Re: [Nix-dev] Google Summer of Code 2017

Hi Anderson, Please do! Just submit a PR and I'll give you push permissions. The more ideas we have the better. ~ On 28 March 2017 at 18:48, Anderson Torres wrote: > No problems, guys! Just keep calm and carry on! We gained another year > to rally efforts on a

Re: [Nix-dev] Google Summer of Code 2017

I don't believe in individual failure. We should try to put a system in place to avoid this next time. A related issue is that GHC didn't get in either because they didn't have a good page with potential projects. I propose: * Several of us put the next deadline into our calendar (probably

Re: [Nix-dev] nixos-container networking

Would it be possible to add an assert if there are any restrictions on the naming? I don't know enough about this to be of much help though. On 14 March 2017 at 06:01, Danylo Hlynskyi wrote: > Strange, I have lot's of containers with "-" and experience no problems. > But

Re: [Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

Hi Graham, I tried reproducing the nixos-rebuild switch issue for setuid wrappers without success: Can you point me to an issue, or give a hint for what you mean by "break setuid binaries"? I'd like to fix this but don't yet understand what's going on. ~ On 5 March 2017 at 15:25, Graham

Re: [Nix-dev] Explicitly selecting sources for "src" in stdenv.mkDerivation?

) > src; > > To be used as for example: > > src = lib.whitelistSource ./. [ > "lumi-central-server.cabal" > "src" > "default.conf" > ]; > > Bas > > Op 16 feb. 2017 13:14 schreef "Thoma

[Nix-dev] Explicitly selecting sources for "src" in stdenv.mkDerivation?

Hi, I am consistently struggling with the following in nix: I have a repository and I want to specify derivations for some local sub-projects. The obvious solution is src = ./subproject-A; But that pulls in everything in that directory, including build artifacts, or random intermediate data

Re: [Nix-dev] Which option replaces security.setuidOwners?

There are some docs here: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/wrappers/default.nix#L111 Though I agree that we should probably also add something to the manual about how to elevate privileges in NixOS. ~ On 14 February 2017 at 22:12, Tomasz Czyż

Re: [Nix-dev] Which option replaces security.setuidOwners?

Hi, The option is now called `wrappers`. You can look at e.g. [1] for how to update the code (more complex examples can be found in that same diff). The assert is a great idea! ~ [1] https://github.com/NixOS/nixpkgs/pull/16654/files#diff- 83d20e45a7ca489ef290ee1ee57543c7L28 (forgot reply all)

Re: [Nix-dev] RFC for RFCs

That would be amazing! I actually have an email sitting in my draft folder proposing Nix Enhancement Proposals (NEPs). IMHO one of the things we aren't very good at is getting larger changes merged or rejected. We attract a lot of smart people because Nix is pretty awesome. These smart people

Re: [Nix-dev] Shutting down prs.nix.gsc.io

Expensive data transfer out from EC2 is the reason I added digital ocean support to nixops. Our company fits into a few TB / month, but for more we could use e.g. kimsufi which has 100Mbit / second unmetered for £20-30 / month. Their servers also usually come with 2TB or more spinning disks which

Re: [Nix-dev] systemd dependencies for a network service

Hi Azul, Would running after dhcpcd.service work? ~ On 14 January 2017 at 16:57, Azul wrote: > I have a systemd vpn service that is wantedBy 'network.target', and runs > after 'network-interfaces.target'. > > However the service fails to start properly (it does start but

Re: [Nix-dev] Typing nix − funding campaign

Hi, For my own curiosity: Is your adviser's work online somewhere? ~ On 12 January 2017 at 17:17, Théophane Hufschmitt wrote: > Thu 12 Jan 17 − 15:31, Peter Simons(sim...@nospf.cryp.to) a écrit: > > Hi Théophane, > > > > > https://www.gofundme.com/typing-nix > > > > I

Re: [Nix-dev] Typing nix − funding campaign

Hi, Many thanks for giving this a shot, it's exciting! I donated some money and I hope we'll get this rolling soon. I have a few questions: * Is the plan to merge this into the current nix c++ code base? If so: Do you have some buy-in from the nix maintainers? * If it's an external tool: would

Re: [Nix-dev] NixOS 17.03 release manager is Robin Gloster

Amazing! Thanks Robin for taking that on. On 10 January 2017 at 16:52, Domen Kožar wrote: > Hi all, > > I'm happy to announce Robin (https://github.com/globin) will be release > manager starting with NixOS 17.03. > > He has been contributing to Nix ecosystem for over two years.

