ChanServ changed the topic of #nixus to: Nixus is an experimental deployment tool for NixOS systems - https://github.com/Infinisil/nixus - https://logs.nix.samueldr.com/nixus/
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixus
<ashkitten> would it be possible to make nixus configs able to be evaluated by nixos-install?
<ashkitten> i can't build the system from a nixos installer because i run out of space in the tmpfs
<ashkitten> so the easiest way to get a running system is to install a minimal system that reflects the correct hardware configuration and then build it there
<infinisil> ashkitten: As much as I don't want it to be possible, it might just is. Though Nixus would have to fake a `<nixpkgs/nixos>` and take the machines config from `<nixos-config>`
<ashkitten> just some sort of shim would be amazing tbh
<infinisil> Though tbh, I'm not sure if there's any point to it
<infinisil> You don't gain anything by using Nixus for a single machine, especially if it's just a NixOS evaluation
<ashkitten> i know
<ashkitten> but for bootstrapping only
<infinisil> Even there I don't think it adds any value. Standard NixOS works just fine
<ashkitten> not sure what you mean
<ashkitten> i have an existing config for a machine and i'd like to bootstrap that onto a new one
<infinisil> Ohh
<infinisil> Hmm yeah not possible with nixos-install
<ashkitten> if there was a way to do the nix-build for nixus using a different nix store maybe, like nixos-install does
<infinisil> Because that expects a NixOS config as a path (like to /etc/nixos/configuration.nix). And the NixOS config Nixus uses can't be serialized like that
<ashkitten> well nixos-install can also accept an already built system store path
<infinisil> Ohh that works then
<ashkitten> but building the system with nixus is impossible from the nixos installer because it will overflow the tmpfs
<infinisil> nix-build -A config.nodes.<node>.configuration.system.build.toplevel btw
<infinisil> ashkitten: Wait, but then you can't bootstrap with that config anyways?
<infinisil> Unless you build the store path on another machine and copy it over
<ashkitten> i have to install a minimal system with a similar hardware-configuration, reboot into that system, and run nix-build from there
<infinisil> ashkitten: Yeah so if you want to use Nixus for that you'll just have to disable the expensive bits of the config, build that with above command, then pass it to nixos-install
<ashkitten> yeah, oof
<infinisil> Same as for NixOS
<cole-h> Or could make a bootstrap node
<ashkitten> clearly the solution is to download more ram
<cole-h> Indeed
<cole-h> :P
<infinisil> It would be interesting for NixOS to have a concept of "bootstrap options"
<infinisil> Like hardware config, filesystems, stuff like that
<ashkitten> maybe i could do something screwy and copy the installer's nix store to the rootfs, and bind-mount that over /nix/store in the installer...
<infinisil> And you could get a minimal system just by doing something like `system.bootstrap = true`
<ashkitten> infinisil: and then it would build the rest on boot?
<infinisil> Not sure if that could work automatically
<ashkitten> save resources at initial nixus build, use more post deploy
<infinisil> Hmm, maybe the .drv closure could be copied to the bootstrapping system, such that on bootup it could actually build the full system..
<infinisil> Interesting
<ashkitten> could a .drv be given to nixos-install, actually?
<infinisil> Probably not reasonably
<ashkitten> aw
<infinisil> Like I'm not sure what it would do with a .drv
<cole-h> Call nix-build on it? :P
<ashkitten> can nixos-config be a .drv?
<infinisil> nixos-install needs a *built* system config. How this gets built doesn't matter
<infinisil> And .drv is just a recipe for a system config. If you give it to nixos-install, it still would need to build it
<cole-h> infinisil: Your idea of a `system.bootstrap` option would be interesting...
<ashkitten> but nixos-install can also build /mnt/etc/nixos/configuration.nix
<ashkitten> so what if instead of configuration.nix it was a .drv
<ashkitten> from the nixus eval
<ashkitten> i guess that doesn't really change anything
<ashkitten> because if you could generate a .drv for the system from nixus you could probably just make a shim to evaluate it as a nixos-config
<infinisil> No need for a shim btw, the system build can just be passed to nixos-install
<infinisil> But yeah, using .drv's in any way for this doesn't change anything
<infinisil> I just commented the bootstrapping idea in https://github.com/Infinisil/nixus/issues/2 for future reference
<ashkitten> infinisil: can nixus reinstall the bootloader?
<cole-h> infinisil: Now that I think about it, I think `system.bootstrap` would have to be opinionated to be useful... e.g. to bootstrap my system, I need a gnupg agent to unlock my secrets. Would that be included? What about needing `git-crypt` in my systemPackages?
<cole-h> (I currently have an iso.nix that I call the `config.....isoImage` thing on to do this)
<infinisil> ashkitten: It just does what NixOS does in the end, mostly, so yeah I guess
<infinisil> cole-h: Hmm yeah
<infinisil> cole-h: Though, is that needed to boot it?
<ashkitten> infinisil: it currently doesn't provide any way to do that though
<cole-h> infinisil: No, I guess not.
