2017-04-13

<clever> so you essentialy have zero firewall while booting
<clever> and you need to actively isolate them with a config command
<clever> the WAN and LAN ports are bridged on bootup
<clever> but that part is also slightly misconfigured by defaylt
<clever> the A20 processor can change the switch IC config over i2c, so its basicaly a managed switch with the mangement software missing
<clever> copumpkin: the biggest benefit it has, is 5 ethernet ports and a semi-managed switch IC
<clever> well, that solves that problem, lol
<clever> error: Package ‘uboot-Bananapi_defconfig-2017.03’ in ‘/nix/store/mwwncy49y4b691wp527a5qh3lj9hv0cw-nixos-17.09pre105118.65be0b3a4b/nixos/pkgs/misc/uboot/default.nix:53’ is not supported on ‘x86_64-linux’, refusing to evaluate.
<clever> nix-repl> ubootBananaPi
<clever> i also plan to start working on nixos support for https://www.bananian.org/hardware#banana_pi_r1_router
<clever> and i think thats from the new nix command
<clever-also-afk> ah, those are aliases
<clever-also-afk> i do see some groupings of defaults here
<clever-also-afk> defaults are weird, because the default is set in the get call
<clever-also-afk> rui1: builtins.readFile ./foo.txt;
<clever-also-afk> rui1: the owncloud derivation contains files like index.php, a web-server would need to be configured to run on that derivation

2017-04-08

<clever> bbl
<clever> gchristensen: i combined https://nixos.org/wiki/Encrypted_Root_on_NixOS and https://nixos.org/wiki/ZFS_on_NixOS and stuck some lvm in the middle, and it worked on my first try
<clever> gchristensen: ive done 5 systems with that, and one of them is zfs on lvm on luks

