Colmena - Public Room Timeline

	Colmena	317 Members
	A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena	107 Servers

Load older messages

Sender	Message	Time
24 Nov 2022
Zhaofeng Li	Currently it only supports passwordless sudo, so you can either add a rule to `security.sudo.extraRules` or allow everyone in `wheel` to escalate without a password with `security.sudo.wheelNeedsPassword`.	21:00:25
Zhaofeng Li	Admittedly deploying as non-root isn't the best experience right now 😐️	21:01:05
@ask-yourself:matrix.org	That's ok, it'll be cool once it's working.	21:01:45
@ask-yourself:matrix.org	I'll try adding that, but I do wanna know.. Would this all be easier if I used some kind of secrets management thing like SOPS?	21:02:06
Zhaofeng Li	Using sops doesn't alleviate the problems with running the deployment process as non-root. It's a replacement for `deployment.keys` with a different workflow.	21:04:35
@ask-yourself:matrix.org	Ok, it's working, this is very cool.	21:06:52
@ask-yourself:matrix.org	Thank you very much for the help.	21:06:56
25 Nov 2022
	@chris01:nitro.chat joined the room.	20:37:56
	@tired:fairydust.space joined the room.	22:05:02
26 Nov 2022
	@ahsmha:matrix.org changed their display name from rh to ahmed.	19:19:49
	shanesveller joined the room.	19:22:59
	@digital:fairydust.space joined the room.	22:41:05
	raitobezarius joined the room.	23:56:34
27 Nov 2022
	roshan \| byteio.in 🌷 changed their display name from nixie 🤓 to theDev.oen 🌷.	09:11:46
	roshan \| byteio.in 🌷 changed their display name from theDev.oen 🌷 to theDev.one🌷.	09:11:54
	roshan \| byteio.in 🌷 changed their display name from theDev.one🌷 to theDev.one 🌷.	09:12:48
28 Nov 2022
roshan \| byteio.in 🌷	Download image.png	03:07:16
@NobbZ:matrix.org	For some reason there is an increasing number of people asking for support who use colmena. And it is quite common that one wants to build the machine that causes issues to inspect the system closure. For something like that it seems as if `colmena build` is quite practical, though at the same time it seems as if it lacks an argument to specify a single host to build. Is this indeed missing or did I miss something in the docs? Also, it would be nice if there were appropriately named out links after a build.	06:51:48
Zhaofeng Li	NobbZ: For something like that it seems as if colmena build is quite practical, though at the same time it seems as if it lacks an argument to specify a single host to build. Is this indeed missing or did I miss something in the docs? You can specify the nodes to build with `colmena build --on node-name`. The `--on` argument is a bit misleading because the build isn't (necessarily) happening "on" the node. The reason is that `colmena build --on xyz` is just an alias of `colmena apply --on xyz build` (you can pass it other goals besides `build` like `dry-activate`). Also, it would be nice if there were appropriately named out links after a build. This is an interesting suggestion. Currently there is `--keep-result` which will cause Colmena to create GC roots under the `.gcroots` subdirectory. When `deployment.buildOnTarget` is true, builds happen on the target nodes themselves, so it's not possible to create out links locally in that case. The problem with creating out links in a user-facing manner is that people will be wanting to specify the names (`-o result2`) or otherwise depend on the outputs for scripting purposes, a use case `colmena apply` UI doesn't support.	07:12:33
