Re: [Nix-dev] How to enable Nginx lua module

[4levels]

Hi All, I finally got it to work as follows:

nixpkgs.config.packageOverrides = pkgs:
{
  nginx = pkgs.nginx.override {
modules = [
  pkgs.nginxModules.lua
  pkgs.nginxModules.dav
  pkgs.nginxModules.moreheaders
];
  };
};

Glad I got it working now!

Kind regards,

Erik


On Thu, Apr 27, 2017 at 12:56 PM 4levels <4lev...@gmail.com> wrote:

> Hi Eike,
>
> could you please tell me where you found that nginx config part in your
> config?
> I'm trying my very best but I'm failing miserably to override the nginx
> modules in my NixOps statements :-(
>
> Thanks in advance!
>
> Kind regards,
>
> Erik
>
> On Thu, Apr 27, 2017 at 11:58 AM 4levels <4lev...@gmail.com> wrote:
>
>> Hi Eike,
>>
>> I'm actually getting infinite recursion errors when I try to add the
>> following to my sample servers.nix config:
>>
>> with import ;
>> let
>>   ...
>> in
>> {
>>   vm01 =
>> { config, pkgs, nodes, nginx, nginxModules, ... }:
>> nginx.override {
>>   modules = [
>> nginxModules.lua
>>   ];
>> }
>> {
>>   deployment.targetHost = "192.168.1.50";
>>   ...
>> };
>> ...
>>   };
>> }
>>
>> Fails with error
>>
>> ..
>> while evaluating the module argument `nginx' in ":anon-1:anon-1":
>> infinite recursion encountered, at
>> /nix/store/yqvarbfxf3594p7p954b4qjdiwmyagm4-nixos-16.09.tar.gz/lib/modules.nix:150:28
>>
>>
>> On Thu, Apr 27, 2017 at 11:46 AM 4levels <4lev...@gmail.com> wrote:
>>
>>> Hi Eike,
>>>
>>> I found similar info in the release notes for 16.03.
>>> I'm struggling to get this into my NixOps statements though, but I'm
>>> sure I'll figure it out ;-)
>>>
>>> Thanks for your swift reply!
>>>
>>> Kind regards,
>>>
>>> Erik
>>>
>>> On Thu, Apr 27, 2017 at 11:33 AM Eike <e...@eknet.org> wrote:
>>>
>>>>
>>>> Hallo Erik,
>>>>
>>>> I found this in my config files:
>>>>
>>>> { nginx, nginxModules }:
>>>>
>>>> nginx.override {
>>>>   modules =  [
>>>> nginxModules.rtmp
>>>> nginxModules.dav
>>>> nginxModules.moreheaders
>>>> #nginxModules.lua
>>>>   ];
>>>> }
>>>>
>>>> But I don't remember why I commented out the lua module. Maybe it didn't
>>>> work or I don't need it…. And this is nixos-16.09, so maybe things
>>>> changed here.
>>>>
>>>> Kind regards
>>>> Eike
>>>>
>>>> 4levels <4lev...@gmail.com> writes:
>>>>
>>>> > Hi Nix Devs,
>>>> >
>>>> > I can see that Nginx can be configured to use the lua module, but I
>>>> can't
>>>> > seem to find how to enable this module?
>>>> >
>>>> > I'm probably overlooking something obvious here, but I checked all
>>>> files in
>>>> > https://github.com/NixOS/nixpkgs/blob/16.09/pkgs/servers/http/nginx
>>>> and I
>>>> > just don't see how I can enable this.
>>>> > https://nixos.org/nixos/options.html#nginx also doesn't enlighten me
>>>> either
>>>> > :-(
>>>> >
>>>> > Kind regards,
>>>> >
>>>> > Erik
>>>> > ___
>>>> > nix-dev mailing list
>>>> > nix-dev@lists.science.uu.nl
>>>> > https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>>>>
>>>>
>>>> --
>>>> gpg: AD7AC35E
>>>> finger print: 137F BB0B 1639 D25F DC5D E59C B412 C5F5 AD7A C35E
>>>>
>>>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How to enable Nginx lua module

[4levels]

Hi Eike,

could you please tell me where you found that nginx config part in your
config?
I'm trying my very best but I'm failing miserably to override the nginx
modules in my NixOps statements :-(

Thanks in advance!

Kind regards,

Erik

On Thu, Apr 27, 2017 at 11:58 AM 4levels <4lev...@gmail.com> wrote:

> Hi Eike,
>
> I'm actually getting infinite recursion errors when I try to add the
> following to my sample servers.nix config:
>
> with import ;
> let
>   ...
> in
> {
>   vm01 =
> { config, pkgs, nodes, nginx, nginxModules, ... }:
> nginx.override {
>   modules = [
> nginxModules.lua
>   ];
> }
> {
>   deployment.targetHost = "192.168.1.50";
>   ...
> };
> ...
>   };
> }
>
> Fails with error
>
> ..
> while evaluating the module argument `nginx' in ":anon-1:anon-1":
> infinite recursion encountered, at
> /nix/store/yqvarbfxf3594p7p954b4qjdiwmyagm4-nixos-16.09.tar.gz/lib/modules.nix:150:28
>
>
> On Thu, Apr 27, 2017 at 11:46 AM 4levels <4lev...@gmail.com> wrote:
>
>> Hi Eike,
>>
>> I found similar info in the release notes for 16.03.
>> I'm struggling to get this into my NixOps statements though, but I'm sure
>> I'll figure it out ;-)
>>
>> Thanks for your swift reply!
>>
>> Kind regards,
>>
>> Erik
>>
>> On Thu, Apr 27, 2017 at 11:33 AM Eike <e...@eknet.org> wrote:
>>
>>>
>>> Hallo Erik,
>>>
>>> I found this in my config files:
>>>
>>> { nginx, nginxModules }:
>>>
>>> nginx.override {
>>>   modules =  [
>>> nginxModules.rtmp
>>> nginxModules.dav
>>> nginxModules.moreheaders
>>> #nginxModules.lua
>>>   ];
>>> }
>>>
>>> But I don't remember why I commented out the lua module. Maybe it didn't
>>> work or I don't need it…. And this is nixos-16.09, so maybe things
>>> changed here.
>>>
>>> Kind regards
>>> Eike
>>>
>>> 4levels <4lev...@gmail.com> writes:
>>>
>>> > Hi Nix Devs,
>>> >
>>> > I can see that Nginx can be configured to use the lua module, but I
>>> can't
>>> > seem to find how to enable this module?
>>> >
>>> > I'm probably overlooking something obvious here, but I checked all
>>> files in
>>> > https://github.com/NixOS/nixpkgs/blob/16.09/pkgs/servers/http/nginx
>>> and I
>>> > just don't see how I can enable this.
>>> > https://nixos.org/nixos/options.html#nginx also doesn't enlighten me
>>> either
>>> > :-(
>>> >
>>> > Kind regards,
>>> >
>>> > Erik
>>> > ___
>>> > nix-dev mailing list
>>> > nix-dev@lists.science.uu.nl
>>> > https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>>> --
>>> gpg: AD7AC35E
>>> finger print: 137F BB0B 1639 D25F DC5D E59C B412 C5F5 AD7A C35E
>>>
>>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How to enable Nginx lua module

[4levels]

Hi Eike,

I'm actually getting infinite recursion errors when I try to add the
following to my sample servers.nix config:

with import ;
let
  ...
in
{
  vm01 =
{ config, pkgs, nodes, nginx, nginxModules, ... }:
nginx.override {
  modules = [
nginxModules.lua
  ];
}
{
  deployment.targetHost = "192.168.1.50";
  ...
};
...
  };
}

Fails with error

..
while evaluating the module argument `nginx' in ":anon-1:anon-1":
infinite recursion encountered, at
/nix/store/yqvarbfxf3594p7p954b4qjdiwmyagm4-nixos-16.09.tar.gz/lib/modules.nix:150:28


On Thu, Apr 27, 2017 at 11:46 AM 4levels <4lev...@gmail.com> wrote:

> Hi Eike,
>
> I found similar info in the release notes for 16.03.
> I'm struggling to get this into my NixOps statements though, but I'm sure
> I'll figure it out ;-)
>
> Thanks for your swift reply!
>
> Kind regards,
>
> Erik
>
> On Thu, Apr 27, 2017 at 11:33 AM Eike <e...@eknet.org> wrote:
>
>>
>> Hallo Erik,
>>
>> I found this in my config files:
>>
>> { nginx, nginxModules }:
>>
>> nginx.override {
>>   modules =  [
>> nginxModules.rtmp
>> nginxModules.dav
>> nginxModules.moreheaders
>> #nginxModules.lua
>>   ];
>> }
>>
>> But I don't remember why I commented out the lua module. Maybe it didn't
>> work or I don't need it…. And this is nixos-16.09, so maybe things
>> changed here.
>>
>> Kind regards
>> Eike
>>
>> 4levels <4lev...@gmail.com> writes:
>>
>> > Hi Nix Devs,
>> >
>> > I can see that Nginx can be configured to use the lua module, but I
>> can't
>> > seem to find how to enable this module?
>> >
>> > I'm probably overlooking something obvious here, but I checked all
>> files in
>> > https://github.com/NixOS/nixpkgs/blob/16.09/pkgs/servers/http/nginx
>> and I
>> > just don't see how I can enable this.
>> > https://nixos.org/nixos/options.html#nginx also doesn't enlighten me
>> either
>> > :-(
>> >
>> > Kind regards,
>> >
>> > Erik
>> > ___
>> > nix-dev mailing list
>> > nix-dev@lists.science.uu.nl
>> > https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>> --
>> gpg: AD7AC35E
>> finger print: 137F BB0B 1639 D25F DC5D E59C B412 C5F5 AD7A C35E
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How to enable Nginx lua module

[4levels]

Hi Eike,

I found similar info in the release notes for 16.03.
I'm struggling to get this into my NixOps statements though, but I'm sure
I'll figure it out ;-)

Thanks for your swift reply!

Kind regards,

Erik

On Thu, Apr 27, 2017 at 11:33 AM Eike <e...@eknet.org> wrote:

>
> Hallo Erik,
>
> I found this in my config files:
>
> { nginx, nginxModules }:
>
> nginx.override {
>   modules =  [
> nginxModules.rtmp
> nginxModules.dav
> nginxModules.moreheaders
> #nginxModules.lua
>   ];
> }
>
> But I don't remember why I commented out the lua module. Maybe it didn't
> work or I don't need it…. And this is nixos-16.09, so maybe things
> changed here.
>
> Kind regards
> Eike
>
> 4levels <4lev...@gmail.com> writes:
>
> > Hi Nix Devs,
> >
> > I can see that Nginx can be configured to use the lua module, but I can't
> > seem to find how to enable this module?
> >
> > I'm probably overlooking something obvious here, but I checked all files
> in
> > https://github.com/NixOS/nixpkgs/blob/16.09/pkgs/servers/http/nginx and
> I
> > just don't see how I can enable this.
> > https://nixos.org/nixos/options.html#nginx also doesn't enlighten me
> either
> > :-(
> >
> > Kind regards,
> >
> > Erik
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
>
> --
> gpg: AD7AC35E
> finger print: 137F BB0B 1639 D25F DC5D E59C B412 C5F5 AD7A C35E
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] How to enable Nginx lua module

[4levels]

Hi Nix Devs,

I can see that Nginx can be configured to use the lua module, but I can't
seem to find how to enable this module?

I'm probably overlooking something obvious here, but I checked all files in
https://github.com/NixOS/nixpkgs/blob/16.09/pkgs/servers/http/nginx and I
just don't see how I can enable this.
https://nixos.org/nixos/options.html#nginx also doesn't enlighten me either
:-(

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps reproducible bug with large amount of deployment.keys

[4levels]

Hi Philip,

if I only knew :-)
Like I said, this is the output of the deploy call, I have no idea where to
look to find the file where this bash call is actually executed.

I see some interesting responses on the Github issue, I'll have a look at
it right away and report back.

Kind regards,

Erik

On Thu, Apr 20, 2017 at 11:53 PM Profpatsch <m...@profpatsch.de> wrote:

> On 17-04-19 12:27pm, 4levels wrote:
> > The main reason is that the keys derivation contains all key related
> > statements on a single line and is passed as a single argument to bash,
> > triggering the maxlength error (argument list too long).  I could reduce
> > the lenght of the names of the keyfiles, since this will actually reduce
> > the total length of the generated keys derivation, but that's no
> solution,
> > especially since I'm intending to deploy even more keys in the near
> future..
>
> Can you link to the line where bash is called
> with too many arguments?
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps reproducible bug with large amount of deployment.keys

[4levels]

Hi Nix-Devs,

I filed the following bug report in the Github issue tracker
https://github.com/NixOS/nixpkgs/issues/25057

Hope someone has the skills to have a look at this..

I'm currently trying to work around this issue by encrypting and packaging
these files myselfs and manually move the keys to the /run/keys folder..
not a nice solution but at least it should keep me going untill a fix is
created.

Kind regards,

Erik aka 4levels

On Wed, Apr 19, 2017 at 2:27 PM 4levels <4lev...@gmail.com> wrote:

> Hi Nix Devs, hi Philip,
>
> in an effort to solve my previous problem (bash argument list too long) I
> tried a new deployment in NixOps, only containing the derivations from the
> examples in the nixops manual.  The forementioned issue appears again so I
> think this is a bug in NixOps and how the keys derivation is being handled.
>
> Steps to reproduce: create the following files
>
> test.nix:
>
> {
>   network.description = "Web server";
>
>   webserver =
> { config, pkgs, ... }:
> { services.httpd.enable = true;
>   services.httpd.adminAddr = "al...@example.org";
>   networking.firewall.allowedTCPPorts = [ 80 ];
> };
> }
>
> test-servers.nix:
>
> webserver =
>   { config, pkgs, ... }:
>   {
> deployment.targetEnv = "virtualbox";
> deployment.virtualbox.memorySize = 1024; # megabytes
> deployment.virtualbox.vcpu = 2; # number of cpus
> };
>   }
>
>
> Add a lot of keys to test-servers.nix, in the form below (example)
>
> deployment.keys."phpmyadmin.password" = {
>   text = fileContents (./keys/phpmyadmin.password);
>   group = "keys";
>   permissions = "0640";
> };
>
> Removing the extra attributes group and permissions doesn't seem to
> change the length of the generated derivation.
>
> Create a new deployment:
> $ nixops create -dtest test.nix test-servers.nix
>
> Output of $ nixops info -dtest
> Network name: test
> Network UUID: 74586894-24e7-11e7-adab-525400d7e1fa
> Network description: Web server
> Nix expressions: test.nix test-server.nix
>
> +---+++-++
> | Name  |   Status   | Type   | Resource Id | IP address |
> +---+++-++
> | webserver | Missing / Outdated | virtualbox | ||
> +---+++-++
>
>
> As soon as you add a lot of key files (+1000) the issue appears, resulting
> in the following error:
>
> $ nixops deploy -dtest --build-only:
> building path(s)
> ‘/nix/store/lv40g4brdfa187x3h08jbxgwrs12gmpm-nixos-system-webserver-17.03.890.ce3ab704b2’
> while setting up the build environment: executing
> ‘/nix/store/86blj9iqyxwmdgkn3dyrpib1gkbmz91v-bash-4.4-p5/bin/bash’:
> Argument list too long
> builder for
> ‘/nix/store/apmw3a1pb7imlw7p6vls9hs6glj4n44h-nixos-system-webserver-17.03.890.ce3ab704b2.drv’
> failed with exit code 1
>
>
> The main reason is that the keys derivation contains all key related
> statements on a single line and is passed as a single argument to bash,
> triggering the maxlength error (argument list too long).  I could reduce
> the lenght of the names of the keyfiles, since this will actually reduce
> the total length of the generated keys derivation, but that's no solution,
> especially since I'm intending to deploy even more keys in the near future..
>
> Since this is reproducible and baked into NixOps, I consider this a bug.
> This is currenlty really a blocking issue for me, setting me back for
> almost a week now as I lack the skills to solve this myself.
> Has anyone an idea how I or someone else can fix / work around this?
>
>
> Kind regards,
>
> Erik aka 4levels
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps failes to deploy: bash: Argument list too long

[4levels]

Hi Philip,

You're totally right on that!

I've basically hacked myself a system configuration together based on what
I could find online and with the help of you guys here. I'm doing this all
by myself and I know practically no one in real life using Nix as well.
Understanding Nix still seems daunting to me. Besides all that, Nix is just
a small part of my life since the application code is my main
responsibility and requires my full attention.

Anyway, I'll give both manuals a good long hard look and will resort to
getting in touch with you for consultancy if I can't get it to work as
intended. I'm probably doing a lot of things wrong or inefficient anyway
and could use a professional look at my efforts.

Kind regards,

Erik

On Tue, 18 Apr 2017, 00:10 Profpatsch, <m...@profpatsch.de> wrote:

> On 17-04-15 10:14am, 4levels wrote:
> > Hi Profpatsch,
> >
> > the name nixos-system-secure comes from one machine called "secure".
> > I'm using various nix files to separate / group some parts of the machine
> > configurations we're using.
> > We're deploying +10 servers for our application code (mancloud) and the
> > machine with name "secure" is supposed to have all keys from all other
> > machines on it.
> >
> > I don't see where I should add the mentioned `set -x`
> > We're usually calling nixops as follows
> > nixops deploy --include secure --build-only -I nixpkgs=
> > https://github.com/NixOS/nixpkgs-channels/archive/nixos-16.09.tar.gz
> >
> > …
>
> I’m pretty sure you are not well-versed with nix and nixos yet.
> nixops builds on these two blocks.
>
> https://nixos.org/nix/manual/
> https://nixos.org/nixos/manual/
>
> Once you work through these manuals
> most of your questions will be answered.
>
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps failes to deploy: bash: Argument list too long

[4levels]

Hi Profpatsch,

the name nixos-system-secure comes from one machine called "secure".
I'm using various nix files to separate / group some parts of the machine
configurations we're using.
We're deploying +10 servers for our application code (mancloud) and the
machine with name "secure" is supposed to have all keys from all other
machines on it.

I don't see where I should add the mentioned `set -x`
We're usually calling nixops as follows
nixops deploy --include secure --build-only -I nixpkgs=
https://github.com/NixOS/nixpkgs-channels/archive/nixos-16.09.tar.gz

When viewing the rest of the file mentioned before (/nix/store/
wz9mvb6x082h4mvww1gsf0x0l9fq8p7z-nixos-system-secure-16.09pre-git.drv), I
can see a lot of comments adding up to the total length of this file, eg.

["-e","/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh"],[("activationScript","#!
/nix/store/gabjbkwga2dhhp2wzyaxl83r8hjjfc37-bash-4.3-p48/bin/bash\n\nsystemConfig=@out@\n\nexport
PATH=/empty\nfor i in
/nix/store/lcwdbh37ha51z86c62mm65vbcfc990dd-coreutils-8.25
/nix/store/zwr4gj1xj67iifpa5mixwz5az7k0j1c4-gnugrep-2.25
/nix/store/95vfigaqdg8jg5bk961k1x06j86p5fh0-findutils-4.6.0
/nix/store/bm052v0zqk8w4gvfwqacszb6b9kijcs4-glibc-2.24-bin
/nix/store/2ij54lmg02915s43kdwlf5hf5qnm04xx-shadow-4.4
/nix/store/n46pca88k2avx96q9zp6927xq3apv2xd-net-tools-1.60_p20120127084908;
do\nPATH=$PATH:$i/bin:$i/sbin\ndone\n\n_status=0\ntrap \"_status=1\"
ERR\n\n# Ensure a consistent umask.\numask 0022\n\n Activation script
snippet stdio:\n# Needed by some programs.\nln -sfn /proc/self/fd
/dev/fd\nln -sfn /proc/self/fd/0 /dev/stdin\nln -sfn /proc/self/fd/1
/dev/stdout\nln -sfn /proc/self/fd/2 /dev/stderr\n\n\n Activation
script snippet binsh:\n# Create the required /bin/sh symlink; otherwise
lots of things\n# (notably the system() function) won't work.\nmkdir -m
0755 -p /bin\nln -sfn
\"/nix/store/7y6azp3wqbbf1wldyyam9zj49s8v09rp-bash-4.3-p48/bin/sh\"
/bin/.sh.tmp\nmv /bin/.sh.tmp /bin/sh # atomically replace
/bin/sh\n\n\n Activation script snippet domain:\n\n\n Activation
script snippet etc...

But I'm not even sure if this file has anything to do with the error itself
:-(

Hope someone can help! Deploying 1600 key files to a server shouldn't be a
problem right? This number is only going to increase over time as well..

I've added some more info on our deploy setup below..


Output of nixops info
nixops info
vultr.nix defaults.nix servers.nix keys.nix

*vultr.nix* contains some Vultr specifics, like bootloader, filesystem and
swap config
*defaults.nix* contains some server defaults, like user accounts, sshd
setup, etc etc
*servers.nix* contains specifications for the various machines we deploy,
"secure" being one of them

with import ;

let

  serverKeys = keys:
genAttrs keys (n:
  {
text = fileContents (./keys + "/${builtins.replaceStrings
["@"] ["-"] n}");
group = "keys";
permissions = "0640";
  }
)
  ;

  serverKeysHost = host: keys:
genAttrs keys (n:
  {
text = fileContents (./keys + "/${host}" +
"/${builtins.replaceStrings ["@"] ["-"] n}");
group = "keys";
permissions = "0640";
  }
)
  ;

in
{

  secure =

  { config, pkgs, lib, nodes, ... }:

  {
deployment = {
  targetHost = "45.76.38.157";
  keys = (serverKeys [
"phpmyadmin.password"
"phpmyadmin.secret"
"oauth-private.key"
"oauth-public.key"
  ])
  // serverKeysHost "v-ams01" nodes.v-ams01.config.services.mancloud.keys
  // serverKeysHost "v-ams02" nodes.v-ams02.config.services.mancloud.keys
  // serverKeysHost "v-ams03" nodes.v-ams03.config.services.mancloud.keys
  // serverKeysHost "v-ams04" nodes.v-ams04.config.services.mancloud.keys
  // serverKeysHost "v-ams05" nodes.v-ams05.config.services.mancloud.keys
  // serverKeysHost "v-ams06" nodes.v-ams06.config.services.mancloud.keys
  // serverKeysHost "v-fra01" nodes.v-fra01.config.services.mancloud.keys
  // serverKeysHost "v-par01" nodes.v-par01.config.services.mancloud.keys
  // serverKeysHost "v-lon01" nodes.v-lon01.config.services.mancloud.keys
  // serverKeysHost "v-syd01" nodes.v-syd01.config.services.mancloud.keys
  // serverKeysHost "v-mia01" nodes.v-mia01.config.services.mancloud.keys
  ;
};

*keys.nix* contains the list of key-files, being stored in ./keys/
subfolder and are read by the serverKeys(Host) calls above, eg.

{

  v-ams01 =

{ config, pkgs, lib, ... }:

{

  services.mancloud.keys = [
"mancloud.client1.api.clients.mancloud.secret"
&qu

Re: [Nix-dev] NixOps failes to deploy: bash: Argument list too long

[4levels]

Hi Profpatch,

Thanks for your reply, but I don't know how to even try implementing your
suggestions. This file is generated by NixOps and is run just before the
actual deployment starts. This is at the end of the build phase before the
actual deploy. It starts with

Derive([("out","/nix/store/j9p5zwqj03nq4f4id5a0phig5gk0snqd-nixos-system-secure-16.09pre-git","","")],
...

I have literally no idea where to look or what to change in NixOps itself
to use the suggestions you made, as this goes way beyond my nix-knowledge.
For all I know, this issue could come from something totally different as
well, I'm just gessing here since this is the last output of the nixops
deploy call before the error message. Below the full output of the call

[erik@no01:~]$ nixops deploy --build-only --show-trace
building all machine configurations...
these derivations will be built:

/nix/store/wz9mvb6x082h4mvww1gsf0x0l9fq8p7z-nixos-system-secure-16.09pre-git.drv
  /nix/store/bz3ajdlxalr0c8i1zik40zwvnsb2g8a7-nixops-machines.drv
building path(s)
‘/nix/store/j9p5zwqj03nq4f4id5a0phig5gk0snqd-nixos-system-secure-16.09pre-git’
while setting up the build environment: executing
‘/nix/store/gabjbkwga2dhhp2wzyaxl83r8hjjfc37-bash-4.3-p48/bin/bash’:
Argument list too long
builder for
‘/nix/store/wz9mvb6x082h4mvww1gsf0x0l9fq8p7z-nixos-system-secure-16.09pre-git.drv’
failed with exit code 1
cannot build derivation
‘/nix/store/bz3ajdlxalr0c8i1zik40zwvnsb2g8a7-nixops-machines.drv’: 1
dependencies couldn't be built
error: build of
‘/nix/store/bz3ajdlxalr0c8i1zik40zwvnsb2g8a7-nixops-machines.drv’ failed
error: unable to build all machine configurations


Kind regards,

Erik


On Fri, 14 Apr 2017, 22:00 Profpatsch, <m...@profpatsch.de> wrote:

> On 17-04-14 02:26pm, 4levels wrote:
> > I think this is the generatd file causing the issue:
> >
> /nix/store/wz9mvb6x082h4mvww1gsf0x0l9fq8p7z-nixos-system-secure-16.09pre-git.drv
> > It looks like it's a single line of code, spanning 207073 characters,
> which
> > is pbbly more than the allowed argument length for bash.
> >
> > Are there any guidelines to avoid running into this argument list error?
>
> Depends on your bash use-case.
> Lots of programs support file-input.
> xargs may be a good candidate.
> If you don’t want it sequential, GNU parallel.
> Or just a plain old bash for; do; done loop.
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NixOps failes to deploy: bash: Argument list too long

[4levels]

Hi Nix Dev's,

I'm running (again) into this issue when trying to deploy a server with
quite a lot of key files (about 1600).