2017-04-07

<clever> vandelsand: not officialy on the team, but i have absorbed an abnormaly large amount of the source, lol
<clever> root is special, his packages are available to every user
<clever> exactly
<clever> and that can be usefull to test things
<clever> you can also "nixos-rebuild build" and "nixos-rebuild build-vm" without root
<clever> that too
<clever> then it has to be in roots home
<clever> vandelsand: what command did you run that gave the error?
<clever> adelbertc: so the command i gave can also be: cd ~/nixpkgs; nix-build -A hello --arg config '{}'
<clever> adelbertc: if you dont give nix-build a file, it loads default.nix in the current directory
<clever> adelbertc: --pure removes everything not specified in the deps of that package
<clever> adelbertc: this will build hello, from a given nixpkgs dir, and tell it to ignore ~/.nixpkgs/config.nix
<clever> adelbertc: nix-build /home/clever/nixpkgs -A hello --arg config '{}'
<clever> vandelsand: it should also tell you how to fix it
<clever> aristid: and its relative, saying its not B, when it isnt A either!
<clever> back
<clever> yeah
<clever> i still run slim on all of my machines
<clever> vandelsand: i know slim can manage several of them, f1 to cycle between the options
<clever> where did i do that last...
<clever> but you can also just hand-write a small Makefile with no configure support
<clever> about the only thing you loose is incremental builds, so you cant just edit 1 file and re-run make
<clever> Yaniel: and here is a simple c project: https://github.com/edolstra/nix-repl/blob/master/default.nix#L11
<clever> ive skipped both make and cabal for a number of my nix projects
<clever> gchristensen: yeah, i'm using nix to mutate 643mb worth of pdf's into ~39gig of xml files, and soon it will be parsed down into the data it contains
<clever> let me gist an example of this insanity
<clever> so i had to write nix code that re-runs pdftoxml with 1000 page chunks
<clever> but that needs insane amounts of ram, i think it wants to store the entire xml as a single c string
<clever> i ran it thru pdftoxml
<clever> and the 3 pdf files are treated as 1 unit, so records can cross the pdf boundry
<clever> each record is ~6 lines, and the records can cross the page boundry
<clever> and i need to parse, filter, sort, and re-pdf it
<clever> i have about 260,000 pages of data in 3 pdf files
<clever> and i'm using it for a very similiar thing today
<clever> was using it to automate data processing
<clever> id rewrite it with runCommand though
<clever> Unode: https://gist.github.com/cleverca22/5a5cddbe59092fd9f12b6a2c46d98fef is what i have used in the past
<clever> hmmm, close, but not right: packageOverrides = pkgs: (pkgs.lib.recursiveUpdate (public { inherit pkgs; }) ((import ./overrides.nix).packageOverrides pkgs));
<clever> shlevy: i have 2 cases of that, let me see
<clever> but some of the texlive packages have changed recently
<clever> Unode: i was using pandoc and texlive to do it before
<clever> ive noticed it never worked on gentoo
<clever> it should also affect nix on any other linux distro
<clever> and if you disable man, it will auto-remove all man pages
<clever> so nobody on nixos has noticed the issue
<clever> nixy: because of this line, the .man of everything in environment.systemPackages gets installed
<clever> id call that a bug
<clever> ive got nearly a dozen nixos machines, so i just ssh into one whenever i need it
<clever> odd
<clever> what output did it give when you ran that?
<clever> did it add anything to ~/.nix-profile/share/man ?
<clever> i'm guessing systemPackages handles it a bit differently
<clever> yeah
<clever> looks like nobody added man to this, so its not automatic
<clever> [ "out" ]
<clever> nix-repl> nix.meta.outputsToInstall
<clever> you could just nix-env -iA nixpkgs.nix.man
<clever> ah
<clever> nixy: did you look in ~/.nix-profile/share/man ?
<clever> mbrgm: hmmm, so that should copy the key to the store at eval time, and insert the new storepath into that config option
<clever> can you paste the configuration that has the path?
<clever> mbrgm: shouldnt there also be a keyfile option, that takes a raw (unquoted) path?
<clever-afk> too many udp peers
<clever-afk> i now have 15% packet loss and i can DoS the router by just opening the wrong app
<clever-afk> same
<clever_> disasm: and also patch /usr/sbin/ip
<clever_> disasm: ahh, yeah, libredirect
<clever_> disasm: first run grep on the source to find out where its happening, then substituteInPlace
<clever_> disasm: you will also need to change /sbin/ip to ${iproute2}/bin/ip
<clever_> the biggest advantage of multiple outputs, is that .dev can be garbage collected without breaking .out
<clever_> and the 1st one is the default when you just say ${pango}
<clever_> all of them are listed in the outputs attribute, like outputs = [ "bin" "lib" "out" ];
<clever_> and .bin is the -bin postfix, and so on
<clever_> .out is always the base path, with no postfix
<clever_> disasm: ${pango.out}
<clever_> though you could use the postPatch hook to just cover it all
<clever_> radvendii: depends on if the failure happens at build or runtime
<clever_> radvendii: or if your feeling OCD, ${coreutils}/bin/rm
<clever_> radvendii: just use sed to turn it into 'rm'
<clever_> so instead of actualy loading it, it will run /bin/false
<clever_> that says to run /bin/false any time something tries to load that module
<clever_> install is a config entry for modprobe
<clever_> boot.extraModprobeConfig = "install nouveau /run/current-system/sw/bin/false";
<clever_> vandelsand: dccp was a kernel module with a security problem from a few months back
<clever_> vandelsand: just change that config to say install nouveau instead
<clever_> so all attempts at loading the module just fail
<clever_> but the above, turns "modprobe dccp" into /bin/false
<clever_> blacklisting just stops automated loading based on the pciid
<clever_> boot.extraModprobeConfig = "install dccp /run/current-system/sw/bin/false";
<clever_> gchristensen: i think we discuessed earlier about how blacklist doesnt block modprobe
<clever_> vandelsand: there is also https://nixos.org/nixos/options.html#kernelpara
<clever_> gchristensen: this is also of great help, whenever you want to see how a lib thing works
<clever_> { column = 3; file = "/nix/store/1hlbyz4ni8axnncpqvdjmi2fvcf90y49-nixos-17.09pre102667.2839b10/nixos/lib/strings.nix"; line = 55; }
<clever_> nix-repl> builtins.unsafeGetAttrPos "concatStringsSep" lib

2017-04-06

<clever_> alunduil: and if you import a module, the top level object is likely a function that wants config and pkgs
<clever_> alunduil: yeah, import doesnt need a module, import just returns the top level object
<clever_> alunduil: and those modules must be bare paths within the imports list, you dont import them directly
<clever_> alunduil: the ... allows you to silently drop arguments you didnt name
<clever_> alunduil: all modules are passed the arguments config, options, pkgs, and a few misc other things
<clever_> alunduil: imports is a vastly different beast, and it will recursively load any nixos module loaded under imports, and merge them all together
<clever_> alunduil: import just loads a given file and returns the top level value of the file, whatever it may be
<clever_> phpfpm: i mainly use unstable, so im not always following what channels are doing
<clever_> i think 16.09 might have also done it
<clever_> phpfpm: nix-shell -p uses runCommand, and runCommand is now an alias to runCommandNoCC
<clever_> gcc has to actualy be in the -p list (or use stdenv.mkDerviation), otherwise, the libs just wont work
<clever_> its probably a missing setup-hook then
<clever_> what does this say? "ls -lh /home/sergio/.nix-profile/bin/gcc"
<clever_> and now "type gcc" should give a storepath to the cc-wrapper
<clever_> you need "nix-shell -p gcc sqlite"
<clever_> Sergio965: what did my last nix-shell command do?
<clever_> phpfpm: by default, nix-shell now lacks a gcc
<clever_> and now "type gcc" should give a storepath to the cc-wrapper
<clever_> you need "nix-shell -p gcc sqlite"
<clever_> yeah, that gcc isnt aware of how to find nix packages
<clever_> what does 'type gcc' say?
<clever_> or make a default.nix like above, and then just nix-shell with no args
<clever_> nix-shell -p sqlite
<clever_> need more context around that error
<clever_> including the commands you ran and the prompts
<clever_> Sergio965: can you gist all of the output from the shell?
<clever_> and it will never accidentaly be used by another project
<clever_> i can write a default.nix, that specifies a specific build of sqlite
<clever_> this solves a lot of conflicts that can potentialy come up
<clever_> or that
<clever_> Sergio965: you can also just call it something else, like foo.nix, and then run nix-(shell|build) foo.nix, and now you can put several in the same dir
<clever_> Sergio965: yeah
<clever_> Sergio965: or nix-build to make nix build it
<clever_> Sergio965: put this into a file called default.nix and then run just nix-shell in that dir to get the shell
<clever_> with import <nixpkgs> {}; stdenv.mkDerivation { name="foo"; src = ./.; buildInputs = [ sqlite ]; }
<clever_> if you make a default.nix file, it gets even easyer
<clever_> why?
<clever_> thats how all manual compiles are supposed to be done on nix
<clever_> yeah
<clever_> Sergio965: oops, nix-shell -p sqlite
<clever_> Sergio965: nix will never search for libraries in things you nix-env -i
<clever_> Sergio965: you need to do nix-shell -p sqlite3

2017-04-05

<clever> arianvp2: as Dezgeg said, glibc.static is all you need for libc and libm
<clever> arianvp2: here is a static qemu-user i made: https://github.com/cleverca22/nix-misc/blob/master/qemu-user.nix#L10
<clever> arianvp2: oh, then you need a static copy of glibc
<clever> arianvp2: i have seen a python program sanitizing the env before
<clever> arianvp2: when the script runs gcc, is it keeping the env variables intact?
<clever> arianvp2: glibc should already be in the buildInputs
<clever> arianvp2: can you gist the nix expression?
<clever> arianvp2: are you doing that under a nix-shell?
<clever> i think you just say his @githubhandle in the msg
<clever> nh2: seems simpler to just use nix-shell for incremental building, and leave nix-build pure and for release style stuff
<clever> nh2: so you cant giv it the types of something without also giving it the code, and now it has to rebuild even if the types arent changing
<clever> nh2: yeah, and haskell lacks a header/source separation
<clever> tilpner: nix-env -f '<nixpkgs>' -iA ffmpeg-full would force it to use the ffmpeg-full attribute from the <nixpkgs> entry in $NIX_PATH
<clever> benley: but it will also depend on how much the build-time closure changes between versions
<clever> benley: yeah, but if you compare the time it takes to rebuild 10,000 source files in chromium, to the time it takes to rebuild a dozen of them
<clever> i currently lack a way to auto-generate the nix expressions, and no way to parse makefiles or configure scripts
<clever> ah, it does look very similiar
<clever> nh2: that would allow incremental builds without having to keep timestamps on things
<clever> nh2: this is a plan i had on making every .o file its own derivation
<clever> admin->clear failed builds cache, which leads to http://hydra.earthtools.ca/admin/clear-failed-cache on my box
<clever> copumpkin: what about restarting https://hydra.nixos.org/build/51178928 ?
<clever> gchristensen: kk
<clever> bennofs: which are imposible to describe in nix, the eval would fail
<clever> copumpkin: try manualy restarting https://hydra.nixos.org/build/51148812
<clever> copumpkin: odd, i think the 2 failing builds are referencing eachothers failures
<clever> copumpkin: with the same message?, got a link to the build?
<clever> gchristensen: oops, wrong g name
<clever> goibhniu: i'm free for the next ~8 hours now
<clever> copumpkin: within the eval, you can tell it to retry all failed builds
<clever> mg_: ah, or what gchristensen just said
<clever> mg_: try loading it with callPackage rather then import
<clever> gchristensen: yeah, i'll also have some time free tonight till about 10 or 11pm
<clever> gchristensen: my schedule is clear for the next ~5 hours
<clever> gchristensen: ah
<clever> gchristensen: pong

