!UKDpaKNNsBpOPfLWfX:zhaofeng.li

Colmena

100 Members
A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena48 Servers

Load older messages


SenderMessageTime
2 Dec 2022
@whentze:matrix.orgWanja Hentzebrought down eval time from several minutes to a little over one minute, so that's great :)13:42:43
@whentze:matrix.orgWanja Hentze what also helped: using disabledModules extensively to blacklist things that we never use 13:44:44
@whentze:matrix.orgWanja Hentzethe streaming evaluator also brought down RAM usage from ~40GB to a little under 1013:45:17
@linus:schreibt.jetztLinux Hackerman
In reply to @ask-yourself:matrix.org

In the NixOS server the had me run nix store verify --all, which outputted:

.dotfiles on  main [!?] ⊥ nix store verify --all
path '/nix/store/4nhcx0ndfa374cgvi6x9sg73prmxmc04-publicsuffix-list-2021-09-03' is untrusted
path '/nix/store/y1hybm8h1kln0hg06c42m4g1wsblc0ig-freefont-ttf-20120503' is untrusted
path '/nix/store/ah9gyp7rxak9ig2q829myn6172jn302f-hack-font-3.003' is untrusted
path '/nix/store/dbn507rrsmgmdxwknhb3554nmkl0kvgi-gyre-fonts-2.005' is untrusted
path '/nix/store/jcqky5xbknabz7wn5p90qk0g9s031yzb-nixos-22.05.2764.0ba2543f8c8' is untrusted
That means the path isn't signed by a key listed in trusted-public-keys
13:52:19
@linus:schreibt.jetztLinux Hackermanif you deploy as root, you won't have this problem13:52:31
@linus:schreibt.jetztLinux Hackermanas is, you either need to make sure the machine you build on signs its paths (I wrote a little nixos module that does that https://github.com/NixOS/nix/issues/3023#issuecomment-781131502) and that the targets trust the key13:53:44
@linus:schreibt.jetztLinux Hackerman or add your deploy user to trusted-users, which is root-equivalent access 13:54:03
@linus:schreibt.jetztLinux HackermanWhy don't you just deploy as root?13:54:26
@ask-yourself:matrix.orgAsk Yourself🍉Thank you!14:00:02
@ask-yourself:matrix.orgAsk Yourself🍉 Yeah I accidentally removed this line while refactoring: trustedUsers = ["${user}"]; 14:00:19
@ask-yourself:matrix.orgAsk Yourself🍉What does it mean for a path to be untrusted?14:00:44
@ask-yourself:matrix.orgAsk Yourself🍉 * Thank you! Works now.14:01:03
@linus:schreibt.jetztLinux Hackerman
In reply to @linus:schreibt.jetzt
That means the path isn't signed by a key listed in trusted-public-keys
^ this
14:01:06
@ask-yourself:matrix.orgAsk Yourself🍉Right ok.14:01:21
@linus:schreibt.jetztLinux Hackermanoh right, there are two more ways I can think of for a path to be trusted: being built locally, or being content-addressed (like the output of a fixed-output derivation)14:02:13
@ask-yourself:matrix.orgAsk Yourself🍉The last is a bit over my head, but ok noted.14:10:16
@linus:schreibt.jetztLinux HackermanThat usually means that a file with a known hash was downloaded and verified to match the hash14:10:48
@ask-yourself:matrix.orgAsk Yourself🍉Ohhhh.14:11:06
@ask-yourself:matrix.orgAsk Yourself🍉Ok I see.14:11:10
@ask-yourself:matrix.orgAsk Yourself🍉Yeah I've really gotta learn how all this stuff works, I currently don't know how the store works really. Gonna do a big doc-read sometime soon..14:11:39
3 Dec 2022
@hanemile:matrix.orghanemile changed their profile picture.22:48:13
4 Dec 2022
@happyalu:matrix.orgAlok Parlikar joined the room.08:21:53
@rgrunbla:matrix.orgRémy GrünblattHey09:25:28
@rgrunbla:matrix.orgRémy Grünblatt So i'm trying to deploy a system on a node that has no internet access, and i'm getting weird errors from colmena : https://0x0.st/okwD.txt 09:26:33
@rgrunbla:matrix.orgRémy Grünblattthere is no problem with the build, but as soon as I deploy, it tries to communicate with cache.nixos.org… I was under the impression that only my local machine was used for the build and that remote machines didn't need internet access unless I wanted to build on them, am i mistaken ?09:27:45
@hanemile:matrix.orghanemile changed their profile picture.11:13:41
@rgrunbla:matrix.orgRémy Grünblatt(seems it was --no-substitutes I was searching for)14:02:40
@schnecfk:ruhr-uni-bochum.deCRTified (old handle) changed their display name from CRTified to CRTified (old handle).14:19:48
5 Dec 2022
@luxus:luxus.ailuxus joined the room.01:22:47
6 Dec 2022
@schnecfk:ruhr-uni-bochum.deCRTified (old handle) changed their profile picture.14:11:31

There are no newer messages yet.


Back to Room ListRoom Version: 6