| 25 Jul 2022 |
 Linux Hackerman | there's not much to it besides setting nixpkgs.system in the node's configuration | 15:42:22 |
 @grahamc:nixos.org | oh! of course! | 15:42:34 |
| @grahamc:nixos.org | thanks | 15:42:35 |
| @grahamc:nixos.org | I was thrown off by the meta.nixpkgs being set | 15:42:43 |
| Linux Hackerman | Yeah, that's only the nixpkgs used to evaluate it though | 15:43:39 |
| @grahamc:nixos.org | makes sense | 15:44:30 |
| Linux Hackerman | something to note is that Colmena's flake support is incomplete, the biggest issue being that it requires impure evaluation. | 15:44:41 |
| Linux Hackerman | That's bitten me before, with it picking up ~/.config/nixpkgs/config.nix | 15:45:00 |
| @grahamc:nixos.org | gotcha | 15:45:16 |
| @grahamc:nixos.org | it also seems to get a bit weird with some secrets support | 15:45:28 |
| @grahamc:nixos.org | and the reboot behavior is not to my taste at the moment :) | 15:45:54 |
| @grahamc:nixos.org | but switching from nixops was almost entirely pain-free | 15:48:11 |
| Linux Hackerman | grahamc (he/him): oh also keep in mind if you haven't encrypted your secrets and you're using flakes with colmena, the secrets are now world-readable in your nix store. | 15:55:41 |
| @grahamc:nixos.org | yeah, luckily they're barely secret | 15:57:29 |
| @grahamc:nixos.org | oh actually no they didn't get copied in, I "fixed" it like this: | 15:58:03 |
| @grahamc:nixos.org | colmena = let secrets = import /home/....mysecrets.nix; in | 15:58:24 |
| @grahamc:nixos.org | that file has no secrets, but points to other files, and loading those other files always failed | 15:58:52 |
| Linux Hackerman | aaah ok | 15:59:04 |
| 30 Jul 2022 |
 Winter (she/her) | Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? | 04:21:48 |
 Zhaofeng Li | In reply to @winterqt:nixos.dev
Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? Sure, done | 05:14:42 |
| Winter (she/her) | I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? | 05:33:09 |
| Winter (she/her) | Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? | 05:33:39 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? No, it's not supported except for apply-local. It's hard for it to be done in a manner with good user experience. | 05:59:01 |
| Zhaofeng Li | Note that interactive auth that doesn't require keyboard interaction should "work", like the Tailscale SSH check mode (haven't tested though). But still not a good experience with the default spinner UI | 06:00:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? I don't think sudo is cached across SSH sessions. | 06:00:56 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
I don't think sudo is cached across SSH sessions. I'm talking specifically in the context of apply-local here. | 06:02:41 |
| Winter (she/her) | Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. | 06:05:11 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I'm talking specifically in the context of apply-local here. Then it should be supported. After https://github.com/zhaofengli/colmena/issues/85 apply-local was changed to use the verbose UX if --sudo is passed so it doesn't interfere with the interactive prompt. What are you encountering? | 06:05:32 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. What's the edge case? Currently it's true for boot and switch | 06:08:26 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
What's the edge case? Currently it's true for boot and switch See here. If it's anything else, the privilege escalation command may hang indefinitely waiting for a password or similar since it doesn't passthrough like the profile switch invocation does | 06:13:28 |
