!UKDpaKNNsBpOPfLWfX:zhaofeng.li

Colmena

293 Members
A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena97 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
24 Dec 2024
@karlthane:matrix.org@karlthane:matrix.org joined the room.13:58:22
@karlthane:matrix.org@karlthane:matrix.org left the room.14:03:18
@dmoonfire:matrix.orgdmoonfire
In reply to@justinas:nixos.dev

get the error where you can't configure a setting and a service in the same (unknown boot or services depending on where).

I'm not sure what that means

Adding the configuration option to the top-level file for a host (in example/default.nix with example = import ./src/nodes/example/default.nix; in flake.nix), such as:

config.permittedInsecurePackages = ["dotnet-sdk-6.0.428"];

gives the following error:

       error: Module `:anon-1766:anon-1' has an unsupported attribute `boot'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: boot deployment environment networking services sops system time) into the explicit `config' attribute.

Putting this in the top-level file:

nixpkgs.config.permittedInsecurePackages = ["dotnet-sdk-6.0.428"];

doesn't pick up the insecure packages entry. "Doesn't pick up" being "gives me an error that I need to add dotnet-sdk-6.0.428 to the permittedInsecurePackages" error.

Putting the nixpkgs.config... in flake.nix:outputs.colmena.defaults is what used to work before I upgraded to 24.11.

Putting the config... in flake.nix:outputs.colmena.meta.nixpkgs = import inputs.nixpkgs { ...; config.permitted... } doesn't pick it up.

Putting the nixpkgs.config... in flake.nix:outputs.colmena.meta.nixpkgs = import inputs.nixpkgs { ...; config.permitted... } doesn't pick it up (but you already said that, just being complete).
23:17:23
@justinas:nixos.devJustinas Stankevičius

Alright, I see. The This is caused by introducing a top-level config' or options' attribute. issue is because you misunderstood me, I'll try to be a bit more clear.

When you're importing / calling nixpkgs explicitly, its options are under an argument called config. In full, import nixpkgs { config = { permittedInsecurePackages = ... } };.

However, when you're configuring nixpkgs in a modular way through the NixOS machine config, then that same thing is nested under nixpkgs, e.g. the option to set is nixpkgs.config. In full, nixpkgs.config.permittedInsecurePackages = { ... }. https://search.nixos.org/options?channel=24.11&show=nixpkgs.config&from=0&size=50&sort=relevance&type=packages&query=nixpkgs.config

In the context of a NixOS configuration module, config refers to the system configuration itself.

23:21:35
@justinas:nixos.devJustinas Stankevičius *

Alright, I see. The This is caused by introducing a top-level config' or options' attribute. issue is because you misunderstood me, I'll try to be a bit more clear.

When you're importing / calling nixpkgs explicitly, its options are under an argument called config. In full, import nixpkgs { config = { permittedInsecurePackages = ... } };.

However, when you're configuring nixpkgs in a modular way through the NixOS machine config, then that same thing is nested under nixpkgs, e.g. the option to set is nixpkgs.config. In full, nixpkgs.config.permittedInsecurePackages = [ ... ]. https://search.nixos.org/options?channel=24.11&show=nixpkgs.config&from=0&size=50&sort=relevance&type=packages&query=nixpkgs.config

In the context of a NixOS configuration module, config refers to the system configuration itself.

23:24:09
@dmoonfire:matrix.orgdmoonfire So, in the metadata, then this should work from what I'm understanding.

      colmena = {
        meta = {
          nixpkgs = import inputs.nixpkgs {
            system = "x86_64-linux";
            config = { permittedInsecurePackages = [ "dotnet-sdk-6.0.428" ]; };
          };

But I still get the error that I need to allow "dotnet-sdk-6.0.428". 		23:26:06
@justinas:nixos.devJustinas Stankevičius Are you sure that after you add the permitted package, it still complains about the same package? We've already have a couple of people ask about this, and they misunderstood the fact that you may need to include several distinct packages in this list under some circumstances. https://discourse.nixos.org/t/solved-sonarr-is-broken-in-24-11-unstable-aka-how-the-hell-do-i-use-nixpkgs-config-permittedinsecurepackages/56828 23:31:09
@otanaut:matrix.org@otanaut:matrix.org left the room.23:31:21
@justinas:nixos.devJustinas StankevičiusPlease make sure that after you attempt the fix, it is the same exact package reported in the error.23:32:12
@justinas:nixos.devJustinas Stankevičius I've just confirmed that the following works (allows me to build Sonarr, which is one of the apps affected): https://gist.github.com/justinas/d2465aacfdf196ba65bf4f7bd1894f0e . nixos-unstable, colmena master, colmena build --experimental-flake-eval. 23:33:50
@justinas:nixos.devJustinas Stankevičius * Are you sure that after you add the permitted package, it still complains about the same package? We've already had a couple of people ask about this, and they misunderstood the fact that you may need to include several distinct packages in this list under some circumstances. https://discourse.nixos.org/t/solved-sonarr-is-broken-in-24-11-unstable-aka-how-the-hell-do-i-use-nixpkgs-config-permittedinsecurepackages/56828 23:35:21
@dmoonfire:matrix.orgdmoonfire 
paruk |        Known issues:
paruk |         - Dotnet SDK 6.0.428 is EOL, please use 8.0 (LTS) or 9.0 (Current)
paruk | 
paruk |        You can install it anyway by allowing this package, using the
paruk |        following methods:
paruk | 
paruk |        a) To temporarily allow all insecure packages, you can use an environment
paruk |           variable for a single invocation of the nix tools:
paruk | 
paruk |             $ export NIXPKGS_ALLOW_INSECURE=1
paruk | 
paruk |           Note: When using `nix shell`, `nix build`, `nix develop`, etc with a flake,
paruk |                 then pass `--impure` in order to allow use of environment variables.
paruk | 
paruk |        b) for `nixos-rebuild` you can add ‘dotnet-sdk-6.0.428’ to
paruk |           `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
paruk |           like so:
paruk | 
paruk |             {
paruk |               nixpkgs.config.permittedInsecurePackages = [
paruk |                 "dotnet-sdk-6.0.428"
paruk |               ];
paruk |             }
paruk | 
paruk |        c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
paruk |           ‘dotnet-sdk-6.0.428’ to `permittedInsecurePackages` in
paruk |           ~/.config/nixpkgs/config.nix, like so:
paruk | 
paruk |             {
paruk |               permittedInsecurePackages = [
paruk |                 "dotnet-sdk-6.0.428"
paruk |               ];
paruk |             }
paruk | Evaluation failed

That is the package, but I tried to include those Sonarr ones since sonarr is on that server.

23:35:24
@justinas:nixos.devJustinas Stankevičius Okay. Please see my gist, it is a very simple config that you can verify works in isolation. I also use the samenixpkgs.config from the gist in a personal machine with 24.11 and it works. 23:36:49

Show newer messages

Back to Room ListRoom Version: 6