IRC channel logs
2024-08-22.log
back to list of logs
<PotentialUser-61>Hello. I am trying Guix in my laptop. How come, when I login (elogind?) I can use the keys to adjust the screen brightness, but once I login and i3 is loaded, they no longer do anything? Can anyone share any pointers? Thanks. <jaft_r>Hey, PotentialUser-61; which login manager are you using? The default one is GDM and, being a Gnome software, I expect it's (possibly) providing this while i3, being far more sparse in out-of-the-box features, may not and might require you to bind the keys, yourself. <jaft_r>(granted, I say this as someone who uses neither GDM nor i3 so I could be mistaken or inaccurate, in some way) <PotentialUser-61>I am using the default. And the default login manager seems to be GDM, as you said. However, I'm not sure about the differences between a login manager (GDM) and a "login and seat manager" (elogind). <jaft_r>It's a good question; unfortunately, I don't know. <jaft_r>"brightnessctl" works for me without having to set any permissions (I'll double check if I'm using any services, though, just to be sure); I'm using Wayland but I don't see anything about it not working with XOrg. <jaft_r>Yeah; doesn't look like it (granted, I use most of the out-of-the-box %desktop-services so I may be and just not realize it but no services that I've manually added or configured). <PotentialUser-61>[Errno 13] Permission denied ... and sure enough, the file is tight on permissions. <jaft_r>For most of my needs, yeah; only thing I can think of lacking is screensharing (it works but it's kinda janky) but everything else works so much better than XOrg that I don't mind. <Franciman>jaft_r: oh for me it works really fine. What DE/WM do you use? <jaft_r>Franciman: Wayfire; I kind of had to cobble together my xdg-desktop-portal configss from what I could find on the Internet so there may be room for improvement. <jaft_r>But yeah, PotentialUser-61; I was going to say using something like Sway or, as Franciman mentioned, River (fairly widely used Wayland compositors) means you'll likely have a pretty smooth experience. Most of everything I may've wanted is pretty much there. <jaft_r>Yeah; that's definitely fair. I did the same thing, too; started off with Openbox. <PotentialUser-61>One more thing, is there a better way to tryout new software on Guix? I know about "guix shell", but that does not protect my $HOME from being filled with config files. And graphical programs says it cannot open the display. <jaft_r>PotentialUser-61: which graphic program are you trying to test out? I've run into similar issues but may've possibly figured a way around it, finally. Just wanna test my theory, before recommending. <PotentialUser-61>For example, if I do "guix -C tlpui -- tlpui", to run it in a container, I get the error message. Maybe there is some DISPLAY variable that is missing... <jaft_r>Huh; never used the "-C" flag, before. Usually just "guix shell …". My $DISPLAY variable is going through, alright, so maybe that's why running it worked fine for me (so I can't test my theory) but I did notice that guix shell has a "preserve" flag so you could try something like "guix shell --preserve='^DISPLAY$' tlpui -- tlpui" and see if that works? <PotentialUser-61>jaft_r Did not work any differently than manually setting DISPLAY from within the new shell environment. :-( <PotentialUser-61>Oh well, it was a nice idea. Maybe it can help me in the future with other problems. <PotentialUser-61>BTW, I use the -C to try to protect from the software starting, creating stuff in my HOME, and then I find I do not like it (or does not do what I intended) and the config files will continue there. <fnat>I've been testing it with this command, from a Guix checkout after the patch is applied: <fnat>$(./pre-inst-env guix system vm --share=/tmp/foo=/media/music /tmp/config.scm) -m 2048 -smp 2 <fnat>Ha, right, I need to provide 'config.scm' too. :) <fnat>Now, not sure if you've the time to actually test it. But I don't know, you might be able to spot an issue with the patch just by looking at it. <fnat>With the command above, the VM builds and is launched. <mirai>Do you have a log of the error? <fnat>If I open a terminal as root I see that the service doesn't start because of an issue with "unbound variable (user) #f". <fnat>I can provide the exact log if useful. <mirai>I've spotted a few things already <fnat>(Apologies for the non-textual version.) <fnat>(Yeah, there's a couple of points where I had a bit of a "dont-know-what-im-doing" feeling.) <mirai>fnat: I've pm'd you the corrections <mirai>I know there's no precedence here but have you considered not making use of the least-authority-wrapper? <mirai>the least-authority-wrapper can be used where you specify _readymedia_ package <mirai>this allows the service to be fine-tuned further by other users IMO <mirai>actually I'm not sure whether it can be used in the package field at all since the generated config file can't be known beforehand <mirai>if you want to set the precedent, perhaps you could have a least-authority-wrapped? field in the <readymedia-configuration> record-type that allows the user to bypass it alltogether <mirai>otherwise feel free to leave it as is, lest we stray away from the main objective :) <fnat>mirai: First of all, thanks for the comments in PM. The service is now working! <fnat>Let me think about the least-authority-wrapper part. On the one side, the more flexibility one can provide to the final user the better - OTOH, I don't see a huge benefit in allowing to bypass the POLA wrapper? <mirai>what happens if the music directory contains symlinks to directories outside of it? <mirai>I'm guessing those files won't be accessible by the daemon <fnat>That would conflict with the idea of compartmentalise the app to a specific folder. <fnat>I mean, the symlinks would not work but that'd be by design. <mirai>not sure how common or unusual my setup is compared to the average joe but it does make use of symlinks <fnat>I should be able to send a v3 after I get some sleep. Maybe we can continue the conversation re the L.A.W. there. Thank you for your help to get to this point already. <fnat>*there = I mean on the ML. <sneek>Welcome back AwesomeAdam54321! <cbaines>issues.guix wasn't responding, so I've restarted mumi on berlin <ekaitz>hi! anyone uses dunst with dmenu here? i can't make dunst run dmenu when dunst is run on startup... if I run it by hand in my session it does find it <Rutherther>ekaitz what exactly starts dunst at Startup? Probably its missing variables like DISPLAY or WAYLAND_DISPLAY <ekaitz>Rutherther: i'm not sure what starts it, there's some dbus thing where it is registered when installed <ekaitz>Rutherther: in any case, notifications actually show up, but I can't call dmenu <ekaitz>the dunst configuration says you need to provide a path to the dmenu but I can't really do that, because we can't rely on our paths <ekaitz>if i just say `dmenu -p dunst` it only works when I run it in my session by hand, i guess because PATH is not ready yet when dunst is launched? <Rutherther>There is no "ready". It depends which process starts it. If this is the case, I think easiest is to not rely on path just provide full path. To do that use file-append or string append with gexp and save that to the dunst config from your guix home config <ekaitz>i don't use guix home at the moment :) <ekaitz>i need to find a good friend that helps me with it :) <ekaitz>but yeah, the full path sounds great <ekaitz>anything I can do without using the full path? <Rutherther>Why dont you put dmenu to your system pkgs / user profile, and use path to the symlink? Like under /run/current-system or ~/.guix-profile <mgd>Just a quick question on free software and Java tooling. I can understand why Intellij wouldn't be considered free software but what is the objection towards Eclipse and the Apache foundation in general? Asking out of curiosity <ekaitz>Rutherther: thanks a lot, i'll try i it works :) <fnat>I suppose I don't need to run 'git format-patch' with the '-vN' flag, if I then use 'git send-email -vN ...'? <fnat>Loosely related, 'git send-email --to=NNNNN@debugs.gnu.org some-patch.patch' seems to result in a new thread on the guix-patches archive... Any other thread-related option that I need to add? <esnos>Hi, I have question for you, do you use full power of gnu shepard, meaning do you write guile scripts? Because right now on arch I'm using systemd only for staring services and I want to know when would I like to write custom script. <rhuijzer>I mean, you can write custom services if you want. Wat do you mean esnos <rhuijzer>If you only want to start/ stop existing services you don't have to write your own GNU Shepherd services or anthing, just as you probably don't have to write systemd service definitions now <Ironsmith>hello! on a riscv64 system and when i `guix pull` i get the error `| 'check' phasebuilder for '/gnu/store/bd5qfbhkyg9zw3nvz4pipr8xq324c01j-findutils-boot0-4.8.0.drv' failed with exit code 1` caused by a failing gnulib test `test-lock` (specifically test_rwlock). it happens on both Ubuntu 23 and Debian 12. does anyone know a solution to this? should <mirai>fnat: you could add --in-reply-to='<4fee1c18adcfd29d40d5b557bf52db0e531c3f16.1722421592.git.me@fabionatali.com>' <fnat>mirai: Ha! That's brilliant, thanks. Now saved in my notes for the next time. :) <koorosh>for some reason i can't run guix system reconfigure /etc/config.scm <koorosh>building /gnu/store/5rnrq30mjgg5hgr0325442k229m9g2w2-install-bootloader.scm.drv... <koorosh>guix system: error: '/gnu/store/8813pnxpdv90iclwh1cw9xwlsgapxalf-grub-efi-2.12/sbin/grub-install --boot-directory //boot --bootloader-id=Guix --efi-directory //boot/efi' exited with status 1; output follows: <koorosh> Installing for x86_64-efi platform. <koorosh> Could not prepare Boot variable: No space left on device <koorosh> /gnu/store/8813pnxpdv90iclwh1cw9xwlsgapxalf-grub-efi-2.12/sbin/grub-install: error: efibootmgr failed to register the boot entry: Input/output error. <koorosh>my efi partition is 548m and 232k is used <yelninei>You could try removing some of the older system generations with 'sudo guix system delete-generations 1m' (for anything older than 1 month, etc) <koorosh>that doesn't change anything i deleted everything except the current generation <koorosh>and sudo guix gc after deleting the generations <Rutherther>What do you have on /boot that it got full? Maybe you can try deleting the stuff thats excessive there <Rutherther>232k sounds pretty low, I thought grub is in megabytes or tens of megabytes <koorosh>i didn't put anything in there personally <Rutherther>My mistake, didnt notice its efibootmgr that fails, which means nvram is full, yeah <koorosh>so how can i know which bootnum to delete when using -B with efibootmgr <koorosh>Boot0001* Hard Drive BBS(HD,,0x0)0000474f00004e4fb10000000100000075005700440043002000570044003100300045005a00450058002d003000380057004e0034004100300000000501090002000000007fff040002010c00d041030a0000000001010600010101010600010003120a000000ffff00007fff040001043e00ef47642dc93ba041ac194d51d01b4ce62000200020002000570020002d00440043005700360043003 <koorosh>200590041004c00520053003000550000007fff04000000424f <koorosh>Boot0002* UEFI:CD/DVD Drive BBS(129,,0x0) <Rutherther>Alternatively if you use only guix on the device and dont mind living on the edge, you could delete all, and then reconfigure. But if reconfigure fails, or you lose power you would have to boot into live ISO <koorosh>deleting every entry with efibootmgr? <Rutherther>Hmm, bootctl is apparently bundled by systemd-boot, so I am not sure if guix has it packaged <Rutherther>koorosh I said all because I thought there is going to be more, but there is Just a few so dont remove all, yeah... <Rutherther>But the space must have been used elsewhere if there is only a few entries <Rutherther>Have you checked the dump files under /sys/firmware/efi/efivars? <koorosh>there are around 261 files inf /sys/firmware... what should i be looking for in there <koorosh>there are 188 dump-type* files in the sysfs <llano>I feel like I'm blind, what is the nttp server for the mailing lists? <ieure>*Is there* an nntp server for the GNU mailing lists? First I've heard of it. <llano>Mmm, maybe that's why I'm not seeing it. Is it through the web only? <ieure>There are archives on the web, but it's a mailing list, so it's primarily through email. <llano>Today I learned. Mailing List != Usenet <Rutherther>koorosh I think so but I am not completely sure. <koorosh>deleting the dump files and or the boot entry 0002 fixed it tnx for everyone <koorosh>also if anyone can point me to some resources about what might cause the creation of the dump files it would be great <Rutherther>Btw the dump files are created only when there is another issue I think, so might be worth monitoring and looking into the cause at one point <koorosh>interesting what should i monitor in this case <unfroq>Hey Guix! I've got some trouble on recent Guix regarding greetd-service-type. It does not spin up the terminal for my sway session. I can log in to one of the other terminals, but the shell is acting a bit weird. For example, I can't use sudo in it. I thought this could be related to the recent changes regarding privileged programs? I have no clue <unfroq>how to debug this properly, since I need to reboot all the time into a broken system. <koorosh>failed boots or failed grub installs <Rutherther>koorosh I cannot say I dont have any experience with this. With monitoring I meant pooking into this folder if a dump has been created again or not <fnat>unfroq: Perhaps you could try your system definition (or a minimal version of it) in a VM? <fnat>unfroq: Something along the lines of '$(guix system vm /tmp/config.scm) -m 2048 -smp 2' for example? <unfroq>fnat: haven't thought about using a vm.. Guix just works so well usually, that I don't need vms to test setups anymore :D. I'll go that route then. Thanks! <fnat>Anyone familiar with Guix's Restic service? I've been looking at this only superficially but I was wondering how to pass S3 credentials to Restic. I think this is typically done via environment variables. <ieure>fnat, Guix doesn't have any facility for secure storage of credentials, so, any solution here is going to come with some significant drawbacks. <fnat>Hm... I see. I'd be happy with a callback to pass or GnuPG - I suppose that's not an option? <fnat>I see the service has a 'password-file' field - which I think can be used to set all necessary env variables, including those used to set S3 credentials. <fnat>But yeah, I'd be reluctant to use a plain text file. <ieure>fnat, Yes, but be aware that if you put that in the store, such as by using plain-file, it will be world-readable. <fnat>ieure: Right, good point, thanks. <ieure>fnat, There's some