<atw>Hello! I'd like to use mcron to automate backups. https://paste.debian.net/1004398/ is what I've got. How can I run a gexp like (backup-home "me")? I think I want to use gexp->derivation, but after that, I've been unsuccessful with run-with-store and similar.
<atw>civodul: thanks! what about taking the gexp that (backup-home "me") evaluates to and causing it to run via the REPL? I'd like to test the command, and sometimes I may want to cause a backup manually.
<sneek>I've heard freedom is not the right to slavery
<quiliro>shiranaihito: i'm just playing with sneek !
<shiranaihito>ok, can someone tell me if system configs can be applied "incrementally"? like, if i first "guix system init" with a "minimal" config, and then do a "guix system reconfigure" with another config file that defines services.. is that ok?
<shiranaihito>i mean, will guix just add the stuff from the second file, while keeping everything defined in the first file?
<quiliro>what is the end objective you search for in this incremental intention?
<quiliro>if it would be incremental, you would have to specify what to remove
<quiliro>since it is not, you must detail everything you want for the common system
<quiliro>i would like to help you but i do not understand why you need it to be incremental
<shiranaihito>quiliro the idea was to install postgresql and nginx separately, so that i wouldn't have to see their error messages about missing files and stuff when booting into a newly installed systen
<DamienCassou>I'm evaluating the possibility to use Guix as my main OS to replace Fedora. I have used NixOS for 2 years and loved it. I eventually gave up because many small things were not working good enough. I plan to change my WM to something much simpler than Gnome and I see that as an opportunity to go back to NixOS. But I could also try Guix. What do you think?
<shiranaihito>ok, so.. it seems that a "system init" won't go through without a certificate configured for nginx already being in place, on an installation that doesn't exist yet.. but the last time i tried, a "system reconfigure" wen't through without it
<shiranaihito>i wish whatever installs nginx weren't so strict about this when it doesn't really make sense (yet, at least)
<shiranaihito>.. and i'm supposed to have everything in one system config, but it can't be installed now, it seems
<shiranaihito>what do people typically do when they use nginx in a system config and want to set up SSL too?
<shiranaihito>.. or am i boldly going where no man has gone before? :p
<shiranaihito>and i don't get it.. it seems to me like guix's behaviour changes over time, even though i'm using the exact same installation image
<shiranaihito>can i "read" guile source from another file, into a system config in a specific place? so maybe i could have the nginx stuff in a separate file and read it in to make a "full" system config, after doing "system init" without nginx
<shiranaihito>and it's basically a workaround to a problem that shouldn't exist
<shiranaihito>as for "being functional", the nginx config can be perfectly functional without erroring out on a missing certificate - maybe you roll back to a previous version and then the location where nginx will look for a cert changes!! --> still functional!
<str1ngs>if the cert does not exist. then no it does not function :P
<str1ngs>also rollbacks break when you hardcode config paths . I wont get into that now though
<shiranaihito>snape i'm running guix pull now on my VM, but again, i'm just trying stuff out while scraping together a system config for running a SaaS app
<snape>I don't think you will have the issue after a git pull
<str1ngs>shiranaihito: "Non-standard ports can be indicated by enclosing the host name with square brackets and following with a colon and the port number. Here are three examples referring to hosts listening for SSH on non-standard ports:"
<snape>thus, with a guix pull, you'll get it fixed
<shiranaihito>"If nginx is configured with a ssl-certificate file, and ssl-certificate-key, it will fail to start unless these exist. To avoid this happening, change the default to #f." <-- but does setting "the default" to #f actually change anything? the default doesn't apply when you've got cert files configured, right?
<str1ngs>you can add extend permissions but it is not default
<snape>yeah you definitely don't want keys in the store :-)
<str1ngs>shiranaihito: I apologize, I didn't understand the scope the problem. I'm still newish to guixsd myself
<shiranaihito>str1ngs no worries, i wasn't thinking about it from a security perspective either :)
<str1ngs>generally using the store is a good thing. in this case it's not
<str1ngs>which might explain why it takes a string and not a file object to begin with.
