#nixos — irc logs

15:43 <clever> oops, managed to miss that

15:42 <clever> turion: with the $

15:42 <clever> turion: what does `echo "configurePhase"` say?

15:40 <clever> and genericBuild auto-detects that for you

15:40 <clever> but then you have to know if its been set or not

15:40 <clever> that would turn all the newlines into spaces, it needs to be more like `eval "$configurePhase"`

15:39 <clever> turion: `phases="configurePhase" genericBuild` is the simplest way to let nix pick the right one by the normal rules

15:39 <clever> turion: configurePhase always refers to a bash function for the default, $configurePhase is the override

15:37 <clever> turion: did you override configurePhase?

15:34 <clever> weird, callPackage is missing from the ,callPackage help text!

15:33 <clever> turion: but use nix-shell instead of nix-build

15:33 <clever> ,callPackage

05:34 <clever> sb0: though, its still copying the src, and then basically doing `mkdir build ; cd build ; cmake ..`

05:33 <clever> sb0: cmake already does that automatically

21:40 <clever> etu: lol

21:39 <clever> etu: yeah, its a middle-man between the cpu and disk

21:38 <clever> if your motherboard dies, your data is RIP :P

21:38 <clever> etu: full disk encryption, seamless, no pw prompt, key is tied to the motherboard

21:38 <clever> etu: theres also the apple T2 based disk encryption

21:34 <clever> etu: and you now have no way of knowing how secure the disk actually is

21:34 <clever> etu: i think the root problem, is that the api meant to be just a on/off switch, not proper crypto

21:33 <clever> while still on

21:33 <clever> azazel: yeah, it would have to be done by somebody that knows its drive-managed, and they would have to get their hands on a pc after it booted

21:32 <clever> yeah, that too

21:31 <clever> morgrimm: and then i can just dump everything

21:30 <clever> morgrimm: in theory, if i remove the drive from the pc, without disconnecting power, it will continue to decrypt itself

21:28 <clever> thats one of them, there are others in that area

21:27 <clever> fresheyeball: cant remember the name of the tool

21:23 <clever> fresheyeball: no real laws on what you can or cant do

21:22 <clever> fresheyeball: for nix, it will just run the function in __functor, if you treat a set like a function

21:20 <clever> morgrimm: sounds like it should just work

21:20 <clever> fresheyeball: what are those laws?

21:19 <clever> fresheyeball: what is that?

21:19 <clever> fresheyeball: it lets you treat a set as-if it was a function

21:12 <clever> morgrimm: sounds like your bios is being funny

21:11 <clever> morgrimm: it should be showing uuid's like this

21:11 <clever> Boot0004* UEFI OS HD(1,GPT,27c99b08-455d-4dfe-a44f-6150cbc09ef8,0x800,0x100000)/File(\EFI\BOOT\BOOTX64.EFI)..BO

21:11 <clever> morgrimm: "linux boot manager" doesnt look right

20:55 <clever> morgrimm: can you pastebin that all, and the output of `blkid /dev/sd*`

20:54 <clever> morgrimm: might have been -v

20:53 <clever> morgrimm: which uuid is in the efi vars (install efiboormgr) and if you have duplicate boot parititons

20:50 <clever> morgrimm: what does `efibootmgr -V` and `fdisk -l` report?

20:49 <clever> morgrimm: which bootloader are you using?

20:45 <clever> morgrimm: depends on which bootloader and what config it has

20:43 <clever> morgrimm: so the config in there said to delete them

20:43 <clever> morgrimm: sounds like /boot wasnt mounted when you added the users

20:35 <clever> pingiun: probably

20:30 <clever> energizer: it will try to umount /

20:30 <clever> energizer: yeah

20:29 <clever> energizer: hardware-configuration.nix would be a reasonable way to do it, but use boot, not switch

20:28 <clever> energizer: gchristensen has a blog post on that

20:17 <clever> pingiun: no idea whats happening, but id get more of the backtrace (beyond frame 9) and then post it to an issue on github

20:12 <clever> pingiun: the corefile is only of use with the binary that made it, run gdb against them (systemctl gdb <pid>) and then `bt`