Re: [Nix-dev] Nixos vps

@Jörg - do you have a link to the kexec based installer? On 14 December 2016 at 15:00, Jörg Thalheim wrote: > I recently made some good experience with kexec based installer. > > They can run basically run on every Linux out there. > > > On 2016-12-14 01:06, Jeaye wrote: >

Re: [Nix-dev] Nixos vps

I tested various mechanisms and cloud providers over the last few weeks. All providers I tested worked, although I often got less CPU than advertised . Some combinations didn't work, e.g. I can't boot grsecurity kernels on EC2. I'm sure the latter is possible, I just didn't have time to

Re: [Nix-dev] NixOS Security Team

+1 to all - thanks for putting in the effort & energy! On 7 December 2016 at 11:52, Graham Christensen wrote: > Rob Vermaas writes: > > > > > I am fine with any of the nominees mentioned. But I am sure there > > might be others that are willing and

Re: [Nix-dev] Distributing files between machines in a nixops deployment

Key distribution in NixOps is a bit weak but there is: https://nixos.org/nixops/manual/#opt-deployment.keys >From your description you might also be interested in setting up a CA to sign your user keys instead. E.g. [1] or [2] ~ [1]

Re: [Nix-dev] Python: getting rid of PYTHONPATH in Nixpkgs

I played with `withPackages` and it's rather nice. The only problem I had was "collision between A and B" style errors. Is there any plan to allow for collisions? On 2 November 2016 at 06:05, Dmitry Kalinkin wrote: > > > On 01 Nov 2016, at 11:56, Freddy Rietdijk

Re: [Nix-dev] Python: getting rid of PYTHONPATH in Nixpkgs

I'm +1 on this because I encountered lots of problems with PYTHONPATH, especially for programs that have their own module loading logic (e.g. gunicorn, some Django code). I don't know what new problems this change will introduce (other than what you mentioned) but since this is closer to how

Re: [Nix-dev] Limiting access to only maintained packages and ensuring core packages are maintained

I'm mostly worried about leaning that I need to fix a package that I'm maintaining. I care about fixing bugs and purging unmaintaned packages, but most of the time I don't even see the report, or I know it's broken in hydra until I test again locally. Do you have any ideas around getting word out

Re: [Nix-dev] Hardening flags enabled by default

Thank you so much! I've been running a staging server on this branch for a few weeks and all of the issues I had were addressed in your branch before I had time to flag them. This is really fantastic work not just for my servers but also for my ability to argue that NixOS has a story for

Re: [Nix-dev] Add new binaryRunCheck phase to stdenv?

; On Sun, 19 Jun 2016, 12:10 Thomas Hunger, <tehun...@gmail.com> wrote: > >> Hi, >> >> One problem I encounter not very often, but often enough to be annoyed by >> it is that binaries build successfully but don't actually run due to some >> missing run time de

[Nix-dev] Add new binaryRunCheck phase to stdenv?

Hi, One problem I encounter not very often, but often enough to be annoyed by it is that binaries build successfully but don't actually run due to some missing run time dependency ( template, LD_PRELOAD, a dependency that should have been in propagatedBuildInputs, ..) We have a "Tested execution

Re: [Nix-dev] haskell structure for all of nixpkgs

> You are right, the „multiple releases“ approach clogs the repository. In general it would be a lot more favourable if we didn’t have to check in these thousands of package descriptions but could generate them from hackage IMO an advantage of checking package metadata into git is that we notice

[Nix-dev] Second London Nix meetup on 3rd of May 2016

Hi, Simone and I are organizing a second Nix meetup to celebrate the release of 16.03. You can sign up at [1]. We're looking for speakers that would be interested in talking for 20-30 minutes, either this time or in future meetups. We do have a backup-talk for this time though! We're also trying

Re: [Nix-dev] Question on package signing and security?