<shiranaihito>str1ngs i'm sure using the store is a good idea in many cases, but i still don't know what those are. Maybe it's related to stuff being "bit reproducible" or something, but would for example this nginx config thing get in the way of achieving that anyway?
<shiranaihito>maybe the docs could talk more about the reasoning behind having Guix "manage" files, and how it works etc
<str1ngs>shiranaihito: I'll give an example. you have a config /etc/foo/config which is managed using store and config.scm . if the config does not change ever then the "system profile" will simply reuse that hash in the store. if it does change then guix updates the link in to store. which mean if the service config change is broken. you can rollback to good config because its in the store still
<shiranaihito>str1ngs yeah, but i'm wondering about what kind of stuff it makes sense for Guix to manage, like in this case, it turns out the cert location isn't one of them
<shiranaihito>there could be other "over-reaches" too :) i've got a similar vibe from the postgresql config's data directory setting, for example :)
<snape>well, variable data then. Config files are static, and thus it makes sense to have your config.scm "swallows" a config file (e.g. with local-file) and thus the file will get in the store.
<str1ngs>shiranaihito: in the case of local-file if the hash changes it will create a new store item. if not it will add or reuse the same store item
<shiranaihito>snape but the point of having them in the store would be to be able to switch between configurations in a neat way, right? .. but that implies something has changed about a config file, i.e. it wasn't "static"?
<str1ngs>the problem is if you hard code the change. your previous system profiles break aswell
<shiranaihito>suppose i want to change the max number of connections my psql server will accept - is the postgresql config "static"?
<snape>well, if you want to change the static config file, you change it and then you reconfigure
<shiranaihito>and what does "hard-coding" mean? -not trying to be difficult here, just curious :)
<str1ngs>right now my current system works. but if I need to make a change. I like that I know for sure my previous system profile wills still work
<shiranaihito>str1ngs well, that does make sense, but on the other hand, you could also make a change in a config file, find out it results in trouble, and undo the change
<shiranaihito>or for example, if i'm running stuff in production, and i find out that for whatever reason, my psql server needs to accept more connections than it does now, does that mean i should perform a full system reconfiguration, or just change one specific value in one specific file?
<quiliro>after exporting GUILE paths i get the same error
<snape>shiranaihito: you can try your change by editing the psql config file by hand on the server, but if you want it to remain later, you need to change the config file pointed to by config.scm, and reconfigure
<shiranaihito>snape yeah :) i still think Guix's "responsibilities" could use some clarification with regard to config files etc
<snape>The magic is that you can have config files for 50 machines in one directory, without code repetition (because they are ordered in a logical way), with a Version Control System, and with one reconfigure (per machine) you update all your machines. You have (almost) no maintenance to do on your 50 machines. Adding a new machine is very easy too.
<snape>and you have full control on them, you don't need to remember which apt-get command you did on this one, etc
<snape>it's 10000 times more powerful than, say, Ansible (I find)
<ng0>you don't even need 50 individual config files, you can have one file and changes just inherit the most basic one and overwrite what they need.
<snape>Yes, that's what I meant when I said they should be ordered in a logical way.
<apteryx__>Hello! Reading about Spectre, it seems that you either have to 1) install new microcodes AND patch kernel with IBRS and IBPB patches or 2) Patch GCC and rebuild the world. Is linux-libre going to receive those microcodes updatesÉ
<buenouanq>There are some strangenesses with the process I don't understand that maybe you can help figure out if you do that.
<buenouanq>in other news, guix pull on my BBB has come to a hault twice now at compiling 77.8%
<ng0>what would I need to feed to Guile repl to get a gexp I have to really build or return the result in some human readable form? (define build-exp #~(begin (mkdir #$output) (chdir #$output) (symlink (string-append #$rxvt-unicode "/bin/urxvtc") "urxvtc"))) followed by (gexp->derivation "the-thing" build-exp) just returns $2 = #<procedure 353af00 at guix/gexp.scm:630:2 (state)>
<buenouanq>it takes 2 full days to get here and I've no idea what the problem is