2017-04-04

<clever> and then run nixos-rebuild switch -I nixpkgs=/home/clever/nixpkgs/
<clever> railswalker: either checkout the same revision nix-channel is using and manualy apply the change, or just checkout the version in the pr
<clever> railswalker: there is currently no way to override a nixos module, your only option is to checkout a copy of nixpkgs
<clever> it would probably be better to make your own thing that will check for the existance of /var/lib/mysql/foo and then create the foo db if it doesnt exist
<clever> but it will only init the mysql engine once, so you would need to blow away /var/lib/mysql to make it re-init and use the new list
<clever> it can declaratively join all the modules up
<clever> mojjo: and there is no type set on the option, so nixos will concat each list from every module
<clever> t
<clever> mojjo: so if you ever add another thing to that option down the road and nixos-rebuild switch, it wont do what you expec
<clever> mojjo: the biggest problem i have seen with the design of services.mysql.initialDatabases is that it can only ever run once, when /var/lib/mysql doesnt exist yet
<clever> depends on how fast you want things and how much power your willing to waste
<clever> wak-work: probably, but your more likely to have half a dozen x86 machines just idling
<clever> dash: but xargs has some issues under qemu-user, so you need a full vm or native to get some things like a kernel done
<clever> wak-work: slower then native, yeah, but i believe its faster then emulating an entire arm, kernel&all
<clever> dash: and if you use the nix on line 10 then you can tell nix-daemon about that
<clever> dash: with this, you can run unmodified arm ELF files on an x86 machine
<clever> dash: you can also use qemu-user for most builds
<clever> philipp[m]: if your using nix-daemon, then it will probably use the root keys
<clever> ma9e: does running patchSheBangs on the dir with the script fix it?
<clever> dash, gchristensen: yeah, not-os just uses an arm build slave to handle things
<clever> gchristensen: i am now
<clever> makefu: yep, but the current nixos firewall doesnt have options for extending it at runtime
<clever> makefu: in theory, you could add nixos firewall support to not-os, and then build an arm image from that, but currently, you would need to reflash the device to change a firewall rule
<clever> makefu: and i do have an x86 router running nixos
<clever> makefu: i have booted not-os on a raspberry pi (arm)
<clever> pie_: as for why i picked that name, its an OS based on nix, but its not nixos
<clever> ah
<clever> pie_: id say not-os is more of an example right now, something you would want to fork and further customize, to suit your embeded programming needs
<clever> heh
<clever> just got back to the laptop
<clever> gchristensen: *waves*

