Colmena - Public Room Timeline

	Colmena	262 Members
	A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena	91 Servers

Load older messages

Sender	Message	Time
5 Jan 2022
Zhaofeng Li	Ok, what about the part where `home-manager` is referenced?	21:45:58
necrophcodr	Yeah we're getting there	21:46:17
necrophcodr	`# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, modulesPath, ... }: { deployment = { targetHost = "x.x.x.x"; }; networking.hostName = "HOST"; home-manager.users.su = { pkgs, ... }: { home.file."dash.sh".source = dashFile; }; imports = [ ../lib/dashboard.nix ../lib/wifi.nix ]; ... }` So that's the node.nix file	21:46:28
necrophcodr	And then we've got the `../lib/dashboard.nix` file that contains `{ config, lib, pkgs, modulesPath, home-manager, ... }: { deployment.targetUser = "su"; imports = [ (modulesPath + "/installer/scan/not-detected.nix") (home-manager + "/nixos" ) ]; ... }`	21:47:11
necrophcodr	And it just works	21:47:16
necrophcodr	* # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, modulesPath, ... }: let dashFile = "some_file.txt"; in { deployment = { targetHost = "x.x.x.x"; }; networking.hostName = "HOST"; home-manager.users.su = { pkgs, ... }: { home.file."dash.sh".source = dashFile; # dashFile is a variable declared above }; imports = [ ../lib/dashboard.nix ../lib/wifi.nix ]; ... } So that's the node.nix file	21:49:56
necrophcodr	* # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, modulesPath, ... }: let dashFile = ./some_file.txt; in { deployment = { targetHost = "x.x.x.x"; }; networking.hostName = "HOST"; home-manager.users.su = { pkgs, ... }: { home.file."dash.sh".source = dashFile; # dashFile is a variable declared above }; imports = [ ../lib/dashboard.nix ../lib/wifi.nix ]; ... } So that's the node.nix file	21:50:24
necrophcodr	And from `flake.lock` `"colmena": { "inputs": { "flake-compat": "flake-compat", "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { "lastModified": 1630033162, "narHash": "sha256-1Vh0d2t2aSfvEXx1iQ1TRNpFfncTE3G+T0Co+dRppBo=", "owner": "zhaofengli", "repo": "colmena", "rev": "37b43cd6d7f924e6eb7eaa7b17852d813cf96c31", "type": "github" }, "original": { "owner": "zhaofengli", "repo": "colmena", "type": "github" }`	21:51:31
necrophcodr	But hey, if it worked back then accidentally and doesn't now because I wasn't doing this correctly, that is 100% on me and I can at least do things right now :D	21:52:10
necrophcodr	So thank you!	21:52:15
Buckley	So I'm curious. In my setup my servers all exist inside of my flake outputs.nixosConfigurations, and my outputs.colmena is just a stub that consumes nixosConfigurations and emits a colmena configuration. Is anyone else doing it this way, or just me? I really like the portability of keeping my hosts in nixosConfigurations	23:27:16
Buckley	the stub: `colmena = { meta.nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; } // builtins.mapAttrs (name: value: { nixpkgs.system = value.config.nixpkgs.system; imports = value.extraArgs.modules ++ [ ({ config, ... }: { inherit (config.sconfig) deployment; }) ]; }) (nixosConfigurations);`	23:29:18
6 Jan 2022
	adisbladis joined the room.	05:29:17
necrophcodr	In reply to @buckley310:matrix.org So I'm curious. In my setup my servers all exist inside of my flake outputs.nixosConfigurations, and my outputs.colmena is just a stub that consumes nixosConfigurations and emits a colmena configuration. Is anyone else doing it this way, or just me? I really like the portability of keeping my hosts in nixosConfigurations Oh this is exactly what I was just looking for today actually!	12:55:04
necrophcodr	In reply to @buckley310:matrix.org the stub: `colmena = { meta.nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; } // builtins.mapAttrs (name: value: { nixpkgs.system = value.config.nixpkgs.system; imports = value.extraArgs.modules ++ [ ({ config, ... }: { inherit (config.sconfig) deployment; }) ]; }) (nixosConfigurations);` Hmm, I tried implementing this, but I'm not sure where you're getting `config.sconfig` from? I don't see an `sconfig` attribute to be fetched from there?	13:14:17
Buckley	In reply to @necrophcodr:matrix.org Hmm, I tried implementing this, but I'm not sure where you're getting `config.sconfig` from? I don't see an `sconfig` attribute to be fetched from there? https://github.com/buckley310/nixos-config/blob/master/modules/deploy.nix it’s my own module that just adds the deployment settings there.	15:04:14
necrophcodr	Ah okay that makes sense	15:27:20
Buckley	So, what would people think about a PR that adds a `deployment.targetSshPubKey` setting, which when set, would change SSH's "StrictHostKeyChecking" to "yes"? 🤔 also thoughts on the option name?	22:15:21
Buckley	i have been deploying stuff with a config file that sets `StrictHostKeyChecking=yes`, until just now where I realized colmena was overriding my settting with `accept-new` 😅 https://github.com/zhaofengli/colmena/blob/6401ce4c3c6300b7e2eec059aacd9a1059f28fa5/src/nix/host/ssh.rs#L209	22:17:04
Buckley	or perhaps `deployment.targetPublicKeys = [ "ssh-ed25519 AAAAC.....GwLfx" ];`	22:23:21
Zhaofeng Li	Yeah, we should probably have an option like that, or have an option to configure a set of "freeform" SSH configs.	23:48:53
7 Jan 2022
Buckley	Yeah, I’ve basically got a flake devshell that sets up a handful of options including known hosts using $SSH_CONFIG_FILE	00:02:30
Buckley	Maybe I can freshen up my rust skills and give it some time	00:02:53
necrophcodr	In reply to @zhaofeng:zhaofeng.li Yeah, we should probably have an option like that, or have an option to configure a set of "freeform" SSH configs. That would be pretty cool indeed	21:16:20
8 Jan 2022
Buckley	one possible way to pull off custom SSH options is for `eval.nix` to basically ocmpile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill the usefullness of `$SSH_CONFIG_FILE`. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough	02:28:01
Buckley	* one possible way to pull off custom SSH options is for `eval.nix` to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill the usefullness of `$SSH_CONFIG_FILE`. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough	02:28:17
Buckley	* one possible way to pull off custom SSH options is for `eval.nix` to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill `$SSH_CONFIG_FILE`. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough	02:28:46
Buckley	* one possible way to pull off custom SSH options is for `eval.nix` to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill `$SSH_CONFIG_FILE`. although there's an argument to be made whether that variable is needed anymore, if the builtin ssh config stuff is complete enough	02:29:06
Buckley	thought experiment, what if basically all of the connection settings got merged into SSH options. get rid of `deployment.targetPort`, `deployment.targetUser`, etc, and replace it with something like this `colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; ssh = { IdentityFile = "/home/me/.ssh/id_xyz"; }; }; host-b = { deployment = { ssh.HostName = "somehost.tld"; ssh.Port = "1234"; ssh.User = "luser"; }; boot.isContainer = true; time.timeZone = "America/Los_Angeles"; }; };` which would then compile this following ssh config file for colmena to just blindly pass to `ssh` `IdentityFile /home/me/.ssh/id_xyz Host host-b HostName somehost.tld Port 1234 User luser`	02:37:43
Buckley	the old settings could link to the new settings with like aliases or something, and then presto, it simplifies the code, and unlocks every setting available in SSH 🤔	02:38:52

Show newer messages

Back to Room ListRoom Version: 6