<buenouanq>oh, and the module needs to be just `bootloader' while you have `bootloaders' <atw>Hello! I'd like to use mcron to automate backups. https://paste.debian.net/1004398/ is what I've got. How can I run a gexp like (backup-home "me")? I think I want to use gexp->derivation, but after that, I've been unsuccessful with run-with-store and similar. <civodul>you don't need to use gexp->derivation and all that <civodul>what you have posted is almost there <civodul>you need to change (backup-home #$user) to #$(backup-home user) <civodul>apart from that, it looks good at first sight <atw>civodul: thanks! what about taking the gexp that (backup-home "me") evaluates to and causing it to run via the REPL? I'd like to test the command, and sometimes I may want to cause a backup manually. <civodul>,run-in-store (gexp->derivation "foo" (backup-user "bar")) <civodul>at worst you can type the gexp at a REPL, just without the #~ and #$ <civodul>feel free to email help-guix@gnu.org to discuss further! <str1ngs> buenouanq you can use plain-file to insert a config file into config.scm <quiliro>buenouanq: so you created the file 10-evdev.conf <quiliro>with text between Section and EndSection in it? <quiliro>or you put the text you gave the link to in config.scm? <quiliro>,tel buenouanq the paste you sent me....is it supposed to be in config.scm or in 10-evdev.conf? <quiliro> ,tell buenouanq: the paste you sent me....is it supposed to be in config.scm or in 10-evdev.conf? <atw`>quiliro: I believe it's "sneek: later tell so-and-so ..." <quiliro>sneek: latter tell buenouanq the paste you sent me....is it supposed to be in config.scm or in 10-evdev.conf? <sneek>buenouanq, quiliro says: the paste you sent me....is it supposed to be in config.scm or in 10-evdev.conf? <bavier1>quiliro: they're here, but must be afk <quiliro>sneek: later ask the paste you sent me....is it supposed to be in config.scm or in 10-evdev.conf? <sneek>Guile is a friendly, quiet, and somewhat despised Scheme implementation. <sneek>Someone once said Lisp is a powerful, highly expressive, classical, and somewhat despised family of programming languages. <quiliro>sneek: botsnack Quito is city in Ecuador <sneek>Did not find any object named `#{something !}#' <sneek>Last time I checked knowledge is power <sneek>Last time I checked knowledge is freedom <quiliro>sneek: freedom is not the right to slavery <sneek>Last time I checked freedom is not the right to slavery <sneek>I've heard freedom is not the right to slavery <quiliro>sneek: freedom is not the choice of slavery <shiranaihito>freedom can also be defined as "the absence of intervention" <sneek>Someone once said slavery is imposition <quiliro>sneek: freedom is +the absense of intervention <sneek>I've heard freedom is not the right to slavery <quiliro>shiranaihito: i'm just playing with sneek ! <shiranaihito>ok, can someone tell me if system configs can be applied "incrementally"? like, if i first "guix system init" with a "minimal" config, and then do a "guix system reconfigure" with another config file that defines services.. is that ok? <shiranaihito>i mean, will guix just add the stuff from the second file, while keeping everything defined in the first file? <shiranaihito>so you mean the system config has to contain everything? <quiliro>that is why i am afraid to use some config i made <quiliro>everything for the whole system....common to all users...not the config that users do not share <quiliro>that must be installed by the users, not by reconfigure <quiliro>i guess i should have kept track of the last file i used <shiranaihito>ok, but i imagined the second system config file would also contain stuff that's common to all users <str1ngs>shiranaihito: re configures are not partial. they are still efficient using symlinks from what I have seen <shiranaihito>so i guess the question remains: does guix install stuff incrementally? <quiliro>or guixsd should keep a copy of the last file i used <str1ngs>shiranaihito: it is not incremental. it does however reuse resources from the store <str1ngs>shiranaihito: in the context of reconfigured, based on your original question anyways <quiliro>what is the end objective you search for in this incremental intention? <quiliro>if it would be incremental, you would have to specify what to remove <quiliro>since it is not, you must detail everything you want for the common system <quiliro>i would like to help you but i do not understand why you need it to be incremental <shiranaihito>quiliro the idea was to install postgresql and nginx separately, so that i wouldn't have to see their error messages about missing files and stuff when booting into a newly installed systen <quiliro>all right... 