<snybajl[m]>Does GuixSD unlock luks volumes before or after GRUB? AFAIK there is no AES-acceleration in GRUB so it's a bit slower. Evil-maid attacks aren't really part of my threat model, so I would prefer to have it unlocked after GRUB. Is it possible to set that up?
<mroh>TBC_x: a lvm root partition works w/o trouble (even with lvm-cache...). What might be problematic is booting from it, because I'm not sure if our grub has the lvm module configured. (my grub config is an organic giant hack, grown over decades with lots of distros...;)
<apteryx>snybajl[m]: you're asking if Guix System supports a non-encrypted /boot. The answer is no, not at this time.
<apteryx>(it supports a fully encrypted drive, that prompts once in GRUB and once when the kernel boots)
<CarloSvarga>Hi, Guix noob here. I am considering building an internet-facing router with Guix instead of Ubuntu, but I don't really see any security stuff for either Guix servers or internet-facing machines. Are there any security issues unique to Guix in such a case?
<snybajl[m]>@apteryx gotcha, does it support lvm+luks? (for unlocking multiple drives using the same password)
<sturm>Hi folks, is it possible to run the Guix System graphical installer on top of a running Guix System? This would be useful to allow you to partition and install onto a second hard drive rather than messing around with a bootable USB.
<apteryx>snybajl[m]: I don't use lvm, it used to not support it, but ISTR it was added recently (to verify)
<apteryx>support for it was added with commit a9a2fdaabcc78e7a54d9a6bcfa4ee3de308e9a90; there's a news entry for it (guix pull --news)
<apteryx>lvm-device-mapping can be used to declared mapped devices for LVM.
<PurpleSym>I’m having a weird issue: After `guix gc`’ing `guix environment` is stuck requesting a store item over and over again, but the daemon always replies “path … is not valid”. If I manually `guix build` it, it moves on to the next one.
<abcdw>In ~3 hours will do a stream about Guix System Services, Shepherd and will explain what happens during system reconfigure. https://youtu.be/BYDxJTh2wZU Will try to read this chat during the stream, will appreciate all questions and suggestions.
<raid5atemyhomewo>So. ZFS on Guix. What are the chances my patches for that will get some attention? What can I do toget those patches merged?
<Ikosit>Hi there! I recently switched from NixOS to GuixSD. One thing i miss so far are overlays. Is there a mechanism in guix to override a specific package, so that all packages, which depend on that package will use the new package? I don't like using my own guix package repository, because then overridden packages were mixed with normal ones, also i'd have to pull with git and guix to update my system
<PurpleSym>Ikosit: You can try the --with-input transformation when installing a package, but afaik global overrides do not exist.
<rekado_>Ikosit: you can automate this with the Guix API in a manifest file.
<leoprikler>raid5atemyhomewo: I think you've done a lot of work recently, which has already been noticed by many. Now give people some time to do proper reviews.
<sneek>apteryx, raghavgururajan says: Would you be able to review and push #45721 v4 (1 to 20, as 21 is not ready yet)?
<roptat>there's also the Makefile that fetches translations from the TP, it should fetch from weblate now
<roptat>I guess I should also contact the TP to ask them to remove/disable the guix project
<apteryx>I have this in my tex.scm: (define-deprecated/alias texlive-union texlive-updmap.cfg). I have to run 'make' every time I touch the module, else it throws: Wrong type to apply: #<syntax-transformer texlive-union>
<apfel>hi there, i am playing around with with g expressions. I have the problem that gexp->script does not produce the script, even though the output tells me something else ... https://pastebin.com/gdzvjeAh any ideas?
<marusich>apfel, "built-derivations" is not documented. There are a variety of procedures that unfortunately are not documented. I don't think that is intentional, though. When it comes to figuring out how to do something, it is good to search the Guix source for ideas, or to ask here or on the guix-users/guix-devel email lists for ideas.
<marusich>If you just want to understand what a procedure does and it's not documented, the referring to the Guix source where it is defined is the only way to really undersatnd it.
<marusich>The "built-derivations" is a pretty common idiom for building derivations. It is the monadic analog to the "build-derivations" procedure, which is documented.
<herlocksholmes>Do you have the emacs-all-the-icons package installed? or declared in your system config?
<luis-felipe>herlocksholmes: No, I didn't know about that, thanks.
<ngks>Apologies if people ask this all the time: is there a snippet available that shows how to make xmodmap-like keybinding changes in a Guix System config.scm? It looks like this could go in the set-xorg-configuration form that appears in the config.scm generated by the installer I guess?
*luis-felipe goes through all-the-icons troubleshooting steps
*jonsger got remembered that I wanted to create an icon mockup ^^
***amiloradovsky1 is now known as amiloradovsky
<ngks>Ikosit: Guix System actually is able to rebind keys in X using just scheme in config.scm, no packages or dotfile needed. I used the manual section System Configuration > Keyboard Layout. I should have looked there first, it was much easier than I expected...
<jonsger>it's commit a3002104a84c60556b6616d100cb98019e48759d of leoprikler which breaks it
<rekado>I’m not familiar with these tools and how they relate to xkeyboard-config; but maybe this doesn’t matter. Perhaps there should be a rewrite function that can be applied to an operating-system record.
<rekado>Perhaps you could bring this up on guix-devel
<rekado>ugh, this article … it’s really poorly written.
<lfam>It's named that way because it's located in Berlin
<rekado>Ikosit: I don’t know what the system service would do, but 10.6 Keyboard Layout describes the keyboard-layout procedure. I suspect that it could be changed to accept an optional list of packages that together should provide the contents at /share/X11/xkb
<rekado>it would default to the xkeyboard-config, but when given another package its /share/X11/xkb directory would be used instead (or together with the original xkeyboard-config’s directory)
<luis-felipe>I finally got the icons working properly in Emacs doom modeline.
<luis-felipe>I thought installing emacs-doom-modeline would grab all the necessary things for it to work, but no.
<rekado>luis-felipe: looks like you need to execute all-the-icons-install-fonts
<rekado>we also only got this for recent substitutes, not for those that were available a week ago (which is why I didn’t hit this with my older Guix)
<roptat>the Bad Response-Line is probably because we fetch multiple narinfos at once (I got that when trying to fix https://issues.guix.gnu.org/45174): there's a port that contains a series of HTTP responses; if we get a 500, that's an error and we're supposed to eat the body of the response, which was empty
<cbaines>interestingly, I think the caching masked the issue locally
<roptat>I think I understand: the 500 error did not have a Content-Length header, so we executed the code that reads until the end of the port; for the following substitute, the port was already at eof, which probably explains the error
<cbaines>I've sent some stuff to the bug report now
<roptat>ah no, that was not it: if the port was read until eof, guix substitute would have complained about #<eof>, not ""
<roptat>unless a network port behaves differently from a file port
<kozo[m]>This is one reason I love using Guix. You guys are very fast and assessing and fixing bugs.
<kozo[m]> * This is one reason I love using Guix. You guys are very fast and assessing at fixing bugs.
<kozo[m]> * This is one reason I love using Guix. You guys are very fast at assessing and fixing bugs.
<lfam>We aim to please! Everyone is welcome to take part
<jonsger>User-73399: lkosit: I'll revert commit a3002104a84c60556b6616d100cb98019e48759d, this fixes the failure of `guix system reconfigure` for me :)
<lfam>Please make sure to notify the commit author :)
<lfam>It's possible that what we had before was also broken but in a silent way