<clever>
notgne2: this will link the wifi and wired interfaces, and configure it to use whichever is up, but prefer the wired, and use the same mac for both
<clever>
coderobe: and may be of use to you, if you want state in /root to persist
<clever>
users.users.root.symlinks, oh, thats new to me
<clever>
eyJhb: exactly
<clever>
xwvvvvwx: i hope thats a OTP
<clever>
eyJhb: but if you just shove a quoted path in, that path will stay as-is, and it will symlink something impure!
<clever>
eyJhb: i think the way that works, is your supposed to source = ./foo.txt, nix will then copy that to the store, and replace it with "/nix/store/hash-foo.txt", and then nixos will make a symlink to the store
<clever>
eyJhb: ah, thats even simpler then i thought
<clever>
gchristensen's variant is using a normal zfs fs for /, but wipes it on bootup, so no ram costs
<clever>
hmmm, maybe a systemd prestart or activationScript, if that cant
<clever>
coderobe: i think you can use environment.etc to generate a symlink to a more persistent dir
<clever>
oceSupport = ! stdenv.isAarch64
<clever>
&& already returns a bool
<clever>
let withOCC = (oceSupport || withOCC) && stdenv.isAarch64;
<clever>
evils: they take the form of `if condition then expr1 else expr2`
<clever>
evils: ah, if statements dont work like that
<clever>
> lib.optional false 42
<clever>
> lib.optional true 42
<clever>
coderobe: things like postgresql and such
<clever>
evils: just use an if statement to conditionally add it to buildInputs, or lib.optional
<clever>
coderobe: that reminds me, be aware of any services storing data to /var and such
<clever>
evils: anything present in buildInputs is required to build first, so just having it there and not using will still depend on it
<clever>
coderobe: environment.etc is used to generate all other files in /etc/
<clever>
notgne2: and users.users.foo.initialHashedPassword can be used to deal with things being missing on that first generation
<clever>
or use nixops to build it remotely
<clever>
and /etc/nixos is optional, you can use -I nixos-config=/path/to/configuration.nix when you nixos-rebuild, to make it load a different path
<clever>
cant think of any others at the moment
<clever>
nowhere for the journal to go, so when things do fail, you wont have logs of why
<clever>
coderobe: and you will want to set uid's for all users you define like that, or they will randomly change, causing you to not own your own home
<clever>
coderobe: that defines the pw hash to use, when /etc/passwd was missing
<clever>
xel: your shell.nix can generate a string for you
<clever>
> lib.makeLibraryPath [ zlib ncurses ]
<clever>
yep, /nix/store is missing
<clever>
elvishjerricco: but on the other hand, that would open up things like `systemd-analyze blame` working at the initrd level
<clever>
elvishjerricco: i'm a bit torn, on the one hand, our existing initrd works fine, and systemd may get in the way of some things, and just ugh more systemd infestations! lol
<clever>
xel: try adding the directory for libX11.so to LD_LIBRARY_PATH ?
<clever>
and if things work, then look into patching systemd better
<clever>
for testing, you could just disable nuking references and let it bloat a bit
<clever>
yeah, thats a bit tricky
<clever>
ah
<clever>
elvishjerricco: what binary is it? and if you dont patch, it should still work
<clever>
elvishjerricco: since it heavily uses offsets to point to things, and shrinking something will move everything after it
<clever>
elvishjerricco: the length of strings within the ELF file must not change
<clever>
i just realized something crazy, with the rpi4 .....
<clever>
i once used it as a build machine on my rpi, to build arm stuff for a hydra
<clever>
and it can be configured to keep /nix/store writable
<clever>
40mb*
<clever>
it compiles down to a 40mhz squashfs, a kernel, and an initrd
<clever>
coderobe: basically, i took the bare minimum nixos modules, to make a working linux distro, that is semi-nixos-ish, and then wrote some more to fill in the gaps, and ditch systemd entirely
<clever>
coderobe: using the internals of nixos, you can also build pretty crazy things, like haskell-init
<clever>
coderobe: thats getting fairly heavily into custom and high level stuff
<clever>
so it doesnt have the ram costs of a tmpfs, and still looses state on reboot
<clever>
i think gchristensen said he has one of his machines running with zfs for the whole disk, and he specially configured it to delete and remake an empty dataset for / on bootup
<clever>
which gives you a file-level dedup
<clever>
coderobe: there is `nix-store --optimize`, which will hash every file in the store, and then hardlink them to /nix/store/.links/${HASH}
<clever>
coderobe: not aware of any special features it uses on any fs
<clever>
but you can change those limits as well
<clever>
so the journal will be capped to 15% of 50% of your ram
<clever>
and a tmpfs defaults to 50% of ram
<clever>
it will not use more then 15% of the fs the logs land on
<clever>
the journal also gc's itself to keep usage below many thresholds
<clever>
yeah, those will take up some space, but not much
<clever>
only as much as you write to the fs
<clever>
and if the store should be writable, the squashfs is unionfs'd with a tmpfs
<clever>
coderobe: all of the installer images mount a squashfs to /nix and a tmpfs to /
<clever>
coderobe: nixos can boot with an entirely empty /, even a tmpfs mounted to /, all you need is the store to still be at /nix, and a /boot if you want switch/deploy to still work
<clever>
and the journal db goes back weeks
<clever>
bennofs: yeah, journald is constantly reading /proc/kmsg (a streaming api to dmesg) and saving them to /var/log/journal/
<clever>
lucasvo: but the path may differ if sandboxing is off, you should use $NIX_BUILD_TOP to find it
<clever>
lucasvo: /build should always be writable
<clever>
meatcar_: for every file in /nix/store/.links/, verify that its hash matches its name
<clever>
meatcar_: that does sound like an extra pass verify could do
<clever>
but a GC of any amount (nix-collect-garbage --max-freed 1) will clean up the .links
<clever>
optimize then re-linked the corrupt one
<clever>
so repair without optimize, undid the links, and left a corrupt entry in .links dangling
<clever>
meatcar_: and it assumes that hash(${CONTENTS}) == ${HASH}
<clever>
meatcar_: nix will hash every file, and hardlink it to /nix/store/.links/${HASH}
<clever>
meatcar_: you may need to garbage collect after the first repair
<clever>
meatcar_: and the corrupted one went away
<clever>
meatcar_: i think what happened, is that `--repair` with the auto-optimize turned off, deleted all corrupt versions of the file, causing the hardlink to be GC'd
<clever>
meatcar_: and does verify confirm everything is good now?