'guix system build config.scm' is done ......how can i know if it did the right thing? <quiliro>shiranaihito: install them as different users <str1ngs>shiranaihito: you can do that, it would reuses packages. you need to make sure the guix versions match with init and reconfigure though <str1ngs>quiliro: is this a new system or existing system? <quiliro>i suggest not to use 'guix system reconfigure config.scm' <shiranaihito>i'm just reinstalling everything several times while preparing my configs etc <str1ngs>shiranaihito: yes I gather you want post install either nginx or postgresql? <shiranaihito>str1ngs yeah, but basically just to avoid the error messages about missing certificates / config files / data directory etc <shiranaihito>i suspect guix could be modified to make everything alright in that respect :) <quiliro>shiranaihito: but to put only the basic things in config.scm and run 'guix package -i postgresql' on one user and 'guix package -i nginx' on another user <str1ngs>yes, I would use config.scm to configure all that where possible <str1ngs>quiliro: that won't help if he wants to use services <shiranaihito>str1ngs and you're talking about only having one system config(.scm) with everything? <str1ngs>shiranaihito: if possible. it might not easy to do post install stuff though <str1ngs>like for guix-publish service I do guix archive --generate-key on first boot <shiranaihito>well, i need to upload my application (and its certs) into an actual installed GuixSD, so.. :) <str1ngs>shiranaihito: you can use gexpression like local-file to add a file to the store <str1ngs>then you can configure the service to use that cert path <shiranaihito>str1ngs alright, so something like "(ssl-certificate (local-file <something>))" would be enough? <str1ngs>shiranaihito: I'm not sure if that takes a gexpression object <str1ngs>but you could in theory translate it somehow <str1ngs>shiranaihito: you would convert local-file to string paths if ssl-cert does not take a gexpression object <str1ngs>still learning about gexpression so not sure how to do this off hand <str1ngs>ssl-certificate takes either a string or #f it seems <shiranaihito>well, i guess i'll just muddle through with error messages for now <str1ngs>shiranaihito: I don't know the precise syntax to do this maybe someone else does <str1ngs>shiranaihito: but in in theory adding the file to the store would be the best approach <str1ngs>if you need to rollback with a previous cert it wills till work. since the cert is in the store <str1ngs>also it avoid have to post install . as per your request <str1ngs> shiranaihito also for configs. plain-file is nice, in that you can embedded your config in config.scm. and it will produced the store item for you <quiliro>after 'guix system vm config.scm' is done...how can i test it? <str1ngs>quasisane: does vm output a script link? <str1ngs>quiliro: ^ you can just call the script that is shown after running guix system vm <quiliro>str1ngs: the manual says that it returns a script to run that virtual machine <str1ngs>correct, no it will install everything you need to run the script <quiliro>it takes a long time in this core 2 duo <quiliro>i think i should start studying how to offload in order to take less time <str1ngs>quiliro: you can also pass qemu arguments to the script <str1ngs>ahh the what I do is build on my high powered server. then I use the server as a publish server <str1ngs>offloading does not work for me. need to look into it more <str1ngs>also sometimes if no substitute exists and it builds. it only needs to do it once <str1ngs>just sucks if that happens to be the kernel. which would be rare anyways <quiliro>without grafting it takes even longer <str1ngs>quiliro: but ya generally I do all my building on a high workstation. then do final configure etc on my say notebook <str1ngs>even works with guix pull if your commit hashes match <str1ngs>I use the high end workstation as a guix publish services. so it distributes substitutes to the notbook <str1ngs>I just make sure my guix hashes match, and I use the same config.scm that I built with <str1ngs>my high workstation runs a the guix-publish service <str1ngs>and I configure my notebook and other machines to use it as a substitute-url <quiliro>i would like to know the exact commands or files that need to be used in order for that to happen <str1ngs>quiliro: you also need to generate key and authorize <str1ngs>quiliro: seems more complex then it is. not easy for me to do a step by step <quiliro>str1ngs: that is good enough...thank you very much <str1ngs>quiliro: also when you do guix pull on the server. make sure you do guix pull --commit=<server guix commit hash> on other machines <str1ngs>guix version will give hash if you have pulled encase you need to check it <quiliro>i will re read your instructions and test it when i get access to a powerful workstation <str1ngs>also /var/guix/substitutes/cache/<server hash> might need purging if TTL gets messed up <str1ngs>I'm not sure how to invalidate the cache <quiliro>perhaps it failed because i am low on disk...only 3.2 GB free <str1ngs>also is it building something? or using substitutes? <quiliro>phase build failed after 1107 seconds <quiliro>i do not know...but there are a bunch of CC lines <str1ngs>CC line implies building. did you authorize hydra? <quiliro>but i do not understand why it builds if my guix is 7 days old <str1ngs>ah guixsd should authorize hydra by default <str1ngs>quasisane: what does guix version have? <quiliro>guix (GNU Guix) 1ee750ba4c76d9eff248b0f0657e0d8f119607ff <str1ngs>dunno if guix pull will help this. what is the build error? <quiliro>builder for /gnu/store/...