IRC channel logs
2025-03-01.log
back to list of logs
<jA_cOp>There was an important fix for the syncthing package committed four days ago, how do I get it? I do `guix pull` and `guix home reconfigure ...`, and in my home config I'm using home-syncthing-service-type. But syncthing on my system is still not built with the patch. What am I missing? <squid64>So I changed my layout to dvorak but it's still qwerty at boot to unlock grub but not when I enter the passphrase the second time after selecting an entry. Any idea? <vhns>10:49 < mange> vhns: A little while ago ... # thanks, I'll be sure to use that. Bummer that it isn't documented. <vhns>One thing I really wish emacs-guix did was instantiate guix environments/manifests the same way emacs does with pip/pipenv <noob`>i tried to install guix as a operating system but after the reboot when i finish the installation the screen only dispays black background and a blanking cursor. what can i do? <simendsjo>squid64: I have just learned to live with it. I have a password I'm able to type on US qwerty by looking on my NO qwerty keyboard. <mra>noob`: my guess would be missing proprietary gpu drivers <noob`>i`ve tried with kernel-arguments nomodeset and radeon for trying to go <noob`> further but i cant even enter the grub menu, also tried nongnu image <noob`> and install full linux kernel. now i dont know what else to try <Rutherther>noob`: trying linux kernel or kernel-arguments when you cannot even get to the grub menu is not going to help <Rutherther>noob`: could you describe more what you're seeing when you computer starts? really just straight from the regular uefi screen (assuming uefi) to blinking cursor? <noob`>i select the disk where i did the install and the screen displays black background and a blinking cursor or _ <Rutherther>noob`: okay. Then you shouldn't be selecting a disk. It doesn't make sense to select a disk when you have uefi, you need to select specific efi file to boot from. From the little you are describing my guess is that the esp partition with efi boot file was not found. <Rutherther>the reason there is only a blinking cursor would then be that there is nothing to boot into on that disk <Rutherther>noob`: so how did you do the installation? did you do manual or used the graphical one? <Rutherther>noob`: to debug further it will probably be easiest to boot into the live iso again and check the disk partitions - if the esp partition is marked as such, and if the grub bootloader is present on it (should be under EFI folder), also the partition needs to be fat32(vfat) <noob`>the graphical one, that must do a /boot/efi partition <gabber>i cloned a Guix VM from a snapshot. how can i create new keys for my ssh daemon? <gabber>is there some herd action taking care of that? <Rutherther>gabber: no, the keys are generated on activation. So remove them (under /etc/ssh folder) and activate your system, ie. by booting <guix_n00b>I'm a long-time Linux user, coming from a Gentoo background. However, for work reasons, I spent many years on Ubuntu and only recently started experimenting with Guix. I'm really enjoying the declarative approach, but I'm still trying to fully understand how to integrate some of my usual tools into Guix home. <guix_n00b>I've been exploring different ways to set up my environment, and I’d love to hear your thoughts on how to best integrate Bash-it and, if feasible within the Guix philosophy, Flatpak <guix_n00b>"I'm trying to integrate Bash-it into my Guix home configuration. What is the recommended way to do this? Should I manually manage the installation inside home-config or is there a more declarative approach within Guix?" <guix_n00b>"If Bash-it is managed through Guix home, how should I enable and configure plugins, themes, and aliases declaratively? Is there an existing Guix package or service for Bash-it?" <guix_n00b>"For software that isn't available in Guix, what is the best way to handle Flatpak within a Guix home environment? Should I install it manually, or is there a way to manage Flatpak applications declaratively?" <guix_n00b>(I asked ChatGPT for help since English is not my native language, I hope I’m not being too wordy 😃.) <Rutherther>guix_n00b: as a general answer: most sw can be integrated into guix ecosystem and can be managed declaratively. But sort of a 'translation' layer has to be added and since a lot of sw is not made to be managed declaratively, it can be challenging. Someone has to add this translation layer. This translation is then coded into a service, so what you should be looking for is a service, ie. flatpak service, bash-it service. If you're fine with other... <Rutherther>... channels than guix official main one, I can recommend this tool for searching: https://toys.whereis.social. Unfortunately, I think neither bash-it nor flatpak currently have any