| 10 Nov 2023 |
 raitobezarius | So in the end, we have to choose between evaluation errors or systemd runtime errors | 20:53:38 |
| raitobezarius | I mean, if we remove the stateVersion, we can make a systemd runtime error an evaluation error and just after the fix, it's a systemd runtime error | 20:53:59 |
 bendlas | In reply to @raitobezarius:matrix.org
I think blocking on evaluation is the least way to piss people off yes. unfortunately, we only seem to have the infrastructure for doing that for the variant of outright removing the option ...
I guess the principled way of doing that would be to add a kind of system-level "check phase", where before system activation, something would check compatibility ....
| 20:54:09 |
| bendlas | ... but it's also mighty late for attempting to squeeze a phase between eval and runtime ... 😅 | 20:55:23 |
| bendlas | more thoughts on this: https://github.com/NixOS/nixpkgs/issues/206467#issuecomment-1806441531 | 21:16:20 |
| raitobezarius | a check script could exist | 21:25:48 |
| raitobezarius | but it would probably end up just creating a systemd runtime failure | 21:25:54 |
| raitobezarius | I don't see how you do check script like NGINX check phase in a sandbox | 21:26:07 |
| raitobezarius | you'd need to leak the data inside the sandbox | 21:26:11 |
| raitobezarius | that's almost impossible | 21:26:15 |
| raitobezarius | doing a proper activation prefail would require a complete redesign of the stc | 21:26:26 |
| raitobezarius | in nixops, there's an issue to enable policy deployments in stc | 21:26:34 |
| raitobezarius | this was never adopted | 21:26:38 |
| * raitobezarius feel like he mentioned the policy deployments feature 30 times in his life | 21:26:46 |
| bendlas | feels like we could get started by replacing activation with something that runs the existing code through something like
[{action: "nixos.generation-symlink/set",
target: "/nix/store/<system>"},
{action: "nixos.legacy/activate-system",
variant: "boot",
target: "/nix/store/<system>"}]
| 21:39:51 |
| bendlas | if an action can also declare a pre-check, which is run before any action is attempted, that should already allow to run checks like this, without dragging state into the sandbox. | 21:47:04 |
| raitobezarius | anyone is welcome to work on that, but there's a lot of work involved into touching stc | 22:13:18 |
| bendlas | yeah, wanted to ask, what does stc stand for? 😅 | 22:13:52 |
| raitobezarius | switch-to-configuration.pl | 22:14:21 |
| raitobezarius | (click on the link) | 22:14:36 |
| bendlas | In reply to @raitobezarius:matrix.org
anyone is welcome to work on that, but there's a lot of work involved into touching stc right! hence: do the minimal thing, that would allow everyone to start chipping away at it ... | 22:15:49 |
| bendlas | ... while already addressing sore spots, like compatibility checks and migrations in /var | 22:17:28 |
| bendlas | so stc would be the action I called nixos.legacy/activate-system. | 22:20:55 |
| bendlas | and according to my reverse-engineered deployment script, these are the two necessary actions, to emulate nixos-rebuild:
deploy-ssh-for = {
type = "app";
program = toString (pkgs.writeScript "deploy-ssh-for" ''
#!${pkgs.stdenv.shell}
set -eux
configName=$1
remote=root@$2
action=$3
shift 3
if [ gc = "$action" ]
then ssh -C $remote nix-collect-garbage "$@"
exit 0
fi
configuration=$(nix build .#nixosConfigurations.$configName.config.system.build.toplevel --print-out-paths --no-link -L)
nix-copy-closure $(if [ "''${1-}" != --direct ]; then echo --use-substitutes; fi) --gzip --to $remote $configuration
if [ dry-run = "$action" ]
then set +x
echo "[dry-run] Would run these commands:"
echo " ssh -C $remote nix-env --profile /nix/var/nix/profiles/system --set $configuration"
echo " ssh -C $remote $configuration/bin/switch-to-configuration $action"
else if [ build = "$action" ]
then ssh -C $remote nix-env --profile /tmp/nixos-system --set $configuration
else if [ boot = "$action" -o switch = "$action" ]
then ssh -C $remote nix-env --profile /nix/var/nix/profiles/system --set $configuration
ssh -C $remote $configuration/bin/switch-to-configuration $action
else echo "Unknown action '$action'. Use one of: dry-run, boot, switch"
fi fi fi
'');
};
| 22:24:25 |
| bendlas | (line 24-25) | 22:26:03 |
| raitobezarius | Right | 22:38:46 |
| raitobezarius | Let's move this to 24.05 though | 22:38:54 |
| raitobezarius | And we still need to focus on the immediate problem :) | 22:39:04 |
| bendlas | hehehe, I'm actually kind of tempted to prove the concept by implementing the postgresql downgrade ... also because I feel like I can't do much better than https://github.com/NixOS/nixpkgs/pull/266270 in the local optimum | 22:45:10 |
| bendlas | but no worries, if I decide to attempt it, it's on me against your advice. No expectations attached | 22:46:32 |