I think this is the generatd file causing the issue:
/nix/store/wz9mvb6x082h4mvww1gsf0x0l9fq8p7z-nixos-system-secure-16.09pre-git.drv
It looks like it's a single line of code, spanning 207073 characters, which
is pbbly more than the allowed argument length for bash.

Are there any guidelines to avoid running into this argument list error?

When I only add say 200 keys, everything works as expected.

I am able to adjust the deployment machine if needed to overcome this as
it's a dedicated nixos machine..

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Use PHP FPM with 2 PHP versions simultaneously

[4levels]

Hi Nix Devs, hi Marc,

thank you for your insightfull pointers, I will definitely try this as soon
as possible (I'm a bit over occupied atm).

I noticed that in NixOs 17.03 php fpm doesn't exist as a package anymore.
When deploying this, there is also no phpfpm service anymore.  Do you
happen to know an explanation for this?  Or should I post a new message to
this list?

Kind regards,

Erik

On Thu, Apr 6, 2017 at 12:23 PM Marc Weber  wrote:

>
> https://github.com/MarcWeber/nixpkgs/commit/5d1f3e9d4cfe5da9950b94b05203cfa128c2b288
> => see comments nixos/modules/services/misc/phpfpm.nix
>
> This code even figures out how many fpm daemons to start.
>
> Thus if you change ini (eg enabling xdebug) you'll get an additional
> daemon because you cannot use a pool for it.
>
> Marc Weber
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Use PHP FPM with 2 PHP versions simultaneously

[4levels]

Hi Nix Devs,

I'm convinced that I can manage to run 2 different PHP versions next to
eachother with NixOs.  I managed to install both php56 and php71 packages
(that's the easy part), but I lack the Nix skills to configure phpfpm, one
time with php56 and one with the php71 package.

PHP FPM has a Nix option to set the desired php package, like so

services.phpfpm.phpPackage = pkgs.php56;

But I don't see how I can configure a second phpfpm package with a
different version.

The reason I'd like to know is that I'm running an API built with Lumen,
capable of PHP 7, next to a legacy symfony application that has to stick
with PHP 5.6, and I'd love to see the performance gains from PHP 7 in the
API.

Hope someone can put me in the right direction, I'm guessing I need to
generate a derivation for phpfpm etc but I'm really not too familiar with
how to go about this.

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Override php xslSupport config option

[4levels]

Hi all,

seems like

nixpkgs.config.php.xsl = true;

is all I needed to add to my NixOps deploy expression.. great!
This triggered the download of the php sources (as well as libxslt) and PHP
is being built with xsl support..

I knew I was overlooking something obvious ;-)

Kind regards,

Erik

On Tue, Nov 1, 2016 at 4:22 PM 4levels <4lev...@gmail.com> wrote:

> Hi all,
>
> I tried the other way as mentioned in the Wiki as follows:
>
> nixpkgs.config.packageOverrides = pkgs: rec {
>   php56 = pkgs.stdenv.lib.overrideDerivation pkgs.php56 (oldAttrs: {
> cfg.xslSupport = true;
>   });
> };
>
> But this results in *error: cannot coerce a set to a string* in the php
> default.nix file on line 18, which is the line where the version is
> specified.  I'm clearly missing something obvious here (again) so still no
> luck.
>
> Thanks for your support!
>
> Erik
>
> On Tue, Nov 1, 2016 at 2:35 PM 4levels <4lev...@gmail.com> wrote:
>
> Hi all,
>
> I've managed to at least fix the build errors by adding the following
> (after reading the Wiki on package overrides here
> https://nixos.org/wiki/Nix_Modifying_Packages#Overriding_Existing_Packages
>
> So the nixops deploy command succeeds, but unfortunately still no xsl
> support in PHP
>
> I currently have the following:
>
> nixpkgs.config.packageOverrides = pkgs: rec {
>   php56 = pkgs.php56.override {
>     config = {
>   xslSupport = true;
> };
>   };
> };
>
>
>
> On Tue, Nov 1, 2016 at 2:21 PM 4levels <4lev...@gmail.com> wrote:
>
> Hi Devs,
>
> thanks for the info!
> However I'm struggling to get this in my NixOps config, my expression
> keeps failing as I'm probably doing it all wrong since I have no experience
> with packageOverrides.
>
> Can you provide an example (or link to one) where I can see this mechanism
> work?
>
> This is what I currently have (excerpt):
>
> environment.systemPackages = with pkgs; [
>   wget
>   unzip
>   gitMinimal
>   tmux
>   mariadb
>   php56
>   duplicity
>   nodejs
>   redis
>   php56Packages.apcu
>   php56Packages.composer
>   php56Packages.redis
>   certbot
>   sysstat
>   iotop
> ];
>
> nixpkgs.config.packageOverrides = php56:
>   php56.merge {
> cfg = {
>   xslSupport = true;
> };
>   };
> }
>
>
> On Sun, Oct 30, 2016 at 8:06 PM Jookia <166...@gmail.com> wrote:
>
> On Sun, Oct 30, 2016 at 09:59:20PM +0300, Игорь Пашев wrote:
> > Something like this:
> >
> > { php70 }: php70.merge {
> >   cfg = {
> > apxs2Support = false;
> > ldapSupport = false;
> > mssqlSupport = false;
> > pdo_pgsqlSupport = false;
> > postgresqlSupport = false;
> > sqliteSupport = false;
> > xslSupport = false;
> >   };
> > }
> >
> > Use this with nixpkgs.config.packageOverrides
>
> It's really obscure how to use these old-timey .merge{} operations. Maybe
> it
> should be documented somewhere or finally replaced with proper overrides?
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Override php xslSupport config option

[4levels]

Hi all,

I tried the other way as mentioned in the Wiki as follows:

nixpkgs.config.packageOverrides = pkgs: rec {
  php56 = pkgs.stdenv.lib.overrideDerivation pkgs.php56 (oldAttrs: {
cfg.xslSupport = true;
  });
};

But this results in *error: cannot coerce a set to a string* in the php
default.nix file on line 18, which is the line where the version is
specified.  I'm clearly missing something obvious here (again) so still no
luck.

Thanks for your support!

Erik

On Tue, Nov 1, 2016 at 2:35 PM 4levels <4lev...@gmail.com> wrote:

> Hi all,
>
> I've managed to at least fix the build errors by adding the following
> (after reading the Wiki on package overrides here
> https://nixos.org/wiki/Nix_Modifying_Packages#Overriding_Existing_Packages
>
> So the nixops deploy command succeeds, but unfortunately still no xsl
> support in PHP
>
> I currently have the following:
>
> nixpkgs.config.packageOverrides = pkgs: rec {
>   php56 = pkgs.php56.override {
> config = {
>   xslSupport = true;
> };
>   };
> };
>
>
>
> On Tue, Nov 1, 2016 at 2:21 PM 4levels <4lev...@gmail.com> wrote:
>
> Hi Devs,
>
> thanks for the info!
> However I'm struggling to get this in my NixOps config, my expression
> keeps failing as I'm probably doing it all wrong since I have no experience
> with packageOverrides.
>
> Can you provide an example (or link to one) where I can see this mechanism
> work?
>
> This is what I currently have (excerpt):
>
> environment.systemPackages = with pkgs; [
>   wget
>   unzip
>   gitMinimal
>   tmux
>   mariadb
>   php56
>   duplicity
>   nodejs
>   redis
>   php56Packages.apcu
>   php56Packages.composer
>   php56Packages.redis
>   certbot
>   sysstat
>   iotop
> ];
>
> nixpkgs.config.packageOverrides = php56:
>   php56.merge {
> cfg = {
>   xslSupport = true;
> };
>   };
> }
>
>
> On Sun, Oct 30, 2016 at 8:06 PM Jookia <166...@gmail.com> wrote:
>
> On Sun, Oct 30, 2016 at 09:59:20PM +0300, Игорь Пашев wrote:
> > Something like this:
> >
> > { php70 }: php70.merge {
> >   cfg = {
> > apxs2Support = false;
> > ldapSupport = false;
> > mssqlSupport = false;
> > pdo_pgsqlSupport = false;
> > postgresqlSupport = false;
> > sqliteSupport = false;
> > xslSupport = false;
> >   };
> > }
> >
> > Use this with nixpkgs.config.packageOverrides
>
> It's really obscure how to use these old-timey .merge{} operations. Maybe
> it
> should be documented somewhere or finally replaced with proper overrides?
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Override php xslSupport config option

[4levels]

Hi all,

I've managed to at least fix the build errors by adding the following
(after reading the Wiki on package overrides here
https://nixos.org/wiki/Nix_Modifying_Packages#Overriding_Existing_Packages

So the nixops deploy command succeeds, but unfortunately still no xsl
support in PHP

I currently have the following:

nixpkgs.config.packageOverrides = pkgs: rec {
  php56 = pkgs.php56.override {
config = {
  xslSupport = true;
};
  };
};



On Tue, Nov 1, 2016 at 2:21 PM 4levels <4lev...@gmail.com> wrote:

> Hi Devs,
>
> thanks for the info!
> However I'm struggling to get this in my NixOps config, my expression
> keeps failing as I'm probably doing it all wrong since I have no experience
> with packageOverrides.
>
> Can you provide an example (or link to one) where I can see this mechanism
> work?
>
> This is what I currently have (excerpt):
>
> environment.systemPackages = with pkgs; [
>   wget
>   unzip
>   gitMinimal
>   tmux
>   mariadb
>   php56
>   duplicity
>   nodejs
>   redis
>   php56Packages.apcu
>   php56Packages.composer
>   php56Packages.redis
>   certbot
>   sysstat
>   iotop
> ];
>
> nixpkgs.config.packageOverrides = php56:
>   php56.merge {
> cfg = {
>   xslSupport = true;
> };
>   };
> }
>
>
> On Sun, Oct 30, 2016 at 8:06 PM Jookia <166...@gmail.com> wrote:
>
> On Sun, Oct 30, 2016 at 09:59:20PM +0300, Игорь Пашев wrote:
> > Something like this:
> >
> > { php70 }: php70.merge {
> >   cfg = {
> > apxs2Support = false;
> > ldapSupport = false;
> > mssqlSupport = false;
> > pdo_pgsqlSupport = false;
> > postgresqlSupport = false;
> > sqliteSupport = false;
> > xslSupport = false;
> >   };
> > }
> >
> > Use this with nixpkgs.config.packageOverrides
>
> It's really obscure how to use these old-timey .merge{} operations. Maybe
> it
> should be documented somewhere or finally replaced with proper overrides?
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Override php xslSupport config option

[4levels]

Hi Devs,

thanks for the info!
However I'm struggling to get this in my NixOps config, my expression keeps
failing as I'm probably doing it all wrong since I have no experience with
packageOverrides.

Can you provide an example (or link to one) where I can see this mechanism
work?

This is what I currently have (excerpt):

environment.systemPackages = with pkgs; [
  wget
  unzip
  gitMinimal
  tmux
  mariadb
  php56
  duplicity
  nodejs
  redis
  php56Packages.apcu
  php56Packages.composer
  php56Packages.redis
  certbot
  sysstat
  iotop
];

nixpkgs.config.packageOverrides = php56:
  php56.merge {
cfg = {
  xslSupport = true;
};
  };
}


On Sun, Oct 30, 2016 at 8:06 PM Jookia <166...@gmail.com> wrote:

On Sun, Oct 30, 2016 at 09:59:20PM +0300, Игорь Пашев wrote:
> Something like this:
>
> { php70 }: php70.merge {
>   cfg = {
> apxs2Support = false;
> ldapSupport = false;
> mssqlSupport = false;
> pdo_pgsqlSupport = false;
> postgresqlSupport = false;
> sqliteSupport = false;
> xslSupport = false;
>   };
> }
>
> Use this with nixpkgs.config.packageOverrides

It's really obscure how to use these old-timey .merge{} operations. Maybe it
should be documented somewhere or finally replaced with proper overrides?
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Override php xslSupport config option

[4levels]

Hi Nix Devs,

I must be overlooking something obvious here, but I'm failing to enable XSL
support in PHP.  In this file
https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/interpreters/php/default.nix
I
see there is a config option cfg.xslSupport which defaults to false.

How can I set this option to true so PHP is built with xsl support?

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NFS performance issues after upgrade to 16.09

[4levels]

Hi all,

I removed the vers=3 and some other NFS v3 related mount options since my
host supports NFS versions up to 4.1 and the issues seem to have
disappeared!

As this is only happening (and NFS is only needed) in my local VM, this
works for me ;-)

If the issue comes back, I'll continue debugging NFS and report back here.

Kind regards,

Erik

On Mon, 17 Oct 2016, 06:47 Wout Mertens, <wout.mert...@gmail.com> wrote:

Maybe it's something else?
https://www.clearos.com/clearfoundation/social/community/solved-nfs-causing-high-load

To further troubleshoot, I'd look into NFS logging to see what is being
read/written, and snooping network traffic might be a quick way into that.
Maybe in the new versions one of the apps started doing lots of mini writes
with fsync?

Wout.

On Thu, Oct 13, 2016, 11:57 PM zimbatm <zimb...@zimbatm.com> wrote:

For the channels look into https://github.com/NixOS/nixpkgs-channels. The
branches here map directly to the channels that you can fetch publicly. If
you figure out which files are being used by nfs then it's a matter of
running a diff between the different branches.

https://github.com/NixOS/nixpkgs-channels/blob/nixos-16.09/nixos/modules/services/network-filesystems/nfsd.nix
doesn't seem to have changed since 16.03.
It seems to be using the nfs-utils which you can find in the
pkgs/top-level/all-packages.nix and follow from there. nfs-utils seems to
have changed:
https://github.com/NixOS/nixpkgs-channels/blob/nixos-16.09/pkgs/os-specific/linux/nfs-utils/default.nix
There is also the kernel module that you might want to dig into.

I know it's not a direct solution but hopefully it will give you some more
things to try out.

Cheers,
z



On Thu, 13 Oct 2016 at 15:18 4levels <4lev...@gmail.com> wrote:

Hi Jonas,

disabling fail2ban didn't help, now the Nginx webserver keeps crashing as
soon as a php error occurs.
Do you know by any chance if with the upgrade to nixos-16.09 a newer
version of NFS is included than in 16.03?  Maybe some default parameters in
NFS have changed causing this havoc.
As a more general question: how can I see which version of package x is
used in nixos version y?

Kind regards,

Erik

On Thu, Oct 13, 2016 at 11:05 AM 4levels <4lev...@gmail.com> wrote:

Hi,

thank you for your suggestions.  I've disabled the firewall and fail2ban
services, let's hope that does the trick!
I'll report back when things are better..

Kind regards,

Erik

On Thu, Oct 13, 2016 at 9:09 AM zimbatm <zimb...@zimbatm.com> wrote:

Hi,

What happens if you disable fail2ban? Maybe the behaviour has changed.

Or try to change the kernel and NFS versions.

I know it's not much help, all I can recommend is to try and replace each
component to reduce the error.

On Wed, 12 Oct 2016, 10:51 4levels, <4lev...@gmail.com> wrote:

Dear Nix'ers,

I've a permanent issue since the upgrade to nixos-16.09 in my local vm
(with kvm-qemu from an SSD partition).  The load of the vm is increasing
over time without any signs in the output of top.  Bash completion when
traversing directories stalls and the whole system becomes unresponsive
after about 5 to 10 minutes with top showing a load > 30.  Even rebooting
fails with several services failing to stop (eg. fail2ban, phpfpm, ).

This has everything to do with NFS: as soon as I disable the NFS mounts,
the system maintains normal operation.  Nginx / phpfpm are using NFS
mounted folders for local development.

These are the filesystem declarations in the nixops expression:

  fileSystems."/data/dev" = {
device = "d01:/data/dev";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };
  fileSystems."/extra/Documents" = {
device = "d01:/extra/Documents";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };

with d01 being declared in extrahosts

  networking.extraHosts = "192.168.121.1 d01 d01.local";

Has anyone an idea how this could be related to the upgrade to 16.09?  On
16.03 this all worked normally..

Kind regards,

Erik aka 4levels

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NFS performance issues after upgrade to 16.09

[4levels]

Hi Jonas,

disabling fail2ban didn't help, now the Nginx webserver keeps crashing as
soon as a php error occurs.
Do you know by any chance if with the upgrade to nixos-16.09 a newer
version of NFS is included than in 16.03?  Maybe some default parameters in
NFS have changed causing this havoc.
As a more general question: how can I see which version of package x is
used in nixos version y?

Kind regards,

Erik

On Thu, Oct 13, 2016 at 11:05 AM 4levels <4lev...@gmail.com> wrote:

Hi,

thank you for your suggestions.  I've disabled the firewall and fail2ban
services, let's hope that does the trick!
I'll report back when things are better..

Kind regards,

Erik

On Thu, Oct 13, 2016 at 9:09 AM zimbatm <zimb...@zimbatm.com> wrote:

Hi,

What happens if you disable fail2ban? Maybe the behaviour has changed.

Or try to change the kernel and NFS versions.

I know it's not much help, all I can recommend is to try and replace each
component to reduce the error.

On Wed, 12 Oct 2016, 10:51 4levels, <4lev...@gmail.com> wrote:

Dear Nix'ers,

I've a permanent issue since the upgrade to nixos-16.09 in my local vm
(with kvm-qemu from an SSD partition).  The load of the vm is increasing
over time without any signs in the output of top.  Bash completion when
traversing directories stalls and the whole system becomes unresponsive
after about 5 to 10 minutes with top showing a load > 30.  Even rebooting
fails with several services failing to stop (eg. fail2ban, phpfpm, ).

This has everything to do with NFS: as soon as I disable the NFS mounts,
the system maintains normal operation.  Nginx / phpfpm are using NFS
mounted folders for local development.

These are the filesystem declarations in the nixops expression:

  fileSystems."/data/dev" = {
device = "d01:/data/dev";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };
  fileSystems."/extra/Documents" = {
device = "d01:/extra/Documents";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };

with d01 being declared in extrahosts

  networking.extraHosts = "192.168.121.1 d01 d01.local";

Has anyone an idea how this could be related to the upgrade to 16.09?  On
16.03 this all worked normally..

Kind regards,

Erik aka 4levels

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NFS performance issues after upgrade to 16.09

[4levels]

Hi,

thank you for your suggestions.  I've disabled the firewall and fail2ban
services, let's hope that does the trick!
I'll report back when things are better..

Kind regards,

Erik

On Thu, Oct 13, 2016 at 9:09 AM zimbatm <zimb...@zimbatm.com> wrote:

> Hi,
>
> What happens if you disable fail2ban? Maybe the behaviour has changed.
>
> Or try to change the kernel and NFS versions.
>
> I know it's not much help, all I can recommend is to try and replace each
> component to reduce the error.
>
> On Wed, 12 Oct 2016, 10:51 4levels, <4lev...@gmail.com> wrote:
>
> Dear Nix'ers,
>
> I've a permanent issue since the upgrade to nixos-16.09 in my local vm
> (with kvm-qemu from an SSD partition).  The load of the vm is increasing
> over time without any signs in the output of top.  Bash completion when
> traversing directories stalls and the whole system becomes unresponsive
> after about 5 to 10 minutes with top showing a load > 30.  Even rebooting
> fails with several services failing to stop (eg. fail2ban, phpfpm, ).
>
> This has everything to do with NFS: as soon as I disable the NFS mounts,
> the system maintains normal operation.  Nginx / phpfpm are using NFS
> mounted folders for local development.
>
> These are the filesystem declarations in the nixops expression:
>
>   fileSystems."/data/dev" = {
> device = "d01:/data/dev";
> fsType = "nfs";
> options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
> "actimeo=1" ];
>   };
>   fileSystems."/extra/Documents" = {
> device = "d01:/extra/Documents";
> fsType = "nfs";
> options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
> "actimeo=1" ];
>   };
>
> with d01 being declared in extrahosts
>
>   networking.extraHosts = "192.168.121.1 d01 d01.local";
>
> Has anyone an idea how this could be related to the upgrade to 16.09?  On
> 16.03 this all worked normally..
>
> Kind regards,
>
> Erik aka 4levels
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NFS performance issues after upgrade to 16.09

[4levels]

Dear Nix'ers,

I've a permanent issue since the upgrade to nixos-16.09 in my local vm
(with kvm-qemu from an SSD partition).  The load of the vm is increasing
over time without any signs in the output of top.  Bash completion when
traversing directories stalls and the whole system becomes unresponsive
after about 5 to 10 minutes with top showing a load > 30.  Even rebooting
fails with several services failing to stop (eg. fail2ban, phpfpm, ).

This has everything to do with NFS: as soon as I disable the NFS mounts,
the system maintains normal operation.  Nginx / phpfpm are using NFS
mounted folders for local development.

These are the filesystem declarations in the nixops expression:

  fileSystems."/data/dev" = {
device = "d01:/data/dev";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };
  fileSystems."/extra/Documents" = {
device = "d01:/extra/Documents";
fsType = "nfs";
options = [ "defaults" "noatime" "nolock" "noacl" "vers=3" "udp"
"actimeo=1" ];
  };

with d01 being declared in extrahosts

  networking.extraHosts = "192.168.121.1 d01 d01.local";

Has anyone an idea how this could be related to the upgrade to 16.09?  On
16.03 this all worked normally..

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps usage survey.

[4levels]

Hi Aloïs,

we're using NixOps to deploy a "typical" php web application using Nginx /
Redis / MariaDB and the Symfony and Laravel/Lumen frameworks.  We're also
making use of the python package wkhtml2pdf to generate PDF documents from
HTML content.

All our credentials are deployed through the deployment.keys method,
preventing them from being stored anywhere on disk.  And git-crypt is used
to hide their contents in the repositories.

We've been pleasantly surprised that every single deploy has given
identical results on all (currently 12) servers in the various datacenter
locations of Vultr.

I'm having one NixOps VM running locally to deploy and test my other local
VM's (using kvm/qemu with libvirt on a debian host) and to update the
online NixOps orchestrating server (minimal Vultr machine) which in turn
deploys the 12 other Vultr machines.

We don't use the automated tools to initialize new machines (neither on
Vultr, or locally): every machine is manually installed with the
nixos-minimal iso image.  All we need to do is adding the proper ssh-keys
and the next deploy installs and configures everything else.  This usually
takes less than 10 minutes and is only needed once per server.

TL;DR;
NixOps has made our deploys ridiculously stable and performant!  And with
the extra tools nixops provide (eg. ssh-for-each) this makes it the best
decision we've ever made.  I can only recommend the Nixos / NixOps combo,
definitely worth investigating!


