!UKDpaKNNsBpOPfLWfX:zhaofeng.li

Colmena

221 Members
A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena86 Servers

Load older messages


SenderMessageTime
21 Jun 2022
@tiha889a:tu-dresden.deTimyou can also check out agenix, it is basically sops-nix but with age and I am happily using it, not with colmena yet though.. it is dead simple especially when using the system ssh keys in /etc/ssh/06:27:34
@huyage:matrix.orglemmalamma
In reply to @tiha889a:tu-dresden.de
you can also check out agenix, it is basically sops-nix but with age and I am happily using it, not with colmena yet though.. it is dead simple especially when using the system ssh keys in /etc/ssh/
I made sops-nix work for me after a bit of wrangling.
10:11:35
@dantefromhell:matrix.orgdantefromhelli'm wondering: is there a collection/ examples of how people use colmena?12:35:50
@dantefromhell:matrix.orgdantefromhell

I'm using the colmena from git (commit 9db25bd) with flakes.

I'm struggling to understand how to define a hive w/ 2 systems where one is using nixpkgs/22.05 while the other is using nixpkgs/unstable as pkgs source.

14:59:43
@janejasperous:one.ems.hostJane Jasperous
      meta = {
        nixpkgs = import nixpkgs { system = "x86_64-linux"; };
        nodeNixpkgs = {
          rpi-tv = import nixpkgs-unstable {};
        };
...      
}```
15:02:05
@dantefromhell:matrix.orgdantefromhell
In reply to @janejasperous:one.ems.host
      meta = {
        nixpkgs = import nixpkgs { system = "x86_64-linux"; };
        nodeNixpkgs = {
          rpi-tv = import nixpkgs-unstable {};
        };
...      
}```
Thx, yes that works!
15:30:30
@dantefromhell:matrix.orgdantefromhell

Until I change the system in nodeNixpkgs to something different than nixpkgs. Than I get the error

[ERROR]   stderr) error: a 'aarch64-linux' with features {} is required to build '/nix/store/h5ggpshqjbl14pp1qri043d5dk0n2iyc-append-initrd-secrets.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test}

15:32:02
@schnecfk:ruhr-uni-bochum.deCRTified
In reply to @dantefromhell:matrix.org

Until I change the system in nodeNixpkgs to something different than nixpkgs. Than I get the error

[ERROR]   stderr) error: a 'aarch64-linux' with features {} is required to build '/nix/store/h5ggpshqjbl14pp1qri043d5dk0n2iyc-append-initrd-secrets.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test}

Either use deploy.buildOnTarget, enable qemu binfmt emulation or try and get it running using pkgsCross for true cross compilation
15:33:22
@schnecfk:ruhr-uni-bochum.deCRTifiedThe problem is that you're running on x86_64 and nix doesn't know where/how to build aarch64-linux at the current state of your config15:34:02
@dantefromhell:matrix.orgdantefromhell
In reply to @schnecfk:ruhr-uni-bochum.de
Either use deploy.buildOnTarget, enable qemu binfmt emulation or try and get it running using pkgsCross for true cross compilation

Thx, worked.

For anyone interested, my solution was to add

boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

to configuration.nix on the machine that I run colmena build on

18:56:49
@schnecfk:ruhr-uni-bochum.deCRTified
In reply to @dantefromhell:matrix.org

Thx, worked.

For anyone interested, my solution was to add

boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

to configuration.nix on the machine that I run colmena build on

Note that this method can be hit or miss. I've regularly had some minor problems with it, e.g. tests failing due to some qemu error
22:22:00
@jhillyerd:matrix.orgjhillyerdI've had a lot of builds lock up with no progress until I kill them w/ qemu aarch64 emulated system.23:24:41
22 Jun 2022
@huyage:matrix.orglemmalammaColmena is working well for me after I had trouble using nixops. I'm just curious: why are there so many nix-based deployment/config management tools? AFAIK nixops is the OG one. (I understand Colmena doesn't provision resource like nixops) Is there some history here?03:59:09
@buckley310:matrix.orgBuckleyNixops is the older one, but it’s not stateless. Nixos people like stateless solutions, so a few third party ones popped up. Mainly morph, deploy-rs, and colmena04:20:32
@janejasperous:one.ems.hostJane Jasperous
In reply to @huyage:matrix.org
Colmena is working well for me after I had trouble using nixops. I'm just curious: why are there so many nix-based deployment/config management tools? AFAIK nixops is the OG one. (I understand Colmena doesn't provision resource like nixops) Is there some history here?
nixops is maybe more in terraform league
09:46:31
@schnecfk:ruhr-uni-bochum.deCRTified
In reply to @huyage:matrix.org
Colmena is working well for me after I had trouble using nixops. I'm just curious: why are there so many nix-based deployment/config management tools? AFAIK nixops is the OG one. (I understand Colmena doesn't provision resource like nixops) Is there some history here?

To add on the answer by Buckley (Which answers why so many alternatives to NixOps appeared), it's also because it's somewhat easy to build such a tool based on nix.