19:56 <clever> pingiun: yeah, would need a coredump and bt to know more

19:54 <clever> pingiun: builtin:fetchurl means nix itself should just fork out a child proc, and run an internal function

19:48 <clever> pingiun: and if its linux+systemd based, try turning on coredumpctl

19:48 <clever> pingiun: run `nix show-derivation` on that drv to get its builder, then try just running that builder directly

23:44 <clever> glittershark: dang, not sure what else to try then

23:21 <clever> glittershark: for a docker container, try adding glibcLocales to the contents list

21:08 <clever> sphalerite: they patched linux to make namespacing require root by default, for any operation

21:06 <clever> sphalerite: nice, but that will likely fail when debian disables user namespaces

21:03 <clever> sphalerite: is that `nix run --store` also chroot'ing the `hello` binary as well??, or was it just working by chance due to deps in the real /nix/store ?

21:00 <clever> energizer: you need to edit either the Makefile or the nix expr thats building it

20:58 <clever> energizer: gcc then complained that no, cert, and file are not in scope

20:58 <clever> energizer: which is ~3 variables, and a jumble of division and subtraction operations

20:58 <clever> energizer: so it turned into the C code: setenv("NIX_SSL_CERT_FILE", /no-cert-file.crt);

20:57 <clever> energizer: the /no-cert-file.crt wasnt double-quoted

20:33 <clever> 34 then takes a derivation from elsewhere (like default.nix), and overrides it, adding the 3 scripts to buildInputs

20:33 <clever> lines 31-33 run the function from 11, to generate 3 scripts

20:33 <clever> line 11 takes a set, and generates a bash script to run something from the dist folder (left-over from `cabal build`)

20:33 <clever> line 3 makes a dir with a bunch of cfg files

20:32 <clever> danderson: here is a more complex example: https://github.com/input-output-hk/cardano-sl/blob/parallel-restore/wallet/shell.nix

20:32 <clever> danderson: even a rubber duck works!

20:32 <clever> :D

20:30 <clever> danderson: let foo = stdenv.mkDerivation { ... }; in stdenv.mkDerivation { name = "shell"; buildInputs = [ foo ]; }

20:26 <clever> keithy[m]: switch always needs root

20:26 <clever> keithy[m]: and what does `nixos-rebuild switch` output?

20:25 <clever> keithy[m]: how did you try setting guiAddress?

20:24 <clever> keithy[m]: can you confirm the new address is in /etc/systemd/system/syncthing.service ?

20:24 <clever> keithy[m]: the guiAddress is directly in the ExecStart line of the .service file, it should restart when changed

20:23 <clever> https://github.com/NixOS/nixpkgs/blob/release-20.03/nixos/modules/services/networking/syncthing.nix#L484

20:22 <clever> keithy[m]: depends on how its told to use that file

20:22 <clever> keithy[m]: rebuild checks if the file in /etc/systemd/system/ changed

19:50 <clever> ixxie: systemd treats each of them as its own service, but they share the ExecStart and part of the name

19:50 <clever> systemd will replace that in the ExecStart (and other fields), with the bar from foo@bar.service

19:49 <clever> ixxie: and then look for %I in `man systemd.unit`

19:48 <clever> ixxie: and then you use systemd instances to define an ExecStart for foo@.service, then set just the wantedby for foo@bar.service

19:48 <clever> ixxie: you use submodules in nixos to let you set services.foo.<manythings>.bar

19:43 <clever> and if you need a 2nd vpn link, it just makes another instance

19:42 <clever> ixxie: nixos lets you define a services.openvpn.foo and then start openvpn@foo

19:42 <clever> ixxie: look at openvpn or wireguard for examples

19:42 <clever> ixxie: yeah

19:39 <clever> ixxie: then you want to create a minio@foo service in systemd

19:38 <clever> ,xy ixxie

19:38 <clever> ixxie: what about using foo@bar services in systemd?

19:38 <clever> ixxie: why do you want duplicate instances?