Kind regards,

Erik


On Tue, Sep 6, 2016 at 3:06 PM Игорь Пашев  wrote:

> I'm using NixOps in production, EC2, Hetzner, VBox with no issues.
>
> Of course, commit NixOps state (JSON) in git with git-crypt. And this
> wrapper for NixOps:
>
> #!/usr/bin/env bash
>
> set -euo pipefail
>
> NIXPKGS=
> https://github.com/NixOS/nixpkgs-channels/archive/nixos-15.09.tar.gz
> NIXOPS=${NIXOPS:-nixops}
> export NIX_PATH=nixpkgs="$NIXPKGS":.
>
> usage () {
> cat < Usage: $0   [nixops options]
> Examples:
>   $0 deploy realms/vbox.nix
>   $0 info realms/vbox.nix
>   $0 deploy realms/dumpoo.nix --build-only
>   $0 destroy realms/cats.nix --include slothcat
> USAGE
> }
>
> fatal () {
>   echo '** ERROR:' "$@" >&2
>   usage >&2
>   exit 1
> }
>
> if [ $# -lt 2 ]; then
>   fatal "missing agruments."
> fi
>
> CMD="$1"; shift
> REALM_NIX="$1"; shift
>
> case "$REALM_NIX" in
>   *realms/*.nix) REALM=$(basename "$REALM_NIX" .nix);;
>   *) fatal "invalid realm spec: $REALM_NIX";;
> esac
>
> cd "$(dirname "$0")"
>
> state="secrets/nixops-${REALM}.json"
> db=$(mktemp -u "secrets/tmp.${REALM}.XX.nixops")
>
> trap 'save' EXIT
>
> save() {
>   if [ -f "$db" ]; then
> "$NIXOPS" export -s "${db}" > "${state}.tmp"
> mv "${state}.tmp" "${state}"
> rm -f "$db"*
>   fi
> }
>
> create() {
>   "$NIXOPS" create -s "$db" -d "$REALM" ""
> }
>
> case "$CMD" in
>   create)
> [ ! -f "$state" ] || fatal "\`$state' already exists."
> create
> ;;
>   *)
> [ -f "$state" ] || fatal "\`$state' does not exists."
> "$NIXOPS" import -s "${db}" < "$state"
> "$NIXOPS" "$CMD" -s "$db" -d "$REALM" "$@"
> ;;
> esac
>
>
>
> And makefile for development with vbox;
>
> REALM = cats
> override STATE = secrets/nixops-vbox-$(REALM).json
>
> build: $(STATE)
> ./let deploy realms/vbox-$(REALM).nix --build-only
>
> destroy:
> ./let $@ realms/vbox-$(REALM).nix --confirm
>
> info deploy check send-keys start stop reboot: $(STATE)
> ./let $@ realms/vbox-$(REALM).nix
>
> $(STATE):
> ./let create realms/vbox-$(REALM).nix
>
> 2016-09-05 19:01 GMT+03:00 Aloïs Cochard :
> > Hi all,
> >
> > We are experimenting with NixOps and we are having great success. We do
> plan
> > to use it for our development infrastructure, and it seems to be very
> > promising.
> >
> > In the light of applying the same technology on our production stack, I'm
> > curious to know how NixOps is used "for real"? Do you use it in
> production?
> >
> > Do you have some success story to share?
> >
> > Would love to know more about how it is used, the size of clusters, ...
> >
> > Thanks in advance!
> >
> > --
> > Λ\oïs
> > http://twitter.com/aloiscochard
> > http://github.com/aloiscochard
> >
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] nix modules: Unsetting attrsOf options?

[4levels]

Hi Rickard,

All I can think of currently is that you could create a new config variable
using filterAttrs to keep only the information you need.
Not sure if this solves your question though as I'm not aware if you can
use another variable in your scenario.

Kind regards,

Erik

On Wed, Sep 7, 2016 at 12:35 AM Rickard Nilsson 
wrote:

> Is it possible to unset an attrsOf option? Say I import a module that
> looks like this:
>
> options = {
>myattrs = mkOption {
>  type = types.attrsOf ...
>  default = {};
>};
> }
>
> config = {
>myattrs = {
>  a = ...
>  b = ...
>};
> };
>
> And then I want to remove the "a" attribute in the importing config:
>
> config = {
>myattrs.a = mkForce ...
> }
>
> Is that possible in any way?
>
>
>/ Rickard
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Tips on deploying a Scala Play application

[4levels]

Hi Teo,

thank you for the brief introduction into the different contexts, I was not
aware of this at all and was using trial-and-error to get things running.
I still need to learn a lot here, that's for sure!

Regarding parseTS: do I need to setup something similar to your parsets.nix
(adjusted for my needs) or can I skip this completely?  In other words, in
your github repo here
https://github.com/BlocklandGlass/ParseTS-Playground which
files do I need to adjust / implement? Do I understand correctly that I'll
have to look at these 3 files?
- defaults.nix
- parsets.nix
- parsets-playground.nix

The file parsets-plaground-wrapper.nix in your deployment folder is
sufficient for the nixops part of this story, right?

Too bad you couldn't spot the issue, did you receive both my emails (since
one was being held for moderation)?

Regarding the exec in the systemd definition: this is what I copied from
your code here:
https://github.com/BlocklandGlass/ParseTS-Playground/blob/master/deployment/parsets-playground-wrapper.nix

I'm still trying to get in touch with some other people who might be able
to shed some light on how to deploy a Play application correctly.  I'm glad
to see that you pulled it off in your demo on nullable.se ;-)


Thanks again for your support!

Erik

On Wed, Jul 6, 2016 at 10:00 PM Teo Klestrup Röijezon <t...@nullable.se>
wrote:

> Hey Erik,
>
> > how does the sequence of the nixops modify files matter?
>
> The files listed are merged when building the actual NixOS configurations.
>
> > when to use with *import ;* or *{ stdenv, lib, config, pkgs,
> ... }:* and what are the differences
>
> I think there are actually three different contexts to keep in mind here:
> packages definitions, NixOS modules, and standalone nix definitions. Quick
> disclaimer: I am by no means an expert either.
>
> For regular packages, you should take the dependencies as arguments. That
> makes it easy to override them with, say, patched versions. Also, the
> channel might not always be named nixpkgs, and it might not even be in
> NIX_PATH at all.
>
> For NixOS modules (including when part of NixOps network definitions), the
> same concerns apply, and Nixpkgs as a whole should instead be injected
> through the `pkgs` argument. I'm not sure, but I don't believe the `config`
> is accessible at all using `import`.
>
> Finally, for standalone nix definitions (mostly useful for the
> `default.nix` used for development builds), you'll need to use `import`.
>
> Regarding the error, there's not really much that stands out to me right
> now, except for that you shouldn't use `exec` in systemd services. That
> shouldn't cause a build error, though.
>
> // Teo
>
> On 6 July 2016 at 17:10, 4levels <4lev...@gmail.com> wrote:
>
>> Hi Teo,
>>
>> I knew I was getting off course with my conclusions, thanks for
>> clarifying this!
>>
>> I'll try to give you an overview, I don't mind adding you to our private
>> Bitbucket repo if you'd like to see all files and folders.
>> I still don't know where I should add the statements to have the play
>> project deployed.  All I have for now is the project's directory in a
>> subfolder, src/play.mancloud.eu
>>
>> I still have many questions regarding nixo(p)s internals:
>> - how does the sequence of the nixops modify files matter?
>> - when to use with *import ;* or *{ stdenv, lib, config, pkgs,
>> ... }:* and what are the differences
>> - ..
>>
>> I'll try to give you an explanation of how the deploy scripts are
>> composed below.  There's still a lot of room for improvements and
>> regrouping of statements as I'm still a nix beginner..
>>
>>
>> *nixops info* output
>> Nix expressions: vultr.nix defaults-local.nix defaults.nix
>> servers-local.nix keys-vm01.nix platform-local.nix
>>
>> *vultr.nix* contains Vultr specifics + the collectd setup
>>
>> {
>>   defaults = {
>> deployment = {
>>   targetEnv = "none";
>> };
>> fileSystems."/" =
>> {
>>   device = "/dev/vda1";
>>   options = [ "noatime" "nodiratime" "discard" ];
>> };
>> swapDevices = [
>>   {
>> device = "/dev/vda2";
>>   }
>> ];
>> boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" 
>> "virtio_pci" "virtio_blk" ];
>> boot.loader.grub.enable = true;
>> boot.loader.grub.version = 2;
>> boot.loader.grub.device = "/dev/vda";
>> services.collectd.extraConfig = ''
>> 
>>   Device "/dev/vda1"
>>   M

Re: [Nix-dev] Tips on deploying a Scala Play application

[4levels]

;   error_log '/tmp/pma-error.log' debug;
>   location ~ "^(.+\.php)($|/)" {
> include ${pkgs.nginx}/conf/mime.types;
> ${builtins.readFile ./src/nginx-php-config.conf}
>   }
>   location / {
> include ${pkgs.nginx}/conf/mime.types;
> ${builtins.readFile ./src/nginx-rewrite.conf}
>   }
> }
> '';
>   };
> };
> }
>
>
> *diem-service.nix* contains the configuration for diem (PHP Symfony based
> CMF) and is quite large as well (+500 lines).  I removed less relevant parts
>
> { config, lib, pkgs, nodes, ... }:
> let
>   cfg = config.services.diem;
>   serviceDir = "/var/www";
>   systemdService = name: value:
> {
>   name = "diem-${name}";
>   value = {
> description = "Diem ${name} service";
> wantedBy = [ "multi-user.target" "nginx.target" ];
> after = [ "keys.target" "network.target" "mysql.target" ] ++
> lib.mapAttrsToList (n: v:
>   "diem-${n}.service"
> ) (lib.filterAttrs (n: v: n < name) cfg.platforms);
> requires = [ "keys.target" "network.target" "mysql.target" ] ++
> lib.mapAttrsToList (n: v:
>   "diem-${n}.service"
> ) (lib.filterAttrs (n: v: n < name) cfg.platforms);
> environment = {
>   inherit (config.environment.variables) SSL_CERT_FILE;
> };
> serviceConfig.ExecStart = "${serviceDir}/${name}/nixSetup.sh";
>   };
> };
>   serverActivation = value:
> lib.concatStrings (lib.mapAttrsToList(n: v:
>   if (lib.isAttrs(v) && lib.hasAttr("platform") v) then
> "${packageActivation n v};"
>   else ""
>   ) value
> );
>   packageActivation = name: value:
> {
>   name = "diem-${name}";
>   value =
> ''
>   # create / symlink project dirs
>   mkdir -p ${serviceDir}/${name}
>   mkdir -p
> ${serviceDir}/${name}/{cache/dm,config/dm,data/backup/db,data/backup/uploads,data/restore/db,data/restore/uploads,data/dm/i18n,data/exports,log,web/uploads}
>
>   # letsEncrypt script
>   cp ${pkgs.writeText "letsEncrypt.sh" "${letsEncrypt name value}"
> } ${serviceDir}/${name}/letsEncrypt.sh
>   chmod +x ${serviceDir}/${name}/letsEncrypt.sh
>
>   # nixSetup script
>   cp ${pkgs.writeText "nixSetup.sh" "${nixSetup name value}" }
> ${serviceDir}/${name}/nixSetup.sh
>   chmod +x ${serviceDir}/${name}/nixSetup.sh
>
>   # s3Backup script
>   cp ${pkgs.writeText "s3Backup.sh" "${s3Backup name}" }
> ${serviceDir}/${name}/s3Backup.sh
>   chmod +x ${serviceDir}/${name}/s3Backup.sh
> '';
> };
>   diem = (import ./diem-package.nix);
>   ...
>
> in
> with lib;
> {
>   options = {
> services.diem = {
>   platforms = mkOption {
> default = {};
> example = {
>   test = {
> database = {
>   password = "foopass";
> };
> timezone = "Europe/Brussels";
>   };
> };
>   };
> };
>   };
>
>   config = mkIf (cfg.platforms != {}) {
> system.activationScripts = mapAttrs' packageActivation cfg.platforms;
> systemd.services = mapAttrs' systemdService cfg.platforms // timers
> cfg.platforms;
>   };
> }
>
> *diem-package.nix* contains the packaging statements, read from a github
> repo
>
> with import  {};
> pkgs.stdenv.mkDerivation rec {
>   name = "diem-1.0.0";
>   src = pkgs.fetchgit {
> url = "https://github.com/diem-project/diem.git;;
> rev = "refs/heads/master";
> sha256 = "11scd9z7h91bd242gvy0grnlx75d25ckx1k0k3qvz74p55f1kww7";
>   };
>
>   buildPhase = "true";
>   installPhase =
> ''
>   mkdir -p $out
>   cp -r * $out
> '';
> }
>
>
>
> *keys-vm01.nix* contains the inclusions of the configuration keys and
> other sensitive data for this host
>
> {
>   vm01 =
> { config, pkgs, lib, ... }:
> let
>   serverKeys = keys:
> lib.genAttrs keys (n:
>   {
> text = lib.removeSuffix "\n" (builtins.readFile (./keys/vm01 + 
> "/${builtins.replaceStrings ["@"] ["-"] n}") );
> group = "keys";
> permissions = &quo

Re: [Nix-dev] Tips on deploying a Scala Play application

[4levels]

ev = "refs/heads/master";
sha256 = "11scd9z7h91bd242gvy0grnlx75d25ckx1k0k3qvz74p55f1kww7";
  };

  buildPhase = "true";
  installPhase =
''
  mkdir -p $out
  cp -r * $out
'';
}



*keys-vm01.nix* contains the inclusions of the configuration keys and other
sensitive data for this host

{
  vm01 =
{ config, pkgs, lib, ... }:
let
  serverKeys = keys:
lib.genAttrs keys (n:
  {
text = lib.removeSuffix "\n" (builtins.readFile
(./keys/vm01 + "/${builtins.replaceStrings ["@"] ["-"] n}") );
group = "keys";
permissions = "0640";
  }
)
  ;
in
{
  deployment.keys = serverKeys [
"diem.project.database.password"
"diem.project.encryption.cipher"
"diem.project.encryption.key"
...
  ];
};
}


platform-local.nix contains the project definitions per server

with import ;
{
  vm01 =
{ config, pkgs, ... }:
{
  services.diem.platforms = {
project = {
  domain = "local.project";
  path = "/data/dev/projects/project";
};
  };
  ...
};
}


Kind regards and thank you again for your willing and friendly attitude!

Erik





On Wed, Jul 6, 2016 at 5:41 AM Teo Klestrup Röijezon <t...@nullable.se>
wrote:

> HI Erik,
>
> That's pretty much entirely wrong. :P ParseTS is just a linter script for
> the game scripting language TorqueScript. ParseTS-Playground was a pastebin
> that would run the submitted code through the linter. For example, see
> https://parsets-playground.nullable.se/snippets/13. The datastore used
> was PostgreSQL.
>
> Anyway, apart from the ParseTS stuff, at least those scripts should be
> pretty much straightforward to copy to any Play application, though for the
> config stuff to work you'll need to add the line 'include "local.conf"' to
> your conf/application.conf.
>
> Any chance you could post your current setup and the errors you get?
>
> // Teo
>
> On 6 July 2016 at 04:31, 4levels <4lev...@gmail.com> wrote:
>
>> Hi Teo,
>>
>> I've come quite far in setting up things, but I keep running into
>> building errors.
>> It has everything to do with me removing all references to parsets and
>> postgres and renaming things here and there, trying to merge them with the
>> current deploy setup.
>>
>> Do I understand correctly that parsets is a library to store data, using
>> postgres in the background?  I'd like to start using Event Sourcing with
>> Scala / Akka so I don't need a datastore like parsets, correct?  I'm very
>> unsure about this as I literally started today with learning Scala / Play.
>> I got my toes wet with Java before but that's really it.
>>
>> Something else I found interesting as I'm quite an Nginx fan and have
>> nginx running with proxies already: Nginx has capabilities to deal with
>> Java in different ways, as proxy or tied with eg Clojure for even faster
>> results..
>>
>> The journey continues ;-)
>>
>>
>> Kind regards,
>>
>> Erik
>>
>> On Tue, Jul 5, 2016 at 10:23 PM 4levels <4lev...@gmail.com> wrote:
>>
>>> Hi Teo,
>>>
>>> Thank you for your explanation and quick qualitative response!
>>>
>>> I'll be looking at your code asap and report back with my experiences
>>> ;-)
>>>
>>> Kind regards,
>>>
>>> Erik
>>>
>>> On Tue, Jul 5, 2016, 22:08 Teo Klestrup Röijezon <t...@nullable.se>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> A JRE should be enough for running it, but you need sbt and a JDK for
>>>> building. I've got a derivation for a Play website at
>>>> https://github.com/BlocklandGlass/ParseTS-Playground/blob/master/parsets-playground.nix,
>>>> with the NixOS/NixOps setup at
>>>> https://github.com/BlocklandGlass/ParseTS-Playground/tree/master/deployment
>>>> .
>>>>
>>>> The gist of it is to run "sbt stage" in the build phase, and to then
>>>> take "target/universal/stage" as your build output. However, you'll also
>>>> need to wrap the launcher script to add your JRE and to add gawk (which the
>>>> launcher script requires). Finally, on any modern system (such as NixOS)
>>>> you'll also want to disable Play's PID file management, since systemd takes
>>>> care of that anyway. I didn't in that script, but you'll probably also want
>>>> to add a testing phase as part of the bu

Re: [Nix-dev] Tips on deploying a Scala Play application

[4levels]

Hi Teo,

Thank you for your explanation and quick qualitative response!

I'll be looking at your code asap and report back with my experiences ;-)

Kind regards,

Erik

On Tue, Jul 5, 2016, 22:08 Teo Klestrup Röijezon <t...@nullable.se> wrote:

> Hi,
>
> A JRE should be enough for running it, but you need sbt and a JDK for
> building. I've got a derivation for a Play website at
> https://github.com/BlocklandGlass/ParseTS-Playground/blob/master/parsets-playground.nix,
> with the NixOS/NixOps setup at
> https://github.com/BlocklandGlass/ParseTS-Playground/tree/master/deployment
> .
>
> The gist of it is to run "sbt stage" in the build phase, and to then take
> "target/universal/stage" as your build output. However, you'll also need to
> wrap the launcher script to add your JRE and to add gawk (which the
> launcher script requires). Finally, on any modern system (such as NixOS)
> you'll also want to disable Play's PID file management, since systemd takes
> care of that anyway. I didn't in that script, but you'll probably also want
> to add a testing phase as part of the build.
>
> The big drawback with this approach is that SBT downloads all dependencies
> from the internet on demand, which won't work on a Nix setup with proper
> isolation (ideally, builds should only have network access if they
> deterministically produce a given hash).
>
> I've been toying with the idea of writing a sbt2nix SBT plugin that
> generates Nix definitions to build a local maven mirror for the
> dependencies, but I haven't got around to that (yet).
>
> // Teo
>
> On 5 July 2016 at 21:52, 4levels <4lev...@gmail.com> wrote:
>
>> Hi Nix-devs,
>>
>> This is a plain request for assistance / best practices for using Nixos
>> with Java / Scala / Play.  Akka with EventSourcing are also a topic of
>> interest.
>>
>> I'm currently trying to get a Scala Play app up and running on my nixOps
>> deployed machines.  As I'm very unfamiliar with running Java based apps,
>> I'd like to know if someone has experience on the common pitfalls and tips
>> on keeping the servers healthy (I just caused my laptop's 8 cores to go
>> 100% without being able to stop the server started by the activator call).
>>
>> I've seen some related packages in nixpkgs and have many questions like
>> eg. do I need sbt (which seems to provide typesafe - activator) and a jdk
>> on the production servers or are is a jre sufficient? How do I deploy and
>> run a Java app developed locally?
>> And how do I set-up a local nixos vm for Java development?
>>
>> I'm still investigating and learning a lot myself, so nix-related
>> knowledge is my main concern here (as I need to figure out the rest myself
>> anyway ;-)
>>
>> I'll be happy to share my findings and configuration / setup..
>>
>>
>> Kind regards,
>>
>> Erik
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Tips on deploying a Scala Play application

[4levels]

Hi Nix-devs,

This is a plain request for assistance / best practices for using Nixos
with Java / Scala / Play.  Akka with EventSourcing are also a topic of
interest.

I'm currently trying to get a Scala Play app up and running on my nixOps
deployed machines.  As I'm very unfamiliar with running Java based apps,
I'd like to know if someone has experience on the common pitfalls and tips
on keeping the servers healthy (I just caused my laptop's 8 cores to go
100% without being able to stop the server started by the activator call).

I've seen some related packages in nixpkgs and have many questions like eg.
do I need sbt (which seems to provide typesafe - activator) and a jdk on
the production servers or are is a jre sufficient? How do I deploy and run
a Java app developed locally?
And how do I set-up a local nixos vm for Java development?

I'm still investigating and learning a lot myself, so nix-related knowledge
is my main concern here (as I need to figure out the rest myself anyway ;-)

I'll be happy to share my findings and configuration / setup..


Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Multiple machines with nix store shared via NFS

[4levels]

Hi Renato,

I'm no expert whatsoever here, but isn't NixOps doing this in a way? At
least on my nixos deployed servers all stores are kept in sync, only the
server-specific packages are unique for each machine.
Don't ask me how it works, I can only confirm that it does ;-)

Just my 2 cents..

Kind regards,

Erik

On Fri, Jul 1, 2016, 23:16 Renato Alves  wrote:

> Had a look at the links. The 2011 thread mentions problems that have
> been addressed by either nix-daemon or remote-build nodes.
>
> There's also some references to socat but not much. Seems like
> forwarding could indeed be a solution but from what I read elsewhere
> it's a fragile setup and requires ssh-agent and passwordless keys.
>
> There's also some articles about using haproxy and nginx to proxy
> sockets but it's all very much ad-hoc. I'm also not sure how this would
> work given the security model of nix-daemon.
>
> The 2014 thread is also a good read but focused on using the cluster
> infrastructure to compile things. I don't want to go down that road yet.
> Perhaps in the future if necessary.
> At the moment I'd be happy with having nix-env and nix-shell on all
> machines.
>
> Is there currently any support for NIX_REMOTE specifying a connection to
> a daemon on a different host? (i.e. literally REMOTE :)
>
> R
>
>
>
> On 01/07/16 22:34, Layus wrote:
> > I never sait it was a good idea, just soemthing worth investigating.
> >
> > Now, this has been discussed on the ML already
> >
> > See for example
> > [Nix-dev] Sharing the Nix store between systems
> > 
> /Rickard
> > Nilsson
> > /[Nix-dev] nix on compute cluster?
> > 
> //Andreas
> > Herrmann
> >
> > //And more generally Google search on
> > site:http://lists.science.uu.nl/pipermail/nix-dev/ :-).
> >
> > -- Layus.
> >
> > On 01/07/16 21:55, Renato Alves wrote:
> >> I never tried it with sockets, only tcp ports.
> >>
> >> I need to move the socket to a different location. Currently it also
> >> sits on NFS. I can play with symlinks making it point to a local disk.
> >>
> >> The entire setup sounds terribly hackish though.
> >>
> >> If anyone has better alternatives I'd love to hear them.
> >>
> >> Thanks,
> >> R
> >>
> >> On 01/07/16 20:51, Layus wrote:
> >>> Just one idea off the top of my head: Would it be possible to forward
> >>> the unix socket of the daemon ?
> >>>
> >>> -- Layus ?
> >>>
> >>> On 01/07/16 15:10, Renato Alves wrote:
>  Hi everyone,
> 
> 
>  Recently I've been trying to setup nix on a multiple-machine shared
>  environment. At the moment I have one machine setup with nix-daemon
>  running from a store in a custom location (/shared/myuser/nix). This
>  location is shared via NFS with several other machines. This is all
>  still pretty new to me as I've only recently started using nix and
>  haven't used nixos yet.
> 
>  Before setting up nix-daemon I ran into some problems with database
>  corruption (sqlite) due to concurrent processes. With nix-daemon these
>  have gone away.
> 
>  One limitation that I identified recently is that on any of the other
>  machines that do not have nix-daemon running (but have read access to
>  the store) I can run commands from the store without problems but
>  cannot, for instance, use nix-shell.
>  So I thought of spawning a nix-daemon instance on those machines but
> I'm
>  not sure what is the best way to set it up without risking DB
> corruption
>  again.
> 
>  These are the requirements I'd like to meet:
>   * /shared/myuser/nix is shared across multiple machines with the same
>  architecture (x86_64-linux).
>   * All machines should be able to use nix-shell or any nix related
>  command, including requesting installation of packages.
>   * Only some machines are allowed to compile. Machines that are not
>  allowed should rely on something like remote-systems.conf to
> distribute
>  work.
> 
>  Is this kind of setup currently possible with nix? If so, can someone
>  provide some guidance?
> 
> 
>  Thanks,
>  Renato
> 
> 
> 
>  ___
>  nix-dev mailing list
>  nix-dev@lists.science.uu.nl
>  http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >>>
> >>>
> >>>
> >>> ___
> >>> nix-dev mailing list
> >>> nix-dev@lists.science.uu.nl
> >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >>>
> >>
> >>
> >> ___
> >> nix-dev mailing list
> >> nix-dev@lists.science.uu.nl
> >> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >
> >
> >
> >
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > 

Re: [Nix-dev] Using string as path to eg. builtins.readFile

[4levels]

Hi Bas,

Out of curiosity I've been experimenting with different approaches but only
yours works and I have no clue why..  Is there anything I can learn / read
/ study to understand why?  Without having to study C++ (or python for that
matter as I can't even tell them apart ;-)
Is this basic lambda programming or very specific to Nix?