<ashkitten> i figured out that i can use `nixos-install --system <path> --root / --no-root-passwd`
<infinisil> ashkitten: Oh yeah, I guess you can just ssh to the machine and do `/run/current-system/bin/switch-to-configuration boot`
<ashkitten> no
<ashkitten> switch-to-configuration does not install bootloader
<infinisil> It does though?
<ashkitten> i don't know how nixos-install does it
<ashkitten> no, it doesn't. i tried.
<infinisil> Well it should
<ashkitten> maybe
<cole-h> I think you need to `--install-bootloader`?
<ashkitten> nixos-rebuild has a specific option for install bootloader
<cole-h> Oh
<ashkitten> switch-to-configuration doesn't respond to the --install-bootloader option
<cole-h> I was thinking of that
<cole-h> What if you do `NIXOS_INSTALL_BOOTLOADER=1`?
<cole-h> That's all `--install-bootloader` does
<ashkitten> so it's an undocumented environment variable
<ashkitten> not sure how i was supposed to find out about that :/
<cole-h> I found out about it by `nvim (which nixos-rebuild)` :x
<infinisil> ^ same
<ashkitten> sigh
<cole-h> Sorry
<ashkitten> is it safe to put my ssh pubkey in my nixos config, that can access root on all my machines?
<infinisil> The public key is (as the name implies) public
<ashkitten> right, right
<ashkitten> i'm just cautious by nature
<infinisil> :)
<cole-h> Yes, it's safe (or, at least, I do it).
<cole-h> I also put my `hashedPassword`, so
<ashkitten> hashedPassword i'd be more cautious about
<cole-h> Meh, I don't let password SSH logins, so the only thing I'm cautious of is local access.
<ashkitten> yeah
<cole-h> And they have to break sha512 first.
<ashkitten> or use rainbow tables
<ashkitten> unless your password is particularly strong
<cole-h> Fair
<infinisil> ashkitten: I don't think those work because of the salt
<infinisil> Well, I guess you need to brute force all hashes for the particular salt
<infinisil> So if you have a weak password that would be a problem
<ashkitten> i guess pregenerated rainbow tables are out of the question if it's salted
<ashkitten> but still
<infinisil> Yeah, hashedPassword I'd also be a bit more cautious about
<cole-h> :P
<ashkitten> i'd probably be more cautious out of principle
<ashkitten> but i think it should be fine
<ashkitten> realistically
<ashkitten> salt is just your username right?
<ashkitten> or what is it based off of
<ashkitten> i don't remember :/
<cole-h> Pretty sure it's random(?)
<ashkitten> oh it's stored alongside the hash
<ashkitten> right
<infinisil> Yeah it's random
<lovesegfault> infinisil: what do I do if I want to use a `nixpkgs` in nixus that has overlays applied?
<infinisil> lovesegfault: For a specific machine?
<lovesegfault> infinisil: all machines
<lovesegfault> I have a heavily overlayed/modified nixpkgs and that's what I want to use
<lovesegfault> I get it from `import ../frankesteinPkgs.nix`
<infinisil> lovesegfault: You will have to give nixus a path to nixpkgs with `nodes.foo.nixpkgs = /path/to/nixpkgs`
<infinisil> And you can apply overlays with `nodes.foo.configuration.nixpkgs.overlays`
<infinisil> (Or use `defaults.{nixpkgs,configuration.nixpkgs.overlays}`)
<lovesegfault> Hm, I see
<infinisil> I talked about this before how passing a `pkgs` value to nixpkgs can be problematic, because it needs to import NixOS from it
<lovesegfault> > because it needs to import NixOS from it
<infinisil> And NixOS modules can specify nixpkgs overlays and config and stuff, which all modify the pkgs set
<lovesegfault> why is this problematic?
<lovesegfault> ah
<infinisil> It might be possible, e.g. by looking at (pkgs.path + "/nixos") to get nixos modules, then using `nixpkgs.pkgs` to set the pkgs, and then somehow applying the overlays from the modules with `pkgs.appendOverlays`
<cole-h> btw lovesegfault this is what I do: https://github.com/cole-h/nixos-config/blob/nixus/flake.nix#L167
<infinisil> But that's kind of nasty, not sure how reliable that's gonna be
<lovesegfault> that sounds a bit hacky, unfortunately :/
<cole-h> :P
<lovesegfault> cole-h: that won't include overlays, config, and so on
<lovesegfault> right?
<infinisil> Hmm lemme see
<cole-h> It does actually
<cole-h> Here, let me push my updated flake, since that actually drops the nixpkgs = { inherit pkgs; }
<infinisil> Hmm, it applies overlays, but not `nixpkgs.config`
<lovesegfault> interesting
<cole-h> Maybe it's flakes magic, but WFM.
<infinisil> This is the thing that makes assigning `nixpkgs.pkgs` work, applying both the overlays that were already in pkgs, but also the ones from the nixos modules
<infinisil> But as you can see from just a couple lines above that, it can't apply config, localSystem and crossSystem
<cole-h> I can definitely run dwarf-fortress (unfree) just fine.
<infinisil> Yeah so the config you gave pkgs when importing it is applied
<infinisil> But all the `nixpkgs.config` options specified by any NixOS modules won't
<cole-h> OK, I see. How is this a bad thing? Or rather, what bad things could happen?