| 25 Jan 2023 |
 Linux Hackerman | it's probably the nixpkgs follows. | 14:53:09 |
| Linux Hackerman | Try without that | 14:53:14 |
 Ask Yourself🍉 | That worked, thanks. | 14:55:00 |
| Linux Hackerman | It's always a tradeoff between using the same stuff that upstream is tested against, and having fewer copies of nixpkgs 😅 | 14:55:47 |
| Ask Yourself🍉 | Yeah, I thought it was good practice to standardize, but maybe I'm confused about that? | 14:56:24 |
| Ask Yourself🍉 | Should I be standardizing like that by default until something breaks or is it just not even a good idea? | 14:56:40 |
| Linux Hackerman | Depends on what you want | 14:56:40 |
| Linux Hackerman | if you want as little fuss as possible at the cost of disk space (and being more dependent on your upstreams for security updates), don't use any follows | 14:57:09 |
| Ask Yourself🍉 | Hmmm ok. | 14:57:49 |
| Ask Yourself🍉 | I think I need to get a better understanding of some of the inner workings of Nix.. | 14:58:02 |
| Ask Yourself🍉 | Thank you for the help! | 14:58:06 |
|  dminuoso joined the room. | 17:13:12 |
| dminuoso | Hi. We're still on 22.05 and get warnings like trace: warning: The following Nixpkgs configuration keys set in meta.nixpkgs will be ignored: allowUnfree allowUnsupportedSystem contentAddressedByDefault enableParallelBuildingByDefault showDerivationWarnings strictDepsByDefault
Given that we set meta.nixpkgs = import sources.nixpkgs; (i.e. non-initialised nixpkgs from niv), Im a bit unsure how to squelch those warnings.
Does anyone have an idea?
| 17:15:44 |
 Zhaofeng Li | In reply to @dminuoso:matrix.org
Hi. We're still on 22.05 and get warnings like trace: warning: The following Nixpkgs configuration keys set in meta.nixpkgs will be ignored: allowUnfree allowUnsupportedSystem contentAddressedByDefault enableParallelBuildingByDefault showDerivationWarnings strictDepsByDefault
Given that we set meta.nixpkgs = import sources.nixpkgs; (i.e. non-initialised nixpkgs from niv), Im a bit unsure how to squelch those warnings.
Does anyone have an idea?
If you aren't setting any of the configs, this warning should be harmless. The warning will disappear once you upgrade to 22.11 where most nixpkgs config keys became typed so merging would work as expected. | 18:23:46 |
| dminuoso | Well I am setting in nixpkgs.config inside the host config. Im just curious whether I can even make the warning disappear. | 18:44:03 |
| Zhaofeng Li | I think you can explicitly set all of them in meta.nodeNixpkgs but it's quite tedious. The warning is defined here: https://github.com/zhaofengli/colmena/blob/64c46fa0169233d4faed70c52583cd3183c7f5aa/src/nix/hive/eval.nix#L132-L141 | 20:18:56 |
 hexa | dminuoso: can I ask what's holding you back? Interested from a security team perspective. | 20:36:01 |
| hexa | I assume this is work related? | 20:36:12 |
| dminuoso | hexa: Oh yeah. Updating closures for 22.11 is scheduled right after we're done with a critical project, so probably next week or so. | 20:54:16 |
| dminuoso | It was a bit of a mismanagement on my side, at the time it was released we had a lot of folks on vacation. Next time we should probably prepare closures for a new nixos release before the release, but oh well. | 20:55:44 |
| dminuoso | It's a bit of an effort because we have a lot of nixos machines involved, so we have to do audits, backport changes, etc.. | 20:56:28 |
| dminuoso | * It's a bit of an effort because we have a lot of nixos machines involved, so we have to do audits, rebase changes, etc.. | 20:56:39 |
| hexa | you can probably start evaluating the new release as soon as it is branched, which happens roughly ten days before the actual release | 20:58:39 |
| hexa | then you have like 5 weeks to migrate, which might sound short, but I think nixos makes updating far easier than other distros | 20:59:15 |
 Wanja Hentze | In reply to @dminuoso:matrix.org
It's a bit of an effort because we have a lot of nixos machines involved, so we have to do audits, rebase changes, etc.. same here | 22:11:48 |
| Wanja Hentze | for 22.11, we *did* start working on the upgrade in time, but it still took us til mid January to finish it because there was so much breakage this time | 22:12:22 |
