| 18 May 2023 |
 Zhaofeng Li | The behavior is indeed pretty counterintuitive when privilegeEscalationCommand is a thing but isn't used at that stage | 21:53:56 |
 @julian:nekover.se | So one either needs to set nix.settings.trusted-users to the targetUser or use root as the targetUser? | 21:59:22 |
| @julian:nekover.se | ( yuri and me were working together on this ) | 22:00:40 |
| Zhaofeng Li | Currently yeah | 22:01:29 |
| Zhaofeng Li | which is definitely non-ideal | 22:01:38 |
| 19 May 2023 |
 @yuri:nekover.se | ok, I see. Thx! | 09:34:20 |
| 20 May 2023 |
| @julian:nekover.se | If I use Colmena with a flake for the config, then I need to bump the flake.lock every time I want to update my systems, right? | 13:53:14 |
 @obsidianical:matrix.org | yes (unless i'm doing it wrong too) | 14:28:31 |
 oddlama | Yes, and that's not specific to colmena. Any flake configuration requires this, if you want pure evaluation. (all inputs must be known, and the exact version of nixpkgs is a regular input to the flake) | 14:38:55 |
| oddlama | * Yes, and that's not specific to colmena. Any flake based configuration requires this, if you want pure evaluation. (all inputs must be known, and the exact version of nixpkgs is a regular input to the flake) | 14:39:02 |
| @julian:nekover.se | That makes sense, thanks!
What I'm wondering now, is how to make sure my systems are up-to-date then. Some kind of automated deployment from some deployment system, which automatically updates the flake.lock?
What are you all doing? | 16:13:06 |
| @obsidianical:matrix.org | nix flake update --commit-lock-file whenever i feel like it (this is probably not a good idea idk better then not updating?) | 16:17:32 |
| @obsidianical:matrix.org changed their display name from Schrottkatze to Schrottkatze (they/she, de: sie/ihr). | 16:29:01 |
| 21 May 2023 |
| @obsidianical:matrix.org changed their display name from Schrottkatze (they/she, de: sie/ihr) to Schrottkatze (moving to @schrottkatze:katzen.cafe). | 17:52:51 |
| 22 May 2023 |
|  Reventlov left the room. | 06:53:09 |
 emily | In reply to @me:indeednotjames.com
anyone else noticing that targets in a flake don't substitute from cache.nixos.org when running colmena apply?
I haven't investigated further yet.
But I did notice that disabling nix copy seems to fix it 👀
really dump patch, as there is no cmd flag to disable it (running latest main):
diff --git a/src/nix/host/ssh.rs b/src/nix/host/ssh.rs
index d45ed99..1b33717 100644
--- a/src/nix/host/ssh.rs
+++ b/src/nix/host/ssh.rs
@@ -261,7 +261,7 @@ impl Ssh {
let ssh_options = self.ssh_options();
let ssh_options_str = ssh_options.join(" ");
- let mut command = if self.use_nix3_copy {
+ let mut command = if false {
// experimental `nix copy` command with ssh-ng://
let mut command = Command::new("nix");
oh wow, I found out why.
will try to send a PR (containing a proper fix) tomorrow :) | 23:14:19 |
| 23 May 2023 |
|  Tirth Jain joined the room. | 02:21:12 |
| 24 May 2023 |
 tim | In reply to @julian:nekover.se
That makes sense, thanks!
What I'm wondering now, is how to make sure my systems are up-to-date then. Some kind of automated deployment from some deployment system, which automatically updates the flake.lock?
What are you all doing? I stole this github action from some other repo and put it into all my flake repos | 04:49:15 |
|  @networkexception:chat.upi.li joined the room. | 08:46:27 |
| 25 May 2023 |
|  raitobezarius changed their display name from raitobezarius to disko in NixOS 23.11 when. | 13:32:34 |
| raitobezarius changed their display name from disko in NixOS 23.11 when to raitobezarius. | 13:37:36 |
| 26 May 2023 |
|  Notkea left the room. | 18:50:55 |
| 27 May 2023 |
|  Chinchilla Washington changed their profile picture. | 16:31:28 |
|  NixOS Moderation Botchanged room power levels. | 16:40:46 |
| 28 May 2023 |
 Yuu Yin | Redacted or Malformed Event | 20:34:54 |
| 30 May 2023 |
|  @the_observer:fairydust.space joined the room. | 17:25:38 |
| @the_observer:fairydust.space | Hey,
how do I reference another option when using colmena? I want to set the dhparams path for the nginx service to the value of the security.dhparams.params.nginx.pathoption (which is readOnly anyways).
In nixos, that would be config.. I tried that host. and config.host. but it doesnt work like that.
| 17:28:33 |
| Zhaofeng Li | It definitely should work. What does your config look like? | 17:29:26 |
| @the_observer:fairydust.space | In reply to @zhaofeng:zhaofeng.li
It definitely should work. What does your config look like? Just using config. or how? | 17:30:13 |
| Zhaofeng Li | Yes | 17:30:20 |
