| 3 May 2023 |
 oddlama | I've also been using control sockets, and I always keep a connection to the target open in the background before running colmena. But I don't have these issues. | 15:36:52 |
| oddlama | I remember running into something like that once or twice though, but since it never occurred again I attributed it to a fluke | 15:37:17 |
 @linus:schreibt.jetzt | hexa: connection limit? I have
extraConfig = ''
Match All
MaxSessions 100
'';
on my services.openssh
| 15:37:56 |
| @linus:schreibt.jetzt | * hexa: session limit? I have
extraConfig = ''
Match All
MaxSessions 100
'';
on my services.openssh
| 15:38:03 |
 hexa | nop | 16:22:57 |
| 4 May 2023 |
|  treed joined the room. | 07:08:04 |
| 5 May 2023 |
|  @philipp:woelfel.ca joined the room. | 23:38:17 |
| 14 May 2023 |
|  @julian:nekover.se joined the room. | 23:20:58 |
| 16 May 2023 |
|  David A. Buser (boozedog) joined the room. | 11:37:46 |
| 18 May 2023 |
|  ibizaman joined the room. | 06:48:01 |
| ibizaman | Hi all. I wanted to support this great tool and I wrote a blog post which covers deploying to a Raspberry PI (really, any supported ARM device) using colmena. http://ibizaman.github.io/posts/2023-05-12-install-nixos-on-a-raspberry-pi.html All feedback is appreciated. | 06:51:32 |
|  @yuri:nekover.se joined the room. | 19:31:49 |
| @yuri:nekover.se | hi, I'm new to Nix and want to use Colmena to setup a remote host. This works fine, but what I don't understand is when I specify a user with "targetUser" in the "deployment" set who is member of the wheel group and "security.sudo.wheelNeedsPassword" is set to "false", I still need to add the user to "nix.settings.trusted-users" for it to work.
Otherwise I get the error
[ERROR] stderr) error: cannot add path '/nix/store/6nh78ndmjdqg19ni7gmngp3cpjsf9ykm-system-path' because it lacks a valid signature
when running "colmena apply".
Does anyone know why that is?
| 21:25:54 |
 Zhaofeng Li | It's because it copies the closure with nix-copy-closure using the targetUser | 21:52:59 |
| Zhaofeng Li | The behavior is indeed pretty counterintuitive when privilegeEscalationCommand is a thing but isn't used at that stage | 21:53:56 |
| @julian:nekover.se | So one either needs to set nix.settings.trusted-users to the targetUser or use root as the targetUser? | 21:59:22 |
| @julian:nekover.se | ( yuri and me were working together on this ) | 22:00:40 |
| Zhaofeng Li | Currently yeah | 22:01:29 |
| Zhaofeng Li | which is definitely non-ideal | 22:01:38 |
| 19 May 2023 |
| @yuri:nekover.se | ok, I see. Thx! | 09:34:20 |
| 20 May 2023 |
| @julian:nekover.se | If I use Colmena with a flake for the config, then I need to bump the flake.lock every time I want to update my systems, right? | 13:53:14 |
 @obsidianical:matrix.org | yes (unless i'm doing it wrong too) | 14:28:31 |
| oddlama | Yes, and that's not specific to colmena. Any flake configuration requires this, if you want pure evaluation. (all inputs must be known, and the exact version of nixpkgs is a regular input to the flake) | 14:38:55 |
| oddlama | * Yes, and that's not specific to colmena. Any flake based configuration requires this, if you want pure evaluation. (all inputs must be known, and the exact version of nixpkgs is a regular input to the flake) | 14:39:02 |
| @julian:nekover.se | That makes sense, thanks!
What I'm wondering now, is how to make sure my systems are up-to-date then. Some kind of automated deployment from some deployment system, which automatically updates the flake.lock?
What are you all doing? | 16:13:06 |
| @obsidianical:matrix.org | nix flake update --commit-lock-file whenever i feel like it (this is probably not a good idea idk better then not updating?) | 16:17:32 |
| @obsidianical:matrix.org changed their display name from Schrottkatze to Schrottkatze (they/she, de: sie/ihr). | 16:29:01 |
| 21 May 2023 |
| @obsidianical:matrix.org changed their display name from Schrottkatze (they/she, de: sie/ihr) to Schrottkatze (moving to @schrottkatze:katzen.cafe). | 17:52:51 |
| 22 May 2023 |
|  Reventlov left the room. | 06:53:09 |
 emily | In reply to @me:indeednotjames.com
anyone else noticing that targets in a flake don't substitute from cache.nixos.org when running colmena apply?
I haven't investigated further yet.
But I did notice that disabling nix copy seems to fix it 👀
really dump patch, as there is no cmd flag to disable it (running latest main):
diff --git a/src/nix/host/ssh.rs b/src/nix/host/ssh.rs
index d45ed99..1b33717 100644
--- a/src/nix/host/ssh.rs
+++ b/src/nix/host/ssh.rs
@@ -261,7 +261,7 @@ impl Ssh {
let ssh_options = self.ssh_options();
let ssh_options_str = ssh_options.join(" ");
- let mut command = if self.use_nix3_copy {
+ let mut command = if false {
// experimental `nix copy` command with ssh-ng://
let mut command = Command::new("nix");
oh wow, I found out why.
will try to send a PR (containing a proper fix) tomorrow :) | 23:14:19 |