Being a bit handwavy here, but it generally boils down to some combination of nix-build and nix-copy-closure. I've also seen some messages of people doing these steps with a shell script instead of any deployment tool.
This "foundation" is really clear if you've switched the deployment tool (e.g. from nixops to colmena) - you don't have to change that much to get it working, especially in comparison to switching between puppet, ansible or similar tools (or even the initial nix migration).

The deployment tools nonetheless offer a big plus, the more obvious ones would be secret management and the generally better user experience.

11:15:00
@linus:schreibt.jetztLinux Hackerman
In reply to @janejasperous:one.ems.host
nixops is maybe more in terraform league
I'd lean towards using terraform over using nixops when the use case is there though
11:42:55
@hexa:lossy.networkhexabecause one of these two is actually maintained πŸ˜›13:17:22
@linus:schreibt.jetztLinux Hackermanalso because nixops tries to do like 2% of the things that terraform covers and doesn't do as good of a job at it13:19:40
@jhillyerd:matrix.orgjhillyerd
In reply to @schnecfk:ruhr-uni-bochum.de

To add on the answer by Buckley (Which answers why so many alternatives to NixOps appeared), it's also because it's somewhat easy to build such a tool based on nix.

Being a bit handwavy here, but it generally boils down to some combination of nix-build and nix-copy-closure. I've also seen some messages of people doing these steps with a shell script instead of any deployment tool.
This "foundation" is really clear if you've switched the deployment tool (e.g. from nixops to colmena) - you don't have to change that much to get it working, especially in comparison to switching between puppet, ansible or similar tools (or even the initial nix migration).

The deployment tools nonetheless offer a big plus, the more obvious ones would be secret management and the generally better user experience.

It's easy enough to deploy without a tool, I migrated from NixOps to flakes intending to then migrate to Colmena, but still haven't bothered. πŸ˜† NixOps too ambitious with a refactoring effort 1.7 - 1.8/2.0, left things in a broken state for a long time, leaving a multi-year window for other tools to pop up.
20:27:47
@jhillyerd:matrix.orgjhillyerdI was really hoping NixOps + KVM would have given me a self-hosted cloud experience in my homelab, but gave up waiting.20:29:02
@jhillyerd:matrix.orgjhillyerd * I was really hoping NixOps + libvirt/KVM would have given me a self-hosted cloud experience in my homelab, but gave up waiting.20:29:37
23 Jun 2022
@dantefromhell:matrix.orgdantefromhellI was reading on github a bit about bootstrapping w/ colmena and the general answer was "no - because it requires state tracking". I was pondering if the approach to introduce a `colmena bootstrap` action to isolate bootstrapping from applying would remove the need for tracking state?12:23:35
@schnecfk:ruhr-uni-bochum.deCRTified
In reply to @dantefromhell:matrix.org
I was reading on github a bit about bootstrapping w/ colmena and the general answer was "no - because it requires state tracking".

I was pondering if the approach to introduce a `colmena bootstrap` action to isolate bootstrapping from applying would remove the need for tracking state?
I'm not really helpful here, but just for clarification: Are you referring to these PRs? https://github.com/zhaofengli/colmena/issues/42 and https://github.com/zhaofengli/colmena/issues/68
12:52:24
@schnecfk:ruhr-uni-bochum.deCRTified
In reply to @dantefromhell:matrix.org
I was reading on github a bit about bootstrapping w/ colmena and the general answer was "no - because it requires state tracking".

I was pondering if the approach to introduce a `colmena bootstrap` action to isolate bootstrapping from applying would remove the need for tracking state?
* I'm not really helpful here, but just for clarification: Are you referring to these Issues? https://github.com/zhaofengli/colmena/issues/42 and https://github.com/zhaofengli/colmena/issues/68
12:52:33
@blaggacao:matrix.orgDavid Arnold (blaggacao)Note that provisioning and bootstrapping are two separate concerns.14:23:34
@blaggacao:matrix.orgDavid Arnold (blaggacao)Bootstrapping doesn't require tracking state. It only requires a static contract of the (yet) anonymous node.14:24:16
@blaggacao:matrix.orgDavid Arnold (blaggacao)* Bootstrapping doesn't require tracking state. It only requires a stable contract of the (yet) anonymous node.14:24:30
@blaggacao:matrix.orgDavid Arnold (blaggacao)How to reach it? And does it comply to any sort of colmena-nixos interface?14:25:43
@huyage:matrix.orglemmalamma
In reply to @schnecfk:ruhr-uni-bochum.de
I'm not really helpful here, but just for clarification: Are you referring to these Issues? https://github.com/zhaofengli/colmena/issues/42 and https://github.com/zhaofengli/colmena/issues/68
I've also successfully used Pulumi instead of Terraform for provisioning and Colmena takes over after that. I still dream of a world where I can do both with Nix.
18:34:34

There are no newer messages yet.


Back to Room ListRoom Version: 6