Works
builtins.readFile (./keys + "/${name}")

Doesn't work
builtins.readFile (./keys/ + "${name}") - unexpected +
builtins.readFile (./keys/ + name) - unexpected +
builtins.readFile (./keys + "/" + name") - no build errors, but doesn't
parse the / in the middle -> ./keysmancloud.amazon.iam.key_id -> not found

Kind regards and thanks again, my key deployment sections have become very
compact and maintainable now..

Erik

On Tue, Jun 21, 2016 at 1:56 AM 4levels <4lev...@gmail.com> wrote:

> Hi Bas,
>
> Thank you so much! Exactly what I was looking for.
> It's these basic things that I keep not getting my head around.. You have
> no idea how many fruitless Google and GitHub searches I tried on this one
> ;-)
>
> Finally resolved and another lesson learned, amazing!
>
> Kind regards,
>
> Erik
>
> On Tue, Jun 21, 2016, 01:39 Bas van Dijk <v.dijk@gmail.com> wrote:
>
>> On 19 June 2016 at 15:58, 4levels <4lev...@gmail.com> wrote:
>> > builtins.readFile "./keys/${name}"
>>
>> Hi Erik, try this:
>>
>>   builtins.readFile (./keys + "/${name}")
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Using string as path to eg. builtins.readFile

[4levels]

Hi Bas,

Thank you so much! Exactly what I was looking for.
It's these basic things that I keep not getting my head around.. You have
no idea how many fruitless Google and GitHub searches I tried on this one
;-)

Finally resolved and another lesson learned, amazing!

Kind regards,

Erik

On Tue, Jun 21, 2016, 01:39 Bas van Dijk <v.dijk@gmail.com> wrote:

> On 19 June 2016 at 15:58, 4levels <4lev...@gmail.com> wrote:
> > builtins.readFile "./keys/${name}"
>
> Hi Erik, try this:
>
>   builtins.readFile (./keys + "/${name}")
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

[4levels]

Hi Игорь,

thank you for clarifying this, I was already wondering what the sleep 1m
was doing there in the while loop  ;-)

As I never change these keys (except by a nixops deploy or nixops send-keys
call), can I assume that the save-keys service doesn't need to run every
single minute in this scenario?

Kind regards,

Erik

On Mon, Jun 20, 2016 at 1:05 PM Игорь Пашев <pashev.i...@gmail.com> wrote:

> 2016-06-19 15:35 GMT+03:00 4levels <4lev...@gmail.com>:
> > I was just wondering how this copes with server kills
>
>
> The "save" service runs every minute to check if any keys are not saved :-)
> And it runs on every key addition / removal. So right after a fresh
> deploy you are almost safe.
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Where are the builtins function declarations?

[4levels]

Lol, that shows you right away how much I understand of both python and C++!

On Sun, Jun 19, 2016 at 4:08 PM Vladimír Čunát <vcu...@gmail.com> wrote:

> On 06/19/2016 03:48 PM, 4levels wrote:
> > As I'm unfamiliar with python
>
> The builtins are written in C++, just as most of Nix.
>
> --Vladimir
>
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Using string as path to eg. builtins.readFile

[4levels]

Hi Nix-devs,

I'm currently looking for a way to do a readFile with a path coming from a
list of values.

In the list I defined the path as a string, relative to the current
directory.  When I try to use this value in a function, I keep getting the
error that the path is not absolute
"string ‘./keys/mancloud.amazon.iam.access_key’ doesn't represent an
absolute path"

Is there another way to have the readFile function accept strings as local
paths?  Or am I overlooking something obvious here?

This is the function I'm using:

serverKeys = keys:
  lib.genAttrs keys (name:
{ text = lib.removeSuffix "\n" (builtins.readFile "./keys/${name}"); }
//
{
  group = "keys";
  permissions = "0640";
}
  )
;

And I'm calling it as follows:

deployment.keys = serverKeys ([
  "mancloud.amazon.iam.key_id"
  "mancloud.amazon.iam.access_key"
  "mancloud.amazon.iam.passphrase"
]);

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Where are the builtins function declarations?

[4levels]

Thanks Vladimír,

As I'm unfamiliar with python, the manual is indeed an easier way to
understand the use of these builtins.

Kind regards,

Erik

On Sun, Jun 19, 2016 at 3:43 PM Vladimír Čunát <vcu...@gmail.com> wrote:

> On 06/19/2016 03:07 PM, 4levels wrote:
> > I'm often looking up the usage of functions in the various files I can
> > find here
>
> *usage* of builtins should be described in nix manual:
> http://nixos.org/nix/manual/#ssec-builtins
> (a few are missing IIRC or intentionally undocumented)
>
> --Vladimir
>
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Where are the builtins function declarations?

[4levels]

Hi Layus,

perfect, exactly what I was looking for ;-)

Thanks!

Erik

On Sun, Jun 19, 2016 at 3:11 PM Layus <layus...@gmail.com> wrote:

> Hi Erik,
>
> The builtins are builtins from nix, and are found in the nix tool, not in
> nixpkgs.
>
> For listToAttrs, you will fins them in
> https://github.com/NixOS/nix/blob/master/src/libexpr/primops.cc#L1089
>
> Regards,
>
> -- Layus.
>
>
> On 19/06/16 15:07, 4levels wrote:
>
> Hi Nix-devs,
>
> I'm often looking up the usage of functions in the various files I can
> find here: https://github.com/NixOS/nixpkgs/blob/master/lib/
> (eg. attsets.nix, strings.nix, lists.nix, ..)
>
> But I can't seem to find the file where the builtin functions are defined
> (eg. listToAttrs), searching in the github repo doesn't show me the file(s)
> either..
>
> Kind regards,
>
> Erik
>
>
> ___
> nix-dev mailing 
> listnix-...@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

[4levels]

Hi Nix-devs, hi Tomasz, hi Игорь,

I managed to get it working flawlessly by adding keys.target to the
requires and after statements of my other service configs.

I was just wondering how this copes with server kills (as Vultr
periodically resets an instance when they experience system failures).  I'm
guessing when they kill a VPS (or reset it) the systemd shutdown calls are
being bypassed.  I've opened a support request to ask if they can always
perform a normal reboot instead of a hard reset.

Thanks again for your great support and valuable pointers!

Kind regards,

Erik

On Fri, Jun 17, 2016 at 12:16 PM 4levels <4lev...@gmail.com> wrote:

> Hi Tomasz,
>
> Thanks for another great pointer!
> My own services do require the keys so I have to make them depend/require
> on keys.target
>
> I'm about to test this out, I'll keep you posted here..
>
> Kind regards,
>
> Erik
>
> On Fri, Jun 17, 2016, 11:47 Tomasz Czyż <tomasz.c...@gmail.com> wrote:
>
>> Erik, you also could add your load-keys service to network.target or any
>> target which starts at the system start. So then you don't have to add it
>> to specific apps, depends on your keys workflow.
>>
>> 2016-06-17 9:48 GMT+01:00 4levels <4lev...@gmail.com>:
>>
>>> That's probably it!
>>>
>>> I still need to update all service configs to have keys.target in the
>>> wantedBy list.
>>>
>>> I read somewhere that I should also use requiredBy for it to really wait
>>> untill keys.target is finished..
>>>
>>> Kind regards,
>>>
>>> Erik
>>>
>>> On Thu, Jun 16, 2016, 23:50 Игорь Пашев <pashev.i...@gmail.com> wrote:
>>>
>>>> 2016-06-14 17:17 GMT+03:00 4levels <4lev...@gmail.com>:
>>>> > wantedBy = [ "keys.target" ];
>>>>
>>>>
>>>> Maybe you don't have services depending on keys.target
>>>>
>>>
>>
>>
>> --
>> Tomasz Czyż
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

[4levels]

Hi Tomasz,

Thanks for another great pointer!
My own services do require the keys so I have to make them depend/require
on keys.target

I'm about to test this out, I'll keep you posted here..

Kind regards,

Erik

On Fri, Jun 17, 2016, 11:47 Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> Erik, you also could add your load-keys service to network.target or any
> target which starts at the system start. So then you don't have to add it
> to specific apps, depends on your keys workflow.
>
> 2016-06-17 9:48 GMT+01:00 4levels <4lev...@gmail.com>:
>
>> That's probably it!
>>
>> I still need to update all service configs to have keys.target in the
>> wantedBy list.
>>
>> I read somewhere that I should also use requiredBy for it to really wait
>> untill keys.target is finished..
>>
>> Kind regards,
>>
>> Erik
>>
>> On Thu, Jun 16, 2016, 23:50 Игорь Пашев <pashev.i...@gmail.com> wrote:
>>
>>> 2016-06-14 17:17 GMT+03:00 4levels <4lev...@gmail.com>:
>>> > wantedBy = [ "keys.target" ];
>>>
>>>
>>> Maybe you don't have services depending on keys.target
>>>
>>
>
>
> --
> Tomasz Czyż
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

[4levels]

That's probably it!

I still need to update all service configs to have keys.target in the
wantedBy list.

I read somewhere that I should also use requiredBy for it to really wait
untill keys.target is finished..

Kind regards,

Erik

On Thu, Jun 16, 2016, 23:50 Игорь Пашев <pashev.i...@gmail.com> wrote:

> 2016-06-14 17:17 GMT+03:00 4levels <4lev...@gmail.com>:
> > wantedBy = [ "keys.target" ];
>
>
> Maybe you don't have services depending on keys.target
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Merge attribute sets recursively

[4levels]

Hi Daniel,

Thanks for the pointer, I'll get on with it and report back here ;-)

On Wed, Jun 15, 2016, 21:33 Daniel Hlynskyi <abcz2.upr...@gmail.com> wrote:

> Does lib.recursiveUpdate do the job?
> 15 черв. 2016 7:52 пп, користувач "4levels" <4lev...@gmail.com> написав:
>
>> Hi Nix Devs,
>>
>> I'm still struggling to achieve the following:
>>
>> I have an attribute set which is 2 levels deep nested and has a variable
>> number of subsets, like this:
>>
>> channels = {
>>   myallocator = {
>> "1" = {
>>   username = "demo1";
>> };
>> "2" = {
>>   username = "demo2";
>> };
>> ...
>>   };
>> };
>>
>> I want to add some more attributes to each final level so the resulting
>> set would be something like (where uri and timeout are added to each
>> subset)
>>
>> channels = {
>>   myallocator = {
>> "1" = {
>>   username = "demo1";
>>   uri = "https://api.myallocator.com;;
>>   timeout = "60";
>> };
>> "2" = {
>>   username = "demo2";
>>   uri = "https://api.myallocator.com;;
>>   timeout = "60";
>> };
>> ...
>>   };
>> };
>>
>> How can I achieve this?
>>
>> Thank you in advance!
>>
>> Kind regards,
>>
>>
>> Erik
>>
>>
>>
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Merge attribute sets recursively

[4levels]

Hi Nix Devs,

I'm still struggling to achieve the following:

I have an attribute set which is 2 levels deep nested and has a variable
number of subsets, like this:

channels = {
  myallocator = {
"1" = {
  username = "demo1";
};
"2" = {
  username = "demo2";
};
...
  };
};

I want to add some more attributes to each final level so the resulting set
would be something like (where uri and timeout are added to each subset)

channels = {
  myallocator = {
"1" = {
  username = "demo1";
  uri = "https://api.myallocator.com;;
  timeout = "60";
};
"2" = {
  username = "demo2";
  uri = "https://api.myallocator.com;;
  timeout = "60";
};
...
  };
};

How can I achieve this?

Thank you in advance!

Kind regards,


Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

[4levels]

Hi,

I tried this but somehow the nixops-load-keys service is not automatically
started. I can see the service with systemctl status and when I restart it,
it does as expected (copies the files from /run/keys to /root/keys.
However, when I reboot the machine, the nixops-load-keys service doesn't
seem to do this automatically.  Only after running systemctl restart
nixops-load-keys it copies the files back to /run/store.
When I delete /root/keys/* and do a reboot, the keys aren't copied either.
There must be something wrong with my before and after statements I guess
since both services do work when started manually.  I'm probably
overlooking something obvious here..

I modified your script a little as follows:

let



keyStore = "/root/keys";
keyRun = "/run/keys";

keyLoad = pkgs.writeScript "nixops-load-keys" ''
  #!${pkgs.bash}/bin/bash
  set -euo pipefail
  if [ -e '${keyStore}/done' ] && [ ! -e '${keyRun}/done' ]; then
cd '${keyStore}'
cp -pf -- ${lib.concatMapStringsSep " " (k: "'${k}'")
(builtins.attrNames config.deployment.keys)} \
  '${keyRun}/' || exit 0
touch -r '${keyStore}/done' '${keyRun}/done'
  fi
'';

keySave = pkgs.writeScript "nixops-save-keys" ''
  #!${pkgs.bash}/bin/bash
  set -euo pipefail
  while true; do
if [ -e '${keyRun}/done' ]; then
  if [ ! -e '${keyStore}/done' ] || [ '${keyRun}/done' -nt
'${keyStore}/done' ] ; then
rm -rf '${keyStore}'
mkdir -p '${keyStore}'
chown --reference='${keyRun}' -- '${keyStore}'
chmod --reference='${keyRun}' -- '${keyStore}'
cd '${keyRun}'
cp -pf -- ${concatMapStringsSep " " (k: "'${k}'") (attrNames
config.deployment.keys)} '${keyStore}/' || continue
touch -r '${keyRun}/done' '${keyStore}/done'
touch -r '${keyRun}' '${keyStore}'
  fi
fi
sleep 1m
  done
'';

   

in



systemd.services.nixops-load-keys = {
  description = "Re-load nixops keys after reboot";
  before = [ "nixops-keys.service" ];
  wantedBy = [ "keys.target" ];
  unitConfig.RequiresMountsFor = [ keyRun keyStore ];
  serviceConfig = {
ExecStart = keyLoad;
Type = "oneshot";
RemainAfterExit = false;
  };
};

systemd.services.nixops-save-keys = {
  description = "Save nixops keys to re-load after reboot";
  after = [ "keys.target" ];
  wantedBy = [ "keys.target" ];
  serviceConfig = {
ExecStart = keySave;
Restart = "always";
  };
};



Kind regards,

Erik

On Mon, May 9, 2016 at 7:51 PM Игорь Пашев  wrote:

> 2016-05-09 13:49 GMT+03:00 Tomasz Czyż :
> > I'm not sure I understand this correctly. Do you want to put keys into
> the
> > initrd?
>
>
> No, I keep them under /root/keys. The save service polls /run/keys for
> updates.
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Setting default group & permissions on deployment.keys

[4levels]

Hi Tomasz,

I'm definitely going to look into mkDefault as that sounds exactly like
what I need ;-)

Thanks for the pointer!

Erik aka 4levels

On Tue, Jun 14, 2016 at 1:21 PM Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> Hey Erik,
>
> oh ok, I see.
> Another way you could try, you can write a function to make a key
> description.
>
> let
>   make-my-key = {text, group}: {user="root", text=text, group=group,
> permissions="640"}
> in
>
>
> and then
>
>   deployment.keys.my-key = make-my-key {group="nginx"; text="secret";};
>
> There is also "mkDefault" function in nix but I don't know how to apply
> this correctly in this case.
>
> 2016-06-14 11:28 GMT+01:00 4levels <4lev...@gmail.com>:
>
>> Hi Tomasz,
>>
>> it is from that exact same link you posted that I was reading the
>> defaults.
>> Isn't there any better way to override these defaults?  They are clearly
>> defined in the file you linked to.
>>
>> The approach as posted by Rob seems to work but requires that all keys
>> are stored in a single directory, which are then copied to the /run/keys
>> folder on the target machine.
>>
>> Since the deployment of these keys has it's own procedure (other services
>> need to wait for the keys to be copied completely) I'm currently not sure
>> if doing it Rob's way will preserve this behavior.
>>
>> To be continued ;-)
>>
>> Erik
>>
>> On Tue, Jun 14, 2016 at 12:17 PM Tomasz Czyż <tomasz.c...@gmail.com>
>> wrote:
>>
>>> https://nixos.org/nixops/manual/#opt-deployment.keys._name_.user
>>>
>>> 2016-06-14 11:12 GMT+01:00 4levels <4lev...@gmail.com>:
>>>
>>>> Hi Rob,
>>>>
>>>> thank you for your swift reply!
>>>> Does this mean I'm actually overriding the default keys behavior as
>>>> defined in https://github.com/NixOS/nixops/blob/master/nix/keys.nix ?
>>>> I was kind of hoping to be able to write something like
>>>>
>>>> deployment.keys.*.group = "keys";
>>>> deployment.keys.*.permissions = "0640";
>>>>
>>>> I'll give it a try and post back here.
>>>>
>>>> Kind regards,
>>>>
>>>> Erik
>>>>
>>>> On Tue, Jun 14, 2016 at 12:06 PM Rob Vermaas <rob.verm...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Erik,
>>>>>
>>>>> > Is there a way to define a default group and permissions for all keys
>>>>> > without me specifying this for each key individually?
>>>>> > I'm currently well over 200 keys per machine so adding the group and
>>>>> > permissions for each key is quite elaborate..
>>>>>
>>>>> You could do somthing like:
>>>>>
>>>>>   deployment.keys =
>>>>> let
>>>>>   keyDir = /path/to/dir/with/my/keys;
>>>>>   keys = builtins.attrNames (lib.filterAttrs (n: v: v ==
>>>>> "regular" ) (builtins.readDir keyDir));
>>>>> in with lib; listToAttrs (map (n: nameValuePair n { text =
>>>>> builtins.readFile (keyDir + ("/" + n)); group = "keys"; permissions =
>>>>> "0640"; }) keys);
>>>>>
>>>>> This would upload all files in /path/to/dir/with/my/keys to the
>>>>> machine in /run/keys. Note I didn't test this, so it might have some
>>>>> typos, biut hope the idea is clear. It's an adapted piece copied from
>>>>> something similar we are using.
>>>>>
>>>>> Cheers,
>>>>> --
>>>>> Rob Vermaas
>>>>>
>>>>> [email] rob.verm...@gmail.com
>>>>>
>>>>
>>>> ___
>>>> nix-dev mailing list
>>>> nix-dev@lists.science.uu.nl
>>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Tomasz Czyż
>>>
>>
>
>
> --
> Tomasz Czyż
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Setting default group & permissions on deployment.keys

[4levels]

Hi Tomasz,

it is from that exact same link you posted that I was reading the defaults.
Isn't there any better way to override these defaults?  They are clearly
defined in the file you linked to.

The approach as posted by Rob seems to work but requires that all keys are
stored in a single directory, which are then copied to the /run/keys folder
on the target machine.

Since the deployment of these keys has it's own procedure (other services
need to wait for the keys to be copied completely) I'm currently not sure
if doing it Rob's way will preserve this behavior.

To be continued ;-)

Erik

On Tue, Jun 14, 2016 at 12:17 PM Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> https://nixos.org/nixops/manual/#opt-deployment.keys._name_.user
>
> 2016-06-14 11:12 GMT+01:00 4levels <4lev...@gmail.com>:
>
>> Hi Rob,
>>
>> thank you for your swift reply!
>> Does this mean I'm actually overriding the default keys behavior as
>> defined in https://github.com/NixOS/nixops/blob/master/nix/keys.nix ?
>> I was kind of hoping to be able to write something like
>>
>> deployment.keys.*.group = "keys";
>> deployment.keys.*.permissions = "0640";
>>
>> I'll give it a try and post back here.
>>
>> Kind regards,
>>
>> Erik
>>
>> On Tue, Jun 14, 2016 at 12:06 PM Rob Vermaas <rob.verm...@gmail.com>
>> wrote:
>>
>>> Hi Erik,
>>>
>>> > Is there a way to define a default group and permissions for all keys
>>> > without me specifying this for each key individually?
>>> > I'm currently well over 200 keys per machine so adding the group and
>>> > permissions for each key is quite elaborate..
>>>
>>> You could do somthing like:
>>>
>>>   deployment.keys =
>>> let
>>>   keyDir = /path/to/dir/with/my/keys;
>>>   keys = builtins.attrNames (lib.filterAttrs (n: v: v ==
>>> "regular" ) (builtins.readDir keyDir));
>>> in with lib; listToAttrs (map (n: nameValuePair n { text =
>>> builtins.readFile (keyDir + ("/" + n)); group = "keys"; permissions =
>>> "0640"; }) keys);
>>>
>>> This would upload all files in /path/to/dir/with/my/keys to the
>>> machine in /run/keys. Note I didn't test this, so it might have some
>>> typos, biut hope the idea is clear. It's an adapted piece copied from
>>> something similar we are using.
>>>
>>> Cheers,
>>> --
>>> Rob Vermaas
>>>
>>> [email] rob.verm...@gmail.com
>>>
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
>
> --
> Tomasz Czyż
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Setting default group & permissions on deployment.keys

[4levels]

Hi Nix Devs,

I'm currently implementing the deployment.keys approach to secure my web
projects (php, node,  ..).  I've managed to have all keys exported to
/run/keys but since the php process is running with the user:group
nginx:nginx, it has no access to the /run/keys folder.

Adding extraGroups = [ "keys" ] to users.extraUsers.nginx fixes access to
/run/keys.
Each key has by default the user:group root:root and permission "0600".
When adding the group = "keys" and permissions = "0640" to each key in
deployment.keys everything works as expected.

Is there a way to define a default group and permissions for all keys
without me specifying this for each key individually?
I'm currently well over 200 keys per machine so adding the group and
permissions for each key is quite elaborate..

As a secondary question:
Since I'm no security expert, I was wondering what the security impact is
of making Nginx part of the keys group and allowing it read-access to
/run/keys


Kind regards,

Eirk aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Transparent Hugepage Support & Redis

[4levels]

Hi Tobias,

Thank you for your quick reply!

I was asking this since my redis job queue was hanging for 2 days without
any failure notice. Restarting the redis service didn't change anything, it
was only after a server reboot that the queue started working again,
rushing through 2 days of pending jobs in one go.

As this warning in Redis is the only clue I could find I posted this
question here..

Kind regards,

Erik

On Sun, Jun 12, 2016, 13:49 Tobias Geerinckx-Rice <m...@tobias.gr> wrote:

> Hullo,
>
> On 12/06/16 12:00, 4levels wrote:
> > when starting Redis I keep getting warnings about Transparent Hugepage
> > Support being enabled in the kernel and how this may negatively impact
> > Redis' performance.
> > [snip]
> >  3. Or is there a better way to only disable this for Redis only?
> > My guess would be something like "always [madvise redis] never"
>
> The whole point of HUGEPAGE_MADVISE as I understand it, is that
> hugepages are not allocated until an application explicitly requests
> them using MADV_HUGEPAGE. In other words: the *Transparent* Hugepage
> Support that Redis warns about is in fact disabled by default.
>
> So unless Redis explicitly requests hugepages only to then complain
> about them, or there's some other weird interaction, my first guess
> would be that their check is a bit too strict and assumes that !never ==
> always.
>
> If the warning really bothers you, you can always override your kernel
> configuration with something like:
>
>   // Copy-pasted from my config, sort of:
>   nixpkgs.config.packageOverrides = {
> stdenv = stdenv // {
>   platform = stdenv.platform // {
> kernelExtraConfig = ''
>   TRANSPARENT_HUGEPAGE? n
> '';
>   };
> };
>   };
>
> but my suspicion that it's entirely unneeded still stands.
>
> Kind regards,
>
> T G-R
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Transparent Hugepage Support & Redis

[4levels]

Hi Nix-Devs,

when starting Redis I keep getting warnings about Transparent Hugepage
Support being enabled in the kernel and how this may negatively impact
Redis' performance.

According to Redis, I should disable this by setting
/sys/kernel/mm/transparent_hugepage/enabled to "never".

Currently this file reads: "always [madvise] never"


   1. Should I disabled this (I'm sure it's on with a good reason)
   2. If so, how? I've seen this option here:
   
https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel/common-config.nix

   3. Or is there a better way to only disable this for Redis only?  My
   guess would be something like "always [madvise redis] never"


Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi Tomasz,

That sounds really interesting, I read the other threads and it seems like
I can implement this strategy.

I'm not yet 100% clear on how I can have the keys from /run/keys loaded in
the various configuration files.  For plain PHP config files like wordpress
uses, I'm sure a simple file_get_contents will do the trick.  I'm currently
experimenting if I can have symfony parse yml files with embedded php
inside (to load eg. the password).  Lumen / Laravel uses .env files in the
root folder of the project, but probably that can also be skipped if the
config exists in the real php configuration files.

For node apps etc. I'm quite sure similar approaches must be viable to load
contents from key files stored in /run/keys.

I'm definitely going to implement the persistent key service as described
in the mentioned threads!

Kind regards and thanks again to all for your relentless efforts in helping
Nix "users" (vs. "developers")!