third-party stuff that improves this, but it uses some Nix thing to work, which I don't understand the purpose of. <fnat>As a matter of fact, using a plain text file might not be so terribly bad? I mean, not ideal, but if the threat model is for someone to access that file, they can as well access the files I want to backup directly. <ieure>I'd think you could encrypt sensitive stuff with the machine's public key, put the ciphertext in the store, and have a service which decrypts it to a file in tmpfs when activated -- I don't know why you'd want to rely on an external tool for any of this, seems like it wouldn't be hard to whip up with Scheme. <ieure>fnat, Risk profile is subjective, if it's a risk you can tolerate, go for it. I personally wouldn't be okay with it. <fnat>This is in the context of that particular S3 repository being only used for backup purposes. <ieure>If that's not a risk for you, may as well store the backups unencrypted in the first place and avoid the hassle, no? <ieure>Oh right, this is access creds for that. <fnat>Yeah, sorry, and I should have mentioned - single user machine, ofc! :) <fnat>Yeah, no, it's different - data is already stored in plain text locally - but encryption is necessary on the remote end. <ieure>I run Restic, but haven't gotten it going under Guix yet. That's a blocker for true use for me. <fnat>But yeah... "credentials in plain text file" makes me twitch. <fnat>May I ask how you handle things outside Guix? I see one can use the '--pass-command' for handling Restic's password securely. But how about S3 creds? (If that's a backend you use.) <ieure>I don't use S3, I self-host as much as possible. Backups land on an encrypted redundant zfs on a server downstairs, and get replicated off-site, to a different computer I own and physically control. <fnat>Actually, a good (as good as it gets?) solution could be to use the service 'extra-config' field to pass the password command (which can be some GnuPG variant for instance) and use the 'password-file' only for the S3 creds (which need to be stored in plain text anyway). (The file won't go in the Store.) <fnat>ieure: Ha, I see. That makes a lot of sense. <fnat>Thanks for all the advice by the way! <ieure>That setup gets deployed with Ansible, the `backup' user on my NAS has public SSH keys set up for all the clients; client credentials end up cleartext, but in their root user's $HOME, so not world-readable. They get encrypted with ansible-vault at rest, and can only be decrypted with my hardware token. <fnat>The 'extra-flags' field should do it for me, but yeah - having the '--password-command' directly exposed would be so neat. <ieure>My biggest gripe with this setup is that Restic kind of sucks -- if a client crashes or disconnects, it leaves the backup repo locked, and nothing else can back up to it. That's a pretty bad failure mode for software meant for disaster recovery. <ieure>Pretty regularly find that backups have stopped for some reason, or old backups aren't getting pruned and the zpool is filling up, all because of its poor locking behavior. <ieure>This stuff is running on Debian stable machines, though, so maybe that's been fixed for years. <fnat>ieure: Sorry, I might have misunderstood it, but does it mean that the NAS pulls the backups from the clients instead of the clients pushing things? <fnat>If you use your own servers, have you considered BorgBackup instead of Restic? <ieure>fnat, No, clients push backups using a cron job. They move backups to the NAS with SSH. <ieure>fnat, I haven't tried BorgBackup, but would definitely like to give it a whirl. <fnat>I've been using it very happily for a few years. I'm looking into Restic for my secondary backup site. (To add redundancy across various dimensions, so to say, including tooling-wise.) <fnat>And also because S3, yay. <ieure>It's definitely on my radar, at the time I set this up, Restic was the easiest option, so now I'm invested. oops <ieure>I have decidedly mixed feelings about putting sensitive backups on cloud infra, so this stuff doesn't leave my domain. <ieure>I'm fortunate to have access to another location where I can slap a computer and big disk to replicate what I have on site. <fnat>Haha, I've also sooo mixed feelings about this that I've been pushing back on it for ages. But eventually, in my case, I think the trade-off of redundancy-vs-security goes in favour of using S3 on a commercial service (as long as things are "encrypted")... I know... still doesn't sound super future-proof, does it? <dlowe>there's some future-proofing in that pretty much every object store also supports the S3 protocol <ieure>dlowe, Yeah, this is a nice property, you're not tied to AWS. <dlowe>I'd be surprised if there weren't a free S3 server out there that one could fallback on <ieure>I'd trust that even less than one I pay for. <fnat>Well, there's a couple of S3-compliant implementations I think. <ieure>Yes, there are multiple options. 