| 10 Nov 2023 |
 bendlas | more thoughts on this: https://github.com/NixOS/nixpkgs/issues/206467#issuecomment-1806441531 | 21:16:20 |
 raitobezarius | a check script could exist | 21:25:48 |
| raitobezarius | but it would probably end up just creating a systemd runtime failure | 21:25:54 |
| raitobezarius | I don't see how you do check script like NGINX check phase in a sandbox | 21:26:07 |
| raitobezarius | you'd need to leak the data inside the sandbox | 21:26:11 |
| raitobezarius | that's almost impossible | 21:26:15 |
| raitobezarius | doing a proper activation prefail would require a complete redesign of the stc | 21:26:26 |
| raitobezarius | in nixops, there's an issue to enable policy deployments in stc | 21:26:34 |
| raitobezarius | this was never adopted | 21:26:38 |
| * raitobezarius feel like he mentioned the policy deployments feature 30 times in his life | 21:26:46 |
| bendlas | feels like we could get started by replacing activation with something that runs the existing code through something like
[{action: "nixos.generation-symlink/set",
target: "/nix/store/<system>"},
{action: "nixos.legacy/activate-system",
variant: "boot",
target: "/nix/store/<system>"}]
| 21:39:51 |
| bendlas | if an action can also declare a pre-check, which is run before any action is attempted, that should already allow to run checks like this, without dragging state into the sandbox. | 21:47:04 |
| raitobezarius | anyone is welcome to work on that, but there's a lot of work involved into touching stc | 22:13:18 |
| bendlas | yeah, wanted to ask, what does stc stand for? 😅 | 22:13:52 |
| raitobezarius | switch-to-configuration.pl | 22:14:21 |
| raitobezarius | (click on the link) | 22:14:36 |
| bendlas | In reply to @raitobezarius:matrix.org
anyone is welcome to work on that, but there's a lot of work involved into touching stc right! hence: do the minimal thing, that would allow everyone to start chipping away at it ... | 22:15:49 |
| bendlas | ... while already addressing sore spots, like compatibility checks and migrations in /var | 22:17:28 |
| bendlas | so stc would be the action I called nixos.legacy/activate-system. | 22:20:55 |
| bendlas | and according to my reverse-engineered deployment script, these are the two necessary actions, to emulate nixos-rebuild:
deploy-ssh-for = {
type = "app";
program = toString (pkgs.writeScript "deploy-ssh-for" ''
#!${pkgs.stdenv.shell}
set -eux
configName=$1
remote=root@$2
action=$3
shift 3
if [ gc = "$action" ]
then ssh -C $remote nix-collect-garbage "$@"
exit 0
fi
configuration=$(nix build .#nixosConfigurations.$configName.config.system.build.toplevel --print-out-paths --no-link -L)
nix-copy-closure $(if [ "''${1-}" != --direct ]; then echo --use-substitutes; fi) --gzip --to $remote $configuration
if [ dry-run = "$action" ]
then set +x
echo "[dry-run] Would run these commands:"
echo " ssh -C $remote nix-env --profile /nix/var/nix/profiles/system --set $configuration"
echo " ssh -C $remote $configuration/bin/switch-to-configuration $action"
else if [ build = "$action" ]
then ssh -C $remote nix-env --profile /tmp/nixos-system --set $configuration
else if [ boot = "$action" -o switch = "$action" ]
then ssh -C $remote nix-env --profile /nix/var/nix/profiles/system --set $configuration
ssh -C $remote $configuration/bin/switch-to-configuration $action
else echo "Unknown action '$action'. Use one of: dry-run, boot, switch"
fi fi fi
'');
};
| 22:24:25 |
| bendlas | (line 24-25) | 22:26:03 |
| raitobezarius | Right | 22:38:46 |
| raitobezarius | Let's move this to 24.05 though | 22:38:54 |
| raitobezarius | And we still need to focus on the immediate problem :) | 22:39:04 |
| bendlas | hehehe, I'm actually kind of tempted to prove the concept by implementing the postgresql downgrade ... also because I feel like I can't do much better than https://github.com/NixOS/nixpkgs/pull/266270 in the local optimum | 22:45:10 |
| bendlas | but no worries, if I decide to attempt it, it's on me against your advice. No expectations attached | 22:46:32 |
| bendlas | also if you have an Idea for something more productive right now, I'm also happy to help | 22:47:13 |
| 11 Nov 2023 |
 VladimÃr ÄŒunát | FYI, 23.11 schedule, TL;DR from #staging:nixos.org:
we merged staging to staging-next now, as almost full linux rebuild was unavoidable anyway. | 16:16:38 |
| VladimÃr ÄŒunát | So that iteration is delayed but will contain more things. | 16:17:23 |
| VladimÃr ÄŒunát | * So that iteration is delayed but will at least contain more things. | 16:17:27 |
