>
you need to run a special nix-env command to get nixos-install
<clever>
the nixos-install command does the chroot for you
<clever>
catern: so if you boot from the installer, mount a nixos root to /mnt, and then mount the nix dir to /mnt/nix/, nixos-install should keep everything that already exists
<clever>
one sec, brb
<clever>
catern: if /nix exists in /mnt when you run nixos-install, it will just copy things in
<clever>
nixos will assume full control of the bootloader
<clever>
other things can be done, but they are more complex
<clever>
the other subdirs have to share as well
<clever>
correction, a 3rd for /nix/
<clever>
make 2 rootfs partitions, and a 3rd for /nix/store, thats the simplest
<clever>
ahh
<clever>
then you need a 2nd rootfs
<clever>
ah
<clever>
oh
<clever>
(except the store)
<clever>
if that file exists on bootup, stage-1 will basicaly "wipe" the rootfs by moving everything to /old-root/
<clever>
catern: then "touch /etc/NIXOS_LUSTRATE"
<clever>
catern: this will overwrite the bootloader and update grub.cfg
<clever>
catern: then as root, "./result/bin/switch-to-configuration boot"
<clever>
catern: that will leave a copy of nixos in /nix/store/ and symlink result to it
<clever>
catern: first, you need to: nix-build '<nixpkgs/nixos>' -A config.system.build.toplevel -I nixos-config=/etc/nixos/configuration.nix
<clever>
catern: yeah, /etc/NIXOS_LUSTRATE
<clever>
catern: let me find the notes...
<clever>
catern: it is possible, and some recent changes have made it simpler
<clever>
catern: but yeah, its more pure/simple to format it
<clever>
catern: ive done it a few times
2017-07-03
<clever>
gchristensen: just unpacking it on my pi takes forever
<clever>
gchristensen: does sound usefull to have an extra linting stage, before you unpack the full kernel source
<clever>
joepie91: and then adding a simple key=value entry to it, overwritting one, or appending
<clever>
joepie91: for example, reading a configuration.nix file (a function returning a set, possible with complex expressions)
<clever>
joepie91: one of my past projects needed an AST for nix files, with the ability to apply arbitrary mutations and then serialzing it back out to nix
<clever>
lol
<clever>
which lets me remotely reinstall or repair a nixos
<clever>
sphalerite: then i could upload that to petitboot, and kexec it instead
<clever>
sphalerite: and also with an scp option, i could build a nixos kernel+initrd that has a full rootfs embeded into the initrd
<clever>
yeah
<clever>
i was thinking of just making it the only option in grub
<clever>
kexec in either case, maybe with an scp option as well
<clever>
and if it does get one, it fires up sshd, and presents you with a boot menu
<clever>
and if it doesnt get one within the first 2 seconds of booting, it skips the menu and goes right to the default
<clever>
my general idea, was that you would launch a client that spams it with udp packets at a rate of about 10/sec maybe
<clever>
yeah, thats exactly what i was going to do, lol
<clever>
i was thinking of creating exactly that, to handle the rollback menu for headless servers
<clever>
they did! lol
<clever>
did they take my head and make it a few years in the past? lol
<clever>
sphalerite: yeah, grub2 is sort of its own os, with a kernel and loadable modules
<clever>
i'm just sort of attached to grub, been using it for 13 years, lol