| 3 Jun 2022 |
 tpw_rules | seems to be what system.name and system.nixos.label configuration options are for | 04:13:41 |
 Buckley | not sure, hasnt really come up | 04:15:28 |
| Buckley | outside of colmena, i believe networking.hostName sets the machine name, and you can set the nixosConfigurations.<xyz> to whatever you want | 04:17:09 |
| tpw_rules | i guess it wouldn't in a network use case | 04:17:12 |
| tpw_rules | thanks for the info though | 04:19:20 |
 Linux Hackerman | Last I checked, colmena didn't actually set the host name and forgetting it resulted in all my hosts being called nixos x) | 07:28:54 |
 dantefromhell | In reply to @buckley310:matrix.org
also, /dev/disk/by-id/ stays consistent across reinstalls if you can use GPT partition table you can label each partition.
that allows me to generalize the nix expressions for partitions.
still working on automation of the partitioning itself. | 11:19:41 |
| dantefromhell | In reply to @buckley310:matrix.org
outside of colmena, i believe networking.hostName sets the machine name, and you can set the nixosConfigurations. to whatever you want e.g. the hardware serial number... | 11:21:59 |
| 6 Jun 2022 |
|  kraem changed their profile picture. | 14:48:10 |
| Buckley | When i try to use a targetUser other than root, i get errors pushing content to servers
error: cannot add path '/nix/store/phfygaw0iga0dkdgm7qcj2rhq49viwmj-foo' because it lacks a valid signature
should not privilegeEscalationCommand be used while pushing content, as well as activating it, or is there a reason for this? | 16:08:42 |
| Linux Hackerman | Buckley: I guess it would work if the user were in Nix's trusted-users | 22:48:47 |
| Linux Hackerman | So it's not strictly necessary | 22:49:08 |
| Linux Hackerman | But I don't know if that's why it was implemented this way, nor if it makes sense to do it that way | 22:49:40 |
| Buckley | I’ll have a peek later, but I’m guessing colmena just uses the nix copy tool (which probably doesn’t support sudo). If I’m wrong and it’s a two line patch I’ll totally PR that :o | 23:00:00 |
| 7 Jun 2022 |
 Chinchilla Washington | How can I get more of the error log from colmena? I'm getting an 'insecure package' error and would like to trace down what's using this old ass version of nodejs | 04:54:20 |
| Linux Hackerman | In reply to @cw:kernelpanic.cafe
How can I get more of the error log from colmena? I'm getting an 'insecure package' error and would like to trace down what's using this old ass version of nodejs Pass -v | 07:49:45 |
| Linux Hackerman | In reply to @buckley310:matrix.org
I’ll have a peek later, but I’m guessing colmena just uses the nix copy tool (which probably doesn’t support sudo). If I’m wrong and it’s a two line patch I’ll totally PR that :o Oh right, yeah, that's possible | 07:50:28 |
| Linux Hackerman | What's actually the point in not sshing in as root and using sudo instead? That's perplexed me for a while... | 07:52:29 |
 CRTified | One point might be that sudo allows somewhat fine-grained restriction on executed commands | 07:53:07 |
| CRTified | And in a sense, it allows for crude 2FA (SSH with pubkey, sudo with pw) | 07:53:48 |
| CRTified | * One point might be that sudo allows somewhat fine-grained restriction on executed commands (But that requires you to know what you'll run) | 07:54:10 |
| CRTified | * One point might be that sudo allows somewhat fine-grained restriction on executed commands (But that requires you to know what you'll run - adding a shell is nonsense if you want this) | 07:54:20 |
| Linux Hackerman | In reply to @schnecfk:ruhr-uni-bochum.de
One point might be that sudo allows somewhat fine-grained restriction on executed commands (But that requires you to know what you'll run) But if you're running something you just copied over... | 07:54:43 |
| Linux Hackerman | (Which is necessarily the case with a nixos configuration) | 07:55:22 |
| CRTified | True 🤔 | 08:22:37 |
| Linux Hackerman | In reply to @schnecfk:ruhr-uni-bochum.de
And in a sense, it allows for crude 2FA (SSH with pubkey, sudo with pw) Are people doing that? | 08:49:23 |
| CRTified | I don't know, but I've seen that reason a few times (not limited to colmena), always with the advice to make root as inaccessible as possible | 09:11:53 |
| 8 Jun 2022 |
 Wanja Hentze | How do you folks feel about adding a --interactive or --confirm (actual name can be bikeshed) option to colmena that makes it prints the list of target hosts and asks you to confirm before proceeding? | 16:56:51 |
| 9 Jun 2022 |
 Zhaofeng Li | That sounds like a reasonable feature to add | 03:42:09 |
|  Taeer Bar-Yam joined the room. | 13:25:40 |