services to manage them declaratively. (flatpak has some search hits, but it is only services that give you packages installed to use flatpak and env vars to find installed apps) So your only two options are: make the services yourself or don't manage declaratively <futurile>guix_n00b: doesn't look like there's a guix package for 'bash-it' so if you want to use it, you'll have to install it some other way. <futurile>oh sorry Rutherther didn't see you replied while I was cut-n-pasting <guix_n00b>Thanks for the explanation! I initially thought I could handle Flatpak and Bash-it as "simple configurations" by just copying the config files into my home directory, but now I see that a service makes much more sense. <guix_n00b>I'll start by taking a closer look at Scheme—it's not a language I use regularly, but luckily, I've tinkered with Emacs Lisp before... though I'm more of an Erlang/Elixir or Rust person. 😃 <rekado>the kernel deblob script is by far the slowest part of building my aarch64-linux image. <roptat>I'm trying to reconfigure my system and get rid of the deprecated rottlog-service-type, but I have trouble figuring out how to use the log-rotation-service-type <roptat>Is it possible to rotate multiple files with different frequency? <sneek>civodul, you have 1 message! <civodul>roptat: no, the frequency is set globally <civodul>maybe you can tweak the size threshold and frequency to achieve what you have in mind? <civodul>like rotate every day but only files bigger than 64k <civodul>roptat: in other news, i just brought lieserl down accidentally; could you take a look? <civodul>its root had been remounted read-only apparently <roptat>on startup, wireguard failed to start <roptat>I started it manually, and it should be ok now <lilyp>quick question: should we still propagate stuff that's listed in Requires.private? <anticomputer>what would be the way to resolve a /gnu/store file to its gc root(s)? (context: I have something I built from a guix dev shell that I -r'd a gc root against and want to make sure all its dependencies are actually associated to that particular profile) <Rutherther>anticomputer: so you want to see references of that profile? <anticomputer>Rutherther: if that's what it's called yes, e.g. I have an ldd list of libraries linked against a binary and I want to resolve each one to ensure that they're all under the gc root for that dev shell profile <Rutherther>anticomputer: that is what guix ensures, that all dependencies are present. (by being referred to by the store path, which you can see by guix gc --references) There is nothing for you to ensure <anticomputer>Rutherther: most already show that they're linking against the dev shell profile path but there's some that are direct /gnu/store references so I just want to ensure that's some sort of transitive relationship and not something that will get gc'd out from under the binary at some point <anticomputer>Rutherther: right that follows, but e.g. there's no chance of a non-container -r dev shell linking against things outside of its own profile that may later become dangling references that then get gc'd ... e.g. if I missed a dependency for the development environment in the dev shell that also existed on the system profile? <Rutherther>anticomputer: ah if you mean that you are relying on existence of some paths in guix store by something that is not in the guix store, then indeed you should check it. But as long as your shell is isolated from rest of the environment, it should be fine <anticomputer>Rutherther: yeah I'm hacking around some things by making a dev shell gc root that is persistent for a binary dependency of something non-guix, I guess the way to ensure is to make sure it builds in a --container <Rutherther>anticomputer: it doesn't matter if it is container or not, you need to be able to not use the system profile, so --pure flag (assuming no env vars set in rc), no need for container. Also as I was saying you can check it by guix gc --references to make sure it is the case <Rutherther>anticomputer: it starts with an empty environment instead of inheriting your own <wakyct>hi all, I set up the radicale service but other devices on the same network get a connection refused, I'm assuming because my laptop is rejecting connections on that port? How should I allow other devices on my lan to connect? <wakyct>I haven't messed with any firewall rules in my brief Guix life <anticomputer>Rutherther: cool --referrers and --references showed the few libs I was worried about are associated to dependences in my dev profile, thanks <wakyct>is iptables-service-type the way to go or is there something simpler? <anticomputer>wakyct: I prefer the netfilter service type but personal preference I reckon, a nicer way to declare your rules imo <wakyct>thanks, yes I was just reading the arch wiki on it, tbh