19:36 <clever> ixxie: put the copy of the module in /etc/nixos/ and do imports = [ ./copy.nix ];

19:35 <clever> services.hydra2

19:35 <clever> ixxie: i tend to just edit the name of the service and config in the module, if i want a dup

18:18 <clever> virus_dave: it should be deterministic, but darwin is case insensitive by default, which can cause issues

16:12 <clever> reirob: this produces a /init in an initrd, that is fully static

16:12 <clever> reirob: and then a stripped down example: https://github.com/cleverca22/nix-tests/blob/master/haskell-init/default.nix

16:11 <clever> reirob: https://github.com/nh2/static-haskell-nix

16:11 <clever> reirob: one sec

16:08 <clever> mikky: so `foo = "bar";` is priority 100, while `foo = lib.mkForce "baz";` is priority 10

16:07 <clever> and the "default" priority (not mkDefault) is 100

16:07 <clever> 1500 is the default= inside an option, 1000 is mkDefault, 50 is mkForce, 10 is mkVMOverride

16:06 <clever> mikky: mkForce has a stronger (smaller number) then the normal setting

16:02 <clever> reirob: can you pastebin the entire cabal file that is failing?

16:01 <clever> mikky: but if you set it without a level even once, then it ignores all defaults, and uses all of the normals

16:01 <clever> mikky: so if you only mkDefault, then it will merge all mkDefault's

16:00 <clever> -highest

16:00 <clever> mikky: it will then get everything at that level (all of the mkForce values for ex), and merge them according to the normal merge rules

16:00 <clever> mikky: for every given option, nixpkgs will find the highest smallest override level (50=force, 1000=default) for that option

15:59 <clever> reirob: yeah

15:58 <clever> reirob: it should be all lowercase, but what you pasted had a E in it

15:56 <clever> immae: the bashrc stuff in nixos will put it back in PATH on login

15:55 <clever> reirob: lowercase executable, does that do something diff?

15:54 <clever> aanderse: if you remove permission to /nix/var/nix/profiles/per-user/clever, then i expect all nix-env commands to fail to modify it

15:54 <clever> lrwxrwxrwx 1 clever users 45 Oct 11 2015 /home/clever/.nix-profile -> /nix/var/nix/profiles/per-user/clever/profile

15:54 <clever> aanderse: always confirm what they claim

15:53 <clever> aanderse: never trust the user :P

15:52 <clever> aanderse: what about the grep?

15:51 <clever> aanderse: `grep nix-env /home/username/.bash_history` ?

15:51 <clever> aanderse: and busybox's ls likely doesnt support --color

15:51 <clever> aanderse: a common issue, is that `comand-not-found` will tell you to install busybox, because it has everything

15:50 <clever> aanderse: `command ls -l /home/username/.nix-profile/bin/ls`

15:49 <clever> reirob: what if you run cabal2nix on the cabal file manually?

15:48 <clever> aanderse: what about `which ls`

15:48 <clever> lol

15:46 <clever> aanderse: what does `type ls` report?

15:25 <clever> ,pastebin

12:46 <clever> reirob: it already loaded ghci, so its not a problem building ghci

12:44 <clever> reirob: what is in release0.nix?

12:43 <clever> reirob: are you using nix-shell when you get the linker errors?

12:29 <clever> vandenoever: how much ram is nix using?

19:46 <clever> energizer: yeah, which means proot isnt working right

19:44 <clever> energizer: load a normal dynamic library

19:42 <clever> cole-h: add `-f '<nixpkgs>'`

19:40 <clever> most programs use `isatty()` to figure out what stdout is

19:40 <clever> genevino: or just throw `|cat` at the end i believe

19:25 <clever> energizer: nope, its using LD_PRELOAD to overwrite glibc functions, and then prepends a string to all paths

19:23 <clever> energizer: but then debian/ubuntu decided to get in the way, and make namespacing require root by default, and you have to specially allow non-root to use it

19:23 <clever> energizer: nix-user-chroot uses namespacing, so it has better performance

19:20 <clever> prusnak: i try to always use dockerTools.buildImage

19:20 <clever> a static binary is the simplest answer

19:19 <clever> but it might break if ubuntu has the "wrong" glibc

19:19 <clever> you could just use patchelf to undo the rpath stuff

19:19 <clever> Ralith_: you need to use the libraries that ubuntu provides, or you run the risk of compatability problems

19:14 <clever> Ralith_: that will do exactly what you want, to generate deb and rpm packages of nix itself

19:14 <clever> Ralith_: https://github.com/NixOS/nix/blob/2.0/release.nix#L204-L214

19:13 <clever> Ralith_: one min

17:41 <clever> evanjs: that will build 2 packages at once

17:41 <clever> evanjs: nix-build -E 'with import <nixpkgs> {}; buildEnv { name = "foo"; paths = [ hello firefox ]; }'

17:31 <clever> simpson: yeah, it wont update until the linked job is green, and EVERYTHING in that eval has at least been tried, pass or fail

17:16 <clever> philipp[m]: for nixos, a range of failures, that look like a game of whack-a-mole, one gets fixed, then another comes up

17:15 <clever> philipp[m]: darwin is to blame i think, for the nixpkgs based channels

17:15 <clever> https://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents

17:14 <clever> philipp[m]: https://status.nixos.org/

16:11 <clever> Aleksejs: valve deleted the .deb files after an update, the fix is already in nixpkgs master

15:34 <clever> cole-h: what does `nix show-config | grep sub` say?

15:33 <clever> notgne2: due to dhcp, it has to be edited at runtime

15:33 <clever> Aleksejs: yes

15:32 <clever> notgne2: just edit /etc/resolv.conf

15:32 <clever> Aleksejs: and what do you have in systemPackages?

15:31 <clever> Aleksejs: and what is the exact error msg?

15:31 <clever> Aleksejs: what have you set systemPackages to?

15:28 <clever> glittershark: so only :b, nix-build, nix-shell, and nix-env can cause the build to actually start]

15:27 <clever> glittershark: and when you try to build a derivation, all of its build-time deps get built

15:27 <clever> glittershark: if you then pass that string to another derivation, it magically becomes part of the build-time dependencies

15:27 <clever> glittershark: "${drv}" will return the path to the result, and invisibly attach the derivation to that string

15:08 <clever> cole-h: you can use --option to just make it smaller

15:08 <clever> $ nix show-config | grep nega

15:08 <clever> narinfo-cache-negative-ttl = 3600

15:07 <clever> cole-h: if nix-store -r cant find something, it wont bother checking again for an hour

15:07 <clever> cole-h: there is a negative narinfo cache

14:15 <clever> linarcx: libraries are special, and usually wont be picked up enless they are in the buildInputs

14:15 <clever> linarcx: pure only really matters in terms of $PATH and other env vars

14:14 <clever> linarcx: same rules for the clang that nix provides

14:13 <clever> linarcx: it can only find libraries that nix is providing

14:13 <clever> linarcx: the gcc provided by nix will never look in /usr/lib

14:10 <clever> linarcx: they will leak into the shell by default, and only --pure can stop that

14:03 <clever> ixxie: its on bus 0, slot 3, function 0

14:03 <clever> 00:03.0 Ethernet controller: Red Hat, Inc. Virtio network device

14:02 <clever> Miyu-saki: https://gist.github.com/cleverca22/54d49b9b93ac48ab68f44ca1d8c9e91a

14:01 <clever> let me find my notes

14:01 <clever> Miyu-saki: pci bus, slot, and function number are some of it

13:59 <clever> oops

13:59 <clever> ,locate bin lspci

13:59 <clever> > bin lspci

13:56 <clever> ixxie: and what did lspci say about the card?

13:54 <clever> ixxie: but if you dont know those rules, and cant boot a nixos to query things, it can be simpler to just turn them off

13:54 <clever> ixxie: they are predictable, based on the output of lspci, and some complex rules

13:52 <clever> ixxie: loopback is always lo, so you can be sure it will be lo and eth0

13:51 <clever> ixxie: then you can just disable predictable names, and assume eth0

13:50 <clever> ixxie: how many interfaces on the machine, how do they differ from eachother?

13:15 <clever> Fare: builtins.readDir

13:01 <clever> Fare: something must be evaluating the nix expr with builtins.fetchGit, what did it?

13:00 <clever> Fare: how did you run the build from a shell?

12:59 <clever> sudo changes $HOME, so ~/.ssh is diff, but it leaves $SSH_AUTH_SOCK intact

12:58 <clever> Miyu-saki: `sudo ssh` works just fine when your using an ssh-agent

12:57 <clever> Fare: what url did you use? how did you run the build from a shell?

12:52 <clever> it runs git as your user, so it can use whatever secrets you have in the usual places

12:51 <clever> Fare: builtins.fetchGit can also clone anything you can with `git clone`

12:50 <clever> Fare: src = /home/clever/apps/foo;

12:32 <clever> FireFly: on a regular system, its just a symlink

12:31 <clever> lrwxrwxrwx 1 root root 4 Dec 17 2014 /usr/bin/sudoedit -> sudo

12:28 <clever> Fare: > I've already set `environment.variables.EDITOR` to `vim` and `echo $EDITOR` shows vim.

04:17 <clever> bpye: if you `systemctl kexec`, then systemd will reboot the machine via kexec, the issue though is getting it to pass the keys over...

22:25 <clever> 6 , username ? "", token ? "" # get/reset token at https://factorio.com/profile

22:25 <clever> iqubic: and you can only login if you can proove you paid for it

22:25 <clever> iqubic: by logging in on the factorio site

22:24 <clever> iqubic: factorio can only install if you put an auth token into your config.nix file

22:23 <clever> symphorien: that would probably work, if you can mount over it

22:23 <clever> hmmm, just tried it, and its not working anymore...

22:22 <clever> symphorien: i believe `chmod 0` still impacts root, not sure why exactly

22:14 <clever> monokrome: i typically `chmod 0 /boot` before i mount /boot, so if that mistake ever happens, you get permission errors

22:13 <clever> monokrome: sounds like your hardware-configuration.nix is missing it then?

22:12 <clever> monokrome: if its not mounted, you stop updating the bootloader cfg

22:12 <clever> monokrome: was /boot mounted correctly when you ran nixos-rebuild ?

21:50 <clever> monokrome: try ctrl+alt+f7 ?

21:50 <clever> monokrome: did you hit ctrl+alt+f1 or similar?

21:40 <clever> ixxie: "we've moved:"

21:40 <clever> ixxie: it got re-uploaded, a few comments down

21:38 <clever> Raito_Bezarius: activationScripts just run in a bash shell, before systemd is even launched

21:37 <clever> Raito_Bezarius: activation scripts could run before the driver is loaded, a systemd unit would be better

21:36 <clever> ixxie: https://github.com/NixOS/nixops/issues/605

21:33 <clever> ixxie: finding a link...

21:30 <clever> ixxie: i would make a systemd service that figures it out at runtime

21:27 <clever> ixxie: depends on what exactly your doing

21:26 <clever> ixxie: so you should push that choice off until runtime, or make the if name more predictable

21:26 <clever> ixxie: but the interface name at buildtime, may be wrong next time you boot

21:21 <clever> ixxie: what do you want to run, and what do you want to do with the output?

21:20 <clever> ixxie: as long as the expression doesnt depend on related options, its fine

21:16 <clever> the only time i get compiler tools, is when i run nix-shell

21:15 <clever> dsal: i prefer to never put any compiler things in nix-env, so that cant happen

21:10 <clever> adisbladis: and this is an example of how to make your own module thing

21:09 <clever> https://github.com/cleverca22/nix-tests/tree/master/module-example

21:09 <clever> adisbladis: the explorer example i linked, is using the whole nixos to configure things, but its no fully automated

21:04 <clever> cole-h: probably doesnt work in docker

21:03 <clever> adisbladis: i could see the loss of s3 being a potential problem, if anybody wants to `nix-store --option substituters s3://bucket`

21:02 <clever> cole-h: yeah

21:02 <clever> ah

21:01 <clever> adisbladis: util-linux depends on it by default

21:00 <clever> adisbladis: does it have systemd in the closure?

20:54 <clever> cole-h: https://www.youtube.com/watch?v=5OPkGQoPeHk

20:53 <clever> cole-h: it even required that your username be emoji

20:52 <clever> cole-h: he also made an instant messaging app, that only allows emoji

20:51 <clever> cole-h: https://www.youtube.com/watch?v=3AtBE9BOvvk

20:51 <clever> siers: just put an unquoted path in your nix expr

20:49 <clever> cole-h: have fun typing that over a 7bit serial link

20:48 <clever> colemickens: thats when you bust out your thesaurus!

20:29 <clever> though, some of my machines just lack a hardware-configuration.nix entirely

20:29 <clever> energizer: i try to keep all the changes to configuration.nix, in theory, you should be re-running nixos-generate-config to update hardware-configuration.nix

20:09 <clever> jboy46: store a db version# in the db, and in the prestart for your service, check what it is, and apply migrations based on the number

20:00 <clever> dmj`: yes

19:59 <clever> adisbladis: nope

19:58 <clever> adisbladis: ahh, looks like its more about adding a sudo replacement?

19:58 <clever> keithy[m]: each user has its own list of channels, you can `nix-channel --list` to see them

19:58 <clever> dmj`: its in the man page for nix-store

19:57 <clever> keithy[m]: as root, `nix-channel --add <url> nixos`, then `nixos-rebuild switch --upgrade`

19:56 <clever> adisbladis: i would just use sudo, `sudo -u foo <cmd>`

19:56 <clever> keithy[m]: check the release-19.09 branch on github, and you should see it agree with you now

19:55 <clever> dmj`: sign things with `nix sign-paths` or set a secret key in nix.conf so it signs everything

19:55 <clever> keithy[m]: sudo nix-channel --list

19:54 <clever> keithy[m]: which channel are you on?

19:54 <clever> dmj`: only if you have nix-daemon setup and the store permissions restricted to root

19:53 <clever> dmj`: if you have +w to /nix/store, you are trusted automatically

16:11 <clever> betaboon: that also works

16:08 <clever> betaboon: its a normal nixos option, https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix#L211-L218

16:08 <clever> betaboon: yes

15:12 <clever> das-g[m]: you can also use nix-copy-closure to copy the drv file out of the machine, then nix-build it, and nix-copy-closure the product back out

15:12 <clever> das-g[m]: NIX_REMOTE=local may force it to stop, but simpler to just make a key

15:11 <clever> das-g[m]: it may be spawning the ssh from nix-daemon, which breaks the forwarding chain

14:53 <clever> you should see it in required features

14:53 <clever> das-g[m]: if you run `nix show-derivation` on the drv for linux

14:51 <clever> das-g[m]: building a kernel requires a special feature flag

14:04 <clever> dxtr: its best to build it with nix and have it live in /nix/store/

13:58 <clever> you can either use -I nixpkgs= to remap it somewhere, or just give it an absolute/relative path to the release.nix instead

13:58 <clever> romildo: `nix-build '<nixpkgs/nixos/release.nix>' -A tests.xfce.x86_64-linux`

13:55 <clever> dxtr: ah, simple!

13:42 <clever> romildo: then youll probably want to be editing release.nix to add the tests to it

13:41 <clever> romildo: you can just look at the attrset within that (either in an editor, or `nix repl`), and then just build one of those attrs

13:41 <clever> romildo: all of the tests are attributes of nixos/release.nix

13:40 <clever> i'm not sure what that mountpoint is really used for

13:40 <clever> unknown

13:39 <clever> because your not really root

13:39 <clever> openvz can make a lot of things return permission errors, even as root

13:39 <clever> dxtr: the host isnt allowing you to do that

13:39 <clever> dxtr: oh, yeah, that would definitely be it

13:38 <clever> dxtr: thats what `mount` should say when it works

13:38 <clever> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)

13:38 <clever> dxtr: looks totally normal

13:35 <clever> and toss it all into a pastebin

13:35 <clever> dxtr: stat / /var /var/lib /var/lib/nfs /var/lib/nfs/rpc_pipefs

13:34 <clever> dxtr: did you run nixos-rebuild as root? are the permissions in /var weird? any errors in `dmesg`?

13:33 <clever> dxtr: ?

13:32 <clever> whyuk: lines 73, and 69, will put config.system.build.toplevel into the list that 18 was referencing

13:32 <clever> https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/netboot/netboot.nix#L72-L74

13:31 <clever> dxtr: it could be kernel version issues, try a reboot?

2020-05-06

2020-05-05

2020-05-04

2020-05-03

2020-05-02