| 24 Nov 2022 |
|  @NobbZ:matrix.org joined the room. | 18:19:22 |
 Zhaofeng Li | In reply to @ask-yourself:matrix.org
So that I have tried:
laptop = {
deployment = {
allowLocalDeployment = true;
tags = ["laptop"];
targetUser = "isaac";
targetHost = "10.0.0.22";
};
imports = [
./nixos/laptop
home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit user;
};
useGlobalPkgs = true;
users.${user} = {
imports = [(import ./nixos/laptop/home-manager.nix)];
};
useUserPackages = true;
};
}
];
};
But I get this:
❯ sudo colmena apply --on laptop
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Selected 1 out of 2 hosts.
❌ 5s Failed: Child process exited with error code: 1
laptop ✅ 4s Evaluated laptop
laptop ✅ 0s Built "/nix/store/klgnlk5l0cbx6yzn6xcfn6w4hbbmhp51-nixos-system-laptop-23.05pre-git"
laptop ❌ 0s Push failed: Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 5 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) isaac@10.0.0.22: Permission denied (publickey,password,keyboard-interactive).
[ERROR] stderr) error: cannot connect to 'isaac@10.0.0.22'
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Don't use sudo when deploying remotely. | 20:37:34 |
| Zhaofeng Li | In reply to @ask-yourself:matrix.org
So that I have tried:
laptop = {
deployment = {
allowLocalDeployment = true;
tags = ["laptop"];
targetUser = "isaac";
targetHost = "10.0.0.22";
};
imports = [
./nixos/laptop
home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit user;
};
useGlobalPkgs = true;
users.${user} = {
imports = [(import ./nixos/laptop/home-manager.nix)];
};
useUserPackages = true;
};
}
];
};
But I get this:
❯ sudo colmena apply --on laptop
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Selected 1 out of 2 hosts.
❌ 5s Failed: Child process exited with error code: 1
laptop ✅ 4s Evaluated laptop
laptop ✅ 0s Built "/nix/store/klgnlk5l0cbx6yzn6xcfn6w4hbbmhp51-nixos-system-laptop-23.05pre-git"
laptop ❌ 0s Push failed: Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 5 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) isaac@10.0.0.22: Permission denied (publickey,password,keyboard-interactive).
[ERROR] stderr) error: cannot connect to 'isaac@10.0.0.22'
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
* Don't use sudo when deploying remotely. In this case, I guess root doesn't have the keys to connect to 10.0.0.22 | 20:37:51 |
 @ask-yourself:matrix.org | Hmm. Ok, thanks that fixed the first error. But I must admit I'm equally confused by this new one: | 20:46:07 |
| @ask-yourself:matrix.org | ➜ colmena apply --on laptop
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
[INFO ] Selected 1 out of 4 hosts.
❌ 6s Failed: Child process exited with error code: 1
laptop ✅ 5s Evaluated laptop
laptop ✅ 0s Built "/nix/store/9zsi0h4lbmnj9hggbg8vzxr1mhy1wqw3-nixos-system-laptop-23.05pre-git"
laptop ❌ 1s Push failed: Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 9 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) copying 10 paths...
[ERROR] stderr) copying path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error: cannot add path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' because it lacks a valid signature
[ERROR] stderr) copying path '/nix/store/jdc1w4iw3dd1n5rz257awxld13hs45f5-starship-config' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error (ignored): error: writing to file: Broken pipe
[ERROR] stderr) error: unexpected end-of-file
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 20:46:15 |
| @ask-yourself:matrix.org | Not sure why it's unhappy with HM. | 20:46:22 |
| Zhaofeng Li | You have to be a trusted user to copy arbitrary paths into a remote store. Either add isaac into nix.settings.trusted-users (warning: they are root-equivalent) or use root | 20:48:08 |
| @ask-yourself:matrix.org | Ohhhhhhhh. | 20:48:28 |
| @ask-yourself:matrix.org | Ok lemme try that. | 20:48:30 |
| @ask-yourself:matrix.org | Is there a reason why it would be complaining about a password when I have an SSH key setup? | 20:53:40 |
| @ask-yourself:matrix.org | I can ssh in with ssh isaac@10.0.0.2 without needing a password. | 20:54:00 |
| Zhaofeng Li | It still needs root when running the activation script, so during activation it will try to use sudo to become root. | 20:55:05 |
| @ask-yourself:matrix.org | How can I give it the ability to use sudo? | 20:57:23 |
| Zhaofeng Li | Currently it only supports passwordless sudo, so you can either add a rule to security.sudo.extraRules or allow everyone in wheel to escalate without a password with security.sudo.wheelNeedsPassword. | 21:00:25 |
| Zhaofeng Li | Admittedly deploying as non-root isn't the best experience right now 😐️ | 21:01:05 |
| @ask-yourself:matrix.org | That's ok, it'll be cool once it's working. | 21:01:45 |
| @ask-yourself:matrix.org | I'll try adding that, but I do wanna know.. Would this all be easier if I used some kind of secrets management thing like SOPS? | 21:02:06 |
| Zhaofeng Li | Using sops doesn't alleviate the problems with running the deployment process as non-root. It's a replacement for deployment.keys with a different workflow. | 21:04:35 |
| @ask-yourself:matrix.org | Ok, it's working, this is very cool. | 21:06:52 |
| @ask-yourself:matrix.org | Thank you very much for the help. | 21:06:56 |
| 25 Nov 2022 |
|  @chris01:nitro.chat joined the room. | 20:37:56 |
|  @tired:fairydust.space joined the room. | 22:05:02 |
| 26 Nov 2022 |
|  rh changed their display name from rh to ahmed. | 19:19:49 |
|  shanesveller joined the room. | 19:22:59 |
|  @digital:fairydust.space joined the room. | 22:41:05 |
|  raitobezarius joined the room. | 23:56:34 |
| 27 Nov 2022 |
|  roshan | byteio.in 🌷 changed their display name from nixie 🤓 to theDev.oen 🌷. | 09:11:46 |
| roshan | byteio.in 🌷 changed their display name from theDev.oen 🌷 to theDev.one🌷. | 09:11:54 |
| roshan | byteio.in 🌷 changed their display name from theDev.one🌷 to theDev.one 🌷. | 09:12:48 |
| 28 Nov 2022 |
| roshan | byteio.in 🌷 | 
Download image.png | 03:07:16 |