my eyes were glazing over ;) <Rutherther>wakyct: the default policy with no services should be accept as far as I know. So are you sure it's not just that the service is not listening on that interface? <wakyct>oh interesting, yes it's listening according to ss <Rutherther>wakyct: that it listens on that that interface you're trying to connect via? <wakyct>maybe I'm mis-diagnosing the issue <wakyct>the server logs on my phone were saying connection refused <Rutherther>wakyct: connection refused is a generic error that matches both firewall not letting the traffic through and nothing listening on the port the app is trying to connect to <wakyct>thanks, I'm pretty sure it's listening since ss -tuln lists it (along with ssh on 22 etc.) but I'll have to look into it later, got to run <Rutherther>wakyct: I am just saying to check if it's listening on THE SPECIFIC INTERFACE, not that it is listening generally like you are claiming it does <ngz>pastor: The commit message you’re linking to seems explicit. It lists newly-created variables and procedures in the modified test file. In any case, don’t bother too much about the commit message, the committer will help you write a "correct" one if needed. <ieure>Hi there! I am once again reviewing and pushing Emacs-related patches today. I handled all the recent ones, but if you have one that's older and neglected, ping me and I'll handle it. <ngz>ieure: Thanks for that! Beware, though, as some Emacs packages recently added do not provide a proper description (i.e., the description does not consist of complete sentences). Of course, this is not a major issue, just something to keep in mind. <ieure>ngz, Hmmm, I read them and they seemed okay, but, you're right. <ngz>ieure: About Emacs-related patches, there is still 75683 and 76412 (this one needs a little work, tho) <ngz>ieure: Also, what do you think about 64620? <ngz>Great! I think 64620 definitely needs being discussed before it bitrots… <ieure>There's already a bunch of discussion on it. <ngz>But it petered out, somehow <ngz>Considering the sum of work involved, I think it deserves a conclusion, i.e., being accepted or rejected. But maybe that’s just me. <ngz>(FWIW, I lean towards the former) <meaty>If I have to bump a package to an inter-version commit for an essential bugfix, what should I call its version? <futurile>civodul & roptat just read through that unprivileged store series, it's very cool <PotentialUser-56>Hello. I'm just trying to get started with Guix System. How do I go about decrypting the root filesystem with a keyfile? The documentation metions doing this from the initramfs, but the initramfs is by default located int the gnu/store, and the gnu/store is probably best located on the root filesystem and therefore also encrypted, so it can't be <PotentialUser-56>used for decrypting root. GRUB seems to have some option for using a keyfile but i can't see it exposed in the `bootloader-configuration`. <Rutherther>PotentialUser-56: the documentation mentions doing it from the initramfs when grub already decrypted the disk, so it is available at that point <Rutherther>PotentialUser-56: anyway see the luks-device-mapping-with-options under System Configuration > Mapped Devices, it shows you how to point to a keyfile <PotentialUser-56>I see, but how does grub decrypt the disk without using the keyfile? Does the configuration system reconfigure grub based on mapped-devices somehow? <Rutherther>no, the point of the manual entry you found is to enter password only once instead of twice <Rutherther>also, I am afraid that currently the grub config made by guix doesn't support keyfile decryption, so only custom setup is possible to support keyfile fully <vagrantc>presumably puts the keyfile in the initrd, outside of the store (or appends the keyfile to the initrd, or uses a second initrd with just the keyfile) <sneek>vagrantc, you have 1 message! <sneek>vagrantc, efraim says: it looks like the only dependency for guix on powerpc which fails in debian is guile-git <Rutherther>the keyfile should definitely be outside the store, that is why extra initrd is mentioned in the documentation, not putting it to initrd directly <PotentialUser-56>The way I normally do this (on other distros), is I just leave /boot unencrypted, and do the decryption from the initramfs. I could do this in Guix I guess by just copying the kernel and initramfs onto an unencrypted partition and specifying a grub menu entry, but that does not seem so elegant anymore now that I see grub has a facility to decrypt <Rutherther>PotentialUser-56: that is not an easy solution, as the grub config changes with every reconfigure you do (the arguments to tell what system generation to boot to) <vagrantc>efraim: powerpc is fairly low on my priority list at the moment, but obviously will entertain patches :) <phfrohring>Hello