The manual has some info: https://nixos.org/nix/manual/#operation-generate-binary-cache-key It's a fairly straight forward private / public signing scheme. There's an example on how to verify integrity in the manual as well: https://nixos.org/nix/manual/#examples-23 ~ On 28 March 2016 at

Re: [Nix-dev] NixOS 16.03 channel available for testing

Hm, those images don't boot. I think I picked up the wrong version of nixpkgs from the environment despite following [1] pretty meticulously. Apologies if you already tried them. [1] https://nixos.org/wiki/NixOS_on_Amazon_EC2 On 8 March 2016 at 18:37, Thomas Hunger <tehun...@gmail.com>

Re: [Nix-dev] NixOS 16.03 channel available for testing

I created some ec2 AMIs for testing: latest commit: 440e2a757a3e8b8e50e931e339c18c0f0ac54e9b channel: 16.03-beta ami-fdb50d8e in eu-west-1 ami-23d6324c in eu-central-1 ami-ca4144a0 in us-east-1 ami-fd46359d in us-west-1 ami-ab3ad5cb in us-west-2 ami-4a438b29 in ap-southeast-1 ami-64f5d407 in

Re: [Nix-dev] yet another npm2nix reengineering attempt

Thanks Sander for trying again! As a data point: We've had too many issues with integrating NPM and nix more tightly so we've given up and run [1] in combination with shrink-wrap. I think there may be value in pushing the "resolved" fields from the npm-shrinkwrap.json file into nix but trying to

Re: [Nix-dev] Fwd: Wiki is dead

Thanks Rok! I've given this a try [1] for the zero-build-failures entry and my experience so far was: 1/ How do I actually build docbook? => copy doc/default.nix and adjust 2/ nix-build is rebuilding GHC 7.8 and 7.10 (for pandoc I think). => Wait 2h. 3/ GHC build fails [2] 4/ We're not using

Re: [Nix-dev] Fwd: Wiki is dead

I'm tool agnostic but +1 on having a cookbook in git for the review-workflow (avoids wiki spam). I have a number of snippets (how to remove gc roots, haskell profiling, how to use ihaskell properly, many more) but no good place to put them. I've started a git-book thing [1] a while back to

Re: [Nix-dev] Installing CA certificates

Hi Adam, Can you make the TLS call work with a command line tool like openssl? I'm not 100% sure but I think that Chrome might use a different set of trusted certs (based on the Mozilla ones) [1]. ~ [1] https://www.chromium.org/Home/chromium-security/root-ca-policy On 18 February 2016 at

Re: [Nix-dev] problem with automounted ntfs partitions

Hi Mate, Can you try nix-env -iA nixos.ntfs3g instead? On 16 February 2016 at 07:10, Máté Kovács wrote: > Hi all, > > The problem I'm trying to solve is that automounted ntfs partitions are > read-only. > > For example, `mount | column -t` lists > /dev/sdb1 on

Re: [Nix-dev] Notes and ideas about the Nix-UI proposal

Would anyone be interested in collecting some data on how people are using nix? I had a look though my bash history and I can see myself doing the following a lot (using ipython as an example). man nix-store nix-shell -p pythonPackages.ipython ... nix-env -qaP | grep -i ipython | grep noteb

Re: [Nix-dev] Fundraiser?

There's the foundation https://nixos.org/nixos/foundation.html which would be a great structure to collect and direct money. Eelco - I'm not sure where to look so I couldn't find anything about the foundation's activity. Do you keep meeting notes somewhere online? best, Tom On 7 December 2015

Re: [Nix-dev] Why does my system rebuild rustc and cargo?