Erik

On Thu, Jun 9, 2016, 20:36 Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> Erik,
>
> https://nixos.org/nixops/manual/#opt-deployment.keys
>
> Deployment keys won't end up in nix store, I think they are deployed using
> ssh just to /run/keys. They also will be removed after reboot as /run will
> disappear, untill you set some other option.
>
> Also there was a thread on this list few weeks ago when somebody posted
> solution to preserve keys between reboots usint systemd jobs.
>
> 2016-06-09 17:57 GMT+01:00 4levels <4lev...@gmail.com>:
>
>> Hi Kevin,
>>
>> Thanks for the extra info!
>> I was wondering though, if the generated config files do end up in
>> /nix/store anyway, does it even make a difference if I use the
>> deployment.keys method? Or is there another way to have eg. a php script
>> read from these keys without actually writing them out?
>>
>> Symfony uses yml files, WordPress uses php files, and so on.. Each
>> project is defined as a service and I generate these files in my various
>> let statements..
>>
>> Personally I don't mind these files sitting in /nix/store as I'm the only
>> one with ssh access to these machines..
>>
>> Kind regards,
>>
>>
>> Erik
>>
>> On Thu, Jun 9, 2016, 17:16 Kevin Cox <kevin...@kevincox.ca> wrote:
>>
>>> On 09/06/16 11:03, 4levels wrote:
>>> > Hi Kevin,
>>> >
>>> > I'm very curious how you setup sensitive information using
>>> deployment.keys
>>> > This still seems like the best option to do this, but I failed to get
>>> > it working..
>>> >
>>> > Could you be so kind to post a small example, showing how you define
>>> > the keys and use them in functions that generate eg. a config file?
>>>
>>> Here are two examples where I read the key out of a secret directory
>>> (encrypted with git-crypt). Note that I don't generate any of my config
>>> files, but that is theoretically possible.
>>>
>>> deployment.keys.mesos.text = "root ${builtins.readFile
>>> ../secret/mesos-secret}";
>>> deployment.keys.sumologic.text = builtins.readFile ../secret/sumologic;
>>>
>>> And this example is importing a nix expression. Note that I'm not using
>>> deployment.keys so this is accessible to anyone (on the server) as it
>>> lands in the Nix store IIUC.
>>>
>>> networking.defaultMailServer = import ../secret/smtp.nix;
>>>
>>>
>>>
>>>
>
>
> --
> Tomasz Czyż
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi Kevin,

Thanks for the extra info!
I was wondering though, if the generated config files do end up in
/nix/store anyway, does it even make a difference if I use the
deployment.keys method? Or is there another way to have eg. a php script
read from these keys without actually writing them out?

Symfony uses yml files, WordPress uses php files, and so on.. Each project
is defined as a service and I generate these files in my various let
statements..

Personally I don't mind these files sitting in /nix/store as I'm the only
one with ssh access to these machines..

Kind regards,


Erik

On Thu, Jun 9, 2016, 17:16 Kevin Cox <kevin...@kevincox.ca> wrote:

> On 09/06/16 11:03, 4levels wrote:
> > Hi Kevin,
> >
> > I'm very curious how you setup sensitive information using
> deployment.keys
> > This still seems like the best option to do this, but I failed to get
> > it working..
> >
> > Could you be so kind to post a small example, showing how you define
> > the keys and use them in functions that generate eg. a config file?
>
> Here are two examples where I read the key out of a secret directory
> (encrypted with git-crypt). Note that I don't generate any of my config
> files, but that is theoretically possible.
>
> deployment.keys.mesos.text = "root ${builtins.readFile
> ../secret/mesos-secret}";
> deployment.keys.sumologic.text = builtins.readFile ../secret/sumologic;
>
> And this example is importing a nix expression. Note that I'm not using
> deployment.keys so this is accessible to anyone (on the server) as it
> lands in the Nix store IIUC.
>
> networking.defaultMailServer = import ../secret/smtp.nix;
>
>
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi Kevin,

I'm very curious how you setup sensitive information using deployment.keys
This still seems like the best option to do this, but I failed to get it
working..

Could you be so kind to post a small example, showing how you define the
keys and use them in functions that generate eg. a config file?

Kind regards,

Erik

On Thu, Jun 9, 2016 at 4:30 PM Kevin Cox <kevin...@kevincox.ca> wrote:

> On 09/06/16 10:21, 4levels wrote:
> > Hi Nix Devs,
> >
> > I've tried using the deployment.keys but that seems to be only there for
> > user accounts and not for custom configurations.  As I need multiple
> > keys for each platform (eg. symfony, wordpress - cipher, key, database
> > password, admin user password etc etc) it seems that deployment.keys
> > will not work for this purpose.
> >
>
> I don't know what you mean by "only there for user accounts". I use
> deployment.keys for most of the things you describe and it works fine.
>
> > I'm now resorting to using builtins.readFile and creating separate files
> > for the passwords in a folder I can then encrypt with git-crypt.
> > This way I'm also able to use conflicting nix characters in the
> > passwords as well.
>
> This seems like a different issue. Are you talking about keeping the
> keys private in the configuration or on the server (or both)?
>
> Although for keeping the keys private in the config I use git-crypt as
> well. I have a directory called "secrets" that I store the files in.
> Some I keep as text files and read using `builtins.readFile` and some I
> leave as nix expressions and simply import them.
>
> >
> > As a last question here I was wondering if there's a way to strip
> > trailing newlines when reading files with builtins.readFile as my IDE
> > keeps adding a newline at the end of each file when saving.  I'll post a
> > new message here for this request as this is not relevant in this topic
> >
>
> Text files have newlines at the end 
>
> You can use lib.removeSuffix to drop that newline if it's a problem.
>
> Hope that helps, Kevin
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] use builtins.readFile and strip trailing newline

[4levels]

Hi Vladimir,

I was just reading strings.nix, removeSuffix seems indeed the best
candidate, thanks for confirming this!

Kind regards,

Erik aka 4levels

On Thu, Jun 9, 2016 at 4:32 PM Vladimír Čunát <vcu...@gmail.com> wrote:

> On 06/09/2016 04:24 PM, 4levels wrote:
> > 'd like to know if there's an easy way to strip off the trailing newline
> > from a file read with builtins.readFile.
>
> lib.removeSuffix "\n"
>
> --Vladimir
>
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] use builtins.readFile and strip trailing newline

[4levels]

Hi Nix Devs,

In a related question to have my sensitive info separated from the normal
NixOps configuration files, I am reading the passwords, keys, ciphers, ...
from separate files (which are encrypted with git-crypt).

My IDE (webstorm) keeps adding a trailing newline when saving these files.
I know I can disable this behaviour in the IDE, but just to be sure I'd
like to know if there's an easy way to strip off the trailing newline from
a file read with builtins.readFile.

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi Nix Devs,

I've tried using the deployment.keys but that seems to be only there for
user accounts and not for custom configurations.  As I need multiple keys
for each platform (eg. symfony, wordpress - cipher, key, database password,
admin user password etc etc) it seems that deployment.keys will not work
for this purpose.

I'm now resorting to using builtins.readFile and creating separate files
for the passwords in a folder I can then encrypt with git-crypt.
This way I'm also able to use conflicting nix characters in the passwords
as well.

As a last question here I was wondering if there's a way to strip trailing
newlines when reading files with builtins.readFile as my IDE keeps adding a
newline at the end of each file when saving.  I'll post a new message here
for this request as this is not relevant in this topic

Kind regards and thank you again for your support!

Erik aka 4levels

On Thu, Jun 9, 2016 at 12:29 PM 4levels <4lev...@gmail.com> wrote:

> Hi all,
>
> thank you for your replies!
> The thing is, I seem not to be able to merge at the level I need, at the
> hostname level that is.
> I mean, I need to have a file with the combined sets to be used by NixOps.
>
> There is an mapAttrsRecursive function in attrsets.nix that sounds like it
> does what I need.
>
> Currently I'm more inclined to go the deployment.keys way as pointed out
> by Tomasz
>
> I'll keep you posted here..
>
>
> Kind regards, your support and engagements are fantastic!
>
> Erik
>
> On Thu, Jun 9, 2016 at 12:23 PM Tomasz Czyż <tomasz.c...@gmail.com> wrote:
>
>> Probably some function from
>> https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix could be
>> useful to merge them.
>>
>> 2016-06-09 11:19 GMT+01:00 zimbatm <zimb...@zimbatm.com>:
>>
>>> @dario: that doesn’t work recursively. { a = { x = 3; } } // { a = { y
>>> = 4; } produces { a = { y = 4 }; }
>>> ​
>>>
>>> On Thu, 9 Jun 2016 at 10:44 Dario Bertini <berda...@gmail.com> wrote:
>>>
>>>> {a=1;}// {b=2;}
>>>> Yields
>>>> {a=1; b=2;}
>>>>
>>>> Is this enough to help you?
>>>>
>>>> On 9 June 2016 10:31:07 BST, 4levels <4lev...@gmail.com> wrote:
>>>> >Hi,
>>>> >
>>>> >thank you for your swift reply!
>>>> >I'd like to avoid to literally mention all sensitive config params in
>>>> >the
>>>> >network.nix config.
>>>> >
>>>> >What would be the "normal" procedure to recursively merge 2 attribute
>>>> >sets?
>>>> >
>>>> >
>>>> >So if I have in one file
>>>> >servers.nix: {
>>>> >  vm01 = {
>>>> >services.symfony.platforms = {
>>>> >  database = {
>>>> >username = "www";
>>>> >  };
>>>> >};
>>>> >  };
>>>> >}
>>>> >
>>>> >and in the other
>>>> >keys.nix: {
>>>> >  vm01 = {
>>>> >services.symfony.platforms = {
>>>> >  database = {
>>>> >password = "12345678";
>>>> >  };
>>>> >};
>>>> >  };
>>>> >}
>>>> >
>>>> >So they become one when building:
>>>> >{
>>>> >  vm01 = {
>>>> >services.symfony.platforms = {
>>>> >  database = {
>>>> >username = "www";
>>>> >password = "12345678";
>>>> >  };
>>>> >};
>>>> >  };
>>>> >}
>>>> >
>>>> >Kind regards,
>>>> >
>>>> >Erik
>>>> >
>>>> >On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimb...@zimbatm.com> wrote:
>>>> >
>>>> >> Hi,
>>>> >>
>>>> >> I don’t know where you are getting this error. All I can do is
>>>> >suggest a
>>>> >> workaround:
>>>> >>
>>>> >> In keys.nix:
>>>> >>
>>>> >> {
>>>> >>   database_password = "12345678";
>>>> >> }
>>>> >>
>>>> >> In network.nix:
>>>> >>
>>>> >> let
>>>> >>   secrets = import ./keys.nix {};in;
>>>> >> {
>>>> >>   vm0

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi all,

thank you for your replies!
The thing is, I seem not to be able to merge at the level I need, at the
hostname level that is.
I mean, I need to have a file with the combined sets to be used by NixOps.

There is an mapAttrsRecursive function in attrsets.nix that sounds like it
does what I need.

Currently I'm more inclined to go the deployment.keys way as pointed out by
Tomasz

I'll keep you posted here..


Kind regards, your support and engagements are fantastic!

Erik

On Thu, Jun 9, 2016 at 12:23 PM Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> Probably some function from
> https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix could be
> useful to merge them.
>
> 2016-06-09 11:19 GMT+01:00 zimbatm <zimb...@zimbatm.com>:
>
>> @dario: that doesn’t work recursively. { a = { x = 3; } } // { a = { y =
>> 4; } produces { a = { y = 4 }; }
>> ​
>>
>> On Thu, 9 Jun 2016 at 10:44 Dario Bertini <berda...@gmail.com> wrote:
>>
>>> {a=1;}// {b=2;}
>>> Yields
>>> {a=1; b=2;}
>>>
>>> Is this enough to help you?
>>>
>>> On 9 June 2016 10:31:07 BST, 4levels <4lev...@gmail.com> wrote:
>>> >Hi,
>>> >
>>> >thank you for your swift reply!
>>> >I'd like to avoid to literally mention all sensitive config params in
>>> >the
>>> >network.nix config.
>>> >
>>> >What would be the "normal" procedure to recursively merge 2 attribute
>>> >sets?
>>> >
>>> >
>>> >So if I have in one file
>>> >servers.nix: {
>>> >  vm01 = {
>>> >services.symfony.platforms = {
>>> >  database = {
>>> >username = "www";
>>> >  };
>>> >};
>>> >  };
>>> >}
>>> >
>>> >and in the other
>>> >keys.nix: {
>>> >  vm01 = {
>>> >services.symfony.platforms = {
>>> >  database = {
>>> >password = "12345678";
>>> >  };
>>> >};
>>> >  };
>>> >}
>>> >
>>> >So they become one when building:
>>> >{
>>> >  vm01 = {
>>> >services.symfony.platforms = {
>>> >  database = {
>>> >username = "www";
>>> >password = "12345678";
>>> >  };
>>> >};
>>> >  };
>>> >}
>>> >
>>> >Kind regards,
>>> >
>>> >Erik
>>> >
>>> >On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimb...@zimbatm.com> wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> I don’t know where you are getting this error. All I can do is
>>> >suggest a
>>> >> workaround:
>>> >>
>>> >> In keys.nix:
>>> >>
>>> >> {
>>> >>   database_password = "12345678";
>>> >> }
>>> >>
>>> >> In network.nix:
>>> >>
>>> >> let
>>> >>   secrets = import ./keys.nix {};in;
>>> >> {
>>> >>   vm01 = {
>>> >> { config, pkgs, ... }:
>>> >> {
>>> >>   services.symfony.platforms.database.password =
>>> >secrets.database_password;
>>> >>
>>> >>   ..
>>> >> }
>>> >>   }
>>> >> }
>>> >>
>>> >> ​
>>> >>
>>> >> On Thu, 9 Jun 2016 at 07:54 4levels <4lev...@gmail.com> wrote:
>>> >>
>>> >>> Hi Nix Devs,
>>> >>>
>>> >>> I'm having some difficulties separating sensitive information from a
>>> >nix
>>> >>> expression used by NixOps.
>>> >>>
>>> >>> I keep the server config in a separate file, servers.nix:
>>> >>> {
>>> >>>   vm01 =
>>> >>> { config, pkgs, nodes, ... }:
>>> >>> {
>>> >>>   deployment = {
>>> >>> targetHost = "192.168.121.50";
>>> >>>   };
>>> >>>   ...
>>> >>> }
>>> >>> }
>>> >>>
>>> >>> Currently I have all relevant software config for each server in a
>>> >nix
>>> >>> expres

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi Tomasz,

that is indeed the case: all these configuration values are being used to
generate different config files (for eg. a symfony project, or a wordpress
site, etc etc) and they do appear in /nix/store

I was not really aware of the security concerns here, but if
deployment.keys can be an attribute set, I'll definitely try implementing
that instead!

Thank you for the pointer, I'll keep you posted here...

Kind regards,

Erik

On Thu, Jun 9, 2016 at 11:36 AM Tomasz Czyż <tomasz.c...@gmail.com> wrote:

> I'm not 100% sure as I'm pretty new to nixops, but probably if you put
> credentials like that, they can end up in /nix/store.
> As someone explained to me before, probably the only good way at the
> moment to do that is to use deployment.keys.
>
> Can anyone confirm that?
>
> 2016-06-09 10:31 GMT+01:00 4levels <4lev...@gmail.com>:
>
>> Hi,
>>
>> thank you for your swift reply!
>> I'd like to avoid to literally mention all sensitive config params in the
>> network.nix config.
>>
>> What would be the "normal" procedure to recursively merge 2 attribute
>> sets?
>>
>> So if I have in one file
>> servers.nix: {
>>   vm01 = {
>> services.symfony.platforms = {
>>   database = {
>> username = "www";
>>   };
>> };
>>   };
>> }
>>
>> and in the other
>> keys.nix: {
>>   vm01 = {
>> services.symfony.platforms = {
>>   database = {
>> password = "12345678";
>>   };
>> };
>>   };
>> }
>>
>> So they become one when building:
>> {
>>   vm01 = {
>> services.symfony.platforms = {
>>   database = {
>> username = "www";
>> password = "12345678";
>>   };
>> };
>>   };
>> }
>>
>> Kind regards,
>>
>> Erik
>>
>> On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimb...@zimbatm.com> wrote:
>>
>>> Hi,
>>>
>>> I don’t know where you are getting this error. All I can do is suggest a
>>> workaround:
>>>
>>> In keys.nix:
>>>
>>> {
>>>   database_password = "12345678";
>>> }
>>>
>>> In network.nix:
>>>
>>> let
>>>   secrets = import ./keys.nix {};in;
>>> {
>>>   vm01 = {
>>> { config, pkgs, ... }:
>>> {
>>>   services.symfony.platforms.database.password = 
>>> secrets.database_password;
>>>
>>>   ..
>>> }
>>>   }
>>> }
>>>
>>> ​
>>>
>>> On Thu, 9 Jun 2016 at 07:54 4levels <4lev...@gmail.com> wrote:
>>>
>>>> Hi Nix Devs,
>>>>
>>>> I'm having some difficulties separating sensitive information from a
>>>> nix expression used by NixOps.
>>>>
>>>> I keep the server config in a separate file, servers.nix:
>>>> {
>>>>   vm01 =
>>>> { config, pkgs, nodes, ... }:
>>>> {
>>>>   deployment = {
>>>> targetHost = "192.168.121.50";
>>>>   };
>>>>   ...
>>>> }
>>>> }
>>>>
>>>> Currently I have all relevant software config for each server in a nix
>>>> expression platforms.nix as follows (where vm01 is the hostname):
>>>> {
>>>>   vm01 =
>>>> { config, pkgs, ... }:
>>>> {
>>>>   services.symfony.platforms = {
>>>> database = {
>>>>   username = "www";
>>>>   /* password = "1234567" -> moved to keys.nix */
>>>> };
>>>>   ...
>>>> }
>>>> }
>>>>
>>>> I want to remove the sensitive info from this file and put it in a
>>>> separate nix expression, eg. keys.nix, maintaining the same structure so
>>>> the files can be merged.
>>>>
>>>> In keys.nix I currently have
>>>> {
>>>>   vm01 = {
>>>> { config, pkgs, ... }:
>>>> {
>>>>   services.symfony.platforms.database.password = "12345678";
>>>>   ..
>>>> }
>>>>   }
>>>> }
>>>>
>>>> I've modified my nixops deploy to have keys.nix loaded after the
>>>> servers.nix and platforms.nix files, but I keep getting errors like "the
>>>> attribute password does not exist"
>>>>
>>>> I must be overlooking something obvious as all the other files I define
>>>> in my deploy are being merged correctly.
>>>>
>>>> Can anyone advise me on how to achieve this?
>>>>
>>>> The underlying reason is that I'm using git-crypt to encrypt the
>>>> platforms.nix file, but this makes it impossible to work with branches (or
>>>> git logs) etc. as the whole file is encrypted and git cannot merge binary
>>>> files (it simply replaces them).
>>>>
>>>> Kind regards!
>>>>
>>>> Erik aka 4levels
>>>>
>>> ___
>>>> nix-dev mailing list
>>>> nix-dev@lists.science.uu.nl
>>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>>
>>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
>
> --
> Tomasz Czyż
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps - merge config files

[4levels]

Hi,

thank you for your swift reply!
I'd like to avoid to literally mention all sensitive config params in the
network.nix config.

What would be the "normal" procedure to recursively merge 2 attribute sets?


So if I have in one file
servers.nix: {
  vm01 = {
services.symfony.platforms = {
  database = {
username = "www";
  };
};
  };
}

and in the other
keys.nix: {
  vm01 = {
services.symfony.platforms = {
  database = {
password = "12345678";
  };
};
  };
}

So they become one when building:
{
  vm01 = {
services.symfony.platforms = {
  database = {
username = "www";
password = "12345678";
  };
};
  };
}

Kind regards,

Erik

On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimb...@zimbatm.com> wrote:

> Hi,
>
> I don’t know where you are getting this error. All I can do is suggest a
> workaround:
>
> In keys.nix:
>
> {
>   database_password = "12345678";
> }
>
> In network.nix:
>
> let
>   secrets = import ./keys.nix {};in;
> {
>   vm01 = {
> { config, pkgs, ... }:
> {
>   services.symfony.platforms.database.password = 
> secrets.database_password;
>
>   ..
> }
>   }
> }
>
> ​
>
> On Thu, 9 Jun 2016 at 07:54 4levels <4lev...@gmail.com> wrote:
>
>> Hi Nix Devs,
>>
>> I'm having some difficulties separating sensitive information from a nix
>> expression used by NixOps.
>>
>> I keep the server config in a separate file, servers.nix:
>> {
>>   vm01 =
>> { config, pkgs, nodes, ... }:
>> {
>>   deployment = {
>> targetHost = "192.168.121.50";
>>   };
>>   ...
>> }
>> }
>>
>> Currently I have all relevant software config for each server in a nix
>> expression platforms.nix as follows (where vm01 is the hostname):
>> {
>>   vm01 =
>> { config, pkgs, ... }:
>> {
>>   services.symfony.platforms = {
>> database = {
>>   username = "www";
>>   /* password = "1234567" -> moved to keys.nix */
>> };
>>   ...
>> }
>> }
>>
>> I want to remove the sensitive info from this file and put it in a
>> separate nix expression, eg. keys.nix, maintaining the same structure so
>> the files can be merged.
>>
>> In keys.nix I currently have
>> {
>>   vm01 = {
>> { config, pkgs, ... }:
>> {
>>   services.symfony.platforms.database.password = "12345678";
>>   ..
>> }
>>   }
>> }
>>
>> I've modified my nixops deploy to have keys.nix loaded after the
>> servers.nix and platforms.nix files, but I keep getting errors like "the
>> attribute password does not exist"
>>
>> I must be overlooking something obvious as all the other files I define
>> in my deploy are being merged correctly.
>>
>> Can anyone advise me on how to achieve this?
>>
>> The underlying reason is that I'm using git-crypt to encrypt the
>> platforms.nix file, but this makes it impossible to work with branches (or
>> git logs) etc. as the whole file is encrypted and git cannot merge binary
>> files (it simply replaces them).
>>
>> Kind regards!
>>
>> Erik aka 4levels
>>
> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NixOps - merge config files

[4levels]

Hi Nix Devs,

I'm having some difficulties separating sensitive information from a nix
expression used by NixOps.

I keep the server config in a separate file, servers.nix:
{
  vm01 =
{ config, pkgs, nodes, ... }:
{
  deployment = {
targetHost = "192.168.121.50";
  };
  ...
}
}

Currently I have all relevant software config for each server in a nix
expression platforms.nix as follows (where vm01 is the hostname):
{
  vm01 =
{ config, pkgs, ... }:
{
  services.symfony.platforms = {
database = {
  username = "www";
  /* password = "1234567" -> moved to keys.nix */
};
  ...
}
}

I want to remove the sensitive info from this file and put it in a separate
nix expression, eg. keys.nix, maintaining the same structure so the files
can be merged.

In keys.nix I currently have
{
  vm01 = {
{ config, pkgs, ... }:
{
  services.symfony.platforms.database.password = "12345678";
  ..
}
  }
}

I've modified my nixops deploy to have keys.nix loaded after the
servers.nix and platforms.nix files, but I keep getting errors like "the
attribute password does not exist"

I must be overlooking something obvious as all the other files I define in
my deploy are being merged correctly.

Can anyone advise me on how to achieve this?

The underlying reason is that I'm using git-crypt to encrypt the
platforms.nix file, but this makes it impossible to work with branches (or
git logs) etc. as the whole file is encrypted and git cannot merge binary
files (it simply replaces them).

Kind regards!

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Specifying timezone in systemd timer config startAt

[4levels]

Hi Nix-devs,

is it possible to have the startAt attribute take a given timezone in
account?

Currently I'm running all servers in UTC (as one server can serve projects
in different timezones) and I handle the timezone offsets in the
application logic.  However, this renders my startAt lines in my timer
configs pretty useless as eg. 5:30 AM doesn't take in account the current
project's timezone.  I need certain timers to run at night according to the
local timezone, not at 5:30 UTC)

I can speficfy the server's timezone via time.timeZone based on it's
physical location, but than I'm afraid I will run into various issues when
dealing with other timezones from the same server in the application logic.


Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Can a nixOps coordinator update itself?

[4levels]

Hi Nix-Ops devs,

I'm currently using a separate online instance to deploy my nixos servers.
This deploy instance is running nixos itself (I deployed it from a local vm
with nixOps).
Can the online instance update itself?  Meaning it deploying updates via
nixOps to itself?
As I can always redeploy it from my local vm, I'm not really worried about
system failure, as long as this doesn't affect the other deployed instances
ofcourse ;-)

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] PolicyKit timeout after upgrade to 16.03

[4levels]

Hi Roger,

I did find a workaround by disabling polkit alltogether.
 security.polkit.enable = false
As soon as I re-enable polkit, the issue is back again.
I will still file an issue for this, for now the systems work without
polkit.

