I'm trying to not have to pass these into every single host.

        defaults = {
          imports = [
            inputs.agenix.nixosModules.age
            inputs.home-manager.nixosModules.home-manager
          ];
        };

I tried to add them to defaults and that works when deploying single host but if a deploy involves multiple ones then there is some kind of double inclusion error along the lines of:

error: The option `age.identityPaths' in `/tmp/.tmpPxgQXZ' is already declared in `/tmp/.tmpPxgQXZ'.

is there a more elegant way to avoid having to do reference these per-host?

In reply to @zhaofeng:zhaofeng.li

A couple updates:

• More work was done on separating the evaluation logic from the deployment logic, with the new colmenaHive output being the integration point that ties the two halves together. Colmena can now deploy from the colmenaHive output which should be an already-evaluated hive generated by colmena.lib.makeHive (or your own logic!). Example here. cc David Arnold (blaggacao) Yureka (she/her)
• Flake-enabled deployments now use nix copy and the new SSH store protocol (ssh-ng://) for copying closures to remote hosts.

Flake-enabled deployments now use nix copy and the new SSH store protocol (ssh-ng://) for copying closures to remote hosts.

Looks like this breaks buildOnTarget.

In reply to @winterqt:nixos.dev

Flake-enabled deployments now use nix copy and the new SSH store protocol (ssh-ng://) for copying closures to remote hosts.

Looks like this breaks buildOnTarget.

In reply to @winterqt:nixos.dev

Flake-enabled deployments now use nix copy and the new SSH store protocol (ssh-ng://) for copying closures to remote hosts.

Looks like this breaks buildOnTarget.

specifically I got this exception:

couldn't execute "pgrep": no such file or directory
    while executing
"open "|pgrep -P $pid" "r""
    (procedure "get_child_pid" line 4)
    invoked from within
"get_child_pid 0"
    ("uplevel" body line 16)
    invoked from within
"uplevel 1 $code"
    (procedure "test" line 51)
    invoked from within
"test {Don't rehash if redis has child process} {
        r config set save ""
        r config set rdb-key-save-delay 1000000

        populate 4096 "..."
    ("uplevel" body line 2)
    invoked from within
"uplevel 1 $code "
    (procedure "start_server" line 3)
    invoked from within
"start_server {tags {"other external:skip"}} {
    test {Don't rehash if redis has child process} {
        r config set save ""
        r config set r..."
    (file "tests/unit/other.tcl" line 334)
    invoked from within
"source $path"
    (procedure "execute_test_file" line 4)
    invoked from within
"execute_test_file $data"
    (procedure "test_client_main" line 10)
    invoked from within

which does:

    if {[file exists "/usr/bin/pgrep"]} {
        set fd [open "|pgrep -P $pid" "r"]
        set child_pid [string trim [lindex [split [read $fd] \n] 0]]
    } else {
        set fd [open "|ps --ppid $pid -o pid" "r"]
        set child_pid [string trim [lindex [split [read $fd] \n] 1]]
    }

In reply to @yuka:yuka.dev
I have another request: In flake-enabled deployments, can we pass the nixpkgs flake so that the hive expression can use nixpkgs.lib.nixosSystem and get the proper system.nixos.(revision|versionSuffix)?

In reply to @rendakuenthusiast:imperishable.name
this is basically a failure of hermeticism, right? the redis build was happening on my system and it has one bit of source code that looks at /usr/bin/pgrep. is there a principled way in nix to make that not visible to derivations being built?