-qemu-2.10.2.drv failed with exit code 1 <str1ngs>guix will build if not substitute exists. in the case of qemu I suspect it doing the right thing and building <quiliro>str1ngs: i am running it now with guix in emacs <quiliro>(guix-command "system" "vm" "/home/quiliro/guix/lightweight-desktop2.scm") <buenouanq>guix system error: failed to install bootloader <quiliro>buenouanq: and how did you define dvorak? <buenouanq>you define something that reads a file, then you modify the desktop service to read it <buenouanq>so you create the file /etc/config.d/10-evdev.conf (but it could be a different name or in a different location if you wanted) <quiliro>buenouanq: that is exactly what i am asking...you put the contents of the 10-evdev.conf inside config.scm? <quiliro>so 10-evdev.conf should be in the local directory with those contents and the rest should be in config.scm? <buenouanq>it should be wherever the definition that reads it thinks it is <buenouanq>in these files for me that is /etc/config.d/10-evdev.conf <buenouanq>I'm really looking for a better way to do this though. <quiliro>buenouanq: thank you...very...very much! <buenouanq>is there any way to install just the bootloader? <buenouanq>i've gone through an install with a friend and it completed but failed to install grub <buenouanq>they don't really want to wait through the whole install if it actually succeeded like it appears to if all we have to do is add the bootloader somehow <DamienCassou>I'm evaluating the possibility to use Guix as my main OS to replace Fedora. I have used NixOS for 2 years and loved it. I eventually gave up because many small things were not working good enough. I plan to change my WM to something much simpler than Gnome and I see that as an opportunity to go back to NixOS. But I could also try Guix. What do you think? <buenouanq>I recommend installing GuixSD and deciding for yourself. <buenouanq>guix uses guile is the biggest and most important <buenouanq>everything is just normal beautiful lisp declarations <buenouanq>nixos uses systemd while guixsd uses shepherd <quiliro>DamienCassou: please remember GuixSD is beta <quiliro>buenouanq: i have an error on the line that mentions 10-evdev.conf <buenouanq>DamienCassou: on the about pages on either"s wobsites <quiliro>i don't know about the nixos website <buenouanq>quiliro: did you add the ice-9 thing to the modules? <DamienCassou>is it ok to run guix on a server or is it still too "beta" to be trustworthy? <DamienCassou>the server is taking care of a few personal services that are not vital but that I would like to be working (such as my email and gitlab) <quiliro>DamienCassou: i would not put my job on it....but for personal use it is great...unless you know how to hack! <quiliro>buenouanq: $ sudo guix system reconfigure guix/lightweight-desktop2.scm <quiliro>guix system: error: failed to load 'guix/lightweight-desktop2.scm': <quiliro>/home/quiliro/guix/lightweight-desktop2.scm:59:13: /home/quiliro/guix/lightweight-desktop2.scm:59:13: In procedure module-lookup: Unbound variable: slim-service-type <buenouanq>I wish I understood the module look up thing better - Mine's become a mess... <buenouanq>DamienCassou: I've used GuixSD on all my computers for the last year or so - It's perfectly `trustworthy'. <quiliro>buenouanq: it is trustworthy for you because you know how to hack guixsd <buenouanq>I help people here when I can, but I'm as lost as you I promise <quiliro>it would be great to have a repo of config.scm <buenouanq>I totally agree - I would love more examples. <quiliro>do you think it is good to have a version of freedombone for guixsd? <quiliro>i would love a configuration for my father which has visual disabilties and hearing disabilities and bad memory <quiliro>it should be something simple and very intuitive <quiliro>only email, non formated text, graphical web browsing and very automatical with wifi and no passwords except for administration (which is done by me) <quiliro>oh! and sound recording and listening to music <quiliro>i think that would serve many older people <buenouanq>I've never heard of freedombone - This is a BeagleBone thing? <quiliro>it is a server which comes with defaults for several services <buenouanq>and I just discovered last night that we now have official services that do most of those things. <quiliro>but it is for debian and parabola only <buenouanq>we have our own services that do these things already though is what I'm saying <buenouanq>setting up a webserver and database on guixsd is super easy <buenouanq>i'm soon going to start playing with our mpd, email, and git services. <quiliro>freedombone is not only for that...it is a unified server...where passwords are random and there is only one user controlled password <quiliro>because usually no one uses good passwords for all services anyway <buenouanq>I'm actually surprized I haven't heard of it before. <quiliro>there is even a mesh version for disasters <buenouanq>I hope when 0.11 is finally released, ng0 also drops a beautiful gnunet service on us. <buenouanq>discovered yesterday that the whole manual is under tty2 on the install image <civodul>buenouanq: it's advertised quite prominently, no? :-) <civodul>efraim: why use SaaSS when we have 'guix refresh'? :-) <civodul>also, repology.org prolly reads our packages.json, which is currently not getting updated daily <snape>civodul: debbugs works for me <civodul>yeah it was apparently a DNS issue here <buenouanq>what are common reasons the bootloader would fail to install? <amz3>can someone take care of guile-bytestructures please? <civodul>amz3: i'm taking care of it, sorry for the delay! <snape>buenouanq: 1MiB should be enough <snape>I've always had more