<clever>
are you using your for loop or my mknod list?
<clever>
may need to strip a dev out of the paths
<clever>
done the split
<clever>
i'll do it on this end
<clever>
yeah
<clever>
when i missed that, it deleted some state vital to xorg, and i lost the ability to open any new windows
<clever>
--one-file-system will protect you if a --bind mount is missed
<clever>
jake__: about all i can think of is to make a bash script that does: kill $(cat foo/pid); chattr -i foo/var/empty; rm -rf --one-file-system foo/
<clever>
and on gentoo, it spits my username out half a dozen times, and no other user
<clever>
yeah, the users command doesnt work on my nixos machine either
<clever>
which flag did you pass to nixos-rebuild?
<clever>
isNormalUser handles home for you
<clever>
no need to set home
<clever>
pushed those
<clever>
networking.firewall.enable = false;
<clever>
the guest shouldnt be messing with the host firewall
<clever>
jake__: i think nixos-install handles it by using mount --bind, rather then cp
<clever>
as long as the nameservers dont change, you only have to do it once
<clever>
the name should be nixos
<clever>
need to add a channel with nix-channel --add
<clever>
it will need a /etc/resolv.conf to make the dns work
<clever>
what error?
<clever>
done
<clever>
ah yeah, then i need to delete both of the C's
<clever>
pushed again
<clever>
yeah, just added :$PATH
<clever>
t
<clever>
but i was testing on nixos, so the paths happened to exist on the hos
<clever>
it copies the root from the target pid
<clever>
yeah
<clever>
nsenter -r handles the chroot for you
<clever>
i wasnt thinking of that
<clever>
nope
<clever>
enter changes less, so i should be able to just cp it
<clever>
jake_: i have noticed that nearly everything in nix uses absolute symlinks, and its even breaking a safety within stage-1-init.sh
<clever>
catern: ah, then you will want either a bind or symlink
<clever>
jake_: pushed the fix
<clever>
yeah, i see the solution in /home/clever/apps/nixpkgs/nixos/modules/installer/cd-dvd/system-tarball.nix
<clever>
LnL: ah, i'm using make-system-tarball right now
<clever>
pikajude: i was surprised that it ignored the /proc roots, so its probably LnL's idea
<clever>
jake_: so the nix is going to self-destruct on any operation
<clever>
jake_: oh, maybe the db import isnt being done right
<clever>
when i ran nix-collect-garbage in my test env, nix deleted every last file in the store
<clever>
jake_: be carefull with gc until you confirm its working right
<clever>
jake_: and i think nixos-rebuild will make the gc root, but i'm not sure
<clever>
jake_: yeah, you will want to copy the original configuration.nix from my github
<clever>
jake_: :D
<clever>
jake_: you may also need to cd out and back in after the --bind
<clever>
jake_: the host might not even have cgroups enabled?
<clever>
jake_: the cgroup namespace is probably optional
<clever>
jake_: so you need to mount --bind /foo /foo, to make it into a mount point of itself
<clever>
jake_: oh right, forgot
<clever>
jake_: the directory that will become the root, must already be a mount point
<clever>
catern: it doesnt have to be a symlink either, if you just get somebody to chown an empty /nix/ to your user, the curl install works
<clever>
you would have to unionfs the entire /
<clever>
yeah
<clever>
MichaelRaskin: but in a case like jake_, the / is read-only, so you cant even make an empty /nix to --bind over
<clever>
jake_: and what channel are you building this against?
<clever>
jake_: can you compare the arguments in the script with unshare --help?
<clever>
cstrahan: i was having issues with the guest systemd conflicting with the host systemd, and made it manual for now
<clever>
cstrahan: the exec bash needs to be changed to exec /init
<clever>
with a few more tweaks, i could make it staticly compile mount/chroot/nsenter, and then it would be even more isolated
<clever>
but the unshare is after the chroot,
<clever>
oh, nsenter does need to be on the host
<clever>
cstrahan: yep
<clever>
the only real requirement of the host right now, is that it has /bin/sh, mount, and chroot
<clever>
it could potentialy even work on android, for example
<clever>
so you can launch a nixos container on any linux distro with a compatible kernel, even if the userland tools are missing, and if it lacks systemd on the host
<clever>
cstrahan: this nix expression will generate a tarball containing a nixos container, and some unshare/nsenter scripts to boot it, and gain shells
<clever>
the nixos-container script has this function
<clever>
but containers dont have access to either
<clever>
jake_: normally, systemd would launch a getty process for tty1 thru tty6, and launch the X server via the display-manager service
<clever>
jake_: yeah, nsenter might be better
<clever>
ah, maybe it could, just bash& before you exec systemd
<clever>
once you do get a shell, nixos-rebuild may work, and it will become easier to manage
<clever>
jake_: you either need to use nsenter to force a shell into the same namespace, or setup sshd with the normal flags in the configuration.nix the tar is made from
<clever>
jake_: it has finished booting, and all services listed in the configuration.nix are running
<clever>
jake_: i think that hang is normal, thats what its supposed to do