Hi Matthias, Can you expand a bit on what "all the time" means? After a nix-channel --update? When you install it with nix-env? Maybe when you reference rustc in a nix-shell? best, Tom On 20 November 2015 at 15:01, Matthias Beyer wrote: > Hi, > > my system wants to

Re: [Nix-dev] nixos inside lxc container on non-NixOS host

Not quite what you said but this works for me for rkt [1]. For using nspawn I think you'd need the full /nix/store on the non-nix system. ~ [1] https://gist.github.com/teh/f3d8532bfef8fb25fe1f On 24 October 2015 at 18:52, Tomas Hlavaty wrote: > Actually, description of any

Re: [Nix-dev] Guarantee Consistent Builds and Obsolete overrideScope

I got confused by the reference to "Use Function Application To Escape Override Hell" It's [1] which got stuck in my spam folder. [1] http://lists.science.uu.nl/pipermail/nix-dev/2015-October/018380.html On 15 October 2015 at 19:52, Peter Simons wrote: > The Problem >

Re: [Nix-dev] readFile applied to a path with a variable

Do you need toPath? lib.readFile "./foo/${name}/bar" seems to work for me. On 16 October 2015 at 11:10, Bas van Dijk wrote: > Hello, > > In a Nix expression I would like to read a file where the file path is > based on a variable. So I would like to do something like

Re: [Nix-dev] Providing Debian, Arch etc. packages counterproductive?

. As you will see, the installer is > basically just a shell script that gets run as root when the package is > installed, so if there is a more official version of this process, it would > probably be quite easy to include it there. > > Cheers, > > Alastair > > On 23 Se

Re: [Nix-dev] Providing Debian, Arch etc. packages counterproductive?

Alastair, Looking at [1] it looks like the only thing that package does is setting an env variable - how did you get your /nix tree started? Maybe we could extend nix-multiuser to execute your /nix steps on start? ~ [1] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=nix-multiuser On 23

Re: [Nix-dev] Providing Debian, Arch etc. packages counterproductive?

The deb can be inspected with "dpkg -c". It contains all the nix-* commands, man pages, some perl, headers and some basic nix library functions. What's missing is a postinst script that setting up the things according to [1] (probably needs updating). On reflection platform specific packages

[Nix-dev] Providing Debian, Arch etc. packages counterproductive?

Hi, Slight ramble ahead. I've managed to get several people to try Nix after constantly raving about it and all but one had a bad experience. The reason AFAICT is that they first check for nix in their default package tool (apt-get, pacman, ...). These packages install nix-* binaries but they

Re: [Nix-dev] nixpkgs haskell system got into inconsistent state broken

It's possible you hit the infamous non-deterministic package hash generation [1] for which Peter collected data recently [2]. AFAICT the only solution is to remove and rebuild or refetch all haskell packages. This bug has high priority for GHC 8 so I hope it'll eventually go away. [1]

Re: [Nix-dev] Where would I put the bootstrapping guide?

Hi Jookia, Do you have your guide somewhere public? Maybe on github, pastebin, a blog or so? It'd be a shame to lose this information! ~ On 29 April 2015 at 12:09, Joachim Schiele j...@lastlog.de wrote: On 29.04.2015 04:25, Jookia wrote: Hello! Recently I've bootstrapped NixOS on to a

Re: [Nix-dev] Switch to GHC 7.10.1 is imminent

+1 as well. I repeatedly ran into the issue where GHC package hashes changed which IIUC is fixed in 7.10. Can't wait to start testing. On 18 April 2015 at 19:11, John Wiegley jo...@newartisans.com wrote: Aycan iRiCAN iricanay...@gmail.com writes: I am -1 on this. Since some of the packages

Re: [Nix-dev] Use GHC 7.10.1 as default Haskell compiler in nixpkgs

I think https://github.com/fpco/stackage/issues/378#issuecomment-82971435 is the bug to follow. But stackage is only a relatively small subset of hackage so I don't know how bad the impact of 7.10 on full hackage is. On 27 March 2015 at 17:19, Mateusz Kowalczyk fuuze...@fuuzetsu.co.uk wrote:

Re: [Nix-dev] Question about organising dependencies not in core nixpkgs?

at 16:11, Shea Levy s...@shealevy.com wrote: See https://github.com/NixOS/nix/pull/213. The comment chain is long, but it’s important to read up to https://github.com/NixOS/nix/pull/213#issuecomment-43674771. ~Shea On Mar 18, 2015, at 12:02 PM, Thomas Hunger tehun...@gmail.com wrote

[Nix-dev] Question about organising dependencies not in core nixpkgs?

