Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-17 Thread Profpatsch 
On 17-05-16 04:43pm, zimbatm wrote:
> How do you find back which git revision was used to produce a given NixOS
> profile?

In my case it’s built by a hydra and the system name contains a hash.

> 
> Maybe nixos-rebuild should be extended to include that in the revision
> name, and if the git repo is dirty.

You need to include all used paths.
So it’s probably best to write out a file like:

- : 
source: /home/philip/vuizvui
type: git
git:
  dirty: yes
  rev: 32847298abc
hash:
  type: sha256
  hash: deadbeef

- :
source: https://cache.nixos.org/…/nixpkgs.tar.gz
type: tgz
tgz:
  …
hash:
  …

- system:
source: user@machine
type: arg
arg:
  type: string
  val: "x86_64-linux"


Something like that.
YAML because I had to write it by hand.

-- 
Proudly written in Mutt with Vim on NixOS.
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
May take up to five days to read your message. If it’s urgent, call me.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-16 Thread Bas van Dijk 
Op 16 mei 2017 18:43 schreef "zimbatm" :

How do you find back which git revision was used to produce a given NixOS
profile?

At LumiGuide I use the following module for that:

{ config, lib, ... }:

with lib;

{
  options.system = {
lumiRevision = mkOption {
  internal = true;
  type = types.str;
  default = lib.commitIdFromGitRepo ;
  description = ''
The git revision of the lumi repository that was used to
configure this machine.
  '';
};
  };
  config = {
environment.etc."lumi-revision".text = config.system.lumiRevision;

system.nixosLabel = "nixos-" + config.system.nixosVersion
  + "_lumi-" + config.system.lumiRevision;
  };
}


On Sat, 13 May 2017, 14:34 Profpatsch,  wrote:

> On 17-05-13 12:25pm, Layus wrote:
> > On 13/05/17 12:14, Leo Gaspard wrote:
> > See the previous ML discussion on that topic where we proposed to keep it
> > opt-in, but with an apt-out config line in the default configuration.nix.
> > This may already be implemented.
>
> The ones who don’t keep their sources under version control
> deserve their eventual fate.
>
> Seriously, copying & pasting default templates around
> is not a good idea.
> I haven’t seen a “default” configuration.nix (whatever that is)
> in more than 1.5 years.
>
> We already have the firewall enabled by default,
> even that has been a major discussion,
> because for everything that is implicit
> you have to remember to turn it off.
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-16 Thread Linus Heckemann 
On 16/05/17 17:43, zimbatm wrote:
> How do you find back which git revision was used to produce a given
> NixOS profile?
> 
> Maybe nixos-rebuild should be extended to include that in the revision
> name, and if the git repo is dirty.

I'm planning to implement the reverse approach on my system: have some
sort of rebuild hook commit the state of the repo to a separate branch
and include useful information (nixpkgs version, derivation hash of the
resulting system) in the commit message. This allows greater
reproducibility and provides far more helpful information (a snapshot of
the full config) than simply "repo was dirty".

I'll reply if/when I get this working.

Linus
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-16 Thread zimbatm 
How do you find back which git revision was used to produce a given NixOS
profile?

Maybe nixos-rebuild should be extended to include that in the revision
name, and if the git repo is dirty.

On Sat, 13 May 2017, 14:34 Profpatsch,  wrote:

> On 17-05-13 12:25pm, Layus wrote:
> > On 13/05/17 12:14, Leo Gaspard wrote:
> > See the previous ML discussion on that topic where we proposed to keep it
> > opt-in, but with an apt-out config line in the default configuration.nix.
> > This may already be implemented.
>
> The ones who don’t keep their sources under version control
> deserve their eventual fate.
>
> Seriously, copying & pasting default templates around
> is not a good idea.
> I haven’t seen a “default” configuration.nix (whatever that is)
> in more than 1.5 years.
>
> We already have the firewall enabled by default,
> even that has been a major discussion,
> because for everything that is implicit
> you have to remember to turn it off.
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-13 Thread Profpatsch 
On 17-05-13 12:25pm, Layus wrote:
> On 13/05/17 12:14, Leo Gaspard wrote:
> See the previous ML discussion on that topic where we proposed to keep it
> opt-in, but with an apt-out config line in the default configuration.nix.
> This may already be implemented.