As the servers are never running X, I'm still unsure if I need polkit at
all.
I do however use wkhtmltopdf which includes libX to be able to render PDF
documents from an HTML output.

Kind regards,

Erik

On Tue, Apr 19, 2016 at 8:27 AM Roger Qiu <roger@matrix.ai> wrote:

> You should try rolling back on the instance causing problems. By that I
> mean rolling back on the system generation (at boot loader) not channel
> generation. If it still has a problem, then something imperative occurred
> and perhaps you can force rebuild the system (I forgot whether there's a
> flag for this, or just deleting the some stuff would work)... also there's
> some commands to check package integrity. You should always try to minimise
> any imperative configuration (beyond disk and device setup as there's no
> "nix-bootstrap") so things can be reproducible.
> On 19/04/2016 12:19 AM, "4levels" <4lev...@gmail.com> wrote:
>
>> Hi Roger,
>>
>> the weird thing is that my local vm, the machine that actually deploys
>> the servers, doesn't have this issue.  This instance also runs nixos-16.03
>> and uses the same nixos-16.03-small channel.
>>
>> This issue started when trying to upgrade to 16.03  I was not really
>> clear about how to do this so I ended up running nix-channel add ... nixos
>> on all deployed servers, causing all the nixops deployed config to be lost,
>> resulting in having to redeploy every server.  Currently I'm still unsure
>> how to upgrade machines deployed with nixops :-(
>>
>> I don't mind redeploying every machine to solve this, as the issues are
>> piling up now: I need to reboot a server because I can't do any systemctl
>> call anymore that requires root privileges.  Even when first switching to
>> the root account (I know the password), this issue persists.  I'm still
>> completely unsure where this issue comes from.  Googling this error "Error
>> getting authority: Error initializing authority: Error calling
>> StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
>> (g-io-error-quark, 24)" gives me tons of pages with polkit, dbus and
>> systemd things that go far beyond my understandings.
>>
>> When running the polkit service with strace, I can see loads of errors
>> about files not being found and the trace ends with
>>
>> write(2, "Error switcing to user polkituse"..., 98Error switcing to user
>> polkituser: Error changing to home directory /var/empty: Permission denied
>> ) = 98
>>
>> Please find attached the full strace log.  I really hope someone can
>> assist further in this nasty issue.  Maybe it is related to the use of
>> nixos-16.03-small instead of nixos-16.03.  But since I'm using nixos for
>> servers only, without the need for a desktop environment, I was expecting
>> the small channel to be better..
>>
>> Kind regards!
>>
>> Erik
>>
>> On Wed, Apr 13, 2016 at 12:57 PM Roger Qiu <roger@matrix.ai> wrote:
>>
>>> Have you tried rolling back to 15.09, does it still happen?
>>>
>>>
>>> On 13/04/2016 4:47 PM, 4levels wrote:
>>>
>>> Hi Nix'ers,
>>>
>>> No one? Im I the only one who's experiencing this?
>>>
>>> This timeout still occurs and makes every call to systemctl at least 30
>>> seconds slower, pretty annoying actually..
>>>
>>> Hope someone with understanding can shed some light on what might be
>>> going on here.
>>>
>>> Erik
>>>
>>> On Tue, Apr 12, 2016 at 3:00 AM 4levels < <4lev...@gmail.com>
>>> 4lev...@gmail.com> wrote:
>>>
>>>> Hi Nix'ers,
>>>>
>>>> After upgrading to version 16.03 I'm facing timeouts whenever I try to
>>>> restart a service via systemctl restart.
>>>> I might be overlooking something obvious here, as I just ran
>>>> nix-channel-add https://nixos.org/channels/nixos-16.03-small nixos
>>>> nixos-rebuild boot --upgrade
>>>>
>>>> Any hints in what could be the issue?
>>>> This is the full error message on the console:
>>>>
>>>> Error getting authority: Error initializing authority: Error calling
>>>> StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
>>>> (g-io-error-quark, 24)
>>>>
>>>> I can run other commands through sudo though.
>>>>
>>>> Thanks!
>>>>
>>>> Erik
>>>>
>>>>
>>>
>>> ___
>>> nix-dev mailing 
>>> listnix-...@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>>> --
>>> Founder of Matrix AIhttps://matrix.ai/+61420925975
>>>
>>> ___
>>> nix-dev mailing list
>>> nix-dev@lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Upgrade from 15.09 to 16.03 with NixOps

[4levels]

Hi Teo, Kevin and Wout,

thank you all for your kind support.
I do add the nixpkgs line and things seem to work correctly.
I was just getting confused as this change initially didn't trigger a
rebuild of the deployed system.

Kind regards,

Erik

On Wed, Apr 20, 2016 at 11:42 PM Wout Mertens <wout.mert...@gmail.com>
wrote:

> The expressions are evaluated from the coordinator, so either you upgrade
> the channel there or you check out nixpkgs somewhere and set
> `NIX_PATH=nixpkgs=/path/to/your/clone` before running nixops.
>
> On Wed, Apr 20, 2016 at 1:52 PM Teo Klestrup <teo...@gmail.com> wrote:
>
>> I believe the channels are taken from the coordinator, so when the
>> coordinator is upgraded then the other machines should be, too.
>> On 18 Apr 2016 19:20, "4levels" <4lev...@gmail.com> wrote:
>>
>>> Hi Nix'ers,
>>>
>>> This is an Nix Ops related question.
>>>
>>> How can I specify which channel to use inside the nix expressions (*.nix
>>> files) for nixops?
>>>
>>> Thanks in advance!
>>>
>>> Erik
>>>
>>> ___
>>> nix-dev mailing list
>>> nix-dev@lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
> --
>
> Wout.
> (typed on mobile, excuse terseness)
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] PolicyKit timeout after upgrade to 16.03

[4levels]

Hi Roger,

the weird thing is that my local vm, the machine that actually deploys the
servers, doesn't have this issue.  This instance also runs nixos-16.03 and
uses the same nixos-16.03-small channel.

This issue started when trying to upgrade to 16.03  I was not really clear
about how to do this so I ended up running nix-channel add ... nixos on all
deployed servers, causing all the nixops deployed config to be lost,
resulting in having to redeploy every server.  Currently I'm still unsure
how to upgrade machines deployed with nixops :-(

I don't mind redeploying every machine to solve this, as the issues are
piling up now: I need to reboot a server because I can't do any systemctl
call anymore that requires root privileges.  Even when first switching to
the root account (I know the password), this issue persists.  I'm still
completely unsure where this issue comes from.  Googling this error "Error
getting authority: Error initializing authority: Error calling
StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
(g-io-error-quark, 24)" gives me tons of pages with polkit, dbus and
systemd things that go far beyond my understandings.

When running the polkit service with strace, I can see loads of errors
about files not being found and the trace ends with

write(2, "Error switcing to user polkituse"..., 98Error switcing to user
polkituser: Error changing to home directory /var/empty: Permission denied
) = 98

Please find attached the full strace log.  I really hope someone can assist
further in this nasty issue.  Maybe it is related to the use of
nixos-16.03-small instead of nixos-16.03.  But since I'm using nixos for
servers only, without the need for a desktop environment, I was expecting
the small channel to be better..

Kind regards!

Erik

On Wed, Apr 13, 2016 at 12:57 PM Roger Qiu <roger@matrix.ai> wrote:

> Have you tried rolling back to 15.09, does it still happen?
>
>
> On 13/04/2016 4:47 PM, 4levels wrote:
>
> Hi Nix'ers,
>
> No one? Im I the only one who's experiencing this?
>
> This timeout still occurs and makes every call to systemctl at least 30
> seconds slower, pretty annoying actually..
>
> Hope someone with understanding can shed some light on what might be going
> on here.
>
> Erik
>
> On Tue, Apr 12, 2016 at 3:00 AM 4levels < <4lev...@gmail.com>
> 4lev...@gmail.com> wrote:
>
>> Hi Nix'ers,
>>
>> After upgrading to version 16.03 I'm facing timeouts whenever I try to
>> restart a service via systemctl restart.
>> I might be overlooking something obvious here, as I just ran
>> nix-channel-add https://nixos.org/channels/nixos-16.03-small nixos
>> nixos-rebuild boot --upgrade
>>
>> Any hints in what could be the issue?
>> This is the full error message on the console:
>>
>> Error getting authority: Error initializing authority: Error calling
>> StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
>> (g-io-error-quark, 24)
>>
>> I can run other commands through sudo though.
>>
>> Thanks!
>>
>> Erik
>>
>>
>
> ___
> nix-dev mailing 
> listnix-...@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> --
> Founder of Matrix AIhttps://matrix.ai/
> +61420925975
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
[root@administration:/root]# strace /nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/polkit-1/polkitd
execve("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/polkit-1/polkitd", ["/nix/store/wb07v337r8d6l4g5pqns3"...], [/* 51 vars */]) = 0
brk(NULL)   = 0xe33000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8e94895000
access("/etc/ld-nix.so.preload", R_OK)  = -1 ENOENT (No such file or directory)
open("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/tls/x86_64/libpolkit-gobject-1.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/tls/x86_64", 0x7ffc0a8379c0) = -1 ENOENT (No such file or directory)
open("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/tls/libpolkit-gobject-1.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/tls", 0x7ffc0a8379c0) = -1 ENOENT (No such file or directory)
open("/nix/store/wb07v337r8d6l4g5pqns364qpajnw57n-polkit-0.113/lib/x86_64/libpolkit-gobject-1.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/n

[Nix-dev] Upgrade from 15.09 to 16.03 with NixOps

[4levels]

Hi Nix'ers,

This is an Nix Ops related question.

How can I specify which channel to use inside the nix expressions (*.nix
files) for nixops?

Thanks in advance!

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] PolicyKit timeout after upgrade to 16.03

[4levels]

Hi Nix'ers,

No one? Im I the only one who's experiencing this?

This timeout still occurs and makes every call to systemctl at least 30
seconds slower, pretty annoying actually..

Hope someone with understanding can shed some light on what might be going
on here.

Erik

On Tue, Apr 12, 2016 at 3:00 AM 4levels <4lev...@gmail.com> wrote:

> Hi Nix'ers,
>
> After upgrading to version 16.03 I'm facing timeouts whenever I try to
> restart a service via systemctl restart.
> I might be overlooking something obvious here, as I just ran
> nix-channel-add https://nixos.org/channels/nixos-16.03-small nixos
> nixos-rebuild boot --upgrade
>
> Any hints in what could be the issue?
> This is the full error message on the console:
>
> Error getting authority: Error initializing authority: Error calling
> StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
> (g-io-error-quark, 24)
>
> I can run other commands through sudo though.
>
> Thanks!
>
> Erik
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] PolicyKit timeout after upgrade to 16.03

[4levels]

Hi Nix'ers,

After upgrading to version 16.03 I'm facing timeouts whenever I try to
restart a service via systemctl restart.
I might be overlooking something obvious here, as I just ran
nix-channel-add https://nixos.org/channels/nixos-16.03-small nixos
nixos-rebuild boot --upgrade

Any hints in what could be the issue?
This is the full error message on the console:

Error getting authority: Error initializing authority: Error calling
StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached
(g-io-error-quark, 24)

I can run other commands through sudo though.

Thanks!

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Compare strings in filterAttrs

[4levels]

Oh my, Vladimir, that just did the trick!  I tried <= before but that fails.

Thanks a million!

Erik

On Thu, Mar 24, 2016 at 3:31 PM Vladimír Čunát <vcu...@gmail.com> wrote:

> On 03/24/2016 03:25 PM, 4levels wrote:
> > I've been looking in the strings functions but I can't seem to find any
> > string comparision functions.  The only one I find is the versionOlder
> > function, but that doesn't seem to work to compare any 2 strings.
>
> nix-repl> "foo" < "bar"
> false
>
> --Vladimir
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Compare strings in filterAttrs

[4levels]

Hi Nix'ers,

I currently have a set of service configurations like follows:
{
  a-service = {..};
  b-service = {..};
  c-service = {..};
}

I'd like them to be configured that they wait for eachother before being
activated.  Therefor I though I'd pass the "previous" services names to the
after keyword in the systemd config, eg.

a-service = {
  after = [ .. ];
};
b-service = {
  after = [ .. "a-service" ];
};
c-service = {
  after = [ .. "a-service" "b-service" ]; // or [ .. "b-service"];
};

So somehow I need to filter the list of services with a function that
receives the current service name (eg. "b-service") and returns all keys
that occur before the current service (eg. "a-service" when given
"b-service", "b-service" when given "c-service")

I've been looking in the strings functions but I can't seem to find any
string comparision functions.  The only one I find is the versionOlder
function, but that doesn't seem to work to compare any 2 strings.

Any ideas on how to achieve this?

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Configure graphite-web

[4levels]

Hi Nix'ers,

I'm using graphite for monitoring my servers.  Everything works as
expected, but I'm unable to find how to configure the webapp.

I'd like to pre-configure or store some graphs so I don't need to create
the same graph everytime I close the window.  According to the graphite
config, I need to setup a database in order to save graphs etc, but I'm
failing to see where I can add the required config parameters for the
webapp.

Anyone has any experience with a usable graphite-web config where one can
save graphs and graph layouts?

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOps rasta ;-)

[4levels]

Yeah ;-)

I just like these colors..

I've been using nixops on a daily basis for the last couple of months but
it never showed me these colors until today.
Peace man



On Tue, Mar 22, 2016, 01:38 Franz Pletz <fpl...@fnordicwalking.de> wrote:

> On Tue, 22 Mar 2016 07:13:41 +0800
> stewart mackenzie <setor...@gmail.com> wrote:
>
> > Forgive my ignorance, but why does this brighten your day?
>
> 4levels is probably referring to:
>
>   https://en.wikipedia.org/wiki/Rastafari#Spiritual_use_of_cannabis
>
> Uptoke,
> fpletz
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NixOps rasta ;-)

[4levels]

Hi Nixers,

This just brightened my day by bringing a smile..

[image: NixOps-rasta.png]

Keep up the great efforts on making Nix* so great!

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Adding hostnames to 127.0.0.1 in /etc/hosts

[4levels]

Hi,

thank you for your swift reply!
This morning I stumbled upon this post on the unix stackexchange (from 2
years ago):
http://unix.stackexchange.com/questions/102660/hosts-file-is-it-incorrect-to-have-the-same-ip-address-on-multiple-lines

Like I said, I've been using the same ip address on multiple lines since a
long time (mostly for readability and to easily comment & uncomment lines)
on my local machines for a long time without running into issues.  I just
wanted to make sure this is quite trivial and should never cause any issues.
I'm also making sure that the names itself only appear once in the whole
file..

Kind regards,



On Tue, Mar 1, 2016 at 1:21 PM zimbatm <zimb...@zimbatm.com> wrote:

> I don't know why [hostname]-encrypted exists but having multiple lines
> with the same address is fine. You can also have multiple names on the same
> like like:
>
> 127.0.0.1 node guzzle
>
>
> On Tue, 1 Mar 2016 at 12:11 4levels <4lev...@gmail.com> wrote:
>
>> Dear Nix'ers,
>>
>> I've been wondering how all my deployed machines with NixOps, get this
>> default hosts file layout (where [hostname] is the actual server's
>> hostname):
>>
>> 127.0.0.1 localhost
>> ::1 localhost
>> 127.0.0.1 [hostname]-encrypted
>>
>> I was recently pointed to the fact that an IP address should only be
>> present once in the hosts file as lookups happen in both directions (name
>> -> ip and ip -> name).  Is this resulting hostfile invalid in any way or
>> can I safely ignore this?
>>
>> I've searched the repo's and this seems to be done in
>> nixops/deployment.py:426, as follows:
>>
>> hosts[m.name]["127.0.0.1"].append(m.name + "-encrypted")
>>
>> The reason I'm asking is that I need to add more names to the 127.0.0.1
>> line, but I can't seem to do this on the first line (right after localhost)
>> so I need to add another line starting with 127.0.0.1 to achieve this.
>> This results in the hosts file now containing 3 separate lines starting
>> with 127.0.0.1, listing different names on each line..
>>
>> I never ran into issues with hosts files containing the same IP address
>> multiple times, so I'm just wondering how important this is since I'm
>> having multiple local processes (node, guzzle) performing requests to the
>> local machine for proxy purposes.
>>
>>
>> Kind regards,
>>
>> Erik aka 4levels
>>
> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Problem with the SSL CA cert

[4levels]

Hi Stewart,

I recently stumbled upon a similar issue (with an s3 backup script) and
this morning with curl.  I was happy to see that the proposed solution by
Guillaume Maudoux fixed my curl calls as well, so I hope this helps you
too!  He even created an issue for it:
https://github.com/NixOS/nixpkgs/issues/8486
In short, I just add the following to the service config section

..
after = [ ... ];environment = {  inherit
(config.environment.variables) SSL_CERT_FILE;};
path = [ pkgs.curl ];
script = "...";
..


Kind regards,

Erik

On Mon, Feb 29, 2016 at 3:34 PM stewart mackenzie 
wrote:

> We can manually curl for the files, we can manually run cargo, but as
> soon as you run it through nix it fails.
>
> --- snip ---
>
> Fetching /tmp/nix-build-development_test-fetch.drv-0/fvm to
> /nix/store/b73ag3bvlrcchz791r1ijfilbyyigv3d-development_test-fetch
> Fetching
> /tmp/nix-build-capnpc-rust-2015-12-07-fetch.drv-0/capnpc-rust-1123a4f5de32f0300f1a6b8014b6c3525e170fa9-src
> to /nix/store/0p4fy98wnwdxv1phizj2wrx649c8yxgd-capnpc-rust-2015-12-07-fetch
> Using rust registry from
> /nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c
> Using rust registry from
> /nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c
> Updating registry
>
> `file:///nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c`
> Updating registry
>
> `file:///nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c`
>  Downloading libloading v0.2.1 (registry
>
> file:///nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c)
>  Downloading byteorder v0.4.2 (registry
>
> file:///nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c)
> unable to get packages from source
>
> Caused by:
>   failed to download package `byteorder v0.4.2 (registry
>
> file:///nix/store/z3wfziqiyi2sr4pq5rpvbzdpg9z9vzpr-rustRegistry-2016-02-28-c1f041c)`
> from https://crates.io/api/v1/crates/byteorder/0.4.2/download
>
> Caused by:
>   Problem with the SSL CA cert (path? access rights?)
> unable to get packages from source
>
> --- snip ---
>
> cacert is in configuration.nix
>
> What gives?
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Adding hostnames to 127.0.0.1 in /etc/hosts

[4levels]

Dear Nix'ers,

I've been wondering how all my deployed machines with NixOps, get this
default hosts file layout (where [hostname] is the actual server's
hostname):

127.0.0.1 localhost
::1 localhost
127.0.0.1 [hostname]-encrypted

I was recently pointed to the fact that an IP address should only be
present once in the hosts file as lookups happen in both directions (name
-> ip and ip -> name).  Is this resulting hostfile invalid in any way or
can I safely ignore this?

I've searched the repo's and this seems to be done in
nixops/deployment.py:426, as follows:

hosts[m.name]["127.0.0.1"].append(m.name + "-encrypted")

The reason I'm asking is that I need to add more names to the 127.0.0.1
line, but I can't seem to do this on the first line (right after localhost)
so I need to add another line starting with 127.0.0.1 to achieve this.
This results in the hosts file now containing 3 separate lines starting
with 127.0.0.1, listing different names on each line..

I never ran into issues with hosts files containing the same IP address
multiple times, so I'm just wondering how important this is since I'm
having multiple local processes (node, guzzle) performing requests to the
local machine for proxy purposes.


Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Custom php.ini for cli calls

[4levels]

Hi Guillaume,

thanks again for the interesting reply, this would have taken me hours (oh,
it already has) if not days to figure this out myself!  The php --ini call
is actually the solution for me as indeed no config file is being loaded in
cli.  I'm wondering if this is safe as I don't know how sensible php's
defaults are..
The phpfpm service already has a customized ini file being generated (I
can't find this listed when I call "systemctl status phpfpm").  When I
setup an info file containing the phpinfo() function I can view the path of
the customized and loaded config file.

I've updated my scripts to include the -c  and that
does the trick, great stuff!

  ${pkgs.php}/bin/php -c ${config.services.phpfpm.phpIni} ...

Thanks again!

Erik

On Thu, Feb 4, 2016 at 5:25 PM Guillaume Maudoux (Layus) <layus...@gmail.com>
wrote:

> That being said, you can also start php with the right arguments.
> It seems to me that php does not read any configuration file from the
> derivation when it starts.
>
> $ php --ini
> Configuration File (php.ini) Path:
> /nix/store/hr30lz6ziqinsbi525fm9han3lr9nsmj-php-5.6.16/etc
> Loaded Configuration File: (none)
> Scan for additional .ini files in: /etc
> Additional .ini files parsed:  (none)
>
> so you probably need to put your own php.ini file in /etc or call php -c
> 
>
> Nothing to do with the derivation :-).
>
> Layus.
>
> Le 04/02/16 17:14, Guillaume Maudoux (Layus) a écrit :
>
> Hi,
>
> I found a hint on StackOverflow[1], which outlines that php is not the
> product of a makeDerivation, but instead is a composableDerivation.
> More info on these strange beasts can be found in the source itself[2],
> with php being explicitly cited as an exception.
> Once you know it, you notice it at the top of php/default.nix :-).
>
> Basically, overrideDerivation is not available for php; instead you have
> the choice between merge and replace
>
> This works for me :
>
> # In .nixpkgs/config.nix :
> packageOverrides = pkgs: with pkgs; rec {
>php70 = pkgs.php70.merge (oldAttrs: {
>   installPhase = ''
>   # use the old installPhase if need be
>   ${oldAttrs.installPhase}
>
>   # Add custom stuff
>   echo "Strange option" >> $iniFile
>   '';
> });
> };
>
> [1]
> http://stackoverflow.com/questions/23660797/nix-composable-derivation-options
> [2]
> https://github.com/NixOS/nixpkgs/blob/master/lib/composable-derivation.nix
>
> Le 04/02/16 15:52, 4levels a écrit :
>
> Hi Nix Devs,
>
> I'm trying to increase the memory_limit settings for php cli calls.
> For the phpfpm calls I've managed (a few months ago) to append my custom
> options to the php.ini file as the phpfpm service has an option to do so.
> However, for php cli calls, the memory_limit value is usually set to
> unlimited, but not with the default config in the nix package: it has a
> value of 128M (instead of the expected -1).
>
> In the php/default.nix I can see that the ini file is generated in the
> installPhase, but I'm failing to override this.
>
> Do you have any suggestions on how to achieve this?
>
>
> Kind regards,
>
> Erik
>
> Working phpfpm custom ini snippet:
>
> # Custom PHP ini file for apc / memcached
> services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
>   options = ''
> date.timezone = Europe/Brussels
> extension = "${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so"
> max_execution_time = 30
> post_max_size = 100M
> upload_max_size = 100M
> upload_max_filesize = 20M
> memory_limit = 256M
> apc.enable = 1
>   '';
> }
> ''
>   cat ${pkgs.php}/etc/php-recommended.ini > $out
>   echo "$options" >> $out
> '';
>
>
>
> ___
> nix-dev mailing 
> listnix-...@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Custom php.ini for cli calls

[4levels]

Hi Nix Devs,

I'm trying to increase the memory_limit settings for php cli calls.
For the phpfpm calls I've managed (a few months ago) to append my custom
options to the php.ini file as the phpfpm service has an option to do so.
However, for php cli calls, the memory_limit value is usually set to
unlimited, but not with the default config in the nix package: it has a
value of 128M (instead of the expected -1).

In the php/default.nix I can see that the ini file is generated in the
installPhase, but I'm failing to override this.

Do you have any suggestions on how to achieve this?


Kind regards,

Erik

Working phpfpm custom ini snippet:

# Custom PHP ini file for apc / memcached
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
  options = ''
date.timezone = Europe/Brussels
extension = "${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so"
max_execution_time = 30
post_max_size = 100M
upload_max_size = 100M
upload_max_filesize = 20M
memory_limit = 256M
apc.enable = 1
  '';
}
''
  cat ${pkgs.php}/etc/php-recommended.ini > $out
  echo "$options" >> $out
'';
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Going through hell with systemd timers

[4levels]

Hi Nix-Devs,

yesterday I came to a point of really wanting to break something out of
sheer frustration over failing systemd timer calls.

I've setup a duplicity backup script over s3 that works flawlessly when
invoked from terminal, but fails misrably when being called from a timer.