Zhaofeng Li	* NobbZ: For something like that it seems as if colmena build is quite practical, though at the same time it seems as if it lacks an argument to specify a single host to build. Is this indeed missing or did I miss something in the docs? You can specify the nodes to build with `colmena build --on node-name`. The `--on` argument is a bit misleading because the build isn't (necessarily) happening "on" the node. The reason is that `colmena build --on xyz` is just an alias of `colmena apply --on xyz build` (you can pass it other goals besides `build` like `dry-activate`). Also, it would be nice if there were appropriately named out links after a build. This is an interesting suggestion. Currently there is `--keep-result` which will cause Colmena to create GC roots under the `.gcroots` subdirectory. When `deployment.buildOnTarget` is true, builds happen on the target nodes themselves, so it's not possible to create out links locally in that case. The problem with creating out links in a user-facing manner is that people will be wanting to specify the names (`-o result2`) or otherwise depend on the outputs for scripting purposes, a use case the `colmena apply` interface doesn't support (such is delegated to `colmena eval`).	07:13:05
roshan \| byteio.in 🌷	In reply to @ronixx:matrix.org sent an image. { config, pkgs, inputs, ... }: { boot.isContainer = true; deployment = { targetHost = "ip"; # x86_64-linux targetPort = 22; buildOnTarget = true; targetUser = "nix"; tags = [ "theDev" ]; # keys = { # "freshrss" = "helloworld"; # }; keys."freshrss.secret" = { # Alternatively, `text` (string) or `keyFile` (path to file) # may be specified. text = "helloworld"; # keyCommand = [ "vault" "read" "-field=env" "secret/dns01" ]; destDir = "/run/keys"; # Default: /run/keys user = "nix"; # Default: root # group = "nginx"; # Default: root permissions = "0640"; # Default: 0600 # uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation uploadAt = "post-activation"; }; }; ## ---------- System Packages --------- ## environment.systemPackages = [ pkgs.cowsay ]; fileSystems."/mnt/drive" = { device = "/dev/disk/by-id/scsi-0DO_Volume_volume-blr1-01"; fsType = "ext4"; }; networking.hostName = "theDev"; # Define your hostname. # security.acme.acceptTerms = true; # security.acme.email = "email@gmail.com"; # services.freshrss.enable = true; # services.freshrss.package = pkgs.freshrss; # services.freshrss.name = "god"; # services.freshrss.passwordFile = "/run/keys/freshrss.secret"; # services.freshrss.virtualHost = "freshrss"; ## ---------- Postgresql ------------ ## services = { postgresql = { enable = true; }; postgresqlBackup = { enable = true; startAt = "--* 01:15:00"; }; }; ## ---------- Netdata System Monitor ------------ ## services.netdata = { enable = false; config = { global = { "page cache size" = 32; "update every" = 15; }; }; }; ## ---------- Nginx Webserver ------------ ## services.nginx.enable = true; services.nginx.commonHttpConfig = '' limit_req_zone $binary_remote_addr zone=limitbyaddr:10m rate=5r/s; limit_req_status 429; ''; services.nginx.virtualHosts = { }; system.stateVersion = "22.05"; }	07:13:30
Zhaofeng Li	In reply to @ronixx:matrix.org sent an image. The activation appears stuck, and you can use `-v` to get the full outputs	07:15:26
roshan \| byteio.in 🌷	In reply to @ronixx:matrix.org sent an image. process get stopped at this place	07:15:28
roshan \| byteio.in 🌷	In reply to @zhaofeng:zhaofeng.li The activation appears stuck, and you can use `-v` to get the full outputs not able to ssh to. Restarting my server from panel	07:16:10
roshan \| byteio.in 🌷	[INFO ] Using flake: git+file:///mnt/drive/src/github.com/pycluster/infra [INFO ] Enumerating nodes... [INFO ] Selected 1 out of 3 hosts. theDev \| Evaluating theDev theDev \| trace: warning: The option `nix.trustedUsers' defined in `/nix/store/xsvx3qva09l2kq7zvaws5gvbyzchm0si-source/common/users' has been renamed to `nix.settings.trusted-users'. theDev \| trace: warning: The option `nix.autoOptimiseStore' defined in `/nix/store/xsvx3qva09l2kq7zvaws5gvbyzchm0si-source/common/users' has been renamed to `nix.settings.auto-optimise-store'. theDev \| Evaluated theDev theDev \| Building theDev theDev \| copying 0 paths... theDev \| /nix/store/8yv3a6c6vs26f74m57av4i3kv9dv30y9-nixos-system-theDev-22.11pre-git theDev \| Built "/nix/store/8yv3a6c6vs26f74m57av4i3kv9dv30y9-nixos-system-theDev-22.11pre-git" on target node theDev \| No pre-activation keys to upload theDev \| Activating system profile theDev \| would stop swap device: /dev/zram0 theDev \| stopping the following units: -.mount, audit.service, digitalocean-metadata.service, do-agent.service, firewall.service, kmod-static-nodes.service, logrotate-checkconf.service, mount-pstore.service, network-local-commands.service, network-setup.service, nscd.service, reload-systemd-vconsole-setup.service, resolvconf.service, sshd.service, sys-kernel-config.mount, systemd-journald-audit.socket, systemd-modules-load.service, systemd-oomd.service, systemd-oomd.socket, systemd-sysctl.service, systemd-timesyncd.service, systemd-tmpfiles-setup-dev.service, systemd-udev-trigger.