luck with MBR, maybe you should consider trying MBR? <buenouanq>"guix system: error: failed to install bootloader" <snape>is your partition encrypted? <snape>buenouanq: (your boot partition) <amz3>no worries, actually just want to know whether it will be in guix shortly or not <snape>buenouanq: your partition also needs to be a BIOS boot partition. With parted, you need to do "set bios_grub on" for example. <civodul>everyone does their best to review things quickly <amz3>sorry, I can wait anyway <buenouanq>it's a bios boot partition, but I didn't flag it as bootable <snape>buenouanq: you're welcome. Does it work now? <buenouanq>I don't know - It's a friend"s computer and I am not there right now. <buenouanq>Having gone through the whol install, is there any way to just install the bootloader now? <snape>guix system reconfigure config.scm should do it I reckon <snape>also, I don't think GRUB cares about things being bootable or not. <snape>being a BIOS boot partition and being bootable are two different things <snape>and the meaning of the boot flag is different whether it's GPT or MBR... pretty complicated stuff <snape>but really, I find MBR way much easier to deal with <buenouanq>I guess my bias towards GPT comes from my stack of giant harddrives which MBR can't do. <buenouanq>would trying to do grub-efi help or just cause more headaches? <snape>the MBR limit is 2TB. Make sure you need them :-) <snape>yeah EFI === headaches actually <shiranaihito>ok, so.. it seems that a "system init" won't go through without a certificate configured for nginx already being in place, on an installation that doesn't exist yet.. but the last time i tried, a "system reconfigure" wen't through without it <shiranaihito>i wish whatever installs nginx weren't so strict about this when it doesn't really make sense (yet, at least) <shiranaihito>.. and i'm supposed to have everything in one system config, but it can't be installed now, it seems <shiranaihito>what do people typically do when they use nginx in a system config and want to set up SSL too? <shiranaihito>.. or am i boldly going where no man has gone before? :p <shiranaihito>and i don't get it.. it seems to me like guix's behaviour changes over time, even though i'm using the exact same installation image <shiranaihito>can i "read" guile source from another file, into a system config in a specific place? so maybe i could have the nginx stuff in a separate file and read it in to make a "full" system config, after doing "system init" without nginx <wigust>shiranaihito: Are you saing that 'system init' and 'system reconfigure' give you different results? <shiranaihito>wigust afaik, a reconfigure would go through without the certificate files in place, at least i think it did last time <shiranaihito>ok, i'll just use two separate files - one with nginx and one without <wigust>shiranaihito: Why? Certificates are same what ever distributor, are they not? <shiranaihito>all in all, i think the nginx installation should not error out if the cert files are not present - let nginx worry about that when it's starting up <shiranaihito>wigust not sure what you mean, but Let's gives you some kind of "live service" and lots of automation, right? <shiranaihito>i just have files that i want to place in a directory.. after i actually have a Linux server running <shiranaihito>the cert file config setting for nginx is meant to tell *nginx* where to find a cert file, right? it's not guix's problem <shiranaihito>(and now guix has presented me with a ~problem that doesn't need to exist) <wigust>shiranaihito: You have a key and certificate, right? <wigust>shiranaihito: Then you could pass them as in example I gave you. <shiranaihito>wigust using the Let's Encrypt -specific "certbot" stuff? <shiranaihito>again, this is not something guix should concern itself with - nginx is told where to find a cert file, and it's either there, or *nginx* will exit with an error or something <str1ngs>shiranaihito: you could do #f for cert then use reconfigure after <shiranaihito>str1ngs i'd still have two files with almost identical contents? <str1ngs>after that you can proceed with reconfigure <shiranaihito>yep :) but now i'm running it several times when cobbling up a system config for my server <shiranaihito>still, guix should not concern itself with something that's essentially a runtime thing for nginx <str1ngs>I hear ya, just that guix is functional so the inputs effect the end output. in that context guix starts to make sense <str1ngs>partly why I explained using gexpression make this move viable <shiranaihito>str1ngs yes, but in the nginx config case, everything can be all functional and stuff, while still letting nginx figure out if the configured cert file exists when it's needed <shiranaihito>and yeah, the local-file stuff.. i didn't feel like trying to learn more about that when i just want to get stuff running <str1ngs>shiranaihito: it does take time to learn the scheme side yes. <shiranaihito>and whenever i look at a Guile file, i keep longing for Clojure :P <str1ngs>also I hear ya about nginx, but guixsd is not your average linux system. if you are use to editing server config files like you would another distro <catonano>I felt lost wit the nix langage, but scheme is ok for me <str1ngs>shiranaihito: guixsd is about being able to reproduce things in a deterministic manner. once that starts to click it's very powerfull <shiranaihito>besides, i'm still kind of uncomfortable about using "local-files".. i don't know how they work, and i want to keep certs in a different location than where my guix config files are, etc <str1ngs>I agree local-flile is the weakest expression to use there. <shiranaihito>str1ngs i still don't see the problem with letting nginx worry about the cert file's existence, in terms of guix being "functional" <shiranaihito>the nginx config itself is functional even if you don't error out on the files not existing yet (on a system that's not yet installed!) <str1ngs>because /etc/ does not work like a regular linux distro <str1ngs>you have to keep in mind guix is atomic and statefull. meaning rolling back breaks when you hard code things in /etc <shiranaihito>str1ngs i'm not sure what would be hardcoded here, and how <str1ngs>if you use gexpression the config can be in the store. in which case it probably won't error out. <str1ngs>I just don't know how to convert the gexpression file object to a string <shiranaihito>ok, but i don't want to learn about that, and i don't see the cert files as "part of my guix system config" <shiranaihito>i don't know either and i don't want to find out, especially because it would probably require learning about X Y Z in the process :P <str1ngs>mean while, use init and pass #f for certs. then reconfigure after boot? <shiranaihito>str1ngs yeah, right now the plan is to use two sys config files, one with nginx and one without <shiranaihito>it's almost the same, but with like.. a bit less duplication, i guess :P <str1ngs>that works, but like I said you really only need to do init once <shiranaihito>but this problem shouldn't be inflicted on users even that one time :P <str1ngs>I was annoyed in regards server configs at first. after I started to grok guix and guixsd. I now rather like it <str1ngs>and I had previous guile experience before that. <shiranaihito>of course even i like guix overall, as a thing :) it's just rough around the edges still <str1ngs>what I'm saying is that from the context of a power user from another linux distro. guixsd can be annoying . but only at first <str1ngs>the features you gain via this process. out weight the tradition editing copying a file in place. <shiranaihito>str1ngs sure, but if X is a problem, then it's a problem as long as it exists, even if someone overcomes it and proceeds to have a great time with Guix(SD) :) <str1ngs>it's more like. the problem is solve X way vs Y <str1ngs>what I mean, is the problem is solved in a way that you are not expecting <shiranaihito>and it's basically a workaround to a problem that shouldn't exist <shiranaihito>as for "being functional", the nginx config can be perfectly functional without erroring out on a missing certificate - maybe you roll back to a previous version and then the location where nginx will look for a cert changes!! --> still functional! <str1ngs>if the cert does not exist. then no it does not function :P <str1ngs>also rollbacks break when you hardcode config paths . I wont get into that now though <shiranaihito>suppose there's a great bar with a glorious selection of single malt scotch whiskey and hot girls, but when you enter for the first time, the bouncer punches you in the face :P <str1ngs>I not trying to piss you off. just trying to explain the guix way of doing things <shiranaihito>sure, and i'm not trying to piss you off either :) so i guess we're even :p <shiranaihito>and ofc, it's possible that i just don't see The Light yet (but will) :) <str1ngs>it does not help, I don't know the syntax to give you <str1ngs>why it would no hurt to try the ML list. so more knowledgeable people can explain how to do this the right way. <shiranaihito>btw, what does it mean when a "known host" is listed in square brackets? (.ssh/known_hosts) <shiranaihito>i mean, in the known_hosts file, an IP address is surrounded with brackets <shiranaihito>it seems the same address is listed twice, but once without brackets and once with them <str1ngs>shiranaihito: when in doubt delete it from known_hosts <roptat>shiranaihito: is it that you give a file in the configuration for nginx, but it doesn't exist on the system yet, and that gives an error from guix, right? <shiranaihito>str1ngs oh nono that was just an example, i didn't want to say the actual ip here <shiranaihito>roptat yeah, pretty much. as i see it, i'm telling nginx where to find a cert file, but since i'm just installing the system, it's not in place yet <str1ngs>shiranaihito: that fine I was wondering if it was related to 127.0.0.1 being special due to loopback. still if you are in doubt delete the offending line <shiranaihito>str1ngs yeah, i've deleted it several times - it's the IP that VMWare gives my VM <roptat>ok, I think I understand the issue. The test for file presence was added to ensure nginx would actually run (because if it's not, nginx won't start at all) <shiranaihito>so it's not a scary potentially haxxorous IP, i'm just wondering what the brackets mean :) <snape>shiranaihito: what you described about nginx certificates seems like a bug, but I think it has been solved already. When is the last time you updated Guix? <roptat>but of course the test is incorrect when the system gets installed <str1ngs>shiranaihito: ah brackets denote hosts with non standard ports I think <shiranaihito>roptat yes, but now there's a problem with the installation, just because users are being protected from themselves <str1ngs>shiranaihito: my guess is that machine has a port that is not 22 <shiranaihito>snape i'm running guix pull now on my VM, but again, i'm just trying stuff out while scraping together a system config for running a SaaS app <snape>I don't think you will have the issue after a git pull <str1ngs>shiranaihito: "Non-standard ports can be indicated by enclosing the host name with square brackets and following with a colon and the port number. Here are three examples referring to hosts listening for SSH on non-standard ports:" <shiranaihito>roptat it's alright for nginx not to start when the cert file is missing, especially when the user is basically in the process of making nginx happy along with everything else <roptat>actually it'll be all right after your guix pull <shiranaihito>configuring an incorrect location for a cert file is the user's problem, not guix's, especially when making it "guix's problem" results in a problem for the user :P <shiranaihito>snape oh? so the next installation image won't have this problem? <snape>when was the last image released? <str1ngs>snape: can you not convert a gexpression to as string to get around this ? say with local-file? <snape>so I think it should be solved now <snape>thus, with a guix pull, you'll get it fixed <shiranaihito>"If nginx is configured with a ssl-certificate file, and ssl-certificate-key, it will fail to start unless these exist. To avoid this happening, change the default to #f." <-- but does setting "the default" to #f actually change anything? the default doesn't apply when you've got cert files configured, right? <snape>where does your quote come from? <str1ngs>shiranaihito: default is "/etc/nginx/key.pem" which is not the same as cert <str1ngs>shiranaihito: basically it's saying if the file dos not exist and you want it to start. set cert or key to #f <snape>but again, this should not happen if Guix is up to date. Building a system based on a config should be deterministic, and thus it should not depend of whether or not you have a certificate. <str1ngs>well the config is not deterministic if the file does not exists since the service will fail. the issue is more that the config is overly strict at checking at build time <snape>yes, because your Guix is not up to date. An up to date Guix shouldn't fail at build time. <apteryx__>the error returned for an invalid base32 is terrifying <snape>str1ngs: I don't think it's a good idea to use local-file for certificates, because certificates are usually generated on the target machine <snape>and, at least with letsencrypt, are automatically updated <str1ngs>them more I thought about it, I think you are right. you don't want to put your key in store <shiranaihito>well, i didn't understand how the error is avoided with the new code, but that's alright. It seems there's a consensus it won't be happening anymore :P <snape>shiranaihito: the second commit removes the error so... <shiranaihito>snape sure, but i meant i didn't understand the description of what about the new code avoids the error.. but nevermind, i'm just a user :) <str1ngs>shiranaihito: in this case get why you were more adamant <shiranaihito>str1ngs well, i wasn't thinking "because certificates are usually generated on the target machine".. i just felt like it wasn't guix's business to handle certs :) <shiranaihito>but Let's Encrypt updating the certs seems like a good reason too <shiranaihito>.. though LE itself isn't some kind of holy standard to adapt to <str1ngs>that and you don't want the key in store. which local-file would do <str1ngs>you can add extend permissions but it is not default <snape>yeah you definitely don't want keys in the store :-) <str1ngs>shiranaihito: I apologize, I didn't understand the scope the problem. I'm still newish to guixsd myself <shiranaihito>str1ngs no worries, i wasn't thinking about it from a security perspective either :) <str1ngs>generally using the store is a good thing. in this case it's not <str1ngs>which might explain why it takes a string and not a file object to begin with. <shiranaihito>str1ngs i'm sure using the store is a good idea in many cases, but i still don't know what those are. Maybe it's related to stuff being "bit reproducible" or something, but would for example this nginx config thing get in the way of achieving that anyway? <shiranaihito>maybe the docs could talk more about the reasoning behind having Guix "manage" files, and how it works etc <str1ngs>shiranaihito: I'll give an example. you have a config /etc/foo/config which is managed using store and config.scm . if the config does not change ever then the "system profile" will simply reuse that hash in the store. if it does change then guix updates the link in to store. which mean if the service config change is broken. you can rollback to good config because its in the store still <shiranaihito>str1ngs yeah, but i'm wondering about what kind of stuff it makes sense for Guix to manage, like in this case, it turns out the cert location isn't one of them <shiranaihito>there could be other "over-reaches" too :) i've got a similar vibe from the postgresql config's data directory setting, for example :) <snape>you can't manage things that are "data" <snape>because they change all the time, and are undeterministic <str1ngs>yes, cert is not the best example . which is my fault <civodul>�ACTION pushed the qemu-binfmt service� <str1ngs>�ACTION tests binfmt with notepad.exe :P� <str1ngs>I guess that won't with with qemu though haha <snape>shiranaihito: you were the first using the word "manage" :-) I meant you can't have your config.scm depend on stuff that moves on its own, like data, certs, etc. <shiranaihito>and i'm just saying "manage" because it seems Guix somehow "takes over" a file, and swallows it into The Store, and then i don't know what happens after that :) <snape>yeah, a lot of stuff. emails of a mail server, passwords of your users, etc <shiranaihito>a lot of config files could be "data" too, and the settings in them <snape>Yeah I probably meant "variable data" <shiranaihito>for example the location of postgres' data directory is like "data about this particular postgres installation" <str1ngs>shiranaihito: it does not take over. the config.scm handles the file. you could even just use plain-file. which allows you to embed the into config.scm <snape>well, variable data then. Config files are static, and thus it makes sense to have your config.scm "swallows" a config file (e.g. with local-file) and thus the file will get in the store. <str1ngs>shiranaihito: in the case of local-file if the hash changes it will create a new store item. if not it will add or reuse the same store item <shiranaihito>snape but the point of having them in the store would be to be able to switch between configurations in a neat way, right? .. but that implies something has changed about a config file, i.e. it wasn't "static"? <str1ngs>the problem is if you hard code the change. your previous system profiles break aswell <shiranaihito>suppose i want to change the max number of connections my psql server will accept - is the postgresql config "static"? <snape>well, if you want to change the static config file, you change it and then you reconfigure <shiranaihito>and what does "hard-coding" mean? -not trying to be difficult here, just curious :) <snape>and you can rollback to the previous one when you want <quiliro>i have a problem with sudo guix pull <sneek>Welcome back quiliro, you have 1 message. <shiranaihito>str1ngs but config files are always *edited* by hand? :P:P -Guix handles switching between configs with different contents <str1ngs>yes, its a feature that I very well like <str1ngs>right now my current system works. but if I need to make a change. I like that I know for sure my previous system profile wills still work <shiranaihito>str1ngs well, that does make sense, but on the other hand, you could also make a change in a config file, find out it results in trouble, and undo the change <shiranaihito>or for example, if i'm running stuff in production, and i find out that for whatever reason, my psql server needs to accept more connections than it does now, does that mean i should perform a full system reconfiguration, or just change one specific value in one specific file? <quiliro>after exporting GUILE paths i get the same error <quiliro>guix pull: error: Guile-Git is missing but it is now required by 'guix pull'. <str1ngs>also is this foreign distro? is so how did you install guix <snape>shiranaihito: you can try your change by editing the psql config file by hand on the server, but if you want it to remain later, you need to change the config file pointed to by config.scm, and reconfigure <shiranaihito>snape yeah :) i still think Guix's "responsibilities" could use some clarification with regard to config files etc <snape>shiranaihito: feel free to update the docs :-) <snape>And you can still propose a change :-) <snape>The magic is that you can have config files for 50 machines in one directory, without code repetition (because they are ordered in a logical way), with a Version Control System, and with one reconfigure (per machine) you update all your machines. You have (almost) no maintenance to do on your 50 machines. Adding a new machine is very easy too. <snape>and you have full control on them, you don't need to remember which apt-get command you did on this one, etc <snape>it's 10000 times more powerful than, say, Ansible (I find) <ng0>you don't even need 50 individual config files, you can have one file and changes just inherit the most basic one and overwrite what they need. <snape>Yes, that's what I meant when I said they should be ordered in a logical way. <quiliro>snape: what do you suggest for a newbie <quiliro>to include in the manual or externally <snape>quiliro: you can try to package a package you need but that isn't packaged by Guix <snape>there are many, many packages missing :-) <snape>I think it would be more useful than a tutorial, because the doc is already pretty good in my opinion. And if it has to be improved, you can still propose patches for the doc. <quiliro>snape: I am trying to do that with openmolar. But I still have to learn a lot. <snape>the great thing with Guix, is that it's very broad. You don't need to know everything, you can focus on a small part (i.e. the kernel, Ocaml, services, bootloader, etc) and improve it. <quiliro>snape: i have a lot of dificulty. but i am persistent. i have to learn to read more....i know!! <quiliro>sido guix pull says that guile-git is needed <quiliro>will run guix package -u for user now to test <quiliro>but I meant looks like it is late in Asia <quiliro>by America, I mean North, South and Central <bavier>I'm working on packaging guile-cv, in case anyone else is interested in that <apteryx__>Hello! Reading about Spectre, it seems that you either have to 1) install new microcodes AND patch kernel with IBRS and IBPB patches or 2) Patch GCC and rebuild the world. Is linux-libre going to receive those microcodes updatesÉ <snape>apteryx__: the microcode update is non-free software, thus it won't be shipped with Guix. <quiliro>i have a problem with sudo guix pull since about 16 hours ago <quiliro>it is asking me to install guile-git and export some variables <quiliro>i have done that as user and with sudo <quiliro>but i cannot still 'sudo guix pull' yet <rekado>do ‘sudo -E guix …’, not ‘sudo guix’, because the latter will use root’s guix, whereas the former will use your own user’s guix. <quiliro>on an installation which is 138 days old <apteryx__>snape: True. I hope it can get properly worked around in free software :) <apteryx__>Has anyone experienced hostname resolutions woes when using Guix's openssh on a foreign distro? <mynameisnew>i got problem during boot, it gets stuck on "tsc clocksource" or at "sde attached" but sometimes it boots fine, sometimes pluging or unpluging drives help. <efraim>I was just gifted a 2010 macbookpro7,1 with a dead battery <efraim>After ruling out buying a new battery I think it might make an OK guixsd desktop, even with only 4GB of ram <efraim>Same family that gave me the iPad1 and one of the PPC macs <apteryx__>nevermind, the host resolution problem was somewhere else. <buenouanq>efraim: I just reinstall GuixSD on a Macbook last night. <buenouanq>There are some strangenesses with the process I don't understand that maybe you can help figure out if you do that. <buenouanq>in other news, guix pull on my BBB has come to a hault twice now at compiling 77.8% <ng0>what would I need to feed to Guile repl to get a gexp I have to really build or return the result in some human readable form? (define build-exp #~(begin (mkdir #$output) (chdir #$output) (symlink (string-append #$rxvt-unicode "/bin/urxvtc") "urxvtc"))) followed by (gexp->derivation "the-thing" build-exp) just returns $2 = #<procedure 353af00 at guix/gexp.scm:630:2 (state)> <buenouanq>it takes 2 full days to get here and I've no idea what the problem is <ng0>buenouanq: resource limits. <buenouanq>it's refusing connections so I can't just messages and stuff <bavier>buenouanq: do you have swap set up? <buenouanq>ng0: which ones though? I've given it 8GB each /gnu/, /tmp/, and swap partitions. <ng0>the ones you can't change. like RAM etc <ng0>try to look into offloading somewhere or build the system in advance <buenouanq>the post said something about cross compiling wasn't possible yet, that's why I'm even taking the time to do it on it in the first place <ng0>I read somewhere that you can set up qemu to cross compile native ARM. I don't have the link ready atm, but you could look into that <bavier>buenouanq: Ludovic posted a patch series recently to support building for any system via qemu; I wonder how that could help building a BBB system on a more powerful workstation <vagrantc>�ACTION wonders what the minimal reasonable specs would be to build natively� <vagrantc>i haven't noticed "guix pull" making much use of multiple CPUs <ng0>for instance.. and many more links I had somewhere <ng0>so it's possible, it's just a matter of going there and trying <ng0>crosstool-ng is also a thing <amz3>ng0: I think you need to run a special repl to get the human readble output <civodul>vagrantc: it does (the "GUILEC" phase does, specifically) <amz3>ng0: the gexp, is not executed in normal repl if you don't wrap it in some other form <ng0>amz3: well basically I want to check (and play around) if this would give me a usable form for my template <amz3>it's normal repl you just need to use (guix monad-repl) to extend the repl with the ,run-in-store meta command ***thekyriarchy is now known as thekyriarchy_
<ng0>didn't get it from the repl now, but from the drv file and the builder file. looks alright ***thekyriarchy_ is now known as thekyriarchy
<buenouanq>the problem with offloading the build for something like the beagleboneblack means I wouldn't ever be able to update it on it"s own <buenouanq>what missing/limited resources are we talking about though <buenouanq>it has huge swap, /gnu/, and /tmp/ partitions... what more does it need? and is it really something that can't be added/changed like these? <civodul>buenouanq: currently the main limitation is RAM usage for 'guix pull' <civodul>i have an Olimex with 1G of RAM, and everything works except 'guix pull' <bavier>any way to get more "width" in the backtraces printed by the builder? <bavier>I'm getting an error from "open-fdes" in reset-gzip-timestamps, but the backtrace cuts off the name of the file <amz3>bavier: look if you can work with debug-set! <bavier>amz3: thanks, doesn't seem to work... <amz3>I'll keep that in mind, because I tried to make it work too, but couldn't maybe a bug report on guile will be nice <amz3>bavier: what you can do if you work with git repository, is to add 'pk' to print the interesting part <bavier>aha, found it, tarball used for testing with no write permissions, so reset-gzip-timestamp fails