Guix. Is there a way to automatically remove unused imports of a module or at least flag them somehow? <PotentialUser-56>So which will be easier: 1) Using an unencrypted partition for kernel 2) Coercing grub to use a keyfile somehow 3) Give up and leave the store unencrypted <Rutherther>easiest is definitely 3, for 1 and 2, I would say they are the same complexity <PotentialUser-56>2 sounds the most alluring in general to me. Would that mean a custom package definition for grub? Or is there a way to patch it in? As for 3, this would effectively mean encrypting /home, right? How easy is it for /home data to end up in the store, or elsewhere on the root fs? <Rutherther>PotentialUser-56: I don't think I said custom grub package definition. That doesn't make sense here. You need custom bootloader configuration here, so changing what you put to operating-system-bootloader, specifically changing configuration-file field of bootloader do generate configuration file with correct cryptomoutn <Rutherther>PotentialUser-56: nothing ends up in the store unless you explicitely say to end up there <Rutherther>PotentialUser-56: you don't need separate root and home, you can have partition just for the store itself <PotentialUser-56>Oh, thank you. I'm a total noob, you see. I'll go research the operating-system-bootloader then. <civodul>lieserl is on shepherd 1.0 now, nice <wakyct>so it's a little unclear from reading docs but is it correct that Guix out of the box will accept connections on any port that's open? <anticomputer>Rutherther: redid my builds from a --pure env to settle lingering gc paranoia, but works nicely now, good callout <anticomputer>found some missing inputs that were being pulled in from the inherited profile env instead <cbaines>wakyct, are you asking about the guix-daemon, or Guix (and services on it) as a system in general? <bjc>i just did a system reconfigure, and now when i attempt to boot, grub says “symbol ‘grub_is_shim_lock_enabled’ not found” and i can't boot <bjc>did something change? <wakyct>Guix system cbaines and yes the services that it starts <civodul>actually we don’t know: it was closed but we don’t know whether it vanished or what <bjc>this was from a pull a few minutes ago, and the system booted w/ the previous (made mid-2024) <bjc>so i guess not fixed <wakyct>I have a network config issue I'm trying to figure out which is complicated by the fact I don't know what I'm doing ;) <cbaines>wakyct, there's no firewall by default if that's what you're asking, and services might have different defaults as to whether they listen only on localhost or on all interfaces by default <cbaines>I usually turn to lsof -Pi if I'm unsure whether things are listening correctly <bjc>civodul: and i don't even see a fix in that ticket. ngraves just closed it at some point without saying why <wakyct>thanks yeah I think it's the localhost/interface thing that is tripping me up, I think I know what to do now <wakyct>if a system service doesn't explicitly include a config-file option in configuration, how do people normally specify it? Or will shepherd check some known place for config files? I'm looking at the Radicale service which doesn't seem to have a config-file option, though other services in Mail do for example <wakyct>though weirdly I do see people specifying config-file for the Radicale service in dotfile repos <Kabouik>Are there any distrobox users here? I'm having trouble creating a container with --init (which would install the container including systemd). <jA_cOp>wakyct: oftentimes what I'll do to debug this stuff is run `herd detailed-status`, which shows the command line of the running service. Combined with the upstream documentation, that should clue you in to how it's configured. My guess, without looking at the Guix code, is that radicale is started with something like --config /gnu/store/.../config. You could then inspect that file to see what config Guix has generated <jA_cOp>AFAIU, if the Guix service configuration doesn't have an escape hatch for you to add custom config options, you might want to either a) patch the Guix service, or b) make your own shepherd service that starts Radicale with your own configuration file (which could be a hand-written, copied "dotfile") <wakyct>yes it looks like radicale has a separate store item for its conf <wakyct>fortunately I was able to change what I needed in the service configuration <wakyct>the default service sets it up so it works on localhost but no in lan it seems <jA_cOp>mhm - with a command like `ss -lp | grep radicale` you can see which interfaces and ports the process is listening on. If you only see 127.0.0.1 it's only listening on localhost. If you see 0.0.0.0, that means it's listening on all interfaces (for IPv4). You might have to run ss with sudo to get the `-p` option to show the process name