The ones who don’t keep their sources under version control 
deserve their eventual fate.

Seriously, copying & pasting default templates around
is not a good idea.
I haven’t seen a “default” configuration.nix (whatever that is)
in more than 1.5 years.

We already have the firewall enabled by default,
even that has been a major discussion,
because for everything that is implicit
you have to remember to turn it off.

-- 
Proudly written in Mutt with Vim on NixOS.
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
May take up to five days to read your message. If it’s urgent, call me.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-13 Thread Layus 

On 13/05/17 12:14, Leo Gaspard wrote:

On 05/13/2017 05:28 AM, Stefan Huchler wrote:

[...]
Do you know the reason why it defaults to false, cant think of any
disadvantage of that functionality. I mean nixos eats harddrive like
nearly no other distro. So saving space cant be the reason.

Some sort of privacy concern?

With https://github.com/NixOS/nix/issues/8 solved, there will be
possibility to have password in the configuration that won't be
world-readable. In this context, copying the configuration.nix would
make world-readable again, which in case of passwords can hurt security
a lot.

At least that's the only reason I can think of.

HTH,
Leo
The way this option is implemented makes it impossible to activate by 
default for hydra test builds.
In most autamated setups like that, the bare module system is used, and 
there is no configuration.nix involved.


Jry to temporarilly move configuration.nix somewhere else, and you will 
see that nixos-rebuild fails verbosely :-).
See the previous ML discussion on that topic where we proposed to keep 
it opt-in, but with an apt-out config line in the default configuration.nix.

This may already be implemented.

Regards,

-- Layus.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-13 Thread Leo Gaspard 
On 05/13/2017 05:28 AM, Stefan Huchler wrote:
> [...]
> Do you know the reason why it defaults to false, cant think of any
> disadvantage of that functionality. I mean nixos eats harddrive like
> nearly no other distro. So saving space cant be the reason.
> 
> Some sort of privacy concern?

With https://github.com/NixOS/nix/issues/8 solved, there will be
possibility to have password in the configuration that won't be
world-readable. In this context, copying the configuration.nix would
make world-readable again, which in case of passwords can hurt security
a lot.

At least that's the only reason I can think of.

HTH,
Leo



signature.asc
Description: OpenPGP digital signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-12 Thread Danylo Hlynskyi 
Anotther solution shown in
https://mailman.science.uu.nl/pipermail/nix-dev/2017-April/023403.html
which has an advantage of copying related modules (assuming they belong to
same folder as configuration.nix)

2017-05-13 6:28 GMT+03:00 Stefan Huchler :

> Tomasz Czyż  writes:
>
> > https://nixos.org/nixos/options.html#configuration+copy
>
> Thanks nice, could not belive that I am the first "genieus" that thought
> on that.
>
> Do you know the reason why it defaults to false, cant think of any
> disadvantage of that functionality. I mean nixos eats harddrive like
> nearly no other distro. So saving space cant be the reason.
>
> Some sort of privacy concern?
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-12 Thread Stefan Huchler 
Tomasz Czyż  writes:

> https://nixos.org/nixos/options.html#configuration+copy

Thanks nice, could not belive that I am the first "genieus" that thought
on that.

Do you know the reason why it defaults to false, cant think of any
disadvantage of that functionality. I mean nixos eats harddrive like
nearly no other distro. So saving space cant be the reason.

Some sort of privacy concern?

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-12 Thread Tomasz Czyż 
https://nixos.org/nixos/options.html#configuration+copy

2017-05-12 22:57 GMT+01:00 Stefan Huchler :

> Hi,
>
> I find it always strange, that when I revert back or boot a older
> version of nixos, the configuration file has no version that reflected
> that version. So I have to seperatly have to backup the
> configuration.nix file.
>
> Could there not be at least a backup of the config used in that
> generation somewhere (or is there somewhere one) when you build a
> generation?
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>



-- 
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] why has each revision / generation not a own configuration.nix

2017-05-12 Thread Stefan Huchler 
Hi,

I find it always strange, that when I revert back or boot a older
version of nixos, the configuration file has no version that reflected
that version. So I have to seperatly have to backup the
configuration.nix file.

Could there not be at least a backup of the config used in that
generation somewhere (or is there somewhere one) when you build a
generation?

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev