IRC channel logs
2023-01-09.log
back to list of logs
<KarlJoad>Does it make any sense to have operating-system definitions be (define-d and then exported from a module? <KarlJoad>Ok. I just want to make sure I am not doing something completely ridiculous. <rekado>we’re doing this in the maintenance repo for build farm nodes <rekado>and we also have functions that return operating-system values. <nckx>goggles-bot: Welcome back & botsnack & c. <rekado>nckx: was it stopped or just stuck? <nckx>The Shepherd service was running, I didn't look closer. <nckx>Could you clarify the question? Me neither. <vivien>By the name, and the fact it is botsnacked, I would guess it is a bot, but its lack of interaction puzzles me as to its purpose <nckx>Oh. It's the bot that logs. It has no interactive features. <nckx>I said something to the bot merely to test whether it would be logged, that's all there was to it. <gnucode>apparently my knowledge about how to run guix system on a server is a bit rusty. I couldn't quite get the certbot certs working... <gnucode>I will try playing with it tomorrow. <lechner>gnucode / why not use certbot certonly --standalone ? <vivien>There are different schools of thought about certbot, but if you don’t define any nginx server configuration that runs on :80, then certbot will claim that space to make the redirects <vivien>Does goggles-bot handle DMCA takedown requests? <civodul>we should really do something to make certbot-service-type work OOB <lechner>maybe integrate it into both the nginx and apache service types, similar to what caddy does? <lechner>bonus points for integrating the DNS challenges into knot, bind etc. <dthompson>has anyone here used a guix vm with the spice-vdagent for clipboard sharing and stuff? I'm having trouble getting it working. <gnucode>lechner: it seems like more the guix way to use the certbot service. <lechner>i'd like to know how to that, if anyone knows <gnucode>I got nginx working to serve html on port 80. Just working on setting up on port 443. <gnucode>dthompson: what are you trying to do? Clone your own sperm whale so that it look like Leonard Nimoy (aka original spock)? <gnucode>dthompson: I was assuming you had slipped off the deep end and had become an evil scientist, who was addicted to star trek. Or a genius scientist depending on your definition. <civodul>gnucode: that language is unwelcome here <rekado>gnucode: you read quite a lot into a question about a clipboard. <gnucode>rekado: it was meant as a joke. My bad. <gnucode>lechner: thanks for the config. That won't quite work for me yet. I still haven't been able to get letsencrypt to download the cert <gnucode>dthompson: 9/10 times I get a joke wrong. I guess I was just due. <rekado>(I feel reminded of the cartoon showing a buffet with a long queue waiting to get to the bowl of punch) <dthompson>I tried to follow the instructions in the "using virt-viewer with spice" section of the manual but clipboard sharing doesn't work when I do that. <gnucode>lechner: don't trouble yourself too much trying to help me. I've got another server up and running and working. I am just starting this server from scratch. So figuring it out all over again.... <dthompson>so I figured I'd ask about it in case anyone here just happens to have a script of their own that works for them. <rekado>lechner: “where’s the punch line?” <lechner>as a group we are very effective at communicating issues. we come from all walks of life. there is bound to be some misunderstanding. we should devote more time to the human elements of our cooperation <mirai>tbh certbot shouldn't touch nginx if the challenge field is something other than "http-01" <mirai>or whatever it is for web based request <mirai>a trivial change of whether or not should a service-extension be cons'd <gnucode>lechner: I feel like ya'll do a pretty good job of encouraging polite communication. Certainly much better than some libre projects. Also, what do you do with that server? Seems to be doing a lot. <lechner>not nearly enough. my isp just opened port 25! <mirai>integrating certbot with knot, etc. sounds like a recipe for combinatorial pain <mirai>(that's why there's the -hook fields) <gnucode>lechner: port 25 is the smtp port right? email and such? <lechner>mirai / i think there are a lot of geniuses reading here right now! <lechner>gnucode / yeah i have been following your blog posts, but not yet the new service <gnucode>lechner: I don't think my opensmtpd service would actually work for your use case. At the moment I don't think it supports <gnucode>table virtual-recipients db:/etc/mail/virtual-recipients.db <gnucode>or table client-secrets file:/etc/mail/client-secrets <mirai>civodul: certbot using the activation-service-type here would be called for (in the context of running after a system reconfigure) <mirai>it would run the renew certificate script (it's idempotent unless the permissions are out of whack, which is not relevant) <mirai>and you could make nginx service depend on certbot having finished running the certificate script (you could do it unconditionally by having the script symlinked to 'true' if no certbot service exists, a dummy service, etc.) <neox>Hello there. Is there any alternative to the traditional plugdev group in guix system ? <akonai>mirai: you would still need nginx to serve http-01, and that would be problematic if you already have an nginx service running <mirai>akonai: hmmm... for http-01 cases, you could do some dancing around <mirai>have certbot spin up its own nginx instance and do all the certificate work <mirai>after certbot completes, tear it down and start the OG nginx service <dthompson>ooh I got clipboard sharing working! for some reason the instructions in the manual do not play nicely with the '-vga qxl' qemu flag! <akonai>yeah but you can't have two things on port 80 at once so it'd break if there's already an http server running, like may often be the case after a reconfigure <mirai>as the idea above is to have nginx start only after certbot has finished doing whatever it needs to do <akonai>does guix restart all services after a reconfigure? I thought it didn't <mirai>well, that's out of the scope <mirai>a mere reboot will set things straight <mirai>you want a sequence of services to be run <rekado>sneek: later tell zimoun I’ll try to add hierarchical edge bundling to the d3 graph output. It’s clearer than the chord diagramme. <akonai>nginx service running -> reconfigure -> certbot script starts http server -> doesn't work -> ? <mirai>that would be unfortunate, yes <mirai>(unless you can add a condition that makes certbot not fire if port80 is already taken) <mirai>though if you reboot or restart nginx, you're guaranteed to have an ordered sequence of services run <akonai>that could work, though it wouldn't make certbot work oob if you're e.g. switching domains or something since you'd have to manually shutdown nginx <mirai>either case would still be an improvement over whatever we have now <akonai>in a perfect world the http-01 challenge would be served over a different port and it'd be trivial <mroh>dthompson: what changes with '-vga qxl'? Perhaps, we should add that to the manual... <mirai>akonai: it will be oob if you start with no httpd running <mirai>but if you switch midway? (switching from http to https with an already running httpd) <mirai>sure, technically "not oob" but I don't think automatically killing the httpd service is going to be nice <mirai>its not worth the complexity to devise some magiheuristics to decide whether or not its "safe" to kill httpd <akonai>a note in the manual about shutting down nginx before reconfiguring could save people some time <apteryx>ah, the good old substitute problem: In procedure struct-vtable: Wrong type argument in position 1 (expecting struct): #f <dthompson>mroh: I haven't tested yet but it seems that that spice-vdagent on the guest needs to be run with '--display=QXL' <dthompson>unfortunately the spice-vdagent-service does not allow customizing the flags it uses. I've made a note to try fixing if I get a chance.