<clever>
ah
<clever>
meatcar_: and then `nix-store -r /nix/store/bdaz46m9h8alxdylwpcbiny3adzh3njb-docbook5-5.0.1 --option auto-optimise-store false` to re-download without optimize
<clever>
meatcar_: if its reporting nothing, try `nix-store --delete /nix/store/bdaz46m9h8alxdylwpcbiny3adzh3njb-docbook5-5.0.1`
<clever>
meatcar_: without sudo, that makes things worse
<clever>
meatcar_: what did `nix-store --query --roots /nix/store/bdaz46m9h8alxdylwpcbiny3adzh3njb-docbook5-5.0.1` report?
<clever>
meatcar_: so, nixos-rebuild --option auto-optimise-store false
<clever>
auto-optimise-store = false
<clever>
$ nix show-config | grep auto
<clever>
meatcar_: --option can change those flags
<clever>
meatcar_: ah, ive not noticed that before
<clever>
otwieracz: and restart triggers so nixos still notices that things have changed
<clever>
otwieracz: use environment.etc to put the config into /etc/
<clever>
cmacrae: you can also put the same mkIf's in each other file
<clever>
cmacrae: its also better to ensure imports is always a path, and to not import within imports, that makes the errors harder to read
<clever>
cmacrae: but if your module lacks both config and options, the module system will wrap the whole thing in config = { ... }; for you, and move imports out
<clever>
cmacrae: imports is supposed to be a sibling of config, not a child
<clever>
pbb: ls -l /dev/sd* ?
<clever>
pbb: what does `lsblk` report in the initrd?
<clever>
typetetris: nixos normally goes out of its way to not restart the display-manager
<clever>
avn: nscd i think is what he meant
<clever>
pbb: such as debug1devices and similar, you can find them all in the stage-1-init.sh source
<clever>
pbb: there are several flags to force a failure
<clever>
NAME USED REFER LUSED LREFER WRITTEN USEDSNAP USEDDS REFRATIO RATIO COMPRESS
<clever>
[root@nas:~]# zfs list -t filesystem -o name,used,referenced,logicalused,logicalreferenced,written,usedbysnapshots,usedbydataset,refcompressratio,compressratio,compression
<clever>
elvishjerricco: i believe it will replace the tail block until it hits some min size, but the blocks will be larger if you wrote more without a sync
<clever>
elvishjerricco: it it wont make a ton of 1 byte blocks
<clever>
elvishjerricco: i think it will replace the tail block each time, until it hits some min block size
<clever>
DigitalKiwi: and i got a 2x ratio after re-writing the entire store back to disk on zfs
<clever>
DigitalKiwi: i turned on gzip-9 when i was fixing my nix store on the nas (moving it from / to /nix)
<clever>
nDuff: i think its just preInstall, not preInstallPhase
<clever>
nDuff: is it even getting to the preInstall? add an echo to it?
<clever>
that also sounds simple and easy
<clever>
exarkun: yeah, just { nodes, pkgs, config, ... }:
<clever>
exarkun: and i think you can get a reference to the other machines, much like nixops
<clever>
exarkun: this is how the hosts file is generated
<clever>
exarkun: refer to the pr that just got merged above
<clever>
exarkun: what about the python test framework?
<clever>
ah right
<clever>
what stops you from using that name?
<clever>
exarkun: if you write a test to cat /etc/hosts, what does it find?
<clever>
exarkun: i believe the machines are already in eachothers hosts files
<clever>
vaibhavsagar: it may be that zoom-us is broken then
<clever>
vaibhavsagar: are there any qt files in ~/.nix-profile/lib/ ?
<clever>
dredozubov: `trusted-public-keys` in nix.conf needs to be fixed
<clever>
dredozubov: its saying they have a copy, but you dont trust the signature
<clever>
dredozubov: you need to fix this first
<clever>
warning: substituter 'https://cache.nixos.org' does not have a valid signature for path '/nix/store/m80snlingdn5qgnklzaixscsvw2gsamq-ghc-8.6.5'
<clever>
warning: substituter 'ssh://b2builder' does not have a valid signature for path '/nix/store/m80snlingdn5qgnklzaixscsvw2gsamq-ghc-8.6.5'
<clever>
dredozubov: can you pastebin the entire output, up to when it started to build
<clever>
dredozubov: but if ran on a .drv file, no
<clever>
dredozubov: if ran on an output, yes
<clever>
dredozubov: and then nix-copy-closure the get the products back
<clever>
dredozubov: you can also use `nix-copy-closure` to copy a `.drv` file to a remote machine, and then run `nix-store -r` on the drv to build it