Hi, I usually include a shell.nix file in my libraries for development. If I have a dependency not in core nixpkgs then I add a local mkDerivation using let pkg = ... in {} to shell.nix (e.g. [1]). If I now want to use my library in another context, say nixops, I have to duplicate the shell.nix

Re: [Nix-dev] Question about organising dependencies not in core nixpkgs?

2015 at 10:31, Luca Bruno lethalma...@gmail.com wrote: On 18/03/2015 11:26, Thomas Hunger wrote: Hi, I usually include a shell.nix file in my libraries for development. If I have a dependency not in core nixpkgs then I add a local mkDerivation using let pkg = ... in {} to shell.nix (e.g

Re: [Nix-dev] Question about organising dependencies not in core nixpkgs?

/03/2015 12:37, Thomas Hunger wrote: Thanks. That would require having the shell.nix library locally already AFAICT. To rephrase slightly. Ideally I'd like to be able to do: myLibrary = fetchurl { ... }; extraDepends = import ${myLibrary}/depends.nix; buildDepends

Re: [Nix-dev] Question about organising dependencies not in core nixpkgs?

Apologies, here's the rest of my email: .. but I could not find anything that looks like evaluate at build time - is that code somewhere public? Thanks, Tom [1] https://github.com/shlevy/nix On 18 March 2015 at 16:01, Thomas Hunger tehun...@gmail.com wrote: Hi Shea, I checked your github

Re: [Nix-dev] State database in nixops

Could you expand on this a bit? I've been using nixops for a while, but only recently set up a Hydra server to run tests automatically. I'm now considering doing automated deployments out of hydra, but not quite sure how that should work. It would be simple to have a hydra job that runs

Re: [Nix-dev] State database in nixops

What I'd like much better is an option to use an external database; then I could use a replicated cluster or something like that to eliminate the single point of failure. The last thing I want is my ops team being locked out of nixops during an emergency. nixops accesses the .nix config

[Nix-dev] State database in nixops

Hi, I've been a happy user of nixops for my own projects for a while. It works fine as a single user tool but we found it to be tricky to use with multiple developers, or even just a CI system that calls nixops deploy. One issue we had is absolute paths in the state. I.e. if I nixops export my

Re: [Nix-dev] setting environment values.

Hi, There is makeWrapper [1] which wraps your binary in a shell script that sets some variables before execution. See e.g. [2] for how apache maven uses it to set JAVA_HOME. Is that what you are looking for? ~ [1] https://nixos.org/wiki/Nix_Runtime_Environment_Wrapper [2]

Re: [Nix-dev] A Journey into our brand-new Haskell infrastructure: Part II

Thanks, that's super useful! One more question: How would I get older versions of certain packages (e.g. I need optparse-applicative 0.10 for elm-make) into hackage-packages.nix? ~ On 11 January 2015 at 19:41, Peter Simons sim...@cryp.to wrote: The topic of today's posting is: Fixing Build

Re: [Nix-dev] A Journey into the Haskell NG infrastructure: Part I

This is really cool! I changed my sandbox code to look like the following. Is that how it's intended to be used? { haskellngPackages ? (import nixpkgs {}).haskellngPackages, pkgs ? (import nixpkgs {}).pkgs }: let env = haskellngPackages.ghcWithPackages (p: [ p.text p.mtl p.transformers

Re: [Nix-dev] A Journey into the Haskell NG infrastructure: Part I

One thing that'd be useful is documenting how pkgs/development/haskell-modules/hackage-packages.nix is regenerated and how to fix common issues. E.g. disabling tests done by overriding a package in haskell-modules/configuration-common.nix. But I don't understand how to retain a specific version

Re: [Nix-dev] Ejabberd Options

I also found this introduction useful: https://medium.com/@MrJamesFisher/nix-by-example-a0063a1a4c55 On 16 December 2014 at 10:25, stewart mackenzie setor...@gmail.com wrote: On Tue, Dec 16, 2014 at 6:04 PM, Luca Bruno lethalma...@gmail.com wrote: The best you can do is reading the nix