2017-04-03

<clever> shout-user: try installing nox and then run "nox chrome"
<clever> nix-env isnt recursive by default
<clever> thats probably making things worse
<clever> ah, and also idea is under an attr
<clever> that sounds right
<clever> can you pastebin the config.nix?
<clever> then ~/.config/nixpkgs/config.nix, and finally "/.nixpkgs/config.nix
<clever> ";
<clever> so the config argument has top priority, followed by $NIXPKGS_CONFIG
<clever> shout-user: this is the logic that decides which file to read
<clever> depends on the version of nixpkgs your running
<clever> it might be ~/.nixpkgs/config.nix
<clever> nix-env will re-read it every time it gets ran
<clever> nope
<clever> ~/.config/nixpkgs/config.nix should contain { allowUnfree = true; }
<clever> which locks down the nix-ssh user, and forces all sessions to result in nix-store --serve being ran
<clever> shout-user: and if you enable sshServe, it will just insert this text into /etc/ssh/sshd_config
<clever> https://nixos.org/nixos/options.html#nix.ss explains what it does
<clever> and options like nix.sshServe are only for nixos, they dont work on OSX
<clever> configuration.nix has to be at /etc/nixos/configuration.nix and it only impactx nixos-rebuild
<clever> shout-user: what did you put in config.nix?
<clever> shout-user: ssh-substituter-hosts is an option for /etc/nix/nix.conf
<clever> we can all see your password
<clever> jethro`: grats
<clever> fnlkj: oops, meant to send that to fXl
<clever> fnlkj: and this is what gets set when you enable bumblebee: https://github.com/NixOS/nixpkgs/blob/release-17.03/nixos/modules/hardware/video/bumblebee.nix#L77
<clever> ive had it work with just nvidia in the list
<clever> i'm not sure how it will work when you specify 2 like that
<clever> fXl: what is xserver.videoDrivers set to?
<clever> fXl: that just references a device section declared elsewhere
<clever> to get the other versions, the one with the highest number is probably the one that you made earlier and didnt get working
<clever> you will want the one near /nix/var/nix/profiles/system-*-link/etc/lightdm/lightdm.conf
<clever> the one in /etc is for the current config that is probably working
<clever> fXl: it should have an xserver-command= that contains the xorg.conf path
<clever> fXl: ah, lightdm does things differently from slim, you need to check /etc/lightdm/lightdm.conf
<clever> fXl: and the contents of the start script referenced on line 16
<clever> fXl: can you put it in a gist?
<clever> fXl: oops, display-manager.service
<clever> shout-user: profiles are just a collection of symlinks, and you normaly arent switching them around, just working on generations within a single profile
<clever> and this would list every version of display-manager.service over time
<clever> $ ls -lh /nix/var/nix/profiles/system-*-link/etc/systemd/system/display-manager.service
<clever> fXl: which will have a different xorg.conf path for each generation
<clever> fXl: read /etc/systemd/system/display-manager.conf
<clever> the -qa flag will only show unfree packages if you first turn unfree packages on
<clever> shout-user: nix-env -iA nixpkgs.idea.idea-ultimate
<clever> same as 136 already does
<clever> qt5 = pkgs.qt5 // {
<clever> SovereignBleak: oh, the rec on line 135, you need to use pkgs.qt5 to force it to not be recursive
<clever> SovereignBleak: this will take the old qt5, and overwrite the base attr, then return the new set

2017-04-02

<clever> SovereignBleak: found the problem, line 139 replaces the entire qt5 with an attrset containing only qt5.base
<clever> SovereignBleak: line 51, it cant be quoted
<clever> SovereignBleak can you also gist the configuration.nix?
<clever> SovereignBleak: can you gist your latest attempt?
<clever> at least, when using the built-in nixos containers
<clever> vaibhavsagar: which will also include the config and code for every other container
<clever> vaibhavsagar: part of the issue there, is that every container has full read access to the host /nix/store
<clever> so you could make a nix expression that defines config for 100 boxes, hit go, and then it just goes out and adds 100 boxes to your bill
<clever> for cloud providers with a supported API, nixops can just create the entire machine for you
<clever> vaibhavsagar: and there is also targetEnv = "none";, where you have to manualy setup a nixos box, with root ssh, then nixops will take care of the rest
<clever> vaibhavsagar: not sure on what the other platforms in nixops will do
<clever> vaibhavsagar: for other provides like digitalocean, it will ssh into a base ubuntu image, and then reinstall nixos over the rootfs
<clever> vaibhavsagar: for nixops on aws, it will spin up a VM running a clone of a base image the foundation uploaded to aws
<clever> yep :)
<clever> yeah, fetchgitLocal is a bit weird
<clever> calvertvl: yeah
<clever> calvertvl: you have no network access in postUnpack
<clever> calvertvl: depends on how many sub-modules you have