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket, systemd-udevd.service, zram-init-zram0.service, zram-reloader.service theDev \| Failed to stop -.mount: Job type stop is not applicable for unit -.mount. theDev \| NOT restarting the following changed units: getty@tty1.service, serial-getty@ttyS0.service, systemd-journal-flush.service, systemd-logind.service, systemd-random-seed.service, systemd-remount-fs.service, systemd-tmpfiles-setup.service, systemd-update-utmp.service, systemd-user-sessions.service, user-runtime-dir@1000.service, user@1000.service theDev \| activating the configuration... theDev \| setting up /etc... theDev \| reviving group 'podman' with GID 994 theDev \| removing group ‘systemd-timesync’ theDev \| reviving user 'roshan' with UID 1001 theDev \| removing user ‘systemd-timesync’ theDev \| removing obsolete symlink ‘/etc/vconsole.conf’... theDev \| removing obsolete symlink ‘/etc/kbd’... theDev \| removing obsolete symlink ‘/etc/tmpfiles.d/portables.conf’... theDev \| removing obsolete symlink ‘/etc/tmpfiles.d/lvm2.conf’... theDev \| removing obsolete symlink ‘/etc/systemd/timesyncd.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/ubuntu.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/systemd.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/nixos.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/firmware.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/debian.conf’... theDev \| removing obsolete symlink ‘/etc/modules-load.d/nixos.conf’... theDev \| removing obsolete symlink ‘/etc/udev/hwdb.bin’... theDev \| removing obsolete symlink ‘/etc/udev/rules.d’... theDev \| restarting systemd... theDev \| reloading user units for nix... theDev \| setting up tmpfiles theDev \| reloading the following units: dbus.service theDev \| restarting the following units: dhcpcd.service, nix-daemon.service, systemd-journald.service theDev \| starting the following units: audit.service, kmod-static-nodes.service, logrotate-checkconf.service, mount-pstore.service, network-local-commands.service, nscd.service, systemd-modules-load.service, systemd-oomd.socket, systemd-sysctl.service, systemd-tmpfiles-setup-dev.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket theDev \| A dependency job for local-fs.target failed. See 'journalctl -xe' for details. theDev \| Job for nscd.service canceled. theDev \| Job for basic.target canceled. theDev \| Job for sysinit.target canceled. theDev \| Job for multi-user.target canceled. theDev \| Job for network-local-commands.service canceled. theDev \| Job for logrotate-checkconf.service canceled.	07:18:13
Zhaofeng Li	In reply to @ronixx:matrix.org not able to ssh to. Restarting my server from panel From the VPS panel? Is it a container? If not, you shouldn't have `boot.isContainer = true;` there. Also you need to import your `hardware-configuration.nix`.	07:18:51
roshan \| byteio.in 🌷	Download image.png	07:19:20
roshan \| byteio.in 🌷	I have first genereated custom image for DigitalOcean with nixos-generators	07:19:47
Zhaofeng Li	In reply to @ronixx:matrix.org I have first genereated custom image for DigitalOcean with nixos-generators Then you need to import `digital-ocean-image.nix` like what nixos-generator doe	07:22:32
Zhaofeng Li	In reply to @ronixx:matrix.org I have first genereated custom image for DigitalOcean with nixos-generators * Then you need to import `digital-ocean-image.nix` like what nixos-generator does	07:22:34

Show newer messages

Back to Room ListRoom Version: 6