I've tried everything I know, including but not limited to adding my full
user $PATH to the script, adding all possible related packages to the path
directive, .. nothing seems to work.

The duplicity error is very vague (BackendException) and when adding
maximum verbosity to the duplicity call ( -v9 ) I do get some error which
seems to be related to a very old duplicity bug.  Since duplicity uses
python (the version I could trace seems to be 2.7) with python-boto for the
s3 backend - the issue seems to be related to this, but I can't figure out
what could be the reason since all required packages are installed and
operational from the commandline.

Has anyone experience with running python-based code in systemd timer calls
(without being bitten)?

On top of that, Github went down for a couple of hours last night and to
make things even worse, NixOps cannot finish a deploy on any of the 5
machines I'm managing with it anymore, with a vague error message:

v-ams02...> updating GRUB 2 menu...
v-ams02...> Died at
/nix/var/nix/profiles/system/bin/switch-to-configuration line 264.
v-ams02...> error: unable to activate new configuration

Kind regards.

Erik

Duplicity error with maximum verbosity:
Backend error detail: Traceback (most recent call last):
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/bin/.duplicity-wrapped",
line 1519, in 
with_tempdir(main)
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/bin/.duplicity-wrapped",
line 1513, in with_tempdir
fn()
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/bin/.duplicity-wrapped",
line 1354, in main
action = commandline.ProcessCommandLine(sys.argv[1:])
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/commandline.py",
line 1070, in ProcessCommandLine
backup, local_pathname = set_backend(args[0], args[1])
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/commandline.py",
line 961, in set_backend
globals.backend = backend.get_backend(bend)
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/backend.py",
line 223, in get_backend
obj = get_backend_object(url_string)
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/backend.py",
line 209, in get_backend_object
return factory(pu)
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/backends/_boto_single.py",
line 161, in __init__
self.resetConnection()
  File
"/nix/store/ap2bv0p5m8napigg7f6yciap4nm61ap8-duplicity-0.7.02/lib/python2.7/site-packages/duplicity/backends/_boto_single.py",
line 187, in resetConnection
raise BackendException(err.message)
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Going through hell with systemd timers

[4levels]

Hi Exi,

thank you for your reply.

This is the timers config I'm using (note that I'm starting this every 5
minutes to troubleshoot, is supposed to run every 2 hours or so)

backup = {
  description = "Backup service";
  after = [ "network.target" "mysql.target" ];
  path = [ pkgs.procps pkgs.gawk pkgs.nettools pkgs.mysql pkgs.php
pkgs.duplicity pkgs.postfix ];
  script =
  ''
  ./s3Backup.sh
  '';
  startAt = "*-*-* *:0/5:00";



And the contents of the s3Backup.sh script:

s3Backup = name:
  ''
#!${pkgs.bash}/bin/bash

${builtins.readFile ./src/envrc}

# Your GPG key
GPG_KEY=

# export 
PATH="$PATH:/var/setuid-wrappers:/run/current-system/sw/bin:/run/current-system/sw/sbin"

# Set up some variables for logging
LOGFILE="/var/lib/projects/${name}/log/duplicity-backup.log"
DAILYLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.daily.log"
FULLBACKLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.full.log"
HOST=`hostname`
DATE=`date +%Y-%m-%d`
MAILADDR="d...@domain.com"
TODAY=$(date +%d%m%Y)

# The S3 destination followed by bucket name
DEST="s3://s3.amazonaws.com/projects-backup-eu-west/${name}"

is_running=$(ps -ef | grep duplicity  | grep python | wc -l)

if [ ! -f $FULLBACKLOGFILE ]; then
  touch $FULLBACKLOGFILE
fi

if [ $is_running -eq 0 ]; then
  # Clear the old daily log file
  cat /dev/null > ''${DAILYLOGFILE}

  # Trace function for logging, don't change this
  trace () {
stamp=`date +%Y-%m-%d_%H:%M:%S`
echo "$stamp: $*" >> ''${DAILYLOGFILE}
  }

  # Dump $PATH
  trace "Current PATH: $PATH"

  # How long to keep backups for
  OLDER_THAN="1M"

  # The source of your backup
  SOURCE=/var/lib/projects/${name}

  FULL=
  tail -1 ''${FULLBACKLOGFILE} | grep ''${TODAY} > /dev/null
  if [ $? -ne 0 -a $(date +%d) -eq 1 ]; then
FULL=full
  fi;

  trace "Backup for local filesystem started"

  trace "... removing old backups"

  duplicity remove-older-than ''${OLDER_THAN} ''${DEST}
--s3-use-new-style >> ''${DAILYLOGFILE} 2>&1

  trace "... backing up filesystem"

  duplicity \
''${FULL} \
-v9 \
--s3-use-new-style --s3-european-buckets --no-encryption \
--include=/var/lib/projects/${name}/data/backup \
--exclude=/** \
--allow-source-mismatch \
''${SOURCE} ''${DEST} >> ''${DAILYLOGFILE} 2>&1

  trace "Backup for local filesystem complete"
  trace ""

  # Send the daily log file by email
  BACKUPSTATUS=`cat "$DAILYLOGFILE" | grep Errors | awk '{ print $2 }'`
  if [ "$BACKUPSTATUS" != "0" ]; then
echo -e "Subject: Duplicity Backup Log for $HOST - $DATE -
${name}\n\n$(cat $DAILYLOGFILE)" | sendmail $MAILADDR
  elif [ "$FULL" = "full" ]; then
echo "$(date +%d%m%Y_%T) Full Back Done" >> $FULLBACKLOGFILE
  fi

  # Append the daily log file to the main log file
  cat "$DAILYLOGFILE" >> $LOGFILE

fi

unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset PASSPHRASE
  '';



On Thu, Jan 28, 2016 at 10:34 AM exi <e-ni...@wthack.de> wrote:

> Hi Erik,
>
> does duplicity use an ssh connection? Does it depend on your ssh
> passphrase to be present? Do you use a ssh agent?
>
> "BackendException" from the traceback looks more like a connection issue
> than a nix issue.
> Which user is running the timer command?
> Could you post your timer config?
>
> Regards,
>
> exi
>
>
> On 28.01.2016 09:07, 4levels wrote:
>
> Hi Nix-Devs,
>
> yesterday I came to a point of really wanting to break something out of
> sheer frustration over failing systemd timer calls.
>
> I've setup a duplicity backup script over s3 that works flawlessly when
> invoked from terminal, but fails misrably when being called from a timer.
>
> I've tried everything I know, including but not limited to adding my full
> user $PATH to the script, adding all possible related packages to the path
> directive, .. nothing seems to work.
>
> The duplicity error is very vague (BackendException) and when adding
> maximum verbosity to the duplicity call ( -v9 ) I do get some error which
> seems to be related to a very old duplicity bug.  Since duplicity uses
> python (the version I could trace seems to be 2.7) with python-boto for the
> s3 backend - the issue seems to be related to this, but I can't figure out
> what could be the reason since all required packages are installed and
> 

Re: [Nix-dev] Going through hell with systemd timers

[4levels]

Hi Zimbatm (is that your name :-)

I'm currently trying to debug by using printenv to view the differences in
both environments.  I'm not yet familiar with using nix-shell :-s
But since I cannot even deploy or rebuild switch anymore (see my other
email to this list) I'm pretty stuck.

I'm currently repartitioning and reinstalling the Vultr machines (*sigh*)
to see if that brings any changes..

Thank you for your pointer to the environment vars!

Erik

On Thu, Jan 28, 2016 at 10:56 AM zimbatm <zimb...@zimbatm.com> wrote:

> One common error with system services are missing environment variable.
> When testing with your shell you will have $HOME set for example.
>
> On Thu, 28 Jan 2016 09:43 4levels <4lev...@gmail.com> wrote:
>
>> Hi Exi,
>>
>> thank you for your reply.
>>
>> This is the timers config I'm using (note that I'm starting this every 5
>> minutes to troubleshoot, is supposed to run every 2 hours or so)
>>
>> backup = {
>>   description = "Backup service";
>>   after = [ "network.target" "mysql.target" ];
>>   path = [ pkgs.procps pkgs.gawk pkgs.nettools pkgs.mysql pkgs.php 
>> pkgs.duplicity pkgs.postfix ];
>>   script =
>>   ''
>>   ./s3Backup.sh
>>   '';
>>   startAt = "*-*-* *:0/5:00";
>>
>>
>>
>> And the contents of the s3Backup.sh script:
>>
>> s3Backup = name:
>>   ''
>> #!${pkgs.bash}/bin/bash
>>
>> ${builtins.readFile ./src/envrc}
>>
>> # Your GPG key
>> GPG_KEY=
>>
>> # export 
>> PATH="$PATH:/var/setuid-wrappers:/run/current-system/sw/bin:/run/current-system/sw/sbin"
>>
>> # Set up some variables for logging
>> LOGFILE="/var/lib/projects/${name}/log/duplicity-backup.log"
>> DAILYLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.daily.log"
>> FULLBACKLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.full.log"
>> HOST=`hostname`
>> DATE=`date +%Y-%m-%d`
>> MAILADDR="d...@domain.com"
>> TODAY=$(date +%d%m%Y)
>>
>> # The S3 destination followed by bucket name
>> DEST="s3://s3.amazonaws.com/projects-backup-eu-west/${name} 
>> <http://s3.amazonaws.com/projects-backup-eu-west/$%7Bname%7D>"
>>
>> is_running=$(ps -ef | grep duplicity  | grep python | wc -l)
>>
>> if [ ! -f $FULLBACKLOGFILE ]; then
>>   touch $FULLBACKLOGFILE
>> fi
>>
>> if [ $is_running -eq 0 ]; then
>>   # Clear the old daily log file
>>   cat /dev/null > ''${DAILYLOGFILE}
>>
>>   # Trace function for logging, don't change this
>>   trace () {
>> stamp=`date +%Y-%m-%d_%H:%M:%S`
>> echo "$stamp: $*" >> ''${DAILYLOGFILE}
>>   }
>>
>>   # Dump $PATH
>>   trace "Current PATH: $PATH"
>>
>>   # How long to keep backups for
>>   OLDER_THAN="1M"
>>
>>   # The source of your backup
>>   SOURCE=/var/lib/projects/${name}
>>
>>   FULL=
>>   tail -1 ''${FULLBACKLOGFILE} | grep ''${TODAY} > /dev/null
>>   if [ $? -ne 0 -a $(date +%d) -eq 1 ]; then
>> FULL=full
>>   fi;
>>
>>   trace "Backup for local filesystem started"
>>
>>   trace "... removing old backups"
>>
>>   duplicity remove-older-than ''${OLDER_THAN} ''${DEST} 
>> --s3-use-new-style >> ''${DAILYLOGFILE} 2>&1
>>
>>   trace "... backing up filesystem"
>>
>>   duplicity \
>> ''${FULL} \
>> -v9 \
>> --s3-use-new-style --s3-european-buckets --no-encryption \
>> --include=/var/lib/projects/${name}/data/backup \
>> --exclude=/** \
>> --allow-source-mismatch \
>> ''${SOURCE} ''${DEST} >> ''${DAILYLOGFILE} 2>&1
>>
>>   trace "Backup for local filesystem complete"
>>   trace ""
>>
>>   # Send the daily log file by email
>>   BACKUPSTATUS=`cat "$DAILYLOGFILE" | grep Errors | awk '{ print $2 }'`
>>   if [ "$BACKUPSTATUS" != "0" ]; then
>> echo -e "Subject: Duplicity Backup Log for $HOST - $DATE - 
>> ${name}\n\n$(cat $DAILYLOGFILE)" | sendmail $MAILADDR
>>   elif [ "$FULL" = "full" ]; then
>> echo "$(date +%d%m%Y_%T) Full Back Done&

Re: [Nix-dev] sudo nixos-rebuild test failes after new install

[4levels]

Hi Nix-Devs,

it seems that I'm the culprit of this messed up state of the Vultr machines.
I tried adding a swap partition under the fileSystems directive.  After
finding the correct way to define swap devices (I was assuming
fileSystems."swap" would work), the damage was already done and deploying
via NixOps started failing on all 5 servers.

I just finished reinstalling one machine and now everything seems to work
again (on that machine that is, the others are still failing).  I didn't
realize messing with the fileSystems entry is this kind of dangerous ;-)

Kind regards,

Erik

On Thu, Jan 28, 2016 at 8:53 AM 4levels <4lev...@gmail.com> wrote:

> Hi Nix Dev's,
>
> yesterday I set up a new instance on Vultr (by adding the latest nixos
> minimal install disk).
>
> After the initial install - which just works fine - I cannot rebuild
> anymore.  I can update the machine through NixOps, but running
> nixos-rebuild always failes.
>
> This is the output I'm getting:
> building Nix...
> building the system configuration...
> error: value is a list while a set was expected, at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:214:62
>
> This seems unrelated to my own configuration options, or am I missing
> something obvious here?
>
> I've tried updating the channels, my current channels are:
> nixos https://nixos.org/channels/nixos-15.09
> nixos-15.09 https://nixos.org/channels/nixos-15.09
> (they both seem identical to me, except for the name)
>
> Kind regards,
>
> Erik
>
> Full trace:
> building Nix...
> building the system configuration...
> error: while evaluating the attribute ‘buildCommand’ of the derivation
> ‘nixos-15.09.947.6783594’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/system/activation/top-level.nix:102:7:
> while evaluating the attribute ‘sources’ of the derivation ‘etc’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/system/etc/etc.nix:12:5:
> while evaluating the attribute ‘environment.etc’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:134:44:
> while evaluating anonymous function at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:74:45,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:134:52:
> while evaluating the attribute ‘value’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:287:9:
> while evaluating the option `environment.etc':
> while evaluating the attribute ‘isDefined’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:319:5:
> while evaluating ‘filterOverrides’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:391:21,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:303:18:
> while evaluating ‘concatMap’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/lists.nix:62:18,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:397:8:
> while evaluating ‘concatMap’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/lists.nix:62:18,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:298:17:
> while evaluating anonymous function at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:298:28,
> called from undefined position:
> while evaluating ‘dischargeProperties’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:361:25,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:299:62:
> while evaluating ‘dischargeProperties’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:361:25,
> called from
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:366:9:
> while evaluating the attribute ‘content’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:437:14:
> while evaluating the attribute ‘etc’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix:235:5:
> while evaluating ‘flip’ at
> /nix/store/iwhkdzryfzapl5cya1y88y1

Re: [Nix-dev] Going through hell with systemd timers

[4levels]

Dear Guillaume,

you saved my day (and sleepless last night)!
This line worked all the magic for me:

environment = {
  inherit (config.environment.variables) SSL_CERT_FILE;
};

Make sure to pass through our office whenever you're near Gent, Belgium,
we're keeping a bottle of champagne chilled for you ;-)

And again nix-dev proves to be the most valuable resource in our NixOs /
NixOps experience!

Kind regards to you all, and as before, keep up the amazing work and great
attitude..


Erik

On Thu, Jan 28, 2016 at 11:19 AM Guillaume Maudoux (Layus) <
layus...@gmail.com> wrote:

> Hi,
>
> My experience with urlwatch was that the SSL_CERT_FILE env var was missing.
> This may also be your issue if you are using the network.
>
> It is however always possible to run the service manually, and see the
> logs.
> A service declaration with a startAt attribute creates two services, .service
> and .timer.
> You can start your service with # systemctl start .service and
> see the logs in journald.
> (No need to wait for the timer.)
>
> I made urlwatch work with the following snippet :
>
>   systemd.services.urlwatch = rec {
> description = "Run urlwatch (${startAt})";
> startAt = "hourly";
> environment = {
>   inherit (config.environment.variables) SSL_CERT_FILE;
> };
>
> serviceConfig = {
>   User = "layus"; # should use a user unit...
>   ExecStart = "${urlwatch}/bin/urlwatch -v";
> };
>   };
>
> For debugging, I used:
> # systemctl start urlwatch.service : Start the service once.
> $ systemctl status urlwatch.service -l -n 1000 : See the systemd logs for
> the last run, up to 1000 full lines.
> # journalctl -xef --unit=urlwatch : Print all the logs, -f follows the
> output in real time.
>
> A very simple trick is indeed to dump the environment at the start of the
> script.
>
> Layus.
>
> Le 28/01/16 10:59, 4levels a écrit :
>
> Hi Zimbatm (is that your name :-)
>
> I'm currently trying to debug by using printenv to view the differences in
> both environments.  I'm not yet familiar with using nix-shell :-s
> But since I cannot even deploy or rebuild switch anymore (see my other
> email to this list) I'm pretty stuck.
>
> I'm currently repartitioning and reinstalling the Vultr machines (*sigh*)
> to see if that brings any changes..
>
> Thank you for your pointer to the environment vars!
>
> Erik
>
> On Thu, Jan 28, 2016 at 10:56 AM zimbatm < <zimb...@zimbatm.com>
> zimb...@zimbatm.com> wrote:
>
>> One common error with system services are missing environment variable.
>> When testing with your shell you will have $HOME set for example.
>>
>> On Thu, 28 Jan 2016 09:43 4levels < <4lev...@gmail.com>4lev...@gmail.com>
>> wrote:
>>
>>> Hi Exi,
>>>
>>> thank you for your reply.
>>>
>>> This is the timers config I'm using (note that I'm starting this every 5
>>> minutes to troubleshoot, is supposed to run every 2 hours or so)
>>>
>>> backup = {
>>>   description = "Backup service";
>>>   after = [ "network.target" "mysql.target" ];
>>>   path = [ pkgs.procps pkgs.gawk pkgs.nettools pkgs.mysql pkgs.php 
>>> pkgs.duplicity pkgs.postfix ];
>>>   script =
>>>   ''
>>>   ./s3Backup.sh
>>>   '';
>>>   startAt = "*-*-* *:0/5:00";
>>>
>>>
>>>
>>> And the contents of the s3Backup.sh script:
>>>
>>> s3Backup = name:
>>>   ''
>>> #!${pkgs.bash}/bin/bash
>>>
>>> ${builtins.readFile ./src/envrc}
>>>
>>> # Your GPG key
>>> GPG_KEY=
>>>
>>> # export 
>>> PATH="$PATH:/var/setuid-wrappers:/run/current-system/sw/bin:/run/current-system/sw/sbin"
>>>
>>> # Set up some variables for logging
>>> LOGFILE="/var/lib/projects/${name}/log/duplicity-backup.log"
>>> DAILYLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.daily.log"
>>> 
>>> FULLBACKLOGFILE="/var/lib/projects/${name}/log/duplicity-backup.full.log"
>>> HOST=`hostname`
>>> DATE=`date +%Y-%m-%d`
>>> MAILADDR="d...@domain.com"
>>> TODAY=$(date +%d%m%Y)
>>>
>>> # The S3 destination followed by bucket name
>>> DEST="s3://s3.amazonaws.com/projects-backup-eu-west/${name} 
>>> <http://s3.amazonaws.com/projects-backup-eu-west/$%7Bname%7D>"
>>>
>>> is_running=$(ps -ef | gr

[Nix-dev] sudo nixos-rebuild test failes after new install

[4levels]

Hi Nix Dev's,

yesterday I set up a new instance on Vultr (by adding the latest nixos
minimal install disk).

After the initial install - which just works fine - I cannot rebuild
anymore.  I can update the machine through NixOps, but running
nixos-rebuild always failes.

This is the output I'm getting:
building Nix...
building the system configuration...
error: value is a list while a set was expected, at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:214:62

This seems unrelated to my own configuration options, or am I missing
something obvious here?

I've tried updating the channels, my current channels are:
nixos https://nixos.org/channels/nixos-15.09
nixos-15.09 https://nixos.org/channels/nixos-15.09
(they both seem identical to me, except for the name)

Kind regards,

Erik

Full trace:
building Nix...
building the system configuration...
error: while evaluating the attribute ‘buildCommand’ of the derivation
‘nixos-15.09.947.6783594’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/system/activation/top-level.nix:102:7:
while evaluating the attribute ‘sources’ of the derivation ‘etc’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/system/etc/etc.nix:12:5:
while evaluating the attribute ‘environment.etc’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:134:44:
while evaluating anonymous function at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:74:45,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:134:52:
while evaluating the attribute ‘value’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:287:9:
while evaluating the option `environment.etc':
while evaluating the attribute ‘isDefined’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:319:5:
while evaluating ‘filterOverrides’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:391:21,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:303:18:
while evaluating ‘concatMap’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/lists.nix:62:18,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:397:8:
while evaluating ‘concatMap’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/lists.nix:62:18,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:298:17:
while evaluating anonymous function at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:298:28,
called from undefined position:
while evaluating ‘dischargeProperties’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:361:25,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:299:62:
while evaluating ‘dischargeProperties’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:361:25,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:366:9:
while evaluating the attribute ‘content’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/modules.nix:437:14:
while evaluating the attribute ‘etc’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix:235:5:
while evaluating ‘flip’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/trivial.nix:57:16,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix:50:33:
while evaluating ‘filterAttrs’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:77:23,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/trivial.nix:57:19:
while evaluating ‘concatMap’ at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/lists.nix:62:18,
called from
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:78:18:
while evaluating anonymous function at
/nix/store/iwhkdzryfzapl5cya1y88y1rpajff8ca-nixos-15.09.947.6783594/nixos/nixpkgs/lib/attrsets.nix:78:29,
called from undefined position:
while evaluating anonymous function at

[Nix-dev] Basic string functions in nixops

[4levels]

Dear Nix Devs,

I'm currently looking (again) for the basic string functions.
Use case: I need to limit a parametric string's length to maximum 16
characters (indeed, MySql usernames cannot be longer than 16 characters).

Any hints in the right direction to substring a string in case it is longer
than 16 chars are greatly appreciated ;-)

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Basic string functions in nixops

[4levels]

Hi guys,

Thank you for the great responses (as usual)!
To be helped by the master himself feels like a privilege ;-)

I'm about to try this (or tomorrow morning first thing). I'm curious what
happens if the string is shorter than 16 chars..

Thanks again, imo this is the biggest asset for Nixos, this super helpful
community and willing people, thumbs-up to all of you!

Kind regards,

Erik

On Mon, Jan 25, 2016, 18:08 Eelco Dolstra <eelco.dols...@logicblox.com>
wrote:

> Hi,
>
> On 25/01/16 17:16, 4levels wrote:
>
> > I'm currently looking (again) for the basic string functions.
> > Use case: I need to limit a parametric string's length to maximum 16
> characters
> > (indeed, MySql usernames cannot be longer than 16 characters).
> >
> > Any hints in the right direction to substring a string in case it is
> longer than
> > 16 chars are greatly appreciated ;-)
>
> builtins.substring 0 16 "blabla..."
>
> --
> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Best way to store strong passwords in nix configuration file

[4levels]

Hi Markus, Guillaume and Fabian

first of all, thank you all for your productive replies!
I have resorted for now to use passwords without any special and unicode
characters (as that might have been the actual issue here).
Moving the password to different files seems a bit difficult as I need them
to generate config files for various applications, and I need a lot of them
(for each client I easily have 10 different passwords / keys).
As soon as I managed to get stronger passwords to work, I'll be glad to
report back here how I did it ;-)

Kind regards and keep up the great attitude, you guys rock!

Erik

On Wed, Jan 13, 2016 at 3:16 PM Fabian Schmitthenner <
fab...@schmitthenner.eu> wrote:

> Hi Erik,
>
> besides " and \ also ${ needs to be escaped as written in the manual
> (https://nixos.org/nix/manual/ Section 15.1).
>
> Fabian
>
> On 01/12/2016 03:48 PM, 4levels wrote:
> > Hi Nix Devs,
> >
> > I'm really struggling to get strong passwords correctly parsed in my nix
> > configuration files.  I keep getting errors about unexpected $end or
> > $undefined at wrong places (eg. there is no $ or ; anywhere near the
> > reported failure).
> > Deleting the passwords from the nix config file solves this, so the
> > error is definitely related to the contents of these strings.
> >
> > I'm using a random password generator to create strong passwords, like
> > ETrai_5{h'aG,MQ:
> > I've tried writing them with double quotes, double single quotes and
> > single quotes, with and without escaping, all to no avail.  I also can't
> > seem to find a list of the characters that should be escaped (I only see
> > " and \ and those are not in those passwords.
> >
> > Do you have any tips on how to store many different strong password and
> > use it in nix configuration files?  I need those passwords to be in an
> > object structure so I can build custom config files from them.
> >
> > For the record, I'm using git-crypt to prevent these files from being
> > read by unauthorized clients / people
> >
> > Kind regards,
> >
> > Erik
> >
> >
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Best way to store strong passwords in nix configuration file

[4levels]

Hi Nix Devs,

I'm really struggling to get strong passwords correctly parsed in my nix
configuration files.  I keep getting errors about unexpected $end or
$undefined at wrong places (eg. there is no $ or ; anywhere near the
reported failure).
Deleting the passwords from the nix config file solves this, so the error
is definitely related to the contents of these strings.

I'm using a random password generator to create strong passwords, like
ETrai_5{h'aG,MQ:
I've tried writing them with double quotes, double single quotes and single
quotes, with and without escaping, all to no avail.  I also can't seem to
find a list of the characters that should be escaped (I only see " and \
and those are not in those passwords.

Do you have any tips on how to store many different strong password and use
it in nix configuration files?  I need those passwords to be in an object
structure so I can build custom config files from them.

For the record, I'm using git-crypt to prevent these files from being read
by unauthorized clients / people

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Basic commands not found in shell script when run from systemd

[4levels]

Hi Nix Devs,

I've created a bash script that does a duplicity backup to an s3 instance
(but this is trivial).  When I run the script from cli, it works as
expected, but when this script is called from a systemd timer, I do get all
kind of errors about basic binaries not being found when using subshell
commands, like eg

HOST=$(hostname) # (or HOST=`hostname`)

The errors are like these:
hostname: command not found
ps: command not found
awk ..
sendmail ..

Any ideas on what's going on so I can solve this and have this script
running correctly when started by systemd?

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Basic commands not found in shell script when run from systemd

[4levels]

Hi Domen,

Thank you for your quick reply, much appreciated!
Do I understand it correctly, if I put this line in the systemd
configuration

path = [ pkgs.procps pkgs.gawk pkgs.nettools pkgs.mysql pkgs.php
pkgs.duplicity];

I don't need to write the following inside the script itself?
script =

''
  export PATH="$PATH:${config.services.mysql.package}/bin"

  ...

Kind regards,

Erik

On Wed, Dec 30, 2015 at 1:47 PM Domen Kožar <do...@dev.si> wrote:

> path = [ pkgs.procps pkgs.gawk pkgs.nettools ];
>
> On Wed, Dec 30, 2015 at 1:43 PM, 4levels <4lev...@gmail.com> wrote:
>
>> Hi Nix Devs,
>>
>> I've created a bash script that does a duplicity backup to an s3 instance
>> (but this is trivial).  When I run the script from cli, it works as
>> expected, but when this script is called from a systemd timer, I do get all
>> kind of errors about basic binaries not being found when using subshell
>> commands, like eg
>>
>> HOST=$(hostname) # (or HOST=`hostname`)
>>
>> The errors are like these:
>> hostname: command not found
>> ps: command not found
>> awk ..
>> sendmail ..
>>
>> Any ideas on what's going on so I can solve this and have this script
>> running correctly when started by systemd?
>>
>> Kind regards,
>>
>> Erik
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Basic commands not found in shell script when run from systemd

[4levels]

That sounds fantastic,

I've updated the timer declarations, waiting for the first successfull
backup to appear in AWS ;-)

Thanks a lot!

Erik

On Wed, Dec 30, 2015 at 2:02 PM Domen Kožar <do...@dev.si> wrote:

> Yes :)
>
> On Wed, Dec 30, 2015 at 2:00 PM, 4levels <4lev...@gmail.com> wrote:
>
>> Hi Domen,
>>
>> Thank you for your quick reply, much appreciated!
>> Do I understand it correctly, if I put this line in the systemd
>> configuration
>>
>> path = [ pkgs.procps pkgs.gawk pkgs.nettools pkgs.mysql pkgs.php 
>> pkgs.duplicity];
>>
>> I don't need to write the following inside the script itself?
>> script =
>>
>> ''
>>   export PATH="$PATH:${config.services.mysql.package}/bin"
>>
>>   ...
>>
>> Kind regards,
>>
>> Erik
>>
>> On Wed, Dec 30, 2015 at 1:47 PM Domen Kožar <do...@dev.si> wrote:
>>
>>> path = [ pkgs.procps pkgs.gawk pkgs.nettools ];
>>>
>>> On Wed, Dec 30, 2015 at 1:43 PM, 4levels <4lev...@gmail.com> wrote:
>>>
>>>> Hi Nix Devs,
>>>>
>>>> I've created a bash script that does a duplicity backup to an s3
>>>> instance (but this is trivial).  When I run the script from cli, it works
>>>> as expected, but when this script is called from a systemd timer, I do get
>>>> all kind of errors about basic binaries not being found when using subshell
>>>> commands, like eg
>>>>
>>>> HOST=$(hostname) # (or HOST=`hostname`)
>>>>
>>>> The errors are like these:
>>>> hostname: command not found
>>>> ps: command not found
>>>> awk ..
>>>> sendmail ..
>>>>
>>>> Any ideas on what's going on so I can solve this and have this script
>>>> running correctly when started by systemd?
>>>>
>>>> Kind regards,
>>>>
>>>> Erik
>>>>
>>>> ___
>>>> nix-dev mailing list
>>>> nix-dev@lists.science.uu.nl
>>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>>
>>>>
>>>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Escape ${ in multiline string

[4levels]

Great, that did the trick!

To bad I couldn't find this info myself, thanks a lot for your swift
replies!

Kind regards,

Erik

On Tue, Dec 29, 2015 at 1:22 PM Bjørn Forsman <bjorn.fors...@gmail.com>
wrote:

> On 29 December 2015 at 13:05, 4levels <4lev...@gmail.com> wrote:
> > Hi Nix Devs,
> >
> > I'm currently struggling to create a bash script within a nix multiline
> > string, terminted by double single quotes.
> >
> > In the bash script, I need to put ${} statements but this is throwing
> > compile errors (Undefined variable error).  I've tried escaping the $
> sign
> > with a backslash, but that doesn't help.  I also tried escaping with a
> > double backslash, same result.
> >
> > Any ideas? Should I rewrite the bash script to not use the ${ statements?
> >
> > Kind regards,
> >
> > code example
> >   s3Backup = name:
> >   ''
> > ...
> > DAILYLOGFILE="/var/log/duplicity/backup.log"
> > ...
> > # Clear the old daily log file
> > cat /dev/null > ${DAILYLOGFILE}  // -> compile error: undefined
> > variable DAILYLOGFILE
> > ...
> >   '';
>
> Try with two single quotes in front of ${DAILYLOGFILE}:
>
>   ''${DAILYLOGFILE}
>
> It is documented here, in the "simple values" section:
>
>   http://nixos.org/nix/manual/#ssec-values
>
> Best regards,
> Bjørn Forsman
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Escape ${ in multiline string

[4levels]

Hi Nix Devs,

I'm currently struggling to create a bash script within a nix multiline
string, terminted by double single quotes.

In the bash script, I need to put ${} statements but this is throwing
compile errors (Undefined variable error).  I've tried escaping the $ sign
with a backslash, but that doesn't help.  I also tried escaping with a
double backslash, same result.

Any ideas? Should I rewrite the bash script to not use the ${ statements?

Kind regards,

code example
  s3Backup = name:
  ''
...
DAILYLOGFILE="/var/log/duplicity/backup.log"
...
# Clear the old daily log file
cat /dev/null > ${DAILYLOGFILE}  // -> compile error: undefined
variable DAILYLOGFILE
...
  '';


Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] New NixOS Logo T-Shirts

[4levels]

Great initiative!

Can you also make a 2nd version with the lightly shaded version of the new
logo (aka the gradient version)?  I'd be all like "shut up and take my
money" ;-)

I'm nowhere even near to understand much about NixOs but I'm a big fan
because of NixOps and how it's revolutionizing my deploys..

Take care and let me know if you do plan on having other T's out there!

Erik

On Fri, Oct 23, 2015 at 5:46 PM Tristan Hume  wrote:

> I would except I’m a Canadian student and flying to NixCon would be
> absurdly expensive for me.
> I’m really hoping that the NixCon videos are posted on YouTube afterwards
> because some of the talks look really interesting and I would love to watch
> them.
>
> Instead you can just order one online, I set them to ship from Europe
> since I was told the majority of Nixers live there.
> Also, they aren’t guaranteed to arrive in time for NixCon. If you live
> close by other NixOS users though, you could order multiple and sell them
> yourself!
>
> - Tristan
>
> On Oct 23, 2015, at 11:38 AM, Hajo Möller  wrote:
>
> Tristan,
> very nice! How about ordering some for NixCon and maybe sell them there?
>
> --
> Regards,
> Hajo Möller
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Issue with switch --upgrade

[4levels]

Hi Eelco,

thank you very much, the manual removal of the cached files was indeed
required over here..

Kind regards,

Erik

On Tue, Oct 6, 2015 at 11:18 PM Eelco Dolstra <eelco.dols...@logicblox.com>
wrote:

> Hi,
>
> On 06/10/15 15:28, 4levels wrote:
>
> > since today I'm always running into the following error when running
> > nixos-rebuild switch --upgrade:
> >
> > error: some substitutes for the outputs of derivation
> > ‘/nix/store/q5wlvv6xrdi366hq0c9qd6ajzizqfix8-linux-3.18.22.drv’ failed
> (usually
> > happens due to networking issues); try ‘--fallback’ to build derivation
> from source
>
> This has been fixed, but you probably will need to do:
>
>   $ sudo rm /nix/var/nix/binary-cache-v3.sqlite*
>
> to get rid of locally cached bad .narinfo files.
>
> --
> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Issue with switch --upgrade

[4levels]

Hi Nix Devs,

since today I'm always running into the following error when running
nixos-rebuild switch --upgrade:

error: some substitutes for the outputs of derivation
‘/nix/store/q5wlvv6xrdi366hq0c9qd6ajzizqfix8-linux-3.18.22.drv’ failed
(usually happens due to networking issues); try ‘--fallback’ to build
derivation from source

I can see the command downloading the kernel package without problems, but
everytime it ends with the error message above.

Providing the --fallback parameter does trigger a manual build of the
kernel, but this is quiet a lengthy process, especially since I run nixos
in a rather small VM.

Is there anything wrong with the binary package?

Kind regards,

Erik aka 4levels
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Issue with switch --upgrade

[4levels]

Waw,

what a quick reply!  Thank you for looking into this and your prompt reply.

Kind regards,

Erik

On Tue, Oct 6, 2015 at 3:35 PM Eelco Dolstra <eelco.dols...@logicblox.com>
wrote:

> Hi,
>
> On 06/10/15 15:28, 4levels wrote:
>
> > since today I'm always running into the following error when running
> > nixos-rebuild switch --upgrade:
> >
> > error: some substitutes for the outputs of derivation
> > ‘/nix/store/q5wlvv6xrdi366hq0c9qd6ajzizqfix8-linux-3.18.22.drv’ failed
> (usually
> > happens due to networking issues); try ‘--fallback’ to build derivation
> from source
>
> Yeah, we have some corrupt binaries in the cache due to a full disk. I'm
> currently cleaning them up.
>
> --
> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Help with setup php xdebug

[4levels]

Dear Nix Devs,

I'm somewhat struggling to enable the php-xdebug extension in php.
I did manage to get the extension installed but the php interpreter itself
seems to ignore its existence.

I did find some topics on this and as a workaround I could specify a custom
php-ini file but I was wondering if there is no better way.  Shouldn't just
installing the php-package xdebug also enable it by default?

I'm not using apache but nginx with php-fpm as webserver so the httpd
options seem unusable.  I also can't seem to add options to php in the
php-fpm pool config, to load the extension and set some xdebug params.

Any advice on how to go about this?  I'd love to see php compiled with
xdebug so I can use the phpunit code coverage reports.

So php with xdebug - how to?

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Help with setup php xdebug

[4levels]

Hi Guillaume,

I haven't figured out what I did wrong, but now it works!  A custom php.ini
is generated using your first approach and being used by php-fpm!  I
managed to add both xdebug and apc, here's my final phpIni setting.

Thank you so much for providing me the much needed info!

Kind regards,

Erik

  ...

  # Custom PHP ini file for xdebug / apc
  services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
  date.timezone = Europe/Brussels
  zend_extension =
"${pkgs.phpPackages.xdebug}/lib/php/extensions/xdebug.so"
  extension = "${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so"
  max_execution_time = 30
  post_max_size = 100M
  upload_max_size = 100M
  upload_max_filesize = 20M
  memory_limit = 256M
  apc.enable = 1
  xdebug.remote_enable = true
  xdebug.remote_host = 127.0.0.1
  xdebug.remote_port = 9000
  xdebug.remote_handler = dbgp
  xdebug.profiler_enable = 0
  xdebug.profiler_output_dir = "/tmp/xdebug"
  xdebug.remote_mode = req
'';
  }
  ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out
  '';

  services.phpfpm.poolConfigs = ..

On Tue, Sep 29, 2015 at 3:44 PM Guillaume Maudoux (Layus) <
layus...@gmail.com> wrote:

> Hi Erik,
>
> AFAIK, that should be enough and your setup should be correct.
> How do you know phpfpm does not use your file ?
>
> You can use `systemctl cat phpfpm.service` to see what command is used to
> start phpfpm and what php.ini file is used.
>
> Guillaume.
>
> Le 29/09/15 14:50, 4levels a écrit :
>
> Hi Guillaume,
>
> I've tried adding your approach to the phpfpm config as follows and a
> php.ini file is now being generated in the store with the added values from
> the function call, great!
> I just don't see at the moment how I can tell phpfpm to use that file
> instead of the default php-recommend.ini.  I'm pretty sure I'm overlooking
> something, hopefully someone here spots the issue easily ;-)
>
> This is what I have in /etc/nixos/configuration.nix
>
>   ...
>
>   # PHP FPM
>   services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
> options = ''
>   date.timezone = Europe/Brussels
>   extension = "${pkgs.phpPackages.xdebug}/lib/php/extensions/xdebug.so"
>   max_execution_time = 30
>   post_max_size = 100M
>   upload_max_size = 100M
>   upload_max_filesize = 20M
>   memory_limit = 256M
>   xdebug.remote_enable = true
>   xdebug.remote_host = 127.0.0.1
>   xdebug.remote_port = 9000
>   xdebug.remote_handler = dbgp
>   xdebug.profiler_enable = 0
>   xdebug.profiler_output_dir = "/tmp/xdebug"
>   xdebug.remote_mode = req
> '';
>   }
>   ''
> cat ${pkgs.php}/etc/php-recommended.ini > $out
> echo "$options" >> $out
>   '';
>
>   services.phpfpm.poolConfigs = { ...
>
> On Tue, Sep 29, 2015 at 1:14 PM 4levels <4lev...@gmail.com> wrote:
>
>> Hi Guillaume,
>>
>> Thanks for your reply and hint on regenerating the php.ini file, I'l try
>> that right away.
>> I do see the issues with what you described in other packages being
>> modified by installing a subpackage, but isn't that normal in a dependency
>> relation between php and xdebug?  How do the other php packages accomplish
>> this?  Eg. the same goes for apcu as well: the package can be installed and
>> configured but is never being used by php (neither in cli or via fpm).
>>
>> Providing a hook into the phpIni generation definitely looks like the way
>> to go to me.  This could then be used in the various php packages that need
>> php.ini options to be adjusted.
>>
>> For clarification: I'm nowhere near even understanding how nixos works,
>> let alone write my own packages, I'm just trying to setup a valid
>> configuration for an nginx / phpfpm / lumen/laravel server..  so it's very
>> possible that I'm making wrong assumptions!
>>
>> Kind regards et merci beaucoup,
>>
>> Erik
>>
>> On Tue, Sep 29, 2015 at 10:25 AM Guillaume Maudoux (Layus) <
>> layus...@gmail.com> wrote:
>>
>>> Dear Erik,
>>>
>>> I am no expert on this topic, but it seems to me that writing a custom
>>> phpIni is the way to go.
>>> For example, I have the following code in my config, which mimics the
>>> default phpIni generation.
>>>
>>>phpIni = pkgs.runCommand "php.ini"
>>>  {
>>>options = ''
>>> extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
>>>  max_ex

Re: [Nix-dev] Help with setup php xdebug

[4levels]

Just to add,

I'm currently trying this approach as well:
http://permalink.gmane.org/gmane.linux.distributions.nixos/17023

So close..

Kind regards,

Erik

On Tue, Sep 29, 2015 at 2:50 PM 4levels <4lev...@gmail.com> wrote:

> Hi Guillaume,
>
> I've tried adding your approach to the phpfpm config as follows and a
> php.ini file is now being generated in the store with the added values from
> the function call, great!
> I just don't see at the moment how I can tell phpfpm to use that file
> instead of the default php-recommend.ini.  I'm pretty sure I'm overlooking
> something, hopefully someone here spots the issue easily ;-)
>
> This is what I have in /etc/nixos/configuration.nix
>
>   ...
>
>   # PHP FPM
>   services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
> options = ''
>   date.timezone = Europe/Brussels
>   extension = "${pkgs.phpPackages.xdebug}/lib/php/extensions/xdebug.so"
>   max_execution_time = 30
>   post_max_size = 100M
>   upload_max_size = 100M
>   upload_max_filesize = 20M
>   memory_limit = 256M
>   xdebug.remote_enable = true
>   xdebug.remote_host = 127.0.0.1
>   xdebug.remote_port = 9000
>   xdebug.remote_handler = dbgp
>   xdebug.profiler_enable = 0
>   xdebug.profiler_output_dir = "/tmp/xdebug"
>   xdebug.remote_mode = req
> '';
>   }
>   ''
> cat ${pkgs.php}/etc/php-recommended.ini > $out
> echo "$options" >> $out
>   '';
>
>   services.phpfpm.poolConfigs = { ...
>
> On Tue, Sep 29, 2015 at 1:14 PM 4levels <4lev...@gmail.com> wrote:
>
>> Hi Guillaume,
>>
>> Thanks for your reply and hint on regenerating the php.ini file, I'l try
>> that right away.
>> I do see the issues with what you described in other packages being
>> modified by installing a subpackage, but isn't that normal in a dependency
>> relation between php and xdebug?  How do the other php packages accomplish
>> this?  Eg. the same goes for apcu as well: the package can be installed and
>> configured but is never being used by php (neither in cli or via fpm).
>>
>> Providing a hook into the phpIni generation definitely looks like the way
>> to go to me.  This could then be used in the various php packages that need
>> php.ini options to be adjusted.
>>
>> For clarification: I'm nowhere near even understanding how nixos works,
>> let alone write my own packages, I'm just trying to setup a valid
>> configuration for an nginx / phpfpm / lumen/laravel server..  so it's very
>> possible that I'm making wrong assumptions!
>>
>> Kind regards et merci beaucoup,
>>
>> Erik
>>
>> On Tue, Sep 29, 2015 at 10:25 AM Guillaume Maudoux (Layus) <
>> layus...@gmail.com> wrote:
>>
>>> Dear Erik,
>>>
>>> I am no expert on this topic, but it seems to me that writing a custom
>>> phpIni is the way to go.
>>> For example, I have the following code in my config, which mimics the
>>> default phpIni generation.
>>>
>>>phpIni = pkgs.runCommand "php.ini"
>>>  {
>>>options = ''
>>> extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
>>>  max_execution_time = 30
>>>  post_max_size = 100M
>>>  upload_max_size = 100M
>>>  upload_max_filesize = 20M
>>>  memory_limit = 256M
>>>'';
>>>  }
>>>  ''
>>>cat ${pkgs.php}/etc/php-recommended.ini > $out
>>>echo "$options" >> $out
>>>  '';
>>>
>>> It would not be the NixOS way to allow a newly installed package to
>>> modify the behaviour of another package.
>>> What if using the new extension suddenly breaks another server ?
>>> In fact, if PHP needs to be modified and rebuilt with php-xdebug as a
>>> dependency to account for it.
>>> (Of course, PHP could also load all the extensions in
>>> /var/lib/php/extensions of such, but that is precisely what NixOS tries
>>> to avoid.)
>>>
>>> Still, I agree that the phpIni creation could be turned into an helper
>>> (maybe pkgs.php.customPhpIni {extraOptions = ''...'';}).
>>>
>>> Best regards,
>>> Guillaume.
>>>
>>> PS: This is just one instance of a larger problem.
>>> For example, newly installed latex packages are expected to be
>>> accessible to pdflatex right after their install.
>>> But t

Re: [Nix-dev] Help with setup php xdebug

[4levels]

Hi Guillaume,

I've tried adding your approach to the phpfpm config as follows and a
php.ini file is now being generated in the store with the added values from
the function call, great!
I just don't see at the moment how I can tell phpfpm to use that file
instead of the default php-recommend.ini.  I'm pretty sure I'm overlooking
something, hopefully someone here spots the issue easily ;-)

This is what I have in /etc/nixos/configuration.nix

  ...

  # PHP FPM
  services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
  date.timezone = Europe/Brussels
  extension = "${pkgs.phpPackages.xdebug}/lib/php/extensions/xdebug.so"
  max_execution_time = 30
  post_max_size = 100M
  upload_max_size = 100M
  upload_max_filesize = 20M
  memory_limit = 256M
  xdebug.remote_enable = true
  xdebug.remote_host = 127.0.0.1
  xdebug.remote_port = 9000
  xdebug.remote_handler = dbgp
  xdebug.profiler_enable = 0
  xdebug.profiler_output_dir = "/tmp/xdebug"
  xdebug.remote_mode = req
'';
  }
  ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out
  '';

  services.phpfpm.poolConfigs = { ...

On Tue, Sep 29, 2015 at 1:14 PM 4levels <4lev...@gmail.com> wrote:

> Hi Guillaume,
>
> Thanks for your reply and hint on regenerating the php.ini file, I'l try
> that right away.
> I do see the issues with what you described in other packages being
> modified by installing a subpackage, but isn't that normal in a dependency
> relation between php and xdebug?  How do the other php packages accomplish
> this?  Eg. the same goes for apcu as well: the package can be installed and
> configured but is never being used by php (neither in cli or via fpm).
>
> Providing a hook into the phpIni generation definitely looks like the way
> to go to me.  This could then be used in the various php packages that need
> php.ini options to be adjusted.
>
> For clarification: I'm nowhere near even understanding how nixos works,
> let alone write my own packages, I'm just trying to setup a valid
> configuration for an nginx / phpfpm / lumen/laravel server..  so it's very
> possible that I'm making wrong assumptions!
>
> Kind regards et merci beaucoup,
>
> Erik
>
> On Tue, Sep 29, 2015 at 10:25 AM Guillaume Maudoux (Layus) <
> layus...@gmail.com> wrote:
>
>> Dear Erik,
>>
>> I am no expert on this topic, but it seems to me that writing a custom
>> phpIni is the way to go.
>> For example, I have the following code in my config, which mimics the
>> default phpIni generation.
>>
>>phpIni = pkgs.runCommand "php.ini"
>>  {
>>options = ''
>> extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
>>  max_execution_time = 30
>>  post_max_size = 100M
>>  upload_max_size = 100M
>>  upload_max_filesize = 20M
>>  memory_limit = 256M
>>'';
>>  }
>>  ''
>>cat ${pkgs.php}/etc/php-recommended.ini > $out
>>echo "$options" >> $out
>>  '';
>>
>> It would not be the NixOS way to allow a newly installed package to
>> modify the behaviour of another package.
>> What if using the new extension suddenly breaks another server ?
>> In fact, if PHP needs to be modified and rebuilt with php-xdebug as a
>> dependency to account for it.
>> (Of course, PHP could also load all the extensions in
>> /var/lib/php/extensions of such, but that is precisely what NixOS tries
>> to avoid.)
>>
>> Still, I agree that the phpIni creation could be turned into an helper
>> (maybe pkgs.php.customPhpIni {extraOptions = ''...'';}).
>>
>> Best regards,
>> Guillaume.
>>
>> PS: This is just one instance of a larger problem.
>> For example, newly installed latex packages are expected to be
>> accessible to pdflatex right after their install.
>> But this means that pdflatex needs to be modified and rebuilt to account
>> for the new dependency ;-).
>>
>>
>> Le 29/09/15 09:52, 4levels a écrit :
>> > Dear Nix Devs,
>> >
>> > I'm somewhat struggling to enable the php-xdebug extension in php.
>> > I did manage to get the extension installed but the php interpreter
>> > itself seems to ignore its existence.
>> >
>> > I did find some topics on this and as a workaround I could specify a
>> > custom php-ini file but I was wondering if there is no better way.
>> > Shouldn't just installing the php-package xdebug also enable it by
>> > d

[Nix-dev] virt-install --os-variant listing nixos

[4levels]

Hi Nix Devs,

what does it take to have nixos listed as a known os variant when using
virt-install to run a nixos vm?

The command to list all known variants is *osinfo-query os* in Fedora21
(I've seen *virt-install --os-variant list* as well but that doesn't seem
to work with F21)

According to the man pages of virt-install it is highly recommended to
specify the os-variant, right now I have to omit this parameter as none of
the listed os'es seem to match.